|
|
|
|
@ -13,6 +13,7 @@ from Crypto.PublicKey import RSA
|
|
|
|
|
import crypt |
|
|
|
|
|
|
|
|
|
from django.shortcuts import render_to_response |
|
|
|
|
from django.core.exceptions import ObjectDoesNotExist |
|
|
|
|
|
|
|
|
|
from juser.models import UserGroup, User |
|
|
|
|
from connect import PyCrypt, KEY |
|
|
|
|
@ -20,11 +21,13 @@ from connect import BASE_DIR
|
|
|
|
|
from connect import CONF |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cryptor = PyCrypt(KEY) |
|
|
|
|
ldap_host_url = CONF.get('ldap', 'host_url') |
|
|
|
|
ldap_base_dn = CONF.get('ldap', 'base_dn') |
|
|
|
|
ldap_root_dn = CONF.get('ldap', 'root_dn') |
|
|
|
|
ldap_root_pwd = CONF.get('ldap', 'root_pw') |
|
|
|
|
CRYPTOR = PyCrypt(KEY) |
|
|
|
|
LDAP_ENABLE = CONF.get('ldap', 'ldap_enable') |
|
|
|
|
if LDAP_ENABLE: |
|
|
|
|
LDAP_HOST_URL = CONF.get('ldap', 'host_url') |
|
|
|
|
LDAP_BASE_DN = CONF.get('ldap', 'base_dn') |
|
|
|
|
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn') |
|
|
|
|
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def md5_crypt(string): |
|
|
|
|
@ -58,10 +61,10 @@ class AddError(Exception):
|
|
|
|
|
|
|
|
|
|
class LDAPMgmt(): |
|
|
|
|
def __init__(self, |
|
|
|
|
host_url=ldap_host_url, |
|
|
|
|
base_dn=ldap_base_dn, |
|
|
|
|
root_cn=ldap_root_dn, |
|
|
|
|
root_pw=ldap_root_pwd): |
|
|
|
|
host_url=LDAP_HOST_URL, |
|
|
|
|
base_dn=LDAP_BASE_DN, |
|
|
|
|
root_cn=LDAP_ROOT_DN, |
|
|
|
|
root_pw=LDAP_ROOT_PW): |
|
|
|
|
self.ldap_host = host_url |
|
|
|
|
self.ldap_base_dn = base_dn |
|
|
|
|
self.conn = ldap.initialize(host_url) |
|
|
|
|
@ -163,6 +166,14 @@ def db_add_user(**kwargs):
|
|
|
|
|
user.user_group = group_select |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def db_del_user(username): |
|
|
|
|
try: |
|
|
|
|
user = User.objects.get(username=username) |
|
|
|
|
user.delete() |
|
|
|
|
except ObjectDoesNotExist: |
|
|
|
|
pass |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def gen_ssh_key(username, password=None, length=2048): |
|
|
|
|
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/') |
|
|
|
|
private_key_file = os.path.join(private_key_dir, username) |
|
|
|
|
@ -188,8 +199,12 @@ def server_add_user(username, password, ssh_key_pwd1):
|
|
|
|
|
gen_ssh_key(username, ssh_key_pwd1) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def server_del_user(username): |
|
|
|
|
bash('userdel -r %s' % username) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def ldap_add_user(username, ldap_pwd): |
|
|
|
|
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn) |
|
|
|
|
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) |
|
|
|
|
password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd) |
|
|
|
|
user = User.objects.get(username=username) |
|
|
|
|
|
|
|
|
|
@ -206,13 +221,13 @@ def ldap_add_user(username, ldap_pwd):
|
|
|
|
|
'gidNumber': [str(user.id)], |
|
|
|
|
'homeDirectory': [str('/home/%s' % username)]} |
|
|
|
|
|
|
|
|
|
group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn) |
|
|
|
|
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN) |
|
|
|
|
group_attr = {'objectClass': ['posixGroup', 'top'], |
|
|
|
|
'cn': [str(username)], |
|
|
|
|
'userPassword': ['{crypt}x'], |
|
|
|
|
'gidNumber': [str(user.id)]} |
|
|
|
|
|
|
|
|
|
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn) |
|
|
|
|
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN) |
|
|
|
|
sudo_attr = {'objectClass': ['top', 'sudoRole'], |
|
|
|
|
'cn': ['%s' % str(username)], |
|
|
|
|
'sudoCommand': ['/bin/pwd'], |
|
|
|
|
@ -228,9 +243,15 @@ def ldap_add_user(username, ldap_pwd):
|
|
|
|
|
ldap_conn.add(sudo_dn, sudo_attr) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def db_del_user(username): |
|
|
|
|
user = User.objects.get(username=username) |
|
|
|
|
user.delete() |
|
|
|
|
def ldap_del_user(username): |
|
|
|
|
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) |
|
|
|
|
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN) |
|
|
|
|
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN) |
|
|
|
|
|
|
|
|
|
ldap_conn = LDAPMgmt() |
|
|
|
|
ldap_conn.delete(user_dn) |
|
|
|
|
ldap_conn.delete(group_dn) |
|
|
|
|
ldap_conn.delete(sudo_dn) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def user_add(request): |
|
|
|
|
@ -265,16 +286,29 @@ def user_add(request):
|
|
|
|
|
pass |
|
|
|
|
else: |
|
|
|
|
time_now = time.time() |
|
|
|
|
db_add_user(username=username, |
|
|
|
|
password=md5_crypt(password), |
|
|
|
|
name=name, email=email, |
|
|
|
|
groups=groups, role=role_post, |
|
|
|
|
ssh_pwd=cryptor.encrypt(ssh_pwd), |
|
|
|
|
ssh_key_pwd1=cryptor.encrypt(ssh_key_pwd1), |
|
|
|
|
ldap_pwd=cryptor.encrypt(ldap_pwd), |
|
|
|
|
is_active=is_active, |
|
|
|
|
date_joined=time_now) |
|
|
|
|
msg = u'添加用户成功' |
|
|
|
|
try: |
|
|
|
|
db_add_user(username=username, |
|
|
|
|
password=md5_crypt(password), |
|
|
|
|
name=name, email=email, |
|
|
|
|
groups=groups, role=role_post, |
|
|
|
|
ssh_pwd=CRYPTOR.encrypt(ssh_pwd), |
|
|
|
|
ssh_key_pwd1=CRYPTOR.encrypt(ssh_key_pwd1), |
|
|
|
|
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), |
|
|
|
|
is_active=is_active, |
|
|
|
|
date_joined=time_now) |
|
|
|
|
|
|
|
|
|
server_add_user(username, password, ssh_key_pwd1) |
|
|
|
|
if LDAP_ENABLE: |
|
|
|
|
ldap_add_user(username, ldap_pwd) |
|
|
|
|
msg = '添加用户%s成功!' |
|
|
|
|
|
|
|
|
|
except Exception, e: |
|
|
|
|
error = '添加用户%s失败 %s' % e |
|
|
|
|
db_del_user(username) |
|
|
|
|
server_del_user(username) |
|
|
|
|
if LDAP_ENABLE: |
|
|
|
|
ldap_del_user(username) |
|
|
|
|
|
|
|
|
|
return render_to_response('juser/user_add.html', locals()) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ibuler
10 years ago