parm VarFile = "RmtVarFl" host="" # Command file: FTPWRAP 2003/04/16 # Author: Paul H. Christidis : phchristidis@raytheon.com # Remarks: Wrapper for MPE/iX's FTP. Shields host, user, password, # and can restrict FTP commands available to user. # # 05/20/2003: Added code to support an 'Allowed' list of FTP commands. # The 'Allowed' list has precedence over the 'Banned' list. #---------------------------------------------------------------- # Code for executing within MPEX to avoid errors due to way MPEX # evaluates conditional expressions. setvar insidempex 0 if insidempex <> 0 then mpe xeq CI.PUB.SYS;PARM=3;info='!hpfile ![ANYPARM(!VarFile)]' return endif # echo echo (PHC) MPE/iX FTP Wrapper V2003.05.20 !hpdatef, !hptimef setvar _ftp_Up CHR(27) + "A" setvar _ftp_VarFile UPS("!VarFile") if _ftp_Varfile = "?" then echo echo Author: Paul H. Christidis phchristidis@raytheon.com echo ![CHR(7)] echo Usage: ![BASENAME(hpfile)] [ VarFile ] [ ,host ] echo echo This is a 'wrapper' command file for FTP. It receives the hostname echo username, password, and a number of initial FTP commands from a file echo and then allows the user to issue his commands. In the process it echo can also make a number of FTP commands unavailable. It is useful echo for restricting a user to a directory and/or to specific commands. echo echo VarFile - Name of file containing a series of 'setvar' commands echo that 'set' the needed FTP commands to be executed before the echo user is allowed to enter his commands. Default = "RmtVarFl" echo echo host - The DNS host name or IP address of the remote server. echo This will 'over ride' any host name specified in the 'VarFile' echo and is most useful when the 'netrc' file scheme is used. echo Default = NONE (host specified in "VarFile" or the "netrc" echo file, OR by the user in his "open" statement). echo echo input _ftp_t;wait=120;prompt="!_ftp_Up Press Return to continue" echo !_ftp_UP !_ftp_UP echo The "VarFile" should contain 'setvar' commands for the following: echo _rmt_host - The name of the host that FTP will connect to. echo _rmt_user - User name to be used when connecting to host. echo _rmt_pass - Password assigned to '_rmt_user'. echo _rmt_Init_Cmds - A number indicating how many 'initial' commands echo will be specified. Default = 10 echo _rmt_cmd1 - 1st 'initial' remote command (i.e. 'cd /usr') echo _rmt_cmd2 - 2nd 'initial' remote command. echo ... echo _rmt_cmdn - Nth 'initial' remote command. echo _rmt_Allowed_Cmds- A list of semicolon (;) separated commands echo allowed to be issued by the user. echo _rmt_Banned_Cmds - A list of semicolon (;) separated commands echo disallowed for execution by the user. echo _lcl_Cmds_Yes - Flag to indicate whether the user will be allowed echo to issue 'local' MPE commands. If a 'false' value is echo set the 'wrapper' will terminate when an MPE command echo is specified. Default = TRUE echo echo input _ftp_t;wait=120;prompt="Press Return to continue" echo !_ftp_UP !_ftp_UP echo A 'typical' file could contain the following: echo SETVAR _rmt_host "hostname" echo SETVAR _rmt_user "username" echo SETVAR _rmt_pass "password" echo SETVAR _rmt_Init_Cmds 2 echo SETVAR _rmt_cmd1 "cd /usr/vcs" echo SETVAR _rmt_cmd2 "dir" echo SETVAR _rmt_Banned_Cmds "open;cd;delete;put" echo SETVAR _lcl_Cmds_Yes TRUE echo echo NOTE1: The 'Allowed' and 'Banned' FTP command lists are mutually echo exclusive. If both are present then the 'Allowed' list takes echo precedence. echo echo NOTE2: The "netrc" scheme for accessing remote hosts can be used echo in conjunction with this wrapper. If there are no requirements echo for issuing 'initial commands' then the "VarFile" should echo only contain the 'Allowed/Banned' list making sure that the echo "open" command IS allowed. If initial commands are needed echo then the '_rmt_host' variable should also be included, OR the echo 'host' name be specified in the command line. return endif # # Execute command file containing 'setvar' commands for the remote host, # user, and password specific to your site, check 'host' overrides. # See above for variables that are recognized and acted upon. setvar _lcl_Cmds_Yes TRUE if FINFO(_ftp_VarFile, "exists") then xeq !_ftp_VarFile else echo echo ** File with 'access' info not found. Unless "netrc" is used,  echo ** specify the info manually making sure to supply the password echo ** WITH the 'user' command. (i.e. USER uname pass). echo endif if LEN(SETVAR(_ftp_host, RTRIM(LTRIM("!host")))) <> 0 then setvar _rmt_host _ftp_host endif # # Create a '$STDIN' file for ftp with key info taken from the preset # variables. Initiate initial execution of temporary command file. # also delete 'remote host' variables to prevent user from displaying # them (if allowed to execute local commands). purge ftpin,temp > $null build ftpin;rec=-80,,f,ascii;temp;msg file fin = ftpin,oldtemp if BOUND(_lcl_Cmds_Yes) AND _lcl_Cmds_Yes then file cin = $stdinx;rec=-200 else file cin = $stdin;rec=-200 endif if BOUND(_rmt_host) then echo open !_rmt_host >>*fin endif #echo debug >>*fin if BOUND(_rmt_user) then echo user !_rmt_user >>*fin endif if BOUND(_rmt_pass) then echo !_rmt_pass >>*fin endif # # Gather up and 'funnel' to the 'stdin' file any remote commands # that are supposed to be executed before the user is given control. if BOUND(_rmt_Init_Cmds) then setvar _rmt_Cmd_Limit !_rmt_Init_Cmds else setvar _rmt_Cmd_Limit 10 endif setvar _ftp_idx 0 while SETVAR(_ftp_idx, _ftp_idx + 1) <= _rmt_Cmd_Limit do if BOUND(_rmt_cmd!_ftp_idx) then echo ![_rmt_cmd!_ftp_idx] >>*fin endif endwhile # # Copy to another variable any 'Allowed|Banned' commands. # setvar _ftp_Oper "=" if BOUND(_rmt_Allowed_Cmds) AND TYPEOF(_rmt_Allowed_Cmds) = 2 then setvar _ftp_Cmd_Pool ";" + REPL(UPS(_rmt_Allowed_Cmds),",",";") + ";" setvar _ftp_Oper "<>" elseif BOUND(_rmt_Banned_Cmds) AND TYPEOF(_rmt_Banned_Cmds) = 2 then setvar _ftp_Cmd_Pool ";" + REPL(UPS(_rmt_Banned_Cmds),",",";") + ";" else setvar _ftp_Cmd_Pool "~" endif if FINFO("*fin", "eof") > 0 then echo :deletevar _rmt_@ >>*fin endif #echo ExitOnError >>*fin echo :xeq *cmd >>*fin # # Create a temporary command file that will get the user's # request, and if not an 'exit' request, write it to the message # file 'spoon feeding' the FTP client along with a request to # have the FTP client re-execute this temp command file. file cmd = ftp!hppin echo INPUT _ftp_cmd;prompt="FtpWrap> " !<*cin >*cmd echo setvar _ftp_verb ";" + WORD(UPS("!!_ftp_cmd")) + ";" >>*cmd echo if POS(_ftp_verb,";QUIT;EXIT;BYE;") ! 0 then >>*cmd echo echo quit !>>*fin >>*cmd echo else >>*cmd echo if POS(_ftp_verb, _ftp_Cmd_Pool) !_ftp_Oper 0 then >>*cmd echo echo !!_ftp_cmd !>>*fin >>*cmd echo setvar _ftp_cmd " " >>*cmd echo else >>*cmd echo echo ![CHR(7)] * * * * * * * * * >>*cmd echo echo The "!![_ftp_verb -";"]" FTP command has been disallowed.. >>*cmd echo echo ![CHR(7)] * * * * * * * * * >>*cmd echo endif >>*cmd echo echo :xeq *cmd !>>*fin >>*cmd echo endif >>*cmd # # Run the ftp client directing it to receive its commands from a # message file. Afterwords clean-up the environment. setvar ftplasterr 0 continue run ftp.arpa.sys;stdin=*fin if BOUND(traceon) AND traceon then showvar _ftp_@, _lcl_@ listftemp @,2 else purge ftpin,temp >$null purge *cmd,temp >$null reset cmd reset fin reset cin deletevar _ftp_@, _lcl_@ >$null endif