#!/bin/bash
# 
# This script is used for Administration of RSBAC RC Role entries
#
# Author and (c) 1999 Amon Ott
#
# Last changed on 10/Feb/1999
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "    bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ITEMS="name role_comp admin_roles assign_roles type_comp_fd type_comp_dev \
       type_comp_ipc type_comp_process type_comp_scd admin_type \
       def_fd_create_type def_process_create_type \
       def_process_chown_type def_process_execute_type \
       def_ipc_create_type"

# This must be a unique temporary filename
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi
TMPFILE=$TMPDIR/rsbac_dialog.$$
TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then declare -i LINES=25 ; fi
if test -z "$COLUMNS" ; then declare -i COLUMNS=80 ; fi
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC   v1.1.0" ; fi
TITLE="`whoami`: RSBAC  RC "
ERRTITLE="RSBAC  RC  - ERROR"

# Special values for types
INHPR=64
INHPA=65
NOCR=66
NOEX=67
USENEW=68

# Special values for roles
RINHUSER=64
RINHPR=65
RINHPA=66

get_items () {
  if test "$1" != "" 
    then \
         NAME=`$RSBACPATH""rc_get_item ROLE $1 name`
         COMPROLE=`$RSBACPATH""rc_get_item ROLE $1 role_comp`
         ADMROLES=`$RSBACPATH""rc_get_item ROLE $1 admin_roles`
         ASSROLES=`$RSBACPATH""rc_get_item ROLE $1 assign_roles`
         ADMTYPE=`$RSBACPATH""rc_get_item ROLE $1 admin_type`
         DEFFDCR=`$RSBACPATH""rc_get_item ROLE $1 def_fd_create_type`
         DEFPCR=`$RSBACPATH""rc_get_item ROLE $1 def_process_create_type`
         DEFPCH=`$RSBACPATH""rc_get_item ROLE $1 def_process_chown_type`
         DEFPEX=`$RSBACPATH""rc_get_item ROLE $1 def_process_execute_type`
         DEFIPCCR=`$RSBACPATH""rc_get_item ROLE $1 def_ipc_create_type`
    else \
         NAME=
         COMPROLE=
         ADMTYPE=
         DEFFDCR=
         DEFPCR=
         DEFPCH=
         DEFPEX=
         DEFIPCCR=
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffi () {
   if test $1 -eq $2
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}
#especially for rus
onoffb_ru () {
   if test "$1" = "1"
     then echo 
   else echo 
   fi
}

get_value_name () {
  case $1 in
    admtype)
      case $2 in
        0) echo  
          ;;
        1) echo  
          ;;
        2) echo  
          ;;
      esac 
      ;;
  esac
}

role_name () {
  if test "$ROLE" = ""
  then echo " "
  else
    case $1 in
      $RINHUSER)
        echo   
        ;;
      $RINHPR)
        echo   
        ;;
      $RINHPA)
        echo   
        ;;

      *)
        if ! $RSBACPATH""rc_get_item ROLE $1 name
        then echo "()"
        fi
        ;;
    esac
  fi
}


type_name () {
  if test -z "$ROLE" -o -z "$2"
  then echo " "
  else \
    case $2 in
      $INHPR)
        echo   
        ;;
      $INHPA)
        echo   
        ;;
      $NOCR)
        echo   
        ;;
      $NOEX)
        echo   
        ;;
      $USENEW)
        echo . def_create  
        ;;
      *)
        case $1 in
           fd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_fd_name
             then echo "()"
             fi
             ;;
           dev)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_dev_name
             then echo "()"
             fi
             ;;
           process)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_process_name
             then echo "()"
             fi
             ;;
           ipc)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_ipc_name
             then echo "()"
             fi
             ;;
           scd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_scd_name
             then echo "()"
             fi
             ;;
        esac
        ;;
    esac
  fi
}

gen_role_list () {
    for i in $ALLROLENR
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE $1 $i`
      TMP2=`${RSBACPATH}rc_get_item ROLE $i name|tr ' ' '_'`
      if test -z $TMP2
      then TMP2="()"
      fi
      echo $i \
      $TMP2 \
      `onoffb $TMP`
    done
}

gen_type_list () {
        case $1 in
           fd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_fd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           dev)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_dev $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_dev_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           process)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_process $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           ipc)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_ipc $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           scd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_scd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_scd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;

           deffdcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_fd_type_nr`
             echo 64 "__" `onoff 64 $DEFFDCR`
             echo 65 "__" `onoff 65 $DEFFDCR`
             echo 66 "__" `onoff 66 $DEFFDCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffi $i $DEFFDCR`
             done
             ;;
           defpcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
             echo 65 "___(.)" `onoff 65 $DEFPCR`
             echo 66 "__" `onoff 66 $DEFPCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCR`
             done
             ;;
           defpch)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
             echo 65 "___()" `onoff 65 $DEFPCH`
             echo 66 "__" `onoff 66 $DEFPCH`
             echo 68 "_def_create__" `onoff 68 $DEFPCH`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCH`
             done
             ;;
           defpex)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
             echo 64 "___()" `onoff 64 $DEFPEX`
             echo 67 "__" `onoff 67 $DEFPEX`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPEX`
             done
             ;;
           defipccr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_ipc_type_nr`
             echo 64 "__" `onoff 64 $DEFIPCCR`
             echo 66 "__" `onoff 66 $DEFIPCCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffi $i $DEFIPCCR`
             done
             ;;
        esac
}

choose_role () {
      if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
      then \
        if test "$1" = "allrole"
        then $RSBACPATH""rc_get_item list_roles >$TMPFILE
        fi
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "$2" $BL $BC $MAXLINES \
                  `cat $TMPFILE` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if ! $RSBACPATH""rc_get_item ROLE $TMP name >/dev/null
             then \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ":   $TMP!" 5 $BC
                 rm $TMPFILE
             fi
        else
           rm $TMPFILE
        fi
      else \
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "$2 (0-63)" $BL $BC "$3" \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if ! $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ":   $TMP!" 5 $BC
                 rm $TMPFILE
             fi
        fi
      fi
}

gen_right_list () {
    for i in $ALLREQUESTS
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_$1 $2 $i`
      echo $i "`onoffb_ru $TMP`" \
      `onoffb $TMP`
    done
}


check_rights () {
  ALLREQUESTS=`$RSBACPATH""rc_get_item list_$2_rights`
  COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  TYPENAME="`${RSBACPATH}rc_get_item TYPE $3 type_$2_name`"
  if dialog --title "$1    $ROLE \"$NAME\",  $3 \"$TYPENAME\"" \
            --backtitle "$BACKTITLE" \
            --checklist ": $COMPBITS" $BL $BC $MAXLINES \
              `gen_right_list $2 $3` \
              '--------------' '-----------------' off \
              UA '. ' off \
              A  '.  ' off \
              R  '. .  .' off \
              RW '. .  ./.' off \
              W  '. .  .' off \
              SY '.  .' off \
              SE '. . ' off \
    2>$TMPFILE
  then TMP=`cat $TMPFILE|tr -d '"'`
       if ! $RSBACPATH""rc_set_item ROLE $ROLE type_comp_$2 $3 $TMP &>$TMPFILE
       then \
           dialog --title "$ERRTITLE" \
                  --backtitle "$BACKTITLE" \
                  --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           continue
       fi
#       COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  fi
}


declare -i MAXCOMPLEN=$BC-45
declare -i COMPLENRES=64-$MAXCOMPLEN
comp_print () {
  if test $MAXCOMPLEN -ge 64
  then echo $1
  else echo -n '*';echo $1|cut -c$COMPLENRES-65
#  else echo "(too long)"
  fi
}


if test "$1" != ""
then ROLE=$1
else choose_role allrole "Startup:   " ""
     if test -f $TMPFILE
     then ROLE=`cat $TMPFILE`
     fi
fi
if test "$ROLE" != ""
then get_items $ROLE
fi

while true ; do \
  if ! \
  dialog --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --menu " " $BL $BC `gl 22` \
                ". :" "  " \
                "---------------" " "\
                ". :" "$ROLE" \
                ".:" "$NAME" \
                "..:" "`comp_print $COMPROLE`" \
                "..:" "`comp_print $ADMROLES`" \
                "..:" "`comp_print $ASSROLES`" \
                ".  FD:" "()" \
                ".  DEV:" "()" \
                ".  Process:" "()" \
                ".  IPC:" "()" \
                ".  SCD:" "()" \
                ". :" "$ADMTYPE / `get_value_name admtype $ADMTYPE`" \
                ".  FD -.:" "$DEFFDCR / `type_name fd $DEFFDCR`" \
                ". .  -.:" "$DEFPCR / `type_name process $DEFPCR`" \
                ".  .  -.:" "$DEFPCH / `type_name process $DEFPCH`" \
                ".   -.:" "$DEFPEX / `type_name process $DEFPEX`" \
                ".  IPC -.:" "$DEFIPCCR / `type_name ipc $DEFIPCCR`" \
                "---------------" " "\
                ". " "( )" \
                ". " "( )" \
                ".   " "" \
                ".   ACL" "" \
                "." "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  case `cat $TMPFILE` in
    ". :")
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox  " ID " $BL $BC $ROLE \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then ROLE=$TMP
                  get_items $ROLE
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ":   $TMP!" 5 $BC
             fi
        fi
      ;;

    ". :")
      choose_role allrole " :  " $ROLE
      if test -f $TMPFILE
      then ROLE=`cat $TMPFILE`
           get_items $ROLE
      fi
      ;;

    ". ")
      choose_role used_role " :    " $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      if dialog --title "$TITLE" \
                --backtitle "$BACKTITLE" \
                --yesno "  $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_set_item ROLE $TMPROLE name "" &>$TMPFILE
           then if test $ROLE -eq $TMPROLE
                then choose_role used_role " :  " ""
                     if test -f $TMPFILE
                     then ROLE=`cat $TMPFILE`
                       get_items $ROLE
                     else
                       ROLE=
                     fi
                     get_items $ROLE
                fi
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi
       fi
      ;;

    ". ")
      choose_role usedrole " :   " $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      choose_role allrole " :   " ""
      if test ! -f $TMPFILE
      then continue
      fi
      TGTROLE=`cat $TMPFILE`
      if dialog --title "$TITLE" \
                --backtitle "$BACKTITLE" \
                --yesno "  $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`) to $TGTROLE (`${RSBACPATH}rc_get_item ROLE $TGTROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_copy_role $TMPROLE $TGTROLE &>$TMPFILE
           then ROLE=$TGTROLE
                get_items $ROLE
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi

      fi
      ;;

    '.:')
        if test "$ROLE" != ""
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "    $ROLE (maxlen = 15)" $BL $BC "$NAME" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE name "$TMP" &>$TMPFILE
               then NAME=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ":   !" 5 $BC
        fi
      ;;

    '..:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_used_role_nr`
          if dialog --title "    $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist ": $COMPROLE" $BL $BC $MAXLINES \
                    `gen_role_list role_comp` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              if ! $RSBACPATH""rc_set_item ROLE $ROLE role_comp $TMP &>$TMPFILE
              then \
                dialog --title "$ERRTITLE" \
                       --backtitle "$BACKTITLE" \
                       --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
              COMPROLE=`$RSBACPATH""rc_get_item ROLE $ROLE role_comp`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ". :   !" 5 $BC
        fi
      ;;

    '..:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if dialog --title "    $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $ADMROLES" $BL $BC $MAXLINES \
                    `gen_role_list admin_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              if ! $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $TMP &>$TMPFILE
              then \
                dialog --title "$ERRTITLE" \
                       --backtitle "$BACKTITLE" \
                       --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
              ADMROLES=`$RSBACPATH""rc_get_item ROLE $ROLE admin_roles`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ". :   !" 5 $BC
        fi
      ;;

    '..:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if dialog --title "    $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist ": $ASSROLES" $BL $BC $MAXLINES \
                    `gen_role_list assign_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              if ! $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $TMP &>$TMPFILE
              then \
                dialog --title "$ERRTITLE" \
                       --backtitle "$BACKTITLE" \
                       --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
              ASSROLES=`$RSBACPATH""rc_get_item ROLE $ROLE assign_roles`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ". :   !" 5 $BC
        fi
      ;;

    '.  FD:')
        if test "$ROLE" != ""
        then \
          while dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "   FD   $ROLE \"$NAME\" -  " $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_fd_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights FD fd $TMP
          done
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".  FD:   !" 5 $BC
        fi
      ;;

    '.  DEV:')
        if test "$ROLE" != ""
        then \
          while dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "   DEV   $ROLE \"$NAME\" -  " $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_dev_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights DEV dev $TMP
          done
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".  DEV:   !" 5 $BC
        fi
      ;;

    '.  Process:')
        if test "$ROLE" != ""
        then \
          ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
          while dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "   Process   $ROLE \"$NAME\" -  " $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_process_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights Process process $TMP
          done
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".  Process:   !" 5 $BC
        fi
      ;;

    '.  IPC:')
        if test "$ROLE" != ""
        then \
          ALLTYPENR=`$RSBACPATH""rc_get_item list_used_ipc_type_nr`
          while dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "   IPC   $ROLE \"$NAME\" -  " $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_ipc_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights IPC ipc $TMP
          done
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ".  IPC:   !" 5 $BC
        fi
      ;;

    '.  SCD:')
        if test "$ROLE" != ""
        then \
          ALLTYPENR=`$RSBACPATH""rc_get_item list_used_scd_type_nr`
          while dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "   SCD   $ROLE \"$NAME\" -  " $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_scd_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights SCD scd $TMP
          done
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "  SCD:   !" 5 $BC
        fi
      ;;

    '. :')
        if test "$ROLE" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "     $ROLE" $BL $BC 3 \
                                0 "`get_value_name admtype 0`" `onoff 0 $ADMTYPE` \
                                1 "`get_value_name admtype 1`" `onoff 1 $ADMTYPE` \
                                2 "`get_value_name admtype 2`" `onoff 2 $ADMTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE admin_type $TMP &>$TMPFILE
               then ADMTYPE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox " :   !" 5 $BC
        fi
      ;;

    '.  FD -.:')
        if test "$ROLE" != ""
        then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "   FD -   $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list deffdcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_fd_create_type $TMP &>$TMPFILE
                 then DEFFDCR=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            dialog --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox " . FD -:   !" 5 $BC
        fi
      ;;

    '. .  -.:')
        if test "$ROLE" != ""
        then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "    -   $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_create_type $TMP &>$TMPFILE
                 then DEFPCR=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            dialog --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox " .  -:   !" 5 $BC
        fi
      ;;

    '.  .  -.:')
        if test "$ROLE" != ""
        then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "     -   $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpch` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_chown_type $TMP &>$TMPFILE
                 then DEFPCH=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            dialog --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox " .  -.:   !" 5 $BC
        fi
      ;;

    '.   -.:')
        if test "$ROLE" != ""
        then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "    -   $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpex` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_execute_type $TMP &>$TMPFILE
                 then DEFPEX=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            dialog --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox ".  -.:   !" 5 $BC
        fi
      ;;

    '.  IPC -.:')
        if test "$ROLE" != ""
        then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "   IPC -   $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defipccr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_ipc_create_type $TMP &>$TMPFILE
                 then DEFIPCCR=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            dialog --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox " . IPC -.:   !" 5 $BC
        fi
      ;;

    ".   ")
        ${RSBACPATH}rsbac_rc_type_menu_ru
      ;;

    ".   ACL")
        ${RSBACPATH}rsbac_acl_menu_ru
      ;;

    ".")
        rm $TMPFILE ; exit
      ;;

    *)
        dialog --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox " :  !" 5 $BC

  esac
# sleep 2
done
