2 files changed, 39 insertions, 3 deletions

diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm
index b804861..33c84a1 100644
--- a/perl/Wallet/Kadmin.pm
+++ b/perl/Wallet/Kadmin.pm
@@ -20,12 +20,27 @@ use Wallet::Config ();
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.01';
+$VERSION = '0.02';
 
 ##############################################################################
-# Constructor
+# Public methods
 ##############################################################################
 
+# Validate a principal with a submodule's validator.  We can also do this via
+# creating an object with new and then running valid_principal from that, 
+# but there are times we might wish to run it without going through the 
+# object creation.
+sub valid_principal {
+    my ($class, $principal) = @_;
+    if ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') {
+        require Wallet::Kadmin::MIT;
+        return Wallet::Kadmin::MIT->valid_principal ($principal);
+    } elsif ($Wallet::Config::KEYTAB_KRBTYPE eq 'Heimdal') {
+        require Wallet::Kadmin::Heimdal;
+        return Wallet::Kadmin::Heimdal->valid_principal ($principal);
+    }
+}
+
 # Create a new kadmin object, by finding the type requested in the wallet
 # config and passing off to the proper module.  Returns the object directly
 # from the specific Wallet::Kadmin::* module.
@@ -96,6 +111,15 @@ Finds the proper Kerberos implementation and calls the new() constructor for
 that implementation's module, returning the result.  If the implementation
 is not recognized or set, die with an error message.
 
+=item valid_principal(PRINCIPAL)
+
+Finds the proper Kerberos implementation and calls its own valid_principal
+method, returning the result.  This tells whether a principal is valid for
+that implementation.  This can be achieved by using new() and then directly
+calling valid_principal on the returned object -- this method is a shortcut
+in case we want to check validity without creating the object and worrying
+about proper setup.
+
 =head1 SEE ALSO
 
 kadmin(8), Wallet::Config(3), Wallet::Object::Keytab(3), wallet-backend(8)
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index 1732070..b1c9d6d 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -491,6 +491,13 @@ sub create {
     return $self;
 }
 
+# Provides wrapper to individual Kadmin class's valid_principal.  Here only
+# to help expose for testing.
+sub valid_principal {
+    my ($self, $principal) = @_;
+    return Wallet::Kadmin->valid_principal ($principal);
+}
+
 # Override destroy to delete the principal out of Kerberos as well.
 sub destroy {
     my ($self, $user, $host, $time) = @_;
@@ -547,7 +554,12 @@ sub get {
     unlink $file;
     my @enctypes = $self->attr ('enctypes');
     my $kadmin = $self->{kadmin};
-    return if not $kadmin->ktadd ($self->{name}, $file, @enctypes);
+    my $retval = eval { $kadmin->ktadd ($self->{name}, $file, @enctypes) };
+    if ($@) {
+	$self->error ($@);
+	return;
+    }
+    return unless $retval;
     local *KEYTAB;
     unless (open (KEYTAB, '<', $file)) {
         my $princ = $self->{name};