mirror of
https://github.com/asterisk/asterisk.git
synced 2025-10-24 05:38:11 +00:00
(closes issue #17628) Reported by: lmadsen Tested by: russell, lmadsen Review: https://reviewboard.asterisk.org/r/774/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@275863 65c4cc65-6c06-0410-ace0-fbb531ad65f3
66 lines
1.7 KiB
Python
Executable File
66 lines
1.7 KiB
Python
Executable File
#!/usr/bin/env python
|
|
''' Sample externpasscheck script for use with voicemail.conf
|
|
|
|
Copyright (C) 2010, Digium, Inc.
|
|
Russell Bryant <russell@digium.com>
|
|
|
|
The externpasscheck option in voicemail.conf allows an external script to
|
|
validate passwords when a user is changing it. The script can enforce password
|
|
strength rules. This script is an example of doing so and implements a check
|
|
on password length, a password with too many identical consecutive numbers, or
|
|
a password made up of sequential digits.
|
|
'''
|
|
|
|
import sys
|
|
import re
|
|
|
|
|
|
# Set this to the required minimum length for a password
|
|
REQUIRED_LENGTH = 6
|
|
|
|
|
|
# Regular expressions that match against invalid passwords
|
|
REGEX_BLACKLIST = [
|
|
("(?P<digit>\d)(?P=digit){%d}" % (REQUIRED_LENGTH - 1),
|
|
"%d consective numbers that are the same" % REQUIRED_LENGTH)
|
|
]
|
|
|
|
|
|
# Exact passwords that are forbidden. If the string of digits specified here
|
|
# is found in any part of the password specified, it is considered invalid.
|
|
PW_BLACKLIST = [
|
|
"123456",
|
|
"234567",
|
|
"345678",
|
|
"456789",
|
|
"567890",
|
|
"098765",
|
|
"987654",
|
|
"876543",
|
|
"765432",
|
|
"654321"
|
|
]
|
|
|
|
|
|
mailbox, context, old_pw, new_pw = sys.argv[1:5]
|
|
|
|
# Enforce a password length of at least 6 characters
|
|
if len(new_pw) < REQUIRED_LENGTH:
|
|
print "INVALID: Password is too short (%d) - must be at least %d" % \
|
|
(len(new_pw), REQUIRED_LENGTH)
|
|
sys.exit(0)
|
|
|
|
for regex, error in REGEX_BLACKLIST:
|
|
if re.search(regex, new_pw):
|
|
print "INVALID: %s" % error
|
|
sys.exit(0)
|
|
|
|
for pw in PW_BLACKLIST:
|
|
if new_pw.find(pw) != -1:
|
|
print "INVALID: %s is forbidden in a password" % pw
|
|
sys.exit(0)
|
|
|
|
print "VALID"
|
|
|
|
sys.exit(0)
|