119 lines
6.1 KiB
HTML
119 lines
6.1 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="reference" />
|
|
<meta name="DC.Title" content="Example: Add authentication to the TI-RPC client" />
|
|
<meta name="abstract" content="These code snippets display how the authentication system works in RPC." />
|
|
<meta name="description" content="These code snippets display how the authentication system works in RPC." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahpclientcode.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzahpauthclient" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Example: Add authentication to the TI-RPC client</title>
|
|
</head>
|
|
<body id="rzahpauthclient"><a name="rzahpauthclient"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Example: Add authentication to the TI-RPC client</h1>
|
|
<div><p>These code snippets display how the authentication system works
|
|
in RPC.</p>
|
|
<div class="section"><p> System is the only authentication method that is provided on i5/OS™.
|
|
The following information is set up and passed from the client to the service
|
|
with every clnt_call(). In the following code snippets, notice that rpc_call()
|
|
is not sufficient when using authentication information, because it uses <samp class="codeph">authnone</samp> (an
|
|
empty authentication token) as the default:</p>
|
|
<ul><li><samp class="codeph">aup_time - authentication information timestamp</samp></li>
|
|
<li><samp class="codeph">aup_machname - the hostname of the remote client</samp></li>
|
|
<li><samp class="codeph">aup_uid - the UID of the remote user of the client</samp></li>
|
|
<li><samp class="codeph">aup_gid - the primary GID of the remote user</samp></li>
|
|
<li><samp class="codeph">aup_gids - an array of the secondary groups of the remote user</samp></li>
|
|
</ul>
|
|
<p>It is up to the client to set up the authentication information and
|
|
make it part of the client handle. After that, all subsequent calls to clnt_call()
|
|
will pass that authentication information along. It is up to the server to
|
|
report on unauthorized clients. RPC only provides a simple method of communicating
|
|
the information. The data that is sent by the client is authenticated, but
|
|
not encrypted. The reply from the service is not encrypted either. Authentication
|
|
provides a simple way of verifying the remote host name and the user identification.
|
|
It cannot be considered a secure and private method of communication.</p>
|
|
<div class="note"><span class="notetitle">Note:</span> By
|
|
using the code example, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
|
|
<pre>#include <sys/types.h> /* needed for gid_t and uid_t */
|
|
#include <stdlib.h> /* misc. system auth APIs */
|
|
#include <unistd.h> /* misc. system auth APIs */
|
|
#include <errno.h>
|
|
|
|
#ifndef NGROUPS_MAX
|
|
#define NGROUPS_MAX 16
|
|
#endif
|
|
|
|
char hostname[256]; /* hostname for credentials */
|
|
int rslt; /* return value of gethostname() */
|
|
gid_t groups[NGROUPS_MAX]; /* array of groups set by getgroups() */
|
|
gid_t *aup_gids; /* pointer to array of gid_t */
|
|
uid_t uid; /* uid, return value for geteuid() */
|
|
gid_t gid; /* gid, return value for getegid() */
|
|
int num_groups; /* return value for getgroups(), number of groups set
|
|
*/
|
|
|
|
aup_gids = groups; /* point to the array of groups */
|
|
uid = geteuid(); /* get the effective uid of the user */
|
|
gid = getegid(); /* get the effect primary gid of the user */
|
|
|
|
/* get a list of other groups the user is a member of */
|
|
/* (int)getgroups(maxgropus, array) */
|
|
num_groups = getgroups(NGROUPS_MAX, groups);
|
|
|
|
/* check return value of getgroups() for error */
|
|
if (num_groups == -1) {
|
|
/* print error message and exit */
|
|
fprintf(stderr, "getgroups() failed for %d\n", uid);
|
|
fprintf(stderr, "errno: %d\n", errno);
|
|
return 1;
|
|
}
|
|
|
|
/* (int)gethostname(buffer, buflen) */
|
|
rslt = gethostname(hostname, 256);
|
|
|
|
/* check return value of gethostname() for error */
|
|
if (rslt == -1) {
|
|
/* print error message and exit */
|
|
fprintf(stderr, "gethostname() failed\n");
|
|
fprintf(stderr, "errno: %d\n", errno);
|
|
return 1;
|
|
}
|
|
|
|
/* insert just before clnt_call() */
|
|
/* (AUTH *)authsys_create(hostname, uid, gid, num_groups, gid[]); */
|
|
clnt->cl_auth = authsys_create(hostname, uid, gid, num_groups, aup_gids);
|
|
|
|
if (clnt->cl_auth == NULL) {
|
|
/* print error messages and exit */
|
|
fprintf(stderr, "authsys_create() failed\n");
|
|
fprintf(stderr, "errno: %d\n", errno);
|
|
/* clean up */
|
|
clnt_destroy(clnt);
|
|
return 1;
|
|
}</pre>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahpclientcode.htm" title="Transport independent remote procedure call (TI-RPC) programming provides an effective method for developing distributed client-server based applications on i5/OS.">Develop client applications based on TI-RPC code examples</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |