修复创建tty日志文件失败, 请修改目录 bug (jumpserver#231)

* fix(api) 修改建立目录的bug

使用bash代替python完成建立777目录的功能

* fix passwd input

* fix(mkdir) 修改mkdirs策略

修改原来导致的bug

* fix passwd input (jumpserver#232)

修复记录敏感密码bug

* fix passwd input

* fix passwd input

connect.py

@@ -93,9 +93,7 @@ def __init__(self, user, asset, role, login_type='ssh'):
         self.remote_ip = ''
         self.login_type = login_type
         self.vim_flag = False
-        self.vim_end_flag = False
         self.vim_end_pattern = re.compile(r'\x1b\[\?1049', re.X)
-        self.vim_pattern = re.compile(r'\W?vi[m]?\s.* | \W?fg\s.*', re.X)
         self.vim_data = ''
         self.stream = None
         self.screen = None
@@ -117,7 +115,8 @@ def is_output(strings):
                 return True
         return False
 
-    def command_parser(self, command):
+    @staticmethod
+    def command_parser(command):
         """
         处理命令中如果有ps1或者mysql的特殊情况,极端情况下会有ps1和mysql
         :param command:要处理的字符传
@@ -157,14 +156,10 @@ def deal_command(self, data):
                     else:
                         command = line_data
                     break
-            if command != '':
-                # 判断用户输入的是否是vim 或者fg命令
-                if self.vim_pattern.search(command):
-                    self.vim_flag = True
-            # 虚拟屏幕清空
-            self.screen.reset()
         except Exception:
             pass
+        # 虚拟屏幕清空
+        self.screen.reset()
         return command
 
     def get_log(self):
@@ -180,8 +175,8 @@ def get_log(self):
         log_file_path = os.path.join(today_connect_log_dir, '%s_%s_%s' % (self.username, self.asset_name, time_start))
 
         try:
-            mkdir(os.path.dirname(today_connect_log_dir), mode=0777)
-            mkdir(today_connect_log_dir, mode=0777)
+            mkdir(os.path.dirname(today_connect_log_dir), mode=777)
+            mkdir(today_connect_log_dir, mode=777)
         except OSError:
             logger.debug('创建目录 %s 失败，请修改%s目录权限' % (today_connect_log_dir, tty_log_dir))
             raise ServerError('创建目录 %s 失败，请修改%s目录权限' % (today_connect_log_dir, tty_log_dir))
@@ -305,7 +300,6 @@ def posix_shell(self):
         old_tty = termios.tcgetattr(sys.stdin)
         pre_timestamp = time.time()
         data = ''
-        input_str = ''
         input_mode = False
         try:
             tty.setraw(sys.stdin.fileno())
@@ -325,8 +319,7 @@ def posix_shell(self):
                         x = self.channel.recv(10240)
                         if len(x) == 0:
                             break
-                        if self.vim_flag:
-                            self.vim_data += x
+
                         index = 0
                         len_x = len(x)
                         while index < len_x:
@@ -347,11 +340,10 @@ def posix_shell(self):
                         pre_timestamp = now_timestamp
                         log_file_f.flush()
 
-                        if input_mode and not self.is_output(x):
+                        self.vim_data += x
+                        if input_mode:
                             data += x
 
-                        input_str = ''
-
                     except socket.timeout:
                         pass
 
@@ -362,25 +354,22 @@ def posix_shell(self):
                         pass
                     termlog.recoder = True
                     input_mode = True
-                    input_str += x
-                    if str(x) in ['\r', '\n', '\r\n']:
-                        # 这个是用来处理用户的复制操作
-                        if input_str != x:
-                            data += input_str
-                        if self.vim_flag:
-                            match = self.vim_end_pattern.findall(self.vim_data)
-                            if match:
-                                if self.vim_end_flag or len(match) == 2:
-                                    self.vim_flag = False
-                                    self.vim_end_flag = False
-                                else:
-                                    self.vim_end_flag = True
-                        else:
+                    if self.is_output(str(x)):
+                        # 如果len(str(x)) > 1 说明是复制输入的
+                        if len(str(x)) > 1:
+                            data = x
+                        match = self.vim_end_pattern.findall(self.vim_data)
+                        if match:
+                            if self.vim_flag or len(match) == 2:
+                                self.vim_flag = False
+                            else:
+                                self.vim_flag = True
+                        elif not self.vim_flag:
+                            self.vim_flag = False
                             data = self.deal_command(data)[0:200]
-                            if len(data) > 0:
+                            if data is not None:
                                 TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save()
                         data = ''
-                        input_str = ''
                         self.vim_data = ''
                         input_mode = False
 
@@ -406,7 +395,7 @@ def connect(self):
         """
         # 发起ssh连接请求 Make a ssh connection
         ssh = self.get_connection()
-        
+
         transport = ssh.get_transport()
         transport.set_keepalive(30)
         transport.use_compression(True)
@@ -422,7 +411,7 @@ def connect(self):
             signal.signal(signal.SIGWINCH, self.set_win_size)
         except:
             pass
-        
+
         self.posix_shell()
 
         # Shutdown channel socket

jperm/utils.py

@@ -42,7 +42,7 @@ def gen_keys(key="", key_path_dir=""):
         key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
     private_key = os.path.join(key_path_dir, 'id_rsa')
     public_key = os.path.join(key_path_dir, 'id_rsa.pub')
-    mkdir(key_path_dir, mode=0755)
+    mkdir(key_path_dir, mode=755)
     if not key:
         key = RSAKey.generate(2048)
         key.write_private_key_file(private_key)

jumpserver/api.py

@@ -91,7 +91,7 @@ def get_role_key(user, role):
     """
     user_role_key_dir = os.path.join(KEY_DIR, 'user')
     user_role_key_path = os.path.join(user_role_key_dir, '%s_%s.pem' % (user.username, role.name))
-    mkdir(user_role_key_dir, mode=0777)
+    mkdir(user_role_key_dir, mode=777)
     if not os.path.isfile(user_role_key_path):
         with open(os.path.join(role.key_path, 'id_rsa')) as fk:
             with open(user_role_key_path, 'w') as fu:
@@ -458,14 +458,13 @@ def bash(cmd):
     return subprocess.call(cmd, shell=True)
 
 
-def mkdir(dir_name, username='', mode=0755):
+def mkdir(dir_name, username='', mode=755):
     """
     insure the dir exist and mode ok
     目录存在，如果不存在就建立，并且权限正确
     """
-    if not os.path.isdir(dir_name):
-        os.makedirs(dir_name)
-        os.chmod(dir_name, mode)
+    cmd = '[ ! -d %s ] && mkdir -p %s && chmod %s %s' % (dir_name, dir_name, mode, dir_name)
+    bash(cmd)
     if username:
         chown(dir_name, username)
 
@@ -486,7 +485,7 @@ def my_render(template, data, request):
 def get_tmp_dir():
     seed = uuid.uuid4().hex[:4]
     dir_name = os.path.join('/tmp', '%s-%s' % (datetime.datetime.now().strftime('%Y%m%d-%H%M%S'), seed))
-    mkdir(dir_name, mode=0777)
+    mkdir(dir_name, mode=777)
     return dir_name
 
 

juser/user_api.py

@@ -130,14 +130,14 @@ def gen_ssh_key(username, password='',
     """
     logger.debug('生成ssh key， 并设置authorized_keys')
     private_key_file = os.path.join(key_dir, username+'.pem')
-    mkdir(key_dir, mode=0777)
+    mkdir(key_dir, mode=777)
     if os.path.isfile(private_key_file):
         os.unlink(private_key_file)
     ret = bash('echo -e  "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password))
 
     if authorized_keys:
         auth_key_dir = os.path.join(home, username, '.ssh')
-        mkdir(auth_key_dir, username=username, mode=0700)
+        mkdir(auth_key_dir, username=username, mode=700)
         authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys')
         with open(private_key_file+'.pub') as pub_f:
             with open(authorized_key_file, 'w') as auth_f: