SECTCP home | Easy400 | IBM i home
Public-Source
 
Introduction
FTP settings
Quick start
Securing FTP
WRK user profiles
WRK directories
WRK IP addresses
Active Defense
Logging
VLDL vs USRPRF
User exit pgm
TELNET settings
Access-Reject Messages
HTTP logs
 
Download
 
 

 
previous page page 8b out of 16 next page
FTP settings (8/8)
8b. User exit program
FTP provides two exit points:
  1. FTP server request exit point- This exit point receives control at every FTP request.
    SECTCP/SERVERREQ is the program used for this exit point and is in charge for validating client requests, such as initial connection, set current directory, send or receive file, and so on.
  2. FTP server logon exit point.- This exit point receives control when the user enters the login credentials.
    SECTCP/TGTINIT10 is the program used for this exit point and is in charge for validating the login request.
Program SECTCP/SERVERREQ in turn provides a second level user exit point. This exit point receives control during the initial client connection, after that SERVERREQ has decided whether to accept the connection and before returning to the FTP server.
You may therefore write your own initial connection validation program which receives information from SERVERREQ and returns confirming or rejecting the SERVERREQ decision about accepting the remote connection request.

Your local FTP exit program

The following parameter group is made available - by SECTCP/SERVERREQ program - to your optional user exit program:

14 binary bytesSERVER decision about accepting the client connection: 0=No, 1=YES
2char 15Client IP address
3char 1IP address type: 'A'=Allowed, "P"=Privileged, "E"=Excluded, "U"=Unclassified
4char 100Client IP address description (if available)
   

Your user exit program, after checking the client IP address and/or the workstation type, decides
  • whether to change the SERVERREQ decision about accepting the client connection, by confirming or changing the value of parameter 1.

Program examples:

Enabling/disabling your local FTP exit program

Use SECTCP command WRKFTPEPGM to:
  • enable the local user exit program
  • disable the local user exit program
  • check if the local user exit program is enabled.

Testing your local FTP exit program

We strongly recommend that you use the EDBG (Enhanced Debug) command to debug your exit program. Command EDBG is available from the following Easy400.net utilities:
  • CGIDEV2
  • EPOLICE
  • MMAIL
Debug your program as follow:
  1. From an active interactive session run command
    SECTCP/WRKFTPEPGM ACTION(*ON) PGM(your_library/your_exit_pgm)
    to enable your exit program.
  2. ENDTCPSVR *FTP
  3. CHGFTPA NBRSVR(1)
  4. STRTCPSVR *FTP
  5. Run command
    WRKACTJOB SBS(QSYSWORK) JOB(QTFTP*)
    to display the FTP server job.
  6. Select with option 5 this job, in order to display its job number nnnn.
  7. From the command line run command:
    library:name/EDBG PGM(your_library/your_exit_pgm) JOBNBR(NNN)
  8. Add at least one breakpoint to the program source
  9. Start a client FTP session to your IBM i: process will stop at that break point and you can start your debugging.
When finished, remember to run command CHGFTPA NBRSVR(...) to reset the number of servicing jobs to their original value, then restart FTP.
previous page next page
    Contact