├── .gitattributes ├── .gitignore ├── .travis.yml ├── CHANGELOG.txt ├── Install PAN-PHP-FRAMEWORK - v1.2.pdf ├── LICENSE.txt ├── README.md ├── doc ├── 404.html ├── class-Address.html ├── class-AddressCommon.html ├── class-AddressGroup.html ├── class-AddressRuleContainer.html ├── class-AddressStore.html ├── class-AggregateEthernetIfStore.html ├── class-AggregateEthernetInterface.html ├── class-App.html ├── class-AppOverrideRule.html ├── class-AppRuleContainer.html ├── class-AppStore.html ├── class-AuthenticationRule.html ├── class-CaptivePortalRule.html ├── class-CsvParser.html ├── class-DH.html ├── class-DOMDocument.html ├── class-DOMElement.html ├── class-DOMNode.html ├── class-DOMNodeList.html ├── class-DecryptionRule.html ├── class-DeviceGroup.html ├── class-DoSRule.html ├── class-EthernetIfStore.html ├── class-EthernetInterface.html ├── class-Exception.html ├── class-IKEGateway.html ├── class-IKEGatewayStore.html ├── class-IP4Map.html ├── class-IPSecCryptoProfil.html ├── class-IPSecCryptoProfileStore.html ├── class-IPsecTunnel.html ├── class-IPsecTunnelStore.html ├── class-IkeCryptoProfil.html ├── class-IkeCryptoProfileStore.html ├── class-InterfaceContainer.html ├── class-InterfaceType.html ├── class-LoopbackIfStore.html ├── class-LoopbackInterface.html ├── class-ManagedDevice.html ├── class-ManagedDeviceStore.html ├── class-NatRule.html ├── class-NegatableRule.html ├── class-NetworkPropertiesContainer.html ├── class-ObjRuleContainer.html ├── class-ObjStore.html ├── class-ObjectWithDescription.html ├── class-PANConf.html ├── class-PH.html ├── class-PanAPIConnector.html ├── class-PanSubHelperTrait.html ├── class-PanoramaConf.html ├── class-PathableName.html ├── class-PbfRule.html ├── class-QoSRule.html ├── class-RQuery.html ├── class-ReferencableObject.html ├── class-Rule.html ├── class-RuleStore.html ├── class-RuleWithUserID.html ├── class-SecurityRule.html ├── class-Service.html ├── class-ServiceCommon.html ├── class-ServiceDstPortMapping.html ├── class-ServiceGroup.html ├── class-ServiceRuleContainer.html ├── class-ServiceSrcPortMapping.html ├── class-ServiceStore.html ├── class-StaticRoute.html ├── class-Tag.html ├── class-TagRuleContainer.html ├── class-TagStore.html ├── class-Template.html ├── class-TemplateStack.html ├── class-Throwable.html ├── class-TmpInterface.html ├── class-TmpInterfaceStore.html ├── class-Traversable.html ├── class-TunnelIfStore.html ├── class-TunnelInterface.html ├── class-VirtualRouter.html ├── class-VirtualRouterStore.html ├── class-VirtualSystem.html ├── class-VirtualWire.html ├── class-VirtualWireStore.html ├── class-VlanIfStore.html ├── class-VlanInterface.html ├── class-XmlConvertible.html ├── class-Zone.html ├── class-ZoneRuleContainer.html ├── class-ZoneStore.html ├── class-centralAddressStore.html ├── class-centralAddressStoreUser.html ├── class-centralServiceStore.html ├── class-centralServiceStoreUser.html ├── class-cidr.html ├── elementlist.js ├── function-__CmpObjMemID.html ├── function-__CmpObjName.html ├── function-array_diff_no_cast.html ├── function-array_to_devicequery.html ├── function-array_unique_no_cast.html ├── function-cloneArray.html ├── function-convert.html ├── function-derr.html ├── function-findConnector.html ├── function-findConnectorOrDie.html ├── function-insertAfter.html ├── function-lastIndex.html ├── function-mdeb.html ├── function-mwarning.html ├── function-myErrorHandler.html ├── function-my_shutdown.html ├── function-printn.html ├── function-removeElement.html ├── function-sortArrayByStartValue.html ├── function-yesNoBool.html ├── index.html ├── namespace-None.html ├── namespace-PHP.html ├── resources │ ├── collapsed.png │ ├── combined.js │ ├── footer.png │ ├── inherit.png │ ├── resize.png │ ├── sort.png │ ├── style.css │ ├── tree-cleaner.png │ ├── tree-hasnext.png │ ├── tree-last.png │ └── tree-vertical.png └── tree.html ├── examples ├── .gitignore ├── example-add-security-profile-to-all-rules-panorama.php ├── example-add-security-profile-to-all-rules.php ├── example-basics-panos.php ├── example-load-stats.php ├── example-panapiconnector.php ├── example-panorama-unused-objects.php ├── example-random-generator.php ├── example-split-large-address-groups.php ├── example-tag-zone.php ├── example-whereused.php ├── sample-configs │ ├── panorama-example.xml │ ├── panos-example-2.xml │ └── policy-best-practices.xml └── template-for-your-own-scripts.php ├── lib ├── container-classes │ ├── class-AddressRuleContainer.php │ ├── class-AppRuleContainer.php │ ├── class-ObjRuleContainer.php │ ├── class-ServiceRuleContainer.php │ ├── class-TagRuleContainer.php │ └── class-ZoneRuleContainer.php ├── device-and-system-classes │ ├── class-DeviceGroup.php │ ├── class-ManagedDevice.php │ ├── class-ManagedDeviceStore.php │ ├── class-PANConf.php │ ├── class-PanoramaConf.php │ ├── class-Template.php │ ├── class-TemplateStack.php │ └── class-VirtualSystem.php ├── helper-classes │ ├── class-IP4Map.php │ ├── class-ServiceDstPortMapping.php │ ├── class-ServiceSrcPortMapping.php │ └── class-cidr.php ├── misc-classes │ ├── class-CsvParser.php │ ├── class-DH.php │ ├── class-PH.php │ ├── class-PanAPIConnector.php │ ├── class-RQuery.php │ ├── filters-Address.php │ ├── filters-Application.php │ ├── filters-Rule.php │ ├── filters-Service.php │ ├── filters-Tag.php │ ├── trait-ObjectWithDescription.php │ ├── trait-PanSubHelperTrait.php │ ├── trait-PathableName.php │ ├── trait-ReferenceableObject.php │ └── trait-XmlConvertible.php ├── network-classes │ ├── class-AggregateEthernetIfStore.php │ ├── class-AggregateEthernetInterface.php │ ├── class-EthernetIfStore.php │ ├── class-EthernetInterface.php │ ├── class-IKEGateway.php │ ├── class-IKEGatewayStore.php │ ├── class-IPSecCryptoProfil.php │ ├── class-IPSecCryptoProfileStore.php │ ├── class-IPsecTunnel.php │ ├── class-IPsecTunnelStore.php │ ├── class-IkeCryptoProfil.php │ ├── class-IkeCryptoProfileStore.php │ ├── class-InterfaceContainer.php │ ├── class-LoopbackIfStore.php │ ├── class-LoopbackInterface.php │ ├── class-NetworkPropertiesContainer.php │ ├── class-StaticRoute.php │ ├── class-TmpInterface.php │ ├── class-TmpInterfaceStore.php │ ├── class-TunnelIfStore.php │ ├── class-TunnelInterface.php │ ├── class-VirtualRouter.php │ ├── class-VirtualRouterStore.php │ ├── class-VirtualWire.php │ ├── class-VirtualWireStore.php │ ├── class-VlanIfStore.php │ ├── class-VlanInterface.php │ ├── class-Zone.php │ └── class-ZoneStore.php ├── object-classes │ ├── class-Address.php │ ├── class-AddressGroup.php │ ├── class-AddressStore.php │ ├── class-App.php │ ├── class-AppStore.php │ ├── class-ObjStore.php │ ├── class-Service.php │ ├── class-ServiceGroup.php │ ├── class-ServiceStore.php │ ├── class-Tag.php │ ├── class-TagStore.php │ ├── predefined.xml │ ├── trait-AddressCommon.php │ └── trait-ServiceCommon.php ├── pan_php_framework.php ├── resources │ ├── LICENSE.txt │ ├── panorama-schema-v70.xml.gz │ └── panorama-schema-v71.xml.gz └── rule-classes │ ├── class-AppOverrideRule.php │ ├── class-AuthenticationRule.php │ ├── class-CaptivePortalRule.php │ ├── class-DecryptionRule.php │ ├── class-DoSRule.php │ ├── class-NatRule.php │ ├── class-PbfRule.php │ ├── class-QoSRule.php │ ├── class-Rule.php │ ├── class-RuleStore.php │ ├── class-RuleWithUserID.php │ ├── class-SecurityRule.php │ └── trait-NegatableRule.php ├── mac_set_path_variable.sh ├── tests ├── api_test_filters.php ├── api_test_mergers.php ├── input │ ├── panorama-8.0-merger.xml │ ├── panorama-8.0.xml │ └── panorama-8.1.xml ├── run_api_test.sh ├── test_actions.php ├── test_filters.php └── test_mergers.php └── utils ├── README.md ├── address-edit.php ├── address-merger.php ├── addressgroup-merger.php ├── alias.sh ├── appid-enabler.php ├── checkpoint-exclude.php ├── common ├── actions-address.php ├── actions-rule.php ├── actions-service.php ├── actions-tag.php ├── actions.php ├── html-export-template.html ├── jquery-1.11.js ├── jquery.stickytableheaders.min.js └── misc.php ├── develop ├── ike.php ├── interface.php ├── routing.php ├── vsys.php ├── vwire.php └── zone.php ├── doc ├── help.html └── res │ ├── action.js │ ├── bootstrap.min.css │ ├── bootstrap.min.js │ ├── data.js │ ├── filter.js │ ├── generator.php │ ├── jquery.min.js │ └── utils.js ├── download_predefined.php ├── grp-static-to-dynamic.php ├── key-manager.php ├── override-finder.php ├── pan-diff.php ├── panos-xml-issue-detector.php ├── register-ip-mgr.php ├── rule-merger.php ├── rules-edit.php ├── rules-stats.php ├── service-edit.php ├── service-merger.php ├── servicegroup-merger.php ├── tag-edit.php ├── upload-config.php └── userid-mgr.php /.gitattributes: -------------------------------------------------------------------------------- 1 | *.xml binary -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | output.xml 2 | outputtest.xml 3 | .idea 4 | **/.DS_Store 5 | ext 6 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: php 2 | php: 3 | # - '5.6' 4 | - '7.1' 5 | 6 | script: 7 | - cd examples 8 | - php example-add-security-profile-to-all-rules.php 9 | - php example-basics-panos.php 10 | - php example-panorama-unused-objects.php 11 | - cd ../tests 12 | - php test_filters.php 13 | - php test_actions.php 14 | - php test_mergers.php 15 | 16 | notifications: 17 | email: 18 | - shellescape@gmail.com 19 | - pan-c@waschkut.net 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /Install PAN-PHP-FRAMEWORK - v1.2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/Install PAN-PHP-FRAMEWORK - v1.2.pdf -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | PAN-PHP-FRAMEWORK is distributed with an ISC license: 2 | 3 | Copyright (c) 2014-2019 Christophe Painchaud 4 | and Sven Waschkut 5 | 6 | Permission to use, copy, modify, and distribute this software for any 7 | purpose with or without fee is hereby granted, provided that the above 8 | copyright notice and this permission notice appear in all copies. 9 | 10 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | Continued support and newest code can be found on the official Palo Alto Networks Github Account: 3 | [PAN-OS-PHP](https://github.com/PaloAltoNetworks/pan-os-php) 4 | ================ 5 | https://github.com/PaloAltoNetworks/pan-os-php 6 | 7 | ```php 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | ``` 50 | 51 | PAN-PHP-FRAMEWORK 52 | ================ 53 | 54 | PAN-PHP-FRAMEWORK is a PHP library aimed at making PANOS config changes easy (and XML free ;), maintainable and allowing complex scenarios like rule merging, unused object tracking, conversion of checkpoint exclusion groups, massive rule editing, AppID conversion … to name the ones I do on a regular basis and which are not offered by our GUI. It will work seamlessly on local config file or API. 55 | 56 | **Homepage** : download latest sources on [GitHub](https://github.com/PaloAltoNetworks/pan-os-php). Windows package with PHP binaries here: [dev.zip](https://github.com/PaloAltoNetworks/pan-os-php-windows-package/blob/main/dev.zip) 57 | 58 | **Requirements** : PHP 5.5 with curl module 59 | 60 | **Usage**: include the file lib/panos_php_framework.php in your own script to load the necessary classes. 61 | 62 | File tree: 63 | * **/lib/** contains library files source code 64 | * **/utils/** contains ready to run scripts, more information in [utils/readme.txt](/utils) 65 | * **/doc/index.html** has all classes documentations 66 | * **/example-xxx.php** are examples about using this library 67 | 68 | 69 | With less than 20 lines of code, you should be able to solve most of your needs. Brief overview: 70 | 71 | Loading a config from a file : 72 | ```php 73 | $pan = new PANConf(); 74 | $pan->load_from_file('myconfig.xml'); 75 | ``` 76 | 77 | Prefer to load it from API candidate config ? 78 | ```php 79 | $connector = panAPIConnector::findOrCreateConnectorFromHost('fw1.mycompany.com'); 80 | $pan = new PANConf(); 81 | $pan->API_load_from_candidate($connector); 82 | ``` 83 | 84 | Delete unused objects from a config : 85 | ```php 86 | foreach($pan->addressStore->addressObjects() as $object ) 87 | if( $object->countReferences() == 0 ) 88 | $pan->addressStore->remove($object); 89 | ``` 90 | 91 | Want to know where an object is used ? 92 | ```php 93 | $object = $pan->addressStore->find('H-WebServer4'); 94 | foreach( $object->getReferences() as $ref ) 95 | print $ref->toString()."\n"; 96 | ``` 97 | 98 | Replace that object by another one : 99 | ```php 100 | $object->replaceMeGlobally($anotherObject); 101 | ``` 102 | 103 | Want to add security profile group 'Block-Forward-Critical-High' in rules which have destination zone 'External' and 104 | source zone 'DMZ'? 105 | ```php 106 | foreach( $vsys1->securityRules->rules() as $rule ) 107 | if( $rule->from->has('DMZ') && $rule->to->has('External') ) 108 | $rule->setSecurityProfileGroup('Block-Forward-Critical-High'); 109 | ``` 110 | 111 | Do you hate scripting ? Utility script 'rules-edit.php' is a swiss knife to edit rules and takes advantage of PAN Configurator 112 | library from a single CLI query, ie : 113 | 114 | Do you want to enable log at start for rule going to DMZ zone and that has only object group 'Webfarms' as a destination ? 115 | 116 | rules-edit.php in=api://fw1.mycompany.com actions=logStart-Enable 'filter=(to has dmz) and (dst has.only Webfarms)' 117 | 118 | You are not sure about your filter and want to see rules before making changes ? Use action 'display' : 119 | 120 | rules-edit.php in=api://fw1.mycompany.com actions=display 'filter=(to has dmz) and (dst has.only Webfarms)' 121 | 122 | Change all rules using Application + Any service to application default ? 123 | 124 | rules-edit.php in=api://fw1.mycompany.com actions=service-Set-AppDefault 'filter=!(app is.any) and (service is.any)' 125 | 126 | Move post-SecurityRules with source zone 'dmz' or source object 'Admin-networks' to pre-Security rule ? 127 | 128 | rules-edit.php in=api://panorama.mycompany.com actions=invertPreAndPost 'filter=((from has dmz) or (source has Admin-networks) and (rule is.postrule))' 129 | 130 | Want to know what actions are supported ? 131 | 132 | rules-edit.php listActions 133 | rules-edit.php listFilters 134 | 135 | 136 | -------------------------------------------------------------------------------- /doc/class-DOMNodeList.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Class DOMNodeList | PAN-PHP-FRAMEWORK 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 | 58 |
59 | 60 |
61 | 62 | 181 | 182 | 183 | -------------------------------------------------------------------------------- /doc/class-Traversable.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Interface Traversable | PAN-PHP-FRAMEWORK 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 | 58 |
59 | 60 |
61 | 62 | 144 | 145 | 146 | -------------------------------------------------------------------------------- /doc/elementlist.js: -------------------------------------------------------------------------------- 1 | 2 | var ApiGen = ApiGen || {}; 3 | ApiGen.elements = [["f","__CmpObjMemID()"],["f","__CmpObjName()"],["c","Address"],["c","AddressCommon"],["c","AddressGroup"],["c","AddressRuleContainer"],["c","AddressStore"],["c","AggregateEthernetIfStore"],["c","AggregateEthernetInterface"],["c","App"],["c","AppOverrideRule"],["c","AppRuleContainer"],["c","AppStore"],["f","array_diff_no_cast()"],["f","array_to_devicequery()"],["f","array_unique_no_cast()"],["c","AuthenticationRule"],["c","CaptivePortalRule"],["c","centralAddressStore"],["c","centralAddressStoreUser"],["c","centralServiceStore"],["c","centralServiceStoreUser"],["c","cidr"],["f","cloneArray()"],["f","convert()"],["c","CsvParser"],["c","DecryptionRule"],["f","derr()"],["c","DeviceGroup"],["c","DH"],["c","DOMDocument"],["c","DOMElement"],["c","DOMNode"],["c","DOMNodeList"],["c","DoSRule"],["c","EthernetIfStore"],["c","EthernetInterface"],["c","Exception"],["f","findConnector()"],["f","findConnectorOrDie()"],["c","IkeCryptoProfil"],["c","IkeCryptoProfileStore"],["c","IKEGateway"],["c","IKEGatewayStore"],["f","insertAfter()"],["c","InterfaceContainer"],["c","InterfaceType"],["c","IP4Map"],["c","IPSecCryptoProfil"],["c","IPSecCryptoProfileStore"],["c","IPsecTunnel"],["c","IPsecTunnelStore"],["f","lastIndex()"],["c","LoopbackIfStore"],["c","LoopbackInterface"],["c","ManagedDevice"],["c","ManagedDeviceStore"],["f","mdeb()"],["f","mwarning()"],["f","my_shutdown()"],["f","myErrorHandler()"],["c","NatRule"],["c","NegatableRule"],["c","NetworkPropertiesContainer"],["c","ObjectWithDescription"],["c","ObjRuleContainer"],["c","ObjStore"],["c","PanAPIConnector"],["c","PANConf"],["c","PanoramaConf"],["c","PanSubHelperTrait"],["c","PathableName"],["c","PbfRule"],["c","PH"],["f","printn()"],["c","QoSRule"],["c","ReferencableObject"],["f","removeElement()"],["c","RQuery"],["c","Rule"],["c","RuleStore"],["c","RuleWithUserID"],["c","SecurityRule"],["c","Service"],["c","ServiceCommon"],["c","ServiceDstPortMapping"],["c","ServiceGroup"],["c","ServiceRuleContainer"],["c","ServiceSrcPortMapping"],["c","ServiceStore"],["f","sortArrayByStartValue()"],["c","StaticRoute"],["c","Tag"],["c","TagRuleContainer"],["c","TagStore"],["c","Template"],["c","TemplateStack"],["c","Throwable"],["c","TmpInterface"],["c","TmpInterfaceStore"],["c","Traversable"],["c","TunnelIfStore"],["c","TunnelInterface"],["c","VirtualRouter"],["c","VirtualRouterStore"],["c","VirtualSystem"],["c","VirtualWire"],["c","VirtualWireStore"],["c","VlanIfStore"],["c","VlanInterface"],["c","XmlConvertible"],["f","yesNoBool()"],["c","Zone"],["c","ZoneRuleContainer"],["c","ZoneStore"]]; 4 | -------------------------------------------------------------------------------- /doc/namespace-PHP.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Namespace PHP | PAN-PHP-FRAMEWORK 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 | 58 |
59 | 60 |
