[rancid] fnlogin patch to correct issues with and without multiple vdoms on fortinet devices
Skoog, Robert
Robert.Skoog at safelite.com
Tue Mar 5 15:14:40 UTC 2013
Hi,
We noticed that some devices behaved oddly when the config global command was sent and didn't have VDOMs enabled. This patch looks at the device to first see if VDOMs are enabled and only if they are is the config global command sent. The patch also enables paging again before fnlogin exits leaving the device unchanged. This diff also includes other changes I found on the mailing list to resolve other fortinet issues and can be safely applied to the 2.3.8 version to get fortinet devices working. These changes have been tested over the last 3 months on a group of about 20 test sites. You will also need fnrancid patch which was posted here: http://www.shrubbery.net/pipermail/rancid-discuss/2011-February/005488.html in order for fortinet devices to work well with rancid.
Thanks,
Rob
--- fnlogin.orig 2012-12-04 19:29:52.000000000 -0500
+++ fnlogin 2012-12-10 10:11:31.000000000 -0500
@@ -291,7 +291,7 @@
incr progs -1
if [string match "telnet*" $prog] {
regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
- if {"$port" == ""} {
+ if {"$port" != ""} {
set retval [ catch {spawn telnet $router} reason ]
} else {
set retval [ catch {spawn telnet $router $port} reason ]
@@ -303,9 +303,8 @@
} elseif [string match "ssh*" $prog] {
regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port
set cmd $sshcmd
- if {"$port" == ""} {
- #set cmd "$cmd -p $port"
- set cmd "$cmd -p 22"
+ if {"$port" != ""} {
+ set cmd "$cmd -p $port"
}
set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ]
if { $retval } {
@@ -445,12 +444,17 @@
global in_proc
set in_proc 1
- # For use when vdoms are enabled
- send "config global\r"
# Disable output paging.
- send -- "config system console\r"
+ log_user 0
+ send -- "get system status \r"
+ expect {
+ -re "tion: ena" { expect -re $prompt; send "config global\r"}
+ -re "tion: dis" {}
+ }
+ expect -re $prompt; send -- "config system console\r"
expect -re $prompt; send -- "set output standard\r"
expect -re $prompt; send -- "end\r"
+ log_user 1
expect -re $prompt;
set commands [split $command \;]
@@ -461,19 +465,26 @@
-re "$prompt" { send "\r"
sleep 0.5
}
- -gl "--More--" { send " "
+ -gl "--More--\[^\n\r]*" { send " "
exp_continue
- -re "\[\n\r]+" { exp_continue }
+ -re "\[^\r\n]*\[\n\r]+" { send_user -- "expect_out(buffer)"
+ exp_continue }
}
}
}
expect {
-re "$prompt$" {
- #send "config global\r"
- #send "config system console\r"
- #send "set output more\r"
- #send "end\r"
- send "exit\r"
+ log_user 0
+ send -- "get system status \r"
+ expect {
+ -re "tion: ena" { expect -re $prompt; send "config global\r"}
+ -re "tion: dis" {}
+ }
+ expect -re $prompt; send -- "config system console\r"
+ expect -re $prompt; send -- "set output more\r"
+ expect -re $prompt; send -- "end\r"
+ log_user 1
+ expect -re $prompt; send "exit\r"
sleep 0.5
exp_continue
}
@@ -579,18 +590,18 @@
}
} elseif { $do_script } {
# Disable output paging.
- # For use when vdoms are enabled
- send "config global\r"
- send "config system console\r"
- send "set output standard\r"
- send "end\r"
+ log_user 0
+ send -- "get system status \r"
+ expect {
+ -re "tion: ena" { expect -re $prompt; send "config global\r"}
+ -re "tion: dis" {}
+ }
+ expect -re $prompt; send "config system console\r"
+ expect -re $prompt; send "set output standard\r"
+ expect -re $prompt; send "end\r"
+ log_user 1
expect -re $prompt {}
source $sfile
- #undo paging
- #send "config global\r"
- #send "config system console\r"
- #send "set output more\r"
- #send "end\r"
catch {close};
} else {
label $router
____________________________________________________________
This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20130305/1cea8c0a/attachment.html>
More information about the Rancid-discuss
mailing list