From 4d684aecaacc9a59e7e9c0661934aeba0b16efec Mon Sep 17 00:00:00 2001 From: Tar Committer Date: Wed, 30 Mar 2005 07:52:00 +0000 Subject: Imported from rancid-2.3.2a.tar.gz. --- bin/alogin.in | 241 +--------------------------------------------------------- 1 file changed, 4 insertions(+), 237 deletions(-) (limited to 'bin/alogin.in') diff --git a/bin/alogin.in b/bin/alogin.in index 8937b95..c0e5c40 100644 --- a/bin/alogin.in +++ b/bin/alogin.in @@ -1,6 +1,6 @@ #! @EXPECT_PATH@ -- -## -## $Id: alogin.in,v 1.23 2004/02/02 17:38:36 heas Exp $ +# +## $Id: alogin.in,v 1.24 2004/12/24 21:00:31 tex Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. @@ -27,241 +27,8 @@ # (andrew fort) # -# Usage line -set usage "Usage: $argv0 \[-c command\] \ -\[-Evar=x\] \[-f cloginrc-file\] \ -\[-s script-file\] \[-t timeout\] \[-u username\] \ -\[-v vty-password\] \[-x command-file\] \ -\[-y ssh_cypher_type\] router \[router...\]\n" - -# env(CLOGIN) may contain: -# x == do not set xterm banner or name - -# Password file -set password_file $env(HOME)/.cloginrc -# Default is to login to the router -set do_command 0 -set do_script 0 -# The default is to automatically enable -set avenable 1 -# The default is that you login non-enabled (tacacs can have you login already -# enabled) -set avautoenable 0 -# The default is to look in the password file to find the passwords. This -# tracks if we receive them on the command line. -set do_passwd 1 - -# Find the user in the ENV, or use the unix userid. -if {[ info exists env(CISCO_USER) ] } { - set default_user $env(CISCO_USER) -} elseif {[ info exists env(USER) ]} { - set default_user $env(USER) -} elseif {[ info exists env(LOGNAME) ]} { - set default_user $env(LOGNAME) -} else { - # This uses "id" which I think is portable. At least it has existed - # (without options) on all machines/OSes I've been on recently - - # unlike whoami or id -nu. - if [ catch {exec id} reason ] { - send_error "\nError: could not exec id: $reason\n" - exit 1 - } - regexp {\(([^)]*)} "$reason" junk default_user -} - -# Sometimes routers take awhile to answer (the default is 10 sec) -set timeout 45 - -# Process the command line -for {set i 0} {$i < $argc} {incr i} { - set arg [lindex $argv $i] - - switch -glob -- $arg { - # Username - -u* - - -U* { - if {! [ regexp .\[uU\](.+) $arg ignore user]} { - incr i - set username [ lindex $argv $i ] - } - # VTY Password - } -v* - - -v* { - if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { - incr i - set passwd [ lindex $argv $i ] - } - set do_passwd 0 - # Enable Username - } -w* - - -W* { - # ignore -w - # Environment variable to pass to -s scripts - } -E* - { - if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { - incr i - set E$varname $varvalue - } else { - send_user "\nError: invalid format for -E in $arg\n" - exit 1 - } - # Enable Password - } -e* - { - # ignore -e - # Command to run. - } -c* - - -C* { - if {! [ regexp .\[cC\](.+) $arg ignore command]} { - incr i - set command [ lindex $argv $i ] - } - set do_command 1 - # Expect script to run. - } -s* - - -S* { - if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { - incr i - set sfile [ lindex $argv $i ] - } - if { ! [ file readable $sfile ] } { - send_user "\nError: Can't read $sfile\n" - exit 1 - } - set do_script 1 - # 'ssh -c' cypher type - } -y* - - -Y* { - if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { - incr i - set cypher [ lindex $argv $i ] - } - # alternate cloginrc file - } -f* - - -F* { - if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { - incr i - set password_file [ lindex $argv $i ] - } - # Timeout - } -t* - - -T* { - if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { - incr i - set timeout [ lindex $argv $i ] - } - # Command file - } -x* - - -X { - if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { - incr i - set cmd_file [ lindex $argv $i ] - } - if [ catch {set cmd_fd [open $cmd_file r]} reason ] { - send_user "\nError: $reason\n" - exit 1 - } - set cmd_text [read $cmd_fd] - close $cmd_fd - set command [join [split $cmd_text \n] \;] - set do_command 1 - # Do we enable? - } -noenable { - # ignore -noenable - # Does tacacs automatically enable us? - } -autoenable { - # ignore -autoenable - } -* { - send_user "\nError: Unknown argument! $arg\n" - send_user $usage - exit 1 - } default { - break - } - } -} -# Process routers...no routers listed is an error. -if { $i == $argc } { - send_user "\nError: $usage" -} - -# Only be quiet if we are running a script (it can log its output -# on its own) -if { $do_script } { - log_user 0 -} else { - log_user 1 -} - -# -# Done configuration/variable setting. Now run with it... -# - -# Sets Xterm title if interactive...if its an xterm and the user cares -proc label { host } { - global env - # if CLOGIN has an 'x' in it, don't set the xterm name/banner - if [info exists env(CLOGIN)] { - if {[string first "x" $env(CLOGIN)] != -1} { return } - } - # take host from ENV(TERM) - if [info exists env(TERM)] { - if [regexp \^(xterm|vs) $env(TERM) ignore ] { - send_user "\033]1;[lindex [split $host "."] 0]\a" - send_user "\033]2;$host\a" - } - } -} - -# This is a helper function to make the password file easier to -# maintain. Using this the password file has the form: -# add password sl* pete cow -# add password at* steve -# add password * hanky-pie -proc add {var args} { global int_$var ; lappend int_$var $args} -proc include {args} { - global env - regsub -all "(^{|}$)" $args {} args - if { [ regexp "^/" $args ignore ] == 0 } { - set args $env(HOME)/$args - } - source_password_file $args -} - -proc find {var router} { - upvar int_$var list - if { [info exists list] } { - foreach line $list { - if { [string match [lindex $line 0] $router ] } { - return [lrange $line 1 end] - } - } - } - return {} -} - -# Loads the password file. Note that as this file is tcl, and that -# it is sourced, the user better know what to put in there, as it -# could install more than just password info... I will assume however, -# that a "bad guy" could just as easy put such code in the clogin -# script, so I will leave .cloginrc as just an extention of that script -proc source_password_file { password_file } { - global env - if { ! [file exists $password_file] } { - send_user "\nError: password file ($password_file) does not exist\n" - exit 1 - } - file stat $password_file fileinfo - if { [expr ($fileinfo(mode) & 007)] != 0000 } { - send_user "\nError: $password_file must not be world readable/writable\n" - exit 1 - } - if [ catch {source $password_file} reason ] { - send_user "\nError: $reason\n" - exit 1 - } -} +# alogin: doesn't understand enable. It will just ignore the enable options. +@INCLUDE login.top@ # Log into the router. proc login { router user userpswd passwd prompt cmethod cyphertype } { -- cgit