diff --git a/README.md b/README.md
index 84d22c8ef2f6ae4b6970da156c7959a4e36b163c..84b5954fd63f96ded8bd1d0ebb4fcbff00a5b953 100644
--- a/README.md
+++ b/README.md
@@ -58,12 +58,7 @@ Web批é‡æ‰§è¡Œå‘½ä»¤
### 团队
-* **广å®ä¼Ÿ** ibuler
-* **王墉** halcyon
-* **陈尚委** å‡æƒ³æŽ§
-* **喻茂峻** ç´«å·ç§€
-* **刘æ£** evanescunt
-* **柯连春** é地节æ“
+
diff --git a/connect.py b/connect.py
index 1d52a75d994ce6e5f859b808157d29a27a930127..e38dfa751c6a5bd958a3c8fabc23dd5e4635fc06 100755
--- a/connect.py
+++ b/connect.py
@@ -32,7 +32,7 @@ from jperm.ansible_api import MyRunner
from jlog.models import ExecLog, FileLog
login_user = get_object(User, username=getpass.getuser())
-remote_ip = os.popen("who -m | awk '{ print $5 }'").read().strip('()\n')
+remote_ip = os.popen("who -m | awk '{ print $NF }'").read().strip('()\n')
try:
import termios
diff --git a/install/install.py b/install/install.py
index 9d2c13ed718b6dedfcf65229b353a37f59acb98d..4d70f7e787a1a78e9e8b3221c43760d43709f2c6 100755
--- a/install/install.py
+++ b/install/install.py
@@ -6,7 +6,7 @@ import time
import os
import sys
import MySQLdb
-from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError
+from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError, SMTPSenderRefused
import ConfigParser
import socket
import fcntl
@@ -127,7 +127,7 @@ class PreSetup(object):
smtp.quit()
return True
- except (SMTPAuthenticationError, socket.timeout, socket.gaierror), e:
+ except (SMTPAuthenticationError, socket.timeout, socket.gaierror, SMTPSenderRefused, SMTPConnectError), e:
color_print(e, 'red')
return False
diff --git a/install/next.py b/install/next.py
index 56fe3c4f14fbd184ad9e018bc4cf36304cad4ee1..62814ee67b872dec88b26f74cca8b53e3ce13bb1 100755
--- a/install/next.py
+++ b/install/next.py
@@ -7,6 +7,7 @@ import django
from django.core.management import execute_from_command_line
import shutil
import urllib
+import socket
jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
sys.path.append(jms_dir)
@@ -19,6 +20,8 @@ from juser.user_api import db_add_user, get_object, User
from install import color_print
from jumpserver.api import get_mac_address
+socket.setdefaulttimeout(2)
+
class Setup(object):
"""
@@ -33,8 +36,11 @@ class Setup(object):
def _pull():
color_print('开始更新jumpserver', 'green')
# bash('git pull')
- mac = get_mac_address()
- version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac)
+ try:
+ mac = get_mac_address()
+ version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac)
+ except:
+ pass
os.chdir(jms_dir)
os.chmod('logs', 0777)
os.chmod('keys', 0777)
@@ -83,7 +89,7 @@ class Setup(object):
def _run_service():
os.system('sh %s start' % os.path.join(jms_dir, 'service.sh'))
print
- color_print('安装æˆåŠŸï¼Œè¯·è®¿é—®web, ç¥ä½ 使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档')
+ color_print('安装æˆåŠŸï¼Œè¯·è®¿é—®web, ç¥ä½ 使用愉快。\n请访问 https://github.com/ibuler/jumpserver 查看文档', 'green')
def start(self):
print "开始安装Jumpserver, è¦æ±‚环境为 CentOS 6.5 x86_64"
diff --git a/jperm/perm_api.py b/jperm/perm_api.py
index e34de01adad0c121a22f8e5778caceb954ed0023..c444b952a6e602d10aab174232fd229a98104d40 100644
--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@@ -29,7 +29,10 @@ def get_group_user_perm(ob):
"""
perm = {}
if isinstance(ob, User):
- rule_all = PermRule.objects.filter(user=ob)
+ rule_all = set(PermRule.objects.filter(user=ob))
+ for user_group in ob.group.all():
+ rule_all = rule_all.union(set(PermRule.objects.filter(user_group=user_group)))
+
elif isinstance(ob, UserGroup):
rule_all = PermRule.objects.filter(user_group=ob)
else:
@@ -80,6 +83,7 @@ def get_group_user_perm(ob):
else:
perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()),
'rule': perm_asset_group[asset_group].get('rule', set())}
+ print perm
return perm
diff --git a/jperm/views.py b/jperm/views.py
index 320c5d8ad8918ee96e4ba00fb865be2c8115745b..33dce420b798b1e592fd88e498064308df462e27 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -681,7 +681,7 @@ def perm_role_get(request):
asset = get_object(Asset, id=asset_id)
if asset:
role = user_have_perm(request.user, asset=asset)
- logger.debug('#' + ','.join([i.name for i in role]) + '#')
+ logger.debug(u'获å–授æƒç³»ç»Ÿç”¨æˆ·: ' + ','.join([i.name for i in role]))
return HttpResponse(','.join([i.name for i in role]))
else:
roles = get_group_user_perm(request.user).get('role').keys()
diff --git a/jumpserver.conf b/jumpserver.conf
index 4173bdc36744039a9e9c63e1f5b78525fae544fd..f184a246f34cf1845a9ee0f106841d1f8c818222 100644
--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -19,5 +19,5 @@ email_host = smtp.qq.com
email_port = 25
email_host_user = xxxxxxxx@qq.com
email_host_password = xxxxxx
-email_use_tls = True
+email_use_tls = False
diff --git a/jumpserver/api.py b/jumpserver/api.py
index 646aeeeb2ffaaf8a03100a3fdfc95872c60c1fa6..68a013870e6d5e88441aec111b680f916ced5cad 100644
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -165,7 +165,7 @@ class PyCrypt(object):
self.mode = AES.MODE_CBC
@staticmethod
- def gen_rand_pass(length, especial=False):
+ def gen_rand_pass(length=16, especial=False):
"""
random password
éšæœºç”Ÿæˆå¯†ç
diff --git a/run_websocket.py b/run_websocket.py
index 7af850f248a1dcce1e2e07fea725185541669a35..c77ae607782623649ed7746fa6906ac4b25cd076 100755
--- a/run_websocket.py
+++ b/run_websocket.py
@@ -33,7 +33,7 @@ except ImportError:
define("port", default=3000, help="run on the given port", type=int)
-define("host", default='0.0.0.0', help="run port on", type=str)
+define("host", default='0.0.0.0', help="run port on given host", type=str)
def require_auth(role='user'):
@@ -44,29 +44,28 @@ def require_auth(role='user'):
else:
session_key = request.get_argument('sessionid', '')
- logger.debug('Websocket: session_key: %s' % session_key)
+ logger.debug(u'请求session_key: %s' % session_key)
if session_key:
session = get_object(Session, session_key=session_key)
- logger.debug('Websocket: session: %s' % session)
if session and datetime.datetime.now() < session.expire_date:
user_id = session.get_decoded().get('_auth_user_id')
user = get_object(User, id=user_id)
if user:
- logger.debug('Websocket: user [ %s ] request websocket' % user.username)
+ logger.debug(u'用户 [ %s ] 请求websocket' % user.username)
request.user = user
if role == 'admin':
if user.role in ['SU', 'GA']:
return func(request, *args, **kwargs)
- logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
+ logger.debug(u'用户 [ %s ] ä¸æ˜¯admin.' % user.username)
else:
return func(request, *args, **kwargs)
else:
- logger.debug('Websocket: session expired: %s' % session_key)
+ logger.debug(u'session过期 %s' % session_key)
try:
request.close()
except AttributeError:
pass
- logger.warning('Websocket: Request auth failed.')
