function __construct($name, DH $dh)
{
$this->name = $name;
$this->dh = $dh;
$this->priv = $dh->generatePrivate();
$this->pub = $dh->generatePublic($this->priv);
}
protected function _load_description_from_domxml()
{
$descroot = DH::findFirstElement('description', $this->xmlroot);
if ($descroot !== false) {
$this->_description = $descroot->textContent;
}
}
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("zone name not found\n", $xml);
}
$tmp = DH::findFirstElementOrDie('config', $xml);
$this->deviceConfiguration->load_from_domxml($tmp);
}
public function load_from_domxml(DOMNode $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("tag name not found\n", $xml);
}
if (strlen($this->name) < 1) {
derr("Tag name '" . $this->name . "' is not valid.", $xml);
}
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
$this->extract_disabled_from_domxml();
$this->extract_description_from_domxml();
$this->load_from();
$this->load_to();
$this->load_source();
$this->load_destination();
$this->load_tags();
}
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("loopback name name not found\n");
}
$ipNode = DH::findFirstElement('ip', $xml);
if ($ipNode !== false) {
foreach ($ipNode->childNodes as $l3ipNode) {
if ($ipNode->nodeType != XML_ELEMENT_NODE) {
continue;
}
$this->_ipv4Addresses[] = $ipNode->getAttribute('name');
}
}
}
/**
* @param DOMElement $xml
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("virtual-router name not found\n");
}
$node = DH::findFirstElementOrCreate('interface', $xml);
$this->attachedInterfaces->load_from_domxml($node);
$node = DH::findXPath('/routing-table/ip/static-route/entry', $xml);
if ($node !== false) {
for ($i = 0; $i < $node->length; $i++) {
$newRoute = new StaticRoute('***tmp**', $this);
$newRoute->load_from_xml($node->item($i));
$this->_staticRoutes[] = $newRoute;
}
}
}
function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$tmp = DH::findFirstElementOrCreate('tunnel', $this->xmlroot);
$tmp = DH::findFirstElementOrCreate('ipsec', $tmp);
$this->ipsecTunnelStore->load_from_domxml($tmp);
$tmp = DH::findFirstElementOrCreate('interface', $this->xmlroot);
$tmp = DH::findFirstElementOrCreate('ethernet', $tmp);
$this->ethernetIfStore->load_from_domxml($tmp);
$tmp = DH::findFirstElementOrCreate('interface', $this->xmlroot);
$tmp = DH::findFirstElementOrCreate('aggregate-ethernet', $tmp);
$this->aggregateEthernetIfStore->load_from_domxml($tmp);
$tmp = DH::findFirstElementOrCreate('interface', $this->xmlroot);
$tmp = DH::findFirstElementOrCreate('loopback', $tmp);
$tmp = DH::findFirstElementOrCreate('units', $tmp);
$this->loopbackIfStore->load_from_domxml($tmp);
$tmp = DH::findFirstElementOrCreate('virtual-router', $this->xmlroot);
$this->virtualRouterStore->load_from_domxml($tmp);
}
/**
* @param $xml DOMElement
*/
function load_from_xml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("static-route name not found\n");
}
$dstNode = DH::findFirstElementOrDie('destination', $xml);
$this->_destination = $dstNode->textContent;
$ifNode = DH::findFirstElement('interface', $xml);
if ($ifNode !== false) {
$this->_interface = $this->owner->owner->owner->network->findInterfaceOrCreateTmp($ifNode->textContent);
}
$fhNode = DH::findFirstElement('nexthop', $xml);
if ($fhNode !== false) {
$fhTypeNode = DH::findFirstElement('ip-address', $fhNode);
if ($fhTypeNode !== false) {
$this->_nexthopType = 'ip-address';
$this->_nexthopIP = $fhTypeNode->textContent;
}
}
}
public function rewriteXML()
{
if ($this->isTmpAddr()) {
return;
}
DH::clearDomNodeChilds($this->xmlroot);
$tmp = DH::createElement($this->xmlroot, self::$AddressTypes[$this->type], $this->value);
if ($this->_description !== null && strlen($this->_description) > 0) {
DH::createElement($this->xmlroot, 'description', $this->_description);
}
}
public function setAlternativeName($newName)
{
if ($newName == $this->_alternativeName) {
return false;
}
if ($newName === null || strlen($newName) == 0) {
$node = DH::findFirstElement('display-name', $this->xmlroot);
if ($node === false) {
return false;
}
$this->xmlroot->removeChild($node);
return true;
}
$node = DH::findFirstElementOrCreate('display-name', $this->xmlroot);
DH::setDomNodeText($node, $newName);
return true;
}
public function rewriteAddressGroupStoreXML()
{
DH::clearDomNodeChilds($this->addrgroot);
foreach ($this->addrg as $s) {
$this->addrgroot->appendChild($s->xmlroot);
}
}
/**
* Rewrite XML for this object, useful after a batch editing to save computing time
*
*/
public function rewriteXML()
{
if ($this->isDynamic()) {
derr('unsupported');
}
if ($this->owner->owner->version >= 60) {
DH::Hosts_to_xmlDom($this->membersRoot, $this->members, 'member', false);
} else {
DH::Hosts_to_xmlDom($this->xmlroot, $this->members, 'member', false);
}
}
function mwarning($msg, $object = null)
{
global $PANC_WARN;
if (isset($PANC_WARN) && $PANC_WARN == 0) {
return;
}
if ($object !== null) {
$class = get_class($object);
if ($class == 'DOMNode' || $class == 'DOMElement' || is_subclass_of($object, 'DOMNode')) {
$msg .= "\nXML line #" . $object->getLineNo() . ", XPATH: " . DH::elementToPanXPath($object) . "\nRaw xml:" . DH::dom_to_xml($object, 0, true, 3);
}
}
fwrite(STDERR, "\n*WARNING* " . $msg . "\n");
//debug_print_backtrace();
$d = debug_backtrace();
$skip = 0;
print " *** Backtrace ***\n";
foreach ($d as $l) {
if ($skip >= 0) {
if ($skip == 0 && isset($l['object'])) {
fwrite(STDERR, $l['object']->toString() . "\n");
}
fwrite(STDERR, $l['function'] . "()\n");
if (isset($l['object'])) {
fwrite(STDERR, ' ' . $l['class'] . '::' . $l['file'] . " line " . $l['line'] . "\n");
} else {
fwrite(STDERR, ' ::' . $l['file'] . " line " . $l['line'] . "\n");
}
}
$skip++;
}
fwrite(STDERR, "\n\n");
}
public function rewriteXML()
{
if ($this->xmlroot !== null) {
DH::clearDomNodeChilds($this->xmlroot);
foreach ($this->o as $zone) {
if (!$zone->isTmp()) {
$this->xmlroot->appendChild($zone->xmlroot);
}
}
}
}
/**
* @param bool $yes
* @return bool
*/
public function setDestinationIsNegated($yes)
{
if ($this->negatedDestination != $yes) {
$tmpRoot = DH::findFirstElement('negate-destination', $this->xmlroot);
if ($tmpRoot === false) {
if ($yes) {
DH::createElement($this->xmlroot, 'negate-destination', 'yes');
}
} else {
if (!$yes) {
$this->xmlroot->removeChild($tmpRoot);
} else {
DH::setDomNodeText($tmpRoot, 'yes');
}
}
$this->negatedDestination = $yes;
return true;
}
return false;
}
/**
* @param string $xpathString
* @param DOMDocument|DOMNode $contextNode
* @return DOMNode
*/
public static function findXPathSingleEntryOrDie($xpathString, $contextNode)
{
$nodes = DH::findXPath($xpathString, $contextNode);
if ($nodes === FALSE) {
derr("XPath query evaluation error for '{$xpathString}'");
}
if ($nodes->length == 0) {
derr("no matching node found for xpath '{$xpathString}'", $contextNode);
}
if ($nodes->length > 1) {
derr("more than 1 matching node found for xpath '{$xpathString}'");
}
return $nodes->item(0);
}
derr("error while reading xml config file");
}
} elseif ($configInput['type'] == 'api') {
if ($debugAPI) {
$configInput['connector']->setShowApiCalls(true);
}
print " - Downloading config from API... ";
$xmlDoc = $configInput['connector']->getCandidateConfig();
print "OK!\n";
} else {
derr('not supported yet');
}
//
// Determine if PANOS or Panorama
//
$xpathResult = DH::findXPath('/config/devices/entry/vsys', $xmlDoc);
if ($xpathResult === FALSE) {
derr('XPath error happened');
}
if ($xpathResult->length < 1) {
$configType = 'panorama';
} else {
$configType = 'panos';
}
unset($xpathResult);
if ($configType == 'panos') {
$pan = new PANConf();
} else {
$pan = new PanoramaConf();
}
print " - Detected platform type is '{$configType}'\n";
public function rewriteXML()
{
if ($this->xmlroot !== null) {
DH::clearDomNodeChilds($this->xmlroot);
foreach ($this->o as $o) {
$this->xmlroot->appendChild($o->xmlroot);
}
}
}
/**
* For developper use only
*
*/
protected function rewriteSDisabled_XML()
{
if ($this->disabled) {
DH::setDomNodeText($this->disabledroot, 'yes');
} else {
DH::setDomNodeText($this->disabledroot, 'no');
}
}
public function load_from_predefinedfile($filename = null)
{
if (is_null($filename)) {
$filename = dirname(__FILE__) . '/predefined.xml';
}
$xmlDoc = new DOMDocument();
$xmlDoc->load($filename);
$cursor = DH::findXPathSingleEntryOrDie('/predefined/application', $xmlDoc);
$this->load_from_domxml($cursor);
$cursor = DH::findXPathSingleEntryOrDie('/predefined/application-container', $xmlDoc);
$this->loadcontainers_from_domxml($cursor);
// fixing someone mess ;)
$app = $this->findOrCreate('ftp');
$app->tcp[] = array(0 => 'dynamic');
}
/**
* send current config to the firewall and save under name $config_name
*
*/
public function API_uploadConfig($config_name = 'panconfigurator-default.xml')
{
print "Uploadig config to device....";
$url = "&type=import&category=configuration&category=configuration";
$answer =& $this->connector->sendRequest($url, false, DH::dom_to_xml($this->xmlroot), $config_name);
print "OK!\n";
}
public function rewriteServiceGroupStoreXML()
{
DH::clearDomNodeChilds($this->servgroot);
foreach ($this->servg as $s) {
$this->servgroot->appendChild($s->xmlroot);
}
}
public function API_sync()
{
$xpath = DH::elementToPanXPath($this->xmlroot);
$con = findConnectorOrDie($this);
$con->sendEditRequest($xpath, $this->getXmlText_inline());
}
public function rewriteXML()
{
if (count($this->o) > 0) {
if ($this->xmlroot === null) {
$this->xmlroot = DH::createElement($this->owner->xmlroot, 'tag');
}
DH::Hosts_to_xmlDom($this->xmlroot, $this->o, 'member', false);
} else {
if ($this->xmlroot !== null) {
$this->owner->xmlroot->removeChild($this->xmlroot);
$this->xmlroot = null;
}
}
}
/**
* @param string $newProtocol
*/
public function setProtocol($newProtocol)
{
if ($newProtocol != 'tcp' || $newProtocol != 'udp') {
derr("unsupported protocol '{$newProtocol}'");
}
if ($newProtocol == $this->_protocol) {
return;
}
$this->_protocol = $newProtocol;
DH::clearDomNodeChilds($this->protocolRoot);
$this->tcpOrUdpRoot = DH::createElement($this->protocolRoot, $this->_protocol);
DH::createElement($this->tcpOrUdpRoot, 'port', $this->_dport);
if (strlen($this->_sport) > 0) {
DH::createElement($this->tcpOrUdpRoot, 'source-port', $this->_dport);
}
}
/**
*
*
*/
public function rewriteService_XML()
{
DH::clearDomNodeChilds($this->serviceroot);
if (is_null($this->service)) {
DH::setDomNodeText($this->serviceroot, 'any');
return;
}
DH::setDomNodeText($this->serviceroot, $this->service->name());
}
public function rewriteXML()
{
if ($this->xmlroot === null) {
return;
}
DH::clearDomNodeChilds($this->xmlroot);
foreach ($this->o as $o) {
if (!$o->isTmp()) {
$this->xmlroot->appendChild($o->xmlroot);
}
}
}
/**
* @param DOMElement $xml
*/
public function load_sub_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("address name not found\n");
}
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$nodeName = $node->nodeName;
if ($nodeName == 'comment') {
$this->description = $node->textContent;
//print "Desc found: {$this->description}\n";
} elseif ($nodeName == 'tag') {
$this->tag = $node->textContent;
}
}
if ($this->type == 'layer3') {
if ($this->type == 'layer3') {
$this->l3ipv4Addresses = array();
$ipNode = DH::findFirstElement('ip', $xml);
if ($ipNode !== false) {
foreach ($ipNode->childNodes as $l3ipNode) {
if ($l3ipNode->nodeType != XML_ELEMENT_NODE) {
continue;
}
$this->l3ipv4Addresses[] = $l3ipNode->getAttribute('name');
}
}
}
}
}
}
function generateShared($private, $public)
{
return gmp_powm($public, $private, $this->p);
}
function p()
{
return gmp_strval($this->p, 16);
}
function g($val = null)
{
if (is_string($val)) {
$this->g = gmp_init($val, 16);
}
return gmp_strval($this->g, 16);
}
}
// don't output if we're included into another script.
if (!debug_backtrace()) {
$dh = new DH();
$a = $dh->generatePrivate();
$b = $dh->generatePrivate();
$A = $dh->generatePublic($a);
$B = $dh->generatePublic($b);
$s = $dh->generateShared($a, $B);
$s2 = $dh->generateShared($b, $A);
print "A and B shared secrets match:\n";
print gmp_cmp($s, $s2) === 0 ? "Yes!\n\n" : "No :(\n\n";
print "Shared secret:\n";
print gmp_strval($s, 16) . "\n\n";
}