Skip to content

J
jumpserver
Commit c08cee80 authored by guanghongwei's avatar guanghongwei
Browse files
Options

û

parent 3424bef5
Show whitespace changes
Inline Side-by-side
Showing with 81 additions and 67 deletions
jperm/views.py
View file @ c08cee80
...@@ -3,7 +3,6 @@ import sys ...@@ -3,7 +3,6 @@ import sys
reload(sys) reload(sys)
sys.setdefaultencoding('utf8') sys.setdefaultencoding('utf8')
from django.core.mail import send_mail
from django.shortcuts import render_to_response from django.shortcuts import render_to_response
from django.template import RequestContext from django.template import RequestContext
from jperm.models import Perm, SudoPerm, CmdGroup, Apply from jperm.models import Perm, SudoPerm, CmdGroup, Apply
...@@ -11,12 +10,6 @@ from django.db.models import Q ...@@ -11,12 +10,6 @@ from django.db.models import Q
from jumpserver.api import * from jumpserver.api import *
CONF = ConfigParser()
CONF.read('%s/jumpserver.conf' % BASE_DIR)
send_ip = CONF.get('base', 'ip')
send_port = CONF.get('base', 'port')
def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''): def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
asset_groups_select_list = [] asset_groups_select_list = []
cmd_groups_select_list = [] cmd_groups_select_list = []
...@@ -701,7 +694,7 @@ def perm_apply(request): ...@@ -701,7 +694,7 @@ def perm_apply(request):
time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment) a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment)
uuid = a.uuid uuid = a.uuid
url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (send_ip, send_port, uuid) url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
mail_msg = """ mail_msg = """
Hi,%s: Hi,%s:
有新的权限申请, 详情如下: 有新的权限申请, 详情如下:
...@@ -715,7 +708,7 @@ def perm_apply(request): ...@@ -715,7 +708,7 @@ def perm_apply(request):
%s %s
""" % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url) """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False) send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
smg = "提交成功,已发邮件通知部门管理员。" smg = "提交成功,已发邮件通知部门管理员。"
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
......
jumpserver.conf
View file @ c08cee80
...@@ -3,6 +3,8 @@ ...@@ -3,6 +3,8 @@
[base] [base]
ip = 192.168.173.129 ip = 192.168.173.129
port = 80 port = 80
key = 88aaaf7ffe3c6c04
[db] [db]
...@@ -25,13 +27,9 @@ root_pw = secret234 ...@@ -25,13 +27,9 @@ root_pw = secret234
web_socket_host = 192.168.20.209:3000 web_socket_host = 192.168.20.209:3000
[web]
key = 88aaaf7ffe3c6c04
[mail] [mail]
email_host = smtp.qq.com email_host = smtp.exmail.qq.com
email_port = 25 email_port = 25
email_host_user = jumpserver@qq.com email_host_user = noreply@jumpserver.org
email_host_password = jumpserver.org email_host_password = jumpserver123
email_use_tls = False email_use_tls = False
jumpserver/api.py
View file @ c08cee80
...@@ -19,6 +19,7 @@ from jasset.models import Asset, BisGroup, IDC ...@@ -19,6 +19,7 @@ from jasset.models import Asset, BisGroup, IDC
from jlog.models import Log from jlog.models import Log
from jasset.models import AssetAlias from jasset.models import AssetAlias
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.core.mail import send_mail
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
...@@ -27,18 +28,12 @@ CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) ...@@ -27,18 +28,12 @@ CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs') LOG_DIR = os.path.join(BASE_DIR, 'logs')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('web', 'key') KEY = CONF.get('base', 'key')
LOGIN_NAME = getpass.getuser() LOGIN_NAME = getpass.getuser()
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
SEND_IP = CONF.get('base', 'ip')
SEND_PORT = CONF.get('base', 'port')
# def user_perm_group_api(username): MAIL_FROM = CONF.get('mail', 'email_host_user')
# user = User.objects.get(username=username)
# if user:
# perm_list = []
# user_group_all = user.group.all()
# for user_group in user_group_all:
# perm_list.extend(user_group.perm_set.all())
class LDAPMgmt(): class LDAPMgmt():
...@@ -201,6 +196,9 @@ def require_login(func): ...@@ -201,6 +196,9 @@ def require_login(func):
def require_super_user(func): def require_super_user(func):
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) != 2: if request.session.get('role_id', 0) != 2:
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
...@@ -209,6 +207,9 @@ def require_super_user(func): ...@@ -209,6 +207,9 @@ def require_super_user(func):
def require_admin(func): def require_admin(func):
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) < 1: if request.session.get('role_id', 0) < 1:
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
...@@ -267,7 +268,8 @@ def view_splitter(request, su=None, adm=None): ...@@ -267,7 +268,8 @@ def view_splitter(request, su=None, adm=None):
return su(request) return su(request)
elif is_group_admin(request): elif is_group_admin(request):
return adm(request) return adm(request)
raise Http404 else:
return HttpResponseRedirect('/login/')
def user_perm_group_api(username): def user_perm_group_api(username):
......
jumpserver/views.py
View file @ c08cee80
...@@ -50,7 +50,7 @@ def index_cu(request): ...@@ -50,7 +50,7 @@ def index_cu(request):
user = user[0] user = user[0]
login_types = {'L': 'LDAP', 'M': 'MAP'} login_types = {'L': 'LDAP', 'M': 'MAP'}
user_id = request.session.get('user_id') user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).name username = User.objects.get(id=user_id).username
posts = user_perm_asset_api(username) posts = user_perm_asset_api(username)
host_count = len(posts) host_count = len(posts)
new_posts = [] new_posts = []
......
juser/views.py
View file @ c08cee80
...@@ -68,6 +68,7 @@ def db_add_user(**kwargs): ...@@ -68,6 +68,7 @@ def db_add_user(**kwargs):
group = UserGroup.objects.filter(id=group_id) group = UserGroup.objects.filter(id=group_id)
group_select.extend(group) group_select.extend(group)
user.group = group_select user.group = group_select
return user
def db_update_user(**kwargs): def db_update_user(**kwargs):
...@@ -153,18 +154,8 @@ def ldap_add_user(username, ldap_pwd): ...@@ -153,18 +154,8 @@ def ldap_add_user(username, ldap_pwd):
'userPassword': ['{crypt}x'], 'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]} 'gidNumber': [str(user.id)]}
# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
# sudo_attr = {'objectClass': ['top', 'sudoRole'],
# 'cn': ['%s' % str(username)],
# 'sudoCommand': ['/bin/pwd'],
# 'sudoHost': ['192.168.1.1'],
# 'sudoOption': ['!authenticate'],
# 'sudoRunAsUser': ['root'],
# 'sudoUser': ['%s' % str(username)]}
ldap_conn.add(user_dn, user_attr) ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr) ldap_conn.add(group_dn, group_attr)
# ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username): def ldap_del_user(username):
...@@ -602,13 +593,13 @@ def user_add(request): ...@@ -602,13 +593,13 @@ def user_add(request):
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username', '') username = request.POST.get('username', '')
password = request.POST.get('password', '') password = gen_rand_pwd(16)
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
dept_id = request.POST.get('dept_id') dept_id = request.POST.get('dept_id')
groups = request.POST.getlist('groups', []) groups = request.POST.getlist('groups', [])
role_post = request.POST.get('role', 'CU') role_post = request.POST.get('role', 'CU')
ssh_key_pwd = request.POST.get('ssh_key_pwd', '') ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
...@@ -632,11 +623,11 @@ def user_add(request): ...@@ -632,11 +623,11 @@ def user_add(request):
pass pass
else: else:
try: try:
db_add_user(username=username, user = db_add_user(username=username,
password=md5_crypt(password), password=md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role=role_post, groups=groups, role=role_post,
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd), ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
...@@ -644,7 +635,18 @@ def user_add(request): ...@@ -644,7 +635,18 @@ def user_add(request):
server_add_user(username, password, ssh_key_pwd) server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
msg = u'添加用户 %s 成功!' % username mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
mail_msg = """
Hi, %s
您的用户名: %s
您的部门: %s
您的角色: %s
您的web登录密码: %s
您的ssh登录密码: %s
密钥下载地址: http://%s:%s/juser/down_key/?id=%s
说明: 请登陆后再下载密钥!
""" % (name, username, dept.name, user_role.get(role_post, ''),
password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
except Exception, e: except Exception, e:
error = u'添加用户 %s 失败 %s ' % (username, e) error = u'添加用户 %s 失败 %s ' % (username, e)
...@@ -655,6 +657,9 @@ def user_add(request): ...@@ -655,6 +657,9 @@ def user_add(request):
ldap_del_user(username) ldap_del_user(username)
except Exception: except Exception:
pass pass
else:
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
...@@ -668,11 +673,11 @@ def user_add_adm(request): ...@@ -668,11 +673,11 @@ def user_add_adm(request):
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username', '') username = request.POST.get('username', '')
password = request.POST.get('password', '') password = gen_rand_pwd(16)
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
groups = request.POST.getlist('groups', []) groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '') ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
...@@ -693,7 +698,7 @@ def user_add_adm(request): ...@@ -693,7 +698,7 @@ def user_add_adm(request):
password=md5_crypt(password), password=md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role='CU', groups=groups, role='CU',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd), ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
...@@ -701,7 +706,6 @@ def user_add_adm(request): ...@@ -701,7 +706,6 @@ def user_add_adm(request):
server_add_user(username, password, ssh_key_pwd) server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
msg = u'添加用户 %s 成功!' % username
except Exception, e: except Exception, e:
error = u'添加用户 %s 失败 %s ' % (username, e) error = u'添加用户 %s 失败 %s ' % (username, e)
...@@ -712,6 +716,22 @@ def user_add_adm(request): ...@@ -712,6 +716,22 @@ def user_add_adm(request):
ldap_del_user(username) ldap_del_user(username)
except Exception: except Exception:
pass pass
else:
mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
mail_msg = """
Hi, %s
您的用户名: %s
您的部门: %s
您的角色: %s
您的web登录密码: %s
您的ssh登录密码: %s
密钥下载地址: %s
说明: 请登陆后再下载密钥!
""" % (name, username, dept.name, '普通用户', password, ssh_key_pwd, ssh_key_pwd)
print MAIL_FROM
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
......
templates/juser/user_add.html
View file @ c08cee80
...@@ -42,26 +42,26 @@ ...@@ -42,26 +42,26 @@
<input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}> <input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> {# <div class="hr-line-dashed"></div>#}
<div class="form-group"> {# <div class="form-group">#}
<label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label> {# <label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label>#}
<div class="col-sm-8"> {# <div class="col-sm-8">#}
<input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}> {# <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>#}
<span class="help-block m-b-none"> {# <span class="help-block m-b-none">#}
登陆web的密码 {# 登陆web的密码#}
</span> {# </span>#}
</div> {# </div>#}
</div> {# </div>#}
<div class="hr-line-dashed"></div> {# <div class="hr-line-dashed"></div>#}
<div class="form-group"> {# <div class="form-group">#}
<label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label> {# <label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label>#}
<div class="col-sm-8"> {# <div class="col-sm-8">#}
<input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}> {# <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>#}
<span class="help-block m-b-none"> {# <span class="help-block m-b-none">#}
登陆 Jumpserver 使用的SSH密钥的密码 {# 登陆 Jumpserver 使用的SSH密钥的密码#}
</span> {# </span>#}
</div> {# </div>#}
</div> {# </div>#}
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="name" class="col-sm-2 control-label">姓名<span class="red-fonts">*</span></label> <label for="name" class="col-sm-2 control-label">姓名<span class="red-fonts">*</span></label>
......
templates/login.html
View file @ c08cee80
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
<link href="/static/css/animate.css" rel="stylesheet"> <link href="/static/css/animate.css" rel="stylesheet">
<link href="/static/css/style.css" rel="stylesheet"> <link href="/static/css/style.css" rel="stylesheet">
</head> </head>
<body class="gray-bg"> <body class="gray-bg">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment