What fixes are in NWFTPD.NLM v5.10.02, March 9, 2011?

  • 3238588
  • 14-Feb-2008
  • 27-Apr-2012

Environment

Novell NetWare 6.5
Novell NetWare 6.0
Novell NetWare 5.1
Novell NetWare FTP Server (NWFTPD.NLM)

Situation

What fixes are in NWFTPD.NLM v5.10.02, March 26, 2011?

Resolution

The history of NWFTPD.NLM changes over it's entire life (136 months) is documented below.  Note that recent updates are only supported on NetWare 6.5 (aka OES NetWare).  For NetWare 5.1 and NetWare 6.0, NWFTPD.NLM v5.05 is last supported version.
 
The download NWFTPD17.ZIP provides an updated FTP Server, NWFTPD.NLM 5.10.02, March 9, 2011.
 
Bugzilla 641249:  FTP clients (authenticated or anonymous) could submit certain lengthy commands which might overflow NWFTPD's command buffer, corrupt the stack, and abend individual FTP session threads.  These abends have been eliminated.  Typically, other FTP threads were not disturbed, and new FTP sessions could be established.  However, in a small percentage of cases, a severe enough abend might occur to require system restart.  (Similar symptom to that which was fixed in NWFTPD16.ZIP, but with a different root cause).
 
 
Other changes, previously included in NWFTPD.NLM 5.10.01, March 26, 2010, from NWFTPD16.ZIP.
 
Bugzilla 569496:  FTP clients (authenticated or anonymous) could submit certain lengthy commands which might overflow NWFTPD's command buffer, corrupt the stack, and abend individual FTP session threads.  Typically, other FTP threads were not disturbed, and new FTP sessions could be established.  However, in a small percentage of cases, a severe enough abend might occur to require system restart.
 
 
Other changes, previously included in NWFTPD 5.10.00, December 28, 2009, from NWFTPD15.ZIP.
 
Bugzilla 524729:  During rapid cluster resource migrations from one node to another, it is possible that the method used to tell NWFTPD to unload itself may not completely finish its tasks.  This could lead to cases where the resource would come up on the new node, but then immediately unload NWFTPD.  This has been corrected.  Specifically:
 
     Old behavior:  Anytime NWFTPD.NLM found "UNLOAD_THIS_INSTANCE=YES" set in the FTPSERV.CFG file, it would unload itself, then reset that flag back to NO.  This was true regardless of whether NWFTPD found this condition upon first loading / initializing, or later, after being up and running.
 
     New behavior:  When NWFTPD is first loading and initializing, "UNLOAD_THIS_INSTANCE=YES" will no longer cause NWFTPD.NLM to unload.  The intention of this flag is to unload an already-running instance of NWFTPD, not prevent a new instance from coming up.  With this change, if this setting is found upon initial load, it will simply be set back to NO without causing NWFTPD to unload.
 
 
Other changes, previously included in NWFTPD 5.09.02, Oct 14, 2008, from NetWare 6.5 SP8.
 
Bugzilla 294038:  If a NetWare FTP Server is giving a user access to the root directory of an NCP share or NSS volume on OES Linux, the "pwd" command would return a duplicate path, i.e. /vol1/vol1
 
Bugzilla 175491:  If FTP is using DOS name space on a NetWare volume and the current working directory is the root of a volume, the "pwd" command would return a duplicate path, i.e. /vol1/vol1
 
Bugzilla 354909:  Corrected a problem which could cause subtree user searching to work only under the first bindery context. This fix is not actually in NWFTPD.NLM, it is in NDSILIB.NLM version 15.05.01, Oct 14, 2008 (also found in NetWare 6.5 SP8).
 
Bugzilla 349388:  Fixed an abend which could occur after manual alteration of the FTPSERV.CFG, if a YES/NO parameter had a comment added on the same line, for example:
 
SECURE_CONNECTIONS_ONLY=YES #this comment will make NWFTPD abend, so please don't add it to this line
 
NOTE: For the FTPSERV.CFG file, Novell does not recommend adding comments to a line containing a configuration setting. This fix will prevent the abend, but comments should be placed on their own lines.
 
 
Other changes, previously included in NWFTPD 5.08.07, Sept 11, 2007, from NetWare 6.5 SP7.
 
Bugzilla 272093:  The behavior of the "NOREMOTE" restriction in FTPREST.TXT was corrected.  In some cases, it was not being properly enforced.  The design of "NOREMOTE" as stated in the documentation:  During login, the NetWare FTP Server determines the user's home server / home directory.  The user is unable to navigate outside the home server.  NOTE:  The home server can be different from the server where NetWare FTP Server is running.
 
 
Other changes, previously included in NWFTPD 5.08.06, May 28, 2007, from NWFTPD14.ZIP.
 
Bugzilla 260459 - Corrects a security malfunction which could fail to apply restrictions to users, or apply too many restrictions to users, based on confusion from partial matches of container names in the sys:etc\ftprest.txt file.
 
Bugzilla 227860 - Increases FTP Server's ability to report large file sizes. Previously, directory lists and the output of the SIZE command would only report accurate sizes up to 2 gigabytes. The new behavior is as follows:
 
- For purposes of this discussion, 1 GB = 1024 MB = 1024 * 1024 KB = 1024*1024*1024 bytes.
- Long directory lists will report accurate sizes up to 4294967295 bytes (this is 1 byte less than 4 GB).  Larger files will report that same value (4294967295).
- The SIZE command, when used on a file on a local volume (i.e. the same server where FTP is running), will report accurate size up to the limit of that type of volume (Traditional or NSS).
- The SIZE command, when used on a file on a remote volume, will report accurate size up to 4294967295 bytes (1 byte less than 4 GB).
 
Bugzilla 223024 - Clarified the error given when an attempt is made to load NWFTPD.NLM but something already has control of the IP address and port on which NWFTPD would listen.
 
 
Other changes, previously included in NWFTPD 5.07.02, July 24, 2006, from NetWare 6.5 SP6 or NWFTPD13.EXE.
 
Bugzilla 174859:  Fix for an abend: If multiple FTP servers are running on one NetWare server, (i.e. multiple instances of NWFTPD.NLM), the server could abend when unloading one of the instances with NWFTPD -u
 
Enhanced Feature:  The FTPSERV.CFG parameter "SECURE_CONNECTIONS_ONLY" has a new value that can be set.  Previously, it could be set NO and YES, controlling whether un-encrypted FTP control connections would be allowed or denied.  Now it can be set to STRICT, which will deny both un-encypted control connections and un-encrypted data connections.  For more information, see Novell Technical Document 3183151, titled:  New Security Enhancement to NetWare FTP Server.
 
Bugzilla 143310:  FTP subtree searches for users could fail when the user is located as follows:
 
.username.org_unit.locality.country
The fix for this is actually in NDSILIB.NLM v15.04.02, September 22, 2006. That module can be found in NWFTPD13.EXE but is also part of NetWare 6.5 Support Pack 6.

 
Other changes, previously included in NWFTPD 5.07, March 15, 2006, NWFTPD12.EXE.
 
Bugzilla 139601: Fixed an abend which occurred when setting time with the MDTM command, if the path to the target file is larger than the buffer provided.

Bugzilla 150135: Adjusted the use of the optional TransmitFile API (introduced in NWFTPD11.EXE). When enabled, TransmitFile is to be used for downloading files from the FTP server itself, not for files retrieved from other NCP servers. However, NWFTPD was determining it's usage of TranmistFile based on the location of the user's home directory server, rather than basing it on the server where NWFTPD.NLM was actually running. This has been corrected.


Other changes, previously included in NWFTPD 5.06.05, November 16, 2005, NetWare 6.5 SP5.

Bugzilla 133977: Fixed a low-risk security issue related to passwords.

Enhanced Feature: Added eDir subtree searching, for better contextless login. See https://support.microfocus.com/kb/doc.php?id=10072649 for more details.


Other changes, previously included in NWFTPD 5.06.04, October 27, 2005, NWFTPD11.EXE.

Bugzilla 130954: The FORCE_PASSIVE_ADDR feature, introduced in NWFTPD 5.05.04, caused a side effect when it was NOT being set, for systems where FTP was using more than one IP address. Once the first passive connection was formed, all subsequent passive replies referenced the initial IP address, even if the FTP server was listening on a different IP address. This could cause passive connection failures on multi-IP-address servers.

Bugzilla 130120: If IGNORE_HOME_DIR is set to YES in FTPSERV.CFG, NWFTPD will now skip the eDir query to get the home directory. Previously the query was made, even though the resulting information was not used.

Bugzilla 129932: Removed the redundant queries to eDir when a user object with no password is successfully logged in, but then the client submits a password command (PASS) anyway. Previously, this was causing the authentication to close and then be re-established.

Bugzilla 97819 : Fix for Not-logged-in connections piling up. Certain code paths in NWFTPD could leave Not-Logged-In connections behind after FTP sessions were finished. These could pile up on the FTP server itself, or on remote NetWare servers to which the FTP server was contacting on behalf of the FTP user.

Bugzilla 120058: New feature: NWFTPD can optionally use the new TransmitFile API, which allows higher performance downloads (uploads are not effected). The higher performnace method will only be used if the file being retrieved is on the FTP server itself (not on a remote NCP server) and is being transfered in the default FTP File Structure (i.e. not in Record Structure). To see the benefit of this feature, the FTP server should be on a gigabit network, and should be handling enough load from multiple FTP clients to make use of more than 100Mbit bandwidth. This is controlled by a new parameter in FTPSERV.CFG: TRANSMITFILE_SUPPORT=YES (default is NO).


Other changes, previously included in NWFTPD 5.05.04, in NetWare 6.5 SP4:

Bugzilla 94528: Added ftpaudit.log message to note when there is an invalid line in address restrictions of the FTPREST.TXT file.

Bugzilla 85926: Changed formatting of log files to consistently use space-comma-space as the delimiter between various fields in all the log files. Also ensured that whenever some fields are missing in some lines, extra delimiters are added so formatting is preserved.

Bugzilla 80554: Fixed SIZE command used against non-existant files (previously it was not responding).

Bugzilla 86229: New feature: Optionally force an administrator-chosen IP address to be included in server's passive reply. This is intended to supply public address instead of a private address when the server is behind NAT. This only effects the passive reply message; it does not control where the FTP server actualy listens for passive connections. The IP address is set in FTPSERV.CFG with: FORCE_PASSIVE_ADDR=aaa.bbb.ccc.ddd

Remedy RFE 29806: Enhance MDTM command to allow the setting of modified date and time, not just retrieving. Also enhanced MDTM to function on directories, not just files.


Other changes, previously included in NWFTPD v5.05, in NetWare 6.5 SP3 and NetWare 5.1 SP8:

Fix for DEFECT000382749: Abend in ResumeThread API. Invalid thread handle passed.

Fix for DEFECT000398218: Double Page Fault abends caused by running out of stack space in NWFTPD. Doubled the stack size to accomodate.


Other changes, previously included in NWFTPD10.EXE (NWFTPD v5.04.25):

FIX for DEFECT500370012: Removed trailing slash from PWD and CWD responses when at the root of a volume. Previous response of"/vol1/" was not consistent with response in a sub-directory,"/vol1/dir1"

FIX for DEFECT000383564: The ability to rename a file to a different path (effectively moving it) was restored. This ability had been broken in v5.04.20, May 25, 2004.

MODIFIED FEATURE: Changed the error message when failing to overwrite a read-only file from "File exists with Read access" to"Failed: File is Read-Only"

MODIFIED FEATURE: Information from FTPSTAT.NLM is now provided over a secure connection and is only available in iManager. This change is only for NetWare 6.5. Older versions of NetWare should not use the FTPSTAT update.

FIX for DEFECT500368598: Delays in closing DS connections were holding FTP connections open longer than necessary, causing the max FTP sessions allowed to be reached prematurely on heavily used FTP servers. The order was changed so the FTP session is closed before the DS connection is closed.

MODIFIED FEATURE: Restored the feature of accepting multiple slashes within a path, and treating them as 1 slash. For example, /vol/dir1////dir2 is treated as /vol/dir1/dir2. NOTE: Beginning a path with 2 slashes is always treated as indicating a server name. I.E. CD //SERVER/Vol1/dir

MODIFIED FEATURE: Changed PSEUDO_PERMISSIONS parameter to PSEUDO_SERVER_FLAG to support multiple Unix-related options. This setting (a decimal number) is converted to binary and each bit represents an optional behavior. Currently there are only 2 flags that can be used, so the decimal value must be within 0 - 3 (inclusive). In binary, the least-significant bit (right-most bit) represents whether Unix permissions will be shown in a dir (LIST) response. 1 means Unix permissions are shown; 0 means the default NetWare owner trustee rights are shown. The 2nd bit from the right represents whether Unix will be reported as the system type. 1 means the reply to the SYST command will be "UNIX Type: L8" 0 means the default of "NETWARE Type : L8" will be used. So in decimal, 1 represents Unix-style permissions; 2 represents Unix system type; and adding both together (3) means both features are active. Running FTPUPGRD.NLM will automatically update the FTPSERV.CFG file to add this setting and convert the old PSEUDO_PERMISSIONS value to the appropriate decimal value.
NEW FEATURE (unsupported): Added a new parameter, DISABLE_PATH_DIR_LISTING. Normally, if a user includes a path on a ls or dir command, the files listed in the response are prefixed with that path. This allows operations like mget to succeed when a path to the files is specified. If this new parameter is turned on, the path will not be included in the response, and some FTP operations may fail. This setting will only be available within the FTPSERV.CFG file, not within the NetWare 6.5 iManager interface.

FIX for DEFECT000374943: Address_Range restrictions in FTPREST.TXT involving nested ranges were failing.


Other changes, already included in NetWare 6.0 SP5 and NetWare 6.5 SP2 (NWFTPD.NLM 5.04.20, May 25, 2004).

FIX for DEFECT500367363: Data Connections are now initiated from port L-1 (control port minus 1). Previously port 20 was used for active data connections even if control port was set to something other than the default of 21.

FIX for DEFECT500272228: KeepAlive option was only watching control connections. Now it also watches data connections.

FIX for DEFECT000353990: March 19, 2004 - Corrected the PWD response, which was leaving out the volume name if the GUEST restriction was in force. (Only relevant if the volume was considered underneath the home directory, i.e. DEFAULT_USER_HOME=\ ). May 25, 2004: Corrected side effect of March 19th change: Hided the true path to the anonymou user's home directory.

NEW FEATURE: NWFTPD will sense whether it is running on NetWare 5.1 and avoid using 64 bit reads and writes accordingly. This allows the same NLM to function on both NetWare 5.1 and 6.x. (There was a period from November 2003 to March 2004 where NetWare 5.1 could not receive the current NWFTPD.NLM updates.)


Other changes, already included in NetWare 6.0 SP4 and NetWare 6.5 SP1 (NWFTPD.NLM late November, 2003).

FIX for DEFECT500350446: Previously the system console could hang when unloading NWFTPD.NLM if 1000 active ftp sessions were present.

FIX for DEFECT000353973: Prevents an ABEND due to buffer overflow, when pushing over 1024 characters into username or password.

NEW FEATURE (Only effective on NetWare 6.0 and higher): FTP server now supports the storage or retrieval of files larger than 4 Gigabytes. This feature only supports file transfers. FTP directory lists will not correctly display sizes for files this large, but they will transfer correctly.

MODIFIED FEATURE: Minor improvement to message given for the opening of a data connection.

MODIFIED FEATURE: Stopped accepting multiple sequential slashes within paths. I.E. get dir1////dir2/file1.txt will now return"invalid path." NOTE: this change was temporary, previous behavior was later returned to accept multiple slashes within a path and treat them as 1 slash. NOTE: Beginning a path with 2 slashes is always treated as indicating a server name. I.E. CD //SERVER/Vol1/dir

MODIFIED FEATURE: Paramter DISABLE_SITE_CMDS was re-introduced. Controls whether the SITE command can executed.

FIX for DEFECT000338587: Added support for extended characters in passwords.

FIX for DEFECT100309544: FTP restrictions could fail if login name was a relative name (no leading dot) and had a trailing dot (i.e. user.container. ).

FIX for DEFECT500287422: Domain name login restrictions were not coming into effect.

FIX for DEFECT000349126: Use of SEARCH_LIST could cause NWFTPD to locate a user object in a context other than that specified by a FDN login attempt.

FIX for DEFECT000349127: FTP restrictions could fail depending on bindery context setting.

FIX for DEFECT000349295: Corrected a problem with dynamically learning of changes to the FTP restrictions file. (Default FTPREST.TXT).

FIX for DEFECT500289807: Previously, if an NWFTPD -A operation was not completed, an attempt to unload NWFTPD would hang the server console.

FIX for DEFECT100275271: PWD response now shows correct case of directory names, instead of all lower-case.

Other changes, already included in NWFTPD.NLM v5.04.08, Aug 4, 2003 (found in NWFTPD9.EXE and NW 5.1 SP7).

- MODIFIED FEATURE: The number of contexts that can be placed in the SEARCH_LIST has been increased from 25 to 30. (Note that the comments in the FTPSERV.CFG file have not yet been modified to reflect the new limit).

- FIX for DEFECT000336285: This change was actually made to overcome weaknesses of some 3rd-party FTP clients. Adobe GoLive and MS Internet Explorer for Macintosh were, in some cases, unable to display a full list of NetWare volume names. Instead, only the last volume name was displayed. Testing indicated this was because of case-sensativity those clients have to the format of the output of the LIST (dir) command. There is no official format for this output, and other FTP clients were already handling it without problem. Even so, for best inter-operability with a wider range of FTP clients, Novell altered it's LIST format for NetWare volume names.

- FIX for DEFECT500289544: Improved error message when trying to PUT a file with a LONG name during an FTP session using DOS name space.

- NEW FEATURE: If NWFTPD.NLM is loaded with no config file specified, and a config file doesn't exist at the default location (SYS:ETC\FTPSERV.CFG) a new config file will be created at that location with all default settings.


Other changes, already included in NetWare 6.5 (NWFTPD.NLM v5.04.05, July 4, 2003).

- NEW FEATURE: Support has been added for RFC 2228 - FTP Security Extensions. FTP sessions can now be encrypted with the existing SSL capabilities of a NetWare server. A client which has implemented RFC 2228 is required to make use of this feature. For details and suggestions, see the online documentation for NetWare FTP Server at https://www.novell.com/documentation/lg/nw65/index.html as well as KB 10085857 (aka Solution NOVL91605).

- FIX for DEFECT500287708: Fix to close a loophole in the enforcement of the restrictions in FTPREST.TXT file.

- MODIFIED FEATURE: If NWFTPD is loaded with -c to specify a certain configuration file, and the specified file does not exist, NWFTPD will abort (not load). Previously, in this scenario, NWFTPD would load but use the default configuration file SYS:ETC\FTPSERV.CFG (or use default settings if FTPSERV.CFG did not exist). Loading with defaults rather than with intended settings could be a security risk.

- MODIFIED FEATURE: The format of multi-lined messages sent over the FTP Control Connection were changed to avoid FTP Sessions being improperly reset by CheckPoint firewalls.

- FIX for DEFECT500287489: Closed a loop-hole in intruder detection methods.

- FIX for various defects dealing with hangs or abends when running NWFTPD -A, when a replica server is not available.

- FIX for DEFECT000342408: When one FTP Server was listening on multiple IP addresses, active data connections initiated from the FTP Server would come from the primary IP address rather than from the IP address of the particular FTP session. That has been corrected.

- NEW FEATURE: Changes to the FTP restrictions file (default location) SYS:ETC\FTPREST.TXT now come into effect dynamically, without requiring NWFTPD to be unloaded / reloaded.

- MODIFIED FEATURE: LONG path and filenames can now be used in the FTPSERV.CFG file. Previously only DOS names were allowed.

- MODIFIED FEATURE: The size of the FTP log files is now controlled by size in Kbytes, rather than number of log messages present.

- MODIFIED FEATURE: The FTP command NLST (ls) will now be treated as the FTP command LIST (dir) if one of the following parameters is used: -l, -al, -la.

- NEW FEATURE: When running multiple instances of FTP Server, unloading NWFTPD meant unloading all instances. Now, individual instances can be unloaded with 2 methods:

NWFTPD -U
where represents the path and file name of the configuration file specific to the instance of FTP server which is to be unloaded.
-or-
Edit the configuration file of the instance to be unloaded and set UNLOAD_THIS_INSTANCE=YES. Upon saving the file, the FTP Server will become aware of the change and unload the appropriate instance. The setting will automatically be set back to NO so it can be reloaded afterwards.

- NEW FEATURE: Existing intruder lockouts can be cleared without unloading NWFTPD. Edit FTPSERV.CFG and set CLEAR_EXISTING_INTRUDERS=YES. Save the file. Upon the next FTP connection attempt, FTP Server will become aware of the change and clear the lockout lists. The setting will automatically be set back to NO.

- MODIFIED FEATURE: The default setting for DATA_BUFF_SIZE was changed from 32 to 64 (Kbytes) to improve file transfer performance.

- FIX for DEFECT500276455: Corrected a failure to release memory resources when NWFTPD is loaded and unloaded multiple times.

- FIX for DEFECT000327201: Previously, setting DEFAULT_USER_HOME to a solitary slash (I.E. DEFAULT_USER_HOME=/) would prevent the DEFAULT_USER_HOME_SERVER parameter from taking effect. This has been corrected.

- FIX for DEFECT000319984: Previously, setting DEFAULT_USER_HOME to a solitary slash (I.E. DEFAULT_USER_HOME=/) would prevent the parameters IGNORE_REMOTE_HOME=YES and IGNORE_HOME_DIR=YES from taking effect. This has been corrected.

- MODIFIED FEATURE: Improved the output of the console command NWFTPD -? (to generate usage syntax).

Other changes, previously included in NWFTPD.NLM v5.03L (v5.03.12), Feb 12, 2003 (from NWFTPD8.EXE):
- NEW FEATURE: New FTPSERV.CFG parameters can enable and control a optional format for the output of a‘dir' (LIST) command. Some FTP clients incorrectly expect all FTP Servers to use Unix format in their detailed directory list output. The Adobe GoLive FTP client and some versions of PerfectFTP are examples. To accommodate these clients, the following parameters can be used:

PSEUDO_PERMISSIONS=ON
This will enable Unix-style directory lists, including the display of Unix permissions. It should be noted, however, that these permissions are not in effect. Effective NetWare trustee rightswill still govern a user's access. Furthermore, these permissions will not reflect the permissions that may be stored in the NFS name space of a NetWare volume. Novell's NFS Services or Native File Access for Unix may populate true permissions in the NFS name space, but FTP does not use NFS name space.

PSEUDO_FILE_PERMISSIONS=644
The parameter controls the permissions reported by FTP Server for files. The default is 644 but it can be set to any 3 digit octal value (max 777). Since these permissions are not enforced by the FTP server, there is no known reason to modify them. However, if an FTP client is discovered which is sensative to the permissions reported, the administrator can tailor the display to the needs of the client. This parame.ter only has effect when PSEUDO_PERMISSIONS is set to ON.

PSEUDO_DIR_PERMISSIONS=755
The parameter controls the permissions reported by FTP Server for directories or volumes. The default is 755 but it can be set to any 3 digit octal value (max 777). Since these permissions are not enforced by the FTP server, there is no known reason to modify them. However, if an FTP client is discovered which is sensative to the permissions reported, the administrator can tailor the display to the needs of the client. This parameter only has effect when PSEUDO_PERMISSIONS is set to ON.

- NEW FEATURE: FTP Server can now optionally prompt for the anonymous password even when anonymous access is disabled. This is useful when using Internet Explorer (IE) as an FTP client. Previously, if anonymous access was disabled, then when entering the URL: ftp://server, IE would automatically attempt an anonymous login, which would immediately be denied. Now, by prompting for a password first, IE will bring up a dialog box which allows the user to specify both his name and password. This is more user friendly for novice users who aren't familiar with advance FTP URL syntax like ftp://username:password@server.

To control whether the password is requested for the anonymous user, set ANONYMOUS_PASSWORD_REQUIRED=YES/NO (the default is YES). This parameter has always existed in FTPSERV.CFG, but previously only had effect when ANONYMOUS_ACCESS was set to YES.

- NEW FEATURE: A new FTPSERV.CFG parameter, DEFAULT_FTP_CONTEXT, can control the default directory context used by FTP Server. If this parameter is not set, the FTP Server will fall back on the old method of using the first bindery context; or if no bindery context is set, using the server object's context. The ability to control this manually is useful for controlling the location of the anonymous user object; especially in cases where multiple instances of FTP are being loaded, each needing it's own anonymous user object. This setting should use the Fully Distinguished Name of the desired context, including a leading dot. For example, DEFAULT_FTP_CONTEXT=.testing.novell

- NEW FEATURE: Dynamic configuration changes. Changes to the FTPSERV.CFG file will come into effect automatically instead of requiring NWFTPD.NLM to be unloaded and reloaded.

- MODIFIED FEATURE: The TCP Keep Alive Time (for detecting broken connections) is now configurable in FTPSERV.CFG. Previously the time was hard-coded at 10 minutes. It can now be set from 5 to 120 minutes, and can also be completely disabled. The setting is:

KEEPALIVE_TIME=10

The default (when no setting is made) is 10 minutes. When set to 0 (or negative), the timer is disabled. Settings of 1 thru 4 or higher than 120 are invalid and will be taken as 120 minutes.

- MODIFIED FEATURE: The -C parameter of NWFTPD was modified to accept optional volume and path syntax in the format: [vol:[/dir/...]]filename
For example, vol1:/ftpdir/ftp1.cfg

- MODIFIED FEATURE: When loading NWFTPD -A, the user is now prompted for the Fully Distinguished Name (FDN) of the admin user object. This is to avoid past situations where NWFTPD was unable to find the context of the admin object. NWFTPD -A will also verify that the anonymous user home directory syntax is entered correctly.

- FIX for DEFECT500284033: NWFTPD.NLM was leaking BSD sockets, especially when using passive data connections. This has been corrected.

- FIX for DEFECT000325339: With builds of NWFTPD.NLM from July 2002 or later, deleting files from the root of a volume could fail. Additionally, any failure to delete a file was returning an invalid error code:
-39 Internal error, could not delete file "/sys/nofile.txt"
The deletion problem has been corrected, and the proper error is again reported as:
550 Could not delete file "/sys/nofile.txt"

- FIX for DEFECT000307961: With builds of NWFTPD.NLM from July 2002 or later, guest or anonymous users were unable to rename files, receiving the error, "503 Bad Sequence of Commands". This has been corrected.

- FIX for DEFECT500276294: In certain configurations, anonymous users with a home directory on a NFS Gateway volume would receive too much access to the file system. NWFTPD has been modified to prevent this.

- FIX for DEFECT000310498: Improved error handling for improper usage of path syntax. FTP Server does not allow wildcards to be used in directory names. Accurate errors are now returned in these cases. Wildcards can still be used in file names.

- FIX for DEFECT000317490: One of the changes in NWFTPD v5.03b (October 7, 2002) mistakenly removed the "total 0" line from the beginning of dir (LIST) output, if the directory list was being done at the root of the server (to see all volume names). This"total" line is standard in Unix, and is expected by some FTP clients, including Microsoft Internet Explorer. The missing line can ause some clients to display the output incorrectly. The line has been restored.

- FIX for DEFECT500279626: When receiving a QUIT command, FTP Server was doing a TCP RESET of the FTP connection, rather than doing a normal FIN / ACK process to close the connection. This has been corrected.

- FIX for DEFECT500282439: If a TCP bind error occurs while NWFTPD attempts to load, it will unload rather than stay loaded in a non-functional state.

Other changes, previously included in NWFTPD 5.03b, October 7, 2002 (from NWFTPD7.EXE):

- Eliminated an abend which occurs when unusual character strings are included in a username, when authenticating to the FTP server.

- Eliminated an abend (usually page fault) which could occur when an ABOR (abort) command is preceded by additional characters. The ABOR command is used to interrupt data transfers.

- Eliminated a page fault abend involving stack overflows and invalid pointers.

- Altered the directory output (from the 'dir' or 'LIST' command) to not include a beginning "total" line except when no filename or wildcard is specified. This method is a better match for the unofficial FTP standards which Unix has established, and provides better compatibility for some FTP clients.


Other changes, previously included in NWFTPD 5.02y, July 25, 2002 (from NW 5.1 SP5 and NW 6.0 SP 2):

- Eliminated a memory leak. - Enabled deletion with 'del' or'DELE' commands using wildcard file specs, on a legacy NetWare volume. (This was already possible on NSS volumes).

- Corrected a failure to get directory listing for users with the GUEST restriction. Some methods of specifying home directory syntax in the NDS user account were not being handled correctly by NWFTPD.NLM.

- Enhanced ls (NLST) and dir (LIST) output to include directory paths if the path was included in the ls or dir command. For example, ls dir2/* will now give output in the format: dir2/file1.txt dir2/file2.txt This enables FTP client commands like mget and mdel (which make use of the NLST command) to succeed even when paths are specified.

- In accordance with NetWare design policy, disabled the ability of FTP users to read / write to volumes on servers where no user / connection license can be obtained.


Other changes, previously included in NWFTPD 5.02r, April 26, 2002 (NWFTPD6.EXE):

- Eliminated high-utilization problems that could occur when invalid commands (improper syntax or length) were sent to the FTP server. While in
high-utilization, if NWFTPD was unloaded, a Double Fault Processor Exception abend could also occur. These problems were present in NWFTPD.NLM builds beginning October 19, 2001.

- Eliminated a Page Fault Processor Exception abend that could occur when NWFTPD.NLM was loaded and unloaded in rapid succession, as from an NCF file or Cluster script.

- Several corrections to certain FTP messages / responses.

- Corrected a failure to clear old not-logged-in connections.

- Corrected a potential abend on multi-processor systems.

- Improvements to intruder detection.


Other changes, previously included in NWFTPD 5.02i, February 16, 2002 (NWFTPD5.EXE):

- Fixed a page fault abend which could occur after applying NW 5.1 SP4. This abend can occur in TCP.NLM when the FTP server is under a heavy load. The exact conditions required to trigger the abend can vary, but the abend has been seen to occur with as little as 60 FTP sessions, depending upon the type and number of data connections opened in those sessions. FTP's method of listening for data connections was altered in order to eliminate this abend.


Other changes, previously included in the January 7th, 2002 build from NW 5.1 SP4:

- Corrected the error reporting that would occur when the FTP server could not write a file. In some previous versions, the FTP server could report
"insufficient disk space" when in reality the write failure was due to factors other than disk space.

- Corrected a potential failure to find user objects underneath country or locality containers.

- Minor changes to the messages given during a rename operation.

- Expanded the logging of IP address & anonymous user in FTPAUDIT.LOG file, when anonymous login fails.

- Minor improvements to user and host intruder detection.

- Fix to insure closure of FTP connections if NWFTPD.NLM is unloaded during FTP transfers.

- Fix to set the user's context correctly when the NetWare Server object's context is different than the server's first bindery context, or if search list input is given.

- Improvements to message handling for international environments (usage of non-default code pages).


Other changes, previously included in NWFTPD 5.02b, October 19, 2001 (NWFTPD4.EXE)

- Added support for Record Structure (implented the STRU R functionality).

- Altered the FTP command processor to accept various control sequences before the ABOR (abort) command, in accordance with FTP and TELNET RFCs. Corrected the FTP server's response in conditions where ABOR is used when the previous command has already completed.

- Eliminated a conflict between the parameter DEFAULT_USER_HOME_SERVER and the parameters IGNORE_HOME_DIR and IGNORE_REMOTE_HOME. The IGNORE... parameters are meant to apply to NDS home directory settings only, not to FTP's default
home settings.

- Corrected a problem with GUEST access restrictions, which had been causing failures in FTP directory lists (ls, dir, NLST, LIST).



Other changes, previously included in NWFTPD.NLM 5.01y, September 13, 2001 (NWFTPD3A.EXE)

- The prior FTP release (NWFTPD3.EXE, August 24, 2001) had some internationalization improvements which inadvertently altered the format of the date / time information in a DIR (LIST) command. This resulted in improper or missing dates, times, and sizes being displayed at the FTP client, or even in complete failure of some FTP clients (i.e. Netscape Navigator). The format has been returned to normal (without removing the internationalization improvements).

- Certain syntaxes of URLs used in Netscape Navigator were resulting in failure of the intial list of files available in an FTP session. This has now been corrected. (This was a long-standing issue, not introduced by the Aug 24th, 2001 release).

- User-based restrictions in the SYS:ETC\FTPREST.TXT file were failing under certain conditions. This has been corrected. (This is also an older issue, not introduced by the Aug 24th, 2001 release.) This issue only effected user-based restrictions; not container, address, or domain restrictions.

Other changes, previously included in NWFTPD.NLM 5.01w, August 24, 2001 (NWFTPD3.EXE):

- Enhancement to provide contextless login without the need for Catalog Services. SYS:ETC\FTPSERV.CFG can now use the parameter:

SEARCH_LIST=.context1.org1,.context2.org1,.context3.context2.org1

The syntax of this parameter is very strict. Each context listed should begin with a leading dot, and should show the full context. No relative contexts. A comma should separate each context in the list. No spaces should be used after the = (equal sign) or after any comma. A space should only be used if a container name actually contains a space character. Up to 25 contexts can be listed, but the maximum length of the setting (after the = sign, and including commas) is 2048 characters.
When a user logs in without specifying their context, the search order used by NWFTPD to find them will be (1) The first bindery context of the server, if set. (2) The NW server object's own context, if no bindery context is set. (3) The NDS Catalog Services catalog specified by the FTP_CATALOG_NAME parameter in FTPSERV.CFG. (4) The contexts listed in the SEARCH_LIST parameter of FTPSERV.CFG, in the order listed on that parameter.
While it is still possible to use both a Catalog Services catalog and the SEARCH_LIST parameter, it is recommended that use of Catalog Services be discontinued, as that technology is being phased out.
To have NWFTPD automatically add comments about all possible FTPSERV.CFG parameters to the existing FTPSERV.CFG file, unload NWFTPD and load NWFTPD -A. This will add the new comments to the config file without changing the current settings. However, this also enables anonymous FTP, so if that is not desired, edit the FTPSERV.CFG file afterwards and set ANONYMOUS_ACCESS=NO. The ANONYMOUS user (which will have been created either in the first bindery context of the server, or in the server object's own context) can also be deleted. After NWFTPD -A completes, NWFTPD should be loaded again to start the FTP Server.

- Adjustments for compatibility between FTP and other services in Native File Access Pack (NFAP) and Network Attached Storage (NAS).

- Solved an ABEND that could occur if the anonymous user used SUNIQUE mode to PUT a file (STOU, or Store Unique).

- Previously, when moving a file by renaming to a new path, if the file name contained the directory name, the rename would fail. For example:
REN FILENAME1 /FILE/FILENAME1 This would fail because the directory name "FILE" was included in the file name "FILENAME1". This problem has been eliminated.

- Previously, when defining container-based restrictions in the SYS:ETC/FTPREST.TXT file, if the container name contained a space character, the restriction would not come into effect. Now, containers with spaces in their names can be properly restricted, if quote marks are used. Examples:

"*.big apple.novell" ACCESS= DENY
"user1.big apple.novell" ACCESS= ALLOW

- A SYS:ETC\WELCOME.TXT file of 0 (zero) bytes will no longer result in an blank line (Carriage-Return / Line Feed) being sent before the "220 ready for new user" message. Some FTP clients malfunction after receiving a blank line.

- Users without a home directory specified in their NDS user object will be handled correctly by the DEFAULT_USER_HOME_SERVER parameter, even in cases where the parameters IGNORE_HOME_DIR or IGNORE_REMOTE_HOME are being used. However, for users with NDS-specified home directories, the DEFAULT_USER_HOME_SERVER parameter may still fail when one or both IGNORE parameters are being used.

- When a user attempts to PUT a file to a location that is out of disk space, the message "No space left on the device" will be returned. Previously, the FTP client session might either hang or appear to complete when it had not actually transferred the file. This issue also applies in cases of administrative disk space restrictions that restrict the amount of disk space a person can use.

- More accurate error message is returned when a user without WRITE access attempts to PUT a file.

- Internationalization improvements.


Other changes, previously included in NWFTPD.NLM v5.01o, February 23, 2000 (from NWFTPD2.EXE and NW 5.1 SP3):

- Eliminated two security weaknesses involving anonymous user access.

- Removed the line "total 0" from the output of a NLST (ls) command.

- Resolved a conflict between the DEFAULT_USER_HOME_SERVER parameter (FTPSERV.CFG) and the GUEST restriction (FTPREST.TXT).

- Host Intruder Lockout feature now counts login attempts even when the attempted username does not exist in NDS.

- Eliminated possible abend while renaming. This abend was very rare, as it involved issuing a "RNTO" (rename to) command after the"RNFR" (rename from) command received an error (file not found). Most FTP clients do not issue RNTO if the RNFR has failed.


Other changes, previously included in NWFTPD.NLM v5.01i, November 8, 2000 (NWFTPD1.EXE).

- Some users were not being placed in their NDS-specified home directory upon logging in. This has been corrected. For details of the exact issue, see knowledgebase KB 10056867 (also known as Solution NOVL26172).

- STOU (Store Unique) command has been implemented. For details of this implementation see knowledgebase KB 10053186 (also known as Solution NOVL11640).

- STRU F (File Structure) command has been implemented. NWFTPD already defaulted to File Structure, but did not recognize this command.

- MODE S (Stream Mode) command has been implemented. NWFTPD already defaulted to Stream Mode, but did not recognized this command.

- Renaming a file would fail if a servername was specified in the target name (RNTO, rename to). Now NWFTPD accepts a server name in the target as long as it matches the server name in the source (RNFR, rename from). This enhancement is in addition to the renaming enhancements already in NetWare 5.1 Support Pack 2. For more details on all these renaming enhancements, see knowledgebase KB 10052554 (also known as Solution NOVL9096).

- Users who had dots (periods) in their names or context names could not log in through FTP. This does not apply to dots used as delimiters between object or container names. It only applies to dots that are actually part of a object name. NWFTPD will now allow these users in, so long as these dots are preceded by a backslash (\). For example, a user whose name (without context) is bob.smith would login to FTP as:
bob\.smith
Or if Bob was in the context O=novell.com (where the dot in"novell.com" is part of the O= name, rather than indicating a new container), and if he wanted to use his full name with context, he would login as:
.bob\.smith.novell\.com

- Corrected the FTP Server responses to the user commands "quote help" and "quote site help".

- If passwords (email addresses) are required for anonymous user login, NWFTPD now verifies that the password entered matches the pattern x@y. At least 3 characters are needed, with the @ symbol separating the other 2.

- TCP connections for FTP were not being cleared if an workstation with an FTP session running was powered off or removed from the network during file transmission. This has been corrected.

- NWFTPD previously would add a maximum of 32000 messages to each of it's log files before starting over. Now this limit can be controlled in the /ETC/FTPSERV.CFG file, with the parameter:
NUM_LOG_MSG=
This parameter represents the number of messages that can be added to the existing LOG file before it is reset. This one parameter specifies the limit for each of NWFTPD's 4 log files.

- Enhanced NWFTPD to allow the default FTP home directory to reside on another server. This does not apply to the anonymous home directory. To set the default home server, use the following parameter in /ETC/FTPSERV.CFG:
DEFAULT_USER_HOME_SERVER=servername
Where "servername" is replaced by the name of the server where the home directory exists. Do not use full NDS server names with contexts. This parameter works in conjunction with the already existing DEFAULT_USER_HOME parameter, which specifies the volume name and directory. If the remote server cannot be reached, NWFTPD will fall back to the local server.
.

Additional Information

Formerly known as TID# 10060768