#!/bin/bash
# 
# This script is used for Administration of RSBAC RC Role entries
#
# Author and (c) 1999-2006 Amon Ott
#
# Last changed on 12/Sep/2006
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ITEMS="name role_comp admin_roles assign_roles type_comp_fd type_comp_dev \
       type_comp_ipc type_comp_process type_comp_group type_comp_netdev \
       type_comp_netobj type_comp_nettemp \
       type_comp_scd admin_type \
       def_fd_create_type def_process_create_type \
       def_process_chown_type def_process_execute_type \
       def_ipc_create_type def_group_create_type def_unixsock_create_type"

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC FC SIM PM DAZ FF RC AUTH ACL CAP JAIL RES PAX'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
if ! TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

set_geometry ()
{
        BL=${1:-24}
        BC=${2:-80}
        [ $BL = 0 ] && BL=24
        [ $BC = 0 ] && BC=80
        export LINES=$BL
        export COLUMNS=$BC
        BL=$((BL-4))
        BC=$((BC-5))
        MAXLINES=$((LINES-10))
}

set_geometry `stty size 2>/dev/null`

gl ()
{
        if test $1 -gt $MAXLINES
        then echo $MAXLINES
        else echo $1
        fi
}

if test -z "$LINES" ; then declare -i LINES=25 ; fi
if test -z "$COLUMNS" ; then declare -i COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10

if test -z "$BACKTITLE"
then BACKTITLE="RSBAC Administration Tools 1.3.6"
fi
TITLE="`whoami`@`hostname`: RSBAC RC Role Administration"
HELPTITLE="$TITLE Help"
ERRTITLE="RSBAC RC Role Administration - ERROR"

# Special values for types
#INHPR=64
#INHPA=65
#NOCR=66
#NOEX=67
#USENEW=68
INHPR=4294967295
INHPA=4294967294
NOCR=4294967293
NOEX=4294967292
USENEW=4294967291
NOCH=4294967290
USEFD=4294967289

# Special values for roles
#RINHUSER=64
#RINHPR=65
#RINHPA=66
RINHUSER=4294967295
RINHPR=4294967294
RINHPA=4294967293
RINHMIX=4294967292

show_help () {
 {
  echo "$1"
  echo ""
  case "$1" in
    "Role Number:")
      echo "Enter number of role to administrate."
      ;;

    Rolelist:)
      echo "Select role to administrate from a list of all defined roles."
      ;;

    "New Role")
      echo "Create a new role."
      ;;

    "Copy Role")
      echo "Copy a role to another. All role attributes and rights are copied."
      echo "The target role may already exist or can be created automatically."
      ;;

    "Delete Role")
      echo "Delete a role. All attributes and compatibility settings will be"
      echo "removed."
      ;;

    'Name:')
      echo "Change the role name."
      echo ""
      $RSBACPATH""rc_get_item -i name
      ;;

    'Role Comp:')
      echo "Select the roles this role is compatible with."
      echo ""
      echo "When running in a role, a process may change to all other roles this"
      echo "role is compatible with. After changing the role, all attributes of the"
      echo "new role are used, including the compatible roles. This means that the"
      echo "process might not be able to switch back to its original role."
      echo ""
      echo "All roles you add or remove from the compatible role set must be in the"
      echo "set of Assign Roles of your current role."
      ;;

    'Admin Roles:')
      echo "Select the roles this role is allowed to administrate."
      echo ""
      echo "When running in a role, a process may only administrate those roles that"
      echo "are in the Admin Roles set of the process role."
      echo ""
      echo "Only roles with Admin Type value Role Admin may change the set of Admin"
      echo "Roles."
      echo ""
      echo "Warning: Roles with Admin Type value Role Admin may always administrate"
      echo "all roles!"
      ;;

    'Assign Roles:')
      echo "Select the roles this role is allowed to assign as default to users and"
      echo "as initial or forced role to programs."
      echo ""
      echo "To assign a default role to a user, you need both the old and the new"
      echo "role of the user in your assign set."
      echo "To assign a role as initial or forced role to a program, you also need"
      echo "to be compatible with the FD type of the program file for request"
      echo "MODIFY_ATTRIBUTE."
      echo ""
      echo "Only roles with Admin Type value Role Admin may change the set of Assign"
      echo "Roles."
      echo ""
      echo "Warning: Roles with Admin Type value Role Admin may always assign all"
      echo "roles!"
      ;;

