see #2263 do not generate object-group service statements with references to named objects

doc/ChangeLog

@@ -1,5 +1,27 @@
 2011-03-24  vadim  <vadim@netcitadel.com>
 
+	* ASA8ObjectGroup.cpp: see #2263 looks like "object-group service"
+	that includes named objects defined as "service-object" can not be
+	used in access-list commands and therefore is useless. Unless I
+	misunderstood and there is a way to use it, I should not generate
+	ASA configuration like this:
+
+        object-group service id5102X14531.srv.tcp.0 tcp
+          service-object object http.0
+          service-object object https.0
+
+	Object-group with "tcp" or "udp" type-suffix in the end does not
+	allow "service-object" statements at all, so this configuration
+	is incorrect anyway. However even without "tcp" in the end to
+	make "service-object" references acceptable, the group can be built
+	but can not be used in access-list statements.
+
+	Instead, the group should use port-object statements:
+
+	object-group service id5102X14531.srv.tcp.0 tcp
+	  port-object eq 80
+	  port-object eq 443
+
 	* IOSImporter.cpp (createTCPUDPServicePair): see #2267 added
 	support for import of object-group and service-object statements
 	of type "tcp-udp" (these get imported as service group object with

src/cisco_lib/ASA8ObjectGroup.cpp

@@ -48,21 +48,40 @@ using namespace fwcompiler;
 const char *ASA8ObjectGroup::TYPENAME={"ASA8ObjectGroup"};
 
 
+/*
+ * see #2263. It looks like "object-group service" that includes named
+ * objects defined as "service-object" can not be used in access-list
+ * commands and therefore is useless.  Unless I misunderstood and
+ * there is a way to use it, I should not generate ASA configuration
+ * like this:
+ *
+ * object-group service id5102X14531.srv.tcp.0 tcp
+ *   service-object object http.0
+ *   service-object object https.0
+ * exit
+ *
+ *
+ */
+
 QString ASA8ObjectGroup::groupMemberToString(
     FWObject *obj, NamedObjectsManager *named_objects_manager)
     throw(libfwbuilder::FWException)
 {
-    NamedObject *named_object =
-        named_objects_manager->named_objects[obj->getId()];
-
-    if (named_object)
+    if (this->getObjectGroupType() == NETWORK)
     {
-        return named_object->getCommandWhenObjectGroupMember();
+        NamedObject *named_object =
+            named_objects_manager->named_objects[obj->getId()];
+
+        if (named_object)
+        {
+            return named_object->getCommandWhenObjectGroupMember();
+        }
     }
-        
+
     return PIXObjectGroup::groupMemberToString(obj, named_objects_manager);
 }
 
+
 string ASA8ObjectGroup::getObjectGroupClass()
 {
     switch (this->getObjectGroupType()) 

src/cisco_lib/ASA8ObjectGroup.h

@@ -39,8 +39,6 @@ public:
         DECLARE_FWOBJECT_SUBTYPE(ASA8ObjectGroup);
 
         virtual std::string getObjectGroupClass();
-        //virtual std::string getObjectGroupHeader();
-        //virtual std::string getSrvTypeName();
 
         virtual QString groupMemberToString(
             libfwbuilder::FWObject *obj, NamedObjectsManager *named_obj_manager)

src/cisco_lib/NamedObjectsAndGroupsSupport.cpp

@@ -147,10 +147,7 @@ void CreateObjectGroups::packObjects(RuleElement *re, BaseObjectGroup *obj_group
 {
     for (FWObject::iterator i1=re->begin(); i1!=re->end(); ++i1) 
     {
-        FWObject *o = *i1;
-        FWObject *obj = o;
-        if (FWReference::cast(o)!=NULL)
-            obj = FWReference::cast(o)->getPointer();
+        FWObject *obj = FWReference::getObject(*i1);
         obj_group->addRef(obj);
     }
     re->clearChildren(false); //do not want to destroy children objects