This example demonstrates a simple File Transfer Protocol (FTP) Request Validation Exit program used between the client and the server.
This is an example of a simple FTP Server Request Validation exit program. It is written in ILE RPG programming language. This code is not complete, but provides a starting point to help you create your own program.
(Pre formatted text in the following example will flow outside the frame.)
* Module Description ***********************************************
* *
* PROGRAM FUNCTION *
* *
* This program demonstrates some of the abilities an FTP Client *
* and Server Request Validation Exit Program can have. *
* *
* Note: This program is a sample only and has NOT undergone any *
* formal review or testing. *
* *
********************************************************************
F/SPACE 3
********************************************************************
* *
* INDICATOR USAGE *
* *
* IND. DESCRIPTION *
* *
* LR - CLOSE FILES ON EXIT *
* *
********************************************************************
F/EJECT
********************************************************************
* DATA STRUCTURES USED BY THIS PROGRAM *
********************************************************************
*
* Define constants
*
D Anonym C CONST('ANONYMOUS ')
D PublicLib C CONST('/QSYS.LIB/ITSOIC400.LIB')
D PublicDir C CONST('//ITSOIC.400')
*
* Some CL commands to used later on in the program
*
D ClearSavf C CONST('CLRSAVF ITSOIC400/TURVIS')
D SaveLib C CONST('SAVLIB LIB(ITSOIC400) -
D DEV(*SAVF) -
D SAVF(ITSOIC400/TURVIS)')
*
* A value to be used to trigger a benevolent 'Trojan Horse'
*
D Savetti C CONST('ITSOIC400.LIB/TURVIS.FILE') Extension is FILE
* although it is a
* SAVF (and entered as
* SAVF by the user)
*
* Some nice fields to help us through from lower to upper case character conversion
* 1
D LW C CONST('abcdefghijklmnopqrstuvwxyz')
D UP C CONST('ABCDEFGHIJKLMNOPQRSTUVWXYZ')
*
D NeverAllow C CONST(-1)
D DontAllow C CONST(0)
D Allow C CONST(1)
D AlwaysAllw C CONST(2)
C/EJECT
********************************************************************
* VARIABLE DEFINITIONS AND LISTS USED BY THIS PROGRAM
*********************************************************************
C/SPACE 2
*
* Define binary parameters
*
D DS
D APPIDds 1 4B 0
D OPIDds 5 8B 0
D IPLENds 9 12B 0
D OPLENds 13 16B 0
D ALLOWOPds 17 20B 0
*
C *LIKE DEFINE APPIDds APPIDIN
C *LIKE DEFINE OPIDds OPIDIN
C *LIKE DEFINE IPLENds IPLENIN
C *LIKE DEFINE OPLENds OPLENIN
C *LIKE DEFINE ALLOWOPds ALLOWOP
*
C *LIKE DEFINE OPINFOIN OPINFO
*
* Define parameter list
*
C *Entry PLIST
* Input parameters:
C PARM APPIDIN Application ID
* possible values: 0 = FTP Client Program
* 1 = FTP Server Program
C PARM OPIDIN Operation ID
* possible values: 0 = Initialize Session
* 1 = Create Dir/Lib
* 2 = Delete Dir/Lib
* 3 = Set Current Dir
* 4 = List Dir/Lib
* 5 = Delete Files
* 6 = Send Files
* 7 = Receive Files
* 8 = Rename Files
* 9 = Execute CL cmd
C PARM USRPRF 10 User Profile
C PARM IPADDRIN 15 Remote IP Address
C PARM IPLENIN Length of IP Address
C PARM OPINFOIN 999 Operation-spec. Info
C PARM OPLENIN Length of Oper. Spec
* Return parameter:
C PARM ALLOWOP Allow Operation (Out
* possible values: -1 = Never Allow
* (And don't bother
* me with this ops
* in this session)
* 0 = Reject Operation
* 1 = Allow Operation
* 2 = Always Allow Oper.
* (And don't bother
* me with this ops
* in this session)
C/EJECT
********************************************************************
* The Main Program *
********************************************************************
*
C SELECT
C APPIDIN WHENEQ 0
C EXSR ClientRqs
C APPIDIN WHENEQ 1
C EXSR ServerRqs
C ENDSL
*
C EVAL *INLR = *ON
C RETURN
C/EJECT
********************************************************************
* S U B R O U T I N E S *
********************************************************************
********************************************************************
* Here we handle all the FTP Client request validation *
********************************************************************
C ClientRqs BEGSR
*
* Check user profile
*
C SELECT
*
* Check for 'bad' users who are not allowed to do anything ever
*
C USRPRF WHENEQ 'JOEBAD '
*
C Z-ADD NeverAllow ALLOWOP Ops not allowed
*
* Check for 'normal' users who are not allowed to do some things
*
C USRPRF WHENEQ 'JOENORMAL '
*
C SELECT
*
C OPIDIN WHENEQ 0 New Connection
C Z-ADD Allow ALLOWOP
*
C OPIDIN WHENEQ 1 Create Directory/Lib
C OPIDIN OREQ 2 Delete Directory/Lib
C OPIDIN OREQ 5 Delete Files
C OPIDIN OREQ 7 Receive Files from S
C OPIDIN OREQ 8 Rename files
C OPIDIN OREQ 9 Execute CL Commands
*
C Z-ADD NeverAllow ALLOWOP Ops never allowed
*
C OPIDIN WHENEQ 3 Set Current Dir
C OPIDIN OREQ 4 List Directory/Lib
C OPIDIN OREQ 6 Send Files to Server
*
* Extract library and directory names for comparison with allowed areas
*
C OPLENIN IFGE 11
C 11 SUBST OPINFOIN:1 Directory 11
C ELSE
C OPLENIN SUBST(P) OPINFOIN:1 Directory
C ENDIF
C 1 LW:UP XLATE Directory Directory
*
C OPLENIN IFGE 23
C 23 SUBST OPINFOIN:1 Library 23
C ELSE
C OPLENIN SUBST(P) OPINFOIN:1 Library
C ENDIF
*
C Directory IFEQ PublicDir Allowed Directory
C Library OREQ PublicLib or Library
C Z-ADD Allow ALLOWOP
C ELSE
C Z-ADD DontAllow ALLOWOP
C ENDIF
*
C OTHER
C Z-ADD DontAllow ALLOWOP
C ENDSL
*
* Check for 'cool' users who are allowed to do everything
*
C USRPRF WHENEQ 'JOEGOOD '
C USRPRF OREQ 'A960101B '
C USRPRF OREQ 'A960101C '
C USRPRF OREQ 'A960101D '
C USRPRF OREQ 'A960101E '
C USRPRF OREQ 'A960101F '
C USRPRF OREQ 'A960101Z '
* Allow All FTP Operations
C Z-ADD AlwaysAllw ALLOWOP
*
2 * Any Other User: We leave the back door open and allow
* all operations. If you want to use this program for securing
* your system, then close this door!
*
C OTHER
C Z-ADD AlwaysAllw ALLOWOP
C*************** Z-ADD NeverAllow ALLOWOP
C ENDSL
*
C ENDSR
C/EJECT
********************************************************************
* Here we handle all the FTP Server request validation *
********************************************************************
C ServerRqs BEGSR
*
* Check for ANONYMOUS user
*
C USRPRF IFEQ Anonym
*
C SELECT
*
C OPIDIN WHENEQ 1 Create Directory/Lib
C OPIDIN OREQ 2 Delete Directory/Lib
C OPIDIN OREQ 5 Delete Files
C OPIDIN OREQ 7 Receive Files from C
C OPIDIN OREQ 8 Rename files
C OPIDIN OREQ 9 Execute CL Commands
*
C Z-ADD NeverAllow ALLOWOP Ops never allowed
*
C OPIDIN WHENEQ 3 Set Current Dir
C OPIDIN OREQ 4 List Directory/Lib
C OPIDIN OREQ 6 Send Files to Client
*
* Extract library and directory names for comparison with allowed areas
*
C OPLENIN IFGE 11
C 11 SUBST OPINFOIN:1 Directory 11
C ELSE
C OPLENIN SUBST(P) OPINFOIN:1 Directory
C ENDIF
C 1 LW:UP XLATE Directory Directory
*
C OPLENIN IFGE 23
C 23 SUBST OPINFOIN:1 Library 23
C ELSE
C OPLENIN SUBST(P) OPINFOIN:1 Library
C ENDIF
*
C Directory IFEQ PublicDir Allowed Directory
C Library OREQ PublicLib or Library
C Z-ADD Allow ALLOWOP
C ELSE
C Z-ADD DontAllow ALLOWOP
C ENDIF
*
C OTHER
C Z-ADD DontAllow ALLOWOP
C ENDSL
*
C ELSE
*
* Any Other User: Allow All FTP Operations
*
C OPIDIN IFEQ 6 Send Files to Client
*
* If client issued GET for save file HESSU in library HESSU then we refresh the contents
*
*
C LW:UP XLATE OPINFOIN OPINFO
C Z-ADD 0 i 3 0
C Savetti SCAN OPINFO:1 i
*
C i IFGT 0
*
* We assume that the save file exits and here clear the save file
*
C MOVEL(p) ClearSavf Cmd 80
C Z-ADD 19 Len 15 5
C CALL 'QCMDEXC' 9999
C PARM Cmd
C PARM Len
*
* and here we save the library to the save file
*
C MOVEL(p) SaveLib Cmd
C Z-ADD 46 Len
C CALL 'QCMDEXC' 9999
C PARM Cmd
C PARM Len
C ENDIF
C ENDIF
*
C Z-ADD Allow ALLOWOP
C ENDIF
*
C ENDSR