Ejemplo n.º 1
0
def perm_role_edit(request, res, *args):
    """
    edit role page
    """
    # 渲染数据
    header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑"
    res['operator'] = path2
    # 渲染数据
    role_id = request.GET.get("id")
    role = PermRole.objects.get(id=role_id)
    role_pass = CRYPTOR.decrypt(role.password)
    sudo_all = PermSudo.objects.all()
    role_sudos = role.sudo.all()
    sudo_all = PermSudo.objects.all()
    if request.method == "GET":
        return my_render('permManage/perm_role_edit.html', locals(), request)

    if request.method == "POST":
        # 获取 POST 数据
        role_name = request.POST.get("role_name")
        role_password = request.POST.get("role_password")
        role_comment = request.POST.get("role_comment")
        role_sudo_names = request.POST.getlist("sudo_name")
        role_sudos = [PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names]
        key_content = request.POST.get("role_key", "")

        try:
            if not role:
                raise ServerError('该系统用户不能存在')

            if role_name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')

            if role_password:
                encrypt_pass = CRYPTOR.encrypt(role_password)
                role.password = encrypt_pass
            # 生成随机密码,生成秘钥对
            if key_content:
                try:
                    key_path = gen_keys(key=key_content, key_path_dir=role.key_path)
                except SSHException:
                    raise ServerError('输入的密钥不合法')
                logger.debug('Recreate role key: %s' % role.key_path)
            # 写入数据库
            role.name = role_name
            role.comment = role_comment
            role.sudo = role_sudos

            role.save()
            msg = u"更新系统用户: %s" % role.name
            res['content'] = msg
            return HttpResponseRedirect(reverse('role_list'))
        except ServerError, e:
            error = e
            res['flag'] = 'false'
            res['content'] = e
Ejemplo n.º 2
0
def perm_role_add(request, res, *args):
    """
    add role page
    """
    header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户"
    res['operator'] = path2
    sudos = PermSudo.objects.all()

    if request.method == "POST":
        name = request.POST.get("role_name", "").strip()
        comment = request.POST.get("role_comment", "")
        password = request.POST.get("role_password", "")
        key_content = request.POST.get("role_key", "")
        sudo_ids = request.POST.getlist('sudo_name')

        try:
            if get_object(PermRole, name=name):
                raise ServerError(u'已经存在该用户 %s' % name)
            if name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
            default = get_object(Setting, name='default')

            if password:
                encrypt_pass = CRYPTOR.encrypt(password)
            else:
                encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
            # 生成随机密码,生成秘钥对
            sudos_obj = [get_object(PermSudo, id=sudo_id) for sudo_id in sudo_ids]
            if key_content:
                try:
                    key_path = gen_keys(key=key_content)
                except SSHException, e:
                    raise ServerError(e)
            else:
                key_path = gen_keys()
            logger.debug('generate role key: %s' % key_path)
            role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path)
            role.save()
            role.sudo = sudos_obj
            msg = u"添加系统用户: %s" % name
            res['content'] = msg
            return HttpResponseRedirect(reverse('role_list'))
Ejemplo n.º 3
0
def media_add(request, res, *args):
    response = {'success': False, 'error': ''}
    res['operator'] = u'添加告警媒介'
    if request.method == 'POST':
        try:
            media_name = request.POST.get('media_name', '')
            if EmergencyType.objects.filter(name=media_name):
                    raise ServerError(u'名称[%s]已存在'%media_name)
            media_type = request.POST.get('media_type', '')
            if media_type == '0':
                smtp_host = request.POST.get('smtp_host', '')
                smtp_host_port = request.POST.get('smtp_host_port', 587)
                email_user = request.POST.get('email_user', '')
                email_user_password = request.POST.get('email_user_password', '')
                encrypt_password = CRYPTOR.encrypt(email_user_password)
                connect_security = request.POST.getlist('connection', [])
                status = request.POST.get('extra', '0')
                comment = request.POST.get('comment', '')
                is_use_tls = True if '1' in connect_security else 0
                is_use_ssl = True if '0' in connect_security else 0
                media_detail = u"SMTP服务器:{0}    SMTP电邮:{1}".format(smtp_host, email_user)

                if '' in [media_name, smtp_host, smtp_host_port, email_user, email_user_password]:
                    raise ServerError(u'必要参数不能为空,请从新填写')

                EmergencyType.objects.create(name=media_name, type=media_type, smtp_server=smtp_host, smtp_server_port=int(smtp_host_port),
                                             status=status, email_username=email_user, email_password=encrypt_password,
                                             email_use_ssl=is_use_ssl, email_use_tls=is_use_tls,detail=media_detail, comment=comment)

                res['content'] = u'添加告警媒介[%s]成功' % media_name
                response['success'] = True
                response['error'] = u'添加告警媒介[%s]成功' % media_name
            elif media_type == '1':
                corpid = request.POST.get('corpid', '')
                corpsecret = request.POST.get('corpsecret', '')
                status = request.POST.get('extra', '0')
                comment = request.POST.get('comment', '')

                if '' in [media_name, corpid, corpsecret]:
                    raise ServerError(u'必要参数为空,请从新填写!')

                media_detail = u'CorpID:%s '%corpid
                EmergencyType.objects.create(name=media_name, type=media_type, corpid=corpid, corpsecret=corpsecret,
                                             detail=media_detail, status=status, comment=comment)
                res['content'] = u'添加成功'
                response['success'] = True
                response['error'] = u'添加成功'
        except Exception as e:
            res['flag'] = False
            res['content'] = e.message
            response['error'] = u'添加media失败:%s'%e.message
    return HttpResponse(json.dumps(response), content_type='application/json')
Ejemplo n.º 4
0
def media_edit(request, res):
    res['operator'] = u'编辑告警媒介'
    if request.method == 'GET':
        try:
            media_id = request.GET.get('id', '')
            media_info = EmergencyType.objects.get(id=int(media_id))
            rest = {}
            rest['Id'] = media_info.id
            rest['name'] = media_info.name
            rest['type'] = media_info.type
            rest['status'] = media_info.status
            rest['smtp_server'] = media_info.smtp_server
            rest['smtp_server_port'] = media_info.smtp_server_port
            rest['email_username'] = media_info.email_username
            email_psswd = CRYPTOR.decrypt(media_info.email_password) if media_info.email_password else ''  # 将密码解密后在传到前端
            rest['email_password'] = email_psswd
            rest['email_use_tls'] = media_info.email_use_tls
            rest['email_use_ssl'] = media_info.email_use_ssl
            rest['corpid'] = media_info.corpid
            rest['corpsecret'] = media_info.corpsecret
            rest['comment'] = media_info.comment
            return HttpResponse(json.dumps(rest), content_type='application/json')
        except Exception as e:
            logger.error(e.message)
            return HttpResponse(e.message)
    else:
        response = {'success': False, 'error': ''}
        m_id = request.GET.get('id', '')
        media = EmergencyType.objects.get(id=int(m_id))
        media_name = request.POST.get('media_name', '')
        media_type = request.POST.get('media_type', '')
        try:
            old_name=media.name
            if old_name==media_name:
                if EmergencyType.objects.filter(name=media_name).count()>1:
                    raise ServerError(u'名称[%s]已存在'% media_name)
            else:
                if EmergencyType.objects.filter(name=media_name).count()>0:
                    raise ServerError(u"名称[%s]已存在"% media_name)
            if media_type == '0':
                smtp_host = request.POST.get('smtp_host', '')
                smtp_host_port = int(request.POST.get('smtp_host_port', 587))
                email_user = request.POST.get('email_user', '')
                email_user_password = request.POST.get('email_user_password', '')
                encrypt_password = CRYPTOR.encrypt(email_user_password)
                connect_security = request.POST.getlist('connection', [])
                status = request.POST.get('extra', '0')
                comment = request.POST.get('comment', '')
                is_use_tls = True if '1' in connect_security else 0
                is_use_ssl = True if '0' in connect_security else 0
                media_detail = u"SMTP服务器:{0}    SMTP电邮:{1}".format(smtp_host, email_user)

