github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-07-06 11:36:32 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into wangyong

Browse Source
This commit is contained in:
halcyon 2015-04-16 14:34:49 +08:00
commit 29d196410e
17 changed files with 329 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
jperm/views.py
View File

@ -3,7 +3,6 @@ import sys
reload(sys) reload(sys)
sys.setdefaultencoding('utf8') sys.setdefaultencoding('utf8')
from django.core.mail import send_mail
from django.shortcuts import render_to_response from django.shortcuts import render_to_response
from django.template import RequestContext from django.template import RequestContext
from jperm.models import Perm, SudoPerm, CmdGroup, Apply from jperm.models import Perm, SudoPerm, CmdGroup, Apply
@ -11,12 +10,6 @@ from django.db.models import Q
from jumpserver.api import * from jumpserver.api import *
CONF = ConfigParser()
CONF.read('%s/jumpserver.conf' % BASE_DIR)
send_ip = CONF.get('base', 'ip')
send_port = CONF.get('base', 'port')
def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''): def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
asset_groups_select_list = [] asset_groups_select_list = []
cmd_groups_select_list = [] cmd_groups_select_list = []
@ -120,7 +113,7 @@ def dept_perm_list(request):
if keyword: if keyword:
contact_list = DEPT.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)).order_by('name') contact_list = DEPT.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)).order_by('name')
else: else:
contact_list = DEPT.objects.filter(id__gt=1) contact_list = DEPT.objects.filter(id__gt=2)
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
@ -533,14 +526,23 @@ def cmd_add(request):
dept_id = request.POST.get('dept_id') dept_id = request.POST.get('dept_id')
cmd = ','.join(request.POST.get('cmd').split()) cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment') comment = request.POST.get('comment')
dept = DEPT.objects.filter(id=dept_id) dept = DEPT.objects.filter(id=dept_id)
if dept:
try:
if CmdGroup.objects.filter(name=name):
error = '%s 命令组已存在'
raise ServerError(error)
if not dept:
error = u"部门不能为空"
raise ServerError(error)
except ServerError, e:
pass
else:
dept = dept[0] dept = dept[0]
CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment) CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
else:
error = u"部门不能为空"
msg = u'命令组添加成功' msg = u'命令组添加成功'
return HttpResponseRedirect('/jperm/cmd_list/')
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@ -555,8 +557,16 @@ def cmd_add_adm(request):
cmd = ','.join(request.POST.get('cmd').split()) cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment') comment = request.POST.get('comment')
try:
if CmdGroup.objects.filter(name=name):
error = '%s 命令组已存在'
raise ServerError(error)
except ServerError, e:
pass
else:
CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment) CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
msg = u'命令组添加成功' return HttpResponseRedirect('/jperm/cmd_list/')
return HttpResponseRedirect('/jperm/cmd_list/') return HttpResponseRedirect('/jperm/cmd_list/')
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@ -568,10 +578,12 @@ def cmd_edit(request):
cmd_group_id = request.GET.get('id') cmd_group_id = request.GET.get('id')
cmd_group = CmdGroup.objects.filter(id=cmd_group_id) cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
dept_all = DEPT.objects.all()
if cmd_group: if cmd_group:
cmd_group = cmd_group[0] cmd_group = cmd_group[0]
cmd_group_id = cmd_group.id cmd_group_id = cmd_group.id
dept_id = cmd_group.dept.id
name = cmd_group.name name = cmd_group.name
cmd = '\n'.join(cmd_group.cmd.split(',')) cmd = '\n'.join(cmd_group.cmd.split(','))
comment = cmd_group.comment comment = cmd_group.comment
@ -579,12 +591,23 @@ def cmd_edit(request):
if request.method == 'POST': if request.method == 'POST':
cmd_group_id = request.POST.get('cmd_group_id') cmd_group_id = request.POST.get('cmd_group_id')
name = request.POST.get('name') name = request.POST.get('name')
dept_id = request.POST.get('dept_id')
cmd = ','.join(request.POST.get('cmd').split()) cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment') comment = request.POST.get('comment')
cmd_group = CmdGroup.objects.filter(id=cmd_group_id) cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
if cmd_group:
cmd_group.update(name=name, cmd=cmd, comment=comment) dept = DEPT.objects.filter(id=dept_id)
try:
if not dept:
error = '没有该部门'
raise ServerError(error)
if not cmd_group:
error = '没有该命令组'
except ServerError, e:
pass
else:
cmd_group.update(name=name, cmd=cmd, dept=dept[0], comment=comment)
return HttpResponseRedirect('/jperm/cmd_list/') return HttpResponseRedirect('/jperm/cmd_list/')
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@ -624,10 +647,22 @@ def cmd_del(request):
@require_admin @require_admin
def cmd_detail(request): def cmd_detail(request):
cmd_id = request.GET.get('id') cmd_ids = request.GET.get('id').split(',')
cmd_group = CmdGroup.objects.filter(id=cmd_id) cmds = []
if len(cmd_ids) == 1:
cmd_group = CmdGroup.objects.filter(id=cmd_ids[0])
if cmd_group: if cmd_group:
cmd_group = cmd_group[0] cmd_group = cmd_group[0]
cmds.extend(cmd_group.cmd.split(','))
cmd_group_name = cmd_group.name
else:
cmd_groups = []
for cmd_id in cmd_ids:
cmd_groups.extend(CmdGroup.objects.filter(id=cmd_id))
for cmd_group in cmd_groups:
cmds.extend(cmd_group.cmd.split(','))
cmds_str = ', '.join(cmds)
return render_to_response('jperm/sudo_cmd_detail.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/sudo_cmd_detail.html', locals(), context_instance=RequestContext(request))
@ -660,7 +695,7 @@ def perm_apply(request):
time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment) a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment)
uuid = a.uuid uuid = a.uuid
url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (send_ip, send_port, uuid) url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
mail_msg = """ mail_msg = """
Hi,%s: Hi,%s:
有新的权限申请, 详情如下: 有新的权限申请, 详情如下:
@ -674,7 +709,7 @@ def perm_apply(request):
%s %s
""" % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url) """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False) send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
smg = "提交成功,已发邮件通知部门管理员。" smg = "提交成功,已发邮件通知部门管理员。"
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))

14
jumpserver.conf
View File

@ -1,8 +1,10 @@
#coding: utf8 #coding: utf8
[base] [base]
ip = 192.168.173.129 ip = 192.168.20.209
port = 80 port = 80
key = 88aaaf7ffe3c6c04
[db] [db]
@ -25,13 +27,9 @@ root_pw = secret234
web_socket_host = 192.168.173.129:3000 web_socket_host = 192.168.173.129:3000
[web]
key = 88aaaf7ffe3c6c04
[mail] [mail]
email_host = mail.funshion.com email_host = smtp.exmail.qq.com
email_port = 25 email_port = 25
email_host_user = jkfunshion email_host_user = noreply@jumpserver.org
email_host_password = jkmail% email_host_password = jumpserver123
email_use_tls = False email_use_tls = False

59
jumpserver/api.py
View File

@ -19,6 +19,7 @@ from jasset.models import Asset, BisGroup, IDC
from jlog.models import Log from jlog.models import Log
from jasset.models import AssetAlias from jasset.models import AssetAlias
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.core.mail import send_mail
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
@ -27,18 +28,12 @@ CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs') LOG_DIR = os.path.join(BASE_DIR, 'logs')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('web', 'key') KEY = CONF.get('base', 'key')
LOGIN_NAME = getpass.getuser() LOGIN_NAME = getpass.getuser()
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
SEND_IP = CONF.get('base', 'ip')
SEND_PORT = CONF.get('base', 'port')
# def user_perm_group_api(username): MAIL_FROM = CONF.get('mail', 'email_host_user')
# user = User.objects.get(username=username)
# if user:
# perm_list = []
# user_group_all = user.group.all()
# for user_group in user_group_all:
# perm_list.extend(user_group.perm_set.all())
class LDAPMgmt(): class LDAPMgmt():
@ -201,6 +196,9 @@ def require_login(func):
def require_super_user(func): def require_super_user(func):
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) != 2: if request.session.get('role_id', 0) != 2:
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
@ -209,6 +207,9 @@ def require_super_user(func):
def require_admin(func): def require_admin(func):
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) < 1: if request.session.get('role_id', 0) < 1:
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
@ -276,7 +277,8 @@ def view_splitter(request, su=None, adm=None):
return su(request) return su(request)
elif is_group_admin(request): elif is_group_admin(request):
return adm(request) return adm(request)
raise Http404 else:
return HttpResponseRedirect('/login/')
def user_perm_group_api(username): def user_perm_group_api(username):
@ -384,39 +386,38 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None,
if user_group: if user_group:
dept_user_groups = dept.usergroup_set.all() dept_user_groups = dept.usergroup_set.all()
user_groups = [] user_group_ids = []
for user_group_id in user_group: for group in dept_user_groups:
user_groups.extend(UserGroup.objects.filter(id=user_group_id)) user_group_ids.append(str(group.id))
if not set(user_groups).issubset(set(dept_user_groups)):
if not set(user_group).issubset(set(user_group_ids)):
return False return False
if user: if user:
dept_users = dept.user_set.all() dept_users = dept.user_set.all()
users = [] user_ids = []
for user_id in user: for user in dept_users:
users.extend(User.objects.filter(id=user_id)) user_ids.append(str(user.id))
if not set(users).issubset(set(dept_users)): if not set(user).issubset(set(user_ids)):
return False return False
if asset_group: if asset_group:
dept_asset_groups = dept.bisgroup_set.all() dept_asset_groups = dept.bisgroup_set.all()
asset_groups = [] asset_group_ids = []
