diff --git a/docs/initial_data.yaml b/docs/initial_data.yaml index 38a1cf887..665a7744a 100644 --- a/docs/initial_data.yaml +++ b/docs/initial_data.yaml @@ -1,10 +1,28 @@ -- model: IDC.person +- model: juser.user + pk: 5000 + fields: + username: admin + name: admin + password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc= + email: admin@jumpserver.org + role: SU + is_active: 1 +- model: juser.user + pk: 5001 + fields: + username: group_admin + name: group_admin + password: pbkdf2_sha256$20000$ttObUWd15q10$NJoyZf2OZz9oiw2g4j2TkTh9zGgyVDRFdUkhn8X0nB0= + email: group_admin@jumpserver.org + role: DA + is_active: 1 +- model: juser.usergroup pk: 1 fields: - first_name: John - last_name: Lennon -- model: myapp.person + name: ALL + comment: ALL +- model: juser.usergroup pk: 2 fields: - first_name: Paul - last_name: McCartney \ No newline at end of file + name: 默认 + comment: 默认 diff --git a/jasset/models.py b/jasset/models.py index 8f51f8989..0d11ba753 100644 --- a/jasset/models.py +++ b/jasset/models.py @@ -65,7 +65,7 @@ class Asset(models.Model): username = models.CharField(max_length=20, blank=True, null=True) password = models.CharField(max_length=80, blank=True, null=True) use_default_auth = models.BooleanField(default=True) - date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True) + date_added = models.DateTimeField(auto_now_add=True) is_active = models.BooleanField(default=True) comment = models.CharField(max_length=100, blank=True, null=True) diff --git a/jlog/views.py b/jlog/views.py index 0eb74f815..88d325eea 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -6,10 +6,8 @@ from django.shortcuts import render_to_response from jumpserver.api import * from jasset.views import httperror from django.http import HttpResponseNotFound - -CONF = ConfigParser() -CONF.read('%s/jumpserver.conf' % BASE_DIR) - +from models import Log +from jumpserver.settings import web_socket_host def get_user_info(request, offset): """ 获取用户信息及环境 """ @@ -58,7 +56,6 @@ def log_list(request, offset): """ 显示日志 """ header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户' keyword = request.GET.get('keyword', '') - web_socket_host = CONF.get('websocket', 'web_socket_host') posts = get_user_log(get_user_info(request, offset)) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) diff --git a/jumpserver/api.py b/jumpserver/api.py index 59411abe4..9daf8b62e 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -1,8 +1,6 @@ # coding: utf-8 import os, sys, time -from ConfigParser import ConfigParser -import getpass from Crypto.Cipher import AES import crypt from binascii import b2a_hex, a2b_hex @@ -11,14 +9,15 @@ import datetime import random import subprocess import paramiko -import struct, fcntl, signal,socket, select, fnmatch +import struct, fcntl, signal, socket, select, fnmatch +from settings import JLOG_FILE, KEY, URL, log_dir, log_level from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.http import HttpResponse, Http404 from django.template import RequestContext from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup -from jlog.models import Log +# from jlog.models import Log from jasset.models import AssetAlias from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned from django.http import HttpResponseRedirect @@ -36,22 +35,6 @@ except ImportError: sys.exit() -BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) -CONF = ConfigParser() -CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) -LOG_DIR = os.path.join(BASE_DIR, 'logs') -JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log') -SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') -# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') -KEY = CONF.get('base', 'key') -LOGIN_NAME = getpass.getuser() -# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') -URL = CONF.get('base', 'url') -MAIL_ENABLE = CONF.get('mail', 'mail_enable') -MAIL_FROM = CONF.get('mail', 'email_host_user') -log_dir = os.path.join(BASE_DIR, 'logs') - - def set_log(level): """ return a log file object @@ -146,7 +129,7 @@ def page_list_return(total, current=1): min_page = current - 2 if current - 4 > 0 else 1 max_page = min_page + 4 if min_page + 4 < total else total - return range(min_page, max_page+1) + return range(min_page, max_page + 1) def pages(post_objects, request): @@ -186,6 +169,7 @@ class Jtty(object): A virtual tty class 一个虚拟终端类,实现连接ssh和记录日志 """ + def __init__(self, user, asset): self.chan = None self.username = user.username @@ -404,7 +388,7 @@ class PyCrypt(object): symbol = '!@$%^&*()_' salt_list = [] if especial: - for i in range(length-4): + for i in range(length - 4): salt_list.append(random.choice(salt_key)) for i in range(4): salt_list.append(random.choice(symbol)) @@ -489,6 +473,7 @@ def require_role(role='user'): decorator for require user role in ["super", "admin", "user"] 要求用户是某种角色 ["super", "admin", "user"]的装饰器 """ + def _deco(func): def __deco(request, *args, **kwargs): if role == 'user': @@ -501,7 +486,9 @@ def require_role(role='user'): if request.session.get('role_id', 0) < 2: return HttpResponseRedirect('/') return func(request, *args, **kwargs) + return __deco + return _deco @@ -584,7 +571,7 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None, if edept: if dept.id != int(edept[0]): return False - + if user_group: dept_user_groups = dept.usergroup_set.all() user_group_ids = [] @@ -710,6 +697,4 @@ CRYPTOR = PyCrypt(KEY) # ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW) # else: # ldap_conn = None - -log_level = CONF.get('base', 'log') -logger = set_log(log_level) \ No newline at end of file +logger = set_log(log_level) diff --git a/jumpserver/settings.py b/jumpserver/settings.py index 7d77b4ff4..3d0977dbd 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/1.7/ref/settings/ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os import ConfigParser +import getpass config = ConfigParser.ConfigParser() @@ -22,7 +23,7 @@ DB_PORT = config.getint('db', 'port') DB_USER = config.get('db', 'user') DB_PASSWORD = config.get('db', 'password') DB_DATABASE = config.get('db', 'database') -AUTH_USER_MODEL = 'juser.CustomUser' +AUTH_USER_MODEL = 'juser.User' # mail config EMAIL_HOST = config.get('mail', 'email_host') EMAIL_PORT = config.get('mail', 'email_port') @@ -30,6 +31,24 @@ EMAIL_HOST_USER = config.get('mail', 'email_host_user') EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password') EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls') +# ======== Log ========== +LOG = False +LOG_DIR = os.path.join(BASE_DIR, 'logs') +JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log') +SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') +# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') +KEY = config.get('base', 'key') +LOGIN_NAME = getpass.getuser() +# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') +URL = config.get('base', 'url') +MAIL_ENABLE = config.get('mail', 'mail_enable') +MAIL_FROM = config.get('mail', 'email_host_user') +log_dir = os.path.join(BASE_DIR, 'logs') + +log_level = config.get('base', 'log') + +web_socket_host = config.get('websocket', 'web_socket_host') + # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ @@ -64,9 +83,9 @@ INSTALLED_APPS = ( MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', - #'django.middleware.csrf.CsrfViewMiddleware', + # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', - #'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + # 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ) @@ -79,17 +98,23 @@ WSGI_APPLICATION = 'jumpserver.wsgi.application' # Database # https://docs.djangoproject.com/en/1.7/ref/settings/#databases +# DATABASES = { +# 'default': { +# 'ENGINE': 'django.db.backends.mysql', +# 'NAME': DB_DATABASE, +# 'USER': DB_USER, +# 'PASSWORD': DB_PASSWORD, +# 'HOST': DB_HOST, +# 'PORT': DB_PORT, +# } +# } + DATABASES = { 'default': { - 'ENGINE': 'django.db.backends.mysql', - 'NAME': DB_DATABASE, - 'USER': DB_USER, - 'PASSWORD': DB_PASSWORD, - 'HOST': DB_HOST, - 'PORT': DB_PORT, + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), } } - TEMPLATE_CONTEXT_PROCESSORS = ( 'django.contrib.auth.context_processors.auth', 'django.core.context_processors.debug', @@ -105,7 +130,7 @@ TEMPLATE_DIRS = ( os.path.join(BASE_DIR, 'templates'), ) -#STATIC_ROOT = os.path.join(BASE_DIR, 'static') +# STATIC_ROOT = os.path.join(BASE_DIR, 'static') STATICFILES_DIRS = ( os.path.join(BASE_DIR, "static"), @@ -128,5 +153,3 @@ USE_TZ = False # https://docs.djangoproject.com/en/1.7/howto/static-files/ STATIC_URL = '/static/' - - diff --git a/jumpserver/views.py b/jumpserver/views.py index a45f904f1..d628a640f 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -14,7 +14,7 @@ import paramiko from jumpserver.api import * from django.contrib.auth import authenticate, login, logout from django.contrib.auth.decorators import login_required - +from settings import BASE_DIR def getDaysByNum(num): today = datetime.date.today() diff --git a/juser/models.py b/juser/models.py index 58417650c..6143cab78 100644 --- a/juser/models.py +++ b/juser/models.py @@ -21,7 +21,7 @@ class UserGroup(models.Model): from django.contrib.auth.models import AbstractUser -class CustomUser(AbstractUser): +class User(AbstractUser): USER_ROLE_CHOICES = ( ('SU', 'SuperUser'), ('GA', 'GroupAdmin'), @@ -34,113 +34,6 @@ class CustomUser(AbstractUser): ssh_key_pwd = models.CharField(max_length=200) -class User(models.Model): - USER_ROLE_CHOICES = ( - ('SU', 'SuperUser'), - ('GA', 'GroupAdmin'), - ('CU', 'CommonUser'), - ) - username = models.CharField(max_length=80, unique=True) - password = models.CharField(max_length=100) - name = models.CharField(max_length=80) - email = models.EmailField(max_length=75) - role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU') - uuid = models.CharField(max_length=100) - group = models.ManyToManyField(UserGroup) - ssh_key_pwd = models.CharField(max_length=200) - is_active = models.BooleanField(default=True) - last_login = models.DateTimeField(null=True) - date_joined = models.DateTimeField(null=True) - - def __unicode__(self): - return self.username - - def get_asset_group(self): - """ - Get user host_groups. - 获取用户有权限的主机组 - """ - host_group_list = [] - perm_list = [] - user_group_all = self.group.all() - for user_group in user_group_all: - perm_list.extend(user_group.perm_set.all()) - - for perm in perm_list: - host_group_list.append(perm.asset_group) - - return host_group_list - - def get_asset_group_info(self, printable=False): - """ - Get or print asset group info - 获取或打印用户授权资产组 - """ - asset_groups_info = {} - asset_groups = self.get_asset_group() - - for asset_group in asset_groups: - asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment] - - if printable: - for group_id in asset_groups_info: - if asset_groups_info[group_id][1]: - print "[%3s] %s -- %s" % (group_id, - asset_groups_info[group_id][0], - asset_groups_info[group_id][1]) - else: - print "[%3s] %s" % (group_id, asset_groups_info[group_id][0]) - print '' - else: - return asset_groups_info - - def get_asset(self): - """ - Get the assets of under the user control. - 获取主机列表 - """ - assets = [] - asset_groups = self.get_asset_group() - - for asset_group in asset_groups: - assets.extend(asset_group.asset_set.all()) - - return assets - - def get_asset_info(self, printable=False): - """ - Get or print the user asset info - 获取或打印用户资产信息 - """ - from jasset.models import AssetAlias - assets_info = {} - assets = self.get_asset() - - for asset in assets: - asset_alias = AssetAlias.objects.filter(user=self, asset=asset) - if asset_alias and asset_alias[0].alias != '': - assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)] - else: - assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)] - - if printable: - ips = assets_info.keys() - ips.sort() - for ip in ips: - if assets_info[ip][2]: - print '%-15s -- %s' % (ip, assets_info[ip][2]) - else: - print '%-15s' % ip - print '' - else: - return assets_info - - def update(self, **kwargs): - for key, value in kwargs.items(): - self.__setattr__(key, value) - self.save() - - class AdminGroup(models.Model): """ under the user control group diff --git a/juser/user_api.py b/juser/user_api.py index 04a638a0f..566f07f68 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -59,6 +59,7 @@ def db_add_user(**kwargs): admin_groups = kwargs.pop('admin_groups') role = kwargs.get('role', 'CU') user = User(**kwargs) + user.set_password(kwargs.get('password')) user.save() if groups_post: group_select = [] diff --git a/juser/views.py b/juser/views.py index 6cfd91ef1..d8c81cc8f 100644 --- a/juser/views.py +++ b/juser/views.py @@ -9,7 +9,7 @@ import uuid as uuid_r from django.db.models import Q from django.template import RequestContext from django.db.models import ObjectDoesNotExist - +from jumpserver.settings import MAIL_FROM, MAIL_ENABLE from juser.user_api import * @@ -240,8 +240,8 @@ def user_add(request): if '' in [username, password, ssh_key_pwd, name, role]: error = u'带*内容不能为空' raise ServerError - user_test = get_object(User, username=username) - if user_test: + check_user_is_exist = User.objects.filter(username=username) + if check_user_is_exist: error = u'用户 %s 已存在' % username raise ServerError @@ -250,10 +250,10 @@ def user_add(request): else: try: user = db_add_user(username=username, name=name, - password=CRYPTOR.md5_crypt(password), + password=password, email=email, role=role, uuid=uuid, groups=groups, admin_groups=admin_groups, - ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), + ssh_key_pwd=ssh_key_pwd, is_active=is_active, date_joined=datetime.datetime.now()) server_add_user(username, password, ssh_key_pwd, ssh_key_login_need) @@ -417,8 +417,14 @@ def user_detail(request): @require_role(role='admin') def user_del(request): - user_ids = request.GET.get('id', '') - user_id_list = user_ids.split(',') + if request.method == "GET": + user_ids = request.GET.get('id', '') + user_id_list = user_ids.split(',') + elif request.method == "POST": + user_ids = request.POST.get('id', '') + user_id_list = user_ids.split(',') + else: + return HttpResponse('错误请求') for user_id in user_id_list: User.objects.filter(id=user_id).delete() diff --git a/manage.py b/manage.py old mode 100644 new mode 100755