Bug 626862 - Review Request: cntlm - Fast NTLM authentication proxy with tunneling
Summary: Review Request: cntlm - Fast NTLM authentication proxy with tunneling
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review   
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords: Reopened
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-24 15:12 UTC by Matt Domsch
Modified: 2015-09-24 13:49 UTC (History)
5 users (show)

Fixed In Version: cntlm-0.35.1-5.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-24 13:49:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
praveen_paladugu: fedora-review+
kevin: fedora-cvs+


Attachments (Terms of Use)
build.log (46 bytes, text/plain)
2010-08-24 15:13 UTC, Matt Domsch
no flags Details
rpmlint.log (48 bytes, text/plain)
2010-08-24 15:13 UTC, Matt Domsch
no flags Details

Description Matt Domsch 2010-08-24 15:12:28 UTC
Spec URL: http://domsch.com/linux/fedora/cntlm/SPECS/cntlm.spec
SRPM URL: http://domsch.com/linux/fedora/cntlm/SRPMS/cntlm-0.35.1-2.fc13.src.rpm
Description: 
Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling,
authenticated connection caching, ACLs, proper daemon logging and behavior
and much more. It has up to ten times faster responses than similar NTLM
proxies, while using by orders or magnitude less RAM and CPU. Manual page
contains detailed information.

Comment 1 Matt Domsch 2010-08-24 15:13:22 UTC
Created attachment 440684 [details]
build.log

Comment 2 Matt Domsch 2010-08-24 15:13:52 UTC
Created attachment 440685 [details]
rpmlint.log

Comment 3 Praveen K Paladugu 2010-08-25 16:32:49 UTC
Couple of items to fix:

1) the daemon command has to be moved out of comments
2) the killproc has to be moved out of comments.
3) %{_initrddir} is deprecated. Please use %{_initddir} instead in %files section.
4) The build log has the following message: 
  /bin/sh: line 4: @echo: command not found
   This refers to the following line in Makefile:
@echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf"


Rpmlint: 
rpmlint cntlm-0.35.1-3.fc12.x86_64.rpm
   cntlm.x86_64: E: non-readable /etc/cntlm.conf 0600
   cntlm.x86_64: W: missing-lsb-keyword Default-Stop in /etc/rc.d/init.d/cntlmd
   cntlm.x86_64: W: incoherent-subsys /etc/rc.d/init.d/cntlmd $prog

Please fix the above lint erorrs and warnings.

Comment 4 Matt Domsch 2010-08-25 17:40:52 UTC
The rpmlint messages are all bogus.  The conf file can have a password in it in plaintext, so must not be readable by more than root by default.  The missing-lsb-keyword warning is crap, because the packaging guidelines say if there's no Default-Start line, then there must also not be a Default-Stop line.  The incoherent-subsys warning likewise comes from the guidelines-recommended common initscript.

I did fix items 1-4, and changed ownership of the /var/run/cntlm directory where the daemon's pid file will live, as the pid file is created as user cntlm (after dropping root privs).

-3 version posted, same URLs as above.

Comment 5 Praveen K Paladugu 2010-08-26 20:24:00 UTC
One more thing, 

In the init script (/etc/init.d/cntlmd), 
The variable "prog" is assigned "cntlmd" and in the stop() function, killproc is called with "$prog" as argument. The actual executable that is running is "/usr/sbin/cntlm", so the "killproc $prog" function will not kill the running process.


If the "prog" variable is assigned "cntlm" instead of "cntlmd", everything should be good.


Praveen

Comment 6 Matt Domsch 2010-08-27 00:45:44 UTC
Actually, killproc kills by the value stored in $pidfile, which it expects to find in /var/run/$prog.pid.  We were creating it in /var/run/ctlm/ctlmd.pid, which is bad.  Moving it up a dir into /var/run, we can avoid packaging /var/run/ctlm/ at all.

I'll make that change.

Anything else, or can you approve it and I"ll make the change at checkin?

Comment 7 Matt Domsch 2010-08-27 00:50:16 UTC
nope, that won't work either - it writes the pidfile after dropping privs.  So we need to pass -p $pidfile to killproc.

Comment 8 Matt Domsch 2010-08-27 02:42:54 UTC
version -4 posted, which only fixes the initscript to be sure daemon uses the right config file, and killproc and status both take the pidfile argument.

See URL above.

Comment 9 Praveen K Paladugu 2010-08-30 18:58:26 UTC
Version 4 Looks goods. 

Please go ahead and request CVS access.


Praveen

Comment 10 Matt Domsch 2010-08-31 03:07:29 UTC
New Package SCM Request
=======================
Package Name: cntlm
Short Description: Fast NTLM authentication proxy with tunneling
Owners: mdomsch
Branches: f12 f13 f14 el5 el6
InitialCC:

Comment 11 Kevin Fenzi 2010-09-01 19:33:49 UTC
Git done (by process-git-requests).

Comment 12 Fedora Update System 2010-09-01 21:06:23 UTC
cntlm-0.35.1-5.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5

Comment 13 Fedora Update System 2010-09-02 02:26:50 UTC
cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cntlm'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5

Comment 14 Fedora Update System 2010-09-02 04:45:45 UTC
cntlm-0.35.1-4.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc14

Comment 15 Fedora Update System 2010-09-02 04:46:36 UTC
cntlm-0.35.1-4.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc13

Comment 16 Fedora Update System 2010-09-02 04:47:10 UTC
cntlm-0.35.1-4.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc12

Comment 17 Fedora Update System 2010-09-11 03:30:36 UTC
cntlm-0.35.1-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2010-09-11 08:59:53 UTC
cntlm-0.35.1-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2010-09-11 09:10:01 UTC
cntlm-0.35.1-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2010-09-16 16:29:21 UTC
cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Marcelo Barbosa "firemanxbr" 2015-09-21 13:16:36 UTC
Package Change Request
======================
Package Name: cntlm
New Branches: epel7
Owners: mdomsch firemanxbr


Note You need to log in before you can comment on or make changes to this bug.