mirror of https://github.com/jumpserver/jumpserver
干掉ldap前
parent
1e170714c0
commit
44c69ded78
|
@ -29,8 +29,8 @@ web_socket_host = 192.168.40.140:3000
|
||||||
|
|
||||||
[mail]
|
[mail]
|
||||||
mail_enable = 1
|
mail_enable = 1
|
||||||
email_host = smtp.qq.com
|
email_host = smtp.exmail.qq.com
|
||||||
email_port = 25
|
email_port = 25
|
||||||
email_host_user = xxxxxxxxxx@qq.com
|
email_host_user = noreply@jumpserver.org
|
||||||
email_host_password = xxxxxxxxx
|
email_host_password = jumpserver1234
|
||||||
email_use_tls = False
|
email_use_tls = False
|
||||||
|
|
|
@ -11,8 +11,8 @@ urlpatterns = patterns('juser.views',
|
||||||
(r'^group_list/$', group_list),
|
(r'^group_list/$', group_list),
|
||||||
(r'^group_del/$', group_del),
|
(r'^group_del/$', group_del),
|
||||||
(r'^group_del_ajax', group_del_ajax),
|
(r'^group_del_ajax', group_del_ajax),
|
||||||
(r'^group_edit/$',group_edit),
|
(r'^group_edit/$', group_edit),
|
||||||
(r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}),
|
(r'^user_add/$', user_add),
|
||||||
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
|
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
|
||||||
(r'^user_detail/$', 'user_detail'),
|
(r'^user_detail/$', 'user_detail'),
|
||||||
(r'^user_del/$', 'user_del'),
|
(r'^user_del/$', 'user_del'),
|
||||||
|
|
|
@ -111,8 +111,9 @@ def db_del_user(username):
|
||||||
def gen_ssh_key(username, password=None, length=2048):
|
def gen_ssh_key(username, password=None, length=2048):
|
||||||
"""
|
"""
|
||||||
generate a user ssh key in a property dir
|
generate a user ssh key in a property dir
|
||||||
生成一个用户密钥
|
生成一个用户ssh密钥对
|
||||||
"""
|
"""
|
||||||
|
print "gen_ssh_key" + str(time.time())
|
||||||
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
|
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
|
||||||
private_key_file = os.path.join(private_key_dir, username+".pem")
|
private_key_file = os.path.join(private_key_dir, username+".pem")
|
||||||
public_key_dir = '/home/%s/.ssh/' % username
|
public_key_dir = '/home/%s/.ssh/' % username
|
||||||
|
@ -124,12 +125,13 @@ def gen_ssh_key(username, password=None, length=2048):
|
||||||
with open(private_key_file, 'w') as pri_f:
|
with open(private_key_file, 'w') as pri_f:
|
||||||
pri_f.write(key.exportKey('PEM', password))
|
pri_f.write(key.exportKey('PEM', password))
|
||||||
os.chmod(private_key_file, 0600)
|
os.chmod(private_key_file, 0600)
|
||||||
|
print "gen_ssh_pub_key" + str(time.time())
|
||||||
pub_key = key.publickey()
|
pub_key = key.publickey()
|
||||||
with open(public_key_file, 'w') as pub_f:
|
with open(public_key_file, 'w') as pub_f:
|
||||||
pub_f.write(pub_key.exportKey('OpenSSH'))
|
pub_f.write(pub_key.exportKey('OpenSSH'))
|
||||||
os.chmod(public_key_file, 0600)
|
os.chmod(public_key_file, 0600)
|
||||||
bash('chown %s:%s %s' % (username, username, public_key_file))
|
bash('chown %s:%s %s' % (username, username, public_key_file))
|
||||||
|
print "gen_ssh_key_end" + str(time.time())
|
||||||
|
|
||||||
|
|
||||||
def server_add_user(username, password, ssh_key_pwd):
|
def server_add_user(username, password, ssh_key_pwd):
|
||||||
|
@ -146,7 +148,6 @@ def user_add_mail(user, kwargs):
|
||||||
add user send mail
|
add user send mail
|
||||||
发送用户添加邮件
|
发送用户添加邮件
|
||||||
"""
|
"""
|
||||||
print kwargs
|
|
||||||
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
|
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
|
||||||
mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name
|
mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name
|
||||||
mail_msg = u"""
|
mail_msg = u"""
|
||||||
|
@ -177,7 +178,7 @@ def ldap_add_user(username, ldap_pwd):
|
||||||
"""
|
"""
|
||||||
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
|
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
|
||||||
password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd)
|
password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd)
|
||||||
user = get_object(UserGroup, username=username)
|
user = get_object(User, username=username)
|
||||||
if not user:
|
if not user:
|
||||||
raise ServerError(u'用户 %s 不存在' % username)
|
raise ServerError(u'用户 %s 不存在' % username)
|
||||||
|
|
||||||
|
|
148
juser/views.py
148
juser/views.py
|
@ -232,12 +232,12 @@ def user_add(request):
|
||||||
password = PyCrypt.random_pass(16)
|
password = PyCrypt.random_pass(16)
|
||||||
name = request.POST.get('name', '')
|
name = request.POST.get('name', '')
|
||||||
email = request.POST.get('email', '')
|
email = request.POST.get('email', '')
|
||||||
dept_id = request.POST.get('dept_id')
|
|
||||||
groups = request.POST.getlist('groups', [])
|
groups = request.POST.getlist('groups', [])
|
||||||
admin_groups = request.POST.getlist('admin_groups', [])
|
admin_groups = request.POST.getlist('admin_groups', [])
|
||||||
role = request.POST.get('role', 'CU')
|
role = request.POST.get('role', 'CU')
|
||||||
ssh_key_pwd = PyCrypt.random_pass(16)
|
ssh_key_pwd = PyCrypt.random_pass(16)
|
||||||
is_active = True if request.POST.get('is_active', '1') == '1' else False
|
extra = request.POST.getlist('extra', [])
|
||||||
|
is_active = True if '0' in extra else False
|
||||||
ldap_pwd = PyCrypt.random_pass(32, especial=True)
|
ldap_pwd = PyCrypt.random_pass(32, especial=True)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -261,12 +261,10 @@ def user_add(request):
|
||||||
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
|
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
|
||||||
is_active=is_active,
|
is_active=is_active,
|
||||||
date_joined=datetime.datetime.now())
|
date_joined=datetime.datetime.now())
|
||||||
|
|
||||||
server_add_user(username, password, ssh_key_pwd)
|
|
||||||
if LDAP_ENABLE:
|
if LDAP_ENABLE:
|
||||||
ldap_add_user(username, ldap_pwd)
|
ldap_add_user(username, ldap_pwd)
|
||||||
|
|
||||||
except Exception, e:
|
except IndexError, e:
|
||||||
error = u'添加用户 %s 失败 %s ' % (username, e)
|
error = u'添加用户 %s 失败 %s ' % (username, e)
|
||||||
try:
|
try:
|
||||||
db_del_user(username)
|
db_del_user(username)
|
||||||
|
@ -282,76 +280,76 @@ def user_add(request):
|
||||||
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
|
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
|
||||||
|
|
||||||
|
|
||||||
@require_role(role='admin')
|
# @require_role(role='admin')
|
||||||
def user_add_adm(request):
|
# def user_add_adm(request):
|
||||||
error = ''
|
# error = ''
|
||||||
msg = ''
|
# msg = ''
|
||||||
header_title, path1, path2 = '添加用户', '用户管理', '添加用户'
|
# header_title, path1, path2 = '添加用户', '用户管理', '添加用户'
|
||||||
user, dept = get_session_user_dept(request)
|
# user, dept = get_session_user_dept(request)
|
||||||
group_all = dept.usergroup_set.all()
|
# group_all = dept.usergroup_set.all()
|
||||||
|
#
|
||||||
if request.method == 'POST':
|
# if request.method == 'POST':
|
||||||
username = request.POST.get('username', '')
|
# username = request.POST.get('username', '')
|
||||||
password = PyCrypt.gen_rand_pwd(16)
|
# password = PyCrypt.gen_rand_pwd(16)
|
||||||
name = request.POST.get('name', '')
|
# name = request.POST.get('name', '')
|
||||||
email = request.POST.get('email', '')
|
# email = request.POST.get('email', '')
|
||||||
groups = request.POST.getlist('groups', [])
|
# groups = request.POST.getlist('groups', [])
|
||||||
ssh_key_pwd = PyCrypt.gen_rand_pwd(16)
|
# ssh_key_pwd = PyCrypt.gen_rand_pwd(16)
|
||||||
is_active = True if request.POST.get('is_active', '1') == '1' else False
|
# is_active = True if request.POST.get('is_active', '1') == '1' else False
|
||||||
ldap_pwd = PyCrypt.gen_rand_pwd(16)
|
# ldap_pwd = PyCrypt.gen_rand_pwd(16)
|
||||||
|
#
|
||||||
try:
|
# try:
|
||||||
if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
|
# if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
|
||||||
error = u'带*内容不能为空'
|
# error = u'带*内容不能为空'
|
||||||
raise ServerError
|
# raise ServerError
|
||||||
user = User.objects.filter(username=username)
|
# user = User.objects.filter(username=username)
|
||||||
if user:
|
# if user:
|
||||||
error = u'用户 %s 已存在' % username
|
# error = u'用户 %s 已存在' % username
|
||||||
raise ServerError
|
# raise ServerError
|
||||||
|
#
|
||||||
except ServerError:
|
# except ServerError:
|
||||||
pass
|
# pass
|
||||||
else:
|
# else:
|
||||||
try:
|
# try:
|
||||||
user = db_add_user(username=username,
|
# user = db_add_user(username=username,
|
||||||
password=CRYPTOR.md5_crypt(password),
|
# password=CRYPTOR.md5_crypt(password),
|
||||||
name=name, email=email, dept=dept,
|
# name=name, email=email, dept=dept,
|
||||||
groups=groups, role='CU',
|
# groups=groups, role='CU',
|
||||||
ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
|
# ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
|
||||||
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
|
# ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
|
||||||
is_active=is_active,
|
# is_active=is_active,
|
||||||
date_joined=datetime.datetime.now())
|
# date_joined=datetime.datetime.now())
|
||||||
|
#
|
||||||
server_add_user(username, password, ssh_key_pwd)
|
# server_add_user(username, password, ssh_key_pwd)
|
||||||
if LDAP_ENABLE:
|
# if LDAP_ENABLE:
|
||||||
ldap_add_user(username, ldap_pwd)
|
# ldap_add_user(username, ldap_pwd)
|
||||||
|
#
|
||||||
except Exception, e:
|
# except Exception, e:
|
||||||
error = u'添加用户 %s 失败 %s ' % (username, e)
|
# error = u'添加用户 %s 失败 %s ' % (username, e)
|
||||||
try:
|
# try:
|
||||||
db_del_user(username)
|
# db_del_user(username)
|
||||||
server_del_user(username)
|
# server_del_user(username)
|
||||||
if LDAP_ENABLE:
|
# if LDAP_ENABLE:
|
||||||
ldap_del_user(username)
|
# ldap_del_user(username)
|
||||||
except Exception:
|
# except Exception:
|
||||||
pass
|
# pass
|
||||||
else:
|
# else:
|
||||||
mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
|
# mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
|
||||||
mail_msg = """
|
# mail_msg = """
|
||||||
Hi, %s
|
# Hi, %s
|
||||||
您的用户名: %s
|
# 您的用户名: %s
|
||||||
您的部门: %s
|
# 您的部门: %s
|
||||||
您的角色: %s
|
# 您的角色: %s
|
||||||
您的web登录密码: %s
|
# 您的web登录密码: %s
|
||||||
您的ssh密钥文件密码: %s
|
# 您的ssh密钥文件密码: %s
|
||||||
密钥下载地址: http://%s:%s/juser/down_key/?id=%s
|
# 密钥下载地址: http://%s:%s/juser/down_key/?id=%s
|
||||||
说明: 请登陆后再下载密钥!
|
# 说明: 请登陆后再下载密钥!
|
||||||
""" % (name, username, dept.name, '普通用户',
|
# """ % (name, username, dept.name, '普通用户',
|
||||||
password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
|
# password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
|
||||||
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
|
# send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
|
||||||
msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email)
|
# msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email)
|
||||||
|
#
|
||||||
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
|
# return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
|
||||||
|
|
||||||
|
|
||||||
@require_role(role='super')
|
@require_role(role='super')
|
||||||
|
|
|
@ -93,13 +93,20 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="hr-line-dashed"></div>
|
<div class="hr-line-dashed"></div>
|
||||||
<div class="form-group"><label class="col-sm-2 control-label">是否启用</label>
|
<div class="form-group"><label class="col-sm-2 control-label">额外</label>
|
||||||
<div class="col-sm-8">
|
<div class="col-sm-2">
|
||||||
<div class="radio i-checks">
|
<div class="checkbox i-checks">
|
||||||
<label><input type="radio" value="1" name="is_active" checked>启用 </label>
|
<label><input type="checkbox" value="0" name="extra" checked>禁用 </label>
|
||||||
</div>
|
</div>
|
||||||
<div class="radio i-checks">
|
</div>
|
||||||
<label><input type="radio" value="0" name="is_active">禁用 </label>
|
<div class="col-sm-2">
|
||||||
|
<div class="checkbox i-checks">
|
||||||
|
<label><input type="checkbox" value="1" name="extra">ssh key登录 </label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="col-sm-2">
|
||||||
|
<div class="checkbox i-checks">
|
||||||
|
<label><input type="checkbox" value="1" name="extra">发送邮件 </label>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in New Issue