Patch-ID# 101034-06 Keywords: sconsole nwfsck inodes pserver print security nvt token ring cc:mail Synopsis: NetWare SunLink 1.0: jumbo patch Date: Oct/12/95 Solaris Release: SunOS Release: 4.1.1, 4.1.2, 4.1.3 Unbundled Product: NetWare SunLink Unbundled Release: 1.0 Relevant Architectures: sun4, sun4c, sun4m BugId's fixed with this patch: 1099067 1109623 1113830 1115441 1116198 1117991 1119562 1121743 1124463 1130098 1130700 1136906 1140419 1142417 1215409 1216132 Changes incorporated in this version: 1215409 1216132 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: README bindfix edcfg hybrid ipx.o install_patch1 install_patch2 ncp_engine netware nspx.o nvt.o nvt.exe nwfsck nwlp nwlp.1 nwlpstat nwlpstat.1 pserver rprinter sap sconsole slist startnps startnw stopnps stopnw stopptr volcheck Problem Description: PROBLEMS FIXED IN PATCH REVISION 06: ID #1215409 Inode file corruption nwfsck now checks for two additional types of directory block corruption and can fix them correctly. Also, a problem is fixed in directory block allocation which could lead to block entries not being used, thus increasing the size of the inode file unneccesarily. ID #1216132 Write commit is slow - each time the CommitFile API is called, a filesystem sync is performed. A tunable parameter has been added to the /etc/netware/NWConfig file called write_commit_mode. The following settings are available for this integer-valued parameter: 0 - The CommitFile API is deactivated - this provides the fastest performance, but eliminates synchronous writes which provide the most data security across system crashes. 1 - Each time the CommitFile API is called, a filesystem sync is performed (this is identical to the pre-patch behavior, although optimized to perform twice as fast, it's still very slow). 2 - All filesystem write will be synchronous. This will result in overall slower filesystem performance, but performance will be an order of magnitude better on applications that perform many CommitFile requests. PROBLEMS FIXED IN PATCH REVISION 05: ID #1172634 SunOS crashes in nvtwput ID #1111255 Using pconsole to check status/control, in a token ring network, causes a panic Memory address alignment on the server. ID #1116198 If a PC with an active NVT session is rebooted, the NVT session remains ready to reconnect to the client for 15-30 minutes. Sessions also remain behind when the 'disconnect session' option is used instead of logging out. These orphan login sessions can be assigned to the next user who logs in at that PC. This is a security problem. ID #1130098 The maximum number of print queues definable has been increased from 32 to 64. ID #1130700 Over token ring, when the customer's application does a t_connect the machine running the Netware Sunlink server crashes . Works fine over Ethernet. ID #1136906 Accessing a Netware printer with Pserver via token ring crashes the Netware SunLink server. ID #1140419 When a PC with a running NVT session to a NSWL host goes down or there is a network error, occasionally the connection will not be cleared and an NVT slot will continue to be used. If this is allowed to continue, all available NVT sessions can be used up by invalid connections. ID #1142417 It is not possible to define more than 12 remote printers. Product should support 16. OTHER PROBLEMS ADDRESSED IN PATCH REVISION 05: Displaying more than 500 servers either with slist or through sconsole causes a core dump. When using Microsoft Windows with 2 or more DOS boxes, changing to a different directory on a drive in one DOS box would change the directory on the same drive in the other DOS box as well. This has been fixed so that the drives mapped in both DOS boxes are completely independent as they are under Novell NetWare v3.11. Several problems with NWSL and VLM compatibility have been fixed. The blast protocol no longer pads packets with zeros and null strings are now accepted to change directory handles to root. In addition, dir handle 1 is no longer reused - it is reserved for the login directory as expected by the VLM. Fixed a search index so that duplicate subdirectory names are detected when doing a rename operation. Under certain circumstances, a connection could grab multiple NCP memory buffers which resulted in fewer than the number of clients configured being able to log in. Bindery objects and properties can now contain "high ascii" characters (characters with their high-bit set). An engine "lockup" condition where clients would infinitely get "request being processed" responses to NCPs has been fixed. A number of problems which could cause significant inode consistency problems have been fixed. Several error conditions were not being detected. An out of bounds memory condition resulting in corrupted data is now fixed. A number of data structures have been rescoped to prevent their corruption when being used by recursive functions. SCONSOLE would not allow the creation of print servers or rprinter if the name has more than 20 characters. This has been fixed. The nwfsck utility has been improved to repair previously unrepairable instances of inode file corruption. Performance has been improved for long->short name mapping. FUNCTIONALITY ADDED IN PATCH REVISION 01: Due to overwhelming customer demand, two new utilities have been developed: nwlp and nwlpstat. These utilities allow a SunOS user to print to a NetWare print queue as well as to list queues, delete jobs and check job status. Man pages have been included. PROBLEMS FIXED IN PATCH REVISION 01: ID #1099067 The sconsole utility was not properly editing parameters whose values were expressions and not simple integers (eg. shm_size = 512*1024 ). ID #1109623 Certain OS/2 locking calls were returning incorrect error codes. This was causing some applications, such as those using the Codebase C library, to hang. ID #1113830 Several problems with MAP ROOT and with drives mounted under Microsoft Windows were reported. These were fixed when directory traversal using '..' was cleaned up so that a special case where the high-bit was set on the first period did not generate an error. ID #1115441 The NetWare server or nsfsck could hang if the filesystem contained a file whose name contained a DOS wildcard character and that name conflicted with the name of another file in the same directory. ID #1117991 The NetWare server was not properly reporting the remaining disk space. When the partion hit 100% utilization, the server reported 1Gb free and continued to allow writes to that partition. ID #1119562 Problems with the file read-ahead cache resulted in the server not re-reading data read then written then re-read from the same block. This caused the second read to return with stale data. This caused errors in applications such as CC:Mail which read-after-write verify all data. ID #1121743 Hybrid user administration was difficult because sconsole and hybrid would halt at first failure. Warnings are now displayed when a GID/UID cannot be resolved to a symbolic name. ID #1124463 In certain cases, NVT could generate a kernel panic. Error cases are now more carefully checked. OTHER PROBLEMS ADDRESSED IN PATCH REVISION 01: NetWare uses directory transversal operators such as '....' which were not being properly handled. Programs such as Word, WordPerfect and Excel that used them were failing. When a printer queue and a CAPTURE is done on the client side, MAP > PRN would return an error message about the SYS: volume being full. This was due to an incorrect task number being returned. A problem with ncp_engine packet buffers could cause various failures when a server approaching its max_connections limit receives an attach request while another client is detaching. A particular instance of a directory search operation was failing due to the incorrect interpretation of an empty directory path field. The ATOTAL utility was not working properly due to a problem with mutual exclusion to the file NET$ACCT.DAT. If more than 5 users/groups were added to a file as trustees, some would be displayed more than once when using the FILER utility. Pserver was not freeing up sent blocks properly, which could cause various illegal behaviors. Password dates were being reset occasionally. The SPX protocol was handling sequence number rollovers improperly, as well as not returning errors properly in some cases. When trying to set the file owner for all files and directories in the SYS:\SYSTEM directory, one file was in use, and FILER would return an error. FILER now just reports that the file in use will not be updated. Several problems with accounting records in PAUDIT. OS/2 2.0 requester was returning an invalid bit in a locking call, which the server needed to mask off. Pserver was occasionally having problems keeping track of the correct number of blocks it had sent to rprinter. Problems with the kernel timeout code would cause errors in timed events such as SPX retrys, SAPs and RIPs. This could cause failures of pserver and rprinter. Patch Installation Instructions: The patch has been divided into two sections for ease of installation, one which affects the kernel and requires a system reboot and one which does not. Each may be installed independently. The section which affects the kernel contains the fixes for BUGID #1124463 and #1116198, as well as the SPX protocol and timeout fixes. The other section contains all other fixes as well as the two new printing utilities. WARNING To install part 1 of this patch requires 9mb of space in .usr/netware. To install part 2 of the patch requires 5mb plus enough space to rebuild the kernal. Installing both parts of the patch requires 9mb plus enough space to rebuild the kernal. Perform steps 1-5 to install either or both sections of the patch. 1) login as root 2) shutdown NetWare SunLink /usr/netware/bin/stopnw 3) make directory for contents of patch /bin/mkdir /usr/netware/patchB 4) copy the contents of the patch to /usr/netware/patchB 5) change to the patchB directory cd /usr/netware/patchB To install the portion of the patch not affecting the kernel: 6) execute install script 1 ./install_patch1 7) run 'nwfsck -y' repeatedly on all volumes until no errors are reported /usr/netware/bin/nwfsck -y 8) restart Netware file server /usr/netware/bin/startnw To install the portion of the patch affecting the kernel: 6) execute install script 2 ./install_patch2 7) run the nwreboot utility to install the new kernel and reboot /nwreboot To install the both portions of the patch: 6) execute install script 1 ./install_patch1 7) execute install script 2 ./install_patch2 8) run the nwreboot utility to install the new kernel and reboot /nwreboot 9) stop the Netware file server /usr/netware/bin/stopnw 10) run 'nwfsck -y' repeatedly, on all volumes, until no errors are reported /usr/netware/bin/nwfsck -y Any users with a local copy of NVT.EXE should upgrade to the new NVT.EXE in the /sys/public directory.