kern_securelevel revision 252980
192108Sphk#!/bin/sh 292108Sphk#- 392108Sphk# Copyright (c) 2012-2013 Devin Teske 492108Sphk# All rights reserved. 592108Sphk# 692108Sphk# Redistribution and use in source and binary forms, with or without 792108Sphk# modification, are permitted provided that the following conditions 892108Sphk# are met: 992108Sphk# 1. Redistributions of source code must retain the above copyright 1092108Sphk# notice, this list of conditions and the following disclaimer. 1192108Sphk# 2. Redistributions in binary form must reproduce the above copyright 1292108Sphk# notice, this list of conditions and the following disclaimer in the 1392108Sphk# documentation and/or other materials provided with the distribution. 1492108Sphk# 1592108Sphk# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1692108Sphk# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO, THE 1792108Sphk# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1892108Sphk# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1992108Sphk# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2092108Sphk# DAMAGES (INLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2192108Sphk# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2292108Sphk# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2392108Sphk# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2492108Sphk# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2592108Sphk# SUCH DAMAGE. 2692108Sphk# 2792108Sphk# $FreeBSD: head/usr.sbin/bsdconfig/security/kern_securelevel 252980 2013-07-07 18:21:30Z dteske $ 2892108Sphk# 2992108Sphk############################################################ INCLUDES 3092108Sphk 3192108SphkBSDCFG_SHARE="/usr/share/bsdconfig" 3292108Sphk. $BSDCFG_SHARE/common.subr || exit 1 3392108Sphkf_dprintf "%s: loading includes..." "$0" 3492108Sphkf_include $BSDCFG_SHARE/dialog.subr 3592108Sphkf_include $BSDCFG_SHARE/mustberoot.subr 3692108Sphkf_include $BSDCFG_SHARE/sysrc.subr 3792108Sphk 3892108SphkBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" 3992108Sphkf_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr 4092108Sphk 4192108SphkSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp 4292108Sphk 4392108Sphkipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ) 4492108Sphk[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm" 4592108Sphk 4692108Sphk############################################################ FUNCTIONS 4792108Sphk 4892108Sphk# dialog_menu_main 4992108Sphk# 5092108Sphk# Display the dialog(1)-based application main menu. 5192108Sphk# 5292108Sphkdialog_menu_main() 5392108Sphk{ 5492108Sphk local prompt="$msg_securelevels_menu_text" 5592108Sphk local menu_list=" 5692108Sphk '$msg_disabled' '$msg_disable_securelevels' 5792108Sphk '$msg_secure' '$msg_secure_mode' 5892108Sphk '$msg_highly_secure' '$msg_highly_secure_mode' 5993248Sphk '$msg_network_secure' '$msg_network_secure_mode' 6097075Sphk " # END-QUOTE 6192108Sphk local defaultitem= # Calculated below 6292108Sphk local hline="$hline_select_securelevel_to_operate_at" 6393776Sphk 6492108Sphk local height width rows 6592108Sphk eval f_dialog_menu_size height width rows \ 6692108Sphk \"\$DIALOG_TITLE\" \ 6792108Sphk \"\$DIALOG_BACKTITLE\" \ 6892108Sphk \"\$prompt\" \ 6992108Sphk \"\$hline\" \ 7092108Sphk $menu_list 7192108Sphk 7292108Sphk case "$( f_sysrc_get kern_securelevel_enable )" in 7392108Sphk [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) 7492108Sphk case "$( f_sysrc_get kern_securelevel )" in 7592108Sphk 1) defaultitem="$msg_secure" ;; 7692108Sphk 2) defaultitem="$msg_highly_secure" ;; 7792108Sphk 3) defaultitem="$msg_network_secure" ;; 7892108Sphk esac ;; 7992108Sphk *) 8092108Sphk defaultitem="$msg_disabled" 8192108Sphk esac 8292108Sphk 8392108Sphk local menu_choice 8492108Sphk menu_choice=$( eval $DIALOG \ 8592108Sphk --title \"\$DIALOG_TITLE\" \ 8692108Sphk --backtitle \"\$DIALOG_BACKTITLE\" \ 8792108Sphk --hline \"\$hline\" \ 8892108Sphk --ok-label \"\$msg_ok\" \ 8992108Sphk --cancel-label \"\$msg_cancel\" \ 9092108Sphk --help-button \ 9192108Sphk --help-label \"\$msg_help\" \ 9292108Sphk ${USE_XDIALOG:+--help \"\"} \ 9392108Sphk --default-item \"\$defaultitem\" \ 9492108Sphk --menu \"\$prompt\" \ 9592108Sphk $height $width $rows \ 9693778Sphk $menu_list \ 9793778Sphk 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 9892108Sphk ) 9992108Sphk local retval=$? 10092108Sphk f_dialog_menutag_store -s "$menu_choice" 10192108Sphk return $retval 10295038Sphk} 10395038Sphk 10495038Sphk############################################################ MAIN 10595038Sphk 10695038Sphk# Incorporate rc-file if it exists 10795038Sphk[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" 10895038Sphk 10995038Sphk# 11095038Sphk# Process command-line arguments 11195038Sphk# 11295038Sphkwhile getopts h$GETOPTS_STDARGS flag; do 11395038Sphk case "$flag" in 11495038Sphk h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;; 11595038Sphk esac 11695038Sphkdone 11795038Sphkshift $(( $OPTIND - 1 )) 11895038Sphk 11995038Sphk# 12092108Sphk# Initialize 12192108Sphk# 12292108Sphkf_dialog_title "$msg_securelevels_menu_title" 12392108Sphkf_dialog_backtitle "${ipgm:+bsdconfig }$pgm" 12492108Sphkf_mustberoot_init 12592108Sphk 12692108Sphk# 12792108Sphk# Launch application main menu (loop for additional `Help' button) 12892108Sphk# 12992108Sphkwhile :; do 13092108Sphk dialog_menu_main 13192108Sphk retval=$? 13292108Sphk f_dialog_menutag_fetch mtag 13392108Sphk 13492108Sphk if [ $retval -eq 2 ]; then 13592403Sphk # The Help button was pressed 13692403Sphk f_show_help "$SECURELEVEL_HELPFILE" 13792108Sphk continue 13892108Sphk elif [ $retval -ne 0 ]; then 13992108Sphk f_die 14092403Sphk fi 14192108Sphk 14292108Sphk break 14392108Sphkdone 14492108Sphk 14592108Sphkcase "$mtag" in 14692108Sphk"$msg_disabled") 14792108Sphk f_sysrc_set kern_securelevel_enable "NO" 14892108Sphk ;; 14992108Sphk"$msg_secure") 15092108Sphk f_sysrc_set kern_securelevel_enable "YES" 15192108Sphk f_sysrc_set kern_securelevel "1" 15292108Sphk ;; 15392108Sphk"$msg_highly_secure") 15492108Sphk f_sysrc_set kern_securelevel_enable "YES" 15592108Sphk f_sysrc_set kern_securelevel "2" 15692108Sphk ;; 15792403Sphk"$msg_network_secure") 15892403Sphk f_sysrc_set kern_securelevel_enable "YES" 15992108Sphk f_sysrc_set kern_securelevel "3" 16092403Sphk ;; 16192403Sphk*) 16292108Sphk f_die 1 "$msg_unknown_kern_securelevel_selection" 16392403Sphkesac 16492403Sphk 16592108Sphkexit $SUCCESS 16692403Sphk 16794287Sphk################################################################################ 16894287Sphk# END 16995038Sphk################################################################################ 17095038Sphk