#!/bin/bash
# 
# This script is used for Administration of RSBAC ACL groups
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
if test -z $TMPFILE
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
if test -z $TMPFILETWO
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

set_geometry ()
{
	BL=${1:-24}
	BC=${2:-80}
	[ $BL = 0 ] && BL=24
	[ $BC = 0 ] && BC=80
	export LINES=$BL
	export COLUMNS=$BC
	BL=$((BL-4))
	BC=$((BC-5))
	MAXLINES=$((LINES-10))
}

set_geometry `stty size 2>/dev/null`

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXWIDTH=$BC-26
declare -i MAXLINES=$LINES-10

if test -z "$BACKTITLE"
then BACKTITLE="RSBAC Administration Tools 1.4.0"
fi
TITLE="`whoami`@`hostname`: RSBAC ACL Group Administration"
HELPTITLE="`whoami`@`hostname`: RSBAC ACL Group Administration Help"
ERRTITLE="RSBAC ACL Administration - ERROR"

## no changes below this line!

NO_USER=65533
ALL_USERS=65532
GETMODE=real
GETSWITCH=

show_help () {
  case "$RSBACLANG" in
    DE)
      show_help_german "$1"
      ;;
    RU)
      show_help_russian "$1"
      ;;
    *)
      show_help_english "$1"
      ;;
  esac
}

show_help_english () {
 {
  echo "$1"
  echo ""
  case "$1" in
    Type)
      echo 'Set the group type: Private or Global.'
      ;;

    Owner)
      echo 'Set the group owner. You can transfer your own groups to other users,'
      echo 'but you will not be able to administrate them afterwards, because'
      echo 'you are no longer the group owner.'
      ;;

    Name)
      echo 'Change the group name. Since groups are identified by number, the'
      echo 'group name is for user benefit only.'
      ;;

    'Add Members')
      echo 'Add group members. Only users can be added.'
      ;;

    'Remove Members')
      echo 'Remove group members.'
      ;;

    'All / Personal')
      echo 'Show all or only your personal groups.'
      ;;

    'Add Group')
      echo 'Add a personal group.'
      ;;

    'Remove Group')
      echo 'Remove one of your groups.'
      ;;

    Quit)
      echo 'Quit this menu.'
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_german () {
 {
  echo "$1"
  echo ""
  case "$1" in
    Type)
      echo 'Setze den Gruppen-Typ: Privat oder Global.'
      ;;

    Owner)
      echo 'Setze den Gruppen-Eigner. Eigene Gruppen knnen an andere Benutzer'
      echo 'bertragen werden, knnen dann aber nur noch vom neuen Besitzer'
      echo 'administriert werden.'
      ;;

    Name)
      echo 'ndere den Gruppennamen. Da Gruppen nach Nummern identifiziert'
      echo 'werden, dient der Name nur der Benutzerfreundlichkeit.'
      ;;

    'Add Members')
      echo 'Fge Gruppenmitglieder hinzu. Nur Benutzer knnen hinzugefgt'
      echo 'werden.'
      ;;

    'Remove Members')
      echo 'Entferne Gruppenmitglieder.'
      ;;

    'All / Personal')
      echo 'Zeige alle oder nur eigene Gruppen.'
      ;;

    'Add Group')
      echo 'Fge eigene Gruppe hinzu.'
      ;;

    'Remove Group')
      echo 'Entferne eigene Gruppe.'
      ;;

    Quit)
      echo 'Beende dieses Men.'
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_russian () {
 {
  echo "$1"
  echo ""
  case "$1" in
    Type)
      echo 'Set the group type: Private or Global.'
      ;;

    Owner)
      echo 'Set the group owner. You can transfer your own groups to other users,'
      echo 'but you will not be able to administrate them afterwards, because'
      echo 'you are no longer the group owner.'
      ;;

    Name)
      echo 'Change the group name. Since groups are identified by number, the'
      echo 'group name is for user benefit only.'
      ;;

    'Add Members')
      echo 'Add a group member. Only users can be added.'
      ;;

    'Remove Members')
      echo 'Remove a group member.'
      ;;

    'All / Personal')
      echo 'Show all or only your personal groups.'
      ;;

    'Add Group')
      echo 'Add a personal group.'
      ;;

    'Remove Group')
      echo 'Remove one of your groups.'
      ;;

    Quit)
      echo 'Quit this menu.'
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_vname () {
  if test "$TYPE" = "NONE"
    then echo " "
         return
  fi
  if test -z "$2"
    then echo "N/A"
         return
  fi

  case $1 in
    onoff)
      case $2 in
        1) echo On
          ;;
        *) echo Off
          ;;
      esac 
      ;;
    *) echo ERROR!
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

get_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_name`
  fi
}

split_subj () {
  echo $1|tr '_' ' '
}

gen_glist () {
  if test "$1" = "All"
  then TMP=`$RSBACPATH""acl_group -gsn list_groups`
  else TMP=`$RSBACPATH""acl_group -sn list_groups`
  fi
  for i in $TMP
  do
    TMP2=`$RSBACPATH""acl_group -s get_group_entry $i|tr ' ' '_'`
    echo $i $TMP2
  done
}

declare -i MAXNAMELEN=$BC-34
name_print () {
  if test ${#1} -gt $MAXNAMELEN
  then
    declare -i START=${#1}-$MAXNAMELEN
    echo "$1" | cut -c$START-${#1}
  else
    echo "$1"
  fi
}

gen_ulist () {
  $RSBACPATH""acl_group get_group_members $1
}

gen_member_add_choice () {
  if ${RSBACPATH}attr_get_user -nl >$TMPFILE
  then
    TMP=`cat $TMPFILE | sort -n`
    for i in $TMP
    do
      echo $i `get_name $i` off
    done
  fi
}

gen_member_remove_choice () {
  if $RSBACPATH""acl_group -sn get_group_members $GROUP >$TMPFILE 2>/dev/null
  then
    TMP=`cat $TMPFILE`
    for i in $TMP
    do
      echo $i `get_name $i` off
    done
  fi
}

group_menu () {
  GROUP=$1
  if $RSBACPATH""acl_group get_group_type $GROUP >$TMPFILE 2>$TMPFILETWO
  then TYPE=`cat $TMPFILE`
  else
    $DIALOG --title "$ERRTITLE" \
           --backtitle "$BACKTITLE" \
           --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    return
  fi
  if $RSBACPATH""acl_group get_group_owner $GROUP >$TMPFILE 2>$TMPFILETWO
  then OWNER=`cat $TMPFILE`
  else
    $DIALOG --title "$ERRTITLE" \
           --backtitle "$BACKTITLE" \
           --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    return
  fi
  if $RSBACPATH""acl_group get_group_name $GROUP >$TMPFILE 2>$TMPFILETWO
  then NAME=`cat $TMPFILE`
  else
    $DIALOG --title "$ERRTITLE" \
           --backtitle "$BACKTITLE" \
           --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    return
  fi
  while true ; do \
    if ! \
    $DIALOG --title "$TITLE" \
           --backtitle "$BACKTITLE" \
           --help-button --default-item "$SELECTED" \
           --menu "Group Menu - Group $GROUP" $BL $BC $MAXLINES \
                  "Type" "$TYPE" \
                  "Owner" "$OWNER" \
                  "Name" "$NAME" \
                  "--------------" "" \
                  "Add Members" "" \
                  "Remove Members" "" \
                  "--------------" "" \
                  `gen_ulist $GROUP` \
                  "--------------" "" \
                  "Quit" "" \
           2>$TMPFILE
    then rm $TMPFILETWO ; return
    fi

    SELECTED=`cat $TMPFILE`
    case $SELECTED in
      HELP*)
          show_help "${SELECTED:5}"
          SELECTED="${SELECTED:5}"
        ;;
      Type)
          if test "$TYPE" = PRIVATE
          then TMP=GLOBAL
          else TMP=PRIVATE
          fi
          if $RSBACPATH""acl_group change_group $GROUP $OWNER $TMP "$NAME" &>$TMPFILE
          then
            TYPE=$TMP
            if test -n "$RSBACLOGFILE"
            then
              echo $RSBACPATH""acl_group change_group $GROUP $OWNER $TMP \"$NAME\" >>"$RSBACLOGFILE"
            fi
          else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          fi
        ;;

      Owner)
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$OWNER" \
                    --menu "Choose new owner for group $GROUP" $BL $BC $MAXLINES \
                           `${RSBACPATH}attr_get_user -bl` \
            2>$TMPFILE
          then
            TMP=`cat $TMPFILE`
            if $RSBACPATH""acl_group change_group $GROUP $TMP $TYPE "$NAME" &>$TMPFILE
            then
              OWNER=$TMP
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""acl_group change_group $GROUP $TMP $TYPE \"$NAME\" >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      Name)
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --inputbox "New name for group $GROUP (maxlen = 15)" $BL $BC "$NAME" \
            2>$TMPFILE
          then
            TMP=`cat $TMPFILE`
            if $RSBACPATH""acl_group change_group $GROUP $OWNER $TYPE "$TMP" &>$TMPFILE
            then
              NAME="$TMP"
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""acl_group change_group $GROUP $OWNER $TYPE \"$TMP\" >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      'Add Members')
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "New members for group $GROUP" $BL $BC $MAXLINES \
                      `gen_member_add_choice` \
             2>$TMPFILE
          then
            TMP=`cat $TMPFILE | tr -d '"'`
            if $RSBACPATH""acl_group add_member $GROUP $TMP &>$TMPFILE
            then
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""acl_group add_member $GROUP $TMP >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      'Remove Members')
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Members to be removed from group $GROUP" $BL $BC $MAXLINES \
                      `gen_member_remove_choice` \
             2>$TMPFILE
          then
            TMP=`cat $TMPFILE | tr -d '"'`
            if $RSBACPATH""acl_group remove_member $GROUP $TMP &>$TMPFILE
            then
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""acl_group remove_member $GROUP $TMP >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

      Quit)
          rm $TMPFILETWO
          return
        ;;

      "--------------")
          $DIALOG --title "$ERRTITLE" \
                 --backtitle "$BACKTITLE" \
                 --msgbox "Group Menu: Selection Error!" 5 $BC
        ;;
      *)
          TMP=`get_name $SELECTED`
          TTL=`echo $SELECTED|cut -d ':' -f 2|cut -d 's' -f 1`
          if test "$TTL" = "$SELECTED" -o -z "$TTL"
          then TTL=0
          fi
          if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "TTL for Group $GROUP Member $SELECTED: `grep '^'$TMP /etc/passwd`" 7 $BC "$TTL" 2>$TMPFILE
          then TTL=`cat $TMPFILE`
            if $RSBACPATH""acl_group -t "$TTL" add_member $GROUP "$SELECTED" &>$TMPFILE
            then
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""acl_group -t \"$TTL\" add_member $GROUP \"$SELECTED\" >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        ;;

    esac
  done
}

###################### Menu #################

SHOW=All

if test "$1" = "-h" -o "$1" = "--help"
then
  echo Use: $0 '[group-id]'
  exit
fi
if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
  } >>"$RSBACLOGFILE"
fi
if test -n "$1"
then
  group_menu $1
fi

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --help-button --default-item "$SELECTED" \
         --menu "Main Menu" $BL $BC $MAXLINES \
                "All / Personal" "$SHOW" \
                "Add Group" "" \
                "Remove Group" "" \
                "--------------" "" \
                `gen_glist $SHOW` \
                "--------------" "" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  SELECTED=`cat $TMPFILE`
  case $SELECTED in
    HELP*)
        show_help "${SELECTED:5}"
        SELECTED="${SELECTED:5}"
      ;;
    "All / Personal")
        if test "$SHOW" = "All"
        then SHOW=Personal
        else SHOW=All
        fi
      ;;

    'Add Group')
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Name for new group (maxlen = 15)" $BL $BC "New Group" \
           2>$TMPFILE
        then
          TMP=`cat $TMPFILE`
          if $RSBACPATH""acl_group add_group P "$TMP" &>$TMPFILE
          then
            if test -n "$RSBACLOGFILE"
            then
              echo $RSBACPATH""acl_group add_group P \"$TMP\" >>"$RSBACLOGFILE"
            fi
          else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          fi
        fi
      ;;

    "Remove Group")
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$SELECTED" \
                  --menu "Choose group to delete" $BL $BC $MAXLINES \
                  `gen_glist Personal` \
               2>$TMPFILE
        then
          TMP=`cat $TMPFILE`
          if $RSBACPATH""acl_group remove_group $TMP &>$TMPFILE
          then
            if test -n "$RSBACLOGFILE"
            then
              echo $RSBACPATH""acl_group remove_group $TMP >>"$RSBACLOGFILE"
            fi
          else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          fi
        fi
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    -------------------)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC
      ;;

    *)
      group_menu $SELECTED
      ;;

  esac
# sleep 2
done
