/**
* @param DOMElement $xml
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("tunnel name not found\n");
}
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if ($node->nodeName == 'auto-key') {
$this->type = 'auto-key';
$this->typeRoot = $node;
//print "found type auto key\n";
// now extracts ProxyID
$this->proxyIdRoot = DH::findFirstElementOrCreate('proxy-id', $node);
foreach ($this->proxyIdRoot->childNodes as $proxyNode) {
if ($proxyNode->nodeType != 1) {
continue;
}
$local = DH::findFirstElementOrDie('local', $proxyNode);
$remote = DH::findFirstElementOrDie('remote', $proxyNode);
$proxyName = DH::findAttribute('name', $proxyNode);
$record = array('name' => $proxyName, 'local' => $local->nodeValue, 'remote' => $remote->nodeValue, 'xmlroot' => $proxyNode);
$this->proxys[] =& $record;
unset($record);
}
}
}
}
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("zone name not found\n", $xml);
}
$tmp = DH::findFirstElementOrDie('config', $xml);
$this->deviceConfiguration->load_from_domxml($tmp);
}
/**
* @param string $name
* @param ZoneStore|null $owner
*/
public function Zone($name, $owner, $fromXmlTemplate = false)
{
if (!is_string($name)) {
derr('$name must be a string');
}
$this->owner = $owner;
if ($this->owner->owner->isVirtualSystem()) {
$this->attachedInterfaces = new InterfaceContainer($this, $this->owner->owner->owner->network);
} else {
$this->attachedInterfaces = new InterfaceContainer($this, null);
}
if ($fromXmlTemplate) {
$doc = new DOMDocument();
$doc->loadXML(self::$templatexml);
$node = DH::findFirstElementOrDie('entry', $doc);
$rootDoc = $this->owner->xmlroot->ownerDocument;
$this->xmlroot = $rootDoc->importNode($node, true);
$this->load_from_domxml($this->xmlroot);
$this->setName($name);
}
$this->name = $name;
}
/**
* @param $xml DOMElement
*/
function load_from_xml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("static-route name not found\n");
}
$dstNode = DH::findFirstElementOrDie('destination', $xml);
$this->_destination = $dstNode->textContent;
$ifNode = DH::findFirstElement('interface', $xml);
if ($ifNode !== false) {
$this->_interface = $this->owner->owner->owner->network->findInterfaceOrCreateTmp($ifNode->textContent);
}
$fhNode = DH::findFirstElement('nexthop', $xml);
if ($fhNode !== false) {
$fhTypeNode = DH::findFirstElement('ip-address', $fhNode);
if ($fhTypeNode !== false) {
$this->_nexthopType = 'ip-address';
$this->_nexthopIP = $fhTypeNode->textContent;
}
}
}
/**
* @param string $newValue
* @param bool $rewriteXml
* @return bool
* @throws Exception
*/
public function setValue($newValue, $rewriteXml = true)
{
if (isset($this->_ip4Map)) {
unset($this->_ip4Map);
}
if (!is_string($newValue)) {
derr('value can be text only');
}
if ($newValue == $this->value) {
return false;
}
if ($this->isTmpAddr()) {
return false;
}
$this->value = $newValue;
if ($rewriteXml) {
$valueRoot = DH::findFirstElementOrDie(self::$AddressTypes[$this->type], $this->xmlroot);
$valueRoot->nodeValue = $this->value;
}
return true;
}
public function load_from_domxml($xml)
{
$this->xmldoc = $xml;
$this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc);
$this->xmlroot = $this->configroot;
$versionAttr = DH::findAttribute('version', $this->configroot);
if ($versionAttr !== false) {
$this->version = PH::versionFromString($versionAttr);
} else {
if (isset($this->connector) && $this->connector !== null) {
$version = $this->connector->getSoftwareVersion();
} else {
derr('cannot find PANOS version used for make this config');
}
$this->version = $version['version'];
}
$tmp = DH::findFirstElementOrCreate('mgt-config', $this->configroot);
$tmp = DH::findFirstElementOrCreate('devices', $tmp);
foreach ($tmp->childNodes as $serial) {
if ($serial->nodeType != 1) {
continue;
}
$s = DH::findAttribute('name', $serial);
if ($s === FALSE) {
derr('no serial found');
}
$this->managedFirewallsSerials[] = $s;
}
$this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot);
$this->devicesroot = DH::findFirstElementOrDie('devices', $this->configroot);
$this->localhostroot = DH::findFirstElementByNameAttrOrDie('entry', 'localhost.localdomain', $this->devicesroot);
$this->devicegrouproot = DH::findFirstElementOrDie('device-group', $this->localhostroot);
$this->templateroot = DH::findFirstElementOrDie('template', $this->localhostroot);
//
// Extract Tag objects
//
if ($this->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Shared address objects extraction
//
$tmp = DH::findFirstElementOrCreate('address', $this->sharedroot);
$this->addressStore->load_addresses_from_domxml($tmp);
// end of address extraction
//
// Extract address groups
//
$tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot);
$this->addressStore->load_addressgroups_from_domxml($tmp);
// End of address groups extraction
//
// Extract services
//
$tmp = DH::findFirstElementOrCreate('service', $this->sharedroot);
$this->serviceStore->load_services_from_domxml($tmp);
// End of address groups extraction
//
// Extract service groups
//
$tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
// End of address groups extraction
$prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $this->sharedroot);
$postrulebase = DH::findFirstElementOrCreate('post-rulebase', $this->sharedroot);
$tmp = DH::findFirstElementOrCreate('security', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('security', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->securityRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('nat', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->natRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('decryption', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->decryptionRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('application-override', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->appOverrideRules->load_from_domxml($tmp, $tmpPost);
//
// loading templates
//
foreach ($this->templateroot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$ldv = new Template('*tmp*', $this);
$ldv->load_from_domxml($node);
$this->templates[] = $ldv;
//print "Template '{$ldv->name()}' found\n";
}
//
// end of Templates
//
//
// loading Device Groups now
//
if ($this->version < 70) {
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$lvname = $node->nodeName;
//print "Device Group '$lvname' found\n";
$ldv = new DeviceGroup($this);
$ldv->load_from_domxml($node);
$this->deviceGroups[] = $ldv;
}
} else {
$dgMetaDataNode = DH::findXPathSingleEntryOrDie('/config/readonly/dg-meta-data/dginfo', $this->xmlroot);
$dgToParent = array();
$parentToDG = array();
foreach ($dgMetaDataNode->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$dgName = DH::findAttribute('name', $node);
if ($dgName === false) {
derr("DeviceGroup name attribute not found in dg-meta-data", $node);
}
$parentDG = DH::findFirstElement('parent-dg', $node);
if ($parentDG === false) {
$dgToParent[$dgName] = 'shared';
$parentToDG['shared'][] = $dgName;
} else {
$dgToParent[$dgName] = $parentDG->textContent;
$parentToDG[$parentDG->textContent][] = $dgName;
}
}
$dgLoadOrder = array('shared');
while (count($parentToDG) > 0) {
$dgLoadOrderCount = count($dgLoadOrder);
foreach ($dgLoadOrder as &$dgName) {
if (isset($parentToDG[$dgName])) {
foreach ($parentToDG[$dgName] as &$newDGName) {
$dgLoadOrder[] = $newDGName;
}
unset($parentToDG[$dgName]);
}
}
if (count($dgLoadOrder) <= $dgLoadOrderCount) {
derr('dg-meta-data seems to be corrupted, parent.child template cannot be calculated ', $dgMetaDataNode);
}
$dgLoadOrderCount = count($dgLoadOrder);
}
/*print "DG loading order:\n";
foreach( $dgLoadOrder as &$dgName )
print " - {$dgName}\n";*/
$deviceGroupNodes = array();
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$nodeNameAttr = DH::findAttribute('name', $node);
if ($nodeNameAttr === false) {
derr("DeviceGroup 'name' attribute was not found", $node);
}
if (!is_string($nodeNameAttr) || $nodeNameAttr == '') {
derr("DeviceGroup 'name' attribute has invalid value", $node);
}
$deviceGroupNodes[$nodeNameAttr] = $node;
}
foreach ($dgLoadOrder as $dgIndex => &$dgName) {
if ($dgName == 'shared') {
continue;
}
if (!isset($deviceGroupNodes[$dgName])) {
mwarning("DeviceGroup '{$dgName}' is listed in dg-meta-data but doesn't exist in XML");
//unset($dgLoadOrder[$dgIndex]);
continue;
}
$ldv = new DeviceGroup($this);
if (!isset($dgToParent[$dgName])) {
mwarning("DeviceGroup '{$dgName}' has not parent associated, assuming SHARED");
} elseif ($dgToParent[$dgName] == 'shared') {
// do nothing
} else {
$parentDG = $this->findDeviceGroup($dgToParent[$dgName]);
if ($parentDG === null) {
mwarning("DeviceGroup '{$dgName}' has DG '{$dgToParent[$dgName]}' listed as parent but it cannot be found in XML");
} else {
$parentDG->childDeviceGroups[$dgName] = $ldv;
$ldv->parentDeviceGroup = $parentDG;
}
}
$ldv->load_from_domxml($deviceGroupNodes[$dgName]);
$this->deviceGroups[] = $ldv;
}
}
//
// End of DeviceGroup loading
//
}
/**
* @param DOMElement $xml
* @throws Exception
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("service name not found\n");
}
$this->_load_description_from_domxml();
//
// seeking <protocol>
//
$this->protocolRoot = DH::findFirstElementOrDie('protocol', $xml);
$this->tcpOrUdpRoot = DH::findFirstElement('tcp', $this->protocolRoot);
if ($this->tcpOrUdpRoot === FALSE) {
$this->_protocol = 'udp';
$this->tcpOrUdpRoot = DH::findFirstElement('udp', $this->protocolRoot);
}
if ($this->tcpOrUdpRoot === FALSE) {
derr("Error: <tcp> or <udp> not found for service" . $this->name . "\n");
}
$this->dportroot = DH::findFirstElementOrDie('port', $this->tcpOrUdpRoot);
$this->_dport = $this->dportroot->textContent;
$sportroot = DH::findFirstElement('source-port', $this->tcpOrUdpRoot);
if ($sportroot !== FALSE) {
$this->_sport = $sportroot->textContent;
}
}
/**
* @param $xml DOMElement|DOMDocument
* @throws Exception
*/
public function load_from_domxml($xml)
{
if ($xml->nodeType == XML_DOCUMENT_NODE) {
$this->xmldoc = $xml;
$this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc);
$this->xmlroot = $this->configroot;
} else {
$this->xmlroot = $xml;
$this->configroot = $xml;
}
if ($this->owner !== null) {
$this->version = $this->owner->owner->version;
} else {
$versionAttr = DH::findAttribute('version', $this->configroot);
if ($versionAttr !== false) {
$this->version = PH::versionFromString($versionAttr);
} else {
if (isset($this->connector) && $this->connector !== null) {
$version = $this->connector->getSoftwareVersion();
} else {
derr('cannot find PANOS version used for make this config');
}
$this->version = $version['version'];
}
}
$this->devicesroot = DH::findFirstElementOrCreate('devices', $this->configroot);
$this->localhostroot = DH::findFirstElement('entry', $this->devicesroot);
if ($this->localhostroot === false) {
$this->localhostroot = DH::createElement($this->devicesroot, 'entry');
$this->localhostroot->setAttribute('name', 'localhost.localdomain');
}
$this->vsyssroot = DH::findFirstElementOrCreate('vsys', $this->localhostroot);
if ($this->owner === null) {
$this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot);
//
// Extract Tag objects
//
if ($this->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Shared address objects extraction
//
$tmp = DH::findFirstElementOrCreate('address', $this->sharedroot);
$this->addressStore->load_addresses_from_domxml($tmp);
// end of address extraction
//
// Extract address groups
//
$tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot);
$this->addressStore->load_addressgroups_from_domxml($tmp);
// End of address groups extraction
//
// Extract services
//
$tmp = DH::findFirstElementOrCreate('service', $this->sharedroot);
$this->serviceStore->load_services_from_domxml($tmp);
// End of address groups extraction
//
// Extract service groups
//
$tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
// End of address groups extraction
}
//
// Extract network related configs
//
$tmp = DH::findFirstElementOrCreate('network', $this->localhostroot);
$this->network->load_from_domxml($tmp);
//
// Now listing and extracting all VirtualSystem configurations
foreach ($this->vsyssroot->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
//print "DOM type: ".$node->nodeType."\n";
$lvsys = new VirtualSystem($this);
$lvname = DH::findAttribute('name', $node);
if ($lvname === FALSE) {
derr('cannot find VirtualSystem name');
}
if (isset($this->panorama)) {
$dg = $this->panorama->findApplicableDGForVsys($this->serial, $lvname);
if ($dg !== FALSE) {
$lvsys->addressStore->panoramaDG = $dg->addressStore;
$lvsys->serviceStore->panoramaDG = $dg->serviceStore;
}
}
$lvsys->load_from_domxml($node);
$this->virtualSystems[] = $lvsys;
$importedInterfaces = $lvsys->importedInterfaces->interfaces();
foreach ($importedInterfaces as &$ifName) {
$resolvedIf = $this->network->findInterface($ifName);
if ($resolvedIf !== null) {
$resolvedIf->importedByVSYS = $lvsys;
}
}
}
}