/** * send current config to the firewall and save under name $config_name * */ public function API_uploadConfig($config_name = 'panconfigurator-default.xml') { print "Uploadig config to device...."; $url = "&type=import&category=configuration&category=configuration"; $answer =& $this->connector->sendRequest($url, false, DH::dom_to_xml($this->xmlroot), $config_name); print "OK!\n"; }
/** * @param $str * @param bool $checkFileExists * @return string[] */ public static function &processIOMethod($str, $checkFileExists) { $ret = array('status' => 'fail'); $ret['filename'] = null; $pos = strpos($str, 'api://'); if ($pos !== false) { PanAPIConnector::loadConnectorsFromUserHome(); $host = substr($str, strlen('api://')); $hostExplode = explode('@', $host); if (count($hostExplode) == 1) { $fileExplode = explode('/', $host); if (count($fileExplode) == 2) { $ret['filename'] = $fileExplode[1]; $host = $fileExplode[0]; } $connector = PanAPIConnector::findOrCreateConnectorFromHost($host); } else { $fileExplode = explode('/', $hostExplode[1]); if (count($fileExplode) == 2) { $ret['filename'] = $fileExplode[1]; $hostExplode[1] = $fileExplode[0]; } $connector = PanAPIConnector::findOrCreateConnectorFromHost($hostExplode[1]); $connector->setType('panos-via-panorama', $hostExplode[0]); } $ret['status'] = 'ok'; $ret['type'] = 'api'; $ret['connector'] = $connector; } else { //assuming it's a file if ($checkFileExists && !file_exists($str)) { $ret['msg'] = 'file "' . $str . '" does not exist'; return $ret; } $ret['status'] = 'ok'; $ret['type'] = 'file'; $ret['filename'] = $str; } return $ret; }
<?php /******************************************************************************************** This sample script will connect to a live firewall and do some live changes. *********************************************************************************************/ // load 'PAN Configurator' library require_once "../lib/panconfigurator.php"; $apikey = 'LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09'; $apihost = '192.168.50.10'; $con = new PanAPIConnector($apihost, $apikey, 'panos'); // enable connector to show us API calls on the go $con->setShowApiCalls(true); $panc = new PANConf(); $panc->API_load_from_candidate($con); // Did we find VSYS1 ? $vsys1 = $panc->findVirtualSystem('vsys1'); if (is_null($vsys1)) { derr("vsys1 was not found ? Exit\n"); } print "\n***********************************************\n\n"; //display rules $vsys1->securityRules->display(); // look for an object named 'User-Networks' $object = $vsys1->addressStore->find('User-Networks'); if (is_null($object)) { derr("Error: object not found\n"); } // want to know xpath of an object ? print "displaying XPATH of object named " . $object->name() . " : " . $object->getXPath() . "\r\n";
function tagObjects(&$list, $tagName, $modePANOS, PanAPIConnector $connector) { print "creating tag '{$tagName}'..."; $xpath = '/config/shared/tag'; $element = "<entry name='" . $tagName . "'></entry>"; $connector->sendSetRequest($xpath, $element); print " OK!\n"; foreach ($list as &$o) { $xpath = '/' . $o['type'] . "/entry[@name='" . $o['name'] . "']/tag"; $element = "<member>{$tagName}</member>"; if ($o['sub'] == 'shared') { $xpath = '/config/shared' . $xpath; } else { if ($modePANOS) { $xpath = "/config/devices/entry/vsys/entry[@name='" . $o['sub'] . "']" . $xpath; } else { $xpath = "/config/devices/entry/device-group/entry[@name='" . $o['sub'] . "']" . $xpath; } } print "Tagging object " . $o['sub'] . "/" . $o['name'] . "... "; //$connector->setShowApiCalls(true); $connector->sendSetRequest($xpath, $element); print "OK!\n"; } }
/** * @param string $host * @param string $apiKey * @param bool $promptForKey * @param bool $checkConnectivity * @return PanAPIConnector */ public static function findOrCreateConnectorFromHost($host, $apiKey = null, $promptForKey = true, $checkConnectivity = true) { self::loadConnectorsFromUserHome(); $host = strtolower($host); foreach (self::$savedConnectors as $connector) { if ($connector->apihost == $host) { return $connector; } } if ($apiKey === null && $promptForKey === false) { derr('API host/key not found and apiKey is blank + promptForKey is disabled'); } if ($apiKey !== null) { $connection = new PanAPIConnector($host, $apiKey, 'panos'); } elseif ($promptForKey) { print "** Request API access to host '{$host}' but API was not found in cache.\n" . "** Please enter API key or username below and hit enter: "; $handle = fopen("php://stdin", "r"); $line = fgets($handle); $apiKey = trim($line); if (strlen($apiKey) < 19) { $user = $apiKey; print "* you input user '{$user}' , please enter password now: "; $line = fgets($handle); $password = trim($line); print "* Now generating an API key from '{$host}'..."; $con = new PanAPIConnector($host, ''); $url = "type=keygen&user={$user}&password={$password}"; $res = $con->sendRequest($url); $res = DH::findFirstElement('response', $res); if ($res === false) { derr('missing <response> from API answer'); } $res = DH::findFirstElement('result', $res); if ($res === false) { derr('missing <result> from API answer'); } $res = DH::findFirstElement('key', $res); if ($res === false) { derr('unsupported response from PANOS API'); } $apiKey = $res->textContent; print "OK, key is {$apiKey}\n\n"; } fclose($handle); $connection = new PanAPIConnector($host, $apiKey, 'panos'); } if ($checkConnectivity) { $connection->testConnectivity(); self::$savedConnectors[] = $connection; self::saveConnectorsToUserHome(); } return $connection; }