From bd2bfac62d6b66f68216520e012c845c86e4c263 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 12 Jan 2018 16:52:58 +0000
Subject: [PATCH 7/7] test: Add a test-case for EXTERNAL auth rejecting
 usernames

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 test/Makefile.am                             |  1 +
 test/data/auth/external-username.auth-script | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 test/data/auth/external-username.auth-script

diff --git a/test/Makefile.am b/test/Makefile.am
index e40088ff..3ed2880b 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -477,6 +477,7 @@ static_data = \
 	data/auth/external-root.auth-script \
 	data/auth/external-silly.auth-script \
 	data/auth/external-successful.auth-script \
+	data/auth/external-username.auth-script \
 	data/auth/extra-bytes.auth-script \
 	data/auth/fail-after-n-attempts.auth-script \
 	data/auth/fallback.auth-script \
diff --git a/test/data/auth/external-username.auth-script b/test/data/auth/external-username.auth-script
new file mode 100644
index 00000000..cd417f46
--- /dev/null
+++ b/test/data/auth/external-username.auth-script
@@ -0,0 +1,24 @@
+# Assert that EXTERNAL authentication accepts numeric uids, but not
+# login names.
+
+# This only works on Unix because USERNAME_HEX is unimplemented on Windows
+# (but no authentication mechanism uses usernames there anyway).
+UNIX_ONLY
+SERVER
+EXPECT_HAVE_NO_CREDENTIALS
+
+# C: "I claim that I am smcv"
+SEND 'AUTH EXTERNAL USERNAME_HEX'
+# S: (doesn't want to look up smcv in NSS or /etc/passwd)
+EXPECT_COMMAND REJECTED
+EXPECT_STATE WAITING_FOR_INPUT
+EXPECT_HAVE_NO_CREDENTIALS
+
+# C: "OK, how about I claim that I am uid 1000?"
+SEND 'AUTH EXTERNAL USERID_HEX'
+# S: (is happier)
+EXPECT_COMMAND OK
+EXPECT_STATE WAITING_FOR_INPUT
+SEND 'BEGIN'
+EXPECT_STATE AUTHENTICATED
+EXPECT_HAVE_SOME_CREDENTIALS
-- 
2.15.1