    'Type Comp FD:')
      echo "Select an FD type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp DEV:')
      echo "Select a DEV type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp User:')
      echo "Select a User type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp Process:')
      echo "Select a Process type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp IPC:')
      echo "Select an IPC type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp SCD:')
      echo "Select an SCD type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp Group:')
      echo "Select a Linux Group type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETDEV:')
      echo "Select a NETDEV type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETTEMP:')
      echo "Select a NETTEMP type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Type Comp NETOBJ:')
      echo "Select a NETOBJ type and then the requests for which this role is"
      echo "compatible with the selected type."
      ;;

    'Admin Type:')
      echo "This attribute overrides the Admin Roles and Assign Roles and the"
      echo "special type compatibility rights."
      echo ""
      echo "System Admins may read all settings, Role Admins may read and modify all"
      echo "settings. Role Admin is also needed to change Admin Roles, Assign Roles"
      echo "and Admin Type values."
      echo ""
      $RSBACPATH""rc_get_item -i admin_type
      ;;

    'Def FD Create Type:')
      echo "Select the type that is assigned to all filesystem objects created by this"
      echo "role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_fd_create_type
      ;;

    'Def FD Ind Create Type:')
      echo "Select the type that is assigned to all filesystem objects created by"
      echo "this role in directories with a given effective type."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type. If no individual value is set for a directory type, the global"
      echo "Def FD Create Type is used."
      echo ""
      $RSBACPATH""rc_get_item -i def_fd_ind_create_type
      ;;

    'Def User Create Type:')
      echo "Select the type that is assigned to all user objects created in RSBAC"
      echo "User Management by this role. Additional to this setting, the CREATE"
      echo "right must be granted for the type."
      echo ""
      $RSBACPATH""rc_get_item -i def_user_create_type
      ;;

    'Def Process Create Type:')
      echo "Select the type that is assigned to all processes created by this role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_create_type
      ;;

    'Def Process Chown Type:')
      echo "Select the type that is assigned to a process running in this role after"
      echo "CHANGE_OWNER (setuid)."
      echo ""
      echo "The special value Use Def Create of new Owner uses the Def Process"
      echo "Create Type of the process role after the CHANGE_OWNER request,"
      echo "depending on the force_role setting of the process. Usually, this is the"
      echo "default role of the new process owner."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_chown_type
      ;;

    'Def Process Execute Type:')
      echo "Select the type that is assigned to a process running in this role when"
      echo "executing another program."
      echo ""
      echo "Useful, if only the original program is meant to be protected through a"
      echo "special type."
      echo ""
      $RSBACPATH""rc_get_item -i def_process_execute_type
      ;;

    'Def IPC Create Type:')
      echo "Select the type that is assigned to all IPC objects created by this role."
      echo "Additional to this setting, the CREATE right must be granted for the"
      echo "type."
      echo ""
      $RSBACPATH""rc_get_item -i def_ipc_create_type
      ;;

    'Def Group Create Type:')
      echo "Select the type that is assigned to all group objects created in RSBAC"
      echo "User Management by this role. Additional to this setting, the CREATE"
      echo "right must be granted for the type."
      echo ""
      $RSBACPATH""rc_get_item -i def_group_create_type
      ;;

    'Def Unixsock Create Type:')
      echo "Select the type that is assigned as type to all unixsock objects"
      echo "created by this role. Additional to this setting, the CREATE right"
      echo "must be granted for the type. The special value use_fd means use"
      echo "def_fd_create_type."
      echo ""
      $RSBACPATH""rc_get_item -i def_unixsock_create_type
      ;;

    'Boot Role:')
      echo "Toggle, whether this role is used to start the system."
      echo ""
      echo "Only one role should be selected as boot role. If more than one role has"
      echo "been selected, the lowest role number is chosen. Without a distinguished"
      echo "boot role, the system starts with the default role of user 0 (root)."
      echo ""
      $RSBACPATH""rc_get_item -i boot_role
      ;;

    'Req Reauth:')
      echo "Toggle, to indicate if one has to authenticate before changing to this role."
      echo ""
      echo "If it is set on additional user UM password has to be passed before beeing"
      echo "granted to change current RC role to this role."
      echo ""
      $RSBACPATH""rc_get_item -i req_reauth
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_items () {
  if test "$1" != "" 
    then \
         NAME=`$RSBACPATH""rc_get_item ROLE $1 name`
         COMPROLE=`$RSBACPATH""rc_get_item ROLE $1 list_role_comp_nr`
         ADMROLES=`$RSBACPATH""rc_get_item ROLE $1 list_admin_role_nr`
         ASSROLES=`$RSBACPATH""rc_get_item ROLE $1 list_assign_role_nr`
         ADMTYPE=`$RSBACPATH""rc_get_item ROLE $1 admin_type`
         DEFFDCR=`$RSBACPATH""rc_get_item ROLE $1 def_fd_create_type`
         DEFFDICR=`$RSBACPATH""rc_get_item list_def_fd_ind_create_type_values $1`
         DEFUCR=`$RSBACPATH""rc_get_item ROLE $1 def_user_create_type`
         DEFPCR=`$RSBACPATH""rc_get_item ROLE $1 def_process_create_type`
         DEFPCH=`$RSBACPATH""rc_get_item ROLE $1 def_process_chown_type`
         DEFPEX=`$RSBACPATH""rc_get_item ROLE $1 def_process_execute_type`
         DEFIPCCR=`$RSBACPATH""rc_get_item ROLE $1 def_ipc_create_type`
         DEFGCR=`$RSBACPATH""rc_get_item ROLE $1 def_group_create_type`
         DEFUSCR=`$RSBACPATH""rc_get_item ROLE $1 def_unixsock_create_type`
         BOOTROLE=`$RSBACPATH""rc_get_item ROLE $1 boot_role`
	 REQREAUTH=`$RSBACPATH""rc_get_item ROLE $1 req_reauth`
    else \
         NAME=
         COMPROLE=
         ADMTYPE=
         DEFFDCR=
         DEFUCR=
         DEFPCR=
         DEFPCH=
         DEFPEX=
         DEFIPCCR=
         DEFGCR=
         BOOTROLE=
	 REQREAUTH=
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffi () {
   if test $1 -eq $2
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_value_name () {
  case $1 in
    admtype)
      case $2 in
        0) echo No Admin
          ;;
        1) echo Role Admin
          ;;
        2) echo System Admin
          ;;
      esac 
      ;;
  esac
}

role_name () {
  if test "$ROLE" = ""
  then echo " "
  else
    case $1 in
      $RINHUSER)
        echo Inherit from User
        ;;
      $RINHPR)
        echo Inherit from Process
        ;;
      $RINHPA)
        echo Inherit from Parent
        ;;
      $RINHMIX)
        echo Mixed inherit
        ;;

      *)
        if ! $RSBACPATH""rc_get_item ROLE $1 name
        then echo "(unknown)"
        fi
        ;;
    esac
  fi
}


type_name () {
  if test -z "$ROLE" -o -z "$2"
  then echo " "
  else \
    case $2 in
      $INHPR)
        echo Inherit from Process
        ;;
      $INHPA)
        echo Inherit from Parent
        ;;
      $NOCR)
        echo No create allowed
        ;;
      $NOEX)
        echo No execute allowed
        ;;
      $USENEW)
        echo Use def_create of new role
        ;;
      $NOCH)
        echo No change_owner allowed
        ;;
      $USEFD)
        echo Use def_fd_create_type
        ;;
      *)
        case $1 in
           fd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_fd_name
             then echo "(unknown)"
             fi
             ;;
           dev)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_dev_name
             then echo "(unknown)"
             fi
             ;;
           user)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_user_name
             then echo "(unknown)"
             fi
             ;;
           process)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_process_name
             then echo "(unknown)"
             fi
             ;;
           ipc)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_ipc_name
             then echo "(unknown)"
             fi
             ;;
           scd)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_scd_name
             then echo "(unknown)"
             fi
             ;;
           group)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_group_name
             then echo "(unknown)"
             fi
             ;;
           netdev)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_netdev_name
             then echo "(unknown)"
             fi
             ;;
           nettemp)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_nettemp_name
             then echo "(unknown)"
             fi
             ;;
           netobj)
             if ! $RSBACPATH""rc_get_item TYPE $2 type_netobj_name
             then echo "(unknown)"
             fi
             ;;
        esac
        ;;
    esac
  fi
}

gen_role_list () {
    for i in $ALLROLENR
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE $1 $i`
      TMP2=`${RSBACPATH}rc_get_item ROLE $i name|tr ' ' '_'`
      if test -z $TMP2
      then TMP2="(unused)"
      fi
      echo $i \
      $TMP2 \
      `onoffb $TMP`
    done
}

gen_type_list () {
        case $1 in
           fd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_fd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           dev)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_dev $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_dev_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           user)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_user $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_user_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           process)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_process $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           ipc)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_ipc $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           scd)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_scd $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_scd_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           group)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_group $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_group_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           netdev)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_netdev $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_netdev_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           nettemp)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_nettemp $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_nettemp_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;
           netobj)
             for i in $ALLTYPENR
             do
               TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_netobj $i`
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_netobj_name|tr ' ' '_'` \
               `onoffb $TMP`
             done
             ;;

           deffdcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_fd_type_nr`
             echo $INHPR "Inherit_from_process" `onoff $INHPR $DEFFDCR`
             echo $INHPA "Inherit_from_parent" `onoff $INHPA $DEFFDCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFFDCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffi $i $DEFFDCR`
             done
             ;;
           deffdind)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_fd_type_nr`
             for i in $ALLTYPENR
             do
               TMP=$(${RSBACPATH}rc_get_item ROLE $ROLE def_fd_ind_create_type $i 2>/dev/null)
               if test -n "$TMP"
               then
                 echo "$i/$(type_name fd $i|tr ' ' '_')" \
                   $TMP/$(type_name fd $TMP|tr ' ' '_')
               else
                 echo "$i/$(type_name fd $i|tr ' ' '_')" \
                   "(unused)"
               fi
             done
             ;;
           deffdicr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_fd_type_nr`
             TMP=$(${RSBACPATH}rc_get_item ROLE $ROLE def_fd_ind_create_type $2 2>/dev/null)
             echo Remove "Use_Def_FD_Create_Type" `onoff "" "$TMP"`
             echo $INHPR "Inherit_from_process" `onoff $INHPR "$TMP"`
             echo $INHPA "Inherit_from_parent" `onoff $INHPA "$TMP"`
             echo $NOCR "No_create_allowed" `onoff $NOCR "$TMP"`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoff "$i" "$TMP"`
             done
             ;;
           defucr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_user_type_nr`
             echo $INHPR "Inherit_from_process" `onoff $INHPR $DEFUCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFUCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_user_name|tr ' ' '_'` \
               `onoffi $i $DEFUCR`
             done
             ;;
           defpcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
             echo $INHPA "Inherit_from_parent_(keep)" `onoff $INHPA $DEFPCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFPCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCR`
             done
             ;;
           defpch)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
             echo $INHPA "Inherit_from_parent_(keep)" `onoff $INHPA $DEFPCH`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFPCH`
             echo $USENEW "Use_def_create_of_new_role" `onoff $USENEW $DEFPCH`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPCH`
             done
             ;;
           defpex)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
             echo $INHPR "Inherit_from_process_(keep)" `onoff $INHPR $DEFPEX`
             echo $NOEX "No_execute_allowed" `onoff $NOEX $DEFPEX`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_process_name|tr ' ' '_'` \
               `onoffi $i $DEFPEX`
             done
             ;;
           defipccr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_ipc_type_nr`
             echo $INHPR "Inherit_from_process" `onoff $INHPR $DEFIPCCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFIPCCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_ipc_name|tr ' ' '_'` \
               `onoffi $i $DEFIPCCR`
             done
             ;;
           defgcr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_group_type_nr`
             echo $INHPR "Inherit_from_process" `onoff $INHPR $DEFGCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFGCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_group_name|tr ' ' '_'` \
               `onoffi $i $DEFGCR`
             done
             ;;
           defuscr)
             ALLTYPENR=`$RSBACPATH""rc_get_item list_fd_type_nr`
             echo $USEFD "Use_FD" `onoff $USEFD $DEFUSCR`
             echo $NOCR "No_create_allowed" `onoff $NOCR $DEFUSCR`
             for i in $ALLTYPENR
             do
               echo $i \
               `${RSBACPATH}rc_get_item TYPE $i type_fd_name|tr ' ' '_'` \
               `onoffi $i $DEFUSCR`
             done
             ;;
        esac
}

choose_role () {
      if $RSBACPATH""rc_get_item list_roles >$TMPFILE
      then \
	if test "$1" = "allrole"
	then
	  UNUSED="`rc_get_item list_unused_role_nr`"
	  echo "$UNUSED" "(unused)" >>$TMPFILE
	  echo "Enter" "(type-in)" >>$TMPFILE
	fi
	ROLELIST=`cat $TMPFILE`
	TMP=$ROLE
        while $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$TMP" \
                  --menu "$2" $BL $BC $MAXLINES \
                  $ROLELIST \
           2>$TMPFILE
        do TMP=`cat $TMPFILE`
          if test "$TMP" = "Enter"
          then
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --inputbox "$2: Enter role number" $BL $BC "$UNUSED" \
              2>$TMPFILE
            then TMP=`cat $TMPFILE`
            else
              rm $TMPFILE
            fi
          fi
          return
        done
        rm $TMPFILE
      else \
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "$2" $BL $BC "$3" \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if ! $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role: Invalid role $TMP!" 5 $BC
                 rm $TMPFILE
             fi
        fi
      fi
}

gen_right_list () {
    for i in $ALLREQUESTS
    do
      TMP=`${RSBACPATH}rc_get_item ROLE $ROLE type_comp_$1 $2 $i`
      echo $i "`onoffb $TMP`" \
      `onoffb $TMP`
    done
}


check_rights () {
  ALLREQUESTS=`$RSBACPATH""rc_get_item list_$2_rights`
  COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  TYPENAME="`${RSBACPATH}rc_get_item TYPE $3 type_$2_name`"
  if $DIALOG --title "$1 Compatibilites for Role $ROLE \"$NAME\", Type $3 \"$TYPENAME\"" \
            --backtitle "$BACKTITLE" \
            --checklist "Bits: $COMPBITS" $BL $BC $MAXLINES \
              `gen_right_list $2 $3` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
    2>$TMPFILE
  then TMP=`cat $TMPFILE|tr -d '"'`
       if $RSBACPATH""rc_set_item ROLE $ROLE type_comp_$2 $3 $TMP &>$TMPFILE
       then
         if test -n "$RSBACLOGFILE"
         then
           echo $RSBACPATH""rc_set_item ROLE $ROLE type_comp_$2 $3 $TMP >>"$RSBACLOGFILE"
         fi
       else
           $DIALOG --title "$ERRTITLE" \
                  --backtitle "$BACKTITLE" \
                  --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           continue
       fi
#       COMPBITS=`$RSBACPATH""rc_get_item ROLE $ROLE type_comp_$2 $3`
  fi
}


declare -i MAXCOMPLEN=$BC-45
declare -i COMPLENRES=64-$MAXCOMPLEN
comp_print () {
  if test ${#1} -le $MAXCOMPLEN
  then echo $1
  else echo -n '*';echo $1|cut -c$COMPLENRES-65
  fi
#   echo $1
}

if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
  } >>"$RSBACLOGFILE"
fi

if test "$1" != ""
then ROLE=$1
else
  choose_role usedrole "Startup: Choose role to edit" ""
  if test -f $TMPFILE
  then
    ROLE=`cat $TMPFILE`
  else
    ROLE=0
  fi
fi
if test "$ROLE" != ""
then get_items $ROLE
fi

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --help-button --default-item "$CHOICE" \
         --menu "Main Menu" $BL $BC `gl 33` \
                "Rolelist:" "Choose role from list" \
                "---------------" " "\
                "Role Number:" "$ROLE" \
                "Name:" "$NAME" \
                "Role Comp:" "`comp_print \"$COMPROLE\"`" \
                "Admin Roles:" "`comp_print \"$ADMROLES\"`" \
                "Assign Roles:" "`comp_print \"$ASSROLES\"`" \
                "Type Comp FD:" "(Matrix not printable)" \
                "Type Comp DEV:" "(Matrix not printable)" \
                "Type Comp User:" "(Matrix not printable)" \
                "Type Comp Process:" "(Matrix not printable)" \
                "Type Comp IPC:" "(Matrix not printable)" \
                "Type Comp SCD:" "(Matrix not printable)" \
                "Type Comp Group:" "(Matrix not printable)" \
                "Type Comp NETDEV:" "(Matrix not printable)" \
                "Type Comp NETTEMP:" "(Matrix not printable)" \
                "Type Comp NETOBJ:" "(Matrix not printable)" \
                "Admin Type:" "$ADMTYPE / `get_value_name admtype $ADMTYPE`" \
                "Def FD Create Type:" "$DEFFDCR / `type_name fd $DEFFDCR`" \
                "Def FD Ind Create Type:" "`comp_print \"$DEFFDICR\"`" \
                "Def User Create Type:" "$DEFUCR / `type_name user $DEFUCR`" \
                "Def Process Create Type:" "$DEFPCR / `type_name process $DEFPCR`" \
                "Def Process Chown Type:" "$DEFPCH / `type_name process $DEFPCH`" \
                "Def Process Execute Type:" "$DEFPEX / `type_name process $DEFPEX`" \
                "Def IPC Create Type:" "$DEFIPCCR / `type_name ipc $DEFIPCCR`" \
                "Def Group Create Type:" "$DEFGCR / `type_name group $DEFGCR`" \
                "Def Unixsock Create Type:" "$DEFUSCR / `type_name fd $DEFUSCR`" \
                "Boot Role:" "$(onoffb $BOOTROLE)" \
		"Req Reauth:" "$(onoffb $REQREAUTH)" \
                "---------------" " "\
                "New Role" "" \
                "Copy Role" "(To other role)" \
                "Delete Role" "" \
                "Go to Type Menu" "" \
                "Go to ACL Menu" "" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; rm $TMPFILETWO ; exit
  fi

