Created
April 9, 2013 09:25
-
-
Save lauer/5344320 to your computer and use it in GitHub Desktop.
DLink rancid module Remember to add the following line to rancid-fe (and a , on the line before) 'dlink' => 'dlrancid', This is tested on a DGS-3427
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/expect -- | |
| ## | |
| ## patched to accomplish fortinet from nlogin | |
| ## in turn patched to accomplish D-Link from fnlogin | |
| ## by: Daniel G. Epstein <dan at rootlike.com> | |
| ## adapted by: Diego Ercolani <diego.ercolani at ssis.sm> | |
| ## further adapted by: Gavin McCullagh <gavin.mccullagh at gcd.ie> | |
| ## | |
| ## rancid 2.3.6 | |
| ## Copyright (c) 1997-2009 by Terrapin Communications, Inc. | |
| ## All rights reserved. | |
| ## | |
| ## This code is derived from software contributed to and maintained by | |
| ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, | |
| ## Pete Whiting, Austin Schutz, and Andrew Fort. | |
| ## | |
| ## Redistribution and use in source and binary forms, with or without | |
| ## modification, are permitted provided that the following conditions | |
| ## are met: | |
| ## 1. Redistributions of source code must retain the above copyright | |
| ## notice, this list of conditions and the following disclaimer. | |
| ## 2. Redistributions in binary form must reproduce the above copyright | |
| ## notice, this list of conditions and the following disclaimer in the | |
| ## documentation and/or other materials provided with the distribution. | |
| ## 3. All advertising materials mentioning features or use of this software | |
| ## must display the following acknowledgement: | |
| ## This product includes software developed by Terrapin Communications, | |
| ## Inc. and its contributors for RANCID. | |
| ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its | |
| ## contributors may be used to endorse or promote products derived from | |
| ## this software without specific prior written permission. | |
| ## 5. It is requested that non-binding fixes and modifications be contributed | |
| ## back to Terrapin Communications, Inc. | |
| ## | |
| ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS | |
| ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
| ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS | |
| ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| ## POSSIBILITY OF SUCH DAMAGE. | |
| # | |
| # The expect login scripts were based on Erik Sherk's gwtn, by permission. | |
| # Netscreen hacks implemented by Stephen Gill <gillsr <at> yahoo.com>. | |
| # Fortinet hacks by Daniel G. Epstein <dan at rootlike.com> | |
| # D-Link hacks by Gavin McCullagh <gmccullagh at gmail dot com> | |
| # | |
| ############################################################################# | |
| # | |
| # dllogin - D-Link login | |
| # This script is very much a hack based on the existing code, but it works for us. | |
| # | |
| # Thus far we have tested this on the following D-Link Switch models: | |
| # | |
| # DES-3010F - success (telnet, ssh) | |
| # DES-3052P - success (telnet, ssh, ... a little slow) | |
| # DES-3526 - success (telnet, ssh) | |
| # DES-3550 - success (telnet, ssh) | |
| # DES-3250TG - fail (there's no command to print config) | |
| # DGS-3324SR - success (telnet, ssh) | |
| # DGS-3100 - fail (but probably not too big a job to fix) | |
| # | |
| # Known bugs/issues: | |
| # - line wrap problems cause newlines within config lines at 80 chars wide on | |
| # some models (DES-3010F) | |
| # - ssh can be quite slow on these units and we've even had anecdotal evidence | |
| # that the load on the switches can occasionally cause packet loss. We | |
| # generally use telnet for this reason and all is fine. | |
| # | |
| # | |
| ############################################################################# | |
| # Usage line | |
| set usage "Usage: $argv0 \[-dSV\] \[-c command\] \[-Evar=x\] \ | |
| \[-f cloginrc-file\] \[-p user-password\] \ | |
| \[-s script-file\] \[-t timeout\] \[-u username\] \ | |
| \[-v vty-password\] \[-x command-file\] \ | |
| \[-y ssh_cypher_type\] router \[router...\]\n" | |
| # env(CLOGIN) may contain: | |
| # x == do not set xterm banner or name | |
| # Password file | |
| set password_file $env(HOME)/.cloginrc | |
| # Default is to login to the firewall | |
| set do_command 0 | |
| set do_script 0 | |
| # The default is to look in the password file to find the passwords. This | |
| # tracks if we receive them on the command line. | |
| set do_passwd 1 | |
| set do_enapasswd 1 | |
| # Save config, if prompted | |
| set do_saveconfig 0 | |
| # Find the user in the ENV, or use the unix userid. | |
| if {[ info exists env(CISCO_USER) ]} { | |
| set default_user $env(CISCO_USER) | |
| } elseif {[ info exists env(USER) ]} { | |
| set default_user $env(USER) | |
| } elseif {[ info exists env(LOGNAME) ]} { | |
| set default_user $env(LOGNAME) | |
| } else { | |
| # This uses "id" which I think is portable. At least it has existed | |
| # (without options) on all machines/OSes I've been on recently - | |
| # unlike whoami or id -nu. | |
| if [ catch {exec id} reason ] { | |
| send_error "\nError: could not exec id: $reason\n" | |
| exit 1 | |
| } | |
| regexp {\(([^)]*)} "$reason" junk default_user | |
| } | |
| if {[ info exists env(CLOGINRC) ]} { | |
| set password_file $env(CLOGINRC) | |
| } | |
| # Sometimes firewall take awhile to answer (the default is 10 sec) | |
| set timeout 45 | |
| # Process the command line | |
| for {set i 0} {$i < $argc} {incr i} { | |
| set arg [lindex $argv $i] | |
| switch -glob -- $arg { | |
| # Expect debug mode | |
| -d* { | |
| exp_internal 1 | |
| # Username | |
| } -u* { | |
| if {! [ regexp .\[uU\](.+) $arg ignore user]} { | |
| incr i | |
| set username [ lindex $argv $i ] | |
| } | |
| # VTY Password | |
| } -p* { | |
| if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { | |
| incr i | |
| set userpasswd [ lindex $argv $i ] | |
| } | |
| set do_passwd 0 | |
| # Environment variable to pass to -s scripts | |
| } -E* { | |
| if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { | |
| set E$varname $varvalue | |
| } else { | |
| send_user "\nError: invalid format for -E in $arg\n" | |
| exit 1 | |
| } | |
| # Command to run. | |
| } -c* { | |
| if {! [ regexp .\[cC\](.+) $arg ignore command]} { | |
| incr i | |
| set command [ lindex $argv $i ] | |
| } | |
| set do_command 1 | |
| # Expect script to run. | |
| } -s* { | |
| if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { | |
| incr i | |
| set sfile [ lindex $argv $i ] | |
| } | |
| if { ! [ file readable $sfile ] } { | |
| send_user "\nError: Can't read $sfile\n" | |
| exit 1 | |
| } | |
| set do_script 1 | |
| # save config on exit | |
| } -S* { | |
| set do_saveconfig 1 | |
| # cypher type | |
| } -y* { | |
| if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { | |
| incr i | |
| set cypher [ lindex $argv $i ] | |
| } | |
| # alternate cloginrc file | |
| } -f* { | |
| if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { | |
| incr i | |
| set password_file [ lindex $argv $i ] | |
| } | |
| } -t* { | |
| incr i | |
| set timeout [ lindex $argv $i ] | |
| } -x* { | |
| if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { | |
| incr i | |
| set cmd_file [ lindex $argv $i ] | |
| } | |
| if [ catch {set cmd_fd [open $cmd_file r]} reason ] { | |
| send_user "\nError: $reason\n" | |
| exit 1 | |
| } | |
| set cmd_text [read $cmd_fd] | |
| close $cmd_fd | |
| set command [join [split $cmd_text \n] \;] | |
| set do_command 1 | |
| # Version string | |
| } -V* { | |
| send_user "rancid 2.3.6\n" | |
| exit 0 | |
| # Does tacacs automatically enable us? | |
| } -autoenable { | |
| # ignore autoenable | |
| } -* { | |
| send_user "\nError: Unknown argument! $arg\n" | |
| send_user $usage | |
| exit 1 | |
| } default { | |
| break | |
| } | |
| } | |
| } | |
| # Process firewalls...no firewalls listed is an error. | |
| if { $i == $argc } { | |
| send_user "\nError: $usage" | |
| } | |
| # Only be quiet if we are running a script (it can log its output | |
| # on its own) | |
| if { $do_script } { | |
| log_user 0 | |
| } else { | |
| log_user 1 | |
| } | |
| # | |
| # Done configuration/variable setting. Now run with it... | |
| # | |
| # Sets Xterm title if interactive...if its an xterm and the user cares | |
| proc label { host } { | |
| global env | |
| # if CLOGIN has an 'x' in it, don't set the xterm name/banner | |
| if [info exists env(CLOGIN)] { | |
| if {[string first "x" $env(CLOGIN)] != -1} { return } | |
| } | |
| # take host from ENV(TERM) | |
| if [info exists env(TERM)] { | |
| if [regexp \^(xterm|vs) $env(TERM) ignore ] { | |
| send_user "\033]1;[lindex [split $host "."] 0]\a" | |
| send_user "\033]2;$host\a" | |
| } | |
| } | |
| } | |
| # This is a helper function to make the password file easier to | |
| # maintain. Using this the password file has the form: | |
| # add password sl* pete cow | |
| # add password at* steve | |
| # add password * hanky-pie | |
| proc add {var args} { global int_$var ; lappend int_$var $args} | |
| proc include {args} { | |
| global env | |
| regsub -all "(^{|}$)" $args {} args | |
| if { [ regexp "^/" $args ignore ] == 0 } { | |
| set args $env(HOME)/$args | |
| } | |
| source_password_file $args | |
| } | |
| proc find {var router} { | |
| upvar int_$var list | |
| if { [info exists list] } { | |
| foreach line $list { | |
| if { [string match [lindex $line 0] $router ] } { | |
| return [lrange $line 1 end] | |
| } | |
| } | |
| } | |
| return {} | |
| } | |
| # Loads the password file. Note that as this file is tcl, and that | |
| # it is sourced, the user better know what to put in there, as it | |
| # could install more than just password info... I will assume however, | |
| # that a "bad guy" could just as easy put such code in the clogin | |
| # script, so I will leave .cloginrc as just an extention of that script | |
| proc source_password_file { password_file } { | |
| global env | |
| if { ! [file exists $password_file] } { | |
| send_user "\nError: password file ($password_file) does not exist\n" | |
| exit 1 | |
| } | |
| file stat $password_file fileinfo | |
| if { [expr ($fileinfo(mode) & 007)] != 0000 } { | |
| send_user "\nError: $password_file must not be world readable/writable\n" | |
| exit 1 | |
| } | |
| if [ catch {source $password_file} reason ] { | |
| send_user "\nError: $reason\n" | |
| exit 1 | |
| } | |
| } | |
| # Log into the firewall. | |
| # returns: 0 on success, 1 on failure | |
| proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } { | |
| global spawn_id in_proc do_command do_script sshcmd | |
| set in_proc 1 | |
| set uprompt_seen 0 | |
| # Telnet to the firewall & try to login. | |
| set progs [llength $cmethod] | |
| foreach prog [lrange $cmethod 0 end] { | |
| incr progs -1 | |
| if [string match "telnet*" $prog] { | |
| regexp {telnet(:([^[:space:]]+))*} $prog command suffix port | |
| if {"$port" == ""} { | |
| set retval [ catch {spawn telnet $router} reason ] | |
| } else { | |
| set retval [ catch {spawn telnet $router $port} reason ] | |
| } | |
| if { $retval } { | |
| send_user "\nError: telnet failed: $reason\n" | |
| return 1 | |
| } | |
| } elseif [string match "ssh*" $prog] { | |
| regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port | |
| if {"$port" == ""} { | |
| set cmd [join [lindex $sshcmd 0] " "] | |
| set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] | |
| } else { | |
| set cmd [join [lindex $sshcmd 0] " "] | |
| set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user -p $port $router" { }]} reason ] | |
| } | |
| if { $retval } { | |
| send_user "\nError: $sshcmd failed: $reason\n" | |
| return 1 | |
| } | |
| } elseif ![string compare $prog "rsh"] { | |
| send_error "\nError: unsupported method: rsh\n" | |
| if { $progs == 0 } { | |
| return 1 | |
| } | |
| continue; | |
| } else { | |
| send_user "\nError: unknown connection method: $prog\n" | |
| return 1 | |
| } | |
| sleep 0.3 | |
| # This helps cleanup each expect clause. | |
| expect_after { | |
| timeout { | |
| send_user "\nError: TIMEOUT reached\n" | |
| catch {close}; catch {wait}; | |
| if { $in_proc} { | |
| return 1 | |
| } else { | |
| continue | |
| } | |
| } eof { | |
| send_user "\nError: EOF received\n" | |
| catch {close}; catch {wait}; | |
| if { $in_proc} { | |
| return 1 | |
| } else { | |
| continue | |
| } | |
| } | |
| } | |
| # Here we get a little tricky. There are several possibilities: | |
| # the firewall can ask for a username and passwd and then | |
| # talk to the TACACS server to authenticate you, or if the | |
| # TACACS server is not working, then it will use the enable | |
| # passwd. Or, the firewall might not have TACACS turned on, | |
| # then it will just send the passwd. | |
| # if telnet fails with connection refused, try ssh | |
| expect { | |
| -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { | |
| catch {close}; catch {wait}; | |
| if !$progs { | |
| send_user "\nError: Connection Refused ($prog): $router\n" | |
| return 1 | |
| } | |
| } | |
| -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { | |
| catch {close}; catch {wait}; | |
| if !$progs { | |
| send_user "\nError: Connection closed ($prog): $router\n" | |
| return 1 | |
| } | |
| } | |
| eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } | |
| -nocase "unknown host\r" { | |
| send_user "\nError: Unknown host $router\n"; | |
| catch {close}; catch {wait}; | |
| return 1 | |
| } | |
| "Host is unreachable" { | |
| send_user "\nError: Host Unreachable: $router\n"; | |
| catch {close}; catch {wait}; | |
| return 1 | |
| } | |
| "No address associated with name" { | |
| send_user "\nError: Unknown host $router\n"; | |
| catch {close}; catch {wait}; | |
| return 1 | |
| } | |
| -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { | |
| send "yes\r" | |
| send_user "\nHost $router added to the list of known hosts.\n" | |
| exp_continue } | |
| -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { | |
| send "no\r" | |
| send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" | |
| catch {close}; catch {wait}; | |
| return 1 | |
| } | |
| -re "Offending key for .* \(yes\/no\)\?" { | |
| send "no\r" | |
| send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" | |
| catch {close}; catch {wait}; | |
| return 1 | |
| } | |
| -re "(denied|Sorry)" { | |
| send_user "\nError: Check your passwd for $router\n" | |
| catch {close}; catch {wait}; return 1 | |
| } | |
| "Login failed" { | |
| send_user "\nError: Check your passwd for $router\n"; | |
| catch {close}; catch {wait}; return 1 | |
| } | |
| -re "\[Uu]ser\[nN]ame:" { | |
| sleep 1; | |
| send -- "$user\r" | |
| set uprompt_seen 1 | |
| exp_continue | |
| } | |
| -re " <at> \[^\r\n]+\[Pp]assword:" { | |
| # ssh pwd prompt | |
| sleep 1 | |
| send -- "$userpswd\r" | |
| exp_continue | |
| } | |
| "\[Pp]ass\[Ww]ord:" { | |
| sleep 1; | |
| if {$uprompt_seen == 1} { | |
| send -- "$userpswd\r" | |
| } else { | |
| send -- "$passwd\r" | |
| } | |
| exp_continue | |
| } | |
| -- "$prompt" { break; } | |
| } | |
| } | |
| set in_proc 0 | |
| return 0 | |
| } | |
| # Run commands given on the command line. | |
| proc run_commands { prompt command } { | |
| global in_proc | |
| set in_proc 1 | |
| # Disable output paging. | |
| send -- "disable clipaging\r" | |
| expect -re $prompt; | |
| set commands [split $command \;] | |
| set num_commands [llength $commands] | |
| for {set i 0} {$i < $num_commands} { incr i} { | |
| send -- "[subst [lindex $commands $i]]\r" | |
| # send_user "**************** [subst [lindex $commands $i]] ************\n" | |
| expect { | |
| -re "$prompt" { send "\r" | |
| sleep 0.5 | |
| } | |
| -re "All " { send "a" | |
| exp_continue | |
| -re "\[\n\r]+" { exp_continue } | |
| } | |
| } | |
| } | |
| # send_user "******* fuori da ciclo for *******\n" | |
| expect { | |
| -re "$prompt$" { | |
| send "logout\r" | |
| sleep 0.5 | |
| exp_continue | |
| } | |
| -re "\[\n\r]+" { exp_continue } | |
| -gl "Configuration modified, save?" { | |
| send "n\r" | |
| exp_continue | |
| } | |
| timeout { catch {close}; catch {wait}; | |
| return 0 | |
| } | |
| eof { return 0 } | |
| } | |
| set in_proc 0 | |
| } | |
| # | |
| # For each firewall... (this is main loop) | |
| # | |
| source_password_file $password_file | |
| set in_proc 0 | |
| set exitval 0 | |
| foreach router [lrange $argv $i end] { | |
| set router [string tolower $router] | |
| send_user "$router\n" | |
| # FortiOS 2.x prompts can end in either '#' or '$' | |
| set prompt "\[#\\$]" | |
| # Figure out passwords | |
| if { $do_passwd || $do_enapasswd } { | |
| set pswd [find password $router] | |
| if { [llength $pswd] == 0 } { | |
| send_user "\nError: no password for $router in $password_file.\n" | |
| continue | |
| } | |
| set passwd [join [lindex $pswd 0] ""] | |
| set enapasswd [join [lindex $pswd 1] ""] | |
| } else { | |
| set passwd $userpasswd | |
| set enapasswd $enapasswd | |
| } | |
| # Figure out username | |
| if {[info exists username]} { | |
| # command line username | |
| set ruser $username | |
| } else { | |
| set ruser [join [find user $router] ""] | |
| if { "$ruser" == "" } { set ruser $default_user } | |
| } | |
| # Figure out username's password (if different from the vty password) | |
| if {[info exists userpasswd]} { | |
| # command line username | |
| set userpswd $userpasswd | |
| } else { | |
| set userpswd [join [find userpassword $router] ""] | |
| if { "$userpswd" == "" } { set userpswd $passwd } | |
| } | |
| # Figure out cypher type | |
| if {[info exists cypher]} { | |
| # command line cypher type | |
| set cyphertype $cypher | |
| } else { | |
| set cyphertype [find cyphertype $router] | |
| if { "$cyphertype" == "" } { set cyphertype "3des" } | |
| } | |
| # Figure out connection method | |
| set cmethod [find method $router] | |
| if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } | |
| # Figure out the SSH executable name | |
| set sshcmd [find sshcmd $router] | |
| if { "$sshcmd" == "" } { set sshcmd {ssh} } | |
| # Login to the router | |
| if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { | |
| incr exitval | |
| continue | |
| } | |
| # we are logged in, now figure out the full prompt based on what the device sends us. | |
| send "\r" | |
| expect { | |
| -re "\[\r\n]+" { exp_continue; } | |
| -re "^(.+$prompt)" { set junk $expect_out(0,string); } | |
| if {[$junk = "(^\\$ $)"]} { | |
| set prompt $junk; | |
| } else { | |
| if {[$junk = "(^# $)"]} { set prompt $junk ; } | |
| }; | |
| } | |
| if { $do_command } { | |
| if {[run_commands $prompt $command]} { | |
| incr exitval | |
| continue | |
| } | |
| } elseif { $do_script } { | |
| # Disable output paging. | |
| send "config system console\r" | |
| send "set output standard\r" | |
| send "end\r" | |
| expect -re $prompt {} | |
| source $sfile | |
| catch {close}; | |
| } else { | |
| label $router | |
| log_user 1 | |
| interact | |
| } | |
| # End of for each firewall | |
| catch {wait}; | |
| sleep 0.3 | |
| } | |
| exit $exitval |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/perl | |
| ## | |
| ## | |
| ## dlrancid | |
