def create_users(handler, user_list, success, failed): """ 批量创建用户 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() name_list = list() s = SQL(db) for i in range(len(user_list)): user = user_list[i] if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query() if err != TPE_OK: failed.append({'line': user['_line'], 'error': '数据库查询失败'}) if len(s.recorder) > 0: failed.append({'line': user['_line'], 'error': '账号 `{}` 已经存在'.format(user['username'])}) continue if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, ' \ '`state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \ ') VALUES (' \ '0, "{username}", "{surname}", {user_type}, "{ldap_dn}", 0, "{password}", ' \ '{state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'}) continue success.append(user['username']) name_list.append(user['username']) user['_id'] = db.last_insert_id() if len(name_list) > 0: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "批量导入方式创建用户:{}".format(','.join(name_list))) # tp_stats().user_counter_change(len(name_list)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt)
def create_user(handler, user): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_sec() operator = handler.get_current_user() if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(user['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # _password = tp_password_generate_secret(user['password']) if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \ '`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `valid_from`, `valid_to`, `desc`' \ ') VALUES (' \ '{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \ '"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, {valid_from}, '\ '{valid_to}, "{desc}");' \ ''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, valid_from=user['valid_from'], valid_to=user['valid_to'], desc=user['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(user['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def create_user(handler, user): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # _password = tp_password_generate_secret(user['password']) if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \ '`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \ ') VALUES (' \ '{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \ '"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(user['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def create_users(handler, user_list, success, failed): """ 批量创建用户 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() name_list = list() s = SQL(db) for i in range(len(user_list)): user = user_list[i] err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(user['username'])).query() if err != TPE_OK: failed.append({'line': user['_line'], 'error': '数据库查询失败'}) if len(s.recorder) > 0: failed.append({ 'line': user['_line'], 'error': '账号 `{}` 已经存在'.format(user['username']) }) continue _password = tp_password_generate_secret(user['password']) sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \ '(1, 0, "{password}", "{username}", "{surname}", 0, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, username=user['username'], surname=user['surname'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=0, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'}) continue success.append(user['username']) name_list.append(user['username']) user['_id'] = db.last_insert_id() if len(name_list) > 0: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "批量导入方式创建用户:{}".format(','.join(name_list))) # tp_stats().user_counter_change(len(name_list)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt)
def set_password(handler, user_id, password): db = get_db() operator = handler.get_current_user() # print('----------', operator) # 1. get user info (user name) s = SQL(db) err = s.reset().select_from('user', ['username', 'surname']).where('user.id={}'.format(user_id)).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS name = s.recorder[0]['username'] surname = s.recorder[0]['surname'] if len(surname) == 0: surname = name sql = 'UPDATE `{}user` SET password="******" WHERE id={user_id};' \ ''.format(db.table_prefix, password=password, user_id=user_id) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE if operator['id'] == 0: syslog.sys_log({'username': name, 'surname': surname}, handler.request.remote_ip, TPE_OK, "用户 {} 通过邮件方式重置了密码".format(name)) else: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "为用户 {} 手动重置了密码".format(name)) return TPE_OK
def generate_reset_password_token(handler, user_id): db = get_db() operator = handler.get_current_user() s = SQL(db) _time_now = tp_timestamp_sec() # 0. query user's email by user_id err = s.select_from('user', ['email'], alt_name='u').where( 'u.id={user_id}'.format(user_id=user_id)).query() if err != TPE_OK: return err, None, None if len(s.recorder) == 0: return TPE_DATABASE, None, None email = s.recorder[0].email # 1. clean all timed out tokens. s.reset().delete_from('user_rpt').where( 'create_time<{}'.format(_time_now - 24 * 60 * 60)).exec() # 2. find out if this user already have a token. err = s.reset().select_from('user_rpt', ['id'], alt_name='u').where( 'u.user_id={}'.format(user_id)).query() if err != TPE_OK: return err, None, None token = tp_generate_random(16) if len(s.recorder) == 0: sql = 'INSERT INTO `{dbtp}user_rpt` (user_id, token, create_time) VALUES ' \ '({user_id}, "{token}", {create_time});' \ ''.format(dbtp=db.table_prefix, user_id=user_id, token=token, create_time=_time_now) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, None, None else: sql = 'UPDATE `{dbtp}user_rpt` SET token="{token}", create_time={create_time} WHERE user_id={user_id};' \ ''.format(dbtp=db.table_prefix, token=token, create_time=_time_now, user_id=user_id) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, None, None # syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "为用户 {} 手动重置了密码".format(name)) return TPE_OK, email, token
def generate_reset_password_token(handler, user_id): db = get_db() operator = handler.get_current_user() s = SQL(db) _time_now = tp_timestamp_utc_now() # 0. query user's email by user_id err = s.select_from('user', ['email'], alt_name='u').where('u.id={user_id}'.format(user_id=user_id)).query() if err != TPE_OK: return err, None, None if len(s.recorder) == 0: return TPE_DATABASE, None, None email = s.recorder[0].email # 1. clean all timed out tokens. s.reset().delete_from('user_rpt').where('create_time<{}'.format(_time_now - 24 * 60 * 60)).exec() # 2. find out if this user already have a token. err = s.reset().select_from('user_rpt', ['id'], alt_name='u').where('u.user_id={}'.format(user_id)).query() if err != TPE_OK: return err, None, None token = tp_generate_random(16) if len(s.recorder) == 0: sql = 'INSERT INTO `{dbtp}user_rpt` (user_id, token, create_time) VALUES ' \ '({user_id}, "{token}", {create_time});' \ ''.format(dbtp=db.table_prefix, user_id=user_id, token=token, create_time=_time_now) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, None, None else: sql = 'UPDATE `{dbtp}user_rpt` SET token="{token}", create_time={create_time} WHERE user_id={user_id};' \ ''.format(dbtp=db.table_prefix, token=token, create_time=_time_now, user_id=user_id) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, None, None # syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "为用户 {} 手动重置了密码".format(name)) return TPE_OK, email, token
def remove_users(handler, users): db = get_db() s = SQL(db) str_users = ','.join([str(i) for i in users]) # 1. 获取用户名称,用于记录系统日志 where = 'u.id IN ({})'.format(str_users) err = s.select_from('user', ['username'], alt_name='u').where(where).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS str_names = ','.join([n['username'] for n in s.recorder]) sql_list = [] # 将用户从所在组中移除 sql = 'DELETE FROM `{tpdp}group_map` WHERE type={t} AND mid IN ({ids});' \ ''.format(tpdp=db.table_prefix, t=TP_GROUP_USER, ids=str_users) sql_list.append(sql) # 删除用户 sql = 'DELETE FROM `{tpdp}user` WHERE id IN ({ids});'.format( tpdp=db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从运维授权中移除 sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE u_id IN ({ids});'.format( db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从审计授权中移除 sql = 'DELETE FROM `{}audit_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}audit_map` WHERE u_id IN ({ids});'.format( db.table_prefix, ids=str_users) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除用户:{}".format(str_names)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK
def create_user(handler, args): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(args['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 _password = tp_password_generate_secret(args['password']) sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \ '(1, {auth_type}, "{password}", "{username}", "{surname}", {role}, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, auth_type=args['auth_type'], password=_password, username=args['username'], surname=args['surname'], role=args['role'], state=TP_STATE_NORMAL, email=args['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=0, desc=args['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(args['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def remove_members(handler, policy_id, policy_type, ids): s = SQL(get_db()) auz_ids = [str(i) for i in ids] # 将用户从所在组中移除 where = 'policy_id={} AND type={} AND id IN ({})'.format(policy_id, policy_type, ','.join(auz_ids)) err = s.reset().delete_from('ops_auz').where(where).exec() if err != TPE_OK: return err #return TPE_OK return policy.rebuild_ops_auz_map()
def remove_users(handler, users): db = get_db() s = SQL(db) str_users = ','.join([str(i) for i in users]) # 1. 获取用户名称,用于记录系统日志 where = 'u.id IN ({})'.format(str_users) err = s.select_from('user', ['username'], alt_name='u').where(where).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS str_names = ','.join([n['username'] for n in s.recorder]) sql_list = [] # 将用户从所在组中移除 sql = 'DELETE FROM `{tpdp}group_map` WHERE type={t} AND mid IN ({ids});' \ ''.format(tpdp=db.table_prefix, t=TP_GROUP_USER, ids=str_users) sql_list.append(sql) # 删除用户 sql = 'DELETE FROM `{tpdp}user` WHERE id IN ({ids});'.format(tpdp=db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从运维授权中移除 sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE u_id IN ({ids});'.format(db.table_prefix, ids=str_users) sql_list.append(sql) # 将用户从审计授权中移除 sql = 'DELETE FROM `{}audit_auz` WHERE rtype={rtype} AND rid IN ({ids});' \ ''.format(db.table_prefix, rtype=TP_USER, ids=str_users) sql_list.append(sql) sql = 'DELETE FROM `{}audit_map` WHERE u_id IN ({ids});'.format(db.table_prefix, ids=str_users) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除用户:{}".format(str_names)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK
def set_password(handler, mode, user_id, password): db = get_db() operator = handler.get_current_user() # print('----------', operator) # 1. get user info (user name) s = SQL(db) err = s.reset().select_from('user', ['username', 'surname']).where( 'user.id={}'.format(user_id)).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS name = s.recorder[0]['username'] surname = s.recorder[0]['surname'] if len(surname) == 0: surname = name _time_now = tp_timestamp_sec() sql = 'UPDATE `{}user` SET `password`="{password}", `last_chpass`={last_chpass} WHERE `id`={user_id};' \ ''.format(db.table_prefix, password=password, last_chpass=_time_now, user_id=user_id) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE if mode in [3, 4, 5, 6]: if mode == 6: syslog.sys_log({ 'username': name, 'surname': surname }, handler.request.remote_ip, TPE_OK, "用户 {} 修改了过期的密码".format(name)) else: syslog.sys_log({ 'username': name, 'surname': surname }, handler.request.remote_ip, TPE_OK, "用户 {} 通过邮件方式重置了密码".format(name)) else: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "为用户 {} 手动重置了密码".format(name)) return TPE_OK
def update_policy(handler, args): db = get_db() # 1. 判断此账号是否已经存在 s = SQL(db) err = s.reset().select_from('ops_policy', ['id']).where('ops_policy.id={}'.format(args['id'])).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS sql = 'UPDATE `{}ops_policy` SET `name`="{name}", `desc`="{desc}" WHERE `id`={p_id};' \ ''.format(db.table_prefix, name=args['name'], desc=args['desc'], p_id=args['id'] ) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE return TPE_OK
def create_policy(handler, args): """ 创建一个授权策略 """ db = get_db() _time_now = tp_timestamp_utc_now() # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('audit_policy', ['id']).where( 'audit_policy.name="{}"'.format(args['name'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # 2. get total count sql = 'SELECT COUNT(*) FROM {}audit_policy'.format(db.table_prefix) db_ret = db.query(sql) if not db_ret or len(db_ret) == 0: return TPE_DATABASE, 0 rank = db_ret[0][0] + 1 sql = 'INSERT INTO `{}audit_policy` (`rank`, `name`, `desc`, `creator_id`, `create_time`) VALUES ' \ '({rank}, "{name}", "{desc}", {creator_id}, {create_time});' \ ''.format(db.table_prefix, rank=rank, name=args['name'], desc=args['desc'], creator_id=handler.get_current_user()['id'], create_time=_time_now) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "创建审计授权策略:{}".format(args['name'])) return TPE_OK, _id
def create_policy(handler, args): """ 创建一个授权策略 """ db = get_db() _time_now = tp_timestamp_utc_now() # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('ops_policy', ['id']).where('ops_policy.name="{}"'.format(args['name'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # 2. get total count sql = 'SELECT COUNT(*) FROM {}ops_policy'.format(db.table_prefix) db_ret = db.query(sql) if not db_ret or len(db_ret) == 0: return TPE_DATABASE, 0 rank = db_ret[0][0] + 1 sql = 'INSERT INTO `{}ops_policy` (`rank`, `name`, `desc`, `creator_id`, `create_time`) VALUES ' \ '({rank}, "{name}", "{desc}", {creator_id}, {create_time});' \ ''.format(db.table_prefix, rank=rank, name=args['name'], desc=args['desc'], creator_id=handler.get_current_user()['id'], create_time=_time_now) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "创建运维授权策略:{}".format(args['name'])) return TPE_OK, _id
def set_password(handler, user_id, password): db = get_db() operator = handler.get_current_user() # print('----------', operator) # 1. get user info (user name) s = SQL(db) err = s.reset().select_from('user', ['username', 'surname']).where( 'user.id={}'.format(user_id)).query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS name = s.recorder[0]['username'] surname = s.recorder[0]['surname'] if len(surname) == 0: surname = name sql = 'UPDATE `{}user` SET password="******" WHERE id={user_id};' \ ''.format(db.table_prefix, password=password, user_id=user_id) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE if operator['id'] == 0: syslog.sys_log({ 'username': name, 'surname': surname }, handler.request.remote_ip, TPE_OK, "用户 {} 通过邮件方式重置了密码".format(name)) else: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "为用户 {} 手动重置了密码".format(name)) return TPE_OK
def remove_accounts(handler, host_id, acc_ids): """ 删除远程账号 """ db = get_db() acc_count = len(acc_ids) acc_ids = ','.join([str(uid) for uid in acc_ids]) s = SQL(db) # 1. 判断是否存在 s.select_from('host', ['name', 'ip', 'router_ip', 'router_port', 'acc_count'], alt_name='a') s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS _h_name = s.recorder[0].name _h_ip = s.recorder[0].ip _h_router_ip = s.recorder[0].router_ip _h_router_port = s.recorder[0].router_port s.reset().select_from('acc', ['username'], alt_name='a') s.where('a.host_id={h_id} AND a.id IN ({ids}) '.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS acc_names = [] for a in s.recorder: acc_name = '{}@{}'.format(a.username, _h_ip) if len(_h_router_ip) > 0: acc_name += '(由{}:{}路由)'.format(_h_router_ip, _h_router_port) acc_names.append(acc_name) sql_list = [] sql = 'DELETE FROM `{}acc` WHERE host_id={} AND id IN ({});'.format(db.table_prefix, host_id, acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}group_map` WHERE type={} AND mid IN ({});'.format(db.table_prefix, TP_GROUP_ACCOUNT, acc_ids) sql_list.append(sql) # 更新主机相关账号数量 sql = 'UPDATE `{}host` SET acc_count=acc_count-{acc_count} WHERE id={host_id};'.format(db.table_prefix, acc_count=acc_count, host_id=host_id) sql_list.append(sql) sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format(db.table_prefix, rtype=TP_ACCOUNT, rid=acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE a_id IN ({acc_id});'.format(db.table_prefix, acc_id=acc_ids) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE # s.reset().select_from('host', ['acc_count'], alt_name='a') # s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) # err = s.query() # if err != TPE_OK: # return err # if len(s.recorder) == 0: # return TPE_NOT_EXISTS syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除账号:{}".format(','.join(acc_names))) tp_stats().acc_counter_change(-1) return TPE_OK
def remove_accounts(handler, host_id, acc_ids): """ 删除远程账号 """ db = get_db() acc_count = len(acc_ids) acc_ids = ','.join([str(uid) for uid in acc_ids]) s = SQL(db) # 1. 判断是否存在 s.select_from('host', ['name', 'ip', 'router_ip', 'router_port', 'acc_count'], alt_name='a') s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS _h_name = s.recorder[0].name _h_ip = s.recorder[0].ip _h_router_ip = s.recorder[0].router_ip _h_router_port = s.recorder[0].router_port s.reset().select_from('acc', ['username'], alt_name='a') s.where('a.host_id={h_id} AND a.id IN ({ids}) '.format(h_id=host_id, ids=acc_ids)) err = s.query() if err != TPE_OK: return err if len(s.recorder) == 0: return TPE_NOT_EXISTS acc_names = [] for a in s.recorder: acc_name = '{}@{}'.format(a.username, _h_ip) if len(_h_router_ip) > 0: acc_name += '(由{}:{}路由)'.format(_h_router_ip, _h_router_port) acc_names.append(acc_name) sql_list = [] sql = 'DELETE FROM `{}acc` WHERE host_id={} AND id IN ({});'.format( db.table_prefix, host_id, acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}group_map` WHERE type={} AND mid IN ({});'.format( db.table_prefix, TP_GROUP_ACCOUNT, acc_ids) sql_list.append(sql) # 更新主机相关账号数量 sql = 'UPDATE `{}host` SET acc_count=acc_count-{acc_count} WHERE id={host_id};'.format( db.table_prefix, acc_count=acc_count, host_id=host_id) sql_list.append(sql) sql = 'DELETE FROM `{}ops_auz` WHERE rtype={rtype} AND rid IN ({rid});'.format( db.table_prefix, rtype=TP_ACCOUNT, rid=acc_ids) sql_list.append(sql) sql = 'DELETE FROM `{}ops_map` WHERE a_id IN ({acc_id});'.format( db.table_prefix, acc_id=acc_ids) sql_list.append(sql) if not db.transaction(sql_list): return TPE_DATABASE # s.reset().select_from('host', ['acc_count'], alt_name='a') # s.where('a.id={h_id}'.format(h_id=host_id, ids=acc_ids)) # err = s.query() # if err != TPE_OK: # return err # if len(s.recorder) == 0: # return TPE_NOT_EXISTS syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除账号:{}".format(','.join(acc_names))) tp_stats().acc_counter_change(-1) return TPE_OK
def rebuild_ops_auz_map(): _users = {} _hosts = {} _accs = {} _gusers = {} _ghosts = {} _gaccs = {} _groups = {} _policies = {} _p_users = {} _p_assets = {} _map = [] db = get_db() dbtp = db.table_prefix db.exec('DELETE FROM {}ops_map'.format(dbtp)) s = SQL(get_db()) # 加载所有策略 err = s.reset().select_from('ops_policy', ['id', 'rank', 'state'], alt_name='p').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _policies[i.id] = i # 加载所有的用户 err = s.reset().select_from('user', ['id', 'username', 'surname', 'state'], alt_name='u').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _users[i.id] = i # 加载所有的主机 err = s.reset().select_from( 'host', ['id', 'name', 'ip', 'router_ip', 'router_port', 'state'], alt_name='h').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _hosts[i.id] = i # 加载所有的账号 err = s.reset().select_from('acc', [ 'id', 'host_id', 'username', 'protocol_type', 'protocol_port', 'auth_type', 'state' ], alt_name='a').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _accs[i.id] = i # 加载所有的组 err = s.reset().select_from('group', ['id', 'type', 'state'], alt_name='g').query() if err != TPE_OK: return err for i in s.recorder: _groups[i.id] = i if i.type == TP_GROUP_USER: _gusers[i.id] = [] elif i.type == TP_GROUP_HOST: _ghosts[i.id] = [] elif i.type == TP_GROUP_ACCOUNT: _gaccs[i.id] = [] # 加载所有的组 err = s.reset().select_from('group_map', ['id', 'type', 'gid', 'mid'], alt_name='g').query() if err != TPE_OK: return err for g in s.recorder: if g.type == TP_GROUP_USER: # if g.gid not in _gusers: # _gusers[g.gid] = [] _gusers[g.gid].append(_users[g.mid]) elif g.type == TP_GROUP_HOST: # if g.gid not in _ghosts: # _ghosts[g.gid] = [] _ghosts[g.gid].append(_hosts[g.mid]) elif g.type == TP_GROUP_ACCOUNT: # if g.gid not in _gaccs: # _gaccs[g.gid] = [] _gaccs[g.gid].append(_accs[g.mid]) # 加载所有策略明细 err = s.reset().select_from('ops_auz', ['id', 'policy_id', 'type', 'rtype', 'rid'], alt_name='o').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK # 分解各个策略中操作者和被操作资产的信息 for i in s.recorder: if i.type == TP_POLICY_OPERATOR: if i.policy_id not in _p_users: _p_users[i.policy_id] = [] if i.rtype == TP_USER: u = _users[i.rid] _p_users[i.policy_id].append({ 'u_id': i.rid, 'u_state': u.state, 'gu_id': 0, 'gu_state': 0, 'u_name': u.username, 'u_surname': u.surname, 'auth_from_': 'USER' }) elif i.rtype == TP_GROUP_USER: for u in _gusers[i.rid]: _p_users[i.policy_id].append({ 'u_id': u.id, 'u_state': u.state, 'gu_id': i.rid, 'gu_state': _groups[i.rid].state, 'u_name': u.username, 'u_surname': u.surname, 'auth_from_': 'gUSER' }) else: log.e('invalid operator type.\n') return TPE_FAILED elif i.type == TP_POLICY_ASSET: if i.policy_id not in _p_assets: _p_assets[i.policy_id] = [] if i.rtype == TP_ACCOUNT: a = _accs[i.rid] h = _hosts[a.host_id] _p_assets[i.policy_id].append({ 'a_id': i.rid, 'a_state': a.state, 'ga_id': 0, 'ga_state': 0, 'h_id': h.id, 'h_state': h.state, 'gh_id': 0, 'gh_state': 0, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'ACC' }) elif i.rtype == TP_GROUP_ACCOUNT: for a in _gaccs[i.rid]: h = _hosts[a.host_id] _p_assets[i.policy_id].append({ 'a_id': a.id, 'a_state': a.state, 'ga_id': i.rid, 'ga_state': _groups[i.rid].state, 'h_id': h.id, 'h_state': h.state, 'gh_id': 0, 'gh_state': 0, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'gACC' }) elif i.rtype == TP_HOST: for aid in _accs: if _accs[aid].host_id == i.rid: a = _accs[aid] h = _hosts[i.rid] _p_assets[i.policy_id].append({ 'a_id': aid, 'a_state': a.state, 'ga_id': 0, 'ga_state': 0, 'h_id': h.id, 'h_state': h.state, 'gh_id': 0, 'gh_state': 0, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'HOST' }) elif i.rtype == TP_GROUP_HOST: for h in _ghosts[i.rid]: for aid in _accs: if _accs[aid].host_id == h.id: a = _accs[aid] _p_assets[i.policy_id].append({ 'a_id': aid, 'a_state': a.state, 'ga_id': 0, 'ga_state': 0, 'h_id': h.id, 'h_state': h.state, 'gh_id': i.rid, 'gh_state': _groups[i.rid].state, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'gHOST' }) else: log.e('invalid asset type.\n') return TPE_FAILED else: return TPE_FAILED # 3. 建立所有一一对应的映射关系 for pid in _policies: if pid not in _p_users: continue for u in _p_users[pid]: if pid not in _p_assets: continue for a in _p_assets[pid]: x = AttrDict() x.update({ 'p_id': pid, 'p_rank': _policies[pid].rank, 'p_state': _policies[pid].state }) x.update(u) x.update(a) x.uni_id = '{}-{}-{}-{}-{}-{}-{}'.format( x.p_id, x.gu_id, x.u_id, x.gh_id, x.h_id, x.ga_id, x.a_id) x.ua_id = 'u{}-a{}'.format(x.u_id, x.a_id) x.policy_auth_type = TP_POLICY_AUTH_UNKNOWN if u['auth_from_'] == 'USER' and a['auth_to_'] == 'ACC': x.policy_auth_type = TP_POLICY_AUTH_USER_ACC elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gACC': x.policy_auth_type = TP_POLICY_AUTH_USER_gACC elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'HOST': x.policy_auth_type = TP_POLICY_AUTH_USER_HOST elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gHOST': x.policy_auth_type = TP_POLICY_AUTH_USER_gHOST elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'ACC': x.policy_auth_type = TP_POLICY_AUTH_gUSER_ACC elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gACC': x.policy_auth_type = TP_POLICY_AUTH_gUSER_gACC elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'HOST': x.policy_auth_type = TP_POLICY_AUTH_gUSER_HOST elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gHOST': x.policy_auth_type = TP_POLICY_AUTH_gUSER_gHOST _map.append(x) if len(_map) == 0: return TPE_OK values = [] for i in _map: v = '("{uni_id}","{ua_id}",{p_id},{p_rank},{p_state},{policy_auth_type},{u_id},{u_state},{gu_id},{gu_state},{h_id},{h_state},{gh_id},{gh_state},{a_id},{a_state},{ga_id},{ga_state},' \ '"{u_name}","{u_surname}","{h_name}","{ip}","{router_ip}",{router_port},"{a_name}",{protocol_type},{protocol_port})' \ ''.format(uni_id=i.uni_id, ua_id=i.ua_id, p_id=i.p_id, p_rank=i.p_rank, p_state=i.p_state, policy_auth_type=i.policy_auth_type, u_id=i.u_id, u_state=i.u_state, gu_id=i.gu_id, gu_state=i.gu_state, h_id=i.h_id, h_state=i.h_state, gh_id=i.gh_id, gh_state=i.gh_state, a_id=i.a_id, a_state=i.a_state, ga_id=i.ga_id, ga_state=i.ga_state, u_name=i.u_name, u_surname=i.u_surname, h_name=i.h_name, ip=i.ip, router_ip=i.router_ip, router_port=i.router_port, a_name=i.a_name, protocol_type=i.protocol_type, protocol_port=i.protocol_port) values.append(v) sql = 'INSERT INTO `{dbtp}ops_map` (uni_id,ua_id,p_id,p_rank,p_state,policy_auth_type,u_id,u_state,gu_id,gu_state,h_id,h_state,gh_id,gh_state,a_id,a_state,ga_id,ga_state,' \ 'u_name,u_surname,h_name,ip,router_ip,router_port,a_name,protocol_type,protocol_port) VALUES \n{values};' \ ''.format(dbtp=dbtp, values=',\n'.join(values)) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE return TPE_OK
def rebuild_ops_auz_map(): _users = {} _hosts = {} _accs = {} _gusers = {} _ghosts = {} _gaccs = {} _groups = {} _policies = {} _p_users = {} _p_assets = {} _map = [] db = get_db() dbtp = db.table_prefix db.exec('DELETE FROM {}ops_map'.format(dbtp)) s = SQL(get_db()) # 加载所有策略 err = s.reset().select_from('ops_policy', ['id', 'rank', 'state'], alt_name='p').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _policies[i.id] = i # 加载所有的用户 err = s.reset().select_from('user', ['id', 'username', 'surname', 'state'], alt_name='u').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _users[i.id] = i # 加载所有的主机 err = s.reset().select_from('host', ['id', 'name', 'ip', 'router_ip', 'router_port', 'state'], alt_name='h').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _hosts[i.id] = i # 加载所有的账号 err = s.reset().select_from('acc', ['id', 'host_id', 'username', 'protocol_type', 'protocol_port', 'auth_type', 'state'], alt_name='a').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK for i in s.recorder: _accs[i.id] = i # 加载所有的组 err = s.reset().select_from('group', ['id', 'type', 'state'], alt_name='g').query() if err != TPE_OK: return err for i in s.recorder: _groups[i.id] = i if i.type == TP_GROUP_USER: _gusers[i.id] = [] elif i.type == TP_GROUP_HOST: _ghosts[i.id] = [] elif i.type == TP_GROUP_ACCOUNT: _gaccs[i.id] = [] # 加载所有的组 err = s.reset().select_from('group_map', ['id', 'type', 'gid', 'mid'], alt_name='g').query() if err != TPE_OK: return err for g in s.recorder: if g.type == TP_GROUP_USER: # if g.gid not in _gusers: # _gusers[g.gid] = [] _gusers[g.gid].append(_users[g.mid]) elif g.type == TP_GROUP_HOST: # if g.gid not in _ghosts: # _ghosts[g.gid] = [] _ghosts[g.gid].append(_hosts[g.mid]) elif g.type == TP_GROUP_ACCOUNT: # if g.gid not in _gaccs: # _gaccs[g.gid] = [] _gaccs[g.gid].append(_accs[g.mid]) # 加载所有策略明细 err = s.reset().select_from('ops_auz', ['id', 'policy_id', 'type', 'rtype', 'rid'], alt_name='o').query() if err != TPE_OK: return err if 0 == len(s.recorder): return TPE_OK # 分解各个策略中操作者和被操作资产的信息 for i in s.recorder: if i.type == TP_POLICY_OPERATOR: if i.policy_id not in _p_users: _p_users[i.policy_id] = [] if i.rtype == TP_USER: u = _users[i.rid] _p_users[i.policy_id].append({ 'u_id': i.rid, 'u_state': u.state, 'gu_id': 0, 'gu_state': 0, 'u_name': u.username, 'u_surname': u.surname, 'auth_from_': 'USER' }) elif i.rtype == TP_GROUP_USER: for u in _gusers[i.rid]: _p_users[i.policy_id].append({ 'u_id': u.id, 'u_state': u.state, 'gu_id': i.rid, 'gu_state': _groups[i.rid].state, 'u_name': u.username, 'u_surname': u.surname, 'auth_from_': 'gUSER' }) else: log.e('invalid operator type.\n') return TPE_FAILED elif i.type == TP_POLICY_ASSET: if i.policy_id not in _p_assets: _p_assets[i.policy_id] = [] if i.rtype == TP_ACCOUNT: a = _accs[i.rid] h = _hosts[a.host_id] _p_assets[i.policy_id].append({ 'a_id': i.rid, 'a_state': a.state, 'ga_id': 0, 'ga_state': 0, 'h_id': h.id, 'h_state': h.state, 'gh_id': 0, 'gh_state': 0, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'ACC' }) elif i.rtype == TP_GROUP_ACCOUNT: for a in _gaccs[i.rid]: h = _hosts[a.host_id] _p_assets[i.policy_id].append({ 'a_id': a.id, 'a_state': a.state, 'ga_id': i.rid, 'ga_state': _groups[i.rid].state, 'h_id': h.id, 'h_state': h.state, 'gh_id': 0, 'gh_state': 0, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'gACC' }) elif i.rtype == TP_HOST: for aid in _accs: if _accs[aid].host_id == i.rid: a = _accs[aid] h = _hosts[i.rid] _p_assets[i.policy_id].append({ 'a_id': aid, 'a_state': a.state, 'ga_id': 0, 'ga_state': 0, 'h_id': h.id, 'h_state': h.state, 'gh_id': 0, 'gh_state': 0, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'HOST' }) elif i.rtype == TP_GROUP_HOST: for h in _ghosts[i.rid]: for aid in _accs: if _accs[aid].host_id == h.id: a = _accs[aid] _p_assets[i.policy_id].append({ 'a_id': aid, 'a_state': a.state, 'ga_id': 0, 'ga_state': 0, 'h_id': h.id, 'h_state': h.state, 'gh_id': i.rid, 'gh_state': _groups[i.rid].state, 'a_name': a.username, 'protocol_type': a.protocol_type, 'protocol_port': a.protocol_port, 'h_name': h.name, 'ip': h.ip, 'router_ip': h.router_ip, 'router_port': h.router_port, 'auth_to_': 'gHOST' }) else: log.e('invalid asset type.\n') return TPE_FAILED else: return TPE_FAILED # 3. 建立所有一一对应的映射关系 for pid in _policies: if pid not in _p_users: continue for u in _p_users[pid]: if pid not in _p_assets: continue for a in _p_assets[pid]: x = AttrDict() x.update({ 'p_id': pid, 'p_rank': _policies[pid].rank, 'p_state': _policies[pid].state }) x.update(u) x.update(a) x.uni_id = '{}-{}-{}-{}-{}-{}-{}'.format(x.p_id, x.gu_id, x.u_id, x.gh_id, x.h_id, x.ga_id, x.a_id) x.ua_id = 'u{}-a{}'.format(x.u_id, x.a_id) x.policy_auth_type = TP_POLICY_AUTH_UNKNOWN if u['auth_from_'] == 'USER' and a['auth_to_'] == 'ACC': x.policy_auth_type = TP_POLICY_AUTH_USER_ACC elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gACC': x.policy_auth_type = TP_POLICY_AUTH_USER_gACC elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'HOST': x.policy_auth_type = TP_POLICY_AUTH_USER_HOST elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gHOST': x.policy_auth_type = TP_POLICY_AUTH_USER_gHOST elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'ACC': x.policy_auth_type = TP_POLICY_AUTH_gUSER_ACC elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gACC': x.policy_auth_type = TP_POLICY_AUTH_gUSER_gACC elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'HOST': x.policy_auth_type = TP_POLICY_AUTH_gUSER_HOST elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gHOST': x.policy_auth_type = TP_POLICY_AUTH_gUSER_gHOST _map.append(x) if len(_map) == 0: return TPE_OK values = [] for i in _map: v = '("{uni_id}","{ua_id}",{p_id},{p_rank},{p_state},{policy_auth_type},{u_id},{u_state},{gu_id},{gu_state},{h_id},{h_state},{gh_id},{gh_state},{a_id},{a_state},{ga_id},{ga_state},' \ '"{u_name}","{u_surname}","{h_name}","{ip}","{router_ip}",{router_port},"{a_name}",{protocol_type},{protocol_port})' \ ''.format(uni_id=i.uni_id, ua_id=i.ua_id, p_id=i.p_id, p_rank=i.p_rank, p_state=i.p_state, policy_auth_type=i.policy_auth_type, u_id=i.u_id, u_state=i.u_state, gu_id=i.gu_id, gu_state=i.gu_state, h_id=i.h_id, h_state=i.h_state, gh_id=i.gh_id, gh_state=i.gh_state, a_id=i.a_id, a_state=i.a_state, ga_id=i.ga_id, ga_state=i.ga_state, u_name=i.u_name, u_surname=i.u_surname, h_name=i.h_name, ip=i.ip, router_ip=i.router_ip, router_port=i.router_port, a_name=i.a_name, protocol_type=i.protocol_type, protocol_port=i.protocol_port) values.append(v) sql = 'INSERT INTO `{dbtp}ops_map` (uni_id,ua_id,p_id,p_rank,p_state,policy_auth_type,u_id,u_state,gu_id,gu_state,h_id,h_state,gh_id,gh_state,a_id,a_state,ga_id,ga_state,' \ 'u_name,u_surname,h_name,ip,router_ip,router_port,a_name,protocol_type,protocol_port) VALUES \n{values};' \ ''.format(dbtp=dbtp, values=',\n'.join(values)) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE return TPE_OK
