Cracklib patch for the Roundcube/password plugin. Thanks to Tony Fung https://notes.sagredo.eu/en/qmail-notes-185/roundcube-plugins-35.html#comment1651 Use like this cd /var/www/roundcube wget https://notes.sagredo.eu/files/qmail/patches/roundcube/cracklib-roundcube_pwd_plugin.patch patch -p1 < cracklib-roundcube_pwd_plugin.patch More info here https://notes.sagredo.eu/en/qmail-notes-185/roundcube-plugins-35.html#password ============================================================================================================= diff -ruN roundcube-original/plugins/password/drivers/sql.php roundcube/plugins/password/drivers/sql.php --- roundcube-original/plugins/password/drivers/sql.php 2021-12-29 23:29:23.000000000 +0100 +++ roundcube/plugins/password/drivers/sql.php 2022-08-08 11:14:29.753978628 +0200 @@ -26,6 +26,21 @@ class rcube_sql_password { /** + * Finds the cracklib-check path + * + * @return string Result + */ + function get_cracklib_path() + { + $paths = array('/sbin/cracklib-check', '/usr/sbin/cracklib-check', '/usr/local/sbin/cracklib-check'); + foreach ($paths as $path) + { + if (file_exists($path)) break; + } + return $path; + } + + /** * Update current user password * * @param string $curpass Current password @@ -36,6 +51,15 @@ function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); + exec("echo ".$passwd." | ".$this->get_cracklib_path()." 2>/dev/null", $output, $return_var); + + if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches)) { + // Check response: + if(strtoupper($matches[1])!=="OK") { + // Cracklib doesn't like it: + return PASSWORD_CONSTRAINT_VIOLATION; + } + } if (!($sql = $rcmail->config->get('password_query'))) { $sql = 'SELECT update_passwd(%c, %u)'; diff -ruN roundcube-original/plugins/password/drivers/vpopmaild.php roundcube/plugins/password/drivers/vpopmaild.php --- roundcube-original/plugins/password/drivers/vpopmaild.php 2021-12-29 23:29:23.000000000 +0100 +++ roundcube/plugins/password/drivers/vpopmaild.php 2022-08-08 11:15:15.512921792 +0200 @@ -26,12 +26,36 @@ class rcube_vpopmaild_password { + /** + * Finds the cracklib-check path + * + * @return string Result + */ + function get_cracklib_path() + { + $paths = array('/sbin/cracklib-check', '/usr/sbin/cracklib-check', '/usr/local/sbin/cracklib-check'); + foreach ($paths as $path) + { + if (file_exists($path)) break; + } + return $path; + } + function save($curpass, $passwd, $username) { $rcmail = rcmail::get_instance(); $vpopmaild = new Net_Socket(); $host = $rcmail->config->get('password_vpopmaild_host'); $port = $rcmail->config->get('password_vpopmaild_port'); + exec("echo ".$passwd." | ".$this->get_cracklib_path()." 2>/dev/null", $output, $return_var); + + if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches)) { + // Check response: + if(strtoupper($matches[1])!=="OK") { + // Cracklib doesn't like it: + return PASSWORD_CONSTRAINT_VIOLATION; + } + } $result = $vpopmaild->connect($host, $port, null); if (is_a($result, 'PEAR_Error')) {