Merge pull request #369 from yarikoptic/master

Dealing with dangling symlinks -- avoid adding those files to server for monitoring

client/jailreader.py

@@ -24,7 +24,7 @@ __author__ = "Cyril Jaquier"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import logging, re, glob
+import logging, re, glob, os.path
 
 from configreader import ConfigReader
 from filterreader import FilterReader
@@ -55,7 +55,23 @@ class JailReader(ConfigReader):
 	
 	def isEnabled(self):
 		return self.__force_enable or self.__opts["enabled"]
-	
+
+	@staticmethod
+	def _glob(path):
+		"""Given a path for glob return list of files to be passed to server.
+
+		Dangling symlinks are warned about and not returned
+		"""
+		pathList = []
+		for p in glob.glob(path):
+			if not os.path.exists(p):
+				logSys.warning("File %s doesn't even exist, thus cannot be monitored" % p)
+			elif not os.path.lexists(p):
+				logSys.warning("File %s is a dangling link, thus cannot be monitored" % p)
+			else:
+				pathList.append(p)
+		return pathList
+
 	def getOptions(self):
 		opts = [["bool", "enabled", "false"],
 				["string", "logpath", "/var/log/messages"],
@@ -118,7 +134,7 @@ class JailReader(ConfigReader):
 			if opt == "logpath":
 				found_files = 0
 				for path in self.__opts[opt].split("\n"):
-					pathList = glob.glob(path)
+					pathList = JailReader._glob(path)
 					if len(pathList) == 0:
 						logSys.error("No file(s) found for glob %s" % path)
 					for p in pathList:

testcases/clientreadertestcase.py

@@ -22,6 +22,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko"
 __license__ = "GPL"
 
 import os, tempfile, shutil, unittest
+
 from client.configreader import ConfigReader
 from client.jailreader import JailReader
 from client.jailsreader import JailsReader
@@ -116,6 +117,19 @@ class JailReaderTest(unittest.TestCase):
 		expected = ['mail-whois', {'name': 'SSH'}]
 		result = JailReader.splitAction(action)
 		self.assertEqual(expected, result)
+		
+	def testGlob(self):
+		d = tempfile.mkdtemp(prefix="f2b-temp")
+		# Generate few files
+		# regular file
+		open(os.path.join(d, 'f1'), 'w').close()
+		# dangling link
+		os.symlink('nonexisting', os.path.join(d, 'f2'))
+
+		# must be only f1
+		self.assertEqual(JailReader._glob(os.path.join(d, '*')), [os.path.join(d, 'f1')])
+		# since f2 is dangling -- empty list
+		self.assertEqual(JailReader._glob(os.path.join(d, 'f2')), [])
 
 class JailsReaderTest(unittest.TestCase):
 

testcases/servertestcase.py

@@ -292,12 +292,23 @@ class Transmitter(TransmitterBase):
 			self.transm.proceed(["set", self.jailName, "dellogpath", value]),
 			(0, []))
 
+	def testJailLogPathInvalidFile(self):
 		# Invalid file
 		value = "this_file_shouldn't_exist"
 		result = self.transm.proceed(
 			["set", self.jailName, "addlogpath", value])
 		self.assertTrue(isinstance(result[1], IOError))
 
+	def testJailLogPathBrokenSymlink(self):
+		# Broken symlink
+		name = tempfile.mktemp(prefix='tmp_fail2ban_broken_symlink')
+		sname = name + '.slink'
+		os.symlink(name, sname)
+		result = self.transm.proceed(
+			["set", self.jailName, "addlogpath", sname])
+		self.assertTrue(isinstance(result[1], IOError))
+		os.unlink(sname)
+
 	def testJailIgnoreIP(self):
 		self.jailAddDelTest(
 			"ignoreip",