  CHOICE=`cat $TMPFILE`
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    "Role Number:")
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Role ID" $BL $BC $ROLE \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""rc_get_item ROLE $TMP name >$TMPFILE
             then ROLE=$TMP
                  get_items $ROLE
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role: Unknown role $TMP!" 5 $BC
             fi
        fi
      ;;

    Rolelist:)
      choose_role usedrole "Rolelist: Choose role" $ROLE
      if test -f $TMPFILE
      then ROLE=`cat $TMPFILE`
           get_items $ROLE
      fi
      ;;

    "New Role")
      if ! \
      $DIALOG --title "$TITLE" \
           --backtitle "$BACKTITLE" \
           --inputbox "Enter role number to add" 8 $BC \
                  `${RSBACPATH}rc_get_item list_unused_role_nr` \
            2>$TMPFILE
      then rm $TMPFILE ; continue
      fi
      TMP=`cat $TMPFILE`
      if ${RSBACPATH}rc_get_item ROLE $TMP name >$TMPFILE
      then \
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Role `cat $TMPFILE` exists!" $BL $BC
      else
        if $RSBACPATH""rc_set_item ROLE $TMP name "Role $TMP" &>$TMPFILE
        then
          if test -n "$RSBACLOGFILE"
          then
            echo $RSBACPATH""rc_set_item ROLE $TMP name \"Role $TMP\" >>"$RSBACLOGFILE"
          fi
          CHOICE="Name:"
          ROLE=$TMP
          get_items $ROLE
        else
          $DIALOG --title "$ERRTITLE" \
                  --backtitle "$BACKTITLE" \
                  --msgbox "`head $TMPFILE`" $BL $BC
        fi
      fi
      ;;


    "Copy Role")
      choose_role usedrole "Copy Role: Choose source role" $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      choose_role allrole "Copy Role: Choose target role" ""
      if test ! -f $TMPFILE
      then continue
      fi
      TGTROLE=`cat $TMPFILE`
      if $DIALOG --title "$TITLE" \
                --backtitle "$BACKTITLE" --defaultno \
                --yesno "Copy role $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`) to $TGTROLE (`${RSBACPATH}rc_get_item ROLE $TGTROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_copy_role $TMPROLE $TGTROLE &>$TMPFILE
           then ROLE=$TGTROLE
                get_items $ROLE
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi

      fi
      ;;

    "Delete Role")
      choose_role used_role "Delete Role: Choose role to delete" $ROLE
      if test ! -f $TMPFILE
      then continue
      fi
      TMPROLE=`cat $TMPFILE`
      if $DIALOG --title "$TITLE" \
                --backtitle "$BACKTITLE" --defaultno \
                --yesno "Delete role $TMPROLE (`${RSBACPATH}rc_get_item ROLE $TMPROLE name`)?" $BL $BC \
         2>/dev/null
      then if $RSBACPATH""rc_set_item ROLE $TMPROLE remove_role &>$TMPFILE
           then
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""rc_set_item ROLE $TMPROLE remove_role >>"$RSBACLOGFILE"
             fi
             if test $ROLE -eq $TMPROLE
             then choose_role used_role "Role deleted: Choose another role" ""
                  if test -f $TMPFILE
                  then ROLE=`cat $TMPFILE`
                    get_items $ROLE
                  else
                    ROLE=
                  fi
                  get_items $ROLE
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
           fi
       fi
      ;;

    'Name:')
        if test "$ROLE" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --max-input 15 \
                     --inputbox "Name for Role $ROLE (maxlen = 15)" $BL $BC "$NAME" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE name "$TMP" &>$TMPFILE
               then
                 NAME=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""rc_set_item ROLE $ROLE name \"$TMP\" >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Name: No role specified!" 5 $BC
        fi
      ;;

    'Role Comp:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Role Compatibilites for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "List: `echo $COMPROLE`" $BL $BC $MAXLINES \
                    `gen_role_list role_comp` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              for i in $COMPROLE
              do
                if ! echo $TMP | grep -q "\\<$i\\>"
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 0 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 0 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Unset $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              for i in $TMP
              do
                if ! echo $COMPROLE | grep -q "\\<$i\\>"
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 1 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE role_comp $i 1 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Set $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              COMPROLE=`$RSBACPATH""rc_get_item ROLE $ROLE list_role_comp_nr`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Role Comp: No role specified!" 5 $BC
        fi
      ;;

    'Admin Roles:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Admin Roles for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "List: `echo $ADMROLES`" $BL $BC $MAXLINES \
                    `gen_role_list admin_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              for i in $ADMROLES
              do
                if ! echo $TMP | grep -q "\\<$i\\>"
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 0 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 0 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Unset $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              for i in $TMP
              do
                if ! echo $ADMROLES | grep -q "\\<$i\\>"
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 1 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE admin_roles $i 1 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Set $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              ADMROLES=`$RSBACPATH""rc_get_item ROLE $ROLE list_admin_role_nr`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Admin Roles: No role specified!" 5 $BC
        fi
      ;;

    'Assign Roles:')
        if test "$ROLE" != ""
        then \
          ALLROLENR=`$RSBACPATH""rc_get_item list_role_nr`
          if $DIALOG --title "Assign Roles for Role $ROLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "List: `echo $ASSROLES`" $BL $BC $MAXLINES \
                      $RINHUSER "always inherit from user" \
                        $(onoffb $(${RSBACPATH}rc_get_item ROLE $ROLE assign_roles $RINHUSER)) \
                      $RINHPR "inherit process (keep role)" \
                        $(onoffb $(${RSBACPATH}rc_get_item ROLE $ROLE assign_roles $RINHPR)) \
                      $RINHPA "inherit parent dir (default)" \
                        $(onoffb $(${RSBACPATH}rc_get_item ROLE $ROLE assign_roles $RINHPA)) \
                      $RINHMIX "mixed inherit proc/user (root dir default)" \
                        $(onoffb $(${RSBACPATH}rc_get_item ROLE $ROLE assign_roles $RINHMIX)) \
                    `gen_role_list assign_roles` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
              for i in $ASSROLES
              do
                if ! echo $TMP | grep -q "\\<$i\\>"
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 0 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 0 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Unset $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              for i in $TMP
              do
                if ! echo $ASSROLES | grep -q "\\<$i\\>"
                then
                  if $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 1 &>$TMPFILE
                  then
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""rc_set_item ROLE $ROLE assign_roles $i 1 >>"$RSBACLOGFILE"
                    fi
                  else
                    $DIALOG --title "$ERRTITLE" \
                           --backtitle "$BACKTITLE" \
                           --msgbox "Set $ROLE/$i: `head -n 1 $TMPFILE`" $BL $BC
                  fi
                fi
              done
              ASSROLES=`$RSBACPATH""rc_get_item ROLE $ROLE list_assign_role_nr`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Assign Roles: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp FD:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "FD Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_fd_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights FD fd $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp FD: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp DEV:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "DEV Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_dev_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights DEV dev $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp DEV: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp User:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_user_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "User Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_user_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights User user $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp User: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp Process:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_process_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "Process Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_process_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights Process process $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp Process: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp IPC:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_ipc_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "IPC Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_ipc_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights IPC ipc $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp IPC: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp SCD:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_scd_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "SCD Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_scd_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights SCD scd $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp SCD: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp Group:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_group_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "Group Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_group_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights Group group $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp Group: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp NETDEV:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_netdev_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "NETDEV Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_netdev_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights NETDEV netdev $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp NETDEV: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp NETTEMP:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_nettemp_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "NETTEMP Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_nettemp_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights NETTEMP nettemp $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp NETTEMP: No role specified!" 5 $BC
        fi
      ;;

    'Type Comp NETOBJ:')
        if test "$ROLE" != ""
        then \
          TMPTYPE=
          ALLTYPENR=`$RSBACPATH""rc_get_item list_netobj_type_nr`
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMPTYPE" \
                    --menu "NETOBJ Type Compatibilites for Role $ROLE \"$NAME\" - Choose type" $BL $BC $MAXLINES \
                    `${RSBACPATH}rc_get_item list_netobj_types` \
             2>$TMPFILE
          do TMPTYPE=`cat $TMPFILE|tr -d '"'`
            check_rights NETOBJ netobj $TMPTYPE
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Type Comp NETOBJ: No role specified!" 5 $BC
        fi
      ;;

    'Admin Type:')
        if test "$ROLE" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Admin Type for Role $ROLE" $BL $BC 3 \
                                0 "`get_value_name admtype 0`" `onoff 0 $ADMTYPE` \
                                1 "`get_value_name admtype 1`" `onoff 1 $ADMTYPE` \
                                2 "`get_value_name admtype 2`" `onoff 2 $ADMTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""rc_set_item ROLE $ROLE admin_type $TMP &>$TMPFILE
               then
                 ADMTYPE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""rc_set_item ROLE $ROLE admin_type $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Admin Type: No role specified!" 5 $BC
        fi
      ;;

    'Def FD Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default FD Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list deffdcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_fd_create_type $TMP &>$TMPFILE
                 then
                   DEFFDCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_fd_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default FD Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def FD Ind Create Type:')
        if test "$ROLE" != ""
        then
          while $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --menu "Choose Parent Dir Type for Default FD Ind Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list deffdind` \
               2>$TMPFILE
          do TMP2=`cat $TMPFILE|cut -d "/" -f 1`
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default FD Individual Create Type for Role $ROLE to Type $TMP2" $BL $BC $MAXLINES \
                      `gen_type_list deffdicr $TMP2` \
               2>$TMPFILE
            then
              TMP=`cat $TMPFILE`
              if test "$TMP" = "Remove"
              then
                if $RSBACPATH""rc_set_item ROLE $ROLE def_fd_ind_create_type_remove $TMP2 &>$TMPFILE
                then
                  DEFFDICR=`$RSBACPATH""rc_get_item list_def_fd_ind_create_type_values $1`
                  if test -n "$RSBACLOGFILE"
                  then
                    echo $RSBACPATH""rc_set_item ROLE $ROLE def_fd_ind_create_type_remove $TMP2 >>"$RSBACLOGFILE"
                  fi
                else
                  $DIALOG --title "$ERRTITLE" \
                         --backtitle "$BACKTITLE" \
                         --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                fi
              else
                if $RSBACPATH""rc_set_item ROLE $ROLE def_fd_ind_create_type $TMP2 $TMP &>$TMPFILE
                then
                  DEFFDICR=`$RSBACPATH""rc_get_item list_def_fd_ind_create_type_values $1`
                  if test -n "$RSBACLOGFILE"
                  then
                    echo $RSBACPATH""rc_set_item ROLE $ROLE def_fd_ind_create_type $TMP2 $TMP >>"$RSBACLOGFILE"
                  fi
                else
                  $DIALOG --title "$ERRTITLE" \
                         --backtitle "$BACKTITLE" \
                         --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                fi
              fi
            fi
          done
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default FD Ind Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def User Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default User Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defucr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_user_create_type $TMP &>$TMPFILE
                 then
                   DEFUCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_user_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default User Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Process Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_create_type $TMP &>$TMPFILE
                 then
                   DEFPCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_process_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Process Chown Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Chown Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpch` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_chown_type $TMP &>$TMPFILE
                 then
                   DEFPCH=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_process_chown_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Chown Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Process Execute Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Process Execute Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defpex` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_process_execute_type $TMP &>$TMPFILE
                 then
                   DEFPEX=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_process_execute_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Process Execute Type: No role specified!" 5 $BC
        fi
      ;;

    'Def IPC Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default IPC Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defipccr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_ipc_create_type $TMP &>$TMPFILE
                 then
                   DEFIPCCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_ipc_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default IPC Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Group Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Group Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defgcr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_group_create_type $TMP &>$TMPFILE
                 then
                   DEFGCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_group_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Group Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Def Unixsock Create Type:')
        if test "$ROLE" != ""
        then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --radiolist "Choose Default Unixsock Create Type for Role $ROLE" $BL $BC $MAXLINES \
                      `gen_type_list defuscr` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""rc_set_item ROLE $ROLE def_unixsock_create_type $TMP &>$TMPFILE
                 then
                   DEFUSCR=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""rc_set_item ROLE $ROLE def_unixsock_create_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "Default Unixsock Create Type: No role specified!" 5 $BC
        fi
      ;;

    'Boot Role:')
        if test "$ROLE" != ""
        then
          if test "$BOOTROLE" = "0"
          then
            TMP=1
          else
            TMP=0
          fi
          if $RSBACPATH""rc_set_item ROLE $ROLE boot_role $TMP &>$TMPFILE
          then
            BOOTROLE=$TMP
            if test -n "$RSBACLOGFILE"
            then
              echo $RSBACPATH""rc_set_item ROLE $ROLE boot_role $TMP >>"$RSBACLOGFILE"
            fi
          else
            $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "boot_role: No role specified!" 5 $BC
        fi
      ;;

    'Req Reauth:')
        if test "$ROLE" != ""
        then
          if test "$REQREAUTH" = "0"
          then
            TMP=1
          else
            TMP=0
          fi
          if $RSBACPATH""rc_set_item ROLE $ROLE req_reauth $TMP &>$TMPFILE
          then
            REQREAUTH=$TMP
            if test -n "$RSBACLOGFILE"
            then
              echo $RSBACPATH""rc_set_item ROLE $ROLE req_reauth $TMP >>"$RSBACLOGFILE"
            fi
          else
            $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head $TMPFILE`" $BL $BC
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "req_reauth: No role specified!" 5 $BC
        fi
      ;;




    "Go to Type Menu")
        ${RSBACPATH}rsbac_rc_type_menu
      ;;

    "Go to ACL Menu")
        ${RSBACPATH}rsbac_acl_menu
      ;;

    Quit)
        rm $TMPFILE ; rm $TMPFILETWO ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
