From 0832ea97b1fae99c0ce7b2006d11963eab6126a5 Mon Sep 17 00:00:00 2001
From: yumaojun <719118794@qq.com>
Date: Sun, 3 Jan 2016 21:11:55 +0800
Subject: [PATCH 01/43] =?UTF-8?q?=E5=8E=BB=E9=99=A4sudo=20=E6=B7=BB?=
=?UTF-8?q?=E5=8A=A0=E5=92=8C=E4=BF=AE=E6=94=B9=E6=98=AF=20=E7=A9=BA?=
=?UTF-8?q?=E6=A0=BC=E4=BC=9A=E8=A2=AB=E8=AF=86=E5=88=AB=E4=B8=BA=20?=
=?UTF-8?q?=E5=88=86=E9=9A=94=E7=AC=A6=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
jperm/views.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jperm/views.py b/jperm/views.py
index 33dce420b..bc56f6d3b 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -584,7 +584,7 @@ def perm_sudo_add(request):
comment = request.POST.get("sudo_comment").strip()
commands = request.POST.get("sudo_commands").strip()
- pattern = re.compile(r'[ \n,\r]')
+ pattern = re.compile(r'[\n,\r]')
commands = ', '.join(list_drop_str(pattern.split(commands), u''))
logger.debug(u'添加sudo %s: %s' % (name, commands))
@@ -617,7 +617,7 @@ def perm_sudo_edit(request):
commands = request.POST.get("sudo_commands")
comment = request.POST.get("sudo_comment")
- pattern = re.compile(r'[ \n,\r]')
+ pattern = re.compile(r'[\n,\r]')
commands = ', '.join(list_drop_str(pattern.split(commands), u'')).strip()
logger.debug(u'添加sudo %s: %s' % (name, commands))
From c6626e83f292de90c9de875ecb52be0ffb8e892a Mon Sep 17 00:00:00 2001
From: yumaojun <719118794@qq.com>
Date: Mon, 4 Jan 2016 11:43:17 +0800
Subject: [PATCH 02/43] =?UTF-8?q?=E7=A6=81=E6=AD=A2=E6=B7=BB=E5=8A=A0root?=
=?UTF-8?q?=E7=94=A8=E6=88=B7=E4=BD=9C=E4=B8=BA=E7=B3=BB=E7=BB=9F=E7=94=A8?=
=?UTF-8?q?=E6=88=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
jperm/views.py | 8 +++++++-
templates/jperm/perm_role_add.html | 14 ++++----------
templates/jperm/perm_role_edit.html | 15 ++++++++++++---
3 files changed, 23 insertions(+), 14 deletions(-)
diff --git a/jperm/views.py b/jperm/views.py
index bc56f6d3b..63bedd689 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -277,7 +277,7 @@ def perm_role_add(request):
if request.method == "POST":
# 获取参数: name, comment
- name = request.POST.get("role_name", "")
+ name = request.POST.get("role_name", "").strip()
comment = request.POST.get("role_comment", "")
password = request.POST.get("role_password", "")
key_content = request.POST.get("role_key", "")
@@ -286,6 +286,8 @@ def perm_role_add(request):
try:
if get_object(PermRole, name=name):
raise ServerError(u'已经存在该用户 %s' % name)
+ if name == "root":
+ raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
default = get_object(Setting, name='default')
if password:
@@ -423,6 +425,9 @@ def perm_role_edit(request):
if not role:
raise ServerError('该系统用户不能存在')
+ if role_name == "root":
+ raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
+
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
role.password = encrypt_pass
@@ -473,6 +478,7 @@ def perm_role_push(request):
for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj))
+
push_resource = gen_resource(calc_assets)
# 调用Ansible API 进行推送
diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html
index 70ad918d8..381e4da86 100644
--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -93,15 +93,14 @@ $('#roleForm').validator({
theme: "yellow_right_effect",
rules: {
check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+ check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户,这样非常危险!'],
check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误,请检查'],
-{# either: function(){#}
-{# return $('#role_password').val() == ''#}
-{# }#}
+
},
fields: {
"role_name": {
- rule: "required;check_name",
+ rule: "required;check_name;check_name_root",
tip: "输入系统用户名称",
ok: "",
msg: {required: "系统用户名称必填"}
@@ -111,12 +110,7 @@ $('#roleForm').validator({
ok: "",
empty: true
},
-{# "role_key": {#}
-{# rule: "required(either)",#}
-{# tip: "输入密钥",#}
-{# ok: "",#}
-{# msg: {required: "密码和密钥必填一个!"}#}
-{# }#}
+
},
valid: function(form) {
form.submit();
diff --git a/templates/jperm/perm_role_edit.html b/templates/jperm/perm_role_edit.html
index 33ab47e0e..c216517e3 100644
--- a/templates/jperm/perm_role_edit.html
+++ b/templates/jperm/perm_role_edit.html
@@ -94,16 +94,25 @@ $('#roleForm').validator({
timely: 2,
theme: "yellow_right_effect",
rules: {
- check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位']
+ check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+ check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户,这样非常危险!'],
+ check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误,请检查'],
+
},
fields: {
"role_name": {
- rule: "required;check_name",
+ rule: "required;check_name;check_name_root",
tip: "输入系统用户名称",
ok: "",
msg: {required: "系统用户名称必填"}
- }
+ },
+ "role_key": {
+ rule: "check_begin",
+ ok: "",
+ empty: true
+ },
+
},
valid: function(form) {
form.submit();
From 34e8b32180d5dca77706321006f1d2114e71cdf3 Mon Sep 17 00:00:00 2001
From: yumaojun <719118794@qq.com>
Date: Mon, 4 Jan 2016 11:47:50 +0800
Subject: [PATCH 03/43] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=B3=BB=E7=BB=9F?=
=?UTF-8?q?=E7=94=A8=E6=88=B7=E5=88=A0=E9=99=A4=20=E6=8F=90=E9=86=92?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
templates/jperm/perm_role_list.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/jperm/perm_role_list.html b/templates/jperm/perm_role_list.html
index aafa94053..3e998de5a 100644
--- a/templates/jperm/perm_role_list.html
+++ b/templates/jperm/perm_role_list.html
@@ -84,7 +84,7 @@
From 73522dc4c1e83d3a14204879e8fc6af7eb438afb Mon Sep 17 00:00:00 2001
From: LI Yong
Date: Thu, 7 Jan 2016 14:09:11 +0800
Subject: [PATCH 11/43] Ubuntu's passwd command doesn't support --stdin option,
use chpasswd which is also available in CentOS
---
juser/user_api.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/juser/user_api.py b/juser/user_api.py
index 2c16c3dc7..d61ed7d95 100644
--- a/juser/user_api.py
+++ b/juser/user_api.py
@@ -151,8 +151,8 @@ def server_add_user(username, password, ssh_key_pwd='', ssh_key_login_need=True)
add a system user in jumpserver
在jumpserver服务器上添加一个用户
"""
- bash("useradd -s %s/connect.py '%s'; echo '%s'; echo '%s' | passwd --stdin '%s'" %
- (BASE_DIR, username, password, password, username))
+ bash("useradd -s %s/connect.py '%s'; echo '%s'; echo '%s:%s' | chpasswd " %
+ (BASE_DIR, username, password, username, password))
if ssh_key_login_need:
gen_ssh_key(username, ssh_key_pwd)
From f6a228008b8a3fad9d58e7fe188e3bae7c59cbac Mon Sep 17 00:00:00 2001
From: yumaojun <719118794@qq.com>
Date: Thu, 7 Jan 2016 15:15:44 +0800
Subject: [PATCH 12/43] =?UTF-8?q?=E5=9B=9E=E6=94=B6sudo=E7=94=A8=E6=88=B7?=
=?UTF-8?q?=EF=BC=8C=20=E6=B7=BB=E5=8A=A0sudo=E5=88=AB=E5=90=8D=E6=B7=BB?=
=?UTF-8?q?=E5=8A=A0=E8=A7=84=E5=88=99=E6=A3=80=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
jperm/ansible_api.py | 10 ++++++++++
jperm/views.py | 6 ++++--
templates/jperm/perm_sudo_edit.html | 21 +++++++++++++++++++++
3 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py
index 0ceea61d5..a71d36a63 100644
--- a/jperm/ansible_api.py
+++ b/jperm/ansible_api.py
@@ -364,6 +364,16 @@ class MyTask(MyRunner):
self.run("user", module_args, become=True)
return self.results
+ def del_user_sudo(self, username):
+ """
+ delete a role sudo item
+ :param username:
+ :return:
+ """
+ module_args = "sed -i 's/^%s.*//' /etc/sudoers" % username
+ self.run("command", module_args, become=True)
+ return self.results
+
@staticmethod
def gen_sudo_script(role_list, sudo_list):
# receive role_list = [role1, role2] sudo_list = [sudo1, sudo2]
diff --git a/jperm/views.py b/jperm/views.py
index 0e45319f4..26d6c4468 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -358,11 +358,13 @@ def perm_role_delete(request):
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
- msg = task.del_user(get_object(PermRole, id=role_id).name)
+ msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
+ msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
except Exception, e:
logger.warning(u"Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
- logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg))
+ logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg_del_user))
+ logger.info(u"delete role %s - execute delete sudo: %s" % (role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除存储的秘钥,以及目录
try:
diff --git a/templates/jperm/perm_sudo_edit.html b/templates/jperm/perm_sudo_edit.html
index b90fb151d..248289a40 100644
--- a/templates/jperm/perm_sudo_edit.html
+++ b/templates/jperm/perm_sudo_edit.html
@@ -112,7 +112,28 @@ var config = {
for (var selector in config) {
$(selector).chosen(config[selector]);
}
+$('#sudoForm').validator({
+ timely: 2,
+ theme: "yellow_right_effect",
+ rules: {
+ check_name: [/^\w{2,20}$/, '大写字母,2-20位']
+ },
+ fields: {
+ "sudo_name": {
+ rule: "required;check_name"
+ },
+ "sudo_runas": {
+ rule: "required;check_name"
+ },
+ "sudo_commands": {
+ rule: "required"
+ }
+ },
+ valid: function(form) {
+ form.submit();
+ }
+});
From beeb2442ad1acddfaf095aacfa98c6d855cf5c73 Mon Sep 17 00:00:00 2001
From: yumaojun <719118794@qq.com>
Date: Thu, 7 Jan 2016 15:21:39 +0800
Subject: [PATCH 13/43] =?UTF-8?q?=E5=9B=9E=E6=94=B6sudo=E7=94=A8=E6=88=B7?=
=?UTF-8?q?=EF=BC=8C=20=E6=B7=BB=E5=8A=A0sudo=E5=88=AB=E5=90=8D=E6=B7=BB?=
=?UTF-8?q?=E5=8A=A0=E8=A7=84=E5=88=99=E6=A3=80=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
jperm/views.py | 64 ++++++++++++++++++++++++++++----------------------
1 file changed, 36 insertions(+), 28 deletions(-)
diff --git a/jperm/views.py b/jperm/views.py
index 26d6c4468..5e7707394 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -608,25 +608,28 @@ def perm_sudo_add(request):
"""
# 渲染数据
header_title, path1, path2 = "Sudo命令", "别名管理", "添加别名"
+ try:
+ if request.method == "POST":
+ # 获取参数: name, comment
+ name = request.POST.get("sudo_name").strip().upper()
+ comment = request.POST.get("sudo_comment").strip()
+ commands = request.POST.get("sudo_commands").strip()
- if request.method == "POST":
- # 获取参数: name, comment
- name = request.POST.get("sudo_name").strip().upper()
- comment = request.POST.get("sudo_comment").strip()
- commands = request.POST.get("sudo_commands").strip()
+ if not name or not commands:
+ raise ServerError(u"sudo name 和 commands是必填项!")
- pattern = re.compile(r'[\n,\r]')
- commands = ', '.join(list_drop_str(pattern.split(commands), u''))
- logger.debug(u'添加sudo %s: %s' % (name, commands))
-
- if get_object(PermSudo, name=name):
- error = 'Sudo别名 %s已经存在' % name
- else:
- sudo = PermSudo(name=name.strip(), comment=comment, commands=commands)
- sudo.save()
- msg = u"添加Sudo命令别名: %s" % name
- # 渲染数据
+ pattern = re.compile(r'[\n,\r]')
+ commands = ', '.join(list_drop_str(pattern.split(commands), u''))
+ logger.debug(u'添加sudo %s: %s' % (name, commands))
+ if get_object(PermSudo, name=name):
+ error = 'Sudo别名 %s已经存在' % name
+ else:
+ sudo = PermSudo(name=name.strip(), comment=comment, commands=commands)
+ sudo.save()
+ msg = u"添加Sudo命令别名: %s" % name
+ except ServerError, e:
+ error = e
return my_render('jperm/perm_sudo_add.html', locals(), request)
@@ -643,22 +646,27 @@ def perm_sudo_edit(request):
sudo_id = request.GET.get("id")
sudo = PermSudo.objects.get(id=sudo_id)
- if request.method == "POST":
- name = request.POST.get("sudo_name").upper()
- commands = request.POST.get("sudo_commands")
- comment = request.POST.get("sudo_comment")
+ try:
+ if request.method == "POST":
+ name = request.POST.get("sudo_name").upper()
+ commands = request.POST.get("sudo_commands")
+ comment = request.POST.get("sudo_comment")
- pattern = re.compile(r'[\n,\r]')
- commands = ', '.join(list_drop_str(pattern.split(commands), u'')).strip()
- logger.debug(u'添加sudo %s: %s' % (name, commands))
+ if not name or not commands:
+ raise ServerError(u"sudo name 和 commands是必填项!")
- sudo.name = name.strip()
- sudo.commands = commands
- sudo.comment = comment
- sudo.save()
+ pattern = re.compile(r'[\n,\r]')
+ commands = ', '.join(list_drop_str(pattern.split(commands), u'')).strip()
+ logger.debug(u'添加sudo %s: %s' % (name, commands))
- msg = u"更新命令别名: %s" % name
+ sudo.name = name.strip()
+ sudo.commands = commands
+ sudo.comment = comment
+ sudo.save()
+ msg = u"更新命令别名: %s" % name
+ except ServerError, e:
+ error = e
return my_render('jperm/perm_sudo_edit.html', locals(), request)
From d9455e3f9becca5d95b2a05929c4abed08a4449d Mon Sep 17 00:00:00 2001
From: Tad Wang
Date: Thu, 7 Jan 2016 15:59:57 +0800
Subject: [PATCH 14/43] fix wss issue when using https #37
---
jumpserver/views.py | 4 ++--
templates/exec_cmd.html | 8 +++++++-
templates/jlog/web_terminal.html | 7 ++++++-
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/jumpserver/views.py b/jumpserver/views.py
index 766ae021f..afe5ddd38 100644
--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@@ -344,7 +344,7 @@ def download(request):
def exec_cmd(request):
role = request.GET.get('role')
check_assets = request.GET.get('check_assets', '')
- web_terminal_uri = 'ws://%s/exec?role=%s' % (WEB_SOCKET_HOST, role)
+ web_terminal_uri = '%s/exec?role=%s' % (WEB_SOCKET_HOST, role)
return my_render('exec_cmd.html', locals(), request)
@@ -356,7 +356,7 @@ def web_terminal(request):
if asset:
print asset
hostname = asset.hostname
- web_terminal_uri = 'ws://%s/terminal?id=%s&role=%s' % (WEB_SOCKET_HOST, asset_id, role_name)
+ web_terminal_uri = '%s/terminal?id=%s&role=%s' % (WEB_SOCKET_HOST, asset_id, role_name)
return render_to_response('jlog/web_terminal.html', locals())
diff --git a/templates/exec_cmd.html b/templates/exec_cmd.html
index 754105cee..d1eda2fcb 100644
--- a/templates/exec_cmd.html
+++ b/templates/exec_cmd.html
@@ -23,7 +23,13 @@
-{% endblock %}
\ No newline at end of file
+{% endblock %}
From ff5b339ce81125ed31ca1e08ad59d031abc236c4 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Sat, 9 Jan 2016 21:51:07 +0800
Subject: [PATCH 20/43] Update asset_cu_list.html
---
templates/jasset/asset_cu_list.html | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/templates/jasset/asset_cu_list.html b/templates/jasset/asset_cu_list.html
index 1d8e62346..7099a1d66 100644
--- a/templates/jasset/asset_cu_list.html
+++ b/templates/jasset/asset_cu_list.html
@@ -234,7 +234,7 @@
content: new_url+data
});
*/
- window.open(new_url+data, '', 'width=628px, height=420px');
+ window.open(new_url+data, '', 'width=628px, height=380px');
} else if (dataArray.length == 1 && data != 'error'){
/*
layer.open({
@@ -282,7 +282,7 @@
content: new_url
});
*/
- window.open(new_url+data, '', 'width=628px, height=420px');
+ window.open(new_url+data, '', 'width=628px, height=380px');
} else {
/*
@@ -363,4 +363,4 @@
});
-{% endblock %}
\ No newline at end of file
+{% endblock %}
From 9d7c30336eed20e19cf83fba77a990e15a207665 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Mon, 11 Jan 2016 18:12:30 +0800
Subject: [PATCH 21/43] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=AD=E6=96=87?=
=?UTF-8?q?=E5=AD=97=E7=AC=A6=E6=8A=A5=E9=94=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
install/next.py | 8 ++++----
install/zzjumpserver.sh | 11 +++++++++++
juser/user_api.py | 4 ++--
3 files changed, 17 insertions(+), 6 deletions(-)
create mode 100644 install/zzjumpserver.sh
diff --git a/install/next.py b/install/next.py
index a68eb66bc..62814ee67 100755
--- a/install/next.py
+++ b/install/next.py
@@ -81,9 +81,9 @@ class Setup(object):
os.system('id %s &> /dev/null || useradd %s' % (self.admin_user, self.admin_user))
@staticmethod
- def _ensure_sh():
- jshell = os.path.join(jms_dir, 'connect.py')
- os.chmod(jshell, 0755)
+ def _cp_zzsh():
+ os.chdir(os.path.join(jms_dir, 'install'))
+ shutil.copy('zzjumpserver.sh', '/etc/profile.d/')
@staticmethod
def _run_service():
@@ -97,7 +97,7 @@ class Setup(object):
self._sync_db()
self._input_admin()
self._create_admin()
- self._ensure_sh()
+ self._cp_zzsh()
self._run_service()
diff --git a/install/zzjumpserver.sh b/install/zzjumpserver.sh
new file mode 100644
index 000000000..11c7a3335
--- /dev/null
+++ b/install/zzjumpserver.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ "$USER" != "admin" ] || [ "$USER" != "root" ] || [ "$USER" != "" ];then
+ python /opt/jumpserver/connect.py
+ if [ $USER == 'guanghongwei' ];then
+ echo
+ else
+ exit 3
+ echo
+ fi
+fi
diff --git a/juser/user_api.py b/juser/user_api.py
index d61ed7d95..a6fc7648a 100644
--- a/juser/user_api.py
+++ b/juser/user_api.py
@@ -151,8 +151,8 @@ def server_add_user(username, password, ssh_key_pwd='', ssh_key_login_need=True)
add a system user in jumpserver
在jumpserver服务器上添加一个用户
"""
- bash("useradd -s %s/connect.py '%s'; echo '%s'; echo '%s:%s' | chpasswd " %
- (BASE_DIR, username, password, username, password))
+ bash("useradd '%s'; echo '%s'; echo '%s:%s' | chpasswd " %
+ (username, password, username, password))
if ssh_key_login_need:
gen_ssh_key(username, ssh_key_pwd)
From d3f9fc7a21233569ae955de54e09e162a280d8d1 Mon Sep 17 00:00:00 2001
From: wangyong <864072399@qq.com>
Date: Tue, 12 Jan 2016 22:17:02 +0800
Subject: [PATCH 22/43] disk length 128 to 1024
---
jasset/models.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jasset/models.py b/jasset/models.py
index 2851b7d56..82c5f54a6 100644
--- a/jasset/models.py
+++ b/jasset/models.py
@@ -75,7 +75,7 @@ class Asset(models.Model):
brand = models.CharField(max_length=64, blank=True, null=True, verbose_name=u'硬件厂商型号')
cpu = models.CharField(max_length=64, blank=True, null=True, verbose_name=u'CPU')
memory = models.CharField(max_length=128, blank=True, null=True, verbose_name=u'内存')
- disk = models.CharField(max_length=128, blank=True, null=True, verbose_name=u'硬盘')
+ disk = models.CharField(max_length=1024, blank=True, null=True, verbose_name=u'硬盘')
system_type = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"系统类型")
system_version = models.CharField(max_length=8, blank=True, null=True, verbose_name=u"系统版本号")
system_arch = models.CharField(max_length=16, blank=True, null=True, verbose_name=u"系统平台")
From 66e53c2701c80a4b92c15d36d3cdbc6d1c0c3277 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Wed, 13 Jan 2016 14:06:36 +0800
Subject: [PATCH 23/43] Update zzjumpserver.sh
---
install/zzjumpserver.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/install/zzjumpserver.sh b/install/zzjumpserver.sh
index 11c7a3335..40d9ae8d7 100644
--- a/install/zzjumpserver.sh
+++ b/install/zzjumpserver.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-if [ "$USER" != "admin" ] || [ "$USER" != "root" ] || [ "$USER" != "" ];then
+if [ "$USER" != "admin" ] && [ "$USER" != "root" ];then
python /opt/jumpserver/connect.py
if [ $USER == 'guanghongwei' ];then
echo
From 4d0331e105b0d482cc4485e73c1a3bca2c0542fc Mon Sep 17 00:00:00 2001
From: ibuler
Date: Wed, 13 Jan 2016 15:51:29 +0800
Subject: [PATCH 24/43] Update connect.py
---
connect.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/connect.py b/connect.py
index b57075d7d..84a02048a 100755
--- a/connect.py
+++ b/connect.py
@@ -21,7 +21,7 @@ from io import open as copen
import uuid
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
-if django.get_version() != '1.6':
+if not django.get_version().startswith('1.6'):
setup = django.setup()
from django.contrib.sessions.models import Session
from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info
From f2487a22cd8108399a6861475d0a324016ea9c5f Mon Sep 17 00:00:00 2001
From: ibuler
Date: Wed, 13 Jan 2016 17:57:32 +0800
Subject: [PATCH 25/43] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20su=20-=20=E6=97=A0?=
=?UTF-8?q?=E6=B3=95=E8=8E=B7=E5=8F=96=20Env=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
connect.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/connect.py b/connect.py
index 84a02048a..79b266e29 100755
--- a/connect.py
+++ b/connect.py
@@ -33,7 +33,10 @@ from jperm.ansible_api import MyRunner
from jlog.models import ExecLog, FileLog
login_user = get_object(User, username=getpass.getuser())
-remote_ip = os.environ.get('SSH_CLIENT').split()[0]
+try:
+ remote_ip = os.environ.get('SSH_CLIENT').split()[0]
+except (IndexError, AttributeError):
+ remote_ip = os.popen("who -m | awk '{ print $NF }'").read().strip('()\n')
try:
import termios
From 81a6f4841f5fe38d1a41962951001176ba09c687 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Thu, 14 Jan 2016 11:01:19 +0800
Subject: [PATCH 26/43] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=94=A8=E6=88=B7?=
=?UTF-8?q?=E7=BB=84=E7=BC=96=E8=BE=91=E5=AF=BC=E8=87=B4=E8=AF=A5=E7=94=A8?=
=?UTF-8?q?=E6=88=B7=E7=BB=84=E9=83=BD=E4=B8=A2=E5=A4=B1=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
juser/views.py | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/juser/views.py b/juser/views.py
index 6b9d9a56b..41baa7536 100644
--- a/juser/views.py
+++ b/juser/views.py
@@ -6,7 +6,7 @@
# from Crypto.PublicKey import RSA
import uuid
from django.contrib.auth.decorators import login_required
-
+from django.shortcuts import get_object_or_404
from django.db.models import Q
from juser.user_api import *
from jperm.perm_api import get_group_user_perm
@@ -111,22 +111,18 @@ def group_edit(request):
if len(UserGroup.objects.filter(name=group_name)) > 1:
raise ServerError(u'%s 用户组已存在' % group_name)
# add user group
+ user_group = get_object_or_404(UserGroup, id=group_id)
+ user_group.user_set.clear()
+
for user in User.objects.filter(id__in=users_selected):
user.group.add(UserGroup.objects.get(id=group_id))
- # delete user group
- user_group = UserGroup.objects.get(id=group_id)
- for user in [user for user in User.objects.filter(group=user_group) if user not in User.objects.filter(id__in=users_selected)]:
- user_group_all = user.group.all()
- user.group.clear()
- for g in user_group_all:
- if g == user_group:
- continue
- user.group.add(g)
+
user_group.name = group_name
user_group.comment = comment
user_group.save()
except ServerError, e:
error = e
+
if not error:
return HttpResponseRedirect(reverse('user_group_list'))
else:
From b6f82ca020cf18c7cfe7e73904d58daefdd1183d Mon Sep 17 00:00:00 2001
From: ibuler
Date: Thu, 14 Jan 2016 11:10:07 +0800
Subject: [PATCH 27/43] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dvim=E4=BF=AE=E6=94=B9?=
=?UTF-8?q?=E7=AA=97=E5=8F=A3=E5=A4=A7=E5=B0=8F=E4=B8=AD=E6=96=ADbug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
connect.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/connect.py b/connect.py
index 79b266e29..92b2f74cc 100755
--- a/connect.py
+++ b/connect.py
@@ -415,7 +415,10 @@ class SshTty(Tty):
pass
if sys.stdin in r:
- x = os.read(sys.stdin.fileno(), 4096)
+ try:
+ x = os.read(sys.stdin.fileno(), 4096)
+ except OSError:
+ pass
input_mode = True
if str(x) in ['\r', '\n', '\r\n']:
if self.vim_flag:
@@ -803,7 +806,7 @@ def main():
color_print('请输入正确ID', 'red')
except ServerError, e:
color_print(e, 'red')
- except Exception, e:
+ except IndexError, e:
color_print(e)
time.sleep(5)
pass
From 6ba9191b3078ba27dd34735e546d7862c9e26d38 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Thu, 14 Jan 2016 11:58:53 +0800
Subject: [PATCH 28/43] update LANG setting
---
install/zzjumpserver.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/install/zzjumpserver.sh b/install/zzjumpserver.sh
index 40d9ae8d7..516b0466e 100644
--- a/install/zzjumpserver.sh
+++ b/install/zzjumpserver.sh
@@ -1,5 +1,7 @@
#!/bin/bash
+export LANG='zh_CN.UTF-8'
+
if [ "$USER" != "admin" ] && [ "$USER" != "root" ];then
python /opt/jumpserver/connect.py
if [ $USER == 'guanghongwei' ];then
From 28e0ea3e81108e5e013d72a6707f94a873146744 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Fri, 15 Jan 2016 15:54:49 +0800
Subject: [PATCH 29/43] =?UTF-8?q?=E6=94=AF=E6=8C=81=E7=94=A8=E6=88=B7?=
=?UTF-8?q?=E5=90=8D=E5=B8=A6=E5=B0=8F=E6=95=B0=E7=82=B9=EF=BC=8C=E4=B8=8A?=
=?UTF-8?q?=E4=BC=A0=E6=96=87=E4=BB=B6=E5=A4=A7=E5=B0=8F=E6=9C=80=E5=A4=A7?=
=?UTF-8?q?2G?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
templates/juser/user_add.html | 2 +-
templates/upload.html | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html
index 2e4619043..621d18107 100644
--- a/templates/juser/user_add.html
+++ b/templates/juser/user_add.html
@@ -131,7 +131,7 @@ $('#userForm').validator({
timely: 2,
theme: "yellow_right_effect",
rules: {
- check_username: [/^\w{3,20}$/, '大小写字母数字和下划线'],
+ check_username: [/^[\w.]{3,20}$/, '大小写字母数字和下划线小数点'],
type_m: function(element){
return $("#M").is(":checked");
}
diff --git a/templates/upload.html b/templates/upload.html
index 2a5d712d9..068e59c11 100644
--- a/templates/upload.html
+++ b/templates/upload.html
@@ -99,6 +99,7 @@
autoProcessQueue: false,
uploadMultiple: true,
parallelUploads: 100,
+ maxFilesize: 2048,
maxFiles: 100,
url: '/file/upload/',
From 36bfb50aad97651885d57a5f73e2cd694d962cea Mon Sep 17 00:00:00 2001
From: ibuler
Date: Mon, 18 Jan 2016 12:01:39 +0800
Subject: [PATCH 30/43] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E7=94=A8=E6=88=B7?=
=?UTF-8?q?=E6=94=AF=E6=8C=81.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
templates/jperm/perm_role_add.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html
index d38e80ee6..18df339e9 100644
--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -92,7 +92,7 @@ $('#roleForm').validator({
timely: 2,
theme: "yellow_right_effect",
rules: {
- check_name: [/(?!^root$)^\w{2,20}$/i, '大小写字母数字和下划线,2-20位,并且非root'],
+ check_name: [/(?!^root$)^[\w.]{2,20}$/i, '大小写字母数字和下划线小数点,2-20位,并且非root'],
check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误,请检查'],
},
From 6fbb3874883cf0e4c0d470ec54788b63cac243a1 Mon Sep 17 00:00:00 2001
From: Tad Wang
Date: Thu, 21 Jan 2016 11:53:56 +0800
Subject: [PATCH 31/43] fix wss support for web_monitor_uri
Https support
---
jlog/views.py | 2 +-
templates/jlog/log_online.html | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/jlog/views.py b/jlog/views.py
index ff0eaf1c0..e2565250e 100644
--- a/jlog/views.py
+++ b/jlog/views.py
@@ -66,7 +66,7 @@ def log_list(request, offset):
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
- web_monitor_uri = 'ws://%s/monitor' % WEB_SOCKET_HOST
+ web_monitor_uri = '%s/monitor' % WEB_SOCKET_HOST
web_kill_uri = 'http://%s/kill' % WEB_SOCKET_HOST
session_id = request.session.session_key
return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request))
diff --git a/templates/jlog/log_online.html b/templates/jlog/log_online.html
index 14e55f957..d934a125e 100644
--- a/templates/jlog/log_online.html
+++ b/templates/jlog/log_online.html
@@ -136,8 +136,13 @@
{# })#}
{# });#}
function init(obj){
+ var protocol = "ws://";
+ if (window.location.protocol == 'https:') {
+ protocol = 'wss://';
+ }
+
var file_path = obj.attr('file_path');
- var wsUri = '{{ web_monitor_uri }}';
+ var wsUri = protocol + '{{ web_monitor_uri }}';
var socket = new WebSocket(wsUri + '?file_path=' + file_path);
var term = new Terminal({
From 852de35e3e7e3721f275e7b8d07e2a1786a75804 Mon Sep 17 00:00:00 2001
From: Tad Wang
Date: Thu, 21 Jan 2016 13:02:23 +0800
Subject: [PATCH 32/43] fix term.js input error problem
handler is undefined.
---
templates/jlog/log_online.html | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/templates/jlog/log_online.html b/templates/jlog/log_online.html
index d934a125e..f82969156 100644
--- a/templates/jlog/log_online.html
+++ b/templates/jlog/log_online.html
@@ -146,9 +146,10 @@
var socket = new WebSocket(wsUri + '?file_path=' + file_path);
var term = new Terminal({
- cols: 80,
- rows: 24,
- screenKeys: false
+ cols: 80,
+ rows: 24,
+ screenKeys: false,
+ handler: function(){return false}
});
var tag = $('');
From 1c2cba64ecdff164578866d27b9996a8ad970091 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Thu, 21 Jan 2016 18:17:18 +0800
Subject: [PATCH 33/43] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=8E=A8=E9=80=81?=
=?UTF-8?q?=E9=BB=98=E8=AE=A4=E7=AB=AF=E5=8F=A3bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
jumpserver/api.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jumpserver/api.py b/jumpserver/api.py
index 68a013870..d524309ba 100644
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -64,7 +64,6 @@ def get_asset_info(asset):
info = {'hostname': asset.hostname, 'ip': asset.ip}
if asset.use_default_auth:
if default:
- info['port'] = int(default.field2)
info['username'] = default.field1
try:
info['password'] = CRYPTOR.decrypt(default.field3)
@@ -73,10 +72,11 @@ def get_asset_info(asset):
if os.path.isfile(default.field4):
info['ssh_key'] = default.field4
else:
- info['port'] = int(asset.port)
info['username'] = asset.username
info['password'] = CRYPTOR.decrypt(asset.password)
+ info['port'] = int(asset.port)
+
return info
From fe87e32e2b287b6bb454b2e0a7628566694c512e Mon Sep 17 00:00:00 2001
From: ibuler
Date: Thu, 21 Jan 2016 19:37:20 +0800
Subject: [PATCH 34/43] roll back
---
jumpserver/api.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jumpserver/api.py b/jumpserver/api.py
index d524309ba..238906537 100644
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -64,6 +64,7 @@ def get_asset_info(asset):
info = {'hostname': asset.hostname, 'ip': asset.ip}
if asset.use_default_auth:
if default:
+ info['port'] = int(default.field2)
info['username'] = default.field1
try:
info['password'] = CRYPTOR.decrypt(default.field3)
@@ -74,8 +75,7 @@ def get_asset_info(asset):
else:
info['username'] = asset.username
info['password'] = CRYPTOR.decrypt(asset.password)
-
- info['port'] = int(asset.port)
+ info['port'] = int(asset.port)
return info
From 0b79f754f9a3632327270529d95dad98699613ed Mon Sep 17 00:00:00 2001
From: "iambocai bob.chen.cs@gmail.com"
Date: Mon, 25 Jan 2016 18:21:07 +0800
Subject: [PATCH 35/43] =?UTF-8?q?1.=20=E5=BD=93=E7=94=A8=E6=88=B7=E6=9C=AA?=
=?UTF-8?q?=E8=A2=AB=E6=8E=88=E4=BA=88=E4=BB=BB=E4=BD=95=E8=A7=92=E8=89=B2?=
=?UTF-8?q?/=E4=B8=BB=E6=9C=BA=E6=9D=83=E9=99=90=E6=97=B6=EF=BC=8C?=
=?UTF-8?q?=E6=8F=90=E7=A4=BA=E7=94=A8=E6=88=B7=202.=20=E6=A0=B9=E6=8D=AE?=
=?UTF-8?q?=E7=94=A8=E6=88=B7=E5=AE=9E=E9=99=85=E5=AE=89=E8=A3=85=E8=B7=AF?=
=?UTF-8?q?=E5=BE=84=EF=BC=8C=E6=9B=BF=E6=8D=A2=E5=90=AF=E5=8A=A8=E8=84=9A?=
=?UTF-8?q?=E6=9C=AC=E4=B8=ADconnect.py=E7=9A=84=E8=B7=AF=E5=BE=84=203.=20?=
=?UTF-8?q?=E4=BF=AE=E6=AD=A3=E5=87=A0=E5=A4=84=E6=8B=BC=E5=86=99=E9=94=99?=
=?UTF-8?q?=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.settings/org.eclipse.core.resources.prefs | 2 ++
connect.py | 8 +++++---
install/next.py | 3 ++-
3 files changed, 9 insertions(+), 4 deletions(-)
create mode 100644 .settings/org.eclipse.core.resources.prefs
diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs
new file mode 100644
index 000000000..1d3924f23
--- /dev/null
+++ b/.settings/org.eclipse.core.resources.prefs
@@ -0,0 +1,2 @@
+eclipse.preferences.version=1
+encoding/connect.py=UTF-8
diff --git a/connect.py b/connect.py
index 92b2f74cc..fefa079f6 100755
--- a/connect.py
+++ b/connect.py
@@ -582,12 +582,14 @@ class Nav(object):
role = role_check[int(role_id)]
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
+ else:
+ color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。', exits=True)
assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机
print "授权包含该系统用户的所有主机"
for asset in assets:
print ' %s' % asset.hostname
print
- print "请输入主机名或ansile支持的pattern, 多个主机:分隔, q退出"
+ print "请输入主机名或ansible支持的pattern, 多个主机:分隔, q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
@@ -629,7 +631,7 @@ class Nav(object):
self.user_perm = get_group_user_perm(self.user)
try:
print "进入批量上传模式"
- print "请输入主机名或ansile支持的pattern, 多个主机:分隔 q退出"
+ print "请输入主机名或ansible支持的pattern, 多个主机:分隔 q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
@@ -682,7 +684,7 @@ class Nav(object):
self.user_perm = get_group_user_perm(self.user)
try:
print "进入批量下载模式"
- print "请输入主机名或ansile支持的pattern, 多个主机:分隔,q退出"
+ print "请输入主机名或ansible支持的pattern, 多个主机:分隔,q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
diff --git a/install/next.py b/install/next.py
index 62814ee67..2a8231b38 100755
--- a/install/next.py
+++ b/install/next.py
@@ -18,7 +18,7 @@ if django.get_version() != '1.6':
from juser.user_api import db_add_user, get_object, User
from install import color_print
-from jumpserver.api import get_mac_address
+from jumpserver.api import get_mac_address, bash
socket.setdefaulttimeout(2)
@@ -83,6 +83,7 @@ class Setup(object):
@staticmethod
def _cp_zzsh():
os.chdir(os.path.join(jms_dir, 'install'))
+ bash("sed -i 's#/opt/jumpserver#%s#g' zzjumpserver.sh" % jms_dir)
shutil.copy('zzjumpserver.sh', '/etc/profile.d/')
@staticmethod
From bcb914485deee3576e312b3678c28c8175d588fc Mon Sep 17 00:00:00 2001
From: wangyong <864072399@qq.com>
Date: Tue, 26 Jan 2016 15:35:47 +0800
Subject: [PATCH 36/43] fix asset edit port not save
---
jasset/views.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jasset/views.py b/jasset/views.py
index aabe0665d..779306580 100644
--- a/jasset/views.py
+++ b/jasset/views.py
@@ -227,7 +227,7 @@ def asset_edit(request):
if use_default_auth:
af_save.username = ''
af_save.password = ''
- af_save.port = None
+ # af_save.port = None
else:
if password:
password_encode = CRYPTOR.encrypt(password)
From 99f09709ec6a4252d85e17b7b1d3ae00a20edbb1 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Tue, 26 Jan 2016 15:37:12 +0800
Subject: [PATCH 37/43] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=BB=98=E8=AE=A4?=
=?UTF-8?q?=E7=AB=AF=E5=8F=A3=E8=8E=B7=E5=8F=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
jperm/views.py | 4 ++--
jumpserver/api.py | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/jperm/views.py b/jperm/views.py
index 5e7707394..a8a66128b 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -16,8 +16,8 @@ from jperm.perm_api import get_role_info, get_role_push_host
from jumpserver.api import my_render, get_object, CRYPTOR
# 设置PERM APP Log
-from jumpserver.settings import LOG_LEVEL
-logger = set_log(LOG_LEVEL, filename='jumpserver_perm.log')
+from jumpserver.api import logger
+#logger = set_log(LOG_LEVEL, filename='jumpserver_perm.log')
@require_role('admin')
diff --git a/jumpserver/api.py b/jumpserver/api.py
index 238906537..691aafb11 100644
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -64,7 +64,6 @@ def get_asset_info(asset):
info = {'hostname': asset.hostname, 'ip': asset.ip}
if asset.use_default_auth:
if default:
- info['port'] = int(default.field2)
info['username'] = default.field1
try:
info['password'] = CRYPTOR.decrypt(default.field3)
@@ -75,7 +74,10 @@ def get_asset_info(asset):
else:
info['username'] = asset.username
info['password'] = CRYPTOR.decrypt(asset.password)
+ try:
info['port'] = int(asset.port)
+ except TypeError:
+ info['port'] = int(default.field2)
return info
From 02e9ba54f9fa6e1eecee3642f01dc505d9df7d55 Mon Sep 17 00:00:00 2001
From: wangjunj <278884470@qq.com>
Date: Thu, 28 Jan 2016 14:50:57 +0800
Subject: [PATCH 38/43] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=9C=AC=E5=9C=B0mysql?=
=?UTF-8?q?d=E8=87=AA=E5=90=AF=E5=8A=A8=E6=9C=8D=E5=8A=A1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
添加数据库自启动服务。修复服务器重启后./server.sh start 会提示错误——“Starting jumpsever
service:run_websocket.py not running”
---
install/install.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/install/install.py b/install/install.py
index 383bd5116..17dbc2d7c 100755
--- a/install/install.py
+++ b/install/install.py
@@ -101,6 +101,7 @@ class PreSetup(object):
color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green')
bash('yum -y install mysql-server')
bash('service mysqld start')
+ bash('chkconfig mysqld on')
bash('mysql -e "create database %s default charset=utf8"' % self.db)
bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db,
self.db_user,
From cd6cfc6ae9bbde324bc5b760ad617631c6ad8de8 Mon Sep 17 00:00:00 2001
From: wangjunj <278884470@qq.com>
Date: Thu, 28 Jan 2016 23:08:12 +0800
Subject: [PATCH 39/43] Update install.py
---
install/install.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/install/install.py b/install/install.py
index 17dbc2d7c..c5765ff12 100755
--- a/install/install.py
+++ b/install/install.py
@@ -101,7 +101,7 @@ class PreSetup(object):
color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green')
bash('yum -y install mysql-server')
bash('service mysqld start')
- bash('chkconfig mysqld on')
+ bash('chkconfig mysqld on')
bash('mysql -e "create database %s default charset=utf8"' % self.db)
bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db,
self.db_user,
From fa195c3808717cfe328f6cc8b339552f6670318d Mon Sep 17 00:00:00 2001
From: "iambocai bob.chen.cs@gmail.com"
Date: Wed, 17 Feb 2016 15:16:36 +0800
Subject: [PATCH 40/43] update for pull#47
---
.gitignore | 1 +
.settings/org.eclipse.core.resources.prefs | 2 --
connect.py | 3 ++-
install/next.py | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
delete mode 100644 .settings/org.eclipse.core.resources.prefs
diff --git a/.gitignore b/.gitignore
index 983fedd49..e300831e4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,6 +37,7 @@ nosetests.xml
.mr.developer.cfg
.project
.pydevproject
+.settings
*.log
logs/*
keys/*
diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs
deleted file mode 100644
index 1d3924f23..000000000
--- a/.settings/org.eclipse.core.resources.prefs
+++ /dev/null
@@ -1,2 +0,0 @@
-eclipse.preferences.version=1
-encoding/connect.py=UTF-8
diff --git a/connect.py b/connect.py
index fefa079f6..0be5abdfb 100755
--- a/connect.py
+++ b/connect.py
@@ -583,7 +583,8 @@ class Nav(object):
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
else:
- color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。', exits=True)
+ color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。')
+ return
assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机
print "授权包含该系统用户的所有主机"
for asset in assets:
diff --git a/install/next.py b/install/next.py
index 2a8231b38..e3dc312fa 100755
--- a/install/next.py
+++ b/install/next.py
@@ -83,8 +83,8 @@ class Setup(object):
@staticmethod
def _cp_zzsh():
os.chdir(os.path.join(jms_dir, 'install'))
- bash("sed -i 's#/opt/jumpserver#%s#g' zzjumpserver.sh" % jms_dir)
shutil.copy('zzjumpserver.sh', '/etc/profile.d/')
+ bash("sed -i 's#/opt/jumpserver#%s#g' /etc/profile.d/zzjumpserver.sh" % jms_dir)
@staticmethod
def _run_service():
From 0e9a9625061c1742357eebd91f8c9b342fc025ba Mon Sep 17 00:00:00 2001
From: ibuler
Date: Sat, 20 Feb 2016 16:02:31 +0800
Subject: [PATCH 41/43] =?UTF-8?q?=E5=85=B7=E4=BD=93=E4=BD=93=E7=8E=B0?=
=?UTF-8?q?=E5=9C=A8=20=E6=97=A5=E5=BF=97=E7=9B=91=E6=8E=A7=E9=A1=B5?=
=?UTF-8?q?=EF=BC=8C=E5=AE=9A=E6=9C=9F=E5=9B=9E=E6=94=B6=E8=BF=87=E6=9C=9F?=
=?UTF-8?q?=E7=9A=84=E5=9C=A8=E7=BA=BFlog?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
需要运行python manage.py crontab add来添加
运行 python manage.py crontab remove 来去掉
crontab -l
---
jlog/log_api.py | 29 +++++++++++++++++++++++++++++
jumpserver/settings.py | 3 ++-
2 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/jlog/log_api.py b/jlog/log_api.py
index b10325643..6f2d6edbe 100644
--- a/jlog/log_api.py
+++ b/jlog/log_api.py
@@ -6,7 +6,10 @@ from contextlib import closing
from io import open as copen
from json import dumps
from math import ceil
+import datetime
+import time
import re
+import os
from os.path import basename, dirname, exists, join
from struct import unpack
from subprocess import Popen
@@ -17,6 +20,7 @@ from jinja2 import FileSystemLoader, Template
from jinja2.environment import Environment
from jumpserver.api import BASE_DIR
+from jlog.models import Log
DEFAULT_TEMPLATE = join(BASE_DIR, 'templates', 'jlog', 'static.jinja2')
@@ -75,3 +79,28 @@ def renderTemplate(script_path, time_file_path, dimensions=(24, 80), templatenam
return rendered
+def kill_invalid_connection():
+ long_time_logs = []
+ unfinished_logs = Log.objects.filter(is_finished=False)
+ now = datetime.datetime.now()
+ now_timestamp = int(time.mktime(now.timetuple()))
+ for log in unfinished_logs:
+ if (now - log.start_time).days > 1:
+ long_time_logs.append(log)
+
+ for log in long_time_logs:
+ try:
+ log_file_mtime = int(os.stat(log.log_path).st_mtime)
+ except OSError:
+ log_file_mtime = 0
+
+ if (now_timestamp - log_file_mtime) > 3600:
+ try:
+ os.kill(int(log.pid), 9)
+ except OSError:
+ pass
+
+ log.is_finished = True
+ log.end_time = now
+ log.save()
+
diff --git a/jumpserver/settings.py b/jumpserver/settings.py
index fa8431272..d1c8a8f40 100644
--- a/jumpserver/settings.py
+++ b/jumpserver/settings.py
@@ -152,5 +152,6 @@ STATIC_URL = '/static/'
BOOTSTRAP_COLUMN_COUNT = 10
CRONJOBS = [
- ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all')
+ ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all'),
+ ('1 * * * *', 'jlog.log_api.kill_invalid_connection'),
]
From 7323b72c4bf43b7c2bdb5038eee4a5fdd9f4c5ec Mon Sep 17 00:00:00 2001
From: ibuler
Date: Mon, 22 Feb 2016 16:29:36 +0800
Subject: [PATCH 42/43] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=201.=20=E6=8E=A8?=
=?UTF-8?q?=E9=80=81=E6=97=B6=20=E9=AA=8C=E8=AF=81=E6=94=B9=E4=B8=BA=20=20?=
=?UTF-8?q?/usr/sbin/visudo=20-c=202.=20=E6=B7=BB=E5=8A=A0=E7=B3=BB?=
=?UTF-8?q?=E7=BB=9F=E7=94=A8=E6=88=B7=E7=9A=84key=20=E8=AE=A4=E8=AF=81?=
=?UTF-8?q?=E6=9B=B4=E6=94=B9=20=E6=94=AF=E6=8C=81=20RSA|DSA=203.=20web=20?=
=?UTF-8?q?terminal=20=E8=A1=8C=E6=95=B0=20-1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
templates/jasset/asset_list.html | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html
index 848ce7ac8..b87b6e177 100644
--- a/templates/jasset/asset_list.html
+++ b/templates/jasset/asset_list.html
@@ -243,8 +243,9 @@
area: ['628px', '420px'],
content: new_url+data
});
+ window.open(new_url+data, '_blank', 'toolbar=yes, location=yes, scrollbars=yes, resizable=yes, copyhistory=yes, width=628, height=400')
*/
- window.open(new_url+data, '', 'width=628px, height=380px')
+ window.open(new_url+data, '', 'width=628px, height=380px');
} else if (dataArray.length == 1 && data != 'error'){
/*layer.open({
type: 2,
@@ -255,7 +256,7 @@
content: new_url+data
});
*/
- window.open(new_url+data, '', 'width=628px, height=440px')
+ window.open(new_url+data, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=410');
}
else {
@@ -292,7 +293,7 @@
content: new_url
});
*/
- window.open(new_url, '', 'height=628px, width=380px')
+ window.open(new_url, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=400')
} else {
/*
@@ -305,7 +306,7 @@
content: new_url
});
*/
- window.open(new_url, '', 'height=628px, width=452px')
+ window.open(new_url, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=410');
}
return false
From b1768565c1b683c94a4fb4138bafbde816fc0216 Mon Sep 17 00:00:00 2001
From: ibuler
Date: Mon, 22 Feb 2016 16:31:33 +0800
Subject: [PATCH 43/43] =?UTF-8?q?=20=E4=BF=AE=E5=A4=8D=20=20=20=20=201.=20?=
=?UTF-8?q?=E6=8E=A8=E9=80=81=E6=97=B6=20=E9=AA=8C=E8=AF=81=E6=94=B9?=
=?UTF-8?q?=E4=B8=BA=20=20/usr/sbin/visudo=20-c=20=20=20=20=202.=20?=
=?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=B3=BB=E7=BB=9F=E7=94=A8=E6=88=B7=E7=9A=84?=
=?UTF-8?q?key=20=E8=AE=A4=E8=AF=81=E6=9B=B4=E6=94=B9=20=E6=94=AF=E6=8C=81?=
=?UTF-8?q?=20RSA|DSA=20=20=20=20=203.=20web=20terminal=20=E8=A1=8C?=
=?UTF-8?q?=E6=95=B0=20-1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
templates/jlog/web_terminal.html | 2 +-
templates/jperm/perm_role_add.html | 4 ++--
templates/jperm/role_sudo.j2 | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/templates/jlog/web_terminal.html b/templates/jlog/web_terminal.html
index 5589b59c3..420249a10 100644
--- a/templates/jlog/web_terminal.html
+++ b/templates/jlog/web_terminal.html
@@ -117,7 +117,7 @@
$('.terminal').css('width', window.innerWidth-25);
console.log(window.innerWidth);
console.log(window.innerWidth-10);
- var rows = Math.floor(window.innerHeight/rowHeight) - 1;
+ var rows = Math.floor(window.innerHeight/rowHeight) - 2;
var cols = Math.floor(window.innerWidth/colWidth) - 1;
return {rows: rows, cols: cols};
diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html
index 18df339e9..59ec3b3b6 100644
--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -93,7 +93,7 @@ $('#roleForm').validator({
theme: "yellow_right_effect",
rules: {
check_name: [/(?!^root$)^[\w.]{2,20}$/i, '大小写字母数字和下划线小数点,2-20位,并且非root'],
- check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误,请检查'],
+ check_begin: [/^[\-]+BEGIN R|DSA PRIVATE KEY[\-]+/gm, 'RSA|DSA Key填写有误,请检查']
},
@@ -108,7 +108,7 @@ $('#roleForm').validator({
rule: "check_begin",
ok: "",
empty: true
- },
+ }
},
valid: function(form) {
diff --git a/templates/jperm/role_sudo.j2 b/templates/jperm/role_sudo.j2
index 642a30a66..a37276771 100644
--- a/templates/jperm/role_sudo.j2
+++ b/templates/jperm/role_sudo.j2
@@ -36,7 +36,7 @@ add_role_chosen() {
check_syntax(){
- visudo -c -f $1
+ /usr/sbin/visudo -c -f $1
}
cp $real_file $tmp_file && add_cmd_alias $tmp_file && add_role_chosen $tmp_file || exit 1