#!/bin/bash
# 
# This script is used for Administration of RSBAC general user attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ATTRIBUTES="security_level mac_role fc_role sim_role ms_role ff_role
auth_role pm_role pseudo rc_def_role min_caps max_caps"

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC FC SIM PM MS FF RC AUTH ACL CAP'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
if ! TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog
if test -z $DIALOG
then DIALOG=${RSBACPATH}rsbac_dialog
fi

if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.2.0" ; fi
TITLE="`whoami`@`hostname`: RSBAC User Administration"
ERRTITLE="RSBAC User Administration - ERROR"


show_help () {
 {
  echo "$1"
  echo ""
  case "$1" in
    User:)
        echo "Enter the user name or id."
      ;;

    Userlist:)
        echo "Choose user from list."
      ;;

    'MAC Security Level:')
        echo "MAC model security level for this user."
        echo ""
        $RSBACPATH""attr_get_user -A security_level
      ;;

    'MAC Categories:')
        echo "MAC model categories for this user."
        echo ""
        $RSBACPATH""attr_get_user -A mac_categories
      ;;

    'MAC Role:')
        echo "MAC model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A mac_role
      ;;

    'FC Role:')
        echo "FC model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A fc_role
      ;;

    'SIM Role:')
        echo "SIM model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A sim_role
      ;;

    'MS Role:')
        echo "MS model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A ms_role
      ;;

    'FF Role:')
        echo "FF model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A ff_role
      ;;

    'AUTH Role:')
        echo "AUTH model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A auth_role
      ;;

    'PM Role:')
        echo "PM model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A pm_role
      ;;

    'PM Task Set:')
        echo "PM model set ID of allowed tasks for this user. This value is only an"
        echo "index into the PM task_set data structures and thus read-only."
        echo ""
        $RSBACPATH""attr_get_user -A pm_task_set
      ;;

    'Pseudo:')
        echo "Logging pseudonym for this user. If this value is not 0, it will be used"
        echo "as pseudonym instead of the user id for all request and set_attr logging"
        echo "messages."
        echo ""
        $RSBACPATH""attr_get_user -A pseudo
      ;;

    'RC Default Role:')
        echo "RC model default role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A rc_def_role
      ;;

    'CAP Min Caps:')
        echo "Specify a set of Linux capabilities, which will always be set, when a"
        echo "process changes to this user, or when this user executes a program."
        echo "The Max Caps set for the user is ignored, but the Max Caps set of the"
        echo "executed program will be applied."
        echo "Useful to start privileged (root) programs as normal user."
        echo ""
        $RSBACPATH""attr_get_user -A min_caps
      ;;

    'CAP Max Caps:')
        echo "Specify the maximum set of Linux capabilities, which can be set, when a"
        echo "process changes to this user, or when this user executes a program."
        echo "Useful to limit the privileges of a user running setuid root programs,"
        echo "e.g. the passwd command."
        echo ""
        $RSBACPATH""attr_get_user -A max_caps
      ;;

    'CAP Role:')
        echo "CAP model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A cap_role
      ;;

    'Log User Based:')
        echo "Specify the request types, which should always be logged, when"
        echo "this user runs a program."
        echo ""
        $RSBACPATH""attr_get_user -A log_user_based
      ;;

    'ACL Menu:')
        echo "Go to ACL menu."
      ;;

