Merge branch 'master' into dev

b370f015 · ibuler · 18da6f69 · 9eb64466 · b370f015 · b370f015
Commit b370f015 authored Dec 26, 2015 by ibuler
10 changed files
--- a/README.md
+++ b/README.md
@@ -58,12 +58,7 @@ Web批量执行命令
 ### 团队
-* **广宏伟** ibuler
+![](https://github.com/ibuler/static/raw/master/jumpserver3/team.jpg)
-* **王墉** halcyon
-* **陈尚委** 假想控
-* **喻茂峻** 紫川秀
-* **刘正** evanescunt
-* **柯连春** 遍地节操

--- a/connect.py
+++ b/connect.py
@@ -32,7 +32,7 @@ from jperm.ansible_api import MyRunner
 from jlog.models import ExecLog, FileLog
 login_user = get_object(User, username=getpass.getuser())
-remote_ip = os.popen("who -m | awk '{ print $5 }'").read().strip('()\n')
+remote_ip = os.popen("who -m | awk '{ print $NF }'").read().strip('()\n')
 try:
    import termios

--- a/install/install.py
+++ b/install/install.py
@@ -6,7 +6,7 @@ import time
 import os
 import sys
 import MySQLdb
-from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError
+from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError, SMTPSenderRefused
 import ConfigParser
 import socket
 import fcntl
@@ -127,7 +127,7 @@ class PreSetup(object):
            smtp.quit()
            return True
-        except (SMTPAuthenticationError, socket.timeout, socket.gaierror), e:
+        except (SMTPAuthenticationError, socket.timeout, socket.gaierror, SMTPSenderRefused, SMTPConnectError), e:
            color_print(e, 'red')
            return False

--- a/install/next.py
+++ b/install/next.py
@@ -7,6 +7,7 @@ import django
 from django.core.management import execute_from_command_line
 import shutil
 import urllib
+import socket
 jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
 sys.path.append(jms_dir)
@@ -19,6 +20,8 @@ from juser.user_api import db_add_user, get_object, User
 from install import color_print
 from jumpserver.api import get_mac_address
+socket.setdefaulttimeout(2)
 class Setup(object):
    """
@@ -33,8 +36,11 @@ class Setup(object):
    def _pull():
        color_print('开始更新jumpserver', 'green')
        # bash('git pull')
+        try:
            mac = get_mac_address()
            version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac)
+        except:
+            pass
        os.chdir(jms_dir)
        os.chmod('logs', 0777)
        os.chmod('keys', 0777)
@@ -83,7 +89,7 @@ class Setup(object):
    def _run_service():
        os.system('sh %s start' % os.path.join(jms_dir, 'service.sh'))
        print
-        color_print('安装成功，请访问web, 祝你使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档')
+        color_print('安装成功，请访问web, 祝你使用愉快。\n请访问 https://github.com/ibuler/jumpserver 查看文档', 'green')
    def start(self):
        print "开始安装Jumpserver, 要求环境为 CentOS 6.5 x86_64"

--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@@ -29,7 +29,10 @@ def get_group_user_perm(ob):
    """
    perm = {}
    if isinstance(ob, User):
-        rule_all = PermRule.objects.filter(user=ob)
+        rule_all = set(PermRule.objects.filter(user=ob))
+        for user_group in ob.group.all():
+            rule_all = rule_all.union(set(PermRule.objects.filter(user_group=user_group)))
    elif isinstance(ob, UserGroup):
        rule_all = PermRule.objects.filter(user_group=ob)
    else:
@@ -80,6 +83,7 @@ def get_group_user_perm(ob):
                else:
                    perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()),
                                         'rule': perm_asset_group[asset_group].get('rule', set())}
+    print perm
    return perm

--- a/jperm/views.py
+++ b/jperm/views.py
@@ -681,7 +681,7 @@ def perm_role_get(request):
        asset = get_object(Asset, id=asset_id)
        if asset:
            role = user_have_perm(request.user, asset=asset)
-            logger.debug('#' + ','.join([i.name for i in role]) + '#')
+            logger.debug(u'获取授权系统用户: ' + ','.join([i.name for i in role]))
            return HttpResponse(','.join([i.name for i in role]))
    else:
        roles = get_group_user_perm(request.user).get('role').keys()

--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -19,5 +19,5 @@ email_host = smtp.qq.com
 email_port = 25
 email_host_user = xxxxxxxx@qq.com
 email_host_password = xxxxxx
-email_use_tls = True
+email_use_tls = False
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -165,7 +165,7 @@ class PyCrypt(object):
        self.mode = AES.MODE_CBC
    @staticmethod
-    def gen_rand_pass(length, especial=False):
+    def gen_rand_pass(length=16, especial=False):
        """
        random password
        随机生成密码

--- a/run_websocket.py
+++ b/run_websocket.py
@@ -33,7 +33,7 @@ except ImportError:
 define("port", default=3000, help="run on the given port", type=int)
-define("host", default='0.0.0.0', help="run port on", type=str)
+define("host", default='0.0.0.0', help="run port on given host", type=str)
 def require_auth(role='user'):
@@ -44,29 +44,28 @@ def require_auth(role='user'):
            else:
                session_key = request.get_argument('sessionid', '')
-            logger.debug('Websocket: session_key: %s' % session_key)
+            logger.debug(u'请求session_key: %s' % session_key)
            if session_key:
                session = get_object(Session, session_key=session_key)
-                logger.debug('Websocket: session: %s' % session)
                if session and datetime.datetime.now() < session.expire_date:
                    user_id = session.get_decoded().get('_auth_user_id')
                    user = get_object(User, id=user_id)
                    if user:
-                        logger.debug('Websocket: user [ %s ] request websocket' % user.username)
+                        logger.debug(u'用户 [ %s ] 请求websocket' % user.username)
                        request.user = user
                        if role == 'admin':
                            if user.role in ['SU', 'GA']:
                                return func(request, *args, **kwargs)
-                            logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
+                            logger.debug(u'用户 [ %s ] 不是admin.' % user.username)
                        else:
                            return func(request, *args, **kwargs)
                else:
-                    logger.debug('Websocket: session expired: %s' % session_key)
+                    logger.debug(u'session过期 %s' % session_key)
            try:
                request.close()
            except AttributeError:
                pass
-            logger.warning('Websocket: Request auth failed.')
+            logger.warning('认证失败，非法请求')
        return _deco2
    return _deco
@@ -96,10 +95,10 @@ def file_monitor(path='.', client=None):
    notifier = AsyncNotifier(wm, EventHandler(client))
    wm.add_watch(path, mask, auto_add=True, rec=True)
    if not os.path.isfile(path):
-        logger.debug("File %s does not exist." % path)
+        logger.debug(u"文件 %s 不存在." % path)
        sys.exit(3)
    else:
-        logger.debug("Now starting monitor file %s." % path)
+        logger.debug(u"开始监控文件 %s." % path)
        global f
        f = open(path, 'r')
        st_size = os.stat(path)[6]
@@ -149,7 +148,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
            MonitorHandler.clients.remove(self)
            MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
-        logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients),
+        logger.debug(u"监控在线数量: %s, 线程数量: %s" % (len(MonitorHandler.clients),
                                                       len(MonitorHandler.threads)))
    def on_message(self, message):
@@ -160,7 +159,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
        # 客户端主动关闭
        # self.close()
-        logger.debug("Websocket: Monitor client close request")
+        logger.debug("监控请求关闭")
        try:
            client_index = MonitorHandler.clients.index(self)
            MonitorHandler.clients.remove(self)
@@ -184,10 +183,10 @@ class WebTerminalKillHandler(tornado.web.RequestHandler):
