ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahp_5.4.0.1/rzahpauthclient.htm

119 lines
6.1 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: Add authentication to the TI-RPC client" />
<meta name="abstract" content="These code snippets display how the authentication system works in RPC." />
<meta name="description" content="These code snippets display how the authentication system works in RPC." />
<meta name="DC.Relation" scheme="URI" content="rzahpclientcode.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahpauthclient" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Add authentication to the TI-RPC client</title>
</head>
<body id="rzahpauthclient"><a name="rzahpauthclient"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Add authentication to the TI-RPC client</h1>
<div><p>These code snippets display how the authentication system works
in RPC.</p>
<div class="section"><p> System is the only authentication method that is provided on i5/OS™.
The following information is set up and passed from the client to the service
with every clnt_call(). In the following code snippets, notice that rpc_call()
is not sufficient when using authentication information, because it uses <samp class="codeph">authnone</samp> (an
empty authentication token) as the default:</p>
<ul><li><samp class="codeph">aup_time - authentication information timestamp</samp></li>
<li><samp class="codeph">aup_machname - the hostname of the remote client</samp></li>
<li><samp class="codeph">aup_uid - the UID of the remote user of the client</samp></li>
<li><samp class="codeph">aup_gid - the primary GID of the remote user</samp></li>
<li><samp class="codeph">aup_gids - an array of the secondary groups of the remote user</samp></li>
</ul>
<p>It is up to the client to set up the authentication information and
make it part of the client handle. After that, all subsequent calls to clnt_call()
will pass that authentication information along. It is up to the server to
report on unauthorized clients. RPC only provides a simple method of communicating
the information. The data that is sent by the client is authenticated, but
not encrypted. The reply from the service is not encrypted either. Authentication
provides a simple way of verifying the remote host name and the user identification.
It cannot be considered a secure and private method of communication.</p>
<div class="note"><span class="notetitle">Note:</span> By
using the code example, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
<pre>#include &lt;sys/types.h&gt; /* needed for gid_t and uid_t */
#include &lt;stdlib.h&gt; /* misc. system auth APIs */
#include &lt;unistd.h&gt; /* misc. system auth APIs */
#include &lt;errno.h&gt;
#ifndef NGROUPS_MAX
#define NGROUPS_MAX 16
#endif
char hostname[256]; /* hostname for credentials */
int rslt; /* return value of gethostname() */
gid_t groups[NGROUPS_MAX]; /* array of groups set by getgroups() */
gid_t *aup_gids; /* pointer to array of gid_t */
uid_t uid; /* uid, return value for geteuid() */
gid_t gid; /* gid, return value for getegid() */
int num_groups; /* return value for getgroups(), number of groups set
*/
aup_gids = groups; /* point to the array of groups */
uid = geteuid(); /* get the effective uid of the user */
gid = getegid(); /* get the effect primary gid of the user */
/* get a list of other groups the user is a member of */
/* (int)getgroups(maxgropus, array) */
num_groups = getgroups(NGROUPS_MAX, groups);
/* check return value of getgroups() for error */
if (num_groups == -1) {
/* print error message and exit */
fprintf(stderr, "getgroups() failed for %d\n", uid);
fprintf(stderr, "errno: %d\n", errno);
return 1;
}
/* (int)gethostname(buffer, buflen) */
rslt = gethostname(hostname, 256);
/* check return value of gethostname() for error */
if (rslt == -1) {
/* print error message and exit */
fprintf(stderr, "gethostname() failed\n");
fprintf(stderr, "errno: %d\n", errno);
return 1;
}
/* insert just before clnt_call() */
/* (AUTH *)authsys_create(hostname, uid, gid, num_groups, gid[]); */
clnt-&gt;cl_auth = authsys_create(hostname, uid, gid, num_groups, aup_gids);
if (clnt-&gt;cl_auth == NULL) {
/* print error messages and exit */
fprintf(stderr, "authsys_create() failed\n");
fprintf(stderr, "errno: %d\n", errno);
/* clean up */
clnt_destroy(clnt);
return 1;
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahpclientcode.htm" title="Transport independent remote procedure call (TI-RPC) programming provides an effective method for developing distributed client-server based applications on i5/OS.">Develop client applications based on TI-RPC code examples</a></div>
</div>
</div>
</body>
</html>