ECO NUMBER: DCEECO1021 ----------- PRODUCT: Distributed Computing Environment (DCE) for Digital UNIX 2.1 -------- UPDATED PRODUCT: Distributed Computing Environment (DCE) for Digital UNIX 2.1 ---------------- APPRX BLCK SIZE: 67340 ---------------- DCE for DIGITAL UNIX Version 2.1 ECO1 Release Notes November 1998 This document describes changes to DCE for DIGITAL UNIX Version 2.1 software contained in the ECO1 kit. ECO Name: DCEECO1021 Product and Version: DCE for DIGITAL UNIX Version 2.1 Operating System and Version: DIGITAL UNIX Version 4.0 through 4.0E c Digital Equipment Corporation 1998. All rights reserved. Digital Equipment Corporation Maynard, Massachusetts Table of Contents 1. Overview of Kit Contents 1.1 Files Patched or Replaced 2. Installation Instructions 3. Problems Addressed in This Kit 3.1 Corrections to RPC 3.2 Corrections to Security 3.3 Corrections to Kerberos 5 Support 3.4 Corrections to SIA 3.5 Corrections to Distributed Time Service 3.6 Corrections to CDS 3.7 Corrections to DCED 3.8 Corrections to DFS 1. Overview of Kit Contents DCE for DIGITAL UNIX Version 2.1 ECO1 provides corrections for a variety of reported software problems. Refer to Section 3 of this guide for a detailed description of the software patches contained in the ECO1 kit. 1.1 Files Patched or Replaced This section lists the DCE for DIGITAL UNIX Version 2.1 media kit files replaced in the ECO1 kit and the subset containing each software fix. File Name Subset Location dcedfs.mod DCEDFSBINECO1021 acl_edit DCERTSECO1021 cdsd DCECDSECO1021 dce_login DCERTSECO1021 dcecp DCERTSECO1021 dced DCERTSECO1021 dcesetup DCERTSECO1021 dts_acts_provider DCERTSECO1021 dts_hopf_provider DCERTSECO1021 dts_traconex_provider DCERTSECO1021 dtscp DCERTSECO1021 dtsd DCERTSECO1021 gdad DCECDSECO1021 passwd_export DCERTSECO1021 passwd_import DCERTSECO1021 rgy_edit DCERTSECO1021 sec_admin DCERTSECO1021 sec_create_db DCESECECO1021 sec_insert_dce_entries.sh DCERTSECO1021 sec_remove_dce_entries.sh DCERTSECO1021 sec_salvage_db DCESECECO1021 secd DCESECECO1021 dcedhd.cat DCERTSECO1021 dcedcp.cat DCERTSECO1021 dcesiad.cat DCERTSECO1021 dfsbind DCEDFSECO1021 fts DCEDFSECO1021 /examples/rpc/payroll/README DCEADKECO1021 /examples/rpc/test2/README DCEADKECO1021 dfsversion DCEDFSECO1021 libdce.so DCERTSECO1021 libdcesiad.so DCERTSECO1021 libdxdcds.so DCERTSECO1021 libidlcxx.so DCERTSECO1021 2. Installation Instructions Follow these steps to install the DCE for DIGITAL UNIX Version 2.1 ECO1 kit. 1. Verify a successful installation of DCE for DIGITAL UNIX Version 2.1 before installing the ECO1 kit. 2. Untar the ECO1 kit into a local directory, using the following command: % tar xvf /DCEECO1021.tar 3. Use the setld procedure to start the installation procedure: % setld -l ./output 4. Select the subsets to install from the following choices: DCERTSECO1021 DCEADKECO1021 DCEDFSECO1021 DCESECECO1021 DCECDSECO1021 DCEDFSBINECO1021 To install multiple subsets, enter the number of each subset followed by a space. Use a hyphen between numbers to indicate a range of subsets. An example of the installation screen follows. ---------------------------------------------------------------------- The subsets listed below are optional: There may be more optional subsets than can be presented on a single screen. If this is the case, you can choose subsets screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any subsets are installed. 1) DCE Application Dev Kit V2.1 ECO 1 2) DCE CDS Server V2.1 ECO 1 3) DCE DFS Base V2.1 ECO 1 4) DCE DFS Kernel Binaries V2.1 ECO 1 5) DCE Runtime Services V2.1 ECO 1 6) DCE Security Server V2.1 ECO 1 Or you may choose one of the following options: 7) ALL of the above 8) CANCEL selections and redisplay menus 9) EXIT without installing any subsets Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6): ------------------------------------------------------------------------ 5. After the installation completes successfully, restart DCE by entering the following command: % /usr/sbin/dcesetup restart 3. Problems Addressed in This Kit This section describes the corrections to DCE for DIGITAL UNIX Version 2.1 contained in the ECO1 release. 3.1 Corrections to RPC o Previously, the timer event was being placed on the queue with a stale timestamp. The problem was fixed by making a call to rpc__clock_update() in rpc__timer_set_int() to get an accurate timestamp for the event trigger. In addition, a test was removed that determined whether to signal the timer loop in rpc__timer_set_int() when the timer queue was empty. o A correction was incorporated to allow the use of cluster service addresses. o This release adds a check_unsupported_ifs() function to check for interfaces in RPC_UNSUPPORTED_NETIFS that should be avoided when initializing DLI. The ifs are stored in the static variable unsupported_if_list, and the number of unsupported ifs is stored in the static variable int num_unsupported_ifs. A correction was incorporated to allow the use of cluster service addresses. o An array indexing problem in rpc_object_reference::fast_client_ping() has been fixed. Under certain circumstances, the problem caused memory corruptions in seemingly unrelated areas. Zeroing was also added to enhance rpc_object_reference::init_client_ping_list(). o RPC runtime corrections made in this release allow an RPC application to reject an unsupported authentication service. Prior to this fix, a request for an unsupported authentication service caused a core dump of the server. 3.2 Corrections to Security o A leak that affected secd was fixed by changes to dce_aud_commit. o The component of the security server that handles invalid logins was built using the assumption that pointers are 4 bytes long, which is not true for Alpha systems. As a result, secd crashed on Alpha systems when invalid login handling was enabled for a principal. This problem was corrected. o The secd lock manager was enhanced to ensure fair access for both readers and writers on a heavily used system. The changes ensure that a succession of readers does not indefinitely delay writers. o Several memory leaks were fixed in the processing of DCE third-party preauthentication data by a DCE security server. Prior to this fix, secd leaked memory with every successful authentication. 3.3 Corrections to Kerberos 5 Support o A problem was fixed that was causing credentials acquisition during an intercell dfs operation to take too long. Previously, in the function krb5_get_cred_from_kdc, a pointer array was not initialized correctly. o A problem was fixed that had blocked the acquisition of a valid ticket from the KDC if an expired matching ticket was present in the cache. On the client, the DCE Kerberos ticket acquisition code checks a cache of previously acquired tickets before requesting a ticket from the KDC. If a matching ticket is found in the cache, it is reused, and the KDC is not contacted. The matching process previously failed to check whether a matching ticket in the cache had expired. The presence of an expired matching ticket in the cache could thus prevent the client from consulting the KDC for a valid, non-expired ticket. 3.4 Corrections to SIA o A problem was corrected that caused the file matrix.conf to become corrupted upon DCE reboot. In matrix.conf, the path was not specified for the libsecurity.so entry. The full path is now specified as: /usr/shlib/libsecurity.so. o When a DCE group contains many members, a call to the getgrent routine no longer results in a core dump of the calling program (for example, ls -l). o When DCE SIA is enabled, mailx no longer dumps core. o Users will no longer experience inordinate delays at login when DCE SIA is enabled. Previously, such delays occurred whenever the DCE Registry contained many groups. The delays were caused by making one remote procedure call per group to the security server to compute a user's group memberships. The same information is now obtained by a single remote procedure call to the security server. o When DCE SIA is enabled, the login program performs a DCE authentication. If the authentication succeeds, the environment variable KRB5CCNAME should be set so that programs running within the login environment can inherit the authenticated user's DCE credentials. Previously, the value of KRB5CCNAME was not preserved in the login environment. A fix in this release ensures that KRB5CCNAME is preserved. o Previously, when DCE SIA was enabled, a user with an entry in the passwd_override file was incorrectly prevented from logging in to the local system (in addition to being correctly denied DCE credentials). This problem has been fixed. o The DCE SIA group information server (proxied by dced) now employs the group override facility to localize group information obtained from the DCE registry. Prior to this fix, group overrides were not considered when a user's group memberships were returned from the registry. As a result of this change, the group override facility can be used to constrain or modify a user's DCE group memberships to satisfy local machine security policy. Group override processing by the DCE SIA group information server had been inadvertently disabled as the result of a patch distributed to speed up integrated logins where the registry contains many groups. The fix in this ECO preserves the performance improvements provided by the patch while restoring and improving group processing. Group password and gid overrides are now handled correctly. 3.5 Corrections to Distributed Time Service o Minor changes were applied to the following files to improve memory cleanup: time/service/mgtrpc.c, time/service/time_request.c, time/service/transport_rpc.c, time/service/dtss_service_main.c, time/service_dtss_service_global_set.c, and time/service/dtss_service_state.c. o Previously, a few DTS functions handled NULL parameters incorrectly. The problem was corrected. o Several changes were made to ParseTime to comply with Year 2000 requirements and to allow for correct leap year calculation in the Year 2000. 