github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

modify some

pull/26/head
ibuler 2015-06-09 23:06:32 +08:00
parent e979c2753b
commit fc22677f3f
5 changed files with 278 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
connect.py
View File

@ -27,8 +27,8 @@ if django.get_version() != '1.6':
django.setup() django.setup()
from juser.models import User from juser.models import User
from jlog.models import Log from jlog.models import Log
from jumpserver.api import CONF, BASE_DIR, ServerError, user_perm_group_api, user_perm_group_hosts_api, get_user_host from jumpserver.api import CONF, BASE_DIR, ServerError, Juser
from jumpserver.api import AssetAlias, get_connect_item from jumpserver.api import AssetAlias, get_connect_item, logger
try: try:
import termios import termios
@ -41,6 +41,7 @@ except ImportError:
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
log_dir = os.path.join(BASE_DIR, 'logs') log_dir = os.path.join(BASE_DIR, 'logs')
login_name = getpass.getuser() login_name = getpass.getuser()
user = Juser(username=login_name)
def color_print(msg, color='blue'): def color_print(msg, color='blue'):
@ -177,52 +178,80 @@ def posix_shell(chan, username, host):
log.log_finished = False log.log_finished = False
log.end_time = datetime.datetime.now() log.end_time = datetime.datetime.now()
log.save() log.save()
# print_prompt()
def get_user_host_group(username): # def get_user_host_group(username):
""" # """
Get the host groups of under the user control. # Get the host groups of under the user control.
获取用户有权限的主机组 # 获取用户有权限的主机组
""" # """
groups_attr = {} # groups_attr = {}
group_all = user_perm_group_api(username) # group_all = get_host_groups(username)
for group in group_all: # for group in group_all:
groups_attr[group.name] = [group.id, group.comment] # groups_attr[group.name] = [group.id, group.comment]
return groups_attr # return groups_attr
def get_host_group_host(username, gid): # def get_user_host_group_member(username, gid):
""" # """
Get the host group hosts of under the user control. # Get the host group hosts of under the user control.
获取用户有权限主机组下的主机 # 获取用户有权限主机组下的主机
""" # """
groups_attr = get_user_host_group(username) # groups_attr = get_user_host_group(username)
groups_ids = [attr[0] for name, attr in groups_attr.items()] # groups_ids = [attr[0] for name, attr in groups_attr.items()]
hosts_attr = {} # hosts_attr = {}
if gid in groups_ids: # if int(gid) in groups_ids:
user = User.objects.filter(username=username) # user = User.objects.filter(username=username)
if user: # if user:
user = user[0] # user = user[0]
hosts = user_perm_group_hosts_api(gid) # hosts = get_host_groups(gid)
for host in hosts: # for host in hosts:
alias = AssetAlias.objects.filter(user=user, host=host) # alias = AssetAlias.objects.filter(user=user, host=host)
if alias and alias[0].alias != '': # if alias and alias[0].alias != '':
hosts_attr[host.ip] = [host.id, host.ip, alias[0].alias] # hosts_attr[host.ip] = [host.id, host.ip, alias[0].alias]
else: # else:
hosts_attr[host.ip] = [host.id, host.ip, host.comment] # hosts_attr[host.ip] = [host.id, host.ip, host.comment]
return hosts_attr # return hosts_attr
# def user_asset_info(user, printable=False):
# """
# Get or Print asset info
# 获取或打印用户资产信息
# """
# assets_info = {}
# try:
# assets = get_asset(user)
# except ServerError, e:
# color_print(e, 'red')
# return
#
# for asset in assets:
# asset_alias = AssetAlias.objects.filter(user=user, asset=asset)
# if asset_alias and asset_alias[0].alias != '':
# assets_info[asset.ip] = [asset.id, asset.ip, asset_alias[0].alias]
# else:
# assets_info[asset.ip] = [asset.id, asset.ip, asset.comment]
#
# if printable:
# ips = assets_info.keys()
# ips.sort()
# for ip in ips:
# print '%-15s -- %s' % (ip, assets_info[ip][2])
# print ''
# else:
# return assets_info
def verify_connect(username, part_ip): def verify_connect(username, part_ip):
ip_matched = [] ip_matched = []
try: try:
hosts_attr = get_user_host(username) assets = get_asset(username=username)
hosts = hosts_attr.values()
except ServerError, e: except ServerError, e:
color_print(e, 'red') color_print(e, 'red')
return False return False
assets_info =
for ip_info in hosts: for ip_info in hosts:
if part_ip in ip_info[1:] and part_ip: if part_ip in ip_info[1:] and part_ip:
ip_matched = [ip_info[1]] ip_matched = [ip_info[1]]
@ -254,29 +283,16 @@ def print_prompt():
print textwrap.dedent(msg) print textwrap.dedent(msg)
def print_user_host(username): # def print_user_host_group(username):
try: # host_groups = get_host_groups(username)
hosts_attr = get_user_host(username) # for host_group in host_groups:
except ServerError, e: # print "[%3s] %s -- %s" % (host_group.id, host_group.ip, host_group.comment)
color_print(e, 'red')
return
hosts = hosts_attr.keys()
hosts.sort()
for ip in hosts:
print '%-15s -- %s' % (ip, hosts_attr[ip][2])
print ''
def print_user_hostgroup(username): def asset_group_member(username, gid):
group_attr = get_user_host_group(username)
groups = group_attr.keys()
for g in groups:
print "[%3s] %s -- %s" % (group_attr[g][0], g, group_attr[g][1])
def print_user_hostgroup_host(username, gid):
pattern = re.compile(r'\d+') pattern = re.compile(r'\d+')
match = pattern.match(gid) match = pattern.match(gid)
if match: if match:
hosts_attr = get_host_group_host(username, gid) hosts_attr = get_host_group_host(username, gid)
hosts = hosts_attr.keys() hosts = hosts_attr.keys()
@ -397,6 +413,9 @@ def exec_cmd_servers(username):
if __name__ == '__main__': if __name__ == '__main__':
if not user.validate():
color_print_exit(u'没有该用户 No that user.')
print_prompt() print_prompt()
gid_pattern = re.compile(r'^g\d+$') gid_pattern = re.compile(r'^g\d+$')
try: try:
@ -409,10 +428,10 @@ if __name__ == '__main__':
except KeyboardInterrupt: except KeyboardInterrupt:
sys.exit(0) sys.exit(0)
if option in ['P', 'p']: if option in ['P', 'p']:
print_user_host(login_name) user.get_asset_info(printable=True)
continue continue
elif option in ['G', 'g']: elif option in ['G', 'g']:
print_user_hostgroup(login_name) user.get_asset_group_info(printable=True)
continue continue
elif gid_pattern.match(option): elif gid_pattern.match(option):
gid = option[1:].strip() gid = option[1:].strip()

2
jasset/models.py
View File

@ -47,7 +47,7 @@ class Asset(models.Model):
class AssetAlias(models.Model): class AssetAlias(models.Model):
user = models.ForeignKey(User) user = models.ForeignKey(User)
host = models.ForeignKey(Asset) asset = models.ForeignKey(Asset)
alias = models.CharField(max_length=100, blank=True, null=True) alias = models.CharField(max_length=100, blank=True, null=True)
def __unicode__(self): def __unicode__(self):

3
jlog/views.py
View File

@ -76,7 +76,10 @@ def log_kill(request):
deptname = get_session_user_info(request)[4] deptname = get_session_user_info(request)[4]
if is_group_admin(request) and dept_name != deptname: if is_group_admin(request) and dept_name != deptname:
return httperror(request, u'Kill失败, 您无权操作!') return httperror(request, u'Kill失败, 您无权操作!')
try:
os.kill(int(pid), 9) os.kill(int(pid), 9)
except OSError:
pass
Log.objects.filter(pid=pid).update(is_finished=1, end_time=datetime.datetime.now()) Log.objects.filter(pid=pid).update(is_finished=1, end_time=datetime.datetime.now())
return render_to_response('jlog/log_offline.html', locals(), context_instance=RequestContext(request)) return render_to_response('jlog/log_offline.html', locals(), context_instance=RequestContext(request))
else: else:

1
jumpserver.conf
View File

@ -4,6 +4,7 @@
ip = 192.168.20.209 ip = 192.168.20.209
port = 80 port = 80
key = 88aaaf7ffe3c6c04 key = 88aaaf7ffe3c6c04
log = debug
[db] [db]

247
jumpserver/api.py
View File

@ -23,20 +23,32 @@ from jasset.models import AssetAlias
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.core.mail import send_mail from django.core.mail import send_mail
import json import json
import logging
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
CONF = ConfigParser() CONF = ConfigParser()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs') LOG_DIR = os.path.join(BASE_DIR, 'logs')
JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') # SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('base', 'key') KEY = CONF.get('base', 'key')
LOGIN_NAME = getpass.getuser() LOGIN_NAME = getpass.getuser()
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
SEND_IP = CONF.get('base', 'ip') SEND_IP = CONF.get('base', 'ip')
SEND_PORT = CONF.get('base', 'port') SEND_PORT = CONF.get('base', 'port')
MAIL_FROM = CONF.get('mail', 'email_host_user') MAIL_FROM = CONF.get('mail', 'email_host_user')
log_level = CONF.get('base', 'log')
log_level_total = {'debug': logging.DEBUG, 'info': logging.INFO, 'warning': logging.WARN, 'error': logging.ERROR,
'critical': logging.CRITICAL}
logger = logging.getLogger('jumpserver')
logger.setLevel(logging.DEBUG)
fh = logging.FileHandler(JLOG_FILE)
fh.setLevel(log_level_total.get(log_level, logging.DEBUG))
formatter = logging.Formatter('%(asctime)s - %(filename)s - %(levelname)s - %(message)s')
fh.setFormatter(formatter)
logger.addHandler(fh)
class LDAPMgmt(): class LDAPMgmt():
@ -87,14 +99,6 @@ class LDAPMgmt():
except ldap.LDAPError, e: except ldap.LDAPError, e:
print e print e
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
try:
plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError:
raise ServerError('Decrypt password error, TYpe error.')
return plain_text.rstrip('\0')
if LDAP_ENABLE: if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url') LDAP_HOST_URL = CONF.get('ldap', 'host_url')
@ -292,40 +296,199 @@ def user_group_perm_asset_group_api(user_group):
return asset_group_list return asset_group_list
def user_perm_group_api(username): class Juser(object):
def __init__(self, username=None, uid=None):
if username: if username:
user = User.objects.get(username=username) user = User.objects.filter(username=username)
elif uid:
user = User.objects.filter(id=uid)
else:
user = ''
if user:
user = user[0]
self.user = user
self.id = user.id
self.username = user.username
self.name = user.name
self.group = user.group.all()
def validate(self):
"""
Validate is or not a true user
鉴定用户
"""
if self.user:
return True
else:
return False
def get_asset_group(self):
"""
Get user host_groups.
获取用户有权限的主机组
"""
host_group_list = []
perm_list = [] perm_list = []
user_group_all = user.group.all() user_group_all = self.user.group.all()
for user_group in user_group_all: for user_group in user_group_all:
perm_list.extend(user_group.perm_set.all()) perm_list.extend(user_group.perm_set.all())
asset_group_list = []
for perm in perm_list: for perm in perm_list:
asset_group_list.append(perm.asset_group) host_group_list.append(perm.asset_group)
return asset_group_list
return host_group_list
def user_perm_group_hosts_api(gid): def get_asset_group_info(self, printable=False):
hostgroup = BisGroup.objects.filter(id=gid) """
if hostgroup: Get or print asset group info
return hostgroup[0].asset_set.all() 获取或打印用户授权资产组
"""
asset_groups_info = {}
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
if printable:
for group_id in asset_groups_info:
if asset_groups_info[group_id][1]:
print "[%3s] %s -- %s" % (group_id,
asset_groups_info[group_id][0],
asset_groups_info[group_id][1])
else: else:
return [] print "[%3s] %s" % (group_id, asset_groups_info[group_id][0])
def user_perm_asset_api(username):
user = User.objects.filter(username=username)
if user:
user = user[0]
asset_list = []
asset_group_list = user_perm_group_api(user)
for asset_group in asset_group_list:
asset_list.extend(asset_group.asset_set.all())
asset_list = list(set(asset_list))
return asset_list
else: else:
return [] return asset_groups_info
def get_asset(self):
"""
Get the hosts of under the user control.
获取主机列表
"""
hosts = []
host_groups = self.get_asset_group()
for host_group in host_groups:
hosts.extend(get_asset_group_member(host_group.id))
return hosts
def get_asset_info(self, printable=False):
"""
Get or print the user asset info
获取或打印用户资产信息
"""
assets_info = {}
assets = self.get_asset()
for asset in assets:
asset_alias = AssetAlias.objects.filter(user=self.user, asset=asset)
if asset_alias and asset_alias[0].alias != '':
assets_info[asset.ip] = [asset.id, asset.ip, asset_alias[0].alias]
else:
assets_info[asset.ip] = [asset.id, asset.ip, asset.comment]
if printable:
ips = assets_info.keys()
ips.sort()
for ip in ips:
if assets_info[ip][2]:
print '%-15s -- %s' % (ip, assets_info[ip][2])
else:
print '%-15s' % ip
print ''
else:
return assets_info
class Jasset(object):
def __init__(self, ip=None, id=None):
if ip:
asset = Asset.objects.filter(ip=ip)
elif id:
asset = Asset.objects.filter(id=id)
else:
asset = ''
if asset:
asset = asset[0]
self.asset = asset
self.ip = asset.ip
self.id = asset.id
self.port = asset.port
self.comment = asset.comment
def validate(self):
if self.asset:
return True
else:
return False
class JassetGroup(object):
pass
# def get_asset_group(user=None):
# """
# Get user host_groups.
# 获取用户有权限的主机组
# """
# host_group_list = []
# if user:
# user = user[0]
# perm_list = []
# user_group_all = user.group.all()
# for user_group in user_group_all:
# perm_list.extend(user_group.perm_set.all())
#
# host_group_list = []
# for perm in perm_list:
# host_group_list.append(perm.asset_group)
# return host_group_list
def get_asset_group_member(gid):
"""
Get host_group's member host
获取主机组下的主机
"""
hosts = []
if gid:
host_group = BisGroup.objects.filter(id=gid)
if host_group:
host_group = host_group[0]
hosts = host_group.asset_set.all()
return hosts
# def get_asset(user=None):
# """
# Get the hosts of under the user control.
# 获取主机列表
# """
# hosts = []
# if user:
# host_groups = get_asset_group(user)
# for host_group in host_groups:
# hosts.extend(get_asset_group_member(host_group.id))
# return hosts
# def user_perm_asset_api(username):
# user = User.objects.filter(username=username)
# if user:
# user = user[0]
# asset_list = []
# asset_group_list = user_perm_group_api(user)
# for asset_group in asset_group_list:
# asset_list.extend(asset_group.asset_set.all())
# asset_list = list(set(asset_list))
# return asset_list
# else:
# return []
def asset_perm_api(asset): def asset_perm_api(asset):
@ -346,24 +509,6 @@ def asset_perm_api(asset):
return user_permed_list return user_permed_list
def get_user_host(username):
"""Get the hosts of under the user control."""
hosts_attr = {}
asset_all = user_perm_asset_api(username)
user = User.objects.filter(username=username)
if user:
user = user[0]
for asset in asset_all:
alias = AssetAlias.objects.filter(user=user, host=asset)
if alias and alias[0].alias != '':
hosts_attr[asset.ip] = [asset.id, asset.ip, alias[0].alias]
else:
hosts_attr[asset.ip] = [asset.id, asset.ip, asset.comment]
return hosts_attr
else:
raise ServerError('User %s does not exit!' % username)
def get_connect_item(username, ip): def get_connect_item(username, ip):
asset = get_object(Asset, ip=ip) asset = get_object(Asset, ip=ip)
port = int(asset.port) port = int(asset.port)