示例: 向 TI-RPC 服务添加认证

在线编辑

这些代码片段显示认证系统在 RPC 中的工作方式。

系统是 i5/OS 操作系统上提供的唯一认证方法。 使用每个 clnt_call () 设置以下信息并将其从客户机传递到服务。 在以下代码片段中,请注意 rpc_call () 在使用认证信息时不够,因为它使用 authnone (空认证令牌) 作为缺省值:

  • aup_time - authentication information timestamp
  • aup_machname - the hostname of the remote client
  • aup_uid - the UID of the remote user of the client
  • aup_gid - the primary GID of the remote user
  • aup_gids - an array of the secondary groups of the remote user

认证信息作为远程请求的一部分直接进入服务。 由服务器来解析此信息,并验证客户机是否来自可信机器和可信用户。 如果认证类型不正确,或者服务器要接受的认证类型太弱,那么它会使用svcerr_弱认证 () 将错误消息发回给客户机以指示此错误消息。

注: 通过使用代码示例,您同意 代码许可证和免责声明信息的条款。
#include <sys/types.h> /* needed for gid_t and uid_t */
#include <stdlib.h>    /* misc. system auth APIs     */
#include <errno.h>

struct authsys_parms *credentials;  /* authentication information */
char *remote_machine;               /* machine name (from the credentials) */
uid_t remote_user;                  /* remote user's UID (from credentials) */

/* make sure we got the correct flavor of authentication */
if (request->rq_cred.oa_flavor != AUTH_UNIX) {
   /* if not, send back a weak authentication message and return */
   svcerr_weakauth(svc);
   return;
}

/* get our credentials */
credentials = (struct authsys_parms *)(request->rq_clntcred);

/* get the remote user's GID */
remote_user = credentials->aup_uid;

/* get the remote hostname of the client */
remote_machine = credentials->aup_machname;

/* check to see if this machine is "trusted" by us */
if ((strcmpi("remote1", remote_machine) != 0) &&
    (strcmpi("remote2", remote_machine) != 0)) {

   /* not from a machine we trust */
   /* send back an authentication error the client */
   svcerr_weakauth(svc);
   return;

} /* end of if (!trusted hostname) */

else {

   /* now check the user id for one we trust */
   /* information can be gotten from DSPUSRPRF */
   if ((remote_user != 568) &&
       (remote_user != 550) &&
       (remote_user != 528)) {

      /* not a user id we trust */
      /* send back an authentication error the client */
      svcerr_weakauth(svc);
      return;

   } /* end of if (!trusted uid) */

} /* end of else (trusted hostname) */

/* we fall out of the loop if the hostname and uid are trusted */