Skip to content

J
jumpserver
Commit 026836eb authored by guanghongwei's avatar guanghongwei
Browse files
Options

--no commit message

parent d926cbde
Show whitespace changes
Inline Side-by-side
Showing with 208 additions and 190 deletions
connect.py
View file @ 026836eb
......@@ -24,8 +24,7 @@ django.setup()
from juser.models import User
from jasset.models import Asset
from jlog.models import Log
from jumpserver.views import PyCrypt
from jumpserver.api import user_perm_asset_api
from jumpserver.api import user_perm_asset_api, PyCrypt, BASE_DIR, CONF, CRYPTOR, KEY
try:
import termios
......@@ -35,13 +34,10 @@ except ImportError:
time.sleep(3)
sys.exit()
BASE_DIR = os.path.abspath(os.path.dirname(__file__))
CONF = ConfigParser()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('web', 'key')
LOGIN_NAME = getpass.getuser()
......
jasset/models.py
View file @ 026836eb
import datetime
from django.db import models
from juser.models import UserGroup
from juser.models import UserGroup, DEPT
class IDC(models.Model):
......@@ -34,8 +34,8 @@ class Asset(models.Model):
ip = models.IPAddressField(unique=True)
port = models.SmallIntegerField(max_length=5)
idc = models.ForeignKey(IDC)
user_group = models.ManyToManyField(UserGroup)
bis_group = models.ManyToManyField(BisGroup)
dept = models.ManyToManyField(DEPT)
login_type = models.CharField(max_length=1, choices=LOGIN_TYPE_CHOICES, default='L')
username = models.CharField(max_length=20, blank=True, null=True)
password = models.CharField(max_length=80, blank=True, null=True)
......
jperm/models.py
View file @ 026836eb
......@@ -11,14 +11,6 @@ class Perm(models.Model):
return '%s_%s' % (self.user_group.name, self.asset_group.name)
class DeptPerm(models.Model):
dept = models.ForeignKey(DEPT)
asset = models.ForeignKey(Asset)
def __unicode__(self):
return '%s_%s' % (self.dept.name, self.asset.ip)
class CmdGroup(models.Model):
name = models.CharField(max_length=50)
cmd = models.CharField(max_length=999)
......
jperm/views.py
View file @ 026836eb
......@@ -5,18 +5,11 @@ from django.http import HttpResponseRedirect, HttpResponse
from django.template import RequestContext
from juser.models import User, UserGroup, DEPT
from jasset.models import Asset, BisGroup
from jperm.models import Perm, SudoPerm, CmdGroup, DeptPerm
from jperm.models import Perm, SudoPerm, CmdGroup
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.db.models import Q
from jumpserver.views import LDAP_ENABLE, ldap_conn, CONF, page_list_return, pages
from jumpserver.api import user_perm_asset_api, require_admin, require_super_user, require_login
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
from jumpserver.api import *
def user_asset_cmd_groups_get(user_groups_select='', asset_groups_select='', cmd_groups_select=''):
......@@ -65,19 +58,13 @@ def dept_add_asset(dept_id, asset_list):
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
old_perm_asset = [perm.asset for perm in dept.deptperm_set.all()]
new_perm_asset = []
for asset_id in asset_list:
asset = Asset.objects.filter(id=asset_id)
new_perm_asset.extend(asset)
asset_add = [asset for asset in new_perm_asset if asset not in old_perm_asset]
asset_del = [asset for asset in old_perm_asset if asset not in new_perm_asset]
for asset in asset_del:
DeptPerm.objects.filter(dept=dept, asset=asset).delete()
for asset in asset_add:
DeptPerm(dept=dept, asset=asset).save()
dept.asset_set.clear()
dept.asset_set = new_perm_asset
@require_super_user
......@@ -89,7 +76,7 @@ def dept_perm_edit(request):
if dept:
dept = dept[0]
asset_all = Asset.objects.all()
asset_select = [perm.asset for perm in dept.deptperm_set.all()]
asset_select = dept.asset_set.all()
assets = [asset for asset in asset_all if asset not in asset_select]
else:
dept_id = request.POST.get('dept_id')
......
jumpserver/api.py
View file @ 026836eb
......@@ -2,54 +2,117 @@
from django.http import HttpResponseRedirect
import json
import os
from ConfigParser import ConfigParser
import getpass
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
import ldap
from ldap import modlist
from django.http import HttpResponse
from django.http import HttpResponse, Http404
from juser.models import User, UserGroup
from jasset.models import Asset, BisGroup
from jlog.models import Log
def user_perm_group_api(user):
if user:
perm_list = []
user_group_all = user.group.all()
for user_group in user_group_all:
perm_list.extend(user_group.perm_set.all())
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
CONF = ConfigParser()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('web', 'key')
LOGIN_NAME = getpass.getuser()
class PyCrypt(object):
"""This class used to encrypt and decrypt password."""
def __init__(self, key):
self.key = key
self.mode = AES.MODE_CBC
def encrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
length = 16
try:
count = len(text)
except TypeError:
raise ServerError('Encrypt password error, TYpe error.')
add = (length - (count % length))
text += ('\0' * add)
ciphertext = cryptor.encrypt(text)
return b2a_hex(ciphertext)
CRYPTOR = PyCrypt(KEY)
class ServerError(Exception):
pass
class LDAPMgmt():
def __init__(self,
host_url,
base_dn,
root_cn,
root_pw):
self.ldap_host = host_url
self.ldap_base_dn = base_dn
self.conn = ldap.initialize(host_url)
self.conn.set_option(ldap.OPT_REFERRALS, 0)
self.conn.protocol_version = ldap.VERSION3
self.conn.simple_bind_s(root_cn, root_pw)
def list(self, filter, scope=ldap.SCOPE_SUBTREE, attr=None):
result = {}
try:
ldap_result = self.conn.search_s(self.ldap_base_dn, scope, filter, attr)
for entry in ldap_result:
name, data = entry
for k, v in data.items():
print '%s: %s' % (k, v)
result[k] = v
return result
except ldap.LDAPError, e:
print e
def add(self, dn, attrs):
try:
ldif = modlist.addModlist(attrs)
self.conn.add_s(dn, ldif)
except ldap.LDAPError, e:
print e
def modify(self, dn, attrs):
try:
attr_s = []
for k, v in attrs.items():
attr_s.append((2, k, v))
self.conn.modify_s(dn, attr_s)
except ldap.LDAPError, e:
print e
def delete(self, dn):
try:
self.conn.delete_s(dn)
except ldap.LDAPError, e:
print e
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
try:
plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError:
raise ServerError('Decrypt password error, TYpe error.')
return plain_text.rstrip('\0')
asset_group_list = []
for perm in perm_list:
asset_group_list.append(perm.asset_group)
return asset_group_list
def user_perm_asset_api(username):
user = User.objects.filter(username=username)
if user:
user = user[0]
asset_list = []
asset_group_list = user_perm_group_api(user)
for asset_group in asset_group_list:
asset_list.extend(asset_group.asset_set.all())
return asset_list
def asset_perm_api(asset):
if asset:
perm_list = []
asset_group_all = asset.bis_group.all()
for asset_group in asset_group_all:
perm_list.extend(asset_group.perm_set.all())
user_group_list = []
for perm in perm_list:
user_group_list.extend(perm.user_group.all())
user_permed_list = []
for user_group in user_group_list:
user_permed_list.extend(user_group.user_set.all())
return user_permed_list
def require_login(func):
......@@ -79,21 +142,73 @@ def require_admin(func):
def is_super_user(request):
if request.session.get('role_id') == '2':
if request.session.get('role_id') == 2:
return True
else:
return False
def is_group_admin(request):
if request.session.get('role_id') == '1':
if request.session.get('role_id') == 1:
return True
else:
return False
def api_user(request):
hosts = Log.objects.filter(is_finished=0).count()
users = Log.objects.filter(is_finished=0).values('user').distinct().count()
ret = {'users': users, 'hosts': hosts}
json_data = json.dumps(ret)
return HttpResponse(json_data)
def view_splitter(request, su=None, adm=None):
if is_super_user(request):
return su(request)
elif is_group_admin(request):
return adm(request)
raise Http404
def user_perm_group_api(user):
if user:
perm_list = []
user_group_all = user.group.all()
for user_group in user_group_all:
perm_list.extend(user_group.perm_set.all())
asset_group_list = []
for perm in perm_list:
asset_group_list.append(perm.asset_group)
return asset_group_list
def user_perm_asset_api(username):
user = User.objects.filter(username=username)
if user:
user = user[0]
asset_list = []
asset_group_list = user_perm_group_api(user)
for asset_group in asset_group_list:
asset_list.extend(asset_group.asset_set.all())
return asset_list
def asset_perm_api(asset):
if asset:
perm_list = []
asset_group_all = asset.bis_group.all()
for asset_group in asset_group_all:
perm_list.extend(asset_group.perm_set.all())
user_group_list = []
for perm in perm_list:
user_group_list.extend(perm.user_group.all())
user_permed_list = []
for user_group in user_group_list:
user_permed_list.extend(user_group.user_set.all())
return user_permed_list
jumpserver/templatetags/mytags.py
View file @ 026836eb
......@@ -115,7 +115,7 @@ def dept_asset_num(dept_id):
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
return dept.deptperm_set.all().count()
return dept.asset_set.all().count()
return 0
......
