Merge branch 'maint' into master

.gitignore

@@ -4,6 +4,7 @@ cscope.out
 nbproject/
 .kdev4/
 plugins.kdev4
+plugins.project
 
 # In all paths
 NP-VERSION-FILE

.travis.yml

@@ -0,0 +1,143 @@
+language: c
+
+sudo: true
+
+matrix:
+  include:
+    - os: linux
+      dist: trusty
+      addons:
+        apt:
+          sources:
+            - sourceline: 'deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted security universe multiverse'
+          update: true
+          packages:
+            - libdbi-dev
+            - libldap2-dev
+            - libpq-dev
+            - libmysqlclient-dev
+            - libfreeradius-client-dev
+            - libkrb5-dev
+            - libnet-snmp-perl
+            - procps
+            - fping
+            - libdbi0-dev
+            - libdbd-sqlite3
+            - libssl-dev
+            - libgnutls-dev
+            - dnsutils
+            - snmp-mibs-downloader
+            - libsnmp-perl
+            - snmpd
+            - iputils-ping
+            - fping
+            - snmp
+            - netcat
+            - smbclient
+            - fping
+            - pure-ftpd
+            - apache2
+            - postfix
+            - libhttp-daemon-ssl-perl
+            - slapd
+            - ldap-utils
+            - qstat
+      env:
+        - MATRIX_EVAL="CC=gcc && CXX=g++"
+
+    - os: linux
+      dist: trusty
+      addons:
+        apt:
+          sources:
+            - sourceline: 'deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted security universe multiverse'
+            - ubuntu-toolchain-r-test
+          update: true
+          packages:
+            - libdbi-dev
+            - libldap2-dev
+            - libpq-dev
+            - libmysqlclient-dev
+            - libfreeradius-client-dev
+            - libkrb5-dev
+            - libnet-snmp-perl
+            - procps
+            - fping
+            - libdbi0-dev
+            - libdbd-sqlite3
+            - libssl-dev
+            - libgnutls-dev
+            - dnsutils
+            - snmp-mibs-downloader
+            - libsnmp-perl
+            - snmpd
+            - iputils-ping
+            - fping
+            - snmp
+            - netcat
+            - smbclient
+            - fping
+            - pure-ftpd
+            - apache2
+            - postfix
+            - libhttp-daemon-ssl-perl
+            - slapd
+            - ldap-utils
+            - qstat
+            - g++-8
+      env:
+        - MATRIX_EVAL="CC=gcc-8 && CXX=g++-8"
+
+    - os: linux
+      dist: trusty
+      addons:
+        apt:
+          sources:
+            - sourceline: 'deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted security universe multiverse'
+            - llvm-toolchain-trusty-6.0
+            - ubuntu-toolchain-r-test
+          update: true
+          packages:
+            - libdbi-dev
+            - libldap2-dev
+            - libpq-dev
+            - libmysqlclient-dev
+            - libfreeradius-client-dev
+            - libkrb5-dev
+            - libnet-snmp-perl
+            - procps
+            - fping
+            - libdbi0-dev
+            - libdbd-sqlite3
+            - libssl-dev
+            - libgnutls-dev
+            - dnsutils
+            - snmp-mibs-downloader
+            - libsnmp-perl
+            - snmpd
+            - iputils-ping
+            - fping
+            - snmp
+            - netcat
+            - smbclient
+            - fping
+            - pure-ftpd
+            - apache2
+            - postfix
+            - libhttp-daemon-ssl-perl
+            - slapd
+            - ldap-utils
+            - qstat
+            - clang-6.0
+            - g++-4.9
+      env:
+        - MATRIX_EVAL="CC=clang-6.0 && CXX=clang++-6.0"
+
+before_install:
+  - eval "${MATRIX_EVAL}"
+
+script:
+  - ./autogen.sh --enable-libtap
+  - make
+  # This is not working. Should be fixed in another PR.
+  #- make test

CODING

@@ -136,7 +136,7 @@ $service_port instead of $ServicePort as the former is much more readable.
 -4, (use IPv4)
 -6, (use IPv6)
 
-Recommended, but not reserverd: 
+Recommended, but not reserved:
 
 -I, --ipaddress = STRING
 -C, --community = STRING
@@ -146,6 +146,6 @@ Recommended, but not reserverd:
 -P, --port = INT
 -u, --url = STRING (also --username if --url is not needed)
 
-Port really should alway be '-P' (uppercase) -- but the plugins
+Port really should always be '-P' (uppercase) -- but the plugins
 are currently inconsistent in that regard and may be hard to change
 as we do not want to break compatibility with earlier syntax.

Makefile.am

@@ -29,6 +29,9 @@ dist-hook:
 install-root:
 	cd plugins-root && $(MAKE) $@
 
+install-packager:
+	cd plugins-root && $(MAKE) $@
+
 test test-debug:
 	cd lib && $(MAKE) $@
 	if test "$(PERLMODS_DIR)" != ""; then cd perlmods && $(MAKE) $@; fi

NEWS

@@ -1,8 +1,53 @@
 This file documents the major additions and syntax changes between releases.
 
-2.2.x TBD
+
+2.3.0 xxxx-xx-xx
 	ENHANCEMENTS
-        check_ntp_time: Add support for monitoring stratum of timesources
+	Added directory plugins-python containing three Python plugins
+	Add plugin remove_perfdata to remove perfdata from specified plugin's output
+	Added warning_string/critical_string to struct thresholds for storing originally parsed strings
+	check_http: New parameter `--verify-host` will check if -H hostname matches the SSL certificate
+	check_ping: plugin output will now include hostname and IP address
+	check_disk_smb: Add configfile feature
+	check_apt: Add --only-critical switch
+	check_mailq: Add support for opensmtpd
+	check_mailq: Add mailq -C option for config dir or config file
+	check_disk: Add -s option to show status for each path/partition
+	check_disk: Add support for base-10 units kB, MB, GB, TB; rename base-2 units to KiB, MiB, GiB, TiB
+	check_mailq.pl: Add option for opensmtpd (brigriffin)
+	check_procs: Add FreeBSD jail support (Mathieu Arnold)
+	check_procs: Allow process to be excluded from check_procs (Marcel Klein)
+	check_ldap: Add support for checking LDAP cert age (Guillaume Rousse)
+	check_icmp: Add Jitter, MOS, Score (Alessandro Ren)
+	check_radius: Add calling-station-id (cejkar)
+	check_swap: Add --no-swap flag (Mario Trangoni)
+  check_ntp_time: Add support for monitoring stratum of timesources
+	ssl_utils: Added certificate expiry data in OK status (check_http, check_smtp, check_tcp) (Matt Capra)
+
+
+2.2.2 xxxx-xx-xx
+	FIXES
+	check_disk: autofs being mounted despite '-l'. Fixed, and also excluded some system "fake" mountpoints
+	check_ntp_time: Periodically returns "Socket timeout" when one of several ntp server doesn't respond
+	check_ntp_time calls `write` on a UDP socket without a successful call to `connect`
+	check_mysql_query & mysql_query: extra-opts causes crash
+	check_log does not check for "-O oldlog"
+	check_log lost ability to use regexes for query (-q) in 2.1.4
+	fix configure.ac for FreeBSD SWAPFORMAT
+	Fix --no-body
+	check_wave produces lots of errors if required arguments are not provided
+	check_disk_smb.pl added additional smb support
+	check_http Additional header/status checking
+	check_http When checking certificate, don't check content/status
+	Fix ax_with_python not crashing on Python3 (Michael Orlitzky)
+	Fix rpmbuild errors (Josh Coughlan)
+	check_ping: FreeBSD ping working natively
+	check_sensors: Fix fault test with --ignore-fault
+	check_snmp: Fix perfdata not adhering to plugin dev guidelines
+	check_snmp: warning/critical perfdata is returned properly
+	check_snmp: Fix --authpasswd option
+	check_dns: reverse (PTR) check is now case insensitive
+
 
 2.2.1 2017-04-19
 	FIXES
@@ -21,6 +66,7 @@ This file documents the major additions and syntax changes between releases.
 	check_mailq: Nullmailer Regex is not working for Ubuntu 16.04
 	check_swap: Downstream Fedora patch: Prevent check_swap from returning OK, if no swap activated
 	Building RPMs on Amazon Linux - Add 'install-root' on line 165 of spec file
+	check_http: Memory allocation error
 
 
 2.2.0 2017-01-19
@@ -120,20 +166,20 @@ This file documents the major additions and syntax changes between releases.
 	check_dig honor the -4 and -6 switches
 	check_ntp_peer: do not use uninitialized results for max state
 	check_log.sh, check_oracle.sh, check_sensors.sh: Setting PATH at first
-	check_log.sh: droping path from basename while evaluating PROGNAME
+	check_log.sh: dropping path from basename while evaluating PROGNAME
 	check_tcp: Fix check_jabber to work with Openfire servers
 	check_ifstatus.pl: Fix "-n" and "-u" options to ignore if either is set, not just both
 	check_mrtgtraf: Fix perfdata to comply with perfdata UOM definition
 	check_real, check_ntp: fix null termination
 	check_apt: fix memset
-	check_ssh: change warning to critical for protocal/version errors
+	check_ssh: change warning to critical for protocol/version errors
 	utils_cmd.c: avoid a segfault, if ulimit is set to unlimited
 	utils_cmd.c: make constants from maxfd values
 	configure.ac: Added particular ps command for HP-UX
 	check_disk: Fix pthread start routine type
 	check_http: Make header_value() and chunked-encoding decoding more robust
 	check_http: fix Host header if explicitly set with -k
-	sslutils.c: Forcing furter restriction of ciphers for current security concerns
+	sslutils.c: Forcing further restriction of ciphers for current security concerns
 	check_nagios, check_procs: Enable check_proc to monitor processes in PID name-spaced environments.
 	check_dhcp.c: use /dev/urandom if available
 	check_http.c: Don't decode page if it's not there
@@ -171,7 +217,7 @@ This file documents the major additions and syntax changes between releases.
 	test.pl.in: Use "C" locale when running test suite
 	check_http.t: Adjust date strings to the now-localized output
 	check_dns.t - Fix Perl Warning. perl doesn't understand /d within "".
-	check_snmp.t: skip extented snmp tests if snmpd has no perl support
+	check_snmp.t: skip extended snmp tests if snmpd has no perl support
 	check_snmp.t: fix snmp test for included threshold
 	check_http.t: fix tests for certificates expire date with seconds
 	check_http.t: add faketime based tests for check_http
@@ -264,7 +310,7 @@ This file documents the major additions and syntax changes between releases.
 	check_nt.c - Changed 'Mb' to 'MB' in MEMUSE output for clarity (abrist)
 
 2.0.1 15th April 2014
-	ENHANCMENTS
+	ENHANCEMENTS
 	check_snmp.c - Added thresholds to performance data (jccomputing)
 	check_http.c - Added */* MIME support (Alex Gottschalk)
 	check_mailq.pl - Added autodetection for mailq implementation (evgeni)
@@ -374,10 +420,10 @@ This file documents the major additions and syntax changes between releases.
 	New check_procs -k option to ignore kernel threads (on Linux)
 	Let check_procs use /proc/<PID>/exe (if available) instead of getpid(2), unless -T is specified
 	Let check_mysql support SSL
-	Let check_mysql add perfromance metrics for all checks
+	Let check_mysql add performance metrics for all checks
 	New check_mysql -f option to specify a client options file
 	New check_mysql -g option to specify a client options group
-	New check_snmp --offset option to allow for adding/substracting an offset value to sensor data
+	New check_snmp --offset option to allow for adding/subtracting an offset value to sensor data
 	Let check_snmp support an arbitrary number of OIDs
 	Let check_ide_smart support NetBSD
 
@@ -392,7 +438,7 @@ This file documents the major additions and syntax changes between releases.
 	Fix deprecated imports of check_nmap.py (Fabio Rueda)
 
 	WARNINGS
-	check_http behaviour of -k/--header changed since it does not seperate multiple headers by semicolons anymore. Use multiple -k switches instead.
+	check_http behaviour of -k/--header changed since it does not separate multiple headers by semicolons anymore. Use multiple -k switches instead.
 	check_http's --proxy_authorization option is now called --proxy-authorization (it was always documented this way)
 	The contrib directory has been removed from this distribution
 
@@ -543,7 +589,7 @@ This file documents the major additions and syntax changes between releases.
 	check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help
 	check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers)
 	check_mysql and check_radius now try clearing password in processlist just like check_mysql_query
-	check_mysql and check_mysql_query now support sockets explicitely (-s, --socket)
+	check_mysql and check_mysql_query now support sockets explicitly (-s, --socket)
 	negate now has the ability to replace the status text as well (-s, --substitute)
 	Added performance data to check_ping (Christian Schneemann)
 	Added support for --extra-opts in all C plugins (disabled by default, see configure --help)
@@ -583,7 +629,7 @@ This file documents the major additions and syntax changes between releases.
 	New check_disk option -L: Only check local filesystems, but call stat() on remote ones, too.
 	  Thus accessibility of remote filesystems can be checked without any threshold comparison.
 	Check_disk's --help now prints some examples for the new features introduced in 1.4.8
-	New check_disk -i/-I option to ignore pathes/partitions based on regular expressions
+	New check_disk -i/-I option to ignore paths/partitions based on regular expressions
 	New check_disk -A option to select all filesystems explicitly
 	WARNING: check_disk's -E option must now be passed before -p or -r/-R arguments
 	  Passing -E after -p or -r results in UNKNOWN state, now

NPTest.pm

@@ -209,7 +209,7 @@ under the same terms as the Nagios Plugins release.
 
 my( %CACHE ) = ();
 
-# I'm not really sure wether to house a site-specific cache inside
+# I'm not really sure whether to house a site-specific cache inside
 # or outside of the extracted source / build tree - lets default to outside
 my( $CACHEFILENAME ) = ( exists( $ENV{'NPTEST_CACHE'} ) && $ENV{'NPTEST_CACHE'} )
                        ? $ENV{'NPTEST_CACHE'} : "/var/tmp/NPTest.cache"; # "../Cache.pdd";

ROADMAP

@@ -41,7 +41,7 @@ GNU getopt.
 
 Bu I would like to urge that all standard plugins contain
 validate_arguments(). I think this will help convey the idea that
-validations hould be done, even if we don't insist on the specific
+validations should be done, even if we don't insist on the specific
 extent that each plugin must do that validation.
 
 This is the set of standard options I envision:
@@ -53,15 +53,15 @@ Reserved:
 -v, --verbose
 -q, --quiet
 -t, --timeout = INTEGER (senonds)
--c, --critical = (INT|FLOAT|RANGE|LIST) 
+-c, --critical = (INT|FLOAT|RANGE|LIST)
 -w, --warning = (INT|FLOAT|RANGE|LIST)
 -H, --hostname = STRING
--F, --file = STRING (usually input) 
--O, --output = STRING (output file) 
+-F, --file = STRING (usually input)
+-O, --output = STRING (output file)
 -4, (Use IPv4)
 -6, (Use IPv6)
 
-Recommended, but not reserverd: 
+Recommended, but not reserved:
 
 -I, --ipaddress = STRING
 -C, --community = STRING
@@ -71,7 +71,7 @@ Recommended, but not reserverd:
 -P, --port = INT
 -u, --url = STRING (also --username if --url is not needed)
 
-I am suggesting that port alway be '-P' (uppercase) -- we are
+I am suggesting that port always be '-P' (uppercase) -- we are
 currently inconsistent in that regard.
 
 I am also adding '-q' for silent running. This is totally self
@@ -89,7 +89,7 @@ Programming:
   length character assignments, at least to the extent possible,
   from the C-based plugins. To that end, I have made strscpy and
   friends in utils.c -- I'd like to deploy them. I have comments 
-  that there is alot of duplicated code, and techniques used that
+  that there is a lot of duplicated code, and techniques used that
   should be cleaned up. Details in a separate thread.
 
 Remote checks:

THANKS.in

@@ -1,3 +1,4 @@
+2005wind
 Abid Rasheed
 Adrian Murphy
 Adrian Wieczorek
@@ -18,6 +19,7 @@ Andreas Ericsson
 Andreas Seemueller
 Andrew Berglund
 Andrew Elwell
+Andrew Penniman
 Andrew Widdersheim
 Andy Brist
 Andy Doran
@@ -38,27 +40,33 @@ Bill Blough
 Bill Kunkel
 Bo Kersey
 Bob Ingraham
+BornToBeRoot
 Booker C. Bense
 Bradley Baetz
 Brian De Wolf
 Brian Landers
+brigriffin
 Bryan Irvine
 Carlos Canau
 Carole Verdon
+cejkar
 Charles-Henri Larose
 Charlie Cook
 Chester Hosey
 Chris Grim
+Chris Heath
 Chris Pepper
 Chris Wilson
 Christian G Warden
 Christian Mies
+Christian Schmidt
 Christian Schneemann
 Christoph Kron
 Christoph Schell
 Christopher Maser
 Christopher Schultz
 Cire Iriarte
+Claudio Kuenzler
 Cliff Rice
 Collin Fair
 Cove Schneider
@@ -120,6 +128,7 @@ Gianluca Varisco
 Grant Byers
 Greg Bowser
 Guenther Mair
+Guillaume Rousse
 Gunnar Beutner
 Gunnar Hellekson
 Guy Van Den Bergh
@@ -175,6 +184,7 @@ John Rouillard
 John Sivak
 John Warburton
 Jon Hallett
+Jon Stockton
 Jon Vandegrift
 Jonas Genannt
 Jonas Genannt
@@ -182,6 +192,7 @@ Jonathan Milby
 Jonathan Rozes
 Joseph Gooch
 Josip Rodin
+Josh Coughlan
 Juan Carlos Fernandez
 Julien Touche
 Julius Kriukas
@@ -197,10 +208,13 @@ Konstantin Khomoutov
 Kyle Tucker
 Lance Albertson
 Larry Low
+Lars Michelsen
 Lars Stavholm
 Lars Vogdt
 Laurent Licour
 Laurent Vaslin
+Lee Clemens
+Leonid Vasiliev
 Lionel Cons
 Lonny Selinger
 Luca Corti
@@ -210,11 +224,13 @@ Lynne Lawrence
 Marc Huffnagle
 Marc Poulin
 Marc Remy
+Marcel Klein
 Marcel Kuiper
 Marco Beck
 Marcos Della
 Mario Trangoni
 Mario Witte
+Mark A. Ziesemer
 Mark Favas
 Mark Jewiss
 Mark Keisler
@@ -222,7 +238,9 @@ Markus Baertschi
 Marlo Bell
 Martin Foster
 Matej Vela
+Mathieu Arnold
 Mathieu Masseboeuf
+Matt Capra
 Matt Garrett
 Matt Perry
 Matt Pounsett
@@ -241,14 +259,16 @@ Michael Bakker
 Michael Haro
 Michael Markstaller
 Michael Musikhin
+Michael Orlitzky
 Michael Tiernan
 Mikael Falkvidd
 Mike Emigh
 Mike McHenry
+mwennrich
 Myke Place
 Nathan Shafer
 Neil Prockter
-Nick Peelman
+Nick Fox
 Nick Peelman
 Nik Soggia
 Nikita Kalabukhov
@@ -284,7 +304,9 @@ Peter Pramberger
 Phil Dibowitz
 Phil Randal
 Peter (pirtoo)
+pieska
 Ragnar Hojland Espinosa
+Rahul Golam
 Rainer Duffner
 Ralph Rye
 Randy O'Meara
@@ -303,6 +325,7 @@ Robert Dale
 Roberto Greiner
 Robin Sonefors
 Rodger Allen
+Roger Niesten
 Rok Debevc
 Roman Fiedler
 Ronald Tin
@@ -345,8 +368,10 @@ StoneISStephan
 Stuart Webster
 Stéphane Bortzmeyer
 Stéphane Urbanovski
+Subito
 Sven Meyer
 Sven Schaffranneck
+Syl Robataille
 Thomas Nilsen
 Thomas Schimpke
 Tilman Koschnick
@@ -360,6 +385,7 @@ Tom Shields
 Tomasz Pilat
 Torsten Werner
 Trevor McDonald
+Troy Lea
 Truongchinh Nguyen
 Vaclav Ovsik
 Valdimir Ivaschenko

build-aux/ltmain.sh

@@ -522,7 +522,7 @@ func_mkdir_p ()
       # While some portion of DIR does not yet exist...
       while test ! -d "$my_directory_path"; do
         # ...make a list in topmost first order.  Use a colon delimited
-	# list incase some portion of path contains whitespace.
+        # list in case some portion of path contains whitespace.
         my_dir_list="$my_directory_path:$my_dir_list"
 
         # If the last portion added has no slash in it, the list is done

configure.ac

@@ -786,6 +786,16 @@ then
 	ac_cv_ps_cols=10
 	AC_MSG_RESULT([$ac_cv_ps_command])
 
+dnl jails on FreeBSD:
+elif ps -axwo 'stat comm vsz rss user uid pid ppid jid args' 2>/dev/null | \
+	egrep -i "^ *STAT +COMMAND +VSZ +RSS +USER +UID +PID +PPID +JID +COMMAND" > /dev/null
+then
+	ac_cv_ps_varlist="procstat,&procuid,&procpid,&procppid,&procjid,&procvsz,&procrss,&procpcpu,procprog,&pos"
+	ac_cv_ps_command="$PATH_TO_PS -axwo 'stat uid pid ppid jid vsz rss pcpu comm args'"
+	ac_cv_ps_format="%s %d %d %d %d %d %d %f %s %n"
+	ac_cv_ps_cols=10
+	AC_MSG_RESULT([$ac_cv_ps_command])
+
 dnl Some gnu/linux systems (debian for one) don't like -axwwo and need axwwo.
 dnl so test for this first...
 elif ps axwwo 'stat comm vsz rss user uid pid ppid args' 2>/dev/null | \
@@ -924,7 +934,7 @@ elif ps -Ao 's comm vsz rss uid user pid ppid args' 2>/dev/null | \
 then
 	ac_cv_ps_varlist="[procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procprog,&pos]"
 	ac_cv_ps_command="$PATH_TO_PS -Ao 's uid pid ppid vsz rss pcpu comm args'"
-	# There must be no space between the %s and %n due to a wierd problem in sscanf where
+	# There must be no space between the %s and %n due to a weird problem in sscanf where
 	# it will return %n as longer than the line length
 	ac_cv_ps_format="%s %d %d %d %d %d %f %s%n"
 	ac_cv_ps_cols=9
@@ -1055,6 +1065,10 @@ if test -n "$ac_cv_ps_varlist" ; then
 		AC_DEFINE(PS_USES_PROCETIME,"yes",
 		          [Whether the ps utility uses the "procetime" field])
 	fi
+	if echo "$ac_cv_ps_varlist" | grep "procpcpu" >/dev/null; then
+		AC_DEFINE(PS_USES_PROCPCPU,"yes",
+		          [Whether the ps utility uses the "procpcpu" field])
+	fi
 fi
 
 AC_PATH_PROG(PATH_TO_PING,ping)
@@ -1065,6 +1079,12 @@ AC_ARG_WITH(ping_command,
 		[sets syntax for ICMP ping]),
 	with_ping_command=$withval,)
 
+dnl AS I WAS LOOKING INTO THIS... (Bryan Heden 09/2017)
+dnl Ping packets first was a bit confusing
+dnl it doesn't actually mean "packet count first"
+dnl it means packets come before specifying host
+dnl If a timeout is specified, that comes first
+
 AC_MSG_CHECKING(for ICMP ping syntax)
 ac_cv_ping_packets_first=no
 ac_cv_ping_has_timeout=no
@@ -1114,6 +1134,14 @@ then
 	ac_cv_ping_packets_first=yes
 	AC_MSG_RESULT([$with_ping_command])
 
+elif $PATH_TO_PING -n -t 10 -c 1 127.0.0.1 2>/dev/null | \
+  egrep -i "^round-trip|^rtt" >/dev/null
+then
+  with_ping_command="$PATH_TO_PING -n -t %d -c %d %s"
+  ac_cv_ping_packets_first=yes
+  ac_cv_ping_has_timeout=yes
+  AC_MSG_RESULT([$with_ping_command])
+
 elif $PATH_TO_PING -n -c 1 127.0.0.1 2>/dev/null | \
 	egrep -i "^round-trip|^rtt" >/dev/null
 then
@@ -1230,6 +1258,14 @@ elif test "x$PATH_TO_PING6" != "x"; then
 		ac_cv_ping6_packets_first=yes
 		AC_MSG_RESULT([$with_ping6_command])
 
+  elif $PATH_TO_PING6 -n -X 10 -c 1 ::1 2>/dev/null | \
+    egrep -i "^round-trip|^rtt" >/dev/null
+  then
+    with_ping6_command="$PATH_TO_PING6 -n -X %d -c %d %s"
+    ac_cv_ping6_packets_first=yes
+    ac_cv_ping_has_timeout=yes
+    AC_MSG_RESULT([$with_ping6_command])
+
 	elif $PATH_TO_PING6 -n -c 1 ::1 2>/dev/null | \
 		egrep -i "^round-trip|^rtt" >/dev/null
 	then
@@ -1266,7 +1302,7 @@ elif test "x$PATH_TO_PING6" != "x"; then
 	then
 		with_ping6_command="$PATH_TO_PING6 -n -s 56 -c %d %s"
 		ac_cv_ping6_packets_first=yes
-		AC_MSG_RESULT([$with_ping_command])
+		AC_MSG_RESULT([$with_ping6_command])
 
 	elif $PATH_TO_PING6 -n -c 1 ::1 2>/dev/null | \
 		egrep -i "^round-trip|^rtt" >/dev/null
@@ -1329,7 +1365,7 @@ elif test "x$PATH_TO_PING" != "x"; then
 	then
 		with_ping6_command="$PATH_TO_PING -A inet6 -n -s 56 -c %d %s"
 		ac_cv_ping6_packets_first=yes
-		AC_MSG_RESULT([$with_ping_command])
+		AC_MSG_RESULT([$with_ping6_command])
 
 	elif $PATH_TO_PING -A inet6 -n -c 1 ::1 2>/dev/null | \
 		egrep -i "^round-trip|^rtt" >/dev/null
@@ -1532,7 +1568,7 @@ if test -n "$PATH_TO_SUDO"
 then
 	AC_DEFINE_UNQUOTED(PATH_TO_SUDO,"$PATH_TO_SUDO",[path to sudo])
 else
-	AC_MSG_WARN([Could not find sudo or eqivalent])
+	AC_MSG_WARN([Could not find sudo or equivalent])
 fi
 
 AC_PATH_PROG(PATH_TO_MAILQ,mailq)
@@ -1543,7 +1579,7 @@ if test -n "$PATH_TO_MAILQ"
 then
 	AC_DEFINE_UNQUOTED(PATH_TO_MAILQ,"$PATH_TO_MAILQ",[path to mailq])
 else
-	AC_MSG_WARN([Could not find mailq or eqivalent])
+	AC_MSG_WARN([Could not find mailq or equivalent])
 fi
 
 AC_PATH_PROG(PATH_TO_QMAIL_QSTAT,qmail-qstat)
@@ -1557,6 +1593,17 @@ else
 	AC_MSG_WARN([Could not find qmail-qstat or equivalent])
 fi
 
+AC_PATH_PROG(PATH_TO_SMTPCTL,smtpctl)
+AC_ARG_WITH(smtpctl_command,
+            ACX_HELP_STRING([--with-smtpctl-command=PATH],
+                            [sets path to smtpctl]), PATH_TO_SMTPCTL=$withval)
+if test -n "$PATH_TO_SMTPCTL"
+then
+	AC_DEFINE_UNQUOTED(PATH_TO_SMTPCTL,"$PATH_TO_SMTPCTL",[path to smtpctl])
+else
+	AC_MSG_WARN([Could not find smtpctl or equivalent])
+fi
+
 dnl SWAP info required is amount allocated/available and amount free
 dnl The plugin works through all the swap devices and adds up the total swap
 dnl available.
@@ -1602,7 +1649,7 @@ then
 
 	if [$PATH_TO_SWAPINFO -k 2>/dev/null | egrep -i "^Device +1K-blocks +Used +Avail" >/dev/null]
 	then
-		ac_cv_swap_format=["%*s %f %*d %f"]
+		ac_cv_swap_format=["%*s %lf %*d %lf"]
 		ac_cv_swap_conv=1024
 		AC_MSG_RESULT([using FreeBSD format swapinfo])
 	fi
@@ -1815,7 +1862,7 @@ AM_GNU_GETTEXT([external], [need-ngettext])
 AM_GNU_GETTEXT_VERSION(0.15)
 
 dnl Check for Redhat spopen problem
-dnl Wierd problem where ECHILD is returned from a wait call in error
+dnl Weird problem where ECHILD is returned from a wait call in error
 dnl Only appears to affect nslookup and dig calls. Only affects redhat around
 dnl 2.6.9-11 (okay in 2.6.9-5). Redhat investigating root cause
 dnl We patch plugins/popen.c

doc/developer-guidelines.sgml

@@ -373,7 +373,7 @@
 			<listitem><para>s - seconds (also us, ms)</para></listitem>
 			<listitem><para>% - percentage</para></listitem>
 			<listitem><para>B - bytes (also KB, MB, TB)</para></listitem>
-			<listitem><para>c - a continous counter (such as bytes
+			<listitem><para>c - a continuous counter (such as bytes
 				transmitted on an interface)</para></listitem>
 			</orderedlist>
 			</listitem>
@@ -396,7 +396,7 @@
 		<section><title>Don't execute system commands without specifying their
 		full path</title>
 		<para>Don't use exec(), popen(), etc. to execute external
-		commands without explicity using the full path of the external
+		commands without explicitly using the full path of the external
 		program.</para>
 
 		<para>Doing otherwise makes the plugin vulnerable to hijacking
@@ -651,7 +651,7 @@
 	  <para>If possible when writing lists, use tokens to make the
 	  list easy to remember and non-order dependent - so
 	  check_disk uses '-c 10000,10%' so that it is clear which is
-	  the precentage and which is the KB values (note that due to
+	  the percentage and which is the KB values (note that due to
 	  my own lack of foresight, that used to be '-c 10000:10%' but
 	  such constructs should all be changed for consistency,
 	  though providing reverse compatibility is fairly
@@ -682,7 +682,7 @@ all the current tests and report an overall success rate.
 <para>These use perl's Test::More. To do a one time test, run "cd plugins && perl t/check_disk.t".
 </para>
 
-<para>There will somtimes be failures seen in this output which are known failures that
+<para>There will sometimes be failures seen in this output which are known failures that
 need to be fixed. As long as the return code is 0, it will be reported as "test pass".
 (If you have a fix so that the specific test passes, that will be gratefully received!)
 </para>
@@ -842,7 +842,7 @@ update the THANKS.in file.</para>
 	  <para>It is determined to be not redundant (for instance, we would not 
 		add a new version of check_disk just because someone had provide 
 		a plugin that had perf checking - we would incorporate the features 
-		into an exisiting plugin)</para>
+		into an existing plugin)</para>
 	</listitem>
 	<listitem>
 	  <para>One of the developers has had the time to audit the code and declare

gl/m4/libtool.m4

@@ -604,7 +604,7 @@ m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
 # LT_OUTPUT
 # ---------
 # This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
+# AC_OUTPUT is called), in case it is used in configure for compilation
 # tests.
 AC_DEFUN([LT_OUTPUT],
 [: ${CONFIG_LT=./config.lt}
@@ -641,7 +641,7 @@ configured by $[0], generated by m4_PACKAGE_STRING.
 
 Copyright (C) 2011 Free Software Foundation, Inc.
 This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
+gives unlimited permission to copy, distribute and modify it."
 
 while test $[#] != 0
 do

gl/m4/ltsugar.m4

@@ -75,7 +75,7 @@ m4_define([lt_combine],
 
 # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
 # -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
+# If MACRO-NAME does not yet contain VARNAME, then append it (delimited
 # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
 m4_define([lt_if_append_uniq],
 [m4_ifdef([$1],

gl/mountlist.h

@@ -30,7 +30,7 @@ struct mount_entry
   char *me_type;                /* "nfs", "4.2", etc. */
   dev_t me_dev;                 /* Device number of me_mountdir. */
   unsigned int me_dummy : 1;    /* Nonzero for dummy file systems. */
-  unsigned int me_remote : 1;   /* Nonzero for remote fileystems. */
+  unsigned int me_remote : 1;   /* Nonzero for remote filesystems. */
   unsigned int me_type_malloced : 1; /* Nonzero if me_type was malloced. */
   struct mount_entry *me_next;
 };

gl/regexec.c

@@ -2269,7 +2269,7 @@ sift_states_iter_mb (const re_match_context_t *mctx, re_sift_context_t *sctx,
 			    dfa->nexts[node_idx]))
     /* The node can't accept the "multi byte", or the
        destination was already thrown away, then the node
-       could't accept the current input "multi byte".   */
+       couldn't accept the current input "multi byte".   */
     naccepted = 0;
   /* Otherwise, it is sure that the node could accept
      'naccepted' bytes input.  */

lib/extra_opts.c

@@ -93,14 +93,14 @@ char **np_extra_opts(int *argc, char **argv, const char *plugin_name){
 			/* append the list to extra_args */
 			if(extra_args==NULL){
 				extra_args=ea1;
-				while(ea1=ea1->next) ea_num++;
+				while((ea1=ea1->next)) ea_num++;
 			}else{
 				ea_tmp=extra_args;
 				while(ea_tmp->next) {
 					ea_tmp=ea_tmp->next;
 				}
 				ea_tmp->next=ea1;
-				while(ea1=ea1->next) ea_num++;
+				while((ea1=ea1->next)) ea_num++;
 			}
 			ea1=ea_tmp=NULL;
 		}

lib/parse_ini.c

@@ -79,10 +79,11 @@ static char* default_file_in_path(void);
 
 /* parse_locator decomposes a string of the form
  * 	[stanza][@filename]
- * into its seperate parts
+ * into its separate parts
  */
 static void parse_locator(const char *locator, const char *def_stanza, np_ini_info *i){
 	size_t locator_len=0, stanza_len=0;
+	char *dflt = NULL;
 
 	/* if locator is NULL we'll use default values */
 	if(locator){
@@ -102,7 +103,9 @@ static void parse_locator(const char *locator, const char *def_stanza, np_ini_in
 	}
 	/* if there is no @file part */
 	if(stanza_len==locator_len){
-		i->file=default_file();
+		dflt=default_file();
+		if (dflt)
+			i->file=strdup(dflt);
 	} else {
 		i->file=strdup(&(locator[stanza_len+1]));
 	}
@@ -184,7 +187,7 @@ static int read_defaults(FILE *f, const char *stanza, np_arg_list **opts){
 		/* gobble up leading whitespace */
 		if(isspace(c)) continue;
 		switch(c){
-			/* globble up coment lines */
+			/* globble up comment lines */
 			case ';':
 			case '#':
 				GOBBLE_TO(f, c, '\n');

lib/tests/test_cmd.c

@@ -180,7 +180,7 @@ main (int argc, char **argv)
 	result = cmd_run (command, &chld_out, &chld_err, 0);
 
 	ok (chld_out.lines == 0,
-			"Non existant command, so no output");
+			"Non existent command, so no output");
 	ok (chld_err.lines == 0,
 			"No stderr either");
 	ok (result == 3, "Get return code 3 (?) for non-existant command");

lib/tests/test_disk.c

@@ -88,10 +88,10 @@ main (int argc, char **argv)
 		                  cflags, 3,strdup("regex on dev names:"));
 	np_test_mount_entry_regex(dummy_mount_list, strdup("/foo"),
 		                  cflags, 0,
-			 	  strdup("regex on non existant dev/path:"));
+			 	  strdup("regex on non existent dev/path:"));
 	np_test_mount_entry_regex(dummy_mount_list, strdup("/Foo"),
 		                  cflags | REG_ICASE,0,
-			 	  strdup("regi on non existant dev/path:"));
+			 	  strdup("regi on non existent dev/path:"));
 	np_test_mount_entry_regex(dummy_mount_list, strdup("/c.t0"),
 		                  cflags, 3,
 			 	  strdup("partial devname regex match:"));

lib/tests/test_utils.c

@@ -394,7 +394,7 @@ main (int argc, char **argv)
 	ok( temp_state_data==NULL, "Older data version gives NULL" );
 	temp_state_key->data_version=54;
 
-	temp_state_key->_filename="var/nonexistant";
+	temp_state_key->_filename="var/nonexistent";
 	temp_state_data = np_state_read();
 	ok( temp_state_data==NULL, "Missing file gives NULL" );
 	ok( this_nagios_plugin->state->state_data==NULL, "No state information" );

lib/utils_base.c

@@ -164,18 +164,22 @@ _set_thresholds(thresholds **my_thresholds, char *warn_string, char *critical_st
 
 	temp_thresholds->warning = NULL;
 	temp_thresholds->critical = NULL;
+	temp_thresholds->warning_string = NULL;
+	temp_thresholds->critical_string = NULL;
 
 	if (warn_string) {
 		if (!(temp_thresholds->warning = parse_range_string(warn_string))) {
 			free(temp_thresholds);
 			return NP_RANGE_UNPARSEABLE;
 		}
+		temp_thresholds->warning_string = strdup(warn_string);
 	}
 	if (critical_string) {
 		if (!(temp_thresholds->critical = parse_range_string(critical_string))) {
 			free(temp_thresholds);
 			return NP_RANGE_UNPARSEABLE;
 		}
+		temp_thresholds->critical_string = strdup(critical_string);
 	}
 
 	*my_thresholds = temp_thresholds;
@@ -204,11 +208,17 @@ void print_thresholds(const char *threshold_name, thresholds *my_threshold) {
 	} else {
 		if (my_threshold->warning) {
 			printf("Warning: start=%g end=%g; ", my_threshold->warning->start, my_threshold->warning->end);
+			if (my_threshold->warning_string) {
+				printf("Warning String: %s; ", my_threshold->warning_string);
+			}
 		} else {
 			printf("Warning not set; ");
 		}
 		if (my_threshold->critical) {
 			printf("Critical: start=%g end=%g", my_threshold->critical->start, my_threshold->critical->end);
+			if (my_threshold->critical_string) {
+				printf("Critical String: %s; ", my_threshold->critical_string);
+			}
 		} else {
 			printf("Critical not set");
 		}
@@ -325,20 +335,20 @@ char *np_extract_value(const char *varlist, const char *name, char sep) {
 
 	while (1) {
 		/* Strip any leading space */
-		for (varlist; isspace(varlist[0]); varlist++);
+		for (; isspace(varlist[0]); varlist++);
 
 		if (!strncmp(name, varlist, strlen(name))) {
 			varlist += strlen(name);
 			/* strip trailing spaces */
-			for (varlist; isspace(varlist[0]); varlist++);
+			for (; isspace(varlist[0]); varlist++);
 
 			if (varlist[0] == '=') {
 				/* We matched the key, go past the = sign */
 				varlist++;
 				/* strip leading spaces */
-				for (varlist; isspace(varlist[0]); varlist++);
+				for (; isspace(varlist[0]); varlist++);
 
-				if (tmp = index(varlist, sep)) {
+				if ((tmp = index(varlist, sep))) {
 					/* Value is delimited by a comma */
 					if (tmp-varlist == 0) continue;
 					value = (char *)calloc(1, tmp-varlist+1);
@@ -354,7 +364,7 @@ char *np_extract_value(const char *varlist, const char *name, char sep) {
 				break;
 			}
 		}
-		if (tmp = index(varlist, sep)) {
+		if ((tmp = index(varlist, sep))) {
 			/* More keys, keep going... */
 			varlist = tmp + 1;
 		} else {

lib/utils_base.h

@@ -28,6 +28,8 @@ typedef struct range_struct {
 typedef struct thresholds_struct {
 	range	*warning;
 	range	*critical;
+	char    *warning_string;
+	char    *critical_string;
 	} thresholds;
 
 #define NP_STATE_FORMAT_VERSION 1

lib/utils_cmd.c

@@ -298,7 +298,6 @@ _cmd_fetch_output (int fd, output * op, int flags)
 int
 cmd_run (const char *cmdstring, output * out, output * err, int flags)
 {
-	int fd, pfd_out[2], pfd_err[2];
 	int i = 0, argc;
 	size_t cmdlen;
 	char **argv = NULL;

lib/utils_disk.h

@@ -26,7 +26,7 @@ struct parameter_list
   struct parameter_list *name_next;
   uintmax_t total, available, available_to_root, used, inodes_free, inodes_total;
   double dfree_pct, dused_pct;
-  double dused_units, dfree_units, dtotal_units;
+  uintmax_t dused_units, dfree_units, dtotal_units;
   double dused_inodes_percent, dfree_inodes_percent;
 };
 

m4/ax_with_python.m4

@@ -46,7 +46,7 @@ AC_DEFUN([AX_WITH_PYTHON],
     if test "$PYTHON" != "m4_ifval([$2],[$2],[python])"
     then
       AC_MSG_CHECKING($PYTHON version >= $1)
-      if test `$PYTHON -c ["import sys; print sys.version[:3] >= \"$1\" and \"OK\" or \"OLD\""]` = "OK"
+      if test `$PYTHON -c ["import sys; print(sys.version[:3] >= \"$1\" and \"OK\" or \"OLD\")"]` = "OK"
       then
         AC_MSG_RESULT(ok)
       else

m4/np_mysqlclient.m4

@@ -65,7 +65,7 @@ AC_DEFUN([np_mysqlclient],
   fi
 ])
 
-dnl Will take $1, find last occurrance of -LDIR and add DIR to LD_RUN_PATH
+dnl Will take $1, find last occurrence of -LDIR and add DIR to LD_RUN_PATH
 AC_DEFUN([np_add_to_runpath], 
 [
   dnl Need [[ ]] so autoconf gives us just one set

nagios-plugins.spec.in

@@ -162,11 +162,12 @@ fi
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make AM_INSTALL_PROGRAM_FLAGS="" DESTDIR=${RPM_BUILD_ROOT} install install-root
+make AM_INSTALL_PROGRAM_FLAGS="" DESTDIR=${RPM_BUILD_ROOT} install
+make AM_INSTALL_PROGRAM_FLAGS="" DESTDIR=${RPM_BUILD_ROOT} install-packager
 %find_lang %{name}
 echo "%defattr(755,%{npusr},%{npgrp})" >> %{name}.lang
 comm -13 %{npdir}/ls-plugins-before %{npdir}/ls-plugins-after | egrep -v "\.o$|^\." | gawk -v libexecdir=%{_libexecdir} '{printf( "%s/%s\n", libexecdir, $0);}' >> %{name}.lang
-echo "%defattr(755,root,root)" >> %{name}.lang
+echo "%defattr(4555,root,%{npgrp})" >> %{name}.lang
 comm -13 %{npdir}/ls-plugins-root-before %{npdir}/ls-plugins-root-after | egrep -v "\.o$|^\." | gawk -v libexecdir=%{_libexecdir} '{printf( "%s/%s\n", libexecdir, $0);}' >> %{name}.lang
 echo "%defattr(755,%{npusr},%{npgrp})" >> %{name}.lang
 comm -13 %{npdir}/ls-plugins-scripts-before %{npdir}/ls-plugins-scripts-after | egrep -v "\.o$|^\." | gawk -v libexecdir=%{_libexecdir} '{printf( "%s/%s\n", libexecdir, $0);}' >> %{name}.lang

plugins-python/Makefile.am

@@ -0,0 +1,47 @@
+## Process this file with automake to produce Makefile.in
+
+if RELEASE_PRESENT
+NP_VERSION = @NP_RELEASE@
+else
+NP-VERSION-FILE: .FORCE-NP-VERSION-FILE
+	@$(SHELL_PATH) $(top_srcdir)/NP-VERSION-GEN
+.FORCE-NP-VERSION-FILE:
+-include NP-VERSION-FILE
+endif
+
+SUFFIXES = .py .in
+
+VPATH=$(top_srcdir) $(top_srcdir)/plugins-python
+
+libexec_SCRIPTS = check_heartbleed.py  check_imap_login.py check_ncpa.py
+
+EXTRA_DIST=check_heartbleed.in  check_imap_login.in  check_ncpa.in
+
+EDIT = sed \
+  -e 's|[@]NP_VERSION[@]|$(NP_VERSION)|g' \
+  -e 's|[@]TRUSTED_PATH[@]|$(with_trusted_path)|g' \
+  -e 's|[@]PYTHON[@]|$(PYTHON)|g' \
+  -e 's|[@]libexecdir[@]|$(libexecdir)|g'
+
+#TESTS_ENVIRONMENT=perl -I $(top_builddir) -I $(top_srcdir)
+
+#TESTS = @SCRIPT_TEST@
+
+#test:
+#	perl -I $(top_builddir) -I $(top_srcdir) ../test.pl
+#	perl -I $(top_builddir) -I $(top_srcdir) ../test.pl t/utils.t	# utils.t is excluded from above, so manually ask to test
+
+#test-debug:
+#	NPTEST_DEBUG=1 HARNESS_VERBOSE=1 perl -I $(top_builddir) -I $(top_srcdir) ../test.pl
+#	NPTEST_DEBUG=1 HARNESS_VERBOSE=1 perl -I $(top_builddir) -I $(top_srcdir) ../test.pl t/utils.t	# utils.t is excluded from above, so manually ask to test
+
+CLEANFILES=$(libexec_SCRIPTS)
+
+.in.py:
+	@if [ ! "$(PYTHON)" = "missing" ]; then \
+	    $(EDIT) $< > $@; \
+	    chmod +x $@; \
+	fi
+
+clean-local:
+	rm -f NP-VERSION-FILE *.pyc

plugins-python/check_heartbleed.in

@@ -0,0 +1,331 @@
+#!/usr/bin/python2
+
+# Check_Heartbleed.py v0.6
+# 18/4/2014
+
+# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
+# The author disclaims copyright to this source code.
+
+# Modified for simplified checking by Yonathan Klijnsma
+
+# Modified to turn into a Nagios Plugin by Scott Wilkerson (swilkerson@nagios.com)
+# Modified to include TLS v1.2, v1.1, v1.0, and SSLv3.0, defaults to 1.1 (sreinhardt@nagios.com)
+# 	Corrected Hello and Heartbeat packets to match versions
+#	Added optional verbose output
+#	Reimplemented output message and added Rich's idea for looping all supported versions
+# Suggested and implemented in another plugin looping of all versions by default (rich.brown@blueberryhillsoftware.com)
+
+import sys
+import struct
+import socket
+import time
+import select
+import re
+from optparse import OptionParser
+
+options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
+options.add_option('-H', '--host', type='string', default='127.0.0.1', help='Host to connect to (default: 127.0.0.1)')
+options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
+options.add_option('-v', '--version', type='int', default=-1, help='TLS or SSL version to test [TLSv1.0(0), TLSv1.1(1), TLSv1.2(2), or SSLv3.0(3)] (default: all)')
+options.add_option('-u', '--udp', default=False, action='store_true', help='Use TCP or UDP protocols, no arguments needed. This does not work presently, keep to TCP. (default: TCP)')
+options.add_option('-t', '--timeout', type='int', default=10, help='Plugin timeout length (default: 10)')
+options.add_option('-V', '--verbose', default=False, action='store_true', help='Print verbose output, including hexdumps of packets.')
+
+def h2bin(x):
+    return x.replace(' ', '').replace('\n', '').decode('hex')
+
+# Returns correct versioning for handshake and hb packets
+def tls_ver ():
+    global opts
+    if opts.version == 0:    #TLSv1.0
+        return '''03 01'''
+    elif opts.version == 2:    #TLSv1.2
+        return '''03 03'''
+    elif opts.version == 3:    #SSLv3.0
+        return '''03 00'''
+    else:                    #TLSv1.1
+        return '''03 02'''
+
+# Builds hello packet with correct tls version for rest of connection
+def build_hello():
+
+    hello = h2bin('''
+    16 ''' + tls_ver() + ''' 00  dc 01 00 00 d8 ''' + tls_ver() + ''' 53
+    4e d0 57 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
+    bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
+    00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
+    00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
+    c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
+    c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
+    c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
+    c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
+    00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
+    03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
+    00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
+    00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
+    00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
+    00 0f 00 01 01                                  
+    ''')
+
+##### Hello Packet Layout #####
+#	16													# initiate handshake
+#	+ tls_ver() +  										# version of tls to use
+#	00  dc 												# Length
+#	01 													# Handshake type (hello)
+#	00 00 d8 											# Length
+#	+ tls_ver() +  										# version of tls to use
+#	53 43 5b 90 										# timestamp (change?)
+#	9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf				# random bytes (seriously!)
+#   bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 		# random bytes (seriously!)
+#	00													# Length of session id (start new session)
+#   00 66 												# Length of ciphers supported list
+#	c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88			# 2 byte list of supported ciphers
+#   00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c	# 2 byte list of supported ciphers cont
+#   c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09	# 2 byte list of supported ciphers cont
+#   c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44	# 2 byte list of supported ciphers cont
+#   c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c	# 2 byte list of supported ciphers cont
+#   c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11	# 2 byte list of supported ciphers cont
+#   00 08 00 06 00 03 00 ff  							# 2 byte list of supported ciphers cont
+#	01 													# Length of compression methods
+#	00 													# Null compression (none)
+#	00 49												# Length of TLS extension list
+#	00 0b 00 04 03 00 01 02								# Elliptic curve point formats extension
+#	00 0a 00 34  00 32 00 0e 00 0d 00 19				# Elliptic curve
+#   00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08	# Elliptic curve cont
+#   00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13	# Elliptic curve cont
+#   00 01 00 02 00 03 00 0f  00 10 00 11				# Elliptic curve cont
+#	00 23 00 00											# TLS sessions ticket supported
+#   00 0f 00 01 01										# Heartbeat extension
+##### End Hello Packet #####
+
+    return hello
+
+# Builds and returns heartbleed packet that matches with tls version
+def build_hb():
+
+    hb = h2bin('''
+    18 ''' + tls_ver() + ''' 00 03
+    01 40 00
+    ''')
+
+##### Heartbleed Packet Layout #####
+#   18													# TLS Record Type (heartbeat) 
+#	+ tls_ver() + 										# TLS version
+#	00 03												# Length
+#   01 													# Heartbeat request
+#	40 00												# Length (16384 bytes)
+##### End Heartbleed Packet #####
+    
+    return hb
+
+# Builds and sends hb packet with zero size
+def build_empty_hb():
+
+    hb = h2bin('''
+    18 ''' + tls_ver() + ''' 00 03
+    01 00 00
+    ''')
+
+##### Heartbleed Packet Layout #####
+#   18													# TLS Record Type (heartbeat) 
+#	+ tls_ver() + 										# TLS version
+#	00 03												# Length
+#   01 													# Heartbeat request
+#	40 00												# Length (16384 bytes)
+##### End Heartbleed Packet #####
+    
+    return hb
+
+# Receives data from socket for specified length
+def recvall(s, length):
+    global opts
+    endtime = time.time() + opts.timeout
+    rdata = ''
+    remain = length
+
+    while remain > 0:
+        rtime = endtime - time.time() 
+        if rtime < 0:
+            return None
+        r, w, e = select.select([s], [], [], 5)
+        if s in r:
+            try:
+                data = s.recv(remain)
+            except socket.error:
+                # Should this be OK, as the server has sent a rst most likely and is therefore likely patched?
+                print 'UNKNOWN: Server ' + opts.host + ' closed connection after sending heartbeat. Likely the server has been patched.'
+                sys.exit(3)
+            # EOF?
+            if not data:
+                return None
+            rdata += data
+            remain -= len(data)
+    return rdata
+        
+# Receives messages and handles accordingly
+def recvmsg(s):
+    global opts
+    hdr = recvall(s, 5)
+    if hdr is None:
+        return None, None, None
+    typ, ver, ln = struct.unpack('>BHH', hdr)
+    pay = recvall(s, ln)
+    if pay is None:
+        return None, None, None
+    if opts.verbose == True:
+        print ' ... received message: type = %d, ver = %04x, length = %d, pay = %02x' % (typ, ver, len(pay), ord(pay[0]))
+    return typ, ver, pay
+
+# Sends empty hb packet
+def hit_hb(s, hb):
+    global opts
+
+    if opts.verbose == True:
+       print 'Sending malformed heartbeat packet...'
+
+    try:
+        s.send(hb)
+    except socket.error:
+        print 'UNKNOWN: Error sending heartbeat to ' + opts.host
+        sys.exit(3)
+
+    while True:
+        typ, ver, pay = recvmsg(s)
+        if typ == None:
+            returncode = 0
+            break
+
+        if typ == 24:
+            if pay > 3:
+                returncode = 2    # vulnerable
+                break
+            else:
+                returncode = 0
+                break
+
+        if typ == 21:    # TLS mismatch, hopefully we don't find this
+            returncode = 0
+            break
+
+    #Outside of while
+    if returncode == 0: # Not vulnerable message
+        if opts.version == 3: #respond with ssl instead of tls
+            message = 'SSLv3.0 is not vulnerable. '
+        else:
+            message = 'TLSv1.' + str(opts.version) + ' is not vulnerable. '
+    else: # vulnerable message
+        if opts.version == 3: #respond with ssl instead of tls
+            message = 'SSLv3.0 is vulnerable. '
+        else:
+            message = 'TLSv1.' + str(opts.version) + ' is vulnerable. '
+
+    return returncode, message
+
+# Prints nagios style output and exit codes
+def print_output(exitcode, outputmessage):
+
+    if exitcode == 2:
+        print 'CRITICAL: Server ' + opts.host + ' ' + outputmessage
+    else:
+        print 'OK: Server ' + opts.host + ' ' + outputmessage
+
+    sys.exit(exitcode)
+
+# Outputs packets as hex, used for verbose output
+def hexdump(s):
+
+    for b in xrange(0, len(s), 16):
+        lin = [c for c in s[b : b + 16]]
+        hxdat = ' '.join('%02X' % ord(c) for c in lin)
+        pdat = ''
+        for c in lin:
+            if 32 <= ord(c) <= 126:
+                pdat += c
+            else:
+                pdat += '.'
+        print '  %04x: %-48s %s' % (b, hxdat, pdat)
+    print
+
+# Initiates connection and handles initial hello\hb sending
+def connect(hb):
+    global opts
+ 
+    if opts.udp == True:
+        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    else:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    
+    s.settimeout(opts.timeout)
+
+    try: 
+        s.connect((opts.host, opts.port))
+    except socket.error:
+        print 'UNKNOWN: Connecton to server ' + opts.host + ' could not be established.'
+        sys.exit(3)
+
+    hello = build_hello()
+
+    if opts.verbose == True:
+        print 'Sending hello packet...'
+
+    try:
+        s.send(hello)
+    except socket.error:
+        print 'UNKNOWN: Error sending hello to ' + opts.host
+        sys.exit(3)
+
+    while True:
+        typ, ver, pay = recvmsg(s)
+        if typ == None:
+            print 'UNKNOWN: Server ' + opts.host + ' closed connection without sending Server Hello.'
+            sys.exit(3)
+        # Look for server hello done message.
+        if typ == 22 and ord(pay[0]) == 0x0E:
+            if opts.verbose == True:
+                hexdump(pay)
+            break
+        else:
+            if opts.verbose == True:
+                hexdump(pay)
+            continue
+
+    if opts.verbose == True:
+        print 'Sending malformed heartbeat packet...'
+
+    try:
+        s.send(hb)
+    except socket.error:
+        print 'UNKNOWN: Error sending heartbeat to ' + opts.host
+        sys.exit(3)
+
+    return s
+
+def main():
+    global opts
+    opts, args = options.parse_args()
+    exitcode = 0
+    outputmessage = ''
+
+    if opts.version == -1: # no version was specified, loop.
+
+        if opts.verbose == True:
+            print 'Checking all supported TLS and SSL versions.'
+
+        for opts.version in [0, 1, 2, 3]:
+            hb = build_hb()
+            s = connect(hb)
+            returncode, message = hit_hb(s, hb)
+
+            if returncode > exitcode:
+                exitcode = returncode
+            outputmessage += message
+            
+    else: # version was specified
+        hb = build_hb()
+        s = connect(hb)
+        exitcode, outputmessage = hit_hb(s, hb)
+
+    print_output(exitcode, outputmessage)
+
+if __name__ == '__main__':
+    main()

plugins-python/check_imap_login.in

@@ -0,0 +1,61 @@
+#!/usr/bin/python
+# vi:si:et:sw=4:sts=4:ts=4
+# -*- coding: UTF-8 -*-
+# -*- Mode: Python -*-
+#
+# Copyright (C) 2005 Bertera Pietro <pietro@bertera.it>
+
+# This file may be distributed and/or modified under the terms of
+# the GNU General Public License version 2 as published by
+# the Free Software Foundation.
+# This file is distributed without any warranty; without even the implied
+# warranty of merchantability or fitness for a particular purpose.
+# See "LICENSE.GPL" in the source distribution for more information.
+
+import sys, os, imaplib, getopt
+
+def usage():
+    print "-u <user>"
+    print "-p <password>"
+    print "-s use SSL"
+    print "-H <host>"
+
+def main():
+	try:
+	    opts, args = getopt.getopt(sys.argv[1:], "u:p:sH:")	
+    except getopt.GetoptError:
+        usage()
+        return 3
+    
+    user = host = password = use_ssl = None
+    
+    for o, a in opts:
+        if o == "-u":
+            user = a
+        elif o == "-p":
+            password = a
+        elif o == "-s":
+            use_ssl = True
+        elif o == "-H":
+            host = a  
+    if user == None or password == None or host == None:
+        usage()
+        return 1
+    
+    if use_ssl:
+        M = imaplib.IMAP4_SSL(host=host)
+    else:
+    	M = imaplib.IMAP4(host)
+    
+    try:	
+        M.login(user, password)
+	except Exception, e:
+        print "CRITICAL: IMAP Login not Successful: %s" % e
+        sys.exit(2)
+    
+    M.logout()
+    print "OK IMAP Login Successful"
+    return 0
+
+if __name__ == "__main__":
+        sys.exit(main())

plugins-python/check_ncpa.in

@@ -0,0 +1,300 @@
+#!@PYTHON@
+"""
+SYNOPSIS
+
+
+"""
+import sys
+import optparse
+import traceback
+import ssl
+
+# Python 2/3 Compatibility imports
+
+try:
+    import json
+except ImportError:
+    import simplejson as json
+
+try:
+    import urllib.request
+    import urllib.parse
+    import urllib.error
+except ImportError:
+    import urllib2
+    import urllib
+
+try:
+    urlencode = urllib.parse.urlencode
+except AttributeError:
+    urlencode = urllib.urlencode
+
+try:
+    urlopen = urllib.request.urlopen
+except AttributeError:
+    urlopen = urllib2.urlopen
+
+try:
+    urlquote = urllib.parse.quote
+except AttributeError:
+    urlquote = urllib.quote
+
+import shlex
+import re
+import signal
+
+__VERSION__ = '1.1.0'
+
+def pretty(d, indent=0, indenter=' ' * 4):
+    info_str = ''
+    for key, value in list(d.items()):
+        info_str += indenter * indent + str(key)
+        if isinstance(value, dict):
+            info_str += '/\n'
+            info_str += pretty(value, indent + 1, indenter)
+        else:
+            info_str += ': ' + str(value) + '\n'
+    return info_str
+
+
+def parse_args():
+    version = 'check_ncpa.py, Version %s' % __VERSION__
+
+    parser = optparse.OptionParser()
+    parser.add_option("-H", "--hostname", help="The hostname to be connected to.")
+    parser.add_option("-M", "--metric", default='',
+                      help="The metric to check, this is defined on client "
+                           "system. This would also be the plugin name in the "
+                           "plugins directory. Do not attach arguments to it, "
+                           "use the -a directive for that. DO NOT INCLUDE the api/ "
+                           "instruction.")
+    parser.add_option("-P", "--port", default=5693, type="int",
+                      help="Port to use to connect to the client.")
+    parser.add_option("-w", "--warning", default=None, type="str",
+                      help="Warning value to be passed for the check.")
+    parser.add_option("-c", "--critical", default=None, type="str",
+                      help="Critical value to be passed for the check.")
+    parser.add_option("-u", "--units", default=None,
+                      help="The unit prefix (k, Ki, M, Mi, G, Gi, T, Ti) for b and B unit "
+                           "types which calculates the value returned.")
+    parser.add_option("-n", "--unit", default=None,
+                      help="Overrides the unit with whatever unit you define. "
+                           "Does not perform calculations. This changes the unit of measurement only.")
+    parser.add_option("-a", "--arguments", default=None,
+                      help="Arguments for the plugin to be run. Not necessary "
+                           "unless you're running a custom plugin. Given in the same "
+                           "as you would call from the command line. Example: -a '-w 10 -c 20 -f /usr/local'")
+    parser.add_option("-t", "--token", default='',
+                      help="The token for connecting.")
+    parser.add_option("-T", "--timeout", default=60, type="int",
+                      help="Enforced timeout, will terminate plugins after "
+                           "this amount of seconds. [%default]")
+    parser.add_option("-d", "--delta", action='store_true',
+                      help="Signals that this check is a delta check and a "
+                           "local state will kept.")
+    parser.add_option("-l", "--list", action='store_true',
+                      help="List all values under a given node. Do not perform "
+                           "a check.")
+    parser.add_option("-v", "--verbose", action='store_true',
+                      help='Print more verbose error messages.')
+    parser.add_option("-D", "--debug", action='store_true',
+                      help='Print LOTS of error messages. Used mostly for debugging.')
+    parser.add_option("-V", "--version", action='store_true',
+                      help='Print version number of plugin.')
+    parser.add_option("-q", "--queryargs", default=None,
+                      help='Extra query arguments to pass in the NCPA URL.')
+    parser.add_option("-s", "--secure", action='store_true', default=False,
+                      help='Require successful certificate verification. Does not work on Python < 2.7.9.')
+    parser.add_option("-p", "--performance", action='store_true', default=False,
+                      help='Print performance data even when there is none. '
+                           'Will print data matching the return code of this script')
+    options, _ = parser.parse_args()
+
+    if options.version:
+        print(version)
+        sys.exit(0)
+
+    if options.arguments and options.metric and not 'plugin' in options.metric:
+        parser.print_help()
+        parser.error('You cannot specify arguments without running a custom plugin.')
+
+    if not options.hostname:
+        parser.print_help()
+        parser.error("Hostname is required for use.")
+
+    elif not options.metric and not options.list:
+        parser.print_help()
+        parser.error('No metric given, if you want to list all possible items '
+                     'use --list.')
+
+    options.metric = re.sub(r'^/?(api/)?', '', options.metric)
+
+    return options
+
+
+# ~ The following are all helper functions. I would normally split these out into
+# ~ a new module but this needs to be portable.
+
+
+def get_url_from_options(options):
+    host_part = get_host_part_from_options(options)
+    arguments = get_arguments_from_options(options)
+    return '%s?%s' % (host_part, arguments)
+
+
+def get_host_part_from_options(options):
+    """Gets the address that will be queries for the JSON.
+
+    """
+    hostname = options.hostname
+    port = options.port
+
+    if not options.metric is None:
+        metric = urlquote(options.metric)
+    else:
+        metric = ''
+
+    arguments = get_check_arguments_from_options(options)
+    if not metric and not arguments:
+        api_address = 'https://%s:%d/api' % (hostname, port)
+    else:
+        api_address = 'https://%s:%d/api/%s/%s' % (hostname, port, metric, arguments)
+
+    return api_address
+
+
+def get_check_arguments_from_options(options):
+    """Gets the escaped URL for plugin arguments to be added
+    to the end of the host URL. This is different from the get_arguments_from_options
+    in that this is meant for the syntax when the user is calling a check, whereas the below
+    is when GET arguments need to be added.
+
+    """
+    arguments = options.arguments
+    if arguments is None:
+        return ''
+    else:
+        lex = shlex.shlex(arguments)
+        lex.whitespace_split = True
+        arguments = '/'.join([urlquote(x, safe='') for x in lex])
+        return arguments
+
+
+def get_arguments_from_options(options, **kwargs):
+    """Returns the http query arguments. If there is a list variable specified,
+    it will return the arguments necessary to query for a list.
+
+    """
+
+    # Note: Changed back to units due to the units being what is passed via the
+    # API call which can confuse people if they don't match
+    arguments = { 'token': options.token,
+                  'units': options.units }
+    
+    if not options.list:
+        arguments['warning'] = options.warning
+        arguments['critical'] = options.critical
+        arguments['delta'] = options.delta
+        arguments['check'] = 1
+        arguments['unit'] = options.unit
+
+    if options.queryargs:
+        for argument in options.queryargs.split(','):
+            key, value = argument.split('=')
+            arguments[key] = value
+
+    #~ Encode the items in the dictionary that are not None
+    return urlencode(dict((k, v) for k, v in list(arguments.items()) if v is not None))
+
+
+def get_json(options):
+    """Get the page given by the options. This will call down the url and
+    encode its finding into a Python object (from JSON).
+
+    """
+    url = get_url_from_options(options)
+
+    if options.verbose:
+        print('Connecting to: ' + url)
+
+    try:
+        ctx = ssl.create_default_context()
+        if not options.secure:
+            ctx.check_hostname = False
+            ctx.verify_mode = ssl.CERT_NONE
+        ret = urlopen(url, context=ctx)
+    except AttributeError:
+        ret = urlopen(url)
+
+    ret = ''.join(ret)
+
+    if options.verbose:
+        print('File returned contained:\n' + ret)
+
+    arr = json.loads(ret)
+
+    if 'value' in arr:
+        return arr['value']
+
+    return arr
+
+
+def run_check(info_json):
+    """Run a check against the remote host.
+
+    """
+    return info_json['stdout'], info_json['returncode']
+
+
+def show_list(info_json):
+    """Show the list of available options.
+
+    """
+    return pretty(info_json), 0
+
+
+def timeout_handler(threshold):
+    def wrapped(signum, frames):
+        stdout = "UNKNOWN: Execution exceeded timeout threshold of %ds" % threshold
+        print stdout
+        sys.exit(3)
+    return wrapped
+
+
+def main():
+    options = parse_args()
+
+    # We need to ensure that we will only execute for a certain amount of
+    # seconds.
+    signal.signal(signal.SIGALRM, timeout_handler(options.timeout))
+    signal.alarm(options.timeout)
+
+    try:
+
+        if options.version:
+            stdout = 'The version of this plugin is %s' % __VERSION__
+            return stdout, 0
+
+        info_json = get_json(options)
+        if options.list:
+            return show_list(info_json)
+        else:
+            stdout, returncode = run_check(info_json)
+            if options.performance and stdout.find("|") == -1:
+                performance = " | 'status'={};1;2;".format(returncode)
+                return "{}{}".format(stdout, performance), returncode
+            else:
+                return stdout, returncode
+    except Exception, e:
+        if options.debug:
+            return 'The stack trace:' + traceback.format_exc(), 3
+        elif options.verbose:
+            return 'An error occurred:' + str(e), 3
+        else:
+            return 'UNKNOWN: Error occurred while running the plugin. Use the verbose flag for more details.', 3
+
+
+if __name__ == "__main__":
+    stdout, returncode = main()
+    print(stdout)
+    sys.exit(returncode)

plugins-root/Makefile.am

@@ -52,9 +52,20 @@ INSTALL_SUID = \
 	chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \
 	done
 
+INSTALL_NOSUID = \
+	for f in $(noinst_PROGRAMS) ; do \
+	p=$$f; \
+	echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \
+	$(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \
+	echo "NOTE: $(DESTDIR)$(libexecdir)/$$p expected to be chown/chmod by the package installer"; \
+	done
+
 install-root: $(noinst_PROGRAMS)
 	@$(INSTALL_SUID)
 
+install-packager: $(noinst_PROGRAMS)
+	@$(INSTALL_NOSUID)
+
 install-exec-local: $(noinst_PROGRAMS)
 	@TMPFILE=$(DESTDIR)$(libexecdir)/.setuid-$$$$; \
 	rm -f $$TMPFILE; \

plugins-root/pst3.c

@@ -257,6 +257,6 @@ void usage() {
   printf("\tRSS      - Real memory usage (kilobytes)\n");
   printf("\t%%CPU     - CPU usage\n");
   printf("\tCOMMAND  - Command being run\n");
-  printf("\tARGS     - Full command line with arguements\n");
+  printf("\tARGS     - Full command line with arguments\n");
   return;
 }

plugins-scripts/check_disk_smb.pl

@@ -22,7 +22,7 @@ require 5.004;
 use POSIX;
 use strict;
 use Getopt::Long;
-use vars qw($opt_P $opt_V $opt_h $opt_H $opt_k $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $verbose);
+use vars qw($opt_P $opt_V $opt_m $opt_h $opt_H $opt_k $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $verbose);
 use vars qw($PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
@@ -45,6 +45,7 @@ GetOptions
 	 "V"   => \$opt_V, "version"    => \$opt_V,
 	 "h"   => \$opt_h, "help"       => \$opt_h,
 	 "k"   => \$opt_k, "kerberos"   => \$opt_k,
+	 "m=s" => \$opt_m, "maxprotocol=s" => \$opt_m,
 	 "w=s" => \$opt_w, "warning=s"  => \$opt_w,
 	 "c=s" => \$opt_c, "critical=s" => \$opt_c,
 	 "p=s" => \$opt_p, "password=s" => \$opt_p,
@@ -52,7 +53,8 @@ GetOptions
 	 "s=s" => \$opt_s, "share=s"    => \$opt_s,
 	 "W=s" => \$opt_W, "workgroup=s" => \$opt_W,
 	 "H=s" => \$opt_H, "hostname=s" => \$opt_H,
-	 "a=s" => \$opt_a, "address=s" => \$opt_a);
+	 "a=s" => \$opt_a, "address=s" => \$opt_a,
+	 "C=s" => \$opt_C, "configfile=s" => \$opt_C);
 
 if ($opt_V) {
 	print_revision($PROGNAME,'@NP_VERSION@'); #'
@@ -82,6 +84,9 @@ defined($user) || usage("Invalid user: $opt_u\n");
 defined($opt_p) || ($opt_p = shift @ARGV) || ($opt_p = "");
 my $pass = $1 if ($opt_p =~ /(.*)/);
 
+defined($opt_m) || ($opt_m = shift @ARGV) || ($opt_m = "");
+my $maxprotocol = $1 if ($opt_m =~ /(.*)/);
+
 ($opt_w) || ($opt_w = shift @ARGV) || ($opt_w = 85);
 my $warn = $1 if ($opt_w =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/);
 ($warn) || usage("Invalid warning threshold: $opt_w\n");
@@ -90,6 +95,10 @@ my $warn = $1 if ($opt_w =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/);
 my $crit = $1 if ($opt_c =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/);
 ($crit) || usage("Invalid critical threshold: $opt_c\n");
 
+($opt_C) || ($opt_C = shift @ARGV) || ($opt_C = "");
+my $configfile = $opt_C if ($opt_C);
+usage("Unable to read config file $configfile\n") if ($configfile) && (! -r $configfile);
+
 # Execute the given command line and return anything it writes to STDOUT and/or
 # STDERR.  (This might be useful for other plugins, too, so it should possibly
 # be moved to utils.pm.)
@@ -187,10 +196,12 @@ my @cmd = (
 	$smbclient,
 	"//$host/$share",
 	"-U", "$user%$pass",
+	defined($maxprotocol) ? ("-m", $maxprotocol) : (),
 	defined($workgroup) ? ("-W", $workgroup) : (),
 	defined($address) ? ("-I", $address) : (),
 	defined($opt_P) ? ("-p", $opt_P) : (),
 	defined($opt_k) ? ("-k") : (),
+	defined($configfile) ? ("-s, $configfile") : (),
 	"-c", "du"
 );
 
@@ -289,8 +300,9 @@ print "$state\n" if ($verbose);
 exit $ERRORS{$state};
 
 sub print_usage () {
-	print "Usage: $PROGNAME -H <host> -s <share> -u <user> -p <password> 
-      -w <warn> -c <crit> [-W <workgroup>] [-P <port>] [-a <IP>]\n";
+	print "Usage: $PROGNAME -H <host> -s <share> -u <user> 
+      -p <password> -w <warn> -c <crit> [-W <workgroup>] [-P <port>] 
+      [-a <IP>] [-C <configfile>]\n";
 }
 
 sub print_help () {
@@ -316,12 +328,13 @@ Perl Check SMB Disk plugin for Nagios
    Password to log in to server. (Defaults to an empty password)
 -w, --warning=INTEGER or INTEGER[kMG]
    Percent of used space at which a warning will be generated (Default: 85%)
-      
 -c, --critical=INTEGER or INTEGER[kMG]
    Percent of used space at which a critical will be generated (Defaults: 95%)
 -P, --port=INTEGER
    Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default)
-   
+-C, --configfile=STRING
+   Path to configfile which should be used by smbclient (Defaults to smb.conf of your smb installation)
+
    If thresholds are followed by either a k, M, or G then check to see if that
    much disk space is available (kilobytes, Megabytes, Gigabytes)
 

plugins-scripts/check_ifoperstatus.pl

@@ -134,7 +134,7 @@ if (defined $ifdescr || defined $iftype) {
 	}
 	if ($status==0) {
 		$state = "UNKNOWN";
-		printf "$state: could not retrive ifdescr/iftype snmpkey - $status-$snmpkey\n";
+		printf "$state: could not retrieve ifdescr/iftype snmpkey - $status-$snmpkey\n";
 		$session->close;
 		exit $ERRORS{$state};
 	}
@@ -187,7 +187,7 @@ if (defined $ifXTable) {
 	 $name = $response->{$snmpIfDescr} ;
 }
 
-## if AdminStatus is down - some one made a consious effort to change config
+## if AdminStatus is down - some one made a conscious effort to change config
 ##
 if ( not ($response->{$snmpIfAdminStatus} == 1) ) {
 	$answer = "Interface $name (index $snmpkey) is administratively down.";
@@ -286,7 +286,7 @@ sub print_usage() {
 	printf "check_ifoperstatus -k <IF_KEY> -H <HOSTNAME> [-C <community>]\n";
 	printf "Copyright (C) 2000 Christoph Kron\n";
 	printf "check_ifoperstatus.pl comes with ABSOLUTELY NO WARRANTY\n";
-	printf "This programm is licensed under the terms of the ";
+	printf "This program is licensed under the terms of the ";
 	printf "GNU General Public License\n(check source code for details)\n";
 	printf "\n\n";
 }
@@ -325,7 +325,7 @@ sub print_help() {
 	printf "                     (Implies the use of -I)\n";
 	printf "   -w (--warn =i|w|c) ignore|warn|crit if the interface is dormant (default critical)\n";
 	printf "   -D (--admin-down =i|w|c) same for administratively down interfaces (default warning)\n";
-	printf "   -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n";
+	printf "   -M (--maxmsgsize) Max message size - useful only for v1 or v2c\n";
 	printf "   -t (--timeout)    seconds before the plugin times out (default=$TIMEOUT)\n";
 	printf "   -V (--version)    Plugin version\n";
 	printf "   -h (--help)       usage help \n\n";
@@ -424,7 +424,7 @@ sub process_arguments() {
 		if (defined $seclevel && defined $secname) {
 			$session_opts{'-username'} = $secname;
 		
-			# Must define a security level even though defualt is noAuthNoPriv
+			# Must define a security level even though default is noAuthNoPriv
 			unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
 				usage("Must define a valid security level even though default is noAuthNoPriv");
 			}

plugins-scripts/check_ifstatus.pl

@@ -281,7 +281,7 @@ sub print_help() {
 	printf "                     in hex with 0x prefix generated by using \"snmpkey\" utility\n"; 
 	printf "                     privacy password and authEngineID\n";
 	printf "   -P (--privproto)  privacy protocol (DES or AES; default: DES)\n";
-	printf "   -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n";
+	printf "   -M (--maxmsgsize) Max message size - useful only for v1 or v2c\n";
 	printf "   -t (--timeout)    seconds before the plugin times out (default=$TIMEOUT)\n";
 	printf "   -V (--version)    Plugin version\n";
 	printf "   -h (--help)       usage help \n\n";
@@ -355,7 +355,7 @@ sub process_arguments() {
 		if (defined $seclevel && defined $secname) {
 			$session_opts{'-username'} = $secname;
 		
-			# Must define a security level even though defualt is noAuthNoPriv
+			# Must define a security level even though default is noAuthNoPriv
 			unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
 				usage("Must define a valid security level even though default is noAuthNoPriv");
 			}

plugins-scripts/check_ircd.pl

@@ -63,7 +63,7 @@ sub print_usage ();
 sub connection ($$$$);
 sub bindRemote ($$);
 
-# -------------------------------------------------------------[ Enviroment ]--
+# ------------------------------------------------------------[ Environment ]--
 
 $ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
@@ -209,7 +209,7 @@ MAIN:
 
 	# Just in case of problems, let's not hang Nagios
 	$SIG{'ALRM'} = sub {
-		print "Somthing is Taking a Long Time, Increase Your TIMEOUT (Currently Set At $TIMEOUT Seconds)\n";
+		print "Something is Taking a Long Time, Increase Your TIMEOUT (Currently Set At $TIMEOUT Seconds)\n";
 		exit $ERRORS{"UNKNOWN"};
 	};
 	

plugins-scripts/check_log.sh

@@ -73,7 +73,7 @@ print_usage() {
     echo "Usage: $PROGNAME -F logfile -O oldlog -q query"
     echo "Usage: $PROGNAME --help"
     echo "Usage: $PROGNAME --version"
-    echo "     Aditional parameter:"
+    echo "     Additional parameter:"
     echo "        -w (--max_warning) If used, determines the maximum matching value to return as warning, when finding more matching lines than this parameter will return as critical. If not used, will consider as default 0 (any matching will consider as critical)"
     echo "Usage: $PROGNAME -F logfile -O oldlog -q query -w <number>"
 }
@@ -169,6 +169,16 @@ while test -n "$1"; do
     shift
 done
 
+if [ "$oldlog" = "" ]; then
+	echo "Log check error: You must supply an Old Log File name using '-O'!"
+	exit "$STATE_UNKNOWN"
+fi
+rc=`echo "$oldlog" | grep -q -- "^-"; echo $?`
+if [ $rc -eq 0 ]; then
+	echo "Log check error: You must supply an Old Log File name using '-O'!"
+	exit "$STATE_UNKNOWN"
+fi
+
 # If the source log file doesn't exist, exit
 
 if [ ! -e "$logfile" ]; then
@@ -204,11 +214,15 @@ fi
 
 diff "$logfile" "$oldlog" | grep -v "^>" > "$tempdiff"
 
-# Count the number of matching log entries we have
-count=$(grep -c "$query" "$tempdiff")
+# Count the number of matching log entries we have and handle errors when grep fails
+count=$(grep -c "$query" "$tempdiff" 2>&1)
+if [[ $? -gt 1 ]];then
+    echo "Log check error: $count"
+    exit "$STATE_UNKNOWN"
+fi
 
 # Get the last matching entry in the diff file
-lastentry=$(grep "$query" "$tempdiff" | tail -1)
+lastentry=$(egrep "$query" "$tempdiff" | tail -1)
 
 rm -f "$tempdiff"
 cat "$logfile" > "$oldlog"

plugins-scripts/check_mailq.pl

@@ -4,7 +4,7 @@
 #   transmittal.  
 #
 # Initial version support sendmail's mailq command
-#  Support for mutiple sendmail queues (Carlos Canau)
+#  Support for multiple sendmail queues (Carlos Canau)
 #  Support for qmail (Benjamin Schmid)
 
 # License Information:
@@ -28,9 +28,9 @@
 use POSIX;
 use strict;
 use Getopt::Long;
-use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c $opt_t $opt_s
-					$opt_M $mailq $status $state $msg $msg_q $msg_p $opt_W $opt_C $mailq @lines
-					%srcdomains %dstdomains);
+use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c $opt_t $opt_s $opt_d
+					$opt_M $mailq $status $state $msg $msg_q $msg_p $opt_W $opt_C $mailq $mailq_args
+					@lines %srcdomains %dstdomains);
 use FindBin;
 use lib "$FindBin::Bin";
 use lib '@libexecdir@';
@@ -49,6 +49,8 @@ $PROGNAME = "check_mailq";
 $mailq = 'sendmail';	# default
 $msg_q = 0 ;
 $msg_p = 0 ;
+# If appended, must start with a space
+$mailq_args = '' ;
 $state = $ERRORS{'UNKNOWN'};
 
 Getopt::Long::Configure('bundling');
@@ -58,6 +60,10 @@ if ($status){
 	exit $ERRORS{"UNKNOWN"};
 }
 
+if ($opt_d) {
+	$mailq_args = $mailq_args . ' -C ' . $opt_d;
+}
+
 if ($opt_s) {
 	if ($utils::PATH_TO_SUDO ne "") {
 		if (-x $utils::PATH_TO_SUDO) {
@@ -313,19 +319,19 @@ elsif ( $mailq eq "postfix" ) {
      ## open mailq
 	if ( defined $utils::PATH_TO_MAILQ ) {
 		if (-x $utils::PATH_TO_MAILQ) {
-			if (! open (MAILQ, "$utils::PATH_TO_MAILQ | ")) {
-				print "ERROR: $utils::PATH_TO_MAILQ returned an error\n";
+			if (! open (MAILQ, "$utils::PATH_TO_MAILQ$mailq_args | ")) {
+				print "ERROR: $utils::PATH_TO_MAILQ$mailq_args returned an error\n";
 				exit $ERRORS{'UNKNOWN'};
 			}
 		}
 		else {
 			if ( $sudo ne "" ) {
-				if (! open (MAILQ, "$sudo $utils::PATH_TO_MAILQ | " ) ) {
-					print "ERROR: $utils::PATH_TO_MAILQ is not executable with sudo by (uid $>:gid($)))\n";
+				if (! open (MAILQ, "$sudo $utils::PATH_TO_MAILQ$mailq_args | " ) ) {
+					print "ERROR: $utils::PATH_TO_MAILQ$mailq_args is not executable with sudo by (uid $>:gid($)))\n";
 					exit $ERRORS{'UNKNOWN'};
 				}
 			} else {
-				print "ERROR: $utils::PATH_TO_MAILQ is not executable by (uid $>:gid($))) and sudo is not set in utils.pm\n";
+				print "ERROR: $utils::PATH_TO_MAILQ$mailq_args is not executable by (uid $>:gid($))) and sudo is not set in utils.pm\n";
 				exit $ERRORS{'UNKNOWN'};
 			}
 		}
@@ -338,7 +344,7 @@ elsif ( $mailq eq "postfix" ) {
 	@lines = reverse <MAILQ>;
 
         if ( $? ) {
-		print "CRITICAL: Error code ".($?>>8)." returned from $utils::PATH_TO_MAILQ",$/;
+		print "CRITICAL: Error code ".($?>>8)." returned from $utils::PATH_TO_MAILQ$mailq_args",$/;
 		exit $ERRORS{CRITICAL};
         }
 
@@ -351,7 +357,7 @@ elsif ( $mailq eq "postfix" ) {
 	}elsif ($lines[0]=~/Mail queue is empty/) {
 		$msg_q = 0;
         }else{
-                print "Couldn't match $utils::PATH_TO_MAILQ output\n";
+                print "Couldn't match $utils::PATH_TO_MAILQ$mailq_args output\n";
                 exit   $ERRORS{'UNKNOWN'};
         }
 
@@ -520,7 +526,47 @@ elsif ( $mailq eq "exim" ) {
 		$state = $ERRORS{'CRITICAL'};
 	}
 } # end of ($mailq eq "exim")
+elsif ( $mailq eq "opensmtpd" ) {
+	## open smtpctl
+	if ( defined $utils::PATH_TO_SMTPCTL && -x $utils::PATH_TO_SMTPCTL ) {
+		if (! open (MAILQ, "$sudo $utils::PATH_TO_SMTPCTL show queue | " ) ) {
+			print "ERROR: could not open $utils::PATH_TO_SMTPCTL \n";
+			exit $ERRORS{'UNKNOWN'};
+		}
+	}elsif( defined $utils::PATH_TO_SMTPCTL){
+		unless (-x $utils::PATH_TO_SMTPCTL) {
+			print "ERROR: $utils::PATH_TO_SMTPCTL is not executable by (uid $>:gid($)))\n";
+			exit $ERRORS{'UNKNOWN'};
+		}
+	} else {
+		print "ERROR: \$utils::PATH_TO_SMTPCTL is not defined\n";
+		exit $ERRORS{'UNKNOWN'};
+	}
+
+	while (<MAILQ>) {
+
+		# 34357f5b3f589feb|inet4|mta||f.someone@domaina.org|no-reply@domainb.com|no-reply@domainb.com|1498235412|1498581012|0|25|pending|17168|Network error on destination MXs
+		if (/^.*|.*|.*|.*|.*|.*|.*|.*|.*|.*|.*|.*|.*|.*$/) {
+			$msg_q++ ;
+		}
+	}
+	close(MAILQ);
 
+	if ( $? ) {
+		print "CRITICAL: Error code ".($?>>8)." returned from $utils::PATH_TO_SMTPCTL",$/;
+		exit $ERRORS{CRITICAL};
+	}
+	if ($msg_q < $opt_w) {
+		$msg = "OK: $mailq mailq ($msg_q) is below threshold ($opt_w/$opt_c)";
+		$state = $ERRORS{'OK'};
+	}elsif ($msg_q >= $opt_w  && $msg_q < $opt_c) {
+		$msg = "WARNING: $mailq mailq is $msg_q (threshold w = $opt_w)";
+		$state = $ERRORS{'WARNING'};
+	}else {
+		$msg = "CRITICAL: $mailq mailq is $msg_q (threshold c = $opt_c)";
+		$state = $ERRORS{'CRITICAL'};
+	}
+} # end of ($mailq eq "opensmtpd")
 elsif ( $mailq eq "nullmailer" ) {
 	## open mailq
 	if ( defined $utils::PATH_TO_MAILQ && -x $utils::PATH_TO_MAILQ ) {
@@ -558,6 +604,39 @@ elsif ( $mailq eq "nullmailer" ) {
 	}
 } # end of ($mailq eq "nullmailer")
 
+elsif ( $mailq eq "opensmtp" ) {
+	## open mailq
+	if ( defined $utils::PATH_TO_MAILQ && -x $utils::PATH_TO_MAILQ ) {
+		if (! open (MAILQ, "$sudo $utils::PATH_TO_MAILQ | " ) ) {
+			print "ERROR: could not open $utils::PATH_TO_MAILQ \n";
+			exit $ERRORS{'UNKNOWN'};
+		}
+	}elsif( defined $utils::PATH_TO_MAILQ){
+		unless (-x $utils::PATH_TO_MAILQ) {
+			print "ERROR: $utils::PATH_TO_MAILQ is not executable by (uid $>:gid($)))\n";
+			exit $ERRORS{'UNKNOWN'};
+		}
+	} else {
+		print "ERROR: \$utils::PATH_TO_MAILQ is not defined\n";
+		exit $ERRORS{'UNKNOWN'};
+	}
+
+	$msg_q++ while (<MAILQ>);
+
+	close(MAILQ) ;
+	if ($msg_q < $opt_w) {
+		$msg = "OK: $mailq mailq ($msg_q) is below threshold ($opt_w/$opt_c)";
+		$state = $ERRORS{'OK'};
+	}elsif ($msg_q >= $opt_w  && $msg_q < $opt_c) {
+		$msg = "WARNING: $mailq mailq is $msg_q (threshold w = $opt_w)";
+		$state = $ERRORS{'WARNING'};
+	}else {
+		$msg = "CRITICAL: $mailq mailq is $msg_q (threshold c = $opt_c)";
+		$state = $ERRORS{'CRITICAL'};
+	}
+} # end of ($mailq eq "opensmtp")
+
+
 # Perfdata support
 print "$msg|unsent=$msg_q;$opt_w;$opt_c;0\n";
 exit $state;
@@ -576,7 +655,8 @@ sub process_arguments(){
 		 "w=i" => \$opt_w, "warning=i"  => \$opt_w,   # warning if above this number
 		 "c=i" => \$opt_c, "critical=i" => \$opt_c,	  # critical if above this number
 		 "t=i" => \$opt_t, "timeout=i"  => \$opt_t,
-		 "s"   => \$opt_s, "sudo"       => \$opt_s
+		 "s"   => \$opt_s, "sudo"       => \$opt_s,
+		 "d:s" => \$opt_d, "configdir:s" => \$opt_d
 		 );
 
 	if ($opt_V) {
@@ -618,7 +698,7 @@ sub process_arguments(){
 	}
 
 	if (defined $opt_M) {
-		if ($opt_M =~ /^(sendmail|qmail|postfix|exim|nullmailer)$/) {
+		if ($opt_M =~ /^(sendmail|qmail|postfix|exim|nullmailer|opensmtpd)$/) {
 			$mailq = $opt_M ;
 		}elsif( $opt_M eq ''){
 			$mailq = 'sendmail';
@@ -648,6 +728,10 @@ sub process_arguments(){
 		{
 			$mailq = 'nullmailer';
 		}
+		elsif (defined $utils::PATH_TO_SMTPCTL && -x $utils::PATH_TO_SMTPCTL)
+		{
+			$mailq = 'opensmtpd';
+		}
 		else {
 			$mailq = 'sendmail';
 		}
@@ -657,7 +741,7 @@ sub process_arguments(){
 }
 
 sub print_usage () {
-	print "Usage: $PROGNAME -w <warn> -c <crit> [-W <warn>] [-C <crit>] [-M <MTA>] [-t <timeout>] [-s] [-v]\n";
+	print "Usage: $PROGNAME -w <warn> -c <crit> [-W <warn>] [-C <crit>] [-M <MTA>] [-t <timeout>] [-s] [-d <CONFIGDIR>] [-v]\n";
 }
 
 sub print_help () {
@@ -673,7 +757,7 @@ sub print_help () {
 	print "-W (--Warning)   = Min. number of messages for same domain in queue to generate warning\n";
 	print "-C (--Critical)  = Min. number of messages for same domain in queue to generate critical alert ( W < C )\n";
 	print "-t (--timeout)   = Plugin timeout in seconds (default = $utils::TIMEOUT)\n";
-	print "-M (--mailserver) = [ sendmail | qmail | postfix | exim | nullmailer ] (default = autodetect)\n";
+	print "-M (--mailserver) = [ sendmail | qmail | postfix | exim | nullmailer | opensmtpd ] (default = autodetect)\n";
 	print "-h (--help)\n";
 	print "-V (--version)\n";
 	print "-v (--verbose)   = debugging output\n";

plugins-scripts/check_ntp.pl

@@ -28,7 +28,7 @@
 # (c) 1999 Bo Kersey, VirCIO - Managed Server Solutions <bo@vircio.com>
 # 22-10-99, 12:17
 #
-# Modified the script to give useage if no parameters are input.
+# Modified the script to give usage if no parameters are input.
 #
 # Modified the script to check for negative as well as positive 
 # time differences.
@@ -46,7 +46,7 @@
 #           source. This happens while starting up and if contact
 #           with master has been lost.
 #
-# Modifed to run under Embedded Perl  (sghosh@users.sf.net)
+# Modified to run under Embedded Perl  (sghosh@users.sf.net)
 #   - combined logic some blocks together..
 # 
 # Added ntpdate check for stratum 16 desynch peer (James Fidell) Feb 03, 2003
@@ -272,7 +272,7 @@ if ( $? && !$ignoreret ) {
 #          broadcast (b); not sure about multicast/broadcast
 # Field 6: last packet receive (in seconds)
 # Field 7: polling interval
-# Field 8: reachability resgister (octal) 
+# Field 8: reachability register (octal) 
 # Field 9: delay
 # Field 10: offset
 # Field 11: dispersion/jitter

plugins-scripts/check_oracle.sh

@@ -166,7 +166,7 @@ case "$cmd" in
     }'
     ;;
 --db)
-    pmonchk=$(pgrep -f "(asm|ora)_pmon_${2}$")
+    pmonchk=$(pgrep -f "(asm|ora|xe)_pmon_${2}$")
     if [ "${pmonchk}" -ge 1 ] ; then
         echo "${2} OK - ${pmonchk} PMON process(es) running"
         exit "$STATE_OK"

plugins-scripts/check_sensors.sh

@@ -42,23 +42,30 @@ case "$1" in
 		exit "$STATE_OK"
 		;;
 	*)
+		ignorefault=0
+		if test "$1" = "-i" -o "$1" = "--ignore-fault"; then
+			ignorefault=1
+		fi
+
 		sensordata=$(sensors 2>&1)
 		status=$?
+
+		# Set a default
+		text="SENSOR UNKNOWN"
+		exit=$STATE_UNKNOWN
+
 		if [ $status -eq 127 ] ; then
 			text="SENSORS UNKNOWN - command not found (did you install lmsensors?)"
 			exit=$STATE_UNKNOWN
 		elif [ "$status" != 0 ] ; then
 			text="WARNING - sensors returned state $status"
 			exit=$STATE_WARNING
-		elif echo "${sensordata}" | egrep -q ALARM > /dev/null ; then
+		elif echo "${sensordata}" | egrep -q ALARM >/dev/null ; then
 			text="SENSOR CRITICAL - Sensor alarm detected!"
 			exit=$STATE_CRITICAL
-		elif echo "${sensordata}" | egrep -q FAULT  > /dev/null -a; then
-			if [ "$(test "$1")" != "-i" -a \
-				"$1" != "--ignore-fault" ] ; then
-				text="SENSOR UNKNOWN - Sensor reported fault"
-				exit=$STATE_UNKNOWN
-			fi
+		elif [ $ignorefault -eq 0 ] && echo "${sensordata}" | egrep -q FAULT  >/dev/null; then
+			text="SENSOR UNKNOWN - Sensor reported fault"
+			exit=$STATE_UNKNOWN
 		else
 			text="SENSORS OK"
 			exit=$STATE_OK
@@ -68,6 +75,6 @@ case "$1" in
 		if test "$1" = "-v" -o "$1" = "--verbose"; then
 			echo "${sensordata}"
 		fi
-		exit "$exit"
+		exit $exit
 		;;
 esac

plugins-scripts/check_wave.pl

@@ -13,7 +13,8 @@ use vars qw($opt_V $opt_h $verbose $opt_w $opt_c $opt_H);
 my (@test, $low1, $med1, $high1, $snr, $low2, $med2, $high2);
 my ($low, $med, $high, $lowavg, $medavg, $highavg, $tot, $ss);
 
-$PROGNAME = "check_wave";
+$PROGNAME = $0;
+chomp $PROGNAME;
 sub print_help ();
 sub print_usage ();
 
@@ -41,9 +42,9 @@ if ($opt_h) {
 }
 
 $opt_H = shift unless ($opt_H);
-print_usage() unless ($opt_H);
+unless ($opt_H) { print_usage(); exit -1; }
 my $host = $1 if ($opt_H =~ m/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|[a-zA-Z][-a-zA-Z0]+(\.[a-zA-Z][-a-zA-Z0]+)*)$/);
-print_usage() unless ($host);
+unless ($host) { print_usage(); exit -1; }
 
 ($opt_c) || ($opt_c = shift) || ($opt_c = 120);
 my $critical = $1 if ($opt_c =~ /([0-9]+)/);
@@ -51,7 +52,12 @@ my $critical = $1 if ($opt_c =~ /([0-9]+)/);
 ($opt_w) || ($opt_w = shift) || ($opt_w = 60);
 my $warning = $1 if ($opt_w =~ /([0-9]+)/);
 
-$low1 = `snmpget $host public .1.3.6.1.4.1.74.2.21.1.2.1.8.1`;
+$low1 = `snmpget $host public .1.3.6.1.4.1.74.2.21.1.2.1.8.1 2>/dev/null`;
+unless ($low1) {
+	print "UNKNOWN - Could not find the 'snmpget' command Please install\n";
+	print "the snmp commands (usually net-snmp) before using $PROGNAME\n";
+	exit $ERRORS{'UNKNOWN'};
+}
 @test = split(/ /,$low1);
 $low1 = $test[2];
 
@@ -97,7 +103,7 @@ if ($tot==0) {
 	$ss = ($medavg*50) + ($highavg*100);
 }
 
-printf("Signal Strength at: %3.0f%,  SNR at $snr%",$ss);
+printf("Signal Strength at: %3.0f%,  SNR at $snr%\n",$ss);
 
 if ($ss<$critical) {
 	exit(2);

plugins/Makefile.am

@@ -29,7 +29,7 @@ MATHLIBS = @MATHLIBS@
 libexec_PROGRAMS = check_apt check_cluster check_disk check_dummy check_http check_load \
 	check_mrtg check_mrtgtraf check_ntp check_ntp_peer check_nwstat check_overcr check_ping \
 	check_real check_smtp check_ssh check_tcp check_time check_ntp_time \
-	check_ups check_users negate \
+	check_ups check_users negate remove_perfdata \
 	urlize @EXTRAS@
 
 check_tcp_programs = check_ftp check_imap check_nntp check_pop \
@@ -78,7 +78,7 @@ check_fping_LDADD = $(NETLIBS)
 check_game_LDADD = $(BASEOBJS)
 check_http_LDADD = $(SSLOBJS)
 check_hpjd_LDADD = $(NETLIBS)
-check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
+check_ldap_LDADD = $(SSLOBJS) $(NETLIBS) $(LDAPLIBS) $(SSLLIBS)
 check_load_LDADD = $(BASEOBJS)
 check_mrtg_LDADD = $(BASEOBJS)
 check_mrtgtraf_LDADD = $(BASEOBJS)
@@ -113,6 +113,7 @@ check_by_ssh_LDADD = $(NETLIBS)
 check_ide_smart_LDADD = $(BASEOBJS)
 negate_LDADD = $(BASEOBJS)
 urlize_LDADD = $(BASEOBJS)
+remove_perfdata_LDADD = $(BASEOBJS)
 
 if !HAVE_UTMPX
 check_users_LDADD += popen.o

plugins/check_apt.c

@@ -73,6 +73,7 @@ char* add_to_regexp(char *expr, const char *next);
 /* configuration variables */
 static int verbose = 0;      /* -v */
 static int do_update = 0;    /* whether to call apt-get update */
+static int only_critical = 0;    /* whether to warn about non-critical updates */
 static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
 static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
 static char *update_opts = NULL; /* options to override defaults for update */
@@ -80,6 +81,8 @@ static char *do_include = NULL;  /* regexp to only include certain packages */
 static char *do_exclude = NULL;  /* regexp to only exclude certain packages */
 static char *do_critical = NULL;  /* regexp specifying critical packages */
 static char *input_filename = NULL; /* input filename for testing */
+/* number of packages available for upgrade to return WARNING status */
+static int packages_warning = 1;
 
 /* other global variables */
 static int stderr_warning = 0;   /* if a cmd issued output on stderr */
@@ -110,7 +113,7 @@ int main (int argc, char **argv) {
 
 	if(sec_count > 0){
 		result = max_state(result, STATE_CRITICAL);
-	} else if(packages_available > 0){
+	} else if(packages_available >= packages_warning && only_critical == 0){
 		result = max_state(result, STATE_WARNING);
 	} else if(result > STATE_UNKNOWN){
 		result = STATE_UNKNOWN;
@@ -148,12 +151,14 @@ int process_arguments (int argc, char **argv) {
 		{"include", required_argument, 0, 'i'},
 		{"exclude", required_argument, 0, 'e'},
 		{"critical", required_argument, 0, 'c'},
+		{"only-critical", no_argument, 0, 'o'},
 		{"input-file", required_argument, 0, INPUT_FILE_OPT},
+		{"packages-warning", required_argument, 0, 'w'},
 		{0, 0, 0, 0}
 	};
 
 	while(1) {
-		c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL);
+		c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:ow:", longopts, NULL);
 
 		if(c == -1 || c == EOF || c == 1) break;
 
@@ -203,9 +208,15 @@ int process_arguments (int argc, char **argv) {
 		case 'c':
 			do_critical=add_to_regexp(do_critical, optarg);
 			break;
+		case 'o':
+			only_critical=1;
+			break;
 		case INPUT_FILE_OPT:
 			input_filename = optarg;
 			break;
+		case 'w':
+			packages_warning = atoi(optarg);
+			break;
 		default:
 			/* print short usage statement if args not parsable */
 			usage5();
@@ -463,7 +474,14 @@ print_help (void)
   printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
   printf ("    \t\%s\n", SECURITY_RE);
   printf ("    %s\n", _("Note that the package must first match the include list before its"));
-  printf ("    %s\n\n", _("information is compared against the critical list."));
+  printf ("    %s\n", _("information is compared against the critical list."));
+  printf (" %s\n", "-o, --only-critical");
+  printf ("    %s\n", _("Only warn about upgrades matching the critical list.  The total number"));
+  printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
+  printf ("    %s\n\n", _("the plugin to return WARNING status."));
+  printf (" %s\n", "-w, --packages-warning=INTEGER");
+  printf ("    %s\n", _("Minumum number of packages available for upgrade to return WARNING status."));
+  printf ("    %s\n\n", _("Default is 1 package."));
 
   printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
   printf (" %s\n", "-u, --update=OPTS");
@@ -481,5 +499,5 @@ void
 print_usage(void)
 {
   printf ("%s\n", _("Usage:"));
-  printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname);
+  printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout] [-w packages-warning]\n", progname);
 }

plugins/check_disk.c

@@ -28,7 +28,7 @@
 
 const char *progname = "check_disk";
 const char *program_name = "check_disk";  /* Required for coreutils libs */
-const char *copyright = "1999-2014";
+const char *copyright = "1999-2018";
 const char *email = "devel@nagios-plugins.org";
 
 
@@ -59,7 +59,7 @@ const char *email = "devel@nagios-plugins.org";
 #endif
 
 /* If nonzero, show inode information. */
-static int inode_format = 1;
+// static int inode_format = 1;
 
 /* If nonzero, show even filesystems with zero size or
    uninteresting types. */
@@ -127,7 +127,6 @@ enum
 int process_arguments (int, char **);
 void print_path (const char *mypath);
 void set_all_thresholds (struct parameter_list *path);
-int validate_arguments (uintmax_t, uintmax_t, double, double, double, double, char *);
 void print_help (void);
 void print_usage (void);
 double calculate_percent(uintmax_t, uintmax_t);
@@ -140,13 +139,14 @@ double c_dfp = -1.0;
 char *path;
 char *exclude_device;
 char *units;
-uintmax_t mult = 1024 * 1024;
+uintmax_t mult = (uintmax_t)1024 * 1024;
 int verbose = 0;
 int newlines = FALSE;
 int erronly = FALSE;
 int display_mntp = FALSE;
 int exact_match = FALSE;
 int freespace_ignore_reserved = FALSE;
+int show_status = FALSE;
 char *warn_freespace_units = NULL;
 char *crit_freespace_units = NULL;
 char *warn_freespace_percent = NULL;
@@ -171,17 +171,17 @@ main (int argc, char **argv)
   int result = STATE_UNKNOWN;
   int disk_result = STATE_UNKNOWN;
   char *output;
-  char *details;
+  char status_lit[4];
   char *perf;
   char *preamble;
   char *flag_header;
-  double inode_space_pct;
+  //double inode_space_pct;
   double warning_high_tide;
   double critical_high_tide;
   int temp_result;
 
-  struct mount_entry *me;
-  struct fs_usage fsp, tmpfsp;
+  struct mount_entry *me, *last_me = NULL;
+  struct fs_usage fsp;
   struct parameter_list *temp_list, *path;
 
 #ifdef __CYGWIN__
@@ -190,7 +190,6 @@ main (int argc, char **argv)
 
   preamble = strdup (" - free space:");
   output = strdup ("");
-  details = strdup ("");
   perf = strdup ("");
   stat_buf = malloc(sizeof *stat_buf);
 
@@ -206,11 +205,37 @@ main (int argc, char **argv)
   if (process_arguments (argc, argv) == ERROR)
     usage4 (_("Could not parse arguments"));
 
+  if (show_status)
+    sprintf(status_lit, "x:");
+  else
+    status_lit[0] = '\0';
+
   /* If a list of paths has not been selected, find entire
      mount list and create list of paths
    */
   if (path_selected == FALSE) {
     for (me = mount_list; me; me = me->me_next) {
+			if (strcmp(me->me_type, "autofs") == 0 && show_local_fs) {
+				if (last_me == NULL)
+					mount_list = me;
+				else
+					last_me->me_next = me->me_next;
+				free_mount_entry (me);
+				continue;
+			}
+			if (strcmp(me->me_type, "sysfs") == 0 || strcmp(me->me_type, "proc") == 0
+			|| strcmp(me->me_type, "debugfs") == 0 || strcmp(me->me_type, "tracefs") == 0
+			|| strcmp(me->me_type, "fusectl") == 0 || strcmp(me->me_type, "fuse.gvfsd-fuse") == 0
+			|| strcmp(me->me_type, "cgroup") == 0 || strstr(me->me_type, "tmpfs") != NULL)
+			{
+				if (last_me == NULL)
+					mount_list = me->me_next;
+				else
+					last_me->me_next = me->me_next;
+				free_mount_entry (me);
+				continue;
+			}
+
       if (! (path = np_find_parameter(path_select_list, me->me_mountdir))) {
         path = np_add_parameter(&path_select_list, me->me_mountdir);
       }
@@ -291,7 +316,7 @@ main (int argc, char **argv)
       get_stats (path, &fsp);
 
       if (verbose >= 3) {
-        printf ("For %s, used_pct=%g free_pct=%g used_units=%g free_units=%g total_units=%g used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n",
+        printf ("For %s, used_pct=%g free_pct=%g used_units=%li free_units=%li total_units=%li used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%lu mult=%ju\n",
           me->me_mountdir, path->dused_pct, path->dfree_pct, path->dused_units, path->dfree_units, path->dtotal_units, path->dused_inodes_percent, path->dfree_inodes_percent, fsp.fsu_blocksize, mult);
       }
 
@@ -321,6 +346,9 @@ main (int argc, char **argv)
       if (verbose >=3) printf("Freeinodes_percent result=%d\n", temp_result);
       disk_result = max_state( disk_result, temp_result );
 
+      if (show_status)
+        status_lit[0] = state_text(disk_result)[0];
+
       result = max_state(result, disk_result);
 
       /* What a mess of units. The output shows free space, the perf data shows used space. Yikes!
@@ -336,13 +364,13 @@ main (int argc, char **argv)
         warning_high_tide = path->dtotal_units - path->freespace_units->warning->end;
       }
       if (path->freespace_percent->warning != NULL) {
-        warning_high_tide = labs( min( (double) warning_high_tide, (double) (1.0 - path->freespace_percent->warning->end/100)*path->dtotal_units ));
+        warning_high_tide = fabs( min( (double) warning_high_tide, (double) (1.0 - path->freespace_percent->warning->end/100)*path->dtotal_units ));
       }
       if (path->freespace_units->critical != NULL) {
         critical_high_tide = path->dtotal_units - path->freespace_units->critical->end;
       }
       if (path->freespace_percent->critical != NULL) {
-        critical_high_tide = labs( min( (double) critical_high_tide, (double) (1.0 - path->freespace_percent->critical->end/100)*path->dtotal_units ));
+        critical_high_tide = fabs( min( (double) critical_high_tide, (double) (1.0 - path->freespace_percent->critical->end/100)*path->dtotal_units ));
       }
 
       /* Nb: *_high_tide are unset when == ULONG_MAX */
@@ -357,14 +385,10 @@ main (int argc, char **argv)
       if (disk_result==STATE_OK && erronly && !verbose)
         continue;
 
-      if (disk_result && verbose) {
-	      xasprintf(&flag_header, " %s [", state_text (disk_result));
-      }
-      else {
-	      xasprintf(&flag_header, "");
-      }
-      xasprintf (&output, "%s %s %.0f %s (%.2f%%",
+      xasprintf (&output, "%s%s%s%s %i %s (%.2f%%",
                 output,
+                newlines ? "" : " ",
+                status_lit,
                 (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
                 path->dfree_units,
                 units,
@@ -384,8 +408,6 @@ main (int argc, char **argv)
         }
       }
 
-      free(flag_header);
-
       /* TODO: Need to do a similar debug line
       xasprintf (&details, _("%s\n\
 %.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"),
@@ -398,9 +420,6 @@ main (int argc, char **argv)
 
   }
 
-  if (verbose >= 2)
-    xasprintf (&output, "%s%s", output, details);
-
   if (newlines) {
     printf ("DISK %s%s\n%s|%s\n", state_text (result), (erronly && result==STATE_OK) ? "" : preamble, output, perf);
   } else {
@@ -442,8 +461,8 @@ process_arguments (int argc, char **argv)
   struct parameter_list *se;
   struct parameter_list *temp_list = NULL, *previous = NULL;
   struct parameter_list *temp_path_select_list = NULL;
-  struct mount_entry *me, *temp_me;
-  int result = OK;
+  struct mount_entry *me;
+  //int result = OK;
   regex_t re;
   int cflags = REG_NOSUB | REG_EXTENDED;
   int default_cflags = cflags;
@@ -483,6 +502,7 @@ process_arguments (int argc, char **argv)
     {"errors-only", no_argument, 0, 'e'},
     {"exact-match", no_argument, 0, 'E'},
     {"all", no_argument, 0, 'A'},
+    {"show-status", no_argument, 0, 's'},
     {"verbose", no_argument, 0, 'v'},
     {"quiet", no_argument, 0, 'q'},
     {"clear", no_argument, 0, 'C'},
@@ -502,7 +522,7 @@ process_arguments (int argc, char **argv)
       strcpy (argv[c], "-t");
 
   while (1) {
-    c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLg:R:r:i:I:MEAn", longopts, &option);
+    c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLg:R:r:i:I:MEAns", longopts, &option);
 
     if (c == -1 || c == EOF)
       break;
@@ -530,7 +550,7 @@ process_arguments (int argc, char **argv)
 
     /* Awful mistake where the range values do not make sense. Normally,
        you alert if the value is within the range, but since we are using
-       freespace, we have to alert if outside the range. Thus we artifically
+       freespace, we have to alert if outside the range. Thus we artificially
        force @ at the beginning of the range, so that it is backwards compatible
     */
     case 'c':                 /* critical threshold */
@@ -570,17 +590,29 @@ process_arguments (int argc, char **argv)
         mult = (uintmax_t)1;
         units = strdup ("B");
       } else if (! strcmp (optarg, "kB")) {
-        mult = (uintmax_t)1024;
+        mult = (uintmax_t)1000;
         units = strdup ("kB");
       } else if (! strcmp (optarg, "MB")) {
-        mult = (uintmax_t)1024 * 1024;
+        mult = (uintmax_t)1000 * 1000;
         units = strdup ("MB");
       } else if (! strcmp (optarg, "GB")) {
-        mult = (uintmax_t)1024 * 1024 * 1024;
+        mult = (uintmax_t)1000 * 1000 * 1000;
         units = strdup ("GB");
       } else if (! strcmp (optarg, "TB")) {
-        mult = (uintmax_t)1024 * 1024 * 1024 * 1024;
+        mult = (uintmax_t)1000 * 1000 * 1000 * 1000;
         units = strdup ("TB");
+      } else if (! strcmp (optarg, "KiB")) {
+        mult = (uintmax_t)1024;
+        units = strdup ("KiB");
+      } else if (! strcmp (optarg, "MiB")) {
+        mult = (uintmax_t)1024 * 1024;
+        units = strdup ("MiB");
+      } else if (! strcmp (optarg, "GiB")) {
+        mult = (uintmax_t)1024 * 1024 * 1024;
+        units = strdup ("GiB");
+      } else if (! strcmp (optarg, "TiB")) {
+        mult = (uintmax_t)1024 * 1024 * 1024 * 1024;
+        units = strdup ("TiB");
       } else {
         die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg);
       }
@@ -588,13 +620,13 @@ process_arguments (int argc, char **argv)
         die (STATE_UNKNOWN, _("failed allocating storage for '%s'\n"), "units");
       break;
     case 'k': /* display mountpoint */
-      mult = 1024;
+      mult = (uintmax_t)1000;
       if (units)
         free(units);
       units = strdup ("kB");
       break;
     case 'm': /* display mountpoint */
-      mult = 1024 * 1024;
+      mult = (uintmax_t)1000 * 1000;
       if (units)
         free(units);
       units = strdup ("MB");
@@ -703,6 +735,10 @@ process_arguments (int argc, char **argv)
       cflags = default_cflags;
       break;
 
+    case 's':
+      show_status = TRUE;
+			break;
+
     case 'A':
       optarg = strdup(".*");
     case 'R':
@@ -803,7 +839,7 @@ process_arguments (int argc, char **argv)
   }
 
   if (units == NULL) {
-    units = strdup ("MB");
+    units = strdup ("MiB");
     mult = (uintmax_t)1024 * 1024;
   }
 
@@ -839,50 +875,6 @@ set_all_thresholds (struct parameter_list *path)
     set_thresholds(&path->freeinodes_percent, warn_freeinodes_percent, crit_freeinodes_percent);
 }
 
-/* TODO: Remove?
-
-int
-validate_arguments (uintmax_t w, uintmax_t c, double wp, double cp, double iwp, double icp, char *mypath)
-{
-  if (w < 0 && c < 0 && wp < 0.0 && cp < 0.0) {
-    printf (_("INPUT ERROR: No thresholds specified"));
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((wp >= 0.0 || cp >= 0.0) &&
-           (wp < 0.0 || cp < 0.0 || wp > 100.0 || cp > 100.0 || cp > wp)) {
-    printf (_("\
-INPUT ERROR: C_DFP (%f) should be less than W_DFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            cp, wp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((iwp >= 0.0 || icp >= 0.0) &&
-           (iwp < 0.0 || icp < 0.0 || iwp > 100.0 || icp > 100.0 || icp > iwp)) {
-    printf (_("\
-INPUT ERROR: C_IDFP (%f) should be less than W_IDFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            icp, iwp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((w > 0 || c > 0) && (w == 0 || c == 0 || c > w)) {
-    printf (_("\
-INPUT ERROR: C_DF (%lu) should be less than W_DF (%lu) and both should be greater than zero"),
-            (unsigned long)c, (unsigned long)w);
-    print_path (mypath);
-    return ERROR;
-  }
-
-  return OK;
-}
-
-*/
-
-
-
-
-
-
 
 void
 print_help (void)
@@ -949,9 +941,11 @@ print_help (void)
   printf ("    %s\n", _("Regular expression to ignore selected path/partition (case insensitive) (may be repeated)"));
   printf (" %s\n", "-i, --ignore-ereg-path=PATH, --ignore-ereg-partition=PARTITION");
   printf ("    %s\n", _("Regular expression to ignore selected path or partition (may be repeated)"));
+  printf (" %s\n", "-s, --show-status");
+  printf ("    %s\n", _("Show status for each path/partition"));
   printf (UT_PLUG_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
   printf (" %s\n", "-u, --units=STRING");
-  printf ("    %s\n", _("Choose bytes, kB, MB, GB, TB (default: MB)"));
+  printf ("    %s\n", _("Choose bytes, kB, MB, GB, TB, KiB, MiB, GiB, TiB (default: MiB)"));
   printf (UT_VERBOSE);
   printf (" %s\n", "-X, --exclude-type=TYPE");
   printf ("    %s\n", _("Ignore all filesystems of indicated type (may be repeated)"));
@@ -980,16 +974,20 @@ print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
   printf (" %s -w limit -c limit [-W limit] [-K limit] {-p path | -x device}\n", progname);
-  printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]\n");
-  printf ("[-t timeout] [-u unit] [-v] [-X type] [-N type] [-n]\n");
+  printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] {-A | [-R path] [-r path]}\n");
+  printf ("[-s] [-t timeout] [-u unit] [-v] [-X type] [-N type] [-n]\n");
 }
 
 void
 stat_path (struct parameter_list *p)
 {
   /* Stat entry to check that dir exists and is accessible */
-  if (verbose >= 3)
-    printf("calling stat on %s\n", p->name);
+  if (verbose >= 3) {
+    if (p->best_match)
+      printf("calling stat on %s (%s %s)\n", p->name, p->best_match->me_devname, p->best_match->me_type);
+    else
+      printf("calling stat on %s\n", p->name);
+  }
   if (stat (p->name, &stat_buf[0])) {
     if (verbose >= 3)
       printf("stat failed on %s\n", p->name);
@@ -1019,18 +1017,18 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
         get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp);
         get_path_stats(p_list, &tmpfsp); 
         if (verbose >= 3)
-          printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
-                 p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p_list->best_match->me_mountdir, p_list->dused_units, p_list->dfree_units,
-                 p_list->dtotal_units, mult);
+          printf("Group %s: adding %lu blocks sized %lu, (%s) used_units=%li free_units=%li total_units=%li fsu_blocksize=%lu mult=%ju\n", p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize,
+                 p_list->best_match->me_mountdir, p_list->dused_units,
+                 p_list->dfree_units, p_list->dtotal_units,
+                 tmpfsp.fsu_blocksize, mult);
 
-        /* prevent counting the first FS of a group twice since its parameter_list entry 
+        /* prevent counting the first FS of a group twice since its parameter_list entry
          * is used to carry the information of all file systems of the entire group */
         if (! first) {
           p->total += p_list->total;
           p->available += p_list->available;
           p->available_to_root += p_list->available_to_root;
           p->used += p_list->used;
-            
           p->dused_units += p_list->dused_units;
           p->dfree_units += p_list->dfree_units;
           p->dtotal_units += p_list->dtotal_units;
@@ -1039,10 +1037,10 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
         }
         first = 0;
       }
-      if (verbose >= 3) 
-        printf("Group %s now has: used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
-               p->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p->best_match->me_mountdir, p->dused_units,
-               p->dfree_units, p->dtotal_units, mult);
+      if (verbose >= 3)
+        printf("Group %s now has: used_units=%li free_units=%li total_units=%li fsu_blocksize=%lu mult=%ju\n",
+               p->group, p->dused_units, p->dfree_units, p->dtotal_units,
+               tmpfsp.fsu_blocksize, mult);
     }
     /* modify devname and mountdir for output */
     p->best_match->me_mountdir = p->best_match->me_devname = p->group;
@@ -1064,13 +1062,13 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
   p->available_to_root = fsp->fsu_bfree;
   p->used = fsp->fsu_blocks - fsp->fsu_bfree;
   if (freespace_ignore_reserved) {
-    /* option activated : we substract the root-reserved space from the total */
+    /* option activated : we subtract the root-reserved space from the total */
     p->total = fsp->fsu_blocks - p->available_to_root + p->available;
   } else {
     /* default behaviour : take all the blocks into account */
     p->total = fsp->fsu_blocks;
   }
-  
+
   p->dused_units = p->used*fsp->fsu_blocksize/mult;
   p->dfree_units = p->available*fsp->fsu_blocksize/mult;
   p->dtotal_units = p->total*fsp->fsu_blocksize/mult;

plugins/check_dns.c

@@ -3,7 +3,7 @@
 * Nagios check_dns plugin
 * 
 * License: GPL
-* Copyright (c) 2000-2014 Nagios Plugins Development Team
+* Copyright (c) 2000-2018 Nagios Plugins Development Team
 * 
 * Description:
 * 
@@ -29,14 +29,16 @@
 * 
 *****************************************************************************/
 #define IF_RECORD(label, querytype, verb_str, comp_str) if (strstr (chld_out.line[i], label) && (strncmp(query_type, querytype, query_size) == 0 || strncmp(query_type, "-querytype=ANY", query_size) == 0)) { \
-      if (verbose) printf(verb_str); \
+      if (verbose) { \
+          printf(verb_str); \
+      } \
       temp_buffer = rindex (chld_out.line[i], comp_str); \
       addresses[n_addresses++] = check_new_address(temp_buffer); \
       memset(query_found, '\0', sizeof(query_found)); \
       strncpy(query_found, querytype, sizeof(query_found)); 
 
 const char *progname = "check_dns";
-const char *copyright = "2000-2014";
+const char *copyright = "2000-2018";
 const char *email = "devel@nagios-plugins.org";
 
 #include "common.h"
@@ -66,532 +68,628 @@ int expect_authority = FALSE;
 int accept_cname = FALSE;
 thresholds *time_thresholds = NULL;
 
+
 static int
 qstrcmp(const void *p1, const void *p2)
 {
-	/* The actual arguments to this function are "pointers to
-	   pointers to char", but strcmp() arguments are "pointers
-	   to char", hence the following cast plus dereference */
-	return strcmp(* (char * const *) p1, * (char * const *) p2);
+    /* The actual arguments to this function are "pointers to
+       pointers to char", but strcmp() arguments are "pointers
+       to char", hence the following cast plus dereference */
+    return strcmp(* (char * const *) p1, * (char * const *) p2);
 }
 
+
 char *
 check_new_address(char *temp_buffer)
 {
-      temp_buffer++;
-      /* Strip leading spaces */
-      for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++)
+    temp_buffer++;
+    /* Strip leading spaces */
+    for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++) {
         /* NOOP */;
+    }
 
-      strip(temp_buffer);
-      if (temp_buffer==NULL || strlen(temp_buffer)==0)
+    strip(temp_buffer);
+    if (temp_buffer==NULL || strlen(temp_buffer)==0) {
         die (STATE_CRITICAL, "%s%s%s\n", _("DNS CRITICAL - '"), NSLOOKUP_COMMAND, _("' returned empty host name string"));
+    }
 
-      return temp_buffer;
+    return temp_buffer;
 }
 
+
 int
 main (int argc, char **argv)
 {
-  char *command_line = NULL;
-  char input_buffer[MAX_INPUT_BUFFER];
-  char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */
-  char **addresses = NULL;
-  int n_addresses = 0;
-  char *msg = NULL;
-  char query_found[24] = "";
-  int query_size = 24;
-  char *temp_buffer = NULL;
-  int non_authoritative = FALSE;
-  int result = STATE_UNKNOWN;
-  double elapsed_time;
-  long microsec;
-  struct timeval tv;
-  int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
-  output chld_out, chld_err;
-  size_t i;
-
-  setlocale (LC_ALL, "");
-  bindtextdomain (PACKAGE, LOCALEDIR);
-  textdomain (PACKAGE);
-
-  /* Set signal handling and alarm */
-  if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR)
-    usage_va(_("Cannot catch SIGALRM"));
-
-  /* Parse extra opts if any */
-  argv=np_extra_opts (&argc, argv, progname);
-
-  if (process_arguments (argc, argv) == ERROR)
-    usage_va(_("Could not parse arguments"));
-
-  /* get the command to run */
-  xasprintf (&command_line, "%s %s %s %s", NSLOOKUP_COMMAND, query_type, query_address, dns_server);
-
-  alarm (timeout_interval);
-  gettimeofday (&tv, NULL);
-
-  if (verbose)
-    printf ("%s\n", command_line);
-
-  /* run the command */
-  if((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
-    msg = strdup(_("nslookup returned an error status"));
-    result = STATE_WARNING;
-  }
-
-  /* scan stdout */
-  for(i = 0; i < chld_out.lines; i++) {
-    if (addresses == NULL)
-      addresses = malloc(sizeof(*addresses)*10);
-    else if (!(n_addresses % 10))
-      addresses = realloc(addresses,sizeof(*addresses) * (n_addresses + 10));
-
-    if (verbose)
-      puts(chld_out.line[i]);
-
-    /* bug ID: 2946553 - Older versions of bind will use all available dns
-    + servers, we have to match the one specified */
-    if (strlen(dns_server) > 0 && strstr(chld_out.line[i], "Server:")) {
-        temp_buffer = strchr(chld_out.line[i], ':');
-        temp_buffer++;
-
-	if (temp_buffer > (char *)1) {
-          /* Strip leading tabs */
-          for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++)
-            /* NOOP */;
-
-        strip(temp_buffer);
-        if (temp_buffer==NULL || strlen(temp_buffer)==0)
-          die (STATE_CRITICAL, "%s%s%s\n", _("DNS CRITICAL - '"), NSLOOKUP_COMMAND, _("' returned empty server string"));
-
-        if (strcmp(temp_buffer, dns_server) != 0)
-          die (STATE_CRITICAL, "%s %s\n", _("DNS CRITICAL - No response from DNS server:"), dns_server);
-      }
-    }
-    /* Provide the server name\ip to error_scan when not using -s */
-    else if (strlen(tmp_dns_server) == 0) {
-	temp_buffer = strchr(chld_out.line[i], ':');
-	temp_buffer++;
-	if (temp_buffer > (char *)1) {
-	  /* Strip leading tabs */
-	  for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++)
-	      /* NOOP */;
-
-	  strip(temp_buffer);
-	  strncpy(tmp_dns_server, temp_buffer, ADDRESS_LENGTH);
-	}
+    char *command_line = NULL;
+    char input_buffer[MAX_INPUT_BUFFER];
+    char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
+    char **addresses = NULL;
+    int n_addresses = 0;
+    char *msg = NULL;
+    char query_found[24] = "";
+    int query_size = 24;
+    char *temp_buffer = NULL;
+    int non_authoritative = FALSE;
+    int result = STATE_UNKNOWN;
+    double elapsed_time;
+    long microsec;
+    struct timeval tv;
+    int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
+    output chld_out, chld_err;
+    size_t i;
+
+    setlocale (LC_ALL, "");
+    bindtextdomain (PACKAGE, LOCALEDIR);
+    textdomain (PACKAGE);
+
+    /* Set signal handling and alarm */
+    if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) {
+        usage_va(_("Cannot catch SIGALRM"));
     }
 
-    if (strstr (chld_out.line[i], "Authoritative answers can be found from:"))
-      break;
-    /* the server is responding, we just got the host name...*/
-    if (strstr (chld_out.line[i], "Name:"))
-      parse_address = TRUE;
-    /* begin handling types of records */
-    IF_RECORD("AAAA address", "-querytype=AAAA", "Found AAAA record\n", ' ') }
-    else IF_RECORD("exchanger =", "-querytype=MX", "Found MX record\n", '=') }
-    else IF_RECORD("service =", "-querytype=SRV", "Found SRV record\n", ' ') }
-    else IF_RECORD("nameserver =", "-querytype=NS", "Found NS record\n", ' ') }
-    else IF_RECORD("dname =", "-querytype=DNAME", "Found DNAME record\n", ' ') }
-    else IF_RECORD("protocol =", "-querytype=WKS", "Found WKS record\n", ' ') }
-    else if (strstr (chld_out.line[i], "text =") && (strncmp(query_type, "-querytype=TXT", query_size) == 0 || strncmp(query_type, "-querytype=ANY", query_size) == 0)) {
-      if (verbose) printf("Found TXT record\n");
-      temp_buffer = index(chld_out.line[i], '"');
-      --temp_buffer;
-      addresses[n_addresses++] = check_new_address(temp_buffer);
-      memset(query_found, '\0', sizeof(query_found));
-      strncpy(query_found, "-querytype=TXT", sizeof(query_found)); 
-    }
+    /* Parse extra opts if any */
+    argv=np_extra_opts (&argc, argv, progname);
 
-    /* only matching for origin records, if requested other fields could be included at a later date */
-    else IF_RECORD("origin =", "-querytype=SOA", "Found SOA record\n", ' ') }
-    /* cnames cannot use macro as we must check for accepting them separately */
-    else if (accept_cname && strstr (chld_out.line[i], "canonical name =") && (strncmp(query_type, "-querytype=CNAME", query_size) == 0 || strncmp(query_type, "-querytype=ANY", query_size) == 0)) {
-      if (verbose) printf("Found CNAME record\n");
-      temp_buffer = index (chld_out.line[i], '=');
-      addresses[n_addresses++] = check_new_address(temp_buffer);
-      strncpy(query_found, "-querytype=CNAME", sizeof(query_found));
+    if (process_arguments (argc, argv) == ERROR) {
+        usage_va(_("Could not parse arguments"));
     }
-    /* does not need strncmp as we want A at all times unless another record match */
-    else if (parse_address == TRUE && (strstr (chld_out.line[i], "Address:") || strstr (chld_out.line[i], "Addresses:"))) {
-      if (verbose) printf("Found A record\n");
-      temp_buffer = index (chld_out.line[i], ':');
-      addresses[n_addresses++] = check_new_address(temp_buffer);
-      strncpy(query_found, "-querytype=A", sizeof(query_found));
+
+    /* get the command to run */
+    xasprintf (&command_line, "%s %s %s %s", NSLOOKUP_COMMAND, query_type, query_address, dns_server);
+
+    alarm (timeout_interval);
+    gettimeofday (&tv, NULL);
+
+    if (verbose) {
+        printf ("%s\n", command_line);
     }
-    /* must be after other records with "name" as an identifier, as ptr does not spefify */
-    else IF_RECORD("name =", "-querytype=PTR", "Found PTR record\n", ' ') }
-    /* needed for non-query ptr\reverse lookup checks */
-    else if (strstr(chld_out.line[i], ".in-addr.arpa") && !query_set) {
-      if ((temp_buffer = strstr(chld_out.line[i], "name = ")))
-        addresses[n_addresses++] = strdup(temp_buffer);
-      else {
-        xasprintf(&msg, "%s %s %s %s", _("Warning plugin error"));
+
+    /* run the command */
+    if((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
+        msg = strdup(_("nslookup returned an error status"));
         result = STATE_WARNING;
-      }
     }
 
-    if (strstr (chld_out.line[i], _("Non-authoritative answer:")))
-      non_authoritative = TRUE;
-
-    int tmp = error_scan(chld_out.line[i]);
-    result = (result == STATE_UNKNOWN)
-      ? tmp
-      : (result < tmp)
-        ? tmp : result;
-    if (result != STATE_OK) {
-      msg = strchr (chld_out.line[i], ':');
-      if(msg)
-			  msg++;
-			else
-			 msg = chld_out.line[i];
-      break;
-    }
-  }
-
-  /* scan stderr */
-  for(i = 0; i < chld_err.lines; i++) { 
-    if (verbose)
-      puts(chld_err.line[i]);
-
-    if (error_scan (chld_err.line[i]) != STATE_OK) {
-      result = max_state (result, error_scan (chld_err.line[i]));
-      msg = strchr(chld_err.line[i], ':');
-      if(msg)
-			  msg++;
-			else
-			  msg = chld_err.line[i];
+    /* scan stdout */
+    for(i = 0; i < chld_out.lines; i++) {
+        if (addresses == NULL) {
+            addresses = malloc(sizeof(*addresses)*10);
+        }
+        else if (!(n_addresses % 10)) {
+            addresses = realloc(addresses,sizeof(*addresses) * (n_addresses + 10));
+        }
+
+        if (verbose) {
+            puts(chld_out.line[i]);
+        }
+
+        /* bug ID: 2946553 - Older versions of bind will use all available dns
+        + servers, we have to match the one specified */
+        if (strlen(dns_server) > 0 && strstr(chld_out.line[i], "Server:")) {
+            temp_buffer = strchr(chld_out.line[i], ':');
+            temp_buffer++;
+
+            if (temp_buffer > (char *)1) {
+                /* Strip leading tabs */
+                for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) {
+                    /* NOOP */;
+                }
+
+                strip(temp_buffer);
+                if (temp_buffer==NULL || strlen(temp_buffer)==0) {
+                    die (STATE_CRITICAL, "%s%s%s\n", _("DNS CRITICAL - '"), NSLOOKUP_COMMAND, _("' returned empty server string"));
+                }
+
+                if (strcmp(temp_buffer, dns_server) != 0) {
+                    die (STATE_CRITICAL, "%s %s\n", _("DNS CRITICAL - No response from DNS server:"), dns_server);
+                }
+            }
+        }
+        /* Provide the server name\ip to error_scan when not using -s */
+        else if (strlen(tmp_dns_server) == 0) {
+            temp_buffer = strchr(chld_out.line[i], ':');
+            temp_buffer++;
+            if (temp_buffer > (char *)1) {
+                /* Strip leading tabs */
+                for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) {
+                    /* NOOP */;
+                }
+                strip(temp_buffer);
+                strncpy(tmp_dns_server, temp_buffer, ADDRESS_LENGTH);
+            }
+        }
+
+        if (strstr (chld_out.line[i], "Authoritative answers can be found from:")) {
+            break;
+        }
+        /* the server is responding, we just got the host name...*/
+        if (strstr (chld_out.line[i], "Name:")) {
+            parse_address = TRUE;
+        }
+        /* begin handling types of records */
+        IF_RECORD("AAAA address", "-querytype=AAAA", "Found AAAA record\n", ' ') }
+        else IF_RECORD("exchanger =", "-querytype=MX", "Found MX record\n", '=') }
+        else IF_RECORD("service =", "-querytype=SRV", "Found SRV record\n", ' ') }
+        else IF_RECORD("nameserver =", "-querytype=NS", "Found NS record\n", ' ') }
+        else IF_RECORD("dname =", "-querytype=DNAME", "Found DNAME record\n", ' ') }
+        else IF_RECORD("protocol =", "-querytype=WKS", "Found WKS record\n", ' ') }
+        else if (strstr (chld_out.line[i], "text =") && (strncmp(query_type, "-querytype=TXT", query_size) == 0 || strncmp(query_type, "-querytype=ANY", query_size) == 0)) {
+            if (verbose) {
+                printf("Found TXT record\n");
+            }
+            temp_buffer = index(chld_out.line[i], '"');
+            --temp_buffer;
+            addresses[n_addresses++] = check_new_address(temp_buffer);
+            memset(query_found, '\0', sizeof(query_found));
+            strncpy(query_found, "-querytype=TXT", sizeof(query_found)); 
+        }
+
+        /* only matching for origin records, if requested other fields could be included at a later date */
+        else IF_RECORD("origin =", "-querytype=SOA", "Found SOA record\n", ' ') }
+        /* cnames cannot use macro as we must check for accepting them separately */
+        else if (accept_cname && strstr (chld_out.line[i], "canonical name =") && (strncmp(query_type, "-querytype=CNAME", query_size) == 0 || strncmp(query_type, "-querytype=ANY", query_size) == 0)) {
+            if (verbose) {
+                printf("Found CNAME record\n");
+            }
+            temp_buffer = index (chld_out.line[i], '=');
+            addresses[n_addresses++] = check_new_address(temp_buffer);
+            strncpy(query_found, "-querytype=CNAME", sizeof(query_found));
+        }
+        /* does not need strncmp as we want A at all times unless another record match */
+        else if (parse_address == TRUE && (strstr (chld_out.line[i], "Address:") || strstr (chld_out.line[i], "Addresses:"))) {
+            temp_buffer = index (chld_out.line[i], ':');
+            char *temp_address = check_new_address(temp_buffer);
+            addresses[n_addresses++] = temp_address;
+            /* Bind 9.11.x onwards reports AAAA records the same as A records */
+            /* It is assumed that nslookup returns a valid IPv4 or IPv6 address */
+            /* Hence we'll look for a colon : in the address to detect an IPv6 address */
+            if (strstr(temp_address, ":")) {
+                if (verbose) {
+                    printf("Found AAAA record\n");
+                }
+                strncpy(query_found, "-querytype=AAAA", sizeof(query_found));
+            }
+            else {
+                if (verbose) {
+                    printf("Found A record\n");
+                }
+                strncpy(query_found, "-querytype=A", sizeof(query_found));
+            }
+        }
+        /* must be after other records with "name" as an identifier, as ptr does not spefify */
+        else IF_RECORD("name =", "-querytype=PTR", "Found PTR record\n", ' ') }
+        /* needed for non-query ptr\reverse lookup checks */
+        else if (strstr(chld_out.line[i], ".in-addr.arpa") && !query_set) {
+            if ((temp_buffer = strstr(chld_out.line[i], "name = "))) {
+                addresses[n_addresses++] = strdup(temp_buffer);
+            }
+            else {
+                xasprintf(&msg, "%s %s %s %s", _("Warning plugin error"));
+                result = STATE_WARNING;
+            }
+        }
+
+        if (strstr (chld_out.line[i], _("Non-authoritative answer:"))) {
+            non_authoritative = TRUE;
+        }
+
+        int tmp = error_scan(chld_out.line[i]);
+        result = (result == STATE_UNKNOWN)
+            ? tmp
+            : (result < tmp)
+                ? tmp : result;
+        if (result != STATE_OK) {
+            msg = strchr (chld_out.line[i], ':');
+            if(msg) {
+                msg++;
+            }
+            else {
+                msg = chld_out.line[i];
+            }
+            break;
+        }
+    }  /*This is the end of the scan stdout loop */
+
+    /* scan stderr */
+    for(i = 0; i < chld_err.lines; i++) {
+        if (verbose) {
+            puts(chld_err.line[i]);
+        }
+
+        if (error_scan (chld_err.line[i]) != STATE_OK) {
+            result = max_state (result, error_scan (chld_err.line[i]));
+            msg = strchr(chld_err.line[i], ':');
+            if(msg) {
+                msg++;
+            }
+            else {
+                msg = chld_err.line[i];
+            }
+        }
     }
-  }
-
-  if (addresses) {
-    int i,slen;
-    char *adrp;
-    qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp);
-    for(i=0, slen=1; i < n_addresses; i++)
-      slen += strlen(addresses[i])+1;
-
-    adrp = address = malloc(slen);
-    for(i=0; i < n_addresses; i++) {
-      if (i) *adrp++ = ',';
-      strcpy(adrp, addresses[i]);
-      adrp += strlen(addresses[i]);
+
+    if (addresses) {
+        int i,slen;
+        char *adrp;
+        qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp);
+        for(i=0, slen=1; i < n_addresses; i++) {
+            slen += strlen(addresses[i])+1;
+        }
+
+        adrp = address = malloc(slen);
+        for(i=0; i < n_addresses; i++) {
+            if (i) *adrp++ = ',';
+            strcpy(adrp, addresses[i]);
+            adrp += strlen(addresses[i]);
+        }
+        *adrp = 0;
+      }
+    else {
+        die (STATE_CRITICAL, "%s%s%s\n", _("DNS CRITICAL - '"), NSLOOKUP_COMMAND, _("' msg parsing exited with no address"));
     }
-    *adrp = 0;
-  } else
-    die (STATE_CRITICAL, "%s%s%s\n", _("DNS CRITICAL - '"), NSLOOKUP_COMMAND, _("' msg parsing exited with no address"));
-
-  /* compare to expected address */
-  if (result == STATE_OK && expected_address_cnt > 0) {
-    result = STATE_CRITICAL;
-    temp_buffer = "";
-    for (i=0; i<expected_address_cnt; i++) {
-      /* check if we get a match and prepare an error string */
-      if (strcmp(address, expected_address[i]) == 0) result = STATE_OK;
-      xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
+
+    /* compare to expected address */
+    if (result == STATE_OK && expected_address_cnt > 0) {
+        result = STATE_CRITICAL;
+        temp_buffer = "";
+        for (i=0; i<expected_address_cnt; i++) {
+            /* check if we get a match and prepare an error string */
+            if (strcasecmp(address, expected_address[i]) == 0) result = STATE_OK;
+            xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
+        }
+        if (result == STATE_CRITICAL) {
+            /* Strip off last semicolon... */
+            temp_buffer[strlen(temp_buffer)-2] = '\0';
+            xasprintf(&msg, "%s%s%s%s%s", _("expected '"), temp_buffer, _("' but got '"), address, "'");
+        }
     }
-    if (result == STATE_CRITICAL) {
-      /* Strip off last semicolon... */
-      temp_buffer[strlen(temp_buffer)-2] = '\0';
-      xasprintf(&msg, "%s%s%s%s%s", _("expected '"), temp_buffer, _("' but got '"), address, "'");
+
+    /* check if authoritative */
+    if (result == STATE_OK && expect_authority && non_authoritative) {
+        result = STATE_CRITICAL;
+
+        if (strncmp(dns_server, "", 1)) {
+            xasprintf(&msg, "%s %s %s %s", _("server"), dns_server, _("is not authoritative for"), query_address);
+        }
+        else {
+            xasprintf(&msg, "%s %s", _("there is no authoritative server for"), query_address);
+        }
     }
-  }
-
-  /* check if authoritative */
-  if (result == STATE_OK && expect_authority && non_authoritative) {
-    result = STATE_CRITICAL;
-
-    if (strncmp(dns_server, "", 1))
-      xasprintf(&msg, "%s %s %s %s", _("server"), dns_server, _("is not authoritative for"), query_address);
-    else
-      xasprintf(&msg, "%s %s", _("there is no authoritative server for"), query_address);
-  }
-
-  /* compare query type to query found, if query type is ANY we can skip as any record is accepted*/
-  if (result == STATE_OK && strncmp(query_type, "", 1) && (strncmp(query_type, "-querytype=ANY", 15) != 0)) {
-    if (strncmp(query_type, query_found, 16) != 0) {
-      if (verbose)
-        printf( "%s %s %s %s %s\n", _("Failed query for"), query_type, _("only found"), query_found, _(", or nothing"));
-      result = STATE_CRITICAL;
-      xasprintf(&msg, "%s %s %s %s", _("query type of"), query_type, _("was not found for"), query_address);
+
+    /* compare query type to query found, if query type is ANY we can skip as any record is accepted*/
+    if (result == STATE_OK && strncmp(query_type, "", 1) && (strncmp(query_type, "-querytype=ANY", 15) != 0)) {
+        if (strncmp(query_type, query_found, 16) != 0) {
+          if (verbose) {
+              printf( "%s %s %s %s %s\n", _("Failed query for"), query_type, _("only found"), query_found, _(", or nothing"));
+          }
+          result = STATE_CRITICAL;
+          xasprintf(&msg, "%s %s %s %s", _("query type of"), query_type, _("was not found for"), query_address);
+        }
     }
-  }
 
-  microsec = deltime (tv);
-  elapsed_time = (double)microsec / 1.0e6;
+    microsec = deltime (tv);
+    elapsed_time = (double)microsec / 1.0e6;
 
-  if (result == STATE_OK) {
-    result = get_status(elapsed_time, time_thresholds);
     if (result == STATE_OK) {
-      printf ("%s %s: ", _("DNS"), _("OK"));
-    } else if (result == STATE_WARNING) {
-      printf ("%s %s: ", _("DNS"), _("WARNING"));
-    } else if (result == STATE_CRITICAL) {
-      printf ("%s %s: ", _("DNS"), _("CRITICAL"));
+        result = get_status(elapsed_time, time_thresholds);
+        if (result == STATE_OK) {
+            printf ("%s %s: ", _("DNS"), _("OK"));
+        }
+        else if (result == STATE_WARNING) {
+            printf ("%s %s: ", _("DNS"), _("WARNING"));
+        }
+        else if (result == STATE_CRITICAL) {
+            printf ("%s %s: ", _("DNS"), _("CRITICAL"));
+        }
+        printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time);
+        printf (". %s %s %s", query_address, _("returns"), address);
+        if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) {
+            printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
+                    TRUE, time_thresholds->warning->end,
+                    TRUE, time_thresholds->critical->end,
+                    TRUE, 0, FALSE, 0));
+        }
+        else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) {
+            printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
+                    FALSE, 0,
+                    TRUE, time_thresholds->critical->end,
+                    TRUE, 0, FALSE, 0));
+        }
+        else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) {
+            printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
+                    TRUE, time_thresholds->warning->end,
+                    FALSE, 0,
+                    TRUE, 0, FALSE, 0));
+        }
+        else {
+          printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0));
+        }
+    }
+    else if (result == STATE_WARNING) {
+        printf ("%s %s\n", _("DNS WARNING -"), !strcmp (msg, "") ? _("Probably a non-existent host/domain") : msg);
+    }
+    else if (result == STATE_CRITICAL) {
+        printf ("%s %s\n", _("DNS CRITICAL -"), !strcmp (msg, "") ? _("Probably a non-existent host/domain") : msg);
+    }
+    else {
+        printf ("%s %s\n", _("DNS UNKNOWN -"), !strcmp (msg, "") ? _("Probably a non-existent host/domain") : msg);
     }
-    printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time);
-    printf (". %s %s %s", query_address, _("returns"), address);
-    if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) {
-      printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
-                                  TRUE, time_thresholds->warning->end,
-                                  TRUE, time_thresholds->critical->end,
-                                  TRUE, 0, FALSE, 0));
-    } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) {
-      printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
-                                  FALSE, 0,
-                                  TRUE, time_thresholds->critical->end,
-                                  TRUE, 0, FALSE, 0));
-    } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) {
-      printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
-                                  TRUE, time_thresholds->warning->end,
-                                  FALSE, 0,
-                                  TRUE, 0, FALSE, 0));
-    } else
-      printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0));
-  }
-  else if (result == STATE_WARNING)
-    printf ("%s %s\n", _("DNS WARNING -"), !strcmp (msg, "") ? _("Probably a non-existent host/domain") : msg);
-  else if (result == STATE_CRITICAL)
-    printf ("%s %s\n", _("DNS CRITICAL -"), !strcmp (msg, "") ? _("Probably a non-existent host/domain") : msg);
-  else
-    printf ("%s %s\n", _("DNS UNKNOWN -"), !strcmp (msg, "") ? _("Probably a non-existent host/domain") : msg);
-
-  return result;
-}
 
+    return result;
+}
 
 
 int
 error_scan (char *input_buffer)
 {
 
-  /* the DNS lookup timed out */
-  if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
-      strstr (input_buffer, _("Consider using the `dig' or `host' programs instead.  Run nslookup with")) ||
-      strstr (input_buffer, _("the `-sil[ent]' option to prevent this message from appearing.")))
-    return STATE_OK;
-
-  /* DNS server is not running... */
-  else if (strstr (input_buffer, "No response from server"))
-    die (STATE_CRITICAL, "%s %s\n", _("No response from DNS"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
-
-  /* Host name is valid, but server doesn't have records... */
-  else if (strstr (input_buffer, "No records") || strstr (input_buffer, "No answer"))
-    die (STATE_CRITICAL, "%s %s %s\n", _("DNS"), (strlen(dns_server)==0)?tmp_dns_server:dns_server, _("has no records"));
-
-  /* Connection was refused */
-  else if (strstr (input_buffer, "Connection refused") ||
-     strstr (input_buffer, "Couldn't find server") ||
-           strstr (input_buffer, "Refused") ||
-           (strstr (input_buffer, "** server can't find") &&
-            strstr (input_buffer, ": REFUSED")))
-    die (STATE_CRITICAL, "%s %s %s\n", _("Connection to DNS"), (strlen(dns_server)==0)?tmp_dns_server:dns_server, _("was refused"));
-
-  /* Query refused (usually by an ACL in the namserver) */
-  else if (strstr (input_buffer, "Query refused"))
-    die (STATE_CRITICAL, "%s %s\n", _("Query was refused by DNS server at"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
-
-  /* No information (e.g. nameserver IP has two PTR records) */
-  else if (strstr (input_buffer, "No information"))
-    die (STATE_CRITICAL, "%s %s\n", _("No information returned by DNS server at"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
-
-  /* Host or domain name does not exist */
-  else if (strstr (input_buffer, "Non-existent") ||
-           strstr (input_buffer, "** server can't find") ||
-     strstr (input_buffer,"NXDOMAIN"))
-    die (STATE_CRITICAL, "%s %s %s\n", _("Domain"), query_address, _("was not found by the server"));
-
-  /* Network is unreachable */
-  else if (strstr (input_buffer, "Network is unreachable"))
-    die (STATE_CRITICAL, "%s\n", _("Network is unreachable"));
-
-  /* Internal server failure */
-  else if (strstr (input_buffer, "Server failure"))
-    die (STATE_CRITICAL, "%s %s\n", _("DNS failure for"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
-
-  /* Request error or the DNS lookup timed out */
-  else if (strstr (input_buffer, "Format error") ||
-           strstr (input_buffer, "Timed out"))
-    return STATE_WARNING;
-
-  return STATE_OK;
+    /* the DNS lookup timed out */
+    if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
+        strstr (input_buffer, _("Consider using the `dig' or `host' programs instead.  Run nslookup with")) ||
+        strstr (input_buffer, _("the `-sil[ent]' option to prevent this message from appearing.")))
+    {
+        return STATE_OK;
+    }
+    /* DNS server is not running... */
+    else if (strstr (input_buffer, "No response from server")) {
+        die (STATE_CRITICAL, "%s %s\n", _("No response from DNS"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
+    }
+    /* Host name is valid, but server doesn't have records... */
+    else if (strstr (input_buffer, "No records") || strstr (input_buffer, "No answer")) {
+        die (STATE_CRITICAL, "%s %s %s\n", _("DNS"), (strlen(dns_server)==0)?tmp_dns_server:dns_server, _("has no records"));
+    }
+    /* Connection was refused */
+    else if (strstr (input_buffer, "Connection refused") ||
+             strstr (input_buffer, "Couldn't find server") ||
+             strstr (input_buffer, "Refused") ||
+             (strstr (input_buffer, "** server can't find") &&
+              strstr (input_buffer, ": REFUSED")))
+    {
+        die (STATE_CRITICAL, "%s %s %s\n", _("Connection to DNS"), (strlen(dns_server)==0)?tmp_dns_server:dns_server, _("was refused"));
+    }
+    /* Query refused (usually by an ACL in the namserver) */
+    else if (strstr (input_buffer, "Query refused")) {
+        die (STATE_CRITICAL, "%s %s\n", _("Query was refused by DNS server at"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
+    }
+    /* No information (e.g. nameserver IP has two PTR records) */
+    else if (strstr (input_buffer, "No information")) {
+        die (STATE_CRITICAL, "%s %s\n", _("No information returned by DNS server at"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
+    }
+    /* Host or domain name does not exist */
+    else if (strstr (input_buffer, "Non-existent") ||
+             strstr (input_buffer, "** server can't find") ||
+             strstr (input_buffer,"NXDOMAIN"))
+    {
+        die (STATE_CRITICAL, "%s %s %s\n", _("Domain"), query_address, _("was not found by the server"));
+    }
 
+    /* Network is unreachable */
+    else if (strstr (input_buffer, "Network is unreachable")) {
+        die (STATE_CRITICAL, "%s\n", _("Network is unreachable"));
+    }
+    /* Internal server failure */
+    else if (strstr (input_buffer, "Server failure")) {
+        die (STATE_CRITICAL, "%s %s\n", _("DNS failure for"), (strlen(dns_server)==0)?tmp_dns_server:dns_server);
+    }
+    /* Request error or the DNS lookup timed out */
+    else if (strstr (input_buffer, "Format error") ||
+             strstr (input_buffer, "Timed out"))
+    {
+        return STATE_WARNING;
+    }
+    return STATE_OK;
 }
 
+
 /* process command-line arguments */
 int
 process_arguments (int argc, char **argv)
 {
-  int c;
-  char *warning = NULL;
-  char *critical = NULL;
-
-  int opt_index = 0;
-  static struct option long_opts[] = {
-    {"help", no_argument, 0, 'h'},
-    {"version", no_argument, 0, 'V'},
-    {"verbose", no_argument, 0, 'v'},
-    {"timeout", required_argument, 0, 't'},
-    {"hostname", required_argument, 0, 'H'},
-    {"server", required_argument, 0, 's'},
-    {"reverse-server", required_argument, 0, 'r'},
-    {"querytype", required_argument, 0, 'q'},
-    {"expected-address", required_argument, 0, 'a'},
-    {"expect-authority", no_argument, 0, 'A'},
-    {"accept-cname", no_argument, 0, 'n'},
-    {"warning", required_argument, 0, 'w'},
-    {"critical", required_argument, 0, 'c'},
-    {0, 0, 0, 0}
-  };
-
-  if (argc < 2)
-    return ERROR;
-
-  for (c = 1; c < argc; c++)
-    if (strcmp ("-to", argv[c]) == 0)
-      strcpy (argv[c], "-t");
-
-  while (1) {
-    c = getopt_long (argc, argv, "hVvAnt:H:s:r:a:q:w:c:", long_opts, &opt_index);
-
-    if (c == -1 || c == EOF)
-      break;
-
-    switch (c) {
-    case 'h': /* help */
-      print_help ();
-      exit (STATE_OK);
-    case 'V': /* version */
-      print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
-    case 'v': /* version */
-      verbose = TRUE;
-      break;
-    case 't': /* timeout period */
-      timeout_interval = parse_timeout_string (optarg);
-      break;
-    case 'H': /* hostname */
-      if (strlen (optarg) >= ADDRESS_LENGTH)
-        die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
-      strcpy (query_address, optarg);
-      break;
-    case 's': /* server name */
-      /* TODO: this host_or_die check is probably unnecessary.
-       * Better to confirm nslookup response matches */
-      host_or_die(optarg);
-      if (strlen (optarg) >= ADDRESS_LENGTH)
-        die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
-      strcpy (dns_server, optarg);
-      break;
-    case 'r': /* reverse server name */
-      /* TODO: Is this host_or_die necessary? */
-      host_or_die(optarg);
-      if (strlen (optarg) >= ADDRESS_LENGTH)
-        die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
-      strcpy (ptr_server, optarg);
-      break;
-    case 'a': /* expected address */
-      if (strlen (optarg) >= ADDRESS_LENGTH)
-        die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
-      expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char*));
-      expected_address[expected_address_cnt] = strdup(optarg);
-      expected_address_cnt++;
-      break;
-    case 'q': /* querytype -- A or AAAA or ANY or SRV or TXT, etc. */
-      if (strlen (optarg) < 1 || strlen (optarg) > 5)
-        die (STATE_UNKNOWN, "%s\n", _("Missing valid querytype parameter.  Try using 'A' or 'AAAA' or 'SRV'"));
-      strntoupper(optarg, strlen(optarg));
-      strcpy(query_type, "-querytype=");
-      strcat(query_type, optarg);
-      query_set = TRUE;
-      /* logic is set such that we must accept cnames if they are querying for them */
-      if (strcmp(query_type, "-querytype=CNAME") != 0)
-        break;
-    case 'n': /* accept cname responses as a result */
-      accept_cname = TRUE;
-      break;
-    case 'A': /* expect authority */
-      expect_authority = TRUE;
-      break;
-    case 'w':
-      warning = optarg;
-      break;
-    case 'c':
-      critical = optarg;
-      break;
-    default: /* args not parsable */
-      usage5();
+    int c;
+    char *warning = NULL;
+    char *critical = NULL;
+
+    int opt_index = 0;
+    static struct option long_opts[] = {
+        {"help", no_argument, 0, 'h'},
+        {"version", no_argument, 0, 'V'},
+        {"verbose", no_argument, 0, 'v'},
+        {"timeout", required_argument, 0, 't'},
+        {"hostname", required_argument, 0, 'H'},
+        {"server", required_argument, 0, 's'},
+        {"reverse-server", required_argument, 0, 'r'},
+        {"querytype", required_argument, 0, 'q'},
+        {"expected-address", required_argument, 0, 'a'},
+        {"expect-authority", no_argument, 0, 'A'},
+        {"accept-cname", no_argument, 0, 'n'},
+        {"warning", required_argument, 0, 'w'},
+        {"critical", required_argument, 0, 'c'},
+        {0, 0, 0, 0}
+    };
+
+    if (argc < 2) {
+        return ERROR;
     }
-  }
 
-  set_thresholds(&time_thresholds, warning, critical);
+    for (c = 1; c < argc; c++) {
+        if (strcmp ("-to", argv[c]) == 0) {
+            strcpy (argv[c], "-t");
+        }
+    }
 
-  return validate_arguments ();
+    while (1) {
+        c = getopt_long (argc, argv, "hVvAnt:H:s:r:a:q:w:c:", long_opts, &opt_index);
+
+        if (c == -1 || c == EOF) {
+            break;
+        }
+
+        switch (c) {
+        /* help */
+        case 'h':
+            print_help ();
+            exit (STATE_OK);
+       /* version */
+        case 'V':
+            print_revision (progname, NP_VERSION);
+            exit (STATE_OK);
+        /* verbose */
+        case 'v':
+            verbose = TRUE;
+            break;
+        /* timeout period */
+        case 't':
+            timeout_interval = parse_timeout_string (optarg);
+            break;
+        /* hostname */
+        case 'H':
+            if (strlen (optarg) >= ADDRESS_LENGTH) {
+                die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
+            }
+            strcpy (query_address, optarg);
+            break;
+        /* server name */
+        case 's':
+            /* TODO: this host_or_die check is probably unnecessary.
+            * Better to confirm nslookup response matches */
+            host_or_die(optarg);
+            if (strlen (optarg) >= ADDRESS_LENGTH) {
+                die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
+            }
+            strcpy (dns_server, optarg);
+            break;
+        /* reverse server name */
+        case 'r':
+            /* TODO: Is this host_or_die necessary? */
+            host_or_die(optarg);
+            if (strlen (optarg) >= ADDRESS_LENGTH) {
+                die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
+            }
+            strcpy (ptr_server, optarg);
+            break;
+        /* expected address */
+        case 'a':
+            if (strlen (optarg) >= ADDRESS_LENGTH) {
+                die (STATE_UNKNOWN, "%s\n", _("Input buffer overflow"));
+            }
+            expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char*));
+            expected_address[expected_address_cnt] = strdup(optarg);
+            expected_address_cnt++;
+            break;
+        /* querytype -- A or AAAA or ANY or SRV or TXT, etc. */
+        case 'q':
+            if (strlen (optarg) < 1 || strlen (optarg) > 5) {
+                die (STATE_UNKNOWN, "%s\n", _("Missing valid querytype parameter.  Try using 'A' or 'AAAA' or 'SRV' or 'ANY'"));
+            }
+            strntoupper(optarg, strlen(optarg));
+            strcpy(query_type, "-querytype=");
+            strcat(query_type, optarg);
+            query_set = TRUE;
+            /* logic is set such that we must accept cnames if they are querying for them */
+            if (strcmp(query_type, "-querytype=CNAME") != 0) {
+                break;
+            }
+        /* accept cname responses as a result */
+        case 'n':
+            accept_cname = TRUE;
+            break;
+        /* expect authority */
+        case 'A':
+            expect_authority = TRUE;
+            break;
+        case 'w':
+            warning = optarg;
+            break;
+        case 'c':
+            critical = optarg;
+            break;
+        /* args not parsable */
+        default:
+            usage5();
+        }
+    }
+
+    set_thresholds(&time_thresholds, warning, critical);
+
+    return validate_arguments ();
 }
 
 
 int
 validate_arguments ()
 {
-  if (query_address[0] == 0)
-    return ERROR;
+    if (query_address[0] == 0) {
+        return ERROR;
+    }
+
+    /* Bind 9.11.x onwards performs a query for both A and AAAA records */
+    /* The previous default behavior of nslookup was just A records. */
+    /* To ensure that exisitng users of this plugin do not get incorrect results */
+    /* set the querytype to A if it has not already been specified. */
+    /* If an end user wants both A and AAAA then they need to use ANY. */
+    if (strcmp(query_type, "") == 0) {
+        /*query_type = "-querytype=A";*/
+        strcpy(query_type, "-querytype=");
+        strcat(query_type, "A");
+        query_set = TRUE;
+    }
 
-  return OK;
+    return OK;
 }
 
 
 void
 print_help (void)
 {
-  print_revision (progname, NP_VERSION);
-
-  printf ("%s\n", "Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>");
-  printf (COPYRIGHT, copyright, email);
-
-  printf ("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given host/domain query."));
-  printf ("%s\n", _("An optional DNS server to use may be specified."));
-  printf ("%s\n", _("If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used."));
-
-  printf ("\n\n");
-
-  print_usage ();
-
-  printf (UT_HELP_VRSN);
-  printf (UT_EXTRA_OPTS);
-
-  printf ("%s\n", " -H, --hostname=HOST");
-  printf ("    %s\n", _("The name or address you want to query"));
-  printf ("%s\n", " -s, --server=HOST");
-  printf ("    %s\n", _("Optional DNS server you want to use for the lookup"));
-  printf ("%s\n", " -q, --querytype=TYPE");
-  printf ("    %s\n", _("Optional DNS record query type where TYPE =(A, AAAA, SRV, TXT, MX, ANY)"));
-  printf ("    %s\n", _("The default query type is 'A' (IPv4 host entry)"));
-  printf ("%s\n", " -a, --expected-address=IP-ADDRESS|HOST");
-  printf ("    %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with"));
-  printf ("    %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any"));
-  printf ("    %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
-  printf ("    %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
-  printf ("    %s\n", _("If you would like to test for the presence of a cname, combine with -n param."));
-  printf ("%s\n", " -A, --expect-authority");
-  printf ("    %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
-  printf ("%s\n", " -n, --accept-cname");
-  printf ("    %s\n", _("Optionally accept cname responses as a valid result to a query"));
-  printf ("    %s\n", _("The default is to ignore cname responses as part of the result"));
-  printf ("%s\n", " -w, --warning=seconds");
-  printf ("    %s\n", _("Return warning if elapsed time exceeds value. Default off"));
-  printf ("%s\n", " -c, --critical=seconds");
-  printf ("    %s\n", _("Return critical if elapsed time exceeds value. Default off"));
-
-  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
-
-  printf (UT_SUPPORT);
+    print_revision (progname, NP_VERSION);
+
+    printf ("%s\n", "Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>");
+    printf (COPYRIGHT, copyright, email);
+
+    printf ("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given host/domain query."));
+    printf ("%s\n", _("An optional DNS server to use may be specified."));
+    printf ("%s\n", _("If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used."));
+
+    printf ("\n\n");
+
+    print_usage ();
+
+    printf (UT_HELP_VRSN);
+    printf (UT_EXTRA_OPTS);
+
+    printf ("%s\n", " -H, --hostname=HOST");
+    printf ("    %s\n", _("The name or address you want to query"));
+    printf ("%s\n", " -s, --server=HOST");
+    printf ("    %s\n", _("Optional DNS server you want to use for the lookup"));
+    printf ("%s\n", " -q, --querytype=TYPE");
+    printf ("    %s\n", _("Optional DNS record query type where TYPE =(A, AAAA, SRV, TXT, MX, ANY)"));
+    printf ("    %s\n", _("The default query type is 'A' (IPv4 host entry)"));
+    printf ("    %s\n", _("BIND 9.11.x onwards supports both 'A' and 'AAAA', if you want both use 'ANY'"));
+    printf ("%s\n", " -a, --expected-address=IP-ADDRESS|HOST");
+    printf ("    %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with"));
+    printf ("    %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any"));
+    printf ("    %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
+    printf ("    %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
+    printf ("    %s\n", _("If you would like to test for the presence of a cname, combine with -n param."));
+    printf ("%s\n", " -A, --expect-authority");
+    printf ("    %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
+    printf ("%s\n", " -n, --accept-cname");
+    printf ("    %s\n", _("Optionally accept cname responses as a valid result to a query"));
+    printf ("    %s\n", _("The default is to ignore cname responses as part of the result"));
+    printf ("%s\n", " -w, --warning=seconds");
+    printf ("    %s\n", _("Return warning if elapsed time exceeds value. Default off"));
+    printf ("%s\n", " -c, --critical=seconds");
+    printf ("    %s\n", _("Return critical if elapsed time exceeds value. Default off"));
+
+    printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+
+    printf (UT_SUPPORT);
 }
 
 
 void
 print_usage (void)
 {
-  printf ("%s\n", _("Usage:"));
-  printf ("%s %s\n", progname, "-H host [-s server] [-q type ] [-a expected-address] [-A] [-n] [-t timeout] [-w warn] [-c crit]");
+    printf ("%s\n", _("Usage:"));
+    printf ("%s %s\n", progname, "-H host [-s server] [-q type ] [-a expected-address] [-A] [-n] [-t timeout] [-w warn] [-c crit]");
 }

plugins/check_fping.c

@@ -71,7 +71,7 @@ int wrta_p = FALSE;
 int
 main (int argc, char **argv)
 {
-/* normaly should be  int result = STATE_UNKNOWN; */
+/* normally should be  int result = STATE_UNKNOWN; */
 
   int status = STATE_UNKNOWN;
   int result = 0;
@@ -147,7 +147,7 @@ main (int argc, char **argv)
   (void) fclose (child_stderr);
 
   /* close the pipe */
-  if (result = spclose (child_process))
+  if ((result = spclose (child_process)))
     /* need to use max_state not max */
     status = max_state (status, STATE_WARNING);
 
@@ -184,7 +184,7 @@ textscan (char *buf)
   int status = STATE_UNKNOWN;
 
   if (strstr (buf, "not found")) {
-    die (STATE_CRITICAL, _("FPING UNKNOW - %s not found\n"), server_name);
+    die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name);
 
   }
   else if (strstr (buf, "is unreachable") || strstr (buf, "Unreachable")) {

plugins/check_hpjd.c

@@ -121,8 +121,8 @@ main (int argc, char **argv)
 		 HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY);
 
 	/* get the command to run */
-	sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community,
-									address, port, query_string);
+	sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s",
+			PATH_TO_SNMPGET, community, address, (short)port, query_string);
 
 	/* run the command */
 	child_process = spopen (command_line);

plugins/check_ide_smart.c

@@ -281,7 +281,7 @@ main (int argc, char *argv[])
 		smart_read_values (fd, &values);
 		smart_read_thresholds (fd, &thresholds);
 		retval = nagios (&values, &thresholds);
-		printf( _("-n, This flag is depricated, and will be removed in a future release. Nagios output is now the default.\n") );
+		printf( _("-n, This flag is deprecated, and will be removed in a future release. Nagios output is now the default.\n") );
 		break;
 	default:
 		smart_read_values (fd, &values);
@@ -304,7 +304,7 @@ get_offline_text (int status)
 			return offline_status_text[i].text;
 		}
 	}
-	return "UNKNOW";
+	return "UNKNOWN";
 }
 
 
@@ -439,7 +439,7 @@ nagios (values_t * p, thresholds_t * t)
 		status=STATE_OK;
 		break;
 	default:
-		printf (_("ERROR - Status '%d' unkown. %d/%d tests passed\n"), status,
+		printf (_("ERROR - Status '%d' unknown. %d/%d tests passed\n"), status,
 						passed, total);
 		status = STATE_UNKNOWN;
 		break;

plugins/check_ldap.c

@@ -49,6 +49,7 @@ enum {
 
 int process_arguments (int, char **);
 int validate_arguments (void);
+int ldap_check_cert (LDAP *ld);
 void print_help (void);
 void print_usage (void);
 
@@ -76,6 +77,9 @@ int starttls = FALSE;
 int ssl_on_connect = FALSE;
 int verbose = 0;
 
+int check_cert = FALSE;
+int days_till_exp_warn, days_till_exp_crit;
+
 /* for ldap tls */
 
 char *SERVICE = "LDAP";
@@ -183,6 +187,9 @@ main (int argc, char *argv[])
 			printf (_("Could not init TLS at port %i!\n"), ld_port);
 			return STATE_CRITICAL;
 		}
+
+		if (check_cert == TRUE)
+			return ldap_check_cert(ld);
 #else
 		printf (_("TLS not supported by the libraries!\n"));
 		return STATE_CRITICAL;
@@ -207,6 +214,9 @@ main (int argc, char *argv[])
 			printf (_("Could not init startTLS at port %i!\n"), ld_port);
 			return STATE_CRITICAL;
 		}
+
+		if (check_cert == TRUE)
+			return ldap_check_cert(ld);
 #else
 		printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
 		return STATE_CRITICAL;
@@ -254,7 +264,7 @@ main (int argc, char *argv[])
 	if(entries_thresholds != NULL) {
 		if (verbose) {
 			printf ("entries found: %d\n", num_entries);
-			print_thresholds("entry threasholds", entries_thresholds);
+			print_thresholds("entry thresholds", entries_thresholds);
 		}
 		status_entries = get_status(num_entries, entries_thresholds);
 		if (status_entries == STATE_CRITICAL) {
@@ -296,6 +306,7 @@ int
 process_arguments (int argc, char **argv)
 {
 	int c;
+	char *temp;
 
 	int option = 0;
 	/* initialize the long option struct */
@@ -315,6 +326,7 @@ process_arguments (int argc, char **argv)
 #endif
 		{"starttls", no_argument, 0, 'T'},
 		{"ssl", no_argument, 0, 'S'},
+		{"age", required_argument, 0, 'A'},
 		{"use-ipv4", no_argument, 0, '4'},
 		{"use-ipv6", no_argument, 0, '6'},
 		{"port", required_argument, 0, 'p'},
@@ -335,7 +347,7 @@ process_arguments (int argc, char **argv)
 	}
 
 	while (1) {
-		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:U:C:W:", longopts, &option);
+		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:U:C:W:A:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -403,6 +415,33 @@ process_arguments (int argc, char **argv)
 			else
 				usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
 			break;
+		case 'A': /* Check SSL cert validity */
+#ifndef HAVE_SSL
+			usage4 (_("Invalid option - SSL is not available"));
+#else
+			if (starttls || ssl_on_connect || strstr(argv[0],"check_ldaps")) {
+				if ((temp=strchr(optarg,','))!=NULL) {
+					*temp = '\0';
+					if (!is_intnonneg (temp))
+						usage2 (_("Invalid certificate expiration period"), optarg);
+					days_till_exp_warn = atoi(optarg);
+					*temp = ',';
+					temp++;
+					if (!is_intnonneg (temp))
+						usage2 (_("Invalid certificate expiration period"), temp);
+						days_till_exp_crit = atoi (temp);
+				} else {
+					days_till_exp_crit = 0;
+					if (!is_intnonneg (optarg))
+						usage2 (_("Invalid certificate expiration period"), optarg);
+					days_till_exp_warn = atoi (optarg);
+				}
+				check_cert = TRUE;
+			} else {
+				usage_va(_("%s requires either %s or %s"), "-A/--age", "-S/--ssl", "-T/--starttls");
+			}
+			break;
+#endif
 		case 'S':
 			if (! starttls) {
 				ssl_on_connect = TRUE;
@@ -477,32 +516,34 @@ print_help (void)
 
 	printf (UT_IPv46);
 
-	printf (" %s\n", "-a [--attr]");
+	printf (" %s\n", "-a, --attr=ATTRIBUTE");
   printf ("    %s\n", _("ldap attribute to search (default: \"(objectclass=*)\""));
-  printf (" %s\n", "-b [--base]");
+  printf (" %s\n", "-b, --base=BASE");
   printf ("    %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at"));
-  printf (" %s\n", "-D [--bind]");
+  printf (" %s\n", "-D, --bind=DN");
   printf ("    %s\n", _("ldap bind DN (if required)"));
-  printf (" %s\n", "-P [--pass]");
+  printf (" %s\n", "-P, --pass=PASSWORD");
   printf ("    %s\n", _("ldap password (if required)"));
-  printf (" %s\n", "-T [--starttls]");
+  printf (" %s\n", "-T, --starttls");
   printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
-  printf (" %s\n", "-S [--ssl]");
+  printf (" %s\n", "-S, --ssl");
   printf ("    %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
+  printf (" %s\n", "-A, --age=INTEGER[,INTEGER]");
+  printf ("    %s\n", _("Minimum number of days a certificate has to be valid"));
 
 #ifdef HAVE_LDAP_SET_OPTION
-	printf (" %s\n", "-2 [--ver2]");
+	printf (" %s\n", "-2, --ver2");
   printf ("    %s\n", _("use ldap protocol version 2"));
-  printf (" %s\n", "-3 [--ver3]");
+  printf (" %s\n", "-3, --ver3");
   printf ("    %s\n", _("use ldap protocol version 3"));
   printf ("    (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL);
 #endif
 
 	printf (UT_WARN_CRIT);
 
-  printf (" %s\n", "-W [--warn-entries]");
+  printf (" %s\n", "-W, --warn-entries=INTEGER");
   printf ("    %s\n", _("Number of found entries to result in warning status"));
-  printf (" %s\n", "-C [--crit-entries]");
+  printf (" %s\n", "-C, --crit-entries=INTEGER");
   printf ("    %s\n", _("Number of found entries to result in critical status"));
 
 	printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
@@ -526,7 +567,7 @@ print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
   printf (" %s (-H <host>|-U <uri>) -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]\n", progname);
-  printf ("       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
+  printf ("       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-A <age>]%s\n",
 #ifdef HAVE_LDAP_SET_OPTION
 			"\n       [-2|-3] [-4|-6]"
 #else
@@ -534,3 +575,25 @@ print_usage (void)
 #endif
 			);
 }
+
+#ifdef HAVE_SSL
+
+int ldap_check_cert (LDAP *ld)
+{
+	SSL *ssl;
+	int rc;
+
+	rc = ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl);
+	if (rc == LDAP_OPT_ERROR || ssl == NULL) {
+		printf ("%s\n",_("CRITICAL - Cannot retrieve ssl session from connection."));
+		return STATE_CRITICAL;
+	}
+	return np_net_ssl_check_cert_real(ssl, days_till_exp_warn, days_till_exp_crit);
+}
+
+#else
+int ldap_check_cert (LDAP *ld) {
+    return TRUE;
+}
+
+#endif

plugins/check_load.c

@@ -33,6 +33,7 @@ const char *copyright = "1999-2014";
 const char *email = "devel@nagios-plugins.org";
 
 #include "common.h"
+#include "runcmd.h"
 #include "utils.h"
 #include "popen.h"
 
@@ -52,6 +53,9 @@ static int process_arguments (int argc, char **argv);
 static int validate_arguments (void);
 void print_help (void);
 void print_usage (void);
+static int print_top_consuming_processes();
+
+static int n_procs_to_show = 0;
 
 /* strictly for pretty-print usage in loops */
 static const int nums[3] = { 1, 5, 15 };
@@ -101,7 +105,7 @@ main (int argc, char **argv)
 	int i;
 	long numcpus;
 
-	double la[3] = { 0.0, 0.0, 0.0 };	/* NetBSD complains about unitialized arrays */
+	double la[3] = { 0.0, 0.0, 0.0 };	/* NetBSD complains about uninitialized arrays */
 #ifndef HAVE_GETLOADAVG
 	char input_buffer[MAX_INPUT_BUFFER];
 # ifdef HAVE_PROC_LOADAVG
@@ -160,7 +164,7 @@ main (int argc, char **argv)
 	    sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15);
     }
     else {
-		printf (_("could not parse load from uptime: %s\n"), result, PATH_TO_UPTIME);
+		printf (_("could not parse load %d from uptime: %s\n"), result, PATH_TO_UPTIME);
 		return STATE_UNKNOWN;
     }
 
@@ -215,6 +219,9 @@ main (int argc, char **argv)
 		printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
 
 	putchar('\n');
+	if (n_procs_to_show > 0) {
+		print_top_consuming_processes();
+	}
 	return result;
 }
 
@@ -232,6 +239,7 @@ process_arguments (int argc, char **argv)
 		{"percpu", no_argument, 0, 'r'},
 		{"version", no_argument, 0, 'V'},
 		{"help", no_argument, 0, 'h'},
+		{"procs-to-show", required_argument, 0, 'n'},
 		{0, 0, 0, 0}
 	};
 
@@ -239,7 +247,7 @@ process_arguments (int argc, char **argv)
 		return ERROR;
 
 	while (1) {
-		c = getopt_long (argc, argv, "Vhrc:w:", longopts, &option);
+		c = getopt_long (argc, argv, "Vhrc:w:n:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -260,6 +268,9 @@ process_arguments (int argc, char **argv)
 		case 'h':									/* help */
 			print_help ();
 			exit (STATE_OK);
+		case 'n':
+			n_procs_to_show = atoi(optarg);
+			break;
 		case '?':									/* help */
 			usage5 ();
 		}
@@ -329,6 +340,9 @@ print_help (void)
   printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
   printf (" %s\n", "-r, --percpu");
   printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
+  printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
+  printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
+  printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
 
 	printf (UT_SUPPORT);
 }
@@ -337,5 +351,50 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-	printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15\n", progname);
+	printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
+}
+
+#ifdef PS_USES_PROCPCPU
+int cmpstringp(const void *p1, const void *p2) {
+	int procuid = 0;
+	pid_t procpid = 0;
+	pid_t procppid = 0;
+	pid_t kthread_ppid = 0;
+	int procvsz = 0;
+	int procrss = 0;
+	float procpcpu = 0;
+	char procstat[8];
+#ifdef PS_USES_PROCETIME
+	char procetime[MAX_INPUT_BUFFER] = { '\0' };
+#endif /* PS_USES_PROCETIME */
+	char *procprog;
+	char *proc_cgroup_hierarchy;
+	int pos;
+	sscanf (* (char * const *) p1, PS_FORMAT, PS_VARLIST);
+	float procpcpu1 = procpcpu;
+	sscanf (* (char * const *) p2, PS_FORMAT, PS_VARLIST);
+	return procpcpu1 < procpcpu;
+}
+#endif /* PS_USES_PROCPCPU */
+
+static int print_top_consuming_processes() {
+	int i = 0;
+	struct output chld_out, chld_err;
+	if(np_runcmd(PS_COMMAND, &chld_out, &chld_err, 0) != 0){
+		fprintf(stderr, _("'%s' exited with non-zero status.\n"), PS_COMMAND);
+		return STATE_UNKNOWN;
+	}
+	if (chld_out.lines < 2) {
+		fprintf(stderr, _("some error occurred getting procs list.\n"));
+		return STATE_UNKNOWN;
+	}
+#ifdef PS_USES_PROCPCPU
+	qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp);
+#endif /* PS_USES_PROCPCPU */
+	int lines_to_show = chld_out.lines < (n_procs_to_show + 1)
+			? chld_out.lines : n_procs_to_show + 1;
+	for (i = 0; i < lines_to_show; i += 1) {
+		printf("%s\n", chld_out.line[i]);
+	}
+	return OK;
 }

plugins/check_mrtg.c

@@ -356,7 +356,7 @@ print_help (void)
 	printf (" %s\n", _("This plugin is useful for monitoring MRTG data that does not correspond to"));
   printf (" %s\n", _("bandwidth usage.  (Use the check_mrtgtraf plugin for monitoring bandwidth)."));
   printf (" %s\n", _("It can be used to monitor any kind of data that MRTG is monitoring - errors,"));
-  printf (" %s\n", _("packets/sec, etc.  I use MRTG in conjuction with the Novell NLM that allows"));
+  printf (" %s\n", _("packets/sec, etc.  I use MRTG in conjunction with the Novell NLM that allows"));
   printf (" %s\n", _("me to track processor utilization, user connections, drive space, etc and"));
   printf (" %s\n\n", _("this plugin works well for monitoring that kind of data as well."));
 

plugins/check_mrtgtraf.c

@@ -375,7 +375,7 @@ print_help (void)
   printf (" %s\n", "-c, --critical");
   printf ("    %s\n", _("Critical threshold pair <incoming>,<outgoing>"));
   printf (" %s\n", _("-v, --verbose"));
-  printf ("    %s\n", _("Verbose output durring plugin runtime."));
+  printf ("    %s\n", _("Verbose output during plugin runtime."));
 
   printf ("\n");
   printf ("%s\n", _("Notes:"));

plugins/check_nagios.c

@@ -64,6 +64,7 @@ main (int argc, char **argv)
 	int procuid = 0;
 	int procpid = 0;
 	int procppid = 0;
+	int procjid = 0;
 	int procvsz = 0;
 	int procrss = 0;
 	char proc_cgroup_hierarchy[MAX_INPUT_BUFFER];

plugins/check_ntp.c

@@ -10,7 +10,7 @@
 * 
 * This file contains the check_ntp plugin
 * 
-* This plugin to check ntp servers independant of any commandline
+* This plugin to check ntp servers independent of any commandline
 * programs or external libraries.
 * 
 * 
@@ -79,7 +79,7 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
 	time_t waiting;         /* ts set when we started waiting for a response */
-	int num_responses;      /* number of successfully recieved responses */
+	int num_responses;      /* number of successfully received responses */
 	uint8_t stratum;        /* copied verbatim from the ntp_message */
 	double rtdelay;         /* converted from the ntp_message */
 	double rtdisp;          /* converted from the ntp_message */
@@ -100,7 +100,7 @@ typedef struct {
 	                        /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
 
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
 	uint16_t assoc;
 	uint16_t status;
@@ -548,7 +548,7 @@ double jitter_request(const char *host, int *status){
 		DBG(print_ntp_control_message(&req));
 		/* Attempt to read the largest size packet possible */
 		req.count=htons(MAX_CM_SIZE);
-		DBG(printf("recieving READSTAT response"))
+		DBG(printf("receiving READSTAT response"))
 		read(conn, &req, SIZEOF_NTPCM(req));
 		DBG(print_ntp_control_message(&req));
 		/* Each peer identifier is 4 bytes in the data section, which
@@ -575,7 +575,7 @@ double jitter_request(const char *host, int *status){
 			}
 		}
 	}
-	if(verbose) printf("%d candiate peers available\n", num_candidates);
+	if(verbose) printf("%d candidate peers available\n", num_candidates);
 	if(verbose && syncsource_found) printf("synchronization source found\n");
 	if(! syncsource_found){
 		*status = STATE_UNKNOWN;
@@ -597,7 +597,7 @@ double jitter_request(const char *host, int *status){
 				/* By spec, putting the variable name "jitter"  in the request
 				 * should cause the server to provide _only_ the jitter value.
 				 * thus reducing net traffic, guaranteeing us only a single
-				 * datagram in reply, and making intepretation much simpler
+				 * datagram in reply, and making interpretation much simpler
 				 */
 				/* Older servers doesn't know what jitter is, so if we get an
 				 * error on the first pass we redo it with "dispersion" */
@@ -608,7 +608,7 @@ double jitter_request(const char *host, int *status){
 				DBG(print_ntp_control_message(&req));
 
 				req.count = htons(MAX_CM_SIZE);
-				DBG(printf("recieving READVAR response...\n"));
+				DBG(printf("receiving READVAR response...\n"));
 				read(conn, &req, SIZEOF_NTPCM(req));
 				DBG(print_ntp_control_message(&req));
 

plugins/check_ntp_peer.c

@@ -86,7 +86,7 @@ typedef struct {
 	                        /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
 
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
 	uint16_t assoc;
 	uint16_t status;
@@ -245,7 +245,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
 		do {
 			/* Attempt to read the largest size packet possible */
 			req.count=htons(MAX_CM_SIZE);
-			DBG(printf("recieving READSTAT response"))
+			DBG(printf("receiving READSTAT response"))
 			if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
 				die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
 			DBG(print_ntp_control_message(&req));
@@ -306,7 +306,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
 				/* Putting the wanted variable names in the request
 				 * cause the server to provide _only_ the requested values.
 				 * thus reducing net traffic, guaranteeing us only a single
-				 * datagram in reply, and making intepretation much simpler
+				 * datagram in reply, and making interpretation much simpler
 				 */
 				/* Older servers doesn't know what jitter is, so if we get an
 				 * error on the first pass we redo it with "dispersion" */
@@ -585,7 +585,7 @@ int main(int argc, char *argv[]){
 	/* set socket timeout */
 	alarm (timeout_interval);
 
-	/* This returns either OK or WARNING (See comment preceeding ntp_request) */
+	/* This returns either OK or WARNING (See comment preceding ntp_request) */
 	result = ntp_request(server_address, &offset, &offset_result, &jitter, &stratum, &num_truechimers);
 
 	if(offset_result == STATE_UNKNOWN) {

plugins/check_ntp_time.c

@@ -84,7 +84,8 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
 	time_t waiting;         /* ts set when we started waiting for a response */
-	int num_responses;      /* number of successfully recieved responses */
+	int connected;          /* don't try to "write()" if "connect()" fails */
+	int num_responses;      /* number of successfully received responses */
 	uint8_t stratum;        /* copied verbatim from the ntp_message */
 	double rtdelay;         /* converted from the ntp_message */
 	double rtdisp;          /* converted from the ntp_message */
@@ -363,6 +364,7 @@ double offset_request(const char *host, int *status){
 			ufds[i].fd=socklist[i];
 			ufds[i].events=POLLIN;
 			ufds[i].revents=0;
+			servers[i].connected=1;
 		}
 		ai_tmp = ai_tmp->ai_next;
 	}
@@ -378,6 +380,8 @@ double offset_request(const char *host, int *status){
 		now_time=time(NULL);
 
 		for(i=0; i<num_hosts; i++){
+			if(servers[i].connected == 0)
+				continue;
 			if(servers[i].waiting<now_time && servers[i].num_responses<AVG_NUM){
 				if(verbose && servers[i].waiting != 0) printf("re-");
 				if(verbose) printf("sending request to peer %d\n", i);
@@ -421,6 +425,9 @@ double offset_request(const char *host, int *status){
 			}
 		}
 		/* lather, rinse, repeat. */
+		/* break if we have one response but other ntp servers doesn't response */
+		/* greater than timeout_interval/2 */
+		if (servers_completed && now_time-start_ts > timeout_interval/2) break;
 	}
 
 	if (one_read == 0) {
@@ -685,7 +692,7 @@ void print_help(void){
 	printf("%s\n", _("Notes:"));
 	printf(" %s\n", _("If you'd rather want to monitor an NTP server, please use"));
 	printf(" %s\n", _("check_ntp_peer."));
-	printf(" %s\n", _("--time-offset is usefull for compensating for servers with known"));
+	printf(" %s\n", _("--time-offset is useful for compensating for servers with known"));
 	printf(" %s\n", _("and expected clock skew."));
 	printf("\n");
 	printf(UT_THRESHOLDS_NOTES);

plugins/check_pgsql.c

@@ -91,7 +91,7 @@ int verbose = 0;
 
 /******************************************************************************
 
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
@@ -562,7 +562,7 @@ print_help (void)
 
 	printf (" %s\n", _("Typically, the nagios user (unless the --logname option is used) should be"));
 	printf (" %s\n", _("able to connect to the database without a password. The plugin can also send"));
-	printf (" %s\n", _("a password, but no effort is made to obsure or encrypt the password."));
+	printf (" %s\n", _("a password, but no effort is made to obscure or encrypt the password."));
 
 	printf (UT_SUPPORT);
 }

plugins/check_ping.c

@@ -54,6 +54,7 @@ void print_usage (void);
 void print_help (void);
 
 int display_html = FALSE;
+int show_resolution = FALSE;
 int wpl = UNKNOWN_PACKET_LOSS;
 int cpl = UNKNOWN_PACKET_LOSS;
 float wrta = UNKNOWN_TRIP_TIME;
@@ -67,6 +68,8 @@ int verbose = 0;
 float rta = UNKNOWN_TRIP_TIME;
 int pl = UNKNOWN_PACKET_LOSS;
 
+char ping_name[256];
+char ping_ip_addr[64];
 char *warn_text;
 
 
@@ -159,6 +162,12 @@ main (int argc, char **argv)
 		else
 			printf (_("PING %s - %sPacket loss = %d%%, RTA = %2.2f ms"),
 							state_text (this_result), warn_text, pl, rta);
+		if (show_resolution) {
+			if (strcmp(ping_name, ping_ip_addr) == 0)
+				printf(" - %s", ping_name);
+			else
+				printf(" - %s (%s)", ping_name, ping_ip_addr);
+		}
 		if (display_html == TRUE)
 			printf ("</A>");
 
@@ -196,6 +205,7 @@ process_arguments (int argc, char **argv)
 	static struct option longopts[] = {
 		STD_LONG_OPTS,
 		{"packets", required_argument, 0, 'p'},
+		{"show-resolution", no_argument, 0, 's'},
 		{"nohtml", no_argument, 0, 'n'},
 		{"link", no_argument, 0, 'L'},
 		{"use-ipv4", no_argument, 0, '4'},
@@ -214,7 +224,7 @@ process_arguments (int argc, char **argv)
 	}
 
 	while (1) {
-		c = getopt_long (argc, argv, "VvhnL46t:c:w:H:p:", longopts, &option);
+		c = getopt_long (argc, argv, "VvhsnL46t:c:w:H:p:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -271,6 +281,9 @@ process_arguments (int argc, char **argv)
 			else
 				usage2 (_("<max_packets> (%s) must be a non-negative number\n"), optarg);
 			break;
+		case 's':
+			show_resolution = TRUE;
+			break;
 		case 'n':	/* no HTML */
 			display_html = FALSE;
 			break;
@@ -448,6 +461,9 @@ run_ping (const char *cmd, const char *addr)
 
 		result = max_state (result, error_scan (buf, addr));
 
+		if(sscanf(buf, "PING %255s (%63[^)]", &ping_name, &ping_ip_addr))
+			continue;
+
 		/* get the percent loss statistics */
 		match = 0;
 		if((sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) ||
@@ -585,6 +601,8 @@ print_help (void)
   printf (" %s\n", "-p, --packets=INTEGER");
   printf ("    %s ", _("number of ICMP ECHO packets to send"));
   printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS);
+	printf (" %s\n", "-s, --show-resolution");
+	printf ("    %s\n", _("show name resolution in the plugin output (DNS & IP)"));
   printf (" %s\n", "-L, --link");
   printf ("    %s\n", _("show HTML in the plugin output (obsoleted by urlize)"));
 

plugins/check_procs.c

@@ -71,6 +71,8 @@ int options = 0; /* bitmask of filter criteria to test against */
 #define ELAPSED 512
 #define EREG_ARGS 1024
 #define CGROUP_HIERARCHY 2048
+#define EXCLUDE_PROGS 4096
+#define JID 8192
 
 #define KTHREAD_PARENT "kthreadd" /* the parent process of kernel threads:
 							ppid of procs are compared to pid of this proc*/
@@ -94,6 +96,9 @@ int rss;
 float pcpu;
 char *statopts;
 char *prog;
+char *exclude_progs;
+char ** exclude_progs_arr = NULL;
+char exclude_progs_counter = 0; 
 char *cgroup_hierarchy;
 char *args;
 char *input_filename = NULL;
@@ -103,6 +108,7 @@ char *fails;
 char tmp[MAX_INPUT_BUFFER];
 int kthread_filter = 0;
 int usepid = 0; /* whether to test for pid or /proc/pid/exe */
+int jid;
 
 FILE *ps_input = NULL;
 
@@ -133,6 +139,7 @@ main (int argc, char **argv)
 	int procuid = 0;
 	pid_t procpid = 0;
 	pid_t procppid = 0;
+	int procjid = 0;
 	pid_t kthread_ppid = 0;
 	int procvsz = 0;
 	int procrss = 0;
@@ -236,9 +243,9 @@ main (int argc, char **argv)
 			procseconds = convert_to_seconds(procetime);
 
 			if (verbose >= 3) {
-				printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s",
++				printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d jid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
 					procs, procuid, procvsz, procrss,
-					procpid, procppid, procpcpu, procstat,
+					procpid, procppid, procjid, procpcpu, procstat,
 					procetime, procprog, procargs);
 				if (strstr(PS_COMMAND, "cgroup") != NULL) {
 					printf(" proc_cgroup_hierarchy=%s\n", proc_cgroup_hierarchy);
@@ -249,7 +256,7 @@ main (int argc, char **argv)
 
 			/* Ignore self */
 			if ((usepid && mypid == procpid) ||
-				(!usepid && ((ret = stat_exe(procpid, &statbuf) != -1) && statbuf.st_dev == mydev && statbuf.st_ino == myino) ||
+				((!usepid && ((ret = stat_exe(procpid, &statbuf) != -1) && statbuf.st_dev == mydev && statbuf.st_ino == myino)) ||
 				 (ret == -1 && errno == ENOENT))) {
 				if (verbose >= 3)
 					 printf("not considering - is myself or gone\n");
@@ -262,6 +269,26 @@ main (int argc, char **argv)
 				continue;
 			}
 
+			/* Ignore excluded processes by name */
+			if(options & EXCLUDE_PROGS) {
+			  int found = 0;
+			  int i = 0;
+			 
+			  
+			  for(i=0; i < (exclude_progs_counter); i++) {
+			    if(!strcmp(procprog, exclude_progs_arr[i])) {
+			      found = 1;
+			    }
+			  }
+			  if(found == 0) {
+			    resultsum |= EXCLUDE_PROGS;
+			  }else
+			  {
+                            if(verbose >= 3)
+			      printf("excluding - by ignorelist\n");
+                          }
+			}
+
 			/* filter kernel threads (childs of KTHREAD_PARENT)*/
 			/* TODO adapt for other OSes than GNU/Linux
 					sorry for not doing that, but I've no other OSes to test :-( */
@@ -287,6 +314,8 @@ main (int argc, char **argv)
 				resultsum |= PROG;
 			if ((options & PPID) && (procppid == ppid))
 				resultsum |= PPID;
+			if ((options & JID) && (procjid == jid))
+				resultsum |= JID;
 			if ((options & USER) && (procuid == uid))
 				resultsum |= USER;
 			if ((options & VSZ)  && (procvsz >= vsz))
@@ -315,9 +344,9 @@ main (int argc, char **argv)
 
 			procs++;
 			if (verbose >= 2) {
-				printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s",
++				printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d jid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
 					procuid, procvsz, procrss,
-					procpid, procppid, procpcpu, procstat, 
+					procpid, procppid, procjid, procpcpu, procstat,
 					procetime, procprog, procargs);
 				if (strstr(PS_COMMAND, "cgroup") != NULL) {
 					printf(" cgroup_hierarchy=%s\n", cgroup_hierarchy);
@@ -438,6 +467,8 @@ process_arguments (int argc, char **argv)
 		{"no-kthreads", required_argument, 0, 'k'},
 		{"traditional-filter", no_argument, 0, 'T'},
 		{"cgroup-hierarchy", required_argument, 0, 'g'},
+		{"exclude-process", required_argument, 0, 'X'},
+		{"jid", required_argument, 0, 'j'},
 		{0, 0, 0, 0}
 	};
 
@@ -446,7 +477,7 @@ process_arguments (int argc, char **argv)
 			strcpy (argv[c], "-t");
 
 	while (1) {
-		c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:Tg:",
+		c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:Tg:X:j:",
 			longopts, &option);
 
 		if (c == -1 || c == EOF)
@@ -477,6 +508,12 @@ process_arguments (int argc, char **argv)
 				break;
 			}
 			usage4 (_("Parent Process ID must be an integer!"));
+		case 'j':                                   /* jail id */
+			if (sscanf (optarg, "%d%[^0-9]", &jid, tmp) == 1) {
+				xasprintf (&fmt, "%s%sJID = %d", (fmt ? fmt : "") , (options ? ", " : ""), jid);
+				options |= JID;
+				break;
+			}
 		case 's':									/* status */
 			if (statopts)
 				break;
@@ -516,6 +553,23 @@ process_arguments (int argc, char **argv)
 			          prog);
 			options |= PROG;
 			break;
+		case 'X':
+		        if(exclude_progs)
+			  break;
+			else
+			  exclude_progs = optarg;
+			xasprintf (&fmt, _("%s%sexclude progs '%s'"), (fmt ? fmt : ""), (options ? ", " : ""),
+				   exclude_progs);
+			char *p = strtok(exclude_progs, ",");
+
+			while(p){
+			  exclude_progs_arr = realloc(exclude_progs_arr, sizeof(char*) * ++exclude_progs_counter);
+			  exclude_progs_arr[exclude_progs_counter-1] = p;
+			  p = strtok(NULL, ",");
+			}
+
+			options |= EXCLUDE_PROGS;
+			break;
 		case 'g':									/* cgroup hierarchy */
 			if (cgroup_hierarchy)
 				break;
@@ -766,6 +820,8 @@ print_help (void)
   printf ("   %s\n", _("RSZDT, plus others based on the output of your 'ps' command)."));
   printf (" %s\n", "-p, --ppid=PPID");
   printf ("   %s\n", _("Only scan for children of the parent process ID indicated."));
+  printf (" %s\n", "-j, --jid=JID");
+  printf ("   %s\n", _("Only scan for process running in jail which ID is JID."));
   printf (" %s\n", "-z, --vsz=VSZ");
   printf ("   %s\n", _("Only scan for processes with VSZ higher than indicated."));
   printf (" %s\n", "-r, --rss=RSS");
@@ -780,13 +836,15 @@ print_help (void)
   printf ("   %s\n", _("Only scan for processes with args that contain the regex STRING."));
   printf (" %s\n", "-C, --command=COMMAND");
   printf ("   %s\n", _("Only scan for exact matches of COMMAND (without path)."));
+  printf (" %s\n", "-C, --exclude-process");
+  printf ("   %s\n", _("Exclude processes which match this comma separated list"));
   printf (" %s\n", "-k, --no-kthreads");
   printf ("   %s\n", _("Only scan for non kernel threads (works on Linux only)."));
   printf (" %s\n", "-g, --cgroup-hierarchy");
   printf ("   %s\n", _("Only scan for processes belonging to STRING hierarchy (works on Linux only)."));
 
 	printf(_("\n\
-RANGEs are specified 'min:max' or 'min:' or ':max' (or 'max'). If\n\
+RANGEs are prefixed with @ and specified 'min:max' or 'min:' or ':max' (or 'max'). If\n\
 specified 'max:min', a warning status will be generated if the\n\
 count is inside the specified range\n\n"));
 
@@ -798,10 +856,10 @@ process owner, parent process PID, current state (e.g., 'Z'), or may\n\
 be the total number of running processes\n\n"));
 
 	printf ("%s\n", _("Examples:"));
-  printf (" %s\n", "check_procs -w 2:2 -c 2:1024 -C portsentry");
+  printf (" %s\n", "check_procs -w @2:2 -c 2:1024 -C portsentry");
   printf ("  %s\n", _("Warning if not two processes with command name portsentry."));
   printf ("  %s\n\n", _("Critical if < 2 or > 1024 processes"));
-  printf (" %s\n", "check_procs -c 1:1 -C bind -g /");
+  printf (" %s\n", "check_procs -c @1:1 -C bind -g /");
   printf ("  %s\n\n", _("Critical if not one processes with command name bind belonging to root cgroup."));
   printf (" %s\n", "check_procs -w 10 -a '/usr/local/bin/perl' -u root");
   printf ("  %s\n", _("Warning alert if > 10 processes with command arguments containing"));
@@ -818,7 +876,7 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-	printf ("%s -w <range> -c <range> [-m metric] [-s state] [-p ppid]\n", progname);
+	printf ("%s -w <range> -c <range> [-m metric] [-s state] [-p ppid] [-j jid]\n", progname);
   printf (" [-u user] [-r rss] [-z vsz] [-P %%cpu] [-a argument-array]\n");
-  printf (" [-C command] [-k] [-t timeout] [-v]\n");
+  printf (" [-C command] [-X process_to_exclude] [-k] [-t timeout] [-v]\n");
 }

plugins/check_radius.c

@@ -36,6 +36,17 @@ const char *email = "devel@nagios-plugins.org";
 #include "utils.h"
 #include "netutils.h"
 
+#include <ifaddrs.h>
+
+#ifdef __FreeBSD__
+#include <net/if_dl.h>
+#else
+#include <linux/if_packet.h>
+#define AF_LINK AF_PACKET
+#define LLADDR(l) ((l)->sll_addr)
+#define sockaddr_dl sockaddr_ll
+#endif
+
 #if defined(HAVE_LIBFREERADIUS_CLIENT)
 #include <freeradius-client.h>
 #elif defined(HAVE_LIBRADIUSCLIENT_NG)
@@ -47,6 +58,7 @@ const char *email = "devel@nagios-plugins.org";
 int process_arguments (int, char **);
 void print_help (void);
 void print_usage (void);
+char *get_ether_addr(uint32_t client_id);
 
 #if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
 #define my_rc_conf_str(a) rc_conf_str(rch,a)
@@ -85,6 +97,7 @@ char *username = NULL;
 char *password = NULL;
 char *nasid = NULL;
 char *nasipaddress = NULL;
+char *castid = NULL;
 char *expect = NULL;
 char *config_file = NULL;
 unsigned short port = PW_AUTH_UDP_PORT;
@@ -94,7 +107,7 @@ ENV *env = NULL;
 
 /******************************************************************************
 
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
@@ -154,6 +167,7 @@ main (int argc, char **argv)
 	SEND_DATA data;
 	int result = STATE_UNKNOWN;
 	uint32_t client_id, service;
+	char *ether;
 	char *str;
 
 	setlocale (LC_ALL, "");
@@ -197,6 +211,14 @@ main (int argc, char **argv)
 	if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL)
 		die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
 
+	if (castid != NULL) {
+		if (!(my_rc_avpair_add (&data.send_pairs, PW_CALLING_STATION_ID, castid, 0)))
+			die (STATE_UNKNOWN, _("Invalid Calling-Station-Id\n"));
+	} else if ((ether = get_ether_addr(client_id)) != NULL) {
+		if (!(my_rc_avpair_add (&data.send_pairs, PW_CALLING_STATION_ID, ether, 0)))
+			die (STATE_UNKNOWN, _("Invalid Calling-Station-Id\n"));
+	}
+
 	my_rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
 	             retries);
 
@@ -237,6 +259,7 @@ process_arguments (int argc, char **argv)
 		{"password", required_argument, 0, 'p'},
 		{"nas-id", required_argument, 0, 'n'},
 		{"nas-ip-address", required_argument, 0, 'N'},
+		{"calling-station-id", required_argument, 0, 'c'},
 		{"filename", required_argument, 0, 'F'},
 		{"expect", required_argument, 0, 'e'},
 		{"retries", required_argument, 0, 'r'},
@@ -248,8 +271,8 @@ process_arguments (int argc, char **argv)
 	};
 
 	while (1) {
-		c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:N:t:r:e:", longopts,
-									 &option);
+		c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:N:c:t:r:e:", longopts,
+									   &option);
 
 		if (c == -1 || c == EOF || c == 1)
 			break;
@@ -296,6 +319,9 @@ process_arguments (int argc, char **argv)
 		case 'N':									/* nas ip address */
 			nasipaddress = optarg;
 			break;
+		case 'c':									/* calling station id */
+			castid = optarg;
+			break;
 		case 'F':									/* configuration file */
 			config_file = optarg;
 			break;
@@ -353,11 +379,13 @@ print_help (void)
 	printf (" %s\n", "-u, --username=STRING");
   printf ("    %s\n", _("The user to authenticate"));
   printf (" %s\n", "-p, --password=STRING");
-  printf ("    %s\n", _("Password for autentication (SECURITY RISK)"));
+  printf ("    %s\n", _("Password for authentication (SECURITY RISK)"));
   printf (" %s\n", "-n, --nas-id=STRING");
   printf ("    %s\n", _("NAS identifier"));
   printf (" %s\n", "-N, --nas-ip-address=STRING");
   printf ("    %s\n", _("NAS IP Address"));
+  printf (" %s\n", "-c, --calling-station-id=STRING");
+  printf ("    %s\n", _("Calling Station identifier"));
   printf (" %s\n", "-F, --filename=STRING");
   printf ("    %s\n", _("Configuration file"));
   printf (" %s\n", "-e, --expect=STRING");
@@ -403,3 +431,41 @@ int my_rc_read_config(char * a)
 	return rc_read_config(a);
 #endif
 }
+
+char *get_ether_addr(uint32_t client_id)
+{
+	static char ether_addr[18];
+	struct ifaddrs *ifap, *ifa, *ifb;
+	struct sockaddr_in *sain;
+	unsigned char *lladdr;
+
+	getifaddrs(&ifap);
+
+	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
+		if (ifa->ifa_addr->sa_family == AF_INET) {
+			sain = (struct sockaddr_in *)ifa->ifa_addr;
+			if (client_id == ntohl(sain->sin_addr.s_addr))
+				break;
+		}
+	if (ifa == NULL) {
+		freeifaddrs(ifap);
+		return NULL;
+	}
+
+	ifb = ifa;
+	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
+		if (ifa->ifa_addr->sa_family == AF_LINK
+		    && strcmp(ifa->ifa_name, ifb->ifa_name) == 0)
+			break;
+	if (ifa == NULL) {
+		freeifaddrs(ifap);
+		return NULL;
+	}
+
+	lladdr = (unsigned char *)LLADDR((struct sockaddr_dl *)ifa->ifa_addr);
+	sprintf(ether_addr, "%02X-%02X-%02X-%02X-%02X-%02X",
+	    lladdr[0], lladdr[1], lladdr[2], lladdr[3], lladdr[4], lladdr[5]);
+
+	freeifaddrs(ifap);
+	return ether_addr;
+}

plugins/check_real.c

@@ -181,7 +181,7 @@ main (int argc, char **argv)
 
 		/* watch for the REAL connection string */
 		result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-		buffer[result] = '\0'; /* null terminate recieved buffer */
+		buffer[result] = '\0'; /* null terminate received buffer */
 
 		/* return a CRITICAL status if we couldn't read any data */
 		if (result == -1) {
@@ -434,7 +434,7 @@ print_help (void)
 	printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host."));
   printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful connects,"));
-  printf ("%s\n", _("but incorrect reponse messages from the host result in STATE_WARNING return"));
+  printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return"));
   printf ("%s\n", _("values."));
 
 	printf (UT_SUPPORT);

plugins/check_smtp.c

@@ -847,7 +847,7 @@ print_help (void)
 	printf("\n");
 	printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
-  printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));
+  printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
   printf ("%s\n", _("STATE_WARNING return values."));
 
 	printf (UT_SUPPORT);

plugins/check_snmp.c

@@ -3,7 +3,7 @@
 * Nagios check_snmp plugin
 *
 * License: GPL
-* Copyright (c) 1999-2014 Nagios Plugins Development Team
+* Copyright (c) 1999-2018 Nagios Plugins Development Team
 *
 * Description:
 *
@@ -29,7 +29,7 @@
 *****************************************************************************/
 
 const char *progname = "check_snmp";
-const char *copyright = "1999-2014";
+const char *copyright = "1999-2018";
 const char *email = "devel@nagios-plugins.org";
 
 #include "common.h"
@@ -258,7 +258,7 @@ main (int argc, char **argv)
 			previous_string = strdup((char *) previous_state->data);
 			while((ap = strsep(&previous_string, ":")) != NULL) {
 				if(verbose>2)
-					printf("State for %d=%s\n", i, ap);
+					printf("Previous State for %d=%s\n", i, ap);
 				while (i >= previous_size) {
 					previous_size += OID_COUNT_STEP;
 					previous_value = realloc(previous_value, previous_size * sizeof(*previous_value));
@@ -288,6 +288,7 @@ main (int argc, char **argv)
 		set_thresholds(&thlds[i],
 		               w ? strpbrk(w, NP_THRESHOLDS_CHARS) : NULL,
 		               c ? strpbrk(c, NP_THRESHOLDS_CHARS) : NULL);
+
 		if (w) {
 			th_warn=strchr(th_warn, ',');
 			if (th_warn) th_warn++;
@@ -332,7 +333,7 @@ main (int argc, char **argv)
 
 	/* This is just for display purposes, so it can remain a string */
 	xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s",
-		snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]",
+		snmpcmd, command_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]",
 		server_address, port);
 
 	for (i = 0; i < numoids; i++) {
@@ -487,6 +488,7 @@ main (int argc, char **argv)
 		/* Make some special values,like Timeticks numeric only if a threshold is defined */
 		if (thlds[i]->warning || thlds[i]->critical || calculate_rate || is_ticks || offset != 0.0) {
 			ptr = strpbrk (show, "-0123456789");
+
 			if (ptr == NULL)
 				die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
 			while (i >= response_size) {
@@ -515,7 +517,12 @@ main (int argc, char **argv)
 				}
 			} else {
 				iresult = get_status(response_value[i], thlds[i]);
-				xasprintf (&show, conv, response_value[i]);
+				if(is_ticks) {
+					xasprintf (&show, "%s", response);
+				}
+				else { 
+					xasprintf (&show, conv, response_value[i]);
+				}
 			}
 		}
 
@@ -556,7 +563,7 @@ main (int argc, char **argv)
 
 		/* Result is the worst outcome of all the OIDs tested */
 		result = max_state (result, iresult);
-
+		
 		/* Prepend a label for this OID if there is one */
 		if (nlabels >= (size_t)1 && (size_t)i < nlabels && labels[i] != NULL)
 			xasprintf (&outbuff, "%s%s%s %s%s%s", outbuff,
@@ -566,58 +573,113 @@ main (int argc, char **argv)
 			xasprintf (&outbuff, "%s%s%s%s%s", outbuff, (i == 0) ? " " : output_delim,
 				mark (iresult), show, mark (iresult));
 
+		/* Add a semicolon to separate multiple oids */
+		if(outbuff != NULL && line != chld_out.lines-1) {
+			xasprintf (&outbuff, "%s;", outbuff);
+		}
+				
 		/* Append a unit string for this OID if there is one */
 		if (nunits > (size_t)0 && (size_t)i < nunits && unitv[i] != NULL)
 			xasprintf (&outbuff, "%s %s", outbuff, unitv[i]);
-
+		
 		/* Write perfdata with whatever can be parsed by strtod, if possible */
 		ptr = NULL;
+		if(is_ticks) {
+			show = strstr (response, "Timeticks: ");
+			show = strpbrk (show, "-0123456789");
+		}
 		strtod(show, &ptr);
 		if (ptr > show) {
-			if (perf_labels && nlabels >= (size_t)1 && (size_t)i < nlabels && labels[i] != NULL)
-				temp_string=labels[i];
-			else
-				temp_string=oidname;
-			if (strpbrk (temp_string, " ='\"") == NULL) {
-				strncat(perfstr, temp_string, sizeof(perfstr)-strlen(perfstr)-1);
+
+			/* use either specified label or oid as label */
+			if (perf_labels 
+				&& (nlabels >= (size_t)1) 
+				&& ((size_t)i < nlabels) 
+				&& labels[i] != NULL) {
+
+					temp_string=labels[i];
+			}
+			else {
+				temp_string = oidname;
+			}
+
+			/* check the label for space, equal, singlequote or doublequote */
+			if (strpbrk(temp_string, " ='\"") == NULL) {
+
+				/* if it doesn't have any - we can just use it as the label */
+				strncat(perfstr, temp_string, sizeof(perfstr) - strlen(perfstr) - 1);
+
 			} else {
-				if (strpbrk (temp_string, "'") == NULL) {
+
+				/* if it does have one of those characters, we need
+				   to find a way to adequately quote it */
+				if (strpbrk(temp_string, "'") == NULL) {
 					quote_string="'";
 				} else {
 					quote_string="\"";
 				}
-				strncat(perfstr, quote_string, sizeof(perfstr)-strlen(perfstr)-1);
-				strncat(perfstr, temp_string, sizeof(perfstr)-strlen(perfstr)-1);
-				strncat(perfstr, quote_string, sizeof(perfstr)-strlen(perfstr)-1);
+
+				strncat(perfstr, quote_string, sizeof(perfstr) - strlen(perfstr) - 1);
+				strncat(perfstr, temp_string, sizeof(perfstr) - strlen(perfstr) - 1);
+				strncat(perfstr, quote_string, sizeof(perfstr) - strlen(perfstr) - 1);
 			}
-			strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
-			len = sizeof(perfstr)-strlen(perfstr)-1;
-			strncat(perfstr, show, len>ptr-show ? ptr-show : len);
 
-			if (nunits > (size_t)0 && (size_t)i < nunits && unitv[i] != NULL) {
-				xasprintf (&temp_string, "%s", unitv[i]);
-				strncat(perfstr, temp_string, sizeof(perfstr)-strlen(perfstr)-1);
-				}
+			/* append the equal */
+			strncat(perfstr, "=", sizeof(perfstr) - strlen(perfstr) - 1);
+			len = sizeof(perfstr) - strlen(perfstr) - 1;
+
+			/* and then the data itself from the response */
+			strncat(perfstr, show, (len > ptr - show) ? ptr - show : len);
+
+			/* now append the unit of measurement */
+			if ((nunits > (size_t)0) 
+				&& ((size_t)i < nunits) 
+				&& (unitv[i] != NULL)) {
 
-			if (type)
-				strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
+					xasprintf(&temp_string, "%s", unitv[i]);
+					strncat(perfstr, temp_string, sizeof(perfstr) - strlen(perfstr) - 1);
+			}
+
+			/* and the type, if any */
+			if (type) {
+				strncat(perfstr, type, sizeof(perfstr) - strlen(perfstr) - 1);
+			}
 
+			/* add warn/crit to perfdata */
 			if (thlds[i]->warning || thlds[i]->critical) {
-				strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-				if (thlds[i]->warning) {
-					xasprintf (&temp_string, "%.0f", thlds[i]->warning->end);
-					strncat(perfstr, temp_string, sizeof(perfstr)-strlen(perfstr)-1);
+
+				strncat(perfstr, ";", sizeof(perfstr) - strlen(perfstr) - 1);
+
+				/* print the warning string if it exists */
+				if (thlds[i]->warning_string) {
+
+					xasprintf(&temp_string, "%s", thlds[i]->warning_string);
+					strncat(perfstr, temp_string, sizeof(perfstr) - strlen(perfstr) - 1);
 				}
 				strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-				if (thlds[i]->critical) {
-					xasprintf (&temp_string, "%.0f", thlds[i]->critical->end);
-					strncat(perfstr, temp_string, sizeof(perfstr)-strlen(perfstr)-1);
+
+				/* print the critical string if it exists */
+				if (thlds[i]->critical_string) {
+
+					xasprintf(&temp_string, "%s", thlds[i]->critical_string);
+					strncat(perfstr, temp_string, sizeof(perfstr) - strlen(perfstr) - 1);
 				}
-				strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
+				strncat(perfstr, ";", sizeof(perfstr) - strlen(perfstr) - 1);
+			}
+
+			/* remove trailing semi-colons for guideline adherence */
+			len = strlen(perfstr) - 1;
+			if (perfstr[len] == ';') {
+				perfstr[len] = '\0';
 			}
-			strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
+
+			/* we do not add any min/max value */
+
+			strncat(perfstr, " ", sizeof(perfstr) - strlen(perfstr) - 1);
 		}
-	}
+
+	} /* for (line=0, i=0; line < chld_out.lines; line++, i++) */
+	
 	total_oids=i;
 
 	/* Save state data, as all data collected now */
@@ -656,7 +718,7 @@ main (int argc, char **argv)
 			die( STATE_OK, _("No previous data to calculate rate - assume okay" ) );
 		}
 	}
-
+	
 	printf ("%s %s -%s %s\n", label, state_text (result), outbuff, perfstr);
 	if (mult_resp) printf ("%s", mult_resp);
 
@@ -1181,7 +1243,7 @@ print_help (void)
 	printf ("(%s \"%s\")\n", _("default is") ,DEFAULT_COMMUNITY);
 	printf (" %s\n", "-U, --secname=USERNAME");
 	printf ("    %s\n", _("SNMPv3 username"));
-	printf (" %s\n", "-A, --authpassword=PASSWORD");
+	printf (" %s\n", "-A, --authpasswd=PASSWORD");
 	printf ("    %s\n", _("SNMPv3 authentication password"));
 	printf (" %s\n", "-X, --privpasswd=PASSWORD");
 	printf ("    %s\n", _("SNMPv3 privacy password"));
@@ -1207,7 +1269,7 @@ print_help (void)
 	printf (" %s\n", "--rate-multiplier");
 	printf ("    %s\n", _("Converts rate per second. For example, set to 60 to convert to per minute"));
 	printf (" %s\n", "--offset=OFFSET");
-	printf ("    %s\n", _("Add/substract the specified OFFSET to numeric sensor data"));
+	printf ("    %s\n", _("Add/subtract the specified OFFSET to numeric sensor data"));
 
 	/* Tests Against Strings */
 	printf (" %s\n", "-s, --string=STRING");

plugins/check_swap.c

@@ -65,6 +65,7 @@ double warn_size_bytes = 0;
 double crit_size_bytes= 0;
 int verbose;
 int allswaps;
+int no_swap_state = STATE_CRITICAL;
 
 int
 main (int argc, char **argv)
@@ -378,6 +379,8 @@ main (int argc, char **argv)
 int
 check_swap (int usp, double free_swap_mb)
 {
+	if (!free_swap_mb) return no_swap_state;
+
 	int result = STATE_UNKNOWN;
 	double free_swap = free_swap_mb * (1024 * 1024);		/* Convert back to bytes as warn and crit specified in bytes */
 	if (usp >= 0 && crit_percent != 0 && usp >= (100.0 - crit_percent))
@@ -406,6 +409,7 @@ process_arguments (int argc, char **argv)
 		{"warning", required_argument, 0, 'w'},
 		{"critical", required_argument, 0, 'c'},
 		{"allswaps", no_argument, 0, 'a'},
+		{"no-swap", required_argument, 0, 'n'},
 		{"verbose", no_argument, 0, 'v'},
 		{"version", no_argument, 0, 'V'},
 		{"help", no_argument, 0, 'h'},
@@ -416,7 +420,7 @@ process_arguments (int argc, char **argv)
 		return ERROR;
 
 	while (1) {
-		c = getopt_long (argc, argv, "+?Vvhac:w:", longopts, &option);
+		c = getopt_long (argc, argv, "+?Vvhac:w:n:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -467,6 +471,10 @@ process_arguments (int argc, char **argv)
 		case 'a':									/* all swap */
 			allswaps = TRUE;
 			break;
+		case 'n':									/* no-swap */
+			if ((no_swap_state = translate_state(optarg)) == ERROR) {
+				usage4 (_("no-swap result must be a valid state name (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)."));
+			}
 		case 'v':									/* verbose */
 			verbose++;
 			break;
@@ -532,20 +540,20 @@ validate_arguments (void)
 void
 print_help (void)
 {
-	print_revision (progname, NP_VERSION);
+  print_revision (progname, NP_VERSION);
 
-	printf (_(COPYRIGHT), copyright, email);
+  printf (_(COPYRIGHT), copyright, email);
 
-	printf ("%s\n", _("Check swap space on local machine."));
+  printf ("%s\n", _("Check swap space on local machine."));
 
   printf ("\n\n");
 
-	print_usage ();
+  print_usage ();
 
-	printf (UT_HELP_VRSN);
-	printf (UT_EXTRA_OPTS);
+  printf (UT_HELP_VRSN);
+  printf (UT_EXTRA_OPTS);
 
-	printf (" %s\n", "-w, --warning=INTEGER");
+  printf (" %s\n", "-w, --warning=INTEGER");
   printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
   printf (" %s\n", "-w, --warning=PERCENT%%");
   printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
@@ -555,22 +563,24 @@ print_help (void)
   printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
   printf (" %s\n", "-a, --allswaps");
   printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
-	printf (UT_VERBOSE);
+  printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
+  printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
 
-	printf ("\n");
+  printf (UT_VERBOSE);
+
+  printf ("\n");
   printf ("%s\n", _("Notes:"));
   printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
   printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
 
-	printf (UT_SUPPORT);
+  printf (UT_SUPPORT);
 }
 
 
-
 void
 print_usage (void)
 {
-	printf ("%s\n", _("Usage:"));
+  printf ("%s\n", _("Usage:"));
   printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
-  printf ("  -w <bytes_free> -c <bytes_free>\n");
+  printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
 }

plugins/check_tcp.c

@@ -124,7 +124,7 @@ main (int argc, char **argv)
 			SERVICE[i] = toupper(SERVICE[i]);
 	}
 
-	/* set up a resonable buffer at first (will be realloc()'ed if
+	/* set up a reasonable buffer at first (will be realloc()'ed if
 	 * user specifies other options) */
 	server_expect = calloc(sizeof(char *), 2);
 

plugins/check_uptime.c

@@ -34,7 +34,9 @@ char *progname = "check_uptime";
 char *version = "1.0";
 char *email = "devel@nagios-plugins.org";
 char *copyright = "2014";
-char *developer = "Andy Brist";
+/* There no developer in COPYRIGHT's definition
+ * char *developer = "Andy Brist";
+ */
 
 static int process_arguments (int, char **);
 int validate_arguments (void);
@@ -129,9 +131,6 @@ int getuptime () {
 static int process_arguments (int argc, char **argv) {
 
 	int c;
-	int escape = 0;
-	char *temp;
-	
 	int option = 0;
 	static struct option longopts[] = {
 		{"critical", required_argument, 0, 'c'},
@@ -220,7 +219,7 @@ void print_help (void) {
 
 	print_revision ( progname, NP_VERSION );
 
-	printf ( COPYRIGHT, copyright, developer, email );
+	printf ( COPYRIGHT, copyright, email );
 	printf ( "%s\n", _("This plugin checks the system uptime and alerts if more than the threshold.") );
 	printf ( "%s\n", _("Threshold unit of measurement specified with \"-u\".") );
 	printf ( "%s\n", _("\"-u\" switch supports: seconds|minutes|hours|days.") );

plugins/common.h

@@ -146,6 +146,9 @@
 #    include <rsa.h>
 #    include <crypto.h>
 #    include <x509.h>
+#    if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#      include <x509v3.h>
+#    endif
 #    include <pem.h>
 #    include <ssl.h>
 #    include <err.h>
@@ -154,6 +157,9 @@
 #      include <openssl/rsa.h>
 #      include <openssl/crypto.h>
 #      include <openssl/x509.h>
+#      if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#        include <openssl/x509v3.h>
+#      endif
 #      include <openssl/pem.h>
 #      include <openssl/ssl.h>
 #      include <openssl/err.h>
@@ -168,6 +174,11 @@
 #  endif
 #endif
 
+/* MariaDB 10.2 client does not set MYSQL_PORT */
+#ifndef MYSQL_PORT
+#  define MYSQL_PORT 3306
+#endif
+
 /*
  *
  * Standard Values

plugins/negate.c

@@ -59,8 +59,8 @@ static int state[4] = {
 int
 main (int argc, char **argv)
 {
-	int found = 0, result = STATE_UNKNOWN;
-	char *buf, *sub;
+	int result = STATE_UNKNOWN;
+	char *sub;
 	char **command_line;
 	output chld_out, chld_err;
 	int i;

plugins/netutils.c

@@ -392,3 +392,33 @@ resolve_host_or_addr (const char *address, int family)
 		return TRUE;
 	}
 }
+
+/* Turn a network address into a string */
+void
+parse_address_string(int address_family, struct sockaddr_storage *addr, char *address, int size)
+{
+	switch (address_family) {
+		case AF_INET:
+			inet_ntop(address_family, &((struct sockaddr_in *)addr)->sin_addr, address, size);
+		break;
+
+		case AF_INET6:
+			inet_ntop(address_family, &((struct sockaddr_in6 *)addr)->sin6_addr, address, size);
+		break;
+	}
+}
+
+/* Define the address length */
+char
+address_length(int address_family)
+{
+	switch (address_family) {
+		case AF_INET:
+			return INET_ADDRSTRLEN;
+		break;
+
+		case AF_INET6:
+			return INET6_ADDRSTRLEN;
+		break;
+	}
+}

plugins/netutils.h

@@ -84,6 +84,8 @@ void host_or_die(const char *str);
 extern int econn_refuse_state;
 extern int was_refused;
 extern int address_family;
+extern char address_length(int address_family);
+extern void parse_address_string(int address_family, struct sockaddr_storage *addr, char *address, int size);
 
 RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
 
@@ -94,11 +96,13 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
 #  define MP_TLSv1 3
 #  define MP_TLSv1_1 4
 #  define MP_TLSv1_2 5
-#  define MP_SSLv2_OR_NEWER 6
-#  define MP_SSLv3_OR_NEWER 7
-#  define MP_TLSv1_OR_NEWER 8
-#  define MP_TLSv1_1_OR_NEWER 9
-#  define MP_TLSv1_2_OR_NEWER 10
+#  define MP_TLSv1_3 6
+#  define MP_SSLv2_OR_NEWER 7
+#  define MP_SSLv3_OR_NEWER 8
+#  define MP_TLSv1_OR_NEWER 9
+#  define MP_TLSv1_1_OR_NEWER 10
+#  define MP_TLSv1_2_OR_NEWER 11
+#  define MP_TLSv1_3_OR_NEWER 12
 /* maybe this could be merged with the above np_net_connect, via some flags */
 int np_net_ssl_init(int sd);
 int np_net_ssl_init_with_hostname(int sd, char *host_name);
@@ -108,6 +112,7 @@ void np_net_ssl_cleanup();
 int np_net_ssl_write(const void *buf, int num);
 int np_net_ssl_read(void *buf, int num);
 int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit);
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit);
 #endif /* HAVE_SSL */
 
 #endif /* NAGIOS_NETUGILS_H_INCLUDED_ */

plugins/popen.c

@@ -305,10 +305,10 @@ popen_timeout_alarm_handler (int signo)
 			}
 			/* printf (_("CRITICAL - Plugin timed out after %d seconds\n"),
 						timeout_interval); */
-			write(STDOUT_FILENO, msg1, sizeof(msg1));
+			write(STDOUT_FILENO, msg1, sizeof(msg1) - 1);
 		} else {
 			/* printf ("%s\n", _("CRITICAL - popen timeout received, but no child process")); */
-			write(STDOUT_FILENO, msg2, sizeof(msg2));
+			write(STDOUT_FILENO, msg2, sizeof(msg2) - 1);
 		}
 		exit (STATE_CRITICAL);
 	}

plugins/remove_perfdata.c

@@ -0,0 +1,257 @@
+/*****************************************************************************
+* 
+* Nagios remove perfdata plugin
+* 
+* License: GPL
+* Copyright (c) 2002-2017 Nagios Plugins Development Team
+* 
+* Description:
+* 
+* This file contains the remove_perfdata plugin
+* 
+* Removes perfdata from a specified plugin's output. Optionally,
+* you can choose to remove any long output as well
+* 
+* 
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+* 
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+* 
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+* 
+* 
+*****************************************************************************/
+
+const char *progname = "remove_perfdata";
+const char *copyright = "2002-2017";
+const char *email = "devel@nagios-plugins.org";
+
+/* timeout should be handled in the plugin being called */
+#define DEFAULT_TIMEOUT 300
+
+#include "common.h"
+#include "utils.h"
+#include "utils_cmd.h"
+
+#include <ctype.h>
+
+static const char **process_arguments(int, char **);
+void validate_arguments(char **);
+void print_help(void);
+void print_usage(void);
+int remove_perfdata = 1;
+int remove_long_output = 0;
+
+
+int
+main(int argc, char **argv)
+{
+    int result = STATE_UNKNOWN;
+    int c = 0;
+    int i = 0;
+    int j = 0;
+    char *buf;
+    char *sub;
+    char **command_line;
+    output chld_out;
+    output chld_err;
+
+    setlocale(LC_ALL, "");
+    bindtextdomain(PACKAGE, LOCALEDIR);
+    textdomain(PACKAGE);
+
+    command_line = (char **) process_arguments(argc, argv);
+
+    /* Set signal handling and alarm */
+    if (signal(SIGALRM, timeout_alarm_handler) == SIG_ERR) {
+        die(STATE_UNKNOWN, _("Cannot catch SIGALRM"));
+    }
+
+    (void) alarm((unsigned) DEFAULT_TIMEOUT);
+
+    /* catch when the command is quoted */
+    if (command_line[1] == NULL) {
+        result = cmd_run(command_line[0], &chld_out, &chld_err, 0);
+    } else {
+        result = cmd_run_array(command_line, &chld_out, &chld_err, 0);
+    }
+
+    if (chld_err.lines > 0) {
+        printf("%s:\n", _("Error output from command"));
+        for (i = 0; i < chld_err.lines; i++) {
+            printf("%s\n", chld_err.line[i]);
+        }
+        exit(STATE_WARNING);
+    }
+
+    /* Return UNKNOWN or worse if no output is returned */
+    if (chld_out.lines == 0) {
+        die(max_state_alt(result, STATE_UNKNOWN), _("No data returned from command\n"));
+    }
+
+    for (i = 0; i < chld_out.lines; i++) {
+
+        /* if we're on the first line, remove the perfdata */
+        if (remove_perfdata && i == 0) {
+
+            int in_quotes = 0;
+
+            for (j = 0; j < (int) strlen(chld_out.line[i]); j++) {
+
+                c = chld_out.line[i][j];
+
+                if (c == '"') {
+                    if (in_quotes) {
+                        in_quotes = 0;
+                    }
+                    else {
+                        in_quotes = 1;
+                    }
+                }
+
+                /* when we reach an unquoted |, stop printing */
+                if (!in_quotes && c == '|')
+                    break;
+
+                printf("%c", c);
+            }
+
+            /* and print a newline if we skipped past it */
+            if (c != '\n') {
+                printf("\n");
+            }
+        }
+
+        /* if we don't want long output, don't print it */
+        else if (remove_long_output && i > 0) {
+            break;
+        }
+
+        /* for everything else, there's mastercard - or printing the full line to the screen */
+        else {
+            printf("%s\n", chld_out.line[i]);
+        }
+    }
+
+    exit(result);
+}
+
+
+/* process command-line arguments */
+static const char **
+process_arguments(int argc, char **argv)
+{
+    int c = 0;
+    int option = 0;
+    static struct option longopts[] = {
+        {"help", no_argument, 0, 'h'},
+        {"version", no_argument, 0, 'V'},
+        {"remove-long-output", no_argument, 0, 'l'},
+        {"dont-remove-perfdata", required_argument, 0, 'd'},
+        {0, 0, 0, 0}
+    };
+
+    while (1) {
+        c = getopt_long(argc, argv, "+hVld", longopts, &option);
+
+        if (c == -1 || c == EOF)
+            break;
+
+        switch (c) {
+
+        /* help */
+        case '?':
+            usage5();
+            break;
+
+        /* help */
+        case 'h':
+            print_help();
+            exit(EXIT_SUCCESS);
+            break;
+
+        /* version */
+        case 'V':
+            print_revision(progname, NP_VERSION);
+            exit(EXIT_SUCCESS);
+
+        /* remove long output */
+        case 'l':
+            remove_long_output = 1;
+            break;
+
+        /* don't remove perfdata */
+        case 'd':
+            remove_perfdata = 0;
+            break;
+        }
+    }
+
+    validate_arguments(&argv[optind]);
+
+    return (const char **) &argv[optind];
+}
+
+
+void
+validate_arguments(char **command_line)
+{
+    if (command_line[0] == NULL)
+        usage4(_("Could not parse arguments"));
+
+    if (   strncmp(command_line[0], "/", 1) != 0 
+        && strncmp(command_line[0], "./", 2) != 0)
+        usage4(_("Require path to command"));
+}
+
+
+void
+print_help(void)
+{
+    print_revision(progname, NP_VERSION);
+
+    printf(COPYRIGHT, copyright, email);
+
+    printf("%s\n", _("Removes perfdata from plugin output."));
+    printf("%s\n", _("Additional switches can be used to remove long output as well."));
+
+    printf("\n\n");
+    print_usage();
+
+    printf(UT_HELP_VRSN);
+
+    printf(" -l, --remove-long-output\n");
+    printf("    %s\n", _("Remove long output from specified plugin's output."));
+    printf(" -d, --dont-remove-perfdata\n");
+    printf("    %s\n", _("Don't remove perfdata from the specified plugin's output.\n"));
+
+    printf("\n");
+
+    printf("%s\n", _("Examples:"));
+    printf("\n");
+    printf("%s\n", "remove_perfdata /usr/local/nagios/libexec/check_ping -H host");
+    printf("    %s\n", _("Run check_ping and remove performance data. (Must use full path to plugin.)"));
+    printf("\n");
+    printf("%s\n", _("Notes:"));
+    printf("    %s\n", _("This plugin is a wrapper to take the output of another plugin and alter it."));
+    printf("    %s\n", _("The full path of the plugin must be provided."));
+    printf("\n");
+
+    printf(UT_SUPPORT);
+}
+
+
+
+void
+print_usage(void)
+{
+    printf("%s\n", _("Usage:"));
+    printf("%s [-hV] [-l] [-d] <definition of wrapped plugin>\n", progname);
+}

plugins/sslutils.c

@@ -30,6 +30,7 @@
 #include "common.h"
 #include "netutils.h"
 
+int check_hostname = 0;
 #ifdef HAVE_SSL
 static SSL_CTX *c=NULL;
 static SSL *s=NULL;
@@ -93,6 +94,26 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 #else
 		method = TLSv1_2_client_method();
 		break;
+#endif
+	case MP_TLSv1_3: /* TLSv1.3 protocol */
+#if !defined(SSL_OP_NO_TLSv1_3)
+	printf ("%s\n", _("Your OpenSSL version hasn't been compiled with TLS 1.3."));
+	return STATE_UNKNOWN;
+#else
+	method = TLS_client_method();
+	options |= SSL_OP_NO_SSLv2;
+	options |= SSL_OP_NO_SSLv3;
+	options |= SSL_OP_NO_TLSv1;
+	options |= SSL_OP_NO_TLSv1_1;
+	options |= SSL_OP_NO_TLSv1_2;
+	break;
+#endif
+	case MP_TLSv1_3_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1_2)
+		printf("%s\n", _("UNKNOWN - Disabling TLSv1.2 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
+#else
+		options |= SSL_OP_NO_TLSv1_2;
 #endif
 	case MP_TLSv1_2_OR_NEWER:
 #if !defined(SSL_OP_NO_TLSv1_1)
@@ -157,6 +178,16 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 #endif
 		SSL_set_fd(s, sd);
 		if (SSL_connect(s) == 1) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+			if (check_hostname && host_name && *host_name) {
+				X509 *certificate=SSL_get_peer_certificate(s);
+				int rc = X509_check_host(certificate, host_name, 0, 0, NULL);
+				if (rc != 1) {
+					printf("%s\n", _("CRITICAL - Hostname mismatch."));
+					return STATE_CRITICAL;
+				}
+			}
+#endif
 			return OK;
 		} else {
 			printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
@@ -194,6 +225,15 @@ int np_net_ssl_read(void *buf, int num) {
 }
 
 int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+	return np_net_ssl_check_cert_real(s, days_till_exp_warn, days_till_exp_crit);
+#  else /* ifndef USE_OPENSSL */
+	printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));
+	return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
 	X509 *certificate=NULL;
 	X509_NAME *subj=NULL;
@@ -214,7 +254,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 	// Prefix whatever we're about to print with SSL
 	printf("SSL ");
 
-	certificate=SSL_get_peer_certificate(s);
+	certificate=SSL_get_peer_certificate(ssl);
 	if (!certificate) {
 		printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
 		return STATE_CRITICAL;
@@ -304,7 +344,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 		else
 			status = STATE_CRITICAL;
 	} else {
-		printf(_("OK - Certificate '%s' will expire on %s. "), cn, timestamp);
+		printf(_("OK - Certificate '%s' will expire in %u days on %s.\n"), cn, days_left, timestamp);
 		status = STATE_OK;
 	}
 	X509_free(certificate);

plugins/t/check_apt.t

@@ -23,7 +23,7 @@ sub make_result_regexp {
 }
 
 if (-x "./check_apt") {
-	plan tests => 28;
+	plan tests => 36;
 } else {
 	plan skip_all => "No check_apt compiled";
 }
@@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") );
 is( $result->return_code, 1, "Debian apt output, warning" );
 like( $result->output, make_result_regexp(13, 0), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") );
+is( $result->return_code, 0, "Debian apt output, no critical" );
+like( $result->output, make_result_regexp(13, 0), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") );
 is( $result->return_code, 2, "Debian apt output, some critical" );
 like( $result->output, make_result_regexp(19, 4), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") );
+is( $result->return_code, 2, "Debian apt output, some critical" );
+like( $result->output, make_result_regexp(19, 4), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") );
 is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" );
 like( $result->output, make_result_regexp(19, 4), "Output correct" );
@@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
 is( $result->return_code, 1, "Debian apt output, filter for libc6" );
 like( $result->output, make_result_regexp(3, 0), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
+is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" );
+like( $result->output, make_result_regexp(3, 0), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") );
 is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" );
 like( $result->output, make_result_regexp(9, 4), "Output correct" );
@@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") );
 is( $result->return_code, 2, "Debian apt output, filter out libc6" );
 like( $result->output, make_result_regexp(16, 4), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") );
+is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" );
+like( $result->output, make_result_regexp(16, 4), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") );
 is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" );
 like( $result->output, make_result_regexp(10, 0), "Output correct" );

plugins/t/check_by_ssh.t

@@ -27,7 +27,7 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic
 plan tests => 42;
 
 # Some random check strings/response
-my @responce = ('OK: Everything is fine',
+my @response = ('OK: Everything is fine',
                 'WARNING: Hey, pick me, pick me',
                 'CRITICAL: Shit happens',
                 'UNKNOWN: What can I do for ya',
@@ -35,7 +35,7 @@ my @responce = ('OK: Everything is fine',
 );
 my @responce_re;
 my @check;
-for (@responce) {
+for (@response) {
 	push(@check, "echo $_");
 	my $re_str = $_;
 	$re_str =~ s{(.)} { "\Q$1" }ge;
@@ -55,7 +55,7 @@ for (my $i=0; $i<4; $i++) {
 		"./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[$i]; exit $i'"
 		);
 	cmp_ok($result->return_code, '==', $i, "Exit with return code $i");
-	is($result->output, $responce[$i], "Status text is correct for check $i");
+	is($result->output, $response[$i], "Status text is correct for check $i");
 }
 
 $result = NPTest->testCmd(
@@ -92,7 +92,7 @@ $result = NPTest->testCmd(
 	"./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[4]; exit 8'"
 	);
 cmp_ok($result->return_code, '==', 8, "Exit with return code 8 (out of bounds)");
-is($result->output, $responce[4], "Return proper status text even with unknown status codes");
+is($result->output, $response[4], "Return proper status text even with unknown status codes");
 
 $result = NPTest->testCmd(
 	"./check_by_ssh -i $ssh_key -H $ssh_service -F $ssh_conf -C 'exit 0'"
@@ -116,7 +116,7 @@ my %linemap = (
 foreach my $line (0, 2, 4, 6) {
 	my $code = $linemap{$line};
 	my $statline = $line+1;
-	is($lines[$line], "$responce[$code]", "multiple checks status text is correct for line $line");
+	is($lines[$line], "$response[$code]", "multiple checks status text is correct for line $line");
 	is($lines[$statline], "STATUS CODE: $code", "multiple check status code is correct for line $line");
 }
 

plugins/t/check_disk.t

@@ -329,15 +329,15 @@ cmp_ok( $result->return_code, '==', 3, "Invalid options: -p must come after grou
 $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -r '('" );
 cmp_ok( $result->return_code, '==', 3, "Exit UNKNOWN if regex is not compileable");
 
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '$mountpoint_valid' -i '$mountpoint2_valid'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case sensitive)");
 
-# ignore: exit unknown, if all pathes are deselected using -I
+# ignore: exit unknown, if all paths are deselected using -I
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -I '".uc($mountpoint_valid)."' -I '".uc($mountpoint2_valid)."'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case insensitive)");
 
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '.*'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored using -i '.*'");
 
@@ -346,7 +346,7 @@ $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mo
 like( $result->output, qr/$mountpoint_valid/, "output data does have $mountpoint_valid in it");
 unlike( $result->output, qr/$mountpoint2_valid/, "output data does not have $mountpoint2_valid in it");
 
-# ignore: test if all pathes are listed when ignore regex doesn't match
+# ignore: test if all paths are listed when ignore regex doesn't match
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '^barbazJodsf\$'");
 like( $result->output, qr/$mountpoint_valid/, "ignore: output data does have $mountpoint_valid when regex doesn't match");
 like( $result->output, qr/$mountpoint2_valid/,"ignore: output data does have $mountpoint2_valid when regex doesn't match");

plugins/t/check_mysql.t

@@ -5,7 +5,7 @@
 #
 #
 # These are the database permissions required for this test:
-#  GRANT SELECT ON $db.* TO $user@$host INDENTIFIED BY '$password';
+#  GRANT SELECT ON $db.* TO $user@$host IDENTIFIED BY '$password';
 #  GRANT SUPER, REPLICATION CLIENT ON *.* TO $user@$host;
 # Check with:
 #  mysql -u$user -p$password -h$host $db

plugins/t/check_nagios.t

@@ -36,7 +36,7 @@ cmp_ok( $result->return_code, '==', 1, "Log over 5 minutes old" );
 like  ( $result->output, $warningOutput, "Output for warning correct" );
 
 my $now = time;
-# This substitution is dependant on the testcase
+# This substitution is dependent on the testcase
 system( "perl -pe 's/1133537544/$now/' $nagios1 > $nagios1.tmp" ) == 0 or die "Problem with munging $nagios1";
 
 $result = NPTest->testCmd(

plugins/tests/check_snmp.t

@@ -51,7 +51,7 @@ if ($pid) {
 	#print "child\n";
 
 	print "Please contact SNMP at: $port_snmp\n";
-	close(STDERR); # Coment out to debug snmpd problems (most errors sent there are OK)
+	close(STDERR); # Comment out to debug snmpd problems (most errors sent there are OK)
 	exec("snmpd -c tests/conf/snmpd.conf -C -f -r udp:$port_snmp");
 }
 
@@ -221,7 +221,7 @@ is($res->output, 'SNMP OK - "555\"I said\"" | ', "Check string with a double quo
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.15 -r 'CUSTOM CHECK OK'" );
 is($res->return_code, 0, "String check should check whole string, not a parsed number" );
-is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check witn numbers returns whole string");
+is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check with numbers returns whole string");
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );

plugins/utils.c

@@ -27,6 +27,7 @@
 #include "utils_base.h"
 #include <stdarg.h>
 #include <limits.h>
+#include <ctype.h>
 
 #include <arpa/inet.h>
 
@@ -204,31 +205,40 @@ int
 parse_timeout_string (char *timeout_str)
 {
 	char *seperated_str;
-        char *timeout_val = "";
+    char *timeout_val = "";
 	char *timeout_sta = NULL;
-        if ( strstr(timeout_str, ":" ) == NULL) {
+
+	if (strstr(timeout_str, ":") == NULL) {
 		timeout_val = timeout_str;
-        } else if ( strncmp(timeout_str, ":", 1 ) == 0) {
+	} 
+	else if (strncmp(timeout_str, ":", 1) == 0) {
 		seperated_str = strtok(timeout_str, ":");
-                if ( seperated_str != NULL ) {
-                	timeout_sta = seperated_str;
+
+		if (seperated_str != NULL) {
+			timeout_sta = seperated_str;
 		}
-        } else {
+	}
+	else {
 		seperated_str = strtok(timeout_str, ":");
-                timeout_val = seperated_str;
-                seperated_str = strtok(NULL, ":");
-                if (seperated_str != NULL) {
-                        timeout_sta = seperated_str;
-                }
-        }
-        if ( timeout_sta != NULL ) {
+		timeout_val = seperated_str;
+		seperated_str = strtok(NULL, ":");
+
+		if (seperated_str != NULL) {
+			timeout_sta = seperated_str;
+		}
+	}
+
+	if (timeout_sta != NULL) {
 		set_timeout_state(timeout_sta);
 	}
-	if (( timeout_val == NULL ) || ( timeout_val[0] == '\0' )) {
+
+	if ((timeout_val == NULL) || (timeout_val[0] == '\0')) {
 		return timeout_interval;
-	} else if (is_intpos(timeout_val)) {
+	} 
+	else if (is_intpos(timeout_val)) {
 		return atoi(timeout_val);
-	} else {
+	}
+	else {
 		usage4 (_("Timeout value must be a positive integer"));
 		exit (STATE_UNKNOWN);
 	}

plugins/utils.h

@@ -7,7 +7,7 @@
 /* The purpose of this package is to provide safer alternatives to C
 functions that might otherwise be vulnerable to hacking. This
 currently includes a standard suite of validation routines to be sure
-that an string argument acually converts to its intended type and a
+that an string argument actually converts to its intended type and a
 suite of string handling routine that do their own memory management
 in order to resist overflow attacks. In addition, a few functions are
 provided to standardize version and error reporting across the entire

po/de.po

@@ -566,7 +566,7 @@ msgid ""
 msgstr ""
 
 #: plugins/check_disk.c:957
-msgid "Choose bytes, kB, MB, GB, TB (default: MB)"
+msgid "Choose bytes, kB, MB, GB, TB, KiB, MiB, GiB, TiB (default: MiB)"
 msgstr ""
 
 #: plugins/check_disk.c:960

po/fr.po

@@ -577,8 +577,8 @@ msgstr ""
 "être utilisé plusieurs fois)"
 
 #: plugins/check_disk.c:957
-msgid "Choose bytes, kB, MB, GB, TB (default: MB)"
-msgstr "Choisissez octets, kb, MB, GB, TB (par défaut: MB)"
+msgid "Choose bytes, kB, MB, GB, TB, KiB, MiB, GiB, TiB (default: MiB)"
+msgstr "Choisissez octets, kb, MB, GB, TB, KiB, MiB, GiB, TiB (par défaut: MiB)"
 
 #: plugins/check_disk.c:960
 msgid "Ignore all filesystems of indicated type (may be repeated)"

po/nagios-plugins.pot

@@ -545,7 +545,7 @@ msgid ""
 msgstr ""
 
 #: plugins/check_disk.c:899
-msgid "Choose bytes, kB, MB, GB, TB (default: MB)"
+msgid "Choose bytes, kB, MB, GB, TB, KiB, MiB, GiB, TiB (default: MB)"
 msgstr ""
 
 #: plugins/check_disk.c:902
@@ -803,7 +803,7 @@ msgstr ""
 
 #: plugins/check_fping.c:154
 #, c-format
-msgid "FPING UNKNOW - %s not found\n"
+msgid "FPING UNKNOWN - %s not found\n"
 msgstr ""
 
 #: plugins/check_fping.c:158
@@ -1412,7 +1412,7 @@ msgstr ""
 #: plugins/check_http.c:1392
 msgid ""
 "other errors return STATE_UNKNOWN.  Successful connects, but incorrect "
-"reponse"
+"response"
 msgstr ""
 
 #: plugins/check_http.c:1393
@@ -3287,7 +3287,7 @@ msgid ""
 msgstr ""
 
 #: plugins/check_pgsql.c:467
-msgid "a password, but no effort is made to obsure or encrypt the password."
+msgid "a password, but no effort is made to obscure or encrypt the password."
 msgstr ""
 
 #: plugins/check_ping.c:141
@@ -3786,7 +3786,7 @@ msgid "The user to authenticate"
 msgstr ""
 
 #: plugins/check_radius.c:352
-msgid "Password for autentication (SECURITY RISK)"
+msgid "Password for authentication (SECURITY RISK)"
 msgstr ""
 
 #: plugins/check_radius.c:354
@@ -3919,7 +3919,7 @@ msgstr ""
 
 #: plugins/check_real.c:440
 msgid ""
-"but incorrect reponse messages from the host result in STATE_WARNING return"
+"but incorrect response messages from the host result in STATE_WARNING return"
 msgstr ""
 
 #: plugins/check_real.c:441
@@ -4134,7 +4134,7 @@ msgid "STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"
 msgstr ""
 
 #: plugins/check_smtp.c:829
-msgid "connects, but incorrect reponse messages from the host result in"
+msgid "connects, but incorrect response messages from the host result in"
 msgstr ""
 
 #: plugins/check_smtp.c:830

tap/tap.3

@@ -291,7 +291,7 @@ always returns 0.
 .Xc
 .El
 .Pp
-For maximum compatability your test program should return a particular
+For maximum compatibility your test program should return a particular
 exit code.  This is calculated by
 .Fn exit_status
 so it is sufficient to always return from
@@ -309,7 +309,7 @@ directory in the source distribution contains numerous tests of
 functionality, written using
 .Nm .
 Examine them for examples of how to construct test suites.
-.Sh COMPATABILITY
+.Sh COMPATIBILITY
 .Nm
 strives to be compatible with the Perl Test::More and Test::Harness 
 modules.  The test suite verifies that

tap/tap.h

@@ -25,7 +25,7 @@
  */
 
 /* '## __VA_ARGS__' is a gcc'ism. C99 doesn't allow the token pasting
-   and requires the caller to add the final comma if they've ommitted
+   and requires the caller to add the final comma if they've omitted
    the optional arguments */
 #ifdef __GNUC__
 # define ok(e, test, ...) ((e) ?					\

tools/build_perl_modules.in

@@ -140,7 +140,7 @@ my $libs = "$destdir/$prefix/lib:$destdir/$prefix/lib/$Config{archname}";
 
 my $topdir = cwd();
 
-# set an initial value if there isnt one already
+# set an initial value if there isn't one already
 # Need to use PERL5LIB to ensure we get pre-installed mods from earlier
 # tags in the install_order file
 $ENV{PERL5LIB} ||= q{};
@@ -149,8 +149,8 @@ $ENV{PERL5LIB} ||= q{};
 $ENV{PERL_AUTOINSTALL} = "--skipdeps";
 
 # keep a record of how many times a module build is done.  This is so they may
-# be built a second time to include optional prereq's that couldnt
-# previously be built due to circular dependancies
+# be built a second time to include optional prereq's that couldn't
+# previously be built due to circular dependencies
 my %built_modules;
 foreach my $tarball (@tarballs) {
     ( my $dir = $tarball ) =~ s/\.(?:tgz|tar.gz)$//;

tools/p1.pl

@@ -2,7 +2,7 @@
 #
 # Hacked version of the sample code from the perlembedded doco.
 #
-# Only major changes are to separate the compiling and cacheing from 
+# Only major changes are to separate the compiling and caching from
 # the execution so that the cache can be kept in "non-volatile" parent
 # process while the execution is done from "volatile" child processes
 # and that STDOUT is redirected to a file by means of a tied filehandle

tools/tinderbox_build

@@ -133,12 +133,12 @@ sub BuildIt {
 # this fun line added on 2/5/98. do not remove. Translated to english,
 # that's "take any line longer than 1000 characters, and split it into less
 # than 1000 char lines.  If any of the resulting lines is
-# a dot on a line by itself, replace that with a blank line."  
+# a dot on a line by itself, replace that with a blank line."
 # This is to prevent cases where a <cr>.<cr> occurs in the log file.  Sendmail
 # interprets that as the end of the mail, and truncates the log before
 # it gets to Tinderbox.  (terry weismann, chris yeh)
 #
-# This was replaced by a perl 'port' of the above, writen by 
+# This was replaced by a perl 'port' of the above, written by
 # preed@netscape.com; good things: no need for system() call, and now it's
 # all in perl, so we don't have to do OS checking like before.