Patch-ID# 101973-20 Keywords: AUTH_DES libnsl ypbind MT-RPC rpc.nisd yp-compat libnisdb security Synopsis: SunOS 5.4: fixes for libnsl and ypbind Date: Aug/14/96 Solaris Release: 2.4 SunOS Release: 5.4 Unbundled Product: Unbundled Release: Topic: SunOS 5.4: fixes for libnsl and ypbind BugId's fixed with this patch: 1147349 1153233 1156738 1162712 1169003 1169945 1169971 1170407 1172438 1174303 1174494 1174767 1179173 1179526 1180720 1181327 1183260 1183749 1183841 1186439 1187350 1187866 1189645 1191910 1192232 1192601 1193147 1194673 1195422 1204871 1205769 1213862 1216036 1216054 1217312 1221809 1223383 1224057 1232010 1234630 1235501 1242395 Changes incorporated in this version: 1242395 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: 102105-08 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/netsvc/yp/ypbind /usr/sbin/rpc.nisd Problem Description: 1242395 NIS+ TTLs for objects not correct on 2.4 slave replicas and 2.3 slave/clients. (from 101973-19) 1232010 retransmit time, 15 seconds, for NIS+ UDP queries is too long 1223383 NIS+ clients should always try to bind to servers on the local subnet first 1234630 Client side RPC handle caching and server side fd leaks needs a general solutio (from 101973-18) 1221809 absence of user public key caching makes NIS+ inter-domain lookups unreliable (from 101973-17) 1235501 checkpointing can crash nisd if non-existent replica is in transaction log 1183841 erroneous looping in __nis_core_lookup (from 101973-16) 1224057 rpc.nisd hangs in write(2) (from 101973-15) 1216036 NIS+ client library does not retransmit RPC call to rpcbind on NIS+ servers 1191910 Intermittently, rpc.nisd failed to authenticate NIS+ client 1147349 Secure-RPC server cache too small 1189645 ttsession -a des cannot find users public keys. (from 101973-14) 1213862 gethostbyname() at 2.4 returns results incorrectly for multihomed hosts (from 101973-13) 1162712 rpcinfo TLI error (from 101973-12) 1217312 gethostbyname() can trash an existing open file descriptor (from 101973-11) 1205769 Solaris 2.4 ypbind file descriptor limit of 64 is too low (from 101973-10) 1195422 nis+ library can corrupt memory when servers are unresponsive (from 101973-09) 1187866 NIS+ does not work in this release. (from 101973-08) 1181327 5.3 ypbind doesn't bind to a 4.1.3_U1 ypserver with libc patch (or 4.1.4) (from 101973-07) 1192232 svc_fd_create() does not seem to work on Solaris 2.4. 1169003 Pormapper v.3 not compatible with v.2 bug. 1192601 Multi-threaded RPC server dumps core when operating over TCP 1183749 rpc.nisd dumps core in xdrrec_getlong( ) 1180720 NIS+ servers hang on a getmsg() call 1169971 MT-RPC library severely limits concurrency. 1156738 svc_dg_enablecache causes all new rpc's after 1st to hang and timeout (from 101973-06) 1186439 diskless don't boot after installing t101318-67 (from 101973-05) 1179526 rpc.nisd doesn't work correct on recursive group members (from 101973-04) 1153233 NIS+ does not handle multi-homed servers correctly (from 101973-03) 1170407 many rcp's to localhost intermittently errors "rcp: unknown user `uid' " Under a heavy system load NIS clients could fail to contact the ypbind process and would then fail. This would cause a variety of symptoms that can be traced to failed calls on getpwnam(), getpwuid(), gethostbyname(), etc. The ypbind process has been changed to cache the ypserv transport address in a file. Now NIS clients can get the address of ypserv without connecting to ypbind. In addition, NIS clients will now keep trying to get results as long as ypbind is running. (from 101973-02) 1169945 rpcbind crashed with a segmentation violation This patch fixes a problem with rpcbind periodically core dumping. The fix is contained in libnsl. (from 101973-01) 1172438 apps using AUTH_DES fail when many simultaneous requests are made When more than 25 users try and login into a NIS+ client simultaneously, only about 25 can make it. The rest get the "Login incorrect" message. (from 102105-08) 1187350 nisd[xxx] WARNING: db_query::db_query: bad index (from 102105-07) 1216054 Part of fix for 1160662 was lost, extra readonly child spawned. (from 102105-06) 1204871 nistbladm -e erroneously reports an error when modifying entry objects (from 102105-05) 1193147 Host map lookups can crash an NIS+ server in yp-compat mode. (from 102105-04) 1194673 nisping -C occasionally causes rpc.nisd to hang for 10 minutes (from 102105-03) 1179173 nistbladm -m overwrites entries who's keys match modified entries For example, nistbladm -c my_type a=S b= table.domain.com. nistbladm -a a=key1 b=value1 table.domain.com. nistbladm -a a=key2 b=value2 table.domain.com. niscat table.domain.com. key1 value1 key2 value2 nistbladm -m a=key1 b=value3 '[a=key2],'table.domain.com. niscat table.domain.com. key1 value3 Solution: A -e and -E options have been added to nistbladm command. The -m option is deprecated. It will be synonymous with -E. nistbladm -e|E colname=value ... indexedname nistbladm -m colname=value ... indexedname -m deprecated. A synonym for -E -e|-E Edit the entry in the table that is speci- fied by 'indexedname'. 'indexedname' must uniquely identify a single entry. It is possible to edit the value in a column that would change the indexed name of an entry. The change (colname=value ...) may affect other entries in the table if the change results in an entry whose indexed name is different from 'indexedname' and which matches that of another existing entry. In this case, the '-e' option will fail and an error will be reported. The -E option will force the replacement of the existing entry by the new entry (effectively removing two old entries and adding a new one). (from 102105-02) 1174767 readonly child rpc.nisd dumps core while parent process checkpointing 1174494 rpc.nisd core dumps with corrupt stack while checkpointing after a clean install 1183260 all SSI replicas went into full resync (from 102105-01) 1174303 rpc.nisd died in checkpoint without dumping cores This bug affected the naming services drastically. A counter was incremented twice but decremented once only, due to which master server could not spawn new process for replication, niscat etc. Also, there was timing issue in case of checkpointing, due to which the rpc.nisd would occasionally exit without dumping core. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None.