Patch Name: PHCO_8130 Patch Description: s700_800 10.10 SAM cumulative patch Creation Date: 96/12/09 Post Date: 97/02/21 Hardware Platforms - OS Releases: s700: 10.10 s800: 10.10 Products: N/A Filesets: SystemAdmin.SAM SystemAdmin.SAM-HELP OS-Core.UX-CORE Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHCO_8130 Symptoms: PHCO_8130: - Certain parts of the Auditing and Security area are not 2000-safe. - The use of a public-writable directory by SAM permits unauthorized privileges. - Restricted SAM allows the user to change root password. - When adding a remote printer, if an alias is specified for the remote system it gets expanded to the fully-qualified domain name of the corresponding system name. PHCO_7354: - When adding an NIS user, SAM assumes you are using make, not ypmake. - rmterm.sh sets permissions on /etc/inittab improperly. - Authorized login times strings on trusted systems can cause data corruption. - PHCO_7257 causes SAM to break hardlink between /etc/logingroup and /etc/group. - SAM does not detect printers that are already setup. - SAM reports the rebuild priority of an Edison array incorrectly. - SAM hangs adding a group. - Functional area launcher shows local users only on NIS client. - Dates after the year 2000 confuse useradd.sam. - Non-alphanumeric characters are disallowed in login and group names. - The password for user sam_exec (used for remote SAM admin) can be discovered by unauthorized users. - SAM has problems adding certain printers, failing with "mksf: couldn't find driver matching arguments". - When adding a primary/secondary name server, if the server is not a member of the domain it serves, the NS and SOA records will be incorrect. - The DNS area doesn't allow the user to configure the "time-to-live" for a domain. - In the "Configure NS Resource Records" dialog, SAM creates an spcl.domain file with incorrect syntax. - Post-2000 dates are not set correctly via xntp. - DNS Switch configuration: incorrect field label is being printed in certain cases. - /usr/sam/lbin/dns_make_cache fails if the /bin -> /usr/bin transition link is missing. - The NTP server configuration ignores aliases. PHCO_6927: - SAM doesn't properly remove lvm disks when the disk selected is an ICE lun and that lun is the lvm alternate path to another ICE lun. (This problem doesn't occur in 10.20, which uses a new method of showing multipath devices.) - Incorrect alternate paths to ICE were being shown based on a pattern match of 16.1 == 16.10 == 16.1x. - Temporary device files left around when SAM is exited. - When a disk has marked usage, and the user switches between subareas in Disks/FS several times, "Use" column values grow. - The wrong firmware revision string for ICE is being reported by SAM. - In the backup and recovery area, JFS volumes are not listed for backup when local backup scope is selected. BR-> Interactive(or Automated) Backup-> Select Backup Scope-> Backup Scope: Local Filesystems. At this point SAM Backup & Recovery would not recognize a JFS filesystem as a local filesystem. This fix does not mean that Backup & Recovery FULLY supports JFS filesystems. Rather, it means that BR will act in the same way as it would an HFS filesystem. (No Snapshot Support) - Restricted SAM user gains unrestricted privileges. - These changes modify the KC area so that driver statement changes are recognized as kernel modifications that require a kernel regen and a reboot. The SNA folks need this to preserve the same "look and feel" as other kernel modifications that are already detected in this way. - 100VG and 100Base-T cards are not supported. - When