#!/bin/bash
##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2011.
# See http://www.eu-egee.org/partners/ for details on the copyright
# holders.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################################
#
# NAME :        config_DPM_dav
#
# DESCRIPTION : This function configures the WebDAV server
#
# AUTHORS :     Alejandro.Alvarez.Ayllon@cern.ch
#
# YAIM MODULE:  glite-yaim-dpm
#
##############################################################################

config_DPM_dav_check () {
  requires $1 DPM_HOST DPM_DAV HTTPD_CONF_DIR DPM_FILESYSTEMS DPM_DAV_NS_CONFIG DPM_DAV_DISK_CONFIG
}


config_DPM_dav () {
  if [ "$DPM_DAV" == "no" ]; then
    yaimlog WARNING "DPM_DAV set to no. DAV access to DPM will not be configured"
    return 0
  fi
  
  if [ "$DMLITE" == "no" ]; then
    yaimlog ERROR "DPM_DAV set to yes, but DMLITE set to no. DMLITE is needed for DAV"
    return 1
  fi

  # Modify main configuration file
  sed -i "s/User .*/User ${DPMMGR_USER}/g"                      "${HTTPD_CONF_DIR}/conf/httpd.conf"
  sed -i "s/Group .*/Group ${DPMMGR_GROUP}/g"                   "${HTTPD_CONF_DIR}/conf/httpd.conf"
  sed -i "s/#*ServerName .*/ServerName `hostname -f`/g"         "${HTTPD_CONF_DIR}/conf/httpd.conf"
  sed -i "s/^LoadModule dav_module \(.*\)/#LoadModule dav_module \1/g" "${HTTPD_CONF_DIR}/conf/httpd.conf"
  sed -i "s/^LoadModule dav_fs_module \(.*\)/#LoadModule dav_fs_module \1/g" "${HTTPD_CONF_DIR}/conf/httpd.conf"
  
  # Modify ssl.conf
  if [ -f "${HTTPD_CONF_DIR}/conf.d/ssl.conf" ]; then
    sed -i "s:[# ]*SSLCertificateFile .*:SSLCertificateFile ${X509_HOST_CERT}:g"      "${HTTPD_CONF_DIR}/conf.d/ssl.conf"
    sed -i "s:[# ]*SSLCertificateKeyFile .*:SSLCertificateKeyFile ${X509_HOST_KEY}:g" "${HTTPD_CONF_DIR}/conf.d/ssl.conf"
    grep "SSLCACertificatePath" "${HTTPD_CONF_DIR}/conf.d/ssl.conf" &> /dev/null
    if [ $? -eq 0 ]; then
      sed -i "s:[# ]*SSLCACertificatePath .*:SSLCACertificatePath ${X509_CERT_DIR}:g"   "${HTTPD_CONF_DIR}/conf.d/ssl.conf"
    else
      sed -i "s:[# ]*SSLCACertificateFile .*:SSLCACertificatePath ${X509_CERT_DIR}:g"   "${HTTPD_CONF_DIR}/conf.d/ssl.conf"
    fi
    sed -i "s:[# ]*SSLCARevocationPath .*:SSLCARevocationPath ${X509_CERT_DIR}:g"     "${HTTPD_CONF_DIR}/conf.d/ssl.conf"
    sed -i "s:[# ]*SSLVerifyClient .*:SSLVerifyClient require:g"                      "${HTTPD_CONF_DIR}/conf.d/ssl.conf"
    sed -i "s:[# ]*SSLVerifyDepth .*:SSLVerifyDepth 10:g"                             "${HTTPD_CONF_DIR}/conf.d/ssl.conf"
  else
    yaimlog WARNING "There is no ssl.conf file! The SSL configuration will have to be done manually"
  fi
  
  
  thisnode=`hostname -f`
  
  # On the HEAD node, enable mod_lcgdm_ns
  if [ "${thisnode}" == "${DPM_HOST}" ]; then
  
    if [ "${DPM_DAV_ANON}" != "" ]; then
      anon="NSAnon ${DPM_DAV_ANON}"
    else
      anon=""
    fi
    
cat > "${HTTPD_CONF_DIR}/conf.d/${DPM_DAV_NS_CONFIG}" <<EOF
<IfModule !dav_module>
  LoadModule dav_module     modules/mod_lcgdm_dav.so
</IfModule>
<IfModule !gridsite_module>
  LoadModule gridsite_module modules/mod_gridsite.so
</IfModule>

LoadModule lcgdm_ns_module  modules/mod_lcgdm_ns.so

NSDMLite ${DMLITE_HEAD_CONFIG}
NSType Head

<Location /dpm>
  DAV nameserver
  NSFlags ${DPM_DAV_NS_FLAGS}
  ${anon}
  NSSecureRedirect ${DPM_DAV_SECURE_REDIRECT}
  SSLOptions +StdEnvVars
</Location>

Alias /static/ /usr/share/lcgdm-dav/
<Location /static/>
  <IfModule expires_module>
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
  </IfModule>
</Location>

AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
EOF
  else
    rm -f "${HTTPD_CONF_DIR}/conf.d/${DPM_DAV_NS_CONFIG}"
  fi
  
  # On a DISK, enable mod_lcgdm_disk
  filesystem=`echo $DPM_FILESYSTEMS | egrep -o "$thisnode:/[^[:space:]]*"`
  if [ $? -eq 0 ]; then
  
#    filesystem=`echo $filesystem | awk -F: '{print $2}' | tr '\n' ' '`
    
    if [ "${DPM_DAV_ANON}" != "" ]; then
      anon="DiskAnon ${DPM_DAV_ANON}"
    else
      anon=""
    fi

cat > "${HTTPD_CONF_DIR}/conf.d/${DPM_DAV_DISK_CONFIG}" << EOF
<IfModule !mime_magic_module>
  LoadModule mime_magic_module  modules/mod_mime_magic.so
</IfModule>
<IfModule !dav_module>
  LoadModule dav_module         modules/mod_lcgdm_dav.so
</IfModule>
<IfModule !gridsite_module>
  LoadModule gridsite_module modules/mod_gridsite.so
</IfModule>

LoadModule lcgdm_disk_module    modules/mod_lcgdm_disk.so

DiskDMLite ${DMLITE_DISK_CONFIG}

ScriptAlias /gridsite-delegation "/usr/sbin/gridsite-delegation.cgi"
EOF

    for fss in $filesystem; do
      cfs=`echo $fss | awk -F: '{print $2}' | tr '\n' ' '`

cat >> "${HTTPD_CONF_DIR}/conf.d/${DPM_DAV_DISK_CONFIG}" << EOF

<Location ${cfs}>
  DAV disk
  DiskFlags ${DPM_DAV_DISK_FLAGS}
  $anon
  DiskProxyDelegationService /gridsite-delegation
  DiskProxyCache /var/www/proxycache
  SSLOptions +StdEnvVars
</Location>
EOF

    done
  else
    rm -f "${HTTPD_CONF_DIR}/conf.d/${DPM_DAV_DISK_CONFIG}"
  fi

  # Modify fetch-crl to reload Apache
  if [ -f "/etc/cron.d/fetch-crl" ]; then
    grep -q "service httpd reload" "/etc/cron.d/fetch-crl"
    if [ $? -ne 0 ]; then
      yaimlog INFO "Modifying fetch-crl cronjob!"
      if [ ! -f "/etc/fetch-crl.cron.backup" ]; then
        yaimlog INFO "Old fetch-crl cronjob copied to /etc/fetch-crl.cron.backup"
        cp "/etc/cron.d/fetch-crl" "/etc/fetch-crl.cron.backup"
      fi
      # Parse old cronjob
      FETCH_CRL_CRONJOB=`grep -x -P '^[^#\n].*' "/etc/cron.d/fetch-crl"`
      FETCH_CRL_CMD=`echo "${FETCH_CRL_CRONJOB}"  | awk '{for (i = 7; i <= NF; i++) printf("%s ", $i);}'`
      FETCH_CRL_TIME=`echo "${FETCH_CRL_CRONJOB}" | awk '{printf("%s %s %s %s %s", $1, $2, $3, $4, $5);}'`
      FETCH_CRL_USER=`echo "${FETCH_CRL_CRONJOB}" | awk '{print $6;}'`
      # Append to the command the reload of lcgdm-dav
      FETCH_CRL_CMD="{ ${FETCH_CRL_CMD}; } && /sbin/service httpd reload &> /dev/null"
      # Overwrite
      echo    "# fetch-crl cronjob regenerated by Yaim function config_DPM_dav" > "/etc/cron.d/fetch-crl"
      echo    "# The old cronjob was copied as /etc/fetch-crl.cron.backup"     >> "/etc/cron.d/fetch-crl"
      echo -e "${FETCH_CRL_TIME}\t${FETCH_CRL_USER}\t${FETCH_CRL_CMD}"         >> "/etc/cron.d/fetch-crl"
    else
      yaimlog INFO "fetch-crl cronjob is already modified"
    fi
  else
    yaimlog WARNING "fetch-crl cronjob not found"
  fi

  # If SELinux is running, connections should be allowed
  which setsebool &> /dev/null
  if [ $? -eq 0 ]; then
    if [ -f "/selinux/enforce" ]; then
      ENFORCED=`cat "/selinux/enforce"`
      if [ "$ENFORCED" -eq "1" ]; then
        yaimlog WARNING "SELinux seems to be enabled. Remember to configure it properly!"
      else
        yaimlog WARNING "SELinux seems to be disabled."
      fi
    fi
  fi

  # Restart service
  /sbin/service httpd restart
  if [ $? -ne 0 ]; then
    yaimlog ERROR "Could not start the httpd daemon"
    return 1
  fi

  # Register it to start by default
  /sbin/chkconfig httpd on
  
  # Done
  return 0
}

