Skip to content

C
coco
Unverified Commit 47fc4b67 authored by 老广's avatar 老广 Committed by GitHub
Browse files
Options

Merge pull request #253 from jumpserver/dev 

Dev
parents 97d80e61 82c5de1c
Show whitespace changes
Inline Side-by-side
Showing with 31 additions and 11 deletions
coco/connection.py
View file @ 47fc4b67
...@@ -4,6 +4,8 @@ ...@@ -4,6 +4,8 @@
import re import re
import socket import socket
import telnetlib import telnetlib
from .const import MANUAL_LOGIN
try: try:
import selectors import selectors
...@@ -87,6 +89,8 @@ class SSHConnection: ...@@ -87,6 +89,8 @@ class SSHConnection:
获取系统用户的认证信息,密码或秘钥 获取系统用户的认证信息,密码或秘钥
:return: system user have full info :return: system user have full info
""" """
if self.system_user.login_mode == MANUAL_LOGIN:
return
password, private_key = \ password, private_key = \
app_service.get_system_user_auth_info(self.system_user, self.asset) app_service.get_system_user_auth_info(self.system_user, self.asset)
self.system_user.password = password self.system_user.password = password
...@@ -127,7 +131,7 @@ class SSHConnection: ...@@ -127,7 +131,7 @@ class SSHConnection:
look_for_keys=False, sock=sock, allow_agent=False, look_for_keys=False, sock=sock, allow_agent=False,
) )
transport = ssh.get_transport() transport = ssh.get_transport()
transport.set_keepalive(20) transport.set_keepalive(60)
self.transport = transport self.transport = transport
except Exception as e: except Exception as e:
password_short = "None" password_short = "None"
...@@ -227,7 +231,7 @@ class SSHConnection: ...@@ -227,7 +231,7 @@ class SSHConnection:
continue continue
try: try:
transport = ssh.get_transport() transport = ssh.get_transport()
transport.set_keepalive(20) transport.set_keepalive(60)
sock = transport.open_channel( sock = transport.open_channel(
'direct-tcpip', (asset.ip, asset.ssh_port), ('127.0.0.1', 0) 'direct-tcpip', (asset.ip, asset.ssh_port), ('127.0.0.1', 0)
) )
......
coco/const.py
View file @ 47fc4b67
...@@ -8,3 +8,9 @@ PERMS_ACTION_NAME_ALL = 'all' ...@@ -8,3 +8,9 @@ PERMS_ACTION_NAME_ALL = 'all'
PERMS_ACTION_NAME_CONNECT = 'connect' PERMS_ACTION_NAME_CONNECT = 'connect'
PERMS_ACTION_NAME_UPLOAD_FILE = 'upload_file' PERMS_ACTION_NAME_UPLOAD_FILE = 'upload_file'
PERMS_ACTION_NAME_DOWNLOAD_FILE = 'download_file' PERMS_ACTION_NAME_DOWNLOAD_FILE = 'download_file'
#
# System User login mode choices
#
MANUAL_LOGIN = 'manual'
AUTO_LOGIN = 'auto'
coco/proxy.py
View file @ 47fc4b67
...@@ -4,28 +4,31 @@ ...@@ -4,28 +4,31 @@
import threading import threading
import time import time
import copy
from .session import Session from .session import Session
from .models import Server, TelnetServer from .models import Server, TelnetServer
from .const import PERMS_ACTION_NAME_CONNECT from .const import (
PERMS_ACTION_NAME_CONNECT, MANUAL_LOGIN
)
from .connection import SSHConnection, TelnetConnection from .connection import SSHConnection, TelnetConnection
from .service import app_service from .service import app_service
from .conf import config from .conf import config
from .utils import wrap_with_line_feed as wr, wrap_with_warning as warning, \ from .utils import (
get_logger, net_input, ugettext as _, ignore_error wrap_with_line_feed as wr, wrap_with_warning as warning, ugettext as _,
get_logger, net_input, ignore_error
)
logger = get_logger(__file__) logger = get_logger(__file__)
BUF_SIZE = 4096 BUF_SIZE = 4096
MANUAL_LOGIN = 'manual'
AUTO_LOGIN = 'auto'
class ProxyServer: class ProxyServer:
def __init__(self, client, asset, system_user): def __init__(self, client, asset, system_user):
self.client = client self.client = client
self.asset = asset self.asset = asset
self.system_user = system_user self.system_user = copy.deepcopy(system_user)
self.server = None self.server = None
self.connecting = True self.connecting = True
......
coco/sftp.py
View file @ 47fc4b67
...@@ -14,6 +14,7 @@ from .connection import SSHConnection ...@@ -14,6 +14,7 @@ from .connection import SSHConnection
from .interactive import InteractiveServer from .interactive import InteractiveServer
from .const import ( from .const import (
PERMS_ACTION_NAME_DOWNLOAD_FILE, PERMS_ACTION_NAME_UPLOAD_FILE, PERMS_ACTION_NAME_DOWNLOAD_FILE, PERMS_ACTION_NAME_UPLOAD_FILE,
MANUAL_LOGIN,
) )
CURRENT_DIR = os.path.dirname(__file__) CURRENT_DIR = os.path.dirname(__file__)
...@@ -119,7 +120,9 @@ class SFTPServer(paramiko.SFTPServerInterface): ...@@ -119,7 +120,9 @@ class SFTPServer(paramiko.SFTPServerInterface):
raise PermissionError("No asset or system user explicit") raise PermissionError("No asset or system user explicit")
cache_key = '{}@{}'.format(su, host) cache_key = '{}@{}'.format(su, host)
if cache_key not in self._sftp: if cache_key in self._sftp:
return self._sftp[cache_key]
conn = SSHConnection.new_connection(self.server.connection.user, conn = SSHConnection.new_connection(self.server.connection.user,
asset, system_user) asset, system_user)
__sftp = conn.get_sftp() __sftp = conn.get_sftp()
...@@ -130,10 +133,13 @@ class SFTPServer(paramiko.SFTPServerInterface): ...@@ -130,10 +133,13 @@ class SFTPServer(paramiko.SFTPServerInterface):
} }
self._sftp[cache_key] = sftp self._sftp[cache_key] = sftp
return sftp return sftp
elif system_user.login_mode == MANUAL_LOGIN:
raise PermissionError(
"System user is in manual login mode, "
"please use SSH protocol to connect assets first."
)
else: else:
raise OSError("Can not connect asset sftp server: {}".format(conn.error)) raise OSError("Can not connect asset sftp server: {}".format(conn.error))
else:
return self._sftp[cache_key]
def host_has_unique_su(self, host): def host_has_unique_su(self, host):
host_sus = self.get_host_system_users(host, only_name=True) host_sus = self.get_host_system_users(host, only_name=True)
......
coco/sshd.py
View file @ 47fc4b67
...@@ -77,6 +77,7 @@ class SSHServer: ...@@ -77,6 +77,7 @@ class SSHServer:
server = SSHInterface(connection) server = SSHInterface(connection)
try: try:
transport.start_server(server=server) transport.start_server(server=server)
transport.set_keepalive(60)
while transport.is_active(): while transport.is_active():
chan = transport.accept() chan = transport.accept()
server.event.wait(5) server.event.wait(5)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment