#! /bin/bash

# Copyright (C) 2011 GRNET S.A. 
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.

### BEGIN TASK INFO
# Provides:		DisableRemoteDesktopConnections
# RunBefore:            EnforcePersonality
# RunAfter:		MountImage
# Short-Description:	Temporary Disable Remote Desktop Connections
### END TASK INFO

#
# This task will change the value of `fDenyTSConnection' registry key located
# in `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\' to
# "true". This will disable RDP connections. The key will change back to
# "false" during the specialize pass of the Windows setup.
#

set -e
. "@commondir@/common.sh"

trap task_cleanup EXIT
report_task_start

# Check if the task should be prevented from running.
check_if_excluded

if [ ! -d "$SNF_IMAGE_TARGET" ]; then
    log_error "Target directory \`$SNF_IMAGE_TARGET' is missing"
fi

if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "windows" ]; then
    exit 0
fi

# Supress a specific reglookup warning messages. In Windows 2012, although the
# command works correct, it polluts the output with hundreds of warning
# messages about not being able to interprete registry key values.
RGLKP_WRNG="^WARN: While quoting value for '.\+', warning returned: Data could not be interpreted, quoting raw buffer."
hive="$SNF_IMAGE_TARGET/Windows/System32/config/SYSTEM"
current=$($REGLOOKUP "$hive" 2> >(grep -v "$RGLKP_WRNG" >&2) | grep ^/Select/Current | cut -d, -f3)

# Change the key value.
# For a stupid reason chntpw returns 2!
chntpw -e "$hive" <<EOF || { test $? -eq 2 && chntpw_ret="success"; }
cd ControlSet${current: -3}\Control\Terminal Server
ed fDenyTSConnections
1
q
y
EOF

if [ x"$chntpw_ret" != "xsuccess" ]; then
    log_error "$CHNTPW failed"
fi

exit 0

# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :