2 files changed, 17 insertions, 15 deletions

diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index df6773cf2de..5d8a12a6836 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -1,5 +1,7 @@
 #include "idl_types.h"
 
+import "security.idl";
+
 /*
   ntlmssp interface definition
 */
@@ -127,20 +129,19 @@ interface ntlmssp
 		MsvAvDnsTreeName	= 5,
 		MsvAvFlags		= 6,
 		MsvAvTimestamp		= 7,
-		MsAvRestrictions	= 8,
+		MsvAvSingleHost		= 8,
 		MsvAvTargetName		= 9,
 		MsvChannelBindings	= 10
 	} ntlmssp_AvId;
 
-	/* [MS-NLMP] 2.2.2.2 Restriction_Encoding */
+	/* [MS-NLMP] 2.2.2.2 SingleHostData */
 
-	typedef struct {
-		uint32 Size;
+	typedef [flag(NDR_PAHEX)] struct {
+		[value(8+ndr_size_LSAP_TOKEN_INFO_INTEGRITY(&r->token_info, 0)+r->remaining.length)] uint32 Size;
 		[value(0)] uint32 Z4;
-		boolean32 IntegrityLevel;
-		uint32 SubjectIntegrityLevel;
-		uint8 MachineId[32];
-	} Restriction_Encoding;
+		LSAP_TOKEN_INFO_INTEGRITY token_info;
+		[flag(NDR_REMAINING)] DATA_BLOB remaining;
+	} ntlmssp_SingleHostData;
 
 	typedef [bitmap32bit] bitmap {
 		NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT		= 0x00000001,
@@ -157,7 +158,7 @@ interface ntlmssp
 		[case(MsvAvDnsTreeName)]	[flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsTreeName;
 		[case(MsvAvFlags)]		ntlmssp_AvFlags AvFlags;
 		[case(MsvAvTimestamp)]		NTTIME AvTimestamp;
-		[case(MsAvRestrictions)]	Restriction_Encoding AvRestrictions;
+		[case(MsvAvSingleHost)]		ntlmssp_SingleHostData AvSingleHost;
 		[case(MsvAvTargetName)]		[flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvTargetName;
 		[case(MsvChannelBindings)]	uint8 ChannelBindings[16];
 		[default]			[flag(NDR_REMAINING)] DATA_BLOB blob;
diff --git a/source4/torture/ndr/ntlmssp.c b/source4/torture/ndr/ntlmssp.c
index ae56192b4e5..aeac26ffe57 100644
--- a/source4/torture/ndr/ntlmssp.c
+++ b/source4/torture/ndr/ntlmssp.c
@@ -225,13 +225,14 @@ static bool ntlmssp_AUTHENTICATE_MESSAGE_check(struct torture_context *tctx,
 	torture_assert_int_equal(tctx, AvPairs.pair[3].AvLen, 46, "AvLen");
 	torture_assert_str_equal(tctx, AvPairs.pair[3].Value.AvDnsComputerName, "mthelena.ber.redhat.com", "Value.AvDnsComputerName");
 
-	torture_assert_int_equal(tctx, AvPairs.pair[4].AvId, MsAvRestrictions, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].AvId, MsvAvSingleHost, "AvId");
 	torture_assert_int_equal(tctx, AvPairs.pair[4].AvLen, 48, "AvLen");
-	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.Size, 48, "Value.AvRestrictions.Size");
-	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.Z4, 0, "Value.AvRestrictions.Z4");
-	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.IntegrityLevel, 0, "Value.AvRestrictions.IntegrityLevel");
-	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.SubjectIntegrityLevel, 0x00003000, "Value.AvRestrictions.SubjectIntegrityLevel");
-	torture_assert_mem_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.MachineId, MachineId, 32, "Value.AvRestrictions.MachineId");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.Size, 48, "Value.AvSingleHost.Size");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.Z4, 0, "Value.AvSingleHost.Z4");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.token_info.Flags, 0, "Value.AvSingleHost.token_info.Flags");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.token_info.TokenIL, 0x00003000, "Value.AvSingleHost.token_info.TokenIL");
+	torture_assert_mem_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.token_info.MachineId, MachineId, 32, "Value.AvSingleHost.token_info.MachineId");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.remaining.length, 0, "Value.AvSingleHost.remaining.length");
 
 	torture_assert_int_equal(tctx, AvPairs.pair[5].AvId, MsvChannelBindings, "AvId");
 	torture_assert_int_equal(tctx, AvPairs.pair[5].AvLen, 16, "AvLen");