version 2.0.0 beta

.gitignore

+*.py[cod]
 .idea
-*.pyc
-*.log
+test.py
+
+# C extensions
+*.so
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+lib
+lib64
+__pycache__
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+nosetests.xml
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+node_modules
+logs
+keys
+jumpserver.conf
+nohup.out

README.md

-Jumpserver是什么？
------------------
-Jumpserver是用Python+Django写的一个开源的跳板机(堡垒机)项目，来集中管理服务器的账号、密码和权限。
-
-1.1版本更新
------------------
-更新Log见笔者blog<br>
-http://laoguang.blog.51cto.com/6013350/1576502
-
-部署文档
------------------
-部署文档见笔者blog<br>
-http://laoguang.blog.51cto.com/6013350/1576729
-
-功能截图
------------------
-1. 安装<br>
- ![install](https://github.com/ibuler/static/blob/master/jumpserver1.1/1.%20install.png)
-2. 登陆<br>
- ![login](https://github.com/ibuler/static/blob/master/jumpserver1.1/2.login.png)
-3. 添加组<br>
-![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/3.addgroup.png)
-4. 添加用户<br>![adduser](https://github.com/ibuler/static/blob/master/jumpserver1.1/5.adduser.png)
-5. 添加主机<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/9.addhost.png)
-6. 添加权限<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/11.addperm.png)
-7. 查看权限<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/13.showperm.png)
-8. 下载私钥<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/16.downkey.png)
-9. 登陆shell<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/17.loginshell.png)
-10. 显示有权限的主机<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/18.p.png)
-11. 批量执行命令<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/19.e.png)
-12. 登陆有权限的主机<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/20.%20loginserver.png)
-13. 查看sudo<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/22.showsudo.png)
-14. 修改sudo<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/25.addsudohost.png)
-15. 查看实时监控<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/29.monitor1ok.png)
-16. 结束会话<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/28.%20killsession.png)
-17. 查看统计日志<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/30.viewlog2.png)
-18. 修改密码<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/34.modpass.png)
-19. 下载文件<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/32.downfile.png)
-20. 上传文件<br>![addgroup](https://github.com/ibuler/static/blob/master/jumpserver1.1/30.upfile.png)
+# jumpserver
+#

docs/AddUserAsset.py

+#coding:utf-8
+import django
+import os
+import sys
+import random
+import datetime
+
+sys.path.append('../')
+os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
+django.setup()
+
+
+from juser.views import db_add_user, md5_crypt, CRYPTOR, db_add_group
+from jasset.models import Asset, IDC, BisGroup
+from juser.models import UserGroup, DEPT, User
+from jperm.models import CmdGroup
+from jlog.models import Log
+
+
+def install():
+    IDC.objects.create(name='ALL', comment='ALL')
+    IDC.objects.create(name='默认', comment='默认')
+    DEPT.objects.create(name="默认", comment="默认部门")
+    DEPT.objects.create(name="超管部", comment="超级管理员部门")
+    dept = DEPT.objects.get(name='超管部')
+    dept2 = DEPT.objects.get(name='默认')
+    UserGroup.objects.create(name='ALL', dept=dept, comment='ALL')
+    UserGroup.objects.create(name='默认', dept=dept, comment='默认')
+
+    BisGroup.objects.create(name='ALL', dept=dept, comment='ALL')
+    BisGroup.objects.create(name='默认', dept=dept, comment='默认')
+
+    User(id=5000, username="admin", password=md5_crypt('admin'),
+         name='admin', email='admin@jumpserver.org', role='SU', is_active=True, dept=dept).save()
+    User(id=5001, username="group_admin", password=md5_crypt('group_admin'),
+         name='group_admin', email='group_admin@jumpserver.org', role='DA', is_active=True, dept=dept2).save()
+
+
+def test_add_idc():
+    for i in range(1, 20):
+        name = 'IDC' + str(i)
+        IDC.objects.create(name=name, comment='')
+        print 'Add: %s' % name
+
+
+def test_add_dept():
+    for i in range(1, 100):
+        name = 'DEPT' + str(i)
+        print "Add: %s" % name
+        DEPT.objects.create(name=name, comment=name)
+
+
+def test_add_group():
+    dept_all = DEPT.objects.all()
+    for i in range(1, 100):
+        name = 'UserGroup' + str(i)
+        UserGroup.objects.create(name=name, dept=random.choice(dept_all), comment=name)
+        print 'Add: %s' % name
+
+
+def test_add_cmd_group():
+    for i in range(1, 20):
+        name = 'CMD' + str(i)
+        cmd = '/sbin/ping%s, /sbin/ifconfig/' % str(i)
+        CmdGroup.objects.create(name=name, cmd=cmd, comment=name)
+        print 'Add: %s' % name
+
+
+def test_add_user():
+    for i in range(1, 500):
+        username = "test" + str(i)
+        dept_all = DEPT.objects.all()
+        group_all = UserGroup.objects.all()
+        group_all_id = [group.id for group in group_all]
+        db_add_user(username=username,
+                    password=md5_crypt(username),
+                    dept=random.choice(dept_all),
+                    name=username, email='%s@jumpserver.org' % username,
+                    groups=[random.choice(group_all_id) for i in range(1, 4)], role='CU',
+                    ssh_key_pwd=CRYPTOR.encrypt(username),
+                    ldap_pwd=CRYPTOR.encrypt(username),
+                    is_active=True,
+                    date_joined=datetime.datetime.now())
+        print "Add: %s" % username
+
+
+def test_add_asset_group():
+    dept = DEPT.objects.get(name='默认')
+    for i in range(1, 20):
+        name = 'AssetGroup' + str(i)
+        group = BisGroup(name=name, dept=dept, comment=name)
+        group.save()
+        print 'Add: %s' % name
+
+
+def test_add_asset():
+    idc_all = IDC.objects.all()
+    test_idc = random.choice(idc_all)
+    bis_group_all = BisGroup.objects.all()
+    dept_all = DEPT.objects.all()
+    for i in range(1, 500):
+        ip = '192.168.1.' + str(i)
+        asset = Asset(ip=ip, port=22, login_type='L', idc=test_idc, is_active=True, comment='test')
+        asset.save()
+        asset.bis_group = [random.choice(bis_group_all) for i in range(2)]
+        asset.dept = [random.choice(dept_all) for i in range(2)]
+        print "Add: %s" % ip
+
+
+def test_add_log():
+    li_date = []
+    today = datetime.date.today()
+    oneday = datetime.timedelta(days=1)
+    for i in range(0, 7):
+        today = today-oneday
+        li_date.append(today)
+    user_list = ['马云', '马化腾', '丁磊', '周鸿祎', '雷军', '柳传志', '陈天桥', '李彦宏', '李开复', '罗永浩']
+    for i in range(1, 1000):
+        user = random.choice(user_list)
+        ip = random.randint(1, 20)
+        start_time = random.choice(li_date)
+        end_time = datetime.datetime.now()
+        log_path = '/var/log/jumpserver/test.log'
+        host = '192.168.1.' + str(ip)
+        Log.objects.create(user=user, host=host, remote_ip='8.8.8.8', dept_name='运维部', log_path=log_path, pid=168, start_time=start_time,
+                           is_finished=1, log_finished=1, end_time=end_time)
+
+
+if __name__ == '__main__':
+    #install()
+    test_add_dept()
+    test_add_group()
+    test_add_user()
+    test_add_idc()
+    test_add_asset_group()
+    test_add_asset()
+    test_add_log()
+
+
+
+

docs/developer_doc.txt

+# coding: utf8
+
+Jumpserver开发者文档
+
+开发规范：
+  1. 遵守PE8规范  1) 命名规范  2) 导入模块规范 3) 空行规范 4) 长度规范
+  2. 缩进统一4个空格
+  3. 变量命名明了易懂多个单词下划线隔开
+  4. 注释到位
+
+
+框架说明：
+  1. 项目名称 Jumpserver
+  2. APP:
+       juser 			用户管理
+       jasset 			资产管理(设备管理)
+       jpermission 		授权管理
+       jlog				日志管理
+  3. connect.py 		用户登录入口程序
+  4. logs        		日志保存目录
+  5. jumpserver.conf 	配置文件
+  6. docs               文档目录
+  7. static             静态文件目录
+  8. templates          模板目录
+
+
+connect.py逻辑说明：
+  用户登录系统，运行该脚本，p调用get_user_host函数查看有权限的服务器ip
+  输入部分IP，verify_connect匹配该部分ip,如果是匹配到多个，就显示ip
+                                      匹配到0了就显示没有权限或者主机，
+                                      匹配到1个则继续
+  查询该服务器是否支持ldap 如果是，获得ldap用户密码登陆
+                         如果否，查询授权表，查看该服务器授权的角色，并返回对应账号密码，登陆
+  connect函数是登陆函数，采用paramiko 使用channel登陆，posix_shell 来完成交互，并记录日志
+  signal模块来完成窗口改变导致的tty大小随之改变
+  PyCrypt是对称加密类
\ No newline at end of file

