Cross Reference: /freebsd-10.2-release/usr.sbin/bsdconfig/security/kern_securelevel

111314Snyan#!/bin/sh
111314Snyan#-
111314Snyan# Copyright (c) 2012-2013 Devin Teske
111314Snyan# All rights reserved.
111314Snyan#
111314Snyan# Redistribution and use in source and binary forms, with or without
111314Snyan# modification, are permitted provided that the following conditions
111314Snyan# are met:
111314Snyan# 1. Redistributions of source code must retain the above copyright
111314Snyan#    notice, this list of conditions and the following disclaimer.
111314Snyan# 2. Redistributions in binary form must reproduce the above copyright
111314Snyan#    notice, this list of conditions and the following disclaimer in the
111314Snyan#    documentation and/or other materials provided with the distribution.
111314Snyan#
111314Snyan# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
111314Snyan# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
111314Snyan# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
111314Snyan# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
111314Snyan# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
111314Snyan# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
111314Snyan# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
111314Snyan# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
111314Snyan# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
111314Snyan# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
111314Snyan# SUCH DAMAGE.
122755Snyan#
122755Snyan# $FreeBSD: stable/10/usr.sbin/bsdconfig/security/kern_securelevel 260678 2014-01-15 07:49:17Z dteske $
122755Snyan#
122755Snyan############################################################ INCLUDES
111314Snyan
111314SnyanBSDCFG_SHARE="/usr/share/bsdconfig"
111314Snyan. $BSDCFG_SHARE/common.subr || exit 1
122755Snyanf_dprintf "%s: loading includes..." "$0"
111314Snyanf_include $BSDCFG_SHARE/dialog.subr
122755Snyanf_include $BSDCFG_SHARE/mustberoot.subr
122755Snyanf_include $BSDCFG_SHARE/sysrc.subr
122755Snyan
122755SnyanBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
122755Snyanf_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
122755Snyan
122755SnyanSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp
111314Snyan
111314Snyanf_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm &&
111314Snyan	pgm="${ipgm:-$pgm}"
122056Snyan
122755Snyan############################################################ FUNCTIONS
111314Snyan
111314Snyan# dialog_menu_main
111314Snyan#
111314Snyan# Display the dialog(1)-based application main menu.
111314Snyan#
111314Snyandialog_menu_main()
111314Snyan{
111314Snyan	local prompt="$msg_securelevels_menu_text"
111314Snyan	local menu_list="
111314Snyan		'$msg_disabled'       '$msg_disable_securelevels'
111314Snyan		'$msg_secure'         '$msg_secure_mode'
111314Snyan		'$msg_highly_secure'  '$msg_highly_secure_mode'
111314Snyan		'$msg_network_secure' '$msg_network_secure_mode'
111314Snyan	" # END-QUOTE
111314Snyan	local defaultitem= # Calculated below
111314Snyan	local hline="$hline_select_securelevel_to_operate_at"
111314Snyan
111314Snyan	local height width rows
111314Snyan	eval f_dialog_menu_size height width rows \
111314Snyan	                        \"\$DIALOG_TITLE\"     \
111314Snyan	                        \"\$DIALOG_BACKTITLE\" \
111314Snyan	                        \"\$prompt\"           \
111314Snyan	                        \"\$hline\"            \
111314Snyan	                        $menu_list
111314Snyan
111314Snyan	case "$( f_sysrc_get kern_securelevel_enable )" in
111314Snyan	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
111314Snyan		case "$( f_sysrc_get kern_securelevel )" in
111314Snyan		1) defaultitem="$msg_secure"         ;;
111314Snyan		2) defaultitem="$msg_highly_secure"  ;;
111314Snyan		3) defaultitem="$msg_network_secure" ;;
111314Snyan		esac ;;
111314Snyan	*)
111314Snyan		defaultitem="$msg_disabled"
111314Snyan	esac
111314Snyan
111314Snyan	local menu_choice
111314Snyan	menu_choice=$( eval $DIALOG \
111314Snyan		--title \"\$DIALOG_TITLE\"         \
111314Snyan		--backtitle \"\$DIALOG_BACKTITLE\" \
111314Snyan		--hline \"\$hline\"                \
111314Snyan		--ok-label \"\$msg_ok\"            \
111314Snyan		--cancel-label \"\$msg_cancel\"    \
111314Snyan		--help-button                      \
111314Snyan		--help-label \"\$msg_help\"        \
111314Snyan		${USE_XDIALOG:+--help \"\"}        \
111314Snyan		--default-item \"\$defaultitem\"   \
111314Snyan		--menu \"\$prompt\"                \
111314Snyan		$height $width $rows               \
111314Snyan		$menu_list                         \
111314Snyan		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
111314Snyan	)
111314Snyan	local retval=$?
111314Snyan	f_dialog_menutag_store -s "$menu_choice"
111314Snyan	return $retval
111314Snyan}
111314Snyan
111314Snyan############################################################ MAIN
111314Snyan
111314Snyan# Incorporate rc-file if it exists
111314Snyan[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
111314Snyan
111314Snyan#
111314Snyan# Process command-line arguments
111314Snyan#
111314Snyanwhile getopts h$GETOPTS_STDARGS flag; do
111314Snyan	case "$flag" in
111314Snyan	h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
111314Snyan	esac
111314Snyandone
111314Snyanshift $(( $OPTIND - 1 ))
111314Snyan
111314Snyan#
111314Snyan# Initialize
111314Snyan#
111314Snyanf_dialog_title "$msg_securelevels_menu_title"
111314Snyanf_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
111314Snyanf_mustberoot_init
111314Snyan
111314Snyan#
111314Snyan# Launch application main menu (loop for additional `Help' button)
111314Snyan#
111314Snyanwhile :; do
111314Snyan	dialog_menu_main
111314Snyan	retval=$?
111314Snyan	f_dialog_menutag_fetch mtag
111314Snyan
111314Snyan	if [ $retval -eq $DIALOG_HELP ]; then
111314Snyan		f_show_help "$SECURELEVEL_HELPFILE"
111314Snyan		continue
111314Snyan	elif [ $retval -ne $DIALOG_OK ]; then
111314Snyan		f_die
111314Snyan	fi
111314Snyan
111314Snyan	break
111314Snyandone
111314Snyan
111314Snyancase "$mtag" in
111314Snyan"$msg_disabled")
111314Snyan	f_eval_catch "$0" f_sysrc_set \
111314Snyan		'f_sysrc_set kern_securelevel_enable NO' || f_die
111314Snyan	;;
111314Snyan"$msg_secure")
111314Snyan	f_eval_catch "$0" f_sysrc_set \
111314Snyan		'f_sysrc_set kern_securelevel_enable YES' || f_die
111314Snyan	f_eval_catch "$0" f_sysrc_set \
111314Snyan		'f_sysrc_set kern_securelevel 1' || f_die
111314Snyan	;;
111314Snyan"$msg_highly_secure")
111314Snyan	f_eval_catch "$0" f_sysrc_set \
111314Snyan		'f_sysrc_set kern_securelevel_enable YES' || f_die
111314Snyan	f_eval_catch "$0" f_sysrc_set \
111314Snyan		'f_sysrc_set kern_securelevel 2' || f_die
111314Snyan	;;
111314Snyan"$msg_network_secure")
111314Snyan	f_eval_catch "$0" f_sysrc_set \
111314Snyan		'f_sysrc_set kern_securelevel_enable YES' || f_die
111314Snyan	f_eval_catch "$0" f_sysrc_set \
111314Snyan		'f_sysrc_set kern_securelevel 3' || f_die
111314Snyan	;;
111314Snyan*)
111314Snyan	f_die 1 "$msg_unknown_kern_securelevel_selection"
111314Snyanesac
111314Snyan
111314Snyanexit $SUCCESS
111314Snyan
111314Snyan################################################################################
111314Snyan# END
111314Snyan################################################################################
111314Snyan