Patch Name: PHSS_18746 Patch Description: s700_800 10.24 (VVOS) HP DCE/9000 1.5 cumulative patch Creation Date: 99/06/07 Post Date: 99/06/23 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: HP DCE/9000 1.5 Filesets: DCE-Core.DCE-CORE-RUN,B.10.24 DCE-Core.DCE-CORE-SHLIB,B.10.24 DFS-Core.DFS-COMMON,B.10.24 Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_18746 Symptoms: PHSS_18746: Repackaged portions of HP-UX patches PHSS_16429 and PHSS_17596 for VVOS. Based on HP-UX patch PHSS_16429: 1. If password expiry time is set for a server, multiple keys are generated. 2. The user sees no effect of setting the ERA disable_time_interval if the value is small. 3. Enhancement Request to link libdcecp with libcdsutil and libcdscache. 4. An NCS application makes dced dump core. 5. dcecp reports internal disaster if LANG != C . 6. Request for credentials in sec_key_mgmt_manage_key() and dced every 10 minutes increases network traffic and affects performance. 7. Unnecessary log statement "mismatched seal" is added in the normal flow of code. 8. cdsd keeps the IP address in CDS_CHLastAddress even after it is removed. 9. Memory leak in RPC DG runtime due to the struct rpc_dg_pkt_pool_elt_t. 10. When super user performs 'su' to any other user, group access list from the DCE registry is not created. "id" does not show all the groups. 11. Need option for changing frequency of spawning ep_scavenger 12. An Application using hsearch() dumps core when built archived with libdce.a and libc. 13. logins are denied when ilogin is configured with -l ux -a dce if both dced and rpcd are not running. 14. When secd is started with -no_kdc option it dumps core 15. dce_config fails to configure cds client if nodename exists in two different DNS domains 16. Authentication audit events are not generated. 17. error commands in dcecp lead to core dump in international locales. 18. Swtools are experiencing the hang due to DMS. 19. UDP entries in the endpoint database gets deleted for servers running at well-known endpoints. Based on HP-UX patch PHSS_17596: 1. JAGaa92762: cma_poll() hogs CPU when the application is not multithreaded. Based on HP-UX patch PHSS_15731: 1. Errors during cell backup using tar lead to CDS and Security servers not being restarted. 2. klist displays year only in two digits even after the year 2000 e.g : 98/08/20:21:32:58 3. The rpc_mgmt_is_server_listening() hangs intermittently while using CN protocol. 4. Ansi C++ and threaded applications running on machines installed with the patch PHSS_12593-94 dumps core. 5. The 'errtext' command core dumps when displaying certain error text. 6. pthread_mutex_trylock dumps core if the mutex is not initialized. 7. Performance of an application calling cma_poll() degrades. The same is seen in cma_msgsnd(), cma_msgrcv() and cma_semop(). 8. write() on a socket does not write completely, if the write buffer(nbyte) is more than the socket/pipe buffer. 9. Zoneinfo files for Australia (NSW & Victoria) are not showing the correct EST & DST. So it will show the wrong time. 10. "dcecp> cdscache discard" command causes cdsadv abort if user is logged in as a normal user with dce_login as cell_admin. 11. An authenticated RPC that comes from a client with the different architecture (eg. little- endian) crashes a DCE daemon using CN protocol. 12. Changing DCE identitfy while using DFS ( by performing dce_login as another principal ), results in DFS error. 13. close() in child after fork in threaded process leads to deadlock. 14. For an anonymous ftp user, dceexec stays for 3 minutes. 15. If a principal is given a pre_auth_req attribute with value 2, during validation, gives an error message "Invalid password". 16. pthread_mutex_unlock dumps core if the mutex is not initialized. 17. When the max_invalid_attempts ERA is set and the registry is disabled, if a user exceeds the max_invalid_attempts number of logins secd aborts. 18. cdsadv intermittently goes into loop and may result in timeouts for CDS requests. 19. KRB5 error numbers are being evaluated as UNIX error numbers (errno). 20. dcecp memory leaks while modifying acls. 21. A program that sends bad packets to the rpcd kills rpcd. 22. dcecp commands core dump on some international locales .ie (LANG!=C). 23. libbb.a gets data linkage table overflow. Based on HP-UX patch PHSS_14920: 1. The patches PHSS_12593 or PHSS_10565 do not properly overlay on a previous patch which they supersede. (This patch differs from the patch PHSS_12593 only for minor changes to the SD control scripts. All the binaries in this patch and PHSS_12593 are identical. So when this patch is installed over PHSS_12593 and is subsequently backed out, it will directly restore the state prior to the installation of PHSS_12593) 2. Installation of DCE international patch on a DCE client system without the swinstall option "match_target=true" results in the complete patch filesets (including server bits) getting installed on the system leading to many WARNING messages. 3. After installing DCE domestic patch, an swverify fails for the binaries that are replaced by the domestic patch since the IPD (Install Product DB) for the corresponding international patch has not been updated. 4. ***IMPORTANT PLEASE NOTE -- Oracle 7.3.3 and above will need to be relinked. This patch contains changes to the libcma library. Applications such as Oracle that use this library and are built static will need to be relinked. For information and help for the rebuild please contact your Oracle support personnel. Based on HP-UX patch PHSS_12593: 1. passwd_export exports invalid accounts (e.g expired account or invalid password). passwd_export prints "...not enough space", when root entry is absent -X option is added to exclude invalid/expired accounts -l option is added to lock the invalid/expired accounts Passwd is locked for the account, in the exported file with a '*' in the passwd field, with following conditions : a) -l and -X are mutually exclusive b) entries in passwd_override file overrides the -l and -X options (for individual entries). c) In all other cases, apply -l or -X 2. Deadlock or hang of cdsadv threads on utc_gettime() call 3. Account Manager mishandles ERA attrset with more than one uuid - It was not possible to specify an extended registry attribute with multiple UUIDs. Fixed in the HPDCE Account Manager. 4. Thread I/O wrappers leave file descriptors in O_NONBLOCK mode at exit. If the file- discriptor(stdin) is left in non-blocking mode at exit, the shell inherits this and exits. Remote login sessions would get terminated if the shell exits. 5. DFS 1.5.1 (EFS) client cannot access /:/ if EISA 100VG is UP. 6. dceping makes use of stale information after re-configure of dce. After reconfiguring a node as a client to a different DCE cell, dceping continued to check for the old CDS server. Fixed in dce.rm. 7. dced hangs on startup when "starton boot" servers are configured. (dced is deadlocking in it's main thread when it attempts to start servers that are to be started at boottime.) 8. secd dumps with too long name, which results in Denial of Service Attack. This problem occurs when the principal/group/organisation name exceeds 1024 characters. 9. bad manpage for dcecp_cdsalias. The man of 'dcecp_cdsalias' hangs, with no output. Fixed manpage of dcecp_cdsalias. 10. Additional option (-l) provided for uuidgen to select the hardware address of lancard, in case of host with multiple lancards. Currently the uuidgen gets the address of the card with lowest NMID. Enhanced uuidgen. Usage available in the manpage of uuidgen. 11. dcecp cores when modifying acls of dced objects in local mode. When dcecp and dced are in local mode, using the 'acl modify' command on dced objects results in a core dump or hang. Fixed in dcecp. 12. secd is dumping core when client requests authentication but with wrong password in a keytab. This cumulates till the secd reaches the maxdsize about 70-80MBand then cores. A memory leak related code problem with secd. 13. 'select' returns wrong bits settings. cma_select() when timed out returns the bits (fd_mask) passed by the user without changing them. So, in case where it is a timeout we need to clear the bits. 14. dcecp directory list is not doing authentication. If you delete permissions for unauthenticated access from a directory ACL, then it was not possible to list that directory (using dcecp's 'dir list' command) even as an authenticated user. Fixed in dcecp. 15. cdsadv dumps core with segmentation violation if the user's authenticated request is cancelled before servicing the callback of the request. After the request is cancelled, all the data structures it was using will be freed up but the AUTH-callback request will be still hanging around in the conversation queue(convq). Fixed in libdce.1 16. acl_edit attempts to write to the ACL, even if no change is made to the ACL. acl_edit should accept quit as an alias for exit. 17. dce_login -r does not have mechanism to refresh DFS credentials. This will not allow access to DFS once the TGT has expired. If the user's home directory is on DFS, then access to home directory is denied. This may happen after CDE screen lock also. Fixed in libdce.1 18. Locking an uninitialized mutex dumps core.(Threaded FORTRAN 77 applications using CMA threads dumped core.) Solved by checking if the mutex has been initialized by the user or not befor locking. If it has not been initialized return -1 and set errno to EINVAL. 19. cdsd leaves pseudodir entries in clearinghouse when background thread is run.The status flag was not updated properly. 20. Occassionally DCE Application dumps core when compiled with -z option This problem occurs only when the application is compiled with -z option which is used for detecting null references. When the DCE client application receives a local cancel it forwards it to the server and sets a timeout value. If the timeout expires before a response to the cancel reaches the client the client program(call thread ) cleans up the data structures including the call-rep. The call rep will also be referenced by the receiver thread. When the receiver thread references the call-rep which already cleaned-up, it dumps core. Fixed in libdce.1. 21. dceping -C fails. When /tmp/cdsdHostname gets removed, the dceping asks for hostname of cdsd server. One enters the hostname and dceping continues to run fine. Problem is this breaks a cronjob in the process, which does dceping -C and fails 22. IDL compiler was generating incorrect server stub code when parameters' de-referencing was required. This problem was due to a earlier fix(PHSS_10565) in IDL compiler and may not be seen in all the releases. Fixed in IDL compiler. 23. IDL compiler -no_def_idir option does not work as specified in the manpage. Fixed in IDL compiler. 24. Unmarshalling the IDL pipe data type does not cause the exception to be popped of the stack as done during the normal unmarshalling. This results in the application abort(system panic in case of DFS) during the occurence of valid exeception due to mismatch in the TRY/CATCH exception blocks.Fixed in the IDL compiler. 25. When expanding /.:/sec/principal in cdsbrowser there are duplicate self entries for each host principal. There should be one host principal for each machine in the cell (/.:/sec/principal/hosts//self). Every self principal is duplicated in a cell with multiple hosts. There will be the same number of entries for each self principal as the number of hosts in the cell. 26. All occurences of include in DCE source code is changed to include . 27. There is a new function added cma__hp_sched_opt(): int cma__hp_sched_opt(int timer, long timer_interval, int timeslice_quanta, long rt_timer_interval) This function enables the user to set the Timer Signal, Interval, Quanta of his/her choice. This also enables the user to set the real time signal SIGALRM for a desired interval.Timer Q is checked at regular intervals specified by rt_timer_interval. A signal handler is established for SIGALRM if rt_timer_interval is specified. timer : ITIMER_VIRTUAL | ITIMER_PROF timer_interval : Interval for timer-signal corresponding to 'timer'. (in microsecs) timeslice_quanta : Quanta for each thread. rt_timer_interval : The interval for the real-time signal(SIGALRM). (in microsecs) 0 => real-time timer not set. Before calling this function the CMA would have set the defaults as: timer = ITIMER_VIRTUAL; timer_interval = 100ms; timeslice_quanta = 2; rt_timer_interval = 0; There are also 3 new environment variables added: CMA_HP_SCHED_OPT : This provides the same functionality as cma__hp_sched_opt(). Format is: export CMA_HP_SCHED_OPT="timer timer_interval timeslice_quanta rt_timer_interval" eg: export CMA_HP_SCHED_OPT="1 100000 2 0" would set the timer to ITIMER_VIRTUAL, interval to 100ms, quanta to 2 and does not set the real time signal. CMA_HP_CHECK_TIMERS_AT_YIELD: Setting this variable would result in checking the timer Q at yield. This would help to put threads from the timer Q to the ready Q if their time has already expired when we do a yield. CMA_CRASH_ON_FORCED_SWITCH: Setting this variable would result in the application exiting with bug check if the quanta of a thread expired and it was forced to context switch. This can be used for some debugging purposes and it is advised not to set this variable in the normal case. 28. Enable sams to correctly generate a message catalog (via gencat) outside of clearcase (ie. using -oc option). Based on HP-UX patch PHSS_10565: 1. The cma_fork() function can cause a deadlock if another thread has the global mutex locked. We now lock the global mutex before locking any of the other internal mutexes. Fixed in libcma.1, libcma.a. 2. The login context could become corrupt due to the incorrect usage of local variable. Now we return the login context rather than assigning it a passed parameter. Fixed in libdce.1. 3. The dtsd daemon core dumps intermittently on shutdown/cleanup (ShutDownRPC) due to a variable, "profileName", being rpc_string_free'd incorrectly. The "rpc_string_free (&profileName, &status)" has been removed from dtss_service_global_set.c and checks for NULL in transport_rpc.c were added. Fixed in dtsd. 4. The ftpd.auth command will die during simultaneous calls to ftp due to execessive memory usage and swapping. The memory usage of the command was optimized. Fixed in libdceauth.sl. 5. Data checking improvements were added to chsh.auth and chfn.auth. Fixed in chsh.auth, chfn.auth. 6. The PHSS_9394-95 cdsadv core dumps dealing with rpc input-only arguments upon rpc retries. Now, input arguments are reconstructed on rpc failures. Fixed in cdsadv. 