github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

去除vpn相关内容

pull/1/head
guanghongwei 2014-08-15 14:53:35 +08:00
parent ef12ea5f02
commit 8feb77416d
5 changed files with 17 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -1,7 +0,0 @@
jumpserver
==========
跳板机
使用说明见脚本内注释文档

10
jumpserver.conf
View File

@ -19,13 +19,3 @@ sudoadd_shell = /opt/jumpserver/sudoadd.sh
sudodel_shell = /opt/jumpserver/sudodel.sh sudodel_shell = /opt/jumpserver/sudodel.sh
keygen_shell = /opt/jumpserver/genkey.sh keygen_shell = /opt/jumpserver/genkey.sh
chgpass_shell = /opt/jumpserver/chgpass_shell.sh chgpass_shell = /opt/jumpserver/chgpass_shell.sh
[vpn]
host_pptp = 172.16.2.74
pptp_port = 2001
pptp_user = yolu
pptp_pass_file = /etc/ppp/chap-secrets
host_openvpn = 111.205.130.9
openvpn_port = 2001
openvpn_user = yolu

1
jumpserver.py
View File

@ -16,7 +16,6 @@ from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex from binascii import b2a_hex, a2b_hex
import ConfigParser import ConfigParser
import paramiko import paramiko
import interactive
base_dir = "/opt/jumpserver/" base_dir = "/opt/jumpserver/"
cf = ConfigParser.ConfigParser() cf = ConfigParser.ConfigParser()

158
webroot/AutoSa/AutoSa/views.py
View File

@ -12,7 +12,7 @@ from binascii import b2a_hex, a2b_hex
import random import random
import ConfigParser import ConfigParser
import pam import pam
import paramiko
base_dir = "/opt/jumpserver/" base_dir = "/opt/jumpserver/"
cf = ConfigParser.ConfigParser() cf = ConfigParser.ConfigParser()
@ -25,17 +25,11 @@ sudoadd_shell = cf.get('jumpserver', 'sudoadd_shell')
sudodel_shell = cf.get('jumpserver', 'sudodel_shell') sudodel_shell = cf.get('jumpserver', 'sudodel_shell')
keygen_shell = cf.get('jumpserver', 'keygen_shell') keygen_shell = cf.get('jumpserver', 'keygen_shell')
chgpass_shell = cf.get('jumpserver', 'chgpass_shell') chgpass_shell = cf.get('jumpserver', 'chgpass_shell')
host_pptp = cf.get('vpn', 'host_pptp')
pptp_port = cf.get('vpn', 'pptp_port')
pptp_user = cf.get('vpn', 'pptp_user')
pptp_pass_file = cf.get('vpn', 'pptp_pass_file')
host_openvpn = cf.get('vpn', 'host_openvpn')
openvpn_port = cf.get('vpn', 'openvpn_port')
openvpn_user = cf.get('vpn', 'openvpn_user')
admin = ['admin'] admin = ['admin']
def keygen(num): def keygen(num):
"""生成随机密码"""
seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
sa = [] sa = []
for i in range(num): for i in range(num):
@ -45,6 +39,7 @@ def keygen(num):
class PyCrypt(object): class PyCrypt(object):
"""对称加密解密"""
def __init__(self, key): def __init__(self, key):
self.key = key self.key = key
self.mode = AES.MODE_CBC self.mode = AES.MODE_CBC
@ -69,6 +64,7 @@ class PyCrypt(object):
def login(request): def login(request):
"""登录界面"""
if request.session.get('username'): if request.session.get('username'):
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
if request.method == 'GET': if request.method == 'GET':
@ -91,6 +87,7 @@ def login(request):
def login_required(func): def login_required(func):
"""要求登录的装饰器"""
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('username'): if not request.session.get('username'):
return HttpResponseRedirect('/login/') return HttpResponseRedirect('/login/')
@ -99,6 +96,7 @@ def login_required(func):
def admin_required(func): def admin_required(func):
"""要求用户是admin的装饰器"""
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('admin'): if not request.session.get('admin'):
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
@ -107,6 +105,7 @@ def admin_required(func):
def logout(request): def logout(request):
"""注销登录调用"""
if request.session.get('username'): if request.session.get('username'):
del request.session['username'] del request.session['username']
return HttpResponseRedirect('/login/') return HttpResponseRedirect('/login/')
@ -114,6 +113,7 @@ def logout(request):
@login_required @login_required
def downKey(request): def downKey(request):
"""下载key"""
username = request.session.get('username') username = request.session.get('username')
filename = '%s/keys/%s' % (base_dir, username) filename = '%s/keys/%s' % (base_dir, username)
f = open(filename) f = open(filename)
@ -126,6 +126,7 @@ def downKey(request):
@login_required @login_required
def index(request): def index(request):
"""主页"""
username = request.session.get('username') username = request.session.get('username')
name = User.objects.filter(username=username) name = User.objects.filter(username=username)
assets = [] assets = []
@ -140,6 +141,7 @@ def index(request):
@admin_required @admin_required
def showUser(request): def showUser(request):
"""查看所有用户"""
users = User.objects.all() users = User.objects.all()
info = '' info = ''
error = '' error = ''
@ -160,6 +162,7 @@ def showUser(request):
@admin_required @admin_required
def addUser(request): def addUser(request):
"""添加用户"""
jm = PyCrypt(key) jm = PyCrypt(key)
if request.method == 'GET': if request.method == 'GET':
return render_to_response('addUser.html', {'user_menu': 'active'}, return render_to_response('addUser.html', {'user_menu': 'active'},
@ -209,6 +212,7 @@ def addUser(request):
@admin_required @admin_required
def showAssets(request): def showAssets(request):
"""查看服务器"""
info = '' info = ''
assets = Assets.objects.all() assets = Assets.objects.all()
if request.method == 'POST': if request.method == 'POST':
@ -223,6 +227,7 @@ def showAssets(request):
@admin_required @admin_required
def addAssets(request): def addAssets(request):
"""添加服务器"""
error = '' error = ''
msg = '' msg = ''
if request.method == 'POST': if request.method == 'POST':
@ -245,6 +250,7 @@ def addAssets(request):
@admin_required @admin_required
def showPerm(request): def showPerm(request):
"""查看权限"""
users = User.objects.all() users = User.objects.all()
if request.method == 'POST': if request.method == 'POST':
assets_del = request.REQUEST.getlist('selected') assets_del = request.REQUEST.getlist('selected')
@ -271,6 +277,7 @@ def showPerm(request):
@admin_required @admin_required
def addPerm(request): def addPerm(request):
"""增加授权"""
users = User.objects.all() users = User.objects.all()
have_assets = [] have_assets = []
if request.method == 'POST': if request.method == 'POST':
@ -301,6 +308,7 @@ def addPerm(request):
@login_required @login_required
def chgPass(request): def chgPass(request):
"""修改登录系统的密码"""
error = '' error = ''
msg = '' msg = ''
if request.method == 'POST': if request.method == 'POST':
@ -328,6 +336,7 @@ def chgPass(request):
@login_required @login_required
def chgKey(request): def chgKey(request):
"""修改密钥密码"""
error = '' error = ''
msg = '' msg = ''
username = request.session.get('username') username = request.session.get('username')
@ -353,136 +362,3 @@ def chgKey(request):
{'error': error, 'msg': msg}, {'error': error, 'msg': msg},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
def ssh_host(host, port, user='root'):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, port, user)
return ssh
@login_required
def chgPptp(request):
error = ''
msg = ''
if request.method == 'POST':
username = request.session.get('username')
oldpass = request.POST.get('oldpass')
password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm')
if '' in [oldpass, password, password_confirm]:
error = '带*内容不能为空'
elif password != password_confirm:
error = '两次密码不匹配'
if not error:
ssh = ssh_host(host_pptp, pptp_port, pptp_user)
stdin, stdout, stderr = ssh.exec_command("sudo awk '/%s/ { print $3 }' %s" % (username, pptp_pass_file))
oldpass_confirm = stdout.read().strip()
if oldpass != oldpass_confirm:
error = '原来密码不正确'
elif not oldpass_confirm:
error = '您尚未开通PPTP VPN服务'
else:
stdin, stdout, stderr = ssh.exec_command("sudo sed -i '/%s/ s@%s@%s@g' %s" % (username, oldpass_confirm,
password, pptp_pass_file))
if stderr.read():
error = '密码更改失败'
else:
msg = '密码更改成功'
return render_to_response('chgPptp.html',
{'error': error, 'msg': msg},
context_instance=RequestContext(request))
@login_required
def chgOpenvpn(request):
error = ''
msg = ''
if request.method == 'POST':
username = request.session.get('username')
password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm')
if '' in [password, password_confirm]:
error = '带*内容不能为空'
elif password != password_confirm:
error = '两次密码不匹配'
if not error:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host_openvpn, openvpn_port, openvpn_user)
stdin, stdout, stderr = ssh.exec_command("id %s" % username)
if stderr.read():
error = '您尚未开通OpenVPN服务'
else:
stdin, stdout, stderr = ssh.exec_command("echo %s | sudo passwd --stdin %s" % (password, username))
if stderr.read():
error = '密码更改失败'
else:
msg = '密码更改成功'
return render_to_response('chgOpenvpn.html',
{'error': error, 'msg': msg},
context_instance=RequestContext(request))
@admin_required
def addPptp(request):
error = ''
msg = ''
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm')
if '' in [username, password, password_confirm]:
error = '带*内容不能为空'
elif password != password_confirm:
error = '两次输入不匹配'
if not error:
ssh = ssh_host(host_pptp, pptp_port, pptp_user)
stdin, stdout, stderr = ssh.exec_command('grep %s %s' % (username, pptp_pass_file))
if stdout.read():
error = '用户已存在'
else:
stdin, stdout, stderr = ssh.exec_command('sudo echo -e "%s\tpptpd\t%s\t*" >> %s' %
(username, password, pptp_pass_file))
if not stderr.read():
msg = '用户添加成功'
return render_to_response('addPptp.html',
{'error': error, 'msg': msg},
context_instance=RequestContext(request))
@admin_required
def addOpenvpn(request):
error = ''
msg = ''
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm')
if '' in [username, password, password_confirm]:
error = '带*内容不能为空'
elif password != password_confirm:
error = '两次输入不匹配'
if not error:
ssh = ssh_host(host_openvpn, openvpn_port, openvpn_user)
stdin, stdout, stderr = ssh.exec_command('id %s' % username)
if stdout.read():
error = '用户已存在'
else:
stdin, stdout, stderr = ssh.exec_command('sudo useradd -s /sbin/nologin %s;echo %s | sudo passwd --stdin %s' %
(username, password, username))
if not stderr.read():
msg = '用户添加成功'
return render_to_response('addOpenvpn.html',
{'error': error, 'msg': msg},
context_instance=RequestContext(request))

4
webroot/AutoSa/templates/base.html
View File

@ -113,10 +113,6 @@
<li><a href="/showPerm/"><i class="glyphicon glyphicon-send"></i> 查看权限</a></li> <li><a href="/showPerm/"><i class="glyphicon glyphicon-send"></i> 查看权限</a></li>
<li><a href="/addPerm/"><i class="glyphicon glyphicon-send"></i> 添加权限</a></li> <li><a href="/addPerm/"><i class="glyphicon glyphicon-send"></i> 添加权限</a></li>
</ul> </ul>
<div class="menu-first" ><a href="#vpnMenu" data-toggle="collapse"><i class="glyphicon glyphicon-th"></i> VPN管理</a></div>
<ul id="vpnMenu" class="nav nav-list navbar-collapse menu-second">
<li><a href="/addPptp/"><i class="glyphicon glyphicon-send"></i> PPTP</a></li>
<li><a href="/addOpenvpn/"><i class="glyphicon glyphicon-send"></i> OpenVPN</a></li>
</ul> </ul>
</div> </div>
</div> </div>