#!/bin/sh

DA_PATH=/usr/local/directadmin
DA_CONFIG=${DA_PATH}/conf/directadmin.conf
DA_SCRIPTS=${DA_PATH}/scripts
DA_TQ=${DA_PATH}/data/task.queue

SERVICES_STATUS=${DA_PATH}/data/admin/services.status

# DA 1.646 systemd only
DA_INITD_SERVICE=/etc/init.d/directadmin
DA_SYSTEMD_SERVICE=/etc/systemd/system/directadmin.service
if [ -f ${DA_INITD_SERVICE} ]; then
	cp -f ${DA_SCRIPTS}/directadmin.service ${DA_SYSTEMD_SERVICE}
	rm -f "${DA_INITD_SERVICE}"
	systemctl daemon-reload
	systemctl enable directadmin.service
elif ! diff --brief ${DA_SCRIPTS}/directadmin.service ${DA_SYSTEMD_SERVICE} > /dev/null; then
	cp -f ${DA_SCRIPTS}/directadmin.service ${DA_SYSTEMD_SERVICE}
	systemctl daemon-reload
fi

if [ ! -s /etc/systemd/system/directadmin-userd@.service ] || ! diff --brief ${DA_SCRIPTS}/directadmin-userd@.service /etc/systemd/system/directadmin-userd@.service > /dev/null; then
	cp -f ${DA_SCRIPTS}/directadmin-userd@.service /etc/systemd/system/directadmin-userd@.service
	systemctl daemon-reload
fi

if [ ! -s /etc/systemd/system/directadmin-userd@.socket ] || ! diff --brief ${DA_SCRIPTS}/directadmin-userd@.socket /etc/systemd/system/directadmin-userd@.socket > /dev/null; then
	cp -f ${DA_SCRIPTS}/directadmin-userd@.socket /etc/systemd/system/directadmin-userd@.socket
	systemctl daemon-reload
fi 


if ! diff --brief ${DA_SCRIPTS}/directadmin_cron /etc/cron.d/directadmin_cron > /dev/null; then
	cp -f ${DA_SCRIPTS}/directadmin_cron /etc/cron.d/directadmin_cron
	chmod 600 /etc/cron.d/directadmin_cron
	chown root /etc/cron.d/directadmin_cron
fi

if [ -e /etc/logrotate.d ] && ! diff --brief ${DA_SCRIPTS}/directadmin.rotate /etc/logrotate.d/directadmin > /dev/null; then
	cp $DA_SCRIPTS/directadmin.rotate /etc/logrotate.d/directadmin
	chmod 644 /etc/logrotate.d/directadmin
fi

#Set permissions with current DA version.
${DA_PATH}/directadmin permissions

{
	echo "action=cache&value=showallusers"
	echo "action=cache&value=safemode"
	echo "action=convert&value=cronbackups"
	echo "action=syscheck"

	# Do we really need them?
	#DA 1.56.2
	#https://www.directadmin.com/features.php?id=2332
	echo 'action=rewrite&value=cron_path'

	# rewrite jail configs to be compatible with old MSMTP
	# DA v.1.653
	echo "action=rewrite&value=jail"
} >> $DA_TQ

#Allow all TCP/UDP outbound connections from root
if [ -e /etc/csf/csf.allow ] && [ -x /usr/sbin/csf ]; then
	if ! grep -q 'out|u=0' /etc/csf/csf.allow; then
		/usr/sbin/csf -a "tcp|out|u=0" "Added by DirectAdmin"
		/usr/sbin/csf -a "udp|out|u=0" "Added by DirectAdmin"
	fi
fi

# DA 1.63.5 remove directadmin from services.status list
if [ -s ${SERVICES_STATUS} ] && grep -q '^directadmin=' ${SERVICES_STATUS}; then
	sed -i '/^directadmin=/d' ${SERVICES_STATUS}
fi

# DA 1.641 remove old system DB file
if [ -s "${DA_PATH}/data/admin/da.db" ]; then
	rm -f "${DA_PATH}/data/admin/da.db"
fi

# DA 1.643 replace relative tmpdir config option to absolute
# old:
#     tmpdir=../../../home/tmp
# new:
#     tmpdir=/home/tmp
if grep -q '^tmpdir=\.\./\.\./\.\./' ${DA_CONFIG}; then
	sed -i 's|^tmpdir=\.\./\.\./\.\./|tmpdir=/|' ${DA_CONFIG}
fi

# DA 1.643 unify Evolution custom translations structure by removing language
# directories. This make sure files `.../lang/{xx}/custom/lang.po` are moved
# to `../lang/custom/{xx}.po`.
EVO_LANGS=${DA_PATH}/data/skins/evolution/lang
find "${EVO_LANGS}" -path '*/custom/lang.po' -printf "%P\n" | while read -r file; do
	xx=${file%/custom/lang.po}
	if [ "${xx#*/}" != "${xx}" ]; then
		# Ignore if {xx} contains `/` symbols
		continue
	fi
	mkdir -p "${EVO_LANGS}/custom"
	mv "${EVO_LANGS}/${file}" "${EVO_LANGS}/custom/${xx}.po"
done

if [ -f ${DA_PATH}/custombuild/options.conf ]; then
	# DA 1.644 force CB cron handler to upgrade crontab-file
	${DA_PATH}/directadmin build cron > /dev/null 2> /dev/null || true

	# Add depreciation checks
	${DA_PATH}/directadmin build deprecation_check > /dev/null 2> /dev/null || true
fi

# DA 1.645 run custombuild cronjob from binary
rm -f /etc/cron.daily/custombuild
rm -f /etc/cron.weekly/custombuild
rm -f /etc/cron.monthly/custombuild

# DA 1.645 allow CB to run post-install tasks
${DA_PATH}/directadmin build install

# DA 1.646 drop /etc/virtual/pophosts
rm -f /etc/virtual/pophosts
rm -f /etc/virtual/pophosts_user

# DA 1.647 remove old CustomBuild plugin
if [ -d "${DA_PATH}/plugins/custombuild" ]; then
	rm -rf "${DA_PATH}/plugins/custombuild"
	if getent passwd cb_plugin > /dev/null; then
		userdel cb_plugin
	fi
fi

# DA 1.649 remove da-popb4smtp service
if [ -s "${SERVICES_STATUS}" ] && grep -q '^da-popb4smtp=' "${SERVICES_STATUS}"; then
	sed -i '/^da-popb4smtp=/d' "${SERVICES_STATUS}"
fi
if [ -f /etc/systemd/system/da-popb4smtp.service ] || [ -f /etc/rc.d/init.d/da-popb4smtp ]; then
	systemctl --quiet disable --now da-popb4smtp.service
	rm -f /etc/systemd/system/da-popb4smtp.service /etc/rc.d/init.d/da-popb4smtp
	systemctl daemon-reload
fi

# DA 1.653 remove cluster_ip_bind from config if it is set to NULL (case
# insensitive).
if grep -i -q '^cluster_ip_bind=null$' ${DA_CONFIG}; then
	sed -i '/^cluster_ip_bind=/d' ${DA_CONFIG}
fi

# DA 1.659 move data/templates/mx/custom -> data/templates/custom/mx
if [ -d ${DA_PATH}/data/templates/mx/custom ] && [ ! -e ${DA_PATH}/data/templates/custom/mx ]; then
	mkdir -p ${DA_PATH}/data/templates/custom
	chown diradmin:diradmin ${DA_PATH}/data/templates/custom
	mv -f -T ${DA_PATH}/data/templates/mx/custom ${DA_PATH}/data/templates/custom/mx
fi

# DA 1.659 remove vm-pop3d service
if [ -s "${SERVICES_STATUS}" ] && grep -q '^vm-pop3d=' "${SERVICES_STATUS}"; then
	sed -i '/^vm-pop3d=/d' "${SERVICES_STATUS}"
fi

# DA 1.659 replace /root/.zerossl with directadmin.conf setting
if [ -f /root/.zerossl ]; then
	${DA_PATH}/directadmin config-set default_acme_provider zerossl > /dev/null
	rm -f /root/.zerossl
fi

# DA 1.659 move scripts/setup.txt -> conf/setup.txt
if [ -f "${DA_PATH}/scripts/setup.txt" ] && [ ! -L "${DA_PATH}/scripts/setup.txt" ]; then
	mv --no-target-directory "${DA_PATH}/scripts/setup.txt" "${DA_PATH}/conf/setup.txt"
	chmod 600 "${DA_PATH}/conf/setup.txt"
	ln -s "${DA_PATH}/conf/setup.txt" "${DA_PATH}/scripts/setup.txt"
fi

# DA 1.659 rework password check script
if grep -q '^enforce_difficult_passwords=1$' "${DA_CONFIG}" && \
	! grep -q '^password_check_script=' "${DA_CONFIG}" && \
	[ -f "${DA_PATH}/scripts/custom/difficult_password.php" ]
then
	${DA_PATH}/directadmin config-set password_check_script scripts/custom/difficult_password.php > /dev/null
	${DA_PATH}/directadmin config-set enforce_difficult_passwords 0 > /dev/null
fi

# DA 1.664 rework server tls dns provider config
ACME_SERVER_CERT_DNS_PROVIDER="$(grep -om1 '^dnsprovider=[^;<>|\ ]*' /usr/local/directadmin/conf/ca.dnsprovider 2>/dev/null | cut -d= -f2)"
if [ -n "${ACME_SERVER_CERT_DNS_PROVIDER}" ]; then
	${DA_PATH}/directadmin config-set acme_server_cert_dns_provider "${ACME_SERVER_CERT_DNS_PROVIDER}" > /dev/null
	sed -i '/^dnsprovider=/d' /usr/local/directadmin/conf/ca.dnsprovider
fi
if [ "$(da config-get letsencrypt)" = 1 ] && [ -f "$(da config-get cacert).creation_time" ]; then
	ADDITIONAL_DOMAINS="$(openssl x509 -in "$(da config-get cacert)" -noout -ext subjectAltName 2>/dev/null | grep -Po '(?<=DNS:)[^,]*' | grep -Fvx "$(da config-get servername)" | paste -sd,)"
	if [ -n "${ADDITIONAL_DOMAINS}" ]; then
		${DA_PATH}/directadmin config-set acme_server_cert_additional_domains "${ADDITIONAL_DOMAINS}" > /dev/null
	fi
	${DA_PATH}/directadmin config-set acme_server_cert_enabled 1 > /dev/null
	rm -f "$(da config-get cacert).creation_time"
fi