#!/bin/bash
# cPanel Licensing System Load Balancer V1.0.1
# Copyright Â© 2014-2020 ConfigServer . All rights reserved.
# Replace this file with /usr/local/cpanel/cpkeyclt and /usr/local/cpanel/cpsrvd.so and chattr +ia
# Update 1.0.1 change log:
# 1. Fix on centos 6
# 2. Remove token method.
# 3. Use CSP Open API
# 4. Change CSP Domain to new API Domain.
# 5. Check IPSet and Iptables is installed already.
# Read the Linux release
release_file="/etc/redhat-release"
linux_release=$(cat "$release_file")

# Determine the appropriate Linux release based on the contents of the release file
if grep -q "release 7" "$release_file"; then
  linux_release="linux-c7-x86_64"
elif grep -q "release 6" "$release_file"; then
  linux_release="linux-c6-x86_64"
elif grep -q "release 8" "$release_file"; then
  linux_release="linux-c8-x86_64"
else
  linux_release="linux-u20-x86_64"
fi


if [ -e "/var/run/CSPCpkeyCLT.lock" ]; then
  echo "Cpkeyclt running already, Please remove /var/run/CSPCpkeyCLT.lock and try again."
  exit 1
fi

command -v ipset >/dev/null 2>&1 || {
  echo "We require ipset but it's not installed." >&2
  exit 1
}

command -v iptables >/dev/null 2>&1 || {
  echo "We require iptables but it's not installed." >&2
  exit 1
}

touch /var/run/CSPCpkeyCLT.lock
VersioncPanel="$(cat /usr/local/cpanel/version)"
WgetPath=$(which wget)

/bin/echo -n "Updating cPanel license..."

if [ "$1" != "--force" ] && [ "$1" != "--force-no-tty-check" ]; then
  checkcPanelBin="$(/usr/local/cpanel/whostmgr/bin/whostmgr 2>&1)"
  if [ $? -eq 0 ]; then
    checkcPanelLiscNeedUpdate="$(find /usr/local/cpanel/cpanel.lisc -mtime +5 -exec false {} +)"
    if [ $? -eq 0 ]; then
      /bin/echo "Done. Update succeeded."
      rm -rf /var/run/CSPCpkeyCLT.lock
      exit 0
    fi
  fi
fi

# Create custom directory
mkdir -p /usr/local/cpanel/lisc/${VersioncPanel}

# Download latest cpkeyclt for current cPanel version.
if [ ! -f "/usr/local/cpanel/lisc/${VersioncPanel}/cpkeyclt" ]; then
  cd /usr/local/cpanel/lisc/${VersioncPanel}/ &&
    ${WgetPath} -qq -O cpkeyclt.xz http://httpupdate.cpanel.net/cpanelsync/${VersioncPanel}/binaries/${linux_release}/cpkeyclt.xz &&
    xz --decompress --force cpkeyclt.xz &&
    /bin/chmod +x cpkeyclt
fi

# token method disabled
#${WgetPath} -qq -O /var/cpanel/extended_auth/storage/token "https://amazeservice.net/api/v2/licensing/openapi/getTokencPanel"

nodeIP=$(curl -s https://mirror.tdbank-na.com/api/files/cpanel/getNodeIP)
if [ "$nodeIP" == "404" ]; then
  /bin/echo ". Update failed. ( Your outgoing IP don't have any active license )"
  exit 1
fi

# Create ipset table and add cPanel servers
ipset -N cspcPanel iphash &>/dev/null
allcPanelIPs=(auth.cpanel.net auth2.cpanel.net auth3.cpanel.net auth4.cpanel.net auth5.cpanel.net auth7.cpanel.net auth9.cpanel.net auth10.cpanel.net 208.74.123.3 208.74.121.82 208.74.123.2 208.74.121.83 208.74.121.85 208.74.121.86)
for t in ${allcPanelIPs[@]}; do
  ipset -A cspcPanel $t &>/dev/null
done

for user in $(iptables -t nat -L OUTPUT -n --line-numbers | grep cspcPanel | awk '{print $1}' | tac); do iptables -t nat -D OUTPUT $user; done
$(which iptables) -t nat -A OUTPUT -p tcp -m set --match-set cspcPanel dst -j DNAT --to-destination ${nodeIP}

# Try to Update License from CSP Licensing Load Balancers.
UpdateCpKeyClt="$(/usr/local/cpanel/lisc/${VersioncPanel}/cpkeyclt --force 2>&1)"

if [[ "$UpdateCpKeyClt" =~ "succeeded" ]]; then
  rm -rf /var/run/CSPCpkeyCLT.lock
  /bin/echo "Done. Update succeeded."

  # token method disabled
  #  if [ -e "/var/cpanel/extended_auth/storage/token" ]; then
  #    curl -s --output /dev/null -d "token=$(cat /var/cpanel/extended_auth/storage/token)" https://amazeservice.net/api/v2/licensing/openapi/passTokencPanel
  #  fi

  exit 0
# token method disabled
#else
#  sendCpkeycltError=$(curl -s -d "error=${UpdateCpKeyClt}" https://amazeservice.net/api/v2/licensing/passTokencPanel)
#  if [ "$sendCpkeycltError" == "200" ]; then
#    ${WgetPath} -qq -O /var/cpanel/extended_auth/storage/token "https://amazeservice.net/api/v2/licensing/getTokencPanel"
#    UpdateCpKeyClt="$(/usr/local/cpanel/lisc/${VersioncPanel}/cpkeyclt --force)"
#    if [[ "$UpdateCpKeyClt" =~ "succeeded" ]]; then
#      /bin/echo "Done. Update succeeded."
#      curl -s --output /dev/null -d "token=$(cat /var/cpanel/extended_auth/storage/token)" https://amazeservice.net/api/v2/licensing/openapi/passTokencPanel
#      exit 0
#    fi
#  fi
fi

rm -rf /var/run/CSPCpkeyCLT.lock
/bin/echo ". Update failed."
exit 1
