This fixes net rpc vampire when talking to win2k (<sp3). win2k sends

back a different sized blob of encrypted password data then we were
expecting.  There's an extra 32 bytes of unknown stuff.

source/rpc_parse/parse_net.c

@@ -2129,12 +2129,12 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
 		if (!prs_uint32("pwd_len", ps, depth, &len))
                         return False;
 		old_offset = ps->data_offset;
-		if (len == 0x44)
+		if (len > 0)
 		{
 			if (ps->io)
 			{
 				/* reading */
-                                if (!prs_hash1(ps, ps->data_offset, sess_key))
+                                if (!prs_hash1(ps, ps->data_offset, sess_key, len))
                                         return False;
 			}
 			if (!net_io_sam_passwd_info("pass", &info->pass, 
@@ -2144,7 +2144,7 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
 			if (!ps->io)
 			{
 				/* writing */
-                                if (!prs_hash1(ps, old_offset, sess_key))
+                                if (!prs_hash1(ps, old_offset, sess_key, len))
                                         return False;
 			}
 		}

source/rpc_parse/parse_prs.c

@@ -1316,7 +1316,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *me
 /*******************************************************************
  hash a stream.
  ********************************************************************/
-BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
+BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len)
 {
 	char *q;
 
@@ -1326,12 +1326,12 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
 #ifdef DEBUG_PASSWORD
 	DEBUG(100, ("prs_hash1\n"));
 	dump_data(100, sess_key, 16);
-	dump_data(100, q, 68);
+	dump_data(100, q, len);
 #endif
-	SamOEMhash((uchar *) q, sess_key, 68);
+	SamOEMhash((uchar *) q, sess_key, len);
 
 #ifdef DEBUG_PASSWORD
-	dump_data(100, q, 68);
+	dump_data(100, q, len);
 #endif
 
 	return True;