#!/bin/bash
# 
# This script is used for Administration of RSBAC ACL groups
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
if test -z $TMPFILE
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
if test -z $TMPFILETWO
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog
if test -z $DIALOG
then DIALOG=${RSBACPATH}rsbac_dialog
fi

if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXWIDTH=$BC-26
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.2.0" ; fi
TITLE="`whoami`@`hostname`: RSBAC ACL Group Administration"
HELPTITLE="`whoami`@`hostname`: RSBAC ACL Group Administration Help"
ERRTITLE="RSBAC ACL Administration - ERROR"

## no changes below this line!

NO_USER=65533
ALL_USERS=65532
GETMODE=real
GETSWITCH=

show_help () {
 {
  echo "$1"
  echo ""
  case "$1" in
    Type)
      echo 'Set the group type: Private or Global.'
      ;;

    Owner)
      echo 'Set the group owner. You can transfer your own groups to other users,'
      echo 'but you will not be able to administrate them afterwards, because'
      echo 'you are no longer the group owner.'
      ;;

    Name)
      echo 'Change the group name. Since groups are identified by number, the'
      echo 'group name is for user benefit only.'
      ;;

    'Add Members')
      echo 'Add a group member. Only users can be added.'
      ;;

    'Remove Members')
      echo 'Remove a group member.'
      ;;

    'All / Personal')
      echo 'Show all or only your personal groups.'
      ;;

    'Add Group')
      echo 'Add a personal group.'
      ;;

    'Remove Group')
      echo 'Remove one of your groups.'
      ;;

    Quit)
      echo 'Quit this menu.'
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_vname () {
  if test "$TYPE" = "NONE"
    then echo " "
         return
  fi
  if test -z "$2"
    then echo "N/A"
         return
  fi

  case $1 in
    onoff)
      case $2 in
        1) echo On
          ;;
        *) echo Off
          ;;
      esac 
      ;;
    *) echo ERROR!
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

get_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_name`
  fi
}

split_subj () {
  echo $1|tr '_' ' '
}

gen_glist () {
  if test "$1" == "All"
  then TMP=`$RSBACPATH""acl_group -gsn list_groups`
  else TMP=`$RSBACPATH""acl_group -sn list_groups`
  fi
  for i in $TMP
  do
    TMP2=`$RSBACPATH""acl_group -s get_group_entry $i|tr ' ' '_'`
    echo $i $TMP2
  done
}

declare -i MAXNAMELEN=$BC-34
name_print () {
  if test ${#1} -gt $MAXNAMELEN
  then
    declare -i START=${#1}-$MAXNAMELEN
    echo "$1" | cut -c$START-${#1}
  else
    echo "$1"
  fi
}

gen_ulist () {
  $RSBACPATH""acl_group get_group_members $1
}

gen_member_add_choice () {
  if ${RSBACPATH}attr_get_user -nl >$TMPFILE
  then
    TMP=`cat $TMPFILE | sort -n`
    for i in $TMP
    do
      echo $i `get_name $i` off
    done
  fi
}

gen_member_remove_choice () {
  if $RSBACPATH""acl_group -sn get_group_members $GROUP >$TMPFILE 2>/dev/null
  then
    TMP=`cat $TMPFILE`
    for i in $TMP
    do
      echo $i `get_name $i` off
    done
  fi
}

group_menu () {
  GROUP=$1
  if $RSBACPATH""acl_group get_group_type $GROUP >$TMPFILE 2>$TMPFILETWO
  then TYPE=`cat $TMPFILE`
  else
    $DIALOG --title "$ERRTITLE" \
           --backtitle "$BACKTITLE" \
           --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    return
  fi
  if $RSBACPATH""acl_group get_group_owner $GROUP >$TMPFILE 2>$TMPFILETWO
  then OWNER=`cat $TMPFILE`
  else
    $DIALOG --title "$ERRTITLE" \
           --backtitle "$BACKTITLE" \
           --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    return
  fi
  if $RSBACPATH""acl_group get_group_name $GROUP >$TMPFILE 2>$TMPFILETWO
  then NAME=`cat $TMPFILE`
  else
    $DIALOG --title "$ERRTITLE" \
           --backtitle "$BACKTITLE" \
           --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    return
  fi
  while true ; do \
    if ! \
    $DIALOG --title "$TITLE" \
           --backtitle "$BACKTITLE" \
           --help-button --default-item "$SELECTED" \
           --menu "Group Menu - Group $GROUP" $BL $BC $MAXLINES \
                  "Type" "$TYPE" \
                  "Owner" "$OWNER" \
                  "Name" "$NAME" \
                  "--------------" "" \
                  "Add Members" "" \
                  "Remove Members" "" \
                  "--------------" "" \
                  `gen_ulist $GROUP` \
                  "--------------" "" \
                  "Quit" "" \
           2>$TMPFILE
    then rm $TMPFILETWO ; return
    fi

