diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c index f609e9210b..bd4e0be646 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c @@ -72,21 +72,18 @@ static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares); /* checks correctness of dSHeuristics attribute * as described in MS-ADTS 7.1.1.2.4.1.2 dSHeuristics */ - static int oc_validate_dsheuristics(struct ldb_message_element *el) { - if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE || - el->num_values < 1) { - return LDB_SUCCESS; - } - if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) { - return LDB_ERR_CONSTRAINT_VIOLATION; - } else if (el->values[0].length >= DS_HR_TENTH_CHAR - && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') { - return LDB_ERR_CONSTRAINT_VIOLATION; - } else { - return LDB_SUCCESS; + if (el->num_values > 0) { + if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } else if (el->values[0].length >= DS_HR_TENTH_CHAR + && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') { + return LDB_ERR_CONSTRAINT_VIOLATION; + } } + + return LDB_SUCCESS; } static int attr_handler(struct oc_context *ac) |