function generateEntityAutoTags($cell)
{
$ret = array();
if (!array_key_exists('realm', $cell)) {
throw new InvalidArgException('cell', '(array)', 'malformed structure');
}
switch ($cell['realm']) {
case 'location':
$ret[] = array('tag' => '$locationid_' . $cell['id']);
$ret[] = array('tag' => '$any_location');
break;
case 'row':
$ret[] = array('tag' => '$rowid_' . $cell['id']);
$ret[] = array('tag' => '$any_row');
break;
case 'rack':
$ret[] = array('tag' => '$rackid_' . $cell['id']);
$ret[] = array('tag' => '$any_rack');
break;
case 'object':
$ret[] = array('tag' => '$id_' . $cell['id']);
$ret[] = array('tag' => '$typeid_' . $cell['objtype_id']);
$ret[] = array('tag' => '$any_object');
if ($cell['name'] == '') {
$ret[] = array('tag' => '$nameless');
}
if (validTagName('$cn_' . $cell['name'], TRUE)) {
$ret[] = array('tag' => '$cn_' . $cell['name']);
}
if (!strlen($cell['rack_id'])) {
$ret[] = array('tag' => '$unmounted');
}
if (!$cell['nports']) {
$ret[] = array('tag' => '$portless');
}
if ($cell['asset_no'] == '') {
$ret[] = array('tag' => '$no_asset_tag');
}
if (isset($cell['8021q_domain_id'])) {
$ret[] = array('tag' => '$runs_8021Q');
$ret[] = array('tag' => '$8021Q_domain_' . $cell['8021q_domain_id']);
if (isset($cell['8021q_template_id'])) {
$ret[] = array('tag' => '$8021Q_tpl_' . $cell['8021q_template_id']);
}
}
# dictionary attribute autotags '$attr_X_Y'
$attrs = getAttrValues($cell['id']);
foreach ($attrs as $attr_id => $attr_record) {
if (isset($attr_record['key'])) {
$ret[] = array('tag' => "\$attr_{$attr_id}_{$attr_record['key']}");
}
}
break;
case 'ipv4net':
// v4-only rules
$ret[] = array('tag' => '$ip4net-' . str_replace('.', '-', $cell['ip']) . '-' . $cell['mask']);
case 'ipv6net':
// common (v4 & v6) rules
$ver = $cell['realm'] == 'ipv4net' ? 4 : 6;
$ret[] = array('tag' => "\$ip{$ver}netid_" . $cell['id']);
$ret[] = array('tag' => "\$any_ip{$ver}net");
$ret[] = array('tag' => '$any_net');
$ret[] = array('tag' => '$masklen_eq_' . $cell['mask']);
if ($cell['vlanc']) {
$ret[] = array('tag' => '$runs_8021Q');
}
foreach ($cell['8021q'] as $vlan_info) {
$ret[] = array('tag' => '$vlan_' . $vlan_info['vlan_id']);
}
foreach (array_keys($cell['spare_ranges']) as $mask) {
$ret[] = array('tag' => '$spare_' . $mask);
}
if ($cell['kidc'] > 0) {
$ret[] = array('tag' => '$aggregate');
}
break;
case 'ipv4vs':
$ret[] = array('tag' => '$ipvsid_' . $cell['id']);
if (strlen($cell['vip_bin']) == 16) {
$ret[] = array('tag' => '$any_ipv6vs');
} else {
$ret[] = array('tag' => '$any_ipv4vs');
}
$ret[] = array('tag' => '$any_vs');
if ($cell['refcnt'] == 0) {
$ret[] = array('tag' => '$unused');
}
$ret[] = array('tag' => '$type_' . strtolower($cell['proto']));
// $type_tcp, $type_udp or $type_mark
break;
case 'ipv4rspool':
$ret[] = array('tag' => '$ipv4rspid_' . $cell['id']);
$ret[] = array('tag' => '$any_ipv4rsp');
$ret[] = array('tag' => '$any_rsp');
if ($cell['refcnt'] == 0) {
$ret[] = array('tag' => '$unused');
}
break;
case 'user':
# {$username_XXX} autotag is generated always, but {$userid_XXX}
# appears only for accounts, which exist in local database.
$ret[] = array('tag' => '$username_' . $cell['user_name']);
if (isset($cell['user_id'])) {
$ret[] = array('tag' => '$userid_' . $cell['user_id']);
}
break;
case 'file':
$ret[] = array('tag' => '$fileid_' . $cell['id']);
$ret[] = array('tag' => '$any_file');
break;
case 'vst':
$ret[] = array('tag' => '$vstid_' . $cell['id']);
$ret[] = array('tag' => '$any_vst');
break;
default:
throw new InvalidArgException('cell', '(array)', 'this input does not belong here');
break;
}
# {$tagless} doesn't apply to users
switch ($cell['realm']) {
case 'rack':
case 'object':
case 'ipv4net':
case 'ipv6net':
case 'ipv4vs':
case 'ipv4rspool':
case 'file':
case 'vst':
if (!count($cell['etags'])) {
$ret[] = array('tag' => '$untagged');
}
break;
default:
break;
}
return $ret;
}
function queryLDAPServer($username, $password)
{
global $LDAP_options;
$LDAP_defaults = array('group_attr' => 'memberof', 'group_filter' => '/^[Cc][Nn]=([^,]+)/', 'cache_refresh' => 300, 'cache_retry' => 15, 'cache_expiry' => 600);
foreach ($LDAP_defaults as $option_name => $option_value) {
if (!array_key_exists($option_name, $LDAP_options)) {
$LDAP_options[$option_name] = $option_value;
}
}
if (extension_loaded('ldap') === FALSE) {
throw new RackTablesError('LDAP misconfiguration. LDAP PHP Module is not installed.', RackTablesError::MISCONFIGURED);
}
$connect = @ldap_connect($LDAP_options['server']);
if ($connect === FALSE) {
return array('result' => 'CAN');
}
if (isset($LDAP_options['use_tls']) && $LDAP_options['use_tls'] >= 1) {
$tls = ldap_start_tls($connect);
if ($LDAP_options['use_tls'] >= 2 && $tls == FALSE) {
throw new RackTablesError('LDAP misconfiguration: LDAP TLS required but not successfully negotiated.', RackTablesError::MISCONFIGURED);
}
}
if (array_key_exists('options', $LDAP_options) and is_array($LDAP_options['options'])) {
foreach ($LDAP_options['options'] as $opt_code => $opt_value) {
ldap_set_option($connect, $opt_code, $opt_value);
}
}
// Decide on the username we will actually authenticate for.
if (isset($LDAP_options['domain']) and strlen($LDAP_options['domain'])) {
$auth_user_name = $username . "@" . $LDAP_options['domain'];
} elseif (isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
// If a search_bind_rdn is supplied, bind to that and use it to search.
// This is required unless a server offers anonymous searching.
// Using bind again on the connection works as expected.
// The password is optional as it might be optional on server, too.
if (isset($LDAP_options['search_bind_rdn']) && strlen($LDAP_options['search_bind_rdn'])) {
$search_bind = @ldap_bind($connect, $LDAP_options['search_bind_rdn'], isset($LDAP_options['search_bind_password']) ? $LDAP_options['search_bind_password'] : NULL);
if ($search_bind === FALSE) {
throw new RackTablesError('LDAP misconfiguration. You have specified a search_bind_rdn ' . (isset($LDAP_options['search_bind_password']) ? 'with' : 'without') . ' a search_bind_password, but the server refused it with: ' . ldap_error($connect), RackTablesError::MISCONFIGURED);
}
}
$results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array("dn"));
if ($results === FALSE) {
return array('result' => 'CAN');
}
if (@ldap_count_entries($connect, $results) != 1) {
@ldap_close($connect);
return array('result' => 'NAK');
}
$info = @ldap_get_entries($connect, $results);
ldap_free_result($results);
$auth_user_name = $info[0]['dn'];
} else {
throw new RackTablesError('LDAP misconfiguration. Cannon build username for authentication.', RackTablesError::MISCONFIGURED);
}
$bind = @ldap_bind($connect, $auth_user_name, $password);
if ($bind === FALSE) {
switch (ldap_errno($connect)) {
case 49:
// LDAP_INVALID_CREDENTIALS
return array('result' => 'NAK');
default:
return array('result' => 'CAN');
}
}
// preliminary decision may change during searching
$ret = array('result' => 'ACK', 'displayed_name' => '', 'memberof' => array());
// Some servers deny anonymous search, thus search (if requested) only after binding.
// Displayed name only makes sense for authenticated users anyway.
if (isset($LDAP_options['displayname_attrs']) and strlen($LDAP_options['displayname_attrs']) and isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
$results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array_merge(array($LDAP_options['group_attr']), explode(' ', $LDAP_options['displayname_attrs'])));
if (@ldap_count_entries($connect, $results) != 1) {
@ldap_close($connect);
return array('result' => 'NAK');
}
$info = @ldap_get_entries($connect, $results);
ldap_free_result($results);
$space = '';
foreach (explode(' ', $LDAP_options['displayname_attrs']) as $attr) {
$ret['displayed_name'] .= $space . $info[0][$attr][0];
$space = ' ';
}
// Pull group membership, if any was returned.
if (isset($info[0][$LDAP_options['group_attr']])) {
for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) {
if (preg_match($LDAP_options['group_filter'], $info[0][$LDAP_options['group_attr']][$i], $matches) and validTagName('$lgcn_' . $matches[1], TRUE)) {
$ret['memberof'][] = '$lgcn_' . $matches[1];
}
}
}
}
@ldap_close($connect);
return $ret;
}
function getLexemsFromRawText($text)
{
$ret = array();
// Add a mock character to aid in synchronization with otherwise correct,
// but short or odd-terminated final lines.
$text .= ' ';
$textlen = mb_strlen($text);
$lineno = 1;
$state = 'ESOTSM';
for ($i = 0; $i < $textlen; $i++) {
$char = mb_substr($text, $i, 1);
$newstate = $state;
switch ($state) {
case 'ESOTSM':
switch (TRUE) {
case $char == '(':
$ret[] = array('type' => 'LEX_LBRACE', 'lineno' => $lineno);
break;
case $char == ')':
$ret[] = array('type' => 'LEX_RBRACE', 'lineno' => $lineno);
break;
case $char == '#':
$newstate = 'skipping comment';
break;
case preg_match('/[\\p{L}]/u', $char) == 1:
$newstate = 'reading keyword';
$buffer = $char;
break;
case $char == "\n":
case $char == ' ':
case $char == "\t":
// nom-nom...
break;
case $char == '{':
$newstate = 'reading tag';
$buffer = '';
break;
case $char == '[':
$newstate = 'reading predicate';
$buffer = '';
break;
default:
return lexError1($state, $text, $i, $lineno);
}
break;
case 'reading keyword':
switch (TRUE) {
case preg_match('/[\\p{L}]/u', $char) == 1:
$buffer .= $char;
break;
case $char == "\n":
case $char == ' ':
case $char == "\t":
case $char == ')':
// this will be handled below
// got a word, sort it out
switch ($buffer) {
case 'allow':
$ret[] = array('type' => 'LEX_ALLOW', 'lineno' => $lineno);
break;
case 'deny':
$ret[] = array('type' => 'LEX_DENY', 'lineno' => $lineno);
break;
case 'define':
$ret[] = array('type' => 'LEX_DEFINE', 'lineno' => $lineno);
break;
case 'and':
$ret[] = array('type' => 'LEX_AND', 'lineno' => $lineno);
break;
case 'or':
$ret[] = array('type' => 'LEX_OR', 'lineno' => $lineno);
break;
case 'not':
$ret[] = array('type' => 'LEX_NOT', 'lineno' => $lineno);
break;
case 'true':
$ret[] = array('type' => 'LEX_TRUE', 'lineno' => $lineno);
break;
case 'false':
$ret[] = array('type' => 'LEX_FALSE', 'lineno' => $lineno);
break;
case 'context':
$ret[] = array('type' => 'LEX_CONTEXT', 'lineno' => $lineno);
break;
case 'clear':
$ret[] = array('type' => 'LEX_CLEAR', 'lineno' => $lineno);
break;
case 'insert':
$ret[] = array('type' => 'LEX_INSERT', 'lineno' => $lineno);
break;
case 'remove':
$ret[] = array('type' => 'LEX_REMOVE', 'lineno' => $lineno);
break;
case 'on':
$ret[] = array('type' => 'LEX_ON', 'lineno' => $lineno);
break;
default:
return lexError2($buffer, $lineno);
}
if ($char == ')') {
$ret[] = array('type' => 'LEX_RBRACE', 'lineno' => $lineno);
}
$newstate = 'ESOTSM';
break;
default:
return lexError1($state, $text, $i, $lineno);
}
break;
case 'reading tag':
case 'reading predicate':
$tag_mode = $state == 'reading tag';
$breaking_char = $tag_mode ? '}' : ']';
switch ($char) {
case $breaking_char:
$buffer = trim($buffer, "\t ");
if (!validTagName($buffer, $tag_mode)) {
return lexError4($buffer, $lineno);
}
if ($tag_mode) {
$lex_type = $buffer[0] == '$' ? 'LEX_AUTOTAG' : 'LEX_TAG';
} else {
$lex_type = 'LEX_PREDICATE';
}
$ret[] = array('type' => $lex_type, 'load' => $buffer, 'lineno' => $lineno);
$newstate = 'ESOTSM';
break;
case "\n":
return lexError1($state, $text, $i, $lineno);
default:
$buffer .= $char;
break;
}
break;
case 'skipping comment':
switch ($char) {
case "\n":
$newstate = 'ESOTSM';
default:
// eat char, nom-nom...
break;
}
break;
default:
die(__FUNCTION__ . "(): internal error, state == {$state}");
}
if ($char == "\n") {
$lineno++;
}
$state = $newstate;
}
if ($state != 'ESOTSM' and $state != 'skipping comment') {
return lexError3($state, $lineno);
}
return array('result' => 'ACK', 'load' => $ret);
}
function get_token()
{
$state = self::LEX_S_INIT;
$buffer = '';
while ($this->i < $this->text_len) {
switch ($state) {
case self::LEX_S_INIT:
$char = $this->stop_on_char(" \t", $buffer, TRUE);
// skip spaces
switch ($char) {
case '(':
case ')':
$this->lex_value = $char;
return $char;
case '#':
$state = self::LEX_S_COMMENT;
break;
case "\n":
$this->lineno++;
// skip NL
break;
case '{':
$state = self::LEX_S_TAG;
$buffer = '';
break;
case '[':
$state = self::LEX_S_PREDICATE;
$buffer = '';
break;
case 'END':
break;
default:
if (preg_match('/[\\p{L}]/u', $char)) {
$state = self::LEX_S_KEYWORD;
$buffer = $char;
} else {
throw new ParserError("Invalid char '{$char}'");
}
}
break;
case self::LEX_S_KEYWORD:
$char = $this->stop_on_char(") \t\n", $buffer);
// collect keyword chars
switch ($char) {
case ')':
case "\n":
case ' ':
case "\t":
$this->i--;
// fall-through
// fall-through
case 'END':
// got a word, sort it out
$this->lex_value = $buffer;
return $buffer;
default:
throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}");
}
break;
case self::LEX_S_TAG:
case self::LEX_S_PREDICATE:
$tag_mode = $state == self::LEX_S_TAG;
$breaking_char = $tag_mode ? '}' : ']';
$char = $this->stop_on_char("{$breaking_char}\n", $buffer);
// collect tagname chars
switch ($char) {
case $breaking_char:
$buffer = trim($buffer, "\t ");
if (!validTagName($buffer, $tag_mode)) {
throw new ParserError("Invalid tag name '{$buffer}'");
}
$this->lex_value = $buffer;
return $tag_mode ? 'LEX_TAG' : 'LEX_PREDICATE';
case "\n":
case 'END':
throw new ParserError("Expecting '{$breaking_char}' character");
default:
throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}");
}
break;
case self::LEX_S_COMMENT:
$char = $this->stop_on_char("\n", $buffer);
// collect tagname chars
switch ($char) {
case "\n":
$this->lineno++;
// fall-through
// fall-through
case 'END':
$state = self::LEX_S_INIT;
$buffer = '';
break;
default:
throw new RackTablesError("Lex FSM error, state == {$state}, char == {$char}");
}
break;
default:
throw new RackTablesError("Lex FSM error, state == {$state}");
}
}
return NULL;
}
function queryLDAPServer($username, $password)
{
global $LDAP_options;
if (extension_loaded('ldap') === FALSE) {
throw new RackTablesError('LDAP misconfiguration. LDAP PHP Module is not installed.', RackTablesError::MISCONFIGURED);
}
$ldap_cant_connect_codes = array(-1, -5, -11);
$last_successful_server = loadScript('LDAPLastSuccessfulServer');
$success_server = NULL;
$servers = preg_split("/\\s+/", $LDAP_options['server'], NULL, PREG_SPLIT_NO_EMPTY);
if (isset($last_successful_server) && in_array($last_successful_server, $servers)) {
// Use last successful server first
$servers = array_diff($servers, array($last_successful_server));
array_unshift($servers, $last_successful_server);
}
// Try to connect to each server until first success
foreach ($servers as $server) {
$connect = @ldap_connect($server, array_fetch($LDAP_options, 'port', 389));
if ($connect === FALSE) {
continue;
}
ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, array_fetch($LDAP_options, 'server_alive_timeout', 2));
// If use_tls configuration option is set, then try establish TLS session instead of ldap_bind
if (isset($LDAP_options['use_tls']) && $LDAP_options['use_tls'] >= 1) {
$tls = ldap_start_tls($connect);
if ($LDAP_options['use_tls'] >= 2 && $tls == FALSE) {
if (in_array(ldap_errno($connect), $ldap_cant_connect_codes)) {
continue;
} else {
throw new RackTablesError('LDAP misconfiguration: LDAP TLS required but not successfully negotiated.', RackTablesError::MISCONFIGURED);
}
}
$success_server = $server;
break;
} else {
if (@ldap_bind($connect) || !in_array(ldap_errno($connect), $ldap_cant_connect_codes)) {
$success_server = $server;
// Cleanup after check. This connection will be used below
@ldap_unbind($connect);
$connect = ldap_connect($server, array_fetch($LDAP_options, 'port', 389));
break;
}
}
}
if (!isset($success_server)) {
return array('result' => 'CAN');
}
if ($LDAP_options['cache_expiry'] != 0 && $last_successful_server !== $success_server) {
saveScript('LDAPLastSuccessfulServer', $success_server);
}
if (array_key_exists('options', $LDAP_options) and is_array($LDAP_options['options'])) {
foreach ($LDAP_options['options'] as $opt_code => $opt_value) {
ldap_set_option($connect, $opt_code, $opt_value);
}
}
// Decide on the username we will actually authenticate for.
if (isset($LDAP_options['domain']) and strlen($LDAP_options['domain'])) {
$auth_user_name = $username . "@" . $LDAP_options['domain'];
} elseif (isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
// If a search_bind_rdn is supplied, bind to that and use it to search.
// This is required unless a server offers anonymous searching.
// Using bind again on the connection works as expected.
// The password is optional as it might be optional on server, too.
if (isset($LDAP_options['search_bind_rdn']) && strlen($LDAP_options['search_bind_rdn'])) {
$search_bind = @ldap_bind($connect, $LDAP_options['search_bind_rdn'], isset($LDAP_options['search_bind_password']) ? $LDAP_options['search_bind_password'] : NULL);
if ($search_bind === FALSE) {
throw new RackTablesError('LDAP misconfiguration. You have specified a search_bind_rdn ' . (isset($LDAP_options['search_bind_password']) ? 'with' : 'without') . ' a search_bind_password, but the server refused it with: ' . ldap_error($connect), RackTablesError::MISCONFIGURED);
}
}
$results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array("dn"));
if ($results === FALSE) {
return array('result' => 'CAN');
}
if (@ldap_count_entries($connect, $results) != 1) {
@ldap_close($connect);
return array('result' => 'NAK');
}
$info = @ldap_get_entries($connect, $results);
ldap_free_result($results);
$auth_user_name = $info[0]['dn'];
} else {
throw new RackTablesError('LDAP misconfiguration. Cannon build username for authentication.', RackTablesError::MISCONFIGURED);
}
$bind = @ldap_bind($connect, $auth_user_name, $password);
if ($bind === FALSE) {
switch (ldap_errno($connect)) {
case 49:
// LDAP_INVALID_CREDENTIALS
return array('result' => 'NAK');
default:
return array('result' => 'CAN');
}
}
// preliminary decision may change during searching
$ret = array('result' => 'ACK', 'displayed_name' => '', 'memberof' => array());
// Some servers deny anonymous search, thus search (if requested) only after binding.
// Displayed name only makes sense for authenticated users anyway.
if (isset($LDAP_options['displayname_attrs']) and strlen($LDAP_options['displayname_attrs']) and isset($LDAP_options['search_dn']) and strlen($LDAP_options['search_dn']) and isset($LDAP_options['search_attr']) and strlen($LDAP_options['search_attr'])) {
$results = @ldap_search($connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "={$username})", array_merge(array($LDAP_options['group_attr']), explode(' ', $LDAP_options['displayname_attrs'])));
if (@ldap_count_entries($connect, $results) != 1) {
@ldap_close($connect);
return array('result' => 'NAK');
}
$info = @ldap_get_entries($connect, $results);
ldap_free_result($results);
$space = '';
foreach (explode(' ', $LDAP_options['displayname_attrs']) as $attr) {
if (isset($info[0][$attr])) {
$ret['displayed_name'] .= $space . $info[0][$attr][0];
$space = ' ';
}
}
// Pull group membership, if any was returned.
if (isset($info[0][$LDAP_options['group_attr']])) {
for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) {
if (preg_match($LDAP_options['group_filter'], $info[0][$LDAP_options['group_attr']][$i], $matches) and validTagName('$lgcn_' . $matches[1], TRUE)) {
$ret['memberof'][] = '$lgcn_' . $matches[1];
}
}
}
}
@ldap_close($connect);
return $ret;
}
function genericAssertion($argname, $argtype)
{
global $sic;
switch ($argtype) {
case 'string':
assertStringArg($argname);
break;
case 'string0':
assertStringArg($argname, TRUE);
break;
case 'uint':
assertUIntArg($argname);
break;
case 'uint-uint':
assertStringArg($argname);
if (1 != preg_match('/^[1-9][0-9]*-[1-9][0-9]*$/', $_REQUEST[$argname])) {
throw new InvalidRequestArgException($argname, $_REQUEST[$argname], 'illegal format');
}
break;
case 'uint0':
assertUIntArg($argname, TRUE);
break;
case 'inet':
assertIPArg($argname);
break;
case 'inet4':
assertIPv4Arg($argname);
break;
case 'inet6':
assertIPv6Arg($argname);
break;
case 'l2address':
assertStringArg($argname);
case 'l2address0':
assertStringArg($argname, TRUE);
try {
l2addressForDatabase($sic[$argname]);
} catch (InvalidArgException $e) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'malformed MAC/WWN address');
}
break;
case 'tag':
assertStringArg($argname);
if (!validTagName($sic[$argname])) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Invalid tag name');
}
break;
case 'pcre':
assertPCREArg($argname);
break;
case 'json':
assertStringArg($argname);
if (NULL === json_decode($sic[$argname], TRUE)) {
throw new InvalidRequestArgException($argname, '(omitted)', 'Invalid JSON code received from client');
}
break;
case 'array':
if (!array_key_exists($argname, $_REQUEST)) {
throw new InvalidRequestArgException($argname, '(missing argument)');
}
if (!is_array($_REQUEST[$argname])) {
throw new InvalidRequestArgException($argname, '(omitted)', 'argument is not an array');
}
break;
case 'enum/attr_type':
assertStringArg($argname);
if (!in_array($sic[$argname], array('uint', 'float', 'string', 'dict', 'date'))) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
}
break;
case 'enum/vlan_type':
assertStringArg($argname);
// "Alien" type is not valid until the logic is fixed to implement it in full.
if (!in_array($sic[$argname], array('ondemand', 'compulsory'))) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
}
break;
case 'enum/wdmstd':
assertStringArg($argname);
global $wdm_packs;
if (!array_key_exists($sic[$argname], $wdm_packs)) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
}
break;
case 'enum/ipproto':
assertStringArg($argname);
global $vs_proto;
if (!array_key_exists($sic[$argname], $vs_proto)) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
}
break;
case 'enum/alloc_type':
assertStringArg($argname);
if (!in_array($sic[$argname], array('regular', 'shared', 'virtual', 'router'))) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
}
break;
case 'enum/dqcode':
assertStringArg($argname);
global $dqtitle;
if (!array_key_exists($sic[$argname], $dqtitle)) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
}
break;
case 'iif':
if (!array_key_exists($sic[$argname], getPortIIFOptions())) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'Unknown value');
}
break;
case 'vlan':
case 'vlan1':
genericAssertion($argname, 'uint');
if ($argtype == 'vlan' and $sic[$argname] == VLAN_DFL_ID) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'default VLAN cannot be changed');
}
if ($sic[$argname] > VLAN_MAX_ID or $sic[$argname] < VLAN_MIN_ID) {
throw new InvalidRequestArgException($argname, $sic[$argname], 'out of valid range');
}
break;
case 'rackcode/expr':
genericAssertion($argname, 'string0');
if ($sic[$argname] == '') {
return;
}
$parse = spotPayload($sic[$argname], 'SYNT_EXPR');
if ($parse['result'] != 'ACK') {
throw new InvalidRequestArgException($argname, $sic[$argname], 'RackCode parsing error');
}
break;
default:
throw new InvalidArgException('argtype', $argtype);
// comes not from user's input
}
}