for group_id in asset_group: for group in dept_asset_groups:
asset_groups.extend(BisGroup.objects.filter(id=int(group_id))) asset_group_ids.append(group.id)
if not set(asset_groups).issubset(set(dept_asset_groups)): if not set(asset_group).issubset(set(asset_group_ids)):
return False return False
if asset: if asset:
dept_assets = dept.asset_set.all() dept_assets = dept.asset_set.all()
assets, eassets = [], [] asset_ids = []
for asset_id in dept_assets: for asset in dept_assets:
eassets.append(int(asset_id.id)) asset_ids.append(str(asset.id))
for i in asset:
assets.append(int(i))
if not set(assets).issubset(eassets): if not set(asset).issubset(set(asset_ids)):
return False return False
return True return True

81
jumpserver/templatetags/mytags.py
View File

@ -163,6 +163,18 @@ def ugrp_perm_agrp_count(user_group_id):
return 0 return 0
@register.filter(name='ugrp_sudo_agrp_count')
def ugrp_sudo_agrp_count(user_group_id):
user_group = UserGroup.objects.filter(id=user_group_id)
asset_groups = []
if user_group:
user_group = user_group[0]
for perm in user_group.sudoperm_set.all():
asset_groups.extend(perm.asset_group.all())
return len(set(asset_groups))
return 0
@register.filter(name='ugrp_perm_asset_count') @register.filter(name='ugrp_perm_asset_count')
def ugrp_perm_asset_count(user_group_id): def ugrp_perm_asset_count(user_group_id):
user_group = UserGroup.objects.filter(id=user_group_id) user_group = UserGroup.objects.filter(id=user_group_id)
@ -175,6 +187,21 @@ def ugrp_perm_asset_count(user_group_id):
return len(set(assets)) return len(set(assets))
@register.filter(name='ugrp_sudo_asset_count')
def ugrp_sudo_asset_count(user_group_id):
user_group = UserGroup.objects.filter(id=user_group_id)
asset_groups = []
assets = []
if user_group:
user_group = user_group[0]
for perm in user_group.sudoperm_set.all():
asset_groups.extend(perm.asset_group.all())
for asset_group in asset_groups:
assets.extend(asset_group.asset_set.all())
return len(set(assets))
@register.filter(name='get_user_alias') @register.filter(name='get_user_alias')
def get_user_alias(post, user_id): def get_user_alias(post, user_id):
user = User.objects.get(id=user_id) user = User.objects.get(id=user_id)
@ -304,8 +331,52 @@ def sudo_cmd_list(cmd_group_id):
@register.filter(name='sudo_cmd_count') @register.filter(name='sudo_cmd_count')
def sudo_cmd_count(cmd_group_id): def sudo_cmd_count(user_group_id):
cmd_group = CmdGroup.objects.filter(id=cmd_group_id) user_group = UserGroup.objects.filter(id=user_group_id)
if cmd_group: cmds = []
cmd_group = cmd_group[0] if user_group:
return len(cmd_group.cmd.split(',')) user_group = user_group[0]
cmd_groups = []
for perm in user_group.sudoperm_set.all():
cmd_groups.extend(perm.cmd_group.all())
for cmd_group in cmd_groups:
cmds.extend(cmd_group.cmd.split(','))
return len(set(cmds))
else:
return 0
@register.filter(name='sudo_cmd_count')
def sudo_cmd_count(user_group_id):
user_group = UserGroup.objects.filter(id=user_group_id)
cmds = []
if user_group:
user_group = user_group[0]
cmd_groups = []
for perm in user_group.sudoperm_set.all():
cmd_groups.extend(perm.cmd_group.all())
for cmd_group in cmd_groups:
cmds.extend(cmd_group.cmd.split(','))
return len(set(cmds))
else:
return 0
@register.filter(name='sudo_cmd_ids')
def sudo_cmd_ids(user_group_id):
user_group = UserGroup.objects.filter(id=user_group_id)
if user_group:
user_group = user_group[0]
cmd_groups = []
for perm in user_group.sudoperm_set.all():
cmd_groups.extend(perm.cmd_group.all())
cmd_ids = [str(cmd_group.id) for cmd_group in cmd_groups]
return ','.join(cmd_ids)
else:
return '0'

