github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

modify some

pull/26/head
ibuler 2015-06-15 19:20:05 +08:00
parent fdcaa358e5
commit 8d167baf46
2 changed files with 158 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
connect.py
View File

@ -40,11 +40,10 @@ except ImportError:
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
log_dir = os.path.join(BASE_DIR, 'logs') log_dir = os.path.join(BASE_DIR, 'logs')
login_name = getpass.getuser() login_user = Juser(username=getpass.getuser())
user = Juser(username=login_name)
def color_print(msg, color='blue'): def color_print(msg, color='red', exits=False):
""" """
Print colorful string. Print colorful string.
颜色打印 颜色打印
@ -54,19 +53,19 @@ def color_print(msg, color='blue'):
'red': '\033[1;31m%s\033[0m'} 'red': '\033[1;31m%s\033[0m'}
print color_msg.get(color, 'blue') % msg print color_msg.get(color, 'blue') % msg
if exits:
def color_print_exit(msg, color='red'):
"""
Print colorful string and exit.
颜色打印并推出
"""
color_print(msg, color=color)
time.sleep(2) time.sleep(2)
sys.exit() sys.exit()
def get_win_size(): class Jtty(object):
def __init__(self, chan, user, asset):
self.chan = chan
self.username = user.username
self.ip = asset.ip
@staticmethod
def get_win_size():
""" """
This function use to get the size of the windows! This function use to get the size of the windows!
获得terminal窗口大小 获得terminal窗口大小
@ -79,30 +78,28 @@ def get_win_size():
x = fcntl.ioctl(sys.stdout.fileno(), TIOCGWINSZ, s) x = fcntl.ioctl(sys.stdout.fileno(), TIOCGWINSZ, s)
return struct.unpack('HHHH', x)[0:2] return struct.unpack('HHHH', x)[0:2]
def set_win_size(self, sig, data):
def set_win_size(sig, data):
""" """
This function use to set the window size of the terminal! This function use to set the window size of the terminal!
设置terminal窗口大小 设置terminal窗口大小
""" """
try: try:
win_size = get_win_size() win_size = self.get_win_size()
channel.resize_pty(height=win_size[0], width=win_size[1]) self.channel.resize_pty(height=win_size[0], width=win_size[1])
except Exception: except Exception:
pass pass
def log_record(self):
def log_record(username, host):
""" """
Logging user command and output. Logging user command and output.
记录用户的日志 记录用户的日志
""" """
connect_log_dir = os.path.join(log_dir, 'connect') tty_log_dir = os.path.join(log_dir, 'tty')
timestamp_start = int(time.time()) timestamp_start = int(time.time())
today = time.strftime('%Y%m%d', time.localtime(timestamp_start)) date_start = time.strftime('%Y%m%d', time.localtime(timestamp_start))
time_now = time.strftime('%H%M%S', time.localtime(timestamp_start)) time_start = time.strftime('%H%M%S', time.localtime(timestamp_start))
today_connect_log_dir = os.path.join(connect_log_dir, today) today_connect_log_dir = os.path.join(tty_log_dir, date_start)
log_filename = '%s_%s_%s.log' % (username, host, time_now) log_filename = '%s_%s_%s.log' % (self.username, self.host, time_start)
log_file_path = os.path.join(today_connect_log_dir, log_filename) log_file_path = os.path.join(today_connect_log_dir, log_filename)
dept = User.objects.filter(username=username) dept = User.objects.filter(username=username)
if dept: if dept:
@ -133,8 +130,7 @@ def log_record(username, host):
log.save() log.save()
return log_file, log return log_file, log
def posix_shell(chan, username, host):
def posix_shell(chan, username, host):
""" """
Use paramiko channel connect server interactive. Use paramiko channel connect server interactive.
使用paramiko模块的channel连接后端进入交互式 使用paramiko模块的channel连接后端进入交互式
@ -180,73 +176,10 @@ def posix_shell(chan, username, host):
log.save() log.save()
# def get_user_host_group(username):
# """
# Get the host groups of under the user control.
# 获取用户有权限的主机组
# """
# groups_attr = {}
# group_all = get_host_groups(username)
# for group in group_all:
# groups_attr[group.name] = [group.id, group.comment]
# return groups_attr
# def get_user_host_group_member(username, gid):
# """
# Get the host group hosts of under the user control.
# 获取用户有权限主机组下的主机
# """
# groups_attr = get_user_host_group(username)
# groups_ids = [attr[0] for name, attr in groups_attr.items()]
# hosts_attr = {}
# if int(gid) in groups_ids:
# user = User.objects.filter(username=username)
# if user:
# user = user[0]
# hosts = get_host_groups(gid)
# for host in hosts:
# alias = AssetAlias.objects.filter(user=user, host=host)
# if alias and alias[0].alias != '':
# hosts_attr[host.ip] = [host.id, host.ip, alias[0].alias]
# else:
# hosts_attr[host.ip] = [host.id, host.ip, host.comment]
# return hosts_attr
# def user_asset_info(user, printable=False):
# """
# Get or Print asset info
# 获取或打印用户资产信息
# """
# assets_info = {}
# try:
# assets = get_asset(user)
# except ServerError, e:
# color_print(e, 'red')
# return
#
# for asset in assets:
# asset_alias = AssetAlias.objects.filter(user=user, asset=asset)
# if asset_alias and asset_alias[0].alias != '':
# assets_info[asset.ip] = [asset.id, asset.ip, asset_alias[0].alias]
# else:
# assets_info[asset.ip] = [asset.id, asset.ip, asset.comment]
#
# if printable:
# ips = assets_info.keys()
# ips.sort()
# for ip in ips:
# print '%-15s -- %s' % (ip, assets_info[ip][2])
# print ''
# else:
# return assets_info
def verify_connect(username, part_ip): def verify_connect(username, part_ip):
ip_matched = [] ip_matched = []
try: try:
assets_info = user.get_asset_info() assets_info = login_user.get_asset_info()
except ServerError, e: except ServerError, e:
color_print(e, 'red') color_print(e, 'red')
return False return False
@ -260,7 +193,7 @@ def verify_connect(username, part_ip):
if part_ip in info: if part_ip in info:
ip_matched.append(ip) ip_matched.append(ip)
logger.debug('%s matched input %s: %s' % (user.username, part_ip, ip_matched)) logger.debug('%s matched input %s: %s' % (login_user.username, part_ip, ip_matched))
ip_matched = list(set(ip_matched)) ip_matched = list(set(ip_matched))
if len(ip_matched) > 1: if len(ip_matched) > 1:
@ -385,7 +318,7 @@ def exec_cmd_servers(username):
inputs = raw_input('\033[1;32mip(s)>: \033[0m') inputs = raw_input('\033[1;32mip(s)>: \033[0m')
if inputs in ['q', 'Q']: if inputs in ['q', 'Q']:
break break
get_hosts = user.get_asset_info().keys() get_hosts = login_user.get_asset_info().keys()
if ',' in inputs: if ',' in inputs:
ips_input = inputs.split(',') ips_input = inputs.split(',')
@ -419,8 +352,8 @@ def exec_cmd_servers(username):
if __name__ == '__main__': if __name__ == '__main__':
if not user.validate(): if not login_user.validate():
color_print_exit(u'没有该用户 No that user.') color_print(u'没有该用户 No that user.', exits=True)
print_prompt() print_prompt()
gid_pattern = re.compile(r'^g\d+$') gid_pattern = re.compile(r'^g\d+$')
@ -434,10 +367,10 @@ if __name__ == '__main__':
except KeyboardInterrupt: except KeyboardInterrupt:
sys.exit(0) sys.exit(0)
if option in ['P', 'p']: if option in ['P', 'p']:
user.get_asset_info(printable=True) login_user.get_asset_info(printable=True)
continue continue
elif option in ['G', 'g']: elif option in ['G', 'g']:
user.get_asset_group_info(printable=True) login_user.get_asset_group_info(printable=True)
continue continue
elif gid_pattern.match(option): elif gid_pattern.match(option):
gid = option[1:].strip() gid = option[1:].strip()

59
jumpserver/api.py
View File

@ -12,6 +12,7 @@ import ldap
from ldap import modlist from ldap import modlist
import hashlib import hashlib
import datetime import datetime
import random
import subprocess import subprocess
from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.http import HttpResponse, Http404 from django.http import HttpResponse, Http404
@ -150,34 +151,57 @@ def pages(posts, r):
class PyCrypt(object): class PyCrypt(object):
"""This class used to encrypt and decrypt password.""" """
This class used to encrypt and decrypt password.
对称加密库
"""
def __init__(self, key): def __init__(self, key):
self.key = key self.key = key
self.mode = AES.MODE_CBC self.mode = AES.MODE_CBC
def encrypt(self, text): def _random_pass(self):
cryptor = AES.new(self.key, self.mode, b'0000000000000000') """
length = 16 random password
随机生成密码
"""
salt_key = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%^&*()_'
symbol = '!@$%^&*()_'
salt_list = []
for i in range(60):
salt_list.append(random.choice(salt_key))
for i in range(4):
salt_list.append(random.choice(symbol))
salt = ''.join(salt_list)
self.salt = salt
def encrypt(self):
"""
encrypt gen password
加密生成密码
"""
cryptor = AES.new(self.key, self.mode, b'8122ca7d906ad5e1')
length = 64
try: try:
count = len(text) count = len(self.salt)
except TypeError: except TypeError:
raise ServerError('Encrypt password error, TYpe error.') # raise ServerError('Encrypt password error, TYpe error.')
pass
add = (length - (count % length)) add = (length - (count % length))
text += ('\0' * add) self.salt += ('\0' * add)
ciphertext = cryptor.encrypt(text) cipher_text = cryptor.encrypt(self.salt)
return b2a_hex(ciphertext) return b2a_hex(cipher_text)
def decrypt(self, text): def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000') cryptor = AES.new(self.key, self.mode, b'8122ca7d906ad5e1')
try: try:
plain_text = cryptor.decrypt(a2b_hex(text)) plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError: except TypeError:
raise ServerError('Decrypt password error, TYpe error.') # raise ServerError('Decrypt password error, TYpe error.')
pass
return plain_text.rstrip('\0') return plain_text.rstrip('\0')
CRYPTOR = PyCrypt(KEY)
class ServerError(Exception): class ServerError(Exception):
@ -595,17 +619,15 @@ def asset_perm_api(asset):
return user_permed_list return user_permed_list
def get_connect_item(username, ip): def get_connect_item(user, ip):
asset = get_object(Asset, ip=ip) asset = get_object(Asset, ip=ip)
port = int(asset.port) port = int(asset.port)
if not asset.is_active: if not asset.is_active:
raise ServerError('Host %s is not active.' % ip) raise ServerError('Host %s is not active.' % ip)
user = get_object(User, username=username)
if not user.is_active: if not user.is_active:
raise ServerError('User %s is not active.' % username) raise ServerError('User %s is not active.' % user.username)
login_type_dict = { login_type_dict = {
'L': user.ldap_pwd, 'L': user.ldap_pwd,
@ -613,7 +635,7 @@ def get_connect_item(username, ip):
if asset.login_type in login_type_dict: if asset.login_type in login_type_dict:
password = CRYPTOR.decrypt(login_type_dict[asset.login_type]) password = CRYPTOR.decrypt(login_type_dict[asset.login_type])
return username, password, ip, port return user.username, password, ip, port
elif asset.login_type == 'M': elif asset.login_type == 'M':
username = asset.username username = asset.username
@ -750,3 +772,6 @@ def node_auth(request):
result = {'auth': {'username': username, 'result': 'failed'}} result = {'auth': {'username': username, 'result': 'failed'}}
return HttpResponse(json.dumps(result, sort_keys=True, indent=2), content_type='application/json') return HttpResponse(json.dumps(result, sort_keys=True, indent=2), content_type='application/json')
CRYPTOR = PyCrypt(KEY)