s4-param: Fix more memory leaks, invalid memory context.

7 files changed, 111 insertions, 25 deletions

diff --git a/source4/auth/credentials/pycredentials.c b/source4/auth/credentials/pycredentials.c
index e1a74037ec..879d906d6f 100644
--- a/source4/auth/credentials/pycredentials.c
+++ b/source4/auth/credentials/pycredentials.c
@@ -207,6 +207,7 @@ static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
 {
 	PyObject *py_lp_ctx = Py_None;
 	struct loadparm_context *lp_ctx;
+	TALLOC_CTX *mem_ctx;
 	struct cli_credentials *creds;
 
 	creds = PyCredentials_AsCliCredentials(self);
@@ -214,13 +215,21 @@ static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
 	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
-	if (lp_ctx == NULL)
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
 		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
 
 	cli_credentials_guess(creds, lp_ctx);
 
-	talloc_free(lp_ctx);
+	talloc_free(mem_ctx);
 
 	Py_RETURN_NONE;
 }
@@ -231,18 +240,27 @@ static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject *
 	struct loadparm_context *lp_ctx;
 	NTSTATUS status;
 	struct cli_credentials *creds;
+	TALLOC_CTX *mem_ctx;
 
 	creds = PyCredentials_AsCliCredentials(self);
 
 	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
-	if (lp_ctx == NULL)
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
 		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
 
 	status = cli_credentials_set_machine_account(creds, lp_ctx);
-	talloc_free(lp_ctx);
+	talloc_free(mem_ctx);
 
 	PyErr_NTSTATUS_IS_ERR_RAISE(status);
 
@@ -278,29 +296,39 @@ static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *arg
 	int ret;
 	const char *error_string;
 	struct cli_credentials *creds;
+	TALLOC_CTX *mem_ctx;
 
 	creds = PyCredentials_AsCliCredentials(self);
 
 	if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
-	if (lp_ctx == NULL)
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
 		return NULL;
+	}
 
-	event_ctx = tevent_context_init(NULL);
+	event_ctx = tevent_context_init(mem_ctx);
 
 	ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
 					       ccache_name, &ccc, &error_string);
 	talloc_free(lp_ctx);
 	if (ret == 0) {
 		talloc_steal(ccc, event_ctx);
+		talloc_free(mem_ctx);
 		return PyCredentialCacheContainer_from_ccache_container(ccc);
 	}
 
 	PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
 
-	talloc_free(event_ctx);
+	talloc_free(mem_ctx);
 	return NULL;
 }
 
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index f28ab95dbd..d2f19e961e 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -360,7 +360,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
 					    hostname, lpcfg_realm(gensec_security->settings->lp_ctx));
 
 		name_type = GSS_C_NT_USER_NAME;
-	}		
+	}
 	name_token.value  = discard_const_p(uint8_t, principal);
 	name_token.length = strlen(principal);
 
diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c
index a66411bb4a..c2a5e408c7 100644
--- a/source4/auth/pyauth.c
+++ b/source4/auth/pyauth.c
@@ -43,16 +43,25 @@ static PyObject *py_system_session(PyObject *module, PyObject *args)
 	PyObject *py_lp_ctx = Py_None;
 	struct loadparm_context *lp_ctx = NULL;
 	struct auth_session_info *session;
+	TALLOC_CTX *mem_ctx;
 	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
-	if (lp_ctx == NULL)
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
 		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
 
 	session = system_session(lp_ctx);
 
-	talloc_free(lp_ctx);
+	talloc_free(mem_ctx);
 
 	return PyAuthSession_FromSession(session);
 }
@@ -65,17 +74,32 @@ static PyObject *py_admin_session(PyObject *module, PyObject *args)
 	struct loadparm_context *lp_ctx = NULL;
 	struct auth_session_info *session;
 	struct dom_sid *domain_sid = NULL;
+	TALLOC_CTX *mem_ctx;
+
 	if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
-	if (lp_ctx == NULL)
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
 		return NULL;
+	}
 
-	domain_sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
-	session = admin_session(NULL, lp_ctx, domain_sid);
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
 
-	talloc_free(lp_ctx);
+	domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
+	if (domain_sid == NULL) {
+		PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s", 
+					 PyString_AsString(py_sid));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	session = admin_session(NULL, lp_ctx, domain_sid);
+	talloc_free(mem_ctx);
 
 	return PyAuthSession_FromSession(session);
 }
diff --git a/source4/lib/registry/pyregistry.c b/source4/lib/registry/pyregistry.c
index 1373ed87ca..9952ed3494 100644
--- a/source4/lib/registry/pyregistry.c
+++ b/source4/lib/registry/pyregistry.c
@@ -253,6 +253,7 @@ static PyObject *py_open_hive(PyTypeObject *type, PyObject *args, PyObject *kwar
 	struct cli_credentials *credentials;
 	char *location;
 	struct hive_key *hive_key;
+	TALLOC_CTX *mem_ctx;
 
 	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|OOO",
 					 discard_const_p(char *, kwnames),
@@ -261,15 +262,23 @@ static PyObject *py_open_hive(PyTypeObject *type, PyObject *args, PyObject *kwar
 					 &py_credentials))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
 	if (lp_ctx == NULL) {
 		PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+		talloc_free(mem_ctx);
 		return NULL;
 	}
 
 	credentials = cli_credentials_from_py_object(py_credentials);
 	if (credentials == NULL) {
 		PyErr_SetString(PyExc_TypeError, "Expected credentials");
+		talloc_free(mem_ctx);
 		return NULL;
 	}
 	session_info = NULL;
@@ -277,6 +286,7 @@ static PyObject *py_open_hive(PyTypeObject *type, PyObject *args, PyObject *kwar
 	result = reg_open_hive(NULL, location, session_info, credentials,
 	                       tevent_context_init(NULL),
 	                       lp_ctx, &hive_key);
+	talloc_free(mem_ctx);
 	PyErr_WERROR_IS_ERR_RAISE(result);
 
 	return py_talloc_steal(&PyHiveKey, hive_key);
@@ -307,21 +317,31 @@ static PyObject *py_open_samba(PyObject *self, PyObject *args, PyObject *kwargs)
 	PyObject *py_lp_ctx, *py_session_info, *py_credentials;
 	struct auth_session_info *session_info;
 	struct cli_credentials *credentials;
+	TALLOC_CTX *mem_ctx;
+
 	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OOO",
 					 discard_const_p(char *, kwnames),
 					 &py_lp_ctx, &py_session_info,
 					 &py_credentials))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
 	if (lp_ctx == NULL) {
 		PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+		talloc_free(mem_ctx);
 		return NULL;
 	}
 
 	credentials = cli_credentials_from_py_object(py_credentials);
 	if (credentials == NULL) {
 		PyErr_SetString(PyExc_TypeError, "Expected credentials");
+		talloc_free(mem_ctx);
 		return NULL;
 	}
 
@@ -329,6 +349,7 @@ static PyObject *py_open_samba(PyObject *self, PyObject *args, PyObject *kwargs)
 
 	result = reg_open_samba(NULL, &reg_ctx, NULL, 
 				lp_ctx, session_info, credentials);
+	talloc_free(mem_ctx);
 	if (!W_ERROR_IS_OK(result)) {
 		PyErr_SetWERROR(result);
 		return NULL;
@@ -377,6 +398,7 @@ static PyObject *py_open_ldb_file(PyObject *self, PyObject *args, PyObject *kwar
 	struct cli_credentials *credentials;
 	struct hive_key *key;
 	struct auth_session_info *session_info;
+	TALLOC_CTX *mem_ctx;
 
 	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|OOO", 
 					 discard_const_p(char *, kwnames),
@@ -384,15 +406,23 @@ static PyObject *py_open_ldb_file(PyObject *self, PyObject *args, PyObject *kwar
 					 &py_credentials, &py_lp_ctx))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
 	if (lp_ctx == NULL) {
 		PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+		talloc_free(mem_ctx);
 		return NULL;
 	}
 
 	credentials = cli_credentials_from_py_object(py_credentials);
 	if (credentials == NULL) {
 		PyErr_SetString(PyExc_TypeError, "Expected credentials");
+		talloc_free(mem_ctx);
 		return NULL;
 	}
 
@@ -400,6 +430,7 @@ static PyObject *py_open_ldb_file(PyObject *self, PyObject *args, PyObject *kwar
 
 	result = reg_open_ldb_file(NULL, location, session_info, credentials,
 				   s4_event_context_init(NULL), lp_ctx, &key);
+	talloc_free(mem_ctx);
 	PyErr_WERROR_IS_ERR_RAISE(result);
 
 	return py_talloc_steal(&PyHiveKey, key);
diff --git a/source4/param/provision.c b/source4/param/provision.c
index 593f9ff168..fd97f69cb3 100644
--- a/source4/param/provision.c
+++ b/source4/param/provision.c
@@ -198,7 +198,7 @@ NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
 		DEBUG(0, ("Missing 'lp' attribute"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
-	result->lp_ctx = lpcfg_from_py_object(result, py_lp_ctx);
+	result->lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
 	result->samdb = PyLdb_AsLdbContext(PyObject_GetAttrString(py_result, "samdb"));
 
 	return NT_STATUS_OK;
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 2afd1fa010..627443dee5 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -131,6 +131,10 @@ static PyObject *py_interface_ips(PyObject *self, PyObject *args)
 		return NULL;
 
 	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
 
 	lp_ctx = lpcfg_from_py_object(tmp_ctx, py_lp_ctx);
 	if (lp_ctx == NULL) {
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index ef5852090f..6429251850 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1491,7 +1491,6 @@ def provision(setup_dir, logger, session_info,
                         lp=lp)
         share_ldb.load_ldif_file_add(setup_path("share.ldif"))
 
-     
     logger.info("Setting up secrets.ldb")
     secrets_ldb = setup_secretsdb(paths.secrets, setup_path, 
         session_info=session_info,
@@ -1623,7 +1622,7 @@ def provision(setup_dir, logger, session_info,
 
         provision_backend.post_setup()
         provision_backend.shutdown()
-        
+
         create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, 
                                    ldapi_url)
     except: