1 files changed, 64 insertions, 31 deletions

diff --git a/bin/flogin.in b/bin/flogin.in
index 1a34068..169e522 100755..100644
--- a/bin/flogin.in
+++ b/bin/flogin.in
@@ -1,21 +1,26 @@
-#!@EXPECT_PATH@ --
+#! @EXPECT_PATH@ --
 ##
+## $Id: flogin.in,v 1.32 2004/01/11 05:39:15 heas Exp $
 ##
-## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting.
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
 ## All rights reserved.
 ##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
-## 
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
 ## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
+## It is provided solely "as is".  The author(s) disclaim(s) all
 ## responsibility and liability with respect to this software's usage
 ## or its effect upon hardware, computer systems, other software, or
 ## anything else.
 ##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
 ##
 #
+# The login expect scripts were based on Erik Sherk's gwtn, by permission.
+#
 # flogin - foundry login
 #
 # Most options are intuitive for logging into a foundry switch.
@@ -46,8 +51,9 @@ set do_command 0
 set do_script 0
 # The default is to automatically enable
 set enable 1
-# The default is that you login non-enabled (tacacs can have you login already enabled)
-set autoenable 0
+# The default is that you login non-enabled (tacacs can have you login already
+# enabled)
+set avautoenable 0
 # The default is to look in the password file to find the passwords.  This
 # tracks if we receive them on the command line.
 set do_passwd 1
@@ -58,6 +64,8 @@ if {[ info exists env(CISCO_USER) ] } {
     set default_user $env(CISCO_USER)
 } elseif {[ info exists env(USER) ]} {
     set default_user $env(USER)
+} elseif {[ info exists env(LOGNAME) ]} {
+    set default_user $env(LOGNAME)
 } else {
     # This uses "id" which I think is portable.  At least it has existed
     # (without options) on all machines/OSes I've been on recently -
@@ -113,7 +121,7 @@ for {set i 0} {$i < $argc} {incr i} {
 	    if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
 		set E$varname $varvalue
 	    } else {
-		send_user "Error: invalid format for -E in $arg\n"
+		send_user "\nError: invalid format for -E in $arg\n"
 		exit 1
 	    }
 	# Enable Password
@@ -181,7 +189,7 @@ for {set i 0} {$i < $argc} {incr i} {
 	    set enable 0
 	# Does tacacs automatically enable us?
 	} -autoenable {
-	    set autoenable 1
+	    set avautoenable 1
 	    set enable 0
 	} -* {
 	    send_user "\nError: Unknown argument! $arg\n"
@@ -277,7 +285,7 @@ proc source_password_file { password_file } {
 # Log into the router.
 proc login { router user userpswd passwd enapasswd cmethod cyphertype } {
     global spawn_id in_proc do_command do_script platform
-    global prompt u_prompt p_prompt e_prompt
+    global prompt u_prompt p_prompt e_prompt sshcmd
     set in_proc 1
     set uprompt_seen 0
 
@@ -296,8 +304,8 @@ proc login { router user userpswd passwd enapasswd cmethod cyphertype } {
 		exit 1
 	    }
 	} elseif ![string compare $prog "ssh"] {
-	    if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] {
-		send_user "\nError: ssh failed: $reason\n"
+	    if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] {
+		send_user "\nError: $sshcmd failed: $reason\n"
 		exit 1
 	    }
 	} elseif ![string compare $prog "rsh"] {
@@ -341,24 +349,39 @@ proc login { router user userpswd passwd enapasswd cmethod cyphertype } {
     # then it will just send the passwd.
     # if telnet fails with connection refused, try ssh
     expect {
-	-re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by|Telnet server disabled)" {
+	-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
+	    catch {close}; wait
+	    if !$progs {
+		send_user "\nError: Connection Refused ($prog): $router\n"
+		return 1
+	    } 
+	}
+	-re "(Connection closed by|Connection to \[^\n\r]+ closed)" {
 	    catch {close}; wait
 	    if !$progs {
-		send_user "\nError: Connection Refused ($prog)\n"; return 1
+		send_user "\nError: Connection closed ($prog): $router\n"
+		return 1
+	    }   
+	}   
+	-re "Telnet server disabled" {
+	    catch {close}; wait
+	    if !$progs {
+		send_user "\nError: Connection Refused ($prog): $router\n"
+		return 1
 	    }
 	}
 	eof { send_user "\nError: Couldn't login\n"; wait; return 1 }
 	-nocase "unknown host\r" {
 	    catch {close};
-	    send_user "\nError: Unknown host\n"; wait; return 1
+	    send_user "\nError: Unknown host $router\n"; wait; return 1
 	}
 	"Host is unreachable" {
 	    catch {close};
-	    send_user "\nError: Host Unreachable!\n"; wait; return 1
+	    send_user "\nError: Host Unreachable: $router\n"; wait; return 1
 	}
 	"No address associated with name" {
 	    catch {close};
-	    send_user "\nError: Unknown host\n"; wait; return 1
+	    send_user "\nError: Unknown host $router\n"; wait; return 1
 	}
 	-re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" {
 	    send "yes\r"
@@ -406,7 +429,7 @@ proc login { router user userpswd passwd enapasswd cmethod cyphertype } {
 				}
 	"$prompt"		{ break; }
 	"Login invalid"		{
-				  send_user "\nError: Invalid login\n";
+				  send_user "\nError: Invalid login: $router\n";
 				  catch {close}; wait; return 1
 				}
      }
@@ -432,6 +455,10 @@ proc do_enable { enauser enapasswd } {
 	denied		{ send_user "\nError: Check your Enable passwd\n";
 			  return 1
 			}
+	"Incorrect username or password" {
+			  send_user "\nError: Check your Enable passwd\n";
+			  return 1
+			}
 	"% Bad passwords" { send_user "\nError: Check your Enable passwd\n";
 			  return 1
 			}
@@ -496,7 +523,9 @@ foreach router [lrange $argv $i end] {
     # Since autoenable is off by default, if we have it defined, it
     # was done on the command line. If it is not specifically set on the
     # command line, check the password file.
-    if $autoenable {
+    if $avautoenable {
+	set autoenable 1
+	set enable 0
 	set prompt "#"
     } else {
 	set ae [find autoenable $router]
@@ -514,15 +543,15 @@ foreach router [lrange $argv $i end] {
     if { $do_passwd || $do_enapasswd } {
       set pswd [find password $router]
       if { [llength $pswd] == 0 } {
-        send_user "Error: no password for $router in $password_file.\n"
+        send_user "\nError: no password for $router in $password_file.\n"
         continue
       } 
       if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {
-	send_user "Error: no enable password for $router in $password_file.\n"
+	send_user "\nError: no enable password for $router in $password_file.\n"
         continue
       }
-     set passwd [lindex $pswd 0]
-     set enapasswd [lindex $pswd 1]  
+     set passwd [join [lindex $pswd 0] ""]
+     set enapasswd [join [lindex $pswd 1] ""]
     }
 
     # Figure out username
@@ -530,7 +559,7 @@ foreach router [lrange $argv $i end] {
       # command line username
       set ruser $username
     } else {
-      set ruser [find user $router] 
+      set ruser [join [find user $router] ""]
       if { "$ruser" == "" } { set ruser $default_user }
     } 
 
@@ -539,7 +568,7 @@ foreach router [lrange $argv $i end] {
       # command line username
       set userpswd $userpasswd
     } else {
-      set userpswd [find userpassword $router] 
+      set userpswd [join [find userpassword $router] ""]
       if { "$userpswd" == "" } { set userpswd $passwd } 
     } 
     
@@ -548,7 +577,7 @@ foreach router [lrange $argv $i end] {
       # command line enausername
       set enauser $enausername
     } else {
-      set enauser [find enauser $router] 
+      set enauser [join [find enauser $router] ""]
       if { "$enauser" == "" } { set enauser $ruser } 
     } 
 
@@ -557,19 +586,19 @@ foreach router [lrange $argv $i end] {
     if { "$u_prompt" == "" } {
 	set u_prompt "(Username|login|Name|User Name):"
     } else {
-	set u_prompt [lindex $u_prompt 0]
+	set u_prompt [join [lindex $u_prompt 0] ""]
     }
     set p_prompt [find passprompt $router]
     if { "$p_prompt" == "" } {
 	set p_prompt "(\[Pp]assword):"
     } else {
-	set p_prompt [lindex $p_prompt 0]
+	set p_prompt [join [lindex $p_prompt 0] ""]
     }
     set e_prompt [find enableprompt $router]
     if { "$e_prompt" == "" } {
 	set e_prompt "\[Pp]assword:"
     } else {
-	set e_prompt [lindex $e_prompt 0]
+	set e_prompt [join [lindex $e_prompt 0] ""]
     }
 
     # Figure out cypher tpye
@@ -585,6 +614,10 @@ foreach router [lrange $argv $i end] {
     set cmethod [find method $router]
     if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }
 
+    # Figure out the SSH executable name  
+    set sshcmd [find sshcmd $router]  
+    if { "$sshcmd" == "" } { set sshcmd {ssh} }  
+
     # Login to the router
     if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} {
 	continue