From dc478aeae562e7bda0926f2a671cd026ada0197b Mon Sep 17 00:00:00 2001 From: Vladimir 'phcoder' Serbinenko Date: Wed, 2 May 2012 10:26:09 +0200 Subject: [PATCH] * grub-core/commands/legacycfg.c (legacy_file): Default to restricted entries. * grub-core/commands/menuentry.c (grub_cmd_menuentry): Likewise. * docs/grub.texi: Update menuentry description. --- ChangeLog | 7 +++++++ docs/grub.texi | 17 +++++++++++------ grub-core/commands/legacycfg.c | 3 ++- grub-core/commands/menuentry.c | 14 ++++++++++++-- 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index dc8698ba4..1f6ab70c8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2012-05-02 Vladimir Serbinenko + + * grub-core/commands/legacycfg.c (legacy_file): Default to restricted + entries. + * grub-core/commands/menuentry.c (grub_cmd_menuentry): Likewise. + * docs/grub.texi: Update menuentry description. + 2012-05-02 Vladimir Serbinenko * util/grub-setup.c (setup): Remove duplicate call to embed. Fixes diff --git a/docs/grub.texi b/docs/grub.texi index 55ae7e816..b9ad27050 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1437,7 +1437,7 @@ definitions do not affect the exit status in @code{$?}. When executed, the exit status of a function is the exit status of the last command executed in the body. -@item menuentry @var{title} [@option{--class=class} @dots{}] [@option{--users=users}] [@option{--hotkey=key}] @{ @var{command}; @dots{} @} +@item menuentry @var{title} [@option{--class=class} @dots{}] [@option{--users=users}] [@option{--unrestricted}] [@option{--hotkey=key}] @{ @var{command}; @dots{} @} @xref{menuentry}. @end table @@ -2960,7 +2960,7 @@ These commands can only be used in the menu: @deffn Command menuentry @var{title} @ [@option{--class=class} @dots{}] [@option{--users=users}] @ - [@option{--hotkey=key}] @ + [@option{--unrestricted}] [@option{--hotkey=key}] @ @{ @var{command}; @dots{} @} This defines a GRUB menu entry named @var{title}. When this entry is selected from the menu, GRUB will set the @var{chosen} environment variable @@ -2975,6 +2975,9 @@ different styles. The @option{--users} option grants specific users access to specific menu entries. @xref{Security}. +The @option{--unrestricted} option grants all users access to specific menu +entries. @xref{Security}. + The @option{--hotkey} option associates a hotkey with a menu entry. @var{key} may be a single letter, or one of the aliases @samp{backspace}, @samp{tab}, or @samp{delete}. @@ -2986,7 +2989,7 @@ The @option{--hotkey} option associates a hotkey with a menu entry. @deffn Command submenu @var{title} @ [@option{--class=class} @dots{}] [@option{--users=users}] @ - [@option{--hotkey=key}] @ + [@option{--unrestricted}] [@option{--hotkey=key}] @ @{ @var{menu entries} @dots{} @} This defines a submenu. An entry called @var{title} will be added to the menu; when that entry is selected, a new menu will be displayed showing all @@ -4061,8 +4064,10 @@ restricted to superusers. Other users may be given access to specific menu entries by giving a list of usernames (as above) using the @option{--users} option to the -@samp{menuentry} command (@pxref{menuentry}). If the @option{--users} -option is not used for a menu entry, then that entry is unrestricted. +@samp{menuentry} command (@pxref{menuentry}). If the @option{--unrestricted} +option is used for a menu entry, then that entry is unrestricted. +If the @option{--users} option is not used for a menu entry, then that +only superusers are able to use it. Putting this together, a typical @file{grub.cfg} fragment might look like this: @@ -4073,7 +4078,7 @@ set superusers="root" password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring password user1 insecure -menuentry "May be run by any user" @{ +menuentry "May be run by any user" --unrestricted @{ set root=(hd0,1) linux /vmlinuz @} diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c index 3becaa6db..5293accab 100644 --- a/grub-core/commands/legacycfg.c +++ b/grub-core/commands/legacycfg.c @@ -123,7 +123,8 @@ legacy_file (const char *filename) return grub_errno; } args[0] = oldname; - grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, NULL, NULL, + grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy", + NULL, NULL, entrysrc, 0); grub_free (args); entrysrc[0] = 0; diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c index 403c751ea..a1a7e52ee 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c @@ -37,6 +37,8 @@ static const struct grub_arg_option options[] = {"source", 4, 0, N_("Use STRING as menu entry body."), N_("STRING"), ARG_TYPE_STRING}, {"id", 0, 0, N_("Menu entry identifier."), N_("STRING"), ARG_TYPE_STRING}, + {"unrestricted", 0, 0, N_("This entry can be booted by any user."), + 0, ARG_TYPE_NONE}, {0, 0, 0, 0, 0, 0} }; @@ -254,6 +256,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) char *prefix; unsigned len; grub_err_t r; + const char *users; if (! argc) return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments"); @@ -264,12 +267,19 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) if (! ctxt->state[3].set && ! ctxt->script) return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition"); + if (ctxt->state[1].set) + users = ctxt->state[1].arg; + else if (ctxt->state[5].set) + users = NULL; + else + users = ""; + if (! ctxt->script) return grub_normal_add_menu_entry (argc, (const char **) args, (ctxt->state[0].set ? ctxt->state[0].args : NULL), ctxt->state[4].arg, - ctxt->state[1].arg, + users, ctxt->state[2].arg, 0, ctxt->state[3].arg, ctxt->extcmd->cmd->name[0] == 's'); @@ -287,7 +297,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) r = grub_normal_add_menu_entry (argc - 1, (const char **) args, ctxt->state[0].args, ctxt->state[4].arg, - ctxt->state[1].arg, + users, ctxt->state[2].arg, prefix, src + 1, ctxt->extcmd->cmd->name[0] == 's');