Bug#984835: /usr/sbin/pam-auth-update: allow comments in pam-config files

Mon, 08 Mar 2021 13:42:16 -0800 

Package: libpam-runtime
Version: 1.3.1-5
Severity: wishlist
File: /usr/sbin/pam-auth-update
Tags: patch

Dear Maintainer,

we are shipping some custom pam-configs with our automation, for clarity
we want to include comments in these files. Currently this is not
supported and leeds to perl warning messages because of failed file
parsing. This is just an anoyance, the script is working correctly, even
with comments in files. I just want to get rid of the warning messages.

Output from pam-auth-update with comments im pam-config:
# pam-auth-update --package
Use of uninitialized value $fieldname in hash element at 
/usr/sbin/pam-auth-update line 704, <PROFILE> line 1.
Use of uninitialized value $fieldname in hash element at 
/usr/sbin/pam-auth-update line 705, <PROFILE> line 1.

I attached a patch, that enables comments with a "#" mark. If also
honors indented comments, so one could add descriptive comments in the
PAM configuration, without these comments being transfered to the
resulting PAM configuration.

The comment sign and support for indented comments is for you to decide.

-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.14-arch1-1 (SMP w/2 CPU cores; PREEMPT)
Kernel taint flags: TAINT_SOFTLOCKUP
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages libpam-runtime depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libpam-modules         1.3.1-5

libpam-runtime recommends no packages.

libpam-runtime suggests no packages.

-- debconf information:
  libpam-runtime/title:
* libpam-runtime/no_profiles_chosen:
  libpam-runtime/profiles: unix
  libpam-runtime/conflicts:
  libpam-runtime/override: false

--- /usr/sbin/pam-auth-update-orig      2021-03-08 21:02:52.039724305 +0000
+++ /usr/sbin/pam-auth-update   2021-03-08 20:58:22.831866075 +0000
@@ -685,6 +685,7 @@
        my %profile;
        open(PROFILE, $profile) || die "could not read profile $profile: $!";
        while (<PROFILE>) {
+               next if (/^\s*#/);
                if (/^(\S+):\s+(.*)\s*$/) {
                        $fieldname = $1;
                        # compatibility with the first implementation round;

Reply via email to