+ $msg
+
+
+ Query: $cmd
+
+HEAD
+
+ if ($arg) { print "Argument(s): $arg\n"; }
+ print "
+
+END
+
+ return;
+}
+
+
+# Main()
+# read the configuration file if it exists.
+readconf();
+
+# The script will now cache the results as simple files in the $cache_dir,
+# named after the type of query (queries must, of course, be one word with
+# no spaces). Modify $LG_CACHE_TIME to set the lifetime for cache entries.
+# for most web servers, cache_dir must be writable by uid nobody
+if (defined($LG_CACHE_DIR)) {
+ $cache_dir = $LG_CACHE_DIR;
+} else {
+ $cache_dir = "./tmp";
+}
+
+# read routers table to get @rtrlist
+readrouters();
+
+# when to display cache? max time difference (in seconds)
+if (defined($LG_CACHE_TIME)) {
+ $max_time_diff = $LG_CACHE_TIME;
+} else {
+ $max_time_diff = "600" ;
+}
+
+# max seconds to wait for a 'router' lock to free up
+$max_lock_wait = 30;
+$lock_int = 5;
+$max_lock_hold = 300;
+
+# clogin setup
+if (defined($LG_CLOGINRC)) {
+ $cloginrc = $LG_CLOGINRC;
+} else {
+ $cloginrc = "$ENV(HOME)/.cloginrc";
+}
+
+$query = new CGI;
+
+# get form data and validate
+$type = ($query->param('query'))[0];
+$router_param = ($query->param('router'))[0];
+$remote_user = $ENV{REMOTE_USER};
+$arg = ($query->param('args'))[0];
+# handle multiple args
+$arg =~ s/["'`]//g; # these are BS in any arg for any query
+@arg = split(' ', $arg);
+
+# verify router, commands, arguments, etc.
+($router, $mfg) = split(':', $router_param);
+if (!defined($type) || !defined($router) || $router eq "") {
+ &Error("You must at least choose a Query and a router. Try buying " .
+ "a clue.\n");
+}
+
+if ($arg !~ /^[-A-Za-z0-9|_\/ \.^\$]*$/) {
+ &Error("Funny characters in argument; ignoring.\n");
+}
+if (length($arg) >= 50) {
+ &Error("Argument string too long; ignoring. \n");
+}
+
+if (! arraymember(\@rtrlist, $router)) {
+ my($timestr) = strftime("%a %b %e %H:%M:%S %Y", gmtime);
+ dolog(LOG_WARNING, sprintf("%s %s %s %s\n",
+ $ENV{REMOTE_HOST}, $ENV{REMOTE_ADDR}, $ENV{REMOTE_USER},
+ "- - [$timestr] lg.cgi: attempt to access $router\n"));
+ Error("access to $router not permitted");
+}
+
+# conversion of command "type" passed from lgform.cgi to the vendor's syntax.
+if ($mfg =~ /cisco/i) {
+ %mfgCmd = (
+ # Debug Queries
+ log => "show logging",
+ # Interface Queries
+ framerelay => "show frame-relay pvc",
+ interface => "show interface",
+ intbrief => "show ip interface", # switch in {interface}
+ # Routing Queries
+ damp => "show ip bgp dampened-paths",
+ neighbor => "show ip bgp neighbor",
+ # Multicast Queries
+ mbgp => "show ip mbgp",
+ mbgpsum => "show ip mbgp summary",
+ mneighbor => "show ip bgp neighbor",
+ msdp => "show ip msdp summary",
+ msdpsa => "show ip msdp sa-cache",
+ msess => "show ip sdr",
+ mroute => "show ip mroute",
+ pim_interface => "show ip pim interface",
+ pim_neighbor => "show ip pim neighbor",
+ pim_rp => "show ip pim rp mapping",
+ # IPv6 Queries
+ #
+ #acl => "show access-list",
+ #aspath => "show ip as-path-access-list",
+ #communitylist => "show ip community-list",
+ ping => "ping",
+ prefix => "show ip bgp",
+ prefixlist => "show ip prefix-list",
+ regex => "show ip bgp regex",
+ route => "show ip route",
+ routemap => "show route-map",
+ rpf => "show ip rpf",
+ summary => "show ip bgp summary",
+ trace => "traceroute",
+ v6_bgp => "show bgp ipv6",
+ v6_interface => "show ipv6 interface",
+ v6_summary => "show bgp ipv6 summary"
+ );
+} elsif ($mfg =~ /foundry/i) {
+ %mfgCmd = (
+ # Debug Queries
+ log => "show log",
+ ping => "ping",
+ trace => "traceroute",
+ # Interface Queries
+ #framerelay => "show frame-relay pvc", # no compatible command
+ interface => "show interface",
+ # Routing Queries
+ damp => "show ip bgp dampened-paths",
+ neighbor => "show ip bgp neighbor",
+ #regex => "show ip bgp aspath-regex",
+ route => "show ip route",
+ summary => "show ip bgp summary",
+ # Multicast Queries
+ #mbgp => "show ip mbgp",
+ #mbgpsum => "show bgp summary",
+ #mneighbor => "show ip bgp neighbor",
+ mroute => "show ip mroute",
+ msdp => "show ip msdp summary",
+ msdpsa => "show ip msdp sa-cache",
+ msess => "show ip sdr",
+ pim_interface => "show ip pim interface",
+ pim_neighbor => "show ip pim neighbor",
+ pim_rp => "show ip pim rp mapping",
+ rpf => "show ip rpf",
+ # IPv6 Queries
+ # v6_bgp => "show bgp ipv6",
+ # v6_interface => "show ipv6 interface",
+ # v6_summary => "show bgp ipv6 summary"
+ #
+ #acl => "show access-list",
+ #aspath => "show ip as-path-access-list",
+ #communitylist => "show ip community-list",
+ routemap => "show route-map",
+ prefix => "show ip bgp",
+ prefixlist => "show ip prefix-list"
+ );
+} elsif ($mfg =~ /juniper/i) {
+ %mfgCmd = (
+ # Debug Queries
+ log => "show log messages",
+ ping => "ping rapid count 5",
+ trace => "traceroute",
+ # Interface Queries
+ framerelay => "show frame-relay pvc",
+ interface => "show interface",
+ #intbrief => "show ip interface", # switch in {interface}
+ # Routing Queries
+ damp => "show route damping suppressed terse table inet.0",
+ neighbor => "show bgp neighbor",
+ regex => "show route table inet.0 aspath-regex",
+ summary => "show bgp summary",
+ # Multicast Queries
+ mbgp => "show route table inet.2 terse",
+ mbgpsum => "show bgp summary",
+ mneighbor => "show bgp neighbor",
+ mroute => "show multicast route extensive",
+ msdp => "show msdp",
+ msdpsa => "show msdp source-active",
+ msess => "show multicast sessions",
+ pim_interface => "show pim interface",
+ pim_neighbor => "show pim neighbors",
+ pim_rp => "show pim rps",
+ pim_join => "show pim join",
+ rpf => "show multicast rpf",
+ # IPv6 Queries
+ v6_bgp => "show route table inet6.0",
+ v6_interface => "show interface",
+ v6_summary => "show bgp summary",
+ #
+ #acl => "show access-list",
+ #aspath => "show ip as-path-access-list",
+ #communitylist => "show ip community-list",
+ prefix => "show route table inet.0",
+ prefixlist => "show policy",
+ route => "show route table inet.0 terse",
+ routemap => "show policy"
+ );
+}
+
+# construct Display command from configuration
+%cmdDisp=();
+foreach $qtype (sort keys(%$queries)) {
+ next if (! scalar(%{$queries->{$qtype}}));
+ foreach $sub_type (sort keys(%{$queries->{$qtype}})) {
+ $cmdDisp{$sub_type} = $queries->{$qtype}->{$sub_type};
+ }
+}
+
+# make sure the command is not disabled
+if (! defined($cmdDisp{$type})) {
+ &Error("Unknown command type: $type\n");
+}
+
+# not all cmds/queries are implemented for all platforms
+if (! defined($mfgCmd{$type})) {
+ Error("$cmdDisp{$type} not implemented for $mfg or no suitable " .
+ "equivalent exists. sorry.\n");
+}
+$cmd = $mfgCmd{$type};
+
+# handle each query/command type
+if ($type eq "prefix" || $type eq "mbgp" || $type eq "route" ) {
+ if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) {
+ &Error("The IP address \"$arg[0]\" is not valid and lacking an " .
+ "address would over-burden our router.\n");
+ } elsif (defined($arg[1]) && $arg[1] !~ /^\d+\.\d+\.\d+\.\d+$/) {
+ &Error("The IP netmask \"$arg[1]\" is not valid.\n");
+ }
+ if ($mfg =~ /juniper/i && defined($arg[1])) {
+ $arg = $arg[0] . "/" . mask2len($arg[1]);
+ }
+} elsif ($type eq "v6_route" ){
+ # XXX: is this check of the address arg correct and pedantic?
+ if ($arg[0] !~ /[0-9a-fA-F:]+$/) {
+ &Error("The IPv6 address \"$arg[0]\" is not valid.\n");
+ }
+} elsif ($type eq "framerelay") {
+ if ($mfg =~ /juniper/) {
+ &Error("Juniper does not have a show frame-relay pvc command. " .
+ "Use show interface.\n");
+ }
+ if ($arg[0] > 15 && $arg[0] < 1024) {
+ $arg = $arg[0];
+ } else {
+ undef($arg);
+ }
+} elsif ($type eq "interface" || $type eq "v6_interface") {
+
+ # XXX: wtf is arg[1]?
+# if ($arg[1] =~ /[-\/0-9:.]+/) {
+# $arg = $arg[0] . " " . $arg[1];
+# } else {
+
+ if ($mfg =~ /(cisco|foundry)/) {
+ if ($arg[0] !~ /^b[^ ]+[0-9]/i && $arg[0] =~ /^b/i) {
+ $type = "intbrief";
+ $arg = "brief";
+ } else {
+ $arg = $arg[0];
+ }
+ } elsif ($mfg =~ /juniper/) {
+ my($optind) = 0;
+ # arg 0 may be an intf name or a display option, but there can
+ # only be 2 args
+ $arg = "";
+ while ($optind <= $#arg && $optind < 2) {
+ $arg[$optind] =~ s/brief/terse/;
+ if ($arg[$optind] =~ /^([a-z0-9]{2}\-\d+\/\d+\/\d+(:\d+)?)/i) {
+ $arg .= " $1";
+ } elsif ($arg[$optind] =~ /^det/i) {
+ $arg .= " detail";
+ } elsif ($arg[$optind] =~ /^ter/i) {
+ $arg .= " terse";
+ } elsif ($arg[$optind] =~ /^ext/i) {
+ $arg .= " extensive";
+ }
+ $optind += 1;
+ }
+ }
+} elsif ($type eq "log") {
+ if ($arg[0] =~ /^\s*\|?$/) {
+ shift(@arg);
+ }
+ $arg[0] =~ s/^\s*\|?//;
+ if ($arg[0] !~ /^\s*$/) {
+ if ($mfg =~ /cisco/i) {
+ $arg = " | include " . join(' ', @arg);
+ } elsif ($mfg =~ /juniper/i) {
+ $arg = " | match \"" . join(' ', @arg) . "\"";
+ } else {
+ undef($arg);
+ }
+ } else {
+ undef($arg);
+ }
+} elsif ($type eq "ping" || $type eq "trace") {
+ if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) {
+ if ($arg[0] !~ /^[A-Za-z0-9._-]+$/) {
+ &Error("That argument ($arg[0]) is not valid.\n");
+ }
+ }
+ $arg = $arg[0];
+} elsif ($type eq "aspath" || $type eq "communitylist") {
+ if ($arg[0] !~ /^\d+$/ || ($arg[0] < 1 && $arg[0] > 199)) {
+ &Error("That argument ($arg[0]) is not valid.\n");
+ }
+ $arg = $arg[0];
+} elsif ($type eq "acl") {
+ if ($arg[0] !~ /^\d+$/ || ($arg[0] < 100 && $arg[0] > 199) ||
+ ($arg[0] < 1300 && $arg[0] > 2699)) {
+ &Error("That argument ($arg[0]) is not valid.\n");
+ }
+ $arg = $arg[0];
+ # don't show the jewels
+ # XXX: this error msg is useless, but show acl is un-implemented.
+ &Error($mfg) if ($arg == 98 || $arg == 99);
+} elsif ($type eq "prefixlist" || $type eq "routemap") {
+ if ($arg[0] !~ /^[0-9A-Za-z][^\s\"]*$/) {
+ &Error("That argument ($arg[0]) is not valid.\n");
+ }
+ $arg = $arg[0];
+} elsif ($type eq "regex") {
+ # bgp as-path regex
+ $arg = $arg[0];
+ if ($#arg >= 1) {
+ for ($n = 1; $n <= $#arg; $n++) { $arg .= " " . $arg[$n]; }
+ }
+ # remove leading/trailing whitespace
+ $arg =~ s/^\s*//; $arg =~ s/\s*$//;
+ if ($arg !~ /^[0-9_ ^.*+?[\])\(-]*\$?$/ || $arg =~ /^\s*$/) {
+ &Error("That argument ($arg[0]) is not valid.\n");
+ }
+ # pathetic excuses for lookups
+ if ($arg =~ /^[_.* ^]*(\*|1|701|1239|1280|1740|3561|5462|10303)+[_\$]*$/ ||
+ $arg =~ /^[_.* ^]*(1|701|1239|1280|1740|3561|5462|10303)+[_ .]*[\[*.]/) {
+ &Error("Get real. Such a query has potential to over-burden our " .
+ "router.\nLook that up on your own router.\n");
+ }
+ if ($mfg =~ /juniper/) {
+ $arg =~ s/_/ /g;
+ # pre-junos 4.4 does not allow anchors
+ if ($arg =~ /\^\$/) {
+ $arg =~ "()";
+ } else {
+ $arg =~ s/[\$^]/ /g;
+ }
+ $arg = "\"$arg\"";
+ }
+ # escape any ()s
+ $arg =~ s/([\(\)])/\\$1/g;
+} elsif ($type eq "neighbor") {
+ if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) {
+ if ($arg[0] !~ /([A-Za-z0-9-]*.)*[A-Za-z0-9-]*.(com|edu|net|org)/) {
+ &Error("That argument ($arg[0]) is not valid.\n");
+ }
+ }
+ $arg = $arg[0];
+ if (defined($arg[1]) && $arg[1] =~ /^(a|ro|f|re)/) {
+ if ($mfg =~ /juniper/) {
+ if ($arg[1] =~ /^a/) {
+ if (defined($LG_BGP_RT)) {
+ $cmd = "show route table inet.0 all advertising-protocol ".
+ "bgp";
+ }
+ } elsif ($arg[1] =~ /^f/) {
+ if (defined($LG_BGP_RT)) {
+ $cmd = "show route damping table inet.0 all ".
+ "receive-protocol bgp";
+ }
+ } elsif ($arg[1] =~ /^r/) {
+ if (defined($LG_BGP_RT)) {
+ $cmd = "show route table inet.0 all receive-protocol bgp";
+ }
+ }
+ } else {
+ if ($arg[1] =~ /^a/) {
+ if (defined($LG_BGP_RT)) { $arg .= " advertised-routes"; }
+ } elsif ($arg[1] =~ /^f/) {
+ $arg .= " flap-statistics";
+ } elsif ($arg[1] =~ /^ro/) {
+ if (defined($LG_BGP_RT)) { $arg .= " routes"; }
+ } elsif ($arg[1] =~ /^re/) {
+ if (defined($LG_BGP_RT)) { $arg .= " received-routes"; }
+ }
+ }
+ }
+} elsif ($type eq "mneighbor") {
+ if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) {
+ if ($arg[0] !~ /([A-Za-z0-9-]*.)*[A-Za-z0-9-]*.(com|edu|net|org)/) {
+ &Error("That argument ($arg[0]) is not valid.\n");
+ }
+ }
+ $arg = $arg[0];
+ if (defined($arg[1]) && $arg[1] =~ /^(a|ro|f|re)/) {
+ if ($mfg =~ /juniper/) {
+ if ($arg[1] =~ /^a/) {
+ $cmd .= " advertised-routes";
+ } elsif ($arg[1] =~ /^f/) {
+ $cmd .= " flap-statistics";
+ } elsif ($arg[1] =~ /^ro/) {
+ $cmd .= " routes";
+ } elsif ($arg[1] =~ /^re/) {
+ $cmd .= " received-routes";
+ }
+ } else {
+ if ($arg[1] =~ /^a/) {
+ $arg .= " advertised-routes";
+ } elsif ($arg[1] =~ /^f/) {
+ $arg .= " flap-statistics";
+ } elsif ($arg[1] =~ /^ro/) {
+ $arg .= " routes";
+ } elsif ($arg[1] =~ /^re/) {
+ $arg .= " received-routes";
+ }
+ }
+ }
+} elsif ($type eq "damp" || $type eq "summary" || $type eq "mbgpsum") {
+ undef($arg);
+}
+
+# make stdout unbuffered, so result page streams.
+$| = 1;
+start_page();
+
+# cache the following
+if ($type eq "summary" || $type eq "mbgpsu" || $type eq "damp"
+ || $type eq "log") {
+ if (!$arg) {
+ # cache requests with no addr/argument
+ local(*CACHE);
+
+ my($file) = "$cache_dir/$type" ;
+ $file =~ s/\s+/_/g;
+ $file .= "_$router";
+
+ if (-e $file) {
+ # see if cache exists
+ @stat = stat($file);
+ $ftime = $stat[9];
+ $dtime = time() - $stat[9];
+
+ # see if we are within cache time
+ if ($dtime <= $max_time_diff) {
+ if (open(CACHE, "<$file") == 0) {
+ dolog(LOG_ERR, "couldnt open cache file $file: $!\n");
+ } else {
+ print "From cache (number of seconds old (max " .
+ "$max_time_diff)): $dtime\n\n";
+ while () { print $_; }
+ close(CACHE);
+ &end_page();
+ }
+ }
+ }
+
+ # else, execute command and save to a new cache file
+ if (! &DoRsh($router, $mfg, $cmd, $arg)) {
+ if (open(CACHE, ">$file") == 0) {
+ dolog(LOG_ERR, "couldnt create cache file $file: $!\n");
+ exit(1);
+ } else {
+ printf(CACHE "@results");
+ close(CACHE);
+ }
+ }
+ } else {
+ &DoRsh($router, $mfg, $cmd, $arg);
+ }
+ &end_page();
+} else {
+ &DoRsh($router, $mfg, $cmd, $arg);
+ &end_page();
+}
+
+exit(0);
diff --git a/bin/lgform.cgi.in b/bin/lgform.cgi.in
new file mode 100644
index 0000000..461ae68
--- /dev/null
+++ b/bin/lgform.cgi.in
@@ -0,0 +1,259 @@
+#! @PERLV_PATH@
+##
+## $Id: lgform.cgi.in,v 1.25 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# The original original lookingglass s/w was written by Ed Kern. It was
+# a single script that used to be available at http://nitrous.digex.net/.
+# Provided by permission and modified beyond recognition.
+#
+# lgform.cgi - Looking glass front-end
+# produces html form for calling lg.cgi
+
+use CGI qw/:standard/;
+
+my(@rtrlist, %rtrlabels);
+my($BASEDIR) = "@prefix@";
+my($SYSCONFDIR) = "@sysconfdir@";
+
+# note: the following functions are duplicated between lgform.cgi and lg.cgi
+# to avoid the need for module inclusion headaches from within a httpd context.
+# it is just easier to be self-contained.
+# SO, ANY CHANGES HERE SHOULD BE REFLECTED IN THE OTHER .cgi.
+
+# logging
+sub dolog
+{
+ my($level, $msg) = @_;
+
+ if (defined($LG_LOG) && $LG_LOG !~ /\//) {
+ openlog($me, "pid", $LG_LOG);
+ syslog($level, "%s", $msg);
+ closelog;
+ } else {
+ local(*LOG);
+ my($file);
+ if (defined($LG_LOG)) {
+ $file = $LG_LOG;
+ } else {
+ $file = "$cache_dir/lg.log";
+ }
+ # log date, hostname, query, addr
+ if (open(LOG, ">>$file") == 0) {
+ # stderr, if all else fails
+ printf(STDERR "[" . strftime("%a %b %e %H:%M:%S %Y", gmtime) .
+ "] could not open log file $file: $!\n");
+ printf(STDERR $msg);
+ } else {
+ printf(LOG $msg);
+ close(LOG);
+ }
+ }
+ return;
+}
+
+# read LG configuration file
+sub readconf
+{
+ my($conffile, $cmds);
+ local(*CONF);
+ if (defined($ENV{LG_CONF})) {
+ $conffile = $ENV{LG_CONF};
+ } elsif (-e "lg.conf") {
+ $conffile = "lg.conf";
+ } else {
+ $conffile = "$SYSCONFDIR/lg.conf";
+ }
+
+ if (! -f $conffile) {
+ return;
+ }
+
+ if (open(CONF, "< $conffile")) {
+ while () {
+ next if (/^\s*(#|$)/);
+ $cmds .= $_;
+ }
+ close(CONF);
+ eval $cmds;
+ } else {
+ printf(STDERR "ERROR: couldn\'t open the configuration file: " .
+ "$conffile: $!\n");
+ exit(1);
+ }
+
+ return;
+}
+
+# read router.db file
+sub readrouters
+{
+ my($rtrdb);
+ local(*RTR);
+
+ if (defined($LG_ROUTERDB)) {
+ $rtrdb = $LG_ROUTERDB;
+ } else {
+ $rtrdb = "$SYSCONFDIR/router.db";
+ }
+
+ if (! -f $rtrdb) {
+ my(@dirs, $dir);
+ # if the router.db file does not exist, try to compile the list from
+ # the rancid group router.db files.
+ local(*DIR);
+ if (! opendir(DIR, $BASEDIR)) {
+ dolog(LOG_ERR, "ERROR: couldn\'t read $BASEDIR: $!\n");
+ } else {
+ while ($dir = readdir(DIR)) {
+ next if ($dir =~ /^(\.|\.\.|CVS|bin|etc|logs|util)$/);
+ push(@dirs, $dir) if (-d "$BASEDIR/$dir");
+ }
+ closedir(DIR);
+
+ foreach $dir (@dirs) {
+ if (! opendir(DIR, "$BASEDIR/$dir")) {
+ dolog(LOG_ERR, "ERROR: couldn\'t read $BASEDIR/$dir: $!\n");
+ next;
+ }
+ closedir(DIR);
+ next if (! -f "$BASEDIR/$dir/router.db");
+ if (open(RTR, "< $BASEDIR/$dir/router.db")) {
+ while () {
+ next if (/^\s*(#|$)/);
+ # fqdn:mfg:state
+ @record = split('\:', $_);
+ next if ($record[2] !~ /up/i || $record[1] !~ /(cisco|foundry|juniper)/);
+ push(@rtrlist, join(':', ($record[0], $record[1])));
+ $rtrlabels{join(':', ($record[0], $record[1]))} = $record[0];
+ }
+ close(RTR);
+ } else {
+ dolog(LOG_ERR, "ERROR: couldn\'t open the router.db " .
+ "file: $BASEDIR/$dir/router.db: $!\n");
+ }
+ }
+ }
+ } else {
+ if (open(RTR, "< $rtrdb")) {
+ while () {
+ next if (/^\s*(#|$)/);
+ # fqdn:mfg:state
+ @record = split('\:', $_);
+ next if ($record[2] !~ /up/i || $record[1] !~ /(cisco|foundry|juniper)/);
+ push(@rtrlist, join(':', ($record[0], $record[1])));
+ $rtrlabels{join(':', ($record[0], $record[1]))} = $record[0];
+ }
+ close(RTR);
+ } else {
+ dolog(LOG_ERR, "ERROR: couldn\'t open the router.db file: " .
+ "$rtrdb: $!\n");
+ exit(1);
+ }
+ }
+
+ return;
+}
+
+# Main()
+# read the configuration file if it exists.
+readconf();
+
+$query = new CGI;
+
+print $query->header;
+if ($LG_STYLE) {
+ print $query->start_html(-title =>"LookingGlass form",
+ -style => {'src' => $LG_STYLE});
+} else {
+ print $query->start_html(-title =>"LookingGlass form");
+}
+
+# add the company image, LG_IMAGE
+print $LG_IMAGE;
+
+print <
+Looking Glass
+
+
+HEAD
+
+# start table, etc here
+print $query->startform( -action => 'lg.cgi', -method => 'POST');
+print <
+
+
+DOTABLE
+
+# available query types here
+print <
+ Query:
+ Router:
+
+
+TABLEHEAD
+
+foreach $sub_type (sort keys(%$queries)) {
+ next if (! scalar(%{$queries->{$sub_type}}));
+ print $query->radio_group (-name => 'query',
+ -values => $queries->{$sub_type},
+ -default => '-', -linebreak => 'true');
+ print "\n" . $query->hr . "\n";
+}
+
+print <Argument(s):
+
+
+QTYPES
+
+# read routers table and create the scrolling list
+readrouters();
+print $query->scrolling_list(-name => 'router',
+ -values => \@rtrlist,
+ -size => 20,
+ -labels => \%rtrlabels);
+
+# end
+print <
+
+
+
+TABLEEND
+
+print $query->submit(-name => 'submit', -value =>'Submit');
+print $query->reset;
+print $query->endform;
+
+print <
+
+Looking Glass notes
+
+$LG_INFO
+TAIL
+
+print $query->end_html;
+
+exit(0);
diff --git a/bin/mrancid.in b/bin/mrancid.in
old mode 100755
new mode 100644
index 8054917..8d52c27
--- a/bin/mrancid.in
+++ b/bin/mrancid.in
@@ -1,29 +1,33 @@
-#!@PERLV_PATH@
+#! @PERLV_PATH@
##
-## Amazingly hacked version of Hank's rancid - this one tries to
-## deal with MRTd.
+## $Id: mrancid.in,v 1.11 2004/01/11 03:49:13 heas Exp $
##
-## Copyright (C) 1997-2001 by Henry Kilmer.
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
## All rights reserved.
##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
##
## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
+## It is provided solely "as is". The author(s) disclaim(s) all
## responsibility and liability with respect to this software's usage
## or its effect upon hardware, computer systems, other software, or
## anything else.
##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
##
#
+# Amazingly hacked version of Hank's rancid - this one tries to
+# deal with MRTd.
+#
# RANCID - Really Awesome New Cisco confIg Differ
#
# usage: rancid [-d] [-l] [-f filename | $host]
#
use Getopt::Std;
-getopts('dflm');
+getopts('dfl');
$log = $opt_l;
$debug = $opt_d;
$file = $opt_f;
@@ -355,8 +359,12 @@ TOP: while() {
}
while (/#\s*($cmds_regexp)\s*$/) {
$cmd = $1;
- if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+)/)[0];
- $prompt .= "[#>]"; }
+ if (!defined($prompt)) {
+ $prompt = ($_ =~ /^([^#]+)/)[0];
+ $prompt =~ s/([][}{)(\\])/\\$1/g;
+ $prompt .= "[#>]";
+ print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
+ }
print STDERR ("HIT COMMAND:$_") if ($debug);
if (! defined($commands{$cmd})) {
print STDERR "$host: found unexpected command - \"$cmd\"\n";
diff --git a/bin/nlogin.in b/bin/nlogin.in
new file mode 100644
index 0000000..685c759
--- /dev/null
+++ b/bin/nlogin.in
@@ -0,0 +1,524 @@
+#! @EXPECT_PATH@ --
+##
+## $Id: nlogin.in,v 1.14 2004/01/11 05:39:15 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# The login expect scripts were based on Erik Sherk's gwtn, by permission.
+#
+# nlogin - netscreen login
+#
+# Most options are intuitive for logging into a netscreen firewall.
+#
+
+# Usage line
+set usage "Usage: $argv0 \[-c command\] \[-Evar=x\] \[-f cloginrc-file\]
+\[-s script-file\] \[-t timeout\] \[-u user\] \
+\[-p user-password\] \[-y ssh_cypher_type\] firewall \[firewall...\]\n"
+
+# env(CLOGIN) may contain:
+# x == do not set xterm banner or name
+
+# Password file
+set password_file $env(HOME)/.cloginrc
+# Default is to login to the firewall
+set do_command 0
+set do_script 0
+# The default is to automatically enable
+set enable 0
+# The default is that you login non-enabled (tacacs can have you login already
+# enabled)
+set avautoenable 1
+# The default is to look in the password file to find the passwords. This
+# tracks if we receive them on the command line.
+set do_passwd 1
+set do_enapasswd 1
+
+# Find the user in the ENV, or use the unix userid.
+if {[ info exists env(CISCO_USER) ] } {
+ set default_user $env(CISCO_USER)
+} elseif {[ info exists env(USER) ]} {
+ set default_user $env(USER)
+} elseif {[ info exists env(LOGNAME) ]} {
+ set default_user $env(LOGNAME)
+} else {
+ # This uses "id" which I think is portable. At least it has existed
+ # (without options) on all machines/OSes I've been on recently -
+ # unlike whoami or id -nu.
+ if [ catch {exec id} reason ] {
+ send_error "\nError: could not exec id: $reason\n"
+ exit 1
+ }
+ regexp {\(([^)]*)} "$reason" junk default_user
+}
+
+# Sometimes firewall take awhile to answer (the default is 10 sec)
+set timeout 45
+
+# Process the command line
+for {set i 0} {$i < $argc} {incr i} {
+ set arg [lindex $argv $i]
+
+ switch -glob -- $arg {
+ # Username
+ -u* -
+ -U* {
+ if {! [ regexp .\[uU\](.+) $arg ignore user]} {
+ incr i
+ set username [ lindex $argv $i ]
+ }
+ # VTY Password
+ } -p* -
+ -P* {
+ if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} {
+ incr i
+ set userpasswd [ lindex $argv $i ]
+ }
+ set do_passwd 0
+ # Environment variable to pass to -s scripts
+ } -E*
+ {
+ if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
+ set E$varname $varvalue
+ } else {
+ send_user "\nError: invalid format for -E in $arg\n"
+ exit 1
+ }
+ # Command to run.
+ } -c* -
+ -C* {
+ if {! [ regexp .\[cC\](.+) $arg ignore command]} {
+ incr i
+ set command [ lindex $argv $i ]
+ }
+ set do_command 1
+ # Expect script to run.
+ } -s* -
+ -S* {
+ if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
+ incr i
+ set sfile [ lindex $argv $i ]
+ }
+ if { ! [ file readable $sfile ] } {
+ send_user "\nError: Can't read $sfile\n"
+ exit 1
+ }
+ set do_script 1
+ # cypher type
+ } -y* -
+ -Y* {
+ if {! [ regexp .\[eE\](.+) $arg ignore cypher]} {
+ incr i
+ set cypher [ lindex $argv $i ]
+ }
+ # alternate cloginrc file
+ } -f* -
+ -F* {
+ if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
+ incr i
+ set password_file [ lindex $argv $i ]
+ }
+ } -t* -
+ -T* {
+ incr i
+ set timeout [ lindex $argv $i ]
+ } -x* -
+ -X {
+ if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
+ incr i
+ set cmd_file [ lindex $argv $i ]
+ }
+ if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
+ send_user "\nError: $reason\n"
+ exit 1
+ }
+ set cmd_text [read $cmd_fd]
+ close $cmd_fd
+ set command [join [split $cmd_text \n] \;]
+ set do_command 1
+ # Does tacacs automatically enable us?
+ } -autoenable {
+ # ignore autoenable
+ #set avautoenable 1
+ } -* {
+ send_user "\nError: Unknown argument! $arg\n"
+ send_user $usage
+ exit 1
+ } default {
+ break
+ }
+ }
+}
+# Process firewalls...no firewalls listed is an error.
+if { $i == $argc } {
+ send_user "\nError: $usage"
+}
+
+# Only be quiet if we are running a script (it can log its output
+# on its own)
+if { $do_script } {
+ log_user 0
+} else {
+ log_user 1
+}
+
+#
+# Done configuration/variable setting. Now run with it...
+#
+
+# Sets Xterm title if interactive...if its an xterm and the user cares
+proc label { host } {
+ global env
+ # if CLOGIN has an 'x' in it, don't set the xterm name/banner
+ if [info exists env(CLOGIN)] {
+ if {[string first "x" $env(CLOGIN)] != -1} { return }
+ }
+ # take host from ENV(TERM)
+ if [info exists env(TERM)] {
+ if [regexp \^(xterm|vs) $env(TERM) ignore ] {
+ send_user "\033]1;[lindex [split $host "."] 0]\a"
+ send_user "\033]2;$host\a"
+ }
+ }
+}
+
+# This is a helper function to make the password file easier to
+# maintain. Using this the password file has the form:
+# add password sl* pete cow
+# add password at* steve
+# add password * hanky-pie
+proc add {var args} { global int_$var ; lappend int_$var $args}
+proc include {args} {
+ global env
+ regsub -all "(^{|}$)" $args {} args
+ if { [ regexp "^/" $args ignore ] == 0 } {
+ set args $env(HOME)/$args
+ }
+ source_password_file $args
+}
+
+proc find {var firewall} {
+ upvar int_$var list
+ if { [info exists list] } {
+ foreach line $list {
+ if { [string match [lindex $line 0] $firewall ] } {
+ return [lrange $line 1 end]
+ }
+ }
+ }
+ return {}
+}
+
+# Loads the password file. Note that as this file is tcl, and that
+# it is sourced, the user better know what to put in there, as it
+# could install more than just password info... I will assume however,
+# that a "bad guy" could just as easy put such code in the clogin
+# script, so I will leave .cloginrc as just an extention of that script
+proc source_password_file { password_file } {
+ global env
+ if { ! [file exists $password_file] } {
+ send_user "\nError: password file ($password_file) does not exist\n"
+ exit 1
+ }
+ file stat $password_file fileinfo
+ if { [expr ($fileinfo(mode) & 007)] != 0000 } {
+ send_user "\nError: $password_file must not be world readable/writable\n"
+ exit 1
+ }
+ if [ catch {source $password_file} reason ] {
+ send_user "\nError: $reason\n"
+ exit 1
+ }
+}
+
+# Log into the firewall.
+proc login { firewall user userpswd passwd enapasswd prompt cmethod
+cyphertype } {
+ global spawn_id in_proc do_command do_script sshcmd
+ set in_proc 1
+ set uprompt_seen 0
+
+ # Telnet to the firewall & try to login.
+ set progs [llength $cmethod]
+ foreach prog [lrange $cmethod 0 end] {
+ if [string match "telnet*" $prog] {
+ regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
+ if {"$port" == ""} {
+ set retval [ catch {spawn telnet $firewall} reason ]
+ } else {
+ set retval [ catch {spawn telnet $firewall $port} reason ]
+ }
+ if { $retval } {
+ send_user "\nError: telnet failed: $reason\n"
+ exit 1
+ }
+ } elseif ![string compare $prog "ssh"] {
+ if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $firewall} reason ] {
+ send_user "\nError: $sshcmd failed: $reason\n"
+ exit 1
+ }
+ } elseif ![string compare $prog "rsh"] {
+ if [ catch {spawn rsh -l $user $firewall} reason ] {
+ send_user "\nError: rsh failed: $reason\n"
+ exit 1
+ }
+ } else {
+ puts "\nError: unknown connection method: $prog"
+ return 1
+ }
+ incr progs -1
+
+ sleep 0.3
+
+ # This helps cleanup each expect clause.
+ expect_after {
+ timeout {
+ send_user "\nError: TIMEOUT reached\n"
+ catch {close}; wait
+ if { $in_proc} {
+ return 1
+ } else {
+ continue
+ }
+ } eof {
+ send_user "\nError: EOF received\n"
+ catch {close}; wait
+ if { $in_proc} {
+ return 1
+ } else {
+ continue
+ }
+ }
+ }
+
+ # Here we get a little tricky. There are several possibilities:
+ # the firewall can ask for a username and passwd and then
+ # talk to the TACACS server to authenticate you, or if the
+ # TACACS server is not working, then it will use the enable
+ # passwd. Or, the firewall might not have TACACS turned on,
+ # then it will just send the passwd.
+ # if telnet fails with connection refused, try ssh
+ expect {
+ "Connection refused" {
+ send_user "\nError: Connection Refused\n"; wait; return 1
+ } eof { send_user "\nError: Couldn't login\n"; wait; return 1
+ } "Unknown host\r\n" {
+ expect eof
+ send_user "\nError: Unknown host\n"; wait; return 1
+ } "Host is unreachable" {
+ expect eof
+ send_user "\nError: Host Unreachable!\n"; wait; return 1
+ } "No address associated with name" {
+ expect eof
+ send_user "\nError: Unknown host\n"; wait; return 1
+ }
+ -re "Are you sure you want to continue connecting .*" {
+ send "yes\r"
+ send_user "Host $firewall added to the list of known hosts.\n"
+ exp_continue }
+ -re "Host key not found .* \(yes\/no\)\?" {
+ send "yes\r"
+ send_user "Host $firewall added to the list of known hosts.\n"
+ exp_continue }
+ -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" {
+ send "no\r"
+ send_user "\nError: The host key for $firewall has changed. Update the SSH known_hosts file accordingly.\n"
+ return 1 }
+ -re "Offending key for .* \(yes\/no\)\?" {
+ send "no\r"
+ send_user "\nError: host key mismatch for $firewall. Update the SSH known_hosts file accordingly.\n"
+ return 1 }
+ denied { send_user "\nError: Check your passwd for $firewall\n"
+ catch {close}; wait; return 1
+ }
+ " ### Login failed" {send_user "\nError: Check your passwd for $firewall\n"; return 1 }
+ -re "(login:)" {
+ sleep 1;
+ send "$user\r"
+ set uprompt_seen 1
+ exp_continue
+ }
+ "@\[^\r\n]+\[Pp]assword:" {
+ # ssh pwd prompt
+ sleep 1
+ send "$userpswd\r"
+ exp_continue
+ }
+ "\[Pp]assword:" {
+ sleep 1;
+ if {$uprompt_seen == 1} {
+ send "$userpswd\r"
+ } else {
+ send "$passwd\r"
+ }
+ exp_continue
+ }
+ "$prompt" { break; }
+ }
+ }
+ set in_proc 0
+ return 0
+}
+
+# Run commands given on the command line.
+proc run_commands { prompt command } {
+ global in_proc
+ set in_proc 1
+
+ send "set console page 0\r"
+ expect $prompt {}
+
+ # Is this a multi-command?
+ if [ string match "*\;*" "$command" ] {
+ set commands [split $command \;]
+ set num_commands [llength $commands]
+
+ for {set i 0} {$i < $num_commands} { incr i} {
+ send "[subst [lindex $commands $i]]\r"
+ expect {
+ -re "$prompt" {}
+ }
+ }
+ } else {
+ send "[subst $command]\r"
+ expect {
+ -re "$prompt" {}
+ }
+ }
+ send "exit\r"
+ expect {
+ "\n" { exp_continue }
+ -re "$prompt" {
+ send "exit\r"
+ exp_continue }
+ -re "Configuration modified, save?" {
+ send "n\r"
+ exp_continue }
+ timeout { return 0 }
+ eof { return 0 }
+ }
+ set in_proc 0
+}
+
+#
+# For each firewall... (this is main loop)
+#
+source_password_file $password_file
+set in_proc 0
+foreach firewall [lrange $argv $i end] {
+ set firewall [string tolower $firewall]
+ send_user "$firewall\n"
+
+ set prompt ">"
+
+ # Figure out passwords
+ if { $do_passwd || $do_enapasswd } {
+ set pswd [find password $firewall]
+ if { [llength $pswd] == 0 } {
+ send_user "\nError: no password for $firewall in $password_file.\n"
+ continue
+ }
+ set passwd [join [lindex $pswd 0]""]
+ set enapasswd [join [lindex $pswd 1] ""]
+ }
+
+ # Figure out username
+ if {[info exists username]} {
+ # command line username
+ set ruser $username
+ } else {
+ set ruser [join [find user $firewall] ""]
+ if { "$ruser" == "" } { set ruser $default_user }
+ }
+
+ # Figure out username's password (if different from the vty password)
+ if {[info exists userpasswd]} {
+ # command line username
+ set userpswd $userpasswd
+ } else {
+ set userpswd [join [find userpassword $firewall] ""]
+ if { "$userpswd" == "" } { set userpswd $passwd }
+ }
+
+ # Figure out enable username
+ if {[info exists enausername]} {
+ # command line enausername
+ set enauser $enausername
+ } else {
+ set enauser [join [find enauser $firewall] ""]
+ if { "$enauser" == "" } { set enauser $ruser }
+ }
+
+ # Figure out cypher type
+ if {[info exists cypher]} {
+ # command line cypher type
+ set cyphertype $cypher
+ } else {
+ set cyphertype [find cyphertype $firewall]
+ if { "$cyphertype" == "" } { set cyphertype "3des" }
+ }
+
+ # Figure out connection method
+ set cmethod [find method $firewall]
+ if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }
+
+ # Figure out the SSH executable name
+ set sshcmd [find sshcmd $router]
+ if { "$sshcmd" == "" } { set sshcmd {ssh} }
+
+ # Login to the firewall
+ if {[login $firewall $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} {
+ continue
+ }
+ if { $enable } {
+ if {[do_enable $enauser $enapasswd]} {
+ if { $do_command || $do_script } {
+ close; wait
+ continue
+ }
+ }
+ }
+ # we are logged in, now figure out the full prompt
+ send "\r"
+ expect {
+ -re "\[\r\n]+" { exp_continue; }
+ -re "^.+$prompt" { set junk $expect_out(0,string);
+ regsub -all "\[\]\(\)\[]" $junk {\\&} prompt;
+ }
+ }
+
+ if { $do_command } {
+ if {[run_commands $prompt $command]} {
+ continue
+ }
+ } elseif { $do_script } {
+ send "set console page 0\r"
+ expect $prompt {}
+ source $sfile
+ close
+ } else {
+ label $firewall
+ log_user 1
+ interact
+ }
+
+ # End of for each firewall
+ wait
+ sleep 0.3
+}
+exit 0
diff --git a/bin/nrancid.in b/bin/nrancid.in
new file mode 100644
index 0000000..9b965a2
--- /dev/null
+++ b/bin/nrancid.in
@@ -0,0 +1,302 @@
+#! @PERLV_PATH@
+##
+## $Id: nrancid.in,v 1.13 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# Amazingly hacked version of Hank's rancid - this one tries to
+# deal with Netscreen firewalls
+#
+# Original Netscreen hacks implemented by Stephen Gill [gillsr@yahoo.com]
+#
+# RANCID - Really Awesome New Cisco confIg Differ
+#
+# usage: rancid [-d] [-l] [-f filename | $host]
+#
+use Getopt::Std;
+getopts('dfl');
+$log = $opt_l;
+$debug = $opt_d;
+$file = $opt_f;
+$host = $ARGV[0];
+$found_end = 0;
+$timeo = 90; # nlogin timeout in seconds
+
+my(%filter_pwds); # password filtering mode
+
+# This routine is used to print out the firewall configuration
+sub ProcessHistory {
+ my($new_hist_tag,$new_command,$command_string,@string)=(@_);
+ if((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
+ && defined %history) {
+ print eval "$command \%history";
+ undef %history;
+ }
+ if (($new_hist_tag) && ($new_command) && ($command_string)) {
+ if ($history{$command_string}) {
+ $history{$command_string} = "$history{$command_string}@string";
+ } else {
+ $history{$command_string} = "@string";
+ }
+ } elsif (($new_hist_tag) && ($new_command)) {
+ $history{++$#history} = "@string";
+ } else {
+ print "@string";
+ }
+ $hist_tag = $new_hist_tag;
+ $command = $new_command;
+ 1;
+}
+
+sub numerically { $a <=> $b; }
+
+# This is a sort routing that will sort numerically on the
+# keys of a hash as if it were a normal array.
+sub keynsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort numerically keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# keys of a hash as if it were a normal array.
+sub keysort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# values of a hash as if it were a normal array.
+sub valsort{
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort values %lines) {
+ $sorted_lines[$i] = $key;
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a numerical sort routing (ascending).
+sub numsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $num (sort {$a <=> $b} keys %lines) {
+ $sorted_lines[$i] = $lines{$num};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routine that will sort on the
+# ip address when the ip address is anywhere in
+# the strings.
+sub ipsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $addr (sort sortbyipaddr keys %lines) {
+ $sorted_lines[$i] = $lines{$addr};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# These two routines will sort based upon IP addresses
+sub ipaddrval {
+ my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
+ $a[3]+256*($a[2]+256*($a[1]+256*$a[0]));
+}
+sub sortbyipaddr {
+ &ipaddrval($a) <=> &ipaddrval($b);
+}
+
+# This routine parses "get system"
+sub GetSystem {
+ print STDERR " In GetSystem: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ next if /^\s*$/;
+ last if(/$prompt/);
+
+ /^Serial Number: (\d+), Control Number: \d+$/ &&
+ ProcessHistory("SYSTEM","","", "!SN: $1\n") && next;
+ /^Product Name: (\S+)$/ &&
+ ProcessHistory("SYSTEM","","", "!Product: $1\n") && next;
+ /^Hardware Version: (\S+), / &&
+ ProcessHistory("SYSTEM","","", "!HW: $1\n") && next;
+ /^Software Version: (\S+), Type: (\S+)$/ &&
+ ProcessHistory("SYSTEM","","", "!Netscreen Type: $2\n!Software Version: $1\n") && next;
+ /^Image: (\S+), / &&
+ ProcessHistory("SYSTEM","","", "!Image: $1\n") && next;
+ /^Feature: (\S+)$/ &&
+ ProcessHistory("SYSTEM","","", "!Feature: $1\n") && next;
+ /^File Name: (\S+), Checksum: (\S+)$/ &&
+ ProcessHistory("SYSTEM","","", "!File Name: $1, Checksum: $2\n") && next;
+
+ }
+ ProcessHistory("SYSTEM","","","!\n");
+ return(0);
+}
+
+sub GetFile {
+ print STDERR " In GetFile: $_" if ($debug);
+ while () {
+ last if(/$prompt/);
+ }
+ ProcessHistory("FILE","","","!\n");
+ return(0);
+}
+
+sub GetConf {
+ print STDERR " In GetConf: $_" if ($debug);
+ while () {
+ tr/\015//d;
+ next if /^\s*$/;
+ last if(/$prompt/);
+
+ if (/^set admin name "(\S+)"$/ && $filter_pwds >= 1) {
+ ProcessHistory("ADMIN","","","!set admin name \n");
+ next;
+ }
+ if (/^set admin password (\S+)$/ && $filter_pwds >= 1) {
+ ProcessHistory("ADMIN","","","!set admin password \n");
+ next;
+ }
+ if (/^set admin user (\S+) password (\S+) privilege (\S+)$/ &&
+ $filter_pwds >= 1) {
+ ProcessHistory("ADMIN","","",
+ "!set admin user $1 password privilege $3\n");
+ next;
+ ProcessHistory("","","","$_");
+ }
+ $found_end=1;
+ return(1);
+}
+
+# dummy function
+sub DoNothing {print STDOUT;}
+
+# Main
+%commands=(
+ 'get system' => "GetSystem",
+ 'get conf' => "GetConf"
+);
+# keys() doesnt return things in the order entered and the order of the
+# cmds is important. pita
+@commands=(
+ "get system",
+ "get conf"
+);
+$cisco_cmds=join(";",@commands);
+$cmds_regexp=join("|",@commands);
+
+open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
+select(OUTPUT);
+# make OUTPUT unbuffered if debugging
+if ($debug) { $| = 1; }
+
+if ($file) {
+ print STDERR "opening file $host\n" if ($debug);
+ print STDOUT "opening file $host\n" if ($log);
+ open(INPUT,"<$host") || die "open failed for $host: $!\n";
+} else {
+ print STDERR "executing nlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
+ print STDOUT "executing nlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
+ if (defined($ENV{NOPIPE})) {
+ system "nlogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "nlogin failed for $host: $!\n";
+ open(INPUT, "< $host.raw") || die "nlogin failed for $host: $!\n";
+ } else {
+ open(INPUT,"nlogin -t $timeo -c \"$cisco_cmds\" $host ) {
+ tr/\015//d;
+ if (/^Error:/) {
+ print STDOUT ("$host nlogin error: $_");
+ print STDERR ("$host nlogin error: $_") if ($debug);
+ last;
+ }
+ while (/>\s*($cmds_regexp)\s*$/) {
+ $cmd = $1;
+ if (!defined($prompt)) {
+ $prompt = "\-\>\s*";
+ print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
+ }
+ print STDERR ("HIT COMMAND:$_") if ($debug);
+ if (!defined($commands{$cmd})) {
+ print STDERR "$host: found unexpected command - \"$cmd\"\n";
+ last TOP;
+ }
+ $rval = &{$commands{$cmd}};
+ delete($commands{$cmd});
+ if ($rval == -1) {
+ last TOP;
+ }
+ }
+}
+print STDOUT "Done $logincmd: $_\n" if ($log);
+# Flush History
+ProcessHistory("","","","");
+# Cleanup
+close(INPUT);
+close(OUTPUT);
+
+if (defined($ENV{NOPIPE})) {
+ unlink("$host.raw") if (! $debug);
+}
+
+# check for completeness
+if (scalar(%commands) || !$found_end) {
+ if (scalar(%commands)) {
+ printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
+ printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug);
+ }
+ if (!$found_end) {
+ print STDOUT "$found_end: found end\n";
+ print STDOUT "$host: End of run not found\n";
+ print STDERR "$host: End of run not found\n" if ($debug);
+ system("/usr/bin/tail -1 $host.new");
+ }
+ unlink "$host.new" if (! $debug);
+}
diff --git a/bin/nslogin.in b/bin/nslogin.in
new file mode 100644
index 0000000..385f530
--- /dev/null
+++ b/bin/nslogin.in
@@ -0,0 +1,642 @@
+#! @EXPECT_PATH@ --
+##
+## $Id: nslogin.in,v 1.10 2004/01/11 05:39:15 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# The login expect scripts were based on Erik Sherk's gwtn, by permission.
+#
+# nslogin - Netscaler login
+#
+# Hacks from Anshuman Kanwar.
+#
+# Most options are intuitive for logging into a Cisco router.
+# The default is to enable (thus -noenable). Some folks have
+# setup tacacs to have a user login at priv-lvl = 15 (enabled)
+# so the -autoenable flag was added for this case (don't go through
+# the process of enabling and the prompt will be the "#" prompt.
+# The default username password is the same as the vty password.
+#
+
+# Usage line
+set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \
+\[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \
+\[-s script-file\] \[-t timeout\] \[-u username\] \
+\[-v vty-password\] \[-w enable-username\] \[-x command-file\] \
+\[-y ssh_cypher_type\] router \[router...\]\n"
+
+# env(CLOGIN) may contain:
+# x == do not set xterm banner or name
+
+# Password file
+set password_file $env(HOME)/.cloginrc
+# Default is to login to the router
+set do_command 1
+set do_script 0
+# The default is to automatically enable
+set enable 0
+# The default is that you login non-enabled (tacacs can have you login already
+# enabled)
+set avautoenable 0
+# The default is to look in the password file to find the passwords. This
+# tracks if we receive them on the command line.
+set do_passwd 1
+set do_enapasswd 1
+# attempt at platform switching.
+set platform ""
+
+# Find the user in the ENV, or use the unix userid.
+if {[ info exists env(CISCO_USER) ] } {
+ set default_user $env(CISCO_USER)
+} elseif {[ info exists env(USER) ]} {
+ set default_user $env(USER)
+} elseif {[ info exists env(LOGNAME) ]} {
+ set default_user $env(LOGNAME)
+} else {
+ # This uses "id" which I think is portable. At least it has existed
+ # (without options) on all machines/OSes I've been on recently -
+ # unlike whoami or id -nu.
+ if [ catch {exec id} reason ] {
+ send_error "\nError: could not exec id: $reason\n"
+ exit 1
+ }
+ regexp {\(([^)]*)} "$reason" junk default_user
+}
+
+# Sometimes routers take awhile to answer (the default is 10 sec)
+set timeout 45
+
+# Process the command line
+for {set i 0} {$i < $argc} {incr i} {
+ set arg [lindex $argv $i]
+
+ switch -glob -- $arg {
+ # Username
+ -u* -
+ -U* {
+ if {! [ regexp .\[uU\](.+) $arg ignore user]} {
+ incr i
+ set username [ lindex $argv $i ]
+ }
+ # VTY Password
+ } -p* -
+ -P* {
+ if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} {
+ incr i
+ set userpasswd [ lindex $argv $i ]
+ }
+ set do_passwd 0
+ # VTY Password
+ } -v* -
+ -v* {
+ if {! [ regexp .\[vV\](.+) $arg ignore passwd]} {
+ incr i
+ set passwd [ lindex $argv $i ]
+ }
+ set do_passwd 0
+ # Enable Username
+ } -w* -
+ -W* {
+ if {! [ regexp .\[wW\](.+) $arg ignore enauser]} {
+ incr i
+ set enausername [ lindex $argv $i ]
+ }
+ # Environment variable to pass to -s scripts
+ } -E*
+ {
+ if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
+ set E$varname $varvalue
+ } else {
+ send_user "\nError: invalid format for -E in $arg\n"
+ exit 1
+ }
+ # Enable Password
+ } -e*
+ {
+ if {! [ regexp .\[e\](.+) $arg ignore enapasswd]} {
+ incr i
+ set enapasswd [ lindex $argv $i ]
+ }
+ set do_enapasswd 0
+ # Command to run.
+ } -c* -
+ -C* {
+ if {! [ regexp .\[cC\](.+) $arg ignore command]} {
+ incr i
+ set command [ lindex $argv $i ]
+ }
+ set do_command 1
+ # Expect script to run.
+ } -s* -
+ -S* {
+ if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
+ incr i
+ set sfile [ lindex $argv $i ]
+ }
+ if { ! [ file readable $sfile ] } {
+ send_user "\nError: Can't read $sfile\n"
+ exit 1
+ }
+ set do_script 1
+ # 'ssh -c' cypher type
+ } -y* -
+ -Y* {
+ if {! [ regexp .\[eE\](.+) $arg ignore cypher]} {
+ incr i
+ set cypher [ lindex $argv $i ]
+ }
+ # alternate cloginrc file
+ } -f* -
+ -F* {
+ if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
+ incr i
+ set password_file [ lindex $argv $i ]
+ }
+ # Timeout
+ } -t* -
+ -T* {
+ if {! [ regexp .\[tT\](.+) $arg ignore timeout]} {
+ incr i
+ set timeout [ lindex $argv $i ]
+ }
+ # Command file
+ } -x* -
+ -X {
+ if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
+ incr i
+ set cmd_file [ lindex $argv $i ]
+ }
+ if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
+ send_user "\nError: $reason\n"
+ exit 1
+ }
+ set cmd_text [read $cmd_fd]
+ close $cmd_fd
+ set command [join [split $cmd_text \n] \;]
+ set do_command 1
+ # Do we enable?
+ } -noenable {
+ set enable 0
+ # Does tacacs automatically enable us?
+ } -autoenable {
+ set avautoenable 1
+ set enable 0
+ } -* {
+ send_user "\nError: Unknown argument! $arg\n"
+ send_user $usage
+ exit 1
+ } default {
+ break
+ }
+ }
+}
+# Process routers...no routers listed is an error.
+if { $i == $argc } {
+ send_user "\nError: $usage"
+}
+
+# Only be quiet if we are running a script (it can log its output
+# on its own)
+if { $do_script } {
+ log_user 0
+} else {
+ log_user 1
+}
+
+#
+# Done configuration/variable setting. Now run with it...
+#
+
+# Sets Xterm title if interactive...if its an xterm and the user cares
+proc label { host } {
+ global env
+ # if CLOGIN has an 'x' in it, don't set the xterm name/banner
+ if [info exists env(CLOGIN)] {
+ if {[string first "x" $env(CLOGIN)] != -1} { return }
+ }
+ # take host from ENV(TERM)
+ if [info exists env(TERM)] {
+ if [regexp \^(xterm|vs) $env(TERM) ignore ] {
+ send_user "\033]1;[lindex [split $host "."] 0]\a"
+ send_user "\033]2;$host\a"
+ }
+ }
+}
+
+# This is a helper function to make the password file easier to
+# maintain. Using this the password file has the form:
+# add password sl* pete cow
+# add password at* steve
+# add password * hanky-pie
+proc add {var args} { global int_$var ; lappend int_$var $args}
+proc include {args} {
+ global env
+ regsub -all "(^{|}$)" $args {} args
+ if { [ regexp "^/" $args ignore ] == 0 } {
+ set args $env(HOME)/$args
+ }
+ source_password_file $args
+}
+
+proc find {var router} {
+ upvar int_$var list
+ if { [info exists list] } {
+ foreach line $list {
+ if { [string match [lindex $line 0] $router ] } {
+ return [lrange $line 1 end]
+ }
+ }
+ }
+ return {}
+}
+
+# Loads the password file. Note that as this file is tcl, and that
+# it is sourced, the user better know what to put in there, as it
+# could install more than just password info... I will assume however,
+# that a "bad guy" could just as easy put such code in the clogin
+# script, so I will leave .cloginrc as just an extention of that script
+proc source_password_file { password_file } {
+ global env
+ if { ! [file exists $password_file] } {
+ send_user "\nError: password file ($password_file) does not exist\n"
+ exit 1
+ }
+ file stat $password_file fileinfo
+ if { [expr ($fileinfo(mode) & 007)] != 0000 } {
+ send_user "\nError: $password_file must not be world readable/writable\n"
+ exit 1
+ }
+ if [ catch {source $password_file} reason ] {
+ send_user "\nError: $reason\n"
+ exit 1
+ }
+}
+
+# Log into the router.
+proc login { router user userpswd passwd enapasswd cmethod cyphertype } {
+ global spawn_id in_proc do_command do_script platform
+ global prompt u_prompt p_prompt e_prompt sshcmd
+ set in_proc 1
+ set uprompt_seen 0
+
+ # try each of the connection methods in $cmethod until one is successful
+ set progs [llength $cmethod]
+ foreach prog [lrange $cmethod 0 end] {
+ if ![string compare $prog "ssh"] {
+ if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] {
+ send_user "\nError: $sshcmd failed: $reason\n"
+ exit 1
+ }
+ } else {
+ puts "\nError: unknown connection method: $prog"
+ return 1
+ }
+ incr progs -1
+ sleep 0.3
+
+ # This helps cleanup each expect clause.
+ expect_after {
+ timeout {
+ send_user "\nError: TIMEOUT reached\n"
+ catch {close}; wait
+ if { $in_proc} {
+ return 1
+ } else {
+ continue
+ }
+ } eof {
+ send_user "\nError: EOF received\n"
+ catch {close}; wait
+ if { $in_proc} {
+ return 1
+ } else {
+ continue
+ }
+ }
+ }
+
+ # Here we get a little tricky. There are several possibilities:
+ # the router can ask for a username and passwd and then
+ # talk to the TACACS server to authenticate you, or if the
+ # TACACS server is not working, then it will use the enable
+ # passwd. Or, the router might not have TACACS turned on,
+ # then it will just send the passwd.
+ # if telnet fails with connection refused, try ssh
+ expect {
+ -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" {
+ catch {close}; wait
+ if !$progs {
+ send_user "\nError: Connection Refused ($prog)\n"; return 1
+ }
+ }
+ eof { send_user "\nError: Couldn't login\n"; wait; return 1 }
+ -nocase "unknown host\r" {
+ catch {close};
+ send_user "\nError: Unknown host\n"; wait; return 1
+ }
+ "Host is unreachable" {
+ catch {close};
+ send_user "\nError: Host Unreachable!\n"; wait; return 1
+ }
+ "No address associated with name" {
+ catch {close};
+ send_user "\nError: Unknown host\n"; wait; return 1
+ }
+ -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" {
+ send "yes\r"
+ send_user "\nHost $router added to the list of known hosts.\n"
+ exp_continue }
+ -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" {
+ send "no\r"
+ send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n"
+ return 1 }
+ -re "Offending key for .* \(yes\/no\)\?" {
+ send "no\r"
+ send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n"
+ return 1 }
+ -re "(denied|Sorry)" {
+ send_user "\nError: Check your passwd for $router\n"
+ catch {close}; wait; return 1
+ }
+ "Login failed" {
+ send_user "\nError: Check your passwd for $router\n"
+ return 1
+ }
+ -re "% (Bad passwords|Authentication failed)" {
+ send_user "\nError: Check your passwd for $router\n"
+ return 1
+ }
+ -re "@\[^\r\n]+ $p_prompt" {
+ # ssh pwd prompt
+ sleep 1
+ send "$userpswd\r"
+ exp_continue
+ }
+
+ "$prompt" { break; }
+ "Login invalid" {
+ send_user "\nError: Invalid login\n";
+ catch {close}; wait; return 1
+ }
+ }
+ }
+
+ set in_proc 0
+ return 0
+}
+
+
+# Run commands given on the command line.
+
+proc run_commands { prompt command } {
+ global in_proc platform
+ set in_proc 1
+
+ regsub -all "\[)(]" $prompt {\\&} reprompt
+ # this is the only way i see to get rid of more prompts in o/p..grrrrr
+ log_user 0
+ # Is this a multi-command?
+ if [ string match "*\;*" "$command" ] {
+ set commands [split $command \;]
+ set num_commands [llength $commands]
+ # the pager can not be turned off on the PIX, so we have to look
+ # for the "More" prompt. the extreme is equally obnoxious, with a
+ # global switch in the config.
+ for {set i 0} {$i < $num_commands} { incr i} {
+ send "[subst -nocommands [lindex $commands $i]]\r"
+ expect {
+ -re "\b+" { exp_continue }
+ -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)"
+ }
+ -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)"
+ exp_continue }
+ -re "\[\n\r]+" { send_user -- "$expect_out(buffer)"
+ exp_continue }
+ -re "\[^\r\n]*Press to cont\[^\r\n]*" {
+ send " "
+ # bloody ^[[2K after " "
+ expect {
+ -re "^\[^\r\n]*\r" {}
+ }
+ exp_continue
+ }
+ -re "^ --More--\[^\n\r]*" {
+ send " "
+ exp_continue }
+ -re "^<-+ More -+>\[^\n\r]*" {
+ send_user -- "$expect_out(buffer)"
+ send " "
+ exp_continue }
+ }
+ }
+ } else {
+ # the pager can not be turned off on the PIX, so we have to look
+ # for the "More" prompt. the extreme is equally obnoxious, with a
+ # global switch in the config.
+ send "[subst -nocommands $command]\r"
+ expect {
+ -re "\b+" { exp_continue }
+ -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)"
+ }
+ -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)"
+ exp_continue }
+ -re "\[\n\r]+" { send_user -- "$expect_out(buffer)"
+ exp_continue }
+ -re "\[^\r\n]*Press to cont\[^\r\n]*" {
+ send " "
+ # bloody ^[[2K after " "
+ expect {
+ -re "^\[^\r\n]*\r" {}
+ }
+ exp_continue
+ }
+ -re "^ --More--\[^\n\r]*" {
+ send " "
+ exp_continue }
+ -re "^<-+ More -+>\[^\n\r]*" {
+ send_user -- "$expect_out(buffer)"
+ send " "
+ exp_continue }
+ }
+ }
+ log_user 1
+
+ if { [ string compare "extreme" "$platform" ] } {
+ send "exit\r"
+ } else {
+ send "quit\r"
+ }
+ expect {
+ "Do you wish to save your configuration changes" {
+ send "n\r"
+ exp_continue
+ }
+ "\n" { exp_continue }
+ timeout { return 0 }
+ eof { return 0 }
+ }
+ set in_proc 0
+}
+
+
+
+#
+# For each router... (this is main loop)
+#
+source_password_file $password_file
+set in_proc 0
+foreach router [lrange $argv $i end] {
+ set router [string tolower $router]
+ send_user "$router\n"
+
+ # Figure out prompt.
+ set prompt "#"
+
+ # look for noenable option in .cloginrc
+ if { [find noenable $router] != "" } {
+ set enable 0
+ }
+
+ # Figure out passwords
+ if { $do_passwd } {
+ set pswd [find password $router]
+ if { [llength $pswd] == 0 } {
+ send_user "\nError: no password for $router in $password_file.\n"
+ continue
+ }
+ if { $enable && $autoenable == 0 && [llength $pswd] < 2 } {
+ send_user "\nError: no enable password for $router in $password_file.\n"
+ continue
+ }
+ set passwd [join [lindex $pswd 0] ""]
+ set enapasswd [join [lindex $pswd 1] ""]
+ }
+
+ # Figure out username
+ if {[info exists username]} {
+ # command line username
+ set ruser $username
+ } else {
+ set ruser [join [find user $router] ""]
+ if { "$ruser" == "" } { set ruser $default_user }
+ }
+
+ # Figure out username's password (if different from the vty password)
+ if {[info exists userpasswd]} {
+ # command line username
+ set userpswd $userpasswd
+ } else {
+ set userpswd [join [find userpassword $router] ""]
+ if { "$userpswd" == "" } { set userpswd $passwd }
+ }
+
+ # Figure out enable username
+ if {[info exists enausername]} {
+ # command line enausername
+ set enauser $enausername
+ } else {
+ set enauser [join [find enauser $router] ""]
+ if { "$enauser" == "" } { set enauser $ruser }
+ }
+
+ # Figure out prompts
+ set u_prompt [find userprompt $router]
+ if { "$u_prompt" == "" } {
+ set u_prompt "(Username|Login|login|user name):"
+ } else {
+ set u_prompt [join [lindex $u_prompt 0] ""]
+ }
+ set p_prompt [find passprompt $router]
+ if { "$p_prompt" == "" } {
+ set p_prompt "(\[Pp]assword|passwd):"
+ } else {
+ set p_prompt [join [lindex $p_prompt 0] ""]
+ }
+ set e_prompt [find enableprompt $router]
+ if { "$e_prompt" == "" } {
+ set e_prompt "\[Pp]assword:"
+ } else {
+ set e_prompt [join [lindex $e_prompt 0] ""]
+ }
+
+ # Figure out cypher type
+ if {[info exists cypher]} {
+ # command line cypher type
+ set cyphertype $cypher
+ } else {
+ set cyphertype [find cyphertype $router]
+ if { "$cyphertype" == "" } { set cyphertype "3des" }
+ }
+
+ # Figure out connection method
+ set cmethod [find method $router]
+ if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }
+
+ # Figure out the SSH executable name
+ set sshcmd [find sshcmd $router]
+ if { "$sshcmd" == "" } { set sshcmd {ssh} }
+
+ # Login to the router
+ if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} {
+ continue
+ }
+
+ # we are logged in, now figure out the full prompt
+ send "\r"
+ expect {
+ -re "\[\r\n]+" { exp_continue; }
+ -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and
+ # prompt based on state of config changes
+ set junk $expect_out(1,string)
+ regsub -all "^\\\* " $expect_out(1,string) {} junk
+ set prompt ".? ?$junk\[0-9]+ $prompt";
+ set platform "extreme"
+ }
+ -re "^.+$prompt" { set junk $expect_out(0,string);
+ regsub -all "\[\]\[]" $junk {\\&} prompt; }
+ -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string);
+ regsub -all "\[\]\[]" $junk {\\&} prompt; }
+ }
+
+ if { $do_command } {
+ if {[run_commands $prompt $command]} {
+ continue
+ }
+ } elseif { $do_script } {
+ # If the prompt is (enable), then we are on a switch and the
+ # command is "set length 0"; otherwise its "term length 0".
+ if [ regexp -- ".*> .*enable" "$prompt" ] {
+ send "set length 0\r"
+ send "set logging session disable\r"
+ } else {
+ send "term length 0\r"
+ }
+ expect -re $prompt {}
+ source $sfile
+ close
+ } else {
+ label $router
+ log_user 1
+ interact
+ }
+
+ # End of for each router
+ wait
+ sleep 0.3
+}
+exit 0
diff --git a/bin/nsrancid.in b/bin/nsrancid.in
new file mode 100644
index 0000000..40a286f
--- /dev/null
+++ b/bin/nsrancid.in
@@ -0,0 +1,313 @@
+#! @PERLV_PATH@
+##
+## $Id: nsrancid.in,v 1.7 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# hacked version of Hank's rancid - this one tries to deal with Netscalers.
+# Hacks from Anshuman Kanwar.
+#
+# RANCID - Really Awesome New Cisco confIg Differ
+#
+# usage: rancid [-d] [-l] [-f filename | $host]
+#
+use Getopt::Std;
+getopts('dfl');
+$log = $opt_l;
+$debug = $opt_d;
+$file = $opt_f;
+$host = $ARGV[0];
+$clean_run = 0;
+$found_end = 0;
+$timeo = 90; # nslogin timeout in seconds
+
+
+@temp1 = split (/\./,$host);
+$prompt = "$temp1[0]#";
+$prompt = "netscaler#";
+
+my(%filter_pwds); # password filtering mode
+
+# This routine is used to print out the router configuration
+sub ProcessHistory {
+ my($new_hist_tag,$new_command,$command_string,@string)=(@_);
+ if((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
+ && defined %history) {
+ print eval "$command \%history";
+ undef %history;
+ }
+ if (($new_hist_tag) && ($new_command) && ($command_string)) {
+ if ($history{$command_string}) {
+ $history{$command_string} = "$history{$command_string}@string";
+ } else {
+ $history{$command_string} = "@string";
+ }
+ } elsif (($new_hist_tag) && ($new_command)) {
+ $history{++$#history} = "@string";
+ } else {
+ print "@string";
+ }
+ $hist_tag = $new_hist_tag;
+ $command = $new_command;
+ 1;
+}
+
+sub numerically { $a <=> $b; }
+
+# This is a sort routing that will sort numerically on the
+# keys of a hash as if it were a normal array.
+sub keynsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort numerically keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# keys of a hash as if it were a normal array.
+sub keysort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# values of a hash as if it were a normal array.
+sub valsort{
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort values %lines) {
+ $sorted_lines[$i] = $key;
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a numerical sort routing (ascending).
+sub numsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $num (sort {$a <=> $b} keys %lines) {
+ $sorted_lines[$i] = $lines{$num};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routine that will sort on the
+# ip address when the ip address is anywhere in
+# the strings.
+sub ipsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $addr (sort sortbyipaddr keys %lines) {
+ $sorted_lines[$i] = $lines{$addr};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# These two routines will sort based upon IP addresses
+sub ipaddrval {
+ my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
+ $a[3]+256*($a[2]+256*($a[1]+256*$a[0]));
+}
+sub sortbyipaddr {
+ &ipaddrval($a) <=> &ipaddrval($b);
+}
+
+# This routine parses "show config"
+sub ShowConfig {
+ print STDERR " In ShowConfig: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/);
+ next if (/^(\s*|\s*$cmd\s*)$/);
+ next if (/^Reading configuration information/);
+ next if (/^Can\'t find object or class named \"\-all\"\s*$/);
+ next if (/lock-address .*$/);
+ next if (/^\# *uptime +\d+\s*$/);
+ if (/community label /) {
+ if (defined($ENV{'NOCOMMSTR'})) {
+ $_ =~ s/community label .*$/community label /;
+ }
+ }
+ return(1) if /(invalid command name)/;
+ ProcessHistory("","","","$_");
+ }
+
+ if (/exit$/) {
+ $found_end = 1;
+ $clean_run = 1;
+ return(1);
+ }
+ return(0);
+}
+
+# This routine parses "get log setting"
+sub GetLogSet {
+ print STDERR " In GetLogSet: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/);
+ next if (/^(\s*|\s*$cmd\s*)$/);
+ next if (/^Reading configuration information/);
+ next if (/^Can\'t find object or class named \"\-all\"\s*$/);
+ return(1) if /(invalid command name)/;
+
+ ProcessHistory("","","","$_");
+ }
+ return(0);
+}
+
+# This routine parses single command's that return no required info
+sub RunCommand {
+ print STDERR " In RunCommand: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/);
+ next if (/^(\s*|\s*$cmd\s*)$/);
+ }
+ return(0)
+}
+
+# dummy function
+sub DoNothing {print STDOUT;}
+
+# Main
+#--------------------------------------------------
+%commands=(
+ 'cat /etc/ns.conf' => "ShowConfig",
+ 'get log setting' => "GetLogSet"
+);
+# keys() doesnt return things in the order entered and the order of the
+# cmds is important (show version first and write term last). pita
+@commands=(
+ "cat /etc/ns.conf",
+ "get log setting"
+);
+$cisco_cmds=join(";",@commands);
+$cmds_regexp=join("|",@commands);
+
+open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
+select(OUTPUT);
+# make OUTPUT unbuffered if debugging
+if ($debug) { $| = 1; }
+
+if ($file) {
+ print STDERR "opening file $host\n" if ($debug);
+ print STDOUT "opening file $host\n" if ($log);
+ open(INPUT,"<$host") || die "open failed for $host: $!\n";
+} else {
+ print STDERR "executing nslogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
+ print STDOUT "executing nslogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
+ if (defined($ENV{NOPIPE})) {
+ system "nslogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "nslogin failed for $host: $!\n";
+ open(INPUT, "< $host.raw") || die "nslogin failed for $host: $!\n";
+ } else {
+ open(INPUT,"nslogin -t $timeo -c \"$cisco_cmds\" $host ) {
+ tr/\015//d;
+#print STDOUT " --IN--$_";
+ # if ( (/exit/) || $found_end ) {
+# $clean_run=1;
+#print STDOUT "\n\nhere11\n";
+#last;
+# }
+
+ # if ( (/netscaler#/) || $found_end ) {
+#print STDOUT "\n\nhere1\n";
+# $clean_run=1;
+# last;
+# }
+
+ if (/^Error:/) {
+ print STDOUT ("$host nslogin error: $_");
+ print STDERR ("$host nslogin error: $_") if ($debug);
+ $clean_run=0;
+ last;
+ }
+ while (/#\s*($cmds_regexp)\s*$/) {
+ $cmd = $1;
+ print STDERR ("HIT COMMAND:$_") if ($debug);
+ if (! defined($commands{$cmd})) {
+ print STDERR "$host: found unexpected command - \"$cmd\"\n";
+ $clean_run = 0;
+ last TOP;
+ }
+ $rval = &{$commands{$cmd}};
+ delete($commands{$cmd});
+ if ($rval == -1) {
+ $clean_run = 0;
+ last TOP;
+ }
+ }
+}
+print STDOUT "Done $logincmd: $_\n" if ($log);
+# Flush History
+ProcessHistory("","","","");
+# Cleanup
+close(INPUT);
+close(OUTPUT);
+
+if (defined($ENV{NOPIPE})) {
+ unlink("$host.raw") if (! $debug);
+}
+
+# check for completeness
+if (scalar(%commands) || !$clean_run || !$found_end) {
+ if (scalar(%commands)) {
+ printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
+ printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug);
+ }
+ if (!$clean_run || !$found_end) {
+ print STDOUT "$host: End of run not found\n";
+ print STDERR "$host: End of run not found\n" if ($debug);
+ system("/usr/bin/tail -1 $host.new");
+ }
+ unlink "$host.new" if (! $debug);
+}
diff --git a/bin/par.in b/bin/par.in
old mode 100755
new mode 100644
index 02a5383..b50bd05
--- a/bin/par.in
+++ b/bin/par.in
@@ -1,19 +1,22 @@
-#!@PERLV_PATH@
+#! @PERLV_PATH@
##
+## $Id: par.in,v 1.10 2004/01/11 03:49:13 heas Exp $
##
-## Copyright (C) 1997-2001 by Henry Kilmer and Peter Whiting.
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
## All rights reserved.
##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
-##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
+## It is provided solely "as is". The author(s) disclaim(s) all
## responsibility and liability with respect to this software's usage
## or its effect upon hardware, computer systems, other software, or
## anything else.
##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
##
#
# PAR - parallel processing of command
diff --git a/bin/prancid.in b/bin/prancid.in
new file mode 100755
index 0000000..7ded178
--- /dev/null
+++ b/bin/prancid.in
@@ -0,0 +1,569 @@
+#! @PERLV_PATH@
+##
+## $Id: prancid.in,v 1.29 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# This version of rancid tries to deal with Prockets.
+#
+# RANCID - Really Awesome New Cisco confIg Differ
+#
+# usage: rancid [-d] [-l] [-f filename | $host]
+#
+use Getopt::Std;
+getopts('dfl');
+$log = $opt_l;
+$debug = $opt_d;
+$file = $opt_f;
+$host = $ARGV[0];
+$clean_run = 0;
+$found_end = 0;
+$timeo = 90; # clogin timeout in seconds
+
+my($platform); # platform/cpu type
+my(%filter_pwds); # password filtering mode
+
+# This routine is used to print out the router configuration
+sub ProcessHistory {
+ my($new_hist_tag,$new_command,$command_string,@string)=(@_);
+ if((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
+ && defined %history) {
+ print eval "$command \%history";
+ undef %history;
+ }
+ if (($new_hist_tag) && ($new_command) && ($command_string)) {
+ if ($history{$command_string}) {
+ $history{$command_string} = "$history{$command_string}@string";
+ } else {
+ $history{$command_string} = "@string";
+ }
+ } elsif (($new_hist_tag) && ($new_command)) {
+ $history{++$#history} = "@string";
+ } else {
+ print "@string";
+ }
+ $hist_tag = $new_hist_tag;
+ $command = $new_command;
+ 1;
+}
+
+sub numerically { $a <=> $b; }
+
+# This is a sort routing that will sort numerically on the
+# keys of a hash as if it were a normal array.
+sub keynsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort numerically keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# keys of a hash as if it were a normal array.
+sub keysort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# values of a hash as if it were a normal array.
+sub valsort{
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort values %lines) {
+ $sorted_lines[$i] = $key;
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a numerical sort routing (ascending).
+sub numsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $num (sort {$a <=> $b} keys %lines) {
+ $sorted_lines[$i] = $lines{$num};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routine that will sort on the
+# ip address when the ip address is anywhere in
+# the strings.
+sub ipsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $addr (sort sortbyipaddr keys %lines) {
+ $sorted_lines[$i] = $lines{$addr};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# These two routines will sort based upon IP addresses
+sub ipaddrval {
+ my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
+ $a[3]+256*($a[2]+256*($a[1]+256*$a[0]));
+}
+sub sortbyipaddr {
+ &ipaddrval($a) <=> &ipaddrval($b);
+}
+
+# This routine parses "show version"
+sub ShowVersion {
+ print STDERR " In ShowVersion: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if(/^(\s*|\s*$cmd\s*)$/);
+ return(-1) if (/command authorization failed/i);
+
+ if (/(lynxos|kernel) Version: .* (\S+)/i) {
+ $platform = $2;
+ }
+ /Procket/ && ProcessHistory("COMMENTS","keysort","B0", "! $_") && next;
+ /System Uptime:/ && next;
+ /Protocol Uptime:/ && next;
+ ProcessHistory("COMMENTS","keysort","B0", "!$_") && next;
+
+ }
+ return(0);
+}
+
+# This routine parses "show package"
+sub ShowPackage {
+ print STDERR " In ShowPackage: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if(/^(\s*|\s*$cmd\s*)$/);
+ return(-1) if (/command authorization failed/i);
+
+ ProcessHistory("COMMENTS","keysort","C0", "! $_") && next;
+
+ }
+ return(0);
+}
+
+# This routine parses "show hardware"
+sub ShowHardware {
+ print STDERR " In ShowHardware: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if(/^(\s*|\s*$cmd\s*)$/);
+ # skip show hardware on titanium
+ return(0) if ($platform =~ /i386/i);
+ return(-1) if (/command authorization failed/i);
+ return(-1) if (/cli: couldn.t communicate with/);
+
+ ProcessHistory("COMMENTS","keysort","D0", "! $_") && next;
+
+ }
+ return(0);
+}
+
+# This routine parses "show inventory"
+sub ShowInventory {
+ print STDERR " In ShowInventory: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if(/^(\s*|\s*$cmd\s*)$/);
+ return(0) if (/^\s+\^/);
+ return(-1) if (/command authorization failed/i);
+
+ /Procket/ && ProcessHistory("COMMENTS","keysort","E0", "! $_") && next;
+ /System Uptime:/ && next;
+ /Protocol Uptime:/ && next;
+ ProcessHistory("COMMENTS","keysort","E0", "!$_") && next;
+
+ }
+ return(0);
+}
+
+# This routine processes a "write term"
+sub WriteTerm {
+ print STDERR " In WriteTerm: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ return(-1) if (/command authorization failed/i);
+
+ /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked
+ # skip the crap
+ if (/^(##+$|(Building|Current) configuration)/i) {
+ while () {
+ next if (/^Current configuration\s*:/i);
+ next if (/^([%!].*|\s*)$/);
+ last;
+ }
+ tr/\015//d;
+ }
+ # some versions have other crap mixed in with the bits in the
+ # block above
+ /^! Last Changed:/ && next;
+
+ # Dog gone Cool matches to process the rest of the config
+# /^tftp-server flash / && next; # kill any tftp remains
+# /^ntp clock-period / && next; # kill ntp clock-period
+# /^ length / && next; # kill length on serial lines
+# /^ width / && next; # kill width on serial lines
+# /^ clockrate / && next; # kill clockrate on serial interfaces
+
+ if (/^(enable secret( level \d)?) / && $filter_pwds >= 2) {
+ ProcessHistory("ENABLE","","","!$1 \n");
+ next;
+ }
+ if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) {
+ if ($filter_pwds == 2) {
+ ProcessHistory("USER","keysort","$1","!username $1$2 password \n");
+ } elsif ($filter_pwds == 1 && $4 ne "5"){
+ ProcessHistory("USER","keysort","$1","!username $1$2 password \n");
+ } else {
+ ProcessHistory("USER","keysort","$1","$_");
+ }
+ next;
+ }
+
+ # prune passwords {bgp, ...}
+ if (/^(\s*)password / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1password \n");
+ next;
+ }
+ # prune authentication keys {vrrp vrid N, router isis...}
+ if (/^(\s*authentication \S+ key) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n");
+ next;
+ }
+ if (/^(\s*authentication-key) \d \S+( .*)/ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 $2\n");
+ next;
+ }
+
+# if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) {
+# ProcessHistory("","","","! neighbor $1 password \n");
+# next;
+# }
+# if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) {
+# ProcessHistory("","","","!$1 \n"); next;
+# }
+# if (/^(ip ftp password) / && $filter_pwds >= 1) {
+# ProcessHistory("","","","!$1 \n"); next;
+# }
+
+ # prune ospf keys
+ if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+ # this is reversable, despite 'md5' in the cmd
+ if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+ # this is reversable, despite 'md5' in the cmd
+ if (/^(\s*message-digest-key \d+ md5) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+
+# if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) {
+# ProcessHistory("","","","!$1 $'"); next;
+# }
+
+ # sort ip explicit-paths.
+ if (/^ip explicit-path name (\S+)/) {
+ my($key) = $1;
+ my($expath) = $_;
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/);
+ last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/);
+ if (/^ip explicit-path name (\S+)/) {
+ ProcessHistory("EXPATH","keysort","$key","$expath");
+ $key = $1;
+ $expath = $_;
+ } else {
+ $expath .= $_;
+ }
+ }
+ ProcessHistory("EXPATH","keysort","$key","$expath");
+ }
+
+ # sort route-maps
+ if (/^route-map (\S+)/) {
+ my($key) = $1;
+ my($routemap) = $_;
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/ || ! /^(route-map |[ !])/);
+ if (/^route-map (\S+)/) {
+ ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
+ $key = $1;
+ $routemap = $_;
+ } else {
+ $routemap .= $_;
+ }
+ }
+ ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
+ }
+
+ # filter out any RCS/CVS tags to avoid confusing local CVS storage
+ s/\$(Revision|Id):/ $1:/;
+
+# # order access-lists
+# /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ &&
+# ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next;
+# # order extended access-lists
+# /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ &&
+# ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next;
+# /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ &&
+# ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next;
+# /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ &&
+# ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next;
+# # order arp lists
+# /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ &&
+# ProcessHistory("ARP","ipsort","$1","$_") && next;
+# /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ &&
+# ProcessHistory("PACL $1 $3","ipsort","$4","ip prefix-list $1 $3 $4$5\n")
+# && next;
+
+ # order logging statements
+ /^logging (\d+\.\d+\.\d+\.\d+)/ &&
+ ProcessHistory("LOGGING","ipsort","$1","$_") && next;
+
+ # order/prune snmp-server host statements
+ # we only prune lines of the form
+ # snmp-server host a.b.c.d
+ if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) {
+ if (defined($ENV{'NOCOMMSTR'})) {
+ my($ip) = $1;
+ my($line) = "snmp-server host $ip";
+ my(@tokens) = split(' ', $');
+ my($token);
+ while ($token = shift(@tokens)) {
+ if ($token eq 'version') {
+ $line .= " " . join(' ', ($token, shift(@tokens)));
+ } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) {
+ $line .= " " . $token;
+ } else {
+ $line = "!$line " . join(' ', ("", join(' ',@tokens)));
+ last;
+ }
+ }
+ ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n");
+ } else {
+ ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_");
+ }
+ next;
+ }
+ if (/^(snmp-server community) (\S+)/) {
+ if (defined($ENV{'NOCOMMSTR'})) {
+ ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next;
+ } else {
+ ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next;
+ }
+ }
+
+ # prune tacacs/radius server keys
+ if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 key \n"); next;
+ }
+ if (/^(tacacs-server host \S+( .*)? key) (\d )?\S+/
+ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+
+ # order clns host statements
+# /^clns host \S+ (\S+)/ &&
+# ProcessHistory("CLNS","keysort","$1","$_") && next;
+
+ # prune vrrp password
+ if (/^( ip vrrp authentication .* key) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+ # prune isis password
+ if (/^( isis authentication-key) \d \S+/ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 $'"); next;
+ }
+ # prune msdp password
+ if (/^(ip msdp password \S+) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+ # delete ntp auth password - this md5 is a reversable too
+ if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+ # order ntp peers/servers
+ if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) {
+ $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5);
+ ProcessHistory("NTP","keysort",$sortkey,"$_");
+ next;
+ }
+
+# # order ip host line statements
+# /^ip host line(\d+)/ &&
+# ProcessHistory("IPHOST","numsort","$1","$_") && next;
+# # order ip nat source static statements
+# /^ip nat (\S+) source static (\S+)/ &&
+# ProcessHistory("IP NAT $1","ipsort","$2","$_") && next;
+# # order atm map-list statements
+# /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ &&
+# ProcessHistory("ATM map-list","ipsort","$1","$_") && next;
+# # order ip rcmd lines
+# /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next;
+
+ # catch anything that wasnt matched above.
+ ProcessHistory("","","","$_");
+ # end of config.
+ if (/^end$/) {
+ $found_end = 1;
+ return(1);
+ }
+ }
+ return(0);
+}
+
+# dummy function
+sub DoNothing {print STDOUT;}
+
+# Main
+%commands=(
+ 'show version all' => "ShowVersion",
+ 'show package' => "ShowPackage",
+ 'show hardware' => "ShowHardware",
+ 'show inventory' => "ShowInventory",
+ 'write term' => "WriteTerm"
+);
+# keys() doesnt return things in the order entered and the order of the
+# cmds is important (show version first and write term last). pita
+@commands=(
+ "show version all",
+ "show package",
+ "show hardware",
+ "show inventory",
+ "write term"
+);
+$cisco_cmds=join(";",@commands);
+$cmds_regexp=join("|",@commands);
+
+open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
+select(OUTPUT);
+# make OUTPUT unbuffered if debugging
+if ($debug) { $| = 1; }
+
+if ($file) {
+ print STDERR "opening file $host\n" if ($debug);
+ print STDOUT "opening file $host\n" if ($log);
+ open(INPUT,"<$host") || die "open failed for $host: $!\n";
+} else {
+ print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
+ print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
+ if (defined($ENV{NOPIPE})) {
+ system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n";
+ open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n";
+ } else {
+ open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) {
+ tr/\015//d;
+ if (/\#\s?exit$/) {
+ $clean_run=1;
+ last;
+ }
+ if (/^Error:/) {
+ print STDOUT ("$host clogin error: $_");
+ print STDERR ("$host clogin error: $_") if ($debug);
+ $clean_run=0;
+ last;
+ }
+ while (/#\s*($cmds_regexp)\s*$/) {
+ $cmd = $1;
+ if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; }
+ print STDERR ("HIT COMMAND:$_") if ($debug);
+ if (! defined($commands{$cmd})) {
+ print STDERR "$host: found unexpected command - \"$cmd\"\n";
+ $clean_run = 0;
+ last TOP;
+ }
+ $rval = &{$commands{$cmd}};
+ delete($commands{$cmd});
+ if ($rval == -1) {
+ $clean_run = 0;
+ last TOP;
+ }
+ }
+}
+print STDOUT "Done $logincmd: $_\n" if ($log);
+# Flush History
+ProcessHistory("","","","");
+# Cleanup
+close(INPUT);
+close(OUTPUT);
+
+if (defined($ENV{NOPIPE})) {
+ unlink("$host.raw") if (! $debug);
+}
+
+# check for completeness
+if (scalar(%commands) || !$clean_run || !$found_end) {
+ if (scalar(%commands)) {
+ printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
+ printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug);
+ }
+ if (!$clean_run || !$found_end) {
+ print STDOUT "$host: End of run not found\n";
+ print STDERR "$host: End of run not found\n" if ($debug);
+ system("/usr/bin/tail -1 $host.new");
+ }
+ unlink "$host.new" if (! $debug);
+}
diff --git a/bin/rancid-cvs.in b/bin/rancid-cvs.in
new file mode 100644
index 0000000..22d5fd2
--- /dev/null
+++ b/bin/rancid-cvs.in
@@ -0,0 +1,94 @@
+#! /bin/sh
+##
+## $Id: rancid-cvs.in,v 1.16 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# Create all of the misc files & dirs needed for each group and import them
+# into CVS.
+#
+# rancid-cvs
+#
+
+# Read in the environment
+ENVFILE="@sysconfdir@/rancid.conf"
+
+. $ENVFILE
+
+# Base dir
+if [ ! -d $BASEDIR ]; then
+ mkdir -p $BASEDIR ||
+ (echo "Could not create local state directory: $BASEDIR"; exit 1)
+fi
+
+cd $BASEDIR
+
+# Top level CVS stuff
+if [ ! -d $CVSROOT ]; then
+ cvs init
+fi
+
+# Log dir
+if [ ! -d logs ]; then
+ mkdir logs
+fi
+
+# Which groups to do
+if [ $# -ge 1 ] ; then
+ LIST_OF_GROUPS="$*"; export LIST_OF_GROUPS
+elif [ "$LIST_OF_GROUPS" = "" ] ; then
+ echo "LIST_OF_GROUPS is empty in $ENVFILE"
+ exit 1
+fi
+
+for GROUP in `echo $LIST_OF_GROUPS` ;
+do
+
+ DIR=$BASEDIR/$GROUP
+
+ # Directory for the group and the configs
+ if [ ! -d $DIR ]; then
+ mkdir -p $DIR
+ cd $DIR
+ cvs import -m "$GROUP" $GROUP new rancid
+ cd $BASEDIR
+ cvs co $GROUP
+ fi
+ cd $DIR
+ if [ ! -d configs ]; then
+ mkdir configs
+ cvs add configs
+ cvs commit -m 'new' configs
+ fi
+
+ # main files
+ if [ ! -f routers.all ]; then
+ touch routers.all
+ fi
+ if [ ! -f routers.down ]; then
+ touch routers.down
+ fi
+ if [ ! -f routers.up ]; then
+ touch routers.up
+ fi
+ if [ ! -f router.db ]; then
+ touch router.db
+ cvs add router.db
+ cvs commit -m 'new' router.db
+ fi
+done
diff --git a/bin/rancid-fe.in b/bin/rancid-fe.in
old mode 100755
new mode 100644
index b25dcb1..b80a194
--- a/bin/rancid-fe.in
+++ b/bin/rancid-fe.in
@@ -1,22 +1,25 @@
-#!@PERLV_PATH@
+#! @PERLV_PATH@
##
+## $Id: rancid-fe.in,v 1.36 2004/01/11 03:49:13 heas Exp $
##
-## Copyright (C) 1997-2001 by Henry Kilmer.
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
## All rights reserved.
##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
##
## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
+## It is provided solely "as is". The author(s) disclaim(s) all
## responsibility and liability with respect to this software's usage
## or its effect upon hardware, computer systems, other software, or
## anything else.
##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
##
#
-# rancid-FE - front-end to rancid/jrancid for use with par.
+# rancid-FE - front-end to rancid/jrancid/etc. for use with par.
#
# usage: rancid-fe :
#
@@ -25,18 +28,28 @@ require 5;
($router, $vendor) = split('\:', $ARGV[0]);
- if ($vendor =~ /^alteon$/i) { exec('arancid', $router); }
-elsif ($vendor =~ /^baynet$/i) { exec('brancid', $router); }
-elsif ($vendor =~ /^cat5$/i) { exec('cat5rancid', $router); }
-elsif ($vendor =~ /^cisco$/i) { exec('rancid', $router); }
-elsif ($vendor =~ /^extreme$/i) { exec('xrancid', $router); }
-elsif ($vendor =~ /^ezt3$/i) { exec('erancid', $router); }
-elsif ($vendor =~ /^force10$/i) { exec('f10rancid', $router); }
-elsif ($vendor =~ /^foundry$/i) { exec('francid', $router); }
-elsif ($vendor =~ /^hp$/i) { exec('hrancid', $router); }
-elsif ($vendor =~ /^juniper$/i) { exec('jrancid', $router); }
-elsif ($vendor =~ /^mrtd$/i) { exec('mrancid', $router); }
-elsif ($vendor =~ /^redback$/i) { exec('rrancid', $router); }
+ if ($vendor =~ /^alteon$/i) { exec('arancid', $router); }
+elsif ($vendor =~ /^baynet$/i) { exec('brancid', $router); }
+elsif ($vendor =~ /^cat5$/i) { exec('cat5rancid', $router); }
+elsif ($vendor =~ /^cisco$/i) { exec('rancid', $router); }
+elsif ($vendor =~ /^css$/i) { exec('cssrancid', $router); }
+elsif ($vendor =~ /^enterasys$/i) { exec('rivrancid', $router); }
+elsif ($vendor =~ /^erx$/i) { exec('jerancid', $router); }
+elsif ($vendor =~ /^extreme$/i) { exec('xrancid', $router); }
+elsif ($vendor =~ /^ezt3$/i) { exec('erancid', $router); }
+elsif ($vendor =~ /^force10$/i) { exec('f10rancid', $router); }
+elsif ($vendor =~ /^foundry$/i) { exec('francid', $router); }
+elsif ($vendor =~ /^hitachi$/i) { exec('htrancid', $router); }
+elsif ($vendor =~ /^hp$/i) { exec('hrancid', $router); }
+elsif ($vendor =~ /^juniper$/i) { exec('jrancid', $router); }
+elsif ($vendor =~ /^mrtd$/i) { exec('mrancid', $router); }
+elsif ($vendor =~ /^netscaler$/i) { exec('nsrancid', $router); }
+elsif ($vendor =~ /^netscreen$/i) { exec('nrancid', $router); }
+elsif ($vendor =~ /^procket$/i) { exec('prancid', $router); }
+elsif ($vendor =~ /^redback$/i) { exec('rrancid', $router); }
+elsif ($vendor =~ /^riverstone$/i) { exec('rivrancid', $router); }
+elsif ($vendor =~ /^tnt$/i) { exec('tntrancid', $router); }
+elsif ($vendor =~ /^zebra$/i) { exec('zrancid', $router); }
else {
printf(STDERR "unknown router manufacturer for $router: $vendor\n");
exit(-1);
diff --git a/bin/rancid-run.in b/bin/rancid-run.in
new file mode 100644
index 0000000..b59b026
--- /dev/null
+++ b/bin/rancid-run.in
@@ -0,0 +1,136 @@
+#! /bin/sh
+##
+## $Id: rancid-run.in,v 1.28 2004/01/11 06:11:23 hank Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# Run rancid for each of the rancid groups defined by $LIST_OF_GROUPS in
+# @sysconfdir@/rancid.conf or those specified on the command-line.
+#
+
+ENVFILE="@sysconfdir@/rancid.conf"
+
+. $ENVFILE
+
+TMPDIR=${TMPDIR:=/tmp}; export TMPDIR
+
+# control_rancid argv
+CR_ARGV=""; export CR_ARGV
+
+# print a usage message to stderr
+pr_usage() {
+ echo "usage: $0 [-r device_name] [-m mail rcpt] [group [group ...]]" >&2;
+}
+
+# command-line options
+# -r
+if [ $# -ge 1 ] ; then
+
+ while [ 1 ] ; do
+ case $1 in
+ -r)
+ shift
+ # next arg is the device name
+ CR_ARGV="$CR_ARGV -r $1"; export CR_ARGV
+ shift
+ ;;
+ -m)
+ shift
+ # next arg is the mailto name
+ CR_ARGV="$CR_ARGV -m $1"; export CR_ARGV
+ shift
+ ;;
+ --)
+ shift; break;
+ ;;
+ -h)
+ pr_usage
+ exit
+ ;;
+ -*)
+ echo "unknown option: $1" >&2
+ pr_usage
+ exit 1
+ ;;
+ *)
+ break;
+ ;;
+ esac
+ done
+fi
+
+if [ $# -ge 1 ] ; then
+ LIST_OF_GROUPS="$*"; export LIST_OF_GROUPS
+elif [ "$LIST_OF_GROUPS" = "" ] ; then
+ echo "LIST_OF_GROUPS is empty in $ENVFILE"
+ exit 1
+fi
+
+if [ ! -d $LOGDIR ] ; then
+ mkdir $LOGDIR || (echo "Could not create log directory: $LOGDIR"; exit 1)
+fi
+
+for GROUP in $LIST_OF_GROUPS
+do
+
+ LOCKFILE=$TMPDIR/.$GROUP.run.lock
+
+ (
+ echo starting: `date`
+ echo
+
+ if [ -f $LOCKFILE ]
+ then
+ echo hourly config diffs failed: $LOCKFILE exists
+ ls -l $LOCKFILE
+
+ # Send email if the lock file is old.
+ if [ "X$LOCKTIME" = "X" ] ; then
+ LOCKTIME=4
+ fi
+ @PERLV@ -e "\$t = (stat(\"$LOCKFILE\"))[9]; print \"OLD\\n\" if (time() - \$t >= $LOCKTIME*60*60);" > $TMPDIR/.$GROUP.old
+ if [ -s $TMPDIR/.$GROUP.old ]
+ then
+ (
+ echo "To: @ADMINMAILPLUS@$GROUP"
+ echo "Subject: rancid hung - $GROUP"
+ echo "Precedence: bulk"
+ echo ""
+
+ cat <$LOGDIR/$GROUP.`date +%Y%m%d.%H%M%S` 2>&1
+done
diff --git a/bin/rancid.in b/bin/rancid.in
old mode 100755
new mode 100644
index 4566b58..27a5a48
--- a/bin/rancid.in
+++ b/bin/rancid.in
@@ -1,19 +1,22 @@
-#!@PERLV_PATH@
+#! @PERLV_PATH@
##
+## $Id: rancid.in,v 1.168 2004/01/12 00:52:47 asp Exp $
##
-## Copyright (C) 1997-2001 by Henry Kilmer.
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
## All rights reserved.
##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
##
## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
+## It is provided solely "as is". The author(s) disclaim(s) all
## responsibility and liability with respect to this software's usage
## or its effect upon hardware, computer systems, other software, or
## anything else.
##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
##
#
# RANCID - Really Awesome New Cisco confIg Differ
@@ -21,7 +24,7 @@
# usage: rancid [-d] [-l] [-f filename | $host]
#
use Getopt::Std;
-getopts('dflm');
+getopts('dfl');
$log = $opt_l;
$debug = $opt_d;
$file = $opt_f;
@@ -135,31 +138,40 @@ sub sortbyipaddr {
# This routine parses "show version"
sub ShowVersion {
print STDERR " In ShowVersion: $_" if ($debug);
+ my($slaveslot);
while () {
tr/\015//d;
- study;
last if(/^$prompt/);
next if(/^(\s*|\s*$cmd\s*)$/);
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
if (/^Slave in slot (\d+) is running/) {
$slave = " Slave:";
+ $slaveslot = ", slot $1";
next;
}
+ if (/^Application and Content Networking Software/) { $type="CE"; }
+ /^Application and Content Networking Software Release /i &&
+ ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next;
/^Cisco Secure PIX /i &&
ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next;
- /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ &&
+ # PIX fail-over license
+ /^This PIX has an?\s+(.*)$/ &&
+ ProcessHistory("COMMENTS","keysort","C1", "!$_") && next;
+ /^(Cisco )?IOS .* Software,? \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ &&
ProcessHistory("COMMENTS","keysort","F1",
- "!Image:$slave Software: $1, $2\n") && next;
+ "!Image:$slave Software: $2, $3\n") && next;
/^([A-Za-z-0-9_]*) Synced to mainline version: (.*)$/ &&
ProcessHistory("COMMENTS","keysort","F2",
"!Image:$slave $1 Synced to mainline version: $2\n") && next;
/^Compiled (.*)$/ &&
ProcessHistory("COMMENTS","keysort","F3",
"!Image:$slave Compiled: $1\n") && next;
- /^ROM: (System )?Bootstrap.*(Version.*)$/ &&
+ /^ROM: (IOS \S+ )?(System )?Bootstrap.*(Version.*)$/ &&
ProcessHistory("COMMENTS","keysort","G1",
- "!ROM Bootstrap: $2\n") && next;
+ "!ROM Bootstrap: $3\n") && next;
if (/^Hardware:\s+(.*), (.* RAM), CPU (.*)$/) {
ProcessHistory("COMMENTS","keysort","A1",
"!Chassis type: $1 - a PIX\n");
@@ -169,6 +181,17 @@ sub ShowVersion {
}
/^Serial Number:\s+(.*)$/ &&
ProcessHistory("COMMENTS","keysort","C1", "!$_") && next;
+ # CatOS 3500xl stuff
+ /^System serial number(:\s+.*)$/ &&
+ ProcessHistory("COMMENTS","keysort","C1", "!Serial Number$1\n") &&
+ next;
+ /^Model / &&
+ ProcessHistory("COMMENTS","keysort","C2", "!$_") && next;
+ /^Motherboard / &&
+ ProcessHistory("COMMENTS","keysort","C3", "!$_") && next;
+ /^Power supply / &&
+ ProcessHistory("COMMENTS","keysort","C4", "!$_") && next;
+
/^Activation Key:\s+(.*)$/ &&
ProcessHistory("COMMENTS","keysort","C2", "!$_") && next;
/^ROM: \d+ Bootstrap .*(Version.*)$/ &&
@@ -193,48 +216,80 @@ sub ShowVersion {
my($cpu) = $2;
my($mem) = $3;
my($device) = "router";
- if ( $1 eq "CSC") {
+
+ # the next line ought to be the more specific cpu info, grab it.
+ # yet, some boards/IOS vers have a processor ID line between these
+ # two. grrr. make sure we dont grab the "software" junk that
+ # follows these lines by looking for "CPU at " or the 2600s
+ # "processor: " unique string. there are undoubtedly many other
+ # incantations. for a slave, we dont get this info and its just a
+ # blank line.
+ $_ = ;
+ $_ = if (/processor board id/i);
+ $_ = "" if (! /(cpu at |processor: |$cpu processor,)/i);
+ tr/\015//d;
+ s/implementation/impl/i;
+ if ($_ !~ /^\s*$/) {
+ chomp;
+ s/^/, /;
+ }
+
+ if ( $proc eq "CSC") {
$type = "AGS";
- } elsif ( $1 eq "CSC4") {
+ } elsif ( $proc eq "CSC4") {
$type = "AGS+";
- } elsif ( $1 eq "2511" || $1 eq "2524" || $1 eq "AS2511-RJ") {
+ } elsif ( $proc =~ /^(AS)?25[12][12]/) {
$type = "2500";
- } elsif ( $1 =~ /261[01]/ || $1 =~ /262[01]/ ) {
+ } elsif ( $proc =~ /261[01]/ || $proc =~ /262[01]/ ) {
$type = "2600";
- } elsif ( $1 eq "3620" || $1 eq "3640") {
+ } elsif ( $proc =~ /^36[0246][0-9]/) {
$type = "3600";
- } elsif ( $1 eq "RSP7000") {
+ } elsif ( $proc =~ /^37/) {
+ $type = "3700";
+ } elsif ( $proc eq "RSP7000") {
$type = "7500";
- } elsif ( $1 =~ /RSP\d/) {
+ } elsif ( $proc =~ /RSP\d/) {
$type = "7500";
- } elsif ( $1 eq "RP1") {
+ } elsif ( $proc eq "RP1") {
$type = "7000";
- } elsif ( $1 eq "RP") {
+ } elsif ( $proc eq "RP") {
$type = "7000";
- } elsif ( $1 =~ /720[246]/) {
+ } elsif ( $proc =~ /720[246]/) {
$type = "7200";
- } elsif ( $1 =~ /1200[48]\/GRP/ || $1 =~ /1201[26]\/GRP/) {
+ } elsif ( $proc =~ /1200[48]\/GRP/ || $proc =~ /1201[26]\/GRP/) {
$type = "12000";
- } elsif ( $1 =~ /1201[26]-8R\/GRP/) {
+ } elsif ( $proc =~ /1201[26]-8R\/GRP/) {
$type = "12000";
- } elsif ( $1 =~ /WS-C29/) {
+ } elsif ( $proc =~ /WS-C29/) {
$type = "2900XL";
$device = "switch";
- } elsif ( $1 =~ /WS-C35/) {
+ } elsif ( $proc =~ /WS-C355/) {
+ $type = "3550";
+ $device = "switch";
+ } elsif ( $proc =~ /WS-C35/) {
$type = "3500XL";
$device = "switch";
- } elsif ( $1 =~ /6000/) {
+ } elsif ( $proc =~ /WS-C45/) {
+ $type = "4500";
+ $device = "switch";
+ } elsif ( $proc =~ /6000/) {
$type = "6000";
$device = "switch";
+ } elsif ( $proc =~ /CISCO76/) {
+ $type = "7600";
+ $device = "router";
+ } elsif ( $proc =~ /1900/) {
+ $type = "1900";
+ $device = "switch";
} else {
- $type = $1;
+ $type = $proc;
}
print STDERR "TYPE = $type\n" if ($debug);
ProcessHistory("COMMENTS","keysort","A1",
"!Chassis type:$slave $proc - a $type $device\n");
ProcessHistory("COMMENTS","keysort","B1",
"!Memory:$slave main $mem\n");
- ProcessHistory("COMMENTS","keysort","A3","!CPU:$slave $cpu\n");
+ ProcessHistory("COMMENTS","keysort","A3","!CPU:$slave $cpu$_$slaveslot\n");
next;
}
if (/(\S+) Silicon\s*Switch Processor/) {
@@ -249,7 +304,7 @@ sub ShowVersion {
/^(\d+[kK]) bytes of multibus/ &&
ProcessHistory("COMMENTS","keysort","B2",
"!Memory: multibus $1\n") && next;
- /^(\d+[kK]) bytes of non-volatile/ &&
+ /^(\d+[kK]) bytes of (non-volatile|NVRAM)/ &&
ProcessHistory("COMMENTS","keysort","B3",
"!Memory: nvram $1\n") && next;
/^(\d+[kK]) bytes of flash memory/ &&
@@ -272,9 +327,6 @@ sub ShowVersion {
ProcessHistory("COMMENTS","keysort","I0","!\n");
}
ProcessHistory("COMMENTS","keysort","I1","! $_");
- # The line after the WARNING is what to do about it.
- $_ = ; tr/\015//d;
- ProcessHistory("COMMENTS","keysort","I1","! $_");
}
if (/^Configuration register is (.*)$/) {
$config_register=$1;
@@ -284,6 +336,57 @@ sub ShowVersion {
return(0);
}
+# This routine parses "show redundancy"
+sub ShowRedundancy {
+ print STDERR " In ShowRedundancy: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if(/^(\s*|\s*$cmd\s*)$/);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
+
+ /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ &&
+ ProcessHistory("COMMENTS","keysort","F1",
+ "!Image:$slave Software: $1, $2\n") && next;
+ /^Compiled (.*)$/ &&
+ ProcessHistory("COMMENTS","keysort","F3",
+ "!Image:$slave Compiled: $1\n") && next;
+ }
+ return(0);
+}
+
+# This routine parses "show IDprom"
+sub ShowIDprom {
+ my($tmp);
+
+ print STDERR " In ShowIDprom: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if(/^(\s*|\s*$cmd\s*)$/);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
+
+ /FRU is .(.*)\'/ && ($tmp = $1);
+ /Product Number = .(.*)\'/ &&
+ ProcessHistory("COMMENTS","keysort","D0","!\n") &&
+ ProcessHistory("COMMENTS","keysort","D0",
+ "!Catalyst Chassis type: $1, $tmp\n");
+ /Serial Number = .([0-9A-Za-z]+)/ &&
+ ProcessHistory("COMMENTS","keysort","D1",
+ "!Catalyst Chassis S/N: $1\n");
+ /Manufacturing Assembly Number = .([-0-9]+)/ && ($tmp = $1);
+ /Manufacturing Assembly Revision = .(.*)\'/ && ($tmp .= ", rev " . $1);
+ /Hardware Revision = ([0-9.]+)/ &&
+ ProcessHistory("COMMENTS","keysort","D2",
+ "!Catalyst Chassis assembly: $tmp, ver $1\n");
+ }
+ return(0);
+}
+
# This routine parses "show install active"
sub ShowInstallActive {
print STDERR " In ShowInstallActive: $_" if ($debug);
@@ -295,6 +398,8 @@ sub ShowInstallActive {
return(1) if /^\s*\^\s*$/;
return(1) if /(Invalid input detected|Type help or )/;
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
ProcessHistory("COMMENTS","keysort","F5","!Image: $_") && next;
}
return(0);
@@ -311,6 +416,8 @@ sub ShowEnv {
next if (/^(\s*|\s*$cmd\s*)$/);
#return(1) if ($type !~ /^7/);
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
if (!defined($E0)) {
$E0=1;
ProcessHistory("COMMENTS","keysort","E0","!\n");
@@ -331,11 +438,42 @@ sub ShowEnv {
ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next;
/^\s*(redundant .*)/i &&
ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next;
+ /^\s*(RPS is .*)/i &&
+ ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next;
}
ProcessHistory("COMMENTS","","","!\n");
return(0);
}
+# This routine parses "show rsp chassis-info" for the rsp
+# This will create arrays for hw info.
+sub ShowRSP {
+ print STDERR " In ShowRSP: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/);
+ next if (/^(\s*|\s*$cmd\s*)$/);
+ return(-1) if (/command authorization failed/i);
+ # return(1) if ($type !~ /^12[40]/);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
+ /^$/ && next;
+
+ /^\s+Chassis model: (\S+)/ &&
+ ProcessHistory("COMMENTS","keysort","D0","!\n") &&
+ ProcessHistory("COMMENTS","keysort","D1",
+ "!RSP Chassis model: $1\n") &&
+ next;
+ /^\s+Chassis S\/N: (.*)$/ &&
+ ProcessHistory("COMMENTS","keysort","D2",
+ "!RSP Chassis S/N: $1\n") &&
+ next;
+ }
+
+ return(0);
+}
+
# This routine parses "show gsr chassis-info" for the gsr
# This will create arrays for hw info.
sub ShowGSR {
@@ -348,6 +486,8 @@ sub ShowGSR {
next if (/^(\s*|\s*$cmd\s*)$/);
return(-1) if (/command authorization failed/i);
# return(1) if ($type !~ /^12[40]/);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
/^$/ && next;
/^\s+Chassis: type (\S+) Fab Ver: (\S+)/ &&
ProcessHistory("COMMENTS","keysort","D0","!\n") &&
@@ -386,15 +526,17 @@ sub ShowBoot {
return(1) if /Ambiguous command/i;
return(1) if /(Invalid input detected|Type help or )/;
return(1) if /(Open device \S+ failed|Error opening \S+:)/;
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
next if /CONFGEN variable/;
if (!defined($H0)) {
$H0=1; ProcessHistory("COMMENTS","keysort","H0","!\n");
}
if ($type !~ /^(12[04]|7)/) {
if ($type !~ /^(29|35)00/) {
- ProcessHistory("COMMENTS","keysort","H2","!BootFlash: $_");
+ ProcessHistory("COMMENTS","keysort","H2","!BootFlash: $_");
} else {
- ProcessHistory("COMMENTS","keysort","H1","!Variable: $_");
+ ProcessHistory("COMMENTS","keysort","H1","!Variable: $_");
}
} elsif (/variable/) {
ProcessHistory("COMMENTS","keysort","H1","!Variable: $_");
@@ -418,6 +560,8 @@ sub ShowFlash {
return(-1) if (/command authorization failed/i);
return(1) if /^\s*\^\s*$/;
return(1) if /(Invalid input detected|Type help or )/;
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
ProcessHistory("FLASH","","","!Flash: $_");
}
ProcessHistory("","","","!\n");
@@ -438,13 +582,15 @@ sub DirSlotN {
# return(1) if ($type !~ /^(12[40]|7|36)/);
return(1) if /^\s*\^\s*$/;
return(1) if /(Invalid input detected|Type help or )/;
- return(1) if /No such device/i;
+ return(1) if /(No such device|Error Sending Request)/i;
return(1) if /\%Error: No such file or directory/;
return(1) if /No space information available/;
return(-1) if /\%Error calling/;
return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy
return(-1) if (/command authorization failed/i);
return(1) if /(Open device \S+ failed|Error opening \S+:)/;
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
ProcessHistory("FLASH","","","!Flash: $dev: $_");
}
ProcessHistory("","","","!\n");
@@ -458,11 +604,12 @@ sub ShowContAll {
while () {
tr/\015//d;
- study;
last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
# return(1) if ($type =~ /^(12[40]|7[05])/);
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
if (/^Interface ([^ \n(]*)/) { $INT = "$1, "; next; }
/^(BRI unit \d)/ &&
ProcessHistory("INT","","","!Interface: $1\n") && next;
@@ -521,6 +668,8 @@ sub ShowContCbus {
next if (/^(\s*|\s*$cmd\s*)$/);
#return(1) if ($type !~ /^7[05]0/);
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
if (/^\s*slot(\d+): ([^,]+), hw (\S+), sw (\S+), ccb/) {
$slot = $1;
$board{$slot} = $2;
@@ -562,11 +711,12 @@ sub ShowDiagbus {
while () {
tr/\015//d;
- study;
last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
#return(1) if ($type !~ /^7[05]/);
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
if (/^\s*Slot (\d+):/i) {
$slot = $1;
next;
@@ -641,7 +791,7 @@ sub ShowDiagbus {
return(0);
}
-# This routine parses "show diag" for the gsr, 7200, 3600, 2600.
+# This routine parses "show diag" for the gsr, 7200, 3700, 3600, 2600.
# This will create arrarys for hw info.
sub ShowDiag {
# Skip if this is not a 12000.
@@ -649,12 +799,14 @@ sub ShowDiag {
while () {
tr/\015//d;
- study;
last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
# return(1) if ($type !~ /^(12[40]|720|36|26)/);
return(-1) if (/command authorization failed/i);
/^$/ && next;
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
+
s/Port Packet Over SONET/POS/;
if (/^\s*SLOT\s+(\d+)\s+\((.*)\): (.*)/) {
$slot = $1;
@@ -663,11 +815,22 @@ sub ShowDiag {
next;
}
if (/^\s+MAIN:\s* type \d+,\s+(.*)/) {
- ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $1\n") && next;
+ ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $1\n");
+ next;
+ }
+ if (/^c3700\s+(io-board|mid-plane)/i) {
+ $slot=$1;
+ ProcessHistory("SLOT","","","!\n");
+ ProcessHistory("SLOT","keysort","A","!Slot $slot: part $1\n");
+ next;
}
if (/ Engine:\s+(.*)/) {
ProcessHistory("SLOT","keysort","AE","!Slot $slot/Engine: $1\n");
}
+ if (/FRU:\s+Linecard\/Module:\s+(\S+)/) {
+ ProcessHistory("SLOT","keysort","AF","!Slot $slot/FRU: Linecard/Module: $1\n");
+ next;
+ }
if (/^\s+PCA:\s+(.*)/) {
local($part) = $1;
$_ = ;
@@ -707,35 +870,78 @@ sub ShowDiag {
}
next;
}
- # 7200 and 3600 stuff
- if (/^(Slot)\s+(\d+(\/\d+)?):/ || /^\s+(WIC|VIC) Slot (\d):/) {
+ # 7200, 3600, 2600, and 1700 stuff
+ if (/^(Slot)\s+(\d+(\/\d+)?):/
+ || /^\s+(WIC|VIC|WIC\/VIC) Slot (\d):/
+ || /^(Encryption AIM) (\d):/) {
if ($1 eq "WIC") {
$WIC = "/$2";
} elsif ($1 eq "VIC") {
$WIC = "/$2";
+ } elsif ($1 eq "WIC/VIC") {
+ $WIC = "/$2";
+ } elsif ($1 eq "Encryption AIM") {
+ $slot = "$2";
+ undef($WIC);
+ ProcessHistory("SLOT","","","!\n");
+ ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1\n");
+ next;
} else {
$slot = $2;
undef($WIC);
}
$_ = ; tr/\015//d;
- # clean up hideous 7200 format to look more like 7500 output
+ # clean up hideous 7200/etc formats to look more like 7500 output
s/Fast-ethernet on C7200 I\/O card/FE-IO/;
s/ with MII or RJ45/-TX/;
s/Fast-ethernet /100Base/; s/[)(]//g;
+ s/intermediate reach/IR/i;
ProcessHistory("SLOT","","","!\n");
/\s+(.*) port adapter,?\s+(\d+)\s+/i &&
- ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, $2 ports\n");
+ ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, $2 ports\n") && next;
# I/O controller with no interfaces
/\s+(.*)\s+port adapter\s*$/i &&
- ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, 0 ports\n");
+ ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, 0 ports\n") && next;
/\s+(.*)\s+daughter card(.*)$/ &&
- ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1$2\n");
+ ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1$2\n") && next;
/\s+(FT1)$/ &&
- ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1\n");
+ ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1\n") && next;
+ # handle WICs lacking "daughter card" in the 2nd line of their
+ # show diag o/p
+ if (defined($WIC)) {
+ s/^\s+//;
+ ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $_");
+ }
next;
}
+ # yet another format. seen on 2600s w/ 12.1, but appears to be all
+ # 12.1, including 7200s & 3700s. Sometimes the PCB serial appears
+ # before the hardware revision.
+ if (/(pcb serial number|hardware revision)\s+:\s+(\S+)$/i) {
+ my($hw, $pn, $rev, $sn);
+ if ($1 =~ /^pcb/i) {
+ $sn = $2;
+ } else {
+ $hw = $2;
+ }
+ while () {
+ tr/\015//d;
+
+ if (/0x..: /) {
+ # no effing idea why break does not work there
+ goto PerlSucks;
+ }
+ if (/hardware revision\s+:\s+(\S+)/i) { $hw = $1; }
+ if (/part number\s+:\s+(\S+)/i) { $pn = $1; }
+ if (/board revision\s+:\s+(\S+)/i) { $rev = $1; }
+ if (/pcb serial number\s+:\s+(\S+)/i) { $sn = $1; }
+ }
+PerlSucks:
+ ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: hvers $hw rev $rev\n");
+ ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: part $pn, serial $sn\n");
+ }
/revision\s+(\S+).*revision\s+(\S+)/ &&
ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: hvers $1 rev $2\n") &&
next;
@@ -760,6 +966,8 @@ sub ShowModule {
last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
# match slot/card info line
if (/^ *(\d+)\s+(\d+)\s+(.*)\s+(\S+)\s+(\S+)\s*$/) {
@@ -781,6 +989,24 @@ sub ShowModule {
return(0);
}
+# This routine parses "show spe version".
+sub ShowSpeVersion {
+ print STDERR " In ShowSpeVersion: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/);
+ next if (/^(\s*|\s*$cmd\s*)$/);
+ return(1) if /^\s*\^\s*$/;
+ return(1) if /(Invalid input detected|Type help or )/;
+ return(-1) if (/command authorization failed/i);
+
+ ProcessHistory("MODEM","","","!Modem: $_") && next;
+ }
+ ProcessHistory("MODEM","","","!\n");
+ return(0);
+}
+
# This routine parses "show c7200" for the 7200
# This will create arrays for hw info.
sub ShowC7200 {
@@ -794,6 +1020,8 @@ sub ShowC7200 {
#return(1) if ($type !~ /^72/);
return(-1) if (/command authorization failed/i);
/^$/ && next;
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
if (/^(C7200 )?Midplane EEPROM:/) {
$_ = ;
/revision\s+(\S+).*revision\s+(\S+)/;
@@ -838,6 +1066,8 @@ sub ShowVTP {
#return(1) if ($type !~ /^(2900XL|3500XL|6000)$/);
return(-1) if (/command authorization failed/i);
next if (/^Configuration last modified by/);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
$DO_SHOW_VLAN = 1;
}
@@ -858,8 +1088,13 @@ sub ShowVLAN {
last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
return(1) if /(Invalid input detected|Type help or )/;
+ # newer releases (~12.1(9)) place the vlan config in the normal
+ # configuration (write term).
+ return(1) if ($type =~ /^(3550|4500|7600)$/);
#return(1) if ($type !~ /^(2900XL|3500XL|6000)$/);
return(-1) if (/command authorization failed/i);
+ # the pager can not be disabled per-session on the PIX
+ s/^<-+ More -+>\s*//;
ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_");
}
ProcessHistory("COMMENTS","keysort","IO","!\n");
@@ -869,16 +1104,17 @@ sub ShowVLAN {
# This routine processes a "write term"
sub WriteTerm {
print STDERR " In WriteTerm: $_" if ($debug);
- my($lineauto) = 0;
+ my($lineauto,$comment,$linecnt) = (0,0,0);
while () {
tr/\015//d;
- study;
last if(/^$prompt/);
return(-1) if (/command authorization failed/i);
# the pager can not be disabled per-session on the PIX
s/^<-+ More -+>\s*//;
/Non-Volatile memory is in use/ && return(-1); # NvRAM is locked
+ return(0) if ($found_end); # Only do this routine once
+ $linecnt++;
$lineauto = 0 if (/^[^ ]/);
# skip the crap
if (/^(##+$|(Building|Current) configuration)/i) {
@@ -898,6 +1134,16 @@ sub WriteTerm {
# block above
/^! (Last configuration|NVRAM config last)/ && next;
+ # skip consecutive comment lines to avoid oscillating extra comment
+ # line on some access servers. grrr.
+ if (/^!/) {
+ next if ($comment);
+ ProcessHistory("","","",$_);
+ $comment++;
+ next;
+ }
+ $comment = 0;
+
# Dog gone Cool matches to process the rest of the config
/^tftp-server flash / && next; # kill any tftp remains
/^ntp clock-period / && next; # kill ntp clock-period
@@ -932,6 +1178,14 @@ sub WriteTerm {
}
next;
}
+ if (/^( set session-key (in|out)bound ah \d+ )/ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1\n");
+ next;
+ }
+ if (/^( set session-key (in|out)bound esp \d+ (authenticator|cypher) )/ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1\n");
+ next;
+ }
if (/^(\s*)password / && $filter_pwds >= 1) {
ProcessHistory("LINE-PASS","","","!$1password \n");
next;
@@ -955,7 +1209,7 @@ sub WriteTerm {
}
if (/^\s+(domain-password|area-password) (\S+)( .*)?/
&& $filter_pwds >= 1) {
- ProcessHistory("","","","!$1 $2\n"); next;
+ ProcessHistory("","","","!$1 $3\n"); next;
}
# this is reversable, despite 'md5' in the cmd
if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) {
@@ -964,10 +1218,25 @@ sub WriteTerm {
if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) {
ProcessHistory("","","","!$1 $'"); next;
}
+ # filter HSRP passwords
+ if (/^(\s+standby \d authentication) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+ # this appears in "measurement/sla" images
+ if (/^(\s+key-string \d?)/ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+ if (/^( l2tp tunnel \S+ password)/ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
# i am told these are plain-text on the PIX
if (/^(vpdn username \S+ password)/ && $filter_pwds >= 1) {
ProcessHistory("","","","!$1 \n"); next;
}
+ if (/^( cable shared-secret ) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n");
+ next;
+ }
/fair-queue individual-limit/ && next;
# sort ip explicit-paths.
if (/^ip explicit-path name (\S+)/) {
@@ -1057,10 +1326,14 @@ sub WriteTerm {
ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next;
}
}
- # order/prune tacacs/radius server statements
+ # prune tacacs/radius server keys
if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) {
ProcessHistory("","","","!$1 key \n"); next;
}
+ if (/^((tacacs-server|radius-server) host \S+ key) / &&
+ $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
# order clns host statements
/^clns host \S+ (\S+)/ &&
ProcessHistory("CLNS","keysort","$1","$_") && next;
@@ -1076,9 +1349,9 @@ sub WriteTerm {
ProcessHistory("NTP","keysort",$sortkey,"$_");
next;
}
- # order ip host line statements
- /^ip host line(\d+)/ &&
- ProcessHistory("IPHOST","numsort","$1","$_") && next;
+ # order ip host statements
+ /^ip host (\S+) / &&
+ ProcessHistory("IPHOST","keysort","$1","$_") && next;
# order ip nat source static statements
/^ip nat (\S+) source static (\S+)/ &&
ProcessHistory("IP NAT $1","ipsort","$2","$_") && next;
@@ -1105,6 +1378,14 @@ sub WriteTerm {
return(1);
}
}
+ # The ContentEngine lacks a definitive "end of config" marker. If we
+ # know that it is a CE and we have seen at least 5 lines of write term
+ # o/p, we can be reasonably sure that we got the config.
+ if ($type =~ /^CE$/ && $linecnt > 5) {
+ $found_end = 1;
+ return(1);
+ }
+
return(0);
}
@@ -1114,8 +1395,11 @@ sub DoNothing {print STDOUT;}
# Main
%commands=(
'show version' => "ShowVersion",
+ 'show redundancy secondary' => "ShowRedundancy",
+ 'show idprom backplane', => "ShowIDprom",
'show install active' => "ShowInstallActive",
'show env all' => "ShowEnv",
+ 'show rsp chassis-info',=> "ShowRSP",
'show gsr chassis' => "ShowGSR",
'show boot' => "ShowBoot",
'show bootvar' => "ShowBoot",
@@ -1131,22 +1415,44 @@ sub DoNothing {print STDOUT;}
'dir /all disk2:' => "DirSlotN",
"dir /all sup-bootflash:"=> "DirSlotN", # cat 6500-ios
"dir /all sup-microcode:"=> "DirSlotN", # cat 6500-ios
+ 'dir /all slavenvram:' => "DirSlotN",
+ 'dir /all slavebootflash:' => "DirSlotN",
+ 'dir /all slaveslot0:' => "DirSlotN",
+ 'dir /all slavedisk0:' => "DirSlotN",
+ 'dir /all slaveslot1:' => "DirSlotN",
+ 'dir /all slavedisk1:' => "DirSlotN",
+ 'dir /all slaveslot2:' => "DirSlotN",
+ 'dir /all slavedisk2:' => "DirSlotN",
+ "dir /all slavesup-bootflash:"=> "DirSlotN", # cat 7609
+ 'dir /all sec-nvram:' => "DirSlotN",
+ 'dir /all sec-bootflash:' => "DirSlotN",
+ 'dir /all sec-slot0:' => "DirSlotN",
+ 'dir /all sec-disk0:' => "DirSlotN",
+ 'dir /all sec-slot1:' => "DirSlotN",
+ 'dir /all sec-disk1:' => "DirSlotN",
+ 'dir /all sec-slot2:' => "DirSlotN",
+ 'dir /all sec-disk2:' => "DirSlotN",
'show controllers' => "ShowContAll",
'show controllers cbus' => "ShowContCbus",
'show diagbus' => "ShowDiagbus",
'show diag' => "ShowDiag",
'show module' => "ShowModule", # cat 6500-ios
+ 'show spe version' => "ShowSpeVersion",
'show c7200' => "ShowC7200",
'show vtp status' => "ShowVTP",
'show vlan' => "ShowVLAN",
+ 'show running-config' => "WriteTerm",
'write term' => "WriteTerm"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"show version",
+ "show redundancy secondary",
+ "show idprom backplane",
"show install active",
"show env all",
+ "show rsp chassis-info",
"show gsr chassis",
"show boot",
"show bootvar",
@@ -1162,14 +1468,33 @@ sub DoNothing {print STDOUT;}
"dir /all disk2:",
"dir /all sup-bootflash:",
"dir /all sup-microcode:",
+ "dir /all slavenvram:",
+ "dir /all slavebootflash:",
+ "dir /all slaveslot0:",
+ "dir /all slavedisk0:",
+ "dir /all slaveslot1:",
+ "dir /all slavedisk1:",
+ "dir /all slaveslot2:",
+ "dir /all slavedisk2:",
+ "dir /all slavesup-bootflash:",
+ "dir /all sec-nvram:",
+ "dir /all sec-bootflash:",
+ "dir /all sec-slot0:",
+ "dir /all sec-disk0:",
+ "dir /all sec-slot1:",
+ "dir /all sec-disk1:",
+ "dir /all sec-slot2:",
+ "dir /all sec-disk2:",
"show controllers",
"show controllers cbus",
"show diagbus",
"show diag",
"show module",
+ "show spe version",
"show c7200",
"show vtp status",
"show vlan",
+ "show running-config",
"write term"
);
$cisco_cmds=join(";",@commands);
@@ -1196,7 +1521,7 @@ if ($file) {
}
# determine password filtering mode
-if ($ENV{"FILTER_PWDS"} =~ /no/i) {
+if ($ENV{"FILTER_PWDS"} =~ /no/i) {
$filter_pwds = 0;
} elsif ($ENV{"FILTER_PWDS"} =~ /all/i) {
$filter_pwds = 2;
@@ -1210,7 +1535,7 @@ ProcessHistory("COMMENTS","keysort","F0","!\n");
ProcessHistory("COMMENTS","keysort","G0","!\n");
TOP: while() {
tr/\015//d;
- if (/\#\s?exit$/) {
+ if (/[>#]\s?exit$/) {
$clean_run=1;
last;
}
@@ -1222,7 +1547,11 @@ TOP: while() {
}
while (/#\s*($cmds_regexp)\s*$/) {
$cmd = $1;
- if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; }
+ if (!defined($prompt)) {
+ $prompt = ($_ =~ /^([^#]+#)/)[0];
+ $prompt =~ s/([][}{)(\\])/\\$1/g;
+ print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
+ }
print STDERR ("HIT COMMAND:$_") if ($debug);
if (! defined($commands{$cmd})) {
print STDERR "$host: found unexpected command - \"$cmd\"\n";
diff --git a/bin/rename.in b/bin/rename.in
deleted file mode 100755
index 8c3a111..0000000
--- a/bin/rename.in
+++ /dev/null
@@ -1,113 +0,0 @@
-#!@PERLV_PATH@
-'di';
-'ig00';
-#
-# Revision 3.0.1.2 90/08/09 03:17:57 lwall
-# patch19: added man page for relink and rename
-#
-
-if ($ARGV[0] eq '-i') {
- shift;
- if (open(TTYIN, "/dev/tty")) {
- $inspect++;
- select((select(TTYOUT),$|=1)[0]);
- }
-}
-($op = shift) || die "Usage: rename [-i] perlexpr [filenames]\n";
-if (!@ARGV) {
- @ARGV = ;
- chop(@ARGV);
-}
-for (@ARGV) {
- unless (-e) {
- print STDERR "$0: $_: $!\n";
- $status = 1;
- next;
- }
- $was = $_;
- eval $op;
- die $@ if $@;
- if ($was ne $_) {
- if ($inspect && -e) {
- print TTYOUT "remove $_? ";
- next unless =~ /^y/i;
- }
- unless (rename($was, $_)) {
- print STDERR "$0: can't rename $was to $_: $!\n";
- $status = 1;
- }
- }
-}
-exit $status;
-##############################################################################
-__END__
- # These next few lines are legal in both Perl and nroff.
-
-.00; # finish .ig
-
-'di \" finish diversion--previous line must be blank
-.nr nl 0-1 \" fake up transition to first page again
-.nr % 0 \" start at page 1
-';<<'.ex'; #__END__ ############# From here on it's a standard manual page ############
-.TH RENAME 1 "July 30, 1990"
-.AT 3
-.SH NAME
-rename \- renames multiple files
-.SH SYNOPSIS
-.B rename [-i] perlexpr [files]
-.SH DESCRIPTION
-.I Rename
-renames the filenames supplied according to the rule specified as the
-first argument.
-The argument is a Perl expression which is expected to modify the $_
-string in Perl for at least some of the filenames specified.
-If a given filename is not modified by the expression, it will not be
-renamed.
-If no filenames are given on the command line, filenames will be read
-via standard input.
-.PP
-The
-.B \-i
-flag will prompt to remove the old file first if it exists. This
-flag will be ignored if there is no tty.
-.PP
-For example, to rename all files matching *.bak to strip the extension,
-you might say
-.nf
-
- rename 's/\e.bak$//' *.bak
-
-.fi
-To translate uppercase names to lower, you'd use
-.nf
-
- rename 'y/A-Z/a-z/' *
-
-.fi
-To do the same thing but leave Makefiles unharmed:
-.nf
-
- rename 'y/A-Z/a-z/ unless /^Make/' *
-
-.fi
-To rename all the *.f files to *.BAD, you'd use
-.nf
-
- rename 's/\e.f$/.BAD/' *.f
-
-.SH ENVIRONMENT
-.fi
-No environment variables are used.
-.SH FILES
-.SH AUTHOR
-Larry Wall
-.SH "SEE ALSO"
-mv(1)
-.br
-perl(1)
-.SH DIAGNOSTICS
-If you give an invalid Perl expression you'll get a syntax error.
-.SH BUGS
-.I Rename
-does not check for the existence of target filenames, so use with care.
-.ex
diff --git a/bin/rivlogin.in b/bin/rivlogin.in
new file mode 100644
index 0000000..12554d5
--- /dev/null
+++ b/bin/rivlogin.in
@@ -0,0 +1,1005 @@
+#! @EXPECT_PATH@ --
+##
+## $Id: rivlogin.in,v 1.15 2004/01/11 05:39:15 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# The login expect scripts were based on Erik Sherk's gwtn, by permission.
+#
+# rivlogin - Riverstone (and Enterasys SSR) login
+#
+# Based upon rscmd (see nmops.org)
+# rscmd - Riverstone Networks Automated login
+# by Mike MacFaden, Kiran Addepalli
+# Riverstone Networks, 2000
+#
+# Returned to the RANCID crowd by andrew fort
+
+# Global vars section
+
+# program diagnostics
+set verbose 0
+set success 1
+set config 0
+
+# in seconds to wait for data back from device
+set timeout 10
+set tempfile "/tmp/rivlogin.[exec date]"
+
+# cli command prompt
+set my_prompt ">"
+set enable_prompt "\#"
+
+set default_user ""
+set output_file ""
+set conf_prompt "*\(config\)# "
+set logging 0
+set config_mode 0
+
+# Password file for routers to access
+set password_file $env(HOME)/.cloginrc
+
+# If no -c or -s specified, just automate router login ala rsh
+set do_command 0
+set do_script 0
+set log_user 0
+
+# The default CLI mode to login to is "enable" mode
+set enable 1
+
+# The default is to look in the password file to find the passwords. This
+# tracks if we receive them on the command line.
+set do_passwd 1
+set do_enapasswd 1
+
+# cmd usage
+set usage "Error: Usage: $argv0 \[-noenable\] \
+\[-f cloginrc-file\] \[-c command\] \[-Evar=x\] \[-s script-file\] \
+\[-x command-file\] \[-t timeout\] \[-o output-file\] \
+router \[router...\]\n"
+
+# Procedures Section
+
+
+#
+# Sets Xterm title if interactive...if its an xterm and the user cares
+#
+
+proc label { host } {
+
+ global env
+
+ # if CLOGIN has an 'x' in it, don't set the xterm name/banner
+ if [info exists env(CLOGIN)] {
+ if {[string first "x" $env(CLOGIN)] != -1} { return }
+ }
+
+ if [info exists env(TERM)] {
+ if [regexp \^(xterm|vs) $env(TERM) ignore ] {
+ send_user "\033]1;[lindex [split $host "."] 0]\a"
+ send_user "\033]2;$host\a"
+ }
+ }
+}
+
+
+# This is a helper function to make the password file easier to
+# maintain.
+# NOTES: Using this the password file has the form:
+# add password sl* pete cow
+# add password at* steve
+# add password * hanky-pie
+
+proc add { var args } {
+
+ global $var
+ lappend $var $args
+}
+
+# Loads the password file. Note that as this file is tcl, and that
+# it is sourced, the user better know what to put in there, as it
+# could install more than just password info... I will assume however,
+# that a "bad guy" could just as easy put such code in the clogin
+# script, so I will leave .cloginrc as just an extention of that script
+
+proc source_password_file { } {
+
+ global env password_file read_password_file
+
+ if { [info exists read_password_file] } {
+ return 1
+ }
+
+ if { [info exists password_file] == 0 } {
+ set password_file $env(HOME)/.cloginrc
+ }
+
+ set read_password_file 1
+ file stat $password_file fileinfo
+
+ if { [expr ($fileinfo(mode) & 007)] != 0000 } {
+ puts "ERROR: $password_file must not be group or world readable and writable\n"
+ return 1
+ }
+
+ source $password_file
+}
+
+# pre: var is x, router is y
+# post: return routerr entry from database else null string
+
+proc find { var router } {
+
+ if {[ source_password_file ] == 0 } {
+ return {}
+ }
+
+ upvar $var list
+ if { [info exists list] } {
+ foreach line $list {
+ if { [string match [lindex $line 0] $router ] } {
+ return [lrange $line 1 end]
+ }
+ }
+ }
+ return {}
+}
+
+
+# pre: login completed ok
+# post: terminate login session by closing tcp connection
+
+proc auto_exit { } {
+
+ global telnet_id
+
+ if { $verbose == 1 } {
+ puts "DEBUG: auto_exit closing connection to pid $telnet_id\n"
+ }
+ close -i telnet_id
+}
+
+# perform login basic to a router
+# pre: args are valid, router is reachable via network
+# post: return 0 on successful login, else 1
+#
+# NOTE: a number of globals are setup: my_prompt, telnet_id are key
+# and paging of cli output is disabled
+
+proc login { router user userpswd passwd enapasswd } {
+
+ global login_array
+ global telnet_id
+ global expect_out
+ global spawn_id
+ global verbose
+ global config verbose my_prompt
+
+ if { $verbose == 1 } {
+ puts "DEBUG: login router = $router"
+ puts "DEBUG: login username = $user"
+ puts "DEBUG: login userpasswd = $userpswd"
+ puts "DEBUG: login passwd = $passwd"
+ puts "DEBUG: login enapasswd = $enapasswd"
+ }
+
+ spawn -noecho telnet $router
+ set telnet_id $spawn_id
+
+ if { $telnet_id == 0 } {
+ puts "ERROR: login: spawn telnet session failed.\n"
+ return 1
+ }
+
+ # wait for initial 'Press RETURN to...' response
+ sleep 0.3
+
+ expect "*"
+ send "\r"
+
+ # If password fails 3 times then expect again
+ set pass_attempt 0
+
+ expect {
+
+ -re ".*> " { }
+
+ "Password:" {
+ incr pass_attempt
+ send "$passwd\r"
+ exp_continue
+ }
+
+ "Username: " {
+
+ set pattempt 0
+
+ send "$user\r"
+ expect {
+
+ "Password: " {
+
+ incr pattempt
+ if {$pattempt == 1} {
+ send "$userpswd\r";
+ } else {
+ send "$enapasswd\r";
+ }
+ exp_continue
+ }
+
+ -re ".*> " { exp_continue;}
+ }
+ }
+
+ "%TELNETD-W-BADPASSWD" {
+ puts "ERROR: bad userid or password to telnet."
+ return 1
+ }
+ "%CONS-W-AUTH_PASSWD" {
+ exp_continue
+ }
+
+ "% Authentication failed." {
+ puts "ERROR: bad userid or password to telnet."
+ return 1
+ }
+
+
+ "Authentication Failed:" {
+ puts "ERROR: bad userid or password to radius/tacacs+"
+ return 1
+ }
+
+ "Connection closed *" {
+ if {$pass_attempt == 3} {
+ puts "ERROR: Maximum attempts for password reached. Check password. Exiting.";
+ puts $expect_out(0,string);
+ return 1
+ }
+ }
+
+ timeout {
+ puts "ERROR: Timeout on login. Exiting.";
+ return 1
+ }
+
+ eof {
+ puts "ERROR: device closed telnet connection during login"
+ return 1
+ }
+ }
+
+ # save my_prompt for later use
+ send "\r"
+ expect -re ".*> "
+ set abc "$expect_out(buffer)"
+ set my_prompt "[lindex $abc 0]"
+ regexp {(.*[^>])} $my_prompt my
+
+ return 0;
+}
+
+
+# pre: login completed ok
+# post: turn off paging of commands
+
+proc disable_cli_paging { } {
+ global my_prompt
+
+ send "cli set terminal rows 0\r"
+
+ expect {
+ "$my_prompt" {return 0 }
+ }
+ return 1
+}
+
+# pre: login returned 0, prompt at top level
+# post: turn off command completion return 0
+# on error, return 1
+
+proc disable_cmd_autocomplete { } {
+ global my_prompt
+
+ send "cli set command completion off\r"
+ expect {
+
+ $my_prompt { }
+
+ timeout {
+ puts "ERROR:disable_cmd_autocomplete(TIMEOUT)";
+ return 0;
+ }
+
+ }
+
+ return 0
+}
+
+# pre: login returned 0, do_enable returned 0, cli is in enable or config mode
+# post: issues logout cli to device, returns 0
+
+proc logout { prompt } {
+ global config_mode enable_prompt
+
+ # in case of not being at root cmd...
+ # verify top level prompt state, move to it if necessary
+
+ if { $config_mode == 1 } {
+
+ send "exit\r"
+
+ expect {
+ "Do you want*" {
+ send "no\r"
+ }
+
+ "$enable_prompt" { }
+
+ timeout { puts "ERROR: logout: timeout from config mode\n" }
+ eof { puts "ERROR: device dropped connection\n" }
+ }
+ set config_mode 0
+ }
+
+ send "logout\r"
+ expect {
+
+ "Are you sure*" {
+ send "yes\r"
+ return 0
+ }
+ }
+}
+
+# pre: current mode allows transition to enable mode
+# post: enable mode entered, my_prompt updated, return 0 else 1
+
+proc do_enable { enauser enapasswd userpswd } {
+ global expect_out verbose
+ global my_prompt enable_prompt
+ set enable_prompt [ string trimright $my_prompt ">" ]
+ set enable_prompt $enable_prompt\#
+
+ if { $verbose == 1 } {
+ puts "DEBUG: do_enable: my_prompt = $my_prompt ena_prompt = $enable_prompt"
+ }
+
+ send "enable\r"
+
+ expect {
+ Username: { send "$enauser\r"; exp_continue }
+ Password: { send "$userpswd\r"; exp_continue }
+
+ "$my_prompt" {
+ puts "ERROR: do_enable failed to gain enable mode."
+ return 1
+ }
+
+ "CONS-W-AUTH_PASSWD" { send "$enapasswd\r"; }
+
+ "$enable_prompt " { }
+ "%SYS-W-NOPASSWD*" { }
+
+ "Authentication Failed: Access Denied" {
+ puts "ERROR: Bad user or password for enable mode."
+ return 1
+ }
+ }
+
+ set my_prompt $enable_prompt
+ return 0
+}
+
+# pre: current mode allows transition to enable mode
+# post: enable mode entered, my_prompt updated, return 0 else 1
+
+proc do_configure { } {
+ global expect_out verbose config_mode
+ global my_prompt
+ set config_prompt [ string trimright $my_prompt "\#" ]
+ set config_prompt $config_prompt\(config\)\#
+
+ if { $verbose == 1 } {
+ puts "DEBUG: do_config: my_prompt = $my_prompt cfg_prompt = $config_prompt"
+ }
+
+ send "configure\r"
+ expect {
+ "$config_prompt " { }
+ "$my_prompt" {
+ }
+
+ eof { return 1}
+ timeout { return 1}
+ }
+
+ set config_mode 1
+ set my_prompt $config_prompt
+ return 0
+}
+
+# track sent/received from device to output_file
+# pre: outut_file is valid filename w/write access
+# post: logfile open, global var logging == 1, return 0 , else 1
+
+proc start_logfile { output_file } {
+ global logging
+
+ if { [ string length $output_file ] != 0 } {
+ set rc [ catch {
+ log_file -noappend $output_file
+ } errMsg ]
+
+ if { $rc != 0 } {
+ puts "ERROR: open file $output_file for write access failed. $errMsg\n"
+ return 1
+ }
+ set logging 1
+ }
+
+ return 0
+}
+
+proc run_commands { prompt cmdstring } {
+ global sendstring
+
+ set commands [split $cmdstring \;]
+ set num_commands [llength $cmdstring]
+
+ for {set i 0} {$i < $num_commands} { incr i} {
+ regsub -- {[ ]*([^\.]*)} [subst -nocommands [lindex $commands $i]] {\1} sendstring
+
+ if {[ run_single_command $prompt $sendstring ] == 1} {
+ puts "ERROR: command '$sendstring' not processed by device. Check previous error messages."
+ return 1
+ }
+ }
+ return 0
+}
+
+
+# Run commands given on the command line
+# pre: prompt is current system cli prompt, cmdstring is command to execute
+# post: return 0 on success else 1
+# NOTE: output from router ends up in output_file if specified
+# expect internal input buffer is reset to "" after each command
+
+proc run_single_command { prompt cmdstring } {
+ global verbose
+ set rc 0
+ set seen_prompt 0
+ set seen_timeout 0
+ set need_ays 0
+ set delay 0
+
+ if {$verbose == 1} {
+ puts "DEBUG: run_commands: prompt=$prompt \"$cmdstring\" "
+ }
+
+ # ays == "are you sure" - must send back yes
+ if { [string compare $cmdstring "save startup" ] == 0 } {
+ set need_ays 1
+ set delay 1
+ if {$verbose == 1} {
+ puts "DEBUG: save startup cmd seen, set need_ays = 1"
+ }
+ }
+
+ # TODO: add case for copy command to startup, also prompts for ok
+
+ # TODO: if we see config command: system set name note it
+ # if we see a save active, then update system prompts as well
+
+ send "$cmdstring\r"
+
+ if { $delay == 1} {
+ sleep 1
+ }
+
+ expect {
+
+ "%CLI-E-IVCMD*" {
+ puts "ERROR: run_commands(command rejected by device)\n"
+ set rc 1
+ }
+
+ "%CLI-E-FACUNKNWN*" {
+ puts "ERROR: run_commands(command rejected by device)\n"
+ set rc 1
+ }
+
+ "%SYS-I-ADDFAILED*" {
+ puts "ERROR: run_commands(command rejected by device)\n"
+ set rc 1
+ }
+ "%TFTP-E-REMOTE,*" {
+ puts "ERROR: run_commands(command rejected by device)\n"
+ set rc 1
+ }
+
+ "%SYS-E-PRIMARY_NO_SUCH_IMAGE*" {
+ puts "ERROR: run_commands(command rejected by device)\n"
+ set rc 1
+ }
+
+ "want to overwrite " {
+ send "yes\r"
+ if {$verbose == 1} {
+ puts "DEBUG: got overwrite question, set need_ays to 0"
+ }
+ set need_ays 0
+ }
+
+
+ "%CONFIG-E-DUPLICATE,*" {
+ }
+
+ "$prompt" {
+ if { $seen_prompt == 0 } {
+ set seen_prompt 1
+ }
+
+ if {$verbose == 1} {
+ puts "DEBUG: saw double prompt, exiting expect loop\n"
+ }
+
+ if { $need_ays == 1 } {
+ exp_continue
+ }
+ }
+
+ -re ".* More: m, --- Quit: q --- One line: ---" {
+ send "q"
+ exp_continue
+ }
+
+
+ timeout {
+ if {$verbose == 1} {
+ puts "DEBUG: timeout occured for the $seen_time time\n"
+ }
+
+ if { $seen_timeout == 0 } {
+ set seen_timeout 1
+ send "\r\r"
+ exp_continue
+ }
+
+ puts "ERROR:run_commands(TIMEOUT)"
+ set rc 1
+ }
+
+ eof {
+ puts "ERROR:run_commands(connection closed by device)\n"
+ set rc 1
+ }
+
+ "\n" { exp_continue }
+ }
+
+ # clear input buffer of any remaining data
+ expect "*"
+ return $rc
+}
+
+
+# pre: RSTONE_USER env var is set
+# post: update global "default_user" to this string
+
+proc init_userid { } {
+ global default_user
+
+ if {[ info exists env(RSTONE_USER) ] } {
+ set default_user $env(RSTONE_USER)
+ } else {
+ # This uses "id" which I think is portable. At least it has existed
+ # (without options) on all machines/OSes I've been on recently -
+ # unlike whoami or id -nu.
+ regexp {\(([^)]*)} [exec id] junk default_user
+ }
+}
+
+proc source_script_file { filename } {
+ global my_prompt
+
+ expect -re "$my_prompt" {}
+
+ source $filename
+
+}
+
+
+# pre: login completed ok, filename contains set of cli commands one per line
+# post: each command is extracted from filename and sent to device
+# return 0 on success, return 1 on error
+# NOTE: for scripts that begin with "configure", change the mode to configure
+# before executing the following commands
+
+proc process_script_file { filename } {
+
+ global my_prompt verbose
+ set rc 0
+ set ifile ""
+
+ set rc [ catch {
+ set ifile [ open $filename r]
+ } errMsg ]
+
+ if { $rc != 0 } {
+ puts "ERROR: process_script_file: open script file $filename for read access failed. $errMsg\n"
+ return 1
+ }
+
+ set line_cnt 0
+
+ while { [eof $ifile] != 1 } {
+
+ set bytes [ gets $ifile cmd ]
+ incr line_cnt
+
+ if { $bytes < 0 } {
+ break
+ } elseif { $bytes == 0 } {
+ continue
+ }
+
+ if { $verbose == 1 } {
+ puts "DEBUG: line:$line_cnt cmd = $cmd\n"
+ }
+
+ # skip comments in script files
+ if { [regexp "^\#" $cmd] != 1 } {
+
+ # puts "$cmd rc = [string compare $cmd "configure" ]\n"
+
+ if { [string compare $cmd "configure" ] == 0 } {
+
+ do_configure
+
+ } else {
+ if {[ run_commands $my_prompt $cmd ] == 1} {
+ puts "ERROR: line $line_cnt in $filename not processed by device. Check previous error msgs."
+ set rc 1
+ break
+ }
+ }
+ }
+ }
+
+ close $ifile
+ return $rc
+}
+
+
+
+# pre: filename is valid file
+# post: remove extended ascii sequences and other cruft
+# and prepend a header: rscmd: ip-addr : date
+# TODO: should watch all file commands more closely
+
+proc strip_log { filename router } {
+
+ global tempfile
+
+ set rc [ catch {
+ set ifile [ open $filename r]
+ } errMsg ]
+
+ if { $rc != 0 } {
+ puts "ERROR: strip_log: open script file $filename for read access failed. $errMsg\n"
+ return 1
+ }
+ set rc [ catch {
+ set ofile [ open $tempfile w]
+ } errMsg ]
+
+ if { $rc != 0 } {
+ puts "ERROR: strip_log: open temp file $tempfile for write access failed. $errMsg\n"
+ return 1
+ }
+
+ set nl 0
+
+ puts $ofile "rscmd: $router : [exec date]"
+
+ while { [eof $ifile] != 1 } {
+
+ set bytes [ gets $ifile cmd ]
+ if { $bytes <= 0 } {
+ break
+ }
+ incr nl
+ if { $nl <= 2 } {
+ continue
+ }
+
+ regsub -all -- "\r" $cmd "" newcmd
+ puts $ofile $newcmd
+ }
+
+ close $ifile
+ close $ofile
+ set rc 0
+ file copy -force $tempfile $filename
+ file delete $tempfile
+ return $rc
+}
+
+#
+# main section
+#
+
+
+if { $verbose == 1 } {
+ puts "\n\nrscmd: Version 1.1 started on [exec date]"
+ puts "[exec uname -a]"
+ puts "Expect Version: [exp_version]\n"
+}
+
+# send input like in a fast and consistent human style
+set send_human {.1 .3 1 .05 2}
+
+# initialize default_user variable
+init_userid
+
+# Parse Command Line
+
+for {set idx 0} {$idx < $argc} {incr idx} {
+
+ set arg [lindex $argv $idx]
+
+ switch -glob -- $arg {
+
+ -c* -
+ -C* {
+ if {! [ regexp .\[cC\](.+) $arg ignore command]} {
+ incr idx
+ set command [ lindex $argv $idx ]
+ }
+ set do_command 1
+ # Environment variable to pass to -s scripts
+ } -E*
+ {
+ if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
+ set E$varname $varvalue
+ } else {
+ send_user "Error: invalid format for -E in $arg\n"
+ exit 1
+ }
+ # Expect script to run
+ } -s* -
+ -S* {
+ if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
+ incr idx
+ set sfile [ lindex $argv $idx ]
+ }
+
+ if { ! [ file exists $sfile ] } {
+ puts "ERROR: invalid argument script file \"$sfile\" does not exist.\n"
+ exit 1
+ }
+ if { ! [ file readable $sfile ] } {
+ puts "ERROR: invalid argument script file \"$sfile\" permissions disallow read access.\n"
+ exit 1
+ }
+
+ set do_script 1
+ # Command file
+ } -x* -
+ -X {
+ if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
+ incr idx
+ set cmd_file [ lindex $argv $idx ]
+ }
+ if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
+ send_user "\nError: $reason\n"
+ exit 1
+ }
+ set cmd_text [read $cmd_fd]
+ close $cmd_fd
+ set command [join [split $cmd_text \n] \;]
+ set do_command 1
+ } -f* -
+ -F* {
+ if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
+ incr idx
+ set password_file [ lindex $argv $idx ]
+ }
+
+ } -o* -
+ -O* {
+ if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
+ incr idx
+ set output_file [ lindex $argv $idx ]
+ if { $verbose == 1 } {
+ puts "DEBUG: output file: $output_file"
+ }
+ }
+
+ } -t* -
+ -T* {
+ incr idx
+ set timeout [ lindex $argv $idx ]
+
+ } -noenable {
+ set enable 0
+ } -* {
+ puts "ERROR:unkown argument passed: $arg\n"
+ puts $usage
+ exit 1
+
+ } default {
+ break
+ }
+ }
+}
+
+# Verify at least one router is specified
+#
+if { $idx == $argc } {
+ puts "\n$usage"
+ exit 1
+}
+
+# main loop
+
+foreach router [lrange $argv $idx end] {
+set router [string tolower $router]
+
+# Figure out passwords
+if {$verbose == 1} {
+ puts "DEBUG: do_passwd = $do_passwd\n"
+ puts "DEBUG: do_enablepasswd = $do_enapasswd\n"
+}
+
+if { $do_passwd || $do_enapasswd } {
+ set pswd [find password $router]
+ if { [llength $pswd] == 0 } {
+ puts "ERROR: - no password for $router in $password_file.\n"
+ exit 1
+ }
+ if { $do_enapasswd && [llength $pswd] < 2 } {
+ puts "ERROR: no enable password found for $router in $password_file."
