github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

干掉ldap前

pull/26/head
ibuler 2015-08-30 14:03:10 +08:00
parent 1e170714c0
commit 44c69ded78
5 changed files with 96 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
jumpserver.conf
View File

@ -29,8 +29,8 @@ web_socket_host = 192.168.40.140:3000
[mail] [mail]
mail_enable = 1 mail_enable = 1
email_host = smtp.qq.com email_host = smtp.exmail.qq.com
email_port = 25 email_port = 25
email_host_user = xxxxxxxxxx@qq.com email_host_user = noreply@jumpserver.org
email_host_password = xxxxxxxxx email_host_password = jumpserver1234
email_use_tls = False email_use_tls = False

2
juser/urls.py
View File

@ -12,7 +12,7 @@ urlpatterns = patterns('juser.views',
(r'^group_del/$', group_del), (r'^group_del/$', group_del),
(r'^group_del_ajax', group_del_ajax), (r'^group_del_ajax', group_del_ajax),
(r'^group_edit/$', group_edit), (r'^group_edit/$', group_edit),
(r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}), (r'^user_add/$', user_add),
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}), (r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
(r'^user_detail/$', 'user_detail'), (r'^user_detail/$', 'user_detail'),
(r'^user_del/$', 'user_del'), (r'^user_del/$', 'user_del'),

9
juser/user_api.py
View File

@ -111,8 +111,9 @@ def db_del_user(username):
def gen_ssh_key(username, password=None, length=2048): def gen_ssh_key(username, password=None, length=2048):
""" """
generate a user ssh key in a property dir generate a user ssh key in a property dir
生成一个用户密钥 生成一个用户ssh密钥
""" """
print "gen_ssh_key" + str(time.time())
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/') private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username+".pem") private_key_file = os.path.join(private_key_dir, username+".pem")
public_key_dir = '/home/%s/.ssh/' % username public_key_dir = '/home/%s/.ssh/' % username
@ -124,12 +125,13 @@ def gen_ssh_key(username, password=None, length=2048):
with open(private_key_file, 'w') as pri_f: with open(private_key_file, 'w') as pri_f:
pri_f.write(key.exportKey('PEM', password)) pri_f.write(key.exportKey('PEM', password))
os.chmod(private_key_file, 0600) os.chmod(private_key_file, 0600)
print "gen_ssh_pub_key" + str(time.time())
pub_key = key.publickey() pub_key = key.publickey()
with open(public_key_file, 'w') as pub_f: with open(public_key_file, 'w') as pub_f:
pub_f.write(pub_key.exportKey('OpenSSH')) pub_f.write(pub_key.exportKey('OpenSSH'))
os.chmod(public_key_file, 0600) os.chmod(public_key_file, 0600)
bash('chown %s:%s %s' % (username, username, public_key_file)) bash('chown %s:%s %s' % (username, username, public_key_file))
print "gen_ssh_key_end" + str(time.time())
def server_add_user(username, password, ssh_key_pwd): def server_add_user(username, password, ssh_key_pwd):
@ -146,7 +148,6 @@ def user_add_mail(user, kwargs):
add user send mail add user send mail
发送用户添加邮件 发送用户添加邮件
""" """
print kwargs
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name
mail_msg = u""" mail_msg = u"""
@ -177,7 +178,7 @@ def ldap_add_user(username, ldap_pwd):
""" """
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd) password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd)
user = get_object(UserGroup, username=username) user = get_object(User, username=username)
if not user: if not user:
raise ServerError(u'用户 %s 不存在' % username) raise ServerError(u'用户 %s 不存在' % username)

148
juser/views.py
View File

@ -232,12 +232,12 @@ def user_add(request):
password = PyCrypt.random_pass(16) password = PyCrypt.random_pass(16)
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
dept_id = request.POST.get('dept_id')
groups = request.POST.getlist('groups', []) groups = request.POST.getlist('groups', [])
admin_groups = request.POST.getlist('admin_groups', []) admin_groups = request.POST.getlist('admin_groups', [])
role = request.POST.get('role', 'CU') role = request.POST.get('role', 'CU')
ssh_key_pwd = PyCrypt.random_pass(16) ssh_key_pwd = PyCrypt.random_pass(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False extra = request.POST.getlist('extra', [])
is_active = True if '0' in extra else False
ldap_pwd = PyCrypt.random_pass(32, especial=True) ldap_pwd = PyCrypt.random_pass(32, especial=True)
try: try:
@ -261,12 +261,10 @@ def user_add(request):
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
except Exception, e: except IndexError, e:
error = u'添加用户 %s 失败 %s ' % (username, e) error = u'添加用户 %s 失败 %s ' % (username, e)
try: try:
db_del_user(username) db_del_user(username)
@ -282,76 +280,76 @@ def user_add(request):
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_role(role='admin') # @require_role(role='admin')
def user_add_adm(request): # def user_add_adm(request):
error = '' # error = ''
msg = '' # msg = ''
header_title, path1, path2 = '添加用户', '用户管理', '添加用户' # header_title, path1, path2 = '添加用户', '用户管理', '添加用户'
user, dept = get_session_user_dept(request) # user, dept = get_session_user_dept(request)
group_all = dept.usergroup_set.all() # group_all = dept.usergroup_set.all()
#
if request.method == 'POST': # if request.method == 'POST':
username = request.POST.get('username', '') # username = request.POST.get('username', '')
password = PyCrypt.gen_rand_pwd(16) # password = PyCrypt.gen_rand_pwd(16)
name = request.POST.get('name', '') # name = request.POST.get('name', '')
email = request.POST.get('email', '') # email = request.POST.get('email', '')
groups = request.POST.getlist('groups', []) # groups = request.POST.getlist('groups', [])
ssh_key_pwd = PyCrypt.gen_rand_pwd(16) # ssh_key_pwd = PyCrypt.gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False # is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = PyCrypt.gen_rand_pwd(16) # ldap_pwd = PyCrypt.gen_rand_pwd(16)
#
try: # try:
if '' in [username, password, ssh_key_pwd, name, groups, is_active]: # if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
error = u'带*内容不能为空' # error = u'带*内容不能为空'
raise ServerError # raise ServerError
user = User.objects.filter(username=username) # user = User.objects.filter(username=username)
if user: # if user:
error = u'用户 %s 已存在' % username # error = u'用户 %s 已存在' % username
raise ServerError # raise ServerError
#
except ServerError: # except ServerError:
pass # pass
else: # else:
try: # try:
user = db_add_user(username=username, # user = db_add_user(username=username,
password=CRYPTOR.md5_crypt(password), # password=CRYPTOR.md5_crypt(password),
name=name, email=email, dept=dept, # name=name, email=email, dept=dept,
groups=groups, role='CU', # groups=groups, role='CU',
ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), # ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), # ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, # is_active=is_active,
date_joined=datetime.datetime.now()) # date_joined=datetime.datetime.now())
#
server_add_user(username, password, ssh_key_pwd) # server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: # if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) # ldap_add_user(username, ldap_pwd)
#
except Exception, e: # except Exception, e:
error = u'添加用户 %s 失败 %s ' % (username, e) # error = u'添加用户 %s 失败 %s ' % (username, e)
try: # try:
db_del_user(username) # db_del_user(username)
server_del_user(username) # server_del_user(username)
if LDAP_ENABLE: # if LDAP_ENABLE:
ldap_del_user(username) # ldap_del_user(username)
except Exception: # except Exception:
pass # pass
else: # else:
mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver' # mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
mail_msg = """ # mail_msg = """
Hi, %s # Hi, %s
您的用户名 %s # 您的用户名: %s
您的部门: %s # 您的部门: %s
您的角色 %s # 您的角色: %s
您的web登录密码 %s # 您的web登录密码 %s
您的ssh密钥文件密码 %s # 您的ssh密钥文件密码 %s
密钥下载地址 http://%s:%s/juser/down_key/?id=%s # 密钥下载地址: http://%s:%s/juser/down_key/?id=%s
说明 请登陆后再下载密钥 # 说明: 请登陆后再下载密钥
""" % (name, username, dept.name, '普通用户', # """ % (name, username, dept.name, '普通用户',
password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id) # password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False) # send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email) # msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email)
#
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) # return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_role(role='super') @require_role(role='super')

19
templates/juser/user_add.html
View File

@ -93,13 +93,20 @@
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group"><label class="col-sm-2 control-label">是否启用</label> <div class="form-group"><label class="col-sm-2 control-label">额外</label>
<div class="col-sm-8"> <div class="col-sm-2">
<div class="radio i-checks"> <div class="checkbox i-checks">
<label><input type="radio" value="1" name="is_active" checked></label> <label><input type="checkbox" value="0" name="extra" checked></label>
</div> </div>
<div class="radio i-checks"> </div>
<label><input type="radio" value="0" name="is_active">禁用 </label> <div class="col-sm-2">
<div class="checkbox i-checks">
<label><input type="checkbox" value="1" name="extra">ssh key登录 </label>
</div>
</div>
<div class="col-sm-2">
<div class="checkbox i-checks">
<label><input type="checkbox" value="1" name="extra">发送邮件 </label>
</div> </div>
</div> </div>
</div> </div>