3 files changed, 31 insertions, 4 deletions

diff --git a/source4/auth/credentials/pycredentials.c b/source4/auth/credentials/pycredentials.c
index 7c860b041d..e1a74037ec 100644
--- a/source4/auth/credentials/pycredentials.c
+++ b/source4/auth/credentials/pycredentials.c
@@ -214,12 +214,14 @@ static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
 	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
+	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
 	if (lp_ctx == NULL)
 		return NULL;
 
 	cli_credentials_guess(creds, lp_ctx);
 
+	talloc_free(lp_ctx);
+
 	Py_RETURN_NONE;
 }
 
@@ -235,11 +237,13 @@ static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject *
 	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
+	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
 	if (lp_ctx == NULL)
 		return NULL;
 
 	status = cli_credentials_set_machine_account(creds, lp_ctx);
+	talloc_free(lp_ctx);
+
 	PyErr_NTSTATUS_IS_ERR_RAISE(status);
 
 	Py_RETURN_NONE;
@@ -288,6 +292,7 @@ static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *arg
 
 	ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
 					       ccache_name, &ccc, &error_string);
+	talloc_free(lp_ctx);
 	if (ret == 0) {
 		talloc_steal(ccc, event_ctx);
 		return PyCredentialCacheContainer_from_ccache_container(ccc);
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index 28441cc9ca..f8825b87d9 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -166,6 +166,23 @@ static PyObject *py_gensec_start_mech_by_name(PyObject *self, PyObject *args)
     Py_RETURN_NONE;
 }
 
+static PyObject *py_gensec_start_mech_by_authtype(PyObject *self, PyObject *args)
+{
+	int authtype, level;
+    struct gensec_security *security = (struct gensec_security *)py_talloc_get_ptr(self);
+	NTSTATUS status;
+	if (!PyArg_ParseTuple(args, "ii", &authtype, &level))
+		return NULL;
+
+	status = gensec_start_mech_by_authtype(security, authtype, level);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
 static PyMethodDef py_gensec_security_methods[] = {
 	{ "start_client", (PyCFunction)py_gensec_start_client, METH_VARARGS|METH_KEYWORDS|METH_CLASS, 
 		"S.start_client(settings) -> gensec" },
@@ -175,6 +192,7 @@ static PyMethodDef py_gensec_security_methods[] = {
 		"S.session_info() -> info" },
     { "start_mech_by_name", (PyCFunction)py_gensec_start_mech_by_name, METH_VARARGS, 
         "S.start_mech_by_name(name)" },
+	{ "start_mech_by_authtype", (PyCFunction)py_gensec_start_mech_by_authtype, METH_VARARGS, "S.start_mech_by_authtype(authtype, level)" },
 	{ "get_name_by_authtype", (PyCFunction)py_get_name_by_authtype, METH_VARARGS,
 		"S.get_name_by_authtype(authtype) -> name\nLookup an auth type." },
 	{ NULL }
diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c
index dff696334c..a66411bb4a 100644
--- a/source4/auth/pyauth.c
+++ b/source4/auth/pyauth.c
@@ -46,12 +46,14 @@ static PyObject *py_system_session(PyObject *module, PyObject *args)
 	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: Leaks memory */
+	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
 	if (lp_ctx == NULL)
 		return NULL;
 
 	session = system_session(lp_ctx);
 
+	talloc_free(lp_ctx);
+
 	return PyAuthSession_FromSession(session);
 }
 
@@ -66,13 +68,15 @@ static PyObject *py_admin_session(PyObject *module, PyObject *args)
 	if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
 		return NULL;
 
-	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
+	lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
 	if (lp_ctx == NULL)
 		return NULL;
 
 	domain_sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
 	session = admin_session(NULL, lp_ctx, domain_sid);
 
+	talloc_free(lp_ctx);
+
 	return PyAuthSession_FromSession(session);
 }