Patch Name: PHSS_4961 Patch Description: s700 9.0[35] International HP DCE 1.2 libraries and DFS sw This patch is applicable to s700 International 9.x HP DCE 1.2. This patch contains all fixes to HP DCE 1.2 that are planned for release in HP DCE 1.2.1. The files in this patch are identical to their counterparts in the 1.2.1 release and carry 1.2.1 whatstrings. Therefore, this patch is not applicable to HP DCE 1.2.1. Even after this patch is installed, we strongly recommend installation of HP DCE 1.2.1, once that release is available. HP DCE 1.2.1 restructures DCE filesets so as to make more efficient use of disk space. Forthcoming HP DCE patches will be applicable only to version 1.2.1, not version 1.2. (The DCE libraries both in this patch and in HP DCE 1.2.1 contain a problem that may, under rare circumstances, cause multithreaded programs to hang. This symptom has been observed on startup of the DCE Security Server, secd. A fix for this problem will be released in a forthcoming patch to HP DCE 1.2.1. Please contact a Hewlett-Packard support representative for further information.) (Users of HP DCE on systems with FDDI network interfaces should note that a networking software defect may cause HP DCE processes that read the machine address from an FDDI interface to fail. A fix for this defect is included in patches PHNE_4007 (s800), PHNE_4003 (s700 EISA), and PHNE_3955 (s700 SLIDER). FDDI users should obtain and install these patches, in addition to the present patch.) This patch fixes the following problems in HP DCE 1.2: - The CDS Browser will dump core if the user attempts to create an RPC profile and with a profile name that is not in the DCE namespace. - The CDS Browser will abort when doing certain ACL editing operations. - The CDS Browser set preferences option fails to set communication and cache data timeouts. - A problem with the CDS cache locking scheme may result in CDS cache corruption. This corruption may cause a cdsadv or cdsclerk crash, leaving cds unusable until the cache is deleted. - CDS fails to write-lock the CDS client cache when copying the cache to disk during DCE shutdown, possibly resulting in cache corruption and CDS failures when DCE is restarted. - When many simultaneous naming requests are made from processes with the same unix id, CDS may fail with "error with socket." - HP DCE 1.2 includes the OSF DCE 1.0.2 IDL compiler. This patch replaces the OSF DCE 1.0.2 IDL compiler with the OSF DCE 1.0.3 version. The OSF DCE 1.0.3 IDL compiler offers improved performance over the original version. - libbb has been updated to handle the 1.0.3 IDL compiler tracing mechanism. - When DFS credentials are refreshed, the credential cache file owner is sometimes changed to root. - gdad fails when the target cell has three or more CDS servers registered in DNS. - The latent support for the Kerberos5 KDC options that allow forwardable, proxiable, and renewable tickets doesn't work. - Integrated Login utilities may time out too quickly when finding a user's home directory, resulting in login failure with the message: "Unable to change to Home Directory." - The Integrated Login version of /bin/su destroys any AFS tokens owned by the process that executes su. - The Integrated Login version of vuesession/vuelock cannot handle passwords greater than 8 characters. - DCE Integrated Login ftp may occasionally assign a bad gid to files during a "put" operation. - /bin/passwd may truncate the passwd_override file. - On HP systems running Audio services, /etc/rc starts DCE and Audio services in the wrong order. - A client rpc with a stale handle currently takes 30 seconds to time-out. - If no security credentials are present, a DCE cell member may hang while executing /etc/rc.dce at boot time. - Principals for cds-server and gda are created for client systems. These principals are not required for DCE clients. - /bin/df may return erroneous information on systems that run both AFS and DFS. - secd may crash when attempting to parse a name string that includes spaces. - The XDS interface has a hard-coded maximum number of values per attribute. This patch removes the hard-coded limit by dynamically allocating the number of values per attribute. - Entries in /opt/dcelocal/etc/passwd_override with empty uid/gid fields may be corrupted by /bin/passwd. - An rpc client using CN protocol may dump core if it connects to a stale endpoint in rpcd that happens to be its own port. - CMA will eventually dump core if the user calls cma_select with a null readfds, writefds, exceptfds. - A problem with the execution order of fork handlers may cause rpc server processes (typically cdsadv) to hang. This patch also corrects the following defects, which were fixed in earlier HP DCE 1.2 patches: - Using syslog() and libdce causes syslog() to behave abnormally. With this patch, syslog() behaves appropriately when used in conjunction with libdce. NOTE: HP DCE programmers who use syslog() should pay particular attention to the use of the LOG_CONS and LOG_NOWAIT logging options to avoid possible message loss. See syslog(3) for details. - DFS does not work in cells configured with X.500-style (GDS) cellnames. NOTE: Instructions for configuring GDS to interoperate with DFS are included under the heading "Configuring GDS and DFS" below. - On HP Series 800 systems running the Logical Volume Manager, DFS cannot export two logical volumes that have the same index value (first 16 bits of the minor device number). - If a DCE/DFS user runs kdestroy and then continues to utilize DFS (instead of immediately logging out), unpredictable behavior may result. The kdestroy command purges the DCE credentials stored in user space but does not affect any credentials that DFS had cached (for performance reasons) in the kernel. Some DFS operations will succeed while others may fail, apparently at random. - acl_edit may return an incorrect error message for errors while specifying foreign groups, and may dump core if erroneous entries are specified. Also, acl_edit cannot handle some large extended types that will be necessary for better compatibility with a future HP DCE release. - The IDL/I2DL compiler may not correctly interpret CPP line control information when processing .idl files. - The I2DL/HP SoftBench Integration software does not work with SoftBench Version 3.2. - Some HP DCE applications whose IDL interfaces use conformant strings and full pointers may fail with unexpected exceptions. - For compatibility with future HP DCE IDL compilers, this patch updates the IDL runtime code in libdce to handle stubs optimized for either little-endian or big-endian architectures. - dce_config may not run on HP Series 800 systems running AFS (Andrew File System), a product of the Transarc Corporation. - The SAM DCE Cell Configuration (SDCC) utility has the following limitations: + SDCC does not correctly set the system status after an unsuccessful configuration attempt. + SDCC dumps core when trying to discover systems if a fully-qualified domain cannot be found. + SDCC does not support the use of X.500-style (GDS) cell names. - drasd, part of the DFS-NFS Protocol Exporter, does not run on international versions of HP DCE 1.2. - dfs_login/dfs_logout, part of the DFS-NFS Protocol Exporter, was built as a PA-RISC 1.1 executable and will not run on pre-PA 1.1 s800 systems. - Applications that set sockets to non-blocking mode via ioctl() with the FIONBIO option (instead of FIOSNBIO) will hang. - The connect() call returns values other than 0 or -1. connect() should return 0 upon success, -1 upon error. - The kload utility is built as a PA-RISC 1.1 executable and does not execute on s800 systems. - The DFS commands "fts dump" and "fts restore" may fail, and may cause a system crash. - Due to an incorrect interaction with the HP-UX text cache, DFS may, in some circumstances, allow the execution of a stale (out-of-date) binary. - Several DFS API header files that are documented in the online manpages and in the OSF DCE Application Development Reference are missing. - Some functionality used by the GDS tracing and logging facility is missing. XDS/GDS applications that reference the symbols r_logon, r_logof, or r_logwr will fail. - XDS applications that use CDS as the underlying naming service are limited to 5 values per attribute. The limit at HP DCE 1.1 was 12; the limit of 12 is restored by the patch. - In a very limited set of cases, an authenticated RPC with rpc_c_protect_level_pkt_privacy may fail without explanation. This problem applies only to domestic versions of HP DCE 1.2. - "kdestroy -e" will not remove expired credential files that are created by some failed DCE login attempts (via either dce_login or the DCE-integrated login utilities). A reboot is required for this patch to take effect. This patch is one of a set of four: - PHSS_4960 (Series 700 Domestic Version) - PHSS_4961 (Series 700 International Version) - PHSS_4962 (Series 800 Domestic Version) - PHSS_4963 (Series 800 International Version) This set is a replacement for patches PHSS_4738 through PHSS_4741, which were posted for a brief period in November 1994 but contained an incorrect version of the CDS browser. Patches for HP DCE/9000 1.2 are cumulative; each patch includes fixes from all previously released HP DCE/9000 1.2 patches. This patch also includes changes to HP Camera that were originally released in patch PHSS_3820. Other patches superseded by this patch are listed below. Path Name: /hp-ux_patches/s700/9.X/PHSS_4961 Effective Date: 941108 OS Release: 9.03 9.05 Automatic Reboot?: No Critical: Yes PHSS_4961: ABORT HANG Patch Files: /opt/dcelocal/lib/libdce.a /opt/dcelocal/lib/libdce.sl /opt/dcelocal/ext/dfs_client.ext /opt/dcelocal/ext/dfs_server.ext /opt/dcelocal/bin/ftserver /opt/dcelocal/share/include/dcedfs/afsvl_data.h /opt/dcelocal/share/include/dcedfs/afsvl_s2c.h /opt/dcelocal/share/include/dcedfs/lock.h /opt/dcelocal/share/include/dcedfs/osi.h /opt/dcelocal/share/include/dcedfs/osi_net.h /opt/dcelocal/share/include/dcedfs/osi_param.h /opt/dcelocal/share/include/dcedfs/param.h /opt/dcelocal/share/include/dcedfs/queue.h /opt/dcelocal/share/include/dcedfs/stds.h /opt/dcelocal/share/include/dcedfs/xvfs_vnode.h /opt/dcelocal/bin/kload /opt/dcelocal/bin/idl /opt/dcelocal/ext/dfs_core.ext /opt/dcelocal/bin/dfsbind /opt/dcelocal/bin/acl_edit /opt/dcelocal/bin/drasd /usr/bin/dfs_login /usr/bin/dfs_logout /usr/softbench/config/HPIdl/buildlang.tbl /opt/dcelocal/share/include/dce/idlddefs.h /usr/sam/lib/dce/libdutils.sl /usr/sam/lib/dce/dceconf_cb.sl /usr/sam/lib/C/dceconf_gui.h /usr/sam/lib/dce/show_node_roles /system/DCE-PRG/decustomize.new /opt/dcelocal/hpadmin/etc/DCESecurity.val /opt/dcelocal/bin/cdsadv /opt/dcelocal/bin/cdsbrowser /opt/dcelocal/bin/cdsclerk /opt/dcelocal/etc/dce.login /opt/dcelocal/etc/dce.unconfig /opt/dcelocal/etc/dce_config /opt/dcelocal/share/include/dce/dce_error.h /etc/ftpd.dce /opt/dcelocal/bin/gdad /opt/dcelocal/hptools/bin/idl.new /opt/dcelocal/nls/msg/en_US.ASCII/idl.cat /opt/dcelocal/hptools/lib/libbb.a /bin/passwd.dce /opt/dcelocal/etc/rc.dce /opt/dcelocal/bin/sec_create_db /opt/dcelocal/bin/sec_salvage_db /opt/dcelocal/bin/secd /bin/su.dce /usr/vue/bin/vuegreet.dce /usr/vue/bin/vuelock.dce /usr/vue/bin/vuesession.dce SR#: 1653088070 1653090506 5003156950 5003168450 5003174995 5003177436 5003189993 5003185868 5003185876 5003204156 5003205161 5003213454 "what" string/timestamp: (this is for libdce.sl; others are similar) HP DCE/9000 1.2.1 Module: libdce International Date: Oct 6 1994 09:29:46 "sum" output: 43299 33 Cdsbrowser 36711 23 DCESecurity.val 36646 170 acl_edit 54435 6 afsvl_data.h 60427 3 afsvl_s2c.h 9285 3 buildlang.tbl 40503 442 cdsadv 45386 1210 cdsbrowser 5316 15 cdsbrowser.cat 38796 698 cdsclerk 29453 90 dce.login 56445 8 dce.unconfig 18680 393 dce_config 31165 3 dce_error.h 48593 1312 dce_krpc.ext 22342 232 dceconf_cb.sl 10445 106 dceconf_gui.h 359 7 decustomize.new 18765 808 dfs_client.ext 65309 904 dfs_core.ext 36841 3135 dfs_login 9035 2958 dfs_logout 34192 400 dfs_server.ext 3459 922 dfsbind 21634 4666 drasd 58665 706 ftpd.dce 148 914 ftserver 62492 490 gdad 39013 1114 i2dl 3562 794 idl 64312 46 idl.cat 51748 62 idlddefs.h 49860 104 kload 59187 275 libbb.a 44860 8882 libdce.a 2924 7632 libdce.sl 51187 168 libdutils.sl 59258 23 lock.h 55958 39 osi.h 40928 2 osi_net.h 41544 2 osi_param.h 27694 5 param.h 45088 2145 passwd.dce 24518 3 queue.h 17432 9 rc.dce 5663 5376 sec_create_db 31716 5440 sec_salvage_db 1986 5352 secd 56356 72 show_node_roles 64085 17 stds.h 15897 2334 su.dce 45417 4534 vuegreet.dce 45392 3158 vuelock.dce 9511 6574 vuesession.dce 1482 41 xvfs_vnode.h Dependencies: None Supersedes: PHSS_3627 PHSS_3931 PHSS_4236 PHSS_4739 Patch Package Size: 38441 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and limitation of liability and warranties, before installing this patch. Note: Before you install this patch, you should: 1. Back up the target host. 2. Stop all DCE control programs and DCE-based application programs on the target host. 3. Exit from any DCE control programs on the target host. 4. Use dce_config or SAM to stop all other DCE programs on the target host. After you have completed installing the patch, you can restart DCE software as desired. --------------------------------------------------------------------------- After getting the patch onto your machine, unshar the patch (sh PHSS_4961). To install this patch do the following: 1) Run /etc/update (Note: you must be logged in as root to update a system). 2) Once in the update "Main Menu" move the highlighted line to "Change Source or Destination ->" and press "Return" or "Select Item". 3) Make sure the highlighted item in the "Change Source or Destination" window is "From Tape Device to Local System ...", then press "Return" or "Select Item". 4) You should now be in the "From Tape Device to Local System" window. Change the "Source: /dev/rmt/0m" to "Source: /tmp/PHSS_4961.updt" (this assumes that you are in the /tmp directory where PHSS_4961.updt has been placed). Note: You must enter the complete path name. 5) Press "Done". 6) From here on follow the standard directions for update. The customize script that update runs will move the original software to /system/PHSS_4961/orig. HP recommends keeping this software there in order to recover from any potential problems. It is also recommended that you move the PHSS_4961.text file to /system/PHSS_4961 to be retained for future reference. If you wish to put this patch on a magnetic tape and update from the tape drive, dd a copy of the patch to the tape drive. As an example the following will create a copy of the patch that update can read: dd if=PHSS_4961.updt of=/dev/rmt/0m bs=2048 --------------------------------------------------------------------------- Configuring GDS and DFS If a cell is configured with an X.500 style cellname, e.g., c=us/0=hp/ou=cssl, DFS will work only if GDS is also configured in the cell and all GDS (and DCE) daemons are running. This means: - A working DCE cell (with the DCE core services: rpc, cds, and security) should be properly configured and running. - The gdad daemon must be running. That is, a GDA Server must be configured (and started) in the cell. - The local GDS daemons (most importantly gdsdsa and gdscache) must be configured and activated (i.e. running). See the release notes for the GDS configuration and activation procedure. - For a normal Client/Server GDS configuration, local loop back must be correctly initialized in the GDS database. You can use /opt/dcelocal/usr/examples/gds/loop_back.cmd as a template as described in the release notes for configuring GDS. The following quick test can be used to determine if DFS will work in the cell (before DFS is configured or started). The test uses cdscp to show a "partial cellname" as a directory. For instance, if the name of your cell is "c=us/o=hp/ou=cssl", try the following command: cdscp show dir /.../c=us This should result in an error. The particular error is important. If the error is one of the following, DFS WILL NOT work: Error on entity: /.../c=us Software error detected in server (dce / cds) Function: dnsEnumAttr Error on entity: /.../c=us Requested operation would result in lost connectivity to root directory (dce / cds) Function: dnsEnumAttr Error on entity: /.../c=us connection request rejected (dce / rpc) Function: dnsEnumAttr Error on entity: /.../c=us not registered in endpoint map (dce / rpc) Function: dnsEnumAttr If the error is one of the following DFS WILL work: Error on entity: /.../c=us Requested entry does not exist (dce / cds) Function: dnsEnumAttr dnsEnumAttr: partial results = /.../c=us Error on entity: /.../c=us Specified name is not stored in a CDS clearinghouse (dce / cds) Function: dnsEnumAttr Other errors are possible and probably mean that DFS will not work. You should check your GDS configuration to try to determine what is wrong. Some daemons may not be running, e.g. gdad or the GDS daemons, or you may not have correctly configured the GDS information. You may need to configure your cell's CDS information into GDS as follows: Here are steps for adding CDS information into the GDS database: A. On system B (which has GDS cell name space) type: cdscp show cell /.:/ SHOW CELL /.../c=us/o=hp AT 1994-04-29-14:27:08 Namespace Uuid = 04a0a502-563e-11cd-91b5-08000927444c Clearinghouse Uuid = 03be984c-563e-11cd-91b5-08000927444c Clearinghouse Name = /.../c=us/o=hp/hpindep_ch Replica Type = Master Tower = ncacn_ip_tcp:15.13.106.190[] Tower = ncadg_ip_udp:15.13.106.190[] B. On system A (which has GDS running): 1. Type: 'gdssysadm' then select 'a' for administration then press MENU softkey to execute. +---------------------------------------------------------------------------- + | (Mask 1) DIRECTORY SYSTEM Logon | +---------------------------------------------------------------------------- + | USER IDENTIFICATION: Directory ID: 1_ | | Password: | | Country-Name: __ | | Organization-Name: _________________________ | | Org.-Unit-Name: _________________________ | | Common-Name: _________________________ | | | | Options: Logon to the Default DSA | +---------------------------------------------------------------------------- + 2. Press MENU (f2 softkey) to execute, then select 1 for object administration +---------------------------------------------------------------------------- + | (Mask 3) DIRECTORY SYSTEM Administration | +---------------------------------------------------------------------------- + | ADMINISTRATION FUNCTIONS: | | 0 Exit | | 1 Object Administration | | 2 Schema Administration | | 3 Shadow Administration | | 4 Subtree Administration | | Current DSA /C=us/O=hp/OU=hpind/CN=dsa/CN=dsa-hp | +---------------------------------------------------------------------------- + Which function ? 1 3. Select 1 to add object then 2 for country name (Structure Rule). Enter name 'us' then press MENU softkey to execute. +---------------------------------------------------------------------------- + | (Mask 6) DIRECTORY SYSTEM Add Object | +---------------------------------------------------------------------------- + | Object Name | | Country-Name us | | | | Structural Object class: Country | | Auxiliary object class: NO | +---------------------------------------------------------------------------- + 4. Press MENU softkey again (because there is no selection here). 5. After return back to Mask 4 (Object Administration) select 1 to add object then 3 for Organization (Structure Rule) +---------------------------------------------------------------------------- + | (Mask 5) DIRECTORY SYSTEM Add Object | +---------------------------------------------------------------------------- + | Structure Rule Name structure | | | | 02 Country-Name 02 | | 03 Organization-Name 02-03 | | 04 Org.-Unit-Name 02-03-04 | | 05 Common-Name 02-03-04-05 | | 06 Common-Name 02-03-04-06 | | Org.-Unit-Name | | 07 Common-Name 02-03-04-05-07 | | 08 Locality-Name 02-08 | | 09 Common-Name 02-08-09 | | 10 Common-Name 02-08-10 | | Street-Address | +---------------------------------------------------------------------------- + Which structure rule ? 3_ 6. Enter Country name as 'us' and Organization name as 'hp' then press MENU softkey to execute. +---------------------------------------------------------------------------- + | (Mask 6) DIRECTORY SYSTEM Add Object | +---------------------------------------------------------------------------- + | Object Name | | Country-Name us | | Organization-Name hp_______________________ | | | | Structural Object class: Organization | | Auxiliary object class: NO | +---------------------------------------------------------------------------- + 7. Mask 6d displays. Now you want to move Arrow key down to highlite field CDS-Cell then hit RETURN to mark this field. Next, continue move Arrow key down to highlite field CDS-Replica then hit RETURN to mark this field again then press MENU softkey to execute. +---------------------------------------------------------------------------- + | (Mask 6d) DIRECTORY SYSTEM Add Object | +---------------------------------------------------------------------------- + | Access-Control-List | | Business-Category | | CDS-Cell <========== | | CDS-Replica <========== | | Description | | Destination-Indicator | | Fax-Telephone-Number | | Internat.-ISDN-Number | | Locality-Name | | Master-Knowledge | | Organization-Name | | Phys.-Deliv.-Office-Name | | Post-Office-Box | | Postal-Address | | Postal-Code | | Preferred-Delivery-Meth. | +---------------------------------------------------------------------------- + 8. Mask 21 displays. Enter CDS information as following (step A above, or you can open a window on system B to allow cut and paste info over): +---------------------------------------------------------------------------- + | (Mask 21) DIRECTORY SYSTEM Add Object | +---------------------------------------------------------------------------- + | CDS-Cell | | Namespace UUID: 04a0a502-563e-11cd-91b5-08000927444c | | Root dir UUID: 04a0a502-563e-11cd-91b5-08000927444c | | Root dir name: /.../c=us/o=hp/_____________________ | | | +---------------------------------------------------------------------------- + 9. Press MENU softkey to execute. Mask 22 displays, enter CDS information as following, then press MENU softkey to execute. +---------------------------------------------------------------------------- + | (Mask 22) DIRECTORY SYSTEM Add Object | +---------------------------------------------------------------------------- + | CDS-Replica | | Replica type : MASTER | | Clearinghouse UUID: 03be984c-563e-11cd-91b5-08000927444c_________ | | Clearinghouse name: /.../c=us/o=hp/hpindep_ch____________________ | | Tower 1: ncacn_ip_tcp:15.13.106.190[]_________________ | | Tower 2: ncadg_ip_udp:15.13.106.190[]_________________ | | Tower 3: _____________________________________________ | | Tower 4: _____________________________________________ | | Tower 5: _____________________________________________ | +---------------------------------------------------------------------------- + At this point, you have successfully configured CDS information into the GDS database.