diff --git a/client/SDL/common/aad/sdl_webview.cpp b/client/SDL/common/aad/sdl_webview.cpp index b24efd95d..1a2d20508 100644 --- a/client/SDL/common/aad/sdl_webview.cpp +++ b/client/SDL/common/aad/sdl_webview.cpp @@ -38,10 +38,11 @@ static BOOL sdl_webview_get_rdsaad_access_token(freerdp* instance, const char* s WINPR_ASSERT(token); WINPR_UNUSED(instance); + WINPR_UNUSED(instance->context); - std::string client_id = "5177bc73-fd99-4c77-a90c-76844c9b6999"; - std::string redirect_uri = - "ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2f5177bc73-fd99-4c77-a90c-76844c9b6999"; + std::string client_id = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID); + std::string redirect_uri = "ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2f" + client_id; *token = nullptr; @@ -65,10 +66,12 @@ static BOOL sdl_webview_get_rdsaad_access_token(freerdp* instance, const char* s static BOOL sdl_webview_get_avd_access_token(freerdp* instance, char** token) { WINPR_ASSERT(token); + WINPR_ASSERT(instance); + WINPR_ASSERT(instance->context); - std::string client_id = "a85cf173-4192-42f8-81fa-777a763e6e2c"; - std::string redirect_uri = - "ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2fa85cf173-4192-42f8-81fa-777a763e6e2c"; + std::string client_id = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID); + std::string redirect_uri = "ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%2f" + client_id; std::string scope = "https%3A%2F%2Fwww.wvd.microsoft.com%2F.default"; *token = nullptr; diff --git a/client/common/client.c b/client/common/client.c index 29bd26bac..b04046405 100644 --- a/client/common/client.c +++ b/client/common/client.c @@ -1019,20 +1019,36 @@ static char* extract_authorization_code(char* url) static BOOL client_cli_get_rdsaad_access_token(freerdp* instance, const char* scope, const char* req_cnf, char** token) { + WINPR_ASSERT(instance); + WINPR_ASSERT(instance->context); + size_t size = 0; char* url = NULL; char* token_request = NULL; - const char* client_id = "a85cf173-4192-42f8-81fa-777a763e6e2c"; - const char* redirect_uri = - "https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient"; + char* redirect_uri = NULL; + size_t redirec_uri_len = 0; - WINPR_ASSERT(instance); WINPR_ASSERT(scope); WINPR_ASSERT(req_cnf); WINPR_ASSERT(token); + BOOL rc = FALSE; *token = NULL; + const char* client_id = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID); + const char* base = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdArmpath); + const char* tenantid = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdAadtenantid); + if (!base || !tenantid || !client_id) + goto cleanup; + + winpr_asprintf(&redirect_uri, &redirec_uri_len, + "ms-appx-web%%3a%%2f%%2fMicrosoft.AAD.BrokerPlugin%%2f%s", client_id); + if (!redirect_uri) + goto cleanup; + const char* ep = freerdp_utils_aad_get_wellknown_string(instance->context, AAD_WELLKNOWN_authorization_endpoint); printf("Browse to: %s?client_id=%s&response_type=" @@ -1044,7 +1060,6 @@ static BOOL client_cli_get_rdsaad_access_token(freerdp* instance, const char* sc if (freerdp_interruptible_get_line(instance->context, &url, &size, stdin) < 0) return FALSE; - BOOL rc = FALSE; char* code = extract_authorization_code(url); if (!code) goto cleanup; @@ -1058,6 +1073,7 @@ static BOOL client_cli_get_rdsaad_access_token(freerdp* instance, const char* sc rc = client_common_get_access_token(instance, token_request, token); cleanup: + free(redirect_uri); free(token_request); free(url); return rc && (*token != NULL); @@ -1065,19 +1081,36 @@ cleanup: static BOOL client_cli_get_avd_access_token(freerdp* instance, char** token) { + WINPR_ASSERT(instance); + WINPR_ASSERT(instance->context); + size_t size = 0; char* url = NULL; char* token_request = NULL; - const char* client_id = "a85cf173-4192-42f8-81fa-777a763e6e2c"; - const char* redirect_uri = - "https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient"; + char* redirect_uri = NULL; + size_t redirec_uri_len = 0; const char* scope = "https%3A%2F%2Fwww.wvd.microsoft.com%2F.default"; - WINPR_ASSERT(instance); WINPR_ASSERT(token); + BOOL rc = FALSE; + *token = NULL; + const char* client_id = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdClientID); + const char* base = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdArmpath); + const char* tenantid = + freerdp_settings_get_string(instance->context->settings, FreeRDP_GatewayAvdAadtenantid); + if (!base || !tenantid || !client_id) + goto cleanup; + + winpr_asprintf(&redirect_uri, &redirec_uri_len, + "https%%3A%%2F%%2F%s%%2F%s%%2Foauth2%%2Fnativeclient", base, tenantid); + if (!redirect_uri) + goto cleanup; + const char* ep = freerdp_utils_aad_get_wellknown_string(instance->context, AAD_WELLKNOWN_authorization_endpoint); printf("Browse to: %s?client_id=%s&response_type=" @@ -1087,9 +1120,8 @@ static BOOL client_cli_get_avd_access_token(freerdp* instance, char** token) printf("Paste redirect URL here: \n"); if (freerdp_interruptible_get_line(instance->context, &url, &size, stdin) < 0) - return FALSE; + goto cleanup; - BOOL rc = FALSE; char* code = extract_authorization_code(url); if (!code) goto cleanup; @@ -1103,6 +1135,7 @@ static BOOL client_cli_get_avd_access_token(freerdp* instance, char** token) rc = client_common_get_access_token(instance, token_request, token); cleanup: + free(redirect_uri); free(token_request); free(url); return rc && (*token != NULL);