pull/26/head
ibuler 2015-11-23 23:07:58 +08:00
parent 4c50551249
commit a7a030fedd
4 changed files with 81 additions and 81 deletions

View File

@ -5,16 +5,12 @@ from jumpserver.api import *
def name_proc(request):
user_id = request.user.id
# role_id = request.session.get('role_id')
role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0)
# if role_id == 2:
role_id = {'SU': 2, 'GA': 1, 'CU': 0}.get(request.user.role, 0)
# role_id = 'SU'
user_total_num = User.objects.all().count()
user_active_num = User.objects.filter().count()
host_total_num = Asset.objects.all().count()
host_active_num = Asset.objects.filter(is_active=True).count()
# else:
# pass
request.session.set_expiry(3600)
info_dic = {'session_user_id': user_id,

View File

@ -7,6 +7,7 @@ import os
import sys
import os.path
import threading
import datetime
import urllib
import tornado.ioloop
@ -22,7 +23,7 @@ from tornado.options import define, options
from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE, IN_MODIFY, AsyncNotifier
import select
from connect import Tty, User, Asset, PermRole
from connect import Tty, User, Asset, PermRole, logger, get_object
from connect import TtyLog, Log, Session, user_have_perm
try:
@ -35,45 +36,49 @@ define("port", default=3000, help="run on the given port", type=int)
define("host", default='0.0.0.0', help="run port on", type=str)
def require_auth(func):
def _deco(request, *args, **kwargs):
if request.get_cookie('sessionid'):
session_key = request.get_cookie('sessionid')
else:
session_key = request.get_secure_cookie('sessionid')
def require_auth(role='user'):
def _deco(func):
def _deco(request, *args, **kwargs):
if request.get_cookie('sessionid'):
session_key = request.get_cookie('sessionid')
else:
session_key = request.get_secure_cookie('sessionid')
print "session: " + session_key
logger.debug('Websocket: session_key: ' + session_key)
if not session_key:
print('Auth Failed')
if session_key:
session = get_object(Session, session_key=session_key)
if session and datetime.datetime.now() > session.expire_date:
user_id = session.get_decoded().get('_auth_user_id')
user = get_object(User, id=user_id)
if user:
logger.debug('Websocket: user [ %s ] request websocket' % user.username)
request.user = user
if role == 'admin':
if user.role in ['SU', 'GA']:
return func(request, *args, **kwargs)
logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
else:
return func(request, *args, **kwargs)
request.close()
session = Session.objects.filter(session_key=session_key)
if not session:
print('Auth Failed')
request.close()
else:
session = session[0]
uid = session.get_decoded().get('_auth_user_id')
user = User.objects.filter(id=uid)
asset_id = int(request.get_argument('id', 9999))
print asset_id
asset = Asset.objects.filter(id=asset_id)
if asset:
asset = asset[0]
request.asset = asset
else:
request.close()
if user:
user = user[0]
request.user = user
else:
print("No session user.")
request.close()
return func(request, *args, **kwargs)
logger.warning('Websocket: Request auth failed.')
# asset_id = int(request.get_argument('id', 9999))
# print asset_id
# asset = Asset.objects.filter(id=asset_id)
# if asset:
# asset = asset[0]
# request.asset = asset
# else:
# request.close()
#
# if user:
# user = user[0]
# request.user = user
#
# else:
# print("No session user.")
# request.close()
return _deco
return _deco
@ -109,10 +114,10 @@ def file_monitor(path='.', client=None):
notifier = AsyncNotifier(wm, EventHandler(client))
wm.add_watch(path, mask, auto_add=True, rec=True)
if not os.path.isfile(path):
print "You should monitor a file"
logger.debug("File %s does not exist." % path)
sys.exit(3)
else:
print "now starting monitor %s." % path
logger.debug("Now starting monitor file %s." % path)
global f
f = open(path, 'r')
st_size = os.stat(path)[6]
@ -158,7 +163,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
def check_origin(self, origin):
return True
@require_auth
@require_auth('admin')
def open(self):
# 获取监控的path
self.file_path = self.get_argument('file_path', '')
@ -180,7 +185,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
print len(MonitorHandler.threads), len(MonitorHandler.clients)
logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients),
len(MonitorHandler.threads)))
def on_message(self, message):
# 监控日志,发生变动发向客户端
@ -190,10 +196,13 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
# 客户端主动关闭
# self.close()
print "Close websocket."
client_index = MonitorHandler.clients.index(self)
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
logger.debug("Websocket: Monitor client close request")
try:
client_index = MonitorHandler.clients.index(self)
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
except ValueError:
pass
class WebTty(Tty):
@ -206,6 +215,7 @@ class WebTty(Tty):
class WebTerminalKillHandler(tornado.web.RequestHandler):
@require_auth('admin')
def get(self):
ws_id = self.get_argument('id')
Log.objects.filter(id=ws_id).update(is_finished=True)
@ -228,7 +238,6 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
self.log_time_f = None
self.log = None
self.id = 0
self.asset = None
self.user = None
super(WebTerminalHandler, self).__init__(*args, **kwargs)
@ -237,19 +246,22 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@require_auth
def open(self):
print self.user, self.asset
role_name = self.get_argument('role', 'root')
roles = user_have_perm(self.user, self.asset)
login_role = ''
for role in roles:
if role.name == role_name:
login_role = role
break
print login_role
if not login_role:
print "no role"
self.close()
return
role_name = self.get_argument('role', 'sb')
asset_id = self.get_argument('id', 9999)
asset = get_object(Asset, id=asset_id)
if asset:
roles = user_have_perm(self.user, asset)
login_role = ''
for role in roles:
if role.name == role_name:
login_role = role
break
if not login_role:
logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.name,
self.user.username))
self.close()
return
logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % ())
# Todo: 判断
self.term = WebTty(self.user, self.asset, login_role)
self.term.get_connection()

View File

@ -179,10 +179,10 @@
url: url,
data: {},
success: function(data){
console.log(data);
var dataArray = data.split(',');
if (dataArray.length == 1 && data != 'error'){
window.open(new_url + data, '播放', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no');
console.log('one');
window.open(new_url + data, '', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no');
} else if (dataArray.length == '1' && data == 'error'){
layer.alert('没有授权角色')
} else {

View File

@ -79,11 +79,9 @@
<th class="text-center"> 用户名 </th>
<th class="text-center"> 登录主机 </th>
<th class="text-center"> 来源IP </th>
{% ifnotequal session_role_id 0 %}
<th class="text-center"> 统计命令 </th>
<th class="text-center"> 实时监控 </th>
<th class="text-center"> 阻断 </th>
{% endifnotequal %}
<th class="text-center"> 统计命令 </th>
<th class="text-center"> 实时监控 </th>
<th class="text-center"> 阻断 </th>
<th class="text-center"> 登录时间 </th>
</tr>
@ -94,11 +92,9 @@
<td id="username" class="text-center"> {{ post.user }} </td>
<td id="ip" class="text-center"> {{ post.host }} </td>
<td id="remote_ip" class="text-center"> {{ post.remote_ip }} </td>
{% ifnotequal session_role_id 0 %}
<td class="text-center"><a href="/jlog/history/?id={{ post.id }}" class="log_command"> 命令统计 </a></td>
<td class="text-center"><a class="monitor" file_path="{{ post.log_path }}"> 监控 </a></td>
<td class="text-center"><input type="button" id="cut" class="btn btn-danger btn-xs" name="cut" value="阻断" onclick='cut("{{ post.pid }}", "{{ post.remote_ip }}")' /></td>
{% endifnotequal %}
<td class="text-center"><a href="/jlog/history/?id={{ post.id }}" class="log_command"> 命令统计 </a></td>
<td class="text-center"><a class="monitor" file_path="{{ post.log_path }}"> 监控 </a></td>
<td class="text-center"><input type="button" id="cut" class="btn btn-danger btn-xs" name="cut" value="阻断" onclick='cut("{{ post.pid }}", "{{ post.remote_ip }}")' /></td>
<td class="text-center" id="start_time"> {{ post.start_time|date:"Y-m-d H:i:s" }} </td>
</tr>
{% endfor %}
@ -188,10 +184,6 @@
}});
return false;
});
$('#test_connect').click(function(){
window.open('/jlog/web_terminal/?asset_name="hello', '播放', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no');
});
});
{# function log_search(){#}