#!/bin/bash
set -e

CONTAINER="mariadb-cve-2026-32710"
IMAGE="cve-2026-32710-lab"

echo "[*] Building lab image..."
docker build -t "$IMAGE" .

echo "[*] Stopping any existing container..."
docker rm -f "$CONTAINER" 2>/dev/null || true

echo "[*] Starting MariaDB 11.4.9 container..."
docker run -d \
    --name "$CONTAINER" \
    --cap-add SYS_PTRACE \
    --security-opt seccomp=unconfined \
    -p 3306:3306 \
    "$IMAGE"

echo "[*] Disabling ASLR inside container..."
docker exec "$CONTAINER" bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space' 2>/dev/null || \
    echo "    (ASLR disable requires host-level: echo 0 > /proc/sys/kernel/randomize_va_space)"

echo "[*] Waiting for MariaDB to be ready..."
for i in $(seq 1 30); do
    if docker exec "$CONTAINER" mariadb -uroot -praptor -e "SELECT 1" &>/dev/null; then
        break
    fi
    sleep 1
done

echo "[*] Verifying lowpriv user..."
docker exec "$CONTAINER" mariadb -uroot -praptor -e "SHOW GRANTS FOR 'lowpriv'@'%'"

echo "[*] Verifying UDF .so..."
docker exec "$CONTAINER" ls -la /tmp/raptor_udf.so
docker exec "$CONTAINER" ls -la /usr/lib/mysql/plugin/ | head -3

echo ""
echo "[+] Lab ready. Container: $CONTAINER"
echo "[+] TCP:     mysql -ulowpriv -plowpriv -h 127.0.0.1 test"
echo "[+] Root:    docker exec -it $CONTAINER mariadb -uroot -praptor"
echo "[+] Lowpriv: docker exec -it $CONTAINER mariadb -ulowpriv -plowpriv test"
echo ""
echo "[!] For the exploit, ASLR must be disabled on the Docker HOST:"
echo "    sudo sh -c 'echo 0 > /proc/sys/kernel/randomize_va_space'"