+ logger.warning('认è¯å¤±è´¥ï¼Œéžæ³•è¯·æ±‚')
return _deco2
return _deco
@@ -96,10 +95,10 @@ def file_monitor(path='.', client=None):
notifier = AsyncNotifier(wm, EventHandler(client))
wm.add_watch(path, mask, auto_add=True, rec=True)
if not os.path.isfile(path):
- logger.debug("File %s does not exist." % path)
+ logger.debug(u"文件 %s ä¸å˜åœ¨." % path)
sys.exit(3)
else:
- logger.debug("Now starting monitor file %s." % path)
+ logger.debug(u"开始监控文件 %s." % path)
global f
f = open(path, 'r')
st_size = os.stat(path)[6]
@@ -149,8 +148,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
- logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients),
- len(MonitorHandler.threads)))
+ logger.debug(u"监控在线数é‡: %s, 线程数é‡: %s" % (len(MonitorHandler.clients),
+ len(MonitorHandler.threads)))
def on_message(self, message):
# 监控日志,å‘生å˜åŠ¨å‘å‘客户端
@@ -160,7 +159,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
# 客户端主动关é—
# self.close()
- logger.debug("Websocket: Monitor client close request")
+ logger.debug("监控请求关é—")
try:
client_index = MonitorHandler.clients.index(self)
MonitorHandler.clients.remove(self)
@@ -184,10 +183,10 @@ class WebTerminalKillHandler(tornado.web.RequestHandler):
Log.objects.filter(id=ws_id).update(is_finished=True)
for ws in WebTerminalHandler.clients:
if ws.id == int(ws_id):
- logger.debug("Kill log id %s" % ws_id)
+ logger.debug(u"终结logID %s" % ws_id)
ws.log.save()
ws.close()
- logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients))
+ logger.debug(u'WebTerminal在线数é‡: %s' % len(WebTerminalHandler.clients))
class ExecHandler(tornado.websocket.WebSocketHandler):
@@ -209,7 +208,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
@require_auth('user')
def open(self):
- logger.debug('Websocket: Open exec request')
+ logger.debug('web批é‡å‘½ä»¤æ‰§è¡Œè¯·æ±‚')
role_name = self.get_argument('role', 'sb')
self.remote_ip = self.request.remote_ip
logger.debug('Web执行命令: 请求系统用户 %s' % role_name)
@@ -255,7 +254,6 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
for k, v in self.runner.results.items():
for host, output in v.items():
output = newline_pattern.sub('<br />', output)
- logger.debug(output)
if k == 'ok':
header = "<span style='color: green'>[ %s => %s]</span>\n" % (host, 'Ok')
else:
@@ -266,7 +264,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
self.write_message('\n~o~ Task finished ~o~\n')
def on_close(self):
- logger.debug('å…³é—web_exec请求')
+ logger.debug('å…³é—web批é‡å‘½ä»¤è¯·æ±‚')
class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@@ -289,30 +287,31 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@require_auth('user')
def open(self):
- logger.debug('Websocket: Open request')
+ logger.debug('WebTerminal请求')
role_name = self.get_argument('role', 'sb')
asset_id = self.get_argument('id', 9999)
asset = get_object(Asset, id=asset_id)
if asset:
roles = user_have_perm(self.user, asset)
- logger.debug(roles)
- logger.debug('系统用户: %s' % role_name)
+ logger.debug('请求系统用户: %s' % role_name)
login_role = ''
for role in roles:
if role.name == role_name:
login_role = role
break
if not login_role:
- logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname,
- self.user.username))
+ logger.warning(u'在%s è¿™å°ä¸»æœºä¸Šæ²¡æœ‰ä¸ºç”¨æˆ·%s 授æƒç³»ç»Ÿç”¨æˆ·%s ' % (asset.hostname,
+ self.user.username,
+ role_name))
self.close()
return
else:
- logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username))
+ logger.warning(u'没有授æƒè¯¥ä¸»æœº %s' % asset_id)
self.close()
return
- logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
- login_role.name))
+ logger.debug('web terminal 请求主机: %s 用户: %s 系统用户: %s' % (asset.hostname,
+ self.user.username,
+ login_role.name))
self.term = WebTty(self.user, asset, login_role, login_type='web')
self.term.remote_ip = self.request.remote_ip
self.ssh = self.term.get_connection()
@@ -352,7 +351,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
self.channel.send(data['data'])
def on_close(self):
- logger.debug('Websocket: Close request')
+ logger.debug('å…³é—websocket请求')
if self in WebTerminalHandler.clients:
WebTerminalHandler.clients.remove(self)
try:
@@ -425,6 +424,6 @@ if __name__ == '__main__':
server = tornado.httpserver.HTTPServer(app)
server.bind(options.port, options.host)
#server.listen(options.port)
- server.start(num_processes=10)
+ #server.start(num_processes=5)
print "Run server on %s:%s" % (options.host, options.port)
tornado.ioloop.IOLoop.instance().start()
diff --git a/service.sh b/service.sh
index c86d1c4136d6431fd684ee40f87055b07a678276..b2d9b34ae792bafd77769947defcbc2deaeef66a 100755
--- a/service.sh
+++ b/service.sh
@@ -27,7 +27,7 @@ start() {
else
daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 &
daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 &
- sleep 2
+ sleep 4
echo -n "$jump_start"
nums=0
@@ -53,23 +53,17 @@ stop() {
echo -n $"Stopping ${PROC_NAME} service:"
- if [ -e $lockfile ];then
- ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null
- ret=$?
-
- if [ $ret -eq 0 ]; then
- echo_success
- echo
- rm -f "$lockfile"
- else
- echo_failure
- echo
- rm -f "$lockfile"
- fi
+ ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null
+ ret=$?
+
+ if [ $ret -eq 0 ]; then
+ echo_success
+ echo
+ rm -f "$lockfile"
else
- echo_success
- echo
-
+ echo_failure
+ echo
+ rm -f "$lockfile"
fi
}