temp.

server/tp_core/core/ts_http_rpc.cpp

@@ -345,6 +345,7 @@ void TsHttpRpc::_rpc_func_request_session(const Json::Value& json_param, ex_astr
 		return;
 	}
 
+	// TODO: 解密操作应该延迟到使用密码/密钥时才进行，尽量减少明文出现的时间。
 	if(is_enc)
 	{
 		if (user_auth.length() > 0)

server/www/teleport/app/eom_app/controller/host.py

@@ -890,6 +890,11 @@ class AdminGetSessionId(SwxAuthJsonHandler):
             return
         host_auth_id = args['host_auth_id']
 
+        # host_auth_id 对应的是 ts_auth_info 表中的某个条目，含有具体的认证数据，因为管理员无需授权即可访问所有远程主机，因此
+        # 直接给出 host_auth_id，且account直接指明是admin，TODO: 应该是当前登录用户的用户名，这样能够自适应
+
+        # TODO: 从数据库中查询对应的认证数据后，缓存到内存中并对应一个负数的auth_id，发给core服务，从而取得一个session-id.
+
         values = host.get_host_auth_info(host_auth_id)
         if values is None:
             self.write_json(-1)
@@ -908,11 +913,18 @@ class AdminGetSessionId(SwxAuthJsonHandler):
         ts_server_rpc_port = cfg.core.rpc.port
 
         url = 'http://{}:{}/request_session'.format(ts_server_rpc_ip, ts_server_rpc_port)
+        req = {'method': 'request_session', 'param': {'authid': auth_id}}
         # values['auth_id'] = auth_id
-        return_data = post_http(url, values)
+        # return_data = post_http(url, values)
+        # if return_data is None:
+        #     return self.write_json(-1)
+        # return_data = json.loads(return_data)
+
+        _yr = async_post_http(url, req)
+        return_data = yield _yr
         if return_data is None:
             return self.write_json(-1)
-        return_data = json.loads(return_data)
+
         if 'code' not in return_data:
             return self.write_json(-1)
         _code = return_data['code']

server/www/teleport/app/eom_app/controller/rpc.py

@@ -62,7 +62,7 @@ class RpcHandler(SwxJsonHandler):
 
     def _get_auth_info(self, param):
         # todo: 如果是页面上进行连接测试（增加或修改主机和用户时），信息并不写入数据库，而是在内存中存在，传递给core服务的
-        # 应该是随机字符串做authid，名称为 tauthid。本接口应该支持区分这两种认证ID。
+        # 应该是负数形式的authid。本接口应该支持区分这两种认证ID。
 
         if 'authid' not in param:
             self.write_json(-1, message='invalid request.')

server/www/teleport/app/eom_app/module/host.py

@@ -785,24 +785,9 @@ def get_auth_info(auth_id):
         ','.join(['d.{}'.format(i) for i in field_d]),
         auth_id)
 
-    # print(str_sql)
-
-    """
-    "SELECT a.auth_id as auth_id, a.account_name as account_name, \
-    // a.host_auth_id as host_auth_id, a.host_id as host_id,host_lock, \
-    // b.host_sys_type as host_sys_type, host_ip, host_port, protocol, \
-    // c.user_pswd as user_pswd, c.cert_id as cert_id, c.user_name as user_name, \
-    // c.encrypt as encrypt, c.auth_mode as auth_mode,c.user_param as user_param, \
-    // d.account_lock as account_lock FROM ts_auth as a \
-    // LEFT JOIN ts_host_info as b ON a.host_id = b.host_id \
-    // LEFT JOIN ts_auth_info as c ON a.host_auth_id = c.id \
-    // LEFT JOIN ts_account as d ON a.account_name = d.account_name \
-    // WHERE a.auth_id=%d", auth_id
-    """
-
     db_ret = sql_exec.ExecProcQuery(str_sql)
 
-    if db_ret is None or len(db_ret) > 1:
+    if db_ret is None or len(db_ret) != 1:
         return None
 
     db_item = DbItem()
@@ -826,8 +811,6 @@ def get_auth_info(auth_id):
     ret['auth_mode'] = db_item.c_auth_mode
     ret['user_name'] = db_item.c_user_name
     ret['user_param'] = db_item.c_user_param
-    # ret['user_pswd'] = db_item.c_user_pswd
-    # ret['cert_id'] = db_item.c_cert_id
 
     if db_item.c_auth_mode == 1:
         ret['user_auth'] = db_item.c_user_pswd
@@ -836,7 +819,6 @@ def get_auth_info(auth_id):
 
         str_sql = 'SELECT cert_pri FROM ts_cert WHERE cert_id={}'.format(cert_id)
         db_ret = sql_exec.ExecProcQuery(str_sql)
-        print(db_ret)
         if db_ret is None or len(db_ret) > 1:
             return None
         ret['user_auth'] = db_ret[0][0]