From 96367f0c2e6653bfa04fb5be585609e6bbf44b8c Mon Sep 17 00:00:00 2001 From: UBiqube-ydu Date: Thu, 22 Jan 2026 10:21:28 +0100 Subject: [PATCH] OPSLAB-245: New Stormshield device adapter --- adapters/stormshield/adaptor.php | 41 +- adapters/stormshield/apply_conf.php | 35 + adapters/stormshield/apply_errors.php | 13 - adapters/stormshield/common.php | 19 - adapters/stormshield/conf/sms_router.conf | 6 +- adapters/stormshield/connect.php | 262 ++++ adapters/stormshield/connect_cli.php | 70 + adapters/stormshield/do_backup_conf.php | 2 +- .../stormshield/do_check_serial_number.php | 39 - adapters/stormshield/do_cmd_exec_script.php | 66 - .../stormshield/do_cmd_get_vpn_status.php | 165 --- adapters/stormshield/do_cmd_rproxy_conf.php | 18 - adapters/stormshield/do_cmd_vpn_slot.php | 99 -- adapters/stormshield/do_exec_script.php | 82 -- .../stormshield/do_get_activity_report.php | 82 -- adapters/stormshield/do_get_archive_conf.php | 65 +- adapters/stormshield/do_get_config.php | 77 - adapters/stormshield/do_get_report.php | 92 -- adapters/stormshield/do_get_running_conf.php | 42 - adapters/stormshield/do_get_sd_conf.php | 73 +- adapters/stormshield/do_ha_swap.php | 61 - adapters/stormshield/do_provisioning.php | 1 - adapters/stormshield/do_resolve_template.php | 31 - adapters/stormshield/do_restore_conf.php | 5 +- adapters/stormshield/do_smsexec.php | 19 - adapters/stormshield/do_stagingmap.php | 33 - adapters/stormshield/do_unarchive_conf.php | 22 - adapters/stormshield/do_update_conf.php | 62 - adapters/stormshield/do_update_firmware.php | 75 - adapters/stormshield/do_update_license.php | 65 - adapters/stormshield/netasq_apply_conf.php | 120 -- adapters/stormshield/netasq_command.php | 149 -- adapters/stormshield/netasq_configuration.php | 1293 ----------------- adapters/stormshield/netasq_connect.php | 73 - adapters/stormshield/netasq_unarchive.php | 64 - adapters/stormshield/nsrpc.php | 262 +--- adapters/stormshield/pattern/staging.tpl | 19 - adapters/stormshield/pattern/staging_end.tpl | 1 - .../stormshield/pattern/staging_ha_master.tpl | 13 - .../stormshield/pattern/staging_ha_slave.tpl | 9 - .../stormshield/polld/netasq_availability.php | 33 - .../{netasq_mgmt.php => stormshield_mgmt.php} | 149 +- adapters/stormshield/prov_init_conf.php | 20 - adapters/stormshield/prov_init_conn.php | 9 +- adapters/stormshield/prov_register_ip.php | 13 - adapters/stormshield/prov_save_conf.php | 11 - adapters/stormshield/provisioning_stages.php | 3 - adapters/stormshield/smarty_functions.php | 96 -- adapters/stormshield/stormshield_command.php | 18 + 49 files changed, 609 insertions(+), 3468 deletions(-) create mode 100644 adapters/stormshield/apply_conf.php delete mode 100644 adapters/stormshield/apply_errors.php delete mode 100644 adapters/stormshield/common.php create mode 100644 adapters/stormshield/connect.php create mode 100644 adapters/stormshield/connect_cli.php delete mode 100644 adapters/stormshield/do_check_serial_number.php delete mode 100644 adapters/stormshield/do_cmd_exec_script.php delete mode 100644 adapters/stormshield/do_cmd_get_vpn_status.php delete mode 100644 adapters/stormshield/do_cmd_rproxy_conf.php delete mode 100644 adapters/stormshield/do_cmd_vpn_slot.php delete mode 100644 adapters/stormshield/do_exec_script.php delete mode 100644 adapters/stormshield/do_get_activity_report.php delete mode 100644 adapters/stormshield/do_get_config.php delete mode 100644 adapters/stormshield/do_get_report.php delete mode 100644 adapters/stormshield/do_get_running_conf.php delete mode 100644 adapters/stormshield/do_ha_swap.php delete mode 100644 adapters/stormshield/do_resolve_template.php delete mode 100644 adapters/stormshield/do_smsexec.php delete mode 100644 adapters/stormshield/do_stagingmap.php delete mode 100644 adapters/stormshield/do_unarchive_conf.php delete mode 100644 adapters/stormshield/do_update_conf.php delete mode 100644 adapters/stormshield/do_update_firmware.php delete mode 100644 adapters/stormshield/do_update_license.php delete mode 100644 adapters/stormshield/netasq_apply_conf.php delete mode 100644 adapters/stormshield/netasq_command.php delete mode 100644 adapters/stormshield/netasq_configuration.php delete mode 100644 adapters/stormshield/netasq_connect.php delete mode 100644 adapters/stormshield/netasq_unarchive.php delete mode 100644 adapters/stormshield/pattern/staging.tpl delete mode 100644 adapters/stormshield/pattern/staging_end.tpl delete mode 100644 adapters/stormshield/pattern/staging_ha_master.tpl delete mode 100644 adapters/stormshield/pattern/staging_ha_slave.tpl delete mode 100644 adapters/stormshield/polld/netasq_availability.php rename adapters/stormshield/polld/{netasq_mgmt.php => stormshield_mgmt.php} (57%) delete mode 100644 adapters/stormshield/prov_init_conf.php delete mode 100644 adapters/stormshield/prov_register_ip.php delete mode 100644 adapters/stormshield/prov_save_conf.php delete mode 100644 adapters/stormshield/smarty_functions.php create mode 100644 adapters/stormshield/stormshield_command.php diff --git a/adapters/stormshield/adaptor.php b/adapters/stormshield/adaptor.php index a75361ce..a48d2cad 100644 --- a/adapters/stormshield/adaptor.php +++ b/adapters/stormshield/adaptor.php @@ -5,8 +5,8 @@ require_once 'smserror/sms_error.php'; require_once 'smsd/sms_common.php'; -require_once load_once('stormshield', 'netasq_connect.php'); -require_once load_once('stormshield', 'netasq_apply_conf.php'); +require_once load_once('stormshield', 'connect.php'); +require_once load_once('stormshield', 'apply_conf.php'); require_once "$db_objects"; @@ -19,7 +19,7 @@ */ function sd_connect($ip_addr = '', $login = '', $passwd = '') { - $ret = netasq_connect($ip_addr, $login, $passwd); + $ret = connect($ip_addr, $login, $passwd); return $ret; } @@ -30,7 +30,7 @@ function sd_connect($ip_addr = '', $login = '', $passwd = '') */ function sd_disconnect($clean_exit = false) { - $ret = netasq_disconnect(); + $ret = disconnect(); return $ret; } @@ -47,7 +47,7 @@ function sd_apply_conf($configuration, $need_sd_connection = false) sd_connect(); } - $ret = netasq_apply_conf($configuration); + $ret = apply_conf($configuration); if ($need_sd_connection) { @@ -57,32 +57,29 @@ function sd_apply_conf($configuration, $need_sd_connection = false) return $ret; } + /** * Execute a command on a device * @param $cmd * @param $need_sd_connection */ -function sd_execute_command($cmd, $need_sd_connection = false) -{ - global $sms_sd_ctx; +function sd_execute_command($cmd, $need_sd_connection = false) { + global $sms_sd_ctx; - if ($need_sd_connection) - { - $ret = sd_connect(); - if ($ret !== SMS_OK) - { - return false; - } - } + if ($need_sd_connection) { + $ret = sd_connect (); + if ($ret !== SMS_OK) { + return false; + } + } - $ret = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd); + $ret = sendexpectone ( __FILE__ . ':' . __LINE__, $sms_sd_ctx, $cmd ); - if ($need_sd_connection) - { - sd_disconnect(true); - } + if ($need_sd_connection) { + sd_disconnect ( true ); + } - return $ret; + return $ret; } ?> \ No newline at end of file diff --git a/adapters/stormshield/apply_conf.php b/adapters/stormshield/apply_conf.php new file mode 100644 index 00000000..86a571f4 --- /dev/null +++ b/adapters/stormshield/apply_conf.php @@ -0,0 +1,35 @@ + \ No newline at end of file diff --git a/adapters/stormshield/apply_errors.php b/adapters/stormshield/apply_errors.php deleted file mode 100644 index 9f8a0fda..00000000 --- a/adapters/stormshield/apply_errors.php +++ /dev/null @@ -1,13 +0,0 @@ - \ No newline at end of file diff --git a/adapters/stormshield/common.php b/adapters/stormshield/common.php deleted file mode 100644 index 20ddca7c..00000000 --- a/adapters/stormshield/common.php +++ /dev/null @@ -1,19 +0,0 @@ - \ No newline at end of file diff --git a/adapters/stormshield/conf/sms_router.conf b/adapters/stormshield/conf/sms_router.conf index 737d4919..ed7d79c4 100644 --- a/adapters/stormshield/conf/sms_router.conf +++ b/adapters/stormshield/conf/sms_router.conf @@ -1,6 +1,6 @@ # Stormshield Generic model 16010401:16010401 path stormshield -asset-script-name netasq_mgmt.php -poll-script-name netasq_availability.php -report-model Netasq +asset-script-name stormshield_mgmt.php +report-model Stormshield +config-type CONF_BIN \ No newline at end of file diff --git a/adapters/stormshield/connect.php b/adapters/stormshield/connect.php new file mode 100644 index 00000000..4209676f --- /dev/null +++ b/adapters/stormshield/connect.php @@ -0,0 +1,262 @@ +SD; + + $this->sd_ip_config = empty($ip) ? $sd->SD_IP_CONFIG : $ip; + $this->sd_login_entry = empty($login) ? $sd->SD_LOGIN_ENTRY : $login; + $this->uid = rawurlencode(base64_encode($this->sd_login_entry)); + $this->sd_passwd_entry = empty($passwd) ? $sd->SD_PASSWD_ENTRY : $passwd; + $this->pswd = rawurlencode(base64_encode($this->sd_passwd_entry)); + $this->auth_url = 'auth/admin.html'; + $this->login_url = 'api/auth/login'; + $this->cmd_url = 'api/commands'; + $this->auth_header = 'User-Agent: opslab'; + $this->http_header_list = [$this->auth_header]; + $this->json_path = new \JsonPath\JsonPath(); + $this->conn_timeout = 10; + $this->response = null; + $this->cookie = null; + $this->session_id = null; + } + + public function do_connect() { + + // Get cookie + unset($this->cookie); + $rawdata = "app=sslclient&uid={$this->uid}&pswd={$this->pswd}&totp="; + $cmd = "POST#{$this->auth_url}#{$rawdata}"; + $this->sendexpectone(__FILE__ . ':' . __LINE__, $cmd); + + $this->http_header_list[] = "Cookie: {$this->cookie}"; + + // Get session id + unset($this->session_id); + $cmd = "POST#{$this->login_url}#{$rawdata}"; + $this->sendexpectone(__FILE__ . ':' . __LINE__, $cmd); + $this->session_id = (string)$this->response->sessionid; + } + + public function sendexpectone($origin, $cmd, $prompt = 'lire dans sdctx', $delay = EXPECT_DELAY, $display_error = true) { + global $sendexpect_result; + $this->send($origin, $cmd); + + if (($prompt !== 'lire dans sdctx') && !empty($prompt)) { + $tab[0] = $prompt; + } else { + $tab = array(); + } + + $this->expect($origin, $tab); + + return $sendexpect_result; + } + + + public function expect($origin, $tab, $delay = EXPECT_DELAY, $display_error = true, $global_result_name = 'sendexpect_result') { + global $$global_result_name; + + if (isset($this->response)) { + $index = 0; + if (empty($tab)) { + $$global_result_name = $this->response; + return $index; + } + foreach ($tab as $path) { + $result = $this->json_path->find($this->response, $path); + if (($result !== false) && !empty($result)) { + $$global_result_name = $result; + return $index; + } + $index++; + } + throw new SmsException("cmd failed, $tab[0] not found", ERR_LOCAL_NOT_FOUND, $origin); + } else { + $$global_result_name = json_decode('{}', true); + } + } + + public function do_store_prompt() { + } + + public function send($origin, $rest_cmd) { + $this->response = null; + echo "send(): rest_cmd = $rest_cmd\n"; + $cmd_list = preg_split('@#@', $rest_cmd, 0, PREG_SPLIT_NO_EMPTY); + debug_dump($cmd_list, "CMD_LIST\n"); + + $http_op = $cmd_list[0]; + $rest_path = ''; + if (count($cmd_list) > 1) { + $rest_path = $cmd_list[1]; + } + + $url = "https://{$this->sd_ip_config}/{$rest_path}"; + + $headers = ''; + foreach ($this->http_header_list as $header) { + $H = trim($header); + $headers .= " -H '{$H}'"; + } + + // for debug + $curl_cmd = "curl -X {$http_op} {$headers} --connect-timeout {$this->conn_timeout} --max-time {$this->conn_timeout} -k '{$url}'"; + + if (count($cmd_list) > 2) { + if (isset($this->session_id)) { + $payload = $cmd_list[2]; + if (strpos($rest_path, 'commands') !== false) { + // Multiline payload + $cmds = explode("\n", $payload); + $i = 1; + $rest_payload = ''; + foreach($cmds as $cmd) { + $cmd_encoded = rawurlencode(trim($cmd)); + if ($i > 1) { + $rest_payload .= "&cmd$i=$cmd_encoded"; + } else { + $rest_payload .= "cmd$i=$cmd_encoded"; + } + $i++; + } + } else { + // One line payload + $cmd = rawurlencode($payload); + $rest_payload = "cmd=$cmd"; + } + $rest_payload .= "&sessionid={$this->session_id}"; + } else { + // Keep payload as it is + $rest_payload = $cmd_list[2]; + } + } else { + $rest_payload = ''; + } + + $curl_cmd .= " --data-raw '{$rest_payload}'"; + + debug_dump($curl_cmd, "HTTP REQUEST:\n"); + $this->execute_curl_command($origin, $http_op, $url, $rest_payload, $curl_cmd); + debug_dump($this->response, "HTTP RESPONSE:\n"); + } + + private function execute_curl_command($origin, $http_op, $url, $rest_payload, $curl_cmd) { + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_HEADER, true); + switch ($http_op) { + case 'GET': + break; + case 'POST': + curl_setopt($ch, CURLOPT_POST, true); + break; + case 'PUT': + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT'); + break; + case 'DELETE': + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE'); + break; + } + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($ch, CURLOPT_USERAGENT, "MSA"); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->conn_timeout); + curl_setopt($ch, CURLOPT_TIMEOUT, $this->conn_timeout); + curl_setopt($ch, CURLOPT_HTTPHEADER, $this->http_header_list); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + + if (!empty($rest_payload)) { + curl_setopt($ch, CURLOPT_POSTFIELDS, $rest_payload); + } + + $ret = curl_exec($ch); + + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + $header_size = curl_getinfo($ch , CURLINFO_HEADER_SIZE); + $header = substr($ret, 0, $header_size); + $body = substr($ret, $header_size); + + curl_close($ch); + + if ($http_code < 200 || $http_code > 209) { + $cmd_quote = str_replace("\"", "'", $body); + $cmd_return = str_replace("\n", "", $cmd_quote); + throw new SmsException("Call to API {$curl_cmd} Failed, header = $header, $cmd_return error", ERR_SD_CMDFAILED, $origin); + } + + if (!isset($this->cookie)) { + $http_headers = http_parse_headers($header); + $this->cookie = $http_headers['Set-Cookie']; + } + + if (!empty($body)) { + $result = preg_replace('/xmlns="[^"]+"/', '', $body); + $this->response = new SimpleXMLElement($result); + } + else + { + if ($http_code != 204) { + throw new SmsException ("$origin: Repsonse to API {$curl_cmd} Failed, expected json received empty response, header $header", ERR_SD_CMDFAILED ); + } + } + } +} + + +function connect($sd_ip_addr = null, $login = null, $passwd = null, $port_to_use = null) { + global $sms_sd_ctx; + global $model_data; + + $specific_data = json_decode($model_data, true); + if (isset($specific_data['class'])) { + $class = $specific_data['class']; + } else { + $class = 'connect'; + } + $sms_sd_ctx = new $class($sd_ip_addr, $login, $passwd, $port_to_use); + try + { + $sms_sd_ctx->do_connect(); + } + catch (SmsException $e) + { + $sms_sd_ctx->disconnect(); + disconnect(); + throw new SmsException($e->getMessage(), $e->getCode()); + } + + return SMS_OK; +} + +function disconnect() { + global $sms_sd_ctx; + $sms_sd_ctx = null; + return SMS_OK; +} + +?> diff --git a/adapters/stormshield/connect_cli.php b/adapters/stormshield/connect_cli.php new file mode 100644 index 00000000..5d72ce15 --- /dev/null +++ b/adapters/stormshield/connect_cli.php @@ -0,0 +1,70 @@ +sd_management_port} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NumberOfPasswordPrompts=1 '{$this->sd_login_entry}@{$this->sd_ip_config}'"); + } catch (SmsException $e) { + throw new SmsException($e->getMessage(), $e->getCode(), __FILE__ . ':' . __LINE__ ); + } + + unset($tab); + $tab[0] = 'assword:'; + + $index = $this->expect(__FILE__.':'.__LINE__, $tab); + $this->sendexpectone(__FILE__.':'.__LINE__, $this->sd_passwd_entry, '>'); + $this->prompt = 'SRPClient>'; + $this->sendexpectone(__FILE__.':'.__LINE__, 'cli', 'assword'); + $this->sendexpectone(__FILE__.':'.__LINE__, $this->sd_passwd_entry); + + echo "Secure connection established to {$this->sd_ip_config}\n"; + + $this->sendexpectone(__FILE__.':'.__LINE__, 'modify off'); + } + + public function do_disconnect() { + $this->sendexpectone(__FILE__.':'.__LINE__, "quit", '>'); + $this->sendCmd(__FILE__.':'.__LINE__, 'exit'); + parent::disconnect(); + } + +} + + +function connect($sd_ip_addr = '', $login = '', $passwd = '') +{ + global $sms_sd_ctx; + + $sms_sd_ctx = new connect_cli($sd_ip_addr, $login, $passwd); + + return SMS_OK; +} + +// Disconnect +function disconnect() +{ + global $sms_sd_ctx; + $sms_sd_ctx = null; + return SMS_OK; +} + +?> diff --git a/adapters/stormshield/do_backup_conf.php b/adapters/stormshield/do_backup_conf.php index 403db5a7..b01f0cc6 100644 --- a/adapters/stormshield/do_backup_conf.php +++ b/adapters/stormshield/do_backup_conf.php @@ -8,7 +8,7 @@ * $sdid * $sms_module module name (for patterns) * $sms_msg message - * $config_type type of configuration (CONF_FILE or CONF_TREE) + * $config_type type of configuration (CONF_FILE or CONF_BIN) */ // Verb JSABACKUPCONF diff --git a/adapters/stormshield/do_check_serial_number.php b/adapters/stormshield/do_check_serial_number.php deleted file mode 100644 index c3f1eaba..00000000 --- a/adapters/stormshield/do_check_serial_number.php +++ /dev/null @@ -1,39 +0,0 @@ -get_info(); - - $ret = $conf->check_serial_number(); - - netasq_disconnect(); -} -catch(Exception | Error $e) -{ - netasq_disconnect(); - return $e->getCode(); -} - -return $ret; -?> \ No newline at end of file diff --git a/adapters/stormshield/do_cmd_exec_script.php b/adapters/stormshield/do_cmd_exec_script.php deleted file mode 100644 index 54851d0e..00000000 --- a/adapters/stormshield/do_cmd_exec_script.php +++ /dev/null @@ -1,66 +0,0 @@ -exec_script($params, $return_buf); - - netasq_disconnect(); -} -catch (Exception | Error $e) -{ - netasq_disconnect(); - sms_set_update_status($sms_csp, $sdid, ERR_SD_CMDTMOUT, $status_type, 'FAILED', ''); - sms_sd_unlock($sms_csp, $sms_sd_info); - sms_send_user_error($sms_csp, $sdid, "", $e->getCode()); - sms_close_user_socket($sms_csp); - return $e->getCode(); -} - -sms_sd_unlock($sms_csp, $sms_sd_info); - -if ($ret !== SMS_OK) -{ - sms_set_update_status($sms_csp, $sdid, $ret, $status_type, 'FAILED', $return_buf); - sms_send_user_error($sms_csp, $sdid, $return_buf, $ret); - sms_close_user_socket($sms_csp); - return $ret; -} - -sms_set_update_status($sms_csp, $sdid, SMS_OK, $status_type, 'ENDED', ''); -sms_send_user_ok($sms_csp, $sdid, $return_buf); -sms_close_user_socket($sms_csp); - -return SMS_OK; - -?> \ No newline at end of file diff --git a/adapters/stormshield/do_cmd_get_vpn_status.php b/adapters/stormshield/do_cmd_get_vpn_status.php deleted file mode 100644 index 6bda68ae..00000000 --- a/adapters/stormshield/do_cmd_get_vpn_status.php +++ /dev/null @@ -1,165 +0,0 @@ -'); - if (is_error($spd_lines, $cmd) === true) - { - sms_log_error(__FILE__.':'.__LINE__ . ": Command [$cmd] has failed:\n$spd_lines\n"); - return ERR_SD_CMDFAILED; - } - - $cmd = 'MONITOR GETSA'; - $sa_lines = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd, 'SRPClient>'); - if (is_error($sa_lines, $cmd) === true) - { - sms_log_error(__FILE__.':'.__LINE__ . ": Command [$cmd] has failed:\n$sa_lines\n"); - return ERR_SD_CMDFAILED; - } - - $result_array = array(); - $spd_array = array(); - $sa_array = array(); - - $line = get_one_line($spd_lines); - while ($line !== false) - { - if ((strpos($line, 'code=') === false) && (strpos($line, 'SRPClient>') === false) && (strpos($line, $cmd) === false) && (strpos($line, '127.0.0.0') === false)) - { - $line = trim($line); - $spd = parse_vpn_line($line); - if (!empty($spd)) - { - $spd_array[$spd['reqid']] = $spd; - } - } - $line = get_one_line($spd_lines); - } - - $line = get_one_line($sa_lines); - while ($line !== false) - { - if ((strpos($line, 'code=') === false) && (strpos($line, 'SRPClient>') === false) && (strpos($line, $cmd) === false) && (strpos($line, 'state="mature"') !== false)) - { - $line = trim($line); - $sa = parse_vpn_line($line); - if (!empty($sa)) - { - $sa_array[$sa['reqid']] = $sa; - } - } - $line = get_one_line($sa_lines); - } - - build_ph1_ph2_from_cli($sdid, $ph1_array_cli, $ph2_array_cli, $spd_array, $sa_array); - - $result_array['monitor_spd'] = $ph1_array_cli; - $result_array['monitor_sa'] = $ph2_array_cli; - sms_send_user_ok($sms_csp, $sdid, json_encode($result_array)); - } - catch (SmsException $e) - { - throw $e; - } - return SMS_OK; - } - - function parse_vpn_line(&$line) - { - $records = array(); - - $pattern = "@(?[\w]+)=(?[A-Za-z0-9_()./:-]+)|(?[\w]+)=\"(?[^\"]+)\"@"; - if (preg_match_all($pattern, $line, $records_tmp) > 0) { - //it's mean that $line is a type of log - //the next step is to write value in an array - //in case ?[\w]+)=(?[A-Za-z0-9_:-]+) works, name is on $records_tmp[1][$i] and value $records_tmp[2][$i] - //whereas when (?[\w]+)=\"(?[^\"]+) works, name is on $records_tmp[3][$i] and value $records_tmp[4][$i] - for ($i = 0; $i < sizeof($records_tmp[0]); $i++) { - if (!empty ($records_tmp[1][$i])) { - $records[$records_tmp[1][$i]] = $records_tmp[2][$i]; - } else { - $records[$records_tmp[3][$i]] = $records_tmp[4][$i]; - } - } - } - - return $records; - } - - function build_ph1_ph2_from_cli(&$sdid, &$ph1_array, &$ph2_array, $spd_array, $sa_array) - { - $ph1_array = array(); - $ph2_array = array(); - - if (!empty($spd_array) && !empty($sa_array)) - { - foreach($sa_array as $reqid => $sa) - { - if (!empty($spd_array[$reqid])) - { - $spd = $spd_array[$reqid]; - if ($spd['dir'] === 'out') // get only output direction - { - $ph1 = array(); - $ph1['local_id'] = $sdid; - $ph1['peer_id'] = substr($spd['dstgwname'], 1, 6); - $ph1['local_tunnel_end_point'] = $spd['srcgw']; - $ph1['peer_tunnel_end_point'] = $spd['dstgw']; - - $ph1_key = "{$ph1['local_id']}-{$ph1['peer_id']}-{$ph1['local_tunnel_end_point']}-{$ph1['peer_tunnel_end_point']}"; - if (empty($ph1_array[$ph1_key])) - { - $ph1['status'] = 'OK'; - $ph1_array[$ph1_key] = $ph1; - } - - $ph2 = array(); - $ph2['peer_id'] = $ph1['peer_id']; - $ph2['local_trafic_end_point'] = "{$spd['src']}/{$spd['srcmask']}"; - $ph2['peer_trafic_end_point'] = "{$spd['dst']}/{$spd['dstmask']}"; - - $ph2_key = "{$ph2['peer_id']}-{$ph2['local_trafic_end_point']}-{$ph2['peer_trafic_end_point']}"; - if (empty($ph2_array[$ph2_key])) - { - $ph2['lifetime'] = $sa['lifetime']; - $ph2['bytes'] = $sa['bytes']; - $ph2['status'] = 'OK'; - $ph2_array[$ph2_key] = $ph2; - } - } - } - } - } - } - -?> diff --git a/adapters/stormshield/do_cmd_rproxy_conf.php b/adapters/stormshield/do_cmd_rproxy_conf.php deleted file mode 100644 index 20810e4b..00000000 --- a/adapters/stormshield/do_cmd_rproxy_conf.php +++ /dev/null @@ -1,18 +0,0 @@ - \ No newline at end of file diff --git a/adapters/stormshield/do_cmd_vpn_slot.php b/adapters/stormshield/do_cmd_vpn_slot.php deleted file mode 100644 index 66203ebe..00000000 --- a/adapters/stormshield/do_cmd_vpn_slot.php +++ /dev/null @@ -1,99 +0,0 @@ -'); - if (is_error($slot_lines, $cmd) === true) - { - sms_log_error(__FILE__.':'.__LINE__ . ": Command [$cmd] has failed:\n$slot_lines\n"); - return ERR_SD_CMDFAILED; - } - - $positions = array(); - $line = get_one_line($slot_lines); - - $i = 0; - // Get slot id matching with VPN service id - while ($line !== false) - { - if ((strpos($line, 'code=') === false) && (strpos($line, 'SRPClient>') === false) &&(strpos($line, $pos_vpn_id) !== false)) - { - $line = trim($line); - $sa = parse_vpn_line($line); - - $positions[$i] = $sa['position']; - $i++; - } - $line = get_one_line($slot_lines); - } - - // Revert tab to delete first slot with highest id for no reorder - $reversed_pos = array_reverse($positions); - if (!empty($reversed_pos)){ - sendexpectnobuffer(__FILE__ . ':' . __LINE__, $sms_sd_ctx, 'modify on force'); - foreach ($reversed_pos as $pos){ - $remove_cmd = 'config ipsec policy gateway remove slot=1 position='.$pos.' global=1'; - $remove_lines = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $remove_cmd, 'SRPClient>'); - if (is_error($sa_lines, $cmd) === true) - { - sms_log_error(__FILE__.':'.__LINE__ . ": Command [$cmd] has failed:\n$sa_lines\n"); - return ERR_SD_CMDFAILED; - } - } - sendexpectnobuffer(__FILE__ . ':' . __LINE__, $sms_sd_ctx, 'config ipsec activate'); - sendexpectnobuffer(__FILE__ . ':' . __LINE__, $sms_sd_ctx, 'modify off'); - } - }catch (SmsException $e) - { - throw $e; - } - return SMS_OK; - } - - function parse_vpn_line(&$line) - { - $records = array(); - //position=1 state="on" local="Global_LANVPN" remote="Global_SNCM125VPN36_ResauProduction" peer="Global_SNCM125VPN36" conf="VPN36" - $pattern = "@(?[\w]+)=(?[A-Za-z0-9_()./:-]+)*@"; - if (preg_match_all($pattern, $line, $records_tmp) > 0) { - for ($i = 0; $i < sizeof($records_tmp[0]); $i++) { - $records[$records_tmp[1][$i]] = $records_tmp[2][$i]; - } - } - - return $records; - } - -?> diff --git a/adapters/stormshield/do_exec_script.php b/adapters/stormshield/do_exec_script.php deleted file mode 100644 index 4464dcaa..00000000 --- a/adapters/stormshield/do_exec_script.php +++ /dev/null @@ -1,82 +0,0 @@ -exec_script($exec_script_name, $return_buf); - - netasq_disconnect(); -} -catch (Exception | Error $e) -{ - netasq_disconnect(); - sms_set_update_status($sms_csp, $sdid, ERR_SD_CMDTMOUT, $status_type, 'FAILED', ''); - sms_sd_unlock($sms_csp, $sms_sd_info); - if ($synchronous) - { - sms_send_user_error($sms_csp, $sdid, "", $e->getCode()); - sms_close_user_socket($sms_csp); - } - return $e->getCode(); -} - -sms_sd_unlock($sms_csp, $sms_sd_info); - -if ($ret !== SMS_OK) -{ - sms_set_update_status($sms_csp, $sdid, $ret, $status_type, 'FAILED', $return_buf); - if ($synchronous) - { - sms_send_user_error($sms_csp, $sdid, $return_buf, $ret); - sms_close_user_socket($sms_csp); - } - return $ret; -} - -sms_set_update_status($sms_csp, $sdid, SMS_OK, $status_type, 'ENDED', ''); -if ($synchronous) -{ - sms_send_user_ok($sms_csp, $sdid, $return_buf); - sms_close_user_socket($sms_csp); -} - -return SMS_OK; - -?> \ No newline at end of file diff --git a/adapters/stormshield/do_get_activity_report.php b/adapters/stormshield/do_get_activity_report.php deleted file mode 100644 index cdf521c7..00000000 --- a/adapters/stormshield/do_get_activity_report.php +++ /dev/null @@ -1,82 +0,0 @@ - array("cmd" => "system information", "descr" => "system information", "expect" => "SRPClient>", "encoded" => true), -); - -try -{ - netasq_connect(); - - $conf = new netasq_configuration($sdid); - - $stage_count = count($report_stages); - $stage = 0; - $result_string = ''; - while ($stage < $stage_count) - { - $report_stage = $report_stages[$stage]; - $stage_msg = sms_user_message_add("", SMS_UMN_STAGE, $report_stage['descr']); - if ($report_stage["encoded"]) - { - $ret = $conf->send_expect_b64($report_stage["cmd"], $report_stage["expect"]); - } - else - { - $ret = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $report_stage["cmd"], $report_stage["expect"]); - if (!empty($ret)) - { - // trimming first and last lines - $pos = strpos($ret, "\n"); - if ($pos !== false) - { - $ret = substr($ret, $pos); - } - $pos = strrpos($ret, "\n"); - if ($pos !== false) - { - $ret = substr($ret, 0, $pos + 1); - } - } - } - $stage_msg = sms_user_message_add($stage_msg, SMS_UMN_RESULT, htmlentities($ret)); - - $result_string = sms_user_message_array_add($result_string, $stage_msg); - - $stage += 1; - } - - netasq_disconnect(); -} -catch(Exception | Error $e) -{ - netasq_disconnect(); - sms_send_user_error($sms_csp, $sdid, "", $e->getCode()); - return SMS_OK; -} - -$user_message = sms_user_message_add("", SMS_UMN_STATUS, SMS_UMV_OK); -$user_message = sms_user_message_add_array($user_message, SMS_UMN_RESULT, $result_string); -sms_send_user_message($sms_csp, $sdid, $user_message); - -return SMS_OK; -?> \ No newline at end of file diff --git a/adapters/stormshield/do_get_archive_conf.php b/adapters/stormshield/do_get_archive_conf.php index 4cb5b01d..58d5021e 100644 --- a/adapters/stormshield/do_get_archive_conf.php +++ b/adapters/stormshield/do_get_archive_conf.php @@ -7,24 +7,75 @@ * $sms_csp pointer to csp context to send response to user * $sdid * $sms_module module name (for patterns) - * $folder the folder where to decompress files + * $target_file the target file on MSA */ // Verb JSGETARCHIVECONF -require_once 'smserror/sms_error.php'; require_once 'smsd/sms_common.php'; -require_once load_once('stormshield', 'netasq_configuration.php'); +require_once load_once('stormshield', 'connect_cli.php'); +require_once load_once('stormshield', 'nsrpc.php'); echo "Retrieving backup archive\n"; -$conf = new netasq_configuration($sdid); +$thread_id = $_SERVER['THREAD_ID']; -$thread_id = $conf->thread_id; +// backup file on the ME +$local_backup = "/tmp/{$sdid}_{$thread_id}_conf.na"; -$ret = $conf->get_running_conf($folder); +$target_file = $folder; // TODO to be removed when msa-sms done -return $ret; +$date = date('c'); +$SMS_RETURN_BUF = "{$date}"; +global $sms_sd_ctx; + +// Generate the backup +connect(); +$ret = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "config backup list=\"all\" > $local_backup"); +if (is_error($ret)) +{ + $err = __FILE__ . ':' . __LINE__ . ": Error config backup list=\"all\" > $local_backup returns\n$ret"; + sms_log_error("$err\n"); + $SMS_OUTPUT_BUF = $err; + return ERR_SD_CMDFAILED; +} + +disconnect(); + +// At the stage the backup file is generated on the ME +// copy it on MSA + +if (file_exists($target_file)) +{ + unlink($target_file); +} + +$network = get_network_profile(); +$sd = &$network->SD; + +echo "/opt/sms/bin/sms_scp_transfer -r -s $local_backup -d $target_file -a $sd->SD_IP_CONFIG -l $sd->SD_LOGIN_ENTRY -p '$sd->SD_PASSWD_ENTRY' -P $sd->SD_MANAGEMENT_PORT\n"; + +$ret_scp = exec_local(__FILE__.':'.__LINE__, "/opt/sms/bin/sms_scp_transfer -r -s $local_backup -d $target_file -a $sd->SD_IP_CONFIG -l $sd->SD_LOGIN_ENTRY -p '$sd->SD_PASSWD_ENTRY' -P $sd->SD_MANAGEMENT_PORT", $output); + +// remove the backup on the ME +connect(); +sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "quit", '>'); +sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "rm $local_backup", '>'); +disconnect(); + +if (!file_exists($target_file)) +{ + $err = __FILE__ . ':' . __LINE__ . ": Impossible to copy backup from $local_backup to $target_file\n"; + sms_log_error("$err\n"); + $SMS_OUTPUT_BUF = $err; + return ERR_SD_CMDFAILED; +} + +$SMS_RETURN_BUF = "{$date}: Backup saved in {$target_file}"; + +return SMS_OK; + +?> ?> \ No newline at end of file diff --git a/adapters/stormshield/do_get_config.php b/adapters/stormshield/do_get_config.php deleted file mode 100644 index ccf71ebc..00000000 --- a/adapters/stormshield/do_get_config.php +++ /dev/null @@ -1,77 +0,0 @@ -init_get_config($ROOT); - -$ret = $conf->build_conf(false); -if ($ret !== SMS_OK) -{ - return $ret; -} - -$finfo = new finfo(FILEINFO_MIME_TYPE); - -$generated_configuration = "\n\n"; - -parse_dir($ROOT, 'get_conf_files'); - -$generated_configuration .= "\n\n"; - -sms_send_user_ok($sms_csp, $sdid, $generated_configuration); - -return SMS_OK; - -function get_conf_files($dir, $file, $local_path) -{ - global $generated_configuration; - global $finfo; - - if (is_dir("$dir/$file")) - { - parse_dir("$dir/$file", 'get_conf_files', "$local_path/$file"); - return; - } - - $file_name = "$dir/$file"; - - // filter binary file - $ftype = $finfo->file($file_name); - if (($ftype !== false) && (strpos($ftype, 'text') !== false)) - { - $conf_file = file_get_contents($file_name); - if ($conf_file === false) - { - sms_log_error(__FILE__ . ":" . __LINE__ . ": file_get_contents(\"$file_name\") failed\n"); - $conf_file = 'Error in reading file'; - } - } - else - { - $conf_file = "Binary file\n"; - } - - $generated_configuration .= "\n\n
\n"; - $generated_configuration .= $conf_file; - $generated_configuration .= "\n
\n"; -} -?> \ No newline at end of file diff --git a/adapters/stormshield/do_get_report.php b/adapters/stormshield/do_get_report.php deleted file mode 100644 index 23607c80..00000000 --- a/adapters/stormshield/do_get_report.php +++ /dev/null @@ -1,92 +0,0 @@ - VPN only - */ - -// Get VPN report of the device - -require_once 'smserror/sms_error.php'; -require_once 'smsd/sms_common.php'; -require_once load_once('stormshield', 'netasq_connect.php'); -require_once load_once('stormshield', 'nsrpc.php'); - -$report_stages = array( - 0 => array('cmd' => 'MONITOR GETSA', 'descr' => 'Ipsec SAD', 'expect' => 'SRPClient>', 'encoded' => false), - 1 => array('cmd' => 'MONITOR GETSPD', 'descr' => 'Ipsec SPD', 'expect' => 'SRPClient>', 'encoded' => false), -); - -$SMS_RETURN_BUF = ''; - -function format_output(&$output, $descr) -{ - // see WebContent/style/style.css in SES + custo - $SMS_RETURN_BUF .= <<$descr -
-
$output
-
- -EOF; -} - - -try -{ - netasq_connect(); - - $result_string = ''; - foreach ($report_stages as $report_stage) - { - $cmd = $report_stage['cmd']; - if ($report_stage['encoded']) - { - $result_string = $conf->send_expect_b64($cmd, $report_stage['expect']); - } - else - { - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd, $report_stage['expect']); - - if (empty($buffer)) - { - continue; - } - - if (is_error($buffer, $cmd) === true) - { - sms_log_error(__FILE__.':' . __LINE__ . ": Command [$cmd] has failed\n$buffer\n"); - continue; - } - - $line = get_one_line($buffer); - while ($line !== false) - { - if (strpos($line, 'code=') === false && strpos($line, 'SRPClient>') === false && strpos($line, $cmd) === false) - { - $line = trim($line); - $result_string .= "$line\n"; - } - $line = get_one_line($buffer); - } - } - - format_output($result_string, $report_stage['descr']); - } - - netasq_disconnect(); -} -catch (Exception | Error $e) -{ - netasq_disconnect(); - return $e->getCode(); -} - -return SMS_OK; - -?> \ No newline at end of file diff --git a/adapters/stormshield/do_get_running_conf.php b/adapters/stormshield/do_get_running_conf.php deleted file mode 100644 index a6413512..00000000 --- a/adapters/stormshield/do_get_running_conf.php +++ /dev/null @@ -1,42 +0,0 @@ -thread_id; - -// Define a path were write the conf: -$archive_conf_path = "/opt/sms/spool/routerconfigs/$sdid/conf.na"; - -$ret = $conf->get_running_conf($archive_conf_path); -if ($ret !== SMS_OK) -{ - sms_send_user_error($sms_csp, $sdid, "", ERR_SD_FAILED); - return 0; -} - -$user_message = sms_user_message_add("", SMS_UMN_STATUS, SMS_UMV_OK); -$date = date('c'); -$SMS_RETURN_BUF = "{$date}"; - -$user_message = sms_user_message_add_json($user_message, SMS_UMN_RESULT, $SMS_RETURN_BUF); -sms_send_user_message($sms_csp, $sdid, $user_message); - -return 0; -?> \ No newline at end of file diff --git a/adapters/stormshield/do_get_sd_conf.php b/adapters/stormshield/do_get_sd_conf.php index ad83c3d6..df83d22d 100644 --- a/adapters/stormshield/do_get_sd_conf.php +++ b/adapters/stormshield/do_get_sd_conf.php @@ -11,41 +11,76 @@ * $SMS_RETURN_BUF string buffer containing the result */ -// Get router configuration, not JSON response format +// Get router configuration, archive format require_once 'smsd/sms_common.php'; -require_once 'smsd/sms_user_message.php'; -require_once 'smserror/sms_error.php'; -require_once 'smsd/sms_common.php'; -require_once load_once('stormshield', 'netasq_configuration.php'); +require_once load_once('stormshield', 'connect_cli.php'); +require_once load_once('stormshield', 'nsrpc.php'); echo "Retrieving backup archive\n"; -$conf = new netasq_configuration($sdid); +$thread_id = $_SERVER['THREAD_ID']; + +// backup file on the ME +$local_backup = "/tmp/{$sdid}_{$thread_id}_conf.na"; -$thread_id = $conf->thread_id; +// temporary backup file on MSA +$temp_backup = "/opt/sms/spool/tmp/{$sdid}_{$thread_id}_conf.na"; -// Define a path were write the conf: -$archive_conf_path = "/opt/sms/spool/tmp/{$sdid}_{$thread_id}_conf.na"; +// target backup file on MSA +$target = "/opt/sms/spool/routerconfigs/{$sdid}/conf.na"; $date = date('c'); $SMS_RETURN_BUF = "{$date}"; -$ret = $conf->get_running_conf($archive_conf_path); -if ($ret !== SMS_OK) +global $sms_sd_ctx; + +// Generate the backup +connect(); +$ret = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "config backup list=\"all\" > $local_backup"); +if (is_error($ret)) { - if (file_exists($archive_conf_path)) - { - unlink($archive_conf_path); - } - return $ret; + $err = __FILE__ . ':' . __LINE__ . ": Error config backup list=\"all\" > $local_backup returns\n$ret"; + sms_log_error("$err\n"); + $SMS_OUTPUT_BUF = $err; + return ERR_SD_CMDFAILED; } -$target = "/opt/sms/spool/routerconfigs/{$sdid}/conf.na"; -rename($archive_conf_path, $target); +disconnect(); + +// At the stage the backup file is generated on the ME +// copy it on MSA + +if (file_exists($temp_backup)) +{ + unlink($temp_backup); +} + +$network = get_network_profile(); +$sd = &$network->SD; + +echo "/opt/sms/bin/sms_scp_transfer -r -s $local_backup -d $temp_backup -a $sd->SD_IP_CONFIG -l $sd->SD_LOGIN_ENTRY -p '$sd->SD_PASSWD_ENTRY' -P $sd->SD_MANAGEMENT_PORT\n"; + +$ret_scp = exec_local(__FILE__.':'.__LINE__, "/opt/sms/bin/sms_scp_transfer -r -s $local_backup -d $temp_backup -a $sd->SD_IP_CONFIG -l $sd->SD_LOGIN_ENTRY -p '$sd->SD_PASSWD_ENTRY' -P $sd->SD_MANAGEMENT_PORT", $output); + +// remove the backup on the ME +connect(); +sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "quit", '>'); +sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "rm $local_backup", '>'); +disconnect(); + +if (!file_exists($temp_backup)) +{ + $err = __FILE__ . ':' . __LINE__ . ": Impossible to copy backup from $local_backup to $temp_backup\n"; + sms_log_error("$err\n"); + $SMS_OUTPUT_BUF = $err; + return ERR_SD_CMDFAILED; +} + +rename($temp_backup, $target); -$SMS_RETURN_BUF = "{$date}: Configuration is in {$target}"; +$SMS_RETURN_BUF = "{$date}: Backup saved in {$target}"; return SMS_OK; ?> \ No newline at end of file diff --git a/adapters/stormshield/do_ha_swap.php b/adapters/stormshield/do_ha_swap.php deleted file mode 100644 index e7ae3867..00000000 --- a/adapters/stormshield/do_ha_swap.php +++ /dev/null @@ -1,61 +0,0 @@ -ha_swap(); - - netasq_disconnect(); -} -catch (Exception | Error $e) -{ - netasq_disconnect(); - sms_sd_unlock($sms_csp, $sms_sd_info); - sms_send_user_error($sms_csp, $sdid, '', $e->getCode()); - sms_close_user_socket($sms_csp); - return $e->getCode(); -} - -sms_sd_unlock($sms_csp, $sms_sd_info); - -if ($ret !== SMS_OK) -{ - sms_send_user_error($sms_csp, $sdid, '', $ret); - sms_close_user_socket($sms_csp); - return $ret; -} - -sms_send_user_ok($sms_csp, $sdid, ''); -sms_close_user_socket($sms_csp); - -return SMS_OK; -?> \ No newline at end of file diff --git a/adapters/stormshield/do_provisioning.php b/adapters/stormshield/do_provisioning.php index 12721f0a..c058e61a 100644 --- a/adapters/stormshield/do_provisioning.php +++ b/adapters/stormshield/do_provisioning.php @@ -19,7 +19,6 @@ require_once 'smsd/sms_common.php'; require_once load_once('stormshield', 'adaptor.php'); -require_once load_once('stormshield', 'netasq_configuration.php'); require_once load_once('stormshield', 'provisioning_stages.php'); diff --git a/adapters/stormshield/do_resolve_template.php b/adapters/stormshield/do_resolve_template.php deleted file mode 100644 index f440cc29..00000000 --- a/adapters/stormshield/do_resolve_template.php +++ /dev/null @@ -1,31 +0,0 @@ -get_cli_prefix(); -$add_vars['ABONNE'] = $conf->get_abo(); -$add_vars['DO_RESOLVE_TEMPLATE'] = true; - -$resolved_template = resolve_template($sdid, $template_path, $add_vars, $smarty_function); - -sms_send_user_ok($sms_csp, $sdid, "\"$resolved_template\""); - -return SMS_OK; - -?> diff --git a/adapters/stormshield/do_restore_conf.php b/adapters/stormshield/do_restore_conf.php index a25c608e..b3ca4dee 100644 --- a/adapters/stormshield/do_restore_conf.php +++ b/adapters/stormshield/do_restore_conf.php @@ -12,10 +12,11 @@ * * $revision_id SVN rev id for restore * $sms_msg message - * $config_type type of configuration (CONF_FILE or CONF_TREE) + * $config_type type of configuration (CONF_FILE or CONF_BIN) */ -// Enter Script description here +// Restore configuration from archive file +// TODO require_once 'smsd/sms_common.php'; diff --git a/adapters/stormshield/do_smsexec.php b/adapters/stormshield/do_smsexec.php deleted file mode 100644 index a75835fb..00000000 --- a/adapters/stormshield/do_smsexec.php +++ /dev/null @@ -1,19 +0,0 @@ - \ No newline at end of file diff --git a/adapters/stormshield/do_stagingmap.php b/adapters/stormshield/do_stagingmap.php deleted file mode 100644 index 5d348e08..00000000 --- a/adapters/stormshield/do_stagingmap.php +++ /dev/null @@ -1,33 +0,0 @@ -staging($json_msg['9']); -if ($ret !== SMS_OK) -{ - sms_send_user_error($sms_csp, $sdid, "", $ret); - return SMS_OK; -} - -$user_message = json_encode($json_msg); -sms_send_user_ok($sms_csp, $sdid, $user_message); - -return SMS_OK; -?> \ No newline at end of file diff --git a/adapters/stormshield/do_unarchive_conf.php b/adapters/stormshield/do_unarchive_conf.php deleted file mode 100644 index 8f5d2005..00000000 --- a/adapters/stormshield/do_unarchive_conf.php +++ /dev/null @@ -1,22 +0,0 @@ - diff --git a/adapters/stormshield/do_update_conf.php b/adapters/stormshield/do_update_conf.php deleted file mode 100644 index 2e7cef02..00000000 --- a/adapters/stormshield/do_update_conf.php +++ /dev/null @@ -1,62 +0,0 @@ -update_conf(); - if ($ret !== SMS_OK) - { - throw new SmsException($SMS_OUTPUT_BUF, $ret); - } - - netasq_disconnect(); - sms_set_update_status($sms_csp, $sdid, SMS_OK, $status_type, 'ENDED', ''); - sms_sd_unlock($sms_csp, $sms_sd_info); -} -catch (Exception | Error $e) -{ - netasq_disconnect(); - sms_set_update_status($sms_csp, $sdid, $e->getCode(), $status_type, 'FAILED', $e->getMessage()); - sms_sd_unlock($sms_csp, $sms_sd_info); -} - -return SMS_OK; - -?> \ No newline at end of file diff --git a/adapters/stormshield/do_update_firmware.php b/adapters/stormshield/do_update_firmware.php deleted file mode 100644 index 52525ae9..00000000 --- a/adapters/stormshield/do_update_firmware.php +++ /dev/null @@ -1,75 +0,0 @@ -update_firmware($do_backup); - - netasq_disconnect(); -} -catch (Exception | Error $e) -{ - netasq_disconnect(); - sms_set_update_status($sms_csp, $sdid, $e->getCode(), $status_type, 'FAILED', ''); - sms_sd_unlock($sms_csp, $sms_sd_info); - return $e->getCode(); -} - -sms_sd_unlock($sms_csp, $sms_sd_info); - -if ($ret !== SMS_OK) -{ - sms_set_update_status($sms_csp, $sdid, $ret, $status_type, 'FAILED', ''); -} -else -{ - sms_set_update_status($sms_csp, $sdid, SMS_OK, $status_type, 'ENDED', ''); -} - -return $ret; - -?> diff --git a/adapters/stormshield/do_update_license.php b/adapters/stormshield/do_update_license.php deleted file mode 100644 index 1e52bd8d..00000000 --- a/adapters/stormshield/do_update_license.php +++ /dev/null @@ -1,65 +0,0 @@ -update_license(); - - netasq_disconnect(); -} -catch (Exception | Error $e) -{ - netasq_disconnect(); - sms_set_update_status($sms_csp, $sdid, $e->getCode(), $status_type, 'FAILED', ''); - sms_sd_unlock($sms_csp, $sms_sd_info); - return $e->getCode(); -} - -sms_sd_unlock($sms_csp, $sms_sd_info); - -if ($ret !== SMS_OK) -{ - sms_set_update_status($sms_csp, $sdid, $ret, $status_type, 'FAILED', ''); -} -else -{ - sms_set_update_status($sms_csp, $sdid, SMS_OK, $status_type, 'ENDED', ''); -} - -return $ret; - -?> diff --git a/adapters/stormshield/netasq_apply_conf.php b/adapters/stormshield/netasq_apply_conf.php deleted file mode 100644 index a3fe41f0..00000000 --- a/adapters/stormshield/netasq_apply_conf.php +++ /dev/null @@ -1,120 +0,0 @@ -SD; - - $validate_passwd = sha1("UBIqube-$sdid"); // see netasq_configuration.php - - $configuration = trim($configuration); - if (empty($configuration)) - { - return SMS_OK; - } - - if ($SD->SD_HSRP_TYPE !== 0) - { - $configuration .= "\n#The following line is automatically added by the MSA for a cluster\nha sync\n"; - } - - $configuration .= "\n#The following lines are added by the MSA\nconfig status remove\nconfig status validate password=$validate_passwd"; - - $ret = save_result_file($configuration, "conf.applied"); - if ($ret !== SMS_OK) - { - return $ret; - } - - $SMS_OUTPUT_BUF = ''; - $ERROR_BUFFER = ''; - unset($hostname_set); - $hostname_set = 0; - unset($tab); - $tab[0] = $sms_sd_ctx->getPrompt(); - - sendexpectnobuffer(__FILE__ . ':' . __LINE__, $sms_sd_ctx, 'modify on force'); - - $ignore_error = false; - $buffer = $configuration; - $line = get_one_line($buffer); - while ($line !== false) - { - $line = trim($line); - if (empty($line)) - { - $line = get_one_line($buffer); - continue; - } - if (strpos($line, '#') !== 0) - { - $index = sendexpect(__FILE__ . ':' . __LINE__, $sms_sd_ctx, $line, $tab, DELAY); - $SMS_OUTPUT_BUF .= $sendexpect_result; - - if (!$ignore_error) - { - foreach ($apply_errors as $apply_error) - { - if (preg_match($apply_error, $sendexpect_result, $matches) > 0) - { - $ERROR_BUFFER .= "!\n"; - $ERROR_BUFFER .= $sendexpect_result; - $ERROR_BUFFER .= "\n"; - $SMS_OUTPUT_BUF = ''; - } - } - } - } - else if (strpos($line, '#IGNORE_ERROR_BEGIN') === 0) - { - $ignore_error = true; - } - else if (strpos($line, '#IGNORE_ERROR_END') === 0) - { - $ignore_error = false; - } - $line = get_one_line($buffer); - } - - sendexpectnobuffer(__FILE__ . ':' . __LINE__, $sms_sd_ctx, 'modify off'); - - if (!empty($ERROR_BUFFER)) - { - save_result_file($ERROR_BUFFER, "conf.error"); - $SMS_OUTPUT_BUF = $ERROR_BUFFER; - sms_log_error(__FILE__ . ':' . __LINE__ . ": [[!!! $SMS_OUTPUT_BUF !!!]]\n"); - return ERR_SD_CMDFAILED; - } - else - { - save_result_file($SMS_OUTPUT_BUF, "conf.error"); - $SMS_OUTPUT_BUF = ''; - } - - return SMS_OK; -} - -?> \ No newline at end of file diff --git a/adapters/stormshield/netasq_command.php b/adapters/stormshield/netasq_command.php deleted file mode 100644 index 972bd39e..00000000 --- a/adapters/stormshield/netasq_command.php +++ /dev/null @@ -1,149 +0,0 @@ -parsed_objects = array (); - } - - /* - * ##################################################################################### - * IMPORT - * ##################################################################################### - */ - - /** - * IMPORT configuration from router - * @param object $json_params JSON parameters of the command - * @param domElement $element XML DOM element of the definition of the command - */ - function eval_IMPORT() - { - global $sms_sd_ctx; - global $SMS_RETURN_BUF; - - $ret = sd_connect(); - if ($ret != SMS_OK) - { - return $ret; - } - - if (!empty($this->parser_list)) - { - $objects = array(); - // One operation groups several parsers - foreach ($this->parser_list as $operation => $parsers) - { - $sub_list = array(); - foreach ($parsers as $parser) - { - $op_eval = $parser->eval_operation(); - // Group parsers into evaluated operations - $sub_list["$op_eval"][] = $parser; - } - - foreach ($sub_list as $op_eval => $sub_parsers) - { - // Run evaluated operation - $running_conf = ''; - $op_list = preg_split('@##@', $op_eval, 0, PREG_SPLIT_NO_EMPTY); - foreach ($op_list as $op) - { - if (strpos($op, 'echo ') === 0) - { - $running_conf .= str_replace('echo ', '', $op); - } - else - { - $running_conf .= sendexpectone(__FILE__ . ':' . __LINE__, $sms_sd_ctx, $op); - } - } - // Apply concerned parsers - foreach ($sub_parsers as $parser) - { - $parser->parse($running_conf, $objects); - } - } - } - - $this->parsed_objects = array_replace_recursive($this->parsed_objects, $objects); - - debug_object_conf($this->parsed_objects); - $SMS_RETURN_BUF = object_to_json($this->parsed_objects); - } - - sd_disconnect(); - - return SMS_OK; - } - - /* - * ##################################################################################### - * CREATE - * ##################################################################################### - */ - - /** - * Apply created object to device and if OK add object to the database. - */ - function apply_device_CREATE($params) - { - debug_dump($this->configuration, "CONFIGURATION TO SEND TO THE DEVICE"); - - $ret = sd_apply_conf($this->configuration, true); - - return $ret; - } - - /* - * ##################################################################################### - * UPDATE - * ##################################################################################### - */ - - /** - * Apply updated object to device and if OK add object to the database. - */ - function apply_device_UPDATE($params) - { - debug_dump($this->configuration, "CONFIGURATION TO SEND TO THE DEVICE"); - - $ret = sd_apply_conf($this->configuration, true); - - return $ret; - } - - /* - * ##################################################################################### - * DELETE - * ##################################################################################### - */ - - /** - * Apply deleted object to device and if OK add object to the database. - */ - function apply_device_DELETE($params) - { - debug_dump($this->configuration, "CONFIGURATION TO SEND TO THE DEVICE"); - - $ret = sd_apply_conf($this->configuration, true); - - return $ret; - } -} - -?> diff --git a/adapters/stormshield/netasq_configuration.php b/adapters/stormshield/netasq_configuration.php deleted file mode 100644 index bd0ef255..00000000 --- a/adapters/stormshield/netasq_configuration.php +++ /dev/null @@ -1,1293 +0,0 @@ -conf_path = $_SERVER['GENERATED_CONF_BASE']; - $this->sdid = $sdid; - // Network profile - $net_conf = get_network_profile(); - $this->sd = & $net_conf->SD; - $this->pflid = $this->sd->SD_CONFIGURATION_PFLID; - $this->cli_prefix = $this->sd->SD_CLI_PREFIX; - if ($this->sd->SD_HSRP_TYPE !== 0) - { - $this->partner_sd = & $net_conf->partner_SD; - $this->partner_sdid = $this->partner_sd->SDID; - } - else - { - $this->partner_sd = null; - $this->partner_sdid = ""; - } - $this->abonne = $this->sd->SD_ABONNE; - $this->conf_error = ''; - $this->conf_applied_tree = ''; - $this->scripts = array (); - $this->license = array (); - $this->firmware = array(); - $this->fmc_repo = $_SERVER['FMC_REPOSITORY']; - $this->fmc_ent = $_SERVER['FMC_ENTITIES2FILES']; - $this->ncm_ip_addr = $_SERVER['SMS_ADDRESS_IP']; - $this->validate_passwd = sha1("UBIqube-$sdid"); - $this->event_rules_present = false; - $this->thread_id = $_SERVER['THREAD_ID']; - } - - function __destruct() - { - rmdir_recursive("/opt/sms/spool/tmp/cert_{$this->thread_id}"); - } - - function get_cli_prefix() - { - return $this->cli_prefix; - } - - function get_abo() - { - return $this->abonne; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Generate the Netasq configuration tree - * @param $pflid ID of the configuration profile - * @param $folder folder where to put files - */ - function generate($pflid) - { - global $resolve_template_error; - $prefix_path = '/usr/Firewall/ConfigFiles'; - - $sdid = $this->sdid; - $folder = $this->spool_folder; - - echo "Entering in function generate( -$sdid-, -$pflid-, -$folder- )\n"; - - $map_conf = array (); - - $ret = get_map_from_xml("$this->fmc_ent/$pflid.xml", $map_conf, $this->conf_error, 'Configuration'); - if ($ret !== SMS_OK) - { - return $ret; - } - - $ret = get_map_from_xml("$this->fmc_ent/$sdid.xml", $map_conf, $this->conf_error, 'Configuration'); - if ($ret !== SMS_OK) - { - return $ret; - } - - $finfo = new finfo(FILEINFO_MIME_TYPE); - - foreach ($map_conf as $mvalue) - { - $start = strpos($mvalue, $prefix_path); - if ($start === false) - { - continue; - } - - $file_path = substr($mvalue, $start); - $copy_from = "$this->fmc_repo/$mvalue"; - $copy_to = "$folder$file_path"; - echo "copying from $copy_from to $copy_to\n"; - - // Create dir path - $dir_path = dirname($copy_to); - if ($dir_path !== '.') - { - mkdir_recursive($dir_path, 0755); - } - - // only text file type have to be resolved by smarty - $ftype = $finfo->file($copy_from); - if (($ftype === false) || (strpos($ftype, 'text') === false)) - { - $config = file_get_contents($copy_from); - } - else - { - $config = resolve_template($sdid, $copy_from); - - if (!empty($resolve_template_error)) - { - if (strpos($resolve_template_error, 'Trying to get property of non-object') !== false) - { - // At least one undefined variable in a template, stop the generation - return ERR_CONFIG_VAR_UNDEFINED; - } - } - } - - $ret = file_put_contents($copy_to, $config); - if ($ret === false) - { - sms_log_error(__FILE__.':'.__LINE__.": file_put_contents(\"$copy_to\", \"$data\") failed\n"); - return ERR_LOCAL_FILE; - } - - if (($this->event_rules_present === false) && (strpos($mvalue, "Event/rules") !== false)) - { - $this->event_rules_present = true; - } - } - - $this->conf_applied_tree = $folder; - - // Read associated scripts - $ret = get_map_from_xml("{$this->fmc_ent}/$sdid.xml", $this->scripts, $this->conf_error, 'Script'); - if ($ret !== SMS_OK) - { - return $ret; - } - - return SMS_OK; - } - - /** - * Create a netasq na archive ($na_archive) with files contained in $folder - * tgz must have absolute path, i.e /usr/... - * @param $folder source directory containing file to archive - * @param $na_archive destination .na file (containing files) - */ - function create_na_archive($folder, $na_archive, $na_archive_file_name) - { - - if (!file_exists("$folder/usr")) - { - // empty config, nothing to do - return SMS_OK; - } - - $tgz = "$na_archive.tgz"; - $tgz_file_name = "$na_archive_file_name.tgz"; - - echo "Create tar file ($tgz)\n"; - // Prepare chroot environement - $lib = 'lib64'; - $libraries = '/lib64/libselinux.so.1 /lib64/libacl.so.1 /lib64/librt.so.1 /lib64/libc.so.6 /lib64/libdl.so.2 /lib64/ld-linux-x86-64.so.2 /lib64/libattr.so.1 /lib64/libpthread.so.0 /lib64/libm.so.6'; - - $ret = exec_local(__FILE__ . ':' . __LINE__, "mkdir $folder/bin $folder/$lib 2>&1 && cp /bin/tar /bin/gzip /bin/chmod /bin/chown /usr/bin/find $folder/bin 2>&1 && cp $libraries $folder/$lib 2>&1", $output); - if ($ret !== SMS_OK) - { - exec_local(__FILE__ . ':' . __LINE__, "rm -rf $folder/bin $folder/$lib 2>&1", $output); - return $ret; - } - exec_local(__FILE__ . ':' . __LINE__, "sudo /usr/sbin/chroot $folder /bin/find /usr -type f -exec chmod 644 {} \; 2>&1", $output); - exec_local(__FILE__ . ':' . __LINE__, "sudo /usr/sbin/chroot $folder /bin/find /usr -type d -exec chmod 755 {} \; 2>&1", $output); - $ret = exec_local(__FILE__ . ':' . __LINE__, "sudo /usr/sbin/chroot $folder /bin/tar czPf /$tgz_file_name /usr 2>&1", $output); - exec_local(__FILE__ . ':' . __LINE__, "rm -rf $folder/bin $folder/$lib 2>&1", $output); - if ($ret !== SMS_OK) - { - $ret2 = exec_local(__FILE__ . ':' . __LINE__, "cd $folder 2>&1 && ls $tgz > /dev/null 2>&1 ; echo $?", $output); - - if (isset($output[0]) && $output[0] !== '0') - { - return ERR_CONFIG_EMPTY; - } - return $ret; - } - - echo "Create the .na file ($na_archive)\n"; - $ret = exec_local(__FILE__ . ':' . __LINE__, "cd /opt/sms/bin/netasq 2>&1 && ./encbackup -i $tgz -o $na_archive -t all -v $this->version -m $this->model -s $this->serial_number -r netasq.ca -e encbackup.cert -k encbackup.key 2>&1", $output); - $ret2 = exec_local(__FILE__ . ':' . __LINE__, "rm -f $tgz 2>&1", $output); - if ($ret !== SMS_OK) - { - return $ret; - } - - if ($ret2 !== SMS_OK) - { - return $ret2; - } - - return SMS_OK; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Save current configuration to file - */ - function save_generated() - { - - $filepath = "$this->conf_path/$this->sdid"; - mkdir_recursive($filepath, 0755); - - $filename = "$filepath/conf.error"; - $handle = fopen($filename, "w"); - if ($handle === false) - { - sms_log_error(__FILE__ . ':' . __LINE__ . ": fopen(\"$filename\") failed\n"); - return ERR_LOCAL_FILE; - } - - foreach ($this->conf_error as $line) - { - $ret = fputs($handle, "$line\n"); - if ($ret === false) - { - sms_log_error(__FILE__ . ':' . __LINE__ . ": fputs(\"$filename\", \"$line\") failed\n"); - fclose($handle); - unlink($filename); - return ERR_LOCAL_FILE; - } - } - - fclose($handle); - - $ret = exec_local(__FILE__ . ':' . __LINE__, "rm -f $this->conf_path/$this->sdid/tree.applied.tosave && ln -s $this->conf_applied_tree $this->conf_path/$this->sdid/tree.applied.tosave 2>&1", $output); - if ($ret !== SMS_OK) - { - return $ret; - } - - return SMS_OK; - } - - /** - * Decode data (b64) sent by a device in response to a command - * @param $array_lines - */ - function decode_data_from_device($array_lines) - { - $conf = ''; - - $data_started = false; - - foreach ($array_lines as $i => $value) - { - $value = trim($value); - - //echo "Line read: $value\n"; - - if ($value === 'Saving to:') - { - $data_started = true; - } - else - { - if ($data_started === true) - { - $pos_code = strpos($value, 'code='); - if ($pos_code !== false) - break; - //$conf .= "------------------------------\n"; - $conf .= base64_decode($value); - //$conf .= "\n------------------------------\n"; - } - } - } - - return $conf; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Send a command, get the response in base64 from the router and decode - */ - function send_expect_b64($cmd, $prompt) - { - global $sms_sd_ctx; - - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd, $prompt); - - $array_lines = array (); - $line = get_one_line($buffer); - while ($line !== false) - { - //$array_lines[] = $line; - array_push($array_lines, $line); - $line = get_one_line($buffer); - } - - $buffer = $this->decode_data_from_device($array_lines); - return $buffer; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Get running configuration from the router - */ - function get_running_conf($archive_file) - { - echo "Entering get_running_conf($archive_file)\n"; - - $n = new nsrpc($this->sd); - - echo "nsrpc created\n"; - - $n->add_action("modify on force"); - $n->add_action("config backup list=\"all\" > $archive_file"); - $n->add_action("modify off"); - - $ret = $n->execute_pool($this->conf_error); - - $n->clean_pool(); - - return $ret; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Get some part of configuration from the router - */ - function get_info() - { - global $sms_sd_ctx; - - $buffer = sendexpectone(__FILE__ . ':' . __LINE__, $sms_sd_ctx, 'system property', 'SRPClient>'); - - while (($line = get_one_line($buffer)) !== false) - { - if (preg_match('@^Version="(.*)"@', $line, $result) > 0) - { - $this->version = trim($result[1]); - } - else if (preg_match('@^Model="(.*)"@', $line, $result) > 0) - { - $this->model = trim($result[1]); - } - else if (preg_match('@^SerialNumber="(.*)"@', $line, $result) > 0) - { - $this->serial_number = trim($result[1]); - } - } - - return SMS_OK; - } - - /** - * Apply the configuration file passed in parameter into the router. - * @param $configuration filepath of the .na configuration file. - */ - function apply_conf($configuration, $prov) - { - - echo "Entering apply_conf(" . $configuration . ")\n"; - - $n = new nsrpc($this->sd); - - $n->add_action("modify on force"); - - $n->add_action("config restore list=\"all\" refresh=1 < $configuration"); - - $n->add_action("config status remove"); - $n->add_action("config status validate password=$this->validate_passwd"); - - if ($prov) - { - // reboot if provisionning - $n->add_action("system reboot"); - } - else - { - $n->add_action("config network activate"); - $n->add_action("modify off"); - } - - $ret = $n->execute_pool($this->conf_error); - - $n->clean_pool(); - - return $ret; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Recuperation d'informations generales sur l'equipement (model, version, numero de serie) - * Récupération des fichiers issus du profil et du device (configuration et scripts) - * Création d’une archive - * Deploiement sur l’équipement (restore) - * Sauvegarde sous SVN de la conf appliquee et des erreurs - * Exécution des scripts - */ - function update_conf($prov = false) - { - - if ($this->sd->SD_HSRP_TYPE === 2) - { - // Nothing to do if it is a slave - return SMS_OK; - } - - $ret = $this->init_conf($prov); - if ($ret !== SMS_OK) - { - return $ret; - } - - netasq_disconnect(); - - $ret = $this->build_conf($prov); - if ($ret !== SMS_OK) - { - if (!empty($this->log_msg)) - { - set_log($this->log_level, $this->log_ref, $this->log_msg); - } - return $ret; - } - - $na_archive = "{$this->spool_folder}/{$this->sdid}.na"; - $ret = $this->create_na_archive($this->spool_folder, $na_archive, "{$this->sdid}.na"); - if ($ret !== SMS_OK) - { - return $ret; - } - - netasq_connect(); - - // check HA state - $isInactiveHA = $this->isInactiveHA(); - - // pre apply script - $ret = $this->apply_script('PRE_CONFIG'); - if ($ret !== SMS_OK) - { - exec_local(__FILE__ . ':' . __LINE__, "rm -f $na_archive 2>&1", $output); - return $ret; - } - - // right now, the connection is no longer usefull, disconnect to avoid problem if the device close the connection when applying the conf - netasq_disconnect(); - - $ret = $this->apply_conf($na_archive, $prov); - if ($ret !== SMS_OK) - { - exec_local(__FILE__ . ':' . __LINE__, "rm -f $na_archive 2>&1", $output); - return $ret; - } - - $ret = exec_local(__FILE__ . ':' . __LINE__, "rm -f $na_archive 2>&1", $output); - if ($ret !== SMS_OK) - { - return $ret; - } - - $ret = $this->save_generated(); - if ($ret !== SMS_OK) - { - return $ret; - } - - // wait the device become up after applying the conf - $ret = $this->wait_until_device_is_up(); - if ($ret !== SMS_OK) - { - return $ret; - } - - if ($this->sd->SD_HSRP_TYPE !== 0) - { - echo "Update configuration for HA detected\n"; - - // HA configuration, should sync the conf - if ($isInactiveHA !== $this->isInactiveHA()) - { - // HA firewalls have swapped - echo "HA firewalls have swapped after conf update, swap back\n"; - $ret = $this->ha_wait_peer(); - if ($ret !== SMS_OK) - { - return $ret; - } - $ret = $this->ha_swap(); - if ($ret !== SMS_OK) - { - return $ret; - } - if ($isInactiveHA !== $this->isInactiveHA()) - { - return ERR_SD_HA_SWAP; - } - } - } - - // post apply script - $ret = $this->apply_script('POST_CONFIG'); - if ($ret !== SMS_OK) - { - return $ret; - } - - if ($this->sd->SD_HSRP_TYPE !== 0) - { - echo "Synchronize the configuration on the passive node\n"; - $this->ha_sync(); - } - - return $ret; - } - - /** - * Apply the license file passed in parameter into the router. - * @param $license filepath of the license file. - */ - function apply_license($license, $dummy) - { - echo "Entering apply_license($license)\n"; - - $n = new nsrpc($this->sd); - - $n->add_action("modify on force"); - if ($this->sd->SD_HSRP_TYPE === 0) - { - $cmd = "system licence upload < $license"; - } - else - { - $cmd = "system licence upload fwserial={$this->sd->SD_SERIAL_NUMBER} < $license"; - } - $n->add_action($cmd); - $n->add_action("modify off"); - $ret = $n->execute_pool($this->conf_error); - $n->clean_pool(); - - if ($ret !== SMS_OK) - { - return $ret; - } - $nsrpc_output = implode('', $this->conf_error); - $reboot = is_reboot_needed($nsrpc_output, $cmd, 2); - if ($reboot === true) - { - $n->add_action("modify on force"); - if ($this->sd->SD_HSRP_TYPE === 0) - { - $n->add_action("system reboot"); - } - else - { - $n->add_action("ha reboot serial={$this->sd->SD_SERIAL_NUMBER}"); - } - $n->add_action("modify off"); - $ret = $n->execute_pool($this->conf_error); - $n->clean_pool(); - } - return $ret; - } - - /** - * Apply the firmware file passed in parameter into the router. - * @param $firmware filepath of the firmware file. - */ - function apply_firmware($firmware, $do_backup) - { - echo "Entering apply_firmware($firmware)\n"; - - $n = new nsrpc($this->sd); - - $n->add_action("modify on force"); - if ($do_backup) - { - if ($this->sd->SD_HSRP_TYPE === 0) - { - $n->add_action("system clone type=dump"); - } - else - { - $n->add_action("system clone type=dump fwserial={$this->sd->SD_SERIAL_NUMBER}"); - } - } - if ($this->sd->SD_HSRP_TYPE === 0) - { - $n->add_action("system update upload < $firmware"); - $n->add_action("system update activate"); - } - else - { - $n->add_action("system update upload fwserial={$this->sd->SD_SERIAL_NUMBER} < $firmware"); - $n->add_action("system update activate fwserial={$this->sd->SD_SERIAL_NUMBER}"); - } - $n->add_action("modify off"); - - $ret = $n->execute_pool($this->conf_error); - - $n->clean_pool(); - - return $ret; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Mise a jour de l’équipement - * Attente du reboot de l'equipement - */ - function update_device(& $map, $map_name, $map_key, $func, $param) - { - $ret = get_map_from_xml("{$this->fmc_ent}/{$this->sdid}.xml", $map, $this->conf_error, $map_name); - if ($ret !== SMS_OK) - { - return $ret; - } - - // get file - $file = $map[$map_key]; - if (empty ($file)) - { - return SMS_OK; - } - $file_path = "{$this->fmc_repo}/{$file}"; - $ret = $this-> $func ($file_path, $param); - if ($ret !== SMS_OK) - { - return $ret; - } - - // wait the device become up after reboot - return $this->wait_until_device_is_up(60, 30); - } - - // ------------------------------------------------------------------------------------------------ - /** - * Mise a jour de la licence de l’équipement - * Attente du reboot de l'equipement - */ - function update_license() - { - $this->get_info(); - - // right now, the connection is no longer usefull - netasq_disconnect(); - - $ret = $this->update_device($this->license, 'License', 'License', 'apply_license', null); - - return $ret; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Mise a jour du firmware de l’équipement - * Attente du reboot de l'equipement - */ - function update_firmware($do_backup) - { - $this->get_info(); - - if ($do_backup && (!$this->isBackupPartitionSupported())) - { - return ERR_SD_NO_BACKUP_PARTITION; - } - - // right now, the connection is no longer usefull - netasq_disconnect(); - - $ret = $this->update_device($this->firmware, 'Firmware', 'Firmware', 'apply_firmware', $do_backup); - - return $ret; - } - - // ------------------------------------------------------------------------------------------------ - /** - * - */ - function apply_script($key) - { - global $sms_sd_ctx; - global $smarty_function; - - // get script - if (empty ($this->scripts[$key])) - { - return SMS_OK; - } - $script = $this->scripts[$key]; - - // Additional variable for data files: - $add_vars["CLI_PREFIX"] = "{$this->cli_prefix}"; - $add_vars["ABONNE"] = "{$this->abonne}"; - - // resolve script with configuration variables - $script_path = "{$this->fmc_repo}/{$script}"; - echo "apply script $script_path\n"; - $resolved_template = resolve_template($this->sdid, $script_path, $add_vars, $smarty_function); - if (empty ($resolved_template)) - { - return ERR_LOCAL_PATTERN_NOT_FOUND; - } - - // Save script to svn - save_result_file($resolved_template, "$key.applied"); - - // Go in write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify on force', 'SRPClient>'); - - // Apply script to the router - $line = get_one_line($resolved_template); - $ret_buffer = ""; - $ret = SMS_OK; - while ($line !== false) - { - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $line, 'SRPClient>'); - $ret_buffer .= "\n$buffer"; - if (is_error($buffer, $line) === true) - { - sms_log_error(__FILE__ . ':' . __LINE__ . ": Command [$line] has failed in script $script_path:\n$buffer\n"); - $ret = ERR_SD_CMDFAILED; - break; - } - $line = get_one_line($resolved_template); - } - save_result_file($ret_buffer, "$key.error"); - - // Leave write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify off', 'SRPClient>'); - - return $ret; - } - - // ------------------------------------------------------------------------------------------------ - /** - * - */ - function exec_script($script, & $return_buf) - { - global $sms_sd_ctx; - global $smarty_function; - - $this->get_info(); - - $return_buf = ''; - - // Additional variable for data files: - $add_vars["CLI_PREFIX"] = "{$this->cli_prefix}"; - $add_vars["ABONNE"] = "{$this->abonne}"; - - // resolve script with configuration variables - $script_path = "{$this->fmc_repo}/{$script}"; - echo "execute script $script_path\n"; - $resolved_template = resolve_template($this->sdid, $script_path, $add_vars, $smarty_function); - if (empty ($resolved_template)) - { - return ERR_LOCAL_PATTERN_NOT_FOUND; - } - - // Go in write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify on force', 'SRPClient>'); - - // Apply script to the router - $line = get_one_line($resolved_template); - $ret = SMS_OK; - while ($line !== false) - { - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $line, 'SRPClient>', 180000); - $return_buf .= "\n$buffer"; - if (is_error($buffer, $line) === true) - { - sms_log_error(__FILE__ . ':' . __LINE__ . ": Command [$line] has failed in script $script_path:\n$buffer\n"); - $ret = ERR_SD_CMDFAILED; - break; - } - $line = get_one_line($resolved_template); - } - - // Leave write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify off', 'SRPClient>'); - - // TODO write execution result in database - - return $ret; - } - - // ------------------------------------------------------------------------------------------------ - /** - * - */ - function provisioning() - { - return $this->update_conf(true); - } - - // ------------------------------------------------------------------------------------------------ - /** - * - */ - function staging(& $staging_cli) - { - $staging_param['ncm_ip_addr'] = $this->ncm_ip_addr; - $staging_param['validate_passwd'] = $this->validate_passwd; - if ($this->sd->SD_HSRP_TYPE !== 0) - { - if ($this->sd->SD_HSRP_TYPE === 1) - { - $ha_password = "UBIqube-HA-$this->sdid-$this->partner_sdid"; - } - else - { - $ha_password = "UBIqube-HA-$this->partner_sdid-$this->sdid"; - } - $staging_param['ha_password'] = sha1($ha_password); - } - - $staging_cli = PATTERNIZETEMPLATE('staging.tpl', $staging_param); - if ($this->sd->SD_HSRP_TYPE !== 0) - { - if ($this->sd->SD_HSRP_TYPE === 1) - { - $staging_cli .= PATTERNIZETEMPLATE('staging_ha_master.tpl', $staging_param); - } - else if ($this->sd->SD_HSRP_TYPE === 2) - { - - $staging_cli .= PATTERNIZETEMPLATE('staging_ha_slave.tpl', $staging_param); - } - } - else - { - $staging_cli .= PATTERNIZETEMPLATE('staging_end.tpl', $staging_param); - } - - return SMS_OK; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Initialise some variables for generating the configuration - */ - function init_conf($prov = false) - { - $this->get_info(); - - if (!$prov) - { - $ret = $this->check_serial_number(); - if ($ret !== SMS_OK) - { - if (!empty($this->log_msg)) - { - set_log($this->log_level, $this->log_ref, $this->log_msg); - } - return $ret; - } - } - - $this->spool_folder = "/opt/sms/spool/fmc/{$this->sdid}"; // pas de '/' a la fin - if (!is_dir($this->spool_folder)) - { - $ret = exec_local(__FILE__ . ':' . __LINE__, "mkdir -p $this->spool_folder 2>&1", $output); - if ($ret !== SMS_OK) - { - return $ret; - } - } - else - { - // Clean up the directory - $ret = exec_local(__FILE__ . ':' . __LINE__, "rm -rf $this->spool_folder/* 2>&1", $output); - if ($ret !== SMS_OK) - { - return $ret; - } - } - - return SMS_OK; - } - - // ------------------------------------------------------------------------------------------------ - /** - * Generate configuration files from database - */ - function build_conf($prov) - { - // Get file based configuration - $pflid = "{$this->cli_prefix}PR{$this->pflid}"; - $ret = $this->generate($pflid); - if ($ret !== SMS_OK) - { - return $ret; - } - - return $this->build_post_conf($prov); - } - - // ------------------------------------------------------------------------------------------------ - /** - * Generate post configuration files - */ - function build_post_conf($prov) - { - // For provisioning, add empty file Event/rules if not present - if ($prov && !$this->event_rules_present) - { - $folder = $this->spool_folder; - create_file("$folder/usr/Firewall/ConfigFiles/Event/rules", ''); - } - - return SMS_OK; - } - - /** - * Check if the SD is an inactive HA site - */ - function isInactiveHA($mustConnect = false) - { - global $sms_sd_ctx; - - if ($this->sd->SD_HSRP_TYPE === 0) - { - echo "SD NOT HA\n"; - return false; - } - - if ($mustConnect === true) - { - $ret = netasq_connect(); - if ($ret !== SMS_OK) - { - return false; - } - } - - // Compare serial number - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'system property', 'SRPClient>'); - $buffer = strstr($buffer, 'SerialNumber='); - if ($buffer !== false) - { - if (preg_match('@^SerialNumber="(.*)"@', $buffer, $result) > 0) - { - $serial = trim($result[1]); - echo "SD serial [{$this->sd->SD_SERIAL_NUMBER}] Read serial [$serial]\n"; - if ($this->sd->SD_SERIAL_NUMBER !== $serial) - { - if ($mustConnect === true) - { - netasq_disconnect(); - } - return true; - } - } - } - if ($mustConnect === true) - { - netasq_disconnect(); - } - return false; - } - - /** - * Swap HA mode (active <-> passive) - */ - function ha_swap() - { - global $sms_sd_ctx; - - $this->get_info(); - - // Go in write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify on force', 'SRPClient>'); - - $cmd = 'ha setmode mode=passive'; - - try - { - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd, 'SRPClient>', 5000); - } - catch (Exception | Error $e) - { - if ($e->getCode() === ERR_SD_CONN_CLOSED_BY_PEER || $e->getCode() === ERR_SD_CMDTMOUT) - { - // Normal case, HA SWAP OK, the device close the connection - $ret = $this->wait_until_device_is_up(); - if ($ret !== SMS_OK) - { - return $ret; - } - - // Go in write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify on force', 'SRPClient>'); - - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'ha setmode mode=normal serial=passive', 'SRPClient>'); - return SMS_OK; - } - else - { - throw new SmsException($e->getMessage(), $e->getCode()); - } - } - - if (is_error($buffer, $cmd) === true) - { - // $cmd returns an error, HA SWAP failed - sms_log_error(__FILE__.':'.__LINE__ . ": Command [$cmd] has failed:\n$buffer\n"); - - return ERR_SD_CMDFAILED; - } - - // $cmd is OK, close the connection and reconnect - $ret = $this->wait_until_device_is_up(); - if ($ret !== SMS_OK) - { - return $ret; - } - - // Go in write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify on force', 'SRPClient>'); - - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'ha setmode mode=normal serial=passive', 'SRPClient>'); - - return SMS_OK; - } - - function ha_wait_peer() - { - global $sms_sd_ctx; - - sleep(10); - - $cmd = 'ha info serial=passive'; - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd, 'SRPClient>'); - $count = 30; - while ($count > 0) - { - if ((strpos($buffer, '200 ') !== false) || ((strpos($buffer, 'State=Ready') === false) && (strpos($buffer, 'State=Running') === false ) && (strpos($buffer, 'Reply=1') === false))) - { - sleep(5); - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd, 'SRPClient>'); - $count--; - } - else - { - break; - } - } - - if ($count === 0) - { - return ERR_SD_CMDTMOUT; - } - - return SMS_OK; - } - - /** - * Synchronize HA configurations - */ - function ha_sync() - { - global $sms_sd_ctx; - - if ($this->sd->SD_HSRP_TYPE === 0) - { - return ERR_SD_CMDFAILED; - } - - // Go in write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify on force', 'SRPClient>'); - - $ret = sendexpectnobuffer(__FILE__.':'.__LINE__, $sms_sd_ctx, 'ha sync', 'SRPClient>'); - - // Leave write mode - sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'modify off', 'SRPClient>'); - - return $ret; - } - - - // ------------------------------------------------------------------------------------------------ - /** - * Check the serial number read from the router against the one in DB - * Note : during the provisioning $this->sd->SD_SERIAL_NUMBER can be empty but this is not an error - */ - function check_serial_number() - { - if (empty($this->serial_number) || - (($this->sd->SD_HSRP_TYPE === 0) && (!empty($this->sd->SD_SERIAL_NUMBER)) && ($this->serial_number !== $this->sd->SD_SERIAL_NUMBER)) || - (($this->sd->SD_HSRP_TYPE !== 0) && (!empty($this->sd->SD_SERIAL_NUMBER)) && ($this->serial_number !== $this->sd->SD_SERIAL_NUMBER) && (!empty($this->partner_sd->SD_SERIAL_NUMBER)) && ($this->serial_number !== $this->partner_sd->SD_SERIAL_NUMBER))) - { - $this->log_level = '1'; // generate an alarm - $this->log_ref = 'SERIALNUMBER'; - $this->log_msg = "Bad serial number, [{$this->serial_number}] instead of [{$this->sd->SD_SERIAL_NUMBER}]"; - return ERR_SD_BAD_SERIAL_NUMBER; - } - - return SMS_OK; - } - - /* - * For do_get_config - */ - function init_get_config($folder) - { - $this->spool_folder = $folder; - if (!is_dir($this->spool_folder)) - { - $ret = exec_local(__FILE__ . ':' . __LINE__, "mkdir -p $this->spool_folder 2>&1", $output); - if ($ret !== SMS_OK) - { - return $ret; - } - } - else - { - // Clean up the directory - $ret = exec_local(__FILE__ . ':' . __LINE__, "rm -rf $this->spool_folder/* 2>&1", $output); - if ($ret !== SMS_OK) - { - return $ret; - } - } - - return SMS_OK; - } - - /* - * Check on the device the backup partition - * Must be connected - */ - function isBackupPartitionSupported() - { - global $sms_sd_ctx; - - $cmd = 'system clone'; - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, $cmd, 'SRPClient>'); - - if (is_error($buffer, $cmd) === true) - { - sms_log_error(__FILE__.':'.__LINE__ . ": Command [$cmd] has failed:\n$buffer\n"); - return false; - } - - return true; - } - - function restore_from_old_revision($revision_id) - { - $ret = $this->init_conf(); - if ($ret !== SMS_OK) - { - netasq_disconnect(); - return $ret; - } - - netasq_disconnect(); - - echo("restore_from_old_revision revision_id: $revision_id\n"); - $restore_conf_file = "{$this->spool_folder}/{$this->sdid}_r{$revision_id}.na"; - - $get_saved_conf_cmd = "/opt/sms/script/get_saved_conf --getfile {$this->sdid} na {$restore_conf_file} r{$revision_id}"; - - $ret = exec_local(__FILE__ . ':' . __LINE__, $get_saved_conf_cmd, $output); - if ($ret !== SMS_OK) - { - echo("no running conf found\n"); - unlink($restore_conf_file); - return $ret; - } - - if (!file_exists($restore_conf_file)) - { - echo("no running conf found\n"); - return ERR_CONFIG_EMPTY; - } - - $this->apply_conf($restore_conf_file, false); - - unlink($restore_conf_file); - - if ($this->sd->SD_HSRP_TYPE !== 0) - { - netasq_connect(); - echo "Synchronize the configuration on the passive node\n"; - $this->ha_sync(); - netasq_disconnect(); - } - - return SMS_OK; - } - - function wait_until_device_is_up($nb_loop = 60, $initial_sec_to_wait = 30) - { - // wait the device become up after reboot - $done = $nb_loop; - sleep($initial_sec_to_wait); // Wait for the shutdown to be effective - do - { - echo "waiting for the device, $done\n"; - sleep(5); - try - { - netasq_connect($this->sd->SD_IP_CONFIG); - break; - } - catch (Exception | Error $e) - { - $done--; - } - } while ($done > 0); - - if ($done === 0) - { - sms_log_error(__FILE__ . ':' . __LINE__ . ": The device stay DOWN\n"); - return ERR_SD_CMDTMOUT; - } - - return SMS_OK; - } - -} - -/** - * @} - */ -?> \ No newline at end of file diff --git a/adapters/stormshield/netasq_connect.php b/adapters/stormshield/netasq_connect.php deleted file mode 100644 index 59ea0135..00000000 --- a/adapters/stormshield/netasq_connect.php +++ /dev/null @@ -1,73 +0,0 @@ -sd_conf_isipv6) && $this->sd_conf_isipv6 ){ - //IPv6 we should add '-6' and add '[' and ']' arround the IPv6 - parent::connect("cd /opt/sms/bin/netasq && ./nsrpc -6 '{$this->sd_login_entry}:{$this->sd_passwd_entry}@[".$this->sd_ip_config."]'"); - - }else{ - //IPv4 - parent::connect("cd /opt/sms/bin/netasq && ./nsrpc '{$this->sd_login_entry}:{$this->sd_passwd_entry}@{$this->sd_ip_config}'"); - } - - unset($tab); - $tab[0] = 'SRPClient>'; - - $index = $this->expect(__FILE__.':'.__LINE__, $tab); - if ($index === 0) { - echo "Secure connection established to {$this->sd_ip_config}\n"; - } - - $this->prompt = 'SRPClient>'; - - $this->sendexpectone(__FILE__.':'.__LINE__, 'modify off', 'SRPClient>'); - } - - public function do_disconnect() { - parent::disconnect(); - } -} - -// Connect -// return false if error, true if ok -function netasq_connect($sd_ip_addr = '', $login = '', $passwd = '') -{ - global $sms_sd_ctx; - - $sms_sd_ctx = new netasqConnection($sd_ip_addr, $login, $passwd); - - return SMS_OK; -} - -// Disconnect -// return false if error, true if ok -function netasq_disconnect() -{ - global $sms_sd_ctx; - $sms_sd_ctx = null; - return SMS_OK; -} - -?> diff --git a/adapters/stormshield/netasq_unarchive.php b/adapters/stormshield/netasq_unarchive.php deleted file mode 100644 index 05e3ccc7..00000000 --- a/adapters/stormshield/netasq_unarchive.php +++ /dev/null @@ -1,64 +0,0 @@ - diff --git a/adapters/stormshield/nsrpc.php b/adapters/stormshield/nsrpc.php index 54400aff..c74aeb87 100644 --- a/adapters/stormshield/nsrpc.php +++ b/adapters/stormshield/nsrpc.php @@ -8,231 +8,99 @@ /* * Return code - Success - 100 command successful - 101 command successful, download follow - 102 command successful, upload follow - 103 command successful, you will be disconnected - 104 command successful, but reboot needed - Warning - 110 command successful, but warning - 111 command successful, but multiple warnings - Error - 200 command error - 201 return error message on many lines - 203 authentication failed - 203 client is idle, disconnecting - 204 maximum number of authentication user reached for that level - 205 not enough privilege - 206 licence restriction -*/ - -// code retour considere comme ok -$ok_return_code = array ( - "100" => true, - "103" => true, - "104" => true, - "110" => true, - "111" => true, -); - -// code retour intermediaire, pas vraiment un code retour, mais pas une erreur -$not_a_return_code = array ( - "101" => true, - "102" => true, -); - -// command exception must not be considered as an error, a workaround of not wanted behavior of the device (bug ?) -$cmd_exception = array ( - "ha reboot serial=passive" => "code=01700100", -); - -define("RC_LEN", 3); - - + Success (>= 100, < 110) + 100 command successful + 101 command successful, data follow + 102 command successful, waiting for data + 103 command successful, disconnecting + 104 command successful, reboot needed + Warning (>= 110, < 200) + 110 command successful, warning + 111 command successful, multiple warnings + Error (>= 200) + 200 command error + 201 return error message on many lines + 203 authentication failed + 203 client is idle, disconnecting + 204 maximum number of authentication user reached for that level + 205 not enough privilege + 206 licence restriction + */ -/** nsrpc tool wrapper */ -class nsrpc +function get_return_codes(&$nsrpc_output) { - // Liste ordonnée ... - private $actions_list; - private $sd; - private $thread_id; - - function __construct(&$sd) - { - $this->actions_list = array(); - $this->sd = &$sd; - $this->thread_id = $_SERVER['THREAD_ID']; - } + define("RC_LEN", 3); - function clean_pool() - { - unset($this->actions_list); - } - - function add_action($action) - { - $this->actions_list[] = $action; - echo "action [" . $action . "] added.\n"; - } + $rc_list = array(); - function execute_pool(&$output) + $pos = 0; + do { - global $ok_return_code; - global $not_a_return_code; - - echo "Entering execute_pool()\n"; - - // Create a backup script file - $nsrpc_script_file = "/opt/sms/spool/tmp/nsrpc_script_{$this->thread_id}"; - - echo "nsrpc script: " . $nsrpc_script_file . "\n"; - - if (is_file($nsrpc_script_file)) - { - // Remove any previous file - unlink($nsrpc_script_file); - - // Assert no file of the name exist - if (is_file($nsrpc_script_file)) - { - $err_msg = "Can't delete the file {$nsrpc_script_file}"; - sms_log_error(__FILE__.':'.__LINE__.": {$err_msg}\n"); - return ERR_LOCAL_FILE; - } - } - - // Create the file - $handle = fopen($nsrpc_script_file, "w"); - - foreach ($this->actions_list as $action) - { - echo "Action [" . $action . "]\n"; - $ret = fputs($handle, "$action\n"); - if ($ret === false) - { - $err_msg = "Writing [$action] in file [$nsrpc_script_file] has failed!"; - sms_log_error(__FILE__.':'.__LINE__.": {$err_msg}\n"); - fclose($handle); - unlink($nsrpc_script_file); - return ERR_LOCAL_FILE; - } - } - fclose($handle); - - echo "Deploy now the config file ($nsrpc_script_file) into the router\n"; - - // date +\"%Y/%m/%d:%H:%M:%S\" >> /opt/sms/logs/nsrpc.log && -l /opt/sms/logs/nsrpc.log - if (isset($this->sd->SD_CONF_ISIPV6) && $this->sd->SD_CONF_ISIPV6 ){ - //IPv6 we should add '-6' and add '[' and ']' arround the IPv6 - $cmd = "cd /opt/sms/bin/netasq 2>&1 && ./nsrpc -6 -c $nsrpc_script_file '{$this->sd->SD_LOGIN_ENTRY}:{$this->sd->SD_PASSWD_ENTRY}@[".$this->sd->SD_IP_CONFIG."]' 2>&1"; - }else{ - //IPV4 - $cmd = "cd /opt/sms/bin/netasq 2>&1 && ./nsrpc -c $nsrpc_script_file '{$this->sd->SD_LOGIN_ENTRY}:{$this->sd->SD_PASSWD_ENTRY}@{$this->sd->SD_IP_CONFIG}' 2>&1"; - } - - $ret = exec_local(__FILE__.':'.__LINE__, $cmd, $output); - if ($ret !== SMS_OK) - { - $err_msg = "Command [$cmd] has failed!"; - sms_log_error(__FILE__.':'.__LINE__.": {$err_msg}\n"); - unlink($nsrpc_script_file); - return $ret; - } - - unlink($nsrpc_script_file); - - // for each action check the return code - // ouput contains the actions and their return - $index_action = 0; - $last_index_action = 0; - $nb_action = count($this->actions_list); - $error = false; - foreach ($output as $index => $line) + $end = true; + $pos = strpos($nsrpc_output, ' code=', $pos); + if ($pos !== false) { - echo "nsrpc output ($index) : $line\n"; - - if (($index_action < $nb_action) && strpos($line, $this->actions_list[$index_action])) + $pos = $pos - RC_LEN; + if ($pos < 0) { - $last_index_action = $index_action; - $index_action++; + return $rc_list; } - else + if (($pos === 0) || ($nsrpc_output[$pos-1] === "\n")) { - if (is_error($line, $this->actions_list[$last_index_action])) - { - $err_msg = "Command [{$this->actions_list[$last_index_action]}] has failed : $line"; - sms_log_error(__FILE__.':'.__LINE__.": {$err_msg}\n"); - $error = true; - } + // This line contains a return code + $rc = substr($nsrpc_output, $pos, RC_LEN); + $rc_list[$rc] = $rc; } + // Get next code if any + $pos += RC_LEN + 6; // 'xxx code=' + $end = false; } - - if ($error) - { - return ERR_SD_CMDFAILED; - } - - return SMS_OK; } + while (!$end); + + return $rc_list; } /* - * $buffer to check looks like + * $nsrpc_output string to check looks like * 100 code=00a00100 msg="Ok" * or * 102 code=00a00300 msg="Waiting for data" * or * 200 code=00100800 msg="Error in format" * - * $buffer can be something like below and should not be taken into account - * level=warning type=cluster code=12 msg="Degraded mode: Can't synchronize connections" causedBy="V50XXA0L0000007" + * other format should not be taken into account */ -function is_error(&$buffer, &$command) +function is_error(&$nsrpc_output) { - global $ok_return_code; - global $not_a_return_code; - global $cmd_exception; + // return code considered as ok + $ok_return_code = array ( + "100" => true, + "103" => true, + "104" => true, + "110" => true, + "111" => true, + ); - $pos = 0; - do + // intermediate return code, it is normaly followed by another return code + $not_a_return_code = array ( + "101" => true, + "102" => true, + ); + + $rc_list = get_return_codes($nsrpc_output); + + foreach ($rc_list as $rc) { - $end = true; - $pos = strpos($buffer, ' code=', $pos); - if ($pos !== false) + if (empty($ok_return_code[$rc]) && empty($not_a_return_code[$rc])) { - $pos = $pos - RC_LEN; - if ($pos < 0) - { - return false; - } - if (($pos === 0) || ($buffer[$pos-1] === "\n")) - { - // This line contains a return code - $code = substr($buffer, $pos, RC_LEN); - if (empty($ok_return_code[$code]) && empty($not_a_return_code[$code])) - { - foreach ($cmd_exception as $cmd => $rc) - { - if ((strpos($command, $cmd) !== false) && (strpos($buffer, $rc) !== false)) - { - return false; - } - } - return true; - } - if (empty($not_a_return_code[$code])) - { - return false; - } - } - // Get second code after "Waiting for data" - $pos += RC_LEN + 6; // 'xxx code=' - $end = false; + return true; + } + if (empty($not_a_return_code[$rc])) + { + return false; } } - while (!$end); return false; } diff --git a/adapters/stormshield/pattern/staging.tpl b/adapters/stormshield/pattern/staging.tpl deleted file mode 100644 index 94ed1d76..00000000 --- a/adapters/stormshield/pattern/staging.tpl +++ /dev/null @@ -1,19 +0,0 @@ -MODIFY ON FORCE -SYSTEM IDENT "{$SD->SD_HOSTNAME}" -CONFIG CONSOLE SETPASSPHRASE {$SD->SD_PASSWD_ENTRY} -CONFIG OBJECT HOST NEW name=defaultgw ip={$SD->SD_INTERFACE_list.E->INT_IP_GW} type=router resolve=static comment="Default gateway" update=1 -CONFIG OBJECT HOST NEW name=host_NCM ip={$ncm_ip_addr} type=host resolve=static comment="NCM Server" update=1 -CONFIG OBJECT HOST NEW name=host_MGMT ip={$SD->SD_IP_CONFIG} type=host resolve=static comment="Management interface" update=1 -CONFIG OBJECT ACTIVATE -CONFIG NETWORK INTERFACE ADDRESS ADD ifname={$SD->SD_INTERFACE_list.E->INT_NAME} address={$SD->SD_IP_CONFIG} mask={$SD->SD_INTERFACE_list.E->INT_IP_MASK} AddressComment="WAN interface" -CONFIG NETWORK INTERFACE UPDATE ifname={$SD->SD_INTERFACE_list.E->INT_NAME} protected=0 -CONFIG NETWORK DEFAULTROUTE SET name=defaultgw type=ipv4 -CONFIG NETWORK ACTIVATE -{if $SD->SD_LOG_MORE} -CONFIG COMMUNICATION SYSLOG state=1 server=host_NCM -CONFIG COMMUNICATION ACTIVATE -CONFIG LOG ALARM syslog=1 -CONFIG LOG ACTIVATE -{/if} -CONFIG SLOT UPLOAD type=filter slot=02 name="Allow NCM" < rules.txt -CONFIG SLOT ACTIVATE type=filter slot=02 diff --git a/adapters/stormshield/pattern/staging_end.tpl b/adapters/stormshield/pattern/staging_end.tpl deleted file mode 100644 index 9f2d051a..00000000 --- a/adapters/stormshield/pattern/staging_end.tpl +++ /dev/null @@ -1 +0,0 @@ -SYSTEM HALT \ No newline at end of file diff --git a/adapters/stormshield/pattern/staging_ha_master.tpl b/adapters/stormshield/pattern/staging_ha_master.tpl deleted file mode 100644 index 11cd7b2a..00000000 --- a/adapters/stormshield/pattern/staging_ha_master.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{if $HA_INTERFACE && $HA_ADDRESS && $HA_MASK} -CONFIG NETWORK INTERFACE ADDRESS ADD ifname={$HA_INTERFACE} address={$HA_ADDRESS} mask={$HA_MASK} AddressComment="HA interface" -{/if} -{if $HA_INTERFACE_SECONDARY && $HA_ADDRESS_SECONDARY && $HA_MASK_SECONDARY} -CONFIG NETWORK INTERFACE ADDRESS ADD ifname={$HA_INTERFACE_SECONDARY} address={$HA_ADDRESS_SECONDARY} mask={$HA_MASK_SECONDARY} AddressComment="HA interface secondary" -{/if} -CONFIG NETWORK ACTIVATE -{if $HA_INTERFACE_SECONDARY} -CONFIG HA CREATE password={$ha_password} ifname={$HA_INTERFACE} ifname2={$HA_INTERFACE_SECONDARY} -{else} -CONFIG HA CREATE password={$ha_password} ifname={$HA_INTERFACE} -{/if} -CONFIG HA ACTIVATE diff --git a/adapters/stormshield/pattern/staging_ha_slave.tpl b/adapters/stormshield/pattern/staging_ha_slave.tpl deleted file mode 100644 index fb213d09..00000000 --- a/adapters/stormshield/pattern/staging_ha_slave.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{if $HA_INTERFACE && $HA_ADDRESS_SLAVE && $HA_MASK} -CONFIG NETWORK INTERFACE ADDRESS ADD ifname={$HA_INTERFACE} address={$HA_ADDRESS_SLAVE} mask={$HA_MASK} AddressComment="HA interface" -{/if} -{if $HA_INTERFACE_SECONDARY && $HA_ADDRESS_SLAVE_SECONDARY && $HA_MASK_SECONDARY} -CONFIG NETWORK INTERFACE ADDRESS ADD ifname={$HA_INTERFACE_SECONDARY} address={$HA_ADDRESS_SLAVE_SECONDARY} mask={$HA_MASK_SECONDARY} AddressComment="HA interface secondary" -{/if} -CONFIG NETWORK ACTIVATE -CONFIG HA JOIN password={$ha_password} ip={$HA_ADDRESS} -CONFIG HA ACTIVATE diff --git a/adapters/stormshield/polld/netasq_availability.php b/adapters/stormshield/polld/netasq_availability.php deleted file mode 100644 index 977320d4..00000000 --- a/adapters/stormshield/polld/netasq_availability.php +++ /dev/null @@ -1,33 +0,0 @@ -getCode(); -} - -return SMS_OK; - -?> diff --git a/adapters/stormshield/polld/netasq_mgmt.php b/adapters/stormshield/polld/stormshield_mgmt.php similarity index 57% rename from adapters/stormshield/polld/netasq_mgmt.php rename to adapters/stormshield/polld/stormshield_mgmt.php index be03eea3..e2d5ef38 100644 --- a/adapters/stormshield/polld/netasq_mgmt.php +++ b/adapters/stormshield/polld/stormshield_mgmt.php @@ -11,9 +11,7 @@ // Script description -require_once 'smsd/sms_common.php'; -require_once load_once('stormshield', 'netasq_connect.php'); -require_once load_once('stormshield', 'netasq_configuration.php'); +require_once load_once('stormshield', 'connect_cli.php'); function format_date($date) { @@ -23,26 +21,15 @@ function format_date($date) } $net_conf = get_network_profile(); -$sd = & $net_conf->SD; +$sd = &$net_conf->SD; -if ($sd->SD_HSRP_TYPE === 2) -{ - // nothing is done for HA slave to avoid simultaneously connexions (slave and master at the same time) - return SMS_OK; -} - -// From here for HA device $sd_poll_elt is the master and $sd_poll_peer is the slave try { global $sms_sd_ctx; - netasq_connect(); - - // Get the conf on the router - $conf = new netasq_configuration($sdid); - $conf->get_info(); + connect(); - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'system property', 'SRPClient>'); + $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'system property'); while (($line = get_one_line($buffer)) !== false) { if (preg_match('@^Version="(.*)"@', $line, $result) > 0) @@ -73,7 +60,7 @@ function format_date($date) } $section = ''; - $licence = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'system licence dump', 'SRPClient>'); + $licence = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'system licence dump'); while (($line = get_one_line($licence)) !== false) { if (preg_match('@^\[(.*)\]@', $line, $result) > 0) @@ -136,7 +123,7 @@ function format_date($date) } $section = ''; - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'config object urlgroup setbase', 'SRPClient>'); + $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'config object urlgroup setbase'); while (($line = get_one_line($buffer)) !== false) { if (preg_match('@^\[(.*)\]@', $line, $result) > 0) @@ -160,13 +147,13 @@ function format_date($date) $av_name = ''; $av_version = ''; - $av_buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'config antivirus list', 'SRPClient>'); + $av_buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, 'config antivirus list'); while (($line = get_one_line($av_buffer)) !== false) { if (preg_match('@^\[(\d+)\]@', $line, $result) > 0) { $av_index = $result[1]; - $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "config antivirus show config=$av_index", 'SRPClient>'); + $buffer = sendexpectone(__FILE__.':'.__LINE__, $sms_sd_ctx, "config antivirus show config=$av_index"); if (strpos($buffer, 'Selected=1') !== false) { $buffer = strstr($buffer, '[Config]'); @@ -203,127 +190,19 @@ function format_date($date) $asset['av_version'] = "$av_name $av_version"; echo __FILE__.':'.__LINE__.": AntiVirus version [".$asset['av_version']."]\n"; - // Check if the firewall is in a cluster - if (($sd->SD_HSRP_TYPE !== 0) && (!empty($sd_poll_peer))) - { - $master_active = true; - - // store status of passive device in slave sd - $info_peer = sendexpectone(__LINE__, $sms_sd_ctx, 'ha info serial=passive', 'SRPClient>'); - if (strpos($info_peer, '100 code=') !== false) - { - if ((strpos($info_peer, 'State=Ready') !== false) || (strpos($info_peer, 'State=Running') !== false ) || (strpos($info_peer, 'Reply=1') !== false)) - { - // passive is up - sms_set_ha_peer_status($sd_poll_peer, 1); - } - else - { - // passive is down - sms_set_ha_peer_status($sd_poll_peer, 0); - } - - $firmware_peer = ''; - $model_peer = ''; - while (($line = get_one_line($info_peer)) !== false) - { - if (preg_match('@^Version="(.*)"@', $line, $result) > 0) - { - $firmware_peer = trim($result[1]); - echo __FILE__.':'.__LINE__.": firmware peer [".$firmware_peer."]\n"; - } - else if (preg_match('@^Model="(.*)"@', $line, $result) > 0) - { - $model_peer = trim($result[1]); - echo __FILE__.':'.__LINE__.": model peer [".$model_peer."]\n"; - } - } - } - else - { - // passive is down - sms_set_ha_peer_status($sd_poll_peer, 0); - } - - // In a cluster check if the responding firewall is the one corresponding to the current SD - // Save the asset in the active node - if ($sd->SD_SERIAL_NUMBER === $asset['serial']) - { - // Master is active - sms_bd_set_ha_active_status($sd_poll_elt, 1); - sms_bd_set_ha_active_status($sd_poll_peer, 0); - } - else - { - // Slave is active - sms_bd_set_ha_active_status($sd_poll_elt, 0); - sms_bd_set_ha_active_status($sd_poll_peer, 1); - $master_active = false; - } - - // unnecessary to update the serial number for a cluster - unset($asset['serial']); - } - - netasq_disconnect(); + disconnect(); } catch (Exception | Error $e) { - netasq_disconnect(); + disconnect(); return $e->getCode(); } -if (($sd->SD_HSRP_TYPE !== 0) && (!empty($sd_poll_peer))) -{ - if ($master_active) - { - // Store asset for master - $ret = sms_polld_set_asset_in_sd($sd_poll_elt, $asset); - if ($ret !== 0) - { - sms_log_error(__FILE__.':'.__LINE__.": sms_polld_set_asset_in_sd($sd_poll_elt, $asset) (master active) Failed\n"); - return $ret; - } - - // Store asset for slave, same as master except firmware and model - $asset['firmware'] = $firmware_peer; - $asset['model'] = $model_peer; - $ret = sms_polld_set_asset_in_sd($sd_poll_peer, $asset); - if ($ret !== 0) - { - sms_log_error(__FILE__.':'.__LINE__.": sms_polld_set_asset_in_sd($sd_poll_peer, $asset) (slave passive) Failed\n"); - return $ret; - } - } - else - { - // Store asset for slave - $ret = sms_polld_set_asset_in_sd($sd_poll_peer, $asset); - if ($ret !== 0) - { - sms_log_error(__FILE__.':'.__LINE__.": sms_polld_set_asset_in_sd($sd_poll_peer, $asset) (slave active) Failed\n"); - return $ret; - } - - // Store asset for master, same as slave except firmware and model - $asset['firmware'] = $firmware_peer; - $asset['model'] = $model_peer; - $ret = sms_polld_set_asset_in_sd($sd_poll_elt, $asset); - if ($ret !== 0) - { - sms_log_error(__FILE__.':'.__LINE__.": sms_polld_set_asset_in_sd($sd_poll_elt, $asset) (master passive) Failed\n"); - return $ret; - } - } -} -else +$ret = sms_polld_set_asset_in_sd($sd_poll_elt, $asset); +if ($ret !== 0) { - $ret = sms_polld_set_asset_in_sd($sd_poll_elt, $asset); - if ($ret !== 0) - { - sms_log_error(__FILE__.':'.__LINE__.": sms_polld_set_asset_in_sd($sd_poll_elt, $asset) Failed\n"); - return $ret; - } + sms_log_error(__FILE__.':'.__LINE__.": sms_polld_set_asset_in_sd($sd_poll_elt, $asset) Failed\n"); + return $ret; } return SMS_OK; diff --git a/adapters/stormshield/prov_init_conf.php b/adapters/stormshield/prov_init_conf.php deleted file mode 100644 index 6da73765..00000000 --- a/adapters/stormshield/prov_init_conf.php +++ /dev/null @@ -1,20 +0,0 @@ -provisioning(); - if ($ret !== SMS_OK) - { - return $ret; - } - - netasq_disconnect(); - return SMS_OK; -} - -?> \ No newline at end of file diff --git a/adapters/stormshield/prov_init_conn.php b/adapters/stormshield/prov_init_conn.php index 4a7dfafd..36002ea9 100644 --- a/adapters/stormshield/prov_init_conn.php +++ b/adapters/stormshield/prov_init_conn.php @@ -1,5 +1,7 @@ \ No newline at end of file diff --git a/adapters/stormshield/prov_register_ip.php b/adapters/stormshield/prov_register_ip.php deleted file mode 100644 index ba7a8c5c..00000000 --- a/adapters/stormshield/prov_register_ip.php +++ /dev/null @@ -1,13 +0,0 @@ - \ No newline at end of file diff --git a/adapters/stormshield/prov_save_conf.php b/adapters/stormshield/prov_save_conf.php deleted file mode 100644 index aaab0565..00000000 --- a/adapters/stormshield/prov_save_conf.php +++ /dev/null @@ -1,11 +0,0 @@ - \ No newline at end of file diff --git a/adapters/stormshield/provisioning_stages.php b/adapters/stormshield/provisioning_stages.php index 152278b7..25c682e9 100644 --- a/adapters/stormshield/provisioning_stages.php +++ b/adapters/stormshield/provisioning_stages.php @@ -3,10 +3,7 @@ $provisioning_stages = array( array('name' => 'Lock Provisioning', 'prog' => 'prov_lock'), array('name' => 'Initial Connection', 'prog' => 'prov_init_conn'), - array('name' => 'Initial Configuration', 'prog' => 'prov_init_conf'), - array('name' => 'Register Management IP','prog' => 'prov_register_ip'), array('name' => 'Unlock Provisioning', 'prog' => 'prov_unlock'), - array('name' => 'Save Configuration', 'prog' => 'prov_save_conf'), ); ?> \ No newline at end of file diff --git a/adapters/stormshield/smarty_functions.php b/adapters/stormshield/smarty_functions.php deleted file mode 100644 index 766a7361..00000000 --- a/adapters/stormshield/smarty_functions.php +++ /dev/null @@ -1,96 +0,0 @@ - 'do_sendfiletorouter', - 'DOWN' => 'do_sendfiletosoc' -); - -function do_sendfiletosoc($params, &$smarty) -{ - if (!empty($params['filename'])) - { - $filename = $params['filename']; - $filetype = 'text'; - $repo = 'Datafiles'; - - if(!empty($params['repo'])) - { - $repo = $params['repo']; - } - - if(!empty($params['type'])) - { - $filetype = $params['type']; - } - - $cli_prefix = $smarty->getTemplateVars('CLI_PREFIX'); - $abonne = $smarty->getTemplateVars('ABONNE'); - - $base_path = "/opt/fmc_repository/{$repo}/{$cli_prefix}/{$abonne}/"; - $real_path = "{$base_path}/{$filename}"; - $meta_path = "{$base_path}/.meta_{$filename}"; - - // Create $base_path if it does not exist - if (!file_exists($base_path)) - { - mkdir_recursive($base_path, 0755); - } - - $do_resolve_template = $smarty->getTemplateVars('DO_RESOLVE_TEMPLATE'); - if (!$do_resolve_template) - { - // if the call come from do_resolve_template, keep the files - // Remove old files otherwise nsrpc create a file named ${filename}-0 - if (is_file($real_path)) - { - unlink($real_path); - } - if (is_file($meta_path)) - { - unlink($meta_path); - } - } - - $curr_date_long = date("U").'000'; - - $add_vars['REPOSITORY'] = $repo; - $add_vars['FILE_TYPE'] = $filetype; - $add_vars['DATE_MODIFICATION'] = $curr_date_long; - $add_vars['COMMENT'] = ""; - $add_vars['DATE_CREATION'] = $curr_date_long; - $add_vars['CONFIGURATION_FILTER'] = ''; - $add_vars['TAG'] = ''; - $add_vars['TYPE'] = 'UPLOAD'; - - write_hashmap_into_xmlfile($meta_path, $add_vars, $error); - - echo "> $real_path"; - } -} - -function do_sendfiletorouter($params, &$smarty) -{ - if (!empty($params['filename'])) - { - $filename = $params['filename']; - $repo = 'Datafiles'; - - if(!empty($params['repo'])) - { - $repo = $params['repo']; - } - - $cli_prefix = $smarty->getTemplateVars('CLI_PREFIX'); - $abonne = $smarty->getTemplateVars('ABONNE'); - - echo "< /opt/fmc_repository/{$repo}/{$cli_prefix}/{$abonne}/{$filename}"; - } -} - -?> \ No newline at end of file diff --git a/adapters/stormshield/stormshield_command.php b/adapters/stormshield/stormshield_command.php new file mode 100644 index 00000000..374f5e99 --- /dev/null +++ b/adapters/stormshield/stormshield_command.php @@ -0,0 +1,18 @@ +