Cross Reference: /freebsd-10.2-release/usr.sbin/bsdconfig/security/kern_securelevel

238438Sdteske#!/bin/sh
238438Sdteske#-
249746Sdteske# Copyright (c) 2012-2013 Devin Teske
238438Sdteske# All Rights Reserved.
238438Sdteske#
238438Sdteske# Redistribution and use in source and binary forms, with or without
238438Sdteske# modification, are permitted provided that the following conditions
238438Sdteske# are met:
238438Sdteske# 1. Redistributions of source code must retain the above copyright
238438Sdteske#    notice, this list of conditions and the following disclaimer.
238438Sdteske# 2. Redistributions in binary form must reproduce the above copyright
238438Sdteske#    notice, this list of conditions and the following disclaimer in the
238438Sdteske#    documentation and/or other materials provided with the distribution.
238438Sdteske#
238438Sdteske# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
238438Sdteske# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO, THE
238438Sdteske# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
238438Sdteske# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
238438Sdteske# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
238438Sdteske# DAMAGES (INLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
238438Sdteske# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
238438Sdteske# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
238438Sdteske# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
238438Sdteske# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
238438Sdteske# SUCH DAMAGE.
238438Sdteske#
238438Sdteske# $FreeBSD: head/usr.sbin/bsdconfig/security/kern_securelevel 252017 2013-06-20 05:40:11Z dteske $
238438Sdteske#
238438Sdteske############################################################ INCLUDES
238438Sdteske
240684SdteskeBSDCFG_SHARE="/usr/share/bsdconfig"
240684Sdteske. $BSDCFG_SHARE/common.subr || exit 1
244675Sdteskef_dprintf "%s: loading includes..." "$0"
240684Sdteskef_include $BSDCFG_SHARE/dialog.subr
240684Sdteskef_include $BSDCFG_SHARE/mustberoot.subr
240684Sdteskef_include $BSDCFG_SHARE/sysrc.subr
238438Sdteske
240684SdteskeBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
238438Sdteskef_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
238438Sdteske
242107SdteskeSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp
242107Sdteske
243112Sdteskeipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" )
238438Sdteske[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm"
238438Sdteske
238438Sdteske############################################################ FUNCTIONS
238438Sdteske
238438Sdteske# dialog_menu_main
238438Sdteske#
238438Sdteske# Display the dialog(1)-based application main menu.
238438Sdteske#
238438Sdteskedialog_menu_main()
238438Sdteske{
238438Sdteske	local prompt="$msg_securelevels_menu_text"
251264Sdteske	local menu_list="
238438Sdteske		'$msg_disabled'       '$msg_disable_securelevels'
238438Sdteske		'$msg_secure'         '$msg_secure_mode'
238438Sdteske		'$msg_highly_secure'  '$msg_highly_secure_mode'
238438Sdteske		'$msg_network_secure' '$msg_network_secure_mode'
238438Sdteske	" # END-QUOTE
251264Sdteske	local defaultitem= # Calculated below
251264Sdteske	local hline="$hline_select_securelevel_to_operate_at"
238438Sdteske
251190Sdteske	local height width rows
251190Sdteske	eval f_dialog_menu_size height width rows \
251190Sdteske	                        \"\$DIALOG_TITLE\"     \
251190Sdteske	                        \"\$DIALOG_BACKTITLE\" \
251190Sdteske	                        \"\$prompt\"           \
251190Sdteske	                        \"\$hline\"            \
251190Sdteske	                        $menu_list
238438Sdteske
249751Sdteske	case "$( f_sysrc_get kern_securelevel_enable )" in
249751Sdteske	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
249751Sdteske		case "$( f_sysrc_get kern_securelevel )" in
249751Sdteske		1) defaultitem="$msg_secure"         ;;
249751Sdteske		2) defaultitem="$msg_highly_secure"  ;;
249751Sdteske		3) defaultitem="$msg_network_secure" ;;
249751Sdteske		esac ;;
249751Sdteske	*)
249751Sdteske		defaultitem="$msg_disabled"
249751Sdteske	esac
249751Sdteske
251236Sdteske	local menu_choice
251236Sdteske	menu_choice=$( eval $DIALOG \
249751Sdteske		--title \"\$DIALOG_TITLE\"         \
238438Sdteske		--backtitle \"\$DIALOG_BACKTITLE\" \
238438Sdteske		--hline \"\$hline\"                \
238438Sdteske		--ok-label \"\$msg_ok\"            \
238438Sdteske		--cancel-label \"\$msg_cancel\"    \
241899Sdteske		--help-button                      \
245401Sdteske		--help-label \"\$msg_help\"        \
242096Sdteske		${USE_XDIALOG:+--help \"\"}        \
249751Sdteske		--default-item \"\$defaultitem\"   \
251190Sdteske		--menu \"\$prompt\"                \
251190Sdteske		$height $width $rows               \
238438Sdteske		$menu_list                         \
240768Sdteske		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
240768Sdteske	)
240768Sdteske	local retval=$?
251236Sdteske	f_dialog_menutag_store -s "$menu_choice"
240768Sdteske	return $retval
238438Sdteske}
238438Sdteske
238438Sdteske############################################################ MAIN
238438Sdteske
238438Sdteske# Incorporate rc-file if it exists
238438Sdteske[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
238438Sdteske
238438Sdteske#
238438Sdteske# Process command-line arguments
238438Sdteske#
250633Sdteskewhile getopts h$GETOPTS_STDARGS flag; do
238438Sdteske	case "$flag" in
238438Sdteske	h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm";;
238438Sdteske	esac
238438Sdteskedone
238438Sdteskeshift $(( $OPTIND - 1 ))
238438Sdteske
238438Sdteske#
238438Sdteske# Initialize
238438Sdteske#
238438Sdteskef_dialog_title "$msg_securelevels_menu_title"
238438Sdteskef_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
238438Sdteskef_mustberoot_init
238438Sdteske
238438Sdteske#
251933Sdteske# Launch application main menu (loop for additional `Help' button)
238438Sdteske#
241899Sdteskewhile :; do
241899Sdteske	dialog_menu_main
241899Sdteske	retval=$?
251236Sdteske	f_dialog_menutag_fetch mtag
238438Sdteske
241899Sdteske	if [ $retval -eq 2 ]; then
241899Sdteske		# The Help button was pressed
242107Sdteske		f_show_help "$SECURELEVEL_HELPFILE"
241899Sdteske		continue
241899Sdteske	elif [ $retval -ne 0 ]; then
241899Sdteske		f_die
241899Sdteske	fi
238438Sdteske
241899Sdteske	break
241899Sdteskedone
241899Sdteske
238438Sdteskecase "$mtag" in
238438Sdteske"$msg_disabled")
238438Sdteske	f_sysrc_set kern_securelevel_enable "NO"
238438Sdteske	;;
238438Sdteske"$msg_secure")
238438Sdteske	f_sysrc_set kern_securelevel_enable "YES"
238438Sdteske	f_sysrc_set kern_securelevel "1"
238438Sdteske	;;
238438Sdteske"$msg_highly_secure")
238438Sdteske	f_sysrc_set kern_securelevel_enable "YES"
238438Sdteske	f_sysrc_set kern_securelevel "2"
238438Sdteske	;;
238438Sdteske"$msg_network_secure")
238438Sdteske	f_sysrc_set kern_securelevel_enable "YES"
238438Sdteske	f_sysrc_set kern_securelevel "3"
238438Sdteske	;;
252017Sdteske*)
252017Sdteske	f_die 1 "$msg_unknown_kern_securelevel_selection"
238438Sdteskeesac
238438Sdteske
238438Sdteskeexit $SUCCESS
238438Sdteske
238438Sdteske################################################################################
238438Sdteske# END
238438Sdteske################################################################################