selftest: Allow a krb5.conf to be generated that covers multiple realms
[amitay/samba.git] / selftest / target / Samba.pm
index 820bd9e19c9c38ed6de7917a23013606608c62ca..d993611eda8792f70364ced2de2a367c4bea8ed9 100644 (file)
@@ -59,4 +59,75 @@ sub bindir_path($$) {
        return $path;
 }
 
+sub mk_krb5_conf($$)
+{
+       my ($ctx, $other_realms_stanza) = @_;
+
+       unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
+               warn("can't open $ctx->{krb5_conf}$?");
+               return undef;
+       }
+
+       my $our_realms_stanza = mk_realms_stanza($ctx->{realm},
+                                                $ctx->{dnsname},
+                                                $ctx->{domain},
+                                                $ctx->{kdc_ipv4});
+       print KRB5CONF "
+#Generated krb5.conf for $ctx->{realm}
+
+[libdefaults]
+ default_realm = $ctx->{realm}
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ forwardable = yes
+ allow_weak_crypto = yes
+
+[realms]
+ $our_realms_stanza
+ $other_realms_stanza
+";
+
+
+        if (defined($ctx->{tlsdir})) {
+              print KRB5CONF "
+
+[appdefaults]
+       pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
+
+[kdc]
+       enable-pkinit = true
+       pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
+       pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
+
+";
+        }
+       close(KRB5CONF);
+}
+
+sub mk_realms_stanza($$$$)
+{
+       my ($realm, $dnsname, $domain, $kdc_ipv4) = @_;
+
+       my $realms_stanza = "
+ $realm = {
+  kdc = $kdc_ipv4:88
+  admin_server = $kdc_ipv4:88
+  default_domain = $dnsname
+ }
+ $dnsname = {
+  kdc = $kdc_ipv4:88
+  admin_server = $kdc_ipv4:88
+  default_domain = $dnsname
+ }
+ $domain = {
+  kdc = $kdc_ipv4:88
+  admin_server = $kdc_ipv4:88
+  default_domain = $dnsname
+ }
+
+";
+        return $realms_stanza;
+}
+
 1;