github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

添加sudo修改权限

pull/6/head
guanghongwei 2015-02-09 18:50:21 +08:00
parent b9e2c9aa95
commit d7de3edcf4
7 changed files with 245 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
connect.py
View File

@ -16,8 +16,6 @@ import getpass
import fnmatch
import readline
from multiprocessing import Pool
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
from ConfigParser import ConfigParser
from django.core.exceptions import ObjectDoesNotExist
@ -27,6 +25,7 @@ from juser.models import User
from jasset.models import Asset
from jlog.models import Log
from jperm.views import perm_user_asset
from jumpserver.views import PyCrypt
try:
import termios
@ -75,34 +74,6 @@ class ServerError(Exception):
pass
class PyCrypt(object):
"""This class used to encrypt and decrypt password."""
def __init__(self, key):
self.key = key
self.mode = AES.MODE_CBC
def encrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
length = 16
try:
count = len(text)
except TypeError:
raise ServerError('Encrypt password error, TYpe error.')
add = (length - (count % length))
text += ('\0' * add)
ciphertext = cryptor.encrypt(text)
return b2a_hex(ciphertext)
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
try:
plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError:
raise ServerError('Decrypt password error, TYpe error.')
return plain_text.rstrip('\0')
def get_win_size():
"""This function use to get the size of the windows!"""
if 'TIOCGWINSZ' in dir(termios):

3
jperm/models.py
View File

@ -18,7 +18,8 @@ class CmdGroup(models.Model):
class SudoPerm(models.Model):
name = models.CharField(max_length=20)
user_group = models.ManyToManyField(UserGroup)
asset_group = models.ManyToManyField(BisGroup)
cmd_group = models.ManyToManyField(CmdGroup)
comment = models.CharField(max_length=30)
comment = models.CharField(max_length=30, null=True, blank=True)

47
jperm/views.py
View File

@ -7,6 +7,14 @@ from jasset.models import Asset, BisGroup
from jperm.models import Perm, SudoPerm, CmdGroup
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.db.models import Q
from jumpserver.views import LDAP_ENABLE, ldap_conn, CONF
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
def perm_group_update(user_group_name='', user_group_id='', asset_groups_name='', asset_groups_id=''):
@ -138,7 +146,6 @@ def perm_asset_detail(request):
return render_to_response('jperm/perm_asset_detail.html', locals())
def user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select):
user_groups_select_list = []
asset_groups_select_list = []
@ -167,10 +174,41 @@ def sudo_db_add(user_groups_select, asset_groups_select, cmd_groups_select, comm
sudo_perm.cmd_group = cmd_groups_select_list
def sudo_ldap_add(user_groups_select, asset_groups_select, cmd_groups_select):
def unicode2str(unicode_list):
return [str(i) for i in unicode_list]
def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
users = []
assets = []
cmds = []
for user_group in user_groups_select_list:
users.extend(user_group.user_set.all())
for asset_group in asset_groups_select_list:
assets.extend(asset_group.asset_set.all())
for cmd_group in cmd_groups_select_list:
cmds.extend(cmd_group.cmd.split(','))
users_name = [user.name for user in users]
assets_ip = [asset.ip for asset in assets]
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % str(name)],
'sudoCommand': unicode2str(cmds),
'sudoHost': unicode2str(assets_ip),
'sudoOption': ['!authenticate'],
'sudoRunAsUser': unicode2str(users_runas),
'sudoUser': unicode2str(users_name)}
ldap_conn.add(sudo_dn, sudo_attr)
def sudo_add(request):
header_title, path1, path2 = u'Sudo鎺堟潈 | Perm Sudo Add.', u'jperm', u'sudo_add'
@ -179,16 +217,17 @@ def sudo_add(request):
cmd_groups = CmdGroup.objects.all()
if request.method == 'POST':
name = request.POST.get('name')
users_runas = request.POST.get('runas', 'root').split(',')
user_groups_select = request.POST.getlist('user_groups_select')
asset_groups_select = request.POST.getlist('asset_groups_select')
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
sudo_db_add(user_groups_select, asset_groups_select, cmd_groups_select, comment)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
msg = '娣诲姞鎴愬姛'
return render_to_response('jperm/sudo_add.html', locals())

53
jumpserver/views.py
View File

@ -3,15 +3,29 @@
import hashlib
import ldap
from ldap import modlist
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
from ConfigParser import ConfigParser
import os
from django.http import HttpResponse
from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
from juser.models import User
from connect import PyCrypt, KEY
from jasset.models import Asset, BisGroup, IDC
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
CONF = ConfigParser()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
def md5_crypt(string):
return hashlib.new("md5", string).hexdigest()
@ -30,7 +44,7 @@ def jasset_group_add(name, comment, type):
emg = u'璇ヤ笟鍔$粍宸插瓨鍦!'
else:
BisGroup.objects.create(name=name, comment=comment, type=type)
smg = u'涓氬姟缁%s娣诲姞鎴愬姛' %name
smg = u'涓氬姟缁%s娣诲姞鎴愬姛' % name
def jasset_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_active, j_comment):
@ -151,3 +165,38 @@ class LDAPMgmt():
print e
class PyCrypt(object):
"""This class used to encrypt and decrypt password."""
def __init__(self, key):
self.key = key
self.mode = AES.MODE_CBC
def encrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
length = 16
try:
count = len(text)
except TypeError:
raise ServerError('Encrypt password error, TYpe error.')
add = (length - (count % length))
text += ('\0' * add)
ciphertext = cryptor.encrypt(text)
return b2a_hex(ciphertext)
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
try:
plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError:
raise ServerError('Decrypt password error, TYpe error.')
return plain_text.rstrip('\0')
if LDAP_ENABLE:
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
else:
ldap_conn = None

38
juser/views.py
View File

@ -20,17 +20,16 @@ from juser.models import UserGroup, User
from connect import PyCrypt, KEY
from connect import BASE_DIR
from connect import CONF
from jumpserver.views import md5_crypt,LDAPMgmt
from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn
CRYPTOR = PyCrypt(KEY)
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
CRYPTOR = PyCrypt(KEY)
def gen_rand_pwd(num):
"""鐢熸垚闅忔満瀵嗙爜"""
@ -176,20 +175,18 @@ def ldap_add_user(username, ldap_pwd):
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]}
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
# sudo_attr = {'objectClass': ['top', 'sudoRole'],
# 'cn': ['%s' % str(username)],
# 'sudoCommand': ['/bin/pwd'],
# 'sudoHost': ['192.168.1.1'],
# 'sudoOption': ['!authenticate'],
# 'sudoRunAsUser': ['root'],
# 'sudoUser': ['%s' % str(username)]}
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
# ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username):
@ -197,12 +194,21 @@ def ldap_del_user(username):
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
# def ldap_group_add(group_name, username_list, gid):
# group_dn = "cn=%s,ou=Group,%s" % (group_name, LDAP_BASE_DN)
# group_attr = {'objectClass': ['posixGroup', 'top'],
# 'cn': [str(group_name)],
# 'userPassword': ['{crypt}x'],
# 'gidNumber': [gid],
# 'memberUid': username_list}
# ldap_conn.add(group_dn, group_attr)
def group_add(request, group_type_select='A'):
error = ''
msg = ''

51
templates/jperm/sudo_add.html
View File

@ -37,7 +37,29 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="row">
<div class="col-sm-5"><h4>鐢ㄦ埛缁</h4>
<div class="form-group">
<label for="name" class="col-sm-2 control-label">鎺堟潈鍚</label>
<div class="col-sm-8">
<input id="name" name="name" placeholder="OnlyForEnglish" type="text" class="form-control">
<span class="help-block m-b-none">鍙栦釜鍚嶅瓧鏂逛究杈ㄨ瘑锛屽彧鏀寔鑻辨枃</span>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="runas" class="col-sm-2 control-label">RunAsUser</label>
<div class="col-sm-8">
<input id="runas" name="runas" placeholder="RunAsUser" type="text" class="form-control">
<span class="help-block m-b-none">
鍏佽浠ュ摢涓敤鎴峰厑璁竤udo,閫楀彿鍒嗛殧,榛樿root
</span>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="" class="col-sm-2 control-label">鐢ㄦ埛缁</label>
<div class="col-sm-4">
<div>
<select id="user_groups" name="user_groups" class="form-control" size="5" multiple>
{% for user_group in user_groups %}
@ -47,14 +69,15 @@
</div>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 50px;">
<div class="btn-group" style="margin-top: 12px;">
<button type="button" class="btn btn-white" onclick="move('user_groups', 'user_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('user_groups_select', 'user_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-5"><h4>鎺堟潈鐢ㄦ埛缁</h4>
<div class="col-sm-3">
<div>
<select id="user_groups_select" name="user_groups_select" class="form-control m-b" size="5" multiple>
</select>
@ -64,8 +87,9 @@
<div class="hr-line-dashed"></div>
<div class="row">
<div class="col-sm-5"><h4>涓绘満缁</h4>
<div class="form-group">
<label for="" class="col-sm-2 control-label">涓绘満缁</label>
<div class="col-sm-4">
<div>
<select id="asset_groups" name="asset_groups" class="form-control m-b" size="5" multiple>
{% for asset_group in asset_groups %}
@ -76,13 +100,13 @@
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 50px;">
<div class="btn-group" style="margin-top: 12px;">
<button type="button" class="btn btn-white" onclick="move('asset_groups', 'asset_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('asset_groups_select', 'asset_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-5"><h4>鎺堟潈涓绘満缁</h4>
<div class="col-sm-3">
<div>
<select id="asset_groups_select" name="asset_groups_select" class="form-control m-b" size="5" multiple>
</select>
@ -92,8 +116,9 @@
<div class="hr-line-dashed"></div>
<div class="row">
<div class="col-sm-5"><h4>鍛戒护缁</h4>
<div class="form-group">
<label for="" class="col-sm-2 control-label">鍛戒护缁</label>
<div class="col-sm-4">
<div>
<select id="cmd_groups" name="cmd_groups" class="form-control m-b" size="5" multiple>
{% for cmd_group in cmd_groups %}
@ -104,13 +129,13 @@
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 50px;">
<div class="btn-group" style="margin-top: 12px;">
<button type="button" class="btn btn-white" onclick="move('cmd_groups', 'cmd_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('cmd_groups_select', 'cmd_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-5"><h4>鍛戒护缁</h4>
<div class="col-sm-3">
<div>
<select id="cmd_groups_select" name="cmd_groups_select" class="form-control m-b" size="5" multiple>
</select>
@ -127,12 +152,12 @@
</div>
</div>
<div class="hr-line-dashed"></div>
</div>
<div class="row">
<div class="form-group">
<div class="col-sm-4 col-sm-offset-2">
<button class="btn btn-white" type="submit">鍙栨秷</button>
<button class="btn btn-white" type="reset">鍙栨秷</button>
<button class="btn btn-primary" type="submit" onclick="javascript: (function(){$('#sudoPerm option').each(function(){$(this).prop('selected', true)})})()">纭淇濆瓨</button>
</div>
</div>

19
templates/nav.html
View File

@ -33,8 +33,23 @@
<a href="#"><i class="fa fa-edit"></i> <span class="nav-label">鎺堟潈绠$悊</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li id="perm_list"><a href="/jperm/perm_list/">涓绘満鎺堟潈</a></li>
<li id="perm_sudo"><a href="/jperm/sudo_add/">Sudo娣诲姞</a></li>
<li id="perm_sudo"><a href="/jperm/sudo_list/">Sudo鏌ョ湅</a></li>
<li class="active">
<a href="#">Sudo鎺堟潈<span class="fa arrow"></span></a>
<ul class="nav nav-third-level">
<li id="cmd_add">
<a href="/jperm/cmd_add/">鍛戒护缁勬坊鍔</a>
</li>
<li id="cmd_list">
<a href="/jperm/cmd_list/">鍛戒护缁勬煡鐪</a>
</li>
<li id="sudo_add">
<a href="/jperm/sudo_add/">Sudo娣诲姞</a>
</li>
<li id="sudo_list">
<a href="/jperm/sudo_list/">Sudo鏌ョ湅</a>
</li>
</ul>
</li>
</ul>
</li>
<li id="jlog">