test: Add a test-case for EXTERNAL auth rejecting usernames

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588

diff --git a/test/Makefile.am b/test/Makefile.am
index e40088ffa918580676471f93c9421702aebc9bfe..3ed2880bf6524ec3a30ed624cc933519cd4d07b0 100644 (file)
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -477,6 +477,7 @@ static_data = \
        data/auth/external-root.auth-script \
        data/auth/external-silly.auth-script \
        data/auth/external-successful.auth-script \
+       data/auth/external-username.auth-script \
        data/auth/extra-bytes.auth-script \
        data/auth/fail-after-n-attempts.auth-script \
        data/auth/fallback.auth-script \

diff --git a/test/data/auth/external-username.auth-script b/test/data/auth/external-username.auth-script
new file mode 100644 (file)
index 0000000..cd417f4
--- /dev/null
+++ b/test/data/auth/external-username.auth-script
@@ -0,0 +1,24 @@
+# Assert that EXTERNAL authentication accepts numeric uids, but not
+# login names.
+
+# This only works on Unix because USERNAME_HEX is unimplemented on Windows
+# (but no authentication mechanism uses usernames there anyway).
+UNIX_ONLY
+SERVER
+EXPECT_HAVE_NO_CREDENTIALS
+
+# C: "I claim that I am smcv"
+SEND 'AUTH EXTERNAL USERNAME_HEX'
+# S: (doesn't want to look up smcv in NSS or /etc/passwd)
+EXPECT_COMMAND REJECTED
+EXPECT_STATE WAITING_FOR_INPUT
+EXPECT_HAVE_NO_CREDENTIALS
+
+# C: "OK, how about I claim that I am uid 1000?"
+SEND 'AUTH EXTERNAL USERID_HEX'
+# S: (is happier)
+EXPECT_COMMAND OK
+EXPECT_STATE WAITING_FOR_INPUT
+SEND 'BEGIN'
+EXPECT_STATE AUTHENTICATED
+EXPECT_HAVE_SOME_CREDENTIALS