[core,aad] make AAD optional

* make cJSON an optional dependency
* disable AAD if cJSON was not compiled in

libfreerdp/CMakeLists.txt

@@ -87,11 +87,9 @@ find_package(cJSON)
 # some very enthusiastic packagers forgot to package the cJSONConfig.cmake
 # so try to find the paths manually
 if (NOT CJSON_FOUND)
-	message("falling back to manual cJSON detection")
 	find_file(CJSON_INCLUDE_HEADER
 		NAMES cJSON.h
 		PATH_SUFFIXES cjson
-		REQUIRED
 	)
 
 	# Extract the include base path from the header file path.
@@ -102,12 +100,20 @@ if (NOT CJSON_FOUND)
 
 	find_library(CJSON_LIBRARIES
 		NAMES cjson
-	       	REQUIRED
 	)
+
+	if (CJSON_INCLUDE_DIRS AND CJSON_LIBRARIES)
+		set(CJSON_FOUND ON)
+	endif()
 endif()
 
-freerdp_include_directory_add(${CJSON_INCLUDE_DIRS})
-freerdp_library_add(${CJSON_LIBRARIES})
+if (CJSON_FOUND)
+	freerdp_definition_add(-DCJSON_FOUND)
+	freerdp_include_directory_add(${CJSON_INCLUDE_DIRS})
+	freerdp_library_add(${CJSON_LIBRARIES})
+else()
+	message(WARNING "building without cJSON, AAD authentication disabled for this build")
+endif()
 
 if (WITH_SWSCALE)
     find_package(SWScale REQUIRED)

libfreerdp/core/aad.c

@@ -24,7 +24,9 @@
 
 #include <freerdp/crypto/crypto.h>
 
+#if defined(CJSON_FOUND)
 #include <cjson/cJSON.h>
+#endif
 
 #include <winpr/crypto.h>
 
@@ -37,6 +39,7 @@
 
 #include "aad.h"
 
+#if defined(CJSON_FOUND)
 #if CJSON_VERSION_MAJOR == 1
 #if CJSON_VERSION_MINOR <= 7
 #if CJSON_VERSION_PATCH < 13
@@ -44,7 +47,22 @@
 #endif
 #endif
 #endif
+#endif
 
+struct rdp_aad
+{
+	AAD_STATE state;
+	rdpContext* rdpcontext;
+	rdpTransport* transport;
+	char* access_token;
+	EVP_PKEY* pop_key;
+	char* kid;
+	char* nonce;
+	char* hostname;
+	wLog* log;
+};
+
+#if defined(CJSON_FOUND)
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/core_names.h>
 #else
@@ -104,19 +122,6 @@ static const char token_http_request_body[] =
     "76844c9b6999"
     "\r\n\r\n";
 
-struct rdp_aad
-{
-	AAD_STATE state;
-	rdpContext* rdpcontext;
-	rdpTransport* transport;
-	char* access_token;
-	EVP_PKEY* pop_key;
-	char* kid;
-	char* nonce;
-	char* hostname;
-	wLog* log;
-};
-
 static BOOL get_encoded_rsa_params(wLog* wlog, EVP_PKEY* pkey, char** e, char** n);
 static BOOL generate_pop_key(rdpAad* aad);
 static BOOL read_http_message(rdpAad* aad, BIO* bio, long* status_code, char** content,
@@ -182,23 +187,6 @@ static int print_error(const char* str, size_t len, void* u)
 	return 1;
 }
 
-rdpAad* aad_new(rdpContext* context, rdpTransport* transport)
-{
-	WINPR_ASSERT(transport);
-	WINPR_ASSERT(context);
-
-	rdpAad* aad = (rdpAad*)calloc(1, sizeof(rdpAad));
-
-	if (!aad)
-		return NULL;
-
-	aad->log = WLog_Get(FREERDP_TAG("aad"));
-	aad->rdpcontext = context;
-	aad->transport = transport;
-
-	return aad;
-}
-
 static BOOL json_get_object(wLog* wlog, cJSON* json, const char* key, cJSON** obj)
 {
 	WINPR_ASSERT(json);
@@ -834,26 +822,6 @@ int aad_recv(rdpAad* aad, wStream* s)
 	}
 }
 
-AAD_STATE aad_get_state(rdpAad* aad)
-{
-	WINPR_ASSERT(aad);
-	return aad->state;
-}
-
-void aad_free(rdpAad* aad)
-{
-	if (!aad)
-		return;
-
-	free(aad->hostname);
-	free(aad->nonce);
-	free(aad->access_token);
-	free(aad->kid);
-	EVP_PKEY_free(aad->pop_key);
-
-	free(aad);
-}
-
 static BOOL read_http_message(rdpAad* aad, BIO* bio, long* status_code, char** content,
                               size_t* content_length)
 {
@@ -1186,3 +1154,63 @@ fail:
 	}
 	return rc;
 }
+#else
+int aad_client_begin(rdpAad* aad)
+{
+	WINPR_ASSERT(aad);
+	WLog_Print(aad->log, WLOG_ERROR, "AAD security not compiled in, aborting!");
+	return -1;
+}
+int aad_recv(rdpAad* aad, wStream* s)
+{
+	WINPR_ASSERT(aad);
+	WLog_Print(aad->log, WLOG_ERROR, "AAD security not compiled in, aborting!");
+	return -1;
+}
+#endif
+
+rdpAad* aad_new(rdpContext* context, rdpTransport* transport)
+{
+	WINPR_ASSERT(transport);
+	WINPR_ASSERT(context);
+
+	rdpAad* aad = (rdpAad*)calloc(1, sizeof(rdpAad));
+
+	if (!aad)
+		return NULL;
+
+	aad->log = WLog_Get(FREERDP_TAG("aad"));
+	aad->rdpcontext = context;
+	aad->transport = transport;
+
+	return aad;
+}
+
+void aad_free(rdpAad* aad)
+{
+	if (!aad)
+		return;
+
+	free(aad->hostname);
+	free(aad->nonce);
+	free(aad->access_token);
+	free(aad->kid);
+	EVP_PKEY_free(aad->pop_key);
+
+	free(aad);
+}
+
+AAD_STATE aad_get_state(rdpAad* aad)
+{
+	WINPR_ASSERT(aad);
+	return aad->state;
+}
+
+BOOL aad_is_supported(void)
+{
+#if defined(CJSON_FOUND)
+	return TRUE;
+#else
+	return FALSE;
+#endif
+}

libfreerdp/core/aad.h

@@ -32,6 +32,8 @@ typedef enum
 #include <freerdp/api.h>
 #include <freerdp/freerdp.h>
 
+FREERDP_LOCAL BOOL aad_is_supported(void);
+
 FREERDP_LOCAL int aad_client_begin(rdpAad* aad);
 FREERDP_LOCAL int aad_recv(rdpAad* aad, wStream* s);
 

libfreerdp/core/nego.c

@@ -31,6 +31,7 @@
 #include "tpkt.h"
 
 #include "nego.h"
+#include "aad.h"
 
 #include "transport.h"
 
@@ -1696,8 +1697,15 @@ void nego_enable_ext(rdpNego* nego, BOOL enable_ext)
 
 void nego_enable_aad(rdpNego* nego, BOOL enable_aad)
 {
-	WLog_DBG(TAG, "Enabling RDS AAD security: %s", enable_aad ? "TRUE" : "FALSE");
-	nego->EnabledProtocols[PROTOCOL_RDSAAD] = enable_aad;
+	if (aad_is_supported())
+	{
+		WLog_DBG(TAG, "Enabling RDS AAD security: %s", enable_aad ? "TRUE" : "FALSE");
+		nego->EnabledProtocols[PROTOCOL_RDSAAD] = enable_aad;
+	}
+	else
+	{
+		WLog_WARN(TAG, "This build does not support AAD security, disabling.");
+	}
 }
 
 /**

libfreerdp/core/rdp.c

@@ -2164,6 +2164,10 @@ rdpRdp* rdp_new(rdpContext* context)
 		*rdp->io = *io;
 	}
 
+	rdp->aad = aad_new(context, rdp->transport);
+	if (!rdp->aad)
+		goto fail;
+
 	rdp->license = license_new(rdp);
 
 	if (!rdp->license)
@@ -2300,6 +2304,11 @@ BOOL rdp_reset(rdpRdp* rdp)
 			goto fail;
 	}
 
+	aad_free(rdp->aad);
+	rdp->aad = aad_new(context, rdp->transport);
+	if (!rdp->aad)
+		goto fail;
+
 	rdp->nego = nego_new(rdp->transport);
 	if (!rdp->nego)
 		goto fail;

libfreerdp/core/transport.c

@@ -426,9 +426,6 @@ BOOL transport_connect_aad(rdpTransport* transport)
 	if (!settings->Authentication)
 		return TRUE;
 
-	aad_free(rdp->aad);
-	rdp->aad = aad_new(context, transport);
-
 	if (!rdp->aad)
 		return FALSE;