Transcription
Co:Z SFTP Enhancements to support IBM FTP-compatible exitsDovetailed Technologiesv 5.0.0 – January 2018The Co:Z SFTP server supports user exits which are compatible with the exits supported by the IBM z/OS FTP server. This document listsdiscrepancies or special considerations for the implementation of Co:Z SFTP server exits. Unless specified, the implementation willsupport the interface documented in the “IBM z/OS Communications Server – Configuration Reference” manual.General ConsiderationsThe exits use the same calling conventions and parameters as specified in the IBM documentation, but the names of the load modulesmust be altered so that the first two characters are “CZ”. This is to avoid customers unintentionally running FTP exits in LINKLST librariesfor the Co:Z SFTP server. Existing “FT*” exits may be relinked with “CZ*” aliases if they are to be used with both Communications ServerFTP and Co:Z SFTP server.Co:Z exits run in the user Co:Z sftp-server job (process) that is started by SSHD using the user's MVS userid and privileges. The CZ* exitload modules do not need to be in an APF authorized library.Changes:v1.10.1 – changes to CZPOSTPR exit (confidence level)v2.4.4 – the following changes apply to the CZCHKCMD exit interface:Documentation ONLY corrections to the CZCHKCMD command table: Missing JES SFTP commands added: jesjobname, jeslrecl, jesowner, jesrecfm, jesstatus SFTP command ls / [no]recall corrected tols / norecall passing SITE NOAUTORECALLls / nonorecall passing SITE AUTORECALL SFTP command ls / nolabel corrected to pass SITE SFTP-LABEL SFTP command ls / nospin corrected to pass SITE SFTP-SPIN SFTP command ls / nooverflow corrected to pass SITE SFTP-OVERFLOW SFTP command ls / nosysout corrected to pass SITE SFTP-SYSOUT SFTP command ls / storclass corrected tols / storclas xxxxxxxxls / nostorclasCode change in Co:Z SFTP v2.4.4 for the following: Corrected support for SFTP command ls / nogdgnt, passing SFTP-NOGDGNT as documented ratherthan SFTP-GDGNTV3.5.0 – the following changes apply to the CZCHKCMD exit interface: reget and df added to the CZCHKCMD tableV5.0.0 – the following change applies to the CZCHKCMD exit interface: dynamic transfer options can be set for a RETR, STOR, or APPE command. See the specification forthis interface in the CZCHKCMD section below.Enabling User ExitsUnless exit modules are present in a system LINKLST library, exits are enabled for a user's Co:Z sftp server by exporting the STEPLIBenvironment variable to point to the exit load module library. This may be set in:/etc/ssh/sftp-server.rc - for all users HOME/.ssh/sftp-server.rc – for a specific user.
Exit: CZCHKIPThe actual TCP/IP connection is setup and the user is authenticated by IBM Ported Tools SSHD, This exit will be called whenCo:Z sftp-server is started. If the exit rejects the session (RC ! 0), then the session will be terminated.Exit: CZCHKPWDNote: password field is blank, since SSHD handles passwords/login and it is not available to SFTP. This exit is called only afterSSH authenticates the session and Co:Z sftp-server is started. If connection is rejected by user exit, sftp-server writes logmessage and rejects the SFTP FXP INIT command with an error.Exit: CZCHKCMDNotes:1.2.3.4.5.6.7.8.server-path is always absolute for HFS, or full quoted 'HLQ.DSN' for MVS datasetsThe current directory is simulated by following “CWD” exit calls. The sftp-server does not modify the current directly; sftpclients always send full path names.Command names are always folded to upper caseCommand arguments may not be modified except where noted below.500 reply extension message is logged, but there is no mechanism for sending message back to client (other than retrieving/ error.log)SFTP settings (“ls / ”) are documented in the Co:Z SFTP User's GuideFTP SITE commands are used in the exit for Co:Z SFTP settings with the same meaning. “SITE SFTP-xxxx” is used otherwise.Customers that wish to use existing FTP exits must ensure that they either allow or validate “SITE SFTP-xxxx” commands.To set transfer options for a RETR, STOR, or APPE command, update the scratchpad (at offset 0) with the following:COZ OPT xxxxwhere xxxx is four bytes containing a pointer to a buffer in 31 bit storage which must be allocated by the exit. This buffercontains a comma separated list of options, terminated by a null character (x’00’). For example, mode text,trim. The exit isresponsible for freeing this buffer, possibly in the post command exit (CZPOSTPR). The COZ OPT parameter is ignored forcommands other than RETR, STOR and APPE. When the SFTP CHKCMD OPTION ERROR FAIL environment variable is set totrue, the transfer will fail when an error is detected parsing or validating the transfer options. Consider setting this variable inthe sitewide server configuration. For information on transfer options that can be set, see the SFTP User's ).
