NEWSESCMD (JANUS DEFINE parameter): Difference between revisions
mNo edit summary |
No edit summary |
||
(11 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
<span class="pageSubtitle" | <span class="pageSubtitle">NEWSESCMD 'xxx' — Commands to execute on new session initiation</span> | ||
<var>NEWSESCMD</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. | <var>NEWSESCMD</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. | ||
This parameter specifies the <var class="product">Model 204</var> commands to be executed when a new login session is initiated. For <var>[[JANUS DEFINE#type|SRVSOCK]]</var> ports every connection starts a new login session. For <var>[[JANUS DEFINE#type|WEBSERV]]</var> ports, a new login session is only started when the user requests a "login required" URL (based on JANUS WEB ALLOW rules) and the user is not continuing a login session via <var>[[SSLSES (JANUS DEFINE parameter)|SSLSES]]</var> or <var>[[SESCOOKIE (JANUS DEFINE parameter)|SESCOOKIE]]</var>. | This parameter specifies the <var class="product">Model 204</var> commands to be executed when a new login session is initiated. For <var>[[JANUS DEFINE#type|SRVSOCK]]</var> ports every connection starts a new login session. For <var>[[JANUS DEFINE#type|WEBSERV]]</var> ports, a new login session is only started when the user requests a "login required" URL (based on <var>[[JANUS WEB ALLOW]]</var> rules) and the user is not continuing a login session via <var>[[SSLSES (JANUS DEFINE parameter)|SSLSES]]</var> or <var>[[SESCOOKIE (JANUS DEFINE parameter)|SESCOOKIE]]</var>. | ||
Multiple commands must be separated by <code>AND</code>, and any command that contains blanks must be enclosed in quotes. <var>NEWSESCMD</var> may span more than one line (if a hyphen (-) continues the line), but the total length of commands plus one overhead byte per command cannot exceed 255 bytes. | Multiple commands must be separated by <code>AND</code>, and any command that contains blanks must be enclosed in quotes. <var>NEWSESCMD</var> may span more than one line (if a hyphen (-) continues the line), but the total length of commands plus one overhead byte per command cannot exceed 255 bytes. | ||
The <var>NEWSESCMD</var> commands are executed before any commands specified in the <var>[[CMD (JANUS DEFINE parameter)|CMD]]</var> clause or <var>[[JANUS WEB ON]]</var> rules for <var>WEBSERV</var> ports. User authentication is the primary function of <var>NEWSESCMD</var> commands. Any $ | The <var>NEWSESCMD</var> commands are executed before any commands specified in the <var>[[CMD (JANUS DEFINE parameter)|CMD]]</var> clause or <var>[[JANUS WEB ON]]</var> rules for <var>WEBSERV</var> ports. User authentication is the primary function of <var>NEWSESCMD</var> commands. Any [[Janus Web Server $functions|$Web_ function]] can be issued in <var>NEWSESCMD</var> commands on <var>WEBSERV</var> ports, and any [[Janus Sockets $functions|$Sock_ function]] can be issued in <var>NEWSESCMD</var> commands on <var>SRVSOCK</var> ports. In addition, a <var>NEWSESCMD</var> command can issue the <var>[[$Sir_Login]]</var> function as well as the <var>[[$Web_Password]]</var> function on <var>WEBSERV</var> threads. The <var>[[$Web_Hdr_Parm]]</var> and <var>[[$Web_Hdr_Parm_Lstr]]</var> functions can retrieve the Authorization header parameters while running as part of a NEWSESCMD, but will otherwise return a null string. | ||
If <var>NEWSESCMD</var> specifies an INCLUDE command, the included procedure is assumed to come from the first file or group specified in a <var>[[NEWSESOPEN (JANUS DEFINE parameter)|NEWSESOPEN]]</var> clause. | If <var>NEWSESCMD</var> specifies an <var>INCLUDE</var> command, the included procedure is assumed to come from the first file or group specified in a <var>[[NEWSESOPEN (JANUS DEFINE parameter)|NEWSESOPEN]]</var> clause. | ||
Examples of some valid <var>NEWSESCMD</var> clauses: | Examples of some valid <var>NEWSESCMD</var> clauses: | ||
Line 23: | Line 23: | ||
Because of the role of <var>NEWSESCMD</var> in enforcing user access security, most resources used during <var>NEWSESCMD</var> processing are automatically cleaned up after the <var>NEWSESCMD</var> processing is completed. This includes all files being closed and all user tables being cleared (though not resized). The one exception to this is that GTBL can be left intact after <var>NEWSESCMD</var> processing, if the <var>[[NEWSESNOCLEARG (JANUS DEFINE parameter)|NEWSESNOCLEARG]]</var> parameter is specified on the port definition. | Because of the role of <var>NEWSESCMD</var> in enforcing user access security, most resources used during <var>NEWSESCMD</var> processing are automatically cleaned up after the <var>NEWSESCMD</var> processing is completed. This includes all files being closed and all user tables being cleared (though not resized). The one exception to this is that GTBL can be left intact after <var>NEWSESCMD</var> processing, if the <var>[[NEWSESNOCLEARG (JANUS DEFINE parameter)|NEWSESNOCLEARG]]</var> parameter is specified on the port definition. | ||
