Cross Reference: /freebsd-10.2-release/usr.sbin/bsdconfig/security/kern_securelevel

92108Sphk#!/bin/sh
92108Sphk#-
92108Sphk# Copyright (c) 2012-2013 Devin Teske
92108Sphk# All rights reserved.
92108Sphk#
92108Sphk# Redistribution and use in source and binary forms, with or without
92108Sphk# modification, are permitted provided that the following conditions
92108Sphk# are met:
92108Sphk# 1. Redistributions of source code must retain the above copyright
92108Sphk#    notice, this list of conditions and the following disclaimer.
92108Sphk# 2. Redistributions in binary form must reproduce the above copyright
92108Sphk#    notice, this list of conditions and the following disclaimer in the
92108Sphk#    documentation and/or other materials provided with the distribution.
92108Sphk#
92108Sphk# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
92108Sphk# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO, THE
92108Sphk# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
92108Sphk# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
92108Sphk# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
92108Sphk# DAMAGES (INLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
92108Sphk# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92108Sphk# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
92108Sphk# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
92108Sphk# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
92108Sphk# SUCH DAMAGE.
92108Sphk#
92108Sphk# $FreeBSD: head/usr.sbin/bsdconfig/security/kern_securelevel 252980 2013-07-07 18:21:30Z dteske $
92108Sphk#
92108Sphk############################################################ INCLUDES
92108Sphk
92108SphkBSDCFG_SHARE="/usr/share/bsdconfig"
92108Sphk. $BSDCFG_SHARE/common.subr || exit 1
92108Sphkf_dprintf "%s: loading includes..." "$0"
92108Sphkf_include $BSDCFG_SHARE/dialog.subr
92108Sphkf_include $BSDCFG_SHARE/mustberoot.subr
92108Sphkf_include $BSDCFG_SHARE/sysrc.subr
92108Sphk
92108SphkBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
92108Sphkf_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
92108Sphk
92108SphkSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp
92108Sphk
92108Sphkipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" )
92108Sphk[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm"
92108Sphk
92108Sphk############################################################ FUNCTIONS
92108Sphk
92108Sphk# dialog_menu_main
92108Sphk#
92108Sphk# Display the dialog(1)-based application main menu.
92108Sphk#
92108Sphkdialog_menu_main()
92108Sphk{
92108Sphk	local prompt="$msg_securelevels_menu_text"
92108Sphk	local menu_list="
92108Sphk		'$msg_disabled'       '$msg_disable_securelevels'
92108Sphk		'$msg_secure'         '$msg_secure_mode'
92108Sphk		'$msg_highly_secure'  '$msg_highly_secure_mode'
93248Sphk		'$msg_network_secure' '$msg_network_secure_mode'
97075Sphk	" # END-QUOTE
92108Sphk	local defaultitem= # Calculated below
92108Sphk	local hline="$hline_select_securelevel_to_operate_at"
93776Sphk
92108Sphk	local height width rows
92108Sphk	eval f_dialog_menu_size height width rows \
92108Sphk	                        \"\$DIALOG_TITLE\"     \
92108Sphk	                        \"\$DIALOG_BACKTITLE\" \
92108Sphk	                        \"\$prompt\"           \
92108Sphk	                        \"\$hline\"            \
92108Sphk	                        $menu_list
92108Sphk
92108Sphk	case "$( f_sysrc_get kern_securelevel_enable )" in
92108Sphk	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
92108Sphk		case "$( f_sysrc_get kern_securelevel )" in
92108Sphk		1) defaultitem="$msg_secure"         ;;
92108Sphk		2) defaultitem="$msg_highly_secure"  ;;
92108Sphk		3) defaultitem="$msg_network_secure" ;;
92108Sphk		esac ;;
92108Sphk	*)
92108Sphk		defaultitem="$msg_disabled"
92108Sphk	esac
92108Sphk
92108Sphk	local menu_choice
92108Sphk	menu_choice=$( eval $DIALOG \
92108Sphk		--title \"\$DIALOG_TITLE\"         \
92108Sphk		--backtitle \"\$DIALOG_BACKTITLE\" \
92108Sphk		--hline \"\$hline\"                \
92108Sphk		--ok-label \"\$msg_ok\"            \
92108Sphk		--cancel-label \"\$msg_cancel\"    \
92108Sphk		--help-button                      \
92108Sphk		--help-label \"\$msg_help\"        \
92108Sphk		${USE_XDIALOG:+--help \"\"}        \
92108Sphk		--default-item \"\$defaultitem\"   \
92108Sphk		--menu \"\$prompt\"                \
92108Sphk		$height $width $rows               \
93778Sphk		$menu_list                         \
93778Sphk		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
92108Sphk	)
92108Sphk	local retval=$?
92108Sphk	f_dialog_menutag_store -s "$menu_choice"
92108Sphk	return $retval
95038Sphk}
95038Sphk
95038Sphk############################################################ MAIN
95038Sphk
95038Sphk# Incorporate rc-file if it exists
95038Sphk[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
95038Sphk
95038Sphk#
95038Sphk# Process command-line arguments
95038Sphk#
95038Sphkwhile getopts h$GETOPTS_STDARGS flag; do
95038Sphk	case "$flag" in
95038Sphk	h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
95038Sphk	esac
95038Sphkdone
95038Sphkshift $(( $OPTIND - 1 ))
95038Sphk
95038Sphk#
92108Sphk# Initialize
92108Sphk#
92108Sphkf_dialog_title "$msg_securelevels_menu_title"
92108Sphkf_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
92108Sphkf_mustberoot_init
92108Sphk
92108Sphk#
92108Sphk# Launch application main menu (loop for additional `Help' button)
92108Sphk#
92108Sphkwhile :; do
92108Sphk	dialog_menu_main
92108Sphk	retval=$?
92108Sphk	f_dialog_menutag_fetch mtag
92108Sphk
92108Sphk	if [ $retval -eq 2 ]; then
92403Sphk		# The Help button was pressed
92403Sphk		f_show_help "$SECURELEVEL_HELPFILE"
92108Sphk		continue
92108Sphk	elif [ $retval -ne 0 ]; then
92108Sphk		f_die
92403Sphk	fi
92108Sphk
92108Sphk	break
92108Sphkdone
92108Sphk
92108Sphkcase "$mtag" in
92108Sphk"$msg_disabled")
92108Sphk	f_sysrc_set kern_securelevel_enable "NO"
92108Sphk	;;
92108Sphk"$msg_secure")
92108Sphk	f_sysrc_set kern_securelevel_enable "YES"
92108Sphk	f_sysrc_set kern_securelevel "1"
92108Sphk	;;
92108Sphk"$msg_highly_secure")
92108Sphk	f_sysrc_set kern_securelevel_enable "YES"
92108Sphk	f_sysrc_set kern_securelevel "2"
92108Sphk	;;
92403Sphk"$msg_network_secure")
92403Sphk	f_sysrc_set kern_securelevel_enable "YES"
92108Sphk	f_sysrc_set kern_securelevel "3"
92403Sphk	;;
92403Sphk*)
92108Sphk	f_die 1 "$msg_unknown_kern_securelevel_selection"
92403Sphkesac
92403Sphk
92108Sphkexit $SUCCESS
92403Sphk
94287Sphk################################################################################
94287Sphk# END
95038Sphk################################################################################
95038Sphk