Allow Windows SessionID=0 (#25582)

For #25581 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
fleetdm · Jan 20, 2025 · a7b5aee · a7b5aee
1 parent 09f175e
commit a7b5aee
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 12 deletions.
diff --git a/changes/25581-session-id b/changes/25581-session-id
@@ -0,0 +1 @@
+Fix Windows MDM issue where SessionID of 0 was not allowed.
diff --git a/pkg/mdm/mdmtest/windows.go b/pkg/mdm/mdmtest/windows.go
@@ -98,7 +98,7 @@ func (c *TestWindowsMDMClient) StartManagementSession() (map[string]fleet.ProtoC
 <SyncHdr>
 	<VerDTD>1.2</VerDTD>
 	<VerProto>DM/1.2</VerProto>
-	<SessionID>` + fmt.Sprint(sessionIDInt+1) + `</SessionID>
+	<SessionID>` + fmt.Sprint(sessionIDInt) + `</SessionID>
 	<MsgID>1</MsgID>
 	<Target>
 	<LocURI>` + c.fleetServerURL + microsoft_mdm.MDE2ManagementPath + `</LocURI>

diff --git a/server/service/microsoft_mdm.go b/server/service/microsoft_mdm.go
@@ -897,7 +897,6 @@ func mdmMicrosoftEnrollEndpoint(ctx context.Context, request interface{}, svc fl
 // and better security authentication (done through TLS and in-message hash)
 func mdmMicrosoftManagementEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
 	reqSyncML := request.(*SyncMLReqMsgContainer).Data
-	reqCerts := request.(*SyncMLReqMsgContainer).Certs
 
 	// Checking first if incoming SyncML message is valid and returning error if this is not the case
 	if err := reqSyncML.IsValidMsg(); err != nil {
@@ -906,7 +905,7 @@ func mdmMicrosoftManagementEndpoint(ctx context.Context, request interface{}, sv
 	}
 
 	// Getting the MS-MDM response message
-	resSyncML, err := svc.GetMDMWindowsManagementResponse(ctx, reqSyncML, reqCerts)
+	resSyncML, err := svc.GetMDMWindowsManagementResponse(ctx, reqSyncML, request.(*SyncMLReqMsgContainer).Certs)
 	if err != nil {
 		soapFault := svc.GetAuthorizedSoapFault(ctx, syncml.SoapErrorMessageFormat, mdm_types.MSMDM, err)
 		return getSoapResponseFault(reqSyncML.SyncHdr.MsgID, soapFault), nil
@@ -1624,12 +1623,8 @@ func (svc *Service) getManagementResponse(ctx context.Context, reqMsg *fleet.Syn
 		return nil, fmt.Errorf("message processing error %w", err)
 	}
 
-	// Combined cmd responses
-	resCmds := resIncomingCmds
-	resCmds = append(resCmds, resPendingCmds...)
-
 	// Create the response SyncML message
-	msg, err := svc.createResponseSyncML(ctx, reqMsg, resCmds)
+	msg, err := svc.createResponseSyncML(ctx, reqMsg, append(resIncomingCmds, resPendingCmds...))
 	if err != nil {
 		return nil, fmt.Errorf("message syncML creation error %w", err)
 	}
@@ -1902,10 +1897,6 @@ func createSyncMLMessage(sessionID string, msgID string, deviceID string, source
 		return nil, errors.New("invalid parameters")
 	}
 
-	if sessionID == "0" {
-		return nil, errors.New("invalid session ID")
-	}
-
 	if msgID == "0" {
 		return nil, errors.New("invalid msg ID")
 	}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fix Windows MDM issue where SessionID of 0 was not allowed.