/** * Validate conditions. * * @static * * @param array $conditions * @param int $conditions['conditiontype'] * @param array $conditions['value'] * * @return bool */ public static function validateConditions($conditions, $update = false) { $conditions = zbx_toArray($conditions); $hostGroupIdsAll = array(); $templateIdsAll = array(); $triggerIdsAll = array(); $hostIdsAll = array(); $discoveryRuleIdsAll = array(); $proxyIdsAll = array(); $proxyidsAll = array(); // build validators $timePeriodValidator = new CTimePeriodValidator(); $discoveryCheckTypeValidator = new CSetValidator(array('values' => array_keys(discovery_check_type2str()))); $discoveryObjectStatusValidator = new CSetValidator(array('values' => array_keys(discovery_object_status2str()))); $triggerSeverityValidator = new CSetValidator(array('values' => array_keys(getSeverityCaption()))); $discoveryObjectValidator = new CSetValidator(array('values' => array_keys(discovery_object2str()))); $triggerValueValidator = new CSetValidator(array('values' => array_keys(trigger_value2str()))); $eventTypeValidator = new CSetValidator(array('values' => array_keys(eventType()))); foreach ($conditions as $condition) { // on create operator is mandatory and needs validation, but on update it must be validated only if it's set if (!$update || $update && isset($condition['operator'])) { $operatorValidator = new CSetValidator(array('values' => get_operators_by_conditiontype($condition['conditiontype']))); if (!$operatorValidator->validate($condition['operator'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition operator.')); } } if (!$update || $update && isset($condition['value'])) { // validate condition values depending on condition type switch ($condition['conditiontype']) { case CONDITION_TYPE_HOST_GROUP: if (!$condition['value']) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } $hostGroupIdsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_TEMPLATE: if (!$condition['value']) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } $templateIdsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_TRIGGER: if (!$condition['value']) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } $triggerIdsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_HOST: if (!$condition['value']) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } $hostIdsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_DRULE: if (!$condition['value']) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } $discoveryRuleIdsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_DCHECK: if (!$condition['value']) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } $proxyIdsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_PROXY: if (!$condition['value']) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } $proxyidsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_DOBJECT: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } elseif (!$discoveryObjectValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery object.')); } break; case CONDITION_TYPE_TIME_PERIOD: if (!$timePeriodValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, $timePeriodValidator->getError()); } break; case CONDITION_TYPE_DHOST_IP: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } else { if (!validate_ip_range($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition ip "%1$s".', $condition['value'])); } } break; case CONDITION_TYPE_DSERVICE_TYPE: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } elseif (!$discoveryCheckTypeValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check.')); } break; case CONDITION_TYPE_DSERVICE_PORT: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } elseif (!validate_port_list($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition port "%1$s".', $condition['value'])); } break; case CONDITION_TYPE_DSTATUS: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } elseif (!$discoveryObjectStatusValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery status.')); } break; case CONDITION_TYPE_MAINTENANCE: if (!zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Maintenance action condition value must be empty.')); } break; case CONDITION_TYPE_TRIGGER_SEVERITY: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } elseif (!$triggerSeverityValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger severity.')); } break; case CONDITION_TYPE_TRIGGER_VALUE: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } elseif (!$triggerValueValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger value.')); } break; case CONDITION_TYPE_EVENT_TYPE: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } elseif (!$eventTypeValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition event type.')); } break; case CONDITION_TYPE_TRIGGER_NAME: case CONDITION_TYPE_NODE: case CONDITION_TYPE_DUPTIME: case CONDITION_TYPE_DVALUE: case CONDITION_TYPE_APPLICATION: case CONDITION_TYPE_HOST_NAME: case CONDITION_TYPE_HOST_METADATA: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } break; default: self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition type.')); break; } } } if (!API::HostGroup()->isWritable($hostGroupIdsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host group. Host group does not exist or you have no access to it.')); } if (!API::Host()->isWritable($hostIdsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host. Host does not exist or you have no access to it.')); } if (!API::Template()->isWritable($templateIdsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition template. Template does not exist or you have no access to it.')); } if (!API::Trigger()->isWritable($triggerIdsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger. Trigger does not exist or you have no access to it.')); } if (!API::DRule()->isWritable($discoveryRuleIdsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery rule. Discovery rule does not exist or you have no access to it.')); } if (!API::DCheck()->isWritable($proxyIdsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check. Discovery check does not exist or you have no access to it.')); } if (!API::Proxy()->isWritable($proxyidsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition proxy. Proxy does not exist or you have no access to it.')); } return true; }
function check_type(&$field, $flags, &$var, $type) { if (is_array($var) && $type != T_ZBX_IP) { $err = ZBX_VALID_OK; foreach ($var as $el) { $err |= check_type($field, $flags, $el, $type); } return $err; } if ($type == T_ZBX_IP) { if (!validate_ip($var, $arr)) { if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] is not IP"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] is not IP"); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_IP_RANGE) { if (!validate_ip_range($var)) { if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] is not IP range"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] is not IP range"); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_PORTS) { $err = ZBX_VALID_OK; foreach (explode(',', $var) as $el) { foreach (explode('-', $el) as $p) { $err |= check_type($field, $flags, $p, T_ZBX_INT); } } return $err; } if ($type == T_ZBX_INT_RANGE) { if (!is_int_range($var)) { if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] is not integer range"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] is not integer range"); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_INT && !is_numeric($var)) { if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] is not integer"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] is not integer"); return ZBX_VALID_WARNING; } } if ($type == T_ZBX_DBL && !is_numeric($var)) { if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] is not double"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] is not double"); return ZBX_VALID_WARNING; } } if ($type == T_ZBX_STR && !is_string($var)) { if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] is not string"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] is not string"); return ZBX_VALID_WARNING; } } //* if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && strlen($var) != zbx_strlen($var)) { if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] contains Multibyte chars"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] - multibyte chars are restricted"); return ZBX_VALID_ERROR; } } //*/ if ($type == T_ZBX_CLR && !is_hex_color($var)) { $var = 'FFFFFF'; if ($flags & P_SYS) { info("Critical error. Field [" . $field . "] is not a colour"); return ZBX_VALID_ERROR; } else { info("Warning. Field [" . $field . "] is not a colour"); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; }
function check_type(&$field, $flags, &$var, $type, $caption = null) { if (is_null($caption)) { $caption = $field; } if (is_array($var) && $type != T_ZBX_IP) { $err = ZBX_VALID_OK; foreach ($var as $el) { $err |= check_type($field, $flags, $el, $type); } return $err; } if ($type == T_ZBX_IP) { if (!validate_ip($var, $arr)) { if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" is not IP.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" is not IP.', $field)); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_IP_RANGE) { if (!validate_ip_range($var)) { if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" is not IP range.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" is not IP range.', $field)); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_INT_RANGE) { if (!is_int_range($var)) { if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" is not integer list or range.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" is not integer list or range.', $field)); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_INT && !zbx_is_int($var)) { if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" is not integer.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" is not integer.', $field)); return ZBX_VALID_WARNING; } } if ($type == T_ZBX_DBL && !is_numeric($var)) { if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" is not decimal number.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" is not decimal number.', $field)); return ZBX_VALID_WARNING; } } if ($type == T_ZBX_STR && !is_string($var)) { if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" is not string.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" is not string.', $field)); return ZBX_VALID_WARNING; } } if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && zbx_strlen($var) != zbx_strlen($var)) { if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" contains Multibyte chars.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" multibyte chars are restricted.', $field)); return ZBX_VALID_ERROR; } } if ($type == T_ZBX_CLR && !is_hex_color($var)) { $var = 'FFFFFF'; if ($flags & P_SYS) { info(_s('Critical error. Field "%1$s" is not a colour.', $field)); return ZBX_VALID_ERROR; } else { info(_s('Warning. Field "%1$s" is not a colour.', $caption)); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; }
function check_type(&$field, $flags, &$var, $type, $caption = null) { if ($caption === null) { $caption = $field; } if (is_array($var) && $type != T_ZBX_IP) { $err = ZBX_VALID_OK; foreach ($var as $v) { $err |= check_type($field, $flags, $v, $type); } return $err; } $error = false; $message = ''; if ($type == T_ZBX_IP) { if (!validate_ip($var, $arr)) { $error = true; $message = _s('Field "%1$s" is not IP.', $caption); } } elseif ($type == T_ZBX_IP_RANGE) { if (!validate_ip_range($var)) { $error = true; $message = _s('Field "%1$s" is not IP range.', $caption); } } elseif ($type == T_ZBX_INT_RANGE) { if (!is_int_range($var)) { $error = true; $message = _s('Field "%1$s" is not integer list or range.', $caption); } } elseif ($type == T_ZBX_INT) { if (!zbx_is_int($var)) { $error = true; $message = _s('Field "%1$s" is not integer.', $caption); } } elseif ($type == T_ZBX_DBL) { $decimalValidator = new CDecimalValidator(array('maxPrecision' => 16, 'maxScale' => 4, 'messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.'), 'messagePrecision' => _('Value "%2$s" of "%1$s" is too long: it cannot have more than %3$s digits before the decimal point ' . 'and more than %4$s digits after the decimal point.'), 'messageNatural' => _('Value "%2$s" of "%1$s" has too many digits before the decimal point: ' . 'it cannot have more than %3$s digits.'), 'messageScale' => _('Value "%2$s" of "%1$s" has too many digits after the decimal point: ' . 'it cannot have more than %3$s digits.'))); $decimalValidator->setObjectName($caption); if (!$decimalValidator->validate($var)) { $error = true; $message = $decimalValidator->getError(); } } elseif ($type == T_ZBX_DBL_BIG) { $decimalValidator = new CDecimalValidator(array('maxScale' => 4, 'messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.'), 'messageScale' => _('Value "%2$s" of "%1$s" has too many digits after the decimal point: ' . 'it cannot have more than %3$s digits.'))); $decimalValidator->setObjectName($caption); if (!$decimalValidator->validate($var)) { $error = true; $message = $decimalValidator->getError(); } } elseif ($type == T_ZBX_DBL_STR) { $decimalStringValidator = new CDecimalStringValidator(array('messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.'))); $decimalStringValidator->setObjectName($caption); if (!$decimalStringValidator->validate($var)) { $error = true; $message = $decimalStringValidator->getError(); } } elseif ($type == T_ZBX_STR) { if (!is_string($var)) { $error = true; $message = _s('Field "%1$s" is not string.', $caption); } } elseif ($type == T_ZBX_CLR) { $colorValidator = new CColorValidator(); if (!$colorValidator->validate($var)) { $var = 'FFFFFF'; $error = true; $message = _s('Colour "%1$s" is not correct: expecting hexadecimal colour code (6 symbols).', $caption); } } if ($error) { if ($flags & P_SYS) { error($message); return ZBX_VALID_ERROR; } else { info($message); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; }
function update_discovery_rule($druleid, $proxy_hostid, $name, $iprange, $delay, $status, $dchecks, $uniqueness_criteria, $dchecks_deleted) { if (!validate_ip_range($iprange)) { error(S_INCORRECT_IP_RANGE); return false; } $result = DBexecute('update drules set proxy_hostid=' . $proxy_hostid . ',name=' . zbx_dbstr($name) . ',iprange=' . zbx_dbstr($iprange) . ',' . 'delay=' . $delay . ',status=' . $status . ' where druleid=' . $druleid); if ($result && isset($dchecks)) { $unique_dcheckid = 0; foreach ($dchecks as $id => $data) { if (!isset($data['dcheckid'])) { $data['dcheckid'] = add_discovery_check($druleid, $data['type'], $data['ports'], $data['key'], $data['snmp_community'], $data['snmpv3_securityname'], $data['snmpv3_securitylevel'], $data['snmpv3_authpassphrase'], $data['snmpv3_privpassphrase']); } if ($uniqueness_criteria == $id && $data['dcheckid']) { $unique_dcheckid = $data['dcheckid']; } } DBexecute('UPDATE drules' . ' SET unique_dcheckid=' . $unique_dcheckid . ' WHERE druleid=' . $druleid); } if ($result && isset($dchecks_deleted) && !empty($dchecks_deleted)) { delete_discovery_check($dchecks_deleted); } return $result; }
function update_discovery_rule($druleid, $proxy_hostid, $name, $iprange, $delay, $status, $dchecks) { if (!validate_ip_range($iprange)) { error('Incorrect IP range.'); return false; } $result = DBexecute('update drules set proxy_hostid=' . $proxy_hostid . ',name=' . zbx_dbstr($name) . ',iprange=' . zbx_dbstr($iprange) . ',' . 'delay=' . $delay . ',status=' . $status . ' where druleid=' . $druleid); if ($result) { DBexecute('delete from dchecks where druleid=' . $druleid); if (isset($dchecks)) { foreach ($dchecks as $val) { add_discovery_check($druleid, $val["type"], $val["ports"], $val["key"], $val["snmp_community"]); } } } return $result; }
function validate_condition($conditiontype, $value) { global $USER_DETAILS; switch ($conditiontype) { case CONDITION_TYPE_HOST_GROUP: $groups = CHostGroup::get(array('groupids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true))); if (empty($groups)) { error(S_INCORRECT_GROUP); return false; } break; case CONDITION_TYPE_HOST_TEMPLATE: $templates = CTemplate::get(array('templateids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true))); if (empty($templates)) { error(S_INCORRECT_HOST); return false; } break; case CONDITION_TYPE_TRIGGER: $triggers = CTrigger::get(array('triggerids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true))); if (empty($triggers)) { error(S_INCORRECT_TRIGGER); return false; } break; case CONDITION_TYPE_HOST: $hosts = CHost::get(array('hostids' => $value, 'output' => API_OUTPUT_SHORTEN, 'nodeids' => get_current_nodeid(true))); if (empty($hosts)) { error(S_INCORRECT_HOST); return false; } break; case CONDITION_TYPE_TIME_PERIOD: if (!validate_period($value)) { error(S_INCORRECT_PERIOD . ' [' . $value . ']'); return false; } break; case CONDITION_TYPE_DHOST_IP: if (!validate_ip_range($value)) { error(S_INCORRECT_IP . ' [' . $value . ']'); return false; } break; case CONDITION_TYPE_DSERVICE_TYPE: if (S_UNKNOWN == discovery_check_type2str($value)) { error(S_INCORRECT_DISCOVERY_CHECK); return false; } break; case CONDITION_TYPE_DSERVICE_PORT: if (!validate_port_list($value)) { error(S_INCORRECT_PORT . ' [' . $value . ']'); return false; } break; case CONDITION_TYPE_DSTATUS: if (S_UNKNOWN == discovery_object_status2str($value)) { error(S_INCORRECT_DISCOVERY_STATUS); return false; } break; case CONDITION_TYPE_EVENT_ACKNOWLEDGED: if (S_UNKNOWN == condition_value2str($conditiontype, $value)) { error(S_INCORRECT_DISCOVERY_STATUS); return false; } break; case CONDITION_TYPE_TRIGGER_NAME: case CONDITION_TYPE_TRIGGER_VALUE: case CONDITION_TYPE_TRIGGER_SEVERITY: case CONDITION_TYPE_MAINTENANCE: case CONDITION_TYPE_NODE: case CONDITION_TYPE_DRULE: case CONDITION_TYPE_DCHECK: case CONDITION_TYPE_DOBJECT: case CONDITION_TYPE_PROXY: case CONDITION_TYPE_DUPTIME: case CONDITION_TYPE_DVALUE: case CONDITION_TYPE_APPLICATION: case CONDITION_TYPE_HOST_NAME: break; default: error(S_INCORRECT_CONDITION_TYPE); return false; break; } return true; }
function validate_condition($conditiontype, $value) { global $USER_DETAILS; switch ($conditiontype) { case CONDITION_TYPE_HOST_GROUP: $available_groups = get_accessible_groups_by_user($USER_DETAILS, PERM_READ_ONLY, null, get_current_nodeid(true)); if (!isset($available_groups[$value])) { error(S_INCORRECT_GROUP); return false; } break; case CONDITION_TYPE_HOST_TEMPLATE: $available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY, null, get_current_nodeid(true)); if (!isset($available_hosts[$value])) { error(S_INCORRECT_HOST); return false; } break; case CONDITION_TYPE_TRIGGER: if (!DBfetch(DBselect('select triggerid from triggers where triggerid=' . $value)) || !check_right_on_trigger_by_triggerid(PERM_READ_ONLY, $value)) { error(S_INCORRECT_TRIGGER); return false; } break; case CONDITION_TYPE_HOST: $available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY, null, get_current_nodeid(true)); if (!isset($available_hosts[$value])) { error(S_INCORRECT_HOST); return false; } break; case CONDITION_TYPE_TIME_PERIOD: if (!validate_period($value)) { error(S_INCORRECT_PERIOD . ' [' . $value . ']'); return false; } break; case CONDITION_TYPE_DHOST_IP: if (!validate_ip_range($value)) { error(S_INCORRECT_IP . ' [' . $value . ']'); return false; } break; case CONDITION_TYPE_DSERVICE_TYPE: if (S_UNKNOWN == discovery_check_type2str($value)) { error(S_INCORRECT_DISCOVERY_CHECK); return false; } break; case CONDITION_TYPE_DSERVICE_PORT: if (!validate_port_list($value)) { error(S_INCORRECT_PORT . ' [' . $value . ']'); return false; } break; case CONDITION_TYPE_DSTATUS: if (S_UNKNOWN == discovery_object_status2str($value)) { error(S_INCORRECT_DISCOVERY_STATUS); return false; } break; case CONDITION_TYPE_EVENT_ACKNOWLEDGED: if (S_UNKNOWN == condition_value2str($conditiontype, $value)) { error(S_INCORRECT_DISCOVERY_STATUS); return false; } break; case CONDITION_TYPE_TRIGGER_NAME: case CONDITION_TYPE_TRIGGER_VALUE: case CONDITION_TYPE_TRIGGER_SEVERITY: case CONDITION_TYPE_MAINTENANCE: case CONDITION_TYPE_DUPTIME: case CONDITION_TYPE_DVALUE: case CONDITION_TYPE_APPLICATION: break; default: error(S_INCORRECT_CONDITION_TYPE); return false; break; } return true; }
/** * Returns true if the given $value is valid, or set's an error and returns false otherwise. * * * @param $condition * * @return bool */ public function validate($condition) { // build validators $timePeriodValidator = new CTimePeriodValidator(); $discoveryCheckTypeValidator = new CLimitedSetValidator(array('values' => array_keys(discovery_check_type2str()))); $discoveryObjectStatusValidator = new CLimitedSetValidator(array('values' => array_keys(discovery_object_status2str()))); $triggerSeverityValidator = new CLimitedSetValidator(array('values' => array(TRIGGER_SEVERITY_NOT_CLASSIFIED, TRIGGER_SEVERITY_INFORMATION, TRIGGER_SEVERITY_WARNING, TRIGGER_SEVERITY_AVERAGE, TRIGGER_SEVERITY_HIGH, TRIGGER_SEVERITY_DISASTER))); $discoveryObjectValidator = new CLimitedSetValidator(array('values' => array_keys(discovery_object2str()))); $triggerValueValidator = new CLimitedSetValidator(array('values' => array_keys(trigger_value2str()))); $eventTypeValidator = new CLimitedSetValidator(array('values' => array_keys(eventType()))); $conditionValue = $condition['value']; // validate condition values depending on condition type switch ($condition['conditiontype']) { case CONDITION_TYPE_HOST_GROUP: if (!$conditionValue) { $this->setError(_('Empty action condition.')); } break; case CONDITION_TYPE_TEMPLATE: if (!$conditionValue) { $this->setError(_('Empty action condition.')); } break; case CONDITION_TYPE_TRIGGER: if (!$conditionValue) { $this->setError(_('Empty action condition.')); } break; case CONDITION_TYPE_HOST: if (!$conditionValue) { $this->setError(_('Empty action condition.')); } break; case CONDITION_TYPE_DRULE: if (!$conditionValue) { $this->setError(_('Empty action condition.')); } break; case CONDITION_TYPE_DCHECK: if (!$conditionValue) { $this->setError(_('Empty action condition.')); } break; case CONDITION_TYPE_PROXY: if (!$conditionValue) { $this->setError(_('Empty action condition.')); } break; case CONDITION_TYPE_DOBJECT: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } elseif (!$discoveryObjectValidator->validate($conditionValue)) { $this->setError(_('Incorrect action condition discovery object.')); } break; case CONDITION_TYPE_TIME_PERIOD: if (!$timePeriodValidator->validate($conditionValue)) { $this->setError($timePeriodValidator->getError()); } break; case CONDITION_TYPE_DHOST_IP: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } else { if (!validate_ip_range($conditionValue)) { $this->setError(_s('Incorrect action condition ip "%1$s".', $conditionValue)); } } break; case CONDITION_TYPE_DSERVICE_TYPE: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } elseif (!$discoveryCheckTypeValidator->validate($conditionValue)) { $this->setError(_('Incorrect action condition discovery check.')); } break; case CONDITION_TYPE_DSERVICE_PORT: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } elseif (!validate_port_list($conditionValue)) { $this->setError(_s('Incorrect action condition port "%1$s".', $conditionValue)); } break; case CONDITION_TYPE_DSTATUS: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } elseif (!$discoveryObjectStatusValidator->validate($conditionValue)) { $this->setError(_('Incorrect action condition discovery status.')); } break; case CONDITION_TYPE_MAINTENANCE: if (!zbx_empty($conditionValue)) { $this->setError(_('Maintenance action condition value must be empty.')); } break; case CONDITION_TYPE_TRIGGER_SEVERITY: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } elseif (!$triggerSeverityValidator->validate($conditionValue)) { $this->setError(_('Incorrect action condition trigger severity.')); } break; case CONDITION_TYPE_TRIGGER_VALUE: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } elseif (!$triggerValueValidator->validate($conditionValue)) { $this->setError(_('Incorrect action condition trigger value.')); } break; case CONDITION_TYPE_EVENT_TYPE: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } elseif (!$eventTypeValidator->validate($conditionValue)) { $this->setError(_('Incorrect action condition event type.')); } break; case CONDITION_TYPE_TRIGGER_NAME: case CONDITION_TYPE_DUPTIME: case CONDITION_TYPE_DVALUE: case CONDITION_TYPE_APPLICATION: case CONDITION_TYPE_HOST_NAME: case CONDITION_TYPE_HOST_METADATA: if (zbx_empty($conditionValue)) { $this->setError(_('Empty action condition.')); } break; default: $this->setError(_('Incorrect action condition type.')); } // If no error is not set, return true. return !(bool) $this->getError(); }
function check_type(&$field, $flags, &$var, $type) { if (is_array($var) && $type != T_ZBX_IP) { $err = ZBX_VALID_OK; foreach ($var as $el) { $err |= check_type($field, $flags, $el, $type); } return $err; } if ($type == T_ZBX_IP) { if (!validate_ip($var, $arr)) { if ($flags & P_SYS) { info('Critical error. Field [' . $field . '] is not IP'); return ZBX_VALID_ERROR; } else { info('Warning. Field [' . $field . '] is not IP'); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_IP_RANGE) { if (!validate_ip_range($var)) { if ($flags & P_SYS) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_IP_RANGE_SMALL); return ZBX_VALID_ERROR; } else { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_IP_RANGE_SMALL); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_PORTS) { $err = ZBX_VALID_OK; $type = $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; foreach (explode(',', $var) as $el) { foreach (explode('-', $el) as $p) { $err |= check_type($field, $flags, $p, T_ZBX_INT); if ($p > 65535 || $p < 0) { $err |= $type; } } } if ($err == ZBX_VALID_ERROR) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_PORT_RANGE_SMALL); } else { if ($err == ZBX_VALID_WARNING) { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_PORT_RANGE_SMALL); } } return $err; } if ($type == T_ZBX_INT_RANGE) { if (!is_int_range($var)) { if ($flags & P_SYS) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_RANGE_SMALL); return ZBX_VALID_ERROR; } else { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_RANGE_SMALL); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; } if ($type == T_ZBX_INT && !zbx_is_int($var)) { if ($flags & P_SYS) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_SMALL); return ZBX_VALID_ERROR; } else { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_INTEGER_SMALL); return ZBX_VALID_WARNING; } } if ($type == T_ZBX_DBL && !is_numeric($var)) { if ($flags & P_SYS) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_DOUBLE_SMALL); return ZBX_VALID_ERROR; } else { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_DOUBLE_SMALL); return ZBX_VALID_WARNING; } } if ($type == T_ZBX_STR && !is_string($var)) { if ($flags & P_SYS) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_STRING_SMALL); return ZBX_VALID_ERROR; } else { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_STRING_SMALL); return ZBX_VALID_WARNING; } } //* if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && zbx_strlen($var) != zbx_strlen($var)) { if ($flags & P_SYS) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_CONTAINS_MULTIBYTE_CHARS_SMALL); return ZBX_VALID_ERROR; } else { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . '] - ' . S_MULTIBYTE_CHARS_ARE_RESTRICTED_SMALL); return ZBX_VALID_ERROR; } } //*/ if ($type == T_ZBX_CLR && !is_hex_color($var)) { $var = 'FFFFFF'; if ($flags & P_SYS) { info(S_CRITICAL_ERROR . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_A_COLOUR_SMALL); return ZBX_VALID_ERROR; } else { info(S_WARNING . '.' . SPACE . S_FIELD . SPACE . '[' . $field . ']' . SPACE . S_IS_NOT_A_COLOUR_SMALL); return ZBX_VALID_WARNING; } } return ZBX_VALID_OK; }
function submit_acl() { global $dbo; include 'include/validation_functions.php'; $subnet_id = isset($_GET['subnet_id']) && is_numeric($_GET['subnet_id']) ? $_GET['subnet_id'] : ''; $acl_name = isset($_POST['acl_name']) ? $_POST['acl_name'] : ''; $acl_start = isset($_POST['acl_start']) ? $_POST['acl_start'] : ''; $acl_end = isset($_POST['acl_end']) ? $_POST['acl_end'] : ''; if (empty($subnet_id)) { $notice = "invalidrequest"; header("Location: blocks.php?notice={$notice}"); exit; } if (empty($acl_name) || empty($acl_start) || empty($acl_end)) { $notice = "blankfield-notice"; header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}"); exit; } $result = validate_text($acl_name, 'aclname'); if ($result['0'] === false) { $notice = $result['error']; header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}"); exit; } else { $acl_name = $result['1']; } $result = validate_ip_range($acl_start, $acl_end, 'acl', $subnet_id); if ($result['0'] === false) { $notice = $result['error']; header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}"); exit; } else { $long_acl_start = $result['long_start_ip']; $long_acl_end = $result['long_end_ip']; $subnet_name = $result['subnet_name']; } AccessControl('3', "{$acl_name} ACL for {$subnet_name} subnet edited"); $sql = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) VALUES ('{$acl_name}', '{$long_acl_start}', '{$long_acl_end}', '{$subnet_id}')"; $dbo->query($sql); $notice = "acladded-notice"; header("Location: statics.php?subnet_id={$subnet_id}¬ice={$notice}"); exit; }
function read_in_csv_row($row) { global $COLLATE; global $dbo; $recordtype = $row['0']; $fieldcount = count($row); $result = array(); /* * Record format: * block: (5 fields) * 'block','$block_name','$start_ip','$end_ip','$block_note' * * subnet: (5 fields) * 'subnet','$block_name','$subnet_name','$subnet','$subnet_note' * * acl: (4 fields) * 'acl','$acl_name','$start_ip','$end_ip' * * static ip: (5 fields) * 'static','$static_name','$ip_address','$static_contact','$static_note' */ if ($recordtype == 'block' && $fieldcount != '5' || $recordtype == 'subnet' && $fieldcount != '5' || $recordtype == 'acl' && $fieldcount != '4' || $recordtype == 'static' && $fieldcount != '5') { $result['error'] = true; $result['errormessage'] = 'badfieldcount'; return $result; } $last_modified_by = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username']; if ($recordtype == 'block') { $block_name = $row['1']; $block_start_ip = $row['2']; $block_end_ip = $row['3']; $block_note = $row['4']; $validate = validate_text($block_name, 'blockname'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $block_name = $validate['1']; } $query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'"); if ($query_result->rowCount() != '0') { $result['error'] = true; $result['errormessage'] = 'duplicatename'; return $result; } if (preg_match('/^\\s*$/', $block_start_ip) && preg_match('/^\\s*$/', $block_end_ip)) { // block with no associated IP information $block_start_ip = ''; $block_long_start_ip = ''; $block_end_ip = ''; $block_long_end_ip = ''; } elseif (empty($block_end_ip) || ip2decimal($block_end_ip) === false) { // subnet $validate = validate_network($block_start_ip, 'block'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $block_start_ip = $validate['start_ip']; $block_long_start_ip = $validate['long_start_ip']; $block_end_ip = $validate['end_ip']; $block_long_end_ip = $validate['long_end_ip']; } } else { // range $validate = validate_ip_range($block_start_ip, $block_end_ip, 'block'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $block_start_ip = $validate['start_ip']; $block_long_start_ip = $validate['long_start_ip']; $block_end_ip = $validate['end_ip']; $block_long_end_ip = $validate['long_end_ip']; } } $validate = validate_text($block_note, 'note'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $block_note = $validate['1']; } $row_result['error'] = false; $row_result['sql'] = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at) \r\n\t VALUES('{$block_name}', '{$block_long_start_ip}', '{$block_long_end_ip}', '{$block_note}', '{$last_modified_by}', now())"; return $row_result; } elseif ($recordtype == 'subnet') { $block_name = $row['1']; $subnet_name = $row['2']; $subnet = $row['3']; $subnet_note = $row['4']; $validate = validate_text($block_name, 'blockname'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $block_name = $validate['1']; } $query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'"); if ($query_result->rowCount() != '1') { $result['error'] = true; $result['errormessage'] = 'blocknotfound'; return $result; } else { $block_id = $query_result->fetchColumn(); } $validate = validate_text($subnet_name, 'subnetname'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $subnet_name = $validate['1']; } $validate = validate_network($subnet); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $subnet_start_ip = $validate['start_ip']; $subnet_long_start_ip = $validate['long_start_ip']; $subnet_end_ip = $validate['end_ip']; $subnet_long_end_ip = $validate['long_end_ip']; $subnet_mask = $validate['mask']; $subnet_long_mask = $validate['long_mask']; } $validate = validate_text($subnet_note, 'note'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $subnet_note = $validate['1']; } $return['error'] = false; $return['sql'] = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at) \r\n VALUES('{$subnet_name}', '{$subnet_long_start_ip}', '{$subnet_long_end_ip}', '{$subnet_long_mask}', \r\n\t\t\t\t\t '{$subnet_note}', '{$block_id}', '{$last_modified_by}', now())"; return $return; } elseif ($recordtype == 'acl') { $acl_name = $row['1']; $acl_start_ip = $row['2']; $acl_end_ip = $row['3']; $validate = validate_text($acl_name, 'blockname'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $acl_name = $validate['1']; } $validate = validate_ip_range($acl_start_ip, $acl_end_ip, 'acl', null); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $subnet_id = $validate['subnet_id']; $acl_start_ip = $validate['start_ip']; $acl_long_start_ip = $validate['long_start_ip']; $acl_end_ip = $validate['end_ip']; $acl_long_end_ip = $validate['long_end_ip']; } $return['error'] = false; $return['sql'] = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) \r\n\t