selftest.py: Add write_krb5_conf.

1 files changed, 40 insertions, 0 deletions

diff --git a/selftest/target/samba.py b/selftest/target/samba.py
index 025dbaeed8..3d63fe58db 100644
--- a/selftest/target/samba.py
+++ b/selftest/target/samba.py
@@ -54,3 +54,43 @@ def mk_realms_stanza(realm, dnsname, domain, kdc_ipv4):
     "kdc_ipv4": kdc_ipv4, "dnsname": dnsname, "realm": realm, "domain": domain}
 
 
+def write_krb5_conf(f, realm, dnsname, domain, kdc_ipv4, tlsdir=None,
+        other_realms_stanza=None):
+    """Write a krb5.conf file.
+
+    :param f: File-like object to write to
+    :param realm: Realm
+    :param dnsname: DNS domain name
+    :param domain: Domain name
+    :param kdc_ipv4: IPv4 address of KDC
+    :param tlsdir: Optional TLS directory
+    :param other_realms_stanza: Optional extra raw text for [realms] section
+    """
+    f.write("""\
+#Generated krb5.conf for %(realm)s
+
+[libdefaults]
+\tdefault_realm = %(realm)s
+\tdns_lookup_realm = false
+\tdns_lookup_kdc = false
+\tticket_lifetime = 24h
+\tforwardable = yes
+\tallow_weak_crypto = yes
+""" % {"realm": realm})
+
+    f.write("\n[realms]\n")
+    f.write(mk_realms_stanza(realm, dnsname, domain, kdc_ipv4))
+    if other_realms_stanza:
+        f.write(other_realms_stanza)
+
+    if tlsdir:
+        f.write("""
+[appdefaults]
+	pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+[kdc]
+	enable-pkinit = true
+	pkinit_identity = FILE:%(tlsdir)s/kdc.pem,%(tlsdir)s/key.pem
+	pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+    """ % {"tlsdir": tlsdir})