9
jumpserver/views.py
View File

@ -50,7 +50,7 @@ def index_cu(request):
user = user[0] user = user[0]
login_types = {'L': 'LDAP', 'M': 'MAP'} login_types = {'L': 'LDAP', 'M': 'MAP'}
user_id = request.session.get('user_id') user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).name username = User.objects.get(id=user_id).username
posts = user_perm_asset_api(username) posts = user_perm_asset_api(username)
host_count = len(posts) host_count = len(posts)
new_posts = [] new_posts = []
@ -248,11 +248,12 @@ def login(request):
else: else:
username = request.POST.get('username') username = request.POST.get('username')
password = request.POST.get('password') password = request.POST.get('password')
user = User.objects.filter(username=username) user_filter = User.objects.filter(username=username)
if user: if user_filter:
user = user[0] user = user_filter[0]
if md5_crypt(password) == user.password: if md5_crypt(password) == user.password:
request.session['user_id'] = user.id request.session['user_id'] = user.id
user_filter.update(last_login=datetime.datetime.now())
if user.role == 'SU': if user.role == 'SU':
request.session['role_id'] = 2 request.session['role_id'] = 2
elif user.role == 'DA': elif user.role == 'DA':

71
juser/views.py
View File

@ -68,9 +68,11 @@ def db_add_user(**kwargs):
group = UserGroup.objects.filter(id=group_id) group = UserGroup.objects.filter(id=group_id)
group_select.extend(group) group_select.extend(group)
user.group = group_select user.group = group_select
return user
def db_update_user(**kwargs): def db_update_user(**kwargs):
print kwargs
groups_post = kwargs.pop('groups') groups_post = kwargs.pop('groups')
user_id = kwargs.pop('user_id') user_id = kwargs.pop('user_id')
user = User.objects.filter(id=user_id) user = User.objects.filter(id=user_id)
@ -152,18 +154,8 @@ def ldap_add_user(username, ldap_pwd):
'userPassword': ['{crypt}x'], 'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]} 'gidNumber': [str(user.id)]}
# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
# sudo_attr = {'objectClass': ['top', 'sudoRole'],
# 'cn': ['%s' % str(username)],
# 'sudoCommand': ['/bin/pwd'],
# 'sudoHost': ['192.168.1.1'],
# 'sudoOption': ['!authenticate'],
# 'sudoRunAsUser': ['root'],
# 'sudoUser': ['%s' % str(username)]}
ldap_conn.add(user_dn, user_attr) ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr) ldap_conn.add(group_dn, group_attr)
# ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username): def ldap_del_user(username):
@ -354,11 +346,16 @@ def group_add(request):
error = u'组名 或 部门 不能为空' error = u'组名 或 部门 不能为空'
raise AddError(error) raise AddError(error)
if UserGroup.objects.filter(name=group_name):
error = u'组名已存在'
raise AddError(error)
dept = DEPT.objects.filter(id=dept_id) dept = DEPT.objects.filter(id=dept_id)
if dept: if dept:
dept = dept[0] dept = dept[0]
else: else:
AddError(u'部门不存在') error = u'部门不存在'
raise AddError(error)
db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment) db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment)
except AddError: except AddError:
@ -596,13 +593,13 @@ def user_add(request):
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username', '') username = request.POST.get('username', '')
password = request.POST.get('password', '') password = gen_rand_pwd(16)
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
dept_id = request.POST.get('dept_id') dept_id = request.POST.get('dept_id')
groups = request.POST.getlist('groups', []) groups = request.POST.getlist('groups', [])
role_post = request.POST.get('role', 'CU') role_post = request.POST.get('role', 'CU')
ssh_key_pwd = request.POST.get('ssh_key_pwd', '') ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
@ -626,11 +623,11 @@ def user_add(request):
pass pass
else: else:
try: try:
db_add_user(username=username, user = db_add_user(username=username,
password=md5_crypt(password), password=md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role=role_post, groups=groups, role=role_post,
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd), ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
@ -638,7 +635,18 @@ def user_add(request):
server_add_user(username, password, ssh_key_pwd) server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
msg = u'添加用户 %s 成功!' % username mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
mail_msg = """
Hi, %s
您的用户名 %s
您的部门: %s
您的角色 %s
您的web登录密码 %s
您的ssh登录密码 %s
密钥下载地址 http://%s:%s/juser/down_key/?id=%s
说明 请登陆后再下载密钥
""" % (name, username, dept.name, user_role.get(role_post, ''),
password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
except Exception, e: except Exception, e:
error = u'添加用户 %s 失败 %s ' % (username, e) error = u'添加用户 %s 失败 %s ' % (username, e)
@ -649,6 +657,9 @@ def user_add(request):
ldap_del_user(username) ldap_del_user(username)
except Exception: except Exception:
pass pass
else:
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@ -662,11 +673,11 @@ def user_add_adm(request):
if request.method == 'POST': if request.method == 'POST':
username = request.POST.get('username', '') username = request.POST.get('username', '')
password = request.POST.get('password', '') password = gen_rand_pwd(16)
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
groups = request.POST.getlist('groups', []) groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '') ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16) ldap_pwd = gen_rand_pwd(16)
@ -687,7 +698,7 @@ def user_add_adm(request):
password=md5_crypt(password), password=md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role='CU', groups=groups, role='CU',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd), ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
@ -695,7 +706,6 @@ def user_add_adm(request):
server_add_user(username, password, ssh_key_pwd) server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE: if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd) ldap_add_user(username, ldap_pwd)
msg = u'添加用户 %s 成功!' % username
except Exception, e: except Exception, e:
error = u'添加用户 %s 失败 %s ' % (username, e) error = u'添加用户 %s 失败 %s ' % (username, e)
@ -706,6 +716,23 @@ def user_add_adm(request):
ldap_del_user(username) ldap_del_user(username)
except Exception: except Exception:
pass pass
else:
mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
mail_msg = """
Hi, %s
您的用户名 %s
您的部门: %s
您的角色 %s
您的web登录密码 %s
您的ssh登录密码 %s
密钥下载地址 http://%s:%s/juser/down_key/?id=%s
说明 请登陆后再下载密钥
""" % (name, username, dept.name, '普通用户',
password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
print MAIL_FROM
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@ -843,7 +870,7 @@ def user_edit(request):
groups_str = ' '.join([str(group.id) for group in user.group.all()]) groups_str = ' '.join([str(group.id) for group in user.group.all()])
else: else:
user_id = request.GET.get('user_id', '') user_id = request.POST.get('user_id', '')
password = request.POST.get('password', '') password = request.POST.get('password', '')
name = request.POST.get('name', '') name = request.POST.get('name', '')
email = request.POST.get('email', '') email = request.POST.get('email', '')
@ -858,7 +885,7 @@ def user_edit(request):
if dept: if dept:
dept = dept[0] dept = dept[0]
else: else:
dept = DEPT.objects.get(id='1') dept = DEPT.objects.get(id='2')
if user_id: if user_id:
user = User.objects.filter(id=user_id) user = User.objects.filter(id=user_id)

2
log_handler.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/python #!/usr/bin/python
#coding: utf-8 # coding: utf-8
import os import os
import re import re

24
service.sh Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# Date: 2015-04-12
# Version: 2.0.0
# Site: http://www.jumpserver.org
# Author: jumpserver group
. /etc/init.d/functions
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/node/bin
base_dir=$(dirname $0)
case $1 in
start)
daemon $base_dir/manage.py runserver 0.0.0.0:80 &
daemon $base_dir/log_handler.py &
cd $base_dir/websocket/; daemon node index.js &
;;
stop)
pkill -15 python
pkill -15 node
;;
esac

29
static/js/base.js
View File

@ -59,10 +59,13 @@ function GetTableDataBox() {
return returnData; return returnData;
} }
function move(from, to) { function move(from, to, from_o, to_o) {
$("#" + from + " option").each(function () { $("#" + from + " option").each(function () {
if ($(this).prop("selected") == true) { if ($(this).prop("selected") == true) {
$("#" + to).append(this); $("#" + to).append(this);
if( typeof from_o !== 'undefined'){
$("#"+to_o).append($("#"+from_o +" option[value='"+this.value+"']"));
}
} }
}); });
} }
@ -76,12 +79,12 @@ function move_left(from, to) {
}); });
} }
function move_all(from, to) { //function move_all(from, to) {
$("#" + from).children().each(function () { // $("#" + from).children().each(function () {
$("#" + to).append(this); // $("#" + to).append(this);
}); // });
} //}
//
function selectAll(){ function selectAll(){
var checklist = document.getElementsByName ("selected"); var checklist = document.getElementsByName ("selected");
@ -100,12 +103,12 @@ function selectAll(){
} }
//
function move_all(from, to){ //function move_all(from, to){
$("#"+from).children().each(function(){ // $("#"+from).children().each(function(){
$("#"+to).append(this); // $("#"+to).append(this);
}); // });
} //}
//function commit_select(form_array){ //function commit_select(form_array){
// $('#{0} option'.format(form_array)).each(function(){ // $('#{0} option'.format(form_array)).each(function(){

13
templates/jperm/dept_perm_edit.html
View File

@ -16,8 +16,6 @@ function search_ip(text, noselect, total){
}) })
} }
</script> </script>
<div class="wrapper wrapper-content animated fadeInRight"> <div class="wrapper wrapper-content animated fadeInRight">
@ -103,8 +101,8 @@ function search_ip(text, noselect, total){
<div class="col-sm-1"> <div class="col-sm-1">
<div class="btn-group" style="margin-top: 60px;"> <div class="btn-group" style="margin-top: 60px;">
<button type="button" class="btn btn-white" onclick="move('assets', 'asset_select' )"><i class="fa fa-chevron-right"></i></button> <button type="button" class="btn btn-white" onclick="move('assets', 'asset_select', 'assets_total', 'asset_select_total' )"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('asset_select', 'assets')"><i class="fa fa-chevron-left"></i> </button> <button type="button" class="btn btn-white" onclick="move('asset_select', 'assets', 'asset_select_total', 'assets_total')"><i class="fa fa-chevron-left"></i> </button>
</div> </div>
</div> </div>
@ -118,8 +116,6 @@ function search_ip(text, noselect, total){
</div> </div>
</div> </div>
</div> </div>
</div> </div>
<div class="row"> <div class="row">
@ -172,14 +168,11 @@ $('#sudoPerm').validator({
$(document).ready(function(){ $(document).ready(function(){
$("#submit_button").click(function(){ $("#submit_button").click(function(){
$('#users_selected option').each(function(){ $('#sudoPerm option').each(function(){
$(this).prop('selected', true) $(this).prop('selected', true)
}) })
}); });
}) })
</script> </script>

5
templates/jperm/sudo_cmd_add.html
View File

@ -63,7 +63,12 @@
<div class="col-sm-8"> <div class="col-sm-8">
<select id="dept_id" name="dept_id" class="form-control m-b"> <select id="dept_id" name="dept_id" class="form-control m-b">
{% for dept in dept_all %} {% for dept in dept_all %}
{% ifequal dept_id dept.id %}
<option value="{{ dept.id }}" selected>{{ dept.name }}</option> <option value="{{ dept.id }}" selected>{{ dept.name }}</option>
{% else %}
<option value="{{ dept.id }}">{{ dept.name }}</option>
{% endifequal %}
{% endfor %} {% endfor %}
</select> </select>
</div> </div>

6
templates/jperm/sudo_cmd_detail.html
View File

@ -14,10 +14,13 @@
<body> <body>
<div class="row"> <div class="row">
<div class="contact-box"> <div class="contact-box">
{% if cmd_group_name %}
<h2 class="text-center">{{ cmd_group.name }} 命令详情</h2> <h2 class="text-center">{{ cmd_group.name }} 命令详情</h2>
{% endif %}
<div class="ibox-content"> <div class="ibox-content">
<table class="table table-striped table-bordered table-hover " id="editable" > <table class="table table-striped table-bordered table-hover " id="editable" >
{% if cmd_group_name %}
<thead> <thead>
<tr> <tr>
<td class="text-center" width="120">ID</td> <td class="text-center" width="120">ID</td>
@ -31,10 +34,11 @@
<td class="text-center">{{ cmd_group.name }}</td> <td class="text-center">{{ cmd_group.name }}</td>
<td class="text-center">{{ cmd_group.dept.name }}</td> <td class="text-center">{{ cmd_group.dept.name }}</td>
</tr> </tr>
{% endif %}
<tr> <tr>
<td colspan="1" class="text-center">命令:</td> <td colspan="1" class="text-center">命令:</td>
<td colspan="6" class="text-center"> <td colspan="6" class="text-center">
<b>{{ cmd_group.cmd }}</b> <b>{{ cmds_str }}</b>
</td> </td>
</tr> </tr>
</table> </table>

21
templates/jperm/sudo_cmd_list.html
View File

@ -49,6 +49,7 @@
<tr> <tr>
<th class="text-center">组名</th> <th class="text-center">组名</th>
<th class="text-center">命令</th> <th class="text-center">命令</th>
<th class="text-center">部门</th>
<th class="text-center">备注</th> <th class="text-center">备注</th>
<th class="text-center">操作</th> <th class="text-center">操作</th>
</tr> </tr>
@ -58,9 +59,10 @@
<tr class="gradeX"> <tr class="gradeX">
<td class="text-center"> {{ group.name }} </td> <td class="text-center"> {{ group.name }} </td>
<td class="text-center" title="{{ group.cmd }}"> {{ group.cmd | string_length:50 }} </td> <td class="text-center" title="{{ group.cmd }}"> {{ group.cmd | string_length:50 }} </td>
<td class="text-center"> {{ group.dept.name }} </td>
<td class="text-center"> {{ group.comment }} </td> <td class="text-center"> {{ group.comment }} </td>
<td class="text-center"> <td class="text-center">
{# <a href="../cmd_detail/?id={{ group.id }}" class="btn btn-xs btn-info">详情</a>#} <a value="../cmd_detail/?id={{ group.id }}" class="btn btn-xs btn-primary iframe">详情</a>
<a href="../cmd_edit/?id={{ group.id }}" class="btn btn-xs btn-info">编辑</a> <a href="../cmd_edit/?id={{ group.id }}" class="btn btn-xs btn-info">编辑</a>
<a href="../cmd_del/?id={{ group.id }}" class="btn btn-xs btn-danger">删除</a> <a href="../cmd_del/?id={{ group.id }}" class="btn btn-xs btn-danger">删除</a>
</td> </td>
@ -117,8 +119,21 @@
</div> </div>
<script> <script>
$(document).ready(function(){ $(document).ready(function() {
$(".iframe").colorbox({iframe:true, width:"70%", height:"70%"}); $(".iframe").on('click', function () {
var url = $(this).attr("value");
$.layer({
type: 2,
title: '命令详情',
maxmin: true,
shift: 'top',
border: [2, 0.3, '#1AB394'],
shade: [0.5, '#000000'],
shadeClose: true,
area: ['800px', '600px'],
iframe: {src: url}
});
});
}); });
</script> </script>

