#!/bin/bash
# 
# This script is used for Administration of RSBAC general attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash - sorry!" 1>&2; exit 1; }
#
# We also need the proc fs mounted.
[ ! -f /proc/stat ] && { echo "This menu requires proc fs mounted" 1>&2; exit 1; }
#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC PM DAZ FF RC AUTH ACL CAP JAIL RES PAX'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm -f $TMPFILE
  fi
fi

set_geometry ()
{
        BL=${1:-24}
        BC=${2:-80}
        [ $BL = 0 ] && BL=24
        [ $BC = 0 ] && BC=80
        export LINES=$BL
        export COLUMNS=$BC
        BL=$((BL-4))
        BC=$((BC-5))
        MAXLINES=$((LINES-10))
}

set_geometry `stty size 2>/dev/null`

gl ()
{
        if test $1 -gt $MAXLINES
        then echo $MAXLINES
        else echo $1
        fi
}
													
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10

setonoff () {
      if echo $RSBACMOD | grep -q "\\<$1\\>"
      then
        echo on
      else
        echo off
      fi
}

onoff () {
      if test "$1" = "$2"
      then
        echo on
      else
        echo off
      fi
}

export BACKTITLE="RSBAC Administration Tools 1.4.0"
TITLE="`whoami`@`hostname`: RSBAC Administration"
ERRTITLE="RSBAC Administration - ERROR"

MODIFIED=no

show_help () {
  case "$RSBACLANG" in
    DE)
      show_help_german "$1"
      ;;
    RU)
      show_help_russian "$1"
      ;;
    *)
      show_help_english "$1"
      ;;
  esac
}

show_help_english () {
 {
  echo "$1"
  echo ""
  case "$1" in
    'Modules:')
      echo "Choose the modules you would like to see in the menues."
      ;;

    'Dialog Tool:')
      echo "Choose the dialog program. If it is not in a PATH directory, you can"
      echo "enter the full path here."
      ;;

    'Menu Help Language:')
      echo "Choose the language the menues use in their help texts."
      ;;

    'TMP Dir:')
      echo "Where RSBAC menues store there temporary files."
      ;;

    'Tool Path:')
      echo "Directory, where the RSBAC tools are. This variable must either be"
      echo "empty or end with a slash (/)."
      ;;

    'Menu Log File:')
      echo "File, where all set operations are logged."
      ;;

    'Reload:')
      echo "Restore startup settings by reloading config file."
      ;;

    'Save:')
      echo "Save changed settings to global or personal config file."
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_german () {
 {
  echo "$1"
  echo ""
  case "$1" in
    'Modules:')
      echo "Whle die Module, die in den Mens angezeigt werden sollen."
      ;;

    'Dialog Tool:')
      echo "Whle das dialog-Programm. Wenn es nicht in einem PATH-Verzeichnis"
      echo "liegt, bitte den vollen Pfad eingeben."
      ;;

    'Menu Help Language:')
      echo "Whle die Sprache der Men-Hilfen."
      ;;

    'TMP Dir:')
      echo "Temporres Verzeichnis fr die RSBAC-Mens."
      ;;

    'Tool Path:')
      echo "Verzeichnis, in dem sich die RSBAC-Hilfsprogramme befinden."
      echo "Diese Variable mu entweder leer sein oder mit einem Schrgstrich"
      echo "(/) enden!"
      ;;

    'Menu Log File:')
      echo "Logdatei, in der alle Attribut-Setzungen der Mens protokolliert"
      echo "werden."
      ;;

    'Reload:')
      echo "Starteinstellungen durch erneutes Lesen der Konfigurations-Datei"
      echo "wiederherstellen."
      ;;

    'Save:')
      echo "Genderte Einstellungen in globale oder persnliche"
      echo "Konfigurationsdatei speichern."
      ;;

    Quit)
        echo "Beende dieses Men."
      ;;

    *)
        echo "Keine Hilfe fr $1 verfgbar!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_russian () {
 {
  echo "$1"
  echo ""
  case "$1" in
    'Modules:')
      echo "Choose the modules you would like to see in the menues."
      ;;

    'Dialog Tool:')
      echo "Choose the dialog program. If it is not in a PATH directory, you can"
      echo "enter the full path here."
      ;;

    'Menu Help Language:')
      echo "Choose the language the menues use in their help texts."
      ;;

    'TMP Dir:')
      echo "Where RSBAC menues store there temporary files."
      ;;

    'Tool Path:')
      echo "Directory, where the RSBAC tools are. This variable must either be"
      echo "empty or end with a slash (/)."
      ;;

    'Menu Log File:')
      echo "File, where all set operations are logged."
      ;;

    'Reload:')
      echo "Restore startup settings by reloading config file."
      ;;

    'Save:')
      echo "Save changed settings to global or personal config file."
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --help-button --default-item "$CHOICE" \
         --menu "Settings Menu" $BL $BC `gl 11` \
                "Modules:" "$RSBACMOD" \
                "Dialog Tool:" "$DIALOG" \
                "Menu Help Language:" "$RSBACLANG" \
                "TMP Dir:" "$TMPDIR" \
                "Tool Path:" "(empty = use \$PATH) $RSBACPATH" \
                "Menu Log File:" "$RSBACLOGFILE" \
                "---------------" "" \
                "Reload:" "Reload settings" \
                "Save:" "Save settings" \
                "---------------" "" \
                "Quit" "" \
         2>$TMPFILE
   then
        if test "$MODIFIED" = "yes"
        then
          if ! $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --yesno "Settings have been modified. Exit anyway?" 5 $BC \
                   2>/dev/null
          then continue
          fi
        fi
        rm $TMPFILE ; exit
  fi

  CHOICE=`cat $TMPFILE`
  case $CHOICE in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    'Modules:')
        if \
        $DIALOG --title "$TITLE" \
               --backtitle "$BACKTITLE" \
               --checklist "Select Modules to Show" $BL $BC `gl 12` \
                      "GEN" "General attributes for all modules" "`setonoff GEN`" \
                      "MAC" "Mandatory Access Control (Bell-LaPadula)" "`setonoff MAC`" \
                      "PM"  "Privacy Model" "`setonoff PM`" \
                      "DAZ" "Dazuko (Malware Scan)" "`setonoff DAZ`" \
                      "FF"  "File Flags" "`setonoff FF`" \
                      "RC"  "Role Compatibility" "`setonoff RC`" \
                      "ACL" "Access Control Lists" "`setonoff ACL`" \
                      "AUTH" "Authorization" "`setonoff AUTH`" \
                      "CAP" "Linux Capabilities" "`setonoff CAP`" \
                      "JAIL" "Process JAILs" "`setonoff JAIL`" \
                      "RES" "Linux RESources" "`setonoff RES`" \
                      "PAX" "PaX Administration" "`setonoff PAX`" \
             2>$TMPFILE
        then
          RSBACMOD=`cat $TMPFILE|tr -d '"'`
          MODIFIED=yes
        fi
      ;;

    'Dialog Tool:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --inputbox "Dialog program" $BL $BC "$DIALOG" \
          2>$TMPFILE
        then DIALOG=`cat $TMPFILE`
          MODIFIED=yes
        fi
      ;;

    'Menu Help Language:')
        if \
        $DIALOG --title "$TITLE" \
               --backtitle "$BACKTITLE" \
               --radiolist "Select Language to use in Menu Help" $BL $BC `gl 4` \
                      "" "No pre-selection" "`onoff $RSBACLANG ''`" \
                      "EN" "English" "`onoff $RSBACLANG EN`" \
                      "DE" "German" "`onoff $RSBACLANG DE`" \
                      "RU" "Russian" "`onoff $RSBACLANG RU`" \
             2>$TMPFILE
        then
          RSBACLANG=`cat $TMPFILE|tr -d '"'`
          MODIFIED=yes
        fi
      ;;

    'TMP Dir:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --inputbox "Directory for Temporary Files" $BL $BC "$TMPDIR" \
          2>$TMPFILE
        then TMPDIR=`cat $TMPFILE`
          MODIFIED=yes
        fi
      ;;

    'Tool Path:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --inputbox 'Path to RSBAC tools dir (empty = use $PATH, end with /)' \
                       $BL $BC "$RSBACPATH" \
          2>$TMPFILE
        then RSBACPATH=`cat $TMPFILE`
          MODIFIED=yes
        fi
      ;;

    'Menu Log File:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --inputbox "Menu Log File (empty = none)" $BL $BC "$RSBACLOGFILE" \
          2>$TMPFILE
        then RSBACLOGFILE=`cat $TMPFILE`
          MODIFIED=yes
        fi
      ;;

    'Reload:')
        if test "$MODIFIED" = "yes"
        then
          if ! $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --yesno "Settings were modified. Reload anyway?" 5 $BC \
                   2>/dev/null
          then continue
          fi
        fi
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --menu "Load settings from" 10 $BC 3 \
                     "$HOME/.rsbacrc" "Personal Settings" \
                     "$RSBACCONF" "Global Settings" \
                     "Enter name" "$FILE" \
                   2>$TMPFILE
        then
          TMP="`cat $TMPFILE`"
          if test "$TMP" = "Enter name"
          then
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --inputbox "Filename to load settings from" $BL $BC "$FILE" \
              2>$TMPFILE
            then TMP=`cat $TMPFILE`
            else continue
            fi
          fi
          FILE=$TMP
          . $FILE
        fi
      ;;

    'Save:')
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --menu "Save settings to" 10 $BC 3 \
                     "$HOME/.rsbacrc" "Personal Settings" \
                     "$RSBACCONF" "Global Settings" \
                     "Enter name" "$FILE" \
                   2>$TMPFILE
        then
          TMP="`cat $TMPFILE`"
          if test "$TMP" = "Enter name"
          then
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --inputbox "Filename to save settings to" $BL $BC "$FILE" \
              2>$TMPFILE
            then TMP=`cat $TMPFILE`
            else continue
            fi
          fi
          FILE=$TMP
          {
            echo '# RSBAC menu configuration'
            echo "# `date`"
            if test -n "$RSBACMOD"
            then
              echo "RSBACMOD=\"$RSBACMOD\""
            else
              echo "# RSBACMOD is not set"
            fi
            if test -n "$DIALOG"
            then
              echo "DIALOG=\"$DIALOG\""
            else
              echo "# DIALOG is not set"
            fi
            if test -n "$RSBACLANG"
            then
              echo "RSBACLANG=\"$RSBACLANG\""
            else
              echo "# RSBACLANG is not set"
            fi
            if test -n "$TMPDIR"
            then
              echo "TMPDIR=\"$TMPDIR\""
            else
              echo "# TMPDIR is not set"
            fi
            if test -n "$RSBACPATH"
            then
              echo "RSBACPATH=\"$RSBACPATH\""
            else
              echo "# RSBACPATH is not set"
            fi
            if test -n "$RSBACLOGFILE"
            then
              echo "RSBACLOGFILE=\"$RSBACLOGFILE\""
            else
              echo "# RSBACLOGFILE is not set"
            fi
          } >$FILE && MODIFIED=no || \
            $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "Saving settings to $FILE failed!" 5 $BC \
                   2>/dev/null
        fi
      ;;

    Quit)
        if test "$MODIFIED" = "yes"
        then
          if ! $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --yesno "Settings have been modified. Exit anyway?" 5 $BC \
                   2>/dev/null
          then continue
          fi
        fi
        rm $TMPFILE ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
