github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

添加用户后发送密码

pull/6/head
guanghongwei 2015-04-15 17:32:30 +08:00
parent 3424bef5d0
commit c08cee8052
7 changed files with 87 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
jperm/views.py
View File

@ -3,7 +3,6 @@ import sys
reload(sys) reload(sys)
sys.setdefaultencoding('utf8') sys.setdefaultencoding('utf8')
from django.core.mail import send_mail
from django.shortcuts import render_to_response from django.shortcuts import render_to_response
from django.template import RequestContext from django.template import RequestContext
from jperm.models import Perm, SudoPerm, CmdGroup, Apply from jperm.models import Perm, SudoPerm, CmdGroup, Apply
@ -11,12 +10,6 @@ from django.db.models import Q
from jumpserver.api import * from jumpserver.api import *
CONF = ConfigParser()
CONF.read('%s/jumpserver.conf' % BASE_DIR)
send_ip = CONF.get('base', 'ip')
send_port = CONF.get('base', 'port')
def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''): def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
asset_groups_select_list = [] asset_groups_select_list = []
cmd_groups_select_list = [] cmd_groups_select_list = []
@ -701,7 +694,7 @@ def perm_apply(request):
time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment) a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment)
uuid = a.uuid uuid = a.uuid
url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (send_ip, send_port, uuid) url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
mail_msg = """ mail_msg = """
Hi,%s: Hi,%s:
鏈夋柊鐨勬潈闄愮敵璇, 璇︽儏濡備笅: 鏈夋柊鐨勬潈闄愮敵璇, 璇︽儏濡備笅:
@ -715,7 +708,7 @@ def perm_apply(request):
%s %s
""" % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url) """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False) send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
smg = "鎻愪氦鎴愬姛,宸插彂閭欢閫氱煡閮ㄩ棬绠$悊鍛樸" smg = "鎻愪氦鎴愬姛,宸插彂閭欢閫氱煡閮ㄩ棬绠$悊鍛樸"
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))

12
jumpserver.conf
View File

@ -3,6 +3,8 @@
[base] [base]
ip = 192.168.173.129 ip = 192.168.173.129
port = 80 port = 80
key = 88aaaf7ffe3c6c04
[db] [db]
@ -25,13 +27,9 @@ root_pw = secret234
web_socket_host = 192.168.20.209:3000 web_socket_host = 192.168.20.209:3000
[web]
key = 88aaaf7ffe3c6c04
[mail] [mail]
email_host = smtp.qq.com email_host = smtp.exmail.qq.com
email_port = 25 email_port = 25
email_host_user = jumpserver@qq.com email_host_user = noreply@jumpserver.org
email_host_password = jumpserver.org email_host_password = jumpserver123
email_use_tls = False email_use_tls = False

24
jumpserver/api.py
View File

@ -19,6 +19,7 @@ from jasset.models import Asset, BisGroup, IDC
from jlog.models import Log from jlog.models import Log
from jasset.models import AssetAlias from jasset.models import AssetAlias
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.core.mail import send_mail
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
@ -27,18 +28,12 @@ CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs') LOG_DIR = os.path.join(BASE_DIR, 'logs')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('web', 'key') KEY = CONF.get('base', 'key')
LOGIN_NAME = getpass.getuser() LOGIN_NAME = getpass.getuser()
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
SEND_IP = CONF.get('base', 'ip')
SEND_PORT = CONF.get('base', 'port')
# def user_perm_group_api(username): MAIL_FROM = CONF.get('mail', 'email_host_user')
# user = User.objects.get(username=username)
# if user:
# perm_list = []
# user_group_all = user.group.all()
# for user_group in user_group_all:
# perm_list.extend(user_group.perm_set.all())
class LDAPMgmt(): class LDAPMgmt():
@ -201,6 +196,9 @@ def require_login(func):
def require_super_user(func): def require_super_user(func):
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) != 2: if request.session.get('role_id', 0) != 2:
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
@ -209,6 +207,9 @@ def require_super_user(func):
def require_admin(func): def require_admin(func):
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) < 1: if request.session.get('role_id', 0) < 1:
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
@ -267,7 +268,8 @@ def view_splitter(request, su=None, adm=None):
return su(request) return su(request)
elif is_group_admin(request): elif is_group_admin(request):
return adm(request) return adm(request)
raise Http404 else:
return HttpResponseRedirect('/login/')
def user_perm_group_api(username): def user_perm_group_api(username):

