github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修复xrdp连接时报错 (#7202) 

* fix: 修复xrdp连接时报错

perf: 添加注释

* perf: 去掉import

Co-authored-by: ibuler <ibuler@qq.com>
pull/7208/head
fit2bot 2021-11-16 11:32:25 +08:00 committed by GitHub
parent c5ff0d972b
commit ed01f2f1fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
apps/authentication/api/connection_token.py
View File

@ -26,7 +26,6 @@ from orgs.mixins.api import RootOrgViewMixin
from common.http import is_true from common.http import is_true
from perms.utils.asset.permission import get_asset_system_user_ids_with_actions_by_user from perms.utils.asset.permission import get_asset_system_user_ids_with_actions_by_user
from perms.models.asset_permission import Action from perms.models.asset_permission import Action
from authentication.errors import NotHaveUpDownLoadPerm
from ..serializers import ( from ..serializers import (
ConnectionTokenSerializer, ConnectionTokenSecretSerializer, ConnectionTokenSerializer, ConnectionTokenSecretSerializer,
@ -96,22 +95,26 @@ class ClientProtocolMixin:
drives_redirect = is_true(self.request.query_params.get('drives_redirect')) drives_redirect = is_true(self.request.query_params.get('drives_redirect'))
token = self.create_token(user, asset, application, system_user) token = self.create_token(user, asset, application, system_user)
# 设置磁盘挂载
if drives_redirect and asset: if drives_redirect and asset:
systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset) systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
actions = systemuser_actions_mapper.get(system_user.id, []) actions = systemuser_actions_mapper.get(system_user.id, 0)
if actions & Action.UPDOWNLOAD: if actions & Action.UPDOWNLOAD:
options['drivestoredirect:s'] = '*' options['drivestoredirect:s'] = '*'
else:
raise NotHaveUpDownLoadPerm
# 全屏
options['screen mode id:i'] = '2' if full_screen else '1' options['screen mode id:i'] = '2' if full_screen else '1'
# RDP Server 地址
address = settings.TERMINAL_RDP_ADDR address = settings.TERMINAL_RDP_ADDR
if not address or address == 'localhost:3389': if not address or address == 'localhost:3389':
address = self.request.get_host().split(':')[0] + ':3389' address = self.request.get_host().split(':')[0] + ':3389'
options['full address:s'] = address options['full address:s'] = address
# 用户名
options['username:s'] = '{}|{}'.format(user.username, token) options['username:s'] = '{}|{}'.format(user.username, token)
if system_user.ad_domain: if system_user.ad_domain:
options['domain:s'] = system_user.ad_domain options['domain:s'] = system_user.ad_domain
# 宽高
if width and height: if width and height:
options['desktopwidth:i'] = width options['desktopwidth:i'] = width
options['desktopheight:i'] = height options['desktopheight:i'] = height
@ -160,13 +163,16 @@ class ClientProtocolMixin:
asset, application, system_user, user = self.get_request_resource(serializer) asset, application, system_user, user = self.get_request_resource(serializer)
protocol = system_user.protocol protocol = system_user.protocol
username = user.username username = user.username
name = ''
if protocol == 'rdp': if protocol == 'rdp':
name, config = self.get_rdp_file_content(serializer) name, config = self.get_rdp_file_content(serializer)
elif protocol == 'vnc': elif protocol == 'ssh':
raise HttpResponse(status=404, data={"error": "VNC not support"}) # Todo:
else: name = ''
config = 'ssh://system_user@asset@user@jumpserver-ssh' config = 'ssh://system_user@asset@user@jumpserver-ssh'
else:
raise ValueError('Protocol not support: {}'.format(protocol))
filename = "{}-{}-jumpserver".format(username, name) filename = "{}-{}-jumpserver".format(username, name)
data = { data = {
"filename": filename, "filename": filename,
@ -179,8 +185,13 @@ class ClientProtocolMixin:
@action(methods=['POST', 'GET'], detail=False, url_path='client-url', permission_classes=[IsValidUser]) @action(methods=['POST', 'GET'], detail=False, url_path='client-url', permission_classes=[IsValidUser])
def get_client_protocol_url(self, request, *args, **kwargs): def get_client_protocol_url(self, request, *args, **kwargs):
serializer = self.get_valid_serializer() serializer = self.get_valid_serializer()
try:
protocol_data = self.get_client_protocol_data(serializer) protocol_data = self.get_client_protocol_data(serializer)
protocol_data = base64.b64encode(json.dumps(protocol_data).encode()).decode() except ValueError as e:
return Response({'error': str(e)}, status=401)
protocol_data = json.dumps(protocol_data).encode()
protocol_data = base64.b64encode(protocol_data).decode()
data = { data = {
'url': 'jms://{}'.format(protocol_data), 'url': 'jms://{}'.format(protocol_data),
} }
@ -348,14 +359,12 @@ class UserConnectionTokenViewSet(
raise serializers.ValidationError("User not valid, disabled or expired") raise serializers.ValidationError("User not valid, disabled or expired")
system_user = get_object_or_404(SystemUser, id=value.get('system_user')) system_user = get_object_or_404(SystemUser, id=value.get('system_user'))
asset = None asset = None
app = None app = None
if value.get('type') == 'asset': if value.get('type') == 'asset':
asset = get_object_or_404(Asset, id=value.get('asset')) asset = get_object_or_404(Asset, id=value.get('asset'))
if not asset.is_active: if not asset.is_active:
raise serializers.ValidationError("Asset disabled") raise serializers.ValidationError("Asset disabled")
has_perm, expired_at = asset_validate_permission(user, asset, system_user, 'connect') has_perm, expired_at = asset_validate_permission(user, asset, system_user, 'connect')
else: else:
app = get_object_or_404(Application, id=value.get('application')) app = get_object_or_404(Application, id=value.get('application'))

6
apps/authentication/errors.py
View File

@ -345,12 +345,6 @@ class PasswordInvalid(JMSException):
default_detail = _('Your password is invalid') default_detail = _('Your password is invalid')
class NotHaveUpDownLoadPerm(JMSException):
status_code = status.HTTP_403_FORBIDDEN
code = 'not_have_up_down_load_perm'
default_detail = _('No upload or download permission')
class MFACodeRequiredError(AuthFailedError): class MFACodeRequiredError(AuthFailedError):
error = 'mfa_code_required' error = 'mfa_code_required'
msg = _("Please enter MFA code") msg = _("Please enter MFA code")