BF: Lock server's executeCmd to prevent racing among iptables calls (Closes: #554162)

Many kudos go to Michael Saavedra for the solution and the patch.

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@784 a942ae1a-1317-0410-a47c-b1dcaea8d605

server/action.py

@@ -25,11 +25,15 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
 import logging, os
+import threading
 #from subprocess import call
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.actions.action")
 
+# Create a lock for running system commands
+_cmd_lock = threading.Lock()
+
 ##
 # Execute commands.
 #
@@ -301,17 +305,21 @@ class Action:
 	#@staticmethod
 	def executeCmd(realCmd):
 		logSys.debug(realCmd)
-		try:
+		_cmd_lock.acquire()
-			# The following line gives deadlock with multiple jails
+		try: # Try wrapped within another try needed for python version < 2.5
-			#retcode = call(realCmd, shell=True)
+			try:
-			retcode = os.system(realCmd)
+				# The following line gives deadlock with multiple jails
-			if retcode == 0:
+				#retcode = call(realCmd, shell=True)
-				logSys.debug("%s returned successfully" % realCmd)
+				retcode = os.system(realCmd)
-				return True
+				if retcode == 0:
-			else:
+					logSys.debug("%s returned successfully" % realCmd)
-				logSys.error("%s returned %x" % (realCmd, retcode))
+					return True
-		except OSError, e:
+				else:
-			logSys.error("%s failed with %s" % (realCmd, e))
+					logSys.error("%s returned %x" % (realCmd, retcode))
+			except OSError, e:
+				logSys.error("%s failed with %s" % (realCmd, e))
+		finally:
+			_cmd_lock.release()
 		return False
 	executeCmd = staticmethod(executeCmd)