From 04fa5b3033722df4fba45c02056be8e7cb45d7c6 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 19 Jun 2023 09:51:26 +0200
Subject: [PATCH] [client,mac] update to use AuthenticateEx

---
 client/Mac/MRDPView.h  |   4 +-
 client/Mac/MRDPView.m  | 127 ++++++++++++++++++++++++++++++++---------
 client/Mac/mf_client.m |   5 +-
 3 files changed, 105 insertions(+), 31 deletions(-)

diff --git a/client/Mac/MRDPView.h b/client/Mac/MRDPView.h
index ea531c8b1..d7d978f0e 100644
--- a/client/Mac/MRDPView.h
+++ b/client/Mac/MRDPView.h
@@ -75,8 +75,8 @@
 BOOL mac_pre_connect(freerdp *instance);
 BOOL mac_post_connect(freerdp *instance);
 void mac_post_disconnect(freerdp *instance);
-BOOL mac_authenticate(freerdp *instance, char **username, char **password, char **domain);
-BOOL mac_gw_authenticate(freerdp *instance, char **username, char **password, char **domain);
+BOOL mac_authenticate_ex(freerdp *instance, char **username, char **password, char **domain,
+                         rdp_auth_reason reason);
 
 DWORD mac_verify_certificate_ex(freerdp *instance, const char *host, UINT16 port,
                                 const char *common_name, const char *subject, const char *issuer,
diff --git a/client/Mac/MRDPView.m b/client/Mac/MRDPView.m
index 835df3750..493b4f138 100644
--- a/client/Mac/MRDPView.m
+++ b/client/Mac/MRDPView.m
@@ -926,12 +926,17 @@ void mac_post_disconnect(freerdp *instance)
 	gdi_free(instance);
 }
 
-static BOOL mac_authenticate_int(NSString *title, freerdp *instance, char **username,
-                                 char **password, char **domain)
+static BOOL mac_show_auth_dialog(MRDPView *view, NSString *title, char **username, char **password,
+                                 char **domain)
 {
-	mfContext *mfc = (mfContext *)instance->context;
-	MRDPView *view = (MRDPView *)mfc->view;
+	WINPR_ASSERT(view);
+	WINPR_ASSERT(title);
+	WINPR_ASSERT(username);
+	WINPR_ASSERT(password);
+	WINPR_ASSERT(domain);
+
 	PasswordDialog *dialog = [PasswordDialog new];
+
 	dialog.serverHostname = title;
 
 	if (*username)
@@ -982,40 +987,108 @@ static BOOL mac_authenticate_int(NSString *title, freerdp *instance, char **user
 	return ok;
 }
 
-BOOL mac_authenticate(freerdp *instance, char **username, char **password, char **domain)
+static BOOL mac_authenticate_raw(freerdp *instance, char **username, char **password, char **domain,
+                                 rdp_auth_reason reason)
 {
-	rdpSettings *settings;
+	BOOL pinOnly = FALSE;
 
 	WINPR_ASSERT(instance);
 	WINPR_ASSERT(instance->context);
+	WINPR_ASSERT(instance->context->settings);
 
-	settings = instance->context->settings;
-	WINPR_ASSERT(settings);
+	const rdpSettings *settings = instance->context->settings;
+	mfContext *mfc = (mfContext *)instance->context;
+	MRDPView *view = (MRDPView *)mfc->view;
+	NSString *title = NULL;
 
-	NSString *title =
-	    [NSString stringWithFormat:@"%@:%u",
-	                               [NSString stringWithCString:settings->ServerHostname
-	                                                  encoding:NSUTF8StringEncoding],
-	                               settings -> ServerPort];
-	return mac_authenticate_int(title, instance, username, password, domain);
+	switch (reason)
+	{
+		case AUTH_SMARTCARD_PIN:
+			pinOnly = TRUE;
+			title = [NSString stringWithFormat:@"%@:%u",
+			                                   [NSString stringWithCString:settings->ServerHostname
+			                                                      encoding:NSUTF8StringEncoding],
+			                                   settings -> ServerPort];
+			break;
+		case AUTH_TLS:
+		case AUTH_RDP:
+		case AUTH_NLA:
+			title = [NSString stringWithFormat:@"%@:%u",
+			                                   [NSString stringWithCString:settings->ServerHostname
+			                                                      encoding:NSUTF8StringEncoding],
+			                                   settings -> ServerPort];
+			break;
+		case GW_AUTH_HTTP:
+		case GW_AUTH_RDG:
+		case GW_AUTH_RPC:
+			title = [NSString stringWithFormat:@"%@:%u",
+			                                   [NSString stringWithCString:settings->GatewayHostname
+			                                                      encoding:NSUTF8StringEncoding],
+			                                   settings -> GatewayPort];
+			break;
+		default:
+			return FALSE;
+	}
+
+	if (!username || !password || !domain)
+		return FALSE;
+
+	if (!*username && !pinOnly)
+	{
+		if (!mac_show_auth_dialog(view, title, username, password, domain))
+			goto fail;
+	}
+	else if (!*domain && !pinOnly)
+	{
+		if (!mac_show_auth_dialog(view, title, username, password, domain))
+			goto fail;
+	}
+	else if (!*password)
+	{
+		if (!mac_show_auth_dialog(view, title, username, password, domain))
+			goto fail;
+	}
+
+	return TRUE;
+fail:
+	free(*username);
+	free(*domain);
+	free(*password);
+	*username = NULL;
+	*domain = NULL;
+	*password = NULL;
+	return FALSE;
 }
 
-BOOL mac_gw_authenticate(freerdp *instance, char **username, char **password, char **domain)
+BOOL mac_authenticate_ex(freerdp *instance, char **username, char **password, char **domain,
+                         rdp_auth_reason reason)
 {
-	rdpSettings *settings;
-
 	WINPR_ASSERT(instance);
-	WINPR_ASSERT(instance->context);
+	WINPR_ASSERT(username);
+	WINPR_ASSERT(password);
+	WINPR_ASSERT(domain);
 
-	settings = instance->context->settings;
-	WINPR_ASSERT(settings);
+	NSString *title;
+	switch (reason)
+	{
+		case AUTH_NLA:
+			break;
 
-	NSString *title =
-	    [NSString stringWithFormat:@"%@:%u",
-	                               [NSString stringWithCString:settings->GatewayHostname
-	                                                  encoding:NSUTF8StringEncoding],
-	                               settings -> GatewayPort];
-	return mac_authenticate_int(title, instance, username, password, domain);
+		case AUTH_TLS:
+		case AUTH_RDP:
+		case AUTH_SMARTCARD_PIN: /* in this case password is pin code */
+			if ((*username) && (*password))
+				return TRUE;
+			break;
+		case GW_AUTH_HTTP:
+		case GW_AUTH_RDG:
+		case GW_AUTH_RPC:
+			break;
+		default:
+			return FALSE;
+	}
+
+	return mac_authenticate_raw(instance, username, password, domain, reason);
 }
 
 DWORD mac_verify_certificate_ex(freerdp *instance, const char *host, UINT16 port,
@@ -1026,7 +1099,7 @@ DWORD mac_verify_certificate_ex(freerdp *instance, const char *host, UINT16 port
 	MRDPView *view = (MRDPView *)mfc->view;
 	CertificateDialog *dialog = [CertificateDialog new];
 	const char *type = "RDP-Server";
-	char hostname[8192];
+	char hostname[8192] = { 0 };
 
 	if (flags & VERIFY_CERT_FLAG_GATEWAY)
 		type = "RDP-Gateway";
diff --git a/client/Mac/mf_client.m b/client/Mac/mf_client.m
index 281aee92c..ca555665b 100644
--- a/client/Mac/mf_client.m
+++ b/client/Mac/mf_client.m
@@ -88,11 +88,12 @@ static BOOL mfreerdp_client_new(freerdp *instance, rdpContext *context)
 	WINPR_ASSERT(mfc);
 
 	mfc->stopEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
+	if (!mfc->stopEvent)
+		return FALSE;
 	context->instance->PreConnect = mac_pre_connect;
 	context->instance->PostConnect = mac_post_connect;
 	context->instance->PostDisconnect = mac_post_disconnect;
-	context->instance->Authenticate = mac_authenticate;
-	context->instance->GatewayAuthenticate = mac_gw_authenticate;
+	context->instance->AuthenticateEx = mac_authenticate_ex;
 	context->instance->VerifyCertificateEx = mac_verify_certificate_ex;
 	context->instance->VerifyChangedCertificateEx = mac_verify_changed_certificate_ex;
 	context->instance->LogonErrorInfo = mac_logon_error_info;