Summary:ASTERISK-11530: [patch] [sound] Ability to enforce voicemail minimum password lengths
Reporter:James Rothenberger (jaroth)Labels:
Date Opened:2008-02-27 13:08:23.000-0600Date Closed:2008-05-09 12:23:44
Versions:Frequency of
Environment:Attachments:( 0) 20080509__bug12090.diff.txt
( 1) password_v2.patch
( 2) password_v3.patch
( 3) password.patch
( 4) patch_12090_english_and_spanish.gsm
( 5) patch_12090_french.gsm
( 6) patch_12090_french.gsm
( 7) patch_12090_french_48KHz.wav
( 8) vm-check-newpassword.diff.txt
Description:This patch adds a configuration keyword "minpassword" to the voicemail.conf file.  The default is 3 characters, DEFINE'd in the beginning of app_voicemail.c.

When a user sets or changes their password via the phone, this minimum will be checked.  If it does not meet minimum requirements, the recording "vm-invalid-password" will be played.  That recording will need to be created, as I just used a dummy one for testing.
Comments:By: James Rothenberger (jaroth) 2008-02-27 13:12:57.000-0600

The new method that enforces password length (check_password) could be extended to include other password checking features as well.

By: Tilghman Lesher (tilghman) 2008-02-27 14:11:10.000-0600

The default enforced minimum length should be 0, not 3, so that the current default behavior does not change.

By: James Rothenberger (jaroth) 2008-02-27 14:19:54.000-0600

Changed patch as specified.

By: Jason Parker (jparker) 2008-02-27 14:57:58.000-0600

Just an fyi, the s variable in that function is gone in trunk as of about an hour ago.  You'll want to change it to val.

By: James Rothenberger (jaroth) 2008-02-27 15:26:06.000-0600

I'm not sure I know which variable you are referring to.

By: Joel Vandal (jvandal) 2008-02-27 19:24:42.000-0600

Please look ticket 12095, this is a different approach to your solution.

By: James Rothenberger (jaroth) 2008-02-29 14:03:09.000-0600

There is probably value in both approaches.  This one (12090) does a simple string compare, so it has very little compute overhead compared to a fork/exec of another script that must then do the evaluation.  The script's benefit is that it puts validation into the hands of the administrator, not the developer.

By: Michiel van Baak (mvanbaak) 2008-04-27 11:15:29

uploaded new patch because v2 did not apply cleanly anymore

By: Michiel van Baak (mvanbaak) 2008-04-27 11:51:32

How about this?
This combines the work of both of you.
The check for minimum password length is still done in app_voicemail.c itself. If the external check command is set, that will be done on top of the length check.

This way the most basic stuff (check minimum length) can be done by users that dont want/cant write a script to do the checking while it leaves room for users that want to script intelligent password policies.

By: James Rothenberger (jaroth) 2008-04-29 08:31:42

This patch looks fine to me.

By: Joel Vandal (jvandal) 2008-04-29 09:36:21

thanks mvanbaak, all look fine.

By: Michiel van Baak (mvanbaak) 2008-04-29 12:56:08

Thank you both.

I think the sound recording that is needed here can also be used as 'login incorrect' replacement if you are trying to login to a vm box and provide the wrong password.

By: Criss Keating (crissk) 2008-04-29 13:24:25

mvanbaak - does that mean an existing sound recording can be re-used for this patch?

By: Tilghman Lesher (tilghman) 2008-04-29 14:19:29

The recording I'm having done is very specific to this use.  Personally, I find that using the same recording for two things leads to confusion.

By: Michiel van Baak (mvanbaak) 2008-04-29 15:18:51

Corydon, on second thought I think you are correct.
crissk, none of the sounds in the released soundsets is suitable for this patch I think.

By: Criss Keating (crissk) 2008-04-30 10:53:19

English, Spanish and French recordings have been added from Allison and June.

By: Tilghman Lesher (tilghman) 2008-04-30 11:56:43

These sounds are not appropriate for inclusion.  I need the original 48000Hz recordings.

By: Criss Keating (crissk) 2008-04-30 12:36:09

french is uploaded in 48KHz.  This website will not let me upload the other.  I'll email it to Russell.

By: Michiel van Baak (mvanbaak) 2008-05-04 16:54:45

Russell, did you get the soundfiles and are they usable ?

crissk, thank you for the sounds.

By: Tilghman Lesher (tilghman) 2008-05-09 12:11:47

Patch updated to meet coding guidelines.

By: Digium Subversion (svnbot) 2008-05-09 12:22:18

Repository: asterisk
Revision: 115582

U   trunk/CHANGES
U   trunk/apps/app_voicemail.c
U   trunk/configs/voicemail.conf.sample

r115582 | tilghman | 2008-05-09 12:22:14 -0500 (Fri, 09 May 2008) | 7 lines

Allow a password change to be validated by an external script.
(closes issue ASTERISK-11530)
Reported by: jaroth
      vm-check-newpassword.diff.txt uploaded by mvanbaak (license 7)
      20080509__bug12090.diff.txt uploaded by Corydon76 (license 14)



By: Digium Subversion (svnbot) 2008-05-09 12:23:44

Repository: asterisk
Revision: 115583

_U  branches/1.6.0/

r115583 | tilghman | 2008-05-09 12:23:43 -0500 (Fri, 09 May 2008) | 14 lines

Blocked revisions 115582 via svnmerge

r115582 | tilghman | 2008-05-09 12:28:06 -0500 (Fri, 09 May 2008) | 7 lines

Allow a password change to be validated by an external script.
(closes issue ASTERISK-11530)
Reported by: jaroth
      vm-check-newpassword.diff.txt uploaded by mvanbaak (license 7)
      20080509__bug12090.diff.txt uploaded by Corydon76 (license 14)