[Update] youhua

coco/app.py

@@ -20,7 +20,7 @@ from .session import Session
 from .models import Connection
 
 
-__version__ = '1.4.4'
+__version__ = '1.4.6'
 
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 logger = get_logger(__file__)
@@ -56,6 +56,7 @@ class Coco:
         return self._task_handler
 
     @staticmethod
+    @ignore_error
     def load_extra_conf_from_server():
         configs = app_service.load_config_from_server()
         logger.debug("Loading config from server: {}".format(
@@ -63,8 +64,17 @@ class Coco:
         ))
         config.update(configs)
 
+    def keep_load_extra_conf(self):
+        def func():
+            while True:
+                self.load_extra_conf_from_server()
+                time.sleep(60*10)
+        thread = threading.Thread(target=func)
+        thread.start()
+
     def bootstrap(self):
         self.load_extra_conf_from_server()
+        self.keep_load_extra_conf()
         self.keep_heartbeat()
         self.monitor_sessions()
         self.monitor_sessions_replay()

coco/config.py

@@ -92,8 +92,9 @@ class Config(dict):
     """
 
     def __init__(self, root_path, defaults=None):
-        dict.__init__(self, defaults or {})
+        self.defaults = defaults or {}
         self.root_path = root_path
+        super().__init__({})
 
     def from_envvar(self, variable_name, silent=False):
         """Loads a configuration from an environment variable pointing to
@@ -269,6 +270,21 @@ class Config(dict):
             rv[key] = v
         return rv
 
+    def __getitem__(self, item):
+        try:
+            value = super().__getitem__(item)
+        except KeyError:
+            value = None
+        if value is not None:
+            return value
+        value = os.environ.get(item, None)
+        if value is not None:
+            return value
+        return self.defaults.get(item)
+
+    def __getattr__(self, item):
+        return self.__getitem__(item)
+
     def __repr__(self):
         return '<%s %s>' % (self.__class__.__name__, dict.__repr__(self))
 
@@ -277,6 +293,7 @@ access_key_path = os.path.abspath(os.path.join(root_path, 'keys', '.access_key')
 default_config = {
     'NAME': socket.gethostname(),
     'CORE_HOST': 'http://127.0.0.1:8080',
+    'BOOTSTRAP_TOKEN': os.environ.get("BOOTSTRAP_TOKEN") or 'PleaseChangeMe',
     'ROOT_PATH': root_path,
     'DEBUG': True,
     'BIND_HOST': '0.0.0.0',
@@ -301,6 +318,7 @@ default_config = {
     'REPLAY_STORAGE': {'TYPE': 'server'},
     'LANGUAGE_CODE': 'zh',
     'SECURITY_MAX_IDLE_TIME': 60,
+    'ASSET_LIST_PAGE_SIZE': 'auto',
 }
 
 config = Config(root_path, default_config)

coco/connection.py

@@ -41,12 +41,16 @@ class SSHConnection:
         ssh = paramiko.SSHClient()
         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
         sock = None
+        error = ''
 
         if not system_user.password and not system_user.private_key:
             self.get_system_user_auth(system_user)
 
         if asset.domain:
             sock = self.get_proxy_sock_v2(asset)
+            if not sock:
+                error = 'Connect gateway failed;'
+                logger.error(error)
 
         try:
             try:
@@ -85,9 +89,9 @@ class SSHConnection:
                 system_user.username, asset.ip, asset.port,
                 password_short, key_fingerprint,
             ))
-            return None, None, str(e)
+            return None, None, error + '\n' + str(e)
         except (socket.error, socket.timeout) as e:
-            return None, None, str(e)
+            return None, None, error + '\n' + str(e)
         return ssh, sock, None
 
     def get_transport(self, asset, system_user):
@@ -130,9 +134,9 @@ class SSHConnection:
                             password=gateway.password,
                             pkey=gateway.private_key_obj,
                             timeout=config['SSH_TIMEOUT'])
-            except(paramiko.AuthenticationException,
-                   paramiko.BadAuthenticationType,
-                   SSHException):
+            except (paramiko.AuthenticationException,
+                    paramiko.BadAuthenticationType,
+                    SSHException, socket.error):
                 continue
             sock = ssh.get_transport().open_channel(
                 'direct-tcpip', (asset.ip, asset.port), ('127.0.0.1', 0)

coco/httpd/elfinder/connector.py

@@ -136,6 +136,7 @@ class ElFinderConnector:
             return cmd
         else:
             self.response['error'] = 'No valid command found'
+            return None, None
 
     def run(self, request):
         """ Main entry point for running commands. Attemps to run a command

coco/interface.py

@@ -176,7 +176,7 @@ class SSHInterface(paramiko.ServerInterface):
             'command': command
         })
         self.event.set()
-        return False
+        return True
 
     def check_channel_forward_agent_request(self, channel):
         logger.debug("Check channel forward agent request: %s" % channel)

coco/logger.py

@@ -10,7 +10,7 @@ from .config import config as app_config
 
 def create_logger():
     level = app_config['LOG_LEVEL']
-    log_dir = app_config.get('LOG_DIR')
+    log_dir = app_config['LOG_DIR']
     log_path = os.path.join(log_dir, 'coco.log')
     main_setting = {
         'handlers': ['console', 'file'],

coco/models.py

@@ -367,6 +367,11 @@ class TelnetServer(BaseServer):
         self.system_user = system_user
         super(TelnetServer, self).__init__(chan=sock)
 
+    @property
+    def closed(self):
+        """ self.chan: socket object """
+        return getattr(self.chan, '_closed', False)
+
 
 class Server(BaseServer):
     """

coco/proxy.py

@@ -52,7 +52,7 @@ class ProxyServer:
             return False
         return True
 
-    def manual_set_system_user_username_if_need(self):
+    def get_system_user_username_if_need(self):
         if self.system_user.login_mode == MANUAL_LOGIN and \
                 not self.system_user.username:
             username = net_input(self.client, prompt='username: ', before=1)
@@ -63,15 +63,17 @@ class ProxyServer:
     def proxy(self):
         if not self.check_protocol():
             return
-        self.manual_set_system_user_username_if_need()
+        self.get_system_user_username_if_need()
         self.get_system_user_auth_or_manual_set()
         self.server = self.get_server_conn()
         if self.server is None:
             return
         session = Session.new_session(self.client, self.server)
-        session.bridge()
-        Session.remove_session(session.id)
-        self.server.close()
+        try:
+            session.bridge()
+        finally:
+            Session.remove_session(session.id)
+            self.server.close()
 
     def validate_permission(self):
         """

coco/sshd.py

@@ -58,6 +58,7 @@ class SSHServer:
                 logger.error("Start SSH server error: {}".format(e))
 
     def handle_connection(self, sock, addr):
+        logger.debug("Handle new connection from: {}".format(addr))
         transport = paramiko.Transport(sock, gss_kex=False)
         try:
             transport.load_server_moduli()

coco/utils.py

@@ -303,7 +303,7 @@ def net_input(client, prompt='Opt> ', sensitive=False, before=0, after=0):
     client.send(wrap_with_line_feed(prompt, before=before, after=after))
 
     while True:
-        data = client.recv(10)
+        data = client.recv(1)
         if len(data) == 0:
             break
         # Client input backspace
@@ -331,18 +331,8 @@ def net_input(client, prompt='Opt> ', sensitive=False, before=0, after=0):
             client.send(b'')
             continue
 
-        # handle shell expect
-        multi_char_with_enter = False
-        if len(data) > 1 and data[-1] in char.ENTER_CHAR_ORDER:
-            if sensitive:
-                client.send(len(data) * '*')
-            else:
-                client.send(data)
-            input_data.append(data[:-1])
-            multi_char_with_enter = True
-
         # If user types ENTER we should get user input
-        if data in char.ENTER_CHAR or multi_char_with_enter:
+        if data in char.ENTER_CHAR:
             client.send(wrap_with_line_feed(b'', after=2))
             option = parser.parse_input(input_data)
             del input_data[:]

conf_example.py

@@ -17,6 +17,10 @@ class Config:
     # Jumpserver项目的url, api请求注册会使用
     # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
 
+    # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
+    # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
+    # BOOTSTRAP_TOKEN = "PleaseChangeMe"
+
     # 启动时绑定的ip, 默认 0.0.0.0
     # BIND_HOST = '0.0.0.0'
 

locale/en/LC_MESSAGES/coco.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-10-31 11:49+0800\n"
+"POT-Creation-Date: 2018-12-18 20:03+0800\n"
 "PO-Revision-Date: 2018-08-10 10:42+0800\n"
 "Last-Translator: BaiJiangjie <bugatti_it@163.com>\n"
 "Language-Team: Language locale/en/LC\n"
@@ -16,11 +16,11 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: coco/app.py:135
+#: coco/app.py:145
 msgid "Connect idle more than {} minutes, disconnect"
 msgstr ""
 
-#: coco/interactive.py:80
+#: coco/interactive.py:84
 #, python-brace-format
 msgid ""
 "\n"
@@ -28,131 +28,127 @@ msgid ""
 "{end}{R}{R}"
 msgstr ""
 
-#: coco/interactive.py:82
+#: coco/interactive.py:86
 #, python-brace-format
 msgid ""
 "{T}1) Enter {green}ID{end} directly login or enter {green}part IP, Hostname, "
 "Comment{end} to search login(if unique).{R}"
 msgstr ""
 
-#: coco/interactive.py:83
+#: coco/interactive.py:87
 #, python-brace-format
 msgid ""
 "{T}2) Enter {green}/{end} + {green}IP, Hostname{end} or {green}Comment {end} "
 "search, such as: /ip.{R}"
 msgstr ""
 
-#: coco/interactive.py:84
+#: coco/interactive.py:88
 #, python-brace-format
 msgid "{T}3) Enter {green}p{end} to display the host you have permission.{R}"
 msgstr ""
 
-#: coco/interactive.py:85
+#: coco/interactive.py:89
 #, python-brace-format
 msgid ""
 "{T}4) Enter {green}g{end} to display the node that you have permission.{R}"
 msgstr ""
 
-#: coco/interactive.py:86
+#: coco/interactive.py:90
 #, python-brace-format
 msgid ""
 "{T}5) Enter {green}g{end} + {green}NodeID{end} to display the host under the "
 "node, such as g1.{R}"
 msgstr ""
 
-#: coco/interactive.py:87
+#: coco/interactive.py:91
 #, python-brace-format
 msgid "{T}6) Enter {green}s{end} Chinese-english switch.{R}"
 msgstr ""
 
-#: coco/interactive.py:88
+#: coco/interactive.py:92
 #, python-brace-format
 msgid "{T}7) Enter {green}h{end} help.{R}"
 msgstr ""
 
-#: coco/interactive.py:89
+#: coco/interactive.py:93
 #, python-brace-format
-msgid "{T}0) Enter {green}q{end} exit.{R}"
+msgid "{T}8) Enter {green}r{end} to refresh your assets and nodes.{R}"
 msgstr ""
 
-#: coco/interactive.py:159
-msgid "No"
+#: coco/interactive.py:94
+#, python-brace-format
+msgid "{T}0) Enter {green}q{end} exit.{R}"
 msgstr ""
 
-#: coco/interactive.py:166
-msgid "Name"
+#: coco/interactive.py:155
+msgid "Terminal does not support login rdp, please use web terminal to access"
 msgstr ""
 
