diff --git a/.idea/teleport.iml b/.idea/teleport.iml index ab4b55b..174f52a 100644 --- a/.idea/teleport.iml +++ b/.idea/teleport.iml @@ -2,7 +2,7 @@ - + \ No newline at end of file diff --git a/build/builder/build-version.py b/build/builder/build-version.py index 7ccc157..80589eb 100644 --- a/build/builder/build-version.py +++ b/build/builder/build-version.py @@ -462,13 +462,13 @@ class Builder: if len(ver_array) != 2: raise RuntimeError('Invalid .pbxproj file.') - _ver = ver_array[1].strip()[:-1].strip() - v = _ver.split(".") - if len(v) < 3: - raise RuntimeError('Invalid .pbxproj file.') - old_ver = '.'.join(v) - if old_ver == ver: - continue + # _ver = ver_array[1].strip()[:-1].strip() + # v = _ver.split(".") + # if len(v) < 3: + # raise RuntimeError('Invalid .pbxproj file.') + # old_ver = '.'.join(v) + # if old_ver == ver: + # continue lines[x] = '{flag} = {ver};\n'.format(flag=ver_array[0], ver=ver) bOK = True diff --git a/build/builder/core/ver.py b/build/builder/core/ver.py index d83182b..10d07ec 100644 --- a/build/builder/core/ver.py +++ b/build/builder/core/ver.py @@ -1,4 +1,4 @@ -# -*- coding: utf8 -*- -VER_TP_SERVER = "3.6.3" -VER_TP_ASSIST = "3.6.3" -VER_TP_STATE = "b2" +# -*- coding: utf8 -*- +VER_TP_SERVER = "3.6.4" +VER_TP_ASSIST = "3.6.3" +VER_TP_STATE = "b3" diff --git a/dist/client/windows/assist/installer.nsi b/dist/client/windows/assist/installer.nsi index 37f0298..8d1cd6b 100644 Binary files a/dist/client/windows/assist/installer.nsi and b/dist/client/windows/assist/installer.nsi differ diff --git a/server/tp_core/core/tp_core.rc b/server/tp_core/core/tp_core.rc index 4d1b37a..544da0b 100644 Binary files a/server/tp_core/core/tp_core.rc and b/server/tp_core/core/tp_core.rc differ diff --git a/server/tp_core/core/ts_ver.h b/server/tp_core/core/ts_ver.h index 88578c3..3aefb63 100644 --- a/server/tp_core/core/ts_ver.h +++ b/server/tp_core/core/ts_ver.h @@ -1,6 +1,6 @@ -#ifndef __TS_SERVER_VER_H__ -#define __TS_SERVER_VER_H__ - -#define TP_SERVER_VER L"3.6.3" - -#endif // __TS_SERVER_VER_H__ +#ifndef __TS_SERVER_VER_H__ +#define __TS_SERVER_VER_H__ + +#define TP_SERVER_VER L"3.6.4" + +#endif // __TS_SERVER_VER_H__ diff --git a/server/www/requirements.txt b/server/www/requirements.txt index b39e624..7aff58b 100644 --- a/server/www/requirements.txt +++ b/server/www/requirements.txt @@ -7,7 +7,7 @@ tornado PyMySQL psutil -jinja2 +Jinja2 MarkupSafe Pillow wheezy.captcha @@ -15,7 +15,7 @@ qrcode ldap3 cffi -# for Windows +# for Windows/macOS pycryptodome # for Linux pycrypto diff --git a/server/www/teleport/static/js/audit/record-list.js b/server/www/teleport/static/js/audit/record-list.js index da67e00..e045b46 100644 --- a/server/www/teleport/static/js/audit/record-list.js +++ b/server/www/teleport/static/js/audit/record-list.js @@ -449,7 +449,7 @@ $app.on_table_host_render_created = function (render) { }; render.time_begin = function (row_id, fields) { - return tp_format_datetime(fields.time_begin, 'MM-dd HH:mm:ss'); + return tp_format_datetime(fields.time_begin); }; render.time_cost = function (row_id, fields) { diff --git a/server/www/teleport/static/js/ops/session-list.js b/server/www/teleport/static/js/ops/session-list.js index b680d6e..dc1b407 100644 --- a/server/www/teleport/static/js/ops/session-list.js +++ b/server/www/teleport/static/js/ops/session-list.js @@ -283,7 +283,7 @@ $app.on_table_session_render_created = function (render) { }; render.time_begin = function (row_id, fields) { - return tp_format_datetime(fields.time_begin, 'MM-dd HH:mm:ss'); + return tp_format_datetime(fields.time_begin); }; render.time_cost = function (row_id, fields) { diff --git a/server/www/teleport/webroot/app/app_env.py b/server/www/teleport/webroot/app/app_env.py index b9755fa..2d87ae4 100644 --- a/server/www/teleport/webroot/app/app_env.py +++ b/server/www/teleport/webroot/app/app_env.py @@ -24,6 +24,12 @@ if PLATFORM not in ['windows', 'linux', 'darwin']: PATH_DATA = '' +PATH_APP_ROOT = os.path.abspath(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', '..')) + +BITS = 'x64' +if '32bit' == platform.architecture()[0]: + BITS = 'x86' + # 将Python安装的扩展库移除,避免开发调试与正式发布所依赖的库文件不一致导致发布的版本无法运行 # if PLATFORM != 'darwin': if PLATFORM not in ['windows', 'darwin']: @@ -34,16 +40,10 @@ if PLATFORM not in ['windows', 'darwin']: for p in x: sys.path.remove(p) -PATH_APP_ROOT = os.path.abspath(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', '..')) - -BITS = 'x64' -if '32bit' == platform.architecture()[0]: - BITS = 'x86' - -# 引入必要的扩展库 -_ext_path = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', 'packages', 'packages-{}'.format(PLATFORM), BITS)) -if _ext_path not in sys.path: - sys.path.append(_ext_path) + # 引入必要的扩展库 + _ext_path = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', 'packages', 'packages-{}'.format(PLATFORM), BITS)) + if _ext_path not in sys.path: + sys.path.append(_ext_path) # 确定一些路径 PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share')) diff --git a/server/www/teleport/webroot/app/app_ver.py b/server/www/teleport/webroot/app/app_ver.py index b43b689..d080174 100644 --- a/server/www/teleport/webroot/app/app_ver.py +++ b/server/www/teleport/webroot/app/app_ver.py @@ -1,4 +1,4 @@ -# -*- coding: utf8 -*- -TP_SERVER_VER = "3.6.3" -TP_ASSIST_REQUIRE_VER = "3.6.3" -TP_STATE_VER = "b2" +# -*- coding: utf8 -*- +TP_SERVER_VER = "3.6.4" +TP_ASSIST_REQUIRE_VER = "3.6.3" +TP_STATE_VER = "b3" diff --git a/server/www/teleport/webroot/app/base/controller.py b/server/www/teleport/webroot/app/base/controller.py index 88d4e06..a989e05 100644 --- a/server/www/teleport/webroot/app/base/controller.py +++ b/server/www/teleport/webroot/app/base/controller.py @@ -16,6 +16,8 @@ from app.base.session import tp_session from app.const import * from tornado.escape import json_encode import app.app_ver as app_ver + + # import app.const as app_const @@ -201,6 +203,13 @@ class TPBaseHandler(tornado.web.RequestHandler): def show_error_page(self, err_code): self.render('error/error.html', page_param=json.dumps({'err_code': err_code})) + @staticmethod + def escaped_argument(val): + if val is None: + return None + else: + return tornado.escape.xhtml_escape(val) + class TPBaseJsonHandler(TPBaseHandler): """ @@ -213,3 +222,16 @@ class TPBaseJsonHandler(TPBaseHandler): def __init__(self, application, request, **kwargs): super().__init__(application, request, **kwargs) self._mode = self.MODE_JSON + + def check_group_operation_privilege(self, group_type): + if group_type == TP_GROUP_USER: + require_privilege = TP_PRIVILEGE_USER_GROUP + elif group_type == TP_GROUP_ACCOUNT: + require_privilege = TP_PRIVILEGE_ACCOUNT_GROUP + elif group_type == TP_GROUP_HOST: + require_privilege = TP_PRIVILEGE_ASSET_GROUP + else: + self.write_json(TPE_PARAM) + return TPE_PARAM + + return self.check_privilege(require_privilege) diff --git a/server/www/teleport/webroot/app/controller/group.py b/server/www/teleport/webroot/app/controller/group.py index 36e975c..3dc078f 100644 --- a/server/www/teleport/webroot/app/controller/group.py +++ b/server/www/teleport/webroot/app/controller/group.py @@ -19,11 +19,15 @@ class DoUpdateGroupHandler(TPBaseJsonHandler): try: gtype = int(args['gtype']) gid = int(args['gid']) - name = args['name'] - desc = args['desc'] + name = self.escaped_argument(args['name']) + desc = self.escaped_argument(args['desc']) except: return self.write_json(TPE_PARAM) + # 权限检查 + if self.check_group_operation_privilege(gtype) != TPE_OK: + return + if gid == -1: err, _ = group.create(self, gtype, name, desc) else: @@ -48,6 +52,10 @@ class DoLockGroupHandler(TPBaseJsonHandler): except: return self.write_json(TPE_PARAM) + # 权限检查 + if self.check_group_operation_privilege(gtype) != TPE_OK: + return + err = group.update_groups_state(self, gtype, glist, TP_STATE_DISABLED) self.write_json(err) @@ -69,6 +77,10 @@ class DoUnlockGroupHandler(TPBaseJsonHandler): except: return self.write_json(TPE_PARAM) + # 权限检查 + if self.check_group_operation_privilege(gtype) != TPE_OK: + return + err = group.update_groups_state(self, gtype, glist, TP_STATE_NORMAL) self.write_json(err) @@ -90,6 +102,10 @@ class DoRemoveGroupHandler(TPBaseJsonHandler): except: return self.write_json(TPE_PARAM) + # 权限检查 + if self.check_group_operation_privilege(gtype) != TPE_OK: + return + err = group.remove(self, gtype, glist) self.write_json(err) @@ -112,6 +128,10 @@ class DoAddMembersHandler(TPBaseJsonHandler): except: return self.write_json(TPE_PARAM) + # 权限检查 + if self.check_group_operation_privilege(gtype) != TPE_OK: + return + err = group.add_members(gtype, gid, members) self.write_json(err) @@ -133,6 +153,10 @@ class DoRemoveMembersHandler(TPBaseJsonHandler): except: return self.write_json(TPE_PARAM) + # 权限检查 + if self.check_group_operation_privilege(gtype) != TPE_OK: + return + err = group.remove_members(gtype, gid, members) self.write_json(err) diff --git a/server/www/teleport/webroot/app/controller/user.py b/server/www/teleport/webroot/app/controller/user.py index 38b0df9..493dc86 100755 --- a/server/www/teleport/webroot/app/controller/user.py +++ b/server/www/teleport/webroot/app/controller/user.py @@ -140,6 +140,7 @@ class DoGenerateOathSecretHandler(TPBaseJsonHandler): return self.write_json(TPE_OK, data={"tmp_oath_secret": oath_secret}) +# 用于进行身份验证器绑定时验证用户身份,必须提供用户名/密码 class DoVerifyUserHandler(TPBaseJsonHandler): def post(self): args = self.get_argument('args', None) @@ -156,6 +157,12 @@ class DoVerifyUserHandler(TPBaseJsonHandler): except: return self.write_json(TPE_PARAM) + # Oath 绑定时必须进行密码验证 + if username is None or len(username) == 0: + return self.write_json(TPE_PARAM, '未提供用户名') + if password is None or len(password) == 0: + return self.write_json(TPE_PARAM, '未提供密码') + try: check_bind_oath = args['check_bind_oath'] except: @@ -187,6 +194,12 @@ class DoBindOathHandler(TPBaseJsonHandler): except: return self.write_json(TPE_PARAM) + # Oath 绑定时必须进行密码验证 + if username is None or len(username) == 0: + return self.write_json(TPE_PARAM, '未提供用户名') + if password is None or len(password) == 0: + return self.write_json(TPE_PARAM, '未提供密码') + err, user_info, msg = user.login(self, username, password=password) if err != TPE_OK: if err == TPE_NOT_EXISTS: diff --git a/version.in b/version.in index cb15399..73e33a0 100644 --- a/version.in +++ b/version.in @@ -10,9 +10,9 @@ Minor: 次版本号。如果两个程序集的名称和主版本号相同,而 Revision: 修订号。主版本号和次版本号都相同但修订号不同的程序集应是完全可互换的。 这适用于修复以前发布的程序集中的错误或安全漏洞。 -TP_SERVER 3.6.3 # 整个服务端打包的版本 -TP_TPCORE 3.6.3 # 核心服务 tp_core 的版本 +TP_SERVER 3.6.4 # 整个服务端打包的版本 +TP_TPCORE 3.6.4 # 核心服务 tp_core 的版本 TP_TPWEB 3.1.1 # web服务 tp_web 的版本(一般除非升级Python,否则不会变化) TP_ASSIST 3.6.3 # 助手版本 TP_ASSIST_REQUIRE 3.6.3 # 适配的助手最低版本 -TP_STATE b2 # 版本状态,可以是 beta1,rc2 等,用于打包文件名及部分界面。如果是 release 则界面上不显示。 +TP_STATE b3 # 版本状态,可以是 beta1,rc2 等,用于打包文件名及部分界面。如果是 release 则界面上不显示。