|
|
|
|
|
# coding: utf-8
|
|
|
|
|
|
|
|
|
|
|
|
from Crypto.PublicKey import RSA
|
|
|
|
|
|
|
|
|
|
|
|
from juser.models import AdminGroup
|
|
|
|
|
|
from jumpserver.api import *
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def group_add_user(group, user_id=None, username=None):
|
|
|
|
|
|
"""
|
|
|
|
|
|
用户组中添加用户
|
|
|
|
|
|
UserGroup Add a user
|
|
|
|
|
|
"""
|
|
|
|
|
|
if user_id:
|
|
|
|
|
|
user = get_object(User, id=user_id)
|
|
|
|
|
|
else:
|
|
|
|
|
|
user = get_object(User, username=username)
|
|
|
|
|
|
|
|
|
|
|
|
if user:
|
|
|
|
|
|
group.user_set.add(user)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def db_add_group(**kwargs):
|
|
|
|
|
|
"""
|
|
|
|
|
|
add a user group in database
|
|
|
|
|
|
数据库中添加用户组
|
|
|
|
|
|
"""
|
|
|
|
|
|
name = kwargs.get('name')
|
|
|
|
|
|
group = get_object(UserGroup, name=name)
|
|
|
|
|
|
users = kwargs.pop('users_id')
|
|
|
|
|
|
|
|
|
|
|
|
if not group:
|
|
|
|
|
|
group = UserGroup(**kwargs)
|
|
|
|
|
|
group.save()
|
|
|
|
|
|
for user_id in users:
|
|
|
|
|
|
group_add_user(group, user_id)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def group_update_member(group_id, users_id_list):
|
|
|
|
|
|
"""
|
|
|
|
|
|
user group update member
|
|
|
|
|
|
用户组更新成员
|
|
|
|
|
|
"""
|
|
|
|
|
|
group = get_object(UserGroup, id=group_id)
|
|
|
|
|
|
if group:
|
|
|
|
|
|
group.user_set.clear()
|
|
|
|
|
|
for user_id in users_id_list:
|
|
|
|
|
|
user = get_object(UserGroup, id=user_id)
|
|
|
|
|
|
if isinstance(user, UserGroup):
|
|
|
|
|
|
group.user_set.add(user)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def db_add_user(**kwargs):
|
|
|
|
|
|
"""
|
|
|
|
|
|
add a user in database
|
|
|
|
|
|
数据库中添加用户
|
|
|
|
|
|
"""
|
|
|
|
|
|
groups_post = kwargs.pop('groups')
|
|
|
|
|
|
admin_groups = kwargs.pop('admin_groups')
|
|
|
|
|
|
role = kwargs.get('role', 'CU')
|
|
|
|
|
|
user = User(**kwargs)
|
|
|
|
|
|
user.save()
|
|
|
|
|
|
if groups_post:
|
|
|
|
|
|
group_select = []
|
|
|
|
|
|
for group_id in groups_post:
|
|
|
|
|
|
group = UserGroup.objects.filter(id=group_id)
|
|
|
|
|
|
group_select.extend(group)
|
|
|
|
|
|
user.group = group_select
|
|
|
|
|
|
|
|
|
|
|
|
if admin_groups and role == 'GA': # 如果是组管理员就要添加组管理员和组到管理组中
|
|
|
|
|
|
for group_id in admin_groups:
|
|
|
|
|
|
group = get_object(UserGroup, id=group_id)
|
|
|
|
|
|
if group:
|
|
|
|
|
|
AdminGroup(user=user, group=group).save()
|
|
|
|
|
|
return user
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def db_update_user(**kwargs):
|
|
|
|
|
|
"""
|
|
|
|
|
|
update a user info in database
|
|
|
|
|
|
数据库更新用户信息
|
|
|
|
|
|
"""
|
|
|
|
|
|
groups_post = kwargs.pop('groups')
|
|
|
|
|
|
user_id = kwargs.pop('user_id')
|
|
|
|
|
|
user = User.objects.filter(id=user_id)
|
|
|
|
|
|
if user:
|
|
|
|
|
|
user.update(**kwargs)
|
|
|
|
|
|
user = User.objects.get(id=user_id)
|
|
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
|
|
|
|
if groups_post:
|
|
|
|
|
|
group_select = []
|
|
|
|
|
|
for group_id in groups_post:
|
|
|
|
|
|
group = UserGroup.objects.filter(id=group_id)
|
|
|
|
|
|
group_select.extend(group)
|
|
|
|
|
|
user.group = group_select
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def db_del_user(username):
|
|
|
|
|
|
"""
|
|
|
|
|
|
delete a user from database
|
|
|
|
|
|
从数据库中删除用户
|
|
|
|
|
|
"""
|
|
|
|
|
|
try:
|
|
|
|
|
|
user = User.objects.get(username=username)
|
|
|
|
|
|
user.delete()
|
|
|
|
|
|
except ObjectDoesNotExist:
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def gen_ssh_key(username, password=None, length=2048):
|
|
|
|
|
|
"""
|
|
|
|
|
|
generate a user ssh key in a property dir
|
|
|
|
|
|
生成一个用户ssh密钥对
|
|
|
|
|
|
"""
|
|
|
|
|
|
print "gen_ssh_key" + str(time.time())
|
|
|
|
|
|
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
|
|
|
|
|
|
private_key_file = os.path.join(private_key_dir, username+".pem")
|
|
|
|
|
|
public_key_dir = '/home/%s/.ssh/' % username
|
|
|
|
|
|
public_key_file = os.path.join(public_key_dir, 'authorized_keys')
|
|
|
|
|
|
is_dir(private_key_dir)
|
|
|
|
|
|
is_dir(public_key_dir, username, mode=0700)
|
|
|
|
|
|
|
|
|
|
|
|
key = RSA.generate(length)
|
|
|
|
|
|
with open(private_key_file, 'w') as pri_f:
|
|
|
|
|
|
pri_f.write(key.exportKey('PEM', password))
|
|
|
|
|
|
os.chmod(private_key_file, 0600)
|
|
|
|
|
|
print "gen_ssh_pub_key" + str(time.time())
|
|
|
|
|
|
pub_key = key.publickey()
|
|
|
|
|
|
with open(public_key_file, 'w') as pub_f:
|
|
|
|
|
|
pub_f.write(pub_key.exportKey('OpenSSH'))
|
|
|
|
|
|
os.chmod(public_key_file, 0600)
|
|
|
|
|
|
bash('chown %s:%s %s' % (username, username, public_key_file))
|
|
|
|
|
|
print "gen_ssh_key_end" + str(time.time())
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def server_add_user(username, password, ssh_key_pwd):
|
|
|
|
|
|
"""
|
|
|
|
|
|
add a system user in jumpserver
|
|
|
|
|
|
在jumpserver服务器上添加一个用户
|
|
|
|
|
|
"""
|
|
|
|
|
|
bash("useradd '%s'; echo '%s' | passwd --stdin '%s'" % (username, password, username))
|
|
|
|
|
|
gen_ssh_key(username, ssh_key_pwd)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def user_add_mail(user, kwargs):
|
|
|
|
|
|
"""
|
|
|
|
|
|
add user send mail
|
|
|
|
|
|
发送用户添加邮件
|
|
|
|
|
|
"""
|
|
|
|
|
|
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
|
|
|
|
|
|
mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name
|
|
|
|
|
|
mail_msg = u"""
|
|
|
|
|
|
Hi, %s
|
|
|
|
|
|
您的用户名: %s
|
|
|
|
|
|
您的角色: %s
|
|
|
|
|
|
您的web登录密码: %s
|
|
|
|
|
|
您的ssh密钥文件密码: %s
|
|
|
|
|
|
密钥下载地址: http://%s:%s/juser/down_key/?id=%s
|
|
|
|
|
|
说明: 请登陆后再下载密钥!
|
|
|
|
|
|
""" % (user.name, user.username, user_role.get(user.role, u'普通用户'),
|
|
|
|
|
|
kwargs.get('password'), kwargs.get('ssh_key_pwd'), SEND_IP, SEND_PORT, user.id)
|
|
|
|
|
|
send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def server_del_user(username):
|
|
|
|
|
|
"""
|
|
|
|
|
|
delete a user from jumpserver linux system
|
|
|
|
|
|
删除系统上的某用户
|
|
|
|
|
|
"""
|
|
|
|
|
|
bash('userdel -r %s' % username)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def ldap_add_user(username, ldap_pwd):
|
|
|
|
|
|
"""
|
|
|
|
|
|
add a user in ldap database
|
|
|
|
|
|
在LDAP中添加用户
|
|
|
|
|
|
"""
|
|
|
|
|
|
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
|
|
|
|
|
|
password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd)
|
|
|
|
|
|
user = get_object(User, username=username)
|
|
|
|
|
|
if not user:
|
|
|
|
|
|
raise ServerError(u'用户 %s 不存在' % username)
|
|
|
|
|
|
|
|
|
|
|
|
user_attr = {'uid': [str(username)],
|
|
|
|
|
|
'cn': [str(username)],
|
|
|
|
|
|
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
|
|
|
|
|
|
'userPassword': ['{crypt}%s' % password_sha512],
|
|
|
|
|
|
'shadowLastChange': ['16328'],
|
|
|
|
|
|
'shadowMin': ['0'],
|
|
|
|
|
|
'shadowMax': ['99999'],
|
|
|
|
|
|
'shadowWarning': ['7'],
|
|
|
|
|
|
'loginShell': ['/bin/bash'],
|
|
|
|
|
|
'uidNumber': [str(user.id)],
|
|
|
|
|
|
'gidNumber': [str(user.id)],
|
|
|
|
|
|
'homeDirectory': [str('/home/%s' % username)]}
|
|
|
|
|
|
|
|
|
|
|
|
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
|
|
|
|
|
|
group_attr = {'objectClass': ['posixGroup', 'top'],
|
|
|
|
|
|
'cn': [str(username)],
|
|
|
|
|
|
'userPassword': ['{crypt}x'],
|
|
|
|
|
|
'gidNumber': [str(user.id)]}
|
|
|
|
|
|
|
|
|
|
|
|
ldap_conn.add(user_dn, user_attr)
|
|
|
|
|
|
ldap_conn.add(group_dn, group_attr)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def ldap_del_user(username):
|
|
|
|
|
|
"""
|
|
|
|
|
|
delete a user in ldap database
|
|
|
|
|
|
在ldap中删除某用户
|
|
|
|
|
|
"""
|
|
|
|
|
|
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
|
|
|
|
|
|
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
|
|
|
|
|
|
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
|
|
|
|
|
|
|
|
|
|
|
|
ldap_conn.delete(user_dn)
|
|
|
|
|
|
ldap_conn.delete(group_dn)
|
|
|
|
|
|
ldap_conn.delete(sudo_dn)
|
