FTP exits - syncsort_cobol_migration_manager - syncsort_clone_center - syncsort_space_recovery_system - syncsort_scc_monitor - syncsort_simulate_2000 - syncsort_allocation_control_center - Latest

Syncsort™ Storage Management Easy/Exit User Guide
Product type
Software
Portfolio
Integrate
Product family
Syncsort™ software
Product
Syncsort™ Storage Management > Syncsort™ Allocation Control Center
Version
Latest
ft:locale
en-US
Product name
Syncsort Storage Management
ft:title
Syncsort™ Storage Management Easy/Exit User Guide
Copyright
2025
First publish date
1991
ft:lastEdition
2025-12-05
ft:lastPublication
2025-12-05T05:07:50.930000

Enforce Rule-Based Policies for File Transfer

EASY/Exit can receive control and enforce standards and policies from standard exit points within the z/OS FTP Server. These exit points can be used to validate and enforce standards for file transfers, allow or deny FTP access or individual FTP commands, change command arguments, perform logging, and more. The rules and variables provide the means to control FTP use in great detail.

EASY/Exit receives control at each of the FTP Server exit points:

  • FTCHKCMD — The FTCHKCMD exit receives control when any FTP command is executed.

  • FTPOSTPR — The FTPOSTPR exit receives control upon completion of a file transfer (RETR, STOR, STOU, APPE, DELE, RNTO).

  • FTCHKIP — The FTCHKIP exit receives control during FTP login or OPEN commands.

  • FTCHKPWD — The FTCHKPWD exit receives control during userid and password authentication.

  • FTCHKJES — The FTCHKJES exit receives control when an FTP client submits a job.

By examining and setting the appropriate EASY/Exit variables at each of these exit points, EASY/Exit can enforce standards for FTP processing, issue warnings, alter FTP command parameters and options, write log or SMF records for later analysis, and control many aspects of server-side FTP operation.

When EASY/Exit receives control at any of these exit points, the environment name (the &ENV variable) is the name of the exit point (FTCHKCMD, FTPOSTPR, FTCHKIP, FTCHKPWD, or FTCHKJES). The subenvironment name (the &ENVS variable) is either blank or, for the FTCHKCMD environment, the name of the FTP command being executed.

Some FTP environments may be entered multiple times during an FTP session. For example, the FTCHKCMD environment is entered whenever an FTP command is executed (CWD, RETR, SITE, etc.). The exit is entered anew each time a command is issued. For FTPOSTPR, the exit is entered each time a file is transferred, deleted, or renamed. During a single FTP session, each of the EASY/Exit environments may receive control many times, and the rules may therefore be executed many times.

EASY/Exit communicates with the FTP server via interface modules (FTPs "stubs") that are defined as ordinary exits. These stubs (one per exit point such as FTCHKCMD, FTPOSTPR, FTCHKIP, FTCHKPWD, FTCHKJES) communicate with the DIF started task to run the EASY/Exit policy rules. This design keeps the main DIF and EASY/Exit modules independent of FTP and allows policy rules to be changed without requiring an IPL, relink, or restart of the FTP server.

Before using the FTP environments, the interface module (the "stub") for FTP must be linked into a load library accessible to the FTP server (usually a system linklist library). Once the stub modules are in the linklist library, they will be called whenever an FTP client communicates with the server. Only the modules for the desired environments need be placed in the linklist. If an exit is not to be called, place a dummy module that returns RC=0 in the linklist for security so calls use the dummy module rather than an exposed implementation.

The following sample JCL can be used to link the interface stubs. A copy of this JCL can be found in DTS.R61.SLyyddd.SAMPLIB(EXFTSRVI):


 //JOBCARD JOB ...
 //L       EXEC PGM=IEWL,PARM='XREF,LIST,LET,RENT'
 //SYSPRINT DD SYSOUT=*
 //SYSLMOD  DD DISP=SHR,DSN=<apf.library>
 //SYSLIB   DD DISP=SHR,DSN=<dts.load.library>
 //SYSUT1   DD UNIT=SYSALLDA,SPACE=(CYL,(1,1))
 //SYSLIN   DD *
  INCLUDE SYSLIB(EXCHKCMD) SETCODE AC(1)
  NAME FTCHKCMD(R) INCLUDE SYSLIB(EXCHKPWD) SETCODE AC(1)
  NAME FTCHKPWD(R) INCLUDE SYSLIB(EXCHKJES) SETCODE AC(1)
  NAME FTCHKJES(R) INCLUDE SYSLIB(EXPOSTPR) SETCODE AC(1)
  NAME FTPOSTPR(R) INCLUDE SYSLIB(EXCHKIP) SETCODE AC(1)
  NAME FTCHKIP(R)
 /* (end SYSLIN)
Important: The sample JCL above uses placeholders for the APF and load libraries; replace <apf.library> and <dts.load.library> with the actual DSNs for your installation.

Program Control

The FTP exits must reside in an APF-authorized library (usually a linklist library) and must be program-controlled by RACF. To ensure program control, define the exit program names and load library to RACF. For example: 


 RDEF PROGRAM FTCHKCMD   ADDMEM('load.library.name') UACC(READ)
 RDEF PROGRAM FTPOSTPR   ADDMEM('load.library.name') UACC(READ)
 RDEF PROGRAM FTCHKIP    ADDMEM('load.library.name') UACC(READ)
 RDEF PROGRAM FTCHKPWD   ADDMEM('load.library.name') UACC(READ)
 RDEF PROGRAM FTCHKJES   ADDMEM('load.library.name') UACC(READ)
 SETROPTS WHEN(PROGRAM) REFRESH
CAUTION:
Ensure the load library specified is the APF-authorized linklist or a library with the correct install-time authorization. Incorrect RACF definitions can prevent the FTP server from calling the exits.