If a <var>NEWSESCMD</var> command logs a user in using <var>$Sir_Login</var>, the rest of the request runs under that userid. For web requests, it is possible that a <var>NEWSESCMD</var> will log a user on, but that user will not be authorized to run the request URL based on <var>[[JANUS WEB ALLOW]]</var> rules. In such a case, <var class="product">[[Janus Web Server]]</var> will either send a "404 Unauthorized" status to the browser (which will result in a login pop-up window being presented to the end-user), or it will run the UNAUTHORIZED exception handler, if one is present. | If a <var>NEWSESCMD</var> command logs a user in using <var>$Sir_Login</var>, the rest of the request runs under that userid. For web requests, it is possible that a <var>NEWSESCMD</var> will log a user on, but that user will not be authorized to run the request URL based on <var>[[JANUS WEB ALLOW]]</var> rules. In such a case, <var class="product">[[Janus Web Server]]</var> will either send a "404 Unauthorized" status to the browser (which will result in a login pop-up window being presented to the end-user), or it will run the <var>[[JANUS WEB exception rules#unauth|UNAUTHORIZED]]</var> exception handler, if one is present. | ||
If the <var>NEWSESCMD</var> does not perform a <var>$Sir_Login</var>, processing continues as it would without a <var>NEWSESCMD</var>. That is, on a <var>SRVSOCK</var> port, the request will run under the <var>[[SOCKUSER (JANUS DEFINE parameter)|SOCKUSER]]</var> userid, and on a <var>WEBSERV</var> port, <var class="product">Janus Web Server</var> will attempt to log the user in based on the userid and password passed in the HTTP authorization header, if one is present. | If the <var>NEWSESCMD</var> does not perform a <var>$Sir_Login</var>, processing continues as it would without a <var>NEWSESCMD</var>. That is, on a <var>SRVSOCK</var> port, the request will run under the <var>[[SOCKUSER (JANUS DEFINE parameter)|SOCKUSER]]</var> userid, and on a <var>WEBSERV</var> port, <var class="product">Janus Web Server</var> will attempt to log the user in based on the userid and password passed in the HTTP authorization header, if one is present. | ||
<var>NEWSESCMD</var> command processing can also close the connection with the client, either with a $ | <var>NEWSESCMD</var> command processing can also close the connection with the client, either with a <var>[[$Sock_Close]]</var> on a <var>SRVSOCK</var> port or with a <var>[[$Web_Done]]</var> on a <var>WEBSERV</var> port. In such a case, no further processing occurs on the thread after the <var>NEWSESCMD</var> commands complete. | ||
This parameter is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|WEBSERV]]</var>, and <var>[[JANUS DEFINE#type|TNSERV]]</var> port types. | This parameter is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|WEBSERV]]</var>, and <var>[[JANUS DEFINE#type|TNSERV]]</var> port types. | ||
Line 33: | Line 33: | ||
This parameter is '''not''' valid on an <var>[[JANUS DEFINE#type|FTPSERVER]]</var> port definition. | This parameter is '''not''' valid on an <var>[[JANUS DEFINE#type|FTPSERVER]]</var> port definition. | ||
For <var>[[JANUS DEFINE#type|TNSERV]]</var> ports, the <var>NEWSESCMD</var> is only run for the initial '''connection'''. If a user logs off and logs back on in the same connection, the <var>NEWSESCMD</var> will not be executed. Because of this, if a <var>NEWSESCMD</var> does a <var>$Sir_Login</var>, it might make sense for it to specify the | For <var>[[JANUS DEFINE#type|TNSERV]]</var> ports, the <var>NEWSESCMD</var> is only run for the initial '''connection'''. If a user logs off and logs back on in the same connection, the <var>NEWSESCMD</var> will not be executed. Because of this, if a <var>NEWSESCMD</var> does a <var>$Sir_Login</var>, it might make sense for it to specify the <var>TRUST</var> parameter on the <var>$Sir_Login</var> to allow subsequent logins in the same connection to be trusted logins. | ||
==See also== | ==See also== |
Latest revision as of 19:27, 11 September 2023
NEWSESCMD 'xxx' — Commands to execute on new session initiation
NEWSESCMD is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.
This parameter specifies the Model 204 commands to be executed when a new login session is initiated. For SRVSOCK ports every connection starts a new login session. For WEBSERV ports, a new login session is only started when the user requests a "login required" URL (based on JANUS WEB ALLOW rules) and the user is not continuing a login session via SSLSES or SESCOOKIE.
Multiple commands must be separated by AND
, and any command that contains blanks must be enclosed in quotes. NEWSESCMD may span more than one line (if a hyphen (-) continues the line), but the total length of commands plus one overhead byte per command cannot exceed 255 bytes.
The NEWSESCMD commands are executed before any commands specified in the CMD clause or JANUS WEB ON rules for WEBSERV ports. User authentication is the primary function of NEWSESCMD commands. Any $Web_ function can be issued in NEWSESCMD commands on WEBSERV ports, and any $Sock_ function can be issued in NEWSESCMD commands on SRVSOCK ports. In addition, a NEWSESCMD command can issue the $Sir_Login function as well as the $Web_Password function on WEBSERV threads. The $Web_Hdr_Parm and $Web_Hdr_Parm_Lstr functions can retrieve the Authorization header parameters while running as part of a NEWSESCMD, but will otherwise return a null string.
If NEWSESCMD specifies an INCLUDE command, the included procedure is assumed to come from the first file or group specified in a NEWSESOPEN clause.
Examples of some valid NEWSESCMD clauses:
JANUS DEFINE MYWEB 80 WEBSERV 10 NEWSESCMD WEBLOGIN JANUS DEFINE TELNETSRV 23 SRVSOCK 10 - NEWSESOPEN TELNETP - NEWSESCMD 'UTABLE LQTBL 3000' AND - 'INCLUDE TELNETLOGIN'
Because of the role of NEWSESCMD in enforcing user access security, most resources used during NEWSESCMD processing are automatically cleaned up after the NEWSESCMD processing is completed. This includes all files being closed and all user tables being cleared (though not resized). The one exception to this is that GTBL can be left intact after NEWSESCMD processing, if the NEWSESNOCLEARG parameter is specified on the port definition.
If a NEWSESCMD command logs a user in using $Sir_Login, the rest of the request runs under that userid. For web requests, it is possible that a NEWSESCMD will log a user on, but that user will not be authorized to run the request URL based on JANUS WEB ALLOW rules. In such a case, Janus Web Server will either send a "404 Unauthorized" status to the browser (which will result in a login pop-up window being presented to the end-user), or it will run the UNAUTHORIZED exception handler, if one is present.
If the NEWSESCMD does not perform a $Sir_Login, processing continues as it would without a NEWSESCMD. That is, on a SRVSOCK port, the request will run under the SOCKUSER userid, and on a WEBSERV port, Janus Web Server will attempt to log the user in based on the userid and password passed in the HTTP authorization header, if one is present.
NEWSESCMD command processing can also close the connection with the client, either with a $Sock_Close on a SRVSOCK port or with a $Web_Done on a WEBSERV port. In such a case, no further processing occurs on the thread after the NEWSESCMD commands complete.
This parameter is valid for SRVSOCK, WEBSERV, and TNSERV port types.
This parameter is not valid on an FTPSERVER port definition.
For TNSERV ports, the NEWSESCMD is only run for the initial connection. If a user logs off and logs back on in the same connection, the NEWSESCMD will not be executed. Because of this, if a NEWSESCMD does a $Sir_Login, it might make sense for it to specify the TRUST parameter on the $Sir_Login to allow subsequent logins in the same connection to be trusted logins.