DCE FOR DIGITAL UNIX RELEASE NOTES ---------------------------------- Date: December 1997 Product and Version: DCE for DIGITAL UNIX Version 2.1 Operating System and Version: DIGITAL UNIX Version 4.0 or greater This document provides new and updated information for the DCE for DIGITAL UNIX product. Please retain the document for future use. ====================================================================== CONTENTS ====================================================================== 1. PROBLEMS ADDRESSED IN THIS KIT 1.1 Year 2000 Compliance 1.2 RPC 1.3 CDS 1.4 SECURITY 1.5 DTS 1.6 DFS 1.7 CONFIGURATION 2. NEW FEATURES 2.1 New Features in CDS 2.2 New Features in RPC 3. UNSUPPORTED FEATURES 3.1 Chisholm Technologies DCE Cell Manager 4. IMPORTANT NOTES 4.1 Reconfiguring a CDS Replica 4.2 DFS Notes 5. KNOWN PROBLEMS 5.1 Thread Stack Overflow Not Reported 5.2 Use STDERR Instead of STDOUT with dcesetup 5.3 Known Problems and Restrictions in DFS 5.4 Known Problems in SIA 6. DOCUMENTATION ERRATA AND NOTES ====================================================================== 1. PROBLEMS ADDRESSED IN THIS KIT ====================================================================== 1.1 Year 2000 Compliance ------------------------- DCE for DIGITAL UNIX V2.1 has been updated to meet Year 2000 compliance requirements. 1.2 RPC -------- o In Versions 2.0 and 2.0a, context rundown would fail when a multithreaded client using TCP RPCs exited. This has been fixed. o Pointers are now properly freed from memory when the thread context is destroyed. o The software now checks for a NULL pointer return from the rpc_ss_get_support_ptrs routine before attempting to lock the associated mutex. o In previous versions, a timing issue occurred in the rpc_cn_call_executor routine where parameters needed for a stub call were zeroed out prior to the call. This has been fixed. o In previous versions, a socket file descriptor was not released when the socket was closed in RPC runtime. This has been fixed. o A fix has been made to prevent an access violation in the rpc_mgmt_ep_elt_inq_done routine when it attempts to free unallocated space. o In previous versions, a bad packet could crash any RPC server using a connectionless protocol. This has been fixed. o Fixes to eliminate memory leaks have been made in the routines rpc_krb_bnd_set_auth, rpc_ns_binding_export, and rpc_object_reference. o A fix has been implemented to prevent an application server from hanging when a user places certain RPC routines in rundown functions and a connection-oriented protocol is used. o This release insulates the service ticket acquisition code (in the routines rpc_krb_get_tkt, rpc_krb_dg_way_handler, and sec_krb_get_cred) from the effects of thread cancellation. Prior to this fix, threads that were cancelled while acquiring a service ticket often neglected to unlock a global mutex. This orphaned lock blocked future ticket acquisitions, resulting in process hangs. 1.3 CDS -------- o A fix has been made to prevent a core dump in the cdsadv routine when the call reference count exceeds 255. o In previous releases, the following command would fail due to a CDS bug: cdscp show dir link where ‘link’ is the name of the symbolic link to an existing directory. This has been fixed. o Previously, a timing issue could cause the following command to fail shortly after creating a clearinghouse: cdscp show clearinghouse This has been fixed. o Another fix has been made to the 'cdscp show clearinghouse' command. Previously, the command would fail if a cell alias was used instead of the cell’s primary name. This has been fixed. o Previously, after creating a hierarchical cell, a ‘cdscp show dir’ of the child cell on the parent would fail. This has been fixed. o A fix has been made to the cdscp command to properly handle the backslash ('\') as the line-continuation character. Previously, use of the backslash caused the cdscp command to hang. o A fix has been made to the cdsadv routine to prevent a stack overflow that could cause a core dump. o Previously, it was possible for a replica CDS server to crash when a leaf object or directory was deleted and then recreated. This has been fixed. 1.4 SECURITY ------------- o Previously, calls to the free system call in the sec_login_pvt_get_trusted_preauth routine could result in free list corruption. This has been fixed by replacing calls to the free system call with calls to the rpc_ss_client_free routine. o A fix has been made to solve a problem with client failover to a replica security server. Previously, if the master security server was down, the client would not always fail over to the replica server because the client’s pe_site file did not contain the replica’s bindings. This release ensures that the replica’s bindings are always written to the client’s pe_site file. o Memory leaks have been fixed in the routines sec_login_pvt_get_login_info and and krb5_gen_subkey. o A potential security leak was fixed in the secd daemon. Previously, when a user passed a name to secd, if the total length of the name plus the domain name was greater than 1024 characters, the daemon could crash. 1.5 DTS -------- o Previously, it was possible for resources not to be deallocated after a thread contacted a time provider. A fix has been made to ensure that these resources are freed. o Two memory leaks have been fixed that occurred when trying to contact an obsolete DTS server. o A fix has been made to update the ‘abrupt’ counter when the time is set manually. 1.6 DFS -------- o To use the DFS component of DCE for DIGITAL UNIX V2.1 running on DIGITAL UNIX V4.0, V4.0a, V4.0b, or V4.0c, you must install the latest patch kit for your version of DIGITAL UNIX. This restriction is due to a DIGITAL UNIX change to socketvar.h that adversely impacts DFS performance. Because DCE DFS for DIGITAL UNIX V2.1 incorporates the socketvar.h change, using the DIGITAL UNIX V4.0n family without the latest patch kit is not supported. o Previously, in some cell configurations, the fileset location database server (flserver) would die due to a segmentation fault. This was due to a stack-size overflow for the thread that renews flserver's local credentials. A fix has been made to increase the stack size. o Previously, DCE DFS clients were not recording the range for file locks (using lockf(3) or fcntl(2)). The result was that conflicting file lock requests on other clients were not being recognized. A fix has been made to record the range of file locks a client holds. o Several memory leaks in the dfsbind routine have been fixed. o A fix has been made to dfssetup to support long host names during DFS configuration. Consequently, you should now check the DCE config database for the host name rather than using the host name (minus the domain name) found in /usr/bin/hostname as was done previously. 1.7 CONFIGURATION ------------------ This release fixes a problem with client recreation. Previously, the client principal was not being removed properly from the server prior to configuration. ====================================================================== 2. NEW FEATURES ====================================================================== 2.1 New Features in CDS ------------------------ o A new CDS cache management feature has been added. You can now dynamically delete specific entries in the CDS cache. This is useful if you want to flush the cache of stale data but do not want to stop and restart DCE. This feature is implemented as a DIGITAL extension to the "dcecp cdscache discard" command using the -entry and -replica options: cdscache discard [HOSTNAME] [-entry ENTRYNAME] [-replica REPLICANAME] If HOSTNAME is not specified, the local machine is assumed. If the -entry ENTRYNAME option is specified, all instances of the ENTRYNAME will be removed from the CDS cache. The -replica REPLICANAME option can be used in conjunction with the -entry option or by itself. When used with both the -replica and -entry options, the "dcecp cdscache discard" command will remove the specified replica pointer from the Cached Directory entry of that directory entry. DIGITAL supplies this capability because a user rarely wants to remove an entire directory entry. If a specific clearinghouse becomes unreachable, you would not want to try to contact that clearinghouse to look up a replica. By using the -replica option alone, all replicas referencing the clearinghouse will be removed from all Cached Directory entries. This method allows administrators to proactively remove references to an unreachable clearinghouse so that CDS will not spend time attempting to contact it. 2.2 New Features in RPC ------------------------ o Support has been added for restricting network interfaces and addresses via the environment variables RPC_UNSUPPORTED_NETIFS and RPC_SUPPORTED_NETADDRS. This can be useful in cluster environments and on systems with more than one network interface. NOTE: The following examples assume you are using csh or one of its derivatives. If you are using sh or one of its derivatives, make the necessary adjustments. - RPC_UNSUPPORTED_NETIFS support To remove the device te1 from RPC consideration, use the RPC_UNSUPPORTED_NETIFS environment variable as follows: % setenv RPC_UNSUPPORTED_NETIFS te1 If you are removing more than one device, use a colon-separated list: % setenv RPC_UNSUPPORTED_NETIFS te1:te2 - RPC_SUPPORTED_NETADDRS support Suppose there are two valid IP addresses listed for a machine, for example, 16.20.16.144 and 16.20.40.139. To use only the former address, use the following command: % setenv RPC_SUPPORTED_NETADDRS 16.20.16.144 If using more than one network address, use a colon-separated list: % setenv RPC_SUPPORTED_NETADDRS 16.20.16.144:16.20.40.139 ====================================================================== 3. UNSUPPORTED FEATURES ====================================================================== 3.1 Chisholm Technologies DCE Cell Manager ------------------------------------------- A trial license for the Chisholm DCE Cell Manager tool set is available with this release. To obtain a license key, you can telephone Chisholm at 800.762.0253 x5555 or send e-mail to info@chistech.com. The license is valid for 30 days from the time you receive your license key. The Chisholm DCE Cell Manager is a comprehensive set of tools that allows you to centrally manage all DCE administration facilities in a distributed network. The tools can be used individually or as a comprehensive suite. Installation and kit information for Chisholm DCE Cell Manger is available at the following location on the CD-ROM: /opt/dcelocal/nosupport/Chisholm_kit/README ====================================================================== 4. IMPORTANT NOTES ====================================================================== 4.1 Reconfiguring a CDS Replica -------------------------------- If you unconfigure a CDS replica and then need to reconfigure a CDS replica on the same client, you must use dcesetup and perform the following steps: 1. On the client: a. dcesetup stop b. dcesetup clean 2. On the master server: a. dcesetup stop b. dcesetup clean c. dcesetup start 3. Back on the client: dcesetup start 4.2 DFS Notes -------------- o Limitations on DIGITAL UNIX V4.0 ACL Support Using access control lists (ACLs) in a file system, you can define a default ACL for a directory that will be inherited by child objects created in the directory. This is called ACL inheritance. When an object (for instance, a file) is created in a directory that does not have a default ACL, the creator-specified mode and the umask of the creating process should determine access restrictions to the object. When an object is created and a default ACL exists for the parent directory, file access should be determined by the creator-specified mode and the default ACL. In the current release, the umask is being used in both cases. This causes incorrect access restrictions for the default ACL case. o DIGITAL UNIX V4.0 Supports ACLs on File System Data DCE DFS V2.1 supports access checks on files and directories with ACLs. However, the ability to view or modify the ACLs using either DCE or the DCE DFS path name of the file or directory currently is not supported. To view or modify the ACL on a file or directory, use the local path name for the file and the DIGITAL UNIX system commands setacl and getacl. o Authenticated Remote Login Currently Unsupported The NFS/DFS Gateway included in DCE DFS for DIGITAL UNIX V2.1 does not allow remote user authentication. The dfs_login, dfs_logout, and dfsgwd components are not yet fully functional. However, NFS users can gain authenticated access to the DCE DFS namespace by using the dfsgw utility running on the gateway host. See dfsgw(8) for details. o DFS Warnings The following informational message is displayed after a DCE DFS server is configured or rebooted: DFS: THE FX SERVER nn.nn.nn.nn IN CELL cellname_CELL IS TEMPORARILY IN TSR MODE where nn.nn.nn.nn is the internet address of the DCE DFS server and cellname_CELL is the name of the cell. After a few minutes, the DCE DFS server exits from Token State Recovery (TSR) mode and resumes normal functioning. o df Command The df command returns a constant value when run against the DCE DFS file system: Filesystem 512-blocks Used Avail Capacity Mounted on DCE File System 18000000 0 1800000 0% /... While files are allocated within the DCE DFS namespace, the current architecture does not provide a reasonable estimate of the capacity or use within the namespace. Note that using the -k flag with the df command will cause the numbers to be displayed in kilobytes. o DCE RPC Data Privacy Is Not Currently Supported DCE RPC data privacy is not supported in this version of DCE DFS. o Single-Site Semantics Not Fully Implemented for Memory-Mapped Files DCE DFS V2.1 does not fully implement single-site semantics for memory-mapped files. If a file that is opened for write is memory-mapped on Client A and Client B reads the same file, Client B may not see the most recent writes to memory made by Client A. o Restriction on Creating and Accessing Special Devices Using DCE DFS DCE DFS V2.1 does not support the creation and access of special devices. If you attempt to create a special device, the mknod system call returns an error status and sets errno to EINVAL. If you attempt to access an existing special device, the creat or open system call returns an error status and sets errno to ENONENT. o Support of Files Larger Than 2 GB DCE DFS V2.1 supports access to files larger than 2 GB (up to the limits of the DFS server’s underlying file system) both in homogeneous DIGITAL UNIX environments and in heterogeneous environments that include DCE DFS servers or clients that also support files larger than 2 GB. o The DCE DFS for DIGITAL UNIX server allows 32-bit clean clients to access the first 2 GB of files larger than 2 GB. To a 32-bit client, files longer than [2^31]-1 bytes appear to have a length of exactly [2^31]-1. ====================================================================== 5. KNOWN PROBLEMS ====================================================================== 5.1 Thread Stack Overflow Not Reported --------------------------------------- Calling the sec_login_valid_from_keytable routine from a thread (as is commonly done in a server’s refresh identity thread) may result in a silent thread stack overflow, a SEGV, and a memory fault (core dump). This problem can be avoided by using the pthread_attr_setstacksize routine to increase the thread's stack size. This problem was seen on DIGITAL UNIX V4.0a (Rev. 464) where the default thread stack size (as returned by pthread_attr_getstacksize) was 21102 bytes. Increasing the stack size to 24000 bytes still resulted in stack overflow, but the increased stack size made it possible for the threads package to output an appropriate error message. Increasing the stack size to 65536 bytes corrected the stack overflow problem in our test case. NOTE: This problem could not be reproduced on DIGITAL UNIX V4.0b (Rev. 564) where the default thread stack size also is 21102 bytes. 5.2 Use STDERR Instead of STDOUT with dcesetup ----------------------------------------------- The dcesetup utility uses output from dcecp commands to verify that certain interfaces are running. When SVC is turned on, dcesetup can successfully bring up all the daemons only if STDERR is specified instead of STDOUT. 5.3 Known Problems and Restrictions in DFS ------------------------------------------- o DCE DFS Does Not Properly Return ENOSPC DCE DFS does not properly return ENOSPC. The DCE DFS client code allows an application writing to a UNIX File System (UFS) exported by DCE DFS to pass data at 100 percent capacity. The application can write up to 111 percent capacity without generating an error. However, the file write will be incomplete. o Possible System Hang or Panic on Shutdown or Reboot Entering the shutdown or reboot commands after either of the DCE DFS daemons dfsd or fxd is running can cause the system to hang or panic. To work around a hang: 1. Press the hard reset button to return to console mode. 2. Reboot the system. o Possible System Crash on a Machine on which DFS Has Been Configured into the Kernel On a machine on which DFS has been configured into the kernel but DFS has not been initialized (that is, dfssetup has not been run), the system could crash. Here are two suggested workarounds: - Rebuild a kernel without the DCE Distributed File Services option - As root, patch the on-disk copy of the existing kernel file as follows (the example assumes your kernel file is named vmunix): # dbx /vmunix (dbx) px dcedfs 0x1 (dbx) patch dcedfs = 0 0 (dbx) px dcedfs 0x0 (dbx) quit o Certain Commands May Not Restore DCE DFS Mount Points The cp -[rR], tar, cpio, pax, restore, and vrestore commands may not correctly restore DCE DFS mount points if the local file system is used for recovery. To avoid this problem, restore the mount points in the DCE DFS namespace (for example, /:/path). 