On Sat, Jan 18, 2014 at 09:59:13PM +0100, Landry Breuil wrote:
> On Fri, Jan 17, 2014 at 11:21:13AM -0500, Eric Radman wrote:
> > Resubmitting a patch for firefox that includes all of the symbols
> > required to load gssapi. From moz.log:
> >
> > 784166112[83e29180]: service = inout.deshaw.com
> > 784166112[83e29180]: using negotiate-gss
> > 784166112[83e29180]: entering nsAuthGSSAPI::nsAuthGSSAPI()
> > 784166112[83e29180]: Attempting to load gss functions
> > 784166112[83e29180]: entering nsAuthGSSAPI::Init()
> > 784166112[83e29180]: nsHttpNegotiateAuth::GenerateCredentials()
> > [challenge=Negotiate]
> > 784166112[83e29180]: entering nsAuthGSSAPI::GetNextToken()
> > 784166112[83e29180]: leaving nsAuthGSSAPI::GetNextToken [rv=0]
> > 784166112[83e29180]: Sending a token of length 1730
> >
> > Notes on the patch:
> >
> > - Remove `&& !lib` from the module load loop because it would stop
> > loading modules the first time dlopen succeeded
> >
> > - Had to replace PR_LoadLibrary with PR_LoadLibraryWithFlags so I
> > could use the PR_LD_GLOBAL option
>
> So, after having had some time to actually look at your patch - i
> suppose that we need to dlopen all the libs one by one in the right
> order, because they're not inter-dependent in our case?
libgssapi.so doesn't appear to reference any of it's dependencies. On
many other platforms they are; this is Debian 7.0:
$ readelf -d /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2 | grep NEEDED
0x00000001 (NEEDED) Shared library: [libkrb5.so.3]
0x00000001 (NEEDED) Shared library: [libk5crypto.so.3]
0x00000001 (NEEDED) Shared library: [libcom_err.so.2]
0x00000001 (NEEDED) Shared library: [libkrb5support.so.0]
0x00000001 (NEEDED) Shared library: [libdl.so.2]
0x00000001 (NEEDED) Shared library: [libkeyutils.so.1]
0x00000001 (NEEDED) Shared library: [libresolv.so.2]
0x00000001 (NEEDED) Shared library: [libc.so.6]
> Why do you need RTLD_GLOBAL ? It fails if you use the default symbol
> visibility flag ?
RTLD_GLOBAL seems to be required, although I don't understand why. This
is how I'm testing:
#include <dlfcn.h>
main()
{
dlopen("libasn1.so", RTLD_GLOBAL);
dlopen("libcrypto.so", RTLD_GLOBAL);
dlopen("libroken.so", RTLD_GLOBAL);
dlopen("libheimbase.so", RTLD_GLOBAL);
dlopen("libcom_err.so", RTLD_GLOBAL);
dlopen("libkrb5.so", RTLD_GLOBAL);
dlopen("libgssapi.so", RTLD_GLOBAL|RTLD_NOW);
}
Instead of patching Firefox, would it be better to change the way
OpenBSD links the Heimdal libraries to make the interdependent libraries
implicit?
Eric
