/*
   Unix SMB/CIFS implementation.
   Password and authentication handling
   Copyright (C) Andrew Bartlett			2002
   Copyright (C) Jelmer Vernooij			2002
   Copyright (C) Stefan (metze) Metzmacher		2002
   Copyright (C) Kai Kr�ger				2002

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "includes.h"

#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM

extern DOM_SID global_sid_Builtin;

/** List of various built-in sam modules */

const struct sam_init_function_entry builtin_sam_init_functions[] = {
	{ "plugin", sam_init_plugin },
#ifdef HAVE_LDAP
	{ "ads", sam_init_ads },
#endif
	{ "skel", sam_init_skel },
	{ NULL, NULL}
};


static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
{
	SAM_METHODS	*tmp_methods;

	DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));

	/* invalid sam_context specified */
	SAM_ASSERT(context && context->methods);

	tmp_methods = context->methods;

	while (tmp_methods) {
		if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
		{
			(*sam_method) = tmp_methods;
			return NT_STATUS_OK;
		}
		tmp_methods = tmp_methods->next;
	}

	DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));

	return NT_STATUS_NO_SUCH_DOMAIN;
}

static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
{
	SAM_METHODS	*tmp_methods;

	DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));

	/* invalid sam_context specified */
	SAM_ASSERT(context && context->methods);

	tmp_methods = context->methods;

	while (tmp_methods) {
		if (strequal(domainname, tmp_methods->domain_name))
		{
			(*sam_method) = tmp_methods;
			return NT_STATUS_OK;
		}
		tmp_methods = tmp_methods->next;
	}

	DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));

	return NT_STATUS_NO_SUCH_DOMAIN;
}

static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
{
	*methods = talloc(mem_ctx, sizeof(SAM_METHODS));

	if (!*methods) {
		return NT_STATUS_NO_MEMORY;
	}

	ZERO_STRUCTP(*methods);

	return NT_STATUS_OK;
}

/******************************************************************
  Free and cleanup a sam context, any associated data and anything
  that the attached modules might have associated.
 *******************************************************************/

void free_sam_context(SAM_CONTEXT **context)
{
	SAM_METHODS *sam_selected = (*context)->methods;

	while (sam_selected) {
		if (sam_selected->free_private_data) {
			sam_selected->free_private_data(&(sam_selected->private_data));
		}
		sam_selected = sam_selected->next;
	}

	talloc_destroy((*context)->mem_ctx);
	*context = NULL;
}

/******************************************************************
  Make a backend_entry from scratch
 *******************************************************************/
 
static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
{
	char *tmp = NULL;
	char *tmp_string = sam_backend_string;
	
	DEBUG(5,("make_backend_entry: %d\n", __LINE__));
	
	SAM_ASSERT(sam_backend_string && backend_entry);
	
	backend_entry->module_name = sam_backend_string;
	
	DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
	
	if ((tmp = strrchr(tmp_string, '|')) != NULL) {
		DEBUGADD(20,("a domain name has been specified\n"));
		*tmp = 0;
		backend_entry->domain_name = smb_xstrdup(tmp + 1);
		tmp_string = tmp + 1;
	}
	
	if ((tmp = strchr(tmp_string, ':')) != NULL) {
		DEBUG(20,("options for the backend have been specified\n"));
		*tmp = 0;
		backend_entry->module_params = smb_xstrdup(tmp + 1);
		tmp_string = tmp + 1;
	}
		
	if (backend_entry->domain_name == NULL) {
		DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
			backend_entry->module_name, lp_workgroup()));
		backend_entry->domain_name = smb_xstrdup(lp_workgroup());
	}
	
	if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
		DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
		return NT_STATUS_NO_MEMORY;
	}
	
	DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
	
	if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
		DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
			backend_entry->domain_name));		
		DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
		ZERO_STRUCTP(backend_entry->domain_sid);
	}
	
	DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
		backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
	
	return NT_STATUS_OK;
}

/******************************************************************
 create sam_methods struct based on sam_backend_entry
 *****************************************************************/

static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
{
	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
	SAM_METHODS *methods;
	int i;

	DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));

	if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
		return nt_status;
	}

	methods = *methods_ptr;
	methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
	methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
	sid_copy(&methods->domain_sid, backend_entry->domain_sid);
	methods->parent = context;

	DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
	for (i = 0; builtin_sam_init_functions[i].module_name; i++)
	{
		if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
		{
			DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
			DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
			nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
			if (NT_STATUS_IS_OK(nt_status)) {
				DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
			} else {
				DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
					backend_entry->module_name, nt_errstr(nt_status)));
			}
			return nt_status;
		}
	}
	
	DEBUG(2,("could not find backend %s\n", backend_entry->module_name));

	return NT_STATUS_INVALID_PARAMETER;
}

static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
{
	SAM_BACKEND_ENTRY entry;
	DOM_SID *global_sam_sid  = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
	SAM_METHODS *methods, *tmpmethods;
	NTSTATUS ntstatus;
	
	DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));

	/* Make sure domain lp_workgroup() is available */
	
	ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);

	if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
		DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
			lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));

		SAM_ASSERT(global_sam_sid);

		entry.module_name = SAM_DEFAULT_BACKEND;
		entry.module_params = NULL;
		entry.domain_name = lp_workgroup();
		entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
		sid_copy(entry.domain_sid, global_sam_sid);

		if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
			DEBUG(4,("make_sam_methods_backend_entry failed\n"));
			return ntstatus;
		}

		DLIST_ADD_END(context->methods, methods, tmpmethods);

	} else if (!NT_STATUS_IS_OK(ntstatus)) {
		DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
		return ntstatus;
	}

	/* Make sure the BUILTIN domain is available */

	ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
	
	if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
		DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n", 
				 SAM_DEFAULT_BACKEND));
		entry.module_name = SAM_DEFAULT_BACKEND;
		entry.module_params = NULL;
		entry.domain_name = "BUILTIN";
		entry.domain_sid    = (DOM_SID *)malloc(sizeof(DOM_SID)); 
		sid_copy(entry.domain_sid, &global_sid_Builtin);

		if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods,  &entry))) {
			DEBUG(4,("make_sam_methods_backend_entry failed\n"));
			return ntstatus;
		}

		DLIST_ADD_END(context->methods, methods, tmpmethods);
	} else if (!NT_STATUS_IS_OK(ntstatus)) {
		DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
		return ntstatus;
	}

	return NT_STATUS_OK;
}

static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
{
	int i, j;
	
	DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
	
	for (i = 0; i < *nBackends; i++) {
		for (j = i + 1; j < *nBackends; j++) {
			if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
				DEBUG(0,("two backend modules claim the same domain %s\n",
					sid_string_static((*backend_entries)[j].domain_sid)));
				return NT_STATUS_INVALID_PARAMETER;			
			}
		}		
	}

	return NT_STATUS_OK;
}

NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
{
	int i = 0, j = 0;
	SAM_METHODS *curmethods, *tmpmethods;
	int nBackends               = 0;
	SAM_BACKEND_ENTRY *backends = NULL;
	NTSTATUS nt_status          = NT_STATUS_UNSUCCESSFUL;

	DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));

	if (!sam_backends_param) {
		DEBUG(1, ("no SAM backeds specified!\n"));
		return NT_STATUS_INVALID_PARAMETER;
	}

	if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
		DEBUG(4,("make_sam_context failed\n"));
		return nt_status;
	}

	while (sam_backends_param[nBackends])
		nBackends++;

	DEBUG(6,("There are %d domains listed with their backends\n", nBackends));

	if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
		DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
		return NT_STATUS_NO_MEMORY;
	}

	memset(backends, '\0', sizeof(*backends)*nBackends);

	for (i = 0; i < nBackends; i++) {
		DEBUG(8,("processing %s\n",sam_backends_param[i]));
		if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
			DEBUG(4,("make_backend_entry failed\n"));
			for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
			SAFE_FREE(backends);
			free_sam_context(context);
			return nt_status;
		}
	}

	if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
		DEBUG(4,("check_duplicate_backend_entries failed\n"));
		for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
		SAFE_FREE(backends);
		free_sam_context(context);
		return nt_status;
	}

	for (i = 0; i < nBackends; i++) {
		if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods,  &backends[i]))) {
			DEBUG(4,("make_sam_methods_backend_entry failed\n"));
			for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
			SAFE_FREE(backends);
			free_sam_context(context);
			return nt_status;
		}
		DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
	}
	
	for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);

	SAFE_FREE(backends);
	return NT_STATUS_OK;
}

/******************************************************************
  Make a sam_context from scratch.
 *******************************************************************/

NTSTATUS make_sam_context(SAM_CONTEXT **context) 
{
	TALLOC_CTX *mem_ctx;

	mem_ctx = talloc_init("sam_context internal allocation context");

	if (!mem_ctx) {
		DEBUG(0, ("make_sam_context: talloc init failed!\n"));
		return NT_STATUS_NO_MEMORY;
	}		

	*context = talloc(mem_ctx, sizeof(**context));
	if (!*context) {
		DEBUG(0, ("make_sam_context: talloc failed!\n"));
		return NT_STATUS_NO_MEMORY;
	}

	ZERO_STRUCTP(*context);

	(*context)->mem_ctx = mem_ctx;

	(*context)->free_fn = free_sam_context;

	return NT_STATUS_OK;
}

/******************************************************************
  Return an already initialised sam_context, to facilitate backward 
  compatibility (see functions below).
 *******************************************************************/

static struct sam_context *sam_get_static_context(BOOL reload) 
{
	static SAM_CONTEXT *sam_context = NULL;

	if ((sam_context) && (reload)) {
		sam_context->free_fn(&sam_context);
		sam_context = NULL;
	}

	if (!sam_context) {
		if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
			DEBUG(4,("make_sam_context_list failed\n"));
			return NULL;
		}

		/* Make sure the required domains (default domain, builtin) are available */
		if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
			DEBUG(4,("sam_context_check_default_backends failed\n"));
			return NULL;
		}
	}

	return sam_context;
}

/***************************************************************
  Initialize the static context (at smbd startup etc). 

  If uninitialised, context will auto-init on first use.
 ***************************************************************/

BOOL initialize_sam(BOOL reload)
{	
	return (sam_get_static_context(reload) != NULL);
}


/**************************************************************
 External API.  This is what the rest of the world calls...
***************************************************************/

/******************************************************************
  sam_* functions are used to link the external SAM interface
  with the internal backends. These functions lookup the appropriate
  backends for the domain and pass on to the function in sam_methods
  in the selected backend

  When the context parmater is NULL, the default is used.
 *******************************************************************/

#define SAM_SETUP_CONTEXT if (!context) \
		context = sam_get_static_context(False);\
	if (!context) {\
		return NT_STATUS_UNSUCCESSFUL; \
	}\
	


NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS        nt_status;

	DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_get_sec_desc) {
		DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
		DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
	
	SAM_SETUP_CONTEXT;

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_set_sec_desc) {
		DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
		DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}


NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_lookup_name: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
		DEBUG(4,("sam_get_methods_by_name failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_lookup_name) {
		DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
		DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
				 tmp_methods->domain_name, name, tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
{
	SAM_METHODS	*tmp_methods;
	uint32		rid;
	NTSTATUS	nt_status;
	DOM_SID		domainsid;

	DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	sid_copy(&domainsid, sid);
	if (!sid_split_rid(&domainsid, &rid)) {
		DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
		return NT_STATUS_INVALID_SID;
	}

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_lookup_sid) {
		DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
		DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
				 sid_string_static(sid), tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}


NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;

	DEBUG(5,("sam_update_domain: %d\n", __LINE__));
	
	SAM_SETUP_CONTEXT;

	/* invalid domain specified */
	SAM_ASSERT(domain && domain->current_sam_methods);
	
	tmp_methods = domain->current_sam_methods;
	
	if (!tmp_methods->sam_update_domain) {
		DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
		DEBUG(4,("sam_update_domain in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	 nt_status;

	SEC_DESC	*sd;
	size_t		sd_size;
	uint32		acc_granted;
	int		i = 0;

	DEBUG(5,("sam_enum_domains: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	/* invalid parmaters specified */
	SAM_ASSERT(domain_count && domains && domain_names);

	if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
		DEBUG(4,("samr_make_sam_obj_sd failed\n"));
		return nt_status;
	}

	if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
		DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
			return nt_status;
	}

	tmp_methods= context->methods;
	*domain_count = 0;

	while (tmp_methods) {
		(*domain_count)++;
		tmp_methods= tmp_methods->next;
	}

	DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));

	tmp_methods = context->methods;

	if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
		DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
		return NT_STATUS_NO_MEMORY;
	}

	if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
		DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
		SAFE_FREE((*domains));
		return NT_STATUS_NO_MEMORY;
	}

	while (tmp_methods) {
		DEBUGADD(7,("    [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
		sid_copy(domains[i],&tmp_methods->domain_sid);
		*domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
		i++;
		tmp_methods= tmp_methods->next;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	SEC_DESC	*sd;
	size_t		sd_size;
	uint32		acc_granted;

	DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	/* invalid paramters */
	SAM_ASSERT(access_token && domain && domainsid);

	if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
		DEBUG(4,("samr_make_sam_obj_sd failed\n"));
		return nt_status;
	}

	if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
		DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
			return nt_status;
	}

	tmp_methods= context->methods;

	while (tmp_methods) {
		if (strcmp(domain, tmp_methods->domain_name) == 0) {
			(*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
			sid_copy((*domainsid), &tmp_methods->domain_sid);
			return NT_STATUS_OK;
		}
		tmp_methods= tmp_methods->next;
	}

	return NT_STATUS_NO_SUCH_DOMAIN;
}


NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && domainsid && domain);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_get_domain_handle) {
		DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
		DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
				 sid_string_static(domainsid), tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_create_account: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	/* invalid parmaters */
	SAM_ASSERT(access_token && domainsid && account_name && account);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_create_account) {
		DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
		DEBUG(4,("sam_create_account in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
	DOM_SID		domainsid;
	const DOM_SID		*accountsid;
	SAM_METHODS	*tmp_methods;
	uint32		rid;
	NTSTATUS	nt_status;
	
	DEBUG(5,("sam_add_account: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	/* invalid parmaters */
	SAM_ASSERT(account);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
		DEBUG(0,("Can't get account SID\n"));
		return nt_status;
	}

	sid_copy(&domainsid, accountsid);
	if (!sid_split_rid(&domainsid, &rid)) {
		DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
		return NT_STATUS_INVALID_SID;
	}

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_add_account) {
		DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
		DEBUG(4,("sam_add_account in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;
	
	DEBUG(5,("sam_update_account: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	/* invalid account specified */
	SAM_ASSERT(account && account->current_sam_methods);
	
	tmp_methods = account->current_sam_methods;
		
	if (!tmp_methods->sam_update_account) {
		DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
		DEBUG(4,("sam_update_account in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;
	
	DEBUG(5,("sam_delete_account: %d\n", __LINE__));
	
	SAM_SETUP_CONTEXT;

	/* invalid account specified */
	SAM_ASSERT(account && account->current_sam_methods);
	
	tmp_methods = account->current_sam_methods;

	if (!tmp_methods->sam_delete_account) {
		DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
		DEBUG(4,("sam_delete_account in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && domainsid && account_count && accounts);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_enum_accounts) {
		DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
		DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
				 tmp_methods->domain_name, tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}


NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
{
	SAM_METHODS	*tmp_methods;
	uint32		rid;
	DOM_SID		domainsid;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && accountsid && account);

	sid_copy(&domainsid, accountsid);
	if (!sid_split_rid(&domainsid, &rid)) {
		DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
		return NT_STATUS_INVALID_SID;
	}


	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_get_account_by_sid) {
		DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
		DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
				 sid_string_static(accountsid), tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && domain && name && account);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
		DEBUG(4,("sam_get_methods_by_name failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_get_account_by_name) {
		DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
		DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
				 domain, name, tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_create_group: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && domainsid && group_name && group);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_create_group) {
		DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
		return NT_STATUS_UNSUCCESSFUL; 
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
		DEBUG(4,("sam_create_group in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
	DOM_SID		domainsid;
	const DOM_SID		*groupsid;
	SAM_METHODS	*tmp_methods;
	uint32		rid;
	NTSTATUS	nt_status;
	
	DEBUG(5,("sam_add_group: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(group);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
		DEBUG(0,("Can't get group SID\n"));
		return nt_status;
	}

	sid_copy(&domainsid, groupsid);
	if (!sid_split_rid(&domainsid, &rid)) {
		DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
		return NT_STATUS_INVALID_SID;
	}

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_add_group) {
		DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
		DEBUG(4,("sam_add_group in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;
	
	DEBUG(5,("sam_update_group: %d\n", __LINE__));
	
	SAM_SETUP_CONTEXT;

	/* invalid group specified */
	SAM_ASSERT(group && group->current_sam_methods);
	
	tmp_methods = group->current_sam_methods;
	
	if (!tmp_methods->sam_update_group) {
		DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
		DEBUG(4,("sam_update_group in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;
	
	DEBUG(5,("sam_delete_group: %d\n", __LINE__));
	
	SAM_SETUP_CONTEXT;

	/* invalid group specified */
	SAM_ASSERT(group && group->current_sam_methods);
	
	tmp_methods = group->current_sam_methods;

	if (!tmp_methods->sam_delete_group) {
		DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
		DEBUG(4,("sam_delete_group in backend %s failed\n",
				 tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_enum_groups: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && domainsid && groups_count && groups);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_enum_accounts) {
		DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
		DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
				 tmp_methods->domain_name, tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
{
	SAM_METHODS	*tmp_methods;
	uint32		rid;
	NTSTATUS	nt_status;
	DOM_SID		domainsid;

	DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && groupsid && group);

	sid_copy(&domainsid, groupsid);
	if (!sid_split_rid(&domainsid, &rid)) {
		DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
		return NT_STATUS_INVALID_SID;
	}


	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
		DEBUG(4,("sam_get_methods_by_sid failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_get_group_by_sid) {
		DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
		DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
				 sid_string_static(groupsid), tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;

	DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;

	SAM_ASSERT(access_token && domain && name && group);

	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
		DEBUG(4,("sam_get_methods_by_name failed\n"));
		return nt_status;
	}

	if (!tmp_methods->sam_get_group_by_name) {
		DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}

	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
		DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
				 domain, name, tmp_methods->backendname));
		return nt_status;
	}

	return NT_STATUS_OK;
}

NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;
	
	SAM_SETUP_CONTEXT;
	
	/* invalid group or member specified */
	SAM_ASSERT(group && group->current_sam_methods && member);
	
	tmp_methods = group->current_sam_methods;
			
	if (!tmp_methods->sam_add_member_to_group) {
		DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}
	
	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
		DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
		return nt_status;
	}
	
	return NT_STATUS_OK;	
	
}

NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;

	SAM_SETUP_CONTEXT;
	
	/* invalid group or member specified */
	SAM_ASSERT(group && group->current_sam_methods && member);
	
	tmp_methods = group->current_sam_methods;
	
	if (!tmp_methods->sam_delete_member_from_group) {
		DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}
	
	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
		DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
		return nt_status;
	}
	
	return NT_STATUS_OK;	
}

NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
{
	const SAM_METHODS *tmp_methods;
	NTSTATUS     nt_status;
	
	SAM_SETUP_CONTEXT;
	
	/* invalid group specified */
	SAM_ASSERT(group && group->current_sam_methods && members_count && members);
	
	tmp_methods = group->current_sam_methods;

	if (!tmp_methods->sam_enum_groupmembers) {
		DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
		return NT_STATUS_NOT_IMPLEMENTED;
	}
	
	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
		DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
		return nt_status;
	}
	
	return NT_STATUS_OK;	
}

NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
{
	SAM_METHODS	*tmp_methods;
	NTSTATUS	nt_status;
	
	uint32          tmp_group_count;
	SAM_GROUP_ENUM *tmp_groups;
	
	DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));

	SAM_SETUP_CONTEXT;
	
	/* invalid sam_context specified */
	SAM_ASSERT(access_token && sids && context && context->methods);
	
	*group_count = 0;
	
	*groups = NULL;

	tmp_methods= context->methods;

	while (tmp_methods) {
		DEBUG(5,("getting groups from domain \n"));
		if (!tmp_methods->sam_get_groups_of_sid) {
			DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
			SAFE_FREE(*groups);
			return NT_STATUS_NOT_IMPLEMENTED;
		}
		
		if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
			DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
			SAFE_FREE(*groups);
			return nt_status;
		}
		
		*groups = Realloc(*groups, ((*group_count)  + tmp_group_count) * sizeof(SAM_GROUP_ENUM));

		memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);		
		
		SAFE_FREE(tmp_groups);
		
		*group_count += tmp_group_count;
		
		tmp_methods = tmp_methods->next;
	}
	
	return NT_STATUS_OK;	
}