From 8a8f4e554a6cf68a96402aebbe3013eac50f2b64 Mon Sep 17 00:00:00 2001 From: Allar Viik Date: Wed, 3 Jan 2024 22:56:05 +0200 Subject: [PATCH] Fixed an issue in `linux_xrdp_server` role where Polkit configuration did not apply on Kali Linux --- nova/core/roles/linux_xrdp_server/README.md | 36 ++++++------------- ...nfiguration.pkla => 10-configuration.pkla} | 0 .../files/10-configuration.rules | 13 +++++++ .../roles/linux_xrdp_server/tasks/debian.yml | 35 +++--------------- .../roles/linux_xrdp_server/tasks/kali.yml | 7 ++++ .../roles/linux_xrdp_server/tasks/main.yml | 2 +- .../roles/linux_xrdp_server/tasks/ubuntu.yml | 14 ++++++++ 7 files changed, 51 insertions(+), 56 deletions(-) rename nova/core/roles/linux_xrdp_server/files/{custom-configuration.pkla => 10-configuration.pkla} (100%) create mode 100644 nova/core/roles/linux_xrdp_server/files/10-configuration.rules create mode 100644 nova/core/roles/linux_xrdp_server/tasks/kali.yml create mode 100644 nova/core/roles/linux_xrdp_server/tasks/ubuntu.yml diff --git a/nova/core/roles/linux_xrdp_server/README.md b/nova/core/roles/linux_xrdp_server/README.md index 005565e9..49b2e446 100644 --- a/nova/core/roles/linux_xrdp_server/README.md +++ b/nova/core/roles/linux_xrdp_server/README.md @@ -1,37 +1,23 @@ -# Role Name +# linux_xrdp_server -COMING SOON -A brief description of the role goes here. +This roles installs and configures xrdp on a Linux machine. ## Requirements -COMING SOON -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. +none ## Role Variables -COMING SOON -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. +All required role variables are coming from gather_facts. ## Dependencies -COMING SOON -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. +none -## Example Playbook +## Example -COMING SOON -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -## License - -AGPL-3.0-or-later - -## Author Information - -COMING SOON -An optional section for the role authors to include contact information, or a website (HTML is not allowed). +```yaml +- name: Inlcude role linux_xrdp_server + ansible.builtin.include_role: + name: nova.core.linux_xrdp_server +``` diff --git a/nova/core/roles/linux_xrdp_server/files/custom-configuration.pkla b/nova/core/roles/linux_xrdp_server/files/10-configuration.pkla similarity index 100% rename from nova/core/roles/linux_xrdp_server/files/custom-configuration.pkla rename to nova/core/roles/linux_xrdp_server/files/10-configuration.pkla diff --git a/nova/core/roles/linux_xrdp_server/files/10-configuration.rules b/nova/core/roles/linux_xrdp_server/files/10-configuration.rules new file mode 100644 index 00000000..f85fafe0 --- /dev/null +++ b/nova/core/roles/linux_xrdp_server/files/10-configuration.rules @@ -0,0 +1,13 @@ +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.color-manager.create-device" || + action.id == "org.freedesktop.color-manager.create-profile" || + action.id == "org.freedesktop.color-manager.delete-device" || + action.id == "org.freedesktop.color-manager.delete-profile" || + action.id == "org.freedesktop.color-manager.modify-device" || + action.id == "org.freedesktop.color-manager.modify-profile" || + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" ) && + (subject.isInGroup ("sudo") || subject.isInGroup ("users"))) { + return polkit.Result.YES; + } + }); \ No newline at end of file diff --git a/nova/core/roles/linux_xrdp_server/tasks/debian.yml b/nova/core/roles/linux_xrdp_server/tasks/debian.yml index e7a0ae87..c20bec76 100644 --- a/nova/core/roles/linux_xrdp_server/tasks/debian.yml +++ b/nova/core/roles/linux_xrdp_server/tasks/debian.yml @@ -11,14 +11,6 @@ retries: 5 delay: 3 -- name: Creating colord start cron job... # Temporary hack to avoid colord error on first login - ansible.builtin.cron: - name: Start colord.service - special_time: reboot - job: systemctl start colord.service - user: root - when: ansible_facts.lsb.id == "Kali" - - name: Adding xrdp user to ssl-cert group... ansible.builtin.user: name: xrdp @@ -51,30 +43,13 @@ line: ls_background_image= # Enables setting login screen background notify: Restarting xrdp service... -- name: Creating xrdp start cron job... # Because if there's a lot of (security) agents installed the xrdp service times out on boot - ansible.builtin.cron: - name: Start xrdp.service - special_time: reboot - job: sleep 30 && systemctl restart xrdp.service - user: root +- name: Including {{ ansible_distribution }} specific tasks... + ansible.builtin.include_tasks: ubuntu.yml when: ansible_distribution == "Ubuntu" -- name: Creating folders for configuration... - ansible.builtin.file: - path: /etc/polkit-1/localauthority/50-local.d - state: directory - mode: "0755" - -- name: Configuring XRDP polkit... - ansible.builtin.copy: - src: "{{ polkit_config.src }}" - dest: "{{ polkit_config.dest }}" - mode: "0644" - loop_control: - loop_var: polkit_config - loop: - - src: custom-configuration.pkla - dest: /etc/polkit-1/localauthority/50-local.d/custom-configuration.pkla +- name: Including {{ ansible_distribution }} specific tasks... + ansible.builtin.include_tasks: kali.yml + when: ansible_distribution == 'Kali' - name: Enabling xrdp service... ansible.builtin.systemd_service: diff --git a/nova/core/roles/linux_xrdp_server/tasks/kali.yml b/nova/core/roles/linux_xrdp_server/tasks/kali.yml new file mode 100644 index 00000000..0b9ac65c --- /dev/null +++ b/nova/core/roles/linux_xrdp_server/tasks/kali.yml @@ -0,0 +1,7 @@ +--- +# https://c-nergy.be/blog/?p=12073 +- name: Configuring XRDP polkit... + ansible.builtin.copy: + src: 10-configuration.rules + dest: /etc/polkit-1/rules.d/10-configuration.rules + mode: "0644" diff --git a/nova/core/roles/linux_xrdp_server/tasks/main.yml b/nova/core/roles/linux_xrdp_server/tasks/main.yml index 77942ab4..beefcc16 100644 --- a/nova/core/roles/linux_xrdp_server/tasks/main.yml +++ b/nova/core/roles/linux_xrdp_server/tasks/main.yml @@ -1,4 +1,4 @@ --- - name: Installing xrdp on Debian based OS... ansible.builtin.include_tasks: debian.yml - when: (ansible_distribution == 'Debian') or (ansible_distribution == 'Kali') or (ansible_distribution == "Ubuntu") + when: ansible_os_family == "Debian" diff --git a/nova/core/roles/linux_xrdp_server/tasks/ubuntu.yml b/nova/core/roles/linux_xrdp_server/tasks/ubuntu.yml new file mode 100644 index 00000000..2c11efc4 --- /dev/null +++ b/nova/core/roles/linux_xrdp_server/tasks/ubuntu.yml @@ -0,0 +1,14 @@ +--- +# http://c-nergy.be/blog/?p=12043 +- name: Configuring XRDP polkit... + ansible.builtin.copy: + src: 10-configuration.pkla + dest: /etc/polkit-1/localauthority/50-local.d/10-configuration.pkla + mode: "0644" + +- name: Creating xrdp start cron job... # Because if there's a lot of (security) agents installed the xrdp service times out on boot + ansible.builtin.cron: + name: Start xrdp.service + special_time: reboot + job: sleep 30 && systemctl restart xrdp.service + user: root