1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
<HTML><HEAD>
<TITLE>Tcl API Reference -- ns_requestauthorize </TITLE>
<LINK rel=Previous href="tapi-106.htm">
<LINK rel=ToC href="toc.htm">
<LINK rel=Index href="master.htm">
<LINK rel=Next href="tapi-108.htm">
</HEAD><BODY BGCOLOR="#ffffff"><A NAME="topofpage"></A>
<TABLE WIDTH=100%>
<TR>
<TD ALIGN=LEFT>
<A NAME="topofpage"></A> <IMG SRC="as-c-sm.gif">
</TD>
<TD ALIGN=RIGHT>
<A href="tapi-106.htm"><IMG BORDER="0" src=navbprev.gif alt="[ Previous ]"></A>
<A href=toc.htm> <IMG BORDER="0" src=navbhome.gif alt="[ Contents ]"></A>
<A href=master.htm> <IMG BORDER="0" src=navbhelp.gif alt="[ Index ]"></A>
<A href="tapi-108.htm"> <IMG BORDER="0" src=navbnext.gif alt="[ Next ]"></A>
<A name="7983"> </A>
</TD>
</TR>
</TABLE>
<a name="86251">
</a><h3>ns_requestauthorize </h3>
<a name="30924">
</a><h4>Overview</h4>
<p><a name="39148">
</a>Check permissions</p>
<a name="30927">
</a><h4>Syntax</h4>
<p><a name="30929">
</a><b>ns_requestauthorize</b> <i>method URL authuser authpassword </i>?<i>ipaddr</i>?</p>
<a name="30930">
</a><h4>Description</h4>
<p><a name="30934">
</a>This function does the same permission check that the AOLserver does before serving a URL. If the nsperm module is loaded, the algorithm is as follows. See <a href="acc-ch.htm#2692">Chapter 6</a> in the <i>AOLserver Administrator's Guide</i> for information on access control, including permissions.</p>
<ol>
<li>If the <i>authuser</i> is "nsadmin", the password is correct, and the IP address of the client is allowed nsadmin access, then access is authorized.
<a name="44085">
</a><p>
<li>Find the relevant permission record. If an exact match for the <i>method</i> and <i>URL</i> combination is not found, the end of the URL is pared down until a match is found. For example, if there is no match for `/products/cereals/raisin_bran.html,' then the server looks for a permission record for the URL `/products/cereals.' If that permission record is specified as "Exact URL match is NOT required", then that permission record is used.
<a name="30938">
</a><p>
</ol>
<p><a name="30939">
</a>By default, the server comes with a row that says GET on `/' is open to the world.</p>
<p><a name="30940">
</a>If no relevant permission record is found, access is denied (forbidden).</p>
<ol>
<li>If the <i>authuser</i> is in the "Allow Users" list, access is permitted. If the <i>authuser</i> is a member of a group in the "Allow Groups" list and not in the "Deny Users' list, access is permitted.
<a name="30941">
</a><p>
<li>If the host is in the "Hosts to allow" list, access is permitted. If the host is in the "Hosts to deny" list, access is denied.
<a name="30942">
</a><p>
<li>If the request does not come in with authorization data, access is denied.
<a name="30943">
</a><p>
<li>The user and password are verified. If there is no password specified in the database, any password is accepted.
<a name="30944">
</a><p>
<li>Otherwise, access is denied.
<a name="30945">
</a><p>
</ol>
<a name="30963">
</a><h4>Return Values</h4>
<p><a name="31046">
</a>The following values can be returned by <b>ns_requestauthorize</b>.<Table Border = "3">
<tr><td><p><a name="30948">
</a>OK</p>
<td><p><a name="30950">
</a>The user has permission to execute this URL and method.</p>
<tr><td><p><a name="30952">
</a><code>DENIED</code></p>
<td><p><a name="30954">
</a>The user does not have permission to execute this URL and method.</p>
<tr><td><p><a name="30956">
</a>FORBIDDEN</p>
<td><p><a name="30958">
</a>There is no possible user/password/IP Address combination that would give authorization.</p>
<tr><td><p><a name="30960">
</a>ERROR</p>
<td><p><a name="30962">
</a>There was an error.</p>
</Table></p>
<TABLE BORDER="2" CELLPADDING="1" width="100%">
<TR><TD COLSPAN=3><P ALIGN=Center>
<IMG SRC="bluebult.gif">
<A HREF="#topofpage">
<FONT SIZE=-1>Top of Page</FONT></A>
<IMG SRC="bluebult.gif">
</TD></TR>
<TR><TD COLSPAN=3><P ALIGN=Center>
<A href="tapi-106.htm">
<IMG BORDER="0" src=navbprev.gif alt="[ Previous ]"></A>
<A href=toc.htm>
<IMG BORDER="0" src=navbhome.gif alt="[ Contents ]"></A>
<A href=master.htm>
<IMG BORDER="0" src=navbhelp.gif alt="[ Index ]"></A>
<A href="tapi-108.htm">
<IMG BORDER="0" src=navbnext.gif alt="[ Next ]"></A>
<BR align=center>
<FONT size=-1>Copyright © 1998-99 America Online,
Inc.</FONT>
</TD></TR></TABLE></BODY></HTML>
|
