Merge pull request #42 from jumpserver/dev

支持网域并修复一些bug

Merge pull request #42 from jumpserver/dev
支持网域并修复一些bug
98e8df01 · 老广 · GitHub · f1c7d000 · 4cc45e03 · 98e8df01
Unverified Commit 98e8df01 authored Apr 02, 2018 by 老广 Committed by GitHub Apr 02, 2018
Showing with 76 additions and 48 deletions

interface.py coco/interface.py +25 -35

models.py coco/models.py +6 -2

proxy.py coco/proxy.py +43 -5

sshd.py coco/sshd.py +1 -5

requirements.txt requirements/requirements.txt +1 -1

No files found.
--- a/coco/interface.py
+++ b/coco/interface.py
@@ -91,30 +91,31 @@ class SSHInterface(paramiko.ServerInterface):
    def check_channel_direct_tcpip_request(self, chanid, origin, destination):
        logger.debug("Check channel direct tcpip request: %d %s %s" %
                     (chanid, origin, destination))
-        self.request.type = 'direct-tcpip'
-        self.request.meta = {
+        self.request.type.append('direct-tcpip')
+        self.request.meta.update({
            'chanid': chanid, 'origin': origin,
            'destination': destination,
-        }
+        })
        self.event.set()
        return 0

    def check_channel_env_request(self, channel, name, value):
        logger.debug("Check channel env request: %s, %s, %s" %
                     (channel, name, value))
+        self.request.type.append('env')
        return False

    def check_channel_exec_request(self, channel, command):
        logger.debug("Check channel exec request:  `%s`" % command)
-        self.request.type = 'exec'
-        self.request.meta = {'channel': channel, 'command': command}
+        self.request.type.append('exec')
+        self.request.meta.update({'channel': channel.get_id(), 'command': command})
        self.event.set()
        return False

    def check_channel_forward_agent_request(self, channel):
        logger.debug("Check channel forward agent request: %s" % channel)
-        self.request.type = "forward-agent"
-        self.request.meta = {'channel': channel}
+        self.request.type.append("forward-agent")
+        self.request.meta.update({'channel': channel.get_id()})
        self.event.set()
        return False

@@ -123,12 +124,12 @@ class SSHInterface(paramiko.ServerInterface):
            pixelwidth, pixelheight, modes):
        logger.info("Check channel pty request: %s %s %s %s %s" %
                     (term, width, height, pixelwidth, pixelheight))
-        self.request.type = 'pty'
-        self.request.meta = {
+        self.request.type.append('pty')
+        self.request.meta.update({
            'channel': channel, 'term': term, 'width': width,
            'height': height, 'pixelwidth': pixelwidth,
            'pixelheight': pixelheight,
-        }
+        })
        self.event.set()
        return True

@@ -143,17 +144,19 @@ class SSHInterface(paramiko.ServerInterface):

    def check_channel_subsystem_request(self, channel, name):
        logger.info("Check channel subsystem request: %s %s" % (channel, name))
-        self.request.type = 'subsystem'
-        self.request.meta = {'channel': channel, 'name': name}
+        self.request.type.append('subsystem')
+        self.request.meta.update({'channel': channel.get_id(), 'name': name})
        self.event.set()
        return False

    def check_channel_window_change_request(self, channel, width, height,
                                            pixelwidth, pixelheight):
-        self.request.meta['width'] = width
-        self.request.meta['height'] = height
-        self.request.meta['pixelwidth'] = pixelwidth
-        self.request.meta['pixelheight'] = pixelheight
+        self.request.meta.update({
+            'width': width,
+            'height': height,
+            'pixelwidth': pixelwidth,
+            'pixelheight': pixelheight,
+        })
        self.request.change_size_event.set()
        return True

@@ -162,19 +165,19 @@ class SSHInterface(paramiko.ServerInterface):
        logger.info("Check channel x11 request %s %s %s %s %s" %
                    (channel, single_connection, auth_protocol,
                     auth_cookie, screen_number))
-        self.request.type = 'x11'
-        self.request.meta = {
-            'channel': channel, 'single_connection': single_connection,
+        self.request.type.append('x11')
+        self.request.meta.update({
+            'channel': channel.get_id(), 'single_connection': single_connection,
            'auth_protocol': auth_protocol, 'auth_cookie': auth_cookie,
            'screen_number': screen_number,
-        }
+        })
        self.event.set()
        return False

    def check_port_forward_request(self, address, port):
        logger.info("Check channel port forward request: %s %s" % (address, port))
-        self.request.type = 'port-forward'
-        self.request.meta = {'address': address, 'port': port}
+        self.request.type.append('port-forward')
+        self.request.meta.update({'address': address, 'port': port})
        self.event.set()
        return False

@@ -185,16 +188,3 @@ class SSHInterface(paramiko.ServerInterface):
    #     print("GC: SSH interface gc")


-
-
-
-
-
-
-
-
-
-
-
-
-
--- a/coco/models.py
+++ b/coco/models.py
@@ -3,6 +3,7 @@
 import threading
 import datetime
 import weakref
+import time

 from . import char
 from . import utils
@@ -13,7 +14,7 @@ logger = utils.get_logger(__file__)

 class Request:
    def __init__(self, addr):
-        self.type = ""
+        self.type = []
        self.meta = {"width": 80, "height": 24}
        self.user = None
        self.addr = addr
@@ -250,7 +251,10 @@ class WSProxy:
                continue
            if len(data) == 0:
                self.close()
-            self.ws.emit("data", {'data': data.decode("utf-8"), 'room': self.connection}, room=self.room)
+            data = data.decode(errors="ignore")
+            self.ws.emit("data", {'data': data, 'room': self.connection}, room=self.room)
+            if len(data) == BUF_SIZE:
+                time.sleep(0.1)

    def auto_forward(self):
        thread = threading.Thread(target=self.forward, args=())

--- a/coco/proxy.py
+++ b/coco/proxy.py
@@ -6,6 +6,8 @@ import socket
 import threading
 import time
 import weakref
+
+import os
 import paramiko
 from paramiko.ssh_exception import SSHException

@@ -16,7 +18,7 @@ from .utils import wrap_with_line_feed as wr, wrap_with_warning as warning, \


 logger = get_logger(__file__)
-TIMEOUT = 8
+TIMEOUT = 10
 BUF_SIZE = 4096


@@ -84,17 +86,53 @@ class ProxyServer:
    def get_telnet_server_conn(self, asset, system_user):
        pass

+    def get_proxy_sock(self, asset):
+        domain = self.app.service.get_domain_detail_with_gateway(
+            asset.domain
+        )
+        sock = None
+        for i in domain.gateways:
+            gateway = domain.random_gateway()
+            proxy_command = [
+                "ssh", "-p", str(gateway.port),
+                "{}@{}".format(gateway.username, gateway.ip),
+                "-W", "{}:{}".format(asset.ip, asset.port), "-q",
+            ]
+
+            if gateway.password:
+                proxy_command.insert(0, "sshpass -p {}".format(gateway.password))
+
+            if gateway.private_key:
+                gateway.set_key_dir(os.path.join(self.app.root_path, 'keys'))
+                proxy_command.append("-i {}".format(gateway.private_key_file))
+            proxy_command = ' '.join(proxy_command)
+
+            try:
+                sock = paramiko.ProxyCommand(proxy_command)
+                break
+            except (paramiko.AuthenticationException,
+                    paramiko.BadAuthenticationType, SSHException,
+                    TimeoutError) as e:
+                logger.error(e)
+                continue
+        return sock
+
    def get_ssh_server_conn(self, asset, system_user):
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+        sock = None
+        if asset.domain:
+            sock = self.get_proxy_sock(asset)
+
        try:
            ssh.connect(
                asset.ip, port=asset.port, username=system_user.username,
                password=system_user.password, pkey=system_user.private_key,
-                timeout=TIMEOUT, compress=True, auth_timeout=10,
-                look_for_keys=False
+                timeout=TIMEOUT, compress=True, auth_timeout=TIMEOUT,
+                look_for_keys=False, sock=sock
            )
-        except (paramiko.AuthenticationException, paramiko.BadAuthenticationType, SSHException, TimeoutError):
+        except (paramiko.AuthenticationException, paramiko.BadAuthenticationType, SSHException):
            admins = self.app.config['ADMINS'] or 'administrator'
            self.client.send(warning(wr(
                "Authenticate with server failed, contact {}".format(admins),
@@ -112,7 +150,7 @@ class ProxyServer:
                password_short, key_fingerprint,
            ))
            return None
-        except socket.error as e:
+        except (socket.error, TimeoutError) as e:
            self.client.send(wr(" {}".format(e)))
            return None
        finally:

--- a/coco/sshd.py
+++ b/coco/sshd.py
@@ -97,13 +97,9 @@ class SSHServer:

    def dispatch(self, client):
        request_type = client.request.type
-        if request_type == 'pty' or request_type == 'x11':
+        if 'pty' in request_type:
            logger.info("Request type `pty`, dispatch to interactive mode")
            InteractiveServer(self.app, client).interact()
-        elif request_type == 'exec':
-            pass
-        elif request_type == 'subsystem':
-            pass
        else:
            client.send("Not support request type: %s" % request_type)


--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -20,7 +20,7 @@ Jinja2==2.10
 jmespath==0.9.3
 jms-es-sdk==0.5.2
 jms-storage==0.0.12
-jumpserver-python-sdk==0.0.32
+jumpserver-python-sdk==0.0.34
 MarkupSafe==1.0
 oss2==2.4.0
 paramiko==2.4.0