Add new VPNCONN_PROTO default VPNCONN cnfvar

[pyi2ncommon] / src / cnfvar / templates.py

# The software in this package is distributed under the GNU General
# Public License version 2 (with a special exception described below).
#
# A copy of GNU General Public License (GPL) is included in this distribution,
# in the file COPYING.GPL.
#
# As a special exception, if other files instantiate templates or use macros
# or inline functions from this file, or you compile this file and link it
# with other works to produce a work based on this file, this file
# does not by itself cause the resulting work to be covered
# by the GNU General Public License.
#
# However the source code for this file must still be made available
# in accordance with section (3) of the GNU General Public License.
#
# This exception does not invalidate any other reasons why a work based
# on this file might be covered by the GNU General Public License.
#
# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>

"""
Module for one-step dynamic cnfvar generation from default value templates.

.. codeauthor:: Intra2net

These templates contain the bare defaults the UI adds upon
creation of each major and frequently used cnfvar.
"""

import time
import logging

# custom imports
from .model import Cnf, CnfList


log = logging.getLogger('pyi2ncommon.cnfvar.templates')


###############################################################################
# MAJOR CNF DEFAULTS
###############################################################################


#: UI defaults for a user instance
user_defaults = {
    "USER_DISABLED": "0",
    "USER_FULLNAME": "",
    "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
    "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
    "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
    "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
    "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
    "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
    "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
    # always a member of the 'Alle' group
    "USER_GROUP_MEMBER_REF": "2",
    "USER_LOCALE": "",
    "USER_PASSWORD": "",
    "USER_TRASH_DELETEDAYS": "30",
    "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
    "USER_WEBMAIL_SIGNATURE": "",
}
#: UI defaults for a group instance
group_defaults = {
    "GROUP_COMMENT": "",
    "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
    "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
    "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
    "GROUP_PROXY_PROFILE_REF": "1",
}
#: UI defaults for an intraclient instance
intraclient_defaults = {
    "INTRACLIENT_COMMENT": "",
    "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
    "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
    "INTRACLIENT_FIREWALL_RULESET_REF": "5",
    "INTRACLIENT_IP": "",
    "INTRACLIENT_MAC": "",
    "INTRACLIENT_PROXY_PROFILE_REF": "-1",
}
#: UI defaults for a NIC instance
nic_defaults = {
    "NIC_COMMENT": "",
    "NIC_DRIVER": "",
    "NIC_MAC": "",
    "NIC_TYPE": "UNUSED",
}
#: UI defaults for a provider instance
provider_defaults = {
    "PROVIDER_PROXY_SERVER": "",
    "PROVIDER_PROXY_PORT": "",
    "PROVIDER_PROXY_PASSWORD": "",
    "PROVIDER_PROXY_LOGIN": "",
    "PROVIDER_NIC_REF": "1",
    "PROVIDER_NETMASK": "255.255.0.0",
    "PROVIDER_MTU_SIZE": "1500",
    "PROVIDER_MODE": "ROUTER",
    "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
    "PROVIDER_LOCALIP": "",
    "PROVIDER_IP": "",
    "PROVIDER_FIREWALL_RULESET_REF": "7",
    "PROVIDER_FALLBACK_TIMEOUT": "60",
    "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
    "PROVIDER_EMAIL_RELAY_REF": "-1",
    "PROVIDER_DYNDNS_WEBCHECKIP": "0",
    "PROVIDER_DYNDNS_ENABLE": "1",
    "PROVIDER_DNS_MODE": "ROOT",
    "PROVIDER_DNS": "",
    "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
    "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
    "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
    "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
}
#: UI defaults for a port forwarding instance
port_forwarding_defaults = {
    "PORT_FORWARDING_DST_IP_REF": "1",
    "PORT_FORWARDING_DST_PORT": "",
    "PORT_FORWARDING_DST_PORT_END": "",
    "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
    "PORT_FORWARDING_SRC_PORT": "",
    "PORT_FORWARDING_SRC_PORT_END": "",
}
#: UI defaults for a firewall ruleset instance
firewall_ruleset_defaults = {
    "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
}
#: UI defaults for a proxy accesslist instance
proxy_accesslist_defaults = {
    "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
    "PROXY_ACCESSLIST_MODE": "1",
    "PROXY_ACCESSLIST_SIZETYPE": "1",
    "PROXY_ACCESSLIST_TYPE": "0",
}
#: UI defaults for a key instance
key_own_defaults = {
    "KEY_OWN_FINGERPRINT_MD5": "",
    "KEY_OWN_FINGERPRINT_SHA1": "",
    "KEY_OWN_ID_X509": "CN=net.lan",
    "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
    "KEY_OWN_KEYSIZE": "2048",
    "KEY_OWN_HASH_ALGO": "SHA2_256",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_REQUEST": "<CREATE_HACK>",
    "KEY_OWN_SUBJECT": "CN=net.lan",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDFROM": "00001122T445566",
    # TODO: the key own creation is currently too hacky for better sanitized defaults
    "KEY_OWN_VALIDTILL": "99991122T445566",
    "KEY_OWN_TYPE": "SELF",
    # the ones bellow should be set when using 'generate' to create the key
    "KEY_OWN_CREATE_CN": "",
    "KEY_OWN_CREATE_EMAIL": ""
}
#: UI defaults for a VPN connection instance
vpnconn_defaults = {
    "VPNCONN_ACTIVATION": "ALWAYS",
    "VPNCONN_DISABLED": "0",
    "VPNCONN_DNS_RELAYING_ALLOWED": "1",
    "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
    "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
    "VPNCONN_FIREWALL_RULESET_REF": "5",
    "VPNCONN_IKE_VERSION": "1",
    "VPNCONN_KEY_FOREIGN_REF": "1",
    "VPNCONN_KEY_OWN_REF": "1",
    "VPNCONN_KEY_TYPE": "PUBLIC",
    "VPNCONN_LAN_NAT_IP": "",
    "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
    "VPNCONN_LAN_NAT_NETWORK": "",
    "VPNCONN_LAN_NIC_REF": "2",
    "VPNCONN_LAN_NET": "",
    "VPNCONN_LAN_NETMASK": "255.255.0.0",
    "VPNCONN_LAN_TYPE": "NIC",
    "VPNCONN_LIFETIME_IKE": "480",
    "VPNCONN_LIFETIME_IPSECSA": "60",
    "VPNCONN_OFFLINE_DETECTION_SEC": "60",
    "VPNCONN_PEER_DNS": "",
    "VPNCONN_PEER_IP": "",
    "VPNCONN_PEER_TYPE": "IP",
    "VPNCONN_PROTO": "IPSEC",
    "VPNCONN_PROXY_PROFILE_REF": "-2",
    "VPNCONN_PSK": "",
    "VPNCONN_PSK_FOREIGN_ID": "",
    "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
    "VPNCONN_PSK_OWN_ID": "",
    "VPNCONN_PSK_OWN_ID_TYPE": "IP",
    "VPNCONN_REMOTE_INET_NAT": "1",
    "VPNCONN_REMOTE_MODECONFIG_IP": "",
    "VPNCONN_REMOTE_NAT_ENABLE": "0",
    "VPNCONN_REMOTE_NAT_NETWORK": "",
    "VPNCONN_REMOTE_NET": "",
    "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
    "VPNCONN_REMOTE_TYPE": "CUSTOM",
    "VPNCONN_RETRIES": "3",
    "VPNCONN_SECURED": "ESP",
    "VPNCONN_XAUTH_SERVER_ENABLE": "0"
}


###############################################################################
# MINOR CONFIGURATION
###############################################################################


def template(name, value, instance=-1, defaults=None, **kwargs):
    """
    Generate a template cnf variable from provided defaults.

    :param str name: cnf variable name
    :param str value: cnf variable data value
    :param int instance: cnf variable instance number
    :param defaults: default child variables to populate the cnf variable with
    :type defaults: {str, str or {}} or None
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`

    All additional keyword arguments will be used to overwrite the defaults.
    """
    log.info(f"Generating a template {name} cnfvar")
    cnf = Cnf(name, value=value, instance=instance)
    defaults = {} if defaults is None else defaults
    cnf.add_children(*[(key, value) for key, value in defaults.items()])
    for key in kwargs.keys():
        cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
    return cnf


def user(name, instance=-1, **kwargs):
    """
    Generate a user cnf variable.

    :param str name: username for the user
    :param int instance: instance number for the user
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a user {name} cnfvar")
    user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
    user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
    return user_cnf


def group(name, instance=-1, **kwargs):
    """
    Generate a group cnf variable.

    :param str name: name for the group
    :param int instance: instance number for the group
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a group {name} cnfvar")
    group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
    return group_cnf


def nic(name, instance=-1, **kwargs):
    """
    Generate a nic cnf variable.

    :param str name: tag or comment for the nic describing its use
    :param int instance: instance number for the nic
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a nic cnfvar")
    nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
    nic_cnf.children.single_with_name("nic_comment").value = name
    if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
        nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
        nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
        nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
        nic_cnf.add_child("nic_lan_nat_into", "0")
        nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
        nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
    return nic_cnf


def intraclient(name, instance=-1, **kwargs):
    """
    Generate an intraclient cnf variable.

    :param str name: name for the intraclient
    :param int instance: instance number for the intraclient
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an intraclient {name} cnfvar")
    intraclient_cnf = template("intraclient", name, instance=instance,
                               defaults=intraclient_defaults, **kwargs)
    return intraclient_cnf


def provider(name, instance=-1, **kwargs):
    """
    Generate a provider cnf variable.

    :param str name: name for the provider
    :param int instance: instance number for the provider
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a provider {name} cnfvar")
    provider_cnf = template("provider", name, instance=instance,
                            defaults=provider_defaults, **kwargs)
    # the validation of the LOCALIP will not be ignored despite choosing a different mode
    if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
        provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
        provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
    if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
    if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
        provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
    return provider_cnf


def port_forwarding(name, instance=-1, **kwargs):
    """
    Generate a port forwarding cnf variable.

    :param str name: name for the port forwarding mapping
    :param int instance: instance number for the port forwarding mapping
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a port forwarding {name} cnfvar")
    port_forwarding_cnf = template("port_forwarding", name, instance=instance,
                                   defaults=port_forwarding_defaults, **kwargs)
    if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
        port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
        port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
    return port_forwarding_cnf


def firewall_ruleset(name, instance=-1, **kwargs):
    """
    Generate a firewall ruleset cnf variable.

    :param str name: name for the firewall ruleset
    :param int instance: instance number for the firewall ruleset
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a firewall ruleset {name} cnfvar")
    firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
                                    defaults=firewall_ruleset_defaults, **kwargs)
    return firewall_ruleset_cnf


def proxy_accesslist(name, instance=-1, **kwargs):
    """
    Generate a proxy accesslist cnf variable.

    :param str name: name for the proxy accesslist
    :param int instance: instance number for the proxy accesslist
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a proxy accesslist {name} cnfvar")
    proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
                                    defaults=proxy_accesslist_defaults, **kwargs)
    return proxy_accesslist_cnf


def key_own(name, instance=-1, **kwargs):
    """
    Generate an own key cnf variable.

    :param str name: name for the own key
    :param int instance: instance number for the own key
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating an own key {name} cnfvar")
    key_own_cnf = template("key_own", name, instance=instance,
                           defaults=key_own_defaults, **kwargs)
    return key_own_cnf


def vpnconn(name, instance=-1, **kwargs):
    """
    Generate a vpn connection cnf variable.

    :param str name: name for the vpn connection
    :param int instance: instance number for the vpn connection
    :returns: generated cnf variable
    :rtype: :py:class:`Cnf`
    """
    log.info(f"Generating a vpn connection {name} cnfvar")
    vpnconn_cnf = template("vpnconn", name, instance=instance,
                           defaults=vpnconn_defaults, **kwargs)
    if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
    if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
        vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
    return vpnconn_cnf