Exemple #1
0
function generateEntityAutoTags($cell)
{
    $ret = array();
    if (!array_key_exists('realm', $cell)) {
        throw new InvalidArgException('cell', '(array)', 'malformed structure');
    }
    switch ($cell['realm']) {
        case 'location':
            $ret[] = array('tag' => '$locationid_' . $cell['id']);
            $ret[] = array('tag' => '$any_location');
            break;
        case 'row':
            $ret[] = array('tag' => '$rowid_' . $cell['id']);
            $ret[] = array('tag' => '$any_row');
            break;
        case 'rack':
            $ret[] = array('tag' => '$rackid_' . $cell['id']);
            $ret[] = array('tag' => '$any_rack');
            break;
        case 'object':
            $ret[] = array('tag' => '$id_' . $cell['id']);
            $ret[] = array('tag' => '$typeid_' . $cell['objtype_id']);
            $ret[] = array('tag' => '$any_object');
            if ($cell['name'] == '') {
                $ret[] = array('tag' => '$nameless');
            }
            if (validTagName('$cn_' . $cell['name'], TRUE)) {
                $ret[] = array('tag' => '$cn_' . $cell['name']);
            }
            if (!strlen($cell['rack_id'])) {
                $ret[] = array('tag' => '$unmounted');
            }
            if (!$cell['nports']) {
                $ret[] = array('tag' => '$portless');
            }
            if ($cell['asset_no'] == '') {
                $ret[] = array('tag' => '$no_asset_tag');
            }
            if (isset($cell['8021q_domain_id'])) {
                $ret[] = array('tag' => '$runs_8021Q');
                $ret[] = array('tag' => '$8021Q_domain_' . $cell['8021q_domain_id']);
                if (isset($cell['8021q_template_id'])) {
                    $ret[] = array('tag' => '$8021Q_tpl_' . $cell['8021q_template_id']);
                }
            }
            # dictionary attribute autotags '$attr_X_Y'
            $attrs = getAttrValues($cell['id']);
            foreach ($attrs as $attr_id => $attr_record) {
                if (isset($attr_record['key'])) {
                    $ret[] = array('tag' => "\$attr_{$attr_id}_{$attr_record['key']}");
                }
            }
            break;
        case 'ipv4net':
            // v4-only rules
            $ret[] = array('tag' => '$ip4net-' . str_replace('.', '-', $cell['ip']) . '-' . $cell['mask']);
        case 'ipv6net':
            // common (v4 & v6) rules
            $ver = $cell['realm'] == 'ipv4net' ? 4 : 6;
            $ret[] = array('tag' => "\$ip{$ver}netid_" . $cell['id']);
            $ret[] = array('tag' => "\$any_ip{$ver}net");
            $ret[] = array('tag' => '$any_net');
            $ret[] = array('tag' => '$masklen_eq_' . $cell['mask']);
            if ($cell['vlanc']) {
                $ret[] = array('tag' => '$runs_8021Q');
            }
            foreach ($cell['8021q'] as $vlan_info) {
                $ret[] = array('tag' => '$vlan_' . $vlan_info['vlan_id']);
            }
            foreach (array_keys($cell['spare_ranges']) as $mask) {
                $ret[] = array('tag' => '$spare_' . $mask);
            }
            if ($cell['kidc'] > 0) {
                $ret[] = array('tag' => '$aggregate');
            }
            break;
        case 'ipv4vs':
            $ret[] = array('tag' => '$ipvsid_' . $cell['id']);
            if (strlen($cell['vip_bin']) == 16) {
                $ret[] = array('tag' => '$any_ipv6vs');
            } else {
                $ret[] = array('tag' => '$any_ipv4vs');
            }
            $ret[] = array('tag' => '$any_vs');
            if ($cell['refcnt'] == 0) {
                $ret[] = array('tag' => '$unused');
            }
            $ret[] = array('tag' => '$type_' . strtolower($cell['proto']));
            // $type_tcp, $type_udp or $type_mark
            break;
        case 'ipv4rspool':
            $ret[] = array('tag' => '$ipv4rspid_' . $cell['id']);
            $ret[] = array('tag' => '$any_ipv4rsp');
            $ret[] = array('tag' => '$any_rsp');
            if ($cell['refcnt'] == 0) {
                $ret[] = array('tag' => '$unused');
            }
            break;
        case 'user':
            # {$username_XXX} autotag is generated always, but {$userid_XXX}
            # appears only for accounts, which exist in local database.
            $ret[] = array('tag' => '$username_' . $cell['user_name']);
            if (isset($cell['user_id'])) {
                $ret[] = array('tag' => '$userid_' . $cell['user_id']);
            }
            break;
        case 'file':
            $ret[] = array('tag' => '$fileid_' . $cell['id']);
            $ret[] = array('tag' => '$any_file');
            break;
        case 'vst':
            $ret[] = array('tag' => '$vstid_' . $cell['id']);
            $ret[] = array('tag' => '$any_vst');
            break;
        default:
            throw new InvalidArgException('cell', '(array)', 'this input does not belong here');
            break;
    }
    # {$tagless} doesn't apply to users
    switch ($cell['realm']) {
        case 'rack':
        case 'object':
        case 'ipv4net':
        case 'ipv6net':
        case 'ipv4vs':
        case 'ipv4rspool':
        case 'file':
        case 'vst':
            if (!count($cell['etags'])) {
                $ret[] = array('tag' => '$untagged');
            }
            break;
        default:
            break;
    }
    return $ret;
}
Exemple #2
0
function queryLDAPServer($username, $password)
{
    global $LDAP_options;
    $LDAP_defaults = array('group_attr' => 'memberof', 'group_filter' => '/^[Cc][Nn]=([^,]+)/', 'cache_refresh' => 300, 'cache_retry' => 15, 'cache_expiry' => 600);
    foreach ($LDAP_defaults as $option_name => $option_value) {
        if (!array_key_exists($option_name, $LDAP_options)) {
            $LDAP_options[$option_name] = $option_value;
        }
    }
    if (extension_loaded('ldap') === FALSE) {
        throw new RackTablesError('LDAP misconfiguration. LDAP PHP Module is not installed.', RackTablesError::MISCONFIGURED);
    }
    $connect = @ldap_connect($LDAP_options['server']);
    if ($connect === FALSE) {
        return array('result' => 'CAN');
    }
    if (isset($LDAP_options['use_tls']) && $LDAP_options['use_tls'] >= 1) {
        $tls = ldap_start_tls($connect);
        if ($LDAP_options['use_tls'] >= 2 && $tls == FALSE) {
            throw new RackTablesError('LDAP misconfiguration: LDAP TLS required but not successfully negotiated.', RackTablesError::MISCONFIGURED);
        }
    }
    if (array_key_exists('options', $LDAP_options) and is_array($LDAP_options['options'])) {
        foreach ($LDAP_options['options'] as $opt_code => $opt_value) {
            ldap_set_option($connect, $opt_code, $opt_value);
        }
    }
    // Decide on the username we will actually authenticate for.
    if (isset($LDAP_options['domain']) and strlen($LDAP_options['domain'])) {
        $auth_user_name = $username . "@" . $LDAP_options['domain'];
    } elseif (isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
        // If a search_bind_rdn is supplied, bind to that and use it to search.
        // This is required unless a server offers anonymous searching.
        // Using bind again on the connection works as expected.
        // The password is optional as it might be optional on server, too.
        if (isset($LDAP_options['search_bind_rdn']) && strlen($LDAP_options['search_bind_rdn'])) {
            $search_bind = @ldap_bind($connect, $LDAP_options['search_bind_rdn'], isset($LDAP_options['search_bind_password']) ? $LDAP_options['search_bind_password'] : NULL);
            if ($search_bind === FALSE) {
                throw new RackTablesError('LDAP misconfiguration. You have specified a search_bind_rdn ' . (isset($LDAP_options['search_bind_password']) ? 'with' : 'without') . ' a search_bind_password, but the server refused it with: ' . ldap_error($connect), RackTablesError::MISCONFIGURED);
            }
        }
        $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array("dn"));
        if ($results === FALSE) {
            return array('result' => 'CAN');
        }
        if (@ldap_count_entries($connect, $results) != 1) {
            @ldap_close($connect);
            return array('result' => 'NAK');
        }
        $info = @ldap_get_entries($connect, $results);
        ldap_free_result($results);
        $auth_user_name = $info[0]['dn'];
    } else {
        throw new RackTablesError('LDAP misconfiguration. Cannon build username for authentication.', RackTablesError::MISCONFIGURED);
    }
    $bind = @ldap_bind($connect, $auth_user_name, $password);
    if ($bind === FALSE) {
        switch (ldap_errno($connect)) {
            case 49:
                // LDAP_INVALID_CREDENTIALS
                return array('result' => 'NAK');
            default:
                return array('result' => 'CAN');
        }
    }
    // preliminary decision may change during searching
    $ret = array('result' => 'ACK', 'displayed_name' => '', 'memberof' => array());
    // Some servers deny anonymous search, thus search (if requested) only after binding.
    // Displayed name only makes sense for authenticated users anyway.
    if (isset($LDAP_options['displayname_attrs']) and strlen($LDAP_options['displayname_attrs']) and isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
        $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array_merge(array($LDAP_options['group_attr']), explode(' ', $LDAP_options['displayname_attrs'])));
        if (@ldap_count_entries($connect, $results) != 1) {
            @ldap_close($connect);
            return array('result' => 'NAK');
        }
        $info = @ldap_get_entries($connect, $results);
        ldap_free_result($results);
        $space = '';
        foreach (explode(' ', $LDAP_options['displayname_attrs']) as $attr) {
            $ret['displayed_name'] .= $space . $info[0][$attr][0];
            $space = ' ';
        }
        // Pull group membership, if any was returned.
        if (isset($info[0][$LDAP_options['group_attr']])) {
            for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) {
                if (preg_match($LDAP_options['group_filter'], $info[0][$LDAP_options['group_attr']][$i], $matches) and validTagName('$lgcn_' . $matches[1], TRUE)) {
                    $ret['memberof'][] = '$lgcn_' . $matches[1];
                }
            }
        }
    }
    @ldap_close($connect);
    return $ret;
}
Exemple #3
0
function getLexemsFromRawText($text)
{
    $ret = array();
    // Add a mock character to aid in synchronization with otherwise correct,
    // but short or odd-terminated final lines.
    $text .= ' ';
    $textlen = mb_strlen($text);
    $lineno = 1;
    $state = 'ESOTSM';
    for ($i = 0; $i < $textlen; $i++) {
        $char = mb_substr($text, $i, 1);
        $newstate = $state;
        switch ($state) {
            case 'ESOTSM':
                switch (TRUE) {
                    case $char == '(':
                        $ret[] = array('type' => 'LEX_LBRACE', 'lineno' => $lineno);
                        break;
                    case $char == ')':
                        $ret[] = array('type' => 'LEX_RBRACE', 'lineno' => $lineno);
                        break;
                    case $char == '#':
                        $newstate = 'skipping comment';
                        break;
                    case preg_match('/[\\p{L}]/u', $char) == 1:
                        $newstate = 'reading keyword';
                        $buffer = $char;
                        break;
                    case $char == "\n":
                    case $char == ' ':
                    case $char == "\t":
                        // nom-nom...
                        break;
                    case $char == '{':
                        $newstate = 'reading tag';
                        $buffer = '';
                        break;
                    case $char == '[':
                        $newstate = 'reading predicate';
                        $buffer = '';
                        break;
                    default:
                        return lexError1($state, $text, $i, $lineno);
                }
                break;
            case 'reading keyword':
                switch (TRUE) {
                    case preg_match('/[\\p{L}]/u', $char) == 1:
                        $buffer .= $char;
                        break;
                    case $char == "\n":
                    case $char == ' ':
                    case $char == "\t":
                    case $char == ')':
                        // this will be handled below
                        // got a word, sort it out
                        switch ($buffer) {
                            case 'allow':
                                $ret[] = array('type' => 'LEX_ALLOW', 'lineno' => $lineno);
                                break;
                            case 'deny':
                                $ret[] = array('type' => 'LEX_DENY', 'lineno' => $lineno);
                                break;
                            case 'define':
                                $ret[] = array('type' => 'LEX_DEFINE', 'lineno' => $lineno);
                                break;
                            case 'and':
                                $ret[] = array('type' => 'LEX_AND', 'lineno' => $lineno);
                                break;
                            case 'or':
                                $ret[] = array('type' => 'LEX_OR', 'lineno' => $lineno);
                                break;
                            case 'not':
                                $ret[] = array('type' => 'LEX_NOT', 'lineno' => $lineno);
                                break;
                            case 'true':
                                $ret[] = array('type' => 'LEX_TRUE', 'lineno' => $lineno);
                                break;
                            case 'false':
                                $ret[] = array('type' => 'LEX_FALSE', 'lineno' => $lineno);
                                break;
                            case 'context':
                                $ret[] = array('type' => 'LEX_CONTEXT', 'lineno' => $lineno);
                                break;
                            case 'clear':
                                $ret[] = array('type' => 'LEX_CLEAR', 'lineno' => $lineno);
                                break;
                            case 'insert':
                                $ret[] = array('type' => 'LEX_INSERT', 'lineno' => $lineno);
                                break;
                            case 'remove':
                                $ret[] = array('type' => 'LEX_REMOVE', 'lineno' => $lineno);
                                break;
                            case 'on':
                                $ret[] = array('type' => 'LEX_ON', 'lineno' => $lineno);
                                break;
                            default:
                                return lexError2($buffer, $lineno);
                        }
                        if ($char == ')') {
                            $ret[] = array('type' => 'LEX_RBRACE', 'lineno' => $lineno);
                        }
                        $newstate = 'ESOTSM';
                        break;
                    default:
                        return lexError1($state, $text, $i, $lineno);
                }
                break;
            case 'reading tag':
            case 'reading predicate':
                $tag_mode = $state == 'reading tag';
                $breaking_char = $tag_mode ? '}' : ']';
                switch ($char) {
                    case $breaking_char:
                        $buffer = trim($buffer, "\t ");
                        if (!validTagName($buffer, $tag_mode)) {
                            return lexError4($buffer, $lineno);
                        }
                        if ($tag_mode) {
                            $lex_type = $buffer[0] == '$' ? 'LEX_AUTOTAG' : 'LEX_TAG';
                        } else {
                            $lex_type = 'LEX_PREDICATE';
                        }
                        $ret[] = array('type' => $lex_type, 'load' => $buffer, 'lineno' => $lineno);
                        $newstate = 'ESOTSM';
                        break;
                    case "\n":
                        return lexError1($state, $text, $i, $lineno);
                    default:
                        $buffer .= $char;
                        break;
                }
                break;
            case 'skipping comment':
                switch ($char) {
                    case "\n":
                        $newstate = 'ESOTSM';
                    default:
                        // eat char, nom-nom...
                        break;
                }
                break;
            default:
                die(__FUNCTION__ . "(): internal error, state == {$state}");
        }
        if ($char == "\n") {
            $lineno++;
        }
        $state = $newstate;
    }
    if ($state != 'ESOTSM' and $state != 'skipping comment') {
        return lexError3($state, $lineno);
    }
    return array('result' => 'ACK', 'load' => $ret);
}
 function get_token()
 {
     $state = self::LEX_S_INIT;
     $buffer = '';
     while ($this->i < $this->text_len) {
         switch ($state) {
             case self::LEX_S_INIT:
                 $char = $this->stop_on_char(" \t", $buffer, TRUE);
                 // skip spaces
                 switch ($char) {
                     case '(':
                     case ')':
                         $this->lex_value = $char;
                         return $char;
                     case '#':
                         $state = self::LEX_S_COMMENT;
                         break;
                     case "\n":
                         $this->lineno++;
                         // skip NL
                         break;
                     case '{':
                         $state = self::LEX_S_TAG;
                         $buffer = '';
                         break;
                     case '[':
                         $state = self::LEX_S_PREDICATE;
                         $buffer = '';
                         break;
                     case 'END':
                         break;
                     default:
                         if (preg_match('/[\\p{L}]/u', $char)) {
                             $state = self::LEX_S_KEYWORD;
                             $buffer = $char;
                         } else {
                             throw new ParserError("Invalid char '{$char}'");
                         }
                 }
                 break;
             case self::LEX_S_KEYWORD:
                 $char = $this->stop_on_char(") \t\n", $buffer);
                 // collect keyword chars
                 switch ($char) {
                     case ')':
                     case "\n":
                     case ' ':
                     case "\t":
                         $this->i--;
                         // fall-through
                     // fall-through
                     case 'END':
                         // got a word, sort it out
                         $this->lex_value = $buffer;
                         return $buffer;
                     default:
                         throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}");
                 }
                 break;
             case self::LEX_S_TAG:
             case self::LEX_S_PREDICATE:
                 $tag_mode = $state == self::LEX_S_TAG;
                 $breaking_char = $tag_mode ? '}' : ']';
                 $char = $this->stop_on_char("{$breaking_char}\n", $buffer);
                 // collect tagname chars
                 switch ($char) {
                     case $breaking_char:
                         $buffer = trim($buffer, "\t ");
                         if (!validTagName($buffer, $tag_mode)) {
                             throw new ParserError("Invalid tag name '{$buffer}'");
                         }
                         $this->lex_value = $buffer;
                         return $tag_mode ? 'LEX_TAG' : 'LEX_PREDICATE';
                     case "\n":
                     case 'END':
                         throw new ParserError("Expecting '{$breaking_char}' character");
                     default:
                         throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}");
                 }
                 break;
             case self::LEX_S_COMMENT:
                 $char = $this->stop_on_char("\n", $buffer);
                 // collect tagname chars
                 switch ($char) {
                     case "\n":
                         $this->lineno++;
                         // fall-through
                     // fall-through
                     case 'END':
                         $state = self::LEX_S_INIT;
                         $buffer = '';
                         break;
                     default:
                         throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}");
                 }
                 break;
             default:
                 throw new RackTablesError("Lex FSM error, state == {$state}");
         }
     }
     return NULL;
 }
function queryLDAPServer($username, $password)
{
    global $LDAP_options;
    if (extension_loaded('ldap') === FALSE) {
        throw new RackTablesError('LDAP misconfiguration. LDAP PHP Module is not installed.', RackTablesError::MISCONFIGURED);
    }
    $ldap_cant_connect_codes = array(-1, -5, -11);
    $last_successful_server = loadScript('LDAPLastSuccessfulServer');
    $success_server = NULL;
    $servers = preg_split("/\\s+/", $LDAP_options['server'], NULL, PREG_SPLIT_NO_EMPTY);
    if (isset($last_successful_server) && in_array($last_successful_server, $servers)) {
        // Use last successful server first
        $servers = array_diff($servers, array($last_successful_server));
        array_unshift($servers, $last_successful_server);
    }
    // Try to connect to each server until first success
    foreach ($servers as $server) {
        $connect = @ldap_connect($server, array_fetch($LDAP_options, 'port', 389));
        if ($connect === FALSE) {
            continue;
        }
        ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, array_fetch($LDAP_options, 'server_alive_timeout', 2));
        // If use_tls configuration option is set, then try establish TLS session instead of ldap_bind
        if (isset($LDAP_options['use_tls']) && $LDAP_options['use_tls'] >= 1) {
            $tls = ldap_start_tls($connect);
            if ($LDAP_options['use_tls'] >= 2 && $tls == FALSE) {
                if (in_array(ldap_errno($connect), $ldap_cant_connect_codes)) {
                    continue;
                } else {
                    throw new RackTablesError('LDAP misconfiguration: LDAP TLS required but not successfully negotiated.', RackTablesError::MISCONFIGURED);
                }
            }
            $success_server = $server;
            break;
        } else {
            if (@ldap_bind($connect) || !in_array(ldap_errno($connect), $ldap_cant_connect_codes)) {
                $success_server = $server;
                // Cleanup after check. This connection will be used below
                @ldap_unbind($connect);
                $connect = ldap_connect($server, array_fetch($LDAP_options, 'port', 389));
                break;
            }
        }
    }
    if (!isset($success_server)) {
        return array('result' => 'CAN');
    }
    if ($LDAP_options['cache_expiry'] != 0 && $last_successful_server !== $success_server) {
        saveScript('LDAPLastSuccessfulServer', $success_server);
    }
    if (array_key_exists('options', $LDAP_options) and is_array($LDAP_options['options'])) {
        foreach ($LDAP_options['options'] as $opt_code => $opt_value) {
            ldap_set_option($connect, $opt_code, $opt_value);
        }
    }
    // Decide on the username we will actually authenticate for.
    if (isset($LDAP_options['domain']) and strlen($LDAP_options['domain'])) {
        $auth_user_name = $username . "@" . $LDAP_options['domain'];
    } elseif (isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
        // If a search_bind_rdn is supplied, bind to that and use it to search.
        // This is required unless a server offers anonymous searching.
        // Using bind again on the connection works as expected.
        // The password is optional as it might be optional on server, too.
        if (isset($LDAP_options['search_bind_rdn']) && strlen($LDAP_options['search_bind_rdn'])) {
            $search_bind = @ldap_bind($connect, $LDAP_options['search_bind_rdn'], isset($LDAP_options['search_bind_password']) ? $LDAP_options['search_bind_password'] : NULL);
            if ($search_bind === FALSE) {
                throw new RackTablesError('LDAP misconfiguration. You have specified a search_bind_rdn ' . (isset($LDAP_options['search_bind_password']) ? 'with' : 'without') . ' a search_bind_password, but the server refused it with: ' . ldap_error($connect), RackTablesError::MISCONFIGURED);
            }
        }
        $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array("dn"));
        if ($results === FALSE) {
            return array('result' => 'CAN');
        }
        if (@ldap_count_entries($connect, $results) != 1) {
            @ldap_close($connect);
            return array('result' => 'NAK');
        }
        $info = @ldap_get_entries($connect, $results);
        ldap_free_result($results);
        $auth_user_name = $info[0]['dn'];
    } else {
        throw new RackTablesError('LDAP misconfiguration. Cannon build username for authentication.', RackTablesError::MISCONFIGURED);
    }
    $bind = @ldap_bind($connect, $auth_user_name, $password);
    if ($bind === FALSE) {
        switch (ldap_errno($connect)) {
            case 49:
                // LDAP_INVALID_CREDENTIALS
                return array('result' => 'NAK');
            default:
                return array('result' => 'CAN');
        }
    }
    // preliminary decision may change during searching
    $ret = array('result' => 'ACK', 'displayed_name' => '', 'memberof' => array());
    // Some servers deny anonymous search, thus search (if requested) only after binding.
    // Displayed name only makes sense for authenticated users anyway.
    if (isset($LDAP_options['displayname_attrs']) and strlen($LDAP_options['displayname_attrs']) and isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
        $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array_merge(array($LDAP_options['group_attr']), explode(' ', $LDAP_options['displayname_attrs'])));
        if (@ldap_count_entries($connect, $results) != 1) {
            @ldap_close($connect);
            return array('result' => 'NAK');
        }
        $info = @ldap_get_entries($connect, $results);
        ldap_free_result($results);
        $space = '';
        foreach (explode(' ', $LDAP_options['displayname_attrs']) as $attr) {
            if (isset($info[0][$attr])) {
                $ret['displayed_name'] .= $space . $info[0][$attr][0];
                $space = ' ';
            }
        }
        // Pull group membership, if any was returned.
        if (isset($info[0][$LDAP_options['group_attr']])) {
            for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) {
                if (preg_match($LDAP_options['group_filter'], $info[0][$LDAP_options['group_attr']][$i], $matches) and validTagName('$lgcn_' . $matches[1], TRUE)) {
                    $ret['memberof'][] = '$lgcn_' . $matches[1];
                }
            }
        }
    }
    @ldap_close($connect);
    return $ret;
}
Exemple #6
0
function genericAssertion($argname, $argtype)
{
    global $sic;
    switch ($argtype) {
        case 'string':
            assertStringArg($argname);
            break;
        case 'string0':
            assertStringArg($argname, TRUE);
            break;
        case 'uint':
            assertUIntArg($argname);
            break;
        case 'uint-uint':
            assertStringArg($argname);
            if (1 != preg_match('/^[1-9][0-9]*-[1-9][0-9]*$/', $_REQUEST[$argname])) {
                throw new InvalidRequestArgException($argname, $_REQUEST[$argname], 'illegal format');
            }
            break;
        case 'uint0':
            assertUIntArg($argname, TRUE);
            break;
        case 'inet':
            assertIPArg($argname);
            break;
        case 'inet4':
            assertIPv4Arg($argname);
            break;
        case 'inet6':
            assertIPv6Arg($argname);
            break;
        case 'l2address':
            assertStringArg($argname);
        case 'l2address0':
            assertStringArg($argname, TRUE);
            try {
                l2addressForDatabase($sic[$argname]);
            } catch (InvalidArgException $e) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'malformed MAC/WWN address');
            }
            break;
        case 'tag':
            assertStringArg($argname);
            if (!validTagName($sic[$argname])) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Invalid tag name');
            }
            break;
        case 'pcre':
            assertPCREArg($argname);
            break;
        case 'json':
            assertStringArg($argname);
            if (NULL === json_decode($sic[$argname], TRUE)) {
                throw new InvalidRequestArgException($argname, '(omitted)', 'Invalid JSON code received from client');
            }
            break;
        case 'array':
            if (!array_key_exists($argname, $_REQUEST)) {
                throw new InvalidRequestArgException($argname, '(missing argument)');
            }
            if (!is_array($_REQUEST[$argname])) {
                throw new InvalidRequestArgException($argname, '(omitted)', 'argument is not an array');
            }
            break;
        case 'enum/attr_type':
            assertStringArg($argname);
            if (!in_array($sic[$argname], array('uint', 'float', 'string', 'dict', 'date'))) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
            }
            break;
        case 'enum/vlan_type':
            assertStringArg($argname);
            // "Alien" type is not valid until the logic is fixed to implement it in full.
            if (!in_array($sic[$argname], array('ondemand', 'compulsory'))) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
            }
            break;
        case 'enum/wdmstd':
            assertStringArg($argname);
            global $wdm_packs;
            if (!array_key_exists($sic[$argname], $wdm_packs)) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
            }
            break;
        case 'enum/ipproto':
            assertStringArg($argname);
            global $vs_proto;
            if (!array_key_exists($sic[$argname], $vs_proto)) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
            }
            break;
        case 'enum/alloc_type':
            assertStringArg($argname);
            if (!in_array($sic[$argname], array('regular', 'shared', 'virtual', 'router'))) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
            }
            break;
        case 'enum/dqcode':
            assertStringArg($argname);
            global $dqtitle;
            if (!array_key_exists($sic[$argname], $dqtitle)) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
            }
            break;
        case 'iif':
            if (!array_key_exists($sic[$argname], getPortIIFOptions())) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
            }
            break;
        case 'vlan':
        case 'vlan1':
            genericAssertion($argname, 'uint');
            if ($argtype == 'vlan' and $sic[$argname] == VLAN_DFL_ID) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'default VLAN cannot be changed');
            }
            if ($sic[$argname] > VLAN_MAX_ID or $sic[$argname] < VLAN_MIN_ID) {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'out of valid range');
            }
            break;
        case 'rackcode/expr':
            genericAssertion($argname, 'string0');
            if ($sic[$argname] == '') {
                return;
            }
            $parse = spotPayload($sic[$argname], 'SYNT_EXPR');
            if ($parse['result'] != 'ACK') {
                throw new InvalidRequestArgException($argname, $sic[$argname], 'RackCode parsing error');
            }
            break;
        default:
            throw new InvalidArgException('argtype', $argtype);
            // comes not from user's input
    }
}