        Log.objects.filter(id=ws_id).update(is_finished=True)
        for ws in WebTerminalHandler.clients:
            if ws.id == int(ws_id):
-                logger.debug("Kill log id %s" % ws_id)
+                logger.debug(u"终结logID %s" % ws_id)
                ws.log.save()
                ws.close()
-        logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients))
+        logger.debug(u'WebTerminal在线数量: %s' % len(WebTerminalHandler.clients))
 class ExecHandler(tornado.websocket.WebSocketHandler):
@@ -209,7 +208,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
    @require_auth('user')
    def open(self):
-        logger.debug('Websocket: Open exec request')
+        logger.debug('web批量命令执行请求')
        role_name = self.get_argument('role', 'sb')
        self.remote_ip = self.request.remote_ip
        logger.debug('Web执行命令: 请求系统用户 %s' % role_name)
@@ -255,7 +254,6 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
        for k, v in self.runner.results.items():
            for host, output in v.items():
                output = newline_pattern.sub('<br />', output)
-                logger.debug(output)
                if k == 'ok':
                    header = "<span style='color: green'>[ %s => %s]</span>\n" % (host, 'Ok')
                else:
@@ -266,7 +264,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
        self.write_message('\n~o~ Task finished ~o~\n')
    def on_close(self):
-        logger.debug('关闭web_exec请求')
+        logger.debug('关闭web批量命令请求')
 class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@@ -289,29 +287,30 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
    @require_auth('user')
    def open(self):
-        logger.debug('Websocket: Open request')
+        logger.debug('WebTerminal请求')
        role_name = self.get_argument('role', 'sb')
        asset_id = self.get_argument('id', 9999)
        asset = get_object(Asset, id=asset_id)
        if asset:
            roles = user_have_perm(self.user, asset)
-            logger.debug(roles)
+            logger.debug('请求系统用户: %s' % role_name)
-            logger.debug('系统用户: %s' % role_name)
            login_role = ''
            for role in roles:
                if role.name == role_name:
                    login_role = role
                    break
            if not login_role:
-                logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname,
+                logger.warning(u'在%s 这台主机上没有为用户%s 授权系统用户%s ' % (asset.hostname,
-                                                                                       self.user.username))
+                               self.user.username,
+                               role_name))
                self.close()
                return
        else:
-            logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username))
+            logger.warning(u'没有授权该主机 %s' % asset_id)
            self.close()
            return
-        logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
+        logger.debug('web terminal 请求主机: %s 用户: %s 系统用户: %s' % (asset.hostname,
+                     self.user.username,
                     login_role.name))
        self.term = WebTty(self.user, asset, login_role, login_type='web')
        self.term.remote_ip = self.request.remote_ip
@@ -352,7 +351,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
            self.channel.send(data['data'])
    def on_close(self):
-        logger.debug('Websocket: Close request')
+        logger.debug('关闭websocket请求')
        if self in WebTerminalHandler.clients:
            WebTerminalHandler.clients.remove(self)
        try:
@@ -425,6 +424,6 @@ if __name__ == '__main__':
    server = tornado.httpserver.HTTPServer(app)
    server.bind(options.port, options.host)
    #server.listen(options.port)
-    server.start(num_processes=10)
+    #server.start(num_processes=5)
    print "Run server on %s:%s" % (options.host, options.port)
    tornado.ioloop.IOLoop.instance().start()
--- a/service.sh
+++ b/service.sh
@@ -27,7 +27,7 @@ start() {
 	else
 		 daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 &
 		 daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 &
-         sleep 2
+         sleep 4
 		 echo -n "$jump_start"
 		 nums=0
@@ -53,7 +53,6 @@ stop() {
 	echo -n $"Stopping ${PROC_NAME} service:"
-	if [ -e $lockfile ];then
 	ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null
 	ret=$?
@@ -66,11 +65,6 @@ stop() {
 		echo
        rm -f "$lockfile"
 	fi
-	else
-			echo_success
-			echo
-	fi
 }