- Allow comma in action options. The value of the option must be escaped with " or '. Thanks to Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@509 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 11:58:58 +00:00 · 2007-01-04 11:58:58 +00:00 · 7719c00d37
parent ba833a57ad
commit 7719c00d37
4 changed files with 33 additions and 3 deletions
--- a/2
+++ b/2
@ -18,6 +18,8 @@ ver. 0.7.6 (200?/??/??) - ???
 - Several "failregex" and "ignoreregex" are now accepted.
  Creation of rules should be easier now.
 - Added license in COPYING. Thanks to Axel Thimm
+- Allow comma in action options. The value of the option must
+  be escaped with " or '. Thanks to Yaroslav Halchenko

 ver. 0.7.5 (2006/12/07) - beta
 ----------
--- a/2
+++ b/2
@ -13,6 +13,8 @@ Legend:
 # partially done
 * done

+- Improve parsing of the action parameters in jailreader.py
+
 - Better handling of the protocol in transmitter.py

 - Add gettext support (I18N)
--- a/client/jailreader.py
+++ b/client/jailreader.py
@ -134,7 +134,31 @@ class JailReader(ConfigReader):
 		m = JailReader.actionCRE.match(action)
 		d = dict()
 		if not m.group(2) == None:
-			for param in m.group(2).split(','):
+			# Huge bad hack :( This method really sucks. TODO Reimplement it.
+			actions = ""
+			escapeChar = None
+			allowComma = False
+			for c in m.group(2):
+				if c in ('"', "'") and not allowComma:
+					# Start
+					escapeChar = c
+					allowComma = True
+				elif c == escapeChar:
+					# End
+					escapeChar = None
+					allowComma = False
+				else:
+					if c == ',' and allowComma:
+						actions += "<COMMA>"
+					else:
+						actions += c
+			
+			# Split using ,
+			actionsSplit = actions.split(',')
+			# Replace the tag <COMMA> with ,
+			actionsSplit = [n.replace("<COMMA>", ',') for n in actionsSplit]
+			
+			for param in actionsSplit:
 				p = param.split('=')
 				try:
 					d[p[0].strip()] = p[1].strip()
--- a/config/jail.conf
+++ b/config/jail.conf
@ -141,13 +141,15 @@ action   = shorewall
 logpath  = /var/log/apache2/error_log

 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
-# option is overridden in this jail.
+# option is overridden in this jail. Moreover, the action "mail-whois" defines
+# the variable "name" which contains a comma using "". The characters '' are
+# valid too.

 [ssh-ipfw]

 enabled  = false
 filter   = sshd
 action   = ipfw[localhost=192.168.0.1]
-           mail-whois[name=SSH, dest=yourmail@mail.com]
+           mail-whois[name="SSH,IPFW", dest=yourmail@mail.com]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1