--- /dev/null
+# The software in this package is distributed under the GNU General
+# Public License version 2 (with a special exception described below).
+#
+# A copy of GNU General Public License (GPL) is included in this distribution,
+# in the file COPYING.GPL.
+#
+# As a special exception, if other files instantiate templates or use macros
+# or inline functions from this file, or you compile this file and link it
+# with other works to produce a work based on this file, this file
+# does not by itself cause the resulting work to be covered
+# by the GNU General Public License.
+#
+# However the source code for this file must still be made available
+# in accordance with section (3) of the GNU General Public License.
+#
+# This exception does not invalidate any other reasons why a work based
+# on this file might be covered by the GNU General Public License.
+#
+# Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
+
+"""
+
+summary
+------------------------------------------------------
+Module for one-step dynamic cnfvar generation from default value templates.
+
+.. codeauthor:: Intra2net
+
+
+contents
+-------------------------------------------------------
+These templates contain the bare defaults the UI adds upon
+creation of each major and frequently used cnfvar.
+
+
+interface
+------------------------------------------------------
+
+"""
+
+import time
+import logging
+
+# custom imports
+from .model import Cnf, CnfList
+
+
+log = logging.getLogger('pyi2ncommon.cnfvar.templates')
+
+
+###############################################################################
+# MAJOR CNF DEFAULTS
+###############################################################################
+
+
+#: UI defaults for a user instance
+user_defaults = {
+ "USER_DISABLED": "0",
+ "USER_FULLNAME": "",
+ "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
+ "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
+ "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
+ "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
+ "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
+ "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
+ "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
+ # always a member of the 'Alle' group
+ "USER_GROUP_MEMBER_REF": "2",
+ "USER_LOCALE": "",
+ "USER_PASSWORD": "",
+ "USER_TRASH_DELETEDAYS": "30",
+ "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
+ "USER_WEBMAIL_SIGNATURE": "",
+}
+#: UI defaults for a group instance
+group_defaults = {
+ "GROUP_COMMENT": "",
+ "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
+ "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
+ "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
+ "GROUP_PROXY_PROFILE_REF": "1",
+}
+#: UI defaults for an intraclient instance
+intraclient_defaults = {
+ "INTRACLIENT_COMMENT": "",
+ "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
+ "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
+ "INTRACLIENT_FIREWALL_RULESET_REF": "5",
+ "INTRACLIENT_IP": "",
+ "INTRACLIENT_MAC": "",
+ "INTRACLIENT_PROXY_PROFILE_REF": "-1",
+}
+#: UI defaults for a NIC instance
+nic_defaults = {
+ "NIC_COMMENT": "",
+ "NIC_DRIVER": "",
+ "NIC_MAC": "",
+ "NIC_TYPE": "UNUSED",
+}
+#: UI defaults for a provider instance
+provider_defaults = {
+ "PROVIDER_PROXY_SERVER": "",
+ "PROVIDER_PROXY_PORT": "",
+ "PROVIDER_PROXY_PASSWORD": "",
+ "PROVIDER_PROXY_LOGIN": "",
+ "PROVIDER_NIC_REF": "1",
+ "PROVIDER_NETMASK": "255.255.0.0",
+ "PROVIDER_MTU_SIZE": "1500",
+ "PROVIDER_MODE": "ROUTER",
+ "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
+ "PROVIDER_LOCALIP": "",
+ "PROVIDER_IP": "",
+ "PROVIDER_FIREWALL_RULESET_REF": "7",
+ "PROVIDER_FALLBACK_TIMEOUT": "60",
+ "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
+ "PROVIDER_EMAIL_RELAY_REF": "-1",
+ "PROVIDER_DYNDNS_WEBCHECKIP": "0",
+ "PROVIDER_DYNDNS_ENABLE": "1",
+ "PROVIDER_DNS_MODE": "ROOT",
+ "PROVIDER_DNS": "",
+ "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
+ "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
+ "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
+ "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
+}
+#: UI defaults for a port forwarding instance
+port_forwarding_defaults = {
+ "PORT_FORWARDING_DST_IP_REF": "1",
+ "PORT_FORWARDING_DST_PORT": "",
+ "PORT_FORWARDING_DST_PORT_END": "",
+ "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
+ "PORT_FORWARDING_SRC_PORT": "",
+ "PORT_FORWARDING_SRC_PORT_END": "",
+}
+#: UI defaults for a firewall ruleset instance
+firewall_ruleset_defaults = {
+ "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
+}
+#: UI defaults for a proxy accesslist instance
+proxy_accesslist_defaults = {
+ "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
+ "PROXY_ACCESSLIST_MODE": "1",
+ "PROXY_ACCESSLIST_SIZETYPE": "1",
+ "PROXY_ACCESSLIST_TYPE": "0",
+}
+#: UI defaults for a key instance
+key_own_defaults = {
+ "KEY_OWN_FINGERPRINT_MD5": "",
+ "KEY_OWN_FINGERPRINT_SHA1": "",
+ "KEY_OWN_ID_X509": "CN=net.lan",
+ "KEY_OWN_ISSUER": "CN=, C=, L=, ST=, O=, OU=",
+ "KEY_OWN_KEYSIZE": "2048",
+ "KEY_OWN_HASH_ALGO": "SHA2_256",
+ # TODO: the key own creation is currently too hacky for better sanitized defaults
+ "KEY_OWN_PRIVATE_KEY": "<CREATE_HACK>",
+ # TODO: the key own creation is currently too hacky for better sanitized defaults
+ "KEY_OWN_PUBLIC_KEY": "<CREATE_HACK>",
+ # TODO: the key own creation is currently too hacky for better sanitized defaults
+ "KEY_OWN_REQUEST": "<CREATE_HACK>",
+ "KEY_OWN_SUBJECT": "CN=net.lan",
+ # TODO: the key own creation is currently too hacky for better sanitized defaults
+ "KEY_OWN_VALIDFROM": "00001122T445566",
+ # TODO: the key own creation is currently too hacky for better sanitized defaults
+ "KEY_OWN_VALIDTILL": "99991122T445566",
+ "KEY_OWN_TYPE": "SELF",
+ # the ones bellow should be set when using 'generate' to create the key
+ "KEY_OWN_CREATE_CN": "",
+ "KEY_OWN_CREATE_EMAIL": ""
+}
+#: UI defaults for a VPN connection instance
+vpnconn_defaults = {
+ "VPNCONN_ACTIVATION": "ALWAYS",
+ "VPNCONN_DISABLED": "0",
+ "VPNCONN_DNS_RELAYING_ALLOWED": "1",
+ "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
+ "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
+ "VPNCONN_FIREWALL_RULESET_REF": "5",
+ "VPNCONN_IKE_VERSION": "1",
+ "VPNCONN_KEY_FOREIGN_REF": "1",
+ "VPNCONN_KEY_OWN_REF": "1",
+ "VPNCONN_KEY_TYPE": "PUBLIC",
+ "VPNCONN_LAN_NAT_IP": "",
+ "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
+ "VPNCONN_LAN_NAT_NETWORK": "",
+ "VPNCONN_LAN_NIC_REF": "2",
+ "VPNCONN_LAN_NET": "",
+ "VPNCONN_LAN_NETMASK": "255.255.0.0",
+ "VPNCONN_LAN_TYPE": "NIC",
+ "VPNCONN_LIFETIME_IKE": "480",
+ "VPNCONN_LIFETIME_IPSECSA": "60",
+ "VPNCONN_OFFLINE_DETECTION_SEC": "60",
+ "VPNCONN_PEER_DNS": "",
+ "VPNCONN_PEER_IP": "",
+ "VPNCONN_PEER_TYPE": "IP",
+ "VPNCONN_PROXY_PROFILE_REF": "-2",
+ "VPNCONN_PSK": "",
+ "VPNCONN_PSK_FOREIGN_ID": "",
+ "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
+ "VPNCONN_PSK_OWN_ID": "",
+ "VPNCONN_PSK_OWN_ID_TYPE": "IP",
+ "VPNCONN_REMOTE_INET_NAT": "1",
+ "VPNCONN_REMOTE_MODECONFIG_IP": "",
+ "VPNCONN_REMOTE_NAT_ENABLE": "0",
+ "VPNCONN_REMOTE_NAT_NETWORK": "",
+ "VPNCONN_REMOTE_NET": "",
+ "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
+ "VPNCONN_REMOTE_TYPE": "CUSTOM",
+ "VPNCONN_RETRIES": "3",
+ "VPNCONN_SECURED": "ESP",
+ "VPNCONN_XAUTH_SERVER_ENABLE": "0"
+}
+
+
+###############################################################################
+# MINOR CONFIGURATION
+###############################################################################
+
+
+def template(name, value, instance=-1, defaults=None, **kwargs):
+ """
+ Generate a template cnf variable from provided defaults.
+
+ :param str name: cnf variable name
+ :param str value: cnf variable data value
+ :param int instance: cnf variable instance number
+ :param defaults: default child variables to populate the cnf variable with
+ :type defaults: {str, str or {}} or None
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+
+ All additional keyword arguments will be used to overwrite the defaults.
+ """
+ log.info(f"Generating a template {name} cnfvar")
+ cnf = Cnf(name, value=value, instance=instance)
+ defaults = {} if defaults is None else defaults
+ cnf.add_children(*[(key, value) for key, value in defaults.items()])
+ for key in kwargs.keys():
+ cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
+ return cnf
+
+
+def user(name, instance=-1, **kwargs):
+ """
+ Generate a user cnf variable.
+
+ :param str name: username for the user
+ :param int instance: instance number for the user
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a user {name} cnfvar")
+ user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
+ user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
+ return user_cnf
+
+
+def group(name, instance=-1, **kwargs):
+ """
+ Generate a group cnf variable.
+
+ :param str name: name for the group
+ :param int instance: instance number for the group
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a group {name} cnfvar")
+ group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
+ return group_cnf
+
+
+def nic(name, instance=-1, **kwargs):
+ """
+ Generate a nic cnf variable.
+
+ :param str name: tag or comment for the nic describing its use
+ :param int instance: instance number for the nic
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a nic cnfvar")
+ nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
+ nic_cnf.children.single_with_name("nic_comment").value = name
+ if nic_cnf.children.single_with_name("nic_type").value in ["NATLAN", "PUBLICLAN", "PROXYARP"]:
+ nic_cnf.add_child("nic_lan_ip", "192.168.1.1")
+ nic_cnf.add_child("nic_lan_netmask", "255.255.255.0")
+ nic_cnf.add_child("nic_lan_dns_relaying_allowed", "0")
+ nic_cnf.add_child("nic_lan_email_relaying_allowed", "0")
+ nic_cnf.add_child("nic_lan_nat_into", "0")
+ nic_cnf.add_child("nic_lan_proxy_profile_ref", "-1")
+ nic_cnf.add_child("nic_lan_firewall_ruleset_ref", "1")
+ return nic_cnf
+
+
+def intraclient(name, instance=-1, **kwargs):
+ """
+ Generate an intraclient cnf variable.
+
+ :param str name: name for the intraclient
+ :param int instance: instance number for the intraclient
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating an intraclient {name} cnfvar")
+ intraclient_cnf = template("intraclient", name, instance=instance,
+ defaults=intraclient_defaults, **kwargs)
+ return intraclient_cnf
+
+
+def provider(name, instance=-1, **kwargs):
+ """
+ Generate a provider cnf variable.
+
+ :param str name: name for the provider
+ :param int instance: instance number for the provider
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a provider {name} cnfvar")
+ provider_cnf = template("provider", name, instance=instance,
+ defaults=provider_defaults, **kwargs)
+ # the validation of the LOCALIP will not be ignored despite choosing a different mode
+ if provider_cnf.children.single_with_name("provider_mode").value not in ["ROUTER", "GWINLAN"]:
+ provider_cnf.children.remove_where(lambda c: c.name == "provider_ip")
+ provider_cnf.children.remove_where(lambda c: c.name == "provider_netmask")
+ if provider_cnf.children.single_with_name("provider_mode").value != "ROUTER":
+ provider_cnf.children.remove_where(lambda c: c.name == "provider_localip")
+ if provider_cnf.children.single_with_name("provider_dns_mode").value != "IP":
+ provider_cnf.children.remove_where(lambda c: c.name == "provider_dns")
+ return provider_cnf
+
+
+def port_forwarding(name, instance=-1, **kwargs):
+ """
+ Generate a port forwarding cnf variable.
+
+ :param str name: name for the port forwarding mapping
+ :param int instance: instance number for the port forwarding mapping
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a port forwarding {name} cnfvar")
+ port_forwarding_cnf = template("port_forwarding", name, instance=instance,
+ defaults=port_forwarding_defaults, **kwargs)
+ if port_forwarding_cnf.children.single_with_name("port_forwarding_protocol_type").value == "OTHER":
+ port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port")
+ port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port")
+ port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_src_port_end")
+ port_forwarding_cnf.children.remove_where(lambda c: c.name == "port_forwarding_dst_port_end")
+ port_forwarding_cnf.add_child("port_forwarding_protocol_num", "47")
+ return port_forwarding_cnf
+
+
+def firewall_ruleset(name, instance=-1, **kwargs):
+ """
+ Generate a firewall ruleset cnf variable.
+
+ :param str name: name for the firewall ruleset
+ :param int instance: instance number for the firewall ruleset
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a firewall ruleset {name} cnfvar")
+ firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
+ defaults=firewall_ruleset_defaults, **kwargs)
+ return firewall_ruleset_cnf
+
+
+def proxy_accesslist(name, instance=-1, **kwargs):
+ """
+ Generate a proxy accesslist cnf variable.
+
+ :param str name: name for the proxy accesslist
+ :param int instance: instance number for the proxy accesslist
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a proxy accesslist {name} cnfvar")
+ proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
+ defaults=proxy_accesslist_defaults, **kwargs)
+ return proxy_accesslist_cnf
+
+
+def key_own(name, instance=-1, **kwargs):
+ """
+ Generate an own key cnf variable.
+
+ :param str name: name for the own key
+ :param int instance: instance number for the own key
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating an own key {name} cnfvar")
+ key_own_cnf = template("key_own", name, instance=instance,
+ defaults=key_own_defaults, **kwargs)
+ return key_own_cnf
+
+
+def vpnconn(name, instance=-1, **kwargs):
+ """
+ Generate a vpn connection cnf variable.
+
+ :param str name: name for the vpn connection
+ :param int instance: instance number for the vpn connection
+ :returns: generated cnf variable
+ :rtype: :py:class:`Cnf`
+ """
+ log.info(f"Generating a vpn connection {name} cnfvar")
+ vpnconn_cnf = template("vpnconn", name, instance=instance,
+ defaults=vpnconn_defaults, **kwargs)
+ if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
+ vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
+ if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
+ vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
+ if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
+ vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
+ return vpnconn_cnf