I want to restrict FTP upload of ConnectMe firmware image.bin and rom.bin to FTP logins from the local segment?
I am working in NetOS 7.4 using ESP.
In FS_StoreFile(), I am already using FSUserName(handle) to restrict firmware uploads to the root login. So a lot is already working. I just need to make this extra check.
Is there a way to:
access the client IP using the “handle” (preferred)?
restrict all FTP login to the local segment as defined by IP and netmask?
restrict root login in the same way?
Any of the above would be ok, though #1 would be best for me.
Actually, I lied without meaning to. FS_StoreFile() does not seem to exist in NetOS 7.4. I am working in NetOS 7.0, looking forward to “upgrading” to 7.4 once my debugger issues are settled (see http://www.digi.com/support/forum/viewthread_thread,1263#4810).
All my logic except for this feature is working in 7.0. I just went to merge my changes into a 7.4 project and found that ftpsrv.c has changed quite a lot.
There is/are no API(s) available that would give a developer access to the client’s IP address. The closest you’ll get is when you set up the user names/passwords (assuming you are) using NAsetSysAccess() you can include an IP address. In that case, users of that user name will only be allowed to access the device (through ftp in your case) via that username/password/Ip address triplet.
NAsetSysAccess() is described in the on-line API reference guide.