usr.sbin/bsdconfig/security/kern_securelevel

   1 #!/bin/sh
   2 #-
   3 # Copyright (c) 2012-2013 Devin Teske
   4 # All rights reserved.
   5 #
   6 # Redistribution and use in source and binary forms, with or without
   7 # modification, are permitted provided that the following conditions
   8 # are met:
   9 # 1. Redistributions of source code must retain the above copyright
  10 #    notice, this list of conditions and the following disclaimer.
  11 # 2. Redistributions in binary form must reproduce the above copyright
  12 #    notice, this list of conditions and the following disclaimer in the
  13 #    documentation and/or other materials provided with the distribution.
  14 #
  15 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  18 # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  25 # SUCH DAMAGE.
  26 #
  27 #
  28 ############################################################ INCLUDES
  29
  30 BSDCFG_SHARE="/usr/share/bsdconfig"
  31 . $BSDCFG_SHARE/common.subr || exit 1
  32 f_dprintf "%s: loading includes..." "$0"
  33 f_include $BSDCFG_SHARE/dialog.subr
  34 f_include $BSDCFG_SHARE/mustberoot.subr
  35 f_include $BSDCFG_SHARE/sysrc.subr
  36
  37 BSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
  38 f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
  39
  40 SECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp
  41
  42 f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm &&
  43         pgm="${ipgm:-$pgm}"
  44
  45 ############################################################ FUNCTIONS
  46
  47 # dialog_menu_main
  48 #
  49 # Display the dialog(1)-based application main menu.
  50 #
  51 dialog_menu_main()
  52 {
  53         local prompt="$msg_securelevels_menu_text"
  54         local menu_list="
  55                 '$msg_disabled'       '$msg_disable_securelevels'
  56                 '$msg_secure'         '$msg_secure_mode'
  57                 '$msg_highly_secure'  '$msg_highly_secure_mode'
  58                 '$msg_network_secure' '$msg_network_secure_mode'
  59         " # END-QUOTE
  60         local defaultitem= # Calculated below
  61         local hline="$hline_select_securelevel_to_operate_at"
  62
  63         local height width rows
  64         eval f_dialog_menu_size height width rows \
  65                                 \"\$DIALOG_TITLE\"     \
  66                                 \"\$DIALOG_BACKTITLE\" \
  67                                 \"\$prompt\"           \
  68                                 \"\$hline\"            \
  69                                 $menu_list
  70
  71         case "$( f_sysrc_get kern_securelevel_enable )" in
  72         [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
  73                 case "$( f_sysrc_get kern_securelevel )" in
  74                 1) defaultitem="$msg_secure"         ;;
  75                 2) defaultitem="$msg_highly_secure"  ;;
  76                 3) defaultitem="$msg_network_secure" ;;
  77                 esac ;;
  78         *)
  79                 defaultitem="$msg_disabled"
  80         esac
  81
  82         local menu_choice
  83         menu_choice=$( eval $DIALOG \
  84                 --title \"\$DIALOG_TITLE\"         \
  85                 --backtitle \"\$DIALOG_BACKTITLE\" \
  86                 --hline \"\$hline\"                \
  87                 --ok-label \"\$msg_ok\"            \
  88                 --cancel-label \"\$msg_cancel\"    \
  89                 --help-button                      \
  90                 --help-label \"\$msg_help\"        \
  91                 ${USE_XDIALOG:+--help \"\"}        \
  92                 --default-item \"\$defaultitem\"   \
  93                 --menu \"\$prompt\"                \
  94                 $height $width $rows               \
  95                 $menu_list                         \
  96                 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
  97         )
  98         local retval=$?
  99         f_dialog_menutag_store -s "$menu_choice"
 100         return $retval
 101 }
 102
 103 ############################################################ MAIN
 104
 105 # Incorporate rc-file if it exists
 106 [ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
 107
 108 #
 109 # Process command-line arguments
 110 #
 111 while getopts h$GETOPTS_STDARGS flag; do
 112         case "$flag" in
 113         h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
 114         esac
 115 done
 116 shift $(( $OPTIND - 1 ))
 117
 118 #
 119 # Initialize
 120 #
 121 f_dialog_title "$msg_securelevels_menu_title"
 122 f_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
 123 f_mustberoot_init
 124
 125 #
 126 # Launch application main menu (loop for additional `Help' button)
 127 #
 128 while :; do
 129         dialog_menu_main
 130         retval=$?
 131         f_dialog_menutag_fetch mtag
 132
 133         if [ $retval -eq $DIALOG_HELP ]; then
 134                 f_show_help "$SECURELEVEL_HELPFILE"
 135                 continue
 136         elif [ $retval -ne $DIALOG_OK ]; then
 137                 f_die
 138         fi
 139
 140         break
 141 done
 142
 143 case "$mtag" in
 144 "$msg_disabled")
 145         f_eval_catch "$0" f_sysrc_set \
 146                 'f_sysrc_set kern_securelevel_enable NO' || f_die
 147         ;;
 148 "$msg_secure")
 149         f_eval_catch "$0" f_sysrc_set \
 150                 'f_sysrc_set kern_securelevel_enable YES' || f_die
 151         f_eval_catch "$0" f_sysrc_set \
 152                 'f_sysrc_set kern_securelevel 1' || f_die
 153         ;;
 154 "$msg_highly_secure")
 155         f_eval_catch "$0" f_sysrc_set \
 156                 'f_sysrc_set kern_securelevel_enable YES' || f_die
 157         f_eval_catch "$0" f_sysrc_set \
 158                 'f_sysrc_set kern_securelevel 2' || f_die
 159         ;;
 160 "$msg_network_secure")
 161         f_eval_catch "$0" f_sysrc_set \
 162                 'f_sysrc_set kern_securelevel_enable YES' || f_die
 163         f_eval_catch "$0" f_sysrc_set \
 164                 'f_sysrc_set kern_securelevel 3' || f_die
 165         ;;
 166 *)
 167         f_die 1 "$msg_unknown_kern_securelevel_selection"
 168 esac
 169
 170 exit $SUCCESS
 171
 172 ################################################################################
 173 # END
 174 ################################################################################