From 48111861f065f6e8c08c88671437f5a79d1fdc5e Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Jun 28 2011 04:11:30 +0000 Subject: modify user deleted in AD crashes winsync https://fedorahosted.org/freeipa/ticket/1382 crash in winsync if replaying a MOD and user does not exist in AD If the AD entry is deleted before the deletion can be synced back to IPA, and in the meantime an operation is performed on the corresponding entry in IPA that should be synced to AD, winsync attempts to get the AD entry and it is empty. This just means the operation will not go through, and the entry will be deleted when the sync from AD happens. The IPA winsync plugin needs to handle the case when the ad_entry is NULL. --- diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c index 5a27321..4b81a2e 100644 --- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c +++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c @@ -787,6 +787,13 @@ sync_acct_disable( return; /* not supported */ } + if (!ad_entry) { + LOG("<-- sync_acct_disable - the AD entry corresponding to [%s] " + "is NULL - skipping\n", + slapi_entry_get_dn_const(ds_entry)); + return; + } + /* get the account lock state of the ds entry */ if (0 == ipa_check_account_lock(ds_entry, &isvirt)) { ds_is_enabled = 0; @@ -1113,7 +1120,7 @@ do_force_sync( LOG("do_force_sync - forcing sync of AD entry [%s] " "with DS entry [%s]\n", - slapi_entry_get_dn_const(ad_entry), + ad_entry ? slapi_entry_get_dn_const(ad_entry) : "(none)", slapi_entry_get_dn_const(ds_entry)); find_and_add_mod(ds_entry, smods, "objectClass", "ntUser", (size_t)6, do_modify);