modify user deleted in AD crashes winsync

https://fedorahosted.org/freeipa/ticket/1382
crash in winsync if replaying a MOD and user does not exist in AD
If the AD entry is deleted before the deletion can be synced back to IPA,
and in the meantime an operation is performed on the corresponding
entry in IPA that should be synced to AD, winsync attempts to get the
AD entry and it is empty.  This just means the operation will not go
through, and the entry will be deleted when the sync from AD happens.
The IPA winsync plugin needs to handle the case when the ad_entry
is NULL.

1 files changed, 8 insertions, 1 deletions

diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
index 5a27321fb..4b81a2eab 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
@@ -787,6 +787,13 @@ sync_acct_disable(
         return; /* not supported */
     }
 
+    if (!ad_entry) {
+        LOG("<-- sync_acct_disable - the AD entry corresponding to [%s] "
+            "is NULL - skipping\n",
+            slapi_entry_get_dn_const(ds_entry));
+        return;
+    }
+
     /* get the account lock state of the ds entry */
     if (0 == ipa_check_account_lock(ds_entry, &isvirt)) {
         ds_is_enabled = 0;
@@ -1113,7 +1120,7 @@ do_force_sync(
 
     LOG("do_force_sync - forcing sync of AD entry [%s] "
         "with DS entry [%s]\n",
-        slapi_entry_get_dn_const(ad_entry),
+        ad_entry ? slapi_entry_get_dn_const(ad_entry) : "(none)",
         slapi_entry_get_dn_const(ds_entry));
 
     find_and_add_mod(ds_entry, smods, "objectClass", "ntUser", (size_t)6, do_modify);