jumpserver/apps/assets/models/user.py

290 lines
8.8 KiB
Python
Raw Normal View History

2016-12-20 16:43:52 +00:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
2017-03-23 16:27:33 +00:00
import os
2016-12-20 16:43:52 +00:00
import logging
2017-11-23 06:08:01 +00:00
import uuid
2017-03-23 16:27:33 +00:00
from hashlib import md5
2017-03-06 13:05:00 +00:00
import sshpubkeys
2017-12-19 04:41:00 +00:00
from django.core.cache import cache
2017-03-06 13:05:00 +00:00
from django.db import models
from django.utils.translation import ugettext_lazy as _
2017-03-23 16:27:33 +00:00
from django.conf import settings
2016-12-20 16:43:52 +00:00
2017-12-24 10:53:07 +00:00
from common.utils import get_signer, ssh_key_string_to_obj, ssh_key_gen
from .utils import private_key_validator
2017-12-19 04:41:00 +00:00
from ..const import SYSTEM_USER_CONN_CACHE_KEY
2016-12-20 16:43:52 +00:00
__all__ = ['AdminUser', 'SystemUser',]
logger = logging.getLogger(__name__)
2017-12-24 10:53:07 +00:00
signer = get_signer()
2016-12-20 16:43:52 +00:00
2017-12-13 09:21:08 +00:00
class AssetUser(models.Model):
2017-11-23 06:08:01 +00:00
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
2016-12-20 16:43:52 +00:00
name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
username = models.CharField(max_length=16, verbose_name=_('Username'))
2017-12-07 05:01:33 +00:00
_password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
2017-12-13 09:21:08 +00:00
_private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ])
2017-12-07 05:01:33 +00:00
_public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key'))
2016-12-20 16:43:52 +00:00
comment = models.TextField(blank=True, verbose_name=_('Comment'))
date_created = models.DateTimeField(auto_now_add=True)
date_updated = models.DateTimeField(auto_now=True)
2017-12-07 05:01:33 +00:00
created_by = models.CharField(max_length=32, null=True, verbose_name=_('Created by'))
2016-12-20 16:43:52 +00:00
@property
def password(self):
2017-03-05 03:38:02 +00:00
if self._password:
return signer.unsign(self._password)
else:
2017-12-13 09:21:08 +00:00
return None
2016-12-20 16:43:52 +00:00
@password.setter
def password(self, password_raw):
2017-12-13 09:21:08 +00:00
raise AttributeError("Using set_auth do that")
# self._password = signer.sign(password_raw)
2016-12-20 16:43:52 +00:00
@property
def private_key(self):
2017-03-05 03:38:02 +00:00
if self._private_key:
return signer.unsign(self._private_key)
2016-12-20 16:43:52 +00:00
@private_key.setter
def private_key(self, private_key_raw):
2017-12-13 09:21:08 +00:00
raise AttributeError("Using set_auth do that")
# self._private_key = signer.sign(private_key_raw)
2016-12-20 16:43:52 +00:00
@property
def private_key_obj(self):
if self._private_key:
key_str = signer.unsign(self._private_key)
return ssh_key_string_to_obj(key_str, password=self.password)
else:
return None
2017-03-23 16:27:33 +00:00
@property
def private_key_file(self):
2017-12-21 03:31:13 +00:00
if not self.private_key_obj:
2017-03-23 16:27:33 +00:00
return None
project_dir = settings.PROJECT_DIR
tmp_dir = os.path.join(project_dir, 'tmp')
2017-12-13 09:21:08 +00:00
key_str = signer.unsign(self._private_key)
2017-12-21 03:31:13 +00:00
key_name = '.' + md5(key_str.encode('utf-8')).hexdigest()
2017-03-23 16:27:33 +00:00
key_path = os.path.join(tmp_dir, key_name)
if not os.path.exists(key_path):
2017-12-21 03:31:13 +00:00
self.private_key_obj.write_private_key_file(key_path)
2017-12-13 09:21:08 +00:00
os.chmod(key_path, 0o400)
2017-03-23 16:27:33 +00:00
return key_path
2016-12-20 16:43:52 +00:00
@property
def public_key(self):
key = signer.unsign(self._public_key)
if key:
return key
else:
return None
2016-12-20 16:43:52 +00:00
@property
def public_key_obj(self):
if self.public_key:
try:
return sshpubkeys.SSHKey(self.public_key)
except TabError:
pass
return None
2017-12-13 09:21:08 +00:00
def set_auth(self, password=None, private_key=None, public_key=None):
update_fields = []
if password:
self._password = signer.sign(password)
update_fields.append('_password')
if private_key:
self._private_key = signer.sign(private_key)
update_fields.append('_private_key')
if public_key:
self._public_key = signer.sign(public_key)
update_fields.append('_public_key')
if update_fields:
self.save(update_fields=update_fields)
def auto_gen_auth(self):
password = str(uuid.uuid4())
private_key, public_key = ssh_key_gen(
username=self.name, password=password
)
self.set_auth(password=password,
private_key=private_key,
public_key=public_key)
2017-12-15 09:07:52 +00:00
def _to_secret_json(self):
"""Push system user use it"""
return {
'name': self.name,
'username': self.username,
'password': self.password,
'public_key': self.public_key,
'private_key': self.private_key_file,
}
2017-12-13 09:21:08 +00:00
class Meta:
abstract = True
class AdminUser(AssetUser):
"""
A privileged user that ansible can use it to push system user and so on
"""
BECOME_METHOD_CHOICES = (
('sudo', 'sudo'),
('su', 'su'),
)
become = models.BooleanField(default=True)
become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
become_user = models.CharField(default='root', max_length=64)
_become_pass = models.CharField(default='', max_length=128)
def __str__(self):
return self.name
2016-12-20 16:43:52 +00:00
2017-12-07 08:25:50 +00:00
@property
def become_pass(self):
2017-12-21 03:31:13 +00:00
password = signer.unsign(self._become_pass)
if password:
return password
else:
return ""
2017-12-07 08:25:50 +00:00
@become_pass.setter
def become_pass(self, password):
self._become_pass = signer.sign(password)
2017-12-28 06:25:56 +00:00
@property
def become_info(self):
if self.become:
info = {
"method": self.become_method,
"user": self.become_user,
"pass": self.become_pass,
}
else:
info = None
return info
2017-12-12 04:19:45 +00:00
def get_related_assets(self):
assets = self.asset_set.all()
return assets
2017-12-12 04:19:45 +00:00
2016-12-20 16:43:52 +00:00
@property
def assets_amount(self):
return self.get_related_assets().count()
2016-12-20 16:43:52 +00:00
class Meta:
ordering = ['name']
2018-01-05 09:57:02 +00:00
verbose_name = _("Admin user")
2016-12-20 16:43:52 +00:00
@classmethod
2017-03-22 15:36:43 +00:00
def generate_fake(cls, count=10):
2016-12-20 16:43:52 +00:00
from random import seed
import forgery_py
from django.db import IntegrityError
seed()
for i in range(count):
obj = cls(name=forgery_py.name.full_name(),
username=forgery_py.internet.user_name(),
password=forgery_py.lorem_ipsum.word(),
comment=forgery_py.lorem_ipsum.sentence(),
created_by='Fake')
try:
obj.save()
logger.debug('Generate fake asset group: %s' % obj.name)
except IntegrityError:
print('Error continue')
continue
2017-12-13 09:21:08 +00:00
class SystemUser(AssetUser):
2017-12-29 15:53:45 +00:00
SSH_PROTOCOL = 'ssh'
2018-02-05 13:54:57 +00:00
RDP_PROTOCOL = 'rdp'
2016-12-20 16:43:52 +00:00
PROTOCOL_CHOICES = (
2017-12-29 15:53:45 +00:00
(SSH_PROTOCOL, 'ssh'),
2018-02-05 13:54:57 +00:00
(RDP_PROTOCOL, 'rdp'),
2016-12-29 11:17:00 +00:00
)
2017-12-29 15:53:45 +00:00
nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))
2017-12-21 03:31:13 +00:00
priority = models.IntegerField(default=10, verbose_name=_("Priority"))
2017-12-07 05:01:33 +00:00
protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
2016-12-20 16:43:52 +00:00
auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
2017-12-07 05:01:33 +00:00
sudo = models.TextField(default='/sbin/ifconfig', verbose_name=_('Sudo'))
shell = models.CharField(max_length=64, default='/bin/bash', verbose_name=_('Shell'))
2016-12-20 16:43:52 +00:00
2017-12-07 05:01:33 +00:00
def __str__(self):
2016-12-20 16:43:52 +00:00
return self.name
def to_json(self):
return {
'id': self.id,
'name': self.name,
'username': self.username,
'protocol': self.protocol,
'priority': self.priority,
'auto_push': self.auto_push,
}
2018-02-25 10:08:00 +00:00
@property
def assets(self):
assets = set()
for node in self.nodes.all():
assets.update(set(node.get_all_assets()))
return assets
2017-12-19 04:41:00 +00:00
@property
def assets_connective(self):
_result = cache.get(SYSTEM_USER_CONN_CACHE_KEY.format(self.name), {})
return _result
@property
def unreachable_assets(self):
return list(self.assets_connective.get('dark', {}).keys())
@property
def reachable_assets(self):
return self.assets_connective.get('contacted', [])
def is_need_push(self):
if self.auto_push and self.protocol == self.__class__.SSH_PROTOCOL:
return True
else:
return False
2016-12-20 16:43:52 +00:00
class Meta:
ordering = ['name']
2018-01-05 09:57:02 +00:00
verbose_name = _("System user")
2016-12-20 16:43:52 +00:00
@classmethod
2017-03-22 15:36:43 +00:00
def generate_fake(cls, count=10):
2016-12-20 16:43:52 +00:00
from random import seed
import forgery_py
from django.db import IntegrityError
seed()
for i in range(count):
obj = cls(name=forgery_py.name.full_name(),
username=forgery_py.internet.user_name(),
password=forgery_py.lorem_ipsum.word(),
comment=forgery_py.lorem_ipsum.sentence(),
created_by='Fake')
try:
obj.save()
logger.debug('Generate fake asset group: %s' % obj.name)
except IntegrityError:
print('Error continue')
continue
2017-04-02 10:09:40 +00:00