1181344Sdfr#!/bin/sh 2181344Sdfr#- 3181344Sdfr# Copyright (c) 2012-2013 Devin Teske 4181344Sdfr# All rights reserved. 5181344Sdfr# 6181344Sdfr# Redistribution and use in source and binary forms, with or without 7181344Sdfr# modification, are permitted provided that the following conditions 8181344Sdfr# are met: 9181344Sdfr# 1. Redistributions of source code must retain the above copyright 10181344Sdfr# notice, this list of conditions and the following disclaimer. 11181344Sdfr# 2. Redistributions in binary form must reproduce the above copyright 12181344Sdfr# notice, this list of conditions and the following disclaimer in the 13181344Sdfr# documentation and/or other materials provided with the distribution. 14181344Sdfr# 15181344Sdfr# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16181344Sdfr# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17181344Sdfr# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18181344Sdfr# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19181344Sdfr# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20181344Sdfr# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21181344Sdfr# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22181344Sdfr# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23181344Sdfr# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24181344Sdfr# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25181344Sdfr# SUCH DAMAGE. 26181344Sdfr# 27181344Sdfr# 28181344Sdfr############################################################ INCLUDES 29181344Sdfr 30181344SdfrBSDCFG_SHARE="/usr/share/bsdconfig" 31181344Sdfr. $BSDCFG_SHARE/common.subr || exit 1 32181344Sdfrf_dprintf "%s: loading includes..." "$0" 33181344Sdfrf_include $BSDCFG_SHARE/dialog.subr 34181344Sdfrf_include $BSDCFG_SHARE/mustberoot.subr 35181344Sdfrf_include $BSDCFG_SHARE/sysrc.subr 36181344Sdfr 37181344SdfrBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" 38181344Sdfrf_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr 39181344Sdfr 40181344SdfrSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp 41181344Sdfr 42181344Sdfrf_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm && 43181344Sdfr pgm="${ipgm:-$pgm}" 44181344Sdfr 45181344Sdfr############################################################ FUNCTIONS 46181344Sdfr 47181344Sdfr# dialog_menu_main 48181344Sdfr# 49181344Sdfr# Display the dialog(1)-based application main menu. 50181344Sdfr# 51181344Sdfrdialog_menu_main() 52181344Sdfr{ 53181344Sdfr local prompt="$msg_securelevels_menu_text" 54181344Sdfr local menu_list=" 55181344Sdfr '$msg_disabled' '$msg_disable_securelevels' 56181344Sdfr '$msg_secure' '$msg_secure_mode' 57181344Sdfr '$msg_highly_secure' '$msg_highly_secure_mode' 58181344Sdfr '$msg_network_secure' '$msg_network_secure_mode' 59181344Sdfr " # END-QUOTE 60181344Sdfr local defaultitem= # Calculated below 61181344Sdfr local hline="$hline_select_securelevel_to_operate_at" 62181344Sdfr 63181344Sdfr local height width rows 64181344Sdfr eval f_dialog_menu_size height width rows \ 65181344Sdfr \"\$DIALOG_TITLE\" \ 66181344Sdfr \"\$DIALOG_BACKTITLE\" \ 67181344Sdfr \"\$prompt\" \ 68181344Sdfr \"\$hline\" \ 69181344Sdfr $menu_list 70181344Sdfr 71181344Sdfr case "$( f_sysrc_get kern_securelevel_enable )" in 72181344Sdfr [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) 73181344Sdfr case "$( f_sysrc_get kern_securelevel )" in 74181344Sdfr 1) defaultitem="$msg_secure" ;; 75181344Sdfr 2) defaultitem="$msg_highly_secure" ;; 76181344Sdfr 3) defaultitem="$msg_network_secure" ;; 77181344Sdfr esac ;; 78181344Sdfr *) 79181344Sdfr defaultitem="$msg_disabled" 80181344Sdfr esac 81181344Sdfr 82181344Sdfr local menu_choice 83181344Sdfr menu_choice=$( eval $DIALOG \ 84181344Sdfr --title \"\$DIALOG_TITLE\" \ 85181344Sdfr --backtitle \"\$DIALOG_BACKTITLE\" \ 86181344Sdfr --hline \"\$hline\" \ 87181344Sdfr --ok-label \"\$msg_ok\" \ 88181344Sdfr --cancel-label \"\$msg_cancel\" \ 89181344Sdfr --help-button \ 90181344Sdfr --help-label \"\$msg_help\" \ 91181344Sdfr ${USE_XDIALOG:+--help \"\"} \ 92181344Sdfr --default-item \"\$defaultitem\" \ 93181344Sdfr --menu \"\$prompt\" \ 94181344Sdfr $height $width $rows \ 95181344Sdfr $menu_list \ 96181344Sdfr 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 97181344Sdfr ) 98181344Sdfr local retval=$? 99181344Sdfr f_dialog_menutag_store -s "$menu_choice" 100181344Sdfr return $retval 101181344Sdfr} 102181344Sdfr 103181346Sdfr############################################################ MAIN 104181344Sdfr 105181344Sdfr# Incorporate rc-file if it exists 106181344Sdfr[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" 107181344Sdfr 108181344Sdfr# 109181344Sdfr# Process command-line arguments 110181344Sdfr# 111181344Sdfrwhile getopts h$GETOPTS_STDARGS flag; do 112181344Sdfr case "$flag" in 113181344Sdfr h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;; 114181344Sdfr esac 115181344Sdfrdone 116181344Sdfrshift $(( $OPTIND - 1 )) 117181344Sdfr 118181344Sdfr# 119181344Sdfr# Initialize 120181344Sdfr# 121181344Sdfrf_dialog_title "$msg_securelevels_menu_title" 122181344Sdfrf_dialog_backtitle "${ipgm:+bsdconfig }$pgm" 123181344Sdfrf_mustberoot_init 124181344Sdfr 125181346Sdfr# 126181346Sdfr# Launch application main menu (loop for additional `Help' button) 127181344Sdfr# 128181344Sdfrwhile :; do 129181344Sdfr dialog_menu_main 130181344Sdfr retval=$? 131181344Sdfr f_dialog_menutag_fetch mtag 132181344Sdfr 133181344Sdfr if [ $retval -eq $DIALOG_HELP ]; then 134181344Sdfr f_show_help "$SECURELEVEL_HELPFILE" 135181344Sdfr continue 136181344Sdfr elif [ $retval -ne $DIALOG_OK ]; then 137181344Sdfr f_die 138181344Sdfr fi 139181344Sdfr 140181344Sdfr break 141181344Sdfrdone 142181344Sdfr 143181344Sdfrcase "$mtag" in 144181344Sdfr"$msg_disabled") 145181344Sdfr f_eval_catch "$0" f_sysrc_set \ 146181344Sdfr 'f_sysrc_set kern_securelevel_enable NO' || f_die 147181344Sdfr ;; 148181344Sdfr"$msg_secure") 149181344Sdfr f_eval_catch "$0" f_sysrc_set \ 150181344Sdfr 'f_sysrc_set kern_securelevel_enable YES' || f_die 151181344Sdfr f_eval_catch "$0" f_sysrc_set \ 152181344Sdfr 'f_sysrc_set kern_securelevel 1' || f_die 153181344Sdfr ;; 154181344Sdfr"$msg_highly_secure") 155181344Sdfr f_eval_catch "$0" f_sysrc_set \ 156181344Sdfr 'f_sysrc_set kern_securelevel_enable YES' || f_die 157181344Sdfr f_eval_catch "$0" f_sysrc_set \ 158181344Sdfr 'f_sysrc_set kern_securelevel 2' || f_die 159181344Sdfr ;; 160181344Sdfr"$msg_network_secure") 161181344Sdfr f_eval_catch "$0" f_sysrc_set \ 162181344Sdfr 'f_sysrc_set kern_securelevel_enable YES' || f_die 163181344Sdfr f_eval_catch "$0" f_sysrc_set \ 164181344Sdfr 'f_sysrc_set kern_securelevel 3' || f_die 165181344Sdfr ;; 166181344Sdfr*) 167181344Sdfr f_die 1 "$msg_unknown_kern_securelevel_selection" 168181344Sdfresac 169181344Sdfr 170181344Sdfrexit $SUCCESS 171181344Sdfr 172181344Sdfr################################################################################ 173181344Sdfr# END 174181344Sdfr################################################################################ 175181344Sdfr