r18369: I've got a sniff where NT4 sends just a single byte after the 516 byte

password blob, it seems that pw_len is just a uint8 instead of uint16.

This might also be interesting for Samba4's samr.idl.

Volker

diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h
index fc861b9e7a9029f8a9c2ace5519da3aa1d84b409..97f151b4af92436d4dd6a1e732e86ef33696e309 100644 (file)
--- a/source/include/rpc_samr.h
+++ b/source/include/rpc_samr.h
@@ -222,7 +222,7 @@ typedef struct sam_user_info_23
 typedef struct sam_user_info_24
 {
        uint8 pass[516];
-       uint16 pw_len;
+       uint8 pw_len;
 } SAM_USER_INFO_24;
 
 /*

diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c
index eda3c428a9a3e7909b31959536b74ed890461540..58ba3e8689954c8008a4eb4bbcc4598259588240 100644 (file)
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -5578,7 +5578,8 @@ static BOOL sam_io_user_info17(const char *desc, SAM_USER_INFO_17 * usr,
  init_sam_user_infoa
  *************************************************************************/
 
-void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len)
+void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516],
+                         uint8 pw_len)
 {
        DEBUG(10, ("init_sam_user_info24:\n"));
        memcpy(usr->pass, newpass, sizeof(usr->pass));
@@ -5606,10 +5607,10 @@ static BOOL sam_io_user_info24(const char *desc, SAM_USER_INFO_24 * usr,
                return False;
        
        if (MARSHALLING(ps) && (usr->pw_len != 0)) {
-               if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
+               if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
                        return False;
        } else if (UNMARSHALLING(ps)) {
-               if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
+               if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
                        return False;
        }