    SELECTED=`cat $TMPFILE`
    case $SELECTED in
      HELP*)
          show_help "${SELECTED:5}"
          SELECTED="${SELECTED:5}"
        ;;
      Type)
          if test "$TYPE" == PRIVATE
          then TMP=GLOBAL
          else TMP=PRIVATE
          fi
          if $RSBACPATH""acl_group change_group $GROUP $OWNER $TMP "$NAME" &>$TMPFILE
          then
            TYPE=$TMP
          else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          fi
        ;;

      Owner)
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$OWNER" \
                    --menu "Choose new owner for group $GROUP" $BL $BC $MAXLINES \
                           `${RSBACPATH}attr_get_user -bl` \
            2>$TMPFILE
          then
            TMP=`cat $TMPFILE`
            if $RSBACPATH""acl_group change_group $GROUP $TMP $TYPE "$NAME" &>$TMPFILE
            then
              OWNER=$TMP
            else
              $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      Name)
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --inputbox "New name for group $GROUP (maxlen = 15)" $BL $BC "$NAME" \
            2>$TMPFILE
          then
            TMP=`cat $TMPFILE`
            if $RSBACPATH""acl_group change_group $GROUP $OWNER $TYPE "$TMP" &>$TMPFILE
            then
              NAME="$TMP"
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      'Add Members')
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "New members for group $GROUP" $BL $BC $MAXLINES \
                      `gen_member_add_choice` \
             2>$TMPFILE
          then
            TMP=`cat $TMPFILE | tr -d '"'`
            if ! $RSBACPATH""acl_group add_member $GROUP $TMP &>$TMPFILE
            then 
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      'Remove Members')
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Members to be removed from group $GROUP" $BL $BC $MAXLINES \
                      `gen_member_remove_choice` \
             2>$TMPFILE
          then
            TMP=`cat $TMPFILE | tr -d '"'`
            if ! $RSBACPATH""acl_group remove_member $GROUP $TMP &>$TMPFILE
            then 
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      Quit)
          rm $TMPFILETWO
          return
        ;;

      "--------------")
          $DIALOG --title "$ERRTITLE" \
                 --backtitle "$BACKTITLE" \
                 --msgbox "Group Menu: Selection Error!" 5 $BC
        ;;
      *)
          TMP=`get_name $SELECTED`
          TTL=`echo $SELECTED|cut -d ':' -f 2|cut -d 's' -f 1`
          if test "$TTL" == "$SELECTED" -o -z "$TTL"
          then TTL=0
          fi
          if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "TTL for Group $GROUP Member $SELECTED: `grep '^'$TMP /etc/passwd`" 7 $BC "$TTL" 2>$TMPFILE
          then TTL=`cat $TMPFILE`
            if ! $RSBACPATH""acl_group -t "$TTL" add_member $GROUP "$SELECTED" &>$TMPFILE
            then 
              $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

    esac
  done
}

###################### Menu #################

SHOW=All

if test "$1" == "-h" -o "$1" == "--help"
then
  echo Use: $0 '[group-id]'
  exit
fi
if test -n "$1"
then
  group_menu $1
fi

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --help-button --default-item "$SELECTED" \
         --menu "Main Menu" $BL $BC $MAXLINES \
                "All / Personal" "$SHOW" \
                "Add Group" "" \
                "Remove Group" "" \
                "--------------" "" \
                `gen_glist $SHOW` \
                "--------------" "" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  SELECTED=`cat $TMPFILE`
  case $SELECTED in
    HELP*)
        show_help "${SELECTED:5}"
        SELECTED="${SELECTED:5}"
      ;;
    "All / Personal")
        if test "$SHOW" == "All"
        then SHOW=Personal
        else SHOW=All
        fi
      ;;

    'Add Group')
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Name for new group (maxlen = 15)" $BL $BC "New Group" \
           2>$TMPFILE
        then
          TMP=`cat $TMPFILE`
          if ! $RSBACPATH""acl_group add_group P "$TMP" &>$TMPFILE
          then 
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          fi
        fi
      ;;

    "Remove Group")
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$SELECTED" \
                  --menu "Choose group to delete" $BL $BC $MAXLINES \
                  `gen_glist Personal` \
               2>$TMPFILE
        then
          TMP=`cat $TMPFILE`
          if ! $RSBACPATH""acl_group remove_group $TMP &>$TMPFILE
          then 
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          fi
        fi
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    -------------------)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC
      ;;

    *)
      group_menu $SELECTED
      ;;

  esac
# sleep 2
done
