From 6cb38213213ce2bb019a248aa51c9c70fe8f4c9c Mon Sep 17 00:00:00 2001 From: Apex Liu Date: Fri, 22 Dec 2017 23:30:02 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=EF=BC=9A=E8=BF=9C=E7=A8=8B?= =?UTF-8?q?=E8=BF=90=E7=BB=B4=E8=BF=9E=E6=8E=A5=E6=97=B6=E7=9A=84=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E6=A3=80=E6=9F=A5=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../teleport/webroot/app/controller/ops.py | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/server/www/teleport/webroot/app/controller/ops.py b/server/www/teleport/webroot/app/controller/ops.py index 8b4a661..e4bb78d 100644 --- a/server/www/teleport/webroot/app/controller/ops.py +++ b/server/www/teleport/webroot/app/controller/ops.py @@ -80,9 +80,9 @@ class SessionListsHandler(TPBaseHandler): class DoGetSessionIDHandler(TPBaseJsonHandler): @tornado.gen.coroutine def post(self): - ret = self.check_privilege(TP_PRIVILEGE_ASSET_CREATE | TP_PRIVILEGE_ASSET_DELETE | TP_PRIVILEGE_OPS | TP_PRIVILEGE_OPS_AUZ) - if ret != TPE_OK: - return + # ret = self.check_privilege(TP_PRIVILEGE_ASSET_CREATE | TP_PRIVILEGE_ASSET_DELETE | TP_PRIVILEGE_OPS | TP_PRIVILEGE_OPS_AUZ) + # if ret != TPE_OK: + # return args = self.get_argument('args', None) if args is None: @@ -117,6 +117,11 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): # mode = 1: user connect # mode = 2: admin connect if _mode == 1: + # 通过指定的auth_id连接(需要授权),必须具有远程运维的权限方可进行 + ret = self.check_privilege(TP_PRIVILEGE_OPS) + if ret != TPE_OK: + return + if 'auth_id' not in args or 'protocol_sub_type' not in args: return self.write_json(TPE_PARAM) @@ -129,17 +134,17 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): acc_id = ops_auth['a_id'] host_id = ops_auth['h_id'] - # TODO: 如果当前用户具有管理权限,则替换上述信息中的用户信息,否则检查当前用户是否是授权的用户 - # TODO: 条件均满足的情况下,将主机、账号信息放入临时授权信息中(仅10秒有效期),并生产一个临时授权ID - # TODO: 核心服务通过此临时授权ID来获取远程连接认证数据,生成会话ID。 - err, acc_info = account.get_account_info(acc_id) if err != TPE_OK: return self.write_json(err) # log.v(acc_info) - # elif len(args) == 2 and 'acc_id' in args and 'host_id' in args: elif _mode == 2: + # 直接连接(无需授权),必须具有运维授权管理的权限方可进行 + ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ) + if ret != TPE_OK: + return + acc_id = args['acc_id'] host_id = args['host_id'] @@ -148,6 +153,11 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): return self.write_json(err) elif _mode == 0: + # 测试连接,必须具有主机信息创建、编辑的权限方可进行 + ret = self.check_privilege(TP_PRIVILEGE_ASSET_CREATE) + if ret != TPE_OK: + return + conn_info['_test'] = 1 try: acc_id = int(args['acc_id']) @@ -156,8 +166,6 @@ class DoGetSessionIDHandler(TPBaseJsonHandler): username = args['username'] password = args['password'] pri_key = args['pri_key'] - # protocol_type = int(args['protocol_type']) - # protocol_sub_type = int(args['protocol_sub_type']) protocol_port = int(args['protocol_port']) except: return self.write_json(TPE_PARAM)