From 38a8d245c5eee77f80372a955850ec065c7f00a7 Mon Sep 17 00:00:00 2001 From: Apex Liu Date: Fri, 22 Dec 2017 02:29:52 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E5=8A=9F=E8=83=BD=EF=BC=9A?= =?UTF-8?q?=E5=85=B7=E6=9C=89=E8=BF=90=E7=BB=B4=E6=8E=88=E6=9D=83=E6=9D=83?= =?UTF-8?q?=E9=99=90=E7=9A=84=E7=94=A8=E6=88=B7=EF=BC=8C=E6=97=A0=E9=9C=80?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=8E=88=E6=9D=83=E5=8D=B3=E5=8F=AF=E4=BD=BF?= =?UTF-8?q?=E7=94=A8=E4=BB=BB=E6=84=8F=E8=BF=9C=E7=A8=8B=E8=B4=A6=E5=8F=B7?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E8=BF=9E=E6=8E=A5=EF=BC=9B=E5=85=B7=E6=9C=89?= =?UTF-8?q?=E8=BF=90=E7=BB=B4=E6=9D=83=E9=99=90=E7=9A=84=E7=94=A8=E6=88=B7?= =?UTF-8?q?=EF=BC=8C=E5=88=99=E9=9C=80=E8=A6=81=E5=85=88=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E6=89=8D=E8=83=BD=E8=BF=9B=E8=A1=8C=E8=BF=9E=E6=8E=A5=EF=BC=9B?= =?UTF-8?q?=E5=85=B7=E6=9C=89=E5=AE=A1=E8=AE=A1=E6=8E=88=E6=9D=83=E6=9D=83?= =?UTF-8?q?=E9=99=90=E7=9A=84=E7=94=A8=E6=88=B7=EF=BC=8C=E6=97=A0=E9=9C=80?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=8E=88=E6=9D=83=E5=8D=B3=E5=8F=AF=E6=9F=A5?= =?UTF-8?q?=E7=9C=8B=E6=89=80=E6=9C=89=E8=BF=90=E7=BB=B4=E5=BD=95=E5=83=8F?= =?UTF-8?q?=EF=BC=9B=E5=85=B7=E6=9C=89=E5=AE=A1=E8=AE=A1=E6=9D=83=E9=99=90?= =?UTF-8?q?=E7=9A=84=E7=94=A8=E6=88=B7=EF=BC=8C=E5=BF=85=E9=A1=BB=E5=85=88?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E6=89=8D=E8=83=BD=E6=9F=A5=E7=9C=8B=E6=8C=87?= =?UTF-8?q?=E5=AE=9A=E4=B8=BB=E6=9C=BA=E7=9A=84=E8=BF=90=E7=BB=B4=E5=BD=95?= =?UTF-8?q?=E5=83=8F=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../www/teleport/static/js/asset/host-list.js | 2 + .../www/teleport/static/js/ops/remote-list.js | 179 ++++-------------- .../teleport/webroot/app/controller/ops.py | 20 +- .../www/teleport/webroot/app/model/audit.py | 137 -------------- server/www/teleport/webroot/app/model/ops.py | 85 ++++++++- .../www/teleport/webroot/app/model/record.py | 8 - 6 files changed, 139 insertions(+), 292 deletions(-) diff --git a/server/www/teleport/static/js/asset/host-list.js b/server/www/teleport/static/js/asset/host-list.js index b5e2d54..393261e 100644 --- a/server/www/teleport/static/js/asset/host-list.js +++ b/server/www/teleport/static/js/asset/host-list.js @@ -1660,6 +1660,8 @@ $app.create_dlg_edit_account = function () { $assist.do_teleport( { + mode: 0, + auth_id: 'none', acc_id: dlg.field_id, host_id: dlg.host.id, protocol_type: dlg.field_protocol, diff --git a/server/www/teleport/static/js/ops/remote-list.js b/server/www/teleport/static/js/ops/remote-list.js index f5a4ed4..a341e96 100644 --- a/server/www/teleport/static/js/ops/remote-list.js +++ b/server/www/teleport/static/js/ops/remote-list.js @@ -29,16 +29,6 @@ $app.create_controls = function (cb_stack) { }, column_default: {sort: false, align: 'left'}, columns: [ - // { - // // title: '', - // title: '', - // key: 'chkbox', - // sort: false, - // width: 36, - // align: 'center', - // render: 'make_check_box', - // fields: {id: 'id'} - // }, { title: '主机', key: 'host', @@ -83,9 +73,6 @@ $app.create_controls = function (cb_stack) { name: 'search', place_holder: '搜索:主机IP/名称/描述/资产编号/等等...' }); - // $app.table_host_role_filter = $tp.create_table_filter_role($app.table_host, $app.role_list); - // 主机没有“临时锁定”状态,因此要排除掉 - // $tp.create_table_header_filter_state($app.table_host, 'state', $app.obj_states, [TP_STATE_LOCKED]); // 从cookie中读取用户分页限制的选择 $tp.create_table_paging($app.table_host, 'table-host-paging', @@ -110,11 +97,6 @@ $app.create_controls = function (cb_stack) { $app.table_host.load_data(); }); - // $app.dom.box_rdp_option.mouseleave(function(){ - // console.log('---mouseleave'); - // $app.dom.box_rdp_option.hide(); - // }); - cb_stack.exec(); }; @@ -126,16 +108,18 @@ $app.on_table_host_cell_created = function (tbl, row_id, col_key, cell_obj) { var action = $(this).attr('data-action'); var protocol_sub_type = $(this).attr('data-sub-protocol'); var uni_id = $(this).attr('data-id'); + var acc_id = parseInt($(this).attr('data-acc-id')); + var host_id = parseInt($(this).attr('data-host-id')); + + // var policy = $app.table_policy.get_row(row_id); - // console.log(uni_id, protocol_sub_type); if (action === 'rdp') { - $app.connect_remote(uni_id, TP_PROTOCOL_TYPE_RDP, TP_PROTOCOL_TYPE_RDP_DESKTOP); + $app.connect_remote(uni_id, acc_id, host_id, TP_PROTOCOL_TYPE_RDP, TP_PROTOCOL_TYPE_RDP_DESKTOP); } else if (action === 'rdp-option') { - $app.dlg_rdp_options.show(e.pageX, e.pageY, uni_id, TP_PROTOCOL_TYPE_RDP, TP_PROTOCOL_TYPE_RDP_DESKTOP); - //$app.connect_remote(uni_id, TP_PROTOCOL_TYPE_SSH, protocol_sub_type); + $app.dlg_rdp_options.show(e.pageX, e.pageY, uni_id, acc_id, host_id, TP_PROTOCOL_TYPE_RDP, TP_PROTOCOL_TYPE_RDP_DESKTOP); } else if (action === 'ssh') { - $app.connect_remote(uni_id, TP_PROTOCOL_TYPE_SSH, protocol_sub_type); + $app.connect_remote(uni_id, acc_id, host_id, TP_PROTOCOL_TYPE_SSH, protocol_sub_type); } else if (action === 'telnet') { $tp.notify_error('尚未实现!'); } @@ -144,22 +128,6 @@ $app.on_table_host_cell_created = function (tbl, row_id, col_key, cell_obj) { }; $app.on_table_host_render_created = function (render) { - // render.filter_role = function (header, title, col) { - // var _ret = ['
']; - // _ret.push('
'); - // _ret.push('
' + title + '
'); - // - // // 表格内嵌过滤器的DOM实体在这时生成 - // var filter_ctrl = header._table_ctrl.get_filter_ctrl('role'); - // _ret.push(filter_ctrl.render()); - // - // _ret.push('
'); - // - // return _ret.join(''); - // }; - // render.filter_os = function (header, title, col) { - // return ''; - // }; render.filter_state = function (header, title, col) { var _ret = ['
']; @@ -189,10 +157,6 @@ $app.on_table_host_render_created = function (render) { return _ret.join(''); }; - // render.make_check_box = function (row_id, fields) { - // return ''; - // }; - // render.host_info = function (row_id, fields) { var title, sub_title; @@ -206,25 +170,13 @@ $app.on_table_host_render_created = function (render) { // title = fields.a_name + '@' + title; var desc = []; - // if (fields.desc.length > 0) { - // desc.push(fields.desc.replace(/\r/ig, "").replace(/\n/ig, "
")); - // } if (fields.router_ip.length > 0) { sub_title += ',由 ' + fields.router_ip + ':' + fields.router_port + ' 路由'; } var ret = []; - // ret.push('
