#!/bin/bash
# 
# This script is used for Administration of RSBAC RC Role entries
#
# Author and (c) 1999 Amon Ott
#
# Last changed on 10/Feb/1999
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ITEMS="name role_comp admin_roles assign_roles type_comp_fd type_comp_dev \
       type_comp_ipc type_comp_process type_comp_scd admin_type \
       def_fd_create_type def_process_create_type \
       def_process_chown_type def_process_execute_type \
       def_ipc_create_type"

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
if ! TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog
if test -z $DIALOG
then DIALOG=dialog
fi

if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then declare -i LINES=25 ; fi
if test -z "$COLUMNS" ; then declare -i COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.1.2" ; fi
TITLE="`whoami`@`hostname`: RSBAC RC Role Administration"
ERRTITLE="RSBAC RC Role Administration - ERROR"

# Special values for types
INHPR=64
INHPA=65
NOCR=66
NOEX=67
USENEW=68

# Special values for roles
RINHUSER=64
RINHPR=65
RINHPA=66

get_items () {
  if test "$1" != "" 
    then \
         NAME=`$RSBACPATH""rc_get_item ROLE $1 name`
         COMPROLE=`$RSBACPATH""rc_get_item ROLE $1 role_comp`
         ADMROLES=`$RSBACPATH""rc_get_item ROLE $1 admin_roles`
         ASSROLES=`$RSBACPATH""rc_get_item ROLE $1 assign_roles`
         ADMTYPE=`$RSBACPATH""rc_get_item ROLE $1 admin_type`
         DEFFDCR=`$RSBACPATH""rc_get_item ROLE $1 def_fd_create_type`
         DEFPCR=`$RSBACPATH""rc_get_item ROLE $1 def_process_create_type`
         DEFPCH=`$RSBACPATH""rc_get_item ROLE $1 def_process_chown_type`
         DEFPEX=`$RSBACPATH""rc_get_item ROLE $1 def_process_execute_type`
         DEFIPCCR=`$RSBACPATH""rc_get_item ROLE $1 def_ipc_create_type`
    else \
         NAME=
         COMPROLE=
         ADMTYPE=
         DEFFDCR=
         DEFPCR=
         DEFPCH=
         DEFPEX=
         DEFIPCCR=
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffi () {
   if test $1 -eq $2
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_value_name () {
  case $1 in
    admtype)
      case $2 in
        0) echo No Admin
          ;;
        1) echo Role Admin
          ;;
        2) echo System Admin
          ;;
      esac 
      ;;
  esac
}

role_name () {
  if test "$ROLE" = ""
  then echo " "
  else
    case $1 in
      $RINHUSER)
        echo Inherit from User
        ;;
      $RINHPR)
        echo Inherit from Process
        ;;
      $RINHPA)
        echo Inherit from Parent
        ;;

      *)
        if ! $RSBACPATH""rc_get_item ROLE $1 name
        then echo "(unknown)"
        fi
        ;;
    esac
  fi
}


type_name () {
  if test -z "$ROLE" -o -z "$2"
  then echo " "
  else \
    case $2 in
      $INHPR)
        echo Inherit from Process
        ;;
      $INHPA)
        echo Inherit from Parent
        ;;
      $NOCR)
        echo No create allowed
        ;;
      $NOEX)
        echo No execute allowed
        ;;
      $USENEW)
        echo Use def_create of new role
        ;;
      *)
        case $1 in
           fd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_fd_name
             then echo "(unknown)"
             fi
             ;;
           dev)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_dev_name
             then echo "(unknown)"
             fi
             ;;
           process)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_process_name
             then echo "(unknown)"
             fi
             ;;
           ipc)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_ipc_name
             then echo "(unknown)"
             fi
             ;;
           scd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_scd_name
             then echo "(unknown)"
             fi
             ;;
        esac
        ;;
    esac
  fi
}

gen_role_list () {
    for i in $ALLROLENR
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE $1 $i`
      TMP2=`${RSBACPATH}rc_get_item ROLE $i name|tr ' ' '_'`
      if test -z $TMP2
      then TMP2="(unused)"
      fi
      echo $i \
      $TMP2 \
      `onoffb $TMP`
    done
}

gen_type_list () {
        case $1 in
           fd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_fd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           dev)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_dev $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_dev_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           process)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_process $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           ipc)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_ipc $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           scd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_scd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_scd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;

           deffdcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_fd_type_nr`
             echo 64 "Inherit_from_process" `onoff 64 $DEFFDCR`
             echo 65 "Inherit_from_parent" `onoff 65 $DEFFDCR`
             echo 66 "No_create_allowed" `onoff 66 $DEFFDCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffi $i $DEFFDCR`
             done
             ;;
           defpcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
             echo 65 "Inherit_from_parent_(keep)" `onoff 65 $DEFPCR`
             echo 66 "No_create_allowed" `onoff 66 $DEFPCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCR`
             done
             ;;
           defpch)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
             echo 65 "Inherit_from_parent_(keep)" `onoff 65 $DEFPCH`
             echo 66 "No_create_allowed" `onoff 66 $DEFPCH`
             echo 68 "Use_def_create_of_new_role" `onoff 68 $DEFPCH`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCH`
             done
             ;;
           defpex)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
             echo 64 "Inherit_from_process_(keep)" `onoff 64 $DEFPEX`
             echo 67 "No_execute_allowed" `onoff 67 $DEFPEX`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPEX`
             done
             ;;
           defipccr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_used_ipc_type_nr`
             echo 64 "Inherit_from_process" `onoff 64 $DEFIPCCR`
             echo 66 "No_create_allowed" `onoff 66 $DEFIPCCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffi $i $DEFIPCCR`
             done
             ;;
        esac
}

choose_role () {
      if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
      then \
        if test "$1" = "allrole"
        then $RSBACPATH""rc_get_item list_roles >$TMPFILE
        fi
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "$2" $BL $BC $MAXLINES \
                  `cat $TMPFILE` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if ! $RSBACPATH""rc_get_item ROLE $TMP name >/dev/null
             then \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role: Invalid role $TMP!" 5 $BC
                 rm $TMPFILE
             fi
        else
           rm $TMPFILE
        fi
      else \
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "$2 (0-63)" $BL $BC "$3" \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if ! $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role: Invalid role $TMP!" 5 $BC
                 rm $TMPFILE
             fi
        fi
      fi
}

gen_right_list () {
    for i in $ALLREQUESTS
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_$1 $2 $i`
      echo $i "`onoffb $TMP`" \
      `onoffb $TMP`
    done
}


check_rights () {
  ALLREQUESTS=`$RSBACPATH""rc_get_item list_$2_rights`
  COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  TYPENAME="`${RSBACPATH}rc_get_item TYPE $3 type_$2_name`"
  if $DIALOG --title "$1 Compatibilites for Role $ROLE \"$NAME\", Type $3 \"$TYPENAME\"" \
            --backtitle "$BACKTITLE" \
            --checklist "Bits: $COMPBITS" $BL $BC $MAXLINES \
              `gen_right_list $2 $3` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
    2>$TMPFILE
  then TMP=`cat $TMPFILE|tr -d '"'`
       if ! $RSBACPATH""rc_set_item ROLE $ROLE type_comp_$2 $3 $TMP &>$TMPFILE
       then \
           $DIALOG --title "$ERRTITLE" \
                  --backtitle "$BACKTITLE" \
                  --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           continue
       fi
#       COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  fi
}


declare -i MAXCOMPLEN=$BC-45
declare -i COMPLENRES=64-$MAXCOMPLEN
comp_print () {
  if test $MAXCOMPLEN -ge 64
  then echo $1
  else echo -n '*';echo $1|cut -c$COMPLENRES-65
#  else echo "(too long)"
  fi
}


if test "$1" != ""
then ROLE=$1
else choose_role allrole "Startup: Choose initial role" ""
     if test -f $TMPFILE
     then ROLE=`cat $TMPFILE`
     fi
fi
if test "$ROLE" != ""
then get_items $ROLE
fi

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --menu "Main Menu" $BL $BC `gl 22` \
                "Rolelist:" "Choose role from list" \
                "---------------" " "\
                "Role Number:" "$ROLE" \
                "Name:" "$NAME" \
                "Role Comp:" "`comp_print $COMPROLE`" \
                "Admin Roles:" "`comp_print $ADMROLES`" \
                "Assign Roles:" "`comp_print $ASSROLES`" \
                "Type Comp FD:" "(Matrix not printable)" \
                "Type Comp DEV:" "(Matrix not printable)" \
                "Type Comp Process:" "(Matrix not printable)" \
                "Type Comp IPC:" "(Matrix not printable)" \
                "Type Comp SCD:" "(Matrix not printable)" \
                "Admin Type:" "$ADMTYPE / `get_value_name admtype $ADMTYPE`" \
                "Default FD Create Type:" "$DEFFDCR / `type_name fd $DEFFDCR`" \
                "Default Process Create Type:" "$DEFPCR / `type_name process $DEFPCR`" \
                "Default Process Chown Type:" "$DEFPCH / `type_name process $DEFPCH`" \
                "Default Process Execute Type:" "$DEFPEX / `type_name process $DEFPEX`" \
                "Default IPC Create Type:" "$DEFIPCCR / `type_name ipc $DEFIPCCR`" \
                "---------------" " "\
                "Copy Role" "(New Role)" \
                "Drop Role" "(Delete Role)" \
                "Go to Type Menu" "" \
                "Go to ACL Menu" "" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; rm $TMPFILETWO ; exit
  fi

  case `cat $TMPFILE` in
    "Role Number:")
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Role ID" $BL $BC $ROLE \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then ROLE=$TMP
                  get_items $ROLE
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role: Unknown role $TMP!" 5 $BC
             fi
        fi
      ;;

    Rolelist:)
      choose_role allrole "Rolelist: Choose role" $ROLE
      if test -f $TMPFILE
      then ROLE=`cat $TMPFILE`
           get_items $ROLE
      fi
      ;;

    "Drop Role")
      choose_role used_role "Drop Role: Choose role to drop" $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      if $DIALOG --title "$TITLE" \
                --backtitle "$BACKTITLE" \
                --yesno "Drop role $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_set_item ROLE $TMPROLE name "" &>$TMPFILE
           then if test $ROLE -eq $TMPROLE
                then choose_role used_role "Role dropped: Choose another role" ""
                     if test -f $TMPFILE
                     then ROLE=`cat $TMPFILE`
                       get_items $ROLE
                     else
                       ROLE=
                     fi
                     get_items $ROLE
                fi
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi
       fi
      ;;

    "Copy Role")
      choose_role usedrole "Copy Role: Choose source role" $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      choose_role allrole "Copy Role: Choose target role" ""
      if test ! -f $TMPFILE
      then continue
      fi
      TGTROLE=`cat $TMPFILE`
      if $DIALOG --title "$TITLE" \
                --backtitle "$BACKTITLE" \
                --yesno "Copy role $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`) to $TGTROLE (`${RSBACPATH}rc_get_item ROLE $TGTROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_copy_role $TMPROLE $TGTROLE &>$TMPFILE
           then ROLE=$TGTROLE
                get_items $ROLE
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi

      fi
      ;;

    'Name:')
        if test "$ROLE" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "Name for Role $ROLE (maxlen = 15)" $BL $BC "$NAME" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE name "$TMP" &>$TMPFILE
               then NAME=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Name: No role specified!" 5 $BC
        fi
      ;;

    'Role Comp:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_used_role_nr`
          if $DIALOG --title "Role Compatibilites for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $COMPROLE" $BL $BC $MAXLINES \
                    `gen_role_list role_comp` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              if ! $RSBACPATH""rc_set_item ROLE $ROLE role_comp $TMP &>$TMPFILE
              then \
                $DIALOG --title "$ERRTITLE" \
                       --backtitle "$BACKTITLE" \
                       --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
              COMPROLE=`$RSBACPATH""rc_get_item ROLE $ROLE role_comp`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role Comp: No role specified!" 5 $BC
        fi
      ;;

    'Admin Roles:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Admin Roles for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $ADMROLES" $BL $BC $MAXLINES \
                    `gen_role_list admin_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              if ! $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $TMP &>$TMPFILE
              then \
                $DIALOG --title "$ERRTITLE" \
                       --backtitle "$BACKTITLE" \
                       --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
              ADMROLES=`$RSBACPATH""rc_get_item ROLE $ROLE admin_roles`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Admin Roles: No role specified!" 5 $BC
        fi
      ;;

    'Assign Roles:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Assign Roles for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $ASSROLES" $BL $BC $MAXLINES \
                    `gen_role_list assign_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              if ! $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $TMP &>$TMPFILE
              then \
                $DIALOG --title "$ERRTITLE" \
                       --backtitle "$BACKTITLE" \
                       --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
              ASSROLES=`$RSBACPATH""rc_get_item ROLE $ROLE assign_roles`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Assign Roles: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp FD:')
        if test "$ROLE" != ""
        then \
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "FD Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_fd_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights FD fd $TMP
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp FD: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp DEV:')
        if test "$ROLE" != ""
        then \
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "DEV Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_dev_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights DEV dev $TMP
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp DEV: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp Process:')
        if test "$ROLE" != ""
        then \
          ALLTYPENR=`$RSBACPATH""rc_get_item list_used_process_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "Process Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_process_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights Process process $TMP
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp Process: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp IPC:')
        if test "$ROLE" != ""
        then \
          ALLTYPENR=`$RSBACPATH""rc_get_item list_used_ipc_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "IPC Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_ipc_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights IPC ipc $TMP
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp IPC: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp SCD:')
        if test "$ROLE" != ""
        then \
          ALLTYPENR=`$RSBACPATH""rc_get_item list_used_scd_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --menu "SCD Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_used_scd_types` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE|tr -d '"'`
             check_rights SCD scd $TMP
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp SCD: No role specified!" 5 $BC
        fi
      ;;

    'Admin Type:')
        if test "$ROLE" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Admin Type for Role $ROLE" $BL $BC 3 \
                                0 "`get_value_name admtype 0`" `onoff 0 $ADMTYPE` \
                                1 "`get_value_name admtype 1`" `onoff 1 $ADMTYPE` \
                                2 "`get_value_name admtype 2`" `onoff 2 $ADMTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE admin_type $TMP &>$TMPFILE
               then ADMTYPE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Admin Type: No role specified!" 5 $BC
        fi
      ;;

    'Default FD Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default FD Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list deffdcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_fd_create_type $TMP &>$TMPFILE
                 then DEFFDCR=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default FD Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Default Process Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_create_type $TMP &>$TMPFILE
                 then DEFPCR=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Default Process Chown Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Chown Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpch` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_chown_type $TMP &>$TMPFILE
                 then DEFPCH=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Chown Type: No role specified!" 5 $BC
        fi
      ;;

    'Default Process Execute Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Execute Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpex` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_execute_type $TMP &>$TMPFILE
                 then DEFPEX=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Execute Type: No role specified!" 5 $BC
        fi
      ;;

    'Default IPC Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default IPC Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defipccr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_ipc_create_type $TMP &>$TMPFILE
                 then DEFIPCCR=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default IPC Create Type: No role specified!" 5 $BC
        fi
      ;;

    "Go to Type Menu")
        ${RSBACPATH}rsbac_rc_type_menu
      ;;

    "Go to ACL Menu")
        ${RSBACPATH}rsbac_acl_menu
      ;;

    Quit)
        rm $TMPFILE ; rm $TMPFILETWO ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
