[pyi2ncommon] / src / cnfvar / templates.py

# The software in this package is distributed under the GNU General
# Public License version 2 (with a special exception described below).
#
# A copy of GNU General Public License (GPL) is included in this distribution,
# in the file COPYING.GPL.
#
# As a special exception, if other files instantiate templates or use macros
# or inline functions from this file, or you compile this file and link it
# with other works to produce a work based on this file, this file
# does not by itself cause the resulting work to be covered
# by the GNU General Public License.
#
# However the source code for this file must still be made available
# in accordance with section (3) of the GNU General Public License.
#
# This exception does not invalidate any other reasons why a work based
# on this file might be covered by the GNU General Public License.
#
# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>

"""
Module for one-step dynamic cnfvar generation from default value templates.

.. codeauthor:: Intra2net

These templates contain the bare defaults the UI adds upon
creation of each major and frequently used cnfvar.
"""

import time
import logging

# custom imports
from .model import Cnf, CnfList


log = logging.getLogger('pyi2ncommon.cnfvar.templates')


###############################################################################
# MAJOR CNF DEFAULTS
###############################################################################


#: UI defaults for a user instance
user_defaults = {
    "USER_DISABLED": "0",
    "USER_FULLNAME": "",
    "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
    "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
    "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
    "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
    "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
    "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
    "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
    # always a member of the 'Alle' group
    "USER_GROUP_MEMBER_REF": "2",
    "USER_LOCALE": "",
    "USER_PASSWORD": "",
    "USER_TRASH_DELETEDAYS": "30",
    "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
    "USER_WEBMAIL_SIGNATURE": "",
}
#: UI defaults for a group instance
group_defaults = {
    "GROUP_COMMENT": "",
    "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
    "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
    "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
    "GROUP_PROXY_PROFILE_REF": "1",
}
#: UI defaults for an intraclient instance
intraclient_defaults = {
    "INTRACLIENT_COMMENT": "",
    "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
    "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
    "INTRACLIENT_FIREWALL_RULESET_REF": "5",
    "INTRACLIENT_IP": "",
    "INTRACLIENT_MAC": "",
    "INTRACLIENT_PROXY_PROFILE_REF": "-1",
}
#: UI defaults for a NIC instance
nic_defaults = {
    "NIC_COMMENT": "",
    "NIC_DRIVER": "",
    "NIC_MAC": "",
    "NIC_TYPE": "UNUSED",
}
#: UI defaults for a provider instance
provider_defaults = {
    "PROVIDER_PROXY_SERVER": "",
    "PROVIDER_PROXY_PORT": "",
    "PROVIDER_PROXY_PASSWORD": "",
    "PROVIDER_PROXY_LOGIN": "",
    "PROVIDER_NIC_REF": "1",
    "PROVIDER_NETMASK": "255.255.0.0",
    "PROVIDER_MTU_SIZE": "1500",
    "PROVIDER_MODE": "ROUTER",
    "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
    "PROVIDER_LOCALIP": "",
    "PROVIDER_IP": "",
    "PROVIDER_FIREWALL_RULESET_REF": "7",
    "PROVIDER_FALLBACK_TIMEOUT": "60",
    "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
    "PROVIDER_EMAIL_RELAY_REF": "-1",
    "PROVIDER_DYNDNS_WEBCHECKIP": "0",
    "PROVIDER_DYNDNS_ENABLE": "1",
    "PROVIDER_DNS_MODE": "ROOT",
    "PROVIDER_DNS": "",
    "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
    "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
    "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
    "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
}
#: UI defaults for a port forwarding instance
port_forwarding_defaults = {
    "PORT_FORWARDING_DST_IP_REF": "1",
    "PORT_FORWARDING_DST_PORT": "",
    "PORT_FORWARDING_DST_PORT_END": "",
    "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
    "PORT_FORWARDING_SRC_PORT": "",
    "PORT_FORWARDING_SRC_PORT_END": "",
}
#: UI defaults for a firewall ruleset instance
firewall_ruleset_defaults = {
    "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
}
#: UI defaults for a proxy accesslist instance
proxy_accesslist_defaults = {
    "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
    "PROXY_ACCESSLIST_MODE": "1",
    "PROXY_ACCESSLIST_SIZETYPE": "1",
    "PROXY_ACCESSLIST_TYPE": "0",
}
#: UI defaults for a key instance
key_own_defaults = {
    "KEY_OWN_FINGERPRINT_MD5": "",
    "KEY_OWN_FINGERPRINT_SHA1": "",
    "KEY_OWN_ID_X509": "CN=net.lan",
    "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
    "KEY_OWN_KEYSIZE": "2048",
    "KEY_OWN_HASH_ALGO": "SHA2_256",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_REQUEST": "<CREATE_HACK>",
    "KEY_OWN_SUBJECT": "CN=net.lan",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDFROM": "00001122T445566",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDTILL": "99991122T445566",
    "KEY_OWN_TYPE": "SELF",
    # the ones bellow should be set when using 'generate' to create the key
    "KEY_OWN_CREATE_CN": "",
    "KEY_OWN_CREATE_EMAIL": ""
}
#: UI defaults for a VPN connection instance
vpnconn_defaults = {
    "VPNCONN_ACTIVATION": "ALWAYS",
    "VPNCONN_DISABLED": "0",
    "VPNCONN_DNS_RELAYING_ALLOWED": "1",
    "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
    "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
    "VPNCONN_FIREWALL_RULESET_REF": "5",
    "VPNCONN_IKE_VERSION": "1",
    "VPNCONN_KEY_FOREIGN_REF": "1",
    "VPNCONN_KEY_OWN_REF": "1",
    "VPNCONN_KEY_TYPE": "PUBLIC",
    "VPNCONN_LAN_NAT_IP": "",
    "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
    "VPNCONN_LAN_NAT_NETWORK": "",
    "VPNCONN_LAN_NIC_REF": "2",
    "VPNCONN_LAN_NET": "",
    "VPNCONN_LAN_NETMASK": "255.255.0.0",
    "VPNCONN_LAN_TYPE": "NIC",
    "VPNCONN_LIFETIME_IKE": "480",
    "VPNCONN_LIFETIME_IPSECSA": "60",
    "VPNCONN_OFFLINE_DETECTION_SEC": "60",
    "VPNCONN_PEER_DNS": "",
    "VPNCONN_PEER_IP": "",
    "VPNCONN_PEER_TYPE": "IP",
    "VPNCONN_PROXY_PROFILE_REF": "-2",
    "VPNCONN_PSK": "",
    "VPNCONN_PSK_FOREIGN_ID": "",
    "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
    "VPNCONN_PSK_OWN_ID": "",
    "VPNCONN_PSK_OWN_ID_TYPE": "IP",
    "VPNCONN_REMOTE_INET_NAT": "1",
    "VPNCONN_REMOTE_MODECONFIG_IP": "",
    "VPNCONN_REMOTE_NAT_ENABLE": "0",
    "VPNCONN_REMOTE_NAT_NETWORK": "",
    "VPNCONN_REMOTE_NET": "",
    "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
    "VPNCONN_REMOTE_TYPE": "CUSTOM",
    "VPNCONN_RETRIES": "3",
    "VPNCONN_SECURED": "ESP",
    "VPNCONN_XAUTH_SERVER_ENABLE": "0"
}


###############################################################################
# MINOR CONFIGURATION
###############################################################################


def template(name, value, instance=-1, defaults=None, **kwargs):
    """
    Generate a template cnf variable from provided defaults.

    :param str name: cnf variable name
    :param str value: cnf variable data value
    :param int instance: cnf variable instance number
    :param defaults: default child variables to populate the cnf variable with
    :type defaults: {str, str or {}} or None
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`

    All additional keyword arguments will be used to overwrite the defaults.
    """
    log.info(f"Generating a template {name} cnfvar")
    cnf = Cnf(name, value=value, instance=instance)
    defaults = {} if defaults is None else defaults
    cnf.add_children(*[(key, value) for key, value in defaults.items()])
    for key in kwargs.keys():
        cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
    return cnf


def user(name, instance=-1, **kwargs):
    """
    Generate a user cnf variable.

    :param str name: username for the user
    :param int instance: instance number for the user
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a user {name} cnfvar")
    user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
    user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
    return user_cnf


def group(name, instance=-1, **kwargs):
    """
    Generate a group cnf variable.

    :param str name: name for the group
    :param int instance: instance number for the group
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a group {name} cnfvar")
    group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
    return group_cnf


def nic(name, instance=-1, **kwargs):
    """
    Generate a nic cnf variable.

