Merge pull request #1088 from leeclemens/bf-595/nonrootmessage

Add specific errors for client socket access (closes 595)
2015-07-05 21:33:56 -04:00 · 2015-07-05 21:33:56 -04:00 · c0feebfad8
parent e5a5edd35b 423d5b761e
commit c0feebfad8
2 changed files with 22 additions and 1 deletions
--- a/1
+++ b/1
@ -26,6 +26,7 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
   * action.d/cloudflare.conf - improved documentation on how to allow
     multiple CF accounts, and jail.conf got new compound action
     definition action_cf_mwl to submit cloudflare report.
+   * Check access to socket for more detailed logging on error (gh-595)


 ver. 0.9.2 (2015/04/29) - better-quick-now-than-later
--- a/bin/fail2ban-client
+++ b/bin/fail2ban-client
@ -171,7 +171,7 @@ class Fail2banClient:
 					streamRet = False
 			except socket.error:
 				if showRet:
-					logSys.error("Unable to contact server. Is it running?")
+					self.__logSocketError()
 				return False
 			except Exception, e:
 				if showRet:
@ -179,6 +179,26 @@ class Fail2banClient:
 				return False
 		return streamRet

+	def __logSocketError(self):
+		try:
+			if os.access(self.__conf["socket"], os.F_OK):
+				# This doesn't check if path is a socket,
+				#  but socket.error should be raised
+				if os.access(self.__conf["socket"], os.W_OK):
+					# Permissions look good, but socket.error was raised
+					logSys.error("Unable to contact server. Is it running?")
+				else:
+					logSys.error("Permission denied to socket: %s,"
+								 " (you must be root)", self.__conf["socket"])
+			else:
+				logSys.error("Failed to access socket path: %s."
+							 " Is fail2ban running?",
+							 self.__conf["socket"])
+		except Exception as e:
+			logSys.error("Exception while checking socket access: %s",
+						 self.__conf["socket"])
+			logSys.error(e)
+
 	##
 	# Process a command line.
 	#