public static function processCliArgs()
{
global $argv;
PH::$args = array();
$first = true;
foreach ($argv as &$arg) {
if ($first) {
$first = false;
continue;
}
$nameExplode = explode('=', $arg, 2);
if (count($nameExplode) != 2) {
$value = true;
} else {
$value = $nameExplode[1];
}
$nameExplode[0] = strtolower($nameExplode[0]);
$nameExplode[0] = str_ireplace('-', '', $nameExplode[0]);
if (isset(PH::$args[$nameExplode[0]])) {
derr("argument '" . PH::$args[$nameExplode[0]] . "' was input twice in command line");
}
PH::$args[$nameExplode[0]] = $value;
}
//print_r(PH::$args);
}
public static function removeMember($email, $name, $type)
{
$user = Yii::app()->mongodb->citoyens->findOne(array("email" => $email));
$group = Yii::app()->mongodb->groups->findOne(array("name" => $name, "type" => $type));
if (isset($user) && isset($group)) {
PH::update(PHType::TYPE_CITOYEN, array("_id" => new MongoId($user["_id"])), array('$pull' => array(CitoyenType::$types2Nodes[$type] => (string) $group["_id"])));
PH::update(PHType::TYPE_GROUPS, array("_id" => new MongoId($group["_id"])), array('$pull' => array(self::NODE_PARTICIPANTS => (string) $user["_id"])));
$res = array("result" => true, "userDisonnected2Group" => true);
} else {
$res = array('result' => false, 'msg' => 'something somewhere went terribly wrong');
}
return $res;
}
public function executeAction($object)
{
$this->object = $object;
print " - object '" . PH::boldText($object->name()) . "' passing through Action='{$this->actionRef['name']}'";
if (count($this->arguments) != 0) {
print " Args: ";
foreach ($this->arguments as $argName => $argValue) {
print "{$argName}={$argValue}, ";
}
}
print "\n";
$this->actionRef['MainFunction']($this);
}
/**
* @return string
*/
public function &udpMappingToText()
{
$returnText = '';
if (count($this->udpPortMap) != 0) {
$mapsText = array();
foreach ($this->udpPortMap as &$map) {
if ($map['start'] == $map['end']) {
$mapsText[] = (string) $map['start'];
} else {
$mapsText[] = $map['start'] . '-' . $map['end'];
}
}
$returnText = PH::list_to_string($mapsText);
}
return $returnText;
}
******************************************************************************/
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/../');
require_once "lib/panconfigurator.php";
function display_usage_and_exit()
{
global $argv;
print "\nusage: php " . basename(__FILE__) . " type=panos|panorama in=inputfile.xml out=outputfile.xml location=shared|sub " . "group=groupName||groupfile=listGroupFile.txt\n" . "Example: php " . basename(__FILE__) . " type=panos in=original.xml out=final.xml location=shared group=group_internal_excl_dmz\n" . " php " . basename(__FILE__) . " type=panorama in=original.xml out=final.xml location=dmz-firewalls groupfile=grouplist.txt\n\n";
exit(1);
}
function display_error_usage_exit($msg)
{
fwrite(STDERR, "\n\n**ERROR** " . $msg . "\n\n");
display_usage_and_exit();
}
// load arguments in PH::$args for easy use
PH::processCliArgs();
//default values
$cliType = null;
$groupName = null;
$groupLocation = null;
$groupFile = null;
$inputFile = null;
$outputFile = null;
if (!isset(PH::$args['type'])) {
display_error_usage_exit('"type" is missing from arguments');
}
if (!isset(PH::$args['in'])) {
display_error_usage_exit('"in" is missing from arguments');
}
$inputFile = PH::$args['in'];
if (!is_string($inputFile) || strlen($inputFile) < 1) {
function display_error_usage_exit($msg)
{
fwrite(STDERR, PH::boldText("\n**ERROR** ") . $msg . "\n\n");
display_usage_and_exit(true);
}
public function load_from_domxml($xml)
{
$this->xmldoc = $xml;
$this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc);
$this->xmlroot = $this->configroot;
$versionAttr = DH::findAttribute('version', $this->configroot);
if ($versionAttr !== false) {
$this->version = PH::versionFromString($versionAttr);
} else {
if (isset($this->connector) && $this->connector !== null) {
$version = $this->connector->getSoftwareVersion();
} else {
derr('cannot find PANOS version used for make this config');
}
$this->version = $version['version'];
}
$tmp = DH::findFirstElementOrCreate('mgt-config', $this->configroot);
$tmp = DH::findFirstElementOrCreate('devices', $tmp);
foreach ($tmp->childNodes as $serial) {
if ($serial->nodeType != 1) {
continue;
}
$s = DH::findAttribute('name', $serial);
if ($s === FALSE) {
derr('no serial found');
}
$this->managedFirewallsSerials[] = $s;
}
$this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot);
$this->devicesroot = DH::findFirstElementOrDie('devices', $this->configroot);
$this->localhostroot = DH::findFirstElementByNameAttrOrDie('entry', 'localhost.localdomain', $this->devicesroot);
$this->devicegrouproot = DH::findFirstElementOrDie('device-group', $this->localhostroot);
$this->templateroot = DH::findFirstElementOrDie('template', $this->localhostroot);
//
// Extract Tag objects
//
if ($this->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Shared address objects extraction
//
$tmp = DH::findFirstElementOrCreate('address', $this->sharedroot);
$this->addressStore->load_addresses_from_domxml($tmp);
// end of address extraction
//
// Extract address groups
//
$tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot);
$this->addressStore->load_addressgroups_from_domxml($tmp);
// End of address groups extraction
//
// Extract services
//
$tmp = DH::findFirstElementOrCreate('service', $this->sharedroot);
$this->serviceStore->load_services_from_domxml($tmp);
// End of address groups extraction
//
// Extract service groups
//
$tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
// End of address groups extraction
$prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $this->sharedroot);
$postrulebase = DH::findFirstElementOrCreate('post-rulebase', $this->sharedroot);
$tmp = DH::findFirstElementOrCreate('security', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('security', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->securityRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('nat', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->natRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('decryption', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->decryptionRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('application-override', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->appOverrideRules->load_from_domxml($tmp, $tmpPost);
//
// loading templates
//
foreach ($this->templateroot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$ldv = new Template('*tmp*', $this);
$ldv->load_from_domxml($node);
$this->templates[] = $ldv;
//print "Template '{$ldv->name()}' found\n";
}
//
// end of Templates
//
//
// loading Device Groups now
//
if ($this->version < 70) {
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$lvname = $node->nodeName;
//print "Device Group '$lvname' found\n";
$ldv = new DeviceGroup($this);
$ldv->load_from_domxml($node);
$this->deviceGroups[] = $ldv;
}
} else {
$dgMetaDataNode = DH::findXPathSingleEntryOrDie('/config/readonly/dg-meta-data/dginfo', $this->xmlroot);
$dgToParent = array();
$parentToDG = array();
foreach ($dgMetaDataNode->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$dgName = DH::findAttribute('name', $node);
if ($dgName === false) {
derr("DeviceGroup name attribute not found in dg-meta-data", $node);
