From bcf2de2ffb88c3218b9a904e028133f4cda0abf5 Mon Sep 17 00:00:00 2001
From: Martin Fleisz <martin.fleisz@thincast.com>
Date: Fri, 22 Jan 2021 13:12:25 +0100
Subject: [PATCH] transport: Also ask for password when connecting using TLS

---
 libfreerdp/core/transport.c | 41 +++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c
index 7ae5be377..9a83205f0 100644
--- a/libfreerdp/core/transport.c
+++ b/libfreerdp/core/transport.c
@@ -260,6 +260,39 @@ fail:
 	return FALSE;
 }
 
+static BOOL is_empty(const char* str)
+{
+	if (!str)
+		return TRUE;
+	if (strlen(str) == 0)
+		return TRUE;
+	return FALSE;
+}
+
+static BOOL transport_prompt_for_password(rdpTransport* transport)
+{
+	rdpSettings* settings = transport->settings;
+	freerdp* instance = transport->context->instance;
+
+	if (is_empty(settings->Username) ||
+	    (is_empty(settings->Password) && is_empty((const char*)settings->RedirectionPassword)))
+	{
+		/* If no callback is specified still continue connection */
+		if (!instance->Authenticate)
+			return TRUE;
+
+		if (!instance->Authenticate(instance, &settings->Username, &settings->Password,
+		                            &settings->Domain))
+		{
+			freerdp_set_last_error_log(instance->context,
+			                           FREERDP_ERROR_CONNECT_NO_OR_MISSING_CREDENTIALS);
+			return FALSE;
+		}
+	}
+
+	return TRUE;
+}
+
 BOOL transport_connect_rdp(rdpTransport* transport)
 {
 	if (!transport)
@@ -272,6 +305,14 @@ BOOL transport_connect_tls(rdpTransport* transport)
 {
 	if (!transport)
 		return FALSE;
+
+	/* Only prompt for password if we use TLS (NLA also calls this function) */
+	if (transport->settings->SelectedProtocol == PROTOCOL_SSL)
+	{
+		if (!transport_prompt_for_password(transport))
+			return FALSE;
+	}
+
 	return IFCALLRESULT(FALSE, transport->io.TLSConnect, transport);
 }