Patch Name: PHSS_10565 Patch Description: s700_800 10.20 HP DCE/9000 1.5 cumulative patch Creation Date: 97/08/14 Post Date: 97/08/15 Repost: 98/04/28 A problem has been discovered with replacement patch PHSS_12953. The control scripts in the patch cause numerous error messages to be logged to the SD-UX log files during installation. PHSS_10565 will be re-released until a replacement patch is available. Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: HP DCE/9000 1.5 Filesets: DCE-CDS-Server.CDS-SERVER,B.10.20 DCE-Core.DCE-CORE-DTS,B.10.20 DCE-Core.DCE-CORE-RUN,B.10.20 DCE-Core.DCE-CORE-SHLIB,B.10.20 DCE-CoreAdmin.DCE-CDSBROWSER,B.10.20 DCE-CoreTools.DCE-BPRG,B.10.20 DCE-SEC-Server.SEC-SERVER,B.10.20 DFS-Core.DFS-CLIENT,B.10.20 DFS-Core.DFS-COMMON,B.10.20 DFS-NFSgateway.DFS-NFS-SERVER,B.10.20 IntegratedLogin.AUTH-COMMON,B.10.20 IntegratedLogin.AUTH-DCE,B.10.20 Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_10565 Symptoms: PHSS_10565: 1. The cma_fork() function can cause a deadlock if another thread has the global mutex locked. We now lock the global mutex before locking any of the other internal mutexes. Fixed in libcma.1, libcma.a. 2. The login context could become corrupt due to the incorrect usage of local variable. Now we return the login context rather than assigning it a passed parameter. Fixed in libdce.1. 3. The dtsd daemon core dumps intermittently on shutdown/cleanup (ShutDownRPC) due to a variable, "profileName", being rpc_string_free'd incorrectly. The "rpc_string_free (&profileName, &status)" has been removed from dtss_service_global_set.c and checks for NULL in transport_rpc.c were added. Fixed in dtsd. 4. The ftpd.auth command will die during simultaneous calls to ftp due to execessive memory usage and swapping. The memory usage of the command was optimized. Fixed in libdceauth.sl. 5. Data checking improvements were added to chsh.auth and chfn.auth. Fixed in chsh.auth, chfn.auth. 6. The PHSS_9394-95 cdsadv core dumps dealing with rpc input-only arguments upon rpc retries. Now, input arguments are reconstructed on rpc failures. Fixed in cdsadv. 7. The cdsd daemon crashes when reading an acl that is too large. Generated acls are now checked to ensure that they are within the proper size range. Fixed in cdsd. 8. Data checking improvements were added to passwd.auth. Fixed in passwd.auth. 9. There is excess logging in the error.log when trying to execute rpc_mgmt_inq_server_princ_name to find a global server name, but not having a fully-bound binding (even when there wasn't a global server configured). A routine has been inserted to ensure we have a fully-bound binding before attempting the rpc_mgmt_inq_server_princ_name() routine. Fixed in dtsd. 10. A dce_login into a foreign cell fails if one of the security servers in the foreign cell is down since the local ps_site file does not contain RPC string bindings for foreign cells and a retry does not import bindings from the name space. A fix was added so that the import handle is not closed after the RPC bindings have been imported. Fixed in Fixed in libdce.1, libdce.a, secd, sec_create_db, sec_salvage_db, klist, kinit, kdestroy, dfsgw, dfsgwd. 11. The passwd_export binary has improved its handling of applying group overrides. Fixed in passwd_export. 12. Improvements have been made to clean up some credential structures. Fixed in libdce.1, dced. 13. The cdsadv binary core dumps on the Security and Directory master server during intercell system testing. The method os allocating idl supplied memory was improved. Fixed in libdce.1. 14. The cdsd daemon was getting a bug error in the security/krb code. Error handling was changed to deal with cursor initialization and allocation. Fixed in libdce.1, cdsd. 15. Improvements were made to the error handling in the dce_db_open_file() function. Fixed in libdce.1. 16. Some invalid login attempts were not recorded when they should have been. Flow control improvements were made so that all cases where preauthentication was attempted, and failed, will be recorded as invalid login attempts. Fixed in libdce.1. 17. Improvements were made to dce_db_fetch_by_uuid so it returned a local copy of IDL-allocated structure and thus improved cdsadv performance. Fixed in libdce.1, libdce.a. 18. The GSS-API has been updated to conform to the latest Kerberos and GSS-API standards, while making other changes to accomodate the non- conformance of oldce DCE amd MIS GSS-API implementations. Fixed in libdce.a, libdce.1, secd, gssapi.h. 19. If clients wait for a long period of time to do an rpc_binding_import(), the call will fail since the clerk thread was deactivated in the meantime. A fix was added to allow the clerk thread to restart and handle the request properly. Fixed in libdce.1. 20. The cdsd daemon does not checkpoint. Fixed in cdsd. 21. Allow the sec_login_krb5_add_cred symbol to be exported in the international version of libdce. Fixed in libdce.1. 22. The rgy_edit command will abort will an "unexpected file type" message due to a problem in the fstat loop. It has been fixed so that if it returns an error it will not check the file type. Fixed in libcma.1, libcma.a. 23. The internal fstat() and rlimit() calls were updated to use the 64 bit interfaces and structures (fstat64 and rlimit64) to support 64bit file access in CMA threads. Fixed in libcma.1, libcma.a. 24. Updated klist to report correct information when dealing with the year 2000 and beyond. Fixed in klist. 25. Fix the memory allocation strategy of the config- file reader function to avoid having tools core dump. Fixed in libdce.1, libdce.a. 26. There were duplicate self entries for each host principal in cdsbrowser. The return value of sec_get_base was corrected to avoid this scenario. Fixed in cdsbrowser. 27. The "registry show -master" command was not binding correctly in all cases. The -master option will now use a different mechanism to obtain the binding information. Fixed in dcecp, libdcecp.sl. 28. Add a field to cma_g_file_obj to save the file type. This way if this is a pipe and the user has not set it to non- blocking mode, then we need to call fstat again to get the amount of space left in the pipe, before attempting the write(). Continue this process until we have written the number of bytes passed to cma_write(). Fixed in libcma.a, libcma.1. 29. Serialisation of connect requests are done only when connections are made to the same server address space. Fixed in libdce.1. 30. Improvements to the error handling were added to dce_error_inq_text() to handle unix error codes. Fixed in libdce.1, libdce.a. 31. The cds clerk spins. A fix was added to change cached handle flush. Fixed in cdsadv. 32. The cdsadv binary was changed so there is no longer a conflict between variable name TIMEOUT_P and macro definitions. Fixed in cdsadv. 33. Improvements to cdsadv to use rpc memory bookkeeping to deal with freeing memory. Fixed in cdsadv. 34. Modifications were made to pwd_strengthd to improve error handling. Fixed in pwd_strengthd. 35. The dced daemon leaks stub allocated memory from the dce_db_fetch_by_uuid() call. The dced daemon and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. There is ineffective code in both dced and the security runtime to free this memory. Fixed in dced and dcecp. 36. Add a test for variable KRB5CCNAME before starting dtsd. Fixed in /sbin/init.d/dce startup script. 37. A threads wrapper ensures a complete buffer transfer when send() is called in a blocking mode. Fixed in libcma.1, libcma.1. 38. Modified dce.h to add defined(__cplusplus) for _DCE_TOKENCONCAT_. Fixed in dce.h. 39. IDL and header files are now installed in /usr/include/dce. Fixed with dce_attr_base.idl, dce_attr_sch.idl, dce_attr_base.h, dce_attr_sch.h. 40. Use rpc_sm_free() instead of rpc_sm_client_free(). Fixed in libdce.1. 41. The dce_acl_obj_add_*() functions check for illegal entries, the acldb uses rpc_sm_client_free() instead of rpc_sm_free(), dce_acl_obj_add_obj supports for needed types of ACL's, dce_acl_copy_acl() handles foreign_id differently. Fixed in libdce.1. 42. Allow dfs to export logical volume aggregates with the same logical volume number even when in different volume groups. Fixed in dfs_core.ext. 43. Connection oriented RPC 'maybe' calls result in segmentation violation. Need to properly initialize iovlen. Fixed in libdce.1 and libdce.a. 44. Customer cannot use SD to install software on machines containing only FDDI networking. Fixed in libdce.1, libdce.a. 45. Improve calulation of pe_site lines by only using replicas that are not "marked for deletion" in the calculation. Fixed in dced. 46. The credentials refreshed by Integrated Login (screen unlock) are not certified. Fixed in dceexec. 47. The cdsd daemon was modificed to deal with a crash in db_btree_copy_keys(). Fixed in cdsd. 48. The cdsd daemon core dumps on startup with playback error. A fix was added to deal with splitting data buffers properly. Fixed in cdsd. 49. The logic for requesting the number of interfaces from the kernel in the RPC runtime changed to deal with large numbers of network interfaces. Fixed in libdce.1, libdce.a. 50. Changes to the context rundown procedure were implemented to deal with a deadlock. Fixed in libdce.1. PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10. Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11. Various credentials data.db file problems associated with cdsadv. 12. Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13. The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14. Error in handling timeout in CreateLink. 15. Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16. Bad output from deb_ascii_ptr_to_buf(). 17. ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18. cdsd crashed during system test due to mishandling of DBSet as Set. 19. The ds_read() call fails on objects that represent cds directories. 20. IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21. A user reported that their KRB application caused secd to crash with a segementation violation. 22. secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23. If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24. Need to NULL pepper pointer after freeing. 25. Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26. The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27. Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28. cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29. If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30. "kdestroy -e" is sometimes flushing host credentials. 31. When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32. dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33. DTS Spectracom Provider does not configure. 34. cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35. When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36. Principals with keys that have a zero length pepper cannot validate their DCE identity. 37. cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38. An incorrect radix is set. Sams couldn't handle field width specifier properly. 39. You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40. The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41. The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42. dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: DESCRIBE THE RECOMMENDED CHANGE (briefly): Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43. When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44. The credentials refreshed by Integrated Login (screen unlock) are not certified. 45. There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46. A svc error message was incorrectly formatted. 47. Internal code fix for memory management. 48. There is a memory leak in sec_login_pvt and krb_info. 49. When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50. The DFS-NFS gateway panics when the user's credentials expire. 51. Several memory leaks and other memory fixes for secd. 52. When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53. Incorrect data typing resulted in an incorrect uid being used. 54. When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55. Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56. dced leaks memory with each sec_login_validate_identity. 57. KRB5CCNAME is set up with a bogus value for passwd_override accounts. Defect Description: PHSS_10565: 1. The cma_fork() function can cause a deadlock if another thread has the global mutex locked. We now lock the global mutex before locking any of the other internal mutexes. Fixed in libcma.1, libcma.a. 2. The login context could become corrupt due to the incorrect usage of local variable. Now we return the login context rather than assigning it a passed parameter. Fixed in libdce.1. 3. The dtsd daemon core dumps intermittently on shutdown/cleanup (ShutDownRPC) due to a variable, "profileName", being rpc_string_free'd incorrectly. The "rpc_string_free (&profileName, &status)" has been removed from dtss_service_global_set.c and checks for NULL in transport_rpc.c were added. Fixed in dtsd. 4. The ftpd.auth command will die during simultaneous calls to ftp due to execessive memory usage and swapping. The memory usage of the command was optimized. Fixed in libdceauth.sl. 5. Data checking improvements were added to chsh.auth and chfn.auth. Fixed in chsh.auth, chfn.auth. 6. The PHSS_9394-95 cdsadv core dumps dealing with rpc input-only arguments upon rpc retries. Now, input arguments are reconstructed on rpc failures. Fixed in cdsadv. 