feat: Update v3.10.9

v3.10.9 (dev to master)

Dockerfile-ce

@@ -87,6 +87,7 @@ ARG TOOLS="                           \
         default-mysql-client          \
         iputils-ping                  \
         locales                       \
+        netcat-openbsd                \
         nmap                          \
         openssh-client                \
         patch                         \

GITSHA

@@ -0,0 +1 @@
+4f287925f33da98c3f3a9b42dc7eacd2f990ad53

apps/assets/serializers/asset/info/spec.py

@@ -22,6 +22,36 @@ class WebSpecSerializer(serializers.ModelSerializer):
             'submit_selector', 'script'
         ]
 
+    def get_fields(self):
+        fields = super().get_fields()
+        if self.is_retrieve():
+            # 查看 Web 资产详情时
+            self.pop_fields_if_need(fields)
+        return fields
+    
+    def is_retrieve(self):
+        try:
+            self.context.get('request').method and self.parent.instance.web
+            return True
+        except Exception:
+            return False
+
+    def pop_fields_if_need(self, fields):
+        fields_script = ['script']
+        fields_basic = ['username_selector', 'password_selector', 'submit_selector']
+        autofill = self.parent.instance.web.autofill
+        pop_fields_mapper = {
+            FillType.no: fields_script + fields_basic,
+            FillType.basic: fields_script,
+            FillType.script: fields_basic,
+        }
+        fields_pop = pop_fields_mapper.get(autofill, [])
+        for f in fields_pop:
+            fields.pop(f, None)
+        return fields
+
+
+
 
 category_spec_serializer_map = {
     'database': DatabaseSpecSerializer,

apps/authentication/api/mfa.py

@@ -50,7 +50,10 @@ class MFASendCodeApi(AuthMixin, CreateAPIView):
         mfa_type = serializer.validated_data['type']
 
         if not username:
-            user = self.get_user_from_session()
+            try:
+                user = self.get_user_from_session()
+            except errors.SessionEmptyError as e:
+                raise ValidationError({'error': e})
         else:
             user = self.get_user_from_db(username)
 

apps/jumpserver/conf.py

@@ -617,9 +617,9 @@ class Config(dict):
         'TICKET_APPLY_ASSET_SCOPE': 'all',
 
         # Ansible Receptor
-        'ANSIBLE_RECEPTOR_ENABLED': True,
+        'RECEPTOR_ENABLED': False,
         'ANSIBLE_RECEPTOR_GATEWAY_PROXY_HOST': 'jms_celery',
-        'ANSIBLE_RECEPTOR_TCP_LISTEN_ADDRESS': 'jms_receptor:7521'
+        'ANSIBLE_RECEPTOR_TCP_LISTEN_ADDRESS': 'receptor:7521'
 
     }
 

apps/jumpserver/const.py

@@ -8,7 +8,7 @@ __all__ = ['BASE_DIR', 'PROJECT_DIR', 'VERSION', 'CONFIG']
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 PROJECT_DIR = os.path.dirname(BASE_DIR)
-VERSION = '2.0.0'
+VERSION = 'v3.10.9'
 CONFIG = ConfigManager.load_user_config()
 
 

apps/jumpserver/settings/custom.py

@@ -232,6 +232,6 @@ FILE_UPLOAD_SIZE_LIMIT_MB = CONFIG.FILE_UPLOAD_SIZE_LIMIT_MB
 TICKET_APPLY_ASSET_SCOPE = CONFIG.TICKET_APPLY_ASSET_SCOPE
 
 # Ansible Receptor
-ANSIBLE_RECEPTOR_ENABLED = CONFIG.ANSIBLE_RECEPTOR_ENABLED
+RECEPTOR_ENABLED = CONFIG.RECEPTOR_ENABLED
 ANSIBLE_RECEPTOR_GATEWAY_PROXY_HOST = CONFIG.ANSIBLE_RECEPTOR_GATEWAY_PROXY_HOST
 ANSIBLE_RECEPTOR_TCP_LISTEN_ADDRESS = CONFIG.ANSIBLE_RECEPTOR_TCP_LISTEN_ADDRESS

apps/ops/ansible/interface.py

@@ -15,7 +15,7 @@ class _LazyRunnerInterface(LazyObject):
     @staticmethod
     def make_interface():
         runner_type = AnsibleReceptorRunner \
-            if settings.ANSIBLE_RECEPTOR_ENABLED else AnsibleNativeRunner
+            if settings.RECEPTOR_ENABLED else AnsibleNativeRunner
         gateway_host = settings.ANSIBLE_RECEPTOR_GATEWAY_PROXY_HOST \
             if settings.ANSIBLE_RECEPTOR_GATEWAY_PROXY_HOST else '127.0.0.1'
         return RunnerInterface(runner_type=runner_type, gateway_proxy_host=gateway_host)

apps/ops/ansible/runner.py

@@ -14,8 +14,10 @@ __all__ = ['AdHocRunner', 'PlaybookRunner', 'SuperPlaybookRunner', 'UploadFileRu
 
 class AdHocRunner:
     cmd_modules_choices = ('shell', 'raw', 'command', 'script', 'win_shell')
+    need_local_connection_modules_choices = ("mysql", "postgresql", "sqlserver", "huawei")
 
-    def __init__(self, inventory, module, module_args='', pattern='*', project_dir='/tmp/', extra_vars=None,
+    def __init__(self, inventory, job_module, module, module_args='', pattern='*', project_dir='/tmp/',
+                 extra_vars=None,
                  dry_run=False, timeout=-1):
         if extra_vars is None:
             extra_vars = {}
@@ -23,6 +25,7 @@ class AdHocRunner:
         self.inventory = inventory
         self.pattern = pattern
         self.module = module
+        self.job_module = job_module
         self.module_args = module_args
         self.project_dir = project_dir
         self.cb = DefaultCallback()
@@ -30,8 +33,7 @@ class AdHocRunner:
         self.extra_vars = extra_vars
         self.dry_run = dry_run
         self.timeout = timeout
-        # enable local connection
-        self.extra_vars.update({"LOCAL_CONNECTION_ENABLED": "1"})
+        self.envs = {}
 
     def check_module(self):
         if self.module not in self.cmd_modules_choices:
@@ -40,8 +42,13 @@ class AdHocRunner:
             raise CommandInBlackListException(
                 "Command is rejected by black list: {}".format(self.module_args.split()[0]))
 
+    def set_local_connection(self):
+        if self.job_module in self.need_local_connection_modules_choices:
+            self.envs.update({"LOCAL_CONNECTION_ENABLED": "1"})
+
     def run(self, verbosity=0, **kwargs):
         self.check_module()
+        self.set_local_connection()
         verbosity = get_ansible_log_verbosity(verbosity)
 
         if not os.path.exists(self.project_dir):
@@ -53,6 +60,7 @@ class AdHocRunner:
         interface.run(
             timeout=self.timeout if self.timeout > 0 else None,
             extravars=self.extra_vars,
+            envvars=self.envs,
             host_pattern=self.pattern,
             private_data_dir=self.project_dir,
             inventory=self.inventory,

apps/ops/models/job.py

@@ -67,6 +67,7 @@ class JMSPermedInventory(JMSInventory):
 
         protocol_supported_modules_mapping = {
             'mysql': ['mysql'],
+            'mariadb': ['mysql'],
             'postgresql': ['postgresql'],
             'sqlserver': ['sqlserver'],
             'ssh': ['shell', 'python', 'win_shell', 'raw', 'huawei'],
@@ -77,7 +78,7 @@ class JMSPermedInventory(JMSInventory):
             host['error'] = "Module {} is not suitable for this asset".format(self.module)
             return host
 
-        if protocol.name in ('mysql', 'postgresql', 'sqlserver'):
+        if protocol.name in ('mariadb', 'mysql', 'postgresql', 'sqlserver'):
             host['login_host'] = asset.address
             host['login_port'] = protocol.port
             host['login_user'] = account.username
@@ -333,6 +334,7 @@ class JobExecution(JMSOrgBaseModel):
 
             runner = AdHocRunner(
                 self.inventory_path,
+                self.job.module,
                 module,
                 timeout=self.current_job.timeout,
                 module_args=args,

apps/templates/_mfa_login_field.html

@@ -120,7 +120,7 @@
 
         function onError (responseText, responseJson, status) {
             setTimeout(function () {
-                toastr.error(responseJson.detail);
+                toastr.error(responseJson.detail || responseJson.error);
             });
         };
 

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "jumpserver"
-version = "v3.9"
+version = "v3.10.9"
 description = "广受欢迎的开源堡垒机"
 authors = ["ibuler <ibuler@qq.com>"]
 license = "GPLv3"

receptor

@@ -75,7 +75,6 @@ class ReceptorService:
                 print("\n- PID file is corrupted, starting Receptor...")
                 os.remove(self.pid_file)
 
-        os.environ.update({'LOCAL_CONNECTION_ENABLED': '1'})
         os.environ.setdefault('ANSIBLE_LIBRARY', DEFAULT_ANSIBLE_MODULES_DIR)
         os.environ.update({'PYTHONPATH': APPS_DIR})
         process = subprocess.Popen(self.receptor_command)