diff options
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/target/samba.py | 40 | ||||
-rw-r--r-- | selftest/tests/test_samba.py | 39 |
2 files changed, 79 insertions, 0 deletions
diff --git a/selftest/target/samba.py b/selftest/target/samba.py index 025dbaeed8..3d63fe58db 100644 --- a/selftest/target/samba.py +++ b/selftest/target/samba.py @@ -54,3 +54,43 @@ def mk_realms_stanza(realm, dnsname, domain, kdc_ipv4): "kdc_ipv4": kdc_ipv4, "dnsname": dnsname, "realm": realm, "domain": domain} +def write_krb5_conf(f, realm, dnsname, domain, kdc_ipv4, tlsdir=None, + other_realms_stanza=None): + """Write a krb5.conf file. + + :param f: File-like object to write to + :param realm: Realm + :param dnsname: DNS domain name + :param domain: Domain name + :param kdc_ipv4: IPv4 address of KDC + :param tlsdir: Optional TLS directory + :param other_realms_stanza: Optional extra raw text for [realms] section + """ + f.write("""\ +#Generated krb5.conf for %(realm)s + +[libdefaults] +\tdefault_realm = %(realm)s +\tdns_lookup_realm = false +\tdns_lookup_kdc = false +\tticket_lifetime = 24h +\tforwardable = yes +\tallow_weak_crypto = yes +""" % {"realm": realm}) + + f.write("\n[realms]\n") + f.write(mk_realms_stanza(realm, dnsname, domain, kdc_ipv4)) + if other_realms_stanza: + f.write(other_realms_stanza) + + if tlsdir: + f.write(""" +[appdefaults] + pkinit_anchors = FILE:%(tlsdir)s/ca.pem + +[kdc] + enable-pkinit = true + pkinit_identity = FILE:%(tlsdir)s/kdc.pem,%(tlsdir)s/key.pem + pkinit_anchors = FILE:%(tlsdir)s/ca.pem + + """ % {"tlsdir": tlsdir}) diff --git a/selftest/tests/test_samba.py b/selftest/tests/test_samba.py index 60f6f7fca0..6fe1efefaf 100644 --- a/selftest/tests/test_samba.py +++ b/selftest/tests/test_samba.py @@ -19,11 +19,14 @@ """Tests for selftest.target.samba.""" +from cStringIO import StringIO + from selftest.tests import TestCase from selftest.target.samba import ( bindir_path, mk_realms_stanza, + write_krb5_conf, ) @@ -64,3 +67,39 @@ class MkRealmsStanzaTests(TestCase): } ''') + + +class WriteKrb5ConfTests(TestCase): + + def test_simple(self): + f = StringIO() + write_krb5_conf(f, "rijk", "dnsnaam", "domein", "kdc_ipv4") + self.assertEquals('''\ +#Generated krb5.conf for rijk + +[libdefaults] +\tdefault_realm = rijk +\tdns_lookup_realm = false +\tdns_lookup_kdc = false +\tticket_lifetime = 24h +\tforwardable = yes +\tallow_weak_crypto = yes + +[realms] + rijk = { + kdc = kdc_ipv4:88 + admin_server = kdc_ipv4:88 + default_domain = dnsnaam + } + dnsnaam = { + kdc = kdc_ipv4:88 + admin_server = kdc_ipv4:88 + default_domain = dnsnaam + } + domein = { + kdc = kdc_ipv4:88 + admin_server = kdc_ipv4:88 + default_domain = dnsnaam + } + +''', f.getvalue()) |