friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8826eae394
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiq_5.4.0.1/rzaiqexampreqvalcl.htm

168 lines
11 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: FTP client or server request validation exit program in CL code" />
<meta name="abstract" content="This is an example of a simple File Transfer Protocol (FTP) Request Validation exit program. It is written in iSeries Command Language (CL)." />
<meta name="description" content="This is an example of a simple File Transfer Protocol (FTP) Request Validation exit program. It is written in iSeries Command Language (CL)." />
<meta name="DC.Relation" scheme="URI" content="rzaiqsvreqep.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiqexampreqvalcl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: FTP client or server request validation exit program in CL
code</title>
</head>
<body id="rzaiqexampreqvalcl"><a name="rzaiqexampreqvalcl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: FTP client or server request validation exit program in CL
code</h1>
<div><p>This is an example of a simple File Transfer Protocol (FTP) Request
Validation exit program. It is written in iSeries™ Command Language (CL).</p>
<div class="section"><p>This code is not complete, but provides a starting point to help
you create your own program for the client or server exit point.</p>
<div class="note"><span class="notetitle">Note:</span> By
using the code examples, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
<p>(Pre
formatted text in the following example will flow outside the frame.)</p>
<pre class="screen">/******************************************************************************/
/* */
/* Sample FTP server request validation exit program for anonymous FTP. */
/* Note: This program is a sample only and has NOT undergone any formal */
/* review or testing. */
/* */
/* Additional notes: */
/* 1. When the application ID is 1 (FTP server) AND the operation ID is */
/* 0 (session initialization), the job is running under the QTCP */
/* user profile when the exit program is called. In ALL other cases, */
/* the job is running under the user's profile. */
/* 2. It is highly recommended that the exit program be created in a library */
/* with *PUBLIC authority set to *EXCLUDE, and the exit program itself */
/* be given a *PUBLIC authority of *EXCLUDE. The FTP server adopts */
/* authority necessary to call the exit program. */
/* 3. It is possible to use the same exit program for both the FTP client */
/* and server request validation exit points. However, this program */
/* does not take the client case into account. */
/* */
/******************************************************************************/
TSTREQCL: PGM PARM(&amp;APPIDIN &amp;OPIDIN &amp;USRPRF&amp;IPADDRIN +
&amp;IPLENIN &amp;OPINFOIN &amp;OPLENIN &amp;ALLOWOP)
/* Declare input parameters */
DCL VAR(&amp;APPIDIN) TYPE(*CHAR) LEN(4) /* Application ID */
DCL VAR(&amp;OPIDIN) TYPE(*CHAR) LEN(4) /* Operation ID */
DCL VAR(&amp;USRPRF) TYPE(*CHAR) LEN(10) /* User profile */
DCL VAR(&amp;IPADDRIN) TYPE(*CHAR) /* Remote IP address */
DCL VAR(&amp;IPLENIN) TYPE(*CHAR) LEN(4) /* Length of IP address */
DCL VAR(&amp;OPLENIN) TYPE(*CHAR) LEN(4) /* Length of operation-specific info. */
DCL VAR(&amp;OPINFOIN) TYPE(*CHAR) +
LEN(9999) /* Operation-specific information */
DCL VAR(&amp;ALLOWOP) TYPE(*CHAR) LEN(4) /* allow (output) */
/* Declare local copies of parameters (in format usable by CL) */
DCL VAR(&amp;APPID) TYPE(*DEC) LEN(1 0)
DCL VAR(&amp;OPID) TYPE(*DEC) LEN(1 0)
DCL VAR(&amp;IPLEN) TYPE(*DEC) LEN(5 0)
DCL VAR(&amp;IPADDR) TYPE(*CHAR)
DCL VAR(&amp;OPLEN) TYPE(*DEC) LEN(5 0)
DCL VAR(&amp;OPINFO) TYPE(*CHAR) LEN(9999)
DCL VAR(&amp;PATHNAME) TYPE(*CHAR) LEN(9999) /* Uppercased path name */
/* Declare values for allow(1) and noallow(0) */
DCL VAR(&amp;ALLOW) TYPE(*DEC) LEN(1 0) VALUE(1)
DCL VAR(&amp;NOALLOW) TYPE(*DEC) LEN(1 0) VALUE(0)
/* Declare request control block for QLGCNVCS (convert case) API:*/
/* convert to uppercase based on job CCSID */
DCL VAR(&amp;CASEREQ) TYPE(*CHAR) LEN(22) +
VALUE(X'00000001000000000000000000000000000+
000000000')
DCL VAR(&amp;ERROR) TYPE(*CHAR) LEN(4) +
VALUE(X'00000000')
/* Assign input parameters to local copies */
CHGVAR VAR(&amp;APPID) VALUE(%BINARY(&amp;APPIDIN))
CHGVAR VAR(&amp;OPID) VALUE(%BINARY(&amp;OPIDIN))
CHGVAR VAR(&amp;IPLEN) VALUE(%BINARY(&amp;IPLENIN))
CHGVAR VAR(&amp;IPADDR) VALUE(%SUBSTRING(&amp;IPADDRIN 1 &amp;IPLEN))
CHGVAR VAR(&amp;OPLEN) VALUE(%BINARY(&amp;OPLENIN))
/* Handle operation specific info field (which is variable length) */
IF COND(&amp;OPLEN = 0) THEN(CHGVAR VAR(&amp;OPINFO) +
VALUE(' '))
ELSE CMD(CHGVAR VAR(&amp;OPINFO) VALUE(%SST(&amp;OPINFOIN +
1 &amp;OPLEN)))
/* Operation id 0 (incoming connection): reject if connection is coming */
/* through interface 9.8.7.6, accept otherwise. (The address is just an */
/* example.) This capability could be used to only allow incoming connections */
/* from an internal network and reject them from the "real" Internet, if */
/* the connection to the Internet were through a separate IP interface. */
/* NOTE: For FTP server, operation 0 is ALWAYS under QTCP profile. */
IF COND(&amp;OPID = 0) THEN(DO)
IF COND(&amp;OPINFO = '9.8.7.6') THEN(CHGVAR +
VAR(%BINARY(&amp;ALLOWOP)) VALUE(&amp;NOALLOW))
ELSE CMD(CHGVAR VAR(%BINARY(&amp;ALLOWOP)) +
VALUE(&amp;ALLOW))
GOTO CMDLBL(END)
ENDDO
/* Check for ANONYMOUS user */
IF COND(&amp;USRPRF = 'ANONYMOUS ') THEN(DO)
/* Don't allow the following operations for ANONYMOUS user: */
/* 1 (Directory/library creation); 2 (Directory/library deletion); */
/* 5 (File deletion); 7 (Receive file); 8 (Rename file); 9 (Execute CL cmd) */
IF COND(&amp;OPID = 1 | &amp;OPID = 2 | +
&amp;OPID = 5 | &amp;OPID = 7 | &amp;OPID = 8 | +
&amp;OPID = 9) THEN(CHGVAR +
VAR(%BINARY(&amp;ALLOWOP)) VALUE(&amp;NOALLOW))
ELSE CMD(DO)
/* For operations 3 (change directory), 4 (list directory) and 6 (send file), */
/* only allow if in PUBLIC library OR "/public" directory. Note that all */
/* path names use the Integrated File System naming format. */
IF COND(&amp;OPID = 3 | &amp;OPID = 4 | &amp;OPID = 6) THEN(DO)
/* First, convert path name to uppercase (since names in "root" and library */
/* file systems are not case sensitive). */
CALL PGM(QLGCNVCS) PARM(&amp;CASEREQ &amp;OPINFO &amp;PATHNAME +
&amp;OPLENIN &amp;ERROR)
/* Note: must check for "/public" directory by itself and path names starting */
/* with "/public/". */
IF COND((%SUBSTRING(&amp;PATHNAME 1 20) *NE +
'/QSYS.LIB/PUBLIC.LIB') *AND +
(&amp;PATHNAME *NE '/PUBLIC') *AND +
(%SUBSTRING(&amp;PATHNAME 1 8) *NE '/PUBLIC/')) +
THEN(CHGVAR +
VAR(%BINARY(&amp;ALLOWOP)) VALUE(&amp;NOALLOW))
ELSE CMD(CHGVAR VAR(%BINARY(&amp;ALLOWOP)) +
VALUE(&amp;ALLOW))
ENDDO
ENDDO
ENDDO
/* Not ANONYMOUS user: allow everything */
ELSE CMD(CHGVAR VAR(%BINARY(&amp;ALLOWOP)) +
VALUE(&amp;ALLOW))
END: ENDPGM</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiqsvreqep.htm" title="The Request Validation exit points can be used to restrict operations which can be performed by FTP users. Request validation exit points are provided by both the FTP client and server; to restrict both FTP client and FTP server access, exit programs must be added to both exit points.">Request validation exit point: Client and server</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink