Skip to content

J
jumpserver
Commit f760df1e authored by ibuler's avatar ibuler
Browse files
Options

角色key问题修复

parent 6fe6342c
Show whitespace changes
Inline Side-by-side
Showing with 28 additions and 15 deletions
jperm/utils.py
View file @ f760df1e
...@@ -2,7 +2,8 @@ ...@@ -2,7 +2,8 @@
import random import random
import os.path import os.path
import shutil
from paramiko import SSHException
from paramiko.rsakey import RSAKey from paramiko.rsakey import RSAKey
from jumpserver.api import mkdir from jumpserver.api import mkdir
from uuid import uuid4 from uuid import uuid4
...@@ -28,21 +29,32 @@ def updates_dict(*args): ...@@ -28,21 +29,32 @@ def updates_dict(*args):
return result return result
def gen_keys(gen=True): def gen_keys(key="", key_path_dir=""):
""" """
在KEY_DIR下创建一个 uuid命名的目录, 在KEY_DIR下创建一个 uuid命名的目录,
并且在该目录下 生产一对秘钥 并且在该目录下 生产一对秘钥
:return: 返回目录名(uuid) :return: 返回目录名(uuid)
""" """
key_basename = "key-" + uuid4().hex key_basename = "key-" + uuid4().hex
if not key_path_dir:
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename) key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
mkdir(key_path_dir, mode=0755)
if not gen:
return key_path_dir
key = RSAKey.generate(2048)
private_key = os.path.join(key_path_dir, 'id_rsa') private_key = os.path.join(key_path_dir, 'id_rsa')
public_key = os.path.join(key_path_dir, 'id_rsa.pub') public_key = os.path.join(key_path_dir, 'id_rsa.pub')
mkdir(key_path_dir, mode=0755)
if not key:
key = RSAKey.generate(2048)
key.write_private_key_file(private_key) key.write_private_key_file(private_key)
else:
key_file = os.path.join(key_path_dir, 'id_rsa')
with open(key_file, 'w') as f:
f.write(key)
f.close()
with open(key_file) as f:
try:
key = RSAKey.from_private_key(f)
except SSHException:
shutil.rmtree(key_path_dir, ignore_errors=True)
raise SSHException
os.chmod(private_key, 0644) os.chmod(private_key, 0644)
with open(public_key, 'w') as content_file: with open(public_key, 'w') as content_file:
......
jperm/views.py
View file @ f760df1e
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from django.db.models import Q from django.db.models import Q
from paramiko import SSHException
from jperm.perm_api import * from jperm.perm_api import *
from juser.user_api import gen_ssh_key from juser.user_api import gen_ssh_key
...@@ -273,20 +274,19 @@ def perm_role_add(request): ...@@ -273,20 +274,19 @@ def perm_role_add(request):
encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
# 生成随机密码,生成秘钥对 # 生成随机密码,生成秘钥对
if key_content: if key_content:
key_path = gen_keys(gen=False) try:
with open(os.path.join(key_path, 'id_rsa'), 'w') as f: key_path = gen_keys(key=key_content)
f.write(key_content) except SSHException:
raise ServerError('输入的密钥不合法')
else: else:
key_path = gen_keys() key_path = gen_keys()
logger.debug('generate role key: %s' % key_path) logger.debug('generate role key: %s' % key_path)
role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path)
role.save() role.save()
msg = u"添加角色: %s" % name msg = u"添加角色: %s" % name
return HttpResponseRedirect('/perm/role/') return HttpResponseRedirect('/jperm/role/')
except ServerError, e: except ServerError, e:
error = e error = e
else:
return HttpResponse(u"不支持该操作")
return my_render('jperm/perm_role_add.html', locals(), request) return my_render('jperm/perm_role_add.html', locals(), request)
...@@ -368,8 +368,10 @@ def perm_role_edit(request): ...@@ -368,8 +368,10 @@ def perm_role_edit(request):
role.password = encrypt_pass role.password = encrypt_pass
# 生成随机密码,生成秘钥对 # 生成随机密码,生成秘钥对
if key_content: if key_content:
with open(os.path.join(role.key_path, 'id_rsa'), 'w') as f: try:
f.write(key_content) key_path = gen_keys(key=key_content, key_path_dir=role.key_path)
except SSHException:
raise ServerError('输入的密钥不合法')
logger.debug('Recreate role key: %s' % role.key_path) logger.debug('Recreate role key: %s' % role.key_path)
# 写入数据库 # 写入数据库
role.name = role_name role.name = role_name
......
templates/jperm/perm_role_add.html
View file @ f760df1e
...@@ -47,7 +47,6 @@ ...@@ -47,7 +47,6 @@
<span class="help-block m-b-none">如果不添加密码,会自动生成</span> <span class="help-block m-b-none">如果不添加密码,会自动生成</span>
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="role_key" class="col-sm-2 control-label">角色密钥</label> <label for="role_key" class="col-sm-2 control-label">角色密钥</label>
<div class="col-sm-8"> <div class="col-sm-8">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment