Skip to content

C
coco
Unverified Commit 40ac8f51 authored by 老广's avatar 老广 Committed by GitHub
Browse files
Options

Merge pull request #58 from jumpserver/dev 

添加eventlet支持websocket模式,优化storage等
parents 14ccd1b0 64b655aa
Hide whitespace changes
Inline Side-by-side
Showing with 716 additions and 661 deletions
coco/app.py
View file @ 40ac8f51
...@@ -9,6 +9,8 @@ import threading ...@@ -9,6 +9,8 @@ import threading
import socket import socket
import json import json
import signal import signal
import eventlet
from eventlet.debug import hub_prevent_multiple_readers
from jms.service import AppService from jms.service import AppService
...@@ -17,9 +19,11 @@ from .sshd import SSHServer ...@@ -17,9 +19,11 @@ from .sshd import SSHServer
from .httpd import HttpServer from .httpd import HttpServer
from .logger import create_logger from .logger import create_logger
from .tasks import TaskHandler from .tasks import TaskHandler
from .recorder import get_command_recorder_class, ServerReplayRecorder from .recorder import ReplayRecorder, CommandRecorder
from .utils import get_logger from .utils import get_logger, register_app, register_service
eventlet.monkey_patch()
hub_prevent_multiple_readers(False)
__version__ = '1.3.0' __version__ = '1.3.0'
...@@ -56,7 +60,6 @@ class Coco: ...@@ -56,7 +60,6 @@ class Coco:
def __init__(self, root_path=None): def __init__(self, root_path=None):
self.root_path = root_path if root_path else BASE_DIR self.root_path = root_path if root_path else BASE_DIR
self.config = self.config_class(self.root_path, defaults=self.default_config)
self.sessions = [] self.sessions = []
self.clients = [] self.clients = []
self.lock = threading.Lock() self.lock = threading.Lock()
...@@ -67,6 +70,14 @@ class Coco: ...@@ -67,6 +70,14 @@ class Coco:
self.replay_recorder_class = None self.replay_recorder_class = None
self.command_recorder_class = None self.command_recorder_class = None
self._task_handler = None self._task_handler = None
self.config = None
self.init_config()
register_app(self)
def init_config(self):
self.config = self.config_class(
self.root_path, defaults=self.default_config
)
@property @property
def name(self): def name(self):
...@@ -79,24 +90,25 @@ class Coco: ...@@ -79,24 +90,25 @@ class Coco:
def service(self): def service(self):
if self._service is None: if self._service is None:
self._service = AppService(self) self._service = AppService(self)
register_service(self._service)
return self._service return self._service
@property @property
def sshd(self): def sshd(self):
if self._sshd is None: if self._sshd is None:
self._sshd = SSHServer(self) self._sshd = SSHServer()
return self._sshd return self._sshd
@property @property
def httpd(self): def httpd(self):
if self._httpd is None: if self._httpd is None:
self._httpd = HttpServer(self) self._httpd = HttpServer()
return self._httpd return self._httpd
@property @property
def task_handler(self): def task_handler(self):
if self._task_handler is None: if self._task_handler is None:
self._task_handler = TaskHandler(self) self._task_handler = TaskHandler()
return self._task_handler return self._task_handler
def make_logger(self): def make_logger(self):
...@@ -109,24 +121,21 @@ class Coco: ...@@ -109,24 +121,21 @@ class Coco:
)) ))
self.config.update(configs) self.config.update(configs)
def get_recorder_class(self): @staticmethod
self.replay_recorder_class = ServerReplayRecorder def new_command_recorder():
self.command_recorder_class = get_command_recorder_class(self.config) return CommandRecorder()
def new_command_recorder(self):
recorder = self.command_recorder_class(self)
return recorder
def new_replay_recorder(self): @staticmethod
return self.replay_recorder_class(self) def new_replay_recorder():
return ReplayRecorder()
def bootstrap(self): def bootstrap(self):
self.make_logger() self.make_logger()
self.service.initial() self.service.initial()
self.load_extra_conf_from_server() self.load_extra_conf_from_server()
self.get_recorder_class()
self.keep_heartbeat() self.keep_heartbeat()
self.monitor_sessions() self.monitor_sessions()
self.monitor_sessions_replay()
def heartbeat(self): def heartbeat(self):
_sessions = [s.to_json() for s in self.sessions] _sessions = [s.to_json() for s in self.sessions]
...@@ -155,6 +164,31 @@ class Coco: ...@@ -155,6 +164,31 @@ class Coco:
thread = threading.Thread(target=func) thread = threading.Thread(target=func)
thread.start() thread.start()
def monitor_sessions_replay(self):
interval = 10
recorder = self.new_replay_recorder()
log_dir = os.path.join(self.config['LOG_DIR'])
def func():
while not self.stop_evt.is_set():
active_sessions = [str(session.id) for session in self.sessions]
for filename in os.listdir(log_dir):
session_id = filename.split('.')[0]
full_path = os.path.join(log_dir, filename)
if len(session_id) != 36:
continue
if session_id not in active_sessions:
recorder.file_path = full_path
ok = recorder.upload_replay(session_id, 1)
if not ok and os.path.getsize(full_path) == 0:
os.unlink(full_path)
time.sleep(interval)
thread = threading.Thread(target=func)
thread.start()
def monitor_sessions(self): def monitor_sessions(self):
interval = self.config["HEARTBEAT_INTERVAL"] interval = self.config["HEARTBEAT_INTERVAL"]
...@@ -188,9 +222,11 @@ class Coco: ...@@ -188,9 +222,11 @@ class Coco:
self.run_httpd() self.run_httpd()
signal.signal(signal.SIGTERM, lambda x, y: self.shutdown()) signal.signal(signal.SIGTERM, lambda x, y: self.shutdown())
while self.stop_evt.wait(5): while True:
print("Coco receive term signal, exit") if self.stop_evt.is_set():
break print("Coco receive term signal, exit")
break
time.sleep(3)
except KeyboardInterrupt: except KeyboardInterrupt:
self.stop_evt.set() self.stop_evt.set()
self.shutdown() self.shutdown()
...@@ -218,13 +254,19 @@ class Coco: ...@@ -218,13 +254,19 @@ class Coco:
def add_client(self, client): def add_client(self, client):
with self.lock: with self.lock:
self.clients.append(client) self.clients.append(client)
logger.info("New client {} join, total {} now".format(client, len(self.clients))) logger.info("New client {} join, total {} now".format(
client, len(self.clients)
)
)
def remove_client(self, client): def remove_client(self, client):
with self.lock: with self.lock:
try: try:
self.clients.remove(client) self.clients.remove(client)
logger.info("Client {} leave, total {} now".format(client, len(self.clients))) logger.info("Client {} leave, total {} now".format(
client, len(self.clients)
)
)
client.close() client.close()
except: except:
pass pass
...@@ -241,4 +283,5 @@ class Coco: ...@@ -241,4 +283,5 @@ class Coco:
self.sessions.remove(session) self.sessions.remove(session)
self.service.finish_session(session.to_json()) self.service.finish_session(session.to_json())
except ValueError: except ValueError:
logger.warning("Remove session: {} fail, maybe already removed".format(session)) msg = "Remove session: {} fail, maybe already removed"
\ No newline at end of file logger.warning(msg.format(session))
coco/connection.py
View file @ 40ac8f51
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
import weakref
import os import os
import socket import socket
import paramiko import paramiko
from paramiko.ssh_exception import SSHException from paramiko.ssh_exception import SSHException
from .ctx import app_service
from .utils import get_logger, get_private_key_fingerprint from .utils import get_logger, get_private_key_fingerprint
logger = get_logger(__file__) logger = get_logger(__file__)
...@@ -15,21 +15,26 @@ TIMEOUT = 10 ...@@ -15,21 +15,26 @@ TIMEOUT = 10
class SSHConnection: class SSHConnection:
def __init__(self, app): def get_system_user_auth(self, system_user):
self._app = weakref.ref(app) """
获取系统用户的认证信息,密码或秘钥
@property :return: system user have full info
def app(self): """
return self._app() password, private_key = \
app_service.get_system_user_auth_info(system_user)
system_user.password = password
system_user.private_key = private_key
def get_ssh_client(self, asset, system_user): def get_ssh_client(self, asset, system_user):
ssh = paramiko.SSHClient() ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
sock = None sock = None
self.get_system_user_auth(system_user)
if not system_user.password and not system_user.private_key:
self.get_system_user_auth(system_user)
if asset.domain: if asset.domain:
sock = self.get_proxy_sock(asset) sock = self.get_proxy_sock_v2(asset)
try: try:
ssh.connect( ssh.connect(
...@@ -56,44 +61,62 @@ class SSHConnection: ...@@ -56,44 +61,62 @@ class SSHConnection:
system_user.username, asset.ip, asset.port, system_user.username, asset.ip, asset.port,
password_short, key_fingerprint, password_short, key_fingerprint,
)) ))
return None, str(e) return None, None, str(e)
except (socket.error, TimeoutError) as e: except (socket.error, TimeoutError) as e:
return None, str(e) return None, None, str(e)
return ssh, None return ssh, sock, None
def get_transport(self, asset, system_user): def get_transport(self, asset, system_user):
ssh, msg = self.get_ssh_client(asset, system_user) ssh, sock, msg = self.get_ssh_client(asset, system_user)
if ssh: if ssh:
return ssh.get_transport(), None return ssh.get_transport(), sock, None
else: else:
return None, msg return None, None, msg
def get_channel(self, asset, system_user, term="xterm", width=80, height=24): def get_channel(self, asset, system_user, term="xterm", width=80, height=24):
ssh, msg = self.get_ssh_client(asset, system_user) ssh, sock, msg = self.get_ssh_client(asset, system_user)
if ssh: if ssh:
chan = ssh.invoke_shell(term, width=width, height=height) chan = ssh.invoke_shell(term, width=width, height=height)
return chan, None return chan, sock, None
else: else:
return None, msg return None, sock, msg
def get_sftp(self, asset, system_user): def get_sftp(self, asset, system_user):
ssh, msg = self.get_ssh_client(asset, system_user) ssh, sock, msg = self.get_ssh_client(asset, system_user)
if ssh: if ssh:
return ssh.open_sftp(), None return ssh.open_sftp(), sock, None
else: else:
return None, msg return None, sock, msg
def get_system_user_auth(self, system_user): @staticmethod
""" def get_proxy_sock_v2(asset):
获取系统用户的认证信息,密码或秘钥 sock = None
:return: system user have full info domain = app_service.get_domain_detail_with_gateway(
""" asset.domain
system_user.password, system_user.private_key = \ )
self.app.service.get_system_user_auth_info(system_user) if not domain.has_ssh_gateway():
return None
for i in domain.gateways:
gateway = domain.random_ssh_gateway()
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(gateway.ip, username=gateway.username,
password=gateway.password,
pkey=gateway.private_key_obj)
except(paramiko.AuthenticationException,
paramiko.BadAuthenticationType,
SSHException):
continue
sock = ssh.get_transport().open_channel(
'direct-tcpip', (asset.ip, asset.port), ('127.0.0.1', 0)
)
break
return sock
def get_proxy_sock(self, asset): def get_proxy_sock(self, asset):
sock = None sock = None
domain = self.app.service.get_domain_detail_with_gateway( domain = app_service.get_domain_detail_with_gateway(
asset.domain asset.domain
) )
if not domain.has_ssh_gateway(): if not domain.has_ssh_gateway():
......
coco/ctx.py 0 → 100644
View file @ 40ac8f51
# -*- coding: utf-8 -*-
#
from werkzeug.local import LocalProxy
from functools import partial
stack = {}
def _find(name):
if stack.get(name):
return stack[name]
else:
raise ValueError("Not found in stack: {}".format(name))
current_app = LocalProxy(partial(_find, 'app'))
app_service = LocalProxy(partial(_find, 'service'))
# current_app = []
# current_service = []
coco/httpd.py
View file @ 40ac8f51
...@@ -4,32 +4,25 @@ ...@@ -4,32 +4,25 @@
import os import os
import socket import socket
import uuid import uuid
from flask_socketio import SocketIO, Namespace, join_room, leave_room from flask_socketio import SocketIO, Namespace, join_room
from flask import Flask, request, current_app, redirect from flask import Flask, request, current_app, redirect
from .models import Request, Client, WSProxy from .models import Request, Client, WSProxy
from .proxy import ProxyServer from .proxy import ProxyServer
from .utils import get_logger from .utils import get_logger
from .ctx import current_app, app_service
__version__ = '0.5.0'
BASE_DIR = os.path.dirname(os.path.dirname(__file__)) BASE_DIR = os.path.dirname(os.path.dirname(__file__))
logger = get_logger(__file__) logger = get_logger(__file__)
class BaseNamespace(Namespace): class BaseNamespace(Namespace):
clients = None
current_user = None current_user = None
@property
def app(self):
app = current_app.config['coco']
return app
def on_connect(self): def on_connect(self):
self.current_user = self.get_current_user() self.current_user = self.get_current_user()
if self.current_user is None: if self.current_user is None:
return redirect(current_app.config['LOGIN_URL']) return redirect(self.socketio.config['LOGIN_URL'])
logger.debug("{} connect websocket".format(self.current_user)) logger.debug("{} connect websocket".format(self.current_user))
def get_current_user(self): def get_current_user(self):
...@@ -38,249 +31,253 @@ class BaseNamespace(Namespace): ...@@ -38,249 +31,253 @@ class BaseNamespace(Namespace):
token = request.headers.get("Authorization") token = request.headers.get("Authorization")
user = None user = None
if session_id and csrf_token: if session_id and csrf_token:
user = self.app.service.check_user_cookie(session_id, csrf_token) user = app_service.check_user_cookie(session_id, csrf_token)
if token: if token:
user = self.app.service.check_user_with_token(token) user = app_service.check_user_with_token(token)
return user return user
def close(self):
try:
self.clients[request.sid]["client"].close()
except:
pass
class ProxyNamespace(BaseNamespace): class ProxyNamespace(BaseNamespace):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
"""
:param args:
:param kwargs:
self.connections = {
"request_sid": {
"room_id": {
"id": room_id,
"proxy": None,
"client": None,
"forwarder": None,
"request": None,
"cols": 80,
"rows": 24
},
...
},
...
}
"""
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.clients = dict() self.connections = dict()
self.rooms = dict()
def new_connection(self):
def new_client(self): self.connections[request.sid] = dict()
room = str(uuid.uuid4())
client = { def new_room(self):
"cols": int(request.cookies.get('cols', 80)), room_id = str(uuid.uuid4())
"rows": int(request.cookies.get('rows', 24)), room = {
"room": room, "id": room_id,
"proxy": dict(), "proxy": None,
"client": dict(), "client": None,
"forwarder": dict(), "forwarder": None,
"request": self.make_coco_request() "request": self.make_coco_request(),
"cols": 80,
"rows": 24
} }
return client self.connections[request.sid][room_id] = room
return room
def make_coco_request(self):
x_forwarded_for = request.headers.get("X-Forwarded-For", '').split(',')
if x_forwarded_for and x_forwarded_for[0]:
remote_ip = x_forwarded_for[0]
else:
remote_ip = request.remote_addr
width_request = request.cookies.get('cols') @staticmethod
def get_win_size():
cols_request = request.cookies.get('cols')
rows_request = request.cookies.get('rows') rows_request = request.cookies.get('rows')
if width_request and width_request.isdigit(): if cols_request and cols_request.isdigit():
width = int(width_request) cols = int(cols_request)
else: else:
width = 80 cols = 80
if rows_request and rows_request.isdigit(): if rows_request and rows_request.isdigit():
rows = int(rows_request) rows = int(rows_request)
else: else:
rows = 24 rows = 24
return cols, rows
def make_coco_request(self):
x_forwarded_for = request.headers.get("X-Forwarded-For", '').split(',')
if x_forwarded_for and x_forwarded_for[0]:
remote_ip = x_forwarded_for[0]
else:
remote_ip = request.remote_addr
width, height = self.get_win_size()
req = Request((remote_ip, 0)) req = Request((remote_ip, 0))
req.user = self.current_user req.user = self.current_user
req.meta = { req.meta = {
"width": width, "width": width,
"height": rows, "height": height,
} }
return req return req
def on_connect(self): def on_connect(self):
logger.debug("On connect event trigger") logger.debug("On connect event trigger")
super().on_connect() super().on_connect()
client = self.new_client() self.new_connection()
self.clients[request.sid] = client
self.rooms[client['room']] = {
"admin": request.sid,
"member": [],
"rw": []
}
join_room(client['room'])
def on_data(self, message):
"""
收到浏览器请求
:param message: {"data": "xxx", "room": "xxx"}
:return:
"""
room = message.get('room')
if not room:
return
room_proxy = self.clients[request.sid]['proxy'].get(room)
if room_proxy:
room_proxy.send({"data": message['data']})
def on_host(self, message): def on_host(self, message):
# 此处获取主机的信息 # 此处获取主机的信息
logger.debug("On host event trigger") logger.debug("On host event trigger")
connection = str(uuid.uuid4())
asset_id = message.get('uuid', None) asset_id = message.get('uuid', None)
user_id = message.get('userid', None) user_id = message.get('userid', None)
secret = message.get('secret', None) secret = message.get('secret', None)
room = self.new_room()
self.emit('room', {'room': connection, 'secret': secret}) self.emit('room', {'room': room["id"], 'secret': secret})
join_room(room["id"])
if not asset_id or not user_id: if not asset_id or not user_id:
# self.on_connect() # self.on_connect()
return return
asset = self.app.service.get_asset(asset_id) asset = app_service.get_asset(asset_id)
system_user = self.app.service.get_system_user(user_id) system_user = app_service.get_system_user(user_id)
if not asset or not system_user: if not asset or not system_user:
self.on_connect() self.on_connect()
return return
child, parent = socket.socketpair() child, parent = socket.socketpair()
self.clients[request.sid]["client"][connection] = Client( client = Client(parent, room["request"])
parent, self.clients[request.sid]["request"] forwarder = ProxyServer(client)
) room["client"] = client
self.clients[request.sid]["proxy"][connection] = WSProxy( room["forwarder"] = forwarder
self, child, self.clients[request.sid]["room"], connection room["proxy"] = WSProxy(self, child, room["id"])
) room["cols"], room["rows"] = self.get_win_size()
self.clients[request.sid]["forwarder"][connection] = ProxyServer(
self.app, self.clients[request.sid]["client"][connection]
)
self.socketio.start_background_task( self.socketio.start_background_task(
self.clients[request.sid]["forwarder"][connection].proxy, forwarder.proxy, asset, system_user
asset, system_user
) )
def on_data(self, message):
"""
收到浏览器请求
:param message: {"data": "xxx", "room": "xxx"}
:return:
"""
room_id = message.get('room')
room = self.connections.get(request.sid, {}).get(room_id)
if not room:
return
room["proxy"].send({"data": message['data']})
def on_token(self, message): def on_token(self, message):
# 此处获取token含有的主机的信息 # 此处获取token含有的主机的信息
logger.debug("On token trigger") logger.debug("On token trigger")
logger.debug(message)
token = message.get('token', None) token = message.get('token', None)
secret = message.get('secret', None) secret = message.get('secret', None)
connection = str(uuid.uuid4()) room = self.new_room()
self.emit('room', {'room': connection, 'secret': secret}) self.emit('room', {'room': room["id"], 'secret': secret})
if not (token or secret): self.socketio.sleep(0)
logger.debug("token or secret is None") if not token or not secret:
self.emit('data', {'data': "\nOperation not permitted!", 'room': connection}) logger.debug("Token or secret is None")
self.emit('data', {'data': "\nOperation not permitted!",
'room': room["id"]})
self.emit('disconnect') self.emit('disconnect')
self.socketio.sleep(0)
return None return None
host = self.app.service.get_token_asset(token) info = app_service.get_token_asset(token)
logger.debug(host) logger.debug(info)
if not host: if not info:
logger.debug("host is None") logger.debug("Token info is None")
self.emit('data', {'data': "\nOperation not permitted!", 'room': connection}) self.emit('data', {'data': "\nOperation not permitted!",
'room': room["id"]})
self.emit('disconnect') self.emit('disconnect')
self.socketio.sleep(0)
return None return None
user_id = host.get('user', None) user_id = info.get('user', None)
logger.debug("self.current_user") self.current_user = app_service.get_user_profile(user_id)
self.current_user = self.app.service.get_user_profile(user_id) room["request"].user = self.current_user
self.clients[request.sid]["request"].user = self.current_user
logger.debug(self.current_user) logger.debug(self.current_user)
# { self.on_host({
# "user": {UUID}, 'secret': secret,
# "asset": {UUID}, 'uuid': info['asset'],
# "system_user": {UUID} 'userid': info['system_user'],
# } })
self.on_host({'secret': secret, 'uuid': host['asset'], 'userid': host['system_user']})
def on_resize(self, message): def on_resize(self, message):
cols = message.get('cols') cols, rows = message.get('cols', None), message.get('rows', None)
rows = message.get('rows')
logger.debug("On resize event trigger: {}*{}".format(cols, rows)) logger.debug("On resize event trigger: {}*{}".format(cols, rows))
if cols and rows and self.clients[request.sid]["request"]: rooms = self.connections.get(request.sid)
self.clients[request.sid]["request"].meta['width'] = cols if not rooms:
self.clients[request.sid]["request"].meta['height'] = rows return
self.clients[request.sid]["request"].change_size_event.set() room = list(rooms.values())[0]
if rooms and (room["cols"], room["rows"]) != (cols, rows):
def on_room(self, session_id): for room in rooms.values():
logger.debug("On room event trigger") room["request"].meta.update({
if session_id not in self.clients.keys(): 'width': cols, 'height': rows
self.emit( })
'error', "no such session", room["request"].change_size_event.set()
room=self.clients[request.sid]["room"] room.update({"cols": cols, "rows": rows})
)
else:
self.emit(
'room', self.clients[session_id]["room"],
room=self.clients[request.sid]["room"]
)
def on_join(self, room):
logger.debug("On join room event trigger")
self.on_leave(self.clients[request.id]["room"])
self.clients[request.sid]["room"] = room
self.rooms[room]["member"].append(request.sid)
join_room(room=room)
def on_leave(self, room):
logger.debug("On leave room event trigger")
if self.rooms[room]["admin"] == request.sid:
self.emit("data", "\nAdmin leave", room=room)
del self.rooms[room]
leave_room(room=room)
def on_disconnect(self): def on_disconnect(self):
logger.debug("On disconnect event trigger") logger.debug("On disconnect event trigger")
self.on_leave(self.clients[request.sid]["room"]) rooms = {k: v for k, v in self.connections.get(request.sid, {}).items()}
try: for room_id in rooms:
for connection in self.clients[request.sid]["client"]: try:
self.on_logout(connection) self.on_logout(room_id)
del self.clients[request.sid] except Exception as e:
except: logger.warn(e)
pass del self.connections[request.sid]
def on_logout(self, connection): def on_logout(self, room_id):
logger.debug("On logout event trigger") room = self.connections.get(request.sid, {}).get(room_id)
if connection: if room:
if connection in self.clients[request.sid]["proxy"].keys(): room["proxy"].close()
self.clients[request.sid]["proxy"][connection].close() self.close_room(room_id)
del self.clients[request.sid]['proxy'][connection] del self.connections[request.sid][room_id]
del room
def logout(self, connection):
if connection and (request.sid in self.clients.keys()): def on_ping(self):
if connection in self.clients[request.sid]["proxy"].keys(): self.emit('pong')
del self.clients[request.sid]["proxy"][connection]
if connection in self.clients[request.sid]["forwarder"].keys():
del self.clients[request.sid]["forwarder"][connection]
if connection in self.clients[request.sid]["client"].keys():
del self.clients[request.sid]["client"][connection]
class HttpServer: class HttpServer:
# prepare may be rewrite it # prepare may be rewrite it
config = { config = {
'SECRET_KEY': '', 'SECRET_KEY': 'someWOrkSD20KMS9330)&#',
'coco': None, 'coco': None,
'LOGIN_URL': '/login' 'LOGIN_URL': '/login'
} }
async_mode = "threading" init_kwargs = dict(
async_mode="eventlet",
def __init__(self, coco): # async_mode="threading",
config = coco.config # ping_timeout=20,
# ping_interval=10,
# engineio_logger=True,
# logger=True
)
def __init__(self):
config = {k: v for k, v in current_app.config.items()}
config.update(self.config) config.update(self.config)
config['coco'] = coco
self.flask_app = Flask(__name__, template_folder='dist') self.flask_app = Flask(__name__, template_folder='dist')
self.flask_app.config.update(config) self.flask_app.config.update(config)
self.socket_io = SocketIO() self.socket_io = SocketIO()
self.register_routes() self.register_routes()
self.register_error_handler()
def register_routes(self): def register_routes(self):
self.socket_io.on_namespace(ProxyNamespace('/ssh')) self.socket_io.on_namespace(ProxyNamespace('/ssh'))
@staticmethod
def on_error_default(e):
logger.exception(e)
def register_error_handler(self):
self.socket_io.on_error_default(self.on_error_default)
def run(self): def run(self):
host = self.flask_app.config["BIND_HOST"] host = self.flask_app.config["BIND_HOST"]
port = self.flask_app.config["HTTPD_PORT"] port = self.flask_app.config["HTTPD_PORT"]
self.socket_io.init_app(self.flask_app, async_mode=self.async_mode) print('Starting websocket server at {}:{}'.format(host, port))
self.socket_io.init_app(
self.flask_app,
**self.init_kwargs
)
self.socket_io.run(self.flask_app, port=port, host=host, debug=False) self.socket_io.run(self.flask_app, port=port, host=host, debug=False)
def shutdown(self): def shutdown(self):
self.socket_io.stop()
pass pass
coco/interactive.py
View file @ 40ac8f51
...@@ -4,16 +4,14 @@ ...@@ -4,16 +4,14 @@
import socket import socket
import threading import threading
import weakref
import os import os
from jms.models import Asset, AssetGroup
from . import char from . import char
from .utils import wrap_with_line_feed as wr, wrap_with_title as title, \ from .utils import wrap_with_line_feed as wr, wrap_with_title as title, \
wrap_with_primary as primary, wrap_with_warning as warning, \ wrap_with_warning as warning, is_obj_attr_has, is_obj_attr_eq, \
is_obj_attr_has, is_obj_attr_eq, sort_assets, TtyIOParser, \ sort_assets, ugettext as _, get_logger, net_input, format_with_zh, \
ugettext as _, get_logger item_max_length, size_of_str_with_zh
from .ctx import current_app, app_service
from .proxy import ProxyServer from .proxy import ProxyServer
logger = get_logger(__file__) logger = get_logger(__file__)
...@@ -22,19 +20,14 @@ logger = get_logger(__file__) ...@@ -22,19 +20,14 @@ logger = get_logger(__file__)
class InteractiveServer: class InteractiveServer:
_sentinel = object() _sentinel = object()
def __init__(self, app, client): def __init__(self, client):
self._app = weakref.ref(app)
self.client = client self.client = client
self.request = client.request self.request = client.request
self.assets = None self.assets = None
self._search_result = None self._search_result = None
self.asset_groups = None self.nodes = None
self.get_user_assets_async() self.get_user_assets_async()
self.get_user_asset_groups_async() self.get_user_nodes_async()
@property
def app(self):
return self._app()
@property @property
def search_result(self): def search_result(self):
...@@ -45,12 +38,15 @@ class InteractiveServer: ...@@ -45,12 +38,15 @@ class InteractiveServer:
@search_result.setter @search_result.setter
def search_result(self, value): def search_result(self, value):
if not value:
self._search_result = value
return
value = self.filter_system_users(value) value = self.filter_system_users(value)
self._search_result = value self._search_result = value
def display_banner(self): def display_banner(self):
self.client.send(char.CLEAR_CHAR) self.client.send(char.CLEAR_CHAR)
logo_path = os.path.join(self.app.root_path, "logo.txt") logo_path = os.path.join(current_app.root_path, "logo.txt")
if os.path.isfile(logo_path): if os.path.isfile(logo_path):
with open(logo_path, 'rb') as f: with open(logo_path, 'rb') as f:
for i in f: for i in f:
...@@ -61,73 +57,16 @@ class InteractiveServer: ...@@ -61,73 +57,16 @@ class InteractiveServer:
banner = _("""\n {title} {user}, 欢迎使用Jumpserver开源跳板机系统 {end}\r\n\r banner = _("""\n {title} {user}, 欢迎使用Jumpserver开源跳板机系统 {end}\r\n\r
1) 输入 {green}ID{end} 直接登录 或 输入{green}部分 IP,主机名,备注{end} 进行搜索登录(如果唯一).\r 1) 输入 {green}ID{end} 直接登录 或 输入{green}部分 IP,主机名,备注{end} 进行搜索登录(如果唯一).\r
2) 输入 {green}/{end} + {green}IP, 主机名{end} or {green}备注 {end}搜索. 如: /ip\r 2) 输入 {green}/{end} + {green}IP, 主机名{end} or {green}备注 {end}搜索. 如: /ip\r
3) 输入 {green}P/p{end} 显示您有权限的主机.\r 3) 输入 {green}p{end} 显示您有权限的主机.\r
4) 输入 {green}G/g{end} 显示您有权限的主机组.\r 4) 输入 {green}g{end} 显示您有权限的节点\r
5) 输入 {green}G/g{end} + {green}组ID{end} 显示该组下主机. 如: g1\r 5) 输入 {green}g{end} + {green}组ID{end} 显示节点下主机. 如: g1\r
6) 输入 {green}H/h{end} 帮助.\r 6) 输入 {green}h{end} 帮助.\r
0) 输入 {green}Q/q{end} 退出.\r\n""").format( 0) 输入 {green}q{end} 退出.\r\n""").format(
title="\033[1;32m", green="\033[32m", title="\033[1;32m", green="\033[32m",
end="\033[0m", user=self.client.user end="\033[0m", user=self.client.user
) )
self.client.send(banner) self.client.send(banner)
def get_option(self, prompt='Opt> '):
"""实现了一个ssh input, 提示用户输入, 获取并返回
:return user input string
"""
# Todo: 实现自动hostname或IP补全
input_data = []
parser = TtyIOParser()
self.client.send(wr(prompt, before=1, after=0))
while True:
