def user(): s = request.environ.get('beaker.session') username = s.get('username') oldpwd = request.forms.get("oldpwd") newpwd = request.forms.get("newpwd") newpwds = request.forms.get("newpwds") sql = " select passwd from user where username=%s " result = readDb(sql, (username, )) if result[0].get('passwd') != LoginCls().encode(keys, oldpwd): msg = {'color': 'red', 'message': u'旧密码验证失败,请重新输入'} return template('changepasswd', session=s, msg=msg, info={}) if newpwd != newpwds: msg = {'color': 'red', 'message': u'密码两次输入不一致,请重新输入'} return template('changepasswd', session=s, msg=msg, info={}) m_encrypt = LoginCls().encode(keys, newpwd) sql2 = " update user set passwd=%s where username=%s " result = writeDb(sql2, (m_encrypt, username)) if result == True: wrtlog('User', '更改密码成功', username, s.get('clientip')) writeVPNconf(action='uptuser') msg = {'color': 'green', 'message': u'密码更新成功,后续请以新密码登录系统'} return template('changepasswd', session=s, msg=msg, info={}) else: wrtlog('User', '更改密码失败', username, s.get('clientip')) msg = {'color': 'red', 'message': u'密码更新失败,请核对错误'} return template('changepasswd', session=s, msg=msg, info={})
def adduser(): s = request.environ.get('beaker.session') username = request.forms.get("username") passwd = request.forms.get("passwd") stopdate = request.forms.get("stopdate") policy = request.forms.get("policy") access = request.forms.get("access") comment = request.forms.get("comment") #把密码进行md5加密码处理后再保存到数据库中 m_encrypt = LoginCls().encode(keys, passwd) #检查表单长度 if len(username) < 4 or (len(passwd) > 0 and len(passwd) < 8): message = "用户名或密码长度不符要求!" return '-2' #检测表单各项值,如果出现为空的表单,则返回提示 if not (username and policy and access): message = "表单不允许为空!" return '-2' sql = """ INSERT INTO user(username,passwd,stopdate,policy,access,comment) VALUES(%s,%s,%s,%s,%s,%s) """ data = (username, m_encrypt, stopdate, policy, access, comment) result = writeDb(sql, data) if result: wrtlog('User', '新增用户成功:%s' % username, s['username'], s.get('clientip')) writeVPNconf(action='uptuser') return '0' else: wrtlog('User', '新增用户失败:%s' % username, s['username'], s.get('clientip')) return '-1'
def addclientconf(): """新增服务配置项""" s = request.environ.get('beaker.session') authtype = request.forms.get("authtype") idata=dict() if authtype == '0' : idata['cainfo'] = request.forms.get("cainfo").replace('\r\n','\n').strip() idata['certinfo'] = request.forms.get("certinfo").replace('\r\n','\n').strip() elif authtype == '1' : idata['vpnuser'] = request.forms.get("vpnuser") idata['vpnpass'] = request.forms.get("vpnpass") elif authtype == '2' : idata['service'] = 'off' else : msg = {'color':'green','message':u'验证类型错误,保存失败'} return template('addvpncltconfig',session=s,msg=msg,info={}) idata['authtype'] = request.forms.get("authtype") idata['ipaddr'] = request.forms.get("ipaddr") idata['servport'] = request.forms.get("servport") idata['tunid'] = 'tun1000' idata['chkconn'] = request.forms.get("chkconn") sql = " update sysattr set value=%s where attr='vpnclient' " iidata=json.dumps(idata) result = writeDb(sql,(iidata,)) if result == True : msg = {'color':'green','message':u'配置保存成功'} writeVPNconf(action='uptcltconf') cmds.servboot('vpnconn') writeUTMconf(action='uptconf') return template('addvpncltconfig',session=s,msg=msg,info=idata)
def do_addservconf(): """新增服务配置项""" s = request.environ.get('beaker.session') authtype = request.forms.get("authtype") ipaddr = request.forms.get("ipaddr") servport = request.forms.get("servport") virip = request.forms.get("virip") virmask = request.forms.get("virmask") maxclient = request.forms.get("maxclient") maxuser = request.forms.get("maxuser") authtimeout = request.forms.get("authtimeout") authnum = request.forms.get("authnum") locktime = request.forms.get("locktime") comp = request.forms.get("comp") cisco = request.forms.get("cisco") if netmod.checkip(virip) == False or netmod.checkmask(virmask) == False : msg = {'color':'red','message':u'虚拟地址填写不合法,保存失败'} return template('vpnservconf',session=s,msg=msg,info={}) sql = " INSERT INTO vpnservconf(servmode,authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco) values ('server',%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)" data = (authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco) result = writeDb(sql,data) if result == True : writeVPNconf(action='addconf') cmds.servboot('ocserv') writeUTMconf(action='uptconf') msg = {'color':'green','message':u'配置保存成功'} return template('vpnservconf',session=s,msg=msg,info={})
def editpolicy(id): """修改策略""" s = request.environ.get('beaker.session') name = request.forms.get("name") pushdns = request.forms.get("pushdns").replace('\r\n','\n').strip() pushroute = request.forms.get("pushroute").replace('\r\n','\n').strip() pushnoroute = request.forms.get("pushnoroute").replace('\r\n','\n').strip() allipmask = pushroute.split('\n')+pushnoroute.split('\n') # 内容检测 for ip in pushdns.split('\n') : if netmod.checkip(ip) == False and ip != '': msg = {'color':'red','message':u'DNS内容检测错误,更新失败'} return(template('policyconf',session=s,msg=msg,info={})) for ipmask in allipmask : if netmod.checkipmask(ipmask) == False and ipmask != '' : msg = {'color':'red','message':u'路由内容检测错误,更新失败'} return(template('policyconf',session=s,msg=msg,info={})) sql = "UPDATE vpnpolicy set name=%s,pushdns=%s,pushroute=%s,pushnoroute=%s where id=%s" data=(name,pushdns,pushroute,pushnoroute,id) result = writeDb(sql,data) if result == True: writeVPNconf(action='uptgroup') writeUTMconf(action='addconf') msg = {'color':'green','message':u'更新成功'} return(template('policyconf',session=s,msg=msg,info={})) else: msg = {'color':'red','message':u'更新失败'} return(template('policyconf',session=s,msg=msg,info={}))
def do_addpolicy(): """POST""" s = request.environ.get('beaker.session') name = request.forms.get("name") pushdns = request.forms.get("pushdns").replace('\r\n','\n').strip() pushroute = request.forms.get("pushroute").replace('\r\n','\n').strip() pushnoroute = request.forms.get("pushnoroute").replace('\r\n','\n').strip() allipmask = pushroute.split('\n')+pushnoroute.split('\n') for ip in pushdns.split('\n') : if netmod.checkip(ip) == False and ip != '': msg = {'color':'red','message':u'DNS内容检测错误,更新失败'} return(template('policyconf',session=s,msg=msg,info={})) for ipmask in allipmask : if netmod.checkipmask(ipmask) == False and ipmask != '': msg = {'color':'red','message':u'路由内容检测错误,更新失败'} return(template('policyconf',session=s,msg=msg,info={})) sql = "INSERT INTO vpnpolicy(name,pushdns,pushroute,pushnoroute) VALUES(%s,%s,%s,%s)" data=(name,pushdns,pushroute,pushnoroute) result = writeDb(sql,data) if result == True: writeVPNconf(action='uptgroup') writeUTMconf(action='addconf') msg = {'color':'green','message':u'添加成功'} return(template('policyconf',session=s,msg=msg,info={})) else: msg = {'color':'red','message':u'添加失败'} return(template('policyconf',session=s,msg=msg,info={}))
def addprofile(): s = request.environ.get('beaker.session') xmltext = request.forms.get("xmltext") if xmltext == '' : msg = {'color':'red','message':u'信息为空,保存失败'} return(template('addprofile',session=s,msg=msg,info={})) sql = " update sysattr set value=%s where attr='vpnprofile' " result = writeDb(sql,(xmltext,)) if result == True: writeVPNconf(action='uptprofile') msg = {'color':'green','message':u'Profile.xml保存成功'} sql = " select value from sysattr where attr='vpnprofile' " result = readDb(sql,) return(template('addprofile',session=s,msg=msg,info=result[0]))
def delpolicy(id): """删除策略""" s = request.environ.get('beaker.session') sql = "select username from user where policy=%s " chkdata = readDb(sql,(id,)) if len(chkdata) > 0 : msg = {'color':'red','message':u'删除失败,该策略已被关联无法删除'} return(template('policyconf',session=s,msg=msg,info={})) sql = "delete from vpnpolicy where id in (%s) " result = writeDb(sql,(id,)) if result: writeVPNconf(action='uptgroup') writeUTMconf(action='uptconf') msg = {'color':'green','message':u'删除成功'} return(template('policyconf',session=s,msg=msg,info={})) else: msg = {'color':'red','message':u'删除失败'} return(template('policyconf',session=s,msg=msg,info={}))
def deluser(): s = request.environ.get('beaker.session') id = request.forms.get('str').rstrip(',') if not id: return '-1' # 禁止删除ADMIN账户 if id == '1': return '-1' for i in id.split(','): if i == '1': return '-1' sql = "delete from user where id in (%s) " result = writeDb(sql, (i, )) if result: wrtlog('User', '删除用户成功', s['username'], s.get('clientip')) writeVPNconf(action='uptuser') return '0' else: wrtlog('User', '删除用户失败', s['username'], s.get('clientip')) return '-1'
def do_changeuser(id): s = request.environ.get('beaker.session') username = request.forms.get("username") passwd = request.forms.get("passwd") stopdate = request.forms.get("stopdate") policy = request.forms.get("policy") access = request.forms.get("access") comment = request.forms.get("comment") #把密码进行加密处理后再保存到数据库中 if not passwd: sql = "select passwd from user where id = %s" m_encrypt = readDb(sql, (id, ))[0].get('passwd') else: m_encrypt = LoginCls().encode(keys, passwd) # 判断用户表单跳转[弃用] #if int(access) == 0: # formaddr='user' #else : # formaddr='admin' #检查表单长度 if len(username) < 4 or (len(passwd) > 0 and len(passwd) < 8): return -1 if not (username and policy): return -2 sql = """ UPDATE user SET username=%s,passwd=%s,stopdate=%s,policy=%s,access=%s,comment=%s WHERE id=%s """ data = (username, m_encrypt, stopdate, int(policy), access, comment, id) result = writeDb(sql, data) if result == True: wrtlog('User', '更新用户成功:%s' % username, s['username'], s.get('clientip')) writeVPNconf(action='uptuser') return 0 else: wrtlog('User', '更新用户失败:%s' % username, s['username'], s.get('clientip')) return -1
def do_editvpnservconf(id): """修改提交服务配置项""" s = request.environ.get('beaker.session') authtype = request.forms.get("authtype") ipaddr = request.forms.get("ipaddr") servport = request.forms.get("servport") virip = request.forms.get("virip") virmask = request.forms.get("virmask") maxclient = request.forms.get("maxclient") maxuser = request.forms.get("maxuser") authtimeout = request.forms.get("authtimeout") authnum = request.forms.get("authnum") locktime = request.forms.get("locktime") comp = request.forms.get("comp") cisco = request.forms.get("cisco") if netmod.checkip(virip) == False or netmod.checkmask(virmask) == False : msg = {'color':'red','message':u'虚拟地址填写不合法,保存失败'} return template('vpnservconf',session=s,msg=msg,info={}) if servport.isdigit() == False or maxclient.isdigit() == False or maxuser.isdigit() == False or authtimeout.isdigit() == False or authnum.isdigit() == False or locktime.isdigit() == False: msg = {'color':'red','message':u'填写不合法,保存失败'} return template('vpnservconf',session=s,msg=msg,info={}) if int(servport) < 0 or int(servport) > 65535 : msg = {'color':'red','message':u'端口配置错误,保存失败'} return template('vpnservconf',session=s,msg=msg,info={}) if netmod.checkip(ipaddr) == True or ipaddr == '*' : True else: msg = {'color':'red','message':u'监听信息填写错误,保存失败'} return template('vpnservconf',session=s,msg=msg,info={}) sql = " UPDATE vpnservconf set authtype=%s,ipaddr=%s,servport=%s,virip=%s,virmask=%s,maxclient=%s,maxuser=%s,authtimeout=%s,authnum=%s,locktime=%s,comp=%s,cisco=%s WHERE id=%s" data = (authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco,id) result = writeDb(sql,data) if result == True : writeVPNconf(action='uptconf') cmds.servboot('ocserv') writeUTMconf(action='uptconf') return template('vpnservconf',session=s,info={},msg={})
def do_changeuser(id): s = request.environ.get('beaker.session') username = request.forms.get("username") passwd = request.forms.get("passwd") policy = request.forms.get("policy") access = request.forms.get("access") comment = request.forms.get("comment") #把密码进行加密处理后再保存到数据库中 if not passwd : sql = "select passwd from user where id = %s" m_encrypt = readDb(sql,(id,))[0].get('passwd') else: m_encrypt = LoginCls().encode(keys,passwd) # 判断用户表单跳转[弃用] #if int(access) == 0: # formaddr='user' #else : # formaddr='admin' #检查表单长度 if len(username) < 4 or (len(passwd) > 0 and len(passwd) < 8) : return -1 if not (username and policy): return -2 sql = """ UPDATE user SET username=%s,passwd=%s,policy=%s,access=%s,comment=%s WHERE id=%s """ data = (username,m_encrypt,int(policy),access,comment,id) result = writeDb(sql,data) if result == True: wrtlog('User','更新用户成功:%s' % username,s['username'],s.get('clientip')) writeVPNconf(action='uptuser') return 0 else: wrtlog('User','更新用户失败:%s' % username,s['username'],s.get('clientip')) return -1