From 6287d0d61c1b63f399edc901133a6f61069224a6 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Thu, 13 Oct 2011 08:48:08 +0200
Subject: s4:objectclass_attrs LDB module - implement the dSHeuristics length
 checks correctly

Consider bug #8489

Reviewed-by: abartlet
---
 libds/common/flags.h                               | 10 +++++-
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 42 +++++++++++++++++++---
 2 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/libds/common/flags.h b/libds/common/flags.h
index 714251dff5..c25a9e9101 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -239,7 +239,15 @@
 #define DS_HR_COMPUTE_ANR_STATS                   0x0000000F
 #define DS_HR_ADMINSDEXMASK                       0x00000010
 #define DS_HR_KVNOEMUW2K                          0x00000011
-#define DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS      0x00000012
+
+#define DS_HR_TWENTIETH_CHAR                      0x00000014
+#define DS_HR_THIRTIETH_CHAR                      0x0000001E
+#define DS_HR_FOURTIETH_CHAR                      0x00000028
+#define DS_HR_FIFTIETH_CHAR                       0x00000032
+#define DS_HR_SIXTIETH_CHAR                       0x0000003C
+#define DS_HR_SEVENTIETH_CHAR                     0x00000046
+#define DS_HR_EIGHTIETH_CHAR                      0x00000050
+#define DS_HR_NINETIETH_CHAR                      0x0000005A
 
 /* mS-DS-ReplicatesNCReason */
 #define NTDSCONN_KCC_GC_TOPOLOGY		     0x00000001
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index b6f91651dc..d45c46fdb9 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -72,15 +72,47 @@ static struct oc_context *oc_init_context(struct ldb_module *module,
 
 static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares);
 
-/* checks correctness of dSHeuristics attribute
- * as described in MS-ADTS 7.1.1.2.4.1.2 dSHeuristics */
+/*
+ * Checks the correctness of the "dSHeuristics" attribute as described in both
+ * MS-ADTS 7.1.1.2.4.1.2 dSHeuristics and MS-ADTS 3.1.1.5.3.2 Constraints
+ */
 static int oc_validate_dsheuristics(struct ldb_message_element *el)
 {
 	if (el->num_values > 0) {
-		if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
+		if ((el->values[0].length >= DS_HR_NINETIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_NINETIETH_CHAR-1] != '9')) {
 			return LDB_ERR_CONSTRAINT_VIOLATION;
-		} else if (el->values[0].length >= DS_HR_TENTH_CHAR
-			   && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
+		}
+		if ((el->values[0].length >= DS_HR_EIGHTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_EIGHTIETH_CHAR-1] != '8')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_SEVENTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_SEVENTIETH_CHAR-1] != '7')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_SIXTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_SIXTIETH_CHAR-1] != '6')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_FIFTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_FIFTIETH_CHAR-1] != '5')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_FOURTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_FOURTIETH_CHAR-1] != '4')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_THIRTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_THIRTIETH_CHAR-1] != '3')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_TWENTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_TWENTIETH_CHAR-1] != '2')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_TENTH_CHAR) &&
+		    (el->values[0].data[DS_HR_TENTH_CHAR-1] != '1')) {
 			return LDB_ERR_CONSTRAINT_VIOLATION;
 		}
 	}
-- 
cgit