7. The cdsd daemon crashes when reading an acl that is too large. Generated acls are now checked to ensure that they are within the proper size range. Fixed in cdsd. 8. Data checking improvements were added to passwd.auth. Fixed in passwd.auth. 9. There is excess logging in the error.log when trying to execute rpc_mgmt_inq_server_princ_name to find a global server name, but not having a fully-bound binding (even when there wasn't a global server configured). A routine has been inserted to ensure we have a fully-bound binding before attempting the rpc_mgmt_inq_server_princ_name() routine. Fixed in dtsd. 10.A dce_login into a foreign cell fails if one of the security servers in the foreign cell is down since the local ps_site file does not contain RPC string bindings for foreign cells and a retry does not import bindings from the name space. A fix was added so that the import handle is not closed after the RPC bindings have been imported. Fixed in libdce.1, libdce.a, secd, sec_create_db, sec_salvage_db, klist, kinit, kdestroy, dfsgw, dfsgwd. 11.The passwd_export binary has improved its handling of applying group overrides. Fixed in passwd_export. 12.Improvements have been made to clean up some credential structures. Fixed in libdce.1, dced. 13.The cdsadv binary core dumps on the Security and Directory master server during intercell system testing. The method os allocating idl supplied memory was improved. Fixed in libdce.1. 14.The cdsd daemon was getting a bug error in the security/krb code. Error handling was changed to deal with cursor initialization and allocation. Fixed in libdce.1, cdsd. 15.Improvements were made to the error handling in the dce_db_open_file() function. Fixed in libdce.1. 16.Some invalid login attempts were not recorded when they should have been. Flow control improvements were made so that all cases where preauthentication was attempted, and failed, will be recorded as invalid login attempts. Fixed in libdce.1. 17.Improvements were made to dce_db_fetch_by_uuid so it returned a local copy of IDL-allocated structure and thus improved cdsadv performance. Fixed in libdce.1, libdce.a. 18.The GSS-API has been updated to conform to the latest Kerberos and GSS-API standards, while making other changes to accomodate the non- conformance of oldce DCE amd MIS GSS-API implementations. Fixed in libdce.a, libdce.1, secd, gssapi.h. 19.If clients wait for a long period of time to do an rpc_binding_import(), the call will fail since the clerk thread was deactivated in the meantime. A fix was added to allow the clerk thread to restart and handle the request properly. Fixed in libdce.1. 20.The cdsd daemon does not checkpoint. Fixed in cdsd. 21.Allow the sec_login_krb5_add_cred symbol to be exported in the international version of libdce. Fixed in libdce.1. 22.The rgy_edit command will abort will an "unexpected file type" message due to a problem in the fstat loop. It has been fixed so that if it returns an error it will not check the file type. Fixed in libcma.1, libcma.a. 23.The internal fstat() and rlimit() calls were updated to use the 64 bit interfaces and structures (fstat64 and rlimit64) to support 64bit file access in CMA threads. Fixed in libcma.1, libcma.a. 24.Updated klist to report correct information when dealing with the year 2000 and beyond. Fixed in klist. 25.Fix the memory allocation strategy of the config- file reader function to avoid having tools core dump. Fixed in libdce.1, libdce.a. 26.There were duplicate self entries for each host principal in cdsbrowser. The return value of sec_get_base was corrected to avoid this scenario. Fixed in cdsbrowser. 27.The "registry show -master" command was not binding correctly in all cases. The -master option will now use a different mechanism to obtain the binding information. Fixed in dcecp, libdcecp.sl. 28.Add a field to cma_g_file_obj to save the file type. This way if this is a pipe and the user has not set it to non- blocking mode, then we need to call fstat again to get the amount of space left in the pipe, before attempting the write(). Continue this process until we have written the number of bytes passed to cma_write(). Fixed in libcma.a, libcma.1. 29.Serialisation of connect requests are done only when connections are made to the same server address space. Fixed in libdce.1. 30.Improvements to the error handling were added to dce_error_inq_text() to handle unix error codes. Fixed in libdce.1, libdce.a. 31.The cds clerk spins. A fix was added to change cached handle flush. Fixed in cdsadv. 32.The cdsadv binary was changed so there is no longer a conflict between variable name TIMEOUT_P and macro definitions. Fixed in cdsadv. 33.Improvements to cdsadv to use rpc memory bookkeeping to deal with freeing memory. Fixed in cdsadv. 34.Modifications were made to pwd_strengthd to improve error handling. Fixed in pwd_strengthd. 35.The dced daemon leaks stub allocated memory from the dce_db_fetch_by_uuid() call. The dced daemon and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. There is ineffective code in both dced and the security runtime to free this memory. Fixed in dced and dcecp. 36.Add a test for variable KRB5CCNAME before starting dtsd. Fixed in /sbin/init.d/dce startup script. 37.A threads wrapper ensures a complete buffer transfer when send() is called in a blocking mode. Fixed in libcma.1, libcma.1. 38.Modified dce.h to add defined(__cplusplus) for _DCE_TOKENCONCAT_. Fixed in dce.h. 39.IDL and header files are now installed in /usr/include/dce. Fixed with dce_attr_base.idl, dce_attr_sch.idl, dce_attr_base.h, dce_attr_sch.h. 40.Use rpc_sm_free() instead of rpc_sm_client_free(). Fixed in libdce.1. 41.The dce_acl_obj_add_*() functions check for illegal entries, the acldb uses rpc_sm_client_free() instead of rpc_sm_free(), dce_acl_obj_add_obj supports for needed types of ACL's, dce_acl_copy_acl() handles foreign_id differently. Fixed in libdce.1. 42.Allow dfs to export logical volume aggregates with the same logical volume number even when in different volume groups. Fixed in dfs_core.ext. 43.Connection oriented RPC 'maybe' calls result in segmentation violation. Need to properly initialize iovlen. Fixed in libdce.1 and libdce.a. 44.Customer cannot use SD to install software on machines containing only FDDI networking. Fixed in libdce.1, libdce.a. 45.Improve calulation of pe_site lines by only using replicas that are not "marked for deletion" in the calculation. Fixed in dced. 46.The credentials refreshed by Integrated Login (screen unlock) are not certified. Fixed in dceexec. 47.The cdsd daemon was modificed to deal with a crash in db_btree_copy_keys(). Fixed in cdsd. 48.The cdsd daemon core dumps on startup with playback error. A fix was added to deal with splitting data buffers properly. Fixed in cdsd. 49.The logic for requesting the number of interfaces from the kernel in the RPC runtime changed to deal with large numbers of network interfaces. Fixed in libdce.1, libdce.a. 50.Changes to the context rundown procedure were implemented to deal with a deadlock. Fixed in libdce.1. Based on HP-UX patch PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10.Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11.Various credentials data.db file problems associated with cdsadv. 12.Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13.The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14.Error in handling timeout in CreateLink. 15.Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16.Bad output from deb_ascii_ptr_to_buf(). 17.ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18.cdsd crashed during system test due to mishandling of DBSet as Set. 19.The ds_read() call fails on objects that represent cds directories. 20.IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21.A user reported that their KRB application caused secd to crash with a segementation violation. 22.secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23.If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24.Need to NULL pepper pointer after freeing. 25.Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26.The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27.Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28.cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29.If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30."kdestroy -e" is sometimes flushing host credentials. 31.When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32.dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33.DTS Spectracom Provider does not configure. 34.cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35.When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36.Principals with keys that have a zero length pepper cannot validate their DCE identity. 37.cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38.An incorrect radix is set. Sams couldn't handle field width specifier properly. 39.You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40.The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41.The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42.dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43.When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44.The credentials refreshed by Integrated Login (screen unlock) are not certified. 45.There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46.A svc error message was incorrectly formatted. 47.Internal code fix for memory management. 48.There is a memory leak in sec_login_pvt and krb_info. 49.When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50.The DFS-NFS gateway panics when the user's credentials expire. 51.Several memory leaks and other memory fixes for secd. 52.When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53.Incorrect data typing resulted in an incorrect uid being used. 54.When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55.Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56.dced leaks memory with each sec_login_validate_identity. 57.KRB5CCNAME is set up with a bogus value for passwd_override accounts. Defect Description: PHSS_18746: Repackaged portions of HP-UX patches PHSS_16429 and PHSS_17596 for VVOS. Based on HP-UX patch PHSS_16429: 1. The algorithm for generating the keys was incorrect. Resolution: The algorithm for generating the keys has been changed to correct this. 2. disable_interval in ERA is wrongly set in seconds. Resolution: The input from the user for the variable disable_interval_time was multiplied by 60 to interpret the input as in minutes. Before the change was made this input was used directly, thus misinterpreting the input value in seconds. 3. Applications linked with libdcecp.sl library fail to execute CDS commands. Resolution: Change link libraries in the makefile for dcecp 4. When there are lots of unique clients to a server, the server connection table elements keep growing and finally dced dumps core. Resolution: Reduce the server connection table elements to be uncached sooner than the default value. An environment variable SCTE_UNCACHE_TIME is provided for tuning this parameter eg., export SCTE_UNCACHE_TIME=60. The value should be set between 45 and 600. 5. On a japanese locale, typing an error command results in "internal disaster" error within dcecp. Resolution: Include code for wide-character initialization required for intl locales. 6. sec_key_mgmt_manage_key() of libdce and dced forces login for each 10 minutes to check the password expiration. Resolution: Import an environment variable (KEY_MGMT_WAKEUP_INTERVAL). Depending on the variable, set the wakeup time and force the login. 7. Unnecessary "mismatched seal" printf statement. Resolution: Removed the "mismatched seal" printf statement. 8. Since the CHLastAddress contains the old IP address, the DCE configuration Manager (DCM) Failed to startup. Resolution: Update the CHLastAddress when IP address is removed. 9. The packets used by the private local socket of the server in DG runtime, for transmission of the data were not being freed which causes the process size increase and finally dump core. The problem shows up only when the server and the clients are on the same machine. Resolution: Free the packet of the private local socket which was being added to the global packet pool. 10. When super user executes 'su', group access list is not created because the normal authentication sequence is different in case of super user. Resolution: Get the group access list from DCE registry. 11. Enhancement request to provide option for dced/rpcd to tune ep_scavenger frequency Resolution: Provide new option -t with dced/rpcd. dced/rpcd uses this value to run ep_scavenger with the specified interval. 12. The libdce.a has got an object module for hsearch() function having the same prototype as the hsearch() in libc. So when an application using hsearch() is built with libdce.a in the library list, it first gets linked to hsearch() of libdce.a (which is having a different behavior compared to libc version) and thus dumps core. Resolution: The hsearch() routine was used for an example called phone_db and it was provided in libdce for that purpose only. This example is not shipped for the new releases and hence hsearch() is removed from libdce. 13. This is caused by a lower value of telnet time-out than rpc time-out. Resolution: DCE Integrated Login code has been modified with a timer installed that times out before the telnet times out. 14. When secd is started with no_kdc option it is unable to initialize the kerberos database. and hence dumps core. Resolution: The option secd -no_kdc is removed as it was used in older version. 15. Since dce_config removes the domain part of the server name, it is causing problem if there exists another node with the same name in the client domain. Resolution: Get the ip address of the node name in a variable before the domain name is removed from that , and use that variable which contains the IP address. 16. This feature was not implemented. Resolution: Add authentication audit points to security server. 17. in-core tables contain error messages in incompatible format. Resolution: Modify code appropriately in order to handle messages in older format. 18. The DMS thread is creating problems in swtools causing the process to hang. The DMS was "on" by default in any DCE process running with the root privilege. It could be made "off" by exporting the environment variable DMS_FORCEOFF. Now the change has been made so that DMS is "off" by default and will be "on", only when the environment variable DMS_FORCEON is exported. So now, if the performance monitoring has to be done on the DCE processes running with root privileges, DMS_FORCEON=1 has to be exported prior to running the DCE process. Resolution: If the DMS is required for DCE measurement export DMS_FORCEON=1 prior to running the DCE process. 19. This problem occurs when servers running on well- known endpoint does a server ping using a fully bound binding handle before listening. A dced thread wakes up and receives the ping failure error. This results in dced deleting the endpoint without verifying if the server has begun listening. Resolution: dced now does a ping to the server entry before it deletes endpoints from the database. Based on HP-UX patch PHSS_17596: 1. JAGaa92762: Calling poll() in threaded applications results in hogging of CPU, under following conditions: - pthread.h is included by the application - cma_init() is not called - The application is not multithreaded yet (i.e. there are no threads created) Resolution: The polling interval is now initialized before the application goes multithreaded. Based on HP-UX patch PHSS_15731: 1. Insufficient error checking in the cell backup script. 2. Display of year in two digit format. 3. The rpc_mgmt_is_server_listening() hangs intermittently while using CN protocol because of timing problem. The hang occurs on the client side due to the time gap between client making a call and the server stopping the call threads. The recommended change is to defer the stop until the cthread is done handling its assigned calls and any queued calls. 4. In PHSS_12593-94 libcma we call atexit() before main(). The AnsiC++ library (libCsup) has its own version of atexit() and it does not work as atexit() of libc when called before main(). 5. For certain error codes, formating of error messages didn't account for the right number of parameters. 6. The pointer field of the mutex points to null if the mutex is not initialized. When this is dereferenced the application dumps core. 7. In cma_poll(), cma_msgsnd(), cma_msgrcv() & cma_semop() we poll for data at an interval of 200 millisec which is a long interval for some applications. ***NOTE***: A new environment variable called CMA_HP_POLLWAIT is added. We first wait for 10 millisec. Subsequently we poll at an interval of CMA_HP_POLLWAIT, if the user has set this environment variable.If the user has not exported this Environment variable, we poll at an interval of timer interval(default 100ms). CMA_HP_POLLWAIT is to be exported in microsecs. eg: export CMA_HP_POLLWAIT=50000 impiles CMA_HP_POLLWAIT is 50 millisecs. 8. cma_write does not have the retry logic within itself. 9. Zoneinfo files are not updated with the new EST & DST. 10. A normal user trying to run "dcecp>cdscache discard" with dce_login as cell_admin instead of root. (you need to login as root to execute this dcecp command ) 11. The client was using an authentication service protocol which is not supported by the server and that caused the server to crash. This happens only with the server that uses CN protocol. When such data is recevied, an error message gets logged in /opt/dcelocal/var/svc/error.log 12. Side effect of CHFts23794 fix. 13. Lock and Unlock of the mutex (cma__g_close_select_mutex) is not done before and after fork respectively. So when a thread calls close/select and before this thread comes out of it some other thread calls fork which results in deadlock. 14. In case of an anonymous ftp, dceexec never receives DCEEXEC_EXIT message. 15. The preauth_subtype has no bearing on whether or not the user key needed to be transformed to DES format. 16. The pointer field of the mutex points to null if the mutex is not initialized. When this is dereferenced the application dumps core. 17. secd was trying to write to syslog when the registry was inaccesible because it was in the maintenance mode. This was causing it to abort. 18. Error was due to corruption in credential file, which was not taken care of. 19. While trying to log messages to the syslog, the kerberos error codes were wrongly interpreted as UNIX error codes 20. libdcecp and libdce acl modify code did not free memory allocated for the purpose of ACL modification. 21. The RPC runtime expects the authentication trailer to be four byte aligned and the bad data which is sent by the program does not follow this spec, so kills rpcd. A message will be logged in the error log file /opt/dcelocal/var/svc/error.log when such a data is received. 22. The japanese catalog files were out-of-date with the new/enhanced sams compiler which went with the previous patch. 23. The library not compiled with the proper option (+Z). Based on HP-UX patch PHSS_14920: 1. The patches PHSS_12593 or PHSS_10565 do not properly overlay on a previous patch which they supersede. (This patch differs from the patch PHSS_12593 only for minor changes to the SD control scripts. All the binaries in this patch and PHSS_12593 are identical. So when this patch is installed over PHSS_12593 and is subsequently backed out, it will directly restore the state prior to the installation of PHSS_12593) 2. Installation of DCE international patch on a DCE client system without the swinstall option "match_target=true" results in the complete patch filesets (including server bits) getting installed on the system leading to many WARNING messages. 3. After installing DCE domestic patch, an swverify fails for the binaries that are replaced by the domestic patch since the IPD (Install Product DB) for the corresponding international patch has not been updated. 4. ***IMPORTANT PLEASE NOTE -- Oracle 7.3.3 and above will need to be relinked. This patch contains changes to the libcma library. Applications such as Oracle that use this library and are built static will need to be relinked. For information and help for the rebuild please contact your Oracle support personnel. Based on HP-UX patch PHSS_12593: 1. passwd_export exports invalid accounts (e.g expired account or invalid password). passwd_export prints "...not enough space", when root entry is absent -X option is added to exclude invalid/expired accounts -l option is added to lock the invalid/expired accounts Passwd is locked for the account, in the exported file with a '*' in the passwd field, with following conditions : a) -l and -X are mutually exclusive b) entries in passwd_override file overrides the -l and -X options (for individual entries). c) In all other cases, apply -l or -X 2. Deadlock or hang of cdsadv threads on utc_gettime() call 3. Account Manager mishandles ERA attrset with more than one uuid - It was not possible to specify an extended registry attribute with multiple UUIDs. Fixed in the HPDCE Account Manager. 4. Thread I/O wrappers leave file descriptors in O_NONBLOCK mode at exit. If the file- discriptor(stdin) is left in non-blocking mode at exit, the shell inherits this and exits. Remote login sessions would get terminated if the shell exits. 5. DFS 1.5.1 (EFS) client cannot access /:/ if EISA 100VG is UP. 6. dceping makes use of stale information after re-configure of dce. After reconfiguring a node as a client to a different DCE cell, dceping continued to check for the old CDS server. Fixed in dce.rm. 7. dced hangs on startup when "starton boot" servers are configured. (dced is deadlocking in it's main thread when it attempts to start servers that are to be started at boottime.) 8. secd dumps with too long name, which results in Denial of Service Attack. This problem occurs when the principal/group/organisation name exceeds 1024 characters. 9. bad manpage for dcecp_cdsalias. The man of 'dcecp_cdsalias' hangs, with no output. Fixed manpage of dcecp_cdsalias. 10. Additional option (-l) provided for uuidgen to select the hardware address of lancard, in case of host with multiple lancards. Currently the uuidgen gets the address of the card with lowest NMID. Enhanced uuidgen. Usage available in the manpage of uuidgen. 11. dcecp cores when modifying acls of dced objects in local mode. When dcecp and dced are in local mode, using the 'acl modify' command on dced objects results in a core dump or hang. Fixed in dcecp. 12. secd is dumping core when client requests authentication but with wrong password in a keytab. This cumulates till the secd reaches the maxdsize about 70-80MBand then cores. A memory leak related code problem with secd. 13. 'select' returns wrong bits settings. cma_select() when timed out returns the bits (fd_mask) passed by the user without changing them. So, in case where it is a timeout we need to clear the bits. 14. dcecp directory list is not doing authentication. If you delete permissions for unauthenticated access from a directory ACL, then it was not possible to list that directory (using dcecp's 'dir list' command) even as an authenticated user. Fixed in dcecp. 15. cdsadv dumps core with segmentation violation if the user's authenticated request is cancelled before servicing the callback of the request. After the request is cancelled, all the data structures it was using will be freed up but the AUTH-callback request will be still hanging around in the conversation queue(convq). Fixed in libdce.1 16. acl_edit attempts to write to the ACL, even if no change is made to the ACL. acl_edit should accept quit as an alias for exit. 17. dce_login -r does not have mechanism to refresh DFS credentials. This will not allow access to DFS once the TGT has expired. If the user's home directory is on DFS, then access to home directory is denied. This may happen after CDE screen lock also. Fixed in libdce.1 18. Locking an uninitialized mutex dumps core.(Threaded FORTRAN 77 applications using CMA threads dumped core.) Solved by checking if the mutex has been initialized by the user or not befor locking. If it has not been initialized return -1 and set errno to EINVAL. 19. cdsd leaves pseudodir entries in clearinghouse when background thread is run.The status flag was not updated properly. 20. Occassionally DCE Application dumps core when compiled with -z option This problem occurs only when the application is compiled with -z option which is used for detecting null references. When the DCE client application receives a local cancel it forwards it to the server and sets a timeout value. If the timeout expires before a response to the cancel reaches the client the client program(call thread ) cleans up the data structures including the call-rep. The call rep will also be referenced by the receiver thread. When the receiver thread references the call-rep which already cleaned-up, it dumps core. Fixed in libdce.1. 21. dceping -C fails. When /tmp/cdsdHostname gets removed, the dceping asks for hostname of cdsd server. One enters the hostname and dceping continues to run fine. Problem is this breaks a cronjob in the process, which does dceping -C and fails 22. IDL compiler was generating incorrect server stub code when parameters' de-referencing was required. This problem was due to a earlier fix(PHSS_10565) in IDL compiler and may not be seen in all the releases. Fixed in IDL compiler. 23. IDL compiler -no_def_idir option does not work as specified in the manpage. Fixed in IDL compiler. 24. Unmarshalling the IDL pipe data type does not cause the exception to be popped of the stack as done during the normal unmarshalling. This results in the application abort(system panic in case of DFS) during the occurence of valid exeception due to mismatch in the TRY/CATCH exception blocks.Fixed in the IDL compiler. 25. When expanding /.:/sec/principal in cdsbrowser there are duplicate self entries for each host principal. There should be one host principal for each machine in the cell (/.:/sec/principal/hosts//self). Every self principal is duplicated in a cell with multiple hosts. There will be the same number of entries for each self principal as the number of hosts in the cell. 26. All occurences of include in DCE source code is changed to include . 27. There is a new function added cma__hp_sched_opt(): int cma__hp_sched_opt(int timer, long timer_interval, int timeslice_quanta, long rt_timer_interval) This function enables the user to set the Timer Signal, Interval, Quanta of his/her choice. This also enables the user to set the real time signal SIGALRM for a desired interval.Timer Q is checked at regular intervals specified by rt_timer_interval. A signal handler is established for SIGALRM if rt_timer_interval is specified. timer : ITIMER_VIRTUAL | ITIMER_PROF timer_interval : Interval for timer-signal corresponding to 'timer'. (in microsecs) timeslice_quanta : Quanta for each thread. rt_timer_interval : The interval for the real-time signal(SIGALRM). (in microsecs) 0 => real-time timer not set. Before calling this function the CMA would have set the defaults as: timer = ITIMER_VIRTUAL; timer_interval = 100ms; timeslice_quanta = 2; rt_timer_interval = 0; There are also 3 new environment variables added: CMA_HP_SCHED_OPT : This provides the same functionality as cma__hp_sched_opt(). Format is: export CMA_HP_SCHED_OPT="timer timer_interval timeslice_quanta rt_timer_interval" eg: export CMA_HP_SCHED_OPT="1 100000 2 0" would set the timer to ITIMER_VIRTUAL, interval to 100ms, quanta to 2 and does not set the real time signal. CMA_HP_CHECK_TIMERS_AT_YIELD: Setting this variable would result in checking the timer Q at yield. This would help to put threads from the timer Q to the ready Q if their time has already expired when we do a yield. CMA_CRASH_ON_FORCED_SWITCH: Setting this variable would result in the application exiting with bug check if the quanta of a thread expired and it was forced to context switch. This can be used for some debugging purposes and it is advised not to set this variable in the normal case. 28. Enable sams to correctly generate a message catalog (via gencat) outside of clearcase (ie. using -oc option). Based on HP-UX patch PHSS_10565: 1. The cma_fork() function can cause a deadlock if another thread has the global mutex locked. We now lock the global mutex before locking any of the other internal mutexes. Fixed in libcma.1, libcma.a. 2. The login context could become corrupt due to the incorrect usage of local variable. Now we return the login context rather than assigning it a passed parameter. Fixed in libdce.1. 3. The dtsd daemon core dumps intermittently on shutdown/cleanup (ShutDownRPC) due to a variable, "profileName", being rpc_string_free'd incorrectly. The "rpc_string_free (&profileName, &status)" has been removed from dtss_service_global_set.c and checks for NULL in transport_rpc.c were added. Fixed in dtsd. 4. The ftpd.auth command will die during simultaneous calls to ftp due to execessive memory usage and swapping. The memory usage of the command was optimized. Fixed in libdceauth.sl. 5. Data checking improvements were added to chsh.auth and chfn.auth. Fixed in chsh.auth, chfn.auth. 6. The PHSS_9394-95 cdsadv core dumps dealing with rpc input-only arguments upon rpc retries. Now, input arguments are reconstructed on rpc failures. Fixed in cdsadv. 7. The cdsd daemon crashes when reading an acl that is too large. Generated acls are now checked to ensure that they are within the proper size range. Fixed in cdsd. 8. Data checking improvements were added to passwd.auth. Fixed in passwd.auth. 9. There is excess logging in the error.log when trying to execute rpc_mgmt_inq_server_princ_name to find a global server name, but not having a fully-bound binding (even when there wasn't a global server configured). A routine has been inserted to ensure we have a fully-bound binding before attempting the rpc_mgmt_inq_server_princ_name() routine. Fixed in dtsd. 10.A dce_login into a foreign cell fails if one of the security servers in the foreign cell is down since the local ps_site file does not contain RPC string bindings for foreign cells and a retry does not import bindings from the name space. A fix was added so that the import handle is not closed after the RPC bindings have been imported. Fixed in libdce.1, libdce.a, secd, sec_create_db, sec_salvage_db, klist, kinit, kdestroy, dfsgw, dfsgwd. 11.The passwd_export binary has improved its handling of applying group overrides. Fixed in passwd_export. 12.Improvements have been made to clean up some credential structures. Fixed in libdce.1, dced. 13.The cdsadv binary core dumps on the Security and Directory master server during intercell system testing. The method os allocating idl supplied memory was improved. Fixed in libdce.1. 14.The cdsd daemon was getting a bug error in the security/krb code. Error handling was changed to deal with cursor initialization and allocation. Fixed in libdce.1, cdsd. 15.Improvements were made to the error handling in the dce_db_open_file() function. Fixed in libdce.1. 16.Some invalid login attempts were not recorded when they should have been. Flow control improvements were made so that all cases where preauthentication was attempted, and failed, will be recorded as invalid login attempts. Fixed in libdce.1. 17.Improvements were made to dce_db_fetch_by_uuid so it returned a local copy of IDL-allocated structure and thus improved cdsadv performance. Fixed in libdce.1, libdce.a. 18.The GSS-API has been updated to conform to the latest Kerberos and GSS-API standards, while making other changes to accomodate the non- conformance of oldce DCE amd MIS GSS-API implementations. Fixed in libdce.a, libdce.1, secd, gssapi.h. 19.If clients wait for a long period of time to do an rpc_binding_import(), the call will fail since the clerk thread was deactivated in the meantime. A fix was added to allow the clerk thread to restart and handle the request properly. Fixed in libdce.1. 20.The cdsd daemon does not checkpoint. Fixed in cdsd. 21.Allow the sec_login_krb5_add_cred symbol to be exported in the international version of libdce. Fixed in libdce.1. 22.The rgy_edit command will abort will an "unexpected file type" message due to a problem in the fstat loop. It has been fixed so that if it returns an error it will not check the file type. Fixed in libcma.1, libcma.a. 23.The internal fstat() and rlimit() calls were updated to use the 64 bit interfaces and structures (fstat64 and rlimit64) to support 64bit file access in CMA threads. Fixed in libcma.1, libcma.a. 24.Updated klist to report correct information when dealing with the year 2000 and beyond. Fixed in klist. 25.Fix the memory allocation strategy of the config- file reader function to avoid having tools core dump. Fixed in libdce.1, libdce.a. 26.There were duplicate self entries for each host principal in cdsbrowser. The return value of sec_get_base was corrected to avoid this scenario. Fixed in cdsbrowser. 27.The "registry show -master" command was not binding correctly in all cases. The -master option will now use a different mechanism to obtain the binding information. Fixed in dcecp, libdcecp.sl. 28.Add a field to cma_g_file_obj to save the file type. This way if this is a pipe and the user has not set it to non- blocking mode, then we need to call fstat again to get the amount of space left in the pipe, before attempting the write(). Continue this process until we have written the number of bytes passed to cma_write(). Fixed in libcma.a, libcma.1. 29.Serialisation of connect requests are done only when connections are made to the same server address space. Fixed in libdce.1. 30.Improvements to the error handling were added to dce_error_inq_text() to handle unix error codes. Fixed in libdce.1, libdce.a. 31.The cds clerk spins. A fix was added to change cached handle flush. Fixed in cdsadv. 32.The cdsadv binary was changed so there is no longer a conflict between variable name TIMEOUT_P and macro definitions. Fixed in cdsadv. 33.Improvements to cdsadv to use rpc memory bookkeeping to deal with freeing memory. Fixed in cdsadv. 34.Modifications were made to pwd_strengthd to improve error handling. Fixed in pwd_strengthd. 35.The dced daemon leaks stub allocated memory from the dce_db_fetch_by_uuid() call. The dced daemon and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. There is ineffective code in both dced and the security runtime to free this memory. Fixed in dced and dcecp. 36.Add a test for variable KRB5CCNAME before starting dtsd. Fixed in /sbin/init.d/dce startup script. 37.A threads wrapper ensures a complete buffer transfer when send() is called in a blocking mode. Fixed in libcma.1, libcma.1. 38.Modified dce.h to add defined(__cplusplus) for _DCE_TOKENCONCAT_. Fixed in dce.h. 39.IDL and header files are now installed in /usr/include/dce. Fixed with dce_attr_base.idl, dce_attr_sch.idl, dce_attr_base.h, dce_attr_sch.h. 40.Use rpc_sm_free() instead of rpc_sm_client_free(). Fixed in libdce.1. 41.The dce_acl_obj_add_*() functions check for illegal entries, the acldb uses rpc_sm_client_free() instead of rpc_sm_free(), dce_acl_obj_add_obj supports for needed types of ACL's, dce_acl_copy_acl() handles foreign_id differently. Fixed in libdce.1. 42.Allow dfs to export logical volume aggregates with the same logical volume number even when in different volume groups. Fixed in dfs_core.ext. 43.Connection oriented RPC 'maybe' calls result in segmentation violation. Need to properly initialize iovlen. Fixed in libdce.1 and libdce.a. 44.Customer cannot use SD to install software on machines containing only FDDI networking. Fixed in libdce.1, libdce.a. 45.Improve calulation of pe_site lines by only using replicas that are not "marked for deletion" in the calculation. Fixed in dced. 46.The credentials refreshed by Integrated Login (screen unlock) are not certified. Fixed in dceexec. 47.The cdsd daemon was modificed to deal with a crash in db_btree_copy_keys(). Fixed in cdsd. 48.The cdsd daemon core dumps on startup with playback error. A fix was added to deal with splitting data buffers properly. Fixed in cdsd. 49.The logic for requesting the number of interfaces from the kernel in the RPC runtime changed to deal with large numbers of network interfaces. Fixed in libdce.1, libdce.a. 50.Changes to the context rundown procedure were implemented to deal with a deadlock. Fixed in libdce.1. Based on HP-UX patch PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10.Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11.Various credentials data.db file problems associated with cdsadv. 12.Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13.The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14.Error in handling timeout in CreateLink. 15.Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16.Bad output from deb_ascii_ptr_to_buf(). 17.ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18.cdsd crashed during system test due to mishandling of DBSet as Set. 19.The ds_read() call fails on objects that represent cds directories. 20.IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21.A user reported that their KRB application caused secd to crash with a segementation violation. 22.secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23.If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24.Need to NULL pepper pointer after freeing. 25.Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26.The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27.Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28.cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29.If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30."kdestroy -e" is sometimes flushing host credentials. 