Merge branch 'nrpe-3.0-RC2' to produce release nrpe v3.0

.gitignore

@@ -2,14 +2,40 @@ Makefile
 config.log
 config.status
 include/config.h
+include/common.h
 include/dh.h
-init-script
-init-script.debian
-init-script.suse
+nrpe.spec
+paths
+uninstall
+.cproject
+.project
+nrpe.cbp
+nrpe.layout
 package/solaris/Makefile
 sample-config/nrpe.cfg
-sample-config/nrpe.xinetd
 src/Makefile
 src/check_nrpe
 src/nrpe
-subst
+autom4te.cache/
+nbproject/
+.settings/
+startup/bsd-init
+startup/debian-init
+startup/default-inetd
+startup/default-init
+startup/default-service
+startup/default-socket
+startup/default-socket-svc
+startup/default-xinetd
+startup/mac-init.plist
+startup/mac-inetd.plist
+startup/newbsd-init
+startup/openbsd-init
+startup/openrc-conf
+startup/openrc-init
+startup/rh-upstart-init
+startup/solaris-inetd.xml
+startup/solaris-init.xml
+startup/tmpfile.conf
+startup/upstart-init
+

Changelog

@@ -2,19 +2,70 @@
 NRPE Changelog
 **************
 
-2.16 = xx/xx/xxxx
+3.0 = xx/xx/xxxx
 -----------------
+SECURITY
+- Fix for CVE-2014-2913
+- Added function to clean the environment before forking. (John Frickson)
+
 ENHANCEMENTS
+- Added support for optional config file to check_nrpe. With the new SSL
+  parameters, the line was getting long. The config file is specified with
+  --config-file=<path> or -f <path> parameters. The config file must look
+  like command line options, but the options can be on separate lines. It
+  MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any
+  options are in both the config file and on the command line, the command line
+  options are used.
+- make can now add users and groups using "make install-groups-users" (John Frickson)
+- Added "nrpe-uninstall" script to the same directory nrpe get installed to (John Frickson)
+- Updated code so configure && make will work on AIX, HP-UX, Solaris, OS X.
+  There should be no errors or warnings. Let me know if any errors or
+  warning appear (John Frickson)
+- Added command-line option to prevent forking, since some of the init
+  replacements (such as systemd, etc.) don't want daemons to fork (John Frickson)
+- Added autoconf macros and additional files to better support multi-platform
+  config and compile. The default will still set up to install to
+  /usr/local/nagios but I added a new configure option:
+  '--enable-install-method=<method>'. If <method> is 'opt', everything will
+  install to '/opt/nagios'. If <method> is 'os', installation will be to O/S-
+  and distribution-specific locations, such as /usr/sbin, /usr/lib/nagios,
+  /etc/nagios, and so on.
+- Added additional init and inetd config files to support more systems,
+  including SuSE, Debian, Slackware, Gentoo, *BSD, AIX, HP-UX, Solaris, OS X.
 - Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab)
+- Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson)
+- Added support for version 3 variable sized packets up to 64KB. nrpe will
+  accept either version from check_nrpe. check_nrpe will try to send a
+  version 3 packet first, and fall back to version 2. check_nrpe can be forced
+  to only send version 2 packets if the switch `-2` is used. (John Frickson)
+- Added extended timeout syntax in the -t <secs>:<status> format. (ABrist)
 
 FIXES
+- Fixed configure to check more places for SSL headers/libs. (John Frickson)
 - Added ifdefs for complete_SSL_shutdown to compile without SSL. (Matthew L. Daniel)
+- Renamed configure.in to configure.ac and added check for sigaction (John Frickson)
+- Replaced all instances of signal() with sigaction() + blocking (John Frickson)
+- check_nrpe does not parse passed arguments correctly (John Frickson)
+- NRPE should not start if cannot write pid file (John Frickson)
+- Fixed out-of-bounds error (return code 255) for some failures (John Frickson)
+- Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim)
+- allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns (John Frickson)
+- allowed_hosts doesn't work with a hostname resolving to an IPv6 address (John Frickson)
+- Return UNKNOWN when issues occur (Andrew Widdersheim)
+- NRPE returns OK if check can't be executed (Andrew Widdersheim)
+- nrpe 2.15 [regression in Added SRC support on AIX - 2.14] (frphoebus)
+- compile nrpe - Solaris 9 doesn't have isblank() (lilo, John Frickson)
+- sample configuration for check_load has crazy sample load avg (ernestoongaro)
+
+
 
 2.15 - 09/06/2013
 -----------------
 - Now compiles on HP-UX (Grant Byers)
 - Added support for IPv6 (Leo Baltus, Eric Stanley)
 
+
+
 2.14 - 12/21/2012
 -----------------
 - Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
@@ -23,6 +74,8 @@ FIXES
 - Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
 - Updated logging to support compiling on AIX (Eric Stanley)
 
+
+
 2.13 - 11/11/2011
 -----------------
 - Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
@@ -30,6 +83,7 @@ FIXES
 - Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
 
 
+
 2.12 - 03/10/2008
 -----------------
 - Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
@@ -43,6 +97,7 @@ FIXES
 - Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
 
 
+
 2.10 - 10/19/2007
 -----------------
 - Moved PDF docs to docs/ subdirectory, added OpenOffice source document

Makefile.in

@@ -13,73 +13,179 @@ CC=@CC@
 CFLAGS=@CFLAGS@ @DEFS@
 LDFLAGS=@LDFLAGS@ @LIBS@
 
+INSTALL=@INSTALL@
+GREP=@GREP@
+EGREP=@EGREP@
+
 prefix=@prefix@
 exec_prefix=@exec_prefix@
-CFGDIR=@sysconfdir@
+CFGDIR=@pkgsysconfdir@
 BINDIR=@bindir@
 SBINDIR=@sbindir@
 LIBEXECDIR=@libexecdir@
-INSTALL=@INSTALL@
 NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
 NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
-
-INIT_DIR=@init_dir@
+OPSYS=@opsys@
+DIST=@dist_type@
+NRPE_USER=@nrpe_user@
+NRPE_GROUP=@nrpe_group@
+NAGIOS_USER=@nagios_user@
+NAGIOS_GROUP=@nagios_group@
+
+INIT_TYPE=@init_type@
+INIT_DIR=@initdir@
 INIT_OPTS=-o root -g root
-
+INIT_FILE=@initname@
+INETD_TYPE=@inetd_type@
+INETD_DIR=@inetddir@
+INETD_FILE=@inetdname@
+SRC_INETD=@src_inetd@
+SRC_INIT=@src_init@
+
+
+default:
+	@echo;\
+	echo Please enter 'make [option]' where [option] is one of:;\
+	echo;\
+	echo "     all                  builds nrpe and check_nrpe";\
+	echo "     nrpe                 builds nrpe only";\
+	echo "     check_nrpe           builds check_nrpe only";\
+	echo "     install-groups-users add the users and groups if they do not exist";\
+	echo "     install              install nrpe and check_nrpe";\
+	echo "     install-plugin       install the check_nrpe plugin";\
+	echo "     install-daemon       install the nrpe daemon";\
+	echo "     install-config       install the nrpe configuration file";\
+	echo "     install-inetd        install the startup files for inetd, launchd, etc.";\
+	echo "     install-init         install the startup files for init, systemd, etc.";\
+	echo
 
 all:
-	cd $(SRC_BASE); $(MAKE) ; cd ..
-
-	@echo ""
-	@echo "*** Compile finished ***"
-	@echo ""
-	@echo "If the NRPE daemon and client compiled without any errors, you"
-	@echo "can continue with the installation or upgrade process."
-	@echo ""
-	@echo "Read the PDF documentation (NRPE.pdf) for information on the next"
-	@echo "steps you should take to complete the installation or upgrade."
-	@echo ""
+	cd $(SRC_BASE); $(MAKE)
+
+	@echo "";\
+	echo "*** Compile finished ***";\
+	echo "";\
+	echo "You can now continue with the installation or upgrade process.";\
+	echo "";\
+	echo "Read the PDF documentation (NRPE.pdf) for information on the next";\
+	echo "steps you should take to complete the installation or upgrade.";\
+	echo ""
+
 nrpe:
-	cd $(SRC_BASE); $(MAKE) ; cd ..
+	cd $(SRC_BASE); $(MAKE)
 
 check_nrpe:
-	cd $(SRC_BASE); $(MAKE) ; cd ..
-
+	cd $(SRC_BASE); $(MAKE)
 
 install-plugin:
-	cd $(SRC_BASE) && $(MAKE) $@
+	cd $(SRC_BASE); $(MAKE) $@
 
 install-daemon:
-	cd $(SRC_BASE) && $(MAKE) $@
+	cd $(SRC_BASE); $(MAKE) $@
 
 install:
-	cd $(SRC_BASE) && $(MAKE) $@
+	cd $(SRC_BASE); $(MAKE) $@
+
+install-init:
+	@if test $(SRC_INIT) = unknown; then \
+		echo No init file to install; \
+		exit 1; \
+	fi
+	@if test $(INIT_TYPE) = upstart; then\
+		echo $(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		$(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		echo initctl reload-configuration; \
+		initctl reload-configuration; \
+	elif test $(INIT_TYPE) = systemd; then\
+		echo $(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		$(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+	elif test $(INIT_TYPE) = smf10 -o $(INIT_TYPE) = smf11; then \
+		echo $(INSTALL) -m 775 -g sys -d $(INIT_DIR);\
+		$(INSTALL) -m 775 -g sys -d $(INIT_DIR);\
+		echo $(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		$(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		echo svccfg import $(INIT_DIR)/$(INIT_FILE); \
+		svccfg import $(INIT_DIR)/$(INIT_FILE); \
+		echo "*** Run 'svcadm enable nrpe' to start it"; \
+	else\
+		echo $(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		if test $(INIT_TYPE) = newbsd; then\
+			if test $(DIST) = openbsd; then\
+				echo "# nrpe@bsd_enable@=NO" >> /etc/rc.conf;\
+				echo "nrpe@bsd_enable@=\"-d -c $(CFGDIR)/nrpe.cfg\"" >> /etc/rc.conf;\
+				echo "Make sure to enable the nrpe daemon";\
+			else\
+				echo "nrpe@bsd_enable@=YES" >> /etc/rc.conf;\
+				echo "nrpe_configfile=$(CFGDIR)/nrpe.cfg" >> /etc/rc.conf;\
+			fi;\
+		elif test $(INIT_TYPE) = launchd; then\
+			launchctl load $(INIT_DIR)/$(INIT_FILE); \
+		else\
+			if test -f /sbin/chkconfig ; then \
+			    /sbin/chkconfig nrpe on;\
+			else\
+				echo "Make sure to enable the nrpe daemon";\
+			fi;\
+		fi;\
+	fi
 
-install-xinetd:
-	$(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe 
+install-inetd:
+	@if test $(SRC_INETD) = unknown; then \
+		echo No inetd file to install; \
+		exit 1; \
+	fi
+	@if test $(INETD_TYPE) = inetd; then \
+		$(EGREP) -q "^\W*nrpe\s+" $(INETD_DIR)/$(INETD_FILE) 2>/dev/null || \
+		   cat startup/$(SRC_INETD) >> $(INETD_DIR)/$(INETD_FILE); \
+	elif test $(INETD_TYPE) = systemd; then \
+		SRC_INETD_FILE=`echo "$(SRC_INETD)" | sed -e 's/socket/socket-svc/'`; \
+		echo $(INSTALL) -m 644 startup/$$SRC_INETD_FILE $(INETD_DIR)/$(INIT_FILE); \
+		$(INSTALL) -m 644 startup/$$SRC_INETD_FILE $(INETD_DIR)/$(INIT_FILE); \
+	elif test $(INETD_TYPE) = smf10 -o $(INETD_TYPE) = smf11; then \
+		echo $(INSTALL) -m 775 -g sys -d $(INETD_DIR);\
+		$(INSTALL) -m 775 -g sys -d $(INETD_DIR);\
+		echo $(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
+		$(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
+		$(INSTALL) -m 775 -d $(INETD_DIR);\
+		echo svccfg import $(INETD_DIR)/$(INETD_FILE); \
+		svccfg import $(INETD_DIR)/$(INETD_FILE); \
+		echo "*** Run 'svcadm enable nrpe' to start it"; \
+	elif test $(INIT_TYPE) = launchd; then\
+		$(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
+		launchctl load $(INETD_DIR)/$(INETD_FILE); \
+	else\
+		echo $(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
+		$(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
+	fi
+	@$(EGREP) -q "^nrpe[\t ]+@nrpe_port@/tcp" /etc/services || \
+		echo "***** MAKE SURE 'nrpe @nrpe_port@/tcp' IS IN YOUR /etc/services FILE"
 
-install-daemon-config:
-	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
-	$(INSTALL) -m 644 $(NRPE_INSTALL_OPTS) sample-config/nrpe.cfg $(DESTDIR)$(CFGDIR)
+install-config:
+	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(CFGDIR)
+	$(INSTALL) -m 644 $(NRPE_INSTALL_OPTS) sample-config/nrpe.cfg $(CFGDIR)
 
-solaris-package:
-	@if [ `uname -s` != "SunOS" ] ; then \
-		echo "It is recommended you be running on Solaris to build a Solaris package"; \
-	else \
-		cd package/solaris; $(MAKE) build ; $(MAKE) pkg ; cd ../..; \
+install-groups-users:
+	@macros/add_group_user $(DIST) $(NAGIOS_USER) $(NAGIOS_GROUP)
+	@if test "$(NAGIOS_USER)" != "$(NRPE_USER)" -o "$(NAGIOS_GROUP)" != "$(NRPE_GROUP)"; then\
+		macros/add_group_user $(DIST) $(NRPE_USER) $(NRPE_GROUP);\
 	fi
 
 clean:
-	cd $(SRC_BASE); $(MAKE) $@ ; cd ..
-	cd package/solaris; $(MAKE) $@ ; cd ../..
+	cd $(SRC_BASE); $(MAKE) $@; cd ..
 	rm -f core
 	rm -f *~ */*~
 
 distclean: clean
-	cd $(SRC_BASE); $(MAKE) $@ ; cd ..
-	cd package/solaris; $(MAKE) $@ ; cd ../..
-	rm -f config.log config.status config.cache nrpe.cfg nrpe.xinetd subst $(SRC_INCLUDE)/config.h init-script init-script.debian init-script.freebsd init-script.suse
-	rm -f sample-config/*.cfg sample-config/*.xinetd
+	cd $(SRC_BASE); $(MAKE) $@; cd ..
+	rm -rf autom4te.cache
+	rm -f config.log config.status config.cache sample-config/nrpe.cfg $(SRC_INCLUDE)/config.h
+	rm -f startup/bsd-init startup/debian-init startup/default-init startup/default-inetd
+	rm -f startup/default-service startup/default-socket startup/default-socket-svc
+	rm -f startup/default-xinetd startup/mac-init.plist startup/mac-inetd.plist
+	rm -f startup/newbsd-init startup/openbsd-init startup/openrc-conf
+	rm -f startup/openrc-init startup/rh-upstart-init startup/solaris-init.xml
+	rm -f startup/solaris-inetd.xml startup/tmpfile.conf startup/upstart-init
 	rm -f Makefile
 
 devclean: distclean

README

@@ -1,234 +0,0 @@
------------
-NRPE README
------------
-
-
-** UPDATED DOCUMENTATION!
-
-For installation instructions and information on the design overview
-of the NRPE addon, please read the PDF documentation that is found in 
-this directory: NRPE.pdf
-
-
-
-
-Purpose
--------
-The purpose of this addon is to allow you to execute Nagios 
-plugins on a remote host in as transparent a manner as possible.
-
-
-Contents
---------
-
-There are two pieces to this addon:
-
-  1) NRPE       - This program runs as a background process on the 
-                  remote host and processes command execution requests
-	          from the check_nrpe plugin on the Nagios host.
-		  Upon receiving a plugin request from an authorized
-                  host, it will execute the command line associated
-                  with the command name it received and send the
-                  program output and return code back to the 
-                  check_nrpe plugin
-
-  2) check_nrpe - This is a plugin that is run on the Nagios host
-                  and is used to contact the NRPE process on remote
-	          hosts.  The plugin requests that a plugin be
-                  executed on the remote host and wait for the NRPE
-                  process to execute the plugin and return the result.
-                  The plugin then uses the output and return code
-                  from the plugin execution on the remote host for
-                  its own output and return code.
-
-
-Compiling
----------
-
-The code is very basic and may not work on your particular
-system without some tweaking.  I just haven't put a lot of effort
-into this addond.  Most Linux users should be able to compile
-NRPE and the check_nrpe plugin with the following commands...
-
-./configure
-make all
-
-The binaries will be located in the src/ directory after you
-run 'make all' and will have to be installed manually somewhere
-on your system.
-
-
-NOTE: Since the check_nrpe plugin and nrpe daemon run on different
-      machines (the plugin runs on the Nagios host and the daemon
-      runs on the remote host), you will have to compile the nrpe
-      daemon on the target machine.
-
-
-
-Installing
-----------
-
-The check_nrpe plugin should be placed on the Nagios host along
-with your other plugins.  In most cases, this will be in the
-/usr/local/nagios/libexec directory.
-
-The nrpe program and the configuration file (nrpe.cfg) should
-be placed somewhere on the remote host.  Note that you will also
-have to install some plugins on the remote host if you want to
-make much use of this addon.
-
-
-
-Configuring
------------
-
-Sample config files for the NRPE daemon are located in the
-sample-config/ subdirectory.
-
-
-
-Running Under INETD or XINETD
------------------------------
-
-If you plan on running nrpe under inetd or xinetd and making use
-of TCP wrappers, you need to do the following things:
-
-
-
-1) Add a line to your /etc/services file as follows (modify the port
-   number as you see fit)
-
-	nrpe            5666/tcp	# NRPE
-
-
-
-2) Add entries for the NRPE daemon to either your inetd or xinetd
-   configuration files.  Which one your use will depend on which
-   superserver is installed on your system.  Both methods are described
-   below.  NOTE: If you run nrpe under inetd or xinetd, the server_port
-   and allowed_hosts variables in the nrpe configuration file are
-   ignored.
-
-
-   ***** INETD *****
-   If your system uses the inetd superserver WITH tcpwrappers, add an
-   entry to /etc/inetd.conf as follows:
-
-	nrpe 	stream 	tcp 	nowait 	<user> /usr/sbin/tcpd <nrpebin> -c <nrpecfg> --inetd
-
-   If your system uses the inetd superserver WITHOUT tcpwrappers, add an
-   entry to /etc/inetd.conf as follows:
-
-	nrpe 	stream 	tcp 	nowait 	<user> <nrpebin> -c <nrpecfg> --inetd
-
-
-   - Replace <user> with the name of the user that the nrpe server should run as.
-     	Example: nagios
-   - Replace <nrpebin> with the path to the nrpe binary on your system.
-	Example: /usr/local/nagios/nrpe
-   - Replace <nrpecfg> with the path to the nrpe config file on your system.
-	Example: /usr/local/nagios/nrpe.cfg
-
-
-   ***** XINETD *****
-   If your system uses xinetd instead of inetd, you'll probably
-   want to create a file called 'nrpe' in your /etc/xinetd.d
-   directory that contains the following entries:
-
-
-	# default: on
-	# description: NRPE
-	service nrpe
-	{
-        	flags           = REUSE
-	        socket_type     = stream        
-        	wait            = no
-	        user            = <user>
-        	server          = <nrpebin>
-	        server_args     = -c <nrpecfg> --inetd
-        	log_on_failure  += USERID
-	        disable         = no
-		only_from       = <ipaddress1> <ipaddress2> ...
-	}
-
-
-   - Replace <user> with the name of the user that the nrpe server should run as.
-   - Replace <nrpebin> with the path to the nrpe binary on your system.
-   - Replace <nrpecfg> with the path to the nrpe config file on your system.
-   - Replace the <ipaddress> fields with the IP addresses of hosts which
-     are allowed to connect to the NRPE daemon.  This only works if xinetd was
-     compiled with support for tcpwrappers.
-
-
-
-3) Restart inetd or xinetd will the following command (pick the
-   on that is appropriate for your system:
-
-	/etc/rc.d/init.d/inet restart
-
-	/etc/rc.d/init.d/xinetd restart
-
-   OpenBSD users can use the following command to restart inetd:
-
-	kill -HUP `cat /var/run/inet.pid`
-
-
-
-4) Add entries to your /etc/hosts.allow and /etc/hosts.deny
-   file to enable TCP wrapper protection for the nrpe service.
-   This is optional, although highly recommended.
-
-
-
-
-Configuring Things On The Nagios Host
----------------------------------------
-
-Examples for configuring the nrpe daemon are found in the sample
-nrpe.cfg file included in this distribution.  That config file
-resides on the remote host(s) along with the nrpe daemon.  The
-check_nrpe plugin gets installed on the Nagios host.  In order
-to use the check_nrpe plugin from within Nagios, you'll have
-to define a few things in the host config file.  An example
-command definition for the check_nrpe plugin would look like this:
-
-define command{
-	command_name	check_nrpe
-	command_line	/usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
-	}
-
-In any service definitions that use the nrpe plugin/daemon to
-get their results, you would set the service check command portion
-of the definition to something like this (sample service definition
-is simplified for this example):
-
-define service{
-	host_name		someremotehost
-	service_description	someremoteservice
-	check_command		check_nrpe!yourcommand
-	... etc ...
-	}
-
-where "yourcommand" is a name of a command that you define in 
-your nrpe.cfg file on the remote host (see the docs in the 
-sample nrpe.cfg file for more information).
-
-
-
-
-Questions?
-----------
-
-If you have questions about this addon, or problems getting things
-working, first try searching the nagios-users mailing list archives.
-Details on searching the list archives can be found at 
-http://www.nagios.org
-
-If all else fails, you can email me and I'll try and respond as
-soon as I get a chance.
-
-	-- Ethan Galstad (nagios@nagios.org)
-
-
-
-

README.SSL

@@ -1,34 +0,0 @@
-NRPE With SSL/TLS
-
-NRPE now has the option for Encrypting Network traffic using
-SSL/TLS from openssl. 
-
-The Encryption is done using a set encryption routine of 
-AES-256 Bit Encryption using SHA and Anon-DH. This encrypts
-all traffic using the NRPE sockets from the client to the server.
-
-Since we are using Anon-DH this allows for an encrypted 
-SSL/TLS Connection without using pre-generated keys or 
-certificates. The key generation information used by the 
-program to dynaically create keys on daemon startup can be found
-in the dh.h file in the nrpe src directory. This file was created
-using the command:
-
-openssl dhparam -C 512 
-
-which outputs the C code in dh.h. For your own security you can replace
-that file with your own dhparam generated code.
-
-As of this time you will need to have the latest greatest version of
-OpenSSL (tested against version 0.9.7a) since not all versions have
-the AES algorythm in them.
-
-I am not aware that at this time this code is restricted under export 
-restrictions but I leave that verification process up to you.
-
-Thoughts and suggestions are welcome and I can be reached on the
-Nagios and NagiosPlug Mailing Lists.
-
-	- Derrick
-
-

README.SSL.md

@@ -0,0 +1,283 @@
+NRPE With SSL/TLS
+=================
+
+##Contents
+1. [Introduction](#intro)
+2. [NRPE Changes](#nrpe)
+3. [check_nrpe Changes](#chk)
+4. [Certificate Generation Example](#xmp)
+
+<a id=intro></a>
+
+------------
+###Introduction
+------------
+
+NRPE has had basic support for SSL/TLS for some time now, but it was
+severely lacking. It only allowed anonymous Diffie Hellman (ADH) key
+exchange, it used a fixed 512-bit key (generated at `./configure`
+time and extremely insecure) and originally allowed SSLv2. In 2004,
+SSLv2 and SSLv3 support was disabled.
+
+nrpe and check_nrpe have been updated to offer much more secure
+encryption and more options. And the updates are done in a backward-
+compatible way, allowing you to migrate to the newer versions
+without having to do it all at once, and possibly miss updating some
+machines, causing lost reporting.
+
+<a id=nrpe></a>
+
+------------------------------------------
+###CHANGES IN THE CURRENT VERSION OF NRPE
+------------------------------------------
+
+Running `./configure` will now create a 2048-bit DH key instead
+of the old 512-bit key. The most current versions of openSSL will
+still not allow it. In my testing, openSSL 1.0.1e allowed DH keys
+of 512 bits, and 1.0.1k would not allow 2048 bit keys. In addition
+we now call `SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE)` so a
+new key is generated on each connection, based on the 2048-bit
+key generated.
+
+The NRPE configuration file has added new SSL/TLS options. The
+defaults currently will allow old check_nrpe plugins to continue to
+connect to the nrpe daemon, but can report on "old style"
+connections, or enforce more secure communication as your migration
+progresses. The new options are in the "SSL/TLS OPTIONS" section of
+nrpe.cfg, about two-thirds of the way down.
+
+If you are upgrading NRPE from a prior version, you can run the
+`update-cfg.pl` script to add the new parameters to your nrpe.cfg.
+
+The `ssl_version` directive lets you set which versions of SSL/TLS
+you want to allow. SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 are
+allowed, or those litereals with a `+` after them (as in TLSv1.1+).
+Without the `+`, that version _only_ will be used. With the `+`,
+that version _or above_ will be used. openSSL will always negotiate
+the highest available allowed version available on both ends. This
+directive currently defaults to `TLSv1+`.
+
+The `ssl_use_adh` directive is **DEPRECATED**, even though it is new.
+Possible values are `0` to not allow ADH at all, `1` to allow ADH,
+and `2` to require ADH. The `2` should never be required, but it's
+there just in case it's needed, for whatever reason. `1` is currently
+the default, which allows older check_nrpe plugins to connect using
+ADH. When all the plugins are migrated to the newer version, it
+should be set to `0`. In an upcoming version of NRPE, ADH will no
+longer be allowed at all. Note that if you use a `2` here, NRPE will
+override any `ssl_cipher_list` entries (below) to *only* allow ADH.
+
+The `ssl_cipher_list` directive lets you specify which ciphers you
+want to allow. It currently defaults to `ALL:!MD5:@STRENGTH` but can
+take any value allowed by openSSL. In an upcoming version of NRPE, it
+will be changed to something more secure, something like
+`ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH`. Note that
+if you have `ssl_use_adh=2`, this string will be overridden with
+`ADH` which only only allow ADH.
+
+The `ssl_cacert_file`, `ssl_cert_file` and `ssl_privatekey_file`
+directives are used to specify which *.pem files are to be used for
+Public-Key Encryption (PKE). Setting these will allow clients to use
+PKE to communicate with the server, similar to how the HTTPS
+protocol works.
+
+The `ssl_client_certs` directive specifies whether or not a client
+certificate will be requested when a client tries to connect. A value
+of `0` means the nrpe daemon will not ask for or require a client
+certificate. A `1` will cause it to ask for a client certificate, but
+not require one. A `2` will require the client to present a valid
+certificate. This currently defaults to `0`. If you want to use
+client certificates and are upgrading the clients over time, you can
+set this to `1` once many have been upgraded, then set to `2` to
+force the use of client certs. Note that the client certs _must_ be
+signed by the CA cert specified in the `ssl_cacert_file` directive.
+
+The `ssl_logging` directive allows you to log some additional data
+to syslog. OR (or add) values together to have more than one option
+enabled. Values are `0` for no additional logging (the default),
+`1` to log startup SSL/TLS parameters from the nrpe.cfg file, `2` to
+log the SSL/TLS version of connections, `4` to log which cipher is
+being used for the connection, `8` to log if the plugin has a cert, and
+`16` to log details of plugin's certificate. `-1` will enable all.
+This can be especially helpful during plugin migration, so you can
+tell which plugins have certificates, what SSL/TLS version is being
+used, and which ciphers are being used.
+
+<a id=chk></a>
+
+------------------------------------------------
+###CHANGES IN THE CURRENT VERSION OF CHECK_NRPE
+------------------------------------------------
+
+The check_nrpe plugin has also been updated to provide more secure
+encryption and allow the use of client certificates. The command line
+has several new options, which are outlined below. Both the long and
+short arguments are presented.
+
+`--no-adh` or `-d` will disable the use of ADH. This option is
+**DEPRECATED**, even though it's new. It will be removed in a
+future version.
+
+`--ssl-version=<ver>` or `-S <ver>` specifies minimum SSL/TLS version
+to use. See the `ssl_version` directive above for possible values.
+
+`--cipher-list=<value.` or `-L <value>` determines which ciphers will
+and won't be allowed. See the `ssl_cipher_list` directive above.
+
+`--client-cert=<path>` or `-C <path>` specifies an optional client
+certificate to use. If this value is entered, the next one below is
+required.
+
+`--key-file=<path>` or `-K <path>` specifies the client certificate
+key file to use. This goes along with `--client-cert` above.
+
+`--ca-cert-file=<path>` or `-A <path>` specifies the CA certificate
+to use in order to validate the nrpe daemon's public key.
+
+`--no-adh` or `-d` is **DEPRECATED**
+
+`--use-adh` or `-d [num]` is **DEPRECATED**, even though it is new.
+If you use `-d` or `-d 0` it acts the same way as as the old `-d`.
+Otherwise, use `1` to allow ADH, and `2` to require ADH.
+
+`--ssl-logging=<num>` or `-s <num>` allows you to log some additional
+data to syslog. OR (or add) values together to have more than one
+option enabled. See the description of the `ssl_logging` directive
+from NRPE above.
+
+<a id=xmp></a>
+
+----------------------------------
+###Certificate Generation Example
+----------------------------------
+
+**Note** _The following example does not follow best practice for
+creating and running a CA or creating certificates. It is for testing
+or possibly for use in a small environment. Sloppy security is as bad
+as no security._
+
+In this example, we are going to put everything in the
+`/usr/local/nagios/etc/ssl` directory. You may want to use the more
+common `/etc/ssl` directory, or somewhere else entirely.
+
+We are going to assume your company name is Foo Widgets, LLC; the
+server running the nagios process (and thus the check_nrpe program)
+is called `nag_serv`; and there are two Linux machines that will
+run the nrpe daemon: `db_server` and `bobs_workstation`.
+
+
+####Set up the directories
+
+As root, do the following:
+
+        mkdir -p -m 750 /usr/local/nagios/etc/ssl
+        chown root.nagios /usr/local/nagios/etc/ssl
+        cd /usr/local/nagios/etc/ssl
+        mkdir -m 750 ca
+        chown root.root ca
+        mkdir -m 750 server_certs
+        chown root.nagios server_certs
+        mkdir -m 750 client_certs
+        chown root.nagios client_certs
+
+
+####Create Certificate Authority
+
+If you want to validate client or server certificates, you will need
+to create a Certificate Authority (CA) that will sign all client and
+server certificates. If your organization already has a CA, you can
+use that.
+
+As root, do the following:
+
+        cd /usr/local/nagios/etc/ssl/ca
+        openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem \
+           -out ca_cert.pem -utf8 -days 3650
+
+When asked, enter a passphrase. Then follow the prompts. You will
+probably want to include `CA` or `Certificate Authority` in for
+`Organizational Unit Name` and `Common Name`. For example:
+
+        Organization Name (eg, company) []:Foo Widgets LLC
+        Organizational Unit Name (eg, section) []:Foo Certificate Authority
+        Common Name (e.g. server FQDN or YOUR name) []:Foo Nagios CA
+
+
+####Create NRPE Server Certificate Requests
+
+For each of the hosts that will be running the nrpe daemon, you will
+need a server certificate. You can create a key, and the CSR
+(Certificate Signing Request) separately, but the following commands
+will do both with one command. As root, do the following:
+
+        cd /usr/local/nagios/etc/ssl/server_certs
+        openssl req -new -newkey rsa:2048 -keyout db_server.key \
+           -out db_server.csr -nodes
+        openssl req -new -newkey rsa:2048 -keyout bobs_workstation.key \
+           -out bobs_workstation.csr -nodes
+
+Follow the prompts. The `-nodes` at the end of the lines tells
+openssl to generate the key without a passphrase. Leave it off if you
+want someone to enter a passphrase whenever the machine boots.
+
+Now you need to sign the CSRs with your CA key.
+
+If you have the default `/etc/openssl.cnf`, either change it, or as root, do:
+
+        cd /usr/local/nagios/etc/ssl
+        mkdir demoCA
+        mkdir demoCA/newcerts
+        touch demoCA/index.txt
+		echo "01" > demoCA/serial
+        chown -R root.root demoCA
+        chmod 700 demoCA
+        chmod 700 demoCA/newcerts
+        chmod 600 demoCA/serial
+        chmod 600 demoCA/index.txt
+
+Now, sign the CSRs. As root, do the following:
+
+        cd /usr/local/nagios/etc/ssl
+        openssl ca -days 365 -notext -md sha256 \
+           -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
+           -in server_certs/db_server.csr \
+           -out server_certs/db_server.pem
+        chown root.nagios server_certs/db_server.pem
+        chmod 440 server_certs/db_server.pem
+        openssl ca -days 365 -notext -md sha256 \
+           -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
+           -in server_certs/bobs_workstation.csr \
+           -out server_certs/bobs_workstation.pem
+        chown root.nagios server_certs/bobs_workstation.pem
+        chmod 440 server_certs/bobs_workstation.pem
+
+Now, copy the `db_server.pem` and `db_server.key` files to the
+db_server machine, and the `bobs_workstation.pem` and
+`bobs_workstation.key` files to bobs_workstation. Copy the
+`ca/ca_cert.pem` file to both machines.
+
+
+####Create NRPE Client Certificate Requests
+
+Now you need to do the same thing for the machine that will be
+running the check_nrpe program.
+
+        cd /usr/local/nagios/etc/ssl/client_certs
+        openssl req -new -newkey rsa:2048 -keyout nag_serv.key \
+           -out nag_serv.csr -nodes
+
+        cd /usr/local/nagios/etc/ssl
+        openssl ca -extensions usr_cert -days 365 -notext -md sha256 \
+           -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
+           -in client_certs/nag_serv.csr \
+           -out client_certs/nag_serv.pem
+        chown root.nagios client_certs/nag_serv.pem
+        chmod 440 client_certs/nag_serv.pem
+
+Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem`
+files to the nag_serv machine, if you did the above on a different
+computer.
+
+Put the location of each computers' three files in the `nrpe.cfg`
+file or in the check_nrpe command line. You should now have
+encryption and, if desired, key validation.

README.Solaris

@@ -1,18 +0,0 @@
-Compiling on Solaris
-
-Several changes may be necessary in order to compile NRPE on Solaris.
-This information is known to apply to Solaris 10 and may apply to other 
-verisions of Solaris. This has been tested on Solaris 10 x86.
-
-There are three things that you may need to compile NRPE on Solaris:
-
-	1. Add /usr/sfw/bin to your path
-		$ PATH="$PATH:/usr/sfw/bin"
-	2. Specify the binary to be used for make-ing
-		$ MAKE=gmake ./configure
-	3. Use gmake to build the code
-		$ gmake all
-
-Thanks to Kevin Pendleton at UtahSysAdmin.com 
-(http://www.utahsysadmin.com/2008/03/14/configuring-nagios-plugins-nrpe-on-solaris-10/)
-for the instructions on finding the SSL libraries.

README.md

@@ -0,0 +1,206 @@
+NRPE README
+===========
+
+For installation instructions and information on the design overview
+of the NRPE addon, please read the PDF documentation that is found in
+this directory: `docs/NRPE.pdf`
+
+If you are upgrading from a previous version, run 'update-cfg.pl' to
+add the new SSL parameters to your config file.
+
+
+Purpose
+-------
+The purpose of this addon is to allow you to execute Nagios
+plugins on a remote host in as transparent a manner as possible.
+
+
+Contents
+--------
+
+There are two pieces to this addon:
+
+  1) **NRPE**       - This program runs as a background process on the
+                      remote host and processes command execution requests
+                      from the check_nrpe plugin on the Nagios host.
+                      Upon receiving a plugin request from an authorized
+                      host, it will execute the command line associated
+                      with the command name it received and send the
+                      program output and return code back to the
+                      check_nrpe plugin
+
+  2) **check_nrpe** - This is a plugin that is run on the Nagios host
+                      and is used to contact the NRPE process on remote
+                      hosts.  The plugin requests that a plugin be
+                      executed on the remote host and wait for the NRPE
+                      process to execute the plugin and return the result.
+                      The plugin then uses the output and return code
+                      from the plugin execution on the remote host for
+                      its own output and return code.
+
+
+Compiling
+---------
+
+The code is very basic and may not work on your particular
+system without some tweaking. If you are having any problems
+compiling on your system, please let us know, hopefully with
+fixes. Most users should be able to compile NRPE and the
+check_nrpe plugin with the following commands...
+
+    ./configure
+    make all
+
+The binaries will be located in the `src/` directory after you
+run `make all` and will have to be installed manually somewhere
+on your system.
+
+_NOTE: Since the check_nrpe plugin and nrpe daemon run on different
+      machines (the plugin runs on the Nagios host and the daemon
+      runs on the remote host), you will have to compile the nrpe
+      daemon on the target machine._
+
+
+Installing
+----------
+
+The check_nrpe plugin should be placed on the Nagios host along
+with your other plugins.  In most cases, this will be in the
+`/usr/local/nagios/libexec` directory.
+
+The nrpe program and the configuration file `nrpe.cfg` should
+be placed somewhere on the remote host.  Note that you will also
+have to install some plugins on the remote host if you want to
+make much use of this addon.
+
+
+Configuring
+-----------
+
+Sample config files for the NRPE daemon are located in the
+`sample-config/` subdirectory.
+
+
+Running Under INETD or XINETD
+-----------------------------
+
+If you plan on running nrpe under inetd or xinetd and making use
+of TCP wrappers, you need to add a line to your `/etc/services`
+file as follows (modify the port number as you see fit)
+
+     nrpe            5666/tcp    # NRPE
+
+The run `make install-inetd` to copy the appropriate file, or
+add the appropriate line to your `/etc/inetd.conf`.
+
+   _NOTE: If you run nrpe under inetd or xinetd, the server_port
+   and allowed_hosts variables in the nrpe configuration file are
+   ignored._
+
+
+#### INETD
+
+After running `make install-inetd`, your `/etc/inetd.conf` file will
+contain lines similar to the following:
+
+```
+	#
+	# Enable the following entry to enable the nrpe daemon
+	#nrpe stream tcp nowait nagios /usr/local/nagios/bin/nrpe nrpe -c /usr/local/nagios/etc/nr
+	# Enable the following entry if the nrpe daemon didn't link with libwrap
+	#nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nag
+```
+
+Un-comment the appropriate line, then Restart inetd:
+
+    /etc/rc.d/init.d/inet restart
+
+OpenBSD users can use the following command to restart inetd:
+
+    kill -HUP `cat /var/run/inet.pid`
+
+Then add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
+file to enable TCP wrapper protection for the nrpe service.
+This is optional, although highly recommended.
+
+
+#### XINETD
+
+If your system uses xinetd instead of inetd, `make install-inetd`
+will create a file called `nrpe` in your `/etc/xinetd.d`
+directory that contains a file similar to this:
+
+```
+    # default: off
+    # description: NRPE (Nagios Remote Plugin Executor)
+    service nrpe
+    {
+        disable         = yes
+        socket_type     = stream
+        port            = @NRPE_PORT@
+        wait            = no
+        user            = nagios
+        group           = nagios
+        server          = /usr/local/nagios/bin/nrpe
+        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
+        only_from       = 127.0.0.1
+        log_on_failure  += USERID
+    }
+```
+
+- Replace `disable = yes` with `disable = no`
+- Replace the `127.0.0.1` field with the IP addresses of hosts which
+  are allowed to connect to the NRPE daemon.  This only works if xinetd was
+  compiled with support for tcpwrappers.
+- Add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
+  file to enable TCP wrapper protection for the nrpe service.
+  This is optional, although highly recommended.
+
+Restart xinetd:
+
+    /etc/rc.d/init.d/xinetd restart
+
+
+Configuring Things On The Nagios Host
+---------------------------------------
+
+Examples for configuring the nrpe daemon are found in the sample
+`nrpe.cfg` file included in this distribution.  That config file
+resides on the remote host(s) along with the nrpe daemon.  The
+check_nrpe plugin gets installed on the Nagios host.  In order
+to use the check_nrpe plugin from within Nagios, you will have
+to define a few things in the host config file.  An example
+command definition for the check_nrpe plugin would look like this:
+
+    define command{
+        command_name    check_nrpe
+        command_line    /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
+        }
+
+In any service definitions that use the nrpe plugin/daemon to
+get their results, you would set the service check command portion
+of the definition to something like this (sample service definition
+is simplified for this example):
+
+    define service{
+        host_name           someremotehost
+        service_description someremoteservice
+        check_command       check_nrpe!yourcommand
+        ... etc ...
+        }
+
+where `yourcommand` is a name of a command that you define in
+your nrpe.cfg file on the remote host (see the docs in the
+sample nrpe.cfg file for more information).
+
+
+Questions?
+----------
+
+If you have questions about this addon, or problems getting things
+working, first try searching the nagios-users mailing list archives.
+Details on searching the list archives can be found at
+http://www.nagios.org
+
+If you don't find an answer there, post a message in the Nagios
+Plugin Development forum at https://support.nagios.com/forum/viewforum.php?f=35

SECURITY → SECURITY.md

@@ -1,25 +1,20 @@
-********************
 NRPE SECURITY README
-********************
+====================
 
+---
 
-TCP WRAPPER SUPPORT
-===================
+### TCP WRAPPER SUPPORT ###
 
-NRPE 2.x includes native support for TCP wrappers.  The older
-host access list directive was removed from the config file.
-Make sure your system supports TCP wrappers before running NRPE.
-Once you compile NRPE you can check to see if it has wrapper
-support built in by running the daemon from the command line
-without any arguments like this:
-
-	./nrpe --help
 
+NRPE 2.x includes native support for TCP wrappers. Once you
+compile NRPE you can check to see if it has wrapper support
+built in by running the daemon from the command line without
+any arguments like this:
 
+	./nrpe --help
 
 
-COMMAND ARGUMENTS
-=================
+#### COMMAND ARGUMENTS ####
 
 NRPE 2.0 includes the ability for clients to supply arguments to
 commands which should be run.  Please note that this feature
@@ -27,60 +22,55 @@ should be considered a security risk, and you should only use
 it if you know what you're doing!
 
 
-BASH COMMAND SUBSTITUTION
--------------------------
+#### BASH COMMAND SUBSTITUTION ####
 
 Even with the metacharacter restrictions below, if command arguments 
-are enabled, it is still possible to send bash command substitions 
-in the form $(...) as an agrument. This is explicity disabled by 
+are enabled, it is still possible to send bash command substitutions 
+in the form `$(...)` as an argument. This is explicitly disabled by 
 default, but can be enabled by a configure-time option and a
-configuration file option. Enabling this option is VERY RISKY and 
-its use is HIGHLY DISCOURAGED.
+configuration file option. Enabling this option is **VERY RISKY**
+and its use is **HIGHLY DISCOURAGED**.
 
 
-ENABLING ARGUMENTS
-------------------
+#### ENABLING ARGUMENTS ####
 
 To enable support for command argument in the daemon, you must
 do two things:
 
-   1.  Run the configure script with the --enable-command-args 
+   1.  Run the configure script with the `--enable-command-args`
        option
 
-   2.  Set the 'dont_blame_nrpe' directive in the NRPE config
-       file to 1.
+   2.  Set the `dont_blame_nrpe` directive in the NRPE config
+       file to `1`.
 
 
-ENABLING BASH COMMAND SUBSTITUTION
-----------------------------------
+#### ENABLING BASH COMMAND SUBSTITUTION ####
 
 To enable support for arguments containing bash command substitions, 
 you must do two things:
 
    1.  Enable arguments as described above
 
-   2.  Include the --enable-bash-command-substitution configure
+   2.  Include the `--enable-bash-command-substitution` configure
        option when running the configure script
 
-   3.  Set the 'allow_bash_command_substitutions' directive in the 
-       NRPE config file to 1.
+   3.  Set the `allow_bash_command_substitutions` directive in the 
+       NRPE config file to `1`.
 
 
-ILLEGAL METACHARS
------------------
+#### ILLEGAL METACHARS ####
 
 To help prevent some nasty things from being done by evil 
 clients, the following metacharacters are not allowed
 in client command arguments:
 
-   | ` & > < ' " \ [ ] { } ; !
+	| ` & > < ' " \ [ ] { } ; !
 
-Any client request which contains the abovementioned metachars
+Any client request which contains the above mentioned metachars
 is discarded.
 
 
-USER/GROUP RESTRICTIONS
------------------------
+#### USER/GROUP RESTRICTIONS ####
 
 The NRPE daemon cannot be run with (effective) root user/group
 privileges.  You must run the daemon with an account that does
@@ -89,21 +79,19 @@ directives in the config file to specify which user/group the
 daemon should run as.
 
 
-ENCRYPTION
-----------
+#### ENCRYPTION ####
 
 If you do enable support for command arguments in the NRPE daemon,
 make sure that you encrypt communications either by using:
 
    1.  Stunnel (see http://www.stunnel.org for more info)
-   2.  Native SSL support
+   2.  Native SSL support (See the `README.SSL.md` file for more info)
 
-Do NOT assume that just because the daemon is behind a firewall
+*Do NOT* assume that just because the daemon is behind a firewall
 that you are safe!  Always encrypt NRPE traffic!
 
 
-USING ARGUMENTS
----------------
+#### USING ARGUMENTS ####
 
 How do you use command arguments?  Well, lets say you define a
 command in the NRPE config file that looks like this:
@@ -123,9 +111,3 @@ like this:
 
 You can supply up to 16 arguments to be passed to the command
 for substitution in $ARG$ macros ($ARG1$ - $ARG16$).
-
-
-
-
-    -- Ethan Galstad (nagios@nagios.org)
-

THANKS

@@ -0,0 +1,43 @@
+Alex Weber
+Andrea Morgan-Brist
+Andrew Boyce-Lewis
+Andrew Ryder
+Andrew Widdersheim
+Bartosz Woronicz
+Bill Mitchell
+Bjoern Beutel
+Brian Seklecki
+Derrick Bennett
+Eric Mislivec
+Eric Stanley
+Gerhard Lausser
+Graham Collinson
+Grant Byers
+Grégory Starck
+James Peterson
+Jari Takkala
+Jason Cook
+John Maag
+Jon Andrews
+Kaspersky Lab
+Kevin Pendleton
+Konstantin Malov
+Krzysztof Oledzki
+Leo Baltus
+Mark Plaksin
+Matthew L. Daniel
+Matthias Flacke
+Niels Endres
+Patric Wust
+Peter Palfrader
+Rene Klootwijk
+Robert Peaslee
+Ryan McGarry
+Ryan Ordway
+Sean Finney
+Spenser Reinhardt
+Subhendu Ghosh
+Thierry Bertaud
+Ton Voon
+Vadim Antipov
+jaclu@grm.se

aclocal.m4

@@ -0,0 +1,7 @@
+m4_include([macros/ax_nagios_get_os])
+m4_include([macros/ax_nagios_get_distrib])
+m4_include([macros/ax_nagios_get_init])
+m4_include([macros/ax_nagios_get_inetd])
+m4_include([macros/ax_nagios_get_paths])
+m4_include([macros/ax_nagios_get_files])
+m4_include([macros/ax_nagios_get_ssl])

config.sub → build-aux/config.sub

@@ -1,43 +1,40 @@
 #! /bin/sh
 # Configuration validation subroutine script.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+#   Copyright 1992-2014 Free Software Foundation, Inc.
 
-timestamp='2006-01-02'
+timestamp='2014-12-03'
 
-# This file is (in principle) common to ALL GNU software.
-# The presence of a machine in this file suggests that SOME GNU software
-# can handle that machine.  It does not imply ALL GNU software can.
-#
-# This file is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
 #
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
 
 
-# Please send patches to <config-patches@gnu.org>.  Submit a context
-# diff and a properly formatted ChangeLog entry.
+# Please send patches to <config-patches@gnu.org>.
 #
 # Configuration subroutine to validate and canonicalize a configuration type.
 # Supply the specified configuration type as an argument.
 # If it is invalid, we print an error message on stderr and exit with code 1.
 # Otherwise, we print the canonical config type on stdout and succeed.
 
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
 # This file is supposed to be the same for all GNU packages
 # and recognize all the CPU types, system types and aliases
 # that are meaningful with *any* GNU software.
@@ -71,8 +68,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)
 
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
+Copyright 1992-2014 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -119,12 +115,18 @@ esac
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
-  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+  linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+  knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
   storm-chaos* | os2-emx* | rtmk-nova*)
     os=-$maybe_os
     basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
     ;;
+  android-linux)
+    os=-linux-android
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
+    ;;
   *)
     basic_machine=`echo $1 | sed 's/-[^-]*$//'`
     if [ $basic_machine != $1 ]
@@ -147,10 +149,13 @@ case $os in
 	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
 	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
 	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple | -axis | -knuth | -cray)
+	-apple | -axis | -knuth | -cray | -microblaze*)
 		os=
 		basic_machine=$1
 		;;
+	-bluegene*)
+		os=-cnk
+		;;
 	-sim | -cisco | -oki | -wec | -winbond)
 		os=
 		basic_machine=$1
@@ -165,10 +170,10 @@ case $os in
 		os=-chorusos
 		basic_machine=$1
 		;;
- 	-chorusrdb)
- 		os=-chorusrdb
+	-chorusrdb)
+		os=-chorusrdb
 		basic_machine=$1
- 		;;
+		;;
 	-hiux*)
 		os=-hiuxwe2
 		;;
@@ -213,6 +218,12 @@ case $os in
 	-isc*)
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
+	-lynx*178)
+		os=-lynxos178
+		;;
+	-lynx*5)
+		os=-lynxos5
+		;;
 	-lynx*)
 		os=-lynxos
 		;;
@@ -237,59 +248,90 @@ case $basic_machine in
 	# Some are omitted here because they have special meanings below.
 	1750a | 580 \
 	| a29k \
+	| aarch64 | aarch64_be \
 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
 	| am33_2.0 \
-	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+	| arc | arceb \
+	| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
+	| avr | avr32 \
+	| be32 | be64 \
 	| bfin \
-	| c4x | clipper \
+	| c4x | c8051 | clipper \
 	| d10v | d30v | dlx | dsp16xx \
-	| fr30 | frv \
+	| epiphany \
+	| fido | fr30 | frv \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| hexagon \
 	| i370 | i860 | i960 | ia64 \
 	| ip2k | iq2000 \
-	| m32r | m32rle | m68000 | m68k | m88k | maxq | mb | microblaze | mcore \
+	| k1om \
+	| le32 | le64 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
 	| mips | mipsbe | mipseb | mipsel | mipsle \
 	| mips16 \
 	| mips64 | mips64el \
-	| mips64vr | mips64vrel \
+	| mips64octeon | mips64octeonel \
 	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
 	| mips64vr4100 | mips64vr4100el \
 	| mips64vr4300 | mips64vr4300el \
 	| mips64vr5000 | mips64vr5000el \
 	| mips64vr5900 | mips64vr5900el \
 	| mipsisa32 | mipsisa32el \
 	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa32r6 | mipsisa32r6el \
 	| mipsisa64 | mipsisa64el \
 	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64r6 | mipsisa64r6el \
 	| mipsisa64sb1 | mipsisa64sb1el \
 	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipsr5900 | mipsr5900el \
 	| mipstx39 | mipstx39el \
 	| mn10200 | mn10300 \
+	| moxie \
 	| mt \
 	| msp430 \
+	| nds32 | nds32le | nds32be \
+	| nios | nios2 | nios2eb | nios2el \
 	| ns16k | ns32k \
-	| or32 \
+	| open8 | or1k | or1knd | or32 \
 	| pdp10 | pdp11 | pj | pjl \
-	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| powerpc | powerpc64 | powerpc64le | powerpcle \
 	| pyramid \
-	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+	| riscv32 | riscv64 \
+	| rl78 | rx \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
-	| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
-	| sparcv8 | sparcv9 | sparcv9b \
-	| strongarm \
-	| tahoe | thumb | tic4x | tic80 | tron \
-	| v850 | v850e \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu \
+	| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+	| ubicom32 \
+	| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
+	| visium \
 	| we32k \
-	| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
-	| z8k)
+	| x86 | xc16x | xstormy16 | xtensa \
+	| z8k | z80)
 		basic_machine=$basic_machine-unknown
 		;;
-	m32c)
-		basic_machine=$basic_machine-unknown
+	c54x)
+		basic_machine=tic54x-unknown
 		;;
-	m6811 | m68hc11 | m6812 | m68hc12)
-		# Motorola 68HC11/12.
+	c55x)
+		basic_machine=tic55x-unknown
+		;;
+	c6x)
+		basic_machine=tic6x-unknown
+		;;
+	leon|leon[3-9])
+		basic_machine=sparc-$basic_machine
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
 		basic_machine=$basic_machine-unknown
 		os=-none
 		;;
@@ -299,6 +341,21 @@ case $basic_machine in
 		basic_machine=mt-unknown
 		;;
 
+	strongarm | thumb | xscale)
+		basic_machine=arm-unknown
+		;;
+	xgate)
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	xscaleeb)
+		basic_machine=armeb-unknown
+		;;
+
+	xscaleel)
+		basic_machine=armel-unknown
+		;;
+
 	# We use `pc' rather than `unknown'
 	# because (1) that's what they normally are, and
 	# (2) the word "unknown" tends to confuse beginning users.
@@ -313,65 +370,87 @@ case $basic_machine in
 	# Recognize the basic CPU types with company name.
 	580-* \
 	| a29k-* \
+	| aarch64-* | aarch64_be-* \
 	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
 	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
-	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
-	| avr-* \
+	| avr-* | avr32-* \
+	| be32-* | be64-* \
 	| bfin-* | bs2000-* \
-	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
-	| clipper-* | craynv-* | cydra-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* \
+	| c8051-* | clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
 	| elxsi-* \
-	| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| hexagon-* \
 	| i*86-* | i860-* | i960-* | ia64-* \
 	| ip2k-* | iq2000-* \
-	| m32r-* | m32rle-* \
+	| k1om-* \
+	| le32-* | le64-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
+	| microblaze-* | microblazeel-* \
 	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
 	| mips16-* \
 	| mips64-* | mips64el-* \
-	| mips64vr-* | mips64vrel-* \
+	| mips64octeon-* | mips64octeonel-* \
 	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
 	| mips64vr4100-* | mips64vr4100el-* \
 	| mips64vr4300-* | mips64vr4300el-* \
 	| mips64vr5000-* | mips64vr5000el-* \
 	| mips64vr5900-* | mips64vr5900el-* \
 	| mipsisa32-* | mipsisa32el-* \
 	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa32r6-* | mipsisa32r6el-* \
 	| mipsisa64-* | mipsisa64el-* \
 	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64r6-* | mipsisa64r6el-* \
 	| mipsisa64sb1-* | mipsisa64sb1el-* \
 	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipsr5900-* | mipsr5900el-* \
 	| mipstx39-* | mipstx39el-* \
 	| mmix-* \
 	| mt-* \
 	| msp430-* \
+	| nds32-* | nds32le-* | nds32be-* \
+	| nios-* | nios2-* | nios2eb-* | nios2el-* \
 	| none-* | np1-* | ns16k-* | ns32k-* \
+	| open8-* \
+	| or1k*-* \
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
-	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
 	| pyramid-* \
-	| romp-* | rs6000-* \
-	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+	| rl78-* | romp-* | rs6000-* | rx-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
 	| sparclite-* \
-	| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
-	| tahoe-* | thumb-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+	| tahoe-* \
 	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tile*-* \
 	| tron-* \
-	| v850-* | v850e-* | vax-* \
+	| ubicom32-* \
+	| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+	| vax-* \
+	| visium-* \
 	| we32k-* \
-	| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
-	| xstormy16-* | xtensa-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* \
+	| xstormy16-* | xtensa*-* \
 	| ymp-* \
-	| z8k-*)
+	| z8k-* | z80-*)
 		;;
-	m32c-*)
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
 		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
@@ -389,7 +468,7 @@ case $basic_machine in
 		basic_machine=a29k-amd
 		os=-udi
 		;;
-    	abacus)
+	abacus)
 		basic_machine=abacus-unknown
 		;;
 	adobe68k)
@@ -435,6 +514,10 @@ case $basic_machine in
 		basic_machine=m68k-apollo
 		os=-bsd
 		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
 	aux)
 		basic_machine=m68k-apple
 		os=-aux
@@ -443,10 +526,35 @@ case $basic_machine in
 		basic_machine=ns32k-sequent
 		os=-dynix
 		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c54x-*)
+		basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	c55x-*)
+		basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	c6x-*)
+		basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
 	c90)
 		basic_machine=c90-cray
 		os=-unicos
 		;;
+	cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
 	convex-c1)
 		basic_machine=c1-convex
 		os=-bsd
@@ -475,8 +583,8 @@ case $basic_machine in
 		basic_machine=craynv-cray
 		os=-unicosmp
 		;;
-	cr16c)
-		basic_machine=cr16c-unknown
+	cr16 | cr16-*)
+		basic_machine=cr16-unknown
 		os=-elf
 		;;
 	crds | unos)
@@ -514,6 +622,10 @@ case $basic_machine in
 		basic_machine=m88k-motorola
 		os=-sysv3
 		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
 	djgpp)
 		basic_machine=i586-pc
 		os=-msdosdjgpp
@@ -629,7 +741,6 @@ case $basic_machine in
 	i370-ibm* | ibm*)
 		basic_machine=i370-ibm
 		;;
-# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
 	i*86v32)
 		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-sysv32
@@ -668,6 +779,17 @@ case $basic_machine in
 		basic_machine=m68k-isi
 		os=-sysv
 		;;
+	leon-*|leon[3-9]-*)
+		basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
 	m88k-omron*)
 		basic_machine=m88k-omron
 		;;
@@ -679,10 +801,21 @@ case $basic_machine in
 		basic_machine=ns32k-utek
 		os=-sysv
 		;;
+	microblaze*)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw64)
+		basic_machine=x86_64-pc
+		os=-mingw64
+		;;
 	mingw32)
-		basic_machine=i386-pc
+		basic_machine=i686-pc
 		os=-mingw32
 		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
 	miniframe)
 		basic_machine=m68000-convergent
 		;;
@@ -704,6 +837,10 @@ case $basic_machine in
 		basic_machine=powerpc-unknown
 		os=-morphos
 		;;
+	moxiebox)
+		basic_machine=moxie-unknown
+		os=-moxiebox
+		;;
 	msdos)
 		basic_machine=i386-pc
 		os=-msdos
@@ -711,10 +848,18 @@ case $basic_machine in
 	ms1-*)
 		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
 		;;
+	msys)
+		basic_machine=i686-pc
+		os=-msys
+		;;
 	mvs)
 		basic_machine=i370-ibm
 		os=-mvs
 		;;
+	nacl)
+		basic_machine=le32-unknown
+		os=-nacl
+		;;
 	ncr3000)
 		basic_machine=i486-ncr
 		os=-sysv4
@@ -779,6 +924,12 @@ case $basic_machine in
 	np1)
 		basic_machine=np1-gould
 		;;
+	neo-tandem)
+		basic_machine=neo-tandem
+		;;
+	nse-tandem)
+		basic_machine=nse-tandem
+		;;
 	nsr-tandem)
 		basic_machine=nsr-tandem
 		;;
@@ -809,6 +960,14 @@ case $basic_machine in
 		basic_machine=i860-intel
 		os=-osf
 		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
 	pbd)
 		basic_machine=sparc-tti
 		;;
@@ -853,9 +1012,10 @@ case $basic_machine in
 		;;
 	power)	basic_machine=power-ibm
 		;;
-	ppc)	basic_machine=powerpc-unknown
+	ppc | ppcbe)	basic_machine=powerpc-unknown
 		;;
-	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+	ppc-* | ppcbe-*)
+		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	ppcle | powerpclittle | ppc-le | powerpc-little)
 		basic_machine=powerpcle-unknown
@@ -880,7 +1040,11 @@ case $basic_machine in
 		basic_machine=i586-unknown
 		os=-pw32
 		;;
-	rdos)
+	rdos | rdos64)
+		basic_machine=x86_64-pc
+		os=-rdos
+		;;
+	rdos32)
 		basic_machine=i386-pc
 		os=-rdos
 		;;
@@ -910,6 +1074,10 @@ case $basic_machine in
 	sb1el)
 		basic_machine=mipsisa64sb1el-unknown
 		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
 	sei)
 		basic_machine=mips-sei
 		os=-seiux
@@ -921,6 +1089,9 @@ case $basic_machine in
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
 	sh64)
 		basic_machine=sh64-unknown
 		;;
@@ -942,6 +1113,9 @@ case $basic_machine in
 		basic_machine=i860-stratus
 		os=-sysv4
 		;;
+	strongarm-* | thumb-*)
+		basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
 	sun2)
 		basic_machine=m68000-sun
 		;;
@@ -998,17 +1172,9 @@ case $basic_machine in
 		basic_machine=t90-cray
 		os=-unicos
 		;;
-	tic54x | c54x*)
-		basic_machine=tic54x-unknown
-		os=-coff
-		;;
-	tic55x | c55x*)
-		basic_machine=tic55x-unknown
-		os=-coff
-		;;
-	tic6x | c6x*)
-		basic_machine=tic6x-unknown
-		os=-coff
+	tile*)
+		basic_machine=$basic_machine-unknown
+		os=-linux-gnu
 		;;
 	tx39)
 		basic_machine=mipstx39-unknown
@@ -1077,6 +1243,9 @@ case $basic_machine in
 	xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
+	xscale-* | xscalee[bl]-*)
+		basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+		;;
 	ymp)
 		basic_machine=ymp-cray
 		os=-unicos
@@ -1085,6 +1254,10 @@ case $basic_machine in
 		basic_machine=z8k-unknown
 		os=-sim
 		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
 	none)
 		basic_machine=none-none
 		os=-none
@@ -1123,10 +1296,10 @@ case $basic_machine in
 	we32k)
 		basic_machine=we32k-att
 		;;
-	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
 		basic_machine=sh-unknown
 		;;
-	sparc | sparcv8 | sparcv9 | sparcv9b)
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
 		basic_machine=sparc-sun
 		;;
 	cydra)
@@ -1170,9 +1343,12 @@ esac
 if [ x"$os" != x"" ]
 then
 case $os in
-        # First match some system type aliases
-        # that might get confused with valid system types.
+	# First match some system type aliases
+	# that might get confused with valid system types.
 	# -solaris* is a basic system type, with this one exception.
+	-auroraux)
+		os=-auroraux
+		;;
 	-solaris1 | -solaris1.*)
 		os=`echo $os | sed -e 's|solaris1|sunos4|'`
 		;;
@@ -1193,29 +1369,31 @@ case $os in
 	# Each alternative MUST END IN A *, to match a version number.
 	# -sysv* is not here because it comes later, after sysvr4.
 	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
-	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
-	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+	      | -sym* | -kopensolaris* | -plan9* \
 	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* \
+	      | -aos* | -aros* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
 	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
-	      | -openbsd* | -solidbsd* \
+	      | -bitrig* | -openbsd* | -solidbsd* \
 	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
 	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* \
-	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
-	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
 	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
 	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-	      | -skyos* | -haiku* | -rdos*)
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@@ -1254,7 +1432,7 @@ case $os in
 	-opened*)
 		os=-openedition
 		;;
-        -os400*)
+	-os400*)
 		os=-os400
 		;;
 	-wince*)
@@ -1303,7 +1481,7 @@ case $os in
 	-sinix*)
 		os=-sysv4
 		;;
-        -tpf*)
+	-tpf*)
 		os=-tpf
 		;;
 	-triton*)
@@ -1339,12 +1517,14 @@ case $os in
 	-aros*)
 		os=-aros
 		;;
-	-kaos*)
-		os=-kaos
-		;;
 	-zvmoe)
 		os=-zvmoe
 		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-nacl*)
+		;;
 	-none)
 		;;
 	*)
@@ -1367,6 +1547,12 @@ else
 # system, and we'll never get to this point.
 
 case $basic_machine in
+	score-*)
+		os=-elf
+		;;
+	spu-*)
+		os=-elf
+		;;
 	*-acorn)
 		os=-riscix1.2
 		;;
@@ -1376,9 +1562,24 @@ case $basic_machine in
 	arm*-semi)
 		os=-aout
 		;;
-    c4x-* | tic4x-*)
-        os=-coff
-        ;;
+	c4x-* | tic4x-*)
+		os=-coff
+		;;
+	c8051-*)
+		os=-elf
+		;;
+	hexagon-*)
+		os=-elf
+		;;
+	tic54x-*)
+		os=-coff
+		;;
+	tic55x-*)
+		os=-coff
+		;;
+	tic6x-*)
+		os=-coff
+		;;
 	# This must come before the *-dec entry.
 	pdp10-*)
 		os=-tops20
@@ -1397,13 +1598,13 @@ case $basic_machine in
 		;;
 	m68000-sun)
 		os=-sunos3
-		# This also exists in the configure program, but was not the
-		# default.
-		# os=-sunos4
 		;;
 	m68*-cisco)
 		os=-aout
 		;;
+	mep-*)
+		os=-elf
+		;;
 	mips*-cisco)
 		os=-elf
 		;;
@@ -1428,7 +1629,7 @@ case $basic_machine in
 	*-ibm)
 		os=-aix
 		;;
-    	*-knuth)
+	*-knuth)
 		os=-mmixware
 		;;
 	*-wec)
@@ -1533,7 +1734,7 @@ case $basic_machine in
 			-sunos*)
 				vendor=sun
 				;;
-			-aix*)
+			-cnk*|-aix*)
 				vendor=ibm
 				;;
 			-beos*)

build-aux/custom_help.m4

@@ -0,0 +1,131 @@
+# _AC_INIT_HELP
+# -------------
+# Handle the `configure --help' message.
+m4_define([_AC_INIT_HELP],
+[m4_divert_push([HELP_BEGIN])dnl
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures m4_ifset([AC_PACKAGE_STRING],
+            [AC_PACKAGE_STRING],
+            [this package]) to adapt to many kinds of systems.
+
+Usage: $[0] [[OPTION]]... [[VAR=VALUE]]...
+
+[To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking ...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [/usr/local/nagios]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`/usr/local/nagios/bin', \`/usr/local/nagios/lib' etc.  You can specify
+an installation prefix other than \`/usr/local/nagios' using \`--prefix',
+for instance \`--prefix=$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        plugins, brokers, CGI [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           r/o arch.-independent data [DATAROOTDIR/PKG_NAME]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+_ACEOF
+
+  cat <<\_ACEOF]
+m4_divert_pop([HELP_BEGIN])dnl
+dnl The order of the diversions here is
+dnl - HELP_BEGIN
+dnl   which may be extended by extra generic options such as with X or
+dnl   AC_ARG_PROGRAM.  Displayed only in long --help.
+dnl
+dnl - HELP_CANON
+dnl   Support for cross compilation (--build, --host and --target).
+dnl   Display only in long --help.
+dnl
+dnl - HELP_ENABLE
+dnl   which starts with the trailer of the HELP_BEGIN, HELP_CANON section,
+dnl   then implements the header of the non generic options.
+dnl
+dnl - HELP_WITH
+dnl
+dnl - HELP_VAR
+dnl
+dnl - HELP_VAR_END
+dnl
+dnl - HELP_END
+dnl   initialized below, in which we dump the trailer (handling of the
+dnl   recursion for instance).
+m4_divert_push([HELP_ENABLE])dnl
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+m4_ifset([AC_PACKAGE_STRING],
+[  case $ac_init_help in
+     short | recursive ) echo "Configuration of AC_PACKAGE_STRING:";;
+   esac])
+  cat <<\_ACEOF
+m4_divert_pop([HELP_ENABLE])dnl
+m4_divert_push([HELP_END])dnl
+
+Report bugs to m4_ifset([AC_PACKAGE_BUGREPORT], [<AC_PACKAGE_BUGREPORT>],
+  [the package provider]).dnl
+m4_ifdef([AC_PACKAGE_NAME], [m4_ifset([AC_PACKAGE_URL], [
+AC_PACKAGE_NAME home page: <AC_PACKAGE_URL>.])dnl
+m4_if(m4_index(m4_defn([AC_PACKAGE_NAME]), [GNU ]), [0], [
+General help using GNU software: <http://www.gnu.org/gethelp/>.])])
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    _AC_SRCDIRS(["$ac_dir"])
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      AC_MSG_WARN([no configuration information is in $ac_dir])
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+m4_divert_pop([HELP_END])dnl
+])# _AC_INIT_HELP

build-aux/install-sh

@@ -0,0 +1,501 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2013-12-25.23; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# 'make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+tab='	'
+nl='
+'
+IFS=" $tab$nl"
+
+# Set DOITPROG to "echo" to test this script.
+
+doit=${DOITPROG-}
+doit_exec=${doit:-exec}
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+is_target_a_directory=possibly
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+        case $mode in
+          *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
+            echo "$0: invalid mode: $mode" >&2
+            exit 1;;
+        esac
+        shift;;
+
+    -o) chowncmd="$chownprog $2"
+        shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t)
+        is_target_a_directory=always
+        dst_arg=$2
+        # Protect names problematic for 'test' and other utilities.
+        case $dst_arg in
+          -* | [=\(\)!]) dst_arg=./$dst_arg;;
+        esac
+        shift;;
+
+    -T) is_target_a_directory=never;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --) shift
+        break;;
+
+    -*) echo "$0: invalid option: $1" >&2
+        exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+# We allow the use of options -d and -T together, by making -d
+# take the precedence; this is for compatibility with GNU install.
+
+if test -n "$dir_arg"; then
+  if test -n "$dst_arg"; then
+    echo "$0: target directory not allowed when installing a directory." >&2
+    exit 1
+  fi
+fi
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for 'test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call 'install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  if test $# -gt 1 || test "$is_target_a_directory" = always; then
+    if test ! -d "$dst_arg"; then
+      echo "$0: $dst_arg: Is not a directory." >&2
+      exit 1
+    fi
+  fi
+fi
+
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for 'test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test "$is_target_a_directory" = never; then
+        echo "$0: $dst_arg: Is a directory" >&2
+        exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      dstdir=`dirname "$dst"`
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+        # Create intermediate dirs using mode 755 as modified by the umask.
+        # This is like FreeBSD 'install' as of 1997-10-28.
+        umask=`umask`
+        case $stripcmd.$umask in
+          # Optimize common cases.
+          *[2367][2367]) mkdir_umask=$umask;;
+          .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+          *[0-7])
+            mkdir_umask=`expr $umask + 22 \
+              - $umask % 100 % 40 + $umask % 20 \
+              - $umask % 10 % 4 + $umask % 2
+            `;;
+          *) mkdir_umask=$umask,go-w;;
+        esac
+
+        # With -d, create the new directory with the user-specified mode.
+        # Otherwise, rely on $mkdir_umask.
+        if test -n "$dir_arg"; then
+          mkdir_mode=-m$mode
+        else
+          mkdir_mode=
+        fi
+
+        posix_mkdir=false
+        case $umask in
+          *[123567][0-7][0-7])
+            # POSIX mkdir -p sets u+wx bits regardless of umask, which
+            # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+            ;;
+          *)
+            tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+            trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+            if (umask $mkdir_umask &&
+                exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+            then
+              if test -z "$dir_arg" || {
+                   # Check for POSIX incompatibilities with -m.
+                   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+                   # other-writable bit of parent directory when it shouldn't.
+                   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+                   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+                   case $ls_ld_tmpdir in
+                     d????-?r-*) different_mode=700;;
+                     d????-?--*) different_mode=755;;
+                     *) false;;
+                   esac &&
+                   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+                     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+                     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+                   }
+                 }
+              then posix_mkdir=:
+              fi
+              rmdir "$tmpdir/d" "$tmpdir"
+            else
+              # Remove any dirs left behind by ancient mkdir implementations.
+              rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+            fi
+            trap '' 0;;
+        esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+        umask $mkdir_umask &&
+        $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+        /*) prefix='/';;
+        [-=\(\)!]*) prefix='./';;
+        *)  prefix='';;
+      esac
+
+      oIFS=$IFS
+      IFS=/
+      set -f
+      set fnord $dstdir
+      shift
+      set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+        test X"$d" = X && continue
+
+        prefix=$prefix$d
+        if test -d "$prefix"; then
+          prefixes=
+        else
+          if $posix_mkdir; then
+            (umask=$mkdir_umask &&
+             $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+            # Don't fail if two instances are running concurrently.
+            test -d "$prefix" || exit 1
+          else
+            case $prefix in
+              *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+              *) qprefix=$prefix;;
+            esac
+            prefixes="$prefixes '$qprefix'"
+          fi
+        fi
+        prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+        # Don't fail if two instances are running concurrently.
+        (umask $mkdir_umask &&
+         eval "\$doit_exec \$mkdirprog $prefixes") ||
+          test -d "$dstdir" || exit 1
+        obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"     2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"  2>/dev/null` &&
+       set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       set +f &&
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+        # Now remove or move aside any old file at destination location.
+        # We try this two ways since rm can't unlink itself on some
+        # systems and the destination file might be busy for other
+        # reasons.  In this case, the final cleanup might fail but the new
+        # file should still install successfully.
+        {
+          test ! -f "$dst" ||
+          $doit $rmcmd -f "$dst" 2>/dev/null ||
+          { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+            { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+          } ||
+          { echo "$0: cannot unlink or rename $dst" >&2
+            (exit 1); exit 1
+          }
+        } &&
+
+        # Now rename the file to the real destination.
+        $doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

configure.ac

@@ -0,0 +1,391 @@
+dnl Process this -*-m4-*- file with autoconf to produce a configure script.
+
+dnl Disable caching
+define([AC_CACHE_LOAD],)
+define([AC_CACHE_SAVE],)
+
+m4_include([build-aux/custom_help.m4])
+AC_INIT([nrpe],[nrpe-3.0],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
+AC_CONFIG_SRCDIR([src/nrpe.c])
+AC_CONFIG_AUX_DIR([build-aux])
+AC_PREFIX_DEFAULT(/usr/local/nagios)
+
+PKG_NAME=nrpe
+PKG_VERSION="nrpe-3.0"
+PKG_HOME_URL="http://www.nagios.org/"
+PKG_REL_DATE="07-12-2016"
+RPM_RELEASE=1
+
+LANG=C
+LC_ALL=C
+LC_COLLATE=C
+LC_CTYPE=C
+LC_MESSAGES=C
+LC_MONETARY=C
+LC_NUMERIC=C
+LC_TIME=C
+
+AC_SUBST(PKG_NAME)
+AC_SUBST(PKG_VERSION)
+AC_SUBST(PKG_HOME_URL)
+AC_SUBST(PKG_REL_DATE)
+AC_SUBST(RPM_RELEASE)
+AC_SUBST(INSTALL)
+AC_SUBST(SNPRINTF_O)
+AC_SUBST(LDFLAGS)
+AC_SUBST(OTHERLIBS)
+AC_SUBST(SOCKETLIBS)
+AC_SUBST(LIBWRAPLIBS)
+AC_SUBST(NRPE_INSTALL_OPTS)
+AC_SUBST(log_facility)
+AC_SUBST(nrpe_user)
+AC_SUBST(nrpe_group)
+AC_SUBST(nrpe_port)
+AC_SUBST(nagios_user)
+AC_SUBST(nagios_group)
+AC_SUBST(NAGIOS_INSTALL_OPTS)
+AC_SUBST(TARGET_VER)
+AC_SUBST(TARGET_OS)
+AC_SUBST(TARGET_ARCH)
+AC_SUBST(TARGET_PLATFORM)
+
+dnl Figure out how to invoke "install" and what install options to use.
+AC_PROG_INSTALL
+
+dnl Get O/S, Distribution, init, inetd, system-specific directories
+AC_NAGIOS_GET_OS
+AC_NAGIOS_GET_DISTRIB_TYPE
+AC_NAGIOS_GET_INIT
+AC_NAGIOS_GET_INETD
+AC_NAGIOS_GET_PATHS
+AC_NAGIOS_GET_FILES
+
+if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
+	AC_DEFINE(SOLARIS_10,yes)
+fi
+
+dnl Do they just want to see where things will go?
+if test x${showdirs_only} = xyes; then
+	AC_CONFIG_FILES([paths])
+	AC_OUTPUT()
+	chmod 755 paths
+	./paths
+	exit 0
+fi
+
+AC_CONFIG_HEADERS([include/config.h])
+AC_CONFIG_FILES([Makefile
+	src/Makefile
+	nrpe.spec
+	uninstall
+	sample-config/nrpe.cfg
+	startup/bsd-init
+	startup/debian-init
+	startup/default-init
+	startup/default-inetd
+	startup/default-service
+	startup/default-socket
+	startup/default-socket-svc
+	startup/default-xinetd
+	startup/mac-init.plist
+	startup/mac-inetd.plist
+	startup/newbsd-init
+	startup/openbsd-init
+	startup/openrc-conf
+	startup/openrc-init
+	startup/solaris-init.xml
+	startup/solaris-inetd.xml
+	startup/tmpfile.conf
+	startup/upstart-init
+	startup/rh-upstart-init
+	include/common.h
+])
+
+dnl Checks for programs.
+AC_PROG_CC
+AC_PROG_MAKE_SET
+
+dnl Checks for header files.
+AC_HEADER_STDC
+AC_HEADER_TIME
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h)
+AC_CHECK_HEADERS(netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h)
+AC_CHECK_HEADERS(tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h)
+AC_CHECK_HEADERS(sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
+AC_CHECK_HEADERS(paths.h)
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_STRUCT_TM
+AC_TYPE_MODE_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_TYPE_SIGNAL
+AC_TYPE_GETGROUPS
+
+dnl Check lengths for later tests of u_int32_t and int32_t
+AC_CHECK_SIZEOF(int)
+AC_CHECK_SIZEOF(short)
+AC_CHECK_SIZEOF(long)
+
+dnl Define u_int32_t if we don't have it already (Solaris, etc.)
+AC_CHECK_TYPE(uint32_t,unsigned int)
+AC_CHECK_TYPE(u_int32_t,unsigned int)
+if test "$ac_cv_type_u_int32_t" = no ; then
+	if test "$ac_cv_type_u_int32_t" = yes ; then
+		AC_DEFINE(U_INT32_T_IS_UINT32_T,[1],[u_int32_t is uint32_t])
+	else
+		if test "$ac_cv_sizeof_int" = 4 ; then
+			AC_DEFINE(U_INT32_T_IS_UINT,[1],[u_int32_t is uint])
+		else
+			if test "$ac_cv_sizeof_long" = 4 ; then
+				AC_DEFINE(U_INT32_T_IS_ULONG,[1],[u_int32_t is ulong])
+			else
+				if test "$ac_cv_sizeof_short" = 4 ; then
+					AC_DEFINE(U_INT32_T_IS_USHORT,[1],[u_int32_t is ushort])
+				fi
+			fi
+		fi
+	fi
+fi
+
+dnl Define int32_t if we don't have it already
+AC_CHECK_TYPE(int32_t,int)
+if test "$ac_cv_type_int32_t" = no ; then
+	if test "$ac_cv_sizeof_int" = 4 ; then
+		AC_DEFINE(INT32_T_IS_UINT,[1],[int32_t is uint])
+	else
+		if test "$ac_cv_sizeof_long" = 4 ; then
+			AC_DEFINE(INT32_T_IS_ULONG,[1],[int32_t is ulong])
+		else
+			if test "$ac_cv_sizeof_short" = 4 ; then
+				AC_DEFINE(INT32_T_IS_USHORT,[1],[int32_t is ushort])
+			fi
+		fi
+	fi
+fi
+
+dnl Check for struct sockaddr_storate
+AC_CHECK_TYPES([struct sockaddr_storage],[],[],[#include <sys/socket.h>])
+
+dnl Should we use seteuid() or setresuid()?
+AC_CHECK_FUNC(seteuid,
+	AC_DEFINE(SETEUID(id),[seteuid(id)]),
+	AC_DEFINE(SETEUID(id),[setresuid((uid_t) -1, id, (uid_t) -1)])
+)
+
+dnl Check for asprintf() and friends...
+AC_CACHE_CHECK([for va_copy],ac_cv_HAVE_VA_COPY,[
+AC_TRY_LINK([#include <stdarg.h>
+va_list ap1,ap2;], [va_copy(ap1,ap2);],
+ac_cv_HAVE_VA_COPY=yes,
+ac_cv_HAVE_VA_COPY=no)])
+if test x"$ac_cv_HAVE_VA_COPY" = x"yes"; then
+	AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
+else
+	AC_CACHE_CHECK([for __va_copy],ac_cv_HAVE___VA_COPY,[
+	AC_TRY_LINK([#include <stdarg.h>
+	va_list ap1,ap2;], [__va_copy(ap1,ap2);],
+	ac_cv_HAVE___VA_COPY=yes,
+	ac_cv_HAVE___VA_COPY=no)])
+	if test x"$ac_cv_HAVE___VA_COPY" = x"yes"; then
+		AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
+	fi
+fi
+
+AC_CHECK_FUNC(vsnprintf,,SNPRINTF_O=./snprintf.o)
+AC_CHECK_FUNC(snprintf,,SNPRINTF_O=./snprintf.o)
+AC_CHECK_FUNC(asprintf,,SNPRINTF_O=./snprintf.o)
+AC_CHECK_FUNC(vasprintf,,SNPRINTF_O=./snprintf.o)
+
+AC_CACHE_CHECK([for C99 vsnprintf],ac_cv_HAVE_C99_VSNPRINTF,[
+AC_TRY_RUN([
+#include <sys/types.h>
+#include <stdarg.h>
+void foo(const char *format, ...) {
+	va_list ap;
+	int len;
+	char buf[5];
+
+	va_start(ap, format);
+	len = vsnprintf(buf, 0, format, ap);
+	va_end(ap);
+	if (len != 5) exit(1);
+
+	va_start(ap, format);
+	len = vsnprintf(0, 0, format, ap);
+	va_end(ap);
+	if (len != 5) exit(1);
+
+	if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
+
+	exit(0);
+}
+main() { foo("hello"); }
+],
+ac_cv_HAVE_C99_VSNPRINTF=yes,ac_cv_HAVE_C99_VSNPRINTF=no,ac_cv_HAVE_C99_VSNPRINTF=cross)])
+if test x"$ac_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
+	AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Define if system has C99 compatible vsnprintf])
+fi
+
+dnl AC_CHECK_FUNC(snprintf,AC_DEFINE(HAVE_SNPRINTF),SNPRINTF_O=./snprintf.o)
+
+dnl Check for getopt_long (Solaris)
+AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OTHERLIBS -liberty"))
+
+dnl Checks for library functions.
+AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
+AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
+AC_CHECK_LIB(wrap,main,[
+	LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
+	AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
+	AC_TRY_LINK([#include <tcpd.h>
+		],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT))
+	])
+AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction)
+
+dnl socklen_t check - from curl
+AC_CHECK_TYPE([socklen_t], ,[
+	AC_MSG_CHECKING([for socklen_t equivalent])
+	AC_CACHE_VAL([curl_cv_socklen_t_equiv],
+	[
+		# Systems have either "struct sockaddr *" or
+		# "void *" as the second argument to getpeername
+		curl_cv_socklen_t_equiv=
+		for arg2 in "struct sockaddr" void; do
+			for t in int size_t unsigned long "unsigned long"; do
+				AC_TRY_COMPILE([
+					#ifdef HAVE_SYS_TYPES_H
+					#include <sys/types.h>
+					#endif
+					#ifdef HAVE_SYS_SOCKET_H
+					#include <sys/socket.h>
+					#endif
+
+					int getpeername (int, $arg2 *, $t *);
+				],[
+					$t len;
+					getpeername(0,0,&len);
+				],[
+					curl_cv_socklen_t_equiv="$t"
+					break
+				])
+			done
+		done
+
+		if test "x$curl_cv_socklen_t_equiv" = x; then
+			AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+		fi
+	])
+	AC_MSG_RESULT($curl_cv_socklen_t_equiv)
+	AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
+						[type to use in place of socklen_t if not defined])],
+		[#include <sys/types.h>
+#include <sys/socket.h>])
+
+
+AC_MSG_CHECKING(for type of socket size)
+AC_TRY_COMPILE([#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+],
+[int a = send(1, (const void *)0, (size_t *) 0, (int *) 0);],
+[AC_DEFINE(SOCKET_SIZE_TYPE, size_t, [Socket Size Type]) AC_MSG_RESULT(size_t)],
+[AC_DEFINE(SOCKET_SIZE_TYPE, int, [Socket Size Type]) AC_MSG_RESULT(int)])
+
+dnl Does user want to check for SSL?
+AC_ARG_ENABLE([ssl],
+	AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
+	if test x$enableval = xyes; then
+		check_for_ssl=yes
+	else
+		check_for_ssl=no
+	fi
+	],check_for_ssl=yes)
+
+dnl Optional SSL library and include paths
+if test x$check_for_ssl = xyes; then
+	# need_dh should only be set for NRPE
+	need_dh=yes
+	AC_NAGIOS_GET_SSL
+fi
+
+AC_ARG_WITH([log_facility],
+	AS_HELP_STRING([--with-log-facility=<facility>],
+		[sets NRPE syslog facility]),
+	[log_facility=$withval],
+	[log_facility=daemon])
+AC_DEFINE_UNQUOTED(NRPE_LOG_FACILITY,["$log_facility"],[NRPE syslog facility])
+
+AC_ARG_WITH([nrpe_user],
+	AS_HELP_STRING([--with-nrpe-user=<user>],[sets user name to run NRPE]),
+	[nrpe_user=$withval],
+	[nrpe_user=nagios])
+
+AC_ARG_WITH([nrpe_group],
+	AS_HELP_STRING([--with-nrpe-group=<group>],[sets group name to run NRPE]),
+	[nrpe_group=$withval],
+	[nrpe_group=nagios])
+
+AC_ARG_WITH([nrpe_port],
+	AS_HELP_STRING([--with-nrpe-port=<port>],
+		[sets port number for NRPE to listen on]),
+	[nrpe_port=$withval],
+	[nrpe_port=5666])
+NRPE_INSTALL_OPTS="-o $nrpe_user -g $nrpe_group"
+AC_DEFINE_UNQUOTED(DEFAULT_SERVER_PORT,$nrpe_port,[Default port for NRPE daemon])
+
+AC_ARG_WITH([nagios_user],
+	AS_HELP_STRING([--with-nagios-user=<user>],
+		[sets user name for file permissions]),
+	[nagios_user=$withval],
+	[nagios_user=nagios])
+AC_ARG_WITH([nagios_group],
+	AS_HELP_STRING([--with-nagios-group=<grp>],
+		[sets group name file permissions]),
+	[nagios_group=$withval],
+	[nagios_group=nagios])
+NAGIOS_INSTALL_OPTS="-o $nagios_user -g $nagios_group"
+
+	dnl On HP-UX the compile will fail with a 'Duplicate symbol "setenv"' error
+	dnl in '/usr/local/lib/libwrap.a(setenv.o)' and '/usr/local/lib/libiberty.a(setenv.o)'
+	dnl so allow duplicate symbols, and use the first one
+	if test "`uname -s`" = "HP-UX" ; then
+		LDFLAGS="$LDFLAGS -Wl,+allowdups";
+	fi
+
+AC_ARG_ENABLE([command-args],
+	AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments.  *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]),
+	AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]))
+
+AC_ARG_ENABLE([bash-command-substitution],
+	AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command).  *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]),
+	AC_DEFINE_UNQUOTED(ENABLE_BASH_COMMAND_SUBSTITUTION,[1],[Enable bash command substitution]))
+
+
+AC_PATH_PROG(PERL,perl)
+AC_OUTPUT()
+
+dnl Review options
+echo ""
+echo ""
+AC_MSG_RESULT([*** Configuration summary for $PKG_NAME $PKG_VERSION $PKG_REL_DATE ***:])
+
+echo "";\
+echo " General Options:";\
+echo " -------------------------"
+
+AC_MSG_RESULT([ NRPE port:    $nrpe_port])
+AC_MSG_RESULT([ NRPE user:    $nrpe_user])
+AC_MSG_RESULT([ NRPE group:   $nrpe_group])
+AC_MSG_RESULT([ Nagios user:  $nagios_user])
+AC_MSG_RESULT([ Nagios group: $nagios_group])
+
+
+echo "";\
+echo "";\
+echo "Review the options above for accuracy.  If they look okay,";\
+echo "type 'make all' to compile the NRPE daemon and client";\
+echo "or type 'make' to get a list of make options.";\
+echo ""

