#! @PERLV_PATH@ ## ## $Id$ ## ## @PACKAGE@ @VERSION@ ## Copyright (c) 1997-2008 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # This version of rancid tries to deal with Prockets. # # RANCID - Really Awesome New Cisco confIg Differ # # usage: rancid [-dV] [-l] [-f filename | hostname] # use Getopt::Std; getopts('dflV'); if ($opt_V) { print "@PACKAGE@ @VERSION@\n"; exit(0); } $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; $timeo = 90; # clogin timeout in seconds my(@commandtable, %commands, @commands);# command lists my($aclsort) = ("ipsort"); # ACL sorting mode my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode my($platform); # platform/cpu type # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string,@string) = (@_); if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routine that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routine (ascending). sub numsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); if (/(lynxos|kernel) Version: .* (\S+)/i) { $platform = $2; } /Procket/ && ProcessHistory("COMMENTS","keysort","B0", "! $_") && next; /System Uptime:/ && next; /Protocol Uptime:/ && next; ProcessHistory("COMMENTS","keysort","B0", "!$_") && next; } return(0); } # This routine parses "show package" sub ShowPackage { print STDERR " In ShowPackage: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); ProcessHistory("COMMENTS","keysort","C0", "! $_") && next; } return(0); } # This routine parses "show hardware" sub ShowHardware { print STDERR " In ShowHardware: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); # skip show hardware on titanium return(0) if ($platform =~ /i386/i); return(-1) if (/command authorization failed/i); return(-1) if (/cli: couldn.t communicate with/); ProcessHistory("COMMENTS","keysort","D0", "! $_") && next; } return(0); } # This routine parses "show inventory" sub ShowInventory { print STDERR " In ShowInventory: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(0) if (/^\s+\^/); return(-1) if (/command authorization failed/i); /Procket/ && ProcessHistory("COMMENTS","keysort","E0", "! $_") && next; /System Uptime:/ && next; /Protocol Uptime:/ && next; ProcessHistory("COMMENTS","keysort","E0", "!$_") && next; } return(0); } # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); return(-1) if (/command authorization failed/i); /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked # skip the crap if (/^(##+$|(Building|Current) configuration)/i) { while () { next if (/^Current configuration\s*:/i); next if (/^([%!].*|\s*)$/); last; } tr/\015//d; } # some versions have other crap mixed in with the bits in the # block above /^! Last Changed:/ && next; # Dog gone Cool matches to process the rest of the config # /^tftp-server flash / && next; # kill any tftp remains # /^ntp clock-period / && next; # kill ntp clock-period # /^ length / && next; # kill length on serial lines # /^ width / && next; # kill width on serial lines # /^ clockrate / && next; # kill clockrate on serial interfaces if (/^(enable secret( level \d)?) / && $filter_pwds >= 2) { ProcessHistory("ENABLE","","","!$1 \n"); next; } if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { if ($filter_pwds == 2) { ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } elsif ($filter_pwds == 1 && $4 ne "5"){ ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } # prune passwords {bgp, ...} if (/^(\s*)password / && $filter_pwds >= 1) { ProcessHistory("","","","!$1password \n"); next; } # prune authentication keys {vrrp vrid N, router isis...} if (/^(\s*authentication \S+ key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^(\s*authentication-key) \d \S+( .*)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $2\n"); next; } # if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) { # ProcessHistory("","","","! neighbor $1 password \n"); # next; # } # if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # if (/^(ip ftp password) / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # prune ospf keys if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # this is reversable, despite 'md5' in the cmd if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # this is reversable, despite 'md5' in the cmd if (/^(\s*message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 $'"); next; # } # sort ip explicit-paths. if (/^ip explicit-path name (\S+)/) { my($key) = $1; my($expath) = $_; while () { tr/\015//d; last if (/^$prompt/); last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/); if (/^ip explicit-path name (\S+)/) { ProcessHistory("EXPATH","keysort","$key","$expath"); $key = $1; $expath = $_; } else { $expath .= $_; } } ProcessHistory("EXPATH","keysort","$key","$expath"); } # sort route-maps if (/^route-map (\S+)/) { my($key) = $1; my($routemap) = $_; while () { tr/\015//d; last if (/^$prompt/ || ! /^(route-map |[ !])/); if (/^route-map (\S+)/) { ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); $key = $1; $routemap = $_; } else { $routemap .= $_; } } ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); } # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; # # order access-lists # /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && # ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; # # order extended access-lists # /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && # ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; # /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && # ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; # /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && # ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next; # # order arp lists # /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && # ProcessHistory("ARP","$aclsort","$1","$_") && next; # /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && # ProcessHistory("PACL $1 $3","$aclsort","$4","ip prefix-list $1 $3 $4$5\n") # && next; # order logging statements /^logging (\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("LOGGING","ipsort","$1","$_") && next; # order/prune snmp-server host statements # we only prune lines of the form # snmp-server host a.b.c.d if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { if ($filter_commstr) { my($ip) = $1; my($line) = "snmp-server host $ip"; my(@tokens) = split(' ', $'); my($token); while ($token = shift(@tokens)) { if ($token eq 'version') { $line .= " " . join(' ', ($token, shift(@tokens))); } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { $line .= " " . $token; } else { $line = "!$line " . join(' ', ("", join(' ',@tokens))); last; } } ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); } else { ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); } next; } if (/^(snmp-server community) (\S+)/) { if ($filter_commstr) { ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; } else { ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; } } # prune tacacs/radius server keys if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 key \n"); next; } if (/^(tacacs-server host \S+( .*)? key) (\d )?\S+/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # order clns host statements # /^clns host \S+ (\S+)/ && # ProcessHistory("CLNS","keysort","$1","$_") && next; # prune vrrp password if (/^( ip vrrp authentication .* key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # prune isis password if (/^( isis authentication-key) \d \S+/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $'"); next; } # prune msdp password if (/^(ip msdp password \S+) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # delete ntp auth password - this md5 is a reversable too if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); ProcessHistory("NTP","keysort",$sortkey,"$_"); next; } # # order ip host line statements # /^ip host line(\d+)/ && # ProcessHistory("IPHOST","numsort","$1","$_") && next; # # order ip nat source static statements # /^ip nat (\S+) source static (\S+)/ && # ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # # order atm map-list statements # /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ && # ProcessHistory("ATM map-list","ipsort","$1","$_") && next; # # order ip rcmd lines # /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # catch anything that wasnt matched above. ProcessHistory("","","","$_"); # end of config. if (/^end$/) { $found_end = 1; return(1); } } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main @commandtable = ( {'show version all' => 'ShowVersion'}, {'show package' => 'ShowPackage'}, {'show hardware' => 'ShowHardware'}, {'show inventory' => 'ShowInventory'}, {'write term' => 'WriteTerm'} ); # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); %commands = map(%$_, @commandtable); $cisco_cmds=join(";",@commands); $cmds_regexp=join("|",@commands); if (length($host) == 0) { if ($file) { print(STDERR "Too few arguments: file name required\n"); exit(1); } else { print(STDERR "Too few arguments: host name required\n"); exit(1); } } open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n"; } else { open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/\#\s?exit$/) { $clean_run=1; last; } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run=0; last; } while (/#\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); }