leffss
diff --git a/‎Dockerfile
Lines changed: 3 additions & 3 deletions b/‎Dockerfile
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md
Lines changed: 38 additions & 13 deletions b/‎README.md
Lines changed: 38 additions & 13 deletions
diff --git a/‎apps/server/forms.py
Lines changed: 4 additions & 0 deletions b/‎apps/server/forms.py
Lines changed: 4 additions & 0 deletions
diff --git a/‎apps/server/models.py
Lines changed: 3 additions & 0 deletions b/‎apps/server/models.py
Lines changed: 3 additions & 0 deletions
diff --git a/‎apps/server/views_api.py
Lines changed: 10 additions & 2 deletions b/‎apps/server/views_api.py
Lines changed: 10 additions & 2 deletions
diff --git a/‎apps/webguacamole/guacamoleclient.py
Lines changed: 4 additions & 1 deletion b/‎apps/webguacamole/guacamoleclient.py
Lines changed: 4 additions & 1 deletion
diff --git a/‎apps/webguacamole/websocket_layer.py
Lines changed: 36 additions & 33 deletions b/‎apps/webguacamole/websocket_layer.py
Lines changed: 36 additions & 33 deletions
diff --git a/‎apps/webssh/management/commands/sshd.py
Lines changed: 3 additions & 5 deletions b/‎apps/webssh/management/commands/sshd.py
Lines changed: 3 additions & 5 deletions
@@ -1,11 +1,11 @@
-FROM python:3.7.2
+FROM python:3.7.9
 RUN mv /etc/apt/sources.list /etc/apt/sources.list.bak
 COPY ./sources.list /etc/apt
 ADD . /devops
 WORKDIR /devops
 # RUN apt-get update && apt-get install python3-dev default-libmysqlclient-dev sshpass -y
-RUN cd /devops && pip install -i https://mirrors.aliyun.com/pypi/simple -r requirements.txt
-RUN cd /devops && echo_supervisord_conf > /etc/supervisord.conf && cat deamon.ini >> /etc/supervisord.conf && \
+RUN cd /devops && /usr/local/bin/pip install -i https://mirrors.aliyun.com/pypi/simple -r requirements.txt
+RUN cd /devops && echo_supervisord_conf > /etc/supervisord.conf && cat supervisord.conf >> /etc/supervisord.conf && \
 	sed -i 's/nodaemon=false/nodaemon=true/g' /etc/supervisord.conf
 RUN dpkg -i sshpass_1.06-1_amd64.deb
 RUN echo 'Asia/Shanghai' > /etc/timezone
 
@@ -1,5 +1,5 @@
 # devops
-基于 python 3.7.2 + django 2.2.16 + channels 2.2.0 + celery 4.3.0 + ansible 2.9.2 + AdminLTE-3.0.0 实现的运维 devops 管理系统。具体见 `screenshots` 文件夹中的效果预览图。
+基于 python 3.7.9 + django 2.2.16 + channels 2.4.0 + celery 4.4.7 + ansible 2.9.14 + AdminLTE-3.0.0 实现的运维 devops 管理系统。具体见 `screenshots` 文件夹中的效果预览图。
 本人为运维工程师，非专业开发，项目各个功能模块都是现学现用，可能有的地方暂时没有考虑合理和性能的问题。
 
 
@@ -35,7 +35,7 @@
 
 # 部署安装
 
-环境：Centos 7.5，python 3.7.2，docker 1.13.1，项目目录为 `/home/workspace/devops` 。
+环境：Centos 7.5，python 3.7.9，docker 1.13.1，项目目录为 `/home/workspace/devops` 。
 
 **1. 安装依赖**
 ```bash
@@ -46,28 +46,33 @@ yum install -y gcc sshpass python3-devel mysql-devel
 - python3-devel 与 mysql-devel 为 mysqlclient 库的依赖
 - 不建议使用 pymysql 代替 mysqlclient ，因为 pymysql 为纯 python 编写的库，性能较低
 
-**2. 安装 redis（docker 方式）**
+**2. 安装 mysql（docker 方式）**
 ```bash
-docker run --name redis-server -p 6379:6379 -d redis:latest
+docker run -d --name mysql -e MYSQL_ROOT_PASSWORD=123456 -p 3306:3306 mysql:5.7.31
+```
+
+**3. 安装 redis（docker 方式）**
+```bash
+docker run --name redis-server -p 6379:6379 -d redis:6.0.8
 ```
 - channels、缓存、celery以及 session 支持所需，必须
 
-**3. 安装 guacd（docker 方式）**
+**4. 安装 guacd（docker 方式）**
 ```bash
-docker run --name guacd -e GUACD_LOG_LEVEL=info -v /home/workspace/devops/media/guacd:/fs -p 4822:4822 -d guacamole/guacd
+docker run --name guacd -e GUACD_LOG_LEVEL=info -v /home/workspace/devops/media/guacd:/fs -p 4822:4822 -d guacamole/guacd:1.1.0
 ```
 - rdp 与 vnc 连接支持所需，非必须
 - rdp 必须设置为`允许运行任意版本远程桌面的计算机连接(较不安全)(L)`才能连接，也就说目前暂不支持 nla 登陆方式
 - `-v /home/workspace/devops/media/guacd:/fs` 挂载磁盘，用于远程挂载文件系统实现上传和下载文件
 
-**4. 安装 python 依赖库**
+**5. 安装 python 依赖库**
 ```bash
 # 安装相关库
 pip3 install -i https://mirrors.aliyun.com/pypi/simple -r requirements.txt
 ```
 - -i 指定阿里源，速度飞起，我大 TC 威武，局域网玩得贼 6
 
-**5. 修改 devops/settings.py 配置**
+**6. 修改 devops/settings.py 配置**
 
 相关配置均有注释，根据实际情况修改。默认数据库使用的是 sqlite3，如果需要使用 mysql，方法如下：
 
@@ -93,7 +98,7 @@ DATABASES = {
 ```
 - 相关数据库(不需创建表)与账号必须事先在 mysql 数据库中创建好并授权。
 
-**6. 迁移数据库**
+**7. 迁移数据库**
 ```bash
 sh delete_makemigrations.sh
 rm -f db.sqlite3
@@ -102,15 +107,15 @@ python3 manage.py makemigrations
 python3 manage.py migrate
 ```
 
-**7. 初始化数据**
+**8. 初始化数据**
 ```bash
 python3 manage.py loaddata initial_data.json
 python3 init.py
 ```
 - initial_data.json 为权限数据
 - init.py 创建超级管理员 admin 以及部分测试数据，可根据实际情况修改
 
-**8. 启动相关服务**
+**9. 启动相关服务**
 ```bash
 rm -rf logs/*
 export PYTHONOPTIMIZE=1		# 解决 celery 不允许创建子进程的问题
@@ -127,7 +132,7 @@ nohup gunicorn -c gunicorn.cfg devops.wsgi:application > logs/gunicorn.log 2>&1
 - celery_beat 定时任务处理进程，读取 `devops/settings.py` 中设置的 `CELERY_BEAT_SCHEDULE` 定时任务，详见 v1.8.8 升级日志
 - 需要停止时 kill 相应的进程，然后删除 logs 目录下所有的 pid 文件即可
 
-**9. 配置 nginx 前端代理**
+**10. 配置 nginx 前端代理**
 ```
 yum install -y nginx
 ```
@@ -272,7 +277,7 @@ systemctl start nginx
 ```
 - 启动前建议先检查下配置是否正确：`nginx -t`
 
-**10. 访问首页：http://127.0.0.1**
+**11. 访问首页：http://127.0.0.1**
 
 初始超级管理员：
 > 账号： admin     密码：123456
@@ -295,6 +300,26 @@ systemctl start nginx
 
 # 升级日志
 
+### ver2.2.0
+升级 webguacamole，支持设置 AD 域账号以及设置验证方式（any、rdp、tls、nla、nla-ext）；
+
+升级部分依赖：
+- celery 4.3.0 到 4.4.7；
+- channel 2.2.0 到 2.4.0；
+- channel-redis 2.4.0 到 3.1.0；
+- daphne 2.3.0 到 2.5.0；
+- pyasn1 0.4.3 到 0.4.8；
+- cryptography 2.7 到 2.8；
+- gunicorn 20.0.3 到 20.0.4；
+- supervisor 4.1.0 到 4.2.1；
+- redis 3.3.11 到 3.5.3；
+- django-redis 4.10.0 到 4.12.1；
+- requests==2.22.0 到 2.24.0；
+- jsonpickle 1.2 到 1.4.1；
+- gssapi==1.6.2 到 1.6.9；
+- django-cachalot 2.3.1 到 2.3.2；
+- ansible 2.9.2 到 2.9.14；
+
 ### ver2.1.1
 修正 greenlet 与 gunicorn 的兼容性问题；
 
 
@@ -5,6 +5,7 @@ class ChangeUserForm(forms.Form):
     userid = forms.IntegerField(label="用户ID")
     username = forms.CharField(label="用户名", max_length=128)
     password = forms.CharField(label="密码", max_length=32)
+    domain = forms.CharField(label="AD域", max_length=256, required=False)
     memo = forms.CharField(label="备注", max_length=255, widget=forms.Textarea, required=False)
     enabled = forms.BooleanField(label="登陆后是否su跳转超级用户", required=False)
     superusername = forms.CharField(label="超级用户", max_length=128, required=False)
@@ -15,6 +16,7 @@ class AddUserForm(forms.Form):
     name = forms.CharField(label="名称", max_length=128)
     username = forms.CharField(label="用户名", max_length=128)
     password = forms.CharField(label="密码", max_length=32)
+    domain = forms.CharField(label="AD域", max_length=256, required=False)
     memo = forms.CharField(label="备注", max_length=255, widget=forms.Textarea, required=False)
     enabled = forms.BooleanField(label="登陆后是否su跳转超级用户", required=False)
     superusername = forms.CharField(label="超级用户", max_length=128, required=False)
@@ -27,6 +29,7 @@ class ChangeHostForm(forms.Form):
     ip = forms.GenericIPAddressField(label="主机IP")
     wip = forms.GenericIPAddressField(label="公网IP", required=False)
     protocol = forms.IntegerField(label='协议')
+    security = forms.CharField(label="rdp验证方式", max_length=32, required=False)
     env = forms.IntegerField(label='环境')
     platform = forms.IntegerField(label='平台')
     port = forms.IntegerField(label='端口')
@@ -42,6 +45,7 @@ class AddHostForm(forms.Form):
     ip = forms.GenericIPAddressField(label="主机IP")
     wip = forms.GenericIPAddressField(label="公网IP", required=False)
     protocol = forms.IntegerField(label='协议')
+    security = forms.CharField(label="rdp验证方式", max_length=32, required=False)
     env = forms.IntegerField(label='环境')
     platform = forms.IntegerField(label='平台')
     port = forms.IntegerField(label='端口')
 
@@ -26,6 +26,7 @@ class RemoteUser(models.Model):
     name = models.CharField(unique=True, max_length=128, verbose_name="名称")
     username = models.CharField(max_length=128, verbose_name="用户名")
     password = models.CharField(max_length=512, verbose_name="密码")
+    domain = models.CharField(blank=True, null=True, max_length=256, verbose_name='AD域验证服务器')
     enabled = models.BooleanField(default=False, verbose_name='登陆后是否su跳转超级用户')
     superusername = models.CharField(max_length=128, blank=True, null=True, verbose_name="超级用户")
     superpassword = models.CharField(max_length=512, blank=True, null=True, verbose_name="超级密码")
@@ -78,6 +79,8 @@ class RemoteUserBindHost(models.Model):
     port = models.SmallIntegerField(default=22, verbose_name='端口')
     release = models.CharField(max_length=255, default='CentOS', verbose_name='系统/型号')
     platform = models.SmallIntegerField(default=1, choices=PLATFORM_CHOICES, verbose_name='平台')
+    # rdp 验证方式，可选项：rdp，tls，nla，nla-ext
+    security = models.CharField(blank=True, null=True, max_length=32, verbose_name='rdp验证方式')
     memo = models.TextField(blank=True, null=True, verbose_name='备注')
     # on_delete 当 RemoteUser 记录被删时，阻止其操作
     remote_user = models.ForeignKey('RemoteUser', blank=True, null=True, on_delete=models.PROTECT)
 
@@ -24,6 +24,7 @@ def user_update(request):
         userid = changeuser_form.cleaned_data.get('userid')
         username = changeuser_form.cleaned_data.get('username')
         password = changeuser_form.cleaned_data.get('password')
+        domain = changeuser_form.cleaned_data.get('domain', None)
         memo = changeuser_form.cleaned_data.get('memo')
         enabled = changeuser_form.cleaned_data.get('enabled')
         superusername = changeuser_form.cleaned_data.get('superusername', None)
@@ -36,6 +37,7 @@ def user_update(request):
         data = {
             'username': username,
             'password': encrypt(password),
+            'domain': domain,
             'memo': memo,
             'enabled': enabled,
             'superusername': superusername,
@@ -65,6 +67,7 @@ def user_add(request):
         name = adduser_form.cleaned_data.get('name')
         username = adduser_form.cleaned_data.get('username')
         password = adduser_form.cleaned_data.get('password')
+        domain = adduser_form.cleaned_data.get('domain', None)
         memo = adduser_form.cleaned_data.get('memo')
         enabled = adduser_form.cleaned_data.get('enabled')
         superusername = adduser_form.cleaned_data.get('superusername', None)
@@ -78,6 +81,7 @@ def user_add(request):
             'name': name,
             'username': username,
             'password': encrypt(password),
+            'domain': domain,
             'memo': memo,
             'enabled': enabled,
             'superusername': superusername,
@@ -178,6 +182,7 @@ def host_update(request):
         ip = changehost_form.cleaned_data.get('ip')
         wip = changehost_form.cleaned_data.get('wip')
         protocol = changehost_form.cleaned_data.get('protocol')
+        security = changehost_form.cleaned_data.get('security', None)
         env = changehost_form.cleaned_data.get('env')
         platform = changehost_form.cleaned_data.get('platform')
         port = changehost_form.cleaned_data.get('port')
@@ -190,6 +195,7 @@ def host_update(request):
             'ip': ip,
             'wip': wip,
             'protocol': protocol,
+            'security': security,
             'env': env,
             'platform': platform,
             'port': port,
@@ -232,6 +238,7 @@ def host_add(request):
         ip = addhost_form.cleaned_data.get('ip')
         wip = addhost_form.cleaned_data.get('wip')
         protocol = addhost_form.cleaned_data.get('protocol')
+        security = addhost_form.cleaned_data.get('security', None)
         env = addhost_form.cleaned_data.get('env')
         platform = addhost_form.cleaned_data.get('platform')
         port = addhost_form.cleaned_data.get('port')
@@ -245,6 +252,7 @@ def host_add(request):
             'ip': ip,
             'wip': wip,
             'protocol': protocol,
+            'security': security,
             'env': env,
             'platform': platform,
             'port': port,
@@ -258,7 +266,7 @@ def host_add(request):
             data['remote_user'] = remoteuser
             remoteuserbindhost = RemoteUserBindHost.objects.create(**data)
             if not request.session['issuperuser'] or request.session['username'] != 'admin':
-                user.remote_user_bind_hosts.add(remoteuserbindhost)     #  非 admin 添加的主机分配给自己
+                user.remote_user_bind_hosts.add(remoteuserbindhost)     # 非 admin 添加的主机分配给自己
             event_log(user, 12, '主机 [{}] 添加成功'.format(remoteuserbindhost.hostname),
                             request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
             hostinfo = dict()
@@ -292,7 +300,7 @@ def host_update_info(request):
     hostid = request.POST.get('id', None)
 
     try:
-        ids = [ int(x) for x in hostid.split(',')]
+        ids = [int(x) for x in hostid.split(',')]
     except Exception:
         error_message = '不合法的请求参数!'
         return JsonResponse({"code": 401, "err": error_message})
 
@@ -134,6 +134,8 @@ def connect(self, protocol, hostname, port, username, password, width, height, d
                     **kwargs,
                 )
             elif protocol == 'rdp':
+                if 'security' not in kwargs.keys():
+                    kwargs['security'] = 'any'
                 self.guacamoleclient.handshake(
                     protocol=protocol,
                     port=port,
@@ -143,7 +145,8 @@ def connect(self, protocol, hostname, port, username, password, width, height, d
                     width=width,
                     height=height,
                     dpi=dpi,
-                    security='tls',     # rdp,nla,tls,any
+                    # domain='SWAD.COM',  # 域验证服务器
+                    # security='nla',  # rdp,nla,nla-ext,tls,any
                     ignore_cert="true",
                     disable_audio="true",
                     client_name="devops",
 
@@ -87,40 +87,43 @@ def connect(self):
 
         self.guacamoleclient = Client(websocker=self)
         if 'webguacamole终端文件上传下载' not in self.session[settings.INIT_PERMISSION]['titles']:  # 判断权限
-            self.guacamoleclient.connect(
-                protocol=self.remote_host.get_protocol_display(),
-                hostname=self.remote_host.ip,
-                port=self.remote_host.port,
-                username=self.remote_host.remote_user.username,
-                password=decrypt(self.remote_host.remote_user.password),
-                width=self.width,
-                height=self.height,
-                dpi=self.dpi,
-                enable_font_smoothing="true",
-            )
+            kwargs = {
+                'protocol': self.remote_host.get_protocol_display(),
+                'hostname': self.remote_host.ip,
+                'port': self.remote_host.port,
+                'username': self.remote_host.remote_user.username,
+                'password': decrypt(self.remote_host.remote_user.password),
+                'width': self.width,
+                'height': self.height,
+                'dpi': self.dpi,
+                'enable_font_smoothing': "true",
+            }
+            if self.remote_host.remote_user.domain:
+                kwargs['domain'] = self.remote_host.remote_user.domain
+            if self.remote_host.security:
+                kwargs['security'] = self.remote_host.security
+            self.guacamoleclient.connect(**kwargs)
         else:
-            self.guacamoleclient.connect(
-                protocol=self.remote_host.get_protocol_display(),
-                hostname=self.remote_host.ip,
-                port=self.remote_host.port,
-                username=self.remote_host.remote_user.username,
-                password=decrypt(self.remote_host.remote_user.password),
-                width=self.width,
-                height=self.height,
-                dpi=self.dpi,
-                enable_drive="true",
-                drive_name="filesystem",
-                drive_path="/fs/{}".format(self.group),
-                create_drive_path="true",
-
-                # enable_wallpaper="true",
-                # enable_theming="true",
-                enable_font_smoothing="true",   # 字体平滑开启就可以了
-                # enable_full_window_drag="true",
-                # enable_desktop_composition="true",
-                # enable_menu_animations="true",
-            )
-
+            kwargs = {
+                'protocol': self.remote_host.get_protocol_display(),
+                'hostname': self.remote_host.ip,
+                'port': self.remote_host.port,
+                'username': self.remote_host.remote_user.username,
+                'password': decrypt(self.remote_host.remote_user.password),
+                'width': self.width,
+                'height': self.height,
+                'dpi': self.dpi,
+                'enable_font_smoothing': "true",
+                'enable_drive': "true",
+                'drive_name': "filesystem",
+                'drive_path': "/fs/{}".format(self.group),
+                'create_drive_path': "true",
+            }
+            if self.remote_host.remote_user.domain:
+                kwargs['domain'] = self.remote_host.remote_user.domain
+            if self.remote_host.security:
+                kwargs['security'] = self.remote_host.security
+            self.guacamoleclient.connect(**kwargs)
         for i in self.scope['headers']:
             if i[0].decode('utf-8') == 'user-agent':
                 self.user_agent = i[1].decode('utf-8')
 
@@ -5,19 +5,17 @@
 
 
 class Command(BaseCommand):
-    # 生成SSH服务端，用于透明代理SSH
-    help = u'生成SSH透明代理服务器，类似堡垒机功能，使网站支持CRT,Xshell等SSH终端'
+    help = '生成 SSH/SFTP 透明代理服务器，用于支持 SecureCRT/xshell/putty/winscp 等 SSH/SFTP 终端'
 
     # def add_arguments(self, parser):
     #     parser.add_argument('port', nargs='?', default='2222', type=int,
-    #                         help=u'''
+    #                         help='''
     #                         SSH监听端口，默认为2222
     #                         ''')
 
     def handle(self, *args, **options):
         host = settings.PROXY_SSHD.get('listen_host', '0.0.0.0')
         port = settings.PROXY_SSHD.get('listen_port', 2222)
-        cons = settings.PROXY_SSHD.get('cons', 250)
+        cons = settings.PROXY_SSHD.get('cons', 100)
         ssh_server = SSHServer(host, port, cons)
         ssh_server.run()
-