[pyi2ncommon] / src / cnfvar / templates.py

# The software in this package is distributed under the GNU General
# Public License version 2 (with a special exception described below).
#
# A copy of GNU General Public License (GPL) is included in this distribution,
# in the file COPYING.GPL.
#
# As a special exception, if other files instantiate templates or use macros
# or inline functions from this file, or you compile this file and link it
# with other works to produce a work based on this file, this file
# does not by itself cause the resulting work to be covered
# by the GNU General Public License.
#
# However the source code for this file must still be made available
# in accordance with section (3) of the GNU General Public License.
#
# This exception does not invalidate any other reasons why a work based
# on this file might be covered by the GNU General Public License.
#
# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>

"""
Module for one-step dynamic cnfvar generation from default value templates.

.. codeauthor:: Intra2net

These templates contain the bare defaults the UI adds upon
creation of each major and frequently used cnfvar.
"""

import time
import logging

# custom imports
from .model import Cnf, CnfList


log = logging.getLogger('pyi2ncommon.cnfvar.templates')


###############################################################################
# MAJOR CNF DEFAULTS
###############################################################################


#: UI defaults for a user instance
user_defaults = {
    "USER_DISABLED": "0",
    "USER_FULLNAME": "",
    "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
    "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
    "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
    "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
    "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
    "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
    "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
    # always a member of the 'Alle' group
    "USER_GROUP_MEMBER_REF": "2",
    "USER_LOCALE": "",
    "USER_PASSWORD": "",
    "USER_TRASH_DELETEDAYS": "30",
    "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
    "USER_WEBMAIL_SIGNATURE": "",
}
#: UI defaults for a group instance
group_defaults = {
    "GROUP_COMMENT": "",
    "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
    "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
    "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
    "GROUP_PROXY_PROFILE_REF": "1",
}
#: UI defaults for an intraclient instance
intraclient_defaults = {
    "INTRACLIENT_COMMENT": "",
    "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
    "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
    "INTRACLIENT_FIREWALL_RULESET_REF": "5",
    "INTRACLIENT_IP": "",
    "INTRACLIENT_MAC": "",
    "INTRACLIENT_PROXY_PROFILE_REF": "-1",
}
#: UI defaults for a NIC instance
nic_defaults = {
    "NIC_COMMENT": "",
    "NIC_DRIVER": "",
    "NIC_MAC": "",
    "NIC_TYPE": "UNUSED",
}
#: UI defaults for a provider instance
provider_defaults = {
    "PROVIDER_PROXY_SERVER": "",
    "PROVIDER_PROXY_PORT": "",
    "PROVIDER_PROXY_PASSWORD": "",
    "PROVIDER_PROXY_LOGIN": "",
    "PROVIDER_NIC_REF": "1",
    "PROVIDER_NETMASK": "255.255.0.0",
    "PROVIDER_MTU_SIZE": "1500",
    "PROVIDER_MODE": "ROUTER",
    "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
    "PROVIDER_LOCALIP": "",
    "PROVIDER_IP": "",
    "PROVIDER_FIREWALL_RULESET_REF": "7",
    "PROVIDER_FALLBACK_TIMEOUT": "60",
    "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
    "PROVIDER_EMAIL_RELAY_REF": "-1",
    "PROVIDER_DYNDNS_WEBCHECKIP": "0",
    "PROVIDER_DYNDNS_ENABLE": "1",
    "PROVIDER_DNS_MODE": "ROOT",
    "PROVIDER_DNS": "",
    "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
    "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
    "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
    "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
}
#: UI defaults for a port forwarding instance
port_forwarding_defaults = {
    "PORT_FORWARDING_DST_IP_REF": "1",
    "PORT_FORWARDING_DST_PORT": "",
    "PORT_FORWARDING_DST_PORT_END": "",
    "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
    "PORT_FORWARDING_SRC_PORT": "",
    "PORT_FORWARDING_SRC_PORT_END": "",
}
#: UI defaults for a firewall ruleset instance
firewall_ruleset_defaults = {
    "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
}
#: UI defaults for a proxy accesslist instance
proxy_accesslist_defaults = {
    "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
    "PROXY_ACCESSLIST_MODE": "1",
    "PROXY_ACCESSLIST_SIZETYPE": "1",
    "PROXY_ACCESSLIST_TYPE": "0",
}
#: UI defaults for a key instance
key_own_defaults = {
    "KEY_OWN_FINGERPRINT_MD5": "",
    "KEY_OWN_FINGERPRINT_SHA1": "",
    "KEY_OWN_ID_X509": "CN=net.lan",
    "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
    "KEY_OWN_KEYSIZE": "2048",
    "KEY_OWN_HASH_ALGO": "SHA2_256",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_REQUEST": "<CREATE_HACK>",
    "KEY_OWN_SUBJECT": "CN=net.lan",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDFROM": "00001122T445566",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDTILL": "99991122T445566",
    "KEY_OWN_TYPE": "SELF",
    # the ones bellow should be set when using 'generate' to create the key
    "KEY_OWN_CREATE_CN": "",
    "KEY_OWN_CREATE_EMAIL": ""
}
#: UI defaults for a VPN connection instance
vpnconn_defaults = {
    "VPNCONN_ACTIVATION": "ALWAYS",
    "VPNCONN_DISABLED": "0",
    "VPNCONN_DNS_RELAYING_ALLOWED": "1",
    "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
    "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
    "VPNCONN_FIREWALL_RULESET_REF": "5",
    "VPNCONN_IKE_VERSION": "1",
    "VPNCONN_KEY_FOREIGN_REF": "1",
    "VPNCONN_KEY_OWN_REF": "1",
    "VPNCONN_KEY_TYPE": "PUBLIC",
    "VPNCONN_LAN_NAT_IP": "",
    "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
    "VPNCONN_LAN_NAT_NETWORK": "",
    "VPNCONN_LAN_NIC_REF": "2",
    "VPNCONN_LAN_NET": "",
    "VPNCONN_LAN_NETMASK": "255.255.0.0",
    "VPNCONN_LAN_TYPE": "NIC",
    "VPNCONN_LIFETIME_IKE": "480",
    "VPNCONN_LIFETIME_IPSECSA": "60",
    "VPNCONN_OFFLINE_DETECTION_SEC": "60",
    "VPNCONN_PEER_DNS": "",
    "VPNCONN_PEER_IP": "",
    "VPNCONN_PEER_TYPE": "IP",
    "VPNCONN_PROTO": "IPSEC",
    "VPNCONN_PROXY_PROFILE_REF": "-2",
    "VPNCONN_PSK": "",
    "VPNCONN_PSK_FOREIGN_ID": "",
    "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
    "VPNCONN_PSK_OWN_ID": "",
    "VPNCONN_PSK_OWN_ID_TYPE": "IP",
    "VPNCONN_REMOTE_INET_NAT": "1",
    "VPNCONN_REMOTE_MODECONFIG_IP": "",
    "VPNCONN_REMOTE_NAT_ENABLE": "0",
    "VPNCONN_REMOTE_NAT_NETWORK": "",
    "VPNCONN_REMOTE_NET": "",
    "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
    "VPNCONN_REMOTE_TYPE": "CUSTOM",
    "VPNCONN_RETRIES": "3",
    "VPNCONN_SECURED": "ESP",
    "VPNCONN_XAUTH_SERVER_ENABLE": "0"
}


###############################################################################
# MINOR CONFIGURATION
###############################################################################


def template(name, value, instance=-1, defaults=None, **kwargs):
    """
    Generate a template cnf variable from provided defaults.

    :param str name: cnf variable name
    :param str value: cnf variable data value
    :param int instance: cnf variable instance number
    :param defaults: default child variables to populate the cnf variable with
    :type defaults: {str, str or {}} or None
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`

    All additional keyword arguments will be used to overwrite the defaults.
    """
    log.info(f"Generating a template {name} cnfvar")
    cnf = Cnf(name, value=value, instance=instance)
    defaults = {} if defaults is None else defaults
    cnf.add_children(*[(key, value) for key, value in defaults.items()])
    for key in kwargs.keys():
        cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
    return cnf


def user(name, instance=-1, **kwargs):
    """
    Generate a user cnf variable.

    :param str name: username for the user
    :param int instance: instance number for the user
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a user {name} cnfvar")
    user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
    user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
    return user_cnf


def group(name, instance=-1, **kwargs):
    """
    Generate a group cnf variable.

    :param str name: name for the group
    :param int instance: instance number for the group
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a group {name} cnfvar")
    group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
    return group_cnf


def nic(name, instance=-1, **kwargs):
    """
    Generate a nic cnf variable.

    :param str name: tag or comment for the nic describing its use
    :param int instance: instance number for the nic
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a nic cnfvar")
    nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
    nic_cnf.children.single_with_name("nic_comment").value = name
    if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
        nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
        nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
        nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_nat_into", "0")
        nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
        nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
    return nic_cnf


def intraclient(name, instance=-1, **kwargs):
    """
    Generate an intraclient cnf variable.

    :param str name: name for the intraclient
    :param int instance: instance number for the intraclient
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an intraclient {name} cnfvar")
    intraclient_cnf = template("intraclient", name, instance=instance,
                               defaults=intraclient_defaults, **kwargs)
    return intraclient_cnf


def provider(name, instance=-1, **kwargs):
    """
    Generate a provider cnf variable.

    :param str name: name for the provider
    :param int instance: instance number for the provider
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a provider {name} cnfvar")
    provider_cnf = template("provider", name, instance=instance,
                            defaults=provider_defaults, **kwargs)
    # the validation of the LOCALIP will not be ignored despite choosing a different mode
    if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
        provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
        provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
    if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
    if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
    return provider_cnf


def port_forwarding(name, instance=-1, **kwargs):
    """
    Generate a port forwarding cnf variable.

    :param str name: name for the port forwarding mapping
    :param int instance: instance number for the port forwarding mapping
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a port forwarding {name} cnfvar")
    port_forwarding_cnf = template("port_forwarding", name, instance=instance,
                                   defaults=port_forwarding_defaults, **kwargs)
    if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
        port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
    return port_forwarding_cnf


def firewall_ruleset(name, instance=-1, **kwargs):
    """
    Generate a firewall ruleset cnf variable.

    :param str name: name for the firewall ruleset
    :param int instance: instance number for the firewall ruleset
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a firewall ruleset {name} cnfvar")
    firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
                                    defaults=firewall_ruleset_defaults, **kwargs)
    return firewall_ruleset_cnf


def proxy_accesslist(name, instance=-1, **kwargs):
    """
    Generate a proxy accesslist cnf variable.

    :param str name: name for the proxy accesslist
    :param int instance: instance number for the proxy accesslist
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a proxy accesslist {name} cnfvar")
    proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
                                    defaults=proxy_accesslist_defaults, **kwargs)
    return proxy_accesslist_cnf


def key_own(name, instance=-1, **kwargs):
    """
    Generate an own key cnf variable.

    :param str name: name for the own key
    :param int instance: instance number for the own key
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an own key {name} cnfvar")
    key_own_cnf = template("key_own", name, instance=instance,
                           defaults=key_own_defaults, **kwargs)
    return key_own_cnf


def vpnconn(name, instance=-1, **kwargs):
    """
    Generate a vpn connection cnf variable.

    :param str name: name for the vpn connection
    :param int instance: instance number for the vpn connection
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a vpn connection {name} cnfvar")
    vpnconn_cnf = template("vpnconn", name, instance=instance,
                           defaults=vpnconn_defaults, **kwargs)
    if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
    return vpnconn_cnf
Commit	Line	Data
	1	# The software in this package is distributed under the GNU General
	2	# Public License version 2 (with a special exception described below).
	3	#
	4	# A copy of GNU General Public License (GPL) is included in this distribution,
	5	# in the file COPYING.GPL.
	6	#
	7	# As a special exception, if other files instantiate templates or use macros
	8	# or inline functions from this file, or you compile this file and link it
	9	# with other works to produce a work based on this file, this file
	10	# does not by itself cause the resulting work to be covered
	11	# by the GNU General Public License.
	12	#
	13	# However the source code for this file must still be made available
	14	# in accordance with section (3) of the GNU General Public License.
	15	#
	16	# This exception does not invalidate any other reasons why a work based
	17	# on this file might be covered by the GNU General Public License.
	18	#
	19	# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
	20
	21	"""
	22	Module for one-step dynamic cnfvar generation from default value templates.
	23
	24	.. codeauthor:: Intra2net
	25
	26	These templates contain the bare defaults the UI adds upon
	27	creation of each major and frequently used cnfvar.
	28	"""
	29
	30	import time
	31	import logging
	32
	33	# custom imports
	34	from .model import Cnf, CnfList
	35
	36
	37	log = logging.getLogger('pyi2ncommon.cnfvar.templates')
	38
	39
	40	###############################################################################
	41	# MAJOR CNF DEFAULTS
	42	###############################################################################
	43
	44
	45	#: UI defaults for a user instance
	46	user_defaults = {
	47	"USER_DISABLED": "0",
	48	"USER_FULLNAME": "",
	49	"USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
	50	"USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
	51	"USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
	52	"USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
	53	"USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
	54	"USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
	55	"USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
	56	# always a member of the 'Alle' group
	57	"USER_GROUP_MEMBER_REF": "2",
	58	"USER_LOCALE": "",
	59	"USER_PASSWORD": "",
	60	"USER_TRASH_DELETEDAYS": "30",
	61	"USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
	62	"USER_WEBMAIL_SIGNATURE": "",
	63	}
	64	#: UI defaults for a group instance
	65	group_defaults = {
	66	"GROUP_COMMENT": "",
	67	"GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
	68	"GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
	69	"GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
	70	"GROUP_PROXY_PROFILE_REF": "1",
	71	}
	72	#: UI defaults for an intraclient instance
	73	intraclient_defaults = {
	74	"INTRACLIENT_COMMENT": "",
	75	"INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
	76	"INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
	77	"INTRACLIENT_FIREWALL_RULESET_REF": "5",
	78	"INTRACLIENT_IP": "",
	79	"INTRACLIENT_MAC": "",
	80	"INTRACLIENT_PROXY_PROFILE_REF": "-1",
	81	}
	82	#: UI defaults for a NIC instance
	83	nic_defaults = {
	84	"NIC_COMMENT": "",
	85	"NIC_DRIVER": "",
	86	"NIC_MAC": "",
	87	"NIC_TYPE": "UNUSED",
	88	}
	89	#: UI defaults for a provider instance
	90	provider_defaults = {
	91	"PROVIDER_PROXY_SERVER": "",
	92	"PROVIDER_PROXY_PORT": "",
	93	"PROVIDER_PROXY_PASSWORD": "",
	94	"PROVIDER_PROXY_LOGIN": "",
	95	"PROVIDER_NIC_REF": "1",
	96	"PROVIDER_NETMASK": "255.255.0.0",
	97	"PROVIDER_MTU_SIZE": "1500",
	98	"PROVIDER_MODE": "ROUTER",
	99	"PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
	100	"PROVIDER_LOCALIP": "",
	101	"PROVIDER_IP": "",
	102	"PROVIDER_FIREWALL_RULESET_REF": "7",
	103	"PROVIDER_FALLBACK_TIMEOUT": "60",
	104	"PROVIDER_FALLBACK_PROVIDER_REF": "-1",
	105	"PROVIDER_EMAIL_RELAY_REF": "-1",
	106	"PROVIDER_DYNDNS_WEBCHECKIP": "0",
	107	"PROVIDER_DYNDNS_ENABLE": "1",
	108	"PROVIDER_DNS_MODE": "ROOT",
	109	"PROVIDER_DNS": "",
	110	"PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
	111	"PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
	112	"PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
	113	"PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
	114	}
	115	#: UI defaults for a port forwarding instance
	116	port_forwarding_defaults = {
	117	"PORT_FORWARDING_DST_IP_REF": "1",
	118	"PORT_FORWARDING_DST_PORT": "",
	119	"PORT_FORWARDING_DST_PORT_END": "",
	120	"PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
	121	"PORT_FORWARDING_SRC_PORT": "",
	122	"PORT_FORWARDING_SRC_PORT_END": "",
	123	}
	124	#: UI defaults for a firewall ruleset instance
	125	firewall_ruleset_defaults = {
	126	"FIREWALL_RULESET_PROFILE_TYPE": "FULL",
	127	}
	128	#: UI defaults for a proxy accesslist instance
	129	proxy_accesslist_defaults = {
	130	"PROXY_ACCESSLIST_ENTRY_COUNT": "123",
	131	"PROXY_ACCESSLIST_MODE": "1",
	132	"PROXY_ACCESSLIST_SIZETYPE": "1",
	133	"PROXY_ACCESSLIST_TYPE": "0",
	134	}
	135	#: UI defaults for a key instance
	136	key_own_defaults = {
	137	"KEY_OWN_FINGERPRINT_MD5": "",
	138	"KEY_OWN_FINGERPRINT_SHA1": "",
	139	"KEY_OWN_ID_X509": "CN=net.lan",
	140	"KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
	141	"KEY_OWN_KEYSIZE": "2048",
	142	"KEY_OWN_HASH_ALGO": "SHA2_256",
	143	# TODO: the key own creation is currently too hacky for better sanitized defaults
	144	"KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
	145	# TODO: the key own creation is currently too hacky for better sanitized defaults
	146	"KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
	147	# TODO: the key own creation is currently too hacky for better sanitized defaults
	148	"KEY_OWN_REQUEST": "<CREATE_HACK>",
	149	"KEY_OWN_SUBJECT": "CN=net.lan",
	150	# TODO: the key own creation is currently too hacky for better sanitized defaults
	151	"KEY_OWN_VALIDFROM": "00001122T445566",
	152	# TODO: the key own creation is currently too hacky for better sanitized defaults
	153	"KEY_OWN_VALIDTILL": "99991122T445566",
	154	"KEY_OWN_TYPE": "SELF",
	155	# the ones bellow should be set when using 'generate' to create the key
	156	"KEY_OWN_CREATE_CN": "",
	157	"KEY_OWN_CREATE_EMAIL": ""
	158	}
	159	#: UI defaults for a VPN connection instance
	160	vpnconn_defaults = {
	161	"VPNCONN_ACTIVATION": "ALWAYS",
	162	"VPNCONN_DISABLED": "0",
	163	"VPNCONN_DNS_RELAYING_ALLOWED": "1",
	164	"VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
	165	"VPNCONN_ENCRYPTION_PROFILE_REF": "0",
	166	"VPNCONN_FIREWALL_RULESET_REF": "5",
	167	"VPNCONN_IKE_VERSION": "1",
	168	"VPNCONN_KEY_FOREIGN_REF": "1",
	169	"VPNCONN_KEY_OWN_REF": "1",
	170	"VPNCONN_KEY_TYPE": "PUBLIC",
	171	"VPNCONN_LAN_NAT_IP": "",
	172	"VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
	173	"VPNCONN_LAN_NAT_NETWORK": "",
	174	"VPNCONN_LAN_NIC_REF": "2",
	175	"VPNCONN_LAN_NET": "",
	176	"VPNCONN_LAN_NETMASK": "255.255.0.0",
	177	"VPNCONN_LAN_TYPE": "NIC",
	178	"VPNCONN_LIFETIME_IKE": "480",
	179	"VPNCONN_LIFETIME_IPSECSA": "60",
	180	"VPNCONN_OFFLINE_DETECTION_SEC": "60",
	181	"VPNCONN_PEER_DNS": "",
	182	"VPNCONN_PEER_IP": "",
	183	"VPNCONN_PEER_TYPE": "IP",
	184	"VPNCONN_PROTO": "IPSEC",
	185	"VPNCONN_PROXY_PROFILE_REF": "-2",
	186	"VPNCONN_PSK": "",
	187	"VPNCONN_PSK_FOREIGN_ID": "",
	188	"VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
	189	"VPNCONN_PSK_OWN_ID": "",
	190	"VPNCONN_PSK_OWN_ID_TYPE": "IP",
	191	"VPNCONN_REMOTE_INET_NAT": "1",
	192	"VPNCONN_REMOTE_MODECONFIG_IP": "",
	193	"VPNCONN_REMOTE_NAT_ENABLE": "0",
	194	"VPNCONN_REMOTE_NAT_NETWORK": "",
	195	"VPNCONN_REMOTE_NET": "",
	196	"VPNCONN_REMOTE_NETMASK": "255.255.0.0",
	197	"VPNCONN_REMOTE_TYPE": "CUSTOM",
	198	"VPNCONN_RETRIES": "3",
	199	"VPNCONN_SECURED": "ESP",
	200	"VPNCONN_XAUTH_SERVER_ENABLE": "0"
	201	}
	202
	203
	204	###############################################################################
	205	# MINOR CONFIGURATION
	206	###############################################################################
	207
	208
	209	def template(name, value, instance=-1, defaults=None, **kwargs):
	210	"""
	211	Generate a template cnf variable from provided defaults.
	212
	213	:param str name: cnf variable name
	214	:param str value: cnf variable data value
	215	:param int instance: cnf variable instance number
	216	:param defaults: default child variables to populate the cnf variable with
	217	:type defaults: {str, str or {}} or None
	218	:returns: generated cnf variable
	219	:rtype: :py:class:`Cnf`
	220
	221	All additional keyword arguments will be used to overwrite the defaults.
	222	"""
	223	log.info(f"Generating a template {name} cnfvar")
	224	cnf = Cnf(name, value=value, instance=instance)
	225	defaults = {} if defaults is None else defaults
	226	cnf.add_children(*[(key, value) for key, value in defaults.items()])
	227	for key in kwargs.keys():
	228	cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
	229	return cnf
	230
	231
	232	def user(name, instance=-1, **kwargs):
	233	"""
	234	Generate a user cnf variable.
	235
	236	:param str name: username for the user
	237	:param int instance: instance number for the user
	238	:returns: generated cnf variable
	239	:rtype: :py:class:`Cnf`
	240	"""
	241	log.info(f"Generating a user {name} cnfvar")
	242	user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
	243	user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
	244	return user_cnf
	245
	246
	247	def group(name, instance=-1, **kwargs):
	248	"""
	249	Generate a group cnf variable.
	250
	251	:param str name: name for the group
	252	:param int instance: instance number for the group
	253	:returns: generated cnf variable
	254	:rtype: :py:class:`Cnf`
	255	"""
	256	log.info(f"Generating a group {name} cnfvar")
	257	group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
	258	return group_cnf
	259
	260
	261	def nic(name, instance=-1, **kwargs):
	262	"""
	263	Generate a nic cnf variable.
	264
	265	:param str name: tag or comment for the nic describing its use
	266	:param int instance: instance number for the nic
	267	:returns: generated cnf variable
	268	:rtype: :py:class:`Cnf`
	269	"""
	270	log.info(f"Generating a nic cnfvar")
	271	nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
	272	nic_cnf.children.single_with_name("nic_comment").value = name
	273	if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
	274	nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
	275	nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
	276	nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
	277	nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
	278	nic_cnf.add_child("nic_lan_nat_into", "0")
	279	nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
	280	nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
	281	return nic_cnf
	282
	283
	284	def intraclient(name, instance=-1, **kwargs):
	285	"""
	286	Generate an intraclient cnf variable.
	287
	288	:param str name: name for the intraclient
	289	:param int instance: instance number for the intraclient
	290	:returns: generated cnf variable
	291	:rtype: :py:class:`Cnf`
	292	"""
	293	log.info(f"Generating an intraclient {name} cnfvar")
	294	intraclient_cnf = template("intraclient", name, instance=instance,
	295	defaults=intraclient_defaults, **kwargs)
	296	return intraclient_cnf
	297
	298
	299	def provider(name, instance=-1, **kwargs):
	300	"""
	301	Generate a provider cnf variable.
	302
	303	:param str name: name for the provider
	304	:param int instance: instance number for the provider
	305	:returns: generated cnf variable
	306	:rtype: :py:class:`Cnf`
	307	"""
	308	log.info(f"Generating a provider {name} cnfvar")
	309	provider_cnf = template("provider", name, instance=instance,
	310	defaults=provider_defaults, **kwargs)
	311	# the validation of the LOCALIP will not be ignored despite choosing a different mode
	312	if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
	313	provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
	314	provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
	315	if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
	316	provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
	317	if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
	318	provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
	319	return provider_cnf
	320
	321
	322	def port_forwarding(name, instance=-1, **kwargs):
	323	"""
	324	Generate a port forwarding cnf variable.
	325
	326	:param str name: name for the port forwarding mapping
	327	:param int instance: instance number for the port forwarding mapping
	328	:returns: generated cnf variable
	329	:rtype: :py:class:`Cnf`
	330	"""
	331	log.info(f"Generating a port forwarding {name} cnfvar")
	332	port_forwarding_cnf = template("port_forwarding", name, instance=instance,
	333	defaults=port_forwarding_defaults, **kwargs)
	334	if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
	335	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
	336	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
	337	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
	338	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
	339	port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
	340	return port_forwarding_cnf
	341
	342
	343	def firewall_ruleset(name, instance=-1, **kwargs):
	344	"""
	345	Generate a firewall ruleset cnf variable.
	346
	347	:param str name: name for the firewall ruleset
	348	:param int instance: instance number for the firewall ruleset
	349	:returns: generated cnf variable
	350	:rtype: :py:class:`Cnf`
	351	"""
	352	log.info(f"Generating a firewall ruleset {name} cnfvar")
	353	firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
	354	defaults=firewall_ruleset_defaults, **kwargs)
	355	return firewall_ruleset_cnf
	356
	357
	358	def proxy_accesslist(name, instance=-1, **kwargs):
	359	"""
	360	Generate a proxy accesslist cnf variable.
	361
	362	:param str name: name for the proxy accesslist
	363	:param int instance: instance number for the proxy accesslist
	364	:returns: generated cnf variable
	365	:rtype: :py:class:`Cnf`
	366	"""
	367	log.info(f"Generating a proxy accesslist {name} cnfvar")
	368	proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
	369	defaults=proxy_accesslist_defaults, **kwargs)
	370	return proxy_accesslist_cnf
	371
	372
	373	def key_own(name, instance=-1, **kwargs):
	374	"""
	375	Generate an own key cnf variable.
	376
	377	:param str name: name for the own key
	378	:param int instance: instance number for the own key
	379	:returns: generated cnf variable
	380	:rtype: :py:class:`Cnf`
	381	"""
	382	log.info(f"Generating an own key {name} cnfvar")
	383	key_own_cnf = template("key_own", name, instance=instance,
	384	defaults=key_own_defaults, **kwargs)
	385	return key_own_cnf
	386
	387
	388	def vpnconn(name, instance=-1, **kwargs):
	389	"""
	390	Generate a vpn connection cnf variable.
	391
	392	:param str name: name for the vpn connection
	393	:param int instance: instance number for the vpn connection
	394	:returns: generated cnf variable
	395	:rtype: :py:class:`Cnf`
	396	"""
	397	log.info(f"Generating a vpn connection {name} cnfvar")
	398	vpnconn_cnf = template("vpnconn", name, instance=instance,
	399	defaults=vpnconn_defaults, **kwargs)
	400	if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
	401	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
	402	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
	403	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
	404	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
	405	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
	406	return vpnconn_cnf