diff options
| author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-07-13 11:41:54 +0000 |
|---|---|---|
| committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-07-13 11:41:54 +0000 |
| commit | 7713c8216abbbe8cc6d6aa39855bb21f23c7fcd4 (patch) | |
| tree | 9aa694ccd2a1be415c699c6b7fa4266ac63219f9 /contrib | |
| parent | b730dd07d2f9b4f52a9892dec7ff87c69f161f64 (diff) | |
Add example script for use with the externpasscheck voicemail.conf option.
(closes issue #17628)
Reported by: lmadsen
Tested by: russell, lmadsen
Review: https://reviewboard.asterisk.org/r/774/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@275863 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/scripts/voicemailpwcheck.py | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/contrib/scripts/voicemailpwcheck.py b/contrib/scripts/voicemailpwcheck.py new file mode 100755 index 000000000..d7a66d4b9 --- /dev/null +++ b/contrib/scripts/voicemailpwcheck.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python +''' Sample externpasscheck script for use with voicemail.conf + +Copyright (C) 2010, Digium, Inc. +Russell Bryant <russell@digium.com> + +The externpasscheck option in voicemail.conf allows an external script to +validate passwords when a user is changing it. The script can enforce password +strength rules. This script is an example of doing so and implements a check +on password length, a password with too many identical consecutive numbers, or +a password made up of sequential digits. +''' + +import sys +import re + + +# Set this to the required minimum length for a password +REQUIRED_LENGTH = 6 + + +# Regular expressions that match against invalid passwords +REGEX_BLACKLIST = [ + ("(?P<digit>\d)(?P=digit){%d}" % (REQUIRED_LENGTH - 1), + "%d consective numbers that are the same" % REQUIRED_LENGTH) +] + + +# Exact passwords that are forbidden. If the string of digits specified here +# is found in any part of the password specified, it is considered invalid. +PW_BLACKLIST = [ + "123456", + "234567", + "345678", + "456789", + "567890", + "098765", + "987654", + "876543", + "765432", + "654321" +] + + +mailbox, context, old_pw, new_pw = sys.argv[1:5] + +# Enforce a password length of at least 6 characters +if len(new_pw) < REQUIRED_LENGTH: + print "INVALID: Password is too short (%d) - must be at least %d" % \ + (len(new_pw), REQUIRED_LENGTH) + sys.exit(0) + +for regex, error in REGEX_BLACKLIST: + if re.search(regex, new_pw): + print "INVALID: %s" % error + sys.exit(0) + +for pw in PW_BLACKLIST: + if new_pw.find(pw) != -1: + print "INVALID: %s is forbidden in a password" % pw + sys.exit(0) + +print "VALID" + +sys.exit(0) |