Blame SOURCES/0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch

d9d99f
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
d9d99f
From: Javier Martinez Canillas <javierm@redhat.com>
d9d99f
Date: Wed, 21 Nov 2018 15:38:50 +0100
d9d99f
Subject: [PATCH] blscfg: expand grub_users before passing to
d9d99f
 grub_normal_add_menu_entry()
d9d99f
d9d99f
The "grub_users" field from the BLS snippet file is used to specifcy the
d9d99f
users that are allowed to execute a given menu entry if the "superusers"
d9d99f
environment variable is set.
d9d99f
d9d99f
If the "grub_users" isn't set, the menu entry is unrestricted and it can
d9d99f
be executed without any authentication and if is set then only the users
d9d99f
defined in "grub_users" can execute the menu entry after authentication.
d9d99f
d9d99f
But this field can contain an environment variable so has to be expanded
d9d99f
or otherwise grub2 will wrongly assume that the user is "$var", and will
d9d99f
populate a menu entry that it's resctrited even when "$var" isn't set.
d9d99f
d9d99f
Resolves: rhbz#1650706
d9d99f
d9d99f
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
d9d99f
---
d9d99f
 grub-core/commands/blscfg.c | 2 +-
d9d99f
 1 file changed, 1 insertion(+), 1 deletion(-)
d9d99f
d9d99f
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
d9d99f
index 42892cbfd55..c432c6ba27a 100644
d9d99f
--- a/grub-core/commands/blscfg.c
d9d99f
+++ b/grub-core/commands/blscfg.c
d9d99f
@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry)
d9d99f
   initrds = bls_make_list (entry, "initrd", NULL);
d9d99f
 
d9d99f
   hotkey = bls_get_val (entry, "grub_hotkey", NULL);
d9d99f
-  users = bls_get_val (entry, "grub_users", NULL);
d9d99f
+  users = expand_val (bls_get_val (entry, "grub_users", NULL));
d9d99f
   classes = bls_make_list (entry, "grub_class", NULL);
d9d99f
   args = bls_make_list (entry, "grub_arg", &argc);
d9d99f