data = self.client.recv(10)
if len(data) == 0:
self.app.remove_client(self.client)
break
# Client input backspace
if data in char.BACKSPACE_CHAR:
# If input words less than 0, should send 'BELL'
if len(input_data) > 0:
data = char.BACKSPACE_CHAR[data]
input_data.pop()
else:
data = char.BELL_CHAR
self.client.send(data)
continue
if data.startswith(b'\x03'):
# Ctrl-C
self.client.send(b'^C\r\nOpt> ')
input_data = []
continue
elif data.startswith(b'\x04'):
# Ctrl-D
return 'q'
# Todo: Move x1b to char
if data.startswith(b'\x1b') or data in char.UNSUPPORTED_CHAR:
self.client.send(b'')
continue
# handle shell expect
multi_char_with_enter = False
if len(data) > 1 and data[-1] in char.ENTER_CHAR_ORDER:
self.client.send(data)
input_data.append(data[:-1])
multi_char_with_enter = True
# If user type ENTER we should get user input
if data in char.ENTER_CHAR or multi_char_with_enter:
self.client.send(wr(b'', after=2))
option = parser.parse_input(input_data)
del input_data[:]
return option.strip()
else:
self.client.send(data)
input_data.append(data)
def dispatch(self, opt): def dispatch(self, opt):
if opt is None: if opt is None:
return self._sentinel return self._sentinel
...@@ -136,9 +75,9 @@ class InteractiveServer: ...@@ -136,9 +75,9 @@ class InteractiveServer:
elif opt in ['p', 'P', '']: elif opt in ['p', 'P', '']:
self.display_assets() self.display_assets()
elif opt in ['g', 'G']: elif opt in ['g', 'G']:
self.display_asset_groups() self.display_nodes()
elif opt.startswith("g") and opt.lstrip("g").isdigit(): elif opt.startswith("g") and opt.lstrip("g").isdigit():
self.display_group_assets(int(opt.lstrip("g"))) self.display_node_assets(int(opt.lstrip("g")))
elif opt in ['q', 'Q', 'exit', 'quit']: elif opt in ['q', 'Q', 'exit', 'quit']:
return self._sentinel return self._sentinel
elif opt in ['h', 'H']: elif opt in ['h', 'H']:
...@@ -152,21 +91,24 @@ class InteractiveServer: ...@@ -152,21 +91,24 @@ class InteractiveServer:
result = [] result = []
# 所有的 # 所有的
if q == '': if q in ('', None):
result = self.assets result = self.assets
# 用户输入的是数字,可能想使用id唯一键搜索 # 用户输入的是数字,可能想使用id唯一键搜索
elif q.isdigit() and self.search_result and len(self.search_result) >= int(q): elif q.isdigit() and self.search_result and \
len(self.search_result) >= int(q):
result = [self.search_result[int(q) - 1]] result = [self.search_result[int(q) - 1]]
# 全匹配到则直接返回全匹配的 # 全匹配到则直接返回全匹配的
if len(result) == 0: if len(result) == 0:
_result = [asset for asset in self.assets if is_obj_attr_eq(asset, q)] _result = [asset for asset in self.assets
if is_obj_attr_eq(asset, q)]
if len(_result) == 1: if len(_result) == 1:
result = _result result = _result
# 最后模糊匹配 # 最后模糊匹配
if len(result) == 0: if len(result) == 0:
result = [asset for asset in self.assets if is_obj_attr_has(asset, q)] result = [asset for asset in self.assets
if is_obj_attr_has(asset, q)]
self.search_result = result self.search_result = result
...@@ -177,52 +119,69 @@ class InteractiveServer: ...@@ -177,52 +119,69 @@ class InteractiveServer:
""" """
self.search_and_display('') self.search_and_display('')
def display_asset_groups(self): def display_nodes(self):
if self.asset_groups is None: if self.nodes is None:
self.get_user_asset_groups() self.get_user_nodes()
if len(self.asset_groups) == 0: if len(self.nodes) == 0:
self.client.send(warning(_("无"))) self.client.send(warning(_("无")))
return return
fake_group = AssetGroup(name=_("Name"), assets_amount=_("Assets"), comment=_("Comment")) id_length = max(len(str(len(self.nodes))), 5)
id_max_length = max(len(str(len(self.asset_groups))), 5) name_length = item_max_length(self.nodes, 15, key=lambda x: x.name)
name_max_length = max(max([len(group.name) for group in self.asset_groups]), 15) amount_length = item_max_length(self.nodes, 10,
amount_max_length = max(len(str(max([group.assets_amount for group in self.asset_groups]))), 10) key=lambda x: x.assets_amount)
header = '{1:>%d} {0.name:%d} {0.assets_amount:<%s} ' % (id_max_length, name_max_length, amount_max_length) size_list = [id_length, name_length, amount_length]
comment_length = max(self.request.meta["width"] - len(header.format(fake_group, id_max_length)), 2) fake_data = ['ID', _("Name"), _("Assets")]
line = header + '{0.comment:%s}' % (comment_length // 2) # comment中可能有中文 header_without_comment = format_with_zh(size_list, *fake_data)
header += "{0.comment:%s}" % comment_length comment_length = max(
self.client.send(title(header.format(fake_group, "ID"))) self.request.meta["width"] -
for index, group in enumerate(self.asset_groups, 1): size_of_str_with_zh(header_without_comment) - 1,
self.client.send(wr(line.format(group, index))) 2
self.client.send(wr(_("总共: {}").format(len(self.asset_groups)), before=1)) )
size_list.append(comment_length)
def display_group_assets(self, _id): fake_data.append(_("Comment"))
if _id > len(self.asset_groups) or _id <= 0:
self.client.send(title(format_with_zh(size_list, *fake_data)))
for index, group in enumerate(self.nodes, 1):
data = [index, group.name, group.assets_amount, group.comment]
self.client.send(wr(format_with_zh(size_list, *data)))
self.client.send(wr(_("总共: {}").format(len(self.nodes)), before=1))
def display_node_assets(self, _id):
if _id > len(self.nodes) or _id <= 0:
self.client.send(wr(warning("没有匹配分组,请重新输入"))) self.client.send(wr(warning("没有匹配分组,请重新输入")))
self.display_asset_groups() self.display_nodes()
return return
self.search_result = self.asset_groups[_id - 1].assets_granted self.search_result = self.nodes[_id - 1].assets_granted
self.display_search_result() self.display_search_result()
def display_search_result(self): def display_search_result(self):
self.search_result = sort_assets(self.search_result, self.app.config["ASSET_LIST_SORT_BY"]) sort_by = current_app.config["ASSET_LIST_SORT_BY"]
fake_asset = Asset(hostname=_("Hostname"), ip=_("IP"), _system_users_name_list=_("LoginAs"), self.search_result = sort_assets(self.search_result, sort_by)
comment=_("Comment")) fake_data = [_("ID"), _("Hostname"), _("IP"), _("LoginAs")]
id_max_length = max(len(str(len(self.search_result))), 3) id_length = max(len(str(len(self.search_result))), 4)
hostname_max_length = max(max([len(asset.hostname) for asset in self.search_result + [fake_asset]]), 15) hostname_length = item_max_length(self.search_result, 15,
sysuser_max_length = max([len(asset.system_users_name_list) for asset in self.search_result + [fake_asset]]) key=lambda x: x.hostname)
header = '{1:>%d} {0.hostname:%d} {0.ip:15} {0.system_users_name_list:%d} ' % \ sysuser_length = item_max_length(self.search_result,
(id_max_length, hostname_max_length, sysuser_max_length) key=lambda x: x.system_users_name_list)
comment_length = self.request.meta["width"] - len(header.format(fake_asset, id_max_length)) size_list = [id_length, hostname_length, 16, sysuser_length]
comment_length = max([comment_length, 2]) header_without_comment = format_with_zh(size_list, *fake_data)
line = header + '{0.comment:.%d}' % (comment_length // 2) # comment中可能有中文 comment_length = max(
header += '{0.comment:%s}' % comment_length self.request.meta["width"] -
self.client.send(wr(title(header.format(fake_asset, "ID")))) size_of_str_with_zh(header_without_comment) - 1,
2
)
size_list.append(comment_length)
fake_data.append(_("Comment"))
self.client.send(wr(title(format_with_zh(size_list, *fake_data))))
for index, asset in enumerate(self.search_result, 1): for index, asset in enumerate(self.search_result, 1):
self.client.send(wr(line.format(asset, index))) data = [
index, asset.hostname, asset.ip,
asset.system_users_name_list, asset.comment
]
self.client.send(wr(format_with_zh(size_list, *data)))
self.client.send(wr(_("总共: {} 匹配: {}").format( self.client.send(wr(_("总共: {} 匹配: {}").format(
len(self.assets), len(self.search_result)), before=1) len(self.assets), len(self.search_result)), before=1)
) )
...@@ -231,43 +190,44 @@ class InteractiveServer: ...@@ -231,43 +190,44 @@ class InteractiveServer:
self.search_assets(q) self.search_assets(q)
self.display_search_result() self.display_search_result()
def get_user_asset_groups(self): def get_user_nodes(self):
self.asset_groups = self.app.service.get_user_asset_groups(self.client.user) self.nodes = app_service.get_user_asset_groups(self.client.user)
def get_user_asset_groups_async(self): def get_user_nodes_async(self):
thread = threading.Thread(target=self.get_user_asset_groups) thread = threading.Thread(target=self.get_user_nodes)
thread.start() thread.start()
@staticmethod @staticmethod
def filter_system_users(assets): def filter_system_users(assets):
for asset in assets: for asset in assets:
system_users_granted = asset.system_users_granted system_users_granted = asset.system_users_granted
high_priority = max([s.priority for s in system_users_granted]) if system_users_granted else 1 high_priority = max([s.priority for s in system_users_granted]) \
system_users_cleaned = [s for s in system_users_granted if s.priority == high_priority] if system_users_granted else 1
system_users_cleaned = [s for s in system_users_granted
if s.priority == high_priority]
asset.system_users_granted = system_users_cleaned asset.system_users_granted = system_users_cleaned
return assets return assets
def get_user_assets(self): def get_user_assets(self):
self.assets = self.app.service.get_user_assets(self.client.user) self.assets = app_service.get_user_assets(self.client.user)
logger.debug("Get user {} assets total: {}".format(self.client.user, len(self.assets))) logger.debug("Get user {} assets total: {}".format(
self.client.user, len(self.assets))
)
def get_user_assets_async(self): def get_user_assets_async(self):
thread = threading.Thread(target=self.get_user_assets) thread = threading.Thread(target=self.get_user_assets)
thread.start() thread.start()
def choose_system_user(self, system_users): def choose_system_user(self, system_users):
# highest_priority = max([s.priority for s in system_users])
# system_users = [s for s in system_users if s == highest_priority]
if len(system_users) == 1: if len(system_users) == 1:
return system_users[0] return system_users[0]
elif len(system_users) == 0: elif len(system_users) == 0:
return None return None
while True: while True:
self.client.send(wr(_("选择一个登: "), after=1)) self.client.send(wr(_("选择一个登: "), after=1))
self.display_system_users(system_users) self.display_system_users(system_users)
opt = self.get_option("ID> ") opt = net_input(self.client, prompt="ID> ")
if opt.isdigit() and len(system_users) > int(opt): if opt.isdigit() and len(system_users) > int(opt):
return system_users[int(opt)] return system_users[int(opt)]
elif opt in ['q', 'Q']: elif opt in ['q', 'Q']:
...@@ -285,8 +245,11 @@ class InteractiveServer: ...@@ -285,8 +245,11 @@ class InteractiveServer:
self.search_assets(opt) self.search_assets(opt)
if self.search_result and len(self.search_result) == 1: if self.search_result and len(self.search_result) == 1:
asset = self.search_result[0] asset = self.search_result[0]
self.search_result = None
if asset.platform == "Windows": if asset.platform == "Windows":
self.client.send(warning(_("终端不支持登录windows, 请使用web terminal访问"))) self.client.send(warning(
_("终端不支持登录windows, 请使用web terminal访问"))
)
return return
self.proxy(asset) self.proxy(asset)
else: else:
...@@ -297,14 +260,14 @@ class InteractiveServer: ...@@ -297,14 +260,14 @@ class InteractiveServer:
if system_user is None: if system_user is None:
self.client.send(_("没有系统用户")) self.client.send(_("没有系统用户"))
return return
forwarder = ProxyServer(self.app, self.client) forwarder = ProxyServer(self.client)
forwarder.proxy(asset, system_user) forwarder.proxy(asset, system_user)
def interact(self): def interact(self):
self.display_banner() self.display_banner()
while True: while True:
try: try:
opt = self.get_option() opt = net_input(self.client, prompt='Opt> ', before=1)
rv = self.dispatch(opt) rv = self.dispatch(opt)
if rv is self._sentinel: if rv is self._sentinel:
break break
...@@ -318,7 +281,7 @@ class InteractiveServer: ...@@ -318,7 +281,7 @@ class InteractiveServer:
thread.start() thread.start()
def close(self): def close(self):
self.app.remove_client(self.client) current_app.remove_client(self.client)
# def __del__(self): # def __del__(self):
# print("GC: Interactive class been gc") # print("GC: Interactive class been gc")
coco/interface.py
View file @ 40ac8f51
...@@ -4,9 +4,9 @@ ...@@ -4,9 +4,9 @@
import paramiko import paramiko
import threading import threading
import weakref
from .utils import get_logger from .utils import get_logger
from .ctx import current_app, app_service
logger = get_logger(__file__) logger = get_logger(__file__)
...@@ -19,22 +19,13 @@ class SSHInterface(paramiko.ServerInterface): ...@@ -19,22 +19,13 @@ class SSHInterface(paramiko.ServerInterface):
https://github.com/paramiko/paramiko/blob/master/demos/demo_server.py https://github.com/paramiko/paramiko/blob/master/demos/demo_server.py
""" """
def __init__(self, app, request): def __init__(self, request):
self._app = weakref.ref(app) self.request = request
self._request = weakref.ref(request)
self.event = threading.Event() self.event = threading.Event()
self.auth_valid = False self.auth_valid = False
self.otp_auth = False self.otp_auth = False
self.info = None self.info = None
@property
def app(self):
return self._app()
@property
def request(self):
return self._request()
def check_auth_interactive(self, username, submethods): def check_auth_interactive(self, username, submethods):
logger.info("Check auth interactive: %s %s" % (username, submethods)) logger.info("Check auth interactive: %s %s" % (username, submethods))
instructions = 'Please enter 6 digits.' instructions = 'Please enter 6 digits.'
...@@ -55,7 +46,7 @@ class SSHInterface(paramiko.ServerInterface): ...@@ -55,7 +46,7 @@ class SSHInterface(paramiko.ServerInterface):
if not seed: if not seed:
return paramiko.AUTH_FAILED return paramiko.AUTH_FAILED
is_valid = self.app.service.authenticate_otp(seed, otp_code) is_valid = app_service.authenticate_otp(seed, otp_code)
if is_valid: if is_valid:
return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED return paramiko.AUTH_FAILED
...@@ -67,9 +58,9 @@ class SSHInterface(paramiko.ServerInterface): ...@@ -67,9 +58,9 @@ class SSHInterface(paramiko.ServerInterface):
supported = [] supported = []
if self.otp_auth: if self.otp_auth:
return 'keyboard-interactive' return 'keyboard-interactive'
if self.app.config["PASSWORD_AUTH"]: if current_app.config["PASSWORD_AUTH"]:
supported.append("password") supported.append("password")
if self.app.config["PUBLIC_KEY_AUTH"]: if current_app.config["PUBLIC_KEY_AUTH"]:
supported.append("publickey") supported.append("publickey")
return ",".join(supported) return ",".join(supported)
...@@ -100,7 +91,7 @@ class SSHInterface(paramiko.ServerInterface): ...@@ -100,7 +91,7 @@ class SSHInterface(paramiko.ServerInterface):
return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_SUCCESSFUL
def validate_auth(self, username, password="", public_key=""): def validate_auth(self, username, password="", public_key=""):
info = self.app.service.authenticate( info = app_service.authenticate(
username, password=password, public_key=public_key, username, password=password, public_key=public_key,
remote_addr=self.request.remote_ip remote_addr=self.request.remote_ip
) )
......
coco/logger.py
View file @ 40ac8f51
...@@ -49,6 +49,8 @@ def create_logger(app): ...@@ -49,6 +49,8 @@ def create_logger(app):
'coco': main_setting, 'coco': main_setting,
'paramiko': main_setting, 'paramiko': main_setting,
'jms': main_setting, 'jms': main_setting,
'socket.io': main_setting,
'engineio': main_setting,
} }
) )
......
coco/models.py
View file @ 40ac8f51
...@@ -94,8 +94,9 @@ class Server: ...@@ -94,8 +94,9 @@ class Server:
""" """
# Todo: Server name is not very suitable # Todo: Server name is not very suitable
def __init__(self, chan, asset, system_user): def __init__(self, chan, sock, asset, system_user):
self.chan = chan self.chan = chan
self.sock = sock
self.asset = asset self.asset = asset
self.system_user = system_user self.system_user = system_user
self.send_bytes = 0 self.send_bytes = 0
...@@ -168,6 +169,8 @@ class Server: ...@@ -168,6 +169,8 @@ class Server:
self.stop_evt.set() self.stop_evt.set()
self.chan.close() self.chan.close()
self.chan.transport.close() self.chan.transport.close()
if self.sock:
self.sock.transport.close()
@staticmethod @staticmethod
def _have_enter_char(s): def _have_enter_char(s):
...@@ -218,7 +221,7 @@ class WSProxy: ...@@ -218,7 +221,7 @@ class WSProxy:
``` ```
""" """
def __init__(self, ws, child, room, connection): def __init__(self, ws, child, room_id):
""" """
:param ws: websocket instance or handler, have write_message method :param ws: websocket instance or handler, have write_message method
:param child: sock child pair :param child: sock child pair
...@@ -226,9 +229,8 @@ class WSProxy: ...@@ -226,9 +229,8 @@ class WSProxy:
self.ws = ws self.ws = ws
self.child = child self.child = child
self.stop_event = threading.Event() self.stop_event = threading.Event()
self.room = room self.room_id = room_id
self.auto_forward() self.auto_forward()
self.connection = connection
def send(self, msg): def send(self, msg):
""" """
...@@ -247,12 +249,15 @@ class WSProxy: ...@@ -247,12 +249,15 @@ class WSProxy:
while not self.stop_event.is_set(): while not self.stop_event.is_set():
try: try:
data = self.child.recv(BUF_SIZE) data = self.child.recv(BUF_SIZE)
except OSError: except (OSError, EOFError):
continue
if len(data) == 0:
self.close() self.close()
break
if not data:
self.close()
break
data = data.decode(errors="ignore") data = data.decode(errors="ignore")
self.ws.emit("data", {'data': data, 'room': self.connection}, room=self.room) self.ws.emit("data", {'data': data, 'room': self.room_id},
room=self.room_id)
if len(data) == BUF_SIZE: if len(data) == BUF_SIZE:
time.sleep(0.1) time.sleep(0.1)
...@@ -262,11 +267,12 @@ class WSProxy: ...@@ -262,11 +267,12 @@ class WSProxy:
thread.start() thread.start()
def close(self): def close(self):
self.ws.emit("logout", {"room": self.room_id}, room=self.room_id)
self.stop_event.set() self.stop_event.set()
self.child.close() try:
self.ws.logout(self.connection) self.child.shutdown(1)
self.child.close()
except (OSError, EOFError):
pass
logger.debug("Proxy {} closed".format(self)) logger.debug("Proxy {} closed".format(self))
coco/proxy.py
View file @ 40ac8f51
...@@ -4,15 +4,15 @@ ...@@ -4,15 +4,15 @@
import threading import threading
import time import time
import weakref
from paramiko.ssh_exception import SSHException from paramiko.ssh_exception import SSHException
from .session import Session from .session import Session
from .models import Server from .models import Server
from .connection import SSHConnection from .connection import SSHConnection
from .ctx import current_app, app_service
from .utils import wrap_with_line_feed as wr, wrap_with_warning as warning, \ from .utils import wrap_with_line_feed as wr, wrap_with_warning as warning, \
get_logger get_logger, net_input
logger = get_logger(__file__) logger = get_logger(__file__)
...@@ -21,42 +21,51 @@ BUF_SIZE = 4096 ...@@ -21,42 +21,51 @@ BUF_SIZE = 4096
class ProxyServer: class ProxyServer:
def __init__(self, app, client): def __init__(self, client):
self._app = weakref.ref(app)
self.client = client self.client = client
self.server = None self.server = None
self.connecting = True self.connecting = True
self.stop_event = threading.Event() self.stop_event = threading.Event()
@property def get_system_user_auth(self, system_user):
def app(self): """
return self._app() 获取系统用户的认证信息,密码或秘钥
:return: system user have full info
"""
password, private_key = \
app_service.get_system_user_auth_info(system_user)
if not password and not private_key:
prompt = "{}'s password: ".format(system_user.username)
password = net_input(self.client, prompt=prompt, sensitive=True)
system_user.password = password
system_user.private_key = private_key
def proxy(self, asset, system_user): def proxy(self, asset, system_user):
self.get_system_user_auth(system_user)
self.send_connecting_message(asset, system_user) self.send_connecting_message(asset, system_user)
self.server = self.get_server_conn(asset, system_user) self.server = self.get_server_conn(asset, system_user)
if self.server is None: if self.server is None:
return return
command_recorder = self.app.new_command_recorder() command_recorder = current_app.new_command_recorder()
replay_recorder = self.app.new_replay_recorder() replay_recorder = current_app.new_replay_recorder()
session = Session( session = Session(
self.client, self.server, self.client, self.server,
command_recorder=command_recorder, command_recorder=command_recorder,
replay_recorder=replay_recorder, replay_recorder=replay_recorder,
) )
self.app.add_session(session) current_app.add_session(session)
self.watch_win_size_change_async() self.watch_win_size_change_async()
session.bridge() session.bridge()
self.stop_event.set() self.stop_event.set()
self.end_watch_win_size_change() self.end_watch_win_size_change()
self.app.remove_session(session) current_app.remove_session(session)
def validate_permission(self, asset, system_user): def validate_permission(self, asset, system_user):
""" """
验证用户是否有连接改资产的权限 验证用户是否有连接改资产的权限
:return: True or False :return: True or False
""" """
return self.app.service.validate_user_asset_permission( return app_service.validate_user_asset_permission(
self.client.user.id, asset.id, system_user.id self.client.user.id, asset.id, system_user.id
) )
...@@ -76,18 +85,19 @@ class ProxyServer: ...@@ -76,18 +85,19 @@ class ProxyServer:
pass pass
def get_ssh_server_conn(self, asset, system_user): def get_ssh_server_conn(self, asset, system_user):
ssh = SSHConnection(self.app)
request = self.client.request request = self.client.request
term = request.meta.get('term', 'xterm') term = request.meta.get('term', 'xterm')
width = request.meta.get('width', 80) width = request.meta.get('width', 80)
height = request.meta.get('height', 24) height = request.meta.get('height', 24)
chan, msg = ssh.get_channel(asset, system_user, term=term, ssh = SSHConnection()
width=width, height=height) chan, sock, msg = ssh.get_channel(
asset, system_user, term=term, width=width, height=height
)
if not chan: if not chan:
self.client.send(warning(wr(msg, before=1, after=0))) self.client.send(warning(wr(msg, before=1, after=0)))
server = None server = None
else: else:
server = Server(chan, asset, system_user) server = Server(chan, sock, asset, system_user)
self.connecting = False self.connecting = False
self.client.send(b'\r\n') self.client.send(b'\r\n')
return server return server
...@@ -116,9 +126,11 @@ class ProxyServer: ...@@ -116,9 +126,11 @@ class ProxyServer:
def send_connecting_message(self, asset, system_user): def send_connecting_message(self, asset, system_user):
def func(): def func():
delay = 0.0 delay = 0.0
self.client.send('Connecting to {}@{} {:.1f}'.format(system_user, asset, delay)) self.client.send('Connecting to {}@{} {:.1f}'.format(
system_user, asset, delay)
)
while self.connecting and delay < TIMEOUT: while self.connecting and delay < TIMEOUT:
self.client.send('\x08\x08\x08{:.1f}'.format(delay).encode('utf-8')) self.client.send('\x08\x08\x08{:.1f}'.format(delay).encode())
time.sleep(0.1) time.sleep(0.1)
delay += 0.1 delay += 0.1
thread = threading.Thread(target=func) thread = threading.Thread(target=func)
......
coco/recorder.py
View file @ 40ac8f51
...@@ -8,94 +8,27 @@ import time ...@@ -8,94 +8,27 @@ import time
import os import os
import gzip import gzip
import json import json
import shutil from copy import deepcopy
import jms_storage import jms_storage
from .utils import get_logger from .utils import get_logger, Singleton
from .alignment import MemoryQueue from .alignment import MemoryQueue
from .ctx import current_app, app_service
logger = get_logger(__file__) logger = get_logger(__file__)
BUF_SIZE = 1024 BUF_SIZE = 1024
class Singleton(type):
def __init__(cls, *args, **kwargs):
cls.__instance = None
super().__init__(*args, **kwargs)
def __call__(cls, *args, **kwargs):
if cls.__instance is None:
cls.__instance = super().__call__(*args, **kwargs)
return cls.__instance
else:
return cls.__instance
class ReplayRecorder(metaclass=abc.ABCMeta): class ReplayRecorder(metaclass=abc.ABCMeta):
def __init__(self, app, session=None):
self.app = app
self.session = session
@abc.abstractmethod
def record(self, data):
"""
记录replay数据
:param data: 数据 {
"session": "",
"data": "",
"timestamp": ""
}
:return:
"""
@abc.abstractmethod
def session_start(self, session_id):
print("Session start: {}".format(session_id))
pass
@abc.abstractmethod
def session_end(self, session_id):
print("Session end: {}".format(session_id))
pass
class CommandRecorder:
def __init__(self, app, session=None):
self.app = app
self.session = session
def record(self, data):
"""
:param data: 数据 {
"session":
"input":
"output":
"user":
"asset":
"system_user":
"timestamp":
}
:return:
"""
def session_start(self, session_id):
print("Session start: {}".format(session_id))
pass
def session_end(self, session_id):
print("Session end: {}".format(session_id))
pass
class ServerReplayRecorder(ReplayRecorder):
time_start = None time_start = None
storage = None storage = None
def __init__(self, app): def __init__(self):
super().__init__(app) super().__init__()
self.file = None self.file = None
self.file_path = None self.file_path = None
self.get_storage()
def record(self, data): def record(self, data):
""" """
...@@ -114,78 +47,76 @@ class ServerReplayRecorder(ReplayRecorder): ...@@ -114,78 +47,76 @@ class ServerReplayRecorder(ReplayRecorder):
def session_start(self, session_id): def session_start(self, session_id):
self.time_start = time.time() self.time_start = time.time()
filename = session_id+'.replay.gz' filename = session_id + '.replay.gz'
self.file_path = os.path.join(self.app.config['LOG_DIR'], filename) self.file_path = os.path.join(current_app.config['LOG_DIR'], filename)
self.file = gzip.open(self.file_path, 'at') self.file = gzip.open(self.file_path, 'at')
self.file.write('{') self.file.write('{')
def session_end(self, session_id): def session_end(self, session_id):
self.file.write('"0":""}') self.file.write('"0":""}')
self.file.close() self.file.close()
if self.upload_replay(session_id): self.upload_replay(session_id)
logger.info("Succeed to push {}'s {}".format(session_id, "record"))
else:
logger.error("Failed to push {}'s {}".format(session_id, "record"))
def upload_replay(self, session_id): def get_storage(self):
configs = self.app.service.load_config_from_server() config = deepcopy(current_app.config["REPLAY_STORAGE"])
logger.debug("upload_replay print config: {}".format(configs)) config["SERVICE"] = app_service
self.storage = jms_storage.init(configs["REPLAY_STORAGE"]) self.storage = jms_storage.get_object_storage(config)
if not self.storage:
self.storage = jms_storage.jms(self.app.service) def upload_replay(self, session_id, times=3):
if self.push_file(3, session_id): if times < 1:
if self.storage.type == 'jms':
return False
else:
self.storage = jms_storage.JMSReplayStorage(app_service)
self.upload_replay(session_id, times=3)
ok, msg = self.push_to_storage(session_id)
if not ok:
msg = 'Failed push replay file: {}, try again {}'.format(msg, times)
logger.warn(msg)
self.upload_replay(session_id, times-1)
else:
msg = 'Success push replay file: {}'.format(session_id)
logger.info(msg)
self.finish_replay(3, session_id)
os.unlink(self.file_path) os.unlink(self.file_path)
return True return True
else:
return False
def push_to_storage(self, session_id): def push_to_storage(self, session_id):
dt = time.strftime('%Y-%m-%d', time.localtime(self.time_start)) dt = time.strftime('%Y-%m-%d', time.localtime(self.time_start))
target = dt + '/' + session_id + '.replay.gz' target = dt + '/' + session_id + '.replay.gz'
return self.storage.upload_file(self.file_path, target) return self.storage.upload(self.file_path, target)
def push_file(self, times, session_id):
if times < 0:
if self.storage.type() == 'jms':
return False
else:
msg = "Failed push session {}'s replay log to storage".format(session_id)
logger.error(msg)
self.storage = jms_storage.jms(self.app.service)
return self.push_file(3, session_id)
if self.push_to_storage(session_id):
logger.info("Success push session: {}'s replay log to storage ".format(session_id))
return True
else:
msg = "Failed push session {}'s replay log to storage, try {} times".format(session_id, times)
logger.error(msg)
return self.push_file(times - 1, session_id)
def finish_replay(self, times, session_id): def finish_replay(self, times, session_id):
if times < 0: if times < 1:
logger.error("Failed finished session {}'s replay".format(session_id)) logger.error(
"Failed finished session {}'s replay".format(session_id)
)
return False return False
if self.app.service.finish_replay(session_id): if app_service.finish_replay(session_id):
logger.info("Success finish session {}'s replay ".format(session_id)) logger.info(
"Success finish session {}'s replay ".format(session_id)
)
return True return True
else: else:
logger.error("Failed finish session {}'s replay, try {} times".format(session_id, times)) msg = "Failed finish session {}'s replay, try {} times"
logger.error(msg.format(session_id, times))
return self.finish_replay(times - 1, session_id) return self.finish_replay(times - 1, session_id)
class ServerCommandRecorder(CommandRecorder, metaclass=Singleton): class CommandRecorder(metaclass=Singleton):
batch_size = 10 batch_size = 10
timeout = 5 timeout = 5
no = 0 no = 0
storage = None
def __init__(self, app): def __init__(self):
super().__init__(app) super().__init__()
self.queue = MemoryQueue() self.queue = MemoryQueue()
self.stop_evt = threading.Event() self.stop_evt = threading.Event()
self.push_to_server_async() self.push_to_server_async()
self.__class__.no += 1 self.get_storage()
def record(self, data): def record(self, data):
if data and data['input']: if data and data['input']:
...@@ -194,70 +125,22 @@ class ServerCommandRecorder(CommandRecorder, metaclass=Singleton): ...@@ -194,70 +125,22 @@ class ServerCommandRecorder(CommandRecorder, metaclass=Singleton):
data['timestamp'] = int(data['timestamp']) data['timestamp'] = int(data['timestamp'])
self.queue.put(data) self.queue.put(data)
def get_storage(self):
config = deepcopy(current_app.config["COMMAND_STORAGE"])
config['SERVICE'] = app_service
self.storage = jms_storage.get_log_storage(config)
def push_to_server_async(self): def push_to_server_async(self):
def func(): def func():
while not self.stop_evt.is_set(): while not self.stop_evt.is_set():
data_set = self.queue.mget(self.batch_size, timeout=self.timeout) data_set = self.queue.mget(self.batch_size, timeout=self.timeout)
logger.debug("<Session command recorder {}> queue size: {}".format( size = self.queue.qsize()
self.no, self.queue.qsize()) if size > 0:
) logger.debug("Session command remain push: {}".format(size))
if not data_set: if not data_set:
continue continue
logger.debug("Send {} commands to server".format(len(data_set))) logger.debug("Send {} commands to server".format(len(data_set)))
ok = self.app.service.push_session_command(data_set) ok = self.storage.bulk_save(data_set)
if not ok:
self.queue.mput(data_set)
thread = threading.Thread(target=func)
thread.daemon = True
thread.start()
def session_start(self, session_id):
pass
def session_end(self, session_id):
pass
# def __del__(self):
# print("GC: Session command storage has been gc")
class ESCommandRecorder(CommandRecorder, metaclass=Singleton):
batch_size = 10
timeout = 5
no = 0
default_hosts = ["http://localhost"]
def __init__(self, app):
super().__init__(app)
self.queue = MemoryQueue()
self.stop_evt = threading.Event()
self.push_to_es_async()
self.__class__.no += 1
self.store = jms_storage.ESStore(app.config["COMMAND_STORAGE"].get("HOSTS", self.default_hosts))
if not self.store.ping():
raise AssertionError("ESCommand storage init error")
def record(self, data):
if data and data['input']:
data['input'] = data['input'][:128]
data['output'] = data['output'][:1024]
data['timestamp'] = int(data['timestamp'])
self.queue.put(data)
def push_to_es_async(self):
def func():
while not self.stop_evt.is_set():
data_set = self.queue.mget(self.batch_size,
timeout=self.timeout)
logger.debug(
"<Session command recorder {}> queue size: {}".format(
self.no, self.queue.qsize())
)
if not data_set:
continue
logger.debug("Send {} commands to server".format(len(data_set)))
ok = self.store.bulk_save(data_set)
if not ok: if not ok:
self.queue.mput(data_set) self.queue.mput(data_set)
...@@ -266,25 +149,9 @@ class ESCommandRecorder(CommandRecorder, metaclass=Singleton): ...@@ -266,25 +149,9 @@ class ESCommandRecorder(CommandRecorder, metaclass=Singleton):
thread.start() thread.start()
def session_start(self, session_id): def session_start(self, session_id):
print("Session start: {}".format(session_id))
pass pass
def session_end(self, session_id): def session_end(self, session_id):
print("Session end: {}".format(session_id))
pass pass
# def __del__(self):
# print("GC: ES command storage has been gc".format(self))
def get_command_recorder_class(config):
command_storage = config["COMMAND_STORAGE"]
storage_type = command_storage.get('TYPE')
if storage_type == "elasticsearch":
return ESCommandRecorder
else:
return ServerCommandRecorder
#
# def get_replay_recorder_class(config):
# ServerReplayRecorder.client = jms_storage.init(config["REPLAY_STORAGE"])
# return ServerReplayRecorder
coco/session.py
View file @ 40ac8f51
...@@ -40,7 +40,7 @@ class Session: ...@@ -40,7 +40,7 @@ class Session:
""" """
logger.info("Session add watcher: {} -> {} ".format(self.id, watcher)) logger.info("Session add watcher: {} -> {} ".format(self.id, watcher))
if not silent: if not silent:
watcher.send("Welcome to watch session {}\r\n".format(self.id).encode("utf-8")) watcher.send("Welcome to watch session {}\r\n".format(self.id).encode())
self.sel.register(watcher, selectors.EVENT_READ) self.sel.register(watcher, selectors.EVENT_READ)
self._watchers.append(watcher) self._watchers.append(watcher)
......
coco/sftp.py
View file @ 40ac8f51
...@@ -2,6 +2,7 @@ import os ...@@ -2,6 +2,7 @@ import os
import tempfile import tempfile
import paramiko import paramiko
import time import time
from .ctx import app_service
from datetime import datetime from datetime import datetime
from .connection import SSHConnection from .connection import SSHConnection
...@@ -16,6 +17,17 @@ class SFTPServer(paramiko.SFTPServerInterface): ...@@ -16,6 +17,17 @@ class SFTPServer(paramiko.SFTPServerInterface):
self._sftp = {} self._sftp = {}
self.hosts = self.get_perm_hosts() self.hosts = self.get_perm_hosts()
def session_ended(self):
super().session_ended()
for _, v in self._sftp.items():
sftp = v['sftp']
sock = v.get('sock')
sftp.close()
if sock:
sock.close()
sock.transport.close()
self._sftp = {}
def get_host_sftp(self, host, su): def get_host_sftp(self, host, su):
asset = self.hosts.get(host) asset = self.hosts.get(host)
system_user = None system_user = None
...@@ -28,18 +40,18 @@ class SFTPServer(paramiko.SFTPServerInterface): ...@@ -28,18 +40,18 @@ class SFTPServer(paramiko.SFTPServerInterface):
raise OSError("No asset or system user explicit") raise OSError("No asset or system user explicit")
if host not in self._sftp: if host not in self._sftp:
ssh = SSHConnection(self.server.app) ssh = SSHConnection()
sftp, msg = ssh.get_sftp(asset, system_user) sftp, sock, msg = ssh.get_sftp(asset, system_user)
if sftp: if sftp:
self._sftp[host] = sftp self._sftp[host] = {'sftp': sftp, 'sock': sock}
return sftp return sftp
else: else:
raise OSError("Can not connect asset sftp server") raise OSError("Can not connect asset sftp server: {}".format(msg))
else: else:
return self._sftp[host] return self._sftp[host]['sftp']
def get_perm_hosts(self): def get_perm_hosts(self):
assets = self.server.app.service.get_user_assets( assets = app_service.get_user_assets(
self.server.request.user self.server.request.user
) )
return {asset.hostname: asset for asset in assets} return {asset.hostname: asset for asset in assets}
...@@ -89,7 +101,7 @@ class SFTPServer(paramiko.SFTPServerInterface): ...@@ -89,7 +101,7 @@ class SFTPServer(paramiko.SFTPServerInterface):
"is_success": is_success, "is_success": is_success,
} }
for i in range(1, 4): for i in range(1, 4):
ok = self.server.app.service.create_ftp_log(data) ok = app_service.create_ftp_log(data)
if ok: if ok:
break break
else: else:
......
