1 # The software in this package is distributed under the GNU General
2 # Public License version 2 (with a special exception described below).
4 # A copy of GNU General Public License (GPL) is included in this distribution,
5 # in the file COPYING.GPL.
7 # As a special exception, if other files instantiate templates or use macros
8 # or inline functions from this file, or you compile this file and link it
9 # with other works to produce a work based on this file, this file
10 # does not by itself cause the resulting work to be covered
11 # by the GNU General Public License.
13 # However the source code for this file must still be made available
14 # in accordance with section (3) of the GNU General Public License.
16 # This exception does not invalidate any other reasons why a work based
17 # on this file might be covered by the GNU General Public License.
19 # Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
22 Module for one-step dynamic cnfvar generation from default value templates.
24 .. codeauthor:: Intra2net
26 These templates contain the bare defaults the UI adds upon
27 creation of each major and frequently used cnfvar.
34 from .model import Cnf, CnfList
37 log = logging.getLogger('pyi2ncommon.cnfvar.templates')
40 ###############################################################################
42 ###############################################################################
45 #: UI defaults for a user instance
49 "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
50 "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
51 "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
52 "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
53 "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
54 "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
55 "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
56 # always a member of the 'Alle' group
57 "USER_GROUP_MEMBER_REF": "2",
60 "USER_TRASH_DELETEDAYS": "30",
61 "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
62 "USER_WEBMAIL_SIGNATURE": "",
64 #: UI defaults for a group instance
67 "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
68 "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
69 "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
70 "GROUP_PROXY_PROFILE_REF": "1",
72 #: UI defaults for an intraclient instance
73 intraclient_defaults = {
74 "INTRACLIENT_COMMENT": "",
75 "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
76 "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
77 "INTRACLIENT_FIREWALL_RULESET_REF": "5",
79 "INTRACLIENT_MAC": "",
80 "INTRACLIENT_PROXY_PROFILE_REF": "-1",
82 #: UI defaults for a NIC instance
89 #: UI defaults for a provider instance
91 "PROVIDER_PROXY_SERVER": "",
92 "PROVIDER_PROXY_PORT": "",
93 "PROVIDER_PROXY_PASSWORD": "",
94 "PROVIDER_PROXY_LOGIN": "",
95 "PROVIDER_NIC_REF": "1",
96 "PROVIDER_NETMASK": "255.255.0.0",
97 "PROVIDER_MTU_SIZE": "1500",
98 "PROVIDER_MODE": "ROUTER",
99 "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
100 "PROVIDER_LOCALIP": "",
102 "PROVIDER_FIREWALL_RULESET_REF": "7",
103 "PROVIDER_FALLBACK_TIMEOUT": "60",
104 "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
105 "PROVIDER_EMAIL_RELAY_REF": "-1",
106 "PROVIDER_DYNDNS_WEBCHECKIP": "0",
107 "PROVIDER_DYNDNS_ENABLE": "1",
108 "PROVIDER_DNS_MODE": "ROOT",
110 "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
111 "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
112 "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
113 "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
115 #: UI defaults for a port forwarding instance
116 port_forwarding_defaults = {
117 "PORT_FORWARDING_DST_IP_REF": "1",
118 "PORT_FORWARDING_DST_PORT": "",
119 "PORT_FORWARDING_DST_PORT_END": "",
120 "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
121 "PORT_FORWARDING_SRC_PORT": "",
122 "PORT_FORWARDING_SRC_PORT_END": "",
124 #: UI defaults for a firewall ruleset instance
125 firewall_ruleset_defaults = {
126 "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
128 #: UI defaults for a proxy accesslist instance
129 proxy_accesslist_defaults = {
130 "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
131 "PROXY_ACCESSLIST_MODE": "1",
132 "PROXY_ACCESSLIST_SIZETYPE": "1",
133 "PROXY_ACCESSLIST_TYPE": "0",
135 #: UI defaults for a key instance
137 "KEY_OWN_FINGERPRINT_MD5": "",
138 "KEY_OWN_FINGERPRINT_SHA1": "",
139 "KEY_OWN_ID_X509": "CN=net.lan",
140 "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
141 "KEY_OWN_KEYSIZE": "2048",
142 "KEY_OWN_HASH_ALGO": "SHA2_256",
143 # TODO: the key own creation is currently too hacky for better sanitized defaults
144 "KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
145 # TODO: the key own creation is currently too hacky for better sanitized defaults
146 "KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
147 # TODO: the key own creation is currently too hacky for better sanitized defaults
148 "KEY_OWN_REQUEST": "<CREATE_HACK>",
149 "KEY_OWN_SUBJECT": "CN=net.lan",
150 # TODO: the key own creation is currently too hacky for better sanitized defaults
151 "KEY_OWN_VALIDFROM": "00001122T445566",
152 # TODO: the key own creation is currently too hacky for better sanitized defaults
153 "KEY_OWN_VALIDTILL": "99991122T445566",
154 "KEY_OWN_TYPE": "SELF",
155 # the ones bellow should be set when using 'generate' to create the key
156 "KEY_OWN_CREATE_CN": "",
157 "KEY_OWN_CREATE_EMAIL": ""
159 #: UI defaults for a VPN connection instance
161 "VPNCONN_ACTIVATION": "ALWAYS",
162 "VPNCONN_DISABLED": "0",
163 "VPNCONN_DNS_RELAYING_ALLOWED": "1",
164 "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
165 "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
166 "VPNCONN_FIREWALL_RULESET_REF": "5",
167 "VPNCONN_IKE_VERSION": "1",
168 "VPNCONN_KEY_FOREIGN_REF": "1",
169 "VPNCONN_KEY_OWN_REF": "1",
170 "VPNCONN_KEY_TYPE": "PUBLIC",
171 "VPNCONN_LAN_NAT_IP": "",
172 "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
173 "VPNCONN_LAN_NAT_NETWORK": "",
174 "VPNCONN_LAN_NIC_REF": "2",
175 "VPNCONN_LAN_NET": "",
176 "VPNCONN_LAN_NETMASK": "255.255.0.0",
177 "VPNCONN_LAN_TYPE": "NIC",
178 "VPNCONN_LIFETIME_IKE": "480",
179 "VPNCONN_LIFETIME_IPSECSA": "60",
180 "VPNCONN_OFFLINE_DETECTION_SEC": "60",
181 "VPNCONN_PEER_DNS": "",
182 "VPNCONN_PEER_IP": "",
183 "VPNCONN_PEER_TYPE": "IP",
184 "VPNCONN_PROTO": "IPSEC",
185 "VPNCONN_PROXY_PROFILE_REF": "-2",
187 "VPNCONN_PSK_FOREIGN_ID": "",
188 "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
189 "VPNCONN_PSK_OWN_ID": "",
190 "VPNCONN_PSK_OWN_ID_TYPE": "IP",
191 "VPNCONN_REMOTE_INET_NAT": "1",
192 "VPNCONN_REMOTE_MODECONFIG_IP": "",
193 "VPNCONN_REMOTE_NAT_ENABLE": "0",
194 "VPNCONN_REMOTE_NAT_NETWORK": "",
195 "VPNCONN_REMOTE_NET": "",
196 "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
197 "VPNCONN_REMOTE_TYPE": "CUSTOM",
198 "VPNCONN_RETRIES": "3",
199 "VPNCONN_SECURED": "ESP",
200 "VPNCONN_XAUTH_SERVER_ENABLE": "0"
204 ###############################################################################
205 # MINOR CONFIGURATION
206 ###############################################################################
209 def template(name, value, instance=-1, defaults=None, **kwargs):
211 Generate a template cnf variable from provided defaults.
213 :param str name: cnf variable name
214 :param str value: cnf variable data value
215 :param int instance: cnf variable instance number
216 :param defaults: default child variables to populate the cnf variable with
217 :type defaults: {str, str or {}} or None
218 :returns: generated cnf variable
219 :rtype: :py:class:`Cnf`
221 All additional keyword arguments will be used to overwrite the defaults.
223 log.info(f"Generating a template {name} cnfvar")
224 cnf = Cnf(name, value=value, instance=instance)
225 defaults = {} if defaults is None else defaults
226 cnf.add_children(*[(key, value) for key, value in defaults.items()])
227 for key in kwargs.keys():
228 cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
232 def user(name, instance=-1, **kwargs):
234 Generate a user cnf variable.
236 :param str name: username for the user
237 :param int instance: instance number for the user
238 :returns: generated cnf variable
239 :rtype: :py:class:`Cnf`
241 log.info(f"Generating a user {name} cnfvar")
242 user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
243 user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
247 def group(name, instance=-1, **kwargs):
249 Generate a group cnf variable.
251 :param str name: name for the group
252 :param int instance: instance number for the group
253 :returns: generated cnf variable
254 :rtype: :py:class:`Cnf`
256 log.info(f"Generating a group {name} cnfvar")
257 group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
261 def nic(name, instance=-1, **kwargs):
263 Generate a nic cnf variable.
265 :param str name: tag or comment for the nic describing its use
266 :param int instance: instance number for the nic
267 :returns: generated cnf variable
268 :rtype: :py:class:`Cnf`
270 log.info(f"Generating a nic cnfvar")
271 nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
272 nic_cnf.children.single_with_name("nic_comment").value = name
273 if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
274 nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
275 nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
276 nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
277 nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
278 nic_cnf.add_child("nic_lan_nat_into", "0")
279 nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
280 nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
284 def intraclient(name, instance=-1, **kwargs):
286 Generate an intraclient cnf variable.
288 :param str name: name for the intraclient
289 :param int instance: instance number for the intraclient
290 :returns: generated cnf variable
291 :rtype: :py:class:`Cnf`
293 log.info(f"Generating an intraclient {name} cnfvar")
294 intraclient_cnf = template("intraclient", name, instance=instance,
295 defaults=intraclient_defaults, **kwargs)
296 return intraclient_cnf
299 def provider(name, instance=-1, **kwargs):
301 Generate a provider cnf variable.
303 :param str name: name for the provider
304 :param int instance: instance number for the provider
305 :returns: generated cnf variable
306 :rtype: :py:class:`Cnf`
308 log.info(f"Generating a provider {name} cnfvar")
309 provider_cnf = template("provider", name, instance=instance,
310 defaults=provider_defaults, **kwargs)
311 # the validation of the LOCALIP will not be ignored despite choosing a different mode
312 if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
313 provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
314 provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
315 if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
316 provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
317 if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
318 provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
322 def port_forwarding(name, instance=-1, **kwargs):
324 Generate a port forwarding cnf variable.
326 :param str name: name for the port forwarding mapping
327 :param int instance: instance number for the port forwarding mapping
328 :returns: generated cnf variable
329 :rtype: :py:class:`Cnf`
331 log.info(f"Generating a port forwarding {name} cnfvar")
332 port_forwarding_cnf = template("port_forwarding", name, instance=instance,
333 defaults=port_forwarding_defaults, **kwargs)
334 if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
335 port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
336 port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
337 port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
338 port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
339 port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
340 return port_forwarding_cnf
343 def firewall_ruleset(name, instance=-1, **kwargs):
345 Generate a firewall ruleset cnf variable.
347 :param str name: name for the firewall ruleset
348 :param int instance: instance number for the firewall ruleset
349 :returns: generated cnf variable
350 :rtype: :py:class:`Cnf`
352 log.info(f"Generating a firewall ruleset {name} cnfvar")
353 firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
354 defaults=firewall_ruleset_defaults, **kwargs)
355 return firewall_ruleset_cnf
358 def proxy_accesslist(name, instance=-1, **kwargs):
360 Generate a proxy accesslist cnf variable.
362 :param str name: name for the proxy accesslist
363 :param int instance: instance number for the proxy accesslist
364 :returns: generated cnf variable
365 :rtype: :py:class:`Cnf`
367 log.info(f"Generating a proxy accesslist {name} cnfvar")
368 proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
369 defaults=proxy_accesslist_defaults, **kwargs)
370 return proxy_accesslist_cnf
373 def key_own(name, instance=-1, **kwargs):
375 Generate an own key cnf variable.
377 :param str name: name for the own key
378 :param int instance: instance number for the own key
379 :returns: generated cnf variable
380 :rtype: :py:class:`Cnf`
382 log.info(f"Generating an own key {name} cnfvar")
383 key_own_cnf = template("key_own", name, instance=instance,
384 defaults=key_own_defaults, **kwargs)
388 def vpnconn(name, instance=-1, **kwargs):
390 Generate a vpn connection cnf variable.
392 :param str name: name for the vpn connection
393 :param int instance: instance number for the vpn connection
394 :returns: generated cnf variable
395 :rtype: :py:class:`Cnf`
397 log.info(f"Generating a vpn connection {name} cnfvar")
398 vpnconn_cnf = template("vpnconn", name, instance=instance,
399 defaults=vpnconn_defaults, **kwargs)
400 if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
401 vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
402 if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
403 vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
404 if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
405 vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")