From 9c13a94bb82e70b4122614a44c17d9c5b3b288f9 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon, 10 Oct 2011 14:49:12 -0400
Subject: [PATCH 148/150] - try to use $(DYNOBJEXT) to pass the right
 variation on libnsspem.so to
 SECMOD_LoadUserModule() - only use loade modules if
 their 'loaded' flag is set

---
 src/plugins/preauth/pkinit/pkinit_crypto_nss.c |   19 +++++++++++++++----
 1 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index ca7e534..2520c4e 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -86,6 +86,9 @@
  * include a friendly name. */
 #define PKCS12_PREFIX "pkinit-pkcs12"
 
+/* The name of the NSSPEM module. */
+#define PEM_MODULE "libnsspem" PKINIT_DYNOBJEXT
+
 /* Forward declaration. */
 static krb5_error_code cert_retrieve_cert_sans(krb5_context context,
                                                CERTCertificate *cert,
@@ -2072,6 +2075,12 @@ crypto_load_pkcs11(krb5_context context,
                  __FUNCTION__, idopts->p11_module_name);
         return SECFailure;
     }
+    if (!module->loaded) {
+        pkiDebug("%s: error really loading PKCS11 module \"%s\"",
+                 __FUNCTION__, idopts->p11_module_name);
+        SECMOD_UnloadUserModule(module);
+        return SECFailure;
+    }
     SECMOD_UpdateSlotList(module);
     pkiDebug("%s: loaded PKCS11 module \"%s\"\n", __FUNCTION__,
              idopts->p11_module_name);
@@ -2120,20 +2129,22 @@ crypto_get_pem_slot(struct _pkinit_identity_crypto_context *id)
     PK11SlotInfo *slot;
 
     if (id->pem_module == NULL) {
-        id->pem_module = SECMOD_LoadUserModule("library=libnsspem.so",
+        id->pem_module = SECMOD_LoadUserModule("library=" PEM_MODULE,
                                                NULL, PR_FALSE);
         if (id->pem_module == NULL)
-            pkiDebug("%s: error loading libnsspem.so\n", __FUNCTION__);
+            pkiDebug("%s: error loading %s\n", __FUNCTION__, PEM_MODULE);
+        else if	(!id->pem_module->loaded)
+            pkiDebug("%s: error really loading %s\n", __FUNCTION__, PEM_MODULE);
         else
             SECMOD_UpdateSlotList(id->pem_module);
     }
-    if (id->pem_module != NULL) {
+    if ((id->pem_module != NULL) && id->pem_module->loaded) {
         if (id->pem_module->slotCount != 0)
             slot = id->pem_module->slots[0];
         else
             slot = NULL;
         if (slot == NULL)
-            pkiDebug("%s: no slots in libnsspem.so?\n", __FUNCTION__);
+            pkiDebug("%s: no slots in %s?\n", __FUNCTION__, PEM_MODULE);
     } else {
         slot = NULL;
     }
-- 
1.7.6.4