def clean_password(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
if username and password:
mail = checkldap(username,password)
if not mail:
raise forms.ValidationError(u'LDAP账户不正确')
else:
try:
c = User(username=username, password=make_password(password,None, 'pbkdf2_sha256'),email=mail,is_active=1)
c.save()
except Exception:
pass
try:
u = Example.objects.get(username=username)
u.password = make_password(password,None, 'pbkdf2_sha256')
u.save()
except Exception:
pass
self.user_cache = auth.authenticate(username=username,password=password)
if self.user_cache is None:
raise forms.ValidationError(u'账号密码不匹配')
elif not self.user_cache.is_active:
raise forms.ValidationError(u'此账号已被禁用')
return self.cleaned_data
def clean_password(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
if username and password:
mail = checkldap(username, password)
if not mail:
raise forms.ValidationError(u'LDAP账户不正确')
else:
try:
c = User(username=username,
password=make_password(password, None,
'pbkdf2_sha256'),
email=mail,
is_active=1)
c.save()
except Exception:
pass
try:
u = Example.objects.get(username=username)
u.password = make_password(password, None, 'pbkdf2_sha256')
u.save()
except Exception:
pass
self.user_cache = auth.authenticate(username=username,
password=password)
if self.user_cache is None:
raise forms.ValidationError(u'账号密码不匹配')
elif not self.user_cache.is_active:
raise forms.ValidationError(u'此账号已被禁用')
return self.cleaned_data
def addUser(request):
jm = PyCrypt(key)
if request.method == 'GET':
return render_to_response('addUser.html', {'user_menu': 'active'},
context_instance=RequestContext(request))
else:
username = request.POST.get('username')
password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm')
keypass = request.POST.get('keypass')
keypass_confirm = request.POST.get('keypass_confirm')
name = request.POST.get('name')
email = request.POST.get('email')
error = ''
if '' in (username, password, password_confirm, name):
error += '带*号内容不能为空。'
if User.objects.filter(username=username):
error += '用户名已存在。'
if password != password_confirm or keypass != keypass_confirm:
error += '两次输入密码不匹配。'
if error:
return render_to_response('addUser.html', {
'error': error,
'user_menu': 'active'
},
context_instance=RequestContext(request))
ldap_password = keygen(15)
ret = subprocess.call(
"%s '%s' '%s';%s '%s';%s '%s' '%s'" %
(useradd_shell, username, ldap_password, sudoadd_shell, username,
keygen_shell, username, keypass),
shell=True)
if not ret:
ret = subprocess.call('echo %s | passwd --stdin %s' %
(password, username),
shell=True)
if not ret:
user = User(username=username,
password=jm.encrypt(ldap_password),
name=name,
email=email)
user.save()
msg = u'添加用户 %s 成功。' % name
else:
msg = u'添加用户 %s 失败。' % name
else:
msg = u'添加用户 %s 失败。' % name
return render_to_response('addUser.html', {
'msg': msg,
'user_menu': 'active'
},
context_instance=RequestContext(request))
def addUser(request):
"""添加用户"""
jm = PyCrypt(key)
if request.method == "GET":
return render_to_response("addUser.html", {"user_menu": "active"}, context_instance=RequestContext(request))
else:
username = request.POST.get("username")
password = request.POST.get("password")
password_confirm = request.POST.get("password_confirm")
keypass = request.POST.get("keypass")
keypass_confirm = request.POST.get("keypass_confirm")
name = request.POST.get("name")
email = request.POST.get("email")
error = ""
if "" in (username, password, password_confirm, name):
error += "带*号内容不能为空。"
if User.objects.filter(username=username):
error += "用户名已存在。"
if password != password_confirm or keypass != keypass_confirm:
error += "两次输入密码不匹配。"
if error:
return render_to_response(
"addUser.html", {"error": error, "user_menu": "active"}, context_instance=RequestContext(request)
)
ldap_password = keygen(15)
ret = subprocess.call(
"%s '%s' '%s';%s '%s';%s '%s' '%s'"
% (useradd_shell, username, ldap_password, sudoadd_shell, username, keygen_shell, username, keypass),
shell=True,
)
if not ret:
ret = subprocess.call("echo %s | passwd --stdin %s" % (password, username), shell=True)
if not ret:
user = User(username=username, password=jm.encrypt(ldap_password), name=name, email=email)
user.save()
msg = u"添加用户 %s 成功。" % name
else:
msg = u"添加用户 %s 失败。" % name
else:
msg = u"添加用户 %s 失败。" % name
return render_to_response(
"addUser.html", {"msg": msg, "user_menu": "active"}, context_instance=RequestContext(request)
)
def install(request):
user = User.objects.filter(username='******')
if user:
error = '已经安装,请出重复安装.'
return render_to_response('info.html', {'error': error})
else:
u = User(id=800,
username='******',
password=md5_crypt('admin'),
key_pass=md5_crypt('admin'),
name='admin',
is_admin=False,
is_superuser=True,
ldap_password=md5_crypt('admin'))
u.save()
msg = '安装成功'
return render_to_response('info.html', {'msg': msg})
def install(request):
user = User.objects.filter(username='******')
if user:
error = '已经安装,请出重复安装.'
return render_to_response('info.html', {'error': error})
else:
u = User(
id=800,
username='******',
password=md5_crypt('admin'),
key_pass=md5_crypt('admin'),
name='admin',
is_admin=False,
is_superuser=True,
ldap_password=md5_crypt('admin'))
u.save()
msg = '安装成功'
return render_to_response('info.html', {'msg': msg})
def LoginUser(request):
'''用户登录'''
count = User.objects.all().count()
logger.error(count)
if count == 0:
user = User()
user.name = 'admin'
user.set_password('admin')
user.is_active = 1
user.is_superuser = 1
user.save()
if request.method == 'GET' and request.user.is_authenticated():
return HttpResponseRedirect('/')
# if request.method == 'GET' and 'next' in request.GET:
# next = request.GET['next']
# else:
# next = '/'
redirect_to = request.POST.get(REDIRECT_FIELD_NAME,
request.GET.get(REDIRECT_FIELD_NAME, ''))
errorString = ''
if request.method == 'POST':
user_cache = auth.authenticate(username=request.POST['username'],
password=request.POST['password'])
print(user_cache)
if user_cache is not None:
if user_cache.is_active:
auth.login(request, user_cache)
return HttpResponseRedirect(redirect_to)
else:
errorString = '账号被禁用!'
else:
errorString = '账号密码不匹配'
kwvars = {
'request': request,
'next': redirect_to,
'errorString': errorString
}
return render_to_response('UserManage/login.html', kwvars,
RequestContext(request))
def addUser(request):
"""添加用户"""
msg = ''
form = UserAddForm()
jm = PyCrypt(key)
if request.method == 'POST':
form = UserAddForm(request.POST)
if form.is_valid():
user = form.cleaned_data
username = user['username']
password = user['password']
key_pass = user['key_pass']
name = user['name']
is_admin = user['is_admin']
is_superuser = user['is_superuser']
ldap_password = keygen(16)
group_post = user['group']
groups = []
# 如果用户是admin,那么不能委任其他admin或者超级用户
if is_admin_user(request):
is_admin = False
is_superuser = False
# 组
for group_name in group_post:
groups.append(Group.objects.get(name=group_name))
# 数据中保存用户,如果失败就返回
u = User(username=username,
password=md5_crypt(password),
key_pass=jm.encrypt(key_pass),
name=name,
is_admin=is_admin,
is_superuser=is_superuser,
ldap_password=jm.encrypt(ldap_password))
try:
u.save()
u.group = groups
u.save()
except Exception, e:
error = u'数据库插入用户错误' + unicode(e)
return render_to_response(
'addUser.html', {
'user_menu': 'active',
'form': form,
'error': error
},
context_instance=RequestContext(request))
# 系统中添加用户
ret_add = bash('useradd %s' % username)
ret_passwd = bash('echo %s | passwd --stdin %s' %
(password, username))
ret_rsa = rsa_gen(username, key_pass)
if [ret_add, ret_passwd, ret_rsa].count(0) < 3:
error = u'跳板机添加用户失败'
bash('userdel -r %s' % username)
u.delete()
return render_to_response(
'addUser.html', {
'user_menu': 'active',
'form': form,
'error': error
},
context_instance=RequestContext(request))
# 添加到ldap中
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
password_sha512 = gen_sha512(keygen(6), ldap_password)
user_attr = {
'uid': [str(username)],
'cn': [str(username)],
'objectClass':
['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(u.id)],
'gidNumber': [str(u.id)],
'homeDirectory': [str('/home/%s' % username)]
}
group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn)
group_attr = {
'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(u.id)]
}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn)
sudo_attr = {
'objectClass': ['top'],
'objectClass': ['sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]
}
ldap_conn = LDAPMgmt()
try:
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
except Exception, e:
error = u'添加ladp用户失败' + unicode(e)
try:
bash('userdel -r %s' % username)
u.delete()
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
except Exception:
pass
return render_to_response(
'addUser.html', {
'user_menu': 'active',
'form': form,
'error': error
},
context_instance=RequestContext(request))
msg = u'添加用户成功'
def addUser(request):
"""添加用户"""
msg = ''
form = UserAddForm()
jm = PyCrypt(key)
if request.method == 'POST':
form = UserAddForm(request.POST)
if form.is_valid():
user = form.cleaned_data
username = user['username']
password = user['password']
key_pass = user['key_pass']
name = user['name']
is_admin = user['is_admin']
is_superuser = user['is_superuser']
ldap_password = keygen(16)
group_post = user['group']
groups = []
# 如果用户是admin,那么不能委任其他admin或者超级用户
if is_admin_user(request):
is_admin = False
is_superuser = False
# 组
for group_name in group_post:
groups.append(Group.objects.get(name=group_name))
# 数据中保存用户,如果失败就返回
u = User(
username=username,
password=md5_crypt(password),
key_pass=jm.encrypt(key_pass),
name=name,
is_admin=is_admin,
is_superuser=is_superuser,
ldap_password=jm.encrypt(ldap_password))
try:
u.save()
u.group = groups
u.save()
except Exception, e:
error = u'数据库插入用户错误' + unicode(e)
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request))
# 系统中添加用户
ret_add = bash('useradd %s' % username)
ret_passwd = bash('echo %s | passwd --stdin %s' % (password, username))
ret_rsa = rsa_gen(username, key_pass)
if [ret_add, ret_passwd, ret_rsa].count(0) < 3:
error = u'跳板机添加用户失败'
bash('userdel -r %s' % username)
u.delete()
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request))
# 添加到ldap中
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
password_sha512 = gen_sha512(keygen(6), ldap_password)
user_attr = {
'uid': [str(username)],
'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(u.id)],
'gidNumber': [str(u.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn)
group_attr = {
'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(u.id)]
}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn)
sudo_attr = {
'objectClass': ['top'],
'objectClass': ['sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]
}
ldap_conn = LDAPMgmt()
try:
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
except Exception, e:
error = u'添加ladp用户失败' + unicode(e)
try:
bash('userdel -r %s' % username)
u.delete()
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
except Exception:
pass
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request))
msg = u'添加用户成功'
def AddUser(request):
if request.method == 'POST':
user = User()
if 'username' in request.POST and request.POST.get('username') != '':
data = User.objects.all()
for num in range(len(data)):
if getattr(data[num],
'username') != request.POST.get('username'):
user.username = request.POST.get('username')
else:
return JsonResponse({
'errorCode': '0x0010',
'errorString': '用户名重复'
})
else:
return JsonResponse({
'errorCode': '0x0003',
'errorString': '必须输入用户名'
})
if 'password' in request.POST and request.POST.get('password') == '':
return JsonResponse({
'errorCode': '0x0004',
'errorString': '必须输入密码'
})
elif len(request.POST.get('password')) < 8:
return JsonResponse({
'errorCode': '0x0005',
'errorString': '密码必须大于8位'
})
else:
user.set_password(request.POST.get('password'))
user.telephone = request.POST.get('telephone')
user.email = request.POST.get('email')
user.department = request.POST.get('department')
if 'group' in request.POST and request.POST.get('group') == '':
return JsonResponse({
'errorCode': '0x0006',
'errorString': '必须选择用户组'
})
else:
user.group = GroupList.objects.get(id=request.POST.get('group'))
user.is_active = request.POST.getlist('is_active')
user.save()
return JsonResponse({'errorCode': '0x0000', 'errorString': ''})
