Browse Source

优化jumpcli defer、修改用户密码

牛批的一批 5 years ago
parent
commit
a3f3e7687c
  1. 4
      .gitignore
  2. 6
      client/jumpcli.go
  3. 69
      server/jumpserver.py
  4. 24
      server/manager_user.sh

4
.gitignore

@ -1 +1,3 @@
jumpserver
jumpserver
.idea
.idea/

6
client/jumpcli.go

@ -92,7 +92,6 @@ func (t *SSHTerminal) updateTerminalSize() {
}
termWidth, termHeight = currTermWidth, currTermHeight
}
}
}()
@ -244,6 +243,7 @@ func main() {
fmt.Printf("open database failed! err=%v", err)
return
}
defer db.Close()
// 查询当前用户有访问权限的主机
rows, err := db.Query(fmt.Sprintf("SELECT name, ip, port FROM hosts where isdelete=0 and name in(select hostname from hostuser where username='%s');", userInfo.Username))
@ -251,6 +251,7 @@ func main() {
fmt.Printf("db.Query failed! err=%v", err)
return
}
defer rows.Close()
// ui展示列表
menuLabels := make([]string, 0)
@ -269,8 +270,6 @@ func main() {
menuLabels = append(menuLabels, fmt.Sprintf("%s:%s:%d", name, ip, port))
}
rows.Close()
db.Close()
// 选项列表
prompt := promptui.Select{
@ -281,7 +280,6 @@ func main() {
for {
_, selectLabel, err := prompt.Run()
if err != nil {
fmt.Printf("Prompt failed %v\n", err)
return

69
server/jumpserver.py

@ -43,8 +43,6 @@ gHostUserSql = "create table if not exists hostuser(id integer primary key autoi
# 添加跳板机用户脚本
gManagerUserShellFile = "manager_user.sh"
# 添加远程用户脚本
# gAddLocalUserShellFile = "add_remote_user.sh"
# sso应用信息
SSO_APPID = 18
@ -196,20 +194,23 @@ def checkCookie(request):
# return True
# 处理请求前回调
@app.before_request
def before_request():
g.isconnect_db = False
if request.path != "/sso" and (not checkCookie(request)):
return redirect_sso()
# 连接db并标志
g.db = connect_db()
g.isconnect_db = True
# 处理请求后回调
@app.after_request
def after_request(response):
if g.isconnect_db:
g.db.close()
# g会被释放掉
return response
@ -219,6 +220,7 @@ def sso():
return do_sso(request)
# 处理sso回调
def do_sso(request):
if request.method == "GET":
sso_uid = int(request.args.get('sso_uid'))
@ -231,6 +233,7 @@ def do_sso(request):
gSsoManager[sso_uid] = {
"sso_uid": sso_uid, "sso_token": sso_token, "update_time": int(time.time())}
# 取出参数
params = urlparse.urlparse(request.url).query
return redirect(gUrl + "?" + params)
@ -391,12 +394,14 @@ def do_del_user(request):
def do_modify_user(request):
if request.method == "GET":
username = request.args.get('username')
password = request.args.get('password')
sudo = int(request.args.get('sudo'))
desc = request.args.get('desc')
elif request.method == "POST":
username = request.form["username"]
sudo = int(request.form["sudo"])
desc = request.form["desc"]
username = request.form.get("username")
password = request.form.get("username")
sudo = int(request.form.get("sudo"))
desc = request.form.get("desc")
else:
return "invalid request for user"
@ -429,6 +434,16 @@ def do_modify_user(request):
(opParam, username, output))
return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output)
if len(password) > 0:
# 修改用户密码
opParam = "passwd"
status, output = exec_command_output(
"sudo sh manager_user.sh %s %s" % (opParam, username))
if status != 0:
print("%s user user(%s) failed! => output=%s" %
(opParam, username, output))
return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output)
if desc != user_desc:
change = True
@ -596,13 +611,15 @@ def do_host_modifyuser(request):
if request.method == "GET":
hostname = request.args.get('hostname')
username = request.args.get('username')
password = request.args.get('password')
sudo = int(request.args.get('sudo'))
desc = request.args.get('desc')
elif request.method == "POST":
hostname = request.form["hostname"]
hostname = request.form.get("hostname")
username = request.form["username"]
sudo = int(request.form["username"])
desc = request.form["desc"]
password = request.form.get("password")
sudo = int(request.form.get("username"))
desc = request.form.get("desc")
else:
return "invalid request for add user to host"
@ -618,22 +635,20 @@ def do_host_modifyuser(request):
user_desc = hostuser[1]
change = False
opParam = "sudo"
if sudo == 0:
opParam = "unsudo"
# 检查
hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone()
if hostips == None:
print("host(%s) not exitst on hosts" % hostname)
return "host(%s) not exitst on hosts" % hostname
hostip = hostips[0]
hostport = int(hostips[1])
if sudo != user_sudo:
change = True
# 检查
hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone()
if hostips == None:
print("host(%s) not exitst on hosts" % hostname)
return "host(%s) not exitst on hosts" % hostname
hostip = hostips[0]
hostport = int(hostips[1])
# 主机上修改sudo
status, output = exec_command_output(
"ssh %s@%s -p%d sudo sh .manager_user.sh %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username))
@ -642,6 +657,16 @@ def do_host_modifyuser(request):
(opParam, hostname, username, output))
return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output)
if len(password) > 0:
# 主机上修改密码
opParam = "passwd"
status, output = exec_command_output(
"ssh %s@%s -p%d sudo sh .manager_user.sh %s %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username, password))
if status != 0:
print("remote %s user host(%s) user(%s) failed! => output=%s" %
(opParam, hostname, username, output))
return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output)
if desc != user_desc:
change = True
@ -651,9 +676,9 @@ def do_host_modifyuser(request):
sudo, desc, hostname, username))
g.db.commit()
print("host remote =>> %s user:%s from host:%s successful [output: %s]" % (
opParam, username, hostname, output))
return "host remote =>> %s user:%s from host:%s successful [output: %s]" % (opParam, username, hostname, output)
print("host remote =>> modify user:%s from host:%s successful [output: %s]" % (
username, hostname, output))
return "host remote =>> modify user:%s from host:%s successful [output: %s]" % (username, hostname, output)
# 获取用户所有的主机列表

24
server/manager_user.sh

@ -6,7 +6,7 @@
# @date 2020-03-25
# -------------------------------------
cmdOp=$1 # 操作码 add del sudo unsudo
cmdOp=$1 # 操作码 add del passwd sudo unsudo
cmdName=$2 # 用户名
cmdPassword=$3 # 密码
cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥
@ -90,6 +90,20 @@ del_user() {
fi
}
# 修改密码
change_password() {
# 判断用户是否存在
grep "^$cmdName" $SYSPASSWD >& /dev/null
if [ $? -eq 0 ] && [ "$cmdPassword" ]; then
echo $cmdPassword| passwd $cmdName --stdin &>/dev/null
if [ $? -eq 0 ];then
echo "${cmdName}'s password is set successful"
else
echo "${cmdName}'s password is set failed"
fi
fi
}
# 添加sudo权限
sudo_user() {
grep "^$cmdName:" $SYSPASSWD >& /dev/null
@ -130,6 +144,14 @@ del)
del_user
;;
passwd)
if [ -z $cmdName ]; then
echo "del_user invalid params"
exit 1
fi
change_password
;;
sudo)
if [ -z $cmdName ]; then
echo "sudo_user invalid params"

Loading…
Cancel
Save