Merge branch '0.10' into 0.11

ChangeLog

@@ -73,12 +73,15 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition
   - MYSQL 8.0.13 compatibility (log-error-verbosity = 3), log-format contains few additional words
     enclosed in brackets after "[Note]" (gh-2314)
 * `files/fail2ban.service.in`: fixed systemd-unit template - missing nftables dependency (gh-2313)
+* several `action.d/mail*`: fixed usage with multiple log files (ultimate fix for gh-976, gh-2341)
 
 ### New Features
 * new failregex-flag tag `<F-MLFGAINED>` for failregex, signaled that the access to service was gained
   (ATM used similar to tag `<F-NOFAIL>`, but it does not add the log-line to matches, gh-2279)
 
 ### Enhancements
+* jail-reader extended (amend to gh-1622): actions support multi-line options now (interpolations
+  containing new-line);
 
 
 ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four

config/jail.conf

@@ -85,6 +85,7 @@ before = paths-debian.conf
 # "ignoreself" specifies whether the local resp. own IP addresses should be ignored
 # (default is true). Fail2ban will not ban a host which matches such addresses.
 #ignoreself = true
+
 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
 # will not ban a host which matches an address in this list. Several addresses
 # can be defined using space (and/or comma) separator.
@@ -214,19 +215,19 @@ action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protoc
 # ban & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
+             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
 
 # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
 #
 # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
 # to the destemail.
 action_xarf = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
+             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
 
 # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
-                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
+                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
 
 # Report block via blocklist.de fail2ban reporting service API
 # 

fail2ban/client/jailreader.py

@@ -158,12 +158,21 @@ class JailReader(ConfigReader):
 				self.__filter.getOptions(self.__opts)
 		
 			# Read action
-			for act in self.__opts["action"].split('\n'):
+			prevln = ''
+			actlst = self.__opts["action"].split('\n')
+			for n, act in enumerate(actlst):
 				try:
 					if not act:			  # skip empty actions
 						continue
+					# join with previous line if needed (consider possible new-line):
+					if prevln: act = prevln + '\n' + act
 					actName, actOpt = extractOptions(act)
+					prevln = ''
 					if not actName:
+						# consider possible new-line, so repeat with joined next line's:
+						if n < len(actlst) - 1:
+							prevln = act
+							continue
 						raise JailDefError("Invalid action definition %r" % act)
 					if actName.endswith(".py"):
 						self.__actions.append([

fail2ban/tests/clientreadertestcase.py

@@ -353,6 +353,30 @@ class JailReaderTest(LogCaptureTestCase):
 		)
 		self.assertEqual(expected2, result)
 
+	def testMultiLineOption(self):
+		jail = JailReader('multi-log', force_enable=True, basedir=IMPERFECT_CONFIG, share_config=IMPERFECT_CONFIG_SHARE_CFG)
+		self.assertTrue(jail.read())
+		self.assertTrue(jail.getOptions())
+		self.assertEqual(jail.options['logpath'], 'a.log\nb.log\nc.log')
+		self.assertEqual(jail.options['action'], 'action[actname=\'ban\']\naction[actname=\'log\', logpath="a.log\nb.log\nc.log\nd.log"]\naction[actname=\'test\']')
+		self.assertSortedEqual([a.convert() for a in jail._JailReader__actions], [
+			[['set', 'multi-log', 'addaction', 'ban'], ['multi-set', 'multi-log', 'action', 'ban', [
+				['actionban', 'echo "name: ban, ban: <ip>, logs: a.log\nb.log\nc.log"'],
+				['actname', 'ban'],
+				['name', 'multi-log']
+			]]],
+			[['set', 'multi-log', 'addaction', 'log'], ['multi-set', 'multi-log', 'action', 'log', [
+				['actionban', 'echo "name: log, ban: <ip>, logs: a.log\nb.log\nc.log\nd.log"'],
+				['actname', 'log'],
+				['logpath', 'a.log\nb.log\nc.log\nd.log'], ['name', 'multi-log']
+			]]],
+			[['set', 'multi-log', 'addaction', 'test'], ['multi-set', 'multi-log', 'action', 'test', [
+				['actionban', 'echo "name: test, ban: <ip>, logs: a.log\nb.log\nc.log"'],
+				['actname', 'test'],
+				['name', 'multi-log']
+			]]]
+		])
+
 	def testVersionAgent(self):
 		unittest.F2B.SkipIfCfgMissing(stock=True)
 		jail = JailReader('blocklisttest', force_enable=True, basedir=CONFIG_DIR)

fail2ban/tests/config/action.d/action.conf

@@ -0,0 +1,4 @@
+
+[Definition]
+
+actionban = echo "name: <actname>, ban: <ip>, logs: %(logpath)s"

fail2ban/tests/config/jail.conf

@@ -51,3 +51,15 @@ action =
 [tz_correct]
 enabled = true
 logtimezone = UTC+0200
+
+[multi-log]
+enabled = false
+filter  =
+logpath = a.log
+          b.log
+          c.log
+log2nd  = %(logpath)s
+          d.log
+action = action[actname='ban']
+         action[actname='log', logpath="%(log2nd)s"]
+         action[actname='test']

fail2ban/tests/fail2banclienttestcase.py

@@ -155,7 +155,7 @@ def _out_file(fn, handle=logSys.debug):
 
 def _write_file(fn, mode, *lines):
 	f = open(fn, mode)
-	f.write('\n'.join(lines))
+	f.write('\n'.join(lines)+('\n' if lines else ''))
 	f.close()
 
 def _read_file(fn):