summaryrefslogtreecommitdiffstats
path: root/bin/alogin.in
diff options
context:
space:
mode:
Diffstat (limited to 'bin/alogin.in')
-rw-r--r--bin/alogin.in241
1 files changed, 4 insertions, 237 deletions
diff --git a/bin/alogin.in b/bin/alogin.in
index 8937b95..c0e5c40 100644
--- a/bin/alogin.in
+++ b/bin/alogin.in
@@ -1,6 +1,6 @@
#! @EXPECT_PATH@ --
-##
-## $Id: alogin.in,v 1.23 2004/02/02 17:38:36 heas Exp $
+#
+## $Id: alogin.in,v 1.24 2004/12/24 21:00:31 tex Exp $
##
## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
## All rights reserved.
@@ -27,241 +27,8 @@
# (andrew fort)
#
-# Usage line
-set usage "Usage: $argv0 \[-c command\] \
-\[-Evar=x\] \[-f cloginrc-file\] \
-\[-s script-file\] \[-t timeout\] \[-u username\] \
-\[-v vty-password\] \[-x command-file\] \
-\[-y ssh_cypher_type\] router \[router...\]\n"
-
-# env(CLOGIN) may contain:
-# x == do not set xterm banner or name
-
-# Password file
-set password_file $env(HOME)/.cloginrc
-# Default is to login to the router
-set do_command 0
-set do_script 0
-# The default is to automatically enable
-set avenable 1
-# The default is that you login non-enabled (tacacs can have you login already
-# enabled)
-set avautoenable 0
-# The default is to look in the password file to find the passwords. This
-# tracks if we receive them on the command line.
-set do_passwd 1
-
-# Find the user in the ENV, or use the unix userid.
-if {[ info exists env(CISCO_USER) ] } {
- set default_user $env(CISCO_USER)
-} elseif {[ info exists env(USER) ]} {
- set default_user $env(USER)
-} elseif {[ info exists env(LOGNAME) ]} {
- set default_user $env(LOGNAME)
-} else {
- # This uses "id" which I think is portable. At least it has existed
- # (without options) on all machines/OSes I've been on recently -
- # unlike whoami or id -nu.
- if [ catch {exec id} reason ] {
- send_error "\nError: could not exec id: $reason\n"
- exit 1
- }
- regexp {\(([^)]*)} "$reason" junk default_user
-}
-
-# Sometimes routers take awhile to answer (the default is 10 sec)
-set timeout 45
-
-# Process the command line
-for {set i 0} {$i < $argc} {incr i} {
- set arg [lindex $argv $i]
-
- switch -glob -- $arg {
- # Username
- -u* -
- -U* {
- if {! [ regexp .\[uU\](.+) $arg ignore user]} {
- incr i
- set username [ lindex $argv $i ]
- }
- # VTY Password
- } -v* -
- -v* {
- if {! [ regexp .\[vV\](.+) $arg ignore passwd]} {
- incr i
- set passwd [ lindex $argv $i ]
- }
- set do_passwd 0
- # Enable Username
- } -w* -
- -W* {
- # ignore -w
- # Environment variable to pass to -s scripts
- } -E*
- {
- if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
- incr i
- set E$varname $varvalue
- } else {
- send_user "\nError: invalid format for -E in $arg\n"
- exit 1
- }
- # Enable Password
- } -e*
- {
- # ignore -e
- # Command to run.
- } -c* -
- -C* {
- if {! [ regexp .\[cC\](.+) $arg ignore command]} {
- incr i
- set command [ lindex $argv $i ]
- }
- set do_command 1
- # Expect script to run.
- } -s* -
- -S* {
- if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
- incr i
- set sfile [ lindex $argv $i ]
- }
- if { ! [ file readable $sfile ] } {
- send_user "\nError: Can't read $sfile\n"
- exit 1
- }
- set do_script 1
- # 'ssh -c' cypher type
- } -y* -
- -Y* {
- if {! [ regexp .\[eE\](.+) $arg ignore cypher]} {
- incr i
- set cypher [ lindex $argv $i ]
- }
- # alternate cloginrc file
- } -f* -
- -F* {
- if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
- incr i
- set password_file [ lindex $argv $i ]
- }
- # Timeout
- } -t* -
- -T* {
- if {! [ regexp .\[tT\](.+) $arg ignore timeout]} {
- incr i
- set timeout [ lindex $argv $i ]
- }
- # Command file
- } -x* -
- -X {
- if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
- incr i
- set cmd_file [ lindex $argv $i ]
- }
- if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
- send_user "\nError: $reason\n"
- exit 1
- }
- set cmd_text [read $cmd_fd]
- close $cmd_fd
- set command [join [split $cmd_text \n] \;]
- set do_command 1
- # Do we enable?
- } -noenable {
- # ignore -noenable
- # Does tacacs automatically enable us?
- } -autoenable {
- # ignore -autoenable
- } -* {
- send_user "\nError: Unknown argument! $arg\n"
- send_user $usage
- exit 1
- } default {
- break
- }
- }
-}
-# Process routers...no routers listed is an error.
-if { $i == $argc } {
- send_user "\nError: $usage"
-}
-
-# Only be quiet if we are running a script (it can log its output
-# on its own)
-if { $do_script } {
- log_user 0
-} else {
- log_user 1
-}
-
-#
-# Done configuration/variable setting. Now run with it...
-#
-
-# Sets Xterm title if interactive...if its an xterm and the user cares
-proc label { host } {
- global env
- # if CLOGIN has an 'x' in it, don't set the xterm name/banner
- if [info exists env(CLOGIN)] {
- if {[string first "x" $env(CLOGIN)] != -1} { return }
- }
- # take host from ENV(TERM)
- if [info exists env(TERM)] {
- if [regexp \^(xterm|vs) $env(TERM) ignore ] {
- send_user "\033]1;[lindex [split $host "."] 0]\a"
- send_user "\033]2;$host\a"
- }
- }
-}
-
-# This is a helper function to make the password file easier to
-# maintain. Using this the password file has the form:
-# add password sl* pete cow
-# add password at* steve
-# add password * hanky-pie
-proc add {var args} { global int_$var ; lappend int_$var $args}
-proc include {args} {
- global env
- regsub -all "(^{|}$)" $args {} args
- if { [ regexp "^/" $args ignore ] == 0 } {
- set args $env(HOME)/$args
- }
- source_password_file $args
-}
-
-proc find {var router} {
- upvar int_$var list
- if { [info exists list] } {
- foreach line $list {
- if { [string match [lindex $line 0] $router ] } {
- return [lrange $line 1 end]
- }
- }
- }
- return {}
-}
-
-# Loads the password file. Note that as this file is tcl, and that
-# it is sourced, the user better know what to put in there, as it
-# could install more than just password info... I will assume however,
-# that a "bad guy" could just as easy put such code in the clogin
-# script, so I will leave .cloginrc as just an extention of that script
-proc source_password_file { password_file } {
- global env
- if { ! [file exists $password_file] } {
- send_user "\nError: password file ($password_file) does not exist\n"
- exit 1
- }
- file stat $password_file fileinfo
- if { [expr ($fileinfo(mode) & 007)] != 0000 } {
- send_user "\nError: $password_file must not be world readable/writable\n"
- exit 1
- }
- if [ catch {source $password_file} reason ] {
- send_user "\nError: $reason\n"
- exit 1
- }
-}
+# alogin: doesn't understand enable. It will just ignore the enable options.
+@INCLUDE login.top@
# Log into the router.
proc login { router user userpswd passwd prompt cmethod cyphertype } {