diff --git a/jperm/utils.py b/jperm/utils.py
index 0d8cf32657eb33e2ebb5f717589240637506f04c..a894f4453e8f68507af7bbf5ad9f608abab1449e 100644
--- a/jperm/utils.py
+++ b/jperm/utils.py
@@ -2,7 +2,8 @@
import random
import os.path
-
+import shutil
+from paramiko import SSHException
from paramiko.rsakey import RSAKey
from jumpserver.api import mkdir
from uuid import uuid4
@@ -28,21 +29,32 @@ def updates_dict(*args):
return result
-def gen_keys(gen=True):
+def gen_keys(key="", key_path_dir=""):
"""
在KEY_DIR下创建一个 uuid命å的目录,
并且在该目录下 生产一对秘钥
:return: 返回目录å(uuid)
"""
key_basename = "key-" + uuid4().hex
- key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
- mkdir(key_path_dir, mode=0755)
- if not gen:
- return key_path_dir
- key = RSAKey.generate(2048)
+ if not key_path_dir:
+ key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
private_key = os.path.join(key_path_dir, 'id_rsa')
public_key = os.path.join(key_path_dir, 'id_rsa.pub')
- key.write_private_key_file(private_key)
+ mkdir(key_path_dir, mode=0755)
+ if not key:
+ key = RSAKey.generate(2048)
+ key.write_private_key_file(private_key)
+ else:
+ key_file = os.path.join(key_path_dir, 'id_rsa')
+ with open(key_file, 'w') as f:
+ f.write(key)
+ f.close()
+ with open(key_file) as f:
+ try:
+ key = RSAKey.from_private_key(f)
+ except SSHException:
+ shutil.rmtree(key_path_dir, ignore_errors=True)
+ raise SSHException
os.chmod(private_key, 0644)
with open(public_key, 'w') as content_file:
diff --git a/jperm/views.py b/jperm/views.py
index f550f8e13a9d8337d134b5738a8c491e092e4a75..3873dd974a02970dd7ada3071b01d11d2dcbc461 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
from django.db.models import Q
+from paramiko import SSHException
from jperm.perm_api import *
from juser.user_api import gen_ssh_key
@@ -273,20 +274,19 @@ def perm_role_add(request):
encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
# 生æˆéšæœºå¯†ç ,生æˆç§˜é’¥å¯¹
if key_content:
- key_path = gen_keys(gen=False)
- with open(os.path.join(key_path, 'id_rsa'), 'w') as f:
- f.write(key_content)
+ try:
+ key_path = gen_keys(key=key_content)
+ except SSHException:
+ raise ServerError('输入的密钥ä¸åˆæ³•')
else:
key_path = gen_keys()
logger.debug('generate role key: %s' % key_path)
role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path)
role.save()
msg = u"æ·»åŠ è§’è‰²: %s" % name
- return HttpResponseRedirect('/perm/role/')
+ return HttpResponseRedirect('/jperm/role/')
except ServerError, e:
error = e
- else:
- return HttpResponse(u"ä¸æ”¯æŒè¯¥æ“作")
return my_render('jperm/perm_role_add.html', locals(), request)
@@ -368,8 +368,10 @@ def perm_role_edit(request):
role.password = encrypt_pass
# 生æˆéšæœºå¯†ç ,生æˆç§˜é’¥å¯¹
if key_content:
- with open(os.path.join(role.key_path, 'id_rsa'), 'w') as f:
- f.write(key_content)
+ try:
+ key_path = gen_keys(key=key_content, key_path_dir=role.key_path)
+ except SSHException:
+ raise ServerError('输入的密钥ä¸åˆæ³•')
logger.debug('Recreate role key: %s' % role.key_path)
# 写入数æ®åº“
role.name = role_name
diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html
index b50c2a77878be436843cfc6cf9ffed3c4aa639b6..75e07e35a285e4d2c27bf3772a498cca54cefd27 100644
--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -47,7 +47,6 @@
<span class="help-block m-b-none">如果ä¸æ·»åŠ 密ç ,会自动生æˆ</span>
</div>
</div>
- <div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_key" class="col-sm-2 control-label">角色密钥</label>
<div class="col-sm-8">