/**
* Validate conditions.
*
* @static
*
* @param array $conditions
* @param int $conditions['conditiontype']
* @param array $conditions['value']
*
* @return bool
*/
public static function validateConditions($conditions, $update = false)
{
$conditions = zbx_toArray($conditions);
$hostGroupIdsAll = array();
$templateIdsAll = array();
$triggerIdsAll = array();
$hostIdsAll = array();
$discoveryRuleIdsAll = array();
$proxyIdsAll = array();
$proxyidsAll = array();
// build validators
$timePeriodValidator = new CTimePeriodValidator();
$discoveryCheckTypeValidator = new CSetValidator(array('values' => array_keys(discovery_check_type2str())));
$discoveryObjectStatusValidator = new CSetValidator(array('values' => array_keys(discovery_object_status2str())));
$triggerSeverityValidator = new CSetValidator(array('values' => array_keys(getSeverityCaption())));
$discoveryObjectValidator = new CSetValidator(array('values' => array_keys(discovery_object2str())));
$triggerValueValidator = new CSetValidator(array('values' => array_keys(trigger_value2str())));
$eventTypeValidator = new CSetValidator(array('values' => array_keys(eventType())));
foreach ($conditions as $condition) {
// on create operator is mandatory and needs validation, but on update it must be validated only if it's set
if (!$update || $update && isset($condition['operator'])) {
$operatorValidator = new CSetValidator(array('values' => get_operators_by_conditiontype($condition['conditiontype'])));
if (!$operatorValidator->validate($condition['operator'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition operator.'));
}
}
if (!$update || $update && isset($condition['value'])) {
// validate condition values depending on condition type
switch ($condition['conditiontype']) {
case CONDITION_TYPE_HOST_GROUP:
if (!$condition['value']) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
$hostGroupIdsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_TEMPLATE:
if (!$condition['value']) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
$templateIdsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_TRIGGER:
if (!$condition['value']) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
$triggerIdsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_HOST:
if (!$condition['value']) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
$hostIdsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_DRULE:
if (!$condition['value']) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
$discoveryRuleIdsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_DCHECK:
if (!$condition['value']) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
$proxyIdsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_PROXY:
if (!$condition['value']) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
$proxyidsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_DOBJECT:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} elseif (!$discoveryObjectValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery object.'));
}
break;
case CONDITION_TYPE_TIME_PERIOD:
if (!$timePeriodValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, $timePeriodValidator->getError());
}
break;
case CONDITION_TYPE_DHOST_IP:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} else {
if (!validate_ip_range($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition ip "%1$s".', $condition['value']));
}
}
break;
case CONDITION_TYPE_DSERVICE_TYPE:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} elseif (!$discoveryCheckTypeValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check.'));
}
break;
case CONDITION_TYPE_DSERVICE_PORT:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} elseif (!validate_port_list($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition port "%1$s".', $condition['value']));
}
break;
case CONDITION_TYPE_DSTATUS:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} elseif (!$discoveryObjectStatusValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery status.'));
}
break;
case CONDITION_TYPE_MAINTENANCE:
if (!zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Maintenance action condition value must be empty.'));
}
break;
case CONDITION_TYPE_TRIGGER_SEVERITY:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} elseif (!$triggerSeverityValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger severity.'));
}
break;
case CONDITION_TYPE_TRIGGER_VALUE:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} elseif (!$triggerValueValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger value.'));
}
break;
case CONDITION_TYPE_EVENT_TYPE:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
} elseif (!$eventTypeValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition event type.'));
}
break;
case CONDITION_TYPE_TRIGGER_NAME:
case CONDITION_TYPE_NODE:
case CONDITION_TYPE_DUPTIME:
case CONDITION_TYPE_DVALUE:
case CONDITION_TYPE_APPLICATION:
case CONDITION_TYPE_HOST_NAME:
case CONDITION_TYPE_HOST_METADATA:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
break;
default:
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition type.'));
break;
}
}
}
if (!API::HostGroup()->isWritable($hostGroupIdsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host group. Host group does not exist or you have no access to it.'));
}
if (!API::Host()->isWritable($hostIdsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host. Host does not exist or you have no access to it.'));
}
if (!API::Template()->isWritable($templateIdsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition template. Template does not exist or you have no access to it.'));
}
if (!API::Trigger()->isWritable($triggerIdsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger. Trigger does not exist or you have no access to it.'));
}
if (!API::DRule()->isWritable($discoveryRuleIdsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery rule. Discovery rule does not exist or you have no access to it.'));
}
if (!API::DCheck()->isWritable($proxyIdsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check. Discovery check does not exist or you have no access to it.'));
}
if (!API::Proxy()->isWritable($proxyidsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition proxy. Proxy does not exist or you have no access to it.'));
}
return true;
}
function check_type(&$field, $flags, &$var, $type)
{
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $el) {
$err |= check_type($field, $flags, $el, $type);
}
return $err;
}
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not IP");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not IP");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not IP range");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not IP range");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_PORTS) {
$err = ZBX_VALID_OK;
foreach (explode(',', $var) as $el) {
foreach (explode('-', $el) as $p) {
$err |= check_type($field, $flags, $p, T_ZBX_INT);
}
}
return $err;
}
if ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not integer range");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not integer range");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT && !is_numeric($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not integer");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not integer");
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_DBL && !is_numeric($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not double");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not double");
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_STR && !is_string($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not string");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not string");
return ZBX_VALID_WARNING;
}
}
//*
if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && strlen($var) != zbx_strlen($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] contains Multibyte chars");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] - multibyte chars are restricted");
return ZBX_VALID_ERROR;
}
}
//*/
if ($type == T_ZBX_CLR && !is_hex_color($var)) {
$var = 'FFFFFF';
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not a colour");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not a colour");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
function check_type(&$field, $flags, &$var, $type, $caption = null)
{
if (is_null($caption)) {
$caption = $field;
}
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $el) {
$err |= check_type($field, $flags, $el, $type);
}
return $err;
}
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not IP.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not IP.', $field));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not IP range.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not IP range.', $field));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not integer list or range.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not integer list or range.', $field));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT && !zbx_is_int($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not integer.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not integer.', $field));
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_DBL && !is_numeric($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not decimal number.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not decimal number.', $field));
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_STR && !is_string($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not string.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not string.', $field));
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && zbx_strlen($var) != zbx_strlen($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" contains Multibyte chars.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" multibyte chars are restricted.', $field));
return ZBX_VALID_ERROR;
}
}
if ($type == T_ZBX_CLR && !is_hex_color($var)) {
$var = 'FFFFFF';
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not a colour.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not a colour.', $caption));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
function check_type(&$field, $flags, &$var, $type, $caption = null)
{
if ($caption === null) {
$caption = $field;
}
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $v) {
$err |= check_type($field, $flags, $v, $type);
}
return $err;
}
$error = false;
$message = '';
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
$error = true;
$message = _s('Field "%1$s" is not IP.', $caption);
}
} elseif ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
$error = true;
$message = _s('Field "%1$s" is not IP range.', $caption);
}
} elseif ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
$error = true;
$message = _s('Field "%1$s" is not integer list or range.', $caption);
}
} elseif ($type == T_ZBX_INT) {
if (!zbx_is_int($var)) {
$error = true;
$message = _s('Field "%1$s" is not integer.', $caption);
}
} elseif ($type == T_ZBX_DBL) {
$decimalValidator = new CDecimalValidator(array('maxPrecision' => 16, 'maxScale' => 4, 'messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.'), 'messagePrecision' => _('Value "%2$s" of "%1$s" is too long: it cannot have more than %3$s digits before the decimal point ' . 'and more than %4$s digits after the decimal point.'), 'messageNatural' => _('Value "%2$s" of "%1$s" has too many digits before the decimal point: ' . 'it cannot have more than %3$s digits.'), 'messageScale' => _('Value "%2$s" of "%1$s" has too many digits after the decimal point: ' . 'it cannot have more than %3$s digits.')));
$decimalValidator->setObjectName($caption);
if (!$decimalValidator->validate($var)) {
$error = true;
$message = $decimalValidator->getError();
}
} elseif ($type == T_ZBX_DBL_BIG) {
$decimalValidator = new CDecimalValidator(array('maxScale' => 4, 'messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.'), 'messageScale' => _('Value "%2$s" of "%1$s" has too many digits after the decimal point: ' . 'it cannot have more than %3$s digits.')));
$decimalValidator->setObjectName($caption);
if (!$decimalValidator->validate($var)) {
$error = true;
$message = $decimalValidator->getError();
}
} elseif ($type == T_ZBX_DBL_STR) {
$decimalStringValidator = new CDecimalStringValidator(array('messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.')));
$decimalStringValidator->setObjectName($caption);
if (!$decimalStringValidator->validate($var)) {
$error = true;
$message = $decimalStringValidator->getError();
}
} elseif ($type == T_ZBX_STR) {
if (!is_string($var)) {
$error = true;
$message = _s('Field "%1$s" is not string.', $caption);
}
} elseif ($type == T_ZBX_CLR) {
$colorValidator = new CColorValidator();
if (!$colorValidator->validate($var)) {
$var = 'FFFFFF';
$error = true;
$message = _s('Colour "%1$s" is not correct: expecting hexadecimal colour code (6 symbols).', $caption);
}
}
if ($error) {
if ($flags & P_SYS) {
error($message);
return ZBX_VALID_ERROR;
} else {
info($message);
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
function update_discovery_rule($druleid, $proxy_hostid, $name, $iprange, $delay, $status, $dchecks, $uniqueness_criteria, $dchecks_deleted)
{
if (!validate_ip_range($iprange)) {
error(S_INCORRECT_IP_RANGE);
return false;
}
$result = DBexecute('update drules set proxy_hostid=' . $proxy_hostid . ',name=' . zbx_dbstr($name) . ',iprange=' . zbx_dbstr($iprange) . ',' . 'delay=' . $delay . ',status=' . $status . ' where druleid=' . $druleid);
if ($result && isset($dchecks)) {
$unique_dcheckid = 0;
foreach ($dchecks as $id => $data) {
if (!isset($data['dcheckid'])) {
$data['dcheckid'] = add_discovery_check($druleid, $data['type'], $data['ports'], $data['key'], $data['snmp_community'], $data['snmpv3_securityname'], $data['snmpv3_securitylevel'], $data['snmpv3_authpassphrase'], $data['snmpv3_privpassphrase']);
}
if ($uniqueness_criteria == $id && $data['dcheckid']) {
$unique_dcheckid = $data['dcheckid'];
}
}
DBexecute('UPDATE drules' . ' SET unique_dcheckid=' . $unique_dcheckid . ' WHERE druleid=' . $druleid);
}
if ($result && isset($dchecks_deleted) && !empty($dchecks_deleted)) {
delete_discovery_check($dchecks_deleted);
}
return $result;
}
function update_discovery_rule($druleid, $proxy_hostid, $name, $iprange, $delay, $status, $dchecks)
{
if (!validate_ip_range($iprange)) {
error('Incorrect IP range.');
return false;
}
$result = DBexecute('update drules set proxy_hostid=' . $proxy_hostid . ',name=' . zbx_dbstr($name) . ',iprange=' . zbx_dbstr($iprange) . ',' . 'delay=' . $delay . ',status=' . $status . ' where druleid=' . $druleid);
if ($result) {
DBexecute('delete from dchecks where druleid=' . $druleid);
if (isset($dchecks)) {
foreach ($dchecks as $val) {
add_discovery_check($druleid, $val["type"], $val["ports"], $val["key"], $val["snmp_community"]);
}
}
}
return $result;
}
function validate_condition($conditiontype, $value)
{
global $USER_DETAILS;
switch ($conditiontype) {
case CONDITION_TYPE_HOST_GROUP:
$groups = CHostGroup::get(array('groupids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true)));
if (empty($groups)) {
error(S_INCORRECT_GROUP);
return false;
}
break;
case CONDITION_TYPE_HOST_TEMPLATE:
$templates = CTemplate::get(array('templateids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true)));
if (empty($templates)) {
error(S_INCORRECT_HOST);
return false;
}
break;
case CONDITION_TYPE_TRIGGER:
$triggers = CTrigger::get(array('triggerids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true)));
if (empty($triggers)) {
error(S_INCORRECT_TRIGGER);
return false;
}
break;
case CONDITION_TYPE_HOST:
$hosts = CHost::get(array('hostids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true)));
if (empty($hosts)) {
error(S_INCORRECT_HOST);
return false;
}
break;
case CONDITION_TYPE_TIME_PERIOD:
if (!validate_period($value)) {
error(S_INCORRECT_PERIOD . ' [' . $value . ']');
return false;
}
break;
case CONDITION_TYPE_DHOST_IP:
if (!validate_ip_range($value)) {
error(S_INCORRECT_IP . ' [' . $value . ']');
return false;
}
break;
case CONDITION_TYPE_DSERVICE_TYPE:
if (S_UNKNOWN == discovery_check_type2str($value)) {
error(S_INCORRECT_DISCOVERY_CHECK);
return false;
}
break;
case CONDITION_TYPE_DSERVICE_PORT:
if (!validate_port_list($value)) {
error(S_INCORRECT_PORT . ' [' . $value . ']');
return false;
}
break;
case CONDITION_TYPE_DSTATUS:
if (S_UNKNOWN == discovery_object_status2str($value)) {
error(S_INCORRECT_DISCOVERY_STATUS);
return false;
}
break;
case CONDITION_TYPE_EVENT_ACKNOWLEDGED:
if (S_UNKNOWN == condition_value2str($conditiontype, $value)) {
error(S_INCORRECT_DISCOVERY_STATUS);
return false;
}
break;
case CONDITION_TYPE_TRIGGER_NAME:
case CONDITION_TYPE_TRIGGER_VALUE:
case CONDITION_TYPE_TRIGGER_SEVERITY:
case CONDITION_TYPE_MAINTENANCE:
case CONDITION_TYPE_NODE:
case CONDITION_TYPE_DRULE:
case CONDITION_TYPE_DCHECK:
case CONDITION_TYPE_DOBJECT:
case CONDITION_TYPE_PROXY:
case CONDITION_TYPE_DUPTIME:
case CONDITION_TYPE_DVALUE:
case CONDITION_TYPE_APPLICATION:
case CONDITION_TYPE_HOST_NAME:
break;
default:
error(S_INCORRECT_CONDITION_TYPE);
return false;
break;
}
return true;
}
function validate_condition($conditiontype, $value)
{
global $USER_DETAILS;
switch ($conditiontype) {
case CONDITION_TYPE_HOST_GROUP:
$available_groups = get_accessible_groups_by_user($USER_DETAILS, PERM_READ_ONLY, null, get_current_nodeid(true));
if (!isset($available_groups[$value])) {
error(S_INCORRECT_GROUP);
return false;
}
break;
case CONDITION_TYPE_HOST_TEMPLATE:
$available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY, null, get_current_nodeid(true));
if (!isset($available_hosts[$value])) {
error(S_INCORRECT_HOST);
return false;
}
break;
case CONDITION_TYPE_TRIGGER:
if (!DBfetch(DBselect('select triggerid from triggers where triggerid=' . $value)) || !check_right_on_trigger_by_triggerid(PERM_READ_ONLY, $value)) {
error(S_INCORRECT_TRIGGER);
return false;
}
break;
case CONDITION_TYPE_HOST:
$available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY, null, get_current_nodeid(true));
if (!isset($available_hosts[$value])) {
error(S_INCORRECT_HOST);
return false;
}
break;
case CONDITION_TYPE_TIME_PERIOD:
if (!validate_period($value)) {
error(S_INCORRECT_PERIOD . ' [' . $value . ']');
return false;
}
break;
case CONDITION_TYPE_DHOST_IP:
if (!validate_ip_range($value)) {
error(S_INCORRECT_IP . ' [' . $value . ']');
return false;
}
break;
case CONDITION_TYPE_DSERVICE_TYPE:
if (S_UNKNOWN == discovery_check_type2str($value)) {
error(S_INCORRECT_DISCOVERY_CHECK);
return false;
}
break;
case CONDITION_TYPE_DSERVICE_PORT:
if (!validate_port_list($value)) {
error(S_INCORRECT_PORT . ' [' . $value . ']');
return false;
}
break;
case CONDITION_TYPE_DSTATUS:
if (S_UNKNOWN == discovery_object_status2str($value)) {
error(S_INCORRECT_DISCOVERY_STATUS);
return false;
}
break;
case CONDITION_TYPE_EVENT_ACKNOWLEDGED:
if (S_UNKNOWN == condition_value2str($conditiontype, $value)) {
error(S_INCORRECT_DISCOVERY_STATUS);
return false;
}
break;
case CONDITION_TYPE_TRIGGER_NAME:
case CONDITION_TYPE_TRIGGER_VALUE:
case CONDITION_TYPE_TRIGGER_SEVERITY:
case CONDITION_TYPE_MAINTENANCE:
case CONDITION_TYPE_DUPTIME:
case CONDITION_TYPE_DVALUE:
case CONDITION_TYPE_APPLICATION:
break;
default:
error(S_INCORRECT_CONDITION_TYPE);
return false;
break;
}
return true;
}
/**
* Returns true if the given $value is valid, or set's an error and returns false otherwise.
*
*
* @param $condition
*
* @return bool
*/
public function validate($condition)
{
// build validators
$timePeriodValidator = new CTimePeriodValidator();
$discoveryCheckTypeValidator = new CLimitedSetValidator(array('values' => array_keys(discovery_check_type2str())));
$discoveryObjectStatusValidator = new CLimitedSetValidator(array('values' => array_keys(discovery_object_status2str())));
$triggerSeverityValidator = new CLimitedSetValidator(array('values' => array(TRIGGER_SEVERITY_NOT_CLASSIFIED, TRIGGER_SEVERITY_INFORMATION, TRIGGER_SEVERITY_WARNING, TRIGGER_SEVERITY_AVERAGE, TRIGGER_SEVERITY_HIGH, TRIGGER_SEVERITY_DISASTER)));
$discoveryObjectValidator = new CLimitedSetValidator(array('values' => array_keys(discovery_object2str())));
$triggerValueValidator = new CLimitedSetValidator(array('values' => array_keys(trigger_value2str())));
$eventTypeValidator = new CLimitedSetValidator(array('values' => array_keys(eventType())));
$conditionValue = $condition['value'];
// validate condition values depending on condition type
switch ($condition['conditiontype']) {
case CONDITION_TYPE_HOST_GROUP:
if (!$conditionValue) {
$this->setError(_('Empty action condition.'));
}
break;
case CONDITION_TYPE_TEMPLATE:
if (!$conditionValue) {
$this->setError(_('Empty action condition.'));
}
break;
case CONDITION_TYPE_TRIGGER:
if (!$conditionValue) {
$this->setError(_('Empty action condition.'));
}
break;
case CONDITION_TYPE_HOST:
if (!$conditionValue) {
$this->setError(_('Empty action condition.'));
}
break;
case CONDITION_TYPE_DRULE:
if (!$conditionValue) {
$this->setError(_('Empty action condition.'));
}
break;
case CONDITION_TYPE_DCHECK:
if (!$conditionValue) {
$this->setError(_('Empty action condition.'));
}
break;
case CONDITION_TYPE_PROXY:
if (!$conditionValue) {
$this->setError(_('Empty action condition.'));
}
break;
case CONDITION_TYPE_DOBJECT:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} elseif (!$discoveryObjectValidator->validate($conditionValue)) {
$this->setError(_('Incorrect action condition discovery object.'));
}
break;
case CONDITION_TYPE_TIME_PERIOD:
if (!$timePeriodValidator->validate($conditionValue)) {
$this->setError($timePeriodValidator->getError());
}
break;
case CONDITION_TYPE_DHOST_IP:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} else {
if (!validate_ip_range($conditionValue)) {
$this->setError(_s('Incorrect action condition ip "%1$s".', $conditionValue));
}
}
break;
case CONDITION_TYPE_DSERVICE_TYPE:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} elseif (!$discoveryCheckTypeValidator->validate($conditionValue)) {
$this->setError(_('Incorrect action condition discovery check.'));
}
break;
case CONDITION_TYPE_DSERVICE_PORT:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} elseif (!validate_port_list($conditionValue)) {
$this->setError(_s('Incorrect action condition port "%1$s".', $conditionValue));
}
break;
case CONDITION_TYPE_DSTATUS:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} elseif (!$discoveryObjectStatusValidator->validate($conditionValue)) {
$this->setError(_('Incorrect action condition discovery status.'));
}
break;
case CONDITION_TYPE_MAINTENANCE:
if (!zbx_empty($conditionValue)) {
$this->setError(_('Maintenance action condition value must be empty.'));
}
break;
case CONDITION_TYPE_TRIGGER_SEVERITY:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} elseif (!$triggerSeverityValidator->validate($conditionValue)) {
$this->setError(_('Incorrect action condition trigger severity.'));
}
break;
case CONDITION_TYPE_TRIGGER_VALUE:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} elseif (!$triggerValueValidator->validate($conditionValue)) {
$this->setError(_('Incorrect action condition trigger value.'));
}
break;
case CONDITION_TYPE_EVENT_TYPE:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
} elseif (!$eventTypeValidator->validate($conditionValue)) {
$this->setError(_('Incorrect action condition event type.'));
}
break;
case CONDITION_TYPE_TRIGGER_NAME:
case CONDITION_TYPE_DUPTIME:
case CONDITION_TYPE_DVALUE:
case CONDITION_TYPE_APPLICATION:
case CONDITION_TYPE_HOST_NAME:
case CONDITION_TYPE_HOST_METADATA:
if (zbx_empty($conditionValue)) {
$this->setError(_('Empty action condition.'));
}
break;
default:
$this->setError(_('Incorrect action condition type.'));
}
// If no error is not set, return true.
return !(bool) $this->getError();
}
function check_type(&$field, $flags, &$var, $type)
{
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $el) {
$err |= check_type($field, $flags, $el, $type);
}
return $err;
}
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
if ($flags & P_SYS) {
info('Critical error. Field [' . $field . '] is not IP');
return ZBX_VALID_ERROR;
} else {
info('Warning. Field [' . $field . '] is not IP');
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
if ($flags & P_SYS) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_IP_RANGE_SMALL);
return ZBX_VALID_ERROR;
} else {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_IP_RANGE_SMALL);
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_PORTS) {
$err = ZBX_VALID_OK;
$type = $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
foreach (explode(',', $var) as $el) {
foreach (explode('-', $el) as $p) {
$err |= check_type($field, $flags, $p, T_ZBX_INT);
if ($p > 65535 || $p < 0) {
$err |= $type;
}
}
}
if ($err == ZBX_VALID_ERROR) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_PORT_RANGE_SMALL);
} else {
if ($err == ZBX_VALID_WARNING) {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_PORT_RANGE_SMALL);
}
}
return $err;
}
if ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
if ($flags & P_SYS) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_RANGE_SMALL);
return ZBX_VALID_ERROR;
} else {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_RANGE_SMALL);
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT && !zbx_is_int($var)) {
if ($flags & P_SYS) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_SMALL);
return ZBX_VALID_ERROR;
} else {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_SMALL);
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_DBL && !is_numeric($var)) {
if ($flags & P_SYS) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_DOUBLE_SMALL);
return ZBX_VALID_ERROR;
} else {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_DOUBLE_SMALL);
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_STR && !is_string($var)) {
if ($flags & P_SYS) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_STRING_SMALL);
return ZBX_VALID_ERROR;
} else {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_STRING_SMALL);
return ZBX_VALID_WARNING;
}
}
//*
if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && zbx_strlen($var) != zbx_strlen($var)) {
if ($flags & P_SYS) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_CONTAINS_MULTIBYTE_CHARS_SMALL);
return ZBX_VALID_ERROR;
} else {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . '] - ' . S_MULTIBYTE_CHARS_ARE_RESTRICTED_SMALL);
return ZBX_VALID_ERROR;
}
}
//*/
if ($type == T_ZBX_CLR && !is_hex_color($var)) {
$var = 'FFFFFF';
if ($flags & P_SYS) {
info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_A_COLOUR_SMALL);
return ZBX_VALID_ERROR;
} else {
info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_A_COLOUR_SMALL);
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
function submit_acl()
{
global $dbo;
include 'include/validation_functions.php';
$subnet_id = isset($_GET['subnet_id']) && is_numeric($_GET['subnet_id']) ? $_GET['subnet_id'] : '';
$acl_name = isset($_POST['acl_name']) ? $_POST['acl_name'] : '';
$acl_start = isset($_POST['acl_start']) ? $_POST['acl_start'] : '';
$acl_end = isset($_POST['acl_end']) ? $_POST['acl_end'] : '';
if (empty($subnet_id)) {
$notice = "invalidrequest";
header("Location: blocks.php?notice={$notice}");
exit;
}
if (empty($acl_name) || empty($acl_start) || empty($acl_end)) {
$notice = "blankfield-notice";
header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}");
exit;
}
$result = validate_text($acl_name, 'aclname');
if ($result['0'] === false) {
$notice = $result['error'];
header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}");
exit;
} else {
$acl_name = $result['1'];
}
$result = validate_ip_range($acl_start, $acl_end, 'acl', $subnet_id);
if ($result['0'] === false) {
$notice = $result['error'];
header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}");
exit;
} else {
$long_acl_start = $result['long_start_ip'];
$long_acl_end = $result['long_end_ip'];
$subnet_name = $result['subnet_name'];
}
AccessControl('3', "{$acl_name} ACL for {$subnet_name} subnet edited");
$sql = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) VALUES ('{$acl_name}', '{$long_acl_start}', '{$long_acl_end}', '{$subnet_id}')";
$dbo->query($sql);
$notice = "acladded-notice";
header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}");
exit;
}
function read_in_csv_row($row)
{
global $COLLATE;
global $dbo;
$recordtype = $row['0'];
$fieldcount = count($row);
$result = array();
/*
* Record format:
* block: (5 fields)
* 'block','$block_name','$start_ip','$end_ip','$block_note'
*
* subnet: (5 fields)
* 'subnet','$block_name','$subnet_name','$subnet','$subnet_note'
*
* acl: (4 fields)
* 'acl','$acl_name','$start_ip','$end_ip'
*
* static ip: (5 fields)
* 'static','$static_name','$ip_address','$static_contact','$static_note'
*/
if ($recordtype == 'block' && $fieldcount != '5' || $recordtype == 'subnet' && $fieldcount != '5' || $recordtype == 'acl' && $fieldcount != '4' || $recordtype == 'static' && $fieldcount != '5') {
$result['error'] = true;
$result['errormessage'] = 'badfieldcount';
return $result;
}
$last_modified_by = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
if ($recordtype == 'block') {
$block_name = $row['1'];
$block_start_ip = $row['2'];
$block_end_ip = $row['3'];
$block_note = $row['4'];
$validate = validate_text($block_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_name = $validate['1'];
}
$query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'");
if ($query_result->rowCount() != '0') {
$result['error'] = true;
$result['errormessage'] = 'duplicatename';
return $result;
}
if (preg_match('/^\\s*$/', $block_start_ip) && preg_match('/^\\s*$/', $block_end_ip)) {
// block with no associated IP information
$block_start_ip = '';
$block_long_start_ip = '';
$block_end_ip = '';
$block_long_end_ip = '';
} elseif (empty($block_end_ip) || ip2decimal($block_end_ip) === false) {
// subnet
$validate = validate_network($block_start_ip, 'block');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_start_ip = $validate['start_ip'];
$block_long_start_ip = $validate['long_start_ip'];
$block_end_ip = $validate['end_ip'];
$block_long_end_ip = $validate['long_end_ip'];
}
} else {
// range
$validate = validate_ip_range($block_start_ip, $block_end_ip, 'block');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_start_ip = $validate['start_ip'];
$block_long_start_ip = $validate['long_start_ip'];
$block_end_ip = $validate['end_ip'];
$block_long_end_ip = $validate['long_end_ip'];
}
}
$validate = validate_text($block_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_note = $validate['1'];
}
$row_result['error'] = false;
$row_result['sql'] = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at) \r\n\t VALUES('{$block_name}', '{$block_long_start_ip}', '{$block_long_end_ip}', '{$block_note}', '{$last_modified_by}', now())";
return $row_result;
} elseif ($recordtype == 'subnet') {
$block_name = $row['1'];
$subnet_name = $row['2'];
$subnet = $row['3'];
$subnet_note = $row['4'];
$validate = validate_text($block_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_name = $validate['1'];
}
$query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'");
if ($query_result->rowCount() != '1') {
$result['error'] = true;
$result['errormessage'] = 'blocknotfound';
return $result;
} else {
$block_id = $query_result->fetchColumn();
}
$validate = validate_text($subnet_name, 'subnetname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_name = $validate['1'];
}
$validate = validate_network($subnet);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_start_ip = $validate['start_ip'];
$subnet_long_start_ip = $validate['long_start_ip'];
$subnet_end_ip = $validate['end_ip'];
$subnet_long_end_ip = $validate['long_end_ip'];
$subnet_mask = $validate['mask'];
$subnet_long_mask = $validate['long_mask'];
}
$validate = validate_text($subnet_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_note = $validate['1'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at) \r\n VALUES('{$subnet_name}', '{$subnet_long_start_ip}', '{$subnet_long_end_ip}', '{$subnet_long_mask}', \r\n\t\t\t\t\t '{$subnet_note}', '{$block_id}', '{$last_modified_by}', now())";
return $return;
} elseif ($recordtype == 'acl') {
$acl_name = $row['1'];
$acl_start_ip = $row['2'];
$acl_end_ip = $row['3'];
$validate = validate_text($acl_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$acl_name = $validate['1'];
}
$validate = validate_ip_range($acl_start_ip, $acl_end_ip, 'acl', null);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_id = $validate['subnet_id'];
$acl_start_ip = $validate['start_ip'];
$acl_long_start_ip = $validate['long_start_ip'];
$acl_end_ip = $validate['end_ip'];
$acl_long_end_ip = $validate['long_end_ip'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) \r\n\t VALUES ('{$acl_name}', '{$acl_long_start_ip}', '{$acl_long_end_ip}', '{$subnet_id}')";
return $return;
} else {
// $recordtype == static
$static_name = $row['1'];
$static_ip = $row['2'];
$static_long_ip = ip2decimal($static_ip);
$static_contact = $row['3'];
$static_note = $row['4'];
$validate = validate_text($static_name, 'staticname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_name = $validate['1'];
}
if ($static_long_ip === false) {
$result['error'] = true;
$result['errormessage'] = 'invalidip';
return $result;
}
$sql = "SELECT id from subnets where CAST('{$static_long_ip}' AS UNSIGNED) & CAST(mask AS UNSIGNED) = CAST(start_ip AS UNSIGNED)";
$subnet_result = $dbo->query($sql);
if ($subnet_result->rowCount() != '1') {
$result['error'] = true;
$result['errormessage'] = 'subnetnotfound';
return $result;
} else {
$subnet_id = $subnet_result->fetchColumn();
}
// Make sure the static IP isn't in use already or excluded from use via an ACL
$validate = validate_static_ip($static_ip);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
}
$validate = validate_text($static_contact, 'contact');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_contact = $validate['1'];
}
$validate = validate_text($static_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_note = $validate['1'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at)\r\n VALUES('{$static_long_ip}', '{$static_name}', '{$static_contact}', '{$static_note}', \r\n\t\t\t\t\t '{$subnet_id}', '{$last_modified_by}', now())";
return $return;
}
// We should never get here
exit;
}
function submit_block()
{
#validation here might look messy, but it's essentially in order of parameters listed below by
# 1. all checks that don't require db lookups
# 2. all other checks
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$block_id = isset($_POST['block_id']) ? $_POST['block_id'] : '';
$name = isset($_POST['name']) ? $_POST['name'] : '';
$note = isset($_POST['note']) ? $_POST['note'] : '';
# this input is optional
$ip = isset($_POST['ip']) ? $_POST['ip'] : '';
$end_ip = isset($_POST['end_ip']) ? $_POST['end_ip'] : '';
$username = empty($_SESSION['username']) ? 'system' : $_SESSION['username'];
$update_block = isset($_POST['update_block']) ? $_POST['update_block'] : false;
$submit_op = $update_block == 'true' ? "modify&block_id={$block_id}" : 'add';
$parent_block = isset($_POST['parent_block']) ? $_POST['parent_block'] : '';
$block_type = isset($_POST['block_type']) ? $_POST['block_type'] : '';
if ($block_type == 'container') {
#containers don't have IP ranges associated with them
$ip = '';
$end_ip = '';
}
if (empty($name) || !empty($end_ip) && empty($ip) || empty($block_type)) {
$notice = "missingfield-notice";
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
if (empty($parent_block) || !preg_match("/[0-9]*/", $parent_block) && $parent_block != 'null') {
$notice = "invalidrequest";
header("Location: blocks.php?notice={$notice}");
exit;
}
$return = validate_text($name, 'blockname');
if ($return['0'] === false) {
$notice = $return['error'];
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
} else {
$name = $return['1'];
}
unset($return);
if (!preg_match('/^container$|^ipv4$/', $block_type)) {
$notice = 'invalidrequest';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
if ($update_block === false) {
# checking for duplicate block name
$sql = "SELECT id from blocks where name='{$name}'";
$result = $dbo->query($sql);
if ($result->rowCount() != '0') {
header("HTTP/1.1 400 Bad Request");
$notice = 'duplicatename';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
} else {
# checking that we're updating a block that actually exists
$sql = "SELECT name FROM blocks WHERE id='{$block_id}'";
$result = $dbo->query($sql);
if ($result->rowCount() != '1') {
header("HTTP/1.1 400 Bad Request");
$notice = 'selectblock';
header("Location: blocks.php?notice={$notice}");
exit;
}
$old_block_name = $result->fetchColumn();
}
$return = validate_text($note, 'note');
if ($return['0'] === false) {
$notice = $return['error'];
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
} else {
$note = $return['1'];
}
unset($return);
if (empty($end_ip) && !empty($ip)) {
# subnet supplied
$return = validate_network($ip, 'block', $block_id);
} elseif (!empty($ip)) {
# range supplied
$return = validate_ip_range($ip, $end_ip, 'block', $block_id);
}
if (isset($return) && $return['0'] === false) {
$notice = $return['error'];
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
} elseif (isset($return)) {
$long_start_ip = $return['long_start_ip'];
$long_end_ip = $return['long_end_ip'];
}
unset($return);
$result = '';
if ($parent_block != 'null') {
$sql = "SELECT id FROM blocks WHERE id='{$parent_block}'";
$result = $dbo->query($sql);
if ($result->rowCount() != '1') {
$notice = "invalidrequest";
header("Location: blocks.php?notice={$notice}");
exit;
}
$parent_id = "'{$parent_block}'";
} else {
$parent_id = 'null';
}
if ($update_block === false) {
# new block
$old_parent_block = $parent_block;
#we're going to redirect the user to the block they put this block into
} else {
$sql = "SELECT parent_id FROM blocks WHERE id='{$block_id}'";
$result = $dbo->query($sql);
$old_parent_block = $result->fetchColumn();
}
# If we're changing an existing block, we must make sure we don't orphan a child object
if ($update_block !== false) {
if ($block_type == 'ipv4' && find_child_blocks($block_id) !== false) {
$notice = 'wouldorphanblocks';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}¬ice={$notice}");
exit;
} elseif ($block_type == 'container') {
# just check this block for subnets
$sql = "SELECT count(*) FROM subnets where block_id='{$block_id}'";
$result = $dbo->query($sql);
if ($result->fetchColumn() != '0') {
$notice = 'wouldorphansubnets';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
}
}
if ($update_block) {
$sql = "UPDATE blocks SET name='{$name}', start_ip='{$long_start_ip}', end_ip='{$long_end_ip}', note='{$note}', modified_by='{$username}', modified_at=now(),\r\n parent_id={$parent_id}, type='{$block_type}' WHERE id='{$block_id}'";
} else {
$sql = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at, parent_id, type) \r\n\t VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$note}', '{$username}', now(), {$parent_id}, '{$block_type}')";
}
$accesslevel = "4";
$message = $update_block ? "IP Block updated: {$name}" : "IP Block added: {$name}";
$message .= $name != $old_block_name ? "(previously {$old_block_name})" : '';
AccessControl($accesslevel, $message);
// We don't want to generate logs when nothing is really happening, so this goes down here.
$dbo->query($sql);
$notice = $update_block ? 'blockupdated-notice' : 'blockadded-notice';
if ($old_parent_block == 'null') {
header("Location: blocks.php?notice={$notice}");
} else {
header("Location: blocks.php?block_id={$old_parent_block}¬ice={$notice}");
}
exit;
}
function submit_subnet()
{
global $dbo;
include 'include/validation_functions.php';
$block_id = isset($_POST['block_id']) && is_numeric($_POST['block_id']) ? $_POST['block_id'] : '';
$name = isset($_POST['name']) ? $_POST['name'] : '';
$ip = isset($_POST['ip']) ? $_POST['ip'] : '';
$gateway = isset($_POST['gateway']) ? $_POST['gateway'] : '';
$acl_name = isset($_POST['acl_name']) ? $_POST['acl_name'] : '';
$acl_start = isset($_POST['acl_start']) ? $_POST['acl_start'] : '';
$acl_end = isset($_POST['acl_end']) ? $_POST['acl_end'] : '';
$note = isset($_POST['note']) ? $_POST['note'] : '';
$guidance = isset($_POST['guidance']) ? $_POST['guidance'] : '';
if (empty($block_id)) {
$notice = 'invalidrequest';
header("Location: blocks.php?notice={$notice}");
exit;
}
if (empty($name) || empty($ip)) {
$notice = "blankfield-notice";
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$result = validate_text($name, 'subnetname');
if ($result['0'] === false) {
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$name = $result['1'];
}
$result = validate_network($ip);
if ($result['0'] === false) {
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$start_ip = $result['start_ip'];
$end_ip = $result['end_ip'];
$mask = $result['mask'];
$long_start_ip = $result['long_start_ip'];
$long_end_ip = $result['long_end_ip'];
$long_mask = $result['long_mask'];
}
$dbo->beginTransaction();
$username = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
$sql = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at, guidance) \r\n VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$long_mask}', '{$note}', '{$block_id}', '{$username}', now(), '{$guidance}')";
$dbo->query($sql);
$subnet_id = $dbo->lastInsertId();
if (!empty($acl_start) && !empty($acl_end)) {
$result = validate_ip_range($acl_start, $acl_end, 'acl');
if ($result['0'] === false) {
$dbo->rollBack();
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$long_acl_start = $result['long_start_ip'];
$long_acl_end = $result['long_end_ip'];
}
// Add an ACL for the acl range so users don't assign a static IP inside a acl scope.
$sql = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) VALUES('{$acl_name}', '{$long_acl_start}', '{$long_acl_end}', '{$subnet_id}')";
$dbo->query($sql);
}
// Add static IP for the Default Gateway
if (!empty($gateway)) {
$long_gateway = ip2decimal($gateway);
$subnet_test = $long_gateway & $long_mask;
if ($subnet_test !== $long_start_ip) {
$dbo->rollBack();
$notice = 'invalidip';
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$validate_gateway = validate_static_ip($gateway);
if ($validate_gateway['0'] === false) {
$dbo->rollBack();
$notice = $validate_gateway['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$sql = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at) \r\n VALUES('{$long_gateway}', 'Gateway', 'Network Admin', 'Default Gateway', '{$subnet_id}', '{$username}', now())";
$dbo->query($sql);
}
$dbo->commit();
$cidr = subnet2cidr($long_start_ip, $long_mask);
$accesslevel = "3";
$message = "Subnet {$name} ({$cidr}) has been created";
AccessControl($accesslevel, $message);
// No need to generate logs when nothing is really happening. This
// goes down here where we know stuff has actually been written. Access
// Control actually happened before submit_subnet() was called.
$notice = "subnetadded-notice";
header("Location: subnets.php?block_id={$block_id}¬ice={$notice}");
exit;
}
public function checkInput(array &$dRules)
{
$dRules = zbx_toArray($dRules);
if (empty($dRules)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty input.'));
}
if (CWebUser::getType() < USER_TYPE_ZABBIX_ADMIN) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions to referred object or it does not exist!'));
}
$proxies = array();
foreach ($dRules as $dRule) {
if (!isset($dRule['iprange'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('IP range cannot be empty.'));
} elseif (!validate_ip_range($dRule['iprange'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect IP range "%s".', $dRule['iprange']));
}
if (isset($dRule['delay']) && $dRule['delay'] < 0) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect delay.'));
}
if (isset($dRule['status']) && ($dRule['status'] != DRULE_STATUS_DISABLED && $dRule['status'] != DRULE_STATUS_ACTIVE)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect status.'));
}
if (empty($dRule['dchecks'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot save discovery rule without checks.'));
}
$this->validateDChecks($dRule['dchecks']);
if (isset($dRule['proxy_hostid']) && $dRule['proxy_hostid']) {
$proxies[] = $dRule['proxy_hostid'];
}
}
if (!empty($proxies)) {
$proxiesDB = API::proxy()->get(array('proxyids' => $proxies, 'output' => array('proxyid'), 'preservekeys' => true));
foreach ($proxies as $proxy) {
if (!isset($proxiesDB[$proxy])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect proxyid.'));
}
}
}
}
function update_discovery_rule($druleid, $proxy_hostid, $name, $iprange, $delay, $status, $dchecks, $dchecks_deleted)
{
if (!validate_ip_range($iprange)) {
error('Incorrect IP range.');
return false;
}
$result = DBexecute('update drules set proxy_hostid=' . $proxy_hostid . ',name=' . zbx_dbstr($name) . ',iprange=' . zbx_dbstr($iprange) . ',' . 'delay=' . $delay . ',status=' . $status . ' where druleid=' . $druleid);
if ($result) {
if (isset($dchecks)) {
foreach ($dchecks as $val) {
if (!isset($val['dcheckid'])) {
add_discovery_check($druleid, $val['type'], $val['ports'], $val['key'], $val['snmp_community'], $val['snmpv3_securityname'], $val['snmpv3_securitylevel'], $val['snmpv3_authpassphrase'], $val['snmpv3_privpassphrase']);
}
}
}
if (isset($dchecks_deleted) && !empty($dchecks_deleted)) {
delete_discovery_check($dchecks_deleted);
}
}
return $result;
}
function check_type(&$field, $flags, &$var, $type, $caption = null)
{
if (is_null($caption)) {
$caption = $field;
}
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $v) {
$err |= check_type($field, $flags, $v, $type);
}
return $err;
}
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
info(_s('Field "%1$s" is not IP.', $caption));
return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
info(_s('Field "%1$s" is not IP range.', $caption));
return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
info(_s('Field "%1$s" is not integer list or range.', $caption));
return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT && !zbx_is_int($var)) {
info(_s('Field "%1$s" is not integer.', $caption));
return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
}
if ($type == T_ZBX_DBL && !is_numeric($var)) {
info(_s('Field "%1$s" is not decimal number.', $caption));
return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
}
if ($type == T_ZBX_STR && !is_string($var)) {
info(_s('Field "%1$s" is not string.', $caption));
return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
}
if ($type == T_ZBX_CLR) {
$colorValidator = new CColorValidator();
if (!$colorValidator->validate($var)) {
$var = 'FFFFFF';
info(_s('Colour "%1$s" is not correct: expecting hexadecimal colour code (6 symbols).', $caption));
return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
public function checkInput(array &$dRules)
{
$dRules = zbx_toArray($dRules);
if (empty($dRules)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty input.'));
}
if (self::$userData['type'] >= USER_TYPE_ZABBIX_ADMIN) {
if (!count(get_accessible_nodes_by_user(self::$userData, PERM_READ_WRITE, PERM_RES_IDS_ARRAY))) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions to referred object or it does not exist!'));
}
}
$proxies = array();
foreach ($dRules as $dRule) {
if (!isset($dRule['iprange'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('IP range cannot be empty.'));
} elseif (!validate_ip_range($dRule['iprange'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect IP range "%s".', $dRule['iprange']));
}
if (isset($dRule['delay']) && $dRule['delay'] < 0) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect delay.'));
}
if (isset($dRule['status']) && ($dRule['status'] != DRULE_STATUS_DISABLED && $dRule['status'] != DRULE_STATUS_ACTIVE)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect status.'));
}
if (empty($dRule['dchecks'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot save discovery rule without checks.'));
}
$this->validateDChecks($dRule['dchecks']);
if (isset($dRule['proxy_hostid']) && $dRule['proxy_hostid']) {
$proxies[] = $dRule['proxy_hostid'];
}
}
if (!empty($proxies)) {
$proxiesDB = API::proxy()->get(array('proxyids' => $proxies, 'output' => API_OUTPUT_SHORTEN, 'preservekeys' => true));
foreach ($proxies as $proxy) {
if (!isset($proxiesDB[$proxy])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect proxyid.'));
}
}
}
}
/**
* Validate conditions.
*
* @static
* @param $conditions
* @return bool
*/
public static function validateConditions($conditions)
{
$conditions = zbx_toArray($conditions);
$hostGroupidsAll = array();
$templateidsAll = array();
$triggeridsAll = array();
$hostidsAll = array();
$discoveryRuleidsAll = array();
$discoveryCheckidsAll = array();
$proxyidsAll = array();
$discoveryCheckTypes = discovery_check_type2str();
$discoveryObjectStatuses = discovery_object_status2str();
$timePeriodValidator = new CTimePeriodValidator();
foreach ($conditions as $condition) {
switch ($condition['conditiontype']) {
case CONDITION_TYPE_HOST_GROUP:
$hostGroupidsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_HOST_TEMPLATE:
$templateidsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_TRIGGER:
$triggeridsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_HOST:
$hostidsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_DRULE:
$discoveryRuleidsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_DCHECK:
$discoveryCheckidsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_PROXY:
$proxyidsAll[$condition['value']] = $condition['value'];
break;
case CONDITION_TYPE_TIME_PERIOD:
if (!$timePeriodValidator->validate($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition period "%s".', $condition['value']));
}
break;
case CONDITION_TYPE_DHOST_IP:
if (!validate_ip_range($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition ip "%s".', $condition['value']));
}
break;
case CONDITION_TYPE_DSERVICE_TYPE:
if (!isset($discoveryCheckTypes[$condition['value']])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check.'));
}
break;
case CONDITION_TYPE_DSERVICE_PORT:
if (!validate_port_list($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition port "%s".', $condition['value']));
}
break;
case CONDITION_TYPE_DSTATUS:
if (!isset($discoveryObjectStatuses[$condition['value']])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery status.'));
}
break;
case CONDITION_TYPE_MAINTENANCE:
// maintenance condition has no value...
break;
case CONDITION_TYPE_TRIGGER_NAME:
case CONDITION_TYPE_TRIGGER_VALUE:
case CONDITION_TYPE_TRIGGER_SEVERITY:
case CONDITION_TYPE_NODE:
case CONDITION_TYPE_DOBJECT:
case CONDITION_TYPE_DUPTIME:
case CONDITION_TYPE_DVALUE:
case CONDITION_TYPE_APPLICATION:
case CONDITION_TYPE_HOST_NAME:
if (zbx_empty($condition['value'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.'));
}
break;
default:
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition type.'));
break;
}
}
if (!API::HostGroup()->isWritable($hostGroupidsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host group. Host group does not exist or you have no access to it.'));
}
if (!API::Host()->isWritable($hostidsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host. Host does not exist or you have no access to it.'));
}
if (!API::Template()->isWritable($templateidsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition template. Template does not exist or you have no access to it.'));
}
if (!API::Trigger()->isWritable($triggeridsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger. Trigger does not exist or you have no access to it.'));
}
if (!API::DRule()->isWritable($discoveryRuleidsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery rule. Discovery rule does not exist or you have no access to it.'));
}
if (!API::DCheck()->isWritable($discoveryCheckidsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check. Discovery check does not exist or you have no access to it.'));
}
if (!API::Proxy()->isWritable($proxyidsAll)) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition proxy. Proxy does not exist or you have no access to it.'));
}
return true;
}
