From 0b79f754f9a3632327270529d95dad98699613ed Mon Sep 17 00:00:00 2001 From: "iambocai bob.chen.cs@gmail.com" Date: Mon, 25 Jan 2016 18:21:07 +0800 Subject: [PATCH 1/7] =?UTF-8?q?1.=20=E5=BD=93=E7=94=A8=E6=88=B7=E6=9C=AA?= =?UTF-8?q?=E8=A2=AB=E6=8E=88=E4=BA=88=E4=BB=BB=E4=BD=95=E8=A7=92=E8=89=B2?= =?UTF-8?q?/=E4=B8=BB=E6=9C=BA=E6=9D=83=E9=99=90=E6=97=B6=EF=BC=8C?= =?UTF-8?q?=E6=8F=90=E7=A4=BA=E7=94=A8=E6=88=B7=202.=20=E6=A0=B9=E6=8D=AE?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=AE=9E=E9=99=85=E5=AE=89=E8=A3=85=E8=B7=AF?= =?UTF-8?q?=E5=BE=84=EF=BC=8C=E6=9B=BF=E6=8D=A2=E5=90=AF=E5=8A=A8=E8=84=9A?= =?UTF-8?q?=E6=9C=AC=E4=B8=ADconnect.py=E7=9A=84=E8=B7=AF=E5=BE=84=203.=20?= =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E5=87=A0=E5=A4=84=E6=8B=BC=E5=86=99=E9=94=99?= =?UTF-8?q?=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .settings/org.eclipse.core.resources.prefs | 2 ++ connect.py | 8 +++++--- install/next.py | 3 ++- 3 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 .settings/org.eclipse.core.resources.prefs diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs new file mode 100644 index 000000000..1d3924f23 --- /dev/null +++ b/.settings/org.eclipse.core.resources.prefs @@ -0,0 +1,2 @@ +eclipse.preferences.version=1 +encoding/connect.py=UTF-8 diff --git a/connect.py b/connect.py index 92b2f74cc..fefa079f6 100755 --- a/connect.py +++ b/connect.py @@ -582,12 +582,14 @@ class Nav(object): role = role_check[int(role_id)] elif len(roles) == 1: # 授权角色数为1 role = roles[0] + else: + color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。', exits=True) assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机 print "授权包含该系统用户的所有主机" for asset in assets: print ' %s' % asset.hostname print - print "请输入主机名或ansile支持的pattern, 多个主机:分隔, q退出" + print "请输入主机名或ansible支持的pattern, 多个主机:分隔, q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break @@ -629,7 +631,7 @@ class Nav(object): self.user_perm = get_group_user_perm(self.user) try: print "进入批量上传模式" - print "请输入主机名或ansile支持的pattern, 多个主机:分隔 q退出" + print "请输入主机名或ansible支持的pattern, 多个主机:分隔 q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break @@ -682,7 +684,7 @@ class Nav(object): self.user_perm = get_group_user_perm(self.user) try: print "进入批量下载模式" - print "请输入主机名或ansile支持的pattern, 多个主机:分隔,q退出" + print "请输入主机名或ansible支持的pattern, 多个主机:分隔,q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break diff --git a/install/next.py b/install/next.py index 62814ee67..2a8231b38 100755 --- a/install/next.py +++ b/install/next.py @@ -18,7 +18,7 @@ if django.get_version() != '1.6': from juser.user_api import db_add_user, get_object, User from install import color_print -from jumpserver.api import get_mac_address +from jumpserver.api import get_mac_address, bash socket.setdefaulttimeout(2) @@ -83,6 +83,7 @@ class Setup(object): @staticmethod def _cp_zzsh(): os.chdir(os.path.join(jms_dir, 'install')) + bash("sed -i 's#/opt/jumpserver#%s#g' zzjumpserver.sh" % jms_dir) shutil.copy('zzjumpserver.sh', '/etc/profile.d/') @staticmethod From 02e9ba54f9fa6e1eecee3642f01dc505d9df7d55 Mon Sep 17 00:00:00 2001 From: wangjunj <278884470@qq.com> Date: Thu, 28 Jan 2016 14:50:57 +0800 Subject: [PATCH 2/7] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=9C=AC=E5=9C=B0mysqld?= =?UTF-8?q?=E8=87=AA=E5=90=AF=E5=8A=A8=E6=9C=8D=E5=8A=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 添加数据库自启动服务。修复服务器重启后./server.sh start 会提示错误——“Starting jumpsever service:run_websocket.py not running” --- install/install.py | 1 + 1 file changed, 1 insertion(+) diff --git a/install/install.py b/install/install.py index 383bd5116..17dbc2d7c 100755 --- a/install/install.py +++ b/install/install.py @@ -101,6 +101,7 @@ class PreSetup(object): color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green') bash('yum -y install mysql-server') bash('service mysqld start') + bash('chkconfig mysqld on') bash('mysql -e "create database %s default charset=utf8"' % self.db) bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db, self.db_user, From cd6cfc6ae9bbde324bc5b760ad617631c6ad8de8 Mon Sep 17 00:00:00 2001 From: wangjunj <278884470@qq.com> Date: Thu, 28 Jan 2016 23:08:12 +0800 Subject: [PATCH 3/7] Update install.py --- install/install.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/install.py b/install/install.py index 17dbc2d7c..c5765ff12 100755 --- a/install/install.py +++ b/install/install.py @@ -101,7 +101,7 @@ class PreSetup(object): color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green') bash('yum -y install mysql-server') bash('service mysqld start') - bash('chkconfig mysqld on') + bash('chkconfig mysqld on') bash('mysql -e "create database %s default charset=utf8"' % self.db) bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db, self.db_user, From fa195c3808717cfe328f6cc8b339552f6670318d Mon Sep 17 00:00:00 2001 From: "iambocai bob.chen.cs@gmail.com" Date: Wed, 17 Feb 2016 15:16:36 +0800 Subject: [PATCH 4/7] update for pull#47 --- .gitignore | 1 + .settings/org.eclipse.core.resources.prefs | 2 -- connect.py | 3 ++- install/next.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 .settings/org.eclipse.core.resources.prefs diff --git a/.gitignore b/.gitignore index 983fedd49..e300831e4 100644 --- a/.gitignore +++ b/.gitignore @@ -37,6 +37,7 @@ nosetests.xml .mr.developer.cfg .project .pydevproject +.settings *.log logs/* keys/* diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs deleted file mode 100644 index 1d3924f23..000000000 --- a/.settings/org.eclipse.core.resources.prefs +++ /dev/null @@ -1,2 +0,0 @@ -eclipse.preferences.version=1 -encoding/connect.py=UTF-8 diff --git a/connect.py b/connect.py index fefa079f6..0be5abdfb 100755 --- a/connect.py +++ b/connect.py @@ -583,7 +583,8 @@ class Nav(object): elif len(roles) == 1: # 授权角色数为1 role = roles[0] else: - color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。', exits=True) + color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。') + return assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机 print "授权包含该系统用户的所有主机" for asset in assets: diff --git a/install/next.py b/install/next.py index 2a8231b38..e3dc312fa 100755 --- a/install/next.py +++ b/install/next.py @@ -83,8 +83,8 @@ class Setup(object): @staticmethod def _cp_zzsh(): os.chdir(os.path.join(jms_dir, 'install')) - bash("sed -i 's#/opt/jumpserver#%s#g' zzjumpserver.sh" % jms_dir) shutil.copy('zzjumpserver.sh', '/etc/profile.d/') + bash("sed -i 's#/opt/jumpserver#%s#g' /etc/profile.d/zzjumpserver.sh" % jms_dir) @staticmethod def _run_service(): From 0e9a9625061c1742357eebd91f8c9b342fc025ba Mon Sep 17 00:00:00 2001 From: ibuler Date: Sat, 20 Feb 2016 16:02:31 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E5=85=B7=E4=BD=93=E4=BD=93=E7=8E=B0?= =?UTF-8?q?=E5=9C=A8=20=E6=97=A5=E5=BF=97=E7=9B=91=E6=8E=A7=E9=A1=B5?= =?UTF-8?q?=EF=BC=8C=E5=AE=9A=E6=9C=9F=E5=9B=9E=E6=94=B6=E8=BF=87=E6=9C=9F?= =?UTF-8?q?=E7=9A=84=E5=9C=A8=E7=BA=BFlog?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 需要运行python manage.py crontab add来添加 运行 python manage.py crontab remove 来去掉 crontab -l --- jlog/log_api.py | 29 +++++++++++++++++++++++++++++ jumpserver/settings.py | 3 ++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/jlog/log_api.py b/jlog/log_api.py index b10325643..6f2d6edbe 100644 --- a/jlog/log_api.py +++ b/jlog/log_api.py @@ -6,7 +6,10 @@ from contextlib import closing from io import open as copen from json import dumps from math import ceil +import datetime +import time import re +import os from os.path import basename, dirname, exists, join from struct import unpack from subprocess import Popen @@ -17,6 +20,7 @@ from jinja2 import FileSystemLoader, Template from jinja2.environment import Environment from jumpserver.api import BASE_DIR +from jlog.models import Log DEFAULT_TEMPLATE = join(BASE_DIR, 'templates', 'jlog', 'static.jinja2') @@ -75,3 +79,28 @@ def renderTemplate(script_path, time_file_path, dimensions=(24, 80), templatenam return rendered +def kill_invalid_connection(): + long_time_logs = [] + unfinished_logs = Log.objects.filter(is_finished=False) + now = datetime.datetime.now() + now_timestamp = int(time.mktime(now.timetuple())) + for log in unfinished_logs: + if (now - log.start_time).days > 1: + long_time_logs.append(log) + + for log in long_time_logs: + try: + log_file_mtime = int(os.stat(log.log_path).st_mtime) + except OSError: + log_file_mtime = 0 + + if (now_timestamp - log_file_mtime) > 3600: + try: + os.kill(int(log.pid), 9) + except OSError: + pass + + log.is_finished = True + log.end_time = now + log.save() + diff --git a/jumpserver/settings.py b/jumpserver/settings.py index fa8431272..d1c8a8f40 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -152,5 +152,6 @@ STATIC_URL = '/static/' BOOTSTRAP_COLUMN_COUNT = 10 CRONJOBS = [ - ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all') + ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all'), + ('1 * * * *', 'jlog.log_api.kill_invalid_connection'), ] From 7323b72c4bf43b7c2bdb5038eee4a5fdd9f4c5ec Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 22 Feb 2016 16:29:36 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=201.=20=E6=8E=A8?= =?UTF-8?q?=E9=80=81=E6=97=B6=20=E9=AA=8C=E8=AF=81=E6=94=B9=E4=B8=BA=20=20?= =?UTF-8?q?/usr/sbin/visudo=20-c=202.=20=E6=B7=BB=E5=8A=A0=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=E7=94=A8=E6=88=B7=E7=9A=84key=20=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=E6=9B=B4=E6=94=B9=20=E6=94=AF=E6=8C=81=20RSA|DSA=203.=20web=20?= =?UTF-8?q?terminal=20=E8=A1=8C=E6=95=B0=20-1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/jasset/asset_list.html | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index 848ce7ac8..b87b6e177 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -243,8 +243,9 @@ area: ['628px', '420px'], content: new_url+data }); + window.open(new_url+data, '_blank', 'toolbar=yes, location=yes, scrollbars=yes, resizable=yes, copyhistory=yes, width=628, height=400') */ - window.open(new_url+data, '', 'width=628px, height=380px') + window.open(new_url+data, '', 'width=628px, height=380px'); } else if (dataArray.length == 1 && data != 'error'){ /*layer.open({ type: 2, @@ -255,7 +256,7 @@ content: new_url+data }); */ - window.open(new_url+data, '', 'width=628px, height=440px') + window.open(new_url+data, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=410'); } else { @@ -292,7 +293,7 @@ content: new_url }); */ - window.open(new_url, '', 'height=628px, width=380px') + window.open(new_url, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=400') } else { /* @@ -305,7 +306,7 @@ content: new_url }); */ - window.open(new_url, '', 'height=628px, width=452px') + window.open(new_url, '_blank', 'toolbar=yes, location=yes, copyhistory=yes, scrollbars=yes, width=628, height=410'); } return false From b1768565c1b683c94a4fb4138bafbde816fc0216 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 22 Feb 2016 16:31:33 +0800 Subject: [PATCH 7/7] =?UTF-8?q?=20=E4=BF=AE=E5=A4=8D=20=20=20=20=201.=20?= =?UTF-8?q?=E6=8E=A8=E9=80=81=E6=97=B6=20=E9=AA=8C=E8=AF=81=E6=94=B9?= =?UTF-8?q?=E4=B8=BA=20=20/usr/sbin/visudo=20-c=20=20=20=20=202.=20?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=B3=BB=E7=BB=9F=E7=94=A8=E6=88=B7=E7=9A=84?= =?UTF-8?q?key=20=E8=AE=A4=E8=AF=81=E6=9B=B4=E6=94=B9=20=E6=94=AF=E6=8C=81?= =?UTF-8?q?=20RSA|DSA=20=20=20=20=203.=20web=20terminal=20=E8=A1=8C?= =?UTF-8?q?=E6=95=B0=20-1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/jlog/web_terminal.html | 2 +- templates/jperm/perm_role_add.html | 4 ++-- templates/jperm/role_sudo.j2 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/jlog/web_terminal.html b/templates/jlog/web_terminal.html index 5589b59c3..420249a10 100644 --- a/templates/jlog/web_terminal.html +++ b/templates/jlog/web_terminal.html @@ -117,7 +117,7 @@ $('.terminal').css('width', window.innerWidth-25); console.log(window.innerWidth); console.log(window.innerWidth-10); - var rows = Math.floor(window.innerHeight/rowHeight) - 1; + var rows = Math.floor(window.innerHeight/rowHeight) - 2; var cols = Math.floor(window.innerWidth/colWidth) - 1; return {rows: rows, cols: cols}; diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html index 18df339e9..59ec3b3b6 100644 --- a/templates/jperm/perm_role_add.html +++ b/templates/jperm/perm_role_add.html @@ -93,7 +93,7 @@ $('#roleForm').validator({ theme: "yellow_right_effect", rules: { check_name: [/(?!^root$)^[\w.]{2,20}$/i, '大小写字母数字和下划线小数点,2-20位,并且非root'], - check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误,请检查'], + check_begin: [/^[\-]+BEGIN R|DSA PRIVATE KEY[\-]+/gm, 'RSA|DSA Key填写有误,请检查'] }, @@ -108,7 +108,7 @@ $('#roleForm').validator({ rule: "check_begin", ok: "", empty: true - }, + } }, valid: function(form) { diff --git a/templates/jperm/role_sudo.j2 b/templates/jperm/role_sudo.j2 index 642a30a66..a37276771 100644 --- a/templates/jperm/role_sudo.j2 +++ b/templates/jperm/role_sudo.j2 @@ -36,7 +36,7 @@ add_role_chosen() { check_syntax(){ - visudo -c -f $1 + /usr/sbin/visudo -c -f $1 } cp $real_file $tmp_file && add_cmd_alias $tmp_file && add_role_chosen $tmp_file || exit 1