github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: 支持平台关联算法,支持AIX改密

pull/8199/head
jiangweidong 2022-04-15 14:39:37 +08:00 committed by 老广
parent 031077c298
commit 5e70a8af15
3 changed files with 37 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/assets/models/asset.py
View File

@ -142,6 +142,10 @@ class Platform(models.Model):
internal = models.BooleanField(default=False, verbose_name=_("Internal")) internal = models.BooleanField(default=False, verbose_name=_("Internal"))
comment = models.TextField(blank=True, null=True, verbose_name=_("Comment")) comment = models.TextField(blank=True, null=True, verbose_name=_("Comment"))
@property
def algorithm(self):
return self.meta.get('algorithm')
@classmethod @classmethod
def default(cls): def default(cls):
linux, created = cls.objects.get_or_create( linux, created = cls.objects.get_or_create(

22
apps/assets/tasks/push_system_user.py
View File

@ -32,9 +32,9 @@ def _dump_args(args: dict):
return ' '.join([f'{k}={v}' for k, v in args.items() if v is not Empty]) return ' '.join([f'{k}={v}' for k, v in args.items() if v is not Empty])
def get_push_unixlike_system_user_tasks(system_user, username=None): def get_push_unixlike_system_user_tasks(system_user, username=None, **kwargs):
comment = system_user.name comment = system_user.name
algorithm = kwargs.get('algorithm')
if username is None: if username is None:
username = system_user.username username = system_user.username
@ -104,7 +104,7 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
'module': 'user', 'module': 'user',
'args': 'name={} shell={} state=present password={}'.format( 'args': 'name={} shell={} state=present password={}'.format(
username, system_user.shell, username, system_user.shell,
encrypt_password(password, salt="K3mIlKK"), encrypt_password(password, salt="K3mIlKK", algorithm=algorithm),
), ),
} }
}) })
@ -138,7 +138,7 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
return tasks return tasks
def get_push_windows_system_user_tasks(system_user: SystemUser, username=None): def get_push_windows_system_user_tasks(system_user: SystemUser, username=None, **kwargs):
if username is None: if username is None:
username = system_user.username username = system_user.username
password = system_user.password password = system_user.password
@ -176,7 +176,7 @@ def get_push_windows_system_user_tasks(system_user: SystemUser, username=None):
return tasks return tasks
def get_push_system_user_tasks(system_user, platform="unixlike", username=None): def get_push_system_user_tasks(system_user, platform="unixlike", username=None, algorithm=None):
""" """
获取推送系统用户的 ansible 命令跟资产无关 获取推送系统用户的 ansible 命令跟资产无关
:param system_user: :param system_user:
@ -190,16 +190,16 @@ def get_push_system_user_tasks(system_user, platform="unixlike", username=None):
} }
get_tasks = get_task_map.get(platform, get_push_unixlike_system_user_tasks) get_tasks = get_task_map.get(platform, get_push_unixlike_system_user_tasks)
if not system_user.username_same_with_user: if not system_user.username_same_with_user:
return get_tasks(system_user) return get_tasks(system_user, algorithm=algorithm)
tasks = [] tasks = []
# 仅推送这个username # 仅推送这个username
if username is not None: if username is not None:
tasks.extend(get_tasks(system_user, username)) tasks.extend(get_tasks(system_user, username, algorithm=algorithm))
return tasks return tasks
users = system_user.users.all().values_list('username', flat=True) users = system_user.users.all().values_list('username', flat=True)
print(_("System user is dynamic: {}").format(list(users))) print(_("System user is dynamic: {}").format(list(users)))
for _username in users: for _username in users:
tasks.extend(get_tasks(system_user, _username)) tasks.extend(get_tasks(system_user, _username, algorithm=algorithm))
return tasks return tasks
@ -244,7 +244,11 @@ def push_system_user_util(system_user, assets, task_name, username=None):
for u in usernames: for u in usernames:
for a in _assets: for a in _assets:
system_user.load_asset_special_auth(a, u) system_user.load_asset_special_auth(a, u)
tasks = get_push_system_user_tasks(system_user, platform, username=u) algorithm = a.platform.algorithm
tasks = get_push_system_user_tasks(
system_user, platform, username=u,
algorithm=algorithm
)
run_task(tasks, [a]) run_task(tasks, [a])

23
apps/common/utils/encode.py
View File

@ -186,10 +186,27 @@ def make_signature(access_key_secret, date=None):
return content_md5(data) return content_md5(data)
def encrypt_password(password, salt=None): def encrypt_password(password, salt=None, algorithm='sha512'):
from passlib.hash import sha512_crypt from passlib.hash import sha512_crypt, des_crypt
if password:
def sha512():
return sha512_crypt.using(rounds=5000).hash(password, salt=salt) return sha512_crypt.using(rounds=5000).hash(password, salt=salt)
def des():
return des_crypt.hash(password, salt=salt[:2])
support_algorithm = {
'sha512': sha512, 'des': des
}
if isinstance(algorithm, str):
algorithm = algorithm.lower()
if algorithm not in support_algorithm.keys():
algorithm = 'sha512'
if password and support_algorithm[algorithm]:
return support_algorithm[algorithm]()
return None return None