Cross Reference: /freebsd-10-stable/usr.sbin/bsdconfig/security/security

238438Sdteske#!/bin/sh
238438Sdteske#-
249746Sdteske# Copyright (c) 2012-2013 Devin Teske
252980Sdteske# All rights reserved.
238438Sdteske#
238438Sdteske# Redistribution and use in source and binary forms, with or without
238438Sdteske# modification, are permitted provided that the following conditions
238438Sdteske# are met:
238438Sdteske# 1. Redistributions of source code must retain the above copyright
238438Sdteske#    notice, this list of conditions and the following disclaimer.
238438Sdteske# 2. Redistributions in binary form must reproduce the above copyright
238438Sdteske#    notice, this list of conditions and the following disclaimer in the
238438Sdteske#    documentation and/or other materials provided with the distribution.
238438Sdteske#
238438Sdteske# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
252987Sdteske# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
238438Sdteske# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
238438Sdteske# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
238438Sdteske# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
252987Sdteske# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
238438Sdteske# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
238438Sdteske# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
238438Sdteske# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
238438Sdteske# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
238438Sdteske# SUCH DAMAGE.
238438Sdteske#
238438Sdteske# $FreeBSD$
238438Sdteske#
238438Sdteske############################################################ INCLUDES
238438Sdteske
240684SdteskeBSDCFG_SHARE="/usr/share/bsdconfig"
240684Sdteske. $BSDCFG_SHARE/common.subr || exit 1
244675Sdteskef_dprintf "%s: loading includes..." "$0"
240684Sdteskef_include $BSDCFG_SHARE/dialog.subr
240684Sdteskef_include $BSDCFG_SHARE/mustberoot.subr
240684Sdteskef_include $BSDCFG_SHARE/sysrc.subr
238438Sdteske
240684SdteskeBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security"
238438Sdteskef_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr
238438Sdteske
260678Sdteskef_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm &&
260678Sdteske	pgm="${ipgm:-$pgm}"
238438Sdteske
238438Sdteske############################################################ FUNCTIONS
238438Sdteske
238438Sdteske# dialog_menu_main
238438Sdteske#
238438Sdteske# Display the dialog(1)-based application main menu.
238438Sdteske#
238438Sdteskedialog_menu_main()
238438Sdteske{
251264Sdteske	local prompt="$msg_menu_text"
251264Sdteske	local menu_list="
251540Sdteske		'X $msg_exit' '$msg_exit_this_menu'
251264Sdteske	" # END-QUOTE
251264Sdteske	local defaultitem= # Calculated below
238438Sdteske	local hline="$hline_arrows_tab_enter"
238438Sdteske
249751Sdteske	# Obtain default-item (adjusted below for dynamic tags)
251244Sdteske	f_dialog_default_fetch defaultitem
249751Sdteske	local ditem="${defaultitem%%[$IFS]*}"
249751Sdteske
249751Sdteske	#
249751Sdteske	# Add dynamically tagged entry for kern_securelevels
249751Sdteske	#
251264Sdteske	local mark=" "
238438Sdteske	case "$( f_sysrc_get kern_securelevel_enable )" in
238438Sdteske	[Yy][Ee][Ss])
238438Sdteske		local kern_securelevel="$( f_sysrc_get kern_securelevel )"
238438Sdteske		if [ ${#kern_securelevel} -eq 1 ] &&
249751Sdteske		   f_isinteger "$kern_securelevel" &&
249751Sdteske		   [ $kern_securelevel -lt 9 ]
249751Sdteske		then
249751Sdteske			mark="$kern_securelevel"
249751Sdteske		else
249751Sdteske			mark="X"
249751Sdteske		fi ;;
249751Sdteske	*)
249751Sdteske		mark=" "
238438Sdteske	esac
249751Sdteske	menu_list="$menu_list
249751Sdteske		'2 [$mark] $msg_securelevel' '$msg_securelevel_desc'"
238438Sdteske
249751Sdteske	# Update default-item if appropriate
249751Sdteske	[ "$ditem" = 2 ] && defaultitem="2 [$mark] $msg_securelevel"
249751Sdteske
249751Sdteske	#
249751Sdteske	# Add dynamically tagged entry for nfs_reserved_port_only
249751Sdteske	#
238438Sdteske	case "$( f_sysrc_get nfs_reserved_port_only )" in
249751Sdteske	[Yy][Ee][Ss]) mark="X" ;;
249751Sdteske	           *) mark=" " ;;
238438Sdteske	esac
249751Sdteske	menu_list="$menu_list
249751Sdteske		'3 [$mark] $msg_nfs_port' '$msg_nfs_port_desc'"
238438Sdteske
249751Sdteske	# Update default-item if appropriate
249751Sdteske	[ "$ditem" = 3 ] && defaultitem="3 [$mark] $msg_nfs_port"
249751Sdteske
251190Sdteske	local height width rows
251190Sdteske	eval f_dialog_menu_size height width rows \
251190Sdteske	                        \"\$DIALOG_TITLE\"     \
251190Sdteske	                        \"\$DIALOG_BACKTITLE\" \
251190Sdteske	                        \"\$prompt\"           \
251190Sdteske	                        \"\$hline\"            \
251190Sdteske	                        $menu_list
238438Sdteske
251236Sdteske	local menu_choice
251236Sdteske	menu_choice=$( eval $DIALOG \
249751Sdteske		--title \"\$DIALOG_TITLE\"         \
238438Sdteske		--backtitle \"\$DIALOG_BACKTITLE\" \
238438Sdteske		--hline \"\$hline\"                \
238438Sdteske		--ok-label \"\$msg_ok\"            \
238438Sdteske		--cancel-label \"\$msg_cancel\"    \
249751Sdteske		--default-item \"\$defaultitem\"   \
251190Sdteske		--menu \"\$prompt\"                \
251190Sdteske		$height $width $rows               \
238438Sdteske		$menu_list                         \
240768Sdteske		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
240768Sdteske	)
240768Sdteske	local retval=$?
251236Sdteske	f_dialog_data_sanitize menu_choice
251236Sdteske	f_dialog_menutag_store "$menu_choice"
249751Sdteske
249751Sdteske	# Only update default-item on success
256181Sdteske	[ $retval -eq $DIALOG_OK ] && f_dialog_default_store "$menu_choice"
249751Sdteske
240768Sdteske	return $retval
238438Sdteske}
238438Sdteske
238438Sdteske############################################################ MAIN
238438Sdteske
238438Sdteske# Incorporate rc-file if it exists
238438Sdteske[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc"
238438Sdteske
238438Sdteske#
238438Sdteske# Process command-line arguments
238438Sdteske#
250633Sdteskewhile getopts h$GETOPTS_STDARGS flag; do
238438Sdteske	case "$flag" in
252178Sdteske	h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;;
238438Sdteske	esac
238438Sdteskedone
238438Sdteskeshift $(( $OPTIND - 1 ))
238438Sdteske
238438Sdteske#
238438Sdteske# Initialize
238438Sdteske#
238438Sdteskef_dialog_title "$msg_system_security_options_menu"
238438Sdteskef_dialog_backtitle "${ipgm:+bsdconfig }$pgm"
238438Sdteskef_mustberoot_init
238438Sdteske
238438Sdteske#
251933Sdteske# Launch application main menu (loop for menu update after selection)
238438Sdteske#
238438Sdteskewhile :; do
251236Sdteske	dialog_menu_main || f_die
251236Sdteske	f_dialog_menutag_fetch mtag
238438Sdteske
238438Sdteske	case "$mtag" in
251540Sdteske	"X $msg_exit") break ;;
238438Sdteske	"2 ["?"] $msg_securelevel") # Configure securelevels for the system
238438Sdteske		$BSDCFG_LIBE/$APP_DIR/kern_securelevel ${USE_XDIALOG:+-X} ;;
238438Sdteske	"3 [X] $msg_nfs_port") # Require that NFS clients use reserved ports
260678Sdteske		f_eval_catch "$0" f_sysrc_set \
260678Sdteske			'f_sysrc_set nfs_reserved_port_only NO' ;;
238438Sdteske	"3 [ ] $msg_nfs_port") # Same; Toggle value
260678Sdteske		f_eval_catch "$0" f_sysrc_set \
260678Sdteske			'f_sysrc_set nfs_reserved_port_only YES' ;;
252017Sdteske	*)
252017Sdteske		f_die 1 "$msg_unknown_security_menu_selection"
238438Sdteske	esac
238438Sdteskedone
238438Sdteske
238438Sdteskeexit $SUCCESS
238438Sdteske
238438Sdteske################################################################################
238438Sdteske# END
238438Sdteske################################################################################