More changes for HP-UX, and don't define verify_callback if no ssl

configure

@@ -6977,7 +6977,7 @@ $as_echo "#define HAVE_LIBWRAP 1" >>confdefs.h
 
 fi
 
-for ac_func in strdup strstr strtoul initgroups closesocket sigaction
+for ac_func in strdup strstr strtoul strtok_r initgroups closesocket sigaction
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -7252,12 +7252,15 @@ fi
 				echo ""
 				echo "*** Generating DH Parameters for SSL/TLS ***"
 				# awk to strip off meta data at bottom of dhparam output
-#				$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
-#				$sslbin dhparam -C 1024 | awk '/^-----/ {exit} {print}' > include/dh.h
+				$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
 			fi
 		fi
 	fi
 
+				if test "`uname -s`" = "HP-UX" ; then
+		LDFLAGS="$LDFLAGS +allowdups";
+	fi
+
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Kerberos include files" >&5
 $as_echo_n "checking for Kerberos include files... " >&6; }
 	found_kerberos=no

configure.ac

@@ -251,7 +251,7 @@ AC_CHECK_LIB(wrap,main,[
 	LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
 	AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
 	])
-AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket sigaction)
+AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction)
 
 dnl socklen_t check - from curl
 AC_CHECK_TYPE([socklen_t], ,[
@@ -413,11 +413,17 @@ if test x$check_for_ssl = xyes; then
 				echo "*** Generating DH Parameters for SSL/TLS ***"
 				# awk to strip off meta data at bottom of dhparam output
 				$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
-#				$sslbin dhparam -C 1024 | awk '/^-----/ {exit} {print}' > include/dh.h
 			fi
 		fi
 	fi
 
+	dnl On HP-UX the compile will fail with a 'Duplicate symbol "setenv"' error
+	dnl in '/usr/local/lib/libwrap.a(setenv.o)' and '/usr/local/lib/libiberty.a(setenv.o)'
+	dnl so allow duplicate symbols, and use the first one
+	if test "`uname -s`" = "HP-UX" ; then
+		LDFLAGS="$LDFLAGS +allowdups";
+	fi
+
 	dnl RedHat 8.0 and 9.0 include openssl compiled with kerberos, so we must include header file
 	AC_MSG_CHECKING(for Kerberos include files)
 	found_kerberos=no

include/config.h.in

@@ -41,6 +41,7 @@
 #undef HAVE_STRDUP
 #undef HAVE_STRSTR
 #undef HAVE_STRTOUL 
+#undef HAVE_STRTOK_R
 #undef HAVE_INITGROUPS
 #undef HAVE_CLOSESOCKET
 #undef HAVE_SIGACTION
@@ -100,6 +101,7 @@ typedef int int32_t;
 #define RETSIGTYPE ""
 #undef HAVE_STRUCT_SOCKADDR_STORAGE
 
+/* Use seteuid() or setresuid() depending on the platform */
 #undef SETEUID
 
 #undef HAVE_GETOPT_H

src/acl.c

@@ -276,7 +276,11 @@ int add_ipv6_to_acl(char *ipv6) {
 		}
 
 	/* Parse the address itself */
+#ifdef HAVE_STRTOK_R
 	addrtok = strtok_r(ipv6tmp, "/", &addrsave);
+#else
+	addrtok = strtok(ipv6tmp, "/");
+#endif
 	if(inet_pton(AF_INET6, addrtok, &addr) <= 0) {
 		syslog(LOG_ERR, "Invalid IPv6 address in ACL: %s\n", ipv6);
 		free(ipv6tmp);
@@ -284,7 +288,11 @@ int add_ipv6_to_acl(char *ipv6) {
 		}
 
 	/* Check whether there is a netmask */
+#ifdef HAVE_STRTOK_R
 	addrtok = strtok_r(NULL, "/", &addrsave);
+#else
+	addrtok = strtok(NULL, "/");
+#endif
 	if(NULL != addrtok) {
 		/* If so, build a netmask */
 
@@ -556,7 +564,11 @@ void parse_allowed_hosts(char *allowed_hosts) {
 	const char *delim = ",";
 	char *trimmed_tok;
 
-	tok = strtok_r( hosts, delim, &saveptr);
+#ifdef HAVE_STRTOK_R
+	tok = strtok_r(hosts, delim, &saveptr);
+#else
+	tok = strtok(hosts, delim);
+#endif
 	while( tok) {
 		trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
 		trim( tok, trimmed_tok);
@@ -567,7 +579,11 @@ void parse_allowed_hosts(char *allowed_hosts) {
 			}
 		}
 		free( trimmed_tok);
-		tok = strtok_r(( char *)0, delim, &saveptr);
+#ifdef HAVE_STRTOK_R
+		tok = strtok_r(NULL, delim, &saveptr);
+#else
+		tok = strtok(NULL, delim);
+#endif
 	}
 
 	free( hosts);

src/check_nrpe.c

@@ -1051,6 +1051,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt
 	return tot_bytes;
 }
 
+#ifdef HAVE_SSL
 int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
 {
 	char name[256], issuer[256];
@@ -1078,6 +1079,7 @@ int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
 
 	return preverify_ok;
 }
+#endif
 
 void alarm_handler(int sig)
 {

src/nrpe.c

@@ -335,7 +335,6 @@ void init_ssl(void)
 		if (sslprm.allowDH == 2)
 			strcpy(sslprm.cipher_list, "ADH");
 		dh = get_dh2048();
-		/*dh = get_dh1024();*/
 		SSL_CTX_set_tmp_dh(ctx, dh);
 		DH_free(dh);
 	}