Patch-ID# 101973-32 Keywords: security AUTH_DES libnsl ypbind MT-RPC rpc.nisd libnisdb nistbladm Synopsis: SunOS 5.4: libnsl, nistbladm & ypbind fixes Date: Sep/12/97 Solaris Release: 2.4 SunOS Release: 5.4 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 101974 Topic: SunOS 5.4: libnsl, nistbladm & ypbind fixes BugId's fixed with this patch: 1147349 1153233 1156738 1160090 1162712 1169003 1169945 1169971 1170407 1172438 1174303 1174494 1174767 1179173 1179526 1179866 1180720 1181327 1183260 1183749 1183841 1186439 1187350 1187866 1189645 1191910 1192232 1192601 1193147 1194673 1195422 1204871 1205769 1209763 1212974 1213016 1213862 1216036 1216054 1217312 1221809 1223326 1223383 1224057 1230570 1232010 1234630 1235501 1242395 1244872 1246630 1247052 1249903 1258916 1259200 4005483 4045268 4057606 Changes incorporated in this version: 4045268 4057606 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: 102105-08 103064-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/nistbladm /usr/include/rpcsvc/nis_tags.h /usr/lib/libnisdb.a /usr/lib/libnisdb.so.2 /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/netsvc/yp/ypbind /usr/sbin/nis_cachemgr /usr/sbin/rpc.nisd Problem Description: 4045268 nis_cachemgr does not verify authenticity of objects 4057606 Out of domain NIS+ lookups don't work after applying fix for 4045268 (from 101973-31) 1179866 nistbladm cores when trying to create a group larger than 1024 bytes (from 101973-30) 1247052 nis_dumplog_r translates all failures into NIS_RPCERROR (from 101973-29) 1212974 Bogus bootparam packet makes rpcbind stop working (from 101973-28) 4005483 replica doing full resync too frequently (from 101973-27) 1223326 possible memory leak in "rpc.nisd" 1230570 nisplus strips leading spaces before doing lookup. (from 101973-26) 1259200 no more syslog from rpc.nisd after the fix for 1244917 in T101318-80 (from 101973-25) 1249903 rpc.nisd hung in nis_list_svc on getmsg in _rcv_conn_con (from 101973-24) 1258916 nis_cachemgr causing other many processes to hang in semop (from 101973-23) 1213016 User looses access to secondary groups if nisplus root master is not up 1209763 DNS forwarding thru NIS compat interface does not work on x86 machines (from 101973-22) 1246630 nisd can potentially hang if it gets a SIGCHLD/SIGHUP on an established callback (from 101973-21) 1244872 nis_cachemgr can deadlock when servers are unavailable (from 101973-20) 1242395 NIS+ TTLs for objects not correct on 2.4 slave replicas and 2.3 slave/clients. (from 101973-19) 1232010 retransmit time, 15 seconds, for NIS+ UDP queries is too long 1223383 NIS+ clients should always try to bind to servers on the local subnet first 1234630 Client side RPC handle caching and server side fd leaks needs a general solution (from 101973-18) 1221809 absence of user public key caching makes NIS+ inter-domain lookups unreliable (from 101973-17) 1235501 checkpointing can crash nisd if non-existent replica is in transaction log 1183841 erroneous looping in __nis_core_lookup (from 101973-16) 1224057 rpc.nisd hangs in write(2) (from 101973-15) 1216036 NIS+ client library does not retransmit RPC call to rpcbind on NIS+ servers 1191910 Intermittently, rpc.nisd failed to authenticate NIS+ client 1147349 Secure-RPC server cache too small 1189645 ttsession -a des cannot find users public keys. (from 101973-14) 1213862 gethostbyname() at 2.4 returns results incorrectly for multihomed hosts (from 101973-13) 1162712 rpcinfo TLI error (from 101973-12) 1217312 gethostbyname() can trash an existing open file descriptor (from 101973-11) 1205769 Solaris 2.4 ypbind file descriptor limit of 64 is too low (from 101973-10) 1195422 nis+ library can corrupt memory when servers are unresponsive (from 101973-09) 1187866 NIS+ does not work in this release. (from 101973-08) 1181327 5.3 ypbind doesn't bind to a 4.1.3_U1 ypserver with libc patch (or 4.1.4) (from 101973-07) 1192232 svc_fd_create() does not seem to work on Solaris 2.4. 1169003 Portmapper v.3 not compatible with v.2 bug. 1192601 Multi-threaded RPC server dumps core when operating over TCP 1183749 rpc.nisd dumps core in xdrrec_getlong( ) 1180720 NIS+ servers hang on a getmsg() call 1169971 MT-RPC library severely limits concurrency. 1156738 svc_dg_enablecache causes all new rpc's after 1st to hang and timeout (from 101973-06) 1186439 diskless don't boot after installing 101318-67 (from 101973-05) 1179526 rpc.nisd doesn't work correct on recursive group members (from 101973-04) 1153233 NIS+ does not handle multi-homed servers correctly (from 101973-03) 1170407 many rcp's to localhost intermittently errors "rcp: unknown user `uid' " Under a heavy system load NIS clients could fail to contact the ypbind process and would then fail. This would cause a variety of symptoms that can be traced to failed calls on getpwnam(), getpwuid(), gethostbyname(), etc. The ypbind process has been changed to cache the ypserv transport address in a file. Now NIS clients can get the address of ypserv without connecting to ypbind. In addition, NIS clients will now keep trying to get results as long as ypbind is running. (from 101973-02) 1169945 rpcbind crashed with a segmentation violation This patch fixes a problem with rpcbind periodically core dumping. The fix is contained in libnsl. (from 101973-01) 1172438 apps using AUTH_DES fail when many simultaneous requests are made When more than 25 users try and login into a NIS+ client simultaneously, only about 25 can make it. The rest get the "Login incorrect" message. (from 102105-08) 1187350 nisd[xxx] WARNING: db_query::db_query: bad index (from 102105-07) 1216054 Part of fix for 1160662 was lost, extra readonly child spawned. (from 102105-06) 1204871 nistbladm -e erroneously reports an error when modifying entry objects (from 102105-05) 1193147 Host map lookups can crash an NIS+ server in yp-compat mode. (from 102105-04) 1194673 nisping -C occasionally causes rpc.nisd to hang for 10 minutes (from 102105-03) 1179173 nistbladm -m overwrites entries who's keys match modified entries For example, nistbladm -c my_type a=S b= table.domain.com. nistbladm -a a=key1 b=value1 table.domain.com. nistbladm -a a=key2 b=value2 table.domain.com. niscat table.domain.com. key1 value1 key2 value2 nistbladm -m a=key1 b=value3 '[a=key2],'table.domain.com. niscat table.domain.com. key1 value3 Solution: A -e and -E options have been added to nistbladm command. The -m option is deprecated. It will be synonymous with -E. nistbladm -e|E colname=value ... indexedname nistbladm -m colname=value ... indexedname -m deprecated. A synonym for -E -e|-E Edit the entry in the table that is speci- fied by 'indexedname'. 'indexedname' must uniquely identify a single entry. It is possible to edit the value in a column that would change the indexed name of an entry. The change (colname=value ...) may affect other entries in the table if the change results in an entry whose indexed name is different from 'indexedname' and which matches that of another existing entry. In this case, the '-e' option will fail and an error will be reported. The -E option will force the replacement of the existing entry by the new entry (effectively removing two old entries and adding a new one). (from 102105-02) 1174767 readonly child rpc.nisd dumps core while parent process checkpointing 1174494 rpc.nisd core dumps with corrupt stack while checkpointing after a clean install 1183260 all SSI replicas went into full resync (from 102105-01) 1174303 rpc.nisd died in checkpoint without dumping cores This bug affected the naming services drastically. A counter was incremented twice but decremented once only, due to which master server could not spawn new process for replication, niscat etc. Also, there was timing issue in case of checkpointing, due to which the rpc.nisd would occasionally exit without dumping core. (from 103064-01) 1160090 nis_cachemgr should delete expired dir objects only if they can be refreshed Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None.