Disable RDP connection during windows setup

ec728294 · Nikos Skalkotos · cb489189 · ec728294 · ec728294 · ec728294
Commit ec728294 authored Nov 15, 2011 by Nikos Skalkotos
--- a/snf-image-helper/ChangeLog
+++ b/snf-image-helper/ChangeLog
 2011-11-11, v0.2
 	* Add support for Image Properties
-	* Add new FixPartitionTable hook
+	* Add new FixPartitionTable task
+	* Add new task that disables RDP connections during windows setup

 2011-10-20, v0.1.2


--- a/snf-image-helper/common.sh
+++ b/snf-image-helper/common.sh
@@ -37,6 +37,8 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
 XMLSTARLET=xmlstarlet
 RESIZE2FS=resize2fs
 PARTED=parted
+REGLOOKUP=reglookup
+CHNTPW=chntpw

 CLEANUP=( )


--- a/snf-image-helper/configure.ac
+++ b/snf-image-helper/configure.ac
@@ -28,6 +28,16 @@ if test -z "$PARTED" ; then
  AC_MSG_ERROR([parted not found in $PATH])
 fi

+AC_PATH_PROG(REGLOOKUP, [reglookup], [], [$PATH:/usr/sbin:/sbin])
+if test -z "$REGLOOKUP" ; then
+  AC_MSG_ERROR([reglookup not found in $PATH])
+fi
+
+AC_PATH_PROG(CHNTPW, [chntpw], [], [$PATH:/usr/sbin:/sbin])
+if test -z "$CHNTPW" ; then
+  AC_MSG_ERROR([chntpw not found in $PATH])
+fi
+
 AC_CONFIG_FILES([
    Makefile
    tasks/Makefile

--- a/snf-image-helper/tasks/40DisableRemoteDesktopConnections.in
+++ b/snf-image-helper/tasks/40DisableRemoteDesktopConnections.in
+#! /bin/bash
+
+### BEGIN TASK INFO
+# Provides:		DisableRemoteDesktopConnections
+# RunBefore:            UmountImage
+# RunAfter:		MountImage
+# Short-Description:	Temporary Disable Remote Desktop Connections
+### END TASK INFO
+
+#
+# This task will change the value of `fDenyTSConnection' registry key located in
+# `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\' to
+# "true". This will disable RDP connections. The key will change back to "false"
+# during the specialize pass of the Windows setup.
+#
+
+set -e
+. "@commondir@/common.sh"
+
+if [ ! -d "$SNF_IMAGE_TARGET" ]; then
+    log_error "Target directory \`$SNF_IMAGE_TARGET' is missing"
+fi
+
+if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "windows" ]; then
+    exit 0
+fi
+
+hive="$SNF_IMAGE_TARGET/Windows/System32/config/SYSTEM"
+current=$($REGLOOKUP "$hive" | grep ^/Select/Current | cut -d, -f3)
+
+# Change the key value.
+# For a stupid reason chntpw returns 2!
+chntpw -e "$hive" <<EOF || { test $? -eq 2 && chntpw_ret="success"; }
+cd ControlSet${current: -3}\Control\Terminal Server
+ed fDenyTSConnections
+1
+q
+y
+EOF
+
+if [ x"$chntpw_ret" != "xsuccess" ]; then
+    log_error "$CHNTPW failed"
+fi
+
+exit 0
+
+# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :
--- a/snf-image-helper/tasks/Makefile.am
+++ b/snf-image-helper/tasks/Makefile.am
@@ -6,6 +6,7 @@ dist_tasks_SCRIPTS = \
 		30MountImage \
 		40AddDeleteUnattendScript \
 		40DeleteSSHKeys \
+		40DisableRemoteDesktopConnections \
 		40InstallUnattend \
 		40FilesystemResizeMounted \
 		40SELinuxAutorelabel \
@@ -29,17 +30,5 @@ edit = sed \
 		   $(edit) $${srcdir}$@.in >$@.tmp
 	mv $@.tmp $@

-CLEANFILES =  \
-		10FixPartitionTable \
-		20FilesystemResizeUnmounted \
-		30MountImage \
-		40AddDeleteUnattendScript \
-		40DeleteSSHKeys \
-		40InstallUnattend \
-		40FilesystemResizeMounted \
-		40SELinuxAutorelabel \
-		50AssignHostname \
-		50EnforcePersonality \
-		50ChangePassword \
-		80UmountImage
+CLEANFILES = $(dist_tasks_SCRIPTS)

--- a/snf-image-helper/unattend.xml
+++ b/snf-image-helper/unattend.xml
@@ -21,6 +21,11 @@
                    <Order>1</Order>
                    <Path>diskpart.exe /s C:\Windows\SnfScripts\ExtendFilesystem</Path>
                </RunSynchronousCommand>
+                <RunSynchronousCommand wcm:action="add">
+                    <Description>Enable RDP</Description>
+                    <Order>2</Order>
+                    <Path>cmd /C reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</Path>
+                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>

--- a/snf-image-host/common.sh.in
+++ b/snf-image-host/common.sh.in
@@ -293,7 +293,7 @@ fi
 : ${HELPER_HARD_TIMEOUT:=5}
 : ${HELPER_USER:="nobody"}
 : ${HELPER_CACHE_FILE:="@HELPER_DIR@/cache.tar"}
-: ${HELPER_EXTRA_PKGS:="linux-image-amd64,e2fsprogs,ntfs-3g,ntfsprogs,xmlstarlet,python,parted"}
+: ${HELPER_EXTRA_PKGS:="linux-image-amd64,e2fsprogs,ntfs-3g,ntfsprogs,xmlstarlet,python,parted,reglookup,chntpw"}
 : ${HELPER_MIRROR:=""}



--- a/snf-image-host/defaults
+++ b/snf-image-host/defaults
@@ -51,7 +51,7 @@

 # HELPER_EXTRA_PKGS: Extra packages that will need to be supplied
 # to debootstrap to make the resulting helper image workable
-# HELPER_EXTRA_PKGS="linux-image-amd64,e2fsprogs,ntfs-3g,ntfsprogs,xmlstarlet,python,parted"
+# HELPER_EXTRA_PKGS="linux-image-amd64,e2fsprogs,ntfs-3g,ntfsprogs,xmlstarlet,python,parted,reglookup,chntpw"

 # HELPER_MIRROR: Debian mirror to use with debootstrap. Using a mirror close to
 # you will speed up the whole debootstraping process. By default we do not