only fail AUTH-9230 if no _MAX_ROUNDS is defined

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2025-07-29 16:54:26 +02:00 · 2020-12-14 21:43:14 +01:00 · 2020-12-14 21:43:14 +01:00 · 76e89b525b
commit 76e89b525b
parent 22a9fe7037
1 changed files with 35 additions and 33 deletions
--- a/include/tests_authentication
+++ b/include/tests_authentication
@ -360,42 +360,44 @@
    fi
    Register --test-no AUTH-9230 --preqs-met ${PREQS_MET} --root-only NO --weight L --network NO --category security --description "Check group password hashing rounds"
    if [ ${SKIPTEST} -eq 0 ]; then
-        LogText "Test: Checking SHA_CRYPT_MIN_ROUNDS option in ${ROOTDIR}etc/login.defs"
+        SHA_CRYPT_MIN_ROUNDS_FIND=$(${GREPBINARY} "^SHA_CRYPT_MIN_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MIN_ROUNDS") { print $2 } }')
-        FIND=$(${GREPBINARY} "^SHA_CRYPT_MIN_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MIN_ROUNDS") { print $2 } }')
+        SHA_CRYPT_MAX_ROUNDS_FIND=$(${GREPBINARY} "^SHA_CRYPT_MAX_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MAX_ROUNDS") { print $2 } }')
-        if [ -z "${FIND}" -o "${FIND}" = "0" ]; then
+
-            LogText "Result: number of minimum rounds used by the encryption algorithm is not configured"
+        if [ -z "${SHA_CRYPT_MIN_ROUNDS_FIND}" -o "${SHA_CRYPT_MIN_ROUNDS_FIND}" = "0" ] && [ -z "${SHA_CRYPT_MAX_ROUNDS_FIND}" -o "${SHA_CRYPT_MAX_ROUNDS_FIND}" = "0" ]; then
-            Display --indent 2 --text "- Checking minimum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW
+            LogText "Result: number of rounds used by the encryption algorithm is not configured"
-            ReportSuggestion "${TEST_NO}" "Configure minimum encryption algorithm rounds in /etc/login.defs"
+            Display --indent 2 --text "- Checking group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW
            ReportSuggestion "${TEST_NO}" "Configure encryption algorithm rounds in /etc/login.defs"
            AddHP 0 2
        elif [ "${FIND}" -lt 5000 ]; then
            LogText "Result: low number of minimum encryption algorithm rounds found: ${FIND}"
            PASSWORD_MINIMUM_ROUNDS=${FIND}
            Display --indent 2 --text "- Group password hashing rounds (minimum)"  --result "${STATUS_SUGGESTION}" --color YELLOW
            AddHP 1 2
        else
            LogText "Result: number of encryption algorithm rounds is ${FIND}"
            PASSWORD_MINIMUM_ROUNDS=${FIND}
            Display --indent 2 --text "- Group password hashing rounds (minimum)" --result CONFIGURED --color GREEN
            AddHP 2 2
        fi
-        LogText "Test: Checking SHA_CRYPT_MAX_ROUNDS option in ${ROOTDIR}etc/login.defs"
+        if [ -n "${SHA_CRYPT_MIN_ROUNDS_FIND}" ]; then
-        FIND=$(${GREPBINARY} "^SHA_CRYPT_MAX_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MAX_ROUNDS") { print $2 } }')
+            LogText "Test: Checking SHA_CRYPT_MIN_ROUNDS option in ${ROOTDIR}etc/login.defs"
-        if [ -z "${FIND}" -o "${FIND}" = "0" ]; then
+            if [ "${SHA_CRYPT_MIN_ROUNDS_FIND}" -lt 5000 ]; then
-            LogText "Result: number of maximum rounds used by the encryption algorithm is not configured"
+                LogText "Result: low number of minimum encryption algorithm rounds found: ${SHA_CRYPT_MIN_ROUNDS_FIND}"
-            Display --indent 2 --text "- Checking maximum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW
+                PASSWORD_MINIMUM_ROUNDS=${SHA_CRYPT_MIN_ROUNDS_FIND}
-            ReportSuggestion "${TEST_NO}" "Configure maximum encryption algorithm rounds in /etc/login.defs"
+                Display --indent 2 --text "- Group password hashing rounds (minimum)"  --result "${STATUS_SUGGESTION}" --color YELLOW
-            AddHP 0 2
+                AddHP 1 2
-        elif [ "${FIND}" -lt 10000 ]; then
+            else
-            LogText "Result: low number of maximum encryption algorithm rounds found: ${FIND}"
+                LogText "Result: number of encryption algorithm rounds is ${SHA_CRYPT_MIN_ROUNDS_FIND}"
-            PASSWORD_MINIMUM_ROUNDS=${FIND}
+                PASSWORD_MINIMUM_ROUNDS=${SHA_CRYPT_MIN_ROUNDS_FIND}
-            Display --indent 2 --text "- Group password hashing rounds (maximum)"  --result "${STATUS_SUGGESTION}" --color YELLOW
+                Display --indent 2 --text "- Group password hashing rounds (minimum)" --result CONFIGURED --color GREEN
-            AddHP 1 2
+                AddHP 2 2
-        else
+            fi
-            LogText "Result: number of encryption algorithm rounds is ${FIND}"
+        fi
-            PASSWORD_MINIMUM_ROUNDS=${FIND}
+
-            Display --indent 2 --text "- Group password hashing rounds (maximum)" --result CONFIGURED --color GREEN
+        if [ -n "${SHA_CRYPT_MAX_ROUNDS_FIND}" ]; then
-            AddHP 2 2
+            LogText "Test: Checking SHA_CRYPT_MAX_ROUNDS option in ${ROOTDIR}etc/login.defs"
            if [ "${SHA_CRYPT_MAX_ROUNDS_FIND}" -lt 10000 ]; then
                LogText "Result: low number of maximum encryption algorithm rounds found: ${SHA_CRYPT_MAX_ROUNDS_FIND}"
                PASSWORD_MAXIMUM_ROUNDS=${SHA_CRYPT_MAX_ROUNDS_FIND}
                Display --indent 2 --text "- Group password hashing rounds (maximum)"  --result "${STATUS_SUGGESTION}" --color YELLOW
                AddHP 1 2
            else
                LogText "Result: number of encryption algorithm rounds is ${SHA_CRYPT_MAX_ROUNDS_FIND}"
                PASSWORD_MAXIMUM_ROUNDS=${SHA_CRYPT_MAX_ROUNDS_FIND}
                Display --indent 2 --text "- Group password hashing rounds (maximum)" --result CONFIGURED --color GREEN
                AddHP 2 2
            fi
        fi
    fi
 #