-#: coco/interactive.py:166
-msgid "Assets"
+#: coco/interactive.py:212
+msgid "No Assets"
 msgstr ""
 
-#: coco/interactive.py:172
-msgid "Total: {}"
+#: coco/interactive.py:275
+msgid "Tips: Enter the asset ID and log directly into the asset."
 msgstr ""
 
-#: coco/interactive.py:177
-msgid "Node [ ID.Name(Asset) ]"
+#: coco/interactive.py:276
+msgid "Page up: P/p"
 msgstr ""
 
-#: coco/interactive.py:179
-msgid "Enter g+NodeID to display the host under the node, such as g1."
+#: coco/interactive.py:277
+msgid "Page down: Enter|N/n"
 msgstr ""
 
-#: coco/interactive.py:186
-msgid "There is no matched node, please re-enter"
+#: coco/interactive.py:278
+msgid "BACK: b/q"
 msgstr ""
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "ID"
 msgstr ""
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "Hostname"
 msgstr ""
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "IP"
 msgstr ""
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "LoginAs"
 msgstr ""
 
-#: coco/interactive.py:211
+#: coco/interactive.py:313
 msgid "Comment"
 msgstr ""
 
-#: coco/interactive.py:221
+#: coco/interactive.py:322
 msgid "Page: {}, Count: {}, Total Page: {}, Total Count: {}"
 msgstr ""
 
-#: coco/interactive.py:296
-msgid "Select a login:: "
+#: coco/interactive.py:394
+msgid "No Nodes"
 msgstr ""
 
-#: coco/interactive.py:319
-msgid ""
-"Terminal does not support login Windows, please use web terminal to access"
+#: coco/interactive.py:398
+msgid "Node: [ ID.Name(Asset amount) ]"
 msgstr ""
 
-#: coco/interactive.py:401
-msgid "Tips: Enter the asset ID and log directly into the asset."
+#: coco/interactive.py:400
+msgid "Tips: Enter g+NodeID to display the host under the node, such as g1"
 msgstr ""
 
-#: coco/interactive.py:402
-msgid "Page up: P/p"
-msgstr ""
-
-#: coco/interactive.py:403
-msgid "Page down: Enter|N/n"
+#: coco/interactive.py:408
+msgid "There is no matched node, please re-enter"
 msgstr ""
 
-#: coco/interactive.py:404
-msgid "BACK: B/b"
+#: coco/interactive.py:438
+msgid "Select a login:: "
 msgstr ""
 
-#: coco/interactive.py:425
+#: coco/interactive.py:461
 msgid "No system user"
 msgstr ""
 

locale/zh_CN/LC_MESSAGES/coco.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-10-31 11:49+0800\n"
+"POT-Creation-Date: 2018-12-18 20:04+0800\n"
 "PO-Revision-Date: 2018-08-10 10:42+0800\n"
 "Last-Translator: BaiJiangjie <bugatti_it@163.com>\n"
 "Language-Team: Language locale/zh\n"
@@ -16,11 +16,11 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: coco/app.py:135
+#: coco/app.py:145
 msgid "Connect idle more than {} minutes, disconnect"
 msgstr "空闲时间超过 {} 分钟，断开连接"
 
-#: coco/interactive.py:80
+#: coco/interactive.py:84
 #, python-brace-format
 msgid ""
 "\n"
@@ -30,7 +30,7 @@ msgstr ""
 "\n"
 "{T}{T}{title} {user}, 欢迎使用Jumpserver开源跳板机系统 {end}{R}{R}"
 
-#: coco/interactive.py:82
+#: coco/interactive.py:86
 #, python-brace-format
 msgid ""
 "{T}1) Enter {green}ID{end} directly login or enter {green}part IP, Hostname, "
@@ -39,7 +39,7 @@ msgstr ""
 "{T}1) 输入 {green}ID{end} 直接登录 或 输入{green}部分 IP,主机名,备注{end} 进"
 "行搜索登录(如果唯一).{R}"
 
