github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

去掉runas

pull/26/head
ibuler 2015-11-29 16:56:39 +08:00
parent 49fbae4fad
commit 52c4395b68
6 changed files with 8 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jperm/models.py
View File

@ -22,7 +22,6 @@ class SysUser(models.Model):
class PermSudo(models.Model): class PermSudo(models.Model):
name = models.CharField(max_length=100, unique=True) name = models.CharField(max_length=100, unique=True)
date_added = models.DateTimeField(auto_now=True) date_added = models.DateTimeField(auto_now=True)
runas = models.CharField(max_length=200, default='root')
commands = models.TextField() commands = models.TextField()
comment = models.CharField(max_length=100, null=True, blank=True, default='') comment = models.CharField(max_length=100, null=True, blank=True, default='')

9
jperm/views.py
View File

@ -466,12 +466,12 @@ def perm_role_push(request):
ret_failed["step2-2"] = "failed" ret_failed["step2-2"] = "failed"
# 3. 推送sudo配置文件 # 3. 推送sudo配置文件
role_chosen_aliase = {} # {'dev': [sudo1, sudo2], 'sa': [sudo2, sudo3]} role_chosen_aliase = {} # {'dev': 'NETWORKING, SHUTDOWN', 'sa': 'NETWORKING, SHUTDOWN'}
sudo_alias = set() # set(sudo1, sudo2, sudo3) sudo_alias = set() # set(sudo1, sudo2, sudo3)
for role in roles_obj: for role in roles_obj:
sudos = set([sudo for sudo in role.sudo.all()]) sudos = set([sudo for sudo in role.sudo.all()])
sudo_alias.update(sudos) sudo_alias.update(sudos)
role_chosen_aliase[role.name] = sudos role_chosen_aliase[role.name] = ','.join(sudo.name for sudo in sudos)
add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias) add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias)
ret_sudo = task.push_sudo_file(add_sudo_script) ret_sudo = task.push_sudo_file(add_sudo_script)
@ -533,14 +533,13 @@ def perm_sudo_add(request):
if request.method == "POST": if request.method == "POST":
# 获取参数: name, comment # 获取参数: name, comment
name = request.POST.get("sudo_name").strip() name = request.POST.get("sudo_name").strip()
runas = request.POST.get('sudo_runas', 'root').strip()
comment = request.POST.get("sudo_comment").strip() comment = request.POST.get("sudo_comment").strip()
commands = request.POST.get("sudo_commands").strip() commands = request.POST.get("sudo_commands").strip()
if get_object(PermSudo, name=name): if get_object(PermSudo, name=name):
error = 'Sudo别名 %s已经存在' % name error = 'Sudo别名 %s已经存在' % name
else: else:
sudo = PermSudo(name=name.strip(), runas=runas, comment=comment, commands=commands.strip()) sudo = PermSudo(name=name.strip(), comment=comment, commands=commands.strip())
sudo.save() sudo.save()
msg = u"添加Sudo命令别名: %s" % name msg = u"添加Sudo命令别名: %s" % name
# 渲染数据 # 渲染数据
@ -564,11 +563,9 @@ def perm_sudo_edit(request):
if request.method == "POST": if request.method == "POST":
name = request.POST.get("sudo_name") name = request.POST.get("sudo_name")
commands = request.POST.get("sudo_commands") commands = request.POST.get("sudo_commands")
runas = request.POST.get('sudo_runas', 'root')
comment = request.POST.get("sudo_comment") comment = request.POST.get("sudo_comment")
sudo.name = name.strip() sudo.name = name.strip()
sudo.commands = commands.strip() sudo.commands = commands.strip()
sudo.runas = runas.strip()
sudo.comment = comment sudo.comment = comment
sudo.save() sudo.save()

2
jumpserver.conf
View File

@ -9,7 +9,7 @@ log = debug
host = 127.0.0.1 host = 127.0.0.1
port = 3306 port = 3306
user = jumpserver user = jumpserver
password = mysql1234 password = mysql234
database = jumpserver database = jumpserver
[websocket] [websocket]

7
templates/jperm/perm_sudo_add.html
View File

@ -35,13 +35,6 @@
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group">
<label for="sudo_runas" class="col-sm-2 control-label">RunAs<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="sudo_runas" name="sudo_runas" placeholder="Sudo RunAs User" type="text" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="sudo_commands" class="col-sm-2 control-label">系统命令<span class="red-fonts">*</span></label> <label for="sudo_commands" class="col-sm-2 control-label">系统命令<span class="red-fonts">*</span></label>
<div class="col-sm-8"> <div class="col-sm-8">

7
templates/jperm/perm_sudo_edit.html
View File

@ -40,13 +40,6 @@
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group">
<label for="sudo_runas" class="col-sm-2 control-label">RunAs<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="sudo_runas" name="sudo_runas" placeholder="Sudo RunAs User" type="text" class="form-control" value="{{ sudo.runas }}">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="sudo_commands_label" class="col-sm-2 control-label">系统命令<span class="red-fonts">*</span></label> <label for="sudo_commands_label" class="col-sm-2 control-label">系统命令<span class="red-fonts">*</span></label>
<div class="col-sm-8"> <div class="col-sm-8">

10
templates/jperm/role_sudo.j2
View File

@ -17,15 +17,13 @@ add_cmd_alias() {
add_role_chosen() { add_role_chosen() {
{% for role, sudos in role_chosen_aliase.items %} {% for role, alias in role_chosen_aliase.items %}
{% for sudo in sudos %} if $(grep '^{{ role }}.*' ${sudo_file} &> /dev/null); then
if $(grep '^{{ role }}.*sudo.name' ${sudo_file} &> /dev/null); then sed -i 's@^{{ role }}.*@{{ role }} ALL = NOPASSWD: {{ alias }}@g' ${sudo_file}
sed -i 's@^{{ role }}.*sudo.name@{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}@g' ${sudo_file}
else else
echo "{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}" >> ${sudo_file} echo "{{ role }} ALL = NOPASSWD: {{ alias }}" >> ${sudo_file}
fi fi
{% endfor %} {% endfor %}
{% endfor %}
} }