7. The cdsd daemon crashes when reading an acl that is too large. Generated acls are now checked to ensure that they are within the proper size range. Fixed in cdsd. 8. Data checking improvements were added to passwd.auth. Fixed in passwd.auth. 9. There is excess logging in the error.log when trying to execute rpc_mgmt_inq_server_princ_name to find a global server name, but not having a fully-bound binding (even when there wasn't a global server configured). A routine has been inserted to ensure we have a fully-bound binding before attempting the rpc_mgmt_inq_server_princ_name() routine. Fixed in dtsd. 10. A dce_login into a foreign cell fails if one of the security servers in the foreign cell is down since the local ps_site file does not contain RPC string bindings for foreign cells and a retry does not import bindings from the name space. A fix was added so that the import handle is not closed after the RPC bindings have been imported. Fixed in Fixed in libdce.1, libdce.a, secd, sec_create_db, sec_salvage_db, klist, kinit, kdestroy, dfsgw, dfsgwd. 11. The passwd_export binary has improved its handling of applying group overrides. Fixed in passwd_export. 12. Improvements have been made to clean up some credential structures. Fixed in libdce.1, dced. 13. The cdsadv binary core dumps on the Security and Directory master server during intercell system testing. The method os allocating idl supplied memory was improved. Fixed in libdce.1. 14. The cdsd daemon was getting a bug error in the security/krb code. Error handling was changed to deal with cursor initialization and allocation. Fixed in libdce.1, cdsd. 15. Improvements were made to the error handling in the dce_db_open_file() function. Fixed in libdce.1. 16. Some invalid login attempts were not recorded when they should have been. Flow control improvements were made so that all cases where preauthentication was attempted, and failed, will be recorded as invalid login attempts. Fixed in libdce.1. 17. Improvements were made to dce_db_fetch_by_uuid so it returned a local copy of IDL-allocated structure and thus improved cdsadv performance. Fixed in libdce.1, libdce.a. 18. The GSS-API has been updated to conform to the latest Kerberos and GSS-API standards, while making other changes to accomodate the non- conformance of oldce DCE amd MIS GSS-API implementations. Fixed in libdce.a, libdce.1, secd, gssapi.h. 19. If clients wait for a long period of time to do an rpc_binding_import(), the call will fail since the clerk thread was deactivated in the meantime. A fix was added to allow the clerk thread to restart and handle the request properly. Fixed in libdce.1. 20. The cdsd daemon does not checkpoint. Fixed in cdsd. 21. Allow the sec_login_krb5_add_cred symbol to be exported in the international version of libdce. Fixed in libdce.1. 22. The rgy_edit command will abort will an "unexpected file type" message due to a problem in the fstat loop. It has been fixed so that if it returns an error it will not check the file type. Fixed in libcma.1, libcma.a. 23. The internal fstat() and rlimit() calls were updated to use the 64 bit interfaces and structures (fstat64 and rlimit64) to support 64bit file access in CMA threads. Fixed in libcma.1, libcma.a. 24. Updated klist to report correct information when dealing with the year 2000 and beyond. Fixed in klist. 25. Fix the memory allocation strategy of the config- file reader function to avoid having tools core dump. Fixed in libdce.1, libdce.a. 26. There were duplicate self entries for each host principal in cdsbrowser. The return value of sec_get_base was corrected to avoid this scenario. Fixed in cdsbrowser. 27. The "registry show -master" command was not binding correctly in all cases. The -master option will now use a different mechanism to obtain the binding information. Fixed in dcecp, libdcecp.sl. 28. Add a field to cma_g_file_obj to save the file type. This way if this is a pipe and the user has not set it to non- blocking mode, then we need to call fstat again to get the amount of space left in the pipe, before attempting the write(). Continue this process until we have written the number of bytes passed to cma_write(). Fixed in libcma.a, libcma.1. 29. Serialisation of connect requests are done only when connections are made to the same server address space. Fixed in libdce.1. 30. Improvements to the error handling were added to dce_error_inq_text() to handle unix error codes. Fixed in libdce.1, libdce.a. 31. The cds clerk spins. A fix was added to change cached handle flush. Fixed in cdsadv. 32. The cdsadv binary was changed so there is no longer a conflict between variable name TIMEOUT_P and macro definitions. Fixed in cdsadv. 33. Improvements to cdsadv to use rpc memory bookkeeping to deal with freeing memory. Fixed in cdsadv. 34. Modifications were made to pwd_strengthd to improve error handling. Fixed in pwd_strengthd. 35. The dced daemon leaks stub allocated memory from the dce_db_fetch_by_uuid() call. The dced daemon and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. There is ineffective code in both dced and the security runtime to free this memory. Fixed in dced and dcecp. 