#!/bin/bash

# TODO: eventuell auch zeigen, welche benutzer keine shell haben (/bin/false etc)
# TODO: eventuell auch als info zeigen, welche benutzer aktuell ein passwort haben

#. /etc/login.defs
UID_MIN=1000
UID_MAX=60000

while IFS=':' read -r login pass uid gid uname homedir comment; do
	if [ "$login" != "" ]; then
		if [ $uid -ge $UID_MIN ]; then
			if [ $uid -le $UID_MAX ]; then
				PWD_STATUS=$( passwd -S "$login" | cut -d ' ' -f 2 )
				if [ "$PWD_STATUS" == "P" ]; then
#					echo "Passwort set = $login"
					cat "/etc/shadow" | grep "^$login:\\\$1\\\$" > /dev/null
					if [ $? -eq 0 ]; then
						echo "Password of user $login is weak (MD5)!" > /dev/stderr
					fi
#				elif [ "$PWD_STATUS" == "NO" ]; then
#					echo "Note: User $login has no password set" > /dev/stderr
#				elif [ "$PWD_STATUS" == "L" ]; then
#					echo "Note: User $login is locked" > /dev/stderr
				fi

				if [ "$homedir" != "" ]; then
					if [ "$homedir" != "/nonexistent" ]; then
						if [ ! -d "$homedir" ]; then
							echo "Homedir of user $login does not exist! ($homedir)" > /dev/stderr
						fi
					fi
				fi
			fi
		fi
	fi
done < /etc/passwd