github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

sudo授权

pull/6/head
guanghongwei 2015-02-10 18:53:01 +08:00
parent 8a5e494cfe
commit 50208c0088
7 changed files with 207 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
docs/AddUserAsset.py Normal file
View File

@ -0,0 +1,47 @@
#coding:utf-8
import django
import os
import sys
sys.path.append('../')
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
django.setup()
from juser.views import db_add_user, md5_crypt, CRYPTOR
from jasset.models import Asset, IDC
from jasset.views import jasset_group_add
def test_add_user():
for i in range(1, 500):
username = "test" + str(i)
db_add_user(username=username,
password=md5_crypt(username),
name=username, email='%s@jumpserver.org' % username,
groups=[1,3], role='CU',
ssh_pwd=CRYPTOR.encrypt(username),
ssh_key_pwd=CRYPTOR.encrypt(username),
ldap_pwd=CRYPTOR.encrypt(username),
is_active=True,
date_joined=0)
print "Add: %s" % username
def test_add_asset():
test_idc = IDC.objects.get(id=1)
for i in range(1, 500):
ip = '192.168.1.' + str(i)
Asset.objects.create(ip=ip, port=22, login_type='L', idc=test_idc, is_active=True, comment='test')
print "Add: %s" % ip
if __name__ == '__main__':
args = sys.argv
if args[1] == 'user':
test_add_user()
if args[1] == 'asset':
test_add_asset()

30
jperm/views.py
View File

@ -163,7 +163,7 @@ def user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_group
return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list
def sudo_db_add(name, user_runas , user_groups_select, asset_groups_select, cmd_groups_select, comment): def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
@ -190,7 +190,8 @@ def unicode2str(unicode_list):
return [str(i) for i in unicode_list] return [str(i) for i in unicode_list]
def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=False): def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
cmd_groups_select, update=False, old_name=''):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
@ -198,18 +199,26 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm
assets = [] assets = []
cmds = [] cmds = []
users_runas = users_runas.split(',') users_runas = users_runas.split(',')
asset_all = False
for user_group in user_groups_select_list: for user_group in user_groups_select_list:
users.extend(user_group.user_set.all()) users.extend(user_group.user_set.all())
for asset_group in asset_groups_select_list: for asset_group in asset_groups_select_list:
assets.extend(asset_group.asset_set.all()) if u'ALL' in asset_group.name:
asset_all = True
break
else:
assets.extend(asset_group.asset_set.all())
for cmd_group in cmd_groups_select_list: for cmd_group in cmd_groups_select_list:
cmds.extend(cmd_group.cmd.split(',')) cmds.extend(cmd_group.cmd.split(','))
users_name = [user.username for user in users] users_name = [user.username for user in users]
assets_ip = [asset.ip for asset in assets] if asset_all:
assets_ip = ['ALL']
else:
assets_ip = [asset.ip for asset in assets]
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'], sudo_attr = {'objectClass': ['top', 'sudoRole'],
@ -221,13 +230,14 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm
'sudoUser': unicode2str(users_name)} 'sudoUser': unicode2str(users_name)}
if update: if update:
ldap_conn.delete(sudo_dn) old_sudo_dn = 'cn=%s,ou=Sudoers,%s' % (old_name, LDAP_BASE_DN)
ldap_conn.delete(old_sudo_dn)
ldap_conn.add(sudo_dn, sudo_attr) ldap_conn.add(sudo_dn, sudo_attr)
def sudo_add(request): def sudo_add(request):
header_title, path1, path2 = u'Sudo鎺堟潈 | Perm Sudo Add.', u'jperm', u'sudo_add' header_title, path1, path2 = u'Sudo鎺堟潈 | Perm Sudo Add.', u'鏉冮檺绠$悊', u'娣诲姞Sudo鏉冮檺'
user_groups = UserGroup.objects.filter(Q(type='A') | Q(type='P')).order_by('type') user_groups = UserGroup.objects.filter(Q(type='A') | Q(type='P')).order_by('type')
asset_groups = BisGroup.objects.all().order_by('type') asset_groups = BisGroup.objects.all().order_by('type')
cmd_groups = CmdGroup.objects.all() cmd_groups = CmdGroup.objects.all()
@ -300,9 +310,12 @@ def sudo_edit(request):
cmd_groups_select = request.POST.getlist('cmd_groups_select') cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '') comment = request.POST.get('comment', '')
sudo_perm = SudoPerm.objects.get(id=sudo_perm_id)
old_name = sudo_perm.name
sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select, sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select,
asset_groups_select, cmd_groups_select, comment) asset_groups_select, cmd_groups_select, comment)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=True) sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
cmd_groups_select, update=True, old_name=str(old_name))
msg = '淇敼鎴愬姛' msg = '淇敼鎴愬姛'
return HttpResponseRedirect('/jperm/sudo_list/') return HttpResponseRedirect('/jperm/sudo_list/')
@ -311,6 +324,7 @@ def sudo_edit(request):
def sudo_detail(request): def sudo_detail(request):
header_title, path1, path2 = u'Sudo鎺堟潈璇︽儏 | Perm Sudo Detail.', u'鎺堟潈绠$悊', u'鎺堟潈璇︽儏'
sudo_perm_id = request.GET.get('id') sudo_perm_id = request.GET.get('id')
sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id)
if sudo_perm: if sudo_perm:
@ -328,7 +342,7 @@ def sudo_detail(request):
for asset_group in asset_groups: for asset_group in asset_groups:
assets_list.extend(asset_group.asset_set.all()) assets_list.extend(asset_group.asset_set.all())
for cmd_group in cmd_groups: for cmd_group in cmd_groups:
cmds_list.extend(cmd_group.cmd.split(',')) cmds_list.append({cmd_group.name: cmd_group.cmd.split(',')})
return render_to_response('jperm/sudo_detail.html', locals()) return render_to_response('jperm/sudo_detail.html', locals())

2
juser/views.py
View File

@ -328,7 +328,7 @@ def group_edit(request):
def user_list(request): def user_list(request):
user_role = {'SU': u'瓒呯骇绠$悊鍛', 'GA': u'缁勭鐞嗗憳', 'CU': u'鏅氱敤鎴'} user_role = {'SU': u'瓒呯骇绠$悊鍛', 'GA': u'缁勭鐞嗗憳', 'CU': u'鏅氱敤鎴'}
header_title, path1, path2 = '鏌ョ湅鐢ㄦ埛 | Show User', 'juser', 'user_list' header_title, path1, path2 = '鏌ョ湅鐢ㄦ埛 | Show User', '鐢ㄦ埛绠$悊', '鐢ㄦ埛鍒楄〃'
users = contact_list = User.objects.all().order_by('id') users = contact_list = User.objects.all().order_by('id')
p = paginator = Paginator(contact_list, 10) p = paginator = Paginator(contact_list, 10)

122
templates/jperm/sudo_detail.html
View File

@ -5,10 +5,10 @@
{% include 'nav_cat_bar.html' %} {% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight"> <div class="wrapper wrapper-content animated fadeInRight">
<div class="row"> <div class="row">
<div class="col-lg-10"> <div class="col-lg-6">
<div class="ibox float-e-margins"> <div class="ibox float-e-margins">
<div class="ibox-title"> <div class="ibox-title">
<h5>璇︽儏 {{ user.name }} <small> Add perm info.</small></h5> <h5>鎺堟潈鐢ㄦ埛 <small> User.</small></h5>
<div class="ibox-tools"> <div class="ibox-tools">
<a class="collapse-link"> <a class="collapse-link">
<i class="fa fa-chevron-up"></i> <i class="fa fa-chevron-up"></i>
@ -28,10 +28,126 @@
</div> </div>
</div> </div>
<div class="ibox-content"> <div class="ibox-content">
{{ }} <table class="table">
<thead>
<tr>
<th>鐢ㄦ埛鍚</th>
<th>濮撳悕</th>
<th>閮ㄩ棬</th>
<th>灞炵粍</th>
</tr>
</thead>
<tbody>
{% for user in users_list %}
<tr>
<td>{{ user.username }}</td>
<td>{{ user.name }}</td>
<td>{{ user.username|group_manage_str }}</td>
<td>{{ user.username|groups_str }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div> </div>
</div> </div>
</div> </div>
<div class="col-lg-6">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5>鎺堟潈涓绘満 <small> Asset.</small></h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#">鏈惎鐢 1</a>
</li>
<li><a href="#">鏈惎鐢 2</a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<table class="table">
<thead>
<tr>
<th>IP</th>
<th>IDC</th>
<th>涓绘満缁</th>
</tr>
</thead>
<tbody>
{% for asset in assets_list %}
<tr>
<td>{{ asset.ip }}</td>
<td>{{ asset.idc.name }}</td>
<td>
{% for group in asset.bis_group.all|filter_private %}
{{ group }}
{% endfor %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
<div class="col-lg-6">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5>鎺堟潈鍛戒护 <small> Command.</small></h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#">鏈惎鐢 1</a>
</li>
<li><a href="#">鏈惎鐢 2</a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<table class="table">
<thead>
<tr>
<th>鍛戒护</th>
<th>鍛戒护缁</th>
</tr>
</thead>
<tbody>
{% for cmd_group in cmds_list %}
{% for cmd_group_name, cmds in cmd_group.items %}
{% for cmd in cmds %}
<tr>
<td>{{ cmd }}</td>
<td>{{ cmd_group_name }}</td>
</tr>
{% endfor %}
{% endfor %}
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div> </div>
</div> </div>

2
templates/jperm/sudo_edit.html
View File

@ -41,7 +41,7 @@
<label for="name" class="col-sm-2 control-label">鎺堟潈鍚</label> <label for="name" class="col-sm-2 control-label">鎺堟潈鍚</label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="name" name="name" placeholder="OnlyForEnglish" type="text" class="form-control" value="{{ name }}"> <input id="name" name="name" placeholder="OnlyForEnglish" type="text" class="form-control" value="{{ name }}">
<input id="sudo_perm_id" name="sudo_perm_id" type="text" class="form-control" value="{{ sudo_perm_id }}"> <input id="sudo_perm_id" name="sudo_perm_id" type="text" class="form-control" value="{{ sudo_perm_id }}" style="display: none">
<span class="help-block m-b-none">鍙栦釜鍚嶅瓧鏂逛究杈ㄨ瘑锛屽彧鏀寔鑻辨枃</span> <span class="help-block m-b-none">鍙栦釜鍚嶅瓧鏂逛究杈ㄨ瘑锛屽彧鏀寔鑻辨枃</span>
</div> </div>
</div> </div>

32
templates/jperm/sudo_list.html
View File

@ -31,26 +31,26 @@
<div class="ibox-content"> <div class="ibox-content">
<div class="" style="margin-left: 15px;"> <div class="" style="margin-left: 15px;">
<a target="_blank" href="/jperm/cmd_add/" class="btn btn-sm btn-primary "> 娣诲姞鍛戒护缁 </a> <a target="_blank" href="/jperm/cmd_add/" class="btn btn-sm btn-primary "> 娣诲姞鍛戒护缁 </a>
<a target="_blank" href="/jperm/cmd_list/" class="btn btn-sm btn-primary "> 鏌ョ湅鍛戒护缁 </a> <a target="_blank" href="/jperm/cmd_list/" class="btn btn-sm btn-warning "> 鏌ョ湅鍛戒护缁 </a>
</div> </div>
<div class="panel blank-panel"> <div class="panel blank-panel">
<div class="panel-heading"> <div class="panel-heading">
<div class="panel-options"> <div class="panel-options">
<ul class="nav nav-tabs"> <ul class="nav nav-tabs">
<li id="tab1" class="active"><a data-toggle="tab" href="#tab-1">娣诲姞鎺堟潈</a></li> <li id="tab1" class="active"><a data-toggle="tab" href="#tab-1">鏌ョ湅鎺堟潈</a></li>
<li id="tab2" class=""><a data-toggle="tab" href="#tab-2">鏌ョ湅鎺堟潈</a></li> {# <li id="tab2" class=""><a data-toggle="tab" href="#tab-2">鐢ㄦ埛鎺堟潈璇︽儏</a></li>#}
<li style="float: right"> <li style="float: right">
<form method="get" action="" class="pull-right mail-search"> {# <form method="get" action="" class="pull-right mail-search">#}
<div class="input-group"> {# <div class="input-group">#}
<input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search"> {# <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">#}
<div class="input-group-btn"> {# <div class="input-group-btn">#}
<button id='search_btn' type="button" class="btn btn-sm btn-primary"> {# <button id='search_btn' type="button" class="btn btn-sm btn-primary">#}
Search {# Search#}
</button> {# </button>#}
</div> {# </div>#}
</div> {# </div>#}
</form> {# </form>#}
</li> </li>
</ul> </ul>
</div> </div>
@ -64,11 +64,11 @@
<thead> <thead>
<tr> <tr>
<th class="text-center">鎺堟潈鍚</th> <th class="text-center">鎺堟潈鍚</th>
<th class="text-center">user_runas</th> <th class="text-center">UserRunAs</th>
<th class="text-center">鐢ㄦ埛缁</th> <th class="text-center">鐢ㄦ埛缁</th>
<th class="text-center">涓绘満缁</th> <th class="text-center">涓绘満缁</th>
<th class="text-center">鍛戒护缁</th> <th class="text-center">鍛戒护缁</th>
<th class="text-center">澶囨敞</th> <th class="text-center">鎿嶄綔</th>
</tr> </tr>
</thead> </thead>
<tbody id="perm_list"> <tbody id="perm_list">
@ -94,7 +94,7 @@
{% endfor %} {% endfor %}
</td> </td>
<td class="text-center"> <td class="text-center">
<a title="[ {{ sudo_perm.name }} 鎺堟潈璇︽儏 ]" href="../sudo_detail/?id={{ sudo_perm.id }}" class="iframe btn btn-xs btn-primary">璇︽儏</a> <a title="[ {{ sudo_perm.name }} 鎺堟潈璇︽儏 ]" href="../sudo_detail/?id={{ sudo_perm.id }}" class="btn btn-xs btn-primary">璇︽儏</a>
<a href="../sudo_edit/?id={{ sudo_perm.id }}" class="btn btn-xs btn-info">缂栬緫</a> <a href="../sudo_edit/?id={{ sudo_perm.id }}" class="btn btn-xs btn-info">缂栬緫</a>
<a href="../sudo_del/?id={{ sudo_perm.id }}" class="btn btn-xs btn-danger">鍒犻櫎</a> <a href="../sudo_del/?id={{ sudo_perm.id }}" class="btn btn-xs btn-danger">鍒犻櫎</a>
</td> </td>

2
templates/nav_li_profile.html
View File

@ -14,7 +14,7 @@
</ul> </ul>
</div> </div>
<div class="logo-element"> <div class="logo-element">
JumpServer JS+
</div> </div>
</li> </li>