/** * !! Should not be used outside of a PANConf constructor. !! * */ public function load_from_domxml($xml) { $this->xmlroot = $xml; // this VSYS has a name ? $this->name = DH::findAttribute('name', $xml); if ($this->name === FALSE) { derr("VirtualSystem name not found\n", $xml); } //print "VSYS '".$this->name."' found\n"; // this VSYS has a display-name ? $displayNameNode = DH::findFirstElement('display-name', $xml); if ($displayNameNode !== FALSE) { $this->_alternativeName = $displayNameNode->textContent; } // // loading the imported objects list // $this->importroot = DH::findFirstElementOrCreate('import', $xml); $networkRoot = DH::findFirstElementOrCreate('network', $this->importroot); $tmp = DH::findFirstElementOrCreate('interface', $networkRoot); $this->importedInterfaces->load_from_domxml($tmp); // $this->rulebaseroot = DH::findFirstElementOrCreate('rulebase', $xml); if ($this->owner->owner === null) { // // Extract Tag objects // if ($this->owner->version >= 60) { $tmp = DH::findFirstElementOrCreate('tag', $xml); $this->tagStore->load_from_domxml($tmp); } // End of Tag objects extraction // // Extract address objects // $tmp = DH::findFirstElementOrCreate('address', $xml); $this->addressStore->load_addresses_from_domxml($tmp); //print "VSYS '".$this->name."' address objectsloaded\n" ; // End of address objects extraction // // Extract address groups in this DV // $tmp = DH::findFirstElementOrCreate('address-group', $xml); $this->addressStore->load_addressgroups_from_domxml($tmp); //print "VSYS '".$this->name."' address groups loaded\n" ; // End of address groups extraction // // // Extract service objects in this VSYS // // // $tmp = DH::findFirstElementOrCreate('service', $xml); $this->serviceStore->load_services_from_domxml($tmp); //print "VSYS '".$this->name."' service objects\n" ; // End of <service> extraction // // // Extract service groups in this VSYS // // // $tmp = DH::findFirstElementOrCreate('service-group', $xml); $this->serviceStore->load_servicegroups_from_domxml($tmp); //print "VSYS '".$this->name."' service groups loaded\n" ; // End of <service-group> extraction } // // Extract Zone objects // $tmp = DH::findFirstElementOrCreate('zone', $xml); $this->zoneStore->load_from_domxml($tmp); // End of Zone objects extraction if ($this->owner->owner === null) { // // Security Rules extraction // $tmproot = DH::findFirstElementOrCreate('security', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->securityRules->load_from_domxml($tmprulesroot); // // Nat Rules extraction // $tmproot = DH::findFirstElementOrCreate('nat', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->natRules->load_from_domxml($tmprulesroot); // // Decryption Rules extraction // $tmproot = DH::findFirstElementOrCreate('decryption', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->decryptionRules->load_from_domxml($tmprulesroot); // // Decryption Rules extraction // $tmproot = DH::findFirstElementOrCreate('application-override', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->appOverrideRules->load_from_domxml($tmprulesroot); } }
/** * @param $xml DOMElement|DOMDocument * @throws Exception */ public function load_from_domxml($xml) { if ($xml->nodeType == XML_DOCUMENT_NODE) { $this->xmldoc = $xml; $this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc); $this->xmlroot = $this->configroot; } else { $this->xmlroot = $xml; $this->configroot = $xml; } if ($this->owner !== null) { $this->version = $this->owner->owner->version; } else { $versionAttr = DH::findAttribute('version', $this->configroot); if ($versionAttr !== false) { $this->version = PH::versionFromString($versionAttr); } else { if (isset($this->connector) && $this->connector !== null) { $version = $this->connector->getSoftwareVersion(); } else { derr('cannot find PANOS version used for make this config'); } $this->version = $version['version']; } } $this->devicesroot = DH::findFirstElementOrCreate('devices', $this->configroot); $this->localhostroot = DH::findFirstElement('entry', $this->devicesroot); if ($this->localhostroot === false) { $this->localhostroot = DH::createElement($this->devicesroot, 'entry'); $this->localhostroot->setAttribute('name', 'localhost.localdomain'); } $this->vsyssroot = DH::findFirstElementOrCreate('vsys', $this->localhostroot); if ($this->owner === null) { $this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot); // // Extract Tag objects // if ($this->version >= 60) { $tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot); $this->tagStore->load_from_domxml($tmp); } // End of Tag objects extraction // // Shared address objects extraction // $tmp = DH::findFirstElementOrCreate('address', $this->sharedroot); $this->addressStore->load_addresses_from_domxml($tmp); // end of address extraction // // Extract address groups // $tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot); $this->addressStore->load_addressgroups_from_domxml($tmp); // End of address groups extraction // // Extract services // $tmp = DH::findFirstElementOrCreate('service', $this->sharedroot); $this->serviceStore->load_services_from_domxml($tmp); // End of address groups extraction // // Extract service groups // $tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot); $this->serviceStore->load_servicegroups_from_domxml($tmp); // End of address groups extraction } // // Extract network related configs // $tmp = DH::findFirstElementOrCreate('network', $this->localhostroot); $this->network->load_from_domxml($tmp); // // Now listing and extracting all VirtualSystem configurations foreach ($this->vsyssroot->childNodes as $node) { if ($node->nodeType != 1) { continue; } //print "DOM type: ".$node->nodeType."\n"; $lvsys = new VirtualSystem($this); $lvname = DH::findAttribute('name', $node); if ($lvname === FALSE) { derr('cannot find VirtualSystem name'); } if (isset($this->panorama)) { $dg = $this->panorama->findApplicableDGForVsys($this->serial, $lvname); if ($dg !== FALSE) { $lvsys->addressStore->panoramaDG = $dg->addressStore; $lvsys->serviceStore->panoramaDG = $dg->serviceStore; } } $lvsys->load_from_domxml($node); $this->virtualSystems[] = $lvsys; $importedInterfaces = $lvsys->importedInterfaces->interfaces(); foreach ($importedInterfaces as &$ifName) { $resolvedIf = $this->network->findInterface($ifName); if ($resolvedIf !== null) { $resolvedIf->importedByVSYS = $lvsys; } } } }
public function load_from_domxml($xml) { $this->xmldoc = $xml; $this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc); $this->xmlroot = $this->configroot; $versionAttr = DH::findAttribute('version', $this->configroot); if ($versionAttr !== false) { $this->version = PH::versionFromString($versionAttr); } else { if (isset($this->connector) && $this->connector !== null) { $version = $this->connector->getSoftwareVersion(); } else { derr('cannot find PANOS version used for make this config'); } $this->version = $version['version']; } $tmp = DH::findFirstElementOrCreate('mgt-config', $this->configroot); $tmp = DH::findFirstElementOrCreate('devices', $tmp); foreach ($tmp->childNodes as $serial) { if ($serial->nodeType != 1) { continue; } $s = DH::findAttribute('name', $serial); if ($s === FALSE) { derr('no serial found'); } $this->managedFirewallsSerials[] = $s; } $this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot); $this->devicesroot = DH::findFirstElementOrDie('devices', $this->configroot); $this->localhostroot = DH::findFirstElementByNameAttrOrDie('entry', 'localhost.localdomain', $this->devicesroot); $this->devicegrouproot = DH::findFirstElementOrDie('device-group', $this->localhostroot); $this->templateroot = DH::findFirstElementOrDie('template', $this->localhostroot); // // Extract Tag objects // if ($this->version >= 60) { $tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot); $this->tagStore->load_from_domxml($tmp); } // End of Tag objects extraction // // Shared address objects extraction // $tmp = DH::findFirstElementOrCreate('address', $this->sharedroot); $this->addressStore->load_addresses_from_domxml($tmp); // end of address extraction // // Extract address groups // $tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot); $this->addressStore->load_addressgroups_from_domxml($tmp); // End of address groups extraction // // Extract services // $tmp = DH::findFirstElementOrCreate('service', $this->sharedroot); $this->serviceStore->load_services_from_domxml($tmp); // End of address groups extraction // // Extract service groups // $tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot); $this->serviceStore->load_servicegroups_from_domxml($tmp); // End of address groups extraction $prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $this->sharedroot); $postrulebase = DH::findFirstElementOrCreate('post-rulebase', $this->sharedroot); $tmp = DH::findFirstElementOrCreate('security', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('security', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->securityRules->load_from_domxml($tmp, $tmpPost); $tmp = DH::findFirstElementOrCreate('nat', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->natRules->load_from_domxml($tmp, $tmpPost); $tmp = DH::findFirstElementOrCreate('decryption', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->decryptionRules->load_from_domxml($tmp, $tmpPost); $tmp = DH::findFirstElementOrCreate('application-override', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->appOverrideRules->load_from_domxml($tmp, $tmpPost); // // loading templates // foreach ($this->templateroot->childNodes as $node) { if ($node->nodeType != XML_ELEMENT_NODE) { continue; } $ldv = new Template('*tmp*', $this); $ldv->load_from_domxml($node); $this->templates[] = $ldv; //print "Template '{$ldv->name()}' found\n"; } // // end of Templates // // // loading Device Groups now // if ($this->version < 70) { foreach ($this->devicegrouproot->childNodes as $node) { if ($node->nodeType != XML_ELEMENT_NODE) { continue; } $lvname = $node->nodeName; //print "Device Group '$lvname' found\n"; $ldv = new DeviceGroup($this); $ldv->load_from_domxml($node); $this->deviceGroups[] = $ldv; } } else { $dgMetaDataNode = DH::findXPathSingleEntryOrDie('/config/readonly/dg-meta-data/dginfo', $this->xmlroot); $dgToParent = array(); $parentToDG = array(); foreach ($dgMetaDataNode->childNodes as $node) { if ($node->nodeType != XML_ELEMENT_NODE) { continue; } $dgName = DH::findAttribute('name', $node); if ($dgName === false) { derr("DeviceGroup name attribute not found in dg-meta-data", $node); } $parentDG = DH::findFirstElement('parent-dg', $node); if ($parentDG === false) { $dgToParent[$dgName] = 'shared'; $parentToDG['shared'][] = $dgName; } else { $dgToParent[$dgName] = $parentDG->textContent; $parentToDG[$parentDG->textContent][] = $dgName; } } $dgLoadOrder = array('shared'); while (count($parentToDG) > 0) { $dgLoadOrderCount = count($dgLoadOrder); foreach ($dgLoadOrder as &$dgName) { if (isset($parentToDG[$dgName])) { foreach ($parentToDG[$dgName] as &$newDGName) { $dgLoadOrder[] = $newDGName; } unset($parentToDG[$dgName]); } } if (count($dgLoadOrder) <= $dgLoadOrderCount) { derr('dg-meta-data seems to be corrupted, parent.child template cannot be calculated ', $dgMetaDataNode); } $dgLoadOrderCount = count($dgLoadOrder); } /*print "DG loading order:\n"; foreach( $dgLoadOrder as &$dgName ) print " - {$dgName}\n";*/ $deviceGroupNodes = array(); foreach ($this->devicegrouproot->childNodes as $node) { if ($node->nodeType != XML_ELEMENT_NODE) { continue; } $nodeNameAttr = DH::findAttribute('name', $node); if ($nodeNameAttr === false) { derr("DeviceGroup 'name' attribute was not found", $node); } if (!is_string($nodeNameAttr) || $nodeNameAttr == '') { derr("DeviceGroup 'name' attribute has invalid value", $node); } $deviceGroupNodes[$nodeNameAttr] = $node; } foreach ($dgLoadOrder as $dgIndex => &$dgName) { if ($dgName == 'shared') { continue; } if (!isset($deviceGroupNodes[$dgName])) { mwarning("DeviceGroup '{$dgName}' is listed in dg-meta-data but doesn't exist in XML"); //unset($dgLoadOrder[$dgIndex]); continue; } $ldv = new DeviceGroup($this); if (!isset($dgToParent[$dgName])) { mwarning("DeviceGroup '{$dgName}' has not parent associated, assuming SHARED"); } elseif ($dgToParent[$dgName] == 'shared') { // do nothing } else { $parentDG = $this->findDeviceGroup($dgToParent[$dgName]); if ($parentDG === null) { mwarning("DeviceGroup '{$dgName}' has DG '{$dgToParent[$dgName]}' listed as parent but it cannot be found in XML"); } else { $parentDG->childDeviceGroups[$dgName] = $ldv; $ldv->parentDeviceGroup = $parentDG; } } $ldv->load_from_domxml($deviceGroupNodes[$dgName]); $this->deviceGroups[] = $ldv; } } // // End of DeviceGroup loading // }
/** * !! Should not be used outside of a PanoramaConf constructor. !! * */ public function load_from_domxml($xml) { $this->xmlroot = $xml; // this VirtualSystem has a name ? $this->name = DH::findAttribute('name', $xml); if ($this->name === FALSE) { derr("VirtualSystem name not found\n"); } // // Extract Tag objects // if ($this->owner->version >= 60) { $tmp = DH::findFirstElementOrCreate('tag', $xml); $this->tagStore->load_from_domxml($tmp); } // End of Tag objects extraction // // Extract address objects // $tmp = DH::findFirstElementOrCreate('address', $xml); $this->addressStore->load_addresses_from_domxml($tmp); //print "VirtualSystem '".$this->name."' address objectsloaded\n" ; // End of address objects extraction // // Extract address groups in this DV // $tmp = DH::findFirstElementOrCreate('address-group', $xml); $this->addressStore->load_addressgroups_from_domxml($tmp); //print "VirtualSystem '".$this->name."' address groups loaded\n" ; // End of address groups extraction // // // Extract service objects in this VirtualSystem // // // $tmp = DH::findFirstElementOrCreate('service', $xml); $this->serviceStore->load_services_from_domxml($tmp); //print "VirtualSystem '".$this->name."' service objects\n" ; // End of <service> extraction // // // Extract service groups in this VirtualSystem // // // $tmp = DH::findFirstElementOrCreate('service-group', $xml); $this->serviceStore->load_servicegroups_from_domxml($tmp); //print "VirtualSystem '".$this->name."' service groups loaded\n" ; // End of <service-group> extraction $prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $xml); $postrulebase = DH::findFirstElementOrCreate('post-rulebase', $xml); $tmp = DH::findFirstElementOrCreate('security', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('security', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->securityRules->load_from_domxml($tmp, $tmpPost); $tmp = DH::findFirstElementOrCreate('nat', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->natRules->load_from_domxml($tmp, $tmpPost); $tmp = DH::findFirstElementOrCreate('decryption', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->decryptionRules->load_from_domxml($tmp, $tmpPost); $tmp = DH::findFirstElementOrCreate('application-override', $prerulebase); $tmp = DH::findFirstElementOrCreate('rules', $tmp); $tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase); $tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost); $this->appOverrideRules->load_from_domxml($tmp, $tmpPost); // Devices extraction $this->devicesRoot = DH::findFirstElementOrCreate('devices', $xml); foreach ($this->devicesRoot->childNodes as $device) { if ($device->nodeType != 1) { continue; } $devname = DH::findAttribute('name', $device); $vsyslist = array(); $vsysChild = DH::firstChildElement($device); if ($vsysChild !== FALSE) { foreach ($vsysChild->childNodes as $vsysentry) { if ($vsysentry->nodeType != 1) { continue; } $vname = DH::findAttribute('name', $vsysentry); $vsyslist[] = $vname; } } else { //print "No vsys for device '$devname'\n"; $vsyslist[] = 'vsys1'; } $this->devices[] = array('serial' => $devname, 'vsyslist' => $vsyslist); } }