feat: 支持平台关联算法，支持AIX改密

3 years ago · 5e70a8af15
3 changed files with 37 additions and 12 deletions
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@ -142,6 +142,10 @@ class Platform(models.Model):
    internal = models.BooleanField(default=False, verbose_name=_("Internal"))
    comment = models.TextField(blank=True, null=True, verbose_name=_("Comment"))

+    @property
+    def algorithm(self):
+        return self.meta.get('algorithm')
+
    @classmethod
    def default(cls):
        linux, created = cls.objects.get_or_create(
--- a/apps/assets/tasks/push_system_user.py
+++ b/apps/assets/tasks/push_system_user.py
@ -32,9 +32,9 @@ def _dump_args(args: dict):
    return ' '.join([f'{k}={v}' for k, v in args.items() if v is not Empty])


-def get_push_unixlike_system_user_tasks(system_user, username=None):
+def get_push_unixlike_system_user_tasks(system_user, username=None, **kwargs):
    comment = system_user.name
-
+    algorithm = kwargs.get('algorithm')
    if username is None:
        username = system_user.username

@ -104,7 +104,7 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
                'module': 'user',
                'args': 'name={} shell={} state=present password={}'.format(
                    username, system_user.shell,
-                    encrypt_password(password, salt="K3mIlKK"),
+                    encrypt_password(password, salt="K3mIlKK", algorithm=algorithm),
                ),
            }
        })
@ -138,7 +138,7 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
    return tasks


-def get_push_windows_system_user_tasks(system_user: SystemUser, username=None):
+def get_push_windows_system_user_tasks(system_user: SystemUser, username=None, **kwargs):
    if username is None:
        username = system_user.username
    password = system_user.password
@ -176,7 +176,7 @@ def get_push_windows_system_user_tasks(system_user: SystemUser, username=None):
    return tasks


-def get_push_system_user_tasks(system_user, platform="unixlike", username=None):
+def get_push_system_user_tasks(system_user, platform="unixlike", username=None, algorithm=None):
    """
    获取推送系统用户的 ansible 命令，跟资产无关
    :param system_user:
@ -190,16 +190,16 @@ def get_push_system_user_tasks(system_user, platform="unixlike", username=None):
    }
    get_tasks = get_task_map.get(platform, get_push_unixlike_system_user_tasks)
    if not system_user.username_same_with_user:
-        return get_tasks(system_user)
+        return get_tasks(system_user, algorithm=algorithm)
    tasks = []
    # 仅推送这个username
    if username is not None:
-        tasks.extend(get_tasks(system_user, username))
+        tasks.extend(get_tasks(system_user, username, algorithm=algorithm))
        return tasks
    users = system_user.users.all().values_list('username', flat=True)
    print(_("System user is dynamic: {}").format(list(users)))
    for _username in users:
-        tasks.extend(get_tasks(system_user, _username))
+        tasks.extend(get_tasks(system_user, _username, algorithm=algorithm))
    return tasks


@ -244,7 +244,11 @@ def push_system_user_util(system_user, assets, task_name, username=None):
        for u in usernames:
            for a in _assets:
                system_user.load_asset_special_auth(a, u)
-                tasks = get_push_system_user_tasks(system_user, platform, username=u)
+                algorithm = a.platform.algorithm
+                tasks = get_push_system_user_tasks(
+                    system_user, platform, username=u,
+                    algorithm=algorithm
+                )
                run_task(tasks, [a])


--- a/apps/common/utils/encode.py
+++ b/apps/common/utils/encode.py
@ -186,10 +186,27 @@ def make_signature(access_key_secret, date=None):
    return content_md5(data)


-def encrypt_password(password, salt=None):
-    from passlib.hash import sha512_crypt
-    if password:
+def encrypt_password(password, salt=None, algorithm='sha512'):
+    from passlib.hash import sha512_crypt, des_crypt
+
+    def sha512():
        return sha512_crypt.using(rounds=5000).hash(password, salt=salt)
+
+    def des():
+        return des_crypt.hash(password, salt=salt[:2])
+
+    support_algorithm = {
+        'sha512': sha512, 'des': des
+    }
+
+    if isinstance(algorithm, str):
+        algorithm = algorithm.lower()
+
+    if algorithm not in support_algorithm.keys():
+        algorithm = 'sha512'
+
+    if password and support_algorithm[algorithm]:
+        return support_algorithm[algorithm]()
    return None