changing an IP address, SAM returns an error: ch_hostip: Problem renaming "/etc/#hosts" to "/etc/hosts.old": No such file or directory (errno = 2). - DNS daemon named is shown to be running when it isn't, & vice versa. - Swverify produces the following message in /var/adm/sw/swagent.log: NOTE: Volatile file "/etc/sam/reg_dirs.db.old" missing. - If PHCO_6349 is installed, a diskless client will fail in the "SAM single point administration" rc script. PHCO_6349: - All system shutdowns done from SAM will hang forever if SAM is being run in the background. - In the "Modify Nice Priority" action of the Process Control OLE, any attempt to modify the nice priority produces a bogus error message. - DNS Resolver screen is munged. - Swagent.log contains a message about libsamsec.sl being busy. - sam.ui contains a 10.01 what string. - Help is not available on the Trusted Systems screen. - SAM does not correctly create user if uid 0 is reused. - When SAM adds a network printer, it does not give the user the option of adding the printer to their VUE front panel printer configuration. - "." is not allowed in domain and host names in some networking dialogs. - Setting class-id under DHCP ole generates an incorrect /etc/dhcptab. - DHCP sam(1m) ole prevents DNS name from being set. - The following error message is encountered in the Routine Tasks area: The command "find -print 2>/dev/null" has failed. Errno=2 (no such file or directory). - Some help links in the Users and Group area are missing. - SAM will not change the password for users with uid 0 and name other than 'root'. - No users icon shows up on NIS clients that were configured as clients using set_parms. - SAM does not allow a printer to be added to the last 16 ports of a J2096A 32-port MUX. - SAM doesn't properly convert the locale in a command in a .cb file. - With CA Unicenter running, if customer goes into SAM->Networking & Communications->Networked File Systems ->Exported Local File Systems they get an error from ch_exports saying that the file cannot be removed. - When going into the "Modify Array Configuration" screen, if the Edison(ICE) unit has active spare disabled, SAM incorrectly records that _auto include_ is disabled. When the user has made changes to this screen and hits "OK", because SAM has incorrectly recorded the state of the array, the wrong options are sent to the array to modify the configuration. The result is that the user's changes are not being propagated correctly and the array's state is not as the user desired. - On a system that has a TOSHIBA CD-ROM XM-5401 installed, the Tape Drives area would show this device in the list. Since it's not a tape drive, it shouldn't show on this list. Defect Description: PHCO_8130: - Various coding errors. PHCO_7354: - Various coding errors. - Authorized login times strings can cause data corruption. On a trusted system, the UG area of SAM allows you to specify a sequence of days and times when the user is allowed to log in to the system. This sequence of days and times is encoded and passed as a parameter to the to the modprpw command. Only 50 characters have been allocated to store this string by the modprpw command but the command does not check to make sure the parameter passed in is valid. Passing a string longer than 50 characters can result in data corruption. It is possible to select days and times in SAM (e.g. if you select to allow logging in during a different time period on each of the seven days of the week) that create an encoded string of more than 50 characters. SAM should disallow any combination of days and times that results in a string over 50 characters. - Function nnc_util_host_lookup() should use alias as part of fully qualified hostname only if field name is "xntp_te_server_peer_name" (from the XNTP screen only). - With PHCO_7354, SAM will recognize 100Base-T networking cards if the driver is installed. PHCO_6927: - Various coding errors. - New agreement on features between SAM partners. PHCO_6349: - The shutdown problem was discovered late in the 10.10 release and was issue a waiver, WR1010 1107-SAM-SHUTDOWN. - The renice(1) command contains a defect causing it to send status to stdout even when successful. - The DNS Resolver screen code contained a coding error. - When SAM is used to run Software Distributor to reinstall SAM, libsamsec.sl cannot be overwritten due to being busy. - sam.cb contains a what string that SAM depends on to detect that SD is reinstalling SAM. This what string was not updated for 10.10. It doesn't appear that this causes the user an problems. If it did, the symptom would be the task manager complaining about not being able to locate tasks. - Help files for Trusted Systems have been inadvertently omitted for all 10.x releases. - Users with uid 0 and names other than root were not always given root privileges. - A call to /opt/sharedprint/lbin/lp_vue_config was overlooked when adding network printers. - Regular expression error caused '.' to be disallowed in some networking dialogs. - Coding error caused DHCP to produce an incorrect /etc/dhcptab. - SAM executes the /usr/sam/lbin/listchk utility to create a customized list of logfiles for the host system. This utility will fail to create the customized list if it encounters a path in the master list of logfiles (contained in /usr/sam/lib/rt/logs.list) that does not exist on the system. The user will see an error message of the form: The command "find -print 2>/dev/null" has failed. Errno=2 (no such file or directory). The logs.list file is currently shipped with the following path included: /export/private/*/var/adm/sw/*.log This path is present only on diskless systems, and is usually the cause of the listchk failure. The "find" command fails because no such path exists on non-diskless systems. To fix this, listchk has been modified to treat "find" failures as non-fatal problems which cause the offending path to be ignored. A workaround is to create the /export/private directory before executing SAM. - Some help links were overlooked in the Users and Groups area. - rmdir() was being passed a null string, which does not work with the CA Unicenter commands. SR: 1653147025 5003310169 1653162024 5003306977 5000716050 5003337071 4701334763 Patch Files: /usr/sam/help/C/nnc/nnc.hv /usr/sam/help/C/nnc/nnc.hvk /usr/sam/help/C/nnc/nnc00.ht /usr/sam/help/C/ts/ts.hv /usr/sam/help/C/ts/ts.hvk /usr/sam/help/C/ts/ts00.ht /usr/sam/help/C/ug/ug.hv /usr/sam/help/C/ug/ug.hvk /usr/sam/help/C/ug/ug00.ht /usr/sam/lbin/listchk /usr/sam/lbin/ug_area_vis /usr/sam/lbin/upusrfiles /usr/sam/lib/C/boot.ui /usr/sam/lib/C/rt.cat /usr/sam/lib/C/sam.cb /usr/sam/lib/C/sam.ui /usr/sam/lib/kc/kc_com.sl /usr/sam/lib/lp/lp.sl /usr/sam/lib/nnc/boot.sl /usr/sam/lib/nnc/nnc.sl /usr/sam/lib/nnc/nnc.tm /usr/sam/lib/pm/pm.tm /usr/sam/lib/rt/rt.sl /usr/sam/lib/ug/ug.sl /usr/newconfig/etc/sam/reg_da.db /usr/newconfig/etc/sam/reg_files.db /usr/newconfig/etc/sam/reg_tm.db /usr/sam/lib/fal/fal.sl /usr/sbin/ch_exports /usr/sam/lib/fs/fs.sl /usr/sam/lib/C/fs_df_defs.h /usr/sam/lib/C/fs_addlvm.ui /usr/sam/lbin/ioparser.sh /usr/sam/bin/samlog_viewer /usr/sam/lib/br/br.sl /usr/sam/lib/fs/fs_com.sl /usr/sam/lib/fs/fs.tm /usr/sam/lbin/getkinfo /usr/sam/lbin/laninfo /usr/sam/lbin/ch_hostip /usr/sam/lib/kc/kc.tm /usr/sam/lbin/groupadd.sam /usr/sam/lbin/lpmgr /usr/sam/lbin/rmterm.sh /usr/sam/lbin/useradd.sam /usr/sam/lbin/userdel.sam /usr/sam/lbin/usermod.sam /usr/sam/lib/C/ug.ui /usr/sam/lib/C/ug.ut.ui /usr/sam/lib/ra/ra.sl /usr/sam/lib/ug/ug_comlib.sl /usr/sam/lib/ug/ug.tm /usr/sam/lib/sp/sp.sl /usr/sam/lbin/dns_make_cache /usr/sam/lib/C/dns.ui /usr/sam/lib/ts/ts.sl /usr/sam/help/C/lp/lp.hv /usr/sam/help/C/lp/lp.hvk /usr/sam/help/C/lp/lp00.ht /usr/sam/help/C/lp/lp01.ht /usr/sam/lib/C/sam.lp.cat /usr/sam/lib/C/sp.cat /usr/sam/lib/C/ts.ui /usr/sam/lib/C/ts.cat /usr/sam/lib/C/ug.cat what(1) Output: /usr/sam/help/C/nnc/nnc.hv: None /usr/sam/help/C/nnc/nnc.hvk: None /usr/sam/help/C/nnc/nnc00.ht: None /usr/sam/help/C/ts/ts.hv: None /usr/sam/help/C/ts/ts.hvk: None /usr/sam/help/C/ts/ts00.ht: None /usr/sam/help/C/ug/ug.hv: None /usr/sam/help/C/ug/ug.hvk: None /usr/sam/help/C/ug/ug00.ht: None /usr/sam/lbin/listchk: None /usr/sam/lbin/ug_area_vis: ug_area_vis $Revision: 72.1 $ /usr/sam/lbin/upusrfiles: $Revision: 72.13.1.1 $ /usr/sam/lib/C/boot.ui: None /usr/sam/lib/C/rt.cat: None /usr/sam/lib/C/sam.cb: None /usr/sam/lib/C/sam.ui: SAM 10.10 Patch PHCO_8130 - $Date: 97/02/05 10:04:58 $ - Tag PHCO_8130 /usr/sam/lib/kc/kc_com.sl: None /usr/sam/lib/lp/lp.sl: None /usr/sam/lib/nnc/boot.sl: None /usr/sam/lib/nnc/nnc.sl: SAM - NNC $Revision: 72.2 $ /usr/sam/lib/nnc/nnc.tm: $Header: nnc_msgs.h,v 72.45.1.1 96/06/04 17:34:57 hm gr Exp $ /usr/sam/lib/pm/pm.tm: None /usr/sam/lib/rt/rt.sl: None /usr/sam/lib/ug/ug.sl: None /usr/newconfig/etc/sam/reg_da.db: None /usr/newconfig/etc/sam/reg_files.db: $Header: fs.tm,v 72.144.1.1 96/02/23 16:13:25 hmgr E xp $ $Revision: 72.10 $ /usr/newconfig/etc/sam/reg_tm.db: None /usr/sam/lib/fal/fal.sl: None /usr/sbin/ch_exports: $Revision: 72.31 $ issubdir.c 1.2 90/07/23 4.1NFSSRC Copyr 1990 Su n Micro /usr/sam/lib/fs/fs.sl: None /usr/sam/lib/C/fs_df_defs.h: $Header: fs_df_defs.h,v 72.118.1.1 96/02/05 15:06:28 hmgr Exp $ */ /usr/sam/lib/C/fs_addlvm.ui: $Header: fs_addlvm.ui,v 72.48.1.1 96/02/09 14:30:16 hmgr Exp $ */ /usr/sam/lbin/ioparser.sh: $Header: ioparser.sh,v 72.47.1.2 96/11/22 15:57:32 h mgr Exp $ /usr/sam/bin/samlog_viewer: None /usr/sam/lib/br/br.sl: None /usr/sam/lib/fs/fs_com.sl: None /usr/sam/lib/fs/fs.tm: $Header: fs_errors.h,v 72.270.1.1 97/01/31 11:30:26 hmgr Exp $ */ $Header: fs.tm,v 72.144.1.2 97/01/31 11:10:30 hmgr E xp $ /usr/sam/lbin/getkinfo: SAM Kernel Discovery Tool: getkinfo $Revision: 72.7 $ /usr/sam/lbin/laninfo: $Revision: 72.18.1.2 $ /usr/sam/lbin/ch_hostip: $Revision: 72.7 $ File editing library $Revision: 72.1 $ /usr/sam/lib/kc/kc.tm: $Header: kc_errors.h,v 72.12 95/02/07 14:09:00 hmgr Exp $ */ $Header: kc_log.h,v 72.18 95/08/24 13:58:54 hmgr Exp $ */ /usr/sam/lbin/groupadd.sam: $Revision: 72.2 $ /usr/sam/lbin/lpmgr: $Header: lpmgr,v 72.25.1.3 96/11/08 15:46:59 hmgr Ex p $ /usr/sam/lbin/rmterm.sh: $Revision: 72.16.1.1 $ /usr/sam/lbin/useradd.sam: $Revision: 72.5 $ /usr/sam/lbin/userdel.sam: $Revision: 72.1 $ /usr/sam/lbin/usermod.sam: $Revision: 72.3 $ /usr/sam/lib/C/ug.ui: $Revision: 72.89.1.2 $ */ /usr/sam/lib/C/ug.ut.ui: None /usr/sam/lib/ra/ra.sl: None /usr/sam/lib/ug/ug_comlib.sl: None /usr/sam/lib/ug/ug.tm: $Header: ug_errmsg.h,v 72.104.1.2 96/06/21 16:57:25 hmgr Exp $*/ $Header: ug_errors.h,v 72.31.1.1 96/05/13 16:08:11 h mgr Exp $ */ /usr/sam/lib/sp/sp.sl: None /usr/sam/lbin/dns_make_cache: None /usr/sam/lib/C/dns.ui: None /usr/sam/lib/ts/ts.sl: None /usr/sam/help/C/lp/lp.hv: None /usr/sam/help/C/lp/lp.hvk: None /usr/sam/help/C/lp/lp00.ht: None /usr/sam/help/C/lp/lp01.ht: None /usr/sam/lib/C/sam.lp.cat: None /usr/sam/lib/C/sp.cat: None /usr/sam/lib/C/ts.ui: None /usr/sam/lib/C/ts.cat: None /usr/sam/lib/C/ug.cat: None cksum(1) Output: 957504624 87807 /usr/sam/help/C/nnc/nnc.hv 1562564889 38 /usr/sam/help/C/nnc/nnc.hvk 1409226509 437141 /usr/sam/help/C/nnc/nnc00.ht 2227880669 21545 /usr/sam/help/C/ts/ts.hv 1562564889 38 /usr/sam/help/C/ts/ts.hvk 958831249 87819 /usr/sam/help/C/ts/ts00.ht 177005846 41500 /usr/sam/help/C/ug/ug.hv 1562564889 38 /usr/sam/help/C/ug/ug.hvk 2047098048 185108 /usr/sam/help/C/ug/ug00.ht 1888965955 16384 /usr/sam/lbin/listchk 1079346103 16384 /usr/sam/lbin/ug_area_vis 3776409535 40960 /usr/sam/lbin/upusrfiles 3293171283 50360 /usr/sam/lib/C/boot.ui 1738275674 9354 /usr/sam/lib/C/rt.cat 247140070 14942 /usr/sam/lib/C/sam.cb 3591780371 1022 /usr/sam/lib/C/sam.ui 527203292 118784 /usr/sam/lib/kc/kc_com.sl 3815378108 159744 /usr/sam/lib/lp/lp.sl 1940055407 86016 /usr/sam/lib/nnc/boot.sl 967180256 593920 /usr/sam/lib/nnc/nnc.sl 2209440769 210901 /usr/sam/lib/nnc/nnc.tm 2317223557 8871 /usr/sam/lib/pm/pm.tm 896770343 61440 /usr/sam/lib/rt/rt.sl 797556304 409600 /usr/sam/lib/ug/ug.sl 785720881 1758 /usr/newconfig/etc/sam/reg_da.db 1675902357 5595 /usr/newconfig/etc/sam/reg_files.db 9652322 24958 /usr/newconfig/etc/sam/reg_tm.db 727301842 143360 /usr/sam/lib/fal/fal.sl 1057197213 36864 /usr/sbin/ch_exports 577659459 622592 /usr/sam/lib/fs/fs.sl 1843203502 65500 /usr/sam/lib/C/fs_df_defs.h 1562348579 18914 /usr/sam/lib/C/fs_addlvm.ui 3801967798 22785 /usr/sam/lbin/ioparser.sh 1857285492 53248 /usr/sam/bin/samlog_viewer 3089466269 131072 /usr/sam/lib/br/br.sl 3410784357 356352 /usr/sam/lib/fs/fs_com.sl 38668018 163018 /usr/sam/lib/fs/fs.tm 390957344 73728 /usr/sam/lbin/getkinfo 1131013370 20480 /usr/sam/lbin/laninfo 3652420893 45056 /usr/sam/lbin/ch_hostip 2951832166 35032 /usr/sam/lib/kc/kc.tm 3705890638 36864 /usr/sam/lbin/groupadd.sam 3982911749 142909 /usr/sam/lbin/lpmgr 2332597032 2942 /usr/sam/lbin/rmterm.sh 1649675415 53248 /usr/sam/lbin/useradd.sam 468619574 40960 /usr/sam/lbin/userdel.sam 1562049522 40960 /usr/sam/lbin/usermod.sam 433969639 61898 /usr/sam/lib/C/ug.ui 2318421407 98764 /usr/sam/lib/C/ug.ut.ui 772470682 28672 /usr/sam/lib/ra/ra.sl 2148053446 81920 /usr/sam/lib/ug/ug_comlib.sl 991234762 131314 /usr/sam/lib/ug/ug.tm 956784280 24576 /usr/sam/lib/sp/sp.sl 1274905607 874 /usr/sam/lbin/dns_make_cache 3480948372 22853 /usr/sam/lib/C/dns.ui 326003392 114688 /usr/sam/lib/ts/ts.sl 218117883 24331 /usr/sam/help/C/lp/lp.hv 1562564889 38 /usr/sam/help/C/lp/lp.hvk 692836842 112185 /usr/sam/help/C/lp/lp00.ht 1768625723 4331 /usr/sam/help/C/lp/lp01.ht 1764148603 24930 /usr/sam/lib/C/sam.lp.cat 610774849 4518 /usr/sam/lib/C/sp.cat 918212163 31308 /usr/sam/lib/C/ts.ui 1968240874 13530 /usr/sam/lib/C/ts.cat 68419745 54304 /usr/sam/lib/C/ug.cat Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: Since this is a SAM patch, filesets SystemAdmin.SAM and SystemAdmin.SAM-HELP should already exist on the system. ('swlist -l fileset SystemAdmin' will tell you this.) Supersedes: PHCO_6349 PHCO_6927 PHCO_7354 Equivalent Patches: None Patch Package Size: 5630 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_8130 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_8130.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_8130.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_8130. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_8130.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_8130.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Make sure SAM is not running before installing this patch.