From 6d8ca92513a31c583d16065c3f8d730cae33447c Mon Sep 17 00:00:00 2001
From: Apex Liu <apex.liu@qq.com>
Date: Mon, 26 Mar 2018 02:21:44 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=B9=E8=BF=9B=EF=BC=9A=E6=8E=88=E6=9D=83?=
 =?UTF-8?q?=E7=AD=96=E7=95=A5=E7=BC=96=E8=BE=91=E7=95=8C=E9=9D=A2=E5=85=B3?=
 =?UTF-8?q?=E4=BA=8E=E8=B4=A6=E5=8F=B7=E6=98=BE=E7=A4=BA=E4=B8=8D=E5=AE=8C?=
 =?UTF-8?q?=E6=95=B4=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=9B=20=E8=B0=83?=
 =?UTF-8?q?=E6=95=B4=EF=BC=9A=E5=B0=86=E9=87=8D=E5=BB=BA=E6=8E=88=E6=9D=83?=
 =?UTF-8?q?=E6=98=A0=E5=B0=84=E6=8C=89=E9=92=AE=E4=BB=8E=E8=BF=90=E7=BB=B4?=
 =?UTF-8?q?=E6=8E=88=E6=9D=83=E5=92=8C=E5=AE=A1=E8=AE=A1=E6=8E=88=E6=9D=83?=
 =?UTF-8?q?=E7=95=8C=E9=9D=A2=E7=A7=BB=E9=99=A4=EF=BC=8C=E5=B9=B6=E5=9C=A8?=
 =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E8=AE=BE=E7=BD=AE=E7=9A=84=E5=AE=89=E5=85=A8?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E9=A1=B5=E9=9D=A2=E4=B8=AD=E5=8A=A0=E5=85=A5?=
 =?UTF-8?q?=E9=87=8D=E5=BB=BA=E6=8E=88=E6=9D=83=E6=98=A0=E5=B0=84=E7=9A=84?=
 =?UTF-8?q?=E6=8C=89=E9=92=AE=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                                    |  3 +
 .../static/js/asset/account-group-list.js     | 10 ++-
 .../www/teleport/static/js/audit/auz-info.js  |  7 +-
 server/www/teleport/static/js/ops/auz-info.js |  7 +-
 .../www/teleport/static/js/system/config.js   | 43 +++++++++-
 server/www/teleport/view/audit/auz-list.mako  |  4 +-
 server/www/teleport/view/ops/auz-list.mako    |  4 +-
 server/www/teleport/view/ops/sessions.mako    | 12 +--
 server/www/teleport/view/system/config.mako   | 20 +++++
 .../webroot/app/controller/__init__.py        |  3 +
 .../teleport/webroot/app/controller/system.py | 24 ++++++
 .../www/teleport/webroot/app/model/account.py | 86 +++++++++++++++----
 12 files changed, 188 insertions(+), 35 deletions(-)

diff --git a/.gitignore b/.gitignore
index 269df48..99c0d01 100644
--- a/.gitignore
+++ b/.gitignore
@@ -76,6 +76,9 @@ __pycache__
 /client/tp_rdp
 /server/tp_core/protocol/rdp
 /client/tools/tprdp
+/server/tp_core/testssh
+/client/tp_assist_win_it_doctor
+/dist/client/windows/assist-it-doctor
 
 # for MacOS.
 .DS_Store
diff --git a/server/www/teleport/static/js/asset/account-group-list.js b/server/www/teleport/static/js/asset/account-group-list.js
index 64a0c98..69a5892 100644
--- a/server/www/teleport/static/js/asset/account-group-list.js
+++ b/server/www/teleport/static/js/asset/account-group-list.js
@@ -249,12 +249,16 @@ $app.on_table_groups_render_created = function (render) {
         var ret = [];
         for (var i = 0; i < fields.members.length; ++i) {
             ret.push('<div class="acc-info-wrap"><div class="acc-info');
-            if(fields.members[i].router_ip.length > 0)
-                ret.push(' acc-info-router" title="由 ' + fields.members[i].router_ip + ':' + fields.members[i].router_port + ' 路由"');
+            if(fields.members[i]._host.router_ip.length > 0)
+                ret.push(' acc-info-router" title="由 ' + fields.members[i]._host.router_ip + ':' + fields.members[i]._host.router_port + ' 路由"');
             else
                 ret.push('"');
             ret.push('>');
-            ret.push(fields.members[i].username+'@'+fields.members[i].host_ip);
+
+            ret.push(fields.members[i].username+'@' + fields.members[i]._host.ip);
+            if(fields.members[i]._host.name.length > 0)
+                ret.push(' (' + fields.members[i]._host.name +')');
+
             ret.push('</div></div>');
         }
 
diff --git a/server/www/teleport/static/js/audit/auz-info.js b/server/www/teleport/static/js/audit/auz-info.js
index 6393d1c..de8386a 100644
--- a/server/www/teleport/static/js/audit/auz-info.js
+++ b/server/www/teleport/static/js/audit/auz-info.js
@@ -994,7 +994,12 @@ $app.on_table_sel_auditor_user_render_created = function (render) {
 
     render.user_info = function (row_id, fields) {
         var ret = [];
-        ret.push('<span class="field-name">' + fields.surname + '</span>');
+        if(fields.surname.length > 0) {
+            ret.push('<span class="field-name">' + fields.surname + '</span>');
+        }
+        else {
+            ret.push('<span class="field-name">' + fields.username + '</span>');
+        }
         ret.push('<span class="field-desc mono">');
         ret.push(fields.username);
         if (fields.email.length > 0)
diff --git a/server/www/teleport/static/js/ops/auz-info.js b/server/www/teleport/static/js/ops/auz-info.js
index 2d591a8..7108779 100644
--- a/server/www/teleport/static/js/ops/auz-info.js
+++ b/server/www/teleport/static/js/ops/auz-info.js
@@ -1016,7 +1016,12 @@ $app.on_table_sel_user_render_created = function (render) {
 
     render.user_info = function (row_id, fields) {
         var ret = [];
-        ret.push('<span class="field-name">' + fields.surname + '</span>');
+        if(fields.surname.length > 0) {
+            ret.push('<span class="field-name">' + fields.surname + '</span>');
+        }
+        else {
+            ret.push('<span class="field-name">' + fields.username + '</span>');
+        }
         ret.push('<span class="field-desc mono">');
         ret.push(fields.username);
         if (fields.email.length > 0)
diff --git a/server/www/teleport/static/js/system/config.js b/server/www/teleport/static/js/system/config.js
index 92baab9..a41a40b 100644
--- a/server/www/teleport/static/js/system/config.js
+++ b/server/www/teleport/static/js/system/config.js
@@ -315,7 +315,10 @@ $app.create_config_sec = function () {
         // btn_auth_username_password: $('#sec-auth-username-password'),
         btn_auth_username_password_captcha: $('#sec-auth-username-password-captcha'),
         // btn_auth_username_oath: $('#sec-auth-username-oath'),
-        btn_auth_username_password_oath: $('#sec-auth-username-password-oath')
+        btn_auth_username_password_oath: $('#sec-auth-username-password-oath'),
+
+        btn_rebuild_ops_auz_map: $('#btn-rebuild-ops-auz-map'),
+        btn_rebuild_audit_auz_map: $('#btn-rebuild-audit-auz-map')
     };
 
     _sec.init = function (cb_stack) {
@@ -333,6 +336,14 @@ $app.create_config_sec = function () {
             _sec.on_btn_save();
         });
 
