def add_host(handler, args): """ 添加一个远程主机 """ db = get_db() _time_now = tp_timestamp_utc_now() # 1. 判断此主机是否已经存在了 if len(args['router_ip']) > 0: sql = 'SELECT id FROM {}host WHERE ip="{}" OR (router_ip="{}" AND router_port={});'.format(db.table_prefix, args['ip'], args['router_ip'], args['router_port']) else: sql = 'SELECT id FROM {}host WHERE ip="{}";'.format(db.table_prefix, args['ip']) db_ret = db.query(sql) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 sql = 'INSERT INTO `{}host` (`type`, `os_type`, `name`, `ip`, `router_ip`, `router_port`, `state`, `creator_id`, `create_time`, `cid`, `desc`) VALUES ' \ '(1, {os_type}, "{name}", "{ip}", "{router_ip}", {router_port}, {state}, {creator_id}, {create_time}, "{cid}", "{desc}");' \ ''.format(db.table_prefix, os_type=args['os_type'], name=args['name'], ip=args['ip'], router_ip=args['router_ip'], router_port=args['router_port'], state=TP_STATE_NORMAL, creator_id=handler.get_current_user()['id'], create_time=_time_now, cid=args['cid'], desc=args['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() h_name = args['ip'] if len(args['router_ip']) > 0: h_name += '(由{}:{}路由)'.format(args['router_ip'], args['router_port']) syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "创建主机:{}".format(h_name)) tp_stats().host_counter_change(1) return TPE_OK, _id
def create_users(handler, user_list, success, failed): """ 批量创建用户 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() name_list = list() s = SQL(db) for i in range(len(user_list)): user = user_list[i] if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query() if err != TPE_OK: failed.append({'line': user['_line'], 'error': '数据库查询失败'}) if len(s.recorder) > 0: failed.append({'line': user['_line'], 'error': '账号 `{}` 已经存在'.format(user['username'])}) continue if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, ' \ '`state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \ ') VALUES (' \ '0, "{username}", "{surname}", {user_type}, "{ldap_dn}", 0, "{password}", ' \ '{state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'}) continue success.append(user['username']) name_list.append(user['username']) user['_id'] = db.last_insert_id() if len(name_list) > 0: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "批量导入方式创建用户:{}".format(','.join(name_list))) # tp_stats().user_counter_change(len(name_list)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt)
def _session_end(self, param): if 'rid' not in param or 'code' not in param: return self.write_json(TPE_PARAM, message='invalid request.') if not record.session_end(param['rid'], param['code']): return self.write_json(TPE_DATABASE, 'can not write database.') else: tp_stats().conn_counter_change(-1) return self.write_json(TPE_OK)
def add_account(handler, host_id, args): """ 添加一个远程账号 """ db = get_db() _time_now = tp_timestamp_sec() operator = handler.get_current_user() # 1. 判断是否已经存在了 sql = 'SELECT `id` FROM `{tp}acc` WHERE `host_id`={ph} AND `protocol_port`={ph} AND `username`={ph} AND `auth_type`={ph};'.format( tp=db.table_prefix, ph=db.place_holder) db_ret = db.query( sql, (host_id, args['protocol_port'], args['username'], args['auth_type'])) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 sql_s = 'INSERT INTO `{tp}acc` (`host_id`,`host_ip`,`router_ip`,`router_port`,`protocol_type`,`protocol_port`,' \ '`state`,`auth_type`,`username`,`username_prompt`,`password_prompt`,`password`,`pri_key`,`creator_id`,`create_time`) VALUES ' \ '({ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph});' \ ''.format(tp=db.table_prefix, ph=db.place_holder) sql_v = (host_id, args['host_ip'], args['router_ip'], args['router_port'], args['protocol_type'], args['protocol_port'], TP_STATE_NORMAL, args['auth_type'], args['username'], args['username_prompt'], args['password_prompt'], args['password'], args['pri_key'], operator['id'], _time_now) # sql = 'INSERT INTO `{}acc` (host_id, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \ # '({host_id}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \ # ''.format(db.table_prefix, # host_id=host_id, # protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL, # auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'], # creator_id=operator['id'], create_time=_time_now) db_ret = db.exec(sql_s, sql_v) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() acc_name = '{}@{}'.format(args['username'], args['host_ip']) if len(args['router_ip']) > 0: acc_name += '(由{}:{}路由)'.format(args['router_ip'], args['router_port']) syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建账号:{}".format(acc_name)) # 更新主机相关账号数量 sql = 'UPDATE `{tp}host` SET `acc_count`=`acc_count`+1 WHERE `id`={ph};' \ ''.format(tp=db.table_prefix, ph=db.place_holder) db.exec(sql, (host_id, )) # if not db_ret: # return TPE_DATABASE, 0 tp_stats().acc_counter_change(1) return TPE_OK, _id
def remove_users(handler, users): db = get_db() s = SQL(db) str_users = ','.join([str(i) for i in users]) # 1. 获取用户名称,用于记录系统日志 where = 'u.id IN ({})'.format(str_users) err = s.select_from('user', ['username'], alt_name='u').where(where).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS str_names = ','.join([n['username'] for n in s.recorder]) sql_list = [] # 将用户从所在组中移除 sql = 'DELETE FROM `{tpdp}group_map` WHERE type={t} AND mid IN ({ids});' \ ''.format(tpdp=db.table_prefix, t=TP_GROUP_USER, ids=str_users) sql_list.append(sql) # 删除用户 sql = 'DELETE FROM `{tpdp}user` WHERE id IN ({ids});'.format( tpdp=db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从运维授权中移除 sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE u_id IN ({ids});'.format( db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从审计授权中移除 sql = 'DELETE FROM `{}audit_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}audit_map` WHERE u_id IN ({ids});'.format( db.table_prefix, ids=str_users) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除用户:{}".format(str_names)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK
def create_user(handler, user): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_sec() operator = handler.get_current_user() if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(user['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # _password = tp_password_generate_secret(user['password']) if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \ '`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `valid_from`, `valid_to`, `desc`' \ ') VALUES (' \ '{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \ '"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, {valid_from}, '\ '{valid_to}, "{desc}");' \ ''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, valid_from=user['valid_from'], valid_to=user['valid_to'], desc=user['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(user['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def add_account(handler, host_id, args): """ 添加一个远程账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() # 1. 判断是否已经存在了 sql = 'SELECT id FROM {}acc WHERE host_id={} AND protocol_port={} AND username="******" AND auth_type={};'.format( db.table_prefix, host_id, args['protocol_port'], args['username'], args['auth_type']) db_ret = db.query(sql) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 sql = 'INSERT INTO `{}acc` (host_id, host_ip, router_ip, router_port, protocol_type, protocol_port, state, auth_type, username, username_prompt, password_prompt, password, pri_key, creator_id, create_time) VALUES ' \ '({host_id}, "{host_ip}", "{router_ip}", {router_port}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{username_prompt}", "{password_prompt}", "{password}", "{pri_key}", {creator_id}, {create_time});' \ ''.format(db.table_prefix, host_id=host_id, host_ip=args['host_ip'], router_ip=args['router_ip'], router_port=args['router_port'], protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL, auth_type=args['auth_type'], username=args['username'], username_prompt=args['username_prompt'], password_prompt=args['password_prompt'], password=args['password'], pri_key=args['pri_key'], creator_id=operator['id'], create_time=_time_now) # sql = 'INSERT INTO `{}acc` (host_id, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \ # '({host_id}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \ # ''.format(db.table_prefix, # host_id=host_id, # protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL, # auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'], # creator_id=operator['id'], create_time=_time_now) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() acc_name = '{}@{}'.format(args['username'], args['host_ip']) if len(args['router_ip']) > 0: acc_name += '(由{}:{}路由)'.format(args['router_ip'], args['router_port']) syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建账号:{}".format(acc_name)) # 更新主机相关账号数量 sql = 'UPDATE `{}host` SET acc_count=acc_count+1 WHERE id={host_id};' \ ''.format(db.table_prefix, host_id=host_id) db_ret = db.exec(sql) # if not db_ret: # return TPE_DATABASE, 0 tp_stats().acc_counter_change(1) return TPE_OK, _id
def create_users(handler, user_list, success, failed): """ 批量创建用户 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() name_list = list() s = SQL(db) for i in range(len(user_list)): user = user_list[i] err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(user['username'])).query() if err != TPE_OK: failed.append({'line': user['_line'], 'error': '数据库查询失败'}) if len(s.recorder) > 0: failed.append({ 'line': user['_line'], 'error': '账号 `{}` 已经存在'.format(user['username']) }) continue _password = tp_password_generate_secret(user['password']) sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \ '(1, 0, "{password}", "{username}", "{surname}", 0, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, username=user['username'], surname=user['surname'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=0, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'}) continue success.append(user['username']) name_list.append(user['username']) user['_id'] = db.last_insert_id() if len(name_list) > 0: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "批量导入方式创建用户:{}".format(','.join(name_list))) # tp_stats().user_counter_change(len(name_list)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt)
def create_user(handler, user): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # _password = tp_password_generate_secret(user['password']) if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \ '`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \ ') VALUES (' \ '{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \ '"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(user['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def add_account(handler, host_id, args): """ 添加一个远程账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() # 1. 判断是否已经存在了 sql = 'SELECT id FROM {}acc WHERE host_id={} AND protocol_port={} AND username="******" AND auth_type={};'.format(db.table_prefix, host_id, args['protocol_port'], args['username'], args['auth_type']) db_ret = db.query(sql) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 sql = 'INSERT INTO `{}acc` (host_id, host_ip, router_ip, router_port, protocol_type, protocol_port, state, auth_type, username, username_prompt, password_prompt, password, pri_key, creator_id, create_time) VALUES ' \ '({host_id}, "{host_ip}", "{router_ip}", {router_port}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{username_prompt}", "{password_prompt}", "{password}", "{pri_key}", {creator_id}, {create_time});' \ ''.format(db.table_prefix, host_id=host_id, host_ip=args['host_ip'], router_ip=args['router_ip'], router_port=args['router_port'], protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL, auth_type=args['auth_type'], username=args['username'], username_prompt=args['username_prompt'], password_prompt=args['password_prompt'], password=args['password'], pri_key=args['pri_key'], creator_id=operator['id'], create_time=_time_now) # sql = 'INSERT INTO `{}acc` (host_id, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \ # '({host_id}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \ # ''.format(db.table_prefix, # host_id=host_id, # protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL, # auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'], # creator_id=operator['id'], create_time=_time_now) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() acc_name = '{}@{}'.format(args['username'], args['host_ip']) if len(args['router_ip']) > 0: acc_name += '(由{}:{}路由)'.format(args['router_ip'], args['router_port']) syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建账号:{}".format(acc_name)) # 更新主机相关账号数量 sql = 'UPDATE `{}host` SET acc_count=acc_count+1 WHERE id={host_id};' \ ''.format(db.table_prefix, host_id=host_id) db_ret = db.exec(sql) # if not db_ret: # return TPE_DATABASE, 0 tp_stats().acc_counter_change(1) return TPE_OK, _id
def remove_users(handler, users): db = get_db() s = SQL(db) str_users = ','.join([str(i) for i in users]) # 1. 获取用户名称,用于记录系统日志 where = 'u.id IN ({})'.format(str_users) err = s.select_from('user', ['username'], alt_name='u').where(where).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS str_names = ','.join([n['username'] for n in s.recorder]) sql_list = [] # 将用户从所在组中移除 sql = 'DELETE FROM `{tpdp}group_map` WHERE type={t} AND mid IN ({ids});' \ ''.format(tpdp=db.table_prefix, t=TP_GROUP_USER, ids=str_users) sql_list.append(sql) # 删除用户 sql = 'DELETE FROM `{tpdp}user` WHERE id IN ({ids});'.format(tpdp=db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从运维授权中移除 sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE u_id IN ({ids});'.format(db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从审计授权中移除 sql = 'DELETE FROM `{}audit_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}audit_map` WHERE u_id IN ({ids});'.format(db.table_prefix, ids=str_users) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除用户:{}".format(str_names)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK
def add_host(handler, args): """ 添加一个远程主机 """ db = get_db() _tp = db.table_prefix _ph = db.place_holder _time_now = tp_timestamp_sec() # 1. 判断此主机是否已经存在了 if len(args['router_ip']) > 0: sql_s = 'SELECT `id` FROM `{tp}host` WHERE `ip`={ph} OR (`router_ip`={ph} AND `router_port`={ph});'.format(tp=_tp, ph=_ph) sql_v = (args['ip'], args['router_ip'], args['router_port']) else: sql_s = 'SELECT `id` FROM `{tp}host` WHERE `ip`={ph};'.format(tp=_tp, ph=_ph) sql_v = (args['ip'], ) db_ret = db.query(sql_s, sql_v) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 sql_s = 'INSERT INTO `{tp}host` (`type`,`os_type`,`name`,`ip`,`router_ip`,`router_port`,`state`,`creator_id`,`create_time`,`cid`,`desc`) VALUES ' \ '({ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph});' \ ''.format(tp=_tp, ph=_ph) sql_v = (1, args['os_type'], args['name'], args['ip'], args['router_ip'], args['router_port'], TP_STATE_NORMAL, handler.get_current_user()['id'], _time_now, args['cid'], args['desc']) db_ret = db.exec(sql_s, sql_v) if not db_ret: return TPE_DATABASE, 0 if len(args['router_ip']) > 0: app.base.host_alive.tp_host_alive().add_host(args['router_ip'], check_now=True) else: app.base.host_alive.tp_host_alive().add_host(args['ip'], check_now=True) _id = db.last_insert_id() h_name = args['ip'] if len(args['router_ip']) > 0: h_name += '(由{}:{}路由)'.format(args['router_ip'], args['router_port']) syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "创建主机:{}".format(h_name)) tp_stats().host_counter_change(1) return TPE_OK, _id
def create_user(handler, args): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(args['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 _password = tp_password_generate_secret(args['password']) sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \ '(1, {auth_type}, "{password}", "{username}", "{surname}", {role}, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, auth_type=args['auth_type'], password=_password, username=args['username'], surname=args['surname'], role=args['role'], state=TP_STATE_NORMAL, email=args['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=0, desc=args['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(args['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def add_host(handler, args): """ 添加一个远程主机 """ db = get_db() _time_now = tp_timestamp_utc_now() # 1. 判断此主机是否已经存在了 if len(args['router_ip']) > 0: sql = 'SELECT id FROM {}host WHERE ip="{}" OR (router_ip="{}" AND router_port={});'.format( db.table_prefix, args['ip'], args['router_ip'], args['router_port']) else: sql = 'SELECT id FROM {}host WHERE ip="{}";'.format( db.table_prefix, args['ip']) db_ret = db.query(sql) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 sql = 'INSERT INTO `{}host` (`type`, `os_type`, `name`, `ip`, `router_ip`, `router_port`, `state`, `creator_id`, `create_time`, `cid`, `desc`) VALUES ' \ '(1, {os_type}, "{name}", "{ip}", "{router_ip}", {router_port}, {state}, {creator_id}, {create_time}, "{cid}", "{desc}");' \ ''.format(db.table_prefix, os_type=args['os_type'], name=args['name'], ip=args['ip'], router_ip=args['router_ip'], router_port=args['router_port'], state=TP_STATE_NORMAL, creator_id=handler.get_current_user()['id'], create_time=_time_now, cid=args['cid'], desc=args['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() h_name = args['ip'] if len(args['router_ip']) > 0: h_name += '(由{}:{}路由)'.format(args['router_ip'], args['router_port']) syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "创建主机:{}".format(h_name)) tp_stats().host_counter_change(1) return TPE_OK, _id
def _session_begin(self, param): try: _sid = param['sid'] _user_id = param['user_id'] _host_id = param['host_id'] _account_id = param['acc_id'] _user_name = param['user_username'] _acc_name = param['acc_username'] _host_ip = param['host_ip'] _conn_ip = param['conn_ip'] _conn_port = param['conn_port'] _client_ip = param['client_ip'] _auth_type = param['auth_type'] _protocol_type = param['protocol_type'] _protocol_sub_type = param['protocol_sub_type'] except IndexError: return self.write_json(TPE_PARAM) err, record_id = record.session_begin(_sid, _user_id, _host_id, _account_id, _user_name, _acc_name, _host_ip, _conn_ip, _conn_port, _client_ip, _auth_type, _protocol_type, _protocol_sub_type) if err != TPE_OK: return self.write_json(err, message='can not write database.') else: tp_stats().conn_counter_change(1) return self.write_json(TPE_OK, data={'rid': record_id})
def run(self): log.i('\n') log.i('###############################################################\n') log.i('Load config file: {}\n'.format(self._cfg_file)) log.i('Teleport Web Server starting ...\n') tp_cron().init() # 尝试通过CORE-JSON-RPC获取core服务的配置(主要是ssh/rdp/telnet的端口以及录像文件存放路径) self._get_core_server_config() _db = get_db() if not _db.init(): log.e('can not initialize database interface.\n') return 0 _db.connect() while not _db.connected: log.w('database not connected, retry after 5 seconds.\n') time.sleep(5) _db.connect() cfg = tp_cfg() _db.check_status() if _db.need_create or _db.need_upgrade: cfg.app_mode = APP_MODE_MAINTENANCE tp_cfg().update_sys(None) else: cfg.app_mode = APP_MODE_NORMAL _db.load_system_config() try: # 将运行时配置发送给核心服务 req = {'method': 'set_config', 'param': {'noop_timeout': tp_cfg().sys.session.noop_timeout}} req_data = json.dumps(req) data = urllib.parse.quote(req_data).encode('utf-8') req = urllib.request.Request(url=cfg.common.core_server_rpc, data=data) rep = urllib.request.urlopen(req, timeout=3) body = rep.read().decode() x = json.loads(body) if 'code' not in x or x['code'] != 0: print(x) log.e('connect core-server for set runtime-config failed.\n') else: log.d('set runtime-config for core-server succeeded.\n') except: log.w('can not connect to core-server to set runtime-config, maybe it not start yet, ignore.\n') if not tp_session().init(): log.e('can not initialize session manager.\n') return 0 if not tp_stats().init(): log.e('can not initialize system status collector.\n') return 0 settings = { # 'cookie_secret': '8946svdABGD345fg98uhIaefEBePIfegOIakjFH43oETzK', 'login_url': '/auth/login', # 指定静态文件的路径,页面模板中可以用 {{ static_url('css/main.css') }} 的方式调用 'static_path': cfg.static_path, # 指定模板文件的路径 'template_path': cfg.template_path, # 防止跨站伪造请求,参见 http://old.sebug.net/paper/books/tornado/#_7 'xsrf_cookies': False, 'autoescape': 'xhtml_escape', # 'ui_modules': ui_modules, 'debug': False, # 不开启模板和静态文件的缓存,这样一旦模板文件和静态文件变化,刷新浏览器即可看到更新。 'compiled_template_cache': False, 'static_hash_cache': False, } from app.controller import controllers, fix_controller fix_controller() _app = tornado.web.Application(controllers, **settings) server = tornado.httpserver.HTTPServer(_app, xheaders=True) # server = tornado.httpserver.HTTPServer(_app, ssl_options={ # "certfile": os.path.join(cfg.data_path, 'cert', "server.pem"), # "keyfile": os.path.join(cfg.data_path, 'cert', "server.key"), # }) try: server.listen(cfg.common.port, address=cfg.common.ip) if cfg.common.ip == '0.0.0.0': log.i('works on [http://127.0.0.1:{}]\n'.format(cfg.common.port)) else: log.i('works on [http://{}:{}]\n'.format(cfg.common.ip, cfg.common.port)) except: log.e('can not listen on port {}:{}, make sure it not been used by another application.\n'.format(cfg.common.ip, cfg.common.port)) return 0 # 启动定时任务调度器 tp_cron().start() try: tornado.ioloop.IOLoop.instance().start() except: log.e('\n') tp_cron().stop() return 0
def remove_hosts(handler, hosts): db = get_db() host_ids = ','.join([str(i) for i in hosts]) sql_list = [] # step 1. 处理主机对应的账号 # 1.1 获取账号列表 s = SQL(db) s.select_from('acc', ['id', 'host_ip', 'router_ip', 'router_port', 'username'], alt_name='a') s.where('a.host_id IN ({})'.format(host_ids)) err = s.query() if err != TPE_OK: return err accs = [] acc_names = [] for acc in s.recorder: if str(acc['id']) not in accs: accs.append(str(acc['id'])) acc_name = '{}@{}'.format(acc['username'], acc['host_ip']) if len(acc['router_ip']) > 0: acc_name += '(由{}:{}路由)'.format(acc['router_ip'], acc['router_port']) if acc_name not in acc_names: acc_names.append(acc_name) acc_ids = ','.join([i for i in accs]) if len(accs) > 0: # 1.2 将账号从所在组中移除 where = 'mid IN ({})'.format(acc_ids) sql = 'DELETE FROM `{}group_map` WHERE (type={} AND {});'.format(db.table_prefix, TP_GROUP_ACCOUNT, where) sql_list.append(sql) # if not db.exec(sql): # return TPE_DATABASE # 1.3 将账号删除 where = 'id IN ({})'.format(acc_ids) sql = 'DELETE FROM `{}acc` WHERE {};'.format(db.table_prefix, where) sql_list.append(sql) # if not db.exec(sql): # return TPE_DATABASE sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format(db.table_prefix, rtype=TP_ACCOUNT, rid=acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE a_id IN ({acc_ids});'.format(db.table_prefix, acc_ids=acc_ids) sql_list.append(sql) # step 2. 处理主机 s = SQL(db) s.select_from('host', ['ip', 'router_ip', 'router_port'], alt_name='h') s.where('h.id IN ({})'.format(host_ids)) err = s.query() if err != TPE_OK: return err host_names = [] for h in s.recorder: h_name = h['ip'] if len(h['router_ip']) > 0: h_name += '(由{}:{}路由)'.format(h['router_ip'], h['router_port']) if h_name not in host_names: host_names.append(h_name) # 2.1 将主机从所在组中移除 where = 'mid IN ({})'.format(host_ids) sql = 'DELETE FROM `{}group_map` WHERE (type={} AND {});'.format(db.table_prefix, TP_GROUP_HOST, where) sql_list.append(sql) # 2.2 将主机删除 where = 'id IN ({})'.format(host_ids) sql = 'DELETE FROM `{}host` WHERE {};'.format(db.table_prefix, where) sql_list.append(sql) sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format(db.table_prefix, rtype=TP_HOST, rid=host_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE h_id IN ({host_ids});'.format(db.table_prefix, host_ids=host_ids) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE if len(acc_names) > 0: syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除账号:{}".format(','.join(acc_names))) tp_stats().acc_counter_change(0 - len(acc_names)) if len(host_names) > 0: syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除主机:{}".format(','.join(host_names))) tp_stats().host_counter_change(0 - len(host_names)) return TPE_OK
def _run_loop(self): ext_srv_cfg = tp_ext_srv_cfg() if not ext_srv_cfg.init(): return 0 log.i('Teleport Web Server starting ...\n') tp_cron().init() # 尝试通过CORE-JSON-RPC获取core服务的配置(主要是ssh/rdp/telnet的端口以及录像文件存放路径) self._get_core_server_config() _db = get_db() if not _db.init(): log.e('can not initialize database interface.\n') return 0 _db.connect() while not _db.connected: log.w('database not connected, retry after 5 seconds.\n') time.sleep(5) _db.connect() cfg = tp_cfg() _db.check_status() if _db.need_create or _db.need_upgrade: cfg.app_mode = APP_MODE_MAINTENANCE tp_cfg().update_sys(None) else: cfg.app_mode = APP_MODE_NORMAL _db.load_system_config() try: # 将运行时配置发送给核心服务 req = {'method': 'set_config', 'param': {'noop_timeout': tp_cfg().sys.session.noop_timeout}} req_data = json.dumps(req) data = urllib.parse.quote(req_data).encode('utf-8') req = urllib.request.Request(url=cfg.common.core_server_rpc, data=data) rep = urllib.request.urlopen(req, timeout=3) body = rep.read().decode() x = json.loads(body) if 'code' not in x or x['code'] != 0: print(x) log.e('connect core-server for set runtime-config failed.\n') else: log.d('set runtime-config for core-server succeeded.\n') except: log.w('can not connect to core-server to set runtime-config, maybe it not start yet, ignore.\n') if not tp_session().init(): log.e('can not initialize session manager.\n') return 0 if not tp_stats().init(): log.e('can not initialize system status collector.\n') return 0 if cfg.common.check_host_alive: if not tp_host_alive().init(): log.e('can not initialize host state inspector.\n') return 0 settings = { # 'cookie_secret': '8946svdABGD345fg98uhIaefEBePIfegOIakjFH43oETzK', 'login_url': '/auth/login', # 指定静态文件的路径,页面模板中可以用 {{ static_url('css/main.css') }} 的方式调用 'static_path': cfg.static_path, # 指定模板文件的路径 'template_path': cfg.template_path, # 防止跨站伪造请求,参见 http://old.sebug.net/paper/books/tornado/#_7 'xsrf_cookies': False, 'autoescape': 'xhtml_escape', # 'ui_modules': ui_modules, 'debug': False, # 不开启模板和静态文件的缓存,这样一旦模板文件和静态文件变化,刷新浏览器即可看到更新。 'compiled_template_cache': False, 'static_hash_cache': False, } from app.controller import controllers, fix_controller fix_controller() _app = tornado.web.Application(controllers, **settings) server = tornado.httpserver.HTTPServer(_app, xheaders=True) # server = tornado.httpserver.HTTPServer(_app, xheaders=True, ssl_options={ # "certfile": os.path.join(cfg.data_path, 'cert', "server.pem"), # "keyfile": os.path.join(cfg.data_path, 'cert', "server.key"), # }) try: server.listen(cfg.common.port, address=cfg.common.ip) if cfg.common.ip == '0.0.0.0': log.i('works on [http://127.0.0.1:{}]\n'.format(cfg.common.port)) else: log.i('works on [http://{}:{}]\n'.format(cfg.common.ip, cfg.common.port)) except: log.e('can not listen on port {}:{}, make sure it not been used by another application.\n'.format(cfg.common.ip, cfg.common.port)) return 0 # 启动定时任务调度器 tp_cron().start() try: tornado.ioloop.IOLoop.instance().start() except: log.e('\n') if tp_cfg().common.check_host_alive: tp_host_alive().stop() tp_cron().stop() return 0
def remove_accounts(handler, host_id, acc_ids): """ 删除远程账号 """ db = get_db() acc_count = len(acc_ids) acc_ids = ','.join([str(uid) for uid in acc_ids]) s = SQL(db) # 1. 判断是否存在 s.select_from('host', ['name', 'ip', 'router_ip', 'router_port', 'acc_count'], alt_name='a') s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS _h_name = s.recorder[0].name _h_ip = s.recorder[0].ip _h_router_ip = s.recorder[0].router_ip _h_router_port = s.recorder[0].router_port s.reset().select_from('acc', ['username'], alt_name='a') s.where('a.host_id={h_id} AND a.id IN ({ids}) '.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS acc_names = [] for a in s.recorder: acc_name = '{}@{}'.format(a.username, _h_ip) if len(_h_router_ip) > 0: acc_name += '(由{}:{}路由)'.format(_h_router_ip, _h_router_port) acc_names.append(acc_name) sql_list = [] sql = 'DELETE FROM `{}acc` WHERE host_id={} AND id IN ({});'.format(db.table_prefix, host_id, acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}group_map` WHERE type={} AND mid IN ({});'.format(db.table_prefix, TP_GROUP_ACCOUNT, acc_ids) sql_list.append(sql) # 更新主机相关账号数量 sql = 'UPDATE `{}host` SET acc_count=acc_count-{acc_count} WHERE id={host_id};'.format(db.table_prefix, acc_count=acc_count, host_id=host_id) sql_list.append(sql) sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format(db.table_prefix, rtype=TP_ACCOUNT, rid=acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE a_id IN ({acc_id});'.format(db.table_prefix, acc_id=acc_ids) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE # s.reset().select_from('host', ['acc_count'], alt_name='a') # s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) # err = s.query() # if err != TPE_OK: # return err # if len(s.recorder) == 0: # return TPE_NOT_EXISTS syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除账号:{}".format(','.join(acc_names))) tp_stats().acc_counter_change(-1) return TPE_OK
def remove_accounts(handler, host_id, acc_ids): """ 删除远程账号 """ db = get_db() acc_count = len(acc_ids) acc_ids = ','.join([str(uid) for uid in acc_ids]) s = SQL(db) # 1. 判断是否存在 s.select_from('host', ['name', 'ip', 'router_ip', 'router_port', 'acc_count'], alt_name='a') s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS _h_name = s.recorder[0].name _h_ip = s.recorder[0].ip _h_router_ip = s.recorder[0].router_ip _h_router_port = s.recorder[0].router_port s.reset().select_from('acc', ['username'], alt_name='a') s.where('a.host_id={h_id} AND a.id IN ({ids}) '.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS acc_names = [] for a in s.recorder: acc_name = '{}@{}'.format(a.username, _h_ip) if len(_h_router_ip) > 0: acc_name += '(由{}:{}路由)'.format(_h_router_ip, _h_router_port) acc_names.append(acc_name) sql_list = [] sql = 'DELETE FROM `{}acc` WHERE host_id={} AND id IN ({});'.format( db.table_prefix, host_id, acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}group_map` WHERE type={} AND mid IN ({});'.format( db.table_prefix, TP_GROUP_ACCOUNT, acc_ids) sql_list.append(sql) # 更新主机相关账号数量 sql = 'UPDATE `{}host` SET acc_count=acc_count-{acc_count} WHERE id={host_id};'.format( db.table_prefix, acc_count=acc_count, host_id=host_id) sql_list.append(sql) sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format( db.table_prefix, rtype=TP_ACCOUNT, rid=acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE a_id IN ({acc_id});'.format( db.table_prefix, acc_id=acc_ids) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE # s.reset().select_from('host', ['acc_count'], alt_name='a') # s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) # err = s.query() # if err != TPE_OK: # return err # if len(s.recorder) == 0: # return TPE_NOT_EXISTS syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除账号:{}".format(','.join(acc_names))) tp_stats().acc_counter_change(-1) return TPE_OK
def remove_hosts(handler, hosts): db = get_db() host_ids = ','.join([str(i) for i in hosts]) sql_list = [] # step 1. 处理主机对应的账号 # 1.1 获取账号列表 s = SQL(db) s.select_from('acc', ['id', 'host_ip', 'router_ip', 'router_port', 'username'], alt_name='a') s.where('a.host_id IN ({})'.format(host_ids)) err = s.query() if err != TPE_OK: return err accs = [] acc_names = [] for acc in s.recorder: if str(acc['id']) not in accs: accs.append(str(acc['id'])) acc_name = '{}@{}'.format(acc['username'], acc['host_ip']) if len(acc['router_ip']) > 0: acc_name += '(由{}:{}路由)'.format(acc['router_ip'], acc['router_port']) if acc_name not in acc_names: acc_names.append(acc_name) acc_ids = ','.join([i for i in accs]) if len(accs) > 0: # 1.2 将账号从所在组中移除 where = 'mid IN ({})'.format(acc_ids) sql = 'DELETE FROM `{}group_map` WHERE (type={} AND {});'.format( db.table_prefix, TP_GROUP_ACCOUNT, where) sql_list.append(sql) # if not db.exec(sql): # return TPE_DATABASE # 1.3 将账号删除 where = 'id IN ({})'.format(acc_ids) sql = 'DELETE FROM `{}acc` WHERE {};'.format(db.table_prefix, where) sql_list.append(sql) # if not db.exec(sql): # return TPE_DATABASE sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format( db.table_prefix, rtype=TP_ACCOUNT, rid=acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE a_id IN ({acc_ids});'.format( db.table_prefix, acc_ids=acc_ids) sql_list.append(sql) # step 2. 处理主机 s = SQL(db) s.select_from('host', ['ip', 'router_ip', 'router_port'], alt_name='h') s.where('h.id IN ({})'.format(host_ids)) err = s.query() if err != TPE_OK: return err host_names = [] for h in s.recorder: h_name = h['ip'] if len(h['router_ip']) > 0: h_name += '(由{}:{}路由)'.format(h['router_ip'], h['router_port']) if h_name not in host_names: host_names.append(h_name) # 2.1 将主机从所在组中移除 where = 'mid IN ({})'.format(host_ids) sql = 'DELETE FROM `{}group_map` WHERE (type={} AND {});'.format( db.table_prefix, TP_GROUP_HOST, where) sql_list.append(sql) # 2.2 将主机删除 where = 'id IN ({})'.format(host_ids) sql = 'DELETE FROM `{}host` WHERE {};'.format(db.table_prefix, where) sql_list.append(sql) sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format( db.table_prefix, rtype=TP_HOST, rid=host_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE h_id IN ({host_ids});'.format( db.table_prefix, host_ids=host_ids) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE if len(acc_names) > 0: syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除账号:{}".format(','.join(acc_names))) tp_stats().acc_counter_change(0 - len(acc_names)) if len(host_names) > 0: syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除主机:{}".format(','.join(host_names))) tp_stats().host_counter_change(0 - len(host_names)) return TPE_OK