New group mapping and the auth subsystem

[Andrew Bartlett]

I've been following the new group mapping work with great interest - it
it vital work I'm very pleased to see finally happen.

As such, I want to ensure it inter operates correctly with the new
Authentication subsystem, in particular, I want to ensure that Samba
deals with these credentials in the same way no matter their origin - be
they found in a PAC, the info3 struct returned from a domain logon or if
they are generated by the group mapping code within samba itself.

Currently we have part of this for the info3 groups, and I would like to
extend the other functionality in a similar way (that is: source ->
server_info -> user_struct).  

This allows us to store this information once for all future permission
check lookups. (The RPC code in particular).

This also sorts out the domain logon case, becouse you have the same
path:
source -> server_info -> domain logon output.

SAM-backed passwords are now checked in auth/auth_sam.c and I would hope
that the new group code could be called by each auth back-end as
appropriate.  

Does this sound sane?

Any questions?

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net