FTP server user exits

To limit access to an FTP server, you can use any of the user exits described in this topic. The FTP server provides increased security by using user exits.

A user exit is passed the address of a parameter list in register 1. The parameter list is a series of pointers to values. The first word of the parameter list always points to the return code. If the user exit sets the return code to 0, processing continues as normal. If the return code is not 0, authorization is denied and the user receives a negative reply indicating that the command has failed. Upon entry, the return code is 0, so a correct return can be indicated by leaving the return code alone. The return code field in the FTPOSTPR exit is included for consistency; it has no effect on processing.

The second word of the parameter list always points to a word containing the number of parameters that follow. This helps handle any future releases that might increase the number of parameters in these parameter lists.

The remainder of the parameter list points to values the FTP user exit uses in its processing.

Requirements:

The user exit load modules must be in a cataloged data set and placed in an APF-authorized library to which the FTP server has access by way of STEPLIB, linklist, or LPA.
The authorization state (JSCBAUTH) must be the same after exiting from the user exit as it was upon entry.
User exit routines must be reentrant.
User exit routines are invoked in TCB mode, problem program state, with AMODE(31). If the user exit routine changes a setting, the user exit routine must restore the setting before returning to the caller.
The FTPCHKIP user exit is loaded when the FTP daemon initializes. If you want the FTP daemon to use a new version of this exit routine, you must stop the FTP daemon and start it again.

Rule: All data areas that are passed to the exit, including the Language Environment® save area stack, above the 31 bit addressing line. If the exit routine uses any system services that require data areas below the 24 bit addressing line, the exit routine must obtain the necessary storage below the line and copy any data values there.

Guidelines:

If you are debugging a user exit routine, you should have a test version of a server to work with so that you can stop and start without affecting other users. You can do that by putting a PORT parameter in the EXEC statement of the FTP JCL, such as PARMS='PORT 1073'. To connect to this server, enter the following code:
```
 FTP remoteHost 1073 
```
You can use any number as a port number for your test FTP server. IBM® suggests that you choose a number that does not conflict with any well-known port numbers used on your host.
z/OS® FTP follows the MVS™ search order to load the FTP exit routines. If you are not using the user exit facility, put a dummy user exit load module in the first library in the MVS search order. This prevents other users from putting their own modules in a library later in the concatenation sequence. This also increases the need to have that library protected using SAF.

Restriction: You cannot use the System Programming C Facilities for the user exits.

See the detailed information about the following user exits: