2 files changed, 79 insertions, 0 deletions

diff --git a/selftest/target/samba.py b/selftest/target/samba.py
index 025dbaeed8..3d63fe58db 100644
--- a/selftest/target/samba.py
+++ b/selftest/target/samba.py
@@ -54,3 +54,43 @@ def mk_realms_stanza(realm, dnsname, domain, kdc_ipv4):
     "kdc_ipv4": kdc_ipv4, "dnsname": dnsname, "realm": realm, "domain": domain}
 
 
+def write_krb5_conf(f, realm, dnsname, domain, kdc_ipv4, tlsdir=None,
+        other_realms_stanza=None):
+    """Write a krb5.conf file.
+
+    :param f: File-like object to write to
+    :param realm: Realm
+    :param dnsname: DNS domain name
+    :param domain: Domain name
+    :param kdc_ipv4: IPv4 address of KDC
+    :param tlsdir: Optional TLS directory
+    :param other_realms_stanza: Optional extra raw text for [realms] section
+    """
+    f.write("""\
+#Generated krb5.conf for %(realm)s
+
+[libdefaults]
+\tdefault_realm = %(realm)s
+\tdns_lookup_realm = false
+\tdns_lookup_kdc = false
+\tticket_lifetime = 24h
+\tforwardable = yes
+\tallow_weak_crypto = yes
+""" % {"realm": realm})
+
+    f.write("\n[realms]\n")
+    f.write(mk_realms_stanza(realm, dnsname, domain, kdc_ipv4))
+    if other_realms_stanza:
+        f.write(other_realms_stanza)
+
+    if tlsdir:
+        f.write("""
+[appdefaults]
+	pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+[kdc]
+	enable-pkinit = true
+	pkinit_identity = FILE:%(tlsdir)s/kdc.pem,%(tlsdir)s/key.pem
+	pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+    """ % {"tlsdir": tlsdir})
diff --git a/selftest/tests/test_samba.py b/selftest/tests/test_samba.py
index 60f6f7fca0..6fe1efefaf 100644
--- a/selftest/tests/test_samba.py
+++ b/selftest/tests/test_samba.py
@@ -19,11 +19,14 @@
 
 """Tests for selftest.target.samba."""
 
+from cStringIO import StringIO
+
 from selftest.tests import TestCase
 
 from selftest.target.samba import (
     bindir_path,
     mk_realms_stanza,
+    write_krb5_conf,
     )
 
 
@@ -64,3 +67,39 @@ class MkRealmsStanzaTests(TestCase):
  }
 
 ''')
+
+
+class WriteKrb5ConfTests(TestCase):
+
+    def test_simple(self):
+        f = StringIO()
+        write_krb5_conf(f, "rijk", "dnsnaam", "domein", "kdc_ipv4")
+        self.assertEquals('''\
+#Generated krb5.conf for rijk
+
+[libdefaults]
+\tdefault_realm = rijk
+\tdns_lookup_realm = false
+\tdns_lookup_kdc = false
+\tticket_lifetime = 24h
+\tforwardable = yes
+\tallow_weak_crypto = yes
+
+[realms]
+ rijk = {
+  kdc = kdc_ipv4:88
+  admin_server = kdc_ipv4:88
+  default_domain = dnsnaam
+ }
+ dnsnaam = {
+  kdc = kdc_ipv4:88
+  admin_server = kdc_ipv4:88
+  default_domain = dnsnaam
+ }
+ domein = {
+  kdc = kdc_ipv4:88
+  admin_server = kdc_ipv4:88
+  default_domain = dnsnaam
+ }
+
+''', f.getvalue())