#!/bin/bash
# 
# This script is used for Administration of RSBAC general attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash - sorry!" 1>&2; exit 1; }
#
# We also need the proc fs mounted.
[ ! -f /proc/stat ] && { echo "This menu requires proc fs mounted" 1>&2; exit 1; }
#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC FC SIM PM MS FF RC AUTH ACL CAP'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# which dialog tool to use - dialog or kdialog
if test -z $DIALOG
then DIALOG=${RSBACPATH}rsbac_dialog
fi

if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

setonoff () {
      if echo $RSBACMOD | grep -q $1
      then
        echo on
      else
        echo off
      fi
}

export BACKTITLE="RSBAC Administration Tools v1.2.0"
TITLE="`whoami`@`hostname`: RSBAC Administration"
ERRTITLE="RSBAC Administration - ERROR"

MODIFIED=no

show_help () {
 {
  echo "$1"
  echo ""
  case "$1" in
    'Modules:')
      echo "Choose the modules you would like to see in the menues."
      ;;

    'Dialog Tool:')
      echo "Choose the dialog program. If it is not in a PATH directory, you can"
      echo "enter the full path here."
      ;;

    'TMP Dir:')
      echo "Where RSBAC menues store there temporary files."
      ;;

    'Tool Path:')
      echo "Directory, where the RSBAC tools are. This variable must either be"
      echo "empty or end with a slash (/)."
      ;;

    'Reload:')
      echo "Restore startup settings by reloading config file."
      ;;

    'Save:')
      echo "Save changed settings to global or personal config file."
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --help-button --default-item "$CHOICE" \
         --menu "Settings Menu" $BL $BC `gl 9` \
                "Modules:" "$RSBACMOD" \
                "Dialog Tool:" "$DIALOG" \
                "TMP Dir:" "$TMPDIR" \
                "Tool Path:" "(empty = use \$PATH) $RSBACPATH" \
                "---------------" "" \
                "Reload:" "Reload settings" \
                "Save:" "Save settings" \
                "---------------" "" \
                "Quit" "" \
         2>$TMPFILE
   then
        if test "$MODIFIED" = "yes"
        then
          if ! $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --yesno "Settings were modified. Exit anyway?" 5 $BC \
                   2>/dev/null
          then continue
          fi
        fi
        rm $TMPFILE ; exit
  fi

  CHOICE=`cat $TMPFILE`
  case $CHOICE in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    'Modules:')
        if \
        $DIALOG --title "$TITLE" \
               --backtitle "$BACKTITLE" \
               --checklist "Select Modules to Show" $BL $BC `gl 11` \
                      "GEN" "General attributes for all modules" "`setonoff GEN`" \
                      "MAC" "Mandatory Access Control (Bell-LaPadula)" "`setonoff MAC`" \
                      "FC"  "Functional Control" "`setonoff FC`" \
                      "SIM" "Security Information Modification" "`setonoff SIM`" \
                      "PM"  "Privacy Model" "`setonoff PM`" \
                      "MS"  "Malware Scan" "`setonoff MS`" \
                      "FF"  "File Flags" "`setonoff FF`" \
                      "RC"  "Role Compatibility" "`setonoff RC`" \
                      "ACL" "Access Control Lists" "`setonoff ACL`" \
                      "AUTH" "Authorization" "`setonoff AUTH`" \
                      "CAP" "Linux Capabilities" "`setonoff CAP`" \
             2>$TMPFILE
        then
          RSBACMOD=`cat $TMPFILE|tr -d '"'`
          MODIFIED=yes
        fi
      ;;

    'Dialog Tool:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --inputbox "Dialog program" $BL $BC "$DIALOG" \
          2>$TMPFILE
        then DIALOG=`cat $TMPFILE`
          MODIFIED=yes
        fi
      ;;

    'TMP Dir:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --inputbox "Directory for Temporary Files" $BL $BC "$TMPDIR" \
          2>$TMPFILE
        then TMPDIR=`cat $TMPFILE`
          MODIFIED=yes
        fi
      ;;

    'Tool Path:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --inputbox 'Path to RSBAC tools dir (empty = use $PATH, end with /)' \
                       $BL $BC "$RSBACPATH" \
          2>$TMPFILE
        then RSBACPATH=`cat $TMPFILE`
          MODIFIED=yes
        fi
      ;;

    'Reload:')
        if test "$MODIFIED" = "yes"
        then
          if ! $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --yesno "Settings were modified. Reload anyway?" 5 $BC \
                   2>/dev/null
          then continue
          fi
        fi
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --menu "Load settings from" 10 $BC 3 \
                     "$HOME/.rsbacrc" "Personal Settings" \
                     "$RSBACCONF" "Global Settings" \
                     "Enter name" "$FILE" \
                   2>$TMPFILE
        then
          TMP="`cat $TMPFILE`"
          if test "$TMP" = "Enter name"
          then
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --inputbox "Filename to load settings from" $BL $BC "$FILE" \
              2>$TMPFILE
            then TMP=`cat $TMPFILE`
            else continue
            fi
          fi
          FILE=$TMP
          . $FILE
        fi
      ;;

    'Save:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --menu "Save settings to" 10 $BC 3 \
                     "$HOME/.rsbacrc" "Personal Settings" \
                     "$RSBACCONF" "Global Settings" \
                     "Enter name" "$FILE" \
                   2>$TMPFILE
        then
          TMP="`cat $TMPFILE`"
          if test "$TMP" = "Enter name"
          then
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --inputbox "Filename to save settings to" $BL $BC "$FILE" \
              2>$TMPFILE
            then TMP=`cat $TMPFILE`
            else continue
            fi
          fi
          FILE=$TMP
          {
            echo '# RSBAC menu configuration'
            echo "# `date`"
            if test -n "$RSBACMOD"
            then
              echo "RSBACMOD=\"$RSBACMOD\""
            else
              echo "# RSBACMOD is not set
            fi
            if test -n "$DIALOG"
            then
              echo "DIALOG=\"$DIALOG\""
            else
              echo "# DIALOG is not set
            fi
            if test -n "$TMPDIR"
            then
              echo "TMPDIR=\"$TMPDIR\""
            else
              echo "# TMPDIR is not set
            fi
            if test -n "$RSBACPATH"
            then
              echo "RSBACPATH=\"$RSBACPATH\""
            else
              echo "# RSBACPATH is not set
            fi
          } >$FILE && MODIFIED=no || \
            $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "Saving settings to $FILE failed!" 5 $BC \
                   2>/dev/null
        fi
      ;;

    Quit)
        if test "$MODIFIED" = "yes"
        then
          if ! $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --yesno "Settings were modified. Exit anyway?" 5 $BC \
                   2>/dev/null
          then continue
          fi
        fi
        rm $TMPFILE ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
