diff --git a/connect.py b/connect.py index dbd0c3e06..49cdb4fec 100644 --- a/connect.py +++ b/connect.py @@ -78,6 +78,7 @@ class Tty(object): self.asset_name = asset.hostname self.ip = None self.port = 22 + self.ssh = None self.channel = None self.asset = asset self.user = user @@ -300,8 +301,7 @@ class Tty(object): username=connect_info.get('role_name'), password=connect_info.get('role_pass'), key_filename=role_key, - look_for_keys=False, - allow_agent=False) + look_for_keys=False) return ssh except (paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException): logger.warning(u'使用ssh key %s 失败, 尝试只使用密码' % role_key) @@ -319,6 +319,7 @@ class Tty(object): except socket.error: raise ServerError('端口可能不对 Connect SSH Socket Port Error, Please Correct it.') else: + self.ssh = ssh return ssh diff --git a/jperm/views.py b/jperm/views.py index feaeada44..356be2f95 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -144,25 +144,17 @@ def perm_rule_edit(request): # 根据rule_id 取得rule对象 rule_id = request.GET.get("id") - rule = PermRule.objects.get(id=rule_id) + rule = get_object(PermRule, id=rule_id) - if request.method == 'GET' and rule_id: - # 渲染数据, 获取所选的rule对象 - rule_comment = rule.comment - users_select = rule.user.all() - user_groups_select = rule.user_group.all() - assets_select = rule.asset.all() - asset_groups_select = rule.asset_group.all() - roles_select = rule.role.all() + # 渲染数据, 获取所选的rule对象 - users = User.objects.all() - user_groups = UserGroup.objects.all() - assets = Asset.objects.all() - asset_groups = AssetGroup.objects.all() - roles = PermRole.objects.all() - return my_render('jperm/perm_rule_edit.html', locals(), request) + users = User.objects.all() + user_groups = UserGroup.objects.all() + assets = Asset.objects.all() + asset_groups = AssetGroup.objects.all() + roles = PermRole.objects.all() - elif request.method == 'POST' and rule_id: + if request.method == 'POST' and rule_id: # 获取用户选择的 用户,用户组,资产,资产组,用户角色 rule_name = request.POST.get('rule_name') rule_comment = request.POST.get("rule_comment") @@ -174,8 +166,10 @@ def perm_rule_edit(request): assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] - # group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]] - # calc_assets = set(group_assets_obj) | set(assets_obj) + group_assets_obj = [] + for asset_group in asset_groups_obj: + group_assets_obj.extend(list(asset_group.asset_set.all())) + calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产 # 获取需要授权的用户列表 users_obj = [User.objects.get(id=user_id) for user_id in users_select] @@ -185,20 +179,30 @@ def perm_rule_edit(request): # 获取授予的角色列表 roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select] + need_push_asset = set() + try: + for role in roles_obj: + asset_no_push = get_role_push_host(role=role)[0] # 获取某角色已经推送的资产 + need_push_asset.update(set(calc_assets) - set(asset_no_push)) + if need_push_asset: + raise ServerError(u'没有推送角色 %s 的主机 %s' + % (role.name, ','.join([asset.hostname for asset in need_push_asset]))) - # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) - rule.user = users_obj - rule.user_group = user_groups_obj - rule.asset = assets_obj - rule.asset_group = asset_groups_obj - rule.role = roles_obj - rule.name = rule_name - rule.comment = rule.comment - rule.save() + # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) + rule.user = users_obj + rule.user_group = user_groups_obj + rule.asset = assets_obj + rule.asset_group = asset_groups_obj + rule.role = roles_obj + rule.name = rule_name + rule.comment = rule.comment + rule.save() + msg = u"更新授权规则:%s成功" % rule.name - msg = u"更新授权规则:%s" % rule.name + except ServerError, e: + error = e - return HttpResponseRedirect('/jperm/rule/') + return my_render('jperm/perm_rule_edit.html', locals(), request) @require_role('admin') diff --git a/run_websocket.py b/run_websocket.py index e32efa0ad..f80df243b 100644 --- a/run_websocket.py +++ b/run_websocket.py @@ -296,6 +296,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): self.log = None self.id = 0 self.user = None + self.ssh = None + self.channel = None super(WebTerminalHandler, self).__init__(*args, **kwargs) def check_origin(self, origin): @@ -310,7 +312,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): if asset: roles = user_have_perm(self.user, asset) logger.debug(roles) - logger.debug('rolename: %s' % role_name) + logger.debug('角色: %s' % role_name) login_role = '' for role in roles: if role.name == role_name: @@ -329,8 +331,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): login_role.name)) self.term = WebTty(self.user, asset, login_role, login_type='web') self.term.remote_ip = self.request.remote_ip - ssh = self.term.get_connection() - self.term.channel = ssh.invoke_shell(term='xterm') + self.ssh = self.term.get_connection() + self.channel = self.ssh.invoke_shell(term='xterm') WebTerminalHandler.tasks.append(MyThread(target=self.forward_outbound)) WebTerminalHandler.clients.append(self) @@ -363,7 +365,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): self.term.vim_data = '' self.term.data = '' self.term.input_mode = False - self.term.channel.send(data['data']) + self.channel.send(data['data']) def on_close(self): logger.debug('Websocket: Close request') @@ -386,9 +388,9 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): data = '' pre_timestamp = time.time() while True: - r, w, e = select.select([self.term.channel, sys.stdin], [], []) - if self.term.channel in r: - recv = self.term.channel.recv(1024) + r, w, e = select.select([self.channel, sys.stdin], [], []) + if self.channel in r: + recv = self.channel.recv(1024) if not len(recv): return data += recv @@ -407,8 +409,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): data = '' except UnicodeDecodeError: pass - finally: - self.close() + except IndexError: + pass if __name__ == '__main__': tornado.options.parse_command_line() diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index 834a599f6..f3035b097 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -231,6 +231,7 @@ var dataArray = data.split(','); if (dataArray.length == 1 && data != 'error'){ var title = 'Jumpserver Web Terminal' + ' '+ hostname +''; + console.log(new_url+data); layer.open({ type: 2, title: title, diff --git a/templates/jperm/perm_role_list.html b/templates/jperm/perm_role_list.html index 3d799a808..ecfae06e5 100644 --- a/templates/jperm/perm_role_list.html +++ b/templates/jperm/perm_role_list.html @@ -50,19 +50,16 @@ 名称 sudo别名 创建时间 - 备注 操作 {% for role in roles %} - {{ role.name }} + {{ role.name }} {{ role | role_contain_which_sudos }} {{ role.date_added | date:"Y-m-d H:i:s"}} - {{ role.comment }} - 详情 编辑 推送 diff --git a/templates/jperm/perm_rule_edit.html b/templates/jperm/perm_rule_edit.html index 4792787fe..ba3765e4f 100644 --- a/templates/jperm/perm_rule_edit.html +++ b/templates/jperm/perm_rule_edit.html @@ -36,7 +36,7 @@
- +
@@ -45,7 +45,7 @@
用户和用户组必选一个 @@ -56,7 +56,7 @@
@@ -67,7 +67,7 @@
资产和资产组必选一个 @@ -78,7 +78,7 @@
@@ -86,10 +86,10 @@
-
+
@@ -99,7 +99,7 @@
- +
diff --git a/templates/nav.html b/templates/nav.html index 90685c858..b48dc3645 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -24,7 +24,7 @@
  • 授权管理