github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into dev

pull/31/head
ibuler 2015-12-26 10:53:01 +08:00
parent 18da6f69a2 9eb64466bc
commit b370f01551
10 changed files with 58 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -58,12 +58,7 @@ Web批量执行命令
### 团队
* **广宏伟** ibuler
* **王墉** halcyon
* **陈尚委** 假想控
* **喻茂峻** 紫川秀
* **刘正** evanescunt
* **柯连春** 遍地节操
![](https://github.com/ibuler/static/raw/master/jumpserver3/team.jpg)

2
connect.py
View File

@ -32,7 +32,7 @@ from jperm.ansible_api import MyRunner
from jlog.models import ExecLog, FileLog
login_user = get_object(User, username=getpass.getuser())
remote_ip = os.popen("who -m | awk '{ print $5 }'").read().strip('()\n')
remote_ip = os.popen("who -m | awk '{ print $NF }'").read().strip('()\n')
try:
import termios

4
install/install.py
View File

@ -6,7 +6,7 @@ import time
import os
import sys
import MySQLdb
from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError
from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError, SMTPSenderRefused
import ConfigParser
import socket
import fcntl
@ -127,7 +127,7 @@ class PreSetup(object):
smtp.quit()
return True
except (SMTPAuthenticationError, socket.timeout, socket.gaierror), e:
except (SMTPAuthenticationError, socket.timeout, socket.gaierror, SMTPSenderRefused, SMTPConnectError), e:
color_print(e, 'red')
return False

12
install/next.py
View File

@ -7,6 +7,7 @@ import django
from django.core.management import execute_from_command_line
import shutil
import urllib
import socket
jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
sys.path.append(jms_dir)
@ -19,6 +20,8 @@ from juser.user_api import db_add_user, get_object, User
from install import color_print
from jumpserver.api import get_mac_address
socket.setdefaulttimeout(2)
class Setup(object):
"""
@ -33,8 +36,11 @@ class Setup(object):
def _pull():
color_print('开始更新jumpserver', 'green')
# bash('git pull')
mac = get_mac_address()
version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac)
try:
mac = get_mac_address()
version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac)
except:
pass
os.chdir(jms_dir)
os.chmod('logs', 0777)
os.chmod('keys', 0777)
@ -83,7 +89,7 @@ class Setup(object):
def _run_service():
os.system('sh %s start' % os.path.join(jms_dir, 'service.sh'))
print
color_print('安装成功请访问web, 祝你使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档')
color_print('安装成功请访问web, 祝你使用愉快。\n请访问 https://github.com/ibuler/jumpserver 查看文档', 'green')
def start(self):
print "开始安装Jumpserver, 要求环境为 CentOS 6.5 x86_64"

6
jperm/perm_api.py
View File

@ -29,7 +29,10 @@ def get_group_user_perm(ob):
"""
perm = {}
if isinstance(ob, User):
rule_all = PermRule.objects.filter(user=ob)
rule_all = set(PermRule.objects.filter(user=ob))
for user_group in ob.group.all():
rule_all = rule_all.union(set(PermRule.objects.filter(user_group=user_group)))
elif isinstance(ob, UserGroup):
rule_all = PermRule.objects.filter(user_group=ob)
else:
@ -80,6 +83,7 @@ def get_group_user_perm(ob):
else:
perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()),
'rule': perm_asset_group[asset_group].get('rule', set())}
print perm
return perm

2
jperm/views.py
View File

@ -681,7 +681,7 @@ def perm_role_get(request):
asset = get_object(Asset, id=asset_id)
if asset:
role = user_have_perm(request.user, asset=asset)
logger.debug('#' + ','.join([i.name for i in role]) + '#')
logger.debug(u'获取授权系统用户: ' + ','.join([i.name for i in role]))
return HttpResponse(','.join([i.name for i in role]))
else:
roles = get_group_user_perm(request.user).get('role').keys()

2
jumpserver.conf
View File

@ -19,5 +19,5 @@ email_host = smtp.qq.com
email_port = 25
email_host_user = xxxxxxxx@qq.com
email_host_password = xxxxxx
email_use_tls = True
email_use_tls = False

2
jumpserver/api.py
View File

@ -165,7 +165,7 @@ class PyCrypt(object):
self.mode = AES.MODE_CBC
@staticmethod
def gen_rand_pass(length, especial=False):
def gen_rand_pass(length=16, especial=False):
"""
random password
随机生成密码

53
run_websocket.py
View File

@ -33,7 +33,7 @@ except ImportError:
define("port", default=3000, help="run on the given port", type=int)
define("host", default='0.0.0.0', help="run port on", type=str)
define("host", default='0.0.0.0', help="run port on given host", type=str)
def require_auth(role='user'):
@ -44,29 +44,28 @@ def require_auth(role='user'):
else:
session_key = request.get_argument('sessionid', '')
logger.debug('Websocket: session_key: %s' % session_key)
logger.debug(u'请求session_key: %s' % session_key)
if session_key:
session = get_object(Session, session_key=session_key)
logger.debug('Websocket: session: %s' % session)
if session and datetime.datetime.now() < session.expire_date:
user_id = session.get_decoded().get('_auth_user_id')
user = get_object(User, id=user_id)
if user:
logger.debug('Websocket: user [ %s ] request websocket' % user.username)
logger.debug(u'用户 [ %s ] 请求websocket' % user.username)
request.user = user
if role == 'admin':
if user.role in ['SU', 'GA']:
return func(request, *args, **kwargs)
logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
logger.debug(u'用户 [ %s ] 不是admin.' % user.username)
else:
return func(request, *args, **kwargs)
else:
logger.debug('Websocket: session expired: %s' % session_key)
logger.debug(u'session过期 %s' % session_key)
try:
request.close()
except AttributeError:
pass
logger.warning('Websocket: Request auth failed.')
logger.warning('认证失败,非法请求')
return _deco2
return _deco
@ -96,10 +95,10 @@ def file_monitor(path='.', client=None):
notifier = AsyncNotifier(wm, EventHandler(client))
wm.add_watch(path, mask, auto_add=True, rec=True)
if not os.path.isfile(path):
logger.debug("File %s does not exist." % path)
logger.debug(u"文件 %s 不存在." % path)
sys.exit(3)
else:
logger.debug("Now starting monitor file %s." % path)
logger.debug(u"开始监控文件 %s." % path)
global f
f = open(path, 'r')
st_size = os.stat(path)[6]
@ -149,8 +148,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients),
len(MonitorHandler.threads)))
logger.debug(u"监控在线数量: %s, 线程数量: %s" % (len(MonitorHandler.clients),
len(MonitorHandler.threads)))
def on_message(self, message):
# 监控日志,发生变动发向客户端
@ -160,7 +159,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
# 客户端主动关闭
# self.close()
logger.debug("Websocket: Monitor client close request")
logger.debug("监控请求关闭")
try:
client_index = MonitorHandler.clients.index(self)
MonitorHandler.clients.remove(self)
@ -184,10 +183,10 @@ class WebTerminalKillHandler(tornado.web.RequestHandler):
Log.objects.filter(id=ws_id).update(is_finished=True)
for ws in WebTerminalHandler.clients:
if ws.id == int(ws_id):
logger.debug("Kill log id %s" % ws_id)
logger.debug(u"终结logID %s" % ws_id)
ws.log.save()
ws.close()
logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients))
logger.debug(u'WebTerminal在线数量: %s' % len(WebTerminalHandler.clients))
class ExecHandler(tornado.websocket.WebSocketHandler):
@ -209,7 +208,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
@require_auth('user')
def open(self):
logger.debug('Websocket: Open exec request')
logger.debug('web批量命令执行请求')
role_name = self.get_argument('role', 'sb')
self.remote_ip = self.request.remote_ip
logger.debug('Web执行命令: 请求系统用户 %s' % role_name)
@ -255,7 +254,6 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
for k, v in self.runner.results.items():
for host, output in v.items():
output = newline_pattern.sub('<br />', output)
logger.debug(output)
if k == 'ok':
header = "<span style='color: green'>[ %s => %s]</span>\n" % (host, 'Ok')
else:
@ -266,7 +264,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
self.write_message('\n~o~ Task finished ~o~\n')
def on_close(self):
logger.debug('关闭web_exec请求')
logger.debug('关闭web批量命令请求')
class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@ -289,30 +287,31 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@require_auth('user')
def open(self):
logger.debug('Websocket: Open request')
logger.debug('WebTerminal请求')
role_name = self.get_argument('role', 'sb')
asset_id = self.get_argument('id', 9999)
asset = get_object(Asset, id=asset_id)
if asset:
roles = user_have_perm(self.user, asset)
logger.debug(roles)
logger.debug('系统用户: %s' % role_name)
logger.debug('请求系统用户: %s' % role_name)
login_role = ''
for role in roles:
if role.name == role_name:
login_role = role
break
if not login_role:
logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname,
self.user.username))
logger.warning(u'%s 这台主机上没有为用户%s 授权系统用户%s ' % (asset.hostname,
self.user.username,
role_name))
self.close()
return
else:
logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username))
logger.warning(u'没有授权该主机 %s' % asset_id)
self.close()
return
logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
login_role.name))
logger.debug('web terminal 请求主机: %s 用户: %s 系统用户: %s' % (asset.hostname,
self.user.username,
login_role.name))
self.term = WebTty(self.user, asset, login_role, login_type='web')
self.term.remote_ip = self.request.remote_ip
self.ssh = self.term.get_connection()
@ -352,7 +351,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
self.channel.send(data['data'])
def on_close(self):
logger.debug('Websocket: Close request')
logger.debug('关闭websocket请求')
if self in WebTerminalHandler.clients:
WebTerminalHandler.clients.remove(self)
try:
@ -425,6 +424,6 @@ if __name__ == '__main__':
server = tornado.httpserver.HTTPServer(app)
server.bind(options.port, options.host)
#server.listen(options.port)
server.start(num_processes=10)
#server.start(num_processes=5)
print "Run server on %s:%s" % (options.host, options.port)
tornado.ioloop.IOLoop.instance().start()

28
service.sh
View File

@ -27,7 +27,7 @@ start() {
else
daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 &
daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 &
sleep 2
sleep 4
echo -n "$jump_start"
nums=0
@ -53,23 +53,17 @@ stop() {
echo -n $"Stopping ${PROC_NAME} service:"
if [ -e $lockfile ];then
ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null
ret=$?
if [ $ret -eq 0 ]; then
echo_success
echo
rm -f "$lockfile"
else
echo_failure
echo
rm -f "$lockfile"
fi
ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null
ret=$?
if [ $ret -eq 0 ]; then
echo_success
echo
rm -f "$lockfile"
else
echo_success
echo
echo_failure
echo
rm -f "$lockfile"
fi
}