From c181a5745f9cf31e5c667393eb35255b86357887 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Tue, 5 Jul 2016 10:51:59 +0200
Subject: [PATCH] [AUTH-9288] Only check for accounts which have a maximum
 password age set

---
 include/tests_authentication | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/tests_authentication b/include/tests_authentication
index d4f35326..690e9b3c 100644
--- a/include/tests_authentication
+++ b/include/tests_authentication
@@ -739,14 +739,14 @@
     # Description : Determine which accounts have an expired password
     # Notes       : This test might not work (yet) on all platforms
     if [ -f /etc/shadow ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for expired passwords"
+    Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --description "Checking for expired passwords"
     if [ ${SKIPTEST} -eq 0 ]; then
         if FileIsReadable /etc/shadow; then
             DAYS_SINCE_EPOCH=$((`date --utc +%s`/86400))
             LogText "Data: Days since epoch is ${DAYS_SINCE_EPOCH}"
             LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)"
             # Skip fields with a !, *, or x, or !* (field $3 is last changed, $5 is maximum changed)
-            FIND=`egrep -v ":[\!\*x](\*)?:" /etc/shadow | awk -v today=${DAYS_SINCE_EPOCH} -F: '{ if (today>$3+$5) { print $1 }}'`
+            FIND=`egrep -v ":[\!\*x](\*)?:" /etc/shadow | awk -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}'`
             if [ ! "${FIND}" = "" ]; then
                 for ACCOUNT in ${FIND}; do
                     LogText "Result: password of user ${ACCOUNT} has been expired"