优化jumpcli defer、修改用户密码

.gitignore

@@ -1 +1,3 @@
-jumpserver
+jumpserver
+.idea
+.idea/

client/jumpcli.go

@@ -92,7 +92,6 @@ func (t *SSHTerminal) updateTerminalSize() {
 				}
 
 				termWidth, termHeight = currTermWidth, currTermHeight
-
 			}
 		}
 	}()
@@ -244,6 +243,7 @@ func main() {
 		fmt.Printf("open database failed! err=%v", err)
 		return
 	}
+	defer db.Close()
 
 	// 查询当前用户有访问权限的主机
 	rows, err := db.Query(fmt.Sprintf("SELECT name, ip, port FROM hosts where isdelete=0 and name in(select hostname from hostuser where username='%s');", userInfo.Username))
@@ -251,6 +251,7 @@ func main() {
 		fmt.Printf("db.Query failed! err=%v", err)
 		return
 	}
+	defer rows.Close()
 
 	// ui展示列表
 	menuLabels := make([]string, 0)
@@ -269,8 +270,6 @@ func main() {
 
 		menuLabels = append(menuLabels, fmt.Sprintf("%s:%s:%d", name, ip, port))
 	}
-	rows.Close()
-	db.Close()
 
 	// 选项列表
 	prompt := promptui.Select{
@@ -281,7 +280,6 @@ func main() {
 
 	for {
 		_, selectLabel, err := prompt.Run()
-
 		if err != nil {
 			fmt.Printf("Prompt failed %v\n", err)
 			return

server/jumpserver.py

@@ -43,8 +43,6 @@ gHostUserSql = "create table if not exists hostuser(id integer primary key autoi
 
 # 添加跳板机用户脚本
 gManagerUserShellFile = "manager_user.sh"
-# 添加远程用户脚本
-# gAddLocalUserShellFile = "add_remote_user.sh"
 
 # sso应用信息
 SSO_APPID = 18
@@ -196,20 +194,23 @@ def checkCookie(request):
     # return True
 
 
+# 处理请求前回调
 @app.before_request
 def before_request():
     g.isconnect_db = False
     if request.path != "/sso" and (not checkCookie(request)):
         return redirect_sso()
-
+    # 连接db并标志
     g.db = connect_db()
     g.isconnect_db = True
  
 
+# 处理请求后回调
 @app.after_request
 def after_request(response):
     if g.isconnect_db:
         g.db.close()
+    # g会被释放掉
     return response
 
 
@@ -219,6 +220,7 @@ def sso():
     return do_sso(request)
 
 
+# 处理sso回调
 def do_sso(request):
     if request.method == "GET":
         sso_uid = int(request.args.get('sso_uid'))
@@ -231,6 +233,7 @@ def do_sso(request):
     gSsoManager[sso_uid] = {
         "sso_uid": sso_uid, "sso_token": sso_token, "update_time": int(time.time())}
 
+    # 取出参数
     params = urlparse.urlparse(request.url).query
     return redirect(gUrl + "?" + params)
 
@@ -391,12 +394,14 @@ def do_del_user(request):
 def do_modify_user(request):
     if request.method == "GET":
         username = request.args.get('username')
+        password = request.args.get('password') or ""
         sudo = int(request.args.get('sudo'))
         desc = request.args.get('desc')
     elif request.method == "POST":
-        username = request.form["username"]
-        sudo = int(request.form["sudo"])
-        desc = request.form["desc"]
+        username = request.form.get("username")
+        password = request.form.get("password") or ""
+        sudo = int(request.form.get("sudo"))
+        desc = request.form.get("desc")
     else:
         return "invalid request for user"
 
@@ -429,6 +434,16 @@ def do_modify_user(request):
                   (opParam, username, output))
             return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output)
 
+    if len(password) > 0:
+        # 修改用户密码
+        opParam = "passwd"
+        status, output = exec_command_output(
+            "sudo sh manager_user.sh %s %s" % (opParam, username))
+        if status != 0:
+            print("%s user user(%s) failed! => output=%s" %
+                  (opParam, username, output))
+            return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output)
+
     if desc != user_desc:
         change = True
 
@@ -596,13 +611,15 @@ def do_host_modifyuser(request):
     if request.method == "GET":
         hostname = request.args.get('hostname')
         username = request.args.get('username')
+        password = request.args.get('password') or ""
         sudo = int(request.args.get('sudo'))
         desc = request.args.get('desc')
     elif request.method == "POST":
-        hostname = request.form["hostname"]
+        hostname = request.form.get("hostname")
         username = request.form["username"]
-        sudo = int(request.form["username"])
-        desc = request.form["desc"]
+        password = request.form.get("password") or ""
+        sudo = int(request.form.get("username"))
+        desc = request.form.get("desc")
     else:
         return "invalid request for add user to host"
 
@@ -618,22 +635,20 @@ def do_host_modifyuser(request):
     user_desc = hostuser[1]
     change = False
     opParam = "sudo"
-
     if sudo == 0:
         opParam = "unsudo"
 
+    # 检查
+    hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone()
+    if hostips == None:
+        print("host(%s) not exitst on hosts" % hostname)
+        return "host(%s) not exitst on hosts" % hostname
+    hostip = hostips[0]
+    hostport = int(hostips[1])
+
     if sudo != user_sudo:
         change = True
 
-        # 检查
-        hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone()
-        if hostips == None:
-            print("host(%s) not exitst on hosts" % hostname)
-            return "host(%s) not exitst on hosts" % hostname
-
-        hostip = hostips[0]
-        hostport = int(hostips[1])
-
         # 主机上修改sudo
         status, output = exec_command_output(
             "ssh %s@%s -p%d sudo sh .manager_user.sh %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username))
@@ -642,6 +657,16 @@ def do_host_modifyuser(request):
                   (opParam, hostname, username, output))
             return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output)
 
+    if len(password) > 0:
+        # 主机上修改密码
+        opParam = "passwd"
+        status, output = exec_command_output(
+            "ssh %s@%s -p%d sudo sh .manager_user.sh %s %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username, password))
+        if status != 0:
+            print("remote %s user host(%s) user(%s) failed! => output=%s" %
+                  (opParam, hostname, username, output))
+            return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output)
+
     if desc != user_desc:
         change = True
 
@@ -651,9 +676,9 @@ def do_host_modifyuser(request):
             sudo, desc, hostname, username))
         g.db.commit()
 
-    print("host remote =>> %s user:%s from host:%s successful [output: %s]" % (
-        opParam, username, hostname, output))
-    return "host remote =>> %s user:%s from host:%s successful [output: %s]" % (opParam, username, hostname, output)
+    print("host remote =>> modify user:%s from host:%s successful [output: %s]" % (
+        username, hostname, output))
+    return "host remote =>> modify user:%s from host:%s successful [output: %s]" % (username, hostname, output)
 
 
 # 获取用户所有的主机列表

server/manager_user.sh

@@ -6,7 +6,7 @@
 # @date  2020-03-25
 # -------------------------------------
 
-cmdOp=$1             # 操作码 add del sudo unsudo
+cmdOp=$1             # 操作码 add del passwd sudo unsudo
 cmdName=$2           # 用户名
 cmdPassword=$3       # 密码
 cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥
@@ -90,6 +90,20 @@ del_user() {
    fi
 }
 
+# 修改密码
+change_password() {
+   # 判断用户是否存在
+   grep "^$cmdName" $SYSPASSWD >& /dev/null
+   if [ $? -eq 0 ] && [ "$cmdPassword" ]; then
+      echo $cmdPassword| passwd $cmdName --stdin &>/dev/null
+      if [ $? -eq 0 ];then
+         echo "${cmdName}'s password is set successful"
+      else
+         echo "${cmdName}'s password is set failed"
+      fi
+   fi
+}
+
 # 添加sudo权限
 sudo_user() {
    grep "^$cmdName:" $SYSPASSWD >& /dev/null
@@ -130,6 +144,14 @@ del)
 
    del_user
    ;;
+passwd)
+    if [ -z $cmdName ]; then
+      echo "del_user invalid params"
+      exit 1
+    fi
+
+    change_password
+    ;;
 sudo)
    if [ -z $cmdName ]; then
       echo "sudo_user invalid params"

server/proto.md

@@ -57,6 +57,7 @@ Resp:
 Param：
 
 - username
+- password(可选)
 - sudo
 - desc
 
@@ -136,6 +137,7 @@ Param:
 
 - hostname
 - username
+- password(可选)
 - sudo
 - desc