From e5fe13337b78da0957467dbdc6b89a6564471286 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 13:57:37 +0800 Subject: [PATCH 01/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9jasset?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jasset/views.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jasset/views.py b/jasset/views.py index 52a95d32e..a0d7e1c73 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -7,7 +7,7 @@ from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger -from models import IDC, Asset, Group +from models import IDC, Asset, UserGroup from connect import PyCrypt, KEY @@ -20,7 +20,7 @@ def jadd(request): groups = [] cryptor = PyCrypt(KEY) eidc = IDC.objects.all() - egroup = Group.objects.all() + egroup = UserGroup.objects.all() is_actived = {'active': 1, 'no_active': 0} login_typed = {'LDAP': 'L', 'SSH_KEY': 'S', 'PASSWORD': 'P', 'MAP': 'M'} @@ -40,7 +40,7 @@ def jadd(request): j_idc = IDC.objects.get(name=j_idc) for group in j_group: - c = Group.objects.get(name=group) + c = UserGroup.objects.get(name=group) groups.append(c) if Asset.objects.filter(ip=str(j_ip)): From 796533b7a92ed6c80d9aa4bf18874fd18b5bf3e0 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 14:07:06 +0800 Subject: [PATCH 02/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/juser/user_add.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 65d6ae890..bc24ab1fa 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -66,8 +66,9 @@ {% for group in groups %} {% if forloop.first %} + {% else %} + {% endif %} - {% endfor %} From f7a54e13c3045742dc22cbc1bdf0929b7b41b174 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 14:52:35 +0800 Subject: [PATCH 03/20] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=BA=93=E6=B7=BB?= =?UTF-8?q?=E5=8A=A0=E7=94=A8=E6=88=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- juser/views.py | 39 ++++++++++++++++++++++++++++++++--- static/css/style.css | 2 +- templates/juser/user_add.html | 18 ++++++++++++---- 3 files changed, 51 insertions(+), 8 deletions(-) diff --git a/juser/views.py b/juser/views.py index 5c44bdc16..21174962d 100644 --- a/juser/views.py +++ b/juser/views.py @@ -55,12 +55,27 @@ def user_list(request): pass +def db_add_user(**kwargs): + user = User(**kwargs) + group_select = [] + for group_id in groups: + group = UserGroup.objects.filter(id=group_id) + group_select.extend(group) + user.user_group = group_select + user.save() + + +def db_del_user(username): + user = User.objects.get(username=username) + user.delete() + + def user_add(request): error = '' msg = '' - user_role = {'SU': 'SuperUser', 'GA': 'GroupAdmin', 'CU': 'CommonUser'} - groups = UserGroup.objects.all() + user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} + all_group = UserGroup.objects.all() if request.method == 'POST': username = request.POST.get('j_username', None) password = request.POST.get('j_password', None) @@ -69,12 +84,30 @@ def user_add(request): groups = request.POST.getlist('j_group', None) role = request.POST.get('j_role', None) ssh_pwd = request.POST.get('j_ssh_pwd', None) + ssh_key_pwd1 = request.POST.get('j_ssh_key_pwd1', None) is_active = request.POST.get('j_is_active', None) + try: + if None in [username, password, ssh_key_pwd1, name, groups, role, is_active]: + error = u'带*内容不能为空' + raise AddError + user = User.objects.filter(username=username) + if user: + error = u'用户 %s 已存在' % username + raise AddError + + except AddError: + pass + else: + db_add_user(username=username, password=password, name=name, email=email, + groups=groups, role=role, ssh_pwd=ssh_pwd, ssh_key_pwd1=ssh_key_pwd1, + is_active=is_active) + msg = u'添加用户成功' return render_to_response('juser/user_add.html', {'header_title': u'添加用户 | Add User', 'path1': 'juser', 'path2': 'user_add', - 'roles': user_role, 'groups': groups}) + 'roles': user_role, 'all_group': all_group, + 'error': error, 'msg': msg}) diff --git a/static/css/style.css b/static/css/style.css index 9c9fc28d3..956572145 100644 --- a/static/css/style.css +++ b/static/css/style.css @@ -1,4 +1,4 @@ -/*@import url("//fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&lang=en");*/ +@import url("//fonts.useso.com/css?family=Open+Sans:300,400,600,700&lang=en"); /* * * INSPINIA - Responsive Admin Theme diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index bc24ab1fa..5bd387430 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -45,6 +45,16 @@
+
+ +
+ + + 登陆Jumpserver Terminal 使用SSH密钥的密码 + +
+
+
@@ -63,7 +73,7 @@
{% for r, role in roles.items %} - + {% endfor %}
- +
- + 如果使用password方式,该密码是用户在后端服务器的密码 From b3444d2398de933de9f25b65085c5c0601b5f670 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 14:57:27 +0800 Subject: [PATCH 04/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- juser/views.py | 2 +- templates/juser/user_add.html | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/juser/views.py b/juser/views.py index 21174962d..6802616fb 100644 --- a/juser/views.py +++ b/juser/views.py @@ -58,7 +58,7 @@ def user_list(request): def db_add_user(**kwargs): user = User(**kwargs) group_select = [] - for group_id in groups: + for group_id in kwargs.get('groups', None): group = UserGroup.objects.filter(id=group_id) group_select.extend(group) user.user_group = group_select diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 5bd387430..7d571b859 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -50,7 +50,7 @@
- 登陆Jumpserver Terminal 使用SSH密钥的密码 + 登陆 Jumpserver 使用的SSH密钥的密码
@@ -62,13 +62,6 @@
-
- -
- -
-
-
@@ -105,6 +98,13 @@
+
+ +
+ +
+
+
From 56fe39d346a28022142120c7c7b322374fd8cd6d Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 14:58:34 +0800 Subject: [PATCH 05/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9vbug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/juser/user_add.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 7d571b859..dd2f0ae41 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -27,7 +27,7 @@
-
+
From 3a3c5701b7409c3e0d464ad12ccd88156b35abcd Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 15:04:34 +0800 Subject: [PATCH 06/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9vbug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/juser/user_add.html | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index dd2f0ae41..1aa9bbcac 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -27,7 +27,13 @@
- + + {% if error %} +
{{ error }}
+ {% endif %} + {% if msg %} +
{{ msg }}
+ {% endif %}
From ae227aad77ed8920160d9a5e7cb64f0420f6b340 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 15:07:56 +0800 Subject: [PATCH 07/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/juser/user_add.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 1aa9bbcac..72048a182 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -37,7 +37,7 @@
- +
From 8b91d5774f0958af545f0efe1c43485033a71944 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 15:15:49 +0800 Subject: [PATCH 08/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- juser/views.py | 22 ++++++++++----------- templates/juser/group_add.html | 8 ++++---- templates/juser/user_add.html | 36 +++++++++++++++++----------------- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/juser/views.py b/juser/views.py index 6802616fb..554274430 100644 --- a/juser/views.py +++ b/juser/views.py @@ -13,8 +13,8 @@ def group_add(request): error = '' msg = '' if request.method == 'POST': - group_name = request.POST.get('j_group_name', None) - comment = request.POST.get('j_comment', None) + group_name = request.POST.get('group_name', None) + comment = request.POST.get('comment', None) try: if not group_name: @@ -77,15 +77,15 @@ def user_add(request): user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} all_group = UserGroup.objects.all() if request.method == 'POST': - username = request.POST.get('j_username', None) - password = request.POST.get('j_password', None) - name = request.POST.get('j_name', None) - email = request.POST.get('j_email', '') - groups = request.POST.getlist('j_group', None) - role = request.POST.get('j_role', None) - ssh_pwd = request.POST.get('j_ssh_pwd', None) - ssh_key_pwd1 = request.POST.get('j_ssh_key_pwd1', None) - is_active = request.POST.get('j_is_active', None) + username = request.POST.get('username', None) + password = request.POST.get('password', None) + name = request.POST.get('name', None) + email = request.POST.get('email', '') + groups = request.POST.getlist('groups', None) + role = request.POST.get('role', None) + ssh_pwd = request.POST.get('ssh_pwd', None) + ssh_key_pwd1 = request.POST.get('ssh_key_pwd1', None) + is_active = request.POST.get('is_active', '1') try: if None in [username, password, ssh_key_pwd1, name, groups, role, is_active]: diff --git a/templates/juser/group_add.html b/templates/juser/group_add.html index 11bd489f0..da5481b35 100644 --- a/templates/juser/group_add.html +++ b/templates/juser/group_add.html @@ -35,16 +35,16 @@
{{ msg }}
{% endif %}
- +
- +
- +
- +
diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 72048a182..01430bbfe 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -35,16 +35,16 @@
{{ msg }}
{% endif %}
- +
- +
- +
- + 登陆web的密码 @@ -52,9 +52,9 @@
- +
- + 登陆 Jumpserver 使用的SSH密钥的密码 @@ -62,16 +62,16 @@
- +
- +
- +
- {% for group in all_group %} {% if forloop.first %} @@ -84,9 +84,9 @@
- +
- {% for r, role in roles.items %} {% endfor %} @@ -95,9 +95,9 @@
- +
- + 如果使用password方式,该密码是用户在后端服务器的密码 @@ -105,9 +105,9 @@
- +
- +
@@ -115,10 +115,10 @@
- +
- +
From 95fb1bfd1c01b915b66658184be230f8caba188e Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 15:24:16 +0800 Subject: [PATCH 09/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- juser/views.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/juser/views.py b/juser/views.py index 554274430..1708c8ca5 100644 --- a/juser/views.py +++ b/juser/views.py @@ -1,4 +1,8 @@ # coding: utf-8 +# Author: Guanghongwei +# Email: ibuler@qq.com + +import time from django.shortcuts import render_to_response @@ -56,13 +60,14 @@ def user_list(request): def db_add_user(**kwargs): + groups_post = kwargs.pop('groups') user = User(**kwargs) group_select = [] - for group_id in kwargs.get('groups', None): + for group_id in groups_post: group = UserGroup.objects.filter(id=group_id) group_select.extend(group) - user.user_group = group_select user.save() + user.user_group = group_select def db_del_user(username): @@ -99,9 +104,10 @@ def user_add(request): except AddError: pass else: + time_now = time.time() db_add_user(username=username, password=password, name=name, email=email, groups=groups, role=role, ssh_pwd=ssh_pwd, ssh_key_pwd1=ssh_key_pwd1, - is_active=is_active) + is_active=is_active, date_joined=time_now) msg = u'添加用户成功' return render_to_response('juser/user_add.html', {'header_title': u'添加用户 | Add User', From 97dcb4ca91d1ed60d6b46eb2a494271667dfb1ba Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 15:54:09 +0800 Subject: [PATCH 10/20] Locals --- jumpserver/views.py | 4 ++++ juser/views.py | 28 +++++++++++++++++++++++++--- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/jumpserver/views.py b/jumpserver/views.py index baeebf2d5..9c5cfc0ff 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -10,3 +10,7 @@ def base(request): def skin_config(request): return render_to_response('skin_config.html') + + +def header_path(header_title, path1, path2): + return header_title, path1, path2 diff --git a/juser/views.py b/juser/views.py index 1708c8ca5..d2a28ccdb 100644 --- a/juser/views.py +++ b/juser/views.py @@ -3,10 +3,31 @@ # Email: ibuler@qq.com import time +import hashlib +import random from django.shortcuts import render_to_response from juser.models import UserGroup, User +from connect import PyCrypt, KEY +from jumpserver.views import header_path + + +cryptor = PyCrypt(KEY) + + +def md5_crypt(string): + return hashlib.new("md5", string).hexdigest() + + +def gen_rand_pass(num): + """生成随机密码""" + seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" + salt_list = [] + for i in range(num): + salt_list.append(random.choice(seed)) + salt = ''.join(salt_list) + return salt class AddError(Exception): @@ -16,6 +37,8 @@ class AddError(Exception): def group_add(request): error = '' msg = '' + header_title, path1, path2 = header_path('添加属组 | Add Group', 'juser', 'group_add') + if request.method == 'POST': group_name = request.POST.get('group_name', None) comment = request.POST.get('comment', None) @@ -42,12 +65,11 @@ def group_add(request): msg = u'添加组 %s 成功' % group_name return render_to_response('juser/group_add.html', - {'header_title': u'添加属组 | Add Group', - 'path1': 'juser', 'path2': 'group_add', - 'error': error, 'msg': msg}) + locals()) def group_list(request): + groups = UserGroup.objects.all() return render_to_response('juser/group_list.html', {'header_title': u'查看属组 | Add Group', From 8c9e763f74d99841dc33adddc53c79262817d09c Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 16:24:44 +0800 Subject: [PATCH 11/20] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=BB=98=E8=AE=A4?= =?UTF-8?q?=E5=80=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jumpserver/views.py | 2 -- juser/views.py | 20 +++++++------------- templates/juser/user_add.html | 29 ++++++++++++++++++----------- 3 files changed, 25 insertions(+), 26 deletions(-) diff --git a/jumpserver/views.py b/jumpserver/views.py index 9c5cfc0ff..ef9c9560c 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -12,5 +12,3 @@ def skin_config(request): return render_to_response('skin_config.html') -def header_path(header_title, path1, path2): - return header_title, path1, path2 diff --git a/juser/views.py b/juser/views.py index d2a28ccdb..e632ef9f0 100644 --- a/juser/views.py +++ b/juser/views.py @@ -10,7 +10,6 @@ from django.shortcuts import render_to_response from juser.models import UserGroup, User from connect import PyCrypt, KEY -from jumpserver.views import header_path cryptor = PyCrypt(KEY) @@ -37,7 +36,7 @@ class AddError(Exception): def group_add(request): error = '' msg = '' - header_title, path1, path2 = header_path('添加属组 | Add Group', 'juser', 'group_add') + header_title, path1, path2 = '添加属组 | Add Group', 'juser', 'group_add' if request.method == 'POST': group_name = request.POST.get('group_name', None) @@ -69,12 +68,10 @@ def group_add(request): def group_list(request): - + header_title, path1, path2 = '查看属组 | Add Group', 'juser', 'group_add' groups = UserGroup.objects.all() return render_to_response('juser/group_list.html', - {'header_title': u'查看属组 | Add Group', - 'path1': 'juser', 'path2': 'group_add', - 'groups': groups}) + locals()) def user_list(request): @@ -100,7 +97,7 @@ def db_del_user(username): def user_add(request): error = '' msg = '' - + header_title, path1, path2 = '添加用户 | Add User', 'juser', 'user_add' user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} all_group = UserGroup.objects.all() if request.method == 'POST': @@ -109,13 +106,13 @@ def user_add(request): name = request.POST.get('name', None) email = request.POST.get('email', '') groups = request.POST.getlist('groups', None) - role = request.POST.get('role', None) + role_post = request.POST.get('role', None) ssh_pwd = request.POST.get('ssh_pwd', None) ssh_key_pwd1 = request.POST.get('ssh_key_pwd1', None) is_active = request.POST.get('is_active', '1') try: - if None in [username, password, ssh_key_pwd1, name, groups, role, is_active]: + if None in [username, password, ssh_key_pwd1, name, groups, role_post, is_active]: error = u'带*内容不能为空' raise AddError user = User.objects.filter(username=username) @@ -132,10 +129,7 @@ def user_add(request): is_active=is_active, date_joined=time_now) msg = u'添加用户成功' return render_to_response('juser/user_add.html', - {'header_title': u'添加用户 | Add User', - 'path1': 'juser', 'path2': 'user_add', - 'roles': user_role, 'all_group': all_group, - 'error': error, 'msg': msg}) + locals()) diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 01430bbfe..42a724426 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -37,14 +37,14 @@
- +
- + 登陆web的密码 @@ -54,7 +54,7 @@
- + 登陆 Jumpserver 使用的SSH密钥的密码 @@ -64,7 +64,7 @@
- +
@@ -73,10 +73,14 @@
@@ -87,8 +91,12 @@
@@ -97,7 +105,7 @@
- + 如果使用password方式,该密码是用户在后端服务器的密码 @@ -107,12 +115,11 @@
- +
-
From 8875cb2f9eff6bdf32dfa0c158ff059cbb9f7823 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sat, 10 Jan 2015 16:28:09 +0800 Subject: [PATCH 12/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/juser/user_add.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 42a724426..58c1a37bc 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -91,7 +91,7 @@
{% for group in all_group %} - {% if groups and group.id in groups %} + {% if group.id in groups_str %} {% else %} {% if forloop.first %} From 9304a911ea509738d69c500387685297ac4d8246 Mon Sep 17 00:00:00 2001 From: ibuler Date: Sat, 10 Jan 2015 23:31:32 +0800 Subject: [PATCH 14/20] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=87=AA=E5=AE=9A?= =?UTF-8?q?=E4=B9=89tag?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jumpserver/settings.py | 1 + jumpserver/templatetags/__init__.py | 1 + jumpserver/templatetags/mytags.py | 17 +++++++++++++++++ juser/views.py | 2 +- templates/juser/user_add.html | 3 ++- 5 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 jumpserver/templatetags/__init__.py create mode 100644 jumpserver/templatetags/mytags.py diff --git a/jumpserver/settings.py b/jumpserver/settings.py index 67e9bc776..5b991157f 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -46,6 +46,7 @@ INSTALLED_APPS = ( 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', + 'jumpserver', 'juser', 'jasset', 'jpermission', diff --git a/jumpserver/templatetags/__init__.py b/jumpserver/templatetags/__init__.py new file mode 100644 index 000000000..bfd53d39f --- /dev/null +++ b/jumpserver/templatetags/__init__.py @@ -0,0 +1 @@ +__author__ = 'Hudie' diff --git a/jumpserver/templatetags/mytags.py b/jumpserver/templatetags/mytags.py new file mode 100644 index 000000000..3ef015a5c --- /dev/null +++ b/jumpserver/templatetags/mytags.py @@ -0,0 +1,17 @@ +import time +from django import template + +register = template.Library() + + +@register.filter(name='stamp2str') +def stamp2str(value): + try: + return time.strftime('%Y/%m/%d %H:%M:%S', time.localtime(value)) + except AttributeError: + return '0000/00/00 00:00:00' + + +@register.filter(name='int2str') +def int2str(value): + return str(value) diff --git a/juser/views.py b/juser/views.py index 6f5c4803a..814a38ca4 100644 --- a/juser/views.py +++ b/juser/views.py @@ -126,7 +126,7 @@ def user_add(request): else: time_now = time.time() db_add_user(username=username, password=password, name=name, email=email, - groups=groups, role=role, ssh_pwd=ssh_pwd, ssh_key_pwd1=ssh_key_pwd1, + groups=groups, role=role_post, ssh_pwd=ssh_pwd, ssh_key_pwd1=ssh_key_pwd1, is_active=is_active, date_joined=time_now) msg = u'添加用户成功' return render_to_response('juser/user_add.html', diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index ac7730da9..4f1cc5531 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -1,4 +1,5 @@ {% extends 'base.html' %} +{% load mytags %} {% block content %} {% include 'nav_cat_bar.html' %} @@ -73,7 +74,7 @@
{% for group in all_group %} - {% if group.id|int2str in groups_str %} - + {% if groups_str %} + {% if group.id|int2str in groups_str %} + + {% else %} + + {% endif %} {% else %} {% if forloop.first %} From bc5b32bcead1e6e2388e80ce80dd3f061c330286 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 12 Jan 2015 23:52:41 +0800 Subject: [PATCH 16/20] =?UTF-8?q?=E6=B7=BB=E5=8A=A0useradd=E7=9A=84?= =?UTF-8?q?=E5=87=BD=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- connect.py | 8 +-- juser/views.py | 165 ++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 159 insertions(+), 14 deletions(-) diff --git a/connect.py b/connect.py index 61bace914..3d52e727b 100755 --- a/connect.py +++ b/connect.py @@ -34,12 +34,12 @@ except ImportError: time.sleep(3) sys.exit() -CURRENT_DIR = os.path.dirname(__file__) +BASE_DIR = os.path.dirname(__file__) CONF = ConfigParser() -CONF.read(os.path.join(CURRENT_DIR, 'jumpserver.conf')) -LOG_DIR = os.path.join(CURRENT_DIR, 'logs') +CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) +LOG_DIR = os.path.join(BASE_DIR, 'logs') # Web generate user ssh_key dir. -SSH_KEY_DIR = os.path.join(CURRENT_DIR, 'keys') +SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') # User upload the server key to this dir. SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') # The key of decryptor. diff --git a/juser/views.py b/juser/views.py index 814a38ca4..7b2252669 100644 --- a/juser/views.py +++ b/juser/views.py @@ -3,23 +3,35 @@ # Email: ibuler@qq.com import time +import os import hashlib import random +import subprocess +import ldap +from ldap import modlist +from Crypto.PublicKey import RSA +import crypt from django.shortcuts import render_to_response from juser.models import UserGroup, User from connect import PyCrypt, KEY +from connect import BASE_DIR +from connect import CONF cryptor = PyCrypt(KEY) +ldap_host_url = CONF.get('ldap', 'host_url') +ldap_base_dn = CONF.get('ldap', 'base_dn') +ldap_root_dn = CONF.get('ldap', 'root_dn') +ldap_root_pwd = CONF.get('ldap', 'root_pw') def md5_crypt(string): return hashlib.new("md5", string).hexdigest() -def gen_rand_pass(num): +def gen_rand_pwd(num): """生成随机密码""" seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" salt_list = [] @@ -29,10 +41,74 @@ def gen_rand_pass(num): return salt +def bash(cmd): + """执行bash命令""" + return subprocess.call(cmd, shell=True) + + +def is_dir(dir_name, mode=0755): + if not os.path.isdir(dir_name): + os.makedirs(dir_name) + os.chmod(dir_name, mode) + + class AddError(Exception): pass +class LDAPMgmt(): + def __init__(self, + host_url=ldap_host_url, + base_dn=ldap_base_dn, + root_cn=ldap_root_dn, + root_pw=ldap_root_pwd): + self.ldap_host = host_url + self.ldap_base_dn = base_dn + self.conn = ldap.initialize(host_url) + self.conn.set_option(ldap.OPT_REFERRALS, 0) + self.conn.protocol_version = ldap.VERSION3 + self.conn.simple_bind_s(root_cn, root_pw) + + def list(self, filter, scope=ldap.SCOPE_SUBTREE, attr=None): + result = {} + try: + ldap_result = self.conn.search_s(self.ldap_base_dn, scope, filter, attr) + for entry in ldap_result: + name, data = entry + for k, v in data.items(): + print '%s: %s' % (k, v) + result[k] = v + return result + except ldap.LDAPError, e: + print e + + def add(self, dn, attrs): + try: + ldif = modlist.addModlist(attrs) + self.conn.add_s(dn, ldif) + except ldap.LDAPError, e: + print e + + def modify(self, dn, attrs): + try: + attr_s = [] + for k, v in attrs.items(): + attr_s.append((2, k, v)) + self.conn.modify_s(dn, attr_s) + except ldap.LDAPError, e: + print e + + def delete(self, dn): + try: + self.conn.delete_s(dn) + except ldap.LDAPError, e: + print e + + +def gen_sha512(salt, password): + return crypt.crypt(password, '$6$%s$' % salt) + + def group_add(request): error = '' msg = '' @@ -63,15 +139,13 @@ def group_add(request): else: msg = u'添加组 %s 成功' % group_name - return render_to_response('juser/group_add.html', - locals()) + return render_to_response('juser/group_add.html', locals()) def group_list(request): header_title, path1, path2 = '查看属组 | Add Group', 'juser', 'group_add' groups = UserGroup.objects.all() - return render_to_response('juser/group_list.html', - locals()) + return render_to_response('juser/group_list.html', locals()) def user_list(request): @@ -89,6 +163,71 @@ def db_add_user(**kwargs): user.user_group = group_select +def gen_ssh_key(username, password=None, length=2048): + private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/') + private_key_file = os.path.join(private_key_dir, username) + public_key_dir = '/home/%s/.ssh/' % username + public_key_file = os.path.join(public_key_dir, 'authorized_keys') + is_dir(private_key_dir) + is_dir(public_key_dir, mode=0700) + + key = RSA.generate(length) + with open(private_key_file, 'w') as pri_f: + pri_f.write(key.exportKey('PEM', password)) + os.chmod(private_key_file, 0600) + + pub_key = key.publickey() + with open(public_key_file, 'w') as pub_f: + pub_f.write(pub_key.exportKey('OpenSSH')) + os.chmod(public_key_file, 0600) + os.chown(public_key_file, username, username) + + +def server_add_user(username, password, ssh_key_pwd1): + bash('useradd %s; echo %s | passwd --stdin %s' % (username, password, username)) + gen_ssh_key(username, ssh_key_pwd1) + + +def ldap_add_user(username, ldap_pwd): + user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn) + password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd) + user = User.objects.get(username=username) + + user_attr = {'uid': [str(username)], + 'cn': [str(username)], + 'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'], + 'userPassword': ['{crypt}%s' % password_sha512], + 'shadowLastChange': ['16328'], + 'shadowMin': ['0'], + 'shadowMax': ['99999'], + 'shadowWarning': ['7'], + 'loginShell': ['/bin/bash'], + 'uidNumber': [str(user.id)], + 'gidNumber': [str(user.id)], + 'homeDirectory': [str('/home/%s' % username)]} + + group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn) + group_attr = {'objectClass': ['posixGroup', 'top'], + 'cn': [str(username)], + 'userPassword': ['{crypt}x'], + 'gidNumber': [str(user.id)]} + + sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn) + sudo_attr = {'objectClass': ['top', 'sudoRole'], + 'cn': ['%s' % str(username)], + 'sudoCommand': ['/bin/pwd'], + 'sudoHost': ['192.168.1.1'], + 'sudoOption': ['!authenticate'], + 'sudoRunAsUser': ['root'], + 'sudoUser': ['%s' % str(username)]} + + ldap_conn = LDAPMgmt() + + ldap_conn.add(user_dn, user_attr) + ldap_conn.add(group_dn, group_attr) + ldap_conn.add(sudo_dn, sudo_attr) + + def db_del_user(username): user = User.objects.get(username=username) user.delete() @@ -111,6 +250,7 @@ def user_add(request): ssh_pwd = request.POST.get('ssh_pwd', None) ssh_key_pwd1 = request.POST.get('ssh_key_pwd1', None) is_active = request.POST.get('is_active', '1') + ldap_pwd = gen_rand_pwd(16) try: if None in [username, password, ssh_key_pwd1, name, groups, role_post, is_active]: @@ -125,12 +265,17 @@ def user_add(request): pass else: time_now = time.time() - db_add_user(username=username, password=password, name=name, email=email, - groups=groups, role=role_post, ssh_pwd=ssh_pwd, ssh_key_pwd1=ssh_key_pwd1, - is_active=is_active, date_joined=time_now) + db_add_user(username=username, + password=md5_crypt(password), + name=name, email=email, + groups=groups, role=role_post, + ssh_pwd=cryptor.encrypt(ssh_pwd), + ssh_key_pwd1=cryptor.encrypt(ssh_key_pwd1), + ldap_pwd=cryptor.encrypt(ldap_pwd), + is_active=is_active, + date_joined=time_now) msg = u'添加用户成功' - return render_to_response('juser/user_add.html', - locals()) + return render_to_response('juser/user_add.html', locals()) From 14da0f18ab50101ad98096cf0543b54969f5039e Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 13 Jan 2015 22:14:50 +0800 Subject: [PATCH 17/20] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jumpserver.conf | 1 + juser/views.py | 84 ++++++++++++++++++++++++++++++++++--------------- 2 files changed, 60 insertions(+), 25 deletions(-) diff --git a/jumpserver.conf b/jumpserver.conf index f54c84c15..3a7d59784 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -8,6 +8,7 @@ password = mysql234 database = jumpserver [ldap] +ldap_enable = 1 host_url = ldap://127.0.0.1:389 base_dn = dc=jumpserver,dc=org root_dn = cn=admin,dc=jumpserver,dc=org diff --git a/juser/views.py b/juser/views.py index 7b2252669..a82c2cb6e 100644 --- a/juser/views.py +++ b/juser/views.py @@ -13,6 +13,7 @@ from Crypto.PublicKey import RSA import crypt from django.shortcuts import render_to_response +from django.core.exceptions import ObjectDoesNotExist from juser.models import UserGroup, User from connect import PyCrypt, KEY @@ -20,11 +21,13 @@ from connect import BASE_DIR from connect import CONF -cryptor = PyCrypt(KEY) -ldap_host_url = CONF.get('ldap', 'host_url') -ldap_base_dn = CONF.get('ldap', 'base_dn') -ldap_root_dn = CONF.get('ldap', 'root_dn') -ldap_root_pwd = CONF.get('ldap', 'root_pw') +CRYPTOR = PyCrypt(KEY) +LDAP_ENABLE = CONF.get('ldap', 'ldap_enable') +if LDAP_ENABLE: + LDAP_HOST_URL = CONF.get('ldap', 'host_url') + LDAP_BASE_DN = CONF.get('ldap', 'base_dn') + LDAP_ROOT_DN = CONF.get('ldap', 'root_dn') + LDAP_ROOT_PW = CONF.get('ldap', 'root_pw') def md5_crypt(string): @@ -58,10 +61,10 @@ class AddError(Exception): class LDAPMgmt(): def __init__(self, - host_url=ldap_host_url, - base_dn=ldap_base_dn, - root_cn=ldap_root_dn, - root_pw=ldap_root_pwd): + host_url=LDAP_HOST_URL, + base_dn=LDAP_BASE_DN, + root_cn=LDAP_ROOT_DN, + root_pw=LDAP_ROOT_PW): self.ldap_host = host_url self.ldap_base_dn = base_dn self.conn = ldap.initialize(host_url) @@ -163,6 +166,14 @@ def db_add_user(**kwargs): user.user_group = group_select +def db_del_user(username): + try: + user = User.objects.get(username=username) + user.delete() + except ObjectDoesNotExist: + pass + + def gen_ssh_key(username, password=None, length=2048): private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/') private_key_file = os.path.join(private_key_dir, username) @@ -188,8 +199,12 @@ def server_add_user(username, password, ssh_key_pwd1): gen_ssh_key(username, ssh_key_pwd1) +def server_del_user(username): + bash('userdel -r %s' % username) + + def ldap_add_user(username, ldap_pwd): - user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn) + user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd) user = User.objects.get(username=username) @@ -206,13 +221,13 @@ def ldap_add_user(username, ldap_pwd): 'gidNumber': [str(user.id)], 'homeDirectory': [str('/home/%s' % username)]} - group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn) + group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN) group_attr = {'objectClass': ['posixGroup', 'top'], 'cn': [str(username)], 'userPassword': ['{crypt}x'], 'gidNumber': [str(user.id)]} - sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn) + sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN) sudo_attr = {'objectClass': ['top', 'sudoRole'], 'cn': ['%s' % str(username)], 'sudoCommand': ['/bin/pwd'], @@ -228,9 +243,15 @@ def ldap_add_user(username, ldap_pwd): ldap_conn.add(sudo_dn, sudo_attr) -def db_del_user(username): - user = User.objects.get(username=username) - user.delete() +def ldap_del_user(username): + user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) + group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN) + sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN) + + ldap_conn = LDAPMgmt() + ldap_conn.delete(user_dn) + ldap_conn.delete(group_dn) + ldap_conn.delete(sudo_dn) def user_add(request): @@ -265,16 +286,29 @@ def user_add(request): pass else: time_now = time.time() - db_add_user(username=username, - password=md5_crypt(password), - name=name, email=email, - groups=groups, role=role_post, - ssh_pwd=cryptor.encrypt(ssh_pwd), - ssh_key_pwd1=cryptor.encrypt(ssh_key_pwd1), - ldap_pwd=cryptor.encrypt(ldap_pwd), - is_active=is_active, - date_joined=time_now) - msg = u'添加用户成功' + try: + db_add_user(username=username, + password=md5_crypt(password), + name=name, email=email, + groups=groups, role=role_post, + ssh_pwd=CRYPTOR.encrypt(ssh_pwd), + ssh_key_pwd1=CRYPTOR.encrypt(ssh_key_pwd1), + ldap_pwd=CRYPTOR.encrypt(ldap_pwd), + is_active=is_active, + date_joined=time_now) + + server_add_user(username, password, ssh_key_pwd1) + if LDAP_ENABLE: + ldap_add_user(username, ldap_pwd) + msg = '添加用户%s成功!' + + except Exception, e: + error = '添加用户%s失败 %s' % e + db_del_user(username) + server_del_user(username) + if LDAP_ENABLE: + ldap_del_user(username) + return render_to_response('juser/user_add.html', locals()) From 84a48d3aec390e4e5b20ee6a202491ef37777fc7 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 13 Jan 2015 22:44:58 +0800 Subject: [PATCH 18/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- juser/views.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/juser/views.py b/juser/views.py index a82c2cb6e..a8f3f49f9 100644 --- a/juser/views.py +++ b/juser/views.py @@ -300,14 +300,17 @@ def user_add(request): server_add_user(username, password, ssh_key_pwd1) if LDAP_ENABLE: ldap_add_user(username, ldap_pwd) - msg = '添加用户%s成功!' + msg = u'添加用户 %s 成功!' % username except Exception, e: - error = '添加用户%s失败 %s' % e - db_del_user(username) - server_del_user(username) - if LDAP_ENABLE: - ldap_del_user(username) + error = u'添加用户 %s 失败 %s ' % (username, e) + try: + db_del_user(username) + server_del_user(username) + if LDAP_ENABLE: + ldap_del_user(username) + except Exception: + pass return render_to_response('juser/user_add.html', locals()) From 2b6c2cd6fcba8eea98945b147d184474070e5174 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 13 Jan 2015 22:57:27 +0800 Subject: [PATCH 19/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- juser/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/juser/views.py b/juser/views.py index a8f3f49f9..4ba79c30b 100644 --- a/juser/views.py +++ b/juser/views.py @@ -22,7 +22,7 @@ from connect import CONF CRYPTOR = PyCrypt(KEY) -LDAP_ENABLE = CONF.get('ldap', 'ldap_enable') +LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') if LDAP_ENABLE: LDAP_HOST_URL = CONF.get('ldap', 'host_url') LDAP_BASE_DN = CONF.get('ldap', 'base_dn') From 7435d602dd9781b5313b2ec365dc68114a59bc06 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 13 Jan 2015 23:15:40 +0800 Subject: [PATCH 20/20] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E7=94=A8=E6=88=B7bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- juser/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/juser/views.py b/juser/views.py index 4ba79c30b..a7c80bb39 100644 --- a/juser/views.py +++ b/juser/views.py @@ -191,7 +191,7 @@ def gen_ssh_key(username, password=None, length=2048): with open(public_key_file, 'w') as pub_f: pub_f.write(pub_key.exportKey('OpenSSH')) os.chmod(public_key_file, 0600) - os.chown(public_key_file, username, username) + bash('chown %s:%s %s' % (username, username, public_key_file)) def server_add_user(username, password, ssh_key_pwd1):