r1222: Valgrind memory leak fixes. Still tracking down a strange one...

						break;

					}

					if (!strcmp(oldEntries[i], ktprinc)) {

						krb5_free_unparsed_name(context, ktprinc);

						break;

					}

				}

				if (i == found) {

					krb5_free_unparsed_name(context, ktprinc);

				}

			}

			krb5_free_keytab_entry_contents(context, &kt_entry);

			ZERO_STRUCT(kt_entry);

	princ = strdup(principal);

	if ((c = strchr(princ, '/')) == NULL) {

	if ((c = strchr_m(princ, '/')) == NULL) {

	    c = princ; 

	} else {

	    *c = '\0';

	princ_part2 = c;

	if ((c = strchr(c, '@')) != NULL) {

	if ((c = strchr_m(c, '@')) != NULL) {

	    *c = '\0';

	    c++;

	    realm = c;

{

	ADS_STATUS aret;

	krb5_error_code ret;

	krb5_error_code ret = 0;

	krb5_context context = NULL;

	krb5_principal principal;

	char *princ_name;

	char *realm;

	krb5_creds creds, *credsp;

	krb5_principal principal = NULL;

	char *princ_name = NULL;

	char *realm = NULL;

	krb5_creds creds, *credsp = NULL;

	krb5_ccache ccache = NULL;

	ZERO_STRUCT(creds);

	ret = krb5_init_context(&context);

	if (ret) {

		DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));

		return ADS_ERROR_KRB5(ret);

	}

	ZERO_STRUCT(creds);

	realm = strchr(princ, '@');

	realm = strchr_m(princ, '@');

	if (!realm) {

		krb5_cc_close(context, ccache);

	        krb5_free_context(context);

		DEBUG(1,("Failed to get realm\n"));

		return ADS_ERROR_KRB5(-1);

	}

	realm++;

	asprintf(&princ_name, "kadmin/changepw@%s", realm);

	ret = krb5_parse_name(context, princ_name, &creds.server);

	if (ret) {

		krb5_cc_close(context, ccache);

                krb5_free_context(context);

		DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret)));

		return ADS_ERROR_KRB5(ret);

	/* parse the principal we got as a function argument */

	ret = krb5_parse_name(context, princ, &principal);

	if (ret) {

		krb5_cc_close(context, ccache);

	        krb5_free_principal(context, creds.server);

                krb5_free_context(context);

		DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret)));

		return ADS_ERROR_KRB5(ret);

	ret = krb5_cc_get_principal(context, ccache, &creds.client);

	if (ret) {

		krb5_cc_close(context, ccache);

	        krb5_free_principal(context, creds.server);

	        krb5_free_principal(context, principal);

                krb5_free_context(context);

		DEBUG(1,("Failed to get principal from ccache (%s)\n", 

	ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); 

	if (ret) {

		krb5_cc_close(context, ccache);

	        krb5_free_principal(context, creds.client);

	        krb5_free_principal(context, creds.server);

	        krb5_free_principal(context, principal);

	        krb5_free_context(context);

		DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret)));

	krb5_free_creds(context, credsp);

	krb5_free_principal(context, creds.client);

        krb5_free_principal(context, creds.server);

	krb5_free_principal(context, principal);

	krb5_cc_close(context, ccache);

	krb5_free_context(context);

	return aret;

uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)

{

	LDAPMessage *res;

	LDAPMessage *res = NULL;

	uint32 kvno = (uint32)-1;      /* -1 indicates a failure */

	char *filter;

	const char *attrs[] = {"msDS-KeyVersionNumber", NULL};

	SAFE_FREE(filter);

	if (!ADS_ERR_OK(ret) && ads_count_replies(ads, res)) {

		DEBUG(1,("ads_get_kvno: Computer Account For %s not found.\n", machine_name));

		ads_msgfree(ads, res);

		return kvno;

	}

	dn_string = ads_get_dn(ads, res);

	if (!dn_string) {

		DEBUG(0,("ads_get_kvno: out of memory.\n"));

		ads_msgfree(ads, res);

		return kvno;

	}

	DEBUG(5,("ads_get_kvno: Using: %s\n", dn_string));

	if (!ads_pull_uint32(ads, res, "msDS-KeyVersionNumber", &kvno)) {

		DEBUG(3,("ads_get_kvno: Error Determining KVNO!\n"));

		DEBUG(3,("ads_get_kvno: Windows 2000 does not support KVNO's, so this may be normal.\n"));

		ads_msgfree(ads, res);

		return kvno;

	}

	/* Success */

	DEBUG(5,("ads_get_kvno: Looked Up KVNO of: %d\n", kvno));

	ads_msgfree(ads, res);

	return kvno;

}

ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name)

{

	TALLOC_CTX *ctx;

	LDAPMessage *res;

	LDAPMessage *res = NULL;

	ADS_MODLIST mods;

	const char *servicePrincipalName[1] = {NULL};

	ADS_STATUS ret = ADS_ERROR(LDAP_SUCCESS);

	if (!ADS_ERR_OK(ret) || ads_count_replies(ads, res) != 1) {

		DEBUG(5,("ads_clear_service_principal_names: WARNING: Host Account for %s not found... skipping operation.\n", machine_name));

		DEBUG(5,("ads_clear_service_principal_names: WARNING: Service Principals for %s have NOT been cleared.\n", machine_name));

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);

	}

	DEBUG(5,("ads_clear_service_principal_names: Host account for %s found\n", machine_name));

	ctx = talloc_init("ads_clear_service_principal_names");

	if (!ctx) {

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_MEMORY);

	}

	if (!(mods = ads_init_mods(ctx))) {

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_MEMORY);

	}

	ret = ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);

	if (!ADS_ERR_OK(ret)) {

		DEBUG(1,("ads_clear_service_principal_names: Error creating strlist.\n"));

		ads_msgfree(ads, res);

		talloc_destroy(ctx);

		return ret;

	}

	dn_string = ads_get_dn(ads, res);

	if (!dn_string) {

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_MEMORY);

	}

	ret = ads_gen_mod(ads, dn_string, mods);

	if (!ADS_ERR_OK(ret)) {

		DEBUG(1,("ads_clear_service_principal_names: Error: Updating Service Principals for machine %s in LDAP\n",

			machine_name));

		ads_msgfree(ads, res);

		talloc_destroy(ctx);

		return ret;

	}

	ads_msgfree(ads, res);

	talloc_destroy(ctx);

	return ret;

}

{

	ADS_STATUS ret;

	TALLOC_CTX *ctx;

	LDAPMessage *res;

	LDAPMessage *res = NULL;

	char *host_spn, *host_upn, *psp1, *psp2;

	ADS_MODLIST mods;

	fstring my_fqdn;

			machine_name));

		DEBUG(1,("ads_add_service_principal_name: WARNING: Service Principal '%s/%s@%s' has NOT been added.\n",

			spn, machine_name, ads->config.realm));

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);

	}

	DEBUG(1,("ads_add_service_principal_name: Host account for %s found\n", machine_name));

	if (!(ctx = talloc_init("ads_add_service_principal_name"))) {

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_MEMORY);

	}

	name_to_fqdn(my_fqdn, machine_name);

	if (!(host_spn = talloc_asprintf(ctx, "HOST/%s", my_fqdn))) {

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);

	}

	if (!(host_upn = talloc_asprintf(ctx, "%s@%s", host_spn, ads->config.realm))) {

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);

	}

	if (!(mods = ads_init_mods(ctx))) {

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_MEMORY);

	}

	ret = ads_add_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);

	if (!ADS_ERR_OK(ret)) {

		DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ret;

	}

	dn_string = ads_get_dn(ads, res);

	if (!dn_string) {

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ADS_ERROR(LDAP_NO_MEMORY);

	}

	ret = ads_gen_mod(ads, ads_get_dn(ads, res), mods);

	ret = ads_gen_mod(ads, dn_string, mods);

	ads_memfree(ads,dn_string);

	if (!ADS_ERR_OK(ret)) {

		DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));

		talloc_destroy(ctx);

		ads_msgfree(ads, res);

		return ret;

	}

	talloc_destroy(ctx);

	ads_msgfree(ads, res);

	return ret;

}

	unsigned acct_control;

	unsigned exists=0;

	fstring my_fqdn;

	LDAPMessage *res;

	LDAPMessage *res = NULL;

	if (!(ctx = talloc_init("ads_add_machine_acct")))

		return ADS_ERROR(LDAP_NO_MEMORY);

		}

	}

done:

	ads_msgfree(ads, res);

	talloc_destroy(ctx);

	return ret;

}

			  uint32 account_type, const char *org_unit)

{

	ADS_STATUS status;

	LDAPMessage *res;

	LDAPMessage *res = NULL;

	char *machine;

	/* machine name must be lowercase */

	}

	SAFE_FREE(machine);

	ads_msgfree(ads, res);

	return status;

}

failed:

	if ( context ) {

#if 0 	/* JERRY -- disabled since it causes heimdal 0.6.1rc3 to die 

	   SuSE 9.1 Pro */

/* Removed by jra. They really need to fix their kerberos so we don't leak memory. 

 JERRY -- disabled since it causes heimdal 0.6.1rc3 to die

          SuSE 9.1 Pro 

*/

		if (ccdef)

			krb5_cc_close(context, ccdef);

#endif

		if (auth_context)

			krb5_auth_con_free(context, auth_context);

		krb5_free_context(context);

	if (!(ads = ads_startup())) return -1;

	if (!(ctx = talloc_init("net_ads_workgroup"))) {

		ads_destroy(&ads);

		return -1;

	}

		d_printf("Failed to find workgroup for realm '%s'\n", 

			 ads->config.realm);

		talloc_destroy(ctx);

		ads_destroy(&ads);

		return -1;

	}

	d_printf("Workgroup: %s\n", workgroup);

	talloc_destroy(ctx);

	ads_destroy(&ads);

	return 0;

}

	if (argc < 1) return net_ads_user_usage(argc, argv);

	if (!(ads = ads_startup())) return -1;

	if (!(ads = ads_startup())) {

		return -1;

	}

	status = ads_find_user_acct(ads, &res, argv[0]);

	char **grouplist;

	char *escaped_user = escape_ldap_string_alloc(argv[0]);

	if (argc < 1) return net_ads_user_usage(argc, argv);

	if (argc < 1) {

		return net_ads_user_usage(argc, argv);

	}

	if (!(ads = ads_startup())) return -1;

	if (!(ads = ads_startup())) {

		return -1;

	}

	if (!escaped_user) {

		d_printf("ads_user_info: failed to escape user %s\n", argv[0]);

		ads_destroy(&ads);

	 	return -1;

	}

	if (!ADS_ERR_OK(rc)) {

		d_printf("ads_search: %s\n", ads_errstr(rc));

		ads_destroy(&ads);

		return -1;

	}

	}

	ads_msgfree(ads, res);

	ads_destroy(&ads);

	return 0;

}

	void *res;

	char *userdn;

	if (argc < 1) return net_ads_user_usage(argc, argv);

	if (argc < 1) {

		return net_ads_user_usage(argc, argv);

	}

	if (!(ads = ads_startup())) return -1;

	if (!(ads = ads_startup())) {

		return -1;

	}

	rc = ads_find_user_acct(ads, &res, argv[0]);

	if (!ADS_ERR_OK(rc)) {

		DEBUG(0, ("User %s does not exist\n", argv[0]));

		ads_destroy(&ads);

		return -1;

	}

	userdn = ads_get_dn(ads, res);

	ads_memfree(ads, userdn);

	if (!ADS_ERR_OK(rc)) {

		d_printf("User %s deleted\n", argv[0]);

		ads_destroy(&ads);

		return 0;

	}

	d_printf("Error deleting user %s: %s\n", argv[0], 

		 ads_errstr(rc));

	ads_destroy(&ads);

	return -1;

}

	char *disp_fields[2] = {NULL, NULL};

	if (argc == 0) {

		if (!(ads = ads_startup())) return -1;

		if (!(ads = ads_startup())) {

			return -1;

		}

		if (opt_long_list_entries)

			d_printf("\nUser name             Comment"\

	void *res=NULL;

	int rc = -1;

	if (argc < 1) return net_ads_group_usage(argc, argv);

	if (argc < 1) {

		return net_ads_group_usage(argc, argv);

	}

	if (!(ads = ads_startup())) return -1;

	if (!(ads = ads_startup())) {

		return -1;

	}

	status = ads_find_user_acct(ads, &res, argv[0]);

	void *res;

	char *groupdn;

	if (argc < 1) return net_ads_group_usage(argc, argv);

	if (argc < 1) {

		return net_ads_group_usage(argc, argv);

	}

	if (!(ads = ads_startup())) return -1;

	if (!(ads = ads_startup())) {

		return -1;

	}

	rc = ads_find_user_acct(ads, &res, argv[0]);

	if (!ADS_ERR_OK(rc)) {

		DEBUG(0, ("Group %s does not exist\n", argv[0]));

		ads_destroy(&ads);

		return -1;

	}

	groupdn = ads_get_dn(ads, res);

	ads_memfree(ads, groupdn);

	if (!ADS_ERR_OK(rc)) {

		d_printf("Group %s deleted\n", argv[0]);

		ads_destroy(&ads);

		return 0;

	}

	d_printf("Error deleting group %s: %s\n", argv[0], 

		 ads_errstr(rc));

	ads_destroy(&ads);

	return -1;

}

	char *disp_fields[2] = {NULL, NULL};

	if (argc == 0) {

		if (!(ads = ads_startup())) return -1;

		if (!(ads = ads_startup())) {

			return -1;

		}

		if (opt_long_list_entries)

			d_printf("\nGroup name            Comment"\

	ADS_STATUS rc;

	void *res;

	if (!(ads = ads_startup())) return -1;

	if (!(ads = ads_startup())) {

		return -1;

	}

	rc = ads_find_machine_acct(ads, &res, global_myname());

	if (!ADS_ERR_OK(rc)) {

		d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc));

		ads_destroy(&ads);

		return -1;

	}

	if (ads_count_replies(ads, res) == 0) {

		d_printf("No machine account for '%s' found\n", global_myname());

		ads_destroy(&ads);

		return -1;

	}

	ads_dump(ads, res);

	ads_destroy(&ads);

	return 0;

}

	if (!ADS_ERR_OK(rc)) {

		d_printf("Failed to delete host '%s' from the '%s' realm.\n", 

			global_myname(), ads->config.realm);

		ads_destroy(&ads);

		return -1;

	}

	d_printf("Removed '%s' from realm '%s'\n", global_myname(), ads->config.realm);

	ads_destroy(&ads);

	return 0;

}

	const char *short_domain_name = NULL;

	TALLOC_CTX *ctx = NULL;

	if (argc > 0) org_unit = argv[0];

	if (argc > 0) {

		org_unit = argv[0];

	}

	if (!secrets_init()) {

		DEBUG(1,("Failed to initialise secrets database\n"));

	tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);

	password = strdup(tmp_password);

	if (!(ads = ads_startup())) return -1;

	if (!(ads = ads_startup())) {

		return -1;

	}

	if (!*lp_realm()) {

		d_printf("realm must be set in in smb.conf for ADS join to succeed.\n");

		ads_destroy(&ads);

		return -1;

	}

	if (strcmp(ads->config.realm, lp_realm()) != 0) {

		d_printf("realm of remote server (%s) and realm in smb.conf (%s) DO NOT match.  Aborting join\n", ads->config.realm, lp_realm());

		ads_destroy(&ads);

		return -1;

	}

	if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) {

		d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", 

			 org_unit, dn);

		ads_destroy(&ads);

		return -1;

	}

	free(dn);

	if (!ADS_ERR_OK(rc)) {

		d_printf("ads_join_realm: %s\n", ads_errstr(rc));

		ads_destroy(&ads);

		return -1;

	}	

	rc = ads_join_realm(ads, global_myname(), account_type, org_unit);

	if (!ADS_ERR_OK(rc)) {

		d_printf("ads_join_realm: %s\n", ads_errstr(rc));

		ads_destroy(&ads);

		return -1;

	}

	rc = ads_domain_sid(ads, &dom_sid);