allow tuple IDs on all commands

2023-06-23 12:36:37 +02:00 · 2023-06-23 12:36:37 +02:00 · 98a4cee1c0
parent 34390b3fe1
commit 98a4cee1c0
6 changed files with 52 additions and 34 deletions
--- a/fail2ban/client/beautifier.py
+++ b/fail2ban/client/beautifier.py
@ -185,7 +185,7 @@ class Beautifier:
 					sep = " " if len(inC) <= 3 else inC[3]
 					if sep == "--with-time":
 						sep = "\n"
-					msg = sep.join(response)
+					msg = sep.join([str(res) for res in response])
 		except Exception:
 			logSys.warning("Beautifier error. Please report the error")
 			logSys.error("Beautify %r with %r failed", response, self.__inputCmd,
--- a/fail2ban/helpers.py
+++ b/fail2ban/helpers.py
@ -28,6 +28,7 @@ import re
 import sys
 import traceback

+from ast import literal_eval
 from threading import Lock

 from .server.mytime import MyTime
@ -298,6 +299,16 @@ def _merge_copy_dicts(x, y):
 	"""
 	return {**x, **y}

+def parseExpressions(value):
+	def parseExpr(v):
+		try:
+			return literal_eval(v)
+		except SyntaxError:
+			return v
+	if value:
+		return list(map(parseExpr, value)) if isinstance(value, (list, tuple)) else parseExpr(value)
+	return None
+
 #
 # Following function used for parse options from parameter (e.g. `name[p1=0, p2="..."][p3='...']`).
 #
--- a/fail2ban/protocol.py
+++ b/fail2ban/protocol.py
@ -56,7 +56,7 @@ protocol = [
 ["unban --all", "unbans all IP addresses (in all jails and database)"],
 ["unban [--expr] [--] <IP> ... <IP>", "unbans <IP> (in all jails and database)"],
 ["banned", "return jails with banned IPs as dictionary"],
-["banned <IP> ... <IP>]", "return list(s) of jails where given IP(s) are banned"],
+["banned [--expr] [--] <IP> ... <IP>]", "return list(s) of jails where given IP(s) are banned"],
 ["status", "gets the current status of the server"], 
 ["ping", "tests if the server is alive"],
 ["echo", "for internal usage, returns back and outputs a given string"],
@ -86,8 +86,8 @@ protocol = [
 ['', "JAIL CONFIGURATION", ""],
 ["set <JAIL> idle on|off", "sets the idle state of <JAIL>"], 
 ["set <JAIL> ignoreself true|false", "allows the ignoring of own IP addresses"], 
-["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"], 
-["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"], 
+["set <JAIL> addignoreip [--expr] [--] <IP> ... <IP>", "adds <IP> to the ignore list of <JAIL>"], 
+["set <JAIL> delignoreip [--expr] [--] <IP> ... <IP>", "removes <IP> from the ignore list of <JAIL>"], 
 ["set <JAIL> ignorecommand <VALUE>", "sets ignorecommand of <JAIL>"],
 ["set <JAIL> ignorecache <VALUE>", "sets ignorecache of <JAIL>"],
 ["set <JAIL> addlogpath <FILE> ['tail']", "adds <FILE> to the monitoring list of <JAIL>, optionally starting at the 'tail' of the file (default 'head')."], 
@ -103,8 +103,8 @@ protocol = [
 ["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"], 
 ["set <JAIL> datepattern <PATTERN>", "sets the <PATTERN> used to match date/times for <JAIL>"],
 ["set <JAIL> usedns <VALUE>", "sets the usedns mode for <JAIL>"],
-["set <JAIL> attempt <IP> [<failure1> ... <failureN>]", "manually notify about <IP> failure"], 
-["set <JAIL> banip <IP> ... <IP>", "manually Ban <IP> for <JAIL>"], 
+["set <JAIL> attempt [--expr] [--] <IP> [<failure1> ... <failureN>]", "manually notify about <IP> failure"], 
+["set <JAIL> banip [--expr] [--] <IP> ... <IP>", "manually Ban <IP> for <JAIL>"], 
 ["set <JAIL> unbanip [--report-absent] [--expr] [--] <IP> ... <IP>", "manually Unban <IP> in <JAIL>"], 
 ["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"], 
 ["set <JAIL> maxmatches <INT>", "sets the max number of matches stored in memory per ticket in <JAIL>"], 
@ -123,7 +123,7 @@ protocol = [
 ["set <JAIL> action <ACT> <METHOD>[ <JSONKWARGS>]", "calls the <METHOD> with <JSONKWARGS> for the action <ACT> for <JAIL>"],
 ['', "JAIL INFORMATION", ""],
 ["get <JAIL> banned", "return banned IPs of <JAIL>"],
-["get <JAIL> banned <IP> ... <IP>]", "return 1 if IP is banned in <JAIL> otherwise 0, or a list of 1/0 for multiple IPs"],
+["get <JAIL> banned [--expr] [--] <IP> ... <IP>]", "return 1 if IP is banned in <JAIL> otherwise 0, or a list of 1/0 for multiple IPs"],
 ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
 ["get <JAIL> logencoding", "gets the encoding of the log files for <JAIL>"],
 ["get <JAIL> journalmatch", "gets the journal filter match for <JAIL>"],
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@ -468,7 +468,7 @@ class Filter(JailThread):

 	def addAttempt(self, ip, *matches):
 		"""Generate a failed attempt for ip"""
-		if not isinstance(ip, IPAddr):
+		if not isinstance(ip, (IPAddr, list, tuple)):
 			ip = IPAddr(ip)
 		matches = list(matches) # tuple to list

--- a/fail2ban/server/server.py
+++ b/fail2ban/server/server.py
@ -24,7 +24,6 @@ __author__ = "Cyril Jaquier"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

-from ast import literal_eval
 import logging
 import os
 import signal
@ -523,27 +522,19 @@ class Server:
 	def setBanTime(self, name, value):
 		self.__jails[name].actions.setBanTime(value)
 	
-	def addAttemptIP(self, name, *args):
-		return self.__jails[name].filter.addAttempt(*args)
+	def addAttemptIP(self, name, ip, failures):
+		return self.__jails[name].filter.addAttempt(ip, *failures)

 	def setBanIP(self, name, value):
 		return self.__jails[name].actions.addBannedIP(value)

-	def setUnbanIP(self, name=None, values=None, ifexists=True, isexpr=False):
-		def parseExpr(v):
-			try:
-				return literal_eval(v)
-			except SyntaxError:
-				return v
+	def setUnbanIP(self, name=None, values=None, ifexists=True):
 		if name is not None:
 			# single jail:
 			jails = [self.__jails[name]]
 		else:
 			# in all jails:
 			jails = list(self.__jails.values())
-		# parse values if it contains an expression
-		if values and isexpr:
-			values = map(parseExpr, values)
 		# unban given or all (if values is None):
 		cnt = 0
 		ifexists |= (name is None)
@ -572,7 +563,6 @@ class Server:
 				ret = jail.actions.getBanned(ids)
 				if name is not None:
 					return ret
-					res.append(ret)
 				else:
 					res.append({jail.name: ret})
 		return res
--- a/fail2ban/server/transmitter.py
+++ b/fail2ban/server/transmitter.py
@ -28,7 +28,7 @@ import getopt
 import time
 import json

-from ..helpers import getLogger, logging
+from ..helpers import getLogger, logging, parseExpressions
 from .. import version

 # Gets the instance of the logger.
@ -119,10 +119,14 @@ class Transmitter:
 			# if all ips:
 			if "--all" in opts:
 				return self.__server.setUnbanIP()
-			return self.__server.setUnbanIP(None, value, isexpr=("--expr" in opts))
+			value = parseExpressions(value) if "--expr" in opts else value
+			return self.__server.setUnbanIP(None, value)
 		elif name == "banned":
 			# check IP is banned in all jails:
-			return self.__server.banned(None, command[1:])
+			opts, value = getopt.getopt(command[1:], "", ["expr"])
+			opts = dict(opts)
+			value = parseExpressions(value) if "--expr" in opts else value
+			return self.__server.banned(None, value)
 		elif name == "echo":
 			return command[1:]
 		elif name == "server-status":
@ -228,13 +232,19 @@ class Transmitter:
 			if self.__quiet: return
 			return self.__server.getIgnoreSelf(name)
 		elif command[1] == "addignoreip":
-			for value in command[2:]:
-				self.__server.addIgnoreIP(name, value)
+			opts, value = getopt.getopt(command[2:], "", ["expr"])
+			opts = dict(opts)
+			isexpr = "--expr" in opts
+			for v in value:
+				self.__server.addIgnoreIP(name, parseExpressions(v) if isexpr else v)
 			if self.__quiet: return
 			return self.__server.getIgnoreIP(name)
 		elif command[1] == "delignoreip":
-			value = command[2]
-			self.__server.delIgnoreIP(name, value)
+			opts, value = getopt.getopt(command[2:], "", ["expr"])
+			opts = dict(opts)
+			isexpr = "--expr" in opts
+			for v in value:
+				self.__server.delIgnoreIP(name, parseExpressions(v) if isexpr else v)
 			if self.__quiet: return
 			return self.__server.getIgnoreIP(name)
 		elif command[1] == "ignorecommand":
@ -352,9 +362,11 @@ class Transmitter:
 			if self.__quiet: return
 			return self.__server.getBanTime(name)
 		elif command[1] == "attempt":
-			value = command[2:]
+			opts, value = getopt.getopt(command[2:], "", ["expr"])
+			opts = dict(opts)
 			if self.__quiet: return
-			return self.__server.addAttemptIP(name, *value)
+			ip = parseExpressions(value[0]) if "--expr" in opts else value[0]
+			return self.__server.addAttemptIP(name, ip, value[1:])
 		elif command[1].startswith("bantime."):
 			value = command[2]
 			opt = command[1][len("bantime."):]
@ -362,13 +374,15 @@ class Transmitter:
 			if self.__quiet: return
 			return self.__server.getBanTimeExtra(name, opt)
 		elif command[1] == "banip":
-			value = command[2:]
+			opts, value = getopt.getopt(command[2:], "", ["expr"])
+			opts = dict(opts)
+			value = parseExpressions(value) if "--expr" in opts else value
 			return self.__server.setBanIP(name,value)
 		elif command[1] == "unbanip":
 			opts, value = getopt.getopt(command[2:], "", ["expr", "report-absent"])
 			opts = dict(opts)
-			return self.__server.setUnbanIP(name, value,
-				ifexists=("--report-absent" not in opts), isexpr=("--expr" in opts))
+			value = parseExpressions(value) if "--expr" in opts else value
+			return self.__server.setUnbanIP(name, value, ifexists=("--report-absent" not in opts))
 		elif command[1] == "addaction":
 			args = [command[2]]
 			if len(command) > 3:
@ -441,7 +455,10 @@ class Transmitter:
 		# Jail, Filter
 		elif command[1] == "banned":
 			# check IP is banned in all jails:
-			return self.__server.banned(name, command[2:])
+			opts, value = getopt.getopt(command[2:], "", ["expr"])
+			opts = dict(opts)
+			value = parseExpressions(value) if "--expr" in opts else value
+			return self.__server.banned(name, value)
 		elif command[1] == "logpath":
 			return self.__server.getLogPath(name)
 		elif command[1] == "logencoding":