| ## | |
| ## rancid 2.3.6 | |
| ## Copyright (c) 1997-2008 by Terrapin Communications, Inc. | |
| ## All rights reserved. | |
| ## | |
| ## This code is derived from software contributed to and maintained by | |
| ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, | |
| ## Pete Whiting, Austin Schutz, and Andrew Fort. | |
| ## | |
| ## Redistribution and use in source and binary forms, with or without | |
| ## modification, are permitted provided that the following conditions | |
| ## are met: | |
| ## 1. Redistributions of source code must retain the above copyright | |
| ## notice, this list of conditions and the following disclaimer. | |
| ## 2. Redistributions in binary form must reproduce the above copyright | |
| ## notice, this list of conditions and the following disclaimer in the | |
| ## documentation and/or other materials provided with the distribution. | |
| ## 3. All advertising materials mentioning features or use of this software | |
| ## must display the following acknowledgement: | |
| ## This product includes software developed by Terrapin Communications, | |
| ## Inc. and its contributors for RANCID. | |
| ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its | |
| ## contributors may be used to endorse or promote products derived from | |
| ## this software without specific prior written permission. | |
| ## 5. It is requested that non-binding fixes and modifications be contributed | |
| ## back to Terrapin Communications, Inc. | |
| ## | |
| ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS | |
| ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
| ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS | |
| ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| ## POSSIBILITY OF SUCH DAMAGE. | |
| # | |
| # A library built on Stephen Gill's Netscreen stuff to accomodate | |
| # the Fortinet product line. [d_pfleger @juniper.net] | |
| # In turn massaged some more to accomodate the D-Link line of switches | |
| # | |
| # RANCID - Really Awesome New Cisco confIg Differ | |
| # | |
| # usage: dlrancid [-dV] [-l] [-f filename | hostname] | |
| # | |
| use Getopt::Std; | |
| getopts('dflV'); | |
| if ($opt_V) { | |
| print "rancid 2.3.6\n"; | |
| exit(0); | |
| } | |
| $log = $opt_l; | |
| $debug = $opt_d; | |
| #$debug = 1; | |
| $file = $opt_f; | |
| $host = $ARGV[0]; | |
| $found_end = 0; | |
| $timeo = 300; # dllogin timeout in seconds (some of these devices are remarkably slow to read config) | |
| my( @commandtable, %commands, @commands);# command lists | |
| my($aclsort) = ("ipsort"); # ACL sorting mode | |
| my($filter_commstr); # SNMP community string filtering | |
| my($filter_pwds); # password filtering mode | |
| # This routine is used to print out the router configuration | |
| sub ProcessHistory { | |
| my($new_hist_tag,$new_command,$command_string, @string) = ( @_); | |
| if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) | |
| && scalar(%history)) { | |
| print eval "$command \%history"; | |
| undef %history; | |
| } | |
| if (($new_hist_tag) && ($new_command) && ($command_string)) { | |
| if ($history{$command_string}) { | |
| $history{$command_string} = "$history{$command_string} @string"; | |
| } else { | |
| $history{$command_string} = " @string"; | |
| } | |
| } elsif (($new_hist_tag) && ($new_command)) { | |
| $history{++$#history} = " @string"; | |
| } else { | |
| print " @string"; | |
| } | |
| $hist_tag = $new_hist_tag; | |
| $command = $new_command; | |
| 1; | |
| } | |
| sub numerically { $a <=> $b; } | |
| # This is a sort routine that will sort numerically on the | |
| # keys of a hash as if it were a normal array. | |
| sub keynsort { | |
| local(%lines) = @_; | |
| local($i) = 0; | |
| local( @sorted_lines); | |
| foreach $key (sort numerically keys(%lines)) { | |
| $sorted_lines[$i] = $lines{$key}; | |
| $i++; | |
| } | |
| @sorted_lines; | |
| } | |
| # This is a sort routine that will sort on the | |
| # keys of a hash as if it were a normal array. | |
| sub keysort { | |
| local(%lines) = @_; | |
| local($i) = 0; | |
| local( @sorted_lines); | |
| foreach $key (sort keys(%lines)) { | |
| $sorted_lines[$i] = $lines{$key}; | |
| $i++; | |
| } | |
| @sorted_lines; | |
| } | |
| # This is a sort routine that will sort on the | |
| # values of a hash as if it were a normal array. | |
| sub valsort{ | |
| local(%lines) = @_; | |
| local($i) = 0; | |
| local( @sorted_lines); | |
| foreach $key (sort values %lines) { | |
| $sorted_lines[$i] = $key; | |
| $i++; | |
| } | |
| @sorted_lines; | |
| } | |
| # This is a numerical sort routine (ascending). | |
| sub numsort { | |
| local(%lines) = @_; | |
| local($i) = 0; | |
| local( @sorted_lines); | |
| foreach $num (sort {$a <=> $b} keys %lines) { | |
| $sorted_lines[$i] = $lines{$num}; | |
| $i++; | |
| } | |
| @sorted_lines; | |
| } | |
| # This is a sort routine that will sort on the | |
| # ip address when the ip address is anywhere in | |
| # the strings. | |
| sub ipsort { | |
| local(%lines) = @_; | |
| local($i) = 0; | |
| local( @sorted_lines); | |
| foreach $addr (sort sortbyipaddr keys %lines) { | |
| $sorted_lines[$i] = $lines{$addr}; | |
| $i++; | |
| } | |
| @sorted_lines; | |
| } | |
| # These two routines will sort based upon IP addresses | |
| sub ipaddrval { | |
| my( @a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); | |
| $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); | |
| } | |
| sub sortbyipaddr { | |
| &ipaddrval($a) <=> &ipaddrval($b); | |
| } | |
| # This routine parses "get system" | |
| sub GetSystem { | |
| print STDERR " In GetSystem: $_" if ($debug); | |
| my $priv_key; | |
| while (<INPUT>) { | |
| tr/\015//d; | |
| next if /^\s*$/; | |
| last if (/$prompt/); | |
| #next if (/^System Time:/i); | |
| #next if (/^\s*Virus-DB: .*/); | |
| #next if (/^\s*Extended DB: .*/); | |
| #next if (/^\s*IPS-DB: .*/); | |
| #next if (/^FortiClient application signature package:/); | |
| ProcessHistory("","","","#$_"); | |
| } | |
| ProcessHistory("SYSTEM","","","\n"); | |
| return(0); | |
| } | |
| sub GetFile { | |
| print STDERR " In GetFile: $_" if ($debug); | |
| while (<INPUT>) { | |
| last if (/$prompt/); | |
| } | |
| ProcessHistory("FILE","","","\n"); | |
| return(0); | |
| } | |
| sub GetConf { | |
| print STDERR " In GetConf: $_" if ($debug); | |
| my $password_counter=0; | |
| while (<INPUT>) { | |
| tr/\015//d; | |
| next if /^\s*$/; | |
| last if (/$prompt/); | |
| # filter variabilities between configurations. password encryption | |
| # upon each display of the configuration. | |
| #if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) { | |
| # ProcessHistory("ENC","","","#$1 ENC <removed> $3\n"); | |
| # next; | |
| #} | |
| # if filtering passwords, note that we're on an opening account line | |
| # next two lines will be passwords | |
| if (/^create account / && $filter_pwds > 0 ) { | |
| $password_counter=2; | |
| ProcessHistory("","","","#$_"); | |
| next; | |
| } | |
| elsif ($password_counter > 0) { | |
| $password_counter--; | |
| ProcessHistory("","","","#<removed>\n"); | |
| next; | |
| } | |
| ProcessHistory("","","","$_"); | |
| } | |
| $found_end = 1; | |
| return(1); | |
| } | |
| # dummy function | |
| sub DoNothing {print STDOUT;} | |
| # Main | |
| @commandtable = ( | |
| {'show switch' => 'GetSystem'}, | |
| {'show config current_config' => 'GetConf'} | |
| ); | |
| # Use an array to preserve the order of the commands and a hash for mapping | |
| # commands to the subroutine and track commands that have been completed. | |
| @commands = map(keys(%$_), @commandtable); | |
| %commands = map(%$_, @commandtable); | |
| $cisco_cmds=join(";", @commands); | |
| $cmds_regexp = join("|", map quotemeta($_), @commands); | |
| if (length($host) == 0) { | |
| if ($file) { | |
| print(STDERR "Too few arguments: file name required\n"); | |
| exit(1); | |
| } else { | |
| print(STDERR "Too few arguments: host name required\n"); | |
| exit(1); | |
| } | |
| } | |
| open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; | |
| select(OUTPUT); | |
| # make OUTPUT unbuffered if debugging | |
| if ($debug) { $| = 1; } | |
| if ($file) { | |
| print STDERR "opening file $host\n" if ($debug); | |
| print STDOUT "opening file $host\n" if ($log); | |
| open(INPUT,"<$host") || die "open failed for $host: $!\n"; | |
| } else { | |
| print STDERR "executing dllogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); | |
| print STDOUT "executing dllogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); | |
| if (defined($ENV{NOPIPE})) { | |
| system "dllogin -t $timeo -c \"$cisco_cmds\" $host </dev/null > $host.raw 2>&1" || die "dllogin failed | |
| for $host: $!\n"; | |
| open(INPUT, "< $host.raw") || die "dllogin failed for $host: $!\n"; | |
| } else { | |
| open(INPUT,"dllogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") || die "dllogin failed for | |
| $host: $!\n"; | |
| } | |
| } | |
| # determine ACL sorting mode | |
| if ($ENV{"ACLSORT"} =~ /no/i) { | |
| $aclsort = ""; | |
| } | |
| # determine community string filtering mode | |
| if (defined($ENV{"NOCOMMSTR"}) && | |
| ($ENV{"NOCOMMSTR"} =~ /yes/i || $ENV{"NOCOMMSTR"} =~ /^$/)) { | |
| $filter_commstr = 1; | |
| } else { | |
| $filter_commstr = 0; | |
| } | |
| # determine password filtering mode | |
| if ($ENV{"FILTER_PWDS"} =~ /no/i) { | |
| $filter_pwds = 0; | |
| } elsif ($ENV{"FILTER_PWDS"} =~ /all/i) { | |
| $filter_pwds = 2; | |
| } else { | |
| $filter_pwds = 1; | |
| } | |
| ProcessHistory("","","","#RANCID-CONTENT-TYPE: D-Link\n\n"); | |
| TOP: while(<INPUT>) { | |
| tr/\015//d; | |
| if (/^Error:/) { | |
| print STDOUT ("$host dllogin error: $_"); | |
| print STDERR ("$host dllogin error: $_") if ($debug); | |
| last; | |
| } | |
| while (/^.+(#|\$)\s*($cmds_regexp)\s*$/) { | |
| $cmd = $2; | |
| # - FortiGate prompts end with either '#' or '$'. Further, they may | |
| # be prepended with a '~' if the hostname is too long. Therefore, | |
| # we need to figure out what our prompt really is. | |
| # if (!defined($prompt)) { | |
| # if ($_ =~ m/^.+\~\$/) { | |
| # $prompt = '\~\$ .*'; | |
| # } else { | |
| # if ($_ =~ m/^.+\$/) { | |
| # $prompt = ' \$ .*'; | |
| # } else { | |
| # if ($_ =~ m/^.+\~#/) { | |
| # $prompt = '\~# .*'; | |
| # } else { | |
| if ($_ =~ m/^.+#/) { | |
| $prompt = '.+#.*'; | |
| } | |
| # } | |
| # } | |
| # } | |
| # } | |
| print STDERR ("HIT COMMAND:$_") if ($debug); | |
| if (!defined($commands{$cmd})) { | |
| print STDERR "$host: found unexpected command - \"$cmd\"\n"; | |
| last TOP; | |
| } | |
| $rval = &{$commands{$cmd}}; | |
| delete($commands{$cmd}); | |
| if ($rval == -1) { | |
| last TOP; | |
| } | |
| } | |
| } | |
| print STDOUT "Done $logincmd: $_\n" if ($log); | |
| # Flush History | |
| ProcessHistory("","","",""); | |
| # Cleanup | |
| close(INPUT); | |
| close(OUTPUT); | |
| if (defined($ENV{NOPIPE})) { | |
| unlink("$host.raw") if (! $debug); | |
| } | |
| # check for completeness | |
| if (scalar(%commands) || !$found_end) { | |
| if (scalar(%commands)) { | |
| printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); | |
| printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); | |
| } | |
| if (!$found_end) { | |
| print STDOUT "$found_end: found end\n"; | |
| print STDOUT "$host: End of run not found\n"; | |
| print STDERR "$host: End of run not found\n" if ($debug); | |
| system("/usr/bin/tail -1 $host.new"); | |
| } | |
| unlink "$host.new" if (! $debug); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment