diff --git a/.gitignore b/.gitignore index 983fedd49..e300831e4 100644 --- a/.gitignore +++ b/.gitignore @@ -37,6 +37,7 @@ nosetests.xml .mr.developer.cfg .project .pydevproject +.settings *.log logs/* keys/* diff --git a/connect.py b/connect.py index 92b2f74cc..0be5abdfb 100755 --- a/connect.py +++ b/connect.py @@ -582,12 +582,15 @@ class Nav(object): role = role_check[int(role_id)] elif len(roles) == 1: # 授权角色数为1 role = roles[0] + else: + color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。') + return assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机 print "授权包含该系统用户的所有主机" for asset in assets: print ' %s' % asset.hostname print - print "请输入主机名或ansile支持的pattern, 多个主机:分隔, q退出" + print "请输入主机名或ansible支持的pattern, 多个主机:分隔, q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break @@ -629,7 +632,7 @@ class Nav(object): self.user_perm = get_group_user_perm(self.user) try: print "进入批量上传模式" - print "请输入主机名或ansile支持的pattern, 多个主机:分隔 q退出" + print "请输入主机名或ansible支持的pattern, 多个主机:分隔 q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break @@ -682,7 +685,7 @@ class Nav(object): self.user_perm = get_group_user_perm(self.user) try: print "进入批量下载模式" - print "请输入主机名或ansile支持的pattern, 多个主机:分隔,q退出" + print "请输入主机名或ansible支持的pattern, 多个主机:分隔,q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break diff --git a/install/install.py b/install/install.py index 383bd5116..c5765ff12 100755 --- a/install/install.py +++ b/install/install.py @@ -101,6 +101,7 @@ class PreSetup(object): color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green') bash('yum -y install mysql-server') bash('service mysqld start') + bash('chkconfig mysqld on') bash('mysql -e "create database %s default charset=utf8"' % self.db) bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db, self.db_user, diff --git a/install/next.py b/install/next.py index 62814ee67..e3dc312fa 100755 --- a/install/next.py +++ b/install/next.py @@ -18,7 +18,7 @@ if django.get_version() != '1.6': from juser.user_api import db_add_user, get_object, User from install import color_print -from jumpserver.api import get_mac_address +from jumpserver.api import get_mac_address, bash socket.setdefaulttimeout(2) @@ -84,6 +84,7 @@ class Setup(object): def _cp_zzsh(): os.chdir(os.path.join(jms_dir, 'install')) shutil.copy('zzjumpserver.sh', '/etc/profile.d/') + bash("sed -i 's#/opt/jumpserver#%s#g' /etc/profile.d/zzjumpserver.sh" % jms_dir) @staticmethod def _run_service(): diff --git a/jlog/log_api.py b/jlog/log_api.py index b10325643..6f2d6edbe 100644 --- a/jlog/log_api.py +++ b/jlog/log_api.py @@ -6,7 +6,10 @@ from contextlib import closing from io import open as copen from json import dumps from math import ceil +import datetime +import time import re +import os from os.path import basename, dirname, exists, join from struct import unpack from subprocess import Popen @@ -17,6 +20,7 @@ from jinja2 import FileSystemLoader, Template from jinja2.environment import Environment from jumpserver.api import BASE_DIR +from jlog.models import Log DEFAULT_TEMPLATE = join(BASE_DIR, 'templates', 'jlog', 'static.jinja2') @@ -75,3 +79,28 @@ def renderTemplate(script_path, time_file_path, dimensions=(24, 80), templatenam return rendered +def kill_invalid_connection(): + long_time_logs = [] + unfinished_logs = Log.objects.filter(is_finished=False) + now = datetime.datetime.now() + now_timestamp = int(time.mktime(now.timetuple())) + for log in unfinished_logs: + if (now - log.start_time).days > 1: + long_time_logs.append(log) + + for log in long_time_logs: + try: + log_file_mtime = int(os.stat(log.log_path).st_mtime) + except OSError: + log_file_mtime = 0 + + if (now_timestamp - log_file_mtime) > 3600: + try: + os.kill(int(log.pid), 9) + except OSError: + pass + + log.is_finished = True + log.end_time = now + log.save() + diff --git a/jumpserver/settings.py b/jumpserver/settings.py index fa8431272..d1c8a8f40 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -152,5 +152,6 @@ STATIC_URL = '/static/' BOOTSTRAP_COLUMN_COUNT = 10 CRONJOBS = [ - ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all') + ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all'), + ('1 * * * *', 'jlog.log_api.kill_invalid_connection'), ] diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index 848ce7ac8..b87b6e177 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -243,8 +243,9 @@ area: ['628px', '420px'], content: new_url+data }); + window.open(new_url+data, '_blank', 'toolbar=yes, location=yes, scrollbars=yes, resizable=yes, copyhistory=yes, width=628, height=400') */ - window.open(new_url+data, '', 'width=628px, height=380px') + window.open(new_url+data, '', 'width=628px, height=380px'); } else if (dataArray.length == 1 && data != 'error'){ /*layer.open({ type: 2, @@ -255,7 +256,7 @@ content: new_url+data }); */ - window.open(new_url+data, '', 'width=628px, height=440px') + window.open(new_url+data, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=410'); } else { @@ -292,7 +293,7 @@ content: new_url }); */ - window.open(new_url, '', 'height=628px, width=380px') + window.open(new_url, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=400') } else { /* @@ -305,7 +306,7 @@ content: new_url }); */ - window.open(new_url, '', 'height=628px, width=452px') + window.open(new_url, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=410'); } return false diff --git a/templates/jlog/web_terminal.html b/templates/jlog/web_terminal.html index 5589b59c3..420249a10 100644 --- a/templates/jlog/web_terminal.html +++ b/templates/jlog/web_terminal.html @@ -117,7 +117,7 @@ $('.terminal').css('width', window.innerWidth-25); console.log(window.innerWidth); console.log(window.innerWidth-10); - var rows = Math.floor(window.innerHeight/rowHeight) - 1; + var rows = Math.floor(window.innerHeight/rowHeight) - 2; var cols = Math.floor(window.innerWidth/colWidth) - 1; return {rows: rows, cols: cols}; diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html index 18df339e9..59ec3b3b6 100644 --- a/templates/jperm/perm_role_add.html +++ b/templates/jperm/perm_role_add.html @@ -93,7 +93,7 @@ $('#roleForm').validator({ theme: "yellow_right_effect", rules: { check_name: [/(?!^root$)^[\w.]{2,20}$/i, '大小写字母数字和下划线小数点,2-20位,并且非root'], - check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误,请检查'], + check_begin: [/^[\-]+BEGIN R|DSA PRIVATE KEY[\-]+/gm, 'RSA|DSA Key填写有误,请检查'] }, @@ -108,7 +108,7 @@ $('#roleForm').validator({ rule: "check_begin", ok: "", empty: true - }, + } }, valid: function(form) { diff --git a/templates/jperm/role_sudo.j2 b/templates/jperm/role_sudo.j2 index c48d354c1..4fe2e82da 100644 --- a/templates/jperm/role_sudo.j2 +++ b/templates/jperm/role_sudo.j2 @@ -46,7 +46,7 @@ add_role_chosen() { check_syntax(){ - visudo -c -f $1 + /usr/sbin/visudo -c -f $1 } cp $real_file $tmp_file && add_cmd_alias $tmp_file && add_role_chosen $tmp_file || exit 1