36. Add a test for variable KRB5CCNAME before starting dtsd. Fixed in /sbin/init.d/dce startup script. 37. A threads wrapper ensures a complete buffer transfer when send() is called in a blocking mode. Fixed in libcma.1, libcma.1. 38. Modified dce.h to add defined(__cplusplus) for _DCE_TOKENCONCAT_. Fixed in dce.h. 39. IDL and header files are now installed in /usr/include/dce. Fixed with dce_attr_base.idl, dce_attr_sch.idl, dce_attr_base.h, dce_attr_sch.h. 40. Use rpc_sm_free() instead of rpc_sm_client_free(). Fixed in libdce.1. 41. The dce_acl_obj_add_*() functions check for illegal entries, the acldb uses rpc_sm_client_free() instead of rpc_sm_free(), dce_acl_obj_add_obj supports for needed types of ACL's, dce_acl_copy_acl() handles foreign_id differently. Fixed in libdce.1. 42. Allow dfs to export logical volume aggregates with the same logical volume number even when in different volume groups. Fixed in dfs_core.ext. 43. Connection oriented RPC 'maybe' calls result in segmentation violation. Need to properly initialize iovlen. Fixed in libdce.1 and libdce.a. 44. Customer cannot use SD to install software on machines containing only FDDI networking. Fixed in libdce.1, libdce.a. 45. Improve calulation of pe_site lines by only using replicas that are not "marked for deletion" in the calculation. Fixed in dced. 46. The credentials refreshed by Integrated Login (screen unlock) are not certified. Fixed in dceexec. 47. The cdsd daemon was modificed to deal with a crash in db_btree_copy_keys(). Fixed in cdsd. 48. The cdsd daemon core dumps on startup with playback error. A fix was added to deal with splitting data buffers properly. Fixed in cdsd. 49. The logic for requesting the number of interfaces from the kernel in the RPC runtime changed to deal with large numbers of network interfaces. Fixed in libdce.1, libdce.a. 50. Changes to the context rundown procedure were implemented to deal with a deadlock. Fixed in libdce.1. PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10. Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11. Various credentials data.db file problems associated with cdsadv. 12. Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13. The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14. Error in handling timeout in CreateLink. 15. Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16. Bad output from deb_ascii_ptr_to_buf(). 17. ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18. cdsd crashed during system test due to mishandling of DBSet as Set. 19. The ds_read() call fails on objects that represent cds directories. 20. IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21. A user reported that their KRB application caused secd to crash with a segementation violation. 22. secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23. If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24. Need to NULL pepper pointer after freeing. 25. Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26. The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27. Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28. cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29. If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30. "kdestroy -e" is sometimes flushing host credentials. 31. When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32. dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33. DTS Spectracom Provider does not configure. 34. cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35. When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36. Principals with keys that have a zero length pepper cannot validate their DCE identity. 37. cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38. An incorrect radix is set. Sams couldn't handle field width specifier properly. 39. You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40. The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41. The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42. dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: DESCRIBE THE RECOMMENDED CHANGE (briefly): Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43. When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44. The credentials refreshed by Integrated Login (screen unlock) are not certified. 45. There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46. A svc error message was incorrectly formatted. 47. Internal code fix for memory management. 48. There is a memory leak in sec_login_pvt and krb_info. 49. When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50. The DFS-NFS gateway panics when the user's credentials expire. 51. Several memory leaks and other memory fixes for secd. 52. When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53. Incorrect data typing resulted in an incorrect uid being used. 54. When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55. Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56. dced leaks memory with each sec_login_validate_identity. 57. KRB5CCNAME is set up with a bogus value for passwd_override accounts. SR: 1653169441 5003318519 Patch Files: /opt/dce/bin/dceexec /usr/lib/libdceauth.1 /usr/lib/security/libpam_dce.1 /usr/bin/login.auth /usr/bin/su.auth /usr/bin/passwd.auth /usr/bin/chsh.auth /usr/bin/chfn.auth /usr/lbin/ftpd.auth /usr/lib/nls/msg/C/passwd.au.cat /opt/dce/include/dce/dce.h /opt/dce/include/dce/dcelibmsg.h /opt/dce/include/dce/dce_attr_base.h /opt/dce/include/dce/dce_attr_base.idl /opt/dce/include/dce/dce_attr_sch.h /opt/dce/include/dce/dce_attr_sch.idl /opt/dce/include/dce/gssapi.h /opt/dce/lib/libcma.a /opt/dce/lib/libdce.a /opt/dce/bin/cdsbrowser /opt/dce/ext/dfs_client.ext /opt/dce/bin/dfs_config /opt/dce/ext/dfs_core.ext /opt/dce/bin/dfsgw /opt/dce/sbin/dfsgwd /opt/dce/sbin/pwd_strengthd /opt/dce/bin/sec_create_db /opt/dce/bin/sec_salvage_db /opt/dce/sbin/secd /opt/dce/sbin/cdsd /usr/lib/nls/msg/C/dcedcp.cat /usr/lib/nls/msg/C/dcelib.cat /usr/lib/libcma.1 /usr/lib/libdce.1 /opt/dce/sbin/dtsd /sbin/init.d/dce /opt/dce/sbin/auditd /opt/dce/sbin/cdsadv /opt/dce/bin/dcecp /opt/dce/sbin/dced /opt/dce/bin/kdestroy /opt/dce/bin/kinit /opt/dce/bin/klist /opt/dce/bin/passwd_export /opt/dce/examples/config/config.env /opt/dce/newconfig/etc/opt/dce/dce_com_utils /opt/dce/bin/dce_config /usr/lib/libdcedpvt.1 /usr/lib/libdcecp.1 what(1) Output: /opt/dce/bin/dceexec: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dcee xec (Export) Date: Aug 9 1997 00:54:11 /usr/lib/libdceauth.1: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libd ceauth.sl (U.S./Canada only) Date: Aug 8 19 97 20:47:26 /usr/lib/security/libpam_dce.1: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libp am_dce.1 (U.S./Canada only) Date: Aug 8 199 7 20:48:02 /usr/bin/login.auth: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: logi n.auth (Export) Date: Aug 9 1997 00:55:08 /usr/bin/su.auth: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: su.a uth (Export) Date: Aug 9 1997 00:55:23 /usr/bin/passwd.auth: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: pass wd.auth (Export) Date: Aug 9 1997 00:55:47 /usr/bin/chsh.auth: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: chsh .auth (Export) Date: Aug 9 1997 00:56:10 /usr/bin/chfn.auth: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: chfn .auth (Export) Date: Aug 9 1997 00:56:01 /usr/lbin/ftpd.auth: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: ftpd .auth (Export) Date: Aug 9 1997 00:54:50 /usr/lib/nls/msg/C/passwd.au.cat: None /opt/dce/include/dce/dce.h: None /opt/dce/include/dce/dcelibmsg.h: None /opt/dce/include/dce/dce_attr_base.h: None /opt/dce/include/dce/dce_attr_base.idl: None /opt/dce/include/dce/dce_attr_sch.h: None /opt/dce/include/dce/dce_attr_sch.idl: None /opt/dce/include/dce/gssapi.h: None /opt/dce/lib/libcma.a: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libc ma.a (Export) Date: Aug 8 1997 19:59:29 /opt/dce/lib/libdce.a: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libd ce.a (Export) Date: Aug 8 1997 20:48:40 /opt/dce/bin/cdsbrowser: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: cdsb rowser (Export) Date: Aug 9 1997 00:52:17 /opt/dce/ext/dfs_client.ext: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dfs_ client.ext Kernel Component - 10.x (U.S./Can ada only) Date: Aug 8 1997 22:29:04 /opt/dce/bin/dfs_config: HP DCE/9000 1.5 /opt/dce/ext/dfs_core.ext: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dfs_ core.ext Kernel Component - 10.x (Export) Da te: Aug 8 1997 22:59:43 /opt/dce/bin/dfsgw: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dfsg w (Export) Date: Aug 8 1997 22:56:12 /opt/dce/sbin/dfsgwd: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dfsg wd (Export) Date: Aug 8 1997 22:56:38 /opt/dce/sbin/pwd_strengthd: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: pwd_ strengthd (Export) Date: Aug 9 1997 00:56:3 6 /opt/dce/bin/sec_create_db: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: sec_ create_db (Export) Date: Aug 8 1997 22:05:5 1 /opt/dce/bin/sec_salvage_db: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: sec_ salvage_db (Export) Date: Aug 8 1997 22:06: 37 /opt/dce/sbin/secd: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: secd (Export) Date: Aug 8 1997 22:05:00 /opt/dce/sbin/cdsd: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: cdsd (Export) Date: Aug 8 1997 22:27:01 /usr/lib/nls/msg/C/dcedcp.cat: None /usr/lib/nls/msg/C/dcelib.cat: None /usr/lib/libcma.1: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libc ma.sl (Export) Date: Aug 8 1997 19:58:54 /usr/lib/libdce.1: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libd ce.sl (Export) Date: Aug 8 1997 20:47:06 /opt/dce/sbin/dtsd: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dtsd (Export) Date: Aug 8 1997 21:59:43 /sbin/init.d/dce: HP DCE/9000 1.5 /opt/dce/sbin/auditd: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: audi td (Export) Date: Aug 8 1997 22:04:38 /opt/dce/sbin/cdsadv: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: cdsa dv (Export) Date: Aug 8 1997 22:29:48 /opt/dce/bin/dcecp: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dcec p (Export) Date: Aug 8 1997 23:16:58 /opt/dce/sbin/dced: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: dced (Export) Date: Aug 8 1997 22:37:41 /opt/dce/bin/kdestroy: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: kdes troy (Export) Date: Aug 8 1997 22:10:13 /opt/dce/bin/kinit: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: kini t (Export) Date: Aug 8 1997 22:10:34 /opt/dce/bin/klist: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: klis t (Export) Date: Aug 8 1997 22:09:52 /opt/dce/bin/passwd_export: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: pass wd_export (Export) Date: Aug 8 1997 22:08:3 2 /opt/dce/examples/config/config.env: None /opt/dce/newconfig/etc/opt/dce/dce_com_utils: HP DCE/9000 1.5 /opt/dce/bin/dce_config: HP DCE/9000 1.5 /usr/lib/libdcedpvt.1: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libd cedpvt.sl (Export) Date: Aug 8 1997 21:31:3 8 /usr/lib/libdcecp.1: HP DCE/9000 1.5 PHSS_10565-66-davis_230 Module: libd cecp.sl (Export) Date: Aug 8 1997 21:53:34 cksum(1) Output: 2056670480 1207936 /opt/dce/bin/cdsbrowser 1485456176 77440 /opt/dce/sbin/pwd_strengthd 3795470781 2420352 /opt/dce/bin/sec_create_db 4100742734 2489984 /opt/dce/bin/sec_salvage_db 119883601 2432640 /opt/dce/sbin/secd 1406001875 888448 /opt/dce/sbin/cdsd 1059731745 71004 /usr/lib/nls/msg/C/dcedcp.cat 2618758552 1954 /usr/lib/nls/msg/C/dcelib.cat 455866844 524288 /usr/lib/libcma.1 656852940 4804608 /usr/lib/libdce.1 2026007053 364160 /opt/dce/sbin/dtsd 2460612896 24894 /sbin/init.d/dce 4137472360 208512 /opt/dce/sbin/auditd 945553991 585344 /opt/dce/sbin/cdsadv 1758992287 650880 /opt/dce/bin/dcecp 3441178788 1638016 /opt/dce/sbin/dced 1565288007 1384064 /opt/dce/bin/kdestroy 4048398535 1388160 /opt/dce/bin/kinit 3422632214 1388160 /opt/dce/bin/klist 1095699081 48768 /opt/dce/bin/passwd_export 829764956 3958 /opt/dce/examples/config/config.env 3933793600 31594 /opt/dce/newconfig/etc/opt/dce/ dce_com_utils 2184001806 177592 /opt/dce/bin/dce_config 3842527579 167936 /usr/lib/libdcedpvt.1 826470668 1343488 /usr/lib/libdcecp.1 1188135686 5457 /opt/dce/include/dce/dce.h 3613327145 2444 /opt/dce/include/dce/dcelibmsg.h 2543157273 724 /opt/dce/include/dce/dce_attr_base.h 2838051244 4633 /opt/dce/include/dce/dce_attr_base.idl 3025488597 4066 /opt/dce/include/dce/dce_attr_sch.h 1801047633 15970 /opt/dce/include/dce/dce_attr_sch.idl 759734464 22848 /opt/dce/include/dce/gssapi.h 1629048038 602636 /opt/dce/lib/libcma.a 613264777 6507900 /opt/dce/lib/libdce.a 2443307852 476016 /opt/dce/ext/dfs_client.ext 2409001261 93630 /opt/dce/bin/dfs_config 3090385589 844609 /opt/dce/ext/dfs_core.ext 3297652370 1420928 /opt/dce/bin/dfsgw 673619967 1437312 /opt/dce/sbin/dfsgwd 3449465267 77440 /opt/dce/bin/dceexec 594721307 110592 /usr/lib/libdceauth.1 1295087353 36864 /usr/lib/security/libpam_dce.1 3571273323 106112 /usr/bin/login.auth 3178361420 48768 /usr/bin/su.auth 538921363 147072 /usr/bin/passwd.auth 1927683851 36480 /usr/bin/chsh.auth 2118247868 40576 /usr/bin/chfn.auth 713520492 122496 /usr/lbin/ftpd.auth 3102586431 1007 /usr/lib/nls/msg/C/passwd.au.cat Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_9394 Equivalent Patches: None Patch Package Size: 36010 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_10565 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_10565.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_10565.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_10565. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_10565.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_10565.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: After installation, a reboot is required for this patch to take effect.