Merge pull request #3 from jumpserver/dev

update from origin

connect.py

@@ -92,11 +92,20 @@ class Tty(object):
         self.remote_ip = ''
         self.login_type = login_type
         self.vim_flag = False
-        self.ps1_pattern = re.compile('\[.*@.*\][\$#]\s')
-        self.vim_pattern = re.compile(r'\Wvi[m]+\s.* | \Wfg\s.*', re.X)
+        self.ps1_pattern = re.compile('\[?.*@.*\]?[\$#]\s')
+        self.vim_pattern = re.compile(r'\W?vi[m]?\s.* | \W?fg\s.*', re.X)
         self.vim_data = ''
-        self.stream = pyte.ByteStream()
+        self.stream = None
         self.screen = None
+        self.__init_screen_stream()
+
+    def __init_screen_stream(self):
+        """
+        初始化虚拟屏幕和字符流
+        """
+        self.stream = pyte.ByteStream()
+        self.screen = pyte.Screen(80, 24)
+        self.stream.attach(self.screen)
 
     @staticmethod
     def is_output(strings):
@@ -125,30 +134,35 @@ class Tty(object):
                 result = match[-1].strip()
         return result
 
-    def deal_command(self):
+    def deal_command(self, data):
         """
         处理截获的命令
+        :param data: 要处理的命令
         :return:返回最后的处理结果
         """
         command = ''
-        # 从虚拟屏幕中获取处理后的数据
-        for line in reversed(self.screen.buffer):
-            line_data = "".join(map(operator.attrgetter("data"), line)).strip()
-            if len(line_data) > 0:
-                parser_result = self.command_parser(line_data)
-                if parser_result is not None:
-                    # 2个条件写一起会有错误的数据
-                    if len(parser_result) > 0:
-                        command = parser_result
-                else:
-                    command = line_data
-                break
-        if command != '':
-            # 判断用户输入的是否是vim 或者fg命令
-            if self.vim_pattern.search(command):
-                self.vim_flag = True
-        # 虚拟屏幕清空
-        self.screen.reset()
+        try:
+            self.stream.feed(data)
+            # 从虚拟屏幕中获取处理后的数据
+            for line in reversed(self.screen.buffer):
+                line_data = "".join(map(operator.attrgetter("data"), line)).strip()
+                if len(line_data) > 0:
+                    parser_result = self.command_parser(line_data)
+                    if parser_result is not None:
+                        # 2个条件写一起会有错误的数据
+                        if len(parser_result) > 0:
+                            command = parser_result
+                    else:
+                        command = line_data
+                    break
+            if command != '':
+                # 判断用户输入的是否是vim 或者fg命令
+                if self.vim_pattern.search(command):
+                    self.vim_flag = True
+            # 虚拟屏幕清空
+            self.screen.reset()
+        except Exception:
+            pass
         return command
 
     def get_log(self):
@@ -348,16 +362,15 @@ class SshTty(Tty):
                         # 这个是用来处理用户的复制操作
                         if input_str != x:
                             data += input_str
-                        self.stream.feed(data)
                         if self.vim_flag:
                             match = self.ps1_pattern.search(self.vim_data)
                             if match:
                                 self.vim_flag = False
-                                data = self.deal_command()[0:200]
+                                data = self.deal_command(data)[0:200]
                                 if len(data) > 0:
                                     TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save()
                         else:
-                            data = self.deal_command()[0:200]
+                            data = self.deal_command(data)[0:200]
                             if len(data) > 0:
                                 TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save()
                         data = ''
@@ -393,10 +406,8 @@ class SshTty(Tty):
         # 获取连接的隧道并设置窗口大小 Make a channel and set windows size
         global channel
         win_size = self.get_win_size()
-        #self.channel = channel = ssh.invoke_shell(height=win_size[0], width=win_size[1], term='xterm')
+        # self.channel = channel = ssh.invoke_shell(height=win_size[0], width=win_size[1], term='xterm')
         self.channel = channel = transport.open_session()
-        self.screen = pyte.Screen(win_size[1], win_size[0])
-        self.stream.attach(self.screen)
         channel.get_pty(term='xterm', height=win_size[0], width=win_size[1])
         channel.invoke_shell()
         try:

install/requirements.txt

@@ -14,4 +14,4 @@ ansible==1.9.4
 pyinotify==0.9.6
 passlib==1.6.5
 argparse==1.4.0
-django_crontab==0.6.0
+django_crontab==0.6.0
\ No newline at end of file

jperm/models.py

@@ -26,7 +26,7 @@ class PermSudo(models.Model):
 class PermRole(models.Model):
     name = models.CharField(max_length=100, unique=True)
     comment = models.CharField(max_length=100, null=True, blank=True, default='')
-    password = models.CharField(max_length=100)
+    password = models.CharField(max_length=128)
     key_path = models.CharField(max_length=100)
     date_added = models.DateTimeField(auto_now=True)
     sudo = models.ManyToManyField(PermSudo, related_name='perm_role')

jperm/perm_api.py

@@ -182,8 +182,9 @@ def gen_resource(ob, perm=None):
                 info = {'hostname': asset.hostname,
                         'ip': asset.ip,
                         'port': asset_info.get('port', 22),
+                        'ansible_ssh_private_key_file': role_key,
                         'username': role.name,
-                        'password': CRYPTOR.decrypt(role.password)
+                        # 'password': CRYPTOR.decrypt(role.password)
                        }
 
                 if os.path.isfile(role_key):

jperm/views.py

@@ -519,12 +519,12 @@ def perm_role_push(request):
             ret["pass_push"] = task.add_user(role.name)
             ret["key_push"] = task.push_key(role.name, os.path.join(role.key_path, 'id_rsa.pub'))
 
-        # 2. 推送账号密码
-        elif password_push:
-            ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))
+        # 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信， 不再提供密码方式的推送>
+        # elif password_push:
+        #     ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))
 
         # 3. 推送sudo配置文件
-        if password_push or key_push:
+        if key_push:
             sudo_list = set([sudo for sudo in role.sudo.all()])  # set(sudo1, sudo2, sudo3)
             if sudo_list:
                 ret['sudo'] = task.push_sudo_file([role], sudo_list)

jumpserver.conf

 [base]
-url = http://192.168.244.129
-key = i6k2zeu8x6mncl76
+url = http://192.168.10.165
+key = 941enj9neshd1wes
 ip = 0.0.0.0
 port = 80
 log = debug
@@ -14,9 +14,9 @@ database = jumpserver
 
 [mail]
 mail_enable = 1
-email_host = smtp.exmail.qq.com
-email_port = 25
-email_host_user = noreply@jumpserver.org
-email_host_password = xxxxxxxxxx
+email_host = 
+email_port = 587
+email_host_user = 
+email_host_password = 
 email_use_tls = True
 

run_server.py

@@ -10,7 +10,6 @@ import os.path
 import threading
 import re
 import functools
-
 from django.core.signals import request_started, request_finished
 
 import tornado.ioloop
@@ -371,9 +370,10 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
                         vim_data = self.term.deal_command(self.term.vim_data)[0:200]
                         if len(data) > 0:
                             TtyLog(log=self.log, datetime=datetime.datetime.now(), cmd=vim_data).save()
-
-                TtyLog(log=self.log, datetime=datetime.datetime.now(),
-                       cmd=self.term.deal_command(self.term.data)[0:200]).save()
+                vim_data = self.term.deal_command(self.term.vim_data)[0:200]
+                if len(vim_data) > 0:
+                    TtyLog(log=self.log, datetime=datetime.datetime.now(),
+                           cmd=vim_data).save()
                 self.term.vim_data = ''
                 self.term.data = ''
                 self.term.input_mode = False
@@ -412,7 +412,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
                     if self.term.vim_flag:
                         self.term.vim_data += recv
                     try:
-                        self.write_message(json.dumps({'data': data}))
+                        self.write_message(data.decode('utf-8', 'replace'))
                         now_timestamp = time.time()
                         self.log_time_f.write('%s %s\n' % (round(now_timestamp-pre_timestamp, 4), len(data)))
                         self.log_file_f.write(data)
@@ -460,7 +460,7 @@ def main():
     }
     tornado_app = tornado.web.Application(
         [
-            (r'/monitor', MonitorHandler),
+            (r'/ws/monitor', MonitorHandler),
             (r'/ws/terminal', WebTerminalHandler),
             (r'/kill', WebTerminalKillHandler),
             (r'/ws/exec', ExecHandler),

static/js/webterminal.js

+
 /**
  * Created by liuzheng on 3/3/16.
  */
@@ -35,13 +36,12 @@ WSSHClient.prototype.connect = function (options) {
     };
 
     this._connection.onmessage = function (evt) {
-        var data = JSON.parse(evt.data.toString());
-        if (data.error !== undefined) {
+        try{
+            options.onData(evt.data);
+        } catch (e) {
+            var data = JSON.parse(evt.data.toString());
             options.onError(data.error);
         }
-        else {
-            options.onData(data.data);
-        }
     };
 
     this._connection.onclose = function (evt) {

templates/jlog/log_online.html

@@ -136,7 +136,7 @@
             var protocol = 'ws://';
         }
 
-        var endpoint = protocol + document.URL.match(RegExp('//(.*?)/'))[1] + '/monitor';
+        var endpoint = protocol + document.URL.match(RegExp('//(.*?)/'))[1] + '/ws/monitor';
         var file_path = obj.attr('file_path');
         var socket = new WebSocket(endpoint + '?file_path=' + file_path);
 

templates/jperm/perm_role_add.html

@@ -104,6 +104,10 @@ $('#roleForm').validator({
             ok: "",
             msg: {required: "系统用户名称必填"}
         },
+        "role_password": {
+            rule: "length[0~64]",
+            tip: "系统密码"
+        },
         "role_key": {
             rule: "check_begin",
             ok: "",

templates/jperm/perm_role_edit.html

@@ -105,12 +105,16 @@ $('#roleForm').validator({
             tip: "输入系统用户名称",
             ok: "",
             msg: {required: "系统用户名称必填"}
+        },
+         "role_password": {
+            rule: "length[0~64]",
+            tip: "系统密码"
         },
         "role_key": {
             rule: "check_begin",
             ok: "",
             empty: true
-        },
+        }
 
     },
     valid: function(form) {

templates/jperm/perm_role_push.html

@@ -74,16 +74,6 @@
                                         </div>
                                     </div>
                                 </div>
-                                <div class="form-group">
-                                    <label for="j_group" class="col-sm-2 control-label">使用密码</label>
-                                    <div class="col-sm-1">
-                                        <div class="radio i-checks">
-                                            <label>
-                                                <input type="checkbox" value="1" id="use_password" name="use_password">
-                                            </label>
-                                        </div>
-                                    </div>
-                                </div>
                             </div>
                             <div class="hr-line-dashed"></div>
                             <div class="form-group">