61 | 62 | 144 | 145 | 146 | -------------------------------------------------------------------------------- /doc/resources/collapsed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/collapsed.png -------------------------------------------------------------------------------- /doc/resources/footer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/footer.png -------------------------------------------------------------------------------- /doc/resources/inherit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/inherit.png -------------------------------------------------------------------------------- /doc/resources/resize.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/resize.png -------------------------------------------------------------------------------- /doc/resources/sort.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/sort.png -------------------------------------------------------------------------------- /doc/resources/tree-cleaner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/tree-cleaner.png -------------------------------------------------------------------------------- /doc/resources/tree-hasnext.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/tree-hasnext.png -------------------------------------------------------------------------------- /doc/resources/tree-last.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/tree-last.png -------------------------------------------------------------------------------- /doc/resources/tree-vertical.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/doc/resources/tree-vertical.png -------------------------------------------------------------------------------- /examples/.gitignore: -------------------------------------------------------------------------------- 1 | output.xml 2 | outputtest.xml -------------------------------------------------------------------------------- /examples/example-add-security-profile-to-all-rules-panorama.php: -------------------------------------------------------------------------------- 1 | load_from_file($origfile); 25 | 26 | 27 | // Did we find VSYS1 ? 28 | $dg = $panc->findDeviceGroup($targetDG); 29 | if( $dg === null ) 30 | { 31 | derr("DeviceGroup {$targetDG} was not found ? Exit\n"); 32 | } 33 | 34 | print "\n***********************************************\n\n"; 35 | 36 | 37 | // Going after each pre-Security rules to add a profile 38 | foreach( $dg->securityRules->rules() as $rule ) 39 | { 40 | print "Rule '".$rule->name()."' modified\n"; 41 | $rule->setSecurityProfileGroup($targetProfile); 42 | } 43 | 44 | 45 | print "\n***********************************************\n"; 46 | 47 | 48 | $panc->save_to_file($outputfile); 49 | 50 | //display some statistics 51 | $panc->display_statistics(); 52 | 53 | 54 | 55 | //more debugging infos 56 | 57 | memory_and_gc('end'); 58 | 59 | 60 | 61 | -------------------------------------------------------------------------------- /examples/example-add-security-profile-to-all-rules.php: -------------------------------------------------------------------------------- 1 | load_from_file($origfile); 26 | 27 | 28 | // Did we find VSYS1 ? 29 | $vsys1 = $panc->findVirtualSystem($targetVSYS); 30 | if( $vsys1 === null ) 31 | { 32 | derr("vsys1 was not found ? Exit\n"); 33 | } 34 | 35 | print "\n***********************************************\n\n"; 36 | 37 | 38 | // first get the list of rules in an array 39 | $rules = $vsys1->securityRules->rules(); 40 | 41 | 42 | // for every rule we set the security profile 43 | foreach( $rules as $rule ) 44 | { 45 | print "- Updating rule '".$rule->name()."' with security profile '$targetProfile'\n"; 46 | $rule->setSecurityProfileGroup($targetProfile); 47 | } 48 | 49 | 50 | 51 | print "\n***********************************************\n"; 52 | 53 | // Save resulting config to a file 54 | $panc->save_to_file($outputfile); 55 | 56 | //display some statistics 57 | $vsys1->display_statistics(); 58 | 59 | 60 | 61 | //more debugging infos 62 | 63 | memory_and_gc('end'); 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /examples/example-basics-panos.php: -------------------------------------------------------------------------------- 1 | load_from_file($origfile); 24 | 25 | 26 | // Did we find VSYS1 ? 27 | $vsys1 = $panc->findVirtualSystem('vsys1'); 28 | if( $vsys1 === null ) 29 | { 30 | derr("vsys1 was not found ? Exit\n"); 31 | } 32 | 33 | print "\n***********************************************\n\n"; 34 | 35 | 36 | print "\n\n************ Security Rules before changes *********\n\n"; 37 | 38 | // $vsys1->securityRules is an object containing all VSYS1 rules. Here we call display() to print them in console. 39 | $vsys1->securityRules->display(); 40 | 41 | // Here we look for a rule named 'Mail Server incoming mails' 42 | $mailServerRule = $vsys1->securityRules->find('Mail Server incoming mails'); 43 | // exit if that rule was not found 44 | if( $mailServerRule === null ) 45 | derr("ERROR : Cannot find rule 'Mail Server incoming mails'\n"); 46 | 47 | // now look for an object named 'mail-server2' 48 | $objectMailServer2 = $vsys1->addressStore->find('mail-server2'); 49 | if( $objectMailServer2 === null ) 50 | derr("ERROR : Cannot find object named 'mail-server2'\n"); 51 | 52 | // add 'mail-server2' in rule 'Mail Server' source. 53 | $mailServerRule->source->addObject($objectMailServer2); 54 | 55 | 56 | // now we rename object 'mail-server2' into mail 'mail-server3' 57 | $objectMailServer2->setName('mail-server3'); 58 | 59 | 60 | // create a Tag called 'MAIL RULES' 61 | $tagMailRules = $vsys1->tagStore->findOrCreate('MAIL RULES'); 62 | 63 | // add this tag to the rule 'Mail Server incoming mails' 64 | $mailServerRule->tags->addTag($tagMailRules); 65 | 66 | // set Security Group Profile 'SecProf2' on that rule 67 | $mailServerRule->setSecurityProfileGroup('SecProf2'); 68 | 69 | 70 | // disable a rule 71 | $mailServerRule->setDisabled(true); 72 | 73 | // rename it 74 | $mailServerRule->setName('Incoming SMTP'); 75 | 76 | // move it before 'WebFarm access' 77 | $vsys1->securityRules->moveRuleBefore($mailServerRule,'WebFarm access'); 78 | 79 | // change action to deny 80 | $vsys1->securityRules->find('WebFarm access')->setAction('deny'); 81 | 82 | // remove DNAT from a rule 83 | $vsys1->natRules->find('rule7 - dnat with port')->setNoDNAT(); 84 | 85 | // add DNAT to a rule 86 | $vsys1->natRules->find('rule5 - dynamicIP interface spe')->setDNAT($vsys1->addressStore->find('client-2-address')); 87 | 88 | //remove Source NAT froma rule 89 | $vsys1->natRules->find('rule2 - static')->setNoSNAT(); 90 | 91 | // add an IP to a dynamic IP pool 92 | $vsys1->natRules->find('rule3 - dynamic IP address')->snathosts->addObject($vsys1->addressStore->find('client-2-address')); 93 | 94 | 95 | 96 | 97 | print "\n\n************ Security Rules after changes *********\n\n"; 98 | 99 | $vsys1->securityRules->display(); 100 | 101 | 102 | print "\n***********************************************\n"; 103 | 104 | 105 | $panc->save_to_file($outputfile); 106 | 107 | //display some statistics 108 | $vsys1->display_statistics(); 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /examples/example-load-stats.php: -------------------------------------------------------------------------------- 1 | load_from_file($inputfile); 22 | 23 | print "\n***********************************************\n\n"; 24 | 25 | 26 | 27 | 28 | // display some statiscs for debug and exit program! 29 | print "\n\n***********************************************\n"; 30 | $p->display_statistics(); 31 | 32 | 33 | -------------------------------------------------------------------------------- /examples/example-panapiconnector.php: -------------------------------------------------------------------------------- 1 | setShowApiCalls(true); 20 | 21 | $panc = new PANConf(); 22 | $panc->API_load_from_candidate($con); 23 | 24 | // Did we find VSYS1 ? 25 | $vsys1 = $panc->findVirtualSystem('vsys1'); 26 | if( $vsys1 === null ) 27 | { 28 | derr("vsys1 was not found ? Exit\n"); 29 | } 30 | 31 | print "\n***********************************************\n\n"; 32 | 33 | //display rules 34 | $vsys1->securityRules->display(); 35 | 36 | // look for an object named 'User-Networks' 37 | $object = $vsys1->addressStore->find('User-Networks'); 38 | if( $object === null ) 39 | derr("Error: object not found\n"); 40 | 41 | // want to know xpath of an object ? 42 | print "displaying XPATH of object named ".$object->name()." : ".$object->getXPath()."\r\n"; 43 | 44 | // let's rename it in API 45 | $object->API_setName('another-name'); 46 | 47 | $rule = $vsys1->securityRules->find('Mail Server'); 48 | if( $rule === null ) 49 | derr("Error: rule nor found\n"); 50 | 51 | // add an object to this rule Source through API 52 | $rule->source->API_add($object); 53 | 54 | // set Destination to Any 55 | $rule->destination->API_setAny(); 56 | 57 | // remove object from another rule Source 58 | $rule = $vsys1->securityRules->find('Exception SSH for Dev'); 59 | if( $rule === null ) 60 | derr("Error: rule nor found\n"); 61 | $rule->source->API_remove($object); 62 | 63 | // uplaod config directly to the device !!! 64 | //$panc->API_uploadConfig('test-config1.xml'); 65 | 66 | 67 | // display some statiscs for debug and exit program! 68 | print "\n\n***********************************************\n"; 69 | $vsys1->display_statistics(); 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /examples/example-panorama-unused-objects.php: -------------------------------------------------------------------------------- 1 | load_from_file($inputfile); 22 | 23 | print "\n***********************************************\n\n"; 24 | 25 | 26 | 27 | // variable to count unused objects 28 | $countUnused = 0; 29 | 30 | // we put all central stores in an array 31 | 32 | // first the Shared one 33 | $centralstores[] = $p->addressStore; 34 | 35 | foreach( $p->deviceGroups as $dv ) 36 | $centralstores[] = $dv->addressStore; 37 | 38 | 39 | foreach( $centralstores as $store ) 40 | { 41 | print "-- Handling store '".$store->toString()."'\n"; 42 | $objects = $store->all(); 43 | 44 | foreach( $objects as $o) 45 | { 46 | $classname = get_class($o); 47 | if( $classname == "Address" ) 48 | { 49 | // If it's a tmp object , we ignore it 50 | if( $o->isTmpAddr() ) 51 | { 52 | continue; 53 | } 54 | if( $o->countReferences() == 0 ) 55 | { 56 | print "unused object found: ".$o->toString()."\n"; 57 | $countUnused++; 58 | } 59 | } 60 | elseif( $classname == "AddressGroup" ) 61 | { 62 | if( $o->countReferences() == 0 ) 63 | { 64 | print "unused object found: ".$o->toString()."\n"; 65 | $countUnused++; 66 | } 67 | } 68 | else 69 | derr("this class of object is not supported!"); 70 | } 71 | 72 | print "\n\n"; 73 | } 74 | 75 | print "\n\nFound $countUnused unused objects\n\n"; 76 | 77 | 78 | // display some statiscs for debug and exit program! 79 | print "\n\n***********************************************\n"; 80 | $p->display_statistics(); 81 | 82 | 83 | 84 | -------------------------------------------------------------------------------- /examples/example-random-generator.php: -------------------------------------------------------------------------------- 1 | load_from_file($origfile); 21 | 22 | 23 | // Did we find VSYS1 ? 24 | $v = &$panc->findVirtualSystem('vsys1'); 25 | if( $v === null ) 26 | { 27 | derr("vsys1 was not found ? Exit\n"); 28 | } 29 | 30 | print "\n***********************************************\n\n"; 31 | 32 | 33 | $v->securityRules->removeAll(); 34 | 35 | /** @var SecurityRule[] $newRules */ 36 | $newRules = Array(); 37 | $addresses = $v->addressStore->all(); 38 | $ac = count($addresses); 39 | $ak = array_keys($addresses); 40 | 41 | for( $i=0; $i < 1500; $i++ ) 42 | { 43 | $newRules[$i] = $v->securityRules->newSecurityRule('autogen-'.$i); 44 | 45 | $r = rand(1,10); 46 | if( $r > 3 ) 47 | { 48 | $r = rand(1,5); 49 | for($j =0; $j<$r; $j++ ) 50 | { 51 | $addr = $addresses[$ak[rand(0,$ac-1)]]; 52 | $newRules[$i]->source->addObject($addr); 53 | } 54 | } 55 | 56 | $r = rand(1,10); 57 | if( $r > 3 ) 58 | { 59 | $r = rand(1,5); 60 | for($j =0; $j<$r; $j++ ) 61 | { 62 | $addr = $addresses[$ak[rand(0,$ac-1)]]; 63 | $newRules[$i]->destination->addObject($addr); 64 | } 65 | } 66 | } 67 | 68 | 69 | 70 | 71 | 72 | 73 | print "\n***********************************************\n"; 74 | $v->display_statistics(); 75 | 76 | $panc->save_to_file($output); 77 | 78 | 79 | 80 | memory_and_gc('end'); 81 | 82 | 83 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /examples/example-split-large-address-groups.php: -------------------------------------------------------------------------------- 1 | load_from_file($inputfile); 41 | 42 | // load the list of DeviceGroups in an array 43 | $subs = $p->deviceGroups; 44 | 45 | 46 | } 47 | else if( $mode == 'panos') 48 | { 49 | // Create new PanConf object 50 | $p = new PANConf(); 51 | 52 | // load it from XML file 53 | $p->load_from_file($inputfile); 54 | 55 | // load the list of VSYS in an array 56 | $subs = $p->virtualSystems; 57 | 58 | } 59 | else 60 | derr('Please set mode="panos" or mode ="panorama"'); 61 | 62 | 63 | print "\n***********\n\n"; 64 | 65 | 66 | // For every VSYS/DeviceGroups we're going to list Groups and count their members. 67 | foreach($subs as $sub ) 68 | { 69 | print "Found DeviceGroup/VirtualSystem named '".$sub->name()."'\n"; 70 | 71 | $countGroups = $sub->addressStore->countAddressGroups(); 72 | 73 | print " Found $countGroups AddressGroups in this DV"; 74 | 75 | $Groups = $sub->addressStore->addressGroups(); 76 | 77 | foreach( $Groups as $group ) 78 | { 79 | $membersCount = $group->count(); 80 | 81 | // if this group has more members than $largeGroupsCount then we must split it 82 | if( $membersCount > $largeGroupsCount ) 83 | { 84 | print " AddressGroup named '".$group->name()."' with $membersCount members \n"; 85 | 86 | // get member list in $members 87 | $members = $group->members(); 88 | 89 | $i=0; 90 | 91 | if( isset($newGroup) ) unset($newGroup); 92 | 93 | // loop move every member to a new subgroup 94 | foreach( $members as $member ) 95 | { 96 | // Condition to detect if previous sub-group is full 97 | // so we have to create a new one 98 | if( $i%$splitCount == 0 ) 99 | { 100 | if( isset($newGroup) ) 101 | { // now we can rewrite XML 102 | $newGroup->rewriteXML(); 103 | } 104 | 105 | // create a new sub-group with name 'original--1' 106 | $newGroup = $sub->addressStore->newAddressGroup( $group->name().'--'.($i/$splitCount) ); 107 | print " New AddressGroup object created with name: ".$newGroup->name()."\n"; 108 | 109 | // add this new sub-group to the original one. Don't rewrite XML for performance reasons. 110 | $group->addMember($newGroup, false); 111 | } 112 | 113 | // remove current group member from old group, don't rewrite XML yet for performance savings 114 | $group->removeMember( $member, false ); 115 | 116 | // we add current group member to new subgroup 117 | $newGroup->addMember( $member, false ); 118 | 119 | $i++; 120 | } 121 | if( isset($newGroup) ) 122 | { // now we can rewrite XML 123 | $newGroup->rewriteXML(); 124 | } 125 | 126 | // Now we can rewrite XML 127 | $group->rewriteXML(); 128 | 129 | print " AddressGroup count after split: ".$group->count()." \n"; 130 | 131 | print "\n"; 132 | 133 | } 134 | } 135 | 136 | } 137 | 138 | 139 | print "\n\n"; 140 | 141 | 142 | $p->save_to_file($outputfile); 143 | 144 | 145 | 146 | -------------------------------------------------------------------------------- /examples/example-tag-zone.php: -------------------------------------------------------------------------------- 1 | load_from_file($inputfile); 30 | print "\n***********************************************\n\n"; 31 | 32 | 33 | // below starts the real stuff 34 | 35 | // we need to find references of Zones 'internal' and 'external'. they will be used later 36 | $internal = $p->zoneStore->find('internal'); 37 | $external = $p->zoneStore->find('external'); 38 | 39 | if( !$internal ) 40 | derr("We didn't find zone 'internal', is there a problem? \n"); 41 | if( !$external ) 42 | derr("We didn't find zone 'external', is there a problem? \n"); 43 | 44 | 45 | // We are looking for a tag called "Outgoing" , to be used later, same for Incoming tag 46 | $outgoing = $p->tagStore->find('Outgoing'); 47 | if( !$outgoing ) 48 | derr("We didn't find tag Outgoing, is there a problem? \n"); 49 | 50 | // We are looking for a tag called "Incoming" 51 | $incoming = $p->tagStore->find('Incoming'); 52 | if( !$incoming ) 53 | derr("We didn't find tag Incoming, is there a problem? \n"); 54 | 55 | 56 | /***************************************** 57 | Let's process rules with Outgoing tag 58 | ******************************************/ 59 | 60 | // How many times is this tag used globally ? 61 | $countref = $outgoing->countReferences(); 62 | print "Tag named '".$outgoing->name()."' is used in $countref places\n"; 63 | 64 | // But we need to filter these references to extract SecurityRule only 65 | $list = $outgoing->findAssociatedSecurityRules(); 66 | // how many references left after filtering? 67 | $countref = count($list); 68 | $total = $countref; 69 | print "Tag named '".$outgoing->name()."' is used in $countref SecurityRules\n"; 70 | 71 | // Now we need to look at each rule and change it's source and destination zones 72 | foreach ($list as $rule) 73 | { 74 | // print rulename for debug, comment them if you want 75 | print " Rule named '".$rule->name()."' from DeviceGroup '".$rule->owner->name()."' with tag '".$incoming->name()."' has the following Zones:\n"; 76 | print " From: ".$rule->from->toString_inline()."\n"; 77 | print " To: ".$rule->to->toString_inline()."\n"; 78 | 79 | // now we check if each rule has internal in source zone and external in destination zone 80 | if( ! $rule->from->hasZone($internal) ) 81 | { 82 | print " This rule needs source zone to be added\n"; 83 | $rule->from->addZone($internal); 84 | print " Updated From: ".$rule->from->toString_inline()."\n"; 85 | } 86 | if( ! $rule->to->hasZone($external) ) 87 | { 88 | print " This rule needs destination zone to be added\n"; 89 | $rule->to->addZone($external); 90 | print " Updated To: ".$rule->to->toString_inline()."\n"; 91 | } 92 | 93 | print "\n"; 94 | 95 | } 96 | 97 | 98 | /***************************************** 99 | Now rules with Incoming Tag 100 | ******************************************/ 101 | // How many times is this tag used globally ? 102 | $countref = $incoming->countReferences(); 103 | $total += $countref; 104 | print "Tag named '".$incoming->name()."' is used in $countref places\n"; 105 | 106 | // But we need to filter these references to extract SecurityRule only 107 | $list = $incoming->findAssociatedSecurityRules(); 108 | // how many references left after filtering? 109 | $countref = count($list); 110 | print "Tag named '".$incoming->name()."' is used in $countref SecurityRules\n"; 111 | 112 | // Now we need to look at each rule and change it's source and destination zones 113 | foreach ($list as $rule) 114 | { 115 | // print rulename for debug, comment them if you want 116 | print " Rule named '".$rule->name()."' from DeviceGroup '".$rule->owner->name()."' with tag '".$incoming->name()."' has the following Zones:\n"; 117 | print " From: ".$rule->from->toString_inline()."\n"; 118 | print " To: ".$rule->to->toString_inline()."\n"; 119 | 120 | // now we check if each rule has internal in source zone and external in destination zone 121 | if( ! $rule->from->hasZone($external) ) 122 | { 123 | print " This rule needs needs source zone to be added\n"; 124 | $rule->from->addZone($external); 125 | print " Updated From: ".$rule->from->toString_inline()."\n"; 126 | } 127 | if( ! $rule->to->hasZone($internal) ) 128 | { 129 | print " This rule needs needs destination zone to be added\n"; 130 | $rule->to->addZone($internal); 131 | print " Updated To: ".$rule->to->toString_inline()."\n"; 132 | } 133 | 134 | print "\n"; 135 | 136 | } 137 | 138 | 139 | print "We have edited a total of $total SecurityRules\n\n"; 140 | 141 | 142 | // save resulting configuration file to output.xml 143 | $p->save_to_file($outputfile); 144 | 145 | 146 | // display some statiscs for debug and exit program! 147 | print "\n\n***********************************************\n"; 148 | $p->display_statistics(); 149 | 150 | memory_and_gc('end'); 151 | 152 | 153 | -------------------------------------------------------------------------------- /examples/example-whereused.php: -------------------------------------------------------------------------------- 1 | load_from_file($origfile); 24 | 25 | 26 | // Did we find VSYS1 ? 27 | $vsys1 = $panc->findVirtualSystem('vsys1'); 28 | if( $vsys1 === null ) 29 | { 30 | derr("vsys1 was not found ? Exit\n"); 31 | } 32 | 33 | print "\n***********************************************\n\n"; 34 | 35 | // look for an object named server-4-address 36 | $addressObject = $vsys1->addressStore->find('server-4-address'); 37 | // display the list of objects that are using this 38 | $addressObject->display_references(); 39 | 40 | print "\n"; 41 | 42 | // look for an object called client-2-address 43 | $anotherObject = $vsys1->addressStore->find('client-2-address'); 44 | // display the list of objects that are using this 45 | $anotherObject->display_references(); 46 | 47 | print "\nAfter replacement\n\n"; 48 | 49 | // Let's replace this object by another one everywhere 50 | $addressObject->replaceMeGlobally($anotherObject); 51 | 52 | $addressObject->display_references(); 53 | print "\n"; 54 | $anotherObject->display_references(); 55 | 56 | 57 | 58 | 59 | 60 | print "\n***********************************************\n"; 61 | 62 | 63 | //display some statistics 64 | $vsys1->display_statistics(); 65 | 66 | 67 | 68 | 69 | //more debugging infos 70 | 71 | memory_and_gc('end'); 72 | 73 | 74 | -------------------------------------------------------------------------------- /examples/template-for-your-own-scripts.php: -------------------------------------------------------------------------------- 1 | load($configInput['filename'], XML_PARSE_BIG_LINES) ) 43 | derr("error while reading xml config file"); 44 | 45 | } 46 | elseif ( $configInput['type'] == 'api' ) 47 | { 48 | $apiMode = true; 49 | if($debugAPI) 50 | $configInput['connector']->setShowApiCalls(true); 51 | print " - Downloading config from API... "; 52 | $xmlDoc = $configInput['connector']->getCandidateConfig(); 53 | print "OK!\n"; 54 | } 55 | else 56 | derr('not supported yet'); 57 | 58 | // 59 | // Determine if PANOS or Panorama 60 | // 61 | $xpathResult = DH::findXPath('/config/devices/entry/vsys', $xmlDoc); 62 | if( $xpathResult === FALSE ) 63 | derr('XPath error happened'); 64 | if( $xpathResult->length <1 ) 65 | $configType = 'panorama'; 66 | else 67 | $configType = 'panos'; 68 | unset($xpathResult); 69 | 70 | if( $configType == 'panos' ) 71 | $pan = new PANConf(); 72 | else 73 | $pan = new PanoramaConf(); 74 | 75 | print " - Detected platform type is '{$configType}'\n"; 76 | if( $configInput['type'] == 'api' ) 77 | $pan->connector = $configInput['connector']; 78 | 79 | if( isset(PH::$args['location']) ) 80 | { 81 | $location = PH::$args['location']; 82 | $sub = $pan->findSubSystemByName($location); 83 | if( $sub === null ) 84 | { 85 | print " - specific location '{$location}' was not found. EXIT!!\n\n"; 86 | exit(1); 87 | } 88 | } 89 | else 90 | { 91 | $location = 'undefined'; 92 | print " - no 'location' provided so \$sub is not set\n"; 93 | } 94 | 95 | print "\n\n ********** **********\n\n"; 96 | 97 | /********************************* 98 | * * 99 | * * START WRITING YOUR CODE HERE 100 | * * 101 | * * List of available variables: 102 | * * $pan : PANConf or PanoramaConf object 103 | * * $location : string with location name or undefined if not provided on CLI 104 | * * $sub : DeviceGroup or VirtualSystem found after looking from cli 'location' argument 105 | * * $apiMode : if config file was downloaded from API directly 106 | * * PH::$args : array with all CLI arguments processed by PAN-PHP-FRAMEWORK 107 | * * 108 | */ 109 | 110 | 111 | 112 | print "\n************* END OF SCRIPT ".basename(__FILE__)." ************\n\n"; 113 | 114 | -------------------------------------------------------------------------------- /lib/device-and-system-classes/class-ManagedDevice.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class ManagedDevice 19 | { 20 | use ReferencableObject; 21 | use PathableName; 22 | use XmlConvertible; 23 | 24 | /** @var ManagedDeviceStore */ 25 | public $owner; 26 | 27 | public $devicegroup; 28 | public $template; 29 | public $template_stack; 30 | 31 | 32 | function __construct( $name, $owner ) 33 | { 34 | $this->owner = $owner; 35 | $this->name = $name; 36 | } 37 | 38 | 39 | 40 | public function addDeviceGroup( $devicegroup ) 41 | { 42 | $this->devicegroup = $devicegroup; 43 | } 44 | 45 | public function addTemplate( $template ) 46 | { 47 | $this->template = $template; 48 | } 49 | 50 | public function addTemplateStack( $template_stack ) 51 | { 52 | $this->template_stack = $template_stack; 53 | } 54 | 55 | public function getDeviceGroup( ) 56 | { 57 | return $this->devicegroup; 58 | } 59 | 60 | public function getTemplate( ) 61 | { 62 | return $this->template; 63 | } 64 | 65 | public function getTemplateStack( ) 66 | { 67 | return $this->template_stack; 68 | } 69 | } -------------------------------------------------------------------------------- /lib/device-and-system-classes/class-ManagedDeviceStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | /** 19 | * Class ManagedDeviceStore 20 | * @property ManagedDevice[] $o 21 | * @property PanoramaConf $owner 22 | * @method ManagedDevice[] getAll() 23 | */ 24 | class ManagedDeviceStore extends ObjStore 25 | { 26 | /** @var PanoramaConf */ 27 | public $owner; 28 | 29 | /** @var null|TagStore */ 30 | protected $parentCentralStore = null; 31 | 32 | public static $childn = 'ManagedDevice'; 33 | 34 | 35 | public function __construct($owner) 36 | { 37 | $this->classn = &self::$childn; 38 | 39 | $this->owner = $owner; 40 | $this->o = Array(); 41 | } 42 | 43 | public function load_from_domxml(DOMElement $xml) 44 | { 45 | $this->xmlroot = $xml; 46 | $this->owner->managedFirewallsSerials = $this->get_serial_from_xml( $xml, true ); 47 | 48 | } 49 | 50 | public function get_serial_from_xml( DOMElement $xml, $add_firewall = false ) 51 | { 52 | $tmp_managedFirewallsSerials = array(); 53 | 54 | $tmp = DH::findFirstElementOrCreate('devices', $xml); 55 | 56 | foreach( $tmp->childNodes as $serial ) 57 | { 58 | if( $serial->nodeType != 1 ) 59 | continue; 60 | $s = DH::findAttribute('name', $serial); 61 | if( $s === FALSE ) 62 | derr('no serial found'); 63 | 64 | if( $add_firewall ) 65 | { 66 | $tmp_obj = new ManagedDevice( $s, $this ); 67 | $this->add( $tmp_obj ); 68 | } 69 | 70 | 71 | $tmp_managedFirewallsSerials[$s] = $s; 72 | } 73 | return $tmp_managedFirewallsSerials; 74 | } 75 | 76 | /** 77 | * @param $serial 78 | * @param null $ref 79 | * @param bool $nested 80 | * @return null|ManagedDevice 81 | */ 82 | public function find($serial, $ref = null, $nested = TRUE) 83 | { 84 | $f = $this->findByName($serial, $ref); 85 | 86 | if( $f !== null ) 87 | return $f; 88 | 89 | return null; 90 | } 91 | } -------------------------------------------------------------------------------- /lib/device-and-system-classes/class-Template.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class Template 19 | { 20 | use ReferencableObject; 21 | use PathableName; 22 | use PanSubHelperTrait; 23 | 24 | /** @var PanoramaConf */ 25 | public $owner; 26 | 27 | /** @var PANConf */ 28 | public $deviceConfiguration; 29 | 30 | protected $FirewallsSerials = Array(); 31 | 32 | /** 33 | * Template constructor. 34 | * @param string $name 35 | * @param PanoramaConf $owner 36 | */ 37 | public function __construct($name, $owner) 38 | { 39 | $this->name = $name; 40 | $this->owner = $owner; 41 | $this->deviceConfiguration = new PANConf(null, null, $this); 42 | } 43 | 44 | public function load_from_domxml(DOMElement $xml) 45 | { 46 | $this->xmlroot = $xml; 47 | 48 | $this->name = DH::findAttribute('name', $xml); 49 | if( $this->name === FALSE ) 50 | derr("template name not found\n", $xml); 51 | 52 | $tmp = DH::findFirstElementOrCreate('config', $xml); 53 | 54 | $this->deviceConfiguration->load_from_domxml($tmp); 55 | 56 | $this->FirewallsSerials = $this->owner->managedFirewallsStore->get_serial_from_xml( $xml ); 57 | foreach( $this->FirewallsSerials as $serial) 58 | { 59 | $managedFirewall = $this->owner->managedFirewallsStore->find( $serial ); 60 | if( $managedFirewall !== null ) 61 | $managedFirewall->addTemplate( $this->name ); 62 | } 63 | } 64 | 65 | public function name() 66 | { 67 | return $this->name; 68 | } 69 | 70 | public function &getXPath() 71 | { 72 | $str = "/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='".$this->name."']"; 73 | 74 | return $str; 75 | } 76 | 77 | public function isTemplate() 78 | { 79 | return true; 80 | } 81 | 82 | } 83 | 84 | -------------------------------------------------------------------------------- /lib/device-and-system-classes/class-TemplateStack.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class TemplateStack 19 | { 20 | use ReferencableObject; 21 | use PathableName; 22 | use PanSubHelperTrait; 23 | 24 | /** @var PanoramaConf */ 25 | public $owner; 26 | 27 | /** @var array */ 28 | public $templates = array(); 29 | 30 | protected $FirewallsSerials = Array(); 31 | 32 | /** 33 | * Template constructor. 34 | * @param string $name 35 | * @param PanoramaConf $owner 36 | */ 37 | public function __construct($name, $owner) 38 | { 39 | $this->name = $name; 40 | $this->owner = $owner; 41 | $this->deviceConfiguration = new PANConf(null, null, $this); 42 | } 43 | 44 | public function load_from_domxml(DOMElement $xml) 45 | { 46 | $this->xmlroot = $xml; 47 | 48 | $this->name = DH::findAttribute('name', $xml); 49 | if( $this->name === FALSE ) 50 | derr("templatestack name not found\n", $xml); 51 | 52 | #print "template-stack: ".$this->name."\n"; 53 | $tmp = DH::findFirstElement('templates', $xml); 54 | 55 | if( $tmp !== FALSE ) 56 | { 57 | foreach( $tmp->childNodes as $node ) 58 | { 59 | if( $node->nodeType != XML_ELEMENT_NODE ) continue; 60 | 61 | $ldv = $node->textContent; 62 | $this->templates[] = $ldv; 63 | //print "Template '{$ldv}' found\n"; 64 | //Todo: add reference to Template 65 | } 66 | #print_r( $this->templates ); 67 | } 68 | 69 | $this->FirewallsSerials = $this->owner->managedFirewallsStore->get_serial_from_xml( $xml ); 70 | foreach( $this->FirewallsSerials as $serial) 71 | { 72 | $managedFirewall = $this->owner->managedFirewallsStore->find( $serial ); 73 | if( $managedFirewall !== null ) 74 | $managedFirewall->addTemplateStack( $this->name ); 75 | } 76 | } 77 | 78 | public function name() 79 | { 80 | return $this->name; 81 | } 82 | 83 | public function isTemplateStack() 84 | { 85 | return true; 86 | } 87 | 88 | } 89 | 90 | -------------------------------------------------------------------------------- /lib/misc-classes/class-CsvParser.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | class CsvParser 20 | { 21 | /** 22 | * @param string $fileName 23 | * @param string $errorMessage 24 | * @param bool $hasHeaders 25 | * @param bool $skipEmptyLines 26 | * @param null|string[] $customHeaders 27 | * @return false|string[] 28 | */ 29 | static public function &parseFile( $fileName, &$errorMessage, $hasHeaders = true, $skipEmptyLines = false,$customHeaders = null) 30 | { 31 | $ret = false; 32 | 33 | if( !file_exists($fileName) ) 34 | { 35 | $errorMessage = "file '$fileName' doesn't exists"; 36 | return $ret; 37 | } 38 | 39 | $content = file_get_contents($fileName); 40 | 41 | if( $content === FALSE ) 42 | { 43 | $errorMessage = "file '$fileName' could not be open (permission problem?)"; 44 | return $ret; 45 | } 46 | 47 | $ret = CsvParser::parseString($content, $errorMessage, $hasHeaders, $skipEmptyLines, $customHeaders); 48 | 49 | return $ret; 50 | } 51 | 52 | /** 53 | * @param string $content 54 | * @param string $errorMessage 55 | * @param bool $hasHeaders 56 | * @param bool $skipEmptyLines 57 | * @param null|string[] $customHeaders 58 | * @return false|string[] 59 | */ 60 | static public function &parseString( $content, &$errorMessage, $hasHeaders = true, $skipEmptyLines = false, $customHeaders = null) 61 | { 62 | $ret = false; 63 | 64 | $content = explode("\n", $content); 65 | 66 | if( $hasHeaders ) 67 | { 68 | if( $customHeaders === null ) 69 | { 70 | // first line is headers, let's get it. 71 | if( count($content) < 1 ) 72 | { 73 | $errorMessage = 'file is empty, no header to parse'; 74 | return $ret; 75 | } 76 | 77 | $headerLine = trim($content[0]); 78 | unset($content[0]); 79 | 80 | if( strlen($headerLine) < 1 ) 81 | { 82 | $errorMessage = 'header is empty line'; 83 | return $ret; 84 | } 85 | 86 | $headers = explode(',', $headerLine); 87 | if( count($headers) < 1 ) 88 | { 89 | $errorMessage = 'file is empty or header malformed'; 90 | return $ret; 91 | } 92 | 93 | $uniqueCheck = Array(); 94 | 95 | foreach( $headers as &$h ) 96 | { 97 | if( strlen($h) < 1 ) 98 | { 99 | $errorMessage = 'one of the header column name is empty'; 100 | return $ret; 101 | } 102 | if( isset($uniqueCheck[$h]) ) 103 | { 104 | $errorMessage = "two or more headers columns have same name '$h'"; 105 | return $ret; 106 | } 107 | 108 | $uniqueCheck[$h] = true; 109 | } 110 | 111 | } 112 | else 113 | { 114 | if( !is_array($customHeaders) ) 115 | { 116 | $errorMessage = "two or more headers columns have same name"; 117 | return $ret; 118 | } 119 | 120 | $headers = Array(); 121 | 122 | foreach( $customHeaders as &$h ) 123 | { 124 | if( strlen($h) < 1 ) 125 | { 126 | $errorMessage = 'one of the header column name is empty'; 127 | return $ret; 128 | } 129 | 130 | $headers[] = $h; 131 | } 132 | } 133 | 134 | $response = Array( 'header' => &$headers ); 135 | } 136 | 137 | $records = Array(); 138 | $response['records'] = &$records; 139 | 140 | $countLines = -1; 141 | foreach($content as &$line) 142 | { 143 | $countLines++; 144 | $line = trim($line); 145 | if( isset($csvRecord) ) 146 | unset($csvRecord); 147 | 148 | $csvRecord = Array(); 149 | $records[] = &$csvRecord; 150 | 151 | if( strlen($line) < 1 ) 152 | { 153 | if( $skipEmptyLines == true ) 154 | continue; 155 | 156 | $errorMessage = "line #{$countLines} is empty"; 157 | return $ret; 158 | } 159 | 160 | $explodedLine = str_getcsv($line); 161 | 162 | 163 | for($i=0; $i < count($explodedLine); $i++) 164 | { 165 | if( isset($headers[$i]) ) 166 | { 167 | $csvRecord[$headers[$i]] = $explodedLine[$i]; 168 | } 169 | else 170 | { 171 | $csvRecord['col#'.$i] = $explodedLine[$i]; 172 | } 173 | } 174 | 175 | } 176 | 177 | $response['count'] = $countLines+1; 178 | 179 | return $records; 180 | } 181 | } -------------------------------------------------------------------------------- /lib/misc-classes/filters-Application.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | RQuery::$defaultFilters['app']['name']['operators']['eq'] = Array( 6 | 'Function' => function(ApplicationRQueryContext $context ) 7 | { 8 | return $context->object->name() == $context->value; 9 | }, 10 | 'arg' => true, 11 | 'ci' => Array( 12 | 'fString' => '(%PROP% ftp)', 13 | 'input' => 'input/panorama-8.0.xml' 14 | ) 15 | ); 16 | 17 | RQuery::$defaultFilters['app']['characteristic']['operators']['has'] = Array( 18 | 'Function' => function(ApplicationRQueryContext $context ) 19 | { 20 | $app = $context->object; 21 | 22 | if( $app->isContainer() ) 23 | return null; 24 | 25 | $sanitizedValue = strtolower($context->value); 26 | if( $app->_characteristics[$sanitizedValue] === true ) 27 | return true; 28 | 29 | return false; 30 | }, 31 | 'arg' => true, 32 | 'ci' => Array( 33 | 'fString' => '(%PROP% evasive) ', 34 | 'input' => 'input/panorama-8.0.xml' 35 | ) 36 | ); 37 | 38 | 39 | // -------------------------------------------------------------------------------- /lib/misc-classes/trait-ObjectWithDescription.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /** 19 | * @property DOMElement|null $xmlroot 20 | */ 21 | trait ObjectWithDescription 22 | { 23 | /** @var string */ 24 | protected $_description = null; 25 | 26 | /** 27 | * @return string if no description then string will be empty: '' 28 | */ 29 | function description() 30 | { 31 | if( $this->_description === null ) 32 | return ''; 33 | 34 | return $this->_description; 35 | } 36 | 37 | /** 38 | * @param null|string $newDescription empty or null description will erase existing one 39 | * @return bool false if no update was made to description (already had same value) 40 | */ 41 | function setDescription($newDescription=null) 42 | { 43 | if( $newDescription === null || strlen($newDescription) < 1) 44 | { 45 | if($this->_description === null ) 46 | return false; 47 | 48 | $this->_description = null; 49 | $tmpRoot = DH::findFirstElement('description', $this->xmlroot); 50 | 51 | if( $tmpRoot === false ) 52 | return true; 53 | 54 | $this->xmlroot->removeChild($tmpRoot); 55 | } 56 | else 57 | { 58 | $newDescription = utf8_encode( $newDescription ); 59 | if( $this->_description == $newDescription ) 60 | return false; 61 | $this->_description = $newDescription; 62 | $tmpRoot = DH::findFirstElementOrCreate('description', $this->xmlroot); 63 | DH::setDomNodeText( $tmpRoot, $this->_description ); 64 | } 65 | 66 | return true; 67 | } 68 | 69 | 70 | /** 71 | * @param string $newDescription 72 | * @return bool true if value was changed 73 | */ 74 | public function API_setDescription($newDescription) 75 | { 76 | $ret = $this->setDescription($newDescription); 77 | if( $ret ) 78 | { 79 | $xpath = $this->getXPath().'/description'; 80 | $con = findConnectorOrDie($this); 81 | 82 | if( strlen($this->_description) < 1 ) 83 | $con->sendDeleteRequest($xpath); 84 | else 85 | $con->sendSetRequest($this->getXPath(), ''.htmlspecialchars($this->_description).''); 86 | 87 | } 88 | 89 | return $ret; 90 | } 91 | 92 | public function description_merge( Rule $other ) 93 | { 94 | $description = $this->description(); 95 | $other_description = $other->description(); 96 | 97 | $new_description = $description; 98 | 99 | //Todo: validation needed 100 | //1) to long 101 | //2) take half max of first and half max of second 102 | 103 | $description_len = strlen($description); 104 | $other_description_len = strlen($other_description); 105 | 106 | if( $this->owner->owner->version < 71 ) 107 | $max_length = 253; 108 | else 109 | $max_length = 1020; 110 | 111 | if( $description_len + $other_description_len > $max_length ) 112 | { 113 | if( $description_len > $max_length/2 && $other_description_len > $max_length/2 ) 114 | { 115 | $new_description = substr( $description, 0, $max_length/2-1) ."|". substr($other_description, 0, $max_length/2-1); 116 | } 117 | else 118 | $new_description = substr( $description."|".$other_description, 0, $max_length ); 119 | } 120 | else 121 | $new_description = $description ."|". $other_description ; 122 | 123 | $this->setDescription( $new_description ); 124 | } 125 | 126 | protected function _load_description_from_domxml() 127 | { 128 | $descroot = DH::findFirstElement('description', $this->xmlroot ); 129 | if( $descroot !== false ) 130 | $this->_description = $descroot->textContent; 131 | } 132 | 133 | } 134 | 135 | -------------------------------------------------------------------------------- /lib/misc-classes/trait-PanSubHelperTrait.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | trait PanSubHelperTrait 19 | { 20 | 21 | public function isPanorama() 22 | { 23 | false; 24 | } 25 | 26 | public function isFirewall() 27 | { 28 | false; 29 | } 30 | 31 | public function isVirtualSystem() 32 | { 33 | false; 34 | } 35 | 36 | public function isDeviceGroup() 37 | { 38 | false; 39 | } 40 | 41 | public function isTemplate() 42 | { 43 | false; 44 | } 45 | 46 | } 47 | -------------------------------------------------------------------------------- /lib/misc-classes/trait-PathableName.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /** 19 | * Class PathableName 20 | * @property AppStore|AddressStore|ServiceStore|RuleStore|Rule|PanoramaConf|PANConf|DeviceGroup|VirtualSystem $owner 21 | * @property string $name 22 | */ 23 | trait PathableName 24 | { 25 | /** 26 | * 27 | * @return String 28 | */ 29 | public function toString() 30 | { 31 | if( isset($this->name) ) 32 | if( isset($this->_alternativeName) && $this->_alternativeName != "" ) 33 | $ret = get_class($this).':'.$this->name." *".$this->_alternativeName."*"; 34 | else 35 | $ret = get_class($this).':'.$this->name; 36 | else 37 | $ret = get_class($this); 38 | 39 | if( isset($this->owner) && $this->owner !== null ) 40 | $ret = $this->owner->toString().' / '.$ret; 41 | 42 | return $ret; 43 | } 44 | 45 | public function _PANC_shortName() 46 | { 47 | $str = ''; 48 | 49 | $owner = $this; 50 | 51 | while( $owner !== null ) 52 | { 53 | if( is_subclass_of($owner, 'ObjRuleContainer') || 54 | get_class($owner) == 'DeviceGroup' || get_class($owner) == 'VirtualSystem' ) 55 | $str = $owner->name().$str; 56 | elseif( is_subclass_of($owner, 'Rule') ) 57 | { 58 | $str = $owner->ruleNature().':'.$owner->name().$str; 59 | $owner = $owner->owner; 60 | } 61 | else 62 | { 63 | if( method_exists($owner, 'name') ) 64 | $str = get_class($owner) . ':' . $owner->name() . $str; 65 | else 66 | $str = get_class($owner) . $str; 67 | } 68 | 69 | $str = '/'.$str; 70 | 71 | if( !isset($owner->owner) ) 72 | break; 73 | if( get_class($owner) == 'DeviceGroup' || get_class($owner) == 'VirtualSystem' ) 74 | break; 75 | $owner = $owner->owner; 76 | } 77 | 78 | return $str; 79 | } 80 | 81 | public function getLocationString() 82 | { 83 | $obj = PH::findLocationObjectOrDie($this); 84 | return PH::getLocationString($obj); 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /lib/misc-classes/trait-XmlConvertible.