summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/objectclass_attrs.c21
1 files changed, 9 insertions, 12 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index f609e9210b..bd4e0be646 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -72,21 +72,18 @@ static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares);
/* checks correctness of dSHeuristics attribute
* as described in MS-ADTS 7.1.1.2.4.1.2 dSHeuristics */
-
static int oc_validate_dsheuristics(struct ldb_message_element *el)
{
- if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE ||
- el->num_values < 1) {
- return LDB_SUCCESS;
- }
- if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
- return LDB_ERR_CONSTRAINT_VIOLATION;
- } else if (el->values[0].length >= DS_HR_TENTH_CHAR
- && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
- return LDB_ERR_CONSTRAINT_VIOLATION;
- } else {
- return LDB_SUCCESS;
+ if (el->num_values > 0) {
+ if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ } else if (el->values[0].length >= DS_HR_TENTH_CHAR
+ && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
}
+
+ return LDB_SUCCESS;
}
static int attr_handler(struct oc_context *ac)