summaryrefslogtreecommitdiff
path: root/selftest
diff options
context:
space:
mode:
Diffstat (limited to 'selftest')
-rw-r--r--selftest/target/samba.py40
-rw-r--r--selftest/tests/test_samba.py39
2 files changed, 79 insertions, 0 deletions
diff --git a/selftest/target/samba.py b/selftest/target/samba.py
index 025dbaeed8..3d63fe58db 100644
--- a/selftest/target/samba.py
+++ b/selftest/target/samba.py
@@ -54,3 +54,43 @@ def mk_realms_stanza(realm, dnsname, domain, kdc_ipv4):
"kdc_ipv4": kdc_ipv4, "dnsname": dnsname, "realm": realm, "domain": domain}
+def write_krb5_conf(f, realm, dnsname, domain, kdc_ipv4, tlsdir=None,
+ other_realms_stanza=None):
+ """Write a krb5.conf file.
+
+ :param f: File-like object to write to
+ :param realm: Realm
+ :param dnsname: DNS domain name
+ :param domain: Domain name
+ :param kdc_ipv4: IPv4 address of KDC
+ :param tlsdir: Optional TLS directory
+ :param other_realms_stanza: Optional extra raw text for [realms] section
+ """
+ f.write("""\
+#Generated krb5.conf for %(realm)s
+
+[libdefaults]
+\tdefault_realm = %(realm)s
+\tdns_lookup_realm = false
+\tdns_lookup_kdc = false
+\tticket_lifetime = 24h
+\tforwardable = yes
+\tallow_weak_crypto = yes
+""" % {"realm": realm})
+
+ f.write("\n[realms]\n")
+ f.write(mk_realms_stanza(realm, dnsname, domain, kdc_ipv4))
+ if other_realms_stanza:
+ f.write(other_realms_stanza)
+
+ if tlsdir:
+ f.write("""
+[appdefaults]
+ pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+[kdc]
+ enable-pkinit = true
+ pkinit_identity = FILE:%(tlsdir)s/kdc.pem,%(tlsdir)s/key.pem
+ pkinit_anchors = FILE:%(tlsdir)s/ca.pem
+
+ """ % {"tlsdir": tlsdir})
diff --git a/selftest/tests/test_samba.py b/selftest/tests/test_samba.py
index 60f6f7fca0..6fe1efefaf 100644
--- a/selftest/tests/test_samba.py
+++ b/selftest/tests/test_samba.py
@@ -19,11 +19,14 @@
"""Tests for selftest.target.samba."""
+from cStringIO import StringIO
+
from selftest.tests import TestCase
from selftest.target.samba import (
bindir_path,
mk_realms_stanza,
+ write_krb5_conf,
)
@@ -64,3 +67,39 @@ class MkRealmsStanzaTests(TestCase):
}
''')
+
+
+class WriteKrb5ConfTests(TestCase):
+
+ def test_simple(self):
+ f = StringIO()
+ write_krb5_conf(f, "rijk", "dnsnaam", "domein", "kdc_ipv4")
+ self.assertEquals('''\
+#Generated krb5.conf for rijk
+
+[libdefaults]
+\tdefault_realm = rijk
+\tdns_lookup_realm = false
+\tdns_lookup_kdc = false
+\tticket_lifetime = 24h
+\tforwardable = yes
+\tallow_weak_crypto = yes
+
+[realms]
+ rijk = {
+ kdc = kdc_ipv4:88
+ admin_server = kdc_ipv4:88
+ default_domain = dnsnaam
+ }
+ dnsnaam = {
+ kdc = kdc_ipv4:88
+ admin_server = kdc_ipv4:88
+ default_domain = dnsnaam
+ }
+ domein = {
+ kdc = kdc_ipv4:88
+ admin_server = kdc_ipv4:88
+ default_domain = dnsnaam
+ }
+
+''', f.getvalue())