From 7c93fb57f598a8d0d2528c950b9eec2cf5e14189 Mon Sep 17 00:00:00 2001
From: Joe Guo <joeg@catalyst.net.nz>
Date: Tue, 1 May 2018 16:58:01 +1200
Subject: [PATCH] traffic_packets: provision request data for packet_drsuapi_13

The `drsuapi.DsWriteAccountSpnRequest1` struct in this packet was empty before.
Samba lets it go but Windows will report an invalid parameter error.

Provision the request with proper data, and give user permission to
write account SPN.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---
 python/samba/emulate/traffic_packets.py      | 8 +++++++-
 python/samba/tests/emulate/traffic_packet.py | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/python/samba/emulate/traffic_packets.py b/python/samba/emulate/traffic_packets.py
index d23a7669ad9..1413c8bfb80 100644
--- a/python/samba/emulate/traffic_packets.py
+++ b/python/samba/emulate/traffic_packets.py
@@ -242,7 +242,13 @@ def packet_drsuapi_12(packet, conversation, context):
 def packet_drsuapi_13(packet, conversation, context):
     # DsWriteAccountSpn
     req = drsuapi.DsWriteAccountSpnRequest1()
-    req.operation = drsuapi.DRSUAPI_DS_SPN_OPERATION_ADD
+    req.operation = drsuapi.DRSUAPI_DS_SPN_OPERATION_REPLACE
+    req.unknown1 = 0  # Unused, must be 0
+    req.object_dn = context.user_dn
+    req.count = 1  # only 1 name
+    spn_name = drsuapi.DsNameString()
+    spn_name.str = 'foo/{}'.format(context.username)
+    req.spn_names = [spn_name]
     (drs, handle) = context.get_drsuapi_connection_pair()
     (level, res) = drs.DsWriteAccountSpn(handle, 1, req)
     return True
diff --git a/python/samba/tests/emulate/traffic_packet.py b/python/samba/tests/emulate/traffic_packet.py
index 8aa6ca03247..61fd9008964 100644
--- a/python/samba/tests/emulate/traffic_packet.py
+++ b/python/samba/tests/emulate/traffic_packet.py
@@ -28,6 +28,7 @@ from samba.emulate import traffic
 
 from samba.samdb import SamDB
 import samba.tests
+from samba import sd_utils
 
 
 class TrafficEmulatorPacketTests(samba.tests.TestCase):
@@ -79,6 +80,11 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
 
         self.context.generate_process_local_config(account, self.conversation)
 
+        # grant user write permission to do things like write account SPN
+        sdutils = sd_utils.SDUtils(self.ldb)
+        mod = "(A;;WP;;;PS)"
+        sdutils.dacl_add_ace(self.context.user_dn, mod)
+
     def tearDown(self):
         super(TrafficEmulatorPacketTests, self).tearDown()
         traffic.clean_up_accounts(self.ldb, 1)
-- 
2.34.1