def user():
s = request.environ.get('beaker.session')
username = s.get('username')
oldpwd = request.forms.get("oldpwd")
newpwd = request.forms.get("newpwd")
newpwds = request.forms.get("newpwds")
sql = " select passwd from user where username=%s "
result = readDb(sql, (username, ))
if result[0].get('passwd') != LoginCls().encode(keys, oldpwd):
msg = {'color': 'red', 'message': u'旧密码验证失败,请重新输入'}
return template('changepasswd', session=s, msg=msg, info={})
if newpwd != newpwds:
msg = {'color': 'red', 'message': u'密码两次输入不一致,请重新输入'}
return template('changepasswd', session=s, msg=msg, info={})
m_encrypt = LoginCls().encode(keys, newpwd)
sql2 = " update user set passwd=%s where username=%s "
result = writeDb(sql2, (m_encrypt, username))
if result == True:
wrtlog('User', '更改密码成功', username, s.get('clientip'))
writeVPNconf(action='uptuser')
msg = {'color': 'green', 'message': u'密码更新成功,后续请以新密码登录系统'}
return template('changepasswd', session=s, msg=msg, info={})
else:
wrtlog('User', '更改密码失败', username, s.get('clientip'))
msg = {'color': 'red', 'message': u'密码更新失败,请核对错误'}
return template('changepasswd', session=s, msg=msg, info={})
def adduser():
s = request.environ.get('beaker.session')
username = request.forms.get("username")
passwd = request.forms.get("passwd")
stopdate = request.forms.get("stopdate")
policy = request.forms.get("policy")
access = request.forms.get("access")
comment = request.forms.get("comment")
#把密码进行md5加密码处理后再保存到数据库中
m_encrypt = LoginCls().encode(keys, passwd)
#检查表单长度
if len(username) < 4 or (len(passwd) > 0 and len(passwd) < 8):
message = "用户名或密码长度不符要求!"
return '-2'
#检测表单各项值,如果出现为空的表单,则返回提示
if not (username and policy and access):
message = "表单不允许为空!"
return '-2'
sql = """
INSERT INTO
user(username,passwd,stopdate,policy,access,comment)
VALUES(%s,%s,%s,%s,%s,%s)
"""
data = (username, m_encrypt, stopdate, policy, access, comment)
result = writeDb(sql, data)
if result:
wrtlog('User', '新增用户成功:%s' % username, s['username'],
s.get('clientip'))
writeVPNconf(action='uptuser')
return '0'
else:
wrtlog('User', '新增用户失败:%s' % username, s['username'],
s.get('clientip'))
return '-1'
def addclientconf():
"""新增服务配置项"""
s = request.environ.get('beaker.session')
authtype = request.forms.get("authtype")
idata=dict()
if authtype == '0' :
idata['cainfo'] = request.forms.get("cainfo").replace('\r\n','\n').strip()
idata['certinfo'] = request.forms.get("certinfo").replace('\r\n','\n').strip()
elif authtype == '1' :
idata['vpnuser'] = request.forms.get("vpnuser")
idata['vpnpass'] = request.forms.get("vpnpass")
elif authtype == '2' :
idata['service'] = 'off'
else :
msg = {'color':'green','message':u'验证类型错误,保存失败'}
return template('addvpncltconfig',session=s,msg=msg,info={})
idata['authtype'] = request.forms.get("authtype")
idata['ipaddr'] = request.forms.get("ipaddr")
idata['servport'] = request.forms.get("servport")
idata['tunid'] = 'tun1000'
idata['chkconn'] = request.forms.get("chkconn")
sql = " update sysattr set value=%s where attr='vpnclient' "
iidata=json.dumps(idata)
result = writeDb(sql,(iidata,))
if result == True :
msg = {'color':'green','message':u'配置保存成功'}
writeVPNconf(action='uptcltconf')
cmds.servboot('vpnconn')
writeUTMconf(action='uptconf')
return template('addvpncltconfig',session=s,msg=msg,info=idata)
def do_addservconf():
"""新增服务配置项"""
s = request.environ.get('beaker.session')
authtype = request.forms.get("authtype")
ipaddr = request.forms.get("ipaddr")
servport = request.forms.get("servport")
virip = request.forms.get("virip")
virmask = request.forms.get("virmask")
maxclient = request.forms.get("maxclient")
maxuser = request.forms.get("maxuser")
authtimeout = request.forms.get("authtimeout")
authnum = request.forms.get("authnum")
locktime = request.forms.get("locktime")
comp = request.forms.get("comp")
cisco = request.forms.get("cisco")
if netmod.checkip(virip) == False or netmod.checkmask(virmask) == False :
msg = {'color':'red','message':u'虚拟地址填写不合法,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
sql = " INSERT INTO vpnservconf(servmode,authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco) values ('server',%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)"
data = (authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco)
result = writeDb(sql,data)
if result == True :
writeVPNconf(action='addconf')
cmds.servboot('ocserv')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'配置保存成功'}
return template('vpnservconf',session=s,msg=msg,info={})
def editpolicy(id):
"""修改策略"""
s = request.environ.get('beaker.session')
name = request.forms.get("name")
pushdns = request.forms.get("pushdns").replace('\r\n','\n').strip()
pushroute = request.forms.get("pushroute").replace('\r\n','\n').strip()
pushnoroute = request.forms.get("pushnoroute").replace('\r\n','\n').strip()
allipmask = pushroute.split('\n')+pushnoroute.split('\n')
# 内容检测
for ip in pushdns.split('\n') :
if netmod.checkip(ip) == False and ip != '':
msg = {'color':'red','message':u'DNS内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
for ipmask in allipmask :
if netmod.checkipmask(ipmask) == False and ipmask != '' :
msg = {'color':'red','message':u'路由内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
sql = "UPDATE vpnpolicy set name=%s,pushdns=%s,pushroute=%s,pushnoroute=%s where id=%s"
data=(name,pushdns,pushroute,pushnoroute,id)
result = writeDb(sql,data)
if result == True:
writeVPNconf(action='uptgroup')
writeUTMconf(action='addconf')
msg = {'color':'green','message':u'更新成功'}
return(template('policyconf',session=s,msg=msg,info={}))
else:
msg = {'color':'red','message':u'更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
def do_addpolicy():
"""POST"""
s = request.environ.get('beaker.session')
name = request.forms.get("name")
pushdns = request.forms.get("pushdns").replace('\r\n','\n').strip()
pushroute = request.forms.get("pushroute").replace('\r\n','\n').strip()
pushnoroute = request.forms.get("pushnoroute").replace('\r\n','\n').strip()
allipmask = pushroute.split('\n')+pushnoroute.split('\n')
for ip in pushdns.split('\n') :
if netmod.checkip(ip) == False and ip != '':
msg = {'color':'red','message':u'DNS内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
for ipmask in allipmask :
if netmod.checkipmask(ipmask) == False and ipmask != '':
msg = {'color':'red','message':u'路由内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
sql = "INSERT INTO vpnpolicy(name,pushdns,pushroute,pushnoroute) VALUES(%s,%s,%s,%s)"
data=(name,pushdns,pushroute,pushnoroute)
result = writeDb(sql,data)
if result == True:
writeVPNconf(action='uptgroup')
writeUTMconf(action='addconf')
msg = {'color':'green','message':u'添加成功'}
return(template('policyconf',session=s,msg=msg,info={}))
else:
msg = {'color':'red','message':u'添加失败'}
return(template('policyconf',session=s,msg=msg,info={}))
def addprofile():
s = request.environ.get('beaker.session')
xmltext = request.forms.get("xmltext")
if xmltext == '' :
msg = {'color':'red','message':u'信息为空,保存失败'}
return(template('addprofile',session=s,msg=msg,info={}))
sql = " update sysattr set value=%s where attr='vpnprofile' "
result = writeDb(sql,(xmltext,))
if result == True:
writeVPNconf(action='uptprofile')
msg = {'color':'green','message':u'Profile.xml保存成功'}
sql = " select value from sysattr where attr='vpnprofile' "
result = readDb(sql,)
return(template('addprofile',session=s,msg=msg,info=result[0]))
def delpolicy(id):
"""删除策略"""
s = request.environ.get('beaker.session')
sql = "select username from user where policy=%s "
chkdata = readDb(sql,(id,))
if len(chkdata) > 0 :
msg = {'color':'red','message':u'删除失败,该策略已被关联无法删除'}
return(template('policyconf',session=s,msg=msg,info={}))
sql = "delete from vpnpolicy where id in (%s) "
result = writeDb(sql,(id,))
if result:
writeVPNconf(action='uptgroup')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'删除成功'}
return(template('policyconf',session=s,msg=msg,info={}))
else:
msg = {'color':'red','message':u'删除失败'}
return(template('policyconf',session=s,msg=msg,info={}))
def deluser():
s = request.environ.get('beaker.session')
id = request.forms.get('str').rstrip(',')
if not id:
return '-1'
# 禁止删除ADMIN账户
if id == '1':
return '-1'
for i in id.split(','):
if i == '1':
return '-1'
sql = "delete from user where id in (%s) "
result = writeDb(sql, (i, ))
if result:
wrtlog('User', '删除用户成功', s['username'], s.get('clientip'))
writeVPNconf(action='uptuser')
return '0'
else:
wrtlog('User', '删除用户失败', s['username'], s.get('clientip'))
return '-1'
def do_changeuser(id):
s = request.environ.get('beaker.session')
username = request.forms.get("username")
passwd = request.forms.get("passwd")
stopdate = request.forms.get("stopdate")
policy = request.forms.get("policy")
access = request.forms.get("access")
comment = request.forms.get("comment")
#把密码进行加密处理后再保存到数据库中
if not passwd:
sql = "select passwd from user where id = %s"
m_encrypt = readDb(sql, (id, ))[0].get('passwd')
else:
m_encrypt = LoginCls().encode(keys, passwd)
# 判断用户表单跳转[弃用]
#if int(access) == 0:
# formaddr='user'
#else :
# formaddr='admin'
#检查表单长度
if len(username) < 4 or (len(passwd) > 0 and len(passwd) < 8):
return -1
if not (username and policy):
return -2
sql = """
UPDATE user SET
username=%s,passwd=%s,stopdate=%s,policy=%s,access=%s,comment=%s
WHERE id=%s
"""
data = (username, m_encrypt, stopdate, int(policy), access, comment, id)
result = writeDb(sql, data)
if result == True:
wrtlog('User', '更新用户成功:%s' % username, s['username'],
s.get('clientip'))
writeVPNconf(action='uptuser')
return 0
else:
wrtlog('User', '更新用户失败:%s' % username, s['username'],
s.get('clientip'))
return -1
def do_editvpnservconf(id):
"""修改提交服务配置项"""
s = request.environ.get('beaker.session')
authtype = request.forms.get("authtype")
ipaddr = request.forms.get("ipaddr")
servport = request.forms.get("servport")
virip = request.forms.get("virip")
virmask = request.forms.get("virmask")
maxclient = request.forms.get("maxclient")
maxuser = request.forms.get("maxuser")
authtimeout = request.forms.get("authtimeout")
authnum = request.forms.get("authnum")
locktime = request.forms.get("locktime")
comp = request.forms.get("comp")
cisco = request.forms.get("cisco")
if netmod.checkip(virip) == False or netmod.checkmask(virmask) == False :
msg = {'color':'red','message':u'虚拟地址填写不合法,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
if servport.isdigit() == False or maxclient.isdigit() == False or maxuser.isdigit() == False or authtimeout.isdigit() == False or authnum.isdigit() == False or locktime.isdigit() == False:
msg = {'color':'red','message':u'填写不合法,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
if int(servport) < 0 or int(servport) > 65535 :
msg = {'color':'red','message':u'端口配置错误,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
if netmod.checkip(ipaddr) == True or ipaddr == '*' :
True
else:
msg = {'color':'red','message':u'监听信息填写错误,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
sql = " UPDATE vpnservconf set authtype=%s,ipaddr=%s,servport=%s,virip=%s,virmask=%s,maxclient=%s,maxuser=%s,authtimeout=%s,authnum=%s,locktime=%s,comp=%s,cisco=%s WHERE id=%s"
data = (authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco,id)
result = writeDb(sql,data)
if result == True :
writeVPNconf(action='uptconf')
cmds.servboot('ocserv')
writeUTMconf(action='uptconf')
return template('vpnservconf',session=s,info={},msg={})
def do_changeuser(id):
s = request.environ.get('beaker.session')
username = request.forms.get("username")
passwd = request.forms.get("passwd")
policy = request.forms.get("policy")
access = request.forms.get("access")
comment = request.forms.get("comment")
#把密码进行加密处理后再保存到数据库中
if not passwd :
sql = "select passwd from user where id = %s"
m_encrypt = readDb(sql,(id,))[0].get('passwd')
else:
m_encrypt = LoginCls().encode(keys,passwd)
# 判断用户表单跳转[弃用]
#if int(access) == 0:
# formaddr='user'
#else :
# formaddr='admin'
#检查表单长度
if len(username) < 4 or (len(passwd) > 0 and len(passwd) < 8) :
return -1
if not (username and policy):
return -2
sql = """
UPDATE user SET
username=%s,passwd=%s,policy=%s,access=%s,comment=%s
WHERE id=%s
"""
data = (username,m_encrypt,int(policy),access,comment,id)
result = writeDb(sql,data)
if result == True:
wrtlog('User','更新用户成功:%s' % username,s['username'],s.get('clientip'))
writeVPNconf(action='uptuser')
return 0
else:
wrtlog('User','更新用户失败:%s' % username,s['username'],s.get('clientip'))
return -1