jumpserver/views.py
View file @ 026836eb
#coding: utf-8
import hashlib
import ldap
from ldap import modlist
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
from ConfigParser import ConfigParser
import os
import datetime
......@@ -21,18 +17,23 @@ from django.template import RequestContext
from juser.models import User, UserGroup
from jlog.models import Log
from jasset.models import Asset, BisGroup, IDC
from jumpserver.api import require_admin, require_super_user, require_login
from jumpserver.api import require_admin, require_super_user, require_login, CRYPTOR, LDAPMgmt
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
CONF = ConfigParser()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
else:
ldap_conn = None
def md5_crypt(string):
......@@ -114,10 +115,6 @@ def jasset_group_add(name, comment, jtype):
smg = u'业务组%s添加成功' % name
class ServerError(Exception):
pass
def page_list_return(total, current=1):
min_page = current - 2 if current - 4 > 0 else 1
max_page = min_page + 4 if min_page + 4 < total else total
......@@ -217,83 +214,6 @@ def logout(request):
return HttpResponseRedirect('/login/')
class LDAPMgmt():
def __init__(self,
host_url,
base_dn,
root_cn,
root_pw):
self.ldap_host = host_url
self.ldap_base_dn = base_dn
self.conn = ldap.initialize(host_url)
self.conn.set_option(ldap.OPT_REFERRALS, 0)
self.conn.protocol_version = ldap.VERSION3
self.conn.simple_bind_s(root_cn, root_pw)
def list(self, filter, scope=ldap.SCOPE_SUBTREE, attr=None):
result = {}
try:
ldap_result = self.conn.search_s(self.ldap_base_dn, scope, filter, attr)
for entry in ldap_result:
name, data = entry
for k, v in data.items():
print '%s: %s' % (k, v)
result[k] = v
return result
except ldap.LDAPError, e:
print e
def add(self, dn, attrs):
try:
ldif = modlist.addModlist(attrs)
self.conn.add_s(dn, ldif)
except ldap.LDAPError, e:
print e
def modify(self, dn, attrs):
try:
attr_s = []
for k, v in attrs.items():
attr_s.append((2, k, v))
self.conn.modify_s(dn, attr_s)
except ldap.LDAPError, e:
print e
def delete(self, dn):
try:
self.conn.delete_s(dn)
except ldap.LDAPError, e:
print e
class PyCrypt(object):
"""This class used to encrypt and decrypt password."""
def __init__(self, key):
self.key = key
self.mode = AES.MODE_CBC
def encrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
length = 16
try:
count = len(text)
except TypeError:
raise ServerError('Encrypt password error, TYpe error.')
add = (length - (count % length))
text += ('\0' * add)
ciphertext = cryptor.encrypt(text)
return b2a_hex(ciphertext)
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
try:
plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError:
raise ServerError('Decrypt password error, TYpe error.')
return plain_text.rstrip('\0')
def filter_ajax_api(request):
attr = request.GET.get('attr', 'user')
value = request.GET.get('value', '')
......@@ -331,15 +251,15 @@ def filter_ajax_api(request):
# return assets
if LDAP_ENABLE:
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
else:
ldap_conn = None
def install(request):
from juser.models import DEPT
DEPT(id=1, name="跨部门", comment="跨部门小组使用").save()
DEPT(id=2, name="默认", comment="默认部门").save()
from juser.models import DEPT, User
dept = DEPT(id=1, name="超管部", comment="超级管理员部门")
dept.save()
dept2 = DEPT(id=2, name="默认", comment="默认部门")
dept2.save()
User(id=5000, username="admin", password=md5_crypt('admin'),
name='admin', email='admin@jumpserver.org', role='SU', is_active=True, dept=dept).save()
User(id=5001, username="group_admin", password=md5_crypt('group_admin'),
name='group_admin', email='group_admin@jumpserver.org', role='DA', is_active=True, dept=dept2).save()
return HttpResponse('Ok')
juser/urls.py
View file @ 026836eb
from django.conf.urls import patterns, include, url
from jumpserver.api import view_splitter
from juser.views import *
urlpatterns = patterns('juser.views',
# Examples:
......@@ -14,7 +15,7 @@ urlpatterns = patterns('juser.views',
(r'^dept_del_ajax/$', 'dept_del_ajax'),
(r'^dept_edit/$', 'dept_edit'),
(r'^group_add/$', 'group_add'),
(r'^group_list/$', 'group_list'),
(r'^group_list/$', view_splitter, {'su': group_list_su, 'adm': group_list_adm}),
(r'^group_detail/$', 'group_detail'),
(r'^group_del/$', 'group_del'),
(r'^group_del_ajax/$', 'group_del_ajax'),
......
juser/views.py
View file @ 026836eb
......@@ -16,15 +16,13 @@ from django.core.exceptions import ObjectDoesNotExist
from django.db.models import Q
from django.template import RequestContext
from django.http import HttpResponse
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from juser.models import UserGroup, User, DEPT
from connect import PyCrypt, KEY
from connect import BASE_DIR
from connect import CONF
from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages
from jumpserver.api import user_perm_group_api, require_login, require_super_user, \
require_admin, is_group_admin, is_super_user
require_admin, is_group_admin, is_super_user, CRYPTOR
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
......@@ -32,10 +30,8 @@ if LDAP_ENABLE:
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
CRYPTOR = PyCrypt(KEY)
def gen_rand_pwd(num):
def gen_rand_wd(num):
"""生成随机密码"""
seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
salt_list = []
......@@ -366,25 +362,28 @@ def group_add(request):
return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_list(request):
@require_super_user
def group_list_su(request):
header_title, path1, path2 = '查看小组', '用户管理', '查看小组'
keyword = request.GET.get('search', '')
contact_list = []
if is_super_user(request):
if keyword:
contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
else:
contact_list = UserGroup.objects.all().order_by('name')
elif is_group_admin(request):
user_id = request.session.get('user_id', '')
user = User.objects.filter(id=user_id)
if user:
user = user[0]
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_list_adm(request):
header_title, path1, path2 = '查看部门小组', '用户管理', '查看小组'
keyword = request.GET.get('search', '')
user_id = request.session.get('user_id')
if keyword:
contact_list = UserGroup.objects.filter(Q(dept=user.dept) & Q(name__icontains=keyword) | Q(comment__icontains=keyword))
contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
else:
contact_list = UserGroup.objects.filter(dept=user.dept).order_by('name')
contact_list = UserGroup.objects.all().order_by('name')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request))
......
templates/juser/dept_list.html
View file @ 026836eb
......@@ -96,6 +96,7 @@
$(".iframe").colorbox({iframe:true, width:"70%", height:"70%"});
var check_array = []
$('#del_btn').click(function(){
if (confirm("确定删除")) {
$(".gradeX input:checked").each(function() {check_array.push($(this).attr("value")) })
$(".gradeX input:checked").closest("tr").remove()
$.post("/juser/dept_del_ajax/",
......@@ -104,6 +105,8 @@
alert(data)
}
)
}
})
});
......
templates/juser/group_list.html
View file @ 026836eb
......@@ -95,14 +95,16 @@
$(".iframe").colorbox({iframe:true, width:"70%", height:"70%"});
var check_array = []
$('#del_btn').click(function(){
if (confirm("确定删除")) {
$(".gradeX input:checked").each(function() {check_array.push($(this).attr("value")) })
$(".gradeX input:checked").closest("tr").remove()
$.post("/juser/group_del_ajax/",
{group_ids: check_array.join(",")},
function(data){
alert(data)
}
)
}
})
});
......
templates/juser/user_list.html
View file @ 026836eb
......@@ -99,14 +99,17 @@
$(".iframe").colorbox({iframe:true, width:"70%", height:"70%"});
var check_array = []
$('#del_btn').click(function(){
if (confirm("确定删除")) {
$(".gradeX input:checked").each(function() {check_array.push($(this).attr("value")) })
$(".gradeX input:checked").closest("tr").remove()
$.post("/juser/user_del_ajax/",
{ids: check_array.join(",")},
function(data){
alert(data)
window.open("/juser/user_list/", "_self");
}
)
}
})
});
......
templates/paginator.html
View file @ 026836eb
......@@ -12,7 +12,7 @@
</li>
{% endif %}
{% ifequal show_first 1 %}
<li class="paginate_button" aria-controls="editable" tabindex="0"><a href="?keyword={{ keyword }}&ppage=1" title="第1页">1...</a></li>
<li class="paginate_button" aria-controls="editable" tabindex="0"><a href="?keyword={{ keyword }}&page=1" title="第1页">1...</a></li>
{% endifequal %}
{% for page in page_range %}
{% ifequal current_page page %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment