void ParseAccessListLinesIntoGroups(ParserArgs args)
{
var aclCollections = new List <AccessListCollection>();
int sequence = 0;
foreach (var line in args.Lines)
{
var split = line.Trim().Split(new[] { " " }, StringSplitOptions.RemoveEmptyEntries);
var name = split[1];
var stringType = split[2];
var stringPermission = split[3];
var originalName = string.Join(" ", AccessList.AccessListTag, name);
var collection = aclCollections.Where(x => x.Name == name).FirstOrDefault();
var accessList = new AccessList()
{
Name = name,
OriginalName = originalName,
Sequence = sequence++,
Permission = FindAccessListPermission(stringPermission),
LinesToProcess = split.Skip(3)
};
try
{
accessList.Type = FindAccessListType(stringType);
}
catch (Exception)
{
if (args.Results.CompletionSeverity != ResultSeverity.Errors)
{
args.Results.CompletionSeverity = ResultSeverity.Warnings;
}
var message = string.Join(Environment.NewLine,
string.Format("Unknown ACL Type '{0}' for Access-list '{1}'", stringType, name),
string.Format("Affected line in configuration (Line# {0} in access List section): {1}", sequence, line),
"This line will be skipped.");
args.Results.Messages.Add(message);
continue;
}
if (collection != null)
{
collection.AccessLists.Add(accessList);
}
else
{
collection = new AccessListCollection()
{
Name = name,
OriginalName = originalName
};
collection.AccessLists.Add(accessList);
aclCollections.Add(collection);
}
}
args.Results.AccessListResults.AddRange(aclCollections);
}
void ParseAccessListByType(ParserArgs args, AccessList acl)
{
switch (acl.Type)
{
case AccessListType.Standard:
ParseStandardAccesList(acl, args);
break;
case AccessListType.Extended:
ParseExtendedAccessList(acl, args);
break;
case AccessListType.Remark:
ParseRemarksAccessList(acl, args);
break;
default:
break;
}
if (acl.HasAliases)
{
if (acl.SourceIPGroup.HasAlias)
{
AddIPAddressToIPGroup(acl.SourceIPGroup, args, acl.Comments);
}
if (acl.DestinationIPGroup.HasAlias)
{
AddIPAddressToIPGroup(acl.DestinationIPGroup, args, acl.Comments);
}
}
}
void MicroManageExtendedAccessList(AccessList acl, List <string> lines)
{
acl.SourceType = acl.Protocol;
acl.Protocol = null;
acl.SourceIPGroup.IPAlias = lines[1];
if (lines[2].StartsWith(AccessList.ObjectTag))
{
acl.DestinationType = lines[2];
acl.DestinationIPGroup.IPAlias = lines[3];
if (lines.Count > 4)
{
acl.DestinationIPGroup.Port1 = lines[4];
}
}
else if (lines[2].StartsWith(AccessList.IpWildCardPrefix) &&
lines.Count == 4)
{
acl.SourceIPGroup.IPWildCard = lines[2];
acl.DestinationIPGroup.IPWildCard = lines[3];
}
else if (lines[2].StartsWith(AccessList.IpWildCardPrefix))
{
acl.SourceIPGroup.IPWildCard = lines[2];
acl.DestinationType = lines[3];
acl.DestinationIPGroup.IPAlias = lines[4];
}
if (lines.Count > 5)
{
acl.DestinationIPGroup.Port1 = lines[5];
}
return;
}
void ParseStandardAccesList(AccessList acl, ParserArgs parseArgs)
{
foreach (var line in acl.LinesToProcess.Skip(1))
{
IPAddress address;
if (line == AccessList.HostTag)
{
acl.SourceType = AccessList.HostTag;
}
else if (IPAddress.TryParse(line, out address))
{
if (acl.SourceIPGroup.IPAddress == null)
{
acl.SourceIPGroup.IP = address;
}
else if (acl.SourceIPGroup.Subnet == null)
{
acl.SourceType = AccessList.SubnetTag;
acl.SourceIPGroup.Subnet = address;
}
}
else
{
//TOOD: Figure out if there are other conditions I should be aware of...
if (line == AccessList.HostTag)
{
continue;
}
else if (string.IsNullOrEmpty(acl.SourceIPGroup.IPWildCard))
{
acl.SourceIPGroup.IPWildCard = line;
}
}
}
}
void ParseRemarksAccessList(AccessList acl, ParserArgs parseArgs)
{
var value = string.Join(" ", acl.LinesToProcess);
acl.Comments.Append(string.Format("\"{0}\"", value));
}
void ParseExtendedAccessList(AccessList acl, ParserArgs parseArgs)
{
//access-list outside_cryptomap_8 extended permit ip 10.251.27.0 255.255.255.0 host 10.42.8.233
//access-list OpenSys_access_in extended deny ip any4 object DMZ-LAN
//access-list mgmtzone_access_in extended permit udp object HPS_TP_PROD_LAN object-group HPS_remote_offices
var lines = acl.LinesToProcess.Skip(1).ToList();
acl.Protocol = lines[0];
int sequence = 0;
var stepArgs = new AccessListStepArgs()
{
Acl = acl
};
//access-list inside_access_in extended permit object-group HPSNETMON_GRP object HPSNetMon1 any4
//access-list inside_access_in extended permit object-group client_to_mgmtzone_services any object mgmtzone_servers
if (acl.Protocol.StartsWith(AccessList.ObjectTag))
{
MicroManageExtendedAccessList(acl, lines);
return;
}
foreach (var line in lines.Skip(1))
{
stepArgs.Line = line;
IPAddress ip = null;
if (stepArgs.CollectionType != AccessListStepType.None)
{
ParseAccessListStepByCollectionType(stepArgs, parseArgs);
}
else if (GetIPAddress(line, out ip))
{
if (!acl.SourceIPGroup.HasMinimumIPCriteria)
{
acl.SourceIPGroup.IP = ip;
acl.SourceType = AccessList.SubnetTag;
stepArgs.CollectionType = AccessListStepType.SourceSubnet;
}
else if (!acl.DestinationIPGroup.HasMinimumIPCriteria)
{
acl.DestinationIPGroup.IP = ip;
acl.DestinationType = AccessList.SubnetTag;
stepArgs.CollectionType = AccessListStepType.DestinationSubnet;
}
}
else if (line.StartsWith(AccessList.ObjectTag))
{
if (sequence == 0)
{
acl.SourceType = line;
stepArgs.CollectionType = AccessListStepType.SourceAlias;
}
else
{
acl.DestinationType = line;
stepArgs.CollectionType = AccessListStepType.DestinationAlias;
}
}
else if (line == AccessList.HostTag)
{
if (!acl.SourceIPGroup.HasMinimumIPCriteria)
{
acl.SourceType = line;
stepArgs.CollectionType = AccessListStepType.SourceIPAddress;
}
else
{
acl.DestinationType = line;
stepArgs.CollectionType = AccessListStepType.DestinationIPAddress;
}
}
else if (line.StartsWith(AccessList.IpWildCardPrefix))
{
if (sequence == 0)
{
acl.SourceIPGroup.IPWildCard = line;
}
else
{
acl.DestinationIPGroup.IPWildCard = line;
}
}
else if (AccessList.MatchConditionSymbol.ToList().Any(x => x == line.Trim()))
{
acl.PortMatchType = line;
bool source = false;
if (sequence <= 1 && !string.IsNullOrEmpty(acl.SourceIPGroup.IPWildCard))
{
source = true;
}
else if (acl.SourceIPGroup.IPWildCard == acl.DestinationIPGroup.IPWildCard)
{
source = false;
}
else if (sequence <= 2 && acl.SourceIPGroup.HasMinimumIPCriteria)
{
source = true;
}
else
{
source = false;
}
if (source)
{
if (line == AccessList.PortRangeTag)
{
stepArgs.CollectionType = AccessListStepType.SourceRange1;
}
else
{
stepArgs.CollectionType = AccessListStepType.SourcePort;
}
}
else
{
if (line == AccessList.PortRangeTag)
{
stepArgs.CollectionType = AccessListStepType.DestinationRange1;
}
else
{
stepArgs.CollectionType = AccessListStepType.DestinationPort;
}
}
}
else if (line.Contains(AccessList.HitCountPrefix))
{
acl.HitCount = line.Replace("(", null)
.Replace(")", null)
.Split(new[] { "=" }, StringSplitOptions.RemoveEmptyEntries)
.Last();
}
else
{
stepArgs.CollectionType = AccessListStepType.DestinationPort;
}
sequence++;
}
}
