cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-2042430 ] NTLM Windows SSPI code is not thread safe

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Sun, 10 Aug 2008 02:55:51 +0000

Bugs item #2042430, was opened at 2008-08-08 02:07
Message generated for change (Comment added) made by yangtse
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2042430&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: bad behaviour
Status: Open
Resolution: Accepted
Priority: 5
Private: No
Submitted By: Constantine Sapuntzakis (csapuntz)
Assigned to: Daniel Stenberg (bagder)
Summary: NTLM Windows SSPI code is not thread safe

Initial Comment:
The NTLM Windows SSPI code uses static globals to keep track of a DLL and interface (see http_ntlm.c).

The attached patch moves the globals into the connectdata structure. The lifetime of the loaded
DLL and interface will be the the same as the previous implementation (the connection), but the race condition is removed.

----------------------------------------------------------------------

Comment By: Yang Tse (yangtse)
Date: 2008-08-10 02:55

Message:
Logged In: YES
user_id=1590006
Originator: NO

Since Constantine is certainly working on this SSPI area.

Wouldn't it be interesting to get rid of the loadlibrary (dlopen) stuff
and link with that library in the same way ws2_32 and others are used ? Its
only 20 Kb more or less.

Would this be technically possible Constantine, or is dynamic linking
mandatory for some obscure reason ?

Makefiles could be adjusted to link with 'secur32' when SSPI is required.
And if someone still requires it to work on Windows NT then 'security'
should be used instead of 'secur32'.

Just thinking outloud

----------------------------------------------------------------------

Comment By: Constantine Sapuntzakis (csapuntz)
Date: 2008-08-10 00:16

Message:
Logged In: YES
user_id=669005
Originator: YES

What do you think of loading the DLL once at curl_global_init() time and
unloading it
at curl_global_cleanup()?

Patch attached.
File Added: curl-ntlm-thread-safe-sspi-v2.diff

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2008-08-08 21:50

Message:
Logged In: YES
user_id=1110
Originator: NO

This seems to load the DLLs a little bit more often than necessary. Won't
it make more sense to add the new struct members to (somewhere in) the
SessionHandle struct?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2042430&group_id=976
Received on 2008-08-10

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET