From 93e08a6e29a4f1b382b7c2510ee3a7ece7bef627 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 11 May 2016 17:41:46 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=88=9B=E5=BB=BAtty?= =?UTF-8?q?=E6=97=A5=E5=BF=97=E6=96=87=E4=BB=B6=E5=A4=B1=E8=B4=A5,=20?= =?UTF-8?q?=E8=AF=B7=E4=BF=AE=E6=94=B9=E7=9B=AE=E5=BD=95=20bug=20(#231)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(api) 修改建立目录的bug 使用bash代替python完成建立777目录的功能 * fix passwd input * fix(mkdir) 修改mkdirs策略 修改原来导致的bug * fix passwd input (#232) 修复记录敏感密码bug * fix passwd input * fix passwd input --- connect.py | 59 +++++++++++++++++++---------------------------- jperm/utils.py | 2 +- jumpserver/api.py | 11 ++++----- juser/user_api.py | 4 ++-- 4 files changed, 32 insertions(+), 44 deletions(-) diff --git a/connect.py b/connect.py index 8e138c6c523f..f0f8effd3308 100755 --- a/connect.py +++ b/connect.py @@ -93,9 +93,7 @@ def __init__(self, user, asset, role, login_type='ssh'): self.remote_ip = '' self.login_type = login_type self.vim_flag = False - self.vim_end_flag = False self.vim_end_pattern = re.compile(r'\x1b\[\?1049', re.X) - self.vim_pattern = re.compile(r'\W?vi[m]?\s.* | \W?fg\s.*', re.X) self.vim_data = '' self.stream = None self.screen = None @@ -117,7 +115,8 @@ def is_output(strings): return True return False - def command_parser(self, command): + @staticmethod + def command_parser(command): """ 处理命令中如果有ps1或者mysql的特殊情况,极端情况下会有ps1和mysql :param command:要处理的字符传 @@ -157,14 +156,10 @@ def deal_command(self, data): else: command = line_data break - if command != '': - # 判断用户输入的是否是vim 或者fg命令 - if self.vim_pattern.search(command): - self.vim_flag = True - # 虚拟屏幕清空 - self.screen.reset() except Exception: pass + # 虚拟屏幕清空 + self.screen.reset() return command def get_log(self): @@ -180,8 +175,8 @@ def get_log(self): log_file_path = os.path.join(today_connect_log_dir, '%s_%s_%s' % (self.username, self.asset_name, time_start)) try: - mkdir(os.path.dirname(today_connect_log_dir), mode=0777) - mkdir(today_connect_log_dir, mode=0777) + mkdir(os.path.dirname(today_connect_log_dir), mode=777) + mkdir(today_connect_log_dir, mode=777) except OSError: logger.debug('创建目录 %s 失败,请修改%s目录权限' % (today_connect_log_dir, tty_log_dir)) raise ServerError('创建目录 %s 失败,请修改%s目录权限' % (today_connect_log_dir, tty_log_dir)) @@ -305,7 +300,6 @@ def posix_shell(self): old_tty = termios.tcgetattr(sys.stdin) pre_timestamp = time.time() data = '' - input_str = '' input_mode = False try: tty.setraw(sys.stdin.fileno()) @@ -325,8 +319,7 @@ def posix_shell(self): x = self.channel.recv(10240) if len(x) == 0: break - if self.vim_flag: - self.vim_data += x + index = 0 len_x = len(x) while index < len_x: @@ -347,11 +340,10 @@ def posix_shell(self): pre_timestamp = now_timestamp log_file_f.flush() - if input_mode and not self.is_output(x): + self.vim_data += x + if input_mode: data += x - input_str = '' - except socket.timeout: pass @@ -362,25 +354,22 @@ def posix_shell(self): pass termlog.recoder = True input_mode = True - input_str += x - if str(x) in ['\r', '\n', '\r\n']: - # 这个是用来处理用户的复制操作 - if input_str != x: - data += input_str - if self.vim_flag: - match = self.vim_end_pattern.findall(self.vim_data) - if match: - if self.vim_end_flag or len(match) == 2: - self.vim_flag = False - self.vim_end_flag = False - else: - self.vim_end_flag = True - else: + if self.is_output(str(x)): + # 如果len(str(x)) > 1 说明是复制输入的 + if