+        _sec.dom.btn_rebuild_ops_auz_map.click(function () {
+            _sec.on_rebuild_ops_auz_map();
+        });
+
+        _sec.dom.btn_rebuild_audit_auz_map.click(function () {
+            _sec.on_rebuild_audit_auz_map();
+        });
+
         cb_stack.exec();
     };
 
@@ -451,6 +462,36 @@ $app.create_config_sec = function () {
 
     };
 
+    _sec.on_rebuild_ops_auz_map = function () {
+        $tp.ajax_post_json('/system/rebuild-ops-auz-map', {},
+            function (ret) {
+                if (ret.code === TPE_OK) {
+                    $tp.notify_success('重建运维授权映射成功！');
+                } else {
+                    $tp.notify_error('重建运维授权映射失败：' + tp_error_msg(ret.code, ret.message));
+                }
+            },
+            function () {
+                $tp.notify_error('网络故障，重建运维授权映射失败！');
+            }
+        );
+    };
+
+    _sec.on_rebuild_audit_auz_map = function () {
+        $tp.ajax_post_json('/system/rebuild-audit-auz-map', {},
+            function (ret) {
+                if (ret.code === TPE_OK) {
+                    $tp.notify_success('重建审计授权映射成功！');
+                } else {
+                    $tp.notify_error('重建审计授权映射失败：' + tp_error_msg(ret.code, ret.message));
+                }
+            },
+            function () {
+                $tp.notify_error('网络故障，重建审计授权映射失败！');
+            }
+        );
+    };
+
     return _sec;
 };
 
diff --git a/server/www/teleport/view/audit/auz-list.mako b/server/www/teleport/view/audit/auz-list.mako
index 0e7e2b8..d0ffb43 100644
--- a/server/www/teleport/view/audit/auz-list.mako
+++ b/server/www/teleport/view/audit/auz-list.mako
@@ -38,7 +38,7 @@
                     <div class="table-extend-cell">
                         <span class="table-name"><i class="fa fa-list fa-fw"></i> 授权策略列表</span>
                         <button id="btn-refresh-policy" class="btn btn-sm btn-default"><i class="fa fa-rotate-right fa-fw"></i> 刷新列表</button>
-                        <button id="btn-rebuild" class="btn btn-sm btn-danger"><i class="fa fa-flash fa-fw"></i> 重建授权映射</button>
+##                         <button id="btn-rebuild" class="btn btn-sm btn-danger"><i class="fa fa-flash fa-fw"></i> 重建授权映射</button>
                     </div>
                     <div class="table-extend-cell table-extend-cell-right group-actions">
                         <button id="btn-create-policy" class="btn btn-sm btn-primary"><i class="fa fa-plus-circle fa-fw"></i> 新建授权策略</button>
@@ -86,7 +86,7 @@
     <div class="box">
         <p>说明：</p>
         <ul class="help-list">
-            <li><span class="error">编辑了授权策略或调整策略顺序之后，请点击“重建授权映射”来使之生效！</span>正式版本将会改进为自动进行重建。</li>
+##             <li><span class="error">编辑了授权策略或调整策略顺序之后，请点击“重建授权映射”来使之生效！</span>正式版本将会改进为自动进行重建。</li>
             <li>上下拖动“顺序”栏中的 <i class="fa fa-reorder fa-fw"></i> 可以调节策略的检查顺序。</li>
             <li>可以在“快速查找”中快速定位用户或主机的授权关系。</li>
         </ul>
diff --git a/server/www/teleport/view/ops/auz-list.mako b/server/www/teleport/view/ops/auz-list.mako
index f875e60..f26a36c 100644
--- a/server/www/teleport/view/ops/auz-list.mako
+++ b/server/www/teleport/view/ops/auz-list.mako
@@ -38,7 +38,7 @@
                     <div class="table-extend-cell">
                         <span class="table-name"><i class="fa fa-list fa-fw"></i> 授权策略列表</span>
                         <button id="btn-refresh-policy" class="btn btn-sm btn-default"><i class="fa fa-rotate-right fa-fw"></i> 刷新列表</button>
-                        <button id="btn-rebuild" class="btn btn-sm btn-danger"><i class="fa fa-flash fa-fw"></i> 重建授权映射</button>
+##                         <button id="btn-rebuild" class="btn btn-sm btn-danger"><i class="fa fa-flash fa-fw"></i> 重建授权映射</button>
                     </div>
                     <div class="table-extend-cell table-extend-cell-right group-actions">
                         <button id="btn-create-policy" class="btn btn-sm btn-primary"><i class="fa fa-plus-circle fa-fw"></i> 新建授权策略</button>
@@ -86,7 +86,7 @@
     <div class="box">
         <p>说明：</p>
         <ul class="help-list">
-            <li><span class="error">编辑了授权策略或调整策略顺序之后，请点击“重建授权映射”来使之生效！</span>正式版本将会改进为自动进行重建。</li>
+##             <li><span class="error">编辑了授权策略或调整策略顺序之后，请点击“重建授权映射”来使之生效！</span>正式版本将会改进为自动进行重建。</li>
             <li>上下拖动“顺序”栏中的 <i class="fa fa-reorder fa-fw"></i> 可以调节策略的检查顺序。</li>
             <li>可以在“快速查找”中快速定位用户或主机的授权关系。</li>
         </ul>
diff --git a/server/www/teleport/view/ops/sessions.mako b/server/www/teleport/view/ops/sessions.mako
index 8489b97..d70e26f 100644
--- a/server/www/teleport/view/ops/sessions.mako
+++ b/server/www/teleport/view/ops/sessions.mako
@@ -34,12 +34,12 @@
 
         <!-- begin page-nav -->
         <div class="table-extend-area">
-            <div class="table-extend-cell checkbox-select-all"><input id="table-session-select-all" type="checkbox"/></div>
-            <div class="table-extend-cell group-actions">
-                <div class="btn-group" role="group">
-                    <button id="btn-kill-sessions" type="button" class="btn btn-danger"><i class="fa fa-times-circle fa-fw"></i> 强行中断</button>
-                </div>
-            </div>
+##             <div class="table-extend-cell checkbox-select-all"><input id="table-session-select-all" type="checkbox"/></div>
+##             <div class="table-extend-cell group-actions">
+##                 <div class="btn-group" role="group">
+##                     <button id="btn-kill-sessions" type="button" class="btn btn-danger"><i class="fa fa-times-circle fa-fw"></i> 强行中断</button>
+##                 </div>
+##             </div>
             <div class="table-extend-cell table-item-counter">
                 <ol id="table-session-paging"></ol>
             </div>
diff --git a/server/www/teleport/view/system/config.mako b/server/www/teleport/view/system/config.mako
index c9f28fb..1809ab6 100644
--- a/server/www/teleport/view/system/config.mako
+++ b/server/www/teleport/view/system/config.mako
@@ -117,6 +117,26 @@
                     </tr>
                 </table>
                 <hr/>
+
+                <table class="table table-config-list">
+                    <tr>
+                        <td colspan="2" class="title">授权策略映射</td>
+                    </tr>
+                    <tr>
+                        <td colspan="2" class="value">
+                            <div class="alert alert-warning">授权策略映射是根据运维授权策略和审计授权策略构建的用户权限列表。<br/>如果您的系统中用户授权出现异常，可以重建授权策略映射。构建授权策略映射可能会耗费一点时间，请谨慎操作！</div>
+                        </td>
+                    </tr>
+                    <tr>
+                        <td class="key"></td>
+                        <td class="value">
+                            <button id="btn-rebuild-ops-auz-map" class="btn btn-sm btn-danger"><i class="fa fa-leaf fa-fw"></i> 立即重建运维授权映射</button>
+                            <button id="btn-rebuild-audit-auz-map" class="btn btn-sm btn-danger"><i class="fa fa-leaf fa-fw"></i> 立即重建审计授权映射</button>
+                        </td>
+                    </tr>
+                </table>
+                <hr/>
+
                 <button id="btn-save-secure-config" class="btn btn-sm btn-primary"><i class="fa fa-check-circle fa-fw"></i> 保存安全设置</button>
 
             </div>
diff --git a/server/www/teleport/webroot/app/controller/__init__.py b/server/www/teleport/webroot/app/controller/__init__.py
index 94f0c36..2396a00 100644
--- a/server/www/teleport/webroot/app/controller/__init__.py
+++ b/server/www/teleport/webroot/app/controller/__init__.py
@@ -251,6 +251,9 @@ controllers = [
     #
     #  - [json] 获取服务器时间
     (r'/system/get-time', system.DoGetTimeHandler),
+    #  - [json] 重建授权映射
+    (r'/system/rebuild-ops-auz-map', system.DoRebuildOpsAuzMapHandler),
+    (r'/system/rebuild-audit-auz-map', system.DoRebuildAuditAuzMapHandler),
 
     # ====================================================
     # 安装维护相关
diff --git a/server/www/teleport/webroot/app/controller/system.py b/server/www/teleport/webroot/app/controller/system.py
index 0756871..0a96f73 100644
--- a/server/www/teleport/webroot/app/controller/system.py
+++ b/server/www/teleport/webroot/app/controller/system.py
@@ -15,6 +15,8 @@ from app.const import *
 from app.base.db import get_db
 from app.model import syslog
 from app.model import record
+from app.model import ops
+from app.model import audit
 from app.base.core_server import core_service_async_post_http
 from app.base.session import tp_session
 
@@ -354,3 +356,25 @@ class DoCleanupStorageHandler(TPBaseJsonHandler):
         code, msg = yield record.cleanup_storage(self)
 
         self.write_json(code, data=msg)
+
+
+class DoRebuildOpsAuzMapHandler(TPBaseJsonHandler):
+    def post(self):
+        ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ)
+        if ret != TPE_OK:
+            return
+
+        err = audit.build_auz_map()
+        self.write_json(err)
+
+
+class DoRebuildAuditAuzMapHandler(TPBaseJsonHandler):
+    def post(self):
+        ret = self.check_privilege(TP_PRIVILEGE_AUDIT_AUZ)
+        if ret != TPE_OK:
+            return
+
+        err = ops.build_auz_map()
+        self.write_json(err)
+
+
diff --git a/server/www/teleport/webroot/app/model/account.py b/server/www/teleport/webroot/app/model/account.py
index 9ff4802..193bc02 100644
--- a/server/www/teleport/webroot/app/model/account.py
+++ b/server/www/teleport/webroot/app/model/account.py
@@ -10,7 +10,8 @@ from app.base.stats import tp_stats
 
 def get_account_info(acc_id):
     s = SQL(get_db())
-    s.select_from('acc', ['id', 'password', 'pri_key', 'state', 'host_ip', 'router_ip', 'router_port', 'protocol_type', 'protocol_port', 'auth_type', 'username'], alt_name='a')
+    # s.select_from('acc', ['id', 'password', 'pri_key', 'state', 'host_ip', 'router_ip', 'router_port', 'protocol_type', 'protocol_port', 'auth_type', 'username'], alt_name='a')
+    s.select_from('acc', ['id', 'password', 'pri_key', 'state', 'host_id', 'protocol_type', 'protocol_port', 'auth_type', 'username'], alt_name='a')
     s.where('a.id={}'.format(acc_id))
     err = s.query()
     if err != TPE_OK:
@@ -18,13 +19,25 @@ def get_account_info(acc_id):
     if len(s.recorder) != 1:
         return TPE_DATABASE, None
 
