• 自动添加windows 2012用户,并在jump添加授权


    #! /usr/bin/python env
    # -*- coding: utf-8 -*-
    # Author:cc
    # date: 2020/8/19
    
    import random,string,json,time,os,sys,requests,subprocess
    
    
    def Usage():
        """
        定义一个用法事例
        :return:
        """
        print('eg: python ' + sys.argv[0] + ' cc 192.168.1.96')
    
    class CreateWinUser:
        def __init__(self):
            self.user = user
            self.ip = ip
            self.password = password
    
    
        def create(self):
            """
            创建一个windows用户,并授权
            :return:
            """
            try:
                cmd1 = 'salt %s user.add %s groups="Remote Desktop Users"' %(self.ip, self.user)
                # cmd1 = subprocess.Popen(['salt %s user.add %s groups "Remote Desktop Users"' %(self.ip, self.user)], shell=True,
                #                 stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding="utf-8")
                cmd2 = 'salt %s user.update %s password=%s password_never_expires=ture' % (self.ip, self.user, self.password)
                # cmd2 = subprocess.Popen(['salt %s user.update %s password=%s password_never_expires=ture' % (self.ip, self.user, self.password)],
                #                  shell=True,stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding="utf-8")
                res1 = os.system(cmd1)
                res2 = os.system(cmd2)
                if res1 !=0 or res2 !=0:
                    print("创建Windows用户失败")
                else:
                    print("创建Windows用户成功")
            except Exception as e:
                print(e)
    
    class Create_jump:
        def __init__(self):
            """
            初始化实例属性
            """
            ##url
            self.url = url
            ##host
            self.jum_host = jum_host
            ##jumpserver token
            self.token = token
            ##创建系统用户名称
            self.name = name
            ##给哪个用户授权
            self.username = username
            ##获取windows 授权ip
            self.ip = ip
            ##定义创建系统用户的密码
            self.password = password
            ##请求头
            self.headers = {
                "Authorization": "Token {0}".format(self.token)
            }
    
        def Create_assets_system_user(self):
            """
            创建系统用户
            :return:
            """
            ##请求参数
            self.data = {
                        "name":self.name,
                        "login_mode":"auto",
                        "username":self.username,
                        "priority":"20",
                        "protocol":"rdp",
                        "password":self.password,
                        "auto_push":True,
                        "sudo":"/bin/whoami",
                        "shell":"/bin/bash",
                        "comment":"",
                        "cmd_filters":[
    
                        ],
                        "auto_generate_key":False
                    }
            try:
                res = requests.post(
                                    url=self.url,
                                    headers=self.headers,
                                    data=self.data
                                    )
                if res.status_code in range(200,299):
                    print(res.json())
                    print("添加系统用户成功")
                    # print(self.data["id"])
                elif res.json()['name'][0] == "字段必须唯一":
                    print("系统用户已经存在")
                else:
                    print(res.json())
                    print("{0}{1}".format("response status_code is not 200 ", res.json()['name']))
            except Exception as e:
                print(e)
    
        def Create_perms_asset_permissions(self):
            """
            拿到用户的id,assets授权机器的id,system_users系统用户的id
            :return:
            """
            # 用户id
            self.user_id = ""
            # 授权机器id
            self.assets_id = ""
            # 系统用户id
            self.system_users_id = ""
    
            try:
                res_user = requests.get(
                    "{0}/api/v1/users/users/?search={1}&offset=0&limit=10".format(self.jum_host, self.username),
                    headers=self.headers,
                )
                self.user_id = res_user.json()['results'][0]["id"]
                res_assets = requests.get(
                    "{0}/api/v1/assets/assets/?node_id=70e51ef0-15a6-4871-a9f8-70da1bae6091&show_current_asset=null&draw=3"
                    "&search={1}&limit=15&offset=0".format(self.jum_host, self.ip),
                    headers=self.headers,
                )
                self.assets_id = res_assets.json()['results'][0]["id"]
                res_system_users = requests.get(
                    "{0}/api/v1/assets/system-users/?draw=5&search={1}&limit=15&offset=0".format(self.jum_host, self.name),
                    headers=self.headers,
                )
                self.system_users_id = res_system_users.json()['results'][0]["id"]
            except:
                print("系统用户id或资产授权id获取失败")
    
            # 通过上面获取的id,来给资产授权
            self.data = {
                    "name": self.name,
                    "users": [
                        self.user_id
                    ],
                    "assets": [
                        self.assets_id
                    ],
                    "system_users": [
                        self.system_users_id
                    ],
                    "actions": [
                        "all",
                        "connect",
                        "updownload",
                        "upload_file",
                        "download_file"
                    ],
                    "is_active": True,
                    "date_start": "2020-08-19T07:04:00.000Z",
                    "date_expired": "2090-08-02T07:04:00.000Z",
                    "comment": "",
                    "user_groups": [
    
                    ],
                    "nodes": [
    
                    ]
            }
    
            try:
                res = requests.post(
                                    url="{0}/api/v1/perms/asset-permissions/".format(self.jum_host),
                                    headers=self.headers,
                                    data=self.data
                                    )
                if res.status_code in range(200,299):
                    print(res.json())
                    print("资产授权成功")
                    # print(res.json()["id"])
                elif res.json()['name'][0] == "字段必须唯一":
                    print("资产授权规则已经存在")
                else:
                    print("{0}{1}".format("response status_code is ", res.status_code))
            except Exception as e:
                print(e)
    
    
    
    if __name__ == '__main__':
        try:
            user = sys.argv[1]
            ip = sys.argv[2]
            password = "qwer12#A"
            jum_host = "https://xxx"
            url = "https://xxx/api/v1/assets/system-users/"
            name = "Win-" + sys.argv[1]
            ##永久token,可在官网查看生成方式
            token = "824a08ab6760c72f796e079cb52bdce18ae9fb64"
            username = sys.argv[1]
        except Exception as e:
            print(e)
        else:
            CreateWinUser_source = CreateWinUser()
            CreateWinUser_source.create()
            Create_jump_source = Create_jump()
            Create_jump_source.Create_assets_system_user()
            Create_jump_source.Create_perms_asset_permissions()
    

      

  • 相关阅读:
    齐文词根词缀---3.12、ced-走
    感悟总结---2104012起(文字收集)
    齐文词根词缀---3.11、log说话
    齐文词根词缀---3.10、cata-向下(和cat,cad,cid,cis是一样的)
    齐文词根词缀---3.9、carn-肉、肉欲
    齐文词根词缀---3.8、capit-头(cap帽子)
    齐文词根词缀---3.7、-tect盖子
    齐文词根词缀---3.6、cant-唱、说
    齐文词根词缀---3.5、cad- / cas- 落下(【音变t-d-s】)
    CURL 发送POST请求
  • 原文地址:https://www.cnblogs.com/jcici/p/13552109.html
Copyright © 2020-2023  润新知