From 1a7c45398738cdb4eaafdc9e0962272f19d54816 Mon Sep 17 00:00:00 2001 From: Tar Committer Date: Tue, 5 Dec 2006 16:52:12 +0000 Subject: Imported from rancid-2.3.2a6.tar.gz. --- bin/agmrancid.in | 490 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 490 insertions(+) create mode 100644 bin/agmrancid.in (limited to 'bin/agmrancid.in') diff --git a/bin/agmrancid.in b/bin/agmrancid.in new file mode 100644 index 0000000..9f3166d --- /dev/null +++ b/bin/agmrancid.in @@ -0,0 +1,490 @@ +#! @PERLV_PATH@ +## +## $Id: agmrancid.in,v 1.1 2006/11/23 20:20:16 heas Exp $ +## +## @PACKAGE@ @VERSION@ +## Copyright (C) 1997-2006 by Terrapin Communications, Inc. +## All rights reserved. +## +## This software may be freely copied, modified and redistributed +## without fee for non-commerical purposes provided that this license +## remains intact and unmodified with any RANCID distribution. +## +## There is no warranty or other guarantee of fitness of this software. +## It is provided solely "as is". The author(s) disclaim(s) all +## responsibility and liability with respect to this software's usage +## or its effect upon hardware, computer systems, other software, or +## anything else. +## +## Except where noted otherwise, rancid was written by and is maintained by +## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. +## +# Amazingly hacked version of Hank's rancid - this one tries to +# deal with Cisco AGMs. +# +# RANCID - Really Awesome New Cisco confIg Differ +# +# usage: rancid [-dV] [-l] [-f filename | hostname] +# +use Getopt::Std; +getopts('dflV'); +if ($opt_V) { + print "@PACKAGE@ @VERSION@\n"; + exit(0); +} +$log = $opt_l; +$debug = $opt_d; +$file = $opt_f; +$host = $ARGV[0]; +$clean_run = 0; +$found_end = 0; +$found_version = 0; +$found_env = 0; +$found_diag = 0; +$timeo = 90; # clogin timeout in seconds + +my(@commandtable, %commands, @commands);# command lists +my(%filter_pwds); # password filtering mode + +# This routine is used to print out the router configuration +sub ProcessHistory { + my($new_hist_tag,$new_command,$command_string,@string) = (@_); + if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) + && defined %history) { + print eval "$command \%history"; + undef %history; + } + if (($new_hist_tag) && ($new_command) && ($command_string)) { + if ($history{$command_string}) { + $history{$command_string} = "$history{$command_string}@string"; + } else { + $history{$command_string} = "@string"; + } + } elsif (($new_hist_tag) && ($new_command)) { + $history{++$#history} = "@string"; + } else { + print "@string"; + } + $hist_tag = $new_hist_tag; + $command = $new_command; + 1; +} + +sub numerically { $a <=> $b; } + +# This is a sort routine that will sort numerically on the +# keys of a hash as if it were a normal array. +sub keynsort { + local(%lines) = @_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort numerically keys(%lines)) { + $sorted_lines[$i] = $lines{$key}; + $i++; + } + @sorted_lines; +} + +# This is a sort routine that will sort on the +# keys of a hash as if it were a normal array. +sub keysort { + local(%lines) = @_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort keys(%lines)) { + $sorted_lines[$i] = $lines{$key}; + $i++; + } + @sorted_lines; +} + +# This is a sort routine that will sort on the +# values of a hash as if it were a normal array. +sub valsort{ + local(%lines) = @_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort values %lines) { + $sorted_lines[$i] = $key; + $i++; + } + @sorted_lines; +} + +# This is a numerical sort routine (ascending). +sub numsort { + local(%lines) = @_; + local($i) = 0; + local(@sorted_lines); + foreach $num (sort {$a <=> $b} keys %lines) { + $sorted_lines[$i] = $lines{$num}; + $i++; + } + @sorted_lines; +} + +# This is a sort routine that will sort on the +# ip address when the ip address is anywhere in +# the strings. +sub ipsort { + local(%lines) = @_; + local($i) = 0; + local(@sorted_lines); + foreach $addr (sort sortbyipaddr keys %lines) { + $sorted_lines[$i] = $lines{$addr}; + $i++; + } + @sorted_lines; +} + +# These two routines will sort based upon IP addresses +sub ipaddrval { + my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); + $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); +} +sub sortbyipaddr { + &ipaddrval($a) <=> &ipaddrval($b); +} + +# This routine parses "show version" +sub ShowVersion { + print STDERR " In ShowVersion: $_" if ($debug); + my($slaveslot); + + while () { + tr/\015//d; + if (/^$prompt/) { $found_version=1; last}; + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /Line has invalid autocommand /; + return(1) if /(Invalid input detected|Type help or )/; + return(-1) if (/command authorization failed/i); + return(0) if ($found_version); # Only do this routine once + # the pager can not be disabled per-session on the PIX + if (/^(-+More-+)/i) { + my($len) = length($1); + s/^$1\s{$len}//; + } + + /^Cisco Anomaly Guard Image /i && + ProcessHistory("COMMENTS","keysort","B1", "! $_") && next; + /^MDM agent /i && + ProcessHistory("COMMENTS","keysort","B1", "! $_") && next; + } + return(0); +} + +# This routine parses "show diag" +# This will create arrarys for hw info. +sub ShowDiag { + print STDERR " In ShowDiag: $_" if ($debug); + + while () { + tr/\015//d; + if (/^$prompt/) { $found_diag=1; last}; + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /Line has invalid autocommand /; + return(1) if /(Invalid input detected|Type help or )/; + return(-1) if (/command authorization failed/i); + return(0) if ($found_diag); # Only do this routine once + /^$/ && next; + # the pager can not be disabled per-session on the PIX + if (/^(-+More-+)/i) { + my($len) = length($1); + s/^$1\s{$len}//; + } + + /^Cisco Anomaly Guard Image /i && next; + /^... ... \d+ \d+:\d+:\d+ \w \d+$/ && next; + /^Copyright /i && next; + /^All rights /i && next; + /sample loss:/i && next; + /forward failures /i && next; + + ProcessHistory("DIAG","keysort","C1","! $_"); + } + ProcessHistory("DIAG","","","!\n"); + return(0); +} + +# This routine processes a "write term" +sub WriteTerm { + print STDERR " In WriteTerm: $_" if ($debug); + my($lineauto,$comment,$linecnt) = (0,0,0); + + while () { + tr/\015//d; + last if (/^$prompt/); + return(1) if /Line has invalid autocommand /; + return(1) if (/(Invalid input detected|Type help or )/i); + return(-1) if (/command authorization failed/i); + # the pager can not be disabled per-session on the PIX + if (/^(-+More-+)/i) { + my($len) = length($1); + s/^$1\s{$len}//; + } + + /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked + return(0) if ($found_end); # Only do this routine once + $linecnt++; + $lineauto = 0 if (/^[^ ]/); + + # skip consecutive comment/blank lines to avoid oscillating extra + # comment line on some access servers. grrr. + if (/^!/ || /^$/) { + next if ($comment); + ProcessHistory("","","",$_); + $comment++; + next; + } + $comment = 0; + + # Dog gone Cool matches to process the rest of the config + /^tftp-server flash / && next; # kill any tftp remains + /^ntp clock-period / && next; # kill ntp clock-period + /^ length / && next; # kill length on serial lines + /^ width / && next; # kill width on serial lines + $lineauto = 1 if /^ modem auto/; + /^ speed / && $lineauto && next; # kill speed on serial lines + /^ clockrate / && next; # kill clockrate on serial interfaces + if (/^(enable )?(password|passwd)( level \w+)? encrypted ((.)\S+)/) { + if ($filter_pwds >= 2) { + ProcessHistory("USER","keysort","$1", + "!$1$2$3 encrypted \n"); + } elsif ($filter_pwds >= 1 && $5 ne "\$") { + ProcessHistory("USER","keysort","$1", + "!$1$2$3 encrypted \n"); + } else { + ProcessHistory("USER","keysort","$1","$_"); + } + next; + } + + if ((/^(enable )?(password|passwd)( level \w+)? encrypted [^\$]/ && + $filter_pwds >= 1) || + (/^(enable )?(password|passwd)( level \w+)? encrypted [^\$]/ && + $filter_pwds >= 2)) { + ProcessHistory("ENABLE","","","!$1$2$3 \n"); + next; + } + if (/^username (\S+)(\s.*)? encrypted ((.)\S+)/) { + if ($filter_pwds >= 2) { + ProcessHistory("USER","keysort","$1", + "!username $1$2 encrypted \n"); + } elsif ($filter_pwds >= 1 && $4 ne "\$") { + ProcessHistory("USER","keysort","$1", + "!username $1$2 encrypted \n"); + } else { + ProcessHistory("USER","keysort","$1","$_"); + } + next; + } + if (/^(\s*)password / && $filter_pwds >= 1) { + ProcessHistory("LINE-PASS","","","!$1password \n"); + next; + } + if (/^(\s*)secret / && $filter_pwds >= 2) { + ProcessHistory("LINE-PASS","","","!$1secret \n"); + next; + } + # filter out any RCS/CVS tags to avoid confusing local CVS storage + s/\$(Revision|Id):/ $1:/; + # order arp lists + /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && + ProcessHistory("ARP","ipsort","$1","$_") && next; + + # order logging statements + /^logging host (\d+\.\d+\.\d+\.\d+)/ && + ProcessHistory("LOGGING","ipsort","$1","$_") && next; + # order/prune snmp-server host statements + # we only prune lines of the form + # snmp-server host a.b.c.d + if (/^snmp-server trap-dest (\d+\.\d+\.\d+\.\d+) /) { + if (defined($ENV{'NOCOMMSTR'})) { + my($ip) = $1; + my($line) = "snmp-server host $ip"; + my(@tokens) = split(' ', $'); + my($token); + while ($token = shift(@tokens)) { + if ($token eq 'version') { + $line .= " " . join(' ', ($token, shift(@tokens))); + if ($token eq '3') { + $line .= " " . join(' ', ($token, shift(@tokens))); + } + } elsif ($token eq 'vrf') { + $line .= " " . join(' ', ($token, shift(@tokens))); + } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { + $line .= " " . $token; + } else { + $line = "!$line " . join(' ', ("", join(' ',@tokens))); + last; + } + } + ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); + } else { + ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); + } + next; + } + if (/^(snmp community) (\S+)/) { + if (defined($ENV{'NOCOMMSTR'})) { + ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; + } else { + ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; + } + } + # prune tacacs/radius server keys + if (/^((tacacs-server|radius-server)\s(\w*[-\s(\s\S+])*\s?key) \d \w+/ + && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 $'"); next; + } + + # delete ntp auth password - this md5 is a reversable too + if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 \n"); next; + } + # order ntp peers/servers + if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { + $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); + ProcessHistory("NTP","keysort",$sortkey,"$_"); + next; + } + + # catch anything that wasnt matched above. + ProcessHistory("","","","$_"); + # end of config. the ": " game is for the PIX + if (/^(: +)?end$/) { + $found_end = 1; + return(1); + } + } + # The AGM lacks a definitive "end of config" marker. If we have seen at + # least 5 lines of write term o/p, we can be reasonably sure that we got + # the config. + if ($linecnt > 5) { + $found_end = 1; + return(1); + } + + return(0); +} + +# dummy function +sub DoNothing {print STDOUT;} + +# Main +@commandtable = ( + {'show version' => 'ShowVersion'}, + {'show diagnostic-info' => 'ShowDiag'}, + {'show running-config' => 'WriteTerm'}, +); +# Use an array to preserve the order of the commands and a hash for mapping +# commands to the subroutine and track commands that have been completed. +@commands = map(keys(%$_), @commandtable); +%commands = map(%$_, @commandtable); + +$cisco_cmds=join(";",@commands); +$cmds_regexp=join("|",@commands); + +if (length($host) == 0) { + if ($file) { + print(STDERR "Too few arguments: file name required\n"); + exit(1); + } else { + print(STDERR "Too few arguments: host name required\n"); + exit(1); + } +} +open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; +select(OUTPUT); +# make OUTPUT unbuffered if debugging +if ($debug) { $| = 1; } + +if ($file) { + print STDERR "opening file $host\n" if ($debug); + print STDOUT "opening file $host\n" if ($log); + open(INPUT,"<$host") || die "open failed for $host: $!\n"; +} else { + print STDERR "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); + print STDOUT "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); + if (defined($ENV{NOPIPE})) { + system "hlogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "hlogin failed for $host: $!\n"; + open(INPUT, "< $host.raw") || die "hlogin failed for $host: $!\n"; + } else { + open(INPUT,"hlogin -t $timeo -c \"$cisco_cmds\" $host ) { + tr/\015//d; + if (/[>#]\s?exit$/) { + $clean_run=1; + last; + } + if (/^Error:/) { + print STDOUT ("$host clogin error: $_"); + print STDERR ("$host clogin error: $_") if ($debug); + $clean_run=0; + last; + } + while (/#\s*($cmds_regexp)\s*$/) { + $cmd = $1; + if (!defined($prompt)) { + $prompt = ($_ =~ /^([^#]+#)/)[0]; + $prompt =~ s/([][}{)(\\])/\\$1/g; + print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); + } + print STDERR ("HIT COMMAND:$_") if ($debug); + if (! defined($commands{$cmd})) { + print STDERR "$host: found unexpected command - \"$cmd\"\n"; + $clean_run = 0; + last TOP; + } + $rval = &{$commands{$cmd}}; + delete($commands{$cmd}); + if ($rval == -1) { + $clean_run = 0; + last TOP; + } + if (/[>#]\s?exit$/) { + $clean_run=1; + last; + } + } +} +print STDOUT "Done $logincmd: $_\n" if ($log); +# Flush History +ProcessHistory("","","",""); +# Cleanup +close(INPUT); +close(OUTPUT); + +if (defined($ENV{NOPIPE})) { + unlink("$host.raw") if (! $debug); +} + +# check for completeness +if (scalar(%commands) || !$clean_run || !$found_end) { + if (scalar(%commands)) { + printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); + printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); + } + if (!$clean_run || !$found_end) { +print STDOUT $clean_run . " " . $found_end . "\n"; + print STDOUT "$host: End of run not found\n"; + print STDERR "$host: End of run not found\n" if ($debug); + system("/usr/bin/tail -1 $host.new"); + } + unlink "$host.new" if (! $debug); +} -- cgit