1 Commits

  1. 2
      .gitignore
  2. 6
      client/jumpcli.go
  3. 59
      server/jumpserver.py
  4. 24
      server/manager_user.sh
  5. 2
      server/proto.md

2
.gitignore

@ -1 +1,3 @@
jumpserver jumpserver
.idea
.idea/

6
client/jumpcli.go

@ -92,7 +92,6 @@ func (t *SSHTerminal) updateTerminalSize() {
} }
termWidth, termHeight = currTermWidth, currTermHeight termWidth, termHeight = currTermWidth, currTermHeight
} }
} }
}() }()
@ -244,6 +243,7 @@ func main() {
fmt.Printf("open database failed! err=%v", err) fmt.Printf("open database failed! err=%v", err)
return return
} }
defer db.Close()
// 查询当前用户有访问权限的主机 // 查询当前用户有访问权限的主机
rows, err := db.Query(fmt.Sprintf("SELECT name, ip, port FROM hosts where isdelete=0 and name in(select hostname from hostuser where username='%s');", userInfo.Username)) rows, err := db.Query(fmt.Sprintf("SELECT name, ip, port FROM hosts where isdelete=0 and name in(select hostname from hostuser where username='%s');", userInfo.Username))
@ -251,6 +251,7 @@ func main() {
fmt.Printf("db.Query failed! err=%v", err) fmt.Printf("db.Query failed! err=%v", err)
return return
} }
defer rows.Close()
// ui展示列表 // ui展示列表
menuLabels := make([]string, 0) menuLabels := make([]string, 0)
@ -269,8 +270,6 @@ func main() {
menuLabels = append(menuLabels, fmt.Sprintf("%s:%s:%d", name, ip, port)) menuLabels = append(menuLabels, fmt.Sprintf("%s:%s:%d", name, ip, port))
} }
rows.Close()
db.Close()
// 选项列表 // 选项列表
prompt := promptui.Select{ prompt := promptui.Select{
@ -281,7 +280,6 @@ func main() {
for { for {
_, selectLabel, err := prompt.Run() _, selectLabel, err := prompt.Run()
if err != nil { if err != nil {
fmt.Printf("Prompt failed %v\n", err) fmt.Printf("Prompt failed %v\n", err)
return return

59
server/jumpserver.py

@ -43,8 +43,6 @@ gHostUserSql = "create table if not exists hostuser(id integer primary key autoi
# 添加跳板机用户脚本 # 添加跳板机用户脚本
gManagerUserShellFile = "manager_user.sh" gManagerUserShellFile = "manager_user.sh"
# 添加远程用户脚本
# gAddLocalUserShellFile = "add_remote_user.sh"
# sso应用信息 # sso应用信息
SSO_APPID = 18 SSO_APPID = 18
@ -196,20 +194,23 @@ def checkCookie(request):
# return True # return True
# 处理请求前回调
@app.before_request @app.before_request
def before_request(): def before_request():
g.isconnect_db = False g.isconnect_db = False
if request.path != "/sso" and (not checkCookie(request)): if request.path != "/sso" and (not checkCookie(request)):
return redirect_sso() return redirect_sso()
# 连接db并标志
g.db = connect_db() g.db = connect_db()
g.isconnect_db = True g.isconnect_db = True
# 处理请求后回调
@app.after_request @app.after_request
def after_request(response): def after_request(response):
if g.isconnect_db: if g.isconnect_db:
g.db.close() g.db.close()
# g会被释放掉
return response return response
@ -219,6 +220,7 @@ def sso():
return do_sso(request) return do_sso(request)
# 处理sso回调
def do_sso(request): def do_sso(request):
if request.method == "GET": if request.method == "GET":
sso_uid = int(request.args.get('sso_uid')) sso_uid = int(request.args.get('sso_uid'))
@ -231,6 +233,7 @@ def do_sso(request):
gSsoManager[sso_uid] = { gSsoManager[sso_uid] = {
"sso_uid": sso_uid, "sso_token": sso_token, "update_time": int(time.time())} "sso_uid": sso_uid, "sso_token": sso_token, "update_time": int(time.time())}
# 取出参数
params = urlparse.urlparse(request.url).query params = urlparse.urlparse(request.url).query
return redirect(gUrl + "?" + params) return redirect(gUrl + "?" + params)
@ -391,12 +394,14 @@ def do_del_user(request):
def do_modify_user(request): def do_modify_user(request):
if request.method == "GET": if request.method == "GET":
username = request.args.get('username') username = request.args.get('username')
password = request.args.get('password') or ""
sudo = int(request.args.get('sudo')) sudo = int(request.args.get('sudo'))
desc = request.args.get('desc') desc = request.args.get('desc')
elif request.method == "POST": elif request.method == "POST":
username = request.form["username"]
sudo = int(request.form["sudo"])
desc = request.form["desc"]
username = request.form.get("username")
password = request.form.get("password") or ""
sudo = int(request.form.get("sudo"))
desc = request.form.get("desc")
else: else:
return "invalid request for user" return "invalid request for user"
@ -429,6 +434,16 @@ def do_modify_user(request):
(opParam, username, output)) (opParam, username, output))
return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output) return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output)
if len(password) > 0:
# 修改用户密码
opParam = "passwd"
status, output = exec_command_output(
"sudo sh manager_user.sh %s %s" % (opParam, username))
if status != 0:
print("%s user user(%s) failed! => output=%s" %
(opParam, username, output))
return "error: %s user user(%s) failed! => output=%s" % (opParam, username, output)
if desc != user_desc: if desc != user_desc:
change = True change = True
@ -596,13 +611,15 @@ def do_host_modifyuser(request):
if request.method == "GET": if request.method == "GET":
hostname = request.args.get('hostname') hostname = request.args.get('hostname')
username = request.args.get('username') username = request.args.get('username')
password = request.args.get('password') or ""
sudo = int(request.args.get('sudo')) sudo = int(request.args.get('sudo'))
desc = request.args.get('desc') desc = request.args.get('desc')
elif request.method == "POST": elif request.method == "POST":
hostname = request.form["hostname"]
hostname = request.form.get("hostname")
username = request.form["username"] username = request.form["username"]
sudo = int(request.form["username"])
desc = request.form["desc"]
password = request.form.get("password") or ""
sudo = int(request.form.get("username"))
desc = request.form.get("desc")
else: else:
return "invalid request for add user to host" return "invalid request for add user to host"
@ -618,22 +635,20 @@ def do_host_modifyuser(request):
user_desc = hostuser[1] user_desc = hostuser[1]
change = False change = False
opParam = "sudo" opParam = "sudo"
if sudo == 0: if sudo == 0:
opParam = "unsudo" opParam = "unsudo"
if sudo != user_sudo:
change = True
# 检查 # 检查
hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone() hostips = g.db.execute("select ip,port from hosts where name='%s'" % (hostname)).fetchone()
if hostips == None: if hostips == None:
print("host(%s) not exitst on hosts" % hostname) print("host(%s) not exitst on hosts" % hostname)
return "host(%s) not exitst on hosts" % hostname return "host(%s) not exitst on hosts" % hostname
hostip = hostips[0] hostip = hostips[0]
hostport = int(hostips[1]) hostport = int(hostips[1])
if sudo != user_sudo:
change = True
# 主机上修改sudo # 主机上修改sudo
status, output = exec_command_output( status, output = exec_command_output(
"ssh %s@%s -p%d sudo sh .manager_user.sh %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username)) "ssh %s@%s -p%d sudo sh .manager_user.sh %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username))
@ -642,6 +657,16 @@ def do_host_modifyuser(request):
(opParam, hostname, username, output)) (opParam, hostname, username, output))
return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output) return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output)
if len(password) > 0:
# 主机上修改密码
opParam = "passwd"
status, output = exec_command_output(
"ssh %s@%s -p%d sudo sh .manager_user.sh %s %s %s" % (gDefaultSSHAdmin, hostip, hostport, opParam, username, password))
if status != 0:
print("remote %s user host(%s) user(%s) failed! => output=%s" %
(opParam, hostname, username, output))
return "error: remote %s user host(%s) user(%s) failed! => output=%s" % (opParam, hostname, username, output)
if desc != user_desc: if desc != user_desc:
change = True change = True
@ -651,9 +676,9 @@ def do_host_modifyuser(request):
sudo, desc, hostname, username)) sudo, desc, hostname, username))
g.db.commit() g.db.commit()
print("host remote =>> %s user:%s from host:%s successful [output: %s]" % (
opParam, username, hostname, output))
return "host remote =>> %s user:%s from host:%s successful [output: %s]" % (opParam, username, hostname, output)
print("host remote =>> modify user:%s from host:%s successful [output: %s]" % (
username, hostname, output))
return "host remote =>> modify user:%s from host:%s successful [output: %s]" % (username, hostname, output)
# 获取用户所有的主机列表 # 获取用户所有的主机列表

24
server/manager_user.sh

@ -6,7 +6,7 @@
# @date 2020-03-25 # @date 2020-03-25
# ------------------------------------- # -------------------------------------
cmdOp=$1 # 操作码 add del sudo unsudo
cmdOp=$1 # 操作码 add del passwd sudo unsudo
cmdName=$2 # 用户名 cmdName=$2 # 用户名
cmdPassword=$3 # 密码 cmdPassword=$3 # 密码
cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥 cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥
@ -90,6 +90,20 @@ del_user() {
fi fi
} }
# 修改密码
change_password() {
# 判断用户是否存在
grep "^$cmdName" $SYSPASSWD >& /dev/null
if [ $? -eq 0 ] && [ "$cmdPassword" ]; then
echo $cmdPassword| passwd $cmdName --stdin &>/dev/null
if [ $? -eq 0 ];then
echo "${cmdName}'s password is set successful"
else
echo "${cmdName}'s password is set failed"
fi
fi
}
# 添加sudo权限 # 添加sudo权限
sudo_user() { sudo_user() {
grep "^$cmdName:" $SYSPASSWD >& /dev/null grep "^$cmdName:" $SYSPASSWD >& /dev/null
@ -130,6 +144,14 @@ del)
del_user del_user
;; ;;
passwd)
if [ -z $cmdName ]; then
echo "del_user invalid params"
exit 1
fi
change_password
;;
sudo) sudo)
if [ -z $cmdName ]; then if [ -z $cmdName ]; then
echo "sudo_user invalid params" echo "sudo_user invalid params"

2
server/proto.md

@ -57,6 +57,7 @@ Resp:
Param: Param:
- username - username
- password(可选)
- sudo - sudo
- desc - desc
@ -136,6 +137,7 @@ Param:
- hostname - hostname
- username - username
- password(可选)
- sudo - sudo
- desc - desc

Loading…
Cancel
Save