352 lines
21 KiB
HTML
352 lines
21 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="reference" />
|
|
<meta name="DC.Title" content="Example: FTP server request validation exit program in ILE RPG code" />
|
|
<meta name="abstract" content="This example demonstrates a simple File Transfer Protocol (FTP) Request Validation Exit program used between the client and the server." />
|
|
<meta name="description" content="This example demonstrates a simple File Transfer Protocol (FTP) Request Validation Exit program used between the client and the server." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiqsvreqep.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaiqexampreqvalilerpg" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Example: FTP server request validation exit program in ILE RPG code</title>
|
|
</head>
|
|
<body id="rzaiqexampreqvalilerpg"><a name="rzaiqexampreqvalilerpg"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Example: FTP server request validation exit program in ILE RPG code</h1>
|
|
<div><p>This example demonstrates a simple File Transfer Protocol (FTP)
|
|
Request Validation Exit program used between the client and the server.</p>
|
|
<div class="section"><p>This is an example of a simple FTP Server Request Validation exit
|
|
program. It is written in ILE RPG programming language. This code is not complete,
|
|
but provides a starting point to help you create your own program.</p>
|
|
<div class="note"><span class="notetitle">Note:</span> By
|
|
using the code examples, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
|
|
<p>(Pre
|
|
formatted text in the following example will flow outside the frame.)</p>
|
|
<pre class="screen"> * Module Description ***********************************************
|
|
* *
|
|
* PROGRAM FUNCTION *
|
|
* *
|
|
* This program demonstrates some of the abilities an FTP Client *
|
|
* and Server Request Validation Exit Program can have. *
|
|
* *
|
|
* Note: This program is a sample only and has NOT undergone any *
|
|
* formal review or testing. *
|
|
* *
|
|
********************************************************************
|
|
F/SPACE 3
|
|
********************************************************************
|
|
* *
|
|
* INDICATOR USAGE *
|
|
* *
|
|
* IND. DESCRIPTION *
|
|
* *
|
|
* LR - CLOSE FILES ON EXIT *
|
|
* *
|
|
********************************************************************
|
|
F/EJECT
|
|
********************************************************************
|
|
* DATA STRUCTURES USED BY THIS PROGRAM *
|
|
********************************************************************
|
|
*
|
|
* Define constants
|
|
*
|
|
D Anonym C CONST('ANONYMOUS ')
|
|
D PublicLib C CONST('/QSYS.LIB/ITSOIC400.LIB')
|
|
D PublicDir C CONST('//ITSOIC.400')
|
|
*
|
|
* Some CL commands to used later on in the program
|
|
*
|
|
D ClearSavf C CONST('CLRSAVF ITSOIC400/TURVIS')
|
|
D SaveLib C CONST('SAVLIB LIB(ITSOIC400) -
|
|
D DEV(*SAVF) -
|
|
D SAVF(ITSOIC400/TURVIS)')
|
|
*
|
|
* A value to be used to trigger a benevolent 'Trojan Horse'
|
|
*
|
|
D Savetti C CONST('ITSOIC400.LIB/TURVIS.FILE') Extension is FILE
|
|
* although it is a
|
|
* SAVF (and entered as
|
|
* SAVF by the user)
|
|
*
|
|
* Some nice fields to help us through from lower to upper case character conversion
|
|
* 1
|
|
D LW C CONST('abcdefghijklmnopqrstuvwxyz')
|
|
D UP C CONST('ABCDEFGHIJKLMNOPQRSTUVWXYZ')
|
|
*
|
|
D NeverAllow C CONST(-1)
|
|
D DontAllow C CONST(0)
|
|
D Allow C CONST(1)
|
|
D AlwaysAllw C CONST(2)
|
|
C/EJECT
|
|
********************************************************************
|
|
* VARIABLE DEFINITIONS AND LISTS USED BY THIS PROGRAM
|
|
*********************************************************************
|
|
C/SPACE 2
|
|
*
|
|
* Define binary parameters
|
|
*
|
|
D DS
|
|
D APPIDds 1 4B 0
|
|
D OPIDds 5 8B 0
|
|
D IPLENds 9 12B 0
|
|
D OPLENds 13 16B 0
|
|
D ALLOWOPds 17 20B 0
|
|
*
|
|
C *LIKE DEFINE APPIDds APPIDIN
|
|
C *LIKE DEFINE OPIDds OPIDIN
|
|
C *LIKE DEFINE IPLENds IPLENIN
|
|
C *LIKE DEFINE OPLENds OPLENIN
|
|
C *LIKE DEFINE ALLOWOPds ALLOWOP
|
|
*
|
|
C *LIKE DEFINE OPINFOIN OPINFO
|
|
*
|
|
* Define parameter list
|
|
*
|
|
C *Entry PLIST
|
|
* Input parameters:
|
|
C PARM APPIDIN Application ID
|
|
* possible values: 0 = FTP Client Program
|
|
* 1 = FTP Server Program
|
|
C PARM OPIDIN Operation ID
|
|
* possible values: 0 = Initialize Session
|
|
* 1 = Create Dir/Lib
|
|
* 2 = Delete Dir/Lib
|
|
* 3 = Set Current Dir
|
|
* 4 = List Dir/Lib
|
|
* 5 = Delete Files
|
|
* 6 = Send Files
|
|
* 7 = Receive Files
|
|
* 8 = Rename Files
|
|
* 9 = Execute CL cmd
|
|
C PARM USRPRF 10 User Profile
|
|
C PARM IPADDRIN 15 Remote IP Address
|
|
C PARM IPLENIN Length of IP Address
|
|
C PARM OPINFOIN 999 Operation-spec. Info
|
|
C PARM OPLENIN Length of Oper. Spec
|
|
* Return parameter:
|
|
C PARM ALLOWOP Allow Operation (Out
|
|
* possible values: -1 = Never Allow
|
|
* (And don't bother
|
|
* me with this ops
|
|
* in this session)
|
|
* 0 = Reject Operation
|
|
* 1 = Allow Operation
|
|
* 2 = Always Allow Oper.
|
|
* (And don't bother
|
|
* me with this ops
|
|
* in this session)
|
|
C/EJECT
|
|
********************************************************************
|
|
* The Main Program *
|
|
********************************************************************
|
|
*
|
|
C SELECT
|
|
C APPIDIN WHENEQ 0
|
|
C EXSR ClientRqs
|
|
C APPIDIN WHENEQ 1
|
|
C EXSR ServerRqs
|
|
C ENDSL
|
|
*
|
|
C EVAL *INLR = *ON
|
|
C RETURN
|
|
C/EJECT
|
|
********************************************************************
|
|
* S U B R O U T I N E S *
|
|
********************************************************************
|
|
********************************************************************
|
|
* Here we handle all the FTP Client request validation *
|
|
********************************************************************
|
|
C ClientRqs BEGSR
|
|
*
|
|
* Check user profile
|
|
*
|
|
C SELECT
|
|
*
|
|
* Check for 'bad' users who are not allowed to do anything ever
|
|
*
|
|
C USRPRF WHENEQ 'JOEBAD '
|
|
*
|
|
C Z-ADD NeverAllow ALLOWOP Ops not allowed
|
|
*
|
|
* Check for 'normal' users who are not allowed to do some things
|
|
*
|
|
C USRPRF WHENEQ 'JOENORMAL '
|
|
*
|
|
C SELECT
|
|
*
|
|
C OPIDIN WHENEQ 0 New Connection
|
|
C Z-ADD Allow ALLOWOP
|
|
*
|
|
C OPIDIN WHENEQ 1 Create Directory/Lib
|
|
C OPIDIN OREQ 2 Delete Directory/Lib
|
|
C OPIDIN OREQ 5 Delete Files
|
|
C OPIDIN OREQ 7 Receive Files from S
|
|
C OPIDIN OREQ 8 Rename files
|
|
C OPIDIN OREQ 9 Execute CL Commands
|
|
*
|
|
C Z-ADD NeverAllow ALLOWOP Ops never allowed
|
|
*
|
|
C OPIDIN WHENEQ 3 Set Current Dir
|
|
C OPIDIN OREQ 4 List Directory/Lib
|
|
C OPIDIN OREQ 6 Send Files to Server
|
|
*
|
|
* Extract library and directory names for comparison with allowed areas
|
|
*
|
|
C OPLENIN IFGE 11
|
|
C 11 SUBST OPINFOIN:1 Directory 11
|
|
C ELSE
|
|
C OPLENIN SUBST(P) OPINFOIN:1 Directory
|
|
C ENDIF
|
|
C 1 LW:UP XLATE Directory Directory
|
|
*
|
|
C OPLENIN IFGE 23
|
|
C 23 SUBST OPINFOIN:1 Library 23
|
|
C ELSE
|
|
C OPLENIN SUBST(P) OPINFOIN:1 Library
|
|
C ENDIF
|
|
*
|
|
C Directory IFEQ PublicDir Allowed Directory
|
|
C Library OREQ PublicLib or Library
|
|
C Z-ADD Allow ALLOWOP
|
|
C ELSE
|
|
C Z-ADD DontAllow ALLOWOP
|
|
C ENDIF
|
|
*
|
|
C OTHER
|
|
C Z-ADD DontAllow ALLOWOP
|
|
C ENDSL
|
|
*
|
|
* Check for 'cool' users who are allowed to do everything
|
|
*
|
|
C USRPRF WHENEQ 'JOEGOOD '
|
|
C USRPRF OREQ 'A960101B '
|
|
C USRPRF OREQ 'A960101C '
|
|
C USRPRF OREQ 'A960101D '
|
|
C USRPRF OREQ 'A960101E '
|
|
C USRPRF OREQ 'A960101F '
|
|
C USRPRF OREQ 'A960101Z '
|
|
* Allow All FTP Operations
|
|
C Z-ADD AlwaysAllw ALLOWOP
|
|
*
|
|
2 * Any Other User: We leave the back door open and allow
|
|
* all operations. If you want to use this program for securing
|
|
* your system, then close this door!
|
|
*
|
|
C OTHER
|
|
C Z-ADD AlwaysAllw ALLOWOP
|
|
C*************** Z-ADD NeverAllow ALLOWOP
|
|
C ENDSL
|
|
*
|
|
C ENDSR
|
|
C/EJECT
|
|
********************************************************************
|
|
* Here we handle all the FTP Server request validation *
|
|
********************************************************************
|
|
C ServerRqs BEGSR
|
|
*
|
|
* Check for ANONYMOUS user
|
|
*
|
|
C USRPRF IFEQ Anonym
|
|
*
|
|
C SELECT
|
|
*
|
|
C OPIDIN WHENEQ 1 Create Directory/Lib
|
|
C OPIDIN OREQ 2 Delete Directory/Lib
|
|
C OPIDIN OREQ 5 Delete Files
|
|
C OPIDIN OREQ 7 Receive Files from C
|
|
C OPIDIN OREQ 8 Rename files
|
|
C OPIDIN OREQ 9 Execute CL Commands
|
|
*
|
|
C Z-ADD NeverAllow ALLOWOP Ops never allowed
|
|
*
|
|
C OPIDIN WHENEQ 3 Set Current Dir
|
|
C OPIDIN OREQ 4 List Directory/Lib
|
|
C OPIDIN OREQ 6 Send Files to Client
|
|
*
|
|
* Extract library and directory names for comparison with allowed areas
|
|
*
|
|
C OPLENIN IFGE 11
|
|
C 11 SUBST OPINFOIN:1 Directory 11
|
|
C ELSE
|
|
C OPLENIN SUBST(P) OPINFOIN:1 Directory
|
|
C ENDIF
|
|
C 1 LW:UP XLATE Directory Directory
|
|
*
|
|
C OPLENIN IFGE 23
|
|
C 23 SUBST OPINFOIN:1 Library 23
|
|
C ELSE
|
|
C OPLENIN SUBST(P) OPINFOIN:1 Library
|
|
C ENDIF
|
|
*
|
|
C Directory IFEQ PublicDir Allowed Directory
|
|
C Library OREQ PublicLib or Library
|
|
C Z-ADD Allow ALLOWOP
|
|
C ELSE
|
|
C Z-ADD DontAllow ALLOWOP
|
|
C ENDIF
|
|
*
|
|
C OTHER
|
|
C Z-ADD DontAllow ALLOWOP
|
|
C ENDSL
|
|
*
|
|
C ELSE
|
|
*
|
|
* Any Other User: Allow All FTP Operations
|
|
*
|
|
C OPIDIN IFEQ 6 Send Files to Client
|
|
*
|
|
* If client issued GET for save file HESSU in library HESSU then we refresh the contents
|
|
*
|
|
*
|
|
C LW:UP XLATE OPINFOIN OPINFO
|
|
C Z-ADD 0 i 3 0
|
|
C Savetti SCAN OPINFO:1 i
|
|
*
|
|
C i IFGT 0
|
|
*
|
|
* We assume that the save file exits and here clear the save file
|
|
*
|
|
C MOVEL(p) ClearSavf Cmd 80
|
|
C Z-ADD 19 Len 15 5
|
|
C CALL 'QCMDEXC' 9999
|
|
C PARM Cmd
|
|
C PARM Len
|
|
*
|
|
* and here we save the library to the save file
|
|
*
|
|
C MOVEL(p) SaveLib Cmd
|
|
C Z-ADD 46 Len
|
|
C CALL 'QCMDEXC' 9999
|
|
C PARM Cmd
|
|
C PARM Len
|
|
C ENDIF
|
|
C ENDIF
|
|
*
|
|
C Z-ADD Allow ALLOWOP
|
|
C ENDIF
|
|
*
|
|
C ENDSR </pre>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiqsvreqep.htm" title="The Request Validation exit points can be used to restrict operations which can be performed by FTP users. Request validation exit points are provided by both the FTP client and server; to restrict both FTP client and FTP server access, exit programs must be added to both exit points.">Request validation exit point: Client and server</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |