summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--py-bin/config.py1
-rw-r--r--py-bin/jabberman.py4
2 files changed, 4 insertions, 1 deletions
diff --git a/py-bin/config.py b/py-bin/config.py
index 2dd0fe8..37e5c66 100644
--- a/py-bin/config.py
+++ b/py-bin/config.py
@@ -19,6 +19,7 @@ mail_domains = ["immerda.ch", "cronopios.org", "einfachsicher.ch"]
extra_domains = ["imsg.ch", "unerkenntli.ch", "auchno.ch"] #x adapt to existing ones!
# username and password policy
user_re ='^[a-zA-Z0-9_\-.]+$'
+forbidden_users = ['admin', 'administrator']
password_re = '^[a-z0-9_\-.]+$'
min_password_length = debugmode and 2 or 8
diff --git a/py-bin/jabberman.py b/py-bin/jabberman.py
index 11e3bdf..1c53ff1 100644
--- a/py-bin/jabberman.py
+++ b/py-bin/jabberman.py
@@ -1,6 +1,6 @@
#jabber manager
-import shelve, atexit, sha, hmac, random, os, time, re
+import shelve, atexit, sha, hmac, random, os, time, re, string
import config
from ejabberdctl import EJabberdCtl
@@ -375,6 +375,8 @@ class JabberManager:
return (False, status)
if not re.match(config.user_re, user):
+ return (False, "Benutzername enthaelt unerlaubte Zeichen.")
+ if string.lower(user) in config.forbidden_users:
return (False, "Benutzername %s nicht erlaubt." % user)
if domain not in domains:
return (False, "Domain %s nicht erlaubt." % domain)