Voicemail Password Validation

Since Asterisk 1.6.1 there is a new variable in voicemail.conf to launch an external application when someone wants to change their voicemail password. This app can validate the new password. This is most useful for administrators who want to enforce more strict password requirements. Adding this option is as simple as:

externpasscheck=/mnt/kd/bin/ast-vmpasscheck

It can check for the following requirements:

• Minimum length (i.e. >= 4)
• No consecutive increasing numbers (i.e. 1234, or 8765)
• Can not be all the same digit (i.e. 1111)
• Can not be the same as the extension
• Can not be the old password

Here is a bash script from Lonnie:

ast-vmpasscheck.sh

#!/bin/bash
 
# ast-vmpasscheck
#
# Input Arg1: mbox_number
# Input Arg2: context
# Input Arg3: oldpassword
# Input Arg4: newpassword
#
# When the voicemail.conf file has "externpasscheck=" pointed to this script,
# Asterisk VoiceMailMain password change attempts will be validated.
#
 
REQUIRED_LENGTH=4
 
mbox="$1"
old_pw="$3"
new_pw="$4"
 
reject()
{
  echo "INVALID${1:+: $1}"
 
  exit 0
}
 
string_in_string()
{
  local needle="$1" haystack="$2"
 
  if [ "$haystack" != "${haystack/$needle/}" ]; then
    return 0
  fi
 
  return 1
}
 
if [ ${#new_pw} -lt $REQUIRED_LENGTH ]; then
  reject "Password too short"
fi
 
if [ "$mbox" = "$new_pw" ]; then
  reject "Same as mailbox number detected"
fi
 
if [ "$old_pw" = "$new_pw" ]; then
  reject "Same as old password detected"
fi
 
for i in 0123 1234 2345 3456 4567 5678 6789 9876 8765 7654 6543 5432 4321 3210; do
  if string_in_string "$i" "$new_pw"; then
    reject "Sequence detected"
  fi
done
 
for i in 0000 1111 2222 3333 4444 5555 6666 7777 8888 9999; do
  if string_in_string "$i" "$new_pw"; then
    reject "Multiples detected"
  fi
done
 
echo "VALID"
exit 0