To limit access to an FTP server, you can use any of the
user exits described in this topic. The FTP server provides increased
security by using user exits.
A user exit is passed the address of a parameter list
in register 1. The parameter list is a series of pointers to values.
The first word of the parameter list always points to the return code.
If the user exit sets the return code to 0, processing continues as
normal. If the return code is not 0, authorization is denied and the
user receives a negative reply indicating that the command has failed.
Upon entry, the return code is 0, so a correct return can be indicated
by leaving the return code alone. The return code field in the FTPOSTPR
exit is included for consistency; it has no effect on processing.
The second word of the parameter list always points to
a word containing the number of parameters that follow. This helps
handle any future releases that might increase the number of parameters
in these parameter lists.
The remainder of the parameter list points to values the
FTP user exit uses in its processing.
Requirements: - The user exit load modules must be in a cataloged data set and
placed in an APF-authorized library to which the FTP server
has access by way of STEPLIB, linklist, or LPA.
- The authorization state (JSCBAUTH) must be the same after exiting
from the user exit as it was upon entry.
- User exit routines
must be reentrant.
- User exit routines are invoked in TCB mode, problem
program state, with AMODE(31). If the user exit routine
changes a setting, the user exit routine must restore
the setting before returning to the caller.
- The FTPCHKIP user exit is loaded when the FTP daemon initializes.
If you want the FTP daemon to use a new version of this exit
routine, you must stop the FTP daemon and start it again.
Rule: All
data areas that are passed to the exit, including the Language Environment® save area
stack, above the 31 bit addressing line. If the exit routine uses
any system services that require data areas below the 24 bit addressing
line, the exit routine must obtain the necessary storage below the
line and copy any data values there.
Guidelines: - If you are debugging a user exit routine, you should have a test
version of a server to work with so that you can stop and start without
affecting other users. You can do that by putting a PORT parameter
in the EXEC statement of the FTP JCL, such as PARMS='PORT 1073'.
To connect to this server, enter the following code:
FTP remoteHost 1073
You
can use any number as a port number for your test FTP server. IBM® suggests that you choose a number
that does not conflict with any well-known port numbers used on your
host.
- z/OS® FTP
follows the MVS™ search order
to load the FTP exit routines. If you are not using the user exit
facility, put a dummy user exit load module in the first library in
the MVS search order. This prevents
other users from putting their own modules in a library later in the
concatenation sequence. This also increases the need to have that
library protected using SAF.
Restriction: You cannot use the System Programming
C Facilities for the user exits.
See the detailed information about the following user
exits: