[rancid] rancid with Fortigate FG100A

[Gavin McCullagh]

Hi,

we're just starting to use Rancid and have started off with a Fortigate
FG100A firewall.  Regrettably, the existing scripts (nlogin, fnrancid)
don't quite work with it.

I've managed to patch those to get what seems to be a working setup (see
below).  The prompt is different, the get config command is slightly
different and you need to strip out the "System time" from the status or
else you get a patch every hour.

Would it be of interest to add support to the project?

Gavin


--- nlogin	2011-01-27 17:19:04.000000000 +0000
+++ fglogin	2011-01-30 15:00:21.000000000 +0000
@@ -482,7 +482,7 @@
     set router [string tolower $router]
     send_user "$router\n"
 
-    set prompt {-> }
+    set prompt " #"
 
     # Figure out passwords
     if { $do_passwd || $do_enapasswd } {
@@ -557,7 +557,7 @@
 	    continue
 	}
     } elseif { $do_script } {
-	send "set console page 0\r"
+	#send "set console page 0\r"
 	expect -re $prompt	{}
 	source $sfile
 	catch {close};



--- fnrancid	2011-01-30 15:48:57.000000000 +0000
+++ fgrancid	2011-01-30 15:49:48.000000000 +0000
@@ -59,7 +59,7 @@
 $file = $opt_f;
 $host = $ARGV[0];
 $found_end = 0;
-$timeo = 90;				# nlogin timeout in seconds
+$timeo = 90;				# fglogin timeout in seconds
 
 my(@commandtable, %commands, @commands);# command lists
 my($aclsort) = ("ipsort");		# ACL sorting mode
@@ -173,6 +173,7 @@
     while (<INPUT>) {
 	tr/\015//d;
 	next if /^\s*$/;
+	next if /^\s*System time: /;
 	last if(/$prompt/);
 	ProcessHistory("","","","$_");
 	#print STDOUT "$_";
@@ -214,7 +215,7 @@
 # Main
 @commandtable = (
 	{'get system status'	=> 'GetSystem'},
-	{'get conf'		=> 'GetConf'}
+	{'show '		=> 'GetConf'}
 );
 # Use an array to preserve the order of the commands and a hash for mapping
 # commands to the subroutine and track commands that have been completed.
@@ -242,13 +243,13 @@
     print STDERR "opening file $host\n" if ($debug);
     print STDOUT "opening file $host\n" if ($log);
     open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else {
-    print STDERR "executing nlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
-    print STDOUT "executing nlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
+    print STDERR "executing fglogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
+    print STDOUT "executing fglogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
     if (defined($ENV{NOPIPE})) {
-	system "nlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null > $host.raw 2>&1" || die "nlogin failed for $host: $!\n";
-	open(INPUT, "< $host.raw") || die "nlogin failed for $host: $!\n";
+	system "fglogin -t $timeo -c \"$cisco_cmds\" $host </dev/null > $host.raw 2>&1" || die "fglogin failed for $host: $!\n";
+	open(INPUT, "< $host.raw") || die "fglogin failed for $host: $!\n";
     } else {
-	open(INPUT,"nlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") || die "nlogin failed for $host: $!\n";
+	open(INPUT,"fglogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") || die "fglogin failed for $host: $!\n";
     }
 }
 
@@ -276,13 +277,13 @@
 TOP: while(<INPUT>) {
     tr/\015//d;
     if (/^Error:/) {
-	print STDOUT ("$host nlogin error: $_");
-	print STDERR ("$host nlogin error: $_") if ($debug);
+	print STDOUT ("$host fglogin error: $_");
+	print STDERR ("$host fglogin error: $_") if ($debug);
 	last;
     }
-    while (/>\s*($cmds_regexp)\s*$/) {
+    while (/#\s*($cmds_regexp)\s*$/) {
 	$cmd = $1;
-	if (!defined($prompt)) { $prompt = " >\s*"; }
+	if (!defined($prompt)) { $prompt = " #\s*"; }
 	print STDERR ("HIT COMMAND:$_") if ($debug);
 	if (!defined($commands{$cmd})) {
 	    print STDERR "$host: found unexpected command - \"$cmd\"\n";
@@ -307,6 +308,7 @@
 }
 
 # check for completeness
+printf STDERR scalar(%commands) . "\n";
 if (scalar(%commands) || !$found_end) {
     if (scalar(%commands)) {
 	printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));