mdm_apple_profile_manager cron crashes when there's an user + device enrollment

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

https://fleetdm.com

Other

3.01k stars 418 forks source link

mdm_apple_profile_manager cron crashes when there's an user + device enrollment #10659

Closed roperzh closed 1 year ago

roperzh commented 1 year ago

Fleet version: 4.28.1

If a host is enrolled both via User enrollment and Device enrollment, the query we use to fetch the profiles doesn't account for this and sees it as two separate profiles that need to be installed, which ultimately causes an error in nanomdm internals when the command is enqueued.

https://github.com/fleetdm/fleet/blob/5c465549e7fdeef673ac11b746a3f7cfd8d896f8/server/datastore/mysql/apple_mdm.go#L984-L985

fleet-release commented 1 year ago

Two enrollments meet,
Device plus user profiles,
Harmony found again.