Skip to content

Commit

Permalink
Merge pull request #776 from swaschkut/main
Browse files Browse the repository at this point in the history
version 2.1.17
  • Loading branch information
swaschkut authored Sep 20, 2023
2 parents b07de57 + b3e29d7 commit 512ca29
Show file tree
Hide file tree
Showing 23 changed files with 3,825 additions and 160 deletions.
22 changes: 21 additions & 1 deletion CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,26 @@
CHANGELOG

2.1.16
2.1.17
UTIL:
* type=certificate | extend to TemplateStack
* introduce class SharedGatewayStore | extend different classes to support SharedGateway
* type=zone | extend with SharedGateway
* type=rule | extend with SharedGateway
* type=service | improvement for SharedGateway - class VirtualSystem
* develop script "shared_gateway.php" | introduction
* type=address in=api://192.168.55.129 'actions=combine-addressgroups:{NEW_GROUP_NAME},true' 'filter=(name regex /{FILTER}/)'
* type=gcp actions=validation | introduction of new action
* type=gcp actions=image-validation | introduction of new action
* type=device | extend to display for FW config, per default also all sharedgateways in additional to vsys

BUGFIX:
* type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands

GENERAL:
* update App-ID version to: 8756-8298


2.1.16 (20230908)
UTIL:
* type=address | new 'filter=(name same.as.region.predefined)'
* class UTIL | extend if API mode - with App-id/AV/WF/Threat version info
Expand Down
68 changes: 68 additions & 0 deletions lib/device-and-system-classes/PANConf.php
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ class PANConf
/** @var VirtualSystem[] */
public $virtualSystems = array();

/** @var VirtualSystem[] */
public $sharedGateways = array();

/** @var PanAPIConnector|null $connector */
public $connector = null;

Expand Down Expand Up @@ -134,6 +137,30 @@ class PANConf
/** @var SecurityProfileStore */
public $HipProfilesProfileStore = null;

/** @var SecurityProfileStore */
public $GTPProfileStore = null;

/** @var SecurityProfileStore */
public $SCEPProfileStore = null;

/** @var SecurityProfileStore */
public $PacketBrokerProfileStore = null;

/** @var SecurityProfileStore */
public $SDWanErrorCorrectionProfileStore = null;

/** @var SecurityProfileStore */
public $SDWanPathQualityProfileStore = null;

/** @var SecurityProfileStore */
public $SDWanSaasQualityProfileStore = null;

/** @var SecurityProfileStore */
public $SDWanTrafficDistributionProfileStore = null;

/** @var SecurityProfileStore */
public $DataObjectsProfileStore = null;

/** @var ScheduleStore */
public $scheduleStore = null;

Expand Down Expand Up @@ -678,6 +705,23 @@ public function findVSYS_by_displayName($displayname)
return null;
}

/**
* @param string $name
* @return VirtualSystem|null
*/
public function findSharedGateway_by_displayName($displayname)
{
$tmp_vsys = $this->getSharedGateways();
foreach( $tmp_vsys as $vsys )
{
if( $vsys->alternativeName() == $displayname )
return $vsys;

}

return null;
}

/**
* @param string $name
* @return VirtualSystem|null
Expand All @@ -695,6 +739,23 @@ public function findVirtualSystem($name)
return null;
}

/**
* @param string $name
* @return VirtualSystem|null
*/
public function findSharedGateway($name)
{
foreach( $this->sharedGateways as $vsys )
{
if( $vsys->name() == $name )
{
return $vsys;
}
}

return null;
}

/**
* @param string $fileName
* @param bool $printMessage
Expand Down Expand Up @@ -767,6 +828,13 @@ public function getVirtualSystems()
return $this->virtualSystems;
}

/**
* @return VirtualSystem[]
*/
public function getSharedGateways()
{
return $this->sharedGateways;
}

public function display_statistics( $connector = null )
{
Expand Down
22 changes: 22 additions & 0 deletions lib/device-and-system-classes/TemplateStack.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ class TemplateStack

public $FirewallsSerials = array();

/** @var CertificateStore */
public $certificateStore = null;

/** @var PANConf */
public $deviceConfiguration;

Expand All @@ -49,6 +52,9 @@ public function __construct($name, $owner)
$this->name = $name;
$this->owner = $owner;
$this->deviceConfiguration = new PANConf(null, null, $this);

$this->certificateStore = new CertificateStore($this);
$this->certificateStore->setName('certificateStore');
}

public function load_from_domxml(DOMElement $xml)
Expand Down Expand Up @@ -98,7 +104,23 @@ public function load_from_domxml(DOMElement $xml)
if( $tmp !== false )
{
$this->deviceConfiguration->load_from_domxml($tmp);

$shared = DH::findFirstElement('shared', $tmp);
if( $shared !== false )
{
//
// Extract Certificate objects
//
$tmp = DH::findFirstElement('certificate', $shared);
if( $tmp !== FALSE )
{
$this->certificateStore->load_from_domxml($tmp);
}
// End of Certificate objects extraction
}
}


}

public function name()
Expand Down
118 changes: 87 additions & 31 deletions lib/device-and-system-classes/VirtualSystem.php
Original file line number Diff line number Diff line change
Expand Up @@ -178,27 +178,44 @@ class VirtualSystem
public $version = null;
public $apiCache;


public function __construct(PANConf $owner, DeviceGroup $applicableDG = null)
/**
* VirtualSystem constructor.
* @param PANConf|SharedGatewayStore $owner
* @param DeviceGroup $applicableDG
*/
public function __construct( $owner, $applicableDG = null)
{
$this->owner = $owner;

$this->parentDeviceGroup = $applicableDG;

$this->version = &$owner->version;

$this->tagStore = new TagStore($this);
$this->tagStore->name = 'tags';

$this->importedInterfaces = new InterfaceContainer($this, $owner->network);
$this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->network);
if( get_class($owner) == "SharedGatewayStore" )
{
$this->version = &$owner->owner->version;

$this->importedInterfaces = new InterfaceContainer($this, $owner->owner->network);
$this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->owner->network);
}
else
{
$this->version = &$owner->version;

$this->importedInterfaces = new InterfaceContainer($this, $owner->network);
$this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->network);
}



#$this->appStore = $owner->appStore;
$this->appStore = new AppStore($this);
$this->appStore->name = 'customApplication';

$this->threatStore = $owner->threatStore;
if( get_class($owner) !== "SharedGatewayStore" )
$this->threatStore = $owner->threatStore;

$this->zoneStore = new ZoneStore($this);
$this->zoneStore->setName('zoneStore');
Expand Down Expand Up @@ -321,8 +338,36 @@ public function __construct(PANConf $owner, DeviceGroup $applicableDG = null)
$this->sdWanRules->name = 'SDWan';


$this->dosRules->_networkStore = $this->owner->network;
$this->pbfRules->_networkStore = $this->owner->network;
if( get_class($owner) === "SharedGatewayStore" )
{
$this->dosRules->_networkStore = $this->owner->owner->network;
$this->pbfRules->_networkStore = $this->owner->owner->network;
}
else
{
$this->dosRules->_networkStore = $this->owner->network;
$this->pbfRules->_networkStore = $this->owner->network;
}

$storeType = array(
'addressStore', 'serviceStore', 'tagStore', 'scheduleStore', 'appStore',

'securityProfileGroupStore',

'URLProfileStore', 'AntiVirusProfileStore', 'FileBlockingProfileStore', 'DataFilteringProfileStore',
'VulnerabilityProfileStore', 'AntiSpywareProfileStore', 'WildfireProfileStore',
'DecryptionProfileStore', 'HipObjectsProfileStore'

);

foreach( $storeType as $type )
{
if( get_class($this->owner) === "SharedGatewayStore" )
$this->$type->parentCentralStore = $this->owner->owner->$type;
else
$this->$type->parentCentralStore = $this->owner->$type;
}

}


Expand Down Expand Up @@ -355,16 +400,21 @@ public function load_from_domxml($xml)
{
$networkRoot = DH::findFirstElementOrCreate('network', $importroot);
$tmp = DH::findFirstElementOrCreate('interface', $networkRoot);
$this->importedInterfaces->load_from_domxml($tmp);
if( $this->importedInterfaces !== null )
$this->importedInterfaces->load_from_domxml($tmp);

$tmp = DH::findFirstElement('virtual-router', $networkRoot);
if( $tmp !== FALSE )
$this->importedVirtualRouter->load_from_domxml($tmp);
{
if( $this->importedVirtualRouter !== null )
$this->importedVirtualRouter->load_from_domxml($tmp);
}

}

//

if( $this->owner->owner === null )
if( $this->owner->owner === null || get_class($this->owner) == "SharedGatewayStore" )
{

//
Expand All @@ -383,7 +433,7 @@ public function load_from_domxml($xml)
// Extract region objects
//
$tmp = DH::findFirstElement('region', $xml);
if( $tmp !== false )
if( $tmp !== FALSE )
$this->addressStore->load_regions_from_domxml($tmp);
//print "VSYS '".$this->name."' address objectsloaded\n" ;
// End of address objects extraction
Expand Down Expand Up @@ -423,8 +473,10 @@ public function load_from_domxml($xml)
// //
$tmp = DH::findFirstElement('service-group', $xml);
if( $tmp !== FALSE )
{
#print "VSYS '".$this->name."' service groups loaded\n" ;
$this->serviceStore->load_servicegroups_from_domxml($tmp);
//print "VSYS '".$this->name."' service groups loaded\n" ;
}
// End of <service-group> extraction

//
Expand Down Expand Up @@ -656,32 +708,36 @@ public function load_from_domxml($xml)
//
// add reference to address object, if interface IP-address is using this object
//
foreach( $this->importedInterfaces->interfaces() as $interface )
if( $this->importedInterfaces !== null)
{
if( $interface->isEthernetType() && $interface->type() == "layer3" )
$interfaces = $interface->getLayer3IPv4Addresses();
elseif( $interface->isVlanType() || $interface->isLoopbackType() || $interface->isTunnelType() )
$interfaces = $interface->getIPv4Addresses();
else
$interfaces = array();
foreach( $this->importedInterfaces->interfaces() as $interface )
{
if( $interface->isEthernetType() && $interface->type() == "layer3" )
$interfaces = $interface->getLayer3IPv4Addresses();
elseif( $interface->isVlanType() || $interface->isLoopbackType() || $interface->isTunnelType() )
$interfaces = $interface->getIPv4Addresses();
else
$interfaces = array();


foreach( $interfaces as $layer3IPv4Address )
{
if( substr_count($layer3IPv4Address, '.') != 3 )
foreach( $interfaces as $layer3IPv4Address )
{
$object = $this->addressStore->find($layer3IPv4Address);
if( is_object($object) )
$object->addReference($interface);
else
if( substr_count($layer3IPv4Address, '.') != 3 )
{
//Todo: fix needed too many warnings - if address object is coming from other address store
#mwarning("interface configured objectname: " . $layer3IPv4Address . " not found.\n", $interface);
}
$object = $this->addressStore->find($layer3IPv4Address);
if( is_object($object) )
$object->addReference($interface);
else
{
//Todo: fix needed too many warnings - if address object is coming from other address store
#mwarning("interface configured objectname: " . $layer3IPv4Address . " not found.\n", $interface);
}

}
}
}
}

//Todo: addressobject reference missing for: IKE gateway / GP Portal / GP Gateway (where GP is not implemented at all)


Expand All @@ -698,7 +754,7 @@ public function load_from_domxml($xml)
if( $this->rulebaseroot === FALSE )
$this->rulebaseroot = null;

if( $this->owner->owner === null && $this->rulebaseroot !== null )
if( ($this->owner->owner === null || get_class($this->owner) == "SharedGatewayStore") && $this->rulebaseroot !== null )
{
//
// Security Rules extraction
Expand Down
2 changes: 1 addition & 1 deletion lib/misc-classes/PH.php
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ function __construct($argv, $argc)

private static $library_version_major = 2;
private static $library_version_sub = 1;
private static $library_version_bugfix = 16;
private static $library_version_bugfix = 17;

//BASIC AUTH PAN-OS 7.1
public static $softwareupdate_key = "658d787f293e631196dac9fb29490f1cc1bb3827";
Expand Down
Loading

0 comments on commit 512ca29

Please sign in to comment.