docs/install.py

+#coding:utf-8
+import django
+import os
+import sys
+import random
+import datetime
+
+sys.path.append('../')
+os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
+django.setup()
+
+
+from juser.views import db_add_user, md5_crypt, CRYPTOR, db_add_group
+from jasset.models import Asset, IDC, BisGroup
+from juser.models import UserGroup, DEPT, User
+from jasset.views import jasset_group_add
+from jperm.models import CmdGroup
+from jlog.models import Log
+
+
+def install():
+    IDC.objects.create(name='ALL', comment='ALL')
+    IDC.objects.create(name='默认', comment='默认')
+    DEPT.objects.create(name="默认", comment="默认部门")
+    DEPT.objects.create(name="超管部", comment="超级管理员部门")
+    dept = DEPT.objects.get(name='超管部')
+    dept2 = DEPT.objects.get(name='默认')
+    UserGroup.objects.create(name='ALL', dept=dept, comment='ALL')
+    UserGroup.objects.create(name='默认', dept=dept, comment='默认')
+
+    BisGroup.objects.create(name='ALL', dept=dept, comment='ALL')
+    BisGroup.objects.create(name='默认', dept=dept, comment='默认')
+
+    User(id=5000, username="admin", password=md5_crypt('admin'),
+         name='admin', email='admin@jumpserver.org', role='SU', is_active=True, dept=dept).save()
+    User(id=5001, username="group_admin", password=md5_crypt('group_admin'),
+         name='group_admin', email='group_admin@jumpserver.org', role='DA', is_active=True, dept=dept2).save()
+
+
+def test_add_idc():
+    for i in range(1, 20):
+        name = 'IDC' + str(i)
+        IDC.objects.create(name=name, comment='')
+        print 'Add: %s' % name
+
+
+def test_add_dept():
+    for i in range(1, 100):
+        name = 'DEPT' + str(i)
+        print "Add: %s" % name
+        DEPT.objects.create(name=name, comment=name)
+
+
+def test_add_group():
+    dept_all = DEPT.objects.all()
+    for i in range(1, 100):
+        name = 'UserGroup' + str(i)
+        UserGroup.objects.create(name=name, dept=random.choice(dept_all), comment=name)
+        print 'Add: %s' % name
+
+
+def test_add_cmd_group():
+    for i in range(1, 20):
+        name = 'CMD' + str(i)
+        cmd = '/sbin/ping%s, /sbin/ifconfig/' % str(i)
+        CmdGroup.objects.create(name=name, cmd=cmd, comment=name)
+        print 'Add: %s' % name
+
+
+def test_add_user():
+    for i in range(1, 500):
+        username = "test" + str(i)
+        dept_all = DEPT.objects.all()
+        group_all = UserGroup.objects.all()
+        group_all_id = [group.id for group in group_all]
+        db_add_user(username=username,
+                    password=md5_crypt(username),
+                    dept=random.choice(dept_all),
+                    name=username, email='%s@jumpserver.org' % username,
+                    groups=[random.choice(group_all_id) for i in range(1, 4)], role='CU',
+                    ssh_key_pwd=CRYPTOR.encrypt(username),
+                    ldap_pwd=CRYPTOR.encrypt(username),
+                    is_active=True,
+                    date_joined=datetime.datetime.now())
+        print "Add: %s" % username
+
+
+def test_add_asset_group():
+    dept = DEPT.objects.get(name='默认')
+    for i in range(1, 20):
+        name = 'AssetGroup' + str(i)
+        group = BisGroup(name=name, dept=dept, comment=name)
+        group.save()
+        print 'Add: %s' % name
+
+
+def test_add_asset():
+    idc_all = IDC.objects.all()
+    test_idc = random.choice(idc_all)
+    bis_group_all = BisGroup.objects.all()
+    dept_all = DEPT.objects.all()
+    for i in range(1, 500):
+        ip = '192.168.1.' + str(i)
+        asset = Asset(ip=ip, port=22, login_type='L', idc=test_idc, is_active=True, comment='test')
+        asset.save()
+        asset.bis_group = [random.choice(bis_group_all) for i in range(2)]
+        asset.dept = [random.choice(dept_all) for i in range(2)]
+        print "Add: %s" % ip
+
+
+def test_add_log():
+    li_date = []
+    today = datetime.date.today()
+    oneday = datetime.timedelta(days=1)
+    for i in range(0, 7):
+        today = today-oneday
+        li_date.append(today)
+    user_list = ['马云', '马化腾', '丁磊', '周鸿祎', '雷军', '柳传志', '陈天桥', '李彦宏', '李开复', '罗永浩']
+    for i in range(1, 1000):
+        user = random.choice(user_list)
+        ip = random.randint(1, 20)
+        start_time = random.choice(li_date)
+        end_time = datetime.datetime.now()
+        log_path = '/var/log/jumpserver/test.log'
+        host = '192.168.1.' + str(ip)
+        Log.objects.create(user=user, host=host, log_path=log_path, pid=168, start_time=start_time,
+                           is_finished=1, log_finished=1, end_time=end_time)
+
+
+if __name__ == '__main__':
+    install()
+
+
+
+

scripts/requirements.txt → docs/require.txt

 pexpect==3.3
 sphinx-me==0.3
-django==1.7.1
+django==1.6
 python-ldap==2.4.18
 paramiko==1.15.1
 pycrypto==2.6.1
 ecdsa>=0.11
 MySQL-python==1.2.5
 readline
+django-uuidfield
\ No newline at end of file

jasset/models.py

+import datetime
+from django.db import models
+from juser.models import User, UserGroup, DEPT
+
+
+class IDC(models.Model):
+    name = models.CharField(max_length=40, unique=True)
+    comment = models.CharField(max_length=80, blank=True, null=True)
+
+    def __unicode__(self):
+        return self.name
+
+
+class BisGroup(models.Model):
+    GROUP_TYPE = (
+        ('P', 'PRIVATE'),
+        ('A', 'ASSET'),
+    )
+    name = models.CharField(max_length=80, unique=True)
+    dept = models.ForeignKey(DEPT)
+    comment = models.CharField(max_length=160, blank=True, null=True)
+
+    def __unicode__(self):
+        return self.name
+
+
+class Asset(models.Model):
+    LOGIN_TYPE_CHOICES = (
+        ('L', 'LDAP'),
+        ('M', 'MAP'),
+    )
+    ip = models.IPAddressField(unique=True)
+    port = models.SmallIntegerField(max_length=5)
+    idc = models.ForeignKey(IDC)
+    bis_group = models.ManyToManyField(BisGroup)
+    dept = models.ManyToManyField(DEPT)
+    login_type = models.CharField(max_length=1, choices=LOGIN_TYPE_CHOICES, default='L')
+    username = models.CharField(max_length=20, blank=True, null=True)
+    password = models.CharField(max_length=80, blank=True, null=True)
+    date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True)
+    is_active = models.BooleanField(default=True)
+    comment = models.CharField(max_length=100, blank=True, null=True)
+
+    def __unicode__(self):
+        return self.ip
+
+
+class AssetAlias(models.Model):
+    user = models.ForeignKey(User)
+    host = models.ForeignKey(Asset)
+    alias = models.CharField(max_length=100, blank=True, null=True)
+
+    def __unicode__(self):
+        return self.comment
\ No newline at end of file

jasset/urls.py

+# coding:utf-8
+from django.conf.urls import patterns, include, url
+from jasset.views import *
+
+urlpatterns = patterns('',
+    url(r'^host_add/$', host_add),
+    url(r"^host_add_multi/$", host_add_batch),
+    url(r'^host_list/$', host_list),
+    url(r'^search/$', host_search),
+    url(r"^host_detail/$", host_detail),
+    url(r"^dept_host_ajax/$", dept_host_ajax),
+    url(r"^show_all_ajax/$", show_all_ajax),
+    url(r'^idc_add/$', idc_add),
+    url(r'^idc_list/$', idc_list),
+    url(r'^idc_edit/$', idc_edit),
+    url(r'^idc_detail/$', idc_detail),
+    url(r'^idc_del/$', idc_del),
+    url(r'^group_add/$', group_add),
+    url(r'^group_edit/$', group_edit),
+    url(r'^group_list/$', group_list),
+    url(r'^group_detail/$', group_detail),
+    url(r'^group_del_host/$', group_del_host),
+    url(r'^group_del/$', group_del),
+    url(r'^host_del/(\w+)/$', host_del),
+    url(r'^host_edit/$', view_splitter, {'su': host_edit, 'adm': host_edit_adm}),
+    url(r'^host_edit/batch/$', host_edit_batch),
+    url(r'^host_edit_common/batch/$', host_edit_common_batch),
+)
\ No newline at end of file

