github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

整理一遍

pull/2/head
guanghongwei 2014-09-27 19:26:33 +08:00
parent a68454f7a4
commit 0d5ff30acf
2 changed files with 132 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
webroot/AutoSa/AutoSa/views.py
View File

@ -11,11 +11,11 @@ from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex from binascii import b2a_hex, a2b_hex
import random import random
import ConfigParser import ConfigParser
import pam
import os import os
import ldap import ldap
import ldap.modlist as modlist import ldap.modlist as modlist
import crypt import crypt
import hashlib
from UserManage.forms import UserAddForm, GroupAddForm from UserManage.forms import UserAddForm, GroupAddForm
@ -41,17 +41,22 @@ admin_pass = cf.get('jumpserver', 'admin_pass')
def keygen(num): def keygen(num):
"""生成随机密码""" """生成随机密码"""
seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
sa = [] salt_list = []
for i in range(num): for i in range(num):
sa.append(random.choice(seed)) salt_list.append(random.choice(seed))
salt = ''.join(sa) salt = ''.join(salt_list)
return salt return salt
def bash(cmd): def bash(cmd):
"""执行bash命令"""
return subprocess.call(cmd, shell=True) return subprocess.call(cmd, shell=True)
def md5_crypt(string):
return hashlib.new("md5", string).hexdigest()
class PyCrypt(object): class PyCrypt(object):
"""对称加密解密""" """对称加密解密"""
def __init__(self, key): def __init__(self, key):
@ -161,36 +166,6 @@ def group_member(username):
return list(set(member)) return list(set(member))
def login(request):
"""登录界面"""
if request.session.get('username'):
return HttpResponseRedirect('/')
if request.method == 'GET':
return render_to_response('login.html')
else:
username = request.POST.get('username')
password = request.POST.get('password')
user = User.objects.filter(username=username)
if user:
user = user[0]
if user and password == user.password:
request.session['username'] = username
if user.is_admin:
request.session['admin'] = 1
elif user.is_superuser:
request.session['admin'] = 2
else:
request.session['admin'] = 0
return HttpResponseRedirect('/')
else:
error = '密码错误,请重新输入。'
else:
error = '用户不存在。'
return render_to_response('login.html', {'error': error})
def login_required(func): def login_required(func):
"""要求登录的装饰器""" """要求登录的装饰器"""
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
@ -218,6 +193,48 @@ def superuser_required(func):
return _deco return _deco
def is_admin_user(request):
if request.session.get('admin') == 1:
return True
else:
return False
def is_super_user(request):
if request.session.get('admin') == 2:
return True
else:
return False
def login(request):
"""登录界面"""
if request.session.get('username'):
return HttpResponseRedirect('/')
if request.method == 'GET':
return render_to_response('login.html')
else:
username = request.POST.get('username')
password = request.POST.get('password')
user = User.objects.filter(username=username)
if user:
user = user[0]
if password == user.password:
request.session['username'] = username
if user.is_admin:
request.session['admin'] = 1
elif user.is_superuser:
request.session['admin'] = 2
else:
request.session['admin'] = 0
return HttpResponseRedirect('/')
else:
error = '密码错误,请重新输入。'
else:
error = '用户不存在。'
return render_to_response('login.html', {'error': error})
def logout(request): def logout(request):
"""注销登录调用""" """注销登录调用"""
if request.session.get('username'): if request.session.get('username'):
@ -266,24 +283,33 @@ def showUser(request):
"""查看所有用户""" """查看所有用户"""
info = '' info = ''
error = '' error = ''
if is_super_user(request):
users = User.objects.all()
else:
users = group_member(request.session.get('username'))
if request.method == 'POST': if request.method == 'POST':
selected_user = request.REQUEST.getlist('selected') selected_user = request.REQUEST.getlist('selected')
if selected_user: if selected_user:
for id in selected_user: for user_id in selected_user:
# 从数据库中删除
try: try:
user_del = User.objects.get(id=id) user = User.objects.get(id=user_id)
if user_del.is_admin or user_del.is_superuser: if user.is_admin or user.is_superuser:
if request.session.get('admin') == 1: if is_admin_user(request):
error = 'No Permision.'
return HttpResponseRedirect('/showUser/') return HttpResponseRedirect('/showUser/')
username = user_del.username username = user.username
user_del.delete() user.delete()
except Exception, e: except Exception, e:
error = u'数据库中用户删除错误' + unicode(e) error = u'数据库中用户删除错误' + unicode(e)
# 在bash中删除
bash_del = bash("userdel -r %s" % username) bash_del = bash("userdel -r %s" % username)
if bash_del != 0: if bash_del != 0:
error = u'bash中用户删除错误' error = u'bash中用户删除错误'
# 从LDAP中删除
try: try:
ldap_del = LDAPMgmt() ldap_del = LDAPMgmt()
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn) user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
@ -295,17 +321,12 @@ def showUser(request):
if not error: if not error:
info = '用户删除成功' info = '用户删除成功'
return HttpResponseRedirect('/showUser/')
else: return render_to_response('showUser.html',
if request.session.get('admin') == 2: {'users': users,
users = User.objects.all() 'info': info,
elif request.session.get('admin') == 1: 'error': error,
users = group_member(request.session.get('username')) 'user_menu': 'active'},
return render_to_response(
'showUser.html',
{'users': users, 'info': info, 'error': error, 'user_menu': 'active'},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
@ -315,30 +336,31 @@ def addUser(request):
msg = '' msg = ''
form = UserAddForm() form = UserAddForm()
jm = PyCrypt(key) jm = PyCrypt(key)
if request.method == 'GET':
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form}, if request.method == 'POST':
context_instance=RequestContext(request))
else:
form = UserAddForm(request.POST) form = UserAddForm(request.POST)
if form.is_valid(): if form.is_valid():
user = form.cleaned_data user = form.cleaned_data
username = user['username'] username = user['username']
password = user['password'] password = md5_crypt(user['password'])
key_pass = user['key_pass'] key_pass = user['key_pass']
name = user['name'] name = user['name']
is_admin = user['is_admin'] is_admin = user['is_admin']
is_superuser = user['is_superuser'] is_superuser = user['is_superuser']
ldap_password = keygen(16) ldap_password = jm.encrypt(keygen(16))
group_post = user['group'] group_post = user['group']
groups = [] groups = []
if request.session.get('admin') < 1: # 如果用户是admin那么不能委任其他admin或者超级用户
if is_admin_user(request):
is_admin = False is_admin = False
is_superuser = False is_superuser = False
# 组
for group_name in group_post: for group_name in group_post:
groups.append(Group.objects.get(name=group_name)) groups.append(Group.objects.get(name=group_name))
# 数据中保存用户,如果失败就返回
u = User( u = User(
username=username, username=username,
password=password, password=password,
@ -356,24 +378,26 @@ def addUser(request):
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error}, return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
# 系统中添加用户
ret_add = bash('useradd %s' % username) ret_add = bash('useradd %s' % username)
ret_passwd = bash('echo %s | passwd --stdin %s' % (password, username)) ret_passwd = bash('echo %s | passwd --stdin %s' % (password, username))
ret_rsa = rsa_gen(username, key_pass) ret_rsa = rsa_gen(username, key_pass)
if [ret_add, ret_passwd, ret_rsa].count(0) < 3: if [ret_add, ret_passwd, ret_rsa].count(0) < 3:
error = u'跳板机添加用户失败' error = u'跳板机添加用户失败'
ret_del = bash('userdel -r %s' % username) bash('userdel -r %s' % username)
u.delete() u.delete()
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error}, return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
# 添加到ldap中
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn) user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
userPassword = gen_sha512(keygen(6), ldap_password) password_sha512 = gen_sha512(keygen(6), ldap_password)
user_attr = { user_attr = {
'uid': [str(username)], 'uid': [str(username)],
'cn': [str(username)], 'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'], 'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % userPassword], 'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'], 'shadowLastChange': ['16328'],
'shadowMin': ['0'], 'shadowMin': ['0'],
'shadowMax': ['99999'], 'shadowMax': ['99999'],
@ -392,20 +416,21 @@ def addUser(request):
} }
try: try:
ldap_user = LDAPMgmt() ldap_conn = LDAPMgmt()
ldap_user.add(user_dn, user_attr) ldap_conn.add(user_dn, user_attr)
ldap_user.add(group_dn, group_attr) ldap_conn.add(group_dn, group_attr)
except Exception, e: except Exception, e:
error = u'添加ladp用户失败' + unicode(e) error = u'添加ladp用户失败' + unicode(e)
try: try:
bash('userdel -r %s' % username) bash('userdel -r %s' % username)
u.delete() u.delete()
ldap_user.delete(user_dn) ldap_conn.delete(user_dn)
ldap_user.delete(group_dn) ldap_conn.delete(group_dn)
except: except Exception:
pass pass
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error}, return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
msg = u'添加用户成功' msg = u'添加用户成功'
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'msg': msg}, return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'msg': msg},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
@ -415,8 +440,17 @@ def addUser(request):
def showAssets(request): def showAssets(request):
"""查看服务器""" """查看服务器"""
info = '' info = ''
if request.session.get('admin') < 2:
assets = []
username = request.session.get('username')
user = User.objects.get(username=username)
for asset in user.assetsuser_set.all():
assets.append(asset.aid)
else:
assets = Assets.objects.all() assets = Assets.objects.all()
if request.method == 'POST': if request.method == 'POST':
if request.session.get('admin') < 2:
return HttpResponseRedirect('/showAssets/')
assets_del = request.REQUEST.getlist('selected') assets_del = request.REQUEST.getlist('selected')
for asset_id in assets_del: for asset_id in assets_del:
asset_del = Assets.objects.get(id=asset_id) asset_del = Assets.objects.get(id=asset_id)
@ -426,7 +460,7 @@ def showAssets(request):
context_instance=RequestContext(request)) context_instance=RequestContext(request))
@admin_required @superuser_required
def addAssets(request): def addAssets(request):
"""添加服务器""" """添加服务器"""
error = '' error = ''
@ -434,6 +468,7 @@ def addAssets(request):
if request.method == 'POST': if request.method == 'POST':
ip = request.POST.get('ip') ip = request.POST.get('ip')
port = request.POST.get('port') port = request.POST.get('port')
idc = request.POST.get('idc')
comment = request.POST.get('comment') comment = request.POST.get('comment')
if '' in (ip, port): if '' in (ip, port):
@ -441,7 +476,7 @@ def addAssets(request):
elif Assets.objects.filter(ip=ip): elif Assets.objects.filter(ip=ip):
error = '主机已存在。' error = '主机已存在。'
if not error: if not error:
asset = Assets(ip=ip, port=port, comment=comment) asset = Assets(ip=ip, port=port, idc=idc, comment=comment)
asset.save() asset.save()
msg = u'%s 添加成功' % ip msg = u'%s 添加成功' % ip
@ -452,7 +487,11 @@ def addAssets(request):
@admin_required @admin_required
def showPerm(request): def showPerm(request):
"""查看权限""" """查看权限"""
if is_super_user(request):
users = User.objects.all() users = User.objects.all()
else:
users = group_member(request.session.get('username'))
if request.method == 'POST': if request.method == 'POST':
assets_del = request.REQUEST.getlist('selected') assets_del = request.REQUEST.getlist('selected')
username = request.POST.get('username') username = request.POST.get('username')
@ -479,7 +518,11 @@ def showPerm(request):
@admin_required @admin_required
def addPerm(request): def addPerm(request):
"""增加授权""" """增加授权"""
if is_super_user(request):
users = User.objects.all() users = User.objects.all()
else:
users = group_member(request.session.get('username'))
have_assets = [] have_assets = []
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username') username = request.POST.get('username')
@ -490,6 +533,7 @@ def addPerm(request):
asset_user = AssetsUser(uid=user, aid=asset) asset_user = AssetsUser(uid=user, aid=asset)
asset_user.save() asset_user.save()
return HttpResponseRedirect('/addPerm/?username=%s' % username) return HttpResponseRedirect('/addPerm/?username=%s' % username)
elif request.method == 'GET': elif request.method == 'GET':
if request.GET.get('username'): if request.GET.get('username'):
username = request.GET.get('username') username = request.GET.get('username')
@ -497,11 +541,13 @@ def addPerm(request):
assets_user = AssetsUser.objects.filter(uid=user.id) assets_user = AssetsUser.objects.filter(uid=user.id)
for asset_user in assets_user: for asset_user in assets_user:
have_assets.append(asset_user.aid) have_assets.append(asset_user.aid)
all_assets = Assets.objects.all() all_assets = Assets.objects.all()
other_assets = list(set(all_assets) - set(have_assets)) other_assets = list(set(all_assets) - set(have_assets))
return render_to_response('addUserPerm.html', return render_to_response('addUserPerm.html',
{'user': user, 'assets': other_assets, 'perm_menu': 'active'}, {'user': user, 'assets': other_assets, 'perm_menu': 'active'},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
return render_to_response('addPerm.html', return render_to_response('addPerm.html',
{'users': users, 'perm_menu': 'active'}, {'users': users, 'perm_menu': 'active'},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
@ -517,19 +563,17 @@ def chgPass(request):
oldpass = request.POST.get('oldpass') oldpass = request.POST.get('oldpass')
password = request.POST.get('password') password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm') password_confirm = request.POST.get('password_confirm')
user = User.objects.get(username)
if '' in [oldpass, password, password_confirm]: if '' in [oldpass, password, password_confirm]:
error = '带*内容不能为空' error = '带*内容不能为空'
elif not pam.authenticate(username, oldpass): elif md5_crypt(oldpass) != user.password:
error = '密码不正确' error = '密码不正确'
elif password != password_confirm: elif password != password_confirm:
error = '两次密码不匹配' error = '两次密码不匹配'
if not error: if not error:
ret = subprocess.call('%s %s %s' % (chgpass_shell, username, password), shell=True) user.password = password
if ret: user.save()
error = '密码修改失败'
else:
msg = '修改密码成功'
return render_to_response('chgPass.html', {'msg': msg, 'error': error, 'pass_menu': 'active'}, return render_to_response('chgPass.html', {'msg': msg, 'error': error, 'pass_menu': 'active'},
context_instance=RequestContext(request)) context_instance=RequestContext(request))

6
webroot/AutoSa/templates/addAssets.html
View File

@ -25,6 +25,12 @@
<input type="text" class="form-control" id="port" name="port" placeholder="Port"> <input type="text" class="form-control" id="port" name="port" placeholder="Port">
</div> </div>
</div> </div>
<div class="form-group">
<label for="idc" class="col-sm-2 control-label">IDC<span style="color: red"> *</span></label>
<div class="col-sm-4">
<input type="text" class="form-control" id="idc" name="idc" placeholder="IDC">
</div>
</div>
<div class="form-group"> <div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注<span style="color: red"></span></label> <label for="comment" class="col-sm-2 control-label">备注<span style="color: red"></span></label>
<div class="col-sm-4"> <div class="col-sm-4">