Skip to content

J
jumpserver
Commit 6a8db896 authored by guanghongwei's avatar guanghongwei
Browse files
Options

޸һbug

parent 5cd09a65
Show whitespace changes
Inline Side-by-side
Showing with 146 additions and 153 deletions
jumpserver.conf
View file @ 6a8db896
......@@ -8,11 +8,7 @@ password = mysql234
database = jumpserver
[ldap]
host_url = ldap://192.168.8.60:389
base_dn = dc=fengxing,dc=org
root_dn = cn=admin,dc=fengxing,dc=org
root_pw = 123456
ldap_enable = 0
ldap_enable = 1
host_url = ldap://127.0.0.1:389
base_dn = dc=jumpserver,dc=org
root_dn = cn=admin,dc=jumpserver,dc=org
......
jumpserver/templatetags/mytags.py
View file @ 6a8db896
......@@ -3,7 +3,7 @@
import time
from django import template
from django.db.models import Q
from juser.models import User
from juser.models import User, UserGroup
register = template.Library()
......@@ -56,6 +56,12 @@ def perm_count(user_id):
return user.perm_set.all().count()
@register.filter(name='member_count')
def member_count(group_id):
group = UserGroup.objects.get(id=group_id)
return group.user_set.count()
@register.filter(name='group_type_to_str')
def group_type_to_str(type_name):
group_types = {
......@@ -63,5 +69,4 @@ def group_type_to_str(type_name):
'M': '管理组',
'A': '授权组',
}
return group_types.get(type_name)
juser/views.py
View file @ 6a8db896
......@@ -122,25 +122,132 @@ def group_db_add(**kwargs):
UserGroup.objects.create(**kwargs)
def add_user_to_group(username, group_name):
def group_add_user(group_name, user_id=None, username=None):
try:
if user_id:
user = User.objects.get(id=user_id)
else:
user = User.objects.get(username=username)
group = UserGroup.objects.get(name=group_name)
except ObjectDoesNotExist:
raise AddError('User %s or group % does not exit. ' % username, group_name)
raise AddError('用户获取失败')
else:
groups = [group]
for g in user.user_group.all():
groups.append(g)
user.user_group = groups
def group_add_user(group_name, user_id):
group = UserGroup.objects.get(name=group_name)
user = User.objects.get(id=user_id)
group.user_set.add(user)
def db_add_user(**kwargs):
groups_post = kwargs.pop('groups')
user = User(**kwargs)
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_update_user(**kwargs):
groups_post = kwargs.pop('groups')
username = kwargs.get('username')
user = User.objects.filter(username=username)
user.update(**kwargs)
user = User.objects.get(username=username)
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_del_user(username):
try:
user = User.objects.get(username=username)
user.delete()
except ObjectDoesNotExist:
pass
def gen_ssh_key(username, password=None, length=2048):
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username)
public_key_dir = '/home/%s/.ssh/' % username
public_key_file = os.path.join(public_key_dir, 'authorized_keys')
is_dir(private_key_dir)
is_dir(public_key_dir, mode=0700)
key = RSA.generate(length)
with open(private_key_file, 'w') as pri_f:
pri_f.write(key.exportKey('PEM', password))
os.chmod(private_key_file, 0600)
pub_key = key.publickey()
with open(public_key_file, 'w') as pub_f:
pub_f.write(pub_key.exportKey('OpenSSH'))
os.chmod(public_key_file, 0600)
bash('chown %s:%s %s' % (username, username, public_key_file))
def server_add_user(username, password, ssh_key_pwd):
bash('useradd %s; echo %s | passwd --stdin %s' % (username, password, username))
gen_ssh_key(username, ssh_key_pwd)
def server_del_user(username):
bash('userdel -r %s' % username)
def ldap_add_user(username, ldap_pwd):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd)
user = User.objects.get(username=username)
user_attr = {'uid': [str(username)],
'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(user.id)],
'gidNumber': [str(user.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
group_attr = {'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]}
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
def group_add(request):
error = ''
msg = ''
......@@ -163,7 +270,7 @@ def group_add(request):
raise AddError
group_db_add(name=group_name, comment=comment, type=group_type)
for user_id in users_selected:
group_add_user(group_name, user_id)
group_add_user(group_name, user_id=user_id)
except AddError:
pass
......@@ -197,6 +304,7 @@ def group_detail(request):
if not group_id:
return HttpResponseRedirect('/')
group = UserGroup.objects.get(id=group_id)
users = group.user_set.all()
return render_to_response('juser/group_detail.html', locals())
......@@ -279,8 +387,8 @@ def user_edit(request):
password = user.password
ssh_key_pwd = user.ssh_key_pwd
name = user.name
all_group = UserGroup.objects.all()
groups = user.user_group.filter(type='M')
all_group = UserGroup.objects.filter(Q(type='M') | Q(type='A'))
groups = user.user_group.filter(Q(type='M') | Q(type='A'))
groups_str = ' '.join([str(group.id) for group in groups])
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
role_post = user.role
......@@ -299,7 +407,7 @@ def user_edit(request):
ssh_key_pwd = request.POST.get('ssh_key_pwd', None)
is_active = request.POST.get('is_active', '1')
ldap_pwd = gen_rand_pwd(16)
all_group = UserGroup.objects.all()
all_group = UserGroup.objects.filter(Q(type='M') | Q(type='A'))
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
if username:
......@@ -331,135 +439,22 @@ def user_edit(request):
return render_to_response('juser/user_add.html', locals())
def db_add_user(**kwargs):
groups_post = kwargs.pop('groups')
user = User(**kwargs)
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_update_user(**kwargs):
groups_post = kwargs.pop('groups')
username = kwargs.get('username')
user = User.objects.filter(username=username)
user.update(**kwargs)
user = User.objects.get(username=username)
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.save()
user.user_group = group_select
def db_del_user(username):
try:
user = User.objects.get(username=username)
user.delete()
except ObjectDoesNotExist:
pass
def gen_ssh_key(username, password=None, length=2048):
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username)
public_key_dir = '/home/%s/.ssh/' % username
public_key_file = os.path.join(public_key_dir, 'authorized_keys')
is_dir(private_key_dir)
is_dir(public_key_dir, mode=0700)
key = RSA.generate(length)
with open(private_key_file, 'w') as pri_f:
pri_f.write(key.exportKey('PEM', password))
os.chmod(private_key_file, 0600)
pub_key = key.publickey()
with open(public_key_file, 'w') as pub_f:
pub_f.write(pub_key.exportKey('OpenSSH'))
os.chmod(public_key_file, 0600)
bash('chown %s:%s %s' % (username, username, public_key_file))
def server_add_user(username, password, ssh_key_pwd):
bash('useradd %s; echo %s | passwd --stdin %s' % (username, password, username))
gen_ssh_key(username, ssh_key_pwd)
def server_del_user(username):
bash('userdel -r %s' % username)
def ldap_add_user(username, ldap_pwd):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd)
user = User.objects.get(username=username)
user_attr = {'uid': [str(username)],
'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(user.id)],
'gidNumber': [str(user.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
group_attr = {'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]}
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
def user_add(request):
error = ''
msg = ''
header_title, path1, path2 = '添加用户 | Add User', 'juser', 'user_add'
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
all_group = UserGroup.objects.filter(type='M')
all_group = UserGroup.objects.filter(Q(type='M') | Q(type='A')).order_by('-type')
if request.method == 'POST':
username = request.POST.get('username', None)
password = request.POST.get('password', None)
password = request.POST.get('password', '')
name = request.POST.get('name', None)
email = request.POST.get('email', '')
groups = request.POST.getlist('groups', None)
groups_str = ' '.join(groups)
role_post = request.POST.get('role', None)
ssh_pwd = request.POST.get('ssh_pwd', None)
ssh_key_pwd = request.POST.get('ssh_key_pwd', None)
role_post = request.POST.get('role', 'CU')
ssh_pwd = request.POST.get('ssh_pwd', '')
ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
is_active = request.POST.get('is_active', '1')
ldap_pwd = gen_rand_pwd(16)
......@@ -481,7 +476,7 @@ def user_add(request):
password=md5_crypt(password),
name=name, email=email,
groups=groups, role=role_post,
ssh_pwd=CRYPTOR.encrypt(ssh_pwd),
ssh_pwd=CRYPTOR.encrypt(ssh_pwd) if ssh_pwd else '',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active,
......@@ -489,7 +484,7 @@ def user_add(request):
server_add_user(username, password, ssh_key_pwd)
group_db_add(name=username, comment=username, type='P')
add_user_to_group(username=username, group_name=username)
group_add_user(group_name=username, username=username)
if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd)
msg = u'添加用户 %s 成功!' % username
......
templates/juser/group_list.html
View file @ 6a8db896
......@@ -36,10 +36,10 @@
<table class="table table-striped table-bordered table-hover " id="editable" >
<thead>
<tr>
<th class="text-center"><input type="checkbox" class="i-checks" name=""></th>
<th class="text-center">ID</th>
<th class="text-center">组名</th>
<th class="text-center">类型</th>
<th class="text-center">成员数量</th>
<th class="text-center">备注</th>
<th class="text-center">操作</th>
</tr>
......@@ -47,10 +47,10 @@
<tbody>
{% for group in contacts.object_list %}
<tr class="gradeX">
<td class="text-center"><input type="checkbox" class="i-checks" name=""></td>
<td class="text-center"> {{ group.id }} </td>
<td class="text-center"> {{ group.name }} </td>
<td class="text-center"> {{ group.type|group_type_to_str }} </td>
<td class="text-center"> {{ group.id|member_count }} </td>
<td class="text-center"> {{ group.comment }} </td>
<td class="text-center">
<a href="../group_detail/?id={{ group.id }}" class="iframe btn btn-xs btn-primary">成员</a>
......
templates/juser/user_add.html
View file @ 6a8db896
......@@ -73,19 +73,19 @@
<div class="form-group">
<label for="groups" class="col-lg-2 control-label">属组<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select id="groups" name="groups" class="form-control m-b" multiple>
<select id="groups" name="groups" class="form-control m-b" multiple size="10">
{% for group in all_group %}
{% if groups_str %}
{% if group.id|int2str in groups_str %}
<option value="{{ group.id }}" selected>{{ group.name }}</option>
<option value="{{ group.id }}" selected>{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% else %}
<option value="{{ group.id }}">{{ group.name }}</option>
<option value="{{ group.id }}">{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% endif %}
{% else %}
{% if forloop.first %}
<option value="{{ group.id }}" selected>{{ group.name }}</option>
<option value="{{ group.id }}" selected>{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% else %}
<option value="{{ group.id }}">{{ group.name }}</option>
<option value="{{ group.id }}">{{ group.name }} --- {{ group.type|group_type_to_str }}</option>
{% endif %}
{% endif %}
{% endfor %}
......
templates/juser/user_detail.html
View file @ 6a8db896
......@@ -16,9 +16,6 @@
<div class="contact-box">
<h2 class="text-center">{{ user.name }} 用户详情</h2>
<div class="ibox-content">
<div class="">
<a target="_blank" href="/juser/user_add/" class="btn btn-sm btn-primary "> 添加 </a>
</div>
<table class="table table-striped table-bordered table-hover " id="editable" >
<thead>
......@@ -58,7 +55,7 @@
</tr>
<tr class="gradeX">
<td class="text-center">添加时间</td>
<td class="text-center">{{ user.joined }}</td>
<td class="text-center">{{ user.date_joined|stamp2str }}</td>
</tr>
<tr class="gradeX">
<td class="text-center">最后登录</td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment