#!/usr/bin/env bash

set -e

IMAGE=rclone/test-smb-kerberos
NAME=smb-kerberos
USER=rclone
DOMAIN=RCLONE
REALM=RCLONE.LOCAL
SMB_PORT=28633
KRB5_PORT=28634

. $(dirname "$0")/docker.bash

start() {
    docker build -t ${IMAGE} - <<EOF
FROM alpine:3.21
RUN apk add --no-cache samba-dc
RUN rm -rf /etc/samba/smb.conf /var/lib/samba \
 && mkdir -p /var/lib/samba/private \
 && samba-tool domain provision \
    --use-rfc2307 \
    --option acl_xattr:security_acl_name=user.NTACL \
    --realm=$REALM \
    --domain=$DOMAIN \
    --server-role=dc \
    --dns-backend=SAMBA_INTERNAL \
    --host-name=localhost \
 && samba-tool user add --random-password $USER \
 && mkdir -m 777 /share /rclone \
 && cat <<EOS >> /etc/samba/smb.conf
[public]
path = /share
browseable = yes
read only = yes
guest ok = yes
[rclone]
path = /rclone
browseable = yes
read only = no
guest ok = no
valid users = rclone
EOS
CMD ["samba", "-i"]
EOF
 
    docker run --rm -d --name ${NAME} \
        -p 127.0.0.1:${SMB_PORT}:445 \
        -p 127.0.0.1:${SMB_PORT}:445/udp \
        -p 127.0.0.1:${KRB5_PORT}:88 \
        ${IMAGE}

    # KRB5_CONFIG and KRB5CCNAME are set by the caller
    cat > ${KRB5_CONFIG} <<EOF
[libdefaults]
    default_realm = ${REALM}
[realms]
${REALM} = {
    kdc = localhost
}
EOF
    docker cp ${KRB5_CONFIG} ${NAME}:/etc/krb5.conf
    docker exec ${NAME} samba-tool user get-kerberos-ticket rclone --output-krb5-ccache=/tmp/ccache
    docker cp ${NAME}:/tmp/ccache ${KRB5CCNAME}
    sed -i -e "s/localhost/localhost:${KRB5_PORT}/" ${KRB5_CONFIG}
    
    echo type=smb
    echo host=localhost
    echo port=$SMB_PORT
    echo use_kerberos=true
    echo _connect=127.0.0.1:${SMB_PORT}
}

. $(dirname "$0")/run.bash
