[svn-commits] russell: trunk r275863 - in /trunk: configs/ contrib/scripts/

SVN commits to the Digium repositories svn-commits at lists.digium.com
Tue Jul 13 06:41:58 CDT 2010 

Author: russell
Date: Tue Jul 13 06:41:54 2010
New Revision: 275863

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=275863
Log:
Add example script for use with the externpasscheck voicemail.conf option.

(closes issue #17628)
Reported by: lmadsen
Tested by: russell, lmadsen

Review: https://reviewboard.asterisk.org/r/774/

Added:
    trunk/contrib/scripts/voicemailpwcheck.py   (with props)
Modified:
    trunk/configs/voicemail.conf.sample

Modified: trunk/configs/voicemail.conf.sample
URL: http://svnview.digium.com/svn/asterisk/trunk/configs/voicemail.conf.sample?view=diff&rev=275863&r1=275862&r2=275863
==============================================================================
--- trunk/configs/voicemail.conf.sample (original)
+++ trunk/configs/voicemail.conf.sample Tue Jul 13 06:41:54 2010
@@ -84,11 +84,25 @@
 ;externpass=/usr/bin/myapp
 ;externpassnotify=/usr/bin/myapp
 
-; If you need to have an external program, i.e. /usr/bin/myapp
-; called when a user changes her voicemail password, uncomment this:
-;externpasscheck=/usr/bin/myapp
-; Arguments for this script are:
-; mailbox context oldpass newpass
+; If you would like to have an external program called when a user changes the
+; voicemail password for the purpose of doing validation on the new password,
+; then use this option.  The script can decide whether or not the new password
+; meets minimum password strength requirements before the Voicemail application
+; accepts the password.  If the script decides that the password is not acceptable,
+; the user will be informed that the new password does not meet minimum password
+; requirements, and they will be asked to enter another password.
+;
+; The arguments passed to this script are <mailbox> <context> <old pw> <new pw>.
+;
+; The script should print "VALID" to stdout to indicate that the new password
+; is acceptable.  If the password is considered too weak, the script should print
+; "INVALID" to stdout.
+;
+; There is an example script in the contrib/scripts/ directory, voicemailpwcheck.py,
+; which implements some basic password checking, and can be used as a starting point
+; for use with this option.
+;
+;externpasscheck=/usr/local/bin/voicemailpwcheck.py
 
 ; For the directory, you can override the intro file if you want
 ;directoryintro=dir-intro

Added: trunk/contrib/scripts/voicemailpwcheck.py
URL: http://svnview.digium.com/svn/asterisk/trunk/contrib/scripts/voicemailpwcheck.py?view=auto&rev=275863
==============================================================================
--- trunk/contrib/scripts/voicemailpwcheck.py (added)
+++ trunk/contrib/scripts/voicemailpwcheck.py Tue Jul 13 06:41:54 2010
@@ -1,0 +1,65 @@
+#!/usr/bin/env python
+''' Sample externpasscheck script for use with voicemail.conf
+
+Copyright (C) 2010, Digium, Inc.
+Russell Bryant <russell at digium.com>
+
+The externpasscheck option in voicemail.conf allows an external script to
+validate passwords when a user is changing it.  The script can enforce password
+strength rules.  This script is an example of doing so and implements a check
+on password length, a password with too many identical consecutive numbers, or
+a password made up of sequential digits.
+'''
+
+import sys
+import re
+
+
+# Set this to the required minimum length for a password
+REQUIRED_LENGTH = 6
+
+
+# Regular expressions that match against invalid passwords
+REGEX_BLACKLIST = [
+    ("(?P<digit>\d)(?P=digit){%d}" % (REQUIRED_LENGTH - 1),
+        "%d consective numbers that are the same" % REQUIRED_LENGTH)
+]
+
+
+# Exact passwords that are forbidden.  If the string of digits specified here
+# is found in any part of the password specified, it is considered invalid.
+PW_BLACKLIST = [
+    "123456",
+    "234567",
+    "345678",
+    "456789",
+    "567890",
+    "098765",
+    "987654",
+    "876543",
+    "765432",
+    "654321"
+]
+
+
+mailbox, context, old_pw, new_pw = sys.argv[1:5]
+
+# Enforce a password length of at least 6 characters
+if len(new_pw) < REQUIRED_LENGTH:
+    print "INVALID: Password is too short (%d) - must be at least %d" % \
+            (len(new_pw), REQUIRED_LENGTH)
+    sys.exit(0)
+
+for regex, error in REGEX_BLACKLIST:
+    if re.search(regex, new_pw):
+        print "INVALID: %s" % error
+        sys.exit(0)
+
+for pw in PW_BLACKLIST:
+    if new_pw.find(pw) != -1:
+        print "INVALID: %s is forbidden in a password" % pw
+        sys.exit(0)
+
+print "VALID"
+
+sys.exit(0)

Propchange: trunk/contrib/scripts/voicemailpwcheck.py
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: trunk/contrib/scripts/voicemailpwcheck.py
------------------------------------------------------------------------------
    svn:executable = *

Propchange: trunk/contrib/scripts/voicemailpwcheck.py
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: trunk/contrib/scripts/voicemailpwcheck.py
------------------------------------------------------------------------------
    svn:mime-type = text/plain

More information about the svn-commits mailing list