From 92dd9a8e7e77775ee43559d85b36235bdd3504c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?= Date: Sun, 7 Nov 2021 22:02:39 +0100 Subject: [PATCH] Added Samba, BusyBox and a bind shell service --- Dockerfile.m4 | 57 +++++++++++++++++++++++++++--- README.md | 1 + config/samba/smb.conf | 17 +++++++++ data/iso/reactos/3rdParty/.gitkeep | 0 data/iso/reactos/unattend.bat | 20 ++++++++++- scripts/bin/vmshell | 12 +++++++ scripts/service/qemu/run | 2 +- scripts/service/smbd/run | 7 ++++ 8 files changed, 110 insertions(+), 6 deletions(-) create mode 100644 config/samba/smb.conf create mode 100644 data/iso/reactos/3rdParty/.gitkeep create mode 100755 scripts/bin/vmshell create mode 100755 scripts/service/smbd/run diff --git a/Dockerfile.m4 b/Dockerfile.m4 index 7532f41..27420ee 100644 --- a/Dockerfile.m4 +++ b/Dockerfile.m4 @@ -34,6 +34,24 @@ RUN curl -Lo /tmp/websockify.tgz "${WEBSOCKIFY_TARBALL_URL:?}" RUN printf '%s' "${WEBSOCKIFY_TARBALL_CHECKSUM:?} /tmp/websockify.tgz" | sha256sum -c RUN mkdir /tmp/websockify/ && tar -xzf /tmp/websockify.tgz --strip-components=1 -C /tmp/websockify/ +# Download Samba for ReactOS +ARG SAMBA_EXE_URL=https://svn.reactos.org/packages/samba-for-ReactOSv1.3.exe +ARG SAMBA_EXE_CHECKSUM=c3f55cd7a4069cd682cbdca3954c425f6657e3a1aba786e3d1559448e9f849a3 +RUN curl -Lo /tmp/samba.exe "${SAMBA_EXE_URL:?}" +RUN printf '%s' "${SAMBA_EXE_CHECKSUM:?} /tmp/samba.exe" | sha256sum -c + +# Download BusyBox for Windows +ARG BUSYBOX_EXE_URL=https://frippery.org/files/busybox/busybox-w32-FRP-4487-gd239d2d52.exe +ARG BUSYBOX_EXE_CHECKSUM=35e2b0db6d57a045188b9afc617aae52a6c8e2aa0205256c049f3537a48f879b +RUN curl -Lo /tmp/busybox.exe "${BUSYBOX_EXE_URL:?}" +RUN printf '%s' "${BUSYBOX_EXE_CHECKSUM:?} /tmp/busybox.exe" | sha256sum -c + +# Download ncat for Windows +ARG NCAT_ZIP_URL=https://nmap.org/dist/ncat-portable-5.59BETA1.zip +ARG NCAT_ZIP_CHECKSUM=9cdc2e688410f4563af7002d8dfa3f8a5710f15f6d409be2cab4e87890c91d1c +RUN curl -Lo /tmp/ncat.zip "${NCAT_ZIP_URL:?}" +RUN printf '%s' "${NCAT_ZIP_CHECKSUM:?} /tmp/ncat.zip" | sha256sum -c + # Download ReactOS ISO ARG REACTOS_ISO_URL=https://downloads.sourceforge.net/project/reactos/ReactOS/0.4.14/ReactOS-0.4.14-RC-117-g5e81087-iso.zip ARG REACTOS_ISO_CHECKSUM=ec2776422ed45f8ee7488030eadd7ea40b4276cee04c5e5e5a3f1a5a68c978a7 @@ -43,8 +61,11 @@ RUN 7z e /tmp/reactos.zip -so '*.iso' > /tmp/reactos.iso \ && 7z x /tmp/reactos.iso -o/tmp/reactos/ \ && rm -f /tmp/reactos.iso COPY --chown=root:root ./data/iso/ /tmp/reactos/ +RUN cp /tmp/samba.exe /tmp/reactos/reactos/3rdParty/samba.exe +RUN cp /tmp/busybox.exe /tmp/reactos/reactos/3rdParty/busybox.exe +RUN 7z e /tmp/ncat.zip -so '**/*.exe' > /tmp/reactos/reactos/3rdParty/ncat.exe RUN mkisofs -no-emul-boot -iso-level 4 -eltorito-boot loader/isoboot.bin -o /tmp/reactos.iso /tmp/reactos/ \ - && qemu-img create -f qcow2 /tmp/reactos.qcow2 124G \ + && qemu-img create -f qcow2 /tmp/reactos.qcow2 128G \ && timeout 900 qemu-system-x86_64 \ -accel tcg -smp 2 -m 512 -serial stdio -display none \ -drive file=/tmp/reactos.qcow2,index=0,media=disk,format=qcow2 \ @@ -53,10 +74,10 @@ RUN mkisofs -no-emul-boot -iso-level 4 -eltorito-boot loader/isoboot.bin -o /tmp -netdev user,id=n0 -device e1000,netdev=n0 ################################################## -## "main" stage +## "base" stage ################################################## -m4_ifdef([[CROSS_ARCH]], [[FROM docker.io/CROSS_ARCH/ubuntu:20.04]], [[FROM docker.io/ubuntu:20.04]]) AS main +m4_ifdef([[CROSS_ARCH]], [[FROM docker.io/CROSS_ARCH/ubuntu:20.04]], [[FROM docker.io/ubuntu:20.04]]) AS base m4_ifdef([[CROSS_QEMU]], [[COPY --from=docker.io/hectormolinero/qemu-user-static:latest CROSS_QEMU CROSS_QEMU]]) # Install system packages @@ -70,7 +91,9 @@ RUN export DEBIAN_FRONTEND=noninteractive \ qemu-kvm \ qemu-system-x86 \ qemu-utils \ + rlwrap \ runit \ + samba \ tini \ && rm -rf /var/lib/apt/lists/* @@ -78,7 +101,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ ENV VM_CPU=2 ENV VM_RAM=1024M ENV VM_KEYBOARD=en-us -ENV VM_NET_OPTIONS=hostfwd=tcp::13389-:3389,hostfwd=tcp::15900-:5900 +ENV VM_NET_OPTIONS= ENV VM_KVM=true ENV SVDIR=/etc/service/ @@ -91,6 +114,11 @@ COPY --from=build --chown=root:root /tmp/websockify/ /opt/novnc/utils/websockify # Copy ReactOS disk COPY --from=build --chown=root:root /tmp/reactos.qcow2 /var/lib/qemu/reactos.qcow2 +# Copy Samba config +COPY --chown=root:root ./config/samba/ /etc/samba/ +RUN find /etc/samba/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';' +RUN find /etc/samba/ -type f -not -perm 0644 -exec chmod 0644 '{}' ';' + # Copy services COPY --chown=root:root ./scripts/service/ /etc/service/ RUN find /etc/service/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';' @@ -102,3 +130,24 @@ RUN find /usr/local/bin/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';' RUN find /usr/local/bin/ -type f -not -perm 0755 -exec chmod 0755 '{}' ';' ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/container-init"] + +################################################## +## "test" stage +################################################## + +FROM base AS test + +RUN container-init & \ + printf '%s\n' \ + 'systeminfo' \ + 'smbclient -c "ls;quit" //10.0.2.254/share noop' \ + 'exit' | timeout 900 vmshell || exit 1 + +################################################## +## "main" stage +################################################## + +FROM base AS main + +# Dummy instruction so BuildKit does not skip the test stage +RUN --mount=type=bind,from=test,source=/mnt/,target=/mnt/ diff --git a/README.md b/README.md index bb0ed6f..975423d 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ docker run --detach \ > The instance can be accessed from: > * VNC (5900/TCP): any VNC client, without credentials. > * noVNC (6080/TCP): http://127.0.0.1:6080/vnc.html +> * Shell: `docker exec -it qemu-reactos vmshell` ## Environment variables #### `VM_CPU` diff --git a/config/samba/smb.conf b/config/samba/smb.conf new file mode 100644 index 0000000..4e2c5c1 --- /dev/null +++ b/config/samba/smb.conf @@ -0,0 +1,17 @@ +[global] + server role = standalone server + interfaces = 127.0.0.1 + bind interfaces only = yes + server min protocol = NT1 + workgroup = WORKGROUP + security = user + map to guest = Bad User + disable netbios = yes + disable spoolss = yes + usershare max shares = 0 + +[share] + path = /mnt/ + read only = no + guest ok = yes + force user = root diff --git a/data/iso/reactos/3rdParty/.gitkeep b/data/iso/reactos/3rdParty/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/data/iso/reactos/unattend.bat b/data/iso/reactos/unattend.bat index dd8a93d..b5a23bb 100644 --- a/data/iso/reactos/unattend.bat +++ b/data/iso/reactos/unattend.bat @@ -1,3 +1,21 @@ @echo off -%SystemRoot%\system32\shutdown.exe /s /t 5 +:: Install Samba +copy "D:\reactos\3rdParty\samba.exe" "%SystemRoot%\bin\samba.exe" +"%SystemRoot%\bin\samba.exe" -s + +:: Install BusyBox +copy "D:\reactos\3rdParty\busybox.exe" "%SystemRoot%\bin\busybox.exe" + +:: Install bind shell service +copy "D:\reactos\3rdParty\ncat.exe" "%SystemRoot%\bin\ncat.exe" +sc create "BindShell" ^ + DisplayName= "Bind shell" ^ + BinPath= "ncat.exe -l -k -n -e \"cmd.exe /c (cmd.exe 2^>^&1)\" 51" ^ + Error= "ignore" ^ + Start= "auto" + +:: Set UTF-8 encoding in CMD +reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v AutoRun /t REG_EXPAND_SZ /d "CHCP 65001" /f + +"%SystemRoot%\system32\shutdown.exe" /s /t 5 diff --git a/scripts/bin/vmshell b/scripts/bin/vmshell new file mode 100755 index 0000000..6b94c09 --- /dev/null +++ b/scripts/bin/vmshell @@ -0,0 +1,12 @@ +#!/bin/sh + +set -eu + +# Wait until bind shell is available +until printf 'exit\n' | nc 127.0.0.1 5151 >/dev/null 2>&1; do sleep 1; done + +if [ -t 0 ] || [ -t 1 ]; then + exec rlwrap nc 127.0.0.1 5151 +else + exec nc 127.0.0.1 5151 +fi diff --git a/scripts/service/qemu/run b/scripts/service/qemu/run index 71dcdcd..e0ff811 100755 --- a/scripts/service/qemu/run +++ b/scripts/service/qemu/run @@ -6,7 +6,7 @@ set -- set -- "$@" -smp "${VM_CPU:?}" -m "${VM_RAM:?}" set -- "$@" -serial stdio -monitor unix:/run/qemu-monitor,server,nowait -device VGA -display vnc=:0 set -- "$@" -drive file=/var/lib/qemu/reactos.qcow2,index=0,media=disk,format=qcow2 -set -- "$@" -netdev user,id=n0,"${VM_NET_OPTIONS?}" +set -- "$@" -netdev user,id=n0,guestfwd=tcp:10.0.2.254:445-cmd:'nc 127.0.0.1 445',hostfwd=tcp::5151-:51,"${VM_NET_OPTIONS?}" set -- "$@" -device e1000,netdev=n0 set -- "$@" -usb -device usb-tablet set -- "$@" -k "${VM_KEYBOARD:?}" diff --git a/scripts/service/smbd/run b/scripts/service/smbd/run new file mode 100755 index 0000000..7040808 --- /dev/null +++ b/scripts/service/smbd/run @@ -0,0 +1,7 @@ +#!/bin/sh + +set -eu + +cd /run/samba/ +exec 2>&1 +exec /usr/sbin/smbd --foreground --log-stdout --debuglevel=3