github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-08-12 11:33:14 +00:00
Code Issues Projects Releases Wiki Activity

޸Կkey, ͨûҳ

Browse Source
This commit is contained in:
guanghongwei 2015-04-08 17:32:56 +08:00
parent bd0fd90e2d
commit 2035a49c40
13 changed files with 204 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jasset/views.py
View File

@ -3,15 +3,11 @@
import ast import ast
from django.db.models import Q from django.db.models import Q
from django.http import Http404
from django.http import HttpResponseRedirect
from django.template import RequestContext from django.template import RequestContext
from django.shortcuts import render_to_response from django.shortcuts import render_to_response
from models import IDC, Asset, BisGroup from models import IDC, Asset, BisGroup
from juser.models import UserGroup, DEPT from juser.models import UserGroup, DEPT
from connect import PyCrypt, KEY
from jlog.models import Log
from jumpserver.views import jasset_host_edit, pages from jumpserver.views import jasset_host_edit, pages
from jumpserver.api import * from jumpserver.api import *

1
jumpserver/api.py
View File

@ -281,6 +281,7 @@ def user_perm_asset_api(username):
asset_list.extend(asset_group.asset_set.all()) asset_list.extend(asset_group.asset_set.all())
return asset_list return asset_list
return []
def asset_perm_api(asset): def asset_perm_api(asset):

1
jumpserver/settings.py
View File

@ -108,7 +108,6 @@ TEMPLATE_DIRS = (
STATICFILES_DIRS = ( STATICFILES_DIRS = (
os.path.join(BASE_DIR, "static"), os.path.join(BASE_DIR, "static"),
os.path.join(BASE_DIR, "keys"),
) )
# Internationalization # Internationalization
# https://docs.djangoproject.com/en/1.7/topics/i18n/ # https://docs.djangoproject.com/en/1.7/topics/i18n/

3
jumpserver/urls.py
View File

@ -12,9 +12,12 @@ urlpatterns = patterns('',
(r'^base/$', 'jumpserver.views.base'), (r'^base/$', 'jumpserver.views.base'),
(r'^login/$', 'jumpserver.views.login'), (r'^login/$', 'jumpserver.views.login'),
(r'^logout/$', 'jumpserver.views.logout'), (r'^logout/$', 'jumpserver.views.logout'),
(r'^upload/$', 'jumpserver.views.upload'),
(r'^download/$', 'jumpserver.views.download'),
(r'^juser/', include('juser.urls')), (r'^juser/', include('juser.urls')),
(r'^jasset/', include('jasset.urls')), (r'^jasset/', include('jasset.urls')),
(r'^jlog/', include('jlog.urls')), (r'^jlog/', include('jlog.urls')),
(r'^jperm/', include('jperm.urls')), (r'^jperm/', include('jperm.urls')),
) )

22
jumpserver/views.py
View File

@ -44,6 +44,25 @@ def get_data(data, items, option):
@require_login @require_login
def index_cu(request): def index_cu(request):
user_id = request.session.get('user_id')
user = User.objects.filter(id=user_id)
if user:
user = user[0]
login_types = {'L': 'LDAP', 'M': 'MAP'}
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).name
posts = user_perm_asset_api(username)
host_count = len(posts)
new_posts = []
post_five = []
for post in posts:
if len(post_five) < 5:
post_five.append(post)
else:
new_posts.append(post_five)
post_five = []
new_posts.append(post_five)
return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request)) return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request))
@ -237,3 +256,6 @@ def install(request):
name='group_admin', email='group_admin@jumpserver.org', role='DA', is_active=True, dept=dept2).save() name='group_admin', email='group_admin@jumpserver.org', role='DA', is_active=True, dept=dept2).save()
return HttpResponse('Ok') return HttpResponse('Ok')
def upload(request):
pass

1
juser/urls.py
View File

@ -29,4 +29,5 @@ urlpatterns = patterns('juser.views',
(r'^profile/$', 'profile'), (r'^profile/$', 'profile'),
(r'^chg_info/$', 'chg_info'), (r'^chg_info/$', 'chg_info'),
(r'^chg_role/$', 'chg_role'), (r'^chg_role/$', 'chg_role'),
(r'^down_key/$', 'down_key'),
) )

42
juser/views.py
View File

@ -6,7 +6,6 @@ import random
import subprocess import subprocess
from Crypto.PublicKey import RSA from Crypto.PublicKey import RSA
import crypt import crypt
import datetime
from django.shortcuts import render_to_response from django.shortcuts import render_to_response
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
@ -32,9 +31,10 @@ def bash(cmd):
return subprocess.call(cmd, shell=True) return subprocess.call(cmd, shell=True)
def is_dir(dir_name, mode=0755): def is_dir(dir_name, username='root', mode=0755):
if not os.path.isdir(dir_name): if not os.path.isdir(dir_name):
os.makedirs(dir_name) os.makedirs(dir_name)
bash("chown %s:%s '%s'" % (username, username, dir_name))
os.chmod(dir_name, mode) os.chmod(dir_name, mode)
@ -113,7 +113,7 @@ def gen_ssh_key(username, password=None, length=2048):
public_key_dir = '/home/%s/.ssh/' % username public_key_dir = '/home/%s/.ssh/' % username
public_key_file = os.path.join(public_key_dir, 'authorized_keys') public_key_file = os.path.join(public_key_dir, 'authorized_keys')
is_dir(private_key_dir) is_dir(private_key_dir)
is_dir(public_key_dir, mode=0700) is_dir(public_key_dir, username, mode=0700)
key = RSA.generate(length) key = RSA.generate(length)
with open(private_key_file, 'w') as pri_f: with open(private_key_file, 'w') as pri_f:
@ -128,7 +128,7 @@ def gen_ssh_key(username, password=None, length=2048):
def server_add_user(username, password, ssh_key_pwd): def server_add_user(username, password, ssh_key_pwd):
bash('useradd %s; echo %s | passwd --stdin %s' % (username, password, username)) bash("useradd '%s'; echo '%s' | passwd --stdin '%s'" % (username, password, username))
gen_ssh_key(username, ssh_key_pwd) gen_ssh_key(username, ssh_key_pwd)
@ -883,6 +883,7 @@ def user_edit(request):
password = md5_crypt(password) password = md5_crypt(password)
if ssh_key_pwd != user.ssh_key_pwd: if ssh_key_pwd != user.ssh_key_pwd:
gen_ssh_key(user.username, ssh_key_pwd)
ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd) ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
db_update_user(user_id=user_id, db_update_user(user_id=user_id,
@ -991,9 +992,42 @@ def chg_info(request):
password = md5_crypt(password) password = md5_crypt(password)
if ssh_key_pwd != user.ssh_key_pwd: if ssh_key_pwd != user.ssh_key_pwd:
gen_ssh_key(user.username, ssh_key_pwd)
ssh_key_pwd = md5_crypt(ssh_key_pwd) ssh_key_pwd = md5_crypt(ssh_key_pwd)
user_set.update(name=name, password=password, ssh_key_pwd=ssh_key_pwd, email=email) user_set.update(name=name, password=password, ssh_key_pwd=ssh_key_pwd, email=email)
msg = '修改成功' msg = '修改成功'
return render_to_response('juser/chg_info.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/chg_info.html', locals(), context_instance=RequestContext(request))
@require_login
def down_key(request):
user_id = ''
if is_super_user(request):
user_id = request.GET.get('id')
if is_group_admin(request):
user_id = request.GET.get('id')
if not validate(request, user=[user_id]):
user_id = request.session.get('user_id')
if is_common_user(request):
user_id = request.session.get('user_id')
if user_id:
user = User.objects.filter(id=user_id)
if user:
user = user[0]
username = user.username
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username+".pem")
if os.path.isfile(private_key_file):
f = open(private_key_file)
data = f.read()
f.close()
response = HttpResponse(data, content_type='application/octet-stream')
response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(private_key_file)
return response
return HttpResponse('No Key File. Contact Admin.')

130
templates/index_cu.html
View File

@ -1,8 +1,9 @@
{% extends 'base.html' %} {% extends 'base.html' %}
{% load mytags %}
{% block content %} {% block content %}
{% include 'nav_cat_bar.html' %} {% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content"> <div class="wrapper wrapper-content" xmlns="http://www.w3.org/1999/html">
<div class="row"> <div class="row">
<div class="col-lg-8"> <div class="col-lg-8">
<div class="ibox float-e-margins"> <div class="ibox float-e-margins">
@ -27,9 +28,132 @@
</div> </div>
</div> </div>
<div class="ibox-content"> <div class="ibox-content" style="line-height: 26px">
helo <span style="font-size: large"></span>迎使用<span class="text-navy"><b>Jumpserver</b></span>跳板机系统,
首先需要 <b><a href="/juser/down_key/?id={{ user.id }}">下载</a></b> 登录跳板机的SSH密钥文件然后导入到工具或者ssh命令指定密钥文件(确保密钥文件权限600),输入收到的密钥密码,登录跳板机。
登录后根据提示进行操作。跳板机web界面支持修改密码、个人信息和上传下载文件等功能可以向管理员申请权限。
</div> </div>
</div>
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5> 已授权主机 </h5>
<div class="ibox-tools">
<div class="label label-primary float-left"><b>总共:{{ host_count }}</b></div>
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#">未启用 1</a>
</li>
<li><a href="#">未启用 2</a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<table class="table table-striped">
{% for host_five in new_posts %}
<tr>
{% for host in host_five %}
<td>{{ host.ip }}</td>
{% endfor %}
</tr>
{% endfor %}
</table>
{% ifequal host_count 0 %}
(空)
{% endifequal %}
</div>
</div>
</div>
<div class="col-lg-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>{{ user.name }}</b></span>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#"></a>
</li>
<li><a href="#"></a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<div>
<div class="text-left">
<table class="table">
<tr>
<td class="text-navy">ID</td>
<td>{{ user.id }}</td>
</tr>
<tr>
<td class="text-navy">用户名</td>
<td>{{ user.username }}</td>
</tr>
<tr>
<td class="text-navy">姓名</td>
<td>{{ user.name }}</td>
</tr>
<tr>
<td class="text-navy">角色</td>
<td>{{ user.id | get_role }}</td>
</tr>
<tr>
<td class="text-navy">部门</td>
<td>{{ user.dept.name }}</td>
</tr>
<tr>
<td class="text-navy">Email</td>
<td>{{ user.email }}</td>
</tr>
<tr>
<td class="text-navy">激活</td>
<td>{{ user.is_active|bool2str }}</td>
</tr>
<tr>
<td class="text-navy">添加日期</td>
<td>{{ user.date_joined|date:"Y-m-d H:i:s" }}</td>
</tr>
<tr>
<td class="text-navy">最后登录</td>
<td>{{ user.last_login|date:"Y-m-d H:i:s" }}</td>
</tr>
<tr>
<td class="text-navy">所在用户组</td>
<td>
<table class="table">
{% for group in user.group.all %}
<tr>
<td>{{ group.name }}</td>
</tr>
{% endfor %}
</table>
</td>
</tr>
</table>
</div>
</div>
</div>
</div>
</div> </div>
</div> </div>
</div> </div>

2
templates/juser/chg_info.html
View File

@ -63,7 +63,7 @@
<div class="col-sm-8"> <div class="col-sm-8">
<input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" value="{{ user.ssh_key_pwd }}"> <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" value="{{ user.ssh_key_pwd }}">
<span class="help-block m-b-none"> <span class="help-block m-b-none">
登陆 Jumpserver 使用的SSH密钥的密码 登陆 Jumpserver 使用的SSH密钥的密码,更改密钥密码需要重新下载密钥
</span> </span>
</div> </div>
</div> </div>

6
templates/juser/user_detail.html
View File

@ -136,6 +136,9 @@
</div> </div>
</div> </div>
{% endfor %} {% endfor %}
{% if not user|get_user_asset_group %}
(无)
{% endif %}
</div> </div>
</div> </div>
</div> </div>
@ -164,6 +167,9 @@
</div> </div>
</div> </div>
{% endfor %} {% endfor %}
{% if not logs_last %}
(无)
{% endif %}
</div> </div>
<button id="show" class="btn btn-primary btn-block m-t"><i class="fa fa-arrow-down"></i> Show All</button> <button id="show" class="btn btn-primary btn-block m-t"><i class="fa fa-arrow-down"></i> Show All</button>

2
templates/juser/user_edit.html
View File

@ -59,7 +59,7 @@
<div class="col-sm-8"> <div class="col-sm-8">
<input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" value="{{ user.ssh_key_pwd }}"> <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" value="{{ user.ssh_key_pwd }}">
<span class="help-block m-b-none"> <span class="help-block m-b-none">
登陆 Jumpserver 使用的SSH密钥的密码 登陆 Jumpserver 使用的SSH密钥的密码,更改密钥密码需要重新下载密钥
</span> </span>
</div> </div>
</div> </div>

2
templates/juser/user_list.html
View File

@ -72,7 +72,7 @@
<td class="text-center" title="{% for user_group in user.group.all %} {{ user_group.name }} {% endfor %}"> {{ user.group.all | group_str2 }} </td> <td class="text-center" title="{% for user_group in user.group.all %} {{ user_group.name }} {% endfor %}"> {{ user.group.all | group_str2 }} </td>
<td class="text-center"> {{ user.id | get_role }}</td> <td class="text-center"> {{ user.id | get_role }}</td>
<td class="text-center">{{ user.is_active|bool2str }}</td> <td class="text-center">{{ user.is_active|bool2str }}</td>
<td class="text-center"><a href="/static/jumpserver/{{ user.username }}.pem">下载</a></td> <td class="text-center"><a href="/juser/down_key/?id={{ user.id }}">下载</a></td>
<td class="text-center"> <td class="text-center">
<a href="../user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a> <a href="../user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a>
{% ifequal session_role_id 2 %} {% ifequal session_role_id 2 %}

9
templates/nav.html
View File

@ -136,7 +136,7 @@
<li> <li>
<a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a> <a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a>
</li> </li>
<li> <li class="user_detail">
<a href="/juser/user_detail/?id={{ session_user_id }}"><i class="fa fa-rebel"></i> <span class="nav-label">个人信息</span><span class="label label-info pull-right"></span></a> <a href="/juser/user_detail/?id={{ session_user_id }}"><i class="fa fa-rebel"></i> <span class="nav-label">个人信息</span><span class="label label-info pull-right"></span></a>
</li> </li>
<li id="jasset"> <li id="jasset">
@ -156,13 +156,10 @@
<li> <li>
<a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a> <a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level"> <ul class="nav nav-second-level">
<li><a href="/file/upload/">文件上传</a></li> <li><a href="/upload/">文件上传</a></li>
<li><a href="/file/download/">文件下载</a></li> <li><a href="/download/">文件下载</a></li>
</ul> </ul>
</li> </li>
<li>
<a href="/"><i class="fa fa-files-o"></i> <span class="nav-label">使用说明</span><span class="label label-info pull-right"></span></a>
</li>
<li class="special_link"> <li class="special_link">
<a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a> <a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a>