From f2a87ab4022947f0cd48715d7c37393f0ebfd60a Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 02 Jun 2007 00:27:17 +0000
Subject: [PATCH] Update the server to provide a lockdown mode.  This is a mode in which the server will only allow client connections over loopback interfaces and will reject requests from non-root users.  This can be used in cases where it would be helpful for the server to be online to address a problem, but there might be security risks in having it fully available (e.g., the server detects a malformed access control rule on startup, and we don't want to allow normal access to the server since that rule might be intended to prevent users from seeing sensitive information and not having it interpreted properly could be dangerous).

---
 opends/src/server/org/opends/server/messages/TaskMessages.java |   52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 52 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/messages/TaskMessages.java b/opends/src/server/org/opends/server/messages/TaskMessages.java
index 2c64e54..9828f8c 100644
--- a/opends/src/server/org/opends/server/messages/TaskMessages.java
+++ b/opends/src/server/org/opends/server/messages/TaskMessages.java
@@ -236,6 +236,44 @@
 
 
   /**
+   * The message ID for the message that will be used if a nonroot user attempts
+   * to place the server in lockdown mode.  It does not take any arguments.
+   */
+  public static final int  MSGID_TASK_ENTERLOCKDOWN_NOT_ROOT =
+       CATEGORY_MASK_TASK | SEVERITY_MASK_SEVERE_ERROR | 21;
+
+
+
+  /**
+   * The message ID for the message that will be used if a client not connected
+   * via a loopback address attempts to place the server in lockdown mode.  It
+   * does not take any arguments.
+   */
+  public static final int  MSGID_TASK_ENTERLOCKDOWN_NOT_LOOPBACK =
+       CATEGORY_MASK_TASK | SEVERITY_MASK_SEVERE_ERROR | 22;
+
+
+
+  /**
+   * The message ID for the message that will be used if a nonroot user attempts
+   * to remove the server from lockdown mode.  It does not take any arguments.
+   */
+  public static final int  MSGID_TASK_LEAVELOCKDOWN_NOT_ROOT =
+       CATEGORY_MASK_TASK | SEVERITY_MASK_SEVERE_ERROR | 23;
+
+
+
+  /**
+   * The message ID for the message that will be used if a client not connected
+   * via a loopback address attempts to remove the server from lockdown mode.
+   * It does not take any arguments.
+   */
+  public static final int  MSGID_TASK_LEAVELOCKDOWN_NOT_LOOPBACK =
+       CATEGORY_MASK_TASK | SEVERITY_MASK_SEVERE_ERROR | 24;
+
+
+
+  /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
    */
@@ -310,6 +348,20 @@
 
     registerMessage(MSGID_TASK_INITIALIZE_INVALID_DN,
                     "Invalid DN provided with the Initialize task");
+
+
+    registerMessage(MSGID_TASK_ENTERLOCKDOWN_NOT_ROOT,
+                    "Only root users may place the server in lockdown mode");
+    registerMessage(MSGID_TASK_ENTERLOCKDOWN_NOT_LOOPBACK,
+                    "Only root users connected from a loopback address may " +
+                    "place the server in lockdown mode");
+
+    registerMessage(MSGID_TASK_LEAVELOCKDOWN_NOT_ROOT,
+                    "Only root users may cause the server to leave lockdown " +
+                    "mode");
+    registerMessage(MSGID_TASK_LEAVELOCKDOWN_NOT_LOOPBACK,
+                    "Only root users connected from a loopback address may " +
+                    "cause the server to leave lockdown mode");
   }
 }
 

--
Gitblit v1.10.0