ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahp_5.4.0.1/rzahpauthservice.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: Add authentication to the TI-RPC service" />
<meta name="abstract" content="These code snippets display how the authentication system works in RPC." />
<meta name="description" content="These code snippets display how the authentication system works in RPC." />
<meta name="DC.Relation" scheme="URI" content="rzahpservicecode.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahpauthservice" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Add authentication to the TI-RPC service</title>
</head>
<body id="rzahpauthservice"><a name="rzahpauthservice"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Add authentication to the TI-RPC service</h1>
<div><p>These code snippets display how the authentication system works
in RPC. </p>
<div class="section"><p>System is the only authentication method that is provided on i5/OS™.
The following information is set up and passed from the client to the service
with every clnt_call(). In the following code snippets, notice that rpc_call()
is not sufficient when using authentication information , because it uses <samp class="codeph">authnone</samp> (an
empty authentication token) as the default:</p>
<ul><li><samp class="codeph">aup_time - authentication information timestamp</samp></li>
<li><samp class="codeph">aup_machname - the hostname of the remote client</samp></li>
<li><samp class="codeph">aup_uid - the UID of the remote user of the client</samp></li>
<li><samp class="codeph">aup_gid - the primary GID of the remote user</samp></li>
<li><samp class="codeph">aup_gids - an array of the secondary groups of the remote user</samp></li>
</ul>
<p>The authentication information comes directly into the service as
part of the remote request. It is up to the server to parse this information
and verify that the client is from a trusted machine and a trusted user. If
the authentication type is incorrect, or too weak for the server to accept,
it sends back an error, using svcerr_weakauth(), to indicate this to the client. </p>
<div class="note"><span class="notetitle">Note:</span> By
using the code example, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
<pre>#include &lt;sys/types.h&gt; /* needed for gid_t and uid_t */
#include &lt;stdlib.h&gt;    /* misc. system auth APIs     */
#include &lt;errno.h&gt;

struct authsys_parms *credentials;  /* authentication information */
char *remote_machine;               /* machine name (from the credentials) */
uid_t remote_user;                  /* remote user's UID (from credentials) */

/* make sure we got the correct flavor of authentication */
if (request-&gt;rq_cred.oa_flavor != AUTH_UNIX) {
   /* if not, send back a weak authentication message and return */
   svcerr_weakauth(svc);
   return;
}

/* get our credentials */
credentials = (struct authsys_parms *)(request-&gt;rq_clntcred);

/* get the remote user's GID */
remote_user = credentials-&gt;aup_uid;

/* get the remote hostname of the client */
remote_machine = credentials-&gt;aup_machname;

/* check to see if this machine is "trusted" by us */
if ((strcmpi("remote1", remote_machine) != 0) &amp;&amp;
    (strcmpi("remote2", remote_machine) != 0)) {

   /* not from a machine we trust */
   /* send back an authentication error the client */
   svcerr_weakauth(svc);
   return;

} /* end of if (!trusted hostname) */

else {

   /* now check the user id for one we trust */
   /* information can be gotten from DSPUSRPRF */
   if ((remote_user != 568) &amp;&amp;
       (remote_user != 550) &amp;&amp;
       (remote_user != 528)) {

      /* not a user id we trust */
      /* send back an authentication error the client */
      svcerr_weakauth(svc);
      return;

   } /* end of if (!trusted uid) */

} /* end of else (trusted hostname) */

/* we fall out of the loop if the hostname and uid are trusted */</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahpservicecode.htm" title="Transport independent remote procedure call (TI-RPC) programming provides an effective method for developing distributed client-server based applications on i5/OS.">Examples: Develop service applications based on TI-RPC code</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="reference" />`
			`<meta name="DC.Title" content="Example: Add authentication to the TI-RPC service" />`
			`<meta name="abstract" content="These code snippets display how the authentication system works in RPC." />`
			`<meta name="description" content="These code snippets display how the authentication system works in RPC." />`
			`<meta name="DC.Relation" scheme="URI" content="rzahpservicecode.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzahpauthservice" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Example: Add authentication to the TI-RPC service</title>`
			`</head>`
			`<body id="rzahpauthservice"><a name="rzahpauthservice"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Example: Add authentication to the TI-RPC service</h1>`
			`<div><p>These code snippets display how the authentication system works`
			`in RPC. </p>`
			`<div class="section"><p>System is the only authentication method that is provided on i5/OS™.`
			`The following information is set up and passed from the client to the service`
			`with every clnt_call(). In the following code snippets, notice that rpc_call()`
			`is not sufficient when using authentication information , because it uses <samp class="codeph">authnone</samp> (an`
			`empty authentication token) as the default:</p>`
			`<ul><li><samp class="codeph">aup_time - authentication information timestamp</samp></li>`
			`<li><samp class="codeph">aup_machname - the hostname of the remote client</samp></li>`
			`<li><samp class="codeph">aup_uid - the UID of the remote user of the client</samp></li>`
			`<li><samp class="codeph">aup_gid - the primary GID of the remote user</samp></li>`
			`<li><samp class="codeph">aup_gids - an array of the secondary groups of the remote user</samp></li>`
			`</ul>`
			`<p>The authentication information comes directly into the service as`
			`part of the remote request. It is up to the server to parse this information`
			`and verify that the client is from a trusted machine and a trusted user. If`
			`the authentication type is incorrect, or too weak for the server to accept,`
			`it sends back an error, using svcerr_weakauth(), to indicate this to the client. </p>`
			`<div class="note"><span class="notetitle">Note:</span> By`
			`using the code example, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>`
			`<pre>#include <sys/types.h> /* needed for gid_t and uid_t */`
			`#include <stdlib.h> /* misc. system auth APIs */`
			`#include <errno.h>`

			`struct authsys_parms credentials; / authentication information */`
			`char remote_machine; / machine name (from the credentials) */`
			`uid_t remote_user; /* remote user's UID (from credentials) */`

			`/* make sure we got the correct flavor of authentication */`
			`if (request->rq_cred.oa_flavor != AUTH_UNIX) {`
			`/* if not, send back a weak authentication message and return */`
			`svcerr_weakauth(svc);`
			`return;`
			`}`

			`/* get our credentials */`
			`credentials = (struct authsys_parms *)(request->rq_clntcred);`

			`/* get the remote user's GID */`
			`remote_user = credentials->aup_uid;`

			`/* get the remote hostname of the client */`
			`remote_machine = credentials->aup_machname;`

			`/* check to see if this machine is "trusted" by us */`
			`if ((strcmpi("remote1", remote_machine) != 0) &&`
			`(strcmpi("remote2", remote_machine) != 0)) {`

			`/* not from a machine we trust */`
			`/* send back an authentication error the client */`
			`svcerr_weakauth(svc);`
			`return;`

			`} /* end of if (!trusted hostname) */`

			`else {`

			`/* now check the user id for one we trust */`
			`/* information can be gotten from DSPUSRPRF */`
			`if ((remote_user != 568) &&`
			`(remote_user != 550) &&`
			`(remote_user != 528)) {`

			`/* not a user id we trust */`
			`/* send back an authentication error the client */`
			`svcerr_weakauth(svc);`
			`return;`

			`} /* end of if (!trusted uid) */`

			`} /* end of else (trusted hostname) */`

			`/* we fall out of the loop if the hostname and uid are trusted */</pre>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahpservicecode.htm" title="Transport independent remote procedure call (TI-RPC) programming provides an effective method for developing distributed client-server based applications on i5/OS.">Examples: Develop service applications based on TI-RPC code</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`