#! /usr/bin/python env # -*- coding: utf-8 -*- # Author:cc # date: 2020/8/19 import random,string,json,time,os,sys,requests,subprocess def Usage(): """ 定义一个用法事例 :return: """ print('eg: python ' + sys.argv[0] + ' cc 192.168.1.96') class CreateWinUser: def __init__(self): self.user = user self.ip = ip self.password = password def create(self): """ 创建一个windows用户,并授权 :return: """ try: cmd1 = 'salt %s user.add %s groups="Remote Desktop Users"' %(self.ip, self.user) # cmd1 = subprocess.Popen(['salt %s user.add %s groups "Remote Desktop Users"' %(self.ip, self.user)], shell=True, # stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding="utf-8") cmd2 = 'salt %s user.update %s password=%s password_never_expires=ture' % (self.ip, self.user, self.password) # cmd2 = subprocess.Popen(['salt %s user.update %s password=%s password_never_expires=ture' % (self.ip, self.user, self.password)], # shell=True,stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding="utf-8") res1 = os.system(cmd1) res2 = os.system(cmd2) if res1 !=0 or res2 !=0: print("创建Windows用户失败") else: print("创建Windows用户成功") except Exception as e: print(e) class Create_jump: def __init__(self): """ 初始化实例属性 """ ##url self.url = url ##host self.jum_host = jum_host ##jumpserver token self.token = token ##创建系统用户名称 self.name = name ##给哪个用户授权 self.username = username ##获取windows 授权ip self.ip = ip ##定义创建系统用户的密码 self.password = password ##请求头 self.headers = { "Authorization": "Token {0}".format(self.token) } def Create_assets_system_user(self): """ 创建系统用户 :return: """ ##请求参数 self.data = { "name":self.name, "login_mode":"auto", "username":self.username, "priority":"20", "protocol":"rdp", "password":self.password, "auto_push":True, "sudo":"/bin/whoami", "shell":"/bin/bash", "comment":"", "cmd_filters":[ ], "auto_generate_key":False } try: res = requests.post( url=self.url, headers=self.headers, data=self.data ) if res.status_code in range(200,299): print(res.json()) print("添加系统用户成功") # print(self.data["id"]) elif res.json()['name'][0] == "字段必须唯一": print("系统用户已经存在") else: print(res.json()) print("{0}{1}".format("response status_code is not 200 ", res.json()['name'])) except Exception as e: print(e) def Create_perms_asset_permissions(self): """ 拿到用户的id,assets授权机器的id,system_users系统用户的id :return: """ # 用户id self.user_id = "" # 授权机器id self.assets_id = "" # 系统用户id self.system_users_id = "" try: res_user = requests.get( "{0}/api/v1/users/users/?search={1}&offset=0&limit=10".format(self.jum_host, self.username), headers=self.headers, ) self.user_id = res_user.json()['results'][0]["id"] res_assets = requests.get( "{0}/api/v1/assets/assets/?node_id=70e51ef0-15a6-4871-a9f8-70da1bae6091&show_current_asset=null&draw=3" "&search={1}&limit=15&offset=0".format(self.jum_host, self.ip), headers=self.headers, ) self.assets_id = res_assets.json()['results'][0]["id"] res_system_users = requests.get( "{0}/api/v1/assets/system-users/?draw=5&search={1}&limit=15&offset=0".format(self.jum_host, self.name), headers=self.headers, ) self.system_users_id = res_system_users.json()['results'][0]["id"] except: print("系统用户id或资产授权id获取失败") # 通过上面获取的id,来给资产授权 self.data = { "name": self.name, "users": [ self.user_id ], "assets": [ self.assets_id ], "system_users": [ self.system_users_id ], "actions": [ "all", "connect", "updownload", "upload_file", "download_file" ], "is_active": True, "date_start": "2020-08-19T07:04:00.000Z", "date_expired": "2090-08-02T07:04:00.000Z", "comment": "", "user_groups": [ ], "nodes": [ ] } try: res = requests.post( url="{0}/api/v1/perms/asset-permissions/".format(self.jum_host), headers=self.headers, data=self.data ) if res.status_code in range(200,299): print(res.json()) print("资产授权成功") # print(res.json()["id"]) elif res.json()['name'][0] == "字段必须唯一": print("资产授权规则已经存在") else: print("{0}{1}".format("response status_code is ", res.status_code)) except Exception as e: print(e) if __name__ == '__main__': try: user = sys.argv[1] ip = sys.argv[2] password = "qwer12#A" jum_host = "https://xxx" url = "https://xxx/api/v1/assets/system-users/" name = "Win-" + sys.argv[1] ##永久token,可在官网查看生成方式 token = "824a08ab6760c72f796e079cb52bdce18ae9fb64" username = sys.argv[1] except Exception as e: print(e) else: CreateWinUser_source = CreateWinUser() CreateWinUser_source.create() Create_jump_source = Create_jump() Create_jump_source.Create_assets_system_user() Create_jump_source.Create_perms_asset_permissions()