From adef829d62b5a767fb8cbfdc99f03dcd8613c4af Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Fri, 15 May 2015 13:38:09 -0600
Subject: [PATCH] Improve no-root-password with more knowledge from the
 manpages

---
 test/tests/no-root-password/run.sh | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/test/tests/no-root-password/run.sh b/test/tests/no-root-password/run.sh
index 76ccde1d825e2..4952a204bfa53 100755
--- a/test/tests/no-root-password/run.sh
+++ b/test/tests/no-root-password/run.sh
@@ -2,7 +2,21 @@
 set -e
 
 pass="$(docker run --rm --entrypoint awk "$1" -F ':' '$1 == "root" { print $2 }' /etc/passwd)"
+
 if [ "$pass" = 'x' ]; then
+	# 'x' means password is in /etc/shadow instead
 	pass="$(docker run --rm --entrypoint awk --user root "$1" -F ':' '$1 == "root" { print $2 }' /etc/shadow)"
 fi
-[ -z "$pass" -o "$pass" = '*' ]
+
+if [ -z "$pass" -o "$pass" = '*' -o "${pass:0:1}" = '!' ]; then
+	# '*' and '' mean no password, '!anything' means locked password
+	exit 0
+fi
+
+if [ "${pass:0:1}" = '$' ]; then
+	# gotta be crypt ($id$salt$encrypted), must be a fail
+	echo >&2 "error: crypt password detected for root: '$pass'"
+	exit 1
+fi
+
+exit 0