From 4e2366ebec6d1c05a9c22e7d01e010ee4dea45fc Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Wed, 06 Jun 2007 21:49:10 +0000
Subject: [PATCH] Put server into lockdown mode if ACI parsing fails during server startup or backend initialization. Issue #1750.

---
 opends/src/server/org/opends/server/messages/AciMessages.java |   38 ++++++++++++++++++++++++++++++++++----
 1 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/opends/src/server/org/opends/server/messages/AciMessages.java b/opends/src/server/org/opends/server/messages/AciMessages.java
index 536d22f..722a2e0 100644
--- a/opends/src/server/org/opends/server/messages/AciMessages.java
+++ b/opends/src/server/org/opends/server/messages/AciMessages.java
@@ -496,8 +496,9 @@
      * The message ID for the ACI message that will be generated when
      * an ACI decode failed because of an syntax error. This message is usually
      * generated by an invalid ACI that was added during import which
-     * fails the decode at server startup. This takes one
-     * argument, which is the message string thrown by the AciException.
+     * fails the decode at server startup. This takes three
+     * argument, which are the ACI string, the DN of the entry containing the
+     * ACI, and the message string thrown by the AciException.
      */
     public static final int MSGID_ACI_ADD_LIST_FAILED_DECODE =
         CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 48;
@@ -764,6 +765,25 @@
   public static final int MSGID_ACI_SYNTAX_ROLEDN_NOT_SUPPORTED =
        CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 76;
 
+   /**
+   * The message ID for the message that will be used if there are ACI decode
+   * failures at server initialization time or during a backend initialization.
+   * This takes one argument, which is the error message from the ACI decode
+   * exception.
+   */
+  public static final int MSGID_ACI_SERVER_DECODE_FAILED =
+       CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 77;
+
+
+   /**
+   * The message ID for the message that will be used if there are ACI decode
+   * failures at server initialization time or during a backend initialization
+   * causing the server is being put in lockdown mode. The takes no arguments.
+   */
+  public static final int MSGID_ACI_ENTER_LOCKDOWN_MODE =
+       CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 78;
+
+
     /**
      * Associates a set of generic messages with the message IDs defined in
      * this class.
@@ -1066,8 +1086,8 @@
                "because of the following reason: %s");
 
         registerMessage(MSGID_ACI_ADD_LIST_FAILED_DECODE,
-                "An attempt to decode an Access Control Instruction (ACI)" +
-                " failed because of the following reason: %s");
+                " \"%s\", located in the entry \"%s\", " +
+                "because of the following reason: %s");
 
         registerMessage(MSGID_ACI_ADD_LIST_NO_ACIS,
                 "No Access Control Instruction (ACI) attribute types were" +
@@ -1203,5 +1223,15 @@
               "value \"%s\" is invalid because it contains" +
               " the roledn keyword, which is not supported,  replace it with " +
               "the groupdn keyword");
+
+        registerMessage(MSGID_ACI_SERVER_DECODE_FAILED,
+                "Failed to decode the Access Control " +
+                "Instruction (ACI)%s");
+
+        registerMessage(MSGID_ACI_ENTER_LOCKDOWN_MODE,
+                "The server is being put into lockdown mode because " +
+                "invalid ACIs rules were detected either when the server " +
+                "was started or during a backend initialization");
+
     }
 }

--
Gitblit v1.10.0