github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

amend after newest merge of 0.10: 

- database duplicate code removed resp. merged with incr. version;
  - ignores expired ban ticket directly in ban manager;
  - don't change start of ban time for restored tickets in restoreCurrentBans (because of possible timing issues in the test-cases);
  - small code review;
pull/1460/head
sebres 2016-10-15 15:06:24 +02:00
parent cbfecea112
commit ce2b4fe634
4 changed files with 8 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
fail2ban/server/database.py
View File

@ -620,43 +620,6 @@ class Fail2BanDb(object):
self._bansMergedCache[cacheKey] = tickets if ip is None else ticket self._bansMergedCache[cacheKey] = tickets if ip is None else ticket
return tickets if ip is None else ticket return tickets if ip is None else ticket
def _getCurrentBans(self, cur, jail = None, ip = None, forbantime=None, fromtime=None):
if fromtime is None:
fromtime = MyTime.time()
queryArgs = []
if jail is not None:
query = "SELECT ip, timeofban, data FROM bans WHERE jail=?"
queryArgs.append(jail.name)
else:
query = "SELECT ip, max(timeofban), data FROM bans WHERE 1"
if ip is not None:
query += " AND ip=?"
queryArgs.append(ip)
if forbantime is not None:
query += " AND timeofban > ?"
queryArgs.append(fromtime - forbantime)
if ip is None:
query += " GROUP BY ip ORDER BY ip, timeofban DESC"
cur = self._db.cursor()
return cur.execute(query, queryArgs)
def getCurrentBans(self, jail = None, ip = None, forbantime=None, fromtime=None):
tickets = []
ticket = None
with self._lock:
results = list(self._getCurrentBans(self._db.cursor(),
jail=jail, ip=ip, forbantime=forbantime, fromtime=fromtime))
if results:
for banip, timeofban, data in results:
# logSys.debug('restore ticket %r, %r, %r', banip, timeofban, data)
ticket = FailTicket(banip, timeofban, data=data)
# logSys.debug('restored ticket: %r', ticket)
tickets.append(ticket)
return tickets if ip is None else ticket
@commitandrollback @commitandrollback
def getBan(self, cur, ip, jail=None, forbantime=None, overalljails=None, fromtime=None): def getBan(self, cur, ip, jail=None, forbantime=None, overalljails=None, fromtime=None):
ip = str(ip) ip = str(ip)
@ -710,19 +673,12 @@ class Fail2BanDb(object):
results = list(self._getCurrentBans(jail=jail, ip=ip, forbantime=forbantime, fromtime=fromtime)) results = list(self._getCurrentBans(jail=jail, ip=ip, forbantime=forbantime, fromtime=fromtime))
if results: if results:
matches = []
failures = 0
for banip, timeofban, bantime, bancount, data in results: for banip, timeofban, bantime, bancount, data in results:
#TODO: Implement data parts once arbitrary match keys completed # logSys.debug('restore ticket %r, %r, %r', banip, timeofban, data)
ticket = FailTicket(banip, timeofban, matches) ticket = FailTicket(banip, timeofban, data=data)
ticket.setAttempt(failures) # logSys.debug('restored ticket: %r', ticket)
ticket.setBanTime(bantime) ticket.setBanTime(bantime)
ticket.setBanCount(bancount) ticket.setBanCount(bancount)
matches = []
failures = 0
matches.extend(data['matches'])
failures += data['failures']
ticket.setAttempt(failures)
tickets.append(ticket) tickets.append(ticket)
return tickets if ip is None else ticket return tickets if ip is None else ticket

5
fail2ban/server/jail.py
View File

@ -280,15 +280,12 @@ class Jail(object):
ticket.restored = True ticket.restored = True
# correct start time / ban time (by the same end of ban): # correct start time / ban time (by the same end of ban):
btm = ticket.getBanTime(forbantime) btm = ticket.getBanTime(forbantime)
curtime = int(MyTime.time()) diftm = MyTime.time() - ticket.getTime()
diftm = curtime - ticket.getTime()
if btm != -1 and diftm > 0: if btm != -1 and diftm > 0:
btm -= diftm btm -= diftm
# ignore obsolete tickets: # ignore obsolete tickets:
if btm != -1 and btm <= 0: if btm != -1 and btm <= 0:
continue continue
ticket.setTime(curtime)
ticket.setBanTime(btm)
self.putFailTicket(ticket) self.putFailTicket(ticket)
except Exception as e: # pragma: no cover except Exception as e: # pragma: no cover
logSys.error('%s', e, exc_info=logSys.getEffectiveLevel()<=logging.DEBUG) logSys.error('%s', e, exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)

3
fail2ban/tests/banmanagertestcase.py
View File

@ -156,6 +156,7 @@ class StatusExtendedCymruInfo(unittest.TestCase):
def setUp(self): def setUp(self):
"""Call before every test case.""" """Call before every test case."""
unittest.F2B.SkipIfNoNetwork() unittest.F2B.SkipIfNoNetwork()
setUpMyTime()
self.__ban_ip = "93.184.216.34" self.__ban_ip = "93.184.216.34"
self.__asn = "15133" self.__asn = "15133"
self.__country = "EU" self.__country = "EU"
@ -166,7 +167,7 @@ class StatusExtendedCymruInfo(unittest.TestCase):
def tearDown(self): def tearDown(self):
"""Call after every test case.""" """Call after every test case."""
pass tearDownMyTime()
available = True, None available = True, None

11
fail2ban/tests/observertestcase.py
View File

@ -493,16 +493,9 @@ class BanTimeIncrDB(unittest.TestCase):
obs.add('failureFound', failManager, self.jail, ticket) obs.add('failureFound', failManager, self.jail, ticket)
obs.wait_empty(5) obs.wait_empty(5)
# wait until ticket transfered from failmanager into jail: # wait until ticket transfered from failmanager into jail:
to = int(MyTime.time())+30 ticket2 = Utils.wait_for(jail.getFailTicket, 10)
while True:
ticket2 = jail.getFailTicket()
if ticket2:
break
time.sleep(Utils.DEFAULT_SLEEP_INTERVAL)
if MyTime.time() > to: # pragma: no cover
raise RuntimeError('unexpected timeout: wait 30 seconds instead of few ms.')
# check ticket and failure count: # check ticket and failure count:
self.assertFalse(not ticket2) self.assertTrue(ticket2)
self.assertEqual(ticket2.getRetry(), failManager.getMaxRetry()) self.assertEqual(ticket2.getRetry(), failManager.getMaxRetry())
# wrap FailTicket to BanTicket: # wrap FailTicket to BanTicket: