onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 18:27:16 +01:00
Code Issues Releases Wiki Activity

fixes #1973 code cleanup and some renaming

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-22 10:40:05 -08:00
parent 555e9425eb
commit 7a406d772b
31 changed files with 453 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/cisco_lib/ASA8ObjectGroup.cpp
View File

@ -27,6 +27,7 @@
#include "ASA8ObjectGroup.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/Address.h"
#include "fwbuilder/Network.h"
@ -48,18 +49,18 @@ const char *ASA8ObjectGroup::TYPENAME={"ASA8ObjectGroup"};
QString ASA8ObjectGroup::groupMemberToString(
FWObject *obj, NamedObjectManager *named_object_manager)
FWObject *obj, NamedObjectsManager *named_objects_manager)
throw(libfwbuilder::FWException)
{
NamedObject *named_object =
named_object_manager->named_objects[obj->getId()];
named_objects_manager->named_objects[obj->getId()];
if (named_object)
{
return named_object->getCommandWhenObjectGroupMember();
}
return PIXObjectGroup::groupMemberToString(obj, named_object_manager);
return PIXObjectGroup::groupMemberToString(obj, named_objects_manager);
}
string ASA8ObjectGroup::getObjectGroupClass()

2
src/cisco_lib/ASA8ObjectGroup.h
View File

@ -43,7 +43,7 @@ public:
//virtual std::string getSrvTypeName();
virtual QString groupMemberToString(
libfwbuilder::FWObject *obj, NamedObjectManager *named_obj_manager)
libfwbuilder::FWObject *obj, NamedObjectsManager *named_obj_manager)
throw(libfwbuilder::FWException);
};

9
src/cisco_lib/BaseObjectGroup.cpp
View File

@ -27,6 +27,7 @@
#include "BaseObjectGroup.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/Address.h"
#include "fwbuilder/Network.h"
@ -110,7 +111,7 @@ void BaseObjectGroup::setObjectGroupTypeFromFWObject(const FWObject *obj)
}
void BaseObjectGroup::setObjectGroupTypeFromMembers(
NamedObjectManager *named_object_manager)
NamedObjectsManager *named_objects_manager)
{
object_group_type my_type = UNKNOWN;
std::map<int, int> type_counters;
@ -119,7 +120,7 @@ void BaseObjectGroup::setObjectGroupTypeFromMembers(
const FWObject *obj = FWReference::getObject(*i1);
NamedObject *named_object =
named_object_manager->named_objects[obj->getId()];
named_objects_manager->named_objects[obj->getId()];
if (named_object)
obj = named_object->getObject();
@ -221,13 +222,13 @@ string BaseObjectGroup::getObjectGroupClass()
return "";
}
QString BaseObjectGroup::groupMemberToString(FWObject*, NamedObjectManager*)
QString BaseObjectGroup::groupMemberToString(FWObject*, NamedObjectsManager*)
throw(libfwbuilder::FWException)
{
return "";
}
QString BaseObjectGroup::toString(NamedObjectManager *nm) throw(FWException)
QString BaseObjectGroup::toString(NamedObjectsManager *nm) throw(FWException)
{
QStringList res;
if (this->size()==0) return "";

8
src/cisco_lib/BaseObjectGroup.h
View File

@ -38,7 +38,7 @@
namespace fwcompiler {
class NamedObjectManager;
class NamedObjectsManager;
class BaseObjectGroup : public libfwbuilder::Group {
public:
@ -79,7 +79,7 @@ public:
void setObjectGroupType(object_group_type _gt) { gt=_gt; }
object_group_type getObjectGroupType() { return gt; }
void setObjectGroupTypeFromMembers(NamedObjectManager *named_obj_manager);
void setObjectGroupTypeFromMembers(NamedObjectsManager *named_obj_manager);
object_group_type getObjectGroupTypeFromFWObject(
const libfwbuilder::FWObject *o);
void setObjectGroupTypeFromFWObject(const libfwbuilder::FWObject *obj);
@ -93,10 +93,10 @@ public:
virtual std::string getObjectGroupFooter();
virtual QString groupMemberToString(
libfwbuilder::FWObject *obj, NamedObjectManager *named_obj_manager)
libfwbuilder::FWObject *obj, NamedObjectsManager *named_obj_manager)
throw(libfwbuilder::FWException);
virtual QString toString(NamedObjectManager *named_obj_manager)
virtual QString toString(NamedObjectsManager *named_obj_manager)
throw(libfwbuilder::FWException);
};

2
src/cisco_lib/CompilerDriver_iosacl.h
View File

@ -47,7 +47,7 @@ namespace libfwbuilder {
namespace fwcompiler {
class ciscoACL;
class NamedObjectManager;
class NamedObjectsManager;
class CompilerDriver_iosacl : public CompilerDriver
{

12
src/cisco_lib/CompilerDriver_iosacl_run.cpp
View File

@ -186,7 +186,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
if (!single_rule_compile_on)
system_configuration_script = safetyNetInstall(fw);
NamedObjectManagerIOS named_object_manager(fw);
NamedObjectsManagerIOS named_objects_manager(fw);
// command line options -4 and -6 control address family for which
// script will be generated. If "-4" is used, only ipv4 part will
@ -241,7 +241,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
PolicyCompiler_iosacl c(objdb, fw, ipv6_policy, oscnf.get());
c.setNamedObjectManager(&named_object_manager);
c.setNamedObjectsManager(&named_objects_manager);
c.setSourceRuleSet( policy );
c.setRuleSetName(policy->getName());
@ -278,7 +278,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
}
policy_script += c.getCompiledScript();
clear_commands += c.printClearCommands();
named_object_manager.saveObjectGroups();
named_objects_manager.saveObjectGroups();
} else
info(" Nothing to compile in Policy");
@ -292,7 +292,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
// currently routing is supported only for ipv4
RoutingCompiler_iosacl r(objdb, fw, false, oscnf.get());
r.setNamedObjectManager(&named_object_manager);
r.setNamedObjectsManager(&named_objects_manager);
r.setSourceRuleSet(routing);
r.setRuleSetName(routing->getName());
@ -325,7 +325,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
}
object_groups_definitions +=
named_object_manager.getNamedObjectsDefinitions();
named_objects_manager.getNamedObjectsDefinitions();
if (single_rule_compile_on)
{
@ -338,7 +338,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
if ( fw->getOptionsObject()->getBool("iosacl_acl_basic") ||
fw->getOptionsObject()->getBool("iosacl_acl_substitution"))
{
clear_commands += named_object_manager.getClearCommands() + "\n";
clear_commands += named_objects_manager.getClearCommands() + "\n";
}
system_configuration_script += clear_commands;

24
src/cisco_lib/CompilerDriver_pix_run.cpp
View File

@ -290,7 +290,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
copies_of_cluster_interfaces.pop_front();
}
NamedObjectManagerPIX named_object_manager(fw);
NamedObjectsManagerPIX named_objects_manager(fw);
all_interfaces = fw->getByTypeDeep(Interface::TYPENAME);
@ -382,7 +382,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
RuleSet *nat = RuleSet::cast(fw->getFirstByType(NAT::TYPENAME));
if (nat)
{
n->setNamedObjectManager(&named_object_manager);
n->setNamedObjectsManager(&named_objects_manager);
n->setSourceRuleSet(nat);
n->setRuleSetName(nat->getName());
@ -400,10 +400,10 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
clear_commands += n->printClearCommands();
have_named_objects = (have_named_objects ||
named_object_manager.haveNamedObjects());
named_objects_manager.haveNamedObjects());
have_object_groups = (have_object_groups ||
named_object_manager.haveObjectGroups());
named_object_manager.saveObjectGroups();
named_objects_manager.haveObjectGroups());
named_objects_manager.saveObjectGroups();
} else
info(" Nothing to compile in NAT");
}
@ -414,7 +414,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
RuleSet *policy = RuleSet::cast(fw->getFirstByType(Policy::TYPENAME));
if (policy)
{
c->setNamedObjectManager(&named_object_manager);
c->setNamedObjectsManager(&named_objects_manager);
c->setSourceRuleSet(policy);
c->setRuleSetName(policy->getName());
@ -432,10 +432,10 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
clear_commands += c->printClearCommands();
have_named_objects = (have_named_objects ||
named_object_manager.haveNamedObjects());
named_objects_manager.haveNamedObjects());
have_object_groups = (have_object_groups ||
named_object_manager.haveObjectGroups());
named_object_manager.saveObjectGroups();
named_objects_manager.haveObjectGroups());
named_objects_manager.saveObjectGroups();
} else
info(" Nothing to compile in Policy");
}
@ -446,7 +446,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
RuleSet *routing = RuleSet::cast(fw->getFirstByType(Routing::TYPENAME));
if (routing)
{
r->setNamedObjectManager(&named_object_manager);
r->setNamedObjectsManager(&named_objects_manager);
r->setSourceRuleSet(routing);
r->setRuleSetName(routing->getName());
@ -475,7 +475,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
routing_script = r->getCompiledScript();
object_groups_definitions =
named_object_manager.getNamedObjectsDefinitions();
named_objects_manager.getNamedObjectsDefinitions();
if (c->haveErrorsAndWarnings())
all_errors.push_back(c->getErrors("C ").c_str());
@ -494,7 +494,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
system_configuration_script = oscnf->getCompiledScript();
clear_commands += named_object_manager.getClearCommands() + "\n";
clear_commands += named_objects_manager.getClearCommands() + "\n";
system_configuration_script += clear_commands;
system_configuration_script += "\n";

12
src/cisco_lib/CompilerDriver_procurve_acl_run.cpp
View File

@ -173,7 +173,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
if (!single_rule_compile_on)
system_configuration_script = safetyNetInstall(fw);
NamedObjectManagerIOS named_object_manager(fw);
NamedObjectsManagerIOS named_objects_manager(fw);
// command line options -4 and -6 control address family for which
// script will be generated. If "-4" is used, only ipv4 part will
@ -228,7 +228,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
PolicyCompiler_procurve_acl c(objdb, fw, ipv6_policy, oscnf.get());
c.setNamedObjectManager(&named_object_manager);
c.setNamedObjectsManager(&named_objects_manager);
c.setSourceRuleSet( policy );
c.setRuleSetName(policy->getName());
@ -265,7 +265,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
}
policy_script += c.getCompiledScript();
clear_commands += c.printClearCommands();
named_object_manager.saveObjectGroups();
named_objects_manager.saveObjectGroups();
} else
info(" Nothing to compile in Policy");
@ -279,7 +279,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
// currently routing is supported only for ipv4
RoutingCompiler_procurve_acl r(objdb, fw, false, oscnf.get());
r.setNamedObjectManager(&named_object_manager);
r.setNamedObjectsManager(&named_objects_manager);
r.setSourceRuleSet(routing);
r.setRuleSetName(routing->getName());
@ -312,7 +312,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
}
object_groups_definitions +=
named_object_manager.getNamedObjectsDefinitions();
named_objects_manager.getNamedObjectsDefinitions();
if (single_rule_compile_on)
{
@ -325,7 +325,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
if ( fw->getOptionsObject()->getBool("procurve_acl_acl_basic") ||
fw->getOptionsObject()->getBool("procurve_acl_acl_substitution"))
{
clear_commands += named_object_manager.getClearCommands() + "\n";
clear_commands += named_objects_manager.getClearCommands() + "\n";
}
system_configuration_script += clear_commands;

2
src/cisco_lib/IOSObjectGroup.cpp
View File

@ -46,7 +46,7 @@ using namespace std;
const char *IOSObjectGroup::TYPENAME={"IOSObjectGroup"};
QString IOSObjectGroup::groupMemberToString(FWObject *obj,
NamedObjectManager*)
NamedObjectsManager*)
throw(libfwbuilder::FWException)
{
ostringstream ostr;

2
src/cisco_lib/IOSObjectGroup.h
View File

@ -43,7 +43,7 @@ public:
virtual std::string getObjectGroupFooter();
virtual QString groupMemberToString(
libfwbuilder::FWObject *obj, NamedObjectManager *named_obj_manager)
libfwbuilder::FWObject *obj, NamedObjectsManager *named_obj_manager)
throw(libfwbuilder::FWException);
};

1
src/cisco_lib/NATCompiler_asa8_writers.cpp
View File

@ -27,6 +27,7 @@
#include "NamedObject.h"
#include "ASA8TwiceNatLogic.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/RuleElement.h"

3
src/cisco_lib/NATCompiler_pix.cpp
View File

@ -27,6 +27,7 @@
#include "NATCompiler_pix.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/RuleElement.h"
@ -1874,7 +1875,7 @@ class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate
virtual bool askUser(FWObject*, FWObject*) {return false;}
};
void NATCompiler_pix::setNamedObjectManager(NamedObjectManager *mgr)
void NATCompiler_pix::setNamedObjectsManager(NamedObjectsManager *mgr)
{
named_objects_manager = mgr;
mgr->setWorkingObjectTree(dbcopy);

4
src/cisco_lib/NATCompiler_pix.h
View File

@ -86,7 +86,7 @@ namespace fwcompiler {
public:
Helper helper;
NamedObjectManager *named_objects_manager;
NamedObjectsManager *named_objects_manager;
int global_pool_no;
std::map<int,NATCmd*> nat_commands;
@ -533,7 +533,7 @@ namespace fwcompiler {
nat_acl_names[acl_name] = f;
}
void setNamedObjectManager(NamedObjectManager *mgr);
void setNamedObjectsManager(NamedObjectsManager *mgr);
};

185
src/cisco_lib/NamedObjectsAndGroupsSupport.cpp
View File

@ -24,6 +24,7 @@
#include "config.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "NamedObject.h"
#include "PIXObjectGroup.h"
@ -63,190 +64,6 @@ using namespace fwcompiler;
using namespace std;
FWObject* create_IOSObjectGroup(int id)
{
FWObject *nobj = new IOSObjectGroup();
if (id > -1) nobj->setId(id);
return nobj;
}
FWObject* create_PIXObjectGroup(int id)
{
FWObject *nobj = new PIXObjectGroup();
if (id > -1) nobj->setId(id);
return nobj;
}
FWObject* create_ASA8ObjectGroup(int id)
{
FWObject *nobj = new ASA8ObjectGroup();
if (id > -1) nobj->setId(id);
return nobj;
}
NamedObjectManager::NamedObjectManager(const Firewall *fw)
{
version = fw->getStr("version");
platform = fw->getStr("platform");
object_groups_tree = new FWObjectDatabase();
Group *object_groups = new Group();
object_groups->setName("Object Groups");
object_groups_tree->add( object_groups );
object_groups_group_id = FWObjectDatabase::getStringId(object_groups->getId());
BaseObjectGroup::name_disambiguation.clear();
NamedObject::name_disambiguation.clear();
FWObjectDatabase::registerObjectType(IOSObjectGroup::TYPENAME,
&create_IOSObjectGroup);
FWObjectDatabase::registerObjectType(PIXObjectGroup::TYPENAME,
&create_PIXObjectGroup);
FWObjectDatabase::registerObjectType(ASA8ObjectGroup::TYPENAME,
&create_ASA8ObjectGroup);
}
NamedObjectManager::~NamedObjectManager()
{
std::map<int, NamedObject*>::iterator it1;
for (it1=named_objects.begin(); it1!=named_objects.end(); ++it1)
{
delete it1->second;
}
named_objects.clear();
}
void NamedObjectManager::addNamedObject(const FWObject *obj)
{
if (getNamedObject(obj) == NULL)
named_objects[obj->getId()] = new NamedObject(obj, platform.c_str());
}
NamedObject* NamedObjectManager::getNamedObject(const FWObject *obj)
{
if (named_objects.count(obj->getId()) == 0) return NULL;
else
return named_objects[obj->getId()];
}
bool NamedObjectManager::haveNamedObjects()
{
return (named_objects.size() > 0);
}
bool NamedObjectManager::haveObjectGroups()
{
FWObject *object_groups = object_groups_tree->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id));
return (object_groups->size() > 0);
}
string NamedObjectManager::getNamedObjectsDefinitions()
{
QStringList output;
map<int, NamedObject*>::iterator it;
for (it=named_objects.begin(); it!=named_objects.end(); ++it)
{
NamedObject *nobj = it->second;
if (nobj==NULL) continue;
output << nobj->getCommand();
}
FWObject *object_groups = object_groups_tree->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id));
for (FWObject::iterator i=object_groups->begin();
i!=object_groups->end(); ++i)
{
BaseObjectGroup *og = dynamic_cast<BaseObjectGroup*>(*i);
assert(og!=NULL);
if (og->size()==0) continue;
output << og->toString(this); // ends with an empty line
}
return output.join("\n").toUtf8().constData();
}
string NamedObjectManager::getClearCommands()
{
return "";
}
BaseObjectGroup* NamedObjectManager::createObjectGroup()
{
BaseObjectGroup *grp = NULL;
if (platform == "pix" || platform == "fwsm")
{
if (XMLTools::version_compare(version, "8.0")<0)
grp = new PIXObjectGroup();
else
grp = new ASA8ObjectGroup();
}
if (platform == "iosacl") grp = new IOSObjectGroup();
assert(grp!=NULL);
grp->init(work_db);
return grp;
}
class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate
{
public:
MergeConflictRes() { }
virtual bool askUser(FWObject*, FWObject*) {return false;}
};
void NamedObjectManager::setWorkingObjectTree(FWObjectDatabase *dbcopy)
{
MergeConflictRes merge_predicate;
dbcopy->merge(object_groups_tree, &merge_predicate);
work_db = dbcopy;
}
/*
* copy group that holds new object groups from the working tree, that
* belongs to the compiler to our own tree in object_groups_tree. We
* simply add group object to object_groups_tree (this changes its
* parent AND BREAKS OBJECT TREE IT USED TO BELONG TO). We have to
* scan all groups inside of it and create copies of objects they
* reference. We add copies of these objects right into the root of
* object_groups_tree.
*/
void NamedObjectManager::saveObjectGroups()
{
object_groups_tree->clearChildren();
FWObject *work_object_groups = getObjectGroupsGroupInWorkTree(); // finds it in work_db
// move from work tree to object_groups_tree
object_groups_tree->add(work_object_groups);
for (FWObject::iterator i=work_object_groups->begin();
i!=work_object_groups->end(); ++i)
{
FWObject *grp = *i;
grp->setRoot(object_groups_tree);
for (FWObject::iterator i1=grp->begin(); i1!=grp->end(); ++i1)
{
FWObject *obj = FWReference::getObject(*i1);
object_groups_tree->add(obj);
obj->setRoot(object_groups_tree);
(*i1)->setRoot(object_groups_tree);
}
}
object_groups_tree->addToIndexRecursive(work_object_groups);
//object_groups_tree->dump(true, true);
}
Group* NamedObjectManager::getObjectGroupsGroupInWorkTree()
{
return Group::cast(work_db->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id)));
}
CreateObjectGroups::~CreateObjectGroups()

94
src/cisco_lib/NamedObjectsAndGroupsSupport.h
View File

@ -40,81 +40,13 @@
namespace fwcompiler
{
class NamedObjectManager
{
protected:
std::string platform;
std::string version;
// storage for object groups created to be used with PIX
// command object-group
std::string object_groups_group_id;
/*
* This is a storage object tree. Method saveObjectGroups()
* copies object groups objects created during compiler pass
* in the working tree work_db to this tree. There should be
* no access to the storage tree from outside, it should only
* be used by methods of this class that generate commands for
* object groups definitions or "clear" commands.
*/
libfwbuilder::FWObjectDatabase *object_groups_tree;
/*
* This is a working object tree. When compilers need to
* interact with named object manager, they should use this
* object tree. Access to the group that holds created object
* groups is provided by method
* getObjectGroupsGroupInWorkTree() that finds it in the
* working tree
*/
libfwbuilder::FWObjectDatabase *work_db;
public:
std::map<int, NamedObject*> named_objects;
NamedObjectManager(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectManager();
void addNamedObject(const libfwbuilder::FWObject *obj);
NamedObject* getNamedObject(const libfwbuilder::FWObject *obj);
virtual std::string getNamedObjectsDefinitions();
virtual std::string getClearCommands();
bool haveNamedObjects();
bool haveObjectGroups();
BaseObjectGroup* createObjectGroup();
libfwbuilder::Group* getObjectGroupsGroupInWorkTree();
void setWorkingObjectTree(libfwbuilder::FWObjectDatabase *dbcopy);
/*
* saveObjectGroups() moves group that holds all newly created
* object groups from the object database used by the compiler
* (referenced by work_db) to object_groups_tree. Note that we
* just simply re-parent group object which breaks all
* references to it from rules in work_db. Call this from the
* run() function only at the point where compiler's copy of
* the object tree is not needed anymore. Good moment is right
* after the call to epilog().
*
* Again, THIS METHOD BREAKS OBJECT TREE inside policy
* compiler this instance of NamedObjectManager works with
* (they get associated by the call to method setNamedObjectManager()
* of the compiler)
*/
void saveObjectGroups();
};
class CreateObjectGroups : public BasicRuleProcessor
{
protected:
std::string re_type;
std::string name_suffix;
NamedObjectManager *named_objects_manager;
NamedObjectsManager *named_objects_manager;
BaseObjectGroup* findObjectGroup(libfwbuilder::RuleElement *re);
@ -126,7 +58,7 @@ public:
CreateObjectGroups(const std::string &name,
const std::string &_ns,
const std::string &_type,
NamedObjectManager *m) :
NamedObjectsManager *m) :
BasicRuleProcessor(name)
{
re_type=_type;
@ -142,21 +74,21 @@ public:
class CreateObjectGroupsForSrc : public CreateObjectGroups
{
public:
CreateObjectGroupsForSrc(const std::string &n, NamedObjectManager *m) :
CreateObjectGroupsForSrc(const std::string &n, NamedObjectsManager *m) :
CreateObjectGroups(n,"src",libfwbuilder::RuleElementSrc::TYPENAME, m) {}
};
class CreateObjectGroupsForDst : public CreateObjectGroups
{
public:
CreateObjectGroupsForDst(const std::string &n, NamedObjectManager *m) :
CreateObjectGroupsForDst(const std::string &n, NamedObjectsManager *m) :
CreateObjectGroups(n,"dst",libfwbuilder::RuleElementDst::TYPENAME, m) {}
};
class CreateObjectGroupsForSrv : public CreateObjectGroups
{
public:
CreateObjectGroupsForSrv(const std::string &n, NamedObjectManager *m) :
CreateObjectGroupsForSrv(const std::string &n, NamedObjectsManager *m) :
CreateObjectGroups(n,"srv",libfwbuilder::RuleElementSrv::TYPENAME, m) {}
};
@ -167,21 +99,21 @@ public:
class CreateObjectGroupsForOSrc : public CreateObjectGroups
{
public:
CreateObjectGroupsForOSrc(const std::string &n, NamedObjectManager *m) :
CreateObjectGroupsForOSrc(const std::string &n, NamedObjectsManager *m) :
CreateObjectGroups(n,"osrc",libfwbuilder::RuleElementOSrc::TYPENAME, m){}
};
class CreateObjectGroupsForODst : public CreateObjectGroups
{
public:
CreateObjectGroupsForODst(const std::string &n, NamedObjectManager *m) :
CreateObjectGroupsForODst(const std::string &n, NamedObjectsManager *m) :
CreateObjectGroups(n,"odst",libfwbuilder::RuleElementODst::TYPENAME, m){}
};
class CreateObjectGroupsForOSrv : public CreateObjectGroups
{
public:
CreateObjectGroupsForOSrv(const std::string &n, NamedObjectManager *m) :
CreateObjectGroupsForOSrv(const std::string &n, NamedObjectsManager *m) :
CreateObjectGroups(n,"osrv",libfwbuilder::RuleElementOSrv::TYPENAME, m){}
};
@ -193,7 +125,7 @@ protected:
BaseObjectGroup *obj_group);
public:
CreateObjectGroupsForTSrc(const std::string &n, NamedObjectManager *m) :
CreateObjectGroupsForTSrc(const std::string &n, NamedObjectsManager *m) :
CreateObjectGroups(n,"tsrc",libfwbuilder::RuleElementTSrc::TYPENAME, m){}
};
@ -205,10 +137,10 @@ public:
{
protected:
virtual void printObjectsForRE(libfwbuilder::FWObject *re);
NamedObjectManager *named_objects_manager;
NamedObjectsManager *named_objects_manager;
public:
createNamedObjectsCommon(const std::string &n,
NamedObjectManager *_m) : BasicRuleProcessor(n)
NamedObjectsManager *_m) : BasicRuleProcessor(n)
{
named_objects_manager = _m;
}
@ -220,7 +152,7 @@ protected:
virtual void printObjectsForRE(libfwbuilder::FWObject *re);
public:
createNamedObjectsForPolicy(const std::string &n,
NamedObjectManager *m) : createNamedObjectsCommon(n, m) {}
NamedObjectsManager *m) : createNamedObjectsCommon(n, m) {}
virtual bool processNext();
};
@ -228,7 +160,7 @@ public:
{
public:
createNamedObjectsForNAT(const std::string &n,
NamedObjectManager *m) : createNamedObjectsCommon(n, m) {}
NamedObjectsManager *m) : createNamedObjectsCommon(n, m) {}
virtual bool processNext();
};

249
src/cisco_lib/NamedObjectsManager.cpp Normal file
View File

@ -0,0 +1,249 @@
/*
Firewall Builder
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "config.h"
#include "NamedObjectsManager.h"
#include "NamedObject.h"
#include "PIXObjectGroup.h"
#include "ASA8ObjectGroup.h"
#include "IOSObjectGroup.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/RuleElement.h"
#include "fwbuilder/IPService.h"
#include "fwbuilder/ICMPService.h"
#include "fwbuilder/TCPService.h"
#include "fwbuilder/UDPService.h"
#include "fwbuilder/CustomService.h"
#include "fwbuilder/Network.h"
#include "fwbuilder/Policy.h"
#include "fwbuilder/Interface.h"
#include "fwbuilder/Management.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/AddressTable.h"
#include "fwbuilder/AddressRange.h"
#include "fwbuilder/Firewall.h"
#include "fwcompiler/Compiler.h"
#include <iostream>
#include <algorithm>
#include <assert.h>
#include <QString>
#include <QStringList>
#include <QtDebug>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
FWObject* create_IOSObjectGroup(int id)
{
FWObject *nobj = new IOSObjectGroup();
if (id > -1) nobj->setId(id);
return nobj;
}
FWObject* create_PIXObjectGroup(int id)
{
FWObject *nobj = new PIXObjectGroup();
if (id > -1) nobj->setId(id);
return nobj;
}
FWObject* create_ASA8ObjectGroup(int id)
{
FWObject *nobj = new ASA8ObjectGroup();
if (id > -1) nobj->setId(id);
return nobj;
}
NamedObjectsManager::NamedObjectsManager(const Firewall *fw)
{
version = fw->getStr("version");
platform = fw->getStr("platform");
object_groups_tree = new FWObjectDatabase();
Group *object_groups = new Group();
object_groups->setName("Object Groups");
object_groups_tree->add( object_groups );
object_groups_group_id = FWObjectDatabase::getStringId(object_groups->getId());
BaseObjectGroup::name_disambiguation.clear();
NamedObject::name_disambiguation.clear();
FWObjectDatabase::registerObjectType(IOSObjectGroup::TYPENAME,
&create_IOSObjectGroup);
FWObjectDatabase::registerObjectType(PIXObjectGroup::TYPENAME,
&create_PIXObjectGroup);
FWObjectDatabase::registerObjectType(ASA8ObjectGroup::TYPENAME,
&create_ASA8ObjectGroup);
}
NamedObjectsManager::~NamedObjectsManager()
{
std::map<int, NamedObject*>::iterator it1;
for (it1=named_objects.begin(); it1!=named_objects.end(); ++it1)
{
delete it1->second;
}
named_objects.clear();
}
void NamedObjectsManager::addNamedObject(const FWObject *obj)
{
if (getNamedObject(obj) == NULL)
named_objects[obj->getId()] = new NamedObject(obj, platform.c_str());
}
NamedObject* NamedObjectsManager::getNamedObject(const FWObject *obj)
{
if (named_objects.count(obj->getId()) == 0) return NULL;
else
return named_objects[obj->getId()];
}
bool NamedObjectsManager::haveNamedObjects()
{
return (named_objects.size() > 0);
}
bool NamedObjectsManager::haveObjectGroups()
{
FWObject *object_groups = object_groups_tree->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id));
return (object_groups->size() > 0);
}
string NamedObjectsManager::getNamedObjectsDefinitions()
{
QStringList output;
map<int, NamedObject*>::iterator it;
for (it=named_objects.begin(); it!=named_objects.end(); ++it)
{
NamedObject *nobj = it->second;
if (nobj==NULL) continue;
output << nobj->getCommand();
}
FWObject *object_groups = object_groups_tree->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id));
for (FWObject::iterator i=object_groups->begin();
i!=object_groups->end(); ++i)
{
BaseObjectGroup *og = dynamic_cast<BaseObjectGroup*>(*i);
assert(og!=NULL);
if (og->size()==0) continue;
output << og->toString(this); // ends with an empty line
}
return output.join("\n").toUtf8().constData();
}
string NamedObjectsManager::getClearCommands()
{
return "";
}
BaseObjectGroup* NamedObjectsManager::createObjectGroup()
{
BaseObjectGroup *grp = NULL;
if (platform == "pix" || platform == "fwsm")
{
if (XMLTools::version_compare(version, "8.0")<0)
grp = new PIXObjectGroup();
else
grp = new ASA8ObjectGroup();
}
if (platform == "iosacl") grp = new IOSObjectGroup();
assert(grp!=NULL);
grp->init(work_db);
return grp;
}
class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate
{
public:
MergeConflictRes() { }
virtual bool askUser(FWObject*, FWObject*) {return false;}
};
void NamedObjectsManager::setWorkingObjectTree(FWObjectDatabase *dbcopy)
{
MergeConflictRes merge_predicate;
dbcopy->merge(object_groups_tree, &merge_predicate);
work_db = dbcopy;
}
/*
* copy group that holds new object groups from the working tree, that
* belongs to the compiler to our own tree in object_groups_tree. We
* simply add group object to object_groups_tree (this changes its
* parent AND BREAKS OBJECT TREE IT USED TO BELONG TO). We have to
* scan all groups inside of it and create copies of objects they
* reference. We add copies of these objects right into the root of
* object_groups_tree.
*/
void NamedObjectsManager::saveObjectGroups()
{
object_groups_tree->clearChildren();
FWObject *work_object_groups = getObjectGroupsGroupInWorkTree(); // finds it in work_db
// move from work tree to object_groups_tree
object_groups_tree->add(work_object_groups);
for (FWObject::iterator i=work_object_groups->begin();
i!=work_object_groups->end(); ++i)
{
FWObject *grp = *i;
grp->setRoot(object_groups_tree);
for (FWObject::iterator i1=grp->begin(); i1!=grp->end(); ++i1)
{
FWObject *obj = FWReference::getObject(*i1);
object_groups_tree->add(obj);
obj->setRoot(object_groups_tree);
(*i1)->setRoot(object_groups_tree);
}
}
object_groups_tree->addToIndexRecursive(work_object_groups);
//object_groups_tree->dump(true, true);
}
Group* NamedObjectsManager::getObjectGroupsGroupInWorkTree()
{
return Group::cast(work_db->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id)));
}

109
src/cisco_lib/NamedObjectsManager.h Normal file
View File

@ -0,0 +1,109 @@
/*
Firewall Builder
Copyright (C) 2010-2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _NAMED_OBJECTS_MANAGER_HH
#define _NAMED_OBJECTS_MANAGER_HH
#include "config.h"
#include "BaseObjectGroup.h"
#include "fwbuilder/Group.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/Firewall.h"
namespace fwcompiler
{
class NamedObjectsManager
{
protected:
std::string platform;
std::string version;
// storage for object groups created to be used with PIX
// command object-group
std::string object_groups_group_id;
/*
* This is a storage object tree. Method saveObjectGroups()
* copies object groups objects created during compiler pass
* in the working tree work_db to this tree. There should be
* no access to the storage tree from outside, it should only
* be used by methods of this class that generate commands for
* object groups definitions or "clear" commands.
*/
libfwbuilder::FWObjectDatabase *object_groups_tree;
/*
* This is a working object tree. When compilers need to
* interact with named object manager, they should use this
* object tree. Access to the group that holds created object
* groups is provided by method
* getObjectGroupsGroupInWorkTree() that finds it in the
* working tree
*/
libfwbuilder::FWObjectDatabase *work_db;
public:
std::map<int, NamedObject*> named_objects;
NamedObjectsManager(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectsManager();
void addNamedObject(const libfwbuilder::FWObject *obj);
NamedObject* getNamedObject(const libfwbuilder::FWObject *obj);
virtual std::string getNamedObjectsDefinitions();
virtual std::string getClearCommands();
bool haveNamedObjects();
bool haveObjectGroups();
BaseObjectGroup* createObjectGroup();
libfwbuilder::Group* getObjectGroupsGroupInWorkTree();
void setWorkingObjectTree(libfwbuilder::FWObjectDatabase *dbcopy);
/*
* saveObjectGroups() moves group that holds all newly created
* object groups from the object database used by the compiler
* (referenced by work_db) to object_groups_tree. Note that we
* just simply re-parent group object which breaks all
* references to it from rules in work_db. Call this from the
* run() function only at the point where compiler's copy of
* the object tree is not needed anymore. Good moment is right
* after the call to epilog().
*
* Again, THIS METHOD BREAKS OBJECT TREE inside policy
* compiler this instance of NamedObjectsManager works with
* (they get associated by the call to method setNamedObjectsManager()
* of the compiler)
*/
void saveObjectGroups();
};
}
#endif

8
src/cisco_lib/NamedObjectsManagerASA8.h
View File

@ -32,13 +32,13 @@
namespace fwcompiler
{
class NamedObjectManagerASA8 : public NamedObjectManagerPIX
class NamedObjectsManagerASA8 : public NamedObjectsManagerPIX
{
public:
NamedObjectManagerASA8(const libfwbuilder::Firewall *fw) :
NamedObjectManagerPIX(fw) {}
virtual ~NamedObjectManagerASA8() {};
NamedObjectsManagerASA8(const libfwbuilder::Firewall *fw) :
NamedObjectsManagerPIX(fw) {}
virtual ~NamedObjectsManagerASA8() {};
};
}

8
src/cisco_lib/NamedObjectsManagerIOS.cpp
View File

@ -36,16 +36,16 @@ using namespace fwcompiler;
using namespace std;
NamedObjectManagerIOS::NamedObjectManagerIOS(const Firewall *fw) :
NamedObjectManager(fw)
NamedObjectsManagerIOS::NamedObjectsManagerIOS(const Firewall *fw) :
NamedObjectsManager(fw)
{
}
NamedObjectManagerIOS::~NamedObjectManagerIOS()
NamedObjectsManagerIOS::~NamedObjectsManagerIOS()
{
}
string NamedObjectManagerIOS::getClearCommands()
string NamedObjectsManagerIOS::getClearCommands()
{
ostringstream output;

8
src/cisco_lib/NamedObjectsManagerIOS.h
View File

@ -26,7 +26,7 @@
#include "config.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/Firewall.h"
@ -34,12 +34,12 @@
namespace fwcompiler
{
class NamedObjectManagerIOS : public NamedObjectManager
class NamedObjectsManagerIOS : public NamedObjectsManager
{
public:
NamedObjectManagerIOS(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectManagerIOS();
NamedObjectsManagerIOS(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectsManagerIOS();
virtual std::string getClearCommands();
};

8
src/cisco_lib/NamedObjectsManagerPIX.cpp
View File

@ -35,16 +35,16 @@ using namespace fwcompiler;
using namespace std;
NamedObjectManagerPIX::NamedObjectManagerPIX(const Firewall *fw) :
NamedObjectManager(fw)
NamedObjectsManagerPIX::NamedObjectsManagerPIX(const Firewall *fw) :
NamedObjectsManager(fw)
{
}
NamedObjectManagerPIX::~NamedObjectManagerPIX()
NamedObjectsManagerPIX::~NamedObjectsManagerPIX()
{
}
string NamedObjectManagerPIX::getClearCommands()
string NamedObjectsManagerPIX::getClearCommands()
{
ostringstream output;

8
src/cisco_lib/NamedObjectsManagerPIX.h
View File

@ -26,7 +26,7 @@
#include "config.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/Firewall.h"
@ -34,12 +34,12 @@
namespace fwcompiler
{
class NamedObjectManagerPIX : public NamedObjectManager
class NamedObjectsManagerPIX : public NamedObjectsManager
{
public:
NamedObjectManagerPIX(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectManagerPIX();
NamedObjectsManagerPIX(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectsManagerPIX();
virtual std::string getClearCommands();
};

2
src/cisco_lib/PIXObjectGroup.cpp
View File

@ -45,7 +45,7 @@ const char *PIXObjectGroup::TYPENAME={"PIXObjectGroup"};
QString PIXObjectGroup::groupMemberToString(FWObject *obj,
NamedObjectManager*)
NamedObjectsManager*)
throw(libfwbuilder::FWException)
{
ostringstream ostr;

2
src/cisco_lib/PIXObjectGroup.h
View File

@ -42,7 +42,7 @@ public:
virtual std::string getObjectGroupFooter();
virtual QString groupMemberToString(
libfwbuilder::FWObject *obj, NamedObjectManager *named_obj_manager)
libfwbuilder::FWObject *obj, NamedObjectsManager *named_obj_manager)
throw(libfwbuilder::FWException);
};
}

4
src/cisco_lib/PolicyCompiler_cisco.cpp
View File

@ -26,7 +26,9 @@
#include "config.h"
#include "PolicyCompiler_cisco.h"
#include "NamedObjectsManager.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/RuleElement.h"
@ -817,7 +819,7 @@ string PolicyCompiler_cisco::printClearCommands()
return "";
}
void PolicyCompiler_cisco::setNamedObjectManager(NamedObjectManager *mgr)
void PolicyCompiler_cisco::setNamedObjectsManager(NamedObjectsManager *mgr)
{
named_objects_manager = mgr;
// initialize object groups support

4
src/cisco_lib/PolicyCompiler_cisco.h
View File

@ -494,7 +494,7 @@ protected:
protected:
Helper helper;
NamedObjectManager *named_objects_manager;
NamedObjectsManager *named_objects_manager;
virtual std::string myPlatformName();
@ -525,7 +525,7 @@ public:
*/
void regroup();
void setNamedObjectManager(NamedObjectManager *mgr);
void setNamedObjectsManager(NamedObjectsManager *mgr);
};

1
src/cisco_lib/PolicyCompiler_cisco_acls.cpp
View File

@ -27,6 +27,7 @@
#include "config.h"
#include "PolicyCompiler_cisco.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/RuleElement.h"

1
src/cisco_lib/PolicyCompiler_pix_writers.cpp
View File

@ -25,6 +25,7 @@
#include "PolicyCompiler_pix.h"
#include "PIXObjectGroup.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/Firewall.h"
#include "fwbuilder/AddressRange.h"

3
src/cisco_lib/RoutingCompiler_cisco.cpp
View File

@ -16,6 +16,7 @@
#include "RoutingCompiler_cisco.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManager.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/RuleElement.h"
@ -110,7 +111,7 @@ string RoutingCompiler_cisco::debugPrintRule(Rule *r)
return s;
}
void RoutingCompiler_cisco::setNamedObjectManager(NamedObjectManager *mgr)
void RoutingCompiler_cisco::setNamedObjectsManager(NamedObjectsManager *mgr)
{
named_objects_manager = mgr;
mgr->setWorkingObjectTree(dbcopy);

4
src/cisco_lib/RoutingCompiler_cisco.h
View File

@ -39,7 +39,7 @@ namespace fwcompiler
protected:
NamedObjectManager *named_objects_manager;
NamedObjectsManager *named_objects_manager;
/**
* prints rule in some universal format (close to that visible
@ -124,7 +124,7 @@ namespace fwcompiler
virtual int prolog();
virtual void compile();
void setNamedObjectManager(NamedObjectManager *mgr);
void setNamedObjectsManager(NamedObjectsManager *mgr);
};

2
src/cisco_lib/cisco_lib.pro
View File

@ -7,6 +7,7 @@ TEMPLATE = lib
SOURCES = PolicyCompiler_cisco.cpp \
PolicyCompiler_cisco_acls.cpp \
NamedObjectsAndGroupsSupport.cpp \
NamedObjectsManager.cpp \
NamedObjectsManagerIOS.cpp \
NamedObjectsManagerPIX.cpp \
RoutingCompiler_cisco.cpp \
@ -62,6 +63,7 @@ HEADERS = ../../config.h \
NamedObject.h \
ASA8TwiceNatLogic.h \
NamedObjectsAndGroupsSupport.h \
NamedObjectsManager.h \
NamedObjectsManagerIOS.h \
NamedObjectsManagerPIX.h \
NamedObjectsManagerASA8.h \