#!/bin/sh
##################################################################################################################
# Copyright 2017-2025 Open Text
#
# The only warranties for products and services of services of Open Text and its affiliates and licensors (“Open Text”) 
# are as may be set forth in the express warranty statements accompanying such products and services. Nothing
# herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical
# or editorial errors or omissions contained herein. The information contained herein is subject to change without
# notice.
##################################################################################################################

RPM_UPDATE=$1
ERR_FILENAME=$(basename ${0})
ERR_LOG="/var/opt/novell/log/post_update_fix.log"
USER=iprint

InitLog()
{
    if [[ ! -z $RPM_UPDATE ]]; then
        ERR_LOG=$RPM_UPDATE$ERR_LOG
    fi
    echo "Log file path: $ERR_LOG"
    echo " " >> $ERR_LOG
    echo "=============== "$(date)" ===============" >> $ERR_LOG
	return 0
}

FixPermission()
{
    echo "Fixing permission ..." >> $ERR_LOG
    ID=$(id -u $USER 2>&1)
	echo "${USER} id is ${ID}" >> $ERR_LOG
    if [[ ! -z $ID ]] && [[ $ID != *"such user"* ]]; then
        GROUP=$(id -g -n $USER 2>&1)
        echo "${USER} group is ${GROUP}" >> $ERR_LOG
        if [[ ! -z $GROUP ]]  && [[ $GROUP != *"such user"* ]]; then
            D_PATH=$(echo "/var/opt/novell/nici/"$ID)
            echo "PATH is ${D_PATH}" >> $ERR_LOG
            if [ -d $D_PATH ]; then
                echo "Changing permission to $USER:$GROUP for "$D_PATH >> $ERR_LOG
                /bin/chown -R $USER:$GROUP $D_PATH >> $ERR_LOG          
            else 
                echo "$D_PATH not found." >> $ERR_LOG
                return 3
            fi    
        else
            echo "Not able to fetch group for user: "$USER >> $ERR_LOG
            return 4
        fi
    else
        echo "${USER} user not found" >> $ERR_LOG
        return 5
    fi
    return 0
}

#Fix for octane bug OCTCR52A76057
FixiPrintApache2Conf()
{
CONF_DIR="/etc/opt/novell/iprint/httpd/conf"
IPRINT_G="${CONF_DIR}/iprint_g.conf" 	
if [ -f "${IPRINT_G}.rpmsave" ];then 	
	alias_path=`grep -E "^[[:space:]]*Alias /ippdocs" ${IPRINT_G} | cut -d '"' -f2`
	# Check whether iprint_g.conf file contains the ippdocs alias path with /media/nss or not for cluster check
	if [[ ! $alias_path =~ "/media/nss" ]]; then
		rpm_save_alias_path=`grep -E "^[[:space:]]*Alias /ippdocs" ${IPRINT_G}.rpmsave | cut -d '"' -f2`
		if [[ $rpm_save_alias_path =~ "/media/nss" ]]; then
			echo "Updating the iprintg.conf file with the /media/nss path for the ippdocs alias path" >> $ERR_LOG
			/usr/bin/sed -i -e "s@^[[:space:]]*Alias[[:space:]]*/ippdocs/.*@Alias /ippdocs/ \"${rpm_save_alias_path}\"@" $IPRINT_G >> $ERR_LOG 2>&1
			/usr/bin/sed -i -e "s@^[[:space:]]*<Directory[[:space:]].*/var/opt/novell/iprint/htdocs>@<Directory ${rpm_save_alias_path}>@" $IPRINT_G >> $ERR_LOG 2>&1
		
		fi
	fi
    
    NEW_SSLPROTOCOL="SSLProtocol -all +TLSv1.2 +TLSv1.3"
    # Check if the correct SSLProtocol is already configured and active
    current_ssl_ok=$(grep "^[[:space:]]*[^#]${NEW_SSLPROTOCOL}" "${IPRINT_G}" 2>/dev/null || true)

    if [ -z "$current_ssl_ok" ]; then

       # Check for active SSLProtocol
       active_sslprotocol=$(grep "^[[:space:]]*[^#]SSLProtocol" "${IPRINT_G}" 2>/dev/null || true)
       NEW_SSLPROTOCOL_LINE="    ${NEW_SSLPROTOCOL}"

       # Handle SSLProtocol
       if [ -z "$active_sslprotocol" ]; then
          echo "No active SSLProtocol found. Inserting..."
          if grep -q "^[[:space:]]*[^#]SSLEngine" "${IPRINT_G}"; then
             sed -i "/SSLEngine/a\\${NEW_SSLPROTOCOL_LINE}" "${IPRINT_G}"
          else
             sed -i "/<\/VirtualHost>/i\\${NEW_SSLPROTOCOL_LINE}" "${IPRINT_G}"
          fi
       else
          echo "Replacing active SSLProtocol line."
          sed -i "s|^[[:space:]]*[^#]SSLProtocol.*|${NEW_SSLPROTOCOL_LINE}|" "${IPRINT_G}"
       fi
    else
       echo "SSLProtocol is already correctly set. No changes needed."
    fi

    NEW_SSLCIPHERSUITE="SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!ADH:!RC4:+RSA:+HIGH:+MEDIUM:!MD5:@STRENGTH"
    # Check if the correct SSLProtocol is already configured and active
    current_cipher_suite_ok=$(grep "^[[:space:]]*[^#]${NEW_SSLCIPHERSUITE}" "${IPRINT_G}" 2>/dev/null || true)

    if [ -z "$current_cipher_suite_ok" ]; then

       # Check for active SSLCipherSuite
       active_ciphersuite=$(grep "^[[:space:]]*[^#]SSLCipherSuite" "${IPRINT_G}" 2>/dev/null || true)
       NEW_SSLCIPHERSUITE_LINE="    ${NEW_SSLCIPHERSUITE}"

       # Handle SSLCipherSuite
       if [ -z "$active_ciphersuite" ]; then
          echo "No active SSLCipherSuite found. Inserting..."
          if grep -q "^[[:space:]]*[^#]SSLProtocol" "${IPRINT_G}"; then
             sed -i "/SSLProtocol/a\\${NEW_SSLCIPHERSUITE_LINE}" "${IPRINT_G}"
          elif grep -q "^[[:space:]]*[^#]SSLEngine" "${IPRINT_G}"; then
             sed -i "/SSLEngine/a\\${NEW_SSLCIPHERSUITE_LINE}" "${IPRINT_G}"
          else
             sed -i "/<\/VirtualHost>/i\\${NEW_SSLCIPHERSUITE_LINE}" "${IPRINT_G}"
          fi
       else
          echo "Replacing active SSLCipherSuite line."
          sed -i "s|^[[:space:]]*[^#]SSLCipherSuite.*|${NEW_SSLCIPHERSUITE_LINE}|" "${IPRINT_G}"
       fi
    else
       echo "SSLCipherSuite is already correctly set. No changes needed."
    fi
   
	#Rename the iprint_g.conf.rpmsave to iprint_g.conf.rpmsave.bkp
	mv ${IPRINT_G}.rpmsave ${IPRINT_G}.rpmsave.bkp >> $ERR_LOG 2>&1
fi
}

InitLog
RET=$?
if [ $RET -eq 0 ]; then
    FixPermission
    if [ $? -eq 0 ]; then
        echo "Success" | tee -a $ERR_LOG
    else
        echo "Failed. Check log file for details." | tee -a $ERR_LOG
    fi
	FixiPrintApache2Conf
fi