SFTP CommandFTP command passed to CHKCMD exitchmod mode server-pathSITE CHMOD mode server-path command args (mode and path) can bemodified by exitchgrp grp server-pathSITE SFTP-CHOWN server-path server-path may be modified by exitchown owner server-pathSITE SFTP-CHOWN server-path server-path may be modified by exitSFTP protocol command“SSH2 FXP SETSTAT” with optionSSH2 FILEXFER ATTR ACMODTIMESITE SFTP-ACMODTIME server-path server-path may be modified by exit used by some SFTP clients to set the serverfile's last-access and last-modified timesafter upload.cwd server-pathCWD server-path this is done by the server when it receives a“realpath” or “stat” packet for a directory.It does not actually change the CWD of theserver unix process, but subsequent calls tothe exit will use the directory as the“current directory”df server-pathLIST server-path command args (server-path) can bemodified by exitput client-path server-pathSTOR server-path command args (server-path) can bemodified by exitAPPE server-path command args (server-path) can bemodified by exit if target is dataset andDISP MODget server-path client-pathRETR server-path command args (server-path) can bemodified by exitls server-pathLIST server-path command args (server-path) can bemodified by exitln oldpath newpathLIST oldpath (followed by.STOR newpath the newpath argument can be modified by
exitls / [no]mountSITE [NO]AUTOMOUNTls / blksize nnnnnls / noblksizeSITE BLKSIZE nnnnnSITE BLKSIZEls / bufno nnnls / nobufnoSITE BUFNO nnnn/a (CS FTP doesn't allow “unsetting” bufno)ls / copies nnnls / nocopiesSITE SFTP-COPIES nnnSITE SFTP-COPIESls / conddisp catlg deletels / noconddispSITE CONDISP CATLG DELETESITE CONDISPls / dataclas xxxxxxxxls / nodataclasSITE DATACLASS xxxxxxxxSITE DATACLASSls / dest xxxxxxxls / nodestSITE SFTP-DEST xxxxxxxxSITE SFTP-DESTls / dir nnnls / nodirSITE DIRECTORY nnnSITE DIRECTORYls / disp old shr new modls / nodispSITE SFTP-DISP xxxSITE SFTP-DISPls / dsntype LIBRARY PDSls / nodsntypeSITE PDSTYPE PDSE PDSSITE PDSTYPEls / dsorg xxxls / nodsorgSITE SFTP-DSORG xxxSITE SFTP-DSORGls / forms xxxxxxxls / noformsSITE SFTP-FORMS xxxxxxxxSITE SFTP-FORMSls / gdgntls / nogdgntSITE SFTP-GDGNTSITE SFTP-NOGDGNTls / holdls / noholdSITE SFTP-HOLDSITE SFTP-NOHOLDls / jesjobname xxxls / nojesjobnameSITE JESJOBNAME xxxSITE JESJOBNAMEls / jeslrecl xxxSITE JESLRECL xxx
ls / jesowner xxxls / nojesownerSITE JESOWNER xxxSITE JESOWNERls / jesrecfm xxxSITE JESRECFM xxxls / jesstatus xxxls / nojesstatusSITE JESSTATUS xxxSITE JESSTATUSls / label xxxls / nolabelSITE SFTP-LABEL xxxSITE SFTP-LABELls / like dsnamels / nolikeSITE DCBDSN dsnameSITE DCBDSNls / lrecl nnnnnls / nolreclSITE LRECL nnnnnSITE LRECLls / maxvol nnnls / nomaxvolSITE VCOUNT nnnSITE VCOUNTls / mgmtclas xxxxxxxxls / nomgmtclasSITE MGMTCLASS xxxxxxxxSITE MGMTCLASSls / norecallls / nonorecallSITE NOAUTORECALLSITE AUTORECALLls / outdes xxxxxxxxls / nooutdesSITE SFTP-OUTDES xxxxxxxxSITE SFTP-OUTDESls / overflow xxxxls / nooverflowSITE SFTP-OVERFLOW xxxxxxSITE SFTP-OVERFLOWls / recfm xxxls / norecfmSITE RECFM xxxSITE RECFMls / retpd nnnnnls / noretpdSITE RETPD nnnnnSITE RETPDls / siteexit any commandSITE any commandls / sequence nnnls / nosequenceSITE SFTP-SEQUENCE nnnSITE SFTP-SEQUENCEls / space type.pri.secSITE BLOCKS/CYLINDERS/TRACKSSITE PRI nnnSITE SEC nnn
ls / nospaceSITE PRISITE SECls / spin unallocls / nospinSITE SFTP-SPIN UNALLOCSITE SFTP-SPINls / storclas xxxxxxxxls / nostorclasSITE STORCLASS xxxxxxxxSITE STORCLASSls / sysout xls / nosysoutSITE SFTP-SYSOUT xSITE SFTP-SYSOUTls / trtch xxxxxxls / notrtchSITE SFTP-TRTCH xxxxxxSITE SFTP-TRTCHls / ucount nnnls / noucountSITE UCOUNT nnnSITE UCOUNTls / unit xxxxxxls / nounitSITE UNIT xxxxxxSITE UNITls / vol xxxxxxls / novolSITE VOLUME xxxxxxSITE VOLUMEls / writer xxxxxxxxSITE SFTP-WRITER xxxxxxxxand SITE FILETYPE JES if writer INTRDRls / nowriterSITE SFTP-WRITERmkdir server-pathMKD server-path command args (server-path) can bemodified by exitreget server-path client-pathRETR server-path command args (server-path) can bemodified by exitrm server-pathDELE server-path command args (server-path) can bemodified by exitrmdir server-pathRMD server-path command args (server-path) can bemodified by exitrename oldpath newpathRNFR oldpath (followed by.RNTO newpath command arg newpath can be modified by
exitExit: CZCHKJESThis exit is not implemented in Co:Z SFTP, but sites may prevent submission of jobs by disallowing the “SITE FILETYPE JES” command inthe CZCHKCMD exit.Exit: CZPOSTPRThis exit provides 18 parameters; the 19th, added by IBM in V1.10 is not currently passed to the exit.Prior to V1.10.1, the “Confidence level” will always be set to X'04' (not active).Starting in V1.10.1, the “Confidence level will provide values compatible with IBM FTP:OperationRETRSTOR/APPE(other)Confidence Level2 if error, 3 otherwise2 if error, 0 otherwise4Exit: FTP Server SMF User exitThis exit is not implemented in Co:Z SFTP. Co:Z SFTP client and server write SMF 119 records if enabled in SMF.
The Co:Z SFTP server supports user exits which are compatible with the exits supported by the IBM z/OS FTP server. This document lists . Code change in Co:Z SFTP v2.4.4 for the following: Corrected support for SFTP command ls / nogdgnt, passing SFTP-NOGDGNT as documented rather
