Patch Name: PHSS_9394 Patch Description: s700_800 10.20 DCE/9000 1.5 patch Creation Date: 97/04/24 Post Date: 97/04/25 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: HP DCE/9000 1.5 Filesets: DCE-CDS-Server.CDS-SERVER,B.10.20 DCE-Core.DCE-CORE-RUN,B.10.20 DCE-Core.DCE-CORE-SHLIB,B.10.20 DCE-CoreTools.DCE-BPRG,B.10.20 DCE-SEC-Server.SEC-SERVER,B.10.20 DFS-Core.DFS-CLIENT,B.10.20 DFS-Core.DFS-COMMON,B.10.20 IntegratedLogin.AUTH-COMMON,B.10.20 IntegratedLogin.AUTH-DCE,B.10.20 Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_9394 Symptoms: PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10. Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11. Various credentials data.db file problems associated with cdsadv. 12. Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13. The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14. Error in handling timeout in CreateLink. 15. Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16. Bad output from deb_ascii_ptr_to_buf(). 17. ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18. cdsd crashed during system test due to mishandling of DBSet as Set. 19. The ds_read() call fails on objects that represent cds directories. 20. IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21. A user reported that their KRB application caused secd to crash with a segementation violation. 22. secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23. If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24. Need to NULL pepper pointer after freeing. 25. Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26. The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27. Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28. cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29. If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30. "kdestroy -e" is sometimes flushing host credentials. 31. When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32. dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33. DTS Spectracom Provider does not configure. 34. cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35. When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36. Principals with keys that have a zero length pepper cannot validate their DCE identity. 37. cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38. An incorrect radix is set. Sams couldn't handle field width specifier properly. 39. You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40. The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41. The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42. dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: DESCRIBE THE RECOMMENDED CHANGE (briefly): Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43. When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44. The credentials refreshed by Integrated Login (screen unlock) are not certified. 45. There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46. A svc error message was incorrectly formatted. 47. Internal code fix for memory management. 48. There is a memory leak in sec_login_pvt and krb_info. 49. When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50. The DFS-NFS gateway panics when the user's credentials expire. 51. Several memory leaks and other memory fixes for secd. 52. When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53. Incorrect data typing resulted in an incorrect uid being used. 54. When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55. Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56. dced leaks memory with each sec_login_validate_identity. 57. KRB5CCNAME is set up with a bogus value for passwd_override accounts. Defect Description: PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10. Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11. Various credentials data.db file problems associated with cdsadv. 12. Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13. The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14. Error in handling timeout in CreateLink. 15. Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16. Bad output from deb_ascii_ptr_to_buf(). 17. ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18. cdsd crashed during system test due to mishandling of DBSet as Set. 19. The ds_read() call fails on objects that represent cds directories. 20. IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21. A user reported that their KRB application caused secd to crash with a segementation violation. 22. secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23. If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24. Need to NULL pepper pointer after freeing. 25. Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26. The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27. Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28. cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29. If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30. "kdestroy -e" is sometimes flushing host credentials. 31. When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32. dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33. DTS Spectracom Provider does not configure. 34. cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35. When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36. Principals with keys that have a zero length pepper cannot validate their DCE identity. 37. cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38. An incorrect radix is set. Sams couldn't handle field width specifier properly. 39. You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40. The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41. The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42. dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: DESCRIBE THE RECOMMENDED CHANGE (briefly): Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43. When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44. The credentials refreshed by Integrated Login (screen unlock) are not certified. 45. There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46. A svc error message was incorrectly formatted. 47. Internal code fix for memory management. 48. There is a memory leak in sec_login_pvt and krb_info. 49. When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50. The DFS-NFS gateway panics when the user's credentials expire. 51. Several memory leaks and other memory fixes for secd. 52. When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53. Incorrect data typing resulted in an incorrect uid being used. 54. When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55. Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56. dced leaks memory with each sec_login_validate_identity. 57. KRB5CCNAME is set up with a bogus value for passwd_override accounts. SR: 5003318519 Patch Files: /opt/dce/bin/dceexec /usr/lib/security/libpam_dce.1 /usr/bin/login.auth /usr/bin/chfn.auth /usr/lbin/ftpd.auth /opt/dce/include/dce/dce.h /opt/dce/include/dce/dcelibmsg.h /opt/dce/lib/libcma.a /opt/dce/lib/libdce.a /opt/dce/ext/dfs_client.ext /opt/dce/ext/dfs_core.ext /opt/dce/sbin/pwd_strengthd /opt/dce/bin/sec_create_db /opt/dce/bin/sec_salvage_db /opt/dce/sbin/secd /opt/dce/sbin/cdsd /usr/lib/nls/msg/C/dcedcp.cat /usr/lib/nls/msg/C/dcelib.cat /usr/lib/libcma.1 /usr/lib/libdce.1 /sbin/init.d/dce /opt/dce/sbin/auditd /opt/dce/sbin/cdsadv /opt/dce/bin/dcecp /opt/dce/sbin/dced /opt/dce/examples/config/config.env /opt/dce/newconfig/etc/opt/dce/dce_com_utils /opt/dce/bin/dce_config /usr/lib/libdcedpvt.1 /usr/lib/libdcecp.1 what(1) Output: /opt/dce/bin/dceexec: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: dceexec (Export) Date: Apr 9 1997 21:26:45 /usr/lib/security/libpam_dce.1: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: libpam_d ce.1 (Export) Date: Mar 22 1997 11:43:11 /usr/bin/login.auth: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: login.au th (Export) Date: Mar 22 1997 12:00:10 /usr/bin/chfn.auth: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: chfn.aut h (Export) Date: Mar 22 1997 12:00:45 /usr/lbin/ftpd.auth: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: ftpd.aut h (Export) Date: Mar 22 1997 11:59:57 /opt/dce/include/dce/dce.h: None /opt/dce/include/dce/dcelibmsg.h: None /opt/dce/lib/libcma.a: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: libcma.a (Export) Date: Mar 22 1997 08:28:03 /opt/dce/lib/libdce.a: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: libdce.a (Export) Date: Apr 9 1997 16:49:42 /opt/dce/ext/dfs_client.ext: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: dfs_clie nt.ext Kernel Component - 10.x (Export) Date : Mar 22 1997 10:38:57 /opt/dce/ext/dfs_core.ext: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: dfs_core .ext Kernel Component - 10.x (Export) Date: Mar 22 1997 10:38:48 /opt/dce/sbin/pwd_strengthd: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: pwd_stre ngthd (Export) Date: Apr 9 1997 21:29:49 /opt/dce/bin/sec_create_db: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: sec_crea te_db (Export) Date: Apr 9 1997 18:20:57 /opt/dce/bin/sec_salvage_db: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: sec_salv age_db (Export) Date: Apr 9 1997 18:22:27 /opt/dce/sbin/secd: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: secd (Ex port) Date: Apr 9 1997 18:19:53 /opt/dce/sbin/cdsd: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: cdsd (Ex port) Date: Apr 9 1997 18:53:24 /usr/lib/nls/msg/C/dcedcp.cat: None /usr/lib/nls/msg/C/dcelib.cat: None /usr/lib/libcma.1: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: libcma.s l (Export) Date: Mar 22 1997 08:27:34 /usr/lib/libdce.1: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: libdce.s l (Export) Date: Apr 9 1997 16:47:59 /sbin/init.d/dce: HP DCE/9000 1.5 /opt/dce/sbin/auditd: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: auditd ( Export) Date: Apr 9 1997 18:19:16 /opt/dce/sbin/cdsadv: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: cdsadv ( Export) Date: Apr 9 1997 18:58:27 /opt/dce/bin/dcecp: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: dcecp (E xport) Date: Apr 9 1997 19:46:22 /opt/dce/sbin/dced: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: dced (Ex port) Date: Apr 9 1997 19:09:02 /opt/dce/examples/config/config.env: None /opt/dce/newconfig/etc/opt/dce/dce_com_utils: HP DCE/9000 1.5 /opt/dce/bin/dce_config: HP DCE/9000 1.5 /usr/lib/libdcedpvt.1: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: libdcedp vt.sl (Export) Date: Apr 9 1997 17:37:25 /usr/lib/libdcecp.1: HP DCE/9000 1.5 patch-PHSS_9394-95 Module: libdcecp .sl (Export) Date: Apr 9 1997 18:06:07 cksum(1) Output: 1665280071 77440 /opt/dce/sbin/pwd_strengthd 1154668951 2412160 /opt/dce/bin/sec_create_db 2128033345 2485888 /opt/dce/bin/sec_salvage_db 3523233562 2428544 /opt/dce/sbin/secd 2492287243 888448 /opt/dce/sbin/cdsd 1059731745 71004 /usr/lib/nls/msg/C/dcedcp.cat 2618758552 1954 /usr/lib/nls/msg/C/dcelib.cat 1170050173 520192 /usr/lib/libcma.1 354171100 4796416 /usr/lib/libdce.1 2460612896 24894 /sbin/init.d/dce 4203910011 208512 /opt/dce/sbin/auditd 3931862069 585344 /opt/dce/sbin/cdsadv 2719342970 650880 /opt/dce/bin/dcecp 1618340469 1633920 /opt/dce/sbin/dced 829764956 3958 /opt/dce/examples/config/config.env 3933793600 31594 /opt/dce/newconfig/etc/opt/dce/ dce_com_utils 2184001806 177592 /opt/dce/bin/dce_config 1157207269 167936 /usr/lib/libdcedpvt.1 3944032771 1343488 /usr/lib/libdcecp.1 1188135686 5457 /opt/dce/include/dce/dce.h 3613327145 2444 /opt/dce/include/dce/dcelibmsg.h 2933923779 602084 /opt/dce/lib/libcma.a 1683565547 6494472 /opt/dce/lib/libdce.a 2904328832 476004 /opt/dce/ext/dfs_client.ext 2187672386 844450 /opt/dce/ext/dfs_core.ext 1475680346 77440 /opt/dce/bin/dceexec 3329885224 36864 /usr/lib/security/libpam_dce.1 3159454887 106112 /usr/bin/login.auth 3132490428 40576 /usr/bin/chfn.auth 2861104548 122496 /usr/lbin/ftpd.auth Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 26920 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_9394 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_9394.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_9394.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_9394. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_9394.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_9394.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: After installation, a reboot is required for this patch to take effect.