堡垒机调用原生ssh登陆
Posted venvive
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了堡垒机调用原生ssh登陆相关的知识,希望对你有一定的参考价值。
#models.py
from django.db import models
from django.contrib.auth.models import (BaseUserManager,AbstractBaseUser,PermissionsMixin)
from django.utils.translation import ugettext_lazy as _
from django.utils.safestring import mark_safe
# Create your models here.
class Host(models.Model):
"""存储主机列表"""
hostname = models.CharField(max_length=64,unique=True)
ip_addr = models.GenericIPAddressField(unique=True)
port = models.SmallIntegerField(default=22)
idc = models.ForeignKey("IDC",on_delete=models.CASCADE) #机房
enabled = models.BooleanField(default=True)
def __str__(self):
return "%s(%s)"%(self.hostname,self.ip_addr)
class IDC(models.Model):
"""机房信息"""
name = models.CharField(max_length=64,unique=True)
def __str__(self):
return self.name
class HostGroup(models.Model):
"""主机组"""
name = models.CharField(max_length=64,unique=True)
bind_hosts = models.ManyToManyField("BindHost",blank=True,null=True)
def __str__(self):
return self.name
class UserProfileManager(BaseUserManager):
def create_user(self, email, name, password=None):
"""
Creates and saves a User with the given email, date of
birth and password.
"""
if not email:
raise ValueError('Users must have an email address')
user = self.model(
email=self.normalize_email(email),
name=name,
)
user.set_password(password)
self.is_active = True
user.save(using=self._db)
return user
def create_superuser(self,email, name, password):
"""
Creates and saves a superuser with the given email, date of
birth and password.
"""
user = self.create_user(
email,
password=password,
name=name,
)
user.is_active = True
user.is_superuser = True
#user.is_admin = True
user.save(using=self._db)
return user
class UserProfile(AbstractBaseUser,PermissionsMixin):
"""堡垒机账号"""
email = models.EmailField(
verbose_name='email address',
max_length=255,
unique=True,
null=True
)
password = models.CharField(_('password'), max_length=128,
help_text=mark_safe('''<a href='password/'>修改密码</a>'''))
name = models.CharField(max_length=32)
is_active = models.BooleanField(default=True)
#is_admin = models.BooleanField(default=False)
bind_hosts = models.ManyToManyField("BindHost",blank=True)
host_groups = models.ManyToManyField("HostGroup",blank=True)
objects = UserProfileManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['name']
def get_full_name(self):
# The user is identified by their email address
return self.email
def get_short_name(self):
# The user is identified by their email address
return self.email
def __str__(self): # __unicode__ on Python 2
return self.email
# def has_perm(self, perm, obj=None):
# "Does the user have a specific permission?"
# # Simplest possible answer: Yes, always
# return True
#
# def has_module_perms(self, app_label):
# "Does the user have permissions to view the app `app_label`?"
# # Simplest possible answer: Yes, always
# return True
@property
def is_staff(self):
"Is the user a member of staff?"
# Simplest possible answer: All admins are staff
return self.is_active
class HostUser(models.Model):
"""主机登陆账户"""
auth_type_choices = ((0,'ssh-password'),(1,'ssh-key'))
auth_type = models.SmallIntegerField(choices=auth_type_choices,default=0)
username = models.CharField(max_length=64)
password = models.CharField(max_length=128,blank=True,null=True)
def __str__(self):
return "%s:%s" %(self.username,self.password)
class Meta:
unique_together = ('auth_type','username','password')
class BindHost(models.Model):
"""绑定主机和主机账号"""
host = models.ForeignKey("Host",on_delete=models.CASCADE)
host_user = models.ForeignKey("HostUser",on_delete=models.CASCADE)
def __str__(self):
return "%s@%s"%(self.host,self.host_user)
class Meta:
unique_together = ('host','host_user')
#admin.py
from django.contrib import admin
from django import forms
from django.contrib.auth.models import Group
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
from django.contrib.auth.forms import ReadOnlyPasswordHashField
from audit.CrazyEye.auditapp import models
# Register your models here.
class UserCreationForm(forms.ModelForm):
"""A form for creating new users. Includes all the required
fields, plus a repeated password."""
password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput)
class Meta:
model = models.UserProfile
fields = ('email', 'name')
def clean_password2(self):
# Check that the two password entries match
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError("Passwords don't match")
return password2
def save(self, commit=True):
# Save the provided password in hashed format
user = super(UserCreationForm, self).save(commit=False)
user.set_password(self.cleaned_data["password1"])
if commit:
user.save()
return user
class UserChangeForm(forms.ModelForm):
"""A form for updating users. Includes all the fields on
the user, but replaces the password field with admin's
password hash display field.
"""
password = ReadOnlyPasswordHashField()
class Meta:
model = models.UserProfile
fields = ('email', 'password', 'name', 'is_active', 'is_superuser')
def clean_password(self):
# Regardless of what the user provides, return the initial value.
# This is done here, rather than on the field, because the
# field does not have access to the initial value
return self.initial["password"]
class UserProfileAdmin(BaseUserAdmin):
# The forms to add and change user instances
form = UserChangeForm
add_form = UserCreationForm
# The fields to be used in displaying the User model.
# These override the definitions on the base UserAdmin
# that reference specific fields on auth.User.
list_display = ('email', 'name', "is_active",'is_superuser')
list_filter = ('is_superuser',)
fieldsets = (
(None, {'fields': ('email', 'password')}),
('Personal', {'fields': ('name',)}),
('Permissions', {'fields': ('is_superuser',"is_active","bind_hosts","host_groups","user_permissions","groups")}),
)
# add_fieldsets is not a standard ModelAdmin attribute. UserAdmin
# overrides get_fieldsets to use this attribute when creating a user.
add_fieldsets = (
(None, {
'classes': ('wide',),
'fields': ('email', 'name', 'password1', 'password2')}
),
)
search_fields = ('email',)
ordering = ('email',)
filter_horizontal = ("bind_hosts","host_groups","user_permissions","groups")
class HostUserAdmin(admin.ModelAdmin):
list_display = ('username','auth_type','password')
admin.site.register(models.UserProfile,UserProfileAdmin)
admin.site.register(models.Host,)
admin.site.register(models.HostGroup,)
admin.site.register(models.HostUser,HostUserAdmin)
admin.site.register(models.BindHost,)
admin.site.register(models.IDC,)
以上是关于堡垒机调用原生ssh登陆的主要内容,如果未能解决你的问题,请参考以下文章