This function should be used to free certain buffers retrieved using
freerdp_nla_QueryContextAttributes(). It fetches the right vfunc table
to call into, which typically ends up in sspi_FreeContextBuffer() in
sspi_winpr.c.
This is needed to allow querying the PackageInfo attribute.
To allow client-common library to override the GetAccessToken callback
introduce a new GetCommonAccessToken callback.
This callback defaults to call the existing GetAccessToken callback, but
client-common library can override if desired, so that a common token
retrieval method is executed before a client UI is invoked.
API breaking change, with this logic the symbol needs to be manually
defined by an API user. So, to fix this:
* Rename to DROP_FREERDP_3x_DEPRECATED
* Invert logic, so a undefined value enables the symbols
This new CMake option (ON by default) allows building the library with
all symbols deprecated during 3.x release cycle disabled.
This allows compatibility testing external applications for future
FreeRDP 4.x support
This patch implements the client-side part of the remote credential guard feature
as described in MS-RDPEAR. The 2 main changes are: shipping the TSRemoteGuardaCreds in
NLA, and implement the rdpear channel that allows LSASS to remote all the calls to
our client. For now it's UNIX only as the windows implementation would be implemented
in a completely different way.
To test, you may establish you ccache and then connect with (RCG enabled on the server):
xfreerdp /remoteGuard /u:<user> /d:<domain> /v<server>
That should log you in, and in the session you should not be asked for credentials when
doing mstsc /remoteGuard /v:<other server>.
The AAD and AVD authentication mechanisms both need an OAuth2 token.
They only differ in the provided arguments, so unify the callbacks into
a single one with variable argument lists.
- Move responsibility for obtaining access tokens to clients
- Add function for getting access tokens for AVD
- Get correct server hostname during AVD setup
- Add utility function for doing http requests
Optionally build the SDL client with Qt WebEngine to create a popup
browser for authentication to AAD. Also change the URL output on the
command line to use the "nativeclient" redirect for easier copy/pasting
of the authorization code.
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:
- freerdp_reconnect is used which requires an already established
connection to work correctly. This is not the case since the NLA
connectin attempt failed. This resulted in a seemingly working TLS
connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
in the instance's settings. However these settings have been already
modified by the NLA connection attempt so we need to create a copy of
the original connection settings before doing the first connect.
The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
To have more fine granied control add a new callback.
Now you have the following callback pairs:
* PreConnect <--> PostFinalDisconnect
* PostConnect <--> PostDisconnect
When some channels are filtered, some misalignement of channel ids could happen.
This patch keeps track of the back and front channel ids to correctly identify a
channel and send packets with the correct channel id.
