ideas for multiple group macro expansion

[Andy Bakun]

Every day samba gets closer to having more complete NT acl and group
support, and it would be nice to be able to do things on the samba side
that take greater advantage of multiple groups.  One area I think is
lacking is the expansion of the group macros %g and %G, which only expand
to the primary group.  It would be nice to have expansions for all the
groups.  Here are a few ideas.

For example, the user frank is in the following groups as reported by
id(1):

uid=500(frank) gid=500(frank)
groups=500(frank),233(sysadmin),234(develop),249(rmgmt),250(archive),300(job_num)

Under the current system, %G only expands to frank, as that is the primary
group.  Is there a way to use the other groups in macro expansions?

A new macro, call it %X, that expands and duplicates the current parameter
for each group that the user is in.

include = smb.conf.group.%X

Expands to the following set of includes:

include = smb.conf.group.frank
include = smb.conf.group.sysadmin
include = smb.conf.group.develop
include = smb.conf.group.rmgmt
include = smb.conf.group.archive
include = smb.conf.group.job_num

Of course, the %X macro would only be valid in the include parameter (that
is, it wouldn't be included in standard_sub_basic).

Another method might be to allow the output of a script to be parsed as a
configuration file.  To borrow perl's syntax:

include = make_samba_conf %U |

Where the trailing pipe is a signal that the argument should be executed
and the input read.  Another parameter, such as 'include output of =' might
make more sense here.  Either way, the end result is the same.

I think the first method is more efficient, since an external program
doesn't need to be invoked at every conf file reread, but the second offers
greater flexiblity.

Any comments, questions, or suggestions?  I could put something like this
to good use, but I'd like to get some input before I really start
implementing it.

Andy Bakun