def wrapper(*args, **kwargs):
url = login_url
if url is None:
endpoint = app.config['JUMPSERVER_ENDPOINT']
url = endpoint.rstrip('/') + '/users/login?next=' + request.url
session_id = request.cookies.get('sessionid', '')
csrf_token = request.cookies.get('csrftoken', '')
if '' in [session_id, csrf_token]:
return redirect(url)
g.user_service = UserService(
endpoint=app.config['JUMPSERVER_ENDPOINT'])
g.user_service.auth_from_session(session_id, csrf_token)
user = g.user_service.is_authenticated()
if user:
g.user = user
assets = g.user_service.get_my_assets()
assets_dict = dict()
for asset in assets:
assets_dict[asset['id']] = asset
g.assets = assets_dict
return func(*args, **kwargs)
def __init__(self, app, rc):
self.app = app
self.rc = rc
rc.push()
request.change_win_size_event = threading.Event()
self.user_service = UserService(self.app.endpoint)
class SSHInterface(paramiko.ServerInterface):
"""使用paramiko提供的接口实现ssh server.
More see paramiko ssh server demo
https://github.com/paramiko/paramiko/blob/master/demos/demo_server.py
"""
host_key_path = os.path.join(PROJECT_DIR, 'keys', 'host_rsa_key')
start_check_auth = False
def __init__(self, app, rc):
self.app = app
self.rc = rc
rc.push()
request.change_win_size_event = threading.Event()
self.user_service = UserService(self.app.endpoint)
@classmethod
def get_host_key(cls):
logger.debug("Get ssh server host key")
if not os.path.isfile(cls.host_key_path):
cls.host_key_gen()
return paramiko.RSAKey(filename=cls.host_key_path)
@classmethod
def host_key_gen(cls):
logger.debug("Generate ssh server host key")
ssh_key, ssh_pub_key = ssh_key_gen()
with open(cls.host_key_path, 'w') as f:
f.write(ssh_key)
def check_channel_request(self, kind, chanid):
if kind == 'session':
return paramiko.OPEN_SUCCEEDED
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_auth(self, username, password=None, public_key=None):
self.rc.push()
data = {
"username": username,
"password": password,
"public_key": public_key,
"login_type": 'ST'
}
logger.debug("Start check auth")
user, token = self.user_service.login(data)
result = False
if user:
request.user = user
self.user_service.auth(token=token)
result = True
logger.debug("Finish check auth")
return result
def check_auth_password(self, username, password):
if self.check_auth(username, password=password):
logger.info('Accepted password for %(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_SUCCESSFUL
else:
logger.info('Authentication password failed for '
'%(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, public_key):
"""登录时首先会使用公钥认证, 会自动扫描家目录的私钥,
验证账号密码, paramiko会启动新的线程, 所以需要push request context
"""
public_key_s = public_key.get_base64()
if self.check_auth(username, public_key=public_key_s):
logger.info('Accepted public key for %(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_SUCCESSFUL
else:
logger.info('Authentication public key failed for '
'%(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_FAILED
def get_allowed_auths(self, username):
auth_method_list = []
if self.app.config['SSH_PASSWORD_AUTH']:
auth_method_list.append('password')
if self.app.config['SSH_PUBLIC_KEY_AUTH']:
auth_method_list.append('publickey')
return ','.join(auth_method_list)
def check_channel_shell_request(self, channel):
request.method = 'shell'
return True
def check_channel_pty_request(self, channel, term, width, height,
pixelwidth, pixelheight, modes):
request.win_width = channel.win_width = width
request.win_height = channel.win_height = height
return True
def check_channel_exec_request(self, channel, command):
request.method = 'exec'
return True
def check_channel_subsystem_request(self, channel, name):
request.method = 'subsystem'
return super(SSHInterface, self)\
.check_channel_subsystem_request(channel, name)
def check_channel_window_change_request(self, channel, width,
height, pixelwidth, pixelheight):
request.win_width = channel.win_width = width
request.win_width = channel.win_height = height
request.change_win_size_event.set()
return True
def __init__(self, app, rc):
self.app = app
self.rc = rc
rc.push()
request.change_win_size_event = threading.Event()
g.user_service = UserService(self.app.endpoint)
class SSHInterface(paramiko.ServerInterface):
"""使用paramiko提供的接口实现ssh server.
More see paramiko ssh server demo
https://github.com/paramiko/paramiko/blob/master/demos/demo_server.py
"""
host_key_path = os.path.join(PROJECT_DIR, 'keys', 'host_rsa_key')
start_check_auth = False
def __init__(self, app, rc):
self.app = app
self.rc = rc
rc.push()
request.change_win_size_event = threading.Event()
self.user_service = UserService(self.app.endpoint)
@classmethod
def get_host_key(cls):
logger.debug("Get ssh server host key")
if not os.path.isfile(cls.host_key_path):
cls.host_key_gen()
return paramiko.RSAKey(filename=cls.host_key_path)
@classmethod
def host_key_gen(cls):
logger.debug("Generate ssh server host key")
ssh_key, ssh_pub_key = ssh_key_gen()
with open(cls.host_key_path, 'w') as f:
f.write(ssh_key)
def check_channel_request(self, kind, chanid):
if kind == 'session':
return paramiko.OPEN_SUCCEEDED
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_auth(self, username, password=None, public_key=None):
self.rc.push()
data = {
"username": username,
"password": password,
"public_key": public_key,
"login_type": 'ST'
}
logger.debug("Start check auth")
user, token = self.user_service.login(data)
result = False
if user:
request.user = user
self.user_service.auth(token=token)
result = True
logger.debug("Finish check auth")
return result
def check_auth_password(self, username, password):
if self.check_auth(username, password=password):
logger.info('Accepted password for %(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_SUCCESSFUL
else:
logger.info('Authentication password failed for '
'%(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, public_key):
"""登录时首先会使用公钥认证, 会自动扫描家目录的私钥,
验证账号密码, paramiko会启动新的线程, 所以需要push request context
"""
public_key_s = public_key.get_base64()
if self.check_auth(username, public_key=public_key_s):
logger.info('Accepted public key for %(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_SUCCESSFUL
else:
logger.info('Authentication public key failed for '
'%(username)s from %(host)s' % {
'username': username,
'host': request.environ['REMOTE_ADDR'],
})
return paramiko.AUTH_FAILED
def get_allowed_auths(self, username):
auth_method_list = []
if self.app.config['SSH_PASSWORD_AUTH']:
auth_method_list.append('password')
if self.app.config['SSH_PUBLIC_KEY_AUTH']:
auth_method_list.append('publickey')
return ','.join(auth_method_list)
def check_channel_shell_request(self, channel):
request.method = 'shell'
return True
def check_channel_pty_request(self, channel, term, width, height,
pixelwidth, pixelheight, modes):
request.win_width = channel.win_width = width
request.win_height = channel.win_height = height
return True
def check_channel_exec_request(self, channel, command):
request.method = 'exec'
return True
def check_channel_subsystem_request(self, channel, name):
request.method = 'subsystem'
return super(SSHInterface, self)\
.check_channel_subsystem_request(channel, name)
def check_channel_window_change_request(self, channel, width,
height, pixelwidth, pixelheight):
request.win_width = channel.win_width = width
request.win_width = channel.win_height = height
request.change_win_size_event.set()
return True
from jms import UserService
username = '******'
password="******"
user_service = UserService(app_name='coco', endpoint='http://54.249.102.43')
user, token = user_service.login(username=username, password=password,
public_key=None, login_type='ST', remote_addr='54.249.102.43')
print(user)
# ~*~ coding: utf-8 ~*~
from jms import UserService
username = '******'
password = '******'
endpoint = 'http://localhost:8080'
user_service = UserService(endpoint=endpoint)
data = {
'username': username,
'password': password,
'public_key': None,
'login_type': 'ST',
'remote_addr': '2.2.2.2'
}
user, token = user_service.login(data)
print(user)
print(token)
user_service.auth(token=token)
print(user_service.is_authenticated())
print(user_service.get_my_assets())
print(user_service.get_my_asset_groups())
# ~*~ coding: utf-8 ~*~
from jms import UserService
username = '******'
password = '******'
endpoint = 'http://localhost:8080'
user_service = UserService(app_name='coco', endpoint=endpoint)
user, token = user_service.login(username=username,
password=password,
public_key=None,
login_type='ST',
remote_addr='2.2.2.2')
print(user)
print(token)
user_service.auth(token=token)
print(user_service.is_authenticated())
print(user_service.get_my_assets())
print(user_service.get_my_asset_groups())