def gen_keys(key="", key_path_dir=""):
"""
在KEY_DIR下创建一个 uuid命名的目录,
并且在该目录下 生产一对秘钥
:return: 返回目录名(uuid)
"""
key_basename = "key-" + uuid4().hex
if not key_path_dir:
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
private_key = os.path.join(key_path_dir, 'id_rsa')
public_key = os.path.join(key_path_dir, 'id_rsa.pub')
mkdir(key_path_dir, mode=0755)
if not key:
key = RSAKey.generate(2048)
key.write_private_key_file(private_key)
else:
key_file = os.path.join(key_path_dir, 'id_rsa')
with open(key_file, 'w') as f:
f.write(key)
f.close()
with open(key_file) as f:
try:
key = RSAKey.from_private_key(f)
except SSHException, e:
shutil.rmtree(key_path_dir, ignore_errors=True)
raise SSHException(e)
def gen_keys(key="", key_path_dir=""):
"""
在KEY_DIR下创建一个 uuid命名的目录,
并且在该目录下 生产一对秘钥
:return: 返回目录名(uuid)
"""
key_basename = "key-" + uuid4().hex
if not key_path_dir:
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
private_key = os.path.join(key_path_dir, 'id_rsa')
public_key = os.path.join(key_path_dir, 'id_rsa.pub')
mkdir(key_path_dir, mode=0755)
if not key:
key = RSAKey.generate(2048)
key.write_private_key_file(private_key)
else:
key_file = os.path.join(key_path_dir, 'id_rsa')
with open(key_file, 'w') as f:
f.write(key)
f.close()
with open(key_file) as f:
try:
key = RSAKey.from_private_key(f)
except SSHException, e:
shutil.rmtree(key_path_dir, ignore_errors=True)
raise SSHException(e)
def gen_ssh_key(username, password='',
key_dir=os.path.join(settings.KEY_DIR, 'user'),
authorized_keys=True, home="/home", length=2048):
"""
生成用户ssh密匙对
:param username:
:param password:
:param key_dir:
:param authorized_keys:
:param home:
:param length:
:return:
"""
logger.debug('生成ssh_key,并设置authorized_keys')
private_key_file = os.path.join(key_dir, username+'.perm')
os.mkdir(key_dir, mode=777)
if os.path.isfile(private_key_file):
os.unlink(private_key_file)
ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"') % (private_key_file, length, password)
if authorized_keys:
auth_key_dir = os.path.join(home, username, '.ssh')
mkdir(auth_key_dir, username=username, mode=700)
authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys')
with open(private_key_file + '.pub') as pub_f:
with open(authorized_key_file, 'w') as auth_f:
auth_f.write(pub_f.read())
os.chmod(authorized_key_file, mode=0600)
chown(authorized_key_file, username)
def gen_ssh_key(username,
password='',
key_dir=os.path.join(settings.KEY_DIR, 'user'),
authorized_keys=True,
home="/home",
length=2048):
"""
generate a user ssh key in a property dir
生成一个用户ssh密钥对
"""
logger.debug('生成ssh key, 并设置authorized_keys')
private_key_file = os.path.join(key_dir, username + '.pem')
mkdir(key_dir, mode=777)
if os.path.isfile(private_key_file):
os.unlink(private_key_file)
ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"' %
(private_key_file, length, password))
if authorized_keys:
auth_key_dir = os.path.join(home, username, '.ssh')
mkdir(auth_key_dir, username=username, mode=700)
authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys')
with open(private_key_file + '.pub') as pub_f:
with open(authorized_key_file, 'w') as auth_f:
auth_f.write(pub_f.read())
os.chmod(authorized_key_file, 0o600)
chown(authorized_key_file, username)
def setting(request):
header_title, path1 = '项目设置', '设置'
setting_default = get_object(Setting, name='default')
if request.method == "POST":
try:
setting_raw = request.POST.get('setting', '')
if setting_raw == 'default':
username = request.POST.get('username', '')
port = request.POST.get('port', '')
password = request.POST.get('password', '')
private_key = request.POST.get('key', '')
if len(password) > 30:
raise ServerError('秘密长度不能超过30位!')
if '' in [username, port]:
return ServerError('所填内容不能为空, 且密码和私钥填一个')
else:
private_key_dir = os.path.join(settings.BASE_DIR, 'keys',
'default')
private_key_path = os.path.join(private_key_dir,
'admin_user.pem')
mkdir(private_key_dir)
if private_key:
with open(private_key_path, 'w') as f:
f.write(private_key)
os.chmod(private_key_path, 0o600)
if setting_default:
if password:
password_encode = CRYPTOR.encrypt(password)
else:
password_encode = password
Setting.objects.filter(name='default').update(
field1=username,
field2=port,
field3=password_encode,
field4=private_key_path)
else:
password_encode = CRYPTOR.encrypt(password)
setting_r = Setting(name='default',
field1=username,
field2=port,
field3=password_encode,
field4=private_key_path).save()
msg = "设置成功"
except ServerError as e:
error = e.message
return render(request, 'setting.html', locals())
def get_log(self):
"""
Logging user command and output.
记录用户的日志
"""
banned_list = ['/', '\0', '*', '?']
tty_log_dir = os.path.join(LOG_DIR, 'tty')
date_today = datetime.datetime.now()
date_start = date_today.strftime('%Y%m%d')
time_start = date_today.strftime('%H%M%S')
today_connect_log_dir = os.path.join(tty_log_dir, date_start)
filename = '%s_%s_%s' % (self.username, self.asset_name, time_start)
for banned_char in banned_list:
filename = filename.replace(banned_char, '_')
log_file_path = os.path.join(today_connect_log_dir, filename)
try:
mkdir(os.path.dirname(today_connect_log_dir), mode=777)
mkdir(today_connect_log_dir, mode=777)
except OSError as e:
logger.debug('创建目录 %s 失败,请修改%s目录权限 With error msg: %s' %
(today_connect_log_dir, tty_log_dir, e))
raise ServerError('创建目录 %s 失败,请修改%s目录权限' %
(today_connect_log_dir, tty_log_dir))
try:
log_file_f = open(log_file_path + '.log', 'a')
log_time_f = open(log_file_path + '.time', 'a')
except IOError as e:
logger.debug('创建tty日志文件失败, 请修改目录%s权限 With error msg: %s' %
(today_connect_log_dir, e))
raise ServerError('创建tty日志文件失败, 请修改目录%s权限' % today_connect_log_dir)
if self.login_type == 'ssh': # 如果是ssh连接过来,记录connect.py的pid,web terminal记录为日志的id
pid = os.getpid()
self.remote_ip = remote_ip # 获取远端IP
else:
pid = 0
log = Log(user=self.username,
host=self.asset_name,
remote_ip=self.remote_ip,
login_type=self.login_type,
log_path=log_file_path,
start_time=date_today,
pid=pid)
log.save()
if self.login_type == 'web':
log.pid = log.id # 设置log id为websocket的id, 然后kill时干掉websocket
log.save()
log_file_f.write('Start at %s\r\n' % datetime.datetime.now())
return log_file_f, log_time_f, log
def get_log(self):
"""
Logging user command and output.
记录用户的日志
"""
tty_log_dir = os.path.join(LOG_DIR, "tty")
date_today = datetime.datetime.now()
date_start = date_today.strftime("%Y%m%d")
time_start = date_today.strftime("%H%M%S")
today_connect_log_dir = os.path.join(tty_log_dir, date_start)
log_file_path = os.path.join(today_connect_log_dir, "%s_%s_%s" % (self.username, self.asset_name, time_start))
try:
mkdir(os.path.dirname(today_connect_log_dir), mode=0777)
mkdir(today_connect_log_dir, mode=0777)
except OSError:
logger.debug("创建目录 %s 失败,请修改%s目录权限" % (today_connect_log_dir, tty_log_dir))
raise ServerError("创建目录 %s 失败,请修改%s目录权限" % (today_connect_log_dir, tty_log_dir))
try:
log_file_f = open(log_file_path + ".log", "a")
log_time_f = open(log_file_path + ".time", "a")
except IOError:
logger.debug("创建tty日志文件失败, 请修改目录%s权限" % today_connect_log_dir)
raise ServerError("创建tty日志文件失败, 请修改目录%s权限" % today_connect_log_dir)
if self.login_type == "ssh": # 如果是ssh连接过来,记录connect.py的pid,web terminal记录为日志的id
pid = os.getpid()
self.remote_ip = remote_ip # 获取远端IP
else:
pid = 0
log = Log(
user=self.username,
host=self.asset_name,
remote_ip=self.remote_ip,
login_type=self.login_type,
log_path=log_file_path,
start_time=date_today,
pid=pid,
)
log.save()
if self.login_type == "web":
log.pid = log.id # 设置log id为websocket的id, 然后kill时干掉websocket
log.save()
log_file_f.write("Start at %s\r\n" % datetime.datetime.now())
return log_file_f, log_time_f, log
def save(self, path=settings.LOG_DIR):
date = datetime.datetime.now().strftime('%Y%m%d')
filename = str(uuid.uuid4())
self.filename = filename
filepath = os.path.join(path, 'tty', date, filename + '.zip')
if not os.path.isdir(os.path.join(path, 'tty', date)):
mkdir(os.path.join(path, 'tty', date), mode=777)
while os.path.isfile(filepath):
filename = str(uuid.uuid4())
filepath = os.path.join(path, 'tty', date, filename + '.zip')
password = str(uuid.uuid4())
try:
zf = zipfile.ZipFile(filepath, 'w', zipfile.ZIP_DEFLATED)
zf.setpassword(password)
zf.writestr(filename, json.dumps(self.log))
zf.close()
record = TermLog.objects.create(logPath=filepath,
logPWD=password,
filename=filename,
history=json.dumps(self.CMD),
timestamp=int(
self.recoderStartTime))
if self.user:
record.user.add(self.user)
except:
record = TermLog.objects.create(logPath='locale',
logPWD=password,
log=json.dumps(self.log),
filename=filename,
history=json.dumps(self.CMD),
timestamp=int(
self.recoderStartTime))
if self.user:
record.user.add(self.user)
try:
del TermLogRecorder.loglist[str(self.id)]
except KeyError:
pass
def gen_keys(key="", key_path_dir=""):
"""
在KEY_DIR下创建一个 uuid命名的目录,
并且在该目录下 生产一对秘钥
:return: 返回目录名(uuid)
"""
key_basename = "key-" + uuid4().hex
if not key_path_dir:
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
private_key = os.path.join(key_path_dir, 'id_rsa')
public_key = os.path.join(key_path_dir, 'id_rsa.pub')
mkdir(key_path_dir, mode=755)
if not key:
key = RSAKey.generate(2048)
key.write_private_key_file(private_key)
else:
key_file = os.path.join(key_path_dir, 'id_rsa')
with open(key_file, 'w') as f:
f.write(key)
f.close()
with open(key_file) as f:
try:
key = RSAKey.from_private_key(f)
except SSHException as e:
shutil.rmtree(key_path_dir, ignore_errors=True)
raise SSHException(e)
os.chmod(private_key, 0o644)
with open(public_key, 'w') as content_file:
for data in [
key.get_name(), " ",
key.get_base64(),
" %s@%s" % ("jumpserver", os.uname()[1])
]:
content_file.write(data)
return key_path_dir
def gen_keys_by_name(key="", key_path_dir="", name=""):
"""
在KEY_DIR下创建一个以用户名命名的目录,
并且在该目录下 生产一对秘钥
:return: 返回目录名(uuid)
"""
key_basename = name
if not key_path_dir:
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
private_key = os.path.join(key_path_dir, 'id_rsa')
public_key = os.path.join(key_path_dir, 'id_rsa.pub')
config_file = os.path.join(key_path_dir, 'config')
mkdir(key_path_dir, mode=0755)
if not key:
key = RSAKey.generate(2048)
key.write_private_key_file(private_key)
config_content = [
'StrictHostKeyChecking no\n',
'UserKnownHostsFile /dev/null\n',
'GSSAPIAuthentication no\n'
]
config = file(config_file, 'w')
for c in config_content:
config.write(c)
config.close()
else:
key_file = os.path.join(key_path_dir, 'id_rsa')
with open(key_file, 'w') as f:
f.write(key)
f.close()
with open(key_file) as f:
try:
key = RSAKey.from_private_key(f)
except SSHException, e:
shutil.rmtree(key_path_dir, ignore_errors=True)
raise SSHException(e)
