Patch-ID# 109887-18


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security ocf card i2c pam_smartcard ocf_deregisterforevent ocfserv
Synopsis: SunOS 5.8: smartcard and usr/sbin/ocfserv patch
Date: Nov/17/2003


Install Requirements: Perform a reconfigure reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product:

Unbundled Release:

Xref:

Topic: SunOS 5.8: smartcard and usr/sbin/ocfserv patch
	NOTE:	Refer to Special Install Instructions section for
		IMPORTANT specific information on this patch.


Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
425221114992835
425995214995496
426007414995544
427517715000455
428807715005414
429032915006192
429316515007304
429393915007561
429826015009059
430533515012064
430612615012401
431503415016311
432244615018936
433062515022362
433239215023118
434178915027225
434179215027227
434370215028016
434371115028023
434664015029293
435224215031472
435226015031481
435231215031513
435234515031523
435310515031795
435563015032741
436163715034963
436936415037699
438986115044837
439059315045086
439620415046815
440180915048677
441851815054049
442091015054848
442302515055526
442303815055534
442390115055834
442393215055842
442647415056721
442949215057716
443430315059439
444551915060592
444951515061669
445184715062444
445487915063411
446085915065168
446247215065665
448070615071950
448775315074369
450645715080384
450939615081461
451331915082764
451669715083822
452303715086011
452320715086072
452446815086433
452461515086481
452461615086483
452462015086487
452857015087641
455440215089859
462018615092373
462071715092505
462206915092858
462207215092860
462477015093606
462477315093607
462896915094712
462977515094941
463003815095018
464649715098933
464754215099135
465516615100803
467601815105932
468273015107210
470425015112198
473492615120137
477634015132690
482720715149124
487614115163413


Changes incorporated in this version: 4460859 4704250 4876141

Patches accumulated and obsoleted by this patch: 109351-04 109965-03 111337-01 114295-01

Patches which conflict with this patch:

Patches required with this patch: 108979-10 (or greater)

Obsoleted by:

Files included with this patch:

/etc/smartcard/ocf.classpath
/usr/include/smartcard/ocf_core.h
/usr/include/smartcard/ocf_core_cardservices.h
/usr/include/smartcard/scf.h
/usr/lib/abi/abi_libSCMI2CNative.so.1
/usr/lib/abi/abi_libsmartcard.so.1
/usr/lib/abi/sparcv9/abi_libSCMI2CNative.so.1
/usr/lib/abi/sparcv9/abi_libsmartcard.so.1
/usr/lib/libsmartcard.so.1
/usr/lib/llib-lsmartcard
/usr/lib/llib-lsmartcard.ln
/usr/lib/security/pam_smartcard.so.1
/usr/lib/security/sparcv9/pam_smartcard.so.1
/usr/lib/sparcv9/libsmartcard.so.1
/usr/lib/sparcv9/llib-lsmartcard.ln
/usr/platform/sun4u/include/sys/i2c/clients/scmi2c.h
/usr/sbin/ocfserv
/usr/share/lib/smartcard/CDESmartCardAdmin
/usr/share/lib/smartcard/commands.jar
/usr/share/lib/smartcard/ocf.jar
/usr/share/lib/smartcard/scmiscr.jar
/usr/share/lib/smartcard/scmtester.jar
/usr/share/lib/smartcard/smartcard.jar
/usr/share/lib/smartcard/smartos.jar

Problem Description:

4460859 Java code in smartcard library calls locale-dependent methods
4704250 CT factory stalling prevents subsequent CT factories from being instantiated
4876141 Thread leak in ocfserv
 
(from 109887-17)
 
4827207 Enabling smart card removes pam entries from pam.conf
 
(from 109887-16)
 
      This patch revision was generated to accumulate and obsolete
      the feature changes introduced in feature point patch 114295-01
      and to include these additional fixes:
 
4776340 ON support for Enchilada and Taco workstations
4630038 usr/src/lib/smartcard/jarsc/req.flg is missing
4682730 Card.getInfo(INFO_ATR) returns a wrong type
 
(from 109887-15)
 
4734926 "smartcard -c admin" gets stuck when a card is not in the reader.  (S8 patch)
 
(from 109887-14)
 
4462472 *CardServiceFactory.knows(CardID) have multiple problems
4524620 SCF: Need to remove dangerous "restart" support in ocfserv
4554402 internal ocf_encode API isn't very robust
4628969 lint found actual bugs in libsmartcard
4629775 libsmartcard contains "unsafe" libc calls (strcat and friends)
4646497 OCFCardHandle.lock does not handle multiple requests from a client properly.
4647542 ocfserv should clean up threads upon client deregistration
4676018 The smartcard client library passes a wrong hostname to the RPC library.
 
(from 109887-13)
 
4454879 OCF server debuggability enhancement
4506457 Ocfserv does not allow dynamic addition of a terminal
4513319 The ATRs of current cards should not be stored as server properties
4523037 UID checking is insufficient and broken
4523207 OCFCardHandle.getCardID and OCFCardHandle.getATR fails
4524468 Getting an existing card handle should be lightweight
4524615 SCF: Need terminal access control and filtering
4524616 SCF: Server is limited to 32 concurrent threads
4528570 OCFDispatcher is not MT safe
4620186 CTListeningService uses clientHandle poorly
4620717 smartcard terminal properties are inaccessible
4622069 ocfserv can't access card reset functions in OCF
4622072 SCM terminals won't reset a card already present
4624770 OCF_CTListener.cardInserted() threw NullPointerException due to no card handle
 
(from 109887-12)
 
4369364 OCF_RegisterForEvent() returns OCF_Success incorrectly
4624773 Client should retry RPC request after RPC_TIMEDOUT
 
(from 109887-11)
 
4509396 SmartCard.getSmartCard() returns null incorrectly
 
(from 109887-10)
 
4516697 payflex wrong default permission
 
(from 109887-09)
 
4480706 Java client API of PassThruCardService is broken
4487753 OCF implementation incomplete/inconsistent
4449515 pam_smartcard has problems with "authmechanism" property
 
(from 109887-08)
 
4451847 link fails on OCF_PassThruCardService
 
(from 109887-07)
 
4420910 OCF_PassThruCardService C-API needs to be implemented.
4293165 com.sun.opencard.service.common.PassThruCardService:sendCommandAPDU returns null
4426474 smartcard -c admin stops working for non-root users
4259952 The output details of smartcard -c admin -a <application> are truncated.
4434303 challenge-response authentication needs fixed
4445519 running "smartcard -c enable" overwrites CDE smartcard settings
4423025 Login problem - user can not login
4396204 pam_smartcard module calls pam_authenticate
 
(from 109887-06)
 
4423038 /etc/smartcard/opencard.properties became corrupted
4423901 PIN + extra character
 
(from 109887-05)
 
4423932 after changing properties in gui, ocfserv does not detect the changes
 
(from 109887-04)
 
4352260 ocf API tests don't compile as 64-bit
4390593 OCF_ListCards_Next will core dump in 64-bit mode
4418518 deadlock occurs for dtlogin auth. after smart card is removed
4401809 scm driver mutex panic on failed attach
 
(from 109887-03)
 
4389861 card events not received after OCF server is killed
4341792 libsmartcard sees wrong i18n file written in ocf_error.c
 
(from 109887-02)
 
4343702 can't EXIT out from CDE after ocf daemon recovered from corrupt stage
4343711 ocfserv gets corrupted at a stage causing problem in login authenticating
4346640 cde fails to unlock screen via smart card when system isn't free idle
4361637 password login fails for payflex
 
(from 109887-01)
 
	This patch revision was generated to accumulate and obsolete
	the feature changes introduced in point patch 109351-04.
 
4293939 Add Internal reader jar file to /etc/smartcard/ocf.classpath
4290329 Need OCF Card Terminal driver for internal smartcard reader
4305335 Validate test apps fails on cyberflex card
4275177 Smartcard I2C support for new platforms
4330625 SUNWiscr package doesn't build in the Source build
4332392 missing file I2CDrive.class in smartos.jar
 
(from 109351-04)
 
4330625 SUNWiscr package doesn't build in the Source build
 
	This patch revision was generated to include smartcard source
	changes for the new SUNWstcx pkg.
 
(from 109351-03)
 
4330625 SUNWiscr package doesn't build in the Source build
 
(from 109351-02)
 
4332392 missing file I2CDrive.class in smartos.jar
 
(from 109351-01)
 
4293939 Add Internal reader jar file to /etc/smartcard/ocf.classpath
4290329 Need OCF Card Terminal driver for internal smartcard reader
4305335 Validate test apps fails on cyberflex card
4275177 Smartcard I2C support for new platforms
 
(from 109965-03)
 
4352242 OCF_DeregisterForEvent core dumps sigbus and segv
 
(from 109965-02)
 
4322446 dt config files are not setup properly by smartcard command causing dtlogin bug
4315034 Missing depend files for SUNWocf, SUNWocfx and SUNWocfh.
4353105 SUNWjcom and SUNWjcomx are missing depend file in Solaris.
4306126 Missing depend files for several smart card packages for Solaris 8 and up
4352312 deregister() is called from garbage collector of class Smartcard
4355630 Missing calls of ocf_cleanup() in pam_sm_authenticate()
4288077 OCF Server doesn't backup props.  If aborted prematurely props. might be deleted
4352345 card-event-listening threads falling into infinite loops after ocfserv restarted
4252211 ocfserv doesn't keep track of the cards currently in the readers
4260074 Smartcard authentication generates new WaitForCardRemoved threads.
4298260 smartcard GUI waits for loading property; process globe kept spinning w/jvm121.4
 
(from 109965-01)
 
4341789 pam_smartcard module sees invalid file
 
(from 111337-01)
 
4429492 OCFserv hangs at random times on some platforms
 
(from 114295-01)
 
4655166 tracking bug for SCF project integration


Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
	NOTE 1:	It is recommended to install patch 108909-06 (or newer)
		with this patch for CDE users.
 
	NOTE 2: For complete platform support for the SUNW,Sun-Blade-1500
		and SUNW,Sun-Blade-2500, please install the following patches:
 
		108528-20 (or newer)   Kernel Update Patch
		108974-28 (or newer)   dada,uata,dad,sd,scsi patch
		108975-08 (or newer)   rmformat and format patch
		108977-02 (or newer)   libsmedia patch
		109793-18 (or newer)   su patch
		109873-17 (or newer)   libprtdiag_psr.so.1 patch
		109885-11 (or newer)   glm patch
		109887-16 (or newer)   smartcard patch
		109888-21 (or newer)   platform drivers patch
		109889-04 (or newer)   platform links & libc_psr patch
		109896-13 (or newer)   USB patch
		109920-08 (or newer)   pcic driver patch
		110320-03 (or newer)   s1394 patch
		110460-28 (or newer)   fruid/PICL plug-ins patch
		110609-04 (or newer)   USB header patch
		111804-03 (or newer)   update_drv,rem_drv patch
		111808-02 (or newer)   /usr/lib/adb/devinfo patch
		109892-04 (or newer)   ecpp patch


README -- Last modified date: Friday, November 9, 2012