From 9456b0eee753d9fd368347b6974a2f6f8d941d4f Mon Sep 17 00:00:00 2001 From: Kam Nasim Date: Tue, 11 Apr 2017 17:23:03 -0400 Subject: [PATCH] rootdn should not bypass ppolicy test022-ppolicy fails due to the change. The ppolicy behavior is different with origian design, but that is intended, so remove the testcase. --- servers/slapd/overlays/ppolicy.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index b446deb..fa79872 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1950,7 +1950,8 @@ ppolicy_modify( Operation *op, SlapReply for(p=tl; p; p=p->next, hsize++); /* count history size */ } - if (be_isroot( op )) goto do_modify; + /* WRS UPDATE: Run ppolicy for all user password modify ops */ + //if (be_isroot( op )) goto do_modify; /* NOTE: according to draft-behera-ldap-password-policy * pwdAllowUserChange == FALSE must only prevent pwd changes @@ -2054,7 +2055,13 @@ ppolicy_modify( Operation *op, SlapReply } bv = newpw.bv_val ? &newpw : &addmod->sml_values[0]; - if (pp.pwdCheckQuality > 0) { + + /* WRS UPDATE: + * If this is a rootDN op and this is the first password + * then bypass password policies as this is a new account + * creation + */ + if (pp.pwdCheckQuality > 0 && !(be_isroot( op ) && !pa)) { rc = check_password_quality( bv, &pp, &pErr, e, (char **)&txt ); if (rc != LDAP_SUCCESS) { --- ./tests/scripts/test022-ppolicy +++ /dev/null @@ -1,673 +0,0 @@ -#! /bin/sh -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2021 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . - -echo "running defines.sh" -. $SRCDIR/scripts/defines.sh - -if test $PPOLICY = ppolicyno; then - echo "Password policy overlay not available, test skipped" - exit 0 -fi - -mkdir -p $TESTDIR $DBDIR1 - -$SLAPPASSWD -g -n >$CONFIGPWF -echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf - -echo "Starting slapd on TCP/IP port $PORT1..." -. $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1 -$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & -PID=$! -if test $WAIT != 0 ; then - echo PID $PID - read foo -fi -KILLPIDS="$PID" - -USER="uid=nd, ou=People, dc=example, dc=com" -PASS=testpassword - -sleep 1 - -echo "Using ldapsearch to check that slapd is running..." -for i in 0 1 2 3 4 5; do - $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ - 'objectclass=*' > /dev/null 2>&1 - RC=$? - if test $RC = 0 ; then - break - fi - echo "Waiting 5 seconds for slapd to start..." - sleep 5 -done -if test $RC != 0 ; then - echo "ldapsearch failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo /dev/null > $TESTOUT - -echo "Testing redundant ppolicy instance..." -$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 -dn: olcOverlay=ppolicy,olcDatabase={1}$BACKEND,cn=config -objectClass: olcOverlayConfig -objectClass: olcPPolicyConfig -olcOverlay: ppolicy -olcPPolicyDefault: cn=duplicate policy,ou=policies,dc=example,dc=com -EOF -RC=$? -if test $RC = 0 ; then - echo "ldapadd should have failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -echo "Using ldapadd to populate the database..." -# may need "-e relax" for draft 09, but not yet. -$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ - $LDIFPPOLICY >> $TESTOUT 2>&1 -RC=$? -if test $RC != 0 ; then - echo "ldapadd failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Testing account lockout..." -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1 -sleep 2 -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1 -sleep 2 -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1 -sleep 2 -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1 -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1 -COUNT=`grep "Account locked" $SEARCHOUT | wc -l` -if test $COUNT != 2 ; then - echo "Account lockout test failed" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -echo "Waiting 20 seconds for lockout to reset..." -sleep 20 - -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -RC=$? -if test $RC != 0 ; then - echo "ldapsearch failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Testing password expiration" -echo "Waiting 20 seconds for password to expire..." -sleep 20 - -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base > $SEARCHOUT 2>&1 -sleep 2 -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -sleep 2 -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -sleep 2 -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -RC=$? -if test $RC = 0 ; then - echo "Password expiration failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -COUNT=`grep "grace logins" $SEARCHOUT | wc -l` -if test $COUNT != 3 ; then - echo "Password expiration test failed" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -echo "Resetting password to clear expired status" -$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ - -w secret -s $PASS \ - -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1 -RC=$? -if test $RC != 0 ; then - echo "ldappasswd failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Filling password history..." -$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \ - $TESTOUT 2>&1 << EOMODS -dn: $USER -changetype: modify -delete: userpassword -userpassword: $PASS -- -replace: userpassword -userpassword: 20urgle12-1 - -dn: $USER -changetype: modify -delete: userpassword -userpassword: 20urgle12-1 -- -replace: userpassword -userpassword: 