Fix the keytab principal validation regex to allow instances

containing periods.  Otherwise, it's hard to manage host keytabs.  Add
a missing test suite for that method.

2 files changed, 14 insertions, 2 deletions

diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index ed998aa..fcd427a 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -36,7 +36,7 @@ $VERSION = '0.03';
 # realm information here.
 sub valid_principal {
     my ($self, $principal) = @_;
-    return scalar ($principal =~ m,^[\w-]+(/[\w_-]+)?\z,);
+    return scalar ($principal =~ m,^[\w-]+(/[\w_.-]+)?\z,);
 }
 
 # Run a kadmin command and capture the output.  Returns the output, either as
diff --git a/perl/t/keytab.t b/perl/t/keytab.t
index 2d19845..0dd6bc3 100755
--- a/perl/t/keytab.t
+++ b/perl/t/keytab.t
@@ -9,7 +9,7 @@
 # See LICENSE for licensing terms.
 
 use POSIX qw(strftime);
-use Test::More tests => 204;
+use Test::More tests => 217;
 
 use Wallet::Config;
 use Wallet::Object::Keytab;
@@ -199,6 +199,18 @@ my $dbh = $server->dbh;
 my $history = '';
 my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);
 
+# Do some white-box testing of the principal validation regex.
+for my $bad (qw{service\* = host/foo+bar host/foo/bar /bar bar/
+                rcmd.foo}) {
+    ok (! Wallet::Object::Keytab->valid_principal ($bad),
+        "Invalid principal name $bad");
+}
+for my $good (qw{service service/foo bar foo/bar host/example.org
+                 aservice/foo}) {
+    ok (Wallet::Object::Keytab->valid_principal ($good),
+        "Valid principal name $good");
+}
+
 # Basic keytab creation and manipulation tests.
 SKIP: {
     skip 'no keytab configuration', 49 unless -f 't/data/test.keytab';