function generateEntityAutoTags($cell) { $ret = array(); if (!array_key_exists('realm', $cell)) { throw new InvalidArgException('cell', '(array)', 'malformed structure'); } switch ($cell['realm']) { case 'location': $ret[] = array('tag' => '$locationid_' . $cell['id']); $ret[] = array('tag' => '$any_location'); break; case 'row': $ret[] = array('tag' => '$rowid_' . $cell['id']); $ret[] = array('tag' => '$any_row'); break; case 'rack': $ret[] = array('tag' => '$rackid_' . $cell['id']); $ret[] = array('tag' => '$any_rack'); break; case 'object': $ret[] = array('tag' => '$id_' . $cell['id']); $ret[] = array('tag' => '$typeid_' . $cell['objtype_id']); $ret[] = array('tag' => '$any_object'); if ($cell['name'] == '') { $ret[] = array('tag' => '$nameless'); } if (validTagName('$cn_' . $cell['name'], TRUE)) { $ret[] = array('tag' => '$cn_' . $cell['name']); } if (!strlen($cell['rack_id'])) { $ret[] = array('tag' => '$unmounted'); } if (!$cell['nports']) { $ret[] = array('tag' => '$portless'); } if ($cell['asset_no'] == '') { $ret[] = array('tag' => '$no_asset_tag'); } if (isset($cell['8021q_domain_id'])) { $ret[] = array('tag' => '$runs_8021Q'); $ret[] = array('tag' => '$8021Q_domain_' . $cell['8021q_domain_id']); if (isset($cell['8021q_template_id'])) { $ret[] = array('tag' => '$8021Q_tpl_' . $cell['8021q_template_id']); } } # dictionary attribute autotags '$attr_X_Y' $attrs = getAttrValues($cell['id']); foreach ($attrs as $attr_id => $attr_record) { if (isset($attr_record['key'])) { $ret[] = array('tag' => "\$attr_{$attr_id}_{$attr_record['key']}"); } } break; case 'ipv4net': // v4-only rules $ret[] = array('tag' => '$ip4net-' . str_replace('.', '-', $cell['ip']) . '-' . $cell['mask']); case 'ipv6net': // common (v4 & v6) rules $ver = $cell['realm'] == 'ipv4net' ? 4 : 6; $ret[] = array('tag' => "\$ip{$ver}netid_" . $cell['id']); $ret[] = array('tag' => "\$any_ip{$ver}net"); $ret[] = array('tag' => '$any_net'); $ret[] = array('tag' => '$masklen_eq_' . $cell['mask']); if ($cell['vlanc']) { $ret[] = array('tag' => '$runs_8021Q'); } foreach ($cell['8021q'] as $vlan_info) { $ret[] = array('tag' => '$vlan_' . $vlan_info['vlan_id']); } foreach (array_keys($cell['spare_ranges']) as $mask) { $ret[] = array('tag' => '$spare_' . $mask); } if ($cell['kidc'] > 0) { $ret[] = array('tag' => '$aggregate'); } break; case 'ipv4vs': $ret[] = array('tag' => '$ipvsid_' . $cell['id']); if (strlen($cell['vip_bin']) == 16) { $ret[] = array('tag' => '$any_ipv6vs'); } else { $ret[] = array('tag' => '$any_ipv4vs'); } $ret[] = array('tag' => '$any_vs'); if ($cell['refcnt'] == 0) { $ret[] = array('tag' => '$unused'); } $ret[] = array('tag' => '$type_' . strtolower($cell['proto'])); // $type_tcp, $type_udp or $type_mark break; case 'ipv4rspool': $ret[] = array('tag' => '$ipv4rspid_' . $cell['id']); $ret[] = array('tag' => '$any_ipv4rsp'); $ret[] = array('tag' => '$any_rsp'); if ($cell['refcnt'] == 0) { $ret[] = array('tag' => '$unused'); } break; case 'user': # {$username_XXX} autotag is generated always, but {$userid_XXX} # appears only for accounts, which exist in local database. $ret[] = array('tag' => '$username_' . $cell['user_name']); if (isset($cell['user_id'])) { $ret[] = array('tag' => '$userid_' . $cell['user_id']); } break; case 'file': $ret[] = array('tag' => '$fileid_' . $cell['id']); $ret[] = array('tag' => '$any_file'); break; case 'vst': $ret[] = array('tag' => '$vstid_' . $cell['id']); $ret[] = array('tag' => '$any_vst'); break; default: throw new InvalidArgException('cell', '(array)', 'this input does not belong here'); break; } # {$tagless} doesn't apply to users switch ($cell['realm']) { case 'rack': case 'object': case 'ipv4net': case 'ipv6net': case 'ipv4vs': case 'ipv4rspool': case 'file': case 'vst': if (!count($cell['etags'])) { $ret[] = array('tag' => '$untagged'); } break; default: break; } return $ret; }
function queryLDAPServer($username, $password) { global $LDAP_options; $LDAP_defaults = array('group_attr' => 'memberof', 'group_filter' => '/^[Cc][Nn]=([^,]+)/', 'cache_refresh' => 300, 'cache_retry' => 15, 'cache_expiry' => 600); foreach ($LDAP_defaults as $option_name => $option_value) { if (!array_key_exists($option_name, $LDAP_options)) { $LDAP_options[$option_name] = $option_value; } } if (extension_loaded('ldap') === FALSE) { throw new RackTablesError('LDAP misconfiguration. LDAP PHP Module is not installed.', RackTablesError::MISCONFIGURED); } $connect = @ldap_connect($LDAP_options['server']); if ($connect === FALSE) { return array('result' => 'CAN'); } if (isset($LDAP_options['use_tls']) && $LDAP_options['use_tls'] >= 1) { $tls = ldap_start_tls($connect); if ($LDAP_options['use_tls'] >= 2 && $tls == FALSE) { throw new RackTablesError('LDAP misconfiguration: LDAP TLS required but not successfully negotiated.', RackTablesError::MISCONFIGURED); } } if (array_key_exists('options', $LDAP_options) and is_array($LDAP_options['options'])) { foreach ($LDAP_options['options'] as $opt_code => $opt_value) { ldap_set_option($connect, $opt_code, $opt_value); } } // Decide on the username we will actually authenticate for. if (isset($LDAP_options['domain']) and strlen($LDAP_options['domain'])) { $auth_user_name = $username . "@" . $LDAP_options['domain']; } elseif (isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) { // If a search_bind_rdn is supplied, bind to that and use it to search. // This is required unless a server offers anonymous searching. // Using bind again on the connection works as expected. // The password is optional as it might be optional on server, too. if (isset($LDAP_options['search_bind_rdn']) && strlen($LDAP_options['search_bind_rdn'])) { $search_bind = @ldap_bind($connect, $LDAP_options['search_bind_rdn'], isset($LDAP_options['search_bind_password']) ? $LDAP_options['search_bind_password'] : NULL); if ($search_bind === FALSE) { throw new RackTablesError('LDAP misconfiguration. You have specified a search_bind_rdn ' . (isset($LDAP_options['search_bind_password']) ? 'with' : 'without') . ' a search_bind_password, but the server refused it with: ' . ldap_error($connect), RackTablesError::MISCONFIGURED); } } $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array("dn")); if ($results === FALSE) { return array('result' => 'CAN'); } if (@ldap_count_entries($connect, $results) != 1) { @ldap_close($connect); return array('result' => 'NAK'); } $info = @ldap_get_entries($connect, $results); ldap_free_result($results); $auth_user_name = $info[0]['dn']; } else { throw new RackTablesError('LDAP misconfiguration. Cannon build username for authentication.', RackTablesError::MISCONFIGURED); } $bind = @ldap_bind($connect, $auth_user_name, $password); if ($bind === FALSE) { switch (ldap_errno($connect)) { case 49: // LDAP_INVALID_CREDENTIALS return array('result' => 'NAK'); default: return array('result' => 'CAN'); } } // preliminary decision may change during searching $ret = array('result' => 'ACK', 'displayed_name' => '', 'memberof' => array()); // Some servers deny anonymous search, thus search (if requested) only after binding. // Displayed name only makes sense for authenticated users anyway. if (isset($LDAP_options['displayname_attrs']) and strlen($LDAP_options['displayname_attrs']) and isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) { $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array_merge(array($LDAP_options['group_attr']), explode(' ', $LDAP_options['displayname_attrs']))); if (@ldap_count_entries($connect, $results) != 1) { @ldap_close($connect); return array('result' => 'NAK'); } $info = @ldap_get_entries($connect, $results); ldap_free_result($results); $space = ''; foreach (explode(' ', $LDAP_options['displayname_attrs']) as $attr) { $ret['displayed_name'] .= $space . $info[0][$attr][0]; $space = ' '; } // Pull group membership, if any was returned. if (isset($info[0][$LDAP_options['group_attr']])) { for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) { if (preg_match($LDAP_options['group_filter'], $info[0][$LDAP_options['group_attr']][$i], $matches) and validTagName('$lgcn_' . $matches[1], TRUE)) { $ret['memberof'][] = '$lgcn_' . $matches[1]; } } } } @ldap_close($connect); return $ret; }
function getLexemsFromRawText($text) { $ret = array(); // Add a mock character to aid in synchronization with otherwise correct, // but short or odd-terminated final lines. $text .= ' '; $textlen = mb_strlen($text); $lineno = 1; $state = 'ESOTSM'; for ($i = 0; $i < $textlen; $i++) { $char = mb_substr($text, $i, 1); $newstate = $state; switch ($state) { case 'ESOTSM': switch (TRUE) { case $char == '(': $ret[] = array('type' => 'LEX_LBRACE', 'lineno' => $lineno); break; case $char == ')': $ret[] = array('type' => 'LEX_RBRACE', 'lineno' => $lineno); break; case $char == '#': $newstate = 'skipping comment'; break; case preg_match('/[\\p{L}]/u', $char) == 1: $newstate = 'reading keyword'; $buffer = $char; break; case $char == "\n": case $char == ' ': case $char == "\t": // nom-nom... break; case $char == '{': $newstate = 'reading tag'; $buffer = ''; break; case $char == '[': $newstate = 'reading predicate'; $buffer = ''; break; default: return lexError1($state, $text, $i, $lineno); } break; case 'reading keyword': switch (TRUE) { case preg_match('/[\\p{L}]/u', $char) == 1: $buffer .= $char; break; case $char == "\n": case $char == ' ': case $char == "\t": case $char == ')': // this will be handled below // got a word, sort it out switch ($buffer) { case 'allow': $ret[] = array('type' => 'LEX_ALLOW', 'lineno' => $lineno); break; case 'deny': $ret[] = array('type' => 'LEX_DENY', 'lineno' => $lineno); break; case 'define': $ret[] = array('type' => 'LEX_DEFINE', 'lineno' => $lineno); break; case 'and': $ret[] = array('type' => 'LEX_AND', 'lineno' => $lineno); break; case 'or': $ret[] = array('type' => 'LEX_OR', 'lineno' => $lineno); break; case 'not': $ret[] = array('type' => 'LEX_NOT', 'lineno' => $lineno); break; case 'true': $ret[] = array('type' => 'LEX_TRUE', 'lineno' => $lineno); break; case 'false': $ret[] = array('type' => 'LEX_FALSE', 'lineno' => $lineno); break; case 'context': $ret[] = array('type' => 'LEX_CONTEXT', 'lineno' => $lineno); break; case 'clear': $ret[] = array('type' => 'LEX_CLEAR', 'lineno' => $lineno); break; case 'insert': $ret[] = array('type' => 'LEX_INSERT', 'lineno' => $lineno); break; case 'remove': $ret[] = array('type' => 'LEX_REMOVE', 'lineno' => $lineno); break; case 'on': $ret[] = array('type' => 'LEX_ON', 'lineno' => $lineno); break; default: return lexError2($buffer, $lineno); } if ($char == ')') { $ret[] = array('type' => 'LEX_RBRACE', 'lineno' => $lineno); } $newstate = 'ESOTSM'; break; default: return lexError1($state, $text, $i, $lineno); } break; case 'reading tag': case 'reading predicate': $tag_mode = $state == 'reading tag'; $breaking_char = $tag_mode ? '}' : ']'; switch ($char) { case $breaking_char: $buffer = trim($buffer, "\t "); if (!validTagName($buffer, $tag_mode)) { return lexError4($buffer, $lineno); } if ($tag_mode) { $lex_type = $buffer[0] == '$' ? 'LEX_AUTOTAG' : 'LEX_TAG'; } else { $lex_type = 'LEX_PREDICATE'; } $ret[] = array('type' => $lex_type, 'load' => $buffer, 'lineno' => $lineno); $newstate = 'ESOTSM'; break; case "\n": return lexError1($state, $text, $i, $lineno); default: $buffer .= $char; break; } break; case 'skipping comment': switch ($char) { case "\n": $newstate = 'ESOTSM'; default: // eat char, nom-nom... break; } break; default: die(__FUNCTION__ . "(): internal error, state == {$state}"); } if ($char == "\n") { $lineno++; } $state = $newstate; } if ($state != 'ESOTSM' and $state != 'skipping comment') { return lexError3($state, $lineno); } return array('result' => 'ACK', 'load' => $ret); }
function get_token() { $state = self::LEX_S_INIT; $buffer = ''; while ($this->i < $this->text_len) { switch ($state) { case self::LEX_S_INIT: $char = $this->stop_on_char(" \t", $buffer, TRUE); // skip spaces switch ($char) { case '(': case ')': $this->lex_value = $char; return $char; case '#': $state = self::LEX_S_COMMENT; break; case "\n": $this->lineno++; // skip NL break; case '{': $state = self::LEX_S_TAG; $buffer = ''; break; case '[': $state = self::LEX_S_PREDICATE; $buffer = ''; break; case 'END': break; default: if (preg_match('/[\\p{L}]/u', $char)) { $state = self::LEX_S_KEYWORD; $buffer = $char; } else { throw new ParserError("Invalid char '{$char}'"); } } break; case self::LEX_S_KEYWORD: $char = $this->stop_on_char(") \t\n", $buffer); // collect keyword chars switch ($char) { case ')': case "\n": case ' ': case "\t": $this->i--; // fall-through // fall-through case 'END': // got a word, sort it out $this->lex_value = $buffer; return $buffer; default: throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}"); } break; case self::LEX_S_TAG: case self::LEX_S_PREDICATE: $tag_mode = $state == self::LEX_S_TAG; $breaking_char = $tag_mode ? '}' : ']'; $char = $this->stop_on_char("{$breaking_char}\n", $buffer); // collect tagname chars switch ($char) { case $breaking_char: $buffer = trim($buffer, "\t "); if (!validTagName($buffer, $tag_mode)) { throw new ParserError("Invalid tag name '{$buffer}'"); } $this->lex_value = $buffer; return $tag_mode ? 'LEX_TAG' : 'LEX_PREDICATE'; case "\n": case 'END': throw new ParserError("Expecting '{$breaking_char}' character"); default: throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}"); } break; case self::LEX_S_COMMENT: $char = $this->stop_on_char("\n", $buffer); // collect tagname chars switch ($char) { case "\n": $this->lineno++; // fall-through // fall-through case 'END': $state = self::LEX_S_INIT; $buffer = ''; break; default: throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}"); } break; default: throw new RackTablesError("Lex FSM error, state == {$state}"); } } return NULL; }
function queryLDAPServer($username, $password) { global $LDAP_options; if (extension_loaded('ldap') === FALSE) { throw new RackTablesError('LDAP misconfiguration. LDAP PHP Module is not installed.', RackTablesError::MISCONFIGURED); } $ldap_cant_connect_codes = array(-1, -5, -11); $last_successful_server = loadScript('LDAPLastSuccessfulServer'); $success_server = NULL; $servers = preg_split("/\\s+/", $LDAP_options['server'], NULL, PREG_SPLIT_NO_EMPTY); if (isset($last_successful_server) && in_array($last_successful_server, $servers)) { // Use last successful server first $servers = array_diff($servers, array($last_successful_server)); array_unshift($servers, $last_successful_server); } // Try to connect to each server until first success foreach ($servers as $server) { $connect = @ldap_connect($server, array_fetch($LDAP_options, 'port', 389)); if ($connect === FALSE) { continue; } ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, array_fetch($LDAP_options, 'server_alive_timeout', 2)); // If use_tls configuration option is set, then try establish TLS session instead of ldap_bind if (isset($LDAP_options['use_tls']) && $LDAP_options['use_tls'] >= 1) { $tls = ldap_start_tls($connect); if ($LDAP_options['use_tls'] >= 2 && $tls == FALSE) { if (in_array(ldap_errno($connect), $ldap_cant_connect_codes)) { continue; } else { throw new RackTablesError('LDAP misconfiguration: LDAP TLS required but not successfully negotiated.', RackTablesError::MISCONFIGURED); } } $success_server = $server; break; } else { if (@ldap_bind($connect) || !in_array(ldap_errno($connect), $ldap_cant_connect_codes)) { $success_server = $server; // Cleanup after check. This connection will be used below @ldap_unbind($connect); $connect = ldap_connect($server, array_fetch($LDAP_options, 'port', 389)); break; } } } if (!isset($success_server)) { return array('result' => 'CAN'); } if ($LDAP_options['cache_expiry'] != 0 && $last_successful_server !== $success_server) { saveScript('LDAPLastSuccessfulServer', $success_server); } if (array_key_exists('options', $LDAP_options) and is_array($LDAP_options['options'])) { foreach ($LDAP_options['options'] as $opt_code => $opt_value) { ldap_set_option($connect, $opt_code, $opt_value); } } // Decide on the username we will actually authenticate for. if (isset($LDAP_options['domain']) and strlen($LDAP_options['domain'])) { $auth_user_name = $username . "@" . $LDAP_options['domain']; } elseif (isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) { // If a search_bind_rdn is supplied, bind to that and use it to search. // This is required unless a server offers anonymous searching. // Using bind again on the connection works as expected. // The password is optional as it might be optional on server, too. if (isset($LDAP_options['search_bind_rdn']) && strlen($LDAP_options['search_bind_rdn'])) { $search_bind = @ldap_bind($connect, $LDAP_options['search_bind_rdn'], isset($LDAP_options['search_bind_password']) ? $LDAP_options['search_bind_password'] : NULL); if ($search_bind === FALSE) { throw new RackTablesError('LDAP misconfiguration. You have specified a search_bind_rdn ' . (isset($LDAP_options['search_bind_password']) ? 'with' : 'without') . ' a search_bind_password, but the server refused it with: ' . ldap_error($connect), RackTablesError::MISCONFIGURED); } } $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array("dn")); if ($results === FALSE) { return array('result' => 'CAN'); } if (@ldap_count_entries($connect, $results) != 1) { @ldap_close($connect); return array('result' => 'NAK'); } $info = @ldap_get_entries($connect, $results); ldap_free_result($results); $auth_user_name = $info[0]['dn']; } else { throw new RackTablesError('LDAP misconfiguration. Cannon build username for authentication.', RackTablesError::MISCONFIGURED); } $bind = @ldap_bind($connect, $auth_user_name, $password); if ($bind === FALSE) { switch (ldap_errno($connect)) { case 49: // LDAP_INVALID_CREDENTIALS return array('result' => 'NAK'); default: return array('result' => 'CAN'); } } // preliminary decision may change during searching $ret = array('result' => 'ACK', 'displayed_name' => '', 'memberof' => array()); // Some servers deny anonymous search, thus search (if requested) only after binding. // Displayed name only makes sense for authenticated users anyway. if (isset($LDAP_options['displayname_attrs']) and strlen($LDAP_options['displayname_attrs']) and isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) { $results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array_merge(array($LDAP_options['group_attr']), explode(' ', $LDAP_options['displayname_attrs']))); if (@ldap_count_entries($connect, $results) != 1) { @ldap_close($connect); return array('result' => 'NAK'); } $info = @ldap_get_entries($connect, $results); ldap_free_result($results); $space = ''; foreach (explode(' ', $LDAP_options['displayname_attrs']) as $attr) { if (isset($info[0][$attr])) { $ret['displayed_name'] .= $space . $info[0][$attr][0]; $space = ' '; } } // Pull group membership, if any was returned. if (isset($info[0][$LDAP_options['group_attr']])) { for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) { if (preg_match($LDAP_options['group_filter'], $info[0][$LDAP_options['group_attr']][$i], $matches) and validTagName('$lgcn_' . $matches[1], TRUE)) { $ret['memberof'][] = '$lgcn_' . $matches[1]; } } } } @ldap_close($connect); return $ret; }
function genericAssertion($argname, $argtype) { global $sic; switch ($argtype) { case 'string': assertStringArg($argname); break; case 'string0': assertStringArg($argname, TRUE); break; case 'uint': assertUIntArg($argname); break; case 'uint-uint': assertStringArg($argname); if (1 != preg_match('/^[1-9][0-9]*-[1-9][0-9]*$/', $_REQUEST[$argname])) { throw new InvalidRequestArgException($argname, $_REQUEST[$argname], 'illegal format'); } break; case 'uint0': assertUIntArg($argname, TRUE); break; case 'inet': assertIPArg($argname); break; case 'inet4': assertIPv4Arg($argname); break; case 'inet6': assertIPv6Arg($argname); break; case 'l2address': assertStringArg($argname); case 'l2address0': assertStringArg($argname, TRUE); try { l2addressForDatabase($sic[$argname]); } catch (InvalidArgException $e) { throw new InvalidRequestArgException($argname, $sic[$argname], 'malformed MAC/WWN address'); } break; case 'tag': assertStringArg($argname); if (!validTagName($sic[$argname])) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Invalid tag name'); } break; case 'pcre': assertPCREArg($argname); break; case 'json': assertStringArg($argname); if (NULL === json_decode($sic[$argname], TRUE)) { throw new InvalidRequestArgException($argname, '(omitted)', 'Invalid JSON code received from client'); } break; case 'array': if (!array_key_exists($argname, $_REQUEST)) { throw new InvalidRequestArgException($argname, '(missing argument)'); } if (!is_array($_REQUEST[$argname])) { throw new InvalidRequestArgException($argname, '(omitted)', 'argument is not an array'); } break; case 'enum/attr_type': assertStringArg($argname); if (!in_array($sic[$argname], array('uint', 'float', 'string', 'dict', 'date'))) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value'); } break; case 'enum/vlan_type': assertStringArg($argname); // "Alien" type is not valid until the logic is fixed to implement it in full. if (!in_array($sic[$argname], array('ondemand', 'compulsory'))) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value'); } break; case 'enum/wdmstd': assertStringArg($argname); global $wdm_packs; if (!array_key_exists($sic[$argname], $wdm_packs)) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value'); } break; case 'enum/ipproto': assertStringArg($argname); global $vs_proto; if (!array_key_exists($sic[$argname], $vs_proto)) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value'); } break; case 'enum/alloc_type': assertStringArg($argname); if (!in_array($sic[$argname], array('regular', 'shared', 'virtual', 'router'))) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value'); } break; case 'enum/dqcode': assertStringArg($argname); global $dqtitle; if (!array_key_exists($sic[$argname], $dqtitle)) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value'); } break; case 'iif': if (!array_key_exists($sic[$argname], getPortIIFOptions())) { throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value'); } break; case 'vlan': case 'vlan1': genericAssertion($argname, 'uint'); if ($argtype == 'vlan' and $sic[$argname] == VLAN_DFL_ID) { throw new InvalidRequestArgException($argname, $sic[$argname], 'default VLAN cannot be changed'); } if ($sic[$argname] > VLAN_MAX_ID or $sic[$argname] < VLAN_MIN_ID) { throw new InvalidRequestArgException($argname, $sic[$argname], 'out of valid range'); } break; case 'rackcode/expr': genericAssertion($argname, 'string0'); if ($sic[$argname] == '') { return; } $parse = spotPayload($sic[$argname], 'SYNT_EXPR'); if ($parse['result'] != 'ACK') { throw new InvalidRequestArgException($argname, $sic[$argname], 'RackCode parsing error'); } break; default: throw new InvalidArgException('argtype', $argtype); // comes not from user's input } }