VALUES ('{$acl_name}', '{$acl_long_start_ip}', '{$acl_long_end_ip}', '{$subnet_id}')"; return $return; } else { // $recordtype == static $static_name = $row['1']; $static_ip = $row['2']; $static_long_ip = ip2decimal($static_ip); $static_contact = $row['3']; $static_note = $row['4']; $validate = validate_text($static_name, 'staticname'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $static_name = $validate['1']; } if ($static_long_ip === false) { $result['error'] = true; $result['errormessage'] = 'invalidip'; return $result; } $sql = "SELECT id from subnets where CAST('{$static_long_ip}' AS UNSIGNED) & CAST(mask AS UNSIGNED) = CAST(start_ip AS UNSIGNED)"; $subnet_result = $dbo->query($sql); if ($subnet_result->rowCount() != '1') { $result['error'] = true; $result['errormessage'] = 'subnetnotfound'; return $result; } else { $subnet_id = $subnet_result->fetchColumn(); } // Make sure the static IP isn't in use already or excluded from use via an ACL $validate = validate_static_ip($static_ip); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } $validate = validate_text($static_contact, 'contact'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $static_contact = $validate['1']; } $validate = validate_text($static_note, 'note'); if ($validate['0'] === false) { $result['error'] = true; $result['errormessage'] = $validate['error']; return $result; } else { $static_note = $validate['1']; } $return['error'] = false; $return['sql'] = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at)\r\n VALUES('{$static_long_ip}', '{$static_name}', '{$static_contact}', '{$static_note}', \r\n\t\t\t\t\t '{$subnet_id}', '{$last_modified_by}', now())"; return $return; } // We should never get here exit; }
function submit_block() { #validation here might look messy, but it's essentially in order of parameters listed below by # 1. all checks that don't require db lookups # 2. all other checks global $COLLATE; global $dbo; include 'include/validation_functions.php'; $block_id = isset($_POST['block_id']) ? $_POST['block_id'] : ''; $name = isset($_POST['name']) ? $_POST['name'] : ''; $note = isset($_POST['note']) ? $_POST['note'] : ''; # this input is optional $ip = isset($_POST['ip']) ? $_POST['ip'] : ''; $end_ip = isset($_POST['end_ip']) ? $_POST['end_ip'] : ''; $username = empty($_SESSION['username']) ? 'system' : $_SESSION['username']; $update_block = isset($_POST['update_block']) ? $_POST['update_block'] : false; $submit_op = $update_block == 'true' ? "modify&block_id={$block_id}" : 'add'; $parent_block = isset($_POST['parent_block']) ? $_POST['parent_block'] : ''; $block_type = isset($_POST['block_type']) ? $_POST['block_type'] : ''; if ($block_type == 'container') { #containers don't have IP ranges associated with them $ip = ''; $end_ip = ''; } if (empty($name) || !empty($end_ip) && empty($ip) || empty($block_type)) { $notice = "missingfield-notice"; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } if (empty($parent_block) || !preg_match("/[0-9]*/", $parent_block) && $parent_block != 'null') { $notice = "invalidrequest"; header("Location: blocks.php?notice={$notice}"); exit; } $return = validate_text($name, 'blockname'); if ($return['0'] === false) { $notice = $return['error']; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } else { $name = $return['1']; } unset($return); if (!preg_match('/^container$|^ipv4$/', $block_type)) { $notice = 'invalidrequest'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}"); exit; } if ($update_block === false) { # checking for duplicate block name $sql = "SELECT id from blocks where name='{$name}'"; $result = $dbo->query($sql); if ($result->rowCount() != '0') { header("HTTP/1.1 400 Bad Request"); $notice = 'duplicatename'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } } else { # checking that we're updating a block that actually exists $sql = "SELECT name FROM blocks WHERE id='{$block_id}'"; $result = $dbo->query($sql); if ($result->rowCount() != '1') { header("HTTP/1.1 400 Bad Request"); $notice = 'selectblock'; header("Location: blocks.php?notice={$notice}"); exit; } $old_block_name = $result->fetchColumn(); } $return = validate_text($note, 'note'); if ($return['0'] === false) { $notice = $return['error']; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } else { $note = $return['1']; } unset($return); if (empty($end_ip) && !empty($ip)) { # subnet supplied $return = validate_network($ip, 'block', $block_id); } elseif (!empty($ip)) { # range supplied $return = validate_ip_range($ip, $end_ip, 'block', $block_id); } if (isset($return) && $return['0'] === false) { $notice = $return['error']; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } elseif (isset($return)) { $long_start_ip = $return['long_start_ip']; $long_end_ip = $return['long_end_ip']; } unset($return); $result = ''; if ($parent_block != 'null') { $sql = "SELECT id FROM blocks WHERE id='{$parent_block}'"; $result = $dbo->query($sql); if ($result->rowCount() != '1') { $notice = "invalidrequest"; header("Location: blocks.php?notice={$notice}"); exit; } $parent_id = "'{$parent_block}'"; } else { $parent_id = 'null'; } if ($update_block === false) { # new block $old_parent_block = $parent_block; #we're going to redirect the user to the block they put this block into } else { $sql = "SELECT parent_id FROM blocks WHERE id='{$block_id}'"; $result = $dbo->query($sql); $old_parent_block = $result->fetchColumn(); } # If we're changing an existing block, we must make sure we don't orphan a child object if ($update_block !== false) { if ($block_type == 'ipv4' && find_child_blocks($block_id) !== false) { $notice = 'wouldorphanblocks'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}¬ice={$notice}"); exit; } elseif ($block_type == 'container') { # just check this block for subnets $sql = "SELECT count(*) FROM subnets where block_id='{$block_id}'"; $result = $dbo->query($sql); if ($result->fetchColumn() != '0') { $notice = 'wouldorphansubnets'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}"); exit; } } } if ($update_block) { $sql = "UPDATE blocks SET name='{$name}', start_ip='{$long_start_ip}', end_ip='{$long_end_ip}', note='{$note}', modified_by='{$username}', modified_at=now(),\r\n parent_id={$parent_id}, type='{$block_type}' WHERE id='{$block_id}'"; } else { $sql = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at, parent_id, type) \r\n\t VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$note}', '{$username}', now(), {$parent_id}, '{$block_type}')"; } $accesslevel = "4"; $message = $update_block ? "IP Block updated: {$name}" : "IP Block added: {$name}"; $message .= $name != $old_block_name ? "(previously {$old_block_name})" : ''; AccessControl($accesslevel, $message); // We don't want to generate logs when nothing is really happening, so this goes down here. $dbo->query($sql); $notice = $update_block ? 'blockupdated-notice' : 'blockadded-notice'; if ($old_parent_block == 'null') { header("Location: blocks.php?notice={$notice}"); } else { header("Location: blocks.php?block_id={$old_parent_block}¬ice={$notice}"); } exit; }
function submit_subnet() { global $dbo; include 'include/validation_functions.php'; $block_id = isset($_POST['block_id']) && is_numeric($_POST['block_id']) ? $_POST['block_id'] : ''; $name = isset($_POST['name']) ? $_POST['name'] : ''; $ip = isset($_POST['ip']) ? $_POST['ip'] : ''; $gateway = isset($_POST['gateway']) ? $_POST['gateway'] : ''; $acl_name = isset($_POST['acl_name']) ? $_POST['acl_name'] : ''; $acl_start = isset($_POST['acl_start']) ? $_POST['acl_start'] : ''; $acl_end = isset($_POST['acl_end']) ? $_POST['acl_end'] : ''; $note = isset($_POST['note']) ? $_POST['note'] : ''; $guidance = isset($_POST['guidance']) ? $_POST['guidance'] : ''; if (empty($block_id)) { $notice = 'invalidrequest'; header("Location: blocks.php?notice={$notice}"); exit; } if (empty($name) || empty($ip)) { $notice = "blankfield-notice"; $guidance = urlencode($guidance); header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}"); exit; } $result = validate_text($name, 'subnetname'); if ($result['0'] === false) { $notice = $result['error']; $guidance = urlencode($guidance); header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}"); exit; } else { $name = $result['1']; } $result = validate_network($ip); if ($result['0'] === false) { $notice = $result['error']; $guidance = urlencode($guidance); header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}"); exit; } else { $start_ip = $result['start_ip']; $end_ip = $result['end_ip']; $mask = $result['mask']; $long_start_ip = $result['long_start_ip']; $long_end_ip = $result['long_end_ip']; $long_mask = $result['long_mask']; } $dbo->beginTransaction(); $username = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username']; $sql = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at, guidance) \r\n VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$long_mask}', '{$note}', '{$block_id}', '{$username}', now(), '{$guidance}')"; $dbo->query($sql); $subnet_id = $dbo->lastInsertId(); if (!empty($acl_start) && !empty($acl_end)) { $result = validate_ip_range($acl_start, $acl_end, 'acl'); if ($result['0'] === false) { $dbo->rollBack(); $notice = $result['error']; $guidance = urlencode($guidance); header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}"); exit; } else { $long_acl_start = $result['long_start_ip']; $long_acl_end = $result['long_end_ip']; } // Add an ACL for the acl range so users don't assign a static IP inside a acl scope. $sql = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) VALUES('{$acl_name}', '{$long_acl_start}', '{$long_acl_end}', '{$subnet_id}')"; $dbo->query($sql); } // Add static IP for the Default Gateway if (!empty($gateway)) { $long_gateway = ip2decimal($gateway); $subnet_test = $long_gateway & $long_mask; if ($subnet_test !== $long_start_ip) { $dbo->rollBack(); $notice = 'invalidip'; $guidance = urlencode($guidance); header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}"); exit; } $validate_gateway = validate_static_ip($gateway); if ($validate_gateway['0'] === false) { $dbo->rollBack(); $notice = $validate_gateway['error']; $guidance = urlencode($guidance); header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}"); exit; } $sql = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at) \r\n VALUES('{$long_gateway}', 'Gateway', 'Network Admin', 'Default Gateway', '{$subnet_id}', '{$username}', now())"; $dbo->query($sql); } $dbo->commit(); $cidr = subnet2cidr($long_start_ip, $long_mask); $accesslevel = "3"; $message = "Subnet {$name} ({$cidr}) has been created"; AccessControl($accesslevel, $message); // No need to generate logs when nothing is really happening. This // goes down here where we know stuff has actually been written. Access // Control actually happened before submit_subnet() was called. $notice = "subnetadded-notice"; header("Location: subnets.php?block_id={$block_id}¬ice={$notice}"); exit; }
public function checkInput(array &$dRules) { $dRules = zbx_toArray($dRules); if (empty($dRules)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty input.')); } if (CWebUser::getType() < USER_TYPE_ZABBIX_ADMIN) { self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions to referred object or it does not exist!')); } $proxies = array(); foreach ($dRules as $dRule) { if (!isset($dRule['iprange'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('IP range cannot be empty.')); } elseif (!validate_ip_range($dRule['iprange'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect IP range "%s".', $dRule['iprange'])); } if (isset($dRule['delay']) && $dRule['delay'] < 0) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect delay.')); } if (isset($dRule['status']) && ($dRule['status'] != DRULE_STATUS_DISABLED && $dRule['status'] != DRULE_STATUS_ACTIVE)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect status.')); } if (empty($dRule['dchecks'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot save discovery rule without checks.')); } $this->validateDChecks($dRule['dchecks']); if (isset($dRule['proxy_hostid']) && $dRule['proxy_hostid']) { $proxies[] = $dRule['proxy_hostid']; } } if (!empty($proxies)) { $proxiesDB = API::proxy()->get(array('proxyids' => $proxies, 'output' => array('proxyid'), 'preservekeys' => true)); foreach ($proxies as $proxy) { if (!isset($proxiesDB[$proxy])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect proxyid.')); } } } }
function update_discovery_rule($druleid, $proxy_hostid, $name, $iprange, $delay, $status, $dchecks, $dchecks_deleted) { if (!validate_ip_range($iprange)) { error('Incorrect IP range.'); return false; } $result = DBexecute('update drules set proxy_hostid=' . $proxy_hostid . ',name=' . zbx_dbstr($name) . ',iprange=' . zbx_dbstr($iprange) . ',' . 'delay=' . $delay . ',status=' . $status . ' where druleid=' . $druleid); if ($result) { if (isset($dchecks)) { foreach ($dchecks as $val) { if (!isset($val['dcheckid'])) { add_discovery_check($druleid, $val['type'], $val['ports'], $val['key'], $val['snmp_community'], $val['snmpv3_securityname'], $val['snmpv3_securitylevel'], $val['snmpv3_authpassphrase'], $val['snmpv3_privpassphrase']); } } } if (isset($dchecks_deleted) && !empty($dchecks_deleted)) { delete_discovery_check($dchecks_deleted); } } return $result; }
function check_type(&$field, $flags, &$var, $type, $caption = null) { if (is_null($caption)) { $caption = $field; } if (is_array($var) && $type != T_ZBX_IP) { $err = ZBX_VALID_OK; foreach ($var as $v) { $err |= check_type($field, $flags, $v, $type); } return $err; } if ($type == T_ZBX_IP) { if (!validate_ip($var, $arr)) { info(_s('Field "%1$s" is not IP.', $caption)); return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; } return ZBX_VALID_OK; } if ($type == T_ZBX_IP_RANGE) { if (!validate_ip_range($var)) { info(_s('Field "%1$s" is not IP range.', $caption)); return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; } return ZBX_VALID_OK; } if ($type == T_ZBX_INT_RANGE) { if (!is_int_range($var)) { info(_s('Field "%1$s" is not integer list or range.', $caption)); return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; } return ZBX_VALID_OK; } if ($type == T_ZBX_INT && !zbx_is_int($var)) { info(_s('Field "%1$s" is not integer.', $caption)); return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; } if ($type == T_ZBX_DBL && !is_numeric($var)) { info(_s('Field "%1$s" is not decimal number.', $caption)); return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; } if ($type == T_ZBX_STR && !is_string($var)) { info(_s('Field "%1$s" is not string.', $caption)); return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; } if ($type == T_ZBX_CLR) { $colorValidator = new CColorValidator(); if (!$colorValidator->validate($var)) { $var = 'FFFFFF'; info(_s('Colour "%1$s" is not correct: expecting hexadecimal colour code (6 symbols).', $caption)); return $flags & P_SYS ? ZBX_VALID_ERROR : ZBX_VALID_WARNING; } } return ZBX_VALID_OK; }
public function checkInput(array &$dRules) { $dRules = zbx_toArray($dRules); if (empty($dRules)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty input.')); } if (self::$userData['type'] >= USER_TYPE_ZABBIX_ADMIN) { if (!count(get_accessible_nodes_by_user(self::$userData, PERM_READ_WRITE, PERM_RES_IDS_ARRAY))) { self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions to referred object or it does not exist!')); } } $proxies = array(); foreach ($dRules as $dRule) { if (!isset($dRule['iprange'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('IP range cannot be empty.')); } elseif (!validate_ip_range($dRule['iprange'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect IP range "%s".', $dRule['iprange'])); } if (isset($dRule['delay']) && $dRule['delay'] < 0) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect delay.')); } if (isset($dRule['status']) && ($dRule['status'] != DRULE_STATUS_DISABLED && $dRule['status'] != DRULE_STATUS_ACTIVE)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect status.')); } if (empty($dRule['dchecks'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot save discovery rule without checks.')); } $this->validateDChecks($dRule['dchecks']); if (isset($dRule['proxy_hostid']) && $dRule['proxy_hostid']) { $proxies[] = $dRule['proxy_hostid']; } } if (!empty($proxies)) { $proxiesDB = API::proxy()->get(array('proxyids' => $proxies, 'output' => API_OUTPUT_SHORTEN, 'preservekeys' => true)); foreach ($proxies as $proxy) { if (!isset($proxiesDB[$proxy])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect proxyid.')); } } } }
/** * Validate conditions. * * @static * @param $conditions * @return bool */ public static function validateConditions($conditions) { $conditions = zbx_toArray($conditions); $hostGroupidsAll = array(); $templateidsAll = array(); $triggeridsAll = array(); $hostidsAll = array(); $discoveryRuleidsAll = array(); $discoveryCheckidsAll = array(); $proxyidsAll = array(); $discoveryCheckTypes = discovery_check_type2str(); $discoveryObjectStatuses = discovery_object_status2str(); $timePeriodValidator = new CTimePeriodValidator(); foreach ($conditions as $condition) { switch ($condition['conditiontype']) { case CONDITION_TYPE_HOST_GROUP: $hostGroupidsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_HOST_TEMPLATE: $templateidsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_TRIGGER: $triggeridsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_HOST: $hostidsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_DRULE: $discoveryRuleidsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_DCHECK: $discoveryCheckidsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_PROXY: $proxyidsAll[$condition['value']] = $condition['value']; break; case CONDITION_TYPE_TIME_PERIOD: if (!$timePeriodValidator->validate($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition period "%s".', $condition['value'])); } break; case CONDITION_TYPE_DHOST_IP: if (!validate_ip_range($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition ip "%s".', $condition['value'])); } break; case CONDITION_TYPE_DSERVICE_TYPE: if (!isset($discoveryCheckTypes[$condition['value']])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check.')); } break; case CONDITION_TYPE_DSERVICE_PORT: if (!validate_port_list($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect action condition port "%s".', $condition['value'])); } break; case CONDITION_TYPE_DSTATUS: if (!isset($discoveryObjectStatuses[$condition['value']])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery status.')); } break; case CONDITION_TYPE_MAINTENANCE: // maintenance condition has no value... break; case CONDITION_TYPE_TRIGGER_NAME: case CONDITION_TYPE_TRIGGER_VALUE: case CONDITION_TYPE_TRIGGER_SEVERITY: case CONDITION_TYPE_NODE: case CONDITION_TYPE_DOBJECT: case CONDITION_TYPE_DUPTIME: case CONDITION_TYPE_DVALUE: case CONDITION_TYPE_APPLICATION: case CONDITION_TYPE_HOST_NAME: if (zbx_empty($condition['value'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Empty action condition.')); } break; default: self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition type.')); break; } } if (!API::HostGroup()->isWritable($hostGroupidsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host group. Host group does not exist or you have no access to it.')); } if (!API::Host()->isWritable($hostidsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition host. Host does not exist or you have no access to it.')); } if (!API::Template()->isWritable($templateidsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition template. Template does not exist or you have no access to it.')); } if (!API::Trigger()->isWritable($triggeridsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition trigger. Trigger does not exist or you have no access to it.')); } if (!API::DRule()->isWritable($discoveryRuleidsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery rule. Discovery rule does not exist or you have no access to it.')); } if (!API::DCheck()->isWritable($discoveryCheckidsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition discovery check. Discovery check does not exist or you have no access to it.')); } if (!API::Proxy()->isWritable($proxyidsAll)) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Incorrect action condition proxy. Proxy does not exist or you have no access to it.')); } return true; }