#!/bin/sh
# Usage
if [ $# -lt 4 ]; then
	echo "Usage: $0 customer ipaddress interface_name logical_interface" 
	exit 1
fi
ROOT=
C=$1
IP=$2
IC=$3
LOGICAL=$4
#
echo Adding ${C} to hosts
echo "${IP}\t${C}webserver" >> ${ROOT}/etc/hosts
#
echo Creating new logical interface ${IC}:${LOGICAL}
echo ${C}webserver > ${ROOT}/etc/hostname.${IC}:${LOGICAL}
#
echo Adding webserver profile entries for ${C}
echo "${C}:::Start apache web server for ${C}:help=index.html" >> ${ROOT}/etc/security/prof_attr
echo "${C}:tsol:cmd:::/usr/bin/setfacl:clearance=${C} HTTP FTP;label=${C} HTTP FTP" >> ${ROOT}/etc/security/exec_attr
echo "${C}:tsol:cmd:::/usr/bin/rm:clearance=${C} HTTP FTP;label=${C} HTTP FTP" >> ${ROOT}/etc/security/exec_attr
echo "${C}:tsol:cmd:::/usr/apache/bin/apachectl:uid=nobody;gid=webserver;clearance=${C} HTTP FTP CGI;label=${C} HTTP FTP;privs=proc_owner,net_privaddr,sys_devices" >> ${ROOT}/etc/security/exec_attr
ln /etc/init.d/apache /etc/rc3.d/S50apache.${C}
#
echo Creating log files
#
SLD=`getsldname -s "${C} HTTP FTP" /var/apache/logs`
touch /var/apache/.MLD.logs/$SLD/suexec_log
setlabel "${C} HTTP FTP" /var/apache/.MLD.logs/$SLD/suexec_log
#
# Create the document directory
#
mkdir -p /var/www/${C}
chown ${C}admin:webserver /var/www/${C}
setlabel ${C} /var/www/${C}
ln -s /var/apache/htdocs /var/www/${C}
#
# Create the httpd config file
#
/usr/xpg4/bin/awk '
 /^BindAddress/ {print $1, IP; next}
 /^ServerAdmin/ {print $1, C "admin"; next}
 /^ServerName/ {print $1, C "webserver"; next}
 /^DocumentRoot/ {print $1, "/var/www/" C "/htdocs"; next}
 /^ScriptAlias/ {print $1, "/cgi-bin/ /var/www/" C "/cgi-bin/"; next}
 /AuthUserFile/ {print $1, "/export/home/" C "admin/users"; next}
 /AuthName/ {print $1, C; next}
 /^include/ {next}
 {print}' C=${C} IP=${IP} </etc/apache/httpd.conf >/export/home/${C}admin/httpd.conf
chown ${C}admin:webserver /export/home/${C}admin/httpd.conf
setlabel ${C} /export/home/${C}admin/httpd.conf
#
# Plumb the new interface
#
echo Adding trusted network attributes for ${IC}:${LOGICAL}
echo "${IC}\\:${LOGICAL}:forced_privs=none;min_sl=admin_low;def_cl=${C} HTTP FTP;def_label=[${C} HTTP FTP];max_sl=${C} HTTP FTP"  >> ${ROOT}/etc/security/tsol/tnidb
#
echo Plumbing Interface ${IC}:${LOGICAL}  
/usr/sbin/ifconfig ${IC}:${LOGICAL} plumb 
/usr/sbin/ifconfig ${IC}:${LOGICAL} ${IP} up
tnctl -i ${IC}:${LOGICAL}
