626862 – Review Request: cntlm - Fast NTLM authentication proxy with tunneling

Bug 626862 - Review Request: cntlm - Fast NTLM authentication proxy with tunneling

Summary: Review Request: cntlm - Fast NTLM authentication proxy with tunneling

Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:	(Show other bugs)
Version:	rawhide
Hardware:	All Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody's working on this, feel free to take it
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Keywords:	Reopened
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-08-24 15:12 UTC by Matt Domsch
Modified:	2015-09-24 13:49 UTC (History)
CC List:	5 users (show)
Fixed In Version:	cntlm-0.35.1-5.el5
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-09-24 13:49:22 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:
Flags:	praveen_paladugu: fedora-review+ kevin: fedora-cvs+

Attachments	(Terms of Use)
build.log (46 bytes, text/plain) 2010-08-24 15:13 UTC, Matt Domsch	no flags	Details
rpmlint.log (48 bytes, text/plain) 2010-08-24 15:13 UTC, Matt Domsch	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description Matt Domsch 2010-08-24 15:12:28 UTC

Spec URL: http://domsch.com/linux/fedora/cntlm/SPECS/cntlm.spec
SRPM URL: http://domsch.com/linux/fedora/cntlm/SRPMS/cntlm-0.35.1-2.fc13.src.rpm
Description: 
Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling,
authenticated connection caching, ACLs, proper daemon logging and behavior
and much more. It has up to ten times faster responses than similar NTLM
proxies, while using by orders or magnitude less RAM and CPU. Manual page
contains detailed information.

Comment 1 Matt Domsch 2010-08-24 15:13:22 UTC

Created attachment 440684 [details]
build.log

Comment 2 Matt Domsch 2010-08-24 15:13:52 UTC

Created attachment 440685 [details]
rpmlint.log

Comment 3 Praveen K Paladugu 2010-08-25 16:32:49 UTC

Couple of items to fix:

1) the daemon command has to be moved out of comments
2) the killproc has to be moved out of comments.
3) %{_initrddir} is deprecated. Please use %{_initddir} instead in %files section.
4) The build log has the following message: 
  /bin/sh: line 4: @echo: command not found
   This refers to the following line in Makefile:
@echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf"


Rpmlint: 
rpmlint cntlm-0.35.1-3.fc12.x86_64.rpm
   cntlm.x86_64: E: non-readable /etc/cntlm.conf 0600
   cntlm.x86_64: W: missing-lsb-keyword Default-Stop in /etc/rc.d/init.d/cntlmd
   cntlm.x86_64: W: incoherent-subsys /etc/rc.d/init.d/cntlmd $prog

Please fix the above lint erorrs and warnings.

Comment 4 Matt Domsch 2010-08-25 17:40:52 UTC

The rpmlint messages are all bogus.  The conf file can have a password in it in plaintext, so must not be readable by more than root by default.  The missing-lsb-keyword warning is crap, because the packaging guidelines say if there's no Default-Start line, then there must also not be a Default-Stop line.  The incoherent-subsys warning likewise comes from the guidelines-recommended common initscript.

I did fix items 1-4, and changed ownership of the /var/run/cntlm directory where the daemon's pid file will live, as the pid file is created as user cntlm (after dropping root privs).

-3 version posted, same URLs as above.

Comment 5 Praveen K Paladugu 2010-08-26 20:24:00 UTC

One more thing, 

In the init script (/etc/init.d/cntlmd), 
The variable "prog" is assigned "cntlmd" and in the stop() function, killproc is called with "$prog" as argument. The actual executable that is running is "/usr/sbin/cntlm", so the "killproc $prog" function will not kill the running process.


If the "prog" variable is assigned "cntlm" instead of "cntlmd", everything should be good.


Praveen

Comment 6 Matt Domsch 2010-08-27 00:45:44 UTC

Actually, killproc kills by the value stored in $pidfile, which it expects to find in /var/run/$prog.pid.  We were creating it in /var/run/ctlm/ctlmd.pid, which is bad.  Moving it up a dir into /var/run, we can avoid packaging /var/run/ctlm/ at all.

I'll make that change.

Anything else, or can you approve it and I"ll make the change at checkin?

Comment 7 Matt Domsch 2010-08-27 00:50:16 UTC

nope, that won't work either - it writes the pidfile after dropping privs.  So we need to pass -p $pidfile to killproc.

Comment 8 Matt Domsch 2010-08-27 02:42:54 UTC

version -4 posted, which only fixes the initscript to be sure daemon uses the right config file, and killproc and status both take the pidfile argument.

See URL above.

Comment 9 Praveen K Paladugu 2010-08-30 18:58:26 UTC

Version 4 Looks goods. 

Please go ahead and request CVS access.


Praveen

Comment 10 Matt Domsch 2010-08-31 03:07:29 UTC

New Package SCM Request
=======================
Package Name: cntlm
Short Description: Fast NTLM authentication proxy with tunneling
Owners: mdomsch
Branches: f12 f13 f14 el5 el6
InitialCC:

Comment 11 Kevin Fenzi 2010-09-01 19:33:49 UTC

Git done (by process-git-requests).

Comment 12 Fedora Update System 2010-09-01 21:06:23 UTC

cntlm-0.35.1-5.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5

Comment 13 Fedora Update System 2010-09-02 02:26:50 UTC

cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cntlm'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5

Comment 14 Fedora Update System 2010-09-02 04:45:45 UTC

cntlm-0.35.1-4.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc14

Comment 15 Fedora Update System 2010-09-02 04:46:36 UTC

cntlm-0.35.1-4.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc13

Comment 16 Fedora Update System 2010-09-02 04:47:10 UTC

cntlm-0.35.1-4.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc12

Comment 17 Fedora Update System 2010-09-11 03:30:36 UTC

cntlm-0.35.1-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2010-09-11 08:59:53 UTC

cntlm-0.35.1-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2010-09-11 09:10:01 UTC

cntlm-0.35.1-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2010-09-16 16:29:21 UTC

cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Marcelo Barbosa "firemanxbr" 2015-09-21 13:16:36 UTC

Package Change Request
======================
Package Name: cntlm
New Branches: epel7
Owners: mdomsch firemanxbr

Note You need to log in before you can comment on or make changes to this bug.