public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
//print "found rule name '".$this->name."'\n";
$this->extract_disabled_from_domxml();
$this->extract_description_from_domxml();
$this->load_tags();
$this->load_from();
$this->load_to();
$this->load_source();
$this->load_destination();
// //
// Destination NAT properties Extraction //
// //
$this->dnatroot = DH::findFirstElement('destination-translation', $xml);
if ($this->dnatroot !== FALSE) {
//print "rule '".$this->name."' has destination-translation\n";
if ($this->dnatroot->hasChildNodes()) {
$this->subdnatTAroot = DH::findFirstElement('translated-address', $this->dnatroot);
if ($this->subdnatTAroot !== FALSE) {
$f = $this->parentAddressStore->findOrCreate($this->subdnatTAroot->textContent, $this);
$this->dnathost = $f;
$this->subdnatTProot = DH::findFirstElement('translated-port', $this->dnatroot);
if ($this->subdnatTProot !== FALSE) {
$this->subdnatport = $this->subdnatTProot->textContent;
}
}
}
}
// end of destination translation extraction
// //
// Source NAT properties Extraction //
// //
$this->snatroot = DH::findFirstElement('source-translation', $xml);
if ($this->snatroot !== FALSE) {
//print "we have found a source NAT\n";
// next <tag> will determine NAT type
$firstE = DH::firstChildElement($this->snatroot);
$this->snattype = $firstE->nodeName;
// Do we support this type of NAT ?
if ($this->snattype != "static-ip" && $this->snattype != "dynamic-ip-and-port" && $this->snattype != "dynamic-ip") {
derr("SNAT type '" . $this->snattype . "' for rule '" . $this->name . "' is not supported, EXIT\n");
}
//print "Determined NAT type ".$tcur['name']."\n";
if ($this->snattype == "static-ip") {
$isbidrx = DH::findFirstElement('bi-directional', $firstE);
if ($isbidrx !== FALSE) {
$this->snatbidir = $isbidrx->textContent;
}
$transladx = DH::findFirstElement('translated-address', $firstE);
$fad = $this->parentAddressStore->findOrCreate($transladx->textContent, $this);
$this->snathosts->addObject($fad);
$this->snathosts->xmlroot = $transladx;
} else {
if ($this->snattype == "dynamic-ip-and-port") {
// Is it <translated-address> type ?
$subtype = DH::findFirstElement('translated-address', $firstE);
if ($subtype !== FALSE) {
if (DH::firstChildElement($subtype) === FALSE) {
// this rule has no address specified
} else {
foreach ($subtype->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$translad = $this->parentAddressStore->findOrCreate($node->textContent, $this);
$this->snathosts->addObject($translad);
}
$this->snathosts->xmlroot = $subtype;
}
} else {
$subtype = DH::findFirstElement('interface-address', $firstE);
if ($subtype !== FALSE) {
if (DH::firstChildElement($subtype) === FALSE) {
derr("Cannot understand dynmaic NAT for rule '" . $this->name . "'\n");
}
foreach ($subtype->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if ($node->nodeName == 'interface') {
$this->snatinterface = $node->textContent;
} else {
if ($node->nodeName == 'ip') {
$translad = $this->parentAddressStore->findOrCreate($node->textContent, $this);
$this->snathosts->addObject($translad);
} else {
derr("Cannot understand dynmaic NAT for rule '" . $this->name . "'\n");
}
}
}
} else {
mwarning("Unknown dynamic SNAT type on rule '" . $this->name . " don't mess too much with this rule or face unpredictable results");
}
}
}
}
}
//
// End of Source NAT properties extraction //
// //
// Begin of <service> extraction //
// //
$this->serviceroot = DH::findFirstElementOrCreate('service', $xml, 'any');
if ($this->serviceroot !== FALSE) {
$lname = $this->serviceroot->textContent;
if (strtolower($lname) != 'any') {
//print "found service named $lname in NAT rule '".$this->name."'\n";
$f = $this->parentServiceStore->findOrCreate($lname, $this, true);
if (!$f) {
derr("Error: service object named '{$lname}' not found in NAT rule '" . $this->name . "'\n");
}
$this->service = $f;
}
} else {
derr('unexpected error');
}
// End of <service> extraction //
}
/**
* @param DOMNode $element
* @return string
*/
public static function &elementToPanXPath($element)
{
$xpath = '';
if ($element->nodeType == XML_DOCUMENT_NODE) {
$element = DH::firstChildElement($element);
}
if ($element->nodeType == 1) {
if ($element->hasAttribute('name')) {
$xpath = '/' . $element->tagName . "[@name='{$element->getAttribute('name')}']";
} else {
$xpath = '/' . $element->tagName;
}
$parent = $element->parentNode;
if ($parent === null) {
derr('unsupported node that has no parent (null)');
}
if ($parent->nodeType == 9 || $parent->nodeType == 10) {
return $xpath;
}
$xpath = DH::elementToPanXPath($parent) . $xpath;
} else {
derr('unsupported node type=' . $element->nodeType);
}
return $xpath;
}
/**
*
* @ignore
*/
protected function extract_security_profile_from_domxml()
{
if ($this->secprofroot === null || $this->secprofroot === false) {
$this->secprofroot = null;
return;
}
$xml = $this->secprofroot;
//print "Now trying to extract associated security profile associated to '".$this->name."'\n";
$groupRoot = DH::findFirstElement('group', $xml);
$profilesRoot = DH::findFirstElement('profiles', $xml);
if ($groupRoot !== FALSE) {
//print "Found SecProf <group> tag\n";
$firstE = DH::firstChildElement($groupRoot);
if ($firstE !== FALSE) {
$this->secprofgroup = $firstE->textContent;
$this->secproftype = 'group';
//print "Group name: ".$this->secprofgroup."\n";
}
} else {
if ($profilesRoot !== FALSE) {
//print "Found SecProf <profiles> tag\n";
$this->secproftype = 'profile';
foreach ($profilesRoot->childNodes as $prof) {
if ($prof->nodeType != 1) {
continue;
}
$firstE = DH::firstChildElement($prof);
$this->secprofprofiles[$prof->nodeName] = $firstE->textContent;
/* <virus>
</vulnerability>
<url-filtering>
</data-filtering>
<file-blocking>
</spyware>*/
}
}
}
}
} else {
$saveName = 'stage0.xml';
}
print "{$configOutput['connector']->apihost}/{$saveName} ... ";
$configOutput['connector']->uploadConfiguration(DH::firstChildElement($doc), $saveName, false);
}
} else {
derr('not supported yet');
}
print "OK!\n";
if ($loadConfigAfterUpload) {
print "Loading config in the firewall (will display warnings if any) ...\n";
/** @var PanAPIConnector $targetConnector */
$targetConnector = $configOutput['connector'];
$xmlResponse = $targetConnector->sendCmdRequest('<load><config><from>' . $saveName . '</from></config></load>', true, 600);
$xmlResponse = DH::firstChildElement($xmlResponse);
if ($xmlResponse === false) {
derr('unexpected error !');
}
$msgElement = DH::findFirstElement('msg', $xmlResponse);
if ($msgElement !== false) {
foreach ($msgElement->childNodes as $msg) {
if ($msg->nodeType != 1) {
continue;
}
print " - " . $msg->nodeValue . "\n";
}
}
}
print "\n************ DONE: UPLOAD CONFIG UTILITY ************\n";
print "*****************************************************";
/**
* !! Should not be used outside of a PanoramaConf constructor. !!
*
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
// this VirtualSystem has a name ?
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("VirtualSystem name not found\n");
}
//
// Extract Tag objects
//
if ($this->owner->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $xml);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Extract address objects
//
$tmp = DH::findFirstElementOrCreate('address', $xml);
$this->addressStore->load_addresses_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' address objectsloaded\n" ;
// End of address objects extraction
//
// Extract address groups in this DV
//
$tmp = DH::findFirstElementOrCreate('address-group', $xml);
$this->addressStore->load_addressgroups_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' address groups loaded\n" ;
// End of address groups extraction
// //
// Extract service objects in this VirtualSystem //
// //
$tmp = DH::findFirstElementOrCreate('service', $xml);
$this->serviceStore->load_services_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' service objects\n" ;
// End of <service> extraction
// //
// Extract service groups in this VirtualSystem //
// //
$tmp = DH::findFirstElementOrCreate('service-group', $xml);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' service groups loaded\n" ;
// End of <service-group> extraction
$prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $xml);
$postrulebase = DH::findFirstElementOrCreate('post-rulebase', $xml);
$tmp = DH::findFirstElementOrCreate('security', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('security', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->securityRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('nat', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->natRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('decryption', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->decryptionRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('application-override', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->appOverrideRules->load_from_domxml($tmp, $tmpPost);
// Devices extraction
$this->devicesRoot = DH::findFirstElementOrCreate('devices', $xml);
foreach ($this->devicesRoot->childNodes as $device) {
if ($device->nodeType != 1) {
continue;
}
$devname = DH::findAttribute('name', $device);
$vsyslist = array();
$vsysChild = DH::firstChildElement($device);
if ($vsysChild !== FALSE) {
foreach ($vsysChild->childNodes as $vsysentry) {
if ($vsysentry->nodeType != 1) {
continue;
}
$vname = DH::findAttribute('name', $vsysentry);
$vsyslist[] = $vname;
}
} else {
//print "No vsys for device '$devname'\n";
$vsyslist[] = 'vsys1';
}
$this->devices[] = array('serial' => $devname, 'vsyslist' => $vsyslist);
}
}
/**
* @param string $parameters
* @param bool $checkResultTag
* @param string|null $filecontent
* @param string $filename
* @param Array $moreOptions
* @return DomDocument
*/
public function sendRequest(&$parameters, $checkResultTag = false, &$filecontent = null, $filename = '', $moreOptions = array())
{
$sendThroughPost = false;
if (is_array($parameters)) {
$sendThroughPost = true;
}
$host = $this->apihost;
if ($this->port != 443) {
$host .= ':' . $this->port;
}
if (isset($this->serial) && !is_null($this->serial)) {
$finalUrl = 'https://' . $host . '/api/';
if (!$sendThroughPost) {
$finalUrl .= '?key=' . $this->apikey . '&target=' . $this->serial;
}
} else {
$finalUrl = 'https://' . $host . '/api/';
if (!$sendThroughPost) {
$finalUrl .= '?key=' . $this->apikey;
}
}
if (!$sendThroughPost) {
$url = str_replace('#', '%23', $parameters);
$finalUrl .= '&' . $parameters;
}
if (isset($moreOptions['timeout'])) {
$timeout = $moreOptions['timeout'];
} else {
$timeout = 7;
}
$c = new mycurl($finalUrl, false, $timeout);
if (array_key_exists('lowSpeedTime', $moreOptions)) {
$c->_lowspeedtime = $moreOptions['lowSpeedTime'];
}
if (!is_null($filecontent)) {
$c->setInfile($filecontent, $filename);
}
if ($sendThroughPost) {
if (isset($this->serial) && !is_null($this->serial)) {
$parameters['target'] = $this->serial;
}
$parameters['key'] = $this->apikey;
$properParams = http_build_query($parameters);
$c->setPost($properParams);
}
if ($this->showApiCalls) {
if ($sendThroughPost) {
$paramURl = '?';
foreach ($parameters as $paramIndex => &$param) {
$paramURl .= '&' . $paramIndex . '=' . str_replace('#', '%23', $param);
}
print "API call through POST: \"" . $finalUrl . '?' . $paramURl . "\"\r\n";
} else {
print "API call: \"" . $finalUrl . "\"\r\n";
}
}
if (!$c->createCurl()) {
derr('Could not retrieve URL: ' . $finalUrl . ' because of the following error: ' . $c->last_error);
}
if ($c->getHttpStatus() != 200) {
derr('HTTP API ret: ' . $c->__tostring());
}
$xmlDoc = new DOMDocument();
if (!$xmlDoc->loadXML($c->__tostring(), LIBXML_PARSEHUGE)) {
derr('Invalid xml input :' . $c->__tostring());
}
$firstElement = DH::firstChildElement($xmlDoc);
if ($firstElement === false) {
derr('cannot find any child Element in xml');
}
$statusAttr = DH::findAttribute('status', $firstElement);
if ($statusAttr === false) {
derr('XML response has no "status" field: ' . DH::dom_to_xml($firstElement));
}
if ($statusAttr != 'success') {
var_dump($statusAttr);
derr('API reported a failure: "' . $statusAttr . "\"with the following addition infos: " . $firstElement->nodeValue);
}
if (!is_null($filecontent)) {
return $xmlDoc;
}
if (!$checkResultTag) {
return $xmlDoc;
}
//$cursor = &searchForName('name', 'result', $xmlarr['children']);
$cursor = DH::findFirstElement('result', $firstElement);
if ($cursor === false) {
derr('XML API response has no <result> field', $xmlDoc);
}
DH::makeElementAsRoot($cursor, $xmlDoc);
return $xmlDoc;
}