diff --git a/external/fix-external/mbedtls/include/mbedtls/config.h b/external/fix-external/mbedtls/include/mbedtls/config.h index 5e64d18..08c6767 100755 --- a/external/fix-external/mbedtls/include/mbedtls/config.h +++ b/external/fix-external/mbedtls/include/mbedtls/config.h @@ -2306,7 +2306,7 @@ * it, and considering stronger message digests instead. * */ -//#define MBEDTLS_MD4_C +#define MBEDTLS_MD4_C /** * \def MBEDTLS_MD5_C diff --git a/server/www/teleport/webroot/app/base/controller.py b/server/www/teleport/webroot/app/base/controller.py index b540c1f..88d4e06 100644 --- a/server/www/teleport/webroot/app/base/controller.py +++ b/server/www/teleport/webroot/app/base/controller.py @@ -42,7 +42,7 @@ class TPBaseHandler(tornado.web.RequestHandler): self.set_header('Access-Control-Allow-Headers', '*') self.set_header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS') # self.set_header('Content-Type', 'application/json; charset=UTF-8') - # self.set_header('Access-Control-Allow-Headers', 'Content-Type') + self.set_header('Access-Control-Allow-Headers', 'Content-Type') # template_path = self.get_template_path() # self.lookup = mako.lookup.TemplateLookup(directories=[template_path], input_encoding='utf-8', output_encoding='utf-8') diff --git a/server/www/teleport/webroot/app/base/database/create.py b/server/www/teleport/webroot/app/base/database/create.py index 7284c2f..b4b9f06 100644 --- a/server/www/teleport/webroot/app/base/database/create.py +++ b/server/www/teleport/webroot/app/base/database/create.py @@ -27,10 +27,11 @@ class DatabaseInit: self._create_ops_policy() self._create_ops_auz() self._create_ops_map() + self._create_ops_token() + self._create_ops_token_key() self._create_audit_policy() self._create_audit_auz() self._create_audit_map() - self._create_ops_token() self._create_syslog() self._create_record() self._create_record_audit() diff --git a/server/www/teleport/webroot/app/base/db.py b/server/www/teleport/webroot/app/base/db.py index 2a249b9..edfdeab 100644 --- a/server/www/teleport/webroot/app/base/db.py +++ b/server/www/teleport/webroot/app/base/db.py @@ -22,6 +22,9 @@ __all__ = ['get_db', 'SQL'] # https://www.jianshu.com/p/0d234e14b5d3 +# DEBUG_LOG_SQL = False + + class TPDatabase: # 注意,每次调整数据库结构,必须增加版本号,并且在升级接口中编写对应的升级操作 # 20190123: server-v3.2.2, db-v7 @@ -441,6 +444,8 @@ class TPSqlitePool(TPDatabasePool): cursor = conn.cursor() try: cursor.execute(sql, args) + # if DEBUG_LOG_SQL: + # log.d('SQL:', sql, args, '\n') db_ret = cursor.fetchall() return db_ret except Exception as e: @@ -450,6 +455,8 @@ class TPSqlitePool(TPDatabasePool): cursor.close() def _do_exec(self, conn, sql, args): + # if DEBUG_LOG_SQL: + # log.d('SQL:', sql, args, '\n') try: with conn: conn.execute(sql, args) @@ -469,8 +476,12 @@ class TPSqlitePool(TPDatabasePool): # s = item['s'] # v = item['v'] if item['v'] is None: + # if DEBUG_LOG_SQL: + # log.d('SQL:', item['s'], '\n') conn.execute(item['s']) else: + # if DEBUG_LOG_SQL: + # log.d('SQL:', item['s'], item['v'], '\n') conn.execute(item['s'], item['v']) return True except Exception as e: diff --git a/server/www/teleport/webroot/app/controller/ops.py b/server/www/teleport/webroot/app/controller/ops.py index 5301895..1e93f92 100644 --- a/server/www/teleport/webroot/app/controller/ops.py +++ b/server/www/teleport/webroot/app/controller/ops.py @@ -36,8 +36,9 @@ class RemoteHandler(TPBaseHandler): return core_cfg = deepcopy(tp_cfg().core) - del core_cfg['replay_path'] - del core_cfg['web_server_rpc'] + if core_cfg.detected: + del core_cfg['replay_path'] + del core_cfg['web_server_rpc'] err, groups = group.get_host_groups_for_user(self.current_user['id'], self.current_user['privilege']) param = { diff --git a/server/www/teleport/webroot/app/controller/system.py b/server/www/teleport/webroot/app/controller/system.py index 8110ee6..45e0c4a 100644 --- a/server/www/teleport/webroot/app/controller/system.py +++ b/server/www/teleport/webroot/app/controller/system.py @@ -180,7 +180,9 @@ class SysLogHandler(TPBaseHandler): class DoGetLogsHandler(TPBaseJsonHandler): def post(self): - # return self.write_json(0, data=[]) + ret = self.check_privilege(TP_PRIVILEGE_SYS_LOG) + if ret != TPE_OK: + return filter = dict() order = dict() diff --git a/server/www/teleport/webroot/app/model/syslog.py b/server/www/teleport/webroot/app/model/syslog.py index 9bdab86..4ce33dc 100644 --- a/server/www/teleport/webroot/app/model/syslog.py +++ b/server/www/teleport/webroot/app/model/syslog.py @@ -26,16 +26,19 @@ def sys_log(operator, client_ip, code, message=""): def get_logs(sql_filter, sql_order, sql_limit): - s = SQL(get_db()) + db = get_db() + s = SQL(db) s.select_from('syslog', ['id', 'user_name', 'user_surname', 'client_ip', 'code', 'log_time', 'message'], alt_name='l') str_where = '' _where = list() + sql_vars = list() if len(sql_filter) > 0: for k in sql_filter: if k == 'log_user_name': - _where.append('l.user_name="{}"'.format(sql_filter[k])) + _where.append('l.user_name={ph}'.format(ph=db.place_holder)) + sql_vars.append(sql_filter[k]) # elif k == 'search_record': # _where.append('(h.name LIKE "%{}%" OR h.ip LIKE "%{}%" OR h.router_addr LIKE "%{}%" OR h.desc LIKE "%{}%" OR h.cid LIKE "%{}%")'.format(sql_filter[k], sql_filter[k], sql_filter[k], sql_filter[k], sql_filter[k])) @@ -63,5 +66,5 @@ def get_logs(sql_filter, sql_order, sql_limit): if len(sql_limit) > 0: s.limit(sql_limit['page_index'], sql_limit['per_page']) - err = s.query() + err = s.query(sql_vars) return err, s.total_count, s.recorder