修正 bug#276

external/fix-external/mbedtls/include/mbedtls/config.h

@@ -2306,7 +2306,7 @@
  *            it, and considering stronger message digests instead.
  *
  */
-//#define MBEDTLS_MD4_C
+#define MBEDTLS_MD4_C
 
 /**
  * \def MBEDTLS_MD5_C

server/www/teleport/webroot/app/base/controller.py

@@ -42,7 +42,7 @@ class TPBaseHandler(tornado.web.RequestHandler):
         self.set_header('Access-Control-Allow-Headers', '*')
         self.set_header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS')
         # self.set_header('Content-Type', 'application/json; charset=UTF-8')
-        # self.set_header('Access-Control-Allow-Headers', 'Content-Type')
+        self.set_header('Access-Control-Allow-Headers', 'Content-Type')
 
         # template_path = self.get_template_path()
         # self.lookup = mako.lookup.TemplateLookup(directories=[template_path], input_encoding='utf-8', output_encoding='utf-8')

server/www/teleport/webroot/app/base/database/create.py

@@ -27,10 +27,11 @@ class DatabaseInit:
             self._create_ops_policy()
             self._create_ops_auz()
             self._create_ops_map()
+            self._create_ops_token()
+            self._create_ops_token_key()
             self._create_audit_policy()
             self._create_audit_auz()
             self._create_audit_map()
-            self._create_ops_token()
             self._create_syslog()
             self._create_record()
             self._create_record_audit()

server/www/teleport/webroot/app/base/db.py

@@ -22,6 +22,9 @@ __all__ = ['get_db', 'SQL']
 # https://www.jianshu.com/p/0d234e14b5d3
 
 
+# DEBUG_LOG_SQL = False
+
+
 class TPDatabase:
     # 注意，每次调整数据库结构，必须增加版本号，并且在升级接口中编写对应的升级操作
     # 20190123: server-v3.2.2, db-v7
@@ -441,6 +444,8 @@ class TPSqlitePool(TPDatabasePool):
         cursor = conn.cursor()
         try:
             cursor.execute(sql, args)
+            # if DEBUG_LOG_SQL:
+            #     log.d('SQL:', sql, args, '\n')
             db_ret = cursor.fetchall()
             return db_ret
         except Exception as e:
@@ -450,6 +455,8 @@ class TPSqlitePool(TPDatabasePool):
             cursor.close()
 
     def _do_exec(self, conn, sql, args):
+        # if DEBUG_LOG_SQL:
+        #     log.d('SQL:', sql, args, '\n')
         try:
             with conn:
                 conn.execute(sql, args)
@@ -469,8 +476,12 @@ class TPSqlitePool(TPDatabasePool):
                     # s = item['s']
                     # v = item['v']
                     if item['v'] is None:
+                        # if DEBUG_LOG_SQL:
+                        #     log.d('SQL:', item['s'], '\n')
                         conn.execute(item['s'])
                     else:
+                        # if DEBUG_LOG_SQL:
+                        #     log.d('SQL:', item['s'], item['v'], '\n')
                         conn.execute(item['s'], item['v'])
             return True
         except Exception as e:

server/www/teleport/webroot/app/controller/ops.py

@@ -36,8 +36,9 @@ class RemoteHandler(TPBaseHandler):
             return
 
         core_cfg = deepcopy(tp_cfg().core)
-        del core_cfg['replay_path']
-        del core_cfg['web_server_rpc']
+        if core_cfg.detected:
+            del core_cfg['replay_path']
+            del core_cfg['web_server_rpc']
 
         err, groups = group.get_host_groups_for_user(self.current_user['id'], self.current_user['privilege'])
         param = {

server/www/teleport/webroot/app/controller/system.py

@@ -180,7 +180,9 @@ class SysLogHandler(TPBaseHandler):
 
 class DoGetLogsHandler(TPBaseJsonHandler):
     def post(self):
-        # return self.write_json(0, data=[])
+        ret = self.check_privilege(TP_PRIVILEGE_SYS_LOG)
+        if ret != TPE_OK:
+            return
 
         filter = dict()
         order = dict()

server/www/teleport/webroot/app/model/syslog.py

@@ -26,16 +26,19 @@ def sys_log(operator, client_ip, code, message=""):
 
 
 def get_logs(sql_filter, sql_order, sql_limit):
-    s = SQL(get_db())
+    db = get_db()
+    s = SQL(db)
     s.select_from('syslog', ['id', 'user_name', 'user_surname', 'client_ip', 'code', 'log_time', 'message'], alt_name='l')
 
     str_where = ''
     _where = list()
+    sql_vars = list()
 
     if len(sql_filter) > 0:
         for k in sql_filter:
             if k == 'log_user_name':
-                _where.append('l.user_name="{}"'.format(sql_filter[k]))
+                _where.append('l.user_name={ph}'.format(ph=db.place_holder))
+                sql_vars.append(sql_filter[k])
             # elif k == 'search_record':
             #     _where.append('(h.name LIKE "%{}%" OR h.ip LIKE "%{}%" OR h.router_addr LIKE "%{}%" OR h.desc LIKE "%{}%" OR h.cid LIKE "%{}%")'.format(sql_filter[k], sql_filter[k], sql_filter[k], sql_filter[k], sql_filter[k]))
 
@@ -63,5 +66,5 @@ def get_logs(sql_filter, sql_order, sql_limit):
     if len(sql_limit) > 0:
         s.limit(sql_limit['page_index'], sql_limit['per_page'])
 
-    err = s.query()
+    err = s.query(sql_vars)
     return err, s.total_count, s.recorder