/* 
 *  Unix SMB/CIFS implementation.
 *  RPC Pipe client / server routines
 *  Copyright (C) Andrew Tridgell              1992-2000,
 *  Copyright (C) Jean Fran�ois Micouleau      1998-2001.
 *  Copyright (C) Volker Lendecke              2006.
 *  Copyright (C) Gerald Carter                2006.
 *  
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

#include "includes.h"
#include "system/passwd.h"
#include "passdb.h"
#include "groupdb/mapping.h"
#include "../libcli/security/security.h"
#include "lib/winbind_util.h"
#include "tdb_compat.h"
#include "groupdb/mapping_tdb.h"

static const struct mapping_backend *backend;

/*
  initialise a group mapping backend
 */
static bool init_group_mapping(void)
{
	if (backend != NULL) {
		/* already initialised */
		return True;
	}

        backend = groupdb_tdb_init();

	return backend != NULL;
}

/****************************************************************************
initialise first time the mapping list
****************************************************************************/
NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment)
{
	NTSTATUS status;
	GROUP_MAP *map;

	if(!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}

	map = talloc_zero(NULL, GROUP_MAP);
	if (!map) {
		return NT_STATUS_NO_MEMORY;
	}

	map->gid=gid;
	if (!string_to_sid(&map->sid, sid)) {
		DEBUG(0, ("string_to_sid failed: %s", sid));
		status = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	map->sid_name_use=sid_name_use;
	map->nt_name = talloc_strdup(map, nt_name);
	if (!map->nt_name) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}

	if (comment) {
		map->comment = talloc_strdup(map, comment);
	} else {
		map->comment = talloc_strdup(map, "");
	}
	if (!map->comment) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}

	status = pdb_add_group_mapping_entry(map);

done:
	TALLOC_FREE(map);
	return status;
}

static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members,
				  struct dom_sid **sids, size_t *num)
{
	size_t i;

	*num = 0;
	*sids = NULL;

	for (i=0; i<num_members; i++) {
		NTSTATUS status = backend->one_alias_membership(&members[i], sids, num);
		if (!NT_STATUS_IS_OK(status))
			return status;
	}
	return NT_STATUS_OK;
}

struct aliasmem_closure {
	const struct dom_sid *alias;
	struct dom_sid **sids;
	size_t *num;
};



/*
 *
 * High level functions
 * better to use them than the lower ones.
 *
 * we are checking if the group is in the mapping file
 * and if the group is an existing unix group
 *
 */

/* get a domain group from it's SID */

bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map)
{
	struct group *grp;
	bool ret;

	if(!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return(False);
	}

	DEBUG(10, ("get_domain_group_from_sid\n"));

	/* if the group is NOT in the database, it CAN NOT be a domain group */

	become_root();
	ret = pdb_getgrsid(map, sid);
	unbecome_root();

	/* special case check for rid 513 */

	if ( !ret ) {
		uint32 rid;

		sid_peek_rid( &sid, &rid );

		if ( rid == DOMAIN_RID_USERS ) {
			map->nt_name = talloc_strdup(map, "None");
			if (!map->nt_name) {
				return false;
			}
			map->comment = talloc_strdup(map, "Ordinary Users");
			if (!map->comment) {
				return false;
			}
			sid_copy( &map->sid, &sid );
			map->sid_name_use = SID_NAME_DOM_GRP;
			map->gid = (gid_t)-1;
			return True;
		}
		return False;
	}

	DEBUG(10, ("get_domain_group_from_sid: SID found in passdb\n"));

	/* if it's not a domain group, continue */
	if (map->sid_name_use!=SID_NAME_DOM_GRP) {
		return False;
	}

	DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));

	if (map->gid==-1) {
		return False;
	}

	DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));

	grp = getgrgid(map->gid);
	if ( !grp ) {
		DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
		return False;
	}

	DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));

	return True;
}

/****************************************************************************
 Create a UNIX group on demand.
****************************************************************************/

int smb_create_group(const char *unix_group, gid_t *new_gid)
{
	char *add_script = NULL;
	int 	ret = -1;
	int 	fd = 0;

	*new_gid = 0;

	/* defer to scripts */

	if ( *lp_addgroup_script() ) {
		TALLOC_CTX *ctx = talloc_tos();

		add_script = talloc_strdup(ctx,
					lp_addgroup_script());
		if (!add_script) {
			return -1;
		}
		add_script = talloc_string_sub(ctx,
				add_script, "%g", unix_group);
		if (!add_script) {
			return -1;
		}

		ret = smbrun(add_script, &fd);
		DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
		if (ret == 0) {
			smb_nscd_flush_group_cache();
		}
		if (ret != 0)
			return ret;

		if (fd != 0) {
			fstring output;

			*new_gid = 0;
			if (read(fd, output, sizeof(output)) > 0) {
				*new_gid = (gid_t)strtoul(output, NULL, 10);
			}

			close(fd);
		}

	}

	if (*new_gid == 0) {
		struct group *grp = getgrnam(unix_group);

		if (grp != NULL)
			*new_gid = grp->gr_gid;
	}

	return ret;
}

/****************************************************************************
 Delete a UNIX group on demand.
****************************************************************************/

int smb_delete_group(const char *unix_group)
{
	char *del_script = NULL;
	int ret = -1;

	/* defer to scripts */

	if ( *lp_delgroup_script() ) {
		TALLOC_CTX *ctx = talloc_tos();

		del_script = talloc_strdup(ctx,
				lp_delgroup_script());
		if (!del_script) {
			return -1;
		}
		del_script = talloc_string_sub(ctx,
				del_script, "%g", unix_group);
		if (!del_script) {
			return -1;
		}
		ret = smbrun(del_script,NULL);
		DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
		if (ret == 0) {
			smb_nscd_flush_group_cache();
		}
		return ret;
	}

	return -1;
}

/****************************************************************************
 Set a user's primary UNIX group.
****************************************************************************/

int smb_set_primary_group(const char *unix_group, const char* unix_user)
{
	char *add_script = NULL;
	int ret = -1;

	/* defer to scripts */

	if ( *lp_setprimarygroup_script() ) {
		TALLOC_CTX *ctx = talloc_tos();

		add_script = talloc_strdup(ctx,
				lp_setprimarygroup_script());
		if (!add_script) {
			return -1;
		}
		add_script = talloc_all_string_sub(ctx,
				add_script, "%g", unix_group);
		if (!add_script) {
			return -1;
		}
		add_script = talloc_string_sub(ctx,
				add_script, "%u", unix_user);
		if (!add_script) {
			return -1;
		}
		ret = smbrun(add_script,NULL);
		flush_pwnam_cache();
		DEBUG(ret ? 0 : 3,("smb_set_primary_group: "
			 "Running the command `%s' gave %d\n",add_script,ret));
		if (ret == 0) {
			smb_nscd_flush_group_cache();
		}
		return ret;
	}

	return -1;
}

/****************************************************************************
 Add a user to a UNIX group.
****************************************************************************/

int smb_add_user_group(const char *unix_group, const char *unix_user)
{
	char *add_script = NULL;
	int ret = -1;

	/* defer to scripts */

	if ( *lp_addusertogroup_script() ) {
		TALLOC_CTX *ctx = talloc_tos();

		add_script = talloc_strdup(ctx,
				lp_addusertogroup_script());
		if (!add_script) {
			return -1;
		}
		add_script = talloc_string_sub(ctx,
				add_script, "%g", unix_group);
		if (!add_script) {
			return -1;
		}
		add_script = talloc_string_sub2(ctx,
				add_script, "%u", unix_user, true, false, true);
		if (!add_script) {
			return -1;
		}
		ret = smbrun(add_script,NULL);
		DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
		if (ret == 0) {
			smb_nscd_flush_group_cache();
		}
		return ret;
	}

	return -1;
}

/****************************************************************************
 Delete a user from a UNIX group
****************************************************************************/

int smb_delete_user_group(const char *unix_group, const char *unix_user)
{
	char *del_script = NULL;
	int ret = -1;

	/* defer to scripts */

	if ( *lp_deluserfromgroup_script() ) {
		TALLOC_CTX *ctx = talloc_tos();

		del_script = talloc_strdup(ctx,
				lp_deluserfromgroup_script());
		if (!del_script) {
			return -1;
		}
		del_script = talloc_string_sub(ctx,
				del_script, "%g", unix_group);
		if (!del_script) {
			return -1;
		}
		del_script = talloc_string_sub2(ctx,
				del_script, "%u", unix_user, true, false, true);
		if (!del_script) {
			return -1;
		}
		ret = smbrun(del_script,NULL);
		DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
		if (ret == 0) {
			smb_nscd_flush_group_cache();
		}
		return ret;
	}

	return -1;
}


NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
				 struct dom_sid sid)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->get_group_map_from_sid(sid, map) ?
		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
				 gid_t gid)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->get_group_map_from_gid(gid, map) ?
		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
				 const char *name)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->get_group_map_from_ntname(name, map) ?
		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
						GROUP_MAP *map)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->add_mapping_entry(map, TDB_INSERT) ?
		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
						   GROUP_MAP *map)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->add_mapping_entry(map, TDB_REPLACE) ?
		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
						   struct dom_sid sid)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->group_map_remove(&sid) ?
		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
					const struct dom_sid *sid,
					enum lsa_SidType sid_name_use,
					GROUP_MAP ***pp_rmap,
					size_t *p_num_entries,
					bool unix_only)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ?
		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
				  const char *name, uint32 *rid)
{
	struct dom_sid sid;
	enum lsa_SidType type;
	uint32 new_rid;
	gid_t gid;
	bool exists;
	GROUP_MAP *map;
	TALLOC_CTX *mem_ctx;
	NTSTATUS status;

	DEBUG(10, ("Trying to create alias %s\n", name));

	mem_ctx = talloc_new(NULL);
	if (mem_ctx == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
			     NULL, NULL, &sid, &type);

	if (exists) {
		status = NT_STATUS_ALIAS_EXISTS;
		goto done;
	}

	if (!pdb_new_rid(&new_rid)) {
		DEBUG(0, ("Could not allocate a RID.\n"));
		status = NT_STATUS_ACCESS_DENIED;
		goto done;
	}

	sid_compose(&sid, get_global_sam_sid(), new_rid);

	if (!winbind_allocate_gid(&gid)) {
		DEBUG(3, ("Could not get a gid out of winbind - "
			  "wasted a rid :-(\n"));
		status = NT_STATUS_ACCESS_DENIED;
		goto done;
	}

	DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
		   name, (unsigned int)gid, (unsigned int)new_rid));

	map = talloc_zero(mem_ctx, GROUP_MAP);
	if (!map) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}

	map->gid = gid;
	sid_copy(&map->sid, &sid);
	map->sid_name_use = SID_NAME_ALIAS;
	map->nt_name = talloc_strdup(map, name);
	if (!map->nt_name) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}
	map->comment = talloc_strdup(map, "");
	if (!map->comment) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}

	status = pdb_add_group_mapping_entry(map);

	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("Could not add group mapping entry for alias %s "
			  "(%s)\n", name, nt_errstr(status)));
		goto done;
	}

	*rid = new_rid;

done:
	TALLOC_FREE(mem_ctx);
	return status;
}

NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
				  const struct dom_sid *sid)
{
	return pdb_delete_group_mapping_entry(*sid);
}

NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
				   const struct dom_sid *sid,
				   struct acct_info *info)
{
	NTSTATUS status = NT_STATUS_OK;
	GROUP_MAP *map;

	map = talloc_zero(NULL, GROUP_MAP);
	if (!map) {
		return NT_STATUS_NO_MEMORY;
	}

	if (!pdb_getgrsid(map, *sid)) {
		status = NT_STATUS_NO_SUCH_ALIAS;
		goto done;
	}

	if ((map->sid_name_use != SID_NAME_ALIAS) &&
	    (map->sid_name_use != SID_NAME_WKN_GRP)) {
		DEBUG(2, ("%s is a %s, expected an alias\n",
			  sid_string_dbg(sid),
			  sid_type_lookup(map->sid_name_use)));
		status = NT_STATUS_NO_SUCH_ALIAS;
		goto done;
	}

	info->acct_name = talloc_move(info, &map->nt_name);
	if (!info->acct_name) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}
	info->acct_desc = talloc_move(info, &map->comment);
	if (!info->acct_desc) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}
	sid_peek_rid(&map->sid, &info->rid);

done:
	TALLOC_FREE(map);
	return status;
}

NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
				   const struct dom_sid *sid,
				   struct acct_info *info)
{
	NTSTATUS status = NT_STATUS_OK;
	GROUP_MAP *map;

	map = talloc_zero(NULL, GROUP_MAP);
	if (!map) {
		return NT_STATUS_NO_MEMORY;
	}

	if (!pdb_getgrsid(map, *sid)) {
		status = NT_STATUS_NO_SUCH_ALIAS;
		goto done;
	}

	map->nt_name = talloc_strdup(map, info->acct_name);
	if (!map->nt_name) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}
	map->comment = talloc_strdup(map, info->acct_desc);
	if (!map->comment) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}

	status = pdb_update_group_mapping_entry(map);

done:
	TALLOC_FREE(map);
	return status;
}

NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
				  const struct dom_sid *alias, const struct dom_sid *member)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->add_aliasmem(alias, member);
}

NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
				  const struct dom_sid *alias, const struct dom_sid *member)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->del_aliasmem(alias, member);
}

NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
				   const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
				   struct dom_sid **pp_members, size_t *p_num_members)
{
	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
	return backend->enum_aliasmem(alias, mem_ctx, pp_members,
				      p_num_members);
}

NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
				       TALLOC_CTX *mem_ctx,
				       const struct dom_sid *domain_sid,
				       const struct dom_sid *members,
				       size_t num_members,
				       uint32 **pp_alias_rids,
				       size_t *p_num_alias_rids)
{
	struct dom_sid *alias_sids;
	size_t i, num_alias_sids;
	NTSTATUS result;

	if (!init_group_mapping()) {
		DEBUG(0,("failed to initialize group mapping\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}

	alias_sids = NULL;
	num_alias_sids = 0;

	result = alias_memberships(members, num_members,
				   &alias_sids, &num_alias_sids);

	if (!NT_STATUS_IS_OK(result))
		return result;

	*p_num_alias_rids = 0;

	if (num_alias_sids == 0) {
		TALLOC_FREE(alias_sids);
		return NT_STATUS_OK;
	}

	*pp_alias_rids = talloc_array(mem_ctx, uint32, num_alias_sids);
	if (*pp_alias_rids == NULL)
		return NT_STATUS_NO_MEMORY;

	for (i=0; i<num_alias_sids; i++) {
		if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
					&(*pp_alias_rids)[*p_num_alias_rids]))
			continue;
		*p_num_alias_rids += 1;
	}

	TALLOC_FREE(alias_sids);

	return NT_STATUS_OK;
}

/**********************************************************************
 no ops for passdb backends that don't implement group mapping
 *********************************************************************/

NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
				 struct dom_sid sid)
{
	return NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
				 gid_t gid)
{
	return NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
				 const char *name)
{
	return NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods,
						GROUP_MAP *map)
{
	return NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods,
						   GROUP_MAP *map)
{
	return NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
						   struct dom_sid sid)
{
	return NT_STATUS_UNSUCCESSFUL;
}

NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
					   enum lsa_SidType sid_name_use,
					   GROUP_MAP **rmap, size_t *num_entries,
					   bool unix_only)
{
	return NT_STATUS_UNSUCCESSFUL;
}

/********************************************************************
 Really just intended to be called by smbd
********************************************************************/

NTSTATUS pdb_create_builtin_alias(uint32 rid)
{
	struct dom_sid sid;
	enum lsa_SidType type;
	gid_t gid;
	GROUP_MAP *map;
	NTSTATUS status;
	const char *name = NULL;

	DEBUG(10, ("Trying to create builtin alias %d\n", rid));

	if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) {
		return NT_STATUS_NO_SUCH_ALIAS;
	}

	/* use map as overall temp mem context */
	map = talloc_zero(NULL, GROUP_MAP);
	if (!map) {
		return NT_STATUS_NO_MEMORY;
	}

	if (!lookup_sid(map, &sid, NULL, &name, &type)) {
		status = NT_STATUS_NO_SUCH_ALIAS;
		goto done;
	}

	if (!winbind_allocate_gid(&gid)) {
		DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n"));
		status = NT_STATUS_ACCESS_DENIED;
		goto done;
	}

	DEBUG(10, ("Creating alias %s with gid %u\n", name, (unsigned)gid));

	map->gid = gid;
	sid_copy(&map->sid, &sid);
	map->sid_name_use = SID_NAME_ALIAS;
	map->nt_name = talloc_strdup(map, name);
	if (!map->nt_name) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}
	map->comment = talloc_strdup(map, "");
	if (!map->comment) {
		status = NT_STATUS_NO_MEMORY;
		goto done;
	}

	status = pdb_add_group_mapping_entry(map);

	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
			  "(%s)\n", rid, nt_errstr(status)));
	}

done:
	TALLOC_FREE(map);
	return status;
}