Bug 626862 - Review Request: cntlm - Fast NTLM authentication proxy with tunneling
Review Request: cntlm - Fast NTLM authentication proxy with tunneling
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-24 11:12 EDT by Matt Domsch
Modified: 2015-09-24 09:49 EDT (History)
5 users (show)

See Also:
Fixed In Version: cntlm-0.35.1-5.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-24 09:49:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
praveen_paladugu: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)
build.log (46 bytes, text/plain)
2010-08-24 11:13 EDT, Matt Domsch
no flags Details
rpmlint.log (48 bytes, text/plain)
2010-08-24 11:13 EDT, Matt Domsch
no flags Details

  None (edit)
Description Matt Domsch 2010-08-24 11:12:28 EDT
Spec URL: http://domsch.com/linux/fedora/cntlm/SPECS/cntlm.spec
SRPM URL: http://domsch.com/linux/fedora/cntlm/SRPMS/cntlm-0.35.1-2.fc13.src.rpm
Description: 
Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling,
authenticated connection caching, ACLs, proper daemon logging and behavior
and much more. It has up to ten times faster responses than similar NTLM
proxies, while using by orders or magnitude less RAM and CPU. Manual page
contains detailed information.
Comment 1 Matt Domsch 2010-08-24 11:13:22 EDT
Created attachment 440684 [details]
build.log
Comment 2 Matt Domsch 2010-08-24 11:13:52 EDT
Created attachment 440685 [details]
rpmlint.log
Comment 3 Praveen K Paladugu 2010-08-25 12:32:49 EDT
Couple of items to fix:

1) the daemon command has to be moved out of comments
2) the killproc has to be moved out of comments.
3) %{_initrddir} is deprecated. Please use %{_initddir} instead in %files section.
4) The build log has the following message: 
  /bin/sh: line 4: @echo: command not found
   This refers to the following line in Makefile:
@echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf"


Rpmlint: 
rpmlint cntlm-0.35.1-3.fc12.x86_64.rpm
   cntlm.x86_64: E: non-readable /etc/cntlm.conf 0600
   cntlm.x86_64: W: missing-lsb-keyword Default-Stop in /etc/rc.d/init.d/cntlmd
   cntlm.x86_64: W: incoherent-subsys /etc/rc.d/init.d/cntlmd $prog

Please fix the above lint erorrs and warnings.
Comment 4 Matt Domsch 2010-08-25 13:40:52 EDT
The rpmlint messages are all bogus.  The conf file can have a password in it in plaintext, so must not be readable by more than root by default.  The missing-lsb-keyword warning is crap, because the packaging guidelines say if there's no Default-Start line, then there must also not be a Default-Stop line.  The incoherent-subsys warning likewise comes from the guidelines-recommended common initscript.

I did fix items 1-4, and changed ownership of the /var/run/cntlm directory where the daemon's pid file will live, as the pid file is created as user cntlm (after dropping root privs).

-3 version posted, same URLs as above.
Comment 5 Praveen K Paladugu 2010-08-26 16:24:00 EDT
One more thing, 

In the init script (/etc/init.d/cntlmd), 
The variable "prog" is assigned "cntlmd" and in the stop() function, killproc is called with "$prog" as argument. The actual executable that is running is "/usr/sbin/cntlm", so the "killproc $prog" function will not kill the running process.


If the "prog" variable is assigned "cntlm" instead of "cntlmd", everything should be good.


Praveen
Comment 6 Matt Domsch 2010-08-26 20:45:44 EDT
Actually, killproc kills by the value stored in $pidfile, which it expects to find in /var/run/$prog.pid.  We were creating it in /var/run/ctlm/ctlmd.pid, which is bad.  Moving it up a dir into /var/run, we can avoid packaging /var/run/ctlm/ at all.

I'll make that change.

Anything else, or can you approve it and I"ll make the change at checkin?
Comment 7 Matt Domsch 2010-08-26 20:50:16 EDT
nope, that won't work either - it writes the pidfile after dropping privs.  So we need to pass -p $pidfile to killproc.
Comment 8 Matt Domsch 2010-08-26 22:42:54 EDT
version -4 posted, which only fixes the initscript to be sure daemon uses the right config file, and killproc and status both take the pidfile argument.

See URL above.
Comment 9 Praveen K Paladugu 2010-08-30 14:58:26 EDT
Version 4 Looks goods. 

Please go ahead and request CVS access.


Praveen
Comment 10 Matt Domsch 2010-08-30 23:07:29 EDT
New Package SCM Request
=======================
Package Name: cntlm
Short Description: Fast NTLM authentication proxy with tunneling
Owners: mdomsch
Branches: f12 f13 f14 el5 el6
InitialCC:
Comment 11 Kevin Fenzi 2010-09-01 15:33:49 EDT
Git done (by process-git-requests).
Comment 12 Fedora Update System 2010-09-01 17:06:23 EDT
cntlm-0.35.1-5.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5
Comment 13 Fedora Update System 2010-09-01 22:26:50 EDT
cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cntlm'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5
Comment 14 Fedora Update System 2010-09-02 00:45:45 EDT
cntlm-0.35.1-4.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc14
Comment 15 Fedora Update System 2010-09-02 00:46:36 EDT
cntlm-0.35.1-4.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc13
Comment 16 Fedora Update System 2010-09-02 00:47:10 EDT
cntlm-0.35.1-4.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc12
Comment 17 Fedora Update System 2010-09-10 23:30:36 EDT
cntlm-0.35.1-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2010-09-11 04:59:53 EDT
cntlm-0.35.1-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2010-09-11 05:10:01 EDT
cntlm-0.35.1-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2010-09-16 12:29:21 EDT
cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Marcelo Barbosa "firemanxbr" 2015-09-21 09:16:36 EDT
Package Change Request
======================
Package Name: cntlm
New Branches: epel7
Owners: mdomsch firemanxbr

Note You need to log in before you can comment on or make changes to this bug.