Patch-ID# 109354-24 Keywords: security session disconnects nscm dtsession hangs cleared screen Synopsis: CDE 1.4: dtsession patch Date: May/07/2004 Install Requirements: None Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: CDE Unbundled Release: 1.4 Xref: This patch is available for x86 as patch 109355 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4239375 4293551 4314849 4316439 4335987 4344648 4349846 4353429 4379463 4386226 4389935 4392829 4430559 4448598 4452627 4463360 4484322 4489859 4502650 4534248 4701185 4743546 4763733 4788212 4837640 4880232 5023052 5023659 Changes incorporated in this version: 4880232 5023659 5023052 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 108652-19 or greater Obsoleted by: Files included with this patch: /usr/dt/bin/dtsession_res /usr/dt/config/C/sys.resources /usr/dt/share/man/man1/dtsession.1 /usr/dt/bin/dtsession Problem Description: 4880232 security: dtsession screen lock deferred until PAM conversation function runs (rework) 4944400 User's CDE session does not terminate/lock after removing smart card (rework) (from 109354-23) REMOVED bug fix for *4944400* and *4880232* 5023659 logout confirmation exits session before user input 5023052 CDE LockDisplay is not working properly, can't unlock locked CDE session (from 109354-22) (removed) 4944400 User's CDE session does not terminate/lock after removing smart card (from 109354-21) (removed) 4880232 security: dtsession screen lock deferred until PAM conversation function runs (from 109354-20) 4837640 dtsession should not use OCF_TimeSinceValidated and OCF_UserInfoCardService (from 109354-19) 4788212 /usr/dt/bin/dtsession $HOME env overflow (from 109354-18) 4763733 dtsession crash on restoring session with very long lines (from 109354-17) 4743546 With 105634-08 (or newer), DIALOG_SYSTEM_MODAL can be cleared by screen saver. (from 109354-16) 4314849 dtsession hangs in recursive _XFlushInt from a signal handler (from 109354-15) 4701185 Session disconnects on logging in with NSCM from SunRays (from 109354-14) 4534248 dtsession_res processes deadlock on login randomly (from 109354-13) 4430559 dtsession requires user input even if PAM says user is authenticated 4452627 dtlogin should register with PAM using a different client name when on SunRay 4484322 uninitialized variable in SmUI.c/CreateLockMessageNoAckDialogWithCover() 4489859 a certain situation can override the lockscreen and exit 4502650 FBPM may be incorrectly set for the user session (from 109354-12) 4349846 CDE color management does not work well with HP motif library (from 109354-11) 4379463 dtsession deadlocks (from 109354-10) 4463360 system doesn't detect the SC has been removed (from 109354-09) 4448598 LANG buffer overflow in sessionmgr (from 109354-08) 4386226 dtsession does not handle OCF server errors (from 109354-07) 4353429 dtsession leaves unnecessary thread after unlocking screen (from 109354-06) 4392829 TEC perf optimizations 4389935 Feature For LSARC Cases : 2000/105, 2000/106, 2000,107 and 2000/108 (from 109354-05) 4293551 dtsession in xinerama mode should (optionally) not center the logout dialog box (from 109354-04) 4335987 Screen sometimes fails to unlock (from 109354-03) 4316439 dtsession is multi-threaded but calls vfork, which is MT-unsafe (from 109354-02) 4344648 cde fails to protect screen on a host setup authentication by (from 109354-01) 4239375 Unable to lock/unlock or exit system if root password is null Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: In order to get full xinerama support (bug 4293551), install the following patches in addition to this patch: 108921-08 (or newer): CDE 1.4: dtwm patch 108919-05 (or newer): CDE 1.4: dtlogin patch NOTE 2: In order to get full functionality of fix 4452627, install the following patch in adition to this patch: 108919-13 (or newer): CDE 1.4: dtlogin patch NOTE 3: In order to get full functionality of fix 4743546, install the following patch in addition to this patch: 108921-16 (or newer): CDE 1.4: dtwm patch Special Notes: -------------- NOTE 1: RFE 4293551 dtsession in xinerama mode should (optionally) not center the logout dialog box NOTE 2: RFE 4763733 Need logout and relogin to make changes take effect. ===================================================================== Sun(tm) delivers a version of CDE that has been extended to provide some basic support when run in multi-headed Xinerama mode. This support is to make the positioning of the following CDE dialogs resource configurable: - Login (a.k.a. dtgreet) - Logout Confirmation - Unlock Display - Restart Workspace Confirmation - Move/Resize Coordinates. The reason for making these dialogs configurable in terms of their window positioning is obvious, they are all non-movable. That is, these dialogs are all centered in the logical screen regardless of the number of physical monitors available. Without the ability to configure these dialogs, they will be split across monitors and will cause many ease-of-use issues. CDE patches (108921-08,109354-05,108919-05, or newer) and the Xsun patch (108652-19, or newer), when installed together, allow the user to configure the positioning of the previously mentioned dialogs using the following X resources: xineramaDefaultFramebuffer xineramaCenterHintX xineramaCenterHintY Resource Description ======================== If the xineramaDefaultFramebuffer resource has a value between 0 and (n-1), within the Xinerama screen, then dialogs will be centered on that framebuffer. If the xineramaDefaultFramebuffer resource has a value of -1, then dialogs will be centered using the values in xineramaCenterHintX and xineramaCenterHintY. To set resources system-wide, copy Xresources and sys.resources from /usr/dt/config/C to /etc/dt/config/C and add the appropriate lines. Setting resources in the Xresources file affects Login, while setting them in sys.resources affects Logout Confirmation, Unlock Display, Restart Workspace Confirmation, and Move/Resize Coordinates. Note that the resources for dtlogin, and thus the position of the Login dialog, cannot be set on a per-user basis on a single machine because dtgreet is run from root before the user is identified. The position of the other dialogs can be set on a per-user basis by creating or modifying the appropriate resource files in the user's HOME directory, .Xdefaults. The X resources have no effect if Xinerama is not being used or if their default values are -1. Example of using these resources ================================ The following are a few examples assuming a two-headed system. 1) To set Login, Logout Confirmation, Restart Workspace Manager Confirmation, Unlock Display and the Resize/Move Coordinate dialogs centered on the first screen: *xineramaDefaultFramebuffer: 0 in both Xresources and sys.resources files. Alternatively to have these dialogs centered on the second screen: *xineramaDefaultFramebuffer: 1 in both Xresources and sys.resources files. 2) If desired, these dialogs do not have to be centered on a particular screen. Instead you can position them anywhere within the entire Xinerama screen by setting their X and Y coordinates. Taking a two-headed system, each screen is 1024 pixels high by 1024 pixels wide, it is possible to place the dialogs in the lower left part of the second screen. To position the dialogs 100 pixels to the left of the second screen and 200 pixels from the bottom, set the following resources: *xineramaDefaultFramebuffer: -1 *xineramaCenterHintX: 1124 *xineramaCenterHintY: 824 new resource ============ A new resource, dtsession*cacheColors, is introduced in this patch. When this resource is set to True dtsession caches frequently used colors for sharing between applications, improving desktop performance. If this resource is set to False, bug 4349846 is fixed which allows remote machines running non-Solaris versions of Unix to remote display Motif applications on multiheaded Solaris machines. The resource is set to True by default. It can be set to False by adding the following line to the Dtsession resource file: dtsession*cacheColors: False Please see the dtsession(1X) man page for instructions on how to edit resources for dtsession. README -- Last modified date: Friday, October 15, 2004