- Copy stable/9 to releng/9.2 as part of the 9.2-RELEASE cycle.

[FreeBSD/releng/9.2.git] / usr.sbin / bsdconfig / security / kern_securelevel

#!/bin/sh
#-
# Copyright (c) 2012-2013 Devin Teske
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
############################################################ INCLUDES

BSDCFG_SHARE="/usr/share/bsdconfig"
. $BSDCFG_SHARE/common.subr || exit 1
f_dprintf "%s: loading includes..." "$0"
f_include $BSDCFG_SHARE/dialog.subr
f_include $BSDCFG_SHARE/mustberoot.subr
f_include $BSDCFG_SHARE/sysrc.subr

BSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr

SECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp

ipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" )
[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm"

############################################################ FUNCTIONS

# dialog_menu_main
#
# Display the dialog(1)-based application main menu.
#
dialog_menu_main()
{
        local prompt="$msg_securelevels_menu_text"
        local menu_list="
                '$msg_disabled'       '$msg_disable_securelevels'
                '$msg_secure'         '$msg_secure_mode'
                '$msg_highly_secure'  '$msg_highly_secure_mode'
                '$msg_network_secure' '$msg_network_secure_mode'
        " # END-QUOTE
        local defaultitem= # Calculated below
        local hline="$hline_select_securelevel_to_operate_at"

        local height width rows
        eval f_dialog_menu_size height width rows \
                                \"\$DIALOG_TITLE\"     \
                                \"\$DIALOG_BACKTITLE\" \
                                \"\$prompt\"           \
                                \"\$hline\"            \
                                $menu_list

        case "$( f_sysrc_get kern_securelevel_enable )" in
        [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
                case "$( f_sysrc_get kern_securelevel )" in
                1) defaultitem="$msg_secure"         ;;
                2) defaultitem="$msg_highly_secure"  ;;
                3) defaultitem="$msg_network_secure" ;;
                esac ;;
        *)
                defaultitem="$msg_disabled"
        esac

        local menu_choice
        menu_choice=$( eval $DIALOG \
                --title \"\$DIALOG_TITLE\"         \
                --backtitle \"\$DIALOG_BACKTITLE\" \
                --hline \"\$hline\"                \
                --ok-label \"\$msg_ok\"            \
                --cancel-label \"\$msg_cancel\"    \
                --help-button                      \
                --help-label \"\$msg_help\"        \
                ${USE_XDIALOG:+--help \"\"}        \
                --default-item \"\$defaultitem\"   \
                --menu \"\$prompt\"                \
                $height $width $rows               \
                $menu_list                         \
                2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
        )
        local retval=$?
        f_dialog_menutag_store -s "$menu_choice"
        return $retval
}

############################################################ MAIN

# Incorporate rc-file if it exists
[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"

#
# Process command-line arguments
#
while getopts h$GETOPTS_STDARGS flag; do
        case "$flag" in
        h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
        esac
done
shift $(( $OPTIND - 1 ))

#
# Initialize
#
f_dialog_title "$msg_securelevels_menu_title"
f_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
f_mustberoot_init

#
# Launch application main menu (loop for additional `Help' button)
#
while :; do
        dialog_menu_main
        retval=$?
        f_dialog_menutag_fetch mtag

        if [ $retval -eq 2 ]; then
                # The Help button was pressed
                f_show_help "$SECURELEVEL_HELPFILE"
                continue
        elif [ $retval -ne 0 ]; then
                f_die
        fi

        break
done

case "$mtag" in
"$msg_disabled")
        f_sysrc_set kern_securelevel_enable "NO"
        ;;
"$msg_secure")
        f_sysrc_set kern_securelevel_enable "YES"
        f_sysrc_set kern_securelevel "1" 
        ;;
"$msg_highly_secure")
        f_sysrc_set kern_securelevel_enable "YES"
        f_sysrc_set kern_securelevel "2" 
        ;;
"$msg_network_secure")
        f_sysrc_set kern_securelevel_enable "YES"
        f_sysrc_set kern_securelevel "3" 
        ;;
*)
        f_die 1 "$msg_unknown_kern_securelevel_selection"
esac

exit $SUCCESS

################################################################################
# END
################################################################################