Each environment supported by the EASY/Exit FTP Server functions represents a different exit point in FTP processing. During processing, the environment name (&ENV) is the exit point name and the subenvironment name (&ENVS) is the FTP command name, if any. The environment name may therefore be any of the following:

  • FTCHKCMD — The command checking exit. Receives control for any FTP command (most commonly used). It can accept or reject a command, and can examine or modify command arguments. If rejected, a customized message can be returned to the client. Use FTCHKCMD to implement security, standardize processing, provide abbreviations/substitutions, etc.

  • FTPOSTPR — The post-transfer-processing exit. Gets control when a command causes a file to be transferred, renamed, or deleted. Use it to act on filename, CLOSE return code, FTP reply messages, write SMF/log messages, or take actions based on dataset names or types.

  • FTCHKIP — The login exit. Called when a connection is initiated or an OPEN command is issued. It can examine local/remote host addresses and ports and cancel the connection if desired. With EASY/Exit, changing rules does not require restarting the FTP server (a DIF REFRESH is sufficient).

  • FTCHKPWD — The password checking exit. Called after the userid and password have been sent but before authentication. Can validate password/userid or anonymous email address, issue messages, write records, or allow/reject the login.

  • FTCHKJES — The job submission exit. Called when the client submits a job with FILETYPE=JES. Each control statement is passed to the exit, which can allow or prevent submission based on job/EXEC content.

FTCHKCMD — The FTP Server Command Check Exit

FTCHKCMD is called whenever the server receives an FTP command (RETR, STOR, USER, SITE, etc.). Both the command and its arguments are available to the exit, as well as current directory, file type, session id, and client/server IP addresses and ports. All parameter list values are available as EASY/Exit variables. Although the command itself cannot be changed, command arguments can be modified and the command may be accepted or rejected. If rejected, a customized message can be returned to the client.

Modifying command arguments supports actions such as removing invalid arguments or replacing abbreviations with full parameters.

Environment

The following variables are available specifically in the FTCHKCMD environment. Many usual DIF variables (for example, &SYSID, &CURDATE, &CURTIME) are also available.

Table 13-1. Variables for the FTCHKCMD Server Exit

Name Values Description
EXIT_RC Zero or nonzero Return code from FTCHKCMD to the server. Default is zero. If set nonzero, the command is rejected.
FTPARG 1–256 bytes Arguments specified on the command.
FTPARGCHG Yes or No Indicates whether to scan FTPARG for FTPARGFIND and replace with FTPARGREP when set to YES.
FTPARGFIND 1–80 bytes String to scan for in FTPARG when replacing arguments.

Table 13-1. Variables for the FTCHKCMD Server Exit (continued)

Name Values Description
FTPARGREP 1–80 bytes

A string that replaces the value in FTPARGFIND when FTPARGCHG is YES. Strings may differ in length. Multiple replacements are possible by resetting FTPARGFIND/FTPARGREP and setting FTPARGCHG multiple times.
FTPCLIENTIP dotted-decimal Client IP address.
FTPCLIENTPORT 1–65535 Port used by the client.
FTPCMD 8-byte command Name of the command being issued (SITE, RETR, etc.).
FTPCWD 1–256 bytes First 256 bytes of the current working directory.
FTPDIRTP MVS or UNIX Directory type for the current directory.
FTPFTYPE SEQ, JES, SQL Type of file for the current file.
FTPNEWARG 1–256 bytes New arguments that will replace the old arguments; up to 256 bytes.
FTPREPLY 1–71 bytes Reply message if the command is rejected; '500-UX-' is prepended when returned to the client. If blank and EXIT_RC is nonzero, a default denial message is issued.
FTPSCRCH 1–256 bytes Scratchpad area to pass information between instances of FTCHKCMD or between FTP environments.
FTPSERVERIP dotted-decimal Server IP address.
FTPSERVERPORT 1–65535 Port used by the server (normally 23).
FTPSESID 1–14 bytes Unique session id assigned by the server for the FTP session; remains constant across multiple invocations of FTCHKCMD for that session.
FTPUSER 8-byte userid Userid currently logged in that is issuing the command.

Examples for the FTCHKCMD Environment

Example 1 — Scan / Replace to Abbreviate Arguments for the SITE Command

The following rule changes the SITE parameter 'ATTR=F80' to 'LRECL=80 BLKSIZE=800 RECFM=FB' and 'ATTR=F133' to 'LRECL=133 BLKSIZE=0 RECFM=FBA' for specified users. Other users receive a syntax error. A copy of this rule is in DTS.R61.SLyyddd.SAMPLIB(EXFTCHK1). 


 DEFENV FTCHKCMD MODE(ACTIVE)
 DEFRULE ABBREVIATE
 IF &FTPUSER = (USER1,USER2,TEST*) &FTPCMD = 'SITE' THEN DO
  SET &FTPARGFIND = 'ATTR=F80'
  SET &FTPARGREP  = 'LRECL=80 BLKSIZE=800 RECFM=FB'
  SET &FTPARGCHG  = YES
  SET &FTPARGFIND = 'ATTR=F133'
  SET &FTPARGREP  = 'LRECL=133 BLKSIZE=0 RECFM=FBA'
  SET &FTPARGCHG  = YES
 END /* DO */

Example 2 — prevent specified users from issuing SITE command (returns custom message and rejects command). A copy in DTS.R61.SLyyddd.SAMPLIB(EXFTCHK2). 


 DEFENV FTCHKCMD MODE(ACTIVE)
 DEFRULE NOSITECMD
 IF &FTPUSER = (USER1,USER2,TEST*) &FTPCMD = 'SITE' THEN
  SET &FTPREPLY = '&FTPUSER MAY NOT ISSUE SITE COMMAND'
  SET &EXIT_RC  = 8

FTPOSTPR — The FTP Server Post-File-Processing Exit

FTPOSTPR is called whenever the server completes an FTP file transfer or file processing command (RETR, STOR, STOU, APPE, DELE, RNTO). The CLOSE return code is in &FTPCLOSR and indicates success or failure. The exit can examine file name, file type, directory, FTP reply messages, client/server IPs, etc., and take actions such as issuing messages or writing log/SMF records. At entry, the transfer has already completed (successfully or unsuccessfully).

Environment

These variables are available specifically in the FTPOSTPR environment. Usual DIF variables (&JOBNAME, &SYSID, &CURDATE, &CURTIME, etc.) are also available.

Table 13-2. Variables for the FTPOSTPR Server Exit

Name Values Description
EXIT_RC Zero or nonzero Return code from FTPOSTPR to the server. Default zero. Changes to this variable are ignored in FTPOSTPR.
FTPARG 1–256 bytes First 256 bytes of command arguments passed by the user.
FTPBYXFR 1–4294967295 Number of additional bytes transferred (in addition to FTPGBXFR).
FTPCDISP CATLG or DELETE Current CONDDISP setting.
FTPCLIENTIP dotted-decimal Client IP address.
FTPCLIENTPORT 1–65535 Port used by the client.
FTPCLOSR 0–16

Close reason code. Possible values:

  1. 0 — Transfer completed normally
  2. 4 — Transfer completed with errors; examine &FTPRPYCODE, &FTPRMSG, &FTPRMSL
  3. 8 — Socket communications errors; ended without response to client
  4. 12 — Transfer aborted after data connection established
  5. 16 — Transfer aborted with SQL file errors after data connection established
FTPCMD 8-byte command Name of the command being issued (SITE, RETR, etc.).

Table 13-2. Variables for the FTPOSTPR Server Exit (continued)

Name Values Description
FTPCONFD INACTIVE, UNKNOWN, LOW, NOEOF, HIGH

Confidence level for successful completion of file processing (via CHKCONFIDENCE).

  • INACTIVE — Confidence checking not active.
  • UNKNOWN — For outbound transfers, some checks cannot be performed; set to UNKNOWN. If server shutdown error on outbound transfer occurred, set to LOW.
  • LOW — Client did not respond or another error occurred.
  • NOEOF — End-of-file marker missing for inbound file using STRUCTURE RECORD or MODE B/C.
  • HIGH — No errors detected (inbound only).
FTPCWD 1–256 bytes First 256 bytes of the current working directory.
FTPDSNAM 1–80 bytes 44-character dataset name or first 80 bytes of Unix filename.
FTPFTYPE SEQ, JES, SQL Type of file for the current file.
FTPGBXFR 1–4G Number of GB transferred during the current FTP command.
FTPRMSG 1–256 bytes Complete text of the most recent FTP reply related to file processing.
FTPRMSL 1–80 bytes Last line of the most recent FTP reply related to file processing.
FTPRPYCODE 3 bytes FTP reply code (message id) of the most recent FTP message related to file processing.
FTPSCRCH 1–256 bytes 256-byte scratchpad for passing info between invocations.
FTPSERVERIP dotted-decimal Server IP address.
FTPSERVERPORT 1–65535 Port used by the server (normally 23).
FTPSESID 1–14 bytes Unique session id assigned by the server for this FTP session.
FTPUSER 8-byte userid Userid currently logged in.

Examples for the FTPOSTPR Environment

Example 1 — Write Log/SMF Records for Unsuccessful File Transfers

If an MVS file transfer did not complete successfully (&FTPCLOSR nonzero), write a log record to the DIF log (include dataset name, error message, GB/bytes transferred). For files beginning with 'SYS', write a message to the system console including FTP server (&JOBNAME) and system id (&SYSID). Rule available in DTS.R61.SLyyddd.SAMPLIB(EXFTPOS1). 


 DEFENV FTPOSTPR MODE(ACTIVE)
 DEFRULE LOGFAILURES
 IF &ENV = FTPOSTPR &FTPDIRTP = MVS &FTPCLOSR GT 0 THEN DO
  ISSUE WRITEREC(LFAILREC)
  IF &FTPDSNAM = SYS* THEN ISSUE WRITEMSG(CONM1)
 END
 DEFREC LFAILREC
  INIT(BLANKS) DDNAME(DIFLOG) LENGTH(500) FIELD &FTPDSNAM
  FIELD &FTPCMD FIELD &FTPCLOSR FIELD &FTPGBXFR FIELD &FTPBYXFR FIELD &FTPRMSG
 DEFMSG CONM1 WTORC(2)
  'FILE &DSNAME(1,44) FAILED TRANSFER SERVER=&JOBNAME SYSTEM=&SYSID RC=&FTPCLOSR'

Example 2— log successful DELETE commands from certain users. Includes filename, date, and time. Copy in DTS.R61.SLyyddd.SAMPLIB(EXFTPOS2). 


