[pyi2ncommon] / src / cnfvar / templates.py

# The software in this package is distributed under the GNU General
# Public License version 2 (with a special exception described below).
#
# A copy of GNU General Public License (GPL) is included in this distribution,
# in the file COPYING.GPL.
#
# As a special exception, if other files instantiate templates or use macros
# or inline functions from this file, or you compile this file and link it
# with other works to produce a work based on this file, this file
# does not by itself cause the resulting work to be covered
# by the GNU General Public License.
#
# However the source code for this file must still be made available
# in accordance with section (3) of the GNU General Public License.
#
# This exception does not invalidate any other reasons why a work based
# on this file might be covered by the GNU General Public License.
#
# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>

"""
Module for one-step dynamic cnfvar generation from default value templates.

.. codeauthor:: Intra2net

These templates contain the bare defaults the UI adds upon
creation of each major and frequently used cnfvar.
"""

import time
import logging

# custom imports
from .model import Cnf, CnfList


log = logging.getLogger('pyi2ncommon.cnfvar.templates')


###############################################################################
# MAJOR CNF DEFAULTS
###############################################################################


#: UI defaults for a user instance
user_defaults = {
    "USER_DISABLED": "0",
    "USER_FULLNAME": "",
    "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
    "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
    "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
    "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
    "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
    "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
    "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
    # always a member of the 'Alle' group
    "USER_GROUP_MEMBER_REF": "2",
    "USER_LOCALE": "",
    "USER_PASSWORD": "",
    "USER_TRASH_DELETEDAYS": "30",
    "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
    "USER_WEBMAIL_SIGNATURE": "",
}
#: UI defaults for a group instance
group_defaults = {
    "GROUP_COMMENT": "",
    "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
    "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
    "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
    "GROUP_PROXY_PROFILE_REF": "1",
}
#: UI defaults for an intraclient instance
intraclient_defaults = {
    "INTRACLIENT_COMMENT": "",
    "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
    "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
    "INTRACLIENT_FIREWALL_RULESET_REF": "5",
    "INTRACLIENT_IP": "",
    "INTRACLIENT_MAC": "",
    "INTRACLIENT_PROXY_PROFILE_REF": "-1",
}
#: UI defaults for a NIC instance
nic_defaults = {
    "NIC_COMMENT": "",
    "NIC_DRIVER": "",
    "NIC_MAC": "",
    "NIC_TYPE": "UNUSED",
}
#: UI defaults for a provider instance
provider_defaults = {
    "PROVIDER_PROXY_SERVER": "",
    "PROVIDER_PROXY_PORT": "",
    "PROVIDER_PROXY_PASSWORD": "",
    "PROVIDER_PROXY_LOGIN": "",
    "PROVIDER_NIC_REF": "1",
    "PROVIDER_NETMASK": "255.255.0.0",
    "PROVIDER_MTU_SIZE": "1500",
    "PROVIDER_MODE": "ROUTER",
    "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
    "PROVIDER_LOCALIP": "",
    "PROVIDER_IP": "",
    "PROVIDER_FIREWALL_RULESET_REF": "7",
    "PROVIDER_FALLBACK_TIMEOUT": "60",
    "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
    "PROVIDER_EMAIL_RELAY_REF": "-1",
    "PROVIDER_DYNDNS_WEBCHECKIP": "0",
    "PROVIDER_DYNDNS_ENABLE": "1",
    "PROVIDER_DNS_MODE": "ROOT",
    "PROVIDER_DNS": "",
    "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
    "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
    "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
    "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
}
#: UI defaults for a port forwarding instance
port_forwarding_defaults = {
    "PORT_FORWARDING_DST_IP_REF": "1",
    "PORT_FORWARDING_DST_PORT": "",
    "PORT_FORWARDING_DST_PORT_END": "",
    "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
    "PORT_FORWARDING_SRC_PORT": "",
    "PORT_FORWARDING_SRC_PORT_END": "",
}
#: UI defaults for a firewall ruleset instance
firewall_ruleset_defaults = {
    "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
}
#: UI defaults for a proxy accesslist instance
proxy_accesslist_defaults = {
    "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
    "PROXY_ACCESSLIST_MODE": "1",
    "PROXY_ACCESSLIST_SIZETYPE": "1",
    "PROXY_ACCESSLIST_TYPE": "0",
}
#: UI defaults for a key instance
key_own_defaults = {
    "KEY_OWN_FINGERPRINT_MD5": "",
    "KEY_OWN_FINGERPRINT_SHA1": "",
    "KEY_OWN_ID_X509": "CN=net.lan",
    "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
    "KEY_OWN_KEYSIZE": "2048",
    "KEY_OWN_HASH_ALGO": "SHA2_256",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_REQUEST": "<CREATE_HACK>",
    "KEY_OWN_SUBJECT": "CN=net.lan",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDFROM": "00001122T445566",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDTILL": "99991122T445566",
    "KEY_OWN_TYPE": "SELF",
    # the ones bellow should be set when using 'generate' to create the key
    "KEY_OWN_CREATE_CN": "",
    "KEY_OWN_CREATE_EMAIL": ""
}
#: UI defaults for a VPN connection instance
vpnconn_defaults = {
    "VPNCONN_ACTIVATION": "ALWAYS",
    "VPNCONN_DISABLED": "0",
    "VPNCONN_DNS_RELAYING_ALLOWED": "1",
    "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
    "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
    "VPNCONN_FIREWALL_RULESET_REF": "5",
    "VPNCONN_IKE_VERSION": "1",
    "VPNCONN_KEY_FOREIGN_REF": "1",
    "VPNCONN_KEY_OWN_REF": "1",
    "VPNCONN_KEY_TYPE": "PUBLIC",
    "VPNCONN_LAN_NAT_IP": "",
    "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
    "VPNCONN_LAN_NAT_NETWORK": "",
    "VPNCONN_LAN_NIC_REF": "2",
    "VPNCONN_LAN_NET": "",
    "VPNCONN_LAN_NETMASK": "255.255.0.0",
    "VPNCONN_LAN_TYPE": "NIC",
    "VPNCONN_LIFETIME_IKE": "480",
    "VPNCONN_LIFETIME_IPSECSA": "60",
    "VPNCONN_OFFLINE_DETECTION_SEC": "60",
    "VPNCONN_PEER_DNS": "",
    "VPNCONN_PEER_IP": "",
    "VPNCONN_PEER_TYPE": "IP",
    "VPNCONN_PROTO": "IPSEC",
    "VPNCONN_PROXY_PROFILE_REF": "-2",
    "VPNCONN_PSK": "",
    "VPNCONN_PSK_FOREIGN_ID": "",
    "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
    "VPNCONN_PSK_OWN_ID": "",
    "VPNCONN_PSK_OWN_ID_TYPE": "IP",
    "VPNCONN_REMOTE_INET_NAT": "1",
    "VPNCONN_REMOTE_MODECONFIG_IP": "",
    "VPNCONN_REMOTE_NAT_ENABLE": "0",
    "VPNCONN_REMOTE_NAT_NETWORK": "",
    "VPNCONN_REMOTE_NET": "",
    "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
    "VPNCONN_REMOTE_TYPE": "CUSTOM",
    "VPNCONN_RETRIES": "3",
    "VPNCONN_SECURED": "ESP",
    "VPNCONN_XAUTH_SERVER_ENABLE": "0"
}


###############################################################################
# MINOR CONFIGURATION
###############################################################################


def template(name, value, instance=-1, defaults=None, **kwargs):
    """
    Generate a template cnf variable from provided defaults.

    :param str name: cnf variable name
    :param str value: cnf variable data value
    :param int instance: cnf variable instance number
    :param defaults: default child variables to populate the cnf variable with
    :type defaults: {str, str or {}} or None
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`

    All additional keyword arguments will be used to overwrite the defaults.
    """
    log.info(f"Generating a template {name} cnfvar")
    cnf = Cnf(name, value=value, instance=instance)
    defaults = {} if defaults is None else defaults
    cnf.add_children(*[(key, value) for key, value in defaults.items()])
    for key in kwargs.keys():
        cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
    return cnf


def user(name, instance=-1, **kwargs):
    """
    Generate a user cnf variable.

    :param str name: username for the user
    :param int instance: instance number for the user
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a user {name} cnfvar")
    user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
    user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
    return user_cnf


def group(name, instance=-1, **kwargs):
    """
    Generate a group cnf variable.

    :param str name: name for the group
    :param int instance: instance number for the group
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a group {name} cnfvar")
    group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
    return group_cnf


def nic(name, instance=-1, **kwargs):
    """
    Generate a nic cnf variable.

    :param str name: tag or comment for the nic describing its use
    :param int instance: instance number for the nic
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a nic cnfvar")
    nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
    nic_cnf.children.single_with_name("nic_comment").value = name
    if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
        nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
        nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
        nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_nat_into", "0")
        nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
        nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
    return nic_cnf


def intraclient(name, instance=-1, **kwargs):
    """
    Generate an intraclient cnf variable.

    :param str name: name for the intraclient
    :param int instance: instance number for the intraclient
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an intraclient {name} cnfvar")
    intraclient_cnf = template("intraclient", name, instance=instance,
                               defaults=intraclient_defaults, **kwargs)
    return intraclient_cnf


def provider(name, instance=-1, **kwargs):
    """
    Generate a provider cnf variable.

    :param str name: name for the provider
    :param int instance: instance number for the provider
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a provider {name} cnfvar")
    provider_cnf = template("provider", name, instance=instance,
                            defaults=provider_defaults, **kwargs)
    # the validation of the LOCALIP will not be ignored despite choosing a different mode
    if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
        provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
        provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
    if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
    if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
    return provider_cnf


def port_forwarding(name, instance=-1, **kwargs):
    """
    Generate a port forwarding cnf variable.

    :param str name: name for the port forwarding mapping
    :param int instance: instance number for the port forwarding mapping
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a port forwarding {name} cnfvar")
    port_forwarding_cnf = template("port_forwarding", name, instance=instance,
                                   defaults=port_forwarding_defaults, **kwargs)
    if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
        port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
    return port_forwarding_cnf


def firewall_ruleset(name, instance=-1, **kwargs):
    """
    Generate a firewall ruleset cnf variable.

    :param str name: name for the firewall ruleset
    :param int instance: instance number for the firewall ruleset
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a firewall ruleset {name} cnfvar")
    firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
                                    defaults=firewall_ruleset_defaults, **kwargs)
    return firewall_ruleset_cnf


def proxy_accesslist(name, instance=-1, **kwargs):
    """
    Generate a proxy accesslist cnf variable.

    :param str name: name for the proxy accesslist
    :param int instance: instance number for the proxy accesslist
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a proxy accesslist {name} cnfvar")
    proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
                                    defaults=proxy_accesslist_defaults, **kwargs)
    return proxy_accesslist_cnf


def key_own(name, instance=-1, **kwargs):
    """
    Generate an own key cnf variable.

    :param str name: name for the own key
    :param int instance: instance number for the own key
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an own key {name} cnfvar")
    key_own_cnf = template("key_own", name, instance=instance,
                           defaults=key_own_defaults, **kwargs)
    return key_own_cnf


def vpnconn(name, instance=-1, **kwargs):
    """
    Generate a vpn connection cnf variable.

    :param str name: name for the vpn connection
    :param int instance: instance number for the vpn connection
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a vpn connection {name} cnfvar")
    vpnconn_cnf = template("vpnconn", name, instance=instance,
                           defaults=vpnconn_defaults, **kwargs)
    if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
    return vpnconn_cnf
Commit	Line	Data
11cbb815 PD	1	# The software in this package is distributed under the GNU General
	2	# Public License version 2 (with a special exception described below).
	3	#
	4	# A copy of GNU General Public License (GPL) is included in this distribution,
	5	# in the file COPYING.GPL.
	6	#
	7	# As a special exception, if other files instantiate templates or use macros
	8	# or inline functions from this file, or you compile this file and link it
	9	# with other works to produce a work based on this file, this file
	10	# does not by itself cause the resulting work to be covered
	11	# by the GNU General Public License.
	12	#
	13	# However the source code for this file must still be made available
	14	# in accordance with section (3) of the GNU General Public License.
	15	#
	16	# This exception does not invalidate any other reasons why a work based
	17	# on this file might be covered by the GNU General Public License.
	18	#
	19	# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
	20
f49f6323	21	"""
188605ae	22	Module for one-step dynamic cnfvar generation from default value templates.
f49f6323	23
b5abc93a	24	.. codeauthor:: Intra2net
b7e04a3e	25
188605ae PD	26	These templates contain the bare defaults the UI adds upon
188605ae PD	27	creation of each major and frequently used cnfvar.
f49f6323 PD	28	"""
	29
	30	import time
	31	import logging
f49f6323 PD	32
f49f6323 PD	33	# custom imports
b5abc93a PD	34	from .model import Cnf, CnfList
	35
	36
	37	log = logging.getLogger('pyi2ncommon.cnfvar.templates')
f49f6323 PD	38
	39
	40	###############################################################################
188605ae PD	41	# MAJOR CNF DEFAULTS
	42	###############################################################################
	43
	44
	45	#: UI defaults for a user instance
	46	user_defaults = {
	47	"USER_DISABLED": "0",
	48	"USER_FULLNAME": "",
4fef584f PD	49	"USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
	50	"USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
	51	"USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
	52	"USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
	53	"USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
	54	"USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
	55	"USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
188605ae PD	56	# always a member of the 'Alle' group
	57	"USER_GROUP_MEMBER_REF": "2",
	58	"USER_LOCALE": "",
be8c26c1	59	"USER_PASSWORD": "",
188605ae PD	60	"USER_TRASH_DELETEDAYS": "30",
	61	"USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
	62	"USER_WEBMAIL_SIGNATURE": "",
	63	}
b358e4cb PD	64	#: UI defaults for a group instance
	65	group_defaults = {
	66	"GROUP_COMMENT": "",
	67	"GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
	68	"GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
	69	"GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
	70	"GROUP_PROXY_PROFILE_REF": "1",
	71	}
13abc7d0 PD	72	#: UI defaults for an intraclient instance
	73	intraclient_defaults = {
	74	"INTRACLIENT_COMMENT": "",
	75	"INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
	76	"INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
	77	"INTRACLIENT_FIREWALL_RULESET_REF": "5",
df3ad4c0 PD	78	"INTRACLIENT_IP": "",
df3ad4c0 PD	79	"INTRACLIENT_MAC": "",
13abc7d0 PD	80	"INTRACLIENT_PROXY_PROFILE_REF": "-1",
	81	}
	82	#: UI defaults for a NIC instance
	83	nic_defaults = {
	84	"NIC_COMMENT": "",
be8c26c1 PD	85	"NIC_DRIVER": "",
be8c26c1 PD	86	"NIC_MAC": "",
4fef584f	87	"NIC_TYPE": "UNUSED",
13abc7d0 PD	88	}
	89	#: UI defaults for a provider instance
	90	provider_defaults = {
	91	"PROVIDER_PROXY_SERVER": "",
	92	"PROVIDER_PROXY_PORT": "",
	93	"PROVIDER_PROXY_PASSWORD": "",
	94	"PROVIDER_PROXY_LOGIN": "",
	95	"PROVIDER_NIC_REF": "1",
	96	"PROVIDER_NETMASK": "255.255.0.0",
	97	"PROVIDER_MTU_SIZE": "1500",
	98	"PROVIDER_MODE": "ROUTER",
	99	"PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
	100	"PROVIDER_LOCALIP": "",
	101	"PROVIDER_IP": "",
	102	"PROVIDER_FIREWALL_RULESET_REF": "7",
	103	"PROVIDER_FALLBACK_TIMEOUT": "60",
	104	"PROVIDER_FALLBACK_PROVIDER_REF": "-1",
	105	"PROVIDER_EMAIL_RELAY_REF": "-1",
	106	"PROVIDER_DYNDNS_WEBCHECKIP": "0",
	107	"PROVIDER_DYNDNS_ENABLE": "1",
4fef584f	108	"PROVIDER_DNS_MODE": "ROOT",
13abc7d0 PD	109	"PROVIDER_DNS": "",
	110	"PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
	111	"PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
	112	"PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
	113	"PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
	114	}
	115	#: UI defaults for a port forwarding instance
	116	port_forwarding_defaults = {
	117	"PORT_FORWARDING_DST_IP_REF": "1",
	118	"PORT_FORWARDING_DST_PORT": "",
	119	"PORT_FORWARDING_DST_PORT_END": "",
	120	"PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
	121	"PORT_FORWARDING_SRC_PORT": "",
	122	"PORT_FORWARDING_SRC_PORT_END": "",
	123	}
	124	#: UI defaults for a firewall ruleset instance
	125	firewall_ruleset_defaults = {
	126	"FIREWALL_RULESET_PROFILE_TYPE": "FULL",
	127	}
	128	#: UI defaults for a proxy accesslist instance
	129	proxy_accesslist_defaults = {
	130	"PROXY_ACCESSLIST_ENTRY_COUNT": "123",
	131	"PROXY_ACCESSLIST_MODE": "1",
	132	"PROXY_ACCESSLIST_SIZETYPE": "1",
	133	"PROXY_ACCESSLIST_TYPE": "0",
	134	}
	135	#: UI defaults for a key instance
	136	key_own_defaults = {
be8c26c1 PD	137	"KEY_OWN_FINGERPRINT_MD5": "",
	138	"KEY_OWN_FINGERPRINT_SHA1": "",
	139	"KEY_OWN_ID_X509": "CN=net.lan",
	140	"KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
13abc7d0 PD	141	"KEY_OWN_KEYSIZE": "2048",
13abc7d0 PD	142	"KEY_OWN_HASH_ALGO": "SHA2_256",
be8c26c1 PD	143	# TODO: the key own creation is currently too hacky for better sanitized defaults
	144	"KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
	145	# TODO: the key own creation is currently too hacky for better sanitized defaults
	146	"KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
	147	# TODO: the key own creation is currently too hacky for better sanitized defaults
	148	"KEY_OWN_REQUEST": "<CREATE_HACK>",
	149	"KEY_OWN_SUBJECT": "CN=net.lan",
	150	# TODO: the key own creation is currently too hacky for better sanitized defaults
	151	"KEY_OWN_VALIDFROM": "00001122T445566",
	152	# TODO: the key own creation is currently too hacky for better sanitized defaults
	153	"KEY_OWN_VALIDTILL": "99991122T445566",
13abc7d0 PD	154	"KEY_OWN_TYPE": "SELF",
13abc7d0 PD	155	# the ones bellow should be set when using 'generate' to create the key
be8c26c1 PD	156	"KEY_OWN_CREATE_CN": "",
be8c26c1 PD	157	"KEY_OWN_CREATE_EMAIL": ""
13abc7d0 PD	158	}
	159	#: UI defaults for a VPN connection instance
	160	vpnconn_defaults = {
	161	"VPNCONN_ACTIVATION": "ALWAYS",
	162	"VPNCONN_DISABLED": "0",
	163	"VPNCONN_DNS_RELAYING_ALLOWED": "1",
	164	"VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
	165	"VPNCONN_ENCRYPTION_PROFILE_REF": "0",
	166	"VPNCONN_FIREWALL_RULESET_REF": "5",
	167	"VPNCONN_IKE_VERSION": "1",
	168	"VPNCONN_KEY_FOREIGN_REF": "1",
	169	"VPNCONN_KEY_OWN_REF": "1",
	170	"VPNCONN_KEY_TYPE": "PUBLIC",
	171	"VPNCONN_LAN_NAT_IP": "",
	172	"VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
	173	"VPNCONN_LAN_NAT_NETWORK": "",
	174	"VPNCONN_LAN_NIC_REF": "2",
be8c26c1	175	"VPNCONN_LAN_NET": "",
13abc7d0 PD	176	"VPNCONN_LAN_NETMASK": "255.255.0.0",
	177	"VPNCONN_LAN_TYPE": "NIC",
	178	"VPNCONN_LIFETIME_IKE": "480",
	179	"VPNCONN_LIFETIME_IPSECSA": "60",
	180	"VPNCONN_OFFLINE_DETECTION_SEC": "60",
	181	"VPNCONN_PEER_DNS": "",
df3ad4c0	182	"VPNCONN_PEER_IP": "",
13abc7d0	183	"VPNCONN_PEER_TYPE": "IP",
a678b534	184	"VPNCONN_PROTO": "IPSEC",
13abc7d0 PD	185	"VPNCONN_PROXY_PROFILE_REF": "-2",
	186	"VPNCONN_PSK": "",
	187	"VPNCONN_PSK_FOREIGN_ID": "",
	188	"VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
	189	"VPNCONN_PSK_OWN_ID": "",
	190	"VPNCONN_PSK_OWN_ID_TYPE": "IP",
	191	"VPNCONN_REMOTE_INET_NAT": "1",
be8c26c1	192	"VPNCONN_REMOTE_MODECONFIG_IP": "",
13abc7d0 PD	193	"VPNCONN_REMOTE_NAT_ENABLE": "0",
13abc7d0 PD	194	"VPNCONN_REMOTE_NAT_NETWORK": "",
be8c26c1	195	"VPNCONN_REMOTE_NET": "",
13abc7d0 PD	196	"VPNCONN_REMOTE_NETMASK": "255.255.0.0",
	197	"VPNCONN_REMOTE_TYPE": "CUSTOM",
	198	"VPNCONN_RETRIES": "3",
	199	"VPNCONN_SECURED": "ESP",
	200	"VPNCONN_XAUTH_SERVER_ENABLE": "0"
	201	}
188605ae PD	202
	203
	204	###############################################################################
f49f6323 PD	205	# MINOR CONFIGURATION
	206	###############################################################################
	207
7628bc48	208
188605ae	209	def template(name, value, instance=-1, defaults=None, **kwargs):
f49f6323	210	"""
188605ae	211	Generate a template cnf variable from provided defaults.
f49f6323	212
188605ae PD	213	:param str name: cnf variable name
188605ae PD	214	:param str value: cnf variable data value
b5abc93a	215	:param int instance: cnf variable instance number
188605ae PD	216	:param defaults: default child variables to populate the cnf variable with
188605ae PD	217	:type defaults: {str, str or {}} or None
b5abc93a PD	218	:returns: generated cnf variable
b5abc93a PD	219	:rtype: :py:class:`Cnf`
188605ae PD	220
188605ae PD	221	All additional keyword arguments will be used to overwrite the defaults.
f49f6323	222	"""
188605ae PD	223	log.info(f"Generating a template {name} cnfvar")
	224	cnf = Cnf(name, value=value, instance=instance)
	225	defaults = {} if defaults is None else defaults
	226	cnf.add_children(*[(key, value) for key, value in defaults.items()])
	227	for key in kwargs.keys():
	228	cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
	229	return cnf
f49f6323 PD	230
f49f6323 PD	231
a4a705cc	232	def user(name, instance=-1, **kwargs):
f49f6323	233	"""
188605ae	234	Generate a user cnf variable.
f49f6323	235
188605ae	236	:param str name: username for the user
b5abc93a PD	237	:param int instance: instance number for the user
	238	:returns: generated cnf variable
	239	:rtype: :py:class:`Cnf`
f49f6323	240	"""
188605ae PD	241	log.info(f"Generating a user {name} cnfvar")
	242	user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
	243	user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
f49f6323 PD	244	return user_cnf
	245
	246
b358e4cb	247	def group(name, instance=-1, **kwargs):
f49f6323	248	"""
b358e4cb	249	Generate a group cnf variable.
f49f6323	250
b358e4cb PD	251	:param str name: name for the group
	252	:param int instance: instance number for the group
	253	:returns: generated cnf variable
	254	:rtype: :py:class:`Cnf`
f49f6323	255	"""
b358e4cb PD	256	log.info(f"Generating a group {name} cnfvar")
b358e4cb PD	257	group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
f49f6323 PD	258	return group_cnf
	259
	260
a4a705cc	261	def nic(name, instance=-1, **kwargs):
f49f6323	262	"""
13abc7d0 PD	263	Generate a nic cnf variable.
13abc7d0 PD	264
a4a705cc	265	:param str name: tag or comment for the nic describing its use
13abc7d0 PD	266	:param int instance: instance number for the nic
	267	:returns: generated cnf variable
	268	:rtype: :py:class:`Cnf`
f49f6323	269	"""
13abc7d0 PD	270	log.info(f"Generating a nic cnfvar")
13abc7d0 PD	271	nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
a4a705cc	272	nic_cnf.children.single_with_name("nic_comment").value = name
f8e700d7 PD	273	if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
	274	nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
	275	nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
	276	nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
	277	nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
	278	nic_cnf.add_child("nic_lan_nat_into", "0")
	279	nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
	280	nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
f49f6323 PD	281	return nic_cnf
	282
	283
13abc7d0	284	def intraclient(name, instance=-1, **kwargs):
f49f6323	285	"""
13abc7d0 PD	286	Generate an intraclient cnf variable.
	287
	288	:param str name: name for the intraclient
	289	:param int instance: instance number for the intraclient
	290	:returns: generated cnf variable
	291	:rtype: :py:class:`Cnf`
f49f6323	292	"""
13abc7d0 PD	293	log.info(f"Generating an intraclient {name} cnfvar")
	294	intraclient_cnf = template("intraclient", name, instance=instance,
	295	defaults=intraclient_defaults, **kwargs)
f49f6323 PD	296	return intraclient_cnf
	297
	298
a4a705cc	299	def provider(name, instance=-1, **kwargs):
f49f6323	300	"""
13abc7d0	301	Generate a provider cnf variable.
f49f6323	302
13abc7d0	303	:param str name: name for the provider
13abc7d0 PD	304	:param int instance: instance number for the provider
	305	:returns: generated cnf variable
	306	:rtype: :py:class:`Cnf`
f49f6323	307	"""
13abc7d0 PD	308	log.info(f"Generating a provider {name} cnfvar")
	309	provider_cnf = template("provider", name, instance=instance,
	310	defaults=provider_defaults, **kwargs)
f8e700d7 PD	311	# the validation of the LOCALIP will not be ignored despite choosing a different mode
	312	if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
	313	provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
	314	provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
	315	if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
	316	provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
	317	if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
	318	provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
f49f6323 PD	319	return provider_cnf
	320
	321
a4a705cc	322	def port_forwarding(name, instance=-1, **kwargs):
f49f6323	323	"""
13abc7d0 PD	324	Generate a port forwarding cnf variable.
	325
	326	:param str name: name for the port forwarding mapping
13abc7d0 PD	327	:param int instance: instance number for the port forwarding mapping
	328	:returns: generated cnf variable
	329	:rtype: :py:class:`Cnf`
f49f6323	330	"""
13abc7d0 PD	331	log.info(f"Generating a port forwarding {name} cnfvar")
	332	port_forwarding_cnf = template("port_forwarding", name, instance=instance,
	333	defaults=port_forwarding_defaults, **kwargs)
f8e700d7 PD	334	if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
	335	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
	336	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
	337	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
	338	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
	339	port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
13abc7d0	340	return port_forwarding_cnf
f49f6323 PD	341
f49f6323 PD	342
13abc7d0	343	def firewall_ruleset(name, instance=-1, **kwargs):
f49f6323	344	"""
13abc7d0	345	Generate a firewall ruleset cnf variable.
f49f6323	346
13abc7d0 PD	347	:param str name: name for the firewall ruleset
	348	:param int instance: instance number for the firewall ruleset
	349	:returns: generated cnf variable
	350	:rtype: :py:class:`Cnf`
f49f6323	351	"""
13abc7d0 PD	352	log.info(f"Generating a firewall ruleset {name} cnfvar")
	353	firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
	354	defaults=firewall_ruleset_defaults, **kwargs)
	355	return firewall_ruleset_cnf
	356
	357
	358	def proxy_accesslist(name, instance=-1, **kwargs):
f49f6323	359	"""
13abc7d0	360	Generate a proxy accesslist cnf variable.
f49f6323	361
13abc7d0 PD	362	:param str name: name for the proxy accesslist
	363	:param int instance: instance number for the proxy accesslist
	364	:returns: generated cnf variable
	365	:rtype: :py:class:`Cnf`
f49f6323	366	"""
13abc7d0 PD	367	log.info(f"Generating a proxy accesslist {name} cnfvar")
	368	proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
	369	defaults=proxy_accesslist_defaults, **kwargs)
	370	return proxy_accesslist_cnf
	371
	372
	373	def key_own(name, instance=-1, **kwargs):
f49f6323	374	"""
13abc7d0	375	Generate an own key cnf variable.
f49f6323	376
13abc7d0 PD	377	:param str name: name for the own key
	378	:param int instance: instance number for the own key
	379	:returns: generated cnf variable
	380	:rtype: :py:class:`Cnf`
f49f6323	381	"""
13abc7d0 PD	382	log.info(f"Generating an own key {name} cnfvar")
	383	key_own_cnf = template("key_own", name, instance=instance,
	384	defaults=key_own_defaults, **kwargs)
	385	return key_own_cnf
	386
	387
	388	def vpnconn(name, instance=-1, **kwargs):
f49f6323	389	"""
13abc7d0	390	Generate a vpn connection cnf variable.
f49f6323	391
13abc7d0 PD	392	:param str name: name for the vpn connection
	393	:param int instance: instance number for the vpn connection
	394	:returns: generated cnf variable
	395	:rtype: :py:class:`Cnf`
f49f6323	396	"""
13abc7d0 PD	397	log.info(f"Generating a vpn connection {name} cnfvar")
	398	vpnconn_cnf = template("vpnconn", name, instance=instance,
	399	defaults=vpnconn_defaults, **kwargs)
f8e700d7 PD	400	if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
	401	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
	402	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
	403	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
	404	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
	405	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
13abc7d0	406	return vpnconn_cnf