}
$parentDG = DH::findFirstElement('parent-dg', $node);
if ($parentDG === false) {
$dgToParent[$dgName] = 'shared';
$parentToDG['shared'][] = $dgName;
} else {
$dgToParent[$dgName] = $parentDG->textContent;
$parentToDG[$parentDG->textContent][] = $dgName;
}
}
$dgLoadOrder = array('shared');
while (count($parentToDG) > 0) {
$dgLoadOrderCount = count($dgLoadOrder);
foreach ($dgLoadOrder as &$dgName) {
if (isset($parentToDG[$dgName])) {
foreach ($parentToDG[$dgName] as &$newDGName) {
$dgLoadOrder[] = $newDGName;
}
unset($parentToDG[$dgName]);
}
}
if (count($dgLoadOrder) <= $dgLoadOrderCount) {
derr('dg-meta-data seems to be corrupted, parent.child template cannot be calculated ', $dgMetaDataNode);
}
$dgLoadOrderCount = count($dgLoadOrder);
}
/*print "DG loading order:\n";
foreach( $dgLoadOrder as &$dgName )
print " - {$dgName}\n";*/
$deviceGroupNodes = array();
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$nodeNameAttr = DH::findAttribute('name', $node);
if ($nodeNameAttr === false) {
derr("DeviceGroup 'name' attribute was not found", $node);
}
if (!is_string($nodeNameAttr) || $nodeNameAttr == '') {
derr("DeviceGroup 'name' attribute has invalid value", $node);
}
$deviceGroupNodes[$nodeNameAttr] = $node;
}
foreach ($dgLoadOrder as $dgIndex => &$dgName) {
if ($dgName == 'shared') {
continue;
}
if (!isset($deviceGroupNodes[$dgName])) {
mwarning("DeviceGroup '{$dgName}' is listed in dg-meta-data but doesn't exist in XML");
//unset($dgLoadOrder[$dgIndex]);
continue;
}
$ldv = new DeviceGroup($this);
if (!isset($dgToParent[$dgName])) {
mwarning("DeviceGroup '{$dgName}' has not parent associated, assuming SHARED");
} elseif ($dgToParent[$dgName] == 'shared') {
// do nothing
} else {
$parentDG = $this->findDeviceGroup($dgToParent[$dgName]);
if ($parentDG === null) {
mwarning("DeviceGroup '{$dgName}' has DG '{$dgToParent[$dgName]}' listed as parent but it cannot be found in XML");
} else {
$parentDG->childDeviceGroups[$dgName] = $ldv;
$ldv->parentDeviceGroup = $parentDG;
}
}
$ldv->load_from_domxml($deviceGroupNodes[$dgName]);
$this->deviceGroups[] = $ldv;
}
}
//
// End of DeviceGroup loading
//
}
public static function register($email, $pwd)
{
if (Yii::app()->request->isAjaxRequest && isset($email) && !empty($email)) {
$account = PHDB::findOne(self::COLLECTION, array("email" => $email));
if (!$account) {
Person::clearUserSessionData();
//validate isEmail
$name = "";
if (preg_match('#^([\\w.-])/<([\\w.-]+@[\\w.-]+\\.[a-zA-Z]{2,6})/>$#', $email, $matches)) {
$name = $matches[0];
$email = $matches[1];
}
if (!empty($pwd) && preg_match('#^[\\w.-]+@[\\w.-]+\\.[a-zA-Z]{2,6}$#', $email)) {
//new user is creating account
$newAccount = array("@context" => array("@vocab" => "http://schema.org", "ph" => "http://pixelhumain.com/ph/ontology/"), 'email' => $email, 'pwd' => hash('sha256', $email . $pwd), 'ph:created' => time());
if (isset($_POST['name'])) {
$newAccount["name"] = $_POST['name'];
}
if (isset($_POST['cp'])) {
$newAccount["cp"] = $_POST['cp'];
$newAccount["address"] = array("@type" => "PostalAddress", "postalCode" => $_POST['cp']);
}
if (isset($_POST['country'])) {
$newAccount["address"]["addressLocality"] = $_POST['country'];
}
//save any inexistant tag to DB
if (isset($_POST['tags'])) {
$tagsList = PHDB::findOne(PHType::TYPE_LISTS, array("name" => "tags"), array('list'));
foreach (explode(",", $_POST['tags']) as $tag) {
if (!in_array($tag, $tagsList['list'])) {
PHDB::update(PHType::TYPE_LISTS, array("name" => "tags"), array('$push' => array("list" => $tag)));
}
}
$newAccount["tags"] = $_POST['tags'];
}
//add to DB
PHDB::insert(self::COLLECTION, $newAccount);
//set session elements for global credentials
Person::saveUserSessionData($newAccount);
//send validation mail
//TODO : make emails as cron jobs
$app = new Application($_POST["app"]);
Mail::send(array("tpl" => 'validation', "subject" => 'Confirmer votre compte pour le site ' . $app->name, "from" => Yii::app()->params['adminEmail'], "to" => !PH::notlocalServer() ? Yii::app()->params['adminEmail'] : $email, "tplParams" => array("user" => $newAccount["_id"], "title" => $app->name, "logo" => $app->logoUrl)));
//TODO : add an admin notification
/*Notification::saveNotification(array("type"=>NotificationType::NOTIFICATION_REGISTER,
"user"=>$newAccount["_id"]));*/
$res = array("result" => true, "id" => $newAccount, "msg" => "Data Successfully Saved.");
} else {
$res = array("result" => false, "msg" => "Vous devez remplir un email valide et un mot de passe .");
}
} else {
$res = array("result" => true, "id" => $account["_id"], "msg" => "Existing User Successfully Saved.");
}
} else {
$res = array("result" => false, "msg" => "Cette requete ne peut aboutir.");
}
return $res;
}
</script>
</div>
</li>
</ul>
<?php
} else {
?>
<h2>Restricted Area</h2>
<?php
/* ******************************
When first time users conenct to the api
there is no data for a certain module
this section will initialise the data
this is only shown if no admin user is found
******************************/
if (!PH::notlocalServer()) {
$admins = PHDB::noAdminExist($this->module->id);
if (count($admins) > 0) {
echo "<b>Data has allready been initialised</b><br/>Below is your list of admin users :<br/>";
foreach ($admins as $key => $value) {
echo "<b>" . $value["email"] . "</b><br/>";
}
} else {
echo "Your Application instance <b>" . $this->module->id . "</b> has no admin user, first initialise your data below :<br/>";
$this->renderPartial("application.components.api.views.adminPH.initData");
//var_dump(json_decode(file_get_contents("X:\\X_Dev\\humanpixel\\modules\\sample\\data\\applications.js"),true));
}
}
?>
<br/>or You can contact a PH admin <a class="btn" href="mail:contact@pixelhumain.com"><i class="fa fa-mail"></i></a>
<?php
/**
* Stops script with an error message and a backtrace
* @param string $msg error message to display
* @param DOMNode $object
* @throws Exception
*/
function derr($msg, $object = null)
{
if ($object !== null) {
$class = get_class($object);
if ($class == 'DOMNode' || $class == 'DOMElement' || is_subclass_of($object, 'DOMNode')) {
$msg .= "\nXML line #" . $object->getLineNo() . ", XPATH: " . DH::elementToPanXPath($object) . "\n" . DH::dom_to_xml($object, 0, true, 3);
}
}
if (PH::$useExceptions) {
$ex = new Exception($msg);
throw $ex;
}
fwrite(STDERR, PH::boldText("\n* ** ERROR ** * ") . $msg . "\n\n");
//debug_print_backtrace();
$d = debug_backtrace();
$skip = 0;
fwrite(STDERR, " *** Backtrace ***\n");
$count = 0;
foreach ($d as $l) {
if ($skip >= 0) {
print "{$count} ****\n";
if (isset($l['object']) && method_exists($l['object'], 'toString')) {
fwrite(STDERR, ' ' . $l['object']->toString() . "\n");
}
//print $l['function']."()\n";
if (isset($l['object'])) {
fwrite(STDERR, ' ' . PH::boldText($l['class'] . '::' . $l['function'] . "()") . " @\n " . $l['file'] . " line " . $l['line'] . "\n");
} else {
fwrite(STDERR, ' ::' . $l['file'] . " line " . $l['line'] . "\n");
}
}
$skip++;
$count++;
}
exit(1);
}
/**
* @param $xml DOMElement|DOMDocument
* @throws Exception
*/
public function load_from_domxml($xml)
{
if ($xml->nodeType == XML_DOCUMENT_NODE) {
$this->xmldoc = $xml;
$this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc);
$this->xmlroot = $this->configroot;
} else {
$this->xmlroot = $xml;
$this->configroot = $xml;
}
if ($this->owner !== null) {
$this->version = $this->owner->owner->version;
} else {
$versionAttr = DH::findAttribute('version', $this->configroot);
if ($versionAttr !== false) {
$this->version = PH::versionFromString($versionAttr);
} else {
if (isset($this->connector) && $this->connector !== null) {
$version = $this->connector->getSoftwareVersion();
} else {
derr('cannot find PANOS version used for make this config');
}
$this->version = $version['version'];
}
}
$this->devicesroot = DH::findFirstElementOrCreate('devices', $this->configroot);
$this->localhostroot = DH::findFirstElement('entry', $this->devicesroot);
if ($this->localhostroot === false) {
$this->localhostroot = DH::createElement($this->devicesroot, 'entry');
$this->localhostroot->setAttribute('name', 'localhost.localdomain');
}
$this->vsyssroot = DH::findFirstElementOrCreate('vsys', $this->localhostroot);
if ($this->owner === null) {
$this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot);
//
// Extract Tag objects
//
if ($this->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Shared address objects extraction
//
$tmp = DH::findFirstElementOrCreate('address', $this->sharedroot);
$this->addressStore->load_addresses_from_domxml($tmp);
// end of address extraction
//
// Extract address groups
//
$tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot);
$this->addressStore->load_addressgroups_from_domxml($tmp);
// End of address groups extraction
//
// Extract services
//
$tmp = DH::findFirstElementOrCreate('service', $this->sharedroot);
$this->serviceStore->load_services_from_domxml($tmp);
// End of address groups extraction
//
// Extract service groups
//
$tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
// End of address groups extraction
}
//
// Extract network related configs
//
$tmp = DH::findFirstElementOrCreate('network', $this->localhostroot);
$this->network->load_from_domxml($tmp);
//
// Now listing and extracting all VirtualSystem configurations
foreach ($this->vsyssroot->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
//print "DOM type: ".$node->nodeType."\n";
$lvsys = new VirtualSystem($this);
$lvname = DH::findAttribute('name', $node);
if ($lvname === FALSE) {
derr('cannot find VirtualSystem name');
}
if (isset($this->panorama)) {
$dg = $this->panorama->findApplicableDGForVsys($this->serial, $lvname);
if ($dg !== FALSE) {
$lvsys->addressStore->panoramaDG = $dg->addressStore;
$lvsys->serviceStore->panoramaDG = $dg->serviceStore;
}
}
$lvsys->load_from_domxml($node);
$this->virtualSystems[] = $lvsys;
$importedInterfaces = $lvsys->importedInterfaces->interfaces();
foreach ($importedInterfaces as &$ifName) {
$resolvedIf = $this->network->findInterface($ifName);
if ($resolvedIf !== null) {
$resolvedIf->importedByVSYS = $lvsys;
}
}
}
}
public function display_statistics()
{
print "Statistics for DG '" . PH::boldText($this->name) . "'\n";
print "- {$this->securityRules->countPreRules()} / {$this->securityRules->countPostRules()} pre/post SecRules\n";
print "- {$this->natRules->countPreRules()} / {$this->natRules->countPostRules()} pre/post NatRules\n";
print "- {$this->addressStore->countAddresses()} / {$this->addressStore->countAddressGroups()} / {$this->addressStore->countTmpAddresses()} address/group/tmp/total objects\n";
print "- {$this->serviceStore->countServices()} / {$this->serviceStore->countServiceGroups()} / {$this->serviceStore->countTmpServices()} service/group/tmp/total objects\n";
print "- {$this->tagStore->count()} tags. {$this->tagStore->countUnused()} unused\n";
}
public function &toString_inline()
{
return PH::list_to_string($this->o);
}