+    sh = SQL(get_db())
+    sh.select_from('host', ['id', 'name', 'ip', 'router_ip', 'router_port', 'state'], alt_name='h')
+    sh.where('h.id={}'.format(s.recorder[0].host_id))
+    err = sh.query()
+    if err != TPE_OK:
+        return err, None
+    if len(s.recorder) != 1:
+        return TPE_DATABASE, None
+
+    s.recorder[0]['_host'] = sh.recorder[0]
+
     return TPE_OK, s.recorder[0]
 
 
 def get_host_accounts(host_id):
     # 获取指定主机的所有账号
     s = SQL(get_db())
-    s.select_from('acc', ['id', 'state', 'host_ip', 'router_ip', 'router_port', 'protocol_type', 'protocol_port', 'auth_type', 'username', 'pri_key'], alt_name='a')
+    # s.select_from('acc', ['id', 'state', 'host_ip', 'router_ip', 'router_port', 'protocol_type', 'protocol_port', 'auth_type', 'username', 'pri_key'], alt_name='a')
+    s.select_from('acc', ['id', 'state', 'protocol_type', 'protocol_port', 'auth_type', 'username', 'pri_key'], alt_name='a')
 
     s.where('a.host_id={}'.format(host_id))
     s.order_by('a.username', True)
@@ -37,8 +50,9 @@ def get_group_with_member(sql_filter, sql_order, sql_limit):
     """
     获取用户组列表，以及每个组的总成员数以及不超过5个的成员
     """
+    db = get_db()
     # 首先获取要查询的组的信息
-    sg = SQL(get_db())
+    sg = SQL(db)
     sg.select_from('group', ['id', 'name', 'state', 'desc'], alt_name='g')
 
     _where = list()
@@ -106,7 +120,8 @@ def get_group_with_member(sql_filter, sql_order, sql_limit):
     users = list(set(users))
 
     su = SQL(get_db())
-    su.select_from('acc', ['id', 'host_ip', 'router_ip', 'router_port', 'username', 'protocol_type'], alt_name='a')
+    # su.select_from('acc', ['id', 'host_ip', 'router_ip', 'router_port', 'username', 'protocol_type'], alt_name='a')
+    su.select_from('acc', ['id', 'host_id', 'username', 'protocol_type'], alt_name='a')
 
     su.where('a.id IN ({})'.format(','.join([str(uid) for uid in users])))
     su.order_by('a.username')
@@ -114,6 +129,26 @@ def get_group_with_member(sql_filter, sql_order, sql_limit):
     if err != TPE_OK or len(su.recorder) == 0:
         return err, sg.total_count, 0, sg.recorder
 
+    # 得到主机id列表，然后查询相关主机的详细信息
+    host_ids = []
+    for _acc in su.recorder:
+        if _acc.host_id not in host_ids:
+            host_ids.append(_acc.host_id)
+    s_host = SQL(db)
+    s_host.select_from('host', ['id', 'name', 'ip', 'router_ip', 'router_port', 'state'], alt_name='h')
+    str_host_ids = ','.join([str(i) for i in host_ids])
+    s_host.where('h.id IN ({ids})'.format(ids=str_host_ids))
+    err = s_host.query()
+    if err != TPE_OK:
+        return err, sg.total_count, 0, sg.recorder
+    hosts = {}
+    for _host in s_host.recorder:
+        if _host.id not in hosts:
+            hosts[_host.id] = _host
+
+    for _acc in su.recorder:
+        _acc['_host'] = hosts[_acc.host_id]
+
     # 现在可以将具体的用户信息追加到组信息中了
     for g in sg.recorder:
         for u in su.recorder:
@@ -155,6 +190,7 @@ def get_accounts(sql_filter, sql_order, sql_limit, sql_restrict, sql_exclude):
         for k in sql_filter:
             if k == 'search':
                 _where.append('(a.username LIKE "%{filter}%" OR a.host_ip LIKE "%{filter}%" OR a.router_ip LIKE "%{filter}%")'.format(filter=sql_filter[k]))
+                # _where.append('(a.username LIKE "%{filter}%")'.format(filter=sql_filter[k]))
 
     if len(_where) > 0:
         str_where = '( {} )'.format(' AND '.join(_where))
@@ -217,10 +253,18 @@ def add_account(handler, host_id, args):
     if db_ret is not None and len(db_ret) > 0:
         return TPE_EXISTS, 0
 
-    sql = 'INSERT INTO `{}acc` (host_id, host_ip, router_ip, router_port, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \
-          '({host_id}, "{host_ip}", "{router_ip}", {router_port}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \
+    # sql = 'INSERT INTO `{}acc` (host_id, host_ip, router_ip, router_port, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \
+    #       '({host_id}, "{host_ip}", "{router_ip}", {router_port}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \
+    #       ''.format(db.table_prefix,
+    #                 host_id=host_id, host_ip=args['host_ip'], router_ip=args['router_ip'], router_port=args['router_port'],
+    #                 protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL,
+    #                 auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'],
+    #                 creator_id=operator['id'], create_time=_time_now)
+
+    sql = 'INSERT INTO `{}acc` (host_id, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \
+          '({host_id}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \
           ''.format(db.table_prefix,
-                    host_id=host_id, host_ip=args['host_ip'], router_ip=args['router_ip'], router_port=args['router_port'],
+                    host_id=host_id,
                     protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL,
                     auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'],
                     creator_id=operator['id'], create_time=_time_now)
@@ -324,15 +368,19 @@ def remove_accounts(handler, host_id, acc_ids):
 
     s = SQL(db)
     # 1. 判断是否存在
-    s.select_from('host', ['acc_count'], alt_name='a')
+    s.select_from('host', ['name', 'ip', 'router_ip', 'router_port', 'acc_count'], alt_name='a')
     s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids))
     err = s.query()
     if err != TPE_OK:
         return err
     if len(s.recorder) == 0:
         return TPE_NOT_EXISTS
+    _h_name = s.recorder[0].name
+    _h_ip = s.recorder[0].ip
+    _h_router_ip = s.recorder[0].router_ip
+    _h_router_port = s.recorder[0].router_port
 
-    s.reset().select_from('acc', ['host_ip', 'router_ip', 'router_port', 'username'], alt_name='a')
+    s.reset().select_from('acc', ['username'], alt_name='a')
     s.where('a.host_id={h_id} AND a.id IN ({ids}) '.format(h_id=host_id, ids=acc_ids))
     err = s.query()
     if err != TPE_OK:
@@ -342,9 +390,9 @@ def remove_accounts(handler, host_id, acc_ids):
 
     acc_names = []
     for a in s.recorder:
-        acc_name = '{}@{}'.format(a.username, a.host_ip)
-        if len(a.router_ip) > 0:
-            acc_name += '（由{}:{}路由）'.format(a.router_ip, a.router_port)
+        acc_name = '{}@{}'.format(a.username, _h_ip)
+        if len(_h_router_ip) > 0:
+            acc_name += '（由{}:{}路由）'.format(_h_router_ip, _h_router_port)
         acc_names.append(acc_name)
 
     sql_list = []
@@ -368,13 +416,13 @@ def remove_accounts(handler, host_id, acc_ids):
     if not db.transaction(sql_list):
         return TPE_DATABASE
 
-    s.reset().select_from('host', ['acc_count'], alt_name='a')
-    s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids))
-    err = s.query()
-    if err != TPE_OK:
-        return err
-    if len(s.recorder) == 0:
-        return TPE_NOT_EXISTS
+    # s.reset().select_from('host', ['acc_count'], alt_name='a')
+    # s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids))
+    # err = s.query()
+    # if err != TPE_OK:
+    #     return err
+    # if len(s.recorder) == 0:
+    #     return TPE_NOT_EXISTS
 
     syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除账号：{}".format('，'.join(acc_names)))