# coding: utf-8 from Crypto.PublicKey import RSA from subprocess import call from juser.models import AdminGroup from jumpserver.api import * from jumpserver.settings import BASE_DIR, EMAIL_HOST_USER as MAIL_FROM def group_add_user(group, user_id=None, username=None): """ 用户组中添加用户 UserGroup Add a user """ if user_id: user = get_object(User, id=user_id) else: user = get_object(User, username=username) if user: group.user_set.add(user) def db_add_group(**kwargs): """ add a user group in database 数据库中添加用户组 """ name = kwargs.get('name') group = get_object(UserGroup, name=name) users = kwargs.pop('users_id') if not group: group = UserGroup(**kwargs) group.save() for user_id in users: group_add_user(group, user_id) def group_update_member(group_id, users_id_list): """ user group update member 用户组更新成员 """ group = get_object(UserGroup, id=group_id) if group: group.user_set.clear() for user_id in users_id_list: user = get_object(UserGroup, id=user_id) if isinstance(user, UserGroup): group.user_set.add(user) def db_add_user(**kwargs): """ add a user in database 数据库中添加用户 """ groups_post = kwargs.pop('groups') admin_groups = kwargs.pop('admin_groups') role = kwargs.get('role', 'CU') user = User(**kwargs) user.set_password(kwargs.get('password')) user.save() if groups_post: group_select = [] for group_id in groups_post: group = UserGroup.objects.filter(id=group_id) group_select.extend(group) user.group = group_select if admin_groups and role == 'GA': # 如果是组管理员就要添加组管理员和组到管理组中 for group_id in admin_groups: group = get_object(UserGroup, id=group_id) if group: AdminGroup(user=user, group=group).save() return user def db_update_user(**kwargs): """ update a user info in database 数据库更新用户信息 """ groups_post = kwargs.pop('groups') admin_groups_post = kwargs.pop('admin_groups') user_id = kwargs.pop('user_id') user = User.objects.filter(id=user_id) user_get = User.objects.get(id=user_id) if user: pwd = kwargs.pop('password') user.update(**kwargs) if pwd != '': user_get.set_password(pwd) user_get.save() else: return None group_select = [] if groups_post: for group_id in groups_post: group = UserGroup.objects.filter(id=group_id) group_select.extend(group) user_get.group = group_select if admin_groups_post != '': user_get.admingroup_set.all().delete() for group_id in admin_groups_post: group = get_object(UserGroup, id=group_id) AdminGroup(user=user, group=group).save() def db_del_user(username): """ delete a user from database 从数据库中删除用户 """ user = get_object(User, username=username) if user: user.delete() def gen_ssh_key(username, password='', key_dir=os.path.join(KEY_DIR, 'user'), authorized_keys=True, home="/home", length=2048): """ generate a user ssh key in a property dir 生成一个用户ssh密钥对 """ logger.debug('生成ssh key, 并设置authorized_keys') private_key_file = os.path.join(key_dir, username+'.pem') mkdir(key_dir, mode=0777) if os.path.isfile(private_key_file): os.unlink(private_key_file) ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password)) if authorized_keys: auth_key_dir = os.path.join(home, username, '.ssh') mkdir(auth_key_dir, username=username , mode=0700) authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys') with open(private_key_file+'.pub') as pub_f: with open(authorized_key_file, 'w') as auth_f: auth_f.write(pub_f.read()) os.chmod(authorized_key_file, 0600) chown(authorized_key_file, username) def server_add_user(username, password, ssh_key_pwd='', ssh_key_login_need=True): """ add a system user in jumpserver 在jumpserver服务器上添加一个用户 """ bash("useradd '%s'; echo '%s'; echo '%s' | passwd --stdin '%s'" % (username, password, password, username)) if ssh_key_login_need: gen_ssh_key(username, ssh_key_pwd) def user_add_mail(user, kwargs): """ add user send mail 发送用户添加邮件 """ user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name mail_msg = u""" Hi, %s 您的用户名: %s 您的权限: %s 您的web登录密码: %s 您的ssh密钥文件密码: %s 密钥下载地址: %s/juser/key/down/?uuid=%s 说明: 请登陆后再下载密钥! """ % (user.name, user.username, user_role.get(user.role, u'普通用户'), kwargs.get('password'), kwargs.get('ssh_key_pwd'), URL, user.uuid) send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False) def server_del_user(username): """ delete a user from jumpserver linux system 删除系统上的某用户 """ bash('userdel -r %s' % username) def get_display_msg(user, password, ssh_key_pwd, ssh_key_login_need, send_mail_need): if send_mail_need: msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (user.name, user.email) return msg if ssh_key_login_need: msg = u""" 跳板机地址: %s 用户名:%s 密码:%s 密钥密码:%s 密钥下载url: %s/juser/key/down/?uuid=%s 该账号密码可以登陆web和跳板机。 """ % (URL, user.username, password, ssh_key_pwd, URL, user.uuid) else: msg = u""" 跳板机地址: %s \n 用户名:%s \n 密码:%s \n 该账号密码可以登陆web和跳板机。 """ % (URL, user.username, password) return msg