6
templates/jperm/sudo_list.html
View File

@ -67,9 +67,9 @@
<td class="text-center"> {{ group.name }} </td> <td class="text-center"> {{ group.name }} </td>
<td class="text-center"> {{ group.dept.name }} </td> <td class="text-center"> {{ group.dept.name }} </td>
<td class="text-center"><a href="/juser/user_list/?gid={{ group.id }}">{{ group.id | member_count }} </a> </td> <td class="text-center"><a href="/juser/user_list/?gid={{ group.id }}">{{ group.id | member_count }} </a> </td>
<td class="text-center"><a href="/jasset/group_list/?sid={{ group.id }}">{{ group.id | ugrp_perm_agrp_count }} </a> </td> <td class="text-center"><a href="/jasset/group_list/?sid={{ group.id }}">{{ group.id | ugrp_sudo_agrp_count }} </a> </td>
<td class="text-center"><a href="/jasset/host_list/?sid={{ group.id }}"> {{ group.id | ugrp_perm_asset_count }} </a> </td> <td class="text-center"><a href="/jasset/host_list/?sid={{ group.id }}"> {{ group.id | ugrp_sudo_asset_count }} </a> </td>
<td class="text-center"><a value="/jperm/cmd_detail/?id={{ group.id }}" class="iframe">{{ group.id | sudo_cmd_count }}</a> </td> <td class="text-center"><a value="/jperm/cmd_detail/?id={{ group.id | sudo_cmd_ids }}" class="iframe">{{ group.id | sudo_cmd_count }}</a> </td>
<td class="text-center"> {{ group.comment }} </td> <td class="text-center"> {{ group.comment }} </td>
<td class="text-center"> <td class="text-center">
<a href="../sudo_edit/?id={{ group.id }}" class="btn btn-xs btn-danger">sudo授权</a> <a href="../sudo_edit/?id={{ group.id }}" class="btn btn-xs btn-danger">sudo授权</a>

40
templates/juser/user_add.html
View File

@ -42,26 +42,26 @@
<input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}> <input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> {# <div class="hr-line-dashed"></div>#}
<div class="form-group"> {# <div class="form-group">#}
<label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label> {# <label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label>#}
<div class="col-sm-8"> {# <div class="col-sm-8">#}
<input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}> {# <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>#}
<span class="help-block m-b-none"> {# <span class="help-block m-b-none">#}
登陆web的密码 {# 登陆web的密码#}
</span> {# </span>#}
</div> {# </div>#}
</div> {# </div>#}
<div class="hr-line-dashed"></div> {# <div class="hr-line-dashed"></div>#}
<div class="form-group"> {# <div class="form-group">#}
<label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label> {# <label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label>#}
<div class="col-sm-8"> {# <div class="col-sm-8">#}
<input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}> {# <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>#}
<span class="help-block m-b-none"> {# <span class="help-block m-b-none">#}
登陆 Jumpserver 使用的SSH密钥的密码 {# 登陆 Jumpserver 使用的SSH密钥的密码#}
</span> {# </span>#}
</div> {# </div>#}
</div> {# </div>#}
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="name" class="col-sm-2 control-label">姓名<span class="red-fonts">*</span></label> <label for="name" class="col-sm-2 control-label">姓名<span class="red-fonts">*</span></label>

1
templates/login.html
View File

@ -14,6 +14,7 @@
<link href="/static/css/animate.css" rel="stylesheet"> <link href="/static/css/animate.css" rel="stylesheet">
<link href="/static/css/style.css" rel="stylesheet"> <link href="/static/css/style.css" rel="stylesheet">
</head> </head>
<body class="gray-bg"> <body class="gray-bg">

2
templates/upload.html
View File

@ -56,7 +56,7 @@
uploadMultiple: true, uploadMultiple: true,
parallelUploads: 100, parallelUploads: 100,
maxFiles: 100, maxFiles: 100,
url: '/upload/', url: '/file/upload/',
// Dropzone settings // Dropzone settings
init: function() { init: function() {