merge: 合并 dev

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.9-slim-bullseye as stage-build
+FROM jumpserver/python:3.9-slim-buster as stage-build
 ARG TARGETARCH
 
 ARG VERSION
@@ -8,7 +8,7 @@ WORKDIR /opt/jumpserver
 ADD . .
 RUN cd utils && bash -ixeu build.sh
 
-FROM python:3.9-slim-bullseye
+FROM jumpserver/python:3.9-slim-buster
 ARG TARGETARCH
 MAINTAINER JumpServer Team <ibuler@qq.com>
 
@@ -24,6 +24,7 @@ ARG DEPENDENCIES="                    \
         libjpeg-dev                   \
         libldap2-dev                  \
         libsasl2-dev                  \
+        libssl-dev                    \
         libxml2-dev                   \
         libxmlsec1-dev                \
         libxmlsec1-openssl            \
@@ -66,27 +67,36 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
 
 ARG DOWNLOAD_URL=https://download.jumpserver.org
 
-RUN mkdir -p /opt/oracle/ \
-    && cd /opt/oracle/ \
-    && wget ${DOWNLOAD_URL}/public/instantclient-basiclite-linux.${TARGETARCH}-19.10.0.0.0.zip \
-    && unzip instantclient-basiclite-linux.${TARGETARCH}-19.10.0.0.0.zip \
-    && sh -c "echo /opt/oracle/instantclient_19_10 > /etc/ld.so.conf.d/oracle-instantclient.conf" \
-    && ldconfig \
-    && rm -f instantclient-basiclite-linux.${TARGETARCH}-19.10.0.0.0.zip
+RUN set -ex \
+    && \
+    if [ "${TARGETARCH}" == "amd64" ] || [ "${TARGETARCH}" == "arm64" ]; then \
+        mkdir -p /opt/oracle; \
+        cd /opt/oracle; \
+        wget ${DOWNLOAD_URL}/public/instantclient-basiclite-linux.${TARGETARCH}-19.10.0.0.0.zip; \
+        unzip instantclient-basiclite-linux.${TARGETARCH}-19.10.0.0.0.zip; \
+        echo "/opt/oracle/instantclient_19_10" > /etc/ld.so.conf.d/oracle-instantclient.conf; \
+        ldconfig; \
+        rm -f instantclient-basiclite-linux.${TARGETARCH}-19.10.0.0.0.zip; \
+    fi
 
 WORKDIR /tmp/build
 COPY ./requirements ./requirements
 
 ARG PIP_MIRROR=https://pypi.douban.com/simple
-ENV PIP_MIRROR=$PIP_MIRROR
 ARG PIP_JMS_MIRROR=https://pypi.douban.com/simple
-ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR
 
 RUN --mount=type=cache,target=/root/.cache/pip \
     set -ex \
     && pip config set global.index-url ${PIP_MIRROR} \
     && pip install --upgrade pip \
     && pip install --upgrade setuptools wheel \
+    && \
+    if [ "${TARGETARCH}" == "loong64" ]; then \
+        pip install https://download.jumpserver.org/pypi/simple/cryptography/cryptography-38.0.4-cp39-cp39-linux_loongarch64.whl; \
+        pip install https://download.jumpserver.org/pypi/simple/greenlet/greenlet-1.1.2-cp39-cp39-linux_loongarch64.whl; \
+        pip install https://download.jumpserver.org/pypi/simple/PyNaCl/PyNaCl-1.5.0-cp39-cp39-linux_loongarch64.whl; \
+        pip install https://download.jumpserver.org/pypi/simple/grpcio/grpcio-1.54.2-cp39-cp39-linux_loongarch64.whl; \
+    fi \
     && pip install $(grep -E 'jms|jumpserver' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
     && pip install -r requirements/requirements.txt
 

Dockerfile.loong64

@@ -1,97 +0,0 @@
-FROM python:3.9-slim-buster as stage-build
-ARG TARGETARCH
-
-ARG VERSION
-ENV VERSION=$VERSION
-
-WORKDIR /opt/jumpserver
-ADD . .
-RUN cd utils && bash -ixeu build.sh
-
-FROM python:3.9-slim-buster
-ARG TARGETARCH
-MAINTAINER JumpServer Team <ibuler@qq.com>
-
-ARG BUILD_DEPENDENCIES="              \
-        g++                           \
-        make                          \
-        pkg-config"
-
-ARG DEPENDENCIES="                    \
-        freetds-dev                   \
-        libpq-dev                     \
-        libffi-dev                    \
-        libjpeg-dev                   \
-        libldap2-dev                  \
-        libsasl2-dev                  \
-        libssl-dev                    \
-        libxml2-dev                   \
-        libxmlsec1-dev                \
-        libxmlsec1-openssl            \
-        freerdp2-dev                  \
-        libaio-dev"
-
-ARG TOOLS="                           \
-        ca-certificates               \
-        curl                          \
-        default-libmysqlclient-dev    \
-        default-mysql-client          \
-        locales                       \
-        openssh-client                \
-        procps                        \
-        sshpass                       \
-        telnet                        \
-        unzip                         \
-        vim                           \
-        git                           \
-        wget"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
-    set -ex \
-    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
-    && apt-get update \
-    && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
-    && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
-    && apt-get -y install --no-install-recommends ${TOOLS} \
-    && mkdir -p /root/.ssh/ \
-    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
-    && echo "set mouse-=a" > ~/.vimrc \
-    && echo "no" | dpkg-reconfigure dash \
-    && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
-    && sed -i "s@# export @export @g" ~/.bashrc \
-    && sed -i "s@# alias @alias @g" ~/.bashrc \
-    && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /tmp/build
-COPY ./requirements ./requirements
-
-ARG PIP_MIRROR=https://pypi.douban.com/simple
-ENV PIP_MIRROR=$PIP_MIRROR
-ARG PIP_JMS_MIRROR=https://pypi.douban.com/simple
-ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR
-
-RUN --mount=type=cache,target=/root/.cache/pip \
-    set -ex \
-    && pip config set global.index-url ${PIP_MIRROR} \
-    && pip install --upgrade pip \
-    && pip install --upgrade setuptools wheel \
-    && pip install https://download.jumpserver.org/pypi/simple/cryptography/cryptography-38.0.4-cp39-cp39-linux_loongarch64.whl \
-    && pip install https://download.jumpserver.org/pypi/simple/greenlet/greenlet-1.1.2-cp39-cp39-linux_loongarch64.whl \
-    && pip install https://download.jumpserver.org/pypi/simple/PyNaCl/PyNaCl-1.5.0-cp39-cp39-linux_loongarch64.whl \
-    && pip install https://download.jumpserver.org/pypi/simple/grpcio/grpcio-1.54.2-cp39-cp39-linux_loongarch64.whl \
-    && pip install $(grep -E 'jms|jumpserver' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
-    && pip install -r requirements/requirements.txt
-
-COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
-RUN echo > /opt/jumpserver/config.yml \
-    && rm -rf /tmp/build
-
-WORKDIR /opt/jumpserver
-VOLUME /opt/jumpserver/data
-VOLUME /opt/jumpserver/logs
-
-ENV LANG=zh_CN.UTF-8
-
-EXPOSE 8080
-
-ENTRYPOINT ["./entrypoint.sh"]

apps/assets/api/tree.py

@@ -127,10 +127,13 @@ class NodeChildrenAsTreeApi(SerializeToTreeNodeMixin, NodeChildrenApi):
         if not self.instance or not include_assets:
             return Asset.objects.none()
         if query_all:
-            assets = self.instance.get_all_assets_for_tree()
+            assets = self.instance.get_all_assets()
         else:
-            assets = self.instance.get_assets_for_tree()
-        return assets
+            assets = self.instance.get_assets()
+        return assets.only(
+            "id", "name", "address", "platform_id",
+            "org_id", "is_active", 'comment'
+        ).prefetch_related('platform')
 
     def filter_queryset_for_assets(self, assets):
         search = self.request.query_params.get('search')

apps/assets/const/host.py

@@ -33,10 +33,10 @@ class HostTypes(BaseType):
     def _get_protocol_constrains(cls) -> dict:
         return {
             '*': {
-                'choices': ['ssh', 'telnet', 'vnc', 'rdp']
+                'choices': ['ssh', 'telnet', 'vnc', 'rdp', 'rdp7']
             },
             cls.WINDOWS: {
-                'choices': ['rdp', 'ssh', 'vnc', 'winrm']
+                'choices': ['rdp', 'rdp7', 'ssh', 'vnc', 'winrm']
             }
         }
 
@@ -116,6 +116,10 @@ class HostTypes(BaseType):
                             'required': True
                         }
                     }
+                },
+                {
+                    'name': 'Windows-RDP7',
+                    '_protocols': ['rdp7',],
                 }
             ]
         }

apps/assets/const/protocol.py

@@ -10,6 +10,7 @@ __all__ = ['Protocol']
 class Protocol(ChoicesMixin, models.TextChoices):
     ssh = 'ssh', 'SSH'
     rdp = 'rdp', 'RDP'
+    rdp7 = 'rdp7', 'RDP7'
     telnet = 'telnet', 'Telnet'
     vnc = 'vnc', 'VNC'
     winrm = 'winrm', 'WinRM'
@@ -69,6 +70,25 @@ class Protocol(ChoicesMixin, models.TextChoices):
                     # }
                 }
             },
+            cls.rdp7: {
+                'port': 3390,
+                'secret_types': ['password'],
+                'setting': {
+                    'console': {
+                        'type': 'bool',
+                        'default': False,
+                        'label': _('Console'),
+                        'help_text': _("Connect to console session")
+                    },
+                    'security': {
+                        'type': 'choice',
+                        'choices': [('any', _('Any')), ('rdp', 'RDP'), ('tls', 'TLS'), ('nla', 'NLA')],
+                        'default': 'any',
+                        'label': _('Security'),
+                        'help_text': _("Security layer to use for the connection")
+                    },
+                }
+            },
             cls.vnc: {
                 'port': 5900,
                 'secret_types': ['password'],

apps/assets/migrations/0120_auto_20230630_1555.py

@@ -0,0 +1,69 @@
+# Generated by Django 3.2.17 on 2023-06-30 07:55
+
+import json
+
+from django.db import migrations
+
+platform_json_data = """{
+        "category": "host",
+        "type": "windows",
+        "internal": true,
+        "charset": "utf-8",
+        "domain_enabled": true,
+        "su_enabled": false,
+        "name": "Windows-RDP7",
+        "automation": {
+            "ansible_enabled": true,
+            "ansible_config": {
+                "ansible_shell_type": "cmd",
+                "ansible_connection": "ssh"
+            },
+            "ping_enabled": true,
+            "gather_facts_enabled": true,
+            "gather_accounts_enabled": true,
+            "verify_account_enabled": true,
+            "change_secret_enabled": true,
+            "push_account_enabled": true,
+            "ping_method": "win_ping",
+            "gather_facts_method": "gather_facts_windows",
+            "gather_accounts_method": "gather_accounts_windows",
+            "verify_account_method": "verify_account_windows",
+            "change_secret_method": "change_secret_local_windows",
+            "push_account_method": "push_account_local_windows"
+        },
+        "protocols": [
+            {
+                "name": "rdp7",
+                "port": 3390,
+                "setting": {
+                    "console": false,
+                    "security": "any"
+                },
+                "primary": true,
+                "required": false,
+                "default": false
+            }
+        ]
+}"""
+
+
+def create_rdp7_internal_platform(apps, *args):
+    platform_cls = apps.get_model('assets', 'Platform')
+    platform_automation_cls = apps.get_model('assets', 'PlatformAutomation')
+    platform_data = json.loads(platform_json_data)
+    protocols = platform_data.pop('protocols')
+    automation_data = platform_data.pop('automation', {})
+    rdp7_obj = platform_cls.objects.create(**platform_data)
+    for p in protocols:
+        rdp7_obj.protocols.create(**p)
+    platform_automation_cls.objects.create(platform=rdp7_obj, **automation_data)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('assets', '0119_assets_add_default_node'),
+    ]
+
+    operations = [
+        migrations.RunPython(create_rdp7_internal_platform),
+    ]

apps/assets/models/node.py

@@ -429,18 +429,6 @@ class NodeAssetsMixin(NodeAllAssetsMappingMixin):
         assets = Asset.objects.filter(nodes=self)
         return assets.distinct()
 
-    def get_assets_for_tree(self):
-        return self.get_assets().only(
-            "id", "name", "address", "platform_id",
-            "org_id", "is_active"
-        ).prefetch_related('platform')
-
-    def get_all_assets_for_tree(self):
-        return self.get_all_assets().only(
-            "id", "name", "address", "platform_id",
-            "org_id", "is_active"
-        ).prefetch_related('platform')
-
     def get_valid_assets(self):
         return self.get_assets().valid()
 

apps/authentication/api/connection_token.py

@@ -76,8 +76,11 @@ class RDPFileClientProtocolURLMixin:
         rdp_options['screen mode id:i'] = '2' if full_screen else '1'
 
         # 设置 RDP Server 地址
-        endpoint = self.get_smart_endpoint(protocol='rdp', asset=token.asset)
-        rdp_options['full address:s'] = f'{endpoint.host}:{endpoint.rdp_port}'
+        protocol = 'rdp7' if token.protocol == 'rdp7' else 'rdp'
+        endpoint = self.get_smart_endpoint(protocol=protocol, asset=token.asset)
+        # 由于 remoteapp 使用 mstsc 客户端连接的时候，都是 rdp 端口， 这里特殊判断 rdp7 端口
+        protocol_port = endpoint.get_protocol_port(protocol, default=3389)
+        rdp_options['full address:s'] = f'{endpoint.host}:{protocol_port}'
 
         # 设置用户名
         rdp_options['username:s'] = '{}|{}'.format(token.user.username, str(token.id))

apps/terminal/automations/deploy_applet_host/playbook.yml

@@ -65,15 +65,15 @@
           - '%USERPROFILE%\AppData\Local\Programs\Tinker\'
         scope: user
 
-    - name: Download python-3.10.8
+    - name: Download python-3.10.11
       ansible.windows.win_get_url:
-        url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-3.10.8-amd64.exe"
-        dest: "{{ ansible_env.TEMP }}\\python-3.10.8-amd64.exe"
+        url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-3.10.11-amd64.exe"
+        dest: "{{ ansible_env.TEMP }}\\python-3.10.11-amd64.exe"
         validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
 
-    - name: Install the python-3.10.8
+    - name: Install the python-3.10.11
       ansible.windows.win_package:
-        path: "{{ ansible_env.TEMP }}\\python-3.10.8-amd64.exe"
+        path: "{{ ansible_env.TEMP }}\\python-3.10.11-amd64.exe"
         product_id: '{371d0d73-d418-4ffe-b280-58c3e7987525}'
         arguments:
           - /quiet
@@ -157,35 +157,43 @@
         script: |
           pip install -r '{{ ansible_env.TEMP }}\pip_packages\pip_packages\requirements.txt' --no-index --find-links='{{ ansible_env.TEMP }}\pip_packages\pip_packages'
 
-    - name: Download chromedriver (Chromium)
+    - name: Download chromedriver (Chrome)
       ansible.windows.win_get_url:
         url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chromedriver_win32.zip"
         dest: "{{ ansible_env.TEMP }}\\chromedriver_win32.zip"
         validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
 
-    - name: Unzip chromedriver (Chromium)
+    - name: Unzip chromedriver (Chrome)
       community.windows.win_unzip:
         src: "{{ ansible_env.TEMP }}\\chromedriver_win32.zip"
         dest: C:\Program Files\JumpServer\drivers
 
-    - name: Download chromium zip package (Chromium)
+    - name: Download Chrome zip package (Chrome)
       ansible.windows.win_get_url:
         url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chrome-win.zip"
         dest: "{{ ansible_env.TEMP }}\\chrome-win.zip"
         validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
 
-    - name: Unzip Chromium (Chromium)
+    - name: Unzip Chrome (Chrome)
       community.windows.win_unzip:
         src: "{{ ansible_env.TEMP }}\\chrome-win.zip"
-        dest: C:\Program Files\Chrome
+        dest: C:\Program Files\JumpServer\applications
 
-    - name: Set chromium and driver on the global system path (Chromium)
+    - name: Check and Clean global system path (Chrome)
       ansible.windows.win_path:
         elements:
           - 'C:\Program Files\Chrome\chrome-win32'
+          - 'C:\Program Files\Chrome\chrome-win'
+          - 'C:\Program Files\chrome-win'
+        state: absent
+
+    - name: Set Chrome and driver on the global system path (Chrome)
+      ansible.windows.win_path:
+        elements:
+          - 'C:\Program Files\JumpServer\applications\Chrome\Application'
           - 'C:\Program Files\JumpServer\drivers\chromedriver_win32'
 
-    - name: Set Chromium variables disable Google Api (Chromium)
+    - name: Set Chrome variables disable Google Api (Chrome)
       ansible.windows.win_environment:
         level: machine
         variables:

apps/terminal/connect_methods.py

@@ -22,6 +22,7 @@ class WebMethod(TextChoices):
             Protocol.ssh: [cls.web_cli, cls.web_sftp],
             Protocol.telnet: [cls.web_cli],
             Protocol.rdp: [cls.web_gui],
+            Protocol.rdp7: [cls.web_gui],
             Protocol.vnc: [cls.web_gui],
 
             Protocol.mysql: [cls.web_cli],
@@ -67,6 +68,7 @@ class NativeClient(TextChoices):
                 'windows': [cls.putty],
             },
             Protocol.rdp: [cls.mstsc],
+            Protocol.rdp7: [cls.mstsc],
             Protocol.mysql: [cls.db_client],
             Protocol.mariadb: [cls.db_client],
             Protocol.redis: [cls.db_client],
@@ -214,6 +216,12 @@ class ConnectMethodUtil:
                 'support': [Protocol.rdp],
                 'match': 'map'
             },
+            TerminalType.xrdp: {
+                'web_methods': [],
+                'listen': [Protocol.rdp7],
+                'support': [Protocol.rdp7],
+                'match': 'map'
+            },
         }
         return protocols
 

apps/terminal/migrations/0064_endpoint_rdp7_port.py

@@ -0,0 +1,20 @@
+# Generated by Django 3.2.17 on 2023-06-30 09:04
+
+import common.db.fields
+import django.core.validators
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('terminal', '0063_auto_20230621_1133'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='endpoint',
+            name='rdp7_port',
+            field=common.db.fields.PortField(default=3390, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(65535)], verbose_name='RDP7 port'),
+        ),
+    ]

apps/terminal/models/component/endpoint.py

@@ -16,6 +16,7 @@ class Endpoint(JMSBaseModel):
     http_port = PortField(default=80, verbose_name=_('HTTP port'))
     ssh_port = PortField(default=2222, verbose_name=_('SSH port'))
     rdp_port = PortField(default=3389, verbose_name=_('RDP port'))
+    rdp7_port = PortField(default=3390, verbose_name=_('RDP7 port'))
     mysql_port = PortField(default=33061, verbose_name=_('MySQL port'))
     mariadb_port = PortField(default=33062, verbose_name=_('MariaDB port'))
     postgresql_port = PortField(default=54320, verbose_name=_('PostgreSQL port'))
@@ -42,6 +43,9 @@ class Endpoint(JMSBaseModel):
             port = getattr(self, f'{protocol}_port', 0)
         return port
 
+    def get_protocol_port(self, protocol, default=0):
+        return getattr(self, f'{protocol}_port', default)
+
     def is_default(self):
         return str(self.id) == self.default_id
 

apps/terminal/serializers/endpoint.py

@@ -26,7 +26,7 @@ class EndpointSerializer(BulkModelSerializer):
         model = Endpoint
         fields_mini = ['id', 'name']
         fields_small = [
-            'host', 'https_port', 'http_port', 'ssh_port', 'rdp_port',
+            'host', 'https_port', 'http_port', 'ssh_port', 'rdp_port', 'rdp7_port',
             'mysql_port', 'mariadb_port', 'postgresql_port', 'redis_port',
             'oracle_port_range', 'oracle_port',
         ]