coco/sshd.py
View file @ 40ac8f51
...@@ -12,6 +12,7 @@ from .interface import SSHInterface ...@@ -12,6 +12,7 @@ from .interface import SSHInterface
from .interactive import InteractiveServer from .interactive import InteractiveServer
from .models import Client, Request from .models import Client, Request
from .sftp import SFTPServer from .sftp import SFTPServer
from .ctx import current_app
logger = get_logger(__file__) logger = get_logger(__file__)
BACKLOG = 5 BACKLOG = 5
...@@ -19,38 +20,41 @@ BACKLOG = 5 ...@@ -19,38 +20,41 @@ BACKLOG = 5
class SSHServer: class SSHServer:
def __init__(self, app): def __init__(self):
self.app = app
self.stop_evt = threading.Event() self.stop_evt = threading.Event()
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.workers = []
self.host_key_path = os.path.join(self.app.root_path, 'keys', 'host_rsa_key') self.pipe = None
@property @property
def host_key(self): def host_key(self):
if not os.path.isfile(self.host_key_path): host_key_path = os.path.join(current_app.root_path, 'keys', 'host_rsa_key')
self.gen_host_key() if not os.path.isfile(host_key_path):
return paramiko.RSAKey(filename=self.host_key_path) self.gen_host_key(host_key_path)
return paramiko.RSAKey(filename=host_key_path)
def gen_host_key(self): @staticmethod
def gen_host_key(key_path):
ssh_key, _ = ssh_key_gen() ssh_key, _ = ssh_key_gen()
with open(self.host_key_path, 'w') as f: with open(key_path, 'w') as f:
f.write(ssh_key) f.write(ssh_key)
def run(self): def run(self):
host = self.app.config["BIND_HOST"] host = current_app.config["BIND_HOST"]
port = self.app.config["SSHD_PORT"] port = current_app.config["SSHD_PORT"]
print('Starting ssh server at {}:{}'.format(host, port)) print('Starting ssh server at {}:{}'.format(host, port))
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.bind((host, port)) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.sock.listen(BACKLOG) sock.bind((host, port))
sock.listen(BACKLOG)
while not self.stop_evt.is_set(): while not self.stop_evt.is_set():
try: try:
sock, addr = self.sock.accept() client, addr = sock.accept()
logger.info("Get ssh request from {}: {}".format(addr[0], addr[1])) logger.info("Get ssh request from {}: {}".format(*addr))
thread = threading.Thread(target=self.handle_connection, args=(sock, addr)) thread = threading.Thread(target=self.handle_connection,
args=(client, addr))
thread.daemon = True thread.daemon = True
thread.start() thread.start()
except Exception as e: except IndexError as e:
logger.error("Start SSH server error: {}".format(e)) logger.error("Start SSH server error: {}".format(e))
def handle_connection(self, sock, addr): def handle_connection(self, sock, addr):
...@@ -65,7 +69,7 @@ class SSHServer: ...@@ -65,7 +69,7 @@ class SSHServer:
'sftp', paramiko.SFTPServer, SFTPServer 'sftp', paramiko.SFTPServer, SFTPServer
) )
request = Request(addr) request = Request(addr)
server = SSHInterface(self.app, request) server = SSHInterface(request)
try: try:
transport.start_server(server=server) transport.start_server(server=server)
except paramiko.SSHException: except paramiko.SSHException:
...@@ -96,7 +100,7 @@ class SSHServer: ...@@ -96,7 +100,7 @@ class SSHServer:
def handle_chan(self, chan, request): def handle_chan(self, chan, request):
client = Client(chan, request) client = Client(chan, request)
self.app.add_client(client) current_app.add_client(client)
self.dispatch(client) self.dispatch(client)
def dispatch(self, client): def dispatch(self, client):
...@@ -104,7 +108,7 @@ class SSHServer: ...@@ -104,7 +108,7 @@ class SSHServer:
request_type = set(client.request.type) request_type = set(client.request.type)
if supported & request_type: if supported & request_type:
logger.info("Request type `pty`, dispatch to interactive mode") logger.info("Request type `pty`, dispatch to interactive mode")
InteractiveServer(self.app, client).interact() InteractiveServer(client).interact()
elif 'subsystem' in request_type: elif 'subsystem' in request_type:
pass pass
else: else:
......
coco/tasks.py
View file @ 40ac8f51
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
import weakref
from .ctx import current_app, app_service
from .utils import get_logger from .utils import get_logger
logger = get_logger(__file__) logger = get_logger(__file__)
class TaskHandler: class TaskHandler:
def __init__(self):
self.routes = {
'kill_session': self.handle_kill_session
}
def __init__(self, app): @staticmethod
self._app = weakref.ref(app) def handle_kill_session(task):
@property
def app(self):
return self._app()
def handle_kill_session(self, task):
logger.info("Handle kill session task: {}".format(task.args)) logger.info("Handle kill session task: {}".format(task.args))
session_id = task.args session_id = task.args
session = None session = None
for s in self.app.sessions: for s in current_app.sessions:
if s.id == session_id: if s.id == session_id:
session = s session = s
break break
if session: if session:
session.terminate() session.terminate()
self.app.service.finish_task(task.id) app_service.finish_task(task.id)
def handle(self, task): def handle(self, task):
if task.name == "kill_session": func = self.routes.get(task.name)
self.handle_kill_session(task) return func(task)
else:
logger.error("No handler for this task: {}".format(task.name))
coco/utils.py
View file @ 40ac8f51
...@@ -4,30 +4,35 @@ ...@@ -4,30 +4,35 @@
from __future__ import unicode_literals from __future__ import unicode_literals
import hashlib
import logging import logging
import re import re
import os import os
import threading
import base64
import calendar
import time
import datetime
import gettext import gettext
from io import StringIO from io import StringIO
from binascii import hexlify from binascii import hexlify
import paramiko import paramiko
import pyte import pyte
import pytz
from email.utils import formatdate
from queue import Queue, Empty
from .exception import NoAppException from . import char
from .ctx import stack
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
class Singleton(type):
def __init__(cls, *args, **kwargs):
cls.__instance = None
super().__init__(*args, **kwargs)
def __call__(cls, *args, **kwargs):
if cls.__instance is None:
cls.__instance = super().__call__(*args, **kwargs)
return cls.__instance
else:
return cls.__instance
def ssh_key_string_to_obj(text, password=None): def ssh_key_string_to_obj(text, password=None):
key = None key = None
try: try:
...@@ -289,17 +294,130 @@ def get_logger(file_name): ...@@ -289,17 +294,130 @@ def get_logger(file_name):
return logging.getLogger('coco.'+file_name) return logging.getLogger('coco.'+file_name)
zh_pattern = re.compile(u'[\u4e00-\u9fa5]+') def net_input(client, prompt='Opt> ', sensitive=False, before=0, after=0):
"""实现了一个ssh input, 提示用户输入, 获取并返回
:return user input string
def len_display(s): """
length = 0 input_data = []
for i in s: parser = TtyIOParser()
if zh_pattern.match(i): client.send(wrap_with_line_feed(prompt, before=before, after=after))
length += 2
while True:
data = client.recv(10)
if len(data) == 0:
break
# Client input backspace
if data in char.BACKSPACE_CHAR:
# If input words less than 0, should send 'BELL'
if len(input_data) > 0:
data = char.BACKSPACE_CHAR[data]
input_data.pop()
else:
data = char.BELL_CHAR
client.send(data)
continue
if data.startswith(b'\x03'):
# Ctrl-C
client.send('^C\r\n{} '.format(prompt).encode())
input_data = []
continue
elif data.startswith(b'\x04'):
# Ctrl-D
return 'q'
# Todo: Move x1b to char
if data.startswith(b'\x1b') or data in char.UNSUPPORTED_CHAR:
client.send(b'')
continue
# handle shell expect
multi_char_with_enter = False
if len(data) > 1 and data[-1] in char.ENTER_CHAR_ORDER:
if sensitive:
client.send(len(data) * '*')
else:
client.send(data)
input_data.append(data[:-1])
multi_char_with_enter = True
# If user type ENTER we should get user input
if data in char.ENTER_CHAR or multi_char_with_enter:
client.send(wrap_with_line_feed(b'', after=2))
option = parser.parse_input(input_data)
del input_data[:]
return option.strip()
else: else:
length += 1 if sensitive:
client.send(len(data) * '*')
else:
client.send(data)
input_data.append(data)
def register_app(app):
stack['app'] = app
def register_service(service):
stack['service'] = service
zh_pattern = re.compile(r'[\u4e00-\u9fa5]')
def find_chinese(s):
return zh_pattern.findall(s)
def align_with_zh(s, length, addin=' '):
if not isinstance(s, str):
s = str(s)
zh_len = len(find_chinese(s))
padding = length - (len(s) - zh_len) - zh_len*2
padding_content = ''
if padding > 0:
padding_content = addin*padding
return s + padding_content
def format_with_zh(size_list, *args):
data = []
for length, s in zip(size_list, args):
data.append(align_with_zh(s, length))
return ' '.join(data)
def size_of_str_with_zh(s):
if isinstance(s, int):
s = str(s)
try:
chinese = find_chinese(s)
except TypeError:
raise
return len(s) + len(chinese)
def item_max_length(_iter, maxi=None, mini=None, key=None):
if key:
_iter = [key(i) for i in _iter]
length = [size_of_str_with_zh(s) for s in _iter]
if not length:
return 1
if maxi:
length.append(maxi)
length = max(length)
if mini and length < mini:
length = mini
return length return length
def int_length(i):
return len(str(i))
ugettext = _gettext() ugettext = _gettext()
requirements/requirements.txt
View file @ 40ac8f51
...@@ -12,15 +12,14 @@ cryptography==2.1.4 ...@@ -12,15 +12,14 @@ cryptography==2.1.4
docutils==0.14 docutils==0.14
dotmap==1.2.20 dotmap==1.2.20
elasticsearch==6.1.1 elasticsearch==6.1.1
Flask==0.12.2 Flask==1.0.2
Flask-SocketIO==2.9.2 Flask-SocketIO==2.9.2
idna==2.6 idna==2.6
itsdangerous==0.24 itsdangerous==0.24
Jinja2==2.10 Jinja2==2.10
jmespath==0.9.3 jmespath==0.9.3
jms-es-sdk==0.5.2 jms-storage==0.0.17
jms-storage==0.0.12 jumpserver-python-sdk==0.0.42
jumpserver-python-sdk==0.0.41
MarkupSafe==1.0 MarkupSafe==1.0
oss2==2.4.0 oss2==2.4.0
paramiko==2.4.0 paramiko==2.4.0
...@@ -28,9 +27,9 @@ psutil==5.4.1 ...@@ -28,9 +27,9 @@ psutil==5.4.1
pyasn1==0.4.2 pyasn1==0.4.2
pycparser==2.18 pycparser==2.18
PyNaCl==1.2.1 PyNaCl==1.2.1
pyte==0.7.0 pyte==0.8.0
python-dateutil==2.6.1 python-dateutil==2.6.1
python-engineio==2.0.1 python-engineio==2.1.0
python-gssapi==0.6.4 python-gssapi==0.6.4
python-socketio==1.8.3 python-socketio==1.8.3
pytz==2017.3 pytz==2017.3
...@@ -41,4 +40,5 @@ six==1.11.0 ...@@ -41,4 +40,5 @@ six==1.11.0
tornado==4.5.2 tornado==4.5.2
urllib3==1.22 urllib3==1.22
wcwidth==0.1.7 wcwidth==0.1.7
Werkzeug==0.12.2 Werkzeug==0.14.1
eventlet==0.22
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment