On Mon, Aug 29, 2011 at 04:25:52PM +0200, Yang Tse wrote:
> Dan, do you have some spare time to make existing implementation more
> signal safe/friendly? (Affected code located now in curl_ntlm_wb.c)

I'm not sure what the best approach is going to be. Perhaps just a new
CURLOPT option to enable whether or not the waitpid() call should be done
by libcurl or not. Also, if CURLOPT_NOSIGNAL isn't set, libcurl could
set the SIGCHLD signal to be ignored as it kills the daemon, but apparently,
that's hard to do portably and doesn't solve anything when CURLOPT_NOSIGNAL
is set.

For now, I've just updated the documentation to warn about the signal
problem.

> I wonder if we shouldn't be using directly winbind daemon's pipes and
> skip ntlm_auth altogether, this would also imply changes to
> test-harness fake_ntlm.c to convert it into a proper daemon. Just an
> idea.

Is there a winbind client library that libcurl can use instead of the
daemon? That would avoid the signals problem, but it might cause other
problems with latency on the multi interface if the winbind daemon could
take a long time to responsd.

> If no time will be available to properly fix this, shouldn't configure
> option for this NTLM authentication delegation to winbind using
> auth_ntlm helper default setting be changed to 'disabled' contrary to
> current setting which is 'enabled'? At least, no one would get
> surprised due to this feature.

Is winbind generally running by default on a Samba system nowadays? Perhaps
disabled would have been a better default for the moment if that's the case.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-09-14