Attempting to connect to a kerberos enabled server using libcx0 crashes ndctl.exe #23

Open
psmedley opened this Issue Nov 6, 2016 · 12 comments

Projects

None yet

2 participants

@psmedley
psmedley commented Nov 6, 2016

Currently, I link with '-lmmap -lcx0' and things work perfectly.

If I link with -lmmap, ndctl.exe crashes with:
11-06-2016 19:09:23 SYS3175 PID 85f6 TID 0002 Slot 00b9
C:\NDFS\NDCTL.EXE
c0000005
1ee34ce5
P1=00000001 P2=7db3802c P3=XXXXXXXX P4=XXXXXXXX
EAX=0265f348 EBX=00625cc0 ECX=00000001 EDX=00000004
ESI=7db3802c EDI=0265f348
DS=0053 DSACC=f0f3 DSLIM=ffffffff
ES=0053 ESACC=f0f3 ESLIM=ffffffff
FS=150b FSACC=00f3 FSLIM=00000030
GS=0000 GSACC=**** GSLIM=********
CS:EIP=005b:1ee34ce5 CSACC=f0df CSLIM=ffffffff
SS:ESP=0053:0265f2c0 SSACC=f0f3 SSLIM=ffffffff
EBP=0265f2e4 FLG=00012202

LIBC066.DLL 0001:00054ce5

It looks like the above is from memcpy() based on the address from popuplog.os2

mmap logs are:
*** 009ae2a6 [85f6:1] shared.c:376:_DLL_InitTerm: ulFlag 0
*** 009ae2a6 [85f6:1] shared.c:142:shared_init: DosOpenMutexSem = 187
*** 009ae2aa [85f6:1] shared.c:179:shared_init: DosCreateMutexSem = 0
*** 009ae2aa [85f6:1] shared.c:199:shared_init: DosAllocSharedMem(OBJ_ANY) = 0
*** 009ae2aa [85f6:1] shared.c:211:shared_init: gpData 0x7dba0000
*** 009ae2ac [85f6:1] shared.c:215:shared_init: DosSetMem = 0
*** 009ae2ac [85f6:1] shared.c:224:shared_init: gpData->heap = 0x7dba001c
*** 009ae2ae [85f6:1] shared.c:234:shared_init: gpData->procs = 0x7dba01a0
*** 009ae2b0 [85f6:1] shared.c:237:shared_init: gpData->files = 0x7dba0200
*** 009ae2b0 [85f6:1] mmap.c:772:mmap_init: DosCreateEventSem = 0
*** 009ae2b4 [85f6:1] fcntl.c:451:fcntl_locking_init: DosCreateEventSem = 0
*** 009ae329 [85f6:1] shared.c:662:close: fildes 7
*** 009afe27 [85f6:2] fcntl.c:603:fcntl_locking: fd 10, cmd 9=F_SETLKW, type 3=F_WRLCK, whence 0=SEEK_SET, start 0, len 1, pid 0
*** 009afe2b [85f6:2] fcntl.c:617:fcntl_locking: pszNativePath C:/MPTN/ETC/samba/lock/gencache.tdb_AL, fFlags 1040202
*** 009afe2b [85f6:2] fcntl.c:708:fcntl_locking: Locks before:

  • type ' ', start 0, pid 0
    *** 009afe2d [85f6:2] fcntl.c:1125:fcntl_locking: Locks after:
  • type 'W', start 0, pid 34294
  • type ' ', start 1, pid 0
    *** 009afe31 [85f6:2] pwrite.c:190:read: fd 9, buf 0x265f470, nbyte 168
    *** 009afe31 [85f6:2] mmap.c:163:mmap: addr 0, len 425984, prot 3=RW-, flags 1=S---, fildes 9, off 0
    *** 009afe35 [85f6:2] mmap.c:196:mmap: pszNativePath [C:/MPTN/ETC/samba/lock/gencache.tdb], fFlags 11041202
    *** 009afe37 [85f6:2] mmap.c:205:mmap: file mode 2
    *** 009afe39 [85f6:2] mmap.c:269:mmap: dup fd 11, file size 425984
    *** 009afe39 [85f6:2] mmap.c:99:DosMyAllocMem: DosAllocSharedMem(OBJ_ANY) = 0
    *** 009afe3a [85f6:2] mmap.c:337:mmap: dirty map size 16 bytes
    *** 009afe3a [85f6:2] mmap.c:449:mmap: mmap 0x7dba6340, mmap->start 7db38000, mmap->end 7dba0000
    *** 009afe3c [85f6:2] mmap.c:451:mmap: fmap 0x7dba04b8, fmap->start 7db38000, fmap->len 425984
    *** 009afe44 [85f6:1] shared.c:425:ProcessExit: reason 4
    *** 009afe44 [85f6:1] shared.c:257:shared_term: gMutex 0x8001013c, gpData 0x7dba0000 (heap 0x7dba001c, refcnt 1)
    *** 009afe46 [85f6:1] fcntl.c:494:fcntl_locking_term: Will unlock [C:/MPTN/ETC/samba/lock/gencache.tdb_AL], type 'W', start 0, len 1
    *** 009afe48 [85f6:1] fcntl.c:549:fcntl_locking_term: gpData->fcntl_locking->blocked 0
    *** 009afe4a [85f6:1] fcntl.c:572:fcntl_locking_term: DosCloseEventSem = 0
    *** 009afe4a [85f6:1] mmap.c:613:release_mapping: Shared mapping 0x7dba6340 (start 7db38000, end 7dba0000, fmap 0x7dba04b8, fmap->start 7db38000 fmap->refcnt 1)
    *** 009afe4e [85f6:1] mmap.c:514:flush_dirty_pages: m 0x7dba6340, off 0, len 0
    *** 009afe4e [85f6:1] mmap.c:131:free_file_map: DosFreeMem = 0
    *** 009afe50 [85f6:1] mmap.c:808:mmap_term: DosCloseEventSem = 0
    *** 009afe50 [85f6:1] shared.c:289:shared_term: proc->files 0
    *** 009afe52 [85f6:1] shared.c:313:shared_term: gpData->files 0x7dba0200
    *** 009afe52 [85f6:1] shared.c:331:shared_term: gpData->procs 0x7dba01a0
    *** 009afe54 [85f6:1] shared.c:338:shared_term: reserved memory size 2097152
    *** 009afe56 [85f6:1] shared.c:339:shared_term: committed memory size 65536
    *** 009afe56 [85f6:1] shared.c:342:shared_term: heap stats: 65120 total, 0 used now, 863 used max
    *** 009afe56 [85f6:1] shared.c:348:shared_term: _udestroy = 0 (49)
    *** 009afe58 [85f6:1] shared.c:353:shared_term: DosFreeMem = 0
    *** 009afe58 [85f6:1] shared.c:366:shared_term: DosCloseMutexSem = 0
    *** 009afe5a [85f6:1] shared.c:376:_DLL_InitTerm: ulFlag 1
@dmik
Contributor
dmik commented Nov 6, 2016

You seem to have mixed things up. The logs are from LIBCx, not from mmap. Do you mean that when you link against -lcx alone it crashes? If so, it should also create a TRP file. Please provide this as well as LIBCx output but as text files (either through pastebin or here but enclose it in {{{ and }}} to keep pre-formatted text.

@dmik
Contributor
dmik commented Nov 6, 2016

Needless to say that using -lcx together with -lmmap (as well as with -lurpo) is plain wrong as all three override the same LIBC functions and mixing them up may seriously screw up the application behaviour.

@psmedley
psmedley commented Nov 6, 2016

working case is linked with -lmmap -lcx

non-working case (as in above) is linked with -lcx only

Had a quick look on the laptop this morning, and I don't see any TRP files in c:\ndfs where ndctl was started from. ndpsmb.dll & smbcln44.dll are both linked with -lcx and don't have there own exception handler.

@dmik
Contributor
dmik commented Nov 6, 2016

Okay. But still, not enough info. Another obvious thing to check though - did you rebuild .EXEs using these DLLs against -lcx as well? If not, memory mapped files will not work correctly.

@psmedley
psmedley commented Nov 6, 2016

The only exe in this chain is ndctl.exe (part of netdrive)

Ndctl.Exe loads ndpsmb.dll which loads smbcln44.dll

The two dll above are both linked with cx

Cheers,

Paul

On 7 Nov 2016 06:03, "Dmitriy Kuminov" notifications@github.com wrote:

Okay. But still, not enough info. Another obvious thing to check though -
did you rebuild .EXEs using these DLLs against -lcx as well? If not, memory
mapped files will not work correctly.


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA-ccsH5zSL6FiFr2wJKX4CqaAUNwfo3ks5q7iuGgaJpZM4Kqf7l
.

@dmik
Contributor
dmik commented Nov 6, 2016

Aha, then we are in trouble. The new mmap implementation requires an EXE to be linked against LIBCx as this is necessary to properly install the exception handler on the main and other threads of the process. So it crashes for you because there is no exception handler installed.

I'm not sure what to do here. How exactly mmap is used in the plugin? Also TDB code? I wonder if it makes any difference at all. Theoretically I can install the exception handler on thread 1 in a way that breaks OS/2 documentation and that may even work. I just wonder if it's worth it. Note that this will only make mmap work on thread 1 (i.e. main thread), any attempt to use it on threads other than thread 1 will lead to a crash as well and there is nothing we can do, even with a hack. But given that it works with old mmap, it must only use mmap on thread 1.

Anyway the only 100% proper way is to rebuild NDCTL against LIBCx but I guess that's not an option here since its closed-source...

@psmedley
psmedley commented Nov 6, 2016

Hi, that will likely work. There are no threads in ndpsmb.dll as
libsmbclient is not thread safe.

Not only is ndctl.exe not open source, it's built with Watcom :)

Cheers,

Paul

On 7 Nov 2016 06:21, "Dmitriy Kuminov" notifications@github.com wrote:

Aha, then we are in trouble. The new mmap implementation requires an EXE
to be linked against LIBCx as this is necessary to properly install the
exception handler on the main and other threads of the process. So it
crashes for you because there is no exception handler installed.

I'm not sure what to do here. How exactly mmap is used in the plugin? Also
TDB code? I wonder if it makes any difference at all. Theoretically I can
install the exception handler on thread 1 in a way that breaks OS/2
documentation and that may even work. I just wonder if it's worth it. Note
that this will only make mmap work on thread 1 (i.e. main thread), any
attempt to use it on threads other than thread 1 will lead to a crash as
well and there is nothing we can do, even with a hack. But given that it
works with old mmap, it must only use mmap on thread 1.

Anyway the only 100% proper way is to rebuild NDCTL against LIBCx but I
guess that's not an option here since its closed-source...


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA-ccnoeCfL58EHvFRRHeKdMvRZAKJcHks5q7i-1gaJpZM4Kqf7l
.

@dmik
Contributor
dmik commented Nov 6, 2016 edited

Well I need to think on how to make this hack optional and only use it when needed, in cases like that.

BTW, regarding Watcom, it's not a problem per se. If we had a source we could install the mmap exception handler manually, w/o having a dependency on kLIBC.

@psmedley
psmedley commented Nov 7, 2016

This makes sense now - smbclient.exe works correctly with libcx but ndpsmb.dll doesn't. The difference being the executable that calls the code.

Is it worth talking to Vitali (Netdrive developer) about modifying ndctl to install the exception handler if it's available? He's usually quite responsive.

@dmik
Contributor
dmik commented Nov 7, 2016

Yes, sure, good idea. I can provide an export from LIBCx for that.

@psmedley

Given that the samba plugin doesn't use threads, would it be sufficient to install the exception handler from the first function that ndctl calls within ndpsmb?

@dmik
Contributor
dmik commented Nov 30, 2016

Paul, please be patient, I've contacted Sunlover, let's give him some word first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment