#! /bin/sh
# tweak-vhost (Bourne shell script) -- enables Suexec for a given vhost
#
# Assumes that FCGID has already been set up
#
# TO-DO: add "Options +ExecCGI" to conf file

self=tweak-vhost
wrapper_script=/usr/local/lib/fcgi-bin/php.fcgi

set -e

if [ $# -ne 2 ] ; then
  echo "Usage: tweak-vhost <sitename> <user>[:<group>]" >&2
  exit 1
fi

if [ ! -f $wrapper_script ] ; then
  echo "$self: Error: Can't find wrapper script; has setup-fcgid been run?" >&2
  exit 2
fi

sitename=$1
user=${2%:*}
# Due to a happy accident with the way prefix stripping works, no delimiter
# means the group becomes the same as the user, which is the intended outcome
group=${2#*:}

if ! getent passwd $user > /dev/null
then
  echo "$self: Error: User '$user' doesn't exist" >&2
  exit 4
fi

if ! getent group $group > /dev/null
then
  echo "$self: Error: Group '$group' doesn't exist" >&2
  exit 5
fi

# add .conf if needed
if [ -f /etc/apache2/sites-available/$sitename.conf ] ; then
  conf_file=/etc/apache2/sites-available/$sitename.conf
else
  conf_file=/etc/apache2/sites-available/$sitename
  if [ ! -f $conf_file ] ; then
    echo "$self: Error: Apache vhost file doesn't exist" >&2
    exit 6
  fi
fi

# Make a backup of the config file unless it already exists
# but if it has different contents, bail out
if [ -f $conf_file.orig ] ; then
  if [ "$(md5sum "$conf_file" | cut -d' ' -f1)" != "$(md5sum "$conf_file.orig" | cut -d' ' -f1)" ] ; then
    echo "$self: Error: Apache vhost file backup already exists" >&2
    exit 7
  fi
else
  cp -p $conf_file $conf_file.orig
fi

# Check that there is only one docroot
# Use GNU sed's I option for case insensitivity
docroot="$(sed -n 's/^[[:space:]]*DocumentRoot[[:space:]]*\([^#[:space:]]*\).*/\1/Ip' \
               $conf_file | uniq)"
if [ "$(echo "$docroot" | wc -l)" -ne 1 ] ; then
  echo "$self: Error: Multiple unique docroots in Apache vhost file" >&2
  exit 8
fi

# Create the required FCGID wrapper
topdir=${docroot%/*}
install -d -o $user -g $group $topdir/libexec
install -o $user -g $group $wrapper_script $topdir/libexec

# Modify the config file (clearing out any pre-existing items)
sed -i -e "/^[[:space:]]*SuexecUserGroup/d" -e "/^[[:space:]]*FcgidWrapper/d" \
       -e "/^<\/VirtualHost>/ i\\
  # -- FCGID and PHP user segregation --\\
  SuexecUserGroup $user $group\\
  FcgidWrapper $topdir/libexec/php.fcgi" \
    $conf_file

echo
echo 'Put "Options +ExecCGI" in your <Directory> block'