#!/bin/bash
# 
# This script is used for Administration of RSBAC RC Role entries
#
# Author and (c) 1999 Amon Ott
#
# Last changed on 10/Feb/1999
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ITEMS="name role_comp admin_roles assign_roles type_comp_fd type_comp_dev \
       type_comp_ipc type_comp_process type_comp_netdev type_comp_netobj \
       type_comp_nettemp \
       type_comp_scd admin_type \
       def_fd_create_type def_process_create_type \
       def_process_chown_type def_process_execute_type \
       def_ipc_create_type"

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC FC SIM PM MS FF RC AUTH ACL CAP JAIL'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
if ! TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then declare -i LINES=25 ; fi
if test -z "$COLUMNS" ; then declare -i COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.2.2" ; fi
TITLE="`whoami`@`hostname`: RSBAC RC Role Administration"
HELPTITLE="$TITLE Help"
ERRTITLE="RSBAC RC Role Administration - ERROR"

# Special values for types
#INHPR=64
#INHPA=65
#NOCR=66
#NOEX=67
#USENEW=68
INHPR=4294967295
INHPA=4294967294
NOCR=4294967293
NOEX=4294967292
USENEW=4294967291

# Special values for roles
#RINHUSER=64
#RINHPR=65
#RINHPA=66
RINHUSER=4294967295
RINHPR=4294967294
RINHPA=4294967293

show_help () {
  case "$RSBACLANG" in
    DE)
      show_help_german "$1"
      ;;
    RU)
      show_help_russian "$1"
      ;;
    *)
      show_help_english "$1"
      ;;
  esac
}

show_help_english () {
 {
  echo "$1"
  echo ""
  case "$1" in
    "Role Number:")
      echo "Enter number of role to administrate."
      ;;

    Rolelist:)
      echo "Select role to administrate from a list of all defined roles."
      ;;

    "New Role")
      echo "Create a new role."
      ;;

    "Copy Role")
      echo "Copy a role to another. All role attributes and rights are copied."
      echo "The target role may already exist or can be created automatically."
      ;;

    "Delete Role")
      echo "Delete a role. All attributes and compatibility settings will be"
      echo "removed."
      ;;

    'Name:')
      echo "Change the role name."
      echo ""
      $RSBACPATH""rc_get_item -i name
      ;;

    'Role Comp:')
      echo "Select the roles this role is compatible with."
      echo ""
      echo "When running in a role, a process may change to all other roles this"
      echo "role is compatible with. After changing the role, all attributes of the"
      echo "new role are used, including the compatible roles. This means that the"
      echo "process might not be able to switch back to its original role."
      echo ""
      echo "All roles you add or remove from the compatible role set must be in the"
      echo "set of Assign Roles of your current role."
      ;;

    'Admin Roles:')
      echo "Select the roles this role is allowed to administrate."
      echo ""
      echo "When running in a role, a process may only administrate those roles that"
      echo "are in the Admin Roles set of the process role."
      echo ""
      echo "Only roles with Admin Type value Role Admin may change the set of Admin"
      echo "Roles."
      echo ""
      echo "Warning: Roles with Admin Type value Role Admin may always administrate"
      echo "all roles!"
      ;;

    'Assign Roles:')
      echo "Select the roles this role is allowed to assign as default to users and"
      echo "as initial or forced role to programs."
      echo ""
      echo "To assign a default role to a user, you need both the old and the new"
      echo "role of the user in your assign set."
      echo "To assign a role as initial or forced role to a program, you also need"
      echo "to be compatible with the FD type of the program file for request"
      echo "MODIFY_ATTRIBUTE."
      echo ""
      echo "Only roles with Admin Type value Role Admin may change the set of Assign"
      echo "Roles."
      echo ""
      echo "Warning: Roles with Admin Type value Role Admin may always assign all"
      echo "roles!"
      ;;

    'Type Comp FD:')
      echo "Select an FD type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp DEV:')
      echo "Select a DEV type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp Process:')
      echo "Select a Process type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp IPC:')
      echo "Select an IPC type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp SCD:')
      echo "Select an SCD type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETDEV:')
      echo "Select a NETDEV type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETTEMP:')
      echo "Select a NETTEMP type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETOBJ:')
      echo "Select a NETOBJ type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Admin Type:')
      echo "This attribute overrides the Admin Roles and Assign Roles and the"
      echo "special type compatibility rights."
      echo ""
      echo "System Admins may read all settings, Role Admins may read and modify all"
      echo "settings. Role Admin is also needed to change Admin Roles, Assign Roles"
      echo "and Admin Type values."
      echo ""
      $RSBACPATH""rc_get_item -i admin_type
      ;;

    'Def FD Create Type:')
      echo "Select the type that is assign to all filesystem objects created by this"
      echo "role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_fd_create_type
      ;;

    'Def Process Create Type:')
      echo "Select the type that is assign to all processes created by this role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_create_type
      ;;

    'Def Process Chown Type:')
      echo "Select the type that is assigned to a process running in this role after"
      echo "CHANGE_OWNER (setuid)."
      echo ""
      echo "The special value Use Def Create of new Owner uses the Def Process"
      echo "Create Type of the process role after the CHANGE_OWNER request,"
      echo "depending on the force_role setting of the process. Usually, this is the"
      echo "default role of the new process owner."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_chown_type
      ;;

    'Def Process Execute Type:')
      echo "Select the type that is assigned to a process running in this role when"
      echo "executing another program."
      echo ""
      echo "Useful, if only the original program is meant to be protected through a"
      echo "special type."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_execute_type
      ;;

    'Def IPC Create Type:')
      echo "Select the type that is assign to all IPC objects created by this role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_ipc_create_type
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_german () {
 {
  echo "$1"
  echo ""
  case "$1" in
    "Role Number:")
      echo "Nummer der zu administrierenden Rolle eingeben."
      ;;

    Rolelist:)
      echo "Zu administrierende Rolle aus Liste whlen."
      ;;

    "New Role")
      echo "Neue Rolle anlegen."
      ;;

    "Copy Role")
      echo "Rolle auf eine andere kopieren. Alle Rollen-Attribute und Rechte"
      echo "werden kopiert."
      echo "Die Ziel-Rolle kann bereits existieren oder automatisch angelegt"
      echo "werden."
      ;;

    "Delete Role")
      echo "Rolle lschen. Alle Attribute und Kompatibilitts-Einstellungen"
      echo "werden entfernt."
      ;;

    'Name:')
      echo "Rollennamen ndern."
      echo ""
      $RSBACPATH""rc_get_item -i name
      ;;

    'Role Comp:')
      echo "Rollen auswhlen, mit denen diese Rolle kompatibel ist."
      echo ""
      echo "Mit dieser aktuellen Rolle kann ein Proze in die hier angegebenen"
      echo "kompatiblen Rollen hineinwechseln. Nach dem Rollenwechsel werden alle"
      echo "Attribute der neuen Rolle verwendet, inklusive der kompatiblen Rollen."
      echo "Das bedeutet, da der Proze mglicherweise nicht mehr in die"
      echo "ursprngliche Rolle zurckwechseln kann."
      echo ""
      echo "Alle Rollen, die hier hinzugefgt oder entfernt werden, mssen in der"
      echo "Menge der Assign Roles der aktuellen Rolle des administrierenden"
      echo "Prozesses sein."
      ;;

    'Admin Roles:')
      echo "Whle die Rollen, die diese Rolle administrieren darf."
      echo ""
      echo "Nur Rollen mit Admin Type auf Role Admin drfen die Menge der Admin"
      echo "Roles einer Rolle ndern."
      echo ""
      echo "Achtung: Rollen mit Admin Type auf Role Admin drfen immer alle"
      echo "Rollen administrieren!"
      ;;

    'Assign Roles:')
      echo "Whle die Rollen, die diese Rolle als Standard-Rolle an Benutzer und"
      echo "als initial oder forced role an Programme zuweisen darf."
      echo ""
      echo "Um eine Standard-Rolle einem Benutzer zuzuweisen, bentigt man"
      echo "sowohl die alte als auch die neue Rolle des Benutzers in der Menge"
      echo "der Assign Roles."
      echo "Um eine Rolle als initial oder forced role einem Programm zuzuweisen,"
      echo "braucht man zustzlich Kompatibilitt fr MODIFY_ATTRIBUTE mit dem"
      echo "FD-Typ der Programmdatei."
      echo ""
      echo "Nur Rollen mit Admin Type auf Role Admin drfen die Menge der Assign"
      echo "Roles einer Rolle ndern."
      echo ""
      echo "Achtung: Rollen mit Admin Type auf Role Admin drfen immer alle"
      echo "Rollen zuweisen!"
      ;;

    'Type Comp FD:')
      echo "Whle einen FD-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Type Comp DEV:')
      echo "Whle einen DEV-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Type Comp Process:')
      echo "Whle einen Proze-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Type Comp IPC:')
      echo "Whle einen IPC-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Type Comp SCD:')
      echo "Whle einen SCD-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Type Comp NETDEV:')
      echo "Whle einen NETDEV-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Type Comp NETTEMP:')
      echo "Whle einen NETTEMP-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Type Comp NETOBJ:')
      echo "Whle einen NETOBJ-Typen und dann die Anfragen, fr die diese Rolle mit"
      echo "dem gewhlten Typ kompatibel ist."
      ;;

    'Admin Type:')
      echo "Dieses Attribut berstimmt die Admin Roles und Assign Roles und die"
      echo "Spezial-Rechte der Typ-Kompatibilitten."
      echo ""
      echo "System Admins drfen alle Einstellungen lesen, Role Admins drfen sie"
      echo "auch ndern."
      echo "Role Admin wird auch bentigt, um Admin Roles, Assign Roles und"
      echo "Admin Type-Werte zu ndern."
      echo ""
      $RSBACPATH""rc_get_item -i admin_type
      ;;

    'Def FD Create Type:')
      echo "Whle den FD-Typen, der allen von dieser Rolle erzeugten Dateisystem-"
      echo "Objekten zugewiesen wird."
      echo "Die Rolle bentigt zustzlich das CREATE-Recht auf den gewhlten Typen."
      echo ""
      $RSBACPATH""rc_get_item -i def_fd_create_type
      ;;

    'Def Process Create Type:')
      echo "Whle den Proze-Typen, der allen von dieser Rolle erzeugten Prozessen"
      echo "zugewiesen wird."
      echo "Die Rolle bentigt zustzlich das CREATE-Recht auf den gewhlten Typen."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_create_type
      ;;

    'Def Process Chown Type:')
      echo "Whle den Proze-Typen, der allen Prozessen mit dieser aktuellen Rolle"
      echo "bei einem Benutzerwechsel (CHANGE_OWNER/setuid) zugewiesen wird."
      echo ""
      echo "Der Spezialwert Use Def Create of new Owner verwendet den Def Process"
      echo "Create Type der neuen aktuellen Prozerolle nach dem CHANGE_OWNER,"
      echo "die abhngig ist von der force_role-Einstellung des Prozesses."
      echo "blicherweise ist dieses die Standard-Rolle des neuen Prozebenutzers."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_chown_type
      ;;

    'Def Process Execute Type:')
      echo "Whle den Proze-Typen, der allen Prozessen mit dieser aktuellen"
      echo "Rolle beim Start eines neuen Programmes (EXECUTE) zugewiesen wird."
      echo ""
      echo "Sinnvoll, wenn z.B. nur das ursprngliche Programm durch einen"
      echo "speziellen Typen geschtzt werden soll."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_execute_type
      ;;

    'Def IPC Create Type:')
      echo "Whle den Proze-Typen, der allen von dieser Rolle erzeugten"
      echo "IPC-Objekten zugewiesen wird."
      echo "Die Rolle bentigt zustzlich das CREATE-Recht auf den gewhlten Typen."
      echo ""
      $RSBACPATH""rc_get_item -i def_ipc_create_type
      ;;

    Quit)
        echo "Beende dieses Men."
      ;;

    *)
        echo "Keine Hilfe fr $1 verfgbar!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_russian () {
 {
  echo "$1"
  echo ""
  case "$1" in
    "Role Number:")
      echo "Enter number of role to administrate."
      ;;

    Rolelist:)
      echo "Select role to administrate from a list of all defined roles."
      ;;

    "New Role")
      echo "Create a new role."
      ;;

    "Copy Role")
      echo "Copy a role to another. All role attributes and rights are copied."
      echo "The target role may already exist or can be created automatically."
      ;;

    "Delete Role")
      echo "Delete a role. All attributes and compatibility settings will be"
      echo "removed."
      ;;

    'Name:')
      echo "Change the role name."
      echo ""
      $RSBACPATH""rc_get_item -i name
      ;;

    'Role Comp:')
      echo "Select the roles this role is compatible with."
      echo ""
      echo "When running in a role, a process may change to all other roles this"
      echo "role is compatible with. After changing the role, all attributes of the"
      echo "new role are used, including the compatible roles. This means that the"
      echo "process might not be able to switch back to its original role."
      echo ""
      echo "All roles you add or remove from the compatible role set must be in the"
      echo "set of Assign Roles of your current role."
      ;;

    'Admin Roles:')
      echo "Select the roles this role is allowed to administrate."
      echo ""
      echo "When running in a role, a process may only administrate those roles that"
      echo "are in the Admin Roles set of the process role."
      echo ""
      echo "Only roles with Admin Type value Role Admin may change the set of Admin"
      echo "Roles."
      echo ""
      echo "Warning: Roles with Admin Type value Role Admin may always administrate"
      echo "all roles!"
      ;;

    'Assign Roles:')
      echo "Select the roles this role is allowed to assign as default to users and"
      echo "as initial or forced role to programs."
      echo ""
      echo "To assign a default role to a user, you need both the old and the new"
      echo "role of the user in your assign set."
      echo "To assign a role as initial or forced role to a program, you also need"
      echo "to be compatible with the FD type of the program file for request"
      echo "MODIFY_ATTRIBUTE."
      echo ""
      echo "Only roles with Admin Type value Role Admin may change the set of Assign"
      echo "Roles."
      echo ""
      echo "Warning: Roles with Admin Type value Role Admin may always assign all"
      echo "roles!"
      ;;

    'Type Comp FD:')
      echo "Select an FD type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp DEV:')
      echo "Select a DEV type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp Process:')
      echo "Select a Process type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp IPC:')
      echo "Select an IPC type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp SCD:')
      echo "Select an SCD type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETDEV:')
      echo "Select a NETDEV type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETTEMP:')
      echo "Select a NETTEMP type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETOBJ:')
      echo "Select a NETOBJ type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Admin Type:')
      echo "This attribute overrides the Admin Roles and Assign Roles and the"
      echo "special type compatibility rights."
      echo ""
      echo "System Admins may read all settings, Role Admins may read and modify all"
      echo "settings. Role Admin is also needed to change Admin Roles, Assign Roles"
      echo "and Admin Type values."
      echo ""
      $RSBACPATH""rc_get_item -i admin_type
      ;;

    'Def FD Create Type:')
      echo "Select the type that is assign to all filesystem objects created by this"
      echo "role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_fd_create_type
      ;;

    'Def Process Create Type:')
      echo "Select the type that is assign to all processes created by this role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_create_type
      ;;

    'Def Process Chown Type:')
      echo "Select the type that is assigned to a process running in this role after"
      echo "CHANGE_OWNER (setuid)."
      echo ""
      echo "The special value Use Def Create of new Owner uses the Def Process"
      echo "Create Type of the process role after the CHANGE_OWNER request,"
      echo "depending on the force_role setting of the process. Usually, this is the"
      echo "default role of the new process owner."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_chown_type
      ;;

    'Def Process Execute Type:')
      echo "Select the type that is assigned to a process running in this role when"
      echo "executing another program."
      echo ""
      echo "Useful, if only the original program is meant to be protected through a"
      echo "special type."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_execute_type
      ;;

    'Def IPC Create Type:')
      echo "Select the type that is assign to all IPC objects created by this role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_ipc_create_type
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_items () {
  if test "$1" != "" 
    then \
         NAME=`$RSBACPATH""rc_get_item ROLE $1 name`
         COMPROLE=`$RSBACPATH""rc_get_item ROLE $1 list_role_comp_nr`
         ADMROLES=`$RSBACPATH""rc_get_item ROLE $1 list_admin_role_nr`
         ASSROLES=`$RSBACPATH""rc_get_item ROLE $1 list_assign_role_nr`
         ADMTYPE=`$RSBACPATH""rc_get_item ROLE $1 admin_type`
         DEFFDCR=`$RSBACPATH""rc_get_item ROLE $1 def_fd_create_type`
         DEFPCR=`$RSBACPATH""rc_get_item ROLE $1 def_process_create_type`
         DEFPCH=`$RSBACPATH""rc_get_item ROLE $1 def_process_chown_type`
         DEFPEX=`$RSBACPATH""rc_get_item ROLE $1 def_process_execute_type`
         DEFIPCCR=`$RSBACPATH""rc_get_item ROLE $1 def_ipc_create_type`
    else \
         NAME=
         COMPROLE=
         ADMTYPE=
         DEFFDCR=
         DEFPCR=
         DEFPCH=
         DEFPEX=
         DEFIPCCR=
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffi () {
   if test $1 -eq $2
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_value_name () {
  case $1 in
    admtype)
      case $2 in
        0) echo No Admin
          ;;
        1) echo Role Admin
          ;;
        2) echo System Admin
          ;;
      esac 
      ;;
  esac
}

role_name () {
  if test "$ROLE" = ""
  then echo " "
  else
    case $1 in
      $RINHUSER)
        echo Inherit from User
        ;;
      $RINHPR)
        echo Inherit from Process
        ;;
      $RINHPA)
        echo Inherit from Parent
        ;;

      *)
        if ! $RSBACPATH""rc_get_item ROLE $1 name
        then echo "(unknown)"
        fi
        ;;
    esac
  fi
}


type_name () {
  if test -z "$ROLE" -o -z "$2"
  then echo " "
  else \
    case $2 in
      $INHPR)
        echo Inherit from Process
        ;;
      $INHPA)
        echo Inherit from Parent
        ;;
      $NOCR)
        echo No create allowed
        ;;
      $NOEX)
        echo No execute allowed
        ;;
      $USENEW)
        echo Use def_create of new role
        ;;
      *)
        case $1 in
           fd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_fd_name
             then echo "(unknown)"
             fi
             ;;
           dev)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_dev_name
             then echo "(unknown)"
             fi
             ;;
           process)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_process_name
             then echo "(unknown)"
             fi
             ;;
           ipc)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_ipc_name
             then echo "(unknown)"
             fi
             ;;
           scd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_scd_name
             then echo "(unknown)"
             fi
             ;;
           netdev)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_netdev_name
             then echo "(unknown)"
             fi
             ;;
           nettemp)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_nettemp_name
             then echo "(unknown)"
             fi
             ;;
           netobj)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_netobj_name
             then echo "(unknown)"
             fi
             ;;
        esac
        ;;
    esac
  fi
}

gen_role_list () {
    for i in $ALLROLENR
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE $1 $i`
      TMP2=`${RSBACPATH}rc_get_item ROLE $i name|tr ' ' '_'`
      if test -z $TMP2
      then TMP2="(unused)"
      fi
      echo $i \
      $TMP2 \
      `onoffb $TMP`
    done
}

gen_type_list () {
        case $1 in
           fd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_fd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           dev)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_dev $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_dev_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           process)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_process $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           ipc)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_ipc $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           scd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_scd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_scd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           netdev)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_netdev $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_netdev_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           nettemp)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_nettemp $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_nettemp_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           netobj)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_netobj $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_netobj_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;

           deffdcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_fd_type_nr`
             echo $INHPR "Inherit_from_process" `onoff $INHPR $DEFFDCR`
             echo $INHPA "Inherit_from_parent" `onoff $INHPA $DEFFDCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFFDCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffi $i $DEFFDCR`
             done
             ;;
           defpcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
             echo $INHPA "Inherit_from_parent_(keep)" `onoff $INHPA $DEFPCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFPCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCR`
             done
             ;;
           defpch)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
             echo $INHPA "Inherit_from_parent_(keep)" `onoff $INHPA $DEFPCH`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFPCH`
             echo $USENEW "Use_def_create_of_new_role" `onoff $USENEW $DEFPCH`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCH`
             done
             ;;
           defpex)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
             echo $INHPR "Inherit_from_process_(keep)" `onoff $INHPR $DEFPEX`
             echo $NOEX "No_execute_allowed" `onoff $NOEX $DEFPEX`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPEX`
             done
             ;;
           defipccr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_ipc_type_nr`
             echo $INHPR "Inherit_from_process" `onoff $INHPR $DEFIPCCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFIPCCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffi $i $DEFIPCCR`
             done
             ;;
        esac
}

choose_role () {
      if $RSBACPATH""rc_get_item list_roles >$TMPFILE
      then \
	if test "$1" = "allrole"
	then
	  echo "`rc_get_item list_unused_role_nr`" "(new)" >>$TMPFILE
	fi
	ROLELIST=`cat $TMPFILE`
	TMP=$ROLE
        while $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$TMP" \
                  --menu "$2" $BL $BC $MAXLINES \
                  $ROLELIST \
           2>$TMPFILE
        do TMP=`cat $TMPFILE`
          return
        done
        rm $TMPFILE
      else \
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "$2" $BL $BC "$3" \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if ! $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role: Invalid role $TMP!" 5 $BC
                 rm $TMPFILE
             fi
        fi
      fi
}

gen_right_list () {
    for i in $ALLREQUESTS
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_$1 $2 $i`
      echo $i "`onoffb $TMP`" \
      `onoffb $TMP`
    done
}


check_rights () {
  ALLREQUESTS=`$RSBACPATH""rc_get_item list_$2_rights`
  COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  TYPENAME="`${RSBACPATH}rc_get_item TYPE $3 type_$2_name`"
  if $DIALOG --title "$1 Compatibilites for Role $ROLE \"$NAME\", Type $3 \"$TYPENAME\"" \
            --backtitle "$BACKTITLE" \
            --checklist "Bits: $COMPBITS" $BL $BC $MAXLINES \
              `gen_right_list $2 $3` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
    2>$TMPFILE
  then TMP=`cat $TMPFILE|tr -d '"'`
       if $RSBACPATH""rc_set_item ROLE $ROLE type_comp_$2 $3 $TMP &>$TMPFILE
       then
         if test -n "$RSBACLOGFILE"
         then
           echo $RSBACPATH""rc_set_item ROLE $ROLE type_comp_$2 $3 $TMP >>"$RSBACLOGFILE"
         fi
       else
           $DIALOG --title "$ERRTITLE" \
                  --backtitle "$BACKTITLE" \
                  --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           continue
       fi
#       COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  fi
}


declare -i MAXCOMPLEN=$BC-45
declare -i COMPLENRES=64-$MAXCOMPLEN
comp_print () {
  if test ${#1} -le $MAXCOMPLEN
  then echo $1
  else echo -n '*';echo $1|cut -c$COMPLENRES-65
  fi
#   echo $1
}

if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
  } >>"$RSBACLOGFILE"
fi

if test "$1" != ""
then ROLE=$1
else choose_role usedrole "Startup: Choose initial role" ""
     if test -f $TMPFILE
     then ROLE=`cat $TMPFILE`
     fi
fi
if test "$ROLE" != ""
then get_items $ROLE
fi

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --help-button --default-item "$CHOICE" \
         --menu "Main Menu" $BL $BC `gl 26` \
                "Rolelist:" "Choose role from list" \
                "---------------" " "\
                "Role Number:" "$ROLE" \
                "Name:" "$NAME" \
                "Role Comp:" "`comp_print \"$COMPROLE\"`" \
                "Admin Roles:" "`comp_print \"$ADMROLES\"`" \
                "Assign Roles:" "`comp_print \"$ASSROLES\"`" \
                "Type Comp FD:" "(Matrix not printable)" \
                "Type Comp DEV:" "(Matrix not printable)" \
                "Type Comp Process:" "(Matrix not printable)" \
                "Type Comp IPC:" "(Matrix not printable)" \
                "Type Comp SCD:" "(Matrix not printable)" \
                "Type Comp NETDEV:" "(Matrix not printable)" \
                "Type Comp NETTEMP:" "(Matrix not printable)" \
                "Type Comp NETOBJ:" "(Matrix not printable)" \
                "Admin Type:" "$ADMTYPE / `get_value_name admtype $ADMTYPE`" \
                "Def FD Create Type:" "$DEFFDCR / `type_name fd $DEFFDCR`" \
                "Def Process Create Type:" "$DEFPCR / `type_name process $DEFPCR`" \
                "Def Process Chown Type:" "$DEFPCH / `type_name process $DEFPCH`" \
                "Def Process Execute Type:" "$DEFPEX / `type_name process $DEFPEX`" \
                "Def IPC Create Type:" "$DEFIPCCR / `type_name ipc $DEFIPCCR`" \
                "---------------" " "\
                "New Role" "" \
                "Copy Role" "(To other role)" \
                "Delete Role" "" \
                "Go to Type Menu" "" \
                "Go to ACL Menu" "" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; rm $TMPFILETWO ; exit
  fi

  CHOICE=`cat $TMPFILE`
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    "Role Number:")
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Role ID" $BL $BC $ROLE \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then ROLE=$TMP
                  get_items $ROLE
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role: Unknown role $TMP!" 5 $BC
             fi
        fi
      ;;

    Rolelist:)
      choose_role usedrole "Rolelist: Choose role" $ROLE
      if test -f $TMPFILE
      then ROLE=`cat $TMPFILE`
           get_items $ROLE
      fi
      ;;

    "New Role")
      if ! \
      $DIALOG --title "$TITLE" \
           --backtitle "$BACKTITLE" \
           --inputbox "Enter role number to add" 8 $BC \
                  `${RSBACPATH}rc_get_item list_unused_role_nr` \
            2>$TMPFILE
      then rm $TMPFILE ; continue
      fi
      TMP=`cat $TMPFILE`
      if ${RSBACPATH}rc_get_item ROLE $TMP name >$TMPFILE
      then \
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Role `cat $TMPFILE` exists!" $BL $BC
      else
        if $RSBACPATH""rc_set_item ROLE $TMP name "Role $TMP" &>$TMPFILE
        then
          if test -n "$RSBACLOGFILE"
          then
            echo $RSBACPATH""rc_set_item ROLE $TMP name \"Role $TMP\" >>"$RSBACLOGFILE"
          fi
          CHOICE="Name:"
          ROLE=$TMP
          get_items $ROLE
        else
          $DIALOG --title "$ERRTITLE" \
                  --backtitle "$BACKTITLE" \
                  --msgbox "`head $TMPFILE`" $BL $BC
        fi
      fi
      ;;


    "Copy Role")
      choose_role usedrole "Copy Role: Choose source role" $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      choose_role allrole "Copy Role: Choose target role" ""
      if test ! -f $TMPFILE
      then continue
      fi
      TGTROLE=`cat $TMPFILE`
      if $DIALOG --title "$TITLE" \
                --backtitle "$BACKTITLE" \
                --yesno "Copy role $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`) to $TGTROLE (`${RSBACPATH}rc_get_item ROLE $TGTROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_copy_role $TMPROLE $TGTROLE &>$TMPFILE
           then ROLE=$TGTROLE
                get_items $ROLE
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi

      fi
      ;;

    "Delete Role")
      choose_role used_role "Delete Role: Choose role to delete" $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      if $DIALOG --title "$TITLE" \
                --backtitle "$BACKTITLE" \
                --yesno "Delete role $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_set_item ROLE $TMPROLE remove_role &>$TMPFILE
           then
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""rc_set_item ROLE $TMPROLE remove_role >>"$RSBACLOGFILE"
             fi
             if test $ROLE -eq $TMPROLE
             then choose_role used_role "Role deleted: Choose another role" ""
                  if test -f $TMPFILE
                  then ROLE=`cat $TMPFILE`
                    get_items $ROLE
                  else
                    ROLE=
                  fi
                  get_items $ROLE
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi
       fi
      ;;

    'Name:')
        if test "$ROLE" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --max-input 15 \
                     --inputbox "Name for Role $ROLE (maxlen = 15)" $BL $BC "$NAME" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE name "$TMP" &>$TMPFILE
               then
                 NAME=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""rc_set_item ROLE $ROLE name \"$TMP\" >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Name: No role specified!" 5 $BC
        fi
      ;;

    'Role Comp:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Role Compatibilites for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "List: `echo $COMPROLE`" $BL $BC $MAXLINES \
                    `gen_role_list role_comp` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              for i in $COMPROLE
              do
                if ! echo $TMP | grep -q $i
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 0 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 0 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Unset $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              for i in $TMP
              do
                if ! echo $COMPROLE | grep -q $i
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 1 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 1 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Set $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              COMPROLE=`$RSBACPATH""rc_get_item ROLE $ROLE list_role_comp_nr`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role Comp: No role specified!" 5 $BC
        fi
      ;;

    'Admin Roles:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Admin Roles for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "List: `echo $ADMROLES`" $BL $BC $MAXLINES \
                    `gen_role_list admin_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              for i in $ADMROLES
              do
                if ! echo $TMP | grep -q $i
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 0 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 0 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Unset $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              for i in $TMP
              do
                if ! echo $ADMROLES | grep -q $i
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 1 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 1 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Set $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              ADMROLES=`$RSBACPATH""rc_get_item ROLE $ROLE list_admin_role_nr`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Admin Roles: No role specified!" 5 $BC
        fi
      ;;

    'Assign Roles:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Assign Roles for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "List: `echo $ASSROLES`" $BL $BC $MAXLINES \
                    `gen_role_list assign_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              for i in $ASSROLES
              do
                if ! echo $TMP | grep -q $i
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 0 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 0 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Unset $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              for i in $TMP
              do
                if ! echo $ASSROLES | grep -q $i
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 1 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 1 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Set $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              ASSROLES=`$RSBACPATH""rc_get_item ROLE $ROLE list_assign_role_nr`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Assign Roles: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp FD:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "FD Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_fd_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights FD fd $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp FD: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp DEV:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "DEV Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_dev_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights DEV dev $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp DEV: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp Process:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "Process Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_process_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights Process process $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp Process: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp IPC:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_ipc_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "IPC Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_ipc_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights IPC ipc $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp IPC: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp SCD:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_scd_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "SCD Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_scd_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights SCD scd $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp SCD: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp NETDEV:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_netdev_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "NETDEV Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_netdev_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights NETDEV netdev $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp NETDEV: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp NETTEMP:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_nettemp_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "NETTEMP Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_nettemp_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights NETTEMP nettemp $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp NETTEMP: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp NETOBJ:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_netobj_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "NETOBJ Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_netobj_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights NETOBJ netobj $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp NETOBJ: No role specified!" 5 $BC
        fi
      ;;

    'Admin Type:')
        if test "$ROLE" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Admin Type for Role $ROLE" $BL $BC 3 \
                                0 "`get_value_name admtype 0`" `onoff 0 $ADMTYPE` \
                                1 "`get_value_name admtype 1`" `onoff 1 $ADMTYPE` \
                                2 "`get_value_name admtype 2`" `onoff 2 $ADMTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE admin_type $TMP &>$TMPFILE
               then
                 ADMTYPE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""rc_set_item ROLE $ROLE admin_type $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Admin Type: No role specified!" 5 $BC
        fi
      ;;

    'Def FD Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default FD Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list deffdcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_fd_create_type $TMP &>$TMPFILE
                 then
                   DEFFDCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_fd_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default FD Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Process Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_create_type $TMP &>$TMPFILE
                 then
                   DEFPCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_process_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Process Chown Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Chown Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpch` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_chown_type $TMP &>$TMPFILE
                 then
                   DEFPCH=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_process_chown_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Chown Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Process Execute Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Execute Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpex` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_execute_type $TMP &>$TMPFILE
                 then
                   DEFPEX=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_process_execute_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Execute Type: No role specified!" 5 $BC
        fi
      ;;

    'Def IPC Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default IPC Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defipccr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_ipc_create_type $TMP &>$TMPFILE
                 then
                   DEFIPCCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_ipc_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default IPC Create Type: No role specified!" 5 $BC
        fi
      ;;

    "Go to Type Menu")
        ${RSBACPATH}rsbac_rc_type_menu
      ;;

    "Go to ACL Menu")
        ${RSBACPATH}rsbac_acl_menu
      ;;

    Quit)
        rm $TMPFILE ; rm $TMPFILETWO ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
