github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-29 08:37:06 +00:00
Code Issues Projects Releases Wiki Activity
Files
44c69ded78204ac6d63ea285c6a05974b7aca3b6
jumpserver/juser/user_api.py
ibuler 44c69ded78 干掉ldap前
2015-08-30 14:03:10 +08:00

219 lines
6.6 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# coding: utf-8
from Crypto.PublicKey import RSA
from juser.models import AdminGroup
from jumpserver.api import *
def group_add_user(group, user_id=None, username=None):
"""
用户组中添加用户
UserGroup Add a user
"""
if user_id:
user = get_object(User, id=user_id)
else:
user = get_object(User, username=username)
if user:
group.user_set.add(user)
def db_add_group(**kwargs):
"""
add a user group in database
数据库中添加用户组
"""
name = kwargs.get('name')
group = get_object(UserGroup, name=name)
users = kwargs.pop('users_id')
if not group:
group = UserGroup(**kwargs)
group.save()
for user_id in users:
group_add_user(group, user_id)
def group_update_member(group_id, users_id_list):
"""
user group update member
用户组更新成员
"""
group = get_object(UserGroup, id=group_id)
if group:
group.user_set.clear()
for user_id in users_id_list:
user = get_object(UserGroup, id=user_id)
if isinstance(user, UserGroup):
group.user_set.add(user)
def db_add_user(**kwargs):
"""
add a user in database
数据库中添加用户
"""
groups_post = kwargs.pop('groups')
admin_groups = kwargs.pop('admin_groups')
role = kwargs.get('role', 'CU')
user = User(**kwargs)
user.save()
if groups_post:
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.group = group_select
if admin_groups and role == 'GA': # 如果是组管理员就要添加组管理员和组到管理组中
for group_id in admin_groups:
group = get_object(UserGroup, id=group_id)
if group:
AdminGroup(user=user, group=group).save()
return user
def db_update_user(**kwargs):
"""
update a user info in database
数据库更新用户信息
"""
groups_post = kwargs.pop('groups')
user_id = kwargs.pop('user_id')
user = User.objects.filter(id=user_id)
if user:
user.update(**kwargs)
user = User.objects.get(id=user_id)
user.save()
if groups_post:
group_select = []
for group_id in groups_post:
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.group = group_select
def db_del_user(username):
"""
delete a user from database
从数据库中删除用户
"""
try:
user = User.objects.get(username=username)
user.delete()
except ObjectDoesNotExist:
pass
def gen_ssh_key(username, password=None, length=2048):
"""
generate a user ssh key in a property dir
生成一个用户ssh密钥对
"""
print "gen_ssh_key" + str(time.time())
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username+".pem")
public_key_dir = '/home/%s/.ssh/' % username
public_key_file = os.path.join(public_key_dir, 'authorized_keys')
is_dir(private_key_dir)
is_dir(public_key_dir, username, mode=0700)
key = RSA.generate(length)
with open(private_key_file, 'w') as pri_f:
pri_f.write(key.exportKey('PEM', password))
os.chmod(private_key_file, 0600)
print "gen_ssh_pub_key" + str(time.time())
pub_key = key.publickey()
with open(public_key_file, 'w') as pub_f:
pub_f.write(pub_key.exportKey('OpenSSH'))
os.chmod(public_key_file, 0600)
bash('chown %s:%s %s' % (username, username, public_key_file))
print "gen_ssh_key_end" + str(time.time())
def server_add_user(username, password, ssh_key_pwd):
"""
add a system user in jumpserver
在jumpserver服务器上添加一个用户
"""
bash("useradd '%s'; echo '%s' | passwd --stdin '%s'" % (username, password, username))
gen_ssh_key(username, ssh_key_pwd)
def user_add_mail(user, kwargs):
"""
add user send mail
发送用户添加邮件
"""
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name
mail_msg = u"""
Hi, %s
您的用户名: %s
您的角色: %s
您的web登录密码 %s
您的ssh密钥文件密码 %s
密钥下载地址: http://%s:%s/juser/down_key/?id=%s
说明: 请登陆后再下载密钥!
""" % (user.name, user.username, user_role.get(user.role, u'普通用户'),
kwargs.get('password'), kwargs.get('ssh_key_pwd'), SEND_IP, SEND_PORT, user.id)
send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False)
def server_del_user(username):
"""
delete a user from jumpserver linux system
删除系统上的某用户
"""
bash('userdel -r %s' % username)
def ldap_add_user(username, ldap_pwd):
"""
add a user in ldap database
在LDAP中添加用户
"""
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd)
user = get_object(User, username=username)
if not user:
raise ServerError(u'用户 %s 不存在' % username)
user_attr = {'uid': [str(username)],
'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(user.id)],
'gidNumber': [str(user.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
group_attr = {'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
def ldap_del_user(username):
"""
delete a user in ldap database
在ldap中删除某用户
"""
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
Reference in New Issue View Git Blame Copy Permalink