#! /usr/bin/perl
##
## rancid 3.13
## Copyright (c) 1997-2019 by Henry Kilmer and John Heasley
## All rights reserved.
##
## This code is derived from software contributed to and maintained by
## Henry Kilmer, John Heasley, Andrew Partan,
## Pete Whiting, Austin Schutz, and Andrew Fort.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in the
##    documentation and/or other materials provided with the distribution.
## 3. Neither the name of RANCID nor the names of its
##    contributors may be used to endorse or promote products derived from
##    this software without specific prior written permission.
##
## THIS SOFTWARE IS PROVIDED BY Henry Kilmer, John Heasley AND CONTRIBUTORS
## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS
## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
##
## It is the request of the authors, but not a condition of license, that
## parties packaging or redistributing RANCID NOT distribute altered versions
## of the etc/rancid.types.base file nor alter how this file is processed nor
## when in relation to etc/rancid.types.conf.  The goal of this is to help
## suppress our support costs.  If it becomes a problem, this could become a
## condition of license.
# 
#  The expect login scripts were based on Erik Sherk's gwtn, by permission.
# 
#  The original looking glass software was written by Ed Kern, provided by
#  permission and modified beyond recognition.
#
# jerancid - tries to deal with Juniper ERXs.
#
#  RANCID - Really Awesome New Cisco confIg Differ
#
# usage: jerancid [-dltCV] [-f filename | hostname]
#
use Getopt::Std;
getopts('dflt:CV');
if ($opt_V) {
    print "rancid 3.13\n";
    exit(0);
}
$log = $opt_l;
$debug = $opt_d;
$file = $opt_f;
$host = $ARGV[0];
$clean_run = 0;
$found_end = 0;
$timeo = 90;				# clogin timeout in seconds

my(@commandtable, %commands, @commands);# command lists
my($aclsort) = ("ipsort");		# ACL sorting mode
my($filter_commstr);			# SNMP community string filtering
my($filter_osc);			# oscillating data filtering mode
my($filter_pwds);			# password filtering mode

# This routine is used to print out the router configuration
sub ProcessHistory {
    my($new_hist_tag,$new_command,$command_string,@string) = (@_);
    if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
	&& scalar(%history)) {
	print eval "$command \%history";
	undef %history;
    }
    if (($new_hist_tag) && ($new_command) && ($command_string)) {
	if ($history{$command_string}) {
	    $history{$command_string} = "$history{$command_string}@string";
	} else {
	    $history{$command_string} = "@string";
	}
    } elsif (($new_hist_tag) && ($new_command)) {
	$history{++$#history} = "@string";
    } else {
	print "@string";
    }
    $hist_tag = $new_hist_tag;
    $command = $new_command;
    1;
}

sub numerically { $a <=> $b; }

# This is a sort routine that will sort numerically on the
# keys of a hash as if it were a normal array.
sub keynsort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $key (sort numerically keys(%lines)) {
	$sorted_lines[$i] = $lines{$key};
	$i++;
    }
    @sorted_lines;
}

# This is a sort routine that will sort on the
# keys of a hash as if it were a normal array.
sub keysort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $key (sort keys(%lines)) {
	$sorted_lines[$i] = $lines{$key};
	$i++;
    }
    @sorted_lines;
}

# This is a sort routine that will sort on the
# values of a hash as if it were a normal array.
sub valsort{
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $key (sort values %lines) {
	$sorted_lines[$i] = $key;
	$i++;
    }
    @sorted_lines;
}

# This is a numerical sort routine (ascending).
sub numsort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $num (sort {$a <=> $b} keys %lines) {
	$sorted_lines[$i] = $lines{$num};
	$i++;
    }
    @sorted_lines;
}

# This is a sort routine that will sort on the
# ip address when the ip address is anywhere in
# the strings.
sub ipsort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $addr (sort sortbyipaddr keys %lines) {
	$sorted_lines[$i] = $lines{$addr};
	$i++;
    }
    @sorted_lines;
}

# These two routines will sort based upon IP addresses
sub ipaddrval {
    my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
    $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0]));
}
sub sortbyipaddr {
    &ipaddrval($a) <=> &ipaddrval($b);
}

# This routine parses "show version"
sub ShowVersion {
    print STDERR "    In ShowVersion: $_" if ($debug);
    my($slots);

    while (<INPUT>) {
	tr/\015//d;
	last if(/^$prompt/);
	next if(/^(\s*|\s*$cmd\s*)$/);
	next if (/^Please wait/i);
	return(-1) if (/command authorization failed/i);

	/^Juniper Edge .* (\S+)$/ &&
		ProcessHistory("COMMENTS","keysort","A1",
				"!Chassis type: $1 - a $_") && next;
	/^System Release: / &&
		ProcessHistory("COMMENTS","keysort","B1", "!$_") && next;
	/^\s+(Version: .*)$/ &&
		ProcessHistory("COMMENTS","keysort","B1", "!System $1\n") &&
		next;

	if (/^(slot .*)\s+slot uptime/i) {
	    ($slots++);
	    ProcessHistory("COMMENTS","keysort","B2", "!\n! $1\n");
	    next;
	}
	/^(--.*) --+$/ && $slots &&
		ProcessHistory("COMMENTS","keysort","B2", "! $1\n") && next;
	if (/^(\d+\s+(\S+)\s+\S+\s+.*) \S+/ && $slots) {
	    my($line) = $1;
	    if (! ($2 =~ /--+/)) {
		ProcessHistory("COMMENTS","keysort","B3", "! $line\n");
	    }
	    next;
	}
    }
    ProcessHistory("COMMENTS","keysort","B4","!\n");
    return(0);
}

# This routine parses "show redundancy"
sub ShowRedundancy {
    print STDERR "    In ShowRedundancy: $_" if ($debug);

    while (<INPUT>) {
	tr/\015//d;
	last if(/^$prompt/);
	next if(/^(\s*|\s*$cmd\s*)$/);
	next if (/^Please wait/i);

	ProcessHistory("","","","! $_");
    }
    ProcessHistory("","","","!\n");
    return(0);
}

# This routine parses "show environment all"
sub ShowEnv {
    print STDERR "    In ShowEnv: $_" if ($debug);

    while (<INPUT>) {
	tr/\015//d;
	last if (/^$prompt/);
	next if (/^(\s*|\s*$cmd\s*)$/);
	next if (/^Please wait/i);
	return(-1) if (/command authorization failed/i);
	# fail if the RP is amid the auto-sync process
	if (/auto-sync enabled/ && !/in sync/) {
	    $in_sync = <INPUT>;
	    $in_sync =~ s/\015//;
	    print STDERR $in_sync if ($debug);
	    return(-1) if ( $in_sync !~ /in sync/);
	    s/^    //;
	    ProcessHistory("COMMENTS","keysort","D1","! $_");
	    $_ = $in_sync;
	}

	# skip/remove temperatures
	if (/processor\s+processor/) {
	     <INPUT>; <INPUT>; <INPUT>;
	     next;
	}
	if (/^[\d\/]+\s+[-\w\/\s]+\s+\d+.*/) {
	    s/(^[\d\/]+\s+[-\w\/\s]+\s+)(\d+)(.*)/$1 -removed- $3/;
	}

	/^\d+\s+\d+\s+\S+/ && next;

	# strip nvs usage
	s/, \d+% \S+\)/\)/;

	s/^    //;
	ProcessHistory("COMMENTS","keysort","D1","! $_");
    }
    ProcessHistory("COMMENTS","keysort","D1","!\n");
    return(0);
}

# This routine parses "show boot"
sub ShowBoot {
    print STDERR "    In ShowBoot: $_" if ($debug);

    while (<INPUT>) {
	tr/\015//d;
	last if (/^$prompt/);
	next if (/^(\s*|\s*$cmd\s*)$/);
	next if (/^Please wait/i);
	next if (/^\s*$/);
	return(1) if /^\s*\^\s*$/;
	return(-1) if (/command authorization failed/i);
	return(1) if /Ambiguous command/i;

	/System Release:\s+(.*)/ &&
		ProcessHistory("COMMENTS","keysort","C1","!Boot Release: $1\n")
		&& next;
	/System Configuration:\s+(.*)/ &&
		ProcessHistory("COMMENTS","keysort","C1",
					"!Boot Configuration: $1\n") && next;

	ProcessHistory("COMMENTS","keysort","C1","!$_");
    }
    ProcessHistory("COMMENTS","keysort","C1","!\n");
    return(0);
}

# This routine parses "dir"
sub DirSlotN {
    print STDERR "    In DirSlotN: $_" if ($debug);

    my($dev) = (/\s([^\s]+):/);

    while (<INPUT>) {
	tr/\015//d;
	last if (/^$prompt/);
	next if (/^(\s*|\s*$cmd\s*)$/);
	next if (/^Please wait/i);
	next if (/^system\.log/);
	# fail if the RP is amid the auto-sync process
	return(-1) if (/active\/standby/i && /not sync/);

	if (/(\S+:\s+)(\d+)(\s+)(\d+)(\s+)(\d+)/) {
	    my($totlen) = length($2) - 1;
	    my($tot) = $2 / (1024 * 1024);
	    my($freelen) = length($4) - 1;
	    my($free) = $4 / (1024 * 1024);
	    my($usedlen) = length($6) - 1;
	    my($used) = $6 / (1024 * 1024);
	    my($fmt) = sprintf("%%-%dsK%s%%-%dsK%s%%-%dsK", $totlen, $3,
			       $freelen, $5, $usedlen);

	    ProcessHistory("FLASH","","","!Flash: $1" .
			   sprintf($fmt, $tot, $free, $used));
	}
	ProcessHistory("FLASH","","","!Flash: $_");
    }
    ProcessHistory("","","","!\n");
    return(0);
}

# This routine parses "show hardware"
sub ShowHardware {
    print STDERR "    In ShowHardware: $_" if ($debug);

    while (<INPUT>) {
	tr/\015//d;
	last if (/^$prompt/);
	next if (/^(\s*|\s*$cmd\s*)$/);
	next if (/^Please wait/i);
	# return(1) if ($type =~ /^(12[40]|7[05])/);
	return(-1) if (/command authorization failed/i);
	next if (/^Please wait/i);

	# wow...a clean table
	ProcessHistory("","","","!$_");
    }
    ProcessHistory("","","","!\n");
    return(0);
}

# This routine processes a "show configuration"
sub WriteTerm {
    print STDERR "    In WriteTerm: $_" if ($debug);
    my($lineauto) = 0;

    while (<INPUT>) {
	tr/\015//d;
	last if(/^$prompt/);
	next if (/^Please wait/i);
	return(-1) if (/command authorization failed/i);
	/Non-Volatile memory is in use/  && return(-1); # NvRAM is locked
	$lineauto = 0 if (/^[^ ]/);

	# skip the crap
	/^! Configuration script /i && next;
	/^! Copyright /i && next;
	/^Please wait/i && next;
	/^(\.+)$/ && next; # Skip variable length pausing dot lines

	# Dog gone Cool matches to process the rest of the config
	/^ntp clock-period /    && next; # kill ntp clock-period
	/^ length /		&& next; # kill length on serial lines
	/^ width /		&& next; # kill width on serial lines
	$lineauto = 1 if /^ modem auto/;
	/^ speed / && $lineauto	&& next; # kill speed on serial lines
	/^ clockrate /		&& next; # kill clockrate on serial interfaces
	if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) {
	    ProcessHistory("ENABLE","","","!$1$2 <removed>\n");
	    next;
	}
	if (/^(enable secret) / && $filter_pwds >= 2) {
	    ProcessHistory("ENABLE","","","!$1 <removed>\n");
	    next;
	}

	# XXX: ERX appears to not have local usernames, but leaving these in
	#      case I am wrong.
	if (/^username (\S+)(\s.*)? secret /) {
	    if ($filter_pwds >= 2) {
		ProcessHistory("USER","keysort","$1",
					"!username $1$2 secret <removed>\n");
	    } else {
		ProcessHistory("USER","keysort","$1","$_");
	    }
	    next;
	}
	if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) {
	    if ($filter_pwds == 2) {
		ProcessHistory("USER","keysort","$1",
					"!username $1$2 password <removed>\n");
	    } elsif ($filter_pwds == 1 && $4 ne "5"){
		ProcessHistory("USER","keysort","$1",
					"!username $1$2 password <removed>\n");
	    } else {
		ProcessHistory("USER","keysort","$1","$_");
	    }
	    next;
	}

	if (/^(\s*)password / && $filter_pwds >= 1) {
	    ProcessHistory("LINE-PASS","","","!$1password <removed>\n");
	    next;
	}
	if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) {
	    ProcessHistory("","","","! neighbor $1 password <removed>\n");
	    next;
	}
	if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>\n"); next;
	}
	if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>\n"); next;
	}
	# isis interface passwords
	if (/^(\s+isis authentication-key \S+)( \d)? \S+/ &&
	    $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'\n"); next;
	}
	if (/^(\s+isis message-digest-key \d+ hmac-md5)( \d)?( \S+)/ &&
	    $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'"); next;
	}

	# this is reversable, despite 'md5' in the cmd
	if (/^(\s+ip ospf authentication-key \S+)( \d)? \S+/ &&
	    $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'\n"); next;
	}
	if (/^(\s+ip ospf message-digest-key \d+ hmac-md5)( \d)?( \S+)/ &&
	    $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'"); next;
	}
	if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>\n"); next;
	}

	# filter VRRP passwords
	if (/^(\s+ip vrrp authentication-key \d+)( \d)? \s+ / &&
	    $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>\n"); next;
	}

	# ftp host encrypted password oscillates
	if (/^(host \S+ \S+ ftp) /) {
	    my($prefix) = $1;
	    if (($filter_osc || $filter_pwds >= 1) && /^host \S+ \S+ ftp \d /) {
		ProcessHistory("","","","!$prefix <removed>\n"); next;
	    }
	}
	# mpls ldp encrypted password oscillates
	if (/^(mpls ldp neighbor \S+ password)/) {
	    my($prefix) = $1;
	    if (($filter_osc || $filter_pwds >= 1) &&
		/^mpls ldp neighbor \S+ password \d /) {
		ProcessHistory("","","","!$prefix <removed>\n"); next;
	    }
	}

	# sort ip explicit-paths.
	if (/^ip explicit-path name (\S+)/) {
	    my($key) = $1;
	    my($expath) = $_;
	    while (<INPUT>) {
		tr/\015//d;
		last if (/^$prompt/);
		last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/);
		if (/^ip explicit-path name (\S+)/) {
		    ProcessHistory("EXPATH","keysort","$key","$expath");
		    $key = $1;
		    $expath = $_;
		} else  {
		    $expath .= $_;
		}
	    }
	    ProcessHistory("EXPATH","keysort","$key","$expath");
	}
	# sort route-maps
	if (/^route-map (\S+)/) {
	    my($key) = $1;
	    my($routemap) = $_;
	    while (<INPUT>) {
		tr/\015//d;
		last if (/^$prompt/ || ! /^(route-map |[ !])/);
		if (/^route-map (\S+)/) {
		    ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
		    $key = $1;
		    $routemap = $_;
		} else  {
		    $routemap .= $_;
		}
	    }
	    ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
	}
	# filter out any RCS/CVS tags to avoid confusing local CVS storage
	s/\$(Revision|Id):/ $1:/;

	# order arp lists
	/^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ &&
	    ProcessHistory("ARP","$aclsort","$1","$_") && next;

	/^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/
	    && ProcessHistory("PACL $1 $3","$aclsort","$4",
			      "ip prefix-list $1 $3 $4$5\n") && next;


	# order/prune snmp-server host statements
	# we only prune lines of the form
	# snmp-server host a.b.c.d <community>
	if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) {
	    if ($filter_commstr) {
		my($ip) = $1;
		my($line) = "snmp-server host $ip";
		my(@tokens) = split(' ', $');
		my($token);
		while ($token = shift(@tokens)) {
		    if ($token eq 'version' || $tokens[0] == 1) {
			$line .= " " . join(' ', ($token, shift(@tokens)));
		    } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) {
			$line .= " " . $token;
		    } else {
			$line = "!$line " .
				join(' ', ("<removed>", join(' ',@tokens)));
			last;
		    }
		}
		ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n");
	    } else {
		ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_");
	    }
	    next;
	}
	if (/^(snmp-server community) (\S+)/) {
	    if ($filter_commstr) {
		ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 <removed>$'");
		next;
	    } else {
		ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next;
	    }
	}

	# prune tacacs/radius server keys
	if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 key <removed>\n"); next;
	}
	if (/^((tacacs-server|radius-server) host \S+ key)( \d)? \S+/ &&
							$filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'"); next;
	}
	if (/^( key )(\d )?\S+/ && $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'"); next;
	}

	# order clns host statements
	/^clns host \S+ (\S+)/ &&
	    ProcessHistory("CLNS","keysort","$1","$_") && next;
	# order alias statements
	/^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next;
	# filter isis keys
	if (/^( (area|domain)-message-digest-key \d+ hmac-md5)( \d)? \S+/ &&
							$filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'\n"); next;
	}
	if (/^( (area|domain)-authentication-key)( \d)? \S+( \d)?/ &&
							$filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>$'\n"); next;
	}

	# delete ntp auth password - this md5 is a reversable too
	if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) {
	    ProcessHistory("","","","!$1 <removed>\n"); next;
	}

	# order ntp peers/servers
	if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) {
	    $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5);
	    ProcessHistory("NTP","keysort",$sortkey,"$_");
	    next;
	}

	# catch anything that wasnt matched above.
	ProcessHistory("","","","$_");
	# end of config...is a comment.
	if (/^! end of /i) {
	    $found_end = 1;
	    return(1);
	}
    }
    return(0);
}

# Main
@commandtable = (
	{'show version'		=> 'ShowVersion'},
	{'show redundancy'	=> 'ShowRedundancy'},
	{'show boot'		=> 'ShowBoot'},
	{'show environment all'	=> 'ShowEnv'},
	{'dir'			=> 'DirSlotN'},
	{'show hardware'	=> 'ShowHardware'},
	{'show configuration'	=> 'WriteTerm'}
);
# Use an array to preserve the order of the commands and a hash for mapping
# commands to the subroutine and track commands that have been completed.
@commands = map(keys(%$_), @commandtable);
%commands = map(%$_, @commandtable);
$commandcnt = scalar(keys %commands);

$jnxe_cmds=join(";",@commands);
$cmds_regexp = join("|", map quotemeta($_), @commands);

if (length($host) == 0) {
    if ($file) {
	print(STDERR "Too few arguments: file name required\n");
	exit(1);
    } else {
	print(STDERR "Too few arguments: host name required\n");
	exit(1);
    }
}
if ($opt_C) {
    print "clogin -t $timeo -c\'$jnxe_cmds\' $host\n";
    exit(0);
}
open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
select(OUTPUT);
# make OUTPUT unbuffered if debugging
if ($debug) { $| = 1; }

if ($file) {
    print(STDERR "opening file $host\n") if ($debug || $log);
    open(INPUT,"<$host") || die "open failed for $host: $!\n";
} else {
    print(STDERR "executing clogin -t $timeo -c\"$jnxe_cmds\" $host\n") if ($debug || $log);
    system "clogin -t $timeo -c \"$jnxe_cmds\" $host </dev/null > $host.raw 2>&1" || die "clogin failed for $host: $!\n";
    open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n";
}

# determine ACL sorting mode
if ($ENV{"ACLSORT"} =~ /no/i) {
    $aclsort = "";
}
# determine community string filtering mode
if (defined($ENV{"NOCOMMSTR"}) &&
    ($ENV{"NOCOMMSTR"} =~ /yes/i || $ENV{"NOCOMMSTR"} =~ /^$/)) {
    $filter_commstr = 1;
} else {
    $filter_commstr = 0;
}
if (defined($ENV{"FILTER_OSC"}) && $ENV{"FILTER_OSC"} =~ /no/i) {
    $filter_osc = 0;
} else {
    $filter_osc = 1;
}
# determine oscillating data filtering mode
if (defined($ENV{"FILTER_OSC"}) && $ENV{"FILTER_OSC"} =~ /no/i) {
    $filter_osc = 0;
} else {
    $filter_osc = 1;
}
# determine password filtering mode
if ($ENV{"FILTER_PWDS"} =~ /no/i) {
    $filter_pwds = 0;
} elsif ($ENV{"FILTER_PWDS"} =~ /all/i) {
    $filter_pwds = 2;
} else {
    $filter_pwds = 1;
}

ProcessHistory("","","","!RANCID-CONTENT-TYPE: erx\n!\n");
ProcessHistory("COMMENTS","keysort","B0","!\n");
ProcessHistory("COMMENTS","keysort","F0","!\n");
ProcessHistory("COMMENTS","keysort","G0","!\n");
TOP: while(<INPUT>) {
    tr/\015//d;
    if (/\#\s?exit$/) {
	$clean_run=1;
	last;
    }
    if (/^Error:/) {
	print STDOUT ("$host clogin error: $_");
	print STDERR ("$host clogin error: $_") if ($debug);
	$clean_run=0;
	last;
    }
    while (/#\s*($cmds_regexp)\s*$/) {
	$cmd = $1;
	if (!defined($prompt)) {
	    $prompt = ($_ =~ /^([^#]+#)/)[0];
	    $prompt =~ s/([][}{)(\\])/\\$1/g;
	    print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
	}
	print STDERR ("HIT COMMAND:$_") if ($debug);
	if (! defined($commands{$cmd})) {
	    print STDERR "$host: found unexpected command - \"$cmd\"\n";
	    $clean_run = 0;
	    last TOP;
	}
	$rval = &{$commands{$cmd}}(*INPUT, *OUTPUT, $cmd);
	delete($commands{$cmd});
	if ($rval == -1) {
	    $clean_run = 0;
	    last TOP;
	}
    }
}
print STDOUT "Done $logincmd: $_\n" if ($log);
# Flush History
ProcessHistory("","","","");
# Cleanup
close(INPUT);
close(OUTPUT);

unlink("$host.raw") if (! $debug);

# check for completeness
if (scalar(%commands) || !$clean_run || !$found_end) {
    if (scalar(keys %commands) eq $commandcnt) {
	printf(STDERR "$host: missed cmd(s): all commands\n");
    } elsif (scalar(%commands)) {
	my($count, $i) = 0;
	for ($i = 0; $i < $#commands; $i++) {
	    if ($commands{$commands[$i]}) {
		if (!$count) {
		    printf(STDERR "$host: missed cmd(s): %s", $commands[$i]);
		} else {
		    printf(STDERR ", %s", $commands[$i]);
		}
		$count++;
	    }
	}
	if ($count) {
	    printf(STDERR "\n");
	}
    }
    if (!$clean_run || !$found_end) {
	print(STDERR "$host: End of run not found\n");
	if ($debug) {
	    print(STDERR "$host: clean_run is false\n") if (!$clean_run);
	    print(STDERR "$host: found_end is false\n") if (!$found_end);
	}
	system("/usr/bin/tail -1 $host.new");
    }
    unlink "$host.new" if (! $debug);
}