2
jumpserver/views.py
View File

@ -50,7 +50,7 @@ def index_cu(request):
user = user[0] user = user[0]
login_types = {'L': 'LDAP', 'M': 'MAP'} login_types = {'L': 'LDAP', 'M': 'MAP'}
user_id = request.session.get('user_id') user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).name username = User.objects.get(id=user_id).username
posts = user_perm_asset_api(username) posts = user_perm_asset_api(username)
host_count = len(posts) host_count = len(posts)
new_posts = [] new_posts = []

70
juser/views.py
View File

@ -68,6 +68,7 @@ def db_add_user(**kwargs):
group = UserGroup.objects.filter(id=group_id) group = UserGroup.objects.filter(id=group_id)
group_select.extend(group) group_select.extend(group)
user.group = group_select user.group = group_select
return user
def db_update_user(**kwargs): def db_update_user(**kwargs):
@ -153,18 +154,8 @@ def ldap_add_user(username, ldap_pwd):
'userPassword': ['{crypt}x'], 'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]} 'gidNumber': [str(user.id)]}
# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
# sudo_attr = {'objectClass': ['top', 'sudoRole'],
# 'cn': ['%s' % str(username)],
# 'sudoCommand': ['/bin/pwd'],
# 'sudoHost': ['192.168.1.1'],
# 'sudoOption': ['!authenticate'],
# 'sudoRunAsUser': ['root'],
# 'sudoUser': ['%s' % str(username)]}
ldap_conn.add(user_dn, user_attr) ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr) ldap_conn.add(group_dn, group_attr)
# ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username): def ldap_del_user(username):
@ -602,13 +593,13 @@ def user_add(request):
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username', '') username = request.POST.get('username', '')
password = request.POST.get('password', '') password = gen_rand_pwd(16)
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
dept_id = request.POST.get('dept_id') dept_id = request.POST.get('dept_id')
groups = request.POST.getlist('groups', []) groups = request.POST.getlist('groups', [])
role_post = request.POST.get('role', 'CU') role_post = request.POST.get('role', 'CU')
ssh_key_pwd = request.POST.get('ssh_key_pwd', '') ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
@ -632,19 +623,30 @@ def user_add(request):
pass pass
else: else:
try: try:
db_add_user(username=username, user = db_add_user(username=username,
password=md5_crypt(password), password=md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role=role_post, groups=groups, role=role_post,
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd), ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd) server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛' % username mail_title = u'鎭枩浣犵殑璺虫澘鏈虹敤鎴锋坊鍔犳垚鍔 Jumpserver'
mail_msg = """
Hi, %s
鎮ㄧ殑鐢ㄦ埛鍚 %s
鎮ㄧ殑閮ㄩ棬: %s
鎮ㄧ殑瑙掕壊 %s
鎮ㄧ殑web鐧诲綍瀵嗙爜 %s
鎮ㄧ殑ssh鐧诲綍瀵嗙爜 %s
瀵嗛挜涓嬭浇鍦板潃 http://%s:%s/juser/down_key/?id=%s
璇存槑 璇风櫥闄嗗悗鍐嶄笅杞藉瘑閽
""" % (name, username, dept.name, user_role.get(role_post, ''),
password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
except Exception, e: except Exception, e:
error = u'娣诲姞鐢ㄦ埛 %s 澶辫触 %s ' % (username, e) error = u'娣诲姞鐢ㄦ埛 %s 澶辫触 %s ' % (username, e)
@ -655,6 +657,9 @@ def user_add(request):
ldap_del_user(username) ldap_del_user(username)
except Exception: except Exception:
pass pass
else:
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛 鐢ㄦ埛瀵嗙爜宸插彂閫佸埌 %s 閭锛' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@ -668,11 +673,11 @@ def user_add_adm(request):
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username', '') username = request.POST.get('username', '')
password = request.POST.get('password', '') password = gen_rand_pwd(16)
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
groups = request.POST.getlist('groups', []) groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '') ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
@ -693,7 +698,7 @@ def user_add_adm(request):
password=md5_crypt(password), password=md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role='CU', groups=groups, role='CU',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd), ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
@ -701,7 +706,6 @@ def user_add_adm(request):
server_add_user(username, password, ssh_key_pwd) server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛' % username
except Exception, e: except Exception, e:
error = u'娣诲姞鐢ㄦ埛 %s 澶辫触 %s ' % (username, e) error = u'娣诲姞鐢ㄦ埛 %s 澶辫触 %s ' % (username, e)
@ -712,6 +716,22 @@ def user_add_adm(request):
ldap_del_user(username) ldap_del_user(username)
except Exception: except Exception:
pass pass
else:
mail_title = u'鎭枩浣犵殑璺虫澘鏈虹敤鎴锋坊鍔犳垚鍔 Jumpserver'
mail_msg = """
Hi, %s
鎮ㄧ殑鐢ㄦ埛鍚 %s
鎮ㄧ殑閮ㄩ棬: %s
鎮ㄧ殑瑙掕壊 %s
鎮ㄧ殑web鐧诲綍瀵嗙爜 %s
鎮ㄧ殑ssh鐧诲綍瀵嗙爜 %s
瀵嗛挜涓嬭浇鍦板潃 %s
璇存槑 璇风櫥闄嗗悗鍐嶄笅杞藉瘑閽
""" % (name, username, dept.name, '鏅氱敤鎴', password, ssh_key_pwd, ssh_key_pwd)
print MAIL_FROM
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛 鐢ㄦ埛瀵嗙爜宸插彂閫佸埌 %s 閭锛' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))

40
templates/juser/user_add.html
View File

@ -42,26 +42,26 @@
<input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}> <input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> {# <div class="hr-line-dashed"></div>#}
<div class="form-group"> {# <div class="form-group">#}
<label for="password" class="col-sm-2 control-label">瀵嗙爜<span class="red-fonts">*</span></label> {# <label for="password" class="col-sm-2 control-label">瀵嗙爜<span class="red-fonts">*</span></label>#}
<div class="col-sm-8"> {# <div class="col-sm-8">#}
<input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}> {# <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>#}
<span class="help-block m-b-none"> {# <span class="help-block m-b-none">#}
鐧婚檰web鐨勫瘑鐮 {# 鐧婚檰web鐨勫瘑鐮#}
</span> {# </span>#}
</div> {# </div>#}
</div> {# </div>#}
<div class="hr-line-dashed"></div> {# <div class="hr-line-dashed"></div>#}
<div class="form-group"> {# <div class="form-group">#}
<label for="ssh_key_pwd" class="col-sm-2 control-label">瀵嗛挜瀵嗙爜<span class="red-fonts">*</span></label> {# <label for="ssh_key_pwd" class="col-sm-2 control-label">瀵嗛挜瀵嗙爜<span class="red-fonts">*</span></label>#}
<div class="col-sm-8"> {# <div class="col-sm-8">#}
<input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}> {# <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>#}
<span class="help-block m-b-none"> {# <span class="help-block m-b-none">#}
鐧婚檰 Jumpserver 浣跨敤鐨凷SH瀵嗛挜鐨勫瘑鐮 {# 鐧婚檰 Jumpserver 浣跨敤鐨凷SH瀵嗛挜鐨勫瘑鐮#}
</span> {# </span>#}
</div> {# </div>#}
</div> {# </div>#}
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="name" class="col-sm-2 control-label">濮撳悕<span class="red-fonts">*</span></label> <label for="name" class="col-sm-2 control-label">濮撳悕<span class="red-fonts">*</span></label>

1
templates/login.html
View File

@ -14,6 +14,7 @@
<link href="/static/css/animate.css" rel="stylesheet"> <link href="/static/css/animate.css" rel="stylesheet">
<link href="/static/css/style.css" rel="stylesheet"> <link href="/static/css/style.css" rel="stylesheet">
</head> </head>
<body class="gray-bg"> <body class="gray-bg">