Merge branch '0.10' into 0.11

2019-06-11 15:51:10 +02:00 · 2019-06-11 15:51:10 +02:00 · 03b2b79c41
parent 0ed3a63151 3326ec95ce
commit 03b2b79c41
2 changed files with 49 additions and 4 deletions
--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@ -82,6 +82,8 @@ class Actions(JailThread, Mapping):
 		self._actions = OrderedDict()
 		## The ban manager.
 		self.__banManager = BanManager()
 		## precedence of ban (over unban), so max number of tickets banned (to call an unban check):
 		self.banPrecedence = 10
 	@staticmethod
 	def _load_python_module(pythonModule):
@ -307,6 +309,7 @@ class Actions(JailThread, Mapping):
 		bool
 			True when the thread exits nicely.
 		"""
 		cnt = 0
 		for name, action in self._actions.iteritems():
 			try:
 				action.start()
@ -321,8 +324,14 @@ class Actions(JailThread, Mapping):
 					lambda: False, self.sleeptime)
 				logSys.debug("Actions: leave idle mode")
 				continue
-			if not Utils.wait_for(lambda: not self.active or self.__checkBan(), self.sleeptime):
+			# wait for ban (stop if gets inactive):
-				self.__checkUnBan()
+			bancnt = Utils.wait_for(lambda: not self.active or self.__checkBan(), self.sleeptime)
 			cnt += bancnt
 			# unban if nothing is banned not later than banned tickets >= banPrecedence
 			if not bancnt or cnt >= self.banPrecedence:
 				if self.active:
 					self.__checkUnBan()
 				cnt = 0
 		self.__flushBan()
 		self.stopActions()
@ -443,7 +452,7 @@ class Actions(JailThread, Mapping):
 		"""
 		cnt = 0
 		if not tickets:
-			tickets = self.__getFailTickets()
+			tickets = self.__getFailTickets(self.banPrecedence)
 		for ticket in tickets:
 			bTicket = BanTicket.wrap(ticket)
--- a/fail2ban/tests/actionstestcase.py
+++ b/fail2ban/tests/actionstestcase.py
@ -32,7 +32,7 @@ from ..server.actions import Actions
 from ..server.ticket import FailTicket
 from ..server.utils import Utils
 from .dummyjail import DummyJail
-from .utils import LogCaptureTestCase
+from .utils import LogCaptureTestCase, with_alt_time, MyTime
 TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files")
@ -173,3 +173,39 @@ class ExecuteActions(LogCaptureTestCase):
 		self.assertNotLogged("Failed to execute unban")
 		self.assertLogged("action1 unban deleted aInfo IP")
 		self.assertLogged("action2 unban deleted aInfo IP")
 	@with_alt_time
 	def testUnbanOnBusyBanBombing(self):
 		# check unban happens in-between of "ban bombing" despite lower precedence,
 		# if it is not work, we'll see "Unbanned 25" earliest at flushing (after stop)
 		# each 3rd ban we should see an unban check (and tickets gets unbanned):
 		self.__actions.banPrecedence = 3
 		self.__actions.setBanTime(100)
 		self.__actions.start()
 		MyTime.setTime(0); # avoid "expired bantime" (in 0.11)
 		i = 0
 		while i < 25:
 			ip = "192.0.2.%d" % i
 			self.__jail.putFailTicket(FailTicket(ip, 0))
 			i += 1
 		# wait for last ban (all 25 tickets gets banned):
 		self.assertLogged(' / 25,', wait=True)
 		MyTime.setTime(200); # unban time for 25 tickets reached
 		while i < 50:
 			ip = "192.0.2.%d" % i
 			self.__jail.putFailTicket(FailTicket(ip, 200))
 			i += 1
 		# wait for last ban (all 50 tickets gets banned):
 		self.assertLogged(' / 50,', wait=True)
 		self.__actions.stop()
 		self.__actions.join()
 		self.assertLogged('Unbanned 25, 0 ticket(s)')
 		self.assertNotLogged('Unbanned 50, 0 ticket(s)')