F R E E W A R E F T P Server NLM for Novell Netware 3.11 Copyright 1992, by HellSoft Comments and bugs to "meloun@vision.felk.cvut.cs" New versions "/pub/nw311/ftpd:novell.felk.cvut.cs" Written at Czech Technical University, Prague, Czech Republic E U R O P E Introduction and Features This FTPD server allows Internet access to Novell network. It is written according to RFC959 specification. Features: - Up to 32 concurrent connections - Anonymous connection - Transactions logins - Access restrictions - Access to other Novell servers, including servers running versions lower than 3.11. - On-line info when logging and changing directories - MAC name space and MACBINARY transfer supported - LAN Workplace compatibility If you have more than one Novell server in your network, it is possible run FTP on only one of them. FTPD allows to login to another server by entering the Netware server name together with the user name ("server123/user"). System requirements FTPD NLM requires Novell Netware Server v3.11. Modules CLIB.NLM, TCPIP.NLM and RESOLV.NLM must be loaded. (RESOLV.NLM is avaliable at "novell.felk.cvut.cs" in directory "/pub/nw311/resolv"). RESOLV.NLM does the name translation, but if you have no name server you must run RESOLV.NLM anyway, with no parameters. Loading of the FTPD server: load [path]FTPD {use [file]} {connections [number]} use [file] Specifies configuration file name. Default: sys:system/ftpd.cfg load ftpd use sys:system/ftpd/config.ftp connections [number] Determines maximum number of concurrent connections. Default: 5 Maximum: 32 load ftpd connections 20 FTPD Command line: ftpd enable disable use {file}. ftpd enable Enables creating of new connections. ftpd disable Disables creating of new connections. This has no effect on connections already active. ftp use {file} Re-reads the configuration file. The command "Connections" (see below) is ignored, e.g. the number of connections cannot be changed after loading FTPD server. ftp show Display active clients. Configuration file All empty lines and characters right to the '#' are ignored. Command Connections [number] Determines maximum number of concurrent connections. This command is ignored during reconfiguration by command "ftp reconfig". The command line parameter takes precedence if it is given. Connections 20 Command BannerFile [filename] It determines the file to display before the user has logged in. This file must be on the server running FTPD.NLM and must be defined with full path name ("volume:directory/directory/file"). It is read with supervisor's rights. BannerFile sys:system/banner.ftp Command MaxAnonymous [number] Determines maximum allowed anonymous connections. This value should be in range 1 to "Connections". If you don't want anonymous access, don't create anonymous account. MaxAnonymous 15 Command Community [name] This command provides access control. Every new connection is assigned a community according to its host IP address. There are two predefined communities: "default" and "anonymous". The "default" community is assigned to a connection not matching any other community, the "anonymous" community is assigned to all connections of the "anonymous" users. The number of communities is limited to 20. Subcommands of the Community command Subcommand Address [ip address] Determines IP address of connections belonging to this community. This command must not be used with pre-defined "default" and "anonymous" communities and, on the other hand, must be used with all other communities. Up to 20 address per community allowed. Address 147.32.14.1 Address 147.32.* Address 147.*.14.* Address *.felk.cvut.cs Address *.felk.* Subcommand Allow [{server_name/}user_login_name] Subcommand Deny [{server_name/}user_login_name] Determines access restrictions for the community. Maximum number of Allow and Deny subcommands in one community is 20. User name entered at connect time is matched against listed templates in ascending order. When the match is found the access is allowed or denied according to the command. If no match is found the access is denied. If no "Allow" or "Deny" command was used the access is allowed. Allow servername/user1 Deny */* Allow server*/any Deny ser*abc/def*ght* Subcommand ConnectTime [min] Determines maximum connection time in minutes. The connection is terminated when time has elapsed after active command is completed. ConnectTime 30 Subcommand IdleTime [min] Determines maximum time in minutes when the connection is idle. The connection is terminated after being idle too long. IdelTime 3 Subcommand ReadOnly This restricts access to read only. Subcommand LogFile [file] This determines location of the log file. The file must be on the server where FTPD is running. The user needs no rights for the file. If a directory is specified it must exist. The file length is not limited. Deafult: for "default" community sys:system\default.log pro "anonymous" community sys:system\anonym.log LogFile sys:logs\ftp.log Subcommand LogLevel [num] This subcommand controls actions written to the log file. Level 0 - no log Level 1 - not used Level 2 - login, logout and abort info Level 3 - level 2 plus outgoing files info Level 4 - level 3 plus incoming files info Level 8 - log all commands Deafult: for "default" community 0 for "anonymous" community 2 LogLevel 4 Subcommand CommentsFile [filename] Determines the file to display after the completion of "CWD" command. This file must be in the new current directory set by CWD and the user must have rights for reading. There must be no path given, only the filename. Default: none CommentsFile README.TXT Subcommand LogoFile [file] Determines the file to display after the user has logged in. This file must be on the server where the user has logged in and the user must have rights for reading. Full NetWare pathname must be specified, but no server name. Default: none LogoFile sys:public/logofile.txt Subcommand ShortLS This subcommand determines whether directory entries are visible or invisible in ls (NLST) command. User may control this option via SITE LONGLS (or QUOTE SITE LONGLS) and SITE SHORTLS (or QUOTE SITE SHORTLS) site specific commands. Default: Directory entries are visible in ls command. ShortLS Subcommand HomeDir [directory] Overrides standard home directory determination processing and sets given home directory for the community. Default: standard processing(see below). HomeDir users:anydir/thisdir Subcommand MacNameSpace Determines default name space for this community. Default: DOS name space MacNameSpace Non-standard FTP commands The FTP Server implemets this site specific commands. SITE LONGLS This command causes directory entries to be visible in ls (NLST) command. SITE SHORTLS This command causes directory entries to be invisible in ls (NLST) command. Motivation: Directory entries may cause problems with MGET command. SITE MAC Set the name space to Macintosh. SITE DOS Set the name space to DOS. MACB E and MACB D This command switch between BINARY and MACBINARY transfer mode. This has meaning only if Mac name space is selected. Macros used in CommentFile and LogoFile files. All character sequences $[character] are macros. Macros are case sensitive and unknown macros are ignored. Macro Expansion $f Novell name of server running FTPD $s Internet name of server running FTPD $u Novell user name, or user name from ID for anonymous. $h IP full host name or IP address when host name cannot be resolved. $a Anonymous ID for anonymous users, empty string otherwise. $t Local time in form "Mon Oct 20 11:32:54 1992". (without quotes) $n Number of logged FTP clients. $w "Warning, I cannot map your network address to hostname." if user address cannot be mapped to hostname, empty string otherwise. $m Empty string for non-anonymous users. For anonymous user: if address cannot be mapped to hostname "Warning, I cannot map your network address to hostname." if anonymous id not valid e-mail address expand to "Please, next time use name@hostname as an anonymous id." Hostname is substituted with user hostname. Valid anonymous id is name@ or name@hostname.domain Hints: - When the user enters the '-' character as the first character of the password, no files specified by LogoFile and CommentsFile commands are displayed. This character is excluded from the password. Use this if your FTP client prints garbage or hangs. - Determining the user home directory: 1) If there is the subcommand HomeDir specified for a community, user home directory is set to this directory. 2) If the user has set the property HOME_DIR (by jrb utilites), current directory is set to the HOME_DIR directory. 2) The server searches the trustee list for the user. If it finds a directory where the user has explicitly stated rights and the name of the directory matches the name of the user (only 8 characters are tested), it sets this directory as home directory. - The "cd ~" command changes current directory to user's home directory. - "Standard" Novell access restriction. All standard Novell access restrictions apply for FTP access, with this exception: Station restriction (network, node address) is ignored when user is logged on master server (server running FTPD). On remote servers, station restriction is accepted. (Sorry for this, but it is bug in Novell's CLIB [or feature :-) ]). - FTPD users are logged from internal IPX network of master server (server running FTPD), node 1. This can be used for additional access restriction on remote servers. - If you want to login to remote 386 server, it must have set the option "SET Reply To Get Nearest Server=ON". (Novell CLIB bug or feature ?) - Active FTP connection cannot be cleared from MONITOR. - Anonymous access To enable anonymous access you must create account "ANONYMOUS" without password (on master server) and set the home directory and trustees rights for this user (or use HomeDir subcommand for community Anonymous). If you want to restrict access to this account from local IPX network, you can use station restriction to restrict Anonymous to master server internal IPX network only. - DOS name space FTP daemon accepts two formats of file names. First (and preferred) is Unix-like: /volume/dir/dir/filename.ext for full filename specification or dir/dir/filename.ext for filename specification relative to current directory Second is Netware style: volume:/dir/dir/filename.ext for full filename specification volume:dir/dir/filename.ext or dir/dir/filename.ext for filename specification relative to current directory - Mac name space If you have selected Mac name space, you must enter the filename like this (even when referring to DOS only name space volumes): :volume:folder:folder:filename for full filename specification or folder:folder:filename for filename specification relative to current folder. If there's no added MAC name space on the target volume, the command is processed in DOS name space (colons are processed as slashes). There is no way to enter SITE commands from Mac graphic FTP clients. To be able to use Macs, set a community for them with Mac name space as default (with subcommand MacNameSpace). MACBINARY transfer mode is enabled as default (or it shouldn't be ?). The Mac name space is added after many requests. As I have no possibilty to test it with Mac here (we don't have any Macs), this should be taken only as the first attempt to make the FTPD Mac-compatible. Any help and feedback is very appreciated here.