From 9534838714894a1c744db8e52357299f90f9ce06 Mon Sep 17 00:00:00 2001
From: Nicolas Lastra <lastra.nikos@gmail.com>
Date: Wed, 17 Nov 2021 15:22:16 -0300
Subject: [PATCH 1/3] authd-update-in-ossec-conf

---
 .../ansible-wazuh-manager/defaults/main.yml   |  7 +++--
 .../var-ossec-etc-ossec-server.conf.j2        | 28 +++++++++++++++----
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 4a2442d4..4c7a95fd 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -351,8 +351,11 @@ wazuh_manager_authd:
   enable: true
   port: 1515
   use_source_ip: 'no'
-  force_insert: 'yes'
-  force_time: 0
+  force:
+    enabled: yes
+    key_mismatch: yes
+    disconnected_time: '1h'
+    after_registration_time: '1h'
   purge: 'yes'
   use_password: 'no'
   ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 3242e88b..0c4eee1b 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -623,12 +623,28 @@
     {% if wazuh_manager_config.authd.use_source_ip is not none %}
     <use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>
     {% endif %}
-    {% if wazuh_manager_config.authd.force_insert is not none %}
-    <force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>
-    {% endif %}
-    {% if wazuh_manager_config.authd.force_time is not none %}
-    <force_time>{{wazuh_manager_config.authd.force_time}}</force_time>
-    {% endif %}
+    <force>
+      {% if wazuh_manager_config.authd.force.enabled is not none %}
+      <enabled>{{wazuh_manager_config.authd.port}}</enabled>
+      {% else %}
+      <enabledport>yes</enabled>
+      {% endif %}
+      {% if wazuh_manager_config.authd.force.key_mismatch is not none %}
+      <key_mismatch>{{wazuh_manager_config.authd.port}}</key_mismatch>
+      {% else %}
+      <key_mismatch>yes</key_mismatch>
+      {% endif %}
+      {% if wazuh_manager_config.authd.force.disconnected_time is not none %}
+      <disconnected_time>{{wazuh_manager_config.authd.port}}</disconnected_time>
+      {% else %}
+      <disconnected_time>1h</disconnected_time>
+      {% endif %}
+      {% if wazuh_manager_config.authd.force.after_registration_time is not none %}
+      <after_registration_time>{{wazuh_manager_config.authd.port}}</after_registration_time>
+      {% else %}
+      <after_registration_time>1h</after_registration_time>
+      {% endif %}
+    </force>
     {% if wazuh_manager_config.authd.purge is not none %}
     <purge>{{wazuh_manager_config.authd.purge}}</purge>
     {% endif %}

From 2649a061c571b6c9711eed384b4770a723d139d0 Mon Sep 17 00:00:00 2001
From: Nicolas Lastra <lastra.nikos@gmail.com>
Date: Wed, 17 Nov 2021 15:34:43 -0300
Subject: [PATCH 2/3] fix parameter value in Authd config

---
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 4c7a95fd..1da3b48b 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -352,8 +352,8 @@ wazuh_manager_authd:
   port: 1515
   use_source_ip: 'no'
   force:
-    enabled: yes
-    key_mismatch: yes
+    enabled: 'yes'
+    key_mismatch: 'yes'
     disconnected_time: '1h'
     after_registration_time: '1h'
   purge: 'yes'

From f6b05e25da7b9a626e09506a64ac9366b6461d5b Mon Sep 17 00:00:00 2001
From: Nicolas Lastra <lastra.nikos@gmail.com>
Date: Thu, 18 Nov 2021 18:27:04 -0300
Subject: [PATCH 3/3] fix var-ossec-etc-ossec-server.conf.j2, authd module and
 sub module force

---
 .../templates/var-ossec-etc-ossec-server.conf.j2   | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 0c4eee1b..c5c1a788 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -369,7 +369,9 @@
   <command>
     <name>{{ command.name }}</name>
     <executable>{{ command.executable }}</executable>
-    <expect>{{ command.expect }}</expect>
+    {% if command.expect is defined %}
+        <expect>{{ command.expect }}</expect>
+    {% endif %}
     {% if command.timeout_allowed is defined %}
         <timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
     {% endif %}
@@ -625,22 +627,22 @@
     {% endif %}
     <force>
       {% if wazuh_manager_config.authd.force.enabled is not none %}
-      <enabled>{{wazuh_manager_config.authd.port}}</enabled>
+      <enabled>{{wazuh_manager_config.authd.force.enabled}}</enabled>
       {% else %}
       <enabledport>yes</enabled>
       {% endif %}
       {% if wazuh_manager_config.authd.force.key_mismatch is not none %}
-      <key_mismatch>{{wazuh_manager_config.authd.port}}</key_mismatch>
+      <key_mismatch>{{wazuh_manager_config.authd.force.key_mismatch}}</key_mismatch>
       {% else %}
       <key_mismatch>yes</key_mismatch>
       {% endif %}
       {% if wazuh_manager_config.authd.force.disconnected_time is not none %}
-      <disconnected_time>{{wazuh_manager_config.authd.port}}</disconnected_time>
+      <disconnected_time enabled="yes">{{wazuh_manager_config.authd.force.disconnected_time}}</disconnected_time>
       {% else %}
-      <disconnected_time>1h</disconnected_time>
+      <disconnected_time enabled="yes">1h</disconnected_time>
       {% endif %}
       {% if wazuh_manager_config.authd.force.after_registration_time is not none %}
-      <after_registration_time>{{wazuh_manager_config.authd.port}}</after_registration_time>
+      <after_registration_time>{{wazuh_manager_config.authd.force.after_registration_time}}</after_registration_time>
       {% else %}
       <after_registration_time>1h</after_registration_time>
       {% endif %}