FTP provides two exit points:
- FTP server request exit point- This exit point receives control at every FTP request.
SECTCP/SERVERREQ is the program used for this exit point and is in charge for validating client requests,
such as initial connection, set current directory, send or receive file, and so on.
- FTP server logon exit point.- This exit point receives control when the user enters the login credentials.
SECTCP/TGTINIT10 is the program used for this exit point and is in charge for validating the login request.
Program SECTCP/SERVERREQ in turn provides a second level user exit point. This exit point receives control during the initial
client connection, after that SERVERREQ has decided whether to accept the connection and before returning to the FTP server.
You may therefore write your own initial connection validation program which receives information from SERVERREQ and returns
confirming or rejecting the SERVERREQ decision about accepting the remote connection request.
Your local FTP exit program
The following parameter group is made available - by SECTCP/SERVERREQ program - to your optional user exit program:
1 | 4 binary bytes | SERVER decision about accepting the client connection: 0=No, 1=YES |
2 | char 15 | Client IP address |
3 | char 1 | IP address type: 'A'=Allowed, "P"=Privileged, "E"=Excluded, "U"=Unclassified |
4 | char 100 | Client IP address description (if available) |
|
|
|
|
Your user exit program, after checking the client IP address and/or the workstation type, decides
- whether to change the SERVERREQ decision about accepting the client connection, by confirming or changing the value of parameter 1.
Program examples:
Enabling/disabling your local FTP exit program
Use SECTCP command WRKFTPEPGM to:
- enable the local user exit program
- disable the local user exit program
- check if the local user exit program is enabled.
Testing your local FTP exit program
We strongly recommend that you use the EDBG (Enhanced Debug) command to debug your exit program.
Command EDBG is available from the following Easy400.net utilities:
Debug your program as follow:
- From an active interactive session run command
SECTCP/WRKFTPEPGM ACTION(*ON) PGM(your_library/your_exit_pgm)
to enable your exit program.
- ENDTCPSVR *FTP
- CHGFTPA NBRSVR(1)
- STRTCPSVR *FTP
- Run command
WRKACTJOB SBS(QSYSWORK) JOB(QTFTP*)
to display the FTP server job.
- Select with option 5 this job, in order to display its job number nnnn.
- From the command line run command:
library:name/EDBG PGM(your_library/your_exit_pgm) JOBNBR(NNN)
- Add at least one breakpoint to the program source
- Start a client FTP session to your IBM i: process will stop at that break point and you can start your debugging.
When finished, remember to run command CHGFTPA NBRSVR(...) to reset the number of servicing jobs to their original value, then restart FTP.
|