sFTP exit CZCHKCMD

Discussion of the Co:Z Co-Processing Toolkit for z/OS
Post Reply
njd
Posts: 31
Joined: Fri Apr 24, 2015 5:57 am

sFTP exit CZCHKCMD

Post by njd » Fri Oct 14, 2016 3:24 am

We want to use exit CZCHKCMD to block all CD commands for COSZFTP's coming into our server. Can we just reject all CWD commands coming in, in the same way that you can with FTP exit FTCHKCMD.

Many thanks,

Nick

dovetail
Site Admin
Posts: 1848
Joined: Thu Jul 29, 2004 12:12 pm

Re: sFTP exit CZCHKCMD

Post by dovetail » Fri Oct 14, 2016 6:39 pm

The SFTP protocol doesn't map exactly to FTP. There is actually no CWD command in SFTP, but most SFTP clients with do a SFTP "stat" request for the new directory when you do a CD. Co:Z SFTP server will map a directory "stat" to a CWD when calling the FTP-compatible exit interface.

However -
- Some SFTP clients don't do a stat for a CD command. They might do an "opendir" request.

- If you want to prevent clients from accessing other directories, you also need to trap other requests with for these directories (just like you must with FTP).

If what you want to do is to keep clients from accessing files outside of their home directory, then we ship a optional exit that does this.
See "chkcmd_homedir" in https://dovetail.com/docs/cozinstall/changes.html.
This was added in the release 4.1.0

njd
Posts: 31
Joined: Fri Apr 24, 2015 5:57 am

Re: sFTP exit CZCHKCMD

Post by njd » Tue Oct 18, 2016 3:37 am

Would the chkcmd_homedir exit work with C:Z SFTP Version 2.4.1 (5.0p1)? If the exit would work is it possible to get hold of the sample code?

dovetail
Site Admin
Posts: 1848
Joined: Thu Jul 29, 2004 12:12 pm

Re: sFTP exit CZCHKCMD

Post by dovetail » Tue Oct 18, 2016 7:32 am

You can get the exit by downloading the 4.1.0 release.

The exit *might* work with 2.4.5, but we have not tested it.
(For Enterprise License and Support customers - we provide official support for this exit prior to the 4.1.0 release)

njd
Posts: 31
Joined: Fri Apr 24, 2015 5:57 am

Re: sFTP exit CZCHKCMD

Post by njd » Wed Oct 19, 2016 4:26 am

Many thanks for this. The exit appears to work fine with our release. Is the exit supplied in load module only format? Is the source code also shipped?

Post Reply