Cracklib patch for the Roundcube/password plugin. Original version Thanks to Tony Fung https://notes.sagredo.eu/en/qmail-notes-185/roundcube-plugins-35.html#comment1651 ============================================================================================================= diff -ruN roundcube-original/plugins/password/drivers/sql.php roundcube/plugins/password/drivers/sql.php --- roundcube-original/plugins/password/drivers/sql.php 2020-09-27 13:38:37.000000000 +0200 +++ roundcube/plugins/password/drivers/sql.php 2020-10-07 19:24:52.531366744 +0200 @@ -36,6 +36,15 @@ function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); + exec("echo ".$passwd." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var); + + if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches)) { + // Check response: + if(strtoupper($matches[1])!=="OK") { + // Cracklib doesn't like it: + return PASSWORD_CONSTRAINT_VIOLATION; + } + } if (!($sql = $rcmail->config->get('password_query'))) { $sql = 'SELECT update_passwd(%c, %u)'; diff -ruN roundcube-original/plugins/password/drivers/vpopmaild.php roundcube/plugins/password/drivers/vpopmaild.php --- roundcube-original/plugins/password/drivers/vpopmaild.php 2020-09-27 13:38:37.000000000 +0200 +++ roundcube/plugins/password/drivers/vpopmaild.php 2020-10-07 19:25:26.019048496 +0200 @@ -32,6 +32,15 @@ $vpopmaild = new Net_Socket(); $host = $rcmail->config->get('password_vpopmaild_host'); $port = $rcmail->config->get('password_vpopmaild_port'); + exec("echo ".$passwd." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var); + + if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches)) { + // Check response: + if(strtoupper($matches[1])!=="OK") { + // Cracklib doesn't like it: + return PASSWORD_CONSTRAINT_VIOLATION; + } + } $result = $vpopmaild->connect($host, $port, null); if (is_a($result, 'PEAR_Error')) {