BF: Lock server's executeCmd to prevent racing among iptables calls (…

…Closes: #554162) Many kudos go to Michael Saavedra for the solution and the patch. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@784 a942ae1a-1317-0410-a47c-b1dcaea8d605
fail2ban · Sep 24, 2011 · 3a58d0e · 3a58d0e
1 parent 3eb5e3b
commit 3a58d0e
Showing 1 changed file with 19 additions and 11 deletions.
diff --git a/server/action.py b/server/action.py
@@ -25,11 +25,15 @@
 __license__ = "GPL"
 
 import logging, os
+import threading
 #from subprocess import call
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.actions.action")
 
+# Create a lock for running system commands
+_cmd_lock = threading.Lock()
+
 ##
 # Execute commands.
 #
@@ -301,17 +305,21 @@ def __processCmd(self, cmd, aInfo = None):
 	#@staticmethod
 	def executeCmd(realCmd):
 		logSys.debug(realCmd)
-		try:
-			# The following line gives deadlock with multiple jails
-			#retcode = call(realCmd, shell=True)
-			retcode = os.system(realCmd)
-			if retcode == 0:
-				logSys.debug("%s returned successfully" % realCmd)
-				return True
-			else:
-				logSys.error("%s returned %x" % (realCmd, retcode))
-		except OSError, e:
-			logSys.error("%s failed with %s" % (realCmd, e))
+		_cmd_lock.acquire()
+		try: # Try wrapped within another try needed for python version < 2.5
+			try:
+				# The following line gives deadlock with multiple jails
+				#retcode = call(realCmd, shell=True)
+				retcode = os.system(realCmd)
+				if retcode == 0:
+					logSys.debug("%s returned successfully" % realCmd)
+					return True
+				else:
+					logSys.error("%s returned %x" % (realCmd, retcode))
+			except OSError, e:
+				logSys.error("%s failed with %s" % (realCmd, e))
+		finally:
+			_cmd_lock.release()
 		return False
 	executeCmd = staticmethod(executeCmd)