5.4 Known Problems in SIA -------------------------- o When a DCE group contains many members, a call to the getgrent routine will result in a core dump. This will be fixed in the next release. o When DCE SIA is enabled, mailx core dumps. This will be fixed in the next release. o When a DCE Registry contains many groups, a user may experience inordinate delays during system login. This will be fixed in the next release. o When DCE SIA is enabled on DIGITAL UNIX V4.0d T3, you may experience an indefinite hang when you issue the UNIX ps command. This will be fixed in DIGITAL UNIX V4.0d. o When DCE SIA is enabled, UNIX commands such as ps may interact with the DCE Security Server, secd. These interactions have been seen to cause a permanent increase in the memory size of secd (RSS). o When DCE SIA is enabled, the login program performs a DCE authentication. If the authentication succeeds, the environment variable KRB5CCNAME is defined so that programs running within the login environment can inherit the authenticated user's credentials. Currently, there is a bug in login that subsequently deletes the definition of KRB5CCNAME. As a result, programs invoked from the login shell cannot inherit the user's DCE credentials. This will be fixed in the next release. o DCE SIA does not properly charge usage against the product license. With DCE SIA enabled, the available license count is decremented when a non-root user logs in, but is not incremented when the user logs out. On a machine without an unlimited user license, the available license count will eventually be consumed. Following are some workarounds: - Disable DCE SIA before the problem occurs - Reboot the machine whenever the license count is exceeded - Perform all logins as root, with a subsequent su to the desired user - Obtain an unlimited user license o When DCE SIA is enabled on DIGITAL UNIX V4.0b, the kdbx sum command hangs: $ echo sum | kdbx -k /vmunix A similar problem has been seen on DIGITAL UNIX V4.0a (464) where this command results in a threads exception in kdbx. o When DCE SIA is enabled, password override processing does not function properly. This failure prevents the user from obtaining DCE credentials. This will be fixed in the next release. o When DCE SIA is used to obtain a local user's group membership list, the list of group uids obtained from the DCE Registry is not processed against the group override file. ====================================================================== 6. DOCUMENTATION ERRATA AND NOTES ====================================================================== o Some manpages incorrectly state that the startup scripts are located in /etc/rc.d. The correct location for the startup scripts is /sbin/rc3.d o The manpage for auditd is missing. o The manpage for rpc_mgmt_ep_elt_inq_begin does not display correctly. o The README file in ./examples/rpc/test2 incorrectly instructs you to do the following: % setenv RPC_DEFAULT_ENTRY .:/test2_server The correct command syntax is: % setenv RPC_DEFAULT_ENTRY /.:/test2_server o The README file in ./examples/rpc/payroll incorrectly instructs you to define a VMS logical or a UNIX environment variable called RPC_DEFAULT_ENTRY as: .:/FORTRAN_payroll_mynode The correct definition is: /.:/FORTRAN_payroll_mynode ====================================================================== Copyright and Trademark Information Restricted Rights: Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Copyright Digital Equipment Corporation 1997 All rights reserved. The information in this document is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. Digital Equipment Corporation assumes no responsibility for any errors that may appear in this document. The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of such license. No responsibility is assumed for the use or reliability of software on equipment that is not supplied by DIGITAL or its affiliated companies. The following are trademarks of Digital Equipment Corporation: DIGITAL and the DIGITAL logo. The following are third-party trademarks: UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. All other trademarks and registered trademarks are the property of their respective holders.