From ef41ba3117aeaf8de59ba5977d9b824e99f7e74c Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Fri, 25 Oct 2019 17:09:22 +0800 Subject: [PATCH 1/7] =?UTF-8?q?[Update]=20LDAP=20=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=85=8D=E7=BD=AE=E9=A1=B9=20OPT=5FREFERRALS?= =?UTF-8?q?=EF=BC=88=E8=A7=A3=E5=86=B3=E9=97=AE=E9=A2=98:=20In=20order=20t?= =?UTF-8?q?o=20perform=20this=20operation=20a=20successful=20bind=20must?= =?UTF-8?q?=20be=20completed=20on=20the=20connection)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/conf.py | 1 + apps/jumpserver/settings.py | 1 + config_example.yml | 4 ++++ 3 files changed, 6 insertions(+) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 29dfeabbe..58ca170c6 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -380,6 +380,7 @@ defaults = { 'AUTH_LDAP_SYNC_INTERVAL': None, 'AUTH_LDAP_SYNC_CRONTAB': None, 'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False, + 'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1, 'HTTP_BIND_HOST': '0.0.0.0', 'HTTP_LISTEN_PORT': 8080, 'WS_LISTEN_PORT': 8070, diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index 6088358f1..f6b81e877 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -440,6 +440,7 @@ AUTH_LDAP_START_TLS = False AUTH_LDAP_USER_ATTR_MAP = {"username": "cn", "name": "sn", "email": "mail"} AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, + ldap.OPT_REFERRALS: CONFIG.AUTH_LDAP_OPTIONS_OPT_REFERRALS } LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem") if os.path.isfile(LDAP_CERT_FILE): diff --git a/config_example.yml b/config_example.yml index 786de3257..4cfcdafed 100644 --- a/config_example.yml +++ b/config_example.yml @@ -83,6 +83,10 @@ REDIS_PORT: 6379 # # LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证 # AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False +# +# LDAP 认证时如果出现以下信息将参数设置为 0 (详情参见:https://www.python-ldap.org/en/latest/faq.html) +# In order to perform this operation a successful bind must be completed on the connection +# AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1 # OTP settings From 98a8ef1526dd0d2cf7593524a9dea132775a15b4 Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Fri, 25 Oct 2019 17:46:22 +0800 Subject: [PATCH 2/7] =?UTF-8?q?[Update]=20=E4=BC=98=E5=8C=96=20config=5Fex?= =?UTF-8?q?ample.py=20=E4=B8=AD=20AUTH=5FLDAP=20=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E9=A1=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config_example.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/config_example.yml b/config_example.yml index 4cfcdafed..4b01fd10f 100644 --- a/config_example.yml +++ b/config_example.yml @@ -73,10 +73,13 @@ REDIS_PORT: 6379 # RADIUS_SECRET: # LDAP/AD settings +# LDAP 搜索分页数量 +# AUTH_LDAP_SEARCH_PAGED_SIZE: 1000 +# # 定时同步用户 -# 启用/禁用 +# 启用 / 禁用 # AUTH_LDAP_SYNC_IS_PERIODIC: True -# 单位: 时 +# 同步间隔 (单位: 时) (优先) # AUTH_LDAP_SYNC_INTERVAL: 12 # Crontab 表达式 # AUTH_LDAP_SYNC_CRONTAB: * 6 * * * @@ -84,7 +87,7 @@ REDIS_PORT: 6379 # LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证 # AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False # -# LDAP 认证时如果出现以下信息将参数设置为 0 (详情参见:https://www.python-ldap.org/en/latest/faq.html) +# LDAP 认证时如果日志中出现以下信息将参数设置为 0 (详情参见:https://www.python-ldap.org/en/latest/faq.html) # In order to perform this operation a successful bind must be completed on the connection # AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1 From 82c4705350cca3d025e5735f7bf37698a3046245 Mon Sep 17 00:00:00 2001 From: jym503558564 <503558564@qq.com> Date: Mon, 28 Oct 2019 17:21:28 +0800 Subject: [PATCH 3/7] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9api=5Fkey=5Fta?= =?UTF-8?q?ble=E6=98=BE=E7=A4=BA=E4=B8=8D=E5=8F=8B=E5=A5=BD=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/authentication/_access_key_modal.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/authentication/templates/authentication/_access_key_modal.html b/apps/authentication/templates/authentication/_access_key_modal.html index 5686c212d..ac5b26d54 100644 --- a/apps/authentication/templates/authentication/_access_key_modal.html +++ b/apps/authentication/templates/authentication/_access_key_modal.html @@ -21,7 +21,7 @@
- +
From ff62968bf6efde1a084641b114fe226825ffe8ff Mon Sep 17 00:00:00 2001 From: BaiJiangjie Date: Tue, 29 Oct 2019 12:27:05 +0800 Subject: [PATCH 4/7] =?UTF-8?q?[Update]=20=E7=99=BB=E5=BD=95=E6=97=A5?= =?UTF-8?q?=E5=BF=97=E5=AF=BC=E5=87=BA=E6=8C=89=E7=85=A7=E7=BB=84=E7=BB=87?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E8=BF=87=E6=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/audits/models.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/audits/models.py b/apps/audits/models.py index 31471edbe..5b53d1c85 100644 --- a/apps/audits/models.py +++ b/apps/audits/models.py @@ -6,6 +6,7 @@ from django.utils.translation import ugettext_lazy as _ from django.utils import timezone from orgs.mixins.models import OrgModelMixin +from orgs.utils import current_org __all__ = [ 'FTPLog', 'OperateLog', 'PasswordChangeLog', 'UserLoginLog', @@ -104,6 +105,9 @@ class UserLoginLog(models.Model): Q(city__contains=keyword) | Q(username__contains=keyword) ) + if not current_org.is_root(): + username_list = current_org.get_org_members().values_list('username', flat=True) + login_logs = login_logs.filter(username__in=username_list) return login_logs class Meta: From db5ff0f9229aa8b755fff51fd125eba8a84268a9 Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Tue, 29 Oct 2019 16:37:25 +0800 Subject: [PATCH 5/7] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E7=94=A8?= =?UTF-8?q?=E6=88=B7=20LDAP/AD=20Source=20=E6=97=B6=E6=8E=92=E9=99=A4=20ad?= =?UTF-8?q?min=20=E7=94=A8=E6=88=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/signals_handlers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signals_handlers.py index 7033cf777..c0b48c61d 100644 --- a/apps/authentication/signals_handlers.py +++ b/apps/authentication/signals_handlers.py @@ -47,7 +47,7 @@ def on_openid_login_success(sender, user=None, request=None, **kwargs): @receiver(populate_user) def on_ldap_create_user(sender, user, ldap_user, **kwargs): - if user and user.name != 'admin': + if user and user.username != 'admin': user.source = user.SOURCE_LDAP user.save() From c7ecfd794305284bb2c3c277e7c6737c061e34d6 Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Tue, 29 Oct 2019 17:58:58 +0800 Subject: [PATCH 6/7] =?UTF-8?q?[Bugfix]=20=E4=BF=AE=E5=A4=8D=E5=BD=93?= =?UTF-8?q?=E7=BB=88=E7=AB=AF=E8=AE=BE=E7=BD=AE=E5=8C=85=E5=90=AB=E5=A4=9A?= =?UTF-8?q?=E4=B8=AA=E5=91=BD=E4=BB=A4=E5=AD=98=E5=82=A8=E6=97=B6=EF=BC=8C?= =?UTF-8?q?=E8=AE=BF=E9=97=AE=20/docs/=20=E9=A1=B5=E9=9D=A2=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api/user_remote_app_permission.py | 2 ++ apps/terminal/api/command.py | 3 +++ 2 files changed, 5 insertions(+) diff --git a/apps/perms/api/user_remote_app_permission.py b/apps/perms/api/user_remote_app_permission.py index 868c92015..51a9217ce 100644 --- a/apps/perms/api/user_remote_app_permission.py +++ b/apps/perms/api/user_remote_app_permission.py @@ -53,6 +53,8 @@ class UserGrantedRemoteAppsAsTreeApi(UserGrantedRemoteAppsApi): permission_classes = (IsOrgAdminOrAppUser,) def get_serializer(self, remote_apps=None, *args, **kwargs): + if remote_apps is None: + remote_apps = [] only_remote_app = self.request.query_params.get('only', '0') == '1' tree_root = None data = [] diff --git a/apps/terminal/api/command.py b/apps/terminal/api/command.py index c18de010f..1dfd0ad3b 100644 --- a/apps/terminal/api/command.py +++ b/apps/terminal/api/command.py @@ -29,6 +29,9 @@ class CommandQueryMixin: default_days_ago = 5 def get_queryset(self): + # 解决访问 /docs/ 问题 + if hasattr(self, 'swagger_fake_view'): + return self.command_store.model.objects.none() date_from, date_to = self.get_date_range() q = self.request.query_params multi_command_storage = get_multi_command_storage() From 87247da0ec768a688adee96a1bef3b2eb2068cd2 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 30 Oct 2019 13:23:06 +0800 Subject: [PATCH 7/7] =?UTF-8?q?[Bugfix]=20=E4=BF=AE=E5=A4=8D=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E6=95=B0=E9=87=8F=E6=98=AF=E6=8A=A5=E9=94=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/assets/utils.py b/apps/assets/utils.py index 0f80adec6..e0b316ad7 100644 --- a/apps/assets/utils.py +++ b/apps/assets/utils.py @@ -136,7 +136,10 @@ class TreeService(Tree): if assets: return assets assets = set(self.assets(nid)) - children = self.children(nid) + try: + children = self.children(nid) + except NodeIDAbsentError: + children = [] for child in children: assets.update(self.all_assets(child.identifier)) self.all_nodes_assets_map[nid] = assets