traffic_packets: provision request data for packet_drsuapi_13

The `drsuapi.DsWriteAccountSpnRequest1` struct in this packet was empty before.
Samba lets it go but Windows will report an invalid parameter error.

Provision the request with proper data, and give user permission to
write account SPN.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

python/samba/emulate/traffic_packets.py

@@ -242,7 +242,13 @@ def packet_drsuapi_12(packet, conversation, context):
 def packet_drsuapi_13(packet, conversation, context):
     # DsWriteAccountSpn
     req = drsuapi.DsWriteAccountSpnRequest1()
-    req.operation = drsuapi.DRSUAPI_DS_SPN_OPERATION_ADD
+    req.operation = drsuapi.DRSUAPI_DS_SPN_OPERATION_REPLACE
+    req.unknown1 = 0  # Unused, must be 0
+    req.object_dn = context.user_dn
+    req.count = 1  # only 1 name
+    spn_name = drsuapi.DsNameString()
+    spn_name.str = 'foo/{}'.format(context.username)
+    req.spn_names = [spn_name]
     (drs, handle) = context.get_drsuapi_connection_pair()
     (level, res) = drs.DsWriteAccountSpn(handle, 1, req)
     return True

python/samba/tests/emulate/traffic_packet.py

@@ -28,6 +28,7 @@ from samba.emulate import traffic
 
 from samba.samdb import SamDB
 import samba.tests
+from samba import sd_utils
 
 
 class TrafficEmulatorPacketTests(samba.tests.TestCase):
@@ -79,6 +80,11 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
 
         self.context.generate_process_local_config(account, self.conversation)
 
+        # grant user write permission to do things like write account SPN
+        sdutils = sd_utils.SDUtils(self.ldb)
+        mod = "(A;;WP;;;PS)"
+        sdutils.dacl_add_ace(self.context.user_dn, mod)
+
     def tearDown(self):
         super(TrafficEmulatorPacketTests, self).tearDown()
         traffic.clean_up_accounts(self.ldb, 1)