fumiyas/samba-rootless-container-entrypoint.bash

## samba-rootless-container-entrypoint.bash
#!/bin/bash

set -u
if [ -t 0 ] || [ -n "${C_ENTRYPOINT_DEBUG-}" ]; then
  PS4="$0: DEBUG: \$LINENO: "
  set -x
fi

sv_usage() {
  echo "Usage: $0 <start|exec ...|help>"
}

sv_init() {
  local dir
  for dir in "$SAMBA_SYSCONF_DIR" "$SAMBA_DATA_DIR" "$SAMBA_CACHE_DIR"; do
    backup "$dir" || return $?
    rm_in_dir "$dir" || return $?
  done

  if [ -z "$SAMBA_ADMIN_PASSWORD_SET" ]; then
    ## Save generated admin password
    mkdir -m 0077 "$SAMBA_SYSCONF_DIR/private" || return $?
    echo "$SAMBA_ADMIN_PASSWORD" >"$SAMBA_SYSCONF_DIR/private/admin.password"
  fi

  if [ -n "$SAMBA_IDMAP_RANGE" ]; then
    local range_lower="${SAMBA_IDMAP_RANGE%%[!0-9]*}"
    local range_upper="${SAMBA_IDMAP_RANGE##*[!0-9]}"
    local idmap_init_ldif="$SAMBA_SETUP_DIR/idmap_init.ldif"
    if [ ! -f "$idmap_init_ldif.dist" ]; then
      cp -p \
        "$idmap_init_ldif" \
        "$idmap_init_ldif.dist" \
      || return $? \
      ;
      {
        sed \
          "s/^\(lowerBound:\) .*/\1 $range_lower/" \
          "s/^\(upperBound:\) .*/\1 $range_upper/" \
          "$idmap_init_ldif.dist" \
        ;
        echo
        cat <<-EOF
        dn: CN=S-1-5-32-544
        cn: S-1-5-32-544
        objectClass: sidMap
        objectSid: S-1-5-32-544
        type: ID_TYPE_BOTH
        xidNumber: $range_lower
        distinguishedName: CN=S-1-5-32-544
        EOF
      } \
      >"$idmap_init_ldif" \
      ;
    fi
  fi

  samba-tool domain provision \
    --adminpass="$SAMBA_ADMIN_PASSWORD" \
    --server-role="dc" \
    --host-name="$SAMBA_HOSTNAME" \
    --realm="$SAMBA_REALM" \
    --domain="$SAMBA_DOMAIN" \
    --use-rfc2307 \
    --dns-backend="SAMBA_INTERNAL" \
    --option="dns forwarder=$SAMBA_DNS_FORWARDER" \
    ${SAMBA_IDMAP_RANGE:+--option="idmap config *:range = $SAMBA_IDMAP_RANGE"} \
    ${SAMBA_IDMAP_RANGE:+--option="vfs objects = dfs_samba4 acl_xattr xattr_tdb"} \
  || return $? \
  ;
  ## FIXME: Remove `vfs objects = ...`
}

sv_start() {
  samba --interactive "$@"
}

## Remove all files in a directory
rm_in_dir() {
  local dir="$1"; shift
  [ -d "$dir" ] || return 0
  find "$dir/." ! -name . -maxdepth 1 -exec rm -r {} +
}

backup() {
  [ -f "$1" ] || return 0
  mkdir -p "$C_BACKUP_DIR" || return $?

  local src
  for src in "$@"; do
    (
      cd / || exit $?
      tar -c -f - ".$src" |tar -x -f - -C "$C_BACKUP_DIR"
    ) \
    || return $? \
    ;
  done
}

env_export() {
  export $(
    set \
    |sed -n \
      -e 's/^\(C_[_A-Z0-9]*\)=.*/\1/p' \
      -e 's/^\(SAMBA_[_A-Z0-9]*\)=.*/\1/p' \
    ;
  )
}

env_init() {
  C_ENTRYPOINT="$0"
  C_PREFIX="/srv/container"
  C_SYSCONF_DIR="$C_PREFIX/etc"
  C_BACKUP_DIR="$C_PREFIX/backup/$(date +%Y%m%d%H%M%S)"

  SAMBA_PREFIX="/srv/samba"
  SAMBA_SYSCONF_DIR="$SAMBA_PREFIX/etc"
  SAMBA_DATA_DIR="$SAMBA_PREFIX/data"
  SAMBA_CACHE_DIR="$SAMBA_PREFIX/cache"
  SAMBA_SETUP_DIR="/usr/share/samba/setup"

  : "${SAMBA_HOSTNAME=$(uname -n |sed 's/\..*//')}"
  SAMBA_REALM="$(echo "${SAMBA_REALM-EXAMPLE.LAN}" |tr a-z A-Z)"
  SAMBA_DOMAIN="$(echo "${SAMBA_DOMAIN-${SAMBA_REALM%%.*}}" |tr a-z A-Z)"
  SAMBA_ADMIN_PASSWORD_SET="${SAMBA_ADMIN_PASSWORD+set}"
  ## FIXME: Password must have alphabet in uppercase and lowercase, numeric characters
  : "${SAMBA_ADMIN_PASSWORD=Aa0$(tr -dc A-Za-z0-9 </dev/urandom |head -c 12)}"
  : "${SAMBA_DNS_FORWARDER=}"
  : "${SAMBA_IDMAP_RANGE=}"
}

main() {
  env_init
  C_ENTRYPOINT_CMD="${1-start}"; ${1+shift}
  env_export

  for cmd in "$C_SYSCONF_DIR/entrypoint.pre.d/$C_ENTRYPOINT_CMD"/*; do
    [ -f "$cmd" -a -x "$cmd" ] || continue
    "$cmd" "$@"
    env_export
  done

  case "$C_ENTRYPOINT_CMD" in
  init)
    sv_init
    ;;
  start)
    if [ ! -s "$SAMBA_DATA_DIR/private/secrets.tdb" ]; then
      sv_init || return $?
    fi
    sv_start "$@"
    ;;
  exec)
    "$@"
    ;;
  *)
    sv_usage "$@"
    ;;
  esac
  rc="$?"
  env_export

  for cmd in "$C_SYSCONF_DIR/entrypoint.post.d/$C_ENTRYPOINT_CMD"/*; do
    [ -f "$cmd" -a -x "$cmd" ] || continue
    "$cmd" "$@"
    env_export
  done

  return "$rc"
}

main "$@"
exit "$?"
	#!/bin/bash

	set -u
	if [ -t 0 ] \|\| [ -n "${C_ENTRYPOINT_DEBUG-}" ]; then
	PS4="$0: DEBUG: \$LINENO: "
	set -x
	fi

	sv_usage() {
	echo "Usage: $0 <start\|exec ...\|help>"
	}

	sv_init() {
	local dir
	for dir in "$SAMBA_SYSCONF_DIR" "$SAMBA_DATA_DIR" "$SAMBA_CACHE_DIR"; do
	backup "$dir" \|\| return $?
	rm_in_dir "$dir" \|\| return $?
	done

	if [ -z "$SAMBA_ADMIN_PASSWORD_SET" ]; then
	## Save generated admin password
	mkdir -m 0077 "$SAMBA_SYSCONF_DIR/private" \|\| return $?
	echo "$SAMBA_ADMIN_PASSWORD" >"$SAMBA_SYSCONF_DIR/private/admin.password"
	fi

	if [ -n "$SAMBA_IDMAP_RANGE" ]; then
	local range_lower="${SAMBA_IDMAP_RANGE%%[!0-9]*}"
	local range_upper="${SAMBA_IDMAP_RANGE##*[!0-9]}"
	local idmap_init_ldif="$SAMBA_SETUP_DIR/idmap_init.ldif"
	if [ ! -f "$idmap_init_ldif.dist" ]; then
	cp -p \
	"$idmap_init_ldif" \
	"$idmap_init_ldif.dist" \
	\|\| return $? \
	;
	{
	sed \
	"s/^\(lowerBound:\) .*/\1 $range_lower/" \
	"s/^\(upperBound:\) .*/\1 $range_upper/" \
	"$idmap_init_ldif.dist" \
	;
	echo
	cat <<-EOF
	dn: CN=S-1-5-32-544
	cn: S-1-5-32-544
	objectClass: sidMap
	objectSid: S-1-5-32-544
	type: ID_TYPE_BOTH
	xidNumber: $range_lower
	distinguishedName: CN=S-1-5-32-544
	EOF
	} \
	>"$idmap_init_ldif" \
	;
	fi
	fi

	samba-tool domain provision \
	--adminpass="$SAMBA_ADMIN_PASSWORD" \
	--server-role="dc" \
	--host-name="$SAMBA_HOSTNAME" \
	--realm="$SAMBA_REALM" \
	--domain="$SAMBA_DOMAIN" \
	--use-rfc2307 \
	--dns-backend="SAMBA_INTERNAL" \
	--option="dns forwarder=$SAMBA_DNS_FORWARDER" \
	${SAMBA_IDMAP_RANGE:+--option="idmap config *:range = $SAMBA_IDMAP_RANGE"} \
	${SAMBA_IDMAP_RANGE:+--option="vfs objects = dfs_samba4 acl_xattr xattr_tdb"} \
	\|\| return $? \
	;
	## FIXME: Remove `vfs objects = ...`
	}

	sv_start() {
	samba --interactive "$@"
	}

	## Remove all files in a directory
	rm_in_dir() {
	local dir="$1"; shift
	[ -d "$dir" ] \|\| return 0
	find "$dir/." ! -name . -maxdepth 1 -exec rm -r {} +
	}

	backup() {
	[ -f "$1" ] \|\| return 0
	mkdir -p "$C_BACKUP_DIR" \|\| return $?

	local src
	for src in "$@"; do
	(
	cd / \|\| exit $?
	tar -c -f - ".$src" \|tar -x -f - -C "$C_BACKUP_DIR"
	) \
	\|\| return $? \
	;
	done
	}

	env_export() {
	export $(
	set \
	\|sed -n \
	-e 's/^\(C_[_A-Z0-9]\)=./\1/p' \
	-e 's/^\(SAMBA_[_A-Z0-9]\)=./\1/p' \
	;
	)
	}

	env_init() {
	C_ENTRYPOINT="$0"
	C_PREFIX="/srv/container"
	C_SYSCONF_DIR="$C_PREFIX/etc"
	C_BACKUP_DIR="$C_PREFIX/backup/$(date +%Y%m%d%H%M%S)"

	SAMBA_PREFIX="/srv/samba"
	SAMBA_SYSCONF_DIR="$SAMBA_PREFIX/etc"
	SAMBA_DATA_DIR="$SAMBA_PREFIX/data"
	SAMBA_CACHE_DIR="$SAMBA_PREFIX/cache"
	SAMBA_SETUP_DIR="/usr/share/samba/setup"

	: "${SAMBA_HOSTNAME=$(uname -n \|sed 's/\..*//')}"
	SAMBA_REALM="$(echo "${SAMBA_REALM-EXAMPLE.LAN}" \|tr a-z A-Z)"
	SAMBA_DOMAIN="$(echo "${SAMBA_DOMAIN-${SAMBA_REALM%%.*}}" \|tr a-z A-Z)"
	SAMBA_ADMIN_PASSWORD_SET="${SAMBA_ADMIN_PASSWORD+set}"
	## FIXME: Password must have alphabet in uppercase and lowercase, numeric characters
	: "${SAMBA_ADMIN_PASSWORD=Aa0$(tr -dc A-Za-z0-9 </dev/urandom \|head -c 12)}"
	: "${SAMBA_DNS_FORWARDER=}"
	: "${SAMBA_IDMAP_RANGE=}"
	}

	main() {
	env_init
	C_ENTRYPOINT_CMD="${1-start}"; ${1+shift}
	env_export

	for cmd in "$C_SYSCONF_DIR/entrypoint.pre.d/$C_ENTRYPOINT_CMD"/*; do
	[ -f "$cmd" -a -x "$cmd" ] \|\| continue
	"$cmd" "$@"
	env_export
	done

	case "$C_ENTRYPOINT_CMD" in
	init)
	sv_init
	;;
	start)
	if [ ! -s "$SAMBA_DATA_DIR/private/secrets.tdb" ]; then
	sv_init \|\| return $?
	fi
	sv_start "$@"
	;;
	exec)
	"$@"
	;;
	*)
	sv_usage "$@"
	;;
	esac
	rc="$?"
	env_export

	for cmd in "$C_SYSCONF_DIR/entrypoint.post.d/$C_ENTRYPOINT_CMD"/*; do
	[ -f "$cmd" -a -x "$cmd" ] \|\| continue
	"$cmd" "$@"
	env_export
	done

	return "$rc"
	}

	main "$@"
	exit "$?"
No results found