Merge pull request #253 from jumpserver/dev

Dev

Merge pull request #253 from jumpserver/dev
Dev
47fc4b67 · 老广 · GitHub · 97d80e61 · 82c5de1c · 47fc4b67
Unverified Commit 47fc4b67 authored Jul 25, 2019 by 老广 Committed by GitHub Jul 25, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 22 deletions

connection.py coco/connection.py +6 -2

const.py coco/const.py +6 -0

proxy.py coco/proxy.py +9 -6

sftp.py coco/sftp.py +20 -14

sshd.py coco/sshd.py +1 -0

No files found.
--- a/coco/connection.py
+++ b/coco/connection.py
@@ -4,6 +4,8 @@
 import re
 import socket
 import telnetlib
+from .const import MANUAL_LOGIN
+

 try:
    import selectors
@@ -87,6 +89,8 @@ class SSHConnection:
        获取系统用户的认证信息，密码或秘钥
        :return: system user have full info
        """
+        if self.system_user.login_mode == MANUAL_LOGIN:
+            return
        password, private_key = \
            app_service.get_system_user_auth_info(self.system_user, self.asset)
        self.system_user.password = password
@@ -127,7 +131,7 @@ class SSHConnection:
                    look_for_keys=False, sock=sock, allow_agent=False,
                )
            transport = ssh.get_transport()
-            transport.set_keepalive(20)
+            transport.set_keepalive(60)
            self.transport = transport
        except Exception as e:
            password_short = "None"
@@ -227,7 +231,7 @@ class SSHConnection:
                continue
            try:
                transport = ssh.get_transport()
-                transport.set_keepalive(20)
+                transport.set_keepalive(60)
                sock = transport.open_channel(
                    'direct-tcpip', (asset.ip, asset.ssh_port), ('127.0.0.1', 0)
                )

--- a/coco/const.py
+++ b/coco/const.py
@@ -8,3 +8,9 @@ PERMS_ACTION_NAME_ALL = 'all'
 PERMS_ACTION_NAME_CONNECT = 'connect'
 PERMS_ACTION_NAME_UPLOAD_FILE = 'upload_file'
 PERMS_ACTION_NAME_DOWNLOAD_FILE = 'download_file'
+
+#
+# System User login mode choices
+#
+MANUAL_LOGIN = 'manual'
+AUTO_LOGIN = 'auto'
--- a/coco/proxy.py
+++ b/coco/proxy.py
@@ -4,28 +4,31 @@

 import threading
 import time
+import copy

 from .session import Session
 from .models import Server, TelnetServer
-from .const import PERMS_ACTION_NAME_CONNECT
+from .const import (
+    PERMS_ACTION_NAME_CONNECT, MANUAL_LOGIN
+)
 from .connection import SSHConnection, TelnetConnection
 from .service import app_service
 from .conf import config
-from .utils import wrap_with_line_feed as wr, wrap_with_warning as warning, \
-     get_logger, net_input, ugettext as _, ignore_error
+from .utils import (
+    wrap_with_line_feed as wr, wrap_with_warning as warning, ugettext as _,
+    get_logger, net_input, ignore_error
+)


 logger = get_logger(__file__)
 BUF_SIZE = 4096
-MANUAL_LOGIN = 'manual'
-AUTO_LOGIN = 'auto'


 class ProxyServer:
    def __init__(self, client, asset, system_user):
        self.client = client
        self.asset = asset
-        self.system_user = system_user
+        self.system_user = copy.deepcopy(system_user)
        self.server = None
        self.connecting = True


--- a/coco/sftp.py
+++ b/coco/sftp.py
@@ -14,6 +14,7 @@ from .connection import SSHConnection
 from .interactive import InteractiveServer
 from .const import (
    PERMS_ACTION_NAME_DOWNLOAD_FILE, PERMS_ACTION_NAME_UPLOAD_FILE,
+    MANUAL_LOGIN,
 )

 CURRENT_DIR = os.path.dirname(__file__)
@@ -119,22 +120,27 @@ class SFTPServer(paramiko.SFTPServerInterface):
            raise PermissionError("No asset or system user explicit")

        cache_key = '{}@{}'.format(su, host)
-        if cache_key not in self._sftp:
-            conn = SSHConnection.new_connection(self.server.connection.user,
-                                                asset, system_user)
-            __sftp = conn.get_sftp()
-            if __sftp:
-                sftp = {
-                    'client': __sftp, 'connection': conn,
-                    'home': __sftp.normalize('')
-                }
-                self._sftp[cache_key] = sftp
-                return sftp
-            else:
-                raise OSError("Can not connect asset sftp server: {}".format(conn.error))
-        else:
+        if cache_key in self._sftp:
            return self._sftp[cache_key]

+        conn = SSHConnection.new_connection(self.server.connection.user,
+                                            asset, system_user)
+        __sftp = conn.get_sftp()
+        if __sftp:
+            sftp = {
+                'client': __sftp, 'connection': conn,
+                'home': __sftp.normalize('')
+            }
+            self._sftp[cache_key] = sftp
+            return sftp
+        elif system_user.login_mode == MANUAL_LOGIN:
+            raise PermissionError(
+                "System user is in manual login mode, "
+                "please use SSH protocol to connect assets first."
+            )
+        else:
+            raise OSError("Can not connect asset sftp server: {}".format(conn.error))
+
    def host_has_unique_su(self, host):
        host_sus = self.get_host_system_users(host, only_name=True)
        logger.debug("Host system users: {}".format(host_sus))

--- a/coco/sshd.py
+++ b/coco/sshd.py
@@ -77,6 +77,7 @@ class SSHServer:
        server = SSHInterface(connection)
        try:
            transport.start_server(server=server)
+            transport.set_keepalive(60)
            while transport.is_active():
                chan = transport.accept()
                server.event.wait(5)