F R E E W A R E T F T P Server NLM for Novell Netware 3.1x, 4.xx Copyright 1994, by HellSoft Comments a bugs to "meloun@vision.felk.cvut.cz" New versions "nw311/tftpd:novell.felk.cvut.cz" Written at Czech Technical University, Prague, Czech Republic E U R O P E Introduction and Features This NLM allows loading and storing files on Novell Netware 3.11+ servers using TFTP protocol. It's based on the idea of stadndard Unix secure TFTP server. System requirements TFTPD.NLM requires Novell Netware Server v3.11 or better, running TCPIP.NLM and CLIB.NLM. The TCPIP v2.xx and newest CLIB is highly recommended. Loading of the TFTPD server: load [path]TFTPD {-R} {home_directory} -R enable read only access. Default: the read/write access is enabled. home_directory Home directory for TFTPD.NLM (see below). Default: SYS:TFTPD Console commands: tftpd debug tftpd nodebug This command controls the debug mode for TFTPD.NLM Description Please, see to RFC 783 to complete description of TFTP server, this section describe the differences only. File name processing Step 1 The requested path name is checked for the ':' character. If this character is present, the 'access denied' error status is returned to client. Step 2 All '\' characters in path name is changed to '/'. This means, that the '/' or '\' character can be used as directory separator. Step 3 The path name is simlified. The '.' is removed from the path and '..' is procesed. Step 4 All parts of path name are converted to valid DOS name. This means, that the name is cut to 8 characters and extension to 3 charaters. Step 5 The home_directory is added before requested path name. This means, that all files, distributed using TFTP protocool to clients, must be in this directory. Security. The TFTP protocol is, by nature, unsecured. There is no simple way to map the incomming TFTP request to the Netware users or users rights. The TFTP.NLM works with the file server rights, but internaly map the accessible part of Netware file system to one directory (home_directory). All users can get any file within this directory, but cannot get any other file. Write access can be controled using the -R switch. If the write access is enabled, the user still cannot create any file or directory. The user can only rewrite any existing file which have Read Only flag cleared. This restriction allow netadmin to protect the home_directory from inappropriate access of users.