#!/bin/sh
#-
# Copyright (c) 2012-2013 Devin Teske
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
############################################################ INCLUDES

BSDCFG_SHARE="/usr/share/bsdconfig"
. $BSDCFG_SHARE/common.subr || exit 1
f_dprintf "%s: loading includes..." "$0"
f_include $BSDCFG_SHARE/dialog.subr
f_include $BSDCFG_SHARE/mustberoot.subr
f_include $BSDCFG_SHARE/sysrc.subr

BSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr

SECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp

f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm &&
	pgm="${ipgm:-$pgm}"

############################################################ FUNCTIONS

# dialog_menu_main
#
# Display the dialog(1)-based application main menu.
#
dialog_menu_main()
{
	local prompt="$msg_securelevels_menu_text"
	local menu_list="
		'$msg_disabled'       '$msg_disable_securelevels'
		'$msg_secure'         '$msg_secure_mode'
		'$msg_highly_secure'  '$msg_highly_secure_mode'
		'$msg_network_secure' '$msg_network_secure_mode'
	" # END-QUOTE
	local defaultitem= # Calculated below
	local hline="$hline_select_securelevel_to_operate_at"

	local height width rows
	eval f_dialog_menu_size height width rows \
	                        \"\$DIALOG_TITLE\"     \
	                        \"\$DIALOG_BACKTITLE\" \
	                        \"\$prompt\"           \
	                        \"\$hline\"            \
	                        $menu_list

	case "$( f_sysrc_get kern_securelevel_enable )" in
	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
		case "$( f_sysrc_get kern_securelevel )" in
		1) defaultitem="$msg_secure"         ;;
		2) defaultitem="$msg_highly_secure"  ;;
		3) defaultitem="$msg_network_secure" ;;
		esac ;;
	*)
		defaultitem="$msg_disabled"
	esac

	local menu_choice
	menu_choice=$( eval $DIALOG \
		--title \"\$DIALOG_TITLE\"         \
		--backtitle \"\$DIALOG_BACKTITLE\" \
		--hline \"\$hline\"                \
		--ok-label \"\$msg_ok\"            \
		--cancel-label \"\$msg_cancel\"    \
		--help-button                      \
		--help-label \"\$msg_help\"        \
		${USE_XDIALOG:+--help \"\"}        \
		--default-item \"\$defaultitem\"   \
		--menu \"\$prompt\"                \
		$height $width $rows               \
		$menu_list                         \
		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
	)
	local retval=$?
	f_dialog_menutag_store -s "$menu_choice"
	return $retval
}

############################################################ MAIN

# Incorporate rc-file if it exists
[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"

#
# Process command-line arguments
#
while getopts h$GETOPTS_STDARGS flag; do
	case "$flag" in
	h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
	esac
done
shift $(( $OPTIND - 1 ))

#
# Initialize
#
f_dialog_title "$msg_securelevels_menu_title"
f_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
f_mustberoot_init

#
# Launch application main menu (loop for additional `Help' button)
#
while :; do
	dialog_menu_main
	retval=$?
	f_dialog_menutag_fetch mtag

	if [ $retval -eq $DIALOG_HELP ]; then
		f_show_help "$SECURELEVEL_HELPFILE"
		continue
	elif [ $retval -ne $DIALOG_OK ]; then
		f_die
	fi

	break
done

case "$mtag" in
"$msg_disabled")
	f_eval_catch "$0" f_sysrc_set \
		'f_sysrc_set kern_securelevel_enable NO' || f_die
	;;
"$msg_secure")
	f_eval_catch "$0" f_sysrc_set \
		'f_sysrc_set kern_securelevel_enable YES' || f_die
	f_eval_catch "$0" f_sysrc_set \
		'f_sysrc_set kern_securelevel 1' || f_die
	;;
"$msg_highly_secure")
	f_eval_catch "$0" f_sysrc_set \
		'f_sysrc_set kern_securelevel_enable YES' || f_die
	f_eval_catch "$0" f_sysrc_set \
		'f_sysrc_set kern_securelevel 2' || f_die
	;;
"$msg_network_secure")
	f_eval_catch "$0" f_sysrc_set \
		'f_sysrc_set kern_securelevel_enable YES' || f_die
	f_eval_catch "$0" f_sysrc_set \
		'f_sysrc_set kern_securelevel 3' || f_die
	;;
*)
	f_die 1 "$msg_unknown_kern_securelevel_selection"
esac

exit $SUCCESS

################################################################################
# END
################################################################################