github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'connect'

pull/530/head
ibuler 2016-10-13 14:49:04 +08:00
parent 29b3ef70ef 081af2f953
commit 3efad338eb
16 changed files with 144 additions and 684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/audits/api.py
View File

@ -1,3 +1,23 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
# #
from rest_framework import generics
import serializers
from .models import ProxyLog
class ProxyLogListCreateApi(generics.ListCreateAPIView):
queryset = ProxyLog.objects.all()
serializer_class = serializers.ProxyLogSerializer
class ProxyLogDetailApi(generics.RetrieveUpdateDestroyAPIView):
queryset = ProxyLog.objects.all()
serializer_class = serializers.ProxyLogSerializer
class CommandLogCreateApi(generics.CreateAPIView):
serializer_class = serializers.CommandLogSerializer

0
terminal/logs/.gitkeep → apps/audits/migrations/__init__.py
View File

65
apps/audits/models.py
View File

@ -1,5 +1,68 @@
# -*- coding: utf-8 -*-
#
from __future__ import unicode_literals from __future__ import unicode_literals
from django.db import models from django.db import models
from django.utils.translation import ugettext_lazy as _
# Create your models here.
class LoginLog(models.Model):
LOGIN_TYPE_CHOICE = (
('S', 'ssh'),
('W', 'web'),
)
username = models.CharField(max_length=20, verbose_name=_('Username'))
name = models.CharField(max_length=20, blank=True, verbose_name=_('Name'))
login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=1, verbose_name=_('Login type'))
login_ip = models.GenericIPAddressField(verbose_name=_('Login ip'))
login_city = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('Login city'))
user_agent = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('User agent'))
date_login = models.DateTimeField(auto_now=True, verbose_name=_('Date login'))
date_logout = models.DateTimeField(null=True, verbose_name=_('Date logout'))
class Meta:
db_table = 'login_log'
ordering = ['-date_login', 'username']
class ProxyLog(models.Model):
LOGIN_TYPE_CHOICE = (
('S', 'ssh'),
('W', 'web'),
)
username = models.CharField(max_length=20, verbose_name=_('Username'))
name = models.CharField(max_length=20, blank=True, verbose_name=_('Name'))
hostname = models.CharField(max_length=128, blank=True, verbose_name=_('Hostname'))
ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'))
system_user = models.CharField(max_length=20, verbose_name=_('System user'))
login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=1, verbose_name=_('Login type'))
log_file = models.CharField(max_length=1000, blank=True, null=True)
was_failed = models.BooleanField(default=False, verbose_name=_('Did connect failed'))
is_finished = models.BooleanField(default=False, verbose_name=_('Is finished'))
date_start = models.DateTimeField(auto_now=True, verbose_name=_('Date start'))
date_finished = models.DateTimeField(null=True, verbose_name=_('Date finished'))
def __unicode__(self):
return '%s-%s-%s-%s' % (self.username, self.hostname, self.system_user, self.id)
class Meta:
db_table = 'proxy_log'
ordering = ['-date_start', 'username']
class CommandLog(models.Model):
proxy_log = models.ForeignKey(ProxyLog, on_delete=models.CASCADE, related_name='command_log')
command = models.CharField(max_length=1000, blank=True)
output = models.TextField(blank=True)
date_start = models.DateTimeField(null=True)
date_finished = models.DateTimeField(null=True)
def __unicode__(self):
return '%s: %s' % (self.id, self.command)
class Meta:
db_table = 'command_log'
ordering = ['-date_start', 'command']

20
apps/audits/serializers.py Normal file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
from rest_framework import serializers
import models
class ProxyLogSerializer(serializers.ModelSerializer):
class Meta:
model = models.ProxyLog
class CommandLogSerializer(serializers.ModelSerializer):
class Meta:
model = models.CommandLog
if __name__ == '__main__':
pass

16
apps/audits/urls.py
View File

@ -1 +1,17 @@
from django.conf.urls import url from django.conf.urls import url
import api
import views
app_name = 'audits'
urlpatterns = [
]
urlpatterns += [
url(r'^v1/proxy-log/$', api.ProxyLogListCreateApi.as_view(), name='proxy-log-list-create-api'),
url(r'^v1/proxy-log/(?P<pk>\d+)/$', api.ProxyLogDetailApi.as_view(), name='proxy-log-detail-api'),
url(r'^v1/command-log/$', api.CommandLogCreateApi.as_view(), name='command-log-create-api'),
]

1
apps/jumpserver/urls.py
View File

@ -25,6 +25,7 @@ urlpatterns = [
url(r'^(api/)?users/', include('users.urls')), url(r'^(api/)?users/', include('users.urls')),
url(r'^assets/', include('assets.urls')), url(r'^assets/', include('assets.urls')),
url(r'^perms/', include('perms.urls')), url(r'^perms/', include('perms.urls')),
url(r'^(api/)?audits/', include('audits.urls')),
] ]

5
apps/users/api.py
View File

@ -1,8 +1,6 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
# #
import logging
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework import generics, status from rest_framework import generics, status
@ -13,9 +11,10 @@ from .models import User, UserGroup
from .serializers import UserDetailSerializer, UserAndGroupSerializer, \ from .serializers import UserDetailSerializer, UserAndGroupSerializer, \
GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer
from common.mixins import BulkDeleteApiMixin from common.mixins import BulkDeleteApiMixin
from common.utils import get_logger
logger = logging.getLogger('jumpserver.users.api') logger = get_logger(__name__)
class UserDetailApi(generics.RetrieveUpdateDestroyAPIView): class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):

1
apps/users/utils.py
View File

@ -3,6 +3,7 @@
from __future__ import unicode_literals from __future__ import unicode_literals
import logging import logging
import os import os
import re
from django.conf import settings from django.conf import settings
from django.contrib.auth.mixins import UserPassesTestMixin from django.contrib.auth.mixins import UserPassesTestMixin

34
docs/table_design.xml
View File

@ -634,10 +634,13 @@
<part>id</part> <part>id</part>
</key> </key>
</table> </table>
<table x="300" y="770" name="login_log"> <table x="268" y="776" name="login_log">
<row name="id" null="1" autoincrement="1"> <row name="id" null="1" autoincrement="1">
<datatype>INTEGER</datatype> <datatype>INTEGER</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<row name="name" null="1" autoincrement="0">
<datatype>CHAR</datatype>
<default>NULL</default></row>
<row name="username" null="1" autoincrement="0"> <row name="username" null="1" autoincrement="0">
<datatype>VARCHAR</datatype> <datatype>VARCHAR</datatype>
<default>NULL</default></row> <default>NULL</default></row>
@ -663,7 +666,7 @@
<part>id</part> <part>id</part>
</key> </key>
</table> </table>
<table x="139" y="772" name="admin_log"> <table x="108" y="775" name="admin_log">
<row name="id" null="1" autoincrement="1"> <row name="id" null="1" autoincrement="1">
<datatype>INTEGER</datatype> <datatype>INTEGER</datatype>
<default>NULL</default></row> <default>NULL</default></row>
@ -689,14 +692,20 @@
<part>id</part> <part>id</part>
</key> </key>
</table> </table>
<table x="435" y="806" name="proxy_log"> <table x="418" y="775" name="proxy_log">
<row name="id" null="1" autoincrement="1"> <row name="id" null="1" autoincrement="1">
<datatype>INTEGER</datatype> <datatype>INTEGER</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<row name="name" null="1" autoincrement="0">
<datatype>VARCHAR</datatype>
<default>NULL</default></row>
<row name="username" null="1" autoincrement="0"> <row name="username" null="1" autoincrement="0">
<datatype>CHAR</datatype> <datatype>CHAR</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<row name="hostname" null="1" autoincrement="0"> <row name="hostname" null="1" autoincrement="0">
<datatype>VARCHAR</datatype>
<default>NULL</default></row>
<row name="ip" null="1" autoincrement="0">
<datatype>CHAR</datatype> <datatype>CHAR</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<row name="sysuser" null="1" autoincrement="0"> <row name="sysuser" null="1" autoincrement="0">
@ -705,18 +714,9 @@
<row name="login_type" null="1" autoincrement="0"> <row name="login_type" null="1" autoincrement="0">
<datatype>CHAR</datatype> <datatype>CHAR</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<row name="refer_id" null="1" autoincrement="0">
<datatype>INTEGER</datatype>
<default>NULL</default></row>
<row name="log_file" null="1" autoincrement="0"> <row name="log_file" null="1" autoincrement="0">
<datatype>CHAR</datatype> <datatype>CHAR</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<row name="login_ip" null="1" autoincrement="0">
<datatype>VARCHAR</datatype>
<default>NULL</default></row>
<row name="login_city" null="1" autoincrement="0">
<datatype>VARCHAR</datatype>
<default>NULL</default></row>
<row name="is_finished" null="1" autoincrement="0"> <row name="is_finished" null="1" autoincrement="0">
<datatype>INTEGER</datatype> <datatype>INTEGER</datatype>
<default>NULL</default></row> <default>NULL</default></row>
@ -738,11 +738,17 @@
<datatype>INTEGER</datatype> <datatype>INTEGER</datatype>
<default>NULL</default><relation table="proxy_log" row="id" /> <default>NULL</default><relation table="proxy_log" row="id" />
</row> </row>
<row name="command" null="1" autoincrement="0">
<datatype>CHAR</datatype>
<default>NULL</default></row>
<row name="output" null="1" autoincrement="0">
<datatype>VARCHAR</datatype>
<default>NULL</default></row>
<row name="date_start" null="1" autoincrement="0"> <row name="date_start" null="1" autoincrement="0">
<datatype>DATE</datatype> <datatype>DATE</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<row name="command" null="1" autoincrement="0"> <row name="date_finished" null="1" autoincrement="0">
<datatype>CHAR</datatype> <datatype>DATE</datatype>
<default>NULL</default></row> <default>NULL</default></row>
<key type="PRIMARY" name=""> <key type="PRIMARY" name="">
<part>id</part> <part>id</part>