 DEFENV FTPOSTPR MODE(ACTIVE)
 DEFRULE LOGDELS
 IF &FTPUSER = (USER1,USER2,TEST*) &FTPCMD = 'DELE' &FTPCLOSR = 0
  THEN ISSUE WRITEREC(DELLOG)
 DEFREC DELLOG
  INIT(BLANKS) DDNAME(DIFLOG2) LENGTH(500) FIELD &FTPDSNAM
  FIELD &FTPUSER
  FIELD &CURDATE FIELD &CURTIME

FTCHKIP — The FTP Server Login Exit

FTCHKIP is called during initial login or when the user issues an OPEN command. Called early in FTP processing, it can examine IP addresses and ports and accept or reject the connection. If FTCHKIP rejects the login by setting &EXIT_RC nonzero, the message '421 User Exit rejects open for connection' is sent and the connection is broken.

For an ordinary assembler-language FTCHKIP exit, the server must be stopped and restarted to reload the exit after changes. With EASY/Exit, a DIF REFRESH of the rules is sufficient — no server restart is required.

Environment

Variables available specifically in FTCHKIP are listed below. Usual DIF variables (&JOBNAME, &SYSID, &CURDATE, &CURTIME, etc.) are also available.

Table 13-3. Variables for the FTCHKIP Server Exit

Name Values Description
EXIT_RC Zero or nonzero Return code to server; nonzero severs connection and sends '421 User Exit rejects open for connection'.
FTPCLIENTIP dotted-decimal Client IP address.
FTPCLIENTPORT 1–65535 Port used by the client.
FTPSERVERIP dotted-decimal Server IP address.
FTPSERVERPORT 1–65535 Port used by the server (normally 23).
FTPSESID 1–14 bytes Unique session id for this FTP session.

Examples for the FTCHKIP Environment

Example — reject logins from IP addresses not in local network (192.168.*.*), and write client IP/port plus date/time to a DIF log. Copy in DTS.R61.SLyyddd.SAMPLIB(EXCHKIP1). 


 DEFENV FTCHKIP MODE(ACTIVE)
 DEFRULE ONLYLOCAL
 IF &ENV = FTCHKIP &FTPCLIENTIP NE 192.168.*
 THEN
  SET &EXIT_RC = 8
  ISSUE WRITEREC(ERRREC)
 DEFREC ERRREC
  INIT(BLANKS) DDNAME(DIFLOG) LENGTH(500) FIELD &FTPCLIENTIP
  FIELD &FTPCLIENTPORT FIELD &FTPSERVERIP FIELD &FTPSERVERPORT FIELD &JOBNAME
  FIELD &CURTIME FIELD &CURDATE

FTCHKPWD — The FTP Server Password Exit

FTCHKPWD is called after the server has received the userid and password but before authentication. The exit may examine userid, password, client IP/port, user data (if any), make RACF calls, or perform other validation. The number of failed attempts and anonymous email (when applicable) are available. If FTCHKPWD returns a nonzero code, the login attempt is rejected.

For anonymous logins (userid = ANONYMO), when ANONYMOUSLEVEL 3 is specified, the server prompts for an email address and FTCHKPWD is called twice (after USER and after PASS).

Environment

Variables available specifically in FTCHKPWD are listed below. Usual DIF variables are also available.

Table 13-4. Variables for the FTCHKPWD Server Exit

Name Values Description
EXIT_RC Zero or nonzero

Return code to server. Default zero. If nonzero, login is rejected and message 'Login attempt by <user> rejected by user exit' is sent to the client.
FTPBADPW Numeric Number of previous bad passwords entered for this session.
FTPCDISP CATLG or DELETE Current CONDDISP setting.
FTPCLIENTIP dotted-decimal Client IP address.
FTPCLIENTPORT 1–65535 Port used by client.
FTPPASS 8-byte password Password (first 8 bytes for passphrase). May be '*' for anonymous logins; email may be in FTPPHRASE when ANONYMOUSLEVEL 3.
FTPPHRASE 1–100 bytes Password/passphrase or anonymous email address (if ANONYMOUSLEVEL 3).
FTPSERVERIP dotted-decimal Server IP address.
FTPSERVERPORT 1–65535 Port used by the server (normally 23).
FTPSESID 1–14 bytes Unique session id for this FTP session.

Table 13-4. Variables for the FTCHKPWD Server Exit (continued)

Name Values Description
FTPUDAT 1–256 bytes User data associated with the logging-in user (anonymous logins).
FTPUSER 8-byte userid Userid attempting to log in.

Examples for the FTCHKPWD Environment

Example 1 — Issue Security Checks for FTP Logins

Allow login only if the userid has READ authority to the FTPIN resource in the USRCLAS class. If not authorized, fail the login. Copy in DTS.R61.SLyyddd.SAMPLIB(EXFTPW1). 


 DEFENV FTCHKPWD MODE(ACTIVE)
 DEFVAR SAFRC "USRCLAS FTPIN READ"
 EXTER(DIFRACF) NUMERIC
 DEFRULE TESTAUTH
 IF &ENV = FTCHKPWD &FTPDIRTP = MVS &FTPUSER = (STEVE,FRED,TOM*)
  THEN DO
   IF &SAFRC NE 0 THEN SET &EXIT_RC = YES
  END

Example 2 — limit all users to a maximum of 3 invalid passwords before failing login and writing a DIF log record (date/time, userid, password specified, bad password count). Copy in DTS.R61.SLyyddd.SAMPLIB(EXFTPW2). 


 DEFENV FTCHKPWD MODE(ACTIVE)
 DEFRULE LOGBADPWS
 IF &ENV = FTCHKPWD &FTPBADPW GT 3
  THEN
   SET &EXIT_RC = 8
   ISSUE WRITEREC(BADPWREC)
 DEFREC BADPWREC
  INIT(BLANKS) DDNAME(DIFLOG) LENGTH(500) FIELD &FTPUSER
  FIELD &FTPPASS FIELD &FTPBADPW FIELD &CURDATE FIELD &CURTIME

FTCHKJES — The FTP Server Job Submission Exit

FTCHKJES is called after the server is in FILETYPE=JES mode and the client submits a job. Called before submission to the internal reader, it can examine each JCL statement and allow or prevent submission. The exit cannot modify JCL being submitted (other environments such as JES or SMF can). If FTCHKJES returns nonzero, the job is not submitted and the client receives '550 User Exit refuses this job to be submitted by <userid>'.

FTCHKJES may scan control statements for strings (JOB, USER=, PGM=) and allow or reject based on criteria, IP address, or userid.
Note: FTCHKJES is called once per JCL statement passed to the server as part of a job submission.

Environment

Variables available specifically in FTCHKJES are listed below. Usual DIF variables are also available.

Table 13-5. Variables for the FTCHKJES Server Exit

Name Values Description
EXIT_RC Zero or nonzero If nonzero, job submission is rejected; client receives denial message.
FTPBYTES Numeric Number of bytes of JCL transferred so far.
FTPCARD Character The JCL control statement (one card).
FTPCCORR Numeric Unique client id.
FTPCLIENTIP dotted-decimal Client IP address.
FTPCLIENTPORT 1–65535 Port used by client.
FTPJBUFL Numeric Length of the JCL buffer (normally 80).
FTPJLREC Numeric JES LRECL (normally 80).
FTPJPAD 1–256 bytes 256-byte scratchpad to pass values to next invocation of FTCHKJES.
FTPJREC# Numeric Logical record number of the JCL record.
FTPJRECF F or V JES record format (fixed or variable).
FTPSCRCH 1–256 bytes 256-byte scratchpad for passing info between FTP environments.
FTPSERVERIP dotted-decimal Server IP address.

Table 13-5. Variables for the FTCHKJES Server Exit (continued)

Name Values Description
FTPSERVERPORT 1–65535 Port used by server (normally 23).
FTPSESID 1–14 bytes Unique session id for this FTP session.
FTPUSER 8-byte userid Userid currently logged in.

Examples for the FTCHKJES Environment

Example 1 — Prevent Job Submission for Specified Users/Systems

Disallow certain userids from submitting jobs to JES. On system 'SYSD', only specific users may submit. Rule copy in DTS.R61.SLyyddd.SAMPLIB(EXFTJES1). 


 DEFENV FTCHKJES MODE(ACTIVE)
 DEFRULE CHKJOBS
 IF &ENV = FTCHKJES &FTPUSER = (USER1,USER2,TEST*) THEN
  SET &EXIT_RC = 8
 IF &ENV = FTCHKJES &FTPUSER = (USER9,USER10,XYZ*) &SYSID = 'SYSD'
  THEN EXIT
 ELSE SET &EXIT_RC = 8

Example 2 — scan each control statement for fields JOB and MSG. If both found, allow job; if JOB found but not MSG, fail submission. Copy in DTS.R61.SLyyddd.SAMPLIB(EXFTJES2). 


 DEFENV FTCHKJES MODE(ACTIVE)
 DEFRULE CHKJCL
 IF &ENV = FTCHKJES THEN DO
  IF &FTPCARD(1,2) = '//' &FTPCARD CONTAINS 'JOB' THEN DO
   IF &FTPCARD CONTAINS 'MSG' THEN SET &EXIT_RC = 0
   ELSE SET &EXIT_RC = 8
  END
 END

Debugging Hints for the FTP Server Exits

Tracing DIF rule execution or displaying variable values at the time an environment gets control can help debugging. Two sample rule sets are shown: one displays variable values to the console (WTOR route codes) and the other enables DIF rule tracing by setting trace variables. Consider using a separate FTP server/port for testing. 


 DEFENV FTCHKCMD MODE(ACTIVE)
 DEFENV FTCHKJES MODE(ACTIVE) WTORC(2,11)

 *******************************************************
 * DISPLAY VARIOUS VARIABLES
 *******************************************************
 DEFRULE DSPYVARS
 IF &ENV = FTCHKCMD &FTPUSER = STEVE THEN
  ISSUE WRITEMSG(M1,M2,M3,M4,M5,M6,M7,M8,M9,MA)

 *******************************************************
 * TRACE SUBSEQUENT RULE EXECUTION
 *******************************************************
 DEFRULE TRACERUL CONTINUE(NEXTIF) /* CONT AFTER THIS RULE */
 IF &ENV = FTCHKJES &FTPUSER = FRED THEN
  SET &RULE_TRACEACT = YES /* TURN ON TRACE */
  SET &RULE_PALLACT  = YES /* TURN ON TRACE */

