mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[client,aad] use configurable redirection url

Browse Source 
Create the redirection URL for AAD auth from the endpoint configuration.
This commit is contained in:
akallabeth 2024-10-29 08:43:20 +01:00
parent a691d0bb03
commit e24f0fa8db
No known key found for this signature in database
GPG Key ID: A49454A3FC909FD5
2 changed files with 53 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
client/SDL/common/aad/sdl_webview.cpp
View File

@ -38,10 +38,11 @@ static BOOL sdl_webview_get_rdsaad_access_token(freerdp* instance, const char* s
WINPR_ASSERT(token);
WINPR_UNUSED(instance);
WINPR_UNUSED(instance->context);
std::string client_id = "5177bc73-fd99-4c77-a90c-76844c9b6999";
std::string redirect_uri =
"ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2f5177bc73-fd99-4c77-a90c-76844c9b6999";
std::string client_id =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID);
std::string redirect_uri = "ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2f" + client_id;
*token = nullptr;
@ -65,10 +66,12 @@ static BOOL sdl_webview_get_rdsaad_access_token(freerdp* instance, const char* s
static BOOL sdl_webview_get_avd_access_token(freerdp* instance, char** token)
{
WINPR_ASSERT(token);
WINPR_ASSERT(instance);
WINPR_ASSERT(instance->context);
std::string client_id = "a85cf173-4192-42f8-81fa-777a763e6e2c";
std::string redirect_uri =
"ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2fa85cf173-4192-42f8-81fa-777a763e6e2c";
std::string client_id =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID);
std::string redirect_uri = "ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2f" + client_id;
std::string scope = "https%3A%2F%2Fwww.wvd.microsoft.com%2F.default";
*token = nullptr;

55
client/common/client.c
View File

@ -1019,20 +1019,36 @@ static char* extract_authorization_code(char* url)
static BOOL client_cli_get_rdsaad_access_token(freerdp* instance, const char* scope,
const char* req_cnf, char** token)
{
WINPR_ASSERT(instance);
WINPR_ASSERT(instance->context);
size_t size = 0;
char* url = NULL;
char* token_request = NULL;
const char* client_id = "a85cf173-4192-42f8-81fa-777a763e6e2c";
const char* redirect_uri =
"https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient";
char* redirect_uri = NULL;
size_t redirec_uri_len = 0;
WINPR_ASSERT(instance);
WINPR_ASSERT(scope);
WINPR_ASSERT(req_cnf);
WINPR_ASSERT(token);
BOOL rc = FALSE;
*token = NULL;
const char* client_id =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID);
const char* base =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdArmpath);
const char* tenantid =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdAadtenantid);
if (!base || !tenantid || !client_id)
goto cleanup;
winpr_asprintf(&redirect_uri, &redirec_uri_len,
"ms-appx-web%%3a%%2f%%2fMicrosoft.AAD.BrokerPlugin%%2f%s", client_id);
if (!redirect_uri)
goto cleanup;
const char* ep = freerdp_utils_aad_get_wellknown_string(instance->context,
AAD_WELLKNOWN_authorization_endpoint);
printf("Browse to: %s?client_id=%s&response_type="
@ -1044,7 +1060,6 @@ static BOOL client_cli_get_rdsaad_access_token(freerdp* instance, const char* sc
if (freerdp_interruptible_get_line(instance->context, &url, &size, stdin) < 0)
return FALSE;
BOOL rc = FALSE;
char* code = extract_authorization_code(url);
if (!code)
goto cleanup;
@ -1058,6 +1073,7 @@ static BOOL client_cli_get_rdsaad_access_token(freerdp* instance, const char* sc
rc = client_common_get_access_token(instance, token_request, token);
cleanup:
free(redirect_uri);
free(token_request);
free(url);
return rc && (*token != NULL);
@ -1065,19 +1081,36 @@ cleanup:
static BOOL client_cli_get_avd_access_token(freerdp* instance, char** token)
{
WINPR_ASSERT(instance);
WINPR_ASSERT(instance->context);
size_t size = 0;
char* url = NULL;
char* token_request = NULL;
const char* client_id = "a85cf173-4192-42f8-81fa-777a763e6e2c";
const char* redirect_uri =
"https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient";
char* redirect_uri = NULL;
size_t redirec_uri_len = 0;
const char* scope = "https%3A%2F%2Fwww.wvd.microsoft.com%2F.default";
WINPR_ASSERT(instance);
WINPR_ASSERT(token);
BOOL rc = FALSE;
*token = NULL;
const char* client_id =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID);
const char* base =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdArmpath);
const char* tenantid =
freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdAadtenantid);
if (!base || !tenantid || !client_id)
goto cleanup;
winpr_asprintf(&redirect_uri, &redirec_uri_len,
"https%%3A%%2F%%2F%s%%2F%s%%2Foauth2%%2Fnativeclient", base, tenantid);
if (!redirect_uri)
goto cleanup;
const char* ep = freerdp_utils_aad_get_wellknown_string(instance->context,
AAD_WELLKNOWN_authorization_endpoint);
printf("Browse to: %s?client_id=%s&response_type="
@ -1087,9 +1120,8 @@ static BOOL client_cli_get_avd_access_token(freerdp* instance, char** token)
printf("Paste redirect URL here: \n");
if (freerdp_interruptible_get_line(instance->context, &url, &size, stdin) < 0)
return FALSE;
goto cleanup;
BOOL rc = FALSE;
char* code = extract_authorization_code(url);
if (!code)
goto cleanup;
@ -1103,6 +1135,7 @@ static BOOL client_cli_get_avd_access_token(freerdp* instance, char** token)
rc = client_common_get_access_token(instance, token_request, token);
cleanup:
free(redirect_uri);
free(token_request);
free(url);
return rc && (*token != NULL);