Initial SSL code (not yet working)

common/config.h.in

@@ -2,7 +2,7 @@
  *
  * NRPE Common Header File
  * Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 01-26-2003
+ * Last Modified: 02-04-2003
  *
  * License:
  *
@@ -35,12 +35,6 @@
 #undef HAVE_STRTOUL 
 #undef HAVE_INITGROUPS
 
-#undef HAVE_PWD_H
-#undef HAVE_GRP_H
-#undef HAVE_SYSLOG_H
-#undef HAVE_LIMITS_H
-#undef HAVE_SYS_RESOURCE_H
-
 
 #define SOCKET_SIZE_TYPE ""
 #define GETGROUPS_T ""
@@ -153,11 +147,23 @@
 #include <ctype.h>
 #endif
 
+#undef HAVE_PWD_H
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
  
+#undef HAVE_GRP_H
 #ifdef HAVE_GRP_H
 #include <grp.h>
 #endif
 
+#undef HAVE_SSL
+#ifdef HAVE_SSL
+#include <rsa.h>
+#include <crypto.h>
+#include <pem.h>
+#include <ssl.h>
+#include <err.h>
+#include <rand.h>
+#endif
+

configure

@@ -13,6 +13,12 @@ ac_default_prefix=/usr/local
 # Any additions from configure.in:
 ac_default_prefix=/usr/local/nagios
 ac_help="$ac_help
+--enable-ssl enables native SSL support"
+ac_help="$ac_help
+--with-ssl-lib=DIR sets location of the SSL library"
+ac_help="$ac_help
+--with-ssl-inc=DIR sets location of the SSL include files"
+ac_help="$ac_help
 --with-nrpe-user=<user> sets user name to run NRPE"
 ac_help="$ac_help
 --with-nrpe-group=<group> sets group name to run NRPE"
@@ -563,7 +569,7 @@ ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # ./install, which can be erroneously created by make from ./install.sh.
 echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:567: checking for a BSD compatible install" >&5
+echo "configure:573: checking for a BSD compatible install" >&5
 if test -z "$INSTALL"; then
 if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -620,7 +626,7 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:624: checking for $ac_word" >&5
+echo "configure:630: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -650,7 +656,7 @@ if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:654: checking for $ac_word" >&5
+echo "configure:660: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -701,7 +707,7 @@ fi
       # Extract the first word of "cl", so it can be a program name with args.
 set dummy cl; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:705: checking for $ac_word" >&5
+echo "configure:711: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -733,7 +739,7 @@ fi
 fi
 
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:737: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+echo "configure:743: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
 
 ac_ext=c
 # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
@@ -744,12 +750,12 @@ cross_compiling=$ac_cv_prog_cc_cross
 
 cat > conftest.$ac_ext << EOF
 
-#line 748 "configure"
+#line 754 "configure"
 #include "confdefs.h"
 
 main(){return(0);}
 EOF
-if { (eval echo configure:753: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:759: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   ac_cv_prog_cc_works=yes
   # If we can't run a trivial program, we are probably using a cross compiler.
   if (./conftest; exit) 2>/dev/null; then
@@ -775,12 +781,12 @@ if test $ac_cv_prog_cc_works = no; then
   { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
 fi
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:779: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "configure:785: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
 cross_compiling=$ac_cv_prog_cc_cross
 
 echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:784: checking whether we are using GNU C" >&5
+echo "configure:790: checking whether we are using GNU C" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -789,7 +795,7 @@ else
   yes;
 #endif
 EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:793: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:799: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
   ac_cv_prog_gcc=yes
 else
   ac_cv_prog_gcc=no
@@ -808,7 +814,7 @@ ac_test_CFLAGS="${CFLAGS+set}"
 ac_save_CFLAGS="$CFLAGS"
 CFLAGS=
 echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:812: checking whether ${CC-cc} accepts -g" >&5
+echo "configure:818: checking whether ${CC-cc} accepts -g" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -840,7 +846,7 @@ else
 fi
 
 echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6
-echo "configure:844: checking whether ${MAKE-make} sets \${MAKE}" >&5
+echo "configure:850: checking whether ${MAKE-make} sets \${MAKE}" >&5
 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -868,7 +874,7 @@ fi
 
 
 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:872: checking how to run the C preprocessor" >&5
+echo "configure:878: checking how to run the C preprocessor" >&5
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -883,13 +889,13 @@ else
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 887 "configure"
+#line 893 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:893: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:899: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -900,13 +906,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 904 "configure"
+#line 910 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:910: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:916: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -917,13 +923,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -nologo -E"
   cat > conftest.$ac_ext <<EOF
-#line 921 "configure"
+#line 927 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:927: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:933: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -948,12 +954,12 @@ fi
 echo "$ac_t""$CPP" 1>&6
 
 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:952: checking for ANSI C header files" >&5
+echo "configure:958: checking for ANSI C header files" >&5
 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 957 "configure"
+#line 963 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -961,7 +967,7 @@ else
 #include <float.h>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:965: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:971: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -978,7 +984,7 @@ rm -f conftest*
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 982 "configure"
+#line 988 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -996,7 +1002,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1000 "configure"
+#line 1006 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -1017,7 +1023,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 1021 "configure"
+#line 1027 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1028,7 +1034,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
 exit (0); }
 
 EOF
-if { (eval echo configure:1032: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1038: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -1052,12 +1058,12 @@ EOF
 fi
 
 echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
-echo "configure:1056: checking whether time.h and sys/time.h may both be included" >&5
+echo "configure:1062: checking whether time.h and sys/time.h may both be included" >&5
 if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1061 "configure"
+#line 1067 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/time.h>
@@ -1066,7 +1072,7 @@ int main() {
 struct tm *tp;
 ; return 0; }
 EOF
-if { (eval echo configure:1070: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1076: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_time=yes
 else
@@ -1087,12 +1093,12 @@ EOF
 fi
 
 echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
-echo "configure:1091: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo "configure:1097: checking for sys/wait.h that is POSIX.1 compatible" >&5
 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1096 "configure"
+#line 1102 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -1108,7 +1114,7 @@ wait (&s);
 s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
 ; return 0; }
 EOF
-if { (eval echo configure:1112: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1118: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_sys_wait_h=yes
 else
@@ -1132,17 +1138,17 @@ for ac_hdr in ctype.h errno.h fcntl.h getopt.h grp.h netdb.h pwd.h signal.h stri
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1136: checking for $ac_hdr" >&5
+echo "configure:1142: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1141 "configure"
+#line 1147 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1146: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1152: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1170,12 +1176,12 @@ done
 
 
 echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1174: checking for working const" >&5
+echo "configure:1180: checking for working const" >&5
 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1179 "configure"
+#line 1185 "configure"
 #include "confdefs.h"
 
 int main() {
@@ -1224,7 +1230,7 @@ ccp = (char const *const *) p;
 
 ; return 0; }
 EOF
-if { (eval echo configure:1228: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1234: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -1245,12 +1251,12 @@ EOF
 fi
 
 echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6
-echo "configure:1249: checking whether struct tm is in sys/time.h or time.h" >&5
+echo "configure:1255: checking whether struct tm is in sys/time.h or time.h" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1254 "configure"
+#line 1260 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <time.h>
@@ -1258,7 +1264,7 @@ int main() {
 struct tm *tp; tp->tm_sec;
 ; return 0; }
 EOF
-if { (eval echo configure:1262: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1268: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_tm=time.h
 else
@@ -1279,12 +1285,12 @@ EOF
 fi
 
 echo $ac_n "checking for mode_t""... $ac_c" 1>&6
-echo "configure:1283: checking for mode_t" >&5
+echo "configure:1289: checking for mode_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1288 "configure"
+#line 1294 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1312,12 +1318,12 @@ EOF
 fi
 
 echo $ac_n "checking for pid_t""... $ac_c" 1>&6
-echo "configure:1316: checking for pid_t" >&5
+echo "configure:1322: checking for pid_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1321 "configure"
+#line 1327 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1345,12 +1351,12 @@ EOF
 fi
 
 echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:1349: checking for size_t" >&5
+echo "configure:1355: checking for size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1354 "configure"
+#line 1360 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1378,12 +1384,12 @@ EOF
 fi
 
 echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:1382: checking return type of signal handlers" >&5
+echo "configure:1388: checking return type of signal handlers" >&5
 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1387 "configure"
+#line 1393 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -1400,7 +1406,7 @@ int main() {
 int i;
 ; return 0; }
 EOF
-if { (eval echo configure:1404: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1410: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_signal=void
 else
@@ -1419,12 +1425,12 @@ EOF
 
 
 echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
-echo "configure:1423: checking for uid_t in sys/types.h" >&5
+echo "configure:1429: checking for uid_t in sys/types.h" >&5
 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1428 "configure"
+#line 1434 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 EOF
@@ -1453,7 +1459,7 @@ EOF
 fi
 
 echo $ac_n "checking type of array argument to getgroups""... $ac_c" 1>&6
-echo "configure:1457: checking type of array argument to getgroups" >&5
+echo "configure:1463: checking type of array argument to getgroups" >&5
 if eval "test \"`echo '$''{'ac_cv_type_getgroups'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1461,7 +1467,7 @@ else
   ac_cv_type_getgroups=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 1465 "configure"
+#line 1471 "configure"
 #include "confdefs.h"
 
 /* Thanks to Mike Rendell for this test.  */
@@ -1486,7 +1492,7 @@ main()
 }
 
 EOF
-if { (eval echo configure:1490: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1496: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
     ac_cv_type_getgroups=gid_t
 else
@@ -1500,7 +1506,7 @@ fi
 
 if test $ac_cv_type_getgroups = cross; then
         cat > conftest.$ac_ext <<EOF
-#line 1504 "configure"
+#line 1510 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 EOF
@@ -1525,7 +1531,7 @@ EOF
 
 
 echo $ac_n "checking size of int""... $ac_c" 1>&6
-echo "configure:1529: checking size of int" >&5
+echo "configure:1535: checking size of int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1533,7 +1539,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 1537 "configure"
+#line 1543 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main()
@@ -1544,7 +1550,7 @@ int main()
   return(0);
 }
 EOF
-if { (eval echo configure:1548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1554: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int=`cat conftestval`
 else
@@ -1564,7 +1570,7 @@ EOF
 
 
 echo $ac_n "checking size of short""... $ac_c" 1>&6
-echo "configure:1568: checking size of short" >&5
+echo "configure:1574: checking size of short" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1572,7 +1578,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 1576 "configure"
+#line 1582 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main()
@@ -1583,7 +1589,7 @@ int main()
   return(0);
 }
 EOF
-if { (eval echo configure:1587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1593: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_short=`cat conftestval`
 else
@@ -1603,7 +1609,7 @@ EOF
 
 
 echo $ac_n "checking size of long""... $ac_c" 1>&6
-echo "configure:1607: checking size of long" >&5
+echo "configure:1613: checking size of long" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1611,7 +1617,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 1615 "configure"
+#line 1621 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main()
@@ -1622,7 +1628,7 @@ int main()
   return(0);
 }
 EOF
-if { (eval echo configure:1626: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1632: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long=`cat conftestval`
 else
@@ -1643,12 +1649,12 @@ EOF
 
 if test "$ac_cv_sizeof_int" = 4 ; then
 	echo $ac_n "checking for int32_t""... $ac_c" 1>&6
-echo "configure:1647: checking for int32_t" >&5
+echo "configure:1653: checking for int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1652 "configure"
+#line 1658 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1676,12 +1682,12 @@ EOF
 fi
 
 	echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6
-echo "configure:1680: checking for u_int32_t" >&5
+echo "configure:1686: checking for u_int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1685 "configure"
+#line 1691 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1710,12 +1716,12 @@ fi
 
 elif test "$ac_cv_sizeof_short" = 4 ; then
 	echo $ac_n "checking for int32_t""... $ac_c" 1>&6
-echo "configure:1714: checking for int32_t" >&5
+echo "configure:1720: checking for int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1719 "configure"
+#line 1725 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1743,12 +1749,12 @@ EOF
 fi
 
 	echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6
-echo "configure:1747: checking for u_int32_t" >&5
+echo "configure:1753: checking for u_int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1752 "configure"
+#line 1758 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1777,12 +1783,12 @@ fi
 
 elif test "$ac_cv_sizeof_long" = 4 ; then
 	echo $ac_n "checking for int32_t""... $ac_c" 1>&6
-echo "configure:1781: checking for int32_t" >&5
+echo "configure:1787: checking for int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1786 "configure"
+#line 1792 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1810,12 +1816,12 @@ EOF
 fi
 
 	echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6
-echo "configure:1814: checking for u_int32_t" >&5
+echo "configure:1820: checking for u_int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1819 "configure"
+#line 1825 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1847,7 +1853,7 @@ else
 fi
 
 echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6
-echo "configure:1851: checking for main in -lnsl" >&5
+echo "configure:1857: checking for main in -lnsl" >&5
 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1855,14 +1861,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1859 "configure"
+#line 1865 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:1866: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1872: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1883,7 +1889,7 @@ else
 fi
 
 echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6
-echo "configure:1887: checking for socket in -lsocket" >&5
+echo "configure:1893: checking for socket in -lsocket" >&5
 ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1891,7 +1897,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsocket  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1895 "configure"
+#line 1901 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -1902,7 +1908,7 @@ int main() {
 socket()
 ; return 0; }
 EOF
-if { (eval echo configure:1906: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1912: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1926,12 +1932,12 @@ fi
 for ac_func in strdup strstr strtoul initgroups
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:1930: checking for $ac_func" >&5
+echo "configure:1936: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1935 "configure"
+#line 1941 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -1954,7 +1960,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:1958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -1980,9 +1986,9 @@ done
 
 
 echo $ac_n "checking for type of socket size""... $ac_c" 1>&6
-echo "configure:1984: checking for type of socket size" >&5
+echo "configure:1990: checking for type of socket size" >&5
 cat > conftest.$ac_ext <<EOF
-#line 1986 "configure"
+#line 1992 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <sys/types.h>
@@ -1992,7 +1998,7 @@ int main() {
 int a = send(1, (const void *)0, (size_t *) 0, (int *) 0);
 ; return 0; }
 EOF
-if { (eval echo configure:1996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2002: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   cat >> confdefs.h <<\EOF
 #define SOCKET_SIZE_TYPE size_t
@@ -2009,6 +2015,75 @@ EOF
 fi
 rm -f conftest*
 
+# Check whether --enable-ssl or --disable-ssl was given.
+if test "${enable_ssl+set}" = set; then
+  enableval="$enable_ssl"
+  
+	if test x$enableval = xyes; then
+		check_for_ssl=yes
+	else
+		check_for_ssl=no
+	fi
+	
+else
+  check_for_ssl=yes
+fi
+
+
+ssl_lib_dir=
+ssl_inc_dir=
+# Check whether --with-ssl-lib or --without-ssl-lib was given.
+if test "${with_ssl_lib+set}" = set; then
+  withval="$with_ssl_lib"
+  
+	ssl_lib_dir=$withval
+	
+fi
+
+# Check whether --with-ssl-inc or --without-ssl-inc was given.
+if test "${with_ssl_inc+set}" = set; then
+  withval="$with_ssl_inc"
+  
+	ssl_inc_dir=$withval
+	
+fi
+
+
+if test x$check_for_ssl = xyes; then
+	echo $ac_n "checking for SSL""... $ac_c" 1>&6
+echo "configure:2055: checking for SSL" >&5
+	found_ssl=no
+	for dir in $ssl_inc_dir /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr; do
+		ssldir="$dir"
+		if test -f "$dir/include/openssl/ssl.h"; then
+			found_ssl=yes
+			CFLAGS="$CFLAGS -I$ssldir/include/openssl"
+		        break
+		fi
+		if test -f "$dir/include/ssl.h"; then
+			found_ssl=yes
+			CFLAGS="$CFLAGS -I$ssldir/include"
+		        break
+		fi
+	done
+
+	if test x_$found_ssl != x_yes; then
+        	{ echo "configure: error: Cannot find ssl libraries" 1>&2; exit 1; }
+	    else
+	        printf "SSL found in $ssldir\n";
+	        LIBS="$LIBS -lssl -lcrypto";
+		if test x$ssl_lib_dir != x; then
+	        	LDFLAGS="$LDFLAGS -L$ssl_lib_dir";
+		else 
+	        	LDFLAGS="$LDFLAGS -L$ssldir/lib";
+		fi
+		cat >> confdefs.h <<EOF
+#define HAVE_SSL 1
+EOF
+
+		
+	    fi
+fi
 
 # Check whether --with-nrpe_user or --without-nrpe_user was given.
 if test "${with_nrpe_user+set}" = set; then
@@ -2056,7 +2131,7 @@ fi
 # Extract the first word of "perl", so it can be a program name with args.
 set dummy perl; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:2060: checking for $ac_word" >&5
+echo "configure:2135: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -2183,6 +2258,7 @@ s%@CC@%$CC%g
 s%@SET_MAKE@%$SET_MAKE%g
 s%@CPP@%$CPP%g
 s%@SOCKETLIBS@%$SOCKETLIBS%g
+s%@HAVE_SSL@%$HAVE_SSL%g
 s%@nrpe_user@%$nrpe_user%g
 s%@nrpe_grp@%$nrpe_grp%g
 s%@nrpe_port@%$nrpe_port%g

configure.in

@@ -69,6 +69,58 @@ AC_TRY_COMPILE([#include <stdlib.h>
 [AC_DEFINE(SOCKET_SIZE_TYPE, size_t) AC_MSG_RESULT(size_t)],
 [AC_DEFINE(SOCKET_SIZE_TYPE, int) AC_MSG_RESULT(int)])
 
+dnl Does user want to check for SSL?
+AC_ARG_ENABLE(ssl,--enable-ssl enables native SSL support,[
+	if test x$enableval = xyes; then
+		check_for_ssl=yes
+	else
+		check_for_ssl=no
+	fi
+	],check_for_ssl=yes)
+
+dnl Optional SSL library and include paths
+ssl_lib_dir=
+ssl_inc_dir=
+AC_ARG_WITH(ssl-lib,--with-ssl-lib=DIR sets location of the SSL library,[
+	ssl_lib_dir=$withval
+	])
+AC_ARG_WITH(ssl-inc,--with-ssl-inc=DIR sets location of the SSL include files,[
+	ssl_inc_dir=$withval
+	])
+
+dnl Check for SSL support
+dnl Modified version of Mark Ethan Trostler's macro <trostler@juniper.net>
+if test x$check_for_ssl = xyes; then
+	AC_MSG_CHECKING(for SSL)
+	found_ssl=no
+	for dir in $ssl_inc_dir /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr; do
+		ssldir="$dir"
+		if test -f "$dir/include/openssl/ssl.h"; then
+			found_ssl=yes
+			CFLAGS="$CFLAGS -I$ssldir/include/openssl"
+		        break
+		fi
+		if test -f "$dir/include/ssl.h"; then
+			found_ssl=yes
+			CFLAGS="$CFLAGS -I$ssldir/include"
+		        break
+		fi
+	done
+
+	if test x_$found_ssl != x_yes; then
+        	AC_MSG_ERROR(Cannot find ssl libraries)
+	    else
+	        printf "SSL found in $ssldir\n";
+	        LIBS="$LIBS -lssl -lcrypto";
+		if test x$ssl_lib_dir != x; then
+	        	LDFLAGS="$LDFLAGS -L$ssl_lib_dir";
+		else 
+	        	LDFLAGS="$LDFLAGS -L$ssldir/lib";
+		fi
+		AC_DEFINE_UNQUOTED(HAVE_SSL)
+		AC_SUBST(HAVE_SSL)
+	    fi
+fi
 
 AC_ARG_WITH(nrpe_user,--with-nrpe-user=<user> sets user name to run NRPE,nrpe_user=$withval,nrpe_user=nagios)
 AC_ARG_WITH(nrpe_group,--with-nrpe-group=<group> sets group name to run NRPE,nrpe_grp=$withval,nrpe_grp=nagios)

src/check_nrpe.c

@@ -28,6 +28,7 @@ int server_port=DEFAULT_SERVER_PORT;
 char *server_name=NULL;
 char *command_name=NULL;
 int socket_timeout=DEFAULT_SOCKET_TIMEOUT;
+int sd;
 
 char query[MAX_INPUT_BUFFER]="";
 
@@ -35,6 +36,15 @@ int show_help=FALSE;
 int show_license=FALSE;
 int show_version=FALSE;
 
+#ifdef HAVE_SSL
+SSL_METHOD *meth;
+SSL_CTX *ctx;
+SSL *ssl;
+int use_ssl=TRUE;
+#else
+int use_ssl=FALSE;
+#endif
+
 
 int process_arguments(int,char **);
 void alarm_handler(int);
@@ -46,7 +56,6 @@ int main(int argc, char **argv){
         u_int32_t long packet_crc32;
         u_int32_t calculated_crc32;
 	int16_t result;
-	int sd;
 	int rc;
 	packet send_packet;
 	packet receive_packet;
@@ -65,6 +74,9 @@ int main(int argc, char **argv){
 		printf("Version: %s\n",PROGRAM_VERSION);
 		printf("Last Modified: %s\n",MODIFICATION_DATE);
 		printf("License: GPL\n");
+#ifdef HAVE_SSL
+		printf("SSL Available\n");
+#endif
 		printf("\n");
 	        }
 
@@ -100,6 +112,20 @@ int main(int argc, char **argv){
         /* generate the CRC 32 table */
         generate_crc32_table();
 
+#ifdef HAVE_SSL
+	/* initialize SSL */
+	if(use_ssl==TRUE){
+		SSL_library_init();
+		SSLeay_add_ssl_algorithms();
+		meth=SSLv23_client_method();
+		SSL_load_error_strings();
+		if((ctx=SSL_CTX_new(meth))==NULL){
+			printf("CHECK_NRPE: Error - could not create SSL context.\n");
+			exit(STATE_CRITICAL);
+		        }
+                }
+#endif
+
 	/* initialize alarm signal handling */
 	signal(SIGALRM,alarm_handler);
 
@@ -109,7 +135,40 @@ int main(int argc, char **argv){
 	/* try to connect to the host at the given port number */
 	result=my_tcp_connect(server_name,server_port,&sd);
 
-	/* we connected, so close connection before exiting */
+#ifdef HAVE_SSL
+	/* do SSL handshake */
+	if(result==STATE_OK && use_ssl==TRUE){
+		if((ssl=SSL_new(ctx))!=NULL){
+			SSL_CTX_set_cipher_list(ctx,"ALL");
+			SSL_set_fd(ssl,sd);
+			if((rc=SSL_connect(ssl))!=1){
+				printf("CHECK_NRPE: Error - Could not complete SSL handshake.\n");
+				printf("SSL_connect=%d\n",rc);
+				/*
+				rc=SSL_get_error(ssl,rc);
+				printf("SSL_get_error=%d\n",rc);
+				printf("ERR_get_error=%lu\n",ERR_get_error());
+				printf("%s\n",ERR_error_string(rc,NULL));
+				*/
+				ERR_print_errors_fp(stdout);
+				result=STATE_CRITICAL;
+			        }
+		        }
+		else{
+			printf("CHECK_NRPE: Error - Could not initiate SSL handshake.\n");
+			result=STATE_CRITICAL;
+		        }
+
+		/* bail if we had errors */
+		if(result!=STATE_OK){
+			SSL_CTX_free(ctx);
+			close(sd);
+			exit(result);
+		        }
+	        }
+#endif
+
+	/* we're connected and ready to go */
 	if(result==STATE_OK){
 
 		/* clear the packet buffer */
@@ -135,7 +194,15 @@ int main(int argc, char **argv){
 
 		/* send the packet */
 		bytes_to_send=sizeof(send_packet);
-		rc=sendall(sd,(char *)&send_packet,&bytes_to_send);
+		if(use_ssl==FALSE)
+			rc=sendall(sd,(char *)&send_packet,&bytes_to_send);
+#ifdef HAVE_SSL
+		else{
+			rc=SSL_write(ssl,&send_packet,bytes_to_send);
+			if(rc<0)
+				rc=-1;
+		        }
+#endif
 		if(rc==-1){
 			printf("CHECK_NRPE: Error sending query to host.\n");
 			close(sd);
@@ -144,10 +211,24 @@ int main(int argc, char **argv){
 
 		/* wait for the response packet */
 		bytes_to_recv=sizeof(receive_packet);
-		rc=recvall(sd,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
+		if(use_ssl==FALSE)
+			rc=recvall(sd,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
+#ifdef HAVE_SSL
+		else
+			rc=SSL_read(ssl,&receive_packet,bytes_to_recv);
+#endif
 
-		/* reset timeout and close the connection */
+		/* reset timeout */
 		alarm(0);
+
+		/* close the connection */
+#ifdef HAVE_SSL
+		if(use_ssl==TRUE){
+			SSL_shutdown(ssl);
+			SSL_free(ssl);
+			SSL_CTX_free(ctx);
+	                }
+#endif
 		close(sd);
 
 		/* recv() error */
@@ -215,6 +296,7 @@ int process_arguments(int argc, char **argv){
 		{"host", required_argument, 0, 'H'},
 		{"command", required_argument, 0, 'c'},
 		{"args", required_argument, 0, 'a'},
+		{"no-ssl", no_argument, 0, 'n'},
 		{"timeout", required_argument, 0, 't'},
 		{"port", required_argument, 0, 'p'},
 		{"help", no_argument, 0, 'h'},
@@ -227,7 +309,7 @@ int process_arguments(int argc, char **argv){
 	if(argc<2)
 		return ERROR;
 
-	snprintf(optchars,MAX_INPUT_BUFFER,"H:c:a:t:p:hl");
+	snprintf(optchars,MAX_INPUT_BUFFER,"H:c:a:t:p:nhl");
 
 	while(1){
 #ifdef HAVE_GETOPT_H
@@ -270,6 +352,9 @@ int process_arguments(int argc, char **argv){
 		case 'a':
 			argindex=optind;
 			break;
+		case 'n':
+			use_ssl=FALSE;
+			break;
 		default:
 			return ERROR;
 			break;
@@ -311,3 +396,4 @@ void alarm_handler(int sig){
 
 	exit(STATE_CRITICAL);
         }
+

src/nrpe.c

@@ -4,7 +4,7 @@
  * Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 01-30-2003
+ * Last Modified: 03-03-2003
  *
  * Command line: nrpe -c <config_file> [--inetd | --daemon]
  *
@@ -46,8 +46,6 @@ int my_system(char *,int,int *,char *,int);            	/* executes a command vi
 void my_system_sighandler(int);				/* handles timeouts when executing commands via my_system() */
 
 
-static unsigned long max_packet_age=30;
-
 char    *command_name=NULL;
 char    *macro_argv[MAX_COMMAND_ARGUMENTS];
 
@@ -71,6 +69,14 @@ int     show_version=FALSE;
 int     use_inetd=TRUE;
 int     debug=FALSE;
 
+#ifdef HAVE_SSL
+SSL_METHOD *meth;
+SSL_CTX *ctx;
+int use_ssl=TRUE;
+#else
+int use_ssl=FALSE;
+#endif
+
 
 
 int main(int argc, char **argv){
@@ -89,6 +95,9 @@ int main(int argc, char **argv){
 		printf("Version: %s\n",PROGRAM_VERSION);
 		printf("Last Modified: %s\n",MODIFICATION_DATE);
 		printf("License: GPL\n");
+#ifdef HAVE_SSL
+		printf("SSL Available\n");
+#endif
 		printf("\n");
 #ifdef ENABLE_COMMAND_ARGUMENTS
 		printf("***************************************************************\n");
@@ -166,6 +175,21 @@ int main(int argc, char **argv){
         /* generate the CRC 32 table */
         generate_crc32_table();
 
+#ifdef HAVE_SSL
+	/* initialize SSL */
+	if(use_ssl==TRUE){
+		SSL_library_init();
+		SSLeay_add_ssl_algorithms();
+		meth=SSLv23_server_method();
+		SSL_load_error_strings();
+		if((ctx=SSL_CTX_new(meth))==NULL){
+			syslog(LOG_ERR,"Error: could not create SSL context.\n");
+			exit(STATE_CRITICAL);
+		        }
+		SSL_CTX_set_cipher_list(ctx,"ALL");
+                }
+#endif
+
 	/* if we're running under inetd... */
 	if(use_inetd==TRUE){
 
@@ -208,6 +232,11 @@ int main(int argc, char **argv){
 		wait_for_connections();
 	        }
 
+#ifdef HAVE_SSL
+	if(use_ssl==TRUE)
+		SSL_CTX_free(ctx);
+#endif
+
 	/* We are now running in daemon mode, or the connection handed over by inetd has
 	   been completed, so the parent process exits */
         return STATE_OK;
@@ -572,17 +601,48 @@ void handle_connection(int sock){
 	int rc;
 	int x;
 	FILE *fp;
+	FILE *errfp;
+#ifdef HAVE_SSL
+	SSL *ssl;
+#endif
 
 
 	/* log info to syslog facility */
 	if(debug==TRUE)
 		syslog(LOG_DEBUG,"Handling the connection...");
 
+#ifdef OLDSTUFF
 	/* socket should be non-blocking */
 	fcntl(sock,F_SETFL,O_NONBLOCK);
+#endif
+
+#ifdef HAVE_SSL
+	/* do SSL handshake */
+	if(result==STATE_OK && use_ssl==TRUE){
+		if((ssl=SSL_new(ctx))!=NULL){
+			SSL_set_fd(ssl,sock);
+			if(SSL_accept(ssl)!=1){
+				syslog(LOG_ERR,"Error: Could not complete SSL handshake.\n");
+				errfp=fopen("/tmp/err.log","w");
+				ERR_print_errors_fp(errfp);
+				fclose(errfp);
+				return;
+			        }
+		        }
+		else{
+			syslog(LOG_ERR,"Error: Could not initiate SSL handshake.\n");
+			return;
+		        }
+	        }
+#endif
 
 	bytes_to_recv=sizeof(receive_packet);
-	rc=recvall(sock,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
+	if(use_ssl==FALSE)
+		rc=recvall(sock,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
+#ifdef HAVE_SSL
+	else
+		rc=SSL_read(ssl,&receive_packet,bytes_to_recv);
+#endif
 
 	/* recv() error or client disconnect */
 	if(rc<=0){
@@ -590,6 +650,11 @@ void handle_connection(int sock){
 		/* log error to syslog facility */
 		syslog(LOG_ERR,"Could not read request from client, bailing out...");
 
+#ifdef HAVE_SSL
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+#endif
+
 		return;
                 }
 
@@ -599,6 +664,11 @@ void handle_connection(int sock){
 		/* log error to syslog facility */
 		syslog(LOG_ERR,"Data packet from client was too short, bailing out...");
 
+#ifdef HAVE_SSL
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+#endif
+
 		return;
 	        }
 
@@ -622,6 +692,11 @@ void handle_connection(int sock){
 			macro_argv[x]=NULL;
 	                }
 
+#ifdef HAVE_SSL
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+#endif
+
 		return;
 	        }
 
@@ -727,7 +802,17 @@ void handle_connection(int sock){
 
 	/* send the response back to the client */
 	bytes_to_send=sizeof(send_packet);
-	sendall(sock,(char *)&send_packet,&bytes_to_send);
+	if(use_ssl==FALSE)
+		sendall(sock,(char *)&send_packet,&bytes_to_send);
+#ifdef HAVE_SSL
+	else
+		SSL_write(ssl,&send_packet,bytes_to_send);
+#endif
+
+#ifdef HAVE_SSL
+	SSL_shutdown(ssl);
+	SSL_free(ssl);
+#endif
 
 	/* log info to syslog facility */
 	if(debug==TRUE)
@@ -1238,6 +1323,7 @@ int process_arguments(int argc, char **argv){
 		{"config", required_argument, 0, 'c'},
 		{"inetd", no_argument, 0, 'i'},
 		{"daemon", no_argument, 0, 'd'},
+		{"no-ssl", no_argument, 0, 'n'},
 		{"help", no_argument, 0, 'h'},
 		{"license", no_argument, 0, 'l'},
 		{0, 0, 0, 0}
@@ -1248,7 +1334,7 @@ int process_arguments(int argc, char **argv){
 	if(argc<2)
 		return ERROR;
 
-	snprintf(optchars,MAX_INPUT_BUFFER,"c:idhl");
+	snprintf(optchars,MAX_INPUT_BUFFER,"c:nidhl");
 
 	while(1){
 #ifdef HAVE_GETOPT_H
@@ -1284,6 +1370,9 @@ int process_arguments(int argc, char **argv){
 			use_inetd=TRUE;
 			have_mode=TRUE;
 			break;
+		case 'n':
+			use_ssl=FALSE;
+			break;
 		default:
 			return ERROR;
 			break;