# The software in this package is distributed under the GNU General # Public License version 2 (with a special exception described below). # # A copy of GNU General Public License (GPL) is included in this distribution, # in the file COPYING.GPL. # # As a special exception, if other files instantiate templates or use macros # or inline functions from this file, or you compile this file and link it # with other works to produce a work based on this file, this file # does not by itself cause the resulting work to be covered # by the GNU General Public License. # # However the source code for this file must still be made available # in accordance with section (3) of the GNU General Public License. # # This exception does not invalidate any other reasons why a work based # on this file might be covered by the GNU General Public License. # # Copyright (c) 2016-2018 Intra2net AG """ Module for one-step dynamic cnfvar generation from default value templates. .. codeauthor:: Intra2net These templates contain the bare defaults the UI adds upon creation of each major and frequently used cnfvar. """ import time import logging # custom imports from .model import Cnf, CnfList log = logging.getLogger('pyi2ncommon.cnfvar.templates') ############################################################################### # MAJOR CNF DEFAULTS ############################################################################### #: UI defaults for a user instance user_defaults = { "USER_DISABLED": "0", "USER_FULLNAME": "", "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender", "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte", "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe", "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen", "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente", "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben", "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente", # always a member of the 'Alle' group "USER_GROUP_MEMBER_REF": "2", "USER_LOCALE": "", "USER_PASSWORD": "", "USER_TRASH_DELETEDAYS": "30", "USER_WEBMAIL_MESSAGES_PER_PAGE": "25", "USER_WEBMAIL_SIGNATURE": "", } #: UI defaults for a group instance group_defaults = { "GROUP_COMMENT": "", "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1", "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1", "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET", "GROUP_PROXY_PROFILE_REF": "1", } #: UI defaults for an intraclient instance intraclient_defaults = { "INTRACLIENT_COMMENT": "", "INTRACLIENT_DNS_RELAYING_ALLOWED": "1", "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1", "INTRACLIENT_FIREWALL_RULESET_REF": "5", "INTRACLIENT_IP": "", "INTRACLIENT_MAC": "", "INTRACLIENT_PROXY_PROFILE_REF": "-1", } #: UI defaults for a NIC instance nic_defaults = { "NIC_COMMENT": "", "NIC_DRIVER": "", "NIC_MAC": "", "NIC_TYPE": "UNUSED", } #: UI defaults for a provider instance provider_defaults = { "PROVIDER_PROXY_SERVER": "", "PROVIDER_PROXY_PORT": "", "PROVIDER_PROXY_PASSWORD": "", "PROVIDER_PROXY_LOGIN": "", "PROVIDER_NIC_REF": "1", "PROVIDER_NETMASK": "255.255.0.0", "PROVIDER_MTU_SIZE": "1500", "PROVIDER_MODE": "ROUTER", "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE", "PROVIDER_LOCALIP": "", "PROVIDER_IP": "", "PROVIDER_FIREWALL_RULESET_REF": "7", "PROVIDER_FALLBACK_TIMEOUT": "60", "PROVIDER_FALLBACK_PROVIDER_REF": "-1", "PROVIDER_EMAIL_RELAY_REF": "-1", "PROVIDER_DYNDNS_WEBCHECKIP": "0", "PROVIDER_DYNDNS_ENABLE": "1", "PROVIDER_DNS_MODE": "ROOT", "PROVIDER_DNS": "", "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "", "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0", "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "", "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2", } #: UI defaults for a port forwarding instance port_forwarding_defaults = { "PORT_FORWARDING_DST_IP_REF": "1", "PORT_FORWARDING_DST_PORT": "", "PORT_FORWARDING_DST_PORT_END": "", "PORT_FORWARDING_PROTOCOL_TYPE": "TCP", "PORT_FORWARDING_SRC_PORT": "", "PORT_FORWARDING_SRC_PORT_END": "", } #: UI defaults for a firewall ruleset instance firewall_ruleset_defaults = { "FIREWALL_RULESET_PROFILE_TYPE": "FULL", } #: UI defaults for a proxy accesslist instance proxy_accesslist_defaults = { "PROXY_ACCESSLIST_ENTRY_COUNT": "123", "PROXY_ACCESSLIST_MODE": "1", "PROXY_ACCESSLIST_SIZETYPE": "1", "PROXY_ACCESSLIST_TYPE": "0", } #: UI defaults for a key instance key_own_defaults = { "KEY_OWN_FINGERPRINT_MD5": "", "KEY_OWN_FINGERPRINT_SHA1": "", "KEY_OWN_ID_X509": "CN=net.lan", "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=", "KEY_OWN_KEYSIZE": "2048", "KEY_OWN_HASH_ALGO": "SHA2_256", # TODO: the key own creation is currently too hacky for better sanitized defaults "KEY_OWN_PRIVATE_KEY": "", # TODO: the key own creation is currently too hacky for better sanitized defaults "KEY_OWN_PUBLIC_KEY": "", # TODO: the key own creation is currently too hacky for better sanitized defaults "KEY_OWN_REQUEST": "", "KEY_OWN_SUBJECT": "CN=net.lan", # TODO: the key own creation is currently too hacky for better sanitized defaults "KEY_OWN_VALIDFROM": "00001122T445566", # TODO: the key own creation is currently too hacky for better sanitized defaults "KEY_OWN_VALIDTILL": "99991122T445566", "KEY_OWN_TYPE": "SELF", # the ones bellow should be set when using 'generate' to create the key "KEY_OWN_CREATE_CN": "", "KEY_OWN_CREATE_EMAIL": "" } #: UI defaults for a VPN connection instance vpnconn_defaults = { "VPNCONN_ACTIVATION": "ALWAYS", "VPNCONN_DISABLED": "0", "VPNCONN_DNS_RELAYING_ALLOWED": "1", "VPNCONN_EMAIL_RELAYING_ALLOWED": "1", "VPNCONN_ENCRYPTION_PROFILE_REF": "0", "VPNCONN_FIREWALL_RULESET_REF": "5", "VPNCONN_IKE_VERSION": "1", "VPNCONN_KEY_FOREIGN_REF": "1", "VPNCONN_KEY_OWN_REF": "1", "VPNCONN_KEY_TYPE": "PUBLIC", "VPNCONN_LAN_NAT_IP": "", "VPNCONN_LAN_NAT_MODE": "UNMODIFIED", "VPNCONN_LAN_NAT_NETWORK": "", "VPNCONN_LAN_NIC_REF": "2", "VPNCONN_LAN_NET": "", "VPNCONN_LAN_NETMASK": "255.255.0.0", "VPNCONN_LAN_TYPE": "NIC", "VPNCONN_LIFETIME_IKE": "480", "VPNCONN_LIFETIME_IPSECSA": "60", "VPNCONN_OFFLINE_DETECTION_SEC": "60", "VPNCONN_PEER_DNS": "", "VPNCONN_PEER_IP": "", "VPNCONN_PEER_TYPE": "IP", "VPNCONN_PROTO": "IPSEC", "VPNCONN_PROXY_PROFILE_REF": "-2", "VPNCONN_PSK": "", "VPNCONN_PSK_FOREIGN_ID": "", "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP", "VPNCONN_PSK_OWN_ID": "", "VPNCONN_PSK_OWN_ID_TYPE": "IP", "VPNCONN_REMOTE_INET_NAT": "1", "VPNCONN_REMOTE_MODECONFIG_IP": "", "VPNCONN_REMOTE_NAT_ENABLE": "0", "VPNCONN_REMOTE_NAT_NETWORK": "", "VPNCONN_REMOTE_NET": "", "VPNCONN_REMOTE_NETMASK": "255.255.0.0", "VPNCONN_REMOTE_TYPE": "CUSTOM", "VPNCONN_RETRIES": "3", "VPNCONN_SECURED": "ESP", "VPNCONN_XAUTH_SERVER_ENABLE": "0" } ############################################################################### # MINOR CONFIGURATION ############################################################################### def template(name, value, instance=-1, defaults=None, **kwargs): """ Generate a template cnf variable from provided defaults. :param str name: cnf variable name :param str value: cnf variable data value :param int instance: cnf variable instance number :param defaults: default child variables to populate the cnf variable with :type defaults: {str, str or {}} or None :returns: generated cnf variable :rtype: :py:class:`Cnf` All additional keyword arguments will be used to overwrite the defaults. """ log.info(f"Generating a template {name} cnfvar") cnf = Cnf(name, value=value, instance=instance) defaults = {} if defaults is None else defaults cnf.add_children(*[(key, value) for key, value in defaults.items()]) for key in kwargs.keys(): cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key] return cnf def user(name, instance=-1, **kwargs): """ Generate a user cnf variable. :param str name: username for the user :param int instance: instance number for the user :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a user {name} cnfvar") user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs) user_cnf.children.single_with_name("user_fullname").value = name.capitalize() return user_cnf def group(name, instance=-1, **kwargs): """ Generate a group cnf variable. :param str name: name for the group :param int instance: instance number for the group :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a group {name} cnfvar") group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs) return group_cnf def nic(name, instance=-1, **kwargs): """ Generate a nic cnf variable. :param str name: tag or comment for the nic describing its use :param int instance: instance number for the nic :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a nic cnfvar") nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs) nic_cnf.children.single_with_name("nic_comment").value = name if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]: nic_cnf.add_child("nic_lan_ip", "192.168.1.1") nic_cnf.add_child("nic_lan_netmask", "255.255.255.0") nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0") nic_cnf.add_child("nic_lan_email_relaying_allowed", "0") nic_cnf.add_child("nic_lan_nat_into", "0") nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1") nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1") return nic_cnf def intraclient(name, instance=-1, **kwargs): """ Generate an intraclient cnf variable. :param str name: name for the intraclient :param int instance: instance number for the intraclient :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating an intraclient {name} cnfvar") intraclient_cnf = template("intraclient", name, instance=instance, defaults=intraclient_defaults, **kwargs) return intraclient_cnf def provider(name, instance=-1, **kwargs): """ Generate a provider cnf variable. :param str name: name for the provider :param int instance: instance number for the provider :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a provider {name} cnfvar") provider_cnf = template("provider", name, instance=instance, defaults=provider_defaults, **kwargs) # the validation of the LOCALIP will not be ignored despite choosing a different mode if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]: provider_cnf.children.remove_where(lambda c: c.name == "provider_ip") provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask") if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER": provider_cnf.children.remove_where(lambda c: c.name == "provider_localip") if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP": provider_cnf.children.remove_where(lambda c: c.name == "provider_dns") return provider_cnf def port_forwarding(name, instance=-1, **kwargs): """ Generate a port forwarding cnf variable. :param str name: name for the port forwarding mapping :param int instance: instance number for the port forwarding mapping :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a port forwarding {name} cnfvar") port_forwarding_cnf = template("port_forwarding", name, instance=instance, defaults=port_forwarding_defaults, **kwargs) if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER": port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port") port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port") port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end") port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end") port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47") return port_forwarding_cnf def firewall_ruleset(name, instance=-1, **kwargs): """ Generate a firewall ruleset cnf variable. :param str name: name for the firewall ruleset :param int instance: instance number for the firewall ruleset :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a firewall ruleset {name} cnfvar") firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance, defaults=firewall_ruleset_defaults, **kwargs) return firewall_ruleset_cnf def proxy_accesslist(name, instance=-1, **kwargs): """ Generate a proxy accesslist cnf variable. :param str name: name for the proxy accesslist :param int instance: instance number for the proxy accesslist :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a proxy accesslist {name} cnfvar") proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance, defaults=proxy_accesslist_defaults, **kwargs) return proxy_accesslist_cnf def key_own(name, instance=-1, **kwargs): """ Generate an own key cnf variable. :param str name: name for the own key :param int instance: instance number for the own key :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating an own key {name} cnfvar") key_own_cnf = template("key_own", name, instance=instance, defaults=key_own_defaults, **kwargs) return key_own_cnf def vpnconn(name, instance=-1, **kwargs): """ Generate a vpn connection cnf variable. :param str name: name for the vpn connection :param int instance: instance number for the vpn connection :returns: generated cnf variable :rtype: :py:class:`Cnf` """ log.info(f"Generating a vpn connection {name} cnfvar") vpnconn_cnf = template("vpnconn", name, instance=instance, defaults=vpnconn_defaults, **kwargs) if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]: vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net") if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM": vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net") if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG": vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip") return vpnconn_cnf