summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTar Committer <tar@ocjtech.us>1999-08-10 19:39:12 +0000
committerTar Committer <tar@ocjtech.us>1999-08-10 19:39:12 +0000
commit42de2e53682c49b050f19fdbaaf68451ba487303 (patch)
tree6f2499c6283dda9e6ab8f75342906284e7ff50fd
parent82d9e178146555c8bd72b1da39eeb0cf057783df (diff)
downloadrancid-42de2e53682c49b050f19fdbaaf68451ba487303.tar.gz
rancid-42de2e53682c49b050f19fdbaaf68451ba487303.tar.xz
rancid-42de2e53682c49b050f19fdbaaf68451ba487303.zip
Imported from rancid-1.2.tar.gz.rancid-1.2
-rw-r--r--CHANGES14
-rw-r--r--README15
-rwxr-xr-xbin/clogin15
-rwxr-xr-xbin/clogin.orig472
-rw-r--r--cloginrc.sample (renamed from .cloginrc.sample)0
5 files changed, 35 insertions, 481 deletions
diff --git a/CHANGES b/CHANGES
new file mode 100644
index 0000000..1a091c0
--- /dev/null
+++ b/CHANGES
@@ -0,0 +1,14 @@
+1.2
+ add more info/clarification to README for install.
+
+ rename .cloginrc.sample -> cloginrc.sample.
+
+ clogin patch (courtesy stephen stuart); does two things:
+
+ - adds a "-x" switch that takes lines from a file and does the same
+ thing as if you'd specified ;-separated commands with -c (newline
+ separates commands)
+
+ - does a subst on commands in run_commands so that expansion of
+ escapes is performed; e.g. you can say "copy rcp://blah slot0:\r" to
+ answer the question that comes after the copy command.
diff --git a/README b/README
index 6cf53a0..efaeefd 100644
--- a/README
+++ b/README
@@ -34,14 +34,15 @@ tcl - required by expect
Quick Installation Guide (an example):
1) mkdir <basedir>
- All rancid crud will be under this directory.
+ All rancid crud will be under this directory. we chose /home/rancid.
2) mkdir <basedir>/bin
-3) Put the contents of rancid in <basedir>/bin. modify the location of
- perl and expect in each of clogin, par, rancid, and rename if necessary.
+3) Put the contents of rancid/bin in <basedir>/bin. modify the location of
+ perl and expect in each of clogin, par, rancid, rancid-fe, jlogin,
+ jrancid and rename if necessary.
-4) Modify env.
+4) Modify <basedir>/bin/env.
5) Put .cloginrc in your home directory.
@@ -80,13 +81,13 @@ Quick Installation Guide (an example):
is either up or down. Each router listed as "up" will have the
configuration grabbed.
-12) Put run-me/do-diffs in cron to be called however ofter you want it to run
+12) Put run-me/do-diffs in cron to be called however often you want it to run
for each group (run-me <GROUP>). eg:
# run config differ hourly
- 1 * * * * $HOME/bin/do-diffs
+ 1 * * * * <BASEDIR>/bin/do-diffs
# clean out hourly differ logs
- 50 23 * * * /usr/bin/find $BASEDIR/logs -mtime +2 -exec rm {} \;
+ 50 23 * * * /usr/bin/find <BASEDIR>/logs -mtime +2 -exec rm {} \;
13) Send me any bugs, suggestions or updates (rancid@shrubbery.net).
diff --git a/bin/clogin b/bin/clogin
index e8f487b..b8b693e 100755
--- a/bin/clogin
+++ b/bin/clogin
@@ -136,6 +136,17 @@ for {set i 0} {$i < $argc} {incr i} {
-T* {
incr i
set timeout [ lindex $argv $i ]
+ } -x* -
+ -X {
+ if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
+ incr i
+ set cmd_file [ lindex $argv $i ]
+ }
+ set cmd_fd [open $cmd_file r]
+ set cmd_text [read $cmd_fd]
+ close $cmd_fd
+ set command [join [split $cmd_text \n] \;]
+ set do_command 1
# Do we enable?
} -noenable {
set enable 0
@@ -345,7 +356,7 @@ proc run_commands { prompt command } {
set num_commands [llength $commands]
for {set i 0} {$i < $num_commands} { incr i} {
- send "[lindex $commands $i]\r"
+ send "[subst [lindex $commands $i]]\r"
expect {
-re "^\[^\n\r]*$prompt." { exp_continue }
-re "^\[^\n\r *]*$prompt" {}
@@ -353,7 +364,7 @@ proc run_commands { prompt command } {
}
}
} else {
- send "$command\r"
+ send "[subst $command]\r"
expect {
-re "^\[^\n\r]*$prompt." { exp_continue }
-re "^\[^\n\r *]*$prompt" {}
diff --git a/bin/clogin.orig b/bin/clogin.orig
deleted file mode 100755
index ddd06af..0000000
--- a/bin/clogin.orig
+++ /dev/null
@@ -1,472 +0,0 @@
-#!/usr/local/bin/expect --
-##
-##
-## Copyright (C) 1997 by Henry Kilmer, Erik Sherk and Pete Whiting.
