Merge pull request #236 from jumpserver/dev

Dev

Merge pull request #236 from jumpserver/dev
Dev
b66d9a5f · 老广 · GitHub · a8320a5c · 8899fe5e · b66d9a5f
Unverified Commit b66d9a5f authored Jul 06, 2019 by 老广 Committed by GitHub Jul 06, 2019
Showing with 16 additions and 4 deletions

app.py coco/app.py +1 -1

models.py coco/models.py +9 -0

proxy.py coco/proxy.py +4 -0

sftp.py coco/sftp.py +1 -2

requirements.txt requirements/requirements.txt +1 -1

No files found.
--- a/coco/app.py
+++ b/coco/app.py
@@ -23,7 +23,7 @@ from .session import Session
 from .models import Connection


-__version__ = '1.5.0'
+__version__ = '1.5.1'

 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 logger = get_logger(__file__)

--- a/coco/models.py
+++ b/coco/models.py
@@ -261,6 +261,15 @@ class BaseServer(object):
                msg = _("Command `{}` is forbidden ........").format(cmd)
                data = self.command_forbidden(msg)
                break
+            elif action == rule.ERROR:
+                msg = "Command filter check exceptions " \
+                      "(for safety, check for consistency of rule type " \
+                      "and content in command filter)"
+                logger.warning(msg)
+                _filter = "Command filter rule: {}".format(
+                    rule.content.replace('\r\n', ' ')
+                )
+                logger.warning(_filter)
        return data

    def command_forbidden(self, msg):

--- a/coco/proxy.py
+++ b/coco/proxy.py
@@ -79,6 +79,7 @@ class ProxyServer:
            logger.error(msg)
            self.client.send_unicode(msg)
            self.server.close()
+            return

        try:
            session.bridge()
@@ -151,6 +152,9 @@ class ProxyServer:
            )
            if not conn or not conn.is_active:
                return None
+            else:
+                # 采用复用连接创建session时，系统用户用户名如果为空，创建session-400
+                self.system_user = conn.system_user
        else:
            conn = SSHConnection.new_connection(
                self.client.user, self.asset, self.system_user

--- a/coco/sftp.py
+++ b/coco/sftp.py
@@ -13,7 +13,6 @@ from .service import app_service
 from .connection import SSHConnection
 from .const import (
    PERMS_ACTION_NAME_DOWNLOAD_FILE, PERMS_ACTION_NAME_UPLOAD_FILE,
-    PERMS_ACTION_NAME_ALL,
 )

 CURRENT_DIR = os.path.dirname(__file__)
@@ -267,7 +266,7 @@ class SFTPServer(paramiko.SFTPServerInterface):

    @staticmethod
    def validate_permission(system_user, action):
-        check_actions = [PERMS_ACTION_NAME_ALL, action]
+        check_actions = [action]
        granted_actions = getattr(system_user, 'actions', [])
        actions = list(set(granted_actions).intersection(set(check_actions)))
        return bool(actions)

--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -19,7 +19,7 @@ itsdangerous==0.24
 Jinja2==2.10.1
 jmespath==0.9.3
 jms-storage==0.0.23
-jumpserver-python-sdk==0.0.63
+jumpserver-python-sdk==0.0.64
 MarkupSafe==1.0
 oss2==2.4.0
 paramiko==2.4.2