managedomain.java

sifi-0.1.6.tar.gz 出自http://www.ifi.unizh.ch/ikm/SINUS/firewall/ 一个linux的防火墙工具。

    // firewall templates
    // ------------------
    for (int i=Templates.startFirewall; i < Templates.startFirewall+Templates.numberFirewall; i++) {
      en = Firewalls.elements();
      r = null;
      while (en.hasMoreElements()) {
        h = (Host)en.nextElement();
        if (h.hostTemplates[i - Templates.startServer]) {
          if (r == null) {
            r = createRuleFromTemplate(i, 0);
            r.validFor = new boolean[numberOfFirewalls];
            for (int j=0; j < numberOfFirewalls; j++)
              r.validFor[j] = false;
          }
          r.validFor[Firewalls.indexOf(h)] = true;
        }
      }  
      if (r == null) // template not valid for any firewall
        deleteTemplateRule(i, 0);
    }

    // accept all from outside to outside
    en = Firewalls.elements();
    r = null;
    while (en.hasMoreElements()) {
      h = (Host)en.nextElement();
      if (h.transparent) {
        if (r == null) {
          r = createRuleFromTemplate(Templates.numberTotal - 1, 0);
          r.validFor = new boolean[numberOfFirewalls];
          for (int j=0; j < numberOfFirewalls; j++)
            r.validFor[j] = false;
        }
        r.validFor[Firewalls.indexOf(h)] = true;
      }
    }  
    if (r == null) // template not valid for any firewall
      deleteTemplateRule(Templates.numberTotal - 1, 0);

    autoconfValid = true;

  }

  /**
   * traverse graph and calculate level for each object;
   * this method is called recursively
   */
  private void traverse(ManageObject mo, corejava.LinkedList visitQueue) {
    Enumeration en = Topology.findNeighbors(mo);
    ManageObject neighbor;
    if (mo.level > maxlevel)
      maxlevel = mo.level;
    while (en.hasMoreElements()) {
      neighbor = (ManageObject)en.nextElement();
      if (neighbor.level == -1) { // not yet visited
        if (neighbor instanceof Host && ((Host)neighbor).isFirewall) {
          neighbor.level = mo.level + 1;
          visitQueue.append(neighbor);
        }
        else {
          neighbor.level = mo.level;
          traverse(neighbor, visitQueue);
        }
      }
    }
  }

  /**
   * Collect all addresses of subordinate objects in topology
   * @param f firewall to start with
   * @param actlevel level of f
   */
  private AddrList collect(ManageObject f, int actlevel) {
    AddrList retval = new AddrList();
    f.visited = true;
    
    if (!(f instanceof Host && 
          ((Host)f).isFirewall && 
          f.level > actlevel &&
          !((Host)f).transparent)) {
      Enumeration en = Topology.findNeighbors(f);
      ManageObject neighbor;
      while (en.hasMoreElements()) {
        neighbor = (ManageObject)en.nextElement();

        if ((neighbor.level == actlevel) ||
            (neighbor instanceof Host && 
             ((Host)neighbor).isFirewall && 
             neighbor.level > actlevel)) {

          if (!neighbor.visited) 
            retval.union(collect(neighbor, actlevel));
        }
      }
    }

    // host addresses must be included in addresses of attached networks
    if (f instanceof Host && ((Host)f).isFirewall && f.level > actlevel)
      retval.union(((Host)f).internalAddresses);
    if (f instanceof Net)
      retval.union(((Net)f).NetAddresses);

    return retval;
  }

  /**
   * Create a new rule from template and insert it into rules vector
   * @return new rule
   */
  private Rule createRuleFromTemplate(int ID, int sID) {
    Enumeration en = Rules.elements();
    Rule r, rnew;
    int lastAutoRule = -1;
    while (en.hasMoreElements()) {
      r = (Rule)en.nextElement();
      if (r.templateID == ID && r.subID == sID) { // replace rule
        rnew = new Rule(r, ID, sID);
        try {
          Rules.setElementAt(rnew, Rules.indexOf(r));
        }
        catch (ArrayIndexOutOfBoundsException e) {
          System.out.println(e);
        }
        return rnew;
      }
      if (r.templateID == ID && r.subID > sID) { // insert rule just before this rule
        rnew = new Rule(null, ID, sID);
        try {
          Rules.insertElementAt(rnew, Rules.indexOf(r));
        }
        catch (ArrayIndexOutOfBoundsException e) {
          System.out.println(e);
        }
        return rnew;
      }
      if (r.templateID > ID) { // insert rule after last template rule
        rnew = new Rule(null, ID, sID);
        try {
          Rules.insertElementAt(rnew, lastAutoRule+1);
        }
        catch (ArrayIndexOutOfBoundsException e) {
          System.out.println(e);
        }
        return rnew;
      }
      if (r.templateID != -1)
        lastAutoRule = Rules.indexOf(r);
    }
    rnew = new Rule(null, ID, sID);
    Rules.addElement(rnew);
    return rnew;
  }

  /**
   * Delete rule with given template ID from rules vector
   * @return true if rule deleted, false if rule not found
   */
  private boolean deleteTemplateRule(int ID, int sID) {
    Enumeration en = Rules.elements();
    Rule r;
    while (en.hasMoreElements()) {
      r = (Rule)en.nextElement();
      if (r.templateID == ID && r.subID == sID) {
        Rules.removeElement(r);
        return true;
      }
    }
    return false;
  }

  // construct macro containing the addresses of all firewalls
  private void constructFwAddr() {
    firewallAddresses = new AddrList();
    Enumeration en = Firewalls.elements();
    Host h;
    while (en.hasMoreElements()) {
      h = (Host)en.nextElement();
      firewallAddresses.union(h.HostAddresses);
    }
    replaceMacros(Macro.MACRO_FIREWALLS, firewallAddresses);
  }

  // replace all macros of special type with new macro
  private void replaceMacros(int special, AddrList repl) {
    Enumeration en = Macro.staticMacros.elements();
    Macro m;
    while (en.hasMoreElements()) {
      m = (Macro)en.nextElement();
      if (m.macroSpecial == special) 
        m.addresses = repl;
    }
  }


  /**
   * Save the complete configuration information to the output stream
   * @return true if successful, false if save failed
   */
  public boolean saveDomainConfig(PersistentOutputStream os) {
    try {
      os.writePersistent("ManageDomain=", this);
      return true;
    }
    catch (Exception e) {
			System.out.println("Exception in ManageDomain.saveDomainConfig: "+e);
      return false;
    }
  }


  /**
   * Load the configuration from a firewall
   * @param from firewall to load configuration from
   * @return ManageDomain object containing the configuration
   */
  public static ManageDomain loadDomainConfig(PersistentInputStream is) {
    try {
      ManageDomain md = (ManageDomain)is.readPersistent("ManageDomain=");
      is.close();

      if (md != null) { // load successful
        // set manage domain information in manage objects
        Enumeration en = md.Topology.getAllVertices();
        DragDropObj ddo;
        while (en.hasMoreElements()) {
          ddo = (DragDropObj)en.nextElement();
          if (ddo instanceof ManageObject)
            ((ManageObject)ddo).mgDomain = md;
        }

        // construct firewall address macros and configuration client macros
        md.constructFwAddr();
        md.replaceMacros(Macro.MACRO_CONFCLIENTS, md.configClients);
      }
      return md;
    }
    catch (Exception e) {
      if (Communicator.commError == Communicator.COMM_OK) {
        return new ManageDomain(); // file does not exist
      }
      else
        return null; // host is not reachable or other error
    }
  }
  // persistence methods
  /**
   * Write object data to a persistent output stream
   * @param ps Stream
   * @see PersistentOutputStream
   */
  public void write(PersistentOutputStream ps) {
    ps.writeString("Name=", DomainName);
    ps.writePersistent("Topology=", Topology);
    ps.writePersistentVector("Firewalls=", Firewalls);
    ps.writePersistentVector("Rules=", Rules);
    ps.writePersistentVector("NLevels=", NLevels);
    ps.writePersistentVector("Macros=", Macros);
    ps.writePersistent("Clients=", configClients);
    ps.writeInt("NumberOfTemplates=", generalTemplates.length);
    for (int i=0; i < generalTemplates.length; i++)
      ps.writeBoolean("Template=", generalTemplates[i]);
    ps.writeBoolean("autoconfValid=", autoconfValid);
    ps.writeString("Mail=", defaultMail);
  }

  /**
   * Read object data from a persistent input stream
   * @param ps Stream
   * @see PersistentInputStream
   */
  public void read(PersistentInputStream ps) throws java.io.IOException {
    DomainName = ps.readString("Name=");
    Topology = (Graph)ps.readPersistent("Topology=");
    Firewalls = ps.readPersistentVector("Firewalls=");
    Rules = ps.readPersistentVector("Rules=");
    NLevels = ps.readPersistentVector("NLevels=");
    Macros = ps.readPersistentVector("Macros=");
    configClients = (AddrList)ps.readPersistent("Clients=");
    int tlen = ps.readInt("NumberOfTemplates=");
    boolean btmp[] = new boolean[tlen];
    for (int i=0; i < tlen; i++)
      btmp[i] = ps.readBoolean("Template=");
    if (tlen == Templates.numberGeneral)
      generalTemplates = btmp;
    autoconfValid = ps.readBoolean("autoconfValid=");
    defaultMail = ps.readString("Mail=");
 }
	
            String DomainName = new String();		// name
  protected Vector Firewalls;				// all firewalls
  protected Vector Rules = new Vector(20, 10);		// configuration rules
  protected Vector NLevels = new Vector(20, 10);	// notification levels
  protected Vector Macros = new Vector(20, 10);		// address and service macros
  protected boolean generalTemplates[];			// templates valid
  protected boolean autoconfValid = false;		// no topology changes since last autoconfiguration
  protected AddrList configClients = new AddrList(); 	// addresses of configuration clients
  protected String defaultMail = new String("root"); 	// default mail addresses

  protected transient AddrList firewallAddresses	// addresses of all firewalls
                                 = new AddrList(); 				
  protected transient boolean changed = false; 		// data changed since last save ?
  private Graph Topology;				// network topology
  private transient int maxlevel;

}