Skip to content

J
jumpserver
Switch branch/tag
Find file
BlameHistoryPermalink
  • BaiJiangJie's avatar
    [Update] Auth Info (#2806) · 9cd75390
    BaiJiangJie authored 
    * [Update] 修改支持auth info导出

* [Update] 统一认证查看

* [Update] 修改auth book manager

* [Update] 修改auth info

* [Update] 完成修改auth info

* [Update] 优化api
    9cd75390
base.py 6.75 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 
# -*- coding: utf-8 -*-
#
import os
import uuid
from hashlib import md5

import sshpubkeys
from django.db import models
from django.core.cache import cache
from django.utils.translation import ugettext_lazy as _
from django.conf import settings

from common.utils import (
    get_signer, ssh_key_string_to_obj, ssh_key_gen, get_logger
)
from common.validators import alphanumeric
from orgs.mixins import OrgModelMixin
from .utils import private_key_validator

signer = get_signer()

logger = get_logger(__file__)


class AssetUser(OrgModelMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    name = models.CharField(max_length=128, verbose_name=_('Name'))
    username = models.CharField(max_length=32, blank=True, verbose_name=_('Username'), validators=[alphanumeric])
    _password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
    _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ])
    _public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key'))
    comment = models.TextField(blank=True, verbose_name=_('Comment'))
    date_created = models.DateTimeField(auto_now_add=True)
    date_updated = models.DateTimeField(auto_now=True)
    created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by'))

    UNREACHABLE, REACHABLE, UNKNOWN = range(0, 3)
    CONNECTIVITY_CHOICES = (
        (UNREACHABLE, _("Unreachable")),
        (REACHABLE, _('Reachable')),
        (UNKNOWN, _("Unknown")),
    )
    CONNECTIVITY_CACHE_KEY = "CONNECTIVITY_{}"
    _prefer = "system_user"

    @property
    def password(self):
        if self._password:
            return signer.unsign(self._password)
        else:
            return None

    @password.setter
    def password(self, password_raw):
        # raise AttributeError("Using set_auth do that")
        self._password = signer.sign(password_raw)

    @property
    def private_key(self):
        if self._private_key:
            return signer.unsign(self._private_key)

    @private_key.setter
    def private_key(self, private_key_raw):
        # raise AttributeError("Using set_auth do that")
        self._private_key = signer.sign(private_key_raw)

    @property
    def private_key_obj(self):
        if self._private_key:
            key_str = signer.unsign(self._private_key)
            return ssh_key_string_to_obj(key_str, password=self.password)
        else:
            return None

    @property
    def private_key_file(self):
        if not self.private_key_obj:
            return None
        project_dir = settings.PROJECT_DIR
        tmp_dir = os.path.join(project_dir, 'tmp')
        key_str = signer.unsign(self._private_key)
        key_name = '.' + md5(key_str.encode('utf-8')).hexdigest()
        key_path = os.path.join(tmp_dir, key_name)
        if not os.path.exists(key_path):
            self.private_key_obj.write_private_key_file(key_path)
            os.chmod(key_path, 0o400)
        return key_path

    @property
    def public_key(self):
        key = signer.unsign(self._public_key)
        if key:
            return key
        else:
            return None

    @public_key.setter
    def public_key(self, public_key_raw):
        # raise AttributeError("Using set_auth do that")
        self._public_key = signer.sign(public_key_raw)

    @property
    def public_key_obj(self):
        if self.public_key:
            try:
                return sshpubkeys.SSHKey(self.public_key)
            except TabError:
                pass
        return None

    def set_auth(self, password=None, private_key=None, public_key=None):
        update_fields = []
        if password:
            self._password = signer.sign(password)
            update_fields.append('_password')
        if private_key:
            self._private_key = signer.sign(private_key)
            update_fields.append('_private_key')
        if public_key:
            self._public_key = signer.sign(public_key)
            update_fields.append('_public_key')

        if update_fields:
            self.save(update_fields=update_fields)

    def get_auth(self, asset=None):
        pass

    def get_connectivity_of(self, asset):
        i = self.generate_id_with_asset(asset)
        key = self.CONNECTIVITY_CACHE_KEY.format(i)
        return cache.get(key)

    def set_connectivity_of(self, asset, c):
        i = self.generate_id_with_asset(asset)
        key = self.CONNECTIVITY_CACHE_KEY.format(i)
        cache.set(key, c, 3600)

    def load_specific_asset_auth(self, asset):
        from ..backends import AssetUserManager
        try:
            manager = AssetUserManager().prefer(self._prefer)
            other = manager.get(username=self.username, asset=asset)
        except Exception as e:
            logger.error(e, exc_info=True)
        else:
            self._merge_auth(other)

    def _merge_auth(self, other):
        if not other:
            return
        if other.password:
            self.password = other.password
        if other.public_key:
            self.public_key = other.public_key
        if other.private_key:
            self.private_key = other.private_key

    def clear_auth(self):
        self._password = ''
        self._private_key = ''
        self._public_key = ''
        self.save()

    def auto_gen_auth(self):
        password = str(uuid.uuid4())
        private_key, public_key = ssh_key_gen(
            username=self.username
        )
        self.set_auth(password=password,
                      private_key=private_key,
                      public_key=public_key)

    def auto_gen_auth_password(self):
        password = str(uuid.uuid4())
        self.set_auth(password=password)

    def _to_secret_json(self):
        """Push system user use it"""
        return {
            'name': self.name,
            'username': self.username,
            'password': self.password,
            'public_key': self.public_key,
            'private_key': self.private_key_file,
        }

    def generate_id_with_asset(self, asset):
        id_ = '{}_{}'.format(asset.id, self.id)
        id_ = uuid.UUID(md5(id_.encode()).hexdigest())
        return id_

    def construct_to_authbook(self, asset):
        from . import AuthBook
        fields = [
            'name', 'username', 'comment', 'org_id',
            '_password', '_private_key', '_public_key',
            'date_created', 'date_updated', 'created_by'
        ]
        id_ = self.generate_id_with_asset(asset)
        obj = AuthBook(id=id_, asset=asset, version=0, is_latest=True)
        obj._connectivity = self.get_connectivity_of(asset)
        for field in fields:
            value = getattr(self, field)
            setattr(obj, field, value)
        return obj

    class Meta:
        abstract = True