[AUTH-9288] New test to determine expired passwords

2015-12-22 16:00:51 +01:00 · 2015-12-22 16:00:51 +01:00 · 6520400ca4
parent d16b38eff8
commit 6520400ca4
1 changed files with 32 additions and 0 deletions
--- a/include/tests_authentication
+++ b/include/tests_authentication
@ -703,6 +703,38 @@
    fi
 #
 #################################################################################
+#
+    # Test        : AUTH-9288
+    # Description : Determine which accounts have an expired password
+    # Notes       : This test might not work yet on all platforms
+    if [ -f /etc/shadow ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for expired passwords"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if FileIsReadable /etc/shadow; then
+            DAYS_SINCE_EPOCH=$((`date --utc +%s`/86400))
+            logtext "Data: Days since epoch is ${DAYS_SINCE_EPOCH}"
+            LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)"
+            # Skip fields with a !, *, or x (field $3 is last changed, $5 is maximum changed)
+            FIND=`egrep -v ":[\!\*x]:" /etc/shadow | awk -v today=${DAYS_SINCE_EPOCH} -F: '{ if (today>$3+$5) { print $1 }}'`
+            if [ ! "${FIND}" = "" ]; then
+                for ACCOUNT in ${FIND}; do
+                    LogText "Result: password of user ${ACCOUNT} has been expired"
+                    Report "account_password_expired[]=${ACCOUNT}"
+                done
+                AddHP 0 10
+                Display --indent 2 --text "- Checking expired passwords" --result FOUND --color RED
+                ReportSuggestion "${TEST_NO}" "Delete accounts which are no longer used"
+              else
+                LogText "Result: good, no passwords have been expired"
+                Display --indent 2 --text "- Checking expired passwords" --result OK --color GREEN
+                AddHP 10 10
+            fi
+          else
+            Display --indent 2 --text "- Checking expired passwords" --result SKIPPED --color YELLOW
+        fi
+    fi
+#
+#################################################################################
 #
    # Test        : AUTH-9304
    # Description : Check if single user mode login is properly configured in Solaris