[AUTH-9288] Only check for accounts which have a maximum password age set

2016-07-05 10:51:59 +02:00 · 2016-07-05 10:51:59 +02:00 · c181a5745f
parent d9b609ed98
commit c181a5745f
1 changed files with 2 additions and 2 deletions
--- a/include/tests_authentication
+++ b/include/tests_authentication
@ -739,14 +739,14 @@
    # Description : Determine which accounts have an expired password
    # Notes       : This test might not work (yet) on all platforms
    if [ -f /etc/shadow ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for expired passwords"
+    Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --description "Checking for expired passwords"
    if [ ${SKIPTEST} -eq 0 ]; then
        if FileIsReadable /etc/shadow; then
            DAYS_SINCE_EPOCH=$((`date --utc +%s`/86400))
            LogText "Data: Days since epoch is ${DAYS_SINCE_EPOCH}"
            LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)"
            # Skip fields with a !, *, or x, or !* (field $3 is last changed, $5 is maximum changed)
-            FIND=`egrep -v ":[\!\*x](\*)?:" /etc/shadow | awk -v today=${DAYS_SINCE_EPOCH} -F: '{ if (today>$3+$5) { print $1 }}'`
+            FIND=`egrep -v ":[\!\*x](\*)?:" /etc/shadow | awk -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}'`
            if [ ! "${FIND}" = "" ]; then
                for ACCOUNT in ${FIND}; do
                    LogText "Result: password of user ${ACCOUNT} has been expired"