Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xRDP + XFCe4 = no shutdown/reboot buttons #2298

Closed
Xboarder56 opened this issue Jul 1, 2022 · 9 comments
Closed

xRDP + XFCe4 = no shutdown/reboot buttons #2298

Xboarder56 opened this issue Jul 1, 2022 · 9 comments

Comments

@Xboarder56
Copy link

Hi All,

I have been testing xRDP on kali linux which includes XFCE4 as the default display manager. On a local login XFCE4 has the startup shutdown buttons displayed correctly, however connecting via xRDP I get the desktop UI and everything but then I can only logout (shutdown/restart are greyed out).

this was on a fresh kali linux iso with the default settings and just installing the xRDP package from the default repository.

What could be the cause for this changing when connecting via xRDP?
Screen Shot 2022-06-29 at 5 46 03 PM
@Xboarder56
Copy link
Author

I have confirmed the same issues apply for xubuntu 20.04.4 as well with the default XRDP installation.

@metalefty
Copy link
Member

It is managed by polkit. xrdp doesn't have a control on that.

@matt335672
Copy link
Member

@Xboarder56 - if you search the issues here for 'polkit' you'll find plenty of information related to your question.

We haven't documented this explicitly, as every desktop is different, and there are at least two versions of polkit in common use at the moment.

You're running polkit 0.105, so you need to set up one or more ini-style pkla files related to the polkit actions you wish to authorize.

@Xboarder56
Copy link
Author

Xboarder56 commented Jul 5, 2022
edited

Do you mean something like this? I have tried the below and rebooted without any success. I verified the user is in the plugdev group as well as just ripping that portion away all together.

/etc/polkit-1/rules.d/50-xrdp.rules

polkit.addRule(function (action, subject) {
  if ((action.id == "org.freedesktop.consolekit.system.restart" ||
       action.id == "org.freedesktop.consolekit.system.stop")
      && subject.isInGroup("plugdev")) {
     return polkit.Result.YES;
   }
})

Looking at some of the other issues I found pkaction and got a list of actions:

com.ubuntu.pkexec.lightdm-gtk-greeter-settings
guymager
org.blueman.dhcp.client
org.blueman.network.setup
org.blueman.pppd.pppconnect
org.blueman.rfkill.setstate
org.dpkg.pkexec.update-alternatives
org.freedesktop.DisplayManager.AccountsService.ModifyAny
org.freedesktop.DisplayManager.AccountsService.ModifyOwn
org.freedesktop.DisplayManager.AccountsService.ReadAny
org.freedesktop.ModemManager1.Contacts
org.freedesktop.ModemManager1.Control
org.freedesktop.ModemManager1.Device.Control
org.freedesktop.ModemManager1.Firmware
org.freedesktop.ModemManager1.Location
org.freedesktop.ModemManager1.Messaging
org.freedesktop.ModemManager1.Time
org.freedesktop.ModemManager1.USSD
org.freedesktop.ModemManager1.Voice
org.freedesktop.NetworkManager.checkpoint-rollback
org.freedesktop.NetworkManager.enable-disable-connectivity-check
org.freedesktop.NetworkManager.enable-disable-network
org.freedesktop.NetworkManager.enable-disable-statistics
org.freedesktop.NetworkManager.enable-disable-wifi
org.freedesktop.NetworkManager.enable-disable-wimax
org.freedesktop.NetworkManager.enable-disable-wwan
org.freedesktop.NetworkManager.network-control
org.freedesktop.NetworkManager.reload
org.freedesktop.NetworkManager.settings.modify.global-dns
org.freedesktop.NetworkManager.settings.modify.hostname
org.freedesktop.NetworkManager.settings.modify.own
org.freedesktop.NetworkManager.settings.modify.system
org.freedesktop.NetworkManager.sleep-wake
org.freedesktop.NetworkManager.wifi.scan
org.freedesktop.NetworkManager.wifi.share.open
org.freedesktop.NetworkManager.wifi.share.protected
org.freedesktop.RealtimeKit1.acquire-high-priority
org.freedesktop.RealtimeKit1.acquire-real-time
org.freedesktop.color-manager.create-device
org.freedesktop.color-manager.create-profile
org.freedesktop.color-manager.delete-device
org.freedesktop.color-manager.delete-profile
org.freedesktop.color-manager.device-inhibit
org.freedesktop.color-manager.install-system-wide
org.freedesktop.color-manager.modify-device
org.freedesktop.color-manager.modify-profile
org.freedesktop.color-manager.sensor-lock
org.freedesktop.hostname1.get-product-uuid
org.freedesktop.hostname1.set-hostname
org.freedesktop.hostname1.set-machine-info
org.freedesktop.hostname1.set-static-hostname
org.freedesktop.locale1.set-keyboard
org.freedesktop.locale1.set-locale
org.freedesktop.login1.attach-device
org.freedesktop.login1.chvt
org.freedesktop.login1.flush-devices
org.freedesktop.login1.halt
org.freedesktop.login1.halt-ignore-inhibit
org.freedesktop.login1.halt-multiple-sessions
org.freedesktop.login1.hibernate
org.freedesktop.login1.hibernate-ignore-inhibit
org.freedesktop.login1.hibernate-multiple-sessions
org.freedesktop.login1.inhibit-block-idle
org.freedesktop.login1.inhibit-block-shutdown
org.freedesktop.login1.inhibit-block-sleep
org.freedesktop.login1.inhibit-delay-shutdown
org.freedesktop.login1.inhibit-delay-sleep
org.freedesktop.login1.inhibit-handle-hibernate-key
org.freedesktop.login1.inhibit-handle-lid-switch
org.freedesktop.login1.inhibit-handle-power-key
org.freedesktop.login1.inhibit-handle-reboot-key
org.freedesktop.login1.inhibit-handle-suspend-key
org.freedesktop.login1.lock-sessions
org.freedesktop.login1.manage
org.freedesktop.login1.power-off
org.freedesktop.login1.power-off-ignore-inhibit
org.freedesktop.login1.power-off-multiple-sessions
org.freedesktop.login1.reboot
org.freedesktop.login1.reboot-ignore-inhibit
org.freedesktop.login1.reboot-multiple-sessions
org.freedesktop.login1.set-reboot-parameter
org.freedesktop.login1.set-reboot-to-boot-loader-entry
org.freedesktop.login1.set-reboot-to-boot-loader-menu
org.freedesktop.login1.set-reboot-to-firmware-setup
org.freedesktop.login1.set-self-linger
org.freedesktop.login1.set-user-linger
org.freedesktop.login1.set-wall-message
org.freedesktop.login1.suspend
org.freedesktop.login1.suspend-ignore-inhibit
org.freedesktop.login1.suspend-multiple-sessions
org.freedesktop.network1.forcerenew
org.freedesktop.network1.reconfigure
org.freedesktop.network1.reload
org.freedesktop.network1.renew
org.freedesktop.network1.revert-dns
org.freedesktop.network1.revert-ntp
org.freedesktop.network1.set-default-route
org.freedesktop.network1.set-dns-over-tls
org.freedesktop.network1.set-dns-servers
org.freedesktop.network1.set-dnssec
org.freedesktop.network1.set-dnssec-negative-trust-anchors
org.freedesktop.network1.set-domains
org.freedesktop.network1.set-llmnr
org.freedesktop.network1.set-mdns
org.freedesktop.network1.set-ntp-servers
org.freedesktop.policykit.exec
org.freedesktop.policykit.lockdown
org.freedesktop.resolve1.register-service
org.freedesktop.resolve1.revert
org.freedesktop.resolve1.set-default-route
org.freedesktop.resolve1.set-dns-over-tls
org.freedesktop.resolve1.set-dns-servers
org.freedesktop.resolve1.set-dnssec
org.freedesktop.resolve1.set-dnssec-negative-trust-anchors
org.freedesktop.resolve1.set-domains
org.freedesktop.resolve1.set-llmnr
org.freedesktop.resolve1.set-mdns
org.freedesktop.resolve1.unregister-service
org.freedesktop.systemd1.manage-unit-files
org.freedesktop.systemd1.manage-units
org.freedesktop.systemd1.reload-daemon
org.freedesktop.systemd1.reply-password
org.freedesktop.systemd1.set-environment
org.freedesktop.timedate1.set-local-rtc
org.freedesktop.timedate1.set-ntp
org.freedesktop.timedate1.set-time
org.freedesktop.timedate1.set-timezone
org.freedesktop.udisks2.ata-check-power
org.freedesktop.udisks2.ata-secure-erase
org.freedesktop.udisks2.ata-smart-enable-disable
org.freedesktop.udisks2.ata-smart-selftest
org.freedesktop.udisks2.ata-smart-simulate
org.freedesktop.udisks2.ata-smart-update
org.freedesktop.udisks2.ata-standby
org.freedesktop.udisks2.ata-standby-other-seat
org.freedesktop.udisks2.ata-standby-system
org.freedesktop.udisks2.cancel-job
org.freedesktop.udisks2.cancel-job-other-user
org.freedesktop.udisks2.eject-media
org.freedesktop.udisks2.eject-media-other-seat
org.freedesktop.udisks2.eject-media-system
org.freedesktop.udisks2.encrypted-change-passphrase
org.freedesktop.udisks2.encrypted-change-passphrase-system
org.freedesktop.udisks2.encrypted-lock-others
org.freedesktop.udisks2.encrypted-unlock
org.freedesktop.udisks2.encrypted-unlock-crypttab
org.freedesktop.udisks2.encrypted-unlock-other-seat
org.freedesktop.udisks2.encrypted-unlock-system
org.freedesktop.udisks2.filesystem-fstab
org.freedesktop.udisks2.filesystem-mount
org.freedesktop.udisks2.filesystem-mount-other-seat
org.freedesktop.udisks2.filesystem-mount-system
org.freedesktop.udisks2.filesystem-take-ownership
org.freedesktop.udisks2.filesystem-unmount-others
org.freedesktop.udisks2.loop-delete-others
org.freedesktop.udisks2.loop-modify-others
org.freedesktop.udisks2.loop-setup
org.freedesktop.udisks2.manage-md-raid
org.freedesktop.udisks2.manage-swapspace
org.freedesktop.udisks2.modify-device
org.freedesktop.udisks2.modify-device-other-seat
org.freedesktop.udisks2.modify-device-system
org.freedesktop.udisks2.modify-drive-settings
org.freedesktop.udisks2.modify-system-configuration
org.freedesktop.udisks2.open-device
org.freedesktop.udisks2.open-device-system
org.freedesktop.udisks2.power-off-drive
org.freedesktop.udisks2.power-off-drive-other-seat
org.freedesktop.udisks2.power-off-drive-system
org.freedesktop.udisks2.read-system-configuration-secrets
org.freedesktop.udisks2.rescan
org.gnome.gparted
org.gtk.vfs.file-operations
org.gtk.vfs.file-operations-helper
org.kali.pkexec.android-sdk
org.kali.pkexec.fern-wifi-cracker
org.kali.pkexec.legion
org.kali.pkexec.wireshark
org.kali.pkexec.x-terminal-emulator
org.pkexec.ettercap
org.xfce.mousepad
org.xfce.power.backlight-helper
org.xfce.power.xfce4-pm-helper
org.xfce.session.xfsm-shutdown-helper
org.xfce.thunar

I tweaked the 50-xrdp.rules file to be this and rebooted but still no further.

polkit.addRule(function (action, subject) {
  if ((action.id == "org.freedesktop.login1.power-off" ||
       action.id == "org.freedesktop.login1.reboot" ||
       action.id == "org.freedesktop.login1.reboot-multiple-sessions")) 
   {
     return polkit.Result.YES;
   }
})

@Xboarder56
Copy link
Author

I tried something like this under /etc/polkit-1/localauthority.conf.d/49-xrdp.conf without any luck either.

[Allow admins to shutdown from XRDP]
Action=org.freedesktop.login1.power-off
ResultAny=yes

[Allow admins to reboot from XRDP]
Action=org.freedesktop.login1.reboot
ResultAny=yes

@Xboarder56
Copy link
Author

Hi All for future reference I solved this via the code block below and a reboot/polkit service restart.

cat << EOF >> /etc/polkit-1/localauthority/50-local.d/50-xrdp.pkla
[Allow users to shutdown from XRDP]
Identity=unix-user:*
Action=org.freedesktop.login1.power-off
ResultAny=yes

[Allow users to reboot from XRDP]
Identity=unix-user:*
Action=org.freedesktop.login1.reboot
ResultAny=yes
EOF

@mmsaffari
Copy link

This is what worked for me in Debian 11 + xrdp. I've put his inside /etc/polkit-1/localauthority/50-local.d/50-xrdp.pkla

[Enable Reboot]
Identity=unix-group:*
Action=org.freedesktop.login1.reboot;org.freedesktop.login1.reboot-multiple-sessions
ResultAny=yes
ResultActive=no
ResultInactive=no

[Enable Shutdown]
Identity=unix-group:*
Action=org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions
ResultAny=yes
ResultActive=no
ResultInactive=no

@metalefty metalefty mentioned this issue Sep 4, 2023
Closed
@FlawTECH
Copy link

FlawTECH commented Oct 8, 2023

fyi on future versions of polkit, *.pkla files are no longer supported. You need to create JS rules as *.rules files in `/etc/polkit-1/rules.d/.rules

For example, following this thread, you'd allow shutdown / reboot the following way (note that you should add a condition on subject.active if you care about ResultActive/ResultInactive) :

polkit.addRule(function(action, subject) {
  polkit.log(action + ", " + subject);
  if (~["org.freedesktop.login1.power-off","org.freedesktop.login1.power-off-multiple-sessions","org.freedesktop.login1.reboot","org.freedesktop.login1.reboot-multiple-sessions"].indexOf(action.id)) {
    return polkit.Result.YES;
  }
});

save this file as /etc/polkit-1/rules.d/50-xrdp.rules

Sorry for gravedigging, but I scratched my head for hours trying to understand why my .pkla rules were not working, while the directory structure for policykit has completely changed. Hope this helps someone as lost as me.

@chitoge
Copy link

chitoge commented Oct 8, 2023

fyi on future versions of polkit, *.pkla files are no longer supported. You need to create JS rules as *.rules files in `/etc/polkit-1/rules.d/.rules

For example, following this thread, you'd allow shutdown / reboot the following way (note that you should add a condition on subject.active if you care about ResultActive/ResultInactive) :

polkit.addRule(function(action, subject) {
  polkit.log(action + ", " + subject);
  if (~["org.freedesktop.login1.power-off","org.freedesktop.login1.power-off-multiple-sessions","org.freedesktop.login1.reboot","org.freedesktop.login1.reboot-multiple-sessions"].indexOf(action.id)) {
    return polkit.Result.YES;
  }
});

save this file as /etc/polkit-1/rules.d/50-xrdp.rules

Sorry for gravedigging, but I scratched my head for hours trying to understand why my .pkla rules were not working, while the directory structure for policykit has completely changed. Hope this helps someone as lost as me.

Neat! I was having trouble fixing the color-manager policy on Ubuntu 23.10 as well & your solution works perfectly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@metalefty @mmsaffari @Xboarder56 @chitoge @matt335672 @FlawTECH