mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-07-04 02:26:34 +00:00
修复创建tty日志文件失败, 请修改目录 bug (#231)
* fix(api) 修改建立目录的bug 使用bash代替python完成建立777目录的功能 * fix passwd input * fix(mkdir) 修改mkdirs策略 修改原来导致的bug * fix passwd input (#232) 修复记录敏感密码bug * fix passwd input * fix passwd input
This commit is contained in:
ibuler
parent
d66ba9d6c6
commit
93e08a6e29
47
connect.py
47
connect.py
@ -93,9 +93,7 @@ class Tty(object):
|
|||||||
self.remote_ip = ''
|
self.remote_ip = ''
|
||||||
self.login_type = login_type
|
self.login_type = login_type
|
||||||
self.vim_flag = False
|
self.vim_flag = False
|
||||||
self.vim_end_flag = False
|
|
||||||
self.vim_end_pattern = re.compile(r'\x1b\[\?1049', re.X)
|
self.vim_end_pattern = re.compile(r'\x1b\[\?1049', re.X)
|
||||||
self.vim_pattern = re.compile(r'\W?vi[m]?\s.* | \W?fg\s.*', re.X)
|
|
||||||
self.vim_data = ''
|
self.vim_data = ''
|
||||||
self.stream = None
|
self.stream = None
|
||||||
self.screen = None
|
self.screen = None
|
||||||
@ -117,7 +115,8 @@ class Tty(object):
|
|||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def command_parser(self, command):
|
@staticmethod
|
||||||
|
def command_parser(command):
|
||||||
"""
|
"""
|
||||||
处理命令中如果有ps1或者mysql的特殊情况,极端情况下会有ps1和mysql
|
处理命令中如果有ps1或者mysql的特殊情况,极端情况下会有ps1和mysql
|
||||||
:param command:要处理的字符传
|
:param command:要处理的字符传
|
||||||
@ -157,14 +156,10 @@ class Tty(object):
|
|||||||
else:
|
else:
|
||||||
command = line_data
|
command = line_data
|
||||||
break
|
break
|
||||||
if command != '':
|
|
||||||
# 判断用户输入的是否是vim 或者fg命令
|
|
||||||
if self.vim_pattern.search(command):
|
|
||||||
self.vim_flag = True
|
|
||||||
# 虚拟屏幕清空
|
|
||||||
self.screen.reset()
|
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
|
# 虚拟屏幕清空
|
||||||
|
self.screen.reset()
|
||||||
return command
|
return command
|
||||||
|
|
||||||
def get_log(self):
|
def get_log(self):
|
||||||
@ -180,8 +175,8 @@ class Tty(object):
|
|||||||
log_file_path = os.path.join(today_connect_log_dir, '%s_%s_%s' % (self.username, self.asset_name, time_start))
|
log_file_path = os.path.join(today_connect_log_dir, '%s_%s_%s' % (self.username, self.asset_name, time_start))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
mkdir(os.path.dirname(today_connect_log_dir), mode=0777)
|
mkdir(os.path.dirname(today_connect_log_dir), mode=777)
|
||||||
mkdir(today_connect_log_dir, mode=0777)
|
mkdir(today_connect_log_dir, mode=777)
|
||||||
except OSError:
|
except OSError:
|
||||||
logger.debug('创建目录 %s 失败,请修改%s目录权限' % (today_connect_log_dir, tty_log_dir))
|
logger.debug('创建目录 %s 失败,请修改%s目录权限' % (today_connect_log_dir, tty_log_dir))
|
||||||
raise ServerError('创建目录 %s 失败,请修改%s目录权限' % (today_connect_log_dir, tty_log_dir))
|
raise ServerError('创建目录 %s 失败,请修改%s目录权限' % (today_connect_log_dir, tty_log_dir))
|
||||||
@ -305,7 +300,6 @@ class SshTty(Tty):
|
|||||||
old_tty = termios.tcgetattr(sys.stdin)
|
old_tty = termios.tcgetattr(sys.stdin)
|
||||||
pre_timestamp = time.time()
|
pre_timestamp = time.time()
|
||||||
data = ''
|
data = ''
|
||||||
input_str = ''
|
|
||||||
input_mode = False
|
input_mode = False
|
||||||
try:
|
try:
|
||||||
tty.setraw(sys.stdin.fileno())
|
tty.setraw(sys.stdin.fileno())
|
||||||
@ -325,8 +319,7 @@ class SshTty(Tty):
|
|||||||
x = self.channel.recv(10240)
|
x = self.channel.recv(10240)
|
||||||
if len(x) == 0:
|
if len(x) == 0:
|
||||||
break
|
break
|
||||||
if self.vim_flag:
|
|
||||||
self.vim_data += x
|
|
||||||
index = 0
|
index = 0
|
||||||
len_x = len(x)
|
len_x = len(x)
|
||||||
while index < len_x:
|
while index < len_x:
|
||||||
@ -347,11 +340,10 @@ class SshTty(Tty):
|
|||||||
pre_timestamp = now_timestamp
|
pre_timestamp = now_timestamp
|
||||||
log_file_f.flush()
|
log_file_f.flush()
|
||||||
|
|
||||||
if input_mode and not self.is_output(x):
|
self.vim_data += x
|
||||||
|
if input_mode:
|
||||||
data += x
|
data += x
|
||||||
|
|
||||||
input_str = ''
|
|
||||||
|
|
||||||
except socket.timeout:
|
except socket.timeout:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -362,25 +354,22 @@ class SshTty(Tty):
|
|||||||
pass
|
pass
|
||||||
termlog.recoder = True
|
termlog.recoder = True
|
||||||
input_mode = True
|
input_mode = True
|
||||||
input_str += x
|
if self.is_output(str(x)):
|
||||||
if str(x) in ['\r', '\n', '\r\n']:
|
# 如果len(str(x)) > 1 说明是复制输入的
|
||||||
# 这个是用来处理用户的复制操作
|
if len(str(x)) > 1:
|
||||||
if input_str != x:
|
data = x
|
||||||
data += input_str
|
|
||||||
if self.vim_flag:
|
|
||||||
match = self.vim_end_pattern.findall(self.vim_data)
|
match = self.vim_end_pattern.findall(self.vim_data)
|
||||||
if match:
|
if match:
|
||||||
if self.vim_end_flag or len(match) == 2:
|
if self.vim_flag or len(match) == 2:
|
||||||
self.vim_flag = False
|
self.vim_flag = False
|
||||||
self.vim_end_flag = False
|
|
||||||
else:
|
|
||||||
self.vim_end_flag = True
|
|
||||||
else:
|
else:
|
||||||
|
self.vim_flag = True
|
||||||
|
elif not self.vim_flag:
|
||||||
|
self.vim_flag = False
|
||||||
data = self.deal_command(data)[0:200]
|
data = self.deal_command(data)[0:200]
|
||||||
if len(data) > 0:
|
if data is not None:
|
||||||
TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save()
|
TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save()
|
||||||
data = ''
|
data = ''
|
||||||
input_str = ''
|
|
||||||
self.vim_data = ''
|
self.vim_data = ''
|
||||||
input_mode = False
|
input_mode = False
|
||||||
|
|
||||||
|
|||||||
@ -42,7 +42,7 @@ def gen_keys(key="", key_path_dir=""):
|
|||||||
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
|
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
|
||||||
private_key = os.path.join(key_path_dir, 'id_rsa')
|
private_key = os.path.join(key_path_dir, 'id_rsa')
|
||||||
public_key = os.path.join(key_path_dir, 'id_rsa.pub')
|
public_key = os.path.join(key_path_dir, 'id_rsa.pub')
|
||||||
mkdir(key_path_dir, mode=0755)
|
mkdir(key_path_dir, mode=755)
|
||||||
if not key:
|
if not key:
|
||||||
key = RSAKey.generate(2048)
|
key = RSAKey.generate(2048)
|
||||||
key.write_private_key_file(private_key)
|
key.write_private_key_file(private_key)
|
||||||
|
|||||||
@ -91,7 +91,7 @@ def get_role_key(user, role):
|
|||||||
"""
|
"""
|
||||||
user_role_key_dir = os.path.join(KEY_DIR, 'user')
|
user_role_key_dir = os.path.join(KEY_DIR, 'user')
|
||||||
user_role_key_path = os.path.join(user_role_key_dir, '%s_%s.pem' % (user.username, role.name))
|
user_role_key_path = os.path.join(user_role_key_dir, '%s_%s.pem' % (user.username, role.name))
|
||||||
mkdir(user_role_key_dir, mode=0777)
|
mkdir(user_role_key_dir, mode=777)
|
||||||
if not os.path.isfile(user_role_key_path):
|
if not os.path.isfile(user_role_key_path):
|
||||||
with open(os.path.join(role.key_path, 'id_rsa')) as fk:
|
with open(os.path.join(role.key_path, 'id_rsa')) as fk:
|
||||||
with open(user_role_key_path, 'w') as fu:
|
with open(user_role_key_path, 'w') as fu:
|
||||||
@ -458,14 +458,13 @@ def bash(cmd):
|
|||||||
return subprocess.call(cmd, shell=True)
|
return subprocess.call(cmd, shell=True)
|
||||||
|
|
||||||
|
|
||||||
def mkdir(dir_name, username='', mode=0755):
|
def mkdir(dir_name, username='', mode=755):
|
||||||
"""
|
"""
|
||||||
insure the dir exist and mode ok
|
insure the dir exist and mode ok
|
||||||
目录存在,如果不存在就建立,并且权限正确
|
目录存在,如果不存在就建立,并且权限正确
|
||||||
"""
|
"""
|
||||||
if not os.path.isdir(dir_name):
|
cmd = '[ ! -d %s ] && mkdir -p %s && chmod %s %s' % (dir_name, dir_name, mode, dir_name)
|
||||||
os.makedirs(dir_name)
|
bash(cmd)
|
||||||
os.chmod(dir_name, mode)
|
|
||||||
if username:
|
if username:
|
||||||
chown(dir_name, username)
|
chown(dir_name, username)
|
||||||
|
|
||||||
@ -486,7 +485,7 @@ def my_render(template, data, request):
|
|||||||
def get_tmp_dir():
|
def get_tmp_dir():
|
||||||
seed = uuid.uuid4().hex[:4]
|
seed = uuid.uuid4().hex[:4]
|
||||||
dir_name = os.path.join('/tmp', '%s-%s' % (datetime.datetime.now().strftime('%Y%m%d-%H%M%S'), seed))
|
dir_name = os.path.join('/tmp', '%s-%s' % (datetime.datetime.now().strftime('%Y%m%d-%H%M%S'), seed))
|
||||||
mkdir(dir_name, mode=0777)
|
mkdir(dir_name, mode=777)
|
||||||
return dir_name
|
return dir_name
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -130,14 +130,14 @@ def gen_ssh_key(username, password='',
|
|||||||
"""
|
"""
|
||||||
logger.debug('生成ssh key, 并设置authorized_keys')
|
logger.debug('生成ssh key, 并设置authorized_keys')
|
||||||
private_key_file = os.path.join(key_dir, username+'.pem')
|
private_key_file = os.path.join(key_dir, username+'.pem')
|
||||||
mkdir(key_dir, mode=0777)
|
mkdir(key_dir, mode=777)
|
||||||
if os.path.isfile(private_key_file):
|
if os.path.isfile(private_key_file):
|
||||||
os.unlink(private_key_file)
|
os.unlink(private_key_file)
|
||||||
ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password))
|
ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password))
|
||||||
|
|
||||||
if authorized_keys:
|
if authorized_keys:
|
||||||
auth_key_dir = os.path.join(home, username, '.ssh')
|
auth_key_dir = os.path.join(home, username, '.ssh')
|
||||||
mkdir(auth_key_dir, username=username, mode=0700)
|
mkdir(auth_key_dir, username=username, mode=700)
|
||||||
authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys')
|
authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys')
|
||||||
with open(private_key_file+'.pub') as pub_f:
|
with open(private_key_file+'.pub') as pub_f:
|
||||||
with open(authorized_key_file, 'w') as auth_f:
|
with open(authorized_key_file, 'w') as auth_f:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user