From 4a1979de79d9de48a44538f856f1d50f398541a8 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Thu, 22 Oct 2020 11:10:54 +0200
Subject: [PATCH] zkey: Add library versioning for libekmfweb and zkey-ekmfweb
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes: https://github.com/ibm-s390-tools/s390-tools/issues/93

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Jan Höppner <hoeppner@linux.ibm.com>
---
 .gitignore            |  3 +++
 common.mak            |  6 +++---
 libekmfweb/Makefile   | 29 ++++++++++++++++++-----------
 zkey/ekmfweb/Makefile | 22 +++++++++++++++-------
 zkey/kms.c            | 33 +++++++++++++++++++++++----------
 5 files changed, 62 insertions(+), 31 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0a0cbe5a..40bb2a55 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,6 +37,8 @@ iucvterm/test/test_afiucv
 libekmfweb/check-dep-libekmfweb
 libekmfweb/detect-openssl-version.dep
 libekmfweb/libekmfweb.so
+libekmfweb/libekmfweb.so.1
+libekmfweb/libekmfweb.so.1.0
 libutil/util_base_example
 libutil/util_file_example
 libutil/util_libc_example
@@ -97,6 +99,7 @@ zipl/src/zipl_helper.device-mapper
 zkey/check-dep-zkey
 zkey/check-dep-zkey-cryptsetup
 zkey/detect-libcryptsetup.dep
+zkey/ekmfweb/libekmfweb.dep
 zkey/ekmfweb/zkey-ekmfweb.so
 zkey/zkey
 zkey/zkey-cryptsetup
diff --git a/common.mak b/common.mak
index fa99c514..b413b66f 100644
--- a/common.mak
+++ b/common.mak
@@ -163,7 +163,7 @@ USRSBINDIR      = $(INSTALLDIR)/usr/sbin
 USRBINDIR       = $(INSTALLDIR)/usr/bin
 BINDIR          = $(INSTALLDIR)/sbin
 LIBDIR          = $(INSTALLDIR)/lib
-LIB64DIR        = $(INSTALLDIR)/lib64
+USRLIB64DIR     = $(INSTALLDIR)/usr/lib64
 SYSCONFDIR      = $(INSTALLDIR)/etc
 MANDIR          = $(INSTALLDIR)/usr/share/man
 VARDIR          = $(INSTALLDIR)/var
@@ -179,10 +179,10 @@ INSTDIRS        = $(USRSBINDIR) $(USRBINDIR) $(BINDIR) $(LIBDIR) $(MANDIR) \
 			$(SYSCONFDIR) $(SYSCONFDIR)/sysconfig \
 			$(TOOLS_LIBDIR) $(TOOLS_DATADIR) \
 			$(ZFCPDUMP_DIR) $(SYSTEMDSYSTEMUNITDIR) \
-			$(LIB64DIR) $(USRINCLUDEDIR)
+			$(USRLIB64DIR) $(USRINCLUDEDIR)
 OWNER           = $(shell id -un)
 GROUP		= $(shell id -gn)
-export INSTALLDIR BINDIR LIBDIR LIB64DIR MANDIR OWNER GROUP
+export INSTALLDIR BINDIR LIBDIR USRLIB64DIR MANDIR OWNER GROUP
 
 # Special defines for zfcpdump
 ZFCPDUMP_IMAGE	= zfcpdump-image
diff --git a/libekmfweb/Makefile b/libekmfweb/Makefile
index 0212398c..50a22669 100644
--- a/libekmfweb/Makefile
+++ b/libekmfweb/Makefile
@@ -1,10 +1,13 @@
 include ../common.mak
 
+VERSION = 1.0
+VERM = $(shell echo $(VERSION) | cut -d '.' -f 1)
+
 ifneq (${HAVE_OPENSSL},0)
 	ifneq (${HAVE_JSONC},0)
 		ifneq (${HAVE_LIBCURL},0)
-			BUILD_TARGETS += libekmfweb.so
-			INSTALL_TARGETS += install-libekmfweb.so
+			BUILD_TARGETS += libekmfweb.so.$(VERSION)
+			INSTALL_TARGETS += install-libekmfweb.so.$(VERSION)
 		else
 			BUILD_TARGETS += skip-libekmfweb-curl
 			INSTALL_TARGETS += skip-libekmfweb-curl
@@ -64,22 +67,26 @@ ekmfweb.o: check-dep-libekmfweb ekmfweb.c utilities.h cca.h $(rootdir)include/ek
 utilities.o: check-dep-libekmfweb utilities.c utilities.h $(rootdir)include/ekmfweb/ekmfweb.h
 cca.o: check-dep-libekmfweb cca.c cca.h utilities.h $(rootdir)include/ekmfweb/ekmfweb.h
 
-libekmfweb.so: ALL_CFLAGS += -fPIC
-libekmfweb.so: LDLIBS = -ljson-c -lcrypto -lssl -lcurl -ldl -shared
-libekmfweb.so: LDFLAGS = -shared -Wl,--version-script=libekmfweb.map \
-	-Wl,-z,defs,-Bsymbolic
-libekmfweb.so: ekmfweb.o utilities.o cca.o
+libekmfweb.so.$(VERSION): ALL_CFLAGS += -fPIC
+libekmfweb.so.$(VERSION): LDLIBS = -ljson-c -lcrypto -lssl -lcurl -ldl
+libekmfweb.so.$(VERSION): ALL_LDFLAGS += -shared -Wl,--version-script=libekmfweb.map \
+	-Wl,-z,defs,-Bsymbolic -Wl,-soname,libekmfweb.so.$(VERM)
+libekmfweb.so.$(VERSION): ekmfweb.o utilities.o cca.o
 	$(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@
+	ln -srf libekmfweb.so.$(VERSION) libekmfweb.so.$(VERM)
+	ln -srf libekmfweb.so.$(VERSION) libekmfweb.so
 
-install-libekmfweb.so: libekmfweb.so
-	$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libekmfweb.so $(DESTDIR)$(LIB64DIR)/libekmfweb.so
+install-libekmfweb.so.$(VERSION): libekmfweb.so.$(VERSION)
+	$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION)
+	ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERM)
+	ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so
 	$(INSTALL) -d -m 770 $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb
 	$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 $(rootdir)include/ekmfweb/ekmfweb.h $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb
 
 install: all $(INSTALL_TARGETS)
 
 clean:
-	rm -f *.o libekmfweb.so check-dep-libekmfweb detect-openssl-version.dep
+	rm -f *.o libekmfweb.so* check-dep-libekmfweb detect-openssl-version.dep
 
 .PHONY: all install clean skip-libekmfweb-openssl skip-libekmfweb-jsonc \
-	skip-libekmfweb-curl install-libekmfweb.so
+	skip-libekmfweb-curl install-libekmfweb.so.$(VERSION)
diff --git a/zkey/ekmfweb/Makefile b/zkey/ekmfweb/Makefile
index 42e3937f..79a16cb5 100644
--- a/zkey/ekmfweb/Makefile
+++ b/zkey/ekmfweb/Makefile
@@ -1,5 +1,8 @@
 include ../../common.mak
 
+VERSION = 1.0
+VERM = $(shell echo $(VERSION) | cut -d '.' -f 1)
+
 all: zkey-ekmfweb.so
 
 libs = $(rootdir)/libutil/libutil.a
@@ -8,7 +11,7 @@ export LIBRARY_PATH = $(rootdir)/libekmfweb:$LIBRARY_PATH
 
 zkey-ekmfweb.o: zkey-ekmfweb.c zkey-ekmfweb.h ../kms-plugin.h \
 	../cca.h ../utils.h ../pkey.h ../properties.h \
-	$(rootdir)include/ekmfweb/ekmfweb.h $(rootdir)/libekmfweb/libekmfweb.so
+	$(rootdir)include/ekmfweb/ekmfweb.h libekmfweb.dep
 
 properties.o: ../properties.c ../properties.h
 	$(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@
@@ -26,9 +29,9 @@ utils.o: ../utils.c ../utils.h ../pkey.h ../cca.h ../ep11.h
 	$(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@
 
 zkey-ekmfweb.so: ALL_CFLAGS += -fPIC
-zkey-ekmfweb.so: LDLIBS = -lekmfweb -ldl -lcrypto -shared
-zkey-ekmfweb.so: LDFLAGS = -shared -Wl,--version-script=zkey-ekmfweb.map \
-	-Wl,-z,defs,-Bsymbolic
+zkey-ekmfweb.so: LDLIBS = -lekmfweb -ldl -lcrypto
+zkey-ekmfweb.so: ALL_LDFLAGS += -shared -Wl,--version-script=zkey-ekmfweb.map \
+	-Wl,-z,defs,-Bsymbolic -Wl,-soname,zkey-ekmfweb.so.$(VERM)
 zkey-ekmfweb.so: zkey-ekmfweb.o properties.o pkey.o cca.o ep11.o utils.o $(libs)
 	$(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@
 
@@ -36,13 +39,18 @@ install-libekmfweb.dep:
 	$(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) install
 	touch install-libekmfweb.dep
 
+libekmfweb.dep:
+	$(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) all
+	touch libekmfweb.dep
+
 install: all install-libekmfweb.dep zkey-ekmfweb.so
 	$(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1
 	$(INSTALL) -m 644 -c zkey-ekmfweb.1 $(DESTDIR)$(MANDIR)/man1
-	$(INSTALL) -d -m 755 $(DESTDIR)$(LIB64DIR)
-	$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(LIB64DIR)/zkey-ekmfweb.so
+	$(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR)
+	$(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR)/zkey
+	$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(USRLIB64DIR)/zkey/zkey-ekmfweb.so
 
 clean:
-	rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep
+	rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep libekmfweb.dep
 
 .PHONY: all install clean
\ No newline at end of file
diff --git a/zkey/kms.c b/zkey/kms.c
index 46427e6e..b2ce165a 100644
--- a/zkey/kms.c
+++ b/zkey/kms.c
@@ -40,6 +40,7 @@
 
 #define ENVVAR_ZKEY_KMS_PLUGINS		"ZKEY_KMS_PLUGINS"
 #define DEFAULT_KMS_PLUGINS		"/etc/zkey/kms-plugins.conf"
+#define KMS_PLUGIN_LOCATION		"/usr/lib64/zkey"
 
 #define KMS_CONFIG_FILE			"kms.conf"
 #define KMS_CONFIG_PROP_KMS		"kms"
@@ -209,6 +210,7 @@ static int load_kms_plugin(const char *plugin,
 			   void **plugin_lib, char **plugin_name, bool verbose)
 {
 	kms_get_functions_t _kms_get_functions;
+	char load_so_name[PATH_MAX];
 	char *so_name = NULL;
 	FILE *fp = NULL;
 	char line[4096];
@@ -258,15 +260,26 @@ static int load_kms_plugin(const char *plugin,
 		goto out;
 	}
 
+	/* Try to load via LD_LIBRARY_PATH first */
+	snprintf(load_so_name, sizeof(load_so_name), "%s", so_name);
 	pr_verbose(verbose, "Loading KMS plugin '%s': '%s'", *plugin_name,
-		   so_name);
-	*plugin_lib = dlopen(so_name, RTLD_GLOBAL | RTLD_NOW);
+		   load_so_name);
+	*plugin_lib = dlopen(load_so_name, RTLD_GLOBAL | RTLD_NOW);
 	if (*plugin_lib == NULL) {
-		pr_verbose(verbose, "%s", dlerror());
-		warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name,
-		      so_name);
-		rc = -ELIBACC;
-		goto out;
+		/* Try to load from default plugin location */
+		snprintf(load_so_name, sizeof(load_so_name), "%s/%s",
+			 KMS_PLUGIN_LOCATION, so_name);
+		pr_verbose(verbose, "Loading KMS plugin '%s': '%s'",
+			   *plugin_name, load_so_name);
+
+		*plugin_lib = dlopen(load_so_name, RTLD_GLOBAL | RTLD_NOW);
+		if (*plugin_lib == NULL) {
+			pr_verbose(verbose, "%s", dlerror());
+			warnx("Failed to load KMS plugin '%s': '%s'",
+			      *plugin_name, load_so_name);
+			rc = -ELIBACC;
+			goto out;
+		}
 	}
 
 	_kms_get_functions = (kms_get_functions_t)dlsym(*plugin_lib,
@@ -274,7 +287,7 @@ static int load_kms_plugin(const char *plugin,
 	if (_kms_get_functions == NULL) {
 		pr_verbose(verbose, "%s", dlerror());
 		warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name,
-		      so_name);
+		      load_so_name);
 		rc = -ELIBACC;
 		goto out;
 	}
@@ -283,13 +296,13 @@ static int load_kms_plugin(const char *plugin,
 	if (*kms_functions == NULL) {
 		pr_verbose(verbose, "kms_get_functions() reutned NULL");
 		warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name,
-		      so_name);
+		      load_so_name);
 		rc = -ELIBACC;
 		goto out;
 	}
 
 	pr_verbose(verbose, "Successfully loaded KMS plugin '%s': '%s' (API "
-			    "version: %u)", *plugin_name, so_name,
+			    "version: %u)", *plugin_name, load_so_name,
 			    (*kms_functions)->api_version);
 
 out: