Example: Add authentication to the TI-RPC client

These code snippets display how the authentication system works in RPC.

System is the only authentication method that is provided on i5/OS™. The following information is set up and passed from the client to the service with every clnt_call(). In the following code snippets, notice that rpc_call() is not sufficient when using authentication information, because it uses authnone (an empty authentication token) as the default:

aup_time - authentication information timestamp
aup_machname - the hostname of the remote client
aup_uid - the UID of the remote user of the client
aup_gid - the primary GID of the remote user
aup_gids - an array of the secondary groups of the remote user

It is up to the client to set up the authentication information and make it part of the client handle. After that, all subsequent calls to clnt_call() will pass that authentication information along. It is up to the server to report on unauthorized clients. RPC only provides a simple method of communicating the information. The data that is sent by the client is authenticated, but not encrypted. The reply from the service is not encrypted either. Authentication provides a simple way of verifying the remote host name and the user identification. It cannot be considered a secure and private method of communication.

Note: By using the code example, you agree to the terms of the Code license and disclaimer information.

#include <sys/types.h> /* needed for gid_t and uid_t */
#include <stdlib.h>    /* misc. system auth APIs     */
#include <unistd.h>    /* misc. system auth APIs     */
#include <errno.h>

#ifndef NGROUPS_MAX
   #define NGROUPS_MAX 16
#endif

char hostname[256];         /* hostname for credentials */
int rslt;                   /* return value of gethostname() */
gid_t groups[NGROUPS_MAX];  /* array of groups set by getgroups() */
gid_t *aup_gids;            /* pointer to array of gid_t */
uid_t uid;                  /* uid, return value for geteuid() */
gid_t gid;                  /* gid, return value for getegid() */
int num_groups;             /* return value for getgroups(), number of groups set
*/

aup_gids = groups;          /* point to the array of groups */
uid = geteuid();            /* get the effective uid of the user */
gid = getegid();            /* get the effect primary gid of the user */

/* get a list of other groups the user is a member of */
/* (int)getgroups(maxgropus, array) */
num_groups = getgroups(NGROUPS_MAX, groups);

/* check return value of getgroups() for error */
if (num_groups == -1) {
    /* print error message and exit */
    fprintf(stderr, "getgroups() failed for %d\n", uid);
    fprintf(stderr, "errno: %d\n", errno);
    return 1;
}

/* (int)gethostname(buffer, buflen) */
rslt = gethostname(hostname, 256);

/* check return value of gethostname() for error */
if (rslt == -1) {
    /* print error message and exit */
    fprintf(stderr, "gethostname() failed\n");
    fprintf(stderr, "errno: %d\n", errno);
    return 1;
}

/* insert just before clnt_call() */
/* (AUTH *)authsys_create(hostname, uid, gid, num_groups, gid[]); */
clnt->cl_auth = authsys_create(hostname, uid, gid, num_groups, aup_gids);

if (clnt->cl_auth == NULL) {
    /* print error messages and exit */
    fprintf(stderr, "authsys_create() failed\n");
    fprintf(stderr, "errno: %d\n", errno);
    /* clean up */
    clnt_destroy(clnt);
    return 1;
}