31.When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32.dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33.DTS Spectracom Provider does not configure. 34.cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35.When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36.Principals with keys that have a zero length pepper cannot validate their DCE identity. 37.cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38.An incorrect radix is set. Sams couldn't handle field width specifier properly. 39.You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40.The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41.The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42.dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43.When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44.The credentials refreshed by Integrated Login (screen unlock) are not certified. 45.There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46.A svc error message was incorrectly formatted. 47.Internal code fix for memory management. 48.There is a memory leak in sec_login_pvt and krb_info. 49.When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50.The DFS-NFS gateway panics when the user's credentials expire. 51.Several memory leaks and other memory fixes for secd. 52.When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53.Incorrect data typing resulted in an incorrect uid being used. 54.When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55.Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56.dced leaks memory with each sec_login_validate_identity. 57.KRB5CCNAME is set up with a bogus value for passwd_override accounts. SR: 1653169441 5003318519 5003384826 1653241273 4701391052 5003386474 1653270603 5003424192 5003308429 5003393207 4701405969 5003393413 5003392209 5003355339 1653270595 5003430314 0000000000 Patch Files: /usr/lib/nls/msg/C/dcedcp.cat /usr/lib/nls/msg/C/dcelib.cat /usr/lib/nls/msg/C/dcesad.cat /usr/lib/nls/msg/C/dcetcl.cat /usr/lib/libcma.1 /usr/lib/libdce.1 /sbin/init.d/dce /opt/dce/sbin/auditd /opt/dce/sbin/cdsadv /opt/dce/bin/dcecp /opt/dce/sbin/dced /opt/dce/bin/kdestroy /opt/dce/bin/acl_edit /opt/dce/bin/sams /opt/dce/examples/config/config.env /opt/dce/newconfig/etc/opt/dce/dce_com_utils /opt/dce/bin/dce.rm /usr/lib/libdcedpvt.1 /usr/lib/libdcecp.1 /opt/dce/dcecp/bckp_cds.dcp /opt/dce/dcecp/bckp_sec.dcp /opt/dce/dcecp/cell.dcp /opt/dce/dcecp/dir_ops.dcecp what(1) Output: /usr/lib/libcma.1: HP DCE/9000 1.5 PHSS_17596 Module: libcma.1 (Export) Date: Mar 3 1999 17:12:34 /usr/lib/libdce.1: dpeaclstore.c 7 (DECdns) 11/17/1991 dpeaclaccess.c 4 (DECdns) 12/11/1991 qarith_lib.c 7 (DECdns) 11/9/1990 krb5rpc.c 3 - 10/10/91 krb5-manual-glue.c 13 - 12/12/91 rc_base.c 3 - 10/24/91 localaddr.c 3 - 10/24/91 locate_kdc.c 3 - 10/24/91 HP DCE/9000 1.5 PHSS_16429-30 Module: libdce.sl (Exp ort) Date: Jan 8 1999 05:28:00 rec_seq.c 8.2 (Berkeley) 9/7/93 libXOM 1.9 (BULL S.A) 7/1/92 $RCSfile: environment.c,v $ $Revision: /main/HPDCE02 /2 $ (OSF) $Date: 1994/12/05 19:53 UTC $ /usr/lib/libdcecp.1: HP DCE/9000 1.5 PHSS_16429-30 Module: libdcecp.sl (E xport) Date: Jan 8 1999 05:59:49 /usr/lib/libdcedpvt.1: HP DCE/9000 1.5 PHSS_16429-30 Module: libdcedpvt.sl (Export) Date: Jan 8 1999 05:50:19 /usr/lib/nls/msg/C/dcedcp.cat: None /usr/lib/nls/msg/C/dcelib.cat: None /usr/lib/nls/msg/C/dcesad.cat: None /usr/lib/nls/msg/C/dcetcl.cat: None /sbin/init.d/dce: HP DCE/9000 1.5 Module: init.d/dce /opt/dce/bin/acl_edit: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP DCE/9000 1.5 PHSS_16429-30 Module: acl_edit (Expo rt) Date: Jan 8 1999 06:06:59 /opt/dce/bin/dce.rm: HP DCE/9000 1.5 Module: dce.rm $Revision: /main/HPDCE02/DAVIS_FIX/1 $ $Date: 1997/09/26 05:33 UTC $ /opt/dce/bin/dcecp: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP DCE/9000 1.5 PHSS_16429-30 Module: dcecp (Export) Date: Jan 8 1999 06:35:21 /opt/dce/bin/kdestroy: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ krb5rpc.c 3 - 10/10/91 krb5-manual-glue.c 13 - 12/12/91 rc_base.c 3 - 10/24/91 localaddr.c 3 - 10/24/91 locate_kdc.c 3 - 10/24/91 HP DCE/9000 1.5 PHSS_16429-30 Module: kdestroy (Expo rt) Date: Jan 8 1999 06:08:28 $RCSfile: environment.c,v $ $Revision: /main/HPDCE02 /2 $ (OSF) $Date: 1994/12/05 19:53 UTC $ /opt/dce/bin/sams: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP DCE/9000 1.5 PHSS_16429-30 Module: sams (Export) Date: Jan 6 1999 01:07:24 /opt/dce/sbin/auditd: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP DCE/9000 1.5 PHSS_16429-30 Module: auditd (Export ) Date: Jan 8 1999 06:05:29 /opt/dce/sbin/cdsadv: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ dpeaclstore.c 7 (DECdns) 11/17/1991 dpeaclaccess.c 4 (DECdns) 12/11/1991 HP DCE/9000 1.5 PHSS_16429-30 Module: cdsadv (Export ) Date: Jan 8 1999 06:18:13 /opt/dce/sbin/dced: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ krb5rpc.c 3 - 10/10/91 krb5-manual-glue.c 13 - 12/12/91 rc_base.c 3 - 10/24/91 localaddr.c 3 - 10/24/91 locate_kdc.c 3 - 10/24/91 HP DCE/9000 1.5 PHSS_16429-30 Module: dced (Export) Date: Jan 8 1999 06:22:19 $RCSfile: environment.c,v $ $Revision: /main/HPDCE02 /2 $ (OSF) $Date: 1994/12/05 19:53 UTC $ /opt/dce/dcecp/bckp_cds.dcp: None /opt/dce/dcecp/bckp_sec.dcp: None /opt/dce/dcecp/cell.dcp: None /opt/dce/dcecp/dir_ops.dcecp: None /opt/dce/examples/config/config.env: None /opt/dce/newconfig/etc/opt/dce/dce_com_utils: HP DCE/9000 1.5 Module: dce_com_utils $Revision: /main/HPDCE02/DAVIS _FIX/1 $ $Date: 1997/02/14 11:57 UTC $ cksum(1) Output: 3762908073 528384 /usr/lib/libcma.1 3986845798 4812800 /usr/lib/libdce.1 2615231273 1576960 /usr/lib/libdcecp.1 2511553742 172032 /usr/lib/libdcedpvt.1 1059731745 71004 /usr/lib/nls/msg/C/dcedcp.cat 2618758552 1954 /usr/lib/nls/msg/C/dcelib.cat 2799999461 14098 /usr/lib/nls/msg/C/dcesad.cat 3062773334 20658 /usr/lib/nls/msg/C/dcetcl.cat 2460612896 24894 /sbin/init.d/dce 1581219494 89728 /opt/dce/bin/acl_edit 2677857381 10461 /opt/dce/bin/dce.rm 3301530472 523904 /opt/dce/bin/dcecp 4275321594 1388160 /opt/dce/bin/kdestroy 966702423 77440 /opt/dce/bin/sams 273227871 208512 /opt/dce/sbin/auditd 2046031860 585344 /opt/dce/sbin/cdsadv 2596881289 1642112 /opt/dce/sbin/dced 2796448902 1919 /opt/dce/dcecp/bckp_cds.dcp 19298107 1023 /opt/dce/dcecp/bckp_sec.dcp 749720855 23441 /opt/dce/dcecp/cell.dcp 2657949845 20505 /opt/dce/dcecp/dir_ops.dcecp 829764956 3958 /opt/dce/examples/config/config.env 3933793600 31594 /opt/dce/newconfig/etc/opt/dce/ dce_com_utils Patch Conflicts: None Patch Dependencies: s700: 10.24: PHKL_18935 s800: 10.24: PHKL_18936 Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: PHSS_16429: s700: 10.20 s800: 10.20 Patch Package Size: 11630 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_18746 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_18746.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_18746.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_18746. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_18746.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_18746.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: After installation, a reboot is required for this patch to take effect. *****IMPORTANT NOTE***** -- Oracle 7.3.3 and above will need to be relinked. This patch contains changes to the libcma library. Applications such as Oracle that use this library and are built static will need to be relinked. For information and help for the rebuild please contact your Oracle support personnel.