1f092c
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
1f092c
From: Javier Martinez Canillas <javierm@redhat.com>
1f092c
Date: Wed, 21 Nov 2018 15:38:50 +0100
1f092c
Subject: [PATCH] blscfg: expand grub_users before passing to
1f092c
 grub_normal_add_menu_entry()
1f092c
1f092c
The "grub_users" field from the BLS snippet file is used to specifcy the
1f092c
users that are allowed to execute a given menu entry if the "superusers"
1f092c
environment variable is set.
1f092c
1f092c
If the "grub_users" isn't set, the menu entry is unrestricted and it can
1f092c
be executed without any authentication and if is set then only the users
1f092c
defined in "grub_users" can execute the menu entry after authentication.
1f092c
1f092c
But this field can contain an environment variable so has to be expanded
1f092c
or otherwise grub2 will wrongly assume that the user is "$var", and will
1f092c
populate a menu entry that it's resctrited even when "$var" isn't set.
1f092c
1f092c
Resolves: rhbz#1650706
1f092c
1f092c
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
1f092c
---
1f092c
 grub-core/commands/blscfg.c | 2 +-
1f092c
 1 file changed, 1 insertion(+), 1 deletion(-)
1f092c
1f092c
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
1f092c
index 42892cbfd55..c432c6ba27a 100644
1f092c
--- a/grub-core/commands/blscfg.c
1f092c
+++ b/grub-core/commands/blscfg.c
1f092c
@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry)
1f092c
   initrds = bls_make_list (entry, "initrd", NULL);
1f092c
 
1f092c
   hotkey = bls_get_val (entry, "grub_hotkey", NULL);
1f092c
-  users = bls_get_val (entry, "grub_users", NULL);
1f092c
+  users = expand_val (bls_get_val (entry, "grub_users", NULL));
1f092c
   classes = bls_make_list (entry, "grub_class", NULL);
1f092c
   args = bls_make_list (entry, "grub_arg", &argc);
1f092c