                if '' in [media_name, smtp_host, smtp_host_port, email_user, email_user_password]:
                    raise ServerError(u'名称不能为空')

                media.name = media_name
                media.type = media_type
                media.smtp_server = smtp_host
                media.smtp_server_port = smtp_host_port
                media.status = status
                media.email_username = email_user
                media.email_password = encrypt_password
                media.email_use_ssl = is_use_ssl
                media.email_use_tls = is_use_tls
                media.detail = media_detail
                media.comment = comment
                media.save()

                res['content'] = u'修改告警媒介[%s]成功' % media_name
                response['success'] = True
            elif media_type == '1':

                corpid = request.POST.get('corpid', '')
                corpsecret = request.POST.get('corpsecret', '')
                status = request.POST.get('extra', '0')
                comment = request.POST.get('comment', '')
                media_detail = u'CorpID:%s'%corpid
                if '' in [media_name, corpid, corpsecret]:
                    raise ServerError(u'必要参数为空,请从新填写!')

                media.name = media_name
                media.type = media_type
                media.status = status
                media.corpid = corpid
                media.detail = media_detail
                media.corpsecret = corpsecret
                media.comment = comment
                media.save()
                res['content'] = u'修改告警媒介[%s]成功'%media.name
                response['success'] = True
        except Exception as e:
            logger.error(e)
            res['flag'] = 'false'
            response['error'] =res['content'] = u'修改告警媒介失败:%s'%e.message
        return HttpResponse(json.dumps(response), content_type='application/json')
Ejemplo n.º 5
0
def perm_role_edit(request, res, *args):
    """
    编辑系统用户
    """
    # 渲染数据
    res['operator'] = u"编辑系统用户"
    res['emer_content'] = 6
    if request.method == "GET":
        role_id = request.GET.get("id")
        role = PermRole.objects.get(id=int(role_id))
        if not role:
            return HttpResponse(u'系统用户不存在')
        rest = {}
        rest['Id'] = role.id
        rest['role_name'] = role.name
        rest['role_password'] = role.password
        rest['role_comment'] = role.comment
        rest['system_groups'] = role.system_groups
        rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
        return HttpResponse(json.dumps(rest), content_type='application/json')
    else:
        response = {'success': False, 'error': ''}
        role_id = request.GET.get("id", '')
        role = PermRole.objects.get(id=int(role_id))
        role_name = request.POST.get("role_name")
        role_password = request.POST.get("role_password")
        role_comment = request.POST.get("role_comment")
        role_sudo_names = request.POST.getlist("sudo_name")
        role_sudos = [
            PermSudo.objects.get(id=int(sudo_id))
            for sudo_id in role_sudo_names
        ]
        key_content = request.POST.get("role_key", "")
        sudo_uuids = [item.uuid_id for item in role_sudos]
        sys_groups = request.POST.get("sys_groups", '').strip()
        try:
            if not role:
                raise ServerError('该系统用户不能存在')

            if role_name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')

            if role_password:
                encrypt_pass = CRYPTOR.encrypt(role_password)
                role.password = encrypt_pass

            role_key_content = ""  # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
            # TODO 生成随机密码,生成秘钥对
            if key_content:
                try:
                    key_contents = json.dumps(gen_keys(key=key_content))
                    role.key_content = key_contents
                    role_key_content = key_contents
                except SSHException:
                    raise ServerError(u'输入的密钥不合法')
            # 跟新server上的permrole
            role.name = role_name
            role.comment = role_comment
            role.system_groups = sys_groups
            role.sudo = role_sudos
            role.save()

            # 更新proxy上的permrole
            data = {
                'name': role_name,
                'password': role_password,
                'comment': role_comment,
                'sudo_uuids': sudo_uuids,
                'key_content': role_key_content,
                'sys_groups': sys_groups
            }
            data = json.dumps(data)
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermRole',
                                 data,
                                 obj_uuid=role.uuid_id,
                                 action='update')
            # TODO 用户操作记录
            res['content'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 告警事件记录
            res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 页面返回信息
            response['success'] = True
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"编辑系统用户失败:%s" % (e.message)
            response['error'] = u"编辑系统用户失败:%s" % (e.message)
        return HttpResponse(json.dumps(response),
                            content_type='application/json')
Ejemplo n.º 6
0
def perm_role_add(request, res, *args):
    """
    添加系统用户 server和proxy上都添加
    """
    response = {'success': False, 'error': ''}
    res['operator'] = u"添加系统用户"
    res['emer_content'] = 6
    if request.method == "POST":
        name = request.POST.get("role_name", "").strip()
        comment = request.POST.get("role_comment", "")
        password = request.POST.get("role_password", "")
        key_content = request.POST.get("role_key", "")
        sudo_ids = request.POST.getlist('sudo_name')
        uuid_id = str(uuid.uuid1())
        sys_groups = request.POST.get('sys_groups', '').strip()

        try:
            if get_object(PermRole, name=name):
                raise ServerError(u'用户 %s已经存在' % name)
            if name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
            if name == "":
                raise ServerError(u'系统用户名为空')

            if password:
                encrypt_pass = CRYPTOR.encrypt(password)
            else:
                encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
            # 生成随机密码,生成秘钥对
            sudos_obj = [
                get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids
            ]
            sudo_uuids = [item.uuid_id for item in sudos_obj]
            try:
                keys_content = json.dumps(gen_keys(key_content))
            except Exception, e:
                raise ServerError(e)

            #  # TODO 将数据保存到magicstack上
            role = PermRole.objects.create(uuid_id=uuid_id,
                                           name=name,
                                           comment=comment,
                                           password=encrypt_pass,
                                           key_content=keys_content,
                                           system_groups=sys_groups)
            role.sudo = sudos_obj
            role.save()

            # TODO 将数据同时保存到proxy上
            proxy_list = Proxy.objects.all()
            data = {
                'uuid_id': uuid_id,
                'id': role.id,
                'name': name,
                'password': encrypt_pass,
                'comment': comment,
                'key_content': keys_content,
                'sudo_uuids': sudo_uuids,
                'sys_groups': sys_groups
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermRole',
                                 data,
                                 obj_uuid=role.uuid_id,
                                 action='add')
            response['success'] = True
            res['content'] = u'添加系统用户[%s]成功' % role.name
            res['emer_status'] = u'添加系统用户[%s]成功' % role.name
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"添加系统用户失败:%s" (e.message)
            response['error'] = u"添加系统用户失败:%s" % (e.message)
Ejemplo n.º 7
0
def perm_role_edit(request, res, *args):
    """
    编辑系统用户
    """
    # 渲染数据
    res['operator'] = u"编辑系统用户"
    res['emer_content'] = 6
    if request.method == "GET":
        role_id = request.GET.get("id")
        role = PermRole.objects.get(id=int(role_id))
        if not role:
            return HttpResponse(u'系统用户不存在')
        rest = {}
        rest['Id'] = role.id
        rest['role_name'] = role.name
        rest['role_password'] = role.password
        rest['role_comment'] = role.comment
        rest['system_groups'] = role.system_groups
        rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
        return HttpResponse(json.dumps(rest), content_type='application/json')
    else:
        response = {'success': False, 'error': ''}
        role_id = request.GET.get("id", '')
        role = PermRole.objects.get(id=int(role_id))
        role_name = request.POST.get("role_name")
        role_password = request.POST.get("role_password")
        role_comment = request.POST.get("role_comment")
        role_sudo_names = request.POST.getlist("sudo_name")
        role_sudos = [PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names]
        key_content = request.POST.get("role_key", "")
        sudo_uuids = [item.uuid_id for item in role_sudos]
        sys_groups = request.POST.get("sys_groups",'').strip()
        try:
            if not role:
                raise ServerError('该系统用户不能存在')

            if role_name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')

            if role_password:
                encrypt_pass = CRYPTOR.encrypt(role_password)
                role.password = encrypt_pass

            role_key_content = ""    # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
            # TODO 生成随机密码,生成秘钥对
            if key_content:
                try:
                    key_contents = json.dumps(gen_keys(key=key_content))
                    role.key_content = key_contents
                    role_key_content = key_contents
                except SSHException:
                    raise ServerError(u'输入的密钥不合法')
            # 跟新server上的permrole
            role.name = role_name
            role.comment = role_comment
            role.system_groups = sys_groups
            role.sudo = role_sudos
            role.save()

            # 更新proxy上的permrole
            data = {'name': role_name,
                    'password': role_password,
                    'comment': role_comment,
                    'sudo_uuids': sudo_uuids,
                    'key_content': role_key_content,
                    'sys_groups': sys_groups}
            data = json.dumps(data)
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update')
            # TODO 用户操作记录
            res['content'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 告警事件记录
            res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 页面返回信息
            response['success'] = True
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"编辑系统用户失败:%s"%(e.message)
            response['error'] = u"编辑系统用户失败:%s"%(e.message)
        return HttpResponse(json.dumps(response), content_type='application/json')
Ejemplo n.º 8
0
def perm_role_add(request, res, *args):
    """
    添加系统用户 server和proxy上都添加
    """
    response = {'success': False, 'error': ''}
    res['operator'] = u"添加系统用户"
    res['emer_content'] = 6
    if request.method == "POST":
        name = request.POST.get("role_name", "").strip()
        comment = request.POST.get("role_comment", "")
        password = request.POST.get("role_password", "")
        key_content = request.POST.get("role_key", "")
        sudo_ids = request.POST.getlist('sudo_name')
        uuid_id = str(uuid.uuid1())
        sys_groups = request.POST.get('sys_groups', '').strip()

        try:
            if get_object(PermRole, name=name):
                raise ServerError(u'用户 %s已经存在' % name)
            if name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
            if name == "":
                raise ServerError(u'系统用户名为空')

            if password:
                encrypt_pass = CRYPTOR.encrypt(password)
            else:
                encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
            # 生成随机密码,生成秘钥对
            sudos_obj = [get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids]
            sudo_uuids = [item.uuid_id for item in sudos_obj]
            try:
                keys_content = json.dumps(gen_keys(key_content))
            except Exception, e:
                raise ServerError(e)

            #  # TODO 将数据保存到magicstack上
            role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass,
                                           key_content=keys_content, system_groups=sys_groups)
            role.sudo = sudos_obj
            role.save()

            # TODO 将数据同时保存到proxy上
            proxy_list = Proxy.objects.all()
            data = {'uuid_id': uuid_id,
                    'id': role.id,
                    'name': name,
                    'password': encrypt_pass,
                    'comment': comment,
                    'key_content': keys_content,
                    'sudo_uuids': sudo_uuids,
                    'sys_groups': sys_groups}
            data = json.dumps(data)
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data,
                                 obj_uuid=role.uuid_id, action='add')
            response['success'] = True
            res['content'] = u'添加系统用户[%s]成功'% role.name
            res['emer_status'] = u'添加系统用户[%s]成功'% role.name
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"添加系统用户失败:%s"(e.message)
            response['error'] = u"添加系统用户失败:%s"%(e.message)