    'Reset Attributes:')
        echo "Call attr_rm_user to get the attribute object for this user object"
        echo "removed. As result, all attribute values will be reset to their"
        echo "default values. Use with care!"
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_attributes () {
  if test "$1" != "" 
    then
      if test "$SHOW_MAC" == "yes"
      then
        SECLEVEL=`$RSBACPATH""attr_get_user $1 security_level`
        MACCAT=`$RSBACPATH""attr_get_user $1 mac_categories`
        MACROLE=`$RSBACPATH""attr_get_user $1 mac_role`
      fi
      if test "$SHOW_PM" == "yes"
      then
        PMROLE=`$RSBACPATH""attr_get_user $1 pm_role`
        PMTASKSET=`$RSBACPATH""attr_get_user $1 pm_task_set`
      fi
      if test "$SHOW_FC" == "yes"
      then
        FCROLE=`$RSBACPATH""attr_get_user $1 fc_role`
      fi
      if test "$SHOW_SIM" == "yes"
      then
        SIMROLE=`$RSBACPATH""attr_get_user $1 sim_role`
      fi
      if test "$SHOW_MS" == "yes"
      then
        MSROLE=`$RSBACPATH""attr_get_user $1 ms_role`
      fi
      if test "$SHOW_FF" == "yes"
      then
        FFROLE=`$RSBACPATH""attr_get_user $1 ff_role`
      fi
      if test "$SHOW_AUTH" == "yes"
      then
        AUTHROLE=`$RSBACPATH""attr_get_user $1 auth_role`
      fi
      if test "$SHOW_CAP" == "yes"
      then
        MINCAPS=`$RSBACPATH""attr_get_user $1 min_caps`
        MAXCAPS=`$RSBACPATH""attr_get_user $1 max_caps`
        CAPROLE=`$RSBACPATH""attr_get_user $1 cap_role`
      fi
      if test "$SHOW_GEN" == "yes"
      then
        PSEUDO=`$RSBACPATH""attr_get_user $1 pseudo`
        RCDEFROLE=`$RSBACPATH""attr_get_user $1 rc_def_role`
        LOGUSER=`$RSBACPATH""attr_get_user $1 log_user_based`
      fi
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_value_name () {
  case $1 in
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
      esac 
      ;;
    sysrole)
      case $2 in
        0) echo General User
          ;;
        1) echo Security Officer
          ;;
        2) echo Administrator
          ;;
      esac 
      ;;
    pmrole)
      case $2 in
        0) echo General User
          ;;
        1) echo Security Officer
          ;;
        2) echo Data Protection Officer
          ;;
        3) echo TP-Manager
          ;;
        4) echo System-Administrator
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

role_name () {
  if test -z "$USERID" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item ROLE $1 name
       then echo "(unknown)"
       fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_user $USERID mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_file_dir -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_user -p $USERID log_user_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

gen_min_caps_list () {
    if test -z "$CAPS"
      then CAPS=`$RSBACPATH""attr_get_file_dir -c`
    fi
    SETCAPS=`$RSBACPATH""attr_get_user -p $USERID min_caps`
    for i in $CAPS
    do
      if echo $SETCAPS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

gen_max_caps_list () {
    if test -z "$CAPS"
      then CAPS=`$RSBACPATH""attr_get_file_dir -c`
    fi
    SETCAPS=`$RSBACPATH""attr_get_user -p $USERID max_caps`
    for i in $CAPS
    do
      if echo $SETCAPS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

if test "$1" != ""
then USERID=$1
     get_attributes $USERID
fi

  {
    echo 'user_menu ()'
    echo '  {'    
    echo "    $DIALOG --title \"$TITLE\" \\"
    echo '       --backtitle "$BACKTITLE" \'
    echo '       --help-button --default-item "$CHOICE" \'
    echo '       --menu "Main User Menu" $BL $BC `gl 24` \'
    echo '              "Userlist:" "Choose user from list" \'
    echo '               "-------------------" " " \'
    echo '              "User:" "$USERID / `get_uid $USERID` / `full_name $USERID`" \'
    if test "$SHOW_MAC" == "yes"
    then
      echo '              "MAC Security Level:" "$SECLEVEL / `get_value_name seclevel $SECLEVEL`" \'
      echo '              "MAC Categories:" "`cat_print $MACCAT`" \'
      echo '              "MAC Role:" "$MACROLE / `get_value_name sysrole $MACROLE`" \'
    fi
    if test "$SHOW_FC" == "yes"
    then
      echo '              "FC Role:" "$FCROLE / `get_value_name sysrole $FCROLE`" \'
    fi
    if test "$SHOW_SIM" == "yes"
    then
      echo '              "SIM Role:" "$SIMROLE / `get_value_name sysrole $SIMROLE`" \'
    fi
    if test "$SHOW_PM" == "yes"
    then
      echo '              "PM Role:" "$PMROLE / `get_value_name pmrole $PMROLE`" \'
      echo '              "PM Task Set:" "$PMTASKSET (read-only)" \'
    fi
    if test "$SHOW_MS" == "yes"
    then
      echo '              "MS Role:" "$MSROLE / `get_value_name sysrole $MSROLE`" \'
    fi
    if test "$SHOW_FF" == "yes"
    then
      echo '              "FF Role:" "$FFROLE / `get_value_name sysrole $FFROLE`" \'
    fi
    if test "$SHOW_RC" == "yes"
    then
      echo '              "RC Default Role:" "$RCDEFROLE / `role_name $RCDEFROLE`" \'
    fi
    if test "$SHOW_AUTH" == "yes"
    then
      echo '              "AUTH Role:" "$AUTHROLE / `get_value_name sysrole $AUTHROLE`" \'
    fi
    if test "$SHOW_CAP" == "yes"
    then
      echo '              "CAP Min Caps:" "$MINCAPS" \'
      echo '              "CAP Max Caps:" "$MAXCAPS" \'
      echo '              "CAP Role:" "$CAPROLE / `get_value_name sysrole $CAPROLE`" \'
    fi
    if test "$SHOW_GEN" == "yes"
    then
      echo '              "Pseudo:" "$PSEUDO" \'
      echo '              "Log User Based:" "$LOGUSER" \'
    fi
    echo '              "----------------" " " \'
    echo '              "ACL Menu:" "Go to ACL menu" \'
    echo '              "----------------" " " \'
    echo '              "Reset Attributes:" "Reset all values to default values" \'
    echo '              "Quit" ""'
    echo '  }'
  } > $TMPFILE

. $TMPFILE

#cp $TMPFILE /tmp/menu

while true
  do
    if ! user_menu 2>$TMPFILE
     then rm $TMPFILE ; exit
    fi


  CHOICE="`cat $TMPFILE`"
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    User:)
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Username/ID" $BL $BC $USERID \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "User: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;

    Userlist:)
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$USERID" \
                  --menu "Username/ID" $BL $BC $MAXLINES \
                         `${RSBACPATH}attr_get_user -bl` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "User: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;
    'MAC Security Level:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Security Level for $USERID" $BL $BC 5 \
                                0 unclassified `onoff 0 $SECLEVEL` \
                                1 confidential `onoff 1 $SECLEVEL` \
                                2 secret `onoff 2 $SECLEVEL` \
                                3 "top secret" `onoff 3 $SECLEVEL` \
                                252 "max. level" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID security_level $TMP &>$TMPFILE
               then SECLEVEL=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Security Level: No user specified!" 5 $BC
        fi
      ;;

    'MAC Categories:')
        if test "$USERID" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "MAC Categories for user $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_user $USERID mac_categories $i 0 &>$TMPFILE
                 then \ 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_user $USERID mac_categories $i 1 &>$TMPFILE
                 then \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_user $USERID mac_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Categories: No user specified!" 5 $BC
        fi
      ;;

    'MAC Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MAC Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $MACROLE` \
                                1 "Security Officer" `onoff 1 $MACROLE` \
                                2 "Administrator" `onoff 2 $MACROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID mac_role $TMP &>$TMPFILE
               then MACROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Role: No user specified!" 5 $BC
        fi
      ;;

    'FC Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose FC Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $FCROLE` \
                                1 "Security Officer" `onoff 1 $FCROLE` \
                                2 "Administrator" `onoff 2 $FCROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID fc_role $TMP &>$TMPFILE
               then FCROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "FC Role: No user specified!" 5 $BC
        fi
      ;;

    'SIM Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose SIM Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $SIMROLE` \
                                1 "Security Officer" `onoff 1 $SIMROLE` \
                                2 "Administrator" `onoff 2 $SIMROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID sim_role $TMP &>$TMPFILE
               then SIMROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "SIM Role: No user specified!" 5 $BC
        fi
      ;;

    'MS Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $MSROLE` \
                                1 "Security Officer" `onoff 1 $MSROLE` \
                                2 "Administrator" `onoff 2 $MSROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID ms_role $TMP &>$TMPFILE
               then MSROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Role: No user specified!" 5 $BC
        fi
      ;;

    'FF Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose FF Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $FFROLE` \
                                1 "Security Officer" `onoff 1 $FFROLE` \
                                2 "Administrator" `onoff 2 $FFROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID ff_role $TMP &>$TMPFILE
               then FFROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "FF Role: No user specified!" 5 $BC
        fi
      ;;

    'AUTH Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose AUTH Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $AUTHROLE` \
                                1 "Security Officer" `onoff 1 $AUTHROLE` \
                                2 "Administrator" `onoff 2 $AUTHROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID auth_role $TMP &>$TMPFILE
               then AUTHROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH Role: No user specified!" 5 $BC
        fi
      ;;

    'PM Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM-Role for $USERID" $BL $BC 5 \
                                0 "General User" `onoff 0 $PMROLE` \
                                1 "Security Officer" `onoff 1 $PMROLE` \
                                2 "Data Protection Officer" `onoff 2 $PMROLE` \
                                3 "TP-Manager" `onoff 3 $PMROLE` \
                                4 "System Administrator" `onoff 4 $PMROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pm_role $TMP &>$TMPFILE
               then PMROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM-Role: No user specified!" 5 $BC
        fi
      ;;
    'Pseudo:')
        if test "$USERID" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "Pseudonym (long integer) for $USERID" $BL $BC "$PSEUDO" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pseudo $TMP &>$TMPFILE
               then PSEUDO=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Pseudo: No user specified!" 5 $BC
        fi
      ;;

    'RC Default Role:')
        if test "$USERID" != ""
        then \
          if $RSBACPATH""rc_get_item list_roles >$TMPFILETWO
          then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --default-item "$RCDEFROLE" \
                      --menu "Choose RC Default Role for $USERID" $BL $BC $MAXLINES \
                      `cat $TMPFILETWO` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then RCDEFROLE=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
            rm $TMPFILETWO
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Default Role for $USERID" $BL $BC "$RCDEFROLE" \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then RCDEFROLE=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "RC Default Role: No user specified!" 5 $BC
        fi
      ;;

    'CAP Min Caps:')
        if test -n "$USER"
        then \
          if $DIALOG --title "CAP min_caps for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MINCAPS" $BL $BC $MAXLINES \
              `gen_min_caps_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              FS_MASK  'Set Filesystem Caps' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID min_caps $TMP &>$TMPFILE
            then \
              MINCAPS=`$RSBACPATH""attr_get_user $USERID min_caps`
            else \
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Min Caps: No user specified!" 5 $BC
        fi
      ;;

    'CAP Max Caps:')
        if test -n "$USER"
        then \
          if $DIALOG --title "CAP max_caps for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MAXCAPS" $BL $BC $MAXLINES \
              `gen_max_caps_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              FS_MASK  'Set Filesystem Caps' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID max_caps $TMP &>$TMPFILE
            then \
              MAXCAPS=`$RSBACPATH""attr_get_user $USERID max_caps`
            else \
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Max Caps: No user specified!" 5 $BC
        fi
      ;;

    'CAP Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose CAP Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $CAPROLE` \
                                1 "Security Officer" `onoff 1 $CAPROLE` \
                                2 "Administrator" `onoff 2 $CAPROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID cap_role $TMP &>$TMPFILE
               then AUTHROLE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Role: No user specified!" 5 $BC
        fi
      ;;

    'Log User Based:')
        if test -n "$USER"
        then \
          if $DIALOG --title "log_user_based for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGUSER" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID log_user_based $TMP &>$TMPFILE
            then \
              LOGUSER=`$RSBACPATH""attr_get_user $USERID log_user_based`
            else \
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log User Based: No user specified!" 5 $BC
        fi
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu USER
      ;;

    'Reset Attributes:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --yesno "Reset all attributes to default values?" 5 $BC \
             2>/dev/null
          then
            if $RSBACPATH""attr_rm_user $USERID &>$TMPFILE
            then get_attributes
            else \
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Reset Attributes: No file/dir specified!" 5 $BC
        fi
      ;;

    Quit)
        rm $TMPFILE ; rm $TMPFILETWO ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