-#: coco/interactive.py:83
+#: coco/interactive.py:87
 #, python-brace-format
 msgid ""
 "{T}2) Enter {green}/{end} + {green}IP, Hostname{end} or {green}Comment {end} "
@@ -48,122 +48,120 @@ msgstr ""
 "{T}2) 输入 {green}/{end} + {green}IP, 主机名{end} or {green}备注 {end}搜索. "
 "如: /ip{R}"
 
-#: coco/interactive.py:84
+#: coco/interactive.py:88
 #, python-brace-format
 msgid "{T}3) Enter {green}p{end} to display the host you have permission.{R}"
 msgstr "{T}3) 输入 {green}p{end} 显示您有权限的主机.{R}"
 
-#: coco/interactive.py:85
+#: coco/interactive.py:89
 #, python-brace-format
 msgid ""
 "{T}4) Enter {green}g{end} to display the node that you have permission.{R}"
 msgstr "{T}4) 输入 {green}g{end} 显示您有权限的节点.{R}"
 
-#: coco/interactive.py:86
+#: coco/interactive.py:90
+#, python-brace-format
 msgid ""
 "{T}5) Enter {green}g{end} + {green}NodeID{end} to display the host under the "
 "node, such as g1.{R}"
-msgstr "{T}5) 输入 {green}g{end} + {green}节点ID{end} 显示节点下主机. 如: g1{R}"
+msgstr ""
+"{T}5) 输入 {green}g{end} + {green}节点ID{end} 显示节点下主机. 如: g1{R}"
 
-#: coco/interactive.py:87
+#: coco/interactive.py:91
 #, python-brace-format
 msgid "{T}6) Enter {green}s{end} Chinese-english switch.{R}"
 msgstr "{T}6) 输入 {green}s{end} 中/英文切换.{R}"
 
-#: coco/interactive.py:88
+#: coco/interactive.py:92
 #, python-brace-format
 msgid "{T}7) Enter {green}h{end} help.{R}"
 msgstr "{T}7) 输入 {green}h{end} 帮助.{R}"
 
-#: coco/interactive.py:89
+#: coco/interactive.py:93
+#, python-brace-format
+msgid "{T}8) Enter {green}r{end} to refresh your assets and nodes.{R}"
+msgstr "{T}0) 输入 {green}r{end} 刷新最新的机器和节点信息.{R}"
+
+#: coco/interactive.py:94
 #, python-brace-format
 msgid "{T}0) Enter {green}q{end} exit.{R}"
 msgstr "{T}0) 输入 {green}q{end} 退出.{R}"
 
-#: coco/interactive.py:159
-msgid "No"
-msgstr "无"
-
-#: coco/interactive.py:166
-msgid "Name"
-msgstr "名称"
+#: coco/interactive.py:155
+msgid "Terminal does not support login rdp, please use web terminal to access"
+msgstr "终端不支持登录windows, 请使用web terminal访问"
 
-#: coco/interactive.py:166
-msgid "Assets"
-msgstr "资产"
+#: coco/interactive.py:212
+msgid "No Assets"
+msgstr "没有资产"
 
-#: coco/interactive.py:172
-msgid "Total: {}"
-msgstr "总共: {}"
+#: coco/interactive.py:275
+msgid "Tips: Enter the asset ID and log directly into the asset."
+msgstr "提示: 输入资产ID，直接登录资产."
 
-#: coco/interactive.py:177
-msgid "Node: [ ID.Name(Asset amount) ]"
-msgstr "节点: [ ID.名称(资产数量) ]"
+#: coco/interactive.py:276
+msgid "Page up: P/p"
+msgstr "上一页: P/p"
 
-#: coco/interactive.py:179
-msgid "Tips: Enter g+NodeID to display the host under the node, such as g1"
-msgstr "提示: 输入 g+节点ID 显示节点下主机. 如: g1"
+#: coco/interactive.py:277
+msgid "Page down: Enter|N/n"
+msgstr "下一页: Enter|N/n"
 
-#: coco/interactive.py:186
-msgid "There is no matched node, please re-enter"
-msgstr "没有匹配分组，请重新输入"
+#: coco/interactive.py:278
+msgid "BACK: b/q"
+msgstr "返回: B/b"
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "ID"
 msgstr ""
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "Hostname"
 msgstr "主机名"
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "IP"
 msgstr ""
 
-#: coco/interactive.py:197
+#: coco/interactive.py:299
 msgid "LoginAs"
 msgstr "登录用户"
 
-#: coco/interactive.py:211
+#: coco/interactive.py:313
 msgid "Comment"
 msgstr "备注"
 
-#: coco/interactive.py:221
+#: coco/interactive.py:322
 msgid "Page: {}, Count: {}, Total Page: {}, Total Count: {}"
 msgstr "页码: {}, 数量: {}, 总页数: {}, 总数量: {}"
 
-#: coco/interactive.py:296
-msgid "Select a login:: "
-msgstr "选择一个登录:"
-
-#: coco/interactive.py:319
-msgid ""
-"Terminal does not support login Windows, please use web terminal to access"
-msgstr "终端不支持登录windows, 请使用web terminal访问"
+#: coco/interactive.py:394
+msgid "No Nodes"
+msgstr "没有节点"
 
-#: coco/interactive.py:401
-msgid "Tips: Enter the asset ID and log directly into the asset."
-msgstr "提示: 输入资产ID，直接登录资产."
+#: coco/interactive.py:398
+msgid "Node: [ ID.Name(Asset amount) ]"
+msgstr "节点: [ ID.名称(资产数量) ]"
 
-#: coco/interactive.py:402
-msgid "Page up: P/p"
-msgstr "上一页: P/p"
+#: coco/interactive.py:400
+msgid "Tips: Enter g+NodeID to display the host under the node, such as g1"
+msgstr "提示: 输入 g+节点ID 显示节点下主机. 如: g1"
 
-#: coco/interactive.py:403
-msgid "Page down: Enter|N/n"
-msgstr "下一页: Enter|N/n"
+#: coco/interactive.py:408
+msgid "There is no matched node, please re-enter"
+msgstr "没有匹配分组，请重新输入"
 
-#: coco/interactive.py:404
-msgid "BACK: B/b"
-msgstr "返回: B/b"
+#: coco/interactive.py:438
+msgid "Select a login:: "
+msgstr "选择一个登录:"
 
-#: coco/interactive.py:425
+#: coco/interactive.py:461
 msgid "No system user"
 msgstr "没有系统用户"
 
 #: coco/models.py:247
 msgid "Command `{}` is forbidden ........"
-msgstr ""
+msgstr "命令 `{}` 是被禁止的 ..."
 
 #: coco/proxy.py:89
 msgid "No permission"
@@ -177,5 +175,14 @@ msgstr "开始连接到 {}@{} {:.1f}"
 msgid "Terminated by administrator"
 msgstr "被管理员中断"
 
+#~ msgid "No"
+#~ msgstr "无"
+
+#~ msgid "Name"
+#~ msgstr "名称"
+
+#~ msgid "Total: {}"
+#~ msgstr "总共: {}"
+
 #~ msgid "Total: {} Match: {}"
 #~ msgstr "总共: {} 匹配: {}"

requirements/alpine_requirements.txt

+krb5-dev sshpass libffi-dev libressl-dev linux-headers

requirements/requirements.txt

@@ -19,7 +19,7 @@ itsdangerous==0.24
 Jinja2==2.10
 jmespath==0.9.3
 jms-storage==0.0.20
-jumpserver-python-sdk==0.0.51
+jumpserver-python-sdk==0.0.53
 MarkupSafe==1.0
 oss2==2.4.0
 paramiko==2.4.1