Merge branch 'maint'

.gitignore

@@ -89,6 +89,7 @@ NP-VERSION-FILE
 /gl/stdio.h
 /gl/stdlib.h
 /gl/string.h
+/gl/strings.h
 /gl/sys_socket.h
 /gl/sys_stat.h
 /gl/sys

.travis.yml

@@ -0,0 +1,75 @@
+sudo: required
+dist: trusty
+language: c
+
+before_install:
+  # Trusty related fixed
+  # multiverse is no on trusty activated (https://github.com/travis-ci/travis-ci/issues/4979)
+  - sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty multiverse" && sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse"
+  # /etc/hosts has IPv6 hosts (https://github.com/travis-ci/travis-ci/issues/4978)
+  - sudo [ $(ip addr show | grep "inet6 ::1" | wc -l) -lt "1" ] && sudo sed -i '/^::1/d' /etc/hosts
+  # Trusty has running ntpd on localhost, but we don't like that for our tests
+  - sudo killall -9 ntpd
+  # Trusty has no swap, lets create some
+  - sudo fallocate -l 20M /swapfile; sudo chmod 600 /swapfile; sudo mkswap /swapfile; sudo swapon /swapfile
+  - sudo add-apt-repository -y ppa:waja/trusty-backports
+  - sudo apt-get update -qq
+  - sudo apt-get purge -qq gawk
+  # http://docs.travis-ci.com/user/trusty-ci-environment/ indicates, no MySQL on Trusty (yet)
+  # # ensure we have a test database in place for tests
+  # - mysql -e "create database IF NOT EXISTS test;" -uroot
+
+install:
+  - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libfreeradius-client-dev libkrb5-dev libnet-snmp-perl procps
+  - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd
+  - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix libhttp-daemon-ssl-perl
+  - sudo apt-get install -qq --no-install-recommends slapd ldap-utils
+  - sudo apt-get install -qq --no-install-recommends autoconf automake
+  - sudo apt-get install -qq --no-install-recommends faketime
+  # Trusty related dependencies (not yet provided)
+  - sudo apt-get install -qq --no-install-recommends mariadb-client mariadb-server
+
+before_script:
+  # ensure we have a test database in place for tests
+  - mysql -e "create database IF NOT EXISTS test;" -uroot
+  # Detect LDAP configuration (seems  volatile on trusty env)
+  - sed -e 's/cn=admin,dc=nodomain/'$(sudo /usr/sbin/slapcat|grep ^dn:|grep cn=|awk '{print $2}')'/' -i plugins/t/NPTest.cache.travis
+  - tools/setup
+  - ./configure --enable-libtap
+  - make
+  - export NPTEST_CACHE="$(pwd)/plugins/t/NPTest.cache.travis"
+  - ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa
+  - cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
+  - ssh-keyscan localhost >> ~/.ssh/known_hosts
+  - touch ~/.ssh/config
+  - sudo rm -f /usr/share/mibs/ietf/SNMPv2-PDU /usr/share/mibs/ietf/IPSEC-SPD-MIB /usr/share/mibs/ietf/IPATM-IPMC-MIB /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
+  - sudo mkdir -p /var/lib/snmp/mib_indexes
+
+script:
+  - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then make test; fi
+
+notifications:
+  irc:
+    channels:
+      - "chat.freenode.net#Monitoring-Plugins"
+    on_success: change
+    on_failure: always
+    skip_join: true
+  email:
+    - team@monitoring-plugins.org
+
+env:
+  global:
+    # This is the encrypted COVERITY_SCAN_TOKEN, created via the "travis
+    # encrypt" command using the project repository's public key.
+    - secure: "ggJ9c/VfKcwtrwz/My+ne4My7D8g3qi3vz5Hh+yLiri0+oIXCy313ZD6ssIEY/5beQZEOnuHhBgBJd/Y3clSQNc2M9fRNc+wxOkIO992lgnY0MZJN3y9MLfpqUbTClhU9Fst0qXQqGpI6UI8yz1tj7yKi7DPrycJLRrjMpyTfyo="
+
+addons:
+  coverity_scan:
+    project:
+      name: "monitoring-plugins/monitoring-plugins"
+      description: "Monitoring Plugins"
+    notification_email: team@monitoring-plugins.org
+    build_command_prepend: tools/setup && ./configure
+    build_command: make
+    branch_pattern: coverity.*

AUTHORS

@@ -22,3 +22,4 @@ Ton Voon
 Jan Wagner
 Holger Weiss
 Michael Wirtgen
+Oliver Skibbe

NEWS

@@ -1,8 +1,91 @@
 This file documents the major additions and syntax changes between releases.
 
-2.1.1 31th July 2015
+2.1.2 2016-08-01
+	SECURITY FIXES
+
+	ENHANCEMENTS
+	check_snmp's performance data now also includes warning/critical
+	  thresholds
+	New check_snmp "-N" option to specify SNMPv3 context name
+	New check_nt "-l" parameters: seconds|minutes|hours|days
+	New check_mailq -s option which tells the plugin to use sudo(8)
+	New -W/-C option for check_ldap to check number of entries (Gerhard Lausser)
+	The check_http -S/--ssl option now accepts the arguments "1.1" and "1.2"
+	  to force TLSv1.1 and TLSv1.2 connections, respectively
+	The check_http -S/--ssl option now allows for specifying the desired
+	  protocol with a "+" suffix to also accept newer versions
+	New check_disk "-v" option to show troubled partition in verbose mode
+	check_log.sh: Added a parameter -w (--max_warning) defining upper value to return a warning code
+	check_ldap: Add support for LDAP URIs.
+	check_file_age: Provide performance data
+	check_by_ssh: added --hostname support
+	check_ifstatus.pl: Add check_ifstatus option to ignore interfaces by name
+	check_snmp: Introduce support for SNMPv3 context using "-N" option
+	check_snmp.c: Added IPv6 support
+	check_http: Added support for checking SSL-Websites through Proxies
+
 	FIXES
-	lib/utils_cmd.c - Reverted to fix check_procs segfault (abrist)
+	check_dig can now also use "drill" instead of "dig"
+	check_dig honor the -4 and -6 switches
+	check_ntp_peer: do not use uninitialized results for max state
+	check_log.sh, check_oracle.sh, check_sensors.sh: Setting PATH at first
+	check_log.sh: droping path from basename while evaluating PROGNAME
+	check_tcp: Fix check_jabber to work with Openfire servers
+	check_ifstatus.pl: Fix "-n" and "-u" options to ignore if either is set, not just both
+	check_mrtgtraf: Fix perfdata to comply with perfdata UOM definition
+	check_real, check_ntp: fix null termination
+	check_apt: fix memset
+	check_ssh: change warning to critical for protocal/version errors
+	utils_cmd.c: avoid a segfault, if ulimit is set to unlimited
+	utils_cmd.c: make constants from maxfd values
+	configure.ac: Added particular ps command for HP-UX
+	check_disk: Fix pthread start routine type
+	check_http: Make header_value() and chunked-encoding decoding more robust
+	check_http: fix Host header if explicitly set with -k
+	sslutils.c: Forcing furter restriction of ciphers for current security concerns
+	check_nagios, check_procs: Enable check_proc to monitor processes in PID name-spaced environments.
+	check_dhcp.c: use /dev/urandom if available
+	check_http.c: Don't decode page if it's not there
+	check_disk.c: Prevent large tide values from truncation
+	pst3.c: Fix for unclosed filehandle in pst3 on Solaris
+	check_snmp: Timeticks are not being parsed correctly before performance data
+        multiple *.h files: standardized header include fences
+        multiple plugins/*.c files: fix unsafe signal handling
+	sslutils.c: Fix compilation with GnuTLS which doesn't provide SSL_CTX_check_private_key()
+	check_mailq.pl: fixed mailer names
+	check_swap.c: Improving output when swap space has zero size
+	check_icmp.c: Use kernel reception time on ICMP packets to compute rtt.
+	check_icmp.c: make use of MSG_CONFIRM optional
+	check_ldap.c: add counting of entries to check_ldap
+	utils.c: add sperfdata() function which can handle threshold ranges
+	sslutils.c: Check if OpenSSL supports SSLv3.
+	check_dhcp.c: Fixes segfaults when running via monitoring worker (off-by-one)
+	check_fping.c: autodetect ipv6 addresses
+	sslutils.c: optimize output if certificate expires in less then 24h
+	check_smtp.c: Let "-D" option imply "-S". Also QUIT SMTP connection when "-D" is used
+	check_smtp.c: modified SSL check for use with -e
+	check_tcp.c: Validate sent data size
+	check_dns.c: conditional assignment
+	check_dns.c: macro querytypes and auto cnames
+	utils_cmd.c, utils_base.c: Multiple resource leaks
+	check_http.c: Increase MAX_RE_SIZE from 256 to 2048
+	check_procs.c: Changed the ps command args from axwo to axwwo allowing for longer output
+	check_http.c: Allow a server to reply using only 'HTTP/1.x 200 OK' and a
+		body, with no headers
+	check_nt.c: check_nt does not correctly report a DNS entry it cannot resolve
+	check_dhcp.c: check_dhcp broken on BSD
+
+	TESTS
+	check_procs.t: Add delay after forking in test to avoid race condition
+	test.pl.in: Use "C" locale when running test suite
+	check_http.t: Adjust date strings to the now-localized output
+	check_dns.t - Fix Perl Warning. perl doesn't understand /d within "".
+	check_snmp.t: skip extented snmp tests if snmpd has no perl support
+	check_snmp.t: fix snmp test for included threshold
+	check_http.t: fix tests for certificates expire date with seconds
+	check_http.t: add faketime based tests for check_http
+
+	LOCALIZATION
 
 2.1.0 30th July 2015
 	SECURITY FIXES

NP-VERSION-GEN

@@ -6,7 +6,7 @@
 SRC_ROOT=`dirname $0`
 
 NPVF=NP-VERSION-FILE
-DEF_VER=2.1.1.git
+DEF_VER=2.1.2.git
 
 LF='
 '

THANKS.in

@@ -1,350 +1,364 @@
-Felipe Gustavo de Almeida
-Ian Cass
-Robert Dale
-Ragnar Hojland Espinosa
-Bo Kersey
-Pedro Leite
-Richard Mayhew
-Remi Paulmier
-Didi Rieder
-Tom Shields
-Stuart Webster
-Jim Carroll
-Ian Duggan
-Tom Bertelston
-Charlie Cook
-Simon L Nielsen
+Abid Rasheed
+Adrian Murphy
+Adrian Wieczorek
+Alain Richard
+Alen Salamun
+Alessandro Ren
+Alex Bradley
 Alex Chaffee
-Frank Kannemann
-Jeremy Baumgartner
-Michael Haro
-Paul Farrall
-Dave Viner
-Olaf Greis
-Russell Scibetti
-Ziya Suzen
-Paul Dlug
-Andy Doran
-Reuben Farrelly
-Phil Randal
-Julien Touche
-Paula Arnold
-Matthew Ericson
-Bradley Baetz
-Rodger Allen
-Alwyn Cherrington
-Mathieu Masseboeuf
-Wolfgang Rosenauer
-Larry Low
-Karl Ewald
+Alex Griffin
+Alexander Kulak
 Alexander Matey
-Laurent Vaslin
-Matthew Brown
-Fabian Pehla
-Robert August Vincent
-Dietmar Ruzicka
-Jacob Lundqvist
-Janos Mohacsi
-Cove Schneider
-Michael Anthon
-Steven Grimm
-Ernst-Dieter Martin
-Steve Rigler
-Cliff Rice
-Christoph Kron
-Valdimir Ivaschenko
-Guy Van Den Bergh
-Matt Perry
-Mike McHenry
-Matthew Peters
-Thomas Nilsen
-Marc Poulin
-Jonathan Rozes
-Thomas Schimpke
-James Fidell
-John Koyle
-Mark Jewiss
-William Pietri
-Carlos Canau
-Benjamin Schmid
-Sven Meyer
-Walbert Oberngruber
-John Marquart
-Truongchinh Nguyen
-Jeffery Blank
-Jason Burnett
-Richard Brodie
-Patrick Allen
-Steve Hanselman
-Eric Bollengier
-Edwin Eefting
-Peter Hoogendijk
-Kjell Sundtjonn
-Ludse Verhoeven
-Lonny Selinger
-Christopher Maser
-Jerome Tytgat
-Matt Garrett
+Alexander Wittig
+Allan Bennett
+Alwyn Cherrington
+Anders Kaseorg
+Andreas Behal
+Andreas Ericsson
+Andreas Seemueller
+Andrew Berglund
+Andrew Elwell
+Andrew Widdersheim
+Andy Brist
+Andy Doran
+Anton Lofgren
 Antony Simmonds
-Ian Holsman
-Ben Whaley
-John Sivak
-Gunnar Hellekson
-David Croft
-Patrick McCormick
-David Alden
-Joe Rhett
-Johannes Herlitz
-Michael Musikhin
-Matt Pounsett
-Shawn Wills
-Ralph Rye
-Jason Martin
-Jon Hallett
-Alexander Kulak
+Aravind Gottipati
+Ari Pollak
+Arnaud Quette
 Arnold Cavazos
-Flo Gleixner
-Howard Wilkinson
-Torsten Werner
-Roy Sigurd Karlsbakk
-Kondoros Attila
-Sven Schaffranneck
+Ask Bjoern Hansen
+Aurelien Bompard
 Ben Clewett
-Garry Cook
-Carole Verdon
-Paul Allen
+Ben Timby
+Ben Whaley
+Benjamin Schmid
+Bernhard Fischer
 Bill Kunkel
-Paulo Afonso Graner Fessel
-Jamie Zawinski
-Jan-Piet Mens
-Phil Dibowitz
-Lutz Behnke
-Ibere Tizio
-Andreas Ericsson
-Abid Rasheed
-Noel Sebastien
-Nathan Shafer
-Simon Bellwood
-Rok Debevc
-Tom De Blende
-Alain Richard
-Arnaud Quette
-Alen Salamun
-Russell Miller
-Ollie Cook
-Michael Bakker
-Michael Almond
-Paul Wiggins
-Lynne Lawrence
-Marcos Della
-Eric Chen
-Tomasz Pilat
-Sean Shore
-Daniel Austin
-John Warburton
-Paulo Fessel
-Randy O'Meara
-Mario Witte
-Rainer Duffner
-Jason Dixon
-Kenny Root
-Jan-Frode Myklebust
-Kev Green
-Guenther Mair
-dag rob?le
-Michael Markstaller
-Adrian Wieczorek
-Myke Place
-Darian Rackham
-Merijn Evertse
-Steve Greenland
-Nikolay Sturm
-Sivakumar Nellurandi
-Gerd Mueller
-Christian G Warden
-Peter Pramberger
-Sascha Runschke
-Ronald Tin
-Chester Hosey
-Pascal Larisch
-David Sullivan
+Bo Kersey
 Bob Ingraham
-Hans Engelen
-Rick Frey
-Serhan Kiymaz
-Gerhard Lausser
-Jon Vandegrift
-Jason Crawford
-Steven Kreuzer
-Johan Fischer
-Sakari Lehtonen
-John Rouillard
-Sebastian Wiesinger
-Jason Kau
-Michael Tiernan
-Jeremy Reed
-Cire Iriarte
-Allan Bennett
-Ari Pollak
-Lance Albertson
-Mike Emigh
+Booker C. Bense
+Bradley Baetz
+Brian De Wolf
+Brian Landers
+Bryan Irvine
+Carlos Canau
+Carole Verdon
+Charles-Henri Larose
+Charlie Cook
+Chester Hosey
+Chris Grim
+Chris Pepper
+Chris Wilson
+Christian G Warden
 Christian Mies
-Andreas Behal
-O'Shaughnessy Evans
-Aravind Gottipati
-Kyle Tucker
+Christian Schneemann
+Christoph Kron
+Christoph Schell
+Christopher Maser
+Christopher Schultz
+Cire Iriarte
+Cliff Rice
+Cove Schneider
+Craig Leres
 Craig Orsinger
-Robby Giffin
-Henning Schmiedehausen
-Markus Baertschi
-Florian Gleixner
-Pawel Malachowski
-Duncan Ferguson
+Damian Myerscough
+Daniel Austin
+Daniel Bimschas
+Daniël van Eeden
+Dann Frazier
+Darian Rackham
+Dave Viner
+David Alden
+David Croft
+David Sullivan
+Davide Madrisan
+Dawid Golunski
+Denis Knauf
 Dick van den Burg
-Sebastian Schubert
-Jason Hoos
-Chris Grim
-Nobuhiro Ban
-Ville Mattila
-Lars Stavholm
+Didi Rieder
+Diego Elio Pettenò
+Dieter Van de Walle
+Dietmar Ruzicka
+Dominique Broeglin
+Duncan Ferguson
+Edwin Eefting
+Emil Michles
+Emmanuel Dreyfus
 Enrico Scholz
-Marlo Bell
-Stefan Meier
-Mark Favas
+Eric Bollengier
+Eric Chen
+Eric J. Mislivec
+Erik Wasser
+Erik Welch
+Ernst-Dieter Martin
+Erwan Ben Souiden
+Evgeni Golov
+Fabian Pehla
+Fabio Rueda
+Felipe Gustavo de Almeida
 Felix Frank
-Denis Knauf
-Matthias Flacke
-Emil Michles
-Ask Bjoern Hansen
-Daniel Bimschas
-Aurelien Bompard
-Christoph Schell
-Andrew Elwell
-Heiti Ernits
-Sebastien Guay
-Matteo HCE Valsasna
-Bernhard Fischer
-fabiodds
-Tom Payerle
-Alessandro Ren
+Flo Gleixner
+Florian Gleixner
+Frank Kannemann
+Frederic Krueger
+Frederic Krueger
+Gabriele Tozzi
+Garry Cook
+Geoff Oakham
+Geoff Oakham
+Gerd Mueller
+Gerhard Lausser
+Gianluca Varisco
+Grant Byers
+Guenther Mair
+Gunnar Beutner
+Gunnar Hellekson
+Guy Van Den Bergh
+Hans Engelen
 Harald Jenny
-Matthias Urlichs
-Jan Wagner
-Christian Schneemann
-Rob Windsor
+Heiti Ernits
+Henning Schmiedehausen
 Hilko Bengen
-Erik Wasser
-Tilman Koschnick
-Olivier 'Babar' Raginel
-Steve Rader
-Dieter Van de Walle
+Howard Wilkinson
+Ian Cass
+Ian Duggan
+Ian Holsman
+Ibere Tizio
+IndyMichaelB
+Jacob Lundqvist
+James Fidell
+Jamie Zawinski
 Jan Lipphaus
-Erik Welch
-Nik Soggia
-Olli Hauer
-Richard Edward Horner
-John Barbuto
-Oskar Ahner
-Chris Pepper
-Ben Timby
-Martin Foster
-Joe Presbrey
-Will Preston
-Nikita Kalabukhov
-Grant Byers
-Marcel Kuiper
-Bryan Irvine
-Jimmy Bergman
-Konstantin Khomoutov
-Josip Rodin
-Dann Frazier
-Stephane Chazelas
-Craig Leres
-Brian Landers
-Ryan Kelly
-Stéphane Urbanovski
-Marco Beck
-Sebastian Harl
-Jason Lunn
-Alex Griffin
-Marc Remy
-Matej Vela
+Jan Wagner
+Jan-Frode Myklebust
+Jan-Piet Mens
+Janos Mohacsi
+Jason Benguerel
+Jason Burnett
+Jason Crawford
+Jason Dixon
 Jason Ellison
-Charles-Henri Larose
-Tobias Brox
-William Leibzon
+Jason Erdmann
+Jason Hoos
+Jason Kau
+Jason Lunn
+Jason Martin
+Jean-Claude Computing
+Jeffery Blank
+Jeremy Baumgartner
+Jeremy Reed
+Jerome Tytgat
+Jesper Forsberg
+Jethro Carr
+Jim Carroll
+Jimmy Bergman
 Jochen Bern
-Anders Kaseorg
-Robin Sonefors
-Alex Bradley
-Brian De Wolf
-Richard Leitner
-Diego Elio Pettenò
-Vaclav Ovsik
-Roman Fiedler
-Fabio Rueda
-Gabriele Tozzi
-Sebastian Nohn
-Emmanuel Dreyfus
-Booker C. Bense
-Daniël van Eeden
-Dominique Broeglin
-Erwan Ben Souiden
-Gianluca Varisco
+Joe Presbrey
+Joe Rhett
 Joerg Linge
+Johan Fischer
+Johannes Engel
+Johannes Herlitz
+John Barbuto
+John Koyle
+John Marquart
+John Rouillard
+John Sivak
+John Warburton
+Jon Hallett
+Jon Vandegrift
+Jonas Genannt
+Jonas Genannt
 Jonathan Milby
+Jonathan Rozes
+Joseph Gooch
+Josip Rodin
 Juan Carlos Fernandez
+Julien Touche
+Julius Kriukas
+Justin McOmie
+Karl Ewald
+Kenny Root
+Kev Green
+Kjell Sundtjonn
+Koen Wilde
+Kondoros Attila
+Konstantin Khomoutov
+Kyle Tucker
+Lance Albertson
+Larry Low
+Lars Stavholm
+Lars Vogdt
+Laurent Licour
+Laurent Vaslin
 Lionel Cons
+Lonny Selinger
+Luca Corti
+Ludse Verhoeven
+Lutz Behnke
+Lynne Lawrence
 Marc Huffnagle
+Marc Poulin
+Marc Remy
+Marcel Kuiper
+Marco Beck
+Marcos Della
+Mario Witte
+Mark Favas
+Mark Jewiss
 Mark Keisler
+Markus Baertschi
+Marlo Bell
+Martin Foster
+Matej Vela
+Mathieu Masseboeuf
+Matt Garrett
+Matt Perry
+Matt Pounsett
+Matteo HCE Valsasna
+Matthew Brown
+Matthew Ericson
+Matthew Kent
+Matthew Peters
+Matthias Flacke
+Matthias Hähnel
+Matthias Urlichs
+Merijn Evertse
+Michael Almond
+Michael Anthon
+Michael Bakker
+Michael Haro
+Michael Markstaller
+Michael Musikhin
+Michael Tiernan
+Mikael Falkvidd
+Mike Emigh
+Mike McHenry
+Myke Place
+Nathan Shafer
+Neil Prockter
+Nick Peelman
+Nick Peelman
+Nik Soggia
+Nikita Kalabukhov
+Nikolay Sturm
+Nobuhiro Ban
+Noel Sebastien
+O'Shaughnessy Evans
+Olaf Greis
+Olivier 'Babar' Raginel
+Olli Hauer
+Ollie Cook
+Oskar Ahner
+Oskar Liljeblad
 Pall Sigurdsson
-Sebastian Schmidt
-Simon Kainz
-Steve Weinreich
-Tim Laszlo
+Pascal Larisch
 Patric Wust
-Oskar Liljeblad
-Geoff Oakham
-Tilmann Bubeck
-Stéphane Bortzmeyer
-Luca Corti
-Jethro Carr
-Neil Prockter
+Patrick Allen
 Patrick McAndrew
-Julius Kriukas
-Andy Brist
-Spenser Reinhardt
-Sam Kottler
-Frederic Krueger
-Anton Lofgren
-Evgeni Golov
-Davide Madrisan
-Dawid Golunski
-Gunnar Beutner
-Eric J. Mislivec
+Patrick McCormick
+Paul Allen
+Paul Dlug
+Paul Farrall
+Paul Wiggins
+Paula Arnold
+Paulo Afonso Graner Fessel
+Paulo Fessel
+Pawel Malachowski
 Pawel Rozlach
-Laurent Licour
-Koen Wilde
-Chris Wilson
-Jason Erdmann
+Pedro Leite
+Peter Hoogendijk
+Peter Pramberger
+Phil Dibowitz
+Phil Randal
+Ragnar Hojland Espinosa
+Rainer Duffner
+Ralph Rye
+Randy O'Meara
+Remi Paulmier
+Reuben Farrelly
+Ricardo Maraschini
+Richard Brodie
+Richard Edward Horner
+Richard Leitner
+Richard Mayhew
+Rick Frey
+Rob Windsor
+Robby Giffin
+Robert August Vincent
+Robert Dale
+Roberto Greiner
+Robin Sonefors
+Rodger Allen
+Rok Debevc
+Roman Fiedler
+Ronald Tin
+Roy Sigurd Karlsbakk
+Russell Miller
+Russell Scibetti
+Ryan Kelly
+Sakari Lehtonen
+Sam Kottler
+Sascha Runschke
+Sean Shore
+Sebastian Harl
 Sebastian Herbszt
-Yannick Charton
-Andrew Berglund
-Johannes Engel
-Andreas Seemueller
-Adrian Murphy
-Jonas Genannt
-Nick Peelman
-Mikael Falkvidd
-Alexander Wittig
+Sebastian Herbszt
+Sebastian Nohn
+Sebastian Schmidt
+Sebastian Schubert
+Sebastian Wiesinger
+Sebastien Guay
+Serhan Kiymaz
+Shawn Wills
+Simon Bellwood
+Simon Kainz
+Simon L Nielsen
+Simon Meggle
+Sivakumar Nellurandi
+Spenser Reinhardt
+Stefan Meier
+Stephane Chazelas
 Stephane Lapie
+Steve Greenland
+Steve Hanselman
+Steve Rader
+Steve Rigler
+Steve Weinreich
+Steven Grimm
+Steven Kreuzer
+Stuart Webster
+Stéphane Bortzmeyer
+Stéphane Urbanovski
+Sven Meyer
+Sven Schaffranneck
+Thomas Nilsen
+Thomas Schimpke
+Tilman Koschnick
+Tilmann Bubeck
+Tim Laszlo
+Tobias Brox
+Tom Bertelston
+Tom De Blende
+Tom Payerle
+Tom Shields
+Tomasz Pilat
+Torsten Werner
 Trevor McDonald
-Joseph Gooch
-Damian Myerscough
-nafets
+Truongchinh Nguyen
+Vaclav Ovsik
+Valdimir Ivaschenko
+Ville Mattila
+Walbert Oberngruber
+Will Preston
+William Leibzon
+William Pietri
+Wolfgang Rosenauer
+Yannick Charton
+Ziya Suzen
 arvanus
-Roberto Greiner
-Justin McOmie
-Jesper Forsberg
-IndyMichaelB
+dag rob?le
+fabiodds
 jwinkle01
+nafets

configure.ac

@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.59)
-AC_INIT(nagios-plugins,2.1.1)
+AC_INIT(nagios-plugins,2.1.2)
 AC_CONFIG_SRCDIR(NPTest.pm)
 AC_CONFIG_FILES([gl/Makefile 
 	nagios-plugins.spec])
@@ -162,12 +162,6 @@ AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
 AC_CHECK_LIB(resolv,main,SOCKETLIBS="$SOCKETLIBS -lresolv")
 AC_SUBST(SOCKETLIBS)
 
-dnl Check for POSIX thread libraries
-AC_CHECK_HEADERS(pthread.h)
-AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread",
-             AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread -lrt",-lrt))
-AC_SUBST(THREADLIBS)
-
 dnl
 dnl check for math-related functions needing -lm
 AC_CHECK_HEADERS(math.h)
@@ -770,33 +764,33 @@ dnl 	ac_cv_ps_format=["%*s %d %d %d %d %*d %*d %d %d%*[ 0123456789abcdef]%[OSRZT
 dnl 	ac_cv_ps_cols=8
 dnl 	AC_MSG_RESULT([$ac_cv_ps_command])
 
-dnl Lets test if cgroups are supported, on systems with ps axwo command:
-elif ps axwo 'stat comm vsz rss user uid pid ppid args cgroup:256' 2>/dev/null | \
+dnl Lets test if cgroups are supported, on systems with ps axwwo command:
+elif ps axwwo 'stat comm vsz rss user uid pid ppid args cgroup:256' 2>/dev/null | \
 	egrep -i ["^ *STAT +[UCOMAND]+ +VSZ +RSS +USER +UID +PID +PPID +COMMAND +CGROUP"] > /dev/null
 then
 	ac_cv_ps_varlist="[procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,proc_cgroup_hierarchy,procprog,&pos]"
-	ac_cv_ps_command="$PATH_TO_PS axwo 'stat uid pid ppid vsz rss pcpu cgroup:256 comm args'"
+	ac_cv_ps_command="$PATH_TO_PS axwwo 'stat uid pid ppid vsz rss pcpu cgroup:256 comm args'"
 	ac_cv_ps_format="%s %d %d %d %d %d %f %s %s %n"
 	ac_cv_ps_cols=10
 	AC_MSG_RESULT([$ac_cv_ps_command])
 
-dnl cgroups with ps -axwo command:
-elif ps -axwo 'stat comm vsz rss user uid pid ppid args cgroup:256' 2>/dev/null | \
+dnl cgroups with ps -axwwo command:
+elif ps -axwwo 'stat comm vsz rss user uid pid ppid args cgroup:256' 2>/dev/null | \
 	egrep -i ["^ *STAT +[UCOMAND]+ +VSZ +RSS +USER +UID +PID +PPID +COMMAND +CGROUP"] > /dev/null
 then
 	ac_cv_ps_varlist="[procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,proc_cgroup_hierarchy,procprog,&pos]"
-	ac_cv_ps_command="$PATH_TO_PS -axwo 'stat uid pid ppid vsz rss pcpu cgroup:256 comm args'"
+	ac_cv_ps_command="$PATH_TO_PS -axwwo 'stat uid pid ppid vsz rss pcpu cgroup:256 comm args'"
 	ac_cv_ps_format="%s %d %d %d %d %d %f %s %s %n"
 	ac_cv_ps_cols=10
 	AC_MSG_RESULT([$ac_cv_ps_command])
 
-dnl Some gnu/linux systems (debian for one) don't like -axwo and need axwo.
+dnl Some gnu/linux systems (debian for one) don't like -axwwo and need axwwo.
 dnl so test for this first...
-elif ps axwo 'stat comm vsz rss user uid pid ppid args' 2>/dev/null | \
+elif ps axwwo 'stat comm vsz rss user uid pid ppid args' 2>/dev/null | \
 	egrep -i ["^ *STAT +[UCOMAND]+ +VSZ +RSS +USER +UID +PID +PPID +COMMAND"] > /dev/null
 then
 	ac_cv_ps_varlist="[procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procprog,&pos]"
-	ac_cv_ps_command="$PATH_TO_PS axwo 'stat uid pid ppid vsz rss pcpu comm args'"
+	ac_cv_ps_command="$PATH_TO_PS axwwo 'stat uid pid ppid vsz rss pcpu comm args'"
 	ac_cv_ps_format="%s %d %d %d %d %d %f %s %n"
 	ac_cv_ps_cols=9
 	AC_MSG_RESULT([$ac_cv_ps_command])
@@ -804,11 +798,11 @@ then
 dnl For OpenBSD 3.2 & 3.3. Must come before ps -weo
 dnl Should also work for FreeBSD 5.2.1 and 5.3
 dnl  STAT UCOMM              VSZ   RSS USER      PPID COMMAND
-elif ps -axwo 'stat comm vsz rss user uid pid ppid args' 2>/dev/null | \
+elif ps -axwwo 'stat comm vsz rss user uid pid ppid args' 2>/dev/null | \
 	egrep -i ["^ *STAT +[UCOMAND]+ +VSZ +RSS +USER +UID +PID +PPID +COMMAND"] > /dev/null
 then
 	ac_cv_ps_varlist="[procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procprog,&pos]"
-	ac_cv_ps_command="$PATH_TO_PS -axwo 'stat uid pid ppid vsz rss pcpu comm args'"
+	ac_cv_ps_command="$PATH_TO_PS -axwwo 'stat uid pid ppid vsz rss pcpu comm args'"
 	ac_cv_ps_format="%s %d %d %d %d %d %f %s %n"
 	ac_cv_ps_cols=9
 	AC_MSG_RESULT([$ac_cv_ps_command])
@@ -816,11 +810,11 @@ then
 dnl Some *BSDs have different format for ps. This is mainly to catch FreeBSD 4.
 dnl Limitation: Only first 16 chars returned for ucomm field
 dnl Must come before ps -weo
-elif ps -axwo 'stat uid pid ppid vsz rss pcpu ucomm command' 2>/dev/null | \
+elif ps -axwwo 'stat uid pid ppid vsz rss pcpu ucomm command' 2>/dev/null | \
 	egrep -i ["^ *STAT +UID +PID +PPID +VSZ +RSS +%CPU +UCOMM +COMMAND"] > /dev/null
 then
 	ac_cv_ps_varlist="[procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procprog,&pos]"
-	ac_cv_ps_command="$PATH_TO_PS -axwo 'stat uid pid ppid vsz rss pcpu ucomm command'"
+	ac_cv_ps_command="$PATH_TO_PS -axwwo 'stat uid pid ppid vsz rss pcpu ucomm command'"
 	ac_cv_ps_format="%s %d %d %d %d %d %f %s %n"
 	ac_cv_ps_cols=9
 	AC_MSG_RESULT([$ac_cv_ps_command])
@@ -1187,7 +1181,7 @@ AC_ARG_WITH(ping6_command,
 		[sets syntax for ICMPv6 ping]),
 	with_ping6_command=$withval,)
 
-if test x"$with_ipv6" != xno ; then
+if test x"$with_ipv6" != xno -a x"$with_ping6_command" != xno ; then
 AC_MSG_CHECKING(for ICMPv6 ping syntax)
 ac_cv_ping6_packets_first=no
 if test -n "$with_ping6_command"
@@ -1669,6 +1663,9 @@ AC_CHECK_MEMBERS([struct swapent.se_nblks],,,[
                  #include <sys/stat.h>
                  #include <sys/swap.h>
                  ])
+AC_CHECK_MEMBERS([struct msghdr.msg_control, struct msghdr.msg_controllen],
+		AC_DEFINE([HAVE_MSGHDR_MSG_CONTROL],1,
+		          [Define if struct msghdr has msg_control and msg_controllen]))
 
 if test "$ac_cv_have_decl_swapctl" = "yes";
 then

gl/Makefile.am

@@ -21,7 +21,7 @@
 # the same distribution terms as the rest of that program.
 #
 # Generated by gnulib-tool.
-# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strsep timegm unsetenv vasprintf vsnprintf
+# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strcasestr strsep timegm unsetenv vasprintf vsnprintf
 
 AUTOMAKE_OPTIONS = 1.9.6 gnits subdir-objects
 
@@ -1544,6 +1544,24 @@ EXTRA_DIST += stdlib.in.h
 
 ## end   gnulib module stdlib
 
+## begin gnulib module strcase
+
+
+EXTRA_DIST += strcasecmp.c strncasecmp.c
+
+EXTRA_libgnu_a_SOURCES += strcasecmp.c strncasecmp.c
+
+## end   gnulib module strcase
+
+## begin gnulib module strcasestr-simple
+
+
+EXTRA_DIST += str-two-way.h strcasestr.c
+
+EXTRA_libgnu_a_SOURCES += strcasestr.c
+
+## end   gnulib module strcasestr-simple
+
 ## begin gnulib module streq
 
 
@@ -1669,6 +1687,37 @@ EXTRA_DIST += string.in.h
 
 ## end   gnulib module string
 
+## begin gnulib module strings
+
+BUILT_SOURCES += strings.h
+
+# We need the following in order to create <strings.h> when the system
+# doesn't have one that works with the given compiler.
+strings.h: strings.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(WARN_ON_USE_H) $(ARG_NONNULL_H)
+	$(AM_V_GEN)rm -f $@-t $@ && \
+	{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+	  sed -e 's|@''GUARD_PREFIX''@|GL|g' \
+	      -e 's|@''HAVE_STRINGS_H''@|$(HAVE_STRINGS_H)|g' \
+	      -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+	      -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+	      -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+	      -e 's|@''NEXT_STRINGS_H''@|$(NEXT_STRINGS_H)|g' \
+	      -e 's|@''GNULIB_FFS''@|$(GNULIB_FFS)|g' \
+	      -e 's|@''HAVE_FFS''@|$(HAVE_FFS)|g' \
+	      -e 's|@''HAVE_STRCASECMP''@|$(HAVE_STRCASECMP)|g' \
+	      -e 's|@''HAVE_DECL_STRNCASECMP''@|$(HAVE_DECL_STRNCASECMP)|g' \
+	      -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+	      -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+	      -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+	      < $(srcdir)/strings.in.h; \
+	} > $@-t && \
+	mv $@-t $@
+MOSTLYCLEANFILES += strings.h strings.h-t
+
+EXTRA_DIST += strings.in.h
+
+## end   gnulib module strings
+
 ## begin gnulib module strndup
 
 

gl/m4/gnulib-cache.m4

@@ -27,7 +27,7 @@
 
 
 # Specification in the form of a command-line invocation:
-#   gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strsep timegm unsetenv vasprintf vsnprintf
+#   gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strcasestr strsep timegm unsetenv vasprintf vsnprintf
 
 # Specification in the form of a few gnulib-tool.m4 macro invocations:
 gl_LOCAL_DIR([])
@@ -47,6 +47,8 @@ gl_MODULES([
   mountlist
   regex
   setenv
+  strcase
+  strcasestr
   strsep
   timegm
   unsetenv

gl/m4/gnulib-comp.m4

@@ -120,10 +120,14 @@ AC_DEFUN([gl_EARLY],
   # Code from module stdint:
   # Code from module stdio:
   # Code from module stdlib:
+  # Code from module strcase:
+  # Code from module strcasestr:
+  # Code from module strcasestr-simple:
   # Code from module streq:
   # Code from module strerror:
   # Code from module strerror-override:
   # Code from module string:
+  # Code from module strings:
   # Code from module strndup:
   # Code from module strnlen:
   # Code from module strsep:
@@ -379,6 +383,26 @@ AC_DEFUN([gl_INIT],
   gl_STDINT_H
   gl_STDIO_H
   gl_STDLIB_H
+  gl_STRCASE
+  if test $HAVE_STRCASECMP = 0; then
+    AC_LIBOBJ([strcasecmp])
+    gl_PREREQ_STRCASECMP
+  fi
+  if test $HAVE_STRNCASECMP = 0; then
+    AC_LIBOBJ([strncasecmp])
+    gl_PREREQ_STRNCASECMP
+  fi
+  gl_FUNC_STRCASESTR
+  if test $HAVE_STRCASESTR = 0 || test $REPLACE_STRCASESTR = 1; then
+    AC_LIBOBJ([strcasestr])
+    gl_PREREQ_STRCASESTR
+  fi
+  gl_FUNC_STRCASESTR_SIMPLE
+  if test $HAVE_STRCASESTR = 0 || test $REPLACE_STRCASESTR = 1; then
+    AC_LIBOBJ([strcasestr])
+    gl_PREREQ_STRCASESTR
+  fi
+  gl_STRING_MODULE_INDICATOR([strcasestr])
   gl_FUNC_STRERROR
   if test $REPLACE_STRERROR = 1; then
     AC_LIBOBJ([strerror])
@@ -392,6 +416,7 @@ AC_DEFUN([gl_INIT],
     gl_PREREQ_SYS_H_WINSOCK2
   fi
   gl_HEADER_STRING_H
+  gl_HEADER_STRINGS_H
   gl_FUNC_STRNDUP
   if test $HAVE_STRNDUP = 0 || test $REPLACE_STRNDUP = 1; then
     AC_LIBOBJ([strndup])
@@ -710,12 +735,16 @@ AC_DEFUN([gl_FILE_LIST], [
   lib/stdio.in.h
   lib/stdlib.in.h
   lib/str-two-way.h
+  lib/strcasecmp.c
+  lib/strcasestr.c
   lib/streq.h
   lib/strerror-override.c
   lib/strerror-override.h
   lib/strerror.c
   lib/string.in.h
+  lib/strings.in.h
   lib/stripslash.c
+  lib/strncasecmp.c
   lib/strndup.c
   lib/strnlen.c
   lib/strsep.c
@@ -850,8 +879,11 @@ AC_DEFUN([gl_FILE_LIST], [
   m4/stdint_h.m4
   m4/stdio_h.m4
   m4/stdlib_h.m4
+  m4/strcase.m4
+  m4/strcasestr.m4
   m4/strerror.m4
   m4/string_h.m4
+  m4/strings_h.m4
   m4/strndup.m4
   m4/strnlen.m4
   m4/strsep.m4

gl/m4/strcase.m4

@@ -0,0 +1,45 @@
+# strcase.m4 serial 11
+dnl Copyright (C) 2002, 2005-2013 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_STRCASE],
+[
+  gl_FUNC_STRCASECMP
+  gl_FUNC_STRNCASECMP
+])
+
+AC_DEFUN([gl_FUNC_STRCASECMP],
+[
+  AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+  AC_CHECK_FUNCS([strcasecmp])
+  if test $ac_cv_func_strcasecmp = no; then
+    HAVE_STRCASECMP=0
+  fi
+])
+
+AC_DEFUN([gl_FUNC_STRNCASECMP],
+[
+  AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+  AC_CHECK_FUNCS([strncasecmp])
+  if test $ac_cv_func_strncasecmp = yes; then
+    HAVE_STRNCASECMP=1
+  else
+    HAVE_STRNCASECMP=0
+  fi
+  AC_CHECK_DECLS([strncasecmp])
+  if test $ac_cv_have_decl_strncasecmp = no; then
+    HAVE_DECL_STRNCASECMP=0
+  fi
+])
+
+# Prerequisites of lib/strcasecmp.c.
+AC_DEFUN([gl_PREREQ_STRCASECMP], [
+  :
+])
+
+# Prerequisites of lib/strncasecmp.c.
+AC_DEFUN([gl_PREREQ_STRNCASECMP], [
+  :
+])

gl/m4/strcasestr.m4

@@ -0,0 +1,142 @@
+# strcasestr.m4 serial 21
+dnl Copyright (C) 2005, 2007-2013 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Check that strcasestr is present and works.
+AC_DEFUN([gl_FUNC_STRCASESTR_SIMPLE],
+[
+  AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS])
+
+  dnl Persuade glibc <string.h> to declare strcasestr().
+  AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+
+  AC_REQUIRE([gl_FUNC_MEMCHR])
+  AC_CHECK_FUNCS([strcasestr])
+  if test $ac_cv_func_strcasestr = no; then
+    HAVE_STRCASESTR=0
+  else
+    if test "$gl_cv_func_memchr_works" != yes; then
+      REPLACE_STRCASESTR=1
+    else
+      dnl Detect http://sourceware.org/bugzilla/show_bug.cgi?id=12092.
+      AC_CACHE_CHECK([whether strcasestr works],
+        [gl_cv_func_strcasestr_works_always],
+        [AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <string.h> /* for strcasestr */
+#define P "_EF_BF_BD"
+#define HAYSTACK "F_BD_CE_BD" P P P P "_C3_88_20" P P P "_C3_A7_20" P
+#define NEEDLE P P P P P
+]], [[return !!strcasestr (HAYSTACK, NEEDLE);
+      ]])],
+          [gl_cv_func_strcasestr_works_always=yes],
+          [gl_cv_func_strcasestr_works_always=no],
+          [dnl glibc 2.12 and cygwin 1.7.7 have a known bug.  uClibc is not
+           dnl affected, since it uses different source code for strcasestr
+           dnl than glibc.
+           dnl Assume that it works on all other platforms, even if it is not
+           dnl linear.
+           AC_EGREP_CPP([Lucky user],
+             [
+#ifdef __GNU_LIBRARY__
+ #include <features.h>
+ #if ((__GLIBC__ == 2 && __GLIBC_MINOR__ > 12) || (__GLIBC__ > 2)) \
+     || defined __UCLIBC__
+  Lucky user
+ #endif
+#elif defined __CYGWIN__
+ #include <cygwin/version.h>
+ #if CYGWIN_VERSION_DLL_COMBINED > CYGWIN_VERSION_DLL_MAKE_COMBINED (1007, 7)
+  Lucky user
+ #endif
+#else
+  Lucky user
+#endif
+             ],
+             [gl_cv_func_strcasestr_works_always="guessing yes"],
+             [gl_cv_func_strcasestr_works_always="guessing no"])
+          ])
+        ])
+      case "$gl_cv_func_strcasestr_works_always" in
+        *yes) ;;
+        *)
+          REPLACE_STRCASESTR=1
+          ;;
+      esac
+    fi
+  fi
+]) # gl_FUNC_STRCASESTR_SIMPLE
+
+dnl Additionally, check that strcasestr is efficient.
+AC_DEFUN([gl_FUNC_STRCASESTR],
+[
+  AC_REQUIRE([gl_FUNC_STRCASESTR_SIMPLE])
+  if test $HAVE_STRCASESTR = 1 && test $REPLACE_STRCASESTR = 0; then
+    AC_CACHE_CHECK([whether strcasestr works in linear time],
+      [gl_cv_func_strcasestr_linear],
+      [AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <signal.h> /* for signal */
+#include <string.h> /* for strcasestr */
+#include <stdlib.h> /* for malloc */
+#include <unistd.h> /* for alarm */
+static void quit (int sig) { exit (sig + 128); }
+]], [[
+    int result = 0;
+    size_t m = 1000000;
+    char *haystack = (char *) malloc (2 * m + 2);
+    char *needle = (char *) malloc (m + 2);
+    /* Failure to compile this test due to missing alarm is okay,
+       since all such platforms (mingw) also lack strcasestr.  */
+    signal (SIGALRM, quit);
+    alarm (5);
+    /* Check for quadratic performance.  */
+    if (haystack && needle)
+      {
+        memset (haystack, 'A', 2 * m);
+        haystack[2 * m] = 'B';
+        haystack[2 * m + 1] = 0;
+        memset (needle, 'A', m);
+        needle[m] = 'B';
+        needle[m + 1] = 0;
+        if (!strcasestr (haystack, needle))
+          result |= 1;
+      }
+    return result;
+    ]])],
+        [gl_cv_func_strcasestr_linear=yes], [gl_cv_func_strcasestr_linear=no],
+        [dnl Only glibc > 2.12 and cygwin > 1.7.7 are known to have a
+         dnl strcasestr that works in linear time.
+         AC_EGREP_CPP([Lucky user],
+           [
+#include <features.h>
+#ifdef __GNU_LIBRARY__
+ #if ((__GLIBC__ == 2 && __GLIBC_MINOR__ > 12) || (__GLIBC__ > 2)) \
+     && !defined __UCLIBC__
+  Lucky user
+ #endif
+#endif
+#ifdef __CYGWIN__
+ #include <cygwin/version.h>
+ #if CYGWIN_VERSION_DLL_COMBINED > CYGWIN_VERSION_DLL_MAKE_COMBINED (1007, 7)
+  Lucky user
+ #endif
+#endif
+           ],
+           [gl_cv_func_strcasestr_linear="guessing yes"],
+           [gl_cv_func_strcasestr_linear="guessing no"])
+        ])
+      ])
+    case "$gl_cv_func_strcasestr_linear" in
+      *yes) ;;
+      *)
+        REPLACE_STRCASESTR=1
+        ;;
+    esac
+  fi
+]) # gl_FUNC_STRCASESTR
+
+# Prerequisites of lib/strcasestr.c.
+AC_DEFUN([gl_PREREQ_STRCASESTR], [
+  :
+])

gl/m4/strings_h.m4

@@ -0,0 +1,52 @@
+# Configure a replacement for <strings.h>.
+# serial 6
+
+# Copyright (C) 2007, 2009-2013 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_HEADER_STRINGS_H],
+[
+  dnl Use AC_REQUIRE here, so that the default behavior below is expanded
+  dnl once only, before all statements that occur in other macros.
+  AC_REQUIRE([gl_HEADER_STRINGS_H_BODY])
+])
+
+AC_DEFUN([gl_HEADER_STRINGS_H_BODY],
+[
+  AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+
+  gl_CHECK_NEXT_HEADERS([strings.h])
+  if test $ac_cv_header_strings_h = yes; then
+    HAVE_STRINGS_H=1
+  else
+    HAVE_STRINGS_H=0
+  fi
+  AC_SUBST([HAVE_STRINGS_H])
+
+  dnl Check for declarations of anything we want to poison if the
+  dnl corresponding gnulib module is not in use.
+  gl_WARN_ON_USE_PREPARE([[
+    /* Minix 3.1.8 has a bug: <sys/types.h> must be included before
+       <strings.h>.  */
+    #include <sys/types.h>
+    #include <strings.h>
+    ]], [ffs strcasecmp strncasecmp])
+])
+
+AC_DEFUN([gl_STRINGS_MODULE_INDICATOR],
+[
+  dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+  AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+  gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+])
+
+AC_DEFUN([gl_HEADER_STRINGS_H_DEFAULTS],
+[
+  GNULIB_FFS=0;            AC_SUBST([GNULIB_FFS])
+  dnl Assume proper GNU behavior unless another module says otherwise.
+  HAVE_FFS=1;              AC_SUBST([HAVE_FFS])
+  HAVE_STRCASECMP=1;       AC_SUBST([HAVE_STRCASECMP])
+  HAVE_DECL_STRNCASECMP=1; AC_SUBST([HAVE_DECL_STRNCASECMP])
+])

gl/strcasecmp.c

@@ -0,0 +1,62 @@
+/* Case-insensitive string comparison function.
+   Copyright (C) 1998-1999, 2005-2007, 2009-2013 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, see <http://www.gnu.org/licenses/>.  */
+
+#include <config.h>
+
+/* Specification.  */
+#include <string.h>
+
+#include <ctype.h>
+#include <limits.h>
+
+#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch))
+
+/* Compare strings S1 and S2, ignoring case, returning less than, equal to or
+   greater than zero if S1 is lexicographically less than, equal to or greater
+   than S2.
+   Note: This function does not work with multibyte strings!  */
+
+int
+strcasecmp (const char *s1, const char *s2)
+{
+  const unsigned char *p1 = (const unsigned char *) s1;
+  const unsigned char *p2 = (const unsigned char *) s2;
+  unsigned char c1, c2;
+
+  if (p1 == p2)
+    return 0;
+
+  do
+    {
+      c1 = TOLOWER (*p1);
+      c2 = TOLOWER (*p2);
+
+      if (c1 == '\0')
+        break;
+
+      ++p1;
+      ++p2;
+    }
+  while (c1 == c2);
+
+  if (UCHAR_MAX <= INT_MAX)
+    return c1 - c2;
+  else
+    /* On machines where 'char' and 'int' are types of the same size, the
+       difference of two 'unsigned char' values - including the sign bit -
+       doesn't fit in an 'int'.  */
+    return (c1 > c2 ? 1 : c1 < c2 ? -1 : 0);
+}

gl/strcasestr.c

@@ -0,0 +1,82 @@
+/* Case-insensitive searching in a string.
+   Copyright (C) 2005-2013 Free Software Foundation, Inc.
+   Written by Bruno Haible <bruno@clisp.org>, 2005.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, see <http://www.gnu.org/licenses/>.  */
+
+#include <config.h>
+
+/* Specification.  */
+#include <string.h>
+
+#include <ctype.h>
+#include <stdbool.h>
+#include <strings.h>
+
+#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch))
+
+/* Two-Way algorithm.  */
+#define RETURN_TYPE char *
+#define AVAILABLE(h, h_l, j, n_l)                       \
+  (!memchr ((h) + (h_l), '\0', (j) + (n_l) - (h_l))     \
+   && ((h_l) = (j) + (n_l)))
+#define CANON_ELEMENT(c) TOLOWER (c)
+#define CMP_FUNC(p1, p2, l)                             \
+  strncasecmp ((const char *) (p1), (const char *) (p2), l)
+#include "str-two-way.h"
+
+/* Find the first occurrence of NEEDLE in HAYSTACK, using
+   case-insensitive comparison.  This function gives unspecified
+   results in multibyte locales.  */
+char *
+strcasestr (const char *haystack_start, const char *needle_start)
+{
+  const char *haystack = haystack_start;
+  const char *needle = needle_start;
+  size_t needle_len; /* Length of NEEDLE.  */
+  size_t haystack_len; /* Known minimum length of HAYSTACK.  */
+  bool ok = true; /* True if NEEDLE is prefix of HAYSTACK.  */
+
+  /* Determine length of NEEDLE, and in the process, make sure
+     HAYSTACK is at least as long (no point processing all of a long
+     NEEDLE if HAYSTACK is too short).  */
+  while (*haystack && *needle)
+    {
+      ok &= (TOLOWER ((unsigned char) *haystack)
+             == TOLOWER ((unsigned char) *needle));
+      haystack++;
+      needle++;
+    }
+  if (*needle)
+    return NULL;
+  if (ok)
+    return (char *) haystack_start;
+  needle_len = needle - needle_start;
+  haystack = haystack_start + 1;
+  haystack_len = needle_len - 1;
+
+  /* Perform the search.  Abstract memory is considered to be an array
+     of 'unsigned char' values, not an array of 'char' values.  See
+     ISO C 99 section 6.2.6.1.  */
+  if (needle_len < LONG_NEEDLE_THRESHOLD)
+    return two_way_short_needle ((const unsigned char *) haystack,
+                                 haystack_len,
+                                 (const unsigned char *) needle_start,
+                                 needle_len);
+  return two_way_long_needle ((const unsigned char *) haystack, haystack_len,
+                              (const unsigned char *) needle_start,
+                              needle_len);
+}
+
+#undef LONG_NEEDLE_THRESHOLD

gl/strings.in.h

@@ -0,0 +1,122 @@
+/* A substitute <strings.h>.
+
+   Copyright (C) 2007-2013 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, see <http://www.gnu.org/licenses/>.  */
+
+#ifndef _@GUARD_PREFIX@_STRINGS_H
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* Minix 3.1.8 has a bug: <sys/types.h> must be included before <strings.h>.
+   But avoid namespace pollution on glibc systems.  */
+#if defined __minix && !defined __GLIBC__
+# include <sys/types.h>
+#endif
+
+/* The include_next requires a split double-inclusion guard.  */
+#if @HAVE_STRINGS_H@
+# @INCLUDE_NEXT@ @NEXT_STRINGS_H@
+#endif
+
+#ifndef _@GUARD_PREFIX@_STRINGS_H
+#define _@GUARD_PREFIX@_STRINGS_H
+
+#if ! @HAVE_DECL_STRNCASECMP@
+/* Get size_t.  */
+# include <stddef.h>
+#endif
+
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here.  */
+
+/* The definition of _GL_ARG_NONNULL is copied here.  */
+
+/* The definition of _GL_WARN_ON_USE is copied here.  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+  /* Find the index of the least-significant set bit.  */
+#if @GNULIB_FFS@
+# if !@HAVE_FFS@
+_GL_FUNCDECL_SYS (ffs, int, (int i));
+# endif
+_GL_CXXALIAS_SYS (ffs, int, (int i));
+_GL_CXXALIASWARN (ffs);
+#elif defined GNULIB_POSIXCHECK
+# undef ffs
+# if HAVE_RAW_DECL_FFS
+_GL_WARN_ON_USE (ffs, "ffs is not portable - use the ffs module");
+# endif
+#endif
+
+/* Compare strings S1 and S2, ignoring case, returning less than, equal to or
+   greater than zero if S1 is lexicographically less than, equal to or greater
+   than S2.
+   Note: This function does not work in multibyte locales.  */
+#if ! @HAVE_STRCASECMP@
+extern int strcasecmp (char const *s1, char const *s2)
+     _GL_ARG_NONNULL ((1, 2));
+#endif
+#if defined GNULIB_POSIXCHECK
+/* strcasecmp() does not work with multibyte strings:
+   POSIX says that it operates on "strings", and "string" in POSIX is defined
+   as a sequence of bytes, not of characters.   */
+# undef strcasecmp
+# if HAVE_RAW_DECL_STRCASECMP
+_GL_WARN_ON_USE (strcasecmp, "strcasecmp cannot work correctly on character "
+                 "strings in multibyte locales - "
+                 "use mbscasecmp if you care about "
+                 "internationalization, or use c_strcasecmp , "
+                 "gnulib module c-strcase) if you want a locale "
+                 "independent function");
+# endif
+#endif
+
+/* Compare no more than N bytes of strings S1 and S2, ignoring case,
+   returning less than, equal to or greater than zero if S1 is
+   lexicographically less than, equal to or greater than S2.
+   Note: This function cannot work correctly in multibyte locales.  */
+#if ! @HAVE_DECL_STRNCASECMP@
+extern int strncasecmp (char const *s1, char const *s2, size_t n)
+     _GL_ARG_NONNULL ((1, 2));
+#endif
+#if defined GNULIB_POSIXCHECK
+/* strncasecmp() does not work with multibyte strings:
+   POSIX says that it operates on "strings", and "string" in POSIX is defined
+   as a sequence of bytes, not of characters.  */
+# undef strncasecmp
+# if HAVE_RAW_DECL_STRNCASECMP
+_GL_WARN_ON_USE (strncasecmp, "strncasecmp cannot work correctly on character "
+                 "strings in multibyte locales - "
+                 "use mbsncasecmp or mbspcasecmp if you care about "
+                 "internationalization, or use c_strncasecmp , "
+                 "gnulib module c-strcase) if you want a locale "
+                 "independent function");
+# endif
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _@GUARD_PREFIX@_STRING_H */
+#endif /* _@GUARD_PREFIX@_STRING_H */

gl/strncasecmp.c

@@ -0,0 +1,62 @@
+/* strncasecmp.c -- case insensitive string comparator
+   Copyright (C) 1998-1999, 2005-2007, 2009-2013 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, see <http://www.gnu.org/licenses/>.  */
+
+#include <config.h>
+
+/* Specification.  */
+#include <string.h>
+
+#include <ctype.h>
+#include <limits.h>
+
+#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch))
+
+/* Compare no more than N bytes of strings S1 and S2, ignoring case,
+   returning less than, equal to or greater than zero if S1 is
+   lexicographically less than, equal to or greater than S2.
+   Note: This function cannot work correctly in multibyte locales.  */
+
+int
+strncasecmp (const char *s1, const char *s2, size_t n)
+{
+  register const unsigned char *p1 = (const unsigned char *) s1;
+  register const unsigned char *p2 = (const unsigned char *) s2;
+  unsigned char c1, c2;
+
+  if (p1 == p2 || n == 0)
+    return 0;
+
+  do
+    {
+      c1 = TOLOWER (*p1);
+      c2 = TOLOWER (*p2);
+
+      if (--n == 0 || c1 == '\0')
+        break;
+
+      ++p1;
+      ++p2;
+    }
+  while (c1 == c2);
+
+  if (UCHAR_MAX <= INT_MAX)
+    return c1 - c2;
+  else
+    /* On machines where 'char' and 'int' are types of the same size, the
+       difference of two 'unsigned char' values - including the sign bit -
+       doesn't fit in an 'int'.  */
+    return (c1 > c2 ? 1 : c1 < c2 ? -1 : 0);
+}

plugins-root/check_dhcp.c

@@ -326,7 +326,8 @@ int get_hardware_address(int sock,char *interface_name){
 #elif defined(__bsd__)
 						/* King 2004	see ACKNOWLEDGEMENTS */
 
-        int                     mib[6], len;
+        int                     mib[6];
+        size_t                  len;
         char                    *buf;
         unsigned char           *ptr;
         struct if_msghdr        *ifm;
@@ -1194,7 +1195,7 @@ int call_getopt(int argc, char **argv){
 		        }
 	        }
 
-	return i;
+	return i+1;
         }
 
 

plugins-root/check_icmp.c

@@ -42,6 +42,10 @@ char *progname;
 const char *copyright = "2005-2008";
 const char *email = "devel@nagios-plugins.org";
 
+#ifdef __sun
+#define _XPG4_2
+#endif
+
 /** nagios plugins basic includes */
 #include "common.h"
 #include "netutils.h"
@@ -184,7 +188,7 @@ static u_int get_timevar(const char *);
 static u_int get_timevaldiff(struct timeval *, struct timeval *);
 static in_addr_t get_ip_address(const char *);
 static int wait_for_reply(int, u_int);
-static int recvfrom_wto(int, void *, unsigned int, struct sockaddr *, u_int *);
+static int recvfrom_wto(int, void *, unsigned int, struct sockaddr *, u_int *, struct timeval*);
 static int send_icmp_ping(int, struct rta_host *);
 static int get_threshold(char *str, threshold *th);
 static void run_checks(void);
@@ -381,6 +385,9 @@ main(int argc, char **argv)
 #ifdef HAVE_SIGACTION
 	struct sigaction sig_action;
 #endif
+#ifdef SO_TIMESTAMP
+	int on = 1;
+#endif
 
 	setlocale (LC_ALL, "");
 	bindtextdomain (PACKAGE, LOCALEDIR);
@@ -408,6 +415,11 @@ main(int argc, char **argv)
 	/* now drop privileges (no effect if not setsuid or geteuid() == 0) */
 	setuid(getuid());
 
+#ifdef SO_TIMESTAMP
+	if(setsockopt(icmp_sock, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)))
+	  if(debug) printf("Warning: no SO_TIMESTAMP support\n");
+#endif // SO_TIMESTAMP
+
 	/* POSIXLY_CORRECT might break things, so unset it (the portable way) */
 	environ = NULL;
 
@@ -468,13 +480,13 @@ main(int argc, char **argv)
 	/* parse the arguments */
 	for(i = 1; i < argc; i++) {
 		while((arg = getopt(argc, argv, "vhVw:c:n:p:t:H:s:i:b:I:l:m:")) != EOF) {
-			long size;
+			unsigned short size;
 			switch(arg) {
 			case 'v':
 				debug++;
 				break;
 			case 'b':
-				size = strtol(optarg,NULL,0);
+				size = (unsigned short)strtol(optarg,NULL,0);
 				if (size >= (sizeof(struct icmp) + sizeof(struct icmp_ping_data)) &&
 				    size < MAX_PING_DATA) {
 					icmp_data_size = size;
@@ -744,7 +756,7 @@ wait_for_reply(int sock, u_int t)
 
 		/* reap responses until we hit a timeout */
 		n = recvfrom_wto(sock, buf, sizeof(buf),
-						 (struct sockaddr *)&resp_addr, &t);
+						 (struct sockaddr *)&resp_addr, &t, &now);
 		if(!n) {
 			if(debug > 1) {
 				printf("recvfrom_wto() timed out during a %u usecs wait\n",
@@ -794,11 +806,11 @@ wait_for_reply(int sock, u_int t)
 		/* this is indeed a valid response */
 		memcpy(&data, icp.icmp_data, sizeof(data));
 		if (debug > 2)
-			printf("ICMP echo-reply of len %u, id %u, seq %u, cksum 0x%X\n",
-			       sizeof(data), ntohs(icp.icmp_id), ntohs(icp.icmp_seq), icp.icmp_cksum);
+			printf("ICMP echo-reply of len %lu, id %u, seq %u, cksum 0x%X\n",
+			       (unsigned long)sizeof(data), ntohs(icp.icmp_id),
+			       ntohs(icp.icmp_seq), icp.icmp_cksum);
 
 		host = table[ntohs(icp.icmp_seq)/packets];
-		gettimeofday(&now, &tz);
 		tdiff = get_timevaldiff(&data.stime, &now);
 
 		host->time_waited += tdiff;
@@ -840,6 +852,8 @@ send_icmp_ping(int sock, struct rta_host *host)
 	} packet = { NULL };
 	long int len;
 	struct icmp_ping_data data;
+	struct msghdr hdr;
+	struct iovec iov;
 	struct timeval tv;
 	struct sockaddr *addr;
 
@@ -872,11 +886,27 @@ send_icmp_ping(int sock, struct rta_host *host)
 	packet.icp->icmp_cksum = icmp_checksum(packet.cksum_in, icmp_pkt_size);
 
 	if (debug > 2)
-		printf("Sending ICMP echo-request of len %u, id %u, seq %u, cksum 0x%X to host %s\n",
-		       sizeof(data), ntohs(packet.icp->icmp_id), ntohs(packet.icp->icmp_seq), packet.icp->icmp_cksum, host->name);
-
-	len = sendto(sock, packet.buf, icmp_pkt_size, 0, (struct sockaddr *)addr,
-				 sizeof(struct sockaddr));
+		printf("Sending ICMP echo-request of len %lu, id %u, seq %u, cksum 0x%X to host %s\n",
+		       (unsigned long)sizeof(data), ntohs(packet.icp->icmp_id),
+		       ntohs(packet.icp->icmp_seq), packet.icp->icmp_cksum,
+		       host->name);
+
+	memset(&iov, 0, sizeof(iov));
+	iov.iov_base = packet.buf;
+	iov.iov_len = icmp_pkt_size;
+
+	memset(&hdr, 0, sizeof(hdr));
+	hdr.msg_name = addr;
+	hdr.msg_namelen = sizeof(struct sockaddr);
+	hdr.msg_iov = &iov;
+	hdr.msg_iovlen = 1;
+
+/* MSG_CONFIRM is a linux thing and only available on linux kernels >= 2.3.15, see send(2) */
+#ifdef MSG_CONFIRM
+	len = sendmsg(sock, &hdr, MSG_CONFIRM);
+#else
+	len = sendmsg(sock, &hdr, 0);
+#endif
 
 	if(len < 0 || (unsigned int)len != icmp_pkt_size) {
 		if(debug) printf("Failed to send ping to %s\n",
@@ -892,12 +922,18 @@ send_icmp_ping(int sock, struct rta_host *host)
 
 static int
 recvfrom_wto(int sock, void *buf, unsigned int len, struct sockaddr *saddr,
-			 u_int *timo)
+			 u_int *timo, struct timeval* tv)
 {
 	u_int slen;
-	int n;
+	int n, ret;
 	struct timeval to, then, now;
 	fd_set rd, wr;
+	char ans_data[4096];
+	struct msghdr hdr;
+	struct iovec iov;
+#ifdef SO_TIMESTAMP
+	struct cmsghdr* chdr;
+#endif
 
 	if(!*timo) {
 		if(debug) printf("*timo is not\n");
@@ -921,7 +957,34 @@ recvfrom_wto(int sock, void *buf, unsigned int len, struct sockaddr *saddr,
 
 	slen = sizeof(struct sockaddr);
 
-	return recvfrom(sock, buf, len, 0, saddr, &slen);
+	memset(&iov, 0, sizeof(iov));
+	iov.iov_base = buf;
+	iov.iov_len = len;
+
+	memset(&hdr, 0, sizeof(hdr));
+	hdr.msg_name = saddr;
+	hdr.msg_namelen = slen;
+	hdr.msg_iov = &iov;
+	hdr.msg_iovlen = 1;
+#ifdef HAVE_MSGHDR_MSG_CONTROL
+	hdr.msg_control = ans_data;
+	hdr.msg_controllen = sizeof(ans_data);
+#endif
+
+	ret = recvmsg(sock, &hdr, 0);
+#ifdef SO_TIMESTAMP
+	for(chdr = CMSG_FIRSTHDR(&hdr); chdr; chdr = CMSG_NXTHDR(&hdr, chdr)) {
+		if(chdr->cmsg_level == SOL_SOCKET
+		   && chdr->cmsg_type == SO_TIMESTAMP
+		   && chdr->cmsg_len >= CMSG_LEN(sizeof(struct timeval))) {
+			memcpy(tv, CMSG_DATA(chdr), sizeof(*tv));
+			break ;
+		}
+	}
+	if (!chdr)
+#endif // SO_TIMESTAMP
+		gettimeofday(tv, &tz);
+	return (ret);
 }
 
 static void
@@ -1200,7 +1263,7 @@ static u_int
 get_timevar(const char *str)
 {
 	char p, u, *ptr;
-	unsigned int len;
+	size_t len;
 	u_int i, d;	            /* integer and decimal, respectively */
 	u_int factor = 1000;    /* default to milliseconds */
 

plugins-scripts/Makefile.am

@@ -26,7 +26,8 @@ EXTRA_DIST=check_breeze.pl check_disk_smb.pl check_flexlm.pl check_ircd.pl \
 EDIT = sed \
   -e 's|[@]NP_VERSION[@]|$(NP_VERSION)|g' \
   -e 's|[@]TRUSTED_PATH[@]|$(with_trusted_path)|g' \
-  -e 's|[@]PERL[@]|$(PERL)|g'
+  -e 's|[@]PERL[@]|$(PERL)|g' \
+  -e 's|[@]libexecdir[@]|$(libexecdir)|g'
 
 TESTS_ENVIRONMENT=perl -I $(top_builddir) -I $(top_srcdir)
 

plugins-scripts/check_breeze.pl

@@ -6,6 +6,7 @@ use Getopt::Long;
 use vars qw($opt_V $opt_h $opt_w $opt_c $opt_H $opt_C $PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw(%ERRORS &print_revision &support &usage);
 
 $PROGNAME = "check_breeze";

plugins-scripts/check_disk_smb.pl

@@ -26,6 +26,7 @@ use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_
 use vars qw($PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
 
 sub print_help ();

plugins-scripts/check_file_age.pl

@@ -26,7 +26,9 @@ use English;
 use Getopt::Long;
 use File::stat;
 use vars qw($PROGNAME);
-use lib ".";
+use FindBin;
+use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw (%ERRORS &print_revision &support);
 
 sub print_help ();

plugins-scripts/check_flexlm.pl

@@ -37,6 +37,7 @@ use Getopt::Long;
 use vars qw($opt_V $opt_h $opt_F $opt_t $verbose $PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw(%ERRORS &print_revision &support &usage);
 
 $PROGNAME="check_flexlm";

plugins-scripts/check_ifoperstatus.pl

@@ -36,6 +36,7 @@ use POSIX;
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 
 use Net::SNMP;

plugins-scripts/check_ifstatus.pl

@@ -35,6 +35,7 @@ use POSIX;
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 
 use Net::SNMP;

plugins-scripts/check_ircd.pl

@@ -53,6 +53,7 @@ use vars qw($opt_V $opt_h $opt_t $opt_p $opt_H $opt_w $opt_c $verbose);
 use vars qw($PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
 
 # ----------------------------------------------------[ Function Prototypes ]--

plugins-scripts/check_mailq.pl

@@ -33,6 +33,7 @@ use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c $opt_t $opt_s
 					%srcdomains %dstdomains);
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw(%ERRORS &print_revision &support &usage );
 
 my ($sudo);
@@ -343,7 +344,7 @@ elsif ( $mailq eq "postfix" ) {
 	}elsif ($lines[0]=~/Mail queue is empty/) {
 		$msg_q = 0;
         }else{
-                print "Couldn't match $utils::PATH_TO_QMAIL_QSTAT output\n";
+                print "Couldn't match $utils::PATH_TO_MAILQ output\n";
                 exit   $ERRORS{'UNKNOWN'};
         }
 
@@ -351,7 +352,7 @@ elsif ( $mailq eq "postfix" ) {
         #if ($lines[1]=~/^messages in queue but not yet preprocessed: (\d+)/) {
         #        my $msg_p = $1;
         #}else{
-        #        print "Couldn't match $utils::PATH_TO_QMAIL_QSTAT output\n";
+        #        print "Couldn't match $utils::PATH_TO_MAILQ output\n";
         #        exit  $ERRORS{'UNKNOWN'};
         #}
 

plugins-scripts/check_mssql.pl

@@ -30,7 +30,9 @@
 use DBI;
 use DBD::Sybase;
 use Getopt::Long;
-use lib ".";
+use FindBin;
+use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 use strict;
 

plugins-scripts/check_netdns.pl

@@ -29,6 +29,7 @@ use Getopt::Long;
 use Net::DNS;
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils ;
 
 my $PROGNAME = "check_netdns";

plugins-scripts/check_ntp.pl

@@ -61,7 +61,8 @@ use POSIX;
 use strict;
 use Getopt::Long;
 use vars qw($opt_V $opt_h $opt_H $opt_t $opt_w $opt_c $opt_O $opt_j $opt_k $verbose $PROGNAME $def_jitter $ipv4 $ipv6);
-use lib utils.pm;
+use FindBin;
+use lib "$FindBin::Bin";
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 
 $PROGNAME="check_ntp";

plugins-scripts/check_rpc.pl

@@ -22,6 +22,7 @@
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 use vars qw($PROGNAME);
 my ($verbose,@proto,%prognum,$host,$response,$prognum,$port,$cmd,$progver,$state);

plugins-scripts/check_wave.pl

@@ -5,6 +5,7 @@
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
+use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 use vars qw($PROGNAME);
 use Getopt::Long;

plugins/Makefile.am

@@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS)
 check_cluster_LDADD = $(BASEOBJS)
 check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
 check_dig_LDADD = $(NETLIBS) $(MATHLIBS)
-check_disk_LDADD = $(BASEOBJS) $(THREADLIBS)
+check_disk_LDADD = $(BASEOBJS)
 check_dns_LDADD = $(NETLIBS)
 check_dummy_LDADD = $(BASEOBJS)
 check_fping_LDADD = $(NETLIBS)

plugins/check_dig.c

@@ -125,7 +125,7 @@ main (int argc, char **argv)
         if (verbose)
           printf ("%s\n", chld_out.line[i]);
 
-        if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
+        if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
           msg = chld_out.line[i];
           result = STATE_OK;
 

plugins/check_disk.c

@@ -51,9 +51,6 @@ const char *email = "devel@nagios-plugins.org";
 # include <limits.h>
 #endif
 #include "regex.h"
-#if HAVE_PTHREAD_H
-# include <pthread.h>
-#endif
 
 #ifdef __CYGWIN__
 # include <windows.h>
@@ -133,7 +130,6 @@ void print_help (void);
 void print_usage (void);
 double calculate_percent(uintmax_t, uintmax_t);
 void stat_path (struct parameter_list *p);
-void *do_stat_path (void *p);
 void get_stats (struct parameter_list *p, struct fs_usage *fsp);
 void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
 
@@ -988,44 +984,6 @@ print_usage (void)
 void
 stat_path (struct parameter_list *p)
 {
-#ifdef HAVE_PTHREAD_H
-  pthread_t stat_thread;
-  int statdone = 0;
-  int timer = timeout_interval;
-  struct timespec req, rem;
-
-  req.tv_sec = 0;
-  pthread_create(&stat_thread, NULL, do_stat_path, p);
-  while (timer-- > 0) {
-    req.tv_nsec = 10000000;
-    nanosleep(&req, &rem);
-    if (pthread_kill(stat_thread, 0)) {
-      statdone = 1;
-      break;
-    } else {
-      req.tv_nsec = 990000000;
-      nanosleep(&req, &rem);
-    }
-  }
-  if (statdone == 1) {
-    pthread_join(stat_thread, NULL);
-  } else {
-    pthread_detach(stat_thread);
-    if (verbose >= 3)
-      printf("stat did not return within %ds on %s\n", timeout_interval, p->name);
-    printf("DISK %s - ", _("CRITICAL"));
-    die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout"));
-  }
-#else
-  do_stat_path(p);
-#endif
-}
-
-void *
-do_stat_path (void *in)
-{
-  struct parameter_list *p = in;
-
   /* Stat entry to check that dir exists and is accessible */
   if (verbose >= 3)
     printf("calling stat on %s\n", p->name);
@@ -1035,7 +993,6 @@ do_stat_path (void *in)
     printf("DISK %s - ", _("CRITICAL"));
     die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
   }
-  return NULL;
 }
 
 

plugins/check_fping.c

@@ -105,7 +105,7 @@ main (int argc, char **argv)
     xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
 
 #ifdef PATH_TO_FPING6
-  if (address_family == AF_INET6)
+  if (address_family != AF_INET && is_inet6_addr(server))
     fping_prog = strdup(PATH_TO_FPING6);
   else
     fping_prog = strdup(PATH_TO_FPING);

plugins/check_hpjd.c

@@ -66,7 +66,7 @@ void print_usage (void);
 
 char *community = NULL;
 char *address = NULL;
-char *port = NULL;
+int port = 0;
 
 int
 main (int argc, char **argv)
@@ -371,14 +371,14 @@ process_arguments (int argc, char **argv)
 
 	if (community == NULL) {
 		if (argv[c] != NULL )
-			community = argv[c];
+			community = argv[c++];
 		else
 			community = strdup (DEFAULT_COMMUNITY);
 	}
 
-	if (port == NULL) {
+	if (port == 0) {
 		if (argv[c] != NULL )
-			port = argv[c];
+			port = atoi (argv[c++]);
 		else
 			port = atoi (DEFAULT_PORT);
 	}

plugins/check_http.c

@@ -72,7 +72,7 @@ int maximum_age = -1;
 
 enum {
   REGS = 2,
-  MAX_RE_SIZE = 256
+  MAX_RE_SIZE = 2048
 };
 #include "regex.h"
 regex_t preg;
@@ -340,9 +340,20 @@ process_arguments (int argc, char **argv)
          parameters, like -S and -C combinations */
       use_ssl = TRUE;
       if (c=='S' && optarg != NULL) {
-        ssl_version = atoi(optarg);
-        if (ssl_version < 1 || ssl_version > 3)
-            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
+        int got_plus = strchr(optarg, '+') != NULL;
+
+        if (!strncmp (optarg, "1.2", 3))
+          ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
+        else if (!strncmp (optarg, "1.1", 3))
+          ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
+        else if (optarg[0] == '1')
+          ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
+        else if (optarg[0] == '3')
+          ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
+        else if (optarg[0] == '2')
+          ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
+        else
+          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
       }
       if (specify_port == FALSE)
         server_port = HTTPS_PORT;
@@ -982,11 +993,35 @@ check_http (void)
   if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
   microsec_connect = deltime (tv_temp);
+
+    /* if we are called with the -I option, the -j method is CONNECT and */
+    /* we received -S for SSL, then we tunnel the request through a proxy*/
+    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
+
+    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+      && host_name != NULL && use_ssl == TRUE) {
+
+    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
+    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+    /* we finished our request, send empty line with CRLF */
+    asprintf (&buf, "%s%s", buf, CRLF);
+    if (verbose) printf ("%s\n", buf);
+    send(sd, buf, strlen (buf), 0);
+    buf[0]='\0';
+
+    if (verbose) printf ("Receive response from proxy\n");
+    read (sd, buffer, MAX_INPUT_BUFFER-1);
+    if (verbose) printf ("%s", buffer);
+    /* Here we should check if we got HTTP/1.1 200 Connection established */
+  }
 #ifdef HAVE_SSL
   elapsed_time_connect = (double)microsec_connect / 1.0e6;
   if (use_ssl == TRUE) {
     gettimeofday (&tv_temp, NULL);
     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+    if (verbose) printf ("SSL initialized\n");
     if (result != STATE_OK)
       die (STATE_CRITICAL, NULL);
     microsec_ssl = deltime (tv_temp);
@@ -1000,7 +1035,11 @@ check_http (void)
   }
 #endif /* HAVE_SSL */
 
-  xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+       && host_name != NULL && use_ssl == TRUE)
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  else
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
 
   /* tell HTTP/1.1 servers not to keep the connection alive */
   xasprintf (&buf, "%sConnection: close\r\n", buf);
@@ -1153,9 +1192,12 @@ check_http (void)
 
   /* find status line and null-terminate it */
   status_line = page;
-  page += (size_t) strcspn (page, "\r\n");
+  page = strstr(page, "\r\n");
+  page += 2;
+/*  page += (size_t) strcspn (page, "\r\n"); */
+/*  page += (size_t) strspn (page, "\r\n"); */
   pos = page;
-  page += (size_t) strspn (page, "\r\n");
+
   status_line[strcspn(status_line, "\r\n")] = 0;
   strip (status_line);
   if (verbose)
@@ -1163,7 +1205,8 @@ check_http (void)
 
   /* find header info and null-terminate it */
   header = page;
-  while (strcspn (page, "\r\n") > 0) {
+/*  while (strcspn (page, "\r\n") > 0) { */
+  while (page[0] != '\r' || page[1] != '\n') {
     page += (size_t) strcspn (page, "\r\n");
     pos = page;
     if ((strspn (page, "\r") == 1 && strspn (page, "\r\n") >= 2) ||
@@ -1604,9 +1647,10 @@ print_help (void)
   printf (UT_IPv46);
 
 #ifdef HAVE_SSL
-  printf (" %s\n", "-S, --ssl=VERSION");
+  printf (" %s\n", "-S, --ssl=VERSION[+]");
   printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
-  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
+  printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+  printf ("    %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
   printf (" %s\n", "--sni");
   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
   printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
@@ -1633,7 +1677,7 @@ print_help (void)
   printf ("    %s\n", _("URL to GET or POST (default: /)"));
   printf (" %s\n", "-P, --post=STRING");
   printf ("    %s\n", _("URL encoded http POST data"));
-  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
   printf ("    %s\n", _("Set HTTP method."));
   printf (" %s\n", "-N, --no-body");
   printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
@@ -1707,7 +1751,7 @@ print_help (void)
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
   printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
-  printf (" %s\n", _("the certificate is expired."));
+  printf (" %s\n\n", _("the certificate is expired."));
   printf ("\n");
   printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
@@ -1715,6 +1759,13 @@ print_help (void)
   printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
   printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
 
+  printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+  printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+  printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+
 #endif
 
   printf (UT_SUPPORT);

plugins/check_ldap.c

@@ -6,24 +6,24 @@
 * Copyright (c) 2000-2014 Nagios Plugins Development Team
 * 
 * Description:
-* 
+*
 * This file contains the check_ldap plugin
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 /* progname may be check_ldaps */
@@ -68,7 +68,10 @@ int ld_protocol = DEFAULT_PROTOCOL;
 #endif
 double warn_time = UNDEFINED;
 double crit_time = UNDEFINED;
+thresholds *entries_thresholds = NULL;
 struct timeval tv;
+char* warn_entries = NULL;
+char* crit_entries = NULL;
 int starttls = FALSE;
 int ssl_on_connect = FALSE;
 int verbose = 0;
@@ -95,6 +98,12 @@ main (int argc, char *argv[])
 	int tls;
 	int version=3;
 
+	/* for entry counting */
+
+	LDAPMessage *next_entry;
+	int status_entries = STATE_OK;
+	int num_entries = 0;
+
 	setlocale (LC_ALL, "");
 	bindtextdomain (PACKAGE, LOCALEDIR);
 	textdomain (PACKAGE);
@@ -214,12 +223,14 @@ main (int argc, char *argv[])
 	}
 
 	/* do a search of all objectclasses in the base dn */
-	if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
+	if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
 			!= LDAP_SUCCESS) {
 		if (verbose)
 			ldap_perror(ld, "ldap_search");
 		printf (_("Could not search/find objectclasses in %s\n"), ld_base);
 		return STATE_CRITICAL;
+	} else if (crit_entries!=NULL || warn_entries!=NULL) {
+		num_entries = ldap_count_entries(ld, result);
 	}
 
 	/* unbind from the ldap server */
@@ -240,14 +251,42 @@ main (int argc, char *argv[])
 	else
 		status = STATE_OK;
 
+	if(entries_thresholds != NULL) {
+		if (verbose) {
+			printf ("entries found: %d\n", num_entries);
+			print_thresholds("entry threasholds", entries_thresholds);
+		}
+		status_entries = get_status(num_entries, entries_thresholds);
+		if (status_entries == STATE_CRITICAL) {
+			status = STATE_CRITICAL;
+		} else if (status != STATE_CRITICAL) {
+			status = status_entries;
+		}
+	}
+
 	/* print out the result */
-	printf (_("LDAP %s - %.3f seconds response time|%s\n"),
-	        state_text (status),
-	        elapsed_time,
-	        fperfdata ("time", elapsed_time, "s",
-	                  (int)warn_time, warn_time,
-	                  (int)crit_time, crit_time,
-	                  TRUE, 0, FALSE, 0));
+	if (crit_entries!=NULL || warn_entries!=NULL) {
+		printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
+			state_text (status),
+			num_entries,
+			elapsed_time,
+			fperfdata ("time", elapsed_time, "s",
+				(int)warn_time, warn_time,
+				(int)crit_time, crit_time,
+				TRUE, 0, FALSE, 0),
+			sperfdata ("entries", (double)num_entries, "",
+				warn_entries,
+				crit_entries,
+				TRUE, 0.0, FALSE, 0.0));
+	} else {
+		printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+			state_text (status),
+			elapsed_time,
+			fperfdata ("time", elapsed_time, "s",
+				(int)warn_time, warn_time,
+				(int)crit_time, crit_time,
+				TRUE, 0, FALSE, 0));
+	}
 
 	return status;
 }
@@ -281,6 +320,8 @@ process_arguments (int argc, char **argv)
 		{"port", required_argument, 0, 'p'},
 		{"warn", required_argument, 0, 'w'},
 		{"crit", required_argument, 0, 'c'},
+		{"warn-entries", required_argument, 0, 'W'},
+		{"crit-entries", required_argument, 0, 'C'},
 		{"verbose", no_argument, 0, 'v'},
 		{0, 0, 0, 0}
 	};
@@ -294,7 +335,7 @@ process_arguments (int argc, char **argv)
 	}
 
 	while (1) {
-		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:U:", longopts, &option);
+		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:U:C:W:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -336,6 +377,12 @@ process_arguments (int argc, char **argv)
 		case 'c':
 			crit_time = strtod (optarg, NULL);
 			break;
+		case 'W':
+			warn_entries = optarg;
+			break;
+		case 'C':
+			crit_entries = optarg;
+			break;
 #ifdef HAVE_LDAP_SET_OPTION
 		case '2':
 			ld_protocol = 2;
@@ -400,6 +447,10 @@ validate_arguments ()
 	if (ld_base==NULL)
 		usage4 (_("Please specify the LDAP base DN\n"));
 
+	if (crit_entries!=NULL || warn_entries!=NULL) {
+		set_thresholds(&entries_thresholds,
+			warn_entries, crit_entries);
+	}
 	return OK;
 }
 
@@ -449,6 +500,11 @@ print_help (void)
 
 	printf (UT_WARN_CRIT);
 
+  printf (" %s\n", "-W [--warn-entries]");
+  printf ("    %s\n", _("Number of found entries to result in warning status"));
+  printf (" %s\n", "-C [--crit-entries]");
+  printf ("    %s\n", _("Number of found entries to result in critical status"));
+
 	printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
 	printf (UT_VERBOSE);
@@ -460,6 +516,7 @@ print_help (void)
 	printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
 	printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
 	printf (" %s\n", _("to define the behaviour explicitly instead."));
+	printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
 
 	printf (UT_SUPPORT);
 }

plugins/check_mysql.c

@@ -491,12 +491,6 @@ validate_arguments (void)
 	if (db_user == NULL)
 		db_user = strdup("");
 
-	if (opt_file == NULL)
-		opt_file = strdup("");
-
-	if (opt_group == NULL)
-		opt_group = strdup("");
-
 	if (db_host == NULL)
 		db_host = strdup("");
 

plugins/check_nt.c

@@ -341,7 +341,7 @@ int main(int argc, char **argv){
 
 		2) If the counter you're going to measure is percent-based, the code will detect
 		 the percent sign in its name and will attribute minimum (0%) and maximum (100%)
-		 values automagically, as well the ¨%" sign to graph units.
+		 values automagically, as well the �%" sign to graph units.
 
 		3) OTOH, if the counter is "absolute", you'll have to provide the following
 		 the counter unit - that is, the dimensions of the counter you're getting. Examples:

plugins/check_ntp.c

@@ -517,14 +517,13 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 double jitter_request(const char *host, int *status){
 	int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
 	int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
-	int peers_size=0, peer_offset=0, bytes_read=0;
+	int peers_size=0, peer_offset=0;
 	ntp_assoc_status_pair *peers=NULL;
 	ntp_control_message req;
 	const char *getvar = "jitter";
 	double rval = 0.0, jitter = -1.0;
 	char *startofvalue=NULL, *nptr=NULL;
 	void *tmp;
-	int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2;
 
 	/* Long-winded explanation:
 	 * Getting the jitter requires a number of steps:
@@ -591,6 +590,9 @@ double jitter_request(const char *host, int *status){
 		for (i = 0; i < npeers; i++){
 			/* Only query this server if it is the current sync source */
 			if (PEER_SEL(peers[i].status) >= min_peer_sel){
+				char jitter_data[MAX_CM_SIZE+1];
+				size_t jitter_data_count;
+
 				num_selected++;
 				setup_control_request(&req, OP_READVAR, 2);
 				req.assoc = peers[i].assoc;
@@ -609,15 +611,7 @@ double jitter_request(const char *host, int *status){
 
 				req.count = htons(MAX_CM_SIZE);
 				DBG(printf("recieving READVAR response...\n"));
-
-				/* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/
-				if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1)
-					die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno));
-				if (bytes_read != ntp_cm_ints + req.count)
-					die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); 
-				/* else null terminate */
-				req.data[req.count] = '\0';
-
+				read(conn, &req, SIZEOF_NTPCM(req));
 				DBG(print_ntp_control_message(&req));
 
 				if(req.op&REM_ERROR && strstr(getvar, "jitter")) {
@@ -632,7 +626,14 @@ double jitter_request(const char *host, int *status){
 				if(verbose) {
 					printf("parsing jitter from peer %.2x: ", ntohs(peers[i].assoc));
 				}
-				startofvalue = strchr(req.data, '=');
+				if((jitter_data_count = ntohs(req.count)) >= sizeof(jitter_data)){
+					die(STATE_UNKNOWN,
+					    _("jitter response too large (%lu bytes)\n"),
+					    (unsigned long)jitter_data_count);
+				}
+				memcpy(jitter_data, req.data, jitter_data_count);
+				jitter_data[jitter_data_count] = '\0';
+				startofvalue = strchr(jitter_data, '=');
 				if(startofvalue != NULL) {
 					startofvalue++;
 					jitter = strtod(startofvalue, &nptr);

plugins/check_smtp.c

@@ -241,7 +241,7 @@ main (int argc, char **argv)
 		  send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
 
 		  recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
-		  if (!strstr (buffer, server_expect)) {
+		  if (!strstr (buffer, SMTP_EXPECT)) {
 		    printf (_("Server does not support STARTTLS\n"));
 		    smtp_quit();
 		    return STATE_UNKNOWN;
@@ -286,6 +286,7 @@ main (int argc, char **argv)
 #  ifdef USE_OPENSSL
 		  if ( check_cert ) {
                     result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+		    smtp_quit();
 		    my_close();
 		    return result;
 		  }
@@ -586,11 +587,6 @@ process_arguments (int argc, char **argv)
 		case 't':									/* timeout */
 			timeout_interval = parse_timeout_string (optarg);
 			break;
-		case 'S':
-		/* starttls */
-			use_ssl = TRUE;
-			use_ehlo = TRUE;
-			break;
 		case 'D':
 		/* Check SSL cert validity */
 #ifdef USE_OPENSSL
@@ -612,9 +608,14 @@ process_arguments (int argc, char **argv)
                             days_till_exp_warn = atoi (optarg);
                         }
 			check_cert = TRUE;
+			ignore_send_quit_failure = TRUE;
 #else
 			usage (_("SSL support not available - install OpenSSL and recompile"));
 #endif
+		case 'S':
+		/* starttls */
+			use_ssl = TRUE;
+			use_ehlo = TRUE;
 			break;
 		case '4':
 			address_family = AF_INET;

plugins/check_snmp.c

@@ -323,7 +323,7 @@ main (int argc, char **argv)
 	for (i = 0; i < numcontext; i++) {
 		command_line[10 + i] = contextargs[i];
 	}
-
+	
 	for (i = 0; i < numauthpriv; i++) {
 		command_line[10 + numcontext + i] = authpriv[i];
 	}
@@ -331,14 +331,13 @@ main (int argc, char **argv)
 	xasprintf (&command_line[10 + numcontext + numauthpriv], "%s:%s", server_address, port);
 
 	/* This is just for display purposes, so it can remain a string */
-	xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s%s:%s",
-		snmpcmd, command_interval, retries,
-		strlen(miblist) ? miblist : "''",
-		proto, "[authpriv]", ip_version, server_address, port);
+	xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s",
+		snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]",
+		server_address, port);
 
 	for (i = 0; i < numoids; i++) {
 		command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i];
-		xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);
+		xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);	
 	}
 
 	command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL;
@@ -736,7 +735,7 @@ process_arguments (int argc, char **argv)
 	}
 
 	while (1) {
-		c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
+		c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
 									 longopts, &option);
 
 		if (c == -1 || c == EOF)
@@ -1033,7 +1032,7 @@ validate_arguments ()
 			contextargs[0] = strdup ("-n");
 			contextargs[1] = strdup (context);
 		}
-
+		
 		if (seclevel == NULL)
 			xasprintf(&seclevel, "noAuthNoPriv");
 
@@ -1288,5 +1287,5 @@ print_usage (void)
 	printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n");
 	printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
 	printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
-	printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
+	printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n");
 }

plugins/check_swap.c

@@ -353,7 +353,8 @@ main (int argc, char **argv)
 	} else if(total_swap_mb > 0) {
 		percent_used = 100 * ((double) used_swap_mb) / ((double) total_swap_mb);
 	} else {
-		percent_used = 0;
+		percent_used = 100;
+		status = "- Swap is either disabled, not present, or of zero size. ";
 	}
 
 	result = max_state (result, check_swap (percent_used, free_swap_mb));

plugins/netutils.c

@@ -209,7 +209,10 @@ np_net_connect (const char *host_name, int port, int *sd, int proto)
 		result = getaddrinfo (host, port_str, &hints, &res);
 
 		if (result != 0) {
-			printf ("%s\n", gai_strerror (result));
+			if (result == EAI_NONAME)
+				usage_va(_("Invalid hostname/address - %s"), host);
+			else
+				printf ("%s\n", gai_strerror (result));
 			return STATE_UNKNOWN;
 		}
 

plugins/netutils.h

@@ -89,6 +89,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
 
 /* SSL-Related functionality */
 #ifdef HAVE_SSL
+#  define MP_SSLv2 1
+#  define MP_SSLv3 2
+#  define MP_TLSv1 3
+#  define MP_TLSv1_1 4
+#  define MP_TLSv1_2 5
+#  define MP_SSLv2_OR_NEWER 6
+#  define MP_SSLv3_OR_NEWER 7
+#  define MP_TLSv1_OR_NEWER 8
+#  define MP_TLSv1_1_OR_NEWER 9
+#  define MP_TLSv1_2_OR_NEWER 10
 /* maybe this could be merged with the above np_net_connect, via some flags */
 int np_net_ssl_init(int sd);
 int np_net_ssl_init_with_hostname(int sd, char *host_name);

plugins/sslutils.c

@@ -49,33 +49,80 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
 
 int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
 	const SSL_METHOD *method = NULL;
-	long ssl_options = NULL;
+	long options = 0;	/*SSL_OP_ALL | SSL_OP_SINGLE_DH_USE;*/
 
 	switch (version) {
-	case 0: /* Deafult to auto negotiation */
-		method = SSLv23_client_method();
-		ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-		break;
-	case 1: /* TLSv1 protocol */
-		method = TLSv1_client_method();
-		ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-		break;
-	case 2: /* SSLv2 protocol */
+	case MP_SSLv2: /* SSLv2 protocol */
 #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
-		printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
-		return STATE_CRITICAL;
+		printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
 #else
 		method = SSLv2_client_method();
-		ssl_options = SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
-#endif
 		break;
-	case 3: /* SSLv3 protocol */
+#endif
+	case MP_SSLv3: /* SSLv3 protocol */
+#if defined(OPENSSL_NO_SSL3)
+		printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
+#else
 		method = SSLv3_client_method();
-		ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1;
+		options = SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1;
 		break;
-	default: /* Unsupported */
-		printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
-		return STATE_CRITICAL;
+#endif
+	case MP_TLSv1: /* TLSv1 protocol */
+#if defined(OPENSSL_NO_TLS1)
+		printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
+#else
+		method = TLSv1_client_method();
+/*		options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; */
+		break;
+#endif
+	case MP_TLSv1_1: /* TLSv1.1 protocol */
+#if !defined(SSL_OP_NO_TLSv1_1)
+		printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
+#else
+		method = TLSv1_1_client_method();
+		break;
+#endif
+	case MP_TLSv1_2: /* TLSv1.2 protocol */
+#if !defined(SSL_OP_NO_TLSv1_2)
+		printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
+#else
+		method = TLSv1_2_client_method();
+		break;
+#endif
+	case MP_TLSv1_2_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1_1)
+		printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
+#else
+		options |= SSL_OP_NO_TLSv1_1;
+#endif
+		/* FALLTHROUGH */
+	case MP_TLSv1_1_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1)
+		printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
+		return STATE_UNKNOWN;
+#else
+		options |= SSL_OP_NO_TLSv1;
+#endif
+		/* FALLTHROUGH */
+	case MP_TLSv1_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv3)
+		options |= SSL_OP_NO_SSLv3;
+#endif
+		/* FALLTHROUGH */
+	case MP_SSLv3_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv2)
+		options |= SSL_OP_NO_SSLv2;
+#endif
+	case MP_SSLv2_OR_NEWER:
+		/* FALLTHROUGH */
+	default: /* Default to auto negotiation */
+		method = SSLv23_client_method();
 	}
 	if (!initialized) {
 		/* Initialize SSL context */
@@ -91,15 +138,17 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 	if (cert && privkey) {
 		SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM);
 		SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
+#ifdef USE_OPENSSL
 		if (!SSL_CTX_check_private_key(c)) {
 			printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));
 			return STATE_CRITICAL;
 		}
+#endif
 	}
 #ifdef SSL_OP_NO_TICKET
-	ssl_options |= SSL_OP_NO_TICKET;
+	options |= SSL_OP_NO_TICKET;
 #endif
-	if (ssl_options) SSL_CTX_set_options(c, ssl_options);
+	SSL_CTX_set_options(c, options);
 	SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);
 	if ((s = SSL_new(c)) != NULL) {
 #ifdef SSL_set_tlsext_host_name
@@ -108,6 +157,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 #endif
 		SSL_set_fd(s, sd);
 		if (SSL_connect(s) == 1) {
+printf("SSL Version: %s\n", SSL_get_version(s));
 			return OK;
 		} else {
 			printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
@@ -148,7 +198,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
 	X509 *certificate=NULL;
 	X509_NAME *subj=NULL;
+	char timestamp[50] = "";
 	char cn[MAX_CN_LENGTH]= "";
+	
 	int cnlen =-1;
 	int status=STATE_UNKNOWN;
 
@@ -157,7 +209,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 	struct tm stamp;
 	float time_left;
 	int days_left;
-	char timestamp[50] = "";
+	int time_remaining;
 	time_t tm_t;
 
 	certificate=SSL_get_peer_certificate(s);
@@ -211,7 +263,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 		(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
 	stamp.tm_min =
 		(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-	stamp.tm_sec = 0;
+	stamp.tm_sec =
+		(tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0');
 	stamp.tm_isdst = -1;
 
 	time_left = difftime(timegm(&stamp), time(NULL));
@@ -222,21 +275,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 	if (days_left > 0 && days_left <= days_till_exp_warn) {
 		printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp);
 		if (days_left > days_till_exp_crit)
-			return STATE_WARNING;
+			status = STATE_WARNING;
 		else
-			return STATE_CRITICAL;
+			status = STATE_CRITICAL;
+	} else if (days_left == 0 && time_left > 0) {
+		if (time_left >= 3600)
+			time_remaining = (int) time_left / 3600;
+		else
+			time_remaining = (int) time_left / 60;
+
+		printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+			(days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining,
+			time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+		if ( days_left > days_till_exp_crit)
+			status = STATE_WARNING;
+		else
+			status = STATE_CRITICAL;
 	} else if (time_left < 0) {
 		printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
 		status=STATE_CRITICAL;
 	} else if (days_left == 0) {
-		printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
+		printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
 		if (days_left > days_till_exp_crit)
-			return STATE_WARNING;
+			status = STATE_WARNING;
 		else
-			return STATE_CRITICAL;
+			status = STATE_CRITICAL;
 	} else {
 		printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
-		status=STATE_OK;
+		status = STATE_OK;
 	}
 	X509_free(certificate);
 	return status;

plugins/t/check_http.t

@@ -6,9 +6,10 @@
 
 use strict;
 use Test::More;
+use POSIX qw/mktime strftime/;
 use NPTest;
 
-plan tests => 30;
+plan tests => 42;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
@@ -34,6 +35,8 @@ my $host_tcp_http2  = getTestParameter( "NP_HOST_TCP_HTTP2",
             "A host providing an index page containing the string 'nagios'",
             "nagios.org" );
 
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
+
 
 $res = NPTest->testCmd(
 	"./check_http $host_tcp_http -wt 300 -ct 600"
@@ -47,10 +50,10 @@ $res = NPTest->testCmd(
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
-	"./check_http $host_nonresponsive -wt 1 -ct 2"
+	"./check_http $host_nonresponsive -wt 1 -ct 2 -t 3"
 	);
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
-cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK");
+cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
 
 $res = NPTest->testCmd(
 	"./check_http $hostname_invalid -wt 1 -ct 2"
@@ -112,12 +115,46 @@ SKIP: {
         $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
 
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 12 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date");
+                is( $res->return_code, 2, "Output on expire date" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output");
+                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output");
+                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output");
+                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output");
+                is( $res->return_code, 2, "Certificate expired exit code" );
+        };
+
         $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
 
         $res = NPTest->testCmd(
-                "./check_http --ssl www.e-paycobalt.com"
+                "./check_http --ssl -H www.e-paycobalt.com"
                 );
         cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
 

plugins/t/check_snmp.t

@@ -166,8 +166,8 @@ SKIP: {
 SKIP: {
     skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
     $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
-    cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" );
-    like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem");
+    cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
+    like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
 }
 
 SKIP: {

plugins/tests/check_http.t

@@ -202,21 +202,21 @@ SKIP: {
 
 	$result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
 	is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-	is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:00 2019.', "output ok" );
+	is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:28 2019.', "output ok" );
 
 	$result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
 	is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-	like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+	like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019\)./', "output ok" );
 
 	# Expired cert tests
 	$result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
 	is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-	like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+	like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019\)./', "output ok" );
 
 	$result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
 	is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
 	is( $result->output,
-		'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:00 2009.',
+		'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:16 2009.',
 		"output ok" );
 
 }

plugins/tests/check_snmp.t

@@ -128,7 +128,7 @@ sleep 1;
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 1, "WARNING - due to going above rate calculation" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 ");
+is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
@@ -209,7 +209,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match"
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" );
 is($res->return_code, 1, "Numeric in string test" );
-is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" );
+is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" );
 is($res->return_code, 0, "Not really numeric test" );
@@ -225,29 +225,29 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
-is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" );
+is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 1, "Negative integer check WARNING" );
-is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" );
+is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer check CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" );
 is($res->return_code, 1, "Negative integer as string, WARNING" );
-is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" );
+is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer as string, CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
 

plugins/utils.c

@@ -144,8 +144,6 @@ usage5 (void)
 void
 print_revision (const char *command_name, const char *revision)
 {
-	char plugin_revision[STRLEN];
-
 	printf ("%s v%s (%s %s)\n",
 	         command_name, revision, PACKAGE, VERSION);
 }
@@ -690,6 +688,46 @@ char *fperfdata (const char *label,
 	return data;
 }
 
+char *sperfdata (const char *label,
+ double val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ double minv,
+ int maxp,
+ double maxv)
+{
+	char *data = NULL;
+	if (strpbrk (label, "'= "))
+		xasprintf (&data, "'%s'=", label);
+	else
+		xasprintf (&data, "%s=", label);
+
+	xasprintf (&data, "%s%f", data, val);
+	xasprintf (&data, "%s%s;", data, uom);
+
+	if (warn!=NULL)
+		xasprintf (&data, "%s%s", data, warn);
+
+	xasprintf (&data, "%s;", data);
+
+	if (crit!=NULL)
+		xasprintf (&data, "%s%s", data, crit);
+
+	xasprintf (&data, "%s;", data);
+
+	if (minp)
+		xasprintf (&data, "%s%f", data, minv);
+
+	if (maxp) {
+		xasprintf (&data, "%s;", data);
+		xasprintf (&data, "%s%f", data, maxv);
+	}
+
+	return data;
+}
+
 /* set entire string to lower, no need to return as it works on string in place */
 void strntolower (char * test_char, int size) {