diff --git a/config.ini.in b/config.ini.in index e8de23d..fbc4f5e 100644 --- a/config.ini.in +++ b/config.ini.in @@ -1,6 +1,6 @@ [toolchain] #============================================ -# for windows +# for Windows #============================================ # Need wget to download necessary dependency files. @@ -24,7 +24,7 @@ wget = C:\Program Files (x86)\wget\wget.exe # ============================================ -# for linux +# for Linux and macOS # ============================================ # if not set cmake path, default to '/usr/bin/cmake' diff --git a/server/www/teleport/webroot/app/base/database/create.py b/server/www/teleport/webroot/app/base/database/create.py index e831250..c519684 100644 --- a/server/www/teleport/webroot/app/base/database/create.py +++ b/server/www/teleport/webroot/app/base/database/create.py @@ -31,6 +31,7 @@ class DatabaseInit: self._create_audit_map() self._create_syslog() self._create_record() + self._create_record_audit() self._make_builtin_data(sysadmin, email, password) except: log.e('[db] can not create and initialize database.\n') @@ -127,7 +128,7 @@ class DatabaseInit: f.append('`auth_type` int(11) DEFAULT 0') # password: 登录密码(如果是LDAP账号则忽略此字段) f.append('`password` varchar(128) DEFAULT ""') - # oath_secret: 身份验证器密钥(使用核心服务加密存储) + # oath_secret: 身份验证器密钥 f.append('`oath_secret` varchar(64) DEFAULT ""') # state: 状态,1=正常,2=禁用,3=临时锁定 f.append('`state` int(3) DEFAULT 1') @@ -165,6 +166,7 @@ class DatabaseInit: def _create_user_rpt(self): """ 用户忘记密码时重置需要进行验证的token,24小时有效 + rpt = Reset Password Token """ f = list() @@ -178,7 +180,7 @@ class DatabaseInit: f.append('`create_time` int(11) DEFAULT 0') self._db_exec( - '创建用户找回密码表...', + '创建用户密码重置表...', 'CREATE TABLE `{}user_rpt` ({});'.format(self.db.table_prefix, ','.join(f)) ) @@ -745,6 +747,9 @@ class DatabaseInit: # id: 自增主键 f.append('`id` integer PRIMARY KEY {}'.format(self.db.auto_increment)) + # audited: 是否已审查 + f.append('`audited` int(3) DEFAULT 0') + # sid: 会话ID f.append('`sid` varchar(32) DEFAULT ""') @@ -783,7 +788,7 @@ class DatabaseInit: f.append('`protocol_sub_type` int(11) DEFAULT 0') # time_begin: 会话开始时间 - f.append('`time_begin` int(11)') + f.append('`time_begin` int(11) DEFAULT 0') # time_end: 会话结束时间 f.append('`time_end` int(11) DEFAULT 0') @@ -792,6 +797,32 @@ class DatabaseInit: 'CREATE TABLE `{}record` ({});'.format(self.db.table_prefix, ','.join(f)) ) + def _create_record_audit(self): + """ 运维录像日志审计操作及结果 """ + f = list() + + # id: 自增主键 + f.append('`id` integer PRIMARY KEY {}'.format(self.db.auto_increment)) + # record_id: 运维日志ID + f.append('`record_id` int(11) DEFAULT 0') + # user_id: 审计者ID + f.append('`user_id` int(11) DEFAULT 0') + # user_name: 审计者用户名 + f.append('`user_username` varchar(32) DEFAULT ""') + # user_surname: 审计者用户姓名 + f.append('`user_surname` varchar(64) DEFAULT ""') + # ts: 审计时间 timestamp + f.append('`ts` int(11) DEFAULT 0') + # ret_code: 审计结果 + f.append('`ret_code` TEXT') + # ret_desc: 审计结果说明 + f.append('`ret_desc` TEXT') + + self._db_exec( + '创建运维审计操作表...', + 'CREATE TABLE `{}record_audit` ({});'.format(self.db.table_prefix, ','.join(f)) + ) + def _make_builtin_data(self, sysadmin, email, password): _time_now = tp_timestamp_utc_now() diff --git a/server/www/teleport/webroot/app/base/db.py b/server/www/teleport/webroot/app/base/db.py index 5ac5641..59cbe6b 100644 --- a/server/www/teleport/webroot/app/base/db.py +++ b/server/www/teleport/webroot/app/base/db.py @@ -63,8 +63,8 @@ class TPDatabase: cfg.set_default('database::sqlite-file', os.path.join(cfg.data_path, 'db', 'teleport.db')) if not self._init_sqlite(cfg.database.sqlite_file): return False - # if self.need_create: - # return True + if self.need_create: + return True elif 'mysql' == cfg.database.type: if not self._init_mysql(cfg.database.mysql_host, cfg.database.mysql_port, cfg.database.mysql_db, cfg.database.mysql_prefix, @@ -81,6 +81,8 @@ class TPDatabase: self.connected = True def check_status(self): + if self.need_create: + return True # 看看数据库中是否存在指定的数据表(如果不存在,可能是一个空数据库文件),则可能是一个新安装的系统 # ret = self.query('SELECT COUNT(*) FROM `sqlite_master` WHERE `type`="table" AND `name`="{}account";'.format(self._table_prefix)) ret = self.is_table_exists('{}config'.format(self._table_prefix)) @@ -194,6 +196,8 @@ class TPDatabase: return None def query(self, sql, args=()): + if self.need_create: + return None # log.d('[db] {}, {}\n'.format(sql, args)) # _start = datetime.datetime.utcnow().timestamp() ret = self._conn_pool.query(sql, args) @@ -388,9 +392,9 @@ class TPSqlitePool(TPDatabasePool): self._db_file = db_file def _do_connect(self): - if not os.path.exists(self._db_file): - log.e('[sqlite] can not connect, database file not exists.\n') - return None + # if not os.path.exists(self._db_file): + # log.e('[sqlite] can not connect, database file not exists.\n') + # return None try: return sqlite3.connect(self._db_file)