While AzureAD seems to be required for many setups, some need an empty
domain (or maybe a different all together?)
So only provide a sane default and allow user override.
* Move code to client/common to have it in place for all clients without
modification
* Remember if a button was pressed and only suppress move events if no
button is pressed.
If client-common is build with WITH_SSO_MIB inject a callback that first
tries to retrieve a token from sso-mib library and only if that fails
falls back to a client provided callback.
This change enables an alternative way of acquiring the necessary
access tokens through a local identity broker. In the current
implementation, we need to visit URLs twice and paste back the
URLs we are redirected to in order to extract authorization codes
and ultimately fetch the correct access tokens for RDP (described
here: <0>).
As an alternative, MS also provides the Microsoft Authentication
Library (MSAL) through which authentication can be handled more
or less in the background when we're using a trusted device. In
particular, we can request access tokens with the same
parameters as we're currently doing through the URL-based scheme.
As the MSAL bindings are not available for C, we implemented a
small wrapper library called sso-mib which is available at
https://github.com/siemens/sso-mib. This library translates the
high-level requests (such as acquire_token_interactive) to
respective messages on the D-Bus messaging bus which is used to
communicate with the identity broker service on Linux. The
library can be built as a .deb package and subsequently be
found through PkgConfig mechanisms in CMake.
When sso-mib is not available through pkg-config, it can also
be placed in external/, with the directory structure looking
like the following. include/ is copied from the root of the
sso-mib directory and lib/ populated with the built shared
library files and symlinks.
external/
├── README
└── sso-mib
├── include
│ └── sso-mib
│ ├── mib-account.h
│ ├── mib-client-app.h
│ ├── mib-exports.h
│ ├── mib-pop-params.h
│ ├── mib-prt.h
│ ├── mib-prt-sso-cookie.h
│ └── sso-mib.h
└── lib
├── libsso-mib.so -> libsso-mib.so.0
├── libsso-mib.so.0 -> libsso-mib.so.0.4.0
└── libsso-mib.so.0.4.0
This feature is currently hidden behind a configuration switch
and must be enabled via `-DWITH_SSO_MIB=ON`. If the connection
to the broker fails (for example, if no identity broker is
installed or running on the system), we automatically fall back
to the current scheme of copy-pasting URLs.
<0>: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e967ebeb-9e9f-443e-857a-5208802943c2
* Add freerdp_client_print_version_ex and
freerdp_client_print_buildconfig_ex to print version and build
configuration along with the binary name calling it
* Use these new functions instead of the ones that only print out
version and/or buildconfig
