def AddUser(request):
if request.method == 'POST':
user = User()
if 'username' in request.POST and request.POST.get('username') != '':
data = User.objects.all()
for num in range(len(data)):
if getattr(data[num],
'username') != request.POST.get('username'):
user.username = request.POST.get('username')
else:
return JsonResponse({
'errorCode': '0x0010',
'errorString': '用户名重复'
})
else:
return JsonResponse({
'errorCode': '0x0003',
'errorString': '必须输入用户名'
})
if 'password' in request.POST and request.POST.get('password') == '':
return JsonResponse({
'errorCode': '0x0004',
'errorString': '必须输入密码'
})
elif len(request.POST.get('password')) < 8:
return JsonResponse({
'errorCode': '0x0005',
'errorString': '密码必须大于8位'
})
else:
user.set_password(request.POST.get('password'))
user.telephone = request.POST.get('telephone')
user.email = request.POST.get('email')
user.department = request.POST.get('department')
if 'group' in request.POST and request.POST.get('group') == '':
return JsonResponse({
'errorCode': '0x0006',
'errorString': '必须选择用户组'
})
else:
user.group = GroupList.objects.get(id=request.POST.get('group'))
user.is_active = request.POST.getlist('is_active')
user.save()
return JsonResponse({'errorCode': '0x0000', 'errorString': ''})
def addUser(request):
"""添加用户"""
msg = ''
form = UserAddForm()
jm = PyCrypt(key)
if request.method == 'POST':
form = UserAddForm(request.POST)
if form.is_valid():
user = form.cleaned_data
username = user['username']
password = user['password']
key_pass = user['key_pass']
name = user['name']
is_admin = user['is_admin']
is_superuser = user['is_superuser']
ldap_password = keygen(16)
group_post = user['group']
groups = []
# 如果用户是admin,那么不能委任其他admin或者超级用户
if is_admin_user(request):
is_admin = False
is_superuser = False
# 组
for group_name in group_post:
groups.append(Group.objects.get(name=group_name))
# 数据中保存用户,如果失败就返回
u = User(username=username,
password=md5_crypt(password),
key_pass=jm.encrypt(key_pass),
name=name,
is_admin=is_admin,
is_superuser=is_superuser,
ldap_password=jm.encrypt(ldap_password))
try:
u.save()
u.group = groups
u.save()
except Exception, e:
error = u'数据库插入用户错误' + unicode(e)
return render_to_response(
'addUser.html', {
'user_menu': 'active',
'form': form,
'error': error
},
context_instance=RequestContext(request))
# 系统中添加用户
ret_add = bash('useradd %s' % username)
ret_passwd = bash('echo %s | passwd --stdin %s' %
(password, username))
ret_rsa = rsa_gen(username, key_pass)
if [ret_add, ret_passwd, ret_rsa].count(0) < 3:
error = u'跳板机添加用户失败'
bash('userdel -r %s' % username)
u.delete()
return render_to_response(
'addUser.html', {
'user_menu': 'active',
'form': form,
'error': error
},
context_instance=RequestContext(request))
# 添加到ldap中
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
password_sha512 = gen_sha512(keygen(6), ldap_password)
user_attr = {
'uid': [str(username)],
'cn': [str(username)],
'objectClass':
['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(u.id)],
'gidNumber': [str(u.id)],
'homeDirectory': [str('/home/%s' % username)]
}
group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn)
group_attr = {
'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(u.id)]
}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn)
sudo_attr = {
'objectClass': ['top'],
'objectClass': ['sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]
}
ldap_conn = LDAPMgmt()
try:
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
except Exception, e:
error = u'添加ladp用户失败' + unicode(e)
try:
bash('userdel -r %s' % username)
u.delete()
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
except Exception:
pass
return render_to_response(
'addUser.html', {
'user_menu': 'active',
'form': form,
'error': error
},
context_instance=RequestContext(request))
msg = u'添加用户成功'
def addUser(request):
"""添加用户"""
msg = ''
form = UserAddForm()
jm = PyCrypt(key)
if request.method == 'POST':
form = UserAddForm(request.POST)
if form.is_valid():
user = form.cleaned_data
username = user['username']
password = user['password']
key_pass = user['key_pass']
name = user['name']
is_admin = user['is_admin']
is_superuser = user['is_superuser']
ldap_password = keygen(16)
group_post = user['group']
groups = []
# 如果用户是admin,那么不能委任其他admin或者超级用户
if is_admin_user(request):
is_admin = False
is_superuser = False
# 组
for group_name in group_post:
groups.append(Group.objects.get(name=group_name))
# 数据中保存用户,如果失败就返回
u = User(
username=username,
password=md5_crypt(password),
key_pass=jm.encrypt(key_pass),
name=name,
is_admin=is_admin,
is_superuser=is_superuser,
ldap_password=jm.encrypt(ldap_password))
try:
u.save()
u.group = groups
u.save()
except Exception, e:
error = u'数据库插入用户错误' + unicode(e)
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request))
# 系统中添加用户
ret_add = bash('useradd %s' % username)
ret_passwd = bash('echo %s | passwd --stdin %s' % (password, username))
ret_rsa = rsa_gen(username, key_pass)
if [ret_add, ret_passwd, ret_rsa].count(0) < 3:
error = u'跳板机添加用户失败'
bash('userdel -r %s' % username)
u.delete()
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request))
# 添加到ldap中
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
password_sha512 = gen_sha512(keygen(6), ldap_password)
user_attr = {
'uid': [str(username)],
'cn': [str(username)],
'objectClass': ['account', 'posixAccount', 'top', 'shadowAccount'],
'userPassword': ['{crypt}%s' % password_sha512],
'shadowLastChange': ['16328'],
'shadowMin': ['0'],
'shadowMax': ['99999'],
'shadowWarning': ['7'],
'loginShell': ['/bin/bash'],
'uidNumber': [str(u.id)],
'gidNumber': [str(u.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn)
group_attr = {
'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(u.id)]
}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn)
sudo_attr = {
'objectClass': ['top'],
'objectClass': ['sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
'sudoHost': ['192.168.1.1'],
'sudoOption': ['!authenticate'],
'sudoRunAsUser': ['root'],
'sudoUser': ['%s' % str(username)]
}
ldap_conn = LDAPMgmt()
try:
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
ldap_conn.add(sudo_dn, sudo_attr)
except Exception, e:
error = u'添加ladp用户失败' + unicode(e)
try:
bash('userdel -r %s' % username)
u.delete()
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
except Exception:
pass
return render_to_response('addUser.html', {'user_menu': 'active', 'form': form, 'error': error},
context_instance=RequestContext(request))
msg = u'添加用户成功'
