Patch-ID# 109887-18 Keywords: security ocf card i2c pam_smartcard ocf_deregisterforevent ocfserv Synopsis: SunOS 5.8: smartcard and usr/sbin/ocfserv patch Date: Nov/17/2003 Install Requirements: Reconfigure after installation Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: Unbundled Release: Xref: Topic: SunOS 5.8: smartcard and usr/sbin/ocfserv patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 4252211 4259952 4260074 4275177 4288077 4290329 4293165 4293939 4298260 4305335 4306126 4315034 4322446 4330625 4332392 4341789 4341792 4343702 4343711 4346640 4352242 4352260 4352312 4352345 4353105 4355630 4361637 4369364 4389861 4390593 4396204 4401809 4418518 4420910 4423025 4423038 4423901 4423932 4426474 4429492 4434303 4445519 4449515 4451847 4454879 4460859 4462472 4480706 4487753 4506457 4509396 4513319 4516697 4523037 4523207 4524468 4524615 4524616 4524620 4528570 4554402 4620186 4620717 4622069 4622072 4624770 4624773 4628969 4629775 4630038 4646497 4647542 4655166 4676018 4682730 4704250 4734926 4776340 4827207 4876141 Changes incorporated in this version: 4460859 4704250 4876141 Patches accumulated and obsoleted by this patch: 109351-04 109965-03 111337-01 114295-01 Patches which conflict with this patch: Patches required with this patch: 108528-04 or greater Obsoleted by: Files included with this patch: /etc/smartcard/ocf.classpath /usr/include/smartcard/ocf_core.h /usr/include/smartcard/ocf_core_cardservices.h /usr/include/smartcard/scf.h /usr/lib/abi/abi_libSCMI2CNative.so.1 /usr/lib/abi/abi_libsmartcard.so.1 /usr/lib/abi/sparcv9/abi_libSCMI2CNative.so.1 /usr/lib/abi/sparcv9/abi_libsmartcard.so.1 /usr/lib/libsmartcard.so.1 /usr/lib/llib-lsmartcard /usr/lib/llib-lsmartcard.ln /usr/lib/security/pam_smartcard.so.1 /usr/lib/security/sparcv9/pam_smartcard.so.1 /usr/lib/sparcv9/libsmartcard.so.1 /usr/lib/sparcv9/llib-lsmartcard.ln /usr/platform/sun4u/include/sys/i2c/clients/scmi2c.h /usr/sbin/ocfserv /usr/share/lib/smartcard/CDESmartCardAdmin /usr/share/lib/smartcard/commands.jar /usr/share/lib/smartcard/ocf.jar /usr/share/lib/smartcard/scmiscr.jar /usr/share/lib/smartcard/scmtester.jar /usr/share/lib/smartcard/smartcard.jar /usr/share/lib/smartcard/smartos.jar Problem Description: 4460859 Java code in smartcard library calls locale-dependent methods 4704250 CT factory stalling prevents subsequent CT factories from being instantiated 4876141 Thread leak in ocfserv (from 109887-17) 4827207 Enabling smart card removes pam entries from pam.conf (from 109887-16) This patch revision was generated to accumulate and obsolete the feature changes introduced in feature point patch 114295-01 and to include these additional fixes: 4776340 ON support for Enchilada and Taco workstations 4630038 usr/src/lib/smartcard/jarsc/req.flg is missing 4682730 Card.getInfo(INFO_ATR) returns a wrong type (from 109887-15) 4734926 "smartcard -c admin" gets stuck when a card is not in the reader. (S8 patch) (from 109887-14) 4462472 *CardServiceFactory.knows(CardID) have multiple problems 4524620 SCF: Need to remove dangerous "restart" support in ocfserv 4554402 internal ocf_encode API isn't very robust 4628969 lint found actual bugs in libsmartcard 4629775 libsmartcard contains "unsafe" libc calls (strcat and friends) 4646497 OCFCardHandle.lock does not handle multiple requests from a client properly. 4647542 ocfserv should clean up threads upon client deregistration 4676018 The smartcard client library passes a wrong hostname to the RPC library. (from 109887-13) 4454879 OCF server debuggability enhancement 4506457 Ocfserv does not allow dynamic addition of a terminal 4513319 The ATRs of current cards should not be stored as server properties 4523037 UID checking is insufficient and broken 4523207 OCFCardHandle.getCardID and OCFCardHandle.getATR fails 4524468 Getting an existing card handle should be lightweight 4524615 SCF: Need terminal access control and filtering 4524616 SCF: Server is limited to 32 concurrent threads 4528570 OCFDispatcher is not MT safe 4620186 CTListeningService uses clientHandle poorly 4620717 smartcard terminal properties are inaccessible 4622069 ocfserv can't access card reset functions in OCF 4622072 SCM terminals won't reset a card already present 4624770 OCF_CTListener.cardInserted() threw NullPointerException due to no card handle (from 109887-12) 4369364 OCF_RegisterForEvent() returns OCF_Success incorrectly 4624773 Client should retry RPC request after RPC_TIMEDOUT (from 109887-11) 4509396 SmartCard.getSmartCard() returns null incorrectly (from 109887-10) 4516697 payflex wrong default permission (from 109887-09) 4480706 Java client API of PassThruCardService is broken 4487753 OCF implementation incomplete/inconsistent 4449515 pam_smartcard has problems with "authmechanism" property (from 109887-08) 4451847 link fails on OCF_PassThruCardService (from 109887-07) 4420910 OCF_PassThruCardService C-API needs to be implemented. 4293165 com.sun.opencard.service.common.PassThruCardService:sendCommandAPDU returns null 4426474 smartcard -c admin stops working for non-root users 4259952 The output details of smartcard -c admin -a are truncated. 4434303 challenge-response authentication needs fixed 4445519 running "smartcard -c enable" overwrites CDE smartcard settings 4423025 Login problem - user can not login 4396204 pam_smartcard module calls pam_authenticate (from 109887-06) 4423038 /etc/smartcard/opencard.properties became corrupted 4423901 PIN + extra character (from 109887-05) 4423932 after changing properties in gui, ocfserv does not detect the changes (from 109887-04) 4352260 ocf API tests don't compile as 64-bit 4390593 OCF_ListCards_Next will core dump in 64-bit mode 4418518 deadlock occurs for dtlogin auth. after smart card is removed 4401809 scm driver mutex panic on failed attach (from 109887-03) 4389861 card events not received after OCF server is killed 4341792 libsmartcard sees wrong i18n file written in ocf_error.c (from 109887-02) 4343702 can't EXIT out from CDE after ocf daemon recovered from corrupt stage 4343711 ocfserv gets corrupted at a stage causing problem in login authenticating 4346640 cde fails to unlock screen via smart card when system isn't free idle 4361637 password login fails for payflex (from 109887-01) This patch revision was generated to accumulate and obsolete the feature changes introduced in point patch 109351-04. 4293939 Add Internal reader jar file to /etc/smartcard/ocf.classpath 4290329 Need OCF Card Terminal driver for internal smartcard reader 4305335 Validate test apps fails on cyberflex card 4275177 Smartcard I2C support for new platforms 4330625 SUNWiscr package doesn't build in the Source build 4332392 missing file I2CDrive.class in smartos.jar (from 109351-04) 4330625 SUNWiscr package doesn't build in the Source build This patch revision was generated to include smartcard source changes for the new SUNWstcx pkg. (from 109351-03) 4330625 SUNWiscr package doesn't build in the Source build (from 109351-02) 4332392 missing file I2CDrive.class in smartos.jar (from 109351-01) 4293939 Add Internal reader jar file to /etc/smartcard/ocf.classpath 4290329 Need OCF Card Terminal driver for internal smartcard reader 4305335 Validate test apps fails on cyberflex card 4275177 Smartcard I2C support for new platforms (from 109965-03) 4352242 OCF_DeregisterForEvent core dumps sigbus and segv (from 109965-02) 4322446 dt config files are not setup properly by smartcard command causing dtlogin bug 4315034 Missing depend files for SUNWocf, SUNWocfx and SUNWocfh. 4353105 SUNWjcom and SUNWjcomx are missing depend file in Solaris. 4306126 Missing depend files for several smart card packages for Solaris 8 and up 4352312 deregister() is called from garbage collector of class Smartcard 4355630 Missing calls of ocf_cleanup() in pam_sm_authenticate() 4288077 OCF Server doesn't backup props. If aborted prematurely props. might be deleted 4352345 card-event-listening threads falling into infinite loops after ocfserv restarted 4252211 ocfserv doesn't keep track of the cards currently in the readers 4260074 Smartcard authentication generates new WaitForCardRemoved threads. 4298260 smartcard GUI waits for loading property; process globe kept spinning w/jvm121.4 (from 109965-01) 4341789 pam_smartcard module sees invalid file (from 111337-01) 4429492 OCFserv hangs at random times on some platforms (from 114295-01) 4655166 tracking bug for SCF project integration Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: It is recommended to install patch 108909-06 (or newer) with this patch for CDE users. NOTE 2: For complete platform support for the SUNW,Sun-Blade-1500 and SUNW,Sun-Blade-2500, please install the following patches: 108528-20 (or newer) Kernel Update Patch 108974-28 (or newer) dada,uata,dad,sd,scsi patch 108975-08 (or newer) rmformat and format patch 108977-02 (or newer) libsmedia patch 109793-18 (or newer) su patch 109873-17 (or newer) libprtdiag_psr.so.1 patch 109885-11 (or newer) glm patch 109887-16 (or newer) smartcard patch 109888-21 (or newer) platform drivers patch 109889-04 (or newer) platform links & libc_psr patch 109896-13 (or newer) USB patch 109920-08 (or newer) pcic driver patch 110320-03 (or newer) s1394 patch 110460-28 (or newer) fruid/PICL plug-ins patch 110609-04 (or newer) USB header patch 111804-03 (or newer) update_drv,rem_drv patch 111808-02 (or newer) /usr/lib/adb/devinfo patch 109892-04 (or newer) ecpp patch README -- Last modified date: Monday, November 17, 2003