/**
* @param DOMElement $xml
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("tunnel name not found\n");
}
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if ($node->nodeName == 'auto-key') {
$this->type = 'auto-key';
$this->typeRoot = $node;
//print "found type auto key\n";
// now extracts ProxyID
$this->proxyIdRoot = DH::findFirstElementOrCreate('proxy-id', $node);
foreach ($this->proxyIdRoot->childNodes as $proxyNode) {
if ($proxyNode->nodeType != 1) {
continue;
}
$local = DH::findFirstElementOrDie('local', $proxyNode);
$remote = DH::findFirstElementOrDie('remote', $proxyNode);
$proxyName = DH::findAttribute('name', $proxyNode);
$record = array('name' => $proxyName, 'local' => $local->nodeValue, 'remote' => $remote->nodeValue, 'xmlroot' => $proxyNode);
$this->proxys[] =& $record;
unset($record);
}
}
}
}
/**
* @param DOMElement $xml
* @throws Exception
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("service name not found\n");
}
$this->_load_description_from_domxml();
//
// seeking <protocol>
//
$this->protocolRoot = DH::findFirstElementOrDie('protocol', $xml);
$this->tcpOrUdpRoot = DH::findFirstElement('tcp', $this->protocolRoot);
if ($this->tcpOrUdpRoot === FALSE) {
$this->_protocol = 'udp';
$this->tcpOrUdpRoot = DH::findFirstElement('udp', $this->protocolRoot);
}
if ($this->tcpOrUdpRoot === FALSE) {
derr("Error: <tcp> or <udp> not found for service" . $this->name . "\n");
}
$this->dportroot = DH::findFirstElementOrDie('port', $this->tcpOrUdpRoot);
$this->_dport = $this->dportroot->textContent;
$sportroot = DH::findFirstElement('source-port', $this->tcpOrUdpRoot);
if ($sportroot !== FALSE) {
$this->_sport = $sportroot->textContent;
}
}
/**
* @ignore
*
*/
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("address name not found\n");
}
$this->_load_description_from_domxml();
//print "object named '".$this->name."' found\n";
$typeFound = false;
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$lsearch = array_search($node->nodeName, self::$AddressTypes);
if ($lsearch !== FALSE) {
$typeFound = true;
$this->type = $lsearch;
$this->value = $node->textContent;
}
}
if (!$typeFound) {
derr('object type not found or not supported');
}
if ($this->owner->owner->version >= 60) {
$tagRoot = DH::findFirstElement('tag', $xml);
if ($tagRoot !== false) {
$this->tags->load_from_domxml($tagRoot);
}
}
}
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("zone name not found\n", $xml);
}
$tmp = DH::findFirstElementOrDie('config', $xml);
$this->deviceConfiguration->load_from_domxml($tmp);
}
public function load_from_domxml(DOMNode $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("tag name not found\n", $xml);
}
if (strlen($this->name) < 1) {
derr("Tag name '" . $this->name . "' is not valid.", $xml);
}
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
// //
// Begin of <disabled> extraction //
// //
$this->extract_disabled_from_domxml();
// End of <disabled> properties extraction //
// //
// Begin of <description> extraction //
// //
$this->extract_description_from_domxml();
// End of <description> extraction //
$this->load_source();
$this->load_destination();
$this->load_tags();
$this->load_from();
$this->load_to();
//
// Begin <negate-source> extraction
//
$negatedSourceRoot = DH::findFirstElement('negate-source', $xml);
if ($negatedSourceRoot !== false) {
$this->negatedSource = yesNoBool($negatedSourceRoot->textContent);
} else {
$this->negatedSource = false;
}
// End of <negate-source>
//
// Begin <negate-destination> extraction
//
$negatedDestinationRoot = DH::findFirstElement('negate-destination', $xml);
if ($negatedDestinationRoot !== false) {
$this->negatedDestination = yesNoBool($negatedDestinationRoot->textContent);
} else {
$this->negatedDestination = false;
}
// End of <negate-destination>
// <protocol> extraction
//
$protocolRoot = DH::findFirstElementOrCreate('protocol', $xml, 'tcp');
$this->_protocol = $protocolRoot->textContent;
//
// <port> extraction
//
$portRoot = DH::findFirstElementOrCreate('port', $xml);
$this->_port = $protocolRoot->textContent;
//
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
$this->extract_disabled_from_domxml();
$this->extract_description_from_domxml();
$this->load_from();
$this->load_to();
$this->load_source();
$this->load_destination();
$this->load_tags();
}
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("loopback name name not found\n");
}
$ipNode = DH::findFirstElement('ip', $xml);
if ($ipNode !== false) {
foreach ($ipNode->childNodes as $l3ipNode) {
if ($ipNode->nodeType != XML_ELEMENT_NODE) {
continue;
}
$this->_ipv4Addresses[] = $ipNode->getAttribute('name');
}
}
}
/**
* @param DOMElement $xml
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("virtual-router name not found\n");
}
$node = DH::findFirstElementOrCreate('interface', $xml);
$this->attachedInterfaces->load_from_domxml($node);
$node = DH::findXPath('/routing-table/ip/static-route/entry', $xml);
if ($node !== false) {
for ($i = 0; $i < $node->length; $i++) {
$newRoute = new StaticRoute('***tmp**', $this);
$newRoute->load_from_xml($node->item($i));
$this->_staticRoutes[] = $newRoute;
}
}
}
/**
* @param $xml DOMElement
*/
function load_from_xml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("static-route name not found\n");
}
$dstNode = DH::findFirstElementOrDie('destination', $xml);
$this->_destination = $dstNode->textContent;
$ifNode = DH::findFirstElement('interface', $xml);
if ($ifNode !== false) {
$this->_interface = $this->owner->owner->owner->network->findInterfaceOrCreateTmp($ifNode->textContent);
}
$fhNode = DH::findFirstElement('nexthop', $xml);
if ($fhNode !== false) {
$fhTypeNode = DH::findFirstElement('ip-address', $fhNode);
if ($fhTypeNode !== false) {
$this->_nexthopType = 'ip-address';
$this->_nexthopIP = $fhTypeNode->textContent;
}
}
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
if ($this->owner->owner->version >= 60) {
$membersRoot = DH::findFirstElement('members', $this->xmlroot);
if ($membersRoot === false) {
derr('unsupported non v6 syntax type ServiceGroup', $this->xmlroot);
}
foreach ($membersRoot->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$memberName = $node->textContent;
if (strlen($memberName) < 1) {
derr('found a member with empty name !', $node);
}
$f = $this->owner->findOrCreate($memberName, $this, true);
$this->members[] = $f;
}
} else {
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$memberName = $node->textContent;
if (strlen($memberName) < 1) {
derr('found a member with empty name !', $node);
}
$f = $this->owner->findOrCreate($memberName, $this, true);
$this->members[] = $f;
}
}
}
/**
* @ignore
*
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
if ($this->owner->owner->version >= 60) {
$tagRoot = DH::findFirstElement('tag', $this->xmlroot);
if ($tagRoot !== false) {
$this->tags->load_from_domxml($tagRoot);
}
$this->membersRoot = DH::findFirstElement('static', $xml);
if ($this->membersRoot === false) {
$this->isDynamic = true;
} else {
foreach ($this->membersRoot->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$memberName = $node->textContent;
if (strlen($memberName) < 1) {
derr('found a member with empty name !', $node);
}
$f = $this->owner->findOrCreate($memberName, $this, true);
$this->members[] = $f;
}
}
} else {
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$memberName = $node->textContent;
if (strlen($memberName) < 1) {
derr('found a member with empty name !', $node);
}
$f = $this->owner->findOrCreate($memberName, $this, true);
$this->members[] = $f;
}
}
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
//print "found rule name '".$this->name."'\n";
$this->extract_disabled_from_domxml();
$this->extract_description_from_domxml();
$this->load_tags();
$this->load_from();
$this->load_to();
$this->load_source();
$this->load_destination();
// //
// Destination NAT properties Extraction //
// //
$this->dnatroot = DH::findFirstElement('destination-translation', $xml);
if ($this->dnatroot !== FALSE) {
//print "rule '".$this->name."' has destination-translation\n";
if ($this->dnatroot->hasChildNodes()) {
$this->subdnatTAroot = DH::findFirstElement('translated-address', $this->dnatroot);
if ($this->subdnatTAroot !== FALSE) {
$f = $this->parentAddressStore->findOrCreate($this->subdnatTAroot->textContent, $this);
$this->dnathost = $f;
$this->subdnatTProot = DH::findFirstElement('translated-port', $this->dnatroot);
if ($this->subdnatTProot !== FALSE) {
$this->subdnatport = $this->subdnatTProot->textContent;
}
}
}
}
// end of destination translation extraction
// //
// Source NAT properties Extraction //
// //
$this->snatroot = DH::findFirstElement('source-translation', $xml);
if ($this->snatroot !== FALSE) {
//print "we have found a source NAT\n";
// next <tag> will determine NAT type
$firstE = DH::firstChildElement($this->snatroot);
$this->snattype = $firstE->nodeName;
// Do we support this type of NAT ?
if ($this->snattype != "static-ip" && $this->snattype != "dynamic-ip-and-port" && $this->snattype != "dynamic-ip") {
derr("SNAT type '" . $this->snattype . "' for rule '" . $this->name . "' is not supported, EXIT\n");
}
//print "Determined NAT type ".$tcur['name']."\n";
if ($this->snattype == "static-ip") {
$isbidrx = DH::findFirstElement('bi-directional', $firstE);
if ($isbidrx !== FALSE) {
$this->snatbidir = $isbidrx->textContent;
}
$transladx = DH::findFirstElement('translated-address', $firstE);
$fad = $this->parentAddressStore->findOrCreate($transladx->textContent, $this);
$this->snathosts->addObject($fad);
$this->snathosts->xmlroot = $transladx;
} else {
if ($this->snattype == "dynamic-ip-and-port") {
// Is it <translated-address> type ?
$subtype = DH::findFirstElement('translated-address', $firstE);
if ($subtype !== FALSE) {
if (DH::firstChildElement($subtype) === FALSE) {
// this rule has no address specified
} else {
foreach ($subtype->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$translad = $this->parentAddressStore->findOrCreate($node->textContent, $this);
$this->snathosts->addObject($translad);
}
$this->snathosts->xmlroot = $subtype;
}
} else {
$subtype = DH::findFirstElement('interface-address', $firstE);
if ($subtype !== FALSE) {
if (DH::firstChildElement($subtype) === FALSE) {
derr("Cannot understand dynmaic NAT for rule '" . $this->name . "'\n");
}
foreach ($subtype->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if ($node->nodeName == 'interface') {
$this->snatinterface = $node->textContent;
} else {
if ($node->nodeName == 'ip') {
$translad = $this->parentAddressStore->findOrCreate($node->textContent, $this);
$this->snathosts->addObject($translad);
} else {
derr("Cannot understand dynmaic NAT for rule '" . $this->name . "'\n");
}
}
}
} else {
mwarning("Unknown dynamic SNAT type on rule '" . $this->name . " don't mess too much with this rule or face unpredictable results");
}
}
}
}
}
//
// End of Source NAT properties extraction //
// //
// Begin of <service> extraction //
// //
$this->serviceroot = DH::findFirstElementOrCreate('service', $xml, 'any');
if ($this->serviceroot !== FALSE) {
$lname = $this->serviceroot->textContent;
if (strtolower($lname) != 'any') {
//print "found service named $lname in NAT rule '".$this->name."'\n";
$f = $this->parentServiceStore->findOrCreate($lname, $this, true);
if (!$f) {
derr("Error: service object named '{$lname}' not found in NAT rule '" . $this->name . "'\n");
}
$this->service = $f;
}
} else {
derr('unexpected error');
}
// End of <service> extraction //
}
/**
* @param DOMElement $xml
*/
public function load_sub_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("address name not found\n");
}
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$nodeName = $node->nodeName;
if ($nodeName == 'comment') {
$this->description = $node->textContent;
//print "Desc found: {$this->description}\n";
} elseif ($nodeName == 'tag') {
$this->tag = $node->textContent;
}
}
if ($this->type == 'layer3') {
if ($this->type == 'layer3') {
$this->l3ipv4Addresses = array();
$ipNode = DH::findFirstElement('ip', $xml);
if ($ipNode !== false) {
foreach ($ipNode->childNodes as $l3ipNode) {
if ($l3ipNode->nodeType != XML_ELEMENT_NODE) {
continue;
}
$this->l3ipv4Addresses[] = $l3ipNode->getAttribute('name');
}
}
}
}
}
public function load_from_domxml($xml)
{
$this->xmldoc = $xml;
$this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc);
$this->xmlroot = $this->configroot;
$versionAttr = DH::findAttribute('version', $this->configroot);
if ($versionAttr !== false) {
$this->version = PH::versionFromString($versionAttr);
} else {
if (isset($this->connector) && $this->connector !== null) {
$version = $this->connector->getSoftwareVersion();
} else {
derr('cannot find PANOS version used for make this config');
}
$this->version = $version['version'];
}
$tmp = DH::findFirstElementOrCreate('mgt-config', $this->configroot);
$tmp = DH::findFirstElementOrCreate('devices', $tmp);
foreach ($tmp->childNodes as $serial) {
if ($serial->nodeType != 1) {
continue;
}
$s = DH::findAttribute('name', $serial);
if ($s === FALSE) {
derr('no serial found');
}
$this->managedFirewallsSerials[] = $s;
}
$this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot);
$this->devicesroot = DH::findFirstElementOrDie('devices', $this->configroot);
$this->localhostroot = DH::findFirstElementByNameAttrOrDie('entry', 'localhost.localdomain', $this->devicesroot);
$this->devicegrouproot = DH::findFirstElementOrDie('device-group', $this->localhostroot);
$this->templateroot = DH::findFirstElementOrDie('template', $this->localhostroot);
//
// Extract Tag objects
//
if ($this->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Shared address objects extraction
//
$tmp = DH::findFirstElementOrCreate('address', $this->sharedroot);
$this->addressStore->load_addresses_from_domxml($tmp);
// end of address extraction
//
// Extract address groups
//
$tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot);
$this->addressStore->load_addressgroups_from_domxml($tmp);
// End of address groups extraction
//
// Extract services
//
$tmp = DH::findFirstElementOrCreate('service', $this->sharedroot);
$this->serviceStore->load_services_from_domxml($tmp);
// End of address groups extraction
//
// Extract service groups
//
$tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
// End of address groups extraction
$prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $this->sharedroot);
$postrulebase = DH::findFirstElementOrCreate('post-rulebase', $this->sharedroot);
$tmp = DH::findFirstElementOrCreate('security', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('security', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->securityRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('nat', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->natRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('decryption', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->decryptionRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('application-override', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->appOverrideRules->load_from_domxml($tmp, $tmpPost);
//
// loading templates
//
foreach ($this->templateroot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$ldv = new Template('*tmp*', $this);
$ldv->load_from_domxml($node);
$this->templates[] = $ldv;
//print "Template '{$ldv->name()}' found\n";
}
//
// end of Templates
//
//
// loading Device Groups now
//
if ($this->version < 70) {
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$lvname = $node->nodeName;
//print "Device Group '$lvname' found\n";
$ldv = new DeviceGroup($this);
$ldv->load_from_domxml($node);
$this->deviceGroups[] = $ldv;
}
} else {
$dgMetaDataNode = DH::findXPathSingleEntryOrDie('/config/readonly/dg-meta-data/dginfo', $this->xmlroot);
$dgToParent = array();
$parentToDG = array();
foreach ($dgMetaDataNode->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$dgName = DH::findAttribute('name', $node);
if ($dgName === false) {
derr("DeviceGroup name attribute not found in dg-meta-data", $node);
}
$parentDG = DH::findFirstElement('parent-dg', $node);
if ($parentDG === false) {
$dgToParent[$dgName] = 'shared';
$parentToDG['shared'][] = $dgName;
} else {
$dgToParent[$dgName] = $parentDG->textContent;
$parentToDG[$parentDG->textContent][] = $dgName;
}
}
$dgLoadOrder = array('shared');
while (count($parentToDG) > 0) {
$dgLoadOrderCount = count($dgLoadOrder);
foreach ($dgLoadOrder as &$dgName) {
if (isset($parentToDG[$dgName])) {
foreach ($parentToDG[$dgName] as &$newDGName) {
$dgLoadOrder[] = $newDGName;
}
unset($parentToDG[$dgName]);
}
}
if (count($dgLoadOrder) <= $dgLoadOrderCount) {
derr('dg-meta-data seems to be corrupted, parent.child template cannot be calculated ', $dgMetaDataNode);
}
$dgLoadOrderCount = count($dgLoadOrder);
}
/*print "DG loading order:\n";
foreach( $dgLoadOrder as &$dgName )
print " - {$dgName}\n";*/
$deviceGroupNodes = array();
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$nodeNameAttr = DH::findAttribute('name', $node);
if ($nodeNameAttr === false) {
derr("DeviceGroup 'name' attribute was not found", $node);
}
if (!is_string($nodeNameAttr) || $nodeNameAttr == '') {
derr("DeviceGroup 'name' attribute has invalid value", $node);
}
$deviceGroupNodes[$nodeNameAttr] = $node;
}
foreach ($dgLoadOrder as $dgIndex => &$dgName) {
if ($dgName == 'shared') {
continue;
}
if (!isset($deviceGroupNodes[$dgName])) {
mwarning("DeviceGroup '{$dgName}' is listed in dg-meta-data but doesn't exist in XML");
//unset($dgLoadOrder[$dgIndex]);
continue;
}
$ldv = new DeviceGroup($this);
if (!isset($dgToParent[$dgName])) {
mwarning("DeviceGroup '{$dgName}' has not parent associated, assuming SHARED");
} elseif ($dgToParent[$dgName] == 'shared') {
// do nothing
} else {
$parentDG = $this->findDeviceGroup($dgToParent[$dgName]);
if ($parentDG === null) {
mwarning("DeviceGroup '{$dgName}' has DG '{$dgToParent[$dgName]}' listed as parent but it cannot be found in XML");
} else {
$parentDG->childDeviceGroups[$dgName] = $ldv;
$ldv->parentDeviceGroup = $parentDG;
}
}
$ldv->load_from_domxml($deviceGroupNodes[$dgName]);
$this->deviceGroups[] = $ldv;
}
}
//
// End of DeviceGroup loading
//
}
public function load_from_domxml(DOMElement $xml)
{
foreach ($xml->childNodes as $appx) {
if ($appx->nodeType != XML_ELEMENT_NODE) {
continue;
}
$appName = DH::findAttribute('name', $appx);
if ($appName === FALSE) {
derr("app name not found\n");
}
$app = new App($appName, $this);
$app->type = 'predefined';
$this->add($app);
$cursor = DH::findFirstElement('default', $appx);
if ($cursor === false) {
continue;
}
$protocur = DH::findFirstElement('ident-by-ip-protocol', $cursor);
if ($protocur !== false) {
$app->proto = $protocur->textContent;
}
$icmpcur = DH::findFirstElement('ident-by-icmp-type', $cursor);
if ($icmpcur !== false) {
$app->icmpsub = $icmpcur->textContent;
}
$cursor = DH::findFirstElement('port', $cursor);
if ($cursor === false) {
continue;
}
foreach ($cursor->childNodes as $portx) {
if ($portx->nodeType != XML_ELEMENT_NODE) {
continue;
}
/** @var $portx DOMElement */
$ex = explode('/', $portx->textContent);
if (count($ex) != 2) {
derr('unsupported port description: ' . $portx->textContent);
}
if ($ex[0] == 'tcp') {
$exports = explode(',', $ex[1]);
$ports = array();
if (count($exports) < 1) {
derr('unsupported port description: ' . $portx->textContent);
}
foreach ($exports as &$sport) {
if ($sport == 'dynamic') {
$ports[] = array(0 => 'dynamic');
continue;
}
$tmpex = explode('-', $sport);
if (count($tmpex) < 2) {
$ports[] = array(0 => 'single', 1 => $sport);
continue;
}
$ports[] = array(0 => 'range', 1 => $tmpex[0], 2 => $tmpex[1]);
}
//print_r($ports);
if (is_null($app->tcp)) {
$app->tcp = $ports;
} else {
$app->tcp = array_merge($app->tcp, $ports);
}
} elseif ($ex[0] == 'udp') {
$exports = explode(',', $ex[1]);
$ports = array();
if (count($exports) < 1) {
derr('unsupported port description: ' . $portx->textContent);
}
foreach ($exports as &$sport) {
if ($sport == 'dynamic') {
$ports[] = array(0 => 'dynamic');
continue;
}
$tmpex = explode('-', $sport);
if (count($tmpex) < 2) {
$ports[] = array(0 => 'single', 1 => $sport);
continue;
}
$ports[] = array(0 => 'range', 1 => $tmpex[0], 2 => $tmpex[1]);
}
//print_r($ports);
if (is_null($app->udp)) {
$app->udp = $ports;
} else {
$app->udp = array_merge($app->udp, $ports);
}
} elseif ($ex[0] == 'icmp') {
$app->icmp = $ex[1];
} else {
derr('unsupported port description: ' . $portx->textContent);
}
}
}
}
/**
* !! Should not be used outside of a PANConf constructor. !!
*
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
// this VSYS has a name ?
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("VirtualSystem name not found\n", $xml);
}
//print "VSYS '".$this->name."' found\n";
// this VSYS has a display-name ?
$displayNameNode = DH::findFirstElement('display-name', $xml);
if ($displayNameNode !== FALSE) {
$this->_alternativeName = $displayNameNode->textContent;
}
//
// loading the imported objects list
//
$this->importroot = DH::findFirstElementOrCreate('import', $xml);
$networkRoot = DH::findFirstElementOrCreate('network', $this->importroot);
$tmp = DH::findFirstElementOrCreate('interface', $networkRoot);
$this->importedInterfaces->load_from_domxml($tmp);
//
$this->rulebaseroot = DH::findFirstElementOrCreate('rulebase', $xml);
if ($this->owner->owner === null) {
//
// Extract Tag objects
//
if ($this->owner->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $xml);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Extract address objects
//
$tmp = DH::findFirstElementOrCreate('address', $xml);
$this->addressStore->load_addresses_from_domxml($tmp);
//print "VSYS '".$this->name."' address objectsloaded\n" ;
// End of address objects extraction
//
// Extract address groups in this DV
//
$tmp = DH::findFirstElementOrCreate('address-group', $xml);
$this->addressStore->load_addressgroups_from_domxml($tmp);
//print "VSYS '".$this->name."' address groups loaded\n" ;
// End of address groups extraction
// //
// Extract service objects in this VSYS //
// //
$tmp = DH::findFirstElementOrCreate('service', $xml);
$this->serviceStore->load_services_from_domxml($tmp);
//print "VSYS '".$this->name."' service objects\n" ;
// End of <service> extraction
// //
// Extract service groups in this VSYS //
// //
$tmp = DH::findFirstElementOrCreate('service-group', $xml);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
//print "VSYS '".$this->name."' service groups loaded\n" ;
// End of <service-group> extraction
}
//
// Extract Zone objects
//
$tmp = DH::findFirstElementOrCreate('zone', $xml);
$this->zoneStore->load_from_domxml($tmp);
// End of Zone objects extraction
if ($this->owner->owner === null) {
//
// Security Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('security', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->securityRules->load_from_domxml($tmprulesroot);
//
// Nat Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('nat', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->natRules->load_from_domxml($tmprulesroot);
//
// Decryption Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('decryption', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->decryptionRules->load_from_domxml($tmprulesroot);
//
// Decryption Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('application-override', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->appOverrideRules->load_from_domxml($tmprulesroot);
}
}
/**
* @param $xml DOMElement|DOMDocument
* @throws Exception
*/
public function load_from_domxml($xml)
{
if ($xml->nodeType == XML_DOCUMENT_NODE) {
$this->xmldoc = $xml;
$this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc);
$this->xmlroot = $this->configroot;
} else {
$this->xmlroot = $xml;
$this->configroot = $xml;
}
if ($this->owner !== null) {
$this->version = $this->owner->owner->version;
} else {
$versionAttr = DH::findAttribute('version', $this->configroot);
if ($versionAttr !== false) {
$this->version = PH::versionFromString($versionAttr);
} else {
if (isset($this->connector) && $this->connector !== null) {
$version = $this->connector->getSoftwareVersion();
} else {
derr('cannot find PANOS version used for make this config');
}
$this->version = $version['version'];
}
}
$this->devicesroot = DH::findFirstElementOrCreate('devices', $this->configroot);
$this->localhostroot = DH::findFirstElement('entry', $this->devicesroot);
if ($this->localhostroot === false) {
$this->localhostroot = DH::createElement($this->devicesroot, 'entry');
$this->localhostroot->setAttribute('name', 'localhost.localdomain');
}
$this->vsyssroot = DH::findFirstElementOrCreate('vsys', $this->localhostroot);
if ($this->owner === null) {
$this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot);
//
// Extract Tag objects
//
if ($this->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Shared address objects extraction
//
$tmp = DH::findFirstElementOrCreate('address', $this->sharedroot);
$this->addressStore->load_addresses_from_domxml($tmp);
// end of address extraction
//
// Extract address groups
//
$tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot);
$this->addressStore->load_addressgroups_from_domxml($tmp);
// End of address groups extraction
//
// Extract services
//
$tmp = DH::findFirstElementOrCreate('service', $this->sharedroot);
$this->serviceStore->load_services_from_domxml($tmp);
// End of address groups extraction
//
// Extract service groups
//
$tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
// End of address groups extraction
}
//
// Extract network related configs
//
$tmp = DH::findFirstElementOrCreate('network', $this->localhostroot);
$this->network->load_from_domxml($tmp);
//
// Now listing and extracting all VirtualSystem configurations
foreach ($this->vsyssroot->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
//print "DOM type: ".$node->nodeType."\n";
$lvsys = new VirtualSystem($this);
$lvname = DH::findAttribute('name', $node);
if ($lvname === FALSE) {
derr('cannot find VirtualSystem name');
}
if (isset($this->panorama)) {
$dg = $this->panorama->findApplicableDGForVsys($this->serial, $lvname);
if ($dg !== FALSE) {
$lvsys->addressStore->panoramaDG = $dg->addressStore;
$lvsys->serviceStore->panoramaDG = $dg->serviceStore;
}
}
$lvsys->load_from_domxml($node);
$this->virtualSystems[] = $lvsys;
$importedInterfaces = $lvsys->importedInterfaces->interfaces();
foreach ($importedInterfaces as &$ifName) {
$resolvedIf = $this->network->findInterface($ifName);
if ($resolvedIf !== null) {
$resolvedIf->importedByVSYS = $lvsys;
}
}
}
}
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->isTmp = false;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("zone name not found\n", $xml);
}
if (strlen($this->name) < 1) {
derr("Zone name '" . $this->name . "' is not valid", $xml);
}
$networkNode = DH::findFirstElement('network', $xml);
if ($networkNode === false) {
return;
}
foreach ($networkNode->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
if ($node->tagName == 'layer3') {
$this->_type = 'layer3';
$this->attachedInterfaces->load_from_domxml($node);
} else {
if ($node->tagName == 'external') {
$this->_type = 'external';
foreach ($node->childNodes as $memberNode) {
if ($memberNode->nodeType != XML_ELEMENT_NODE) {
continue;
}
$this->externalVsys[$memberNode->textContent] = $memberNode->textContent;
}
$this->attachedInterfaces->load_from_domxml($node);
}
}
}
}
/**
* !! Should not be used outside of a PanoramaConf constructor. !!
*
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
// this VirtualSystem has a name ?
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("VirtualSystem name not found\n");
}
//
// Extract Tag objects
//
if ($this->owner->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $xml);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Extract address objects
//
$tmp = DH::findFirstElementOrCreate('address', $xml);
$this->addressStore->load_addresses_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' address objectsloaded\n" ;
// End of address objects extraction
//
// Extract address groups in this DV
//
$tmp = DH::findFirstElementOrCreate('address-group', $xml);
$this->addressStore->load_addressgroups_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' address groups loaded\n" ;
// End of address groups extraction
// //
// Extract service objects in this VirtualSystem //
// //
$tmp = DH::findFirstElementOrCreate('service', $xml);
$this->serviceStore->load_services_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' service objects\n" ;
// End of <service> extraction
// //
// Extract service groups in this VirtualSystem //
// //
$tmp = DH::findFirstElementOrCreate('service-group', $xml);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
//print "VirtualSystem '".$this->name."' service groups loaded\n" ;
// End of <service-group> extraction
$prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $xml);
$postrulebase = DH::findFirstElementOrCreate('post-rulebase', $xml);
$tmp = DH::findFirstElementOrCreate('security', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('security', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->securityRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('nat', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->natRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('decryption', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->decryptionRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('application-override', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->appOverrideRules->load_from_domxml($tmp, $tmpPost);
// Devices extraction
$this->devicesRoot = DH::findFirstElementOrCreate('devices', $xml);
foreach ($this->devicesRoot->childNodes as $device) {
if ($device->nodeType != 1) {
continue;
}
$devname = DH::findAttribute('name', $device);
$vsyslist = array();
$vsysChild = DH::firstChildElement($device);
if ($vsysChild !== FALSE) {
foreach ($vsysChild->childNodes as $vsysentry) {
if ($vsysentry->nodeType != 1) {
continue;
}
$vname = DH::findAttribute('name', $vsysentry);
$vsyslist[] = $vname;
}
} else {
//print "No vsys for device '$devname'\n";
$vsyslist[] = 'vsys1';
}
$this->devices[] = array('serial' => $devname, 'vsyslist' => $vsyslist);
}
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
//print "found rule name '".$this->name."'\n";
// //
// Begin of <disabled> extraction //
// //
$this->extract_disabled_from_domxml();
// End of <disabled> properties extraction //
// //
// Begin of <description> extraction //
// //
$this->extract_description_from_domxml();
// End of <description> extraction //
$this->load_source();
$this->load_destination();
$this->load_tags();
$this->load_from();
$this->load_to();
// //
// Begin <application> application extraction //
// //
$tmp = DH::findFirstElementOrCreate('application', $xml);
$this->apps->load_from_domxml($tmp);
// end of <application> application extraction
// //
// Begin <service> extraction //
// //
$tmp = DH::findFirstElementOrCreate('service', $xml);
$this->services->load_from_domxml($tmp);
// end of <service> zone extraction
//
// Begin <log-setting> extraction
//
$tmp = $this->logstartroot = DH::findFirstElement('log-setting', $xml);
if ($tmp === false) {
$this->logSetting = false;
} else {
$this->logSetting = $tmp->textContent;
}
// End of <log-setting>
//
// Begin <log-start> extraction
//
$this->logstartroot = DH::findFirstElementOrCreate('log-start', $xml, 'no');
$this->logstart = yesNoBool($this->logstartroot->textContent);
// End of <log-start>
//
// Begin <log-end> extraction
//
$this->logendroot = DH::findFirstElementOrCreate('log-end', $xml, 'yes');
$this->logend = yesNoBool($this->logendroot->textContent);
// End of <log-start>
//
// Begin <profile-setting> extraction
//
$this->secprofroot = DH::findFirstElement('profile-setting', $xml);
if ($this->secprofroot === false) {
$this->secprofroot = null;
}
$this->extract_security_profile_from_domxml();
// End of <profile-setting>
//
// Begin <negate-source> extraction
//
$negatedSourceRoot = DH::findFirstElement('negate-source', $xml);
if ($negatedSourceRoot !== false) {
$this->negatedSource = yesNoBool($negatedSourceRoot->textContent);
} else {
$this->negatedSource = false;
}
// End of <negate-source>
//
// Begin <negate-destination> extraction
//
$negatedDestinationRoot = DH::findFirstElement('negate-destination', $xml);
if ($negatedDestinationRoot !== false) {
$this->negatedDestination = yesNoBool($negatedDestinationRoot->textContent);
} else {
$this->negatedDestination = false;
}
// End of <negate-destination>
//
// Begin <action> extraction
//
$tmp = DH::findFirstElement('action', $xml);
if ($tmp !== false) {
$actionFound = array_search($tmp->textContent, self::$RuleActions);
if ($actionFound === false) {
mwarning("unsupported action '{$tmp->textContent}' found, allow assumed", $tmp);
} else {
$this->action = $actionFound;
}
} else {
mwarning("'<action> not found, assuming 'allow'", $xml);
}
// End of <rule-type>
//
// Begin <rule-type> extraction
//
if ($this->owner->version >= 61) {
$tmp = DH::findFirstElement('rule-type', $xml);
if ($tmp !== false) {
$typefound = array_search($tmp->textContent, self::$RuleTypes);
if ($typefound === false) {
mwarning("unsupported rule-type '{$tmp->textContent}', universal assumed", $tmp);
} else {
$this->ruleType = $typefound;
}
}
}
// End of <rule-type>
}
/**
* @param string $parameters
* @param bool $checkResultTag
* @param string|null $filecontent
* @param string $filename
* @param Array $moreOptions
* @return DomDocument
*/
public function sendRequest(&$parameters, $checkResultTag = false, &$filecontent = null, $filename = '', $moreOptions = array())
{
$sendThroughPost = false;
if (is_array($parameters)) {
$sendThroughPost = true;
}
$host = $this->apihost;
if ($this->port != 443) {
$host .= ':' . $this->port;
}
if (isset($this->serial) && !is_null($this->serial)) {
$finalUrl = 'https://' . $host . '/api/';
if (!$sendThroughPost) {
$finalUrl .= '?key=' . $this->apikey . '&target=' . $this->serial;
}
} else {
$finalUrl = 'https://' . $host . '/api/';
if (!$sendThroughPost) {
$finalUrl .= '?key=' . $this->apikey;
}
}
if (!$sendThroughPost) {
$url = str_replace('#', '%23', $parameters);
$finalUrl .= '&' . $parameters;
}
if (isset($moreOptions['timeout'])) {
$timeout = $moreOptions['timeout'];
} else {
$timeout = 7;
}
$c = new mycurl($finalUrl, false, $timeout);
if (array_key_exists('lowSpeedTime', $moreOptions)) {
$c->_lowspeedtime = $moreOptions['lowSpeedTime'];
}
if (!is_null($filecontent)) {
$c->setInfile($filecontent, $filename);
}
if ($sendThroughPost) {
if (isset($this->serial) && !is_null($this->serial)) {
$parameters['target'] = $this->serial;
}
$parameters['key'] = $this->apikey;
$properParams = http_build_query($parameters);
$c->setPost($properParams);
}
if ($this->showApiCalls) {
if ($sendThroughPost) {
$paramURl = '?';
foreach ($parameters as $paramIndex => &$param) {
$paramURl .= '&' . $paramIndex . '=' . str_replace('#', '%23', $param);
}
print "API call through POST: \"" . $finalUrl . '?' . $paramURl . "\"\r\n";
} else {
print "API call: \"" . $finalUrl . "\"\r\n";
}
}
if (!$c->createCurl()) {
derr('Could not retrieve URL: ' . $finalUrl . ' because of the following error: ' . $c->last_error);
}
if ($c->getHttpStatus() != 200) {
derr('HTTP API ret: ' . $c->__tostring());
}
$xmlDoc = new DOMDocument();
if (!$xmlDoc->loadXML($c->__tostring(), LIBXML_PARSEHUGE)) {
derr('Invalid xml input :' . $c->__tostring());
}
$firstElement = DH::firstChildElement($xmlDoc);
if ($firstElement === false) {
derr('cannot find any child Element in xml');
}
$statusAttr = DH::findAttribute('status', $firstElement);
if ($statusAttr === false) {
derr('XML response has no "status" field: ' . DH::dom_to_xml($firstElement));
}
if ($statusAttr != 'success') {
var_dump($statusAttr);
derr('API reported a failure: "' . $statusAttr . "\"with the following addition infos: " . $firstElement->nodeValue);
}
if (!is_null($filecontent)) {
return $xmlDoc;
}
if (!$checkResultTag) {
return $xmlDoc;
}
//$cursor = &searchForName('name', 'result', $xmlarr['children']);
$cursor = DH::findFirstElement('result', $firstElement);
if ($cursor === false) {
derr('XML API response has no <result> field', $xmlDoc);
}
DH::makeElementAsRoot($cursor, $xmlDoc);
return $xmlDoc;
}