def cleanup_storage(handler): # storage config sto = tp_cfg().sys.storage db = get_db() _now = tp_timestamp_utc_now() msg = [] have_error = False s = SQL(db) chk_time = _now - sto.keep_log * 24 * 60 * 60 if sto.keep_log > 0: # find out all sys-log to be remove s.select_from('syslog', ['id'], alt_name='s') s.where('s.log_time<{chk_time}'.format(chk_time=chk_time)) err = s.query() if err != TPE_OK: have_error = True msg.append('清理系统日志时发生错误:无法获取系统日志信息!') # return err, msg else: removed_log = len(s.recorder) if 0 == removed_log: msg.append('没有满足条件的系统日志需要清除!') else: s.reset().delete_from('syslog').where('log_time<{chk_time}'.format(chk_time=chk_time)) err = s.exec() if err != TPE_OK: have_error = True msg.append('清理系统日志时发生错误:无法清除指定的系统日志!') else: msg.append('{} 条系统日志已清除!'.format(removed_log)) if sto.keep_record > 0: core_cfg = tp_cfg().core if not core_cfg.detected: have_error = True msg.append('清除指定会话录像失败:未能检测到核心服务!') else: replay_path = core_cfg.replay_path if not os.path.exists(replay_path): have_error = True msg.append('清除指定会话录像失败:会话录像路径不存在({})!'.format(replay_path)) else: # find out all record to be remove s.reset().select_from('record', ['id', 'protocol_type'], alt_name='r') s.where('r.time_begin<{chk_time}'.format(chk_time=chk_time)) err = s.query() if err != TPE_OK: have_error = True msg.append('清除指定会话录像失败:无法获取会话录像信息!') elif len(s.recorder) == 0: msg.append('没有满足条件的会话录像需要清除!') else: record_removed = 0 for r in s.recorder: if r.protocol_type == TP_PROTOCOL_TYPE_RDP: path_remove = os.path.join(replay_path, 'rdp', '{:09d}'.format(r.id)) elif r.protocol_type == TP_PROTOCOL_TYPE_SSH: path_remove = os.path.join(replay_path, 'ssh', '{:09d}'.format(r.id)) elif r.protocol_type == TP_PROTOCOL_TYPE_TELNET: path_remove = os.path.join(replay_path, 'telnet', '{:09d}'.format(r.id)) else: have_error = True msg.append('会话录像记录编号 {},未知远程访问协议!'.format(r.id)) continue if os.path.exists(path_remove): # print('remove path', path_remove) try: shutil.rmtree(path_remove) except: have_error = True msg.append('会话录像记录 {} 清除失败,无法删除目录 {}!'.format(r.id, path_remove)) ss = SQL(db) ss.delete_from('record').where('id={rid}'.format(rid=r.id)) ss.exec() record_removed += 1 msg.append('{} 条会话录像数据已清除!'.format(record_removed)) if have_error: return TPE_FAILED, msg else: return TPE_OK, msg
def cleanup_storage(handler): # storage config sto = tp_cfg().sys.storage db = get_db() _now = tp_timestamp_sec() msg = [] have_error = False s = SQL(db) chk_time = _now - sto.keep_log * 24 * 60 * 60 if sto.keep_log > 0: # find out all sys-log to be remove s.select_from('syslog', ['id'], alt_name='s') s.where('s.log_time<{chk_time}'.format(chk_time=chk_time)) err = s.query() if err != TPE_OK: have_error = True msg.append('清理系统日志时发生错误:无法获取系统日志信息!') # return err, msg else: removed_log = len(s.recorder) if 0 == removed_log: msg.append('没有满足条件的系统日志需要清除!') else: s.reset().delete_from('syslog').where( 'log_time<{chk_time}'.format(chk_time=chk_time)) err = s.exec() if err != TPE_OK: have_error = True msg.append('清理系统日志时发生错误:无法清除指定的系统日志!') else: msg.append('{} 条系统日志已清除!'.format(removed_log)) if sto.keep_record > 0: core_cfg = tp_cfg().core if not core_cfg.detected: have_error = True msg.append('清除指定会话录像失败:未能检测到核心服务!') else: replay_path = core_cfg.replay_path if not os.path.exists(replay_path): have_error = True msg.append('清除指定会话录像失败:会话录像路径不存在({})!'.format(replay_path)) else: # find out all record to be remove s.reset().select_from('record', ['id', 'protocol_type'], alt_name='r') s.where('r.time_begin<{chk_time}'.format(chk_time=chk_time)) err = s.query() if err != TPE_OK: have_error = True msg.append('清除指定会话录像失败:无法获取会话录像信息!') elif len(s.recorder) == 0: msg.append('没有满足条件的会话录像需要清除!') else: record_removed = 0 for r in s.recorder: if r.protocol_type == TP_PROTOCOL_TYPE_RDP: path_remove = os.path.join(replay_path, 'rdp', '{:09d}'.format(r.id)) elif r.protocol_type == TP_PROTOCOL_TYPE_SSH: path_remove = os.path.join(replay_path, 'ssh', '{:09d}'.format(r.id)) elif r.protocol_type == TP_PROTOCOL_TYPE_TELNET: path_remove = os.path.join(replay_path, 'telnet', '{:09d}'.format(r.id)) else: have_error = True msg.append('会话录像记录编号 {},未知远程访问协议!'.format(r.id)) continue if os.path.exists(path_remove): # print('remove path', path_remove) try: shutil.rmtree(path_remove) except: have_error = True msg.append('会话录像记录 {} 清除失败,无法删除目录 {}!'.format( r.id, path_remove)) ss = SQL(db) ss.delete_from('record').where( 'id={rid}'.format(rid=r.id)) ss.exec() record_removed += 1 msg.append('{} 条会话录像数据已清除!'.format(record_removed)) if have_error: return TPE_FAILED, msg else: return TPE_OK, msg