diff --git a/.gitignore b/.gitignore index b749de2d9..48fa35e3d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,8 @@ *.py[cod] .idea test.py - +.DS_Store +db.sqlite3 # C extensions *.so diff --git a/docs/initial_data.yaml b/docs/initial_data.yaml new file mode 100644 index 000000000..665a7744a --- /dev/null +++ b/docs/initial_data.yaml @@ -0,0 +1,28 @@ +- model: juser.user + pk: 5000 + fields: + username: admin + name: admin + password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc= + email: admin@jumpserver.org + role: SU + is_active: 1 +- model: juser.user + pk: 5001 + fields: + username: group_admin + name: group_admin + password: pbkdf2_sha256$20000$ttObUWd15q10$NJoyZf2OZz9oiw2g4j2TkTh9zGgyVDRFdUkhn8X0nB0= + email: group_admin@jumpserver.org + role: DA + is_active: 1 +- model: juser.usergroup + pk: 1 + fields: + name: ALL + comment: ALL +- model: juser.usergroup + pk: 2 + fields: + name: 默认 + comment: 默认 diff --git a/jasset/models.py b/jasset/models.py index 8f51f8989..e108d507c 100644 --- a/jasset/models.py +++ b/jasset/models.py @@ -59,13 +59,13 @@ class AssetGroup(models.Model): class Asset(models.Model): - ip = models.IPAddressField(unique=True) - port = models.IntegerField(max_length=6) + ip = models.GenericIPAddressField(unique=True) + port = models.IntegerField() group = models.ManyToManyField(AssetGroup) username = models.CharField(max_length=20, blank=True, null=True) password = models.CharField(max_length=80, blank=True, null=True) use_default_auth = models.BooleanField(default=True) - date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True) + date_added = models.DateTimeField(auto_now_add=True) is_active = models.BooleanField(default=True) comment = models.CharField(max_length=100, blank=True, null=True) diff --git a/jlog/models.py b/jlog/models.py index baaffb5a7..cf13a5354 100644 --- a/jlog/models.py +++ b/jlog/models.py @@ -8,7 +8,7 @@ class Log(models.Model): dept_name = models.CharField(max_length=20) log_path = models.CharField(max_length=100) start_time = models.DateTimeField(null=True) - pid = models.IntegerField(max_length=10) + pid = models.IntegerField() is_finished = models.BooleanField(default=False) handle_finished = models.BooleanField(default=False) end_time = models.DateTimeField(null=True) diff --git a/jlog/views.py b/jlog/views.py index 0eb74f815..88d325eea 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -6,10 +6,8 @@ from django.shortcuts import render_to_response from jumpserver.api import * from jasset.views import httperror from django.http import HttpResponseNotFound - -CONF = ConfigParser() -CONF.read('%s/jumpserver.conf' % BASE_DIR) - +from models import Log +from jumpserver.settings import web_socket_host def get_user_info(request, offset): """ 获取用户信息及环境 """ @@ -58,7 +56,6 @@ def log_list(request, offset): """ 显示日志 """ header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户' keyword = request.GET.get('keyword', '') - web_socket_host = CONF.get('websocket', 'web_socket_host') posts = get_user_log(get_user_info(request, offset)) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) diff --git a/jumpserver/api.py b/jumpserver/api.py index ef968e301..180e145ed 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -1,8 +1,6 @@ # coding: utf-8 import os, sys, time -from ConfigParser import ConfigParser -import getpass from Crypto.Cipher import AES import crypt from binascii import b2a_hex, a2b_hex @@ -11,14 +9,15 @@ import datetime import random import subprocess import paramiko -import struct, fcntl, signal,socket, select, fnmatch +import struct, fcntl, signal, socket, select, fnmatch +from settings import JLOG_FILE, KEY, URL, log_dir, log_level from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.http import HttpResponse, Http404 from django.template import RequestContext from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup -from jlog.models import Log +# from jlog.models import Log from jasset.models import AssetAlias from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned from django.http import HttpResponseRedirect @@ -36,22 +35,6 @@ except ImportError: sys.exit() -BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) -CONF = ConfigParser() -CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) -LOG_DIR = os.path.join(BASE_DIR, 'logs') -JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log') -SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') -# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') -KEY = CONF.get('base', 'key') -LOGIN_NAME = getpass.getuser() -# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') -URL = CONF.get('base', 'url') -MAIL_ENABLE = CONF.get('mail', 'mail_enable') -MAIL_FROM = CONF.get('mail', 'email_host_user') -log_dir = os.path.join(BASE_DIR, 'logs') - - def set_log(level): """ return a log file object @@ -146,7 +129,7 @@ def page_list_return(total, current=1): min_page = current - 2 if current - 4 > 0 else 1 max_page = min_page + 4 if min_page + 4 < total else total - return range(min_page, max_page+1) + return range(min_page, max_page + 1) def pages(post_objects, request): @@ -186,6 +169,7 @@ class Jtty(object): A virtual tty class 一个虚拟终端类,实现连接ssh和记录日志 """ + def __init__(self, user, asset): self.chan = None self.username = user.username @@ -404,7 +388,7 @@ class PyCrypt(object): symbol = '!@$%^&*()_' salt_list = [] if especial: - for i in range(length-4): + for i in range(length - 4): salt_list.append(random.choice(salt_key)) for i in range(4): salt_list.append(random.choice(symbol)) @@ -489,19 +473,24 @@ def require_role(role='user'): decorator for require user role in ["super", "admin", "user"] 要求用户是某种角色 ["super", "admin", "user"]的装饰器 """ + def _deco(func): def __deco(request, *args, **kwargs): if role == 'user': if not request.user.is_authenticated(): return HttpResponseRedirect('/login/') elif role == 'admin': - if request.session.get('role_id', 0) < 1: + # if request.session.get('role_id', 0) < 1: + if request.user.role == 'CU': return HttpResponseRedirect('/') elif role == 'super': - if request.session.get('role_id', 0) < 2: + # if request.session.get('role_id', 0) < 2: + if request.user.role in ['CU', 'GA']: return HttpResponseRedirect('/') return func(request, *args, **kwargs) + return __deco + return _deco @@ -511,6 +500,7 @@ def is_role_request(request, role='user'): 要求请求角色正确 """ role_all = {'user': 0, 'admin': 1, 'super': 2} + # TODO: liuzheng's work if request.session.get('role_id') == role_all.get(role, 0): return True else: @@ -585,7 +575,7 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None, if edept: if dept.id != int(edept[0]): return False - + if user_group: dept_user_groups = dept.usergroup_set.all() user_group_ids = [] @@ -711,6 +701,4 @@ CRYPTOR = PyCrypt(KEY) # ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW) # else: # ldap_conn = None - -log_level = CONF.get('base', 'log') -logger = set_log(log_level) \ No newline at end of file +logger = set_log(log_level) diff --git a/jumpserver/context_processors.py b/jumpserver/context_processors.py index 7fb81f468..35c656c25 100644 --- a/jumpserver/context_processors.py +++ b/jumpserver/context_processors.py @@ -4,8 +4,9 @@ from jumpserver.api import * def name_proc(request): - user_id = request.session.get('user_id') - role_id = request.session.get('role_id') + user_id = request.user.id + # role_id = request.session.get('role_id') + role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0) # if role_id == 2: user_total_num = User.objects.all().count() user_active_num = User.objects.filter().count() diff --git a/jumpserver/settings.py b/jumpserver/settings.py index aeeaec053..6eb10c252 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/1.7/ref/settings/ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os import ConfigParser +import getpass config = ConfigParser.ConfigParser() @@ -22,7 +23,7 @@ DB_PORT = config.getint('db', 'port') DB_USER = config.get('db', 'user') DB_PASSWORD = config.get('db', 'password') DB_DATABASE = config.get('db', 'database') - +AUTH_USER_MODEL = 'juser.User' # mail config EMAIL_HOST = config.get('mail', 'email_host') EMAIL_PORT = config.get('mail', 'email_port') @@ -30,6 +31,24 @@ EMAIL_HOST_USER = config.get('mail', 'email_host_user') EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password') EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls') +# ======== Log ========== +LOG = False +LOG_DIR = os.path.join(BASE_DIR, 'logs') +JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log') +SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') +# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') +KEY = config.get('base', 'key') +LOGIN_NAME = getpass.getuser() +# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') +URL = config.get('base', 'url') +MAIL_ENABLE = config.get('mail', 'mail_enable') +MAIL_FROM = config.get('mail', 'email_host_user') +log_dir = os.path.join(BASE_DIR, 'logs') + +log_level = config.get('base', 'log') + +web_socket_host = config.get('websocket', 'web_socket_host') + # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ @@ -58,15 +77,15 @@ INSTALLED_APPS = ( 'juser', 'jasset', 'jperm', - # 'jlog', + 'jlog', ) MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', - #'django.middleware.csrf.CsrfViewMiddleware', + # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', - #'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + # 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ) @@ -79,17 +98,23 @@ WSGI_APPLICATION = 'jumpserver.wsgi.application' # Database # https://docs.djangoproject.com/en/1.7/ref/settings/#databases +# DATABASES = { +# 'default': { +# 'ENGINE': 'django.db.backends.mysql', +# 'NAME': DB_DATABASE, +# 'USER': DB_USER, +# 'PASSWORD': DB_PASSWORD, +# 'HOST': DB_HOST, +# 'PORT': DB_PORT, +# } +# } + DATABASES = { 'default': { - 'ENGINE': 'django.db.backends.mysql', - 'NAME': DB_DATABASE, - 'USER': DB_USER, - 'PASSWORD': DB_PASSWORD, - 'HOST': DB_HOST, - 'PORT': DB_PORT, + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), } } - TEMPLATE_CONTEXT_PROCESSORS = ( 'django.contrib.auth.context_processors.auth', 'django.core.context_processors.debug', @@ -98,14 +123,14 @@ TEMPLATE_CONTEXT_PROCESSORS = ( 'django.core.context_processors.static', 'django.core.context_processors.tz', 'django.contrib.messages.context_processors.messages', - 'jumpserver.context_processors.name_proc' + 'jumpserver.context_processors.name_proc', ) TEMPLATE_DIRS = ( os.path.join(BASE_DIR, 'templates'), ) -#STATIC_ROOT = os.path.join(BASE_DIR, 'static') +# STATIC_ROOT = os.path.join(BASE_DIR, 'static') STATICFILES_DIRS = ( os.path.join(BASE_DIR, "static"), @@ -128,5 +153,3 @@ USE_TZ = False # https://docs.djangoproject.com/en/1.7/howto/static-files/ STATIC_URL = '/static/' - - diff --git a/jumpserver/urls.py b/jumpserver/urls.py index 617d0351e..1f47918a1 100644 --- a/jumpserver/urls.py +++ b/jumpserver/urls.py @@ -8,8 +8,8 @@ urlpatterns = patterns('', (r'^skin_config/$', 'jumpserver.views.skin_config'), (r'^install/$', 'jumpserver.views.install'), (r'^base/$', 'jumpserver.views.base'), - (r'^login/$', 'jumpserver.views.login'), - (r'^logout/$', 'jumpserver.views.logout'), + (r'^login/$', 'jumpserver.views.Login'), + (r'^logout/$', 'jumpserver.views.Logout'), (r'^file/upload/$', 'jumpserver.views.upload'), (r'^file/download/$', 'jumpserver.views.download'), (r'^error/$', 'jumpserver.views.httperror'), diff --git a/jumpserver/views.py b/jumpserver/views.py index ecc6d02ac..cdae32617 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -12,8 +12,10 @@ from django.http import HttpResponse # from jperm.models import Apply import paramiko from jumpserver.api import * -from django.contrib.auth import authenticate,logout,login - +from django.contrib.auth import authenticate, login, logout +from django.contrib.auth.decorators import login_required +from settings import BASE_DIR +from jlog.models import Log def getDaysByNum(num): today = datetime.date.today() @@ -64,7 +66,6 @@ def index_cu(request): new_posts.append(post_five) post_five = [] new_posts.append(post_five) - return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request)) @@ -195,7 +196,7 @@ def is_latest(): def Login(request): """登录界面""" - if not request.user.is_authenticated(): + if request.user.is_authenticated(): return HttpResponseRedirect('/') if request.method == 'GET': return render_to_response('login.html') @@ -216,12 +217,12 @@ def Login(request): # if PyCrypt.md5_crypt(password) == user.password: # request.session['user_id'] = user.id # user_filter.update(last_login=datetime.datetime.now()) - if user.role == 'SU': - request.session['role_id'] = 2 - elif user.role == 'GA': - request.session['role_id'] = 1 - else: - request.session['role_id'] = 0 + # if user.role == 'SU': + # request.session['role_id'] = 2 + # elif user.role == 'GA': + # request.session['role_id'] = 1 + # else: + # request.session['role_id'] = 0 return HttpResponseRedirect('/', ) # response.set_cookie('username', username, expires=604800) # response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800) diff --git a/juser/models.py b/juser/models.py index 67325ef7f..c030b8454 100644 --- a/juser/models.py +++ b/juser/models.py @@ -1,6 +1,7 @@ -#coding: utf-8 +# coding: utf-8 from django.db import models +from django.contrib.auth.models import AbstractUser class UserGroup(models.Model): @@ -19,23 +20,17 @@ class UserGroup(models.Model): self.save() -class User(models.Model): +class User(AbstractUser): USER_ROLE_CHOICES = ( ('SU', 'SuperUser'), ('GA', 'GroupAdmin'), ('CU', 'CommonUser'), ) - username = models.CharField(max_length=80, unique=True) - password = models.CharField(max_length=100) name = models.CharField(max_length=80) - email = models.EmailField(max_length=75) - role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU') uuid = models.CharField(max_length=100) + role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU') group = models.ManyToManyField(UserGroup) ssh_key_pwd = models.CharField(max_length=200) - is_active = models.BooleanField(default=True) - last_login = models.DateTimeField(null=True) - date_joined = models.DateTimeField(null=True) def __unicode__(self): return self.username @@ -47,13 +42,11 @@ class User(models.Model): """ host_group_list = [] perm_list = [] - user_group_all = self.group.all() - for user_group in user_group_all: - perm_list.extend(user_group.perm_set.all()) - - for perm in perm_list: - host_group_list.append(perm.asset_group) - + # user_group_all = self.group.all() + # for user_group in user_group_all: + # perm_list.extend(user_group.perm_set.all()) + # for perm in perm_list: + # host_group_list.append(perm.asset_group) return host_group_list def get_asset_group_info(self, printable=False): @@ -63,10 +56,8 @@ class User(models.Model): """ asset_groups_info = {} asset_groups = self.get_asset_group() - for asset_group in asset_groups: asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment] - if printable: for group_id in asset_groups_info: if asset_groups_info[group_id][1]: @@ -86,10 +77,8 @@ class User(models.Model): """ assets = [] asset_groups = self.get_asset_group() - for asset_group in asset_groups: assets.extend(asset_group.asset_set.all()) - return assets def get_asset_info(self, printable=False): @@ -100,14 +89,12 @@ class User(models.Model): from jasset.models import AssetAlias assets_info = {} assets = self.get_asset() - for asset in assets: asset_alias = AssetAlias.objects.filter(user=self, asset=asset) if asset_alias and asset_alias[0].alias != '': assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)] else: assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)] - if printable: ips = assets_info.keys() ips.sort() @@ -137,5 +124,3 @@ class AdminGroup(models.Model): def __unicode__(self): return '%s: %s' % (self.user.username, self.group.name) - - diff --git a/juser/user_api.py b/juser/user_api.py index 04a638a0f..f90cbbaf9 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -4,7 +4,7 @@ from Crypto.PublicKey import RSA from juser.models import AdminGroup from jumpserver.api import * - +from jumpserver.settings import BASE_DIR def group_add_user(group, user_id=None, username=None): """ @@ -59,6 +59,7 @@ def db_add_user(**kwargs): admin_groups = kwargs.pop('admin_groups') role = kwargs.get('role', 'CU') user = User(**kwargs) + user.set_password(kwargs.get('password')) user.save() if groups_post: group_select = [] @@ -83,10 +84,10 @@ def db_update_user(**kwargs): groups_post = kwargs.pop('groups') admin_groups_post = kwargs.pop('admin_groups') user_id = kwargs.pop('user_id') - user = User.objects.filter(id=user_id) + user = User.objects.get(id=user_id) if user: user.update(**kwargs) - user = user[0] + user.set_password(kwargs.pop('password')) user.save() else: return None diff --git a/juser/views.py b/juser/views.py index b2ea0c518..f68c852e4 100644 --- a/juser/views.py +++ b/juser/views.py @@ -2,20 +2,21 @@ # Author: Guanghongwei # Email: ibuler@qq.com -import random -from Crypto.PublicKey import RSA +# import random +# from Crypto.PublicKey import RSA import uuid as uuid_r from django.db.models import Q from django.template import RequestContext from django.db.models import ObjectDoesNotExist - +from jumpserver.settings import MAIL_FROM, MAIL_ENABLE from juser.user_api import * def chg_role(request): role = {'SU': 2, 'DA': 1, 'CU': 0} user, dept = get_session_user_dept(request) + # TODO: liuzheng's work if request.session['role_id'] > 0: request.session['role_id'] = 0 elif request.session['role_id'] == 0: @@ -240,8 +241,8 @@ def user_add(request): if '' in [username, password, ssh_key_pwd, name, role]: error = u'带*内容不能为空' raise ServerError - user_test = get_object(User, username=username) - if user_test: + check_user_is_exist = User.objects.filter(username=username) + if check_user_is_exist: error = u'用户 %s 已存在' % username raise ServerError @@ -250,10 +251,10 @@ def user_add(request): else: try: user = db_add_user(username=username, name=name, - password=CRYPTOR.md5_crypt(password), + password=password, email=email, role=role, uuid=uuid, groups=groups, admin_groups=admin_groups, - ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), + ssh_key_pwd=ssh_key_pwd, is_active=is_active, date_joined=datetime.datetime.now()) server_add_user(username, password, ssh_key_pwd, ssh_key_login_need) @@ -393,10 +394,10 @@ def user_list(request): @require_role(role='user') def user_detail(request): header_title, path1, path2 = '用户详情', '用户管理', '用户详情' - if request.session.get('role_id') == 0: - user_id = request.user.id - else: - user_id = request.GET.get('id', '') + # if request.session.get('role_id') == 0: + # user_id = request.user.id + # else: + # user_id = request.GET.get('id', '') # if request.session.get('role_id') == 1: # user, dept = get_session_user_dept(request) # if not validate(request, user=[user_id]): @@ -404,9 +405,9 @@ def user_detail(request): # if not user_id: # return HttpResponseRedirect('/juser/user_list/') - user = get_object(User, id=user_id) - if user: - pass + # user = get_object(User, id=user_id) + # if user: + # pass # asset_group_permed = user.get_asset_group() # logs_last = Log.objects.filter(user=user.name).order_by('-start_time')[0:10] # logs_all = Log.objects.filter(user=user.name).order_by('-start_time') @@ -417,8 +418,14 @@ def user_detail(request): @require_role(role='admin') def user_del(request): - user_ids = request.GET.get('id', '') - user_id_list = user_ids.split(',') + if request.method == "GET": + user_ids = request.GET.get('id', '') + user_id_list = user_ids.split(',') + elif request.method == "POST": + user_ids = request.POST.get('id', '') + user_id_list = user_ids.split(',') + else: + return HttpResponse('错误请求') for user_id in user_id_list: User.objects.filter(id=user_id).delete() @@ -526,11 +533,11 @@ def user_edit(request): else: return HttpResponseRedirect('/juser/user_list/') - if password != user.password: - password_decode = password - password = CRYPTOR.md5_crypt(password) - else: - password_decode = None + # if password != user.password: + # password_decode = password + # password = CRYPTOR.md5_crypt(password) + # else: + # password_decode = None db_update_user(user_id=user_id, password=password, @@ -647,10 +654,11 @@ def change_info(request): error = '密码须大于6位' if not error: - if password != user.password: - password = CRYPTOR.md5_crypt(password) + # if password != user.password: + # password = CRYPTOR.md5_crypt(password) - user.update(name=name, password=password, email=email) + user.update(name=name, email=email) + user.set_password(password) msg = '修改成功' return render_to_response('juser/change_info.html', locals(), context_instance=RequestContext(request)) diff --git a/manage.py b/manage.py old mode 100644 new mode 100755 diff --git a/static/.DS_Store b/static/.DS_Store deleted file mode 100644 index 1f949c218..000000000 Binary files a/static/.DS_Store and /dev/null differ diff --git a/templates/index_cu.html b/templates/index_cu.html index b52f2b4dc..3edb68a75 100644 --- a/templates/index_cu.html +++ b/templates/index_cu.html @@ -72,7 +72,7 @@
- {{ user.name }} + {{ user.username }}
@@ -109,7 +109,7 @@ 角色 - {{ user.id | get_role }} + {{ user.role }} Email