#!/bin/bash # Author: Iain Douglas # function ExitFail { t_Log "FAIL" exit $FAIL } t_Log "Runing $0 - normal user password tests" # Check that the passtest user cannot use the root only options t_Log "Checking a normal user cannot use root options" su passtest -c "passwd -l passtest" &>/dev/null && ExitFail su passtest -c "passwd -u passtest" &>/dev/null && ExitFail su passtest -c "passwd -e passtest" &>/dev/null && ExitFail su passtest -c "passwd -n 10 passtest" &>/dev/null && ExitFail su passtest -d "passwd -d passtest" &>/dev/null && ExitFail su passtest -d "passwd -S passtest" &>/dev/null && ExitFail t_Log "Pass" # Check the user can change their own password. Reset it to passtest and # turn off min change days before trying. Password becomes ano24ther t_Log "Test user can change own password" echo "passtest" | passwd --stdin passtest &>/dev/null passwd -n 0 passtest &>/dev/null ./tests/p_passwd/_user_password.expect &>/dev/null t_CheckExitStatus $? # Check that sending the wrong current password fails we send passtest t_Log "Check sending incorrect current password fails" ./tests/p_passwd/_user_password.expect &>/dev/null if [ $? -eq "3" ] then t_Log "PASS" else ExitFail fi # Check that user cannot immediately change password if minimum password # lifeftime is enabled. t_Log "Testing Minimum password lifetine is enforced" echo "passtest" | passwd --stdin passtest &>/dev/null passwd -n 1 passtest &>/dev/null ./tests/p_passwd/_user_password.expect &>/dev/null if [ $? -eq "2" ] then t_Log "PASS" else ExitFail fi # Password complexity tests echo "passtest" | passwd --stdin passtest &>/dev/null passwd -n 0 passtest &>/dev/null # Check very short password is rejected (single letter) t_Log "Test very short password is rejected (1 character)" ./tests/p_passwd/_password_complexity.expect a &>/dev/null t_CheckExitStatus $? # Check a short password is rejected (4 chars) t_Log "Test short password is rejected (4 charaters)" ./tests/p_passwd/_password_complexity.expect athe &>/dev/null t_CheckExitStatus $? # Check password is rejected with insufficient complexity t_Log "Test insufficiently complex password is rejected" ./tests/p_passwd/_password_complexity.expect betabeta &>/dev/null t_CheckExitStatus $? # Check palindromic password is rejected t_Log "Check palindromic password is rejected" ./tests/p_passwd/_password_complexity.expect qwe123321ewq &>/dev/null t_CheckExitStatus $?