rclone/fstest/testserver/init.d/TestSMBKerberos

#!/usr/bin/env bash

set -e

IMAGE=rclone/test-smb-kerberos
NAME=smb-kerberos
USER=rclone
DOMAIN=RCLONE
REALM=RCLONE.LOCAL
SMB_PORT=28633
KRB5_PORT=28634

. $(dirname "$0")/docker.bash

start() {
    docker build -t ${IMAGE} - <<EOF
FROM alpine:3.21
RUN apk add --no-cache samba-dc
RUN rm -rf /etc/samba/smb.conf /var/lib/samba \
 && mkdir -p /var/lib/samba/private \
 && samba-tool domain provision \
    --use-rfc2307 \
    --option acl_xattr:security_acl_name=user.NTACL \
    --realm=$REALM \
    --domain=$DOMAIN \
    --server-role=dc \
    --dns-backend=SAMBA_INTERNAL \
    --host-name=localhost \
 && samba-tool user add --random-password $USER \
 && mkdir -m 777 /share /rclone \
 && cat <<EOS >> /etc/samba/smb.conf
[public]
path = /share
browseable = yes
read only = yes
guest ok = yes
[rclone]
path = /rclone
browseable = yes
read only = no
guest ok = no
valid users = rclone
EOS
CMD ["samba", "-i"]
EOF
 
    docker run --rm -d --name ${NAME} \
        -p 127.0.0.1:${SMB_PORT}:445 \
        -p 127.0.0.1:${SMB_PORT}:445/udp \
        -p 127.0.0.1:${KRB5_PORT}:88 \
        ${IMAGE}

    # KRB5_CONFIG and KRB5CCNAME are set by the caller
    cat > ${KRB5_CONFIG} <<EOF
[libdefaults]
    default_realm = ${REALM}
[realms]
${REALM} = {
    kdc = localhost
}
EOF
    docker cp ${KRB5_CONFIG} ${NAME}:/etc/krb5.conf
    docker exec ${NAME} samba-tool user get-kerberos-ticket rclone --output-krb5-ccache=/tmp/ccache
    docker cp ${NAME}:/tmp/ccache ${KRB5CCNAME}
    sed -i -e "s/localhost/localhost:${KRB5_PORT}/" ${KRB5_CONFIG}
    
    echo type=smb
    echo host=localhost
    echo port=$SMB_PORT
    echo use_kerberos=true
    echo _connect=127.0.0.1:${SMB_PORT}
}

. $(dirname "$0")/run.bash
smb: add support for kerberos authentication Fixes #7800 2025-01-14 09:59:11 +01:00			`#!/usr/bin/env bash`

			`set -e`

			`IMAGE=rclone/test-smb-kerberos`
			`NAME=smb-kerberos`
			`USER=rclone`
			`DOMAIN=RCLONE`
			`REALM=RCLONE.LOCAL`
			`SMB_PORT=28633`
			`KRB5_PORT=28634`

			`. $(dirname "$0")/docker.bash`

			`start() {`
			`docker build -t ${IMAGE} - <<EOF`
			`FROM alpine:3.21`
			`RUN apk add --no-cache samba-dc`
			`RUN rm -rf /etc/samba/smb.conf /var/lib/samba \`
			`&& mkdir -p /var/lib/samba/private \`
			`&& samba-tool domain provision \`
			`--use-rfc2307 \`
			`--option acl_xattr:security_acl_name=user.NTACL \`
			`--realm=$REALM \`
			`--domain=$DOMAIN \`
			`--server-role=dc \`
			`--dns-backend=SAMBA_INTERNAL \`
			`--host-name=localhost \`
			`&& samba-tool user add --random-password $USER \`
			`&& mkdir -m 777 /share /rclone \`
			`&& cat <<EOS >> /etc/samba/smb.conf`
			`[public]`
			`path = /share`
			`browseable = yes`
			`read only = yes`
			`guest ok = yes`
			`[rclone]`
			`path = /rclone`
			`browseable = yes`
			`read only = no`
			`guest ok = no`
			`valid users = rclone`
			`EOS`
			`CMD ["samba", "-i"]`
			`EOF`

			`docker run --rm -d --name ${NAME} \`
			`-p 127.0.0.1:${SMB_PORT}:445 \`
			`-p 127.0.0.1:${SMB_PORT}:445/udp \`
			`-p 127.0.0.1:${KRB5_PORT}:88 \`
			`${IMAGE}`

			`# KRB5_CONFIG and KRB5CCNAME are set by the caller`
			`cat > ${KRB5_CONFIG} <<EOF`
			`[libdefaults]`
			`default_realm = ${REALM}`
			`[realms]`
			`${REALM} = {`
			`kdc = localhost`
			`}`
			`EOF`
			`docker cp ${KRB5_CONFIG} ${NAME}:/etc/krb5.conf`
			`docker exec ${NAME} samba-tool user get-kerberos-ticket rclone --output-krb5-ccache=/tmp/ccache`
			`docker cp ${NAME}:/tmp/ccache ${KRB5CCNAME}`
			`sed -i -e "s/localhost/localhost:${KRB5_PORT}/" ${KRB5_CONFIG}`

			`echo type=smb`
			`echo host=localhost`
			`echo port=$SMB_PORT`
			`echo use_kerberos=true`
			`echo _connect=127.0.0.1:${SMB_PORT}`
			`}`

			`. $(dirname "$0")/run.bash`