r16241: Fix Klocwork #106 and others like it.

Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)

2 files changed, 155 insertions, 145 deletions

diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c
index 8970ffa8ed..47bf059479 100644
--- a/source3/pam_smbpass/pam_smb_acct.c
+++ b/source3/pam_smbpass/pam_smb_acct.c
@@ -42,72 +42,80 @@
 int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
                       int argc, const char **argv )
 {
-    unsigned int ctrl;
-    int retval;
-
-    const char *name;
-    struct samu *sampass = NULL;
-    void (*oldsig_handler)(int);
-    extern BOOL in_client;
-
-    /* Samba initialization. */
-    load_case_tables();
-    setup_logging( "pam_smbpass", False );
-    in_client = True;
-
-    ctrl = set_ctrl( flags, argc, argv );
-
-    /* get the username */
-
-    retval = pam_get_user( pamh, &name, "Username: " );
-    if (retval != PAM_SUCCESS) {
-        if (on( SMB_DEBUG, ctrl )) {
-	    _log_err( LOG_DEBUG, "acct: could not identify user" );
-        }
-        return retval;
-    }
-    if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
-    }
-
-    /* Getting into places that might use LDAP -- protect the app
-       from a SIGPIPE it's not expecting */
-    oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
-    if (!initialize_password_db(True)) {
-        _log_err( LOG_ALERT, "Cannot access samba password database" );
-        CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-        return PAM_AUTHINFO_UNAVAIL;
-    }
-
-    /* Get the user's record. */
-
-    if ( (sampass = samu_new( NULL )) != NULL ) {
-    	pdb_getsampwnam(sampass, name );
-    } 
-
-    /* check for lookup failure */
-    if ( !sampass || !strlen(pdb_get_username(sampass)) ) {
-        CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-        return PAM_USER_UNKNOWN;
-    }
-
-    if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
-        if (on( SMB_DEBUG, ctrl )) {
-            _log_err( LOG_DEBUG
-                      , "acct: account %s is administratively disabled", name );
-        }
-        make_remark( pamh, ctrl, PAM_ERROR_MSG
-                     , "Your account has been disabled; "
-                       "please see your system administrator." );
-
-        CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-        return PAM_ACCT_EXPIRED;
-    }
-
-    /* TODO: support for expired passwords. */
-
-    CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-    return PAM_SUCCESS;
+	unsigned int ctrl;
+	int retval;
+
+	const char *name;
+	struct samu *sampass = NULL;
+	void (*oldsig_handler)(int);
+	extern BOOL in_client;
+
+	/* Samba initialization. */
+	load_case_tables();
+	setup_logging( "pam_smbpass", False );
+	in_client = True;
+
+	ctrl = set_ctrl( flags, argc, argv );
+
+	/* get the username */
+
+	retval = pam_get_user( pamh, &name, "Username: " );
+	if (retval != PAM_SUCCESS) {
+		if (on( SMB_DEBUG, ctrl )) {
+			_log_err( LOG_DEBUG, "acct: could not identify user" );
+		}
+		return retval;
+	}
+	if (on( SMB_DEBUG, ctrl )) {
+		_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
+	}
+
+	/* Getting into places that might use LDAP -- protect the app
+		from a SIGPIPE it's not expecting */
+	oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
+	if (!initialize_password_db(True)) {
+		_log_err( LOG_ALERT, "Cannot access samba password database" );
+		CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
+		return PAM_AUTHINFO_UNAVAIL;
+	}
+
+	/* Get the user's record. */
+
+	if (!(sampass = samu_new( NULL ))) {
+        	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
+		/* malloc fail. */
+		return nt_status_to_pam(NT_STATUS_NO_MEMORY);
+	}
+
+	if (!pdb_getsampwnam(sampass, name )) {
+		_log_err( LOG_DEBUG, "acct: could not identify user" );
+        	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
+        	return PAM_USER_UNKNOWN;
+	}
+
+	/* check for lookup failure */
+	if (!strlen(pdb_get_username(sampass)) ) {
+		CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
+		return PAM_USER_UNKNOWN;
+	}
+
+	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
+		if (on( SMB_DEBUG, ctrl )) {
+			_log_err( LOG_DEBUG
+				, "acct: account %s is administratively disabled", name );
+		}
+		make_remark( pamh, ctrl, PAM_ERROR_MSG
+			, "Your account has been disabled; "
+			"please see your system administrator." );
+
+		CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
+		return PAM_ACCT_EXPIRED;
+	}
+
+	/* TODO: support for expired passwords. */
+
+	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
+	return PAM_SUCCESS;
 }
 
 /* static module data */
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 15726aa855..df6d20e01a 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -62,94 +62,97 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
 int pam_sm_authenticate(pam_handle_t *pamh, int flags,
                         int argc, const char **argv)
 {
-    unsigned int ctrl;
-    int retval, *ret_data = NULL;
-    struct samu *sampass = NULL;
-    extern BOOL in_client;
-    const char *name;
-    void (*oldsig_handler)(int) = NULL;
-    BOOL found;
-
-    /* Points to memory managed by the PAM library. Do not free. */
-    char *p = NULL;
-
-
-    /* Samba initialization. */
-    load_case_tables();
-    setup_logging("pam_smbpass",False);
-    in_client = True;
-
-    ctrl = set_ctrl(flags, argc, argv);
-
-    /* Get a few bytes so we can pass our return value to
-       pam_sm_setcred(). */
-    ret_data = SMB_MALLOC_P(int);
-
-    /* we need to do this before we call AUTH_RETURN */
-    /* Getting into places that might use LDAP -- protect the app
-       from a SIGPIPE it's not expecting */
-    oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
-
-    /* get the username */
-    retval = pam_get_user( pamh, &name, "Username: " );
-    if ( retval != PAM_SUCCESS ) {
-        if (on( SMB_DEBUG, ctrl )) {
-	    _log_err(LOG_DEBUG, "auth: could not identify user");
-        }
-        AUTH_RETURN;
-    }
-    if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "username [%s] obtained", name );
-    }
+	unsigned int ctrl;
+	int retval, *ret_data = NULL;
+	struct samu *sampass = NULL;
+	extern BOOL in_client;
+	const char *name;
+	void (*oldsig_handler)(int) = NULL;
+	BOOL found;
+
+	/* Points to memory managed by the PAM library. Do not free. */
+	char *p = NULL;
+
+	/* Samba initialization. */
+	load_case_tables();
+	setup_logging("pam_smbpass",False);
+	in_client = True;
+
+	ctrl = set_ctrl(flags, argc, argv);
+
+	/* Get a few bytes so we can pass our return value to
+		pam_sm_setcred(). */
+	ret_data = SMB_MALLOC_P(int);
+
+	/* we need to do this before we call AUTH_RETURN */
+	/* Getting into places that might use LDAP -- protect the app
+	from a SIGPIPE it's not expecting */
+	oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
+
+	/* get the username */
+	retval = pam_get_user( pamh, &name, "Username: " );
+	if ( retval != PAM_SUCCESS ) {
+		if (on( SMB_DEBUG, ctrl )) {
+			_log_err(LOG_DEBUG, "auth: could not identify user");
+		}
+		AUTH_RETURN;
+	}
+	if (on( SMB_DEBUG, ctrl )) {
+		_log_err( LOG_DEBUG, "username [%s] obtained", name );
+	}
 
-    if (!initialize_password_db(True)) {
-        _log_err( LOG_ALERT, "Cannot access samba password database" );
-        retval = PAM_AUTHINFO_UNAVAIL;
-        AUTH_RETURN;
-    }
+	if (!initialize_password_db(True)) {
+		_log_err( LOG_ALERT, "Cannot access samba password database" );
+		retval = PAM_AUTHINFO_UNAVAIL;
+		AUTH_RETURN;
+	}
 
-    sampass = samu_new( NULL );
-    
-    found = pdb_getsampwnam( sampass, name );
+	sampass = samu_new( NULL );
+    	if (!sampass) {
+		_log_err( LOG_ALERT, "Cannot talloc a samu struct" );
+		retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
+		AUTH_RETURN;
+	}
 
-    if (on( SMB_MIGRATE, ctrl )) {
-	retval = _smb_add_user(pamh, ctrl, name, sampass, found);
-	TALLOC_FREE(sampass);
-	AUTH_RETURN;
-    }
+	found = pdb_getsampwnam( sampass, name );
 
-    if (!found) {
-        _log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
-        retval = PAM_USER_UNKNOWN;
-	TALLOC_FREE(sampass);
-	sampass = NULL;
-        AUTH_RETURN;
-    }
+	if (on( SMB_MIGRATE, ctrl )) {
+		retval = _smb_add_user(pamh, ctrl, name, sampass, found);
+		TALLOC_FREE(sampass);
+		AUTH_RETURN;
+	}
+
+	if (!found) {
+		_log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
+		retval = PAM_USER_UNKNOWN;
+		TALLOC_FREE(sampass);
+		sampass = NULL;
+		AUTH_RETURN;
+	}
    
-    /* if this user does not have a password... */
+	/* if this user does not have a password... */
 
-    if (_smb_blankpasswd( ctrl, sampass )) {
-        TALLOC_FREE(sampass);
-        retval = PAM_SUCCESS;
-        AUTH_RETURN;
-    }
+	if (_smb_blankpasswd( ctrl, sampass )) {
+		TALLOC_FREE(sampass);
+		retval = PAM_SUCCESS;
+		AUTH_RETURN;
+	}
 
-    /* get this user's authentication token */
+	/* get this user's authentication token */
 
-    retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
-    if (retval != PAM_SUCCESS ) {
-	_log_err(LOG_CRIT, "auth: no password provided for [%s]"
-		 , name);
-        TALLOC_FREE(sampass);
-        AUTH_RETURN;
-    }
+	retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
+	if (retval != PAM_SUCCESS ) {
+		_log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
+		TALLOC_FREE(sampass);
+		AUTH_RETURN;
+	}
 
-    /* verify the password of this user */
+	/* verify the password of this user */
 
-    retval = _smb_verify_password( pamh, sampass, p, ctrl );
-    TALLOC_FREE(sampass);
-    p = NULL;
-    AUTH_RETURN;
+	retval = _smb_verify_password( pamh, sampass, p, ctrl );
+	TALLOC_FREE(sampass);
+	p = NULL;
+	AUTH_RETURN;
 }
 
 /*
@@ -255,4 +258,3 @@ struct pam_module _pam_smbpass_auth_modstruct = {
      NULL
 };
 #endif
-