diff --git a/include/tests_authentication b/include/tests_authentication index 4201c962..38a55b61 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -703,6 +703,38 @@ fi # ################################################################################# +# + # Test : AUTH-9288 + # Description : Determine which accounts have an expired password + # Notes : This test might not work yet on all platforms + if [ -f /etc/shadow ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for expired passwords" + if [ ${SKIPTEST} -eq 0 ]; then + if FileIsReadable /etc/shadow; then + DAYS_SINCE_EPOCH=$((`date --utc +%s`/86400)) + logtext "Data: Days since epoch is ${DAYS_SINCE_EPOCH}" + LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)" + # Skip fields with a !, *, or x (field $3 is last changed, $5 is maximum changed) + FIND=`egrep -v ":[\!\*x]:" /etc/shadow | awk -v today=${DAYS_SINCE_EPOCH} -F: '{ if (today>$3+$5) { print $1 }}'` + if [ ! "${FIND}" = "" ]; then + for ACCOUNT in ${FIND}; do + LogText "Result: password of user ${ACCOUNT} has been expired" + Report "account_password_expired[]=${ACCOUNT}" + done + AddHP 0 10 + Display --indent 2 --text "- Checking expired passwords" --result FOUND --color RED + ReportSuggestion "${TEST_NO}" "Delete accounts which are no longer used" + else + LogText "Result: good, no passwords have been expired" + Display --indent 2 --text "- Checking expired passwords" --result OK --color GREEN + AddHP 10 10 + fi + else + Display --indent 2 --text "- Checking expired passwords" --result SKIPPED --color YELLOW + fi + fi +# +################################################################################# # # Test : AUTH-9304 # Description : Check if single user mode login is properly configured in Solaris