#!/bin/bash
# 
# This script is used for Administration of RSBAC general user attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ATTRIBUTES="security_level system_role pm_role pseudo rc_def_role"

# This must be a unique temporary filename
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi
TMPFILE=$TMPDIR/rsbac_dialog.$$
TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.1.0" ; fi
TITLE="`whoami`: RSBAC User Administration"
ERRTITLE="RSBAC User Administration - ERROR"


get_attributes () {
  if test "$1" != "" 
    then SECLEVEL=`$RSBACPATH""attr_get_user $1 security_level`
         MACCAT=`$RSBACPATH""attr_get_user $1 mac_categories`
         SYSROLE=`$RSBACPATH""attr_get_user $1 system_role`
         PMROLE=`$RSBACPATH""attr_get_user $1 pm_role`
         PMTASKSET=`$RSBACPATH""attr_get_user $1 pm_task_set`
         PSEUDO=`$RSBACPATH""attr_get_user $1 pseudo`
         RCDEFROLE=`$RSBACPATH""attr_get_user $1 rc_def_role`
         LOGUSER=`$RSBACPATH""attr_get_user $1 log_user_based`
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_value_name () {
  case $1 in
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
      esac 
      ;;
    sysrole)
      case $2 in
        0) echo General User
          ;;
        1) echo Security Officer
          ;;
        2) echo Administrator
          ;;
      esac 
      ;;
    pmrole)
      case $2 in
        0) echo General User
          ;;
        1) echo Security Officer
          ;;
        2) echo Data Protection Officer
          ;;
        3) echo TP-Manager
          ;;
        4) echo System-Administrator
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

role_name () {
  if test -z "$USERID" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item ROLE $1 name
       then echo "(unknown)"
       fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_user $USERID mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_file_dir -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_user -p $USERID log_user_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

if test "$1" != ""
then USERID=$1
     get_attributes $USERID
fi

while true ; do \
  if ! \
  dialog --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --menu "Main Menu" $BL $BC `gl 13` \
                "Userlist:" "Choose user from list" \
                "---------------" " "\
                "User:" "$USERID / `get_uid $USERID` / `full_name $USERID`" \
                "Security Level:" "$SECLEVEL / `get_value_name seclevel $SECLEVEL`" \
                "MAC Categories:" "`cat_print $MACCAT`" \
                "System Role:" "$SYSROLE / `get_value_name sysrole $SYSROLE`" \
                "PM-Role:" "$PMROLE / `get_value_name pmrole $PMROLE`" \
                "PM Task Set:" "$PMTASKSET (read-only)" \
                "Pseudo:" "$PSEUDO" \
                "RC Default Role:" "$RCDEFROLE / `role_name $RCDEFROLE`" \
                "Log User Based:" "$LOGUSER" \
                "---------------" " "\
                "ACL Menu:" "Go to ACL menu" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  case `cat $TMPFILE` in
    User:)
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Username/ID" $BL $BC $USERID \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "User: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;

    Userlist:)
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "Username/ID" $BL $BC $MAXLINES \
                         `${RSBACPATH}attr_get_user -bl` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "User: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;
    'Security Level:')
        if test "$USERID" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Security Level for $USERID" $BL $BC 5 \
                                0 unclassified `onoff 0 $SECLEVEL` \
                                1 confidential `onoff 1 $SECLEVEL` \
                                2 secret `onoff 2 $SECLEVEL` \
                                3 "top secret" `onoff 3 $SECLEVEL` \
                                252 "max. level" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID security_level $TMP &>$TMPFILE
               then SECLEVEL=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Security Level: No user specified!" 5 $BC
        fi
      ;;

    'MAC Categories:')
        if test "$USERID" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "MAC Categories for user $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_user $USERID mac_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_user $USERID mac_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_user $USERID mac_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Categories: No user specified!" 5 $BC
        fi
      ;;

    'System Role:')
        if test "$USERID" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose System Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $SYSROLE` \
                                1 "Security Officer" `onoff 1 $SYSROLE` \
                                2 "Administrator" `onoff 2 $SYSROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID system_role $TMP &>$TMPFILE
               then SYSROLE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "System Role: No user specified!" 5 $BC
        fi
      ;;
    'PM-Role:')
        if test "$USERID" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM-Role for $USERID" $BL $BC 5 \
                                0 "General User" `onoff 0 $PMROLE` \
                                1 "Security Officer" `onoff 1 $PMROLE` \
                                2 "Data Protection Officer" `onoff 2 $PMROLE` \
                                3 "TP-Manager" `onoff 3 $PMROLE` \
                                4 "System Administrator" `onoff 4 $PMROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pm_role $TMP &>$TMPFILE
               then PMROLE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM-Role: No user specified!" 5 $BC
        fi
      ;;
    'Pseudo:')
        if test "$USERID" != ""
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "Pseudonym (long integer) for $USERID" $BL $BC "$PSEUDO" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pseudo $TMP &>$TMPFILE
               then PSEUDO=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Pseudo: No user specified!" 5 $BC
        fi
      ;;

    'RC Default Role:')
        if test "$USERID" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILETWO
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "Choose RC Default Role for $USERID" $BL $BC $MAXLINES \
                      `cat $TMPFILETWO` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then RCDEFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
            rm $TMPFILETWO
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Default Role (0-63) for $USERID" $BL $BC "$RCDEFROLE" \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then RCDEFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
            dialog --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "RC Default Role: No user specified!" 5 $BC
        fi
      ;;

    'Log User Based:')
        if test -n "$USER"
        then \
          if dialog --title "log_user_based for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGUSER" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID log_user_based $TMP &>$TMPFILE
            then \
              LOGUSER=`$RSBACPATH""attr_get_user $USERID log_user_based`
            else \
              dialog --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log User Based: No user specified!" 5 $BC
        fi
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu USER
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    *)
        dialog --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