+ exit 1
+ }
+
+ set passwd [join [lindex $pswd 0] ""]
+ set enapasswd [join [lindex $pswd 1] ""]
+}
+
+
+# Figure out user to login with if necessary
+
+if {[info exists username]} {
+ # command line username
+ set user $username
+} else {
+ set user [join [find user $router] ""]
+ if { "$user" == "" } { set user $default_user }
+}
+
+# Figure out username's password
+
+if {[info exists userpasswd]} {
+ # command line username
+ set userpswd $userpasswd
+} else {
+ set userpswd [join [find userpassword $router] ""]
+ if { "$userpswd" == "" } { set userpswd $passwd }
+}
+
+# Figure out enable username
+
+if {[info exists enausername]} {
+ # command line enausername
+ set enauser $enausername
+} else {
+ set enauser [join [find enauser $router] ""]
+ if { "$enauser" == "" } { set enauser $user }
+}
+
+# Login to the router, set my_prompt to router's cmd prompt
+
+if {[login $router $user $userpswd $passwd $enapasswd ]} {
+ if { $verbose == 1 } {
+ puts "DEBUG: login to $router failed\n"
+ }
+ exit 1
+}
+
+if {$verbose == 1 } {
+ puts "DEBUG: login completed ok\n"
+}
+
+if { $enable == 1 } {
+
+ if { [do_enable $enauser $enapasswd $userpswd] == 1} {
+ if { $verbose == 1 } {
+ puts "DEBUG: switch to enable mode on $router failed\n"
+ }
+ exit 1
+ }
+}
+
+# run in one of three modes
+
+if { $do_command } {
+
+ disable_cmd_autocomplete
+ disable_cli_paging
+
+ if {[ start_logfile $output_file] != 0 } {
+ exit 1
+ }
+
+ if {[ run_commands $my_prompt $command ]} {
+
+ log_file
+ exit 1
+
+ } else {
+
+ logout $my_prompt
+
+ }
+
+} elseif { $do_script } {
+
+ disable_cmd_autocomplete
+ disable_cli_paging
+
+ if {[ start_logfile $output_file] != 0 } {
+ exit 1
+ }
+
+ #if { [process_script_file $sfile] == 1} {
+# puts "DEBUG: logfile $output_file closed on error\n"
+# logout $my_prompt
+# exit 1
+# }
+
+ source_script_file $sfile
+
+ logout $my_prompt
+
+} else {
+
+ label $router
+ log_user 1
+
+ if {[ start_logfile $output_file] != 0 } {
+ exit 1
+ }
+ interact
+ log_file
+}
+
+if { $verbose == 1 } {
+ puts "DEBUG: exiting normally.\n"
+}
+
+if { $logging == 1} {
+ log_file
+ strip_log $output_file $router
+}
+}
+
+# puts "\n"
+exit 0
diff --git a/bin/rivrancid.in b/bin/rivrancid.in
new file mode 100644
index 0000000..8b9ae03
--- /dev/null
+++ b/bin/rivrancid.in
@@ -0,0 +1,344 @@
+#! @PERLV_PATH@
+##
+## $Id: rivrancid.in,v 1.9 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# Amazingly hacked version of Hank's rancid - this one tries to
+# deal with Cabletron, Riverstone and Enterasys routers/switches
+#
+# 10/23/2002 -- Initial changes for Riverstone/Cabletron support
+# Jim Meehan -- jmeehan@vpizza.org
+#
+# RANCID - Really Awesome New Cisco confIg Differ
+#
+# usage: rivrancid [-d] [-l] [-f filename | $host]
+#
+use Getopt::Std;
+getopts('dfl');
+$log = $opt_l;
+$debug = $opt_d;
+$file = $opt_f;
+$host = $ARGV[0];
+$clean_run = 0;
+$found_end = 0;
+$timeo = 90; # flogin timeout in seconds
+
+my(%filter_pwds); # password filtering mode
+
+# This routine is used to print out the router configuration
+sub ProcessHistory {
+ my($new_hist_tag,$new_command,$command_string,@string)=(@_);
+ if((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
+ && defined %history) {
+ print eval "$command \%history";
+ undef %history;
+ }
+ if (($new_hist_tag) && ($new_command) && ($command_string)) {
+ if ($history{$command_string}) {
+ $history{$command_string} = "$history{$command_string}@string";
+ } else {
+ $history{$command_string} = "@string";
+ }
+ } elsif (($new_hist_tag) && ($new_command)) {
+ $history{++$#history} = "@string";
+ } else {
+ print "@string";
+ }
+ $hist_tag = $new_hist_tag;
+ $command = $new_command;
+ 1;
+}
+
+sub numerically { $a <=> $b; }
+
+# This is a sort routing that will sort numerically on the
+# keys of a hash as if it were a normal array.
+sub keynsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort numerically keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# keys of a hash as if it were a normal array.
+sub keysort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# values of a hash as if it were a normal array.
+sub valsort{
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort values %lines) {
+ $sorted_lines[$i] = $key;
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a numerical sort routing (ascending).
+sub numsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $num (sort {$a <=> $b} keys %lines) {
+ $sorted_lines[$i] = $lines{$num};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routine that will sort on the
+# ip address when the ip address is anywhere in
+# the strings.
+sub ipsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $addr (sort sortbyipaddr keys %lines) {
+ $sorted_lines[$i] = $lines{$addr};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# These two routines will sort based upon IP addresses
+sub ipaddrval {
+ my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
+ $a[3]+256*($a[2]+256*($a[1]+256*$a[0]));
+}
+sub sortbyipaddr {
+ &ipaddrval($a) <=> &ipaddrval($b);
+}
+
+# This routine parses "system show version"
+sub ShowVersion {
+ my($slot);
+
+ print STDERR " In ShowVersion: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ next if /^\s*$/;
+ last if(/^$prompt/);
+
+ ProcessHistory("VERSION","","","!SW: $_");
+ }
+ ProcessHistory("VERSION","","","!\n");
+ return(0);
+}
+
+# This routine parses "system show hardware"
+sub ShowHardware {
+ print STDERR " In ShowHardware: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/);
+ ProcessHistory("HARDWARE","","","!HW: $_");
+ }
+ ProcessHistory("","","","!\n");
+ return(0);
+}
+
+# This routine parses "system show uptime"
+sub ShowUptime {
+ print STDERR " In ShowUptime: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if /^\s*$/;
+ next if /System up/;
+ ProcessHistory("UPTIME","","","!UPTIME: $_");
+ }
+ ProcessHistory("","","","!\n");
+ return;
+}
+
+# This routine processes a "system show active"
+sub ShowActive {
+ print STDERR " In ShowActive: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+
+ # Remove leading whitespace and/or line numbers
+ s/^\s*(\d+\D: )*//;
+
+ # Riverstone/Cabletron doesn't have an "end" line, so
+ # we need to set $clean_run here
+ if (/^$prompt/) {
+ $clean_run = 1;
+ last;
+ }
+
+ next if (/Running system configuration/);
+
+ # filter out any RCS/CVS tags to avoid confusing local CVS storage
+ s/\$(Revision|Id):/ $1:/;
+
+ if (/^(.*hashed-password \S+)/ && $filter_pwds == 2) {
+ ProcessHistory("","","","! $1 \n");
+ next;
+ }
+
+ if (/^(snmp set community )\S+/ && defined($ENV{'NOCOMMSTR'})) {
+ ProcessHistory("","","","! $1$'");
+ next;
+ }
+
+ ProcessHistory("","","","$_");
+ }
+ return;
+}
+
+# dummy function
+sub DoNothing {print STDOUT;}
+
+# Main
+%commands=(
+ 'system show uptime' => "ShowUptime",
+ 'system show version' => "ShowVersion",
+ 'system show hardware' => "ShowHardware",
+ 'system show active-config' => "ShowActive"
+);
+
+# keys() doesnt return things in the order entered and the order of the
+# cmds is important. pita
+
+@commands=(
+ "system show uptime",
+ "system show version",
+ "system show hardware",
+ "system show active-config"
+);
+
+$cisco_cmds=join(";",@commands);
+$cmds_regexp=join("|",@commands);
+
+open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
+select(OUTPUT);
+# make OUTPUT unbuffered if debugging
+if ($debug) { $| = 1; }
+
+if ($file) {
+ print STDERR "opening file $host\n" if ($debug);
+ print STDOUT "opening file $host\n" if ($log);
+ open(INPUT,"<$host") || die "open failed for $host: $!\n";
+} else {
+ print STDERR "executing rivlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
+ print STDOUT "executing rivlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
+ if (defined($ENV{NOPIPE})) {
+ system "rivlogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "rivlogin failed for $host: $!\n";
+ open(INPUT, "< $host.raw") || die "rivlogin failed for $host: $!\n";
+ } else {
+ open(INPUT,"rivlogin -t $timeo -c \"$cisco_cmds\" $host ) {
+ tr/\015//d;
+ last if ($clean_run);
+ if (/^Error:/) {
+ print STDOUT ("$host rivlogin error: $_");
+ print STDERR ("$host rivlogin error: $_") if ($debug);
+ $clean_run=0;
+ last;
+ }
+
+ $kradcount++;
+
+ while (/\033(\[\?25l)/) {
+ s/\033\[\?25l//g;
+ #print STDERR "krad $1\n";
+ #print STDERR $_;
+ #print STDERR $kradcount;
+ next;
+ }
+
+
+ while (/#\s*($cmds_regexp)\s*$/) {
+ $cmd = $1;
+ if (!defined($prompt)) {
+ $prompt = ($_ =~ /^([^#]+#)/)[0];
+ $prompt =~ s/([}{)(\\])/\\$1/g;
+ }
+ print STDERR ("HIT COMMAND:$_") if ($debug);
+ if (! defined($commands{$cmd})) {
+ print STDERR "$host: found unexpected command - \"$cmd\"\n";
+ $clean_run = 0;
+ last TOP;
+ }
+ $rval = &{$commands{$cmd}};
+ delete($commands{$cmd});
+ if ($rval == -1) {
+ $clean_run = 0;
+ last TOP;
+ }
+ }
+}
+print STDOUT "Done $logincmd: $_\n" if ($log);
+# Flush History
+ProcessHistory("","","","");
+# Cleanup
+close(INPUT);
+close(OUTPUT);
+
+if (defined($ENV{NOPIPE})) {
+ unlink("$host.raw") if (! $debug);
+}
+
+# check for completeness
+if (scalar(%commands) || !$clean_run) {
+ if (scalar(%commands)) {
+ printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
+ printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug);
+ }
+ if (!$clean_run) {
+ print STDOUT "$host: End of run not found\n";
+ print STDERR "$host: End of run not found\n" if ($debug);
+ system("/usr/bin/tail -1 $host.new");
+ }
+ unlink "$host.new" if (! $debug);
+}
diff --git a/bin/rrancid.in b/bin/rrancid.in
old mode 100755
new mode 100644
index f242ec4..7674452
--- a/bin/rrancid.in
+++ b/bin/rrancid.in
@@ -1,28 +1,32 @@
-#!@PERLV_PATH@
+#! @PERLV_PATH@
##
-## hacked version of Hank's rancid - this one tries to deal with redbacks.
+## $Id: rrancid.in,v 1.18 2004/01/11 03:49:13 heas Exp $
##
-## Copyright (C) 1997-2001 by Henry Kilmer.
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
## All rights reserved.
##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
##
## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
+## It is provided solely "as is". The author(s) disclaim(s) all
## responsibility and liability with respect to this software's usage
## or its effect upon hardware, computer systems, other software, or
## anything else.
##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
##
#
+# hacked version of Hank's rancid - this one tries to deal with redbacks.
+#
# RANCID - Really Awesome New Cisco confIg Differ
#
# usage: rancid [-d] [-l] [-f filename | $host]
#
use Getopt::Std;
-getopts('dflm');
+getopts('dfl');
$log = $opt_l;
$debug = $opt_d;
$file = $opt_f;
@@ -353,7 +357,8 @@ while() {
$cmd = $1;
if (!defined($prompt)) {
$prompt = ($_ =~ /^([^#]*#)/)[0];
- $prompt =~ s/([][])/\\$1/g; # quote the damn []'s
+ $prompt =~ s/([][}{)(\\])/\\$1/g; # quote the damn []'s
+ print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
}
print STDERR ("HIT COMMAND:$_") if ($debug);
if (! defined($commands{$cmd})) {
diff --git a/bin/tntlogin.in b/bin/tntlogin.in
new file mode 100644
index 0000000..021f0d2
--- /dev/null
+++ b/bin/tntlogin.in
@@ -0,0 +1,528 @@
+#! @EXPECT_PATH@ --
+##
+## $Id: tntlogin.in,v 1.11 2004/01/11 05:39:15 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# The login expect scripts were based on Erik Sherk's gwtn, by permission.
+#
+# Modified by P B Matthews.
+
+# Usage line
+set usage "Usage: $argv0 \[-c command\] \
+\[-Evar=x\] \[-f cloginrc-file\] \
+\[-s script-file\] \[-t timeout\] \[-u username\] \
+\[-v vty-password\] \[-x command-file\] \
+\[-y ssh_cypher_type\] router \[router...\]\n"
+
+# env(CLOGIN) may contain:
+# x == do not set xterm banner or name
+
+# Password file
+set password_file $env(HOME)/.cloginrc
+# Default is to login to the router
+set do_command 0
+set do_script 0
+# The default is to automatically enable
+set enable 0
+# The default is that you login non-enabled (tacacs can have you login already
+# enabled)
+set avautoenable 1
+# The default is to look in the password file to find the passwords. This
+# tracks if we receive them on the command line.
+set do_passwd 1
+
+# Find the user in the ENV, or use the unix userid.
+if {[ info exists env(CISCO_USER) ] } {
+ set default_user $env(CISCO_USER)
+} elseif {[ info exists env(USER) ]} {
+ set default_user $env(USER)
+} elseif {[ info exists env(LOGNAME) ]} {
+ set default_user $env(LOGNAME)
+} else {
+ # This uses "id" which I think is portable. At least it has existed
+ # (without options) on all machines/OSes I've been on recently -
+ # unlike whoami or id -nu.
+ if [ catch {exec id} reason ] {
+ send_error "\nError: could not exec id: $reason\n"
+ exit 1
+ }
+ regexp {\(([^)]*)} "$reason" junk default_user
+}
+
+# Sometimes routers take awhile to answer (the default is 10 sec)
+set timeout 45
+
+# Process the command line
+for {set i 0} {$i < $argc} {incr i} {
+ set arg [lindex $argv $i]
+
+ switch -glob -- $arg {
+ # Username
+ -u* -
+ -U* {
+ if {! [ regexp .\[uU\](.+) $arg ignore user]} {
+ incr i
+ set username [ lindex $argv $i ]
+ }
+ # VTY Password
+ } -v* -
+ -v* {
+ if {! [ regexp .\[vV\](.+) $arg ignore passwd]} {
+ incr i
+ set passwd [ lindex $argv $i ]
+ }
+ set do_passwd 0
+ # Enable Username
+ } -w* -
+ -W* {
+ # ignore -w
+ # Environment variable to pass to -s scripts
+ } -E*
+ {
+ if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
+ incr i
+ set E$varname $varvalue
+ } else {
+ send_user "\nError: invalid format for -E in $arg\n"
+ exit 1
+ }
+ # Enable Password
+ } -e*
+ {
+ # ignore -e
+ # Command to run.
+ } -c* -
+ -C* {
+ if {! [ regexp .\[cC\](.+) $arg ignore command]} {
+ incr i
+ set command [ lindex $argv $i ]
+ }
+ set do_command 1
+ # Expect script to run.
+ } -s* -
+ -S* {
+ if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
+ incr i
+ set sfile [ lindex $argv $i ]
+ }
+ if { ! [ file readable $sfile ] } {
+ send_user "\nError: Can't read $sfile\n"
+ exit 1
+ }
+ set do_script 1
+ # 'ssh -c' cypher type
+ } -y* -
+ -Y* {
+ if {! [ regexp .\[eE\](.+) $arg ignore cypher]} {
+ incr i
+ set cypher [ lindex $argv $i ]
+ }
+ # alternate cloginrc file
+ } -f* -
+ -F* {
+ if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
+ incr i
+ set password_file [ lindex $argv $i ]
+ }
+ # Timeout
+ } -t* -
+ -T* {
+ if {! [ regexp .\[tT\](.+) $arg ignore timeout]} {
+ incr i
+ set timeout [ lindex $argv $i ]
+ }
+ # Command file
+ } -x* -
+ -X {
+ if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
+ incr i
+ set cmd_file [ lindex $argv $i ]
+ }
+ if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
+ send_user "\nError: $reason\n"
+ exit 1
+ }
+ set cmd_text [read $cmd_fd]
+ close $cmd_fd
+ set command [join [split $cmd_text \n] \;]
+ set do_command 1
+ # Do we enable?
+ } -noenable {
+ # ignore -noenable
+ # Does tacacs automatically enable us?
+ } -autoenable {
+ # ignore -autoenable
+ } -* {
+ send_user "\nError: Unknown argument! $arg\n"
+ send_user $usage
+ exit 1
+ } default {
+ break
+ }
+ }
+}
+# Process routers...no routers listed is an error.
+if { $i == $argc } {
+ send_user "\nError: $usage"
+}
+
+# Only be quiet if we are running a script (it can log its output
+# on its own)
+if { $do_script } {
+ log_user 0
+} else {
+ log_user 1
+}
+
+#
+# Done configuration/variable setting. Now run with it...
+#
+
+# Sets Xterm title if interactive...if its an xterm and the user cares
+proc label { host } {
+ global env
+ # if CLOGIN has an 'x' in it, don't set the xterm name/banner
+ if [info exists env(CLOGIN)] {
+ if {[string first "x" $env(CLOGIN)] != -1} { return }
+ }
+ # take host from ENV(TERM)
+ if [info exists env(TERM)] {
+ if [regexp \^(xterm|vs) $env(TERM) ignore ] {
+ send_user "\033]1;[lindex [split $host "."] 0]\a"
+ send_user "\033]2;$host\a"
+ }
+ }
+}
+
+# This is a helper function to make the password file easier to
+# maintain. Using this the password file has the form:
+# add password sl* pete cow
+# add password at* steve
+# add password * hanky-pie
+proc add {var args} { global int_$var ; lappend int_$var $args}
+proc include {args} {
+ global env
+ regsub -all "(^{|}$)" $args {} args
+ if { [ regexp "^/" $args ignore ] == 0 } {
+ set args $env(HOME)/$args
+ }
+ source_password_file $args
+}
+
+proc find {var router} {
+ upvar int_$var list
+ if { [info exists list] } {
+ foreach line $list {
+ if { [string match [lindex $line 0] $router ] } {
+ return [lrange $line 1 end]
+ }
+ }
+ }
+ return {}
+}
+
+# Loads the password file. Note that as this file is tcl, and that
+# it is sourced, the user better know what to put in there, as it
+# could install more than just password info... I will assume however,
+# that a "bad guy" could just as easy put such code in the clogin
+# script, so I will leave .cloginrc as just an extention of that script
+proc source_password_file { password_file } {
+ global env
+ if { ! [file exists $password_file] } {
+ send_user "\nError: password file ($password_file) does not exist\n"
+ exit 1
+ }
+ file stat $password_file fileinfo
+ if { [expr ($fileinfo(mode) & 007)] != 0000 } {
+ send_user "\nError: $password_file must not be world readable/writable\n"
+ exit 1
+ }
+ if [ catch {source $password_file} reason ] {
+ send_user "\nError: $reason\n"
+ exit 1
+ }
+}
+
+# Log into the router.
+proc login { router user userpswd passwd prompt cmethod cyphertype } {
+ global spawn_id in_proc do_command do_script
+ global u_prompt p_prompt sshcmd
+ set in_proc 1
+ set uprompt_seen 0
+
+ # try each of the connection methods in $cmethod until one is successful
+ set progs [llength $cmethod]
+ foreach prog [lrange $cmethod 0 end] {
+ if [string match "telnet*" $prog] {
+ regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
+ if {"$port" == ""} {
+ set retval [ catch {spawn telnet $router} reason ]
+ } else {
+ set retval [ catch {spawn telnet $router $port} reason ]
+ }
+ if { $retval } {
+ send_user "\nError: telnet failed: $reason\n"
+ exit 1
+ }
+ } elseif ![string compare $prog "ssh"] {
+ if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] {
+ send_user "\nError: $sshcmd failed: $reason\n"
+ exit 1
+ }
+ } elseif ![string compare $prog "rsh"] {
+ if [ catch {spawn rsh -l $user $router} reason ] {
+ send_user "\nError: rsh failed: $reason\n"
+ exit 1
+ }
+ } else {
+ puts "\nError: unknown connection method: $prog"
+ return 1
+ }
+ incr progs -1
+ sleep 0.3
+
+ # This helps cleanup each expect clause.
+ expect_after {
+ timeout {
+ send_user "\nError: TIMEOUT reached\n"
+ catch {close}; wait
+ if { $in_proc} {
+ return 1
+ } else {
+ continue
+ }
+ } eof {
+ send_user "\nError: EOF received\n"
+ catch {close}; wait
+ if { $in_proc} {
+ return 1
+ } else {
+ continue
+ }
+ }
+ }
+
+ expect {
+ "Connection refused" {
+ close; wait
+ sleep 0.3
+ expect eof
+ send_user "\nError: Connection Refused\n"; wait; return 1
+ } eof { send_user "\nError: Couldn't login\n"; wait; return 1
+ } "Unknown host\r\n" {
+ expect eof
+ send_user "\nError: Unknown host\n"; wait; return 1
+ } "Host is unreachable" {
+ expect eof
+ send_user "\nError: Host Unreachable!\n"; wait; return 1
+ } "No address associated with name" {
+ expect eof
+ send_user "\nError: Unknown host\n"; wait; return 1
+ }
+ -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" {
+ send "yes\r"
+ send_user "\nHost $router added to the list of known hosts.\n"
+ exp_continue }
+ -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" {
+ send "no\r"
+ send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n"
+ return 1 }
+ -re "Offending key for .* \(yes\/no\)\?" {
+ send "no\r"
+ send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n"
+ return 1 }
+
+ -re "$u_prompt" {
+ send "$user\r"
+ set uprompt_seen 1
+ exp_continue
+ }
+ -re "$p_prompt" {
+ sleep 1
+ if {$uprompt_seen == 1} {
+ send "$userpswd\r"
+ } else {
+ send "$passwd\r"
+ }
+ exp_continue
+ }
+ -re "^Confirm seeing above note" {
+ send "y\r"
+ exp_continue
+ }
+ "Password incorrect" { send_user "\nError: Check your password for $router\n";
+ catch {close}; wait; return 1 }
+ -re "$prompt" { break; }
+ denied { send_user "\nError: Check your passwd for $router\n"
+ catch {close}; wait; return 1
+ }
+ "\r\n" { exp_continue; }
+ }
+ }
+ set in_proc 0
+ return 0
+}
+
+# Run commands given on the command line.
+proc run_commands { prompt command } {
+ global in_proc
+ set in_proc 1
+
+ send "lines 0\r"
+ expect -re $prompt {}
+ regsub -all "\[)(]" $prompt {\\&} reprompt
+
+ # Is this a multi-command?
+ if [ string match "*\;*" "$command" ] {
+ set commands [split $command \;]
+ set num_commands [llength $commands]
+ for {set i 0} {$i < $num_commands} { incr i} {
+ send "[subst -nocommands [lindex $commands $i]]\r"
+ expect {
+ -re "^\[^\n\r]*$reprompt" {}
+ -re "^\[^\n\r ]*>>.*$reprompt" { exp_continue }
+ -re "\[\n\r]+" { exp_continue }
+ }
+ }
+ } else {
+ send "[subst -nocommands $command]\r"
+ send "y\r"
+ expect {
+ -re "^\[^\n\r]*$reprompt" {}
+ -re "^\[^\n\r ]*>>.*$reprompt" { exp_continue }
+ -re "\[\n\r]+" { exp_continue }
+ }
+ }
+
+ send "quit\r"
+# expect {
+# -re "^WARNING: the current user has insufficient rights to view password fields. A configuration saved under this circumstance should not be used to restore profiles containing passwords. Save anyway? [y/n]"
+# {
+# send "y\r"
+ exp_continue
+ }
+ "\n" { exp_continue }
+ "\[^\n\r *]*Session terminated" { return 0 }
+ timeout { return 0 }
+ eof { return 0 }
+ }
+ set in_proc 0
+}
+
+#
+# For each router... (this is main loop)
+#
+source_password_file $password_file
+set in_proc 0
+foreach router [lrange $argv $i end] {
+ set router [string tolower $router]
+ send_user "$router\n"
+
+ # Figure out prompt.
+ set prompt "admin>"
+ # TNT only "enables" based on the password used at login time
+ set autoenable 1
+ set enable 0
+
+ # Figure out passwords
+ if { $do_passwd } {
+ set pswd [find password $router]
+ if { [llength $pswd] == 0 } {
+ send_user "\nError - no password for $router in $password_file.\n"
+ continue
+ }
+ set passwd [join [lindex $pswd 0] ""]
+ }
+
+ # Figure out username
+ if {[info exists username]} {
+ # command line username
+ set ruser $username
+ } else {
+ set ruser [join [find user $router] ""]
+ if { "$ruser" == "" } { set ruser $default_user }
+ }
+
+ # Figure out username's password (if different from the vty password)
+ if {[info exists userpasswd]} {
+ # command line username
+ set userpswd $userpasswd
+ } else {
+ set userpswd [join [find userpassword $router] ""]
+ if { "$userpswd" == "" } { set userpswd $passwd }
+ }
+
+ # Figure out prompts
+ set u_prompt [find userprompt $router]
+ if { "$u_prompt" == "" } {
+ set u_prompt "(User|Username|login| Login):"
+ } else {
+ set u_prompt [join [lindex $u_prompt 0] ""]
+ }
+
+ set p_prompt [find passprompt $router]
+ if { "$p_prompt" == "" } {
+ set p_prompt "\[Pp]assword:"
+ } else {
+ set p_prompt [join [lindex $p_prompt 0] ""]
+ }
+
+ # Figure out cypher type
+ if {[info exists cypher]} {
+ # command line cypher type
+ set cyphertype $cypher
+ } else {
+ set cyphertype [find cyphertype $router]
+ if { "$cyphertype" == "" } { set cyphertype "3des" }
+ }
+
+ # Figure out connection method
+ set cmethod [find method $router]
+ if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }
+
+ # Figure out the SSH executable name
+ set sshcmd [find sshcmd $router]
+ if { "$sshcmd" == "" } { set sshcmd {ssh} }
+
+ # Login to the router
+ if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype]} {
+ continue
+ }
+
+ if { $do_command } {
+ if {[run_commands $prompt $command]} {
+ continue
+ }
+ } elseif { $do_script } {
+# send "lines 0\r"
+ expect -re $prompt {}
+ source $sfile
+ send "y\r"
+ close
+ } else {
+ label $router
+ log_user 1
+ interact
+ }
+
+ # End of for each router
+ wait
+ sleep 0.3
+}
+exit 0
diff --git a/bin/tntrancid.in b/bin/tntrancid.in
new file mode 100644
index 0000000..88520fd
--- /dev/null
+++ b/bin/tntrancid.in
@@ -0,0 +1,292 @@
+#! @PERLV_PATH@
+##
+## $Id: tntrancid.in,v 1.8 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# Modified by Paul B Matthews & Richard Vander Reyden.
+# I'm suprised it still works....
+#
+# RANCID - Really Awesome New Cisco confIg Differ
+#
+# usage: tntrancid [-d] [-l] [-f filename | $host]
+#
+use Getopt::Std;
+getopts('dfl');
+$log = $opt_l;
+$debug = $opt_d;
+$file = $opt_f;
+$host = $ARGV[0];
+$clean_run = 0;
+$found_end = 0;
+$timeo = 90; # tntlogin timeout in seconds
+$prompt = "admin> ";
+$always_y = "y"; # cause its a pain.
+
+my(%filter_pwds); # password filtering mode
+
+# This routine is used to print out the router configuration
+sub ProcessHistory {
+ my($new_hist_tag,$new_command,$command_string,@string)=(@_);
+ if((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
+ && defined %history) {
+ print eval "$command \%history";
+ print eval "$always_y \%history";
+ undef %history;
+ }
+ if (($new_hist_tag) && ($new_command) && ($command_string)) {
+ if ($history{$command_string}) {
+ $history{$command_string} = "$history{$command_string}@string";
+ } else {
+ $history{$command_string} = "@string";
+ }
+ } elsif (($new_hist_tag) && ($new_command)) {
+ $history{++$#history} = "@string";
+ } else {
+ print "@string";
+ }
+ $hist_tag = $new_hist_tag;
+ $command = $new_command;
+ 1;
+}
+
+sub numerically { $a <=> $b; }
+
+# This is a sort routing that will sort numerically on the
+# keys of a hash as if it were a normal array.
+sub keynsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort numerically keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# keys of a hash as if it were a normal array.
+sub keysort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# values of a hash as if it were a normal array.
+sub valsort{
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort values %lines) {
+ $sorted_lines[$i] = $key;
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a numerical sort routing (ascending).
+sub numsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $num (sort {$a <=> $b} keys %lines) {
+ $sorted_lines[$i] = $lines{$num};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routine that will sort on the
+# ip address when the ip address is anywhere in
+# the strings.
+sub ipsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $addr (sort sortbyipaddr keys %lines) {
+ $sorted_lines[$i] = $lines{$addr};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# These two routines will sort based upon IP addresses
+sub ipaddrval {
+ my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
+ $a[3]+256*($a[2]+256*($a[1]+256*$a[0]));
+}
+sub sortbyipaddr {
+ &ipaddrval($a) <=> &ipaddrval($b);
+}
+
+
+# This routine processes a "save con"
+sub SaveConf {
+ print STDERR " In SaveConf: $_" if ($debug);
+ my($comment) = 1; # strip extra comments, esp to preserve chassis type
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+# next if(/^\s*$/);
+
+### s/^\s*$/;/;
+
+# Leave software revision, but strip out saved date,
+# which causes rancid to think it changes each poll
+
+ if (/^; saved from /) {
+ ProcessHistory("","","","$_");
+ next;
+ }
+ /^; saved / && next;
+
+ # catch anything that wasnt match above.
+ ProcessHistory("","","","$_");
+ # end of config
+# if (/^# End of configuration file/i) {
+ if (/; profiles saved$/) {
+ printf STDERR " End SaveConf: $_" if ($debug);
+ $found_end = 1;
+ print STDOUT "$found_end = found_end within test\n";
+ return(1);
+ }
+ $found_end = 1;
+#### print STDOUT "$found_end = found_end at test\n";
+ }
+ $found_end = 1;
+ return(0);
+}
+$found_end = 1;
+print STDOUT "$found_end = found_end at end test\n";
+
+
+
+
+# dummy function
+sub DoNothing {print STDOUT;}
+
+# Main
+%commands=(
+ 'save con' => "SaveConf"
+);
+# keys() doesnt return things in the order entered and the order of the
+# cmds is important (show version first and write term last). pita
+@commands=(
+ "save con"
+);
+$tnt_cmds=join(";",@commands);
+$cmds_regexp=join("|",@commands);
+$tnt_cmds="save con";
+
+open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
+select(OUTPUT);
+# make OUTPUT unbuffered if debugging
+if ($debug) { $| = 1; }
+
+if ($file) {
+ print STDERR "opening file $host\n" if ($debug);
+ print STDOUT "opening file $host\n" if ($log);
+ open(INPUT,"<$host") || die "open failed for $host: $!\n";
+} else {
+ print STDERR "executing tntlogin -t $timeo -c\"$tnt_cmds\" $host\n" if ($debug);
+ print STDOUT "executing tntlogin -t $timeo -c\"$tnt_cmds\" $host\n" if ($log);
+ if (defined($ENV{NOPIPE})) {
+ system "tntlogin -t $timeo -c \"$tnt_cmds\" $host $host.raw 2>&1" || die "tntlogin failed for $host: $!\n";
+ open(INPUT, "< $host.raw") || die "tntlogin failed for $host: $!\n";
+ } else {
+ open(INPUT,"tntlogin -t $timeo -c \"$tnt_cmds\" $host ) {
+ tr/\015//d;
+
+ if (/^Error:/) {
+ print STDOUT ("$host tntlogin error: $_");
+ print STDERR ("$host tntlogin error: $_") if ($debug);
+ $clean_run=0;
+ last;
+ }
+ while (/$prompt\s*($cmds_regexp)\s*$/) {
+ $cmd = $1;
+ if (!defined($prompt)) {
+ $prompt = ($_ =~ /^([^#]+#)/)[0];
+ $prompt =~ s/([][}{)(\\])/\\$1/g;
+ $prompt =~ s/:(\d+ ?)#/:\\d+ ?#/;
+ print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
+ }
+ print STDERR ("HIT COMMAND:$_") if ($debug);
+ if (! defined($commands{$cmd})) {
+ print STDERR "$host: found unexpected command - \"$cmd\"\n";
+ $clean_run = 0;
+ last TOP;
+ }
+ $rval = &{$commands{$cmd}};
+ delete($commands{$cmd});
+ if ($rval == -1) {
+ printf STDERR "rval = -1\n" if ($debug);
+ $clean_run = 0;
+ last TOP;
+ }
+ }
+}
+print STDOUT "Done $logincmd: $_\n" if ($log);
+# Flush History
+ProcessHistory("","","","");
+# Cleanup
+$clean_run = 1;
+print STDOUT "$clean_run - clean\n";
+close(INPUT);
+close(OUTPUT);
+
+if (defined($ENV{NOPIPE})) {
+ unlink("$host.raw") if (! $debug);
+}
+
+# check for completeness
+if (scalar(%commands) || !$clean_run || !$found_end) {
+ if (scalar(%commands)) {
+ printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
+ printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug);
+ }
+ if (!$clean_run || !$found_end) {
+ print STDOUT "$host: End of run not found\n";
+ print STDERR "$host: End of run not found\n" if ($debug);
+ system("/usr/bin/tail -1 $host.new");
+ }
+ unlink "$host.new" if (! $debug);
+}
diff --git a/bin/xrancid.in b/bin/xrancid.in
old mode 100755
new mode 100644
index 06ff30b..4aeb1d3
--- a/bin/xrancid.in
+++ b/bin/xrancid.in
@@ -1,19 +1,22 @@
-#!@PERLV_PATH@
+#! @PERLV_PATH@
##
+## $Id: xrancid.in,v 1.32 2004/01/11 03:49:13 heas Exp $
##
-## Copyright (C) 1997-2001 by Henry Kilmer.
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
## All rights reserved.
##
-## This software may be freely copied, modified and redistributed without
-## fee for non-commerical purposes provided that this copyright notice is
-## preserved intact on all copies and modified copies.
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
##
## There is no warranty or other guarantee of fitness of this software.
-## It is provided solely "as is". The author(s) disclaim(s) all
+## It is provided solely "as is". The author(s) disclaim(s) all
## responsibility and liability with respect to this software's usage
## or its effect upon hardware, computer systems, other software, or
## anything else.
##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
##
#
# RANCID - Really Awesome New Cisco confIg Differ
@@ -21,7 +24,7 @@
# usage: rancid [-d] [-l] [-f filename | $host]
#
use Getopt::Std;
-getopts('dflm');
+getopts('dfl');
$log = $opt_l;
$debug = $opt_d;
$file = $opt_f;
@@ -272,10 +275,14 @@ sub WriteTerm {
tr/\015//d;
last if(/^$prompt/);
next if(/^\s*$/);
+ return(0) if(/^syntax error at token /i);
# the pager can not be disabled per-session on the PIX
s/^<-+ More -+>\s*//;
+ return(0) if ($found_end);
s/^\s*$/#/;
+ next if (/full detail configuration/i);
+
# filter extra comments and lead comments in config so we can preserve
# the chassis type at the top of muched o/p before the process history
# key changes.
@@ -291,7 +298,7 @@ sub WriteTerm {
# Dog gone Cool matches to process the rest of the config
# some chassis report their chassis type in show diag...oh, but
- # other noooo. grab it here, if available. so, nothing else
+ # others do not. grab it here, if available. so, nothing else
# can change the keysort key until this is grabbed. sigh.
/# (\S+) configuration generated/i &&
ProcessHistory("COMMENTS","keysort","A0","#Chassis type: $1\n") &&
@@ -301,11 +308,11 @@ sub WriteTerm {
/# software version/i && next;
if (/((create|configure) account \S+ \S+) / && $filter_pwds >= 2) {
- ProcessHistory("","","","# $1 \n");
+ ProcessHistory("COMMENTS","keysort","H0","# $1 \n");
next;
}
if (/configure ssh2 key/ && $filter_pwds >= 1) {
- ProcessHistory("","","","# $_# \n");
+ ProcessHistory("COMMENTS","keysort","H0","# $_# \n");
while () {
if (/^(#|enable|conf|disable|unconf)/) {
tr/\015//d;
@@ -317,7 +324,7 @@ sub WriteTerm {
# filter out any RCS/CVS tags to avoid confusing local CVS storage
s/\$(Revision|Id):/ $1:/;
if (/^((config|configure) bgp (neighbor|peer-group) \S+ password encrypted)/i && $filter_pwds >= 1) {
- ProcessHistory("","","","# $1 \n");
+ ProcessHistory("COMMENTS","keysort","H0","# $1 \n");
next;
}
@@ -346,17 +353,17 @@ sub WriteTerm {
}
# order/prune tacacs/radius server statements
if (/^(configure radius (primary|secondary) (tacacs-server|radius-server) shared-secret encrypted)/ && $filter_pwds >= 1) {
- ProcessHistory("","","","# $1 \n");
+ ProcessHistory("COMMENTS","keysort","H0","# $1 \n");
next;
}
# catch anything that wasnt match above.
- ProcessHistory("","","","$_");
+ ProcessHistory("COMMENTS","keysort","H0","$_");
# end of config
if (/^# End of configuration file/i) {
printf STDERR " End WriteTerm: $_" if ($debug);
$found_end = 1;
- return(1);
+ return(0);
}
}
return(0);
@@ -367,12 +374,13 @@ sub DoNothing {print STDOUT;}
# Main
%commands=(
- 'show version' => "ShowVersion",
- 'show memory' => "ShowMemory",
- 'show diagnostics' => "ShowDiag",
- 'show switch' => "ShowSwitch",
- 'show slot' => "ShowSlot",
- 'show configuration' => "WriteTerm"
+ 'show version' => "ShowVersion",
+ 'show memory' => "ShowMemory",
+ 'show diagnostics' => "ShowDiag",
+ 'show switch' => "ShowSwitch",
+ 'show slot' => "ShowSlot",
+ 'show configuration detail' => "WriteTerm",
+ 'show configuration' => "WriteTerm"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@@ -382,6 +390,7 @@ sub DoNothing {print STDOUT;}
"show diagnostics",
"show switch",
"show slot",
+ "show configuration detail",
"show configuration"
);
$cisco_cmds=join(";",@commands);
@@ -397,13 +406,13 @@ if ($file) {
print STDOUT "opening file $host\n" if ($log);
open(INPUT,"<$host") || die "open failed for $host: $!\n";
} else {
- print STDERR "executing clogin -t $timeo -autoenable -c\"$cisco_cmds\" $host\n" if ($debug);
- print STDOUT "executing clogin -t $timeo -autoenable -c\"$cisco_cmds\" $host\n" if ($log);
+ print STDERR "executing clogin -t $timeo -c \"$cisco_cmds\" $host\n" if ($debug);
+ print STDOUT "executing clogin -t $timeo -c \"$cisco_cmds\" $host\n" if ($log);
if (defined($ENV{NOPIPE})) {
- system "clogin -t $timeo -autoenable -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n";
+ system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n";
open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n";
} else {
- open(INPUT,"clogin -t $timeo -autoenable -c \"$cisco_cmds\" $host ) {
tr/\015//d;
# note: this match sucks rocks, but currently the extreme bits are
# unreliable about echoing the 'exit\n' command. this match might really
# be a bad idea, but instead rely upon WriteTerm's found_end?
- if (/$prompt\s?(quit|exit|Connection closed)/ && $found_end) {
+ if (/$prompt\s?(quit|exit|Connection( to \S+)? closed)/ && $found_end) {
$clean_run=1;
last;
}
@@ -442,8 +452,10 @@ TOP: while() {
$cmd = $1;
if (!defined($prompt)) {
$prompt = ($_ =~ /^([^#]+#)/)[0];
+ $prompt =~ s/([][}{)(\\])/\\$1/g;
$prompt =~ s/:(\d+ ?)#/:\\d+ ?#/;
- print STDERR ("PROMPT MATCH:$prompt\n") if ($debug);
+ $prompt =~ s/\*/\\\*/;
+ print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
}
print STDERR ("HIT COMMAND:$_") if ($debug);
if (! defined($commands{$cmd})) {
diff --git a/bin/zrancid.in b/bin/zrancid.in
new file mode 100755
index 0000000..a969553
--- /dev/null
+++ b/bin/zrancid.in
@@ -0,0 +1,411 @@
+#! @PERLV_PATH@
+##
+## $Id: zrancid.in,v 1.8 2004/01/11 03:49:13 heas Exp $
+##
+## Copyright (C) 1997-2004 by Terrapin Communications, Inc.
+## All rights reserved.
+##
+## This software may be freely copied, modified and redistributed
+## without fee for non-commerical purposes provided that this license
+## remains intact and unmodified with any RANCID distribution.
+##
+## There is no warranty or other guarantee of fitness of this software.
+## It is provided solely "as is". The author(s) disclaim(s) all
+## responsibility and liability with respect to this software's usage
+## or its effect upon hardware, computer systems, other software, or
+## anything else.
+##
+## Except where noted otherwise, rancid was written by and is maintained by
+## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz.
+##
+#
+# This version of rancid tries to deal with zebra s/w.
+#
+# RANCID - Really Awesome New Cisco confIg Differ
+#
+# usage: rancid [-d] [-l] [-f filename | $host]
+#
+use Getopt::Std;
+getopts('dfl');
+$log = $opt_l;
+$debug = $opt_d;
+$file = $opt_f;
+$host = $ARGV[0];
+$clean_run = 0;
+$found_end = 0;
+$timeo = 90; # clogin timeout in seconds
+
+my(%filter_pwds); # password filtering mode
+
+# This routine is used to print out the router configuration
+sub ProcessHistory {
+ my($new_hist_tag,$new_command,$command_string,@string)=(@_);
+ if((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
+ && defined %history) {
+ print eval "$command \%history";
+ undef %history;
+ }
+ if (($new_hist_tag) && ($new_command) && ($command_string)) {
+ if ($history{$command_string}) {
+ $history{$command_string} = "$history{$command_string}@string";
+ } else {
+ $history{$command_string} = "@string";
+ }
+ } elsif (($new_hist_tag) && ($new_command)) {
+ $history{++$#history} = "@string";
+ } else {
+ print "@string";
+ }
+ $hist_tag = $new_hist_tag;
+ $command = $new_command;
+ 1;
+}
+
+sub numerically { $a <=> $b; }
+
+# This is a sort routing that will sort numerically on the
+# keys of a hash as if it were a normal array.
+sub keynsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort numerically keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# keys of a hash as if it were a normal array.
+sub keysort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort keys(%lines)) {
+ $sorted_lines[$i] = $lines{$key};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routing that will sort on the
+# values of a hash as if it were a normal array.
+sub valsort{
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $key (sort values %lines) {
+ $sorted_lines[$i] = $key;
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a numerical sort routing (ascending).
+sub numsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $num (sort {$a <=> $b} keys %lines) {
+ $sorted_lines[$i] = $lines{$num};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# This is a sort routine that will sort on the
+# ip address when the ip address is anywhere in
+# the strings.
+sub ipsort {
+ local(%lines)=@_;
+ local($i) = 0;
+ local(@sorted_lines);
+ foreach $addr (sort sortbyipaddr keys %lines) {
+ $sorted_lines[$i] = $lines{$addr};
+ $i++;
+ }
+ @sorted_lines;
+}
+
+# These two routines will sort based upon IP addresses
+sub ipaddrval {
+ my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
+ $a[3]+256*($a[2]+256*($a[1]+256*$a[0]));
+}
+sub sortbyipaddr {
+ &ipaddrval($a) <=> &ipaddrval($b);
+}
+
+# This routine parses "show version"
+sub ShowVersion {
+ print STDERR " In ShowVersion: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ next if(/^(\s*|\s*$cmd\s*)$/);
+ return(-1) if (/command authorization failed/i);
+
+ ProcessHistory("COMMENTS","keysort","B0", "!$_") && next;
+
+ }
+ return(0);
+}
+
+# This routine processes a "write term"
+sub WriteTerm {
+ print STDERR " In WriteTerm: $_" if ($debug);
+
+ while () {
+ tr/\015//d;
+ last if(/^$prompt/);
+ return(-1) if (/command authorization failed/i);
+
+ /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked
+ # skip the crap
+ if (/^(##+$|(Building|Current) configuration)/i) {
+ while () {
+ next if (/^Current configuration\s*:/i);
+ next if (/^([%!].*|\s*)$/);
+ last;
+ }
+ tr/\015//d;
+ }
+ # some versions have other crap mixed in with the bits in the
+ # block above
+ /^! Last Changed:/ && next;
+
+ # Dog gone Cool matches to process the rest of the config
+# /^tftp-server flash / && next; # kill any tftp remains
+# /^ntp clock-period / && next; # kill ntp clock-period
+# /^ length / && next; # kill length on serial lines
+# /^ width / && next; # kill width on serial lines
+# /^ clockrate / && next; # kill clockrate on serial interfaces
+
+ if (/^(enable password( \d)?) / && $filter_pwds >= 1) {
+ ProcessHistory("ENABLE","","","!$1 \n");
+ next;
+ }
+ if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) {
+ if ($filter_pwds == 2) {
+ ProcessHistory("USER","keysort","$1","!username $1$2 password \n");
+ } elsif ($filter_pwds == 1 && $4 ne "5"){
+ ProcessHistory("USER","keysort","$1","!username $1$2 password \n");
+ } else {
+ ProcessHistory("USER","keysort","$1","$_");
+ }
+ next;
+ }
+
+ # prune passwords {bgp, ...}
+ if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) {
+ ProcessHistory("","","","! neighbor $1 password \n");
+ next;
+ }
+ # sort route-maps
+ if (/^route-map (\S+)/) {
+ my($key) = $1;
+ my($routemap) = $_;
+ while () {
+ tr/\015//d;
+ last if (/^$prompt/ || ! /^(route-map |[ !])/);
+ if (/^route-map (\S+)/) {
+ ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
+ $key = $1;
+ $routemap = $_;
+ } else {
+ $routemap .= $_;
+ }
+ }
+ ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
+ }
+
+ # filter out any RCS/CVS tags to avoid confusing local CVS storage
+ s/\$(Revision|Id):/ $1:/;
+
+ # order access-lists
+ /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ &&
+ ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next;
+
+ # order logging statements
+ /^logging (\d+\.\d+\.\d+\.\d+)/ &&
+ ProcessHistory("LOGGING","ipsort","$1","$_") && next;
+
+ # order/prune snmp-server host statements
+ # we only prune lines of the form
+ # snmp-server host a.b.c.d
+ if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) {
+ if (defined($ENV{'NOCOMMSTR'})) {
+ my($ip) = $1;
+ my($line) = "snmp-server host $ip";
+ my(@tokens) = split(' ', $');
+ my($token);
+ while ($token = shift(@tokens)) {
+ if ($token eq 'version') {
+ $line .= " " . join(' ', ($token, shift(@tokens)));
+ } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) {
+ $line .= " " . $token;
+ } else {
+ $line = "!$line " . join(' ', ("", join(' ',@tokens)));
+ last;
+ }
+ }
+ ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n");
+ } else {
+ ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_");
+ }
+ next;
+ }
+ if (/^(snmp-server community) (\S+)/) {
+ if (defined($ENV{'NOCOMMSTR'})) {
+ ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next;
+ } else {
+ ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next;
+ }
+ }
+
+ # prune tacacs/radius server keys
+ if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 key \n"); next;
+ }
+ if (/^(tacacs-server host \S+( .*)? key) (\d )?\S+/
+ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+
+ # order clns host statements
+# /^clns host \S+ (\S+)/ &&
+# ProcessHistory("CLNS","keysort","$1","$_") && next;
+
+ # prune isis password
+ if (/^( isis authentication-key) \d \S+/ && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 $'"); next;
+ }
+ # prune msdp password
+ if (/^(ip msdp password \S+) / && $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 \n"); next;
+ }
+
+# # order ip host line statements
+# /^ip host line(\d+)/ &&
+# ProcessHistory("IPHOST","numsort","$1","$_") && next;
+
+ # catch anything that wasnt matched above.
+ ProcessHistory("","","","$_");
+ # end of config.
+ if (/^end$/) {
+ $found_end = 1;
+ return(1);
+ }
+ }
+ return(0);
+}
+
+# dummy function
+sub DoNothing {print STDOUT;}
+
+# Main
+%commands=(
+ 'show version' => "ShowVersion",
+ 'write term' => "WriteTerm"
+);
+# keys() doesnt return things in the order entered and the order of the
+# cmds is important (show version first and write term last). pita
+@commands=(
+ "show version",
+ "write term"
+);
+$cisco_cmds=join(";",@commands);
+$cmds_regexp=join("|",@commands);
+
+open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
+select(OUTPUT);
+# make OUTPUT unbuffered if debugging
+if ($debug) { $| = 1; }
+
+if ($file) {
+ print STDERR "opening file $host\n" if ($debug);
+ print STDOUT "opening file $host\n" if ($log);
+ open(INPUT,"<$host") || die "open failed for $host: $!\n";
+} else {
+ print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
+ print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
+ if (defined($ENV{NOPIPE})) {
+ system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n";
+ open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n";
+ } else {
+ open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) {
+ tr/\015//d;
+ if (/\#\s?exit$/) {
+ $clean_run=1;
+ last;
+ }
+ if (/^Error:/) {
+ print STDOUT ("$host clogin error: $_");
+ print STDERR ("$host clogin error: $_") if ($debug);
+ $clean_run=0;
+ last;
+ }
+ while (/#\s*($cmds_regexp)\s*$/) {
+ $cmd = $1;
+ if (!defined($prompt)) {
+ $prompt = ($_ =~ /^([^#]+#)/)[0];
+ $prompt =~ s/([][}{)(\\])/\\$1/g;
+ }
+ print STDERR ("HIT COMMAND:$_") if ($debug);
+ if (! defined($commands{$cmd})) {
+ print STDERR "$host: found unexpected command - \"$cmd\"\n";
+ $clean_run = 0;
+ last TOP;
+ }
+ $rval = &{$commands{$cmd}};
+ delete($commands{$cmd});
+ if ($rval == -1) {
+ $clean_run = 0;
+ last TOP;
+ }
+ }
+}
+print STDOUT "Done $logincmd: $_\n" if ($log);
+# Flush History
+ProcessHistory("","","","");
+# Cleanup
+close(INPUT);
+close(OUTPUT);
+
+if (defined($ENV{NOPIPE})) {
+ unlink("$host.raw") if (! $debug);
+}
+
+# check for completeness
+if (scalar(%commands) || !$clean_run || !$found_end) {
+ if (scalar(%commands)) {
+ printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
+ printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug);
+ }
+ if (!$clean_run || !$found_end) {
+ print STDOUT "$host: End of run not found\n";
+ print STDERR "$host: End of run not found\n" if ($debug);
+ system("/usr/bin/tail -1 $host.new");
+ }
+ unlink "$host.new" if (! $debug);
+}
--
cgit