len(str(x)) > 1: + data = x + match = self.vim_end_pattern.findall(self.vim_data) + if match: + if self.vim_flag or len(match) == 2: + self.vim_flag = False + else: + self.vim_flag = True + elif not self.vim_flag: + self.vim_flag = False data = self.deal_command(data)[0:200] - if len(data) > 0: + if data is not None: TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save() data = '' - input_str = '' self.vim_data = '' input_mode = False @@ -406,7 +395,7 @@ def connect(self): """ # 发起ssh连接请求 Make a ssh connection ssh = self.get_connection() - + transport = ssh.get_transport() transport.set_keepalive(30) transport.use_compression(True) @@ -422,7 +411,7 @@ def connect(self): signal.signal(signal.SIGWINCH, self.set_win_size) except: pass - + self.posix_shell() # Shutdown channel socket diff --git a/jperm/utils.py b/jperm/utils.py index d011125c3a59..1e496685242b 100644 --- a/jperm/utils.py +++ b/jperm/utils.py @@ -42,7 +42,7 @@ def gen_keys(key="", key_path_dir=""): key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename) private_key = os.path.join(key_path_dir, 'id_rsa') public_key = os.path.join(key_path_dir, 'id_rsa.pub') - mkdir(key_path_dir, mode=0755) + mkdir(key_path_dir, mode=755) if not key: key = RSAKey.generate(2048) key.write_private_key_file(private_key) diff --git a/jumpserver/api.py b/jumpserver/api.py index a4840f2061a8..ca1972532264 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -91,7 +91,7 @@ def get_role_key(user, role): """ user_role_key_dir = os.path.join(KEY_DIR, 'user') user_role_key_path = os.path.join(user_role_key_dir, '%s_%s.pem' % (user.username, role.name)) - mkdir(user_role_key_dir, mode=0777) + mkdir(user_role_key_dir, mode=777) if not os.path.isfile(user_role_key_path): with open(os.path.join(role.key_path, 'id_rsa')) as fk: with open(user_role_key_path, 'w') as fu: @@ -458,14 +458,13 @@ def bash(cmd): return subprocess.call(cmd, shell=True) -def mkdir(dir_name, username='', mode=0755): +def mkdir(dir_name, username='', mode=755): """ insure the dir exist and mode ok 目录存在,如果不存在就建立,并且权限正确 """ - if not os.path.isdir(dir_name): - os.makedirs(dir_name) - os.chmod(dir_name, mode) + cmd = '[ ! -d %s ] && mkdir -p %s && chmod %s %s' % (dir_name, dir_name, mode, dir_name) + bash(cmd) if username: chown(dir_name, username) @@ -486,7 +485,7 @@ def my_render(template, data, request): def get_tmp_dir(): seed = uuid.uuid4().hex[:4] dir_name = os.path.join('/tmp', '%s-%s' % (datetime.datetime.now().strftime('%Y%m%d-%H%M%S'), seed)) - mkdir(dir_name, mode=0777) + mkdir(dir_name, mode=777) return dir_name diff --git a/juser/user_api.py b/juser/user_api.py index 03ed65938d8a..9ad22d25e3af 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -130,14 +130,14 @@ def gen_ssh_key(username, password='', """ logger.debug('生成ssh key, 并设置authorized_keys') private_key_file = os.path.join(key_dir, username+'.pem') - mkdir(key_dir, mode=0777) + mkdir(key_dir, mode=777) if os.path.isfile(private_key_file): os.unlink(private_key_file) ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password)) if authorized_keys: auth_key_dir = os.path.join(home, username, '.ssh') - mkdir(auth_key_dir, username=username, mode=0700) + mkdir(auth_key_dir, username=username, mode=700) authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys') with open(private_key_file+'.pub') as pub_f: with open(authorized_key_file, 'w') as auth_f: