diff --git a/server/www/teleport/webroot/app/model/account.py b/server/www/teleport/webroot/app/model/account.py index 5c2746c..9a4cc0b 100644 --- a/server/www/teleport/webroot/app/model/account.py +++ b/server/www/teleport/webroot/app/model/account.py @@ -298,32 +298,56 @@ def update_account(handler, host_id, acc_id, args): db = get_db() # 1. 判断是否存在 - sql = 'SELECT id FROM {}acc WHERE host_id={host_id} AND id={acc_id};'.format(db.table_prefix, host_id=host_id, acc_id=acc_id) + sql = 'SELECT `id`, `host_ip`, `router_ip`, `router_port` FROM `{}acc` WHERE `host_id`={host_id} AND `id`={acc_id};'.format(db.table_prefix, host_id=host_id, acc_id=acc_id) db_ret = db.query(sql) if db_ret is None or len(db_ret) == 0: return TPE_NOT_EXISTS + _host_ip = db_ret[0][1] + _router_ip = db_ret[0][2] + _router_port = db_ret[0][3] + + sql_list = [] + sql = list() sql.append('UPDATE `{}acc` SET'.format(db.table_prefix)) _set = list() - _set.append('protocol_type={}'.format(args['protocol_type'])) - _set.append('protocol_port={}'.format(args['protocol_port'])) - _set.append('auth_type={}'.format(args['auth_type'])) - _set.append('username="{}"'.format(args['username'])) - _set.append('username_prompt="{}"'.format(args['username_prompt'])) - _set.append('password_prompt="{}"'.format(args['password_prompt'])) + _set.append('`protocol_type`={}'.format(args['protocol_type'])) + _set.append('`protocol_port`={}'.format(args['protocol_port'])) + _set.append('`auth_type`={}'.format(args['auth_type'])) + _set.append('`username`="{}"'.format(args['username'])) + _set.append('`username_prompt`="{}"'.format(args['username_prompt'])) + _set.append('`password_prompt`="{}"'.format(args['password_prompt'])) if args['auth_type'] == TP_AUTH_TYPE_PASSWORD and len(args['password']) > 0: - _set.append('password="{}"'.format(args['password'])) + _set.append('`password`="{}"'.format(args['password'])) elif args['auth_type'] == TP_AUTH_TYPE_PRIVATE_KEY and len(args['pri_key']) > 0: - _set.append('pri_key="{}"'.format(args['pri_key'])) + _set.append('`pri_key`="{}"'.format(args['pri_key'])) sql.append(','.join(_set)) - sql.append('WHERE id={};'.format(acc_id)) + sql.append('WHERE `id`={};'.format(acc_id)) - db_ret = db.exec(' '.join(sql)) - if not db_ret: + # db_ret = db.exec(' '.join(sql)) + # if not db_ret: + # return TPE_DATABASE + sql_list.append(' '.join(sql)) + + if len(_router_ip) == 0: + _name = '{}@{}'.format(args['username'], _host_ip) + else: + _name = '{}@{} (由{}:{}路由)'.format(args['username'], _host_ip, _router_ip, _router_port) + + # 运维授权 + sql = 'UPDATE `{}ops_auz` SET `name`="{name}" WHERE (`rtype`={rtype} AND `rid`={rid});'.format(db.table_prefix, name=_name, rtype=TP_ACCOUNT, rid=acc_id) + sql_list.append(sql) + sql = 'UPDATE `{}ops_map` SET `a_name`="{name}", `protocol_type`={protocol_type}, `protocol_port`={protocol_port} ' \ + 'WHERE (a_id={aid});'.format(db.table_prefix, + name=args['username'], protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], + aid=acc_id) + sql_list.append(sql) + + if not db.transaction(sql_list): return TPE_DATABASE return TPE_OK diff --git a/server/www/teleport/webroot/app/model/group.py b/server/www/teleport/webroot/app/model/group.py index 9e4cfc9..4d89abc 100644 --- a/server/www/teleport/webroot/app/model/group.py +++ b/server/www/teleport/webroot/app/model/group.py @@ -170,16 +170,28 @@ def update(handler, gid, name, desc): db = get_db() # 1. 判断是否已经存在 - sql = 'SELECT id FROM {}group WHERE id={};'.format(db.table_prefix, gid) + sql = 'SELECT `id`, `type` FROM `{}group` WHERE `id`={};'.format(db.table_prefix, gid) db_ret = db.query(sql) if db_ret is None or len(db_ret) == 0: return TPE_NOT_EXISTS + gtype = db_ret[0][1] + sql_list = [] + # 2. 更新记录 sql = 'UPDATE `{}group` SET `name`="{name}", `desc`="{desc}" WHERE id={gid};' \ ''.format(db.table_prefix, name=name, desc=desc, gid=gid) - db_ret = db.exec(sql) - if not db_ret: + sql_list.append(sql) + + # 3. 同步更新授权表和权限映射表 + # 运维授权 + sql = 'UPDATE `{}ops_auz` SET `name`="{name}" WHERE (`rtype`={rtype} AND `rid`={rid});'.format(db.table_prefix, name=name, rtype=gtype, rid=gid) + sql_list.append(sql) + # 审计授权 + sql = 'UPDATE `{}audit_auz` SET `name`="{name}" WHERE (`rtype`={rtype} AND `rid`={rid});'.format(db.table_prefix, name=name, rtype=gtype, rid=gid) + sql_list.append(sql) + + if not db.transaction(sql_list): return TPE_DATABASE return TPE_OK @@ -187,14 +199,12 @@ def update(handler, gid, name, desc): def add_members(gtype, gid, members): # 向指定组中增加成员,同时根据授权策略,更新授权映射表 - db = get_db() sql = [] for uid in members: sql.append('INSERT INTO `{}group_map` (`type`, `gid`, `mid`) VALUES ({}, {}, {});'.format(db.table_prefix, gtype, gid, uid)) if db.transaction(sql): - #return TPE_OK return policy.rebuild_auz_map() else: return TPE_DATABASE diff --git a/server/www/teleport/webroot/app/model/host.py b/server/www/teleport/webroot/app/model/host.py index 176c949..185e522 100644 --- a/server/www/teleport/webroot/app/model/host.py +++ b/server/www/teleport/webroot/app/model/host.py @@ -222,17 +222,17 @@ def update_host(handler, args): db = get_db() # 1. 判断是否存在 - sql = 'SELECT id FROM {}host WHERE id="{}";'.format(db.table_prefix, args['id']) + sql = 'SELECT `id` FROM `{}host` WHERE `id`={};'.format(db.table_prefix, args['id']) db_ret = db.query(sql) if db_ret is None or len(db_ret) == 0: return TPE_NOT_EXISTS sql_list = [] - sql = 'UPDATE `{}host` SET `os_type`="{os_type}", `name`="{name}", `ip`="{ip}", `router_ip`="{router_ip}", `router_port`={router_port}, `cid`="{cid}", `desc`="{desc}" WHERE `id`={host_id};' \ + sql = 'UPDATE `{}host` SET `os_type`="{os_type}", `name`="{name}", `ip`="{ip}", `router_ip`="{router_ip}", ' \ + '`router_port`={router_port}, `cid`="{cid}", `desc`="{desc}" WHERE `id`={host_id};' \ ''.format(db.table_prefix, os_type=args['os_type'], name=args['name'], ip=args['ip'], router_ip=args['router_ip'], router_port=args['router_port'], - cid=args['cid'], desc=args['desc'], host_id=args['id'] - ) + cid=args['cid'], desc=args['desc'], host_id=args['id']) sql_list.append(sql) # 更新所有此主机相关的账号 @@ -241,11 +241,37 @@ def update_host(handler, args): ip=args['ip'], router_ip=args['router_ip'], router_port=args['router_port'], id=args['id']) sql_list.append(sql) - if db.transaction(sql_list): - return TPE_OK - else: + # 同步更新授权表和权限映射表 + _name = args['ip'] + if len(args['name']) > 0: + _name = '{} [{}]'.format(args['name'], args['ip']) + sql_list = [] + # 运维授权 + sql = 'UPDATE `{}ops_auz` SET `name`="{name}" WHERE (`rtype`={rtype} AND `rid`={rid});' \ + ''.format(db.table_prefix, name=_name, rtype=TP_HOST, rid=args['id']) + sql_list.append(sql) + sql = 'UPDATE `{}ops_map` SET `h_name`="{hname}", `ip`="{ip}", `router_ip`="{router_ip}", `router_port`={router_port} ' \ + 'WHERE (h_id={hid});'.format(db.table_prefix, + hname=args['name'], ip=args['ip'], hid=args['id'], + router_ip=args['router_ip'], router_port=args['router_port']) + sql_list.append(sql) + # 审计授权 + sql = 'UPDATE `{}audit_auz` SET `name`="{name}" WHERE (`rtype`={rtype} AND `rid`={rid});'.format(db.table_prefix, name=_name, rtype=TP_HOST, rid=args['id']) + sql_list.append(sql) + sql = 'UPDATE `{}audit_map` SET `h_name`="{hname}", `ip`="{ip}", `router_ip`="{router_ip}", `router_port`={router_port} ' \ + 'WHERE (h_id={hid});'.format(db.table_prefix, + hname=args['name'], ip=args['ip'], hid=args['id'], + router_ip=args['router_ip'], router_port=args['router_port']) + sql_list.append(sql) + + if not db.transaction(sql_list): return TPE_DATABASE + operator = handler.get_current_user() + syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "更新主机信息:{}".format(_name)) + + return TPE_OK + def update_hosts_state(handler, host_ids, state): db = get_db()