usr.sbin/bsdconfig/security/kern_securelevel

   1 #!/bin/sh
   2 #-
   3 # Copyright (c) 2012-2013 Devin Teske
   4 # All rights reserved.
   5 #
   6 # Redistribution and use in source and binary forms, with or without
   7 # modification, are permitted provided that the following conditions
   8 # are met:
   9 # 1. Redistributions of source code must retain the above copyright
  10 #    notice, this list of conditions and the following disclaimer.
  11 # 2. Redistributions in binary form must reproduce the above copyright
  12 #    notice, this list of conditions and the following disclaimer in the
  13 #    documentation and/or other materials provided with the distribution.
  14 #
  15 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  18 # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  25 # SUCH DAMAGE.
  26 #
  27 # $FreeBSD$
  28 #
  29 ############################################################ INCLUDES
  30
  31 BSDCFG_SHARE="/usr/share/bsdconfig"
  32 . $BSDCFG_SHARE/common.subr || exit 1
  33 f_dprintf "%s: loading includes..." "$0"
  34 f_include $BSDCFG_SHARE/dialog.subr
  35 f_include $BSDCFG_SHARE/mustberoot.subr
  36 f_include $BSDCFG_SHARE/sysrc.subr
  37
  38 BSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
  39 f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
  40
  41 SECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp
  42
  43 f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm &&
  44         pgm="${ipgm:-$pgm}"
  45
  46 ############################################################ FUNCTIONS
  47
  48 # dialog_menu_main
  49 #
  50 # Display the dialog(1)-based application main menu.
  51 #
  52 dialog_menu_main()
  53 {
  54         local prompt="$msg_securelevels_menu_text"
  55         local menu_list="
  56                 '$msg_disabled'       '$msg_disable_securelevels'
  57                 '$msg_secure'         '$msg_secure_mode'
  58                 '$msg_highly_secure'  '$msg_highly_secure_mode'
  59                 '$msg_network_secure' '$msg_network_secure_mode'
  60         " # END-QUOTE
  61         local defaultitem= # Calculated below
  62         local hline="$hline_select_securelevel_to_operate_at"
  63
  64         local height width rows
  65         eval f_dialog_menu_size height width rows \
  66                                 \"\$DIALOG_TITLE\"     \
  67                                 \"\$DIALOG_BACKTITLE\" \
  68                                 \"\$prompt\"           \
  69                                 \"\$hline\"            \
  70                                 $menu_list
  71
  72         case "$( f_sysrc_get kern_securelevel_enable )" in
  73         [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
  74                 case "$( f_sysrc_get kern_securelevel )" in
  75                 1) defaultitem="$msg_secure"         ;;
  76                 2) defaultitem="$msg_highly_secure"  ;;
  77                 3) defaultitem="$msg_network_secure" ;;
  78                 esac ;;
  79         *)
  80                 defaultitem="$msg_disabled"
  81         esac
  82
  83         local menu_choice
  84         menu_choice=$( eval $DIALOG \
  85                 --title \"\$DIALOG_TITLE\"         \
  86                 --backtitle \"\$DIALOG_BACKTITLE\" \
  87                 --hline \"\$hline\"                \
  88                 --ok-label \"\$msg_ok\"            \
  89                 --cancel-label \"\$msg_cancel\"    \
  90                 --help-button                      \
  91                 --help-label \"\$msg_help\"        \
  92                 ${USE_XDIALOG:+--help \"\"}        \
  93                 --default-item \"\$defaultitem\"   \
  94                 --menu \"\$prompt\"                \
  95                 $height $width $rows               \
  96                 $menu_list                         \
  97                 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
  98         )
  99         local retval=$?
 100         f_dialog_menutag_store -s "$menu_choice"
 101         return $retval
 102 }
 103
 104 ############################################################ MAIN
 105
 106 # Incorporate rc-file if it exists
 107 [ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
 108
 109 #
 110 # Process command-line arguments
 111 #
 112 while getopts h$GETOPTS_STDARGS flag; do
 113         case "$flag" in
 114         h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
 115         esac
 116 done
 117 shift $(( $OPTIND - 1 ))
 118
 119 #
 120 # Initialize
 121 #
 122 f_dialog_title "$msg_securelevels_menu_title"
 123 f_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
 124 f_mustberoot_init
 125
 126 #
 127 # Launch application main menu (loop for additional `Help' button)
 128 #
 129 while :; do
 130         dialog_menu_main
 131         retval=$?
 132         f_dialog_menutag_fetch mtag
 133
 134         if [ $retval -eq $DIALOG_HELP ]; then
 135                 f_show_help "$SECURELEVEL_HELPFILE"
 136                 continue
 137         elif [ $retval -ne $DIALOG_OK ]; then
 138                 f_die
 139         fi
 140
 141         break
 142 done
 143
 144 case "$mtag" in
 145 "$msg_disabled")
 146         f_eval_catch "$0" f_sysrc_set \
 147                 'f_sysrc_set kern_securelevel_enable NO' || f_die
 148         ;;
 149 "$msg_secure")
 150         f_eval_catch "$0" f_sysrc_set \
 151                 'f_sysrc_set kern_securelevel_enable YES' || f_die
 152         f_eval_catch "$0" f_sysrc_set \
 153                 'f_sysrc_set kern_securelevel 1' || f_die
 154         ;;
 155 "$msg_highly_secure")
 156         f_eval_catch "$0" f_sysrc_set \
 157                 'f_sysrc_set kern_securelevel_enable YES' || f_die
 158         f_eval_catch "$0" f_sysrc_set \
 159                 'f_sysrc_set kern_securelevel 2' || f_die
 160         ;;
 161 "$msg_network_secure")
 162         f_eval_catch "$0" f_sysrc_set \
 163                 'f_sysrc_set kern_securelevel_enable YES' || f_die
 164         f_eval_catch "$0" f_sysrc_set \
 165                 'f_sysrc_set kern_securelevel 3' || f_die
 166         ;;
 167 *)
 168         f_die 1 "$msg_unknown_kern_securelevel_selection"
 169 esac
 170
 171 exit $SUCCESS
 172
 173 ################################################################################
 174 # END
 175 ################################################################################