Patch-ID# 120037-11

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: security ldap core string unix_cred pam module nsswitch trusted extensions
Synopsis: SunOS 5.10_x86: ldap patch
Date: Feb/09/2007


Install Requirements: Reboot immediately after patch is installed                      
                      Install in Single User Mode                      
                      
Solaris Release: 10_x86

SunOS Release: 5.10_x86

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 120036

Topic: SunOS 5.10_x86: ldap patch

Relevant Architectures: i386

BugId's fixed with this patch: 1236941 4626861 4667251 4768758 4909247 5080012 5097644 6193468 6226776 6230927 6232564 6232579 6237466 6241740 6274517 6276525 6281689 6289986 6294728 6312173 6314502 6329240 6346529 6356419 6357764 6362106 6365882 6380248 6384642 6388050 6394554 6395043 6399963 6403267 6404337 6415535 6425808 6429769 6435911 6453641 6455431 6457407 6458668 6465639

Changes incorporated in this version: 4667251 5080012

Patches accumulated and obsoleted by this patch: 118871-01 120053-05 120474-01 122411-01 123349-04 123357-03

Patches which conflict with this patch: 

Patches required with this patch: 118855-36 (or greater)

Obsoleted by: 

Files included with this patch: 

/etc/nsswitch.dns
/etc/nsswitch.files
/etc/nsswitch.ldap
/lib/amd64/libc.so.1
/lib/amd64/libdevinfo.so.1
/lib/amd64/libsecdb.so.1
/lib/amd64/nss_compat.so.1
/lib/amd64/nss_files.so.1
/lib/libc.so.1
/lib/libdevinfo.so.1
/lib/libsecdb.so.1
/lib/nss_compat.so.1
/lib/nss_files.so.1
/usr/bin/ldaplist
/usr/include/nss_dbdefs.h
/usr/lib/amd64/libldap.so.5
/usr/lib/amd64/libproject.so.1
/usr/lib/amd64/libsldap.so.1
/usr/lib/amd64/llib-lsldap.ln
/usr/lib/amd64/nss_ldap.so.1
/usr/lib/ldap/idsconfig
/usr/lib/ldap/ldap_cachemgr
/usr/lib/libc/libc_hwcap1.so.1
/usr/lib/libc/libc_hwcap2.so.1
/usr/lib/libldap.so.5
/usr/lib/libproject.so.1
/usr/lib/libsldap.so.1
/usr/lib/llib-lsldap.ln
/usr/lib/nss_ldap.so.1
/usr/lib/security/amd64/pam_authtok_check.so.1
/usr/lib/security/amd64/pam_authtok_store.so.1
/usr/lib/security/amd64/pam_ldap.so.1
/usr/lib/security/amd64/pam_roles.so.1
/usr/lib/security/amd64/pam_unix_cred.so.1
/usr/lib/security/pam_authtok_check.so.1
/usr/lib/security/pam_authtok_store.so.1
/usr/lib/security/pam_ldap.so.1
/usr/lib/security/pam_roles.so.1
/usr/lib/security/pam_unix_cred.so.1
/usr/sbin/ldapaddent

Problem Description:

4667251 groups command returns number, not name for large group
5080012 ldap: roles returns NULL if size of roles exceeds 1022 characters
 
(from 120037-10)
 
4768758 ldap_cachemgr doesn't disable cancellation
 
(from 120037-09)
 
6289986 ldap backend could be more efficient for netgroup lookups
6362106 ldap netgroup backend does not handle null user information correctly
6455431 improper usage of locale-sensitive functions
6314502 ldapaddent cores when dumping netgroup database
6329240 libsldap: nscd leaks file descriptors, too many opens on ldap_cache_door
6425808 ldaplist does not return 1001 user when 1001 users setup
 
(from 120037-08)
 
        This revision accumulates S10U3 feature point patch 123349-04.
 
(from 120037-07)
 
6384642 libldap/SSL negotiation uses synchronous I/O preventing timeouts on congested server
6453641 bringover usr/src/lib/libsldap is missing a header file
6404337 nscd crashes in libsldap:get_mapped_filter() when using invalid chars in search filter
 
(from 120037-06)
 
6380248 ldap clients select incorrect profile on refresh when "cn=" is the same but "dn=" is different
 
(from 120037-05)
 
6237466 Solaris 10 LDAP Client using multiple authentication methods do not fail to second method listed
 
(from 120037-04)
 
4909247 Solaris 8 Client has broken .rhosts authentication with patch 108993-21
 
(from 120037-03)
 
6312173 libsldap function __ns_ldap_list() returns invalid DN string when using attributMap
 
(from 120037-02)
 
6226776 passwd command will fail if first ldap server in referral list is down
6276525 libldap5 cores when trying to resolve hostname
6274517 libsldap:search_state_machine() falls into recursive loop if ldap_search_ext() returns 91
 
(from 120037-01)
 
4626861 if a search times out, libsldap logs the wrong message
6232564 when interrupted (EINTR) while polling, libsldap should retry the poll
6232579 libldap not handling select() failures when issuing a connection
 
(from 118871-01)
 
6230927 using multiple netgroups in the nfs_share access list breaks the access list
 
(from 122411-01)
 
6294728 ldaplist: a very long filter causes ldaplist to dump core in set_filter
6365882 ldaplist should print error messages to stderr not stdout
 
(from 123349-04)
 
        Uprev due to the intersection of the generic patch.
 
(from 123349-03)
 
        Uprev due to the intersection of the generic patch.
 
(from 123349-02)
 
        Uprev due to the intersection of the generic patch.
 
(from 123349-01)
 
6394554 integrate Solaris Trusted Extensions
6403267 address remaining issues raised during TX code reviews
6399963 get_zone_pool() isn't consistent with its return values
 
(from 120053-05)
 
6465639 useradd usermod passmgmt need support for Trusted Extensions keywords
1236941 would like usermod -c to not abort if the user is logged in
6357764 monitor manipulation in FEM panics system
6388050 the message for successful password update is a PAM_ERROR_MSG
6415535 audit_event TX code review issues
6435911 root can't login via console CLI if label daemon is not running
6457407 the fix for 6431503 broke printer banners for complex labels
6458668 TX route get changes can cause panic if passed an ioctl with NULL credentials
 
(from 120053-04)
 
        This revision accumulates S10U3 feature point patch 123357-03.
 
(from 120053-03)
 
6193468 *passwd* some words fail dictionary check
 
(from 120053-02)
 
6346529 login should not fail when unknown privileges are requested
6395043 having extra privileges prevents logins in zones
 
(from 120053-01)
 
6281689 rstchown=0 has no effect on chown(1)
 
(from 123357-03)
 
6429769 after upgrading, nsswitch.conf is modified incorrectly with tnrhdb and tnrhtp entries
 
(from 123357-02)
 
        Uprev due to the intersection with the Generic patch.
 
(from 123357-01)
 
6394554 integrate Solaris Trusted Extensions
6241740 implement PSARC/2005/162 remote roles
6356419 establishing an audit context for system processes may fail in edge conditions
6403267 address remaining issues raised during TX code reviews
6399963 get_zone_pool() isn't consistent with its return values
 
(from 120474-01)
 
5097644 compat syntax generates duplicate lookups and degrades performance

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
NOTE 1:  Reboot system after patch installation is completed.
 
NOTE 2:  If you're planning to set up Zones on this system, please make
         sure to install the following patch which fixes bugid 6216195
         (zone installation confused by UPDATE=yes in pkginfo(4) file):
 
         119016-01 (or greater)  Install and Patch Utilities Patch
 
         (Note that 119255 has superseded 119016; installation of the
          current version is recommended to be preferred, due to its
          central role in the installation and removal of patches.)
 
NOTE 3:  To get the complete fix for 4909247 (Solaris 8 Client has broken
         .rhosts authentication with patch 108993-21), the LDAP server must
         be Sun Java System Directory server 5.2 patch 4 or newer, and
         pam_ldap(5) must be used for account management.  Then, in cases
         where there is no user authentication token (PAM_AUTHTOK) available,
         the pam_sm_acct_mgmt(3PAM) function from pam_ldap(5) tries to
         retrieve the user's account status without authenticating to the
         LDAP server as the user logging in.
 
NOTE 4:  To get the complete Solaris Trusted Extensions functionality
         support, please also install the following patches:
 
         118891-03 (or greater)  llib-lc patch
         120846-02 (or greater)  auditd patch
         122659-06 (or greater)  zonecfg patch
         122661-03 (or greater)  zoneadm patch
         122663-06 (or greater)  libzonecfg patch
         123840-01 (or greater)  FMA patch
         123913-01 (or greater)  ppriv patch

README -- Last modified date:  Friday, February 9, 2007