From 14da0f18ab50101ad98096cf0543b54969f5039e Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 13 Jan 2015 22:14:50 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=94=A8=E6=88=B7=E5=AE=8C?= =?UTF-8?q?=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jumpserver.conf | 1 + juser/views.py | 84 ++++++++++++++++++++++++++++++++++--------------- 2 files changed, 60 insertions(+), 25 deletions(-) diff --git a/jumpserver.conf b/jumpserver.conf index f54c84c15..3a7d59784 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -8,6 +8,7 @@ password = mysql234 database = jumpserver [ldap] +ldap_enable = 1 host_url = ldap://127.0.0.1:389 base_dn = dc=jumpserver,dc=org root_dn = cn=admin,dc=jumpserver,dc=org diff --git a/juser/views.py b/juser/views.py index 7b2252669..a82c2cb6e 100644 --- a/juser/views.py +++ b/juser/views.py @@ -13,6 +13,7 @@ from Crypto.PublicKey import RSA import crypt from django.shortcuts import render_to_response +from django.core.exceptions import ObjectDoesNotExist from juser.models import UserGroup, User from connect import PyCrypt, KEY @@ -20,11 +21,13 @@ from connect import BASE_DIR from connect import CONF -cryptor = PyCrypt(KEY) -ldap_host_url = CONF.get('ldap', 'host_url') -ldap_base_dn = CONF.get('ldap', 'base_dn') -ldap_root_dn = CONF.get('ldap', 'root_dn') -ldap_root_pwd = CONF.get('ldap', 'root_pw') +CRYPTOR = PyCrypt(KEY) +LDAP_ENABLE = CONF.get('ldap', 'ldap_enable') +if LDAP_ENABLE: + LDAP_HOST_URL = CONF.get('ldap', 'host_url') + LDAP_BASE_DN = CONF.get('ldap', 'base_dn') + LDAP_ROOT_DN = CONF.get('ldap', 'root_dn') + LDAP_ROOT_PW = CONF.get('ldap', 'root_pw') def md5_crypt(string): @@ -58,10 +61,10 @@ class AddError(Exception): class LDAPMgmt(): def __init__(self, - host_url=ldap_host_url, - base_dn=ldap_base_dn, - root_cn=ldap_root_dn, - root_pw=ldap_root_pwd): + host_url=LDAP_HOST_URL, + base_dn=LDAP_BASE_DN, + root_cn=LDAP_ROOT_DN, + root_pw=LDAP_ROOT_PW): self.ldap_host = host_url self.ldap_base_dn = base_dn self.conn = ldap.initialize(host_url) @@ -163,6 +166,14 @@ def db_add_user(**kwargs): user.user_group = group_select +def db_del_user(username): + try: + user = User.objects.get(username=username) + user.delete() + except ObjectDoesNotExist: + pass + + def gen_ssh_key(username, password=None, length=2048): private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/') private_key_file = os.path.join(private_key_dir, username) @@ -188,8 +199,12 @@ def server_add_user(username, password, ssh_key_pwd1): gen_ssh_key(username, ssh_key_pwd1) +def server_del_user(username): + bash('userdel -r %s' % username) + + def ldap_add_user(username, ldap_pwd): - user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn) + user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd) user = User.objects.get(username=username) @@ -206,13 +221,13 @@ def ldap_add_user(username, ldap_pwd): 'gidNumber': [str(user.id)], 'homeDirectory': [str('/home/%s' % username)]} - group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn) + group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN) group_attr = {'objectClass': ['posixGroup', 'top'], 'cn': [str(username)], 'userPassword': ['{crypt}x'], 'gidNumber': [str(user.id)]} - sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn) + sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN) sudo_attr = {'objectClass': ['top', 'sudoRole'], 'cn': ['%s' % str(username)], 'sudoCommand': ['/bin/pwd'], @@ -228,9 +243,15 @@ def ldap_add_user(username, ldap_pwd): ldap_conn.add(sudo_dn, sudo_attr) -def db_del_user(username): - user = User.objects.get(username=username) - user.delete() +def ldap_del_user(username): + user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) + group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN) + sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN) + + ldap_conn = LDAPMgmt() + ldap_conn.delete(user_dn) + ldap_conn.delete(group_dn) + ldap_conn.delete(sudo_dn) def user_add(request): @@ -265,16 +286,29 @@ def user_add(request): pass else: time_now = time.time() - db_add_user(username=username, - password=md5_crypt(password), - name=name, email=email, - groups=groups, role=role_post, - ssh_pwd=cryptor.encrypt(ssh_pwd), - ssh_key_pwd1=cryptor.encrypt(ssh_key_pwd1), - ldap_pwd=cryptor.encrypt(ldap_pwd), - is_active=is_active, - date_joined=time_now) - msg = u'添加用户成功' + try: + db_add_user(username=username, + password=md5_crypt(password), + name=name, email=email, + groups=groups, role=role_post, + ssh_pwd=CRYPTOR.encrypt(ssh_pwd), + ssh_key_pwd1=CRYPTOR.encrypt(ssh_key_pwd1), + ldap_pwd=CRYPTOR.encrypt(ldap_pwd), + is_active=is_active, + date_joined=time_now) + + server_add_user(username, password, ssh_key_pwd1) + if LDAP_ENABLE: + ldap_add_user(username, ldap_pwd) + msg = '添加用户%s成功!' + + except Exception, e: + error = '添加用户%s失败 %s' % e + db_del_user(username) + server_del_user(username) + if LDAP_ENABLE: + ldap_del_user(username) + return render_to_response('juser/user_add.html', locals())