-## All rights reserved.
-##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
-##
-## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
-## responsibility and liability with respect to this software's usage
-## or its effect upon hardware, computer systems, other software, or
-## anything else.
-##
-##
-#
-# clogin - Cisco login
-#
-# Most options are intuitive for logging into a Cisco router.
-# The default is to enable (thus -noenable). Some folks have
-# setup tacacs to have a user login at priv-lvl = 15 (enabled)
-# so the -autoenable flag was added for this case (don't go through
-# the process of enabling and the prompt will be the "#" prompt.
-# The default username password is the same as the vty password.
-#
-
-# Usage line
-set usage "Usage: $argv0 \[-u user\] \[-p user-password\] \[-v vty-password\] \
-\[-w enable-username\] \[-e enable-password\] \[-noenable\] \
-\[-f cloginrc-file\] \[-c command\] \[-s script-file\] \[-autoenable\] \
-\[-t timeout\] router \[router...\]\n"
-
-# env(CLOGIN) may contain:
-# x == do not set xterm banner or name
-
-# Password file
-set password_file $env(HOME)/.cloginrc
-# Default is to login to the router
-set do_command 0
-set do_script 0
-# The default is to automatically enable
-set enable 1
-# The default is that you login non-enabled (tacacs can have you login already enabled)
-set autoenable 0
-# The default is to look in the password file to find the passwords. This
-# tracks if we receive them on the command line.
-set do_passwd 1
-set do_enapasswd 1
-
-# Find the user in the ENV, or use the unix userid.
-if {[ info exists env(CISCO_USER) ] } {
- set default_user $env(CISCO_USER)
-} else {
- # This uses "id" which I think is portable. At least it has existed
- # (without options) on all machines/OSes I've been on recently -
- # unlike whoami or id -nu.
- regexp {\(([^)]*)} [exec id] junk default_user
-}
-
-# Sometimes routers take awhile to answer (the default is 10 sec)
-set timeout 45
-
-# Process the command line
-for {set i 0} {$i < $argc} {incr i} {
- set arg [lindex $argv $i]
-
- switch -glob -- $arg {
- # Username
- -u* -
- -U* {
- if {! [ regexp .\[uU\](.+) $arg ignore user]} {
- incr i
- set username [ lindex $argv $i ]
- }
- # VTY Password
- } -p* -
- -P* {
- if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} {
- incr i
- set userpasswd [ lindex $argv $i ]
- }
- set do_passwd 0
- # VTY Password
- } -v* -
- -v* {
- if {! [ regexp .\[vV\](.+) $arg ignore passwd]} {
- incr i
- set passwd [ lindex $argv $i ]
- }
- set do_passwd 0
- # Enable Username
- } -w* -
- -W* {
- if {! [ regexp .\[wW\](.+) $arg ignore enauser]} {
- incr i
- set enausername [ lindex $argv $i ]
- }
- # Enable Password
- } -e* -
- -E* {
- if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} {
- incr i
- set enapasswd [ lindex $argv $i ]
- }
- set do_enapasswd 0
- # Command to run.
- } -c* -
- -C* {
- if {! [ regexp .\[cC\](.+) $arg ignore command]} {
- incr i
- set command [ lindex $argv $i ]
- }
- set do_command 1
- # Expect script to run.
- } -s* -
- -S* {
- if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
- incr i
- set sfile [ lindex $argv $i ]
- }
- if { ! [ file readable $sfile ] } {
- send_user "Error: Can't read $sfile\n"
- exit 1
- }
- set do_script 1
- # alternate cloginrc file
- } -f* -
- -F* {
- if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
- incr i
- set password_file [ lindex $argv $i ]
- }
- } -t* -
- -T* {
- incr i
- set timeout [ lindex $argv $i ]
- # Do we enable?
- } -noenable {
- set enable 0
- # Does tacacs automatically enable us?
- } -autoenable {
- set autoenable 1
- set enable 0
- } -* {
- send_user "Error: Unknown argument! $arg\n"
- send_user $usage
- exit 1
- } default {
- break
- }
- }
-}
-# Process routers...no routers listed is an error.
-if { $i == $argc } {
- send_user "Error: $usage"
-}
-
-# Only be quiet if we are running a script (it can log its output
-# on its own)
-if { $do_script } {
- log_user 0
-} else {
- log_user 1
-}
-
-#
-# Done configuration/variable setting. Now run with it...
-#
-
-# Sets Xterm title if interactive...if its an xterm and the user cares
-proc label { host } {
- global env
- # if CLOGIN has an 'x' in it, don't set the xterm name/banner
- if [info exists env(CLOGIN)] {
- if {[string first "x" $env(CLOGIN)] != -1} { return }
- }
- # take host from ENV(TERM)
- if [info exists env(TERM)] {
- if [regexp \^(xterm|vs) $env(TERM) ignore ] {
- send_user "\033]1;[lindex [split $host "."] 0]\a"
- send_user "\033]2;$host\a"
- }
- }
-}
-
-# This is a helper function to make the password file easier to
-# maintain. Using this the password file has the form:
-# add password sl* pete cow
-# add password at* steve
-# add password * hanky-pie
-proc add {var args} { global $var ;lappend $var $args}
-proc find {var router} {
- source_password_file
- upvar $var list
- if { [info exists list] } {
- foreach line $list {
- if { [string match [lindex $line 0] $router ] } {
- return [lrange $line 1 end]
- }
- }
- }
- return {}
-}
-
-# Loads the password file. Note that as this file is tcl, and that
-# it is sourced, the user better know what to put in there, as it
-# could install more than just password info... I will assume however,
-# that a "bad guy" could just as easy put such code in the clogin
-# script, so I will leave .cloginrc as just an extention of that script
-proc source_password_file { } {
- global env password_file read_password_file
- if { [info exists read_password_file] } { return }
- if { [info exists password_file] == 0 } {
- set password_file $env(HOME)/.cloginrc
- }
- set read_password_file 1
- file stat $password_file fileinfo
- if { [expr ($fileinfo(mode) & 007)] != 0000 } {
- send_user "Error: $password_file must not be world readable/writable\n"
- exit 1
- }
- source $password_file
-}
-
-# Log into the router.
-proc login { router user userpswd passwd enapasswd prompt } {
- global spawn_id in_proc do_command do_script
- set in_proc 1
-
- # Telnet to the router & try to login.
- if [ catch {spawn telnet $router} reason ] {
- send_user "Error: failed to telnet: $reason\n"
- exit 1
- }
- sleep 0.3
-
- # This helps cleanup each expect clause.
- expect_after {
- timeout {
- send_user "\nError: TIMEOUT reached\n"
- close; wait
- if { $in_proc} {
- return 1
- } else {
- continue
- }
- } eof {
- send_user "\nError: EOF received\n"
- close; wait
- if { $in_proc} {
- return 1
- } else {
- continue
- }
- }
- }
-
- # Here we get a little tricky. There are several possibilities:
- # the router can ask for a username and passwd and then
- # talk to the TACACS server to authenticate you, or if the
- # TACACS server is not working, then it will use the enable
- # passwd. Or, the router might not have TACACS turned on,
- # then it will just send the passwd.
- expect {
- eof { send_user "Error: Couldn't login\n"; wait; return 1 }
- "Connection refused" {
- expect eof
- send_user "Error: Connection Refused\n"; wait; return 1
- } "Unknown host\r\n" {
- expect eof
- send_user "Error: Unknown host\n"; wait; return 1
- } "Host is unreachable" {
- expect eof
- send_user "Error: Host Unreachable!\n"; wait; return 1
- } "No address associated with name" {
- expect eof
- send_user "Error: Unknown host\n"; wait; return 1
- }
- -re "(Username|login):" { send "$user\r"
- expect {
- eof { send_user "Error: Couldn't login\n"; wait; return 1 }
- -re "\[Pp]assword:" { send "$userpswd\r" }
- "$prompt" { set in_proc 0; return 0 }
- }
- exp_continue
- }
- "Password:" { send "$passwd\r"
- expect {
- eof { send_user "Error: Couldn't login\n"; wait; return 1 }
- "Password:" { send "$enapasswd\r" }
- "$prompt" { set in_proc 0; return 0 }
- }
- exp_continue
- }
- "$prompt" { }
- denied { send_user "Error: Check your passwd for $router\n"
- if { $do_command || $do_script } {
- send "quit"
- wait
- return 1
- } else {
- return 1
- }
- }
- "% Bad passwords" {send_user "Error: Check your passwd for $router\n"; return 1 }
- }
- set in_proc 0
- return 0
-}
-
-# Enable
-proc do_enable { enauser enapasswd } {
- global prompt in_proc
- set in_proc 1
-
- send "enable\r"
- expect {
- "Username:" { send "$enauser\r"; exp_continue}
- "Password:" { send "$enapasswd\r"; exp_continue}
- "#" { }
- denied { send_user "Error: Check your Enable passwd\n"; return 1}
- "% Bad passwords" { send_user "Error: Check your Enable passwd\n"
- return 1
- }
- }
- # Set the prompt variable so script files don't need to know what it is.
- set prompt "#"
- set in_proc 0
- return 0
-}
-
-# Run commands given on the command line.
-proc run_commands { prompt command } {
- global in_proc
- set in_proc 1
-
- send "term length 0\r"
- expect $prompt {}
-
- # Is this a multi-command?
- if [ string match "*\;*" "$command" ] {
- set commands [split $command \;]
- set num_commands [llength $commands]
-
- for {set i 0} {$i < $num_commands} { incr i} {
- send "[lindex $commands $i]\r"
- expect {
- -re "^\[^\n\r]*$prompt." { exp_continue }
- -re "^\[^\n\r *]*$prompt" {}
- "\n" { exp_continue }
- }
- }
- } else {
- send "$command\r"
- expect {
- -re "^\[^\n\r]*$prompt." { exp_continue }
- -re "^\[^\n\r *]*$prompt" {}
- "\n" { exp_continue }
- }
- }
- send "exit\r"
- expect {
- "\n" { exp_continue }
- timeout { return 0 }
- eof { return 0 }
- }
- set in_proc 0
-}
-
-#
-# For each router... (this is main loop)
-#
-set in_proc 0
-foreach router [lrange $argv $i end] {
- set router [string tolower $router]
- send_user "$router\n"
-
- # Figure out prompt.
- # Since autoenable is off by default, if we have it defined, it
- # was done on the command line. If it is not specifically set on the
- # command line, check the password file.
- if $autoenable {
- set prompt "#"
- } else {
- set ae [find autoenable $router]
- if { "$ae" == "1" } {
- set autoenable 1
- set enable 0
- set prompt "#"
- } else {
- set autoenable 0
- set prompt ">"
- }
- }
-
- # Figure out passwords
- if { $do_passwd || $do_enapasswd } {
- set pswd [find password $router]
- if { [llength $pswd] == 0 } {
- send_user "Error - no password for $router in $password_file.\n"
- continue
- }
- if { $do_enapasswd && !$autoenable && [llength $pswd] < 2 } {
- send_user "Error - no enable password for $router in $password_file."
- continue
- }
- set passwd [lindex $pswd 0]
- set enapasswd [lindex $pswd 1]
- }
-
- # Figure out username
- if {[info exists username]} {
- # command line username
- set user $username
- } else {
- set user [find user $router]
- if { "$user" == "" } { set user $default_user }
- }
-
- # Figure out username's password (if different from the vty password)
- if {[info exists userpasswd]} {
- # command line username
- set userpswd $userpasswd
- } else {
- set userpswd [find userpassword $router]
- if { "$userpswd" == "" } { set userpswd $passwd }
- }
-
- # Figure out enable username
- if {[info exists enausername]} {
- # command line enausername
- set enauser $enausername
- } else {
- set enauser [find enauser $router]
- if { "$enauser" == "" } { set enauser $user }
- }
-
- # Login to the router
- if {[login $router $user $userpswd $passwd $enapasswd $prompt]} {
- continue
- }
- if { $enable } {
- if {[do_enable $enauser $enapasswd]} {
- if { $do_command || $do_script } {
- close; wait
- continue
- }
- }
- }
-
- if { $do_command } {
- if {[run_commands $prompt $command]} {
- continue
- }
- } elseif { $do_script } {
- send "term length 0\r"
- expect $prompt {}
- source $sfile
- close
- } else {
- label $router
- log_user 1
- interact
- }
-
- # End of for each router
- wait
- sleep 0.3
-}
-exit 0
diff --git a/.cloginrc.sample b/cloginrc.sample
index 71cd704..71cd704 100644
--- a/.cloginrc.sample
+++ b/cloginrc.sample