NF: Mockup for handling complex additional Init parameters in actions

So we could have substitutions tags chosen according to values of other tags, e.g. in this case ipv (IP version) tag would be added by fail2ban internally novo# grep -e '^[^#]' /etc/fail2ban/action.d/iptables-multiport.conf [Definition] actionstart = <actioncmd> -N fail2ban-<name> <actioncmd> -A fail2ban-<name> -j RETURN <actioncmd> -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> actionstop = <actioncmd> -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> <actioncmd> -F fail2ban-<name> <actioncmd> -X fail2ban-<name> actioncheck = <actioncmd> -n -L <chain> | grep -q fail2ban-<name> actionban = <actioncmd> -I fail2ban-<name> 1 -s <ip> -j DROP actionunban = <actioncmd> -D fail2ban-<name> -s <ip> -j DROP [Init] name = default port = ssh protocol = tcp chain = INPUT actioncmd/ipv = 4="iptables", 6="ip6tables"
2011-04-27 22:54:03 -04:00 · 2011-04-27 22:54:03 -04:00 · 28b44d2655
parent 6d25310e28
commit 28b44d2655
2 changed files with 35 additions and 1 deletions
--- a/server/action.py
+++ b/server/action.py
@ -81,6 +81,14 @@ class Action:
 	# @param value the property value
 	
 	def setCInfo(self, key, value):
+		if '/' in value:
+			logSys.debug("Evaluating the value to dict")
+			try:
+				value = eval("dict(%s)" % value)
+			except Exception, e:
+				logSys.error("Failed to evaluate value %r for %s as dict"
+							 % (value, key))
+		logSys.debug("Set cinfo %s = %r" % (key, value))
 		self.__cInfo[key] = value
 	
 	##
@ -237,7 +245,30 @@ class Action:
 		"""
 		string = query
 		for tag in aInfo:
-			string = string.replace('<' + tag + '>', str(aInfo[tag]))
+			# simple replacement string or a dictionary
+			val = aInfo[tag]
+			if '/' in tag:
+				# dict Info and we should take after '/' as the key
+				# which would determine which actual tag to take from
+				# aInfo
+				tag_, key_tag = tag.split('/', 1)
+				if not key_tag in aInfo:
+					logSys.error(
+						"Failed to find information for key tag %s among %s. "
+						"Tag %s was ignored" % (key_tag, aInfo.keys(), tag))
+					continue
+				if not isinstance(val, dict):
+					logSys.error("Tags defined as X/Y must contain dictionary "
+								 "entries. Got %r. Tag %s was ignored"
+								 % (val, tag))
+					continue
+				if not aInfo[key_tag] in val:
+					logSys.error("There is no %s in %r. Tag %s was ignored"
+								 % (aInfo[key_tag], val, tag))
+					continue
+				tag = tag_			# TODO: pylint would scream here I guess
+				val = aInfo[tag][aInfo[key_tag]]
+			string = string.replace('<' + tag + '>', str(val))
 		# New line
 		string = string.replace("<br>", '\n')
 		return string
--- a/server/actions.py
+++ b/server/actions.py
@ -156,6 +156,9 @@ class Actions(JailThread):
 			aInfo = dict()
 			bTicket = BanManager.createBanTicket(ticket)
 			aInfo["ip"] = bTicket.getIP()
+			# TODO: adopt IPv6 handling from Rogerio
+			# and assign namespace here accordingly
+			aInfo["ipv"] = 4			# 4 for now
 			aInfo["failures"] = bTicket.getAttempt()
 			aInfo["time"] = bTicket.getTime()
 			if self.__banManager.addBanTicket(bTicket):