FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
    openssh-server \
    samba \
    net-tools \
    iproute2 \
    iputils-ping \
    python3 \
    curl \
    && rm -rf /var/lib/apt/lists/*

# ── SSH con credenciales débiles (el reto es encontrarlas) ──
RUN mkdir -p /var/run/sshd
RUN useradd -m -s /bin/bash sysadmin && echo 'sysadmin:sysadmin123' | chpasswd
RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config

# ── Samba con null session habilitado ──
# Comparte un directorio con información sensible
RUN mkdir -p /srv/shares/public
RUN chmod 777 /srv/shares/public

# Nota con info de la red interna
RUN echo "[CORP INTERNAL NETWORK]" > /srv/shares/public/network_info.txt && \
    echo "Internal subnet: 172.21.20.0/24" >> /srv/shares/public/network_info.txt && \
    echo "Web server: 172.21.20.15 (HTTP:80, SSH:22)" >> /srv/shares/public/network_info.txt && \
    echo "Web admin user: webadmin" >> /srv/shares/public/network_info.txt

RUN echo "[global]" > /etc/samba/smb.conf && \
    echo "   workgroup = CORP" >> /etc/samba/smb.conf && \
    echo "   server string = Corp File Server" >> /etc/samba/smb.conf && \
    echo "   security = user" >> /etc/samba/smb.conf && \
    echo "   map to guest = Bad User" >> /etc/samba/smb.conf && \
    echo "   dns proxy = no" >> /etc/samba/smb.conf && \
    echo "" >> /etc/samba/smb.conf && \
    echo "[public]" >> /etc/samba/smb.conf && \
    echo "   path = /srv/shares/public" >> /etc/samba/smb.conf && \
    echo "   guest ok = yes" >> /etc/samba/smb.conf && \
    echo "   read only = yes" >> /etc/samba/smb.conf && \
    echo "   browseable = yes" >> /etc/samba/smb.conf

COPY start.sh /start.sh
RUN chmod +x /start.sh

EXPOSE 22 139 445

CMD ["/start.sh"]