configure.in

@@ -1,481 +0,0 @@
-dnl Process this -*-m4-*- file with autoconf to produce a configure script.
-
-dnl Disable caching
-define([AC_CACHE_LOAD],)
-define([AC_CACHE_SAVE],)
-
-AC_INIT([nrpe],[2.15],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org])
-AC_CONFIG_SRCDIR([src/nrpe.c])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_FILES([Makefile
-	subst
-	src/Makefile
-	package/solaris/Makefile
-	init-script
-	init-script.debian
-	init-script.suse
-	nrpe.spec
-	sample-config/nrpe.cfg
-	sample-config/nrpe.xinetd])
-AC_PREFIX_DEFAULT(/usr/local/nagios)
-
-PKG_NAME=nrpe
-PKG_VERSION="2.15"
-PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="09-06-2013"
-RPM_RELEASE=1
-AC_SUBST(PKG_NAME)
-AC_SUBST(PKG_VERSION)
-AC_SUBST(PKG_HOME_URL)
-AC_SUBST(PKG_REL_DATE)
-AC_SUBST(RPM_RELEASE)
-
-dnl Figure out how to invoke "install" and what install options to use.
-AC_PROG_INSTALL
-AC_SUBST(INSTALL)
-
-dnl What OS are we running?
-AC_CANONICAL_HOST
-
-dnl Checks for programs.
-AC_PROG_CC
-AC_PROG_MAKE_SET
-
-dnl Checks for header files.
-AC_HEADER_STDC
-AC_HEADER_TIME
-AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
-
-dnl Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_STRUCT_TM
-AC_TYPE_MODE_T
-AC_TYPE_PID_T
-AC_TYPE_SIZE_T
-AC_TYPE_SIGNAL
-AC_TYPE_GETGROUPS
-
-dnl Check lengths for later tests of u_int32_t and int32_t
-AC_CHECK_SIZEOF(int)
-AC_CHECK_SIZEOF(short)
-AC_CHECK_SIZEOF(long)
-
-dnl Define u_int32_t if we don't have it already (Solaris, etc.)
-AC_CHECK_TYPE(uint32_t,unsigned int)
-AC_CHECK_TYPE(u_int32_t,unsigned int)
-if test "$ac_cv_type_u_int32_t" = no ; then
-	if test "$ac_cv_type_u_int32_t" = yes ; then
-		AC_DEFINE(U_INT32_T_IS_UINT32_T,[1],[u_int32_t is uint32_t])
-	else
-		if test "$ac_cv_sizeof_int" = 4 ; then
-			AC_DEFINE(U_INT32_T_IS_UINT,[1],[u_int32_t is uint])
-		else
-			if test "$ac_cv_sizeof_long" = 4 ; then
-				AC_DEFINE(U_INT32_T_IS_ULONG,[1],[u_int32_t is ulong])
-			else
-				if test "$ac_cv_sizeof_short" = 4 ; then
-					AC_DEFINE(U_INT32_T_IS_USHORT,[1],[u_int32_t is ushort])
-				fi
-			fi
-		fi
-	fi
-fi
-
-dnl Define int32_t if we don't have it already
-AC_CHECK_TYPE(int32_t,int)
-if test "$ac_cv_type_int32_t" = no ; then
-	if test "$ac_cv_sizeof_int" = 4 ; then
-		AC_DEFINE(INT32_T_IS_UINT,[1],[int32_t is uint])
-	else
-		if test "$ac_cv_sizeof_long" = 4 ; then
-			AC_DEFINE(INT32_T_IS_ULONG,[1],[int32_t is ulong])
-		else
-			if test "$ac_cv_sizeof_short" = 4 ; then
-				AC_DEFINE(INT32_T_IS_USHORT,[1],[int32_t is ushort])
-			fi
-		fi
-	fi
-fi
-
-
-dnl Check for asprintf() and friends...
-AC_CACHE_CHECK([for va_copy],ac_cv_HAVE_VA_COPY,[
-AC_TRY_LINK([#include <stdarg.h>
-va_list ap1,ap2;], [va_copy(ap1,ap2);],
-ac_cv_HAVE_VA_COPY=yes,
-ac_cv_HAVE_VA_COPY=no)])
-if test x"$ac_cv_HAVE_VA_COPY" = x"yes"; then
-    AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
-else    
-    AC_CACHE_CHECK([for __va_copy],ac_cv_HAVE___VA_COPY,[
-    AC_TRY_LINK([#include <stdarg.h>
-    va_list ap1,ap2;], [__va_copy(ap1,ap2);],
-    ac_cv_HAVE___VA_COPY=yes,
-    ac_cv_HAVE___VA_COPY=no)])
-    if test x"$ac_cv_HAVE___VA_COPY" = x"yes"; then
-        AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
-    fi
-fi
-
-AC_CHECK_FUNC(vsnprintf,,SNPRINTF_O=./snprintf.o)
-AC_CHECK_FUNC(snprintf,,SNPRINTF_O=./snprintf.o)
-AC_CHECK_FUNC(asprintf,,SNPRINTF_O=./snprintf.o)
-AC_CHECK_FUNC(vasprintf,,SNPRINTF_O=./snprintf.o)
-
-AC_CACHE_CHECK([for C99 vsnprintf],ac_cv_HAVE_C99_VSNPRINTF,[
-AC_TRY_RUN([
-#include <sys/types.h>
-#include <stdarg.h>
-void foo(const char *format, ...) { 
-       va_list ap;
-       int len;
-       char buf[5];
-
-       va_start(ap, format);
-       len = vsnprintf(buf, 0, format, ap);
-       va_end(ap);
-       if (len != 5) exit(1);
-
-       va_start(ap, format);
-       len = vsnprintf(0, 0, format, ap);
-       va_end(ap);
-       if (len != 5) exit(1);
-
-       if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
-
-       exit(0);
-}
-main() { foo("hello"); }
-],
-ac_cv_HAVE_C99_VSNPRINTF=yes,ac_cv_HAVE_C99_VSNPRINTF=no,ac_cv_HAVE_C99_VSNPRINTF=cross)])
-if test x"$ac_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
-    AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Define if system has C99 compatible vsnprintf])
-fi
-
-dnl AC_CHECK_FUNC(snprintf,AC_DEFINE(HAVE_SNPRINTF),SNPRINTF_O=./snprintf.o)
-AC_SUBST(SNPRINTF_O)
-
-dnl Check for getopt_long (Solaris)
-AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OTHERLIBS -liberty"))
-AC_SUBST(OTHERLIBS)
-
-dnl Checks for library functions.
-AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
-AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
-AC_SUBST(SOCKETLIBS)
-AC_CHECK_LIB(wrap,main,[
-	LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
-	AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
-	])
-AC_SUBST(LIBWRAPLIBS)
-AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
-
-dnl socklen_t check - from curl
-AC_CHECK_TYPE([socklen_t], ,[
-       AC_MSG_CHECKING([for socklen_t equivalent])
-       AC_CACHE_VAL([curl_cv_socklen_t_equiv],
-       [
-          # Systems have either "struct sockaddr *" or
-          # "void *" as the second argument to getpeername
-          curl_cv_socklen_t_equiv=
-          for arg2 in "struct sockaddr" void; do
-             for t in int size_t unsigned long "unsigned long"; do
-                AC_TRY_COMPILE([
-                   #ifdef HAVE_SYS_TYPES_H
-                   #include <sys/types.h>
-                   #endif 
-                   #ifdef HAVE_SYS_SOCKET_H
-                   #include <sys/socket.h>
-                   #endif
-                   
-                   int getpeername (int, $arg2 *, $t *);
-                ],[
-                   $t len;
-                   getpeername(0,0,&len);
-                ],[
-                   curl_cv_socklen_t_equiv="$t"
-                   break
-                ])
-             done
-          done
- 
-          if test "x$curl_cv_socklen_t_equiv" = x; then
-             AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
-          fi
-       ])
-       AC_MSG_RESULT($curl_cv_socklen_t_equiv)
-       AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
-                         [type to use in place of socklen_t if not defined])],
-       [#include <sys/types.h>
-#include <sys/socket.h>])
-
-
-AC_MSG_CHECKING(for type of socket size)
-AC_TRY_COMPILE([#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-],
-[int a = send(1, (const void *)0, (size_t *) 0, (int *) 0);],
-[AC_DEFINE(SOCKET_SIZE_TYPE, size_t, [Socket Size Type]) AC_MSG_RESULT(size_t)],
-[AC_DEFINE(SOCKET_SIZE_TYPE, int, [Socket Size Type]) AC_MSG_RESULT(int)])
-
-dnl Stolen from Python code: loewis@users.sourceforge.net
-#AC_CHECK_TYPE(socklen_t,int,
-#	AC_DEFINE(socklen_t,int,
-#	Define to `int' if <sys/socket.h> does not define.),[
-#	#ifdef HAVE_SYS_TYPES_H
-#	#include <sys/types.h>
-#	#endif
-#	#ifdef HAVE_SYS_SOCKET_H
-#	#include <sys/socket.h>
-#	#endif
-#	])
-
-dnl Does user want to check for SSL?
-AC_ARG_ENABLE([ssl],
-	AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
-	if test x$enableval = xyes; then
-		check_for_ssl=yes
-	else
-		check_for_ssl=no
-	fi
-	],check_for_ssl=yes)
-
-dnl Optional SSL library and include paths
-ssl_dir=
-ssl_inc_dir=
-ssl_lib_dir=
-AC_ARG_WITH([ssl],
-	AS_HELP_STRING([--with-ssl=DIR],[sets location of the SSL installation]),
-	[ssl_dir=$withval])
-AC_ARG_WITH([ssl-inc],
-	AS_HELP_STRING([--with-ssl-inc=DIR],
-		[sets location of the SSL include files]),
-	[ ssl_inc_dir=$withval])
-AC_ARG_WITH([ssl-lib],
-	AS_HELP_STRING([--with-ssl-lib=DIR],[sets location of the SSL libraries]),
-	[ssl_lib_dir=$withval])
-AC_ARG_WITH([kerberos-inc],
-	AS_HELP_STRING([--with-kerberos-inc=DIR],
-		[sets location of the Kerberos include files]),
-	[kerberos_inc_dir=$withval])
-
-dnl Check for SSL support
-dnl Modified version of Mark Ethan Trostler's macro <trostler@juniper.net>
-if test x$check_for_ssl = xyes; then
-	AC_MSG_CHECKING(for SSL headers)
-	found_ssl=no
-	for dir in $ssl_inc_dir $ssl_dir /usr/local/openssl /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr /usr/freeware/lib/openssl /usr/sfw/include; do
-		ssldir="$dir"
-		if test -f "$dir/include/openssl/ssl.h"; then
-			found_ssl=yes
-			CFLAGS="$CFLAGS -I$dir/include/openssl -I$ssldir/include"
-			sslincdir="$dir/include/openssl"
-		        break
-		fi
-		if test -f "$dir/include/ssl.h"; then
-			found_ssl=yes
-			CFLAGS="$CFLAGS -I$dir/include"
-			sslincdir="$dir/include"
-		        break
-		fi
-		if test -f "$dir/ssl.h"; then
-			found_ssl=yes
-			CFLAGS="$CFLAGS -I$dir"
-			sslincdir="$dir"
-			ssldir="$dir/.."
-		        break
-		fi
-		if test -f "$dir/openssl/ssl.h"; then
-			found_ssl=yes
-			CFLAGS="$CFLAGS -I$dir/openssl"
-			sslincdir="$dir/openssl"
-			ssldir="$dir/.."
-		        break
-		fi
-	done
-
-	if test x_$found_ssl != x_yes; then
-        	AC_MSG_ERROR(Cannot find ssl headers)
-	else
-
-	        printf "SSL headers found in $ssldir\n";
-
-		dnl Now try and find SSL libraries
-		AC_MSG_CHECKING(for SSL libraries)
-		found_ssl=no
-		for dir in $ssl_lib_dir $ssl_dir /usr/lib64 /usr/lib /usr/local/lib /usr/lib/ssl /usr/ssl/lib /usr/openssl/lib /usr/pkg/lib  /usr/freeware/lib/openssl /usr/sfw/lib /opt/freeware/lib; do
-			ssllibdir="$dir"
-			if test "`uname -s`" = "Darwin" ; then
-				soext="dylib"
-			elif test "`uname -s`" = "HP-UX" ; then
-				soext="sl"
-			else
-				soext="so"
-			fi
-			if test -f "$dir/libssl.$soext"; then
-				found_ssl=yes
-			        break
-			fi
-		done	
-
-		if test x_$found_ssl != x_yes; then
-        		AC_MSG_ERROR(Cannot find ssl libraries)
-		else
-		        printf "SSL libraries found in $ssllibdir\n";
-
-			LDFLAGS="$LDFLAGS -L$ssllibdir";
-		        LIBS="$LIBS -lssl -lcrypto";
-
-			AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
-			AC_SUBST(HAVE_SSL)
-	
-			dnl Generate DH parameters
-			echo ""
-			echo "*** Generating DH Parameters for SSL/TLS ***"
-			if test -f "$ssldir/sbin/openssl"; then
-				sslbin=$ssldir/sbin/openssl
-			else
-				sslbin=$ssldir/bin/openssl
-			fi
-			# awk to strip off meta data at bottom of dhparam output
-			$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
-		fi
-	fi
-
-	dnl RedHat 8.0 and 9.0 include openssl compiled with kerberos, so we must include header file
-	AC_MSG_CHECKING(for Kerberos include files)
-	found_kerberos=no
-	for dir in $kerberos_inc_dir /usr/kerberos/include; do
-		kerbdir="$dir"
-		if test -f "$dir/krb5.h"; then
-			found_kerberos=yes
-			CFLAGS="$CFLAGS -I$kerbdir"
-			AC_DEFINE_UNQUOTED(HAVE_KRB5_H,[1],[Have the krb5.h header file])
-			dnl AC_CHECK_HEADERS(krb5.h)
-			break
-		fi
-	done
-
-	if test x_$found_kerberos != x_yes; then
-		printf "could not find include files\n";
-	else
-		printf "found Kerberos include files in $kerbdir\n";
-	fi
-	
-
-fi
-
-AC_ARG_WITH([log_facility],
-	AS_HELP_STRING([--with-log-facility=<facility>],
-		[sets NRPE syslog facility]),
-	[log_facility=$withval],
-	[log_facility=daemon])
-AC_SUBST(log_facility)
-AC_DEFINE_UNQUOTED(NRPE_LOG_FACILITY,["$log_facility"],[NRPE syslog facility])
-
-AC_ARG_WITH([nrpe_user],
-	AS_HELP_STRING([--with-nrpe-user=<user>],[sets user name to run NRPE]),
-	[nrpe_user=$withval],
-	[nrpe_user=nagios])
-
-AC_ARG_WITH([nrpe_group],
-	AS_HELP_STRING([--with-nrpe-group=<group>],[sets group name to run NRPE]),
-	[nrpe_group=$withval],
-	[nrpe_group=nagios])
-
-AC_ARG_WITH([nrpe_port],
-	AS_HELP_STRING([--with-nrpe-port=<port>],
-		[sets port number for NRPE to listen on]),
-	[nrpe_port=$withval],
-	[nrpe_port=5666])
-AC_SUBST(nrpe_user)
-AC_SUBST(nrpe_group)
-NRPE_INSTALL_OPTS="-o $nrpe_user -g $nrpe_group"
-AC_SUBST(NRPE_INSTALL_OPTS)
-AC_SUBST(nrpe_port)
-AC_DEFINE_UNQUOTED(DEFAULT_SERVER_PORT,$nrpe_port,[Default port for NRPE daemon])
-
-AC_ARG_WITH([nagios_user],
-	AS_HELP_STRING([--with-nagios-user=<user>],
-		[sets user name for file permissions]),
-	[nagios_user=$withval],
-	[nagios_user=nagios])
-AC_ARG_WITH([nagios_group],
-	AS_HELP_STRING([--with-nagios-group=<grp>],
-		[sets group name file permissions]),
-	[nagios_group=$withval],
-	[nagios_group=nagios])
-AC_SUBST(nagios_user)
-AC_SUBST(nagios_group)
-NAGIOS_INSTALL_OPTS="-o $nagios_user -g $nagios_group"
-AC_SUBST(NAGIOS_INSTALL_OPTS)
-
-# Determine target OS, version and architecture for package build macros
-if test "x$target_ver" = "x" ; then
-	TARGET_VER=`uname -r`
-else
-	TARGET_VER=$target_ver
-fi
-AC_SUBST(TARGET_VER)
-if test "x$target_os" = "x" ; then
-	TARGET_OS=`uname -s`
-else
-	TARGET_OS=$target_os
-fi
-AC_SUBST(TARGET_OS)
-if test "x$target_cpu" = "x" ; then
-	TARGET_ARCH=`uname -p`
-else
-	TARGET_ARCH=$target_cpu
-fi
-AC_SUBST(TARGET_ARCH)
-TARGET_PLATFORM=""
-if test "x$TARGET_OS" = "xSunOS" ; then
-	if test "x$TARGET_VER" = "x5.10" ; then
-		TARGET_PLATFORM="sol10"
-	fi
-fi
-AC_SUBST(TARGET_PLATFORM)
-
-AC_ARG_ENABLE([command-args],
-	AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments.  *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]),
-	AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]))
-
-AC_ARG_ENABLE([bash-command-substitution],
-	AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command).  *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]),
-	AC_DEFINE_UNQUOTED(ENABLE_BASH_COMMAND_SUBSTITUTION,[1],[Enable bash command substitution]))
-
-
-AC_PATH_PROG(PERL,perl)
-AC_OUTPUT()
-
-perl subst init-script
-perl subst init-script.debian
-perl subst init-script.suse
-perl subst sample-config/nrpe.cfg
-perl subst sample-config/nrpe.xinetd
-
-
-dnl Review options
-echo ""
-echo ""
-AC_MSG_RESULT([*** Configuration summary for $PKG_NAME $PKG_VERSION $PKG_REL_DATE ***:])
-
-echo ""
-echo " General Options:"
-echo " -------------------------"
-
-AC_MSG_RESULT([ NRPE port:    $nrpe_port])
-AC_MSG_RESULT([ NRPE user:    $nrpe_user])
-AC_MSG_RESULT([ NRPE group:   $nrpe_group])
-AC_MSG_RESULT([ Nagios user:  $nagios_user])
-AC_MSG_RESULT([ Nagios group: $nagios_group])
-
-
-echo ""
-echo ""
-echo "Review the options above for accuracy.  If they look okay,"
-echo "type 'make all' to compile the NRPE daemon and client."
-echo ""

include/common.h

@@ -1,92 +0,0 @@
-/************************************************************************
- *
- * COMMON.H - NRPE Common Include File
- * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 09-06-2013
- *
- * License:
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- ************************************************************************/
-
-#include "config.h"
-
-#define PROGRAM_VERSION "2.15"
-#define MODIFICATION_DATE "09-06-2013"
-
-#define OK		0
-#define ERROR		-1
-
-#define TRUE		1
-#define FALSE		0
-
-#define STATE_UNKNOWN  	3	/* service state return codes */
-#define	STATE_CRITICAL 	2
-#define STATE_WARNING 	1
-#define STATE_OK       	0
-
-
-#define DEFAULT_SOCKET_TIMEOUT	10	/* timeout after 10 seconds */
-#define DEFAULT_CONNECTION_TIMEOUT 300	/* timeout if daemon is waiting for connection more than this time */
-
-#define MAX_INPUT_BUFFER	2048	/* max size of most buffers we use */
-#define MAX_FILENAME_LENGTH     256
-
-#define MAX_HOST_ADDRESS_LENGTH	256	/* max size of a host address */
-
-#define NRPE_HELLO_COMMAND      "_NRPE_CHECK"
-
-#define MAX_COMMAND_ARGUMENTS   16
-
-
-/**************** PACKET STRUCTURE DEFINITION **********/
-
-#define QUERY_PACKET		1		/* id code for a packet containing a query */
-#define	RESPONSE_PACKET		2		/* id code for a packet containing a response */
-
-#define NRPE_PACKET_VERSION_3   3               /* packet version identifier */
-#define NRPE_PACKET_VERSION_2   2               
-#define NRPE_PACKET_VERSION_1	1		/* older packet version identifiers (no longer supported) */
-
-#define MAX_PACKETBUFFER_LENGTH	1024		/* max amount of data we'll send in one query/response */
-
-typedef struct packet_struct{
-	int16_t   packet_version;
-	int16_t   packet_type;
-	u_int32_t crc32_value;
-	int16_t   result_code;
-	char      buffer[MAX_PACKETBUFFER_LENGTH];
-        }packet;
-
-/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
-#if defined(__sun) || defined(__hpux)
-
-#  ifndef LOG_AUTHPRIV
-#    define LOG_AUTHPRIV LOG_AUTH
-#  endif
-
-#  ifndef LOG_FTP
-#    define LOG_FTP LOG_DAEMON
-#  endif
-
-#elif _AIX
-
-#  include <sys/select.h>
-
-#  ifndef LOG_FTP
-#    define LOG_FTP LOG_DAEMON
-#  endif
-
-#endif

include/common.h.in

@@ -0,0 +1,96 @@
+/************************************************************************
+ *
+ * COMMON.H - NRPE Common Include File
+ * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
+ * Last Modified: 06-07-2016
+ *
+ * License:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ ************************************************************************/
+
+#include "config.h"
+
+#ifdef HAVE_SSL
+#include <@SSL_INC_PREFIX@@SSL_HDR@>
+#endif
+
+#define PROGRAM_VERSION "nrpe-3.0-PRE2"
+#define MODIFICATION_DATE "06-07-2016"
+
+#define OK							0
+#define ERROR						-1
+
+#define TRUE						1
+#define FALSE						0
+
+#define STATE_UNKNOWN				3		/* service state return codes */
+#define	STATE_CRITICAL				2
+#define STATE_WARNING				1
+#define STATE_OK					0
+
+
+#define DEFAULT_SOCKET_TIMEOUT		10		/* timeout after 10 seconds */
+#define DEFAULT_CONNECTION_TIMEOUT	300		/* timeout if daemon is waiting for connection more than this time */
+
+#define MAX_INPUT_BUFFER			2048	/* max size of most buffers we use */
+#define MAX_FILENAME_LENGTH			256
+#define MAX_HOST_ADDRESS_LENGTH		256		/* max size of a host address */
+#define MAX_COMMAND_ARGUMENTS		16
+
+#define NRPE_HELLO_COMMAND			"_NRPE_CHECK"
+
+/**************** PACKET STRUCTURE DEFINITION **********/
+
+#define QUERY_PACKET				1		/* id code for a packet containing a query */
+#define	RESPONSE_PACKET				2		/* id code for a packet containing a response */
+#define NRPE_PACKET_VERSION_3		3		/* packet version identifier */
+#define NRPE_PACKET_VERSION_2		2
+#define NRPE_PACKET_VERSION_1		1		/* older packet version identifiers (no longer supported) */
+
+#define MAX_PACKETBUFFER_LENGTH		1024	/* amount of data to send in one query/response vor version 2 */
+
+typedef struct _v2_packet {
+	int16_t		packet_version;
+	int16_t		packet_type;
+	u_int32_t	crc32_value;
+	int16_t		result_code;
+	char		buffer[MAX_PACKETBUFFER_LENGTH];
+} v2_packet;
+typedef struct _v3_packet {
+	int16_t		packet_version;
+	int16_t		packet_type;
+	u_int32_t	crc32_value;
+	int16_t		result_code;
+	int16_t		alignment;
+	int32_t		buffer_length;
+	char		buffer[1];
+} v3_packet;
+
+/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
+#if defined(__sun) || defined(__hpux)
+
+# ifndef LOG_AUTHPRIV
+#  define LOG_AUTHPRIV LOG_AUTH
+# endif
+# ifndef LOG_FTP
+#  define LOG_FTP LOG_DAEMON
+# endif
+#elif defined(_AIX)
+# include <sys/select.h>
+# ifndef LOG_FTP
+#  define LOG_FTP LOG_DAEMON
+# endif
+#endif

include/config.h.in

@@ -33,26 +33,27 @@
 #define NRPE_LOG_FACILITY       @log_facility@
 
 #undef ENABLE_COMMAND_ARGUMENTS
-
 #undef ENABLE_BASH_COMMAND_SUBSTITUTION
-
 #undef socklen_t
-
 #undef HAVE_GETOPT_LONG
-
 #undef HAVE_LIBWRAP
-
 #undef STDC_HEADERS
 #undef HAVE_STRDUP
 #undef HAVE_STRSTR
-#undef HAVE_STRTOUL 
+#undef HAVE_STRTOUL
+#undef HAVE_STRTOK_R
 #undef HAVE_INITGROUPS
 #undef HAVE_CLOSESOCKET
+#undef HAVE_SIGACTION
+#undef HAVE_RFC931_TIMEOUT
 
 #undef SIZEOF_INT
 #undef SIZEOF_SHORT
 #undef SIZEOF_LONG
 
+/* #undef const */
+#undef USE_SSL_DH
+
 /* stupid stuff for u_int32_t */
 #undef U_INT32_T_IS_USHORT
 #undef U_INT32_T_IS_UINT
@@ -99,10 +100,16 @@ typedef int int32_t;
 #undef HAVE___VA_COPY
 
 
-
 #define SOCKET_SIZE_TYPE ""
 #define GETGROUPS_T ""
 #define RETSIGTYPE ""
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* Use seteuid() or setresuid() depending on the platform */
+#undef SETEUID
+
+/* Is this a Solaris 10 machine? */
+#undef SOLARIS_10
 
 #undef HAVE_GETOPT_H
 #ifdef HAVE_GETOPT_H
@@ -223,7 +230,7 @@ typedef int int32_t;
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
- 
+
 #undef HAVE_GRP_H
 #ifdef HAVE_GRP_H
 #include <grp.h>
@@ -235,15 +242,6 @@ typedef int int32_t;
 #endif
 
 #undef HAVE_SSL
-#ifdef HAVE_SSL
-#include <rsa.h>
-#include <crypto.h>
-#include <dh.h>
-#include <pem.h>
-#include <ssl.h>
-#include <err.h>
-#include <rand.h>
-#endif
 
 #undef HAVE_KRB5_H
 #ifdef HAVE_KRB5_H

include/nrpe.h

@@ -22,44 +22,48 @@
  *
  ************************************************************************/
 
- /*
-  * 08-10-2011 IPv4 subnetworks support added.
-  * Main change in nrpe.c is that is_an_allowed_host() moved to acl.c
-  *
-  */
-
 /**************** COMMAND STRUCTURE DEFINITION **********/
 
-typedef struct command_struct{
-	char *command_name;
-	char *command_line;
-	struct command_struct *next;
-        }command;
+typedef struct command_struct {
+	char					*command_name;
+	char					*command_line;
+	struct command_struct	*next;
+} command;
 
-int process_arguments(int,char **);
-void wait_for_connections(void);
-void handle_connection(int);
+int init(void);
+void init_ssl(void);
+void log_ssl_startup(void);
+void usage(int);
+void run_inetd(void);
+void run_src(void);
+void run_daemon(void);
+void set_stdio_sigs(void);
+void cleanup(void);
 int read_config_file(char *);
 int read_config_dir(char *);
 int get_log_facility(char *);
 int add_command(char *,char *);
 command *find_command(char *);
-void sighandler(int);
-int drop_privileges(char *,char *);
-int check_privileges(void);
-
-int write_pid_file(void);
-int remove_pid_file(void);
-
+void create_listener(struct addrinfo *ai);
+void wait_for_connections(void);
+void setup_wait_conn(void);
+int wait_conn_fork(int sock);
+void conn_check_peer(int sock);
+void handle_connection(int);
+void init_handle_conn(void);
+int handle_conn_ssl(int sock, void *ssl_ptr);
+int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt);
 void free_memory(void);
-int validate_request(packet *);
-int contains_nasty_metachars(char *);
-int process_macros(char *,char *,int);
-int my_system(char *,int,int *,char *,int);            	/* executes a command via popen(), but also protects against timeouts */
+int my_system(char*, int, int*, char**);	/* executes a command via popen(), but also protects against timeouts */
 void my_system_sighandler(int);				/* handles timeouts when executing commands via my_system() */
 void my_connection_sighandler(int);			/* handles timeouts of connection */
-
+int drop_privileges(char *,char *, int);
+int write_pid_file(void);
+int remove_pid_file(void);
+int check_privileges(void);
 void sighandler(int);
 void child_sighandler(int);
-
-
+int validate_request(v2_packet *, v3_packet *);
+int contains_nasty_metachars(char *);
+int process_macros(char *,char *,int);
+int process_arguments(int,char **);

include/utils.h

@@ -29,35 +29,27 @@
  *
  ************************************************************************************************/
 
-#ifndef _UTILS_H
-#define _UTILS_H
+#ifndef NRPE_UTILS_H_INCLUDED
+#define NRPE_UTILS_H_INCLUDED
 
 #include "../include/config.h"
 
-
 void generate_crc32_table(void);
-unsigned long calculate_crc32(char *, int);
-
-void randomize_buffer(char *,int);
-
-int my_tcp_connect(char *,int,int *);
-int my_connect(const char *, struct sockaddr_storage *, u_short, int, 
-		const char *);
-
-void add_listen_addr(struct addrinfo **, int, char *, int);
-
-void strip(char *);
-
-int sendall(int,char *,int *);
-int recvall(int,char *,int *,int);
-
-char *my_strsep(char **,const char *);
-
+unsigned long calculate_crc32(char*, int);
+void randomize_buffer(char*,int);
+int my_tcp_connect(char*, int, int*);
+#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
+int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*);
+#else
+int my_connect(const char*, struct sockaddr*, u_short, int, const char*);
+#endif
+void add_listen_addr(struct addrinfo**, int, char*, int);
+int clean_environ(const char *keep_env_vars, const char *nrpe_user);
+char* strip(char*);
+int sendall(int, char*, int*);
+int recvall(int, char*, int*, int);
+char *my_strsep(char**, const char*);
+int b64_decode(unsigned char *encoded);
 void display_license(void);
 
 #endif
-
-
-
-
-

init-script.debian.in

@@ -1,34 +0,0 @@
-#!/bin/sh
-# Start/stop the nrpe daemon.
-#
-# Contributed by Andrew Ryder 06-22-02
-# Slight mods by Ethan Galstad 07-09-02
-
-NrpeBin=@bindir@/nrpe
-NrpeCfg=@sysconfdir@/nrpe.cfg
-
-test -f $NrpeBin || exit 0
-
-case "$1" in
-start)	echo -n "Starting nagios remote plugin daemon: nrpe"
-        start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
-        echo "." 
-	;;
-stop)	echo -n "Stopping nagios remote plugin daemon: nrpe"
-        start-stop-daemon --stop --quiet --exec $NrpeBin
-        echo "."
-        ;;
-restart) echo -n "Restarting nagios remote plugin daemon: nrpe"
-        start-stop-daemon --stop --quiet --exec $NrpeBin
-        start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
-        echo "."
-        ;;
-reload|force-reload) echo -n "Reloading configuration files for nagios remote plugin daemon: nrpe"
-	# nrpe reloads automatically
-        echo "."
-        ;;
-*)	echo "Usage: /etc/init.d/nrpe start|stop|restart|reload|force-reload"
-        exit 1 
-        ;;
-esac
-exit 0

init-script.in

@@ -1,62 +0,0 @@
-#!/bin/sh
-#
-#  Created 2000-01-03 by jaclu@grm.se
-#
-# nrpe          This shell script takes care of starting and stopping
-#               nrpe.
-#
-# chkconfig: 2345 80 30
-# description: nrpe is a daemon for a remote nagios server, \
-#              running nagios plugins on this host.
-# processname: nrpe
-# config: /usr/local/nagios/etc/nrpe.cfg
-
-
-# Source function library
-if [ -f /etc/rc.d/init.d/functions ]; then
-. /etc/rc.d/init.d/functions
-elif [ -f /etc/init.d/functions ]; then
-. /etc/init.d/functions
-elif [ -f /etc/rc.d/functions ]; then
-. /etc/rc.d/functions
-fi
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-# Check that networking is up.
-[ ${NETWORKING} = "no" ] && exit 0
-
-NrpeBin=@bindir@/nrpe
-NrpeCfg=@sysconfdir@/nrpe.cfg
-LockFile=/var/lock/subsys/nrpe
-
-# See how we were called.
-case "$1" in
-  start)
-	# Start daemons.
-	echo -n "Starting nrpe: "
-	daemon $NrpeBin -c $NrpeCfg -d
-	echo
-	touch $LockFile
-	;;
-  stop)
-	# Stop daemons.
-	echo -n "Shutting down nrpe: "
-	killproc nrpe
-	echo
-	rm -f $LockFile
-	;;
-  restart)
-	$0 stop
-	$0 start
-	;;
-  status)
-	status nrpe
-	;;
-  *)
-	echo "Usage: nrpe {start|stop|restart|status}"
-	exit 1
-esac
-
-exit 0

init-script.suse.in

@@ -1,84 +0,0 @@
-#! /bin/sh
-# Copyright (c) 1996-2002 SuSE GmbH Nuernberg, Germany.  All rights reserved.
-# Modifications for NRPE Copyright (c) 2003 Subhendu Ghosh
-# Author: Christopher Mahmood <ckm+snmp@suse.de>, Remo Behn <ray+snmp@suse.de>
-# Modifications for NRPE: Subhendu Ghosh <sghosh@users.sourceforge.net>
-#
-# /etc/init.d/nrpe
-#
-### BEGIN INIT INFO
-# Provides:            nrpe
-# Required-Start:      $network
-# Required-Stop:
-# Default-Start:       2 3 5
-# Default-Stop:        0 1 6
-# Description:         start nrpe
-### END INIT INFO
-
-NRPEBIN=@bindir@/nrpe
-NRPECFG=@sysconfdir@/nrpe.cfg
-
-test -x $NRPEBIN || exit 5
-
-# Shell functions sourced from /etc/rc.status:
-#      rc_check         check and set local and overall rc status
-#      rc_status        check and set local and overall rc status
-#      rc_status -v     ditto but be verbose in local rc status
-#      rc_status -v -r  ditto and clear the local rc status
-#      rc_failed        set local and overall rc status to failed
-#      rc_failed <num>  set local and overall rc status to <num><num>
-#      rc_reset         clear local rc status (overall remains)
-#      rc_exit          exit appropriate to overall rc status
-. /etc/rc.status
-
-# First reset status of this service
-rc_reset
-
-# Return values acc. to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-# 
-# Note that starting an already running service, stopping
-# or restarting a not-running service as well as the restart
-# with force-reload (in case signalling is not supported) are
-# considered a success.
-
-
-case "$1" in
-    start)
-	echo -n "Starting nrpe:"
-	startproc $NRPEBIN -c $NRPECFG -d
-	rc_status -v
-	rc_reset
-
-	;;
-    stop)
-	echo -n "Shutting down nrpe:"
-	killproc -TERM $NRPEBIN
-	rc_status -v ; rc_reset
-	;;
-    restart)
-	$0 stop
-	$0 start
-	rc_status
-	;;
-    status)
-	echo -n "Checking for service nrpe:"
-	checkproc $NRPEBIN
-	rc_status -v
-	rc_reset
-
-	;;
-    *)
-	echo "Usage: $0 {start|stop|restart|status}"
-	exit 1
-	;;
-esac
-rc_exit
-

install-sh

@@ -1,250 +0,0 @@
-#! /bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
-#
-# Copyright 1991 by the Massachusetts Institute of Technology
-#
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-	-c) instcmd="$cpprog"
-	    shift
-	    continue;;
-
-	-d) dir_arg=true
-	    shift
-	    continue;;
-
-	-m) chmodcmd="$chmodprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-o) chowncmd="$chownprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-g) chgrpcmd="$chgrpprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-s) stripcmd="$stripprog"
-	    shift
-	    continue;;
-
-	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
-	    shift
-	    continue;;
-
-	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-	    shift
-	    continue;;
-
-	*)  if [ x"$src" = x ]
-	    then
-		src=$1
-	    else
-		# this colon is to work around a 386BSD /bin/sh bug
-		:
-		dst=$1
-	    fi
-	    shift
-	    continue;;
-    esac
-done
-
-if [ x"$src" = x ]
-then
-	echo "install:	no input file specified"
-	exit 1
-else
-	true
-fi
-
-if [ x"$dir_arg" != x ]; then
-	dst=$src
-	src=""
-	
-	if [ -d $dst ]; then
-		instcmd=:
-	else
-		instcmd=mkdir
-	fi
-else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
-# if $src (and thus $dsttmp) contains '*'.
-
-	if [ -f $src -o -d $src ]
-	then
-		true
-	else
-		echo "install:  $src does not exist"
-		exit 1
-	fi
-	
-	if [ x"$dst" = x ]
-	then
-		echo "install:	no destination specified"
-		exit 1
-	else
-		true
-	fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-	if [ -d $dst ]
-	then
-		dst="$dst"/`basename $src`
-	else
-		true
-	fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='	
-'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
-	pathcomp="${pathcomp}${1}"
-	shift
-
-	if [ ! -d "${pathcomp}" ] ;
-        then
-		$mkdirprog "${pathcomp}"
-	else
-		true
-	fi
-
-	pathcomp="${pathcomp}/"
-done
-fi
-
-if [ x"$dir_arg" != x ]
-then
-	$doit $instcmd $dst &&
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
-else
-
-# If we're going to rename the final executable, determine the name now.
-
-	if [ x"$transformarg" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		dstfile=`basename $dst $transformbasename | 
-			sed $transformarg`$transformbasename
-	fi
-
-# don't allow the sed command to completely eliminate the filename
-
-	if [ x"$dstfile" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		true
-	fi
-
-# Make a temp file name in the proper directory.
-
-	dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
-	$doit $instcmd $src $dsttmp &&
-
-	trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
-
-# Now rename the file to the real destination.
-
-	$doit $rmcmd -f $dstdir/$dstfile &&
-	$doit $mvcmd $dsttmp $dstdir/$dstfile 
-
-fi &&
-
-
-exit 0

macros/.gitignore

@@ -0,0 +1 @@
+nbproject/

macros/LICENSE

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {description}
+    Copyright (C) {year}  {fullname}
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  {signature of Ty Coon}, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

macros/README.md

@@ -0,0 +1,167 @@
+autoconf-macros README
+======================
+
+Sections below are: Purpose, Contents, Usage, References
+
+
+
+##Purpose
+
+The purpose of Nagios autoconf-macros is to have a central place for
+autoconf macros that can be maintained in one place, but be used by any
+of the Nagios software. It is intended to be used as a git subtree.
+See the Usage and References section below.
+
+Since this project will be included in several parent projects, any
+changes must be as project-neutral as possible.
+
+
+
+## Contents
+
+The collection consists of the following macros:
+
+### AX_NAGIOS_GET_OS alias AC_NAGIOS_GET_OS
+
+> Output Variable : opsys
+
+This macro detects the operating system, and transforms it into a generic
+label. The most common OS's that use Nagios software are recognized and
+used in subsequent macros.
+
+### AX_NAGIOS_GET_DISTRIB_TYPE alias AC_NAGIOS_GET_DISTRIB_TYPE
+
+> Output Variables : dist_type, dist_ver
+
+This macro detects the distribution type. For Linux, this would be rh
+(for Red Hat and derivitives), suse (OpenSUSE, SLES, derivitives), gentoo
+(Gentoo and derivitives), debian (Debian and derivitives), and so on.
+For BSD, this would be openbsd, netbsd, freebsd, dragonfly, etc. It can
+also be aix, solaris, osx, and so on for Unix operating systems.
+
+### AX_NAGIOS_GET_INIT alias AC_NAGIOS_GET_INIT
+
+> Output Variable : init_type
+
+This macro detects what software is used to start daemons on bootup
+or on request, generally knows as the "init system". The init_type
+will generally be one of sysv (many), bsd (Slackware), newbsd (*BSD),
+launchd (OS X), smf10 or smf11 (Solaris), systemd (newer Linux),
+gentoo (older Gentoo), upstart (several), or unknown.
+
+### AX_NAGIOS_GET_INETD alias AC_NAGIOS_GET_INETD
+
+> Output Variable : inetd_type
+
+This macro detects what software is used to start daemons or services
+on demand, which historically has been "inetd". The inetd_type
+will generally be one of inetd, xinetd, launchd (OS X), smf10 or smf11
+(Solaris), systemd (newer Linux), upstart (several), or unknown.
+
+### AX_NAGIOS_GET_PATHS alias AC_NAGIOS_GET_PATHS
+
+> Output Variables : many!
+
+This macro determines the installation paths for binaries, config files,
+PID files, and so on. For a "standard" install of Nagios, NRPE, NDO Utils,
+etc., most will be in the /usr/local/nagios hierarchy with startup files
+located in /etc. For distributions or software repositories, the
+"--enable-install-method=os" option can be used. This will determine the
+O/S dependant directories, such as /usr/bin, /usr/sbin, /var/lib/nagios,
+/usr/lib/nagios, etc. or for OS X, /Library/LaunchDaemons.
+
+### AX_NAGIOS_GET_FILES alias AC_NAGIOS_GET_FILES
+
+> Output Variables : src_init, src_inetd, src_tmpfile
+
+Each Nagios project will have a top-level directory named "/startup/".
+In that directory will be "*.in" files for the various "init_type" and
+"inetd_type" systems. This macro will determine which file(s) from
+that directory will be needed.
+
+### AX_NAGIOS_GET_SSL alias AC_NAGIOS_GET_SSL
+
+> Output Variables : HAVE_KRB5_H, HAVE_SSL, SSL_INC_DIR, SSL_LIB_DIR, CFLAGS, LDFLAGS, LIBS
+
+This macro checks various directories for SSL libraries and header files.
+The searches are based on known install locations on various operating
+systems and distributions, for openssl, gnutls-openssl, and nss_compat_ossl.
+If it finds the headers and libraries, it will then do an `AC_LINK_IFELSE`
+on a simple program to make sure a compile and link will work correctly.
+
+
+
+## Usage
+
+This repo is intended to be used as a git subtree, so changes will
+automatically propogate, and still be reasonably easy to use.
+
+* First, Create, checkout, clone, or branch your project. If you do an
+`ls -AF` it might look something like this:
+
+           .git/      .gitignore    ChangeLog   LICENSE   Makefile.in
+           README     configure.ac  include/    src/
+
+* Then make a reference to _this_ project inside your project.
+
+           git remote add autoconf-macros git@github.com:NagiosEnterprises/autoconf-macros
+           git subtree add --prefix=macros/ autoconf-macros master
+
+* After executing the above two commands, if you do an `ls -AF` now,
+it should look like this:
+
+           .git/      .gitignore    ChangeLog   LICENSE   Makefile.in
+           README     configure.ac  include/    macros/   src/
+The `macros/` directory has been added.
+
+* Now do a `git push` to save everything.
+
+* If you make any changes to autoconf-macros, commit them separately
+from any parent-project changes to keep from polluting the commit
+history with unrelated comments.
+
+* To submit your changes to autoconf-macros:
+
+           git subtree push --prefix=macros autoconf-macros peters-updates
+This will create a new branch called `peters-updates`. You then need to
+create a _pull request_ to get your changes merged into autoconf-macros
+master.
+
+* To get the latest version of `autoconf-macros` into your parent project:
+
+           git subtgree pull --squash --prefix=macros autoconf-macros master
+
+
+
+## References
+
+Now that autoconf-macros is available to your project, you will need to
+reference it.
+
+* Create (or add these lines to) file `YourProject/aclocal.m4`
+
+           m4_include([macros/ax_nagios_get_os])
+           m4_include([macros/ax_nagios_get_distrib])
+           m4_include([macros/ax_nagios_get_init])
+           m4_include([macros/ax_nagios_get_inetd])
+           m4_include([macros/ax_nagios_get_paths])
+           m4_include([macros/ax_nagios_get_files])
+           m4_include([macros/ax_nagios_get_ssl])
+
+* In your `YourProject/configure.ac` add the following lines. A good place
+to put them would be right after any `AC_PROG_*` entries:
+
+           AC_NAGIOS_GET_OS
+           AC_NAGIOS_GET_DISTRIB_TYPE
+           AC_NAGIOS_GET_INIT
+           AC_NAGIOS_GET_INETD
+           AC_NAGIOS_GET_PATHS
+           AC_NAGIOS_GET_FILES
+
+* If you need SSL functionality, add the following to `YourProject/configure.ac`
+where you want to check for SSL:
+
+           AC_NAGIOS_GET_SSL
+
+* You will now be able to reference any of the variables in `config.h.in`
+and any files listed in the `AC_CONFIG_FILES` macro in `configure.ac`.

macros/add_group_user

@@ -0,0 +1,140 @@
+#!/bin/sh
+
+#----------------------
+# Initialize variables
+#----------------------
+dist="$1"
+uid="$2"
+gid="$3"
+rc=0
+
+#-------------------------------------
+# Check if the specified group exists
+#-------------------------------------
+group_exists(){
+	case $dist in
+		osx)	rc=`dscl . -read /Groups/$gid >/dev/null 2>&1; echo $?`	;;
+		hpux)	rc=`grget -n $gid >/dev/null 2>&1; echo $?`	;;
+		aix)	rc=`lsgroup -a $gid >/dev/null 2>&1; echo $?`	;;
+		*)		rc=`getent group $gid > /dev/null 2>&1; echo $?`	;;
+	esac
+
+	echo $rc
+}
+
+#------------------------
+# Add the specified user
+#------------------------
+add_user(){
+	rc=`id "$uid" > /dev/null 2>&1; echo $?`
+	if test $rc -eq 0; then
+		echo "User $uid already exists" > /dev/stderr
+		echo 0
+		return
+	fi
+
+	case $dist in
+		aix)
+			echo useradd -g $gid $uid > /dev/stderr
+			rc=`useradd -g $gid $uid; echo $?`
+			;;
+
+		hpux)
+			echo useradd -m -g $gid $uid > /dev/stderr
+			rc=`useradd -m -g $gid $uid; echo $?`
+			;;
+
+		solaris)
+			echo useradd -m -d /export/home/$uid -g $gid $uid > /dev/stderr
+			rc=`useradd -m -d /export/home/$uid -g $gid $uid; echo $?`
+			;;
+
+		osx)
+			newid=`dscl . -list /Users UniqueID | tr -s ' ' | cut -d' ' -f2 | sort -n | tail -1`
+			newid=`expr 1 + $newid`
+			echo dscl . -create /Users/$uid > /dev/stderr
+			dscl . -create /Users/$uid
+			echo dscl . -create /Users/$uid UniqueID $newid > /dev/stderr
+			dscl . -create /Users/$uid UniqueID $newid
+			echo dscl . -create /Users/$uid UserShell /usr/bin/false > /dev/stderr
+			dscl . -create /Users/$uid UserShell /usr/bin/false
+			echo dscl . -create /Users/$uid PrimaryGroupID 20 > /dev/stderr
+			dscl . -create /Users/$uid PrimaryGroupID 20
+			echo dscl . -append /Groups/$gid GroupMembership $uid > /dev/stderr
+			rc=`dscl . -append /Groups/$gid GroupMembership $uid; echo $?`
+			;;
+
+		freebsd)
+			echo pw add user $uid -g $gid -s /usr/bin/false > /dev/stderr
+			rc=`pw add user $uid -g $gid -s /usr/bin/false; echo $?`
+			;;
+
+		netbsd|openbsd)
+			echo useradd -g $gid $uid > /dev/stderr
+			rc=`useradd -g $gid $uid; echo $?`
+			;;
+
+		*)
+			echo useradd -r -g $gid $uid > /dev/stderr
+			rc=`useradd -r -g $gid $uid; echo $?`
+			;;
+	esac
+
+	echo $rc
+}
+
+#-------------------------
+# Add the specified group
+#-------------------------
+add_group(){
+	rc=`group_exists`
+	if test $rc -eq 0; then
+		echo "Group $gid already exists" > /dev/stderr
+		echo 0
+		return
+	fi
+
+	case $dist in
+		aix)
+			echo mkgroup $gid > /dev/stderr
+			rc=`mkgroup "$gid"; echo $?`
+			;;
+
+		hpux|solaris)
+			echo groupadd $gid > /dev/stderr
+			rc=`groupadd "$gid"; echo $?`
+			;;
+
+		osx)
+			newid=`dscl . -list /Groups gid | tr -s ' ' | cut -d' ' -f2 | sort -n | tail -1`
+			newid=`expr 1 + $newid`
+			echo dscl . -create /Groups/$gid gid $newid > /dev/stderr
+			rc=`dscl . -create /Groups/$gid gid $newid; echo $?`
+			;;
+
+		freebsd)
+			echo pw add group $gid > /dev/stderr
+			rc=`pw add group $gid; echo $?`
+			;;
+
+		netbsd|openbsd)
+			echo groupadd $gid > /dev/stderr
+			rc=`groupadd $gid; echo $?`
+			;;
+
+		*)
+			echo groupadd -r $gid > /dev/stderr
+			rc=`groupadd -r $gid; echo $?`
+			;;
+	esac
+
+	echo $rc
+}
+
+
+rc=`add_group`
+if test $rc -ne 0; then
+	exit 1;
+fi
+rc=`add_user`
+exit $rc

macros/ax_nagios_get_distrib

@@ -0,0 +1,158 @@
+# ===========================================================================
+# SYNOPSIS
+#
+#   AX_NAGIOS_GET_DISTRIB_TYPE
+#
+# DESCRIPTION
+#
+#    This macro determines the O/S distribution of the computer it is run on.
+#    $dist_type will be set and will be one of:
+#        unknown (could not be determined)
+#        freebsd, netbsd, openbsd, dragonfly, etc (The BSDs)
+#        suse, rh, debian, gentoo (and possibly their descendants)
+#        Other major Linux distributions (and possibly their descendants)
+#        The O/S name for the rest
+#
+# LICENSE
+#
+#    Copyright (c) 2016 Nagios Core Development Team
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+# ===========================================================================
+
+AU_ALIAS([AC_NAGIOS_GET_DISTRIB_TYPE], [AX_NAGIOS_GET_DISTRIB_TYPE])
+AC_DEFUN([AX_NAGIOS_GET_DISTRIB_TYPE],
+[
+
+AC_SUBST(dist_type)
+AC_SUBST(dist_ver)
+
+#
+# Get user hints for possible cross-compile
+#
+	AC_MSG_CHECKING(what the distribution type is )
+	AC_ARG_WITH(dist-type, AC_HELP_STRING([--with-dist-type=type],
+	[specify distribution type (suse, rh, debian, etc.)]),
+		[
+			#
+			# Run this if --with was specified
+			#
+			if test "x$withval" = x -o x$withval = xno; then
+				dist_type_wanted=yes
+			else
+				dist_type_wanted=no
+				dist_type="$withval"
+				dist_ver="unknown"
+				AC_MSG_RESULT($dist_type)
+			fi
+		], [
+			#
+			# Run this if --with was not specified
+			#
+			dist_type_wanted=yes
+		])
+
+		if test x$dist_type = xno; then
+			dist_type_wanted=yes
+		elif test x$dist_type = xyes; then
+			AC_MSG_ERROR([you must enter a distribution type if '--with-dist-type' is specified])
+		fi
+
+		#
+		# Determine distribution type if it wasn't supplied
+		#
+		dist_ver="unknown"
+
+		if test $dist_type_wanted=yes; then
+			dist_type="unknown"
+
+			if test "$opsys" != "linux"; then
+				dist_type="$opsys"
+				AS_CASE([$opsys],
+					[bsd],
+						dist_type=`uname -s | tr ["[A-Z]" "[a-z]"]`
+						dist_ver=`uname -r`,
+					[aix|hp-ux],
+						dist_ver=$OSTYPE,
+					[solaris],
+						dist_ver=`echo $OSTYPE | cut -d'.' -f2`,
+					[*],
+						dist_ver=$OSTYPE
+				)
+
+			else
+
+				if test -r "/etc/gentoo-release"; then
+					dist_type="gentoo"
+					dist_ver=`cat /etc/gentoo-release`
+
+				elif test -r "/etc/os-release"; then
+					. /etc/os-release
+					if test x"$ID_LIKE" != x; then
+						dist_type=`echo $ID_LIKE | cut -d' ' -f1 | tr ["[A-Z]" "[a-z]"]`
+					elif test x"$ID" = xol; then
+						dist_type=rh
+					else
+						dist_type=`echo $ID | tr ["[A-Z]" "[a-z]"]`
+					fi
+					if test x"$dist_type" = sles; then
+						dist_type=suse
+					fi
+					if test x"$VERSION_ID" != x; then
+						dist_ver=$VERSION_ID
+					elif test x"$VERSION" != x; then
+						dist_ver=`echo $VERSION | cut -d'.' -f1 | tr -d [:alpha:][:blank:][:punct:]`
+					fi
+
+				elif test -r "/etc/redhat-release"; then
+					dist_type=rh
+					dist_ver=`cat /etc/redhat-release`
+
+				elif test -r "/etc/debian_version"; then
+					dist_type="debian"
+					if test -r "/etc/lsb-release"; then
+						. /etc/lsb-release
+						dist_ver=`echo "$DISTRIB_RELEASE"`
+					else
+						dist_ver=`cat /etc/debian_version`
+					fi
+
+				elif test -r "/etc/SuSE-release"; then
+					dist_type=suse
+					dist_ver=`grep VERSION /etc/SuSE-release`
+
+				fi
+
+			fi
+
+			if test "$dist_ver" != "unknown"; then
+				dist_ver=`echo "$dist_ver" | cut -d'.' -f1 | tr -d [:alpha:][:blank:][:punct:]`
+			fi
+		fi
+
+		AC_MSG_RESULT($dist_type)
+])

macros/ax_nagios_get_files

@@ -0,0 +1,131 @@
+# ===========================================================================
+# SYNOPSIS
+#
+#   AX_NAGIOS_GET_FILES
+#
+# DESCRIPTION
+#
+#    This macro figures out which init and/or inetd files to use based
+#    on the results of the AX_NAGIOS_GET_OS, AX_NAGIOS_GET_DISTRIB_TYPE,
+#    AX_NAGIOS_GET_INIT and AX_NAGIOS_GET_INETD macros. It will select
+#    the appropriate files(s) from the 'startup' directory and copy it.
+#
+# LICENSE
+#
+#    Copyright (c) 2016 Nagios Core Development Team
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+# ===========================================================================
+
+AU_ALIAS([AC_NAGIOS_GET_FILES], [AX_NAGIOS_GET_FILES])
+AC_DEFUN([AX_NAGIOS_GET_FILES],
+[
+
+AC_SUBST(src_init)
+AC_SUBST(src_inetd)
+AC_SUBST(src_tmpfile)
+AC_SUBST(bsd_enable)
+
+src_inetd=""
+src_init=""
+bsd_enable=""
+
+AC_MSG_CHECKING(for which init file to use )
+
+AS_CASE([$init_type],
+
+	[sysv],
+		src_init=default-init,
+
+	[systemd],
+		src_tmpfile=tmpfile.conf
+		src_init=default-service,
+
+	[bsd],
+		src_init=bsd-init,
+
+	[newbsd],
+		if test $dist_type = freebsd ; then
+			bsd_enable="_enable"
+			src_init=newbsd-init
+		elif test $dist_type = openbsd ; then
+			bsd_enable="_flags"
+			src_init=openbsd-init
+		elif test $dist_type = netbsd ; then
+			bsd_enable=""
+			src_init=newbsd-init
+		fi,
+
+#	[gentoo],
+
+	[openrc],
+		src_init=openrc-init,
+
+	[smf*],
+		src_init="solaris-init.xml"
+		src_inetd="solaris-inetd.xml",
+
+	[upstart],
+		if test $dist_type = rh ; then
+			src_init=rh-upstart-init
+		else
+			src_init=upstart-init
+		fi,
+
+	[launchd],
+		src_init="mac-init.plist"
+
+	[*],
+		src_init="unknown"
+)
+AC_MSG_RESULT($src_init)
+
+AC_MSG_CHECKING(for which inetd files to use )
+
+if test x$src_inetd = x; then
+
+	AS_CASE([$inetd_type],
+		[inetd*],
+			src_inetd=default-inetd,
+
+		[xinetd],
+			src_inetd=default-xinetd,
+
+		[systemd],
+			src_inetd=default-socket,
+
+		[launchd],
+			src_inetd="mac-inetd.plist",
+
+		[*],
+			src_inetd="unknown"
+	)
+
+fi
+AC_MSG_RESULT($src_inetd)
+
+])

macros/ax_nagios_get_inetd

@@ -0,0 +1,145 @@
+# ===========================================================================
+# SYNOPSIS
+#
+#   AX_NAGIOS_GET_INETD
+#
+# DESCRIPTION
+#
+#    This macro determines whether inetd or xinetd is being used
+#    The argument are:
+#        the init type as determined by AX_NAGIOS_GET_INIT
+#    $inetd_type will be set and will be one of:
+#        unknown (could not be determined)
+#        launchd (Mac OS X)
+#        smf10   (Solaris)
+#        smf11   (Solaris)
+#        upstart (Older Debian)
+#        xinetd  (Most Linux, BSD)
+#        inetd   (The rest)
+#
+# LICENSE
+#
+#    Copyright (c) 2016 Nagios Core Development Team
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+# ===========================================================================
+
+AU_ALIAS([AC_NAGIOS_GET_INETD], [AX_NAGIOS_GET_INETD])
+AC_DEFUN([AX_NAGIOS_GET_INETD],
+[
+
+AC_SUBST(inetd_type)
+
+#
+# Get user hints for possible cross-compile
+#
+	AC_MSG_CHECKING(what inetd is being used )
+	AC_ARG_WITH(inetd_type, AC_HELP_STRING([--with-inetd-type=type],
+	[which super-server the system runs (inetd, xinetd, systemd, launchd,
+	 smf10, smf11, etc.)]),
+		[
+			inetd_type_wanted=yes
+			#
+			# Run this if --with was specified
+			#
+			if test "x$withval" = x -o x$withval = xno; then
+				inetd_type_wanted=yes
+			else
+				inetd_type_wanted=no
+				inetd_type="$withval"
+				AC_MSG_RESULT($inetd_type)
+			fi
+		], [
+			#
+			# Run this if --with was not specified
+			#
+			inetd_type_wanted=yes
+		])
+
+		if test x$inetd_type = xno; then
+			inetd_type_wanted=yes
+		elif test x$inetd_type = xyes; then
+			AC_MSG_ERROR([you must enter an inetd type if '--with-inetd-type' is specified])
+		fi
+
+		#
+		# Determine inetd type if it wasn't supplied
+		#
+		if test $inetd_type_wanted = yes; then
+
+			inetd_disabled=""
+
+			if test x"$init_type" = "xupstart"; then
+				inetd_type="upstart"
+			elif test "$opsys" = "osx"; then
+				inetd_type="launchd"
+			fi
+
+			if test x"$inetd_type" = x; then
+				AS_CASE([$dist_type],
+					[solaris],
+						if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
+							inetd_type="$init_type"
+						else
+							inetd_type="inetd"
+						fi,
+
+					[*bsd*],
+						inetd_type=`ps -A -o comm -c | grep inetd`,
+
+					[aix|hp-ux],
+						inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
+
+					[*],
+						inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND`])
+			fi
+
+			if test x"$inetd_type" = x; then
+				if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
+					inetd_disabled="(Not running)"
+					inetd_type=xinetd
+				elif test -f /etc/inetd.conf -o -f /usr/sbin/inetd; then
+					inetd_type=inetd
+					inetd_disabled="(Not running)"
+				fi
+			fi
+
+			if test x"$inetd_type" = x; then
+				if test x"$init_type" = "xsystemd"; then
+					inetd_type="systemd"
+				else
+					inetd_type="unknown"
+				fi
+			fi
+
+			if test -n "$inetd_disabled"; then
+				AC_MSG_RESULT($inetd_type $inetd_disabled)
+			else
+				AC_MSG_RESULT($inetd_type)
+			fi
+		fi
+])

macros/ax_nagios_get_init

@@ -0,0 +1,195 @@
+# ===========================================================================
+# SYNOPSIS
+#
+#   AX_NAGIOS_GET_INIT
+#
+# DESCRIPTION
+#
+#    This macro determines the O/S distribution of the computer it is run on.
+#    $init_type will be set and will be one of:
+#        unknown (could not be determined)
+#        launchd (Mac OS X)
+#        bsd     (Slackware Linux)
+#        newbsd  (FreeBSD, OpenBSD, NetBSD, Dragonfly, etc)
+#        smf10   (Solaris)
+#        smf11   (Solaris)
+#        systemd (Linux SystemD)
+#        gentoo  (Older Gentoo)
+#        openrc  (Recent Gentoo and some others)
+#        upstart (Older Debian)
+#        sysv    (The rest)
+#
+# LICENSE
+#
+#    Copyright (c) 2016 Nagios Core Development Team
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+# ===========================================================================
+
+AU_ALIAS([AC_NAGIOS_GET_INIT], [AX_NAGIOS_GET_INIT])
+AC_DEFUN([AX_NAGIOS_GET_INIT],
+[
+
+AC_SUBST(init_type)
+
+#
+# Get user hints for possible cross-compile
+#
+	AC_MSG_CHECKING(what init system is being used )
+	AC_ARG_WITH(init_type,AC_HELP_STRING([--with-init-type=type],
+	 [specify init type (bsd, sysv, systemd, launchd, smf10, smf11, upstart,
+		openrc, etc.)]),
+		[
+			#
+			# Run this if --with was specified
+			#
+			if test "x$withval" = x -o x$withval = xno; then
+					init_type_wanted=yes
+			else
+					init_type_wanted=no
+					init_type="$withval"
+					AC_MSG_RESULT($init_type)
+			fi
+		], [
+			#
+			# Run this if --with was not specified
+			#
+			init_type_wanted=yes
+		])
+
+		if test x$init_type = xno; then
+			init_type_wanted=yes
+		elif test x$init_type = xyes; then
+			AC_MSG_ERROR([you must enter an init type if '--with-init-type' is specified])
+		fi
+
+		#
+		# Determine init type if it wasn't supplied
+		#
+		if test $init_type_wanted = yes; then
+			init_type=""
+
+			if test x"$opsys" = x; then
+				init_type="unknown"
+				init_type_wanted=no
+			elif test x"$dist_type" = x; then
+				init_type="unknown"
+				init_type_wanted=no
+			elif test "$opsys" = "osx"; then
+				init_type="launchd"
+				init_type_wanted=no
+			elif test "$opsys" = "bsd"; then
+				init_type="newbsd"
+				init_type_wanted=no
+			elif test "$dist_type" = "solaris"; then
+				if test -d "/lib/svc/manifest"; then
+					init_type="smf11"
+					init_type_wanted=no
+				elif test -d "/lib/svc/monitor"; then
+					init_type="smf10"
+					init_type_wanted=no
+				else
+					init_type="sysv"
+					init_type_wanted=no
+				fi
+			elif test "$dist_type" = "slackware"; then
+				init_type="bsd"
+				init_type_wanted=no
+			fi
+		fi
+
+		PSCMD="ps -p1 -o args"
+		AS_CASE([$dist_type],
+			[aix],		PSCMD="env UNIX95=1; ps -p1 -o args",
+			[solaris],	PSCMD="env UNIX95=1; ps -p1 -o args",
+			[hp-ux],	PSCMD="env UNIX95=1; ps -p1 -o args")
+
+		if test "$init_type_wanted" = yes; then
+			pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
+			if test x"$pid1" = "x"; then
+				init_type="unknown"
+				init_type_wanted=no
+			fi
+			if `echo $pid1 | grep "systemd" > /dev/null`; then
+				init_type="systemd"
+				init_type_wanted=no
+			fi
+
+			if test "$init_type_wanted" = yes; then
+				if test "$pid1" = "init"; then
+					if test -e "/sbin/init"; then
+						pid1="/sbin/init";
+					elif test -e "/usr/sbin/init"; then
+						pid1="/usr/sbin/init"
+					else
+						init_type="unknown"
+						init_type_wanted=no
+					fi
+				fi
+				if test -L "$pid1"; then
+					pid1=`readlink "$pid1"`
+				fi
+			fi
+
+			if test "$init_type_wanted" = yes; then
+				if `echo $pid1 | grep "systemd" > /dev/null`; then
+					init_type="systemd"
+					init_type_wanted=no
+				elif test -f "/sbin/rc"; then
+					if test -f /sbin/runscript; then
+						init_type_wanted=no
+						if `/sbin/start-stop-daemon -V | grep "OpenRC" > /dev/null`; then
+							init_type="openrc"
+						else
+							init_type="gentoo"
+						fi
+					fi
+				fi
+			fi
+
+			if test "$init_type_wanted" = yes; then
+				if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
+					if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
+						init_type="upstart"
+						init_type_wanted=no
+					elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
+						init_type="newbsd"
+						init_type_wanted=no
+					else
+						init_type="sysv"
+						init_type_wanted=no
+					fi
+				fi
+			fi
+
+			if test "$init_type_wanted" = yes; then
+				init_type="unknown"
+			fi
+		fi
+
+		AC_MSG_RESULT($init_type)
+])

macros/ax_nagios_get_os

@@ -0,0 +1,101 @@
+# ===========================================================================
+# SYNOPSIS
+#
+#   AX_NAGIOS_GET_OS
+#
+# DESCRIPTION
+#
+#    This macro determines the operating system of the computer it is run on.
+#
+# LICENSE
+#
+#    Copyright (c) 2016 Nagios Core Development Team
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+# ===========================================================================
+
+AU_ALIAS([AC_NAGIOS_GET_OS], [AX_NAGIOS_GET_OS])
+AC_DEFUN([AX_NAGIOS_GET_OS],
+[
+
+AC_SUBST(opsys)
+AC_SUBST(arch)
+
+#
+# Get user hints
+#
+	AC_MSG_CHECKING(what the operating system is )
+	AC_ARG_WITH(opsys, AC_HELP_STRING([--with-opsys=OS],
+	[specify operating system (linux, osx, bsd, solaris, irix, cygwin,
+	 aix, hp-ux, etc.)]),
+		[
+			#
+			# Run this if --with was specified
+			#
+			if test "x$withval" = x -o x$withval = xno; then
+				opsys_wanted=yes
+			else
+				opsys_wanted=no
+				opsys="$withval"
+				AC_MSG_RESULT($opsys)
+			fi
+		], [
+			#
+			# Run this if --with was not specified
+			#
+			opsys_wanted=yes
+		])
+
+		if test x$opsys = xno; then
+			opsys=""
+			opsys_wanted=yes
+		elif test x$opsys = xyes; then
+			AC_MSG_ERROR([you must enter an O/S type if '--with-opsys' is specified])
+		fi
+
+		#
+		# Determine operating system if it wasn't supplied
+		#
+		if test $opsys_wanted=yes; then
+			opsys=`uname -s | tr ["[A-Z]" "[a-z]"]`
+			if test x"$opsys" = "x"; then opsys="unknown"; fi
+			AS_CASE([$opsys],
+				[darwin*],		opsys="osx",
+				[*bsd*],		opsys="bsd",
+				[dragonfly],	opsys="bsd",
+				[sunos],		opsys="solaris",
+				[gnu/hurd],		opsys="linux",
+				[irix*],		opsys="irix",
+				[cygwin*],		opsys="cygwin",
+				[mingw*],		opsys="mingw",
+				[msys*],		opsys="msys")
+		fi
+
+		arch=`uname -m | tr ["[A-Z]" "[a-z]"]`
+
+		AC_MSG_RESULT($opsys)
+])

macros/ax_nagios_get_paths

@@ -0,0 +1,725 @@
+# ===========================================================================
+# SYNOPSIS
+#
+#   AX_NAGIOS_GET_PATHS
+#
+# DESCRIPTION
+#
+#    This macro figures out the installation & run paths for various systems
+#    The argument are:
+#        the O/S determined by the AX_NAGIOS_GET_OS macro.
+#        the distribution type as determined by AX_NAGIOS_GET_DISTRIB_TYPE
+#        the init type as determined by AX_NAGIOS_GET_INIT
+#        the inetd type as determined by AX_NAGIOS_GET_INETD
+#
+# LICENSE
+#
+#    Copyright (c) 2016 Nagios Core Development Team
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+# ===========================================================================
+
+AU_ALIAS([AC_NAGIOS_GET_PATHS], [AX_NAGIOS_GET_PATHS])
+AC_DEFUN([AX_NAGIOS_GET_PATHS],
+[
+
+AC_SUBST(pkgsysconfdir)
+AC_SUBST(objsysconfdir)
+AC_SUBST(sbindir)
+AC_SUBST(initname)
+AC_SUBST(inetdname)
+AC_SUBST(pluginsdir)
+AC_SUBST(brokersdir)
+AC_SUBST(cgibindir)
+AC_SUBST(webdir)
+AC_SUBST(privatesysconfdir)
+AC_SUBST(pkglocalstatedir)
+AC_SUBST(logdir)
+AC_SUBST(piddir)
+AC_SUBST(pipedir)
+AC_SUBST(spooldir)
+AC_SUBST(initdir)
+AC_SUBST(inetddir)
+AC_SUBST(tmpfilesd)
+AC_SUBST(subsyslockdir)
+AC_SUBST(subsyslockfile)
+
+if test x$DBG_PATHS != x; then
+	echo
+	echo Incoming paths:
+	echo "    prefix        $prefix"
+	echo "    exec_prefix   $exec_prefix"
+	echo "    bindir        $bindir"
+	echo "    sbindir       $sbindir"
+	echo "    libexecdir    $libexecdir"
+	echo "    sysconfdir    $sysconfdir"
+	echo "    localstatedir $localstatedir"
+	echo "    datarootdir   $datarootdir"
+	echo "    datadir       $datadir"
+	echo "    localedir     $localedir"
+	echo
+fi
+
+AC_MSG_CHECKING(for which paths to use )
+
+AC_ARG_ENABLE(install_method,
+	AC_HELP_STRING([--enable-install-method=<method>],
+	[sets the install method to use: 'default' (the default) will install to
+	/usr/local/nagios, 'os' will try to determine which method to use based
+	on OS type and distribution. Fine tuning using the '--bindir', etc.
+	overrides above will still work]),
+	install_method=$enableval,
+	install_method=default
+)
+
+AC_ARG_ENABLE(showdirs_only,
+	AC_HELP_STRING([--enable-showdirs-only=yes],
+	[This option will cause 'configure' to stop after determining the install
+	 locations based on '--enable-install-method', so you can see the
+	 destinations before a full './configure', 'make', 'make install'
+	 process.]),
+	showdirs_only=$enableval,
+	showdirs_only=no
+)
+
+AS_CASE([$install_method],
+	[yes], install_method="os",
+	[no],  install_method="default",
+	[default|os], :,
+	[*], echo >&6; AC_MSG_ERROR(['--enable-install-method=$install_method' is invalid])
+)
+
+if test $showdirs_only != "no"; then showdirs_only="yes"; fi
+
+AS_CASE([$dist_type],
+	[*solaris*|*hp-ux*|*aix*|*osx*], opsys=unix)
+
+
+need_cgi=no
+need_web=no
+need_brk=no
+need_plg=no
+need_pipe=no
+need_spl=no
+need_loc=no
+need_log_subdir=no
+need_etc_subdir=no
+need_pls_dir=no
+
+AS_CASE([$PKG_NAME],
+	[nagios],
+		need_log_subdir=yes
+		need_etc_subdir=yes
+		need_pls_dir=yes
+		need_brk=yes
+		need_pipe=yes
+		need_spl=yes
+		need_loc=yes
+		need_cgi=yes
+		need_web=yes,
+
+	[ndoutils],
+		need_spl=yes,
+
+	[nrpe],
+		need_plg=yes,
+
+	[nsca],
+		need_cgi=no,
+
+	[plugins],
+		need_loc=yes
+		need_plg=yes
+)
+
+AC_ARG_WITH(pkgsysconfdir, AC_HELP_STRING([--with-pkgsysconfdir=DIR],
+	[where configuration files should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		pkgsysconfdir="$withval"
+	fi)
+AC_ARG_WITH(objsysconfdir, AC_HELP_STRING([--with-objsysconfdir=DIR],
+	[where object configuration files should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		objsysconfdir="$withval"
+	fi)
+AC_ARG_WITH(privatesysconfdir, AC_HELP_STRING([--with-privatesysconfdir=DIR],
+	[where private configuration files should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		privatesysconfdir="$withval"
+	fi)
+AC_ARG_WITH(webdir, AC_HELP_STRING([--with-webdir=DIR],
+	[where the website files should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		webdir="$withval"
+	fi)
+AC_ARG_WITH(pluginsdir, AC_HELP_STRING([--with-pluginsdir=DIR],
+	[where the plugins should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		pluginsdir="$withval"
+	fi)
+AC_ARG_WITH(brokersdir, AC_HELP_STRING([--with-brokersdir=DIR],
+	[where the broker modules should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		brokersdir="$withval"
+	fi)
+AC_ARG_WITH(cgibindir, AC_HELP_STRING([--with-cgibindir=DIR],
+	[where the CGI programs should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		cgibindir="$withval"
+	fi)
+AC_ARG_WITH(logdir, AC_HELP_STRING([--with-logdir=DIR],
+	[where log files should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		logdir="$withval"
+	fi)
+AC_ARG_WITH(piddir, AC_HELP_STRING([--with-piddir=DIR],
+	[where the PID file should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		piddir="$withval"
+	fi)
+AC_ARG_WITH(pipedir, AC_HELP_STRING([--with-pipedir=DIR],
+	[where socket and pipe files should be placed]),
+	if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
+		pipedir="$withval"
+	fi)
+
+
+#
+# Setup the base directory
+#
+
+if test $install_method = "default"; then
+	if test $opsys = "unix"; then
+		if test x"$prefix" = "xNONE"; then prefix="/usr/local/nagios"; fi
+	else
+		if test x"$prefix" = "xNONE"; then prefix=${ac_default_prefix}; fi
+	fi
+	datarootdir=${datarootdir="$prefix"}
+
+else
+	if test x"$datadir" = x'${datarootdir}'; then AS_UNSET(datadir); fi
+	if test x"$sysconfdir" = x'${prefix}/etc'; then AS_UNSET(sysconfdir); fi
+
+	if test x"$prefix" = "xNONE"; then
+		if test $dist_type = freebsd -o $dist_type = openbsd -o $dist_type = osx; then
+			prefix="/usr/local"
+		elif test $dist_type = netbsd; then
+			prefix="/usr/pkg"
+		else
+			prefix="/usr"
+		fi
+	fi
+	if test x"$exec_prefix" = "xNONE"; then exec_prefix=$prefix; fi
+	if test x"$localstatedir" = x'${prefix}/var'; then
+		if test $dist_type = "osx"; then
+			localstatedir="/private/var"
+		else
+			localstatedir="/var"
+		fi
+	fi
+
+	if test $opsys = "unix"; then
+		if test x"$datarootdir" = x'${prefix}/share'; then
+			if test $dist_type = "hp-ux"; then
+				datarootdir="/usr/local/share"
+				if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
+					libexecdir="/usr/nagios"
+				fi
+			elif test $dist_type = "osx"; then
+				datarootdir="/usr/local/share"
+				if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
+					libexecdir="/usr/local/nagios"
+				fi
+			elif test x"$libexecdir" = x'${exec_prefix}/libexec'; then
+				libexecdir="/usr/lib/nagios"
+			fi
+		fi
+		if test $dist_type = "osx"; then
+			if test x"$sbindir" = x'${exec_prefix}/sbin'; then
+				sbindir="$libexecdir"
+			fi
+			if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
+				libexecdir="/usr/local/libexec/nagios"
+			fi
+		fi
+	elif test $opsys = "bsd"; then
+		if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
+			libexecdir=${exec_prefix}/libexec/nagios;
+		fi
+	elif test x"$libexecdir" = x'${exec_prefix}/lib'; then
+		libexecdir=${libexecdir}/nagios;
+	elif test x"$libexecdir" = x'${exec_prefix}/libexec'; then
+		libexecdir=${exec_prefix}/lib/nagios;
+	fi
+
+fi
+
+if test x"$exec_prefix" = "xNONE"; then exec_prefix=${prefix}; fi
+
+tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
+if test ! -d "$tmpfilesd"; then
+	tmpfilesd="N/A"
+else
+	tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
+fi
+subsyslockdir=${subsyslockdir="/var/lock/subsys"}
+if test ! -d "$subsyslockdir"; then
+	subsyslockdir="N/A"
+	subsyslockfile="N/A"
+else
+	subsyslockfile="$subsyslockdir/$PKG_NAME"
+fi
+if test "$need_loc" = no; then
+	localedir="N/A"
+fi
+
+if test $install_method = "default" ; then
+	#
+	# Do the default setup
+	#
+	sbindir=${bindir}
+	datadir=${datadir="$datarootdir"}
+	if test $need_web = yes; then
+		webdir=${webdir="$datadir"}
+	else
+		webdir="N/A"
+	fi
+	if test $opsys = "unix"; then
+		sysconfdir=${sysconfdir="/etc/opt"}
+	fi
+	pkgsysconfdir=${pkgsysconfdir="$sysconfdir"}
+	if test $need_etc_subdir = yes; then
+		objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
+	else
+		objsysconfdir="N/A"
+	fi
+	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir"}
+	logdir=${logdir="$localstatedir"}
+	piddir=${piddir="$localstatedir"}
+	if test "$need_pipe" = yes; then
+		pipedir=${pipedir="$localstatedir/rw"}
+	else
+		pipedir="N/A"
+	fi
+	if test "$need_pls_dir" = yes; then
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir"}
+	else
+		pkglocalstatedir="N/A"
+	fi
+	if test "$need_spl" = yes; then
+		spooldir=${spooldir="$localstatedir/var"}
+	else
+		spooldir="N/A"
+	fi
+	if test $need_brk = yes; then
+		brokersdir=${brokersdir="$bindir"}
+	else
+		brokersdir="N/A"
+	fi
+	if test $need_plg = yes; then
+		pluginsdir=${pluginsdir="$libexecdir"}
+	else
+		pluginsdir="N/A"
+	fi
+	if test $need_cgi = yes; then
+		cgibindir=${cgibindir="$prefix/sbin"}
+	else
+		cgibindir="N/A"
+	fi
+
+elif test $opsys = "linux"; then
+
+	#
+	# Linux "Standard" install
+	#
+	install_method="$install_method : FHS"
+	datadir=${datadir="$datarootdir/nagios"}
+	if test $need_web = yes; then
+		webdir=${webdir="$datadir/html"}
+	else
+		webdir="N/A"
+	fi
+	sysconfdir=${sysconfdir="/etc"}
+	pkgsysconfdir=${pkgsysconfdir="$sysconfdir/nagios"}
+	if test $need_etc_subdir = yes; then
+		objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
+	else
+		objsysconfdir="N/A"
+	fi
+	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
+	if test $need_log_subdir = yes; then
+		logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+	else
+		logdir=${logdir="$localstatedir/log"}
+	fi
+	piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+	if test "$need_pipe" = yes; then
+		pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+	else
+		pipedir="N/A"
+	fi
+	if test "$need_pls_dir" = yes; then
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+	else
+		pkglocalstatedir="N/A"
+	fi
+	if test "$need_spl" = yes; then
+		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+	else
+		spooldir="N/A"
+	fi
+	if test $need_brk = yes; then
+		brokersdir=${brokersdir="$libexecdir/brokers"}
+	else
+		brokersdir="N/A"
+	fi
+	if test $need_plg = yes; then
+		pluginsdir=${pluginsdir="$libexecdir/plugins"}
+	else
+		pluginsdir="N/A"
+	fi
+	if test $need_cgi = yes; then
+		cgibindir=${cgibindir="$libexecdir/cgi-bin"}
+	else
+		cgibindir="N/A"
+	fi
+
+elif test $opsys = "unix"; then
+
+	#
+	# "Standard" Unix install
+	#
+	install_method="$install_method : Unix Standard"
+	if test $dist_type = osx; then
+		install_method="$install_method : OS X Standard"
+		sbindir=${sbindir="/usr/local/libexec"}
+	fi
+	datadir=${datadir="$datarootdir/nagios"}
+	if test $need_web = yes; then
+		webdir=${webdir="$datadir/html"}
+	else
+		webdir="N/A"
+	fi
+	if test $dist_type = osx; then
+		sysconfdir=${sysconfdir="/private/etc"}
+	else
+		sysconfdir=${sysconfdir="/etc"}
+	fi
+	pkgsysconfdir=${pkgsysconfdir="$sysconfdir/nagios"}
+	if test $need_etc_subdir = yes; then
+		objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
+	else
+		objsysconfdir="N/A"
+	fi
+	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
+	if test "$need_pls_dir" = yes; then
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+	else
+		pkglocalstatedir="N/A"
+	fi
+	if test "$need_loc" = yes; then
+		localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
+	fi
+	if test "$need_spl" = yes; then
+		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+	else
+		spooldir="N/A"
+	fi
+	if test $need_brk = yes; then
+		brokersdir=${brokersdir="$libexecdir/brokers"}
+	else
+		brokersdir="N/A"
+	fi
+	if test $need_plg = yes; then
+		pluginsdir=${pluginsdir="$libexecdir/plugins"}
+	else
+		pluginsdir="N/A"
+	fi
+	if test $need_cgi = yes; then
+		cgibindir=${cgibindir="$libexecdir/cgi-bin"}
+	else
+		cgibindir="N/A"
+	fi
+	AS_CASE([$dist_type],
+		[*hp-ux*],
+			piddir=${piddir="$pkgsysconfdir"}
+			pipedir=${pipedir="$pkglocalstatedir"}
+			logdir=${logdir="$pkglocalstatedir/log"},
+
+		[*],
+			piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+			if test "$need_pipe" = yes; then
+				pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+			else
+				pipedir="N/A"
+			fi
+			if test $need_log_subdir = yes; then
+				logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+			else
+				logdir=${logdir="$localstatedir/log"}
+			fi
+	)
+
+elif test $opsys = "bsd"; then
+
+	#
+	# "Standard" BSD install
+	#
+	install_method="$install_method : BSD"
+	if test $dist_type = freebsd -o $dist_type = openbsd; then
+		prefix=${prefix="/usr/local"}
+		exec_prefix=${exec_prefix="/usr/local"}
+		if test $dist_type = freebsd; then
+			install_method="$install_method : FreeBSD"
+		else
+			install_method="$install_method : OpenBSD"
+		fi
+	elif test $dist_type = netbsd; then
+		prefix=${prefix="/usr/pkg"}
+		exec_prefix=${exec_prefix="/usr/pkg"}
+		install_method="$install_method : NetBSD"
+	fi
+	datadir=${datadir="$datarootdir/nagios"}
+	if test $need_web = yes -o $need_cgi = yes; then
+		if test $dist_type = freebsd; then
+			webdir=${webdir="$prefix/www/nagios"}
+		elif test $dist_type = netbsd; then
+			webdir=${webdir="$prefix/share/nagios"}
+		elif test $dist_type = openbsd; then
+			webdir=${webdir="/var/www/nagios"}
+		fi
+	else
+		webdir="N/A"
+	fi
+	if test $dist_type = freebsd; then
+		sysconfdir=${sysconfdir="/usr/local/etc"}
+	else
+		sysconfdir=${sysconfdir="/etc"}
+	fi
+	pkgsysconfdir=${pkgsysconfdir="$sysconfdir/nagios"}
+	if test $need_etc_subdir = yes; then
+		objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
+	else
+		objsysconfdir="N/A"
+	fi
+	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
+	if test "$need_pls_dir" = yes; then
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+	else
+		pkglocalstatedir="N/A"
+	fi
+	if test "$need_loc" = yes; then
+		localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
+	fi
+	if test "$need_spl" = yes; then
+		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+	else
+		spooldir="N/A"
+	fi
+	if test $need_brk = yes; then
+		brokersdir=${brokersdir="$libexecdir/brokers"}
+	else
+		brokersdir="N/A"
+	fi
+	if test $need_plg = yes; then
+		pluginsdir=${pluginsdir="$libexecdir/plugins"}
+	else
+		pluginsdir="N/A"
+	fi
+	if test $need_cgi = yes; then
+		if test $dist_type = freebsd; then
+			cgibindir=${cgibindir="$webdir/cgi-bin"}
+		elif test $dist_type = netbsd; then
+			cgibindir=${pluginsdir="$libexecdir/cgi-bin"}
+		elif test $dist_type = openbsd; then
+			cgibindir=${pluginsdir="/var/www/cgi-bin/nagios"}
+		fi
+	else
+		cgibindir="N/A"
+	fi
+	piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+	if test "$need_pipe" = yes; then
+		pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+	else
+		pipedir="N/A"
+	fi
+	if test $need_log_subdir = yes; then
+		logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+	else
+		logdir=${logdir="$localstatedir/log"}
+	fi
+
+else
+
+	#
+	# Unknown install
+	#
+	install_method="unknown"
+	webdir=unknown
+	pkgsysconfdir=unknown
+	objsysconfdir=unknown
+	privatesysconfdir=unknown
+	logdir=unknown
+	piddir=unknown
+	pipedir=unknown
+	pkglocalstatedir=unknown
+	spooldir=unknown
+	brokersdir=unknown
+	pluginsdir=unknown
+	cgibindir=unknown
+
+fi
+
+eval prefix=$prefix
+eval exec_prefix=$exec_prefix
+eval bindir=$bindir
+eval sbindir=$sbindir
+eval datarootdir=$datarootdir
+eval datadir=$datadir
+eval libexecdir=$libexecdir
+eval brokersdir=$brokersdir
+eval pluginsdir=$pluginsdir
+eval cgibindir=$cgibindir
+eval pkglocalstatedir=$pkglocalstatedir
+eval webdir=$webdir
+eval localedir=$localedir
+eval sysconfdir=$sysconfdir
+eval pkgsysconfdir=$pkgsysconfdir
+eval piddir=$piddir
+
+#
+# Init scripts/files
+#
+AS_CASE([$init_type],
+
+	[sysv],
+		if test $dist_type = "hp-ux"; then
+			initdir=${initdir="/sbin/init.d"}
+		else
+			initdir=${initdir="/etc/init.d"}
+		fi
+		initname=${initname="$PKG_NAME"}
+		initconfdir=${initconfdir="/etc/conf.d"}
+		initconf=${initconf="$initconfdir/$PKG_NAME"},
+
+	[systemd],
+		if test $dist_type = "debian"; then
+			initdir=${initdir="/lib/systemd/system"}
+		else
+			initdir=${initdir="/usr/lib/systemd/system"}
+		fi
+		initname=${initname="$PKG_NAME.service"},
+
+	[bsd],
+		initdir=${initdir="/etc/rc.d"}
+		initname=${initname="rc.$PKG_NAME"},
+
+	[newbsd],
+		initdir=${initdir="/etc/rc.d"}
+		initname=${initname="$PKG_NAME"},
+
+	[gentoo],
+		initdir=${initdir="/etc/init.d"}
+		initname=${initname="$PKG_NAME"}
+		initconfdir=${initconfdir="/etc/init.d"}
+		initconf=${initconf="$initconfdir/$PKG_NAME"},
+
+	[openrc],
+		initdir=${initdir="/etc/init.d"}
+		initname=${initname="$PKG_NAME"}
+		initconfdir=${initconfdir="/etc/conf.d"}
+		initconf=${initconf="$initconfdir/$PKG_NAME"},
+
+	[smf*],
+		if test $init_type = smf10; then
+			initdir=${initdir="/var/svc/manifest/network/nagios"}
+		else
+			initdir=${initdir="/lib/svc/manifest/network/nagios"}
+		fi
+		initname=${initname="$PKG_NAME.xml"}
+		initconfdir=unknown
+		initconf=unknown,
+
+	[upstart],
+		initdir=${initdir="/etc/init"}
+		initname=${initname="$PKG_NAME.conf"}
+		initconfdir=${initconfdir="/etc/default"}
+		initconf=${initconf="$initconfdir/$PKG_NAME"},
+
+	[launchd],
+		initdir=${initdir="/Library/LaunchDaemons"}
+		initname=${initname="org.nagios.$PKG_NAME.plist"},
+#		initconfdir=${initconfdir="/private/etc"}
+#		initconf=${initconf="$initconfdir/$PKG_NAME"},
+
+
+	[*],
+		initdir=unknown
+		initname=unknown)
+
+#
+# Inetd (per connection) scripts/files
+#
+AS_CASE([$inetd_type],
+	[inetd*],
+		inetddir=${inetddir="/etc"}
+		inetdname=${inetdname="inetd.conf"},
+
+	[xinetd],
+		inetddir=${inetddir="/etc/xinetd.d"}
+		inetdname=${inetdname="$PKG_NAME"},
+
+	[systemd],
+		if test $dist_type = "debian"; then
+			inetddir=${inetddir="/lib/systemd/system"}
+		else
+			inetddir=${inetddir="/usr/lib/systemd/system"}
+		fi
+		netdname=${inetdname="$PKG_NAME.socket"},
+
+	[smf*],
+		if test $init_type = smf10; then
+			inetddir=${inetddir="/var/svc/manifest/network/nagios"}
+		else
+			inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
+		fi
+		inetdname=${inetdname="$PKG_NAME.xml"},
+
+#	[upstart],
+#		inetddir=${inetddir="/etc/init.d"}
+#		inetdname=${inetdname="$PKG_NAME"},
+
+	[launchd],
+		inetddir=${inetddir="/Library/LaunchDaemons"}
+		inetdname=${inetdname="org.nagios.$PKG_NAME.plist"},
+
+	[*],
+		inetddir=${inetddir="unknown"}
+		inetdname=${inetdname="unknown"})
+
+AC_MSG_RESULT($install_method)
+])

macros/ax_nagios_get_ssl

@@ -0,0 +1,302 @@
+# ===========================================================================
+# SYNOPSIS
+#
+#   AX_NAGIOS_GET_SSL
+#
+# DESCRIPTION
+#
+#    This macro finds the openssl binary, the header files directory and
+#    the library files directory. It will also search for the gnutls
+#    compatibility library/headers and the nss compatibility library/headers.
+#
+# LICENSE
+#
+#    Copyright (c) 2016 Nagios Core Development Team
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+# ===========================================================================
+
+AU_ALIAS([AC_NAGIOS_GET_SSL], [AX_NAGIOS_GET_SSL])
+AC_DEFUN([AX_NAGIOS_GET_SSL],
+[
+
+# -------------------------------
+#  SSL library and include paths
+# -------------------------------
+
+SSL_TYPE=openssl
+try_pkg_config=1
+ssl_dir=
+ssl_inc_dir=
+ssl_lib_dir=
+SSL_INC_DIR=
+SSL_INC_PREFIX=
+SSL_HDR=
+SSL_LIB_DIR=
+
+AC_SUBST(HAVE_SSL)
+AC_SUBST(SSL_INC_DIR)
+AC_SUBST(SSL_HDR)
+AC_SUBST(SSL_INC_PREFIX)
+AC_SUBST(SSL_LIB_DIR)
+
+
+# gnutls/openssl.h
+# nss_compat_ossl/nss_compat_ossl.h
+
+dnl # Which type - openssl, gnutls-openssl, nss
+dnl AC_ARG_WITH([ssl-type],
+dnl dnl	AS_HELP_STRING([--with-ssl-type=TYPE],[replace TYPE with gnutls or nss to use one of these instead of openssl]),
+dnl 	AS_HELP_STRING([--with-ssl-type=TYPE],[replace TYPE with gnutls to use that instead of openssl]),
+dnl 	[SSL_TYPE=$withval])
+
+AC_ARG_WITH([ssl],
+	AS_HELP_STRING([--with-ssl=DIR],[sets location of the SSL installation]),
+	[ssl_dir=$withval])
+AC_ARG_WITH([ssl-inc],
+	AS_HELP_STRING([--with-ssl-inc=DIR],
+		[sets location of the SSL include files]),
+	[ssl_inc_dir=$withval])
+AC_ARG_WITH([ssl-lib],
+	AS_HELP_STRING([--with-ssl-lib=DIR],[sets location of the SSL libraries]),
+	[ssl_lib_dir=$withval])
+
+if test x$ssl_inc_dir != x -o x$ssl_lib_dir != x; then
+	try_pkg_config=0
+fi
+
+AC_ARG_WITH([kerberos-inc],
+	AS_HELP_STRING([--with-kerberos-inc=DIR],
+		[sets location of the Kerberos include files]),
+	[kerberos_inc_dir=$withval])
+
+if test x$SSL_TYPE = xyes; then
+    SSL_TYPE=openssl
+fi
+
+
+dflt_hdrs="$ssl_inc_dir $ssl_dir $ssl_inc_dir/include $ssl_dir/include \
+			/usr/local/opt/{BBB} /usr/include/{BBB} /usr/local/include/{BBB} \
+			/usr/local/{AAA} /usr/local/{BBB} /usr/lib/{AAA} /usr/lib/{BBB} \
+			/usr/{AAA} /usr/pkg /usr/local /usr /usr/freeware/lib/{BBB} \
+			/usr/sfw /usr/sfw/include /opt/{BBB}"
+
+dflt_libs="$ssl_lib_dir {ssldir} {ssldir}/lib {ssldir}/lib64 /usr/lib64 \
+			/usr/lib /usr/lib/x86_64-linux-gnu /usr/lib/i386-linux-gnu \
+			/usr/local/lib /usr/lib/{AAA} /usr/{AAA}/lib /usr/{BBB}/lib \
+			/usr/pkg/lib /usr/freeware/lib/{BBB} /usr/sfw/lib /opt/freeware/lib \
+			/opt/{BBB}/lib/hpux64 /opt/{BBB}/lib/pa20_64 /opt/{BBB}/lib/hpux32 \
+			/opt/{BBB}/lib /opt/{BBB}";
+
+
+AS_CASE([$SSL_TYPE],
+	[no], [SSL_TYPE=NONE],
+	[yes|openssl],
+		[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/ssl/g' | sed -e 's/{BBB}/openssl/g'`
+		 ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/ssl/g' | sed -e 's/{BBB}/openssl/g'`
+		 SSL_INC_PREFIX=openssl
+		 SSL_HDR=ssl.h
+		 ssl_lib=libssl],
+	[gnutls],
+		[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/gnutls/g' | sed -e 's/{BBB}/gnutls/g'`
+		 ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/gnutls/g' | sed -e 's/{BBB}/gnutls/g'`
+		 SSL_INC_PREFIX=gnutls
+		 SSL_TYPE=gnutls_compat
+		 SSL_HDR=compat.h
+		 ssl_lib=libgnutls],
+	[nss],
+		[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/nss_compat_ossl/g' | sed -e 's/{BBB}/nss_compat_ossl/g'`
+		 ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/nss_compat_ossl/g' | sed -e 's/{BBB}/nss_compat_ossl/g'`
+		 SSL_HDR=nss_compat_ossl.h
+		 ssl_lib=libnss_compat],
+	[*], echo >&6; AC_MSG_ERROR(['--with-ssl-type=$SSL_TYPE' is invalid])
+)
+
+
+# Check for SSL support
+
+if test x$SSL_TYPE != xNONE; then
+
+	found_ssl=no
+
+	# RedHat 8.0 and 9.0 include openssl compiled with kerberos,
+	# so we must include header file
+	# Must come before openssl checks for Redhat EL 3
+	AC_MSG_CHECKING(for Kerberos include files)
+	found_kerberos=no
+	for dir in $kerberos_inc_dir /usr/kerberos/include /usr/include/krb5 \
+				/usr/include; do
+		kerbdir="$dir"
+		if test -f "$dir/krb5.h"; then
+			found_kerberos=yes
+			CFLAGS="$CFLAGS -I$kerbdir"
+			AC_DEFINE_UNQUOTED(HAVE_KRB5_H,[1],[Have the krb5.h header file])
+			break
+		fi
+	done
+
+	if test x_$found_kerberos != x_yes; then
+		AC_MSG_WARN(could not find include files)
+	else
+		AC_MSG_RESULT(found Kerberos include files in $kerbdir)
+	fi
+
+	# First, try using pkg_config
+	AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
+	if test x"$PKG_CONFIG" != x -a $try_pkg_config -ne 0 ; then
+		cflags=`$PKG_CONFIG $SSL_TYPE --cflags-only-I 2>/dev/null`
+		if test $? -eq 0; then
+			CFLAGS="$CFLAGS $cflags"
+			LDFLAGS="$LDFLAGS `$PKG_CONFIG $SSL_TYPE --libs-only-L 2>/dev/null`"
+			LIBS="$LIBS `$PKG_CONFIG $SSL_TYPE --libs-only-l 2>/dev/null`"
+			found_ssl=yes
+			AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
+		fi
+	fi
+
+	if test x_$found_ssl != x_yes; then
+
+		# Find the SSL Headers
+		AC_MSG_CHECKING(for SSL headers)
+		for dir in $ssl_hdr_dirs; do
+			if test "$dir" = "/include"; then
+				continue
+			fi
+			ssldir="$dir"
+			if test -f "$dir/include/$SSL_INC_PREFIX/$SSL_HDR"; then
+				found_ssl=yes
+				CFLAGS="$CFLAGS -I$dir/include/$SSL_INC_PREFIX -I$ssldir/include"
+				SSL_INC_DIR="$dir/include/$SSL_INC_PREFIX"
+				break
+			fi
+			if test -f "$dir/include/$SSL_HDR"; then
+				found_ssl=yes
+				if test "$SSL_HDR" != compat.h ; then
+					SSL_INC_PREFIX=""
+				fi
+				CFLAGS="$CFLAGS -I$dir/include"
+				SSL_INC_DIR="$dir/include"
+				break
+			fi
+			if test -f "$dir/$SSL_HDR"; then
+				found_ssl=yes
+				SSL_INC_PREFIX=""
+				CFLAGS="$CFLAGS -I$dir"
+				SSL_INC_DIR="$dir"
+				break
+			fi
+			if test -f "$dir/$SSL_INC_PREFIX/$SSL_HDR"; then
+				found_ssl=yes
+				CFLAGS="$CFLAGS -I$dir/$SSL_INC_PREFIX"
+				SSL_INC_DIR="$dir/$SSL_INC_PREFIX"
+				ssldir="$dir/.."
+				break
+			fi
+		done
+
+		if test x_$found_ssl != x_yes; then
+			AC_MSG_ERROR(Cannot find ssl headers)
+		else
+			AC_MSG_RESULT(found in $ssldir)
+
+			# Now try and find SSL libraries
+
+			AC_MSG_CHECKING(for SSL libraries)
+			found_ssl=no
+			ssl_lib_dirs=`echo "$ssl_lib_dirs" | sed -e "s|{ssldir}|$ssldir|g"`
+
+			if test "`uname -s`" = "Darwin" ; then
+				soext="dylib"
+			elif test "`uname -s`" = "HP-UX" ; then
+				if test x$arch = "xia64"; then
+					soext="so"
+				else
+					soext="sl"
+				fi
+			elif test "`uname -s`" = "AIX" ; then
+				soext="a"
+			else
+				soext="so"
+			fi
+
+			for dir in $ssl_lib_dirs; do
+				if test -f "$dir/$ssl_lib.$soext"; then
+					found_ssl=yes
+					SSL_LIB_DIR="$dir"
+					break
+				fi
+			done
+
+			if test x_$found_ssl != x_yes; then
+				AC_MSG_ERROR(Cannot find ssl libraries)
+			else
+				AC_MSG_RESULT(found in $SSL_LIB_DIR)
+
+				LDFLAGS="$LDFLAGS -L$SSL_LIB_DIR";
+				LIBS="$LIBS -l`echo $ssl_lib | sed -e 's/^lib//'` -lcrypto";
+				AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
+			fi
+		fi
+	fi
+
+	if test x$found_ssl = xyes ; then
+		if test -n "$SSL_INC_PREFIX" ; then
+			SSL_INC_PREFIX="${SSL_INC_PREFIX}/"
+		fi
+
+		# try to compile and link to see if SSL is set up properly
+		AC_MSG_CHECKING([whether compiling and linking against SSL works])
+
+		AC_LINK_IFELSE(
+			[AC_LANG_PROGRAM([#include <${SSL_INC_PREFIX}${SSL_HDR}>], [SSL_new(NULL)])],
+			[
+				AC_MSG_RESULT([yes])
+				$1
+			], [
+				AC_MSG_ERROR([no])
+				$2
+			])
+	fi
+
+	if test x$found_ssl = xyes -a x$need_dh = xyes; then
+
+		# Find the openssl program
+
+		if test x$need_dh = xyes; then
+			AC_PATH_PROG(sslbin,openssl,value-if-not-found,$ssl_dir/sbin$PATH_SEPARATOR$ssl_dir/bin$PATH_SEPARATOR$PATH)
+			AC_DEFINE(USE_SSL_DH)
+			# Generate DH parameters
+			if test -f "$sslbin"; then
+				echo ""
+				echo "*** Generating DH Parameters for SSL/TLS ***"
+				# awk to strip off meta data at bottom of dhparam output
+				$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
+			fi
+		fi
+	fi
+fi
+])

nrpe.spec

@@ -1,252 +0,0 @@
-%define isaix %(test "`uname -s`" = "AIX" && echo "1" || echo "0")
-%define islinux %(test "`uname -s`" = "Linux" && echo "1" || echo "0")
-
-%if %{isaix}
-	%define _prefix	/opt/nagios
-	%define _docdir %{_prefix}/doc/nrpe-2.15
-	%define nshome /opt/nagios
-	%define _make gmake
-%endif
-%if %{islinux}
-	%define _init_dir /etc/init.d
-	%define _exec_prefix %{_prefix}/sbin
-	%define _bindir %{_prefix}/sbin
-	%define _sbindir %{_prefix}/lib/nagios/cgi
-	%define _libexecdir %{_prefix}/lib/nagios/plugins
-	%define _datadir %{_prefix}/share/nagios
-	%define _localstatedir /var/log/nagios
-	%define nshome /var/log/nagios
-	%define _make make
-%endif
-%define _sysconfdir /etc/nagios
-
-%define name nrpe
-%define version 2.15
-%define release 1
-%define nsusr nagios
-%define nsgrp nagios
-%define nsport 5666
-
-# Reserve option to override port setting with:
-# rpm -ba|--rebuild --define 'nsport 5666'
-%{?port:%define nsport %{port}}
-
-# Macro that print mesages to syslog at package (un)install time
-%define nnmmsg logger -t %{name}/rpm
-
-Summary: Host/service/network monitoring agent for Nagios
-URL: http://www.nagios.org
-Name: %{name}
-Version: %{version}
-Release: %{release}
-License: GPL
-Group: Application/System
-Source0: %{name}-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-buildroot
-Prefix: %{_prefix}
-Prefix: /etc/init.d
-Prefix: /etc/nagios
-%if %{isaix}
-Requires: nagios-plugins
-%endif
-%if %{islinux}
-Requires: bash, grep, nagios-plugins, util-linux, chkconfig, shadow-utils, sed, initscripts, mktemp
-%endif
-
-%description
-NPRE (Nagios Remote Plugin Executor) is a system daemon that 
-will execute various Nagios plugins locally on behalf of a 
-remote (monitoring) host that uses the check_nrpe plugin.  
-Various plugins that can be executed by the daemon are available 
-at: http://sourceforge.net/projects/nagiosplug
-
-This package provides the client-side NRPE agent (daemon).
-
-%package plugin
-Group: Application/System
-Summary: Provides nrpe plugin for Nagios.
-Requires: nagios-plugins
-
-%description plugin
-NPRE (Nagios Remote Plugin Executor) is a system daemon that 
-will execute various Nagios plugins locally on behalf of a 
-remote (monitoring) host that uses the check_nrpe plugin.  
-Various plugins that can be executed by the daemon are available 
-at: http://sourceforge.net/projects/nagiosplug
-
-This package provides the server-side NRPE plugin for 
-Nagios-related applications.
-
-%prep
-%setup -q
-
-
-%pre
-# Create `nagios' group on the system if necessary
-%if %{isaix}
-lsgroup %{nsgrp} > /dev/null 2> /dev/null
-if [ $? -eq 2 ] ; then
-	mkgroup %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
-fi
-%endif
-%if %{islinux}
-getent group %{nsgrp} > /dev/null 2> /dev/null
-if [ $? -ne 0 ] ; then
-	groupadd %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
-fi
-%endif
-
-# Create `nagios' user on the system if necessary
-%if %{isaix}
-lsuser %{nsusr} > /dev/null 2> /dev/null
-if [ $? -eq 2 ] ; then
-	useradd -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
-		%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
-fi
-%endif
-%if %{islinux}
-getent passwd %{nsusr} > /dev/null 2> /dev/null
-if [ $? -ne 0 ] ; then
-	useradd -r -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
-		%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
-fi
-%endif
-
-%if %{isaix}
-# Check to see if the nrpe service is running and, if so, stop it.
-/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
-if [ $? -eq 0 ] ; then
-	status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
-	if [ "$status" = "active" ] ; then
-		/usr/bin/stopsrc -s nrpe
-	fi
-fi
-%endif
-
-%if %{islinux}
-# if LSB standard /etc/init.d does not exist,
-# create it as a symlink to the first match we find
-if [ -d /etc/init.d -o -L /etc/init.d ]; then
-  : # we're done
-elif [ -d /etc/rc.d/init.d ]; then
-  ln -s /etc/rc.d/init.d /etc/init.d
-elif [ -d /usr/local/etc/rc.d ]; then
-  ln -s  /usr/local/etc/rc.d /etc/init.d
-elif [ -d /sbin/init.d ]; then
-  ln -s /sbin/init.d /etc/init.d
-fi
-%endif
-
-%if %{isaix}
-%post
-/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
-if [ $? -eq 1 ] ; then
-	/usr/bin/mkssys -p %{_bindir}/nrpe -s nrpe -u 0 -a "-c %{_sysconfdir}/nrpe.cfg -d -s" -Q -R -S -n 15 -f 9
-fi
-/usr/bin/startsrc -s nrpe
-%endif
-
-%preun
-%if %{isaix}
-status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
-if [ "$status" = "active" ] ; then
-	/usr/bin/stopsrc -s nrpe
-fi
-/usr/bin/rmssys -s nrpe
-%endif
-%if %{islinux}
-if [ "$1" = 0 ]; then
-	/sbin/service nrpe stop > /dev/null 2>&1
-	/sbin/chkconfig --del nrpe
-fi
-%endif
-
-%if %{islinux}
-%postun
-if [ "$1" -ge "1" ]; then
-	/sbin/service nrpe condrestart >/dev/null 2>&1 || :
-fi
-%endif
-
-%build
-export PATH=$PATH:/usr/sbin
-CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
-MAKE=%{_make} ./configure \
-	--with-init-dir=/etc/init.d \
-	--with-nrpe-port=%{nsport} \
-	--with-nrpe-user=%{nsusr} \
-	--with-nrpe-group=%{nsgrp} \
-	--prefix=%{_prefix} \
-	--exec-prefix=%{_exec_prefix} \
-	--bindir=%{_bindir} \
-	--sbindir=%{_sbindir} \
-	--libexecdir=%{_libexecdir} \
-	--datadir=%{_datadir} \
-	--sysconfdir=%{_sysconfdir} \
-	--localstatedir=%{_localstatedir} \
-	--enable-command-args
-%{_make} all
-
-%install
-[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
-%if %{islinux}
-install -d -m 0755 ${RPM_BUILD_ROOT}%{_init_dir}
-%endif
-DESTDIR=${RPM_BUILD_ROOT} %{_make} install install-daemon-config
-#install -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}
-#install -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
-#install -d -m 0755 ${RPM_BUILD_ROOT}%{_libexecdir}
-
-# install templated configuration files
-#cp sample-config/nrpe.cfg ${RPM_BUILD_ROOT}%{_sysconfdir}/nrpe.cfg
-#%if %{isaix}
-#cp init-script ${RPM_BUILD_ROOT}%{_init_dir}/nrpe
-#%endif
-#cp src/nrpe ${RPM_BUILD_ROOT}%{_bindir}
-#cp src/check_nrpe ${RPM_BUILD_ROOT}%{_libexecdir}
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
-%files
-%if %{islinux}
-%defattr(755,root,root)
-/etc/init.d/nrpe
-%endif
-%{_bindir}/nrpe
-%dir %{_sysconfdir}
-%defattr(600,%{nsusr},%{nsgrp})
-%config(noreplace) %{_sysconfdir}/*.cfg
-%defattr(755,%{nsusr},%{nsgrp})
-%doc Changelog LEGAL README 
-
-%files plugin
-%defattr(755,%{nsusr},%{nsgrp})
-%{_libexecdir}
-%defattr(644,%{nsusr},%{nsgrp})
-%doc Changelog LEGAL README 
-
-%changelog
-* Mon Mar 12 2012 Eric Stanley estanley<@>nagios.com
-- Created autoconf input file 
-- Updated to support building on AIX
-- Updated install to use make install*
-* Mon Jan 23 2006 Andreas Kasenides ank<@>cs.ucy.ac.cy
-- fixed nrpe.cfg relocation to sample-config
-- replaced Copyright label with License
-- added --enable-command-args to enable remote arg passing (if desired can be disabled by commenting out)
-
-* Wed Nov 12 2003 Ingimar Robertsson <iar@skyrr.is>
-- Added adding of nagios group if it does not exist.
-
-* Tue Jan 07 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
-- Removed the lines which removed the nagios user and group from the system
-- changed the patch release version from 3 to 1
-
-* Mon Jan 06 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
-- Removed patch files required for nrpe 1.5
-- Update spec file for version 1.6 (1.6-1)
-
-* Sat Dec 28 2002 James 'Showkilr' Peterson <showkilr@showkilr.com>
-- First RPM build (1.5-1)

nrpe.spec.in

@@ -96,7 +96,7 @@ if [ $? -ne 0 ] ; then
 fi
 %endif
 
-# Create `nagios' user on the system if necessary
+# Create `nrpe' user on the system if necessary
 %if %{isaix}
 lsuser %{nsusr} > /dev/null 2> /dev/null
 if [ $? -eq 2 ] ; then

package/solaris/Makefile.in

@@ -1,81 +0,0 @@
-###################################
-# Makefile for NRPE Solaris Package
-#
-# Last Modified: 2 Dec 2011
-###################################
-
-TARGET_OS=@TARGET_OS@
-TARGET_VER=@TARGET_VER@
-TARGET_ARCH=@TARGET_ARCH@
-TARGET_PLATFORM=@TARGET_PLATFORM@
-
-SOLARIS_CONFIG_OPTS=--prefix=/opt/nagios --sysconfdir=/etc/nagios --enable-command-args
-
-PKG_NAME=NGOSnrpe
-PKG_VERSION=@PKG_VERSION@
-PKG_FILE=@PACKAGE_NAME@-$(PKG_VERSION)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-local
-
-TOPDIR=@top_builddir@
-PKGDIR=@builddir@/pkg
-SRCDIR=@builddir@/build/src
-INSTALLDIR=@builddir@/install
-ABSINSTALLDIR=@abs_builddir@/install
-
-build:
-	if [ ! -d build ] ; then mkdir build ; fi
-	if [ ! -d install ] ; then mkdir install ; fi
-	cd build; ../../../configure $(SOLARIS_CONFIG_OPTS); $(MAKE) all; DESTDIR=$(ABSINSTALLDIR) $(MAKE) install install-daemon-config
-
-prototype: $(PKGDIR)
-	@echo "i pkginfo" > $(PKGDIR)/prototype
-	@echo "i copyright=../$(TOPDIR)/LEGAL" >> $(PKGDIR)/prototype
-	@echo "i preinstall" >> $(PKGDIR)/prototype
-	@echo "i i.config" >> $(PKGDIR)/prototype
-	@echo "i r.config" >> $(PKGDIR)/prototype
-	@echo "i i.manifest=/usr/sadm/install/scripts/i.manifest" >> $(PKGDIR)/prototype
-	@echo "i r.manifest=/usr/sadm/install/scripts/r.manifest" >> $(PKGDIR)/prototype
-	@echo "d none /etc/nagios 0755 nagios nagios" >> $(PKGDIR)/prototype
-	@echo "f config /etc/nagios/nrpe.cfg=$(INSTALLDIR)/etc/nagios/nrpe.cfg 0600 nagios nagios" >> $(PKGDIR)/prototype
-	@echo "d none /opt/nagios/bin 0755 nagios bin" >> $(PKGDIR)/prototype
-	@echo "f none /opt/nagios/bin/nrpe=$(SRCDIR)/nrpe 0755 nagios bin" >> $(PKGDIR)/prototype
-	@echo "d none /opt/nagios/libexec 0755 nagios bin" >> $(PKGDIR)/prototype
-	@echo "f none /opt/nagios/libexec/check_nrpe=$(SRCDIR)/check_nrpe 0755 nagios bin" >> $(PKGDIR)/prototype
-	@echo "f none /lib/svc/method/nrpe=$(PKGDIR)/nrpe 0555 root bin" >> $(PKGDIR)/prototype
-	@echo "d none /var/svc/manifest/application/nagios 0755 root sys" >> $(PKGDIR)/prototype
-	@echo "f manifest /var/svc/manifest/application/nagios/nrpe.xml=$(PKGDIR)/nrpe.xml 0444 root sys" >> $(PKGDIR)/prototype
-
-pkginfo: $(PKGDIR)
-	@echo PKG="$(PKG_NAME)" > $(PKGDIR)/pkginfo
-	@echo NAME="Nagios Remote Plugin Executor $(PKG_VERSION)" >> $(PKGDIR)/pkginfo
-	@echo VERSION="$(PKG_VERSION)" >> $(PKGDIR)/pkginfo
-	@echo ARCH="$(TARGET_ARCH)" >> $(PKGDIR)/pkginfo
-	@echo CATEGORY="utility" >> $(PKGDIR)/pkginfo
-	@echo CLASSES="none config manifest" >> $(PKGDIR)/pkginfo
-	@echo VENDOR="www.nagios.org" >> $(PKGDIR)/pkginfo
-	@echo EMAIL="nagios-users@lists.sourceforge.net" >> $(PKGDIR)/pkginfo
-	@echo ISTATES="S s 1 2 3" >> $(PKGDIR)/pkginfo
-	@echo RSTATES="S s 1 2 3" >> $(PKGDIR)/pkginfo
-	@echo BASEDIR="/" >> $(PKGDIR)/pkginfo
-
-$(PKG_FILE): pkginfo prototype
-	pkgmk -o -d $(PKGDIR) -f $(PKGDIR)/prototype -r .
-	pkgtrans ./pkg $(PKG_FILE) $(PKG_NAME)
-
-pkg: $(PKG_FILE)
-
-all: pkg
-
-clean: 
-	rm -rf build install package
-	rm -rf $(PKGDIR)/$(PKG_NAME)
-	rm -f $(PKGDIR)/prototype $(PKGDIR)/pkginfo
-	rm -f $(PKGDIR)/$(PKG_FILE)
-	rm -f core
-	rm -f *~ */*~
-
-distclean: clean
-	rm -f Makefile
-	rm -f config.log
-
-devclean: distclean
-

package/solaris/pkg/i.config

@@ -1,58 +0,0 @@
-#!/usr/bin/sh
-
-create_cksum_file() {
-	srcfile=$1
-	destfile=$2
-	cksumfile=$3
-
-	echo "# DO NOT EDIT OR REMOVE THIS FILE - It is used to determine whether to" > $cksumfile
-	echo "# overwrite $destfile on package update or to remove" >> $cksumfile
-	echo "# it on package deletion." >> $cksumfile
-	/usr/bin/cat $srcfile | /usr/bin/cksum >> $cksumfile
-	/usr/bin/chmod 400 $cksumfile
-}
-
-compare_cksum() {
-	destfile=$1
-	cksumfile=$2
-
-	installed_cksum=`/usr/bin/tail -1 $cksumfile | /usr/bin/awk '{print $1}'`
-	current_cksum=`/usr/bin/cksum $destfile | /usr/bin/awk '{print $1}'`
-	test $installed_cksum = $current_cksum
-}
-
-while read src dest ; do
-	destpath=`echo $dest | /usr/bin/sed -e 's/\/[^/]*$//'`
-	destbase=`/usr/bin/basename $dest`
-	cksumfile="${destpath}/.${destbase}.cksum"
-	if [ -f $dest ] ; then
-		if [ -f $cksumfile ] ; then
-			compare_cksum $dest $cksumfile
-			if [ $? -eq 0 ] ; then
-				/usr/bin/cp $src $dest
-				/usr/bin/chmod 600 $dest
-				/usr/bin/chown nagios:nagios $dest
-			else
-				echo "Existing $dest has been found --"
-				echo "    installing $destbase as $dest.pkgnew"
-				/usr/bin/cp $src $dest.pkgnew
-				/usr/bin/chmod 600 $dest.pkgnew
-				/usr/bin/chown nagios:nagios $dest.pkgnew
-			fi
-		else
-			echo "Existing $dest has been found --"
-			echo "    installing $destbase as $dest.pkgnew"
-			/usr/bin/cp $src $dest.pkgnew
-			/usr/bin/chmod 600 $dest.pkgnew
-			/usr/bin/chown nagios:nagios $dest.pkgnew
-		fi
-	else
-		create_cksum_file $src $dest $cksumfile
-		/usr/bin/cp $src $dest
-		/usr/bin/chmod 600 $dest
-		/usr/bin/chown nagios:nagios $dest
-	fi
-done
-if [ "$1" = "ENDOFCLASS" ] ; then
-	exit 0
-fi

package/solaris/pkg/nrpe

@@ -1,32 +0,0 @@
-#!/sbin/sh
-#
-
-NRPE=/opt/nagios/bin/nrpe
-CFGFILE=/etc/nagios/nrpe.cfg
-PIDFILE=/var/run/nrpe.pid
-
-case $1 in 
-'start')
-	$NRPE -c $CFGFILE -d
-	;;
-
-'restart')
-	if [ -f "$PIDFILE" ]; then
-		/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
-	fi
-	;;
-
-'stop')
-	if [ -f "$PIDFILE" ]; then
-		/usr/bin/kill `/usr/bin/cat $PIDFILE`
-		/bin/rm -f $PIDFILE
-	fi
-	;;
-
-*)
-	echo "Usage: $0 { start | restart | stop }"
-	exit 1
-	;;
-esac	
-
-exit $?

package/solaris/pkg/nrpe.xml

@@ -1,131 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
-<!--
-
-	All source code, binaries, documentation, and information contained
-	in this distribution are provided AS IS with NO WARRANTY OF ANY KIND,
-	INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR
-	A PARTICULAR PURPOSE.
-
-	Nagios and the Nagios logo are registered trademarks of Nagios Enterprises.
-	All other trademarks, servicemarks, registered trademarks, and 
-	registered servicemarks are the property of their respective owner(s).
-
--->
-
-<service_bundle type='manifest' name='NGOS:nrpe'>
-
-<service
-	name='application/nagios/nrpe'
-	type='service'
-	version='1'>
-
-	<create_default_instance enabled='false' />
-
-	<single_instance />
-
-	<dependency name='fs-local'
-		grouping='require_all'
-		restart_on='none'
-		type='service'>
-		<service_fmri
-			value='svc:/system/filesystem/local' />
-	</dependency>
-
-	<dependency name='fs-autofs'
-		grouping='optional_all'
-		restart_on='none'
-		type='service'>
-		<service_fmri value='svc:/system/filesystem/autofs' />
-	</dependency>
-
-	<dependency name='net-loopback'
-		grouping='require_all'
-		restart_on='none'
-		type='service'>
-		<service_fmri value='svc:/network/loopback' />
-	</dependency>
-
-	<dependency name='net-physical'
-		grouping='require_all'
-		restart_on='none'
-		type='service'>
-		<service_fmri value='svc:/network/physical' />
-	</dependency>
-
-	<dependency name='cryptosvc'
-		grouping='require_all'
-		restart_on='none'
-		type='service'>
-		<service_fmri value='svc:/system/cryptosvc' />
-	</dependency>
-
-	<dependency name='utmp'
-		grouping='require_all'
-		restart_on='none'
-		type='service'>
-		<service_fmri value='svc:/system/utmp' />
-	</dependency>
-
-	<dependency name='config_data'
-		grouping='require_all'
-		restart_on='restart'
-		type='path'>
-		<service_fmri
-		    value='file://localhost/etc/nagios/nrpe.cfg' />
-	</dependency>
-
-	<dependent
-		name='nrpe_multi-user-server'
-		grouping='optional_all'
-		restart_on='none'>
-			<service_fmri
-			    value='svc:/milestone/multi-user-server' />
-	</dependent>
-
-	<exec_method
-		type='method'
-		name='start'
-		exec='/lib/svc/method/nrpe start'
-		timeout_seconds='60'/>
-
-	<exec_method
-		type='method'
-		name='stop'
-		exec='/lib/svc/method/nrpe stop'
-		timeout_seconds='60' />
-
-	<exec_method
-		type='method'
-		name='refresh'
-		exec='/lib/svc/method/nrpe restart'
-		timeout_seconds='60' />
-
-	<property_group name='startd'
-		type='framework'>
-		<!-- sub-process core dumps shouldn't restart session -->
-		<propval name='ignore_error'
-		    type='astring' value='core,signal' />
-	</property_group>
-
-	<stability value='Unstable' />
-
-	<template>
-		<common_name>
-			<loctext xml:lang='C'>
-			NRPE daemon
-			</loctext>
-		</common_name>
-		<description>
-			<loctext xml:lang='C'>
-			Nagios Remote Plugin Executor Daemon
-			</loctext>
-		</description>
-		<!--documentation-->
-			<!--manpage title='sshd' section='1M' manpath='/usr/share/man' /-->
-		<!--/documentation-->
-	</template>
-
-</service>
-
-</service_bundle>

package/solaris/pkg/postinstall

@@ -1,5 +0,0 @@
-#!/usr/bin/sh
-
-echo "To begin using NRPE, first edit /etc/nagios/nrpe.cfg, update the"
-echo "allowed_hosts line and any command lines. Then start the nrpe service"
-echo "by running the command 'svcadm enable nrpe' as root."

package/solaris/pkg/preinstall

@@ -1,35 +0,0 @@
-#!/usr/bin/sh
-
-user="nagios"
-uid=-1
-group="nagios"
-gid=-1
-
-/usr/bin/getent group $group > /dev/null 2> /dev/null
-result=$?
-if [ $result -eq 2 ] ; then
-	echo "Group $group does not exist. Creating..."
-	if [ $gid -ne -1 ] ; then
-		/usr/sbin/groupadd -g $gid $group
-	else
-		/usr/sbin/groupadd $group
-	fi
-elif [ $result -ne 0 ] ; then
-	echo "An error occurred determining the existence of the groug $group. Terminating."
-	exit 1;
-fi
-
-/usr/bin/getent passwd $user > /dev/null 2> /dev/null
-result=$?
-if [ $result -eq 2 ] ; then
-	echo "User $user does not exist. Creating..."
-	if [ $uid -ne -1 ] ; then
-		/usr/sbin/useradd -u $uid -g $group $user
-	else
-		/usr/sbin/useradd -g $group $user
-	fi
-elif [ $result -ne 0 ] ; then
-	echo "An error occurred determining the existence of the user $user. Terminating."
-	exit 1;
-fi
-

package/solaris/pkg/r.config

@@ -1,33 +0,0 @@
-#!/usr/bin/sh
-
-compare_cksum() {
-	destfile=$1
-	cksumfile=$2
-
-	installed_cksum=`/usr/bin/tail -1 $cksumfile | /usr/bin/awk '{print $1}'`
-	current_cksum=`/usr/bin/cksum $destfile | /usr/bin/awk '{print $1}'`
-	test $installed_cksum = $current_cksum
-}
-
-while read path ; do
-	destpath=`echo $path | /usr/bin/sed -e 's/\/[^/]*$//'`
-	destbase=`/usr/bin/basename $path`
-	cksumfile="${destpath}/.${destbase}.cksum"
-	if [ -f $path ] ; then
-		if [ -f $cksumfile ] ; then
-			compare_cksum $path $cksumfile
-			if [ $? -eq 0 ] ; then
-				/usr/bin/rm -f $path $cksumfile
-			else
-				echo "$path has been modified since it was installed -- "
-				echo "    leaving it in place."
-			fi
-		else
-			echo "$path may have been modified since it was installed -- "
-			echo "    leaving it in place."
-		fi
-	fi
-done
-if [ "$1" = "ENDOFCLASS" ] ; then
-	exit 0
-fi

paths.in

@@ -0,0 +1,85 @@
+#!/bin/sh
+
+wrout () {
+	if test "$2" != "N/A"; then printf "  %-25s %s\n" "$1" "$2"; fi
+}
+
+echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+echo "Detected Environment:"
+echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+wrout "Operating System" "@opsys@"
+wrout "Architecture" "@arch@"
+wrout "Distribution type" "@dist_type@ Version @dist_ver@"
+wrout "Init type" "@init_type@"
+wrout "Inetd type" "@inetd_type@"
+echo
+echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+echo "Paths are:"
+echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+wrout "prefix" "@prefix@"
+wrout "exec_prefix" "@prefix@"
+if test "@PKG_NAME@" = "nagios"; then
+	wrout "bindir" "@bindir@"
+fi
+wrout "sbindir" "@sbindir@"
+wrout "sysconfdir" "@sysconfdir@"
+wrout "pkgsysconfdir" "@pkgsysconfdir@"
+if test "@PKG_NAME@" = "nagios"; then
+	wrout "privatesysconfdir" "@privatesysconfdir@"
+fi
+wrout "localstatedir" "@localstatedir@"
+wrout "pkglocalstatedir" "@pkglocalstatedir@"
+wrout "datarootdir" "@datarootdir@"
+wrout "datadir" "@datadir@"
+wrout "webdir" "@webdir@"
+wrout "localedir" "@localedir@"
+wrout "logdir" "@logdir@"
+wrout "piddir" "@piddir@"
+wrout "pipedir" "@pipedir@"
+wrout "spooldir" "@spooldir@"
+wrout "libexecdir" "@libexecdir@"
+wrout "brokersdir" "@brokersdir@"
+wrout "pluginsdir" "@pluginsdir@"
+wrout "cgibindir" "@cgibindir@"
+wrout "initdir" "@initdir@"
+wrout "inetddir" "@inetddir@"
+wrout "subsyslockdir" "@subsyslockdir@"
+echo
+echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+echo '@PKG_NAME@ files will be installed or created as follows:'
+echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+wrout "Config file" "@pkgsysconfdir@/@PKG_NAME@.cfg"
+wrout "Object config dir" "@objsysconfdir@"
+wrout "daemon" "@sbindir@/@PKG_NAME@"
+if test "@PKG_NAME@" = "nrpe"; then
+	wrout "check_@PKG_NAME@" "@pluginsdir@/check_@PKG_NAME@"
+fi
+if test "@PKG_NAME@" = "nagios"; then
+	wrout "nagiostats (prog)" "@bindir@/nagiostats"
+	wrout "Website password file" "@pkgsysconfdir@/passwd"
+	wrout "resource.cfg" "@privatesysconfdir@/resource.cfg"
+	wrout "event handlers dir" "@brokersdir@"
+	wrout "cgi program dir" "@cgibindir@"
+	wrout "website file dir" "@webdir@"
+	wrout "status.dat" "@pkglocalstatedir@/status.dat"
+	wrout "retention.dat" "@pkglocalstatedir@/retention.dat"
+	wrout "object cache dir" "@pkglocalstatedir@"
+	wrout "log file" "@logdir@/@PKG_NAME@.log"
+	wrout "log archive dir" "@logdir@/archives"
+	wrout "@PKG_NAME@.configtest" "@logdir@/@PKG_NAME@.configtest"
+	wrout "@PKG_NAME@.cmd" "@pipedir@/@PKG_NAME@.cmd"
+	wrout "@PKG_NAME@.qh" "@pipedir@/@PKG_NAME@.qh"
+	wrout "perfdata file dir" "@spooldir@"
+	wrout "checkresult files" "@spooldir@/checkresults"
+else
+	wrout "inetd config" "@inetddir@/@inetdname@"
+fi
+wrout "init script" "@initdir@/@initname@"
+wrout "@PKG_NAME@.conf (tmpfiles.d)" "@tmpfilesd@"
+wrout "@PKG_NAME@ lock file" "@piddir@/@PKG_NAME@.pid"
+wrout "language files" "@localedir@"
+wrout "init lock file" "@subsyslockfile@"
+wrout "init source file" "@src_init@"
+wrout "inetd source file" "@src_inetd@"
+echo
+echo "To show this list again, type './paths' at the prompt"

sample-config/nrpe.cfg.in

@@ -1,8 +1,8 @@
 #############################################################################
-# Sample NRPE Config File 
+# Sample NRPE Config File
 # Written by: Ethan Galstad (nagios@nagios.org)
-# 
-# Last Modified: 11-23-2007
+#
+# Last Modified: 2016-05-10
 #
 # NOTES:
 # This is a sample configuration file for the NRPE daemon.  It needs to be
@@ -23,7 +23,7 @@ log_facility=@log_facility@
 # number.  The file is only written if the NRPE daemon is started by the root
 # user and is running in standalone mode.
 
-pid_file=/var/run/nrpe.pid
+pid_file=@piddir@/nrpe.pid
 
 
 
@@ -54,9 +54,9 @@ server_port=@nrpe_port@
 
 
 # NRPE USER
-# This determines the effective user that the NRPE daemon should run as.  
+# This determines the effective user that the NRPE daemon should run as.
 # You can either supply a username or a UID.
-# 
+#
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
 nrpe_user=@nrpe_user@
@@ -64,9 +64,9 @@ nrpe_user=@nrpe_user@
 
 
 # NRPE GROUP
-# This determines the effective group that the NRPE daemon should run as.  
+# This determines the effective group that the NRPE daemon should run as.
 # You can either supply a group name or a GID.
-# 
+#
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
 nrpe_group=@nrpe_group@
@@ -74,9 +74,9 @@ nrpe_group=@nrpe_group@
 
 
 # ALLOWED HOST ADDRESSES
-# This is an optional comma-delimited list of IP address or hostnames 
+# This is an optional comma-delimited list of IP address or hostnames
 # that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
-# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently 
+# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
 # supported.
 #
 # Note: The daemon only does rudimentary checking of the client's IP
@@ -87,16 +87,16 @@ nrpe_group=@nrpe_group@
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
 allowed_hosts=127.0.0.1
- 
+
 
 
 # COMMAND ARGUMENT PROCESSING
 # This option determines whether or not the NRPE daemon will allow clients
 # to specify arguments to commands that are executed.  This option only works
 # if the daemon was configured with the --enable-command-args configure script
-# option.  
+# option.
 #
-# *** ENABLING THIS OPTION IS A SECURITY RISK! *** 
+# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
 # Read the SECURITY file for information on some of the security implications
 # of enabling this variable.
 #
@@ -109,15 +109,15 @@ dont_blame_nrpe=0
 # BASH COMMAND SUBTITUTION
 # This option determines whether or not the NRPE daemon will allow clients
 # to specify arguments that contain bash command substitutions of the form
-# $(...).  This option only works if the daemon was configured with both 
-# the --enable-command-args and --enable-bash-command-substitution configure 
+# $(...).  This option only works if the daemon was configured with both
+# the --enable-command-args and --enable-bash-command-substitution configure
 # script options.
 #
-# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** 
+# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
 # Read the SECURITY file for information on some of the security implications
 # of enabling this variable.
 #
-# Values: 0=do not allow bash command substitutions, 
+# Values: 0=do not allow bash command substitutions,
 #         1=allow bash command substitutions
 
 allow_bash_command_substitution=0
@@ -130,9 +130,9 @@ allow_bash_command_substitution=0
 # command line from the command definition.
 #
 # *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
-# Usage scenario: 
+# Usage scenario:
 # Execute restricted commmands using sudo.  For this to work, you need to add
-# the nagios user to your /etc/sudoers.  An example entry for alllowing 
+# the nagios user to your /etc/sudoers.  An example entry for alllowing
 # execution of the plugins from might be:
 #
 # nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
@@ -141,7 +141,7 @@ allow_bash_command_substitution=0
 # without asking for a password.  If you do this, make sure you don't give
 # random users write access to that directory or its contents!
 
-# command_prefix=/usr/bin/sudo 
+# command_prefix=/usr/bin/sudo
 
 
 
@@ -173,7 +173,7 @@ connection_timeout=300
 
 
 
-# WEEK RANDOM SEED OPTION
+# WEAK RANDOM SEED OPTION
 # This directive allows you to use SSL even if your system does not have
 # a /dev/random or /dev/urandom (on purpose or because the necessary patches
 # were not applied). The random number generator will be seeded from a file
@@ -186,6 +186,66 @@ connection_timeout=300
 
 
 
+# SSL/TLS OPTIONS
+# These directives allow you to specify how to use SSL/TLS.
+
+# SSL VERSION
+# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
+#        SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
+#        TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
+#        TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
+#        TLSv1.2+ (use TLSv1.2 or above)
+# If an "or above" version is used, the best will be negotiated. So if both
+# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
+
+#ssl_version=SSLv2+
+
+# SSL USE ADH
+# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
+# ADH or 2 to require ADH. 1 is currently the default but will be changed
+# in a later version.
+
+#ssl_use_adh=1
+
+# SSL CIPHER LIST
+# This lists which ciphers can be used. For backward compatibility, this
+# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
+# will be changed to something like the example below in a later version of NRPE.
+
+#ssl_cipher_list=ALL:!MD5:@STRENGTH
+#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
+
+# SSL Certificate and Private Key Files
+
+#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
+#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
+#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
+
+# SSL USE CLIENT CERTS
+# This options determines client certificate usage.
+# Values: 0 = Don't ask for or require client certificates (default)
+#         1 = Ask for client certificates
+#         2 = Require client certificates
+
+#ssl_client_certs=0
+
+# SSL LOGGING
+# This option determines which SSL messages are send to syslog. OR values
+# together to specify multiple options.
+
+# Values: 0x00 (0)  = No additional logging (default)
+#         0x01 (1)  = Log startup SSL/TLS parameters
+#         0x02 (2)  = Log remote IP address
+#         0x04 (4)  = Log SSL/TLS version of connections
+#         0x08 (8)  = Log which cipher is being used for the connection
+#         0x10 (16) = Log if client has a certificate
+#         0x20 (32) = Log details of client's certificate if it has one
+#         -1 or 0xff or 0x2f = All of the above
+
+#ssl_logging=0x00
+
+
+
 # INCLUDE CONFIG FILE
 # This directive allows you to include definitions from an external config file.
 
@@ -224,20 +284,20 @@ connection_timeout=300
 
 # The following examples use hardcoded command arguments...
 
-command[check_users]=@libexecdir@/check_users -w 5 -c 10
-command[check_load]=@libexecdir@/check_load -w 15,10,5 -c 30,25,20
-command[check_hda1]=@libexecdir@/check_disk -w 20% -c 10% -p /dev/hda1
-command[check_zombie_procs]=@libexecdir@/check_procs -w 5 -c 10 -s Z
-command[check_total_procs]=@libexecdir@/check_procs -w 150 -c 200 
+command[check_users]=@pluginsdir@/check_users -w 5 -c 10
+command[check_load]=@pluginsdir@/check_load -w 15,10,5 -c 30,25,20
+command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1
+command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z
+command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
 
 
 # The following examples allow user-supplied arguments and can
-# only be used if the NRPE daemon was compiled with support for 
+# only be used if the NRPE daemon was compiled with support for
 # command arguments *AND* the dont_blame_nrpe directive in this
 # config file is set to '1'.  This poses a potential security risk, so
 # make sure you read the SECURITY file before doing this.
 
-#command[check_users]=@libexecdir@/check_users -w $ARG1$ -c $ARG2$
-#command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$
-#command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
-#command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+#command[check_users]=@pluginsdir@/check_users -w $ARG1$ -c $ARG2$
+#command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
+#command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+#command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$

sample-config/nrpe.xinetd.in

@@ -1,16 +0,0 @@
-# default: on
-# description: NRPE (Nagios Remote Plugin Executor)
-service nrpe
-{
-       	flags           = REUSE
-        socket_type     = stream    
-	port		= @nrpe_port@    
-       	wait            = no
-        user            = @nrpe_user@
-	group		= @nrpe_group@
-       	server          = @bindir@/nrpe
-        server_args     = -c @sysconfdir@/nrpe.cfg --inetd
-       	log_on_failure  += USERID
-        disable         = no
-	only_from       = 127.0.0.1
-}

src/Makefile.in

@@ -21,7 +21,7 @@ CP=@CP@
 
 prefix=@prefix@
 exec_prefix=@exec_prefix@
-CFGDIR=@sysconfdir@
+CFGDIR=@pkgsysconfdir@
 BINDIR=@bindir@
 SBINDIR=@sbindir@
 LIBEXECDIR=@libexecdir@
@@ -29,6 +29,28 @@ INSTALL=@INSTALL@
 NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
 NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
 
+PLUGINSDIR=@pluginsdir@
+PIDDIR=@piddir@
+TMPFILESDIR=@tmpfilesd@
+SRC_TMPFILE=@src_tmpfile@
+
+#AC_SUBST(pkgsysconfdir)
+#AC_SUBST(objsysconfdir)
+#AC_SUBST(sbindir)
+#AC_SUBST(brokersdir)
+#AC_SUBST(cgibindir)
+#AC_SUBST(webdir)
+#AC_SUBST(privatesysconfdir)
+#AC_SUBST(pkglocalstatedir)
+#AC_SUBST(logdir)
+#AC_SUBST(pipedir)
+#AC_SUBST(spooldir)
+#AC_SUBST(tmpfilesd)
+#AC_SUBST(subsyslockdir)
+#AC_SUBST(subsyslockfile)
+
+
+
 # Generated automatically from configure script
 SNPRINTF_O=@SNPRINTF_O@
 
@@ -39,19 +61,31 @@ nrpe: $(srcdir)/nrpe.c $(srcdir)/utils.c $(srcdir)/acl.c $(SRC_INCLUDE)/nrpe.h $
 	$(CC) $(CFLAGS) -o $@ $(srcdir)/nrpe.c $(srcdir)/utils.c $(srcdir)/acl.c $(LDFLAGS) $(SOCKETLIBS) $(LIBWRAPLIBS) $(SNPRINTF_O) $(OTHERLIBS)
 
 check_nrpe: $(srcdir)/check_nrpe.c $(srcdir)/utils.c $(SRC_INCLUDE)/utils.h $(SRC_INCLUDE)/common.h $(CFG_INCLUDE)/config.h
-	$(CC) $(CFLAGS) -o $@ $(srcdir)/check_nrpe.c $(srcdir)/utils.c $(LDFLAGS) $(SOCKETLIBS) $(OTHERLIBS)
+	$(CC) $(CFLAGS) -o $@ $(srcdir)/check_nrpe.c $(srcdir)/utils.c $(LDFLAGS) $(SOCKETLIBS) $(SNPRINTF_O) $(OTHERLIBS)
 
 install:
 	$(MAKE) install-plugin
 	$(MAKE) install-daemon
 
-install-plugin:
-	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR)
-	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe $(DESTDIR)$(LIBEXECDIR)
-
-install-daemon:
-	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
-	$(INSTALL) -m 775 $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR)
+install-plugin: install-uninstall
+	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(LIBEXECDIR)
+	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(PLUGINSDIR)
+	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe $(PLUGINSDIR)
+
+install-daemon: install-uninstall
+	$(INSTALL) -m 755 nrpe $(SBINDIR)
+	@if test ! -d "$(PIDDIR)" ; then \
+		echo $(INSTALL) -m 755 $(NRPE_INSTALL_OPTS) -d $(PIDDIR); \
+		$(INSTALL) -m 755 $(NRPE_INSTALL_OPTS) -d $(PIDDIR); \
+	fi
+	@if test "$(TMPFILESDIR)" != "N/A" -a x$(SRC_TMPFILE) != x ; then \
+		echo $(INSTALL) -m 644 ../startup/$(SRC_TMPFILE) $(TMPFILESDIR); \
+		$(INSTALL) -m 644 ../startup/$(SRC_TMPFILE) $(TMPFILESDIR); \
+	fi
+
+install-uninstall:
+	$(INSTALL) -m 755 -d $(SBINDIR)
+	$(INSTALL) -m 755 ../uninstall $(SBINDIR)/nrpe-uninstall
 
 clean:
 	rm -f core nrpe check_nrpe $(SNPRINTF_O)

src/acl.c

@@ -276,15 +276,23 @@ int add_ipv6_to_acl(char *ipv6) {
 		}
 
 	/* Parse the address itself */
+#ifdef HAVE_STRTOK_R
 	addrtok = strtok_r(ipv6tmp, "/", &addrsave);
+#else
+	addrtok = strtok(ipv6tmp, "/");
+#endif
 	if(inet_pton(AF_INET6, addrtok, &addr) <= 0) {
-		syslog(LOG_ERR, "Invalid IPv6 address in ACL: %s\n", ipv6);
+		/* syslog(LOG_ERR, "Invalid IPv6 address in ACL: %s\n", ipv6); */
 		free(ipv6tmp);
 		return 0;
 		}
 
 	/* Check whether there is a netmask */
+#ifdef HAVE_STRTOK_R
 	addrtok = strtok_r(NULL, "/", &addrsave);
+#else
+	addrtok = strtok(NULL, "/");
+#endif
 	if(NULL != addrtok) {
 		/* If so, build a netmask */
 
@@ -458,14 +466,15 @@ int add_domain_to_acl(char *domain) {
  * 0 - on failure
  */
 
-int is_an_allowed_host(int family, void *host) {
-	struct ip_acl *ip_acl_curr = ip_acl_head;
-	int		nbytes;
-	int		x;
-	struct dns_acl *dns_acl_curr = dns_acl_head;
-	struct in_addr addr;
-	struct in6_addr addr6;
-	struct hostent *he;
+int is_an_allowed_host(int family, void *host)
+{
+	struct ip_acl		*ip_acl_curr = ip_acl_head;
+	int					nbytes;
+	int					x;
+	struct dns_acl		*dns_acl_curr = dns_acl_head;
+	struct sockaddr_in	*addr;
+	struct sockaddr_in6	addr6;
+	struct addrinfo		*res, *ai;
 
 	while (ip_acl_curr != NULL) {
 		if(ip_acl_curr->family == family) {
@@ -498,34 +507,31 @@ int is_an_allowed_host(int family, void *host) {
         }
 
 	while(dns_acl_curr != NULL) {
-   		he = gethostbyname(dns_acl_curr->domain);
-		if (he == NULL) return 0;
+		if (!getaddrinfo(dns_acl_curr->domain, NULL, NULL, &res)) {
 
-		while (*he->h_addr_list) {
-			switch(he->h_addrtype) {
-			case AF_INET:
-				memmove((char *)&addr,*he->h_addr_list++, sizeof(addr));
-				if (addr.s_addr == ((struct in_addr *)host)->s_addr) return 1;
-				break;
-			case AF_INET6:
-				memcpy((char *)&addr6, *he->h_addr_list++, sizeof(addr6));
-				for(x = 0; x < nbytes; x++) {
-					if(addr6.s6_addr[x] != 
-							((struct in6_addr *)host)->s6_addr[x]) {
-						break;
-						}
-					}
-				if(x == nbytes) { 
-					/* All bytes in host's address match the ACL */
-					return 1;
-					}
-				break;
+			for (ai = res; ai; ai = ai->ai_next) {
+
+				switch(ai->ai_family) {
+
+				case AF_INET:
+					addr = (struct sockaddr_in*)(ai->ai_addr);
+					if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr)
+						return 1;
+					break;
+
+				case AF_INET6:
+					memcpy((char*)&addr6, ai->ai_addr, sizeof(addr6));
+					if (!memcmp(&addr6.sin6_addr, &host, sizeof(addr6.sin6_addr)))
+						return 1;
+					break;
 				}
 			}
-		dns_acl_curr = dns_acl_curr->next;
+
+			dns_acl_curr = dns_acl_curr->next;
 		}
-	return 0;
 	}
+	return 0;
+}
 
 /* The trim() function takes a source string and copies it to the destination string,
  * stripped of leading and training whitespace. The destination string must be 
@@ -535,8 +541,8 @@ int is_an_allowed_host(int family, void *host) {
 void trim( char *src, char *dest) {
 	char *sptr, *dptr;
 
-	for( sptr = src; isblank( *sptr) && *sptr; sptr++); /* Jump past leading spaces */
-	for( dptr = dest; !isblank( *sptr) && *sptr; ) {
+	for( sptr = src; isspace( *sptr) && *sptr; sptr++); /* Jump past leading spaces */
+	for( dptr = dest; !isspace( *sptr) && *sptr; ) {
 		*dptr = *sptr;
 		sptr++;
 		dptr++;
@@ -545,20 +551,24 @@ void trim( char *src, char *dest) {
 	return;
 }
 
-/* This function splits allowed_hosts to substrings with comma(,) as a delimeter.
+/* This function splits allowed_hosts to substrings with comma(,) as a delimiter.
  * It doesn't check validness of ACL record (add_ipv4_to_acl() and add_domain_to_acl() do),
  * just trims spaces from ACL records.
  * After this it sends ACL records to add_ipv4_to_acl() or add_domain_to_acl().
  */
 
 void parse_allowed_hosts(char *allowed_hosts) {
-	char *hosts = strdup( allowed_hosts);	/* Copy since strtok* modifes original */
+	char *hosts = strdup( allowed_hosts);	/* Copy since strtok* modifies original */
 	char *saveptr;
 	char *tok;
 	const char *delim = ",";
 	char *trimmed_tok;
 
-	tok = strtok_r( hosts, delim, &saveptr);
+#ifdef HAVE_STRTOK_R
+	tok = strtok_r(hosts, delim, &saveptr);
+#else
+	tok = strtok(hosts, delim);
+#endif
 	while( tok) {
 		trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
 		trim( tok, trimmed_tok);
@@ -569,7 +579,11 @@ void parse_allowed_hosts(char *allowed_hosts) {
 			}
 		}
 		free( trimmed_tok);
-		tok = strtok_r(( char *)0, delim, &saveptr);
+#ifdef HAVE_STRTOK_R
+		tok = strtok_r(NULL, delim, &saveptr);
+#else
+		tok = strtok(NULL, delim);
+#endif
 	}
 
 	free( hosts);

src/check_nrpe.c

@@ -4,7 +4,7 @@
  * Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 09-06-2013
+ * Last Modified: 07-12-2016
  *
  * Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
  *
@@ -21,470 +21,1478 @@
 #include "common.h"
 #include "utils.h"
 
+#define DEFAULT_NRPE_COMMAND "_NRPE_CHECK"	/* check version of NRPE daemon */
 
-#define DEFAULT_NRPE_COMMAND	"_NRPE_CHECK"  /* check version of NRPE daemon */
-
-u_short server_port=DEFAULT_SERVER_PORT;
-char *server_name=NULL;
-char *bind_address=NULL;
+u_short server_port = 0;
+char *server_name = NULL;
+char *bind_address = NULL;
+char *config_file = NULL;
+#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
 struct sockaddr_storage hostaddr;
-int address_family=AF_UNSPEC;
-char *command_name=NULL;
-int socket_timeout=DEFAULT_SOCKET_TIMEOUT;
-int timeout_return_code=STATE_CRITICAL;
+#else
+struct sockaddr hostaddr;
+#endif
+int address_family = AF_UNSPEC;
+char *command_name = NULL;
+int socket_timeout = DEFAULT_SOCKET_TIMEOUT;
+char timeout_txt[10];
+int timeout_return_code = -1;
 int sd;
 
-char query[MAX_INPUT_BUFFER]="";
+char rem_host[MAX_HOST_ADDRESS_LENGTH];
+char query[MAX_INPUT_BUFFER] = "";
 
-int show_help=FALSE;
-int show_license=FALSE;
-int show_version=FALSE;
+int show_help = FALSE;
+int show_license = FALSE;
+int show_version = FALSE;
+int packet_ver = NRPE_PACKET_VERSION_3;
+int payload_size = 0;
 
 #ifdef HAVE_SSL
-#ifdef __sun
+# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
 SSL_METHOD *meth;
-#else
+# else
 const SSL_METHOD *meth;
-#endif
+# endif
 SSL_CTX *ctx;
 SSL *ssl;
-int use_ssl=TRUE;
+int use_ssl = TRUE;
+int ssl_opts = SSL_OP_ALL;
 #else
-int use_ssl=FALSE;
+int use_ssl = FALSE;
 #endif
 
-
-int process_arguments(int,char **);
-void alarm_handler(int);
-int graceful_close(int,int);
-
-
-
-
-int main(int argc, char **argv){
-        u_int32_t packet_crc32;
-        u_int32_t calculated_crc32;
-	int16_t result;
-	int rc;
-	packet send_packet;
-	packet receive_packet;
-	int bytes_to_send;
-	int bytes_to_recv;
-
-	result=process_arguments(argc,argv);
-
-        if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE){
-
-		if(result!=OK)
-			printf("Incorrect command line arguments supplied\n");
-                printf("\n");
-		printf("NRPE Plugin for Nagios\n");
-		printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
-		printf("Version: %s\n",PROGRAM_VERSION);
-		printf("Last Modified: %s\n",MODIFICATION_DATE);
-		printf("License: GPL v2 with exemptions (-l for more info)\n");
+/* SSL/TLS parameters */
+typedef enum _SSL_VER {
+	SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus,
+	TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+} SslVer;
+
+typedef enum _CLNT_CERTS { Ask_For_Cert = 1, Require_Cert = 2 } ClntCerts;
+
+typedef enum _SSL_LOGGING {
+	SSL_NoLogging = 0, SSL_LogStartup = 1, SSL_LogIpAddr = 2,
+	SSL_LogVersion = 4, SSL_LogCipher = 8, SSL_LogIfClientCert = 16,
+	SSL_LogCertDetails = 32,
+} SslLogging;
+
+struct _SSL_PARMS {
+	char *cert_file;
+	char *cacert_file;
+	char *privatekey_file;
+	char cipher_list[MAX_FILENAME_LENGTH];
+	SslVer ssl_min_ver;
+	int allowDH;
+	ClntCerts client_certs;
+	SslLogging log_opts;
+} sslprm = {
+NULL, NULL, NULL, "", SSL_Ver_Invalid, -1, 0, SSL_NoLogging};
+int have_log_opts = FALSE;
+
+int process_arguments(int, char **, int);
+int read_config_file(char *);
+const char *state_text (int result);
+int translate_state (char *state_text);
+void set_timeout_state (char *state);
+int parse_timeout_string (char *timeout_str);
+void usage(int result);
+void setup_ssl();
+void set_sig_hadlers();
+int connect_to_remote();
+int send_request();
+int read_response();
+int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pkt);
 #ifdef HAVE_SSL
-		printf("SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required\n");
-#endif
-		printf("\n");
-	        }
-
-	if(result!=OK || show_help==TRUE){
-
-		printf("Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
-		printf("\n");
-		printf("Options:\n");
-		printf(" -n         = Do no use SSL\n");
-		printf(" -u         = Make socket timeouts return an UNKNOWN state instead of CRITICAL\n");
-		printf(" <host>     = The address of the host running the NRPE daemon\n");
-		printf(" <bindaddr> = bind to local address\n");
-		printf(" -4         = bind to ipv4 only\n");
-		printf(" -6         = bind to ipv6 only\n");
-		printf(" [port]     = The port on which the daemon is running (default=%d)\n",DEFAULT_SERVER_PORT);
-		printf(" [timeout]  = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
-		printf(" [command]  = The name of the command that the remote daemon should run\n");
-		printf(" [arglist]  = Optional arguments that should be passed to the command.  Multiple\n");
-		printf("              arguments should be separated by a space.  If provided, this must be\n");
-		printf("              the last option supplied on the command line.\n");
-		printf("\n");
-		printf("Note:\n");
-		printf("This plugin requires that you have the NRPE daemon running on the remote host.\n");
-		printf("You must also have configured the daemon to associate a specific plugin command\n");
-		printf("with the [command] option you are specifying here.  Upon receipt of the\n");
-		printf("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
-		printf("send the plugin output and return code back to *this* plugin.  This allows you\n");
-		printf("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
-		printf("the plugin is being run locally.\n");
-		printf("\n");
-	        }
-
-	if(show_license==TRUE)
-		display_license();
-
-        if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE)
-		exit(STATE_UNKNOWN);
-
-
-        /* generate the CRC 32 table */
-        generate_crc32_table();
-
-#ifdef HAVE_SSL
-	/* initialize SSL */
-	if(use_ssl==TRUE){
-		SSL_library_init();
-		SSLeay_add_ssl_algorithms();
-		meth=SSLv23_client_method();
-		SSL_load_error_strings();
-		if((ctx=SSL_CTX_new(meth))==NULL){
-			printf("CHECK_NRPE: Error - could not create SSL context.\n");
-			exit(STATE_CRITICAL);
-		        }
-
-		/* ADDED 01/19/2004 */
-		/* use only TLSv1 protocol */
-		SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-                }
-#endif
-
-	/* initialize alarm signal handling */
-	signal(SIGALRM,alarm_handler);
-
-	/* set socket timeout */
-	alarm(socket_timeout);
-
-	/* try to connect to the host at the given port number */
-	if((sd=my_connect(server_name, &hostaddr, server_port, address_family, 
-			bind_address)) < 0 ) {
-		exit (255);
-		}
-	else {
-		result=STATE_OK;
-	}
-
-#ifdef HAVE_SSL
-	/* do SSL handshake */
-	if(result==STATE_OK && use_ssl==TRUE){
-		if((ssl=SSL_new(ctx))!=NULL){
-			SSL_CTX_set_cipher_list(ctx,"ADH");
-			SSL_set_fd(ssl,sd);
-			if((rc=SSL_connect(ssl))!=1){
-				printf("CHECK_NRPE: Error - Could not complete SSL handshake.\n");
-#ifdef DEBUG
-				printf("SSL_connect=%d\n",rc);
-				/*
-				rc=SSL_get_error(ssl,rc);
-				printf("SSL_get_error=%d\n",rc);
-				printf("ERR_get_error=%lu\n",ERR_get_error());
-				printf("%s\n",ERR_error_string(rc,NULL));
-				*/
-				ERR_print_errors_fp(stdout);
-#endif
-				result=STATE_CRITICAL;
-			        }
-		        }
-		else{
-			printf("CHECK_NRPE: Error - Could not create SSL connection structure.\n");
-			result=STATE_CRITICAL;
-		        }
-
-		/* bail if we had errors */
-		if(result!=STATE_OK){
-			SSL_CTX_free(ctx);
-			close(sd);
-			exit(result);
-		        }
-	        }
+static int verify_callback(int ok, X509_STORE_CTX * ctx);
 #endif
+void alarm_handler(int);
+int graceful_close(int, int);
 
-	/* we're connected and ready to go */
-	if(result==STATE_OK){
-
-		/* clear the packet buffer */
-		bzero(&send_packet,sizeof(send_packet));
-
-		/* fill the packet with semi-random data */
-		randomize_buffer((char *)&send_packet,sizeof(send_packet));
-
-		/* initialize packet data */
-		send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
-		send_packet.packet_type=(int16_t)htons(QUERY_PACKET);
-		strncpy(&send_packet.buffer[0],query,MAX_PACKETBUFFER_LENGTH);
-		send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
-
-		/* calculate the crc 32 value of the packet */
-		send_packet.crc32_value=(u_int32_t)0L;
-		calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
-		send_packet.crc32_value=(u_int32_t)htonl(calculated_crc32);
-
-
-		/***** ENCRYPT REQUEST *****/
-
-
-		/* send the packet */
-		bytes_to_send=sizeof(send_packet);
-		if(use_ssl==FALSE)
-			rc=sendall(sd,(char *)&send_packet,&bytes_to_send);
-#ifdef HAVE_SSL
-		else{
-			rc=SSL_write(ssl,&send_packet,bytes_to_send);
-			if(rc<0)
-				rc=-1;
-		        }
-#endif
-		if(rc==-1){
-			printf("CHECK_NRPE: Error sending query to host.\n");
-			close(sd);
-			return STATE_UNKNOWN;
-		        }
-
-		/* wait for the response packet */
-		bytes_to_recv=sizeof(receive_packet);
-		if(use_ssl==FALSE)
-			rc=recvall(sd,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
-#ifdef HAVE_SSL
-		else
-			rc=SSL_read(ssl,&receive_packet,bytes_to_recv);
-#endif
+int main(int argc, char **argv)
+{
+	int16_t result;
 
-		/* reset timeout */
+	result = process_arguments(argc, argv, 0);
+
+	if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE)
+		usage(result);			/* usage() will call exit() */
+
+	snprintf(timeout_txt, sizeof(timeout_txt), "%d", socket_timeout);
+
+	if (server_port == 0)
+		server_port = DEFAULT_SERVER_PORT;
+	if (socket_timeout == -1)
+		socket_timeout = DEFAULT_SOCKET_TIMEOUT;
+	if (timeout_return_code == -1)
+		timeout_return_code = STATE_CRITICAL;
+	if (sslprm.cipher_list[0] == '\0')
+		strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH", MAX_FILENAME_LENGTH - 1);
+	if (sslprm.ssl_min_ver == SSL_Ver_Invalid)
+		sslprm.ssl_min_ver = TLSv1_plus;
+	if (sslprm.allowDH == -1)
+		sslprm.allowDH = TRUE;
+
+	generate_crc32_table();		/* generate the CRC 32 table */
+	setup_ssl();				/* Do all the SSL/TLS set up */
+	set_sig_hadlers();			/* initialize alarm signal handling */
+	result = connect_to_remote();	/* Make the connection */
+	if (result != STATE_OK) {
 		alarm(0);
+		return result;
+	}
 
-		/* close the connection */
-#ifdef HAVE_SSL
-		if(use_ssl==TRUE){
-			SSL_shutdown(ssl);
-			SSL_free(ssl);
-			SSL_CTX_free(ctx);
-	                }
-#endif
-		graceful_close(sd,1000);
+	result = send_request();	/* Send the request */
+	if (result != STATE_OK)
+		return result;
 
-		/* recv() error */
-		if(rc<0){
-			printf("CHECK_NRPE: Error receiving data from daemon.\n");
-			return STATE_UNKNOWN;
-		        }
+	result = read_response();	/* Get the response */
 
-		/* server disconnected */
-		else if(rc==0){
-			printf("CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.\n");
-			return STATE_UNKNOWN;
-		        }
-
-		/* receive underflow */
-		else if(bytes_to_recv<sizeof(receive_packet)){
-			printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet));
-			return STATE_UNKNOWN;
-		        }
-
-		
-		/***** DECRYPT RESPONSE *****/
-
-
-		/* check the crc 32 value */
-		packet_crc32=ntohl(receive_packet.crc32_value);
-		receive_packet.crc32_value=0L;
-		calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet));
-		if(packet_crc32!=calculated_crc32){
-			printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
-			close(sd);
-			return STATE_UNKNOWN;
-                        }
-	
-		/* check packet version */
-		if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){
-			printf("CHECK_NRPE: Invalid packet version received from server.\n");
-			close(sd);
-			return STATE_UNKNOWN;
-			}
+	if (result == -1) {
+		/* Failure reading from remote, so try version 2 packet */
+		syslog(LOG_NOTICE, "Remote %s does not support Version 3 Packets", rem_host);
+		packet_ver = NRPE_PACKET_VERSION_2;
 
-		/* check packet type */
-		if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){
-			printf("CHECK_NRPE: Invalid packet type received from server.\n");
-			close(sd);
-			return STATE_UNKNOWN;
-			}
+		/* Rerun the setup */
+		setup_ssl();
+		set_sig_hadlers();
+		result = connect_to_remote();	/* Connect */
+		if (result != STATE_OK) {
+			alarm(0);
+			return result;
+		}
 
-		/* get the return code from the remote plugin */
-		result=(int16_t)ntohs(receive_packet.result_code);
+		result = send_request();	/* Send the request */
+		if (result != STATE_OK)
+			return result;
 
-		/* print the output returned by the daemon */
-		receive_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
-		if(!strcmp(receive_packet.buffer,""))
-			printf("CHECK_NRPE: No output returned from daemon.\n");
-		else
-			printf("%s\n",receive_packet.buffer);
-	        }
+		result = read_response();	/* Get the response */
+	}
 
-	/* reset the alarm */
-	else
-		alarm(0);
+	if (result != -1)
+		syslog(LOG_NOTICE, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
 
 	return result;
-        }
-
-
+}
 
 /* process command line arguments */
-int process_arguments(int argc, char **argv){
+int process_arguments(int argc, char **argv, int from_config_file)
+{
 	char optchars[MAX_INPUT_BUFFER];
-	int argindex=0;
-	int c=1;
-	int i=1;
+	int argindex = 0;
+	int c = 1;
+	int i = 1;
+	int has_cert = 0, has_priv_key = 0, rc;
 
 #ifdef HAVE_GETOPT_LONG
-	int option_index=0;
-	static struct option long_options[]={
+	int option_index = 0;
+	static struct option long_options[] = {
 		{"host", required_argument, 0, 'H'},
+		{"config-file", required_argument, 0, 'f'},
 		{"bind", required_argument, 0, 'b'},
 		{"command", required_argument, 0, 'c'},
 		{"args", required_argument, 0, 'a'},
 		{"no-ssl", no_argument, 0, 'n'},
 		{"unknown-timeout", no_argument, 0, 'u'},
+		{"v2-packets-only", no_argument, 0, '2'},
 		{"ipv4", no_argument, 0, '4'},
 		{"ipv6", no_argument, 0, '6'},
+		{"use-adh", required_argument, 0, 'd'},
+		{"ssl-version", required_argument, 0, 'S'},
+		{"cipher-list", required_argument, 0, 'L'},
+		{"client-cert", required_argument, 0, 'C'},
+		{"key-file", required_argument, 0, 'K'},
+		{"ca-cert-file", required_argument, 0, 'A'},
+		{"ssl-logging", required_argument, 0, 's'},
 		{"timeout", required_argument, 0, 't'},
 		{"port", required_argument, 0, 'p'},
+		{"payload-size", required_argument, 0, 'P'},
 		{"help", no_argument, 0, 'h'},
 		{"license", no_argument, 0, 'l'},
 		{0, 0, 0, 0}
-                };
+	};
 #endif
 
 	/* no options were supplied */
-	if(argc<2)
+	if (argc < 2)
 		return ERROR;
 
-	snprintf(optchars,MAX_INPUT_BUFFER,"H:b:c:a:t:p:nu46hl");
+	optind = 0;
+	snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:246hlnuV");
 
-	while(1){
+	while (1) {
 #ifdef HAVE_GETOPT_LONG
-		c=getopt_long(argc,argv,optchars,long_options,&option_index);
+		c = getopt_long(argc, argv, optchars, long_options, &option_index);
 #else
-		c=getopt(argc,argv,optchars);
+		c = getopt(argc, argv, optchars);
 #endif
-		if(c==-1 || c==EOF)
+		if (c == -1 || c == EOF || argindex > 0)
 			break;
 
 		/* process all arguments */
-		switch(c){
+		switch (c) {
 
 		case '?':
 		case 'h':
-			show_help=TRUE;
+			show_help = TRUE;
 			break;
+
 		case 'b':
-			bind_address=strdup(optarg);
+			bind_address = strdup(optarg);
+			break;
+
+		case 'f':
+			if (from_config_file) {
+				printf("Error: The config file should not have a config-file (-f) option.\n");
+				break;
+			}
+			config_file = strdup(optarg);
 			break;
+
 		case 'V':
-			show_version=TRUE;
+			show_version = TRUE;
 			break;
+
 		case 'l':
-			show_license=TRUE;
+			show_license = TRUE;
 			break;
+
 		case 't':
-			socket_timeout=atoi(optarg);
-			if(socket_timeout<=0)
+			if (from_config_file && socket_timeout != -1) {
+				syslog(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
+								"the config file option.");
+				break;
+			}
+			socket_timeout=parse_timeout_string(optarg);
+			if (socket_timeout <= 0)
 				return ERROR;
 			break;
+
 		case 'p':
-			server_port=atoi(optarg);
-			if(server_port<=0)
+			if (from_config_file && server_port != 0) {
+				syslog(LOG_WARNING, "WARNING: Command-line server port overrides "
+								"the config file option.");
+				break;
+			}
+			server_port = atoi(optarg);
+			if (server_port <= 0)
+				return ERROR;
+			break;
+
+		case 'P':
+			if (from_config_file && payload_size > 0) {
+				syslog(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
+								"the config file option.");
+				break;
+			}
+			payload_size = atoi(optarg);
+			if (payload_size < 0)
 				return ERROR;
 			break;
+
 		case 'H':
-			server_name=strdup(optarg);
+			if (from_config_file && server_name != NULL) {
+				syslog(LOG_WARNING, "WARNING: Command-line server name overrides "
+								"the config file option.");
+				break;
+			}
+			server_name = strdup(optarg);
 			break;
+
 		case 'c':
-			command_name=strdup(optarg);
+			if (from_config_file) {
+				printf("Error: The config file should not have a command (-c) option.\n");
+				return ERROR;
+				break;
+			}
+			command_name = strdup(optarg);
 			break;
+
 		case 'a':
-			argindex=optind;
+			if (from_config_file) {
+				printf("Error: The config file should not have args (-a) arguments.\n");
+				return ERROR;
+				break;
+			}
+			argindex = optind;
 			break;
+
 		case 'n':
-			use_ssl=FALSE;
+			use_ssl = FALSE;
 			break;
+
 		case 'u':
-			timeout_return_code=STATE_UNKNOWN;
+			if (from_config_file && timeout_return_code != -1) {
+				syslog(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
+								"overrides the config file option.");
+				break;
+			}
+			timeout_return_code = STATE_UNKNOWN;
+			break;
+
+		case '2':
+			if (from_config_file && packet_ver != NRPE_PACKET_VERSION_3) {
+				syslog(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
+								"overrides the config file option.");
+				break;
+			}
+			packet_ver = NRPE_PACKET_VERSION_2;
 			break;
+
 		case '4':
-			address_family=AF_INET;
+			if (from_config_file && address_family != AF_UNSPEC) {
+				syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
+								"or ipv6 (-6) overrides the config file option.");
+				break;
+			}
+			address_family = AF_INET;
 			break;
+
 		case '6':
-			address_family=AF_INET6;
+			if (from_config_file && address_family != AF_UNSPEC) {
+				syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
+								"or ipv6 (-6) overrides the config file option.");
+				break;
+			}
+			address_family = AF_INET6;
+			break;
+
+		case 'd':
+			if (from_config_file && sslprm.allowDH != -1) {
+				syslog(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
+								"overrides the config file option.");
+				break;
+			}
+			if (!optarg || optarg[0] < '0' || optarg[0] > '2')
+				return ERROR;
+			sslprm.allowDH = atoi(optarg);
+			break;
+
+		case 'A':
+			if (from_config_file && sslprm.cacert_file != NULL) {
+				syslog(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
+								"overrides the config file option.");
+				break;
+			}
+			sslprm.cacert_file = strdup(optarg);
+			break;
+
+		case 'C':
+			if (from_config_file && sslprm.cert_file != NULL) {
+				syslog(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
+								"overrides the config file option.");
+				break;
+			}
+			sslprm.cert_file = strdup(optarg);
+			has_cert = 1;
+			break;
+
+		case 'K':
+			if (from_config_file && sslprm.privatekey_file != NULL) {
+				syslog(LOG_WARNING, "WARNING: Command-line key-file (-K) "
+								"overrides the config file option.");
+				break;
+			}
+			sslprm.privatekey_file = strdup(optarg);
+			has_priv_key = 1;
+			break;
+
+		case 'S':
+			if (from_config_file && sslprm.ssl_min_ver != SSL_Ver_Invalid) {
+				syslog(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
+								"overrides the config file option.");
+				break;
+			}
+			if (!strcmp(optarg, "SSLv2"))
+				sslprm.ssl_min_ver = SSLv2;
+			else if (!strcmp(optarg, "SSLv2+"))
+				sslprm.ssl_min_ver = SSLv2_plus;
+			else if (!strcmp(optarg, "SSLv3"))
+				sslprm.ssl_min_ver = SSLv3;
+			else if (!strcmp(optarg, "SSLv3+"))
+				sslprm.ssl_min_ver = SSLv3_plus;
+			else if (!strcmp(optarg, "TLSv1"))
+				sslprm.ssl_min_ver = TLSv1;
+			else if (!strcmp(optarg, "TLSv1+"))
+				sslprm.ssl_min_ver = TLSv1_plus;
+			else if (!strcmp(optarg, "TLSv1.1"))
+				sslprm.ssl_min_ver = TLSv1_1;
+			else if (!strcmp(optarg, "TLSv1.1+"))
+				sslprm.ssl_min_ver = TLSv1_1_plus;
+			else if (!strcmp(optarg, "TLSv1.2"))
+				sslprm.ssl_min_ver = TLSv1_2;
+			else if (!strcmp(optarg, "TLSv1.2+"))
+				sslprm.ssl_min_ver = TLSv1_2_plus;
+			else
+				return ERROR;
+			break;
+
+		case 'L':
+			if (from_config_file && sslprm.cipher_list[0] != '\0') {
+				syslog(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
+								"overrides the config file option.");
+				break;
+			}
+			strncpy(sslprm.cipher_list, optarg, sizeof(sslprm.cipher_list) - 1);
+			sslprm.cipher_list[sizeof(sslprm.cipher_list) - 1] = '\0';
 			break;
+
+		case 's':
+			if (from_config_file && have_log_opts == TRUE) {
+				syslog(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
+								"overrides the config file option.");
+				break;
+			}
+			sslprm.log_opts = strtoul(optarg, NULL, 0);
+			have_log_opts = TRUE;
+			break;
+
 		default:
 			return ERROR;
 			break;
-		        }
-	        }
+		}
+	}
 
 	/* determine (base) command query */
-	snprintf(query,sizeof(query),"%s",(command_name==NULL)?DEFAULT_NRPE_COMMAND:command_name);
-	query[sizeof(query)-1]='\x0';
+	snprintf(query, sizeof(query), "%s",
+			 (command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
+	query[sizeof(query) - 1] = '\x0';
 
 	/* get the command args */
-	if(argindex>0){
+	if (argindex > 0) {
 
-		for(c=argindex-1;c<argc;c++){
+		for (c = argindex - 1; c < argc; c++) {
 
-			i=sizeof(query)-strlen(query)-2;
-			if(i<=0)
+			i = sizeof(query) - strlen(query) - 2;
+			if (i <= 0)
 				break;
 
-			strcat(query,"!");
-			strncat(query,argv[c],i);
-			query[sizeof(query)-1]='\x0';
-		        }
-	        }
+			strcat(query, "!");
+			strncat(query, argv[c], i);
+			query[sizeof(query) - 1] = '\x0';
+		}
+	}
+
+	if (!from_config_file && config_file != NULL) {
+		if ((rc = read_config_file(config_file)) != OK)
+			return rc;
+	}
 
-	/* make sure required args were supplied */
-	if(server_name==NULL && show_help==FALSE && show_version==FALSE  && show_license==FALSE)
+	if ((has_cert && !has_priv_key) || (!has_cert && has_priv_key)) {
+		printf("Error: the client certificate and the private key "
+				"must both be given or neither\n");
 		return ERROR;
+	}
 
+	if (payload_size > 0 && packet_ver != NRPE_PACKET_VERSION_2) {
+		printf("Error: if a fixed payload size is specified, "
+				"'-2' must also be specified\n");
+		return ERROR;
+	}
+
+	/* make sure required args were supplied */
+	if (server_name == NULL && show_help == FALSE && show_version == FALSE
+		&& show_license == FALSE)
+		return ERROR;
 
 	return OK;
-        }
+}
+
+int read_config_file(char *fname)
+{
+	int			rc, argc = 0;
+	FILE		*f;
+	char		*buf, *bufp, **argv;
+	char		*delims = " \t\r\n";
+	struct stat	st;
+	size_t		sz;
+
+	if (stat(fname, &st)) {
+		syslog(LOG_ERR, "Error: Could not stat config file %s", fname);
+		return ERROR;
+	}
+	if ((f = fopen(fname, "r")) == NULL) {
+		syslog(LOG_ERR, "Error: Could not open config file %s", fname);
+		return ERROR;
+	}
+	if ((buf = (char*)calloc(1, st.st_size + 2)) == NULL) {
+		fclose(f);
+		syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
+		return ERROR;
+	}
+	if ((sz = fread(buf, 1, st.st_size, f)) != st.st_size) {
+		fclose(f);
+		free(buf);
+		syslog(LOG_ERR, "Error: Failed to completely read config file %s", fname);
+		return ERROR;
+	}
+	if ((argv = calloc(50, sizeof(char*))) == NULL) {
+		fclose(f);
+		free(buf);
+		syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
+		return ERROR;
+	}
 
+	argv[argc++] = "check_nrpe";
 
+	bufp = buf;
+	while (argc < 50) {
+		if (*bufp == '\0')
+			break;
+		while (strchr(delims, *bufp))
+			++bufp;
+		argv[argc] = my_strsep(&bufp, delims);
+		if (!argv[argc++])
+			break;
+	}
 
-void alarm_handler(int sig){
+	fclose(f);
 
-	printf("CHECK_NRPE: Socket timeout after %d seconds.\n",socket_timeout);
+	if (argc == 50) {
+		free(buf);
+		free(argv);
+		syslog(LOG_ERR, "Error: too many parameters in config file %s", fname);
+		return ERROR;
+	}
 
-	exit(timeout_return_code);
-        }
+	rc = process_arguments(argc, argv, 1);
+	free(buf);
+	free(argv);
+	return rc;
+}
+
+const char *state_text (int result)
+{
+	switch (result) {
+		case STATE_OK:
+			return "OK";
+		case STATE_WARNING:
+			return "WARNING";
+		case STATE_CRITICAL:
+			return "CRITICAL";
+		default:
+			return "UNKNOWN";
+	}
+}
+
+int translate_state (char *state_text) {
+       if (!strcasecmp(state_text,"OK") || !strcmp(state_text,"0"))
+               return STATE_OK;
+       if (!strcasecmp(state_text,"WARNING") || !strcmp(state_text,"1"))
+               return STATE_WARNING;
+       if (!strcasecmp(state_text,"CRITICAL") || !strcmp(state_text,"2"))
+               return STATE_CRITICAL;
+       if (!strcasecmp(state_text,"UNKNOWN") || !strcmp(state_text,"3"))
+               return STATE_UNKNOWN;
+       return ERROR;
+}
+
+void set_timeout_state (char *state) {
+        if ((timeout_return_code = translate_state(state)) == ERROR)
+                printf("Timeout state must be a valid state name (OK, "
+						"WARNING, CRITICAL, UNKNOWN) or integer (0-3).\n");
+}
+
+int parse_timeout_string (char *timeout_str)
+{
+	char *seperated_str;
+	char *timeout_val = NULL;
+	char *timeout_sta = NULL;
+
+	if (strstr(timeout_str, ":") == NULL)
+		timeout_val = timeout_str;
+	else if (strncmp(timeout_str, ":", 1) == 0) {
+		seperated_str = strtok(timeout_str, ":");
+		if (seperated_str != NULL)
+			timeout_sta = seperated_str;
+	} else {
+		seperated_str = strtok(timeout_str, ":");
+		timeout_val = seperated_str;
+		seperated_str = strtok(NULL, ":");
+		if (seperated_str != NULL) {
+			timeout_sta = seperated_str;
+		}
+	}
+
+	if ( timeout_sta != NULL )
+		set_timeout_state(timeout_sta);
+
+	if ((timeout_val == NULL) || (timeout_val[0] == '\0'))
+		return socket_timeout;
+	else if (atoi(timeout_val) > 0)
+		return atoi(timeout_val);
+	else {
+		printf("Timeout value must be a positive integer\n");
+		exit (STATE_UNKNOWN);
+	}
+}
+
+void usage(int result)
+{
+	if (result != OK)
+		printf("Incorrect command line arguments supplied\n");
+	printf("\n");
+	printf("NRPE Plugin for Nagios\n");
+	printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
+	printf("Version: %s\n", PROGRAM_VERSION);
+	printf("Last Modified: %s\n", MODIFICATION_DATE);
+	printf("License: GPL v2 with exemptions (-l for more info)\n");
+#ifdef HAVE_SSL
+	printf("SSL/TLS Available: OpenSSL 0.9.6 or higher required\n");
+#endif
+	printf("\n");
+
+	if (result != OK || show_help == TRUE) {
+		printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n"
+			   "       [-P <size>] [-S <ssl version>]  [-L <cipherlist>] [-C <clientcert>]\n"
+			   "       [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
+			   "       [-f <cfg-file>] [-p <port>] [-t <interval>:<state>]\n"
+			   "       [-c <command>] [-a <arglist...>]\n");
+		printf("\n");
+		printf("Options:\n");
+		printf(" <host>       = The address of the host running the NRPE daemon\n");
+		printf(" -2           = Only use Version 2 packets, not Version 3\n");
+		printf(" -4           = bind to ipv4 only\n");
+		printf(" -6           = bind to ipv6 only\n");
+		printf(" -n           = Do no use SSL\n");
+		printf
+			(" -u           = (DEPRECATED) Make timeouts return UNKNOWN instead of CRITICAL\n");
+		printf(" -V           = Show version\n");
+		printf(" -l           = Show license\n");
+		printf(" <dhopt>      = Anonymous Diffie Hellman use:\n");
+		printf("                0 = Don't use Anonymous Diffie Hellman\n");
+		printf("                    (This will be the default in a future release.)\n");
+		printf("                1 = Allow Anonymous Diffie Hellman (default)\n");
+		printf("                2 = Force Anonymous Diffie Hellman\n");
+		printf(" <size>       = Specify non-default payload size for NSClient++\n");
+		printf
+			(" <ssl ver>    = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
+		printf("                SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
+		printf("                TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
+		printf("                TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
+		printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
+		printf
+			("                to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
+		printf(" <clientcert> = The client certificate to use for PKI\n");
+		printf(" <key>        = The private key to use with the client certificate\n");
+		printf(" <ca-cert>    = The CA certificate to use for PKI\n");
+		printf(" <logopts>    = SSL Logging Options\n");
+		printf(" <bindaddr>   = bind to local address\n");
+		printf(" <cfg-file>   = configuration file to use\n");
+		printf(" [port]       = The port on which the daemon is running (default=%d)\n",
+			   DEFAULT_SERVER_PORT);
+		printf(" [command]    = The name of the command that the remote daemon should run\n");
+		printf(" [arglist]    = Optional arguments that should be passed to the command,\n");
+		printf("                separated by a space.  If provided, this must be the last\n");
+		printf("                option supplied on the command line.\n");
+		printf("\n");
+		printf(" NEW TIMEOUT SYNTAX\n");
+		printf(" -t <interval>:<state>\n");
+		printf("    <interval> = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
+		printf("    <state> = Check state to exit with in the event of a timeout (default=CRITICAL)\n");
+		printf("    Timeout state must be a valid state name (case-insensitive) or integer:\n");
+		printf("    (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)\n");
+		printf("\n");
+		printf("Note:\n");
+		printf
+			("This plugin requires that you have the NRPE daemon running on the remote host.\n");
+		printf
+			("You must also have configured the daemon to associate a specific plugin command\n");
+		printf("with the [command] option you are specifying here.  Upon receipt of the\n");
+		printf
+			("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
+		printf
+			("send the plugin output and return code back to *this* plugin.  This allows you\n");
+		printf
+			("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
+		printf("the plugin is being run locally.\n");
+		printf("\n");
+	}
+
+	if (show_license == TRUE)
+		display_license();
+
+	exit(STATE_UNKNOWN);
+}
+
+void setup_ssl()
+{
+#ifdef HAVE_SSL
+	int vrfy;
+
+	if (sslprm.log_opts & SSL_LogStartup) {
+		char *val;
+
+		syslog(LOG_INFO, "SSL Certificate File: %s",
+			   sslprm.cert_file ? sslprm.cert_file : "None");
+		syslog(LOG_INFO, "SSL Private Key File: %s",
+			   sslprm.privatekey_file ? sslprm.privatekey_file : "None");
+		syslog(LOG_INFO, "SSL CA Certificate File: %s",
+			   sslprm.cacert_file ? sslprm.cacert_file : "None");
+		if (sslprm.allowDH < 2)
+			syslog(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
+		else
+			syslog(LOG_INFO, "SSL Cipher List: ADH");
+		syslog(LOG_INFO, "SSL Allow ADH: %s",
+			   sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
+		syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
+		switch (sslprm.ssl_min_ver) {
+		case SSLv2:
+			val = "SSLv2";
+			break;
+		case SSLv2_plus:
+			val = "SSLv2 And Above";
+			break;
+		case SSLv3:
+			val = "SSLv3";
+			break;
+		case SSLv3_plus:
+			val = "SSLv3_plus And Above";
+			break;
+		case TLSv1:
+			val = "TLSv1";
+			break;
+		case TLSv1_plus:
+			val = "TLSv1_plus And Above";
+			break;
+		case TLSv1_1:
+			val = "TLSv1_1";
+			break;
+		case TLSv1_1_plus:
+			val = "TLSv1_1_plus And Above";
+			break;
+		case TLSv1_2:
+			val = "TLSv1_2";
+			break;
+		case TLSv1_2_plus:
+			val = "TLSv1_2_plus And Above";
+			break;
+		default:
+			val = "INVALID VALUE!";
+			break;
+		}
+		syslog(LOG_INFO, "SSL Version: %s", val);
+	}
+
+	/* initialize SSL */
+	if (use_ssl == TRUE) {
+		SSL_load_error_strings();
+		SSL_library_init();
+		meth = SSLv23_client_method();
+
+# ifndef OPENSSL_NO_SSL2
+		if (sslprm.ssl_min_ver == SSLv2)
+			meth = SSLv2_client_method();
+# endif
+# ifndef OPENSSL_NO_SSL3
+		if (sslprm.ssl_min_ver == SSLv3)
+			meth = SSLv3_client_method();
+# endif
+		if (sslprm.ssl_min_ver == TLSv1)
+			meth = TLSv1_client_method();
+# ifdef SSL_TXT_TLSV1_1
+		if (sslprm.ssl_min_ver == TLSv1_1)
+			meth = TLSv1_1_client_method();
+#  ifdef SSL_TXT_TLSV1_2
+		if (sslprm.ssl_min_ver == TLSv1_2)
+			meth = TLSv1_2_client_method();
+#  endif
+# endif
+
+		if ((ctx = SSL_CTX_new(meth)) == NULL) {
+			printf("CHECK_NRPE: Error - could not create SSL context.\n");
+			exit(STATE_CRITICAL);
+		}
+
+		if (sslprm.ssl_min_ver >= SSLv3) {
+			ssl_opts |= SSL_OP_NO_SSLv2;
+			if (sslprm.ssl_min_ver >= TLSv1)
+				ssl_opts |= SSL_OP_NO_SSLv3;
+		}
+		SSL_CTX_set_options(ctx, ssl_opts);
+
+		if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
+			if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
+				SSL_CTX_free(ctx);
+				printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
+				exit(STATE_CRITICAL);
+			}
+			if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
+				SSL_CTX_free(ctx);
+				printf("Error: could not use private key file '%s'.\n",
+					   sslprm.privatekey_file);
+				exit(STATE_CRITICAL);
+			}
+		}
+
+		if (sslprm.cacert_file != NULL) {
+			vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+			SSL_CTX_set_verify(ctx, vrfy, verify_callback);
+			if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
+				SSL_CTX_free(ctx);
+				printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
+				exit(STATE_CRITICAL);
+			}
+		}
+
+		if (!sslprm.allowDH) {
+			if (strlen(sslprm.cipher_list) < sizeof(sslprm.cipher_list) - 6) {
+				strcat(sslprm.cipher_list, ":!ADH");
+				if (sslprm.log_opts & SSL_LogStartup)
+					syslog(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
+			}
+		} else {
+			/* use anonymous DH ciphers */
+			if (sslprm.allowDH == 2)
+				strcpy(sslprm.cipher_list, "ADH");
+		}
+
+		if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
+			SSL_CTX_free(ctx);
+			printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
+			exit(STATE_CRITICAL);
+		}
+	}
+#endif
+}
+
+void set_sig_hadlers()
+{
+#ifdef HAVE_SIGACTION
+	struct sigaction sig_action;
+#endif
+
+#ifdef HAVE_SIGACTION
+	sig_action.sa_sigaction = NULL;
+	sig_action.sa_handler = alarm_handler;
+	sigfillset(&sig_action.sa_mask);
+	sig_action.sa_flags = SA_NODEFER | SA_RESTART;
+	sigaction(SIGALRM, &sig_action, NULL);
+#else
+	signal(SIGALRM, alarm_handler);
+#endif	 /* HAVE_SIGACTION */
+
+	/* set socket timeout */
+	alarm(socket_timeout);
+}
+
+int connect_to_remote()
+{
+	struct sockaddr addr;
+	struct in_addr *inaddr;
+	socklen_t addrlen;
+	int result, rc, ssl_err, ern;
+
+	/* try to connect to the host at the given port number */
+	if ((sd =
+		 my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0)
+		exit(STATE_CRITICAL);
+
+	result = STATE_OK;
+	addrlen = sizeof(addr);
+	rc = getpeername(sd, (struct sockaddr *)&addr, &addrlen);
+	if (addr.sa_family == AF_INET) {
+		struct sockaddr_in *addrin = (struct sockaddr_in *)&addr;
+		inaddr = &addrin->sin_addr;
+	} else {
+		struct sockaddr_in6 *addrin = (struct sockaddr_in6 *)&addr;
+		inaddr = (struct in_addr *)&addrin->sin6_addr;
+	}
+	if (inet_ntop(addr.sa_family, inaddr, rem_host, sizeof(rem_host)) == NULL)
+		strncpy(rem_host, "Unknown", sizeof(rem_host));
+	rem_host[MAX_HOST_ADDRESS_LENGTH - 1] = '\0';
+	if ((sslprm.log_opts & SSL_LogIpAddr) != 0)
+		syslog(LOG_DEBUG, "Connected to %s", rem_host);
+
+#ifdef HAVE_SSL
+	if (use_ssl == FALSE)
+		return result;
+
+	/* do SSL handshake */
+	if ((ssl = SSL_new(ctx)) == NULL) {
+		printf("CHECK_NRPE: Error - Could not create SSL connection structure.\n");
+		return STATE_CRITICAL;
+	}
+
+	SSL_set_fd(ssl, sd);
+	if ((rc = SSL_connect(ssl)) != 1) {
+		ern = errno;
+		ssl_err = SSL_get_error(ssl, rc);
+
+		if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
+			int x, nerrs = 0;
+			rc = 0;
+			while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
+				syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
+					   rem_host, ERR_reason_error_string(x));
+				++nerrs;
+			}
+			if (nerrs == 0)
+				syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
+					   rem_host, rc, ssl_err);
+
+		} else
+			syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
+				   rem_host, rc, ssl_err);
+
+		if (ssl_err == 5) {
+			/* Often, errno will be zero, so print a generic message here */
+			if (ern == 0)
+				printf("CHECK_NRPE: Error - Could not connect to %s. Check system logs on %s\n",
+					   rem_host, rem_host);
+			else
+				printf("CHECK_NRPE: Error - Could not connect to %s: %s\n",
+					   rem_host, strerror(ern));
+		} else
+			printf("CHECK_NRPE: Error - Could not complete SSL handshake with %s: %d\n",
+				   rem_host, ssl_err);
+
+# ifdef DEBUG
+		printf("SSL_connect=%d\n", rc);
+		/*
+		   rc = SSL_get_error(ssl, rc);
+		   printf("SSL_get_error=%d\n", rc);
+		   printf("ERR_get_error=%lu\n", ERR_get_error());
+		   printf("%s\n",ERR_error_string(rc, NULL));
+		 */
+		ERR_print_errors_fp(stdout);
+# endif
+		result = STATE_CRITICAL;
+
+	} else {
+
+		if (sslprm.log_opts & SSL_LogVersion)
+			syslog(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
+
+		if (sslprm.log_opts & SSL_LogCipher) {
+# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
+			SSL_CIPHER *c = SSL_get_current_cipher(ssl);
+# else
+			const SSL_CIPHER *c = SSL_get_current_cipher(ssl);
+# endif
+			syslog(LOG_NOTICE, "Remote %s - %s, Cipher is %s", rem_host,
+				   SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+		}
+
+		if ((sslprm.log_opts & SSL_LogIfClientCert) || (sslprm.log_opts & SSL_LogCertDetails)) {
+			char peer_cn[256], buffer[2048];
+			X509 *peer = SSL_get_peer_certificate(ssl);
+
+			if (peer) {
+				if (sslprm.log_opts & SSL_LogIfClientCert)
+					syslog(LOG_NOTICE, "SSL %s has %s certificate",
+						   rem_host, peer->valid ? "a valid" : "an invalid");
+				if (sslprm.log_opts & SSL_LogCertDetails) {
+					syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
+					X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
+					syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
+				}
+
+			} else
+				syslog(LOG_NOTICE, "SSL Did not get certificate from %s", rem_host);
+		}
+	}
+
+	/* bail if we had errors */
+	if (result != STATE_OK) {
+		SSL_CTX_free(ctx);
+		close(sd);
+		exit(result);
+	}
+#endif
+
+	return result;
+}
+
+int send_request()
+{
+	v2_packet *v2_send_packet = NULL;
+	v3_packet *v3_send_packet = NULL;
+	u_int32_t calculated_crc32;
+	int rc, bytes_to_send, pkt_size;
+	char *send_pkt;
+
+	if (packet_ver == NRPE_PACKET_VERSION_2) {
+		pkt_size = sizeof(v2_packet);
+		if (payload_size > 0)
+			pkt_size = sizeof(v2_packet) - MAX_PACKETBUFFER_LENGTH + payload_size;
+		v2_send_packet = (v2_packet*)calloc(1, pkt_size);
+		send_pkt = (char *)v2_send_packet;
+
+		/* fill the packet with semi-random data */
+		randomize_buffer((char *)v2_send_packet, pkt_size);
+
+		/* initialize response packet data */
+		v2_send_packet->packet_version = htons(packet_ver);
+		v2_send_packet->packet_type = htons(QUERY_PACKET);
+		if (payload_size > 0) {
+			strncpy(&v2_send_packet->buffer[0], query, payload_size);
+			v2_send_packet->buffer[payload_size - 1] = '\x0';
+		} else {
+			strncpy(&v2_send_packet->buffer[0], query, MAX_PACKETBUFFER_LENGTH);
+			v2_send_packet->buffer[MAX_PACKETBUFFER_LENGTH - 1] = '\x0';
+		}
+
+		/* calculate the crc 32 value of the packet */
+		v2_send_packet->crc32_value = 0;
+		calculated_crc32 = calculate_crc32(send_pkt, pkt_size);
+		v2_send_packet->crc32_value = htonl(calculated_crc32);
+
+	} else {
+
+		pkt_size = (sizeof(v3_packet) - 1) + strlen(query) + 1;
+		if (pkt_size < sizeof(v2_packet))
+			pkt_size = sizeof(v2_packet);
+
+		v3_send_packet = calloc(1, pkt_size);
+		send_pkt = (char *)v3_send_packet;
+		/* initialize response packet data */
+		v3_send_packet->packet_version = htons(packet_ver);
+		v3_send_packet->packet_type = htons(QUERY_PACKET);
+		v3_send_packet->alignment = 0;
+		v3_send_packet->buffer_length = htonl(pkt_size - sizeof(v3_packet) + 1);
+		strcpy(&v3_send_packet->buffer[0], query);
+
+		/* calculate the crc 32 value of the packet */
+		v3_send_packet->crc32_value = 0;
+		calculated_crc32 = calculate_crc32((char *)v3_send_packet, pkt_size);
+		v3_send_packet->crc32_value = htonl(calculated_crc32);
+	}
+
+	/* send the request to the remote */
+	bytes_to_send = pkt_size;
+
+	if (use_ssl == FALSE)
+		rc = sendall(sd, (char *)send_pkt, &bytes_to_send);
+#ifdef HAVE_SSL
+	else {
+		rc = SSL_write(ssl, send_pkt, bytes_to_send);
+		if (rc < 0)
+			rc = -1;
+	}
+#endif
+
+	if (v3_send_packet)
+		free(v3_send_packet);
+	if (v2_send_packet)
+		free(v2_send_packet);
+
+	if (rc == -1) {
+		printf("CHECK_NRPE: Error sending query to host.\n");
+		close(sd);
+		return STATE_UNKNOWN;
+	}
+
+	return STATE_OK;
+}
+
+int read_response()
+{
+	v2_packet *v2_receive_packet = NULL;
+	v3_packet *v3_receive_packet = NULL;
+	u_int32_t packet_crc32;
+	u_int32_t calculated_crc32;
+	int32_t pkt_size;
+	int rc, result;
+
+	alarm(0);
+	set_sig_hadlers();
+
+#ifdef HAVE_SSL
+	rc = read_packet(sd, ssl, &v2_receive_packet, &v3_receive_packet);
+#else
+	rc = read_packet(sd, NULL, &v2_receive_packet, &v3_receive_packet);
+#endif
 
+	alarm(0);
+
+	/* close the connection */
+#ifdef HAVE_SSL
+	if (use_ssl == TRUE) {
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+		SSL_CTX_free(ctx);
+	}
+#endif
+	graceful_close(sd, 1000);
+
+	/* recv() error */
+	if (rc < 0) {
+		if (packet_ver == NRPE_PACKET_VERSION_3) {
+			if (v3_receive_packet)
+				free(v3_receive_packet);
+			return -1;
+		}
+		if (v2_receive_packet)
+			free(v2_receive_packet);
+		return STATE_UNKNOWN;
+
+	} else if (rc == 0) {
+
+		/* server disconnected */
+		printf("CHECK_NRPE: Received 0 bytes from daemon.  Check "
+				"the remote server logs for error messages.\n");
+		if (packet_ver == NRPE_PACKET_VERSION_3) {
+			if (v3_receive_packet)
+				free(v3_receive_packet);
+		} else if (v2_receive_packet)
+			free(v2_receive_packet);
+		return STATE_UNKNOWN;
+	}
+
+	/* check the crc 32 value */
+	if (packet_ver == NRPE_PACKET_VERSION_3) {
+		pkt_size = (sizeof(v3_packet) - 1) + ntohl(v3_receive_packet->buffer_length);
+		packet_crc32 = ntohl(v3_receive_packet->crc32_value);
+		v3_receive_packet->crc32_value = 0L;
+		v3_receive_packet->alignment = 0;
+		calculated_crc32 = calculate_crc32((char *)v3_receive_packet, pkt_size);
+	} else {
+		pkt_size = sizeof(v2_packet);
+		if (payload_size > 0)
+			pkt_size = sizeof(v2_packet) - MAX_PACKETBUFFER_LENGTH + payload_size;
+		packet_crc32 = ntohl(v2_receive_packet->crc32_value);
+		v2_receive_packet->crc32_value = 0L;
+		calculated_crc32 = calculate_crc32((char *)v2_receive_packet, pkt_size);
+	}
+
+	if (packet_crc32 != calculated_crc32) {
+		printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
+		close(sd);
+		if (packet_ver == NRPE_PACKET_VERSION_3) {
+			if (v3_receive_packet)
+				free(v3_receive_packet);
+		} else if (v2_receive_packet)
+			free(v2_receive_packet);
+		return STATE_UNKNOWN;
+	}
+
+	/* get the return code from the remote plugin */
+	/* and print the output returned by the daemon */
+	if (packet_ver == NRPE_PACKET_VERSION_3) {
+		result = ntohs(v3_receive_packet->result_code);
+		if (v3_receive_packet->buffer_length == 0)
+			printf("CHECK_NRPE: No output returned from daemon.\n");
+		else
+			printf("%s\n", v3_receive_packet->buffer);
+	} else {
+		result = ntohs(v2_receive_packet->result_code);
+		if (payload_size > 0)
+			v2_receive_packet->buffer[payload_size - 1] = '\x0';
+		else
+			v2_receive_packet->buffer[MAX_PACKETBUFFER_LENGTH - 1] = '\x0';
+		if (!strcmp(v2_receive_packet->buffer, ""))
+			printf("CHECK_NRPE: No output returned from daemon.\n");
+		else if (strstr(v2_receive_packet->buffer, "Invalid packet version.3") != NULL)
+			/* NSClient++ doesn't recognize it */
+			return -1;
+		else
+			printf("%s\n", v2_receive_packet->buffer);
+	}
+
+	if (packet_ver == NRPE_PACKET_VERSION_3) {
+		if (v3_receive_packet)
+			free(v3_receive_packet);
+	} else if (v2_receive_packet)
+		free(v2_receive_packet);
+
+	return result;
+}
+
+int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pkt)
+{
+	v2_packet	packet;
+	int32_t pkt_size, common_size, tot_bytes, bytes_to_recv, buffer_size, bytes_read = 0;
+	int rc;
+	char *buff_ptr;
+
+	/* Read only the part that's common between versions 2 & 3 */
+	common_size = tot_bytes = bytes_to_recv = (char *)packet.buffer - (char *)&packet;
+
+	if (use_ssl == FALSE) {
+		rc = recvall(sock, (char *)&packet, &tot_bytes, socket_timeout);
+
+		if (rc <= 0 || rc != bytes_to_recv) {
+			if (rc < bytes_to_recv) {
+				if (packet_ver != NRPE_PACKET_VERSION_3)
+					printf("CHECK_NRPE: Receive header underflow - "
+							"only %d bytes received (%ld expected).\n",
+						 rc, sizeof(bytes_to_recv));
+			}
+			return -1;
+		}
+
+		packet_ver = ntohs(packet.packet_version);
+		if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_3) {
+			printf("CHECK_NRPE: Invalid packet version received from server.\n");
+			return -1;
+		}
+
+		if (ntohs(packet.packet_type) != RESPONSE_PACKET) {
+			printf("CHECK_NRPE: Invalid packet type received from server.\n");
+			return -1;
+		}
+
+		if (packet_ver == NRPE_PACKET_VERSION_2) {
+			pkt_size = sizeof(v2_packet);
+			if (payload_size > 0) {
+				pkt_size = common_size + payload_size;
+				buffer_size = payload_size;
+			} else
+				buffer_size = pkt_size - common_size;
+			if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
+				syslog(LOG_ERR, "Error: Could not allocate memory for packet");
+				return -1;
+			}
+			memcpy(*v2_pkt, &packet, common_size);
+			buff_ptr = (*v2_pkt)->buffer;
+			memset(buff_ptr, 0, buffer_size);
+		} else {
+			pkt_size = sizeof(v3_packet) - 1;
+
+			/* Read the alignment filler */
+			bytes_to_recv = sizeof(int16_t);
+			rc = recvall(sock, (char *)&buffer_size, &bytes_to_recv, socket_timeout);
+			if (rc <= 0 || bytes_to_recv != sizeof(int16_t))
+				return -1;
+			tot_bytes += rc;
+
+			/* Read the buffer size */
+			bytes_to_recv = sizeof(buffer_size);
+			rc = recvall(sock, (char *)&buffer_size, &bytes_to_recv, socket_timeout);
+			if (rc <= 0 || bytes_to_recv != sizeof(buffer_size))
+				return -1;
+			tot_bytes += rc;
+
+			buffer_size = ntohl(buffer_size);
+			pkt_size += buffer_size;
+			if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
+				syslog(LOG_ERR, "Error: Could not allocate memory for packet");
+				return -1;
+			}
+
+			memcpy(*v3_pkt, &packet, common_size);
+			(*v3_pkt)->buffer_length = htonl(buffer_size);
+			buff_ptr = (*v3_pkt)->buffer;
+		}
+
+		bytes_to_recv = buffer_size;
+		rc = recvall(sock, buff_ptr, &bytes_to_recv, socket_timeout);
+
+		if (rc <= 0 || rc != buffer_size) {
+			if (packet_ver == NRPE_PACKET_VERSION_3) {
+				free(*v3_pkt);
+				*v3_pkt = NULL;
+			} else {
+				free(*v2_pkt);
+				*v2_pkt = NULL;
+			}
+			if (rc < buffer_size)
+				printf("CHECK_NRPE: Receive underflow - only %d bytes received "
+						"(%ld expected).\n", rc, sizeof(buffer_size));
+			return -1;
+		} else
+			tot_bytes += rc;
+	}
+#ifdef HAVE_SSL
+	else {
+		SSL *ssl = (SSL *) ssl_ptr;
+
+		while (((rc = SSL_read(ssl, &packet, bytes_to_recv)) <= 0)
+			   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+		}
+
+		if (rc <= 0 || rc != bytes_to_recv) {
+			if (rc < bytes_to_recv) {
+				if (packet_ver != NRPE_PACKET_VERSION_3)
+					printf("CHECK_NRPE: Receive header underflow - only %d bytes "
+							"received (%ld expected).\n", rc, sizeof(bytes_to_recv));
+			}
+			return -1;
+		}
+
+		packet_ver = ntohs(packet.packet_version);
+		if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_3) {
+			printf("CHECK_NRPE: Invalid packet version received from server.\n");
+			return -1;
+		}
+
+		if (ntohs(packet.packet_type) != RESPONSE_PACKET) {
+			printf("CHECK_NRPE: Invalid packet type received from server.\n");
+			return -1;
+		}
+
+		if (packet_ver == NRPE_PACKET_VERSION_2) {
+			pkt_size = sizeof(v2_packet);
+			if (payload_size > 0) {
+				pkt_size = common_size + payload_size;
+				buffer_size = payload_size;
+			} else
+				buffer_size = pkt_size - common_size;
+			if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
+				syslog(LOG_ERR, "Error: Could not allocate memory for packet");
+				return -1;
+			}
+			memcpy(*v2_pkt, &packet, common_size);
+			buff_ptr = (*v2_pkt)->buffer;
+			memset(buff_ptr, 0, buffer_size);
+		} else {
+			pkt_size = sizeof(v3_packet) - 1;
+
+			/* Read the alignment filler */
+			bytes_to_recv = sizeof(int16_t);
+			while (((rc = SSL_read(ssl, &buffer_size, bytes_to_recv)) <= 0)
+				   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+			}
+
+			if (rc <= 0 || bytes_to_recv != sizeof(int16_t))
+				return -1;
+			tot_bytes += rc;
+
+			/* Read the buffer size */
+			bytes_to_recv = sizeof(buffer_size);
+			while (((rc = SSL_read(ssl, &buffer_size, bytes_to_recv)) <= 0)
+				   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+			}
+
+			if (rc <= 0 || bytes_to_recv != sizeof(buffer_size))
+				return -1;
+			tot_bytes += rc;
+
+			buffer_size = ntohl(buffer_size);
+			pkt_size += buffer_size;
+			if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
+				syslog(LOG_ERR, "Error: Could not allocate memory for packet");
+				return -1;
+			}
+
+			memcpy(*v3_pkt, &packet, common_size);
+			(*v3_pkt)->buffer_length = htonl(buffer_size);
+			buff_ptr = (*v3_pkt)->buffer;
+		}
+
+		bytes_to_recv = buffer_size;
+		for (;;) {
+			while (((rc = SSL_read(ssl, &buff_ptr[bytes_read], bytes_to_recv)) <= 0)
+				   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+			}
+
+			if (rc <= 0)
+				break;
+			bytes_read += rc;
+			bytes_to_recv -= rc;
+		}
+
+		buff_ptr[bytes_read] = 0;
+
+		if (rc < 0 || bytes_read != buffer_size) {
+			if (packet_ver == NRPE_PACKET_VERSION_3) {
+				free(*v3_pkt);
+				*v3_pkt = NULL;
+			} else {
+				free(*v2_pkt);
+				*v2_pkt = NULL;
+			}
+			if (bytes_read != buffer_size) {
+				if (packet_ver == NRPE_PACKET_VERSION_3)
+					printf("CHECK_NRPE: Receive buffer size - %ld bytes received "
+						   "(%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
+				else
+					printf("CHECK_NRPE: Receive underflow - only %ld bytes received "
+						   "(%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
+			}
+			return -1;
+		} else
+			tot_bytes += rc;
+	}
+#endif
+
+	return tot_bytes;
+}
+
+#ifdef HAVE_SSL
+int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
+{
+	char name[256], issuer[256];
+	X509 *err_cert;
+	int err;
+	SSL *ssl;
+
+	if (preverify_ok || ((sslprm.log_opts & SSL_LogCertDetails) == 0))
+		return preverify_ok;
+
+	err_cert = X509_STORE_CTX_get_current_cert(ctx);
+	err = X509_STORE_CTX_get_error(ctx);
+
+	/* Get the pointer to the SSL of the current connection */
+	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+
+	X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
+	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
+
+	if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
+		&& (sslprm.log_opts & SSL_LogCertDetails)) {
+		syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
+			   name, issuer, err, X509_verify_cert_error_string(err));
+	}
+
+	return preverify_ok;
+}
+#endif
+
+void alarm_handler(int sig)
+{
+	const char	msg1[] = "CHECK_NRPE STATE ";
+	const char	msg2[] = ": Socket timeout after ";
+	const char	msg3[] = " seconds.\n";
+	const char	*text = state_text(timeout_return_code);
+	size_t		lth1 = 0, lth2 = 0;
+
+	for (lth1 = 0; lth1 < 10; ++lth1)
+		if (text[lth1] == 0)
+			break;
+	for (lth2 = 0; lth2 < 10; ++lth2)
+		if (timeout_txt[lth2] == 0)
+			break;
+
+	write(STDOUT_FILENO, msg1, sizeof(msg1) - 1);
+	write(STDOUT_FILENO, text, lth1);
+	write(STDOUT_FILENO, msg2, sizeof(msg2) - 1);
+	write(STDOUT_FILENO, timeout_txt, lth2);
+	write(STDOUT_FILENO, msg3, sizeof(msg3) - 1);
+
+	exit(timeout_return_code);
+}
 
 /* submitted by Mark Plaksin 08/31/2006 */
-int graceful_close(int sd, int timeout){
-        fd_set in;
-        struct timeval tv;
-        char buf[1000];
+int graceful_close(int sd, int timeout)
+{
+	fd_set in;
+	struct timeval tv;
+	char buf[1000];
 
 	/* send FIN packet */
-        shutdown(sd,SHUT_WR);  
-        for(;;){
+	shutdown(sd, SHUT_WR);
 
-                FD_ZERO(&in);
-                FD_SET(sd,&in);
-                tv.tv_sec=timeout/1000;
-                tv.tv_usec=(timeout % 1000)*1000;
+	for (;;) {
+		FD_ZERO(&in);
+		FD_SET(sd, &in);
+		tv.tv_sec = timeout / 1000;
+		tv.tv_usec = (timeout % 1000) * 1000;
 
 		/* timeout or error */
-                if(1!=select(sd+1,&in,NULL,NULL,&tv))
-			break;   
+		if (1 != select(sd + 1, &in, NULL, NULL, &tv))
+			break;
 
 		/* no more data (FIN or RST) */
-                if(0>=recv(sd,buf,sizeof(buf),0))
+		if (0 >= recv(sd, buf, sizeof(buf), 0))
 			break;
-		}
+	}
 
 #ifdef HAVE_CLOSESOCKET
-        closesocket(sd);
+	closesocket(sd);
 #else
 	close(sd);
 #endif
 
 	return OK;
-	}
+}

src/snprintf.c

@@ -270,7 +270,7 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
 	struct pr_chunk *cnk = NULL;
 	struct pr_chunk_x *clist = NULL;
 	int max_pos;
-	size_t ret = -1;
+	size_t ret = (size_t)-1;
 
 	VA_COPY(args, args_in);
 

src/utils.c

@@ -32,58 +32,64 @@
 #include "../include/common.h"
 #include "../include/utils.h"
 
+#ifndef HAVE_ASPRINTF
+extern int asprintf(char **ptr, const char *format, ...);
+#endif
+
 #ifndef NI_MAXSERV
-#define NI_MAXSERV 32
+# define NI_MAXSERV 32
 #endif
 
 #ifndef NI_MAXHOST
-#define NI_MAXHOST 1025
+# define NI_MAXHOST 1025
 #endif
 
+extern char **environ;
+
 static unsigned long crc32_table[256];
 
+static int my_create_socket(struct addrinfo *ai, const char *bind_address);
 
 
 /* build the crc table - must be called before calculating the crc value */
-void generate_crc32_table(void){
+void generate_crc32_table(void)
+{
 	unsigned long crc, poly;
 	int i, j;
 
-	poly=0xEDB88320L;
-	for(i=0;i<256;i++){
-		crc=i;
-		for(j=8;j>0;j--){
-			if(crc & 1)
-				crc=(crc>>1)^poly;
+	poly = 0xEDB88320L;
+	for (i = 0; i < 256; i++) {
+		crc = i;
+		for (j = 8; j > 0; j--) {
+			if (crc & 1)
+				crc = (crc >> 1) ^ poly;
 			else
-				crc>>=1;
-		        }
-		crc32_table[i]=crc;
-                }
+				crc >>= 1;
+		}
+		crc32_table[i] = crc;
+	}
 
 	return;
-        }
-
+}
 
 /* calculates the CRC 32 value for a buffer */
-unsigned long calculate_crc32(char *buffer, int buffer_size){
-	register unsigned long crc;
+unsigned long calculate_crc32(char *buffer, int buffer_size)
+{
+	register unsigned long crc = 0xFFFFFFFF;
 	int this_char;
 	int current_index;
 
-	crc=0xFFFFFFFF;
-
-	for(current_index=0;current_index<buffer_size;current_index++){
-		this_char=(int)buffer[current_index];
-		crc=((crc>>8) & 0x00FFFFFF) ^ crc32_table[(crc ^ this_char) & 0xFF];
-	        }
+	for (current_index = 0; current_index < buffer_size; current_index++) {
+		this_char = (int)buffer[current_index];
+		crc = ((crc >> 8) & 0x00FFFFFF) ^ crc32_table[(crc ^ this_char) & 0xFF];
+	}
 
 	return (crc ^ 0xFFFFFFFF);
-        }
-
+}
 
 /* fill a buffer with semi-random data */
-void randomize_buffer(char *buffer,int buffer_size){
+void randomize_buffer(char *buffer, int buffer_size)
+{
 	FILE *fp;
 	int x;
 	int seed;
@@ -91,103 +97,106 @@ void randomize_buffer(char *buffer,int buffer_size){
 	/**** FILL BUFFER WITH RANDOM ALPHA-NUMERIC CHARACTERS ****/
 
 	/***************************************************************
-	   Only use alpha-numeric characters becase plugins usually
+	   Only use alpha-numeric characters because plugins usually
 	   only generate numbers and letters in their output.  We
 	   want the buffer to contain the same set of characters as
 	   plugins, so its harder to distinguish where the real output
 	   ends and the rest of the buffer (padded randomly) starts.
-	***************************************************************/
+	 ***************************************************************/
 
 	/* try to get seed value from /dev/urandom, as its a better source of entropy */
-	fp=fopen("/dev/urandom","r");
-	if(fp!=NULL){
-		seed=fgetc(fp);
+	fp = fopen("/dev/urandom", "r");
+	if (fp != NULL) {
+		seed = fgetc(fp);
 		fclose(fp);
-	        }
-
+	}
 	/* else fallback to using the current time as the seed */
 	else
-		seed=(int)time(NULL);
+		seed = (int)time(NULL);
 
 	srand(seed);
-	for(x=0;x<buffer_size;x++)
-		buffer[x]=(int)'0'+(int)(72.0*rand()/(RAND_MAX+1.0));
+	for (x = 0; x < buffer_size; x++)
+		buffer[x] = (int)'0' + (int)(72.0 * rand() / (RAND_MAX + 1.0));
 
 	return;
-        }
-
+}
 
 /* opens a connection to a remote host */
-int my_connect(const char *host, struct sockaddr_storage * hostaddr, u_short port,
-		int address_family, const char *bind_address){
+#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
+int my_connect(const char *host, struct sockaddr_storage *hostaddr, u_short port,
+			   int address_family, const char *bind_address)
+#else
+int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
+			   int address_family, const char *bind_address)
+#endif
+{
+	struct addrinfo hints, *ai, *aitop;
+	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
 	int gaierr;
 	int sock = -1;
-	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
-	struct addrinfo hints, *ai, *aitop;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = address_family;
 	hints.ai_socktype = SOCK_STREAM;
 	snprintf(strport, sizeof strport, "%u", port);
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
-		fprintf(stderr,"Could not resolve hostname %.100s: %s\n", host, 
-				gai_strerror(gaierr));
+		fprintf(stderr, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
 		exit(1);
-		}
+	}
 
 	/*
-	* Loop through addresses for this host, and try each one in
-	* sequence until the connection succeeds.
-	*/
+	 * Loop through addresses for this host, and try each one in
+	 * sequence until the connection succeeds.
+	 */
 	for (ai = aitop; ai; ai = ai->ai_next) {
-		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue;
-		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), 
-				strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+			continue;
+		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
+						strport, sizeof(strport), NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
 			fprintf(stderr, "my_connect: getnameinfo failed\n");
 			continue;
 		}
 
 		/* Create a socket for connecting. */
 		sock = my_create_socket(ai, bind_address);
-		if (sock < 0) {
-			/* Any error is already output */
-			continue;
-			}
+		if (sock < 0)
+			continue;			/* Any error is already output */
 
 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
 			/* Successful connection. */
 			memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
 			break;
-			}
-		else {
-			fprintf(stderr,"connect to address %s port %s: %s\n", ntop, strport, 
+		} else {
+			fprintf(stderr, "connect to address %s port %s: %s\n", ntop, strport,
 					strerror(errno));
 			close(sock);
 			sock = -1;
-			}
 		}
+	}
 
 	freeaddrinfo(aitop);
 
 	/* Return failure if we didn't get a successful connection. */
 	if (sock == -1) {
-		fprintf(stderr, "connect to host %s port %s: %s", host, strport, 
-				strerror(errno));
+		fprintf(stderr, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
 		return -1;
-		}
-	return sock;
 	}
+	return sock;
+}
 
 /* Creates a socket for the connection. */
-int my_create_socket(struct addrinfo *ai, const char *bind_address) {
+int my_create_socket(struct addrinfo *ai, const char *bind_address)
+{
 	int sock, gaierr;
 	struct addrinfo hints, *res;
 
 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-	if (sock < 0) fprintf(stderr,"socket: %.100s\n", strerror(errno));
+	if (sock < 0)
+		fprintf(stderr, "socket: %.100s\n", strerror(errno));
 
 	/* Bind the socket to an alternative local IP address */
-   	if (bind_address == NULL) return sock;
+	if (bind_address == NULL)
+		return sock;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = ai->ai_family;
@@ -195,24 +204,23 @@ int my_create_socket(struct addrinfo *ai, const char *bind_address) {
 	hints.ai_protocol = ai->ai_protocol;
 	hints.ai_flags = AI_PASSIVE;
 	gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
-	if(gaierr) {
-		fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, 
-				gai_strerror(gaierr));
+	if (gaierr) {
+		fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
 		close(sock);
 		return -1;
-        }
-	if(bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+	}
+	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
 		fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno));
 		close(sock);
 		freeaddrinfo(res);
 		return -1;
-		}
+	}
 	freeaddrinfo(res);
 	return sock;
 }
 
-void add_listen_addr(struct addrinfo **listen_addrs, int address_family, 
-		char *addr, int port) {
+void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *addr, int port)
+{
 	struct addrinfo hints, *ai, *aitop;
 	char strport[NI_MAXSERV];
 	int gaierr;
@@ -222,109 +230,191 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family,
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
 	snprintf(strport, sizeof strport, "%d", port);
-	if((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
-		syslog(LOG_ERR,"bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
-				gai_strerror(gaierr));
+	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
+		syslog(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
+			   gai_strerror(gaierr));
 		exit(1);
-		}
-	for(ai = aitop; ai->ai_next; ai = ai->ai_next);
+	}
+	for (ai = aitop; ai->ai_next; ai = ai->ai_next) ;
 	ai->ai_next = *listen_addrs;
 	*listen_addrs = aitop;
+}
+
+int clean_environ(const char *keep_env_vars, const char *nrpe_user)
+{
+#ifdef HAVE_PATHS_H
+	static char	*path = _PATH_STDPATH;
+#else
+	static char	*path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
+#endif
+	struct passwd *pw;
+	size_t len, var_sz = 0;
+	char **kept = NULL, *value, *var, *keep = NULL;
+	int i, j, keepcnt = 0;
+
+	if (keep_env_vars && *keep_env_vars)
+		asprintf(&keep, "%s,NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION", keep_env_vars);
+	else
+		asprintf(&keep, "NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION");
+	if (keep == NULL) {
+		syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+		return ERROR;
+	}
+
+	++keepcnt;
+	i = strlen(keep);
+	while (i--) {
+		if (keep[i] == ',')
+			++keepcnt;
+	}
+
+	if ((kept = calloc(keepcnt + 1, sizeof(char *))) == NULL) {
+		syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+		return ERROR;
+	}
+	for (i = 0, var = my_strsep(&keep, ","); var != NULL; var = my_strsep(&keep, ","))
+		kept[i++] = strip(var);
+
+	var = NULL;
+	i = 0;
+	while (environ[i]) {
+		value = environ[i];
+		if ((len = strcspn(value, "=")) == 0) {
+			free(keep);
+			free(kept);
+			free(var);
+			syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+			return ERROR;
+		}
+		if (len >= var_sz) {
+			var_sz = len + 1;
+			var = realloc(var, var_sz);
+		}
+		strncpy(var, environ[i], var_sz);
+		var[len] = 0;
+
+		for (j = 0; kept[j]; ++j) {
+			if (!strncmp(var, kept[j], strlen(kept[j])))
+				break;
+		}
+		if (kept[j]) {
+			++i;
+			continue;
+		}
+
+		unsetenv(var);
 	}
- 
-void strip(char *buffer){
+
+	free(var);
+	free(keep);
+	free(kept);
+
+	pw = (struct passwd *)getpwnam(nrpe_user);
+	if (pw == NULL)
+		return OK;
+
+	setenv("PATH", path, 1);
+	setenv("IFS", " \t\n", 1);
+	setenv("HOME", pw->pw_dir, 0);
+	setenv("SHELL", pw->pw_shell, 0);
+	setenv("LOGNAME", nrpe_user, 0);
+	setenv("USER", nrpe_user, 0);
+
+	return OK;
+}
+
+char *strip(char *buffer)
+{
 	int x;
 	int index;
+	char *buf = buffer;
 
-	for(x=strlen(buffer);x>=1;x--){
-		index=x-1;
-		if(buffer[index]==' ' || buffer[index]=='\r' || buffer[index]=='\n' || buffer[index]=='\t')
-			buffer[index]='\x0';
+	for (x = strlen(buffer); x >= 1; x--) {
+		index = x - 1;
+		if (buffer[index] == ' ' || buffer[index] == '\r' || buffer[index] == '\n'
+			|| buffer[index] == '\t')
+			buffer[index] = '\x0';
 		else
 			break;
-	        }
+	}
 
-	return;
-        }
+	while (*buf == ' ' || *buf == '\r' || *buf == '\n' || *buf == '\t') {
+		++buf;
+		--x;
+	}
+	if (buf != buffer) {
+		memmove(buffer, buf, x);
+		buffer[x] = '\x0';
+	}
 
+	return buffer;
+}
 
 /* sends all data - thanks to Beej's Guide to Network Programming */
-int sendall(int s, char *buf, int *len){
-	int total=0;
-	int bytesleft=*len;
-	int n=0;
+int sendall(int s, char *buf, int *len)
+{
+	int total = 0;
+	int bytesleft = *len;
+	int n = 0;
 
 	/* send all the data */
-	while(total<*len){
-
-		/* send some data */
-		n=send(s,buf+total,bytesleft,0);
-
-		/* break on error */
-		if(n==-1)
+	while (total < *len) {
+		n = send(s, buf + total, bytesleft, 0);	/* send some data */
+		if (n == -1)			/* break on error */
 			break;
-
 		/* apply bytes we sent */
-		total+=n;
-		bytesleft-=n;
-	        }
-
-	/* return number of bytes actually send here */
-	*len=total;
-
-	/* return -1 on failure, 0 on success */
-	return n==-1?-1:0;
-        }
+		total += n;
+		bytesleft -= n;
+	}
 
+	*len = total;				/* return number of bytes actually sent here */
+	return n == -1 ? -1 : 0;	/* return -1 on failure, 0 on success */
+}
 
 /* receives all data - modelled after sendall() */
-int recvall(int s, char *buf, int *len, int timeout){
-	int total=0;
-	int bytesleft=*len;
-	int n=0;
+int recvall(int s, char *buf, int *len, int timeout)
+{
 	time_t start_time;
 	time_t current_time;
-	
-	/* clear the receive buffer */
-	bzero(buf,*len);
+	int total = 0;
+	int bytesleft = *len;
+	int n = 0;
 
+	bzero(buf, *len);			/* clear the receive buffer */
 	time(&start_time);
 
 	/* receive all data */
-	while(total<*len){
-
-		/* receive some data */
-		n=recv(s,buf+total,bytesleft,0);
+	while (total < *len) {
+		n = recv(s, buf + total, bytesleft, 0);	/* receive some data */
 
-		/* no data has arrived yet (non-blocking socket) */
-		if(n==-1 && errno==EAGAIN){
+		if (n == -1 && errno == EAGAIN) {
+			/* no data has arrived yet (non-blocking socket) */
 			time(&current_time);
-			if(current_time-start_time>timeout)
+			if (current_time - start_time > timeout)
 				break;
 			sleep(1);
 			continue;
-		        }
-
-		/* receive error or client disconnect */
-		else if(n<=0)
-			break;
+		} else if (n <= 0)
+			break;				/* receive error or client disconnect */
 
 		/* apply bytes we received */
-		total+=n;
-		bytesleft-=n;
-	        }
+		total += n;
+		bytesleft -= n;
+	}
 
 	/* return number of bytes actually received here */
-	*len=total;
+	*len = total;
 
 	/* return <=0 on failure, bytes received on success */
-	return (n<=0)?n:total;
-        }
+	return (n <= 0) ? n : total;
+}
 
 
 /* fixes compiler problems under Solaris, since strsep() isn't included */
+
 /* this code is taken from the glibc source */
-char *my_strsep (char **stringp, const char *delim){
+char *my_strsep(char **stringp, const char *delim)
+{
 	char *begin, *end;
 
 	begin = *stringp;
@@ -334,40 +424,84 @@ char *my_strsep (char **stringp, const char *delim){
 	/* A frequent case is when the delimiter string contains only one
 	   character.  Here we don't need to call the expensive `strpbrk'
 	   function and instead work using `strchr'.  */
-	if(delim[0]=='\0' || delim[1]=='\0'){
+	if (delim[0] == '\0' || delim[1] == '\0') {
 		char ch = delim[0];
 
-		if(ch=='\0')
-			end=NULL;
-		else{
-			if(*begin==ch)
-				end=begin;
+		if (ch == '\0')
+			end = NULL;
+		else {
+			if (*begin == ch)
+				end = begin;
 			else
-				end=strchr(begin+1,ch);
-			}
+				end = strchr(begin + 1, ch);
 		}
 
-	else
-		/* Find the end of the token.  */
-		end = strpbrk (begin, delim);
-
-	if(end){
+	} else
+		end = strpbrk(begin, delim);	/* Find the end of the token.  */
 
+	if (end) {
 		/* Terminate the token and set *STRINGP past NUL character.  */
-		*end++='\0';
-		*stringp=end;
-		}
-	else
+		*end++ = '\0';
+		*stringp = end;
+	} else
 		/* No more delimiters; this is the last token.  */
-		*stringp=NULL;
+		*stringp = NULL;
 
 	return begin;
+}
+
+int b64_decode(unsigned char *encoded)
+{
+	static const char *b64 = {
+		"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+	};
+	int i, j, l, padding = 0;
+	unsigned char c[4], *outp = encoded;
+
+	union {
+		unsigned c3;
+		struct {
+			unsigned f1:6;
+			unsigned f2:6;
+			unsigned f3:6;
+			unsigned f4:6;
+		} fields;
+	} enc;
+
+	enc.c3 = 0;
+	l = strlen((char *)encoded);
+	for (i = 0; i < l; i += 4) {
+		for (j = 0; j < 4; ++j) {
+			if (encoded[i + j] == '=') {
+				c[j] = 0;
+				++padding;
+			} else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z')
+				c[j] = encoded[i + j] - 'A';
+			else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z')
+				c[j] = encoded[i + j] - 'a' + 26;
+			else if (encoded[i + j] >= '0' && encoded[i + j] <= '9')
+				c[j] = encoded[i + j] - '0' + 52;
+			else if (encoded[i + j] == '+')
+				c[j] = encoded[i + j] - '+' + 62;
+			else
+				c[j] = encoded[i + j] - '/' + 63;
+		}
+		enc.fields.f1 = c[3];
+		enc.fields.f2 = c[2];
+		enc.fields.f3 = c[1];
+		enc.fields.f4 = c[0];
+		*outp++ = (enc.c3 >> 16) & 0xff;
+		*outp++ = (enc.c3 >> 8) & 0xff;
+		*outp++ = (enc.c3) & 0xff;
 	}
+	*outp = '\0';
 
+	return outp - encoded - padding;
+}
 
 /* show license */
-void display_license(void){
-
+void display_license(void)
+{
 	printf("This program is released under the GPL (see below) with the additional\n");
 	printf("exemption that compiling, linking, and/or using OpenSSL is allowed.\n\n");
 
@@ -384,7 +518,4 @@ void display_license(void){
 	printf("Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
 
 	return;
-        }
-
-
-
+}

startup/bsd-init.in

@@ -0,0 +1,90 @@
+#!/bin/sh
+
+# Start/stop/restart/reload nrpe
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+
+NRPE_BIN=@sbindir@/nrpe
+NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
+PID_DIR=@piddir@
+PID_FILE=@piddir@/nrpe.pid
+
+# Start nrpe
+nrpe_start() {
+	echo -n "Starting nrpe daemon: $NRPE_BIN - "
+	if [ ! -d "$PID_DIR" ]; then
+		mkdir -p "$PID_DIR"
+	fi
+	$NRPE_BIN -c $NRPE_CFG -d
+	if [ $? = 0 ]; then
+		echo "started"
+	else
+		echo "failed"
+	fi
+}
+
+# Stop nrpe
+nrpe_stop() {
+	echo -n "Stopping nrpe daemon - "
+	if [ -r "$PID_FILE" ]; then 
+		kill $(cat "$PID_FILE")
+	else
+		killall nrpe
+	fi
+	if [ $? = 0 ]; then
+		echo "stopped"
+	else
+		echo "failed"
+	fi
+}
+
+# Restart nrpe
+nrpe_restart() {
+	nrpe_stop
+	sleep 1
+	nrpe_start
+}
+
+# Reload nrpe
+nrpe_reload() {
+	echo -n "Reloading nrpe daemon - "
+	if [ -r "$PID_FILE" ]; then 
+		kill -HUP $(cat "$PID_FILE")
+	else
+		killall -HUP nrpe
+	fi
+	if [ $? = 0 ]; then
+		echo "reloaded"
+	else
+		echo "failed"
+	fi
+}
+
+# nrpe status
+nrpe_status() {
+	if ps -C nrpe >/dev/null; then
+		echo "nrpe is running."
+	else
+		echo "nrpe is stopped."
+	fi
+}
+
+case "$1" in
+'start')
+	nrpe_start
+	;;
+'stop')
+	nrpe_stop
+	;;
+'restart')
+	nrpe_restart
+	;;
+'reload')
+	nrpe_reload
+	;;
+'status')
+	nrpe_status
+	;;
+*)
+	echo "Usage $0 start|stop|restart|reload|status"
+	;;
+esac

startup/debian-init.in

@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+#
+# Start/stop the nrpe daemon.
+
+NRPE_BIN=@sbindir@/nrpe
+NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
+PID_FILE=@piddir@/nrpe.pid
+
+test -x $NRPE_BIN || exit 0
+
+case "$1" in
+
+start)
+	echo -n "Starting nagios remote plugin daemon: nrpe"
+	start-stop-daemon --start --quiet --pidfile $PID_FILE --exec $NRPE_BIN -- -c $NRPE_CFG -d
+	echo "." 
+	;;
+
+stop)
+	echo -n "Stopping nagios remote plugin daemon: nrpe"
+	start-stop-daemon --stop --quiet --pidfile $PID_FILE --exec $NRPE_BIN
+	echo "."
+	;;
+
+restart|force-reload)
+	echo -n "Restarting nagios remote plugin daemon: nrpe"
+	start-stop-daemon --stop --quiet --pidfile $PID_FILE --exec $NRPE_BIN
+	start-stop-daemon --start --quiet --pidfile $PID_FILE --exec $NRPE_BIN -- -c $NRPE_CFG -d
+	echo "."
+	;;
+
+reload)
+	echo -n "Reloading configuration files for nagios remote plugin daemon: nrpe"
+	test -f $PID_FILE || exit 0
+	test -x /bin/kill && /bin/kill -HUP `cat $PID_FILE`
+	echo "."
+	;;
+
+*)
+	echo "Usage: $0 start|stop|restart|reload|force-reload"
+	exit 1 
+	;;
+esac
+
+exit 0

startup/default-inetd.in

@@ -0,0 +1,5 @@
+#
+# Enable the following entry to enable the nrpe daemon
+#nrpe stream tcp nowait @nrpe_user@ @sbindir@/nrpe nrpe -c @pkgsysconfdir@/nrpe.cfg --inetd
+# Enable the following entry if the nrpe daemon didn't link with libwrap
+#nrpe stream tcp nowait @nrpe_user@ /usr/sbin/tcpd @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg --inetd

startup/default-init.in

@@ -0,0 +1,156 @@
+#!/bin/sh
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+#
+# chkconfig: - 80 30
+# description: Starts and stops the Nagios Remote Plugin Executor \
+#              so a remote nagios server can run plugins on this host
+#
+### BEGIN INIT INFO
+# Provides:           nrpe
+# Required-Start:     $local_fs $remote_fs $time
+# Required-Stop:      $local_fs $remote_fs
+# Should-Start:       $syslog $network
+# Should-Stop:        $syslog $network
+# Default-Start:      2 3 4 5
+# Default-Stop:       0 1 6
+# Short-Description:  Starts and stops the Nagios Remote Plugin Executor
+# Description:        Starts and stops the Nagios Remote Plugin Executor
+#                     so a remote nagios server can run plugins on this host
+### END INIT INFO
+
+
+NRPE_BIN=@sbindir@/nrpe
+NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
+LOCK_DIR=@subsyslockdir@
+LOCK_FILE=@subsyslockfile@
+PID_FILE=@piddir@/nrpe.pid
+
+test -x $NRPE_BIN || exit 5
+
+RETVAL=0
+
+# Default these commands/functions to RedHat/CentOS etc. values
+MSG_CMD="echo -n"
+START_CMD="daemon --pidfile $PID_FILE"
+TERM_CMD="killproc -p $PID_FILE $NRPE_BIN -TERM"
+HUP_CMD="killproc -p $PID_FILE $NRPE_BIN -HUP"
+PRT_STAT="echo"
+STAT_MSG="echo -n Checking for nrpe daemon... "
+STAT_CMD="status nrpe"
+EXIT_CMD="exit"
+
+
+# Source the function library
+if [ -f /etc/rc.status ]; then
+
+	. /etc/rc.status
+
+	_set_rc (){ return $RETVAL; }
+
+	# Set these commands/functions to SuSE etc. values
+	START_CMD="startproc -p $PID_FILE"
+	TERM_CMD="killproc -p $PID_FILE -TERM $NRPE_BIN"
+	HUP_CMD="killproc -p $PID_FILE -HUP $NRPE_BIN"
+	PRT_STAT="rc_status -v -r"
+	STAT_CMD="checkproc -p $PID_FILE $NRPE_BIN"
+	EXIT_CMD="rc_exit"
+	rc_reset
+
+elif [ -f /etc/rc.d/init.d/functions ]; then
+
+	. /etc/rc.d/init.d/functions
+
+elif [ -f /etc/init.d/functions ]; then
+
+	. /etc/init.d/functions
+
+elif [ -f /lib/lsb/init-functions ]; then
+
+	. /lib/lsb/init-functions
+
+	MSG_CMD="log_daemon_msg"
+	START_CMD="start_daemon -p $PID_FILE"
+	PRT_STAT="log_end_msg"
+	STAT_MSG=
+	STAT_CMD="status_of_proc -p $PID_FILE $NRPE_BIN nrpe"
+
+elif [ -f /etc/rc.d/functions ]; then
+
+	. /etc/rc.d/functions
+
+fi
+
+
+# See how we were called.
+case "$1" in
+
+start)
+	# Start daemons.
+	$MSG_CMD "Starting nrpe "
+	$START_CMD $NRPE_BIN -c $NRPE_CFG -d
+	RETVAL=$?
+	if test "$PRT_STAT" = log_end_msg; then
+		$PRT_STAT $RETVAL
+	else
+		_set_rc; $PRT_STAT
+	fi
+	if [ $RETVAL = 0 ]; then
+		[ -d $LOCK_DIR ] && touch $LOCK_FILE || true
+	fi
+	;;
+
+stop)
+	# Stop daemons.
+	$MSG_CMD "Shutting down nrpe "
+	$TERM_CMD
+	RETVAL=$?
+	if test "$PRT_STAT" = log_end_msg; then
+		$PRT_STAT $RETVAL
+	else
+		_set_rc; $PRT_STAT
+	fi
+	if [ $RETVAL = 0 ]; then
+		[ -d $LOCK_DIR ] && rm -f $LOCK_FILE
+	fi
+	;;
+
+restart|force-reload)
+	$0 stop
+	$0 start
+	RETVAL=$?
+	;;
+
+reload)
+	$MSG_CMD "Reloading nrpe "
+	$HUP_CMD
+	RETVAL=$?
+	if test "$PRT_STAT" = log_end_msg; then
+		$PRT_STAT $RETVAL
+	else
+		_set_rc; $PRT_STAT
+	fi
+	;;
+
+try-restart|condrestart)
+	$STAT_CMD || exit 0
+	$0 stop
+	$0 start
+	RETVAL=$?
+	;;
+
+status)
+	$STAT_MSG
+	$STAT_CMD
+	RETVAL=$?
+	if test "$PRT_STAT" != log_end_msg; then
+		_set_rc; $PRT_STAT
+	fi
+	;;
+
+*)
+	echo "Usage: nrpe {start|stop|restart|reload|try-restart|condrestart|status}"
+	exit 1
+esac
+
+$EXIT_CMD $RETVAL

startup/default-service.in

@@ -0,0 +1,23 @@
+[Unit]
+Description=Nagios Remote Program Executor
+Documentation=http://www.nagios.org/documentation
+After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
+Before=getty@tty1.service plymouth-quit.service xdm.service
+Conflicts=nrpe.socket
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+Restart=on-abort
+PIDFile=@piddir@/nrpe.pid
+RuntimeDirectory=nrpe
+RuntimeDirectoryMode=0755
+ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f
+ExecStopPost=/bin/rm -f @piddir@/nrpe.pid
+TimeoutStopSec=60
+User=@nrpe_user@
+Group=@nrpe_group@
+PrivateTmp=true
+OOMScoreAdjust=-500

startup/default-socket-svc.in

@@ -0,0 +1,16 @@
+[Unit]
+Description=Nagios Remote Program Executor
+Documentation=http://www.nagios.org/documentation
+After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
+
+[Service]
+Restart=on-failure
+ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg --inetd
+KillMode=process
+User=@nrpe_user@
+Group=@nrpe_group@
+PrivateTmp=true
+OOMScoreAdjust=-500
+
+[Install]
+WantedBy=multi-user.target

startup/default-socket.in

@@ -0,0 +1,12 @@
+[Unit]
+Description=Nagios Remote Program Executor
+Documentation=http://www.nagios.org/documentation
+Before=nrpe.service
+Conflicts=nrpe.service
+
+[Socket]
+ListenStream=@nrpe_port@
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

startup/default-xinetd.in

@@ -0,0 +1,15 @@
+# default: off
+# description: NRPE (Nagios Remote Plugin Executor)
+service nrpe
+{
+    disable         = yes
+    socket_type     = stream
+    port            = @npre_port@
+    wait            = no
+    user            = @nrpe_user@
+    group           = @nrpe_group@
+    server          = @sbindir@/nrpe
+    server_args     = -c @pkgsysconfdir@/nrpe.cfg --inetd
+    only_from       = 127.0.0.1
+    log_on_failure  += USERID
+}

startup/mac-inetd.plist.in

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.nagios.nrpe</string>
+	<key>UserName</key>
+	<string>@nrpe_user@</string>
+	<key>GroupName</key>
+	<string>@nrpe_group@</string>
+	<key>Program</key>
+	<string>@sbindir@/nrpe</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>nrpe</string>
+		<string>-c</string>
+		<string>@pkgsysconfdir@/nrpe.cfg</string>
+		<string>-i</string>
+	</array>
+	<key>Sockets</key>
+	<dict>
+		<key>Listeners</key>
+		<dict>
+			<key>SockServiceName</key>
+			<string>5666</string>
+			<key>SockType</key>
+			<string>stream</string>
+			<key>SockFamily</key>
+			<string>IPv4</string>
+		</dict>
+	</dict>
+	<key>inetdCompatibility</key>
+	<dict>
+		<key>Wait</key>
+		<false/>
+	</dict>
+	<key>ProcessType</key>
+	<string>Background</string>
+</dict>
+</plist>

startup/mac-init.plist.in

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.nagios.nrpe</string>
+	<key>UserName</key>
+	<string>@nrpe_user@</string>
+	<key>GroupName</key>
+	<string>@nrpe_group@</string>
+	<key>Program</key>
+	<string>@sbindir@/nrpe</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>nrpe</string>
+		<string>-c</string>
+		<string>@pkgsysconfdir@/nrpe.cfg</string>
+		<string>-f</string>
+	</array>
+	<key>KeepAlive</key>
+	<dict>
+		<key>SuccessfulExit</key>
+		<false/>
+		<key>NetworkState</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>ProcessType</key>
+	<string>Background</string>
+</dict>
+</plist>

startup/newbsd-init.in

@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+#
+# PROVIDE: nrpe
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+: ${nrpe@bsd_enable@:="NO"}
+: ${nrpe_configfile:="@pkgsysconfdir@/nrpe.cfg"}
+
+name=nrpe
+command="@sbindir@/nrpe"
+command_args="-c $nrpe_configfile -d"
+pidfile="@piddir@/nrpe.pid"
+extra_commands=reload
+sig_reload=HUP
+rcvar=nrpe@bsd_enable@
+load_rc_config "$name"
+required_files="$nrpe_configfile"
+sig_reload=HUP
+
+start_precmd=nrpe_prestart
+
+nrpe_prestart()
+{
+	[ -n "$nrpe_pidfile" ] &&
+		warn "No longer necessary to set nrpe_pidfile in rc.conf[.local]"
+
+	install -d -o @nrpe_user@ ${pidfile%/*}
+}
+
+run_rc_command "$1"

startup/openbsd-init.in

@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+#
+
+daemon="@sbindir@/nrpe"
+
+. /etc/rc.d/rc.subr
+
+rc_pre() {
+	install -d -o @nrpe_user@ ${pidfile%/*}
+}
+
+rc_reload() {
+	pkill -HUP -xf "${pexp}"
+}
+
+rc_cmd "$1"

startup/openrc-conf.in

@@ -0,0 +1,7 @@
+# /etc/conf.d/nrpe : config file for /etc/init.d/nrpe
+
+# Configuration file - default is @sysconfdir@/nrpe.cfg
+NRPE_CFG="@pgksysconfdir@/nrpe.cfg"
+
+# Any additional nrpe options (-n -4 -6)
+NRPE_OPTS=""

startup/openrc-init.in

@@ -0,0 +1,49 @@
+#!/sbin/runscript
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+#
+# Start/stop the nrpe daemon.
+#
+# Goes in /etc/init.d - Config is in /etc/conf.d/nrpe
+
+opts="reload"
+# extra_started_commands="reload"		use this if OpenRC >= 0.9.4
+
+NRPE_BIN="@sbindir@/nrpe"
+NRPE_PID="@piddir@/nrpe.pid"
+
+depend() {
+	use logger dns net localmount netmount nfsmount
+}
+
+checkconfig() {
+	# Make sure the config file exists
+	if [ ! -f $NRPE_CFG ]; then
+		eerror "You need to setup $NRPE_CFG.
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting nrpe"
+	# Make sure we have a sane current directory
+	cd /
+	start-stop-daemon --start --exec $NRPE_BIN --pidfile $PID_FILE \
+		-- -c $NRPE_CFG -f $NRPE_OPTS
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping nrpe"
+	start-stop-daemon --stop --exec $NRPE_BIN --pidfile $PID_FILE
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading nrpe"
+	start-stop-daemon --stop --oknodo --exec $NRPE_BIN \
+		--pidfile $PID_FILE --signal HUP
+	eend $?
+}

startup/rh-upstart-init.in

@@ -0,0 +1,17 @@
+# nrpe - the Nagios Remote Plugin Executor
+#
+# nrpe is a program that runs plugins on this host
+# and reports the results back to a nagios server
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+
+description		"the Nagios Remote Plugin Executor"
+
+oom -10
+
+start on started network
+stop on runlevel [!2345]
+
+respawn
+
+exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f

startup/solaris-inetd.xml.in

@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<!--
+	Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+-->
+
+<service_bundle type='manifest' name='NGOS:nrpe'>
+
+	<service
+		name='network/nagios/nrpe'
+		type='service'
+		version='1'>
+
+		<restarter>
+			<service_fmri value='svc:/network/inetd:default' />
+		</restarter>
+
+		<dependency name='config_data'
+			grouping='require_all'
+			restart_on='restart'
+			type='path'>
+			<service_fmri
+			    value='file://localhost@sysconfdir@/nrpe.cfg' />
+		</dependency>
+
+		<exec_method
+			type='method'
+			name='inetd_start'
+			exec='@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -i'
+			timeout_seconds='0'>
+			<method_context>
+				<method_credential user='@nrpe_user@' group='@nrpe_group@'/>
+			</method_context>
+		</exec_method>
+
+		<exec_method
+			type='method'
+			name='inetd_offline'
+			exec=':kill_process'
+			timeout_seconds='0'/>
+
+		<exec_method
+			type='method'
+			name='inetd_disable'
+			exec=':kill'
+			timeout_seconds='0'/>
+
+		<property_group name='inetd' type='framework'>
+			<stability value='Evolving' />
+			<propval name='name' type='astring' value='nrpe' />
+			<propval name='endpoint_type' type='astring' value='stream' />
+			<propval name='proto' type='astring' value='tcp' />
+			<propval name='wait' type='boolean' value='false' />
+			<propval name='isrpc' type='boolean' value='false' />
+		</property_group>
+
+		<property_group name='general' type='framework'>
+			<propval name='enabled'
+				type='boolean'
+				value='false'/>
+			<propval name='action_authorization'
+				type='astring'
+				value='solaris.smf.manage.nrpe'/>
+			<propval name='value_authorization'
+				type='astring'
+				value='solaris.smf.manage.nrpe'/>
+		</property_group>
+
+		<instance name='default' enabled='false' />
+
+		<stability value='Unstable' />
+
+		<template>
+			<common_name>
+				<loctext xml:lang="C">NRPE daemon</loctext>
+			</common_name>
+			<description>
+				<loctext xml:lang="C">
+					Nagios Remote Plugin Executor daemon
+				</loctext>
+			</description>
+			<documentation>
+				<doc_link name='nagios.org' uri='http://www.nagios.org' />
+			</documentation>
+		</template>
+
+	</service>
+
+</service_bundle>

startup/solaris-init.xml.in

@@ -0,0 +1,143 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<!--
+	Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+-->
+
+<service_bundle type='manifest' name='NGOS:nrpe'>
+
+	<service
+		name='network/nagios/nrpe'
+		type='service'
+		version='1'>
+
+		<single_instance />
+
+		<dependency
+			name='fs-local'
+			grouping='require_all'
+			restart_on='none'
+			type='service'>
+				<service_fmri value='svc:/system/filesystem/local' />
+		</dependency>
+
+		<dependency
+			name='autofs'
+			grouping='optional_all'
+			restart_on='none'
+			type='service'>
+			<service_fmri value='svc:/system/filesystem/autofs' />
+		</dependency>
+
+		<dependency
+			name='net-loopback'
+			grouping='require_all'
+			restart_on='none'
+			type='service'>
+			<service_fmri value='svc:/network/loopback' />
+		</dependency>
+
+		<dependency
+			name='net-physical'
+			grouping='require_all'
+			restart_on='none'
+			type='service'>
+			<service_fmri value='svc:/network/physical' />
+		</dependency>
+
+		<dependency
+			name='cryptosvc'
+			grouping='require_all'
+			restart_on='none'
+			type='service'>
+			<service_fmri value='svc:/system/cryptosvc' />
+		</dependency>
+
+		<dependency
+			name='utmp'
+			grouping='require_all'
+			restart_on='none'
+			type='service'>
+			<service_fmri value='svc:/system/utmp' />
+		</dependency>
+
+		<dependency
+			name='config_data'
+			grouping='require_all'
+			restart_on='restart'
+			type='path'>
+			<service_fmri
+			    value='file://localhost@sysconfdir@/nrpe.cfg' />
+		</dependency>
+
+		<dependency
+			name='system-log'
+			grouping='optional_all'
+			restart_on='none'
+			type='service'>
+			<service_fmri value='svc:/system/system-log' />
+		</dependency>
+
+		<dependent
+			name='nrpe_multi-user-server'
+			grouping='optional_all'
+			restart_on='none'>
+			<service_fmri value='svc:/milestone/multi-user-server'/>
+		</dependent>
+
+		<exec_method
+			type='method'
+			name='start'
+			exec='@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -d'
+			timeout_seconds='5'>
+			<method_context>
+				<method_credential user='@nrpe_user@' group='@nrpe_group@'/>
+			</method_context>
+		</exec_method>
+
+		<exec_method
+			type='method'
+			name='stop'
+			exec=':kill'
+			timeout_seconds='60'/>
+
+		<exec_method
+			type='method'
+			name='refresh'
+			exec=':hup'
+			timeout_seconds='60'/>
+
+		<property_group name='startd' type='framework'>
+			<propval name='ignore_error' type='astring' value='core,signal'/>
+		</property_group>
+
+		<property_group name='general' type='framework'>
+			<propval name='enabled' type='boolean' value='false'/>
+			<propval name='action_authorization' type='astring'
+				value='solaris.smf.manage.nrpe'/>
+			<propval name='value_authorization' type='astring'
+				value='solaris.smf.manage.nrpe'/>
+		</property_group>
+
+		<instance name='default' enabled='false' />
+
+		<stability value='Unstable' />
+
+		<template>
+			<common_name>
+				<loctext xml:lang="C">NRPE daemon</loctext>
+			</common_name>
+			<description>
+				<loctext xml:lang="C">
+					Nagios Remote Plugin Executor daemon
+				</loctext>
+			</description>
+			<documentation>
+				<doc_link name='nagios.org' uri='http://www.nagios.org' />
+			</documentation>
+		</template>
+
+	</service>
+
+</service_bundle>

startup/tmpfile.conf.in

@@ -0,0 +1,2 @@
+#Type	Path			Mode	UID				GID				Age	Argument
+D		@piddir@	0755	@nrpe_user@	@nrpe_group@	-	-

startup/upstart-init.in

@@ -0,0 +1,19 @@
+# nrpe - the Nagios Remote Plugin Executor
+#
+# nrpe is a program that runs plugins on this host
+# and reports the results back to a nagios server
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+
+description		"the Nagios Remote Plugin Executor"
+
+oom score -800
+setgid @nrpe_group@
+setuid @nrpe_user@
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+respawn
+
+exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f

subst.in

@@ -1,61 +0,0 @@
-#!/usr/bin/perl -w
-
-# This script finishes the job started by config.status by replacing the variables
-# of the form ${...} which were inserted into the file(s) by config.status.
-
-# Read all files with a single read statement
-$/ = undef;
-
-# List of variables to replace
-my %configvars = (
-	"prefix" => { "value" => '@prefix@'},
-	"exec_prefix" => { "value" => '@exec_prefix@'},
-);
-
-sub replace_var {
-	my $filep = shift;
-	my $cvp = shift;
-	my $varname = shift;
-
-	return if( $cvp->{ $varname}->{ "replaced"});
-	if( defined( $cvp->{ $varname}->{ "dependency"})) {
-		if( !$cvp->{ $cvp->{ $varname}->{ "dependency"}}->{ "replaced"}) {
-			# If a dependency exists and it is not already replaced, replace it
-			replace_var( $filep, $cvp, $cvp->{ $varname}->{ "dependency"});
-		}
-	}
-	my $replacement = $cvp->{ $varname}->{ "value"};
-	$$filep =~ s/\${$varname}/$replacement/g;
-	$cvp->{ $varname}->{ "replaced"} = 1;
-}
-
-# Figure out the dependencies.
-foreach my $cv ( keys %configvars ) {
-	if( $configvars{ $cv}->{ "value"} =~ /\${([^}]+)}/) {
-		my $dependency = $1;
-		if( exists( $configvars{ $dependency})) {
-			$configvars{ $dependency}->{ "dependency"} = $cv;
-		}
-		$configvars{ $cv}->{ "replaced"} = 0;
-	}
-}
-
-# Process each file
-while ($f = shift @ARGV) {
-
-	# Read in the file
-	open( FILE, $f) || die "Unable to open $f for reading";
-	my $file = <FILE>;
-	close( FILE) || die "Unable to close $f after reading";
-
-	# Replace each of the variables we know about
-	foreach $cv ( keys %configvars ) {
-		replace_var( \$file, \%configvars, $cv);
-	}
-
-	# Write out the replacements
-	open( FILE, ">$f") || die "Unable to open $f for writing";
-	print FILE $file;
-	close( FILE) || die "Unable to close $f after writing";
-
-}

uninstall.in

@@ -0,0 +1,417 @@
+#!/bin/sh
+
+# Initialize variables
+myname="$0"
+quiet=0
+prompt=0
+verb=0
+progs=0
+config=0
+start=0
+delusr=0
+delgrp=0
+delscpt=0
+force="-f"
+redir=1
+
+# Set file and path names
+NAME=@PKG_NAME@
+OPSYS=@opsys@
+DIST=@dist_type@
+SBINDIR=@sbindir@
+LIBEXECDIR=@libexecdir@
+PLUGINSDIR=@pluginsdir@
+PIDDIR=@piddir@
+CFGDIR=@pkgsysconfdir@
+INIT_TYPE=@init_type@
+INIT_DIR=@initdir@
+INIT_FILE=@initname@
+INETD_TYPE=@inetd_type@
+INETD_DIR=@inetddir@
+INETD_FILE=@inetdname@
+SRC_INETD=@src_inetd@
+SRC_INIT=@src_init@
+NRPE_USER=@nrpe_user@
+NRPE_GROUP=@nrpe_group@
+NAGIOS_USER=@nagios_user@
+NAGIOS_GROUP=@nagios_group@
+
+
+# Display usage message
+usage() {
+	echo "Usage: $0 [-q] [-p] [-v] progs|config|startup|user|group|script|all"
+	echo "   Optional args:"
+	echo "      -q       Do not print what is happening"
+	echo "      -p       Prompt for each action"
+	echo "      -v       Be a little more verbose about what is happening"
+	echo "   One or more of the following are required:"
+	echo "      progs    Delete the program files"
+	echo "      config   Delete configuration file(s)"
+	echo "      startup  Delete startup files (inetd, init, etc.)"
+	echo "      user     Delete the users"
+	echo "      group    Delete the groups"
+	echo "      script   Delete this uninstall script"
+	echo "      all      Do all of the above"
+	exit 1
+}
+
+get_opts() {
+	while test $# -gt 0 ; do
+		arg=$1
+		shift
+		case "$arg" in
+			-q)			quiet=1		;;
+			-p)			prompt=1	;;
+			progs)		progs=1		;;
+			config)		config=1	;;
+			startup)	start=1		;;
+			user)		delusr=1;	;;
+			group)		delgrp=1;	;;
+			script)		delscpt=1;	;;
+			-v)			verb=1; force=""; redir=0 	;;
+			all)		progs=1; config=1; start=1; delusr=1; delgrp=1; delscpt=1 ;;
+			*)			echo "Invalid argument: $arg";	usage	;;
+		esac
+	done
+
+	if test $prompt -eq 1 -a $quiet -eq 1 ; then
+		echo "The -p and -q flags are mutually exclusive"
+		echo Please specify one or the other
+		exit 1
+	fi
+	if test $verb -eq 1 -a $quiet -eq 1 ; then
+		echo "The -v and -q flags are mutually exclusive"
+		echo Please specify one or the other
+		exit 1
+	fi
+	if test $progs -eq 0 -a $config -eq 0 -a $start -eq 0 ; then
+		usage
+	fi
+}
+
+prt_msg() {
+	if test $quiet -eq 1 ; then
+		return 0
+	fi
+
+	case $1 in
+		0)  indent="" ;;
+		1)	indent="   " ;;
+		2)	indent="        " ;;
+		*)	indent="" ;;
+	esac
+	shift
+
+	if test $1 -eq 1 -a $verb -eq 0 -a $prompt -eq 0 ; then
+		return 0
+	fi
+	shift
+
+	if test $1 -eq 1 -a $prompt -eq 1 ; then
+		shift
+		echo -n "${indent}$*"
+		echo -n "? [Y|n] "
+		read yn
+		if test "x$yn" = x -o x$yn = xy -o x$yn = xY ; then
+			return 0
+		else
+			return 1
+		fi
+	fi
+
+	shift
+	echo "${indent}$*"
+	return 0
+}
+
+rm_progs() {
+	num=0
+	prt_msg 1 0 0 "*** Uninstalling Progs"
+
+	if test -f "$PLUGINSDIR/check_nrpe" ; then
+		num=1
+		prt_msg 2 0 1 "Delete $PLUGINSDIR/check_nrpe" && {
+			rm $force "$PLUGINSDIR/check_nrpe"
+			prt_msg 2 1 0 "Remove directory $PLUGINSDIR"
+			if test $redir -eq 1; then
+				rmdir "$PLUGINSDIR" 2>/dev/null
+			else
+				rmdir "$PLUGINSDIR"
+			fi
+			prt_msg 2 1 0 "Remove directory $LIBEXECDIR"
+			if test $redir -eq 1; then
+				rmdir "$LIBEXECDIR" 2>/dev/null
+			else
+				rmdir "$LIBEXECDIR"
+			fi
+		}
+	fi
+
+	if test -f "$SBINDIR/$NAME" ; then
+		num=1
+		prt_msg 2 0 1 "Delete $SBINDIR/$NAME" && {
+			rm $force "$SBINDIR/$NAME"
+		}
+	fi
+
+    if test -d "$PIDDIR" ; then
+		num=1
+		prt_msg 2 0 1 "Remove directory $PIDDIR" && {
+			if test $redir -eq 1; then
+				rmdir "$PIDDIR" 2>/dev/null
+			else
+				rmdir "$PIDDIR"
+			fi
+		}
+    fi
+
+	if test $num -eq 0; then
+		prt_msg 2 0 0 "There was nothing to uninstall"
+	fi
+}
+
+rm_startup() {
+	num=0
+	prt_msg 1 0 0 "*** Uninstalling Startup"
+
+	if test "$SRC_INETD" != unknown; then
+		if test "$INETD_TYPE" = inetd; then
+			rc=`grep -E -q "^\W*$NAME\s+" "$INETD_DIR/$INETD_FILE"`
+			if test $rc -eq 0; then
+				num=1
+				prt_msg 2 0 1 "($INETD_TYPE) Remove entries from $INETD_DIR/$INETD_FILE" && {
+					prt_msg 2 1 0 "($INETD_TYPE) Creating temp file: $INETD_DIR/$INETD_FILE.$NAME.unin"
+					grep -v -q "\W*$NAME\s+" "$INETD_DIR/$INETD_FILE" > "$INETD_DIR/$INETD_FILE.$NAME.unin"
+					prt_msg 2 1 0 "($INETD_TYPE) Renaming original to: $INETD_DIR/$INETD_FILE.$NAME_save"
+					mv "$INETD_DIR/$INETD_FILE" "$INETD_DIR/$INETD_FILE.$NAME_save"
+					prt_msg 2 1 0 "($INETD_TYPE) Renaming $INETD_DIR/$INETD_FILE.unin to $INETD_DIR/$INETD_FILE"
+					mv "$INETD_DIR/$INETD_FILE.unin" "$INETD_DIR/$INETD_FILE"
+					prt_msg 2 0 0 "($INETD_TYPE) Old $INETD_DIR/$INETD_FILE saved as $INETD_DIR/$INETD_FILE.$NAME_save"
+				}
+			fi
+		elif test -f "$INETD_DIR/$INETD_FILE"; then
+			num=1
+			if test "$INETD_TYPE" != xinetd; then
+				prt_msg 2 0 1 "($INETD_TYPE) Stop and disable $NAME)" && {
+					case "$INETD_TYPE" in
+					systemd)
+						systemctl stop $NAME; systemctl disable $NAME
+						;;
+					upstart)
+						if test $verb -eq 1; then
+							stop $NAME
+						else
+							stop $NAME >/dev/null 2>&1
+						fi
+						;;
+					launchd)
+						launchctl unload $INETD_FILE; launchctl remove $INETD_FILE;
+						;;
+					smf*)
+						svcadm disable -s $NAME
+						;;
+					esac
+				}
+			fi
+			prt_msg 2 0 1 "($INETD_TYPE) Delete $INETD_DIR/$INETD_FILE" && {
+				rm $force "$INETD_DIR/$INETD_FILE"
+				if test "$INETD_TYPE" = systemd; then
+					INETD_FILE=`echo "$INETD_FILE" | sed -e 's/socket$/service/'`
+					prt_msg 2 0 1 "($INETD_TYPE) Delete $INETD_DIR/$INETD_FILE" && {
+						rm $force "$INETD_DIR/$INETD_FILE"
+					}
+				elif test "$INETD_TYPE" = smf10 -o "$INETD_TYPE" = smf11; then
+					prt_msg 2 0 1 "($INIT_TYPE) svcadm restart svc:/system/manifest-import" && {
+						svcadm restart svc:/system/manifest-import
+					}
+				fi
+			}
+		fi
+	fi
+
+	if test "$SRC_INIT" != unknown; then
+		if test -f "$INIT_DIR/$INIT_FILE"; then
+			num=1
+			prt_msg 2 0 1 "($INIT_TYPE) Stop and disable $NAME" && {
+				case "$INIT_TYPE" in
+				systemd)
+					systemctl stop $NAME; systemctl disable $NAME
+					;;
+				upstart)
+					if test $verb -eq 1; then
+						stop $NAME
+					else
+						stop $NAME >/dev/null 2>&1
+					fi
+					;;
+				launchd)
+					launchctl unload $INIT_FILE; launchctl remove $INIT_FILE;
+					;;
+				*bsd)
+					if test -x $INIT_DIR/$INIT_FILE ; then
+						$INIT_DIR/$INIT_FILE stop
+					fi
+					chmod 0644 $INIT_DIR/$INIT_FILE
+					;;
+				openrc|gentoo)
+					/sbin/start-stop-daemon --stop $NAME
+					/sbin/rc-update del $NAME
+					;;
+				smf*)
+					svcadm disable -s $NAME
+					;;
+				sysv)
+					service stop $NAME; chkconfig --del $NAME
+					;;
+				esac
+			}
+			prt_msg 2 0 1 "($INIT_TYPE) Delete $INIT_DIR/$INIT_FILE" && {
+				rm $force "$INIT_DIR/$INIT_FILE"
+				if test ${OPSYS} = bsd; then
+					prt_msg 2 0 1 "($INITD_TYPE) Remove entries from $INETD_DIR/rc.conf" && {
+						prt_msg 2 1 0 "($INIT_TYPE) Creating temp file: $INETD_DIR/rc.conf.$NAME.unin"
+						grep -v -q "^$NAME" "$INETD_DIR/rc.conf" > "$INETD_DIR/rc.conf.$NAME.unin"
+						prt_msg 2 1 0 "($INIT_TYPE) Renaming original to: $INETD_DIR/rc.conf.$NAME_save"
+						mv "$INETD_DIR/rc.conf" "$INETD_DIR/rc.conf.$NAME_save"
+						prt_msg 2 1 0 "($INIT_TYPE) Renaming $INETD_DIR/rc.conf.unin to $INETD_DIR/rc.conf"
+						mv "$INETD_DIR/rc.conf.unin" "$INETD_DIR/rc.conf"
+						prt_msg 2 0 0 "($INIT_TYPE) Old $INETD_DIR/rc.conf saved as $INETD_DIR/rc.conf.$NAME_save"
+					}
+				fi
+				if test $INIT_TYPE = upstart; then
+					prt_msg 2 0 1 "($INIT_TYPE) initctl reload-configuration" && {
+						initctl reload-configuration
+					}
+				elif test "$INIT_TYPE" = smf10 -o "$INIT_TYPE" = smf11; then
+					prt_msg 2 0 1 "($INIT_TYPE) svcadm restart svc:/system/manifest-import" && {
+						svcadm restart svc:/system/manifest-import
+					}
+				fi
+			}
+		fi
+	fi
+
+	if test $num -eq 0; then
+		prt_msg 2 0 0 "There was nothing to uninstall"
+	fi
+}
+
+rm_config() {
+    num=0
+	prt_msg 1 0 0 "*** Uninstalling Config"
+
+    if test -f "$CFGDIR/$NAME.cfg"; then
+		num=1
+		prt_msg 2 0 1 "Delete $CFGDIR/$NAME.cfg" || return
+		rm $force "$CFGDIR/$NAME.cfg"
+		prt_msg 2 1 0 "Removing directory $CFGDIR"
+		if test $redir -eq 1; then
+			rmdir "$CFGDIR" 2>/dev/null
+		else
+			rmdir "$CFGDIR"
+		fi
+	fi
+
+	if test $num -eq 0; then
+		prt_msg 2 0 0 "There was nothing to uninstall"
+	fi
+}
+
+rm_user() {
+	prt_msg 1 0 0 "*** Removing users"
+	prt_msg 2 0 1 "Delete nrpe user:${NRPE_USER} and nagios user:${NAGIOS_USER}" || return
+
+	if test ${OPSYS} = aix; then
+		if test $redir -eq 1; then
+			rmuser -p ${NRPE_USER} 2>/dev/null
+			rmuser -p ${NAGIOS_USER} 2>/dev/null
+		else
+			rmuser -p ${NRPE_USER}
+			rmuser -p ${NAGIOS_USER}
+		fi
+	elif test ${OPSYS} = osx; then
+		dscl . -delete /Groups/${NRPE_GROUP} GroupMembership ${NRPE_USER}
+		dscl . -delete /Users name ${NRPE_USER}
+		dscl . -delete /Groups/${NAGIOS_GROUP} GroupMembership ${NAGIOS_USER}
+		dscl . -delete /Users name ${NAGIOS_USER}
+	elif test ${DIST} = "freebsd"; then
+		if test $redir -eq 1; then
+			pw del user ${NRPE_USER} 2>/dev/null
+			pw del user ${NAGIOS_USER} 2>/dev/null
+		else
+			pw del user ${NRPE_USER}
+			pw del user ${NAGIOS_USER}
+		fi
+	else
+		if test $redir -eq 1; then
+			userdel -r ${NRPE_USER} 2>/dev/null
+			userdel -r ${NAGIOS_USER} 2>/dev/null
+		else
+			userdel -r ${NRPE_USER}
+			userdel -r ${NAGIOS_USER}
+		fi
+	fi
+}
+
+rm_group() {
+	prt_msg 1 0 0 "*** Removing groups"
+	prt_msg 2 0 1 "Delete nrpe group:${NRPE_GROUP} and nagios group:${NAGIOS_GROUP}" || return
+
+	if test ${OPSYS} = aix; then
+		if test $redir -eq 1; then
+			rmgroup -p ${NRPE_GROUP} 2>/dev/null
+			rmgroup -p ${NAGIOS_GROUP} 2>/dev/null
+		else
+			rmgroup -p ${NRPE_GROUP}
+			rmgroup -p ${NAGIOS_GROUP}
+		fi
+	elif test ${OPSYS} = osx; then
+		if test $redir -eq 1; then
+			dscl . -delete /Groups/${NRPE_GROUP} 2>/dev/null
+			dscl . -delete /Groups/${NAGIOS_GROUP} 2>/dev/null
+		else
+			dscl . -delete /Groups/${NRPE_GROUP}
+			dscl . -delete /Groups/${NAGIOS_GROUP}
+		fi
+	elif test ${DIST} = "freebsd"; then
+		if test $redir -eq 1; then
+			pw del group ${NRPE_GROUP} 2>/dev/null
+			pw del group ${NAGIOS_GROUP} 2>/dev/null
+		else
+			pw del group ${NRPE_GROUP}
+			pw del group ${NAGIOS_GROUP}
+		fi
+	else
+		if test $redir -eq 1; then
+			groupdel ${NRPE_GROUP} 2>/dev/null
+			groupdel ${NAGIOS_GROUP} 2>/dev/null
+		else
+			groupdel ${NRPE_GROUP}
+			groupdel ${NAGIOS_GROUP}
+		fi
+	fi
+}
+
+rm_script() {
+	prt_msg 1 0 0 "*** Removing ${myname}"
+	prt_msg 2 0 1 "Delete ${myname}" || return
+
+	if test $redir -eq 1; then
+		rm "${myname}" 2>/dev/null
+	else
+		rm "${myname}"
+	fi
+}
+
+get_opts $@
+
+prt_msg 0 0 0 "* * * Uninstall Starting * * *"
+
+if test $progs -eq 1 ;	then rm_progs;		fi
+if test $start -eq 1 ;	then rm_startup;	fi
+if test $config -eq 1 ;	then rm_config;		fi
+if test $delusr -eq 1;	then rm_user;		fi
+if test $delgrp -eq 1;	then rm_group;		fi
+if test $delscpt -eq 1;	then rm_script;		fi
+
+prt_msg 0 0 0 "* * * Uninstall Complete * * *"

update-cfg.pl

@@ -0,0 +1,144 @@
+#! /usr/bin/perl -w
+
+use strict;
+
+my ($fname_in, $fname_out);
+
+if ($#ARGV != 0) {
+	&usage;
+}
+
+$fname_in = $ARGV[0];
+$fname_out = $fname_in . ".new";
+
+if (&check_ssl) {
+	print "\n'$fname_in' already has some or all of the\n";
+	print "new SSL parameters. No processing will be done.\n\n";
+	exit 0;
+}
+
+open IN, $fname_in or die "Could not open '$fname_in' for reading: $!\n";
+open OUT, ">$fname_out" or die "Could not open '$fname_out' for writing: $!\n";
+
+while (<IN>) {
+	print OUT;
+	&add_ssl if $_ =~ /allow_weak_random_seed/;
+}
+
+print "\nConfig file '$fname_in' was read.\n";
+print "The new SSL comments and parameters were added and the output written to\n";
+print "'$fname_out'\n";
+print "Please check this file for accuracy and rename it when you are satisfied.\n\n";
+
+close IN;
+close OUT;
+
+# ==========================================================================
+
+sub usage
+{
+	print "\nUsage: update-cfg.pl <path-to-nrpe.cfg-file>\n\n";
+	print "This perl script will read the nrpe configuration file\n";
+	print "specified on the command line, and write out a new file\n";
+	print "with the new SSL comments and parameters added.\n\n";
+	exit 1;
+}
+
+# --------------------------------------------------------------------------
+#  check_ssl checks if the config file already has the ssl parameters
+# --------------------------------------------------------------------------
+sub check_ssl
+{
+	my $has_ssl = 0;
+
+	open IN, $fname_in or die "Could not open '$fname_in' for reading: $!\n";
+
+	while (<IN>) {
+		if ($_ =~ /ssl_version=/ or
+			$_ =~ /ssl_use_adh=/ or
+			$_ =~ /ssl_cipher_list=/ or
+			$_ =~ /ssl_cacert_file=/ or
+			$_ =~ /ssl_cert_file=/ or
+			$_ =~ /ssl_privatekey_file=/ or
+			$_ =~ /ssl_client_certs=/ or
+			$_ =~ /ssl_logging=/)
+		{
+			$has_ssl = 1;
+			last;
+		}
+	}
+
+	close IN;
+
+	return $has_ssl;
+}
+
+# --------------------------------------------------------------------------
+#  add_ssl inserts the new SSL comments and parameters into the config file
+# --------------------------------------------------------------------------
+sub add_ssl
+{
+my $txt = <<"END_SSL";
+
+
+
+# SSL/TLS OPTIONS
+# These directives allow you to specify how to use SSL/TLS.
+
+# SSL VERSION
+# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
+#        SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
+#        TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
+#        TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
+#        TLSv1.2+ (use TLSv1.2 or above)
+# If an "or above" version is used, the best will be negotiated. So if both
+# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
+
+#ssl_version=SSLv2+
+
+# SSL USE ADH
+# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
+# ADH or 2 to require ADH. 1 is currently the default but will be changed
+# in a later version.
+
+#ssl_use_adh=1
+
+# SSL CIPHER LIST
+# This lists which ciphers can be used. For backward compatibility, this
+# defaults to 'ssl_cipher_list=ALL:!MD5:\@STRENGTH' in this version but
+# will be changed to something like the example below in a later version of NRPE.
+
+#ssl_cipher_list=ALL:!MD5:\@STRENGTH
+#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:\@STRENGTH
+
+# SSL Certificate and Private Key Files
+
+#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
+#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
+#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
+
+# SSL USE CLIENT CERTS
+# This options determines client certificate usage.
+# Values: 0 = Don't ask for or require client certificates (default)
+#         1 = Ask for client certificates
+#         2 = Require client certificates
+
+#ssl_client_certs=0
+
+# SSL LOGGING
+# This option determines which SSL messages are send to syslog. OR values
+# together to specify multiple options.
+
+# Values: 0x00 (0)  = No additional logging (default)
+#         0x01 (1)  = Log startup SSL/TLS parameters
+#         0x02 (2)  = Log remote IP address
+#         0x04 (4)  = Log SSL/TLS version of connections
+#         0x08 (8)  = Log which cipher is being used for the connection
+#         0x10 (26) = Log if client has a certificate
+#         0x20 (32) = Log details of client's certificate if it has one
+#         -1 or 0xff or 0x2f = All of the above
+
+#ssl_logging=0x00
+END_SSL
+	print OUT $txt;
+}

update-version

@@ -28,10 +28,10 @@ else
 fi
 
 # Current version number
-CURRENTVERSION=2.15
+CURRENTVERSION=nrpe-3.0
 
 # Last date
-LASTDATE=09-06-2013
+LASTDATE=07-12-2016
 
 if [ "x$1" = "x" ]
 then
@@ -64,9 +64,9 @@ perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/nrpe.c
 perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/check_nrpe.c
 
 # Update version number and release date in configure.in
-perl -i -p -e "if( /^AC_INIT/) { s/$CURRENTVERSION/$1/; }" configure.in
-perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure.in
-perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.in
+perl -i -p -e "if( /^AC_INIT/) { s/$CURRENTVERSION/$1/; }" configure.ac
+perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure.ac
+perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.ac
 
 # Run autoconf to update configure (this is easier than updating every instance
 # of the version number in configure)