883N/A#!/sbin/sh
883N/A#
883N/A# CDDL HEADER START
883N/A#
883N/A# The contents of this file are subject to the terms of the
883N/A# Common Development and Distribution License (the "License").
883N/A# You may not use this file except in compliance with the License.
883N/A#
883N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
883N/A# or http://www.opensolaris.org/os/licensing.
883N/A# See the License for the specific language governing permissions
883N/A# and limitations under the License.
883N/A#
883N/A# When distributing Covered Code, include this CDDL HEADER in each
883N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
883N/A# If applicable, add the following below this CDDL HEADER, with the
883N/A# fields enclosed by brackets "[]" replaced with your own identifying
883N/A# information: Portions Copyright [yyyy] [name of copyright owner]
883N/A#
883N/A# CDDL HEADER END
883N/A#
883N/A
883N/A#
883N/A# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
883N/A#
883N/A
883N/A. /lib/svc/share/smf_include.sh
883N/A. /lib/svc/share/ipf_include.sh
883N/A
883N/AAPACHE_HOME=/usr/apache2/2.2
883N/ACONF_FILE=/etc/vpanels/httpd.conf
883N/APIDFILE=/var/run/apache2/httpd.pid
883N/A
883N/ATEMPLATE="/etc/vpanels/httpd_conf.templ"
883N/AAPACHE_CONF="/var/run/httpd.conf"
883N/ASERVER_PG="httpd"
883N/ALISTEN_PORTS=""
883N/A
883N/ACAT="/usr/bin/cat"
883N/ACMP="/usr/bin/cmp"
883N/ACP="/usr/bin/cp"
883N/AECHO="usr/bin/echo"
883N/AGREP="/usr/bin/grep"
883N/AMKDIR="/usr/bin/mkdir"
883N/AMV="/usr/bin/mv"
883N/ARM="/usr/bin/rm"
883N/ASED="/usr/bin/sed"
883N/ASORT="/usr/bin/sort"
883N/ASVCPROP="/usr/bin/svcprop"
883N/ATR="/usr/bin/tr"
883N/AUNIQ="/usr/bin/uniq"
883N/A
883N/Avhost_is_enabled()
883N/A{
883N/A enabled=`$SVCPROP -p ${1}/enabled ${SMF_FMRI}`
883N/A if [ "$enabled" = "false" ]; then
883N/A return 1;
883N/A else
883N/A return 0;
883N/A fi
883N/A}
883N/A
883N/A#
883N/A# Add the given port to LISTEN_PORTS
883N/A#
883N/Aadd_listen_port()
883N/A{
883N/A LISTEN_PORTS="${LISTEN_PORTS} ${1}"
883N/A}
883N/A
883N/A# Create additional module directives from vhost configurations. Modules
883N/A# additions are in server config context so this methods has to run
883N/A# before any call to generate_vhost()
883N/A#
883N/Aprocess_modules()
883N/A{
883N/A mods=`mktemp /tmp/apache_mod.XXXXXX`
883N/A if [ -z "$mods" ]; then
883N/A exit 1
883N/A fi
883N/A
883N/A # Get a list of enabled virtual host.
883N/A list="$SERVER_PG"
883N/A for vhost in $1
883N/A do
883N/A vhost_is_enabled $vhost && list="$list $vhost"
883N/A done
883N/A
883N/A for pg in $list
883N/A do
883N/A modules=`$SVCPROP $SMF_FMRI | /usr/xpg4/bin/grep "^$pg\/module" | \
883N/A awk ' { printf("%s ", $1) }'`
883N/A
883N/A for module in $modules
883N/A do
883N/A set -- `$SVCPROP -p $module ${SMF_FMRI}`
883N/A if echo "$1" | grep "MODULE:" >/dev/null 2>&1; then
883N/A modname=`echo $1 | cut -f2 -d ':'`
883N/A file=$2
883N/A else
883N/A modname=`echo $2 | cut -f2 -d ':'`
883N/A file=$1
883N/A fi
883N/A echo "LoadModule $modname $file" >>$mods
883N/A
883N/A done
883N/A done
883N/A
883N/A if [ -f $mods ]; then
883N/A $CAT $mods | $SORT -u >$mods
883N/A $CAT $mods >>$APACHE_CONF
883N/A echo "">>$APACHE_CONF
883N/A fi
883N/A}
883N/A
883N/A# Put additional mime definitions into vhost configurations
883N/A#
883N/Aprocess_mimes()
883N/A{
883N/A pg=$1
883N/A mimes=`$SVCPROP $SMF_FMRI | /usr/xpg4/bin/grep "^$pg\/mime" | \
883N/A awk ' { printf("%s ", $1) }'`
883N/A
883N/A for mime in $mimes
883N/A do
883N/A Mimetype=""
883N/A ext=""
883N/A set -- `$SVCPROP -p $mime $SMF_FMRI`
883N/A for arg in "$@"
883N/A do
883N/A if echo "$arg" | grep "MIME:" >/dev/null 2>&1; then
883N/A Mimetype=`echo $arg | cut -f2 -d ':'`
883N/A else
883N/A ext="$ext $arg"
883N/A fi
883N/A done
883N/A ext=`echo "$ext" | sed 's/[,|\\]/ /g'`
883N/A echo "AddType $Mimetype $ext" >>$APACHE_CONF
883N/A done
883N/A}
883N/A
883N/A# Create vhost configuration in APACHE_CONF for
883N/A# named vhost.
883N/A#
883N/Agenerate_vhost()
883N/A{
883N/A vhost_name="$1"
883N/A
883N/A # Don't bother if this vhost is disabled
883N/A vhost_is_enabled $vhost || return 0
883N/A
883N/A sslengine=`$SVCPROP -p ${vhost_name}/sslengine ${SMF_FMRI}`
883N/A echo "" >>$APACHE_CONF
883N/A if [ "$sslengine" = "true" ]; then
883N/A sslcert=`$SVCPROP -p ${vhost_name}/sslcert ${SMF_FMRI}`
883N/A sslkey=`$SVCPROP -p ${vhost_name}/sslkey ${SMF_FMRI}`
883N/A sslip=`$SVCPROP -p ${vhost_name}/sslip ${SMF_FMRI}`
883N/A sslport=`$SVCPROP -p ${vhost_name}/sslport ${SMF_FMRI}`
883N/A
883N/A echo "Listen ${sslip}:${sslport}" >>$APACHE_CONF
883N/A echo "<VirtualHost ${sslip}:${sslport}>" >>$APACHE_CONF
883N/A echo "SSLEngine on" >>$APACHE_CONF
883N/A echo "SSLCertificateFile ${sslcert}" >>$APACHE_CONF
883N/A echo "SSLCertificateKeyFile ${sslkey}" >>$APACHE_CONF
883N/A else
883N/A port=`$SVCPROP -p ${vhost_name}/port ${SMF_FMRI}`
883N/A add_listen_port $port
883N/A echo "<VirtualHost *:${port}>" >>$APACHE_CONF
883N/A fi
883N/A
883N/A process_mimes $vhost_name
883N/A docroot=`$SVCPROP -p ${vhost_name}/docroot ${SMF_FMRI}`
883N/A use_custom=`$SVCPROP -p ${vhost_name}/custom_conf ${SMF_FMRI}`
883N/A custom_file=`$SVCPROP -p ${vhost_name}/custom_file ${SMF_FMRI}`
883N/A domain=`$SVCPROP -p ${vhost_name}/domain ${SMF_FMRI}`
883N/A serve_home_dir=`$SVCPROP -p ${vhost_name}/serve_home_dir ${SMF_FMRI}`
883N/A
883N/A # Create DocumentRoot directive if it's not empty. Also
883N/A # create a Directory section with default permission for
883N/A # the specified DocumentRoot directory
883N/A #
883N/A if [ "$docroot" != "\"\"" ]; then
883N/A echo "DocumentRoot ${docroot}" >>$APACHE_CONF
883N/A
883N/A echo "<Directory \"${docroot}\" >" >>$APACHE_CONF
883N/A echo "Options Indexes Includes FollowSymLinks " \
883N/A "SymLinksifOwnerMatch ExecCGI MultiViews" >>$APACHE_CONF
883N/A echo "AllowOverride None" >>$APACHE_CONF
883N/A echo "Order allow,deny" >>$APACHE_CONF
883N/A echo "Allow from all" >>$APACHE_CONF
883N/A echo "</Directory> " >>$APACHE_CONF
883N/A fi
883N/A
883N/A if [ "$use_custom" = "true" ]; then
883N/A if [ "$custom_file" != "\"\"" ]; then
883N/A echo "Include ${custom_file}" >>$APACHE_CONF
883N/A fi
883N/A fi
883N/A
883N/A if [ "$serve_home_dir" = "true" ]; then
883N/A echo "UserDir public_html" >>$APACHE_CONF
883N/A
883N/A echo "<Directory /home/*/public_html>" >>$APACHE_CONF
883N/A echo " AllowOverride Options FileInfo AuthConfig Limit" >>$APACHE_CONF
883N/A echo " Options Indexes Includes FollowSymLinks " \
883N/A "SymLinksifOwnerMatch ExecCGI MultiViews" >>$APACHE_CONF
883N/A echo " <Limit GET POST OPTIONS>" >>$APACHE_CONF
883N/A echo " Order allow,deny" >>$APACHE_CONF
883N/A echo " Allow from all" >>$APACHE_CONF
883N/A echo " </Limit>" >>$APACHE_CONF
883N/A echo " <LimitExcept GET POST OPTIONS>" >>$APACHE_CONF
883N/A echo " Order deny,allow" >>$APACHE_CONF
883N/A echo " Allow from all" >>$APACHE_CONF
883N/A echo " </LimitExcept>" >>$APACHE_CONF
883N/A echo "</Directory>" >>$APACHE_CONF
883N/A fi
883N/A
883N/A echo "ServerName ${domain}" >>$APACHE_CONF
883N/A echo "</VirtualHost>" >>$APACHE_CONF
883N/A}
883N/A
883N/Aget_vhost_list()
883N/A{
883N/A svccfg -s $1 listpg | awk ' {
883N/A if (($1 ~ /^vhost/) && ($2 == "application"))
883N/A printf("%s ", $1)
883N/A }'
883N/A}
883N/A
883N/Agen_conf_file()
883N/A{
883N/A httpd_custom_file=`$SVCPROP -p ${SERVER_PG}/custom_file ${SMF_FMRI}`
883N/A httpd_sslengine=`$SVCPROP -p ${SERVER_PG}/sslengine ${SMF_FMRI}`
883N/A httpd_custom_conf=`$SVCPROP -p ${SERVER_PG}/custom_conf ${SMF_FMRI}`
883N/A
883N/A # Generate general parameters
883N/A if [ "$httpd_custom_conf" = "true" ]; then
883N/A $RM ${CONF_FILE} >/dev/null 2>&1
883N/A ln -s ${httpd_custom_file} ${CONF_FILE}
883N/A exit 0
883N/A else
883N/A $CP $TEMPLATE $APACHE_CONF
883N/A fi
883N/A
883N/A if [ "$httpd_sslengine" = "true" ]; then
883N/A echo "\n SSLEngine on" >>$APACHE_CONF
883N/A fi
883N/A
883N/A # Get the list of vhost names
883N/A vhost_list=`get_vhost_list ${SMF_FMRI}`
883N/A
883N/A # Add mimes for server and modules for both server and virtual hosts
883N/A process_modules "${vhost_list}"
883N/A process_mimes "${SERVER_PG}"
883N/A
883N/A # Make sure root user's home directory is disabled
883N/A echo "UserDir disabled root" >>$APACHE_CONF
883N/A
883N/A # Generate vhost clauses in configuration file
883N/A for vhost in $vhost_list
883N/A do
883N/A generate_vhost $vhost
883N/A done
883N/A
883N/A echo >> $APACHE_CONF
883N/A
883N/A # Add a "Listen <port>" line for each uniqe port
883N/A echo "$LISTEN_PORTS" | "$TR" ' ' '\n' | "$GREP" '^[0-9][0-9]*$' |
883N/A "$SORT" | "$UNIQ" | "$SED" 's/^/Listen /' >> $APACHE_CONF
883N/A
883N/A # Add a "NameVirtualHost: *:<port>" line for each duplicate port
883N/A echo "$LISTEN_PORTS" | "$TR" ' ' '\n' | "$GREP" '^[0-9][0-9]*$' |
883N/A "$SORT" | "$UNIQ" -d |
883N/A "$SED" 's/^/NameVirtualHost *:/' >> $APACHE_CONF
883N/A
883N/A replace_file $CONF_FILE $APACHE_CONF
883N/A}
883N/A
883N/Agen_ipf_conf()
883N/A{
883N/A FMRI=$1
883N/A ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
883N/A policy=`get_policy ${FMRI}`
883N/A
883N/A echo "# $FMRI" >$ipf_file
883N/A # rules for global port
883N/A port=`$SVCPROP -p ${SERVER_PG}/port ${FMRI} 2>/dev/null`
883N/A generate_rules $FMRI $policy "tcp" "any" $port $ipf_file
883N/A
883N/A # rules for virtual hosts
883N/A vhost_list=`get_vhost_list ${FMRI}`
883N/A for vhost in $vhost_list
883N/A do
883N/A ip="any"
883N/A sslengine=`$SVCPROP -p ${vhost}/sslengine ${FMRI} 2>/dev/null`
883N/A if [ "$sslengine" = "true" ]; then
883N/A ip=`$SVCPROP -p ${vhost}/sslip ${FMRI} 2>/dev/null`
883N/A port=`$SVCPROP -p ${vhost}/sslport ${FMRI} 2>/dev/null`
883N/A else
883N/A port=`$SVCPROP -p ${vhost}/port ${FMRI} 2>/dev/null`
883N/A fi
883N/A generate_rules $FMRI $policy "tcp" $ip $port $ipf_file
883N/A done
883N/A}
883N/A
883N/A
883N/A
883N/Acase "$1" in
883N/Astart)
883N/A gen_conf_file
883N/A $RM -f ${PIDFILE}
883N/A $MKDIR -p /var/run/apache2
883N/A cmd="-DSSL -k start"
883N/A ;;
883N/Arefresh)
883N/A gen_conf_file
883N/A cmd="-k graceful"
883N/A ;;
883N/Astop)
883N/A cmd="-k stop"
883N/A ;;
883N/Aipfilter)
883N/A gen_ipf_conf $2
883N/A exit $SMF_EXIT_OK
883N/A ;;
883N/A*)
883N/A echo "Usage: $0 {start|stop|refresh}"
883N/A exit 1
883N/A ;;
883N/Aesac
883N/A
883N/A[ ! -f ${CONF_FILE} ] && exit $SMF_EXIT_ERR_CONFIG
883N/A
883N/Aexec ${APACHE_HOME}/bin/apachectl -f $CONF_FILE $cmd 2>&1