#!/bin/bash
# 
# This script is used for Administration of RSBAC ACLs
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
if ! TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

set_geometry ()
{
        BL=${1:-24}
	BC=${2:-80}
	[ $BL = 0 ] && BL=24
	[ $BC = 0 ] && BC=80
	export LINES=$BL
	export COLUMNS=$BC
	BL=$((BL-4))
	BC=$((BC-5))
	MAXLINES=$((LINES-10))
}

set_geometry `stty size 2>/dev/null`

gl ()
{
        if test $1 -gt $MAXLINES
        then echo $MAXLINES
        else echo $1
        fi
}

if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXWIDTH=$BC-26
declare -i MAXLINES=$LINES-10

if test -z "$BACKTITLE"
then BACKTITLE="RSBAC Administration Tools 1.4.0"
fi
TITLE="`whoami`@`hostname`: RSBAC ACL Administration"
HELPTITLE="`whoami`@`hostname`: RSBAC ACL Administration Help"
ERRTITLE="RSBAC ACL Administration - ERROR"

## no changes below this line!

NO_USER=65533
ALL_USERS=65532
GETMODE=real
GETSWITCH=

show_help () {
 {
  echo "$1"
  echo ""
  case "$1" in
      FD)
        echo File/Dir/Fifo/Symlink ACLs
        ;;
      DEV)
        echo Device ACLs
        ;;
      USER)
        echo User ACLs
        ;;
      PROCESS)
        echo Process ACLs
        ;;
      IPC)
        echo Inter Process Communication ACLs
        ;;
      SCD)
        echo System Control Data ACLs
        ;;
      GROUP)
        echo Linux Group ACLs
        ;;
      NETDEV)
        echo Network Devices
        ;;
      NETTEMP_NT)
        echo Network Templates - ACL for template accesses.
        ;;
      NETTEMP)
        echo Network Templates - ACL for network object accesses.
        ;;
      NETOBJ)
        echo Network objects
        ;;
      :DEFAULT:)
        echo "$TARGET default ACL, the top parent object for all inheritance."
        ;;

    'File/Dir/Fifo/Symlink List')
      echo "Choose object from a list."
      ;;

    'Device List')
      echo "Choose device from /dev."
      ;;

    'Dev-Major-List:')
        echo "Choose major device specification from list."
      ;;

    "DEV-Specification:")
        echo "Enter a device specification {b|c}major[:minor],"
        echo "e.g. b8:1 for /dev/sda1 or c2 for pseudo tty masters."
      ;;

    'SCD List')
      echo "Choose object from a list."
      ;;

    'User List')
      echo "Choose object from a list."
      ;;

    'Linux Group List')
      echo "Choose object from a list."
      ;;

    'Network Device List')
      echo "Choose object from a list."
      ;;

    'Network Template List')
      echo "Choose object from a list."
      ;;

    "File/Dir/Fifo/Symlink" | "Device" | "SCD")
      echo "Enter object name."
      ;;

    "User" | "Process" | "IPC")
      echo "Enter object name."
      ;;

    "Follow")
      echo "Follow a symbolic link."
      ;;

    "Choose Target")
      echo "Choose target type."
      ;;

    'Add ACL Entry')
      echo "Add an ACL entry for this object."
      ;;

    "Remove Entry")
      echo "Remove an ACL entry from this object."
      ;;

    "Change TTL")
      echo "Change time-to-live for an ACL entry of this object. After this"
      echo "time the entry will be removed."
      ;;

    "Name / Rights")
      echo "Switch between subject names and rights to be shown in menu."
      ;;

    'Who has here')
      echo "Show which subjects have which effective rights to this object."
      ;;

    'Change Mask')
      echo "Change the inheritance mask of this object."
      echo ""
      echo "The mask specifies, which rights can be inherited from the object at the"
      echo "next higher level, e.g. the parent directory."
      echo ""
      echo "The highest level parent is the :DEFAULT: object."
      ;;

    GROUP* | ROLE* | USER* | GROUP*)
      echo "Rights in this ACL entry."
      ;;

    "Clear ACL")
      echo "Remove all ACL entries for this object."
      ;;

    'Groups')
      echo "Go to groups menu."
      ;;

    'Roles')
      echo "Go to RC roles menu."
      ;;

    'FD attr')
      echo "Go to File/Dir/Fifo/Symlink attribute menu."
      ;;

    'DEV attr')
      echo "Go to Device attribute menu."
      ;;

    'IPC attr')
      echo "Go to IPC attribute menu."
      ;;

    'SCD attr')
      echo "Go to SCD attribute menu."
      ;;

    'USER attr')
      echo "Go to User attribute menu."
      ;;

    'PROCESS attr')
      echo "Go to Process attribute menu."
      ;;

    'NETTEMP attr')
      echo "Go to Network Template attribute menu."
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_attributes () {
 case $TARGET in
  "FD")
    if test -n "$OBJECT"
    then
      if test "$OBJECT" = ":DEFAULT:"
        then TYPE=FD
      elif test -L "$OBJECT"
        then TYPE=SYMLINK
             SYMLINK="`ls -l \"$OBJECT\"|cut -d '>' -f 2|cut -c 2-`"
             SUBTYPE="SYMLINK"
      elif test -f "$OBJECT"
        then TYPE=FILE ; SUBTYPE=FILE
      elif test -b "$OBJECT"
        then TYPE=FILE ; SUBTYPE=BLOCK
      elif test -c "$OBJECT"
        then TYPE=FILE ; SUBTYPE=CHAR
      elif test -p "$OBJECT"
        then TYPE=FIFO ; SUBTYPE=FIFO
      elif test -d "$OBJECT"
        then TYPE=DIR ; SUBTYPE=DIR
             LASTDIR=`( cd "$OBJECT" && pwd ) || echo "$OBJECT"`
             OBJECT=$LASTDIR
             if test -n "$RSBACLOGFILE"
             then
               echo "cd `pwd`" >>"$RSBACLOGFILE"
             fi
      else TYPE=NONE
      fi
    else
      TYPE=NONE
    fi
    ;;

  "DEV")
    if test -z "$OBJECT"
    then
      TYPE=DEV
      case "$DEVSPEC" in
        b* | B*)
          SUBTYPE=BLOCK
          ;;
        c* | C*)
          SUBTYPE=CHAR
          ;;
        *)
          SUBTYPE=unknown
      esac
    elif test "$OBJECT" = ":DEFAULT:"
    then
      TYPE=DEV ; SUBTYPE=$OBJECT
    elif test -L "$OBJECT"
      then TYPE=NONE
           SYMLINK="`ls -l \"$OBJECT\"|cut -d '>' -f 2|cut -c 2-`"
           SUBTYPE="SYMLINK"
    elif test -b "$OBJECT"
    then
      TYPE=DEV ; SUBTYPE=BLOCK
    elif test -c "$OBJECT"
    then
      TYPE=DEV ; SUBTYPE=CHAR
    elif test -d "$OBJECT"
    then
      TYPE=NONE ; SUBTYPE=DIR
      LASTDIR=`( cd "$OBJECT" && pwd ) || echo "$OBJECT"`
      OBJECT=$LASTDIR
    else
      if test -n "$DEVSPEC"
      then
        TYPE=DEV
        case "$DEVSPEC" in
          b* | B*)
            SUBTYPE=BLOCK
            ;;
          c* | C*)
            SUBTYPE=CHAR
            ;;
          *)
            SUBTYPE=unknown
        esac
      else
        TYPE=NONE ; SUBTYPE=NONE
      fi
    fi
    ;;
  NETDEV)
    if test "$OBJECT" != "" 
    then TYPE=$TARGET ; SUBTYPE=$TARGET
    else TYPE=NONE
    fi
    ;;
  NETTEMP_NT)
    if test "$OBJECT" != "" 
    then TYPE=$TARGET ; SUBTYPE=$TARGET
    else TYPE=NONE
    fi
    ;;
  NET*)
    if test "$OBJECT" != "" 
    then TYPE=$TARGET ; SUBTYPE=$TARGET
    else TYPE=NONE
    fi
    ;;
  *)
    if test "$OBJECT" != "" 
    then TYPE=$TARGET ; SUBTYPE=$TARGET
    else TYPE=NONE
    fi
    ;;
 esac
}


onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

list_item () {
   if test -L "$1"
   then echo $1 "SYMLINK->`ls -l \"$1\"|cut -d '>' -f 2|cut -c 2-`"
   elif test -d "$1"
   then echo $1 DIR
   elif test -f "$1" -o -b "$1" -o -c "$1"
   then echo $1 FILE
   elif test -p "$1"
   then echo $1 FIFO
   elif test "$1" = ":DEFAULT:"
   then echo $1 FILE
   else echo $1 NONE
   fi
}

list_dev_item () {
   if test -L "$1"
   then echo $1 "SYMLINK->`ls -l \"$1\"|cut -d '>' -f 2|cut -c 2-`"
   elif test -b "$1"
   then echo $1 BLOCK
   elif test -c "$1"
   then echo $1 CHAR
   elif test -d "$1"
   then echo $1 DIR
   elif test "$1" = ":DEFAULT:"
   then echo $1 DEV
   else echo $1 NONE
   fi
}

get_vname () {
  if test "$TYPE" = "NONE"
    then echo " "
         return
  fi
  if test -z "$2"
    then echo "N/A"
         return
  fi

  case $1 in
    onoff)
      case $2 in
        1) echo On
          ;;
        *) echo Off
          ;;
      esac 
      ;;
    *) echo ERROR!
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

get_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_name`
  fi
}

split_subj () {
  echo $1|tr '_' ' '
}

choose_major () {
  if $DIALOG --title "$TITLE" \
             --backtitle "$BACKTITLE" \
             --default-item "$(echo "$DEVSPEC"|cut -d ':' -f 1)" \
             --menu "Select Device Major" $BL $BC $MAXLINES \
  c0 "char  Unnamed devices (e.g. non-device mounts)" \
  b0 "block Unnamed devices (e.g. non-device mounts)" \
  c1 "char  Memory devices" \
  b1 "block RAM disk" \
  c2 "char  Pseudo-TTY masters" \
  b2 "block Floppy disks" \
  c3 "char  Pseudo-TTY slaves" \
  b3 "block First MFM, RLL and IDE hard disk/CD-ROM interface" \
  c4 "char  TTY devices" \
  c5 "char  Alternate TTY devices" \
  c6 "char  Parallel printer devices" \
  c7 "char  Virtual console capture devices" \
  b7 "block Loopback devices" \
  b8 "block SCSI disk devices (0-15)" \
  c9 "char  SCSI tape devices" \
  b9 "block Metadisk (RAID) devices" \
 c10 "char  Non-serial mice, misc features" \
 c11 "char  Raw keyboard device" \
 b11 "block SCSI CD-ROM devices" \
 c12 "char  QIC-02 tape" \
 b12 "block MSCDEX CD-ROM callback support {2.6}" \
 c13 "char  Input core" \
 b13 "block 8-bit MFM/RLL/IDE controller" \
 c14 "char  Open Sound System (OSS)" \
 b14 "block BIOS harddrive callback support {2.6}" \
 c15 "char  Joystick" \
 b15 "block Sony CDU-31A/CDU-33A CD-ROM" \
 c16 "char  Non-SCSI scanners" \
 b16 "block GoldStar CD-ROM" \
 c17 "char  Chase serial card" \
 b17 "block Optics Storage CD-ROM" \
 c18 "char  Chase serial card - alternate devices" \
 b18 "block Sanyo CD-ROM" \
 c19 "char  Cyclades serial card" \
 b19 "block Double compressed disk" \
 c20 "char  Cyclades serial card - alternate devices" \
 b20 "block Hitachi CD-ROM (under development)" \
 c21 "char  Generic SCSI access" \
 b21 "block Acorn MFM hard drive interface" \
 c22 "char  Digiboard serial card" \
 b22 "block Second IDE hard disk/CD-ROM interface" \
 c23 "char  Digiboard serial card - alternate devices" \
 b23 "block Mitsumi proprietary CD-ROM" \
 c24 "char  Stallion serial card" \
 b24 "block Sony CDU-535 CD-ROM" \
 c25 "char  Stallion serial card - alternate devices" \
 b25 "block First Matsushita (Panasonic/SoundBlaster) CD-ROM" \
 c26 "char  Quanta WinVision frame grabber {2.6}" \
 b26 "block Second Matsushita (Panasonic/SoundBlaster) CD-ROM" \
 c27 "char  QIC-117 tape" \
 b27 "block Third Matsushita (Panasonic/SoundBlaster) CD-ROM" \
 c28 "char  Stallion serial card - card programming" \
 c28 "char  Atari SLM ACSI laser printer (68k/Atari)" \
 b28 "block Fourth Matsushita (Panasonic/SoundBlaster) CD-ROM" \
 b28 "block ACSI disk (68k/Atari)" \
 c29 "char  Universal frame buffer" \
 b29 "block Aztech/Orchid/Okano/Wearnes CD-ROM" \
 c30 "char  iBCS-2 compatibility devices" \
 b30 "block Philips LMS CM-205 CD-ROM" \
 c31 "char  MPU-401 MIDI" \
 b31 "block ROM/flash memory card" \
 c32 "char  Specialix serial card" \
 b32 "block Philips LMS CM-206 CD-ROM" \
 c33 "char  Specialix serial card - alternate devices" \
 b33 "block Third IDE hard disk/CD-ROM interface" \
 c34 "char  Z8530 HDLC driver" \
 b34 "block Fourth IDE hard disk/CD-ROM interface" \
 c35 "char  tclmidi MIDI driver" \
 b35 "block Slow memory ramdisk" \
 c36 "char  Netlink support" \
 b36 "block MCA ESDI hard disk" \
 c37 "char  IDE tape" \
 b37 "block Zorro II ramdisk" \
 c38 "char  Myricom PCI Myrinet board" \
 b38 "block Reserved for Linux/AP+" \
 c39 "char  ML-16P experimental I/O board" \
 b39 "block Reserved for Linux/AP+" \
 c40 "char  Matrox Meteor frame grabber {2.6}" \
 b40 "block Syquest EZ135 parallel port removable drive" \
 c41 "char  Yet Another Micro Monitor" \
 b41 "block MicroSolutions BackPack parallel port CD-ROM" \
 c42 "char  Demo/sample use" \
 b42 "block Demo/sample use" \
 c43 "char  isdn4linux virtual modem" \
 b43 "block Network block devices" \
 c44 "char  isdn4linux virtual modem - alternate devices" \
 b44 "block Flash Translatio Layer (FTL) filesystems" \
 c45 "char  isdn4linux ISDN BRI driver" \
 b45 "block Parallel port IDE disk devices" \
 c46 "char  Comtrol Rocketport serial card" \
 b46 "block Parallel port ATAPI CD-ROM devices" \
 c47 "char  Comtrol Rocketport serial card - alternate devices" \
 b47 "block Parallel port ATAPI disk devices" \
 c48 "char  SDL RISCom serial card" \
 b48 "block Mylex DAC960 PCI RAID controller; first controller" \
 c49 "char  SDL RISCom serial card - alternate devices" \
 b49 "block Mylex DAC960 PCI RAID controller; second controller" \
 c50 "char  Reserved for GLINT" \
 b50 "block Mylex DAC960 PCI RAID controller; third controller" \
 c51 "char  Baycom radio modem" \
 b51 "block Mylex DAC960 PCI RAID controller; fourth controller" \
 c52 "char  Spellcaster DataComm/BRI ISDN card" \
 b52 "block Mylex DAC960 PCI RAID controller; fifth controller" \
 c53 "char  BDM interface for remote debugging MC683xx microcontrollers" \
 b53 "block Mylex DAC960 PCI RAID controller; sixth controller" \
 c54 "char  Electrocardiognosis Holter serial card" \
 b54 "block Mylex DAC960 PCI RAID controller; seventh controller" \
 c55 "char  DSP56001 digital signal processor" \
 b55 "block Mylex DAC960 PCI RAID controller; eigth controller" \
 c56 "char  Apple Desktop Bus" \
 b56 "block Fifth IDE hard disk/CD-ROM interface" \
 c57 "char  Hayes ESP serial card" \
 b57 "block Sixth IDE hard disk/CD-ROM interface" \
 c58 "char  Hayes ESP serial card - alternate devices" \
 b58 "block Reserved for logical volume manager" \
 c59 "char  sf firewall package" \
 b59 "block Generic PDA filesystem device" \
 c60 "char  LOCAL/EXPERIMENTAL USE" \
 b60 "block LOCAL/EXPERIMENTAL USE" \
 c61 "char  LOCAL/EXPERIMENTAL USE" \
 b61 "block LOCAL/EXPERIMENTAL USE" \
 c62 "char  LOCAL/EXPERIMENTAL USE" \
 b62 "block LOCAL/EXPERIMENTAL USE" \
 c63 "char  LOCAL/EXPERIMENTAL USE" \
 b63 "block LOCAL/EXPERIMENTAL USE" \
 c64 "char  ENskip kernel encryption package" \
 c65 "char  Sundance plink Transputer boards" \
 b65 "block SCSI disk devices (16-31)" \
 c66 "char  YARC PowerPC PCI coprocessor card" \
 b66 "block SCSI disk devices (32-47)" \
 c67 "char  Coda network file system" \
 b67 "block SCSI disk devices (48-63)" \
 c68 "char  CAPI 2.0 interface" \
 b68 "block SCSI disk devices (64-79)" \
 c69 "char  MA16 numeric accelerator card" \
 b69 "block SCSI disk devices (80-95)" \
 c70 "char  SpellCaster Protocol Services Interface" \
 b70 "block SCSI disk devices (96-111)" \
 c71 "char  Computone IntelliPort II serial card" \
 b71 "block SCSI disk devices (112-127)" \
 c72 "char  Computone IntelliPort II serial card - alternate devices" \
 b72 "block Compaq Intelligent Drive Array, first controller" \
 c73 "char  Computone IntelliPort II serial card - control devices" \
 b73 "block Compaq Intelligent Drive Array, second controller" \
 c74 "char  SCI bridge" \
 b74 "block Compaq Intelligent Drive Array, third controller" \
 c75 "char  Specialix IO8+ serial card" \
 b75 "block Compaq Intelligent Drive Array, fourth controller" \
 c76 "char  Specialix IO8+ serial card - alternate devices" \
 b76 "block Compaq Intelligent Drive Array, fifth controller" \
 c77 "char  ComScire Quantum Noise Generator" \
 b77 "block Compaq Intelligent Drive Array, sixth controller" \
 c78 "char  PAM Software multimodem boards" \
 b78 "block Compaq Intelligent Drive Array, seventh controller" \
 c79 "char  PAM Software multimodem boards - alternate devices" \
 b79 "block Compaq Intelligent Drive Array, eigth controller" \
 c80 "char  Photometrics AT200 CCD camera" \
 b80 "block I2O hard disk" \
 c81 "char  video4linux" \
 b81 "block I2O hard disk" \
 c82 "char  WiNRADiO communications receiver card" \
 b82 "block I2O hard disk" \
 c83 "char  Teletext/videotext interfaces {2.6}" \
 b83 "block I2O hard disk" \
 c84 "char  Ikon 1011[57] Versatec Greensheet Interface" \
 b84 "block I2O hard disk" \
 c85 "char  Linux/SGI shared memory input queue" \
 b85 "block I2O hard disk" \
 c86 "char  SCSI media changer" \
 b86 "block I2O hard disk" \
 c87 "char  Sony Control-A1 stereo control bus" \
 b87 "block I2O hard disk" \
 c88 "char  COMX synchronous serial card" \
 b88 "block Seventh IDE hard disk/CD-ROM interface" \
 c89 "char  I2C bus interface" \
 b89 "block Eighth IDE hard disk/CD-ROM interface" \
 c90 "char  Memory Technology Device (RAM, ROM, Flash)" \
 b90 "block Ninth IDE hard disk/CD-ROM interface" \
 c91 "char  CAN-Bus devices" \
 b91 "block Tenth IDE hard disk/CD-ROM interface" \
 c92 "char  Reserved for ith Kommunikationstechnik MIC ISDN card" \
 b92 "block PPDD encrypted disk driver" \
 c93 "char  IBM Smart Capture Card frame grabber {2.6}" \
 b93 "block NAND Flash Translation Layer filesystem" \
 c94 "char  miroVIDEO DC10/30 capture/playback device {2.6}" \
 b94 "block IBM S/390 DASD block storage" \
 c95 "char  IP filter" \
 b95 "block IBM S/390 VM/ESA minidisk" \
 c96 "char  Parallel port ATAPI tape devices" \
 c97 "char  Parallel port generic ATAPI interface" \
 b97 "block Packet writing for CD/DVD devices" \
 c98 "char  Control and Measurement Device (comedi)" \
 b98 "block User-mode virtual block device" \
 c99 "char  Raw parallel ports" \
 b99 "block JavaStation flash disk" \
c100 "char  Telephony for Linux" \
c101 "char  Motorola DSP 56xxx board" \
b101 "block AMI HyperDisk RAID controller" \
c102 "char  Philips SAA5249 Teletext signal decoder {2.6}" \
b102 "block Compressed block device" \
c103 "char  Arla network file system" \
b103 "block Audit device" \
c104 "char  Flash BIOS support" \
b104 "block Compaq Next Generation Drive Array, first controller" \
c105 "char  Comtrol VS-1000 serial controller" \
b105 "block Compaq Next Generation Drive Array, second controller" \
c106 "char  Comtrol VS-1000 serial controller - alternate devices" \
b106 "block Compaq Next Generation Drive Array, third controller" \
c107 "char  3Dfx Voodoo Graphics device" \
b107 "block Compaq Next Generation Drive Array, fourth controller" \
c108 "char  Device independent PPP interface" \
b108 "block Compaq Next Generation Drive Array, fifth controller" \
c109 "char  Reserved for logical volume manager" \
b109 "block Compaq Next Generation Drive Array, sixth controller" \
c110 "char  miroMEDIA Surround board" \
b110 "block Compaq Next Generation Drive Array, seventh controller" \
c111 "char  Philips SAA7146-based audio/video card {2.6}" \
b111 "block Compaq Next Generation Drive Array, eigth controller" \
c112 "char  ISI serial card" \
b112 "block IBM iSeries virtual disk" \
c113 "char  ISI serial card - alternate devices" \
b113 "block IBM iSeries virtual CD-ROM" \
c114 "char  Picture Elements ISE board" \
c115 "char  Console driver speaker" \
c116 "char  Advanced Linux Sound Driver (ALSA)" \
c117 "char  COSA/SRP synchronous serial card" \
c118 "char  Solidum ???" \
c119 "char  VMware virtual network control" \
c120 "char  LOCAL/EXPERIMENTAL USE" \
b120 "block LOCAL/EXPERIMENTAL USE" \
c120 "char  LOCAL/EXPERIMENTAL USE" \
b120 "block LOCAL/EXPERIMENTAL USE" \
c121 "char  LOCAL/EXPERIMENTAL USE" \
b121 "block LOCAL/EXPERIMENTAL USE" \
c122 "char  LOCAL/EXPERIMENTAL USE" \
b122 "block LOCAL/EXPERIMENTAL USE" \
c123 "char  LOCAL/EXPERIMENTAL USE" \
b123 "block LOCAL/EXPERIMENTAL USE" \
c124 "char  LOCAL/EXPERIMENTAL USE" \
b124 "block LOCAL/EXPERIMENTAL USE" \
c125 "char  LOCAL/EXPERIMENTAL USE" \
b125 "block LOCAL/EXPERIMENTAL USE" \
c126 "char  LOCAL/EXPERIMENTAL USE" \
b126 "block LOCAL/EXPERIMENTAL USE" \
c127 "char  LOCAL/EXPERIMENTAL USE" \
b127 "block LOCAL/EXPERIMENTAL USE" \
c128 "char  Unix98 PTY masters" \
c129 "char  Unix98 PTY masters" \
c130 "char  Unix98 PTY masters" \
c131 "char  Unix98 PTY masters" \
c132 "char  Unix98 PTY masters" \
c133 "char  Unix98 PTY masters" \
c134 "char  Unix98 PTY masters" \
c135 "char  Unix98 PTY masters" \
c136 "char  Unix98 PTY slaves" \
c137 "char  Unix98 PTY slaves" \
c138 "char  Unix98 PTY slaves" \
c139 "char  Unix98 PTY slaves" \
c140 "char  Unix98 PTY slaves" \
c141 "char  Unix98 PTY slaves" \
c142 "char  Unix98 PTY slaves" \
c143 "char  Unix98 PTY slaves" \
c144 "char  Encapsulated PPP" \
c145 "char  SAM9407-based soundcard" \
c146 "char  SYSTRAM SCRAMNet mirrored-memory network" \
c147 "char  Aueral Semiconductor Vortex Audio device" \
c148 "char  Technology Concepts serial card" \
c149 "char  Technology Concepts serial card - alternate devices" \
c150 "char  Real-Time Linux FIFOs" \
c151 "char  DPT I2O SmartRaid V controller" \
c154 "char  Specialix RIO serial card" \
c155 "char  Specialix RIO serial card - alternate devices" \
c156 "char  Specialix RIO serial card" \
c157 "char  Specialix RIO serial card - alternate devices" \
c158 "char  Dialogic GammaLink fax driver" \
c160 "char  General Purpose Instrument Bus (GPIB)" \
c161 "char  IrCOMM devices (IrDA serial/parallel emulation)" \
c162 "char  Raw block device interface" \
c163 "char  Radio Tech BIM-XXX-RS232 radio modem" \
c164 "char  Chase Research AT/PCI-Fast serial card" \
c165 "char  Chase Research AT/PCI-Fast serial card - alternate devices" \
c166 "char  ACM USB modems" \
c167 "char  ACM USB modems - alternate devices" \
c168 "char  Eracom CSA7000 PCI encryption adaptor" \
c169 "char  Eracom CSA8000 PCI encryption adaptor" \
c170 "char  AMI MegaRAC remote access controller" \
c171 "char  Reserved for IEEE 1394 (Firewire)" \
c172 "char  Moxa Intellio serial card" \
c173 "char  Moxa Intellio serial card - alternate devices" \
c174 "char  SmartIO serial card" \
c175 "char  SmartIO serial card - alternate devices" \
c176 "char  nCipher nFast PCI crypto accelerator" \
c177 "char  TI PCILynx memory spaces" \
c178 "char  Giganet cLAN1xxx virtual interface adapter" \
c179 "char  CCube DVXChip-based PCI products" \
c180 "char  USB devices" \
c181 "char  Conrad Electronic parallel port radio clocks" \
c182 "char  Picture Elements THR2 binarizer" \
c183 "char  SST 5136-DN DeviceNet interface" \
c184 "char  Picture Elements video simulator/sender" \
c185 "char  InterMezzo high availability file system" \
c186 "char  Object-based storage control device" \
c187 "char  DESkey hardware encryption device" \
c188 "char  USB serial converters" \
c189 "char  USB serial converters - alternate devices" \
c190 "char  Kansas City tracker/tuner card" \
c191 "char  Reserved for PCMCIA" \
c192 "char  Kernel profiling interface" \
c193 "char  Kernel event-tracing interface" \
c194 "char  linVideoStreams (LINVS)" \
c195 "char  Nvidia graphics devices" \
c196 "char  Tormenta T1 card" \
c197 "char  OpenTNF tracing facility" \
c198 "char  Total Impact TPMP2 quad coprocessor PCI card" \
c199 "char  Veritas volume manager (VxVM) volumes" \
b199 "block Veritas volume manager (VxVM) volumes" \
c200 "char  Veritas VxVM configuration interface" \
c201 "char  Veritas VxVM dynamic multipathing driver" \
b201 "block Veritas VxVM dynamic multipathing driver" \
c202 "char  CPU model-specific registers" \
c203 "char  CPU CPUID information" \
c204 "char  Low-density serial ports" \
c205 "char  Low-density serial ports (alternate device)" \
c206 "char  OnStream SC-x0 tape devices" \
c207 "char  Compaq ProLiant health feature indicate" \
c208 "char  User space serial ports" \
c209 "char  User space serial ports (alternate devices)" \
c210 "char  SBE, Inc. sync/async serial card" \
c211 "char  Addinum CPCI1500 digital I/O card" \
c216 "char  USB BlueTooth devices" \
c217 "char  USB BlueTooth devices (alternate devices)" \
c218 "char  The Logical Company bus Unibus/Qbus adapters" \
c219 "char  The Logical Company DCI-1300 digital I/O card" \
c220 "char  Myricom Myrinet GM board" \
c221 "char  VME bus" \
c224 "char  A2232 serial card" \
c225 "char  A2232 serial card (alternate devices)" \
c226 "char  Direct Rendering Infrastructure (DRI)" \
c227 "char  IBM 3270 terminal Unix tty access" \
c228 "char  IBM 3270 terminal block-mode access" \
c229 "char  IBM iSeries virtual console" \
c230 "char  IBM iSeries virtual tape" \
           2>$TMPFILE
  then
    DEVSPEC=`cat $TMPFILE`
    OBJECT=
    get_attributes
  fi
}

gen_tlist () {
  if test "$TYPE" != "NONE"
  then
    if test "$TYPE" = "DEV"
    then
      if $RSBACPATH""acl_tlist -sd $TYPE "$DEVSPEC" > $TMPFILE
      then
        TMP=`cat $TMPFILE | sort | tr ' ' '_'`
        if test "$SHOW" = Rights
        then
          for i in $TMP
          do
            echo $i `$RSBACPATH""acl_rights -sdD --\`split_subj $i\` $TYPE "$DEVSPEC"`
          done
        else
          for i in $TMP
          do
            TMP2=`echo $i|cut -d '_' -f 2`
            case $i in
              GROUP_*)
                if $RSBACPATH""acl_group -s get_group_entry $TMP2 >$TMPFILE 2>/dev/null
                then TMP3=`cat $TMPFILE | tr ' ' '_'`
                else TMP3='(private)'
                fi
                echo $i $TMP3
                ;;
              ROLE_*)
                if $RSBACPATH""rc_get_item ROLE $TMP2 name > $TMPFILE 2>/dev/null
                then
                  echo $i `cat $TMPFILE | tr ' ' '_'`
                else
                  echo $i '(unknown)'
                fi
                ;;
              USER_*)
                echo $i `$RSBACPATH""attr_get_user $TMP2 user_name`
                ;;
              *)
                ;;
            esac
          done
        fi
      fi
    else
      if $RSBACPATH""acl_tlist -s $TYPE "$OBJECT" > $TMPFILE
      then
        TMP=`cat $TMPFILE | sort | tr ' ' '_'`
        if test "$SHOW" = Rights
        then
          for i in $TMP
          do
            echo $i `$RSBACPATH""acl_rights -sD --\`split_subj $i\` $TYPE "$OBJECT"`
          done
        else
          for i in $TMP
          do
            TMP2=`echo $i|cut -d '_' -f 2`
            case $i in
              GROUP_*)
                if $RSBACPATH""acl_group -s get_group_entry $TMP2 >$TMPFILE 2>/dev/null
                then TMP3=`cat $TMPFILE | tr ' ' '_'`
                else TMP3='(private)'
                fi
                echo $i $TMP3
                ;;
              ROLE_*)
                if $RSBACPATH""rc_get_item ROLE $TMP2 name > $TMPFILE 2>/dev/null
                then
                  echo $i `cat $TMPFILE | tr ' ' '_'`
                else
                  echo $i '(unknown)'
                fi
                ;;
              USER_*)
                echo $i `$RSBACPATH""attr_get_user $TMP2 user_name`
                ;;
              *)
                ;;
            esac
          done
        fi
      fi
    fi
  fi
}

gen_subj_list () {
  if test "$TYPE" != "NONE"
  then
    case $1 in
      GROUP)
        TMP=`$RSBACPATH""acl_group -gsn list_groups`
        for i in $TMP
        do
          TMP2=`$RSBACPATH""acl_group -s get_group_entry $i|tr ' ' '_'`
          echo $i $TMP2
        done
        ;;
      ROLE)
        rc_get_item list_roles
        ;;
      USER)
        ${RSBACPATH}attr_get_user -bl|sort -n -k 2
        ;;
      *)
        echo ERROR !
        ;;
    esac
  fi
}

gen_right_list () {
    ALLREQUESTS=`$RSBACPATH""acl_rights -R $TARGET $OBJECT`
    if test "$TYPE" = "DEV"
    then
      TMP=`${RSBACPATH}acl_rights -sdDp --\`split_subj $1\` $TYPE "$DEVSPEC"`
    else
      TMP=`${RSBACPATH}acl_rights -sdDp --\`split_subj $1\` $TYPE "$OBJECT"`
    fi
    for i in $ALLREQUESTS
    do
      if echo $TMP | grep -q "\\<$i\\>"
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

check_rights () {
  if test "$TYPE" = "DEV"
  then
    if $RSBACPATH""acl_rights -sdD --`split_subj $1` $TYPE "$DEVSPEC" > $TMPFILE 2>$TMPFILETWO
    then
      RIGHTBITS=`cat $TMPFILE`
      if $DIALOG --title "Rights for $1 to $TYPE $DEVSPEC ($OBJECT)" \
                --backtitle "$BACKTITLE" \
                --checklist "Bits: $RIGHTBITS" $BL $BC $MAXLINES \
                  `gen_right_list $1` \
                  '--------------' '-----------------' off \
                  UA 'Unset ALL' off \
                  A  'Set ALL' off \
                  R  'Set Read Requests' off \
                  W  'Set Write Requests' off \
                  SY 'Set System R.' off \
                  SE 'Set Security R.' off \
                  S  'Set ACL Special R.' off \
        2>$TMPFILE
      then TMP=`cat $TMPFILE|tr -d '"'`
           if $RSBACPATH""acl_grant -sd `split_subj $1` $TMP $TYPE "$DEVSPEC" &>$TMPFILE
           then
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""acl_grant -sd `split_subj $1` $TMP $TYPE \"$DEVSPEC\" >>"$RSBACLOGFILE"
             fi
           else
               $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               continue
           fi
      fi
    else
      $DIALOG --title "$ERRTITLE" \
             --backtitle "$BACKTITLE" \
             --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    fi
  else
    if $RSBACPATH""acl_rights -sD --`split_subj $1` $TYPE "$OBJECT" > $TMPFILE 2>$TMPFILETWO
    then
      RIGHTBITS=`cat $TMPFILE`
      if $DIALOG --title "Rights for $1 to $TYPE $OBJECT" \
                --backtitle "$BACKTITLE" \
                --checklist "Bits: $RIGHTBITS" $BL $BC $MAXLINES \
                  `gen_right_list $1` \
                  '--------------' '-----------------' off \
                  UA 'Unset ALL' off \
                  A  'Set ALL' off \
                  R  'Set Read Requests' off \
                  W  'Set Write Requests' off \
                  SY 'Set System R.' off \
                  SE 'Set Security R.' off \
                  S  'Set ACL Special R.' off \
        2>$TMPFILE
      then TMP=`cat $TMPFILE|tr -d '"'`
           if $RSBACPATH""acl_grant -s `split_subj $1` $TMP $TYPE "$OBJECT" &>$TMPFILE
           then
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""acl_grant -s `split_subj $1` $TMP $TYPE \"$OBJECT\" >>"$RSBACLOGFILE"
             fi
           else
               $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               continue
           fi
      fi
    else
      $DIALOG --title "$ERRTITLE" \
             --backtitle "$BACKTITLE" \
             --msgbox "`head -n 1 $TMPFILETWO`" $BL $BC
    fi
  fi
  rm $TMPFILETWO
}

show_mask () {
  if test "$TYPE" != "NONE"
  then
    if test "$OBJECT" = ":DEFAULT:"
    then
      echo '(none)'
    else
      if test "$TYPE" = "DEV"
      then
        $RSBACPATH""acl_mask -d $TYPE "$DEVSPEC" | cut -d ' ' -f 2 | cut -c2-
      else
        $RSBACPATH""acl_mask $TYPE "$OBJECT" | cut -d ':' -f 2 | cut -c2-
      fi
    fi
  else
    echo '(none)'
  fi
}

gen_mask_right_list () {
    if test "$TYPE" = "DEV"
    then
      TMP=`${RSBACPATH}acl_mask -pd $TYPE "$DEVSPEC" | grep -v 000`
    else
      TMP=`${RSBACPATH}acl_mask -p $TYPE "$OBJECT" | grep -v 000`
    fi
    ALLREQUESTS=`$RSBACPATH""acl_rights -R $TARGET $OBJECT`
    for i in $ALLREQUESTS
    do
      if echo $TMP | grep -q "\\<$i\\>"
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

check_mask_rights () {
  if test "$TYPE" = "DEV"
  then
    RIGHTBITS=`$RSBACPATH""acl_mask -d $TYPE "$DEVSPEC"`
  else
    RIGHTBITS=`$RSBACPATH""acl_mask $TYPE "$OBJECT"`
  fi
  if $DIALOG --title "Inheritance Mask for $TYPE $OBJECT" \
            --backtitle "$BACKTITLE" \
            --checklist "$RIGHTBITS" $BL $BC $MAXLINES \
              `gen_mask_right_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
              S  'Set ACL Special R.' off \
    2>$TMPFILE
  then
    TMP=`cat $TMPFILE|tr -d '"'`
    if test "$TYPE" = "DEV"
    then
      if $RSBACPATH""acl_mask -sd $TMP $TYPE "$DEVSPEC" &>$TMPFILE
      then
        if test -n "$RSBACLOGFILE"
        then
          echo $RSBACPATH""acl_mask -sd $TMP $TYPE \"$DEVSPEC\" >>"$RSBACLOGFILE"
        fi
      else
          $DIALOG --title "$ERRTITLE" \
                 --backtitle "$BACKTITLE" \
                 --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          continue
      fi
    else
      if $RSBACPATH""acl_mask -s $TMP $TYPE "$OBJECT" &>$TMPFILE
      then
        if test -n "$RSBACLOGFILE"
        then
          echo $RSBACPATH""acl_mask -s $TMP $TYPE \"$OBJECT\" >>"$RSBACLOGFILE"
        fi
      else
          $DIALOG --title "$ERRTITLE" \
                 --backtitle "$BACKTITLE" \
                 --msgbox "`head -n 1 $TMPFILE`" $BL $BC
          continue
      fi
    fi
  fi
}

gen_menu_choose_items () {
  case $TARGET in
      FD)
        case $1 in
          1)
            echo File/Dir/Fifo/Symlink List
          ;;
          2)
            echo Choose from `name_print "$LASTDIR"`
          ;;
          3)
            echo File/Dir/Fifo/Symlink
          ;;
          4)
            echo `name_print "$OBJECT / $SUBTYPE"`
          ;;
          *)
          ;;
        esac
        ;;
      DEV)
        case $1 in
          1)
            echo Device List
          ;;
          2)
            echo Choose from `name_print "$LASTDIR"`
          ;;
          3)
            echo Device
          ;;
          4)
            echo `name_print "$OBJECT / $SUBTYPE"`
          ;;
          *)
          ;;
        esac
        ;;
      USER)
        case $1 in
          1)
            echo User List
          ;;
          2)
            echo Choose from list
          ;;
          3)
            echo User
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      PROCESS)
        case $1 in
          1)
            echo Process
          ;;
          2)
            echo :DEFAULT: only
          ;;
          3)
            echo Process
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      IPC)
        case $1 in
          1)
            echo IPC
          ;;
          2)
            echo :DEFAULT: only
          ;;
          3)
            echo IPC
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      SCD)
        case $1 in
          1)
            echo SCD List
          ;;
          2)
            echo Choose from list
          ;;
          3)
            echo SCD
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      GROUP)
        case $1 in
          1)
            echo Linux Group List
          ;;
          2)
            echo Choose from list
          ;;
          3)
            echo Linux Group
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      NETDEV)
        case $1 in
          1)
            echo Network Device List
          ;;
          2)
            echo Choose from list
          ;;
          3)
            echo Network Device
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      NETTEMP | NETTEMP_NT)
        case $1 in
          1)
            echo Network Template List
          ;;
          2)
            echo Choose from list
          ;;
          3)
            echo Network Template
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      NETOBJ)
        case $1 in
          1)
            echo Network Object List
          ;;
          2)
            echo Choose from list
          ;;
          3)
            echo Network Object
          ;;
          4)
            echo `name_print "$OBJECT"`
          ;;
          *)
          ;;
        esac
        ;;
      *)
        ;;
  esac
}

get_target_name () {
  case $1 in
      FD)
        echo File/Dir/Fifo/Symlink
        ;;
      DEV)
        echo Device
        ;;
      USER)
        echo User
        ;;
      PROCESS)
        echo Process
        ;;
      IPC)
        echo Inter Process Communication
        ;;
      SCD)
        echo System Control Data
        ;;
      GROUP)
        echo Linux Group
        ;;
      NETDEV)
        echo Network Device
        ;;
      NETTEMP_NT)
        echo Network Template for template accesses
        ;;
      NETTEMP)
        echo Network Template for netobj accesses
        ;;
      NETOBJ)
        echo Network Object
        ;;
      *)
        echo " "
        ;;
  esac
}

choose_target () {
    while $DIALOG --title "$TITLE" \
              --backtitle "$BACKTITLE" \
              --help-button --default-item "$TARGET" \
              --menu "$1" $BL $BC 11 \
              FD "`get_target_name FD`" \
              DEV "`get_target_name DEV`" \
              USER "`get_target_name USER`" \
              PROCESS "`get_target_name PROCESS`" \
              IPC "`get_target_name IPC`" \
              SCD "`get_target_name SCD`" \
              GROUP "`get_target_name GROUP`" \
              NETDEV "`get_target_name NETDEV`" \
              NETTEMP_NT "`get_target_name NETTEMP_NT`" \
              NETTEMP "`get_target_name NETTEMP`" \
              NETOBJ "`get_target_name NETOBJ`" \
           2>$TMPFILE
    do
       TARGET=`cat $TMPFILE`
       case $TARGET in
         HELP*)
           show_help "${TARGET:5}"
           TARGET="${TARGET:5}"
           ;;
         FD)
           TYPE=NONE
           OBJECT=":DEFAULT:"
           break
           ;;
         DEV)
           TYPE=$TARGET
           LASTDIR=/dev
           OBJECT=":DEFAULT:"
           DEVSPEC=":DEFAULT:"
           break
           ;;
         IPC|SCD|USER|PROCESS|GROUP|NETDEV|NETTEMP_NT|NETOBJ)
           TYPE=$TARGET
           OBJECT=":DEFAULT:"
           break
           ;;
         NETTEMP)
           TYPE=$TARGET
           OBJECT=
           break
           ;;
       esac
    done
}

declare -i MAXNAMELEN=$BC-34
name_print () {
  if test ${#1} -gt $MAXNAMELEN
  then
    declare -i START=${#1}-$MAXNAMELEN
    echo "$1" | cut -c$START-${#1}
  else
    echo "$1"
  fi
}

gen_follow_symlink () {
    case $1 in
      1)
        if test "$TYPE" = "SYMLINK" -o "$SUBTYPE" = "SYMLINK"
        then
          echo 'Follow'
        fi
        ;;
      2)
        if test "$TYPE" = "SYMLINK" -o "$SUBTYPE" = "SYMLINK"
        then
          echo "`name_print \"$SYMLINK\"`"
        fi
        ;;
    esac
}

gen_dev_spec () {
    case $1 in
      1)
        if test "$TYPE" = "DEV"
        then
          echo 'DEV-Specification'
        fi
        ;;
      2)
        if test "$TYPE" = "DEV"
        then
          if test -n "$DEVSPEC"
          then
            echo "$DEVSPEC"
          else
            echo "Unknown"
          fi
        fi
        ;;
    esac
}

gen_dev_major () {
    case $1 in
      1)
        if test "$TYPE" = "DEV"
        then
          echo 'DEV-Major-List'
        fi
        ;;
      2)
        if test "$TYPE" = "DEV"
        then
          echo "Choose_DEV_Major_from_List"
        fi
        ;;
    esac
}

###################### Menu #################

if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
    echo "cd `pwd`"
  } >>"$RSBACLOGFILE"
fi

case $1 in
  FD|FILE|DIR|FIFO|SYMLINK)
    TARGET=FD
    TYPE=NONE
    if test -n "$2"
    then OBJECT="$2"
    else OBJECT=":DEFAULT:"
    fi
    ;;
  DEV)
    TARGET=$1
    TYPE=$1
    LASTDIR=/dev
    if test -n "$2"
    then
      if test -b "$2" -o -c "$2"
      then
        OBJECT="$2"
        DEVSPEC=$($RSBACPATH""attr_get_file_dir -C "$OBJECT")
      else
        OBJECT=
        DEVSPEC="$2"
      fi
    else
      OBJECT=":DEFAULT:"
      DEVSPEC=":DEFAULT:"
    fi
    ;;
  SCD)
    TARGET=$1
    TYPE=$1
    OBJECT=":DEFAULT:"
    ;;
  IPC|USER|PROCESS|GROUP)
    TARGET=$1
    TYPE=$1
    if test -n "$2"
    then OBJECT="$2"
    else OBJECT=":DEFAULT:"
    fi
    OBJECT=":DEFAULT:"
    ;;
  NETDEV|NETTEMP_NT|NETOBJ)
    TARGET=$1
    TYPE=$1
    if test -n "$2"
    then OBJECT="$2"
    else OBJECT=":DEFAULT:"
    fi
    ;;
  NETTEMP)
    TARGET=$1
    TYPE=$1
    if test -n "$2"
    then OBJECT="$2"
    else OBJECT=
    fi
    ;;
  "-h" | "--help")
    echo Use: $0 '[target-type [object-name [Rights|Name]]]'
    exit
    ;;
   *)
    choose_target
    if test -z "$TARGET"
    then
      test -e $TMPFILE && rm $TMPFILE
      test -e $TMPFILETWO && rm $TMPFILETWO
      exit
    fi
    ;;
esac

get_attributes "$OBJECT"

if test "$3" = "Rights" -o "$3" = "rights"
then SHOW=Rights
else SHOW=Name
fi

while true ; do \
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --help-button --default-item "$SELECTED" \
         --menu "Main Menu" $BL $BC $MAXLINES \
                "`gen_menu_choose_items 1`" "`gen_menu_choose_items 2`" \
                "`gen_menu_choose_items 3`" "`gen_menu_choose_items 4`" \
                `gen_follow_symlink 1` `gen_follow_symlink 2` \
                `gen_dev_spec 1` `gen_dev_spec 2` \
                `gen_dev_major 1` `gen_dev_major 2` \
                "Choose Target" "$TARGET" \
                "-------------" "" \
                "Add ACL Entry" "Add group, role or user entry" \
                "Remove Entry" "" \
                "Change TTL" "Change time-to-live for an entry" \
                "Name / Rights" "$SHOW" \
                "Who has here" "" \
                "Change Mask" "$(show_mask)" \
                "-------------" "" \
                `gen_tlist` \
                "-------------" "" \
                "Clear ACL" "" \
                "Groups" "Go to ACL groups menu" \
                "Roles" "Go to RC roles menu" \
                "$TARGET attr" "Go to $TARGET general attributes" \
                "Quit" "" \
         2>$TMPFILE
   then
     rm $TMPFILE
     test -e $TMPFILETWO && rm $TMPFILETWO
     exit
  fi

  SELECTED=`cat $TMPFILE`
  case $SELECTED in
    HELP*)
      show_help "${SELECTED:5}"
      SELECTED="${SELECTED:5}"
      ;;
    'File/Dir/Fifo/Symlink List')
        if test ! -d $LASTDIR
        then LASTDIR='/'
        fi
        TMP=`ls -1ad "$LASTDIR"/* "$LASTDIR"/.*`
        while $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --default-item "$OBJECT" \
                     --menu "File/Dir/Fifo Name (choose cancel for $OBJECT)" $BL $BC $MAXLINES \
                         ':DEFAULT:' "Default ACL" \
                         `for i in $TMP ; do list_item "$i" ; done` \
           2>$TMPFILE
        do OBJECT=`cat $TMPFILE`
           get_attributes
           TMP=`ls -1ad "$LASTDIR"/* "$LASTDIR"/.*|tr '*' ' '`
           if test $TYPE != "DIR"
           then break
           fi
        done
      ;;

    'Device List')
        FILETMP="$OBJECT"
        if test ! -d $LASTDIR
        then $LASTDIR='/dev'
        fi
        TMP=`ls -1ad "$LASTDIR"/* "$LASTDIR"/.*`
        while $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$FILETMP" \
                  --menu "Device Name (choose cancel for $OBJECT)" $BL $BC $MAXLINES \
                         `for i in $TMP ; do list_dev_item "$i" ; done` \
           2>$TMPFILE
        do FILETMP=`cat $TMPFILE`
          case "$FILETMP" in
            *)
              OBJECT="$FILETMP"
              if test -b "$OBJECT" -o -c "$OBJECT"
              then
                DEVSPEC=$($RSBACPATH""attr_get_file_dir -C "$OBJECT")
              else
                DEVSPEC=
              fi
              get_attributes
              TMP=`ls -1ad "$LASTDIR"/* "$LASTDIR"/.*`
              if test -L "$OBJECT" -o ! -d "$OBJECT"
              then break
              fi
          esac
        done
      ;;

    'DEV-Specification')
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Device Specification" $BL $BC "$DEVSPEC" \
           2>$TMPFILE
        then
          DEVSPEC=`cat $TMPFILE`
          OBJECT=
          get_attributes
        fi
      ;;

    'DEV-Major-List')
        choose_major
      ;;

    'SCD List')
        TMP=`$RSBACPATH""acl_rights -n`
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$OBJECT" \
                  --menu "SCD Name" $BL $BC $MAXLINES \
                         ':DEFAULT:' "Default ACL" \
                         `for i in $TMP ; do echo "$i" "-" ; done` \
           2>$TMPFILE
        then OBJECT=`cat $TMPFILE`
           get_attributes
        fi
      ;;

    'User List')
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$OBJECT" \
                  --menu "User Name" $BL $BC $MAXLINES \
                         ':DEFAULT:' "Default ACL" \
                         $($RSBACPATH""attr_get_user -bl|sort -n -k 2) \
           2>$TMPFILE
        then OBJECT=`cat $TMPFILE`
           get_attributes
        fi
      ;;

    'Linux Group List')
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$OBJECT" \
                  --menu "Linux Group Name" $BL $BC $MAXLINES \
                         ':DEFAULT:' "Default ACL" \
                         $($RSBACPATH""attr_get_user -bL|sort -n -k 2) \
           2>$TMPFILE
        then OBJECT=`cat $TMPFILE`
           get_attributes
        fi
      ;;

    'Network Device List')
        TMP=`cat /proc/net/dev|grep ':'|cut -d ':' -f 1`
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$OBJECT" \
                  --menu "Network Device Name" $BL $BC $MAXLINES \
                         ':DEFAULT:' "Default ACL" \
                         `for i in $TMP ; do echo $i "-" ; done` \
           2>$TMPFILE
        then OBJECT=`cat $TMPFILE`
           get_attributes
        fi
      ;;

    'Network Template List')
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$OBJECT" \
                  --menu "Network Template Number" $BL $BC $MAXLINES \
                         ':DEFAULT:' "Default ACL" \
                         `$RSBACPATH""net_temp list_temp_names` \
           2>$TMPFILE
        then OBJECT=`cat $TMPFILE`
           get_attributes
        fi
      ;;

    'Network Object List')
      ;;

    "File/Dir/Fifo/Symlink" | "Device" | "SCD" | "User" | "Linux Group" | "Network Device" | "Network Template" \
      | "Network Object")
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Enter `get_target_name $TARGET`" $BL $BC "$OBJECT" \
           2>$TMPFILE
        then
          OBJECT=`cat $TMPFILE`
          if test "$TYPE" = DEV
          then
            DEVSPEC=$($RSBACPATH""attr_get_file_dir -C "$OBJECT")
          fi
          get_attributes
        fi
      ;;

    "Process" | "IPC")
        OBJECT=:DEFAULT:
        get_attributes
      ;;

    "Follow")
        OBJECT="$SYMLINK"
        get_attributes
      ;;

    "Choose Target")
      choose_target
      ;;

    'Add ACL Entry')
        if test "$TYPE" != "NONE"
        then \
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$STYPE" \
                    --menu "Choose new entry's subject type" $BL $BC 3 \
                                GROUP "ACL group" \
                                ROLE "RC role" \
                                USER "Normal user" \
             2>$TMPFILE
          do STYPE=`cat $TMPFILE`
               if $DIALOG --title "$TITLE" \
                         --backtitle "$BACKTITLE" \
                         --default-item "$SUBJ" \
                         --menu "Choose $STYPE" $BL $BC $MAXLINES \
                                     `gen_subj_list $STYPE` \
                  2>$TMPFILE
               then
                 SUBJ=`cat $TMPFILE`
                 if test "$TYPE" = DEV
                 then
                     if $RSBACPATH""acl_grant -d $STYPE $SUBJ $TYPE "$DEVSPEC" &>$TMPFILE
                     then 
                       if test -n "$RSBACLOGFILE"
                       then
                         echo $RSBACPATH""acl_grant -d $STYPE $SUBJ $TYPE \"$DEVSPEC\" >>"$RSBACLOGFILE"
                       fi
                       check_rights ${STYPE}_${SUBJ}
                     else
                       $DIALOG --title "$ERRTITLE" \
                              --backtitle "$BACKTITLE" \
                              --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                     fi
                 else
                     if $RSBACPATH""acl_grant $STYPE $SUBJ $TYPE "$OBJECT" &>$TMPFILE
                     then 
                       if test -n "$RSBACLOGFILE"
                       then
                         echo $RSBACPATH""acl_grant $STYPE $SUBJ $TYPE \"$OBJECT\" >>"$RSBACLOGFILE"
                       fi
                       check_rights ${STYPE}_${SUBJ}
                     else
                       $DIALOG --title "$ERRTITLE" \
                              --backtitle "$BACKTITLE" \
                              --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                     fi
                 fi
                 break
               fi
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Add ACL Entry: No object specified!" 5 $BC
        fi
      ;;

    "Remove Entry")
        if test "$TYPE" != "NONE"
        then \
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMP" \
                    --menu "Choose entry to delete" $BL $BC $MAXLINES \
                    `gen_tlist` \
             2>$TMPFILE
          do
            TMP=`cat $TMPFILE`
            if test "$TYPE" = DEV
            then
              if $RSBACPATH""acl_grant -md `split_subj $TMP` $TYPE "$DEVSPEC" &>$TMPFILE
              then
                if test -n "$RSBACLOGFILE"
                then
                  echo $RSBACPATH""acl_grant -md `split_subj $TMP` $TYPE \"$DEVSPEC\" >>"$RSBACLOGFILE"
                fi
              else
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            else
              if $RSBACPATH""acl_grant -m `split_subj $TMP` $TYPE "$OBJECT" &>$TMPFILE
              then
                if test -n "$RSBACLOGFILE"
                then
                  echo $RSBACPATH""acl_grant -m `split_subj $TMP` $TYPE \"$OBJECT\" >>"$RSBACLOGFILE"
                fi
              else
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Remove Entry: No object specified!" 5 $BC
        fi
      ;;

    "Change TTL")
        if test "$TYPE" != "NONE"
        then \
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$TMP" \
                    --menu "Choose entry to set time-to-live" $BL $BC $MAXLINES \
                    `gen_tlist` \
             2>$TMPFILE
          do TMP=`cat $TMPFILE`
            TTL=`echo $TMP|cut -d ':' -f 2|cut -d 's' -f 1`
            if test "$TTL" = "$TMP" -o -z "$TTL"
            then TTL=0
            fi
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --inputbox "Enter TTL in seconds for $TMP (0 for unlimited)" $BL $BC "$TTL" \
              2>$TMPFILE
            then TTL=`cat $TMPFILE`
              if test "$TYPE" = DEV
              then
                if $RSBACPATH""acl_grant -d -t $TTL `split_subj $TMP` $TYPE "$DEVSPEC" &>$TMPFILE
                then
                  if test -n "$RSBACLOGFILE"
                  then
                    echo $RSBACPATH""acl_grant -d -t $TTL `split_subj $TMP` $TYPE \"$DEVSPEC\" >>"$RSBACLOGFILE"
                  fi
                else
                  $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                fi
              else
                if $RSBACPATH""acl_grant -t $TTL `split_subj $TMP` $TYPE "$OBJECT" &>$TMPFILE
                then
                  if test -n "$RSBACLOGFILE"
                  then
                    echo $RSBACPATH""acl_grant -t $TTL `split_subj $TMP` $TYPE \"$OBJECT\" >>"$RSBACLOGFILE"
                  fi
                else
                  $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                fi
              fi
            fi
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Change TTL: No object specified!" 5 $BC
        fi
      ;;

    "Name / Rights")
        if test "$SHOW" = Rights
        then SHOW=Name
        else SHOW=Rights
        fi
      ;;

    'Who has here')
        if test "$TYPE" != "NONE"
        then \
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --default-item "$STYPE" \
                    --menu "Who has rights to $TYPE $OBJECT: Choose subject type" $BL $BC 4 \
                                ALL "All types" \
                                GROUP "ACL group" \
                                ROLE "RC role" \
                                USER "Normal user" \
             2>$TMPFILE
          do
            STYPE=`cat $TMPFILE`
            case $STYPE in
              GROUP)
                TMP=`$RSBACPATH""acl_group -gsn list_groups`
                for i in $TMP
                do
                  if test "$TYPE" = DEV
                  then
                    TMP2=`$RSBACPATH""acl_rights -sgd $i $TYPE "$DEVSPEC"`
                  else
                    TMP2=`$RSBACPATH""acl_rights -sg $i $TYPE "$OBJECT"`
                  fi
                  echo GROUP_${i} $TMP2
                done > $TMPFILETWO
                ;;
              ROLE)
                TMP=`rc_get_item list_role_nr`
                for i in $TMP
                do
                  if test "$TYPE" = DEV
                  then
                    TMP2=`$RSBACPATH""acl_rights -sdl $i $TYPE "$DEVSPEC"`
                  else
                    TMP2=`$RSBACPATH""acl_rights -sl $i $TYPE "$OBJECT"`
                  fi
                  echo ROLE_${i} $TMP2
                done > $TMPFILETWO
                ;;
              USER)
                TMP=`${RSBACPATH}attr_get_user -nl|sort -n`
                for i in $TMP
                do
                  if test "$TYPE" = DEV
                  then
                    TMP2=`$RSBACPATH""acl_rights -sdu $i $TYPE "$DEVSPEC"`
                  else
                    TMP2=`$RSBACPATH""acl_rights -su $i $TYPE "$OBJECT"`
                  fi
                  echo USER_${i} $TMP2
                done > $TMPFILETWO
                ;;
              ALL)
                TMP=`$RSBACPATH""acl_group -gsn list_groups`
                for i in $TMP
                do
                  if test "$TYPE" = DEV
                  then
                    TMP2=`$RSBACPATH""acl_rights -sgd $i $TYPE "$DEVSPEC"`
                  else
                    TMP2=`$RSBACPATH""acl_rights -sg $i $TYPE "$OBJECT"`
                  fi
                  echo GROUP_${i} $TMP2
                done > $TMPFILETWO
                TMP=`rc_get_item list_role_nr`
                for i in $TMP
                do
                  if test "$TYPE" = DEV
                  then
                    TMP2=`$RSBACPATH""acl_rights -sdl $i $TYPE "$DEVSPEC"`
                  else
                    TMP2=`$RSBACPATH""acl_rights -sl $i $TYPE "$OBJECT"`
                  fi
                  echo ROLE_${i} $TMP2
                done >> $TMPFILETWO
                TMP=`${RSBACPATH}attr_get_user -nl|sort -n`
                for i in $TMP
                do
                  if test "$TYPE" = DEV
                  then
                    TMP2=`$RSBACPATH""acl_rights -sdu $i $TYPE "$DEVSPEC"`
                  else
                    TMP2=`$RSBACPATH""acl_rights -su $i $TYPE "$OBJECT"`
                  fi
                  echo USER_${i} $TMP2
                done >> $TMPFILETWO
                ;;
            esac
            while $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --default-item "$SUBJ" \
                      --menu "Who has rights to $TYPE $OBJECT" $BL $BC $MAXLINES \
                             `cat $TMPFILETWO | grep -v "000000000000000000000000000000000000000000000000000"` \
                  2>$TMPFILE
            do SUBJ=`cat $TMPFILE`
               TMP=`echo $SUBJ|cut -d '_' -f 2`
               case $SUBJ in
                 GROUP_*)
                   if $RSBACPATH""acl_group -s get_group_entry $TMP >$TMPFILE 2>/dev/null
                   then TMP="$SUBJ / `cat $TMPFILE | tr ' ' '_'`"
                   else TMP="$SUBJ / '(private)'"
                   fi
                   ;;
                 ROLE_*)
                   if $RSBACPATH""rc_get_item ROLE $TMP name > $TMPFILE 2>/dev/null
                   then
                     TMP="$SUBJ / `cat $TMPFILE | tr ' ' '_'`"
                   else
                     TMP="$SUBJ / '(unknown)'"
                   fi
                   ;;
                 USER_*)
                   TMP="$SUBJ / `$RSBACPATH""attr_get_user $TMP user_name`"
                   ;;
               esac
               echo "$TMP" rights to $TYPE $OBJECT >$TMPFILE
               echo --------------------------------------- >>$TMPFILE
               if test "$TYPE" = DEV
               then
                 if $RSBACPATH""acl_rights -sdp --`split_subj $SUBJ` $TYPE "$DEVSPEC" >>$TMPFILE
                 then 
                   $DIALOG --title "$TITLE" \
                          --backtitle "$BACKTITLE" \
                          --textbox $TMPFILE $BL $BC
                 fi
               else
                 if $RSBACPATH""acl_rights -sp --`split_subj $SUBJ` $TYPE "$OBJECT" >>$TMPFILE
                 then 
                   $DIALOG --title "$TITLE" \
                          --backtitle "$BACKTITLE" \
                          --textbox $TMPFILE $BL $BC
                 fi
               fi
            done
            rm $TMPFILETWO
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Who has here: No object specified!" 5 $BC
        fi
      ;;

    'Change Mask')
      check_mask_rights
      ;;

    GROUP* | ROLE* | USER*)
      check_rights $SELECTED
      ;;

    "Clear ACL")
      if test "$TYPE" != "NONE"
      then
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --yesno "Remove all ACL entries for $TYPE $OBJECT?" 6 $BC \
           2>$TMPFILE
        then
          if test "$TYPE" = DEV
          then
            TMP=`$RSBACPATH""acl_tlist -sd $TYPE "$DEVSPEC" | tr ' ' '_'`
            for i in $TMP
            do
              $RSBACPATH""acl_grant -md `split_subj $i` $TYPE "$DEVSPEC"
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""acl_grant -md `split_subj $i` $TYPE \"$DEVSPEC\" >>"$RSBACLOGFILE"
              fi
            done
          else
            TMP=`$RSBACPATH""acl_tlist -s $TYPE "$OBJECT" | tr ' ' '_'`
            for i in $TMP
            do
              $RSBACPATH""acl_grant -m `split_subj $i` $TYPE "$OBJECT"
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""acl_grant -m `split_subj $i` $TYPE \"$OBJECT\" >>"$RSBACLOGFILE"
              fi
            done
          fi
        fi
      fi
      ;;

    'Groups')
      $RSBACPATH""rsbac_acl_group_menu
      ;;

    'Roles')
      $RSBACPATH""rsbac_rc_role_menu
      ;;

    'FD attr')
      $RSBACPATH""rsbac_fd_menu "$OBJECT"
      ;;

    'DEV attr')
      $RSBACPATH""rsbac_dev_menu "$OBJECT"
      ;;

    'IPC attr')
      $RSBACPATH""rsbac_ipc_menu
      ;;

    'SCD attr')
      $RSBACPATH""rsbac_scd_menu "$OBJECT"
      ;;

    'USER attr')
      $RSBACPATH""rsbac_user_menu
      ;;

    'PROCESS attr')
      $RSBACPATH""rsbac_process_menu
      ;;

    'NETDEV attr')
      $RSBACPATH""rsbac_netdev_menu $OBJECT
      ;;

    'NETTEMP attr'|'NETTEMP_NT attr')
      $RSBACPATH""rsbac_nettemp_menu $OBJECT
      get_attributes "$OBJECT"
      ;;

    'NETOBJ attr')
      $RSBACPATH""rsbac_netobj_menu $OBJECT
      ;;

    Quit)
        rm $TMPFILE
        test -e $TMPFILETWO && rm $TMPFILETWO
        exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC
  esac
# sleep 2
done
