From 7719c00d3711663814fb7e298fad088a512efd11 Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Thu, 4 Jan 2007 11:58:58 +0000 Subject: [PATCH] - Allow comma in action options. The value of the option must be escaped with " or '. Thanks to Yaroslav Halchenko git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@509 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- CHANGELOG | 2 ++ TODO | 2 ++ client/jailreader.py | 26 +++++++++++++++++++++++++- config/jail.conf | 6 ++++-- 4 files changed, 33 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 70962aba..c822d3d8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -18,6 +18,8 @@ ver. 0.7.6 (200?/??/??) - ??? - Several "failregex" and "ignoreregex" are now accepted. Creation of rules should be easier now. - Added license in COPYING. Thanks to Axel Thimm +- Allow comma in action options. The value of the option must + be escaped with " or '. Thanks to Yaroslav Halchenko ver. 0.7.5 (2006/12/07) - beta ---------- diff --git a/TODO b/TODO index 23a34875..0348a3e1 100644 --- a/TODO +++ b/TODO @@ -13,6 +13,8 @@ Legend: # partially done * done +- Improve parsing of the action parameters in jailreader.py + - Better handling of the protocol in transmitter.py - Add gettext support (I18N) diff --git a/client/jailreader.py b/client/jailreader.py index aa26d789..3588daab 100644 --- a/client/jailreader.py +++ b/client/jailreader.py @@ -134,7 +134,31 @@ class JailReader(ConfigReader): m = JailReader.actionCRE.match(action) d = dict() if not m.group(2) == None: - for param in m.group(2).split(','): + # Huge bad hack :( This method really sucks. TODO Reimplement it. + actions = "" + escapeChar = None + allowComma = False + for c in m.group(2): + if c in ('"', "'") and not allowComma: + # Start + escapeChar = c + allowComma = True + elif c == escapeChar: + # End + escapeChar = None + allowComma = False + else: + if c == ',' and allowComma: + actions += "" + else: + actions += c + + # Split using , + actionsSplit = actions.split(',') + # Replace the tag with , + actionsSplit = [n.replace("", ',') for n in actionsSplit] + + for param in actionsSplit: p = param.split('=') try: d[p[0].strip()] = p[1].strip() diff --git a/config/jail.conf b/config/jail.conf index b3985363..5c4628f0 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -141,13 +141,15 @@ action = shorewall logpath = /var/log/apache2/error_log # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" -# option is overridden in this jail. +# option is overridden in this jail. Moreover, the action "mail-whois" defines +# the variable "name" which contains a comma using "". The characters '' are +# valid too. [ssh-ipfw] enabled = false filter = sshd action = ipfw[localhost=192.168.0.1] - mail-whois[name=SSH, dest=yourmail@mail.com] + mail-whois[name="SSH,IPFW", dest=yourmail@mail.com] logpath = /var/log/auth.log ignoreip = 168.192.0.1