Simple GUI Prompt for Username/Password for FreeRDP

Once I finished with the FreeRDP compilation and testing, I moved on to the end-user interaction phase of my project.  I started looking for different open-source products on how to prompt end-users for credentials.  I found on FreeRDP GUI project, but it didn’t include a gateway server address field.  I asked a python programmer I know to look at the source, but I found another simple solution.  I used the Linux program Zenity to prompt users for a username/password combination.  I installed this into Raspberry with “sudo apt-get install zenity”.  The repository version is fine for this use.  This was then called inside a bash script.  For testing on a private network, I reasoned that the only thing I have to prompt someone for are username/password credentials.

Below is my Bash Script…

#!/bin/bash

echo “Reading config….” >&2
source /xfreerdp-scripts/xfreerdp.ini
echo $AD_Domain
echo $Local_FQDN
echo $Gateway_FQDN

function xfreerdp
{

ENTRY=”$(zenity –title=$Gateway_FQDN –username –password)”

if [ $? -eq 1 ]; then

  exit 1

else

  Username=”$(echo $ENTRY | cut -d’|’ -f1)”

  Password=”$(echo $ENTRY | cut -d’|’ -f2)”

  /usr/local/bin/xfreerdp /v:$Local_FQDN /u:$Username /d:$AD_Domain /p:$Password \

  /g:$Gateway_FQDN /gu:$Username /gd:$AD_Domain /gp:$Password /f

  if [ $? -eq 12 ]; then

    exit 12

  else

    xfreerdp

  fi

fi

}

xfreerdp

Below is the ini file referenced by the BASH script

AD_Domain=NETBIOS
Local_FQDN=inside.server.com
Gateway_FQDN=outside.server.com

Script is pretty easy to follow.

The first section uses “source” in BASH to read an ini file for server settings.  During testing hard coded the server address, but then looked into using an ini file.  Some people online warn about using “source” since it’s insecure.  But since this is a raspberry thin-client and doesn’t hold any server data, I didn’t feel there was any risk to the raspberry itself.

The next section is where I run Zenity.  This resides inside a BASH function so that I can re-prompt for username/password in case of an error.

ENTRY=”$(zenity –title=$Gateway_FQDN –username –password)”

Variable ENTRY is populated with both username and password.  In the prompt window I display the name of the gateway server the end-user is logging into.  If Zenity returned an error level of 1, the end user hit the cancel button and the BASH script exits.  If the user enters a username/password combination, I needed to extract the info from the variable ENTRY.

Username=”$(echo $ENTRY | cut -d’|’ -f1)”
Password=”$(echo $ENTRY | cut -d’|’ -f2)”

I passed these values to variables Username and Password.  Once I had the credentials, I ran the FreeRDP command with all the variables populated with the required values.

During testing I had to figure out a way to exit out of the BASH script when a user logged off of a Terminal Server, but I had to re-prompt them for bad credentials.  Since FreeRDP has a lot of error codes it can return, I chose to work with 12, “logoff_by_user” via an if statement.

if [ $? -eq 12 ]; then

    exit 12

  else

    xfreerdp

  This does two things; 1) when a user logs off of a Terminal Server they don’t see a hanging username/password prompt. (I took this as a nuisance to be rid of.  2) if any other error is generated, the function xfreerdp is called again.   It’s not a perfect solution.  But at least if you can’t log in, then you know you have to investigate why (You’d do this by running the BASH script in a terminal window and reading the errors generate).

The last line just starts the process by stating the function xfreerdp.

Now you just need the desktop launcher to launch the BASH script.  In some versions of Ubuntu, you right-click on the desktop and select “Create New Launcher”.  If you don’t have this, you can try the command I use if you use the gnome desktop environment…

gnome-desktop-item-edit –create-new ~/Desktop

If you use any other desktop environment, you’ll need to look up how to create a desktop launcher.

 

Leave a Reply

Your email address will not be published.

Protected with IP Blacklist CloudIP Blacklist Cloud