diff options
Diffstat (limited to 'bin/flogin.in')
-rw-r--r-- | bin/flogin.in | 105 |
1 files changed, 60 insertions, 45 deletions
diff --git a/bin/flogin.in b/bin/flogin.in index 169e522..5c8813d 100644 --- a/bin/flogin.in +++ b/bin/flogin.in @@ -1,8 +1,9 @@ #! @EXPECT_PATH@ -- ## -## $Id: flogin.in,v 1.32 2004/01/11 05:39:15 heas Exp $ +## $Id: flogin.in,v 1.47 2006/12/08 21:28:26 heas Exp $ ## -## Copyright (C) 1997-2004 by Terrapin Communications, Inc. +## @PACKAGE@ @VERSION@ +## Copyright (C) 1997-2006 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed @@ -50,7 +51,7 @@ set password_file $env(HOME)/.cloginrc set do_command 0 set do_script 0 # The default is to automatically enable -set enable 1 +set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 @@ -60,7 +61,7 @@ set do_passwd 1 set do_enapasswd 1 # Find the user in the ENV, or use the unix userid. -if {[ info exists env(CISCO_USER) ] } { +if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) @@ -73,9 +74,12 @@ if {[ info exists env(CISCO_USER) ] } { if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 - } + } regexp {\(([^)]*)} "$reason" junk default_user -} +} +if {[ info exists env(CLOGINRC) ]} { + set password_file $env(CLOGINRC) +} # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 @@ -101,13 +105,16 @@ for {set i 0} {$i < $argc} {incr i} { } set do_passwd 0 # VTY Password - } -v* - - -v* { + } -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 + # Version string + } -V* { + send_user "@PACKAGE@ @VERSION@\n" + exit 0 # Enable Username } -w* - -W* { @@ -186,11 +193,11 @@ for {set i 0} {$i < $argc} {incr i} { set do_command 1 # Do we enable? } -noenable { - set enable 0 + set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 - set enable 0 + set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage @@ -244,9 +251,9 @@ proc include {args} { regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args - } + } source_password_file $args -} +} proc find {var router} { upvar int_$var list @@ -264,7 +271,7 @@ proc find {var router} { # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin -# script, so I will leave .cloginrc as just an extention of that script +# script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { @@ -283,6 +290,7 @@ proc source_password_file { password_file } { } # Log into the router. +# returns: 0 on success, 1 on failure proc login { router user userpswd passwd enapasswd cmethod cyphertype } { global spawn_id in_proc do_command do_script platform global prompt u_prompt p_prompt e_prompt sshcmd @@ -292,6 +300,7 @@ proc login { router user userpswd passwd enapasswd cmethod cyphertype } { # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { + incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { @@ -301,23 +310,23 @@ proc login { router user userpswd passwd enapasswd cmethod cyphertype } { } if { $retval } { send_user "\nError: telnet failed: $reason\n" - exit 1 + return 1 } } elseif ![string compare $prog "ssh"] { if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] { send_user "\nError: $sshcmd failed: $reason\n" - exit 1 + return 1 } } elseif ![string compare $prog "rsh"] { - if [ catch {spawn rsh -l $user $router} reason ] { - send_user "\nError: rsh failed: $reason\n" - exit 1 + send_error "\nError: unsupported method: rsh\n" + if { $progs == 0 } { + return 1 } + continue; } else { - puts "\nError: unknown connection method: $prog" + send_user "\nError: unknown connection method: $prog\n" return 1 } - incr progs -1 sleep 0.3 # This helps cleanup each expect clause. @@ -354,15 +363,15 @@ proc login { router user userpswd passwd enapasswd cmethod cyphertype } { if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 - } + } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 - } - } + } + } -re "Telnet server disabled" { catch {close}; wait if !$progs { @@ -500,12 +509,14 @@ proc run_commands { prompt command } { } send "exit\r" expect { - "\n" { exp_continue } - -re "^\[^ ]+>" { - send "exit\r" - exp_continue } - timeout { return 0 } - eof { return 0 } + "\n" { exp_continue } + -re "^\[^ ]+>" { send "exit\r" + exp_continue + } + timeout { catch {close}; wait + return 0 + } + eof { return 0 } } set in_proc 0 } @@ -535,6 +546,7 @@ foreach router [lrange $argv $i end] { set prompt "#" } else { set autoenable 0 + set enable $avenable set prompt ">" } } @@ -545,23 +557,26 @@ foreach router [lrange $argv $i end] { if { [llength $pswd] == 0 } { send_user "\nError: no password for $router in $password_file.\n" continue - } + } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] + } else { + set passwd $userpasswd + set enapasswd $enapasswd } # Figure out username - if {[info exists username]} { + if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } - } + } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { @@ -569,22 +584,22 @@ foreach router [lrange $argv $i end] { set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] - if { "$userpswd" == "" } { set userpswd $passwd } - } - + if { "$userpswd" == "" } { set userpswd $passwd } + } + # Figure out enable username - if {[info exists enausername]} { + if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] - if { "$enauser" == "" } { set enauser $ruser } - } + if { "$enauser" == "" } { set enauser $ruser } + } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { - set u_prompt "(Username|login|Name|User Name):" + set u_prompt "(Username|login|Name|User Name) *:" } else { set u_prompt [join [lindex $u_prompt 0] ""] } @@ -614,18 +629,18 @@ foreach router [lrange $argv $i end] { set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } - # Figure out the SSH executable name - set sshcmd [find sshcmd $router] - if { "$sshcmd" == "" } { set sshcmd {ssh} } + # Figure out the SSH executable name + set sshcmd [find sshcmd $router] + if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { continue } - if { $enable } { + if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { - close; wait + catch {close}; catch {wait} continue } } @@ -642,7 +657,7 @@ foreach router [lrange $argv $i end] { source $sfile close } else { - label $router + label $router log_user 1 interact } |