developer.intra2net.com Git - pyi2ncommon/blob - src/cnfvar/templates.py

   1 # The software in this package is distributed under the GNU General
   2 # Public License version 2 (with a special exception described below).
   3 #
   4 # A copy of GNU General Public License (GPL) is included in this distribution,
   5 # in the file COPYING.GPL.
   6 #
   7 # As a special exception, if other files instantiate templates or use macros
   8 # or inline functions from this file, or you compile this file and link it
   9 # with other works to produce a work based on this file, this file
  10 # does not by itself cause the resulting work to be covered
  11 # by the GNU General Public License.
  12 #
  13 # However the source code for this file must still be made available
  14 # in accordance with section (3) of the GNU General Public License.
  15 #
  16 # This exception does not invalidate any other reasons why a work based
  17 # on this file might be covered by the GNU General Public License.
  18 #
  19 # Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
  20
  21 """
  22
  23 summary
  24 ------------------------------------------------------
  25 Module for one-step dynamic cnfvar configuration using minimal templates.
  26
  27 .. codeauthor:: Intra2net
  28
  29
  30 interface
  31 ------------------------------------------------------
  32
  33 """
  34
  35 import time
  36 import logging
  37
  38 # custom imports
  39 from .model import Cnf, CnfList
  40
  41
  42 log = logging.getLogger('pyi2ncommon.cnfvar.templates')
  43
  44
  45 ###############################################################################
  46 # MINOR CONFIGURATION
  47 ###############################################################################
  48
  49
  50 def simple(varname, data, instance=0):
  51     """
  52     Generate a minimal simple cnf variable in terms of required and validated attributes.
  53
  54     :param str varname: cnf variable name
  55     :param str data: cnf variable value
  56     :param int instance: cnf variable instance number
  57     :returns: generated cnf variable
  58     :rtype: :py:class:`Cnf`
  59     """
  60     log.info(f"Generating a simple {varname} cnfvar")
  61     return Cnf(varname, value=data, instance=instance)
  62
  63
  64 def user(username, password, instance=-1):
  65     """
  66     Generate a minimal user cnf variable in terms of required and validated attributes.
  67
  68     :param str username: username for the user
  69     :param str password: password for the user
  70     :param int instance: instance number for the user
  71     :returns: generated cnf variable
  72     :rtype: :py:class:`Cnf`
  73     """
  74     log.info(f"Generating a minimal user {username} cnfvar")
  75     user_cnf = Cnf("user", value=username, instance=instance)
  76     user_cnf.add_children(
  77         ("user_fullname", username.capitalize()),
  78         ("user_group_member_ref", 2),
  79         ("user_password", password))
  80     return user_cnf
  81
  82
  83 def group_admins(proxy_profile="1", activesync_enable=False, xauth_enable=False, suffix="host"):
  84     """
  85     Generate and save an Administrators group configuration file.
  86
  87     :param str proxy_profile: proxy profile instance reference
  88     :param bool activesync_enable: whether to enable ActiveSync for the group
  89     :param bool xauth_enable: whether to enable XAUTH for the group
  90     :param str suffix: optional suffix to use for config identification
  91     :returns: generated config filename
  92     :rtype: str
  93     """
  94     log.info("Create arnied admin group configuration")
  95     group = batch_update_cnf(build_group.BuildGroup(data="Administratoren",
  96                                                     instance=1),
  97                              [(Update, ("GROUP_ACCESS_REMOTE_ADMINISTRATION_ALLOWED", 0, "1")),
  98                               (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")),
  99                               (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)),
 100                               (Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")),
 101                               (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_INTRANET")),
 102                               (Update, ("GROUP_ACTIVESYNC_ENABLE", 0, "1" if activesync_enable else "0")),
 103                               (Update, ("GROUP_XAUTH_ENABLE", 0, "1" if xauth_enable else "0")),
 104                               (Delete, ("GROUP_COMMENT",))])
 105     group_cnf = "group-%d-%s.cnf" % (time.time(), suffix)
 106     [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR)
 107     logging.info("Saving group configuration to %s", group_cnf)
 108     group.save(group_cnf)
 109     return group_cnf
 110
 111
 112 def group_all(proxy_profile="1", suffix="host"):
 113     """
 114     Generate and save an "All" group configuration file.
 115
 116     :param str proxy_profile: proxy profile instance reference
 117     :param str suffix: optional suffix to use for config identification
 118     :returns: generated config filename
 119     :rtype: str
 120     """
 121     log.info("Create arnied all group configuration")
 122     group = batch_update_cnf(build_group.BuildGroup(data="Alle",
 123                                                     instance=2),
 124                              [(Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")),
 125                               (Update, ("GROUP_ACCESS_INFORMATION_VERSION_ALLOWED", 0, "1")),
 126                               (Update, ("GROUP_ACCESS_MAINPAGE_ALLOWED", 0, "1")),
 127                               (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_FORWARDING_ALLOWED", 0, "1")),
 128                               (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_GROUPWARE_ALLOWED", 0, "1")),
 129                               (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SETTINGS_ALLOWED", 0, "1")),
 130                               (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SORTING_ALLOWED", 0, "1")),
 131                               (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SPAMFILTER_ALLOWED", 0, "1")),
 132                               (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_VACATION_ALLOWED", 0, "1")),
 133                               (Update, ("GROUP_ACCESS_GROUPWARE_ALLOWED", 0, "1")),
 134                               (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")),
 135                               (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_EVERYWHERE")),
 136                               (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)),
 137                               (Delete, ("GROUP_COMMENT",))])
 138
 139     group_cnf = "group-%d-%s.cnf" % (time.time(), suffix)
 140     [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR)
 141     logging.info("Saving group configuration to %s", group_cnf)
 142     group.save(group_cnf)
 143     return group_cnf
 144
 145
 146 def nic(instance=0, nictype="NATLAN",
 147         ip="1.2.3.4", netmask="255.255.0.0", mac="00:00:00:00:00:00",
 148         suffix="host"):
 149     """
 150     Generate and save a nic configuration file.
 151
 152     :param int instance: instance number (for multiple nics, -1 for next available)
 153     :param str nictype: type of the nic
 154     :param str ip: IP address of the nic
 155     :param str netmask: network mask of the nic
 156     :param str mac: MAC address of the nic
 157     :param str suffix: optional suffix to use for config identification
 158     :returns: generated config filename
 159     :rtype: str
 160     """
 161     log.info("Create arnied nic configuration")
 162     nic_obj = batch_update_cnf(
 163         build_nic.BuildNIC(data="", instance=instance, line_no=1),
 164         [(Update, ("NIC_TYPE", 0, nictype)),
 165          (Update, ("NIC_LAN_IP", 0, ip)),
 166          (Update, ("NIC_LAN_NETMASK", 0, netmask)),
 167          (Update, ("NIC_MAC", 0, mac))])
 168     nic_cnf = "nic-%d-%s.cnf" % (time.time(), suffix)
 169     [nic_cnf] = aw.prep_config_paths([nic_cnf], aw.DUMP_CONFIG_DIR)
 170     logging.info("Saving nic configuration to %s", nic_cnf)
 171     nic_obj.save(nic_cnf)
 172     return nic_cnf
 173
 174
 175 def intraclient(name="intraclient", instance=1,
 176                 ip="1.2.3.4", mac="00:00:00:00:00:00",
 177                 fwrules=5, suffix="host"):
 178     """
 179     Generate and save an intraclient configuration file.
 180
 181     :param str name: name of the intraclient
 182     :param int instance: instance number (for multiple clients, -1 for next available)
 183     :param str ip: IP address of the intraclient
 184     :param str mac: MAC address of the intraclient
 185     :param int fwrules: instance of the firewall rules to use
 186     :param str suffix: optional suffix to use for config identification
 187     :returns: generated config filename
 188     :rtype: str
 189     """
 190     log.info("Create arnied intraclient configuration")
 191     intraclient_obj = batch_update_cnf(
 192         build_intraclient.BuildIntraclient(data=name, instance=instance),
 193         [(Update, ("INTRACLIENT_IP", 0, ip)),
 194          (Update, ("INTRACLIENT_MAC", 0, mac)),
 195          (Update, ("INTRACLIENT_FIREWALL_RULESET_REF", 0, fwrules))])
 196
 197     intraclient_cnf = "intraclient-%d-%s.cnf" % (time.time(), suffix)
 198     [intraclient_cnf] = aw.prep_config_paths([intraclient_cnf], aw.DUMP_CONFIG_DIR)
 199     logging.info("Saving intraclient configuration to %s", intraclient_cnf)
 200     intraclient_obj.save(intraclient_cnf)
 201     return intraclient_cnf
 202
 203
 204 def provider(name="provider", instance=1, mode="ROUTER", ip="1.2.3.4", localip=None,
 205              netmask="255.255.0.0", dnsmode="IP", dns="1.2.3.4", fwrules=5,
 206              dialretry=None, timeout="", mtumode="AUTO",
 207              vlanid=None, mtusize=None, login=None, password=None,
 208              modemip=None, providerid=None, localdhcp=None,
 209              suffix="host"):
 210     """
 211     Generate and save a provider configuration file.
 212
 213     :param str name: name of the provider
 214     :param int instance: instance number (for multiple clients, -1 for next available)
 215     :param str mode: provider mode
 216     :param str ip: IP address of the provider
 217     :param localip: IP address of the configured machine (valid for some configurations)
 218     :type localip: str or None
 219     :param str netmask: netmask of the provider
 220     :param str dnsmode: dnsmode of the provider
 221     :param str dns: IP address of the DNS server
 222     :param int fwrules: instance of the firewall rules to use
 223     :param any args: lots of detailed configuration
 224     :param str suffix: optional suffix to use for config identification
 225     :returns: generated config filename
 226     :rtype: str
 227     """
 228     log.info("Create arnied provider configuration")
 229
 230     def add_or_del(var, field):
 231         if var is not None:
 232             return Add, (field, 0, str(var))
 233         return Delete, field
 234     provider_obj = batch_update_cnf(
 235         build_provider.BuildProvider(data=name, instance=instance),
 236         [(Update, ("PROVIDER_MODE", 0, mode)),
 237          ip and (Update, ("PROVIDER_IP", 0, ip))
 238              or (Delete, "PROVIDER_IP"),
 239          localip
 240          and (Update, ("PROVIDER_LOCALIP", 0, localip))
 241          or (Delete, "PROVIDER_LOCALIP"),
 242          netmask and (Update, ("PROVIDER_NETMASK", 0,
 243                                netmask))
 244                   or (Delete, "PROVIDER_NETMASK"),
 245          (Update, ("PROVIDER_TIMEOUT", 0, timeout)),
 246          (Update, ("PROVIDER_DNS_MODE", 0, dnsmode)),
 247          (Update, ("PROVIDER_DNS", 0,
 248                    dns if dnsmode == "IP" else "")),
 249          (Update, ("PROVIDER_MTU_MODE", 0, mtumode)),
 250          (Update, ("PROVIDER_MTU_SIZE", 0,
 251                    mtusize if mtumode != "AUTO" else "")),
 252          (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules))),
 253          add_or_del(vlanid, "PROVIDER_VLAN_ID"),
 254          add_or_del(dialretry, "PROVIDER_DIAL_RETRY"),
 255          add_or_del(login, "PROVIDER_LOGIN"),
 256          add_or_del(password, "PROVIDER_PASSWORD"),
 257          add_or_del(modemip, "PROVIDER_MODEM_IP"),
 258          add_or_del(providerid, "PROVIDER_PROVIDERID"),
 259          add_or_del(localdhcp, "PROVIDER_LOCAL_DHCP")])
 260     provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix)
 261     [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR)
 262     logging.info("Saving provider configuration to %s", provider_cnf)
 263     provider_obj.save(provider_cnf)
 264     return provider_cnf
 265
 266
 267 def provider_proxy(mode="ROUTER", ip="1.2.3.4", localip=None, proxy_port=3128, fwrules=7, suffix="host"):
 268     """
 269     Generate and save a provider configuration file for proxy.
 270
 271     :param str mode: provider mode
 272     :param str ip: IP address of the provider (and DNS server)
 273     :param localip: IP address of the configured machine (valid for some configurations)
 274     :type localip: str or None
 275     :param int proxy_port: port for the provider proxy
 276     :param int fwrules: instance of the firewall rules to use
 277     :param str suffix: optional suffix to use for config identification
 278     :returns: generated config filename
 279     :rtype: str
 280     """
 281     log.info("Create arnied provider configuration.")
 282     provider_obj = batch_update_cnf(
 283         build_provider.BuildProvider(),
 284         [(Update, ("PROVIDER_MODE", 0, mode)),
 285          (Update, ("PROVIDER_DNS", 0, ip)),
 286          (Update, ("PROVIDER_DYNDNS_ENABLE", 0, "0")),
 287          (Update, ("PROVIDER_IP", 0, ip)),
 288          (Update, ("PROVIDER_PROXY_SERVER", 0, ip)),
 289          (Update, ("PROVIDER_PROXY_PORT", 0, str(proxy_port))),
 290          localip
 291          and (Update, ("PROVIDER_LOCALIP", 0, localip))
 292          or (Delete, "PROVIDER_LOCALIP"),
 293          (Update, ("PROVIDER_DNS_MODE", 0, "IP")),
 294          (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules)))])
 295     provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix)
 296     [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR)
 297     logging.info("Saving provider configuration to %s", provider_cnf)
 298     provider_obj.save(provider_cnf)
 299     return provider_cnf
 300
 301
 302 def port_forwarding(src_port="1234", src_port_end="",
 303                     dst_port="1234", dst_port_end="",
 304                     dst_ip_ref="1", protocol_type="TCP",
 305                     suffix="host"):
 306     """
 307     Generate and save a port forwarding configuration file.
 308
 309     :param str src_port: forwarded source port
 310     :param str src_port_end: forwarded source port end for a port range
 311     :param str dst_port: forwarded destination port
 312     :param str dst_port_end: forwarded destination port end for a port range
 313     :param str dst_ip_ref: destination nic instance for a port range
 314     :param str protocol_type: port forwarding protocol type
 315     :param str suffix: optional suffix to use for config identification
 316     :returns: generated config filename
 317     :rtype: str
 318     """
 319     log.info("Create port forwarding configuration")
 320     value_id = "test"
 321     portforward_client_cnf = "portforward-%d-%s.cnf" % (time.time(), suffix)
 322     return build_cnf("PORT_FORWARDING",
 323                      data=value_id,
 324                      filename=portforward_client_cnf,
 325                      vals=[(Child, ("PORT_FORWARDING_DST_IP_REF", 0, dst_ip_ref)),
 326                            (Child, ("PORT_FORWARDING_DST_PORT", 0, dst_port)),
 327                            (Child, ("PORT_FORWARDING_DST_PORT_END", 0, dst_port_end)),
 328                            (Child, ("PORT_FORWARDING_PROTOCOL_TYPE", 0, protocol_type)),
 329                            (Child, ("PORT_FORWARDING_SRC_PORT", 0, src_port)),
 330                            (Child, ("PORT_FORWARDING_SRC_PORT_END", 0, src_port_end))])
 331
 332
 333 def firewall_ruleset_simple(suffix="host"):
 334     """
 335     Generate and save a simple firewall ruleset configuration file.
 336
 337     :param str suffix: optional suffix to use for config identification
 338     :returns: generated config filename
 339     :rtype: str
 340     """
 341     log.info("Create firewall ruleset")
 342     fw_cnf = "fw-%d-%s.cnf" % (time.time(), suffix)
 343     return build_cnf("FIREWALL_RULESET",
 344                      instance=101,
 345                      data="Port Forwarding libfirewall test",
 346                      filename=fw_cnf,
 347                      vals=[(Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "SIMPLE_PROVIDER")),
 348                            (Update, ("FIREWALL_RULESET_PROVIDER_HTTPS_OPEN", 0, "0")),
 349                            (Update, ("FIREWALL_RULESET_PROVIDER_POP3SIMAPS_OPEN", 0, "0")),
 350                            (Update, ("FIREWALL_RULESET_PROVIDER_PORT_FORWARDING_ENABLE", 0, "1")),
 351                            (Update, ("FIREWALL_RULESET_PROVIDER_SMTP_OPEN", 0, "0")),
 352                            (Update, ("FIREWALL_RULESET_PROVIDER_HTTP_OPEN", 0, "0")),
 353                            (Update, ("FIREWALL_RULESET_PROVIDER_VPN_OPEN", 0, "0"))])
 354
 355
 356 def firewall_ruleset_port(suffix="host"):
 357     """
 358     Generate and save a firewall ruleset configuration file for port forwarding.
 359
 360     :param str suffix: optional suffix to use for config identification
 361     :returns: generated config filename
 362     :rtype: str
 363     """
 364     log.info("Create firewall ruleset")
 365     fw_portforward_cnf = "fw-portforward-%d-%s.cnf" % (time.time(), suffix)
 366     return build_cnf("FIREWALL_RULESET",
 367                      instance=100,
 368                      data="Port forwarding only",
 369                      filename=fw_portforward_cnf,
 370                      vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")),
 371                            (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")),
 372                            (Add, ("FIREWALL_RULESET_RULE", 1, "")),
 373                            (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")),
 374                            (Child, ("FIREWALL_RULESET_RULE_CHECK_CONNECTION_STATUS", 0, "PORTFORWARDING")),
 375                            (Child, ("FIREWALL_RULESET_RULE_CHECK_TCP_FLAGS", 0, "DISABLED")),
 376                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")),
 377                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")),
 378                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")),
 379                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_PERIOD", 0, "SEC")),
 380                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")),
 381                            (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")),
 382                            (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")),
 383                            (Child, ("FIREWALL_RULESET_RULE_TIME_INCLUDE_TIME_REF", 0, "-1")),
 384                            (Update, ("FIREWALL_RULESET_USAGE", 0, "PROVIDER"))])
 385
 386
 387 def firewall_ruleset_dmz(suffix="host"):
 388     """
 389     Generate and save a firewall ruleset configuration file for DMZ.
 390
 391     :param str suffix: optional suffix to use for config identification
 392     :returns: generated config filename
 393     :rtype: str
 394     """
 395     log.info("Create firewall ruleset")
 396     fw_dmz_cnf = "fw-dmz-%d-%s.cnf" % (time.time(), suffix)
 397     return build_cnf("FIREWALL_RULESET",
 398                      instance=100,
 399                      data="DMZ firewall rules",
 400                      filename=fw_dmz_cnf,
 401                      vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")),
 402                            (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")),
 403                            (Add, ("FIREWALL_RULESET_RULE", 1, "")),
 404                            (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")),
 405                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")),
 406                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")),
 407                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")),
 408                            (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")),
 409                            (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")),
 410                            (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")),
 411                            (Child, ("FIREWALL_RULESET_RULE_SERVICE_INCLUDE_SERVICEGROUP_REF", 0, "6")),
 412                            (Child, ("FIREWALL_RULESET_RULE_DST_INCLUDE_CLIENT_REF", 0, "2")),
 413                            (Update, ("FIREWALL_RULESET_USAGE", 0, "LANVPN"))])