up

3 years ago · b8de9e3d01
parent 4cd456a76c
commit b8de9e3d01
2 changed files with 71 additions and 11 deletions
--- a/class/core/firewall_api.py
+++ b/class/core/firewall_api.py
@ -178,6 +178,8 @@ class firewall_api:
        return self.getLogList(int(p), int(limit), search)

    def getSshInfoApi(self):
+        data = {}
+
        file = '/etc/ssh/sshd_config'
        conf = mw.readFile(file)
        rep = "#*Port\s+([0-9]+)\s*\n"
@ -189,9 +191,9 @@ class firewall_api:
                isPing = True
            else:
                file = '/etc/sysctl.conf'
-                conf = mw.readFile(file)
+                sys_conf = mw.readFile(file)
                rep = "#*net\.ipv4\.icmp_echo_ignore_all\s*=\s*([0-9]+)"
-                tmp = re.search(rep, conf).groups(0)[0]
+                tmp = re.search(rep, sys_conf).groups(0)[0]
                if tmp == '1':
                    isPing = False
        except:
@ -209,9 +211,14 @@ class firewall_api:
        if ssh_status[0] != '':
            status = False

-        data = {}
-        data['port'] = port
+        # 密码登陆配置检查
+        pass_rep = "^(PasswordAuthentication)\s+(\w*)\s*\n"
+        pass_status = re.search(pass_rep, conf)
+        data['pass_prohibit_status'] = True
+        if pass_status and pass_status.groups(0)[0].strip() == 'yes':
+            data['pass_prohibit_status'] = False

+        data['port'] = port
        data['status'] = status
        data['ping'] = isPing
        if mw.isAppleSystem():
@ -279,6 +286,32 @@ class firewall_api:
        mw.writeLog("防火墙管理", msg)
        return mw.returnJson(True, '操作成功!')

+    def setSshPassStatusApi(self):
+        # if mw.isAppleSystem():
+        #     return mw.returnJson(True, '开发机不能操作!')
+
+        status = request.form.get('status', '1').strip()
+        msg = '禁止密码登陆'
+        if status == "1":
+            msg = '开始密码登陆'
+
+        file = '/etc/ssh/sshd_config'
+        conf = mw.readFile(file)
+
+        # print(conf)
+        if status == '1':
+            rep = "#PasswordAuthentication\s+(\w*)\s*\n"
+            conf = re.sub(rep, "PasswordAuthentication yes\n", conf)
+        else:
+            rep = "^(PasswordAuthentication)\s+(\w*)\s*\n"
+            conf = re.sub(rep, "#PasswordAuthentication yes\n", conf)
+        # print('......' * 10)
+        # print(conf)
+        mw.writeFile(file, conf)
+        mw.execShell("systemctl restart sshd.service")
+        mw.writeLog("SSH管理", msg)
+        return mw.returnJson(True, '操作成功!')
+
    def setPingApi(self):
        if mw.isAppleSystem():
            return mw.returnJson(True, '开发机不能操作!')
--- a/route/static/app/firewall.js
+++ b/route/static/app/firewall.js
@ -56,7 +56,7 @@ function sshMgr(){

 	$.post('/firewall/get_ssh_info', '', function(rdata){
 		var ssh_status = rdata.status ? 'checked':'';
-		var login_status = '';
+		var pass_prohibit_status = rdata.pass_prohibit_status ? 'checked':'';
 		var con = '<div class="pd15">\
                <div class="divtable">\
                    <table class="table table-hover waftable">\
@ -72,11 +72,11 @@ function sshMgr(){
                                </td>\
                            </tr>\
                            <tr>\
-                                <td>禁止登陆</td>\
+                                <td>禁止密码登陆</td>\
                                <td>\
                                    <div class="ssh-item" style="margin-left:0">\
-                                        <input class="btswitch btswitch-ios" id="ssh_login" type="checkbox" '+login_status+'>\
-                                        <label class="btswitch-btn" for="ssh_login" onclick=\'setMstscStatus()\'></label>\
+                                        <input class="btswitch btswitch-ios" id="pass_status" type="checkbox" '+pass_prohibit_status+'>\
+                                        <label class="btswitch-btn" for="pass_status" onclick=\'setSshPassStatus()\'></label>\
                                    </div>\
                                </td>\
                            </tr>\
@ -235,10 +235,7 @@ function setMstscStatus(){
 		if(index > 0){
 			layer.msg('正在处理,请稍候...',{icon:16,time:20000});
 			$.post('/firewall/set_ssh_status','status='+status,function(rdata){
-				// console.log(rdata);
-				layer.closeAll();
 				layer.msg(rdata.msg,{icon:rdata.status?1:2});
-				setTimeout(function(){window.location.reload();},3000);
 			},'json');
 		}
 	},function(){
@ -250,6 +247,36 @@ function setMstscStatus(){
 	});
 }

+/**
+ * 设置远程服务状态
+ * @param {Int} state 0.启用 1.关闭
+ */
+function setSshPassStatus(){
+	status = $("#pass_status").prop("checked")==true?1:0;
+	var msg = status==1?'开启密码登陆,继续吗？':'确定禁止密码登陆吗？';
+	layer.confirm(msg,{title:'警告',closeBtn:2,cancel:function(){
+		if(status == 0){
+			$("#pass_status").prop("checked",false);
+		}
+		else{
+			$("#pass_status").prop("checked",true);
+		}
+	}},function(index){
+		if(index > 0){
+			layer.msg('正在处理,请稍候...',{icon:16,time:20000});
+			$.post('/firewall/set_ssh_pass_status','status='+status,function(rdata){
+				layer.msg(rdata.msg,{icon:rdata.status?1:2});
+			},'json');
+		}
+	},function(){
+		if(status == 0){
+			$("#pass_status").prop("checked",false);
+		} else {
+			$("#pass_status").prop("checked",true);
+		}
+	});
+}
+
 /**
 * 取回数据
 * @param {Int} page  分页号