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | 20 | trait XmlConvertible 21 | { 22 | /** @var DOMElement|null $xmlroot */ 23 | public $xmlroot = null; 24 | 25 | function &getXmlText_inline() 26 | { 27 | return DH::dom_to_xml($this->xmlroot, -1, false); 28 | } 29 | 30 | /** 31 | * @param bool|true $indenting 32 | * @return string 33 | */ 34 | function &getXmlText( $indenting = true) 35 | { 36 | 37 | if( $indenting ) 38 | return DH::dom_to_xml($this->xmlroot, 0, true); 39 | return DH::dom_to_xml($this->xmlroot, -1, true); 40 | } 41 | 42 | /** 43 | * @return string 44 | */ 45 | function &getChildXmlText_inline() 46 | { 47 | return DH::domlist_to_xml($this->xmlroot->childNodes, -1, false); 48 | } 49 | 50 | public function API_sync() 51 | { 52 | $xpath = DH::elementToPanXPath($this->xmlroot); 53 | $con = findConnectorOrDie($this); 54 | 55 | $con->sendEditRequest($xpath, $this->getXmlText_inline()); 56 | } 57 | 58 | public function set_node_attribute( $att_name, $message ) 59 | { 60 | $this->xmlroot->setAttribute( $att_name, $message); 61 | } 62 | 63 | } 64 | 65 | -------------------------------------------------------------------------------- /lib/network-classes/class-AggregateEthernetIfStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /** 19 | * Class AggregateEthernetIfStore 20 | * @property AggregateEthernetInterface[] $o 21 | */ 22 | class AggregateEthernetIfStore extends EthernetIfStore 23 | { 24 | public static $childn = 'AggregateEthernetInterface'; 25 | 26 | } -------------------------------------------------------------------------------- /lib/network-classes/class-AggregateEthernetInterface.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class AggregateEthernetInterface extends EthernetInterface 19 | { 20 | 21 | /** @var string */ 22 | public $type = 'aggregate'; 23 | 24 | public function isEthernetType() { return false; } 25 | 26 | public function isAggregateType() { return true; } 27 | 28 | 29 | static public $templatexml = ' 30 | 31 | 32 | 33 | 34 | no 35 | 36 | 37 | 38 | 39 | no 40 | 41 | 42 | no 43 | 44 | 45 | 46 | '; 47 | 48 | } -------------------------------------------------------------------------------- /lib/network-classes/class-IKEGatewayStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /** 20 | * Class IKEGatewayStore 21 | * @property $o IKEGateway[] 22 | * @property PANConf $owner 23 | */ 24 | class IKEGatewayStore extends ObjStore 25 | { 26 | public static $childn = 'IKEGateway'; 27 | 28 | protected $fastMemToIndex=null; 29 | protected $fastNameToIndex=null; 30 | 31 | public function __construct($name, $owner) 32 | { 33 | $this->name = $name; 34 | $this->owner = $owner; 35 | $this->classn = &self::$childn; 36 | } 37 | 38 | /** 39 | * @return IKEGateway[] 40 | */ 41 | public function gateways() 42 | { 43 | return $this->o; 44 | } 45 | 46 | /** 47 | * Creates a new IKEGateway in this store. It will be placed at the end of the list. 48 | * @param string $name name of the new IKEGateway 49 | * @return IKEGateway 50 | */ 51 | public function newIKEGateway($name, $ikev2 = false ) 52 | { 53 | $gateway = new IKEGateway( $name, $this); 54 | if( $ikev2 ) 55 | $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, IKEGateway::$templatexml_ikev2); 56 | else 57 | $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, IKEGateway::$templatexml); 58 | 59 | $gateway->load_from_domxml($xmlElement); 60 | 61 | $gateway->owner = null; 62 | $gateway->setName($name); 63 | 64 | $this->addGateway( $gateway ); 65 | 66 | return $gateway; 67 | } 68 | 69 | 70 | /** 71 | * @param IKEGateway $gateway 72 | * @return bool 73 | */ 74 | public function addGateway($gateway) 75 | { 76 | if( !is_object($gateway) ) 77 | derr('this function only accepts IKEGateway class objects'); 78 | 79 | if( $gateway->owner !== null ) 80 | derr('Trying to add a gateway that has a owner already !'); 81 | 82 | 83 | $ser = spl_object_hash($gateway); 84 | 85 | if (!isset($this->fastMemToIndex[$ser])) 86 | { 87 | $gateway->owner = $this; 88 | 89 | if( $this->xmlroot === null ) 90 | $this->createXmlRoot(); 91 | 92 | $this->xmlroot->appendChild($gateway->xmlroot); 93 | 94 | $ret = $this->add($gateway); 95 | 96 | return true; 97 | } else 98 | derr('You cannot add a Gateway that is already here :)'); 99 | 100 | return false; 101 | } 102 | 103 | public function createXmlRoot() 104 | { 105 | if( $this->xmlroot === null ) 106 | { 107 | //TODO: 20180331 why I need to create full path? why it is not set before??? 108 | $xml = DH::findFirstElementOrCreate('devices', $this->owner->xmlroot); 109 | $xml = DH::findFirstElementOrCreate('entry', $xml); 110 | $xml = DH::findFirstElementOrCreate('network', $xml); 111 | $xml = DH::findFirstElementOrCreate('ike', $xml); 112 | 113 | $this->xmlroot = DH::findFirstElementOrCreate('gateway', $xml); 114 | } 115 | } 116 | 117 | /** 118 | * @param $IKEName string 119 | * @return null|IKEGateway 120 | */ 121 | public function findIKEGateway($IKEName) 122 | { 123 | return $this->findByName($IKEName); 124 | } 125 | 126 | } -------------------------------------------------------------------------------- /lib/network-classes/class-IPSecCryptoProfileStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /** 20 | * Class IPsecCryptoProfilStore 21 | * @property $o IPsecCryptoProfil[] 22 | * @property PANConf $owner 23 | */ 24 | class IPSecCryptoProfileStore extends ObjStore 25 | { 26 | public static $childn = 'IPSecCryptoProfil'; 27 | 28 | protected $fastMemToIndex=null; 29 | protected $fastNameToIndex=null; 30 | 31 | public function __construct($name, $owner) 32 | { 33 | $this->name = $name; 34 | $this->owner = $owner; 35 | $this->classn = &self::$childn; 36 | } 37 | 38 | /** 39 | * @return IPSecCryptoProfil[] 40 | */ 41 | public function ipsecCryptoProfil() 42 | { 43 | return $this->o; 44 | } 45 | 46 | /** 47 | * Creates a new IPsecCryptoProfil in this store. It will be placed at the end of the list. 48 | * @param string $name name of the new IPsecCryptoProfil 49 | * @return IPSecCryptoProfil 50 | */ 51 | public function newIPsecCryptoProfil( $name ) 52 | { 53 | $CryptoProfile = new IPSecCryptoProfil( $name, $this); 54 | $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, IPSecCryptoProfil::$templatexml); 55 | 56 | $CryptoProfile->load_from_domxml($xmlElement); 57 | 58 | $CryptoProfile->owner = null; 59 | $CryptoProfile->setName($name); 60 | 61 | $this->addProfil( $CryptoProfile ); 62 | 63 | return $CryptoProfile; 64 | } 65 | 66 | /** 67 | * @param IKEGateway $gateway 68 | * @return bool 69 | */ 70 | public function addProfil( $CryptoProfile ) 71 | { 72 | if( !is_object($CryptoProfile) ) 73 | derr('this function only accepts IPsecCryptoProfile class objects'); 74 | 75 | if( $CryptoProfile->owner !== null ) 76 | derr('Trying to add a IPsecCryptoProfile that has a owner already !'); 77 | 78 | 79 | $ser = spl_object_hash($CryptoProfile); 80 | 81 | if (!isset($this->fastMemToIndex[$ser])) 82 | { 83 | $CryptoProfile->owner = $this; 84 | 85 | if( $this->xmlroot === null ) 86 | $this->createXmlRoot(); 87 | 88 | $this->xmlroot->appendChild($CryptoProfile->xmlroot); 89 | 90 | $ret = $this->add($CryptoProfile); 91 | 92 | return true; 93 | } else 94 | derr('You cannot add a Gateway that is already here :)'); 95 | 96 | return false; 97 | } 98 | 99 | public function createXmlRoot() 100 | { 101 | if( $this->xmlroot === null ) 102 | { 103 | //TODO: 20180331 why I need to create full path? why it is not set before??? 104 | $xml = DH::findFirstElementOrCreate('devices', $this->owner->xmlroot); 105 | $xml = DH::findFirstElementOrCreate('entry', $xml); 106 | $xml = DH::findFirstElementOrCreate('network', $xml); 107 | $xml = DH::findFirstElementOrCreate('ike', $xml); 108 | $xml = DH::findFirstElementOrCreate('crypto-profiles', $xml); 109 | 110 | $this->xmlroot = DH::findFirstElementOrCreate('ipsec-crypto-profiles', $xml); 111 | } 112 | } 113 | 114 | /** 115 | * @param $IPSecCryptoProfileName string 116 | * @return null|IPsecTunnel 117 | */ 118 | public function findIpsecCryptoProfil($IPSecCryptoProfileName) 119 | { 120 | return $this->findByName($IPSecCryptoProfileName); 121 | } 122 | } -------------------------------------------------------------------------------- /lib/network-classes/class-IPsecTunnelStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /** 20 | * Class IPsecTunnelStore 21 | * @property $o IPsecTunnel[] 22 | * @property PANConf $owner 23 | */ 24 | class IPsecTunnelStore extends ObjStore 25 | { 26 | protected $_tunnels = Array(); 27 | 28 | public static $childn = 'IPsecTunnel'; 29 | 30 | protected $fastMemToIndex=null; 31 | protected $fastNameToIndex=null; 32 | 33 | public function __construct($name, $owner) 34 | { 35 | $this->name = $name; 36 | $this->owner = $owner; 37 | $this->classn = &self::$childn; 38 | } 39 | 40 | /** 41 | * @return IPsecTunnel[] 42 | */ 43 | public function tunnels() 44 | { 45 | return $this->o; 46 | } 47 | 48 | 49 | /** 50 | * @return IPsecTunnel[] 51 | */ 52 | public function getInterfaces() 53 | { 54 | return $this->o; 55 | } 56 | 57 | /** 58 | * Creates a new IPsecTunnel in this store. It will be placed at the end of the list. 59 | * @param string $name name of the new IPsecTunnel 60 | * @return IPsecTunnel 61 | */ 62 | public function newIPsecTunnel($name) 63 | { 64 | $tunnel = new IPsecTunnel( $name, $this); 65 | $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, IPsecTunnel::$templatexml); 66 | 67 | $tunnel->load_from_domxml($xmlElement); 68 | 69 | $this->_tunnels[] = $tunnel; 70 | 71 | $tunnel->owner = null; 72 | $tunnel->setName($name); 73 | 74 | $this->addIPsecTunnel( $tunnel ); 75 | 76 | return $tunnel; 77 | } 78 | 79 | 80 | /** 81 | * @param IKEGateway $gateway 82 | * @return bool 83 | */ 84 | public function addIPsecTunnel($tunnel) 85 | { 86 | if( !is_object($tunnel) ) 87 | derr('this function only accepts IPsecTunnel class objects'); 88 | 89 | if( $tunnel->owner !== null ) 90 | derr('Trying to add a tunnel that has a owner already !'); 91 | 92 | 93 | $ser = spl_object_hash($tunnel); 94 | 95 | if (!isset($this->fastMemToIndex[$ser])) 96 | { 97 | $tunnel->owner = $this; 98 | 99 | $this->_tunnels[] = $tunnel; 100 | $index = lastIndex($this->_tunnels); 101 | $this->fastMemToIndex[$ser] = $index; 102 | $this->fastNameToIndex[$tunnel->name()] = $index; 103 | 104 | if( $this->xmlroot === null ) 105 | $this->createXmlRoot(); 106 | 107 | $this->xmlroot->appendChild($tunnel->xmlroot); 108 | 109 | $ret = $this->add($tunnel); 110 | 111 | return true; 112 | } else 113 | derr('You cannot add a Tunnel that is already here :)'); 114 | 115 | return false; 116 | } 117 | 118 | public function createXmlRoot() 119 | { 120 | if( $this->xmlroot === null ) 121 | { 122 | //TODO: 20180331 why I need to create full path? why it is not set before??? 123 | $xml = DH::findFirstElementOrCreate('devices', $this->owner->xmlroot); 124 | $xml = DH::findFirstElementOrCreate('entry', $xml); 125 | $xml = DH::findFirstElementOrCreate('network', $xml); 126 | $xml = DH::findFirstElementOrCreate('tunnel', $xml); 127 | 128 | $this->xmlroot = DH::findFirstElementOrCreate('ipsec', $xml); 129 | } 130 | } 131 | 132 | /** 133 | * @param $IPSecTunnelName string 134 | * @return null|IPsecTunnel 135 | */ 136 | public function findIpsecTunnel($IPSecTunnelName) 137 | { 138 | return $this->findByName($IPSecTunnelName); 139 | } 140 | 141 | } -------------------------------------------------------------------------------- /lib/network-classes/class-IkeCryptoProfileStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /** 20 | * Class IkeCryptoProfilStore 21 | * @property $o IkeCryptoProfil[] 22 | * @property PANConf $owner 23 | */ 24 | class IkeCryptoProfileStore extends ObjStore 25 | { 26 | public static $childn = 'IkeCryptoProfil'; 27 | 28 | protected $fastMemToIndex=null; 29 | protected $fastNameToIndex=null; 30 | 31 | public function __construct($name, $owner) 32 | { 33 | $this->name = $name; 34 | $this->owner = $owner; 35 | $this->classn = &self::$childn; 36 | } 37 | 38 | /** 39 | * @return IkeCryptoProfil[] 40 | */ 41 | public function ikeCryptoProfil() 42 | { 43 | return $this->o; 44 | } 45 | 46 | 47 | /** 48 | * Creates a new IkeCryptoProfil in this store. It will be placed at the end of the list. 49 | * @param string $name name of the new IkeCryptoProfil 50 | * @return IkeCryptoProfil 51 | */ 52 | public function newIkeCryptoProfil( $name ) 53 | { 54 | $CryptoProfile = new IkeCryptoProfil( $name, $this); 55 | $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, IkeCryptoProfil::$templatexml); 56 | 57 | $CryptoProfile->load_from_domxml($xmlElement); 58 | 59 | $CryptoProfile->owner = null; 60 | $CryptoProfile->setName($name); 61 | 62 | $this->addProfil( $CryptoProfile ); 63 | 64 | return $CryptoProfile; 65 | } 66 | 67 | 68 | /** 69 | * @param IkeCryptoProfil $CryptoProfile 70 | * @return bool 71 | */ 72 | public function addProfil( $CryptoProfile ) 73 | { 74 | if( !is_object($CryptoProfile) ) 75 | derr('this function only accepts IKEGateway class objects'); 76 | 77 | if( $CryptoProfile->owner !== null ) 78 | derr('Trying to add a gateway that has a owner already !'); 79 | 80 | 81 | $ser = spl_object_hash($CryptoProfile); 82 | 83 | if (!isset($this->fastMemToIndex[$ser])) 84 | { 85 | $CryptoProfile->owner = $this; 86 | 87 | if( $this->xmlroot === null ) 88 | $this->createXmlRoot(); 89 | 90 | $this->xmlroot->appendChild($CryptoProfile->xmlroot); 91 | $ret = $this->add($CryptoProfile); 92 | return true; 93 | } else 94 | derr('You cannot add a Gateway that is already here :)'); 95 | 96 | return false; 97 | } 98 | 99 | public function createXmlRoot() 100 | { 101 | if( $this->xmlroot === null ) 102 | { 103 | //TODO: 20180331 why I need to create full path? why it is not set before??? 104 | $xml = DH::findFirstElementOrCreate('devices', $this->owner->xmlroot); 105 | $xml = DH::findFirstElementOrCreate('entry', $xml); 106 | $xml = DH::findFirstElementOrCreate('network', $xml); 107 | $xml = DH::findFirstElementOrCreate('ike', $xml); 108 | $xml = DH::findFirstElementOrCreate('crypto-profiles', $xml); 109 | 110 | $this->xmlroot = DH::findFirstElementOrCreate('ike-crypto-profiles', $xml); 111 | } 112 | } 113 | 114 | /** 115 | * @param $IKeCryptoProfileName string 116 | * @return null|IKECryptoProfil 117 | */ 118 | public function findIKECryptoProfil($IKECryptoProfileName) 119 | { 120 | return $this->findByName($IKECryptoProfileName); 121 | } 122 | 123 | } 124 | -------------------------------------------------------------------------------- /lib/network-classes/class-InterfaceContainer.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | 19 | /** 20 | * Class InterfaceContainer 21 | * @property VirtualSystem|Zone|VirtualRouter|PbfRule|DosRule $owner 22 | * @property EthernetInterface[]|AggregateEthernetInterface[]|LoopbackInterface[]|TunnelInterface[],IPsecTunnel[] $o 23 | */ 24 | class InterfaceContainer extends ObjRuleContainer 25 | { 26 | /** @var NetworkPropertiesContainer */ 27 | public $parentCentralStore; 28 | 29 | /** 30 | * @param VirtualSystem|Zone|VirtualRouter|PbfRule|DoSRule $owner 31 | * @param NetworkPropertiesContainer $centralStore 32 | */ 33 | public function __construct($owner, $centralStore) 34 | { 35 | $this->owner = $owner; 36 | $this->parentCentralStore = $centralStore; 37 | 38 | $this->o = Array(); 39 | } 40 | 41 | public function load_from_domxml(DOMElement $xml) 42 | { 43 | $this->xmlroot = $xml; 44 | 45 | foreach($xml->childNodes as $node) 46 | { 47 | if( $node->nodeType != XML_ELEMENT_NODE ) 48 | continue; 49 | 50 | $interfaceString = $node->textContent; 51 | 52 | $interface = $this->parentCentralStore->findInterfaceOrCreateTmp($interfaceString); 53 | 54 | $this->add($interface); 55 | } 56 | } 57 | 58 | /** 59 | * @return EthernetInterface[]|AggregateEthernetInterface[]|LoopbackInterface[]|TunnelInterface[]|IPsecTunnel[] 60 | */ 61 | public function interfaces() 62 | { 63 | return $this->o; 64 | } 65 | 66 | /** 67 | * @param EthernetInterface[]|AggregateEthernetInterface[]|LoopbackInterface[]|IPsecTunnel[] $if 68 | * @param bool $caseSensitive 69 | * @return bool 70 | */ 71 | public function hasInterface($if) 72 | { 73 | return $this->has($if); 74 | } 75 | 76 | /** 77 | * @param string $ifName 78 | * @param bool $caseSensitive 79 | * @return bool 80 | */ 81 | public function hasInterfaceNamed($ifName, $caseSensitive=true) 82 | { 83 | return $this->has($ifName, $caseSensitive); 84 | } 85 | 86 | /** 87 | * @param EthernetInterface|AggregateEthernetInterface|LoopbackInterface|IPsecTunnel $if 88 | * @return bool 89 | */ 90 | public function addInterface($if) 91 | { 92 | if( $if->type() == 'aggregate-group' ) 93 | { 94 | mwarning( "Interface of type: aggregate-group can not be added to a vsys.\n" ); 95 | return false; 96 | } 97 | 98 | 99 | if( $this->has($if) ) 100 | return false; 101 | 102 | $this->o[] = $if; 103 | 104 | DH::createElement( $this->xmlroot, 'member', $if->name() ); 105 | 106 | return true; 107 | } 108 | 109 | 110 | /** 111 | * @param EthernetInterface|AggregateEthernetInterface|LoopbackInterface|IPsecTunnel $if 112 | * @return bool 113 | */ 114 | public function API_addInterface($if) 115 | { 116 | if( $this->addInterface( $if ) ) 117 | { 118 | $con = findConnectorOrDie($this); 119 | 120 | $xpath = $this->owner->getXPath().'/import/network/interface'; 121 | $importRoot = DH::findFirstElementOrDie('import', $this->owner->xmlroot); 122 | $networkRoot = DH::findFirstElementOrDie('network', $importRoot); 123 | $importIfRoot = DH::findFirstElementOrDie('interface', $networkRoot); 124 | 125 | $con->sendSetRequest($xpath, "{$if->name()}"); 126 | } 127 | 128 | return true; 129 | } 130 | } -------------------------------------------------------------------------------- /lib/network-classes/class-LoopbackInterface.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class LoopbackInterface 19 | { 20 | use InterfaceType; 21 | use XmlConvertible; 22 | use PathableName; 23 | use ReferencableObject; 24 | 25 | protected $_ipv4Addresses = Array(); 26 | 27 | /** @var string */ 28 | public $type = 'loopback'; 29 | 30 | function __construct($name, $owner) 31 | { 32 | $this->name = $name; 33 | $this->owner = $owner; 34 | } 35 | 36 | 37 | public function isLoopbackType() 38 | { 39 | return true; 40 | } 41 | 42 | /** 43 | * @return string 44 | */ 45 | public function type() 46 | { 47 | return $this->type; 48 | } 49 | 50 | public function load_from_domxml( DOMElement $xml ) 51 | { 52 | $this->xmlroot = $xml; 53 | 54 | $this->name = DH::findAttribute('name', $xml); 55 | if( $this->name === FALSE ) 56 | derr("loopback name name not found\n"); 57 | 58 | $ipNode = DH::findFirstElement('ip', $xml); 59 | if( $ipNode !== false ) 60 | { 61 | foreach( $ipNode->childNodes as $l3ipNode ) 62 | { 63 | if( $l3ipNode->nodeType != XML_ELEMENT_NODE ) 64 | continue; 65 | 66 | $this->_ipv4Addresses[] = $l3ipNode->getAttribute('name'); 67 | } 68 | } 69 | 70 | 71 | } 72 | 73 | public function getIPv4Addresses() 74 | { 75 | return $this->_ipv4Addresses; 76 | } 77 | 78 | /** 79 | * return true if change was successful false if not (duplicate rulename?) 80 | * @return bool 81 | * @param string $name new name for the rule 82 | */ 83 | public function setName($name) 84 | { 85 | if( $this->name == $name ) 86 | return true; 87 | 88 | $this->name = $name; 89 | 90 | $this->xmlroot->setAttribute('name', $name); 91 | 92 | return true; 93 | 94 | } 95 | 96 | /** 97 | * @return string 98 | */ 99 | public function &getXPath() 100 | { 101 | $str = $this->owner->getLoopbackIfStoreXPath()."/entry[@name='".$this->name."']"; 102 | 103 | return $str; 104 | } 105 | 106 | static public $templatexml = ' 107 | 108 | no 109 | 110 | 111 | '; 112 | } -------------------------------------------------------------------------------- /lib/network-classes/class-StaticRoute.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | 19 | class StaticRoute 20 | { 21 | use XmlConvertible; 22 | use PathableName; 23 | use ReferencableObject; 24 | 25 | /** @var string */ 26 | protected $_destination; 27 | 28 | protected $_nexthopType = 'none'; 29 | 30 | protected $_nexthopIP = null; 31 | 32 | /** @var null|string */ 33 | protected $_nexthopVR = null; 34 | 35 | /** @var VirtualRouter */ 36 | public $owner; 37 | 38 | /** @var null|EthernetInterface|AggregateEthernetInterface|TmpInterface */ 39 | protected $_interface = null; 40 | 41 | 42 | /** 43 | * StaticRoute constructor. 