Removed valid_principal as a Kadmin API function

valid_principal has been removed from Wallet::Kadmin and
Wallet::Kadmin::Heimdal.  An accessor for it in Wallet::Object::Keytab
has also been removed, as have the tests in perl/t/keytab.t for the
function.  It still remains within Wallet::Kadmin::MIT and is used there,
but only as a private method for flagging what the kadmin command-line
interface cannot handle.

4 files changed, 16 insertions, 68 deletions

diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm
index 0a9bd43..95859a9 100644
--- a/perl/Wallet/Kadmin.pm
+++ b/perl/Wallet/Kadmin.pm
@@ -20,27 +20,12 @@ use Wallet::Config ();
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.02';
+$VERSION = '0.03';
 
 ##############################################################################
 # Public methods
 ##############################################################################
 
-# Validate a principal with a submodule's validator.  We can also do this via
-# creating an object with new and then running valid_principal from that,
-# but there are times we might wish to run it without going through the
-# object creation.
-sub valid_principal {
-    my ($class, $principal) = @_;
-    if ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') {
-        require Wallet::Kadmin::MIT;
-        return Wallet::Kadmin::MIT->valid_principal ($principal);
-    } elsif ($Wallet::Config::KEYTAB_KRBTYPE eq 'Heimdal') {
-        require Wallet::Kadmin::Heimdal;
-        return Wallet::Kadmin::Heimdal->valid_principal ($principal);
-    }
-}
-
 # Create a new kadmin object, by finding the type requested in the wallet
 # config and passing off to the proper module.  Returns the object directly
 # from the specific Wallet::Kadmin::* module.
@@ -111,15 +96,6 @@ Finds the proper Kerberos implementation and calls the new() constructor for
 that implementation's module, returning the result.  If the implementation
 is not recognized or set, die with an error message.
 
-=item valid_principal(PRINCIPAL)
-
-Finds the proper Kerberos implementation and calls its own valid_principal
-method, returning the result.  This tells whether a principal is valid for
-that implementation.  This can be achieved by using new() and then directly
-calling valid_principal on the returned object -- this method is a shortcut
-in case we want to check validity without creating the object and worrying
-about proper setup.
-
 =back
 
 =head1 SEE ALSO
diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm
index a8859bf..a05362e 100644
--- a/perl/Wallet/Kadmin/Heimdal.pm
+++ b/perl/Wallet/Kadmin/Heimdal.pm
@@ -21,21 +21,12 @@ use Wallet::Config ();
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.01';
+$VERSION = '0.02';
 
 ##############################################################################
 # kadmin Interaction
 ##############################################################################
 
-# Make sure that principals are well-formed and don't contain characters that
-# will cause us problems when talking to kadmin.  Takes a principal and
-# returns true if it's okay, false otherwise.  Note that we do not permit
-# realm information here.
-sub valid_principal {
-    my ($self, $principal) = @_;
-    return scalar ($principal =~ m,^[\w-]+(/[\w_.-]+)?\z,);
-}
-
 # Create a Heimdal::Kadm5 client object and return it.  It should load
 # configuration from Wallet::Config.
 sub kadmin_client {
@@ -62,7 +53,6 @@ sub kadmin_client {
 # so, false otherwise.  Throws an exception if an error.
 sub exists {
     my ($self, $principal) = @_;
-    return unless $self->valid_principal ($principal);
     if ($Wallet::Config::KEYTAB_REALM) {
         $principal .= '@' . $Wallet::Config::KEYTAB_REALM;
     }
@@ -76,9 +66,6 @@ sub exists {
 # undef.
 sub addprinc {
     my ($self, $principal) = @_;
-    unless ($self->valid_principal ($principal)) {
-        die "invalid principal name $principal\n";
-    }
 
     my $exists = eval { $self->exists ($principal) };
     if ($Wallet::Config::KEYTAB_REALM) {
@@ -117,9 +104,6 @@ sub addprinc {
 # error.
 sub ktadd {
     my ($self, $principal, $file, @enctypes) = @_;
-    unless ($self->valid_principal ($principal)) {
-        die "invalid principal name: $principal\n";
-    }
     if ($Wallet::Config::KEYTAB_REALM) {
         $principal .= '@' . $Wallet::Config::KEYTAB_REALM;
     }
@@ -164,9 +148,6 @@ sub ktadd {
 # exist, return success; we're bringing reality in line with our expectations.
 sub delprinc {
     my ($self, $principal) = @_;
-    unless ($self->valid_principal ($principal)) {
-        die "invalid principal name: $principal\n";
-    }
     my $exists = eval { $self->exists ($principal) };
     die $@ if $@;
     if (not $exists) {
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index a361599..092e973 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -24,7 +24,7 @@ use Wallet::Kadmin;
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.06';
+$VERSION = '0.07';
 
 ##############################################################################
 # AFS kaserver synchronization
@@ -490,13 +490,6 @@ sub create {
     return $self;
 }
 
-# Provides wrapper to individual Kadmin class's valid_principal.  Here only
-# to help expose for testing.
-sub valid_principal {
-    my ($self, $principal) = @_;
-    return Wallet::Kadmin->valid_principal ($principal);
-}
-
 # Override destroy to delete the principal out of Kerberos as well.
 sub destroy {
     my ($self, $user, $host, $time) = @_;
diff --git a/perl/t/keytab.t b/perl/t/keytab.t
index 3cd77d8..7745290 100755
--- a/perl/t/keytab.t
+++ b/perl/t/keytab.t
@@ -8,7 +8,8 @@
 # See LICENSE for licensing terms.
 
 use POSIX qw(strftime);
-use Test::More tests => 219;
+use Test::More tests => 208
+;
 
 use Wallet::Admin;
 use Wallet::Config;
@@ -192,18 +193,6 @@ my $dbh = $admin->dbh;
 my $history = '';
 my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);
 
-# Do some white-box testing of the principal validation regex.
-for my $bad (qw{service\* = host/foo+bar host/foo/bar /bar bar/
-                rcmd.foo}) {
-    ok (! Wallet::Object::Keytab->valid_principal ($bad),
-        "Invalid principal name $bad");
-}
-for my $good (qw{service service/foo bar foo/bar host/example.org
-                 aservice/foo}) {
-    ok (Wallet::Object::Keytab->valid_principal ($good),
-        "Valid principal name $good");
-}
-
 # Basic keytab creation and manipulation tests.
 SKIP: {
     skip 'no keytab configuration', 49 unless -f 't/data/test.keytab';
@@ -228,12 +217,21 @@ SKIP: {
         Wallet::Object::Keytab->create ('keytab', "wallet\nf", $dbh, @trace)
       };
     is ($object, undef, 'Creating malformed principal fails');
-    is ($@, "invalid principal name wallet\nf\n", ' with the right error');
+    if ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') {
+        is ($@, "invalid principal name wallet\nf\n", ' with the right error');
+    } elsif ($Wallet::Config::KEYTAB_KRBTYPE eq 'Heimdal') {
+        like ($@, qr/^error adding principal wallet\nf/, 
+              ' with the right error');
+    }
     $object = eval {
         Wallet::Object::Keytab->create ('keytab', '', $dbh, @trace)
       };
     is ($object, undef, 'Creating empty principal fails');
-    is ($@, "invalid principal name \n", ' with the right error');
+    if ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') {
+        is ($@, "invalid principal name \n", ' with the right error');
+    } elsif ($Wallet::Config::KEYTAB_KRBTYPE eq 'Heimdal') {
+        like ($@, qr/^error adding principal \@/, ' with the right error');
+    }
     $object = eval {
         Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
       };