jlog/models.py

+from django.db import models
+
+
+class Log(models.Model):
+    user = models.CharField(max_length=20, null=True)
+    host = models.CharField(max_length=20, null=True)
+    remote_ip = models.CharField(max_length=100)
+    dept_name = models.CharField(max_length=20)
+    log_path = models.CharField(max_length=100)
+    start_time = models.DateTimeField(null=True)
+    pid = models.IntegerField(max_length=10)
+    is_finished = models.BooleanField(default=False)
+    log_finished = models.BooleanField(default=False)
+    end_time = models.DateTimeField(null=True)
+
+    def __unicode__(self):
+        return self.log_path
\ No newline at end of file

jlog/urls.py

+# coding:utf-8
+from django.conf.urls import patterns, include, url
+from jlog.views import *
+
+urlpatterns = patterns('',
+    url(r'^$', log_list),
+    url(r'^log_list/(\w+)/$', log_list),
+    url(r'^log_kill/', log_kill),
+    url(r'^history/$', log_history),
+    url(r'^search/$', log_search),
+)
\ No newline at end of file

jlog/views.py

+# coding:utf-8
+from django.db.models import Q
+from django.template import RequestContext
+from django.shortcuts import render_to_response
+
+from jumpserver.api import *
+from jasset.views import httperror
+from django.http import HttpResponseNotFound
+
+CONF = ConfigParser()
+CONF.read('%s/jumpserver.conf' % BASE_DIR)
+
+
+def get_user_info(request, offset):
+    """ 获取用户信息及环境 """
+    env_dic = {'online': 0, 'offline': 1}
+    env = env_dic[offset]
+    keyword = request.GET.get('keyword', '')
+    user_info = get_session_user_info(request)
+    user_id, username = user_info[0:2]
+    dept_id, dept_name = user_info[3:5]
+    ret = [request, keyword, env, username, dept_name]
+
+    return ret
+
+
+def get_user_log(ret_list):
+    """ 获取不同类型用户日志记录 """
+    request, keyword, env, username, dept_name = ret_list
+    post_all = Log.objects.filter(is_finished=env).order_by('-start_time')
+    post_keyword_all = Log.objects.filter(Q(user__contains=keyword) |
+                                          Q(host__contains=keyword)) \
+        .filter(is_finished=env).order_by('-start_time')
+
+    if is_super_user(request):
+        if keyword:
+            posts = post_keyword_all
+        else:
+            posts = post_all
+
+    elif is_group_admin(request):
+        if keyword:
+            posts = post_keyword_all.filter(dept_name=dept_name)
+        else:
+            posts = post_all.filter(dept_name=dept_name)
+
+    elif is_common_user(request):
+        if keyword:
+            posts = post_keyword_all.filter(user=username)
+        else:
+            posts = post_all.filter(user=username)
+
+    return posts
+
+
+@require_login
+def log_list(request, offset):
+    """ 显示日志 """
+    header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户'
+    keyword = request.GET.get('keyword', '')
+    web_socket_host = CONF.get('websocket', 'web_socket_host')
+    posts = get_user_log(get_user_info(request, offset))
+    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
+
+    return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request))
+
+
+@require_admin
+def log_kill(request):
+    """ 杀掉connect进程 """
+    pid = request.GET.get('id', '')
+    log = Log.objects.filter(pid=pid)
+    if log:
+        log = log.first()
+        dept_name = log.dept_name
+        deptname = get_session_user_info(request)[4]
+        if is_group_admin(request) and dept_name != deptname:
+            return httperror(request, u'Kill失败, 您无权操作!')
+        os.kill(int(pid), 9)
+        Log.objects.filter(pid=pid).update(is_finished=1, end_time=datetime.datetime.now())
+        return render_to_response('jlog/log_offline.html', locals(), context_instance=RequestContext(request))
+    else:
+        return HttpResponseNotFound(u'没有此进程!')
+
+
+@require_login
+def log_history(request):
+    """ 命令历史记录 """
+    log_id = request.GET.get('id', 0)
+    log = Log.objects.filter(id=int(log_id))
+    if log:
+        log = log.first()
+        dept_name = log.dept_name
+        deptname = get_session_user_info(request)[4]
+        if is_group_admin(request) and dept_name != deptname:
+            return httperror(request, '查看失败, 您无权查看!')
+
+        elif is_common_user(request):
+            return httperror(request, '查看失败, 您无权查看!')
+
+        log_his = "%s.his" % log.log_path
+        if os.path.isfile(log_his):
+            f = open(log_his)
+            content = f.read()
+            return HttpResponse(content)
+        else:
+            return httperror(request, '无日志记录, 请查看日志处理脚本是否开启!')
+
+
+@require_login
+def log_search(request):
+    """ 日志搜索 """
+    offset = request.GET.get('env', '')
+    keyword = request.GET.get('keyword', '')
+    posts = get_user_log(get_user_info(request, offset))
+    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
+    return render_to_response('jlog/log_search.html', locals(), context_instance=RequestContext(request))

jperm/admin.py

+from django.contrib import admin
+
+# Register your models here.

jperm/models.py

+import datetime
+
+from uuidfield import UUIDField
+
+from django.db import models
+from juser.models import UserGroup, DEPT
+from jasset.models import Asset, BisGroup
+
+
+class Perm(models.Model):
+    user_group = models.ForeignKey(UserGroup)
+    asset_group = models.ForeignKey(BisGroup)
+
+    def __unicode__(self):
+        return '%s_%s' % (self.user_group.name, self.asset_group.name)
+
+
+class CmdGroup(models.Model):
+    name = models.CharField(max_length=50, unique=True)
+    cmd = models.CharField(max_length=999)
+    dept = models.ForeignKey(DEPT)
+    comment = models.CharField(blank=True, null=True, max_length=50)
+
+    def __unicode__(self):
+        return self.name
+
+
+class SudoPerm(models.Model):
+    user_group = models.ForeignKey(UserGroup)
+    user_runas = models.CharField(max_length=100)
+    asset_group = models.ManyToManyField(BisGroup)
+    cmd_group = models.ManyToManyField(CmdGroup)
+    comment = models.CharField(max_length=30, null=True, blank=True)
+
+    def __unicode__(self):
+        return self.user_group.name
+
+
+class Apply(models.Model):
+    uuid = UUIDField(auto=True)
+    applyer = models.CharField(max_length=20)
+    admin = models.CharField(max_length=20)
+    approver = models.CharField(max_length=20)
+    dept = models.CharField(max_length=20)
+    bisgroup = models.CharField(max_length=500)
+    asset = models.CharField(max_length=500)
+    comment = models.TextField(blank=True, null=True)
+    status = models.IntegerField(max_length=2)
+    date_add = models.DateTimeField(null=True)
+    date_end = models.DateTimeField(null=True)
+    read = models.IntegerField(max_length=2)
+
+    def __unicode__(self):
+        return self.applyer

jperm/tests.py

+from django.test import TestCase
+
+# Create your tests here.

jperm/urls.py

+from django.conf.urls import patterns, include, url
+from jperm.views import *
+
+urlpatterns = patterns('jperm.views',
+    # Examples:
+    # url(r'^$', 'jumpserver.views.home', name='home'),
+    # url(r'^blog/', include('blog.urls')),
+
+    (r'^perm_edit/$', view_splitter, {'su': perm_edit, 'adm': perm_edit_adm}),
+    (r'^dept_perm_edit/$', 'dept_perm_edit'),
+    (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}),
+    (r'^dept_perm_list/$', 'dept_perm_list'),
+    (r'^perm_user_detail/$', 'perm_user_detail'),
+    (r'^perm_detail/$', 'perm_detail'),
+    (r'^perm_del/$', 'perm_del'),
+    (r'^perm_asset_detail/$', 'perm_asset_detail'),
+    (r'^sudo_list/$', view_splitter, {'su': sudo_list, 'adm': sudo_list_adm}),
+    (r'^sudo_del/$', 'sudo_del'),
+    (r'^sudo_edit/$', view_splitter, {'su': sudo_edit, 'adm': sudo_edit_adm}),
+    (r'^sudo_refresh/$', 'sudo_refresh'),
+    (r'^sudo_detail/$', 'sudo_detail'),
+    (r'^cmd_add/$', view_splitter, {'su': cmd_add, 'adm': cmd_add_adm}),
+    (r'^cmd_list/$', 'cmd_list'),
+    (r'^cmd_del/$', 'cmd_del'),
+    (r'^cmd_edit/$', 'cmd_edit'),
+    (r'^cmd_detail/$', 'cmd_detail'),
+    (r'^apply/$', 'perm_apply'),
+    (r'^apply_show/(\w+)/$', 'perm_apply_log'),
+    (r'^apply_exec/$', 'perm_apply_exec'),
+    (r'^apply_info/$', 'perm_apply_info'),
+    (r'^apply_del/$', 'perm_apply_del'),
+    (r'^apply_search/$', 'perm_apply_search'),
+)

jumpserver.conf

-#coding:utf-8
+#coding: utf8
+
+[base]
+ip = 192.168.20.209
+port = 80
+key = 88aaaf7ffe3c6c04
+
 
 [db]
 host = 127.0.0.1
 port = 3306
-user = root
-password = redhat
-db = jumpserver
+user = jumpserver
+password = mysql234
+database = jumpserver
 
-[jumpserver]
-key = 88aaaf7ffe3c6c04
-ldap_host = ldap://127.0.0.1:389
-ldap_base_dn = dc=yolu,dc=com
-admin_cn = cn=admin,dc=yolu,dc=com
-admin_pass = VNLqNCjpNBIetEoCA2h3
-web_socket_host = 172.10.10.9:3000
\ No newline at end of file
+
+[ldap]
+ldap_enable = 1
+host_url = ldap://127.0.0.1:389
+base_dn = dc=jumpserver, dc=org
+root_dn = cn=admin,dc=jumpserver,dc=org
+root_pw = secret234
+
+
+[websocket]
+web_socket_host = 192.168.20.209:3000
+
+
+[mail]
+email_host = smtp.exmail.qq.com
+email_port = 25
+email_host_user = noreply@jumpserver.org
+email_host_password = jumpserver123
+email_use_tls = False

