7 files changed, 129 insertions, 29 deletions

diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index e583dae4a9..d664a51671 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -440,7 +440,6 @@ static struct winbindd_dispatch_table {
 
 	/* Lookup related functions */
 
-	{ WINBINDD_ALLOCATE_UID, winbindd_allocate_uid, "ALLOCATE_UID" },
 	{ WINBINDD_ALLOCATE_GID, winbindd_allocate_gid, "ALLOCATE_GID" },
 	{ WINBINDD_SET_MAPPING, winbindd_set_mapping, "SET_MAPPING" },
 	{ WINBINDD_REMOVE_MAPPING, winbindd_remove_mapping, "REMOVE_MAPPING" },
@@ -543,6 +542,13 @@ static struct winbindd_async_dispatch_table async_nonpriv_table[] = {
 	{ 0, NULL, NULL, NULL }
 };
 
+static struct winbindd_async_dispatch_table async_priv_table[] = {
+	{ WINBINDD_ALLOCATE_UID, "ALLOCATE_UID",
+	  winbindd_allocate_uid_send, winbindd_allocate_uid_recv },
+
+	{ 0, NULL, NULL, NULL }
+};
+
 static void wb_request_done(struct tevent_req *req);
 
 static void process_request(struct winbindd_cli_state *state)
@@ -565,6 +571,15 @@ static void process_request(struct winbindd_cli_state *state)
 		}
 	}
 
+	if ((atable->send_req == NULL) && state->privileged) {
+		for (atable = async_priv_table; atable->send_req;
+		     atable += 1) {
+			if (state->request->cmd == atable->cmd) {
+				break;
+			}
+		}
+	}
+
 	if (atable->send_req != NULL) {
 		struct tevent_req *req;
 
diff --git a/source3/winbindd/winbindd_allocate_uid.c b/source3/winbindd/winbindd_allocate_uid.c
new file mode 100644
index 0000000000..171d0ccb91
--- /dev/null
+++ b/source3/winbindd/winbindd_allocate_uid.c
@@ -0,0 +1,92 @@
+/*
+   Unix SMB/CIFS implementation.
+   async implementation of WINBINDD_ALLOCATE_UID
+   Copyright (C) Volker Lendecke 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "winbindd.h"
+#include "librpc/gen_ndr/cli_wbint.h"
+
+struct winbindd_allocate_uid_state {
+	uint64_t uid;
+};
+
+static void winbindd_allocate_uid_done(struct tevent_req *subreq);
+
+struct tevent_req *winbindd_allocate_uid_send(TALLOC_CTX *mem_ctx,
+					      struct tevent_context *ev,
+					      struct winbindd_cli_state *cli,
+					      struct winbindd_request *request)
+{
+	struct tevent_req *req, *subreq;
+	struct winbindd_allocate_uid_state *state;
+	struct winbindd_child *child;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct winbindd_allocate_uid_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	DEBUG(3, ("allocate_uid\n"));
+
+	child = idmap_child();
+
+	subreq = rpccli_wbint_AllocateUid_send(state, ev, child->rpccli,
+					       &state->uid);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, winbindd_allocate_uid_done, req);
+	return req;
+}
+
+static void winbindd_allocate_uid_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct winbindd_allocate_uid_state *state = tevent_req_data(
+		req, struct winbindd_allocate_uid_state);
+	NTSTATUS status, result;
+
+	status = rpccli_wbint_AllocateUid_recv(subreq, state, &result);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+	if (!NT_STATUS_IS_OK(result)) {
+		tevent_req_nterror(req, result);
+		return;
+	}
+	tevent_req_done(req);
+}
+
+NTSTATUS winbindd_allocate_uid_recv(struct tevent_req *req,
+				    struct winbindd_response *response)
+{
+	struct winbindd_allocate_uid_state *state = tevent_req_data(
+		req, struct winbindd_allocate_uid_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		DEBUG(5, ("Could not allocate uid: %s\n", nt_errstr(status)));
+		return status;
+	}
+	response->data.uid = state->uid;
+	return NT_STATUS_OK;
+}
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 65bbe75cd7..5bb76c5b06 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -4356,6 +4356,7 @@ static bool wcache_opnum_cacheable(uint32_t opnum)
 	switch (opnum) {
 	case NDR_WBINT_PING:
 	case NDR_WBINT_QUERYSEQUENCENUMBER:
+	case NDR_WBINT_ALLOCATEUID:
 		return false;
 	}
 	return true;
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 0f0802109a..8bea6ac03a 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -106,6 +106,19 @@ NTSTATUS _wbint_Gid2Sid(pipes_struct *p, struct wbint_Gid2Sid *r)
 				r->out.sid, r->in.gid);
 }
 
+NTSTATUS _wbint_AllocateUid(pipes_struct *p, struct wbint_AllocateUid *r)
+{
+	struct unixid xid;
+	NTSTATUS status;
+
+	status = idmap_allocate_uid(&xid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	*r->out.uid = xid.id;
+	return NT_STATUS_OK;
+}
+
 NTSTATUS _wbint_QueryUser(pipes_struct *p, struct wbint_QueryUser *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
diff --git a/source3/winbindd/winbindd_idmap.c b/source3/winbindd/winbindd_idmap.c
index 5986c3b6c3..65cc0d1f53 100644
--- a/source3/winbindd/winbindd_idmap.c
+++ b/source3/winbindd/winbindd_idmap.c
@@ -557,10 +557,6 @@ static const struct winbindd_child_dispatch_table idmap_dispatch_table[] = {
 		.struct_cmd	= WINBINDD_DUAL_SET_HWM,
 		.struct_fn	= winbindd_dual_set_hwm,
 	},{
-		.name		= "ALLOCATE_UID",
-		.struct_cmd	= WINBINDD_ALLOCATE_UID,
-		.struct_fn	= winbindd_dual_allocate_uid,
-	},{
 		.name		= "ALLOCATE_GID",
 		.struct_cmd	= WINBINDD_ALLOCATE_GID,
 		.struct_fn	= winbindd_dual_allocate_gid,
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index b59d11b78f..cbb57634ba 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -721,6 +721,13 @@ struct tevent_req *winbindd_gid_to_sid_send(TALLOC_CTX *mem_ctx,
 NTSTATUS winbindd_gid_to_sid_recv(struct tevent_req *req,
 				  struct winbindd_response *response);
 
+struct tevent_req *winbindd_allocate_uid_send(TALLOC_CTX *mem_ctx,
+					      struct tevent_context *ev,
+					      struct winbindd_cli_state *cli,
+					      struct winbindd_request *request);
+NTSTATUS winbindd_allocate_uid_recv(struct tevent_req *req,
+				    struct winbindd_response *response);
+
 struct tevent_req *wb_queryuser_send(TALLOC_CTX *mem_ctx,
 				     struct tevent_context *ev,
 				     const struct dom_sid *user_sid);
diff --git a/source3/winbindd/winbindd_sid.c b/source3/winbindd/winbindd_sid.c
index 8f09d5f7eb..717a0272d6 100644
--- a/source3/winbindd/winbindd_sid.c
+++ b/source3/winbindd/winbindd_sid.c
@@ -141,30 +141,6 @@ void winbindd_set_hwm(struct winbindd_cli_state *state)
 	winbindd_set_hwm_async(state->mem_ctx, &xid, set_hwm_recv, state);
 }
 
-void winbindd_allocate_uid(struct winbindd_cli_state *state)
-{
-	if ( !state->privileged ) {
-		DEBUG(2, ("winbindd_allocate_uid: non-privileged access "
-			  "denied!\n"));
-		request_error(state);
-		return;
-	}
-
-	sendto_child(state, idmap_child());
-}
-
-enum winbindd_result winbindd_dual_allocate_uid(struct winbindd_domain *domain,
-						struct winbindd_cli_state *state)
-{
-	struct unixid xid;
-
-	if (!NT_STATUS_IS_OK(idmap_allocate_uid(&xid))) {
-		return WINBINDD_ERROR;
-	}
-	state->response->data.uid = xid.id;
-	return WINBINDD_OK;
-}
-
 void winbindd_allocate_gid(struct winbindd_cli_state *state)
 {
 	if ( !state->privileged ) {