From 828420d4a746601cad03d303d264b046080fccb3 Mon Sep 17 00:00:00 2001
From: Peter Hormanns <peter.hormanns@jalin.de>
Date: Thu, 20 Jan 2022 18:46:40 +0100
Subject: [PATCH] minor fixes

---
 hsarback/src/de/hsadmin/mods/user/UnixUserModuleImpl.java | 3 +++
 hsarback/src/de/hsadmin/pillar/JsonPillarServlet.java     | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hsarback/src/de/hsadmin/mods/user/UnixUserModuleImpl.java b/hsarback/src/de/hsadmin/mods/user/UnixUserModuleImpl.java
index 68adb48..e8cf334 100644
--- a/hsarback/src/de/hsadmin/mods/user/UnixUserModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/user/UnixUserModuleImpl.java
@@ -92,6 +92,9 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
 		if (userName.length() < 7 || userName.charAt(5) != '-' || userName.lastIndexOf('-') > 5) {
 			throw new AuthorisationException(loginUser, "add", newUnixUser, "userId");
 		}
+		if (userName.length() > 32) {
+			throw new HSAdminException("username exceeds the allowed length");
+		}
 		String passWord = newUnixUser.getPassword();
 		if (passWord == null || passWord.length() == 0) {
 			throw new HSAdminException("password is required");
diff --git a/hsarback/src/de/hsadmin/pillar/JsonPillarServlet.java b/hsarback/src/de/hsadmin/pillar/JsonPillarServlet.java
index 7d52a7b..56c98ee 100644
--- a/hsarback/src/de/hsadmin/pillar/JsonPillarServlet.java
+++ b/hsarback/src/de/hsadmin/pillar/JsonPillarServlet.java
@@ -132,7 +132,7 @@ public class JsonPillarServlet extends HttpServlet {
 				writer.println("          \"user\": \"" + fullUsername + "\"");
 				writer.println("          , \"dirname\": \"" + usernamePostfix + "\"");
 				writer.println("          , \"uid\": " + user.getUserId());
-				writer.println("          , \"comment\": \"" + user.getComment() + "\"");
+				writer.println("          , \"comment\": \"" + quoteJSON(user.getComment()) + "\"");
 				writer.println("          , \"shell\": \"" + user.getShell() + "\"");
 				writer.println("          , \"homedir\": \"" + user.getHomedir() + "\"");
 				writer.println("          , \"quota_soft\": " + user.getQuotaSoftlimit());
@@ -222,4 +222,9 @@ public class JsonPillarServlet extends HttpServlet {
 		transaction.close();
 	}
 	
+	private String quoteJSON(final String unquoted) {
+		final String quoted = unquoted.replaceAll("\\\"", "\\\\\"");
+		return quoted;
+	}
+	
 }