From 4d684aecaacc9a59e7e9c0661934aeba0b16efec Mon Sep 17 00:00:00 2001 From: Tar Committer Date: Wed, 30 Mar 2005 07:52:00 +0000 Subject: Imported from rancid-2.3.2a.tar.gz. --- CHANGES | 46 ++++++++ COPYING | 2 +- README | 13 ++- Todo | 2 + bin/alogin.in | 241 +---------------------------------------- bin/cat5rancid.in | 8 +- bin/cssrancid.in | 69 ++++++------ bin/flogin.in | 4 +- bin/hlogin.in | 42 ++++---- bin/hpuifilter.c | 36 +++---- bin/hrancid.in | 4 +- bin/jerancid.in | 6 +- bin/jrancid.in | 87 ++++++++++++++- bin/lgform.cgi.in | 3 +- bin/nlogin.in | 296 ++++++++------------------------------------------- bin/nrancid.in | 17 ++- bin/rancid-run.in | 20 +++- bin/rancid.in | 134 ++++++++++++++++++----- bin/rivlogin.in | 19 +++- etc/Makefile.am | 14 +-- etc/Makefile.in | 12 +-- include/version.h | 2 +- include/version.h.in | 2 +- man/cloginrc.5 | 21 +++- man/rancid.1 | 5 + 25 files changed, 473 insertions(+), 632 deletions(-) diff --git a/CHANGES b/CHANGES index 45a0ee3..91dc4ed 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,49 @@ +2.3.2a + rancid: correct handling of SNMPv3 host configs - Patrick Adlam + + rancid: filter nv_hdr file seen on sup720 - Bill Ouchark + + etc/Makefile.am: support DESTDIR - from Michael Shields + + rancid: add IOX/CRS support. + + hrancid: show stack does not apply to all procurves - Eugene Zagrebelny + + flogin: older foundry o/s has misc spaces preceeding : in username + prompt - from mike ethridge + + A better nlogin & nrancid for NetScreens - help from Stephen Gill + + jerancid: case fluctuates in "active/standby" - from David Gethings + + jerancid: filter "please wait" from config - from David Gethings + + jerancid: filter consecutive periods at top of write term - mark cooper + + jerancid: fix check for slave RE sync in DirSlotN - from Mark Lovely + + rancid: collect 6500's sub-module info from show modules + + jrancid: collect license info & RE Model. Don't collect + the license keys as this is only supported on the jseries + and running 'show system license keys' on other junipers + produces output from *two* commands - 'show system license' + AND 'show system licensekeys'. + + rancid: erroneous space in shared-secret match - from Blaz Zupan + + nrancid: fix missing brace - from David King + + lgform: need strftime from POSIX - from Joao Frade + + rancid: filter multiple-fs file - from Yuval Ben-Ari + + cssrancid: make this parse the collected output properly + + rancid: filter & sort IOS AP username passwords - noted by Stafford Rau + + rancid: parse more variants of 'show diag' output. + 2.3.1 jerancid: fail/retry if the RP is syncing to the backup - Dave Mack diff --git a/COPYING b/COPYING index 888b207..5953364 100644 --- a/COPYING +++ b/COPYING @@ -1,5 +1,5 @@ ## -## Copyright (C) 1997-2004 by Terrapin Communications, Inc. +## Copyright (C) 1997-2005 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed diff --git a/README b/README index 3fd7fe7..c5174a9 100644 --- a/README +++ b/README @@ -212,6 +212,9 @@ Quick Installation Guide (an example): Subscribe by sending an email whose body contains "subscribe rancid-" to majordomo@shrubbery.net. + If you are reporting problems, please include the version of rancid, + expect, and your OS in the email. + Problem with clogin/telnet hanging within rancid or scripts? @@ -231,7 +234,13 @@ Synopsis: SunOS 5.6: /kernel/drv/ip patch Another possibile contributor is expect/tcl. We've noticed that expect 5.24.1 (possibly 5.28.*) and whatever tcl happens to compile with it, seems to not exhibit this problem, while 5.32.* appears to on linux and -solaris but not on netbsd 1.5. See www.shrubbery.net/rancid for additional -notes on this. +solaris but not on netbsd 1.5. + +Also, for rancid 2.3 and later, changes were made to the login scripts +which use some more elaborate regexes that have failed with expect versions +prior to 5.40. While 5.40 works, it still seems to need the patch offered +on the rancid web page. + +See www.shrubbery.net/rancid for additional notes on this. -Hank diff --git a/Todo b/Todo index 8761638..dbf5e17 100644 --- a/Todo +++ b/Todo @@ -1,4 +1,6 @@ - lg.conf(5) needs the query stuff documented. +- subversion support in addition to CVS +- configure OLDTIME per-group - could the cloginrc match function do a longest-match search instead of first match? - look at Andreas Dahl's Brocade switch collection scripts diff --git a/bin/alogin.in b/bin/alogin.in index 8937b95..c0e5c40 100644 --- a/bin/alogin.in +++ b/bin/alogin.in @@ -1,6 +1,6 @@ #! @EXPECT_PATH@ -- -## -## $Id: alogin.in,v 1.23 2004/02/02 17:38:36 heas Exp $ +# +## $Id: alogin.in,v 1.24 2004/12/24 21:00:31 tex Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -27,241 +27,8 @@ # (andrew fort) # -# Usage line -set usage "Usage: $argv0 \[-c command\] \ -\[-Evar=x\] \[-f cloginrc-file\] \ -\[-s script-file\] \[-t timeout\] \[-u username\] \ -\[-v vty-password\] \[-x command-file\] \ -\[-y ssh_cypher_type\] router \[router...\]\n" - -# env(CLOGIN) may contain: -# x == do not set xterm banner or name - -# Password file -set password_file $env(HOME)/.cloginrc -# Default is to login to the router -set do_command 0 -set do_script 0 -# The default is to automatically enable -set avenable 1 -# The default is that you login non-enabled (tacacs can have you login already -# enabled) -set avautoenable 0 -# The default is to look in the password file to find the passwords. This -# tracks if we receive them on the command line. -set do_passwd 1 - -# Find the user in the ENV, or use the unix userid. -if {[ info exists env(CISCO_USER) ] } { - set default_user $env(CISCO_USER) -} elseif {[ info exists env(USER) ]} { - set default_user $env(USER) -} elseif {[ info exists env(LOGNAME) ]} { - set default_user $env(LOGNAME) -} else { - # This uses "id" which I think is portable. At least it has existed - # (without options) on all machines/OSes I've been on recently - - # unlike whoami or id -nu. - if [ catch {exec id} reason ] { - send_error "\nError: could not exec id: $reason\n" - exit 1 - } - regexp {\(([^)]*)} "$reason" junk default_user -} - -# Sometimes routers take awhile to answer (the default is 10 sec) -set timeout 45 - -# Process the command line -for {set i 0} {$i < $argc} {incr i} { - set arg [lindex $argv $i] - - switch -glob -- $arg { - # Username - -u* - - -U* { - if {! [ regexp .\[uU\](.+) $arg ignore user]} { - incr i - set username [ lindex $argv $i ] - } - # VTY Password - } -v* - - -v* { - if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { - incr i - set passwd [ lindex $argv $i ] - } - set do_passwd 0 - # Enable Username - } -w* - - -W* { - # ignore -w - # Environment variable to pass to -s scripts - } -E* - { - if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { - incr i - set E$varname $varvalue - } else { - send_user "\nError: invalid format for -E in $arg\n" - exit 1 - } - # Enable Password - } -e* - { - # ignore -e - # Command to run. - } -c* - - -C* { - if {! [ regexp .\[cC\](.+) $arg ignore command]} { - incr i - set command [ lindex $argv $i ] - } - set do_command 1 - # Expect script to run. - } -s* - - -S* { - if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { - incr i - set sfile [ lindex $argv $i ] - } - if { ! [ file readable $sfile ] } { - send_user "\nError: Can't read $sfile\n" - exit 1 - } - set do_script 1 - # 'ssh -c' cypher type - } -y* - - -Y* { - if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { - incr i - set cypher [ lindex $argv $i ] - } - # alternate cloginrc file - } -f* - - -F* { - if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { - incr i - set password_file [ lindex $argv $i ] - } - # Timeout - } -t* - - -T* { - if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { - incr i - set timeout [ lindex $argv $i ] - } - # Command file - } -x* - - -X { - if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { - incr i - set cmd_file [ lindex $argv $i ] - } - if [ catch {set cmd_fd [open $cmd_file r]} reason ] { - send_user "\nError: $reason\n" - exit 1 - } - set cmd_text [read $cmd_fd] - close $cmd_fd - set command [join [split $cmd_text \n] \;] - set do_command 1 - # Do we enable? - } -noenable { - # ignore -noenable - # Does tacacs automatically enable us? - } -autoenable { - # ignore -autoenable - } -* { - send_user "\nError: Unknown argument! $arg\n" - send_user $usage - exit 1 - } default { - break - } - } -} -# Process routers...no routers listed is an error. -if { $i == $argc } { - send_user "\nError: $usage" -} - -# Only be quiet if we are running a script (it can log its output -# on its own) -if { $do_script } { - log_user 0 -} else { - log_user 1 -} - -# -# Done configuration/variable setting. Now run with it... -# - -# Sets Xterm title if interactive...if its an xterm and the user cares -proc label { host } { - global env - # if CLOGIN has an 'x' in it, don't set the xterm name/banner - if [info exists env(CLOGIN)] { - if {[string first "x" $env(CLOGIN)] != -1} { return } - } - # take host from ENV(TERM) - if [info exists env(TERM)] { - if [regexp \^(xterm|vs) $env(TERM) ignore ] { - send_user "\033]1;[lindex [split $host "."] 0]\a" - send_user "\033]2;$host\a" - } - } -} - -# This is a helper function to make the password file easier to -# maintain. Using this the password file has the form: -# add password sl* pete cow -# add password at* steve -# add password * hanky-pie -proc add {var args} { global int_$var ; lappend int_$var $args} -proc include {args} { - global env - regsub -all "(^{|}$)" $args {} args - if { [ regexp "^/" $args ignore ] == 0 } { - set args $env(HOME)/$args - } - source_password_file $args -} - -proc find {var router} { - upvar int_$var list - if { [info exists list] } { - foreach line $list { - if { [string match [lindex $line 0] $router ] } { - return [lrange $line 1 end] - } - } - } - return {} -} - -# Loads the password file. Note that as this file is tcl, and that -# it is sourced, the user better know what to put in there, as it -# could install more than just password info... I will assume however, -# that a "bad guy" could just as easy put such code in the clogin -# script, so I will leave .cloginrc as just an extention of that script -proc source_password_file { password_file } { - global env - if { ! [file exists $password_file] } { - send_user "\nError: password file ($password_file) does not exist\n" - exit 1 - } - file stat $password_file fileinfo - if { [expr ($fileinfo(mode) & 007)] != 0000 } { - send_user "\nError: $password_file must not be world readable/writable\n" - exit 1 - } - if [ catch {source $password_file} reason ] { - send_user "\nError: $reason\n" - exit 1 - } -} +# alogin: doesn't understand enable. It will just ignore the enable options. +@INCLUDE login.top@ # Log into the router. proc login { router user userpswd passwd prompt cmethod cyphertype } { diff --git a/bin/cat5rancid.in b/bin/cat5rancid.in index f1214a1..174aead 100644 --- a/bin/cat5rancid.in +++ b/bin/cat5rancid.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: cat5rancid.in,v 1.36 2004/01/11 03:49:13 heas Exp $ +## $Id: cat5rancid.in,v 1.37 2005/03/20 22:15:35 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -1003,7 +1003,8 @@ sub DoNothing {print STDOUT;} 'show module' => "ShowModule", 'show port ifindex' => "ShowPortIfindex", 'write term all' => "WriteTerm", - 'write term' => "WriteTerm" + 'write term' => "WriteTerm", + 'show running-config' => "WriteTerm" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita @@ -1019,7 +1020,8 @@ sub DoNothing {print STDOUT;} "show module", "show port ifindex", "write term all", - "write term" + "write term", + "show running-config" ); $cisco_cmds=join(";",@commands); $cmds_regexp=join("|",@commands); diff --git a/bin/cssrancid.in b/bin/cssrancid.in index 27049df..b737a4d 100644 --- a/bin/cssrancid.in +++ b/bin/cssrancid.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: cssrancid.in,v 1.4 2004/01/11 03:49:13 heas Exp $ +## $Id: cssrancid.in,v 1.5 2004/08/02 15:56:27 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -141,7 +141,6 @@ sub ShowVersion { while () { tr/\015//d; - study; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); @@ -254,6 +253,8 @@ sub ShowVersion { sub TermLength { # Dummy subroutine.. need to set term length differently for CSS # boxes as term length 0 doesnt work correctly. POS. + print STDERR " In TermLength: $_" if ($debug); + $_ = ; return(0); } @@ -264,6 +265,8 @@ sub CopyProfile { ## of couse breaks the interaction... strangely enough tho ## in a failover environment, only the secondary behaves this ## way.. the primary lets you log out and does not complain. + print STDERR " In CopyProfile: $_" if ($debug); + $_ = ; return(0); } @@ -283,6 +286,7 @@ sub ShowBoot { return(1) if /Ambiguous command/i; # return(1) if /(Invalid input detected|Type help or )/; return(1) if /(Open device \S+ failed|Error opening \S+:)/; + next if (/\*\* BOOT CONFIG /); next if /CONFGEN variable/; if (!defined($H0)) { $H0=1; ProcessHistory("COMMENTS","keysort","H0","!\n"); @@ -305,17 +309,18 @@ sub ShowBoot { # This routine processes a "show run" sub ShowRun { print STDERR " In ShowRun: $_" if ($debug); - my($lineauto) = 0; + my($lines) = 0; while () { tr/\015//d; - study; - last if(/^$prompt/); + if(/^$prompt/) { + $found_end = 1 if ($lines > 4); + return(1); + } return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked - $lineauto = 0 if (/^[^ ]/); # skip the crap if (/^(##+$|(Building|Current) configuration)/i) { while () { @@ -335,14 +340,14 @@ sub ShowRun { /^! (Last configuration|NVRAM config last)/ && next; ## CSS specific.... /Generated on/ && next; + $lines++; # Dog gone Cool matches to process the rest of the config /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines - $lineauto = 1 if /^ modem auto/; - /^ speed / && $lineauto && next; # kill speed on serial lines + /^ speed / && next; # kill speed on serial lines /^ clockrate / && next; # kill clockrate on serial interfaces if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","","!$1$2 \n"); @@ -360,11 +365,9 @@ sub ShowRun { } next; } - if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { - if ($filter_pwds == 2) { - ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); - } elsif ($filter_pwds == 1 && $4 ne "5"){ - ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); + if (/\s*username (\S+)(\s.*)? (des-password|password) (\S+|\S+)/) { + if ($filter_pwds >= 1) { + ProcessHistory("USER","keysort","$1","! username $1$2 $3 $'\n"); } else { ProcessHistory("USER","keysort","$1","$_"); } @@ -537,11 +540,6 @@ sub ShowRun { # catch anything that wasnt matched above. ProcessHistory("","","","$_"); - # end of config. the ": " game is for the PIX - if (/^(: +)?end$/ || /CSS.*#/ || /$prompt/ ) { - $found_end = 1; - return(1); - } } return(0); } @@ -599,11 +597,12 @@ if ($ENV{"FILTER_PWDS"} =~ /no/i) { } ProcessHistory("","","","!RANCID-CONTENT-TYPE: cisco-css\n!\n"); -ProcessHistory("COMMENTS","keysort","B0","!\n"); -ProcessHistory("COMMENTS","keysort","F0","!\n"); -ProcessHistory("COMMENTS","keysort","G0","!\n"); +#ProcessHistory("COMMENTS","keysort","B0","!\n"); +#ProcessHistory("COMMENTS","keysort","F0","!\n"); +#ProcessHistory("COMMENTS","keysort","G0","!\n"); TOP: while() { +NEXT: tr/\015//d; if (/\#\s?exit/) { $clean_run=1; @@ -615,23 +614,27 @@ TOP: while() { $clean_run=0; last; } - while (/#\s*($cmds_regexp)\s*$/) { + if (/#\s*($cmds_regexp)\s*$/) { $cmd = $1; - if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; } + if (!defined($prompt)) { + $prompt = ($_ =~ /^([^#]+#)/)[0]; + $prompt =~ s/([][}{)(\\])/\\$1/g; + print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); + } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; - # $clean_run = 0; - # last TOP; - next TOP; - } else { - $rval = &{$commands{$cmd}}; - delete($commands{$cmd}); - if ($rval == -1) { - $clean_run = 0; - last TOP; - } + $clean_run = 0; + last TOP; + } + $rval = &{$commands{$cmd}}; + delete($commands{$cmd}); + if ($rval == -1) { + $clean_run = 0; + last TOP; } + # the function may have read the next prompt/cmd line + goto NEXT; } } print STDOUT "Done $logincmd: $_\n" if ($log); diff --git a/bin/flogin.in b/bin/flogin.in index 35af3cd..fd4cf93 100644 --- a/bin/flogin.in +++ b/bin/flogin.in @@ -1,6 +1,6 @@ #! @EXPECT_PATH@ -- ## -## $Id: flogin.in,v 1.33 2004/02/02 17:38:36 heas Exp $ +## $Id: flogin.in,v 1.34 2004/10/27 21:33:08 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -585,7 +585,7 @@ foreach router [lrange $argv $i end] { # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { - set u_prompt "(Username|login|Name|User Name):" + set u_prompt "(Username|login|Name|User Name) *:" } else { set u_prompt [join [lindex $u_prompt 0] ""] } diff --git a/bin/hlogin.in b/bin/hlogin.in index 3bf12de..2e3636d 100644 --- a/bin/hlogin.in +++ b/bin/hlogin.in @@ -1,6 +1,6 @@ #! @EXPECT_PATH@ -- ## -## $Id: hlogin.in,v 1.23 2004/04/09 00:06:44 heas Exp $ +## $Id: hlogin.in,v 1.24 2004/10/14 17:53:57 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -181,8 +181,8 @@ for {set i 0} {$i < $argc} {incr i} { } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" - exit 1 - } + exit 1 + } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] @@ -244,25 +244,25 @@ proc label { host } { # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { - global env - regsub -all "(^{|}$)" $args {} args + global env + regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args - } + } source_password_file $args -} - +} + proc find {var router} { - upvar int_$var list + upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] - } - } - } - return {} -} + } + } + } + return {} +} # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it @@ -308,7 +308,7 @@ proc login { router user userpswd passwd enapasswd cmethod cyphertype } { } } elseif [string match "ssh*" $prog] { if {"$port" == ""} { - set retval [ catch {spawn hpuifilter -- '$sshcmd -c $cyphertype -x -l $user' $router} reason ] + set retval [ catch {spawn hpuifilter -- $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn hpuifilter -- $sshcmd -c $cyphertype -p $port -x -l $user $router} reason ] } @@ -655,9 +655,9 @@ foreach router [lrange $argv $i end] { set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } - # Figure out the SSH executable name - set sshcmd [find sshcmd $router] - if { "$sshcmd" == "" } { set sshcmd {ssh} } + # Figure out the SSH executable name + set sshcmd [find sshcmd $router] + if { "$sshcmd" == "" } { set sshcmd {ssh} } # Adjust our path to find hpuifilter regexp {(.*)/[^/]+} $argv0 junk hpf_path @@ -678,11 +678,11 @@ foreach router [lrange $argv $i end] { } } # we are logged in, now figure out the full prompt - send "\r" - expect { + send "\r" + expect { -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set prompt $expect_out(0,string); } - } + } if { $do_command } { if {[run_commands $prompt $command]} { diff --git a/bin/hpuifilter.c b/bin/hpuifilter.c index 8f7005a..cc94fec 100644 --- a/bin/hpuifilter.c +++ b/bin/hpuifilter.c @@ -1,5 +1,5 @@ /* - * $Id: hpuifilter.c,v 1.17 2004/01/11 03:49:13 heas Exp $ + * $Id: hpuifilter.c,v 1.20 2005/03/30 07:27:15 heas Exp $ * * Copyright (C) 1997-2004 by Terrapin Communications, Inc. * All rights reserved. @@ -25,8 +25,8 @@ #define DFLT_TO 60 /* default timeout */ -#include -#include +#include "config.h" +#include "version.h" #include #include @@ -37,6 +37,8 @@ #include +#define BUFSZ (LINE_MAX * 2) + char *progname; int debug = 0; @@ -51,9 +53,9 @@ main(int argc, char **argv) extern char *optarg; extern int optind; char ch, - hbuf[LINE_MAX * 2], /* hlogin buffer */ + hbuf[BUFSZ], /* hlogin buffer */ *hbufp, - tbuf[LINE_MAX * 2], /* telnet buffer */ + tbuf[BUFSZ], /* telnet/ssh buffer */ *tbufp; int bytes, /* bytes read/written */ child, @@ -99,7 +101,7 @@ main(int argc, char **argv) signal(SIGINT, (void *) reapchild); signal(SIGTERM, (void *) reapchild); - /* create 2 pipes for send/recv and then fork and exec telnet */ + /* create 2 pipes for send/recv and then fork and exec telnet/ssh */ for (child = 3; child < 10; child++) close(child); if (pipe(s) || pipe(r)) { @@ -137,8 +139,8 @@ main(int argc, char **argv) } /* zero the buffers */ - bzero(hbuf, LINE_MAX * 2); - bzero(tbuf, LINE_MAX * 2); + bzero(hbuf, BUFSZ); + bzero(tbuf, BUFSZ); if (child == 0) { /* close the parent's side of the pipes; we write r[1], read s[0] */ @@ -152,7 +154,7 @@ main(int argc, char **argv) } close(s[0]); close(r[1]); - /* exec telnet */ + /* exec telnet/ssh */ if (execvp(argv[optind], argv + optind)) { fprintf(stderr, "%s: execlp() failed: %s\n", progname, strerror(errno)); @@ -196,7 +198,7 @@ main(int argc, char **argv) switch (select(r[1], &rfds, &wfds, NULL, &to)) { case 0: /* timeout */ - /* HEAS: what do i do here? */ + /* XXX what do i do here? */ break; case -1: switch (errno) { @@ -241,9 +243,8 @@ main(int argc, char **argv) } if (FD_ISSET(0, &rfds)) { /* read stdin into hbuf */ - if (LINE_MAX * 2 - hlen > 1) { - hlen += read(0, hbuf + hlen, - (LINE_MAX * 2 - 1) - hlen); + if (BUFSZ - hlen > 1) { + hlen += read(0, hbuf + hlen, (BUFSZ - 1) - hlen); if (hlen > 0) { hbuf[hlen] = '\0'; } else if (hlen == 0 || errno != EAGAIN) @@ -253,10 +254,9 @@ main(int argc, char **argv) hlen = strlen(hbuf); } } else if (FD_ISSET(r[0], &rfds)) { - /* read telnet into tbuf, then filter */ - if (LINE_MAX * 2 - tlen > 1) { - tlen += read(r[0], tbuf + tlen, - (LINE_MAX * 2 - 1) - tlen); + /* read telnet/ssh into tbuf, then filter */ + if (BUFSZ - tlen > 1) { + tlen += read(r[0], tbuf + tlen, (BUFSZ - 1) - tlen); if (tlen > 0) { tbuf[tlen] = '\0'; tlen = filter(tbuf, tlen); @@ -372,7 +372,7 @@ reapchild(void) int status; pid_t pid; - /* HEAS: this needs to deal with/without wait3 via HAVE_WAIT3 */ + /* XXX this needs to deal with/without wait3 via HAVE_WAIT3 */ while ((pid = wait3(&status, WNOHANG, 0)) > 0) if (debug) fprintf(stderr, "reap child %d\n", pid); diff --git a/bin/hrancid.in b/bin/hrancid.in index fa048ce..d53cad0 100644 --- a/bin/hrancid.in +++ b/bin/hrancid.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: hrancid.in,v 1.17 2004/01/11 03:49:13 heas Exp $ +## $Id: hrancid.in,v 1.18 2005/01/27 00:01:10 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -230,7 +230,7 @@ sub ShowStack { last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); - return(-1) if /^(Invalid|Ambiguous) input:/i; + return(1) if /^(Invalid|Ambiguous) input:/i; s/stacking - (Stacking Status).*/$1/i; s/\s*members unreachable .*$//i; diff --git a/bin/jerancid.in b/bin/jerancid.in index 50da62b..4d51964 100644 --- a/bin/jerancid.in +++ b/bin/jerancid.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: jerancid.in,v 1.26 2004/06/04 18:07:37 heas Exp $ +## $Id: jerancid.in,v 1.30 2004/10/15 21:20:49 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -263,7 +263,7 @@ sub DirSlotN { next if (/^Please wait/i); next if (/^system\.log/); # fail if the RP is amid the auto-sync process - return(-1) if (/active\/standby/ && !/not sync/); + return(-1) if (/active\/standby/i && /not sync/); ProcessHistory("FLASH","","","!Flash: $_"); } @@ -307,6 +307,8 @@ sub WriteTerm { # skip the crap /^! Configuration script /i && next; /^! Copyright /i && next; + /^Please wait/i && next; + /^(\.+)$/ && next; # Skip variable length pausing dot lines # Dog gone Cool matches to process the rest of the config /^ntp clock-period / && next; # kill ntp clock-period diff --git a/bin/jrancid.in b/bin/jrancid.in index b05feb8..8432671 100644 --- a/bin/jrancid.in +++ b/bin/jrancid.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: jrancid.in,v 1.61 2004/06/05 04:02:08 asp Exp $ +## $Id: jrancid.in,v 1.63 2004/12/08 00:31:46 asp Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -186,6 +186,7 @@ sub ShowChassisEnvironment { /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + / backplane temperature/ && next; /(\s*Power supply.*), temperature/ && ProcessHistory("","","","# $1\n") && next; @@ -216,6 +217,7 @@ sub ShowChassisFirmware { /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + ProcessHistory("","","","# $_"); } return; @@ -239,6 +241,7 @@ sub ShowChassisFpcDetail { /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + / Temperature/ && next; / Start time/ && next; / Uptime/ && next; @@ -265,6 +268,7 @@ sub ShowChassisHardware { /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + ProcessHistory("","","","# $_"); } return; @@ -289,11 +293,13 @@ sub ShowChassisRoutingEngine { /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + /^Routing Engine status:/ && ProcessHistory("","","","# $_") && next; / Slot / && ProcessHistory("","","","# $_") && next; / Current state/ && ProcessHistory("","","","# $_") && next; / Election priority/ && ProcessHistory("","","","# $_") && next; / DRAM/ && ProcessHistory("","","","# $_") && next; + / Model/ && ProcessHistory("","","","# $_") && next; / Serial ID/ && ProcessHistory("","","","# $_") && next; /^\s*$/ && ProcessHistory("","","","# $_") && next; } @@ -321,6 +327,7 @@ sub ShowChassisSCB { /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + / Temperature/ && next; / temperature/ && next; / utilization/ && next; @@ -334,7 +341,7 @@ sub ShowChassisSCB { return; } -# This routine parses "show system boot-messages" +# This routine parses "show chassis alarms" sub ShowChassisAlarms { print STDERR " In ShowChassisAlarms: $_" if ($debug); @@ -347,8 +354,76 @@ sub ShowChassisAlarms { next if(/^\{(master|backup)}/); /Unrecognized command/ && return; + /command is not valid/ && return; + /^\s+\^/ && return; + /syntax error/ && return; + + ProcessHistory("","","","# $_"); + } + return; +} + +# This routine parses "show system autoinstallation status" +sub ShowSystemAutoinstall { + print STDERR " In ShowSystemAutoinstall: $_" if ($debug); + + s/^[a-z]+@//; + ProcessHistory("","","","# $_"); + while () { + tr/\015//d; + last if(/^$prompt/); + next if(/^system (shutdown message from|going down )/i); + next if(/^\{(master|backup)}/); + + /Unrecognized command/ && return; + /command is not valid/ && return; + /^\s+\^/ && return; + /syntax error/ && return; + + ProcessHistory("","","","# $_"); + } + return; +} + +# This routine parses "show system license" +sub ShowSystemLicense { + print STDERR " In ShowSystemLicense: $_" if ($debug); + + s/^[a-z]+@//; + ProcessHistory("","","","# $_"); + while () { + tr/\015//d; + last if(/^$prompt/); + next if(/^system (shutdown message from|going down )/i); + next if(/^\{(master|backup)}/); + + /Unrecognized command/ && return; + /command is not valid/ && return; + /^\s+\^/ && return; + /syntax error/ && return; + + ProcessHistory("","","","# $_"); + } + return; +} + +# This routine parses "show system license keys" +sub ShowSystemLicenseKeys { + print STDERR " In ShowSystemLicenseKeys: $_" if ($debug); + + s/^[a-z]+@//; + ProcessHistory("","","","# $_"); + while () { + tr/\015//d; + last if(/^$prompt/); + next if(/^system (shutdown message from|going down )/i); + next if(/^\{(master|backup)}/); + + /Unrecognized command/ && return; + /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + ProcessHistory("","","","# $_"); } return; @@ -367,8 +442,10 @@ sub ShowSystemBootMessages { next if(/^\{(master|backup)}/); /Unrecognized command/ && return; + /command is not valid/ && return; /^\s+\^/ && return; /syntax error/ && return; + /^JUNOS / && && next; /^Timecounter "TSC" / && next; /^real memory / && next; @@ -495,6 +572,9 @@ sub DoNothing {print STDOUT;} "show chassis feb" => "ShowChassisSCB", "show chassis cfeb" => "ShowChassisSCB", "show chassis alarms" => "ShowChassisAlarms", +# "show system autoinstallation status" => "ShowSystemAutoinstall", + "show system license" => "ShowSystemLicense", +# "show system license keys" => "ShowSystemLicenseKeys", "show system boot-messages" => "ShowSystemBootMessages", "show version detail" => "ShowVersion", "show configuration" => "ShowConfiguration" @@ -512,6 +592,9 @@ sub DoNothing {print STDOUT;} "show chassis feb", "show chassis cfeb", "show chassis alarms", +# "show system autoinstallation status", + "show system license", +# "show system license keys", "show system boot-messages", "show version detail", "show configuration" diff --git a/bin/lgform.cgi.in b/bin/lgform.cgi.in index f680a13..5270e3a 100644 --- a/bin/lgform.cgi.in +++ b/bin/lgform.cgi.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: lgform.cgi.in,v 1.28 2004/03/10 22:41:54 heas Exp $ +## $Id: lgform.cgi.in,v 1.29 2004/09/03 18:41:25 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -32,6 +32,7 @@ BEGIN { } use CGI qw/:standard/; +use POSIX qw(strftime); use Sys::Syslog; my(@rtrlist, %rtrlabels); diff --git a/bin/nlogin.in b/bin/nlogin.in index 756fbef..9754367 100644 --- a/bin/nlogin.in +++ b/bin/nlogin.in @@ -1,6 +1,6 @@ #! @EXPECT_PATH@ -- ## -## $Id: nlogin.in,v 1.17 2004/05/21 19:28:49 heas Exp $ +## $Id: nlogin.in,v 1.20 2004/12/24 21:00:32 tex Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -20,231 +20,22 @@ ## # # The login expect scripts were based on Erik Sherk's gwtn, by permission. +# Netscreen hacks implemented by Stephen Gill . # # nlogin - netscreen login # # Most options are intuitive for logging into a netscreen firewall. # +# Misc notes +# netscreen does not have the concept of "enable", once logged in, a +# users permissions can not change. -# Usage line -set usage "Usage: $argv0 \[-c command\] \[-Evar=x\] \[-f cloginrc-file\] -\[-s script-file\] \[-t timeout\] \[-u user\] \ -\[-p user-password\] \[-y ssh_cypher_type\] firewall \[firewall...\]\n" -# env(CLOGIN) may contain: -# x == do not set xterm banner or name - -# Password file -set password_file $env(HOME)/.cloginrc -# Default is to login to the firewall -set do_command 0 -set do_script 0 -# The default is to automatically enable -set avenable 0 -# The default is that you login non-enabled (tacacs can have you login already -# enabled) -set avautoenable 1 -# The default is to look in the password file to find the passwords. This -# tracks if we receive them on the command line. -set do_passwd 1 -set do_enapasswd 1 - -# Find the user in the ENV, or use the unix userid. -if {[ info exists env(CISCO_USER) ] } { - set default_user $env(CISCO_USER) -} elseif {[ info exists env(USER) ]} { - set default_user $env(USER) -} elseif {[ info exists env(LOGNAME) ]} { - set default_user $env(LOGNAME) -} else { - # This uses "id" which I think is portable. At least it has existed - # (without options) on all machines/OSes I've been on recently - - # unlike whoami or id -nu. - if [ catch {exec id} reason ] { - send_error "\nError: could not exec id: $reason\n" - exit 1 - } - regexp {\(([^)]*)} "$reason" junk default_user -} - -# Sometimes firewall take awhile to answer (the default is 10 sec) -set timeout 45 - -# Process the command line -for {set i 0} {$i < $argc} {incr i} { - set arg [lindex $argv $i] - - switch -glob -- $arg { - # Username - -u* - - -U* { - if {! [ regexp .\[uU\](.+) $arg ignore user]} { - incr i - set username [ lindex $argv $i ] - } - # VTY Password - } -p* - - -P* { - if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { - incr i - set userpasswd [ lindex $argv $i ] - } - set do_passwd 0 - # Environment variable to pass to -s scripts - } -E* - { - if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { - set E$varname $varvalue - } else { - send_user "\nError: invalid format for -E in $arg\n" - exit 1 - } - # Command to run. - } -c* - - -C* { - if {! [ regexp .\[cC\](.+) $arg ignore command]} { - incr i - set command [ lindex $argv $i ] - } - set do_command 1 - # Expect script to run. - } -s* - - -S* { - if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { - incr i - set sfile [ lindex $argv $i ] - } - if { ! [ file readable $sfile ] } { - send_user "\nError: Can't read $sfile\n" - exit 1 - } - set do_script 1 - # cypher type - } -y* - - -Y* { - if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { - incr i - set cypher [ lindex $argv $i ] - } - # alternate cloginrc file - } -f* - - -F* { - if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { - incr i - set password_file [ lindex $argv $i ] - } - } -t* - - -T* { - incr i - set timeout [ lindex $argv $i ] - } -x* - - -X { - if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { - incr i - set cmd_file [ lindex $argv $i ] - } - if [ catch {set cmd_fd [open $cmd_file r]} reason ] { - send_user "\nError: $reason\n" - exit 1 - } - set cmd_text [read $cmd_fd] - close $cmd_fd - set command [join [split $cmd_text \n] \;] - set do_command 1 - # Does tacacs automatically enable us? - } -autoenable { - # ignore autoenable - #set avautoenable 1 - } -* { - send_user "\nError: Unknown argument! $arg\n" - send_user $usage - exit 1 - } default { - break - } - } -} -# Process firewalls...no firewalls listed is an error. -if { $i == $argc } { - send_user "\nError: $usage" -} - -# Only be quiet if we are running a script (it can log its output -# on its own) -if { $do_script } { - log_user 0 -} else { - log_user 1 -} - -# -# Done configuration/variable setting. Now run with it... -# - -# Sets Xterm title if interactive...if its an xterm and the user cares -proc label { host } { - global env - # if CLOGIN has an 'x' in it, don't set the xterm name/banner - if [info exists env(CLOGIN)] { - if {[string first "x" $env(CLOGIN)] != -1} { return } - } - # take host from ENV(TERM) - if [info exists env(TERM)] { - if [regexp \^(xterm|vs) $env(TERM) ignore ] { - send_user "\033]1;[lindex [split $host "."] 0]\a" - send_user "\033]2;$host\a" - } - } -} - -# This is a helper function to make the password file easier to -# maintain. Using this the password file has the form: -# add password sl* pete cow -# add password at* steve -# add password * hanky-pie -proc add {var args} { global int_$var ; lappend int_$var $args} -proc include {args} { - global env - regsub -all "(^{|}$)" $args {} args - if { [ regexp "^/" $args ignore ] == 0 } { - set args $env(HOME)/$args - } - source_password_file $args -} - -proc find {var firewall} { - upvar int_$var list - if { [info exists list] } { - foreach line $list { - if { [string match [lindex $line 0] $firewall ] } { - return [lrange $line 1 end] - } - } - } - return {} -} - -# Loads the password file. Note that as this file is tcl, and that -# it is sourced, the user better know what to put in there, as it -# could install more than just password info... I will assume however, -# that a "bad guy" could just as easy put such code in the clogin -# script, so I will leave .cloginrc as just an extention of that script -proc source_password_file { password_file } { - global env - if { ! [file exists $password_file] } { - send_user "\nError: password file ($password_file) does not exist\n" - exit 1 - } - file stat $password_file fileinfo - if { [expr ($fileinfo(mode) & 007)] != 0000 } { - send_user "\nError: $password_file must not be world readable/writable\n" - exit 1 - } - if [ catch {source $password_file} reason ] { - send_user "\nError: $reason\n" - exit 1 - } -} +@INCLUDE login.top@ +# Enable password isn't understood but is used in script. +# enable settings mostly ignored, but set this: +set do_enapasswd 0 +# just in case # Log into the firewall. proc login { firewall user userpswd passwd enapasswd prompt cmethod @@ -347,7 +138,7 @@ cyphertype } { catch {close}; wait; return 1 } " ### Login failed" {send_user "\nError: Check your passwd for $firewall\n"; return 1 } - -re "(login:)" { + -re "(login:)" { sleep 1; send "$user\r" set uprompt_seen 1 @@ -368,7 +159,7 @@ cyphertype } { } exp_continue } - "$prompt" { break; } + -- "$prompt" { break; } } } set in_proc 0 @@ -381,7 +172,7 @@ proc run_commands { prompt command } { set in_proc 1 send "set console page 0\r" - expect $prompt {} + expect -re $prompt {} # Is this a multi-command? if [ string match "*\;*" "$command" ] { @@ -391,26 +182,38 @@ proc run_commands { prompt command } { for {set i 0} {$i < $num_commands} { incr i} { send "[subst [lindex $commands $i]]\r" expect { - -re "$prompt" {} + -re "\[\n\r]+" { exp_continue } + -re "$prompt" {} + -gl "--- more ---" { + send " " + exp_continue + } } } } else { send "[subst $command]\r" expect { - -re "$prompt" {} + -re "\[\n\r]+" { exp_continue } + -re "$prompt" {} + -gl "--- more ---" { + send " " + exp_continue + } } } send "exit\r" expect { - "\n" { exp_continue } - -re "$prompt" { - send "exit\r" - exp_continue } - -re "Configuration modified, save?" { - send "n\r" - exp_continue } - timeout { return 0 } - eof { return 0 } + -re "$prompt" { + send "exit\r" + exp_continue + } + -re "\[\n\r]+" { exp_continue } + -gl "Configuration modified, save?" { + send "n\r" + exp_continue + } + timeout { return 0 } + eof { return 0 } } set in_proc 0 } @@ -424,7 +227,7 @@ foreach firewall [lrange $argv $i end] { set firewall [string tolower $firewall] send_user "$firewall\n" - set prompt ">" + set prompt {-> } # Figure out passwords if { $do_passwd || $do_enapasswd } { @@ -455,14 +258,6 @@ foreach firewall [lrange $argv $i end] { if { "$userpswd" == "" } { set userpswd $passwd } } - # Figure out enable username - if {[info exists enausername]} { - # command line enausername - set enauser $enausername - } else { - set enauser [join [find enauser $firewall] ""] - if { "$enauser" == "" } { set enauser $ruser } - } # Figure out cypher type if {[info exists cypher]} { @@ -485,20 +280,15 @@ foreach firewall [lrange $argv $i end] { if {[login $firewall $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { continue } - if { $enable } { - if {[do_enable $enauser $enapasswd]} { - if { $do_command || $do_script } { - close; wait - continue - } - } - } + # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } - -re "^.+$prompt" { set junk $expect_out(0,string); - regsub -all "\[\]\(\)\[]" $junk {\\&} prompt; + -re "^(.+$prompt)" { set junk $expect_out(0,string); + # if it has HA (high avail), the prompt will + # be "something-(.)->" + regsub -all "\[\]\)\(\[]" $junk {\\&} prompt; } } @@ -508,7 +298,7 @@ foreach firewall [lrange $argv $i end] { } } elseif { $do_script } { send "set console page 0\r" - expect $prompt {} + expect -re $prompt {} source $sfile close } else { diff --git a/bin/nrancid.in b/bin/nrancid.in index 9b965a2..3f2b224 100644 --- a/bin/nrancid.in +++ b/bin/nrancid.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: nrancid.in,v 1.13 2004/01/11 03:49:13 heas Exp $ +## $Id: nrancid.in,v 1.17 2004/10/15 08:56:01 afort Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -147,6 +147,8 @@ sub GetSystem { tr/\015//d; next if /^\s*$/; last if(/$prompt/); + # throw away the pager lines + next if /^--- more ---/; /^Serial Number: (\d+), Control Number: \d+$/ && ProcessHistory("SYSTEM","","", "!SN: $1\n") && next; @@ -182,7 +184,10 @@ sub GetConf { while () { tr/\015//d; next if /^\s*$/; + next if /^Total Config.+$/i; last if(/$prompt/); + # throw away the pager lines + next if /^--- more ---/; if (/^set admin name "(\S+)"$/ && $filter_pwds >= 1) { ProcessHistory("ADMIN","","","!set admin name \n"); @@ -197,6 +202,7 @@ sub GetConf { ProcessHistory("ADMIN","","", "!set admin user $1 password privilege $3\n"); next; + } ProcessHistory("","","","$_"); } $found_end=1; @@ -242,11 +248,11 @@ if ($file) { # determine password filtering mode if ($ENV{"FILTER_PWDS"} =~ /no/i) { - $filter_pwds = 0; + $filter_pwds = 0; } elsif ($ENV{"FILTER_PWDS"} =~ /all/i) { - $filter_pwds = 2; + $filter_pwds = 2; } else { - $filter_pwds = 1; + $filter_pwds = 1; } ProcessHistory("","","","!RANCID-CONTENT-TYPE: netscreen\n!\n"); @@ -260,7 +266,8 @@ TOP: while() { while (/>\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { - $prompt = "\-\>\s*"; + $prompt = ($_ =~ /^([^>]+->)/)[0]; + $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); diff --git a/bin/rancid-run.in b/bin/rancid-run.in index b09d8a0..02093bc 100644 --- a/bin/rancid-run.in +++ b/bin/rancid-run.in @@ -1,6 +1,6 @@ #! /bin/sh ## -## $Id: rancid-run.in,v 1.30 2004/03/12 23:17:28 heas Exp $ +## $Id: rancid-run.in,v 1.31 2004/12/24 00:55:26 tex Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -23,10 +23,9 @@ # @sysconfdir@/rancid.conf or those specified on the command-line. # +# Default ENVFILE, overrideable with -f flag. ENVFILE="@sysconfdir@/rancid.conf" -. $ENVFILE - TMPDIR=${TMPDIR:=/tmp}; export TMPDIR # control_rancid argv @@ -34,7 +33,7 @@ CR_ARGV=""; export CR_ARGV # print a usage message to stderr pr_usage() { - echo "usage: $0 [-r device_name] [-m mail rcpt] [group [group ...]]" >&2; + echo "usage: $0 [-f config_file] [-r device_name] [-m mail rcpt] [group [group ...]]" >&2; } # command-line options @@ -43,6 +42,16 @@ if [ $# -ge 1 ] ; then while [ 1 ] ; do case $1 in + -f) + shift + # next arg is the device name + ENVFILE="$1" + if [ -z $ENVFILE ]; then + pr_usage + exit 1 + fi + shift + ;; -r) shift # next arg is the device name @@ -74,6 +83,9 @@ if [ $# -ge 1 ] ; then done fi +. $ENVFILE + + if [ $# -ge 1 ] ; then LIST_OF_GROUPS="$*"; export LIST_OF_GROUPS elif [ "$LIST_OF_GROUPS" = "" ] ; then diff --git a/bin/rancid.in b/bin/rancid.in index 77d7d17..0841594 100644 --- a/bin/rancid.in +++ b/bin/rancid.in @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: rancid.in,v 1.174 2004/05/27 22:08:28 heas Exp $ +## $Id: rancid.in,v 1.185 2005/03/29 23:38:41 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -31,6 +31,9 @@ $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; +$found_version = 0; +$found_env = 0; +$found_diag = 0; $timeo = 90; # clogin timeout in seconds my(%filter_pwds); # password filtering mode @@ -142,9 +145,11 @@ sub ShowVersion { while () { tr/\015//d; - last if(/^$prompt/); + if (/^$prompt/) { $found_version=1; last}; next if(/^(\s*|\s*$cmd\s*)$/); + return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); + return(0) if ($found_version); # Only do this routine once # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^Slave in slot (\d+) is running/) { @@ -423,10 +428,12 @@ sub ShowEnv { while () { tr/\015//d; - last if (/^$prompt/); + if (/^$prompt/) { $found_env=1; last}; next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7/); + return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); + return(0) if ($found_env); # Only do this routine once # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (!defined($E0)) { @@ -531,10 +538,10 @@ sub ShowBoot { last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; - return(-1) if (/command authorization failed/i); - return(1) if /Ambiguous command/i; return(1) if /(Invalid input detected|Type help or )/; + return(1) if /Ambiguous command/i; return(1) if /(Open device \S+ failed|Error opening \S+:)/; + return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; next if /CONFGEN variable/; @@ -566,12 +573,12 @@ sub ShowFlash { last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if ($type =~ /^(12[40]|7)/); - return(-1) if (/command authorization failed/i); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; + return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; - /\s+vlan\.dat$/ && next; + /\s+(multiple-fs|nv_hdr|vlan\.dat)$/ && next; ProcessHistory("FLASH","","","!Flash: $_"); } ProcessHistory("","","","!\n"); @@ -724,6 +731,7 @@ sub ShowDiagbus { last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7[05]/); + return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; @@ -808,11 +816,13 @@ sub ShowDiag { print STDERR " In ShowDiag: $_" if ($debug); while () { - tr/\015//d; - last if (/^$prompt/); +REDUX: tr/\015//d; + if (/^$prompt/) { $found_diag=1; last}; next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type !~ /^(12[40]|720|36|26)/); + return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); + return(0) if ($found_diag); # Only do this routine once /^$/ && next; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; @@ -824,8 +834,28 @@ sub ShowDiag { ProcessHistory("SLOT","keysort","A","!Slot $slot: $3\n"); next; } + if (/^\s*NODE\s+(\S+) : (.*)/) { + $slot = $1; + ProcessHistory("SLOT","","","!\n"); + ProcessHistory("SLOT","keysort","A","!Slot $slot: $2\n"); + next; + } + if (/^\s*RACK\s+(\S+) : (.*)/) { + $slot = "Rack/" . $1; + ProcessHistory("SLOT","","","!\n"); + ProcessHistory("SLOT","keysort","A","!Slot $slot: $2\n"); + next; + } if (/^\s+MAIN:\s* type \d+,\s+(.*)/) { - ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $1\n"); + local($part) = $1; + $_ = ; + if (/^\s+(HW version|Design Release) (\S+)\s+S\/N (\S+)/i) { + ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $part, serial $3\n"); + ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: hvers $2\n"); + } else { + ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $part\n"); + goto REDUX; + } next; } if (/^c3700\s+(io-board|mid-plane)/i) { @@ -844,9 +874,13 @@ sub ShowDiag { if (/^\s+PCA:\s+(.*)/) { local($part) = $1; $_ = ; - /^\s+(HW version|design release) (\S+)\s+S\/N (\S+)/i && - ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part, serial $3\n") && + if (/^\s+(HW version|design release) (\S+)\s+S\/N (\S+)/i) { + ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part, serial $3\n"); ProcessHistory("SLOT","keysort","C2","!Slot $slot/PCA: hvers $2\n"); + } else { + ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part\n"); + goto REDUX; + } next; } if (/^\s+MBUS: .*\)\s+(.*)/) { @@ -861,10 +895,22 @@ sub ShowDiag { ProcessHistory("SLOT","keysort","MB3","!Slot $slot/MBUS: software $1\n"); next; } + if (/^\s+PLD: (.*)/) { + ProcessHistory("SLOT","keysort","P","!Slot $slot/PLD: $1\n"); + next; + } + if (/^\s+MONLIB: (.*)/) { + ProcessHistory("SLOT","keysort","Q","!Slot $slot/MONLIB: $1\n"); + next; + } if (/^\s+ROM Monitor version (.*)/) { ProcessHistory("SLOT","keysort","R","!Slot $slot/ROM Monitor: version $1\n"); next; } + if (/^\s+ROMMON: Version (.*)/) { + ProcessHistory("SLOT","keysort","R","!Slot $slot/ROMMON: version $1\n"); + next; + } if (/^\s+Fabric Downloader version used (.*)/) { ProcessHistory("SLOT","keysort","Z","!Slot $slot/Fabric Downloader: version $1\n"); next; @@ -877,6 +923,7 @@ sub ShowDiag { . $1 / 1024 . " Kbytes SDRAM\n"); } else { ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM\n"); + goto REDUX; } next; } @@ -979,11 +1026,12 @@ sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); my(@lines); - my($slot); + my($slot, $pa); while () { tr/\015//d; return if (/^\s*\^$/); + last if (/online diag status/i); last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); @@ -992,14 +1040,27 @@ sub ShowModule { # match slot/card info line if (/^ *(\d+)\s+(\d+)\s+(.*)\s+(\S+)\s+(\S+)\s*$/) { - $lines[$1] .= "!Slot $1: type $3, $2 ports\n!Slot $1: part $4, serial $5\n"; - $lines[$1] =~ s/\s+,/,/g; + $lines[$1 * 1000] .= "!Slot $1: type $3, $2 ports\n!Slot $1: part $4, serial $5\n"; + $lines[$1 * 1000] =~ s/\s+,/,/g; + next; } # now match the Revs in the second paragraph of o/p and stick it in # the array with the previous bits...grumble. if (/^ *(\d+)\s+\S+\s+to\s+\S+\s+(\S+)\s+(\S*)\s+(\S+)(\s+\S+)?\s*$/) { - $lines[$1] .= "!Slot $1: hvers $2, firmware $3, sw $4\n"; - $lines[$1] =~ s/\s+,/,/g; + $lines[$1 * 1000] .= "!Slot $1: hvers $2, firmware $3, sw $4\n"; + $lines[$1 * 1000] =~ s/\s+,/,/g; + next; + } + # grab the sub-modules, if any + if (/^\s+(\d+)\s(.*)\s+(\S+)\s+(\S+)\s+(\S+)\s+\S+\s*$/) { + my($idx); + $pa = 0 if ($1 != $slot); + $slot = $1; + $idx = $1 * 1000 + $1 * 10 + $pa; + $lines[$idx] .= "!Slot $1/$pa: type $2\n"; + $lines[$idx] .= "!Slot $slot/$pa: part $3, serial $4\n"; + $lines[$idx] .= "!Slot $slot/$pa: hvers $5\n"; + $pa++; } } foreach $slot (@lines) { @@ -1130,8 +1191,8 @@ sub WriteTerm { while () { tr/\015//d; last if(/^$prompt/); - return(-1) if (/command authorization failed/i); return(1) if /(Invalid input detected|Type help or )/; + return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked @@ -1200,6 +1261,15 @@ sub WriteTerm { } next; } + # cisco AP w/ IOS + if (/^(wlccp \S+ username (\S+)(\s.*)? password) (\d \S+|\S+)/) { + if ($filter_pwds >= 1) { + ProcessHistory("USER","keysort","$2","!$1 \n"); + } else { + ProcessHistory("USER","keysort","$2","$_"); + } + next; + } if (/^( set session-key (in|out)bound ah \d+ )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1\n"); next; @@ -1256,10 +1326,15 @@ sub WriteTerm { ProcessHistory("","","","!$1 \n"); next; } # i am told these are plain-text on the PIX - if (/^(vpdn username \S+ password)/ && $filter_pwds >= 1) { - ProcessHistory("","","","!$1 \n"); next; + if (/^(vpdn username (\S+) password)/) { + if ($filter_pwds >= 1) { + ProcessHistory("USER","keysort","$2","!$1 \n"); + } else { + ProcessHistory("USER","keysort","$2","$_"); + } + next; } - if (/^( cable shared-secret ) / && $filter_pwds >= 1) { + if (/^( cable shared-secret )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } @@ -1332,6 +1407,11 @@ sub WriteTerm { while ($token = shift(@tokens)) { if ($token eq 'version') { $line .= " " . join(' ', ($token, shift(@tokens))); + if ($token eq '3') { + $line .= " " . join(' ', ($token, shift(@tokens))); + } + } elsif ($token eq 'vrf') { + $line .= " " . join(' ', ($token, shift(@tokens))); } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { $line .= " " . $token; } else { @@ -1420,10 +1500,12 @@ sub DoNothing {print STDOUT;} # Main %commands=( + 'admin show version' => "ShowVersion", 'show version' => "ShowVersion", 'show redundancy secondary' => "ShowRedundancy", 'show idprom backplane', => "ShowIDprom", 'show install active' => "ShowInstallActive", + 'admin show env all' => "ShowEnv", 'show env all' => "ShowEnv", 'show rsp chassis-info',=> "ShowRSP", 'show gsr chassis' => "ShowGSR", @@ -1464,6 +1546,7 @@ sub DoNothing {print STDOUT;} 'show controllers' => "ShowContAll", 'show controllers cbus' => "ShowContCbus", 'show diagbus' => "ShowDiagbus", + 'admin show diag' => "ShowDiag", 'show diag' => "ShowDiag", 'show module' => "ShowModule", # cat 6500-ios 'show spe version' => "ShowSpeVersion", @@ -1476,10 +1559,12 @@ sub DoNothing {print STDOUT;} # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita @commands=( + "admin show version", "show version", "show redundancy secondary", "show idprom backplane", "show install active", + "admin show env all", "show env all", "show rsp chassis-info", "show gsr chassis", @@ -1520,6 +1605,7 @@ sub DoNothing {print STDOUT;} "show controllers", "show controllers cbus", "show diagbus", + "admin show diag", "show diag", "show module", "show spe version", @@ -1554,11 +1640,11 @@ if ($file) { # determine password filtering mode if ($ENV{"FILTER_PWDS"} =~ /no/i) { - $filter_pwds = 0; + $filter_pwds = 0; } elsif ($ENV{"FILTER_PWDS"} =~ /all/i) { - $filter_pwds = 2; + $filter_pwds = 2; } else { - $filter_pwds = 1; + $filter_pwds = 1; } ProcessHistory("","","","!RANCID-CONTENT-TYPE: cisco\n!\n"); diff --git a/bin/rivlogin.in b/bin/rivlogin.in index 4468fff..bbfa9b5 100644 --- a/bin/rivlogin.in +++ b/bin/rivlogin.in @@ -1,6 +1,6 @@ #! @EXPECT_PATH@ -- ## -## $Id: rivlogin.in,v 1.17 2004/02/02 17:38:36 heas Exp $ +## $Id: rivlogin.in,v 1.18 2004/07/19 00:06:08 afort Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -380,12 +380,25 @@ proc do_enable { enauser enapasswd userpswd } { if { $verbose == 1 } { puts "DEBUG: do_enable: my_prompt = $my_prompt ena_prompt = $enable_prompt" } + + set uses_username 0; send "enable\r" expect { - Username: { send "$enauser\r"; exp_continue } - Password: { send "$userpswd\r"; exp_continue } + Username: { + set uses_username 1; + send "$enauser\r"; + exp_continue + } + Password: { + if {$uses_username == 1} { + send "$userpswd\r"; + } else { + send "$enapasswd\r"; + } + exp_continue + } "$my_prompt" { puts "ERROR: do_enable failed to gain enable mode." diff --git a/etc/Makefile.am b/etc/Makefile.am index 10edcad..8b566c0 100644 --- a/etc/Makefile.am +++ b/etc/Makefile.am @@ -1,7 +1,7 @@ ## Process this file with automake to produce Makefile.in ## A Makefile.in is supplied, in case you do not have automake. -## $Id: Makefile.am,v 1.11 2004/01/13 18:02:00 heas Exp $ +## $Id: Makefile.am,v 1.12 2005/02/12 00:08:18 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -34,23 +34,23 @@ endif install-data-local: all @if test "$(DO_CONF_INSTALL)" = "yes"; then \ - if test -f $(sysconfdir)/rancid.conf ; then \ + if test -f $(DESTDIR)$(sysconfdir)/rancid.conf ; then \ echo ""; \ - echo "WARNING: *** $(sysconfdir)/rancid.conf exists. See "; \ + echo "WARNING: *** $(DESTDIR)$(sysconfdir)/rancid.conf exists. See "; \ echo " *** $(pkgdatadir)/rancid.conf.sample for new"; \ echo " *** examples."; \ echo ""; \ else \ - $(INSTALL_DATA) rancid.conf.sample $(sysconfdir)/rancid.conf; \ + $(INSTALL_DATA) rancid.conf.sample $(DESTDIR)$(sysconfdir)/rancid.conf; \ fi; \ - if test -f $(sysconfdir)/lg.conf ; then \ + if test -f $(DESTDIR)$(sysconfdir)/lg.conf ; then \ echo ""; \ - echo "WARNING: *** $(sysconfdir)/lg.conf exists. See "; \ + echo "WARNING: *** $(DESTDIR)$(sysconfdir)/lg.conf exists. See "; \ echo " *** $(pkgdatadir)/lg.conf.sample for new"; \ echo " *** examples."; \ echo ""; \ else \ - $(INSTALL_DATA) lg.conf.sample $(sysconfdir)/lg.conf; \ + $(INSTALL_DATA) lg.conf.sample $(DESTDIR)$(sysconfdir)/lg.conf; \ fi; \ fi diff --git a/etc/Makefile.in b/etc/Makefile.in index 079f85c..1a37d6e 100644 --- a/etc/Makefile.in +++ b/etc/Makefile.in @@ -350,23 +350,23 @@ uninstall-am: uninstall-info-am uninstall-pkgdataDATA install-data-local: all @if test "$(DO_CONF_INSTALL)" = "yes"; then \ - if test -f $(sysconfdir)/rancid.conf ; then \ + if test -f $(DESTDIR)$(sysconfdir)/rancid.conf ; then \ echo ""; \ - echo "WARNING: *** $(sysconfdir)/rancid.conf exists. See "; \ + echo "WARNING: *** $(DESTDIR)$(sysconfdir)/rancid.conf exists. See "; \ echo " *** $(pkgdatadir)/rancid.conf.sample for new"; \ echo " *** examples."; \ echo ""; \ else \ - $(INSTALL_DATA) rancid.conf.sample $(sysconfdir)/rancid.conf; \ + $(INSTALL_DATA) rancid.conf.sample $(DESTDIR)$(sysconfdir)/rancid.conf; \ fi; \ - if test -f $(sysconfdir)/lg.conf ; then \ + if test -f $(DESTDIR)$(sysconfdir)/lg.conf ; then \ echo ""; \ - echo "WARNING: *** $(sysconfdir)/lg.conf exists. See "; \ + echo "WARNING: *** $(DESTDIR)$(sysconfdir)/lg.conf exists. See "; \ echo " *** $(pkgdatadir)/lg.conf.sample for new"; \ echo " *** examples."; \ echo ""; \ else \ - $(INSTALL_DATA) lg.conf.sample $(sysconfdir)/lg.conf; \ + $(INSTALL_DATA) lg.conf.sample $(DESTDIR)$(sysconfdir)/lg.conf; \ fi; \ fi diff --git a/include/version.h b/include/version.h index 2cd4c5e..91a8cf7 100644 --- a/include/version.h +++ b/include/version.h @@ -4,6 +4,6 @@ /* pkg version */ char package[] = "rancid"; -char version[] = "2.3.1"; +char version[] = "2.3.2a"; #endif diff --git a/include/version.h.in b/include/version.h.in index 2cd4c5e..91a8cf7 100644 --- a/include/version.h.in +++ b/include/version.h.in @@ -4,6 +4,6 @@ /* pkg version */ char package[] = "rancid"; -char version[] = "2.3.1"; +char version[] = "2.3.2a"; #endif diff --git a/man/cloginrc.5 b/man/cloginrc.5 index 67387b5..d8fc6a0 100644 --- a/man/cloginrc.5 +++ b/man/cloginrc.5 @@ -1,8 +1,8 @@ .\" -.\" $Id: cloginrc.5,v 1.35 2004/05/12 23:35:48 heas Exp $ +.\" $Id: cloginrc.5,v 1.36 2004/06/24 16:03:24 heas Exp $ .\" .hys 50 -.TH "cloginrc" "5" "11 May 2004" +.TH "cloginrc" "5" "23 June 2004" .SH NAME \.cloginrc \- clogin configuration file .SH DESCRIPTION @@ -101,6 +101,10 @@ the user is not automatically enabled and .IR clogin should execute the enable command to gain enable privileges, unless negated by the noenable directive or \-noenable command\-line option. +.sp +Also see the +.B noenable +directive. .\" .TP .B add cyphertype {} @@ -172,8 +176,17 @@ Default: {telnet} {ssh} will not try to gain enable privileges when noenable is matched for a device. This is equivalent to .IR "clogin" 's --noenable command-line option. This does not apply to -.BR jlogin (1). +-noenable command-line option. +.sp +Note that this directive is meaningless for +.BR jlogin (1), +.BR nlogin (1) +and +.BR clogin (1) +[for Extreme] +which do not have the concept of "enabled" and/or no way to elevate +privleges once logged in; a user either has the necessary privleges or +doesn't. .\" .TP .B add passphrase {""} diff --git a/man/rancid.1 b/man/rancid.1 index 0e7e7ba..af44ddc 100644 --- a/man/rancid.1 +++ b/man/rancid.1 @@ -129,3 +129,8 @@ Password: cat5k> (enable) .fi .in -1i +.PP +.B rancid +works on Cisco Catalyst 1900 series switches that are running Enterprise +Edition software. This software provides a menu at connection time that +allows a command line interface to be used by entering 'K' at the prompt. -- cgit