voicemailpwcheck.py 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. #!/usr/bin/env python
  2. ''' Sample externpasscheck script for use with voicemail.conf
  3. Copyright (C) 2010, Digium, Inc.
  4. Russell Bryant <russell@digium.com>
  5. The externpasscheck option in voicemail.conf allows an external script to
  6. validate passwords when a user is changing it. The script can enforce password
  7. strength rules. This script is an example of doing so and implements a check
  8. on password length, a password with too many identical consecutive numbers, or
  9. a password made up of sequential digits.
  10. '''
  11. import sys
  12. import re
  13. # Set this to the required minimum length for a password
  14. REQUIRED_LENGTH = 6
  15. # Regular expressions that match against invalid passwords
  16. REGEX_BLACKLIST = [
  17. ("(?P<digit>\d)(?P=digit){%d}" % (REQUIRED_LENGTH - 1),
  18. "%d consective numbers that are the same" % REQUIRED_LENGTH)
  19. ]
  20. # Exact passwords that are forbidden. If the string of digits specified here
  21. # is found in any part of the password specified, it is considered invalid.
  22. PW_BLACKLIST = [
  23. "123456",
  24. "234567",
  25. "345678",
  26. "456789",
  27. "567890",
  28. "098765",
  29. "987654",
  30. "876543",
  31. "765432",
  32. "654321"
  33. ]
  34. mailbox, context, old_pw, new_pw = sys.argv[1:5]
  35. # Enforce a password length of at least 6 characters
  36. if len(new_pw) < REQUIRED_LENGTH:
  37. print("INVALID: Password is too short (%d) - must be at least %d" % \
  38. (len(new_pw), REQUIRED_LENGTH))
  39. sys.exit(0)
  40. for regex, error in REGEX_BLACKLIST:
  41. if re.search(regex, new_pw):
  42. print("INVALID: %s" % error)
  43. sys.exit(0)
  44. for pw in PW_BLACKLIST:
  45. if new_pw.find(pw) != -1:
  46. print("INVALID: %s is forbidden in a password" % pw)
  47. sys.exit(0)
  48. print("VALID")
  49. sys.exit(0)