Patch-ID# 113531-08 Keywords: pc netlink, security Synopsis: PC NetLink 2.0 server fixes Date: Sep/27/2004 Install Requirements: None Solaris Release: 2.6 7 8 9 SunOS Release: 5.6 5.7 5.8 5.9 Unbundled Product: PC NetLink Unbundled Release: 2.0 Xref: See also patch 113530 (PC NetLink NetBIOS fixes) Topic: PC NetLink 2.0 server fixes NOTE: This patch contains several critical fixes for problems that could cause loss of data. Relevant Architectures: sparc NOTE: sun4u BugId's fixed with this patch: 4413250 4415237 4420611 4433186 4433657 4456906 4456908 4618052 4626210 4631190 4648103 4650461 4651538 4653316 4659561 4667026 4669908 4669910 4672939 4689198 4711420 4712542 4713360 4727641 4734781 4753281 4755987 4756046 4763844 4765266 4776893 4791312 4810059 4820451 4823472 4838449 4839336 4859741 4864202 4878576 4885487 4888305 4890023 4890679 4893508 4928013 4962116 4971671 4987694 5004744 5009161 5010120 5010319 5021067 5030895 5055700 5065878 5094742 Changes incorporated in this version: 4734781 4987694 5010120 5030895 5094742 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /opt/lanman/bin/euctosjis /opt/lanman/bin/lmshell /opt/lanman/bin/net /opt/lanman/bin/sjistoeuc /opt/lanman/bin/ud /opt/lanman/clipr/clipr /opt/lanman/lib/addon/psaddon/lp_ops.so.1 /opt/lanman/lib/asulang.rules (new) /opt/lanman/lib/chdomain /opt/lanman/lib/chgroup /opt/lanman/lib/chuser /opt/lanman/lib/debugmalloc.so.1 /opt/lanman/lib/domainsids /opt/lanman/lib/fixdb /opt/lanman/lib/ha/ha_config /opt/lanman/lib/instdirs /opt/lanman/lib/instget /opt/lanman/lib/instlist /opt/lanman/lib/instset /opt/lanman/lib/jobdonmsg /opt/lanman/lib/libasulang.so.1 /opt/lanman/lib/libasusec.so.1 /opt/lanman/lib/libasustdaln.so.1 /opt/lanman/lib/libasuutil.so.1 /opt/lanman/lib/libdb3.so.1 /opt/lanman/lib/liblmx.so.1 /opt/lanman/lib/liblmxaclapi.so.1 /opt/lanman/lib/liblmxpsi.so.1 /opt/lanman/lib/libmsrpc.so.1 /opt/lanman/lib/libpassfilt.so.1 /opt/lanman/lib/librpcapi.so.1 /opt/lanman/lib/libsam.so.1 /opt/lanman/lib/libsyncfilt.so.1 /opt/lanman/lib/libtask.so.1 /opt/lanman/lib/lmecho /opt/lanman/lib/lmpaths /opt/lanman/lib/lmx.ctrl /opt/lanman/lib/lmx.ep /opt/lanman/lib/lmx.ntpw /opt/lanman/lib/lmx.solpw /opt/lanman/lib/lmx.srv /opt/lanman/lib/lmxstart /opt/lanman/lib/lmxsvc /opt/lanman/lib/lpmodel/pcnl_netstandard /opt/lanman/lib/lpmodel/pcnl_standard /opt/lanman/lib/makemach /opt/lanman/lib/mdb/server.so /opt/lanman/lib/msrpc/ip_tcp.so.1 /opt/lanman/lib/msrpc/np.so.1 /opt/lanman/lib/nbbind /opt/lanman/lib/pralerter /opt/lanman/lib/regadm /opt/lanman/lib/regpreload /opt/lanman/lib/regupgrade /opt/lanman/lib/seprimary /opt/lanman/lib/service/lmx.alerter /opt/lanman/lib/service/lmx.browser /opt/lanman/lib/service/lmx.dmn /opt/lanman/lib/service/lmx.netrun /opt/lanman/lib/service/lmx.passwd /opt/lanman/lib/service/lmx.repl /opt/lanman/lib/service/lmx.wins /opt/lanman/lib/setdomain /opt/lanman/lib/setlpcyc /opt/lanman/lib/sharechk /opt/lanman/lib/startsvc /opt/lanman/lib/taskstubs/libtask.so.1 (deleted) /opt/lanman/man/man1m/promote.1m /opt/lanman/sbin/acladm /opt/lanman/sbin/blobadm /opt/lanman/sbin/chacl /opt/lanman/sbin/delshmem /opt/lanman/sbin/elfread /opt/lanman/sbin/fixmemsrv /opt/lanman/sbin/fsattr /opt/lanman/sbin/getrole /opt/lanman/sbin/instancecfg /opt/lanman/sbin/joindomain /opt/lanman/sbin/ldif2sam /opt/lanman/sbin/ldifmerge /opt/lanman/sbin/lmat /opt/lanman/sbin/lmshare /opt/lanman/sbin/lmstat /opt/lanman/sbin/lsacl /opt/lanman/sbin/mapuname /opt/lanman/sbin/netevent /opt/lanman/sbin/passwd2sam /opt/lanman/sbin/promote /opt/lanman/sbin/pschkey /opt/lanman/sbin/pwdsync /opt/lanman/sbin/regcheck /opt/lanman/sbin/regconfig /opt/lanman/sbin/regload /opt/lanman/sbin/regshareimport /opt/lanman/sbin/rmacl /opt/lanman/sbin/sam2ldif /opt/lanman/sbin/sam2passwd /opt/lanman/sbin/samcheck /opt/lanman/sbin/setdomainname /opt/lanman/sbin/setservername /opt/lanman/sbin/srvconfig /opt/lanman/sbin/winsadm /opt/lanman/templ/ms_srv /opt/lanman/bin/NET Problem Description: 4734781 Win2k client unable to rename some media files (mp3 etc.) while using "enable web content" 4987694 access denied with > 8 groups 5010120 PCNL is not aware of Solaris folder ACL's 5030895 Empty/incomplete Browse list on PDC (Patch 113531-05 and 113531-06 breaks Wins replication on PCNL 2.0 PDC) 5094742 mdb commands shown incorrectly (from 113531-07) 4864202 Support for other locales ... 4878576 P/W sync. fails with NT primary DC 4890679 Win2K/SP4 client unable to edit user properties 5010319 Report termination status for a lmx.srv processes 5021067 lmx.srv core dump in GetMbsStringFromSmb 5055700 lmx.srv breaklock to process stuck in deadlock 5065878 veritas backup needs libasustdaln.so.1 (from 113531-06) 4962116 solaris folder permissions are wrong with W2K and XP 5004744 lmx.srv core dumps in prjob_fill_vwv 5009161 UTF-8 locales do not work This fix allows the server to run with UTF-8 locales (i.e. en_US.UTF-8). Using a UTF-8 locale allows the PC NetLink server to store all Unicode (UCS-2) symbols that PC clients might send, but has one limitation: PC NetLink only supports UCS-2 strings for which the equivalent UTF-8 string requires no more storage than the UCS-2 string. If the server receives a request with a UCS-2 string that converts to a larger UTF-8 string, the server will return a BUFFER_OVERFLOW error. (from 113531-05) 4689198 Directory set-GID bit ignored during file create 4791312 lmx.srv process are frequently dying 4823472 browser service sometimes doesn't respond. 4838449 Requirement for -lthread should be removed 4839336 Allow -D option with -I option (chacl). 4890023 Sec. groups are not taken into account 4893508 lmx.srv core dump in browser_I_BrowserrServerEnumEx 4928013 Full width small "s" converted to fill width "~" 4971671 RFE: mdb modules for lmx.* (from 113531-04) 4885487 lmx.srv core dump when printer registry keys missing 4888305 ms_srv start not compatible with SC3 agent package Note: The ms_srv script must be updated by hand. See the instructions at BugId 4618052 below. (from 113531-03) 4859741 Saving MS Word file from NT4 stalls for 30 seconds (from 113531-02) 4413250 Misleading message while creating 11th instance 4415237 The netrun service can not be started 4420611 blobadm -I ... displays improper error message 4433186 instancecfg -d does not accept an instance name as its argument 4433657 /tmp file not removed after instance deletion 4456906 setdomainname will only accept instance as first parameter 4456908 setservername will only accept instance as first parameter 4618052 Command "net stop server" is not stopping lmx.ntpw and lmx.solpw A new version of /etc/init.d/ms_srv is provided but is NOT installed automatically. The new version: /opt/lanman/templ/ms_srv must be merged "by hand" into the installed version to preserve any local modifications. If it is known that no local modifications have been made, then the new ms_srv may be simply copied to /etc/init.d/. 4626210 Man page of promote command needs correction 4650461 setservername is not identufying local/remote active servername 4653316 directory listings missing dot-dot 4810059 SECURITY: file security can be modified where it should be disallowed 4820451 Not able to delete nfs shared directories (from 113531-01) 4631190 lmx.dmn core dumps The netlogon daemon would fail with a SIGSEGV when trying to respond to a Lanman 1.0 client. 4648103 acladm -C core dumps When trying to correct a corrupted ACL file there were conditions that would cause a missaligned access (BUSERR). 4651538 folders with accentuated chars created on French Win98 ... When running the server in French locale (LC_ALL=fr), case insensitive matching did not correctly handle the chracters with codes above hex 80 (i.e "e accent grave" and "e accent egu" as noted in the bug report). 4659561 PCNL submits printjobs with option -o lmx_user=host!user The PC NetLink print subsystem uses an "lp job option" to keep track of the NT user that owns each job. After recent changes to the Solaris lp sub-system in the patch 109320-04, the lp interface scripts generate error messages about the "lmx_user" option. These error messages can be avoided by configuring PC NetLink printers to use one of the PC NetLink printer interface scripts: /opt/lanman/lib/lpmodel/pcnl_direct /opt/lanman/lib/lpmodel/pcnl_network For example, to switch to the pcnl_network script, do: lpadmin -i /opt/lanman/lib/lpmodel/pcnl_network printer See "man lpadmin" for further details. 4667026 net user /active:[yes|no] clears TermServ Profile path The command "net user USERNAME /active:[yes|no]" incorrectly handled the "Parameters" field of the "user_info3" record, which caused that field to be unintentionally cleared. 4669908 passwd2sam fails when the pasword is longer than 8 characters Updated passws2sam to allow longer passwords. 4669910 passwd2sam command is dumping core. The fix for 4450839 introduced a null reference. 4672939 blobadm core dumps when shrinking the acl database The "compaction" function for BLOB databases (blobadm -q) had a defect that could cause it to corrupt the database. 4711420 lmx.srv processes core dump ... The server may dump core while handling a print request submitted with a "null session" identity. 4712542 lmx.srv's are causing a cpu spin problem When clients disconnect after a timeout, the lmx.srv process may enter an endless loop while waiting for completion of tasks started by the disconnected client. 4713360 net user username new_password resets "Home Directory Drive Entry" Net user username new_passord /domain:dom_name would remove the users Home Directory Drive entry. 4727641 PC NetLink destroys a whole directory tree using quotas When modifying NT-style file or directory permissions, unexpected errors encountered while attempting to create the new permissions file can cause the removal of the object whose permissions were being changed. 4753281 Maximum Value for MaxFileSizeInKB 4194303 not adequate. There was no way to allow files larger than 4GB. Now allow MaxFileSizeInKB==0 to specify unlimited file size. (Only the file system imposes a limit.) 4755987 no file access to top-level-dirs with no access on top level Windows 2000 clients may not be able to access files if the parent directory has read permissions but the parent's parent (grandparent) directory has only execute permissions. 4756046 Windows 2000 sp3 workstations cannot print properly These clients print using a remote procedure call (RPC) that can have parameter data larger than 64K, and the PC NetLink server was not copying all of that data from the RPC request to the spool file. 4763844 access denied error when running Xcopy on Win2k The Win2k xcopy creates directories with an "NTcreate" SMB call that also returns an open handle for the new directory. The handle returned by PC NetLink for that SMB call did not permit subsequent access as expected by the Win2k client. 4765266 Core dump in MsvpPasswordValidate An lmx.srv process would fail with SIGSEGV when it receives a client logon RPC request with the domain name field set to a null pointer. 4776893 Win2k app. hangs when run from PCNL share There was a problem with "Opportunistic locks" (OpLock) that caused the server to block an SMBopen request for about thirty seconds and then fail the open. Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, use the 'installpatch' and 'backoutpatch' scripts provided with this patch to install or back-out this patch. See the Install.info file for further instructions. For Solaris 7 and later releases, use the 'patchadd' and 'patchrm' scripts provided with Solaris to add or remove this patch. The following example installs a patch to a standalone machine: example# patchadd /tmp/113531-08 The following example removes a patch from a standalone system: example# patchrm 113531-08 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Thursday, September 30, 2004