r18369: I've got a sniff where NT4 sends just a single byte after the 516 byte

password blob, it seems that pw_len is just a uint8 instead of uint16.

This might also be interesting for Samba4's samr.idl.

Volker
(This used to be commit 68ded4ba07703a20b046e4a58e7a746a78fcedf5)

2 files changed, 5 insertions, 4 deletions

diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index fc861b9e7a..97f151b4af 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -222,7 +222,7 @@ typedef struct sam_user_info_23
 typedef struct sam_user_info_24
 {
 	uint8 pass[516];
-	uint16 pw_len;
+	uint8 pw_len;
 } SAM_USER_INFO_24;
 
 /*
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index eda3c428a9..58ba3e8689 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -5578,7 +5578,8 @@ static BOOL sam_io_user_info17(const char *desc, SAM_USER_INFO_17 * usr,
  init_sam_user_infoa
  *************************************************************************/
 
-void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len)
+void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516],
+			  uint8 pw_len)
 {
 	DEBUG(10, ("init_sam_user_info24:\n"));
 	memcpy(usr->pass, newpass, sizeof(usr->pass));
@@ -5606,10 +5607,10 @@ static BOOL sam_io_user_info24(const char *desc, SAM_USER_INFO_24 * usr,
 		return False;
 	
 	if (MARSHALLING(ps) && (usr->pw_len != 0)) {
-		if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
+		if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
 			return False;
 	} else if (UNMARSHALLING(ps)) {
-		if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
+		if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
 			return False;
 	}