s3: Add wbinfo --ccache-save

[ira/wip.git] / nsswitch / wbinfo.c

diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 04adddaf48c5bcaaff14004903c46a36c162e38e..a43ce8f4c96e70ddb932a1eb0602c571fdb8a710 100644 (file)
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -4,7 +4,8 @@
    Winbind status program.
 
    Copyright (C) Tim Potter      2000-2003
-   Copyright (C) Andrew Bartlett 2002
+   Copyright (C) Andrew Bartlett 2002-2007
+   Copyright (C) Volker Lendecke 2009
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -23,10 +24,16 @@
 #include "includes.h"
 #include "winbind_client.h"
 #include "libwbclient/wbclient.h"
+#include "lib/popt/popt.h"
 #include "../libcli/auth/libcli_auth.h"
+#if !(_SAMBA_VERSION_) < 4
+#include "lib/cmdline/popt_common.h"
+#endif
 
+#ifdef DBGC_CLASS
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
+#endif
 
 static struct wbcInterfaceDetails *init_interface_details(void)
 {
@@ -39,13 +46,14 @@ static struct wbcInterfaceDetails *init_interface_details(void)
 
        wbc_status = wbcInterfaceDetails(&details);
        if (!WBC_ERROR_IS_OK(wbc_status)) {
-               d_fprintf(stderr, "could not obtain winbind interface details!\n");
+               d_fprintf(stderr, "could not obtain winbind interface "
+                                 "details!\n");
        }
 
        return details;
 }
 
-static char winbind_separator_int(bool strict)
+static char winbind_separator(void)
 {
        struct wbcInterfaceDetails *details;
        static bool got_sep;
@@ -58,11 +66,7 @@ static char winbind_separator_int(bool strict)
 
        if (!details) {
                d_fprintf(stderr, "could not obtain winbind separator!\n");
-               if (strict) {
-                       return 0;
-               }
-               /* HACK: (this module should not call lp_ funtions) */
-               return *lp_winbind_separator();
+               return 0;
        }
 
        sep = details->winbind_separator;
@@ -70,21 +74,12 @@ static char winbind_separator_int(bool strict)
 
        if (!sep) {
                d_fprintf(stderr, "winbind separator was NULL!\n");
-               if (strict) {
-                       return 0;
-               }
-               /* HACK: (this module should not call lp_ funtions) */
-               sep = *lp_winbind_separator();
+               return 0;
        }
 
        return sep;
 }
 
-static char winbind_separator(void)
-{
-       return winbind_separator_int(false);
-}
-
 static const char *get_winbind_domain(void)
 {
        static struct wbcInterfaceDetails *details;
@@ -93,14 +88,26 @@ static const char *get_winbind_domain(void)
 
        if (!details) {
                d_fprintf(stderr, "could not obtain winbind domain name!\n");
-
-               /* HACK: (this module should not call lp_ functions) */
-               return lp_workgroup();
+               return 0;
        }
 
        return details->netbios_domain;
 }
 
+static const char *get_winbind_netbios_name(void)
+{
+       static struct wbcInterfaceDetails *details;
+
+       details = init_interface_details();
+
+       if (!details) {
+               d_fprintf(stderr, "could not obtain winbind netbios name!\n");
+               return 0;
+       }
+
+       return details->netbios_name;
+}
+
 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
    form DOMAIN/user into a domain and a user */
 
@@ -233,17 +240,25 @@ static bool wbinfo_get_groupinfo(const char *group)
 {
        wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
        struct group *grp;
+       char **mem;
 
        wbc_status = wbcGetgrnam(group, &grp);
        if (!WBC_ERROR_IS_OK(wbc_status)) {
                return false;
        }
 
-       d_printf("%s:%s:%u\n",
+       d_printf("%s:%s:%u:",
                 grp->gr_name,
                 grp->gr_passwd,
                 (unsigned int)grp->gr_gid);
 
+       mem = grp->gr_mem;
+       while (*mem != NULL) {
+               d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
+               mem += 1;
+       }
+       d_printf("\n");
+
        wbcFreeMemory(grp);
 
        return true;
@@ -254,17 +269,25 @@ static bool wbinfo_get_gidinfo(int gid)
 {
        wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
        struct group *grp;
+       char **mem;
 
        wbc_status = wbcGetgrgid(gid, &grp);
        if (!WBC_ERROR_IS_OK(wbc_status)) {
                return false;
        }
 
-       d_printf("%s:%s:%u\n",
+       d_printf("%s:%s:%u:",
                 grp->gr_name,
                 grp->gr_passwd,
                 (unsigned int)grp->gr_gid);
 
+       mem = grp->gr_mem;
+       while (*mem != NULL) {
+               d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
+               mem += 1;
+       }
+       d_printf("\n");
+
        wbcFreeMemory(grp);
 
        return true;
@@ -550,7 +573,8 @@ static bool wbinfo_list_own_domain(void)
 /* show sequence numbers */
 static bool wbinfo_show_sequence(const char *domain)
 {
-       d_printf("This command has been deprecated.  Please use the --online-status option instead.\n");
+       d_printf("This command has been deprecated.  Please use the "
+                "--online-status option instead.\n");
        return false;
 }
 
@@ -576,7 +600,8 @@ static bool wbinfo_show_onlinestatus(const char *domain)
                        }
                }
 
-               is_offline = (domain_list[i].domain_flags & WBC_DOMINFO_DOMAIN_OFFLINE);
+               is_offline = (domain_list[i].domain_flags &
+                             WBC_DOMINFO_DOMAIN_OFFLINE);
 
                d_printf("%s : %s\n",
                         domain_list[i].short_name,
@@ -595,7 +620,7 @@ static bool wbinfo_domain_info(const char *domain)
        struct wbcDomainInfo *dinfo = NULL;
        char *sid_str = NULL;
 
-       if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')) {
+       if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
                domain = get_winbind_domain();
        }
 
@@ -622,10 +647,12 @@ static bool wbinfo_domain_info(const char *domain)
        d_printf("Active Directory  : %s\n",
                 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
        d_printf("Native            : %s\n",
-                (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ? "Yes" : "No");
+                (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
+                "Yes" : "No");
 
        d_printf("Primary           : %s\n",
-                (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ? "Yes" : "No");
+                (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
+                "Yes" : "No");
 
        wbcFreeMemory(sid_str);
        wbcFreeMemory(dinfo);
@@ -646,9 +673,9 @@ static bool wbinfo_getdcname(const char *domain_name)
 
        /* Send request */
 
-       if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
-           NSS_STATUS_SUCCESS) {
-               d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
+       if (winbindd_request_response(WINBINDD_GETDCNAME, &request,
+                                     &response) != NSS_STATUS_SUCCESS) {
+               d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
                return false;
        }
 
@@ -662,50 +689,107 @@ static bool wbinfo_getdcname(const char *domain_name)
 /* Find a DC */
 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
 {
-       struct winbindd_request request;
-       struct winbindd_response response;
+       wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+       struct wbcDomainControllerInfoEx *dc_info;
+       char *str = NULL;
 
-       ZERO_STRUCT(request);
-       ZERO_STRUCT(response);
+       wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
+                                                flags | DS_DIRECTORY_SERVICE_REQUIRED,
+                                                &dc_info);
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
+               printf("Could not find dc for %s\n", domain_name);
+               return false;
+       }
 
-       fstrcpy(request.data.dsgetdcname.domain_name, domain_name);
-       request.data.dsgetdcname.flags = flags;
+       wbcGuidToString(dc_info->domain_guid, &str);
 
-       request.flags |= DS_DIRECTORY_SERVICE_REQUIRED;
+       d_printf("%s\n", dc_info->dc_unc);
+       d_printf("%s\n", dc_info->dc_address);
+       d_printf("%d\n", dc_info->dc_address_type);
+       d_printf("%s\n", str);
+       d_printf("%s\n", dc_info->domain_name);
+       d_printf("%s\n", dc_info->forest_name);
+       d_printf("0x%08x\n", dc_info->dc_flags);
+       d_printf("%s\n", dc_info->dc_site_name);
+       d_printf("%s\n", dc_info->client_site_name);
 
-       /* Send request */
+       return true;
+}
+
+/* Check trust account password */
+
+static bool wbinfo_check_secret(const char *domain)
+{
+       wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+       struct wbcAuthErrorInfo *error = NULL;
+       const char *domain_name;
+
+       if (domain) {
+               domain_name = domain;
+       } else {
+               domain_name = get_winbind_domain();
+       }
 
-       if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
-           NSS_STATUS_SUCCESS) {
-               d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
+       wbc_status = wbcCheckTrustCredentials(domain_name, &error);
+
+       d_printf("checking the trust secret for domain %s via RPC calls %s\n",
+               domain_name,
+               WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+       if (wbc_status == WBC_ERR_AUTH_ERROR) {
+               d_fprintf(stderr, "error code was %s (0x%x)\n",
+                         error->nt_string, error->nt_status);
+               wbcFreeMemory(error);
+       }
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
                return false;
        }
 
-       /* Display response */
+       return true;
+}
 
-       d_printf("%s\n", response.data.dsgetdcname.dc_unc);
-       d_printf("%s\n", response.data.dsgetdcname.dc_address);
-       d_printf("%d\n", response.data.dsgetdcname.dc_address_type);
-       d_printf("%s\n", response.data.dsgetdcname.domain_guid);
-       d_printf("%s\n", response.data.dsgetdcname.domain_name);
-       d_printf("%s\n", response.data.dsgetdcname.forest_name);
-       d_printf("0x%08x\n", response.data.dsgetdcname.dc_flags);
-       d_printf("%s\n", response.data.dsgetdcname.dc_site_name);
-       d_printf("%s\n", response.data.dsgetdcname.client_site_name);
+/* Change trust account password */
+
+static bool wbinfo_change_secret(const char *domain)
+{
+       wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+       struct wbcAuthErrorInfo *error = NULL;
+       const char *domain_name;
+
+       if (domain) {
+               domain_name = domain;
+       } else {
+               domain_name = get_winbind_domain();
+       }
+
+       wbc_status = wbcChangeTrustCredentials(domain_name, &error);
+
+       d_printf("changing the trust secret for domain %s via RPC calls %s\n",
+               domain_name,
+               WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+       if (wbc_status == WBC_ERR_AUTH_ERROR) {
+               d_fprintf(stderr, "error code was %s (0x%x)\n",
+                         error->nt_string, error->nt_status);
+               wbcFreeMemory(error);
+       }
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
+               return false;
+       }
 
        return true;
 }
 
-/* Check trust account password */
+/* Check DC connection */
 
-static bool wbinfo_check_secret(void)
+static bool wbinfo_ping_dc(void)
 {
        wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
        struct wbcAuthErrorInfo *error = NULL;
 
-       wbc_status = wbcCheckTrustCredentials(NULL, &error);
+       wbc_status = wbcPingDc(NULL, &error);
 
-       d_printf("checking the trust secret via RPC calls %s\n",
+       d_printf("checking the NETLOGON dc connection %s\n",
                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
        if (wbc_status == WBC_ERR_AUTH_ERROR) {
@@ -1039,13 +1123,13 @@ static bool wbinfo_lookuprids(const char *domain, const char *arg)
        enum wbcSidType *types = NULL;
        size_t i;
        int num_rids;
-       uint32 *rids = NULL;
+       uint32_t *rids = NULL;
        const char *p;
        char *ridstr;
        TALLOC_CTX *mem_ctx = NULL;
        bool ret = false;
 
-       if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')) {
+       if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
                domain = get_winbind_domain();
        }
 
@@ -1069,8 +1153,13 @@ static bool wbinfo_lookuprids(const char *domain, const char *arg)
        p = arg;
 
        while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
-               uint32 rid = strtoul(ridstr, NULL, 10);
-               ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
+               uint32_t rid = strtoul(ridstr, NULL, 10);
+               rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
+               if (rids == NULL) {
+                       d_printf("talloc_realloc failed\n");
+               }
+               rids[num_rids] = rid;
+               num_rids += 1;
        }
 
        if (rids == NULL) {
@@ -1090,7 +1179,7 @@ static bool wbinfo_lookuprids(const char *domain, const char *arg)
 
        for (i=0; i<num_rids; i++) {
                d_printf("%8d: %s (%s)\n", rids[i], names[i],
-                        sid_type_lookup(types[i]));
+                        wbcSidTypeString(types[i]));
        }
 
        ret = true;
@@ -1140,20 +1229,21 @@ static bool wbinfo_lookupname(const char *full_name)
 
        /* Display response */
 
-       d_printf("%s %s (%d)\n", sid_str, sid_type_lookup(type), type);
+       d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
 
        wbcFreeMemory(sid_str);
 
        return true;
 }
 
-static char *wbinfo_prompt_pass(const char *prefix,
+static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
+                               const char *prefix,
                                const char *username)
 {
        char *prompt;
        const char *ret = NULL;
 
-       prompt = talloc_asprintf(talloc_tos(), "Enter %s's ", username);
+       prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
        if (!prompt) {
                return NULL;
        }
@@ -1171,73 +1261,124 @@ static char *wbinfo_prompt_pass(const char *prefix,
        ret = getpass(prompt);
        TALLOC_FREE(prompt);
 
-       return SMB_STRDUP(ret);
+       return talloc_strdup(mem_ctx, ret);
 }
 
 /* Authenticate a user with a plaintext password */
 
-static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
+static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
 {
-       struct winbindd_request request;
-       struct winbindd_response response;
-       NSS_STATUS result;
-       char *p;
-       char *password;
-
-       /* Send off request */
-
-       ZERO_STRUCT(request);
-       ZERO_STRUCT(response);
+       wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+       char *s = NULL;
+       char *p = NULL;
+       char *password = NULL;
+       char *name = NULL;
+       char *local_cctype = NULL;
+       uid_t uid;
+       struct wbcLogonUserParams params;
+       struct wbcLogonUserInfo *info;
+       struct wbcAuthErrorInfo *error;
+       struct wbcUserPasswordPolicyInfo *policy;
+       TALLOC_CTX *frame = talloc_tos();
 
-       p = strchr(username, '%');
+       if ((s = talloc_strdup(frame, username)) == NULL) {
+               return false;
+       }
 
-       if (p) {
+       if ((p = strchr(s, '%')) != NULL) {
                *p = 0;
-               fstrcpy(request.data.auth.user, username);
-               fstrcpy(request.data.auth.pass, p + 1);
-               *p = '%';
+               p++;
+               password = talloc_strdup(frame, p);
        } else {
-               fstrcpy(request.data.auth.user, username);
-               password = wbinfo_prompt_pass(NULL, username);
-               fstrcpy(request.data.auth.pass, password);
-               SAFE_FREE(password);
+               password = wbinfo_prompt_pass(frame, NULL, username);
        }
 
-       request.flags = flags;
+       local_cctype = talloc_strdup(frame, cctype);
 
-       fstrcpy(request.data.auth.krb5_cc_type, cctype);
+       name = s;
 
-       request.data.auth.uid = geteuid();
+       uid = geteuid();
 
-       result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
+       params.username = name;
+       params.password = password;
+       params.num_blobs = 0;
+       params.blobs = NULL;
 
-       /* Display response */
+       wbc_status = wbcAddNamedBlob(&params.num_blobs,
+                                    &params.blobs,
+                                    "flags",
+                                    0,
+                                    (uint8_t *)&flags,
+                                    sizeof(flags));
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
+               goto done;
+       }
 
-       d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
-               username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
+       wbc_status = wbcAddNamedBlob(&params.num_blobs,
+                                    &params.blobs,
+                                    "user_uid",
+                                    0,
+                                    (uint8_t *)&uid,
+                                    sizeof(uid));
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
+               goto done;
+       }
 
-       if (response.data.auth.nt_status)
-               d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
-                        response.data.auth.nt_status_string,
-                        response.data.auth.nt_status,
-                        response.data.auth.error_string);
+       wbc_status = wbcAddNamedBlob(&params.num_blobs,
+                                    &params.blobs,
+                                    "krb5_cc_type",
+                                    0,
+                                    (uint8_t *)local_cctype,
+                                    strlen(cctype)+1);
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
+               goto done;
+       }
+
+       wbc_status = wbcLogonUser(&params, &info, &error, &policy);
+
+       d_printf("plaintext kerberos password authentication for [%s] %s "
+                "(requesting cctype: %s)\n",
+                username, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
+                cctype);
 
-       if (result == NSS_STATUS_SUCCESS) {
+       if (error) {
+               d_fprintf(stderr,
+                        "error code was %s (0x%x)\nerror messsage was: %s\n",
+                        error->nt_string,
+                        error->nt_status,
+                        error->display_string);
+       }
 
-               if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
-                       if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
-                               d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
+       if (WBC_ERROR_IS_OK(wbc_status)) {
+               if (flags & WBFLAG_PAM_INFO3_TEXT) {
+                       if (info && info->info && info->info->user_flags &
+                           NETLOGON_CACHED_ACCOUNT) {
+                               d_printf("user_flgs: "
+                                        "NETLOGON_CACHED_ACCOUNT\n");
                        }
                }
 
-               if (response.data.auth.krb5ccname[0] != '\0') {
-                       d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
+               if (info) {
+                       int i;
+                       for (i=0; i < info->num_blobs; i++) {
+                               if (strequal(info->blobs[i].name,
+                                            "krb5ccname")) {
+                                       d_printf("credentials were put "
+                                                "in: %s\n",
+                                               (const char *)
+                                                     info->blobs[i].blob.data);
+                                       break;
+                               }
+                       }
                } else {
                        d_printf("no credentials cached\n");
                }
        }
+ done:
 
-       return result == NSS_STATUS_SUCCESS;
+       wbcFreeMemory(params.blobs);
+
+       return WBC_ERROR_IS_OK(wbc_status);
 }
 
 /* Authenticate a user with a plaintext password */
@@ -1249,17 +1390,18 @@ static bool wbinfo_auth(char *username)
        char *p = NULL;
        char *password = NULL;
        char *name = NULL;
+       TALLOC_CTX *frame = talloc_tos();
 
-       if ((s = SMB_STRDUP(username)) == NULL) {
+       if ((s = talloc_strdup(frame, username)) == NULL) {
                return false;
        }
 
        if ((p = strchr(s, '%')) != NULL) {
                *p = 0;
                p++;
-               password = SMB_STRDUP(p);
+               password = talloc_strdup(frame, p);
        } else {
-               password = wbinfo_prompt_pass(NULL, username);
+               password = wbinfo_prompt_pass(frame, NULL, username);
        }
 
        name = s;
@@ -1271,21 +1413,19 @@ static bool wbinfo_auth(char *username)
 
 #if 0
        if (response.data.auth.nt_status)
-               d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
+               d_fprintf(stderr,
+                        "error code was %s (0x%x)\nerror messsage was: %s\n",
                         response.data.auth.nt_status_string,
                         response.data.auth.nt_status,
                         response.data.auth.error_string);
 #endif
 
-       SAFE_FREE(s);
-       SAFE_FREE(password);
-
        return WBC_ERROR_IS_OK(wbc_status);
 }
 
 /* Authenticate a user with a challenge/response */
 
-static bool wbinfo_auth_crap(char *username)
+static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
 {
        wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
        struct wbcAuthUserParams params;
@@ -1297,14 +1437,15 @@ static bool wbinfo_auth_crap(char *username)
        fstring name_domain;
        char *pass;
        char *p;
+       TALLOC_CTX *frame = talloc_tos();
 
        p = strchr(username, '%');
 
        if (p) {
                *p = 0;
-               pass = SMB_STRDUP(p + 1);
+               pass = talloc_strdup(frame, p + 1);
        } else {
-               pass = wbinfo_prompt_pass(NULL, username);
+               pass = wbinfo_prompt_pass(frame, NULL, username);
        }
 
        parse_wbinfo_domain_user(username, name_domain, name_user);
@@ -1321,31 +1462,35 @@ static bool wbinfo_auth_crap(char *username)
 
        generate_random_buffer(params.password.response.challenge, 8);
 
-       if (lp_client_ntlmv2_auth()) {
+       if (use_ntlmv2) {
                DATA_BLOB server_chal;
                DATA_BLOB names_blob;
 
                server_chal = data_blob(params.password.response.challenge, 8);
 
                /* Pretend this is a login to 'us', for blob purposes */
-               names_blob = NTLMv2_generate_names_blob(NULL, global_myname(), lp_workgroup());
+               names_blob = NTLMv2_generate_names_blob(NULL,
+                                               get_winbind_netbios_name(),
+                                               get_winbind_domain());
 
-               if (!SMBNTLMv2encrypt(NULL, name_user, name_domain, pass, &server_chal,
+               if (!SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
+                                     &server_chal,
                                      &names_blob,
                                      &lm, &nt, NULL, NULL)) {
                        data_blob_free(&names_blob);
                        data_blob_free(&server_chal);
-                       SAFE_FREE(pass);
+                       TALLOC_FREE(pass);
                        return false;
                }
                data_blob_free(&names_blob);
                data_blob_free(&server_chal);
 
        } else {
-               if (lp_client_lanman_auth()) {
+               if (use_lanman) {
                        bool ok;
                        lm = data_blob(NULL, 24);
-                       ok = SMBencrypt(pass, params.password.response.challenge,
+                       ok = SMBencrypt(pass,
+                                       params.password.response.challenge,
                                        lm.data);
                        if (!ok) {
                                data_blob_free(&lm);
@@ -1369,7 +1514,8 @@ static bool wbinfo_auth_crap(char *username)
                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
        if (wbc_status == WBC_ERR_AUTH_ERROR) {
-               d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
+               d_fprintf(stderr,
+                        "error code was %s (0x%x)\nerror messsage was: %s\n",
                         err->nt_string,
                         err->nt_status,
                         err->display_string);
@@ -1380,11 +1526,48 @@ static bool wbinfo_auth_crap(char *username)
 
        data_blob_free(&nt);
        data_blob_free(&lm);
-       SAFE_FREE(pass);
 
        return WBC_ERROR_IS_OK(wbc_status);
 }
 
+/* Save creds with winbind */
+
+static bool wbinfo_ccache_save(char *username)
+{
+       wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+       char *s = NULL;
+       char *p = NULL;
+       char *password = NULL;
+       char *name = NULL;
+       TALLOC_CTX *frame = talloc_stackframe();
+
+       s = talloc_strdup(frame, username);
+       if (s == NULL) {
+               return false;
+       }
+
+       p = strchr(s, '%');
+       if (p != NULL) {
+               *p = 0;
+               p++;
+               password = talloc_strdup(frame, p);
+       } else {
+               password = wbinfo_prompt_pass(frame, NULL, username);
+       }
+
+       name = s;
+
+       wbc_status = wbcCredentialSave(name, password);
+
+       d_printf("saving creds %s\n",
+                WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+       TALLOC_FREE(frame);
+
+       return WBC_ERROR_IS_OK(wbc_status);
+}
+
+#ifdef WITH_FAKE_KASERVER
 /* Authenticate a user with a plaintext password and set a token */
 
 static bool wbinfo_klog(char *username)
@@ -1413,7 +1596,8 @@ static bool wbinfo_klog(char *username)
 
        request.flags |= WBFLAG_PAM_AFS_TOKEN;
 
-       result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
+       result = winbindd_request_response(WINBINDD_PAM_AUTH, &request,
+                                          &response);
 
        /* Display response */
 
@@ -1421,7 +1605,8 @@ static bool wbinfo_klog(char *username)
                 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
 
        if (response.data.auth.nt_status)
-               d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
+               d_fprintf(stderr,
+                        "error code was %s (0x%x)\nerror messsage was: %s\n",
                         response.data.auth.nt_status_string,
                         response.data.auth.nt_status,
                         response.data.auth.error_string);
@@ -1442,6 +1627,13 @@ static bool wbinfo_klog(char *username)
        d_printf("Successfully created AFS token\n");
        return true;
 }
+#else
+static bool wbinfo_klog(char *username)
+{
+       d_fprintf(stderr, "No AFS support compiled in.\n");
+       return false;
+}
+#endif
 
 /* Print domain users */
 
@@ -1507,92 +1699,15 @@ static bool print_domain_groups(const char *domain)
 
 static bool wbinfo_set_auth_user(char *username)
 {
-       const char *password;
-       char *p;
-       fstring user, domain;
-
-       /* Separate into user and password */
-
-       parse_wbinfo_domain_user(username, domain, user);
-
-       p = strchr(user, '%');
-
-       if (p != NULL) {
-               *p = 0;
-               password = p+1;
-       } else {
-               char *thepass = getpass("Password: ");
-               if (thepass) {
-                       password = thepass;
-               } else
-                       password = "";
-       }
-
-       /* Store or remove DOMAIN\username%password in secrets.tdb */
-
-       secrets_init();
-
-       if (user[0]) {
-
-               if (!secrets_store(SECRETS_AUTH_USER, user,
-                                  strlen(user) + 1)) {
-                       d_fprintf(stderr, "error storing username\n");
-                       return false;
-               }
-
-               /* We always have a domain name added by the
-                  parse_wbinfo_domain_user() function. */
-
-               if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
-                                  strlen(domain) + 1)) {
-                       d_fprintf(stderr, "error storing domain name\n");
-                       return false;
-               }
-
-       } else {
-               secrets_delete(SECRETS_AUTH_USER);
-               secrets_delete(SECRETS_AUTH_DOMAIN);
-       }
-
-       if (password[0]) {
-
-               if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
-                                  strlen(password) + 1)) {
-                       d_fprintf(stderr, "error storing password\n");
-                       return false;
-               }
-
-       } else
-               secrets_delete(SECRETS_AUTH_PASSWORD);
-
-       return true;
+       d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
+                         "See 'net help setauthuser' for details.\n");
+       return false;
 }
 
 static void wbinfo_get_auth_user(void)
 {
-       char *user, *domain, *password;
-
-       /* Lift data from secrets file */
-
-       secrets_fetch_ipc_userpass(&user, &domain, &password);
-
-       if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
-
-               SAFE_FREE(user);
-               SAFE_FREE(domain);
-               SAFE_FREE(password);
-               d_printf("No authorised user configured\n");
-               return;
-       }
-
-       /* Pretty print authorised user info */
-
-       d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
-                user, password ? "%" : "", password ? password : "");
-
-       SAFE_FREE(user);
-       SAFE_FREE(domain);
-       SAFE_FREE(password);
+       d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
+                         "See 'net help getauthuser' for details.\n");
 }
 
 static bool wbinfo_ping(void)
@@ -1614,20 +1729,18 @@ static bool wbinfo_change_user_password(const char *username)
        wbcErr wbc_status;
        char *old_password = NULL;
        char *new_password = NULL;
+       TALLOC_CTX *frame = talloc_tos();
 
-       old_password = wbinfo_prompt_pass("old", username);
-       new_password = wbinfo_prompt_pass("new", username);
+       old_password = wbinfo_prompt_pass(frame, "old", username);
+       new_password = wbinfo_prompt_pass(frame, "new", username);
 
-       wbc_status = wbcChangeUserPassword(username, old_password, new_password);
+       wbc_status = wbcChangeUserPassword(username, old_password,new_password);
 
        /* Display response */
 
        d_printf("Password change for user %s %s\n", username,
                WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
-       SAFE_FREE(old_password);
-       SAFE_FREE(new_password);
-
        return WBC_ERROR_IS_OK(wbc_status);
 }
 
@@ -1659,7 +1772,11 @@ enum {
        OPT_VERBOSE,
        OPT_ONLINESTATUS,
        OPT_CHANGE_USER_PASSWORD,
-       OPT_SID_TO_FULLNAME
+       OPT_PING_DC,
+       OPT_CCACHE_SAVE,
+       OPT_SID_TO_FULLNAME,
+       OPT_NTLMV2,
+       OPT_LANMAN
 };
 
 int main(int argc, char **argv, char **envp)
@@ -1674,6 +1791,8 @@ int main(int argc, char **argv, char **envp)
        int int_subarg = -1;
        int result = 1;
        bool verbose = false;
+       bool use_ntlmv2 = false;
+       bool use_lanman = false;
 
        struct poptOption long_options[] = {
                POPT_AUTOHELP
@@ -1703,6 +1822,9 @@ int main(int argc, char **argv, char **envp)
                { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" },
                { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
                { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
+               { "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" },
+               { "ping-dc", 0, POPT_ARG_NONE, 0, OPT_PING_DC,
+                 "Check the NETLOGON connection" },
                { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
                { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
                { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
@@ -1721,6 +1843,9 @@ int main(int argc, char **argv, char **envp)
                { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
                { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
                { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
+               { "ccache-save", 0, POPT_ARG_STRING, &string_arg,
+                 OPT_CCACHE_SAVE, "Store user and password for ccache "
+                 "operation", "user%password" },
                { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
                  "Get a DC name for a foreign domain", "domainname" },
                { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
@@ -1738,7 +1863,8 @@ int main(int argc, char **argv, char **envp)
                { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
                { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
                { "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL },
-               POPT_COMMON_CONFIGFILE
+               { "ntlmv2", 0, POPT_ARG_NONE, 0, OPT_NTLMV2, "Use NTLMv2 cryptography for user authentication", NULL},
+               { "lanman", 0, POPT_ARG_NONE, 0, OPT_LANMAN, "Use lanman cryptography for user authentication", NULL},
                POPT_COMMON_VERSION
                POPT_TABLEEND
        };
@@ -1749,7 +1875,8 @@ int main(int argc, char **argv, char **envp)
 
        /* Parse options */
 
-       pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
+       pc = poptGetContext("wbinfo", argc, (const char **)argv,
+                           long_options, 0);
 
        /* Parse command line options */
 
@@ -1762,24 +1889,19 @@ int main(int argc, char **argv, char **envp)
                /* get the generic configuration parameters like --domain */
                switch (opt) {
                case OPT_VERBOSE:
-                       verbose = True;
+                       verbose = true;
+                       break;
+               case OPT_NTLMV2:
+                       use_ntlmv2 = true;
+                       break;
+               case OPT_LANMAN:
+                       use_lanman = true;
                        break;
                }
        }
 
        poptFreeContext(pc);
 
-       if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, true)) {
-               d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
-                       get_dyn_CONFIGFILE(), strerror(errno));
-               exit(1);
-       }
-
-       if (!init_names())
-               return 1;
-
-       load_interfaces();
-
        pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
                            POPT_CONTEXT_KEEP_FIRST);
 
@@ -1787,19 +1909,23 @@ int main(int argc, char **argv, char **envp)
                switch (opt) {
                case 'u':
                        if (!print_domain_users(opt_domain_name)) {
-                               d_fprintf(stderr, "Error looking up domain users\n");
+                               d_fprintf(stderr,
+                                         "Error looking up domain users\n");
                                goto done;
                        }
                        break;
                case 'g':
                        if (!print_domain_groups(opt_domain_name)) {
-                               d_fprintf(stderr, "Error looking up domain groups\n");
+                               d_fprintf(stderr,
+                                         "Error looking up domain groups\n");
                                goto done;
                        }
                        break;
                case 's':
                        if (!wbinfo_lookupsid(string_arg)) {
-                               d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
+                               d_fprintf(stderr,
+                                         "Could not lookup sid %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
@@ -1812,52 +1938,63 @@ int main(int argc, char **argv, char **envp)
                        break;
                case 'R':
                        if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
-                               d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
+                               d_fprintf(stderr, "Could not lookup RIDs %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case 'n':
                        if (!wbinfo_lookupname(string_arg)) {
-                               d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
+                               d_fprintf(stderr, "Could not lookup name %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case 'N':
                        if (!wbinfo_wins_byname(string_arg)) {
-                               d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
+                               d_fprintf(stderr,
+                                         "Could not lookup WINS by name %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case 'I':
                        if (!wbinfo_wins_byip(string_arg)) {
-                               d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
+                               d_fprintf(stderr,
+                                         "Could not lookup WINS by IP %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case 'U':
                        if (!wbinfo_uid_to_sid(int_arg)) {
-                               d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
+                               d_fprintf(stderr,
+                                         "Could not convert uid %d to sid\n",
+                                         int_arg);
                                goto done;
                        }
                        break;
                case 'G':
                        if (!wbinfo_gid_to_sid(int_arg)) {
-                               d_fprintf(stderr, "Could not convert gid %d to sid\n",
-                                      int_arg);
+                               d_fprintf(stderr,
+                                         "Could not convert gid %d to sid\n",
+                                         int_arg);
                                goto done;
                        }
                        break;
                case 'S':
                        if (!wbinfo_sid_to_uid(string_arg)) {
-                               d_fprintf(stderr, "Could not convert sid %s to uid\n",
-                                      string_arg);
+                               d_fprintf(stderr,
+                                         "Could not convert sid %s to uid\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case 'Y':
                        if (!wbinfo_sid_to_gid(string_arg)) {
-                               d_fprintf(stderr, "Could not convert sid %s to gid\n",
-                                      string_arg);
+                               d_fprintf(stderr,
+                                         "Could not convert sid %s to gid\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
@@ -1916,46 +2053,64 @@ int main(int argc, char **argv, char **envp)
                        }
                        break;
                case 't':
-                       if (!wbinfo_check_secret()) {
+                       if (!wbinfo_check_secret(opt_domain_name)) {
                                d_fprintf(stderr, "Could not check secret\n");
                                goto done;
                        }
                        break;
+               case 'c':
+                       if (!wbinfo_change_secret(opt_domain_name)) {
+                               d_fprintf(stderr, "Could not change secret\n");
+                               goto done;
+                       }
+                       break;
+               case OPT_PING_DC:
+                       if (!wbinfo_ping_dc()) {
+                               d_fprintf(stderr, "Could not ping our DC\n");
+                               goto done;
+                       }
+                       break;
                case 'm':
                        if (!wbinfo_list_domains(false, verbose)) {
-                               d_fprintf(stderr, "Could not list trusted domains\n");
+                               d_fprintf(stderr,
+                                         "Could not list trusted domains\n");
                                goto done;
                        }
                        break;
                case OPT_SEQUENCE:
                        if (!wbinfo_show_sequence(opt_domain_name)) {
-                               d_fprintf(stderr, "Could not show sequence numbers\n");
+                               d_fprintf(stderr,
+                                         "Could not show sequence numbers\n");
                                goto done;
                        }
                        break;
                case OPT_ONLINESTATUS:
                        if (!wbinfo_show_onlinestatus(opt_domain_name)) {
-                               d_fprintf(stderr, "Could not show online-status\n");
+                               d_fprintf(stderr,
+                                         "Could not show online-status\n");
                                goto done;
                        }
                        break;
                case 'D':
                        if (!wbinfo_domain_info(string_arg)) {
-                               d_fprintf(stderr, "Could not get domain info\n");
+                               d_fprintf(stderr,
+                                         "Could not get domain info\n");
                                goto done;
                        }
                        break;
                case 'i':
                        if (!wbinfo_get_userinfo(string_arg)) {
-                               d_fprintf(stderr, "Could not get info for user %s\n",
-                                                 string_arg);
+                               d_fprintf(stderr,
+                                         "Could not get info for user %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case OPT_USER_SIDINFO:
                        if ( !wbinfo_get_user_sidinfo(string_arg)) {
-                               d_fprintf(stderr, "Could not get info for user sid %s\n",
-                                   string_arg);
+                               d_fprintf(stderr,
+                                         "Could not get info for user "
+                                         "sid %s\n", string_arg);
                                goto done;
                        }
                        break;
@@ -1982,27 +2137,31 @@ int main(int argc, char **argv, char **envp)
                        break;
                case 'r':
                        if (!wbinfo_get_usergroups(string_arg)) {
-                               d_fprintf(stderr, "Could not get groups for user %s\n",
-                                      string_arg);
+                               d_fprintf(stderr,
+                                         "Could not get groups for user %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case OPT_USERSIDS:
                        if (!wbinfo_get_usersids(string_arg)) {
-                               d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
-                                      string_arg);
+                               d_fprintf(stderr, "Could not get group SIDs "
+                                         "for user SID %s\n",
+                                         string_arg);
                                goto done;
                        }
                        break;
                case OPT_USERDOMGROUPS:
                        if (!wbinfo_get_userdomgroups(string_arg)) {
-                               d_fprintf(stderr, "Could not get user's domain groups "
-                                        "for user SID %s\n", string_arg);
+                               d_fprintf(stderr, "Could not get user's domain "
+                                        "groups for user SID %s\n",
+                                        string_arg);
                                goto done;
                        }
                        break;
                case OPT_SIDALIASES:
-                       if (!wbinfo_get_sidaliases(opt_domain_name, string_arg)) {
+                       if (!wbinfo_get_sidaliases(opt_domain_name,
+                                                  string_arg)) {
                                d_fprintf(stderr, "Could not get sid aliases "
                                         "for user SID %s\n", string_arg);
                                goto done;
@@ -2012,14 +2171,19 @@ int main(int argc, char **argv, char **envp)
                                bool got_error = false;
 
                                if (!wbinfo_auth(string_arg)) {
-                                       d_fprintf(stderr, "Could not authenticate user %s with "
-                                               "plaintext password\n", string_arg);
+                                       d_fprintf(stderr,
+                                                 "Could not authenticate user "
+                                                 "%s with plaintext "
+                                                 "password\n", string_arg);
                                        got_error = true;
                                }
 
-                               if (!wbinfo_auth_crap(string_arg)) {
-                                       d_fprintf(stderr, "Could not authenticate user %s with "
-                                               "challenge/response\n", string_arg);
+                               if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
+                                                     use_lanman)) {
+                                       d_fprintf(stderr,
+                                               "Could not authenticate user "
+                                               "%s with challenge/response\n",
+                                               string_arg);
                                        got_error = true;
                                }
 
@@ -2028,15 +2192,19 @@ int main(int argc, char **argv, char **envp)
                                break;
                        }
                case 'K': {
-                               uint32 flags =  WBFLAG_PAM_KRB5 |
-                                               WBFLAG_PAM_CACHED_LOGIN |
+                               uint32_t flags = WBFLAG_PAM_KRB5 |
+                                                WBFLAG_PAM_CACHED_LOGIN |
                                                WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
-                                               WBFLAG_PAM_INFO3_TEXT |
-                                               WBFLAG_PAM_CONTACT_TRUSTDOM;
-
-                               if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
-                                       d_fprintf(stderr, "Could not authenticate user [%s] with "
-                                               "Kerberos (ccache: %s)\n", string_arg, "FILE");
+                                                WBFLAG_PAM_INFO3_TEXT |
+                                                WBFLAG_PAM_CONTACT_TRUSTDOM;
+
+                               if (!wbinfo_auth_krb5(string_arg, "FILE",
+                                                     flags)) {
+                                       d_fprintf(stderr,
+                                               "Could not authenticate user "
+                                               "[%s] with Kerberos "
+                                               "(ccache: %s)\n", string_arg,
+                                               "FILE");
                                        goto done;
                                }
                                break;
@@ -2060,6 +2228,12 @@ int main(int argc, char **argv, char **envp)
                        break;
                case OPT_GET_AUTH_USER:
                        wbinfo_get_auth_user();
+                       goto done;
+                       break;
+               case OPT_CCACHE_SAVE:
+                       if (!wbinfo_ccache_save(string_arg)) {
+                               goto done;
+                       }
                        break;
                case OPT_GETDCNAME:
                        if (!wbinfo_getdcname(string_arg)) {
@@ -2072,7 +2246,7 @@ int main(int argc, char **argv, char **envp)
                        }
                        break;
                case OPT_SEPARATOR: {
-                       const char sep = winbind_separator_int(true);
+                       const char sep = winbind_separator();
                        if ( !sep ) {
                                goto done;
                        }
@@ -2091,7 +2265,8 @@ int main(int argc, char **argv, char **envp)
                        break;
                case OPT_CHANGE_USER_PASSWORD:
                        if (!wbinfo_change_user_password(string_arg)) {
-                               d_fprintf(stderr, "Could not change user password "
+                               d_fprintf(stderr,
+                                       "Could not change user password "
                                         "for user %s\n", string_arg);
                                goto done;
                        }
@@ -2102,6 +2277,10 @@ int main(int argc, char **argv, char **envp)
                        break;
                case OPT_VERBOSE:
                        break;
+               case OPT_NTLMV2:
+                       break;
+               case OPT_LANMAN:
+                       break;
                default:
                        d_fprintf(stderr, "Invalid option\n");
                        poptPrintHelp(pc, stderr, 0);
@@ -2114,7 +2293,7 @@ int main(int argc, char **argv, char **envp)
        /* Exit code */
 
  done:
-       talloc_destroy(frame);
+       talloc_free(frame);
 
        poptFreeContext(pc);
        return result;