From 7113852cd689d8f7dbb04671a106eefc955a2ef4 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 21 Dec 2015 10:25:51 +0800 Subject: [PATCH 01/13] update README --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 84d22c8ef..8003e2de2 100644 --- a/README.md +++ b/README.md @@ -30,9 +30,10 @@ Web批量执行命令 ### 文档 * [访问wiki](https://github.com/ibuler/jumpserver/wiki) -* [快速安装](https://github.com/ibuler/jumpserver/wiki/快速安装) -* [名词解释](https://github.com/ibuler/jumpserver/wiki/名称解释) -* [快速开始](https://github.com/ibuler/jumpserver/wiki/快速开始) +* [快速安装](https://github.com/ibuler/jumpserver/wiki/Quickinstall) +* [名词解释](https://github.com/ibuler/jumpserver/wiki/Termexplain) +* [快速开始](https://github.com/ibuler/jumpserver/wiki/Quickstart) +* [更新Log](https://github.com/ibuler/jumpserver/wiki/Changelog) ### 特点 From f17001e86c9d700bfe420eccdbf1b2da09439195 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 21 Dec 2015 11:12:52 +0800 Subject: [PATCH 02/13] fix comment --- run_websocket.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run_websocket.py b/run_websocket.py index 7af850f24..810d71436 100755 --- a/run_websocket.py +++ b/run_websocket.py @@ -33,7 +33,7 @@ except ImportError: define("port", default=3000, help="run on the given port", type=int) -define("host", default='0.0.0.0', help="run port on", type=str) +define("host", default='0.0.0.0', help="run port on given host", type=str) def require_auth(role='user'): From a7e2592fa8efdd6b3d23fdec6fbf561abea3328d Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 21 Dec 2015 12:18:36 +0800 Subject: [PATCH 03/13] fix install bug --- install/next.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/install/next.py b/install/next.py index 56fe3c4f1..d4ff02429 100755 --- a/install/next.py +++ b/install/next.py @@ -7,6 +7,7 @@ import django from django.core.management import execute_from_command_line import shutil import urllib +import socket jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__))) sys.path.append(jms_dir) @@ -19,6 +20,8 @@ from juser.user_api import db_add_user, get_object, User from install import color_print from jumpserver.api import get_mac_address +socket.setdefaulttimeout(2) + class Setup(object): """ @@ -33,8 +36,11 @@ class Setup(object): def _pull(): color_print('开始更新jumpserver', 'green') # bash('git pull') - mac = get_mac_address() - version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac) + try: + mac = get_mac_address() + version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac) + except: + pass os.chdir(jms_dir) os.chmod('logs', 0777) os.chmod('keys', 0777) From 835e32b1cc408abdfe48cf4182d1fc007d081ef6 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 21 Dec 2015 14:28:12 +0800 Subject: [PATCH 04/13] =?UTF-8?q?service.sh=20=E8=84=9A=E6=9C=AC=E4=BF=AE?= =?UTF-8?q?=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- run_websocket.py | 2 +- service.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/run_websocket.py b/run_websocket.py index 810d71436..3349fda71 100755 --- a/run_websocket.py +++ b/run_websocket.py @@ -425,6 +425,6 @@ if __name__ == '__main__': server = tornado.httpserver.HTTPServer(app) server.bind(options.port, options.host) #server.listen(options.port) - server.start(num_processes=10) + server.start(num_processes=5) print "Run server on %s:%s" % (options.host, options.port) tornado.ioloop.IOLoop.instance().start() diff --git a/service.sh b/service.sh index c86d1c413..f25e1b67a 100755 --- a/service.sh +++ b/service.sh @@ -27,7 +27,7 @@ start() { else daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 & daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 & - sleep 2 + sleep 4 echo -n "$jump_start" nums=0 From 42f6392cc44736349e057e403529ec1315e3398b Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 21 Dec 2015 16:10:07 +0800 Subject: [PATCH 05/13] fix install script bug --- install/next.py | 2 +- service.sh | 26 ++++++++++---------------- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/install/next.py b/install/next.py index d4ff02429..58ae3ead5 100755 --- a/install/next.py +++ b/install/next.py @@ -89,7 +89,7 @@ class Setup(object): def _run_service(): os.system('sh %s start' % os.path.join(jms_dir, 'service.sh')) print - color_print('安装成功,请访问web, 祝你使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档') + color_print('安装成功,请访问web, 祝你使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档', 'green') def start(self): print "开始安装Jumpserver, 要求环境为 CentOS 6.5 x86_64" diff --git a/service.sh b/service.sh index f25e1b67a..b2d9b34ae 100755 --- a/service.sh +++ b/service.sh @@ -53,23 +53,17 @@ stop() { echo -n $"Stopping ${PROC_NAME} service:" - if [ -e $lockfile ];then - ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null - ret=$? - - if [ $ret -eq 0 ]; then - echo_success - echo - rm -f "$lockfile" - else - echo_failure - echo - rm -f "$lockfile" - fi + ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null + ret=$? + + if [ $ret -eq 0 ]; then + echo_success + echo + rm -f "$lockfile" else - echo_success - echo - + echo_failure + echo + rm -f "$lockfile" fi } From 7adcb11f1d8412ba6f38c0fb3d14359db414b242 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 21 Dec 2015 16:58:30 +0800 Subject: [PATCH 06/13] comment newline --- install/next.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/next.py b/install/next.py index 58ae3ead5..62814ee67 100755 --- a/install/next.py +++ b/install/next.py @@ -89,7 +89,7 @@ class Setup(object): def _run_service(): os.system('sh %s start' % os.path.join(jms_dir, 'service.sh')) print - color_print('安装成功,请访问web, 祝你使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档', 'green') + color_print('安装成功,请访问web, 祝你使用愉快。\n请访问 https://github.com/ibuler/jumpserver 查看文档', 'green') def start(self): print "开始安装Jumpserver, 要求环境为 CentOS 6.5 x86_64" From 3f9a9157f4f624e88ef6f2cb6684e9247f634b22 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 22 Dec 2015 15:56:39 +0800 Subject: [PATCH 07/13] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=BA=A4=E6=B5=81?= =?UTF-8?q?=E7=BE=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8003e2de2..9e9b3f982 100644 --- a/README.md +++ b/README.md @@ -67,5 +67,6 @@ Web批量执行命令 * **柯连春** 遍地节操 - - +### 交流qq群 +399218702 JumpServer 交流群2 +390139816 JumpServer 交流群(满) From 79994e13c7e4df6e18883deaf7efa1f7d16b67d3 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 22 Dec 2015 15:57:16 +0800 Subject: [PATCH 08/13] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=BA=A4=E6=B5=81?= =?UTF-8?q?=E7=BE=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9e9b3f982..46280c82b 100644 --- a/README.md +++ b/README.md @@ -69,4 +69,5 @@ Web批量执行命令 ### 交流qq群 399218702 JumpServer 交流群2 + 390139816 JumpServer 交流群(满) From 13d325e25902bd29a163c9bcafb5bdc250943c70 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 22 Dec 2015 17:18:53 +0800 Subject: [PATCH 09/13] =?UTF-8?q?=E6=8D=95=E6=8D=89smtp=E5=BC=82=E5=B8=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install/install.py | 4 ++-- jumpserver.conf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/install/install.py b/install/install.py index 9d2c13ed7..4d70f7e78 100755 --- a/install/install.py +++ b/install/install.py @@ -6,7 +6,7 @@ import time import os import sys import MySQLdb -from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError +from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError, SMTPSenderRefused import ConfigParser import socket import fcntl @@ -127,7 +127,7 @@ class PreSetup(object): smtp.quit() return True - except (SMTPAuthenticationError, socket.timeout, socket.gaierror), e: + except (SMTPAuthenticationError, socket.timeout, socket.gaierror, SMTPSenderRefused, SMTPConnectError), e: color_print(e, 'red') return False diff --git a/jumpserver.conf b/jumpserver.conf index 4173bdc36..f184a246f 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -19,5 +19,5 @@ email_host = smtp.qq.com email_port = 25 email_host_user = xxxxxxxx@qq.com email_host_password = xxxxxx -email_use_tls = True +email_use_tls = False From 9efd42d4ed698ef2af4cb1fdf496ac9a0baa0742 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 22 Dec 2015 22:49:59 +0800 Subject: [PATCH 10/13] =?UTF-8?q?=E6=B7=BB=E5=8A=A0team=E7=85=A7=E7=89=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 46280c82b..84b5954fd 100644 --- a/README.md +++ b/README.md @@ -30,10 +30,9 @@ Web批量执行命令 ### 文档 * [访问wiki](https://github.com/ibuler/jumpserver/wiki) -* [快速安装](https://github.com/ibuler/jumpserver/wiki/Quickinstall) -* [名词解释](https://github.com/ibuler/jumpserver/wiki/Termexplain) -* [快速开始](https://github.com/ibuler/jumpserver/wiki/Quickstart) -* [更新Log](https://github.com/ibuler/jumpserver/wiki/Changelog) +* [快速安装](https://github.com/ibuler/jumpserver/wiki/快速安装) +* [名词解释](https://github.com/ibuler/jumpserver/wiki/名称解释) +* [快速开始](https://github.com/ibuler/jumpserver/wiki/快速开始) ### 特点 @@ -59,15 +58,8 @@ Web批量执行命令 ### 团队 -* **广宏伟** ibuler -* **王墉** halcyon -* **陈尚委** 假想控 -* **喻茂峻** 紫川秀 -* **刘正** evanescunt -* **柯连春** 遍地节操 +![](https://github.com/ibuler/static/raw/master/jumpserver3/team.jpg) + -### 交流qq群 -399218702 JumpServer 交流群2 -390139816 JumpServer 交流群(满) From 71116bc525ee93934cea62c3e7c3db4712b13b2d Mon Sep 17 00:00:00 2001 From: chi-chi weng <949409306@qq.com> Date: Wed, 23 Dec 2015 15:17:14 +0800 Subject: [PATCH 11/13] fix remote ip bug fix remote ip bug --- connect.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connect.py b/connect.py index 1d52a75d9..e38dfa751 100755 --- a/connect.py +++ b/connect.py @@ -32,7 +32,7 @@ from jperm.ansible_api import MyRunner from jlog.models import ExecLog, FileLog login_user = get_object(User, username=getpass.getuser()) -remote_ip = os.popen("who -m | awk '{ print $5 }'").read().strip('()\n') +remote_ip = os.popen("who -m | awk '{ print $NF }'").read().strip('()\n') try: import termios From f63b75c01bce572e57831cc8691044d7b0b78b42 Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 24 Dec 2015 11:31:05 +0800 Subject: [PATCH 12/13] =?UTF-8?q?fix=20=E9=9A=8F=E6=9C=BA=E5=AF=86?= =?UTF-8?q?=E7=A0=81=E9=BB=98=E8=AE=A4=E9=95=BF=E5=BA=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jumpserver/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jumpserver/api.py b/jumpserver/api.py index 646aeeeb2..68a013870 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -165,7 +165,7 @@ class PyCrypt(object): self.mode = AES.MODE_CBC @staticmethod - def gen_rand_pass(length, especial=False): + def gen_rand_pass(length=16, especial=False): """ random password 随机生成密码 From 9eb64466bc66440abe5b5668ad014c1f77fa4ef5 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 25 Dec 2015 20:26:31 +0800 Subject: [PATCH 13/13] fix user perm group perm --- jperm/perm_api.py | 6 +++++- jperm/views.py | 2 +- run_websocket.py | 51 +++++++++++++++++++++++------------------------ 3 files changed, 31 insertions(+), 28 deletions(-) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index e34de01ad..c444b952a 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -29,7 +29,10 @@ def get_group_user_perm(ob): """ perm = {} if isinstance(ob, User): - rule_all = PermRule.objects.filter(user=ob) + rule_all = set(PermRule.objects.filter(user=ob)) + for user_group in ob.group.all(): + rule_all = rule_all.union(set(PermRule.objects.filter(user_group=user_group))) + elif isinstance(ob, UserGroup): rule_all = PermRule.objects.filter(user_group=ob) else: @@ -80,6 +83,7 @@ def get_group_user_perm(ob): else: perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()), 'rule': perm_asset_group[asset_group].get('rule', set())} + print perm return perm diff --git a/jperm/views.py b/jperm/views.py index 10e6b3fd7..e13d55746 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -667,7 +667,7 @@ def perm_role_get(request): asset = get_object(Asset, id=asset_id) if asset: role = user_have_perm(request.user, asset=asset) - logger.debug('#' + ','.join([i.name for i in role]) + '#') + logger.debug(u'获取授权系统用户: ' + ','.join([i.name for i in role])) return HttpResponse(','.join([i.name for i in role])) else: roles = get_group_user_perm(request.user).get('role').keys() diff --git a/run_websocket.py b/run_websocket.py index 3349fda71..c77ae6077 100755 --- a/run_websocket.py +++ b/run_websocket.py @@ -44,29 +44,28 @@ def require_auth(role='user'): else: session_key = request.get_argument('sessionid', '') - logger.debug('Websocket: session_key: %s' % session_key) + logger.debug(u'请求session_key: %s' % session_key) if session_key: session = get_object(Session, session_key=session_key) - logger.debug('Websocket: session: %s' % session) if session and datetime.datetime.now() < session.expire_date: user_id = session.get_decoded().get('_auth_user_id') user = get_object(User, id=user_id) if user: - logger.debug('Websocket: user [ %s ] request websocket' % user.username) + logger.debug(u'用户 [ %s ] 请求websocket' % user.username) request.user = user if role == 'admin': if user.role in ['SU', 'GA']: return func(request, *args, **kwargs) - logger.debug('Websocket: user [ %s ] is not admin.' % user.username) + logger.debug(u'用户 [ %s ] 不是admin.' % user.username) else: return func(request, *args, **kwargs) else: - logger.debug('Websocket: session expired: %s' % session_key) + logger.debug(u'session过期 %s' % session_key) try: request.close() except AttributeError: pass - logger.warning('Websocket: Request auth failed.') + logger.warning('认证失败,非法请求') return _deco2 return _deco @@ -96,10 +95,10 @@ def file_monitor(path='.', client=None): notifier = AsyncNotifier(wm, EventHandler(client)) wm.add_watch(path, mask, auto_add=True, rec=True) if not os.path.isfile(path): - logger.debug("File %s does not exist." % path) + logger.debug(u"文件 %s 不存在." % path) sys.exit(3) else: - logger.debug("Now starting monitor file %s." % path) + logger.debug(u"开始监控文件 %s." % path) global f f = open(path, 'r') st_size = os.stat(path)[6] @@ -149,8 +148,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): MonitorHandler.clients.remove(self) MonitorHandler.threads.remove(MonitorHandler.threads[client_index]) - logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients), - len(MonitorHandler.threads))) + logger.debug(u"监控在线数量: %s, 线程数量: %s" % (len(MonitorHandler.clients), + len(MonitorHandler.threads))) def on_message(self, message): # 监控日志,发生变动发向客户端 @@ -160,7 +159,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): # 客户端主动关闭 # self.close() - logger.debug("Websocket: Monitor client close request") + logger.debug("监控请求关闭") try: client_index = MonitorHandler.clients.index(self) MonitorHandler.clients.remove(self) @@ -184,10 +183,10 @@ class WebTerminalKillHandler(tornado.web.RequestHandler): Log.objects.filter(id=ws_id).update(is_finished=True) for ws in WebTerminalHandler.clients: if ws.id == int(ws_id): - logger.debug("Kill log id %s" % ws_id) + logger.debug(u"终结logID %s" % ws_id) ws.log.save() ws.close() - logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients)) + logger.debug(u'WebTerminal在线数量: %s' % len(WebTerminalHandler.clients)) class ExecHandler(tornado.websocket.WebSocketHandler): @@ -209,7 +208,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler): @require_auth('user') def open(self): - logger.debug('Websocket: Open exec request') + logger.debug('web批量命令执行请求') role_name = self.get_argument('role', 'sb') self.remote_ip = self.request.remote_ip logger.debug('Web执行命令: 请求系统用户 %s' % role_name) @@ -255,7 +254,6 @@ class ExecHandler(tornado.websocket.WebSocketHandler): for k, v in self.runner.results.items(): for host, output in v.items(): output = newline_pattern.sub('
', output) - logger.debug(output) if k == 'ok': header = "[ %s => %s]\n" % (host, 'Ok') else: @@ -266,7 +264,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler): self.write_message('\n~o~ Task finished ~o~\n') def on_close(self): - logger.debug('关闭web_exec请求') + logger.debug('关闭web批量命令请求') class WebTerminalHandler(tornado.websocket.WebSocketHandler): @@ -289,30 +287,31 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): @require_auth('user') def open(self): - logger.debug('Websocket: Open request') + logger.debug('WebTerminal请求') role_name = self.get_argument('role', 'sb') asset_id = self.get_argument('id', 9999) asset = get_object(Asset, id=asset_id) if asset: roles = user_have_perm(self.user, asset) - logger.debug(roles) - logger.debug('系统用户: %s' % role_name) + logger.debug('请求系统用户: %s' % role_name) login_role = '' for role in roles: if role.name == role_name: login_role = role break if not login_role: - logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname, - self.user.username)) + logger.warning(u'在%s 这台主机上没有为用户%s 授权系统用户%s ' % (asset.hostname, + self.user.username, + role_name)) self.close() return else: - logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username)) + logger.warning(u'没有授权该主机 %s' % asset_id) self.close() return - logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username, - login_role.name)) + logger.debug('web terminal 请求主机: %s 用户: %s 系统用户: %s' % (asset.hostname, + self.user.username, + login_role.name)) self.term = WebTty(self.user, asset, login_role, login_type='web') self.term.remote_ip = self.request.remote_ip self.ssh = self.term.get_connection() @@ -352,7 +351,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): self.channel.send(data['data']) def on_close(self): - logger.debug('Websocket: Close request') + logger.debug('关闭websocket请求') if self in WebTerminalHandler.clients: WebTerminalHandler.clients.remove(self) try: @@ -425,6 +424,6 @@ if __name__ == '__main__': server = tornado.httpserver.HTTPServer(app) server.bind(options.port, options.host) #server.listen(options.port) - server.start(num_processes=5) + #server.start(num_processes=5) print "Run server on %s:%s" % (options.host, options.port) tornado.ioloop.IOLoop.instance().start()