Revert to upstream

2013-10-22 18:26:47 +03:00 · 2013-10-22 18:26:47 +03:00 · 7bbfe5c67c
parent 3114fed8d1
commit 7bbfe5c67c
7 changed files with 157 additions and 203 deletions
--- a/client/filterreader.py
+++ b/client/filterreader.py
@ -54,9 +54,7 @@ class FilterReader(ConfigReader):
 	
 	def getOptions(self, pOpts):
 		opts = [["string", "ignoreregex", ""],
-				["string", "failregex", ""],
-				["string", "ignorecommand", ""]
-				]
+				["string", "failregex", ""]]
 		self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
 	
 	def convert(self):
--- a/client/jailreader.py
+++ b/client/jailreader.py
@ -81,7 +81,6 @@ class JailReader(ConfigReader):
 				["int", "bantime", 600],
 				["string", "usedns", "warn"],
 				["string", "failregex", None],
-				["string", "ignorecommand", None],
 				["string", "ignoreregex", None],
 				["string", "ignoreip", None],
 				["string", "filter", ""],
@ -161,8 +160,6 @@ class JailReader(ConfigReader):
 				stream.append(["set", self.__name, "usedns", self.__opts[opt]])
 			elif opt == "failregex":
 				stream.append(["set", self.__name, "addfailregex", self.__opts[opt]])
-			elif opt == "ignorecommand":
-				stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]])
 			elif opt == "ignoreregex":
 				for regex in self.__opts[opt].split('\n'):
 					# Do not send a command if the rule is empty.
--- a/common/protocol.py
+++ b/common/protocol.py
@ -49,7 +49,6 @@ protocol = [
 ["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"], 
 ["status <JAIL>", "gets the current status of <JAIL>"],
 ['', "JAIL CONFIGURATION", ""],
-["set <JAIL> ignorecommand <VALUE>", "sets ignorecommand of <JAIL>"],
 ["set <JAIL> idle on|off", "sets the idle state of <JAIL>"], 
 ["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"], 
 ["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"], 
@ -75,7 +74,6 @@ protocol = [
 ["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
 ["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"], 
 ['', "JAIL INFORMATION", ""],
-["get <JAIL> ignorecommand", "gets ignorecommand of <JAIL>"],
 ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
 ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
 ["get <JAIL> failregex", "gets the list of regular expressions which matches the failures for <JAIL>"],
--- a/config/jail.conf
+++ b/config/jail.conf
@ -34,9 +34,6 @@ ignoreip = 127.0.0.1/8
 # "bantime" is the number of seconds that a host is banned.
 bantime  = 600

-# External command with space separated output ips to ignore
-# ignorecommand = /path/to/command
-
 # A host is banned if it has generated "maxretry" during the last "findtime"
 # seconds.
 findtime  = 600
--- a/server/filter.py
+++ b/server/filter.py
@ -21,7 +21,8 @@ __author__ = "Cyril Jaquier and Fail2Ban Contributors"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko"
 __license__ = "GPL"

-#import sys, os, getopt
+import sys
+
 from failmanager import FailManagerEmpty
 from failmanager import FailManager
 from ticket import FailTicket
@ -42,7 +43,6 @@ logSys = logging.getLogger("fail2ban.filter")
 # that matches a given regular expression. This class is instantiated by
 # a Jail object.

-
 class Filter(JailThread):

 	##
@ -67,13 +67,12 @@ class Filter(JailThread):
 		self.__findTime = 6000
 		## The ignore IP list.
 		self.__ignoreIpList = []
-		## External command
-		self.__ignoreCommand = False

 		self.dateDetector = DateDetector()
 		self.dateDetector.addDefaultTemplate()
 		logSys.debug("Created %s" % self)

+
 	def __repr__(self):
 		return "%s(%r)" % (self.__class__.__name__, self.jail)

@ -92,6 +91,7 @@ class Filter(JailThread):
 			logSys.error(e)
 			raise e

+
 	def delFailRegex(self, index):
 		try:
 			del self.__failRegex[index]
@ -209,24 +209,9 @@ class Filter(JailThread):
 	# file has been modified and looks for failures.
 	# @return True when the thread exits nicely

-	def run(self):  # pragma: no cover
+	def run(self): # pragma: no cover
 		raise Exception("run() is abstract")

-
-	##
-	# Set external command, for ignoredips
-	#
-
-	def setIgnoreCommand(self, command):
-		self.__ignoreCommand = command
-
-	##
-	# Get external command, for ignoredips
-	#
-
-	def getIgnoreCommand(self):
-		return self.__ignoreCommand
-
 	##
 	# Ban an IP - http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
 	# Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
@ -239,7 +224,7 @@ class Filter(JailThread):
 			self.failManager.addFailure(FailTicket(ip, unixTime))

 		# Perform the banning of the IP now.
-		try:  # pragma: no branch - exception is the only way out
+		try: # pragma: no branch - exception is the only way out
 			while True:
 				ticket = self.failManager.toBan()
 				self.jail.putFailTicket(ticket)
@ -264,10 +249,7 @@ class Filter(JailThread):
 		self.__ignoreIpList.remove(ip)

 	def getIgnoreIP(self):
-		if self.__ignoreCommand is not False:
-			return self.__ignoreIpList + os.popen(self.__ignoreCommand).read().split(" ")
-		else:
-			return self.__ignoreIpList
+		return self.__ignoreIpList

 	##
 	# Check if IP address/DNS is in the ignore list.
@ -282,12 +264,6 @@ class Filter(JailThread):
 			# An empty string is always false
 			if i == "":
 				continue
-			# External command with ips to ignore
-			if self.__ignoreCommand is not False:
-				ignored_ips = os.popen(self.__ignoreCommand).read().split(" ")
-				if ip in ignored_ips:
-					return True
-
 			s = i.split('/', 1)
 			# IP address without CIDR mask
 			if len(s) == 1:
--- a/server/server.py
+++ b/server/server.py
@ -187,12 +187,6 @@ class Server:
 	def addFailRegex(self, name, value):
 		self.__jails.getFilter(name).addFailRegex(value)
 	
-	def setIgnoreCommand(self, name, value):
-		self.__jails.getFilter(name).setIgnoreCommand(value)
-	def getIgnoreCommand(self, name):
-		self.__jails.getFilter(name).getIgnoreCommand()
-
-
 	def delFailRegex(self, name, index):
 		self.__jails.getFilter(name).delFailRegex(index)
 	
--- a/server/transmitter.py
+++ b/server/transmitter.py
@ -152,10 +152,6 @@ class Transmitter:
 			value = command[2]
 			self.__server.addIgnoreRegex(name, value)
 			return self.__server.getIgnoreRegex(name)
-		elif command[1] == "ignorecommand":
-			value = command[2]
-			self.__server.setIgnoreCommand(name, value)
-			return self.__server.getIgnoreCommand(name)
 		elif command[1] == "delignoreregex":
 			value = int(command[2])
 			self.__server.delIgnoreRegex(name, value)
@ -241,8 +237,6 @@ class Transmitter:
 			return self.__server.getLogPath(name)
 		elif command[1] == "ignoreip":
 			return self.__server.getIgnoreIP(name)
-		elif command[1] == "ignorecommand":
-			return self.__server.getIgnoreCommand(name)
 		elif command[1] == "failregex":
 			return self.__server.getFailRegex(name)
 		elif command[1] == "ignoreregex":