1238438Sdteske#!/bin/sh 2238438Sdteske#- 3249746Sdteske# Copyright (c) 2012-2013 Devin Teske 4252980Sdteske# All rights reserved. 5238438Sdteske# 6238438Sdteske# Redistribution and use in source and binary forms, with or without 7238438Sdteske# modification, are permitted provided that the following conditions 8238438Sdteske# are met: 9238438Sdteske# 1. Redistributions of source code must retain the above copyright 10238438Sdteske# notice, this list of conditions and the following disclaimer. 11238438Sdteske# 2. Redistributions in binary form must reproduce the above copyright 12238438Sdteske# notice, this list of conditions and the following disclaimer in the 13238438Sdteske# documentation and/or other materials provided with the distribution. 14238438Sdteske# 15238438Sdteske# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16252987Sdteske# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17238438Sdteske# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18238438Sdteske# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19238438Sdteske# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20252987Sdteske# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21238438Sdteske# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22238438Sdteske# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23238438Sdteske# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24238438Sdteske# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25238438Sdteske# SUCH DAMAGE. 26238438Sdteske# 27238438Sdteske# $FreeBSD: releng/10.2/usr.sbin/bsdconfig/security/kern_securelevel 260678 2014-01-15 07:49:17Z dteske $ 28238438Sdteske# 29238438Sdteske############################################################ INCLUDES 30238438Sdteske 31240684SdteskeBSDCFG_SHARE="/usr/share/bsdconfig" 32240684Sdteske. $BSDCFG_SHARE/common.subr || exit 1 33244675Sdteskef_dprintf "%s: loading includes..." "$0" 34240684Sdteskef_include $BSDCFG_SHARE/dialog.subr 35240684Sdteskef_include $BSDCFG_SHARE/mustberoot.subr 36240684Sdteskef_include $BSDCFG_SHARE/sysrc.subr 37238438Sdteske 38240684SdteskeBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" 39238438Sdteskef_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr 40238438Sdteske 41242107SdteskeSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp 42242107Sdteske 43260678Sdteskef_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm && 44260678Sdteske pgm="${ipgm:-$pgm}" 45238438Sdteske 46238438Sdteske############################################################ FUNCTIONS 47238438Sdteske 48238438Sdteske# dialog_menu_main 49238438Sdteske# 50238438Sdteske# Display the dialog(1)-based application main menu. 51238438Sdteske# 52238438Sdteskedialog_menu_main() 53238438Sdteske{ 54238438Sdteske local prompt="$msg_securelevels_menu_text" 55251264Sdteske local menu_list=" 56238438Sdteske '$msg_disabled' '$msg_disable_securelevels' 57238438Sdteske '$msg_secure' '$msg_secure_mode' 58238438Sdteske '$msg_highly_secure' '$msg_highly_secure_mode' 59238438Sdteske '$msg_network_secure' '$msg_network_secure_mode' 60238438Sdteske " # END-QUOTE 61251264Sdteske local defaultitem= # Calculated below 62251264Sdteske local hline="$hline_select_securelevel_to_operate_at" 63238438Sdteske 64251190Sdteske local height width rows 65251190Sdteske eval f_dialog_menu_size height width rows \ 66251190Sdteske \"\$DIALOG_TITLE\" \ 67251190Sdteske \"\$DIALOG_BACKTITLE\" \ 68251190Sdteske \"\$prompt\" \ 69251190Sdteske \"\$hline\" \ 70251190Sdteske $menu_list 71238438Sdteske 72249751Sdteske case "$( f_sysrc_get kern_securelevel_enable )" in 73249751Sdteske [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) 74249751Sdteske case "$( f_sysrc_get kern_securelevel )" in 75249751Sdteske 1) defaultitem="$msg_secure" ;; 76249751Sdteske 2) defaultitem="$msg_highly_secure" ;; 77249751Sdteske 3) defaultitem="$msg_network_secure" ;; 78249751Sdteske esac ;; 79249751Sdteske *) 80249751Sdteske defaultitem="$msg_disabled" 81249751Sdteske esac 82249751Sdteske 83251236Sdteske local menu_choice 84251236Sdteske menu_choice=$( eval $DIALOG \ 85249751Sdteske --title \"\$DIALOG_TITLE\" \ 86238438Sdteske --backtitle \"\$DIALOG_BACKTITLE\" \ 87238438Sdteske --hline \"\$hline\" \ 88238438Sdteske --ok-label \"\$msg_ok\" \ 89238438Sdteske --cancel-label \"\$msg_cancel\" \ 90241899Sdteske --help-button \ 91245401Sdteske --help-label \"\$msg_help\" \ 92242096Sdteske ${USE_XDIALOG:+--help \"\"} \ 93249751Sdteske --default-item \"\$defaultitem\" \ 94251190Sdteske --menu \"\$prompt\" \ 95251190Sdteske $height $width $rows \ 96238438Sdteske $menu_list \ 97240768Sdteske 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 98240768Sdteske ) 99240768Sdteske local retval=$? 100251236Sdteske f_dialog_menutag_store -s "$menu_choice" 101240768Sdteske return $retval 102238438Sdteske} 103238438Sdteske 104238438Sdteske############################################################ MAIN 105238438Sdteske 106238438Sdteske# Incorporate rc-file if it exists 107238438Sdteske[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" 108238438Sdteske 109238438Sdteske# 110238438Sdteske# Process command-line arguments 111238438Sdteske# 112250633Sdteskewhile getopts h$GETOPTS_STDARGS flag; do 113238438Sdteske case "$flag" in 114252178Sdteske h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;; 115238438Sdteske esac 116238438Sdteskedone 117238438Sdteskeshift $(( $OPTIND - 1 )) 118238438Sdteske 119238438Sdteske# 120238438Sdteske# Initialize 121238438Sdteske# 122238438Sdteskef_dialog_title "$msg_securelevels_menu_title" 123238438Sdteskef_dialog_backtitle "${ipgm:+bsdconfig }$pgm" 124238438Sdteskef_mustberoot_init 125238438Sdteske 126238438Sdteske# 127251933Sdteske# Launch application main menu (loop for additional `Help' button) 128238438Sdteske# 129241899Sdteskewhile :; do 130241899Sdteske dialog_menu_main 131241899Sdteske retval=$? 132251236Sdteske f_dialog_menutag_fetch mtag 133238438Sdteske 134256181Sdteske if [ $retval -eq $DIALOG_HELP ]; then 135242107Sdteske f_show_help "$SECURELEVEL_HELPFILE" 136241899Sdteske continue 137256181Sdteske elif [ $retval -ne $DIALOG_OK ]; then 138241899Sdteske f_die 139241899Sdteske fi 140238438Sdteske 141241899Sdteske break 142241899Sdteskedone 143241899Sdteske 144238438Sdteskecase "$mtag" in 145238438Sdteske"$msg_disabled") 146260678Sdteske f_eval_catch "$0" f_sysrc_set \ 147260678Sdteske 'f_sysrc_set kern_securelevel_enable NO' || f_die 148238438Sdteske ;; 149238438Sdteske"$msg_secure") 150260678Sdteske f_eval_catch "$0" f_sysrc_set \ 151260678Sdteske 'f_sysrc_set kern_securelevel_enable YES' || f_die 152260678Sdteske f_eval_catch "$0" f_sysrc_set \ 153260678Sdteske 'f_sysrc_set kern_securelevel 1' || f_die 154238438Sdteske ;; 155238438Sdteske"$msg_highly_secure") 156260678Sdteske f_eval_catch "$0" f_sysrc_set \ 157260678Sdteske 'f_sysrc_set kern_securelevel_enable YES' || f_die 158260678Sdteske f_eval_catch "$0" f_sysrc_set \ 159260678Sdteske 'f_sysrc_set kern_securelevel 2' || f_die 160238438Sdteske ;; 161238438Sdteske"$msg_network_secure") 162260678Sdteske f_eval_catch "$0" f_sysrc_set \ 163260678Sdteske 'f_sysrc_set kern_securelevel_enable YES' || f_die 164260678Sdteske f_eval_catch "$0" f_sysrc_set \ 165260678Sdteske 'f_sysrc_set kern_securelevel 3' || f_die 166238438Sdteske ;; 167252017Sdteske*) 168252017Sdteske f_die 1 "$msg_unknown_kern_securelevel_selection" 169238438Sdteskeesac 170238438Sdteske 171238438Sdteskeexit $SUCCESS 172238438Sdteske 173238438Sdteske################################################################################ 174238438Sdteske# END 175238438Sdteske################################################################################ 176