' + title + ''); - // if (desc.length > 0) { - // ret.push(''); - // } - if (desc.length > 0) { ret.push('
' + title + ''); @@ -271,36 +223,24 @@ $app.on_table_host_render_created = function (render) { if (acc.protocol_type === TP_PROTOCOL_TYPE_RDP) { if ((acc.policy_.flag_rdp & TP_FLAG_RDP_DESKTOP) !== 0) { act_btn.push('
'); - act_btn.push(''); - // act_btn.push(''); + act_btn.push(''); act_btn.push(''); act_btn.push(''); - // act_btn.push('
    '); - // act_btn.push('
  • Another action
    • '); - // act_btn.push('
  • 连接
    • '); - // act_btn.push(''); - // // act_btn.push('
  • Console模式
    • '); - // // act_btn.push('
  • Console模式
    • '); - // act_btn.push('
  • Console模式
    • '); - // act_btn.push(''); - // act_btn.push('
  • 连接
    • '); - // act_btn.push('
'); act_btn.push('
'); } } else if (acc.protocol_type === TP_PROTOCOL_TYPE_SSH) { act_btn.push('
'); if ((acc.policy_.flag_ssh & TP_FLAG_SSH_SHELL) !== 0) { - act_btn.push(''); + act_btn.push(''); } if ((acc.policy_.flag_ssh & TP_FLAG_SSH_SFTP) !== 0) { - act_btn.push(''); + act_btn.push(''); } act_btn.push('
'); } else if (acc.protocol_type === TP_PROTOCOL_TYPE_TELNET) { - act_btn.push(''); + act_btn.push(''); } } @@ -310,62 +250,6 @@ $app.on_table_host_render_created = function (render) { } return h.join(''); }; - - render.state = function (row_id, fields) { - // console.log(fields); - var _prompt, _style, _state; - - if ((fields.h_state === TP_STATE_NORMAL || fields.h_state === 0) - && (fields.gh_state === TP_STATE_NORMAL || fields.gh_state === 0) - // && (fields.a_state === TP_STATE_NORMAL || fields.a_state === 0) - // && (fields.ga_state === TP_STATE_NORMAL || fields.ga_state === 0) - ) { - return '正常' - } - - var states = [ - {n: '主机', s: fields.h_state}, - {n: '主机组', s: fields.gh_state}, - // {n: '账号', s: fields.a_state}, - // {n: '账号组', s: fields.ga_state} - ]; - - for (var j = 0; j < states.length; ++j) { - if (states[j].s === TP_STATE_NORMAL) - continue; - - for (var i = 0; i < $app.obj_states.length; ++i) { - if ($app.obj_states[i].id === states[j].s) { - _style = $app.obj_states[i].style; - _state = $app.obj_states[i].name; - _prompt = states[j].n; - return '' + _prompt + '被' + _state + '' - } - } - } - - return ' 未知' - }; - - // render.make_host_action_btn = function (row_id, fields) { - // var h = []; - // h.push('
'); - // h.push(''); - // h.push(''); - // h.push('
'); - // - // return h.join(''); - // }; }; $app.on_table_host_header_created = function (header) { @@ -385,6 +269,8 @@ $app.create_dlg_rdp_options = function () { var dlg = {}; dlg.dom_id = 'dlg-rdp-options'; dlg.uni_id = ''; + dlg.acc_id = 0; + dlg.host_id = 0; dlg.protocol_type = TP_PROTOCOL_TYPE_RDP; dlg.protocol_sub_type = TP_PROTOCOL_TYPE_RDP_DESKTOP; dlg.rdp_w = 0; @@ -424,7 +310,7 @@ $app.create_dlg_rdp_options = function () { dlg.rdp_h = _h; Cookies.set('rdp_options', {w: _w, h: _h, 'c': _console}, {path: '/ops/remote'}); - $app.connect_remote(dlg.uni_id, dlg.protocol_type, dlg.protocol_sub_type); + $app.connect_remote(dlg.uni_id, dlg.acc_id, dlg.host_id, dlg.protocol_type, dlg.protocol_sub_type); }); var ops = Cookies.getJSON('rdp_options'); @@ -461,7 +347,7 @@ $app.create_dlg_rdp_options = function () { for (var i = 0; i < ss.length; ++i) { var _w = ss[i].w; var _h = ss[i].h; - h.push('
'); @@ -469,19 +355,21 @@ $app.create_dlg_rdp_options = function () { h.push('
'); dlg.dom.screen_size.html($(h.join(''))); - if(dlg.rdp_console) + if (dlg.rdp_console) dlg.dom.console_mode.prop('checked', true); cb_stack.exec(); }; - dlg.show = function (x, y, uni_id, protocol_type, protocol_sub_type) { + dlg.show = function (x, y, uni_id, acc_id, host_id, protocol_type, protocol_sub_type) { if (dlg.timer !== null) { clearTimeout(dlg.timer); dlg.timer = null; } dlg.uni_id = uni_id; + dlg.acc_id = acc_id; + dlg.host_id = host_id; dlg.protocol_type = protocol_type; dlg.protocol_sub_type = protocol_sub_type; @@ -499,16 +387,25 @@ $app.create_dlg_rdp_options = function () { return dlg; }; -$app.connect_remote = function (uni_id, protocol_type, protocol_sub_type) { +$app.connect_remote = function (uni_id, acc_id, host_id, protocol_type, protocol_sub_type) { + + var args = { + mode: 1, + auth_id: uni_id, + acc_id: acc_id, + host_id: host_id, + protocol_type: protocol_type, + protocol_sub_type: protocol_sub_type, + rdp_width: $app.dlg_rdp_options.rdp_w, + rdp_height: $app.dlg_rdp_options.rdp_h, + rdp_console: $app.dlg_rdp_options.rdp_console + }; + + if(uni_id === 'none') + args.mode = 2; + $assist.do_teleport( - { - auth_id: uni_id, - protocol_type: protocol_type, - protocol_sub_type: protocol_sub_type, - rdp_width: $app.dlg_rdp_options.rdp_w, - rdp_height: $app.dlg_rdp_options.rdp_h, - rdp_console: $app.dlg_rdp_options.rdp_console - }, + args, function () { // func_success //$tp.notify_success('远程连接测试通过!'); diff --git a/server/www/teleport/webroot/app/controller/ops.py b/server/www/teleport/webroot/app/controller/ops.py index cf7a909..e402b4b 100644 --- a/server/www/teleport/webroot/app/controller/ops.py +++ b/server/www/teleport/webroot/app/controller/ops.py @@ -108,8 +108,14 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): protocol_sub_type = TP_PROTOCOL_TYPE_UNKNOWN - if 'auth_id' in args: - if 'protocol_sub_type' not in args: + if 'mode' not in args: + return self.write_json(TPE_PARAM) + # mode = 0: test connect + # mode = 1: user connect + # mode = 2: admin connect + + if args['mode'] == 1: + if 'auth_id' not in args or 'protocol_sub_type' not in args: return self.write_json(TPE_PARAM) # 根据auth_id从数据库中取得此授权相关的用户、主机、账号三者详细信息 @@ -132,7 +138,8 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): return self.write_json(err) log.v(acc_info) - elif len(args) == 2 and 'acc_id' in args and 'host_id' in args: + # elif len(args) == 2 and 'acc_id' in args and 'host_id' in args: + elif args['mode'] == 2: acc_id = args['acc_id'] host_id = args['host_id'] @@ -140,7 +147,7 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): if err != TPE_OK: return self.write_json(err) - else: + elif args['mode'] == 0: conn_info['_test'] = 1 try: acc_id = int(args['acc_id']) @@ -185,6 +192,9 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): conn_info['_enc'] = 1 + else: + return self.write_json(TPE_PARAM) + # 获取要远程连接的主机信息(要访问的IP地址,如果是路由模式,则是路由主机的IP+端口) err, host_info = host.get_host_info(host_id) if err != TPE_OK: @@ -627,7 +637,7 @@ class DoRankReorderHandler(TPBaseJsonHandler): class DoGetRemotesHandler(TPBaseJsonHandler): def post(self): - ret = self.check_privilege(TP_PRIVILEGE_OPS) + ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ | TP_PRIVILEGE_OPS) if ret != TPE_OK: return diff --git a/server/www/teleport/webroot/app/model/audit.py b/server/www/teleport/webroot/app/model/audit.py index 656bb1c..ebf4e9c 100644 --- a/server/www/teleport/webroot/app/model/audit.py +++ b/server/www/teleport/webroot/app/model/audit.py @@ -347,143 +347,6 @@ def get_auth(auth_id): return s.recorder[0], TPE_OK -def get_remotes(handler, sql_filter, sql_order, sql_limit): - """ - 获取当前登录用户的可以远程登录的主机(及账号) - 步骤: - 1. 查询满足条件的项(用户->账号),按授权策略顺序排序 - 2. 在此基础上选出非重复的(用户->账号)关系项 - 3. 继续在上一步基础上选出非重复的主机项 - 4. 为每一个主机查询满足条件的账号项 - """ - operator = handler.get_current_user() - db = get_db() - - ###################################################### - # step 1. - ###################################################### - s1 = [] - s1.append('SELECT * FROM {}ops_map'.format(db.table_prefix)) - s1_where = [] - s1_where.append('u_id={}'.format(operator.id)) - s1_where.append('p_state={state}'.format(state=TP_STATE_NORMAL)) - s1.append('WHERE ({})'.format(') AND ('.join(s1_where))) - s1.append('ORDER BY p_rank DESC') - sql_1 = ' '.join(s1) - - ###################################################### - # step 2. - ###################################################### - sql_2 = 'SELECT * FROM ({}) AS s1 GROUP BY ua_id'.format(sql_1) - - _f = ['id', 'p_id', 'h_id', 'h_state', 'gh_state', 'h_name', 'ip', 'router_ip', 'router_port'] - - ###################################################### - # step 3. - ###################################################### - sql = [] - sql.append('SELECT {}'.format(','.join(_f))) - sql.append('FROM') - sql.append('({}) AS s2'.format(sql_2)) - sql.append('GROUP BY h_id') - sql.append('ORDER BY ip') - sql.append('LIMIT {},{}'.format(sql_limit['page_index'] * sql_limit['per_page'], sql_limit['per_page'])) - sql.append(';') - - sql_counter = [] - sql_counter.append('SELECT COUNT(*)') - sql_counter.append('FROM') - sql_counter.append('({}) AS s3'.format(sql_2)) - sql_counter.append('GROUP BY h_id') - sql_counter.append(';') - - db_ret = db.query(' '.join(sql_counter)) - if db_ret is None or len(db_ret) == 0: - return TPE_OK, 0, 1, [] - - total = len(db_ret) - - ret_recorder = [] # 用于构建最终返回的数据 - h_ids = [] # 涉及到的主机的ID列表 - - db_ret = db.query(' '.join(sql)) - if db_ret is None: - return TPE_OK, 0, 1, [] - - for db_item in db_ret: - item = AttrDict() - for i in range(len(_f)): - item[_f[i]] = db_item[i] - - item.accounts_ = [] - ret_recorder.append(item) - h_ids.append(item.h_id) - - ###################################################### - # step 4. - ###################################################### - host_ids = [str(i) for i in h_ids] - s4 = [] - s4.append('SELECT * FROM {}ops_map'.format(db.table_prefix)) - s4_where = [] - s4_where.append('u_id={}'.format(operator.id)) - s4_where.append('p_state={state}'.format(state=TP_STATE_NORMAL)) - s4_where.append('h_id IN ({})'.format(','.join(host_ids))) - s4.append('WHERE ({})'.format(') AND ('.join(s4_where))) - s4.append('ORDER BY p_rank DESC') - sql_4 = ' '.join(s4) - - sql = [] - _f = ['id', 'uni_id', 'policy_auth_type', 'p_id', 'h_id', 'a_id', 'a_state', 'ga_state', 'a_name', 'protocol_type'] - sql.append('SELECT {}'.format(','.join(_f))) - sql.append('FROM') - sql.append('({}) AS s4'.format(sql_4)) - sql.append('GROUP BY ua_id') - sql.append(';') - - db_ret = db.query(' '.join(sql)) - if db_ret is None: - return TPE_OK, 0, 1, [] - - p_ids = [] # 涉及到的策略的ID列表 - - for db_item in db_ret: - item = AttrDict() - for i in range(len(_f)): - item[_f[i]] = db_item[i] - - if item.p_id not in p_ids: - p_ids.append(item.p_id) - - for j in range(len(ret_recorder)): - if ret_recorder[j].h_id == item.h_id: - ret_recorder[j].accounts_.append(item) - - # 查询所有相关的授权策略的详细信息 - # print('p-ids:', p_ids) - policy_ids = [str(i) for i in p_ids] - _f = ['id', 'flag_rdp', 'flag_ssh'] - sql = [] - sql.append('SELECT {}'.format(','.join(_f))) - sql.append('FROM {}ops_policy'.format(db.table_prefix)) - sql.append('WHERE id IN ({})'.format(','.join(policy_ids))) - sql.append(';') - db_ret = db.query(' '.join(sql)) - # print('', db_ret) - for db_item in db_ret: - item = AttrDict() - for i in range(len(_f)): - item[_f[i]] = db_item[i] - - for i in range(len(ret_recorder)): - for j in range(len(ret_recorder[i].accounts_)): - if ret_recorder[i].accounts_[j].p_id == item.id: - ret_recorder[i].accounts_[j].policy_ = item - - # print(json.dumps(ret_recorder, indent=' ')) - return TPE_OK, total, sql_limit['page_index'], ret_recorder - - def build_auz_map(): _users = {} _hosts = {} diff --git a/server/www/teleport/webroot/app/model/ops.py b/server/www/teleport/webroot/app/model/ops.py index b4352af..3ffd0af 100644 --- a/server/www/teleport/webroot/app/model/ops.py +++ b/server/www/teleport/webroot/app/model/ops.py @@ -496,9 +496,89 @@ def get_auth(auth_id): return s.recorder[0], TPE_OK +def get_all_remotes(handler, sql_filter, sql_order, sql_limit): + s = SQL(get_db()) + s.select_from('host', ['id', 'name', 'ip', 'router_ip', 'router_port', 'state'], alt_name='h') + + str_where = '' + _where = list() + + if len(sql_filter) > 0: + for k in sql_filter: + if k == 'state': + _where.append('h.state={}'.format(sql_filter[k])) + elif k == 'search': + _where.append('(h.name LIKE "%{k}%" OR h.ip LIKE "%{k}%" OR h.router_ip LIKE "%{k}%")'.format(k=sql_filter[k])) + + if len(_where) > 0: + str_where = '( {} )'.format(' AND '.join(_where)) + + s.where(str_where) + + if sql_order is not None: + _sort = False if not sql_order['asc'] else True + if 'id' == sql_order['name']: + s.order_by('h.id', _sort) + elif 'ip' == sql_order['name']: + s.order_by('h.ip', _sort) + elif 'name' == sql_order['name']: + s.order_by('h.name', _sort) + else: + log.e('unknown order field: {}\n'.format(sql_order['name'])) + return TPE_PARAM, s.total_count, s.page_index, s.recorder + + if len(sql_limit) > 0: + s.limit(sql_limit['page_index'], sql_limit['per_page']) + + err = s.query() + if err != TPE_OK: + return err, 0, 1, [] + + ret = s.recorder + for h in ret: + h['h_id'] = h.id + h['h_state'] = TP_STATE_NORMAL + h['gh_state'] = TP_STATE_NORMAL + h['h_name'] = h.name + del h['id'] + del h['name'] + h['accounts_'] = [] + + sa = SQL(get_db()) + sa.select_from('acc', ['id', 'protocol_type', 'protocol_port', 'username'], alt_name='a') + sa.where('a.host_id={}'.format(h.h_id)) + sa.order_by('a.username', True) + err = sa.query() + if err != TPE_OK: + continue + for a in sa.recorder: + h['accounts_'].append({ + 'a_name': a.username, + 'id': a.id, + 'a_id': a.id, + 'policy_auth_type': TP_POLICY_AUTH_USER_ACC, + 'uni_id': 'none', + 'a_state': TP_STATE_NORMAL, + 'ga_state': TP_STATE_NORMAL, + 'protocol_type': a.protocol_type, + 'h_id': h.h_id, + 'policy_': { + 'flag_ssh': TP_FLAG_ALL, + 'flag_rdp': TP_FLAG_ALL + } + }) + + # print(json.dumps(s.recorder, indent=' ')) + return err, s.total_count, s.page_index, s.recorder + + def get_remotes(handler, sql_filter, sql_order, sql_limit): """ 获取当前登录用户的可以远程登录的主机(及账号) + 远程连接列表的显示策略: + 1. 运维权限:可以使用被授权的远程账号进行远程连接; + 2. 运维授权权限:可以使用所有的远程账号进行远程连接。 + 步骤: 1. 查询满足条件的项(用户->账号),按授权策略顺序排序 2. 在此基础上选出非重复的(用户->账号)关系项 @@ -506,6 +586,9 @@ def get_remotes(handler, sql_filter, sql_order, sql_limit): 4. 为每一个主机查询满足条件的账号项 """ operator = handler.get_current_user() + if (operator['privilege'] & TP_PRIVILEGE_OPS_AUZ) != 0: + return get_all_remotes(handler, sql_filter, sql_order, sql_limit) + db = get_db() ###################################################### @@ -908,7 +991,7 @@ def build_auz_map(): for i in _map: v = '("{uni_id}","{ua_id}",{p_id},{p_rank},{p_state},{policy_auth_type},{u_id},{u_state},{gu_id},{gu_state},{h_id},{h_state},{gh_id},{gh_state},{a_id},{a_state},{ga_id},{ga_state},' \ '"{u_name}","{u_surname}","{h_name}","{ip}","{router_ip}",{router_port},"{a_name}",{protocol_type},{protocol_port})' \ - ''.format(uni_id=i.uni_id, ua_id=i.ua_id, p_id=i.p_id, p_rank=i.p_rank, p_state=i.p_state,policy_auth_type=i.policy_auth_type, + ''.format(uni_id=i.uni_id, ua_id=i.ua_id, p_id=i.p_id, p_rank=i.p_rank, p_state=i.p_state, policy_auth_type=i.policy_auth_type, u_id=i.u_id, u_state=i.u_state, gu_id=i.gu_id, gu_state=i.gu_state, h_id=i.h_id, h_state=i.h_state, gh_id=i.gh_id, gh_state=i.gh_state, a_id=i.a_id, a_state=i.a_state, ga_id=i.ga_id, ga_state=i.ga_state, u_name=i.u_name, u_surname=i.u_surname, h_name=i.h_name, ip=i.ip, router_ip=i.router_ip, router_port=i.router_port, diff --git a/server/www/teleport/webroot/app/model/record.py b/server/www/teleport/webroot/app/model/record.py index 859dda0..104be79 100644 --- a/server/www/teleport/webroot/app/model/record.py +++ b/server/www/teleport/webroot/app/model/record.py @@ -22,14 +22,6 @@ def get_records(handler, sql_filter, sql_order, sql_limit, sql_restrict, sql_exc 2. 运维授权权限:可以查看所有会话,但不能审计; 3. 审计权限:可以查看被授权的主机相关的会话,且可以审计; 4. 审计授权权限:可以查看所有会话,且可以审计。 - - :param handler: - :param sql_filter: - :param sql_order: - :param sql_limit: - :param sql_restrict: - :param sql_exclude: - :return: """ allow_uid = 0