#!/bin/bash
# This script sets up the Apache server to access
# websm help

#check if the apache server is installed

package=`rpm -q -a | grep apache | awk '{print $1}'`
#echo "The package is : $package"
if [ "$package" != "" ]
then
        #echo "Apache Package is installed....."
        #check if the httpd.conf file exists
        if [ -f /etc/httpd/httpd.conf ]
        then
		cp /etc/httpd/httpd.conf /etc/httpd/httpd.prevConf
                #echo "the config file exists"
		#check if the ServerName is already set
		hname=""
	        hname=`grep -v ^# /etc/httpd/httpd.conf | grep ServerName | cut -d ' ' -f 2`	
		if [ "$hname" != "" ]
		then 

		     #echo "Server Name exists hence needs to be changed"
		     awk '// {if ($1 ~ /^ServerName/) {printf("%s\n", hn)} else {print}}' hn="ServerName $HOSTNAME" /etc/httpd/httpd.conf > /etc/httpd/httpd.mod
		     cp /etc/httpd/httpd.mod /etc/httpd/httpd.conf
		     rm /etc/httpd/httpd.mod
		
		else	

                     # add the Server Name to the end of the file 
                     #echo "The host name is $HOSTNAME"
                     echo "ServerName $HOSTNAME" >> /etc/httpd/httpd.conf
		fi
	    fi

	    if [ ! -L /srv/www/help ]
	    then
	        #echo "Setting up the link"
	        ln -s /opt/hsc/help /srv/www/
	    fi
	
	    cd /
	    sed -e 's/-FollowSymLinks/+FollowSymLinks/g' /etc/httpd/httpd.conf > /tmp/_newHttpd.conf_
	    mv /tmp/_newHttpd.conf_ /etc/httpd/httpd.conf
	 


# ====================================================================================================
#              Access Control for Apache
#
#  Access control is implemented using Apache directives. 
#  Deny from all - denies the acces from all domains
#  Allow from all - allow the access from all domains
#
# For more detailed information on access control, please visit to http://httpd.apache.org/docs/
# ====================================================================================================


	hmcTagFinder=`grep -Fw "#HMC Configuration" /etc/httpd/httpd.conf`

	if [ "$hmcTagFinder" == "" ]
	then
	echo adding HMC specific entries to httpd.conf 
   	echo "

#HMC Configuration"  >> /etc/httpd/httpd.conf

  	/bin/sed -e 's/Options FollowSymLinks/Order allow,deny/' /etc/httpd/httpd.conf > /etc/httpd/httpd.conf.mod

       /bin/cp /etc/httpd/httpd.conf.mod /etc/httpd/httpd.conf
       /bin/rm -rf /etc/httpd/httpd.conf.mod

      /bin/sed -e 's/AllowOverride None/Deny from all/' /etc/httpd/httpd.conf > /etc/httpd/httpd.conf.mod

  /bin/cp /etc/httpd/httpd.conf.mod /etc/httpd/httpd.conf
  /bin/rm -rf /etc/httpd/httpd.conf.mod

  /bin/sed -e 's/Options Indexes FollowSymLinks/#Options Indexes FollowSymLinks/' /etc/httpd/httpd.conf > /etc/httpd/httpd.conf.mod

  /bin/cp /etc/httpd/httpd.conf.mod /etc/httpd/httpd.conf
  /bin/rm -rf /etc/httpd/httpd.conf.mod

  /bin/sed -e 's/AllowOverride/#AllowOverride/' /etc/httpd/httpd.conf > /etc/httpd/httpd.conf.mod

  /bin/cp /etc/httpd/httpd.conf.mod /etc/httpd/httpd.conf
  /bin/rm -rf /etc/httpd/httpd.conf.mod

  /bin/sed -e 's/Allow from all/Deny from all/' /etc/httpd/httpd.conf > /etc/httpd/httpd.conf.mod

  /bin/cp /etc/httpd/httpd.conf.mod /etc/httpd/httpd.conf
  /bin/rm -rf /etc/httpd/httpd.conf.mod

  echo "

<Directory /home/*/public_html>
     AllowOverride FileInfo AuthConfig Limit
     Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
     <Limit GET POST OPTIONS PROPFIND>
         Order allow,deny
         Allow from all
     </Limit>
     <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
         Order deny,allow
         Deny from all
     </Limit>
</Directory>" >> /etc/httpd/httpd.conf





echo '


<IfModule mod_alias.c>

   Alias /errordocs/ "/srv/www/htdocs/errordocs/"

   <Directory "/srv/www/htdocs/errordocs">
       AllowOverride None
       Options Multiviews FollowSymLinks
       Order allow,deny
       Allow from all 
   </Directory>

   ErrorDocument 400 /errordocs/bad_request.html
   ErrorDocument 403 /errordocs/forbidden.html
   ErrorDocument 404 /errordocs/missing.html
   ErrorDocument 500 /errordocs/server_error.html
   ErrorDocument 501 /errordocs/not_implemented.html
   ErrorDocument 503 /errordocs/service_unavailable.html

   Alias /pc_client /usr/websm/pc_client

   <Directory /usr/websm/pc_client>
       AllowOverride None
       Options All MultiViews
       Order Deny,Allow
       Allow from all
   </Directory> 

   Alias /help /srv/www/help
   <Directory /srv/www/help>
       AllowOverride None
       Options All MultiViews
       Order Deny,Allow
       Allow from all
   </Directory> 

   <Directory /srv/www/htdocs/pccship/html/images>
       AllowOverride None
       Options All MultiViews
       Order Deny,Allow
       Allow from all
   </Directory> 

   <Directory /srv/www/htdocs/wsmship/html/images>
       AllowOverride None
       Options All MultiViews
       Order Deny,Allow
       Allow from all
   </Directory> 

</IfModule>' >> /etc/httpd/httpd.conf

fi

pcclientTagFinder=`grep -Fw "#PC-Client Configuration" /etc/httpd/httpd.conf`

if [ "$pcclientTagFinder" == "" ]
then

echo adding PC client specific entries to httpd.conf
echo "

#PC-Client Configuration

<Files ~ "remote_client.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ chooseClient.html>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ websm_webstart.html>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "pcctoc.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "pccwarning.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsmbanner.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "remote_client_security.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "pc_client.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "pc_client_security.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "pccsecwarning.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsmsec_not_installed.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsmsec_installed.html">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsmsetup.exe">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>


<Files ~ "setup.exe">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "setupsec.exe">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "setupsecl.exe">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>


<Files ~ "wsmlinuxclient.exe">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsm.jnlp">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsm-ext.jnlp">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsm-ext2.jnlp">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsmssl-ext.jnlp">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsmssl-ex.jnlp">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsm-none.jnlp">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "wsm-us.jnlp">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ bundles.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ habeans.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ images.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ icserver.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ jcb.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ jhall.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ log.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ wsm.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ wsmextra.jar>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ sslite-us.zip>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ sslite-ex.zip>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ SMpubkr.zip>
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "ibm-linux-jre.i386.rpm">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "ibm-win32-jre.exe">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "ibm_logo.gif">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>

<Files ~ "websm_header.gif">
    Order allow,deny
    Allow from all
    Satisfy All
</Files>
<Files ~ "^\.htaccess">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>" >> /etc/httpd/httpd.conf

fi

grep "AuthName \"HMC\"" /etc/httpd/httpd.conf 2>/dev/null
if [ $? -ne 0 ]
then
   awk '// {if ($0 ~ /<Directory \"\/srv\/www\/htdocs\">/) \
           {print; \
            print "       AuthName \"HMC\""; \
            print "       AuthType Basic"; \
            print "       AuthUserFile /usr/local/etc/httpd/users"; \
            print "       require valid-user"; \
            print ""; \
            print ""; \
            print ""; \
 	    print "<Files /srv/www/htdocs/remote_client.html>"; \
	    print "    Options +FollowSymLinks +Includes +MultiViews";\
	    print "</Files>";\
           } else {print}}' /etc/httpd/httpd.conf > /tmp/httpd.mod
   mv /tmp/httpd.mod /etc/httpd/httpd.conf
fi
	    #check if the apache server is running
	    run=`ps -ef | grep httpd`
	    if [ "$run" != "" ]
	    then
			#echo "the httpd server is running hence need to stop"

                        /etc/rc.d/apache stop > /dev/null 2>&1
	    fi
	    #start the apache server
	    /etc/rc.d/apache start > /dev/null 2>&1

	#echo "done apache setup"

fi
