def basite(request):
username = request.session.get('username')
mysqlipvalue = readprofile('mysql','host')
mysqlusernamevalue = readprofile('mysql','username')
mysqlPortevalue = readprofile('mysql','Port')
mysqlPasswordvalue = readprofile('mysql','Password')
mysqldatabase = readprofile('mysql','database')
if username == returnadminusernamevalue:
if mysqlipvalue != 'None'and mysqlipvalue != "" and mysqlipvalue != None and mysqlipvalue != False:
mysqlallvalue = getldap3configtion()
if mysqlallvalue:
myserver=mysqlallvalue.get('server', "None")
myuser=mysqlallvalue.get('user', "None")
mypassword=mysqlallvalue.get('password', "None")
mydomain=mysqlallvalue.get('domain', "None")
myusessl=mysqlallvalue.get('use_ssl', "None")
mysearch_base=mysqlallvalue.get('search_base', "None")
else:
myserver='None'
myusessl='None'
# mailvalue=searchsendmail()
# if mailvalue:
# mascount = mailvalue.get('mailcount', "None")
# mailpassr = mailvalue.get('password', "None")
# masrever = mailvalue.get('mailserver', "None")
# maddress = mailvalue.get('mailaddress', "None")
# else:
# masrever='None'
permessa=getpermsessage()
if permessa:
perlogn = permessa.get('logongroup', "None")
perchangepwd = permessa.get('changepwdgroup', "None")
perfile = permessa.get('fieldgroup', "None")
perset = permessa.get('operagroup', "None")
monitorselect = permessa.get('monitor', "None")
zabbixurl = permessa.get('zabbixurl', "None")
zabbixuser = permessa.get('zabbixuser', "None")
zabbixpassword = permessa.get('zabbixpassword', "None")
else:
perlogn='None'
monitorselect = 'None'
zabbixurl = 'None'
zabbixuser = '******'
zabbixpassword = '******'
iisexx=getliisconfigtion()
if iisexx:
exuser = iisexx.get('exuser', "None")
expassword = iisexx.get('expassword', "None")
exdomain = iisexx.get('exdomain', "None")
exip = iisexx.get('exserver', "None")
else:
iisserver='None'
exserver='None'
else:
mysqldatabase='None'
return render_to_response('basise.html',locals())
else:
return render_to_response('login.html', locals())
def hasmonitorvalueurl(request):
try:
permessa = getpermsessage()
if permessa:
result = {'isSuccess': True, "message": permessa}
else:
result = {'isSuccess': False, "message": permessa}
except Exception as e:
result = {'isSuccess': False, "message": str(e)}
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
def __init__(self,
encode='utf-8',
zabbixurl=None,
zabbixuser=None,
zabbixpassword=None):
"""
构造函数
:param request_id:JSON-RPC请求标识符
"""
getpermsessages = getpermsessage()
if getpermsessages:
self.uri = getpermsessages.get('zabbixurl', '')
self.zabbixuser = getpermsessages.get('zabbixuser', '')
self.zabbixpassword = encrypt_and_decode().decrypted_text(
getpermsessages.get('zabbixpassword', '')) #解密
if zabbixurl:
self.uri = zabbixurl
if zabbixuser:
self.zabbixuser = zabbixuser
if zabbixpassword:
self.zabbixpassword = zabbixpassword
def permsetest(request):
logongroup = request.POST.get('logongroup')
changpwdgr = request.POST.get('changpwdgr')
changfiled = request.POST.get('changfiled')
setopert = request.POST.get('setopert')
permsetest_post = request.POST
try:
username = request.session.get('username')
if username == returnadminusernamevalue:
with ldap3RESTARTABLE as conn:
try:
# 判断填写的栏位在AD中是否有对应的组
logingr_dn_list = []
per_dn_list = []
for per in permsetest_post:
conn.search(search_base=ladp3search_base, search_filter='(&(objectClass=group)(sAMAccountName=' + permsetest_post[per] + '))')
result_per = conn.result
response_per = conn.response
per_dn = response_per[0].get('dn', '')
if per_dn:
if per == 'logongroup':
logingr_dn_list.append(per_dn)
else:
per_dn_list.append(per_dn)
else:
result = {'isSuccess': False, "message": per+'栏位填写错误,找不到这个组 或 重启服务'}
insert_log(username, request, str(result['isSuccess']), str(result), '')
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
# 判断是否有相关数据表,没有则创建UserPer表
if not selectperdb():
if crearperdb() == ():
insert_log(username, request, str('true'), str('crearperdb'), '创建UserPer表')
else:
result = {'isSuccess': False, "message": '表格创建失败'}
insert_log(username, request, str(result['isSuccess']), str(result), '')
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
# 查询数据库,如果里面有权限组数据,则移除登陆组成员中的其他组
# 这一步 报错只记录数据库
try:
permessa = getpermsessage()
if permessa:
login_group_dn_list = []
per_group_dn_list = []
for i in permessa:
conn.search(
search_base=ladp3search_base,
search_filter="(&(objectCategory=group)(sAMAccountName=" + permessa[i] + "))",
search_scope='SUBTREE',
)
result_id = conn.result
response_id = conn.response
group_dn = response_id[0].get('dn', '')
if group_dn:
if i == 'logongroup':
login_group_dn_list.append(group_dn)
else:
per_group_dn_list.append(group_dn)
if login_group_dn_list and per_group_dn_list:
remove_member = conn.extend.microsoft.remove_members_from_groups(members=per_group_dn_list, groups=login_group_dn_list)
insert_log(username, request, str(remove_member), str('remove_members_from_groups'), str({"members":per_group_dn_list, 'groups':login_group_dn_list}))
except Exception as e:
insert_log(username, request, 'false', str(e), '查询数据库,如果里面有权限组数据,则移除登陆组成员中的其他组')
# 在新登陆组成员中 ,加入新的组
add_members = conn.extend.microsoft.add_members_to_groups(members=per_dn_list, groups=logingr_dn_list)
insert_log(username, request, str(add_members), str('add_members_to_groups'), str({"members":per_dn_list, 'groups':logingr_dn_list}))
# 写数据库
if insert_userper(logongroup, changpwdgr, changfiled, setopert) == ():
result = {'isSuccess': True, "message": '成功'}
else:
result = {'isSuccess': False, "message": '数据写入失败'}
except:
result = {'isSuccess': False, "message": '出现异常'}
else:
result = {'isSuccess': False, "message": '权限不足'}
except Exception as e:
result = {'isSuccess': False, "message": str(e)+"或 重启服务"}
insert_log(username, request, str(result['isSuccess']), str(result), '')
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
def verifyuser_login_new(sAMAccountName, password):
try:
permessa = getpermsessage()
logongroup = permessa.get('logongroup','')
with ldap3RESTARTABLE as conn:
if logongroup:
conn.search(
search_base=ladp3search_base,
search_filter="(&(objectCategory=group)(sAMAccountName=" + logongroup + "))",
search_scope='SUBTREE',
)
result_logongroup = conn.result
response_logongroup = conn.response
logongroup_dn = response_logongroup[0].get('dn','')
if logongroup_dn:
conn.search(search_base=ladp3search_base,
search_filter="(&(objectCategory=person)(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s)(sAMAccountName=%s))" % (logongroup_dn, sAMAccountName),
attributes=['sAMAccountName', 'userAccountControl', 'lockoutTime', 'distinguishedName','cn','name',
'sn','givenName','userPrincipalName','displayName','wWWHomePage','description','physicalDeliveryOfficeName','mail', 'accountExpires'])
result_user = conn.result
response_user = conn.response
user_attributes = response_user[0].get('attributes','')
if user_attributes:
userAccountControl = user_attributes.get('userAccountControl')
distinguishedName = user_attributes.get('distinguishedName')
lockoutTime = user_attributes.get('lockoutTime', '')
accountExpires = user_attributes.get('accountExpires', datetime.now())
if lockoutTime:
lockoutTime_str = (utc2local(lockoutTime)).strftime('%Y-%m-%d %H:%M:%S')
else:
lockoutTime_str = '1601-01-01 08:00:00'
# accountExpires 9999-12-31 23:59:59.999999 未设置账户过期
# accountExpires 1601-01-01 00:00:00+00:00 从不过期
# accountExpires 2019-05-17 16:00:00+00:00 账户过期时间
accountExpires_str = accountExpires.strftime('%Y-%m-%d %H:%M:%S')
if accountExpires_str in ['1601-01-01 00:00:00', '9999-12-31 23:59:59']:
Expires = True
else:
accountExpires = (utc2local(accountExpires)).replace(tzinfo=None)
now = (datetime.now()).replace(tzinfo=None)
if accountExpires > now:
Expires = True
else:
accountExpires_str = accountExpires.strftime('%Y-%m-%d %H:%M:%S')
Expires = False
if bin(userAccountControl)[-2] == '0':
if lockoutTime_str == '1601-01-01 08:00:00':
if Expires:
try:
server = Server(ladp3search_server, get_info=NONE)
connect = Connection(server=server, user=distinguishedName, password=password)
bind = connect.bind(read_server_info=False)
if bind:
result = {'isSuccess': True, "message": user_attributes}
else:
result = {'isSuccess': False, "message": '密码错误'}
except Exception as e:
result = {'isSuccess': False, "message": '服务器连接ldap错误'+str(e)}
else:
result = {'isSuccess': False, "message": sAMAccountName + '账号已过期,过期时间' + accountExpires_str}
else:
result = {'isSuccess': False, "message": sAMAccountName + '账号已锁定,锁定时间'+lockoutTime_str}
else:
result = {'isSuccess': False, "message": sAMAccountName+'账号已禁用'}
else:
result = {'isSuccess': False, "message": sAMAccountName+'账号错误或没有权限'}
else:
result = {'isSuccess': False, "message": '登陆权限组配置错误:'+str(result_logongroup.get('description',''))}
else:
result = {'isSuccess': False, "message": '登陆权限组未配置'}
except Exception as e:
result = {'isSuccess': False, "message": '服务器错误:'+str(e)}
return result
def Userperm(username,types):
permessa = getpermsessage()
if permessa:
if types=='operate':#操作
GroupName=permessa.get('operagroup', "None")
try:
with ldap3RESTARTABLE as conn:
conn.search(
search_base=ladp3search_base,
search_filter="(&(objectCategory=group)(sAMAccountName=" + GroupName + "))",
search_scope='SUBTREE',
)
result_logongroup = conn.result
response_logongroup = conn.response
logongroup_dn = response_logongroup[0].get('dn', '')
if logongroup_dn:
conn.search(search_base=ladp3search_base,
search_filter="(&(objectCategory=person)(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s)(sAMAccountName=%s))" % (logongroup_dn, username),)
result_user = conn.result
response_user = conn.response
logonuser_dn = response_user[0].get('dn', '')
if logonuser_dn:
result = {'isSuccess': True, 'message': '正常用户'}
else:
result = {'isSuccess': False, 'message': '权限不足'}
else:
result = {'isSuccess': False, 'message': '未查询到组信息'}
except Exception as e:
result = {'isSuccess': False, "message": str(e)}
return result
elif types=='changepwd':#改密码
GroupName = permessa.get('changepwdgroup', "None")
try:
with ldap3RESTARTABLE as conn:
CountName = repeace(username)
conn.search(
search_base=ladp3search_base,
# search_filter="(&(objectCategory=group)(sAMAccountName="+GroupName+"))",
search_filter="(&(objectCategory=group)(sAMAccountName=" + GroupName + "))",
search_scope='SUBTREE',
attributes=['distinguishedName', 'sAMAccountName'],
)
result_id = conn.result
response_id = conn.response
if result_id['result'] == 0:
message = response_id[0].get('attributes', '')
distinguishedName = message['distinguishedName']
if message:
conn.search(search_base=ladp3search_base,
search_filter="(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s))" % distinguishedName,
attributes=['sAMAccountName'])
resultdn_id = conn.result
responsedn_id = conn.response
uservalue = []
if resultdn_id['result'] == 0:
for i in responsedn_id:
if i.get('attributes', ''):
uservalue.append(i.get('attributes').get('sAMAccountName'))
if username in uservalue:
result = {'isSuccess': True, 'message': '正常用户'}
else:
GroupName = permessa.get('operagroup', "None")
conn.search(
search_base=ladp3search_base,
# search_filter="(&(objectCategory=group)(sAMAccountName="+GroupName+"))",
search_filter="(&(objectCategory=group)(sAMAccountName=" + GroupName + "))",
search_scope='SUBTREE',
attributes=['distinguishedName', 'sAMAccountName'],
)
result_id = conn.result
response_id = conn.response
if result_id['result'] == 0:
message = response_id[0].get('attributes', '')
distinguishedName = message['distinguishedName']
if message:
conn.search(search_base=ladp3search_base,
search_filter="(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s))" % distinguishedName,
attributes=['sAMAccountName'])
resultdn_id = conn.result
responsedn_id = conn.response
uservalue = []
if resultdn_id['result'] == 0:
for i in responsedn_id:
if i.get('attributes', ''):
uservalue.append(i.get('attributes').get('sAMAccountName'))
if username in uservalue:
result = {'isSuccess': True, 'message': '正常用户'}
else:
result = {'isSuccess': False, 'message': '权限不足'}
else:
result = {'isSuccess': False, 'message': '未查询到信息'}
else:
result = {'isSuccess': False, 'message': '未查询到组信息'}
else:
result = {'isSuccess': False, "message": result_id}
else:
result = {'isSuccess': False, 'message': '未查询到信息'}
else:
result = {'isSuccess': False, 'message': '未查询到组信息'}
else:
result = {'isSuccess': False, "message": result_id}
except Exception as e:
result = {'isSuccess': False, "message": str(e)}
return result
elif types=='changelw':#改栏位
GroupName = permessa.get('fieldgroup', "None")
try:
with ldap3RESTARTABLE as conn:
conn.search(
search_base=ladp3search_base,
# search_filter="(&(objectCategory=group)(sAMAccountName="+GroupName+"))",
search_filter="(&(objectCategory=group)(sAMAccountName=" + GroupName + "))",
search_scope='SUBTREE',
attributes=['distinguishedName', 'sAMAccountName'],
)
result_id = conn.result
response_id = conn.response
if result_id['result'] == 0:
message = response_id[0].get('attributes', '')
distinguishedName = message['distinguishedName']
if message:
conn.search(search_base=ladp3search_base,
search_filter="(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s))" % distinguishedName,
attributes=['sAMAccountName'])
resultdn_id = conn.result
responsedn_id = conn.response
uservalue = []
if resultdn_id['result'] == 0:
for i in responsedn_id:
if i.get('attributes', ''):
uservalue.append(i.get('attributes').get('sAMAccountName'))
if username in uservalue:
result = {'isSuccess': True, 'message': '正常用户'}
else:
GroupName = permessa.get('operagroup', "None")
conn.search(
search_base=ladp3search_base,
# search_filter="(&(objectCategory=group)(sAMAccountName="+GroupName+"))",
search_filter="(&(objectCategory=group)(sAMAccountName=" + GroupName + "))",
search_scope='SUBTREE',
attributes=['distinguishedName', 'sAMAccountName'],
)
result_id = conn.result
response_id = conn.response
if result_id['result'] == 0:
message = response_id[0].get('attributes', '')
distinguishedName = message['distinguishedName']
if message:
conn.search(search_base=ladp3search_base,
search_filter="(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s))" % distinguishedName,
attributes=['sAMAccountName'])
resultdn_id = conn.result
responsedn_id = conn.response
uservalue = []
if resultdn_id['result'] == 0:
for i in responsedn_id:
if i.get('attributes', ''):
uservalue.append(i.get('attributes').get('sAMAccountName'))
if username in uservalue:
result = {'isSuccess': True, 'message': '正常用户'}
else:
result = {'isSuccess': False, 'message': '权限不足'}
else:
result = {'isSuccess': False, 'message': '未查询到信息'}
else:
result = {'isSuccess': False, 'message': '未查询到组信息'}
else:
result = {'isSuccess': False, "message": result_id}
else:
result = {'isSuccess': False, 'message': '未查询到信息'}
else:
result = {'isSuccess': False, 'message': '未查询到组信息'}
else:
result = {'isSuccess': False, "message": result_id}
except Exception as e:
result = {'isSuccess': False, "message": str(e)}
return result
else:
result = {'isSuccess': False, "message": '权限组未配置'}
return result