20urgle12-2 - -dn: $USER -changetype: modify -delete: userpassword -userpassword: 20urgle12-2 -- -replace: userpassword -userpassword: 20urgle12-3 - -dn: $USER -changetype: modify -delete: userpassword -userpassword: 20urgle12-3 -- -replace: userpassword -userpassword: 20urgle12-4 - -dn: $USER -changetype: modify -delete: userpassword -userpassword: 20urgle12-4 -- -replace: userpassword -userpassword: 20urgle12-5 - -dn: $USER -changetype: modify -delete: userpassword -userpassword: 20urgle12-5 -- -replace: userpassword -userpassword: 20urgle12-6 - -EOMODS -RC=$? -if test $RC != 0 ; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi -echo "Testing password history..." -$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \ - $TESTOUT 2>&1 << EOMODS -dn: $USER -changetype: modify -delete: userPassword -userPassword: 20urgle12-6 -- -replace: userPassword -userPassword: 20urgle12-2 - -EOMODS -RC=$? -if test $RC = 0 ; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -echo "Testing forced reset..." - -$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ - $TESTOUT 2>&1 << EOMODS -dn: $USER -changetype: modify -replace: userPassword -userPassword: $PASS -- -replace: pwdReset -pwdReset: TRUE - -EOMODS -RC=$? -if test $RC != 0 ; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base > $SEARCHOUT 2>&1 -RC=$? -if test $RC = 0 ; then - echo "Forced reset failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l` -if test $COUNT != 1 ; then - echo "Forced reset test failed" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -echo "Clearing forced reset..." - -$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ - $TESTOUT 2>&1 << EOMODS -dn: $USER -changetype: modify -delete: pwdReset - -EOMODS -RC=$? -if test $RC != 0 ; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base > $SEARCHOUT 2>&1 -RC=$? -if test $RC != 0 ; then - echo "Clearing forced reset failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Testing Safe modify..." - -$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ - -w $PASS -s failexpect \ - -D "$USER" >> $TESTOUT 2>&1 -RC=$? -if test $RC = 0 ; then - echo "Safe modify test 1 failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -sleep 2 - -OLDPASS=$PASS -PASS=successexpect - -$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ - -w $OLDPASS -s $PASS -a $OLDPASS \ - -D "$USER" >> $TESTOUT 2>&1 -RC=$? -if test $RC != 0 ; then - echo "Safe modify test 2 failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Testing length requirement..." -# check control in response (ITS#5711) -$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ - -w $PASS -a $PASS -s 2shr \ - -D "$USER" -e ppolicy > ${TESTOUT}.2 2>&1 -RC=$? -cat ${TESTOUT}.2 >> $TESTOUT -if test $RC = 0 ; then - echo "Length requirement test failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi -COUNT=`grep "Password fails quality" ${TESTOUT}.2 | wc -l` -if test $COUNT != 1 ; then - echo "Length requirement test failed" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi -COUNT=`grep "Password is too short for policy" ${TESTOUT}.2 | wc -l` -if test $COUNT != 1 ; then - echo "Control not returned in response" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -echo "Testing hashed length requirement..." - -$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS > \ - ${TESTOUT}.2 2>&1 << EOMODS -dn: $USER -changetype: modify -delete: userPassword -userPassword: $PASS -- -add: userPassword -userPassword: {MD5}xxxxxx - -EOMODS -RC=$? -cat ${TESTOUT}.2 >> $TESTOUT -if test $RC = 0 ; then - echo "Hashed length requirement test failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi -COUNT=`grep "Password fails quality" ${TESTOUT}.2 | wc -l` -if test $COUNT != 1 ; then - echo "Hashed length requirement test failed" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -echo "Testing multiple password add/modify checks..." - -$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ - $TESTOUT 2>&1 << EOMODS -dn: cn=Add Should Fail, ou=People, dc=example, dc=com -changetype: add -objectClass: inetOrgPerson -cn: Add Should Fail -sn: Fail -userPassword: firstpw -userPassword: secondpw -EOMODS -RC=$? -if test $RC = 0 ; then - echo "Multiple password add test failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ - $TESTOUT 2>&1 << EOMODS -dn: $USER -changetype: modify -add: userPassword -userPassword: firstpw -userPassword: secondpw -EOMODS -RC=$? -if test $RC = 0 ; then - echo "Multiple password modify add test failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ - $TESTOUT 2>&1 << EOMODS -dn: $USER -changetype: modify -replace: userPassword -userPassword: firstpw -userPassword: secondpw -EOMODS -RC=$? -if test $RC = 0 ; then - echo "Multiple password modify replace test failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno" ; then -echo "" -echo "Setting up policy state forwarding test..." - -mkdir $DBDIR2 -sed -e "s,$DBDIR1,$DBDIR2," < $CONF1 > $CONF2 -echo "Starting slapd consumer on TCP/IP port $PORT2..." -$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & -PID=$! -if test $WAIT != 0 ; then - echo PID $PID - read foo -fi -KILLPIDS="$KILLPIDS $PID" - -echo "Configuring syncprov on provider..." -if [ "$SYNCPROV" = syncprovmod ]; then - $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 -dn: cn=module,cn=config -objectclass: olcModuleList -cn: module -olcModulePath: $TESTWD/../servers/slapd/overlays -olcModuleLoad: syncprov.la - -EOF - RC=$? - if test $RC != 0 ; then - echo "ldapadd failed for moduleLoad ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi -fi - -$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 -dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config -objectClass: olcOverlayConfig -objectClass: olcSyncProvConfig -olcOverlay: {1}syncprov - -EOF -RC=$? -if test $RC != 0 ; then - echo "ldapadd failed for provider database config ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Using ldapsearch to check that slapd is running..." -for i in 0 1 2 3 4 5; do - $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ - 'objectclass=*' > /dev/null 2>&1 - RC=$? - if test $RC = 0 ; then - break - fi - echo "Waiting 5 seconds for slapd to start..." - sleep 5 -done -if test $RC != 0 ; then - echo "ldapsearch failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Configuring syncrepl on consumer..." -if [ "$BACKLDAP" = ldapmod ]; then - $LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <> $TESTOUT 2>&1 -dn: cn=module,cn=config -objectclass: olcModuleList -cn: module -olcModulePath: $TESTWD/../servers/slapd/back-ldap -olcModuleLoad: back_ldap.la - -EOF - RC=$? - if test $RC != 0 ; then - echo "ldapadd failed for moduleLoad ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi -fi -$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <> $TESTOUT 2>&1 -dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config -changetype: add -objectClass: olcOverlayConfig -objectClass: olcChainConfig -olcOverlay: {0}chain - -dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config -changetype: add -objectClass: olcLDAPConfig -objectClass: olcChainDatabase -olcDBURI: $URI1 -olcDbIDAssertBind: bindmethod=simple - binddn="cn=manager,dc=example,dc=com" - credentials=secret - mode=self - -dn: olcDatabase={1}$BACKEND,cn=config -changetype: modify -add: olcSyncrepl -olcSyncrepl: rid=1 - provider=$URI1 - binddn="cn=manager,dc=example,dc=com" - bindmethod=simple - credentials=secret - searchbase="dc=example,dc=com" - type=refreshAndPersist - retry="3 5 300 5" -- -add: olcUpdateref -olcUpdateref: $URI1 -- - -dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config -changetype: modify -replace: olcPPolicyForwardUpdates -olcPPolicyForwardUpdates: TRUE -- - -EOF -RC=$? -if test $RC != 0 ; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Waiting for consumer to sync..." -sleep $SLEEP1 - -echo "Testing policy state forwarding..." -$LDAPSEARCH -H $URI2 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1 -RC=$? -if test $RC != 49 ; then - echo "ldapsearch should have failed with 49, got ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -$LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$USER" \* \+ >> $SEARCHOUT 2>&1 -COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l` -if test $COUNT != 1 ; then - echo "Policy state forwarding failed" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -# End of chaining test - -fi - -echo "" -echo "Testing obsolete Netscape ppolicy controls..." -echo "Enabling Netscape controls..." -$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \ - $TESTOUT 2>&1 << EOMODS -dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config -changetype: modify -replace: olcPPolicySendNetscapeControls -olcPPolicySendNetscapeControls: TRUE -- - -EOMODS -RC=$? -if test $RC != 0 ; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Reconfiguring policy to remove grace logins..." -$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ - $TESTOUT 2>&1 << EOMODS -dn: cn=Standard Policy, ou=Policies, dc=example, dc=com -changetype: modify -delete: pwdGraceAuthnLimit -- -replace: pwdMaxAge -pwdMaxAge: 15 -- - -EOMODS -RC=$? -if test $RC != 0 ; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -OLDPASS=$PASS -PASS=newpass -$LDAPPASSWD -H $URI1 \ - -w secret -s $PASS \ - -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1 -RC=$? -if test $RC != 0 ; then - echo "Setting new password failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC -fi - -echo "Clearing forced reset..." -$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ - $TESTOUT 2>&1 << EOMODS -dn: $USER -changetype: modify -delete: pwdReset - -EOMODS - -DELAY=10 - -echo "Testing password expiration" -echo "Waiting $DELAY seconds for password to expire..." -sleep $DELAY - -$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base > $SEARCHOUT 2>&1 -sleep 3 -$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -sleep 3 -$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -sleep 3 -$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -sleep 3 -$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ - -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 -RC=$? -if test $RC = 0 ; then - echo "Password expiration failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi -COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l` -if test $COUNT = 0 ; then - echo "Password expiring warning test failed!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit 1 -fi - -test $KILLSERVERS != no && kill -HUP $KILLPIDS - -echo ">>>>> Test succeeded" - -test $KILLSERVERS != no && wait - -exit 0 -- 1.9.1