13
requirements.txt
View File

@ -1,26 +1,13 @@
Django==1.10 Django==1.10
django-bootstrap-form==3.2.1 django-bootstrap-form==3.2.1
django-redis-sessions==0.5.6
django-websocket-redis==0.4.6
gevent==1.1.2
greenlet==0.4.10
logging==0.4.9.6 logging==0.4.9.6
Pillow==3.3.1 Pillow==3.3.1
pyte==0.5.2
redis==2.10.5
six==1.10.0
wcwidth==0.1.7
websocket-client==0.37.0
djangorestframework==3.4.5 djangorestframework==3.4.5
ForgeryPy==0.1 ForgeryPy==0.1
openpyxl==2.4.0 openpyxl==2.4.0
paramiko==2.0.2
celery==3.1.23 celery==3.1.23
ansible==2.1.1.0 ansible==2.1.1.0
django-simple-captcha==0.5.2 django-simple-captcha==0.5.2
django-formtools==1.0 django-formtools==1.0
sshpubkeys==2.2.0 sshpubkeys==2.2.0
djangorestframework-bulk==0.2.1 djangorestframework-bulk==0.2.1
python-gssapi==0.6.4
tornado==4.4.2

7
terminal/__init__.py
View File

@ -1,7 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
if __name__ == '__main__':
pass

102
terminal/ssh_config.py
View File

@ -1,102 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
import logging
import os
BASE_DIR = os.path.dirname(os.path.abspath(__name__))
class Config:
SSH_HOST = ''
SSH_PORT = 2200
LOG_LEVEL = 'INFO'
LOG_DIR = os.path.join(BASE_DIR, 'logs')
LOG_FILENAME = 'ssh_server.log'
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
},
'main': {
'datefmt': '%Y-%m-%d %H:%M:%S',
'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
},
'simple': {
'format': '%(levelname)s %(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'main',
'stream': 'ext://sys.stdout',
},
'file': {
'level': 'DEBUG',
'class': 'logging.handlers.TimedRotatingFileHandler',
'formatter': 'main',
'filename': os.path.join(LOG_DIR, LOG_FILENAME),
'when': 'D',
'backupCount': 10,
},
},
'loggers': {
'jumpserver': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
'propagate': True,
},
'jumpserver.web_ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
'propagate': True,
},
'jumpserver.ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
'propagate': True,
}
}
}
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class ProductionConfig(Config):
pass
class TestingConfig(Config):
pass
config = {
'development': DevelopmentConfig,
'production': ProductionConfig,
'testing': TestingConfig,
'default': DevelopmentConfig,
}
env = 'default'

96
terminal/ssh_config_example.py
View File

@ -1,96 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
import logging
import os
BASE_DIR = os.path.dirname(os.path.abspath(__name__))
class Config:
LOG_LEVEL = 'INFO'
LOG_DIR = os.path.join(BASE_DIR, 'logs')
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
},
'main': {
'datefmt': '%Y-%m-%d %H:%M:%S',
'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
},
'simple': {
'format': '%(levelname)s %(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'main'
},
'file': {
'level': 'DEBUG',
'class': 'logging.FileHandler',
'formatter': 'main',
'filename': LOG_DIR,
},
},
'loggers': {
'jumpserver': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
},
'jumpserver.web_ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
},
'jumpserver.ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
}
}
}
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class ProductionConfig(Config):
pass
class TestingConfig(Config):
pass
config = {
'development': DevelopmentConfig,
'production': ProductionConfig,
'testing': TestingConfig,
'default': DevelopmentConfig,
}
env = 'default'
if __name__ == '__main__':
pass

411
terminal/ssh_server.py
View File

@ -1,411 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
__version__ = '0.3.3'
import sys
import os
import base64
import time
from binascii import hexlify
import sys
import threading
from multiprocessing.process import Process
import traceback
import tty
import termios
import struct
import fcntl
import signal
import socket
import select
import errno
import paramiko
import django
BASE_DIR = os.path.abspath(os.path.dirname(__file__))
APP_DIR = os.path.join(os.path.dirname(BASE_DIR), 'apps')
sys.path.append(APP_DIR)
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
try:
django.setup()
except IndexError:
pass
from django.conf import settings
from users.utils import ssh_key_gen, check_user_is_valid
from utils import get_logger, SSHServerException, control_char
logger = get_logger(__name__)
paramiko.util.log_to_file(os.path.join(BASE_DIR, 'logs', 'paramiko.log'))
class SSHServer(paramiko.ServerInterface):
host_key_path = os.path.join(BASE_DIR, 'host_rsa_key')
channel_pools = []
def __init__(self, client, addr):
self.event = threading.Event()
self.change_window_size_event = threading.Event()
self.client = client
self.addr = addr
self.username = None
self.user = None
self.channel_width = None
self.channel_height = None
@classmethod
def host_key(cls):
return cls.get_host_key()
@classmethod
def get_host_key(cls):
logger.debug("Get ssh server host key")
if not os.path.isfile(cls.host_key_path):
cls.host_key_gen()
return paramiko.RSAKey(filename=cls.host_key_path)
@classmethod
def host_key_gen(cls):
logger.debug("Generate ssh server host key")
ssh_key, ssh_pub_key = ssh_key_gen()
with open(cls.host_key_path, 'w') as f:
f.write(ssh_key)
def check_channel_request(self, kind, chanid):
if kind == 'session':
return paramiko.OPEN_SUCCEEDED
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_auth_password(self, username, password):
self.user = user = check_user_is_valid(username=username, password=password)
if self.user:
self.username = username = user.username
logger.info('Accepted password for %(username)s from %(host)s port %(port)s ' % {
'username': username,
'host': self.addr[0],
'port': self.addr[1],
})
return paramiko.AUTH_SUCCESSFUL
else:
logger.info('Authentication password failed for %(username)s from %(host)s port %(port)s ' % {
'username': username,
'host': self.addr[0],
'port': self.addr[1],
})
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, public_key):
self.user = user = check_user_is_valid(username=username, public_key=public_key)
if self.user:
self.username = username = user.username
logger.info('Accepted public key for %(username)s from %(host)s port %(port)s ' % {
'username': username,
'host': self.addr[0],
'port': self.addr[1],
})
return paramiko.AUTH_SUCCESSFUL
else:
logger.info('Authentication public key failed for %(username)s from %(host)s port %(port)s ' % {
'username': username,
'host': self.addr[0],
'port': self.addr[1],
})
return paramiko.AUTH_FAILED
def get_allowed_auths(self, username):
auth_method_list = []
if settings.CONFIG.SSH_PASSWORD_AUTH:
auth_method_list.append('password')
if settings.CONFIG.SSH_PUBLICK_KEY_AUTH:
auth_method_list.append('publickey')
return ','.join(auth_method_list)
def check_channel_shell_request(self, channel):
self.event.set()
self.__class__.channel_pools.append(channel)
channel.username = self.username
channel.addr = self.addr
return True
def check_channel_pty_request(self, channel, term, width, height, pixelwidth,
pixelheight, modes):
channel.change_window_size_event = threading.Event()
channel.width = width
channel.height = height
return True
def check_channel_window_change_request(self, channel, width, height, pixelwidth, pixelheight):
channel.change_window_size_event.set()
channel.width = width
channel.height = height
return True
class BackendServer:
def __init__(self, host, port, username):
self.host = host
self.port = port
self.username = username
self.ssh = None
self.channel = None
def connect(self, term='xterm', width=80, height=24, timeout=10):
self.ssh = ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(hostname=self.host, port=self.port, username=self.username, password=self.host_password,
pkey=self.host_private_key, look_for_keys=False, allow_agent=True, compress=True, timeout=timeout)
except Exception:
logger.warning('Connect backend server %s failed' % self.host)
return None
self.channel = channel = ssh.invoke_shell(term=term, width=width, height=height)
logger.info('Connect backend server %(username)s@%(host)s:%(port)s successfully' % {
'username': self.username,
'host': self.host,
'port': self.port,
})
channel.settimeout(100)
channel.host = self.host
channel.port = self.port
channel.username = self.username
return channel
@property
def host_password(self):
return 'redhat'
@property
def host_private_key(self):
return None
class Navigation:
def __init__(self, username, client_channel):
self.username = username
self.client_channel = client_channel
def display_banner(self):
client_channel = self.client_channel
client_channel.send(control_char.clear)
client_channel.send('\r\n\r\n\t\tWelcome to use Jumpserver open source system !\r\n\r\n')
client_channel.send('If you find some bug please contact us <ibuler@qq.com>\r\n')
client_channel.send('See more at https://www.jumpserver.org\r\n')
# client_channel.send(self.username)
def display(self):
self.display_banner()
def return_to_connect(self):
pass
class ProxyChannel:
ENTER_CHAR = ['\r', '\n', '\r\n']
input_data = []
output_data = []
def __init__(self, client_channel, backend_channel, client_addr):
self.client_channel = client_channel
self.backend_channel = backend_channel
self.client_addr = client_addr
self.in_input_mode = True
def stream_flow(self, input_=None, output_=None):
if input_:
self.in_input_mode = True
if input_ in ['\r', '\n', '\r\n']:
self.in_input_mode = False
if output_:
print(''.join(self.__class__.output_data))
if not self.in_input_mode:
command = ''.join(self.__class__.output_data)
del self.__class__.output_data
self.__class__.output_data = []
self.__class__.output_data.append(output_)
def proxy(self):
client_channel = self.client_channel
backend_channel = self.backend_channel
client_addr = self.client_addr
while True:
r, w, x = select.select([client_channel, backend_channel], [], [])
if client_channel.change_window_size_event.is_set():
backend_channel.resize_pty(width=client_channel.width, height=client_channel.height)
if client_channel in r:
self.in_input_mode = True
client_data = client_channel.recv(1024)
if client_data in self.__class__.ENTER_CHAR:
self.in_input_mode = False
command = ''.join(self.__class__.output_data)
print('########### command ##########')
print(command)
print('########### end command ##########')
del self.__class__.output_data
self.__class__.output_data = []
backend_channel.send(client_data)
output = ''.join(self.__class__.output_data)
print('>>>>>>>>>>> output <<<<<<<<<<')
print(output)
print('>>>>>>>>>>> end output <<<<<<<<<<')
continue
if len(client_data) == 0:
logger.info('Logout from ssh server %(host)s: %(username)s' % {
'host': client_addr[0],
'username': client_channel.username,
})
break
backend_channel.send(client_data)
if backend_channel in r:
backend_data = backend_channel.recv(1024)
if len(backend_data) == 0:
client_channel.send('Disconnect from %s \r\n' % backend_channel.host)
client_channel.close()
logger.info('Logout from backend server %(host)s: %(username)s' % {
'host': backend_channel.host,
'username': backend_channel.username,
})
break
self.__class__.output_data.append(backend_data)
client_channel.send(backend_data)
class JumpServer:
backend_server_pools = []
backend_channel_pools = []
client_channel_pools = []
CONTROL_CHAR = {
'clear': ''
}
def __init__(self):
self.listen_host = '0.0.0.0'
self.listen_port = 2222
def display_navigation(self, username, client_channel):
nav = Navigation(username, client_channel)
nav.display()
return 'j', 22, 'root'
def get_client_channel(self, client, addr):
transport = paramiko.Transport(client, gss_kex=False)
transport.set_gss_host(socket.getfqdn(""))
try:
transport.load_server_moduli()
except:
logger.warning('Failed to load moduli -- gex will be unsupported.')
raise
transport.add_server_key(SSHServer.get_host_key())
ssh_server = SSHServer(client, addr)
try:
transport.start_server(server=ssh_server)
except paramiko.SSHException:
logger.warning('SSH negotiation failed.')
client_channel = transport.accept(20)
if client_channel is None:
logger.warning('No ssh channel get.')
return None
self.__class__.client_channel_pools.append(client_channel)
if not ssh_server.event.is_set():
logger.warning('Client never asked for a shell.')
return client_channel
def get_backend_channel(self, host, port, username, term='xterm', width=80, height=24):
backend_server = BackendServer(host, port, username)
backend_channel = backend_server.connect(term=term, width=width, height=height)
if backend_channel is None:
logger.warning('Connect %(username)s@%(host)s:%(port)s failed' % {
'username': username,
'host': host,
'port': port,
})
return None
self.__class__.backend_server_pools.append(backend_server)
self.__class__.backend_channel_pools.append(backend_channel)
return backend_channel
def command_flow(self, input_=None, output_=None):
pass
def handle_ssh_request(self, client, addr):
logger.info("Get ssh request from %(host)s:%(port)s" % {
'host': addr[0],
'port': addr[1],
})
try:
client_channel = self.get_client_channel(client, addr)
if client_channel is None:
client.close()
return
host, port, username = self.display_navigation('root', client_channel)
backend_channel = self.get_backend_channel(host, port, username,
width=client_channel.width,
height=client_channel.height)
if backend_channel is None:
client.shutdown()
client.close()
client.send('Close')
return
proxy_channel = ProxyChannel(client_channel, backend_channel, addr)
proxy_channel.proxy()
# Todo: catch other exception
except IndexError:
logger.info('Close with server %s from %s' % (addr[0], addr[1]))
sys.exit(100)
def listen(self):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind((self.listen_host, self.listen_port))
sock.listen(5)
print(time.ctime())
print('Jumpserver version %s, more see https://www.jumpserver.org' % __version__)
print('Starting ssh server at %(host)s:%(port)s' % {'host': self.listen_host, 'port': self.listen_port})
print('Quit the server with CONTROL-C.')
while True:
try:
client, addr = sock.accept()
thread = threading.Thread(target=self.handle_ssh_request, args=(client, addr))
thread.daemon = True
thread.start()
except Exception as e:
logger.error('Bind failed: ' + str(e))
traceback.print_exc()
sys.exit(1)
if __name__ == '__main__':
server = JumpServer()
try:
server.listen()
except KeyboardInterrupt:
sys.exit(1)

34
terminal/utils.py
View File

@ -1,34 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
import logging
from logging.config import dictConfig
from ssh_config import config, env
CONFIG_SSH_SERVER = config.get(env)
def get_logger(name):
dictConfig(CONFIG_SSH_SERVER.LOGGING)
return logging.getLogger('jumpserver.%s' % name)
class ControlChar:
CHARS = {
'clear': '\x1b[H\x1b[2J',
}
def __init__(self):
pass
def __getattr__(self, item):
return self.__class__.CHARS.get(item, '')
class SSHServerException(Exception):
pass
control_char = ControlChar()

3
terminal/web_ssh_server.py
View File

@ -1,3 +0,0 @@
# -*- coding: utf-8 -*-
#