diff options
Diffstat (limited to 'bin/francid.in')
| -rwxr-xr-x | bin/francid.in | 53 |
1 files changed, 39 insertions, 14 deletions
diff --git a/bin/francid.in b/bin/francid.in index f494ea6..b03052e 100755 --- a/bin/francid.in +++ b/bin/francid.in @@ -1,7 +1,7 @@ #!@PERLV_PATH@ ## ## Amazingly hacked version of Hank's rancid - this one tries to -## deal with foundrys. +## deal with foundrys and foundrys OEM'd by HP as Procurves. ## ## Copyright (C) 1997-2001 by Henry Kilmer. ## All rights reserved. @@ -32,6 +32,8 @@ $clean_run = 0; $found_end = 0; $timeo = 90; # flogin timeout in seconds +my(%filter_pwds); # password filtering mode + # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string,@string)=(@_); @@ -143,7 +145,7 @@ sub ShowVersion { next if /^\s*$/; last if(/^$prompt/); - next if (/^The system /); + next if (/^(The system |Crash time)/); s/^\s*(HW|SW)/$1/; s/^\s*(Compiled on)/SW: $1/; @@ -260,14 +262,15 @@ sub WriteTerm { } } # order tacacs server statements - /^(tacacs-server key )/ && - ProcessHistory("","","","! $1<removed>\n") && next; - /^tacacs-server host (\d+\.\d+\.\d+\.\d+)/ && - ProcessHistory("TAC","ipsort","$1","$_") && next; - + if (/^(tacacs-server key )/ && $filter_pwds >= 1) { + ProcessHistory("","","","! $1<removed>\n"); + next; + } # delete ntp auth password - /^(ntp authentication-key \d+ md5) / && - ProcessHistory("","","","!$1 <removed>\n") && next; + if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 2) { + ProcessHistory("","","","!$1 <removed>\n"); + next; + } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); @@ -281,6 +284,19 @@ sub WriteTerm { /^ip nat (\S+) source static (\S+)/ && ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; + # filter ssh public key + if (/^(crypto key generate (rsa|dsa) public_key)/ && + $filter_pwds >= 2) { + ProcessHistory("","","","!$1 <removed>\n"); + next; + } + # filter ssh private key + if (/^(crypto key generate (rsa|dsa) private_key)/ && + $filter_pwds >= 1) { + ProcessHistory("","","","!$1 <removed>\n"); + next; + } + ProcessHistory("","","","$_"); # end of config if (/^end$/) { @@ -334,6 +350,15 @@ if ($file) { } } +# determine password filtering mode +if ($ENV{"FILTER_PWDS"} =~ /no/i) { + $filter_pwds = 0; +} elsif ($ENV{"FILTER_PWDS"} =~ /all/i) { + $filter_pwds = 2; +} else { + $filter_pwds = 1; +} + ProcessHistory("","","","!RANCID-CONTENT-TYPE: foundry\n!\n"); TOP: while(<INPUT>) { tr/\015//d; @@ -355,7 +380,7 @@ TOP: while(<INPUT>) { } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { - print STDERR "found unexpected command - \"$cmd\"\n"; + print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } @@ -381,12 +406,12 @@ if (defined($ENV{NOPIPE})) { # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { - printf(STDOUT "missed cmd(s): %s\n", join(',', keys(%commands))); - printf(STDERR "missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); + printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); + printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { - print STDOUT "End of run not found\n"; - print STDERR "End of run not found\n" if ($debug); + print STDOUT "$host: End of run not found\n"; + print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); |