patch for multiple group include macro

[Andy Bakun]

In a previous message to samba-technical, available as:

http://us1.samba.org/listproc/samba-technical/3317.html

I outlined a possible system to have a macro expansion that works in the
include parameter to include parameter files based on all the groups a user
is in.  Included below is a patch that implements this.

Here is how it works:

A new macro is available only in the include parameter, %X (this should be
changed to something that makes more sense, I think), that includes all
files found where %X is replaced with the names of each of the groups that
the user is in.  For example, I'm in the following groups:

$ id abakun
uid=500(abakun) gid=500(abakun)
groups=233(sysadmin),234(develop),250(archive)

And I've created the following samba conf files:

/etc/smb.conf.group.sysadmin
/etc/smb.conf.group.develop
/etc/smb.conf.group.archive

By using

include = /etc/smb.conf.group.%X

in a conf file, all three of those files are included.  Of course, other
macros, like %L, can also be used.

I had a bitch of a time trying to find out how I can get a
connection_struct or access to current_user, both of which contain a group
listing (so I wouldn't need to get a group list myself), but I couldn't get
that to work.  Anyone got any clues?

I would recomend using this patch together with my 'restrict anonymous'
patch, to make the username more predictable, and as such, the groups that
the user is in.

Comments, suggestions and fixes welcome.

Andy.

-----cut here-----
*** loadparm.c.orig     Sat Feb 27 16:09:01 1999
--- loadparm.c  Mon Apr  5 14:32:56 1999
***************
*** 1848,1859 ****
--- 1848,1899 ----

/***************************************************************************

  handle the include operation

***************************************************************************/

  static BOOL handle_include(char *pszParmValue,char **ptr)
  {
+   extern BOOL sam_logon_in_ssb;
+   extern pstring samlogon_user;
+   extern pstring sesssetup_user;
+   /* should sesssetup_user always be used here? AAB */
+   char *username = sam_logon_in_ssb ? samlogon_user : sesssetup_user;
    pstring fname;
+
    pstrcpy(fname,pszParmValue);
+
+   if (strstr(fname, "%X")) {
+     int i;
+     pstring newfname;
+     struct passwd *pass;
+     int ngroups;
+     gid_t *groups;
+
+     if ((pass = Get_Pwnam(username,False))==NULL)
+       return(False); /* user doesn't exist */
+
+     initgroups(username, pass->pw_gid);
+     ngroups = sys_getgroups(0,groups);
+     if (ngroups <= 0) { ngroups = 32; }
+     DEBUG(3, ("%s is in %d groups\n", username, ngroups));
+     if ((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) {
+       DEBUG(0,("groups malloc failed!\n"));
+       return(False);
+     }
+     ngroups = sys_getgroups(ngroups,groups);
+
+     for (i=0 ; i < ngroups ; i++) {
+       pstrcpy(newfname, fname);
+       string_sub(newfname, "%X", gidtoname(groups[i]));
+       /* remember the filename here because ssb doesn't do %X
substitution AAB */
+       add_to_file_list(newfname);
+       standard_sub_basic(newfname);
+       DEBUG(3,("newfname after sub  = %s\n", newfname));
+       if (file_exist(newfname,NULL))
+         pm_process(newfname, do_section, do_parameter);
+     }
+     free(groups);
+     return(False);
+   }

    add_to_file_list(fname);

    standard_sub_basic(fname);

-----cut here-----