From 44c69ded78204ac6d63ea285c6a05974b7aca3b6 Mon Sep 17 00:00:00 2001 From: ibuler Date: Sun, 30 Aug 2015 14:03:10 +0800 Subject: [PATCH] =?UTF-8?q?=E5=B9=B2=E6=8E=89ldap=E5=89=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jumpserver.conf | 6 +- juser/urls.py | 4 +- juser/user_api.py | 9 ++- juser/views.py | 148 +++++++++++++++++----------------- templates/juser/user_add.html | 19 +++-- 5 files changed, 96 insertions(+), 90 deletions(-) diff --git a/jumpserver.conf b/jumpserver.conf index a0a489e54..dfd5a787c 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -29,8 +29,8 @@ web_socket_host = 192.168.40.140:3000 [mail] mail_enable = 1 -email_host = smtp.qq.com +email_host = smtp.exmail.qq.com email_port = 25 -email_host_user = xxxxxxxxxx@qq.com -email_host_password = xxxxxxxxx +email_host_user = noreply@jumpserver.org +email_host_password = jumpserver1234 email_use_tls = False diff --git a/juser/urls.py b/juser/urls.py index 0baa60576..c359a4f4f 100644 --- a/juser/urls.py +++ b/juser/urls.py @@ -11,8 +11,8 @@ urlpatterns = patterns('juser.views', (r'^group_list/$', group_list), (r'^group_del/$', group_del), (r'^group_del_ajax', group_del_ajax), - (r'^group_edit/$',group_edit), - (r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}), + (r'^group_edit/$', group_edit), + (r'^user_add/$', user_add), (r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}), (r'^user_detail/$', 'user_detail'), (r'^user_del/$', 'user_del'), diff --git a/juser/user_api.py b/juser/user_api.py index c0307938d..b837a6b6f 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -111,8 +111,9 @@ def db_del_user(username): def gen_ssh_key(username, password=None, length=2048): """ generate a user ssh key in a property dir - 生成一个用户密钥 + 生成一个用户ssh密钥对 """ + print "gen_ssh_key" + str(time.time()) private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/') private_key_file = os.path.join(private_key_dir, username+".pem") public_key_dir = '/home/%s/.ssh/' % username @@ -124,12 +125,13 @@ def gen_ssh_key(username, password=None, length=2048): with open(private_key_file, 'w') as pri_f: pri_f.write(key.exportKey('PEM', password)) os.chmod(private_key_file, 0600) - + print "gen_ssh_pub_key" + str(time.time()) pub_key = key.publickey() with open(public_key_file, 'w') as pub_f: pub_f.write(pub_key.exportKey('OpenSSH')) os.chmod(public_key_file, 0600) bash('chown %s:%s %s' % (username, username, public_key_file)) + print "gen_ssh_key_end" + str(time.time()) def server_add_user(username, password, ssh_key_pwd): @@ -146,7 +148,6 @@ def user_add_mail(user, kwargs): add user send mail 发送用户添加邮件 """ - print kwargs user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name mail_msg = u""" @@ -177,7 +178,7 @@ def ldap_add_user(username, ldap_pwd): """ user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd) - user = get_object(UserGroup, username=username) + user = get_object(User, username=username) if not user: raise ServerError(u'用户 %s 不存在' % username) diff --git a/juser/views.py b/juser/views.py index 1f02cf486..4e13104d1 100644 --- a/juser/views.py +++ b/juser/views.py @@ -232,12 +232,12 @@ def user_add(request): password = PyCrypt.random_pass(16) name = request.POST.get('name', '') email = request.POST.get('email', '') - dept_id = request.POST.get('dept_id') groups = request.POST.getlist('groups', []) admin_groups = request.POST.getlist('admin_groups', []) role = request.POST.get('role', 'CU') ssh_key_pwd = PyCrypt.random_pass(16) - is_active = True if request.POST.get('is_active', '1') == '1' else False + extra = request.POST.getlist('extra', []) + is_active = True if '0' in extra else False ldap_pwd = PyCrypt.random_pass(32, especial=True) try: @@ -261,12 +261,10 @@ def user_add(request): ldap_pwd=CRYPTOR.encrypt(ldap_pwd), is_active=is_active, date_joined=datetime.datetime.now()) - - server_add_user(username, password, ssh_key_pwd) if LDAP_ENABLE: ldap_add_user(username, ldap_pwd) - except Exception, e: + except IndexError, e: error = u'添加用户 %s 失败 %s ' % (username, e) try: db_del_user(username) @@ -282,76 +280,76 @@ def user_add(request): return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) -@require_role(role='admin') -def user_add_adm(request): - error = '' - msg = '' - header_title, path1, path2 = '添加用户', '用户管理', '添加用户' - user, dept = get_session_user_dept(request) - group_all = dept.usergroup_set.all() - - if request.method == 'POST': - username = request.POST.get('username', '') - password = PyCrypt.gen_rand_pwd(16) - name = request.POST.get('name', '') - email = request.POST.get('email', '') - groups = request.POST.getlist('groups', []) - ssh_key_pwd = PyCrypt.gen_rand_pwd(16) - is_active = True if request.POST.get('is_active', '1') == '1' else False - ldap_pwd = PyCrypt.gen_rand_pwd(16) - - try: - if '' in [username, password, ssh_key_pwd, name, groups, is_active]: - error = u'带*内容不能为空' - raise ServerError - user = User.objects.filter(username=username) - if user: - error = u'用户 %s 已存在' % username - raise ServerError - - except ServerError: - pass - else: - try: - user = db_add_user(username=username, - password=CRYPTOR.md5_crypt(password), - name=name, email=email, dept=dept, - groups=groups, role='CU', - ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), - ldap_pwd=CRYPTOR.encrypt(ldap_pwd), - is_active=is_active, - date_joined=datetime.datetime.now()) - - server_add_user(username, password, ssh_key_pwd) - if LDAP_ENABLE: - ldap_add_user(username, ldap_pwd) - - except Exception, e: - error = u'添加用户 %s 失败 %s ' % (username, e) - try: - db_del_user(username) - server_del_user(username) - if LDAP_ENABLE: - ldap_del_user(username) - except Exception: - pass - else: - mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver' - mail_msg = """ - Hi, %s - 您的用户名: %s - 您的部门: %s - 您的角色: %s - 您的web登录密码: %s - 您的ssh密钥文件密码: %s - 密钥下载地址: http://%s:%s/juser/down_key/?id=%s - 说明: 请登陆后再下载密钥! - """ % (name, username, dept.name, '普通用户', - password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id) - send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False) - msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email) - - return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) +# @require_role(role='admin') +# def user_add_adm(request): +# error = '' +# msg = '' +# header_title, path1, path2 = '添加用户', '用户管理', '添加用户' +# user, dept = get_session_user_dept(request) +# group_all = dept.usergroup_set.all() +# +# if request.method == 'POST': +# username = request.POST.get('username', '') +# password = PyCrypt.gen_rand_pwd(16) +# name = request.POST.get('name', '') +# email = request.POST.get('email', '') +# groups = request.POST.getlist('groups', []) +# ssh_key_pwd = PyCrypt.gen_rand_pwd(16) +# is_active = True if request.POST.get('is_active', '1') == '1' else False +# ldap_pwd = PyCrypt.gen_rand_pwd(16) +# +# try: +# if '' in [username, password, ssh_key_pwd, name, groups, is_active]: +# error = u'带*内容不能为空' +# raise ServerError +# user = User.objects.filter(username=username) +# if user: +# error = u'用户 %s 已存在' % username +# raise ServerError +# +# except ServerError: +# pass +# else: +# try: +# user = db_add_user(username=username, +# password=CRYPTOR.md5_crypt(password), +# name=name, email=email, dept=dept, +# groups=groups, role='CU', +# ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), +# ldap_pwd=CRYPTOR.encrypt(ldap_pwd), +# is_active=is_active, +# date_joined=datetime.datetime.now()) +# +# server_add_user(username, password, ssh_key_pwd) +# if LDAP_ENABLE: +# ldap_add_user(username, ldap_pwd) +# +# except Exception, e: +# error = u'添加用户 %s 失败 %s ' % (username, e) +# try: +# db_del_user(username) +# server_del_user(username) +# if LDAP_ENABLE: +# ldap_del_user(username) +# except Exception: +# pass +# else: +# mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver' +# mail_msg = """ +# Hi, %s +# 您的用户名: %s +# 您的部门: %s +# 您的角色: %s +# 您的web登录密码: %s +# 您的ssh密钥文件密码: %s +# 密钥下载地址: http://%s:%s/juser/down_key/?id=%s +# 说明: 请登陆后再下载密钥! +# """ % (name, username, dept.name, '普通用户', +# password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id) +# send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False) +# msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email) +# +# return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) @require_role(role='super') diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index c26c1fa5e..62863fc2c 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -93,13 +93,20 @@
-
-
-
- +
+
+
+
-
- +
+
+
+ +
+
+
+
+