 * ... subsequent rules are traced ...
 *******************************************************
 * DISPLAY MESSAGES TO CONSOLE
 *******************************************************
 DEFMSG M1  '******* ENV=&ENV &ENVS &JOBNAME ' WTORC(2,11)
 DEFMSG M2  '** FTPNUMP=&FTPNUMP FTPUSER=&FTPUSER ' WTORC(2,11)
 DEFMSG M3  '** FTPCMD=&FTPCMD' WTORC(2,11)
 DEFMSG M4  '** FTPDIRTP=&FTPDIRTP' WTORC(2,11)
 DEFMSG M5  '** FTPFTYPE=&FTPFTYPE' WTORC(2,11)
 DEFMSG M6  '** FTPCWD=&FTPCWD' WTORC(2,11)
 DEFMSG M7  '** FTPARG=&FTPARG' WTORC(2,11)
 DEFMSG M8  '** FTPREPLY=&FTPREPLY' WTORC(2,11)
 DEFMSG M9  '** FTPSCRCH=&FTPSCRCH' WTORC(2,11)
 DEFMSG MA  '** FTPSESID=&FTPSESID' WTORC(2,11)

Enforce Rule-Based Policies for File Transfer (Client-Side)

With z/OS version 2.1 introducing standard client-side exits, EASY/Exit can now enforce standards and policies on the client side as well. The client exits can validate/enforce standards for file transfers, allow or deny FTP access or commands, change command arguments, perform logging, and more. One use case is preventing outbound transfer of certain datasets by z/OS FTP clients. The rules and variables provide detailed control. EASY/Exit receives control at each of the FTP Client exit points:

  • EZAFCCMD — Receives control when an FTP client executes a command.
  • EZAFCREP — Receives control when an FTP client receives a reply (single-line or multi-line) from a server; called once per line of a multi-line reply.

By examining and setting the appropriate variables at these exit points, EASY/Exit can enforce client-side standards, issue warnings, alter command parameters, write logs/SMF records, and even terminate the FTP client/connection. When EASY/Exit receives control at these points, &ENV is the exit point name (EZAFCCMD or EZAFCREP) and &ENVS is either blank (for EZAFCREP) or, for EZAFCCMD, the FTP command being executed.

Client exits are entered multiple times during a session; the connection id (FTPCONID) remains constant for the session.

EASY/Exit automatically loads necessary modules and invokes z/OS Dynamic Exits to allow rules to get control. Server-side exits require a stub module, but client-side exits (EZAFCCMD and EZAFCREP) do not require stubs. Simply include the DEFENV statements for each environment in the rules, for example: 


 DEFENV EZAFCCMD MODE(ACTIVE)
 DEFENV EZAFCREP MODE(ACTIVE)

When these statements are present, the z/OS Dynamic Exits facility will add the EASY/Exit routines for the client exits when EASY/Exit starts and remove them when it terminates.

Program Control (Client Exits)

Client exit modules must reside in an APF-authorized library and be program-controlled by RACF. Define program names and load library to RACF. For example: 


 RDEF PROGRAM EZAFCCMD ADDMEM('load.library.name') UACC(READ)
 RDEF PROGRAM EZAFCREP ADDMEM('load.library.name') UACC(READ)
 SETROPTS WHEN(PROGRAM) REFRESH

To use client exits successfully, add the FTP program name to the TSO Authorized Program Table (IKJTSOxx member of SYS1.PARMLIB concat). 'FTP' must be listed in AUTHCMD and AUTHPGM. If missing, the FTP client start will fail with an error like: 


 CSVDYNEX DEFINE failed for user exit EZAFCCMD / EZAFCREP RETURN CODE x'08' REASON CODE x'00000804'

The FTP Client Environments

For client exits, the environment name (&ENV) is the exit point and the subenvironment (&ENVS) is the FTP command, if any. For client exits the environment name may be:

EZAFCCMD — Command checking exit on the client. Receives control for any FTP command before it is sent to the server. It can accept, reject, examine, or modify the command arguments, or terminate the client before sending. If rejected or terminated, a customized message can explain the reason. Use it to implement client-side security, standardize processing, provide abbreviations/substitutions, and logging.

EZAFCREP — The Client Reply Exit

EZAFCREP is called when the client receives a reply over the control connection. For multi-line replies, it is called once per line. It can examine replies and take actions (write logs/SMF records, notify TSO users, terminate the connection). If terminating the connection, additional lines not yet passed to the client are flushed.

EZAFCCMD receives control whenever the client issues a command (before sending), with command, arguments, current directory, dataset/filename, file type, connection id, and client/server IPs/ports available as variables. Although the command cannot be changed, arguments can be modified or replaced, and the client or command can be rejected or terminated with customized messages.

Variables in the EZAFCCMD Environment

Environment

Variables available specifically in EZAFCCMD are listed below. Usual DIF variables (&SYSID, &CURDATE, &CURTIME, etc.) are also available.

Table 13-6. Variables for the EZAFCCMD Server Exit

Name Values Description
EXIT_RC 0,4,8,12

Return code from EZAFCCMD to the client:

  • 0 or 4 — command allowed (with any new/changed arguments)
  • 8 — command rejected
  • 12 — connection terminated and the FTP client ends
EXIT_RSN Numeric Reason code returned to the client if EXIT_RC is 8 or 12.
FTPAPPL 40 bytes Socket APPLDATA for the control connection.
FTPARG 1–256 bytes First 256 bytes of command arguments passed by the user.
FTPARGCHG Yes or No Indicates whether to scan/replace FTPARG using FTPARGFIND/FTPARGREP.
FTPARGFIND 1–80 bytes String to scan for in FTPARG when replacing arguments.

Table 13-6. Variables for the EZAFCCMD Server Exit (continued)

Name Values Description
FTPARGREP 1–80 bytes

String to replace the value in FTPARGFIND when FTPARGCHG is YES. Use 'BLANK' to remove an argument.
FTPCLIENTIP dotted-decimal Client IP address.
FTPCLIENTPORT 1–65535 Port used by the client.
FTPCMD 8-byte command Command being issued.
FTPCONID 8 bytes Unique connection id for the FTP session.
FTPCWD 1–256 bytes Current working directory (first 256 bytes).
FTPDIRTP MVS or UNIX Directory type for the current directory.
FTPDSN 1–256 bytes MVS dataset name or Unix filename for the file referenced by the command.
FTPFTYPE FILE or FIFO Type of the local Unix file.
FTPNEWARG 1–256 bytes New arguments to replace original arguments. Use either FTPNEWARG or the FTPARGFIND/FTPARGREP/FTPARGCHG mechanism, not both.
FTPREPLY 1–71 bytes Reply message if the command is rejected; '500-UX-' is prepended. If blank and EXIT_RC nonzero, a default denial message is issued. If EXIT_RC = 12, this message is also issued.
FTPSERVERIP dotted-decimal Server IP address.
FTPSERVERPORT 1–65535 Port used by server (normally 23).
FTPUPCASE YES or NO Indicates whether to convert command arguments to upper case before issuing the command (default NO).
FTPUSER 8-byte userid Userid currently logged in issuing the command.

Examples for the EZAFCCMD Environment

Example 1 — prevent outbound transfer (PUT) of datasets beginning with 'PROD' or 'SYS*'; terminate FTP client with an error message. Rule in DTS.R61.SLyyddd.SAMPLIB(EZEXCMD1). 


 DEFENV EZAFCCMD MODE(ACTIVE)
 DEFRULE NOOUTBND
 IF &FTPCMD = 'PUT' &FTPDSN = (PROD.*, SYS*) THEN
  SET &EXIT_RC = 12      /* kill the client */
  SET &FTPREPLY = 'YOU MAY NOT TRANSFER PROD FILES!'

Example 2 — Scan / Replace to Remove Arguments in FTP Commands

Remove the 'ALL' parameter on the DUMP command to prevent excessive output, and change any PROTECT CLEAR to PROTECT SAFE. Copy in DTS.R61.SLyyddd.SAMPLIB(EZEXCMD2). 


 DEFENV EZAFCCMD MODE(ACTIVE)
 DEFRULE NODUMPALL
 IF &FTPCMD = 'DUMP' THEN
  SET &FTPARGFIND = 'ALL'
  SET &FTPARGREP  = 'BLANK'
  SET &FTPARGCHG  = YES
 IF &FTPCMD = 'PROT' THEN
  SET &FTPARGFIND = 'CLEAR'
  SET &FTPARGREP  = 'SAFE'
  SET &FTPARGCHG  = YES

Example 3 — log DELETE, RENAME, RMDIR commands (successful or not) issued by certain users; include filename, date, and time. Copy in DTS.R61.SLyyddd.SAMPLIB(EZEXCMD3). 


 DEFENV EZAFCCMD MODE(ACTIVE)
 DEFRULE LOGDELS
 IF &FTPUSER = (USER1,USER2,TEST*) &FTPCMD = (DELETE, RENAME, RMDIR) THEN
  ISSUE WRITEREC(DELLOG)
 DEFREC DELLOG
  INIT(BLANKS) DDNAME(DIFLOG2) LENGTH(500) FIELD &FTPCMD
  FIELD &FTPDSNAM FIELD &FTPUSER FIELD &CURDATE FIELD &CURTIME

EZAFCREP — The FTP Client Reply Exit

EZAFCREP is called whenever the client receives a single-line reply or a line of a multi-line reply from the server. It can examine replies and take actions (write messages, log records, terminate the client). Use EZAFCREP together with EZAFCCMD to act based on commands and replies.

Environment

Variables available specifically in EZAFCREP are listed below. Usual DIF variables are also available.

Table 13-7. Variables for the EZAFCREP Server Exit

Name Values Description
EXIT_RC 0,12

Return code to the client indicating whether to terminate:

  • 0 — do not terminate
  • 12 — terminate connection and FTP client ends
EXIT_RSN Numeric Reason code if EXIT_RC is 12.
FTPAPPL 40 bytes Socket APPLDATA for control connection.
FTPCLIENTIP dotted-decimal Client IP address.
FTPCLIENTPORT 1–65535 Port used by the client.
FTPCMD 8-byte command Command being issued.
FTPCONID 8 bytes Unique connection id for this FTP session.
FTPCWD 1–256 bytes Current working directory (first 256 bytes).
FTPDSN 1–256 bytes MVS dataset name or Unix filename for the file referenced by the command.
FTPFTYPE FILE or FIFO Type of the local Unix file.
FTPREPLY 1–71 bytes Reply message if the client is to be terminated (displayed as EZZ1556I).
FTPSERVERIP dotted-decimal Server IP address.
FTPSERVERPORT 1–65535 Port used by the server (normally 23).
Note: Each local client configuration option is also available as an EASY/Exit variable prefixed with FT_. These are read-only and may change between invocations as a result of client commands (for example, SITE).

Configuration Variables for the FTP Client Exits

Local FTP client configuration options are available as read-only variables in EASY/Exit. Values may change between invocations (e.g., after a SITE command). The table below lists names of local client configuration options; each EASY/Exit variable name should be prefixed with FT_.

Table 13-8. Configuration Variables for the FTP Client Exits

Variable Name (prefix with 'FT_') Configuration Option Sample Values
ASATRANS ASATRANS FALSE
AUTOMOUN AUTOMOUNT TRUE
AUTORECA AUTORECALL TRUE
AUTOTAPE AUTOTAPEMOUNT FALSE
BLKSIZE BLKSIZE 6233
BUFNO BUFNO 5
CCONNTIM CCONNTIME 30
CCTRANS CCTRANS UNDEFINED
CHKCONFI CHKCONFIDENCE FALSE
CHKPTFLU CHKPTFLUSH FALSE
CHKPTINT CHKPTINT 0
CHKPTPRE CHKPTPREFIX HOME
CIPHERSU CIPHERSUITE UNDEFINED
CLIENTER CLIENTERRCODES FALSE
CLIENTEX CLIENTEXIT FALSE
CONDDISP CONDDISP CATLG
CTRLCONN CTRLCONN UNDEFINED
DATACLAS DATACLASS UNDEFINED
DATACTTI DATACTTIME 120
DATAKEEP DATAKEEPALIVE 0
DB2 DB2 DB2
DB2PLAN DB2PLAN EZAFTPMQ
DBSUB DBSUB FALSE
DCBDSN DCBDSN UNDEFINED
DCONNTIM DCONNTIME 120
DEBUG DEBUG NONE
DIRECTOR DIRECTORY 27
DIRECTOR DIRECTORYMODE FALSE
DSNTYPE DSNTYPE SYSTEM
DSWAITTI DSWAITTIME 0
DUMP DUMP NONE

Table 13-8. Configuration Variables for the FTP Client Exits (continued)

Variable Name (prefix with 'FT_') Configuration Option Sample Values
EATTR EATTR SYSTEM
ENCODING ENCODING SBCS
EPSV4 EPSV4 FALSE
EXTDBSCH EXTDBSCHINESE TRUE
EXTENSIO EXTENSIONS UNDEFINED
FIFOIOTI FIFOIOTIME 20
FIFOOPEN FIFOOPENTIME 60
FILETYPE FILETYPE SEQ
FTPKEEPA FTPKEEPALIVE 0
FWFRIEND FWFRIENDLY FALSE
INACTTIM INACTTIME 120
ISPFSTAT ISPFSTATS FALSE
KEYRING KEYRING UNDEFINED
LISTSUBD LISTSUBDIR TRUE
LOGCLIEN LOGCLIENTERR FALSE
LRECL LRECL 256
MBDATACO MBDATACONN UNDEFINED
MBREQUIR MBREQUIRELASTEOL TRUE
MBSENDEO MBSENDEOL CRLF
MGMTCLAS MGMTCLASS UNDEFINED
MIGRATEV MIGRATEVOL MIGRAT
MYOPENTI MYOPENTIME 60
NETRCLEV NETRCLEVEL 1
PASSIVEI PASSIVEIGNOREADDR FALSE
PDSTYPE PDSTYPE UNDEFINED
PRIMARY PRIMARY 1
PROGRESS PROGRESS 10
QUOTESOV QUOTESOVERRIDE TRUE
RDW RDW FALSE
READVB READVB LE
RECFM RECFM VB
REMOVEIN REMOVEINBEOF FALSE
RESTGET RESTGET TRUE
RETPD RETPD -1
SBDATACO SBDATACONN (IBM-1047,IBM-850)
SBSENDEO SBSENDEOL CRLF
SBSUB SBSUB FALSE
SBSUBCHA SBSUBCHAR E2
SBTRANS SBTRANS UNDEFINED
SECONDAR SECONDARY 1
SECURE_C SECURE_CTRLCONN CLEAR
SECURE_D SECURE_DATACONN CLEAR
SECURE_F SECURE_FTP ALLOWED
SECURE_H SECURE_HOSTNAME OPTIONAL
SECUREIM SECUREIMPLICITZOS TRUE
SECURE_M SECURE_MECHANISM NEVER
SECURE_P SECURE_PBSZ 16384
SEQNUMSU SEQNUMSUPPORT FALSE
SOCKSCON SOCKSCONFIGFILE UNDEFINED
SPACETYP SPACETYPE TRACK
SPREAD SPREAD FALSE
SQLCOL SQLCOL NAMES
STORCLAS STORCLASS UNDEFINED
SUPPRESS SUPPRESSIGNOREWARNINGS FALSE
TLSMECHA TLSMECHANISM FTP
TLSPORT TLSPORT 990
TLSRFCLE TLSRFCLEVEL DRAFT
TLSTIMEO TLSTIMEOUT 100
TRACECAP TRACECAPI CONDITIONAL
TRAILING TRAILINGBLANKS FALSE
TRUNCATE TRUNCATE TRUE
UCOUNT UCOUNT 0
UCSHOSTC UCSHOSTCS IBM-1047
UCSSUB UCSSUB FALSE
UCSTRUNC UCSTRUNC FALSE
UMASK UMASK 27
UNICODEF UNICODEFILESYSTEMBOM ASIS
UNITNAME UNITNAME UNDEFINED
UNIXFILE UNIXFILETYPE FILE
VCOUNT VCOUNT 59
VOLUME VOLUME UNDEFINED
WRAPRECO WRAPRECORD FALSE
WRTAPEFA WRTAPEFASTIO FALSE
EXITCODE EXITCODE -1
FTPDATA FTPDATA 'TCPIP.FTP.DATA'
TCP TCP TCPIP
AUTOENCR AUTOENCRYPT FALSE
MODE MODE S
STRUCT STRUCT F
TYPE TYPE A