kern_securelevel revision 260678
1111314Snyan#!/bin/sh 2111314Snyan#- 3111314Snyan# Copyright (c) 2012-2013 Devin Teske 4111314Snyan# All rights reserved. 5111314Snyan# 6111314Snyan# Redistribution and use in source and binary forms, with or without 7111314Snyan# modification, are permitted provided that the following conditions 8111314Snyan# are met: 9111314Snyan# 1. Redistributions of source code must retain the above copyright 10111314Snyan# notice, this list of conditions and the following disclaimer. 11111314Snyan# 2. Redistributions in binary form must reproduce the above copyright 12111314Snyan# notice, this list of conditions and the following disclaimer in the 13111314Snyan# documentation and/or other materials provided with the distribution. 14111314Snyan# 15111314Snyan# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16111314Snyan# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17111314Snyan# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18111314Snyan# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19111314Snyan# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20111314Snyan# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21111314Snyan# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22111314Snyan# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23111314Snyan# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24111314Snyan# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25111314Snyan# SUCH DAMAGE. 26122755Snyan# 27122755Snyan# $FreeBSD: stable/10/usr.sbin/bsdconfig/security/kern_securelevel 260678 2014-01-15 07:49:17Z dteske $ 28122755Snyan# 29122755Snyan############################################################ INCLUDES 30111314Snyan 31111314SnyanBSDCFG_SHARE="/usr/share/bsdconfig" 32111314Snyan. $BSDCFG_SHARE/common.subr || exit 1 33122755Snyanf_dprintf "%s: loading includes..." "$0" 34111314Snyanf_include $BSDCFG_SHARE/dialog.subr 35122755Snyanf_include $BSDCFG_SHARE/mustberoot.subr 36122755Snyanf_include $BSDCFG_SHARE/sysrc.subr 37122755Snyan 38122755SnyanBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" 39122755Snyanf_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr 40122755Snyan 41122755SnyanSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp 42111314Snyan 43111314Snyanf_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm && 44111314Snyan pgm="${ipgm:-$pgm}" 45122056Snyan 46122755Snyan############################################################ FUNCTIONS 47111314Snyan 48111314Snyan# dialog_menu_main 49111314Snyan# 50111314Snyan# Display the dialog(1)-based application main menu. 51111314Snyan# 52111314Snyandialog_menu_main() 53111314Snyan{ 54111314Snyan local prompt="$msg_securelevels_menu_text" 55111314Snyan local menu_list=" 56111314Snyan '$msg_disabled' '$msg_disable_securelevels' 57111314Snyan '$msg_secure' '$msg_secure_mode' 58111314Snyan '$msg_highly_secure' '$msg_highly_secure_mode' 59111314Snyan '$msg_network_secure' '$msg_network_secure_mode' 60111314Snyan " # END-QUOTE 61111314Snyan local defaultitem= # Calculated below 62111314Snyan local hline="$hline_select_securelevel_to_operate_at" 63111314Snyan 64111314Snyan local height width rows 65111314Snyan eval f_dialog_menu_size height width rows \ 66111314Snyan \"\$DIALOG_TITLE\" \ 67111314Snyan \"\$DIALOG_BACKTITLE\" \ 68111314Snyan \"\$prompt\" \ 69111314Snyan \"\$hline\" \ 70111314Snyan $menu_list 71111314Snyan 72111314Snyan case "$( f_sysrc_get kern_securelevel_enable )" in 73111314Snyan [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) 74111314Snyan case "$( f_sysrc_get kern_securelevel )" in 75111314Snyan 1) defaultitem="$msg_secure" ;; 76111314Snyan 2) defaultitem="$msg_highly_secure" ;; 77111314Snyan 3) defaultitem="$msg_network_secure" ;; 78111314Snyan esac ;; 79111314Snyan *) 80111314Snyan defaultitem="$msg_disabled" 81111314Snyan esac 82111314Snyan 83111314Snyan local menu_choice 84111314Snyan menu_choice=$( eval $DIALOG \ 85111314Snyan --title \"\$DIALOG_TITLE\" \ 86111314Snyan --backtitle \"\$DIALOG_BACKTITLE\" \ 87111314Snyan --hline \"\$hline\" \ 88111314Snyan --ok-label \"\$msg_ok\" \ 89111314Snyan --cancel-label \"\$msg_cancel\" \ 90111314Snyan --help-button \ 91111314Snyan --help-label \"\$msg_help\" \ 92111314Snyan ${USE_XDIALOG:+--help \"\"} \ 93111314Snyan --default-item \"\$defaultitem\" \ 94111314Snyan --menu \"\$prompt\" \ 95111314Snyan $height $width $rows \ 96111314Snyan $menu_list \ 97111314Snyan 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 98111314Snyan ) 99111314Snyan local retval=$? 100111314Snyan f_dialog_menutag_store -s "$menu_choice" 101111314Snyan return $retval 102111314Snyan} 103111314Snyan 104111314Snyan############################################################ MAIN 105111314Snyan 106111314Snyan# Incorporate rc-file if it exists 107111314Snyan[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" 108111314Snyan 109111314Snyan# 110111314Snyan# Process command-line arguments 111111314Snyan# 112111314Snyanwhile getopts h$GETOPTS_STDARGS flag; do 113111314Snyan case "$flag" in 114111314Snyan h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;; 115111314Snyan esac 116111314Snyandone 117111314Snyanshift $(( $OPTIND - 1 )) 118111314Snyan 119111314Snyan# 120111314Snyan# Initialize 121111314Snyan# 122111314Snyanf_dialog_title "$msg_securelevels_menu_title" 123111314Snyanf_dialog_backtitle "${ipgm:+bsdconfig }$pgm" 124111314Snyanf_mustberoot_init 125111314Snyan 126111314Snyan# 127111314Snyan# Launch application main menu (loop for additional `Help' button) 128111314Snyan# 129111314Snyanwhile :; do 130111314Snyan dialog_menu_main 131111314Snyan retval=$? 132111314Snyan f_dialog_menutag_fetch mtag 133111314Snyan 134111314Snyan if [ $retval -eq $DIALOG_HELP ]; then 135111314Snyan f_show_help "$SECURELEVEL_HELPFILE" 136111314Snyan continue 137111314Snyan elif [ $retval -ne $DIALOG_OK ]; then 138111314Snyan f_die 139111314Snyan fi 140111314Snyan 141111314Snyan break 142111314Snyandone 143111314Snyan 144111314Snyancase "$mtag" in 145111314Snyan"$msg_disabled") 146111314Snyan f_eval_catch "$0" f_sysrc_set \ 147111314Snyan 'f_sysrc_set kern_securelevel_enable NO' || f_die 148111314Snyan ;; 149111314Snyan"$msg_secure") 150111314Snyan f_eval_catch "$0" f_sysrc_set \ 151111314Snyan 'f_sysrc_set kern_securelevel_enable YES' || f_die 152111314Snyan f_eval_catch "$0" f_sysrc_set \ 153111314Snyan 'f_sysrc_set kern_securelevel 1' || f_die 154111314Snyan ;; 155111314Snyan"$msg_highly_secure") 156111314Snyan f_eval_catch "$0" f_sysrc_set \ 157111314Snyan 'f_sysrc_set kern_securelevel_enable YES' || f_die 158111314Snyan f_eval_catch "$0" f_sysrc_set \ 159111314Snyan 'f_sysrc_set kern_securelevel 2' || f_die 160111314Snyan ;; 161111314Snyan"$msg_network_secure") 162111314Snyan f_eval_catch "$0" f_sysrc_set \ 163111314Snyan 'f_sysrc_set kern_securelevel_enable YES' || f_die 164111314Snyan f_eval_catch "$0" f_sysrc_set \ 165111314Snyan 'f_sysrc_set kern_securelevel 3' || f_die 166111314Snyan ;; 167111314Snyan*) 168111314Snyan f_die 1 "$msg_unknown_kern_securelevel_selection" 169111314Snyanesac 170111314Snyan 171111314Snyanexit $SUCCESS 172111314Snyan 173111314Snyan################################################################################ 174111314Snyan# END 175111314Snyan################################################################################ 176111314Snyan