#!/bin/bash
#
# Set Encryption Key/Cert define in rdp-enc-setup
# Run rdp-enc-setup first before this script
# CAUTION: Hard-coded file names between scripts!
#
if [ "$UID" -eq 0 ]
then echo "This script should NOT be run as root."
exit 1
fi
#
if [ $# -ne 1 ]; then
echo "Usage for $0 : VM Name required as argument."
exit 1
fi
#
# Virtual Machine Name
VB_VM_NAME=$1
#
VM_VB_CONFIG_DIR=/etc/vbox
VM_VB_CERT_DIR=$VM_VB_CONFIG_DIR/tls
if [ ! -d "$VM_VB_CERT_DIR" ]; then
echo "Error: Specified $VM_VB_CERT_DIR not found"
echo "Perhaps 520-rdp-enc.bash was NOT run?"
exit 1
fi
#
VM_VB_RDP_ENCRYPT_CA_KEY=$VM_VB_CERT_DIR/ca_key.pem
VM_VB_RDP_ENCRYPT_CA_CERT=$VM_VB_CERT_DIR/ca_crt.pem
VM_VB_RDP_SERVER_KEY=$VM_VB_CERT_DIR/sr_key.pem
VM_VB_RDP_SERVER_CERT=$VM_VB_CERT_DIR/sr_crt.pem
VM_VB_RDP_SERVER_SIGN_REQUEST=$VM_VB_CERT_DIR/sr_req.pem
#
file_not_found=0
if [ ! -f $VM_VB_RDP_ENCRYPT_CA_KEY ]; then
echo "Cannot find file: $VM_VB_RDP_ENCRYPT_CA_KEY"
let "file_not_found++"
fi
if [ ! -f $VM_VB_RDP_ENCRYPT_CA_CERT ]; then
echo "Cannot find file: $VM_VB_RDP_ENCRYPT_CA_CERT"
let "file_not_found++"
fi
if [ ! -f $VM_VB_RDP_SERVER_KEY ]; then
echo "Cannot find file: $VM_VB_RDP_SERVER_KEY"
let "file_not_found++"
fi
if [ ! -f $VM_VB_RDP_SERVER_CERT ]; then
echo "Cannot find file: $VM_VB_RDP_SERVER_CERT"
let "file_not_found++"
fi
if [ ! -f $VM_VB_RDP_SERVER_SIGN_REQUEST ]; then
echo "Cannot find file: $VM_VB_RDP_SERVER_SIGN_REQUEST"
let "file_not_found++"
fi
#
# Check if VM is powered-off
VM_POWERED_ON=`VBoxManage list runningvms|grep -c '^"'${VB_VM_NAME}'"'`
if [ $VM_POWERED_ON -eq 1 ]; then
echo "VM needs to be powered off or saved"
let "file_not_found++"
fi
#
if [ $file_not_found -ne 0 ]; then
exit 1
fi
#
# Setup security method as "negotiate".
# Alternatives are Standard RDP and Enhanced RDP (TLS)
VBoxManage modifyvm $VB_VM_NAME \
--vrdeproperty "Security/Method=negotiate"
VBoxManage modifyvm $VB_VM_NAME \
--vrdeproperty "Security/CACertificate=$VM_VB_RDP_ENCRYPT_CA_CERT"
VBoxManage modifyvm $VB_VM_NAME \
--vrdeproperty "Security/ServerCertificate=$VM_VB_RDP_SERVER_CERT"
VBoxManage modifyvm $VB_VM_NAME \
--vrdeproperty "Security/ServerPrivateKey=$VM_VB_RDP_SERVER_KEY"
#
VBoxManage showvminfo ${VB_VM_NAME}|grep Security
#
exit