From ac238aa36e37513523ec00f7266189addb50c023 Mon Sep 17 00:00:00 2001 From: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Date: Wed, 25 Jul 2018 17:51:09 +0800 Subject: [PATCH 1/5] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=99=BB=E5=BD=95=E5=A4=B1=E8=B4=A5=E9=99=90=E5=88=B6?= =?UTF-8?q?=E6=AC=A1=E6=95=B0=EF=BC=8C3->7=20(#1586)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Update] 修改用户登录失败限制次数,3->7 * [Update] 修改用户登录失败限制次数,3->7 - 续 --- apps/common/forms.py | 2 +- apps/jumpserver/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/common/forms.py b/apps/common/forms.py index a11420498..8667aa128 100644 --- a/apps/common/forms.py +++ b/apps/common/forms.py @@ -181,7 +181,7 @@ class SecuritySettingForm(BaseForm): ) # limit login count SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField( - initial=3, min_value=3, + initial=7, min_value=3, label=_("Limit the number of login failures") ) # limit login time diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index 547a9ac3d..0bd38d95b 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -406,7 +406,7 @@ TERMINAL_REPLAY_STORAGE = { DEFAULT_PASSWORD_MIN_LENGTH = 6 -DEFAULT_LOGIN_LIMIT_COUNT = 3 +DEFAULT_LOGIN_LIMIT_COUNT = 7 DEFAULT_LOGIN_LIMIT_TIME = 30 # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html From 74c3f122757b2ce246e15b9c661c847dd85fa45c Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 26 Jul 2018 14:37:10 +0800 Subject: [PATCH 2/5] =?UTF-8?q?[Update]=20=E6=B7=BB=E5=8A=A0=E8=84=9A?= =?UTF-8?q?=E6=9C=AC=EF=BC=8C=E5=B0=86windows=E5=8D=8F=E8=AE=AE=E6=94=B9?= =?UTF-8?q?=E4=B8=BArdp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/models/domain.py | 2 +- utils/2018_07_15_set_win_protocol_to_ssh.sh | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 utils/2018_07_15_set_win_protocol_to_ssh.sh diff --git a/apps/assets/models/domain.py b/apps/assets/models/domain.py index 6f29a0381..61c3bcc1f 100644 --- a/apps/assets/models/domain.py +++ b/apps/assets/models/domain.py @@ -43,7 +43,7 @@ class Gateway(AssetUser): ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True) port = models.IntegerField(default=22, verbose_name=_('Port')) protocol = models.CharField(choices=PROTOCOL_CHOICES, max_length=16, default=SSH_PROTOCOL, verbose_name=_("Protocol")) - domain = models.ForeignKey(Domain, verbose_name=_("Domain")) + domain = models.ForeignKey(Domain, verbose_name=_("Domain"), on_delete=models.CASCADE) comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=_("Comment")) is_active = models.BooleanField(default=True, verbose_name=_("Is active")) diff --git a/utils/2018_07_15_set_win_protocol_to_ssh.sh b/utils/2018_07_15_set_win_protocol_to_ssh.sh new file mode 100644 index 000000000..6d8596244 --- /dev/null +++ b/utils/2018_07_15_set_win_protocol_to_ssh.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# + +python ../apps/manage.py shell << EOF +from assets.models import Asset + +Asset.objects.filter(platform__startswith='Win').update(protocol='rdp') + +EOF From 7e65e44a3cec8e66eff60ea84f42d88755c73c25 Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 26 Jul 2018 18:12:25 +0800 Subject: [PATCH 3/5] =?UTF-8?q?[Update]=20=E5=85=BC=E5=AE=B9guacamole?= =?UTF-8?q?=E6=89=8B=E5=8A=A8=E6=A8=A1=E5=BC=8F=E4=B8=8A=E4=BC=A0system=20?= =?UTF-8?q?user=E6=98=AFuuid?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/models/user.py | 20 +++++++++++++++++++ apps/terminal/api.py | 13 ++++++++---- apps/terminal/hands.py | 3 ++- .../templates/terminal/session_list.html | 2 +- apps/terminal/templatetags/terminal_tags.py | 2 ++ 5 files changed, 34 insertions(+), 6 deletions(-) diff --git a/apps/assets/models/user.py b/apps/assets/models/user.py index 5faca5da8..21b7c9a41 100644 --- a/apps/assets/models/user.py +++ b/apps/assets/models/user.py @@ -118,6 +118,8 @@ class SystemUser(AssetUser): shell = models.CharField(max_length=64, default='/bin/bash', verbose_name=_('Shell')) login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=AUTO_LOGIN, max_length=10, verbose_name=_('Login mode')) + cache_key = "__SYSTEM_USER_CACHED_{}" + def __str__(self): return '{0.name}({0.username})'.format(self) @@ -154,6 +156,24 @@ class SystemUser(AssetUser): else: return False + def set_cache(self): + cache.set(self.cache_key.format(self.id), self, 3600) + + def expire_cache(self): + cache.delete(self.cache_key.format(self.id)) + + @classmethod + def get_system_user_by_id_or_cached(cls, sid): + cached = cache.get(cls.cache_key.format(sid)) + if cached: + return cached + try: + system_user = cls.objects.get(id=sid) + system_user.set_cache() + return system_user + except cls.DoesNotExist: + return None + class Meta: ordering = ['name'] verbose_name = _("System user") diff --git a/apps/terminal/api.py b/apps/terminal/api.py index b428acb3e..956491f21 100644 --- a/apps/terminal/api.py +++ b/apps/terminal/api.py @@ -4,7 +4,6 @@ from collections import OrderedDict import logging import os import uuid -import copy from django.core.cache import cache from django.shortcuts import get_object_or_404, redirect @@ -16,12 +15,13 @@ from django.conf import settings import jms_storage -from rest_framework import viewsets, serializers +from rest_framework import viewsets from rest_framework.views import APIView, Response from rest_framework.permissions import AllowAny from rest_framework_bulk import BulkModelViewSet -from common.utils import get_object_or_none +from common.utils import get_object_or_none, is_uuid +from .hands import SystemUser from .models import Terminal, Status, Session, Task from .serializers import TerminalSerializer, StatusSerializer, \ SessionSerializer, TaskSerializer, ReplaySerializer @@ -187,8 +187,13 @@ class SessionViewSet(viewsets.ModelViewSet): return self.queryset def perform_create(self, serializer): - if self.request.user.terminal: + if hasattr(self.request.user, 'terminal'): serializer.validated_data["terminal"] = self.request.user.terminal + sid = serializer.validated_data["system_user"] + if is_uuid(sid): + _system_user = SystemUser.get_system_user_by_id_or_cached(sid) + if _system_user: + serializer.validated_data["system_user"] = _system_user.name return super().perform_create(serializer) diff --git a/apps/terminal/hands.py b/apps/terminal/hands.py index ce075bfc5..3461730b8 100644 --- a/apps/terminal/hands.py +++ b/apps/terminal/hands.py @@ -4,4 +4,5 @@ from users.models import User from users.permissions import IsSuperUserOrAppUser, IsAppUser, \ IsSuperUserOrAppUserOrUserReadonly -from users.utils import AdminUserRequiredMixin \ No newline at end of file +from users.utils import AdminUserRequiredMixin +from assets.models import SystemUser \ No newline at end of file diff --git a/apps/terminal/templates/terminal/session_list.html b/apps/terminal/templates/terminal/session_list.html index 33ae09877..4bdf61fab 100644 --- a/apps/terminal/templates/terminal/session_list.html +++ b/apps/terminal/templates/terminal/session_list.html @@ -58,7 +58,7 @@
diff --git a/apps/terminal/templatetags/terminal_tags.py b/apps/terminal/templatetags/terminal_tags.py index c5643c67b..e8ba23186 100644 --- a/apps/terminal/templatetags/terminal_tags.py +++ b/apps/terminal/templatetags/terminal_tags.py @@ -1,6 +1,7 @@ # ~*~ coding: utf-8 ~*~ from django import template + from ..backends import get_multi_command_storage register = template.Library() @@ -10,3 +11,4 @@ command_store = get_multi_command_storage() @register.filter def get_session_command_amount(session_id): return command_store.count(session=session_id) + From d649aacfd6b0c101bbcf1ed806f917105a47a5d2 Mon Sep 17 00:00:00 2001 From: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Date: Thu, 26 Jul 2018 18:25:14 +0800 Subject: [PATCH 4/5] =?UTF-8?q?[Update]=20asset=20platform=20=E5=8F=96?= =?UTF-8?q?=E6=B6=88*required=20(#1595)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/forms/asset.py | 4 ++-- apps/assets/templates/assets/asset_create.html | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/assets/forms/asset.py b/apps/assets/forms/asset.py index 5000c087d..5e52e3ac9 100644 --- a/apps/assets/forms/asset.py +++ b/apps/assets/forms/asset.py @@ -45,7 +45,7 @@ class AssetCreateForm(forms.ModelForm): 'root or other NOPASSWD sudo privilege user existed in asset,' 'If asset is windows or other set any one, more see admin user left menu' ), - 'platform': _("* required Must set exact system platform, Windows, Linux ..."), + # 'platform': _("* required Must set exact system platform, Windows, Linux ..."), 'domain': _("If your have some network not connect with each other, you can set domain") } @@ -85,7 +85,7 @@ class AssetUpdateForm(forms.ModelForm): 'root or other NOPASSWD sudo privilege user existed in asset,' 'If asset is windows or other set any one, more see admin user left menu' ), - 'platform': _("* required Must set exact system platform, Windows, Linux ..."), + # 'platform': _("* required Must set exact system platform, Windows, Linux ..."), 'domain': _("If your have some network not connect with each other, you can set domain") } diff --git a/apps/assets/templates/assets/asset_create.html b/apps/assets/templates/assets/asset_create.html index 55e233d0d..2a3d62b3d 100644 --- a/apps/assets/templates/assets/asset_create.html +++ b/apps/assets/templates/assets/asset_create.html @@ -15,10 +15,10 @@ {% csrf_token %}

{% trans 'Basic' %}

{% bootstrap_field form.hostname layout="horizontal" %} - {% bootstrap_field form.platform layout="horizontal" %} {% bootstrap_field form.ip layout="horizontal" %} {% bootstrap_field form.protocol layout="horizontal" %} {% bootstrap_field form.port layout="horizontal" %} + {% bootstrap_field form.platform layout="horizontal" %} {% bootstrap_field form.public_ip layout="horizontal" %} {% bootstrap_field form.domain layout="horizontal" %} From 5ce3dd4079301a07f70da9cdefa2b77352509ea7 Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 26 Jul 2018 19:30:37 +0800 Subject: [PATCH 5/5] =?UTF-8?q?[Update]=20=E6=B7=BB=E5=8A=A0unblock=20user?= =?UTF-8?q?=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- utils/unblock_all_user.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 utils/unblock_all_user.sh diff --git a/utils/unblock_all_user.sh b/utils/unblock_all_user.sh new file mode 100644 index 000000000..6fe4e3356 --- /dev/null +++ b/utils/unblock_all_user.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# + +python ../apps/manage.py shell << EOF +from django.core.cache import cache + +cache.delete_pattern('_LOGIN_BLOCK_*') +cache.delete_pattern('_LOGIN_LIMIT_*') + +EOF