Merge branch '0.10' into 0.11

fail2ban/client/filterreader.py

@@ -37,6 +37,7 @@ logSys = getLogger(__name__)
 class FilterReader(DefinitionInitConfigReader):
 
 	_configOpts = {
+		"usedns": ["string", None],
 		"prefregex": ["string", None],
 		"ignoreregex": ["string", None],
 		"failregex": ["string", None],
@@ -61,6 +62,7 @@ class FilterReader(DefinitionInitConfigReader):
 
 	@staticmethod
 	def _fillStream(stream, opts, jailName):
+		prio0idx = 0
 		for opt, value in opts.iteritems():
 			if opt in ("failregex", "ignoreregex"):
 				if value is None: continue
@@ -73,9 +75,11 @@ class FilterReader(DefinitionInitConfigReader):
 					stream.append(["multi-set", jailName, "add" + opt, multi])
 				elif len(multi):
 					stream.append(["set", jailName, "add" + opt, multi[0]])
-			elif opt in ('maxlines', 'prefregex'):
+			elif opt in ('usedns', 'maxlines', 'prefregex'):
-				# Be sure we set this options first.
+				# Be sure we set this options first, and usedns is before all regex(s).
-				stream.insert(0, ["set", jailName, opt, value])
+				stream.insert(0 if opt == 'usedns' else prio0idx,
+					["set", jailName, opt, value])
+				prio0idx += 1
 			elif opt in ('datepattern'):
 				stream.append(["set", jailName, opt, value])
 			elif opt == 'journalmatch':

fail2ban/client/jailreader.py

@@ -105,7 +105,6 @@ class JailReader(ConfigReader):
 		"bantime.maxtime": ["string", None],
 		"bantime.rndtime": ["string", None],
 		"bantime.overalljails": ["bool", None],
-		"usedns": ["string", None], # be sure usedns is before all regex(s) in stream
 		"ignorecommand": ["string", None],
 		"ignoreself": ["bool", None],
 		"ignoreip": ["string", None],
@@ -113,11 +112,13 @@ class JailReader(ConfigReader):
 		"filter": ["string", ""],
 		"logtimezone": ["string", None],
 		"logencoding": ["string", None],
-		"logpath": ["string", None], # logpath after all log-related data (backend, date-pattern, etc)
+		"logpath": ["string", None],
 		"action": ["string", ""]
 	}
 	_configOpts.update(FilterReader._configOpts)
 
+	_ignoreOpts = set(['action', 'filter', 'enabled'] + FilterReader._configOpts.keys())
+
 	def getOptions(self):
 
 		# Before interpolation (substitution) add static options always available as default:
@@ -234,6 +235,7 @@ class JailReader(ConfigReader):
 		 """
 
 		stream = []
+		stream2 = []
 		e = self.__opts.get('config-error')
 		if e:
 			stream.extend([['config-error', "Jail '%s' skipped, because of wrong configuration: %s" % (self.__name, e)]])
@@ -255,23 +257,22 @@ class JailReader(ConfigReader):
 						logSys.notice("No file(s) found for glob %s" % path)
 					for p in pathList:
 						found_files += 1
-						stream.append(
+						# logpath after all log-related data (backend, date-pattern, etc)
+						stream2.append(
 							["set", self.__name, "addlogpath", p, tail])
 				if not found_files:
 					msg = "Have not found any log file for %s jail" % self.__name
 					if not allow_no_files:
 						raise ValueError(msg)
 					logSys.warning(msg)
-					
-			elif opt == "logencoding":
-				stream.append(["set", self.__name, "logencoding", value])
 			elif opt == "backend":
 				backend = value
 			elif opt == "ignoreip":
 				stream.append(["set", self.__name, "addignoreip"] + splitwords(value))
-			elif (opt not in ('action', 'filter', 'enabled')
+			elif opt not in JailReader._ignoreOpts:
-				and opt not in FilterReader._configOpts):
 				stream.append(["set", self.__name, opt, value])
+		# consider options order (after other options):
+		if stream2: stream += stream2
 		for action in self.__actions:
 			if isinstance(action, (ConfigReaderUnshared, ConfigReader)):
 				stream.extend(action.convert())

fail2ban/tests/clientreadertestcase.py

@@ -321,6 +321,13 @@ class JailReaderTest(LogCaptureTestCase):
 		# maxlines:
 		self.assertEqual([['set', 'sshd-override-flt-opts', 'maxlines', 2]],
 			[o for o in stream if len(o) > 2 and o[2] == 'maxlines'])
+		# usedns should be before all regex in jail stream:
+		usednsidx = stream.index(['set', 'sshd-override-flt-opts', 'usedns', 'no'])
+		i = 0
+		for o in stream:
+			self.assertFalse(len(o) > 2 and o[2].endswith('regex'))
+			i += 1
+			if i > usednsidx: break
 		
 	def testSplitOption(self):
 		# Simple example

fail2ban/tests/config/jail.conf

@@ -69,6 +69,8 @@ filter = zzz-sshd-obsolete-multiline[logtype=short]
 backend = systemd
 prefregex = ^Test
 failregex = ^Test unused <ADDR>$
+ignoreregex = ^Test ignore <ADDR>$
 journalmatch = _COMM=test
 maxlines = 2
+usedns = no
 enabled = false