SYNOPSIS
ns_requestauthorize option ?arg arg ...?
DESCRIPTION
ns_requestauthorize method URL authuser authpassword ?ipaddr?
Ask the server to check permissions using nsperm. This function does the same permission check that the AOLserver does before serving a URL. If the nsperm module is loaded, the algorithm is as follows.
- 1.
- If the authuser is "nsadmin", the password is correct, and the IP address of the client is allowed nsadmin access, then access is authorized.
- 2.
- Find the relevant permission record. If an exact match for the method and URL combination is not found, the end of the URL is pared down until a match is found. For example, if there is no match for `/products/cereals/raisin_bran.html,' then the server looks for a permission record for the URL `/products/cereals.' If that permission record is specified as "Exact URL match is NOT required", then that permission record is used.
- By default, the server comes with a row that says GET on `/' is open to the world. If no relevant permission record is found, access is denied (forbidden).
- 1.
- If the authuser is in the "Allow Users" list, access is permitted. If the authuser is a member of a group in the "Allow Groups" list and not in the "Deny Users" list, access is permitted.
- 2.
- If the host is in the "Hosts to allow" list, access is permitted. If the host is in the "Hosts to deny" list, access is denied.
- 3.
- If the request does not come in with authorization data, access is denied.
- 4.
- The user and password are verified. If there is no password specified in the database, any password is accepted.
- 5.
- Otherwise, access is denied.
Return Values:
The following values can be returned by ns_requestauthorize.- OK
- The user has permission to execute this URL and method.
- DENIED
- The user does not have permission to execute this URL and method.
- FORBIDDEN
- There is no possible user/password/IP Address combination that would give authorization.
- ERROR
-
There was an error.
KEYWORDS