github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

getCurrentBans: ignore tickets with the ban-time changed after correction (if other max ban-time of jail as in the database)

pull/2125/merge
sebres 2018-07-05 13:54:37 +02:00
parent 76cb1c64ce
commit 7c0ac467bb
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fail2ban/server/database.py
View File

@ -764,8 +764,6 @@ class Fail2BanDb(object):
return cur.execute(query, queryArgs) return cur.execute(query, queryArgs)
def _getCurrentBans(self, cur, jail = None, ip = None, forbantime=None, fromtime=None): def _getCurrentBans(self, cur, jail = None, ip = None, forbantime=None, fromtime=None):
if fromtime is None:
fromtime = MyTime.time()
queryArgs = [] queryArgs = []
if jail is not None: if jail is not None:
query = "SELECT ip, timeofban, bantime, bancount, data FROM bips WHERE jail=?" query = "SELECT ip, timeofban, bantime, bancount, data FROM bips WHERE jail=?"
@ -798,6 +796,8 @@ class Fail2BanDb(object):
(and therefore endOfBan) of the ticket (normally it is ban-time of jail as maximum) (and therefore endOfBan) of the ticket (normally it is ban-time of jail as maximum)
for all tickets with ban-time greater (or persistent). for all tickets with ban-time greater (or persistent).
""" """
if fromtime is None:
fromtime = MyTime.time()
tickets = [] tickets = []
ticket = None ticket = None
if correctBanTime is True: if correctBanTime is True:
@ -822,6 +822,12 @@ class Fail2BanDb(object):
# if persistent ban (or greater as max), use current max-bantime of the jail: # if persistent ban (or greater as max), use current max-bantime of the jail:
if bantime == -1 or bantime > correctBanTime: if bantime == -1 or bantime > correctBanTime:
bantime = correctBanTime bantime = correctBanTime
# after correction check the end of ban again:
if bantime != -1 and timeofban + bantime <= fromtime:
# not persistent and too old - ignore it:
logSys.debug("ignore ticket (with new max ban-time %r): too old %r <= %r, ticket: %r",
bantime, timeofban + bantime, fromtime, ticket)
continue
except ValueError as e: # pragma: no cover except ValueError as e: # pragma: no cover
logSys.debug("get current bans: ignore row %r - %s", ticket, e) logSys.debug("get current bans: ignore row %r - %s", ticket, e)
continue continue

9
fail2ban/tests/databasetestcase.py
View File

@ -494,12 +494,13 @@ class DatabaseTest(LogCaptureTestCase):
# add persistent one: # add persistent one:
ticket.setBanTime(-1) ticket.setBanTime(-1)
self.db.addBan(self.jail, ticket) self.db.addBan(self.jail, ticket)
# persistent bantime (-1), so never expired (1 persistent ticket): # persistent bantime (-1), so never expired (but jail has other max bantime now):
tickets = self.db.getCurrentBans(jail=self.jail, forbantime=-1, tickets = self.db.getCurrentBans(jail=self.jail, forbantime=-1,
fromtime=MyTime.time() + MyTime.str2seconds("1year")) fromtime=MyTime.time() + MyTime.str2seconds("1year"))
self.assertEqual(len(tickets), 1) # no tickets should be found (max ban time = 600):
self.assertEqual(tickets[0].getBanTime(), 600); # current jail ban time. self.assertEqual(len(tickets), 0)
# change jail to persistent ban and try again: self.assertLogged("ignore ticket (with new max ban-time %r)" % self.jail.getMaxBanTime())
# change jail to persistent ban and try again (1 persistent ticket):
self.jail.actions.setBanTime(-1) self.jail.actions.setBanTime(-1)
tickets = self.db.getCurrentBans(jail=self.jail, forbantime=-1, tickets = self.db.getCurrentBans(jail=self.jail, forbantime=-1,
fromtime=MyTime.time() + MyTime.str2seconds("1year")) fromtime=MyTime.time() + MyTime.str2seconds("1year"))