diff --git a/.gitignore b/.gitignore index 9d00477..4272d22 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -jumpserver \ No newline at end of file +jumpserver +.idea +.idea/ diff --git a/client/jumpcli.go b/client/jumpcli.go index 5677144..cdb0290 100644 --- a/client/jumpcli.go +++ b/client/jumpcli.go @@ -92,7 +92,6 @@ func (t *SSHTerminal) updateTerminalSize() { } termWidth, termHeight = currTermWidth, currTermHeight - } } }() @@ -244,6 +243,7 @@ func main() { fmt.Printf("open database failed! err=%v", err) return } + defer db.Close() // 查询当前用户有访问权限的主机 rows, err := db.Query(fmt.Sprintf("SELECT name, ip, port FROM hosts where isdelete=0 and name in(select hostname from hostuser where username='%s');", userInfo.Username)) @@ -251,6 +251,7 @@ func main() { fmt.Printf("db.Query failed! err=%v", err) return } + defer rows.Close() // ui展示列表 menuLabels := make([]string, 0) @@ -269,8 +270,6 @@ func main() { menuLabels = append(menuLabels, fmt.Sprintf("%s:%s:%d", name, ip, port)) } - rows.Close() - db.Close() // 选项列表 prompt := promptui.Select{ @@ -281,7 +280,6 @@ func main() { for { _, selectLabel, err := prompt.Run() - if err != nil { fmt.Printf("Prompt failed %v\n", err) return diff --git a/server/jumpserver.py b/server/jumpserver.py index 58f58a8..8e0aee0 100644 --- a/server/jumpserver.py +++ b/server/jumpserver.py @@ -43,8 +43,6 @@ gHostUserSql = "create table if not exists hostuser(id integer primary key autoi # 添加跳板机用户脚本 gManagerUserShellFile = "manager_user.sh" -# 添加远程用户脚本 -# gAddLocalUserShellFile = "add_remote_user.sh" # sso应用信息 SSO_APPID = 18 @@ -196,20 +194,23 @@ def checkCookie(request): # return True +# 处理请求前回调 @app.before_request def before_request(): g.isconnect_db = False if request.path != "/sso" and (not checkCookie(request)): return redirect_sso() - + # 连接db并标志 g.db = connect_db() g.isconnect_db = True +# 处理请求后回调 @app.after_request def after_request(response): if g.isconnect_db: g.db.close() + # g会被释放掉 return response @@ -219,6 +220,7 @@ def sso(): return do_sso(request) +# 处理sso回调 def do_sso(request): if request.method == "GET": sso_uid = int(request.args.get('sso_uid')) @@ -231,6 +233,7 @@ def do_sso(request): gSsoManager[sso_uid] = { "sso_uid": sso_uid, "sso_token": sso_token, "update_time": int(time.time())} + # 取出参数 params = urlparse.urlparse(request.url).query return redirect(gUrl + "?" + params) @@ -391,12 +394,14 @@ def do_del_user(request): def do_modify_user(request): if request.method == "GET": username = request.args.get('username') + password = request.args.get('password') sudo = int(request.args.get('sudo')) desc = request.args.get('desc') elif request.method == "POST": - username = request.form["username"] - sudo = int(request.form["sudo"]) - desc = request.form["desc"] + username = request.form.get("username") + password = request.form.get("username") + sudo = int(request.form.get("sudo")) + desc = request.form.get("desc") else: return "invalid request for user" @@ -429,6 +434,16 @@ def do_modify_user(request): (opParam, username, output)) return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output) + if len(password) > 0: + # 修改用户密码 + opParam = "passwd" + status, output = exec_command_output( + "sudo sh manager_user.sh %s %s" % (opParam, username)) + if status != 0: + print("%s user user(%s) failed! => output=%s" % + (opParam, username, output)) + return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output) + if desc != user_desc: change = True @@ -596,13 +611,15 @@ def do_host_modifyuser(request): if request.method == "GET": hostname = request.args.get('hostname') username = request.args.get('username') + password = request.args.get('password') sudo = int(request.args.get('sudo')) desc = request.args.get('desc') elif request.method == "POST": - hostname = request.form["hostname"] + hostname = request.form.get("hostname") username = request.form["username"] - sudo = int(request.form["username"]) - desc = request.form["desc"] + password = request.form.get("password") + sudo = int(request.form.get("username")) + desc = request.form.get("desc") else: return "invalid request for add user to host" @@ -618,22 +635,20 @@ def do_host_modifyuser(request): user_desc = hostuser[1] change = False opParam = "sudo" - if sudo == 0: opParam = "unsudo" + # 检查 + hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone() + if hostips == None: + print("host(%s) not exitst on hosts" % hostname) + return "host(%s) not exitst on hosts" % hostname + hostip = hostips[0] + hostport = int(hostips[1]) + if sudo != user_sudo: change = True - # 检查 - hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone() - if hostips == None: - print("host(%s) not exitst on hosts" % hostname) - return "host(%s) not exitst on hosts" % hostname - - hostip = hostips[0] - hostport = int(hostips[1]) - # 主机上修改sudo status, output = exec_command_output( "ssh %s@%s -p%d sudo sh .manager_user.sh %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username)) @@ -642,6 +657,16 @@ def do_host_modifyuser(request): (opParam, hostname, username, output)) return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output) + if len(password) > 0: + # 主机上修改密码 + opParam = "passwd" + status, output = exec_command_output( + "ssh %s@%s -p%d sudo sh .manager_user.sh %s %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username, password)) + if status != 0: + print("remote %s user host(%s) user(%s) failed! => output=%s" % + (opParam, hostname, username, output)) + return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output) + if desc != user_desc: change = True @@ -651,9 +676,9 @@ def do_host_modifyuser(request): sudo, desc, hostname, username)) g.db.commit() - print("host remote =>> %s user:%s from host:%s successful [output: %s]" % ( - opParam, username, hostname, output)) - return "host remote =>> %s user:%s from host:%s successful [output: %s]" % (opParam, username, hostname, output) + print("host remote =>> modify user:%s from host:%s successful [output: %s]" % ( + username, hostname, output)) + return "host remote =>> modify user:%s from host:%s successful [output: %s]" % (username, hostname, output) # 获取用户所有的主机列表 diff --git a/server/manager_user.sh b/server/manager_user.sh index 77dc4ea..0e5f7da 100644 --- a/server/manager_user.sh +++ b/server/manager_user.sh @@ -6,7 +6,7 @@ # @date 2020-03-25 # ------------------------------------- -cmdOp=$1 # 操作码 add del sudo unsudo +cmdOp=$1 # 操作码 add del passwd sudo unsudo cmdName=$2 # 用户名 cmdPassword=$3 # 密码 cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥 @@ -90,6 +90,20 @@ del_user() { fi } +# 修改密码 +change_password() { + # 判断用户是否存在 + grep "^$cmdName" $SYSPASSWD >& /dev/null + if [ $? -eq 0 ] && [ "$cmdPassword" ]; then + echo $cmdPassword| passwd $cmdName --stdin &>/dev/null + if [ $? -eq 0 ];then + echo "${cmdName}'s password is set successful" + else + echo "${cmdName}'s password is set failed" + fi + fi +} + # 添加sudo权限 sudo_user() { grep "^$cmdName:" $SYSPASSWD >& /dev/null @@ -130,6 +144,14 @@ del) del_user ;; +passwd) + if [ -z $cmdName ]; then + echo "del_user invalid params" + exit 1 + fi + + change_password + ;; sudo) if [ -z $cmdName ]; then echo "sudo_user invalid params"