#!/bin/bash
# 
# This script is used for Administration of RSBAC general user attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ATTRIBUTES="security_level system_role pm_role pseudo rc_def_role"

# This must be a unique temporary filename
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi
TMPFILE=$TMPDIR/rsbac_dialog.$$
TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC   v1.0.9b" ; fi
TITLE="`whoami`: RSBAC  "
ERRTITLE="RSBAC   - ERROR"


get_attributes () {
  if test "$1" != "" 
    then SECLEVEL=`$RSBACPATH""attr_get_user $1 security_level`
         MACCAT=`$RSBACPATH""attr_get_user $1 mac_categories`
         SYSROLE=`$RSBACPATH""attr_get_user $1 system_role`
         PMROLE=`$RSBACPATH""attr_get_user $1 pm_role`
         PMTASKSET=`$RSBACPATH""attr_get_user $1 pm_task_set`
         PSEUDO=`$RSBACPATH""attr_get_user $1 pseudo`
         RCDEFROLE=`$RSBACPATH""attr_get_user $1 rc_def_role`
         LOGUSER=`$RSBACPATH""attr_get_user $1 log_user_based`
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_value_name () {
  case $1 in
    seclevel)
      case $2 in
        0) echo 
          ;;
        1) echo 
          ;;
        2) echo 
          ;;
        3) echo  
          ;;
        252) echo . 
          ;;
      esac 
      ;;
    sysrole)
      case $2 in
        0) echo  
          ;;
        1) echo  
          ;;
        2) echo 
          ;;
      esac 
      ;;
    pmrole)
      case $2 in
        0) echo  
          ;;
        1) echo  
          ;;
        2) echo   
          ;;
        3) echo TP-
          ;;
        4) echo  
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

role_name () {
  if test -z "$USERID" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item ROLE $1 name
       then echo "()"
       fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "( )"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_user $USERID mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_file_dir -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_user -p $USERID log_user_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i  on
      else
        echo $i  off
      fi
    done
}

if test "$1" != ""
then USERID=$1
     get_attributes $USERID
fi

while true ; do \
  if ! \
  dialog --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --menu " " $BL $BC `gl 13` \
                ". :" "  " \
                "---------------" " "\
                ".:" "$USERID / `get_uid $USERID` / `full_name $USERID`" \
                ". :" "$SECLEVEL / `get_value_name seclevel $SECLEVEL`" \
                ".MAC :" "`cat_print $MACCAT`" \
                ". :" "$SYSROLE / `get_value_name sysrole $SYSROLE`" \
                ".PM-:" "$PMROLE / `get_value_name pmrole $PMROLE`" \
                ".PM  :" "$PMTASKSET (-)" \
                ".:" "$PSEUDO" \
                ".RC  -:" "$RCDEFROLE / `role_name $RCDEFROLE`" \
                ". -:" "$LOGUSER" \
                "---------------" " "\
                ".ACL :" "  ACL " \
                "." "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  case `cat $TMPFILE` in
    .:)
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "  / ID" $BL $BC $USERID \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".:   $TMP!" 5 $BC
             fi
        fi
      ;;

    '. :')
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "  / ID" $BL $BC $MAXLINES \
                         `${RSBACPATH}attr_get_user -bl` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".:   $TMP!" 5 $BC
             fi
        fi
      ;;
    '. :')
        if test "$USERID" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "    $USERID" $BL $BC 5 \
                                0  `onoff 0 $SECLEVEL` \
                                1  `onoff 1 $SECLEVEL` \
                                2  `onoff 2 $SECLEVEL` \
                                3 " " `onoff 3 $SECLEVEL` \
                                252 ". " `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID security_level $TMP &>$TMPFILE
               then SECLEVEL=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ". :   !" 5 $BC
        fi
      ;;

    '.MAC :')
        if test "$USERID" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "MAC    $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_user $USERID mac_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_user $USERID mac_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_user $USERID mac_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".MAC :   !" 5 $BC
        fi
      ;;

    '. :')
        if test "$USERID" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "    $USERID" $BL $BC 3 \
                                0 " " `onoff 0 $SYSROLE` \
                                1 " " `onoff 1 $SYSROLE` \
                                2 "" `onoff 2 $SYSROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID system_role $TMP &>$TMPFILE
               then SYSROLE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ". :   !" 5 $BC
        fi
      ;;
    '.PM-:')
        if test "$USERID" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist " PM-  $USERID" $BL $BC 5 \
                                0 " " `onoff 0 $PMROLE` \
                                1 " " `onoff 1 $PMROLE` \
                                2 "  " `onoff 2 $PMROLE` \
                                3 "TP-" `onoff 3 $PMROLE` \
                                4 " " `onoff 4 $PMROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pm_role $TMP &>$TMPFILE
               then PMROLE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".PM-:   !" 5 $BC
        fi
      ;;
    '.:')
        if test "$USERID" != ""
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox " (long integer)  $USERID" $BL $BC "$PSEUDO" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pseudo $TMP &>$TMPFILE
               then PSEUDO=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".:   !" 5 $BC
        fi
      ;;

    '.RC  -:')
        if test "$USERID" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILETWO
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu " RC  -  $USERID" $BL $BC $MAXLINES \
                      `cat $TMPFILETWO` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then RCDEFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
            rm $TMPFILETWO
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC  - (0-63)  $USERID" $BL $BC "$RCDEFROLE" \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then RCDEFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
            dialog --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox ".RC  -:   !" 5 $BC
        fi
      ;;

    '. -:')
        if test -n "$USER"
        then \
          if dialog --title "log_user_based for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGUSER" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA '. ' off \
              A  '.  ' off \
              R  '.   ' off \
              RW '.  -' off \
              W  '.   ' off \
              SY '.  ' off \
              SE '.  ' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID log_user_based $TMP &>$TMPFILE
            then \
              LOGUSER=`$RSBACPATH""attr_get_user $USERID log_user_based`
            else \
              dialog --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ". -:   !" 5 $BC
        fi
      ;;

    '.ACL :')
        $RSBACPATH""rsbac_acl_menu_ru USER
      ;;

    .)
        rm $TMPFILE ; exit
      ;;

    *)
        dialog --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox " :  !" 5 $BC

  esac
# sleep 2
done
