From 5322b880535eea16b72f28f8fca99f6a1b3c38d3 Mon Sep 17 00:00:00 2001 From: Apex Liu Date: Fri, 3 Jul 2020 03:14:02 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8A=A0=E5=85=A5API=EF=BC=8C=E5=8F=AF?= =?UTF-8?q?=E8=8E=B7=E5=8F=96=E4=B8=B4=E6=97=B6=E4=BC=9A=E8=AF=9DID?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../teleport/webroot/app/controller/api_v1.py | 27 +++- .../teleport/webroot/app/controller/ops.py | 116 ++++++++++++++++++ 2 files changed, 141 insertions(+), 2 deletions(-) diff --git a/server/www/teleport/webroot/app/controller/api_v1.py b/server/www/teleport/webroot/app/controller/api_v1.py index 3167676..363547b 100644 --- a/server/www/teleport/webroot/app/controller/api_v1.py +++ b/server/www/teleport/webroot/app/controller/api_v1.py @@ -12,6 +12,7 @@ from app.base.logger import * from app.base.controller import TPBaseJsonHandler from app.base.utils import tp_bin, tp_str, tp_timestamp_sec from app.base.extsrv import tp_ext_srv_cfg +from .ops import api_request_session_id @tornado.gen.coroutine @@ -65,7 +66,9 @@ def _parse_api_args(handler): except: return False, handler.write_json(TPE_JSON_FORMAT) - log.d('api:get_host, param=', args, '\n') + args['_srv_name_'] = sec_info['name'] + + # log.d('api:get_host, param=', args, '\n') return True, args @@ -97,5 +100,25 @@ class RequestSessionHandler(TPBaseJsonHandler): ok, args = yield _parse_api_args(self) if not ok: return + # log.d('api:request_session, param=', args, '\n') - return self.write_json(TPE_NOT_IMPLEMENT) + try: + acc_id = args['account_id'] + operator = args['operator'] + protocol_sub_type = args['protocol_sub_type'] + except: + return self.write_json(TPE_PARAM) + + operator = '[{}] {}'.format(args['_srv_name_'], operator) + + err, info = yield api_request_session_id( + acc_id, + protocol_sub_type, + self.request.remote_ip, + operator + ) + + if err != TPE_OK: + return self.write_json(err) + + return self.write_json(TPE_OK, data=info) diff --git a/server/www/teleport/webroot/app/controller/ops.py b/server/www/teleport/webroot/app/controller/ops.py index 78f5b00..65d2d64 100644 --- a/server/www/teleport/webroot/app/controller/ops.py +++ b/server/www/teleport/webroot/app/controller/ops.py @@ -90,6 +90,122 @@ class SessionListsHandler(TPBaseHandler): self.render('ops/sessions.mako') +@tornado.gen.coroutine +def api_request_session_id(acc_id, protocol_sub_type, client_ip, operator): + # 根据给定的account_id,查询对应的主机ID和账号ID + + # 有三种方式获取会话ID: + # 1. 给定一个远程连接授权ID(普通用户进行远程连接) + # 2. 给定要连接的主机ID和账号ID(管理员进行远程连接) + # 3. 给定要连接的主机ID和账号信息(管理员测试远程连接是否可用) + # + # WEB服务根据上述信息产生临时的远程连接ID,核心服务通过此远程连接ID来获取远程连接所需数据,生成会话ID。 + + # try: + # _mode = int(args['mode']) + # _protocol_type = int(args['protocol_type']) + # _protocol_sub_type = int(args['protocol_sub_type']) + # except: + # return self.write_json(TPE_PARAM) + + _mode = 2 + + conn_info = dict() + conn_info['_enc'] = 1 + conn_info['host_id'] = 0 + conn_info['client_ip'] = client_ip # self.request.remote_ip + conn_info['user_id'] = 1 # self.get_current_user()['id'] + conn_info['user_username'] = operator # self.get_current_user()['username'] + + # mode = 0: test connect + # mode = 1: user connect + # mode = 2: admin connect + if _mode == 2: + # 直接连接(无需授权),必须具有运维授权管理的权限方可进行 + # ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ) + # if ret != TPE_OK: + # return + # + # acc_id = args['acc_id'] + + err, acc_info = account.get_account_info(acc_id) + if err != TPE_OK: + return err, None + + host_id = acc_info['host_id'] + acc_info['protocol_flag'] = TP_FLAG_ALL + acc_info['record_flag'] = TP_FLAG_ALL + + # 获取要远程连接的主机信息(要访问的IP地址,如果是路由模式,则是路由主机的IP+端口) + err, host_info = host.get_host_info(host_id) + if err != TPE_OK: + return err, None + + conn_info['host_id'] = host_id + conn_info['host_ip'] = host_info['ip'] + if len(host_info['router_ip']) > 0: + conn_info['conn_ip'] = host_info['router_ip'] + conn_info['conn_port'] = host_info['router_port'] + else: + conn_info['conn_ip'] = host_info['ip'] + conn_info['conn_port'] = acc_info['protocol_port'] + + conn_info['acc_id'] = acc_id + conn_info['acc_username'] = acc_info['username'] + conn_info['username_prompt'] = acc_info['username_prompt'] + conn_info['password_prompt'] = acc_info['password_prompt'] + conn_info['protocol_flag'] = acc_info['protocol_flag'] + conn_info['record_flag'] = acc_info['record_flag'] + + conn_info['protocol_type'] = acc_info['protocol_type'] + conn_info['protocol_sub_type'] = protocol_sub_type + + conn_info['auth_type'] = acc_info['auth_type'] + if acc_info['auth_type'] == TP_AUTH_TYPE_PASSWORD: + conn_info['acc_secret'] = acc_info['password'] + elif acc_info['auth_type'] == TP_AUTH_TYPE_PRIVATE_KEY: + conn_info['acc_secret'] = acc_info['pri_key'] + else: + conn_info['acc_secret'] = '' + + with tmp_conn_id_lock: + global tmp_conn_id_base + tmp_conn_id_base += 1 + conn_id = tmp_conn_id_base + + # log.v('CONN-INFO:', conn_info) + tp_session().set('tmp-conn-info-{}'.format(conn_id), conn_info, 10) + + req = {'method': 'request_session', 'param': {'conn_id': conn_id}} + _yr = core_service_async_post_http(req) + _code, ret_data = yield _yr + if _code != TPE_OK: + return _code, None + if ret_data is None: + # return self.write_json(TPE_FAILED, '调用核心服务获取会话ID失败') + return TPE_FAILED, None + + if 'sid' not in ret_data: + # return self.write_json(TPE_FAILED, '核心服务获取会话ID时返回错误数据') + return TPE_FAILED, None + + data = dict() + data['session_id'] = ret_data['sid'] + data['host_ip'] = host_info['ip'] + data['host_name'] = host_info['name'] + data['protocol_flag'] = acc_info['protocol_flag'] + + if conn_info['protocol_type'] == TP_PROTOCOL_TYPE_RDP: + data['teleport_port'] = tp_cfg().core.rdp.port + elif conn_info['protocol_type'] == TP_PROTOCOL_TYPE_SSH: + data['teleport_port'] = tp_cfg().core.ssh.port + elif conn_info['protocol_type'] == TP_PROTOCOL_TYPE_TELNET: + data['teleport_port'] = tp_cfg().core.telnet.port + + # return self.write_json(0, data=data) + return TPE_OK, data + + class DoGetSessionIDHandler(TPBaseJsonHandler): @tornado.gen.coroutine def post(self):