* grub-core/commands/legacycfg.c (legacy_file): Default to restricted

entries. * grub-core/commands/menuentry.c (grub_cmd_menuentry): Likewise. * docs/grub.texi: Update menuentry description.
2012-05-02 10:26:09 +02:00 · 2012-05-02 10:26:09 +02:00 · dc478aeae5
commit dc478aeae5
parent 8db10f47fe
4 changed files with 32 additions and 9 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2012-05-02  Vladimir Serbinenko  <phcoder@gmail.com>
+
+	* grub-core/commands/legacycfg.c (legacy_file): Default to restricted
+	entries.
+	* grub-core/commands/menuentry.c (grub_cmd_menuentry): Likewise.
+	* docs/grub.texi: Update menuentry description.
+
 2012-05-02  Vladimir Serbinenko  <phcoder@gmail.com>

 	* util/grub-setup.c (setup): Remove duplicate call to embed. Fixes
--- a/docs/grub.texi
+++ b/docs/grub.texi
@ -1437,7 +1437,7 @@ definitions do not affect the exit status in @code{$?}.  When executed, the
 exit status of a function is the exit status of the last command executed in
 the body.

-@item menuentry @var{title} [@option{--class=class} @dots{}] [@option{--users=users}] [@option{--hotkey=key}] @{ @var{command}; @dots{} @}
+@item menuentry @var{title} [@option{--class=class} @dots{}] [@option{--users=users}] [@option{--unrestricted}] [@option{--hotkey=key}] @{ @var{command}; @dots{} @}
@xref{menuentry}.
@end table

@ -2960,7 +2960,7 @@ These commands can only be used in the menu:

@deffn Command menuentry @var{title} @
 [@option{--class=class} @dots{}] [@option{--users=users}] @
- [@option{--hotkey=key}] @
+ [@option{--unrestricted}] [@option{--hotkey=key}] @
 @{ @var{command}; @dots{} @}
 This defines a GRUB menu entry named @var{title}.  When this entry is
 selected from the menu, GRUB will set the @var{chosen} environment variable
@ -2975,6 +2975,9 @@ different styles.
 The @option{--users} option grants specific users access to specific menu
 entries.  @xref{Security}.

+The @option{--unrestricted} option grants all users access to specific menu
+entries.  @xref{Security}.
+
 The @option{--hotkey} option associates a hotkey with a menu entry.
@var{key} may be a single letter, or one of the aliases @samp{backspace},
@samp{tab}, or @samp{delete}.
@ -2986,7 +2989,7 @@ The @option{--hotkey} option associates a hotkey with a menu entry.

@deffn Command submenu @var{title} @
 [@option{--class=class} @dots{}] [@option{--users=users}] @
- [@option{--hotkey=key}] @
+ [@option{--unrestricted}] [@option{--hotkey=key}] @
 @{ @var{menu entries} @dots{} @}
 This defines a submenu.  An entry called @var{title} will be added to the
 menu; when that entry is selected, a new menu will be displayed showing all
@ -4061,8 +4064,10 @@ restricted to superusers.

 Other users may be given access to specific menu entries by giving a list of
 usernames (as above) using the @option{--users} option to the
-@samp{menuentry} command (@pxref{menuentry}).  If the @option{--users}
-option is not used for a menu entry, then that entry is unrestricted.
+@samp{menuentry} command (@pxref{menuentry}).  If the @option{--unrestricted}
+option is used for a menu entry, then that entry is unrestricted.
+If the @option{--users} option is not used for a menu entry, then that
+only superusers are able to use it.

 Putting this together, a typical @file{grub.cfg} fragment might look like
 this:
@ -4073,7 +4078,7 @@ set superusers="root"
 password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring
 password user1 insecure

-menuentry "May be run by any user" @{
+menuentry "May be run by any user" --unrestricted @{
 	set root=(hd0,1)
 	linux /vmlinuz
@}
--- a/grub-core/commands/legacycfg.c
+++ b/grub-core/commands/legacycfg.c
@ -123,7 +123,8 @@ legacy_file (const char *filename)
 		return grub_errno;
 	      }
 	    args[0] = oldname;
-	    grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, NULL, NULL,
+	    grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy",
+					NULL, NULL,
 					entrysrc, 0);
 	    grub_free (args);
 	    entrysrc[0] = 0;
--- a/grub-core/commands/menuentry.c
+++ b/grub-core/commands/menuentry.c
@ -37,6 +37,8 @@ static const struct grub_arg_option options[] =
    {"source", 4, 0,
     N_("Use STRING as menu entry body."), N_("STRING"), ARG_TYPE_STRING},
    {"id", 0, 0, N_("Menu entry identifier."), N_("STRING"), ARG_TYPE_STRING},
+    {"unrestricted", 0, 0, N_("This entry can be booted by any user."),
+     0, ARG_TYPE_NONE},
    {0, 0, 0, 0, 0, 0}
  };

@ -254,6 +256,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
  char *prefix;
  unsigned len;
  grub_err_t r;
+  const char *users;

  if (! argc)
    return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments");
@ -264,12 +267,19 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
  if (! ctxt->state[3].set && ! ctxt->script)
    return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition");

+  if (ctxt->state[1].set)
+    users = ctxt->state[1].arg;
+  else if (ctxt->state[5].set)
+    users = NULL;
+  else
+    users = "";
+
  if (! ctxt->script)
    return grub_normal_add_menu_entry (argc, (const char **) args,
 				       (ctxt->state[0].set ? ctxt->state[0].args
 					: NULL),
 				       ctxt->state[4].arg,
-				       ctxt->state[1].arg,
+				       users,
 				       ctxt->state[2].arg, 0,
 				       ctxt->state[3].arg,
 				       ctxt->extcmd->cmd->name[0] == 's');
@ -287,7 +297,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)

  r = grub_normal_add_menu_entry (argc - 1, (const char **) args,
 				  ctxt->state[0].args, ctxt->state[4].arg,
-				  ctxt->state[1].arg,
+				  users,
 				  ctxt->state[2].arg, prefix, src + 1,
 				  ctxt->extcmd->cmd->name[0] == 's');