kern_securelevel revision 252987 
1238405Sjkim#!/bin/sh
2238405Sjkim#-
3238405Sjkim# Copyright (c) 2012-2013 Devin Teske
4238405Sjkim# All rights reserved.
5238405Sjkim#
6238405Sjkim# Redistribution and use in source and binary forms, with or without
7238405Sjkim# modification, are permitted provided that the following conditions
8238405Sjkim# are met:
9238405Sjkim# 1. Redistributions of source code must retain the above copyright
10238405Sjkim#    notice, this list of conditions and the following disclaimer.
11238405Sjkim# 2. Redistributions in binary form must reproduce the above copyright
12238405Sjkim#    notice, this list of conditions and the following disclaimer in the
13238405Sjkim#    documentation and/or other materials provided with the distribution.
14238405Sjkim#
15238405Sjkim# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16238405Sjkim# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17238405Sjkim# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18238405Sjkim# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19238405Sjkim# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20238405Sjkim# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21238405Sjkim# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22238405Sjkim# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23238405Sjkim# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24238405Sjkim# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25238405Sjkim# SUCH DAMAGE.
26238405Sjkim#
27238405Sjkim# $FreeBSD: head/usr.sbin/bsdconfig/security/kern_securelevel 252987 2013-07-07 18:51:44Z dteske $
28238405Sjkim#
29238405Sjkim############################################################ INCLUDES
30238405Sjkim
31238405SjkimBSDCFG_SHARE="/usr/share/bsdconfig"
32238405Sjkim. $BSDCFG_SHARE/common.subr || exit 1
33238405Sjkimf_dprintf "%s: loading includes..." "$0"
34238405Sjkimf_include $BSDCFG_SHARE/dialog.subr
35238405Sjkimf_include $BSDCFG_SHARE/mustberoot.subr
36238405Sjkimf_include $BSDCFG_SHARE/sysrc.subr
37238405Sjkim
38238405SjkimBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
39238405Sjkimf_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
40238405Sjkim
41238405SjkimSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp
42238405Sjkim
43238405Sjkimipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" )
44238405Sjkim[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm"
45238405Sjkim
46238405Sjkim############################################################ FUNCTIONS
47238405Sjkim
48238405Sjkim# dialog_menu_main
49238405Sjkim#
50238405Sjkim# Display the dialog(1)-based application main menu.
51238405Sjkim#
52238405Sjkimdialog_menu_main()
53238405Sjkim{
54238405Sjkim	local prompt="$msg_securelevels_menu_text"
55238405Sjkim	local menu_list="
56238405Sjkim		'$msg_disabled'       '$msg_disable_securelevels'
57238405Sjkim		'$msg_secure'         '$msg_secure_mode'
58238405Sjkim		'$msg_highly_secure'  '$msg_highly_secure_mode'
59238405Sjkim		'$msg_network_secure' '$msg_network_secure_mode'
60238405Sjkim	" # END-QUOTE
61238405Sjkim	local defaultitem= # Calculated below
62238405Sjkim	local hline="$hline_select_securelevel_to_operate_at"
63238405Sjkim
64238405Sjkim	local height width rows
65238405Sjkim	eval f_dialog_menu_size height width rows \
66238405Sjkim	                        \"\$DIALOG_TITLE\"     \
67238405Sjkim	                        \"\$DIALOG_BACKTITLE\" \
68238405Sjkim	                        \"\$prompt\"           \
69238405Sjkim	                        \"\$hline\"            \
70238405Sjkim	                        $menu_list
71238405Sjkim
72238405Sjkim	case "$( f_sysrc_get kern_securelevel_enable )" in
73238405Sjkim	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
74238405Sjkim		case "$( f_sysrc_get kern_securelevel )" in
75238405Sjkim		1) defaultitem="$msg_secure"         ;;
76238405Sjkim		2) defaultitem="$msg_highly_secure"  ;;
77238405Sjkim		3) defaultitem="$msg_network_secure" ;;
78238405Sjkim		esac ;;
79238405Sjkim	*)
80238405Sjkim		defaultitem="$msg_disabled"
81238405Sjkim	esac
82238405Sjkim
83238405Sjkim	local menu_choice
84238405Sjkim	menu_choice=$( eval $DIALOG \
85238405Sjkim		--title \"\$DIALOG_TITLE\"         \
86238405Sjkim		--backtitle \"\$DIALOG_BACKTITLE\" \
87238405Sjkim		--hline \"\$hline\"                \
88238405Sjkim		--ok-label \"\$msg_ok\"            \
89238405Sjkim		--cancel-label \"\$msg_cancel\"    \
90238405Sjkim		--help-button                      \
91238405Sjkim		--help-label \"\$msg_help\"        \
92238405Sjkim		${USE_XDIALOG:+--help \"\"}        \
93238405Sjkim		--default-item \"\$defaultitem\"   \
94238405Sjkim		--menu \"\$prompt\"                \
95238405Sjkim		$height $width $rows               \
96238405Sjkim		$menu_list                         \
97238405Sjkim		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
98238405Sjkim	)
99238405Sjkim	local retval=$?
100238405Sjkim	f_dialog_menutag_store -s "$menu_choice"
101238405Sjkim	return $retval
102238405Sjkim}
103238405Sjkim
104238405Sjkim############################################################ MAIN
105238405Sjkim
106238405Sjkim# Incorporate rc-file if it exists
107238405Sjkim[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
108238405Sjkim
109238405Sjkim#
110238405Sjkim# Process command-line arguments
111238405Sjkim#
112238405Sjkimwhile getopts h$GETOPTS_STDARGS flag; do
113238405Sjkim	case "$flag" in
114238405Sjkim	h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
115238405Sjkim	esac
116238405Sjkimdone
117238405Sjkimshift $(( $OPTIND - 1 ))
118238405Sjkim
119238405Sjkim#
120238405Sjkim# Initialize
121238405Sjkim#
122238405Sjkimf_dialog_title "$msg_securelevels_menu_title"
123238405Sjkimf_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
124238405Sjkimf_mustberoot_init
125238405Sjkim
126238405Sjkim#
127238405Sjkim# Launch application main menu (loop for additional `Help' button)
128238405Sjkim#
129238405Sjkimwhile :; do
130238405Sjkim	dialog_menu_main
131238405Sjkim	retval=$?
132238405Sjkim	f_dialog_menutag_fetch mtag
133238405Sjkim
134238405Sjkim	if [ $retval -eq 2 ]; then
135238405Sjkim		# The Help button was pressed
136238405Sjkim		f_show_help "$SECURELEVEL_HELPFILE"
137238405Sjkim		continue
138238405Sjkim	elif [ $retval -ne 0 ]; then
139238405Sjkim		f_die
140238405Sjkim	fi
141238405Sjkim
142238405Sjkim	break
143238405Sjkimdone
144238405Sjkim
145238405Sjkimcase "$mtag" in
146238405Sjkim"$msg_disabled")
147238405Sjkim	f_sysrc_set kern_securelevel_enable "NO"
148238405Sjkim	;;
149238405Sjkim"$msg_secure")
150238405Sjkim	f_sysrc_set kern_securelevel_enable "YES"
151238405Sjkim	f_sysrc_set kern_securelevel "1" 
152238405Sjkim	;;
153238405Sjkim"$msg_highly_secure")
154238405Sjkim	f_sysrc_set kern_securelevel_enable "YES"
155238405Sjkim	f_sysrc_set kern_securelevel "2" 
156238405Sjkim	;;
157238405Sjkim"$msg_network_secure")
158238405Sjkim	f_sysrc_set kern_securelevel_enable "YES"
159238405Sjkim	f_sysrc_set kern_securelevel "3" 
160238405Sjkim	;;
161238405Sjkim*)
162238405Sjkim	f_die 1 "$msg_unknown_kern_securelevel_selection"
163238405Sjkimesac
164238405Sjkim
165238405Sjkimexit $SUCCESS
166238405Sjkim
167238405Sjkim################################################################################
168238405Sjkim# END
169238405Sjkim################################################################################
170238405Sjkim