Programming with Remote Procedure Calls (RPC)

Client authentication

The client create routines do not, by default, have any facilities for client authentication, but the client may sometimes want (or be required) to authenticate itself to the server. Doing so is trivial, and looks about like this:

NOTE: The following example illustrates one of the least secure authentication methods in common use. See ``Remote Procedure Call programming'' for information on the more secure DES authentication technique.

   CLIENT *cl;
   
   cl = client_create("somehost", SOMEPROG, SOMEVERS, "visible");
   if (cl != NULL) {
   	/* To set AUTH_SYS style authentication */
   	cl->cl_auth = authsys_createdefault();
   }

Servers that want to know more about an RPC call can check authentication information. For example, getting authentication information is important to servers that want to achieve some level of security. This extra information is actually supplied to the server as a second argument. (For details, see the structure of svc_req, in ``Authentication''.

This is an example of a remote procedure whose server checks client authentication information. This is a rewrite of printmessage_1 which is developed in ``Programming using the rpcgen command'' The rewritten procedure will only allow root users to print a message to the console:

   int *
   printmessage_1(msg, rq)
   	char **msg;
   	struct svc_req	*rq;
   {
   	static int result;	/* Must be static */
   	FILE *f;
   	struct authsys_parms *aup;
   
   	aup = (struct authsys_parms *)rq->rq_clntcred;
   	if (aup->aup_uid != 0) {
   		result = 0;
   		return (&result);
   	}
   

   	/*
   	 * Same code as before.
   	 */
   }