The clipboard might be (re)initialized multiple times, to do
initialization and deinitialization in cliprdr_file_context_init and
cliprdr_file_context_uninit.
If client-common is build with WITH_SSO_MIB inject a callback that first
tries to retrieve a token from sso-mib library and only if that fails
falls back to a client provided callback.
This change enables an alternative way of acquiring the necessary
access tokens through a local identity broker. In the current
implementation, we need to visit URLs twice and paste back the
URLs we are redirected to in order to extract authorization codes
and ultimately fetch the correct access tokens for RDP (described
here: <0>).
As an alternative, MS also provides the Microsoft Authentication
Library (MSAL) through which authentication can be handled more
or less in the background when we're using a trusted device. In
particular, we can request access tokens with the same
parameters as we're currently doing through the URL-based scheme.
As the MSAL bindings are not available for C, we implemented a
small wrapper library called sso-mib which is available at
https://github.com/siemens/sso-mib. This library translates the
high-level requests (such as acquire_token_interactive) to
respective messages on the D-Bus messaging bus which is used to
communicate with the identity broker service on Linux. The
library can be built as a .deb package and subsequently be
found through PkgConfig mechanisms in CMake.
When sso-mib is not available through pkg-config, it can also
be placed in external/, with the directory structure looking
like the following. include/ is copied from the root of the
sso-mib directory and lib/ populated with the built shared
library files and symlinks.
external/
├── README
└── sso-mib
├── include
│ └── sso-mib
│ ├── mib-account.h
│ ├── mib-client-app.h
│ ├── mib-exports.h
│ ├── mib-pop-params.h
│ ├── mib-prt.h
│ ├── mib-prt-sso-cookie.h
│ └── sso-mib.h
└── lib
├── libsso-mib.so -> libsso-mib.so.0
├── libsso-mib.so.0 -> libsso-mib.so.0.4.0
└── libsso-mib.so.0.4.0
This feature is currently hidden behind a configuration switch
and must be enabled via `-DWITH_SSO_MIB=ON`. If the connection
to the broker fails (for example, if no identity broker is
installed or running on the system), we automatically fall back
to the current scheme of copy-pasting URLs.
<0>: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e967ebeb-9e9f-443e-857a-5208802943c2
Some cmake_policy settings have long been active by default (3.13 is our
current baseline) or simply unused. Due to issues with CMake 4.0 lets
drop them
When calling `freerdp_client_populate_rdp_file_from_settings` you should
expect that all settings are populated to the rdp file instance. However
certain settings (i.e. cameras to redirect) where only updated if they
had a value but did not reset the setting.
This causes trouble if the file instance was used to load settings,
settings were altered and then populated back to the file instance.
SDL2 client is a dead end due to lacking API (clipboard support, ...) so
mark the SDL2 client deprecated and point out there is a SDL3 version
available