3.6 Corrections to CDS o A problem was corrected in the dcecp directory synchronize command that was causing directory synchronization to fail. An error was found in the syntax used by dcecp when it employed the cdscp set dir to new epoch command in the directory synchronization process. o A change made to CDS allows it to handle arbitrarily large output results. The maximum size of the output buffer passed to readentry is now reduced by the size of the area reserved for the progress record. This change eliminates problems such as limitations on the number of member names an nsi group could contain. o The dcecp clearinghouse repair command was fixed. The command no longer returns the error, "Clearinghouse exists but it not available," after a successful clearinghouse repair. 3.7 Corrections to DCED o A change was incorporated to prevent the loss of diagnostic information when DCE is restarted. Previously, whenever dced was restarted, it recreated the log file used to record its error messages. Dced now creates a log file only if one does not exist. When a log file exists, dced appends all new output to the existing file. o The dced concurrent lock manager was modified so that it is no longer vulnerable to thread cancellation. Previously, if a dced thread was cancelled while in the process of acquiring or releasing a lock, the lock manager would deadlock on any subsequent lock operations, resulting in a hang of the calling thread, and ultimately of the dced process. The use of concurrent locks by dced to serialize reading of the password and override files was made cancel and exception-safe. Prior to this fix, a thread that was cancelled or that encountered an exception while holding an override lock would neglect to free the lock for use by other threads. Once an override lock was lost, requests by clients for override service from dced would hang at the server (dced), waiting for a lock. This was especially problematic with the DCE SIA mechanism configured for integrated login, as it could result in an inability to log in to the machine or perform a certifed DCE authentication. 3.8 Corrections to DFS o This ECO1 release includes a fix for a dfsbind core dump. Note that all of the following DFS corrections require rebuilding a kernel and rebooting. o A fix was completed that restricts the range of UDP ports used by DFS. Part one of the implementation was included in the Version 2.1 release: dfsbind reads an environment variable, RPC_RESTRICTED_PORTS, and passes the restriction down to the kernel. This ECO1 release includes part two of the fix: the kernel allocates ports in accordance with the restriction. This fix affects dcedfs.mod. o This release includes a fix for the premature umask application to the mode bits before they are passed to the server. This fix works in conjunction with changes incorporated into DIGITAL UNIX Version 4.0D. It affects dcedfs.mod. If you are running a version of DIGITAL UNIX earlier than 4.0D, do not attempt to apply this fix. An appropriate patch for versions earlier than 4.0D is under development. If you do not need the umask fix, no action is required. If you are running Version 4.0D of DIGITAL UNIX or higher and need the umask fix, apply it using the following procedure: 1. Enter: dbx -k /vmunix patch dfs_umask_rawmode_fix_present = 1 quit 2. Verify that the change has been made: dbx -k /vmunix print dfs_umask_rawmode_fix_present {THIS SHOULD PRINT 1} quit 3. Reboot. o The Cache Manager now passes through the setuid/setgid mode bits of directories without changing the bits. These bits still get turned off on regular files unless the client explicitly enables the capability to leave the bits unchanged. This capability can be set on a fileset with the cm setsetuid command. This change affects dcedfs.mod. o This release includes a change to the token expiration time of freely given tokens. The change was made in response to a problem that caused clients to hang occasionally for approximately 4 minutes, and then return a communications failure. The change affects dcedfs.mod. o Because of insufficient locking, it was previously possible for requests from the kernel to the dfsbind process to be lost. Eventually the kernel would run out of request space and hang. Two fixes were made: 1. Sufficient locking was added to prevent the loss of requests. 2. The request queue is periodically pruned of old requests. This enables the administrator to restart dfsbind only, instead of all of DFS, in the event of a problem, and to reclaim the resources that the kernel was using. Copyright (c) Compaq Computer Corporation 1998. All Rights reserved. This software is proprietary to and embodies the confidential technology of Compaq Computer Corporation. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Compaq or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, Compaq makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround.