ns_checkurl
Overview
Authorize a request
Syntax
ns_checkurl method url authuser authpasswd ?ipaddr?
Description
This function does the same permission check that the AOLserver does before serving a URL. If the nsperm module is loaded, the algorithm is as follows. See Chapter 6 in the AOLserver Administrator's Guide for information on access control, including permissions.
- If the authuser is "nsadmin", the password is correct, and the IP address of the client is allowed nsadmin access, then access is authorized.
- Find the relevant permission record. If an exact match for the method and URL combination is not found, the end of the URL is pared down until a match is found. For example, if there is no match for `/products/cereals/raisin_bran.html,' then the server looks for a permission record for the URL `/products/cereals.' If that permission record is specified as "Exact URL match is NOT required", then that permission record is used.
By default, the server comes with a row that says GET on `/' is open to the world.
If no relevant permission record is found, access is denied (forbidden).
- If the authuser is in the "Allow Users" list, access is permitted. If the authuser is a member of a group in the "Allow Groups" list and not in the "Deny Users' list, access is permitted.
- If the host is in the "Hosts to allow" list, access is permitted. If the host is in the "Hosts to deny" list, access is denied.
- If the request does not come in with authorization data, access is denied.
- The user and password are verified. If there is no password specified in the database, any password is accepted.
- Otherwise, access is denied.
Return Values
The following values can be returned by ns_checkurl.
OK
|
The user has permission to execute this URL and method.
|
DENIED
|
The user does not have permission to execute this URL and method.
|
FORBIDDEN
|
There is no possible user/password/IP Address combination that would give authorization.
|
ERROR
|
There was an error.
|
If the permissions module is not loaded, an error is returned.