Novell NetWare 6.0
Novell NetWare 5.1
Novell NetWare FTP Server (NWFTPD.NLM)
Bugzilla 150135: Adjusted the use of the optional TransmitFile API (introduced in NWFTPD11.EXE). When enabled, TransmitFile is to be used for downloading files from the FTP server itself, not for files retrieved from other NCP servers. However, NWFTPD was determining it's usage of TranmistFile based on the location of the user's home directory server, rather than basing it on the server where NWFTPD.NLM was actually running. This has been corrected.
Other changes, previously included in NWFTPD 5.06.05, November 16, 2005, NetWare 6.5 SP5.
Bugzilla 133977: Fixed a low-risk security issue related to passwords.
Enhanced Feature: Added eDir subtree searching, for better contextless login. See https://support.microfocus.com/kb/doc.php?id=10072649 for more details.
Other changes, previously included in NWFTPD 5.06.04, October 27, 2005, NWFTPD11.EXE.
Bugzilla 130954: The FORCE_PASSIVE_ADDR feature, introduced in NWFTPD 5.05.04, caused a side effect when it was NOT being set, for systems where FTP was using more than one IP address. Once the first passive connection was formed, all subsequent passive replies referenced the initial IP address, even if the FTP server was listening on a different IP address. This could cause passive connection failures on multi-IP-address servers.
Bugzilla 130120: If IGNORE_HOME_DIR is set to YES in FTPSERV.CFG, NWFTPD will now skip the eDir query to get the home directory. Previously the query was made, even though the resulting information was not used.
Bugzilla 129932: Removed the redundant queries to eDir when a user object with no password is successfully logged in, but then the client submits a password command (PASS) anyway. Previously, this was causing the authentication to close and then be re-established.
Bugzilla 97819 : Fix for Not-logged-in connections piling up. Certain code paths in NWFTPD could leave Not-Logged-In connections behind after FTP sessions were finished. These could pile up on the FTP server itself, or on remote NetWare servers to which the FTP server was contacting on behalf of the FTP user.
Bugzilla 120058: New feature: NWFTPD can optionally use the new TransmitFile API, which allows higher performance downloads (uploads are not effected). The higher performnace method will only be used if the file being retrieved is on the FTP server itself (not on a remote NCP server) and is being transfered in the default FTP File Structure (i.e. not in Record Structure). To see the benefit of this feature, the FTP server should be on a gigabit network, and should be handling enough load from multiple FTP clients to make use of more than 100Mbit bandwidth. This is controlled by a new parameter in FTPSERV.CFG: TRANSMITFILE_SUPPORT=YES (default is NO).
Other changes, previously included in NWFTPD 5.05.04, in NetWare 6.5 SP4:
Bugzilla 94528: Added ftpaudit.log message to note when there is an invalid line in address restrictions of the FTPREST.TXT file.
Bugzilla 85926: Changed formatting of log files to consistently use space-comma-space as the delimiter between various fields in all the log files. Also ensured that whenever some fields are missing in some lines, extra delimiters are added so formatting is preserved.
Bugzilla 80554: Fixed SIZE command used against non-existant files (previously it was not responding).
Bugzilla 86229: New feature: Optionally force an administrator-chosen IP address to be included in server's passive reply. This is intended to supply public address instead of a private address when the server is behind NAT. This only effects the passive reply message; it does not control where the FTP server actualy listens for passive connections. The IP address is set in FTPSERV.CFG with: FORCE_PASSIVE_ADDR=aaa.bbb.ccc.ddd
Remedy RFE 29806: Enhance MDTM command to allow the setting of modified date and time, not just retrieving. Also enhanced MDTM to function on directories, not just files.
Other changes, previously included in NWFTPD v5.05, in NetWare 6.5 SP3 and NetWare 5.1 SP8:
Fix for DEFECT000382749: Abend in ResumeThread API. Invalid thread handle passed.
Fix for DEFECT000398218: Double Page Fault abends caused by running out of stack space in NWFTPD. Doubled the stack size to accomodate.
Other changes, previously included in NWFTPD10.EXE (NWFTPD v5.04.25):
FIX for DEFECT500370012: Removed trailing slash from PWD and CWD responses when at the root of a volume. Previous response of"/vol1/" was not consistent with response in a sub-directory,"/vol1/dir1"
FIX for DEFECT000383564: The ability to rename a file to a different path (effectively moving it) was restored. This ability had been broken in v5.04.20, May 25, 2004.
MODIFIED FEATURE: Changed the error message when failing to overwrite a read-only file from "File exists with Read access" to"Failed: File is Read-Only"
MODIFIED FEATURE: Information from FTPSTAT.NLM is now provided over a secure connection and is only available in iManager. This change is only for NetWare 6.5. Older versions of NetWare should not use the FTPSTAT update.
FIX for DEFECT500368598: Delays in closing DS connections were holding FTP connections open longer than necessary, causing the max FTP sessions allowed to be reached prematurely on heavily used FTP servers. The order was changed so the FTP session is closed before the DS connection is closed.
MODIFIED FEATURE: Restored the feature of accepting multiple slashes within a path, and treating them as 1 slash. For example, /vol/dir1////dir2 is treated as /vol/dir1/dir2. NOTE: Beginning a path with 2 slashes is always treated as indicating a server name. I.E. CD //SERVER/Vol1/dir
FIX for DEFECT000374943: Address_Range restrictions in FTPREST.TXT involving nested ranges were failing.
FIX for DEFECT500367363: Data Connections are now initiated from port L-1 (control port minus 1). Previously port 20 was used for active data connections even if control port was set to something other than the default of 21.
FIX for DEFECT500272228: KeepAlive option was only watching control connections. Now it also watches data connections.
FIX for DEFECT000353990: March 19, 2004 - Corrected the PWD response, which was leaving out the volume name if the GUEST restriction was in force. (Only relevant if the volume was considered underneath the home directory, i.e. DEFAULT_USER_HOME=\ ). May 25, 2004: Corrected side effect of March 19th change: Hided the true path to the anonymou user's home directory.
NEW FEATURE: NWFTPD will sense whether it is running on NetWare 5.1 and avoid using 64 bit reads and writes accordingly. This allows the same NLM to function on both NetWare 5.1 and 6.x. (There was a period from November 2003 to March 2004 where NetWare 5.1 could not receive the current NWFTPD.NLM updates.)
FIX for DEFECT500350446: Previously the system console could hang when unloading NWFTPD.NLM if 1000 active ftp sessions were present.
FIX for DEFECT000353973: Prevents an ABEND due to buffer overflow, when pushing over 1024 characters into username or password.
NEW FEATURE (Only effective on NetWare 6.0 and higher): FTP server now supports the storage or retrieval of files larger than 4 Gigabytes. This feature only supports file transfers. FTP directory lists will not correctly display sizes for files this large, but they will transfer correctly.
MODIFIED FEATURE: Stopped accepting multiple sequential slashes within paths. I.E. get dir1////dir2/file1.txt will now return"invalid path." NOTE: this change was temporary, previous behavior was later returned to accept multiple slashes within a path and treat them as 1 slash. NOTE: Beginning a path with 2 slashes is always treated as indicating a server name. I.E. CD //SERVER/Vol1/dir
FIX for DEFECT000338587: Added support for extended characters in passwords.
FIX for DEFECT100309544: FTP restrictions could fail if login name was a relative name (no leading dot) and had a trailing dot (i.e. user.container. ).
FIX for DEFECT500287422: Domain name login restrictions were not coming into effect.
FIX for DEFECT000349127: FTP restrictions could fail depending on bindery context setting.
FIX for DEFECT000349295: Corrected a problem with dynamically learning of changes to the FTP restrictions file. (Default FTPREST.TXT).
FIX for DEFECT100275271: PWD response now shows correct case of directory names, instead of all lower-case.
Other changes, already included in NWFTPD.NLM v5.04.08, Aug 4, 2003 (found in NWFTPD9.EXE and NW 5.1 SP7).
- MODIFIED FEATURE: The number of contexts that can be placed in the SEARCH_LIST has been increased from 25 to 30. (Note that the comments in the FTPSERV.CFG file have not yet been modified to reflect the new limit).
- FIX for DEFECT000336285: This change was actually made to overcome weaknesses of some 3rd-party FTP clients. Adobe GoLive and MS Internet Explorer for Macintosh were, in some cases, unable to display a full list of NetWare volume names. Instead, only the last volume name was displayed. Testing indicated this was because of case-sensativity those clients have to the format of the output of the LIST (dir) command. There is no official format for this output, and other FTP clients were already handling it without problem. Even so, for best inter-operability with a wider range of FTP clients, Novell altered it's LIST format for NetWare volume names.
- FIX for DEFECT500289544: Improved error message when trying to PUT a file with a LONG name during an FTP session using DOS name space.
- NEW FEATURE: If NWFTPD.NLM is loaded with no config file specified, and a config file doesn't exist at the default location (SYS:ETC\FTPSERV.CFG) a new config file will be created at that location with all default settings.
Other changes, already included in NetWare 6.5 (NWFTPD.NLM v5.04.05, July 4, 2003).
- NEW FEATURE: Support has been added for RFC 2228 - FTP Security Extensions. FTP sessions can now be encrypted with the existing SSL capabilities of a NetWare server. A client which has implemented RFC 2228 is required to make use of this feature. For details and suggestions, see the online documentation for NetWare FTP Server at https://www.novell.com/documentation/lg/nw65/index.html as well as KB 10085857 (aka Solution NOVL91605).
- FIX for DEFECT500287708: Fix to close a loophole in the enforcement of the restrictions in FTPREST.TXT file.
- MODIFIED FEATURE: If NWFTPD is loaded with -c
- MODIFIED FEATURE: The format of multi-lined messages sent over the FTP Control Connection were changed to avoid FTP Sessions being improperly reset by CheckPoint firewalls.
- FIX for DEFECT500287489: Closed a loop-hole in intruder detection methods.
- FIX for various defects dealing with hangs or abends when running NWFTPD -A, when a replica server is not available.
- FIX for DEFECT000342408: When one FTP Server was listening on multiple IP addresses, active data connections initiated from the FTP Server would come from the primary IP address rather than from the IP address of the particular FTP session. That has been corrected.
- NEW FEATURE: Changes to the FTP restrictions file (default location) SYS:ETC\FTPREST.TXT now come into effect dynamically, without requiring NWFTPD to be unloaded / reloaded.
- MODIFIED FEATURE: LONG path and filenames can now be used in the FTPSERV.CFG file. Previously only DOS names were allowed.
- MODIFIED FEATURE: The size of the FTP log files is now controlled by size in Kbytes, rather than number of log messages present.
- MODIFIED FEATURE: The FTP command NLST (ls) will now be treated as the FTP command LIST (dir) if one of the following parameters is used: -l, -al, -la.
- NEW FEATURE: When running multiple instances of FTP Server, unloading NWFTPD meant unloading all instances. Now, individual instances can be unloaded with 2 methods:
Edit the configuration file of the instance to be unloaded and set UNLOAD_THIS_INSTANCE=YES. Upon saving the file, the FTP Server will become aware of the change and unload the appropriate instance. The setting will automatically be set back to NO so it can be reloaded afterwards.
- NEW FEATURE: Existing intruder lockouts can be cleared without unloading NWFTPD. Edit FTPSERV.CFG and set CLEAR_EXISTING_INTRUDERS=YES. Save the file. Upon the next FTP connection attempt, FTP Server will become aware of the change and clear the lockout lists. The setting will automatically be set back to NO.
- MODIFIED FEATURE: The default setting for DATA_BUFF_SIZE was changed from 32 to 64 (Kbytes) to improve file transfer performance.
- FIX for DEFECT500276455: Corrected a failure to release memory resources when NWFTPD is loaded and unloaded multiple times.
- FIX for DEFECT000327201: Previously, setting DEFAULT_USER_HOME to a solitary slash (I.E. DEFAULT_USER_HOME=/) would prevent the DEFAULT_USER_HOME_SERVER parameter from taking effect. This has been corrected.
- FIX for DEFECT000319984: Previously, setting DEFAULT_USER_HOME to a solitary slash (I.E. DEFAULT_USER_HOME=/) would prevent the parameters IGNORE_REMOTE_HOME=YES and IGNORE_HOME_DIR=YES from taking effect. This has been corrected.
- MODIFIED FEATURE: Improved the output of the console command NWFTPD -? (to generate usage syntax).
This will enable Unix-style directory lists, including the display of Unix permissions. It should be noted, however, that these permissions are not in effect. Effective NetWare trustee rightswill still govern a user's access. Furthermore, these permissions will not reflect the permissions that may be stored in the NFS name space of a NetWare volume. Novell's NFS Services or Native File Access for Unix may populate true permissions in the NFS name space, but FTP does not use NFS name space.
The parameter controls the permissions reported by FTP Server for files. The default is 644 but it can be set to any 3 digit octal value (max 777). Since these permissions are not enforced by the FTP server, there is no known reason to modify them. However, if an FTP client is discovered which is sensative to the permissions reported, the administrator can tailor the display to the needs of the client. This parame.ter only has effect when PSEUDO_PERMISSIONS is set to ON.
The parameter controls the permissions reported by FTP Server for directories or volumes. The default is 755 but it can be set to any 3 digit octal value (max 777). Since these permissions are not enforced by the FTP server, there is no known reason to modify them. However, if an FTP client is discovered which is sensative to the permissions reported, the administrator can tailor the display to the needs of the client. This parameter only has effect when PSEUDO_PERMISSIONS is set to ON.
- NEW FEATURE: FTP Server can now optionally prompt for the anonymous password even when anonymous access is disabled. This is useful when using Internet Explorer (IE) as an FTP client. Previously, if anonymous access was disabled, then when entering the URL: ftp://server, IE would automatically attempt an anonymous login, which would immediately be denied. Now, by prompting for a password first, IE will bring up a dialog box which allows the user to specify both his name and password. This is more user friendly for novice users who aren't familiar with advance FTP URL syntax like ftp://username:password@server.
To control whether the password is requested for the anonymous user, set ANONYMOUS_PASSWORD_REQUIRED=YES/NO (the default is YES). This parameter has always existed in FTPSERV.CFG, but previously only had effect when ANONYMOUS_ACCESS was set to YES.
- NEW FEATURE: A new FTPSERV.CFG parameter, DEFAULT_FTP_CONTEXT, can control the default directory context used by FTP Server. If this parameter is not set, the FTP Server will fall back on the old method of using the first bindery context; or if no bindery context is set, using the server object's context. The ability to control this manually is useful for controlling the location of the anonymous user object; especially in cases where multiple instances of FTP are being loaded, each needing it's own anonymous user object. This setting should use the Fully Distinguished Name of the desired context, including a leading dot. For example, DEFAULT_FTP_CONTEXT=.testing.novell
- NEW FEATURE: Dynamic configuration changes. Changes to the FTPSERV.CFG file will come into effect automatically instead of requiring NWFTPD.NLM to be unloaded and reloaded.
- MODIFIED FEATURE: The TCP Keep Alive Time (for detecting broken connections) is now configurable in FTPSERV.CFG. Previously the time was hard-coded at 10 minutes. It can now be set from 5 to 120 minutes, and can also be completely disabled. The setting is:
The default (when no setting is made) is 10 minutes. When set to 0 (or negative), the timer is disabled. Settings of 1 thru 4 or higher than 120 are invalid and will be taken as 120 minutes.
- MODIFIED FEATURE: The -C parameter of NWFTPD was modified to accept optional volume and path syntax in the format: [vol:[/dir/...]]filename
For example, vol1:/ftpdir/ftp1.cfg
- MODIFIED FEATURE: When loading NWFTPD -A, the user is now prompted for the Fully Distinguished Name (FDN) of the admin user object. This is to avoid past situations where NWFTPD was unable to find the context of the admin object. NWFTPD -A will also verify that the anonymous user home directory syntax is entered correctly.
- FIX for DEFECT500284033: NWFTPD.NLM was leaking BSD sockets, especially when using passive data connections. This has been corrected.
- FIX for DEFECT000325339: With builds of NWFTPD.NLM from July 2002 or later, deleting files from the root of a volume could fail. Additionally, any failure to delete a file was returning an invalid error code:
-39 Internal error, could not delete file "/sys/nofile.txt"
The deletion problem has been corrected, and the proper error is again reported as:
550 Could not delete file "/sys/nofile.txt"
- FIX for DEFECT000307961: With builds of NWFTPD.NLM from July 2002 or later, guest or anonymous users were unable to rename files, receiving the error, "503 Bad Sequence of Commands". This has been corrected.
- FIX for DEFECT500276294: In certain configurations, anonymous users with a home directory on a NFS Gateway volume would receive too much access to the file system. NWFTPD has been modified to prevent this.
- FIX for DEFECT000310498: Improved error handling for improper usage of path syntax. FTP Server does not allow wildcards to be used in directory names. Accurate errors are now returned in these cases. Wildcards can still be used in file names.
- FIX for DEFECT000317490: One of the changes in NWFTPD v5.03b (October 7, 2002) mistakenly removed the "total 0" line from the beginning of dir (LIST) output, if the directory list was being done at the root of the server (to see all volume names). This"total" line is standard in Unix, and is expected by some FTP clients, including Microsoft Internet Explorer. The missing line can ause some clients to display the output incorrectly. The line has been restored.
- FIX for DEFECT500279626: When receiving a QUIT command, FTP Server was doing a TCP RESET of the FTP connection, rather than doing a normal FIN / ACK process to close the connection. This has been corrected.
- FIX for DEFECT500282439: If a TCP bind error occurs while NWFTPD attempts to load, it will unload rather than stay loaded in a non-functional state.
Other changes, previously included in NWFTPD 5.03b, October 7, 2002 (from NWFTPD7.EXE):- Eliminated an abend which occurs when unusual character strings are included in a username, when authenticating to the FTP server.
- Eliminated an abend (usually page fault) which could occur when an ABOR (abort) command is preceded by additional characters. The ABOR command is used to interrupt data transfers.
- Eliminated a page fault abend involving stack overflows and invalid pointers.
- Altered the directory output (from the 'dir' or 'LIST' command) to not include a beginning "total" line except when no filename or wildcard is specified. This method is a better match for the unofficial FTP standards which Unix has established, and provides better compatibility for some FTP clients.
Other changes, previously included in NWFTPD 5.02y, July 25, 2002 (from NW 5.1 SP5 and NW 6.0 SP 2):
- Eliminated a memory leak. - Enabled deletion with 'del' or'DELE' commands using wildcard file specs, on a legacy NetWare volume. (This was already possible on NSS volumes).
- Corrected a failure to get directory listing for users with the GUEST restriction. Some methods of specifying home directory syntax in the NDS user account were not being handled correctly by NWFTPD.NLM.
- Enhanced ls (NLST) and dir (LIST) output to include directory paths if the path was included in the ls or dir command. For example, ls dir2/* will now give output in the format: dir2/file1.txt dir2/file2.txt This enables FTP client commands like mget and mdel (which make use of the NLST command) to succeed even when paths are specified.
- In accordance with NetWare design policy, disabled the ability of FTP users to read / write to volumes on servers where no user / connection license can be obtained.
Other changes, previously included in NWFTPD 5.02r, April 26, 2002 (NWFTPD6.EXE):
- Eliminated high-utilization problems that could occur when invalid commands (improper syntax or length) were sent to the FTP server. While in
high-utilization, if NWFTPD was unloaded, a Double Fault Processor Exception abend could also occur. These problems were present in NWFTPD.NLM builds beginning October 19, 2001.
- Eliminated a Page Fault Processor Exception abend that could occur when NWFTPD.NLM was loaded and unloaded in rapid succession, as from an NCF file or Cluster script.
- Several corrections to certain FTP messages / responses.
- Corrected a failure to clear old not-logged-in connections.
- Corrected a potential abend on multi-processor systems.
- Improvements to intruder detection.
Other changes, previously included in NWFTPD 5.02i, February 16, 2002 (NWFTPD5.EXE):
- Fixed a page fault abend which could occur after applying NW 5.1 SP4. This abend can occur in TCP.NLM when the FTP server is under a heavy load. The exact conditions required to trigger the abend can vary, but the abend has been seen to occur with as little as 60 FTP sessions, depending upon the type and number of data connections opened in those sessions. FTP's method of listening for data connections was altered in order to eliminate this abend.
Other changes, previously included in the January 7th, 2002 build from NW 5.1 SP4:
- Corrected the error reporting that would occur when the FTP server could not write a file. In some previous versions, the FTP server could report
"insufficient disk space" when in reality the write failure was due to factors other than disk space.
- Corrected a potential failure to find user objects underneath country or locality containers.
- Minor changes to the messages given during a rename operation.
- Expanded the logging of IP address & anonymous user in FTPAUDIT.LOG file, when anonymous login fails.
- Minor improvements to user and host intruder detection.
- Fix to insure closure of FTP connections if NWFTPD.NLM is unloaded during FTP transfers.
- Fix to set the user's context correctly when the NetWare Server object's context is different than the server's first bindery context, or if search list input is given.
- Improvements to message handling for international environments (usage of non-default code pages).
Other changes, previously included in NWFTPD 5.02b, October 19, 2001 (NWFTPD4.EXE)
- Added support for Record Structure (implented the STRU R functionality).
- Altered the FTP command processor to accept various control sequences before the ABOR (abort) command, in accordance with FTP and TELNET RFCs. Corrected the FTP server's response in conditions where ABOR is used when the previous command has already completed.
- Eliminated a conflict between the parameter DEFAULT_USER_HOME_SERVER and the parameters IGNORE_HOME_DIR and IGNORE_REMOTE_HOME. The IGNORE... parameters are meant to apply to NDS home directory settings only, not to FTP's default
- Corrected a problem with GUEST access restrictions, which had been causing failures in FTP directory lists (ls, dir, NLST, LIST).
Other changes, previously included in NWFTPD.NLM 5.01y, September 13, 2001 (NWFTPD3A.EXE)
- The prior FTP release (NWFTPD3.EXE, August 24, 2001) had some internationalization improvements which inadvertently altered the format of the date / time information in a DIR (LIST) command. This resulted in improper or missing dates, times, and sizes being displayed at the FTP client, or even in complete failure of some FTP clients (i.e. Netscape Navigator). The format has been returned to normal (without removing the internationalization improvements).
- Certain syntaxes of URLs used in Netscape Navigator were resulting in failure of the intial list of files available in an FTP session. This has now been corrected. (This was a long-standing issue, not introduced by the Aug 24th, 2001 release).
- User-based restrictions in the SYS:ETC\FTPREST.TXT file were failing under certain conditions. This has been corrected. (This is also an older issue, not introduced by the Aug 24th, 2001 release.) This issue only effected user-based restrictions; not container, address, or domain restrictions.
- Enhancement to provide contextless login without the need for Catalog Services. SYS:ETC\FTPSERV.CFG can now use the parameter:
The syntax of this parameter is very strict. Each context listed should begin with a leading dot, and should show the full context. No relative contexts. A comma should separate each context in the list. No spaces should be used after the = (equal sign) or after any comma. A space should only be used if a container name actually contains a space character. Up to 25 contexts can be listed, but the maximum length of the setting (after the = sign, and including commas) is 2048 characters.
When a user logs in without specifying their context, the search order used by NWFTPD to find them will be (1) The first bindery context of the server, if set. (2) The NW server object's own context, if no bindery context is set. (3) The NDS Catalog Services catalog specified by the FTP_CATALOG_NAME parameter in FTPSERV.CFG. (4) The contexts listed in the SEARCH_LIST parameter of FTPSERV.CFG, in the order listed on that parameter.
While it is still possible to use both a Catalog Services catalog and the SEARCH_LIST parameter, it is recommended that use of Catalog Services be discontinued, as that technology is being phased out.
To have NWFTPD automatically add comments about all possible FTPSERV.CFG parameters to the existing FTPSERV.CFG file, unload NWFTPD and load NWFTPD -A. This will add the new comments to the config file without changing the current settings. However, this also enables anonymous FTP, so if that is not desired, edit the FTPSERV.CFG file afterwards and set ANONYMOUS_ACCESS=NO. The ANONYMOUS user (which will have been created either in the first bindery context of the server, or in the server object's own context) can also be deleted. After NWFTPD -A completes, NWFTPD should be loaded again to start the FTP Server.
- Adjustments for compatibility between FTP and other services in Native File Access Pack (NFAP) and Network Attached Storage (NAS).
- Solved an ABEND that could occur if the anonymous user used SUNIQUE mode to PUT a file (STOU, or Store Unique).
- Previously, when moving a file by renaming to a new path, if the file name contained the directory name, the rename would fail. For example:
REN FILENAME1 /FILE/FILENAME1 This would fail because the directory name "FILE" was included in the file name "FILENAME1". This problem has been eliminated.
- Previously, when defining container-based restrictions in the SYS:ETC/FTPREST.TXT file, if the container name contained a space character, the restriction would not come into effect. Now, containers with spaces in their names can be properly restricted, if quote marks are used. Examples:
"*.big apple.novell" ACCESS= DENY
"user1.big apple.novell" ACCESS= ALLOW
- A SYS:ETC\WELCOME.TXT file of 0 (zero) bytes will no longer result in an blank line (Carriage-Return / Line Feed) being sent before the "220 ready for new user" message. Some FTP clients malfunction after receiving a blank line.
- Users without a home directory specified in their NDS user object will be handled correctly by the DEFAULT_USER_HOME_SERVER parameter, even in cases where the parameters IGNORE_HOME_DIR or IGNORE_REMOTE_HOME are being used. However, for users with NDS-specified home directories, the DEFAULT_USER_HOME_SERVER parameter may still fail when one or both IGNORE parameters are being used.
- When a user attempts to PUT a file to a location that is out of disk space, the message "No space left on the device" will be returned. Previously, the FTP client session might either hang or appear to complete when it had not actually transferred the file. This issue also applies in cases of administrative disk space restrictions that restrict the amount of disk space a person can use.
- More accurate error message is returned when a user without WRITE access attempts to PUT a file.
- Internationalization improvements.
Other changes, previously included in NWFTPD.NLM v5.01o, February 23, 2000 (from NWFTPD2.EXE and NW 5.1 SP3):
- Eliminated two security weaknesses involving anonymous user access.
- Removed the line "total 0" from the output of a NLST (ls) command.
- Resolved a conflict between the DEFAULT_USER_HOME_SERVER parameter (FTPSERV.CFG) and the GUEST restriction (FTPREST.TXT).
- Host Intruder Lockout feature now counts login attempts even when the attempted username does not exist in NDS.
- Eliminated possible abend while renaming. This abend was very rare, as it involved issuing a "RNTO" (rename to) command after the"RNFR" (rename from) command received an error (file not found). Most FTP clients do not issue RNTO if the RNFR has failed.
Other changes, previously included in NWFTPD.NLM v5.01i, November 8, 2000 (NWFTPD1.EXE).
- Some users were not being placed in their NDS-specified home directory upon logging in. This has been corrected. For details of the exact issue, see knowledgebase KB 10056867 (also known as Solution NOVL26172).
- STOU (Store Unique) command has been implemented. For details of this implementation see knowledgebase KB 10053186 (also known as Solution NOVL11640).
- STRU F (File Structure) command has been implemented. NWFTPD already defaulted to File Structure, but did not recognize this command.
- MODE S (Stream Mode) command has been implemented. NWFTPD already defaulted to Stream Mode, but did not recognized this command.
- Renaming a file would fail if a servername was specified in the target name (RNTO, rename to). Now NWFTPD accepts a server name in the target as long as it matches the server name in the source (RNFR, rename from). This enhancement is in addition to the renaming enhancements already in NetWare 5.1 Support Pack 2. For more details on all these renaming enhancements, see knowledgebase KB 10052554 (also known as Solution NOVL9096).
- Users who had dots (periods) in their names or context names could not log in through FTP. This does not apply to dots used as delimiters between object or container names. It only applies to dots that are actually part of a object name. NWFTPD will now allow these users in, so long as these dots are preceded by a backslash (\). For example, a user whose name (without context) is bob.smith would login to FTP as:
Or if Bob was in the context O=novell.com (where the dot in"novell.com" is part of the O= name, rather than indicating a new container), and if he wanted to use his full name with context, he would login as:
- Corrected the FTP Server responses to the user commands "quote help" and "quote site help".
- If passwords (email addresses) are required for anonymous user login, NWFTPD now verifies that the password entered matches the pattern x@y. At least 3 characters are needed, with the @ symbol separating the other 2.
- TCP connections for FTP were not being cleared if an workstation with an FTP session running was powered off or removed from the network during file transmission. This has been corrected.
- NWFTPD previously would add a maximum of 32000 messages to each of it's log files before starting over. Now this limit can be controlled in the /ETC/FTPSERV.CFG file, with the parameter:
This parameter represents the number of messages that can be added to the existing LOG file before it is reset. This one parameter specifies the limit for each of NWFTPD's 4 log files.
- Enhanced NWFTPD to allow the default FTP home directory to reside on another server. This does not apply to the anonymous home directory. To set the default home server, use the following parameter in /ETC/FTPSERV.CFG:
Where "servername" is replaced by the name of the server where the home directory exists. Do not use full NDS server names with contexts. This parameter works in conjunction with the already existing DEFAULT_USER_HOME parameter, which specifies the volume name and directory. If the remote server cannot be reached, NWFTPD will fall back to the local server.