44 | * @param string $name 45 | * @param VirtualRouter $owner 46 | */ 47 | function __construct($name, $owner) 48 | { 49 | $this->owner = $owner; 50 | $this->name = $name; 51 | } 52 | 53 | /** 54 | * @param $xml DOMElement 55 | */ 56 | function load_from_xml($xml) 57 | { 58 | $this->xmlroot = $xml; 59 | 60 | $this->name = DH::findAttribute('name', $xml); 61 | if( $this->name === FALSE ) 62 | derr("static-route name not found\n"); 63 | 64 | $dstNode = DH::findFirstElementOrDie('destination', $xml); 65 | $this->_destination = $dstNode->textContent; 66 | 67 | $ifNode = DH::findFirstElement('interface', $xml); 68 | if( $ifNode !== false ) 69 | { 70 | $this->_interface = $this->owner->owner->owner->network->findInterfaceOrCreateTmp($ifNode->textContent); 71 | } 72 | 73 | $fhNode = DH::findFirstElement('nexthop', $xml); 74 | if( $fhNode !== false ) 75 | { 76 | $fhTypeNode = DH::findFirstElement('ip-address', $fhNode); 77 | if( $fhTypeNode !== false ) 78 | { 79 | $this->_nexthopType = 'ip-address'; 80 | $this->_nexthopIP = $fhTypeNode->textContent; 81 | return; 82 | } 83 | $fhTypeNode = DH::findFirstElement('ipv6-address', $fhNode); 84 | if( $fhTypeNode !== false ) 85 | { 86 | $this->_nexthopType = 'ipv6-address'; 87 | $this->_nexthopIP = $fhTypeNode->textContent; 88 | return; 89 | } 90 | $fhTypeNode = DH::findFirstElement('next-vr', $fhNode); 91 | if( $fhTypeNode !== false ) 92 | { 93 | $this->_nexthopType = 'next-vr'; 94 | $this->_nexthopVR = $fhTypeNode->textContent; 95 | return; 96 | } 97 | 98 | } 99 | } 100 | 101 | function create_staticroute_from_xml( $xmlString ) 102 | { 103 | $xmlElement = DH::importXmlStringOrDie( $this->owner->owner->xmlroot->ownerDocument, $xmlString ); 104 | $this->load_from_xml($xmlElement); 105 | 106 | return $this; 107 | } 108 | 109 | /** 110 | * @return string 111 | */ 112 | public function destination() 113 | { 114 | return $this->_destination; 115 | } 116 | 117 | /** 118 | * @return bool|string 119 | */ 120 | public function destinationIP4Mapping() 121 | { 122 | return cidr::stringToStartEnd($this->_destination); 123 | } 124 | 125 | public function nexthopIP() 126 | { 127 | return $this->_nexthopIP; 128 | } 129 | 130 | /** 131 | * @return null|string 132 | */ 133 | public function nexthopVR() 134 | { 135 | return $this->_nexthopVR; 136 | } 137 | 138 | public function nexthopInterface() 139 | { 140 | return $this->_interface; 141 | } 142 | 143 | 144 | /** 145 | * @return string 'none','ip-address' 146 | */ 147 | public function nexthopType() 148 | { 149 | return $this->_nexthopType; 150 | } 151 | 152 | } -------------------------------------------------------------------------------- /lib/network-classes/class-TmpInterface.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | class TmpInterface 20 | { 21 | use ReferencableObject; 22 | use PathableName; 23 | use InterfaceType; 24 | 25 | /** @property $owner TmpInterfaceStore */ 26 | 27 | /** 28 | * @param $name string 29 | * @param TmpInterfaceStore $owner 30 | */ 31 | public function __construct($name, $owner) 32 | { 33 | $this->owner = $owner; 34 | $this->name = $name; 35 | } 36 | 37 | public function isTmpType() 38 | { 39 | return true; 40 | } 41 | 42 | 43 | } 44 | 45 | -------------------------------------------------------------------------------- /lib/network-classes/class-TmpInterfaceStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /** 19 | * @property TmpInterface[] $o 20 | * @property PANConf $owner 21 | */ 22 | class TmpInterfaceStore extends ObjStore 23 | { 24 | public static $childn = 'EthernetInterface'; 25 | 26 | /** 27 | * @param PANConf $owner 28 | */ 29 | function __construct($name, $owner) 30 | { 31 | $this->owner = $owner; 32 | $this->name = $name; 33 | $this->classn = &self::$childn; 34 | } 35 | 36 | /** 37 | * @return TmpInterface[] 38 | */ 39 | function getInterfaces() 40 | { 41 | return $this->o; 42 | } 43 | 44 | 45 | 46 | 47 | } -------------------------------------------------------------------------------- /lib/network-classes/class-TunnelInterface.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class TunnelInterface 19 | { 20 | use InterfaceType; 21 | use XmlConvertible; 22 | use PathableName; 23 | use ReferencableObject; 24 | 25 | protected $_ipv4Addresses = Array(); 26 | 27 | /** @var string */ 28 | public $type = 'tunnel'; 29 | 30 | function __construct($name, $owner) 31 | { 32 | $this->name = $name; 33 | $this->owner = $owner; 34 | } 35 | 36 | 37 | public function isTunnelType() 38 | { 39 | return true; 40 | } 41 | 42 | public function load_from_domxml( DOMElement $xml ) 43 | { 44 | $this->xmlroot = $xml; 45 | 46 | $this->name = DH::findAttribute('name', $xml); 47 | if( $this->name === FALSE ) 48 | derr("tunnel name name not found\n"); 49 | 50 | $ipNode = DH::findFirstElement('ip', $xml); 51 | if( $ipNode !== false ) 52 | { 53 | foreach( $ipNode->childNodes as $l3ipNode ) 54 | { 55 | if( $l3ipNode->nodeType != XML_ELEMENT_NODE ) 56 | continue; 57 | 58 | $this->_ipv4Addresses[] = $l3ipNode->getAttribute('name'); 59 | } 60 | } 61 | } 62 | 63 | /** 64 | * @return string 65 | */ 66 | public function type() 67 | { 68 | return $this->type; 69 | } 70 | 71 | public function getIPv4Addresses() 72 | { 73 | return $this->_ipv4Addresses; 74 | } 75 | 76 | /** 77 | * return true if change was successful false if not (duplicate rulename?) 78 | * @return bool 79 | * @param string $name new name for the rule 80 | */ 81 | public function setName($name) 82 | { 83 | if( $this->name == $name ) 84 | return true; 85 | 86 | $this->name = $name; 87 | 88 | $this->xmlroot->setAttribute('name', $name); 89 | 90 | return true; 91 | 92 | } 93 | 94 | /** 95 | * @return string 96 | */ 97 | public function &getXPath() 98 | { 99 | $str = $this->owner->getTunnelIfStoreXPath()."/entry[@name='".$this->name."']"; 100 | 101 | return $str; 102 | } 103 | 104 | static public $templatexml = ''; 105 | } -------------------------------------------------------------------------------- /lib/network-classes/class-VirtualRouterStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /** 20 | * Class IPsecTunnelStore 21 | * @property $o IPsecTunnel[] 22 | */ 23 | class VirtualRouterStore extends ObjStore 24 | { 25 | 26 | /** @var null|PANConf */ 27 | public $owner; 28 | 29 | public static $childn = 'VirtualRouter'; 30 | 31 | public function __construct($name, $owner) 32 | { 33 | $this->name = $name; 34 | $this->owner = $owner; 35 | $this->classn = &self::$childn; 36 | } 37 | 38 | /** 39 | * @return VirtualRouter[] 40 | */ 41 | public function virtualRouters() 42 | { 43 | return $this->o; 44 | } 45 | 46 | /** 47 | * @param $vrName string 48 | * @return null|VirtualRouter 49 | */ 50 | public function findVirtualRouter($vrName) 51 | { 52 | return $this->findByName($vrName); 53 | } 54 | 55 | /** 56 | * Creates a new VirtualRouter in this store. It will be placed at the end of the list. 57 | * @param string $name name of the new VirtualRouter 58 | * @return VirtualRouter 59 | */ 60 | public function newVirtualRouter($name) 61 | { 62 | foreach( $this->virtualRouters() as $vr) 63 | { 64 | if( $vr->name() == $name ) 65 | derr( "VirtualRouter: ".$name." already available\n" ); 66 | } 67 | 68 | $virtualRouter = new virtualRouter( $name, $this); 69 | $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, virtualRouter::$templatexml); 70 | 71 | $virtualRouter->load_from_domxml($xmlElement); 72 | 73 | $virtualRouter->owner = null; 74 | $virtualRouter->setName($name); 75 | 76 | //20190507 - which add method is best, is addvirtualRouter needed?? 77 | $this->addvirtualRouter( $virtualRouter ); 78 | $this->add( $virtualRouter ); 79 | 80 | return $virtualRouter; 81 | } 82 | 83 | /** 84 | * @param VirtualRouter $virtualRouter 85 | * @return bool 86 | */ 87 | public function addVirtualRouter($virtualRouter ) 88 | { 89 | if( !is_object($virtualRouter) ) 90 | derr('this function only accepts virtualRouter class objects'); 91 | 92 | if( $virtualRouter->owner !== null ) 93 | derr('Trying to add a virtualRouter that has a owner already !'); 94 | 95 | 96 | $ser = spl_object_hash($virtualRouter); 97 | 98 | if (!isset($this->fastMemToIndex[$ser])) 99 | { 100 | $virtualRouter->owner = $this; 101 | 102 | $this->fastMemToIndex[$ser] = $virtualRouter; 103 | $this->fastNameToIndex[$virtualRouter->name()] = $virtualRouter; 104 | 105 | if( $this->xmlroot === null ) 106 | $this->createXmlRoot(); 107 | 108 | $this->xmlroot->appendChild($virtualRouter->xmlroot); 109 | 110 | return true; 111 | } else 112 | derr('You cannot add a virtualRouter that is already here :)'); 113 | 114 | return false; 115 | } 116 | 117 | public function createXmlRoot() 118 | { 119 | if( $this->xmlroot === null ) 120 | { 121 | $xml = DH::findFirstElementOrCreate('devices', $this->owner->xmlroot); 122 | $xml = DH::findFirstElementOrCreate('entry', $xml); 123 | $xml = DH::findFirstElementOrCreate('network', $xml); 124 | 125 | $this->xmlroot = DH::findFirstElementOrCreate('virtual-router', $xml); 126 | } 127 | } 128 | 129 | private function &getBaseXPath() 130 | { 131 | 132 | $str = ""; 133 | /* 134 | if( $this->owner->owner->isTemplate() ) 135 | $str .= $this->owner->owner->getXPath(); 136 | elseif( $this->owner->isPanorama() || $this->owner->isFirewall() ) 137 | $str = '/config/shared'; 138 | else 139 | derr('unsupported'); 140 | */ 141 | 142 | //TODO: intermediate solution 143 | $str .= '/config/devices/entry/network'; 144 | 145 | return $str; 146 | } 147 | 148 | public function &getvirtualRouterStoreXPath() 149 | { 150 | $path = $this->getBaseXPath().'/virtual-router'; 151 | return $path; 152 | } 153 | 154 | } -------------------------------------------------------------------------------- /lib/network-classes/class-VirtualWire.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class VirtualWire 19 | { 20 | use XmlConvertible; 21 | use PathableName; 22 | use ReferencableObject; 23 | 24 | /** @var VirtualWireStore */ 25 | public $owner; 26 | 27 | /** @var InterfaceContainer */ 28 | public $attachedInterface1; 29 | 30 | /** @var InterfaceContainer */ 31 | public $attachedInterface2; 32 | /** 33 | * @param $name string 34 | * @param $owner VirtualWireStore 35 | */ 36 | public function __construct($name, $owner) 37 | { 38 | $this->owner = $owner; 39 | $this->name = $name; 40 | } 41 | 42 | /** 43 | * @param DOMElement $xml 44 | */ 45 | public function load_from_domxml( $xml ) 46 | { 47 | $this->xmlroot = $xml; 48 | 49 | $this->name = DH::findAttribute('name', $xml); 50 | if( $this->name === FALSE ) 51 | derr("virtual-wire name not found\n"); 52 | 53 | $tmp_int1 = DH::findFirstElement('interface1', $xml); 54 | $tmp_int2 = DH::findFirstElement('interface2', $xml); 55 | 56 | if( is_object($tmp_int1) ) 57 | $this->attachedInterface1 = $tmp_int1->textContent; 58 | if( is_object($tmp_int2) ) 59 | $this->attachedInterface2 = $tmp_int2->textContent; 60 | } 61 | 62 | 63 | /** 64 | * @return VirtualSystem[] 65 | */ 66 | public function &findConcernedVsys() 67 | { 68 | $vsysList = Array(); 69 | foreach($this->attachedInterfaces->interfaces() as $if ) 70 | { 71 | $vsys = $this->owner->owner->network->findVsysInterfaceOwner($if->name()); 72 | if( $vsys !== null ) 73 | $vsysList[$vsys->name()] = $vsys; 74 | } 75 | 76 | return $vsysList; 77 | } 78 | 79 | /** 80 | * return true if change was successful false if not 81 | * @return bool 82 | * @param string $name new name for the VirtualWire 83 | */ 84 | public function setName($name) 85 | { 86 | if( $this->name == $name ) 87 | return true; 88 | 89 | $this->name = $name; 90 | 91 | $this->xmlroot->setAttribute('name', $name); 92 | 93 | return true; 94 | } 95 | 96 | /** 97 | /** 98 | * return true if change was successful false if not 99 | * @return bool 100 | * @param string $int_num name for the VirtualWire interface 101 | * @param ethernetInterface $if interface for the VirtualWire interface 102 | */ 103 | public function setInterface( $int_num, $if ) 104 | { 105 | if( !is_object($if) ) 106 | derr( "Interface can not be added to VirtualWire: ".$this->name()." - ".$int_num." | is not an object." ); 107 | 108 | if( $this->attachedInterface1 == $if->name() || $this->attachedInterface2 == $if->name() ) 109 | return true; 110 | 111 | $tmp_xmlroot = $this->xmlroot; 112 | 113 | if( $int_num == "interface1" ) 114 | { 115 | $this->attachedInterface1 = $if->name(); 116 | $tmp_int = DH::findFirstElementOrCreate('interface1', $tmp_xmlroot); 117 | } 118 | elseif( $int_num == "interface2" ) 119 | { 120 | $this->attachedInterface2 = $if->name(); 121 | $tmp_int = DH::findFirstElementOrCreate('interface2', $tmp_xmlroot); 122 | } 123 | else 124 | return false; 125 | 126 | DH::setDomNodeText($tmp_int, $if->name()); 127 | 128 | return true; 129 | } 130 | 131 | /** 132 | * Add a ip to this interface, it must be passed as an object or string 133 | * @param Address $ip Object to be added, or String 134 | * @return bool 135 | */ 136 | public function API_setInterface($int_num, $if) 137 | { 138 | $ret = $this->setInterface($int_num, $if); 139 | 140 | if( $ret ) 141 | { 142 | $con = findConnector($this); 143 | $xpath = $this->getXPath(); 144 | 145 | $con->sendSetRequest($xpath, "<".$int_num.">{$if->name()}"); 146 | } 147 | 148 | return $ret; 149 | } 150 | 151 | /** 152 | * @return string 153 | */ 154 | public function &getXPath() 155 | { 156 | $str = $this->owner->getEthernetIfStoreXPath()."/entry[@name='".$this->name."']"; 157 | 158 | return $str; 159 | } 160 | 161 | static public $templatexml = ''; 162 | 163 | } 164 | -------------------------------------------------------------------------------- /lib/network-classes/class-VirtualWireStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /** 20 | * Class VirtualWireStore 21 | * @property $o VirutalWire[] 22 | */ 23 | class VirtualWireStore extends ObjStore 24 | { 25 | 26 | /** @var null|PANConf */ 27 | public $owner; 28 | 29 | protected $fastMemToIndex=null; 30 | protected $fastNameToIndex=null; 31 | 32 | public static $childn = 'VirtualWire'; 33 | 34 | public function __construct($name, $owner) 35 | { 36 | $this->name = $name; 37 | $this->owner = $owner; 38 | $this->classn = &self::$childn; 39 | } 40 | 41 | /** 42 | * @return VirtualWire[] 43 | */ 44 | public function virtualWires() 45 | { 46 | return $this->o; 47 | } 48 | 49 | /** 50 | * @param $vwName string 51 | * @return null|VirtualWire 52 | */ 53 | public function findVirtualWire( $vwName ) 54 | { 55 | return $this->findByName( $vwName ); 56 | } 57 | 58 | 59 | /** 60 | * Creates a new VirtualWire in this store. It will be placed at the end of the list. 61 | * @param string $name name of the new VirtualWire 62 | * @return VirtualWire 63 | */ 64 | public function newVirtualWire($name) 65 | { 66 | foreach( $this->virtualWires() as $vw) 67 | { 68 | if( $vw->name() == $name ) 69 | derr( "VirtualWire: ".$name." already available\n" ); 70 | } 71 | 72 | $virtualWire = new VirtualWire( $name, $this); 73 | $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, VirtualWire::$templatexml); 74 | 75 | $virtualWire->load_from_domxml($xmlElement); 76 | 77 | $virtualWire->owner = null; 78 | $virtualWire->setName($name); 79 | 80 | //20190507 - which add method is best, is addVirtualWire needed?? 81 | $this->addVirtualWire( $virtualWire ); 82 | $this->add( $virtualWire ); 83 | 84 | return $virtualWire; 85 | } 86 | 87 | public function API_newVirtualWire($name) 88 | { 89 | $newvw = $this->newVirtualWire($name); 90 | 91 | $con = findConnectorOrDie($this); 92 | //$xpath = $newvw->getXPath(); 93 | $xpath = $this->getEthernetIfStoreXPath(); 94 | $con->sendSetRequest($xpath, "", true ); 95 | 96 | return $newvw; 97 | } 98 | 99 | 100 | /** 101 | * @param VirtualWire $virtualWire 102 | * @return bool 103 | */ 104 | public function addVirtualWire($virtualWire ) 105 | { 106 | if( !is_object($virtualWire) ) 107 | derr('this function only accepts VirtualWire class objects'); 108 | 109 | if( $virtualWire->owner !== null ) 110 | derr('Trying to add a VirtualWire that has a owner already !'); 111 | 112 | 113 | $ser = spl_object_hash($virtualWire); 114 | 115 | if (!isset($this->fastMemToIndex[$ser])) 116 | { 117 | $virtualWire->owner = $this; 118 | 119 | $this->fastMemToIndex[$ser] = $virtualWire; 120 | $this->fastNameToIndex[$virtualWire->name()] = $virtualWire; 121 | 122 | if( $this->xmlroot === null ) 123 | $this->createXmlRoot(); 124 | 125 | $this->xmlroot->appendChild($virtualWire->xmlroot); 126 | 127 | return true; 128 | } else 129 | derr('You cannot add a VirtualWire that is already here :)'); 130 | 131 | return false; 132 | } 133 | 134 | /** 135 | * @param EthernetInterface $s 136 | * @return bool 137 | */ 138 | public function API_addVirtualWire( $s ) 139 | { 140 | $ret = $this->addVirtualWire($s); 141 | 142 | if( $ret ) 143 | { 144 | $con = findConnectorOrDie($this); 145 | 146 | $xpath = $this->getEthernetIfStoreXPath(); 147 | 148 | $con->sendSetRequest($xpath, ""); 149 | } 150 | 151 | return $ret; 152 | } 153 | 154 | public function createXmlRoot() 155 | { 156 | if( $this->xmlroot === null ) 157 | { 158 | $xml = DH::findFirstElementOrCreate('devices', $this->owner->xmlroot); 159 | $xml = DH::findFirstElementOrCreate('entry', $xml); 160 | $xml = DH::findFirstElementOrCreate('network', $xml); 161 | 162 | $this->xmlroot = DH::findFirstElementOrCreate('virtual-wire', $xml); 163 | } 164 | } 165 | 166 | private function &getBaseXPath() 167 | { 168 | 169 | $str = ""; 170 | /* 171 | if( $this->owner->owner->isTemplate() ) 172 | $str .= $this->owner->owner->getXPath(); 173 | elseif( $this->owner->isPanorama() || $this->owner->isFirewall() ) 174 | $str = '/config/shared'; 175 | else 176 | derr('unsupported'); 177 | */ 178 | 179 | //TODO: intermediate solution 180 | $str .= '/config/devices/entry/network'; 181 | 182 | return $str; 183 | } 184 | 185 | public function &getEthernetIfStoreXPath() 186 | { 187 | $path = $this->getBaseXPath().'/virtual-wire'; 188 | return $path; 189 | } 190 | 191 | } -------------------------------------------------------------------------------- /lib/network-classes/class-VlanInterface.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | class VlanInterface 19 | { 20 | use InterfaceType; 21 | use XmlConvertible; 22 | use PathableName; 23 | use ReferencableObject; 24 | 25 | protected $_ipv4Addresses = Array(); 26 | 27 | /** @var string */ 28 | public $type = 'vlan'; 29 | 30 | function __construct($name, $owner) 31 | { 32 | $this->name = $name; 33 | $this->owner = $owner; 34 | } 35 | 36 | 37 | public function isVlanType() 38 | { 39 | return true; 40 | } 41 | 42 | public function load_from_domxml( DOMElement $xml ) 43 | { 44 | /* 45 | 46 | 47 | 48 | 49 | no 50 | 51 | 52 | 53 | 54 | no 55 | 56 | 57 | 58 | no 59 | 60 | 61 | */ 62 | $this->xmlroot = $xml; 63 | 64 | $this->name = DH::findAttribute('name', $xml); 65 | if( $this->name === FALSE ) 66 | derr("vlan name name not found\n"); 67 | 68 | $ipNode = DH::findFirstElement('ip', $xml); 69 | if( $ipNode !== false ) 70 | { 71 | foreach( $ipNode->childNodes as $l3ipNode ) 72 | { 73 | if( $l3ipNode->nodeType != XML_ELEMENT_NODE ) 74 | continue; 75 | 76 | $this->_ipv4Addresses[] = $l3ipNode->getAttribute('name'); 77 | } 78 | } 79 | 80 | 81 | } 82 | 83 | public function getIPv4Addresses() 84 | { 85 | return $this->_ipv4Addresses; 86 | } 87 | 88 | /** 89 | * return true if change was successful false if not (duplicate rulename?) 90 | * @return bool 91 | * @param string $name new name for the rule 92 | */ 93 | public function setName($name) 94 | { 95 | if( $this->name == $name ) 96 | return true; 97 | 98 | $this->name = $name; 99 | 100 | $this->xmlroot->setAttribute('name', $name); 101 | 102 | return true; 103 | 104 | } 105 | 106 | /** 107 | * @return string 108 | */ 109 | public function &getXPath() 110 | { 111 | $str = $this->owner->getVlanIfStoreXPath()."/entry[@name='".$this->name."']"; 112 | 113 | return $str; 114 | } 115 | 116 | static public $templatexml = ' 117 | 118 | 119 | 120 | no 121 | 122 | 123 | 124 | 125 | no 126 | 127 | 128 | no 129 | 130 | '; 131 | } -------------------------------------------------------------------------------- /lib/network-classes/class-ZoneStore.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | /** 19 | * Class ZoneStore 20 | * 21 | * @property ZoneStore $parentCentralStore 22 | * @property Zone[] $o 23 | * 24 | */ 25 | class ZoneStore extends ObjStore 26 | { 27 | /** @var DeviceGroup|PanoramaConf|VirtualSystem */ 28 | public $owner; 29 | 30 | public $parentCentralStore = null; 31 | 32 | public static $childn = 'Zone'; 33 | 34 | /** 35 | * @param VirtualSystem|DeviceGroup|PanoramaConf $owner 36 | */ 37 | public function __construct($owner) 38 | { 39 | $this->classn = &self::$childn; 40 | 41 | $this->owner = $owner; 42 | 43 | $this->findParentCentralStore(); 44 | } 45 | 46 | 47 | /** 48 | * looks for a zone named $name ,return that Zone object, null if not found 49 | * @param string $name 50 | * @return Zone 51 | */ 52 | public function find($name, $ref=null) 53 | { 54 | return $this->findByName($name,$ref); 55 | } 56 | 57 | 58 | /** 59 | * add a Zone to this store. Use at your own risk. 60 | * @param Zone 61 | * @param bool 62 | * @return bool 63 | */ 64 | public function addZone( Zone $zone, $rewriteXML = true ) 65 | { 66 | $fasthashcomp=null; 67 | 68 | $ret = $this->add($zone); 69 | 70 | if( $ret && $rewriteXML && !$zone->isTmp() && $this->xmlroot !== null ) 71 | { 72 | $this->xmlroot->appendChild($zone->xmlroot); 73 | } 74 | return $ret; 75 | } 76 | 77 | 78 | /** 79 | * remove a Zone a Zone to this store. 80 | * @param Zone 81 | * 82 | * @return bool True if Zone was found and removed. False if not found. 83 | */ 84 | public function removeZone( Zone $zone ) 85 | { 86 | $ret = $this->remove($zone); 87 | 88 | if( $ret && !$zone->isTmp() && $this->xmlroot !== null ) 89 | { 90 | $this->xmlroot->removeChild($zone->xmlroot); 91 | } 92 | 93 | return $ret; 94 | } 95 | 96 | /** 97 | * @param Zone|string $zoneName can be Zone object or zone name (string). this is case sensitive 98 | * @return bool 99 | */ 100 | public function hasZoneNamed( $zoneName, $caseSensitive = true ) 101 | { 102 | return $this->has($zoneName, $caseSensitive); 103 | } 104 | 105 | 106 | /** 107 | * @param string $ifName 108 | * @return null|Zone 109 | */ 110 | public function findZoneMatchingInterfaceName( $ifName ) 111 | { 112 | foreach( $this->o as $zone ) 113 | { 114 | if( $zone->isTmp() ) 115 | continue; 116 | 117 | if( $zone->attachedInterfaces->hasInterfaceNamed($ifName) ) 118 | return $zone; 119 | } 120 | 121 | return null; 122 | } 123 | 124 | /** 125 | * @param $vsys string|VirtualSystem 126 | * @return null|Zone 127 | */ 128 | public function findZoneWithExternalVsys($vsys) 129 | { 130 | if( is_string($vsys) ) 131 | { 132 | foreach($this->o as $zone ) 133 | { 134 | if( $zone->type() == 'external' ) 135 | if( isset($zone->externalVsys[$vsys]) ) 136 | return $zone; 137 | } 138 | return null; 139 | } 140 | 141 | foreach($this->o as $zone ) 142 | { 143 | if( $zone->type() == 'external' ) 144 | { 145 | if (isset($zone->externalVsys[$vsys->name()])) 146 | return $zone; 147 | } 148 | } 149 | return null; 150 | } 151 | 152 | 153 | /** 154 | * return an array with all Zones in this store 155 | * @return Zone[] 156 | */ 157 | public function zones() 158 | { 159 | return $this->o; 160 | } 161 | 162 | 163 | public function rewriteXML() 164 | { 165 | if( $this->xmlroot !== null ) 166 | { 167 | DH::clearDomNodeChilds($this->xmlroot); 168 | foreach( $this->o as $zone ) 169 | { 170 | if( ! $zone->isTmp() ) 171 | $this->xmlroot->appendChild($zone->xmlroot); 172 | } 173 | } 174 | 175 | } 176 | 177 | /** 178 | * 179 | * @ignore 180 | */ 181 | protected function findParentCentralStore() 182 | { 183 | $this->parentCentralStore = null; 184 | 185 | if( $this->owner ) 186 | { 187 | $curo = $this; 188 | while( isset($curo->owner) && $curo->owner !== null ) 189 | { 190 | 191 | if( isset($curo->owner->zoneStore) && 192 | $curo->owner->zoneStore !== null ) 193 | { 194 | $this->parentCentralStore = $curo->owner->zoneStore; 195 | //print $this->toString()." : found a parent central store: ".$parentCentralStore->toString()."\n"; 196 | return; 197 | } 198 | $curo = $curo->owner; 199 | } 200 | } 201 | 202 | //print $this->toString().": no parent store found\n"; 203 | 204 | } 205 | 206 | 207 | public function &getXPath() 208 | { 209 | if( $this->xmlroot === null ) 210 | derr('unsupported on virtual Stores'); 211 | 212 | $xpath = $this->owner->getXPath()."/zone/"; 213 | 214 | return $xpath; 215 | 216 | } 217 | 218 | 219 | public function newZone($name , $type) 220 | { 221 | foreach( $this->zones() as $zone) 222 | { 223 | if( $zone->name() == $name ) 224 | derr( "Zone: ".$name." already available\n" ); 225 | } 226 | 227 | $found = $this->find($name,null); 228 | if( $found !== null ) 229 | derr("cannot create Zone named '".$name."' as this name is already in use "); 230 | 231 | $ns = new Zone($name,$this, true, $type); 232 | 233 | $this->addZone($ns); 234 | 235 | return $ns; 236 | 237 | } 238 | 239 | 240 | } 241 | 242 | 243 | 244 | -------------------------------------------------------------------------------- /lib/resources/LICENSE.txt: -------------------------------------------------------------------------------- 1 | 2 | All schema XML files are actually copies of the official product files and owned by Palo Alto Networks. 3 | This project is just making fair use of them. 4 | 5 | -------------------------------------------------------------------------------- /lib/resources/panorama-schema-v70.xml.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/lib/resources/panorama-schema-v70.xml.gz -------------------------------------------------------------------------------- /lib/resources/panorama-schema-v71.xml.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swaschkut/pan-configurator/2a86f7a843eaf036efe2702efaf76ac7ea8029f3/lib/resources/panorama-schema-v71.xml.gz -------------------------------------------------------------------------------- /lib/rule-classes/class-DecryptionRule.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | class DecryptionRule extends RuleWithUserID 20 | { 21 | use NegatableRule; 22 | 23 | /** 24 | * @param RuleStore $owner 25 | * @param bool $fromTemplateXML 26 | */ 27 | public function __construct($owner, $fromTemplateXML=false) 28 | { 29 | $this->owner = $owner; 30 | 31 | $this->parentAddressStore = $this->owner->owner->addressStore; 32 | $this->parentServiceStore = $this->owner->owner->serviceStore; 33 | 34 | $this->tags = new TagRuleContainer($this); 35 | 36 | $this->from = new ZoneRuleContainer($this); 37 | $this->from->name = 'from'; 38 | $this->from->parentCentralStore = $owner->owner->zoneStore; 39 | 40 | $this->to = new ZoneRuleContainer($this); 41 | $this->to->name = 'to'; 42 | $this->to->parentCentralStore = $owner->owner->zoneStore; 43 | 44 | $this->source = new AddressRuleContainer($this); 45 | $this->source->name = 'source'; 46 | $this->source->parentCentralStore = $this->parentAddressStore; 47 | 48 | $this->destination = new AddressRuleContainer($this); 49 | $this->destination->name = 'destination'; 50 | $this->destination->parentCentralStore = $this->parentAddressStore; 51 | 52 | $this->services = new ServiceRuleContainer($this); 53 | $this->services->name = 'service'; 54 | 55 | if( $fromTemplateXML ) 56 | { 57 | $xmlElement = DH::importXmlStringOrDie($owner->xmlroot->ownerDocument, self::$templatexml); 58 | $this->load_from_domxml($xmlElement); 59 | } 60 | 61 | } 62 | 63 | public function load_from_domxml($xml) 64 | { 65 | $this->xmlroot = $xml; 66 | 67 | $this->name = DH::findAttribute('name', $xml); 68 | if( $this->name === FALSE ) 69 | derr("name not found\n"); 70 | 71 | $this->load_common_from_domxml(); 72 | 73 | $this->load_from(); 74 | $this->load_to(); 75 | $this->load_source(); 76 | $this->load_destination(); 77 | 78 | $this->userID_loadUsersFromXml(); 79 | $this->_readNegationFromXml(); 80 | 81 | // // 82 | // Begin extraction // 83 | // // 84 | if( $this->owner->owner->version >= 61 ) 85 | { 86 | $tmp = DH::findFirstElementOrCreate('service', $xml); 87 | $this->services->load_from_domxml($tmp); 88 | } 89 | // end of zone extraction 90 | 91 | } 92 | 93 | public function display($padding = 0) 94 | { 95 | $padding = str_pad('', $padding); 96 | 97 | $dis = ''; 98 | if( $this->disabled ) 99 | $dis = ''; 100 | 101 | $sourceNegated = ''; 102 | if( $this->sourceIsNegated() ) 103 | $sourceNegated = '*negated*'; 104 | 105 | $destinationNegated = ''; 106 | if( $this->destinationIsNegated() ) 107 | $destinationNegated = '*negated*'; 108 | 109 | print $padding."*Rule named '{$this->name}' $dis\n"; 110 | print $padding." From: " .$this->from->toString_inline()." | To: ".$this->to->toString_inline()."\n"; 111 | print $padding." Source: $sourceNegated ".$this->source->toString_inline()."\n"; 112 | print $padding." Destination: $destinationNegated ".$this->destination->toString_inline()."\n"; 113 | print $padding." Service: ".$this->services->toString_inline()."\n"; 114 | if( !$this->userID_IsCustom() ) 115 | print $padding." User: *".$this->userID_type()."*\n"; 116 | else 117 | { 118 | $users = $this->userID_getUsers(); 119 | print $padding . " User: " . PH::list_to_string($users) . "\n"; 120 | } 121 | print $padding." Tags: ".$this->tags->toString_inline()."\n"; 122 | 123 | if( $this->_targets !== null ) 124 | print $padding." Targets: ".$this->targets_toString()."\n"; 125 | 126 | if( strlen($this->_description) > 0 ) 127 | print $padding." Desc: ".$this->_description."\n"; 128 | print "\n"; 129 | } 130 | 131 | public function cleanForDestruction() 132 | { 133 | $this->from->__destruct(); 134 | $this->to->__destruct(); 135 | $this->source->__destruct(); 136 | $this->destination->__destruct(); 137 | $this->tags->__destruct(); 138 | $this->services->__destruct(); 139 | 140 | $this->from = null; 141 | $this->to = null; 142 | $this->source = null; 143 | $this->destination = null; 144 | $this->tags = null; 145 | $this->services = null; 146 | 147 | $this->owner = null; 148 | } 149 | 150 | public function isDecryptionRule() 151 | { 152 | return true; 153 | } 154 | 155 | public function storeVariableName() 156 | { 157 | return "decryptionRules"; 158 | } 159 | 160 | public function ruleNature() 161 | { 162 | return 'decryption'; 163 | } 164 | 165 | } -------------------------------------------------------------------------------- /lib/rule-classes/class-PbfRule.php: -------------------------------------------------------------------------------- 1 | 9 | anyany'; 10 | static protected $templatexmlroot = null; 11 | 12 | /** @var ZoneRuleContainer|InterfaceContainer */ 13 | public $from; 14 | 15 | 16 | protected $_zoneBased = true; 17 | 18 | /** 19 | * For developer use only 20 | */ 21 | protected function load_from() 22 | { 23 | $tmp = DH::findFirstElementOrCreate('from', $this->xmlroot); 24 | 25 | $tmp = DH::firstChildElement($tmp); 26 | if( $tmp === null ) 27 | derr("PBF rule has nothing inside tag, please fix before going forward"); 28 | 29 | if( $tmp->tagName == 'zone' ) 30 | { 31 | $this->_zoneBased = true; 32 | $this->from = new ZoneRuleContainer($this); 33 | $this->from->name = 'from'; 34 | $this->from->findParentCentralStore(); 35 | $this->from->load_from_domxml($tmp); 36 | } 37 | elseif( $tmp->tagName == 'interface' ) 38 | { 39 | $this->_zoneBased = false; 40 | $this->from = new InterfaceContainer($this,$this->owner->_networkStore); 41 | $this->from->name = 'from'; 42 | $this->from->load_from_domxml($tmp); 43 | } 44 | else 45 | derr("PBF rule has unsupported type '{$tmp->tagName}'"); 46 | } 47 | 48 | /** 49 | * @param RuleStore $owner 50 | * @param bool $fromTemplateXML 51 | */ 52 | public function __construct($owner,$fromTemplateXML=false) 53 | { 54 | $this->owner = $owner; 55 | 56 | $this->parentAddressStore = $this->owner->owner->addressStore; 57 | $this->parentServiceStore = $this->owner->owner->serviceStore; 58 | 59 | $this->tags = new TagRuleContainer($this); 60 | 61 | $this->source = new AddressRuleContainer($this); 62 | $this->source->name = 'source'; 63 | $this->source->parentCentralStore = $this->parentAddressStore; 64 | 65 | $this->destination = new AddressRuleContainer($this); 66 | $this->destination->name = 'destination'; 67 | $this->destination->parentCentralStore = $this->parentAddressStore; 68 | 69 | $this->services = new ServiceRuleContainer($this); 70 | $this->services->name = 'service'; 71 | 72 | 73 | if( $fromTemplateXML ) 74 | { 75 | $xmlElement = DH::importXmlStringOrDie($owner->xmlroot->ownerDocument, self::$templatexml); 76 | $this->load_from_domxml($xmlElement); 77 | } 78 | } 79 | 80 | 81 | /** 82 | * @param DOMElement $xml 83 | * @throws Exception 84 | */ 85 | public function load_from_domxml($xml) 86 | { 87 | $this->xmlroot = $xml; 88 | 89 | $this->name = DH::findAttribute('name', $xml); 90 | if ($this->name === FALSE) 91 | derr("name not found\n"); 92 | 93 | $this->load_common_from_domxml(); 94 | 95 | $this->load_source(); 96 | $this->load_destination(); 97 | $this->load_from(); 98 | 99 | $this->userID_loadUsersFromXml(); 100 | $this->_readNegationFromXml(); 101 | 102 | // // 103 | // Begin extraction // 104 | // // 105 | $tmp = DH::findFirstElementOrCreate('service', $xml); 106 | $this->services->load_from_domxml($tmp); 107 | // end of zone extraction 108 | } 109 | 110 | /** 111 | * Helper function to quickly print a function properties to CLI 112 | */ 113 | public function display( $padding = 0) 114 | { 115 | $padding = str_pad('', $padding); 116 | 117 | $dis = ''; 118 | if( $this->disabled ) 119 | $dis = ''; 120 | 121 | $sourceNegated = ''; 122 | if( $this->sourceIsNegated() ) 123 | $sourceNegated = '*negated*'; 124 | 125 | $destinationNegated = ''; 126 | if( $this->destinationIsNegated() ) 127 | $destinationNegated = '*negated*'; 128 | 129 | 130 | print $padding."*Rule named '{$this->name}' $dis\n"; 131 | print $padding." From: " .$this->from->toString_inline()."\n"; 132 | print $padding." Source: $sourceNegated ".$this->source->toString_inline()."\n"; 133 | print $padding." Destination: $destinationNegated ".$this->destination->toString_inline()."\n"; 134 | print $padding." Service: ".$this->services->toString_inline()."\n"; 135 | if( !$this->userID_IsCustom() ) 136 | print $padding." User: *".$this->userID_type()."*\n"; 137 | else 138 | { 139 | $users = $this->userID_getUsers(); 140 | print $padding . " User: " . PH::list_to_string($users) . "\n"; 141 | } 142 | print $padding." Tags: ".$this->tags->toString_inline()."\n"; 143 | 144 | if( $this->_targets !== null ) 145 | print $padding." Targets: ".$this->targets_toString()."\n"; 146 | 147 | if( strlen($this->_description) > 0 ) 148 | print $padding." Desc: ".$this->_description."\n"; 149 | print "\n"; 150 | } 151 | 152 | public function cleanForDestruction() 153 | { 154 | $this->from->__destruct(); 155 | $this->source->__destruct(); 156 | $this->destination->__destruct(); 157 | $this->tags->__destruct(); 158 | $this->services->__destruct(); 159 | 160 | $this->from = null; 161 | $this->source = null; 162 | $this->destination = null; 163 | $this->tags = null; 164 | $this->services = null; 165 | 166 | $this->owner = null; 167 | } 168 | 169 | public function ruleNature() 170 | { 171 | return 'pbf'; 172 | } 173 | 174 | public function isPbfRule() 175 | { 176 | return true; 177 | } 178 | 179 | public function isZoneBased() 180 | { 181 | return $this->_zoneBased; 182 | } 183 | 184 | public function isInterfaceBased() 185 | { 186 | return !$this->_zoneBased; 187 | } 188 | 189 | 190 | public function storeVariableName() 191 | { 192 | return "pbfRules"; 193 | } 194 | 195 | 196 | } -------------------------------------------------------------------------------- /lib/rule-classes/class-RuleWithUserID.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | 19 | class RuleWithUserID extends Rule 20 | { 21 | const __UserIDType_Any = 0; 22 | const __UserIDType_Unknown = 1; 23 | const __UserIDType_Known = 2; 24 | const __UserIDType_PreLogon = 3; 25 | const __UserIDType_Custom = 4; 26 | 27 | static private $__UserIDTypes = Array( 28 | self::__UserIDType_Any => 'any', 29 | self::__UserIDType_Unknown => 'unknown', 30 | self::__UserIDType_Known => 'known', 31 | self::__UserIDType_PreLogon => 'pre-logon', 32 | self::__UserIDType_Custom => 'custom' 33 | ); 34 | 35 | protected $_userIDType = self::__UserIDType_Any; 36 | 37 | /** @var string[] */ 38 | protected $_users = Array(); 39 | 40 | function userID_IsAny() 41 | { 42 | return ($this->_userIDType == self::__UserIDType_Any); 43 | } 44 | function userID_IsUnknown() 45 | { 46 | return $this->_userIDType == self::__UserIDType_Unknown; 47 | } 48 | function userID_IsKnown() 49 | { 50 | return $this->_userIDType == self::__UserIDType_Known; 51 | } 52 | function userID_IsPreLogon() 53 | { 54 | return $this->_userIDType == self::__UserIDType_PreLogon; 55 | } 56 | function userID_IsCustom() 57 | { 58 | return $this->_userIDType == self::__UserIDType_Custom; 59 | } 60 | 61 | /** 62 | * @return string 63 | */ 64 | function userID_type() 65 | { 66 | return self::$__UserIDTypes[$this->_userIDType]; 67 | } 68 | 69 | function userID_getUsers() 70 | { 71 | return $this->_users; 72 | } 73 | 74 | /** 75 | * For developers only 76 | */ 77 | function userID_loadUsersFromXml() 78 | { 79 | $xml = DH::findFirstElement('source-user', $this->xmlroot); 80 | if( $xml === false ) 81 | return; 82 | 83 | foreach($xml->childNodes as $node) 84 | { 85 | /** @var DOMElement $node */ 86 | if( $node->nodeType != XML_ELEMENT_NODE ) 87 | continue; 88 | 89 | $content = $node->textContent; 90 | if( strlen($content) == 0 ) 91 | derr('empty username in rule', $node); 92 | 93 | if( $content == 'any' ) 94 | return; 95 | if( $content == 'unknown' ) 96 | { 97 | $this->_userIDType = self::__UserIDType_Unknown; 98 | return; 99 | } 100 | if( $content == 'known' ) 101 | { 102 | $this->_userIDType = self::__UserIDType_Known; 103 | return; 104 | } 105 | if( $content == 'pre-logon' ) 106 | { 107 | $this->_userIDType = self::__UserIDType_PreLogon; 108 | return; 109 | } 110 | 111 | $this->_users[] = $content; 112 | } 113 | 114 | $this->_userIDType = self::__UserIDType_Custom; 115 | } 116 | 117 | } 118 | -------------------------------------------------------------------------------- /lib/rule-classes/trait-NegatableRule.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /** 19 | * 20 | * @property DOMElement $xmlroot 21 | */ 22 | trait NegatableRule 23 | { 24 | protected $_sourceIsNegated = false; 25 | protected $_destinationIsNegated = false; 26 | 27 | public function sourceIsNegated() 28 | { 29 | return $this->_sourceIsNegated; 30 | } 31 | 32 | public function destinationIsNegated() 33 | { 34 | return $this->_destinationIsNegated; 35 | } 36 | 37 | protected function _readNegationFromXml() 38 | { 39 | $xml = $this->xmlroot; 40 | 41 | $sourceFound = false; 42 | $destinationFound = false; 43 | 44 | foreach($xml->childNodes as $node ) 45 | { 46 | if( $sourceFound && $destinationFound ) 47 | return; 48 | 49 | /** @var DOMElement $node */ 50 | if( $node->nodeType != XML_ELEMENT_NODE ) 51 | continue; 52 | 53 | if( $node->tagName == 'negate-source' ) 54 | $this->_sourceIsNegated = yesNoBool($node->textContent); 55 | else if( $node->tagName == 'negate-destination' ) 56 | $this->_destinationIsNegated = yesNoBool($node->textContent); 57 | } 58 | } 59 | 60 | /** 61 | * @param bool $yes 62 | * @return bool 63 | */ 64 | public function setSourceIsNegated($yes) 65 | { 66 | if( $this->_sourceIsNegated != $yes ) 67 | { 68 | $tmpRoot = DH::findFirstElement('negate-source', $this->xmlroot); 69 | if( $tmpRoot === false ) 70 | { 71 | if($yes) 72 | DH::createElement($this->xmlroot, 'negate-source', 'yes'); 73 | } 74 | else 75 | { 76 | if( !$yes ) 77 | $this->xmlroot->removeChild($tmpRoot); 78 | else 79 | DH::setDomNodeText($tmpRoot, 'yes'); 80 | } 81 | 82 | $this->_sourceIsNegated = $yes; 83 | 84 | return true; 85 | } 86 | 87 | return false; 88 | } 89 | 90 | /** 91 | * @param bool $yes 92 | * @return bool 93 | */ 94 | public function setDestinationIsNegated($yes) 95 | { 96 | if( $this->_destinationIsNegated != $yes ) 97 | { 98 | $tmpRoot = DH::findFirstElement('negate-destination', $this->xmlroot); 99 | if( $tmpRoot === false ) 100 | { 101 | if($yes) 102 | DH::createElement($this->xmlroot, 'negate-destination', 'yes'); 103 | } 104 | else 105 | { 106 | if( !$yes ) 107 | $this->xmlroot->removeChild($tmpRoot); 108 | else 109 | DH::setDomNodeText($tmpRoot, 'yes'); 110 | } 111 | 112 | $this->_destinationIsNegated = $yes; 113 | 114 | return true; 115 | } 116 | 117 | return false; 118 | } 119 | 120 | /** 121 | * @param bool $yes 122 | * @return bool 123 | */ 124 | public function API_setSourceIsNegated($yes) 125 | { 126 | $ret = $this->setSourceIsNegated($yes); 127 | 128 | if( $ret ) 129 | { 130 | $con = findConnectorOrDie($this); 131 | $con->sendSetRequest($this->getXPath(), ''.boolYesNo($yes).''); 132 | } 133 | 134 | return $ret; 135 | } 136 | 137 | /** 138 | * @param bool $yes 139 | * @return bool 140 | */ 141 | public function API_setDestinationIsNegated($yes) 142 | { 143 | $ret = $this->setDestinationIsNegated($yes); 144 | 145 | if( $ret ) 146 | { 147 | $con = findConnectorOrDie($this); 148 | $con->sendSetRequest($this->getXPath(), ''.boolYesNo($yes).''); 149 | } 150 | 151 | return $ret; 152 | } 153 | 154 | 155 | } -------------------------------------------------------------------------------- /mac_set_path_variable.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | FOLDER_PATH=$PWD 4 | 5 | echo "START \"set path variables\"" \ 6 | && echo "" \ 7 | && php -v \ 8 | && echo "" \ 9 | && echo "prepare php.ini and set include path" \ 10 | && sudo cp -f /etc/php.ini.default /etc/php.ini \ 11 | && sudo chmod u+w /etc/php.ini \ 12 | && echo "include_path = \".:/php/includes:${FOLDER_PATH}\"" | sudo tee -a /etc/php.ini \ 13 | && echo "" \ 14 | && echo "" \ 15 | && echo "check if everyting is successfully installed" \ 16 | && php -r "require('lib/pan_php_framework.php');print \"PAN-PHP-FRAMEWORK LIBRARY - OK INSTALL SUCCESSFUL\n\";" \ 17 | && echo "" \ 18 | && echo "" \ 19 | && echo "set user bash profile" \ 20 | && echo "source \"${FOLDER_PATH}/utils/alias.sh\"" >> ~/.profile \ 21 | && echo "source \"${FOLDER_PATH}/utils/alias.sh\"" >> ~/.bash_profile \ 22 | && echo "" \ 23 | && echo "" \ 24 | && echo "END script" 25 | -------------------------------------------------------------------------------- /tests/api_test_filters.php: -------------------------------------------------------------------------------- 1 | &1"; 30 | echo " * Executing CLI: {$cli}\n"; 31 | 32 | $output = Array(); 33 | $retValue = 0; 34 | 35 | exec($cli, $output, $retValue); 36 | 37 | foreach($output as $line) 38 | { 39 | echo ' ## '; echo $line; echo "\n"; 40 | } 41 | 42 | if( $retValue != 0 ) 43 | derr("CLI exit with error code '{$retValue}'"); 44 | echo "\n"; 45 | } 46 | 47 | //$api_ip_address = "192.168.55.208"; 48 | 49 | function display_error_usage_exit($msg) 50 | { 51 | fwrite(STDERR, PH::boldText("\n**ERROR** ").$msg."\n\n"); 52 | #display_usage_and_exit(true); 53 | } 54 | ######################################################################################################################## 55 | ######################################################################################################################## 56 | 57 | 58 | function runCommand($bin, &$stream, $force = true, $command = '') 59 | { 60 | $stream = ''; 61 | 62 | $bin .= $force ? " 2>&1" : ''; 63 | 64 | $descriptorSpec = array 65 | ( 66 | 0 => array('pipe', 'r'), 67 | 1 => array('pipe', 'w'), 68 | 2 => array('pipe', 'w'), 69 | ); 70 | 71 | $pipes = Array(); 72 | 73 | $process = proc_open($bin, $descriptorSpec, $pipes); 74 | 75 | if( $process !== FALSE ) 76 | { 77 | fwrite($pipes[0], $command); 78 | fclose($pipes[0]); 79 | 80 | $stream = stream_get_contents($pipes[1]); 81 | fclose($pipes[1]); 82 | 83 | $stream += stream_get_contents($pipes[2]); 84 | fclose($pipes[2]); 85 | 86 | return proc_close($process); 87 | } 88 | else 89 | return -1; 90 | 91 | } 92 | 93 | $totalFilterCount = 0; 94 | $totalFilterWithCiCount = 0; 95 | 96 | foreach( RQuery::$defaultFilters as $type => &$filtersByField ) 97 | { 98 | foreach($filtersByField as $fieldName => &$filtersByOperator ) 99 | { 100 | foreach( $filtersByOperator['operators'] as $operator => &$filter ) 101 | { 102 | $totalFilterCount++; 103 | 104 | if( !isset($filter['ci']) ) 105 | continue; 106 | 107 | $totalFilterWithCiCount++; 108 | 109 | if( $operator == '>,<,=,!' ) 110 | $operator = '<'; 111 | 112 | echo "\n\n\n *** Processing filter: {$type} / ({$fieldName} {$operator})\n"; 113 | 114 | $ci = &$filter['ci']; 115 | 116 | $filterString = str_replace('%PROP%', "{$fieldName} {$operator}", $ci['fString']); 117 | 118 | 119 | if( $type == 'rule' ) 120 | $util = '../utils/rules-edit.php'; 121 | elseif( $type == 'address' ) 122 | $util = '../utils/address-edit.php'; 123 | elseif( $type == 'service' ) 124 | $util = '../utils/service-edit.php'; 125 | elseif( $type == 'tag' ) 126 | $util = '../utils/tag-edit.php'; 127 | elseif( $type == 'app' ) 128 | { 129 | echo "******* SKIPPED for now *******\n"; 130 | continue; 131 | } 132 | else 133 | derr('unsupported'); 134 | 135 | $location = 'any'; 136 | $output = '/dev/null'; 137 | $ruletype = 'any'; 138 | 139 | 140 | $cli = "php $util in=api://{$api_ip_address} location={$location} actions=display 'filter={$filterString}'"; 141 | 142 | if( $type == 'rule' ) 143 | $cli .= " ruletype={$ruletype}"; 144 | 145 | $cli .= ' 2>&1'; 146 | 147 | echo " * Executing CLI: {$cli}\n"; 148 | 149 | $output = Array(); 150 | $retValue = 0; 151 | 152 | exec($cli, $output, $retValue); 153 | 154 | foreach($output as $line) 155 | { 156 | echo ' ## '; echo $line; echo "\n"; 157 | } 158 | 159 | if( $retValue != 0 ) 160 | derr("CLI exit with error code '{$retValue}'"); 161 | 162 | echo "\n"; 163 | 164 | } 165 | } 166 | } 167 | 168 | echo "\n***** *****\n"; 169 | echo " - Processed {$totalFilterCount} filters\n"; 170 | echo " - Found {$totalFilterWithCiCount} that are CI enabled\n"; 171 | 172 | echo "\n"; 173 | echo "\n*********** FINISHED TESTING FILTERS ************\n"; 174 | echo "*************************************************\n\n"; 175 | 176 | 177 | 178 | 179 | -------------------------------------------------------------------------------- /tests/api_test_mergers.php: -------------------------------------------------------------------------------- 1 | &1"; 28 | echo " * Executing CLI: {$cli}\n"; 29 | 30 | $output = Array(); 31 | $retValue = 0; 32 | 33 | exec($cli, $output, $retValue); 34 | 35 | foreach($output as $line) 36 | { 37 | echo ' ## '; echo $line; echo "\n"; 38 | } 39 | 40 | if( $retValue != 0 ) 41 | derr("CLI exit with error code '{$retValue}'"); 42 | echo "\n"; 43 | 44 | function display_error_usage_exit($msg) 45 | { 46 | fwrite(STDERR, PH::boldText("\n**ERROR** ").$msg."\n\n"); 47 | #display_usage_and_exit(true); 48 | } 49 | ######################################################################################################################## 50 | ######################################################################################################################## 51 | 52 | 53 | function runCommand($bin, &$stream, $force = true, $command = '') 54 | { 55 | $stream = ''; 56 | 57 | $bin .= $force ? " 2>&1" : ''; 58 | 59 | $descriptorSpec = array 60 | ( 61 | 0 => array('pipe', 'r'), 62 | 1 => array('pipe', 'w'), 63 | 2 => array('pipe', 'w'), 64 | ); 65 | 66 | $pipes = Array(); 67 | 68 | $process = proc_open($bin, $descriptorSpec, $pipes); 69 | 70 | if( $process !== FALSE ) 71 | { 72 | fwrite($pipes[0], $command); 73 | fclose($pipes[0]); 74 | 75 | $stream = stream_get_contents($pipes[1]); 76 | fclose($pipes[1]); 77 | 78 | $stream += stream_get_contents($pipes[2]); 79 | fclose($pipes[2]); 80 | 81 | return proc_close($process); 82 | } 83 | else 84 | return -1; 85 | 86 | } 87 | 88 | #$totalFilterCount = 0; 89 | #$totalFilterWithCiCount = 0; 90 | 91 | $test_merger = array( 'address', 'service', 'addressgroup', 'servicegroup' ); 92 | 93 | foreach( $test_merger as $merger ) 94 | { 95 | $ci['input'] = 'input/panorama-8.0-merger.xml'; 96 | 97 | echo "\n\n\n *** Processing merger: {$merger} \n"; 98 | 99 | $dupalgorithm_array = array(); 100 | if( $merger == 'address' ) 101 | { 102 | $util = '../utils/address-merger.php'; 103 | $dupalgorithm_array[] = ''; 104 | } 105 | elseif( $merger == 'addressgroup' ) 106 | { 107 | $util = '../utils/addressgroup-merger.php'; 108 | $dupalgorithm_array[] = 'SameMembers'; 109 | $dupalgorithm_array[] = 'SameIP4Mapping'; 110 | $dupalgorithm_array[] = 'Whereused'; 111 | 112 | } 113 | elseif( $merger == 'service' ) 114 | { 115 | $util = '../utils/service-merger.php'; 116 | $dupalgorithm_array[] = 'SamePorts'; 117 | $dupalgorithm_array[] = 'Whereused'; 118 | } 119 | elseif( $merger == 'servicegroup' ) 120 | { 121 | $util = '../utils/servicegroup-merger.php'; 122 | $dupalgorithm_array[] = 'SameMembers'; 123 | $dupalgorithm_array[] = 'SamePortMapping'; 124 | $dupalgorithm_array[] = 'Whereused'; 125 | } 126 | 127 | else 128 | derr('unsupported'); 129 | 130 | foreach( $dupalgorithm_array as $dupalgorithm) 131 | { 132 | $location = 'testDG'; 133 | $output = '/dev/null'; 134 | 135 | $cli = "php $util in=api://{$api_ip_address} location={$location} allowMergingWithUpperLevel"; 136 | 137 | if( $merger != 'address' ) 138 | $cli .= " DupAlgorithm={$dupalgorithm}"; 139 | 140 | $cli .= ' 2>&1'; 141 | 142 | echo " * Executing CLI: {$cli}\n"; 143 | 144 | $output = Array(); 145 | $retValue = 0; 146 | 147 | exec($cli, $output, $retValue); 148 | 149 | foreach($output as $line) 150 | { 151 | echo ' ## '; echo $line; echo "\n"; 152 | } 153 | 154 | if( $retValue != 0 ) 155 | derr("CLI exit with error code '{$retValue}'"); 156 | 157 | echo "\n"; 158 | } 159 | 160 | 161 | } 162 | 163 | echo "\n***** *****\n"; 164 | #echo " - Processed {$totalFilterCount} filters\n"; 165 | #echo " - Found {$totalFilterWithCiCount} that are CI enabled\n"; 166 | 167 | echo "\n"; 168 | echo "\n*********** FINISHED TESTING MERGERS ************\n"; 169 | echo "*************************************************\n\n"; 170 | 171 | 172 | 173 | 174 | -------------------------------------------------------------------------------- /tests/run_api_test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | 4 | if [ "$#" -ne 1 ]; then 5 | echo "" 6 | echo "ERROR: | Usage: $0 MGMT_IP_ADDRESS" >&2 7 | echo "" 8 | exit 1 9 | fi 10 | 11 | 12 | MGMTIP=$1 13 | 14 | php api_test_filters.php in=api://${MGMTIP} \ 15 | && php api_test_mergers.php in=api://${MGMTIP} -------------------------------------------------------------------------------- /tests/test_actions.php: -------------------------------------------------------------------------------- 1 | &1" : ''; 21 | 22 | $descriptorSpec = array 23 | ( 24 | 0 => array('pipe', 'r'), 25 | 1 => array('pipe', 'w'), 26 | 2 => array('pipe', 'w'), 27 | ); 28 | 29 | $pipes = Array(); 30 | 31 | $process = proc_open($bin, $descriptorSpec, $pipes); 32 | 33 | if( $process !== FALSE ) 34 | { 35 | fwrite($pipes[0], $command); 36 | fclose($pipes[0]); 37 | 38 | $stream = stream_get_contents($pipes[1]); 39 | fclose($pipes[1]); 40 | 41 | $stream += stream_get_contents($pipes[2]); 42 | fclose($pipes[2]); 43 | 44 | return proc_close($process); 45 | } 46 | else 47 | return -1; 48 | 49 | } 50 | 51 | $totalFilterCount = 0; 52 | $totalFilterWithCiCount = 0; 53 | $missing_filters = array(); 54 | 55 | foreach( RQuery::$defaultFilters as $type => &$filtersByField ) 56 | { 57 | foreach($filtersByField as $fieldName => &$filtersByOperator ) 58 | { 59 | foreach( $filtersByOperator['operators'] as $operator => &$filter ) 60 | { 61 | $totalFilterCount++; 62 | 63 | if( !isset($filter['ci']) ) 64 | { 65 | $missing_filters[$type][] = $fieldName . " ".$operator; 66 | continue; 67 | } 68 | 69 | 70 | $totalFilterWithCiCount++; 71 | 72 | if( $operator == '>,<,=,!' ) 73 | $operator = '<'; 74 | 75 | echo "\n\n\n *** Processing filter: {$type} / ({$fieldName} {$operator})\n"; 76 | 77 | $ci = &$filter['ci']; 78 | 79 | $filterString = str_replace('%PROP%', "{$fieldName} {$operator}", $ci['fString']); 80 | 81 | 82 | if( $type == 'rule' ) 83 | $util = '../utils/rules-edit.php'; 84 | elseif( $type == 'address' ) 85 | $util = '../utils/address-edit.php'; 86 | elseif( $type == 'service' ) 87 | $util = '../utils/service-edit.php'; 88 | elseif( $type == 'tag' ) 89 | $util = '../utils/tag-edit.php'; 90 | elseif( $type == 'app' ) 91 | { 92 | echo "******* SKIPPED for now *******\n"; 93 | continue; 94 | } 95 | else 96 | derr('unsupported'); 97 | 98 | $location = 'any'; 99 | $output = '/dev/null'; 100 | $ruletype = 'any'; 101 | 102 | 103 | $cli = "php $util in={$ci['input']} out={$output} location={$location} actions=display 'filter={$filterString}'"; 104 | 105 | if( $type == 'rule' ) 106 | $cli .= " ruletype={$ruletype}"; 107 | 108 | $cli .= ' 2>&1'; 109 | 110 | echo " * Executing CLI: {$cli}\n"; 111 | 112 | $output = Array(); 113 | $retValue = 0; 114 | 115 | exec($cli, $output, $retValue); 116 | 117 | foreach($output as $line) 118 | { 119 | echo ' ## '; echo $line; echo "\n"; 120 | } 121 | 122 | if( $retValue != 0 ) 123 | derr("CLI exit with error code '{$retValue}'"); 124 | 125 | echo "\n"; 126 | 127 | } 128 | } 129 | } 130 | 131 | echo "\n***** *****\n"; 132 | echo " - Processed {$totalFilterCount} filters\n"; 133 | echo " - Found {$totalFilterWithCiCount} that are CI enabled\n"; 134 | 135 | print_r($missing_filters); 136 | 137 | echo "\n"; 138 | echo "\n*********** FINISHED TESTING FILTERS ************\n"; 139 | echo "*************************************************\n\n"; 140 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /tests/test_mergers.php: -------------------------------------------------------------------------------- 1 | &1" : ''; 21 | 22 | $descriptorSpec = array 23 | ( 24 | 0 => array('pipe', 'r'), 25 | 1 => array('pipe', 'w'), 26 | 2 => array('pipe', 'w'), 27 | ); 28 | 29 | $pipes = Array(); 30 | 31 | $process = proc_open($bin, $descriptorSpec, $pipes); 32 | 33 | if( $process !== FALSE ) 34 | { 35 | fwrite($pipes[0], $command); 36 | fclose($pipes[0]); 37 | 38 | $stream = stream_get_contents($pipes[1]); 39 | fclose($pipes[1]); 40 | 41 | $stream += stream_get_contents($pipes[2]); 42 | fclose($pipes[2]); 43 | 44 | return proc_close($process); 45 | } 46 | else 47 | return -1; 48 | 49 | } 50 | 51 | #$totalFilterCount = 0; 52 | #$totalFilterWithCiCount = 0; 53 | 54 | $test_merger = array( 'address', 'service', 'addressgroup', 'servicegroup' ); 55 | 56 | foreach( $test_merger as $merger ) 57 | { 58 | $ci['input'] = 'input/panorama-8.0-merger.xml'; 59 | 60 | echo "\n\n\n *** Processing merger: {$merger} \n"; 61 | 62 | $dupalgorithm_array = array(); 63 | if( $merger == 'address' ) 64 | { 65 | $util = '../utils/address-merger.php'; 66 | $dupalgorithm_array[] = ''; 67 | } 68 | elseif( $merger == 'addressgroup' ) 69 | { 70 | $util = '../utils/addressgroup-merger.php'; 71 | $dupalgorithm_array[] = 'SameMembers'; 72 | $dupalgorithm_array[] = 'SameIP4Mapping'; 73 | $dupalgorithm_array[] = 'Whereused'; 74 | 75 | } 76 | elseif( $merger == 'service' ) 77 | { 78 | $util = '../utils/service-merger.php'; 79 | $dupalgorithm_array[] = 'SamePorts'; 80 | $dupalgorithm_array[] = 'Whereused'; 81 | } 82 | elseif( $merger == 'servicegroup' ) 83 | { 84 | $util = '../utils/servicegroup-merger.php'; 85 | $dupalgorithm_array[] = 'SameMembers'; 86 | $dupalgorithm_array[] = 'SamePortMapping'; 87 | $dupalgorithm_array[] = 'Whereused'; 88 | } 89 | 90 | else 91 | derr('unsupported'); 92 | 93 | foreach( $dupalgorithm_array as $dupalgorithm) 94 | { 95 | $location = 'testDG'; 96 | $output = '/dev/null'; 97 | 98 | $cli = "php $util in={$ci['input']} out={$output} location={$location} allowMergingWithUpperLevel"; 99 | 100 | if( $merger != 'address' ) 101 | $cli .= " DupAlgorithm={$dupalgorithm}"; 102 | 103 | $cli .= ' 2>&1'; 104 | 105 | echo " * Executing CLI: {$cli}\n"; 106 | 107 | $output = Array(); 108 | $retValue = 0; 109 | 110 | exec($cli, $output, $retValue); 111 | 112 | foreach($output as $line) 113 | { 114 | echo ' ## '; echo $line; echo "\n"; 115 | } 116 | 117 | if( $retValue != 0 ) 118 | derr("CLI exit with error code '{$retValue}'"); 119 | 120 | echo "\n"; 121 | } 122 | 123 | 124 | } 125 | 126 | echo "\n***** *****\n"; 127 | #echo " - Processed {$totalFilterCount} filters\n"; 128 | #echo " - Found {$totalFilterWithCiCount} that are CI enabled\n"; 129 | 130 | echo "\n"; 131 | echo "\n*********** FINISHED TESTING MERGERS ************\n"; 132 | echo "*************************************************\n\n"; 133 | 134 | 135 | 136 | 137 | -------------------------------------------------------------------------------- /utils/README.md: -------------------------------------------------------------------------------- 1 | PAN-PHP-FRAMEWORK 'utils' directory contains scripts which can run out of the box and are based on PAN-PHP-FRAMEWORK classes. 2 | 3 | Index of scripts: 4 | 5 | - **address-edit.php** : to make changes to address/group, you can use filters to make changes only to objects of 6 | interest. Makes it easy to delete unused objects for example or replace. Use argument 'help' for details and usage. 7 | 8 | - **address-merger.php** : merge address objects together. Useful when you want to do cleaning or reduce number of objects 9 | because of firewall capacity problems for example. A collection of filters and algorithms will make this tool very flexible 10 | to bring you a tailored process for your customer. 11 | 12 | - **addressgroup-merger.php** : merge address groups together. Useful when you want to do cleaning or reduce number of objects 13 | because of firewall capacity problems for example. A collection of filters and algorithms will make this tool very flexible 14 | to bring you a tailored process for your customer. 15 | 16 | - **checkpoint-exclude.php** : calculate a static value for checkpoint-exlusion groups out of the migration tool. 17 | Give it the name of the group and it will consider that member #1 is the 'include' group while member #2 is the 18 | 'exclude' group and make numeric calculations to replace all members by a set of IP-ranges. 19 | 20 | - **grp-static-to-dynamic.php** : converts a static group to a dynamic group by tagging its objects and replacing the 21 | group members by a query on that tag. 22 | 23 | - **override-finder.php** : find and display which parts of a firewall configuration are currently overriding 24 | the Template pushed by Panorama. 25 | 26 | - **rules-edit.php** : mass rule editor for PANOS and Panorama, it can work on backup files on your hard drive or with 27 | API. You can filter rules to modify with a query and then apply changes to all selected rules. Use 'php rules-edit.php 28 | help' for usage details. 29 | 30 | - **rule-merger.php** : script to merge similar rules together. Various options to define common criteria, adjacency 31 | limits, stop after a deny etc etc are also included. 32 | 33 | - **service-edit.php** : to make changes to service/group, you can use filters to make changes only to objects of 34 | interest. Makes it easy to delete unused objects for example. 35 | 36 | - **service-merger.php** : merge address objects together. Useful when you want to do cleaning or reduce number of objects 37 | because of firewall capacity problems for example. A collection of filters and algorithms will make this tool very flexible 38 | to bring you a tailored process for your customer. 39 | 40 | - **servicegroup-merger.php** : merge service groups together. Useful when you want to do cleaning or reduce number of objects 41 | because of firewall capacity problems for example. A collection of filters and algorithms will make this tool very flexible 42 | to bring you a tailored process for your customer. 43 | 44 | - **tag-edit.php** : to make changes to tags, you can use filters to make changes only to objects of 45 | interest. 46 | 47 | - **upload-config.php** : tool for easy upload/download of configuration on a PANOS device. ie: if you want to 48 | replicate a config from a device to another but just keep management IP address. Use 'help' argument for more details. 49 | 50 | - **userid-mgr.php** : allows you to register/unregister/dump UserID record through PANOS API 51 | 52 | 53 | -------------------------------------------------------------------------------- /utils/alias.sh: -------------------------------------------------------------------------------- 1 | 2 | 3 | alias pa_rule-edit='php -r "require_once '"'"'utils/rules-edit.php'"'"';" $@' 4 | alias pa_rule-merger='php -r "require_once '"'"'utils/rule-merger.php'"'"';" $@' 5 | alias pa_rule-stats='php -r "require_once '"'"'utils/rules-stats.php'"'"';" $@' 6 | 7 | alias pa_address-edit='php -r "require_once '"'"'utils/address-edit.php'"'"';" $@' 8 | alias pa_address-merger='php -r "require_once '"'"'utils/address-merger.php'"'"';" $@' 9 | alias pa_addressgroup-merger='php -r "require_once '"'"'utils/addressgroup-merger.php'"'"';" $@' 10 | 11 | alias pa_service-edit='php -r "require_once '"'"'utils/service-edit.php'"'"';" $@' 12 | alias pa_service-merger='php -r "require_once '"'"'utils/service-merger.php'"'"';" $@' 13 | alias pa_servicegroup-merger='php -r "require_once '"'"'utils/servicegroup-merger.php'"'"';" $@' 14 | 15 | alias pa_tag-edit='php -r "require_once '"'"'utils/tag-edit.php'"'"';" $@' 16 | 17 | alias pa_upload-config='php -r "require_once '"'"'utils/upload-config.php'"'"';" $@' 18 | alias pa_override-finder='php -r "require_once '"'"'utils/override-finder.php'"'"';" $@' 19 | alias pa_userid-mgr='php -r "require_once '"'"'utils/userid-mgr.php'"'"';" $@' 20 | alias pa_register-ip-mgr='php -r "require_once '"'"'utils/register-ip-mgr.php'"'"';" $@' 21 | 22 | alias pa_key-manager='php -r "require_once '"'"'utils/key-manager.php'"'"';" $@' 23 | 24 | alias pa_ckp-exclude='php -r "require_once '"'"'utils/checkpoint-exclude.php'"'"';" $@' 25 | 26 | alias pa_download-predefined='php -r "require_once '"'"'utils/download_predefined.php'"'"';" $@' 27 | alias pa_diff='php -r "require_once '"'"'utils/pan-diff.php'"'"';" $@' 28 | alias pa_panos-xml-issue-detector='php -r "require_once '"'"'utils/panos-xml-issue-detector.php'"'"';" $@' 29 | alias pa_appid-enabler='php -r "require_once '"'"'utils/appid-enabler.php'"'"';" $@' 30 | 31 | 32 | 33 | 34 | alias pa_interface='php -r "require_once '"'"'utils/develop/interface.php'"'"';" $@' 35 | alias pa_routing='php -r "require_once '"'"'utils/develop/routing.php'"'"';" $@' 36 | alias pa_zone='php -r "require_once '"'"'utils/develop/zone.php'"'"';" $@' 37 | alias pa_vsys='php -r "require_once '"'"'utils/develop/vsys.php'"'"';" $@' 38 | alias pa_vwire='php -r "require_once '"'"'utils/develop/vwire.php'"'"';" $@' 39 | 40 | 41 | alias pa_ike='php -r "require_once '"'"'utils/develop/ike.php'"'"';" $@' -------------------------------------------------------------------------------- /utils/common/html-export-template.html: -------------------------------------------------------------------------------- 1 | 5 | 6 | 22 | 23 | 24 | 25 | 26 | 27 | %TableHeaders% 28 | 29 | 30 | 31 | %lines% 32 | 33 |
34 | 35 |
36 | 39 |
40 | -------------------------------------------------------------------------------- /utils/common/jquery.stickytableheaders.min.js: -------------------------------------------------------------------------------- 1 | !function(a,b){"use strict";function c(c,g){var h=this;h.$el=a(c),h.el=c,h.id=e++,h.$el.bind("destroyed",a.proxy(h.teardown,h)),h.$clonedHeader=null,h.$originalHeader=null,h.cachedHeaderHeight=null,h.isSticky=!1,h.hasBeenSticky=!1,h.leftOffset=null,h.topOffset=null,h.init=function(){h.setOptions(g),h.$el.each(function(){var b=a(this);b.css("padding",0),h.$originalHeader=a("thead:first",this),h.$clonedHeader=h.$originalHeader.clone(),b.trigger("clonedHeader."+d,[h.$clonedHeader]),h.$clonedHeader.addClass("tableFloatingHeader"),h.$clonedHeader.css({display:"none",opacity:0}),h.$originalHeader.addClass("tableFloatingHeaderOriginal"),h.$originalHeader.after(h.$clonedHeader),h.$printStyle=a(''),h.$head.append(h.$printStyle)}),h.updateWidth(),h.toggleHeaders(),h.bind()},h.destroy=function(){h.$el.unbind("destroyed",h.teardown),h.teardown()},h.teardown=function(){h.isSticky&&h.$originalHeader.css("position","static"),a.removeData(h.el,"plugin_"+d),h.unbind(),h.$clonedHeader.remove(),h.$originalHeader.removeClass("tableFloatingHeaderOriginal"),h.$originalHeader.css("visibility","visible"),h.$printStyle.remove(),h.el=null,h.$el=null},h.bind=function(){h.$scrollableArea.on("scroll."+d,h.toggleHeaders),h.isWindowScrolling||(h.$window.on("scroll."+d+h.id,h.setPositionValues),h.$window.on("resize."+d+h.id,h.toggleHeaders)),h.$scrollableArea.on("resize."+d,h.toggleHeaders),h.$scrollableArea.on("resize."+d,h.updateWidth)},h.unbind=function(){h.$scrollableArea.off("."+d,h.toggleHeaders),h.isWindowScrolling||(h.$window.off("."+d+h.id,h.setPositionValues),h.$window.off("."+d+h.id,h.toggleHeaders)),h.$scrollableArea.off("."+d,h.updateWidth)},h.debounce=function(a,b){var c=null;return function(){var d=this,e=arguments;clearTimeout(c),c=setTimeout(function(){a.apply(d,e)},b)}},h.toggleHeaders=h.debounce(function(){h.$el&&h.$el.each(function(){var b,c=a(this),e=h.isWindowScrolling?isNaN(h.options.fixedOffset)?h.options.fixedOffset.outerHeight():h.options.fixedOffset:h.$scrollableArea.offset().top+(isNaN(h.options.fixedOffset)?0:h.options.fixedOffset),f=c.offset(),g=h.$scrollableArea.scrollTop()+e,i=h.$scrollableArea.scrollLeft(),j=h.options.cacheHeaderHeight?h.cachedHeaderHeight:h.$clonedHeader.height(),k=h.isWindowScrolling?g>f.top:e>f.top,l=(h.isWindowScrolling?g:0)a||a+h.$window.height()>h.$document.height()||0>b||b+h.$window.width()>h.$document.width()||h.$originalHeader.css({top:h.topOffset-(h.isWindowScrolling?0:a),left:h.leftOffset-(h.isWindowScrolling?0:b)})},0),h.updateWidth=h.debounce(function(){if(h.isSticky){h.$originalHeaderCells||(h.$originalHeaderCells=a("th,td",h.$originalHeader)),h.$clonedHeaderCells||(h.$clonedHeaderCells=a("th,td",h.$clonedHeader));var b=h.getWidth(h.$clonedHeaderCells);h.setWidth(b,h.$clonedHeaderCells,h.$originalHeaderCells),h.$originalHeader.css("width",h.$clonedHeader.width()),h.options.cacheHeaderHeight&&(h.cachedHeaderHeight=h.$clonedHeader.height())}},0),h.getWidth=function(c){var d=[];return c.each(function(c){var e,f=a(this);if("border-box"===f.css("box-sizing")){var g=f[0].getBoundingClientRect();e=g.width?g.width:g.right-g.left}else{var i=a("th",h.$originalHeader);if("collapse"===i.css("border-collapse"))if(b.getComputedStyle)e=parseFloat(b.getComputedStyle(this,null).width);else{var j=parseFloat(f.css("padding-left")),k=parseFloat(f.css("padding-right")),l=parseFloat(f.css("border-width"));e=f.outerWidth()-j-k-l}else e=f.width()}d[c]=e}),d},h.setWidth=function(a,b,c){b.each(function(b){var d=a[b];c.eq(b).css({"min-width":d,"max-width":d})})},h.resetWidth=function(b,c){b.each(function(b){var d=a(this);c.eq(b).css({"min-width":d.css("min-width"),"max-width":d.css("max-width")})})},h.setOptions=function(b){h.options=a.extend({},f,b),h.$window=a(h.options.objWindow),h.$head=a(h.options.objHead),h.$document=a(h.options.objDocument),h.$scrollableArea=a(h.options.scrollableArea),h.isWindowScrolling=h.$scrollableArea[0]===h.$window[0]},h.updateOptions=function(a){h.setOptions(a),h.unbind(),h.bind(),h.updateWidth(),h.toggleHeaders()},h.init()}var d="stickyTableHeaders",e=0,f={fixedOffset:0,leftOffset:0,marginTop:0,objDocument:document,objHead:"head",objWindow:b,scrollableArea:b,cacheHeaderHeight:!1};a.fn[d]=function(b){return this.each(function(){var e=a.data(this,"plugin_"+d);e?"string"==typeof b?e[b].apply(e):e.updateOptions(b):"destroy"!==b&&a.data(this,"plugin_"+d,new c(this,b))})}}(jQuery,window); -------------------------------------------------------------------------------- /utils/common/misc.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | PAN-PHP-FRAMEWORK Utilities Helper 6 | 7 | 8 | 9 | 10 | 53 | 54 | 55 | 62 |
63 |
64 |
65 | 66 | 69 |
70 |
71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 |
nameArgumentsArg. TypeDefault ValueChoicesDescription
87 |
88 |
89 |
90 |
91 | 92 | 95 |
96 |
97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 |
NameOperatorDescription
110 |
111 |
112 | 113 |
114 | 115 | 116 | 117 | 133 | 134 | 135 | -------------------------------------------------------------------------------- /utils/doc/res/action.js: -------------------------------------------------------------------------------- 1 | function updateActionTable(actionSet) 2 | { 3 | var html = ''; 4 | 5 | var actionTableContent = $('#action-table-content'); 6 | actionTableContent.html(''); 7 | 8 | for (var actionIndex=0; actionIndex'; 14 | 15 | 16 | //console.log(action); 17 | 18 | if( action.args !== null && action.args !== false ) 19 | { 20 | var first = true; 21 | for( var argIndex=0; argIndex< action.args.length; argIndex++) 22 | { 23 | var arg = action.args[argIndex]; 24 | if( argIndex != 0 ) 25 | html += '
'; 26 | first = false; 27 | var help = (arg.help !== undefined) ? arg.help : 'description not available'; 28 | 29 | html += '#' + (argIndex+1) + ' ' +arg.name + '' 30 | 31 | } 32 | } 33 | html += ''; 34 | 35 | if( action.args !== null && action.args !== false ) 36 | { 37 | var first = true; 38 | for( var argIndex=0; argIndex< action.args.length; argIndex++) 39 | { 40 | var arg = action.args[argIndex]; 41 | if( argIndex != 0 ) 42 | html += '
'; 43 | first = false; 44 | html += arg.type; 45 | } 46 | } 47 | html += ''; 48 | 49 | if( action.args !== null && action.args !== false ) 50 | { 51 | var first = true; 52 | for( var argIndex=0; argIndex< action.args.length; argIndex++) 53 | { 54 | var arg = action.args[argIndex]; 55 | if( argIndex != 0 ) 56 | html += '
'; 57 | first = false; 58 | html += arg.default; 59 | } 60 | } 61 | html += ''; 62 | 63 | if( action.args !== null && action.args !== false ) 64 | { 65 | var first = true; 66 | for( var argIndex=0; argIndex< action.args.length; argIndex++) 67 | { 68 | var arg = action.args[argIndex]; 69 | if( argIndex != 0 ) 70 | html += '
'; 71 | first = false; 72 | 73 | if( arg.choices !== undefined ) 74 | { 75 | var firstArg = true; 76 | for( var choice of arg.choices ) { 77 | if( !firstArg ) 78 | html += ' | '; 79 | html += choice; 80 | firstArg = false; 81 | } 82 | } 83 | else{ 84 | html += ' '; 85 | } 86 | } 87 | } 88 | html += ''; 89 | 90 | if( action.help !== null ) { 91 | //Remove   92 | var re = new RegExp(' ', 'g'); 93 | var helpString = action.help.replace(re," "); 94 | var help = helpString; 95 | //@todo calcule ratio largeur fenetre td 96 | var helpMaxSize = 150; 97 | 98 | if(help.length > helpMaxSize) { 99 | help = '
' + truncateHTML(helpString, helpMaxSize); 100 | help += '...
'; 101 | help += '' 102 | } 103 | html += help; 104 | } 105 | 106 | html += ''; 107 | 108 | 109 | 110 | 111 | 112 | html += ''; 113 | } 114 | 115 | actionTableContent.html(html); 116 | $('.bs-tooltip').tooltip(); 117 | 118 | $('.expander').off('click').on('click',function() { 119 | var html = $(this).html() 120 | 121 | $(this).html($(this).next().html()); 122 | $(this).next().html(html); 123 | }); 124 | } 125 | 126 | function displayActionWindow() 127 | { 128 | //Update table 129 | $('#actions-select').on('change', function() { 130 | var value = this.value; 131 | updateActionTable(data.actions[value]); 132 | }); 133 | //Default 134 | updateActionTable(data.actions.rule); 135 | 136 | //Selectbox 137 | var theHtml = ''; 138 | for (var key in data.actions) { 139 | theHtml += ''; 140 | } 141 | $('#actions-select').html(theHtml); 142 | } -------------------------------------------------------------------------------- /utils/doc/res/filter.js: -------------------------------------------------------------------------------- 1 | function updateFilterTable(filterSet) 2 | { 3 | var html = ''; 4 | 5 | var filterTableContent = $('#filter-table-content'); 6 | filterTableContent.html(''); 7 | 8 | for (var filterIndex=0; filterIndex'; 14 | 15 | //OPERATORS 16 | if(filter.operators.length > 0) { 17 | html+= ''; 18 | html+= ''; 19 | for(var idx = 0; idx < filter.operators.length; idx++) { 20 | html+= ''; 21 | 22 | for (var key in filter.operators[idx]) { 23 | var width = 25; 24 | if('name' == key) { 25 | width=75; 26 | } 27 | html+= ''; 28 | } 29 | html+=''; 30 | } 31 | html+= '
'+filter.operators[idx][key] +'
'; 32 | } 33 | //console.log(filter.operators.length); 34 | html += ''; 35 | if( filter.help !== null ) { 36 | //Remove   37 | var re = new RegExp(' ', 'g'); 38 | var helpString = filter.help.replace(re," "); 39 | var help = helpString; 40 | //@todo calcule ratio largeur fenetre td 41 | var helpMaxSize = 150; 42 | 43 | if(help.length > helpMaxSize) { 44 | help = '
' + truncateHTML(helpString, helpMaxSize); 45 | help += '...
'; 46 | help += '' 47 | } 48 | html += help; 49 | } 50 | 51 | html += ''; 52 | 53 | 54 | 55 | 56 | 57 | html += ''; 58 | } 59 | 60 | filterTableContent.html(html); 61 | $('.bs-tooltip').tooltip(); 62 | 63 | $('.expander').off('click').on('click',function() { 64 | var html = $(this).html() 65 | 66 | $(this).html($(this).next().html()); 67 | $(this).next().html(html); 68 | }); 69 | } 70 | 71 | function displayFilterWindow() 72 | { 73 | $('#filters-select').on('change', function() { 74 | var value = this.value; 75 | updateFilterTable(data.filters[value]); 76 | }); 77 | 78 | //Default 79 | updateFilterTable(data.filters.rule); 80 | 81 | //Selectbox 82 | var theHtml = ''; 83 | for (var key in data.filters) { 84 | theHtml += ''; 85 | } 86 | $('#filters-select').html(theHtml); 87 | 88 | 89 | } -------------------------------------------------------------------------------- /utils/doc/res/generator.php: -------------------------------------------------------------------------------- 1 | and Sven Waschkut 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | echo "\n***********************************************\n"; 20 | echo "************ DOC GENERATOR **************\n\n"; 21 | 22 | require_once("../../../lib/pan_php_framework.php"); 23 | require_once("../../common/actions.php"); 24 | 25 | $dataFile = __DIR__.'/data.js'; 26 | 27 | function &generateActionJSON(&$actions) 28 | { 29 | 30 | $result = Array(); 31 | foreach($actions as $action) 32 | { 33 | $record = Array( 'name' => $action['name'],'help' => null, 'args' => false ); 34 | 35 | if( isset($action['help']) ) 36 | $record['help'] = str_replace( Array("\n" , ' '), 37 | Array("
", ' '), 38 | $action['help']); 39 | 40 | if( isset($action['args']) && $action['args'] !== false ) 41 | { 42 | $record['args'] = Array(); 43 | foreach($action['args'] as $argName => $arg) 44 | { 45 | $tmpArr = $arg; 46 | if( isset($arg['help']) ) 47 | $arg['help'] = str_replace( Array("\n" , ' '), 48 | Array("
", ' '), 49 | $arg['help']); 50 | $tmpArr['name'] = $argName; 51 | $record['args'][] = $tmpArr; 52 | } 53 | } 54 | 55 | $result[] = $record; 56 | } 57 | 58 | return $result; 59 | } 60 | $actionsData = Array(); 61 | $actionsData['rule'] = generateActionJSON(RuleCallContext::$supportedActions); 62 | $actionsData['address'] = generateActionJSON(AddressCallContext::$supportedActions); 63 | $actionsData['service'] = generateActionJSON(ServiceCallContext::$supportedActions); 64 | $actionsData['tag'] = generateActionJSON(TagCallContext::$supportedActions); 65 | 66 | function &generateFilterJSON($filters) 67 | { 68 | $result = Array(); 69 | 70 | ksort($filters); 71 | 72 | foreach( $filters as $name => $filter) 73 | { 74 | $record = Array( 'name' => $name,'help' => null, 'operators' => Array() ); 75 | ksort($filter['operators']); 76 | 77 | foreach( $filter['operators'] as $opName => $opDetails) 78 | { 79 | $opRecord = Array('name' => $opName, 'help' => null, 'argument' => null); 80 | 81 | if( isset($opDetails['arg']) && $opDetails['arg'] === true ) 82 | $opRecord['argument'] = '*required*'; 83 | 84 | if( isset($opDetails['help']) ) 85 | $opRecord['help'] = $opDetails['help']; 86 | 87 | $record['operators'][] = $opRecord; 88 | } 89 | 90 | $result[] = $record; 91 | } 92 | 93 | return $result; 94 | } 95 | $filtersData = Array(); 96 | $filtersData['rule'] = generateFilterJSON(RQuery::$defaultFilters['rule']); 97 | $filtersData['address'] = generateFilterJSON(RQuery::$defaultFilters['address']); 98 | $filtersData['service'] = generateFilterJSON(RQuery::$defaultFilters['service']); 99 | $filtersData['tag'] = generateFilterJSON(RQuery::$defaultFilters['tag']); 100 | 101 | 102 | $data = Array('actions' => &$actionsData, 'filters' => &$filtersData ); 103 | 104 | $data = 'var data = '.json_encode($data, JSON_PRETTY_PRINT) .';'; 105 | 106 | file_put_contents($dataFile, $data); 107 | 108 | echo "\nDOC GENERATED !!!\n\n"; -------------------------------------------------------------------------------- /utils/doc/res/utils.js: -------------------------------------------------------------------------------- 1 | /** 2 | * found on stackoverflow 3 | */ 4 | function truncateHTML(text, length) { 5 | var truncated = text.substring(0, length); 6 | // Remove line breaks and surrounding whitespace 7 | truncated = truncated.replace(/(\r\n|\n|\r)/gm,"").trim(); 8 | // If the text ends with an incomplete start tag, trim it off 9 | truncated = truncated.replace(/<(\w*)(?:(?:\s\w+(?:={0,1}(["']{0,1})\w*\2{0,1})))*$/g, ''); 10 | // If the text ends with a truncated end tag, fix it. 11 | var truncatedEndTagExpr = /<\/((?:\w*))$/g; 12 | var truncatedEndTagMatch = truncatedEndTagExpr.exec(truncated); 13 | if (truncatedEndTagMatch != null) { 14 | var truncatedEndTag = truncatedEndTagMatch[1]; 15 | // Check to see if there's an identifiable tag in the end tag 16 | if (truncatedEndTag.length > 0) { 17 | // If so, find the start tag, and close it 18 | var startTagExpr = new RegExp( 19 | "<(" + truncatedEndTag + "\\w?)(?:(?:\\s\\w+(?:=([\"\'])\\w*\\2)))*>"); 20 | var testString = truncated; 21 | var startTagMatch = startTagExpr.exec(testString); 22 | 23 | var startTag = null; 24 | while (startTagMatch != null) { 25 | startTag = startTagMatch[1]; 26 | testString = testString.replace(startTagExpr, ''); 27 | startTagMatch = startTagExpr.exec(testString); 28 | } 29 | if (startTag != null) { 30 | truncated = truncated.replace(truncatedEndTagExpr, ''); 31 | } 32 | } else { 33 | // Otherwise, cull off the broken end tag 34 | truncated = truncated.replace(truncatedEndTagExpr, ''); 35 | } 36 | } 37 | // Now the tricky part. Reverse the text, and look for opening tags. For each opening tag, 38 | // check to see that he closing tag before it is for that tag. If not, append a closing tag. 39 | var testString = reverseHtml(truncated); 40 | var reverseTagOpenExpr = /<(?:(["'])\w*\1=\w+ )*(\w*)>/; 41 | var tagMatch = reverseTagOpenExpr.exec(testString); 42 | while (tagMatch != null) { 43 | var tag = tagMatch[0]; 44 | var tagName = tagMatch[2]; 45 | var startPos = tagMatch.index; 46 | var endPos = startPos + tag.length; 47 | var fragment = testString.substring(0, endPos); 48 | // Test to see if an end tag is found in the fragment. If not, append one to the end 49 | // of the truncated HTML, thus closing the last unclosed tag 50 | if (!new RegExp("<" + tagName + "\/>").test(fragment)) { 51 | truncated += ''; 52 | } 53 | // Get rid of the already tested fragment 54 | testString = testString.replace(fragment, ''); 55 | // Get another tag to test 56 | tagMatch = reverseTagOpenExpr.exec(testString); 57 | } 58 | return truncated; 59 | } 60 | 61 | function reverseHtml(str) { 62 | var ph = String.fromCharCode(206); 63 | var result = str.split('').reverse().join(''); 64 | while (result.indexOf('<') > -1) { 65 | result = result.replace('<',ph); 66 | } 67 | while (result.indexOf('>') > -1) { 68 | result = result.replace('>', '<'); 69 | } 70 | while (result.indexOf(ph) > -1) { 71 | result = result.replace(ph, '>'); 72 | } 73 | return result; 74 | } --------------------------------------------------------------------------------