kern_securelevel revision 252987 
1250003Sadrian#!/bin/sh
2250003Sadrian#-
3250003Sadrian# Copyright (c) 2012-2013 Devin Teske
4250003Sadrian# All rights reserved.
5250003Sadrian#
6250003Sadrian# Redistribution and use in source and binary forms, with or without
7250003Sadrian# modification, are permitted provided that the following conditions
8250003Sadrian# are met:
9250003Sadrian# 1. Redistributions of source code must retain the above copyright
10250003Sadrian#    notice, this list of conditions and the following disclaimer.
11250003Sadrian# 2. Redistributions in binary form must reproduce the above copyright
12250003Sadrian#    notice, this list of conditions and the following disclaimer in the
13250003Sadrian#    documentation and/or other materials provided with the distribution.
14250003Sadrian#
15250003Sadrian# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16250003Sadrian# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17250003Sadrian# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18250003Sadrian# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19250003Sadrian# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20250003Sadrian# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21250003Sadrian# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22250003Sadrian# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23250003Sadrian# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24250003Sadrian# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25250003Sadrian# SUCH DAMAGE.
26250003Sadrian#
27250003Sadrian# $FreeBSD: head/usr.sbin/bsdconfig/security/kern_securelevel 252987 2013-07-07 18:51:44Z dteske $
28250003Sadrian#
29250003Sadrian############################################################ INCLUDES
30250003Sadrian
31250003SadrianBSDCFG_SHARE="/usr/share/bsdconfig"
32250003Sadrian. $BSDCFG_SHARE/common.subr || exit 1
33250003Sadrianf_dprintf "%s: loading includes..." "$0"
34250003Sadrianf_include $BSDCFG_SHARE/dialog.subr
35250003Sadrianf_include $BSDCFG_SHARE/mustberoot.subr
36250003Sadrianf_include $BSDCFG_SHARE/sysrc.subr
37250003Sadrian
38250003SadrianBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
39250003Sadrianf_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
40250003Sadrian
41250003SadrianSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp
42250003Sadrian
43250003Sadrianipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" )
44250003Sadrian[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm"
45250003Sadrian
46250003Sadrian############################################################ FUNCTIONS
47250003Sadrian
48250003Sadrian# dialog_menu_main
49250003Sadrian#
50250003Sadrian# Display the dialog(1)-based application main menu.
51250003Sadrian#
52250003Sadriandialog_menu_main()
53250003Sadrian{
54250003Sadrian	local prompt="$msg_securelevels_menu_text"
55250003Sadrian	local menu_list="
56250003Sadrian		'$msg_disabled'       '$msg_disable_securelevels'
57250003Sadrian		'$msg_secure'         '$msg_secure_mode'
58250003Sadrian		'$msg_highly_secure'  '$msg_highly_secure_mode'
59250003Sadrian		'$msg_network_secure' '$msg_network_secure_mode'
60250003Sadrian	" # END-QUOTE
61250003Sadrian	local defaultitem= # Calculated below
62250003Sadrian	local hline="$hline_select_securelevel_to_operate_at"
63250003Sadrian
64250003Sadrian	local height width rows
65250003Sadrian	eval f_dialog_menu_size height width rows \
66250003Sadrian	                        \"\$DIALOG_TITLE\"     \
67250003Sadrian	                        \"\$DIALOG_BACKTITLE\" \
68250003Sadrian	                        \"\$prompt\"           \
69250003Sadrian	                        \"\$hline\"            \
70250003Sadrian	                        $menu_list
71250003Sadrian
72250003Sadrian	case "$( f_sysrc_get kern_securelevel_enable )" in
73250003Sadrian	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
74250003Sadrian		case "$( f_sysrc_get kern_securelevel )" in
75250003Sadrian		1) defaultitem="$msg_secure"         ;;
76250003Sadrian		2) defaultitem="$msg_highly_secure"  ;;
77250003Sadrian		3) defaultitem="$msg_network_secure" ;;
78250003Sadrian		esac ;;
79250003Sadrian	*)
80250003Sadrian		defaultitem="$msg_disabled"
81250003Sadrian	esac
82250003Sadrian
83250003Sadrian	local menu_choice
84250003Sadrian	menu_choice=$( eval $DIALOG \
85250003Sadrian		--title \"\$DIALOG_TITLE\"         \
86250003Sadrian		--backtitle \"\$DIALOG_BACKTITLE\" \
87250003Sadrian		--hline \"\$hline\"                \
88250003Sadrian		--ok-label \"\$msg_ok\"            \
89250003Sadrian		--cancel-label \"\$msg_cancel\"    \
90250003Sadrian		--help-button                      \
91250003Sadrian		--help-label \"\$msg_help\"        \
92250003Sadrian		${USE_XDIALOG:+--help \"\"}        \
93250003Sadrian		--default-item \"\$defaultitem\"   \
94250003Sadrian		--menu \"\$prompt\"                \
95250003Sadrian		$height $width $rows               \
96250003Sadrian		$menu_list                         \
97250003Sadrian		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
98250003Sadrian	)
99250003Sadrian	local retval=$?
100250003Sadrian	f_dialog_menutag_store -s "$menu_choice"
101250003Sadrian	return $retval
102250003Sadrian}
103250003Sadrian
104250003Sadrian############################################################ MAIN
105250003Sadrian
106250003Sadrian# Incorporate rc-file if it exists
107250003Sadrian[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
108250003Sadrian
109250003Sadrian#
110250003Sadrian# Process command-line arguments
111250003Sadrian#
112250003Sadrianwhile getopts h$GETOPTS_STDARGS flag; do
113250003Sadrian	case "$flag" in
114250003Sadrian	h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
115250003Sadrian	esac
116250003Sadriandone
117250003Sadrianshift $(( $OPTIND - 1 ))
118250003Sadrian
119250003Sadrian#
120250003Sadrian# Initialize
121250003Sadrian#
122250003Sadrianf_dialog_title "$msg_securelevels_menu_title"
123250003Sadrianf_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
124250003Sadrianf_mustberoot_init
125250003Sadrian
126250003Sadrian#
127250003Sadrian# Launch application main menu (loop for additional `Help' button)
128250003Sadrian#
129250003Sadrianwhile :; do
130250003Sadrian	dialog_menu_main
131250003Sadrian	retval=$?
132250003Sadrian	f_dialog_menutag_fetch mtag
133250003Sadrian
134250003Sadrian	if [ $retval -eq 2 ]; then
135250003Sadrian		# The Help button was pressed
136250003Sadrian		f_show_help "$SECURELEVEL_HELPFILE"
137250003Sadrian		continue
138250003Sadrian	elif [ $retval -ne 0 ]; then
139250003Sadrian		f_die
140250003Sadrian	fi
141250003Sadrian
142250003Sadrian	break
143250003Sadriandone
144250003Sadrian
145250003Sadriancase "$mtag" in
146250003Sadrian"$msg_disabled")
147250003Sadrian	f_sysrc_set kern_securelevel_enable "NO"
148250003Sadrian	;;
149250003Sadrian"$msg_secure")
150250003Sadrian	f_sysrc_set kern_securelevel_enable "YES"
151250003Sadrian	f_sysrc_set kern_securelevel "1" 
152250003Sadrian	;;
153250003Sadrian"$msg_highly_secure")
154250003Sadrian	f_sysrc_set kern_securelevel_enable "YES"
155250003Sadrian	f_sysrc_set kern_securelevel "2" 
156250003Sadrian	;;
157250003Sadrian"$msg_network_secure")
158250003Sadrian	f_sysrc_set kern_securelevel_enable "YES"
159250003Sadrian	f_sysrc_set kern_securelevel "3" 
160250003Sadrian	;;
161250003Sadrian*)
162250003Sadrian	f_die 1 "$msg_unknown_kern_securelevel_selection"
163250003Sadrianesac
164250003Sadrian
165250003Sadrianexit $SUCCESS
166250003Sadrian
167250003Sadrian################################################################################
168250003Sadrian# END
169250003Sadrian################################################################################
170250003Sadrian