github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

lots

pull/26/head
liuzheng712 2015-10-04 00:53:01 +08:00
parent 11b3cee346
commit 5a5928483f
10 changed files with 90 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
docs/initial_data.yaml
View File

@ -1,10 +1,28 @@
- model: IDC.person
- model: juser.user
pk: 5000
fields:
username: admin
name: admin
password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc=
email: admin@jumpserver.org
role: SU
is_active: 1
- model: juser.user
pk: 5001
fields:
username: group_admin
name: group_admin
password: pbkdf2_sha256$20000$ttObUWd15q10$NJoyZf2OZz9oiw2g4j2TkTh9zGgyVDRFdUkhn8X0nB0=
email: group_admin@jumpserver.org
role: DA
is_active: 1
- model: juser.usergroup
pk: 1
fields:
first_name: John
last_name: Lennon
- model: myapp.person
name: ALL
comment: ALL
- model: juser.usergroup
pk: 2
fields:
first_name: Paul
last_name: McCartney
name: 默认
comment: 默认

2
jasset/models.py
View File

@ -65,7 +65,7 @@ class Asset(models.Model):
username = models.CharField(max_length=20, blank=True, null=True)
password = models.CharField(max_length=80, blank=True, null=True)
use_default_auth = models.BooleanField(default=True)
date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True)
date_added = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
comment = models.CharField(max_length=100, blank=True, null=True)

7
jlog/views.py
View File

@ -6,10 +6,8 @@ from django.shortcuts import render_to_response
from jumpserver.api import *
from jasset.views import httperror
from django.http import HttpResponseNotFound
CONF = ConfigParser()
CONF.read('%s/jumpserver.conf' % BASE_DIR)
from models import Log
from jumpserver.settings import web_socket_host
def get_user_info(request, offset):
""" 获取用户信息及环境 """
@ -58,7 +56,6 @@ def log_list(request, offset):
""" 显示日志 """
header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户'
keyword = request.GET.get('keyword', '')
web_socket_host = CONF.get('websocket', 'web_socket_host')
posts = get_user_log(get_user_info(request, offset))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)

37
jumpserver/api.py
View File

@ -1,8 +1,6 @@
# coding: utf-8
import os, sys, time
from ConfigParser import ConfigParser
import getpass
from Crypto.Cipher import AES
import crypt
from binascii import b2a_hex, a2b_hex
@ -11,14 +9,15 @@ import datetime
import random
import subprocess
import paramiko
import struct, fcntl, signal,socket, select, fnmatch
import struct, fcntl, signal, socket, select, fnmatch
from settings import JLOG_FILE, KEY, URL, log_dir, log_level
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.http import HttpResponse, Http404
from django.template import RequestContext
from juser.models import User, UserGroup
from jasset.models import Asset, AssetGroup
from jlog.models import Log
# from jlog.models import Log
from jasset.models import AssetAlias
from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
from django.http import HttpResponseRedirect
@ -36,22 +35,6 @@ except ImportError:
sys.exit()
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
CONF = ConfigParser()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs')
JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('base', 'key')
LOGIN_NAME = getpass.getuser()
# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
URL = CONF.get('base', 'url')
MAIL_ENABLE = CONF.get('mail', 'mail_enable')
MAIL_FROM = CONF.get('mail', 'email_host_user')
log_dir = os.path.join(BASE_DIR, 'logs')
def set_log(level):
"""
return a log file object
@ -146,7 +129,7 @@ def page_list_return(total, current=1):
min_page = current - 2 if current - 4 > 0 else 1
max_page = min_page + 4 if min_page + 4 < total else total
return range(min_page, max_page+1)
return range(min_page, max_page + 1)
def pages(post_objects, request):
@ -186,6 +169,7 @@ class Jtty(object):
A virtual tty class
一个虚拟终端类实现连接ssh和记录日志
"""
def __init__(self, user, asset):
self.chan = None
self.username = user.username
@ -404,7 +388,7 @@ class PyCrypt(object):
symbol = '!@$%^&*()_'
salt_list = []
if especial:
for i in range(length-4):
for i in range(length - 4):
salt_list.append(random.choice(salt_key))
for i in range(4):
salt_list.append(random.choice(symbol))
@ -489,6 +473,7 @@ def require_role(role='user'):
decorator for require user role in ["super", "admin", "user"]
要求用户是某种角色 ["super", "admin", "user"]的装饰器
"""
def _deco(func):
def __deco(request, *args, **kwargs):
if role == 'user':
@ -501,7 +486,9 @@ def require_role(role='user'):
if request.session.get('role_id', 0) < 2:
return HttpResponseRedirect('/')
return func(request, *args, **kwargs)
return __deco
return _deco
@ -584,7 +571,7 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None,
if edept:
if dept.id != int(edept[0]):
return False
if user_group:
dept_user_groups = dept.usergroup_set.all()
user_group_ids = []
@ -710,6 +697,4 @@ CRYPTOR = PyCrypt(KEY)
# ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
# else:
# ldap_conn = None
log_level = CONF.get('base', 'log')
logger = set_log(log_level)
logger = set_log(log_level)

49
jumpserver/settings.py
View File

@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
import ConfigParser
import getpass
config = ConfigParser.ConfigParser()
@ -22,7 +23,7 @@ DB_PORT = config.getint('db', 'port')
DB_USER = config.get('db', 'user')
DB_PASSWORD = config.get('db', 'password')
DB_DATABASE = config.get('db', 'database')
AUTH_USER_MODEL = 'juser.CustomUser'
AUTH_USER_MODEL = 'juser.User'
# mail config
EMAIL_HOST = config.get('mail', 'email_host')
EMAIL_PORT = config.get('mail', 'email_port')
@ -30,6 +31,24 @@ EMAIL_HOST_USER = config.get('mail', 'email_host_user')
EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password')
EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls')
# ======== Log ==========
LOG = False
LOG_DIR = os.path.join(BASE_DIR, 'logs')
JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = config.get('base', 'key')
LOGIN_NAME = getpass.getuser()
# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
URL = config.get('base', 'url')
MAIL_ENABLE = config.get('mail', 'mail_enable')
MAIL_FROM = config.get('mail', 'email_host_user')
log_dir = os.path.join(BASE_DIR, 'logs')
log_level = config.get('base', 'log')
web_socket_host = config.get('websocket', 'web_socket_host')
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
@ -64,9 +83,9 @@ INSTALLED_APPS = (
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
#'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
# 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
@ -79,17 +98,23 @@ WSGI_APPLICATION = 'jumpserver.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
# DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.mysql',
# 'NAME': DB_DATABASE,
# 'USER': DB_USER,
# 'PASSWORD': DB_PASSWORD,
# 'HOST': DB_HOST,
# 'PORT': DB_PORT,
# }
# }
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': DB_DATABASE,
'USER': DB_USER,
'PASSWORD': DB_PASSWORD,
'HOST': DB_HOST,
'PORT': DB_PORT,
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
TEMPLATE_CONTEXT_PROCESSORS = (
'django.contrib.auth.context_processors.auth',
'django.core.context_processors.debug',
@ -105,7 +130,7 @@ TEMPLATE_DIRS = (
os.path.join(BASE_DIR, 'templates'),
)
#STATIC_ROOT = os.path.join(BASE_DIR, 'static')
# STATIC_ROOT = os.path.join(BASE_DIR, 'static')
STATICFILES_DIRS = (
os.path.join(BASE_DIR, "static"),
@ -128,5 +153,3 @@ USE_TZ = False
# https://docs.djangoproject.com/en/1.7/howto/static-files/
STATIC_URL = '/static/'

2
jumpserver/views.py
View File

@ -14,7 +14,7 @@ import paramiko
from jumpserver.api import *
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
from settings import BASE_DIR
def getDaysByNum(num):
today = datetime.date.today()

109
juser/models.py
View File

@ -21,7 +21,7 @@ class UserGroup(models.Model):
from django.contrib.auth.models import AbstractUser
class CustomUser(AbstractUser):
class User(AbstractUser):
USER_ROLE_CHOICES = (
('SU', 'SuperUser'),
('GA', 'GroupAdmin'),
@ -34,113 +34,6 @@ class CustomUser(AbstractUser):
ssh_key_pwd = models.CharField(max_length=200)
class User(models.Model):
USER_ROLE_CHOICES = (
('SU', 'SuperUser'),
('GA', 'GroupAdmin'),
('CU', 'CommonUser'),
)
username = models.CharField(max_length=80, unique=True)
password = models.CharField(max_length=100)
name = models.CharField(max_length=80)
email = models.EmailField(max_length=75)
role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU')
uuid = models.CharField(max_length=100)
group = models.ManyToManyField(UserGroup)
ssh_key_pwd = models.CharField(max_length=200)
is_active = models.BooleanField(default=True)
last_login = models.DateTimeField(null=True)
date_joined = models.DateTimeField(null=True)
def __unicode__(self):
return self.username
def get_asset_group(self):
"""
Get user host_groups.
获取用户有权限的主机组
"""
host_group_list = []
perm_list = []
user_group_all = self.group.all()
for user_group in user_group_all:
perm_list.extend(user_group.perm_set.all())
for perm in perm_list:
host_group_list.append(perm.asset_group)
return host_group_list
def get_asset_group_info(self, printable=False):
"""
Get or print asset group info
获取或打印用户授权资产组
"""
asset_groups_info = {}
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
if printable:
for group_id in asset_groups_info:
if asset_groups_info[group_id][1]:
print "[%3s] %s -- %s" % (group_id,
asset_groups_info[group_id][0],
asset_groups_info[group_id][1])
else:
print "[%3s] %s" % (group_id, asset_groups_info[group_id][0])
print ''
else:
return asset_groups_info
def get_asset(self):
"""
Get the assets of under the user control.
获取主机列表
"""
assets = []
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
assets.extend(asset_group.asset_set.all())
return assets
def get_asset_info(self, printable=False):
"""
Get or print the user asset info
获取或打印用户资产信息
"""
from jasset.models import AssetAlias
assets_info = {}
assets = self.get_asset()
for asset in assets:
asset_alias = AssetAlias.objects.filter(user=self, asset=asset)
if asset_alias and asset_alias[0].alias != '':
assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
else:
assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
if printable:
ips = assets_info.keys()
ips.sort()
for ip in ips:
if assets_info[ip][2]:
print '%-15s -- %s' % (ip, assets_info[ip][2])
else:
print '%-15s' % ip
print ''
else:
return assets_info
def update(self, **kwargs):
for key, value in kwargs.items():
self.__setattr__(key, value)
self.save()
class AdminGroup(models.Model):
"""
under the user control group

1
juser/user_api.py
View File

@ -59,6 +59,7 @@ def db_add_user(**kwargs):
admin_groups = kwargs.pop('admin_groups')
role = kwargs.get('role', 'CU')
user = User(**kwargs)
user.set_password(kwargs.get('password'))
user.save()
if groups_post:
group_select = []

20
juser/views.py
View File

@ -9,7 +9,7 @@ import uuid as uuid_r
from django.db.models import Q
from django.template import RequestContext
from django.db.models import ObjectDoesNotExist
from jumpserver.settings import MAIL_FROM, MAIL_ENABLE
from juser.user_api import *
@ -240,8 +240,8 @@ def user_add(request):
if '' in [username, password, ssh_key_pwd, name, role]:
error = u'带*内容不能为空'
raise ServerError
user_test = get_object(User, username=username)
if user_test:
check_user_is_exist = User.objects.filter(username=username)
if check_user_is_exist:
error = u'用户 %s 已存在' % username
raise ServerError
@ -250,10 +250,10 @@ def user_add(request):
else:
try:
user = db_add_user(username=username, name=name,
password=CRYPTOR.md5_crypt(password),
password=password,
email=email, role=role, uuid=uuid,
groups=groups, admin_groups=admin_groups,
ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
ssh_key_pwd=ssh_key_pwd,
is_active=is_active,
date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd, ssh_key_login_need)
@ -417,8 +417,14 @@ def user_detail(request):
@require_role(role='admin')
def user_del(request):
user_ids = request.GET.get('id', '')
user_id_list = user_ids.split(',')
if request.method == "GET":
user_ids = request.GET.get('id', '')
user_id_list = user_ids.split(',')
elif request.method == "POST":
user_ids = request.POST.get('id', '')
user_id_list = user_ids.split(',')
else:
return HttpResponse('错误请求')
for user_id in user_id_list:
User.objects.filter(id=user_id).delete()

0
manage.py Normal file → Executable file
View File