[pyi2ncommon] / src / cnfvar / templates.py

# The software in this package is distributed under the GNU General
# Public License version 2 (with a special exception described below).
#
# A copy of GNU General Public License (GPL) is included in this distribution,
# in the file COPYING.GPL.
#
# As a special exception, if other files instantiate templates or use macros
# or inline functions from this file, or you compile this file and link it
# with other works to produce a work based on this file, this file
# does not by itself cause the resulting work to be covered
# by the GNU General Public License.
#
# However the source code for this file must still be made available
# in accordance with section (3) of the GNU General Public License.
#
# This exception does not invalidate any other reasons why a work based
# on this file might be covered by the GNU General Public License.
#
# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>

"""

summary
------------------------------------------------------
Module for one-step dynamic cnfvar generation from default value templates.

.. codeauthor:: Intra2net


contents
-------------------------------------------------------
These templates contain the bare defaults the UI adds upon
creation of each major and frequently used cnfvar.


interface
------------------------------------------------------

"""

import time
import logging

# custom imports
from .model import Cnf, CnfList


log = logging.getLogger('pyi2ncommon.cnfvar.templates')


###############################################################################
# MAJOR CNF DEFAULTS
###############################################################################


#: UI defaults for a user instance
user_defaults = {
    "USER_DISABLED": "0",
    "USER_FULLNAME": "",
    "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
    "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
    "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
    "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
    "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
    "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
    "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
    # always a member of the 'Alle' group
    "USER_GROUP_MEMBER_REF": "2",
    "USER_LOCALE": "",
    "USER_PASSWORD": "",
    "USER_TRASH_DELETEDAYS": "30",
    "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
    "USER_WEBMAIL_SIGNATURE": "",
}
#: UI defaults for a group instance
group_defaults = {
    "GROUP_COMMENT": "",
    "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
    "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
    "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
    "GROUP_PROXY_PROFILE_REF": "1",
}
#: UI defaults for an intraclient instance
intraclient_defaults = {
    "INTRACLIENT_COMMENT": "",
    "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
    "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
    "INTRACLIENT_FIREWALL_RULESET_REF": "5",
    "INTRACLIENT_IP": "",
    "INTRACLIENT_MAC": "",
    "INTRACLIENT_PROXY_PROFILE_REF": "-1",
}
#: UI defaults for a NIC instance
nic_defaults = {
    "NIC_COMMENT": "",
    "NIC_DRIVER": "",
    "NIC_MAC": "",
    "NIC_TYPE": "UNUSED",
}
#: UI defaults for a provider instance
provider_defaults = {
    "PROVIDER_PROXY_SERVER": "",
    "PROVIDER_PROXY_PORT": "",
    "PROVIDER_PROXY_PASSWORD": "",
    "PROVIDER_PROXY_LOGIN": "",
    "PROVIDER_NIC_REF": "1",
    "PROVIDER_NETMASK": "255.255.0.0",
    "PROVIDER_MTU_SIZE": "1500",
    "PROVIDER_MODE": "ROUTER",
    "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
    "PROVIDER_LOCALIP": "",
    "PROVIDER_IP": "",
    "PROVIDER_FIREWALL_RULESET_REF": "7",
    "PROVIDER_FALLBACK_TIMEOUT": "60",
    "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
    "PROVIDER_EMAIL_RELAY_REF": "-1",
    "PROVIDER_DYNDNS_WEBCHECKIP": "0",
    "PROVIDER_DYNDNS_ENABLE": "1",
    "PROVIDER_DNS_MODE": "ROOT",
    "PROVIDER_DNS": "",
    "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
    "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
    "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
    "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
}
#: UI defaults for a port forwarding instance
port_forwarding_defaults = {
    "PORT_FORWARDING_DST_IP_REF": "1",
    "PORT_FORWARDING_DST_PORT": "",
    "PORT_FORWARDING_DST_PORT_END": "",
    "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
    "PORT_FORWARDING_SRC_PORT": "",
    "PORT_FORWARDING_SRC_PORT_END": "",
}
#: UI defaults for a firewall ruleset instance
firewall_ruleset_defaults = {
    "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
}
#: UI defaults for a proxy accesslist instance
proxy_accesslist_defaults = {
    "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
    "PROXY_ACCESSLIST_MODE": "1",
    "PROXY_ACCESSLIST_SIZETYPE": "1",
    "PROXY_ACCESSLIST_TYPE": "0",
}
#: UI defaults for a key instance
key_own_defaults = {
    "KEY_OWN_FINGERPRINT_MD5": "",
    "KEY_OWN_FINGERPRINT_SHA1": "",
    "KEY_OWN_ID_X509": "CN=net.lan",
    "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
    "KEY_OWN_KEYSIZE": "2048",
    "KEY_OWN_HASH_ALGO": "SHA2_256",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_REQUEST": "<CREATE_HACK>",
    "KEY_OWN_SUBJECT": "CN=net.lan",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDFROM": "00001122T445566",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDTILL": "99991122T445566",
    "KEY_OWN_TYPE": "SELF",
    # the ones bellow should be set when using 'generate' to create the key
    "KEY_OWN_CREATE_CN": "",
    "KEY_OWN_CREATE_EMAIL": ""
}
#: UI defaults for a VPN connection instance
vpnconn_defaults = {
    "VPNCONN_ACTIVATION": "ALWAYS",
    "VPNCONN_DISABLED": "0",
    "VPNCONN_DNS_RELAYING_ALLOWED": "1",
    "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
    "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
    "VPNCONN_FIREWALL_RULESET_REF": "5",
    "VPNCONN_IKE_VERSION": "1",
    "VPNCONN_KEY_FOREIGN_REF": "1",
    "VPNCONN_KEY_OWN_REF": "1",
    "VPNCONN_KEY_TYPE": "PUBLIC",
    "VPNCONN_LAN_NAT_IP": "",
    "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
    "VPNCONN_LAN_NAT_NETWORK": "",
    "VPNCONN_LAN_NIC_REF": "2",
    "VPNCONN_LAN_NET": "",
    "VPNCONN_LAN_NETMASK": "255.255.0.0",
    "VPNCONN_LAN_TYPE": "NIC",
    "VPNCONN_LIFETIME_IKE": "480",
    "VPNCONN_LIFETIME_IPSECSA": "60",
    "VPNCONN_OFFLINE_DETECTION_SEC": "60",
    "VPNCONN_PEER_DNS": "",
    "VPNCONN_PEER_IP": "",
    "VPNCONN_PEER_TYPE": "IP",
    "VPNCONN_PROXY_PROFILE_REF": "-2",
    "VPNCONN_PSK": "",
    "VPNCONN_PSK_FOREIGN_ID": "",
    "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
    "VPNCONN_PSK_OWN_ID": "",
    "VPNCONN_PSK_OWN_ID_TYPE": "IP",
    "VPNCONN_REMOTE_INET_NAT": "1",
    "VPNCONN_REMOTE_MODECONFIG_IP": "",
    "VPNCONN_REMOTE_NAT_ENABLE": "0",
    "VPNCONN_REMOTE_NAT_NETWORK": "",
    "VPNCONN_REMOTE_NET": "",
    "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
    "VPNCONN_REMOTE_TYPE": "CUSTOM",
    "VPNCONN_RETRIES": "3",
    "VPNCONN_SECURED": "ESP",
    "VPNCONN_XAUTH_SERVER_ENABLE": "0"
}


###############################################################################
# MINOR CONFIGURATION
###############################################################################


def template(name, value, instance=-1, defaults=None, **kwargs):
    """
    Generate a template cnf variable from provided defaults.

    :param str name: cnf variable name
    :param str value: cnf variable data value
    :param int instance: cnf variable instance number
    :param defaults: default child variables to populate the cnf variable with
    :type defaults: {str, str or {}} or None
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`

    All additional keyword arguments will be used to overwrite the defaults.
    """
    log.info(f"Generating a template {name} cnfvar")
    cnf = Cnf(name, value=value, instance=instance)
    defaults = {} if defaults is None else defaults
    cnf.add_children(*[(key, value) for key, value in defaults.items()])
    for key in kwargs.keys():
        cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
    return cnf


def user(name, instance=-1, **kwargs):
    """
    Generate a user cnf variable.

    :param str name: username for the user
    :param int instance: instance number for the user
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a user {name} cnfvar")
    user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
    user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
    return user_cnf


def group(name, instance=-1, **kwargs):
    """
    Generate a group cnf variable.

    :param str name: name for the group
    :param int instance: instance number for the group
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a group {name} cnfvar")
    group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
    return group_cnf


def nic(name, instance=-1, **kwargs):
    """
    Generate a nic cnf variable.

    :param str name: tag or comment for the nic describing its use
    :param int instance: instance number for the nic
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a nic cnfvar")
    nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
    nic_cnf.children.single_with_name("nic_comment").value = name
    if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
        nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
        nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
        nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_nat_into", "0")
        nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
        nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
    return nic_cnf


def intraclient(name, instance=-1, **kwargs):
    """
    Generate an intraclient cnf variable.

    :param str name: name for the intraclient
    :param int instance: instance number for the intraclient
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an intraclient {name} cnfvar")
    intraclient_cnf = template("intraclient", name, instance=instance,
                               defaults=intraclient_defaults, **kwargs)
    return intraclient_cnf


def provider(name, instance=-1, **kwargs):
    """
    Generate a provider cnf variable.

    :param str name: name for the provider
    :param int instance: instance number for the provider
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a provider {name} cnfvar")
    provider_cnf = template("provider", name, instance=instance,
                            defaults=provider_defaults, **kwargs)
    # the validation of the LOCALIP will not be ignored despite choosing a different mode
    if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
        provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
        provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
    if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
    if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
    return provider_cnf


def port_forwarding(name, instance=-1, **kwargs):
    """
    Generate a port forwarding cnf variable.

    :param str name: name for the port forwarding mapping
    :param int instance: instance number for the port forwarding mapping
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a port forwarding {name} cnfvar")
    port_forwarding_cnf = template("port_forwarding", name, instance=instance,
                                   defaults=port_forwarding_defaults, **kwargs)
    if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
        port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
    return port_forwarding_cnf


def firewall_ruleset(name, instance=-1, **kwargs):
    """
    Generate a firewall ruleset cnf variable.

    :param str name: name for the firewall ruleset
    :param int instance: instance number for the firewall ruleset
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a firewall ruleset {name} cnfvar")
    firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
                                    defaults=firewall_ruleset_defaults, **kwargs)
    return firewall_ruleset_cnf


def proxy_accesslist(name, instance=-1, **kwargs):
    """
    Generate a proxy accesslist cnf variable.

    :param str name: name for the proxy accesslist
    :param int instance: instance number for the proxy accesslist
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a proxy accesslist {name} cnfvar")
    proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
                                    defaults=proxy_accesslist_defaults, **kwargs)
    return proxy_accesslist_cnf


def key_own(name, instance=-1, **kwargs):
    """
    Generate an own key cnf variable.

    :param str name: name for the own key
    :param int instance: instance number for the own key
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an own key {name} cnfvar")
    key_own_cnf = template("key_own", name, instance=instance,
                           defaults=key_own_defaults, **kwargs)
    return key_own_cnf


def vpnconn(name, instance=-1, **kwargs):
    """
    Generate a vpn connection cnf variable.

    :param str name: name for the vpn connection
    :param int instance: instance number for the vpn connection
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a vpn connection {name} cnfvar")
    vpnconn_cnf = template("vpnconn", name, instance=instance,
                           defaults=vpnconn_defaults, **kwargs)
    if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
    return vpnconn_cnf
Commit	Line	Data
11cbb815 PD	1	# The software in this package is distributed under the GNU General
	2	# Public License version 2 (with a special exception described below).
	3	#
	4	# A copy of GNU General Public License (GPL) is included in this distribution,
	5	# in the file COPYING.GPL.
	6	#
	7	# As a special exception, if other files instantiate templates or use macros
	8	# or inline functions from this file, or you compile this file and link it
	9	# with other works to produce a work based on this file, this file
	10	# does not by itself cause the resulting work to be covered
	11	# by the GNU General Public License.
	12	#
	13	# However the source code for this file must still be made available
	14	# in accordance with section (3) of the GNU General Public License.
	15	#
	16	# This exception does not invalidate any other reasons why a work based
	17	# on this file might be covered by the GNU General Public License.
	18	#
	19	# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
	20
f49f6323 PD	21	"""
f49f6323 PD	22
b5abc93a	23	summary
f49f6323	24	------------------------------------------------------
188605ae	25	Module for one-step dynamic cnfvar generation from default value templates.
f49f6323	26
b5abc93a	27	.. codeauthor:: Intra2net
b7e04a3e	28
f49f6323	29
188605ae PD	30	contents
	31	-------------------------------------------------------
	32	These templates contain the bare defaults the UI adds upon
	33	creation of each major and frequently used cnfvar.
	34
	35
b5abc93a	36	interface
f49f6323 PD	37	------------------------------------------------------
	38
	39	"""
	40
	41	import time
	42	import logging
f49f6323 PD	43
f49f6323 PD	44	# custom imports
b5abc93a PD	45	from .model import Cnf, CnfList
	46
	47
	48	log = logging.getLogger('pyi2ncommon.cnfvar.templates')
f49f6323 PD	49
	50
	51	###############################################################################
188605ae PD	52	# MAJOR CNF DEFAULTS
	53	###############################################################################
	54
	55
	56	#: UI defaults for a user instance
	57	user_defaults = {
	58	"USER_DISABLED": "0",
	59	"USER_FULLNAME": "",
4fef584f PD	60	"USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
	61	"USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
	62	"USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
	63	"USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
	64	"USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
	65	"USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
	66	"USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
188605ae PD	67	# always a member of the 'Alle' group
	68	"USER_GROUP_MEMBER_REF": "2",
	69	"USER_LOCALE": "",
be8c26c1	70	"USER_PASSWORD": "",
188605ae PD	71	"USER_TRASH_DELETEDAYS": "30",
	72	"USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
	73	"USER_WEBMAIL_SIGNATURE": "",
	74	}
b358e4cb PD	75	#: UI defaults for a group instance
	76	group_defaults = {
	77	"GROUP_COMMENT": "",
	78	"GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
	79	"GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
	80	"GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
	81	"GROUP_PROXY_PROFILE_REF": "1",
	82	}
13abc7d0 PD	83	#: UI defaults for an intraclient instance
	84	intraclient_defaults = {
	85	"INTRACLIENT_COMMENT": "",
	86	"INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
	87	"INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
	88	"INTRACLIENT_FIREWALL_RULESET_REF": "5",
df3ad4c0 PD	89	"INTRACLIENT_IP": "",
df3ad4c0 PD	90	"INTRACLIENT_MAC": "",
13abc7d0 PD	91	"INTRACLIENT_PROXY_PROFILE_REF": "-1",
	92	}
	93	#: UI defaults for a NIC instance
	94	nic_defaults = {
	95	"NIC_COMMENT": "",
be8c26c1 PD	96	"NIC_DRIVER": "",
be8c26c1 PD	97	"NIC_MAC": "",
4fef584f	98	"NIC_TYPE": "UNUSED",
13abc7d0 PD	99	}
	100	#: UI defaults for a provider instance
	101	provider_defaults = {
	102	"PROVIDER_PROXY_SERVER": "",
	103	"PROVIDER_PROXY_PORT": "",
	104	"PROVIDER_PROXY_PASSWORD": "",
	105	"PROVIDER_PROXY_LOGIN": "",
	106	"PROVIDER_NIC_REF": "1",
	107	"PROVIDER_NETMASK": "255.255.0.0",
	108	"PROVIDER_MTU_SIZE": "1500",
	109	"PROVIDER_MODE": "ROUTER",
	110	"PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
	111	"PROVIDER_LOCALIP": "",
	112	"PROVIDER_IP": "",
	113	"PROVIDER_FIREWALL_RULESET_REF": "7",
	114	"PROVIDER_FALLBACK_TIMEOUT": "60",
	115	"PROVIDER_FALLBACK_PROVIDER_REF": "-1",
	116	"PROVIDER_EMAIL_RELAY_REF": "-1",
	117	"PROVIDER_DYNDNS_WEBCHECKIP": "0",
	118	"PROVIDER_DYNDNS_ENABLE": "1",
4fef584f	119	"PROVIDER_DNS_MODE": "ROOT",
13abc7d0 PD	120	"PROVIDER_DNS": "",
	121	"PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
	122	"PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
	123	"PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
	124	"PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
	125	}
	126	#: UI defaults for a port forwarding instance
	127	port_forwarding_defaults = {
	128	"PORT_FORWARDING_DST_IP_REF": "1",
	129	"PORT_FORWARDING_DST_PORT": "",
	130	"PORT_FORWARDING_DST_PORT_END": "",
	131	"PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
	132	"PORT_FORWARDING_SRC_PORT": "",
	133	"PORT_FORWARDING_SRC_PORT_END": "",
	134	}
	135	#: UI defaults for a firewall ruleset instance
	136	firewall_ruleset_defaults = {
	137	"FIREWALL_RULESET_PROFILE_TYPE": "FULL",
	138	}
	139	#: UI defaults for a proxy accesslist instance
	140	proxy_accesslist_defaults = {
	141	"PROXY_ACCESSLIST_ENTRY_COUNT": "123",
	142	"PROXY_ACCESSLIST_MODE": "1",
	143	"PROXY_ACCESSLIST_SIZETYPE": "1",
	144	"PROXY_ACCESSLIST_TYPE": "0",
	145	}
	146	#: UI defaults for a key instance
	147	key_own_defaults = {
be8c26c1 PD	148	"KEY_OWN_FINGERPRINT_MD5": "",
	149	"KEY_OWN_FINGERPRINT_SHA1": "",
	150	"KEY_OWN_ID_X509": "CN=net.lan",
	151	"KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
13abc7d0 PD	152	"KEY_OWN_KEYSIZE": "2048",
13abc7d0 PD	153	"KEY_OWN_HASH_ALGO": "SHA2_256",
be8c26c1 PD	154	# TODO: the key own creation is currently too hacky for better sanitized defaults
	155	"KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
	156	# TODO: the key own creation is currently too hacky for better sanitized defaults
	157	"KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
	158	# TODO: the key own creation is currently too hacky for better sanitized defaults
	159	"KEY_OWN_REQUEST": "<CREATE_HACK>",
	160	"KEY_OWN_SUBJECT": "CN=net.lan",
	161	# TODO: the key own creation is currently too hacky for better sanitized defaults
	162	"KEY_OWN_VALIDFROM": "00001122T445566",
	163	# TODO: the key own creation is currently too hacky for better sanitized defaults
	164	"KEY_OWN_VALIDTILL": "99991122T445566",
13abc7d0 PD	165	"KEY_OWN_TYPE": "SELF",
13abc7d0 PD	166	# the ones bellow should be set when using 'generate' to create the key
be8c26c1 PD	167	"KEY_OWN_CREATE_CN": "",
be8c26c1 PD	168	"KEY_OWN_CREATE_EMAIL": ""
13abc7d0 PD	169	}
	170	#: UI defaults for a VPN connection instance
	171	vpnconn_defaults = {
	172	"VPNCONN_ACTIVATION": "ALWAYS",
	173	"VPNCONN_DISABLED": "0",
	174	"VPNCONN_DNS_RELAYING_ALLOWED": "1",
	175	"VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
	176	"VPNCONN_ENCRYPTION_PROFILE_REF": "0",
	177	"VPNCONN_FIREWALL_RULESET_REF": "5",
	178	"VPNCONN_IKE_VERSION": "1",
	179	"VPNCONN_KEY_FOREIGN_REF": "1",
	180	"VPNCONN_KEY_OWN_REF": "1",
	181	"VPNCONN_KEY_TYPE": "PUBLIC",
	182	"VPNCONN_LAN_NAT_IP": "",
	183	"VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
	184	"VPNCONN_LAN_NAT_NETWORK": "",
	185	"VPNCONN_LAN_NIC_REF": "2",
be8c26c1	186	"VPNCONN_LAN_NET": "",
13abc7d0 PD	187	"VPNCONN_LAN_NETMASK": "255.255.0.0",
	188	"VPNCONN_LAN_TYPE": "NIC",
	189	"VPNCONN_LIFETIME_IKE": "480",
	190	"VPNCONN_LIFETIME_IPSECSA": "60",
	191	"VPNCONN_OFFLINE_DETECTION_SEC": "60",
	192	"VPNCONN_PEER_DNS": "",
df3ad4c0	193	"VPNCONN_PEER_IP": "",
13abc7d0 PD	194	"VPNCONN_PEER_TYPE": "IP",
	195	"VPNCONN_PROXY_PROFILE_REF": "-2",
	196	"VPNCONN_PSK": "",
	197	"VPNCONN_PSK_FOREIGN_ID": "",
	198	"VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
	199	"VPNCONN_PSK_OWN_ID": "",
	200	"VPNCONN_PSK_OWN_ID_TYPE": "IP",
	201	"VPNCONN_REMOTE_INET_NAT": "1",
be8c26c1	202	"VPNCONN_REMOTE_MODECONFIG_IP": "",
13abc7d0 PD	203	"VPNCONN_REMOTE_NAT_ENABLE": "0",
13abc7d0 PD	204	"VPNCONN_REMOTE_NAT_NETWORK": "",
be8c26c1	205	"VPNCONN_REMOTE_NET": "",
13abc7d0 PD	206	"VPNCONN_REMOTE_NETMASK": "255.255.0.0",
	207	"VPNCONN_REMOTE_TYPE": "CUSTOM",
	208	"VPNCONN_RETRIES": "3",
	209	"VPNCONN_SECURED": "ESP",
	210	"VPNCONN_XAUTH_SERVER_ENABLE": "0"
	211	}
188605ae PD	212
	213
	214	###############################################################################
f49f6323 PD	215	# MINOR CONFIGURATION
	216	###############################################################################
	217
7628bc48	218
188605ae	219	def template(name, value, instance=-1, defaults=None, **kwargs):
f49f6323	220	"""
188605ae	221	Generate a template cnf variable from provided defaults.
f49f6323	222
188605ae PD	223	:param str name: cnf variable name
188605ae PD	224	:param str value: cnf variable data value
b5abc93a	225	:param int instance: cnf variable instance number
188605ae PD	226	:param defaults: default child variables to populate the cnf variable with
188605ae PD	227	:type defaults: {str, str or {}} or None
b5abc93a PD	228	:returns: generated cnf variable
b5abc93a PD	229	:rtype: :py:class:`Cnf`
188605ae PD	230
188605ae PD	231	All additional keyword arguments will be used to overwrite the defaults.
f49f6323	232	"""
188605ae PD	233	log.info(f"Generating a template {name} cnfvar")
	234	cnf = Cnf(name, value=value, instance=instance)
	235	defaults = {} if defaults is None else defaults
	236	cnf.add_children(*[(key, value) for key, value in defaults.items()])
	237	for key in kwargs.keys():
	238	cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
	239	return cnf
f49f6323 PD	240
f49f6323 PD	241
a4a705cc	242	def user(name, instance=-1, **kwargs):
f49f6323	243	"""
188605ae	244	Generate a user cnf variable.
f49f6323	245
188605ae	246	:param str name: username for the user
b5abc93a PD	247	:param int instance: instance number for the user
	248	:returns: generated cnf variable
	249	:rtype: :py:class:`Cnf`
f49f6323	250	"""
188605ae PD	251	log.info(f"Generating a user {name} cnfvar")
	252	user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
	253	user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
f49f6323 PD	254	return user_cnf
	255
	256
b358e4cb	257	def group(name, instance=-1, **kwargs):
f49f6323	258	"""
b358e4cb	259	Generate a group cnf variable.
f49f6323	260
b358e4cb PD	261	:param str name: name for the group
	262	:param int instance: instance number for the group
	263	:returns: generated cnf variable
	264	:rtype: :py:class:`Cnf`
f49f6323	265	"""
b358e4cb PD	266	log.info(f"Generating a group {name} cnfvar")
b358e4cb PD	267	group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
f49f6323 PD	268	return group_cnf
	269
	270
a4a705cc	271	def nic(name, instance=-1, **kwargs):
f49f6323	272	"""
13abc7d0 PD	273	Generate a nic cnf variable.
13abc7d0 PD	274
a4a705cc	275	:param str name: tag or comment for the nic describing its use
13abc7d0 PD	276	:param int instance: instance number for the nic
	277	:returns: generated cnf variable
	278	:rtype: :py:class:`Cnf`
f49f6323	279	"""
13abc7d0 PD	280	log.info(f"Generating a nic cnfvar")
13abc7d0 PD	281	nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
a4a705cc	282	nic_cnf.children.single_with_name("nic_comment").value = name
f8e700d7 PD	283	if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
	284	nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
	285	nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
	286	nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
	287	nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
	288	nic_cnf.add_child("nic_lan_nat_into", "0")
	289	nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
	290	nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
f49f6323 PD	291	return nic_cnf
	292
	293
13abc7d0	294	def intraclient(name, instance=-1, **kwargs):
f49f6323	295	"""
13abc7d0 PD	296	Generate an intraclient cnf variable.
	297
	298	:param str name: name for the intraclient
	299	:param int instance: instance number for the intraclient
	300	:returns: generated cnf variable
	301	:rtype: :py:class:`Cnf`
f49f6323	302	"""
13abc7d0 PD	303	log.info(f"Generating an intraclient {name} cnfvar")
	304	intraclient_cnf = template("intraclient", name, instance=instance,
	305	defaults=intraclient_defaults, **kwargs)
f49f6323 PD	306	return intraclient_cnf
	307
	308
a4a705cc	309	def provider(name, instance=-1, **kwargs):
f49f6323	310	"""
13abc7d0	311	Generate a provider cnf variable.
f49f6323	312
13abc7d0	313	:param str name: name for the provider
13abc7d0 PD	314	:param int instance: instance number for the provider
	315	:returns: generated cnf variable
	316	:rtype: :py:class:`Cnf`
f49f6323	317	"""
13abc7d0 PD	318	log.info(f"Generating a provider {name} cnfvar")
	319	provider_cnf = template("provider", name, instance=instance,
	320	defaults=provider_defaults, **kwargs)
f8e700d7 PD	321	# the validation of the LOCALIP will not be ignored despite choosing a different mode
	322	if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
	323	provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
	324	provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
	325	if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
	326	provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
	327	if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
	328	provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
f49f6323 PD	329	return provider_cnf
	330
	331
a4a705cc	332	def port_forwarding(name, instance=-1, **kwargs):
f49f6323	333	"""
13abc7d0 PD	334	Generate a port forwarding cnf variable.
	335
	336	:param str name: name for the port forwarding mapping
13abc7d0 PD	337	:param int instance: instance number for the port forwarding mapping
	338	:returns: generated cnf variable
	339	:rtype: :py:class:`Cnf`
f49f6323	340	"""
13abc7d0 PD	341	log.info(f"Generating a port forwarding {name} cnfvar")
	342	port_forwarding_cnf = template("port_forwarding", name, instance=instance,
	343	defaults=port_forwarding_defaults, **kwargs)
f8e700d7 PD	344	if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
	345	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
	346	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
	347	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
	348	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
	349	port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
13abc7d0	350	return port_forwarding_cnf
f49f6323 PD	351
f49f6323 PD	352
13abc7d0	353	def firewall_ruleset(name, instance=-1, **kwargs):
f49f6323	354	"""
13abc7d0	355	Generate a firewall ruleset cnf variable.
f49f6323	356
13abc7d0 PD	357	:param str name: name for the firewall ruleset
	358	:param int instance: instance number for the firewall ruleset
	359	:returns: generated cnf variable
	360	:rtype: :py:class:`Cnf`
f49f6323	361	"""
13abc7d0 PD	362	log.info(f"Generating a firewall ruleset {name} cnfvar")
	363	firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
	364	defaults=firewall_ruleset_defaults, **kwargs)
	365	return firewall_ruleset_cnf
	366
	367
	368	def proxy_accesslist(name, instance=-1, **kwargs):
f49f6323	369	"""
13abc7d0	370	Generate a proxy accesslist cnf variable.
f49f6323	371
13abc7d0 PD	372	:param str name: name for the proxy accesslist
	373	:param int instance: instance number for the proxy accesslist
	374	:returns: generated cnf variable
	375	:rtype: :py:class:`Cnf`
f49f6323	376	"""
13abc7d0 PD	377	log.info(f"Generating a proxy accesslist {name} cnfvar")
	378	proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
	379	defaults=proxy_accesslist_defaults, **kwargs)
	380	return proxy_accesslist_cnf
	381
	382
	383	def key_own(name, instance=-1, **kwargs):
f49f6323	384	"""
13abc7d0	385	Generate an own key cnf variable.
f49f6323	386
13abc7d0 PD	387	:param str name: name for the own key
	388	:param int instance: instance number for the own key
	389	:returns: generated cnf variable
	390	:rtype: :py:class:`Cnf`
f49f6323	391	"""
13abc7d0 PD	392	log.info(f"Generating an own key {name} cnfvar")
	393	key_own_cnf = template("key_own", name, instance=instance,
	394	defaults=key_own_defaults, **kwargs)
	395	return key_own_cnf
	396
	397
	398	def vpnconn(name, instance=-1, **kwargs):
f49f6323	399	"""
13abc7d0	400	Generate a vpn connection cnf variable.
f49f6323	401
13abc7d0 PD	402	:param str name: name for the vpn connection
	403	:param int instance: instance number for the vpn connection
	404	:returns: generated cnf variable
	405	:rtype: :py:class:`Cnf`
f49f6323	406	"""
13abc7d0 PD	407	log.info(f"Generating a vpn connection {name} cnfvar")
	408	vpnconn_cnf = template("vpnconn", name, instance=instance,
	409	defaults=vpnconn_defaults, **kwargs)
f8e700d7 PD	410	if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
	411	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
	412	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
	413	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
	414	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
	415	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
13abc7d0	416	return vpnconn_cnf