jumpserver.py

-#!/usr/bin/python
-# coding: utf-8
-
-
-import os
-import sys
-import subprocess
-import struct
-import fcntl
-import termios
-import signal
-import re
-import time
-from Crypto.Cipher import AES
-from binascii import b2a_hex, a2b_hex
-import ConfigParser
-import paramiko
-import pxssh
-import pexpect
-import readline
-
-cur_dir = os.path.abspath(os.path.dirname(__file__))
-sys.path.append('%s/webroot/AutoSa/' % cur_dir)
-os.environ['DJANGO_SETTINGS_MODULE'] = 'AutoSa.settings'
-
-import django
-django.setup()
-from UserManage.models import User, Logs, Pid
-from Assets.models import Assets
-
-
-cf = ConfigParser.ConfigParser()
-cf.read('%s/jumpserver.conf' % cur_dir)
-
-db_host = cf.get('db', 'host')
-db_port = cf.getint('db', 'port')
-db_user = cf.get('db', 'user')
-db_password = cf.get('db', 'password')
-db_db = cf.get('db', 'db')
-log_dir = os.path.join(cur_dir, 'logs')
-key = cf.get('jumpserver', 'key')
-
-
-class PyCrypt(object):
-    """It's used to encrypt and decrypt password."""
-    def __init__(self, key):
-        self.key = key
-        self.mode = AES.MODE_CBC
-
-    def encrypt(self, text):
-        cryptor = AES.new(self.key, self.mode, b'0000000000000000')
-        length = 16
-        count = len(text)
-        if count < length:
-            add = (length - count)
-            text += ('\0' * add)
-        elif count > length:
-            add = (length - (count % length))
-            text += ('\0' * add)
-        ciphertext = cryptor.encrypt(text)
-        return b2a_hex(ciphertext)
-
-    def decrypt(self, text):
-        cryptor = AES.new(self.key, self.mode, b'0000000000000000')
-        plain_text = cryptor.decrypt(a2b_hex(text))
-        return plain_text.rstrip('\0')
-
-
-def sigwinch_passthrough(sig, data):
-    """This function use to set the window size of the terminal!"""
-    winsize = getwinsize()
-    try:
-        foo.setwinsize(winsize[0], winsize[1])
-    except:
-        pass
-
-
-def getwinsize():
-    """This function use to get the size of the windows!"""
-    if 'TIOCGWINSZ' in dir(termios):
-        TIOCGWINSZ = termios.TIOCGWINSZ
-    else:
-        TIOCGWINSZ = 1074295912L  # Assume
-    s = struct.pack('HHHH', 0, 0, 0, 0)
-    x = fcntl.ioctl(sys.stdout.fileno(), TIOCGWINSZ, s)
-    return struct.unpack('HHHH', x)[0:2]
-
-
-def run_cmd(cmd):
-    """run command and return stdout"""
-    pipe = subprocess.Popen(cmd, 
-                            shell=True, 
-                            stdout=subprocess.PIPE, 
-                            stderr=subprocess.PIPE)
-    if pipe.stdout:
-        stdout = pipe.stdout.read().strip()
-        pipe.wait()
-        return stdout
-    if pipe.stderr:
-        stderr = pipe.stderr.read()
-        pipe.wait()
-        return stderr
-
-
-def connect(host, port, user, password):
-    """Use pexpect module to connect other server."""
-    log_date_dir = '%s/%s' % (log_dir, time.strftime('%Y%m%d'))
-    if not os.path.isdir(log_date_dir):
-        os.mkdir(log_date_dir)
-        os.chmod(log_date_dir, 0777)
-    structtime_start = time.localtime()
-    datetime_start = time.strftime('%Y%m%d%H%M%S', structtime_start)
-    logtime_start = time.strftime('%Y/%m/%d %H:%M:%S', structtime_start)
-    timestamp_start = int(time.mktime(structtime_start))
-    logfile_name = "%s/%s_%s_%s" % (log_date_dir, host, user, datetime_start)
-
-    try:
-        global foo
-        foo = pxssh.pxssh()
-        foo.login(host, user, password, port=port, auto_prompt_reset=False)
-        log = Logs(user=user, host=host, logfile=logfile_name, start_time=timestamp_start, ppid=os.getpid())  # 日志信息记录到数据库
-        log.save()
-        pid = Pid(ppid=os.getpid(), cpid=foo.pid, start_time=timestamp_start, logid=log.id)
-        pid.save()
-
-        logfile = open(logfile_name, 'a')  # 记录日志文件
-        logfile.write('\nDateTime:%s' % logtime_start)
-        foo.logfile = logfile
-        foo.sendline("export PS1='[\u@%s \W]\$ ';clear" % host)
-        signal.signal(signal.SIGWINCH, sigwinch_passthrough)
-        size = getwinsize()
-        foo.setwinsize(size[0], size[1])
-        foo.interact(escape_character=chr(28))  # 进入交互模式
-        logfile.write('\nEndTime: %s' % time.strftime('%Y/%m/%d %H:%M:%S'))
-        log.finish = 1
-        log.end_time = int(time.time())
-        log.save()
-
-    except pxssh.ExceptionPxssh as e:
-        print('登录失败: %s' % e)
-    except pexpect.EOF:
-        print('登录失败: Host refuse')
-    except KeyboardInterrupt:
-        foo.logout()
-        log.finish = 1
-        log.end_time = int(time.time())
-        log.save()
-
-
-def ip_all_select(username):
-    """select all the server of the user can control."""
-    ip_all = []
-    ip_all_dict = {}
-    try:
-        user = User.objects.get(username=username)
-    except:
-        return (['error'], {'error':"Don't Use Root To Do That or User isn't Exist."})
-    all_assets_user = user.assetsuser_set.all()
-    for assets_user in all_assets_user:
-        ip_all.append(assets_user.aid.ip)
-        ip_all_dict[assets_user.aid.ip] = assets_user.aid.comment
-
-    return ip_all, ip_all_dict
-
-
-def sth_select(username='', ip=''):
-    """if username: return password elif ip return port"""
-    if username:
-        user = User.objects.get(username=username)
-        ldap_password = user.ldap_password
-        return ldap_password
-
-    if ip:
-        asset = Assets.objects.get(ip=ip)
-        port = asset.port
-        return port
-    return None
-
-
-def remote_exec_cmd(host, user, cmd):
-    jm = PyCrypt(key)
-    ssh = paramiko.SSHClient()
-    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
-    port = sth_select(ip=host)
-    password = jm.decrypt(sth_select(username=username))
-    try:
-        ssh.connect(host, port, user, password)
-    except paramiko.AuthenticationException:
-        print 'Password Error .'
-        return None
-    stdin, stdout, stderr = ssh.exec_command(cmd)
-    print '\033[32m' + '#'*15 + ' ' + host + ' ' + '#'*15 + '\n' + '\033[0m'
-    output = stdout.read()
-    error = stderr.read()
-    if output:
-        print output
-    if error:
-        print error
-    print '\033[32m' + '#'*15 + '  End result  ' + '#'*15 + '\n' + '\033[0m'
-    ssh.close()
-
-
-def match_ip(all_ip, string):
-    ip_matched = []
-    pattern = re.compile(r'%s' % string)
-
-    for ip in all_ip:
-        if pattern.search(ip):
-            ip_matched.append(ip)
-    return ip_matched
-
-
-def print_prompt():
-        print """
-\033[1;32m###  Welcome Use JumpServer To Login. ### \033[0m
-1) Type \033[32mIP ADDRESS\033[0m To Login.
-2) Type \033[32mP/p\033[0m To Print The Servers You Available.
-3) Type \033[32mE/e\033[0m To Execute Command On Several Servers.
-4) Type \033[32mQ/q\033[0m To Quit.
-"""
-
-
-def print_your_server(username):
-    ip_all, ip_all_dict = ip_all_select(username)
-    for ip in ip_all:
-        if ip_all_dict[ip]:
-            print "%s -- %s" % (ip, ip_all_dict[ip])
-        else:
-            print ip
-
-
-def exec_cmd_servers(username):
-    print '\nInput the \033[32mHost IP(s)\033[0m,Separated by Commas, q/Q to Quit.\n'
-    while True:
-        hosts = raw_input('\033[1;32mip(s)>: \033[0m')
-        if hosts in ['q', 'Q']:
-            break
-        hosts = hosts.split(',')
-        hosts.append('')
-        hosts = list(set(hosts))
-        hosts.remove('')
-        ip_all, ip_all_dict = ip_all_select(username)
-        no_perm = set(hosts)-set(ip_all)
-        if no_perm:
-            print "You have NO PERMISSION on %s..." % list(no_perm)
-            continue
-        print '\nInput the \033[32mCommand\033[0m , The command will be Execute on servers, q/Q to quit.\n'
-        while True:
-            cmd = raw_input('\033[1;32mCmd(s): \033[0m')
-            if cmd in ['q', 'Q']:
-                break
-            exec_log_dir = os.path.join(log_dir, 'exec_cmds')
-            if not os.path.isdir(exec_log_dir):
-                os.mkdir(exec_log_dir)
-                os.chmod(exec_log_dir, 0777)
-            filename = "%s/%s.log" % (exec_log_dir, time.strftime('%Y%m%d'))
-            f = open(filename, 'a')
-            f.write("DateTime: %s User: %s Host: %s Cmds: %s\n" %
-                    (time.strftime('%Y/%m/%d %H:%M:%S'), username, hosts, cmd))
-            for host in hosts:
-                remote_exec_cmd(host, username, cmd)
-
-
-def connect_one(username, option):
-    ip_input = option.strip()
-    ip_all, ip_all_dict = ip_all_select(username)
-    ip_matched = match_ip(ip_all, ip_input)
-    ip_len = len(ip_matched)
-    ip = ''
-    if ip_len >= 1:
-        if ip_len == 1:
-            ip = ip_matched[0]
-        else:
-            if ip_input in ip_matched:
-                ip = ip_input
-            else:
-                for one_ip in ip_matched:
-                    print one_ip
-        if ip:
-            password = jm.decrypt(sth_select(username=username))
-            port = sth_select(ip=ip)
-            print "Connecting %s ..." % ip
-            connect(ip, port, username, password)
-    else:
-        print '\033[31mNo permision .\033[0m'
-
-
-if __name__ == '__main__':
-    username = run_cmd('whoami')
-    jm = PyCrypt(key)
-    print_prompt()
-    try:
-        while True:
-            try:
-                option = raw_input("\033[1;32mOpt or IP>:\033[0m ")
-            except EOFError:
-                print
-                continue
-            if option in ['P', 'p']:
-                print_your_server(username)
-                continue
-            elif option in ['e', 'E']:
-                exec_cmd_servers(username)
-            elif option in ['q', 'Q']:
-                sys.exit()
-            else:
-                connect_one(username, option)
-    #except (BaseException, Exception):
-    except IndexError:
-        print "Exit."
-        sys.exit()

