ns_requestauthorize
Overview
Check permissions
Syntax
ns_requestauthorize method URL authuser authpassword [ipaddr]
Description
This function does the same permission check that the AOLserver does before serving a URL. If the nsperm module is loaded, the algorithm is as follows. See Chapter 4 for information on access control, including permissions.
- If the authuser is "nsadmin", the password is correct, and the IP address of the client is allowed nsadmin access, then access is authorized.
- Find the relevant permission record. If an exact match for the method and URL combination is not found, the end of the URL is pared down until a match is found. For example, if there is no match for `/products/cereals/raisin_bran.html,' then the server looks for a permission record for the URL `/products/cereals.' If that permission record is specified as "Exact URL match is NOT required", then that permission record is used.
By default, the server comes with a row that says GET on `/' is open to the world.
If no relevant permission record is found, access is denied (forbidden).
- If the authuser is in the "Allow Users" list, access is permitted. If the authuser is a member of a group in the "Allow Groups" list and not in the "Deny Users' list, access is permitted.
- If the host is in the "Hosts to allow" list, access is permitted. If the host is in the "Hosts to deny" list, access is denied.
- If the request does not come in with authorization data, access is denied.
- The user and password are verified. If there is no password specified in the database, any password is accepted.
- Otherwise, access is denied.
Return Values
The following values can be returned by ns_requestauthorize.
OK
|
The user has permission to execute this URL and method.
|
DENIED
|
The user does not have permission to execute this URL and method.
|
FORBIDDEN
|
There is no possible user/password/IP Address combination that would give authorization.
|
ERROR
|
There was an error.
|