From 8ba2153067b069860adbeb5edf9d3e086fdec1a4 Mon Sep 17 00:00:00 2001 From: Matt Domsch Date: Sep 01 2010 20:05:50 +0000 Subject: Initial import of cntlm after passing review --- diff --git a/.gitignore b/.gitignore index e69de29..b9b98c7 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/cntlm-0.35.1.tar.gz diff --git a/cntlm-0.35.1-Makefile.patch b/cntlm-0.35.1-Makefile.patch new file mode 100644 index 0000000..e52db0b --- /dev/null +++ b/cntlm-0.35.1-Makefile.patch @@ -0,0 +1,56 @@ +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal cntlm-0.35.1.orig/Makefile cntlm-0.35.1/Makefile +--- cntlm-0.35.1.orig/Makefile 2007-11-20 18:18:24.000000000 -0600 ++++ cntlm-0.35.1/Makefile 2010-08-25 12:24:44.556317839 -0500 +@@ -13,41 +13,34 @@ MANDIR=/usr/local/man + # + CC=gcc + OBJS=utils.o ntlm.o xcrypt.o config.o socket.o acl.o auth.o http.o proxy.o +-CFLAGS=$(FLAGS) -std=c99 -Wall -pedantic -O3 -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -DVERSION=\"`cat VERSION`\" +-LDFLAGS=-lpthread ++MYFLAGS=-std=c99 -pedantic -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -DVERSION=\"`cat VERSION`\" ++MYLDFLAGS=-lpthread + NAME=cntlm + VER=`cat VERSION` + DIR=`pwd` + + $(NAME): configure-stamp $(OBJS) + @echo "Linking $@" +- @$(CC) $(CFLAGS) -o $@ $(OBJS) $(LDFLAGS) ++ $(CC) $(CFLAGS) $(MYCFLAGS) -o $@ $(OBJS) $(LDFLAGS) $(MYLDFLAGS) + + proxy.o: proxy.c + @echo "Compiling $<" + @if [ -z "$(SYSCONFDIR)" ]; then \ +- $(CC) $(CFLAGS) -c proxy.c -o $@; \ ++ $(CC) $(CFLAGS) $(MYFLAGS) -c proxy.c -o $@; \ + else \ +- $(CC) $(CFLAGS) -DSYSCONFDIR=\"$(SYSCONFDIR)\" -c proxy.c -o $@; \ ++ $(CC) $(CFLAGS) $(MYFLAGS) -DSYSCONFDIR=\"$(SYSCONFDIR)\" -c proxy.c -o $@; \ + fi + + .c.o: + @echo "Compiling $<" +- @$(CC) $(CFLAGS) -c -o $@ $< ++ $(CC) $(CFLAGS) $(MYFLAGS) -c -o $@ $< + + install: $(NAME) +- # AIX? +- if [ -f /usr/bin/oslevel ]; then \ +- install -O root -G system -M 755 -S -f $(BINDIR) $(NAME); \ +- install -O root -G system -M 644 -f $(MANDIR)/man1 doc/$(NAME).1; \ +- install -O root -G system -M 600 -c $(SYSCONFDIR) doc/$(NAME).conf; \ +- else \ +- install -D -o root -g root -m 755 -s $(NAME) $(BINDIR)/$(NAME); \ +- install -D -o root -g root -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ +- [ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \ +- || install -D -o root -g root -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \ +- fi +- @echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf" ++ install -D -m 755 $(NAME) $(BINDIR)/$(NAME); \ ++ install -D -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ ++ [ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \ ++ || install -D -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \ ++ echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf" + + rpm: + if [ `id -u` = 0 ]; then \ diff --git a/cntlm.init b/cntlm.init new file mode 100644 index 0000000..964fe04 --- /dev/null +++ b/cntlm.init @@ -0,0 +1,173 @@ +#!/bin/sh +# +# cntlmd: Start/stop the cntlm proxy. +# +# chkconfig: - 26 89 +# Description: Cntlm is meant to be given your proxy address and becomming +# the primary proxy then, listening on a selected local port. +# You point all your proxy-aware programs to it and don't ever +# have to deal with proxy authentication again. +# +### BEGIN INIT INFO +# Provides: cntlm +# Required-Start: $syslog $network $time +# Required-Stop: $syslog $network $time +# Short-Description: Authenticating HTTP accelerator for NTLM secured proxies +# Description: Cntlm is meant to be given your proxy address and becomming +# the primary proxy then, listening on a selected local port. +# You point all your proxy-aware programs to it and don't ever +# have to deal with proxy authentication again. +### END INIT INFO + +# Determining Linux RedHat/SuSE +# +# /etc/redhat-release +# /etc/SuSE-release + +SuSE=false +RedHat=false + +if [ -f /etc/SuSE-release ]; then + SuSE=true +elif [ -f /etc/redhat-release ]; then + RedHat=true +else + echo "Error: your platform is not supported by $0" > /dev/stderr + exit 1 +fi + +# Source function library SuSE/RedHat. + +if $SuSE; then + if [ -f /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions + else + echo "Error: your platform is not supported by $0" > /dev/stderr + exit 1 + fi +else + if [ -f /etc/init.d/functions ]; then + . /etc/init.d/functions + else + echo "Error: your platform is not supported by $0" > /dev/stderr + exit 1 + fi +fi + +[ -r /etc/sysconfig/cntlmd ] && . /etc/sysconfig/cntlmd + +# First reset status of this service SuSE/RedHat + +if $SuSE; then + rc_reset +else + RETVAL=0 +fi + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +# Shell functions sourced from /etc/rc.status only on SuSE Linux: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +test -f $DAEMON || exit 5 + +start() { + # Start daemons. + echo -n "Starting $DESC: " + + if $SuSE; then + startproc -p $PIDFILE $DAEMON $OPTARGS 2>/dev/null + rc_status -v + else + daemon cntlm $OPTARGS 2>/dev/null + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch $LOCKFILE + return $RETVAL + fi +} + +stop() { + echo -n "Shutting down $DESC: " + + if $SuSE; then + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -p $PIDFILE -TERM $DAEMON + + # Remember status and be verbose + rc_status -v + + else + killproc cntlm + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f $LOCKFILE + return $RETVAL + fi +} + + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + echo -n "Checking for $DESC: " + + if $SuSE; then + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $PIDFILE $DAEMON + rc_status -v + else + status cntlm + fi + ;; + restart|reload) + stop + start + ;; + *) + echo $"Usage: $0 {start|stop|restart|status}" + exit 1 +esac + +if $SuSE; then + rc_exit +else + exit $RETVAL +fi diff --git a/cntlm.init.fedora b/cntlm.init.fedora new file mode 100644 index 0000000..f494862 --- /dev/null +++ b/cntlm.init.fedora @@ -0,0 +1,109 @@ +#!/bin/sh +# +# cntlmd: Start/stop the cntlm proxy. +# +# chkconfig: - 26 89 +# description: Cntlm is meant to be given your proxy address and becomming \ +# the primary proxy then, listening on a selected local port. \ +# You point all your proxy-aware programs to it and don't ever \ +# have to deal with proxy authentication again. \ + + +### BEGIN INIT INFO +# Provides: cntlm +# Required-Start: $syslog $network $time +# Required-Stop: $syslog $network $time +# Short-Description: Authenticating HTTP accelerator for NTLM secured proxies +# Description: Cntlm is meant to be given your proxy address and becomming +# the primary proxy then, listening on a selected local port. +# You point all your proxy-aware programs to it and don't ever +# have to deal with proxy authentication again. +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +exec="/usr/sbin/cntlm" +prog="cntlmd" +config="/etc/cntlm.conf" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon $exec -c $config $OPTARGS + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $PIDFILE $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic + status + status -p $PIDFILE $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 + {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/cntlm.spec b/cntlm.spec new file mode 100644 index 0000000..08c8d8f --- /dev/null +++ b/cntlm.spec @@ -0,0 +1,99 @@ +Summary: Fast NTLM authentication proxy with tunneling +Name: cntlm +Version: 0.35.1 +Release: 4%{?dist} +License: GPLv2+ +Group: System Environment/Daemons +URL: http://cntlm.sourceforge.net/ +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +Source1: cntlm.init +Source2: cntlm.init.fedora +Source3: cntlm.sysconfig +Patch0: cntlm-0.35.1-Makefile.patch +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(pre): shadow-utils + +%description +Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling, +authenticated connection caching, ACLs, proper daemon logging and behavior +and much more. It has up to ten times faster responses than similar NTLM +proxies, while using by orders or magnitude less RAM and CPU. Manual page +contains detailed information. + +%prep +%setup -q +%patch0 -p1 + +%build +%configure +make %{?_smp_mflags} + +%install +rm -rf %{buildroot} +make BINDIR=%{buildroot}%{_sbindir} MANDIR=%{buildroot}%{_mandir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install + +install -D -m 0755 %{SOURCE2} %{buildroot}%{_initddir}/cntlmd +install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/cntlmd +mkdir -p -m 0755 %{buildroot}%{_localstatedir}/run/%{name} + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc LICENSE README COPYRIGHT +%{_sbindir}/%{name} +%{_mandir}/man1/%{name}.1* +%{_initddir}/cntlmd +%attr(-,cntlm,cntlm) %{_localstatedir}/run/%{name} +%config(noreplace) %{_sysconfdir}/%{name}.conf +%config(noreplace) %{_sysconfdir}/sysconfig/cntlmd + +%pre +getent group %{name} > /dev/null || groupadd -r %{name} +getent passwd %{name} > /dev/null || \ + useradd -r -g %{name} -d %{_localstatedir}/run/%{name} -s /sbin/nologin \ + -c "%{name} daemon" %{name} +exit 0 + +%post +/sbin/chkconfig --add cntlmd +exit 0 + +%preun +if [ $1 = 0 ]; then + /sbin/service cntlmd stop > /dev/null 2>&1 + /sbin/chkconfig --del cntlmd +fi +exit 0 + +%postun +if [ "$1" -ge "1" ]; then + /sbin/service cntlmd condrestart > /dev/null 2>&1 || : +fi +exit 0 + +%changelog +* Thu Aug 26 2010 Matt Domsch - 0.35.1-4 +- initscript: use pidfile to killproc + +* Wed Aug 25 2010 Matt Domsch - 0.35.1-3 +- additional fixes per package review + +* Tue Aug 24 2010 Matt Domsch - 0.35.1-2 +- updated spec to match Fedora packaging guidelines + +* Fri Jul 27 2007 Radislav Vrnata +- added support for SuSE Linux + +* Wed Jul 26 2007 Radislav Vrnata +- fixed pre, post, preun, postun macros bugs affecting upgrade process + +* Mon May 30 2007 Since 0.28 maintained by + +* Mon May 28 2007 Radislav Vrnata +- Version 0.27 +- First release diff --git a/cntlm.sysconfig b/cntlm.sysconfig new file mode 100644 index 0000000..b6e19b1 --- /dev/null +++ b/cntlm.sysconfig @@ -0,0 +1,15 @@ +# +# DAEMON Location of the binary +# PIDFILE Make sure that you or, if used, -U uid can create/write it +# TIMEOUT How long to wait before forcing cntlm to stop with a second +# signal when active connections are still not finished +# RUNAS Name or number of the non-privileged account to run as +# + +DAEMON=/usr/sbin/cntlm +PIDFILE=/var/run/cntlm/cntlmd.pid +LOCKFILE=/var/lock/subsys/cntlmd +TIMEOUT=5 +RUNAS=cntlm +DESC="CNTLM Authentication Proxy" +OPTARGS="-U $RUNAS -P $PIDFILE" diff --git a/sources b/sources index e69de29..dd833dd 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +95c4f76829624db9440795a36c626ebd cntlm-0.35.1.tar.gz