From b5abc93acace9a248ebc891229bb04146ae91237 Mon Sep 17 00:00:00 2001 From: Plamen Dimitrov Date: Tue, 5 Apr 2022 06:29:01 +0300 Subject: [PATCH] Replace the mk_config with a sample minimal cnfvar templates module The following commit provides an example for turning the partially developed (and always incomplete for new use cases) mk_config functions into ones that only provide a minimal set of defaults and can still be used as one-liners by client/user code. The example implementation at the moment is for a simple and a user template cnfvars and will later on be extended to groups and all other major cnfvars. --- src/cnfvar/__init__.py | 1 + src/cnfvar/templates.py | 413 ++++++++++++++++++++++++++++++++++++++++++++ src/mk_config.py | 435 ----------------------------------------------- 3 files changed, 414 insertions(+), 435 deletions(-) create mode 100644 src/cnfvar/templates.py delete mode 100644 src/mk_config.py diff --git a/src/cnfvar/__init__.py b/src/cnfvar/__init__.py index 3d60a25..9529af2 100644 --- a/src/cnfvar/__init__.py +++ b/src/cnfvar/__init__.py @@ -1,6 +1,7 @@ from .model import Cnf, CnfList from .binary import CnfBinary from .store import CnfStore, BinaryCnfStore, CommitException +from . import templates __all__ = ["Cnf", "CnfList", "CnfBinary", "CnfStore", "BinaryCnfStore", "CommitException"] diff --git a/src/cnfvar/templates.py b/src/cnfvar/templates.py new file mode 100644 index 0000000..2567058 --- /dev/null +++ b/src/cnfvar/templates.py @@ -0,0 +1,413 @@ +# The software in this package is distributed under the GNU General +# Public License version 2 (with a special exception described below). +# +# A copy of GNU General Public License (GPL) is included in this distribution, +# in the file COPYING.GPL. +# +# As a special exception, if other files instantiate templates or use macros +# or inline functions from this file, or you compile this file and link it +# with other works to produce a work based on this file, this file +# does not by itself cause the resulting work to be covered +# by the GNU General Public License. +# +# However the source code for this file must still be made available +# in accordance with section (3) of the GNU General Public License. +# +# This exception does not invalidate any other reasons why a work based +# on this file might be covered by the GNU General Public License. +# +# Copyright (c) 2016-2018 Intra2net AG + +""" + +summary +------------------------------------------------------ +Module for one-step dynamic cnfvar configuration using minimal templates. + +.. codeauthor:: Intra2net + + +interface +------------------------------------------------------ + +""" + +import time +import logging + +# custom imports +from .model import Cnf, CnfList + + +log = logging.getLogger('pyi2ncommon.cnfvar.templates') + + +############################################################################### +# MINOR CONFIGURATION +############################################################################### + + +def simple(varname, data, instance=0): + """ + Generate a minimal simple cnf variable in terms of required and validated attributes. + + :param str varname: cnf variable name + :param str data: cnf variable value + :param int instance: cnf variable instance number + :returns: generated cnf variable + :rtype: :py:class:`Cnf` + """ + log.info(f"Generating a simple {varname} cnfvar") + return Cnf(varname, value=data, instance=instance) + + +def user(username, password, instance=-1): + """ + Generate a minimal user cnf variable in terms of required and validated attributes. + + :param str username: username for the user + :param str password: password for the user + :param int instance: instance number for the user + :returns: generated cnf variable + :rtype: :py:class:`Cnf` + """ + log.info(f"Generating a minimal user {username} cnfvar") + user_cnf = Cnf("user", value=username, instance=instance) + user_cnf.add_children( + ("user_fullname", username.capitalize()), + ("user_group_member_ref", 2), + ("user_password", password)) + return user_cnf + + +def group_admins(proxy_profile="1", activesync_enable=False, xauth_enable=False, suffix="host"): + """ + Generate and save an Administrators group configuration file. + + :param str proxy_profile: proxy profile instance reference + :param bool activesync_enable: whether to enable ActiveSync for the group + :param bool xauth_enable: whether to enable XAUTH for the group + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create arnied admin group configuration") + group = batch_update_cnf(build_group.BuildGroup(data="Administratoren", + instance=1), + [(Update, ("GROUP_ACCESS_REMOTE_ADMINISTRATION_ALLOWED", 0, "1")), + (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), + (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), + (Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), + (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_INTRANET")), + (Update, ("GROUP_ACTIVESYNC_ENABLE", 0, "1" if activesync_enable else "0")), + (Update, ("GROUP_XAUTH_ENABLE", 0, "1" if xauth_enable else "0")), + (Delete, ("GROUP_COMMENT",))]) + group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) + [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) + logging.info("Saving group configuration to %s", group_cnf) + group.save(group_cnf) + return group_cnf + + +def group_all(proxy_profile="1", suffix="host"): + """ + Generate and save an "All" group configuration file. + + :param str proxy_profile: proxy profile instance reference + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create arnied all group configuration") + group = batch_update_cnf(build_group.BuildGroup(data="Alle", + instance=2), + [(Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_INFORMATION_VERSION_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_MAINPAGE_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_FORWARDING_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_GROUPWARE_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SETTINGS_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SORTING_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SPAMFILTER_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_VACATION_ALLOWED", 0, "1")), + (Update, ("GROUP_ACCESS_GROUPWARE_ALLOWED", 0, "1")), + (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), + (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_EVERYWHERE")), + (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), + (Delete, ("GROUP_COMMENT",))]) + + group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) + [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) + logging.info("Saving group configuration to %s", group_cnf) + group.save(group_cnf) + return group_cnf + + +def nic(instance=0, nictype="NATLAN", + ip="1.2.3.4", netmask="255.255.0.0", mac="00:00:00:00:00:00", + suffix="host"): + """ + Generate and save a nic configuration file. + + :param int instance: instance number (for multiple nics, -1 for next available) + :param str nictype: type of the nic + :param str ip: IP address of the nic + :param str netmask: network mask of the nic + :param str mac: MAC address of the nic + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create arnied nic configuration") + nic_obj = batch_update_cnf( + build_nic.BuildNIC(data="", instance=instance, line_no=1), + [(Update, ("NIC_TYPE", 0, nictype)), + (Update, ("NIC_LAN_IP", 0, ip)), + (Update, ("NIC_LAN_NETMASK", 0, netmask)), + (Update, ("NIC_MAC", 0, mac))]) + nic_cnf = "nic-%d-%s.cnf" % (time.time(), suffix) + [nic_cnf] = aw.prep_config_paths([nic_cnf], aw.DUMP_CONFIG_DIR) + logging.info("Saving nic configuration to %s", nic_cnf) + nic_obj.save(nic_cnf) + return nic_cnf + + +def intraclient(name="intraclient", instance=1, + ip="1.2.3.4", mac="00:00:00:00:00:00", + fwrules=5, suffix="host"): + """ + Generate and save an intraclient configuration file. + + :param str name: name of the intraclient + :param int instance: instance number (for multiple clients, -1 for next available) + :param str ip: IP address of the intraclient + :param str mac: MAC address of the intraclient + :param int fwrules: instance of the firewall rules to use + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create arnied intraclient configuration") + intraclient_obj = batch_update_cnf( + build_intraclient.BuildIntraclient(data=name, instance=instance), + [(Update, ("INTRACLIENT_IP", 0, ip)), + (Update, ("INTRACLIENT_MAC", 0, mac)), + (Update, ("INTRACLIENT_FIREWALL_RULESET_REF", 0, fwrules))]) + + intraclient_cnf = "intraclient-%d-%s.cnf" % (time.time(), suffix) + [intraclient_cnf] = aw.prep_config_paths([intraclient_cnf], aw.DUMP_CONFIG_DIR) + logging.info("Saving intraclient configuration to %s", intraclient_cnf) + intraclient_obj.save(intraclient_cnf) + return intraclient_cnf + + +def provider(name="provider", instance=1, mode="ROUTER", ip="1.2.3.4", localip=None, + netmask="255.255.0.0", dnsmode="IP", dns="1.2.3.4", fwrules=5, + dialretry=None, timeout="", mtumode="AUTO", + vlanid=None, mtusize=None, login=None, password=None, + modemip=None, providerid=None, localdhcp=None, + suffix="host"): + """ + Generate and save a provider configuration file. + + :param str name: name of the provider + :param int instance: instance number (for multiple clients, -1 for next available) + :param str mode: provider mode + :param str ip: IP address of the provider + :param localip: IP address of the configured machine (valid for some configurations) + :type localip: str or None + :param str netmask: netmask of the provider + :param str dnsmode: dnsmode of the provider + :param str dns: IP address of the DNS server + :param int fwrules: instance of the firewall rules to use + :param any args: lots of detailed configuration + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create arnied provider configuration") + + def add_or_del(var, field): + if var is not None: + return Add, (field, 0, str(var)) + return Delete, field + provider_obj = batch_update_cnf( + build_provider.BuildProvider(data=name, instance=instance), + [(Update, ("PROVIDER_MODE", 0, mode)), + ip and (Update, ("PROVIDER_IP", 0, ip)) + or (Delete, "PROVIDER_IP"), + localip + and (Update, ("PROVIDER_LOCALIP", 0, localip)) + or (Delete, "PROVIDER_LOCALIP"), + netmask and (Update, ("PROVIDER_NETMASK", 0, + netmask)) + or (Delete, "PROVIDER_NETMASK"), + (Update, ("PROVIDER_TIMEOUT", 0, timeout)), + (Update, ("PROVIDER_DNS_MODE", 0, dnsmode)), + (Update, ("PROVIDER_DNS", 0, + dns if dnsmode == "IP" else "")), + (Update, ("PROVIDER_MTU_MODE", 0, mtumode)), + (Update, ("PROVIDER_MTU_SIZE", 0, + mtusize if mtumode != "AUTO" else "")), + (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules))), + add_or_del(vlanid, "PROVIDER_VLAN_ID"), + add_or_del(dialretry, "PROVIDER_DIAL_RETRY"), + add_or_del(login, "PROVIDER_LOGIN"), + add_or_del(password, "PROVIDER_PASSWORD"), + add_or_del(modemip, "PROVIDER_MODEM_IP"), + add_or_del(providerid, "PROVIDER_PROVIDERID"), + add_or_del(localdhcp, "PROVIDER_LOCAL_DHCP")]) + provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) + [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) + logging.info("Saving provider configuration to %s", provider_cnf) + provider_obj.save(provider_cnf) + return provider_cnf + + +def provider_proxy(mode="ROUTER", ip="1.2.3.4", localip=None, proxy_port=3128, fwrules=7, suffix="host"): + """ + Generate and save a provider configuration file for proxy. + + :param str mode: provider mode + :param str ip: IP address of the provider (and DNS server) + :param localip: IP address of the configured machine (valid for some configurations) + :type localip: str or None + :param int proxy_port: port for the provider proxy + :param int fwrules: instance of the firewall rules to use + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create arnied provider configuration.") + provider_obj = batch_update_cnf( + build_provider.BuildProvider(), + [(Update, ("PROVIDER_MODE", 0, mode)), + (Update, ("PROVIDER_DNS", 0, ip)), + (Update, ("PROVIDER_DYNDNS_ENABLE", 0, "0")), + (Update, ("PROVIDER_IP", 0, ip)), + (Update, ("PROVIDER_PROXY_SERVER", 0, ip)), + (Update, ("PROVIDER_PROXY_PORT", 0, str(proxy_port))), + localip + and (Update, ("PROVIDER_LOCALIP", 0, localip)) + or (Delete, "PROVIDER_LOCALIP"), + (Update, ("PROVIDER_DNS_MODE", 0, "IP")), + (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules)))]) + provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) + [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) + logging.info("Saving provider configuration to %s", provider_cnf) + provider_obj.save(provider_cnf) + return provider_cnf + + +def port_forwarding(src_port="1234", src_port_end="", + dst_port="1234", dst_port_end="", + dst_ip_ref="1", protocol_type="TCP", + suffix="host"): + """ + Generate and save a port forwarding configuration file. + + :param str src_port: forwarded source port + :param str src_port_end: forwarded source port end for a port range + :param str dst_port: forwarded destination port + :param str dst_port_end: forwarded destination port end for a port range + :param str dst_ip_ref: destination nic instance for a port range + :param str protocol_type: port forwarding protocol type + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create port forwarding configuration") + value_id = "test" + portforward_client_cnf = "portforward-%d-%s.cnf" % (time.time(), suffix) + return build_cnf("PORT_FORWARDING", + data=value_id, + filename=portforward_client_cnf, + vals=[(Child, ("PORT_FORWARDING_DST_IP_REF", 0, dst_ip_ref)), + (Child, ("PORT_FORWARDING_DST_PORT", 0, dst_port)), + (Child, ("PORT_FORWARDING_DST_PORT_END", 0, dst_port_end)), + (Child, ("PORT_FORWARDING_PROTOCOL_TYPE", 0, protocol_type)), + (Child, ("PORT_FORWARDING_SRC_PORT", 0, src_port)), + (Child, ("PORT_FORWARDING_SRC_PORT_END", 0, src_port_end))]) + + +def firewall_ruleset_simple(suffix="host"): + """ + Generate and save a simple firewall ruleset configuration file. + + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create firewall ruleset") + fw_cnf = "fw-%d-%s.cnf" % (time.time(), suffix) + return build_cnf("FIREWALL_RULESET", + instance=101, + data="Port Forwarding libfirewall test", + filename=fw_cnf, + vals=[(Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "SIMPLE_PROVIDER")), + (Update, ("FIREWALL_RULESET_PROVIDER_HTTPS_OPEN", 0, "0")), + (Update, ("FIREWALL_RULESET_PROVIDER_POP3SIMAPS_OPEN", 0, "0")), + (Update, ("FIREWALL_RULESET_PROVIDER_PORT_FORWARDING_ENABLE", 0, "1")), + (Update, ("FIREWALL_RULESET_PROVIDER_SMTP_OPEN", 0, "0")), + (Update, ("FIREWALL_RULESET_PROVIDER_HTTP_OPEN", 0, "0")), + (Update, ("FIREWALL_RULESET_PROVIDER_VPN_OPEN", 0, "0"))]) + + +def firewall_ruleset_port(suffix="host"): + """ + Generate and save a firewall ruleset configuration file for port forwarding. + + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create firewall ruleset") + fw_portforward_cnf = "fw-portforward-%d-%s.cnf" % (time.time(), suffix) + return build_cnf("FIREWALL_RULESET", + instance=100, + data="Port forwarding only", + filename=fw_portforward_cnf, + vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), + (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), + (Add, ("FIREWALL_RULESET_RULE", 1, "")), + (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), + (Child, ("FIREWALL_RULESET_RULE_CHECK_CONNECTION_STATUS", 0, "PORTFORWARDING")), + (Child, ("FIREWALL_RULESET_RULE_CHECK_TCP_FLAGS", 0, "DISABLED")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_PERIOD", 0, "SEC")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), + (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), + (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), + (Child, ("FIREWALL_RULESET_RULE_TIME_INCLUDE_TIME_REF", 0, "-1")), + (Update, ("FIREWALL_RULESET_USAGE", 0, "PROVIDER"))]) + + +def firewall_ruleset_dmz(suffix="host"): + """ + Generate and save a firewall ruleset configuration file for DMZ. + + :param str suffix: optional suffix to use for config identification + :returns: generated config filename + :rtype: str + """ + log.info("Create firewall ruleset") + fw_dmz_cnf = "fw-dmz-%d-%s.cnf" % (time.time(), suffix) + return build_cnf("FIREWALL_RULESET", + instance=100, + data="DMZ firewall rules", + filename=fw_dmz_cnf, + vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), + (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), + (Add, ("FIREWALL_RULESET_RULE", 1, "")), + (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), + (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), + (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), + (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), + (Child, ("FIREWALL_RULESET_RULE_SERVICE_INCLUDE_SERVICEGROUP_REF", 0, "6")), + (Child, ("FIREWALL_RULESET_RULE_DST_INCLUDE_CLIENT_REF", 0, "2")), + (Update, ("FIREWALL_RULESET_USAGE", 0, "LANVPN"))]) diff --git a/src/mk_config.py b/src/mk_config.py deleted file mode 100644 index 47860d9..0000000 --- a/src/mk_config.py +++ /dev/null @@ -1,435 +0,0 @@ -# The software in this package is distributed under the GNU General -# Public License version 2 (with a special exception described below). -# -# A copy of GNU General Public License (GPL) is included in this distribution, -# in the file COPYING.GPL. -# -# As a special exception, if other files instantiate templates or use macros -# or inline functions from this file, or you compile this file and link it -# with other works to produce a work based on this file, this file -# does not by itself cause the resulting work to be covered -# by the GNU General Public License. -# -# However the source code for this file must still be made available -# in accordance with section (3) of the GNU General Public License. -# -# This exception does not invalidate any other reasons why a work based -# on this file might be covered by the GNU General Public License. -# -# Copyright (c) 2016-2018 Intra2net AG - -""" - -SUMMARY ------------------------------------------------------- -Utility for one-step dynamic cnfvar configuration. - -.. note:: DEPRECATED! Please do not extend this or add new uses of this module, - use :py:mod:`pyi2ncommon.arnied_api` or :py:mod:`pyi2ncommon.cnfvar` - instead! - -Copyright: Intra2net AG - - -CONTENTS ------------------------------------------------------- -Contains general as well as specialized versions of some of the main -configurations performed by our tests. - -INTERFACE ------------------------------------------------------- - -""" - -import time -import logging - -# custom imports -from . import arnied_wrapper as aw -from .arnied_wrapper import Delete, Update, Add, Child, batch_update_cnf, build_cnf -from .cnfline import build_cnfvar, build_group, build_intraclient -from .cnfline import build_nic, build_provider, build_user - -log = logging.getLogger('pyi2ncommon.mk_config') - -############################################################################### -# MINOR CONFIGURATION -############################################################################### - - -def simple(varname, data, filename): - """ - Generate and save a single-variable configuration file. - - :param str varname: cnf variable name - :param str data: cnf variable data - :param str filename: config name - :returns: generated config filename - :rtype: str - """ - log.info("Create single-variable configuration file") - tmp = build_cnfvar.BuildCnfVar(name=varname, data=data) - [filename] = aw.prep_config_paths([filename], aw.DUMP_CONFIG_DIR) - logging.info("Saving simple configuration to %s", filename) - tmp.save(filename) - return filename - - -def user(username="admin", instance=1, suffix="host"): - """ - Generate and save a user configuration file. - - :param str username: username for the user variable - :param int instance: instance number (for multiple users, -1 for next available) - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create arnied user configuration") - user_obj = batch_update_cnf( - build_user.BuildUser(data=username, instance=instance, line_no=1), - [(Update, ("USER_FULLNAME", 0, username)), - (Update, ("USER_GROUP_MEMBER_REF", 0, "1")), - (Add, ("USER_GROUP_MEMBER_REF", 1, "2")), - (Delete, "USER_WEBMAIL_MESSAGES_PER_PAGE"), - (Delete, "USER_LOCALE"), - (Delete, "USER_TRASH_DELETEDAYS"), - (Delete, "USER_WEBMAIL_SIGNATURE")]) - user_cnf = "user-%d-%s.cnf" % (time.time(), suffix) - [user_cnf] = aw.prep_config_paths([user_cnf], aw.DUMP_CONFIG_DIR) - logging.info("Saving user configuration to %s", user_cnf) - user_obj.save(user_cnf) - return user_cnf - - -def group_admins(proxy_profile="1", activesync_enable=False, xauth_enable=False, suffix="host"): - """ - Generate and save an Administrators group configuration file. - - :param str proxy_profile: proxy profile instance reference - :param bool activesync_enable: whether to enable ActiveSync for the group - :param bool xauth_enable: whether to enable XAUTH for the group - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create arnied admin group configuration") - group = batch_update_cnf(build_group.BuildGroup(data="Administratoren", - instance=1), - [(Update, ("GROUP_ACCESS_REMOTE_ADMINISTRATION_ALLOWED", 0, "1")), - (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), - (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), - (Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), - (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_INTRANET")), - (Update, ("GROUP_ACTIVESYNC_ENABLE", 0, "1" if activesync_enable else "0")), - (Update, ("GROUP_XAUTH_ENABLE", 0, "1" if xauth_enable else "0")), - (Delete, ("GROUP_COMMENT",))]) - group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) - [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) - logging.info("Saving group configuration to %s", group_cnf) - group.save(group_cnf) - return group_cnf - - -def group_all(proxy_profile="1", suffix="host"): - """ - Generate and save an "All" group configuration file. - - :param str proxy_profile: proxy profile instance reference - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create arnied all group configuration") - group = batch_update_cnf(build_group.BuildGroup(data="Alle", - instance=2), - [(Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_INFORMATION_VERSION_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_MAINPAGE_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_FORWARDING_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_GROUPWARE_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SETTINGS_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SORTING_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SPAMFILTER_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_VACATION_ALLOWED", 0, "1")), - (Update, ("GROUP_ACCESS_GROUPWARE_ALLOWED", 0, "1")), - (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), - (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_EVERYWHERE")), - (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), - (Delete, ("GROUP_COMMENT",))]) - - group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) - [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) - logging.info("Saving group configuration to %s", group_cnf) - group.save(group_cnf) - return group_cnf - - -def nic(instance=0, nictype="NATLAN", - ip="1.2.3.4", netmask="255.255.0.0", mac="00:00:00:00:00:00", - suffix="host"): - """ - Generate and save a nic configuration file. - - :param int instance: instance number (for multiple nics, -1 for next available) - :param str nictype: type of the nic - :param str ip: IP address of the nic - :param str netmask: network mask of the nic - :param str mac: MAC address of the nic - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create arnied nic configuration") - nic_obj = batch_update_cnf( - build_nic.BuildNIC(data="", instance=instance, line_no=1), - [(Update, ("NIC_TYPE", 0, nictype)), - (Update, ("NIC_LAN_IP", 0, ip)), - (Update, ("NIC_LAN_NETMASK", 0, netmask)), - (Update, ("NIC_MAC", 0, mac))]) - nic_cnf = "nic-%d-%s.cnf" % (time.time(), suffix) - [nic_cnf] = aw.prep_config_paths([nic_cnf], aw.DUMP_CONFIG_DIR) - logging.info("Saving nic configuration to %s", nic_cnf) - nic_obj.save(nic_cnf) - return nic_cnf - - -def intraclient(name="intraclient", instance=1, - ip="1.2.3.4", mac="00:00:00:00:00:00", - fwrules=5, suffix="host"): - """ - Generate and save an intraclient configuration file. - - :param str name: name of the intraclient - :param int instance: instance number (for multiple clients, -1 for next available) - :param str ip: IP address of the intraclient - :param str mac: MAC address of the intraclient - :param int fwrules: instance of the firewall rules to use - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create arnied intraclient configuration") - intraclient_obj = batch_update_cnf( - build_intraclient.BuildIntraclient(data=name, instance=instance), - [(Update, ("INTRACLIENT_IP", 0, ip)), - (Update, ("INTRACLIENT_MAC", 0, mac)), - (Update, ("INTRACLIENT_FIREWALL_RULESET_REF", 0, fwrules))]) - - intraclient_cnf = "intraclient-%d-%s.cnf" % (time.time(), suffix) - [intraclient_cnf] = aw.prep_config_paths([intraclient_cnf], aw.DUMP_CONFIG_DIR) - logging.info("Saving intraclient configuration to %s", intraclient_cnf) - intraclient_obj.save(intraclient_cnf) - return intraclient_cnf - - -def provider(name="provider", instance=1, mode="ROUTER", ip="1.2.3.4", localip=None, - netmask="255.255.0.0", dnsmode="IP", dns="1.2.3.4", fwrules=5, - dialretry=None, timeout="", mtumode="AUTO", - vlanid=None, mtusize=None, login=None, password=None, - modemip=None, providerid=None, localdhcp=None, - suffix="host"): - """ - Generate and save a provider configuration file. - - :param str name: name of the provider - :param int instance: instance number (for multiple clients, -1 for next available) - :param str mode: provider mode - :param str ip: IP address of the provider - :param localip: IP address of the configured machine (valid for some configurations) - :type localip: str or None - :param str netmask: netmask of the provider - :param str dnsmode: dnsmode of the provider - :param str dns: IP address of the DNS server - :param int fwrules: instance of the firewall rules to use - :param any args: lots of detailed configuration - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create arnied provider configuration") - - def add_or_del(var, field): - if var is not None: - return Add, (field, 0, str(var)) - return Delete, field - provider_obj = batch_update_cnf( - build_provider.BuildProvider(data=name, instance=instance), - [(Update, ("PROVIDER_MODE", 0, mode)), - ip and (Update, ("PROVIDER_IP", 0, ip)) - or (Delete, "PROVIDER_IP"), - localip - and (Update, ("PROVIDER_LOCALIP", 0, localip)) - or (Delete, "PROVIDER_LOCALIP"), - netmask and (Update, ("PROVIDER_NETMASK", 0, - netmask)) - or (Delete, "PROVIDER_NETMASK"), - (Update, ("PROVIDER_TIMEOUT", 0, timeout)), - (Update, ("PROVIDER_DNS_MODE", 0, dnsmode)), - (Update, ("PROVIDER_DNS", 0, - dns if dnsmode == "IP" else "")), - (Update, ("PROVIDER_MTU_MODE", 0, mtumode)), - (Update, ("PROVIDER_MTU_SIZE", 0, - mtusize if mtumode != "AUTO" else "")), - (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules))), - add_or_del(vlanid, "PROVIDER_VLAN_ID"), - add_or_del(dialretry, "PROVIDER_DIAL_RETRY"), - add_or_del(login, "PROVIDER_LOGIN"), - add_or_del(password, "PROVIDER_PASSWORD"), - add_or_del(modemip, "PROVIDER_MODEM_IP"), - add_or_del(providerid, "PROVIDER_PROVIDERID"), - add_or_del(localdhcp, "PROVIDER_LOCAL_DHCP")]) - provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) - [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) - logging.info("Saving provider configuration to %s", provider_cnf) - provider_obj.save(provider_cnf) - return provider_cnf - - -def provider_proxy(mode="ROUTER", ip="1.2.3.4", localip=None, proxy_port=3128, fwrules=7, suffix="host"): - """ - Generate and save a provider configuration file for proxy. - - :param str mode: provider mode - :param str ip: IP address of the provider (and DNS server) - :param localip: IP address of the configured machine (valid for some configurations) - :type localip: str or None - :param int proxy_port: port for the provider proxy - :param int fwrules: instance of the firewall rules to use - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create arnied provider configuration.") - provider_obj = batch_update_cnf( - build_provider.BuildProvider(), - [(Update, ("PROVIDER_MODE", 0, mode)), - (Update, ("PROVIDER_DNS", 0, ip)), - (Update, ("PROVIDER_DYNDNS_ENABLE", 0, "0")), - (Update, ("PROVIDER_IP", 0, ip)), - (Update, ("PROVIDER_PROXY_SERVER", 0, ip)), - (Update, ("PROVIDER_PROXY_PORT", 0, str(proxy_port))), - localip - and (Update, ("PROVIDER_LOCALIP", 0, localip)) - or (Delete, "PROVIDER_LOCALIP"), - (Update, ("PROVIDER_DNS_MODE", 0, "IP")), - (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules)))]) - provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) - [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) - logging.info("Saving provider configuration to %s", provider_cnf) - provider_obj.save(provider_cnf) - return provider_cnf - - -def port_forwarding(src_port="1234", src_port_end="", - dst_port="1234", dst_port_end="", - dst_ip_ref="1", protocol_type="TCP", - suffix="host"): - """ - Generate and save a port forwarding configuration file. - - :param str src_port: forwarded source port - :param str src_port_end: forwarded source port end for a port range - :param str dst_port: forwarded destination port - :param str dst_port_end: forwarded destination port end for a port range - :param str dst_ip_ref: destination nic instance for a port range - :param str protocol_type: port forwarding protocol type - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create port forwarding configuration") - value_id = "test" - portforward_client_cnf = "portforward-%d-%s.cnf" % (time.time(), suffix) - return build_cnf("PORT_FORWARDING", - data=value_id, - filename=portforward_client_cnf, - vals=[(Child, ("PORT_FORWARDING_DST_IP_REF", 0, dst_ip_ref)), - (Child, ("PORT_FORWARDING_DST_PORT", 0, dst_port)), - (Child, ("PORT_FORWARDING_DST_PORT_END", 0, dst_port_end)), - (Child, ("PORT_FORWARDING_PROTOCOL_TYPE", 0, protocol_type)), - (Child, ("PORT_FORWARDING_SRC_PORT", 0, src_port)), - (Child, ("PORT_FORWARDING_SRC_PORT_END", 0, src_port_end))]) - - -def firewall_ruleset_simple(suffix="host"): - """ - Generate and save a simple firewall ruleset configuration file. - - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create firewall ruleset") - fw_cnf = "fw-%d-%s.cnf" % (time.time(), suffix) - return build_cnf("FIREWALL_RULESET", - instance=101, - data="Port Forwarding libfirewall test", - filename=fw_cnf, - vals=[(Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "SIMPLE_PROVIDER")), - (Update, ("FIREWALL_RULESET_PROVIDER_HTTPS_OPEN", 0, "0")), - (Update, ("FIREWALL_RULESET_PROVIDER_POP3SIMAPS_OPEN", 0, "0")), - (Update, ("FIREWALL_RULESET_PROVIDER_PORT_FORWARDING_ENABLE", 0, "1")), - (Update, ("FIREWALL_RULESET_PROVIDER_SMTP_OPEN", 0, "0")), - (Update, ("FIREWALL_RULESET_PROVIDER_HTTP_OPEN", 0, "0")), - (Update, ("FIREWALL_RULESET_PROVIDER_VPN_OPEN", 0, "0"))]) - - -def firewall_ruleset_port(suffix="host"): - """ - Generate and save a firewall ruleset configuration file for port forwarding. - - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create firewall ruleset") - fw_portforward_cnf = "fw-portforward-%d-%s.cnf" % (time.time(), suffix) - return build_cnf("FIREWALL_RULESET", - instance=100, - data="Port forwarding only", - filename=fw_portforward_cnf, - vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), - (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), - (Add, ("FIREWALL_RULESET_RULE", 1, "")), - (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), - (Child, ("FIREWALL_RULESET_RULE_CHECK_CONNECTION_STATUS", 0, "PORTFORWARDING")), - (Child, ("FIREWALL_RULESET_RULE_CHECK_TCP_FLAGS", 0, "DISABLED")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_PERIOD", 0, "SEC")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), - (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), - (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), - (Child, ("FIREWALL_RULESET_RULE_TIME_INCLUDE_TIME_REF", 0, "-1")), - (Update, ("FIREWALL_RULESET_USAGE", 0, "PROVIDER"))]) - - -def firewall_ruleset_dmz(suffix="host"): - """ - Generate and save a firewall ruleset configuration file for DMZ. - - :param str suffix: optional suffix to use for config identification - :returns: generated config filename - :rtype: str - """ - log.info("Create firewall ruleset") - fw_dmz_cnf = "fw-dmz-%d-%s.cnf" % (time.time(), suffix) - return build_cnf("FIREWALL_RULESET", - instance=100, - data="DMZ firewall rules", - filename=fw_dmz_cnf, - vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), - (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), - (Add, ("FIREWALL_RULESET_RULE", 1, "")), - (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), - (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), - (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), - (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), - (Child, ("FIREWALL_RULESET_RULE_SERVICE_INCLUDE_SERVICEGROUP_REF", 0, "6")), - (Child, ("FIREWALL_RULESET_RULE_DST_INCLUDE_CLIENT_REF", 0, "2")), - (Update, ("FIREWALL_RULESET_USAGE", 0, "LANVPN"))]) -- 1.7.1