2024-12-23 17:34:34 +03:00 · 2012-03-23 23:46:34 +01:00 · 2012-03-23 23:46:34 +01:00 · 99b4d52633
commit 99b4d52633
parent 289632f85e
2 changed files with 79 additions and 0 deletions
--- a/selftest/target/samba.py
+++ b/selftest/target/samba.py
@ -54,3 +54,43 @@ def mk_realms_stanza(realm, dnsname, domain, kdc_ipv4):
    "kdc_ipv4": kdc_ipv4, "dnsname": dnsname, "realm": realm, "domain": domain}


+def write_krb5_conf(f, realm, dnsname, domain, kdc_ipv4, tlsdir=None,
+        other_realms_stanza=None):
+    """Write a krb5.conf file.
+
+    :param f: File-like object to write to
+    :param realm: Realm
+    :param dnsname: DNS domain name
+    :param domain: Domain name
+    :param kdc_ipv4: IPv4 address of KDC
+    :param tlsdir: Optional TLS directory
+    :param other_realms_stanza: Optional extra raw text for [realms] section
+    """
+    f.write("""\
+#Generated krb5.conf for %(realm)s
+
+[libdefaults]
+\tdefault_realm = %(realm)s
+\tdns_lookup_realm = false
+\tdns_lookup_kdc = false
+\tticket_lifetime = 24h
+\tforwardable = yes
+\tallow_weak_crypto = yes
+""" % {"realm": realm})
+
+    f.write("\n[realms]\n")
+    f.write(mk_realms_stanza(realm, dnsname, domain, kdc_ipv4))
+    if other_realms_stanza:
+        f.write(other_realms_stanza)
+
+    if tlsdir:
+        f.write("""
+[appdefaults]
+	pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+[kdc]
+	enable-pkinit = true
+	pkinit_identity = FILE:%(tlsdir)s/kdc.pem,%(tlsdir)s/key.pem
+	pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+    """ % {"tlsdir": tlsdir})
--- a/selftest/tests/test_samba.py
+++ b/selftest/tests/test_samba.py
@ -19,11 +19,14 @@

 """Tests for selftest.target.samba."""

+from cStringIO import StringIO
+
 from selftest.tests import TestCase

 from selftest.target.samba import (
    bindir_path,
    mk_realms_stanza,
+    write_krb5_conf,
    )


@ -64,3 +67,39 @@ class MkRealmsStanzaTests(TestCase):
 }

 ''')
+
+
+class WriteKrb5ConfTests(TestCase):
+
+    def test_simple(self):
+        f = StringIO()
+        write_krb5_conf(f, "rijk", "dnsnaam", "domein", "kdc_ipv4")
+        self.assertEquals('''\
+#Generated krb5.conf for rijk
+
+[libdefaults]
+\tdefault_realm = rijk
+\tdns_lookup_realm = false
+\tdns_lookup_kdc = false
+\tticket_lifetime = 24h
+\tforwardable = yes
+\tallow_weak_crypto = yes
+
+[realms]
+ rijk = {
+  kdc = kdc_ipv4:88
+  admin_server = kdc_ipv4:88
+  default_domain = dnsnaam
+ }
+ dnsnaam = {
+  kdc = kdc_ipv4:88
+  admin_server = kdc_ipv4:88
+  default_domain = dnsnaam
+ }
+ domein = {
+  kdc = kdc_ipv4:88
+  admin_server = kdc_ipv4:88
+  default_domain = dnsnaam
+ }
+
+''', f.getvalue())