Skip to content

J
jumpserver
Commit 6a8db896 authored by guanghongwei's avatar guanghongwei
Browse files
Options

޸һbug

parent 5cd09a65
Hide whitespace changes
Inline Side-by-side
Showing with 147 additions and 154 deletions
jumpserver.conf
View file @ 6a8db896
...@@ -8,11 +8,7 @@ password = mysql234 ...@@ -8,11 +8,7 @@ password = mysql234
database = jumpserver database = jumpserver
[ldap] [ldap]
host_url = ldap://192.168.8.60:389 ldap_enable = 1
base_dn = dc=fengxing,dc=org
root_dn = cn=admin,dc=fengxing,dc=org
root_pw = 123456
ldap_enable = 0
host_url = ldap://127.0.0.1:389 host_url = ldap://127.0.0.1:389
base_dn = dc=jumpserver,dc=org base_dn = dc=jumpserver,dc=org
root_dn = cn=admin,dc=jumpserver,dc=org root_dn = cn=admin,dc=jumpserver,dc=org
......
jumpserver/templatetags/mytags.py
View file @ 6a8db896
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
import time import time
from django import template from django import template
from django.db.models import Q from django.db.models import Q
from juser.models import User from juser.models import User, UserGroup
register = template.Library() register = template.Library()
...@@ -56,6 +56,12 @@ def perm_count(user_id): ...@@ -56,6 +56,12 @@ def perm_count(user_id):
return user.perm_set.all().count() return user.perm_set.all().count()
@register.filter(name='member_count')
def member_count(group_id):
group = UserGroup.objects.get(id=group_id)
return group.user_set.count()
@register.filter(name='group_type_to_str') @register.filter(name='group_type_to_str')
def group_type_to_str(type_name): def group_type_to_str(type_name):
group_types = { group_types = {
...@@ -63,5 +69,4 @@ def group_type_to_str(type_name): ...@@ -63,5 +69,4 @@ def group_type_to_str(type_name):
'M': '管理组', 'M': '管理组',
'A': '授权组', 'A': '授权组',
} }
return group_types.get(type_name) return group_types.get(type_name)
juser/views.py
View file @ 6a8db896
...@@ -122,23 +122,130 @@ def group_db_add(**kwargs): ...@@ -122,23 +122,130 @@ def group_db_add(**kwargs):
UserGroup.objects.create(**kwargs) UserGroup.objects.create(**kwargs)
def add_user_to_group(username, group_name): def group_add_user(group_name, user_id=None, username=None):
try: try:
user = User.objects.get(username=username) if user_id:
group = UserGroup.objects.get(name=group_name) user = User.objects.get(id=user_id)
else:
user = User.objects.get(username=username)
except ObjectDoesNotExist: except ObjectDoesNotExist:
raise AddError('User %s or group % does not exit. ' % username, group_name) raise AddError('用户获取失败')
else: else:
groups = [group] group = UserGroup.objects.get(name=group_name)
for g in user.user_group.all(): group.user_set.add(user)
groups.append(g)
user.user_group = groups
def group_add_user(group_name, user_id): def db_add_user(**kwargs):
group = UserGroup.objects.get(name=group_name) groups_post = kwargs.pop('groups')
user = User.objects.get(id=user_id) user = User(**kwargs)
group.user_set.add(user) group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_update_user(**kwargs):
groups_post = kwargs.pop('groups')
username = kwargs.get('username')
user = User.objects.filter(username=username)
user.update(**kwargs)
user = User.objects.get(username=username)
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_del_user(username):
try:
user = User.objects.get(username=username)
user.delete()
except ObjectDoesNotExist:
pass
def gen_ssh_key(username, password=None, length=2048):
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username)
public_key_dir = '/home/%s/.ssh/' % username
public_key_file = os.path.join(public_key_dir, 'authorized_keys')
is_dir(private_key_dir)
is_dir(public_key_dir, mode=0700)
key = RSA.generate(length)
with open(private_key_file, 'w') as pri_f:
pri_f.write(key.exportKey('PEM', password))
os.chmod(private_key_file, 0600)
pub_key = key.publickey()
with open(public_key_file, 'w') as pub_f:
pub_f.write(pub_key.exportKey('OpenSSH'))
os.chmod(public_key_file, 0600)
bash('chown %s:%s %s' % (username, username, public_key_file))
def server_add_user(username, password, ssh_key_pwd):
bash('useradd %s; echo %s | passwd --stdin %s' % (username, password, username))
gen_ssh_key(username, ssh_key_pwd)
def server_del_user(username):
bash('userdel -r %s' % username)
def ldap_add_user(username, ldap_pwd):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd)
user = User.objects.get(username=username)
user_attr = {'uid': [str(username)],
'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(user.id)],
'gidNumber': [str(user.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
group_attr = {'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]}
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
def group_add(request): def group_add(request):
...@@ -163,7 +270,7 @@ def group_add(request): ...@@ -163,7 +270,7 @@ def group_add(request):
raise AddError raise AddError
group_db_add(name=group_name, comment=comment, type=group_type) group_db_add(name=group_name, comment=comment, type=group_type)
for user_id in users_selected: for user_id in users_selected:
group_add_user(group_name, user_id) group_add_user(group_name, user_id=user_id)
except AddError: except AddError:
pass pass
...@@ -197,6 +304,7 @@ def group_detail(request): ...@@ -197,6 +304,7 @@ def group_detail(request):
if not group_id: if not group_id:
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
group = UserGroup.objects.get(id=group_id) group = UserGroup.objects.get(id=group_id)
users = group.user_set.all()
return render_to_response('juser/group_detail.html', locals()) return render_to_response('juser/group_detail.html', locals())
...@@ -279,8 +387,8 @@ def user_edit(request): ...@@ -279,8 +387,8 @@ def user_edit(request):
password = user.password password = user.password
ssh_key_pwd = user.ssh_key_pwd ssh_key_pwd = user.ssh_key_pwd
name = user.name name = user.name
all_group = UserGroup.objects.all() all_group = UserGroup.objects.filter(Q(type='M') | Q(type='A'))
groups = user.user_group.filter(type='M') groups = user.user_group.filter(Q(type='M') | Q(type='A'))
groups_str = ' '.join([str(group.id) for group in groups]) groups_str = ' '.join([str(group.id) for group in groups])
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
role_post = user.role role_post = user.role
...@@ -299,7 +407,7 @@ def user_edit(request): ...@@ -299,7 +407,7 @@ def user_edit(request):
ssh_key_pwd = request.POST.get('ssh_key_pwd', None) ssh_key_pwd = request.POST.get('ssh_key_pwd', None)
is_active = request.POST.get('is_active', '1') is_active = request.POST.get('is_active', '1')
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
all_group = UserGroup.objects.all() all_group = UserGroup.objects.filter(Q(type='M') | Q(type='A'))
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
if username: if username:
...@@ -331,135 +439,22 @@ def user_edit(request): ...@@ -331,135 +439,22 @@ def user_edit(request):
return render_to_response('juser/user_add.html', locals()) return render_to_response('juser/user_add.html', locals())
def db_add_user(**kwargs):
groups_post = kwargs.pop('groups')
user = User(**kwargs)
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_update_user(**kwargs):
groups_post = kwargs.pop('groups')
username = kwargs.get('username')
user = User.objects.filter(username=username)
user.update(**kwargs)
user = User.objects.get(username=username)
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_del_user(username):
try:
user = User.objects.get(username=username)
user.delete()
except ObjectDoesNotExist:
pass
def gen_ssh_key(username, password=None, length=2048):
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username)
public_key_dir = '/home/%s/.ssh/' % username
public_key_file = os.path.join(public_key_dir, 'authorized_keys')
is_dir(private_key_dir)
is_dir(public_key_dir, mode=0700)
key = RSA.generate(length)
with open(private_key_file, 'w') as pri_f:
pri_f.write(key.exportKey('PEM', password))
os.chmod(private_key_file, 0600)
pub_key = key.publickey()
with open(public_key_file, 'w') as pub_f:
pub_f.write(pub_key.exportKey('OpenSSH'))
os.chmod(public_key_file, 0600)
bash('chown %s:%s %s' % (username, username, public_key_file))
def server_add_user(username, password, ssh_key_pwd):
bash('useradd %s; echo %s | passwd --stdin %s' % (username, password, username))
gen_ssh_key(username, ssh_key_pwd)
def server_del_user(username):
bash('userdel -r %s' % username)
def ldap_add_user(username, ldap_pwd):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd)
user = User.objects.get(username=username)
user_attr = {'uid': [str(username)],
'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(user.id)],
'gidNumber': [str(user.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
group_attr = {'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]}
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
def user_add(request): def user_add(request):
error = '' error = ''
msg = '' msg = ''
header_title, path1, path2 = '添加用户 | Add User', 'juser', 'user_add' header_title, path1, path2 = '添加用户 | Add User', 'juser', 'user_add'
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
all_group = UserGroup.objects.filter(type='M') all_group = UserGroup.objects.filter(Q(type='M') | Q(type='A')).order_by('-type')
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username', None) username = request.POST.get('username', None)
password = request.POST.get('password', None) password = request.POST.get('password', '')
name = request.POST.get('name', None) name = request.POST.get('name', None)
email = request.POST.get('email', '') email = request.POST.get('email', '')
groups = request.POST.getlist('groups', None) groups = request.POST.getlist('groups', None)
groups_str = ' '.join(groups) groups_str = ' '.join(groups)
role_post = request.POST.get('role', None) role_post = request.POST.get('role', 'CU')
ssh_pwd = request.POST.get('ssh_pwd', None) ssh_pwd = request.POST.get('ssh_pwd', '')
ssh_key_pwd = request.POST.get('ssh_key_pwd', None) ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
is_active = request.POST.get('is_active', '1') is_active = request.POST.get('is_active', '1')
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
...@@ -481,7 +476,7 @@ def user_add(request): ...@@ -481,7 +476,7 @@ def user_add(request):
password=md5_crypt(password), password=md5_crypt(password),
name=name, email=email, name=name, email=email,
groups=groups, role=role_post, groups=groups, role=role_post,
ssh_pwd=CRYPTOR.encrypt(ssh_pwd), ssh_pwd=CRYPTOR.encrypt(ssh_pwd) if ssh_pwd else '',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd), ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
...@@ -489,7 +484,7 @@ def user_add(request): ...@@ -489,7 +484,7 @@ def user_add(request):
server_add_user(username, password, ssh_key_pwd) server_add_user(username, password, ssh_key_pwd)
group_db_add(name=username, comment=username, type='P') group_db_add(name=username, comment=username, type='P')
add_user_to_group(username=username, group_name=username) group_add_user(group_name=username, username=username)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
msg = u'添加用户 %s 成功!' % username msg = u'添加用户 %s 成功!' % username
......
templates/juser/group_list.html
View file @ 6a8db896
...@@ -36,10 +36,10 @@ ...@@ -36,10 +36,10 @@
<table class="table table-striped table-bordered table-hover " id="editable" > <table class="table table-striped table-bordered table-hover " id="editable" >
<thead> <thead>
<tr> <tr>
<th class="text-center"><input type="checkbox" class="i-checks" name=""></th>
<th class="text-center">ID</th> <th class="text-center">ID</th>
<th class="text-center">组名</th> <th class="text-center">组名</th>
<th class="text-center">类型</th> <th class="text-center">类型</th>
<th class="text-center">成员数量</th>
<th class="text-center">备注</th> <th class="text-center">备注</th>
<th class="text-center">操作</th> <th class="text-center">操作</th>
</tr> </tr>
...@@ -47,10 +47,10 @@ ...@@ -47,10 +47,10 @@
<tbody> <tbody>
{% for group in contacts.object_list %} {% for group in contacts.object_list %}
<tr class="gradeX"> <tr class="gradeX">
<td class="text-center"><input type="checkbox" class="i-checks" name=""></td>
<td class="text-center"> {{ group.id }} </td> <td class="text-center"> {{ group.id }} </td>
<td class="text-center"> {{ group.name }} </td> <td class="text-center"> {{ group.name }} </td>
<td class="text-center"> {{ group.type|group_type_to_str }} </td> <td class="text-center"> {{ group.type|group_type_to_str }} </td>
<td class="text-center"> {{ group.id|member_count }} </td>
<td class="text-center"> {{ group.comment }} </td> <td class="text-center"> {{ group.comment }} </td>
<td class="text-center"> <td class="text-center">
<a href="../group_detail/?id={{ group.id }}" class="iframe btn btn-xs btn-primary">成员</a> <a href="../group_detail/?id={{ group.id }}" class="iframe btn btn-xs btn-primary">成员</a>
......
templates/juser/user_add.html
View file @ 6a8db896
...@@ -73,19 +73,19 @@ ...@@ -73,19 +73,19 @@
<div class="form-group"> <div class="form-group">
<label for="groups" class="col-lg-2 control-label">属组<span class="red-fonts">*</span></label> <label for="groups" class="col-lg-2 control-label">属组<span class="red-fonts">*</span></label>
<div class="col-sm-8"> <div class="col-sm-8">
<select id="groups" name="groups" class="form-control m-b" multiple> <select id="groups" name="groups" class="form-control m-b" multiple size="10">
{% for group in all_group %} {% for group in all_group %}
{% if groups_str %} {% if groups_str %}
{% if group.id|int2str in groups_str %} {% if group.id|int2str in groups_str %}
<option value="{{ group.id }}" selected>{{ group.name }}</option> <option value="{{ group.id }}" selected>{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% else %} {% else %}
<option value="{{ group.id }}">{{ group.name }}</option> <option value="{{ group.id }}">{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% endif %} {% endif %}
{% else %} {% else %}
{% if forloop.first %} {% if forloop.first %}
<option value="{{ group.id }}" selected>{{ group.name }}</option> <option value="{{ group.id }}" selected>{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% else %} {% else %}
<option value="{{ group.id }}">{{ group.name }}</option> <option value="{{ group.id }}">{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
......
templates/juser/user_detail.html
View file @ 6a8db896
...@@ -16,9 +16,6 @@ ...@@ -16,9 +16,6 @@
<div class="contact-box"> <div class="contact-box">
<h2 class="text-center">{{ user.name }} 用户详情</h2> <h2 class="text-center">{{ user.name }} 用户详情</h2>
<div class="ibox-content"> <div class="ibox-content">
<div class="">
<a target="_blank" href="/juser/user_add/" class="btn btn-sm btn-primary "> 添加 </a>
</div>
<table class="table table-striped table-bordered table-hover " id="editable" > <table class="table table-striped table-bordered table-hover " id="editable" >
<thead> <thead>
...@@ -58,7 +55,7 @@ ...@@ -58,7 +55,7 @@
</tr> </tr>
<tr class="gradeX"> <tr class="gradeX">
<td class="text-center">添加时间</td> <td class="text-center">添加时间</td>
<td class="text-center">{{ user.joined }}</td> <td class="text-center">{{ user.date_joined|stamp2str }}</td>
</tr> </tr>
<tr class="gradeX"> <tr class="gradeX">
<td class="text-center">最后登录</td> <td class="text-center">最后登录</td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment