diff options
author | pyllyukko <pyllyukko@maimed.org> | 2017-03-27 10:19:55 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-27 10:19:55 +0300 |
commit | 88f39b9540246d9d40751d097baac7eb12ebca80 (patch) | |
tree | b348cf1b7d6fcb468f03f9afc95cfd9cfdf52d15 | |
parent | a0849ac05329f4c371d52a2d9fad71db4db53740 (diff) |
Fix regex to disregard locked accounts (#371)
This way, accounts that have ":!!:" in shadow and have an entry in
"Password expires" field don't get flagged with "Result: password of
user XYZ has been expired" by AUTH-9288.
Fixes #362
-rw-r--r-- | include/tests_authentication | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index 51e58130..7e659bd0 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -825,7 +825,7 @@ LogText "Data: Days since epoch is ${DAYS_SINCE_EPOCH}" LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)" # Skip fields with a !, *, or x, or !* (field $3 is last changed, $5 is maximum changed) - FIND=$(${EGREPBINARY} -v ":[\!\*x](\*)?:" /etc/shadow | ${AWKBINARY} -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}') + FIND=$(${EGREPBINARY} -v ":[\!\*x]([\*\!])?:" /etc/shadow | ${AWKBINARY} -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}') if [ ! "${FIND}" = "" ]; then for ACCOUNT in ${FIND}; do LogText "Result: password of user ${ACCOUNT} has been expired" |