jumpserver/context_processors.py

+from juser.models import User
+from jasset.models import Asset
+from jumpserver.api import *
+from jperm.models import Apply
+
+
+def name_proc(request):
+    user_id = request.session.get('user_id')
+    role_id = request.session.get('role_id')
+    if role_id == 2:
+        user_total_num = User.objects.all().count()
+        user_active_num = User.objects.filter().count()
+        host_total_num = Asset.objects.all().count()
+        host_active_num = Asset.objects.filter(is_active=True).count()
+    else:
+        user, dept = get_session_user_dept(request)
+        user_total_num = dept.user_set.all().count()
+        user_active_num = dept.user_set.filter(is_active=True).count()
+        host_total_num = dept.asset_set.all().count()
+        host_active_num = dept.asset_set.all().filter(is_active=True).count()
+
+    username = User.objects.get(id=user_id).name
+    apply_info = Apply.objects.filter(admin=username, status=0, read=0)
+    request.session.set_expiry(3600)
+
+    info_dic = {'session_user_id': user_id,
+                'session_role_id': role_id,
+                'user_total_num': user_total_num,
+                'user_active_num': user_active_num,
+                'host_total_num': host_total_num,
+                'host_active_num': host_active_num,
+                'apply_info': apply_info}
+
+    return info_dic
+

webroot/AutoSa/AutoSa/settings.py → jumpserver/settings.py

 """
-Django settings for AutoSa project.
+Django settings for jumpserver project.
 
 For more information on this file, see
-https://docs.djangoproject.com/en/1.6/topics/settings/
+https://docs.djangoproject.com/en/1.7/topics/settings/
 
 For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.6/ref/settings/
+https://docs.djangoproject.com/en/1.7/ref/settings/
 """
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 import os
 import ConfigParser
 
+config = ConfigParser.ConfigParser()
+
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
-CONF_DIR = os.path.dirname(os.path.dirname(BASE_DIR))
-CF = ConfigParser.ConfigParser()
-CF.read('%s/jumpserver.conf' % CONF_DIR)
+config.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
+
+DB_HOST = config.get('db', 'host')
+DB_PORT = config.getint('db', 'port')
+DB_USER = config.get('db', 'user')
+DB_PASSWORD = config.get('db', 'password')
+DB_DATABASE = config.get('db', 'database')
 
-DB_HOST = CF.get('db', 'host')
-DB_PORT = CF.getint('db', 'port')
-DB_USER = CF.get('db', 'user')
-DB_PASSWORD = CF.get('db', 'password')
-DB_DB = CF.get('db', 'db')
+# mail config
+EMAIL_HOST = config.get('mail', 'email_host')
+EMAIL_PORT = config.get('mail', 'email_port')
+EMAIL_HOST_USER = config.get('mail', 'email_host_user')
+EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password')
+EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls')
 
 # Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.6/howto/deployment/checklist/
+# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'tg-49xz3a#%5@^%83my*2up51)c3pove2_+21_(j*795gm38u*'
+SECRET_KEY = '!%=t81uof5rhmtpi&(zr=q^fah#$enny-c@mswz49l42j0o49-'
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
 TEMPLATE_DEBUG = True
 
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = ['0.0.0.0/8']
 
 
 # Application definition
@@ -46,10 +53,12 @@ INSTALLED_APPS = (
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    'UserManage',
-    'Assets',
-    'AutoSa',
-    #'RunCommand',
+    'django.contrib.humanize',
+    'jumpserver',
+    'juser',
+    'jasset',
+    'jperm',
+    'jlog',
 )
 
 MIDDLEWARE_CLASSES = (
@@ -57,22 +66,23 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     #'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )
 
-ROOT_URLCONF = 'AutoSa.urls'
+ROOT_URLCONF = 'jumpserver.urls'
 
-WSGI_APPLICATION = 'AutoSa.wsgi.application'
+WSGI_APPLICATION = 'jumpserver.wsgi.application'
 
 
 # Database
-# https://docs.djangoproject.com/en/1.6/ref/settings/#databases
+# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
 
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.mysql',
-        'NAME': DB_DB,
+        'NAME': DB_DATABASE,
         'USER': DB_USER,
         'PASSWORD': DB_PASSWORD,
         'HOST': DB_HOST,
@@ -88,7 +98,7 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     'django.core.context_processors.static',
     'django.core.context_processors.tz',
     'django.contrib.messages.context_processors.messages',
-    'AutoSa.context_processors.name_proc',
+    'jumpserver.context_processors.name_proc'
 )
 
 TEMPLATE_DIRS = (
@@ -100,11 +110,10 @@ TEMPLATE_DIRS = (
 STATICFILES_DIRS = (
     os.path.join(BASE_DIR, "static"),
 )
-
 # Internationalization
-# https://docs.djangoproject.com/en/1.6/topics/i18n/
+# https://docs.djangoproject.com/en/1.7/topics/i18n/
 
-LANGUAGE_CODE = 'zh-cn'
+LANGUAGE_CODE = 'en-us'
 
 TIME_ZONE = 'Asia/Shanghai'
 
@@ -112,12 +121,12 @@ USE_I18N = True
 
 USE_L10N = True
 
-USE_TZ = True
+USE_TZ = False
 
 
 # Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/1.6/howto/static-files/
+# https://docs.djangoproject.com/en/1.7/howto/static-files/
 
 STATIC_URL = '/static/'
 
-SESSION_COOKIE_AGE = 3600
+

jumpserver/templatetags/__init__.py

+__author__ = 'Hudie'

jumpserver/urls.py

+from django.conf.urls import patterns, include, url
+
+
+urlpatterns = patterns('',
+    # Examples:
+    (r'^$', 'jumpserver.views.index'),
+    (r'^api/user/$', 'jumpserver.api.api_user'),
+    (r'^skin_config/$', 'jumpserver.views.skin_config'),
+    (r'^install/$', 'jumpserver.views.install'),
+    (r'^base/$', 'jumpserver.views.base'),
+    (r'^login/$', 'jumpserver.views.login'),
+    (r'^logout/$', 'jumpserver.views.logout'),
+    (r'^file/upload/$', 'jumpserver.views.upload'),
+    (r'^file/download/$', 'jumpserver.views.download'),
+    (r'^error/$', 'jumpserver.views.httperror'),
+    (r'^juser/', include('juser.urls')),
+    (r'^jasset/', include('jasset.urls')),
+    (r'^jlog/', include('jlog.urls')),
+    (r'^jperm/', include('jperm.urls')),
+
+)

webroot/AutoSa/AutoSa/wsgi.py → jumpserver/wsgi.py

 """
-WSGI config for AutoSa project.
+WSGI config for jumpserver project.
 
 It exposes the WSGI callable as a module-level variable named ``application``.
 
 For more information on this file, see
-https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/
+https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/
 """
 
 import os
-import sys
-sys.path.append('/opt/jumpserver/webroot/AutoSa')
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "AutoSa.settings")
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings")
 
 from django.core.wsgi import get_wsgi_application
 application = get_wsgi_application()

juser/admin.py

+from django.contrib import admin
+
+# Register your models here.

juser/tests.py

+from django.test import TestCase
+
+# Create your tests here.

webroot/AutoSa/manage.py → manage.py

@@ -3,7 +3,7 @@ import os
 import sys
 
 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "AutoSa.settings")
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings")
 
     from django.core.management import execute_from_command_line