    :param str name: tag or comment for the nic describing its use
    :param int instance: instance number for the nic
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a nic cnfvar")
    nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
    nic_cnf.children.single_with_name("nic_comment").value = name
    if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
        nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
        nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
        nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_nat_into", "0")
        nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
        nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
    return nic_cnf


def intraclient(name, instance=-1, **kwargs):
    """
    Generate an intraclient cnf variable.

    :param str name: name for the intraclient
    :param int instance: instance number for the intraclient
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an intraclient {name} cnfvar")
    intraclient_cnf = template("intraclient", name, instance=instance,
                               defaults=intraclient_defaults, **kwargs)
    return intraclient_cnf


def provider(name, instance=-1, **kwargs):
    """
    Generate a provider cnf variable.

    :param str name: name for the provider
    :param int instance: instance number for the provider
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a provider {name} cnfvar")
    provider_cnf = template("provider", name, instance=instance,
                            defaults=provider_defaults, **kwargs)
    # the validation of the LOCALIP will not be ignored despite choosing a different mode
    if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
        provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
        provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
    if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
    if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
    return provider_cnf


def port_forwarding(name, instance=-1, **kwargs):
    """
    Generate a port forwarding cnf variable.

    :param str name: name for the port forwarding mapping
    :param int instance: instance number for the port forwarding mapping
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a port forwarding {name} cnfvar")
    port_forwarding_cnf = template("port_forwarding", name, instance=instance,
                                   defaults=port_forwarding_defaults, **kwargs)
    if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
        port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
    return port_forwarding_cnf


def firewall_ruleset(name, instance=-1, **kwargs):
    """
    Generate a firewall ruleset cnf variable.

    :param str name: name for the firewall ruleset
    :param int instance: instance number for the firewall ruleset
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a firewall ruleset {name} cnfvar")
    firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
                                    defaults=firewall_ruleset_defaults, **kwargs)
    return firewall_ruleset_cnf


def proxy_accesslist(name, instance=-1, **kwargs):
    """
    Generate a proxy accesslist cnf variable.

    :param str name: name for the proxy accesslist
    :param int instance: instance number for the proxy accesslist
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a proxy accesslist {name} cnfvar")
    proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
                                    defaults=proxy_accesslist_defaults, **kwargs)
    return proxy_accesslist_cnf


def key_own(name, instance=-1, **kwargs):
    """
    Generate an own key cnf variable.

    :param str name: name for the own key
    :param int instance: instance number for the own key
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an own key {name} cnfvar")
    key_own_cnf = template("key_own", name, instance=instance,
                           defaults=key_own_defaults, **kwargs)
    return key_own_cnf


def vpnconn(name, instance=-1, **kwargs):
    """
    Generate a vpn connection cnf variable.

    :param str name: name for the vpn connection
    :param int instance: instance number for the vpn connection
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a vpn connection {name} cnfvar")
    vpnconn_cnf = template("vpnconn", name, instance=instance,
                           defaults=vpnconn_defaults, **kwargs)
    if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
    return vpnconn_cnf
Commit	Line	Data
11cbb815 PD	1	# The software in this package is distributed under the GNU General
	2	# Public License version 2 (with a special exception described below).
	3	#
	4	# A copy of GNU General Public License (GPL) is included in this distribution,
	5	# in the file COPYING.GPL.
	6	#
	7	# As a special exception, if other files instantiate templates or use macros
	8	# or inline functions from this file, or you compile this file and link it
	9	# with other works to produce a work based on this file, this file
	10	# does not by itself cause the resulting work to be covered
	11	# by the GNU General Public License.
	12	#
	13	# However the source code for this file must still be made available
	14	# in accordance with section (3) of the GNU General Public License.
	15	#
	16	# This exception does not invalidate any other reasons why a work based
	17	# on this file might be covered by the GNU General Public License.
	18	#
	19	# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
	20
f49f6323	21	"""
188605ae	22	Module for one-step dynamic cnfvar generation from default value templates.
f49f6323	23
b5abc93a	24	.. codeauthor:: Intra2net
b7e04a3e	25
188605ae PD	26	These templates contain the bare defaults the UI adds upon
188605ae PD	27	creation of each major and frequently used cnfvar.
f49f6323 PD	28	"""
	29
	30	import time
	31	import logging
f49f6323 PD	32
f49f6323 PD	33	# custom imports
b5abc93a PD	34	from .model import Cnf, CnfList
	35
	36
	37	log = logging.getLogger('pyi2ncommon.cnfvar.templates')
f49f6323 PD	38
	39
	40	###############################################################################
188605ae PD	41	# MAJOR CNF DEFAULTS
	42	###############################################################################
	43
	44
	45	#: UI defaults for a user instance
	46	user_defaults = {
	47	"USER_DISABLED": "0",
	48	"USER_FULLNAME": "",
4fef584f PD	49	"USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
	50	"USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
	51	"USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
	52	"USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
	53	"USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
	54	"USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
	55	"USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
188605ae PD	56	# always a member of the 'Alle' group
	57	"USER_GROUP_MEMBER_REF": "2",
	58	"USER_LOCALE": "",
be8c26c1	59	"USER_PASSWORD": "",
188605ae PD	60	"USER_TRASH_DELETEDAYS": "30",
	61	"USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
	62	"USER_WEBMAIL_SIGNATURE": "",
	63	}
b358e4cb PD	64	#: UI defaults for a group instance
	65	group_defaults = {
	66	"GROUP_COMMENT": "",
	67	"GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
	68	"GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
	69	"GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
	70	"GROUP_PROXY_PROFILE_REF": "1",
	71	}
13abc7d0 PD	72	#: UI defaults for an intraclient instance
	73	intraclient_defaults = {
	74	"INTRACLIENT_COMMENT": "",
	75	"INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
	76	"INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
	77	"INTRACLIENT_FIREWALL_RULESET_REF": "5",
df3ad4c0 PD	78	"INTRACLIENT_IP": "",
df3ad4c0 PD	79	"INTRACLIENT_MAC": "",
13abc7d0 PD	80	"INTRACLIENT_PROXY_PROFILE_REF": "-1",
	81	}
	82	#: UI defaults for a NIC instance
	83	nic_defaults = {
	84	"NIC_COMMENT": "",
be8c26c1 PD	85	"NIC_DRIVER": "",
be8c26c1 PD	86	"NIC_MAC": "",
4fef584f	87	"NIC_TYPE": "UNUSED",
13abc7d0 PD	88	}
	89	#: UI defaults for a provider instance
	90	provider_defaults = {
	91	"PROVIDER_PROXY_SERVER": "",
	92	"PROVIDER_PROXY_PORT": "",
	93	"PROVIDER_PROXY_PASSWORD": "",
	94	"PROVIDER_PROXY_LOGIN": "",
	95	"PROVIDER_NIC_REF": "1",
	96	"PROVIDER_NETMASK": "255.255.0.0",
	97	"PROVIDER_MTU_SIZE": "1500",
	98	"PROVIDER_MODE": "ROUTER",
	99	"PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
	100	"PROVIDER_LOCALIP": "",
	101	"PROVIDER_IP": "",
	102	"PROVIDER_FIREWALL_RULESET_REF": "7",
	103	"PROVIDER_FALLBACK_TIMEOUT": "60",
	104	"PROVIDER_FALLBACK_PROVIDER_REF": "-1",
	105	"PROVIDER_EMAIL_RELAY_REF": "-1",
	106	"PROVIDER_DYNDNS_WEBCHECKIP": "0",
	107	"PROVIDER_DYNDNS_ENABLE": "1",
4fef584f	108	"PROVIDER_DNS_MODE": "ROOT",
13abc7d0 PD	109	"PROVIDER_DNS": "",
	110	"PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
	111	"PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
	112	"PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
	113	"PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
	114	}
	115	#: UI defaults for a port forwarding instance
	116	port_forwarding_defaults = {
	117	"PORT_FORWARDING_DST_IP_REF": "1",
	118	"PORT_FORWARDING_DST_PORT": "",
	119	"PORT_FORWARDING_DST_PORT_END": "",
	120	"PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
	121	"PORT_FORWARDING_SRC_PORT": "",
	122	"PORT_FORWARDING_SRC_PORT_END": "",
	123	}
	124	#: UI defaults for a firewall ruleset instance
	125	firewall_ruleset_defaults = {
	126	"FIREWALL_RULESET_PROFILE_TYPE": "FULL",
	127	}
	128	#: UI defaults for a proxy accesslist instance
	129	proxy_accesslist_defaults = {
	130	"PROXY_ACCESSLIST_ENTRY_COUNT": "123",
	131	"PROXY_ACCESSLIST_MODE": "1",
	132	"PROXY_ACCESSLIST_SIZETYPE": "1",
	133	"PROXY_ACCESSLIST_TYPE": "0",
	134	}
	135	#: UI defaults for a key instance
	136	key_own_defaults = {
be8c26c1 PD	137	"KEY_OWN_FINGERPRINT_MD5": "",
	138	"KEY_OWN_FINGERPRINT_SHA1": "",
	139	"KEY_OWN_ID_X509": "CN=net.lan",
	140	"KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
13abc7d0 PD	141	"KEY_OWN_KEYSIZE": "2048",
13abc7d0 PD	142	"KEY_OWN_HASH_ALGO": "SHA2_256",
be8c26c1 PD	143	# TODO: the key own creation is currently too hacky for better sanitized defaults
	144	"KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
	145	# TODO: the key own creation is currently too hacky for better sanitized defaults
	146	"KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
	147	# TODO: the key own creation is currently too hacky for better sanitized defaults
	148	"KEY_OWN_REQUEST": "<CREATE_HACK>",
	149	"KEY_OWN_SUBJECT": "CN=net.lan",
	150	# TODO: the key own creation is currently too hacky for better sanitized defaults
	151	"KEY_OWN_VALIDFROM": "00001122T445566",
	152	# TODO: the key own creation is currently too hacky for better sanitized defaults
	153	"KEY_OWN_VALIDTILL": "99991122T445566",
13abc7d0 PD	154	"KEY_OWN_TYPE": "SELF",
13abc7d0 PD	155	# the ones bellow should be set when using 'generate' to create the key
be8c26c1 PD	156	"KEY_OWN_CREATE_CN": "",
be8c26c1 PD	157	"KEY_OWN_CREATE_EMAIL": ""
13abc7d0 PD	158	}
	159	#: UI defaults for a VPN connection instance
	160	vpnconn_defaults = {
	161	"VPNCONN_ACTIVATION": "ALWAYS",
	162	"VPNCONN_DISABLED": "0",
	163	"VPNCONN_DNS_RELAYING_ALLOWED": "1",
	164	"VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
	165	"VPNCONN_ENCRYPTION_PROFILE_REF": "0",
	166	"VPNCONN_FIREWALL_RULESET_REF": "5",
	167	"VPNCONN_IKE_VERSION": "1",
	168	"VPNCONN_KEY_FOREIGN_REF": "1",
	169	"VPNCONN_KEY_OWN_REF": "1",
	170	"VPNCONN_KEY_TYPE": "PUBLIC",
	171	"VPNCONN_LAN_NAT_IP": "",
	172	"VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
	173	"VPNCONN_LAN_NAT_NETWORK": "",
	174	"VPNCONN_LAN_NIC_REF": "2",
be8c26c1	175	"VPNCONN_LAN_NET": "",
13abc7d0 PD	176	"VPNCONN_LAN_NETMASK": "255.255.0.0",
	177	"VPNCONN_LAN_TYPE": "NIC",
	178	"VPNCONN_LIFETIME_IKE": "480",
	179	"VPNCONN_LIFETIME_IPSECSA": "60",
	180	"VPNCONN_OFFLINE_DETECTION_SEC": "60",
	181	"VPNCONN_PEER_DNS": "",
df3ad4c0	182	"VPNCONN_PEER_IP": "",
13abc7d0 PD	183	"VPNCONN_PEER_TYPE": "IP",
	184	"VPNCONN_PROXY_PROFILE_REF": "-2",
	185	"VPNCONN_PSK": "",
	186	"VPNCONN_PSK_FOREIGN_ID": "",
	187	"VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
	188	"VPNCONN_PSK_OWN_ID": "",
	189	"VPNCONN_PSK_OWN_ID_TYPE": "IP",
	190	"VPNCONN_REMOTE_INET_NAT": "1",
be8c26c1	191	"VPNCONN_REMOTE_MODECONFIG_IP": "",
13abc7d0 PD	192	"VPNCONN_REMOTE_NAT_ENABLE": "0",
13abc7d0 PD	193	"VPNCONN_REMOTE_NAT_NETWORK": "",
be8c26c1	194	"VPNCONN_REMOTE_NET": "",
13abc7d0 PD	195	"VPNCONN_REMOTE_NETMASK": "255.255.0.0",
	196	"VPNCONN_REMOTE_TYPE": "CUSTOM",
	197	"VPNCONN_RETRIES": "3",
	198	"VPNCONN_SECURED": "ESP",
	199	"VPNCONN_XAUTH_SERVER_ENABLE": "0"
	200	}
188605ae PD	201
	202
	203	###############################################################################
f49f6323 PD	204	# MINOR CONFIGURATION
	205	###############################################################################
	206
7628bc48	207
188605ae	208	def template(name, value, instance=-1, defaults=None, **kwargs):
f49f6323	209	"""
188605ae	210	Generate a template cnf variable from provided defaults.
f49f6323	211
188605ae PD	212	:param str name: cnf variable name
188605ae PD	213	:param str value: cnf variable data value
b5abc93a	214	:param int instance: cnf variable instance number
188605ae PD	215	:param defaults: default child variables to populate the cnf variable with
188605ae PD	216	:type defaults: {str, str or {}} or None
b5abc93a PD	217	:returns: generated cnf variable
b5abc93a PD	218	:rtype: :py:class:`Cnf`
188605ae PD	219
188605ae PD	220	All additional keyword arguments will be used to overwrite the defaults.
f49f6323	221	"""
188605ae PD	222	log.info(f"Generating a template {name} cnfvar")
	223	cnf = Cnf(name, value=value, instance=instance)
	224	defaults = {} if defaults is None else defaults
	225	cnf.add_children(*[(key, value) for key, value in defaults.items()])
	226	for key in kwargs.keys():
	227	cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
	228	return cnf
f49f6323 PD	229
f49f6323 PD	230
a4a705cc	231	def user(name, instance=-1, **kwargs):
f49f6323	232	"""
188605ae	233	Generate a user cnf variable.
f49f6323	234
188605ae	235	:param str name: username for the user
b5abc93a PD	236	:param int instance: instance number for the user
	237	:returns: generated cnf variable
	238	:rtype: :py:class:`Cnf`
f49f6323	239	"""
188605ae PD	240	log.info(f"Generating a user {name} cnfvar")
	241	user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
	242	user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
f49f6323 PD	243	return user_cnf
	244
	245
b358e4cb	246	def group(name, instance=-1, **kwargs):
f49f6323	247	"""
b358e4cb	248	Generate a group cnf variable.
f49f6323	249
b358e4cb PD	250	:param str name: name for the group
	251	:param int instance: instance number for the group
	252	:returns: generated cnf variable
	253	:rtype: :py:class:`Cnf`
f49f6323	254	"""
b358e4cb PD	255	log.info(f"Generating a group {name} cnfvar")
b358e4cb PD	256	group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
f49f6323 PD	257	return group_cnf
	258
	259
a4a705cc	260	def nic(name, instance=-1, **kwargs):
f49f6323	261	"""
13abc7d0 PD	262	Generate a nic cnf variable.
13abc7d0 PD	263
a4a705cc	264	:param str name: tag or comment for the nic describing its use
13abc7d0 PD	265	:param int instance: instance number for the nic
	266	:returns: generated cnf variable
	267	:rtype: :py:class:`Cnf`
f49f6323	268	"""
13abc7d0 PD	269	log.info(f"Generating a nic cnfvar")
13abc7d0 PD	270	nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
a4a705cc	271	nic_cnf.children.single_with_name("nic_comment").value = name
f8e700d7 PD	272	if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
	273	nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
	274	nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
	275	nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
	276	nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
	277	nic_cnf.add_child("nic_lan_nat_into", "0")
	278	nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
	279	nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
f49f6323 PD	280	return nic_cnf
	281
	282
13abc7d0	283	def intraclient(name, instance=-1, **kwargs):
f49f6323	284	"""
13abc7d0 PD	285	Generate an intraclient cnf variable.
	286
	287	:param str name: name for the intraclient
	288	:param int instance: instance number for the intraclient
	289	:returns: generated cnf variable
	290	:rtype: :py:class:`Cnf`
f49f6323	291	"""
13abc7d0 PD	292	log.info(f"Generating an intraclient {name} cnfvar")
	293	intraclient_cnf = template("intraclient", name, instance=instance,
	294	defaults=intraclient_defaults, **kwargs)
f49f6323 PD	295	return intraclient_cnf
	296
	297
a4a705cc	298	def provider(name, instance=-1, **kwargs):
f49f6323	299	"""
13abc7d0	300	Generate a provider cnf variable.
f49f6323	301
13abc7d0	302	:param str name: name for the provider
13abc7d0 PD	303	:param int instance: instance number for the provider
	304	:returns: generated cnf variable
	305	:rtype: :py:class:`Cnf`
f49f6323	306	"""
13abc7d0 PD	307	log.info(f"Generating a provider {name} cnfvar")
	308	provider_cnf = template("provider", name, instance=instance,
	309	defaults=provider_defaults, **kwargs)
f8e700d7 PD	310	# the validation of the LOCALIP will not be ignored despite choosing a different mode
	311	if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
	312	provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
	313	provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
	314	if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
	315	provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
	316	if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
	317	provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
f49f6323 PD	318	return provider_cnf
	319
	320
a4a705cc	321	def port_forwarding(name, instance=-1, **kwargs):
f49f6323	322	"""
13abc7d0 PD	323	Generate a port forwarding cnf variable.
	324
	325	:param str name: name for the port forwarding mapping
13abc7d0 PD	326	:param int instance: instance number for the port forwarding mapping
	327	:returns: generated cnf variable
	328	:rtype: :py:class:`Cnf`
f49f6323	329	"""
13abc7d0 PD	330	log.info(f"Generating a port forwarding {name} cnfvar")
	331	port_forwarding_cnf = template("port_forwarding", name, instance=instance,
	332	defaults=port_forwarding_defaults, **kwargs)
f8e700d7 PD	333	if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
	334	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
	335	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
	336	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
	337	port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
	338	port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
13abc7d0	339	return port_forwarding_cnf
f49f6323 PD	340
f49f6323 PD	341
13abc7d0	342	def firewall_ruleset(name, instance=-1, **kwargs):
f49f6323	343	"""
13abc7d0	344	Generate a firewall ruleset cnf variable.
f49f6323	345
13abc7d0 PD	346	:param str name: name for the firewall ruleset
	347	:param int instance: instance number for the firewall ruleset
	348	:returns: generated cnf variable
	349	:rtype: :py:class:`Cnf`
f49f6323	350	"""
13abc7d0 PD	351	log.info(f"Generating a firewall ruleset {name} cnfvar")
	352	firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
	353	defaults=firewall_ruleset_defaults, **kwargs)
	354	return firewall_ruleset_cnf
	355
	356
	357	def proxy_accesslist(name, instance=-1, **kwargs):
f49f6323	358	"""
13abc7d0	359	Generate a proxy accesslist cnf variable.
f49f6323	360
13abc7d0 PD	361	:param str name: name for the proxy accesslist
	362	:param int instance: instance number for the proxy accesslist
	363	:returns: generated cnf variable
	364	:rtype: :py:class:`Cnf`
f49f6323	365	"""
13abc7d0 PD	366	log.info(f"Generating a proxy accesslist {name} cnfvar")
	367	proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
	368	defaults=proxy_accesslist_defaults, **kwargs)
	369	return proxy_accesslist_cnf
	370
	371
	372	def key_own(name, instance=-1, **kwargs):
f49f6323	373	"""
13abc7d0	374	Generate an own key cnf variable.
f49f6323	375
13abc7d0 PD	376	:param str name: name for the own key
	377	:param int instance: instance number for the own key
	378	:returns: generated cnf variable
	379	:rtype: :py:class:`Cnf`
f49f6323	380	"""
13abc7d0 PD	381	log.info(f"Generating an own key {name} cnfvar")
	382	key_own_cnf = template("key_own", name, instance=instance,
	383	defaults=key_own_defaults, **kwargs)
	384	return key_own_cnf
	385
	386
	387	def vpnconn(name, instance=-1, **kwargs):
f49f6323	388	"""
13abc7d0	389	Generate a vpn connection cnf variable.
f49f6323	390
13abc7d0 PD	391	:param str name: name for the vpn connection
	392	:param int instance: instance number for the vpn connection
	393	:returns: generated cnf variable
	394	:rtype: :py:class:`Cnf`
f49f6323	395	"""
13abc7d0 PD	396	log.info(f"Generating a vpn connection {name} cnfvar")
	397	vpnconn_cnf = template("vpnconn", name, instance=instance,
	398	defaults=vpnconn_defaults, **kwargs)
f8e700d7 PD	399	if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
	400	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
	401	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
	402	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
	403	if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
	404	vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
13abc7d0	405	return vpnconn_cnf