github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

code review: parse options properly (order independently), same logic for `unban` command, etc

pull/3533/head
sebres 2023-06-22 19:20:55 +02:00
parent e03e9bde0b
commit 6afdf239c4
3 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fail2ban/protocol.py
View File

@ -54,7 +54,7 @@ protocol = [
["reload [--restart] [--unban] [--if-exists] <JAIL>", "reloads the jail <JAIL>, or restarts it (if option '--restart' specified)"], ["reload [--restart] [--unban] [--if-exists] <JAIL>", "reloads the jail <JAIL>, or restarts it (if option '--restart' specified)"],
["stop", "stops all jails and terminate the server"], ["stop", "stops all jails and terminate the server"],
["unban --all", "unbans all IP addresses (in all jails and database)"], ["unban --all", "unbans all IP addresses (in all jails and database)"],
["unban <IP> ... <IP>", "unbans <IP> (in all jails and database)"], ["unban [--expr] [--] <IP> ... <IP>", "unbans <IP> (in all jails and database)"],
["banned", "return jails with banned IPs as dictionary"], ["banned", "return jails with banned IPs as dictionary"],
["banned <IP> ... <IP>]", "return list(s) of jails where given IP(s) are banned"], ["banned <IP> ... <IP>]", "return list(s) of jails where given IP(s) are banned"],
["status", "gets the current status of the server"], ["status", "gets the current status of the server"],
@ -105,7 +105,7 @@ protocol = [
["set <JAIL> usedns <VALUE>", "sets the usedns mode for <JAIL>"], ["set <JAIL> usedns <VALUE>", "sets the usedns mode for <JAIL>"],
["set <JAIL> attempt <IP> [<failure1> ... <failureN>]", "manually notify about <IP> failure"], ["set <JAIL> attempt <IP> [<failure1> ... <failureN>]", "manually notify about <IP> failure"],
["set <JAIL> banip <IP> ... <IP>", "manually Ban <IP> for <JAIL>"], ["set <JAIL> banip <IP> ... <IP>", "manually Ban <IP> for <JAIL>"],
["set <JAIL> unbanip [--report-absent] [--expr] <IP> ... <IP>", "manually Unban <IP> in <JAIL>"], ["set <JAIL> unbanip [--report-absent] [--expr] [--] <IP> ... <IP>", "manually Unban <IP> in <JAIL>"],
["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"], ["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"],
["set <JAIL> maxmatches <INT>", "sets the max number of matches stored in memory per ticket in <JAIL>"], ["set <JAIL> maxmatches <INT>", "sets the max number of matches stored in memory per ticket in <JAIL>"],
["set <JAIL> maxlines <LINES>", "sets the number of <LINES> to buffer for regex search for <JAIL>"], ["set <JAIL> maxlines <LINES>", "sets the number of <LINES> to buffer for regex search for <JAIL>"],

10
fail2ban/server/server.py
View File

@ -24,14 +24,14 @@ __author__ = "Cyril Jaquier"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier" __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL" __license__ = "GPL"
import threading from ast import literal_eval
from threading import Lock, RLock
import logging import logging
import os import os
import signal import signal
import stat import stat
import sys import sys
from ast import literal_eval import threading
from threading import Lock, RLock
from .observer import Observers, ObserverThread from .observer import Observers, ObserverThread
from .jails import Jails from .jails import Jails
@ -529,7 +529,7 @@ class Server:
def setBanIP(self, name, value): def setBanIP(self, name, value):
return self.__jails[name].actions.addBannedIP(value) return self.__jails[name].actions.addBannedIP(value)
def setUnbanIP(self, name=None, values=None, ifexists=True, ifexpr=False): def setUnbanIP(self, name=None, values=None, ifexists=True, isexpr=False):
def parseExpr(v): def parseExpr(v):
try: try:
return literal_eval(v) return literal_eval(v)
@ -542,7 +542,7 @@ class Server:
# in all jails: # in all jails:
jails = list(self.__jails.values()) jails = list(self.__jails.values())
# parse values if it contains an expression # parse values if it contains an expression
if values and ifexpr: if values and isexpr:
values = map(parseExpr, values) values = map(parseExpr, values)
# unban given or all (if values is None): # unban given or all (if values is None):
cnt = 0 cnt = 0

23
fail2ban/server/transmitter.py
View File

@ -24,6 +24,7 @@ __author__ = "Cyril Jaquier"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier" __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL" __license__ = "GPL"
import getopt
import time import time
import json import json
@ -113,11 +114,12 @@ class Transmitter:
return 'OK' return 'OK'
elif name == "unban" and len(command) >= 2: elif name == "unban" and len(command) >= 2:
# unban in all jails: # unban in all jails:
value = command[1:] opts, value = getopt.getopt(command[1:], "", ["expr", "all"])
opts = dict(opts)
# if all ips: # if all ips:
if len(value) == 1 and value[0] == "--all": if "--all" in opts:
return self.__server.setUnbanIP() return self.__server.setUnbanIP()
return self.__server.setUnbanIP(None, value) return self.__server.setUnbanIP(None, value, isexpr=("--expr" in opts))
elif name == "banned": elif name == "banned":
# check IP is banned in all jails: # check IP is banned in all jails:
return self.__server.banned(None, command[1:]) return self.__server.banned(None, command[1:])
@ -363,17 +365,10 @@ class Transmitter:
value = command[2:] value = command[2:]
return self.__server.setBanIP(name,value) return self.__server.setBanIP(name,value)
elif command[1] == "unbanip": elif command[1] == "unbanip":
ifexpr = False opts, value = getopt.getopt(command[2:], "", ["expr", "report-absent"])
ifexists = True opts = dict(opts)
offset = 2 return self.__server.setUnbanIP(name, value,
if "--report-absent" in command: ifexists=("--report-absent" not in opts), isexpr=("--expr" in opts))
ifexists = False
offset += 1
if "--expr" in command:
ifexpr = True
offset += 1
value = command[offset:]
return self.__server.setUnbanIP(name, value, ifexists=ifexists, ifexpr=ifexpr)
elif command[1] == "addaction": elif command[1] == "addaction":
args = [command[2]] args = [command[2]]
if len(command) > 3: if len(command) > 3: