#! /usr/bin/python env
# -*- coding: utf-8 -*-
# Author:cc
# date: 2020/8/19
import random,string,json,time,os,sys,requests,subprocess
def Usage():
"""
定义一个用法事例
:return:
"""
print('eg: python ' + sys.argv[0] + ' cc 192.168.1.96')
class CreateWinUser:
def __init__(self):
self.user = user
self.ip = ip
self.password = password
def create(self):
"""
创建一个windows用户,并授权
:return:
"""
try:
cmd1 = 'salt %s user.add %s groups="Remote Desktop Users"' %(self.ip, self.user)
# cmd1 = subprocess.Popen(['salt %s user.add %s groups "Remote Desktop Users"' %(self.ip, self.user)], shell=True,
# stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding="utf-8")
cmd2 = 'salt %s user.update %s password=%s password_never_expires=ture' % (self.ip, self.user, self.password)
# cmd2 = subprocess.Popen(['salt %s user.update %s password=%s password_never_expires=ture' % (self.ip, self.user, self.password)],
# shell=True,stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding="utf-8")
res1 = os.system(cmd1)
res2 = os.system(cmd2)
if res1 !=0 or res2 !=0:
print("创建Windows用户失败")
else:
print("创建Windows用户成功")
except Exception as e:
print(e)
class Create_jump:
def __init__(self):
"""
初始化实例属性
"""
##url
self.url = url
##host
self.jum_host = jum_host
##jumpserver token
self.token = token
##创建系统用户名称
self.name = name
##给哪个用户授权
self.username = username
##获取windows 授权ip
self.ip = ip
##定义创建系统用户的密码
self.password = password
##请求头
self.headers = {
"Authorization": "Token {0}".format(self.token)
}
def Create_assets_system_user(self):
"""
创建系统用户
:return:
"""
##请求参数
self.data = {
"name":self.name,
"login_mode":"auto",
"username":self.username,
"priority":"20",
"protocol":"rdp",
"password":self.password,
"auto_push":True,
"sudo":"/bin/whoami",
"shell":"/bin/bash",
"comment":"",
"cmd_filters":[
],
"auto_generate_key":False
}
try:
res = requests.post(
url=self.url,
headers=self.headers,
data=self.data
)
if res.status_code in range(200,299):
print(res.json())
print("添加系统用户成功")
# print(self.data["id"])
elif res.json()['name'][0] == "字段必须唯一":
print("系统用户已经存在")
else:
print(res.json())
print("{0}{1}".format("response status_code is not 200 ", res.json()['name']))
except Exception as e:
print(e)
def Create_perms_asset_permissions(self):
"""
拿到用户的id,assets授权机器的id,system_users系统用户的id
:return:
"""
# 用户id
self.user_id = ""
# 授权机器id
self.assets_id = ""
# 系统用户id
self.system_users_id = ""
try:
res_user = requests.get(
"{0}/api/v1/users/users/?search={1}&offset=0&limit=10".format(self.jum_host, self.username),
headers=self.headers,
)
self.user_id = res_user.json()['results'][0]["id"]
res_assets = requests.get(
"{0}/api/v1/assets/assets/?node_id=70e51ef0-15a6-4871-a9f8-70da1bae6091&show_current_asset=null&draw=3"
"&search={1}&limit=15&offset=0".format(self.jum_host, self.ip),
headers=self.headers,
)
self.assets_id = res_assets.json()['results'][0]["id"]
res_system_users = requests.get(
"{0}/api/v1/assets/system-users/?draw=5&search={1}&limit=15&offset=0".format(self.jum_host, self.name),
headers=self.headers,
)
self.system_users_id = res_system_users.json()['results'][0]["id"]
except:
print("系统用户id或资产授权id获取失败")
# 通过上面获取的id,来给资产授权
self.data = {
"name": self.name,
"users": [
self.user_id
],
"assets": [
self.assets_id
],
"system_users": [
self.system_users_id
],
"actions": [
"all",
"connect",
"updownload",
"upload_file",
"download_file"
],
"is_active": True,
"date_start": "2020-08-19T07:04:00.000Z",
"date_expired": "2090-08-02T07:04:00.000Z",
"comment": "",
"user_groups": [
],
"nodes": [
]
}
try:
res = requests.post(
url="{0}/api/v1/perms/asset-permissions/".format(self.jum_host),
headers=self.headers,
data=self.data
)
if res.status_code in range(200,299):
print(res.json())
print("资产授权成功")
# print(res.json()["id"])
elif res.json()['name'][0] == "字段必须唯一":
print("资产授权规则已经存在")
else:
print("{0}{1}".format("response status_code is ", res.status_code))
except Exception as e:
print(e)
if __name__ == '__main__':
try:
user = sys.argv[1]
ip = sys.argv[2]
password = "qwer12#A"
jum_host = "https://xxx"
url = "https://xxx/api/v1/assets/system-users/"
name = "Win-" + sys.argv[1]
##永久token,可在官网查看生成方式
token = "824a08ab6760c72f796e079cb52bdce18ae9fb64"
username = sys.argv[1]
except Exception as e:
print(e)
else:
CreateWinUser_source = CreateWinUser()
CreateWinUser_source.create()
Create_jump_source = Create_jump()
Create_jump_source.Create_assets_system_user()
Create_jump_source.Create_perms_asset_permissions()