Reformat and reorganize source code, and add function to clean environment

Makefile.in

@@ -28,7 +28,7 @@ INIT_OPTS=-o root -g root
 
 
 all:
-	cd $(SRC_BASE); $(MAKE) ; cd ..
+	$(MAKE) -C $(SRC_BASE)
 
 	@echo ""
 	@echo "*** Compile finished ***"
@@ -39,24 +39,24 @@ all:
 	@echo "Read the PDF documentation (NRPE.pdf) for information on the next"
 	@echo "steps you should take to complete the installation or upgrade."
 	@echo ""
+
 nrpe:
-	cd $(SRC_BASE); $(MAKE) ; cd ..
+	$(MAKE) -C $(SRC_BASE)
 
 check_nrpe:
-	cd $(SRC_BASE); $(MAKE) ; cd ..
-
+	$(MAKE) -C $(SRC_BASE)
 
 install-plugin:
-	cd $(SRC_BASE) && $(MAKE) $@
+	$(MAKE) -C $(SRC_BASE) $@
 
 install-daemon:
-	cd $(SRC_BASE) && $(MAKE) $@
+	$(MAKE) -C $(SRC_BASE) $@
 
 install:
-	cd $(SRC_BASE) && $(MAKE) $@
+	$(MAKE) -C $(SRC_BASE) $@
 
 install-xinetd:
-	$(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe 
+	$(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe
 
 install-daemon-config:
 	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
@@ -70,14 +70,14 @@ solaris-package:
 	fi
 
 clean:
-	cd $(SRC_BASE); $(MAKE) $@ ; cd ..
-	cd package/solaris; $(MAKE) $@ ; cd ../..
+	$(MAKE) -C $(SRC_BASE) $@
+	$(MAKE) -C package/solaris $@
 	rm -f core
 	rm -f *~ */*~
 
 distclean: clean
-	cd $(SRC_BASE); $(MAKE) $@ ; cd ..
-	cd package/solaris; $(MAKE) $@ ; cd ../..
+	$(MAKE) -C $(SRC_BASE) $@
+	$(MAKE) -C package/solaris $@
 	rm -f config.log config.status config.cache nrpe.cfg nrpe.xinetd subst $(SRC_INCLUDE)/config.h init-script init-script.debian init-script.freebsd init-script.suse
 	rm -f sample-config/*.cfg sample-config/*.xinetd
 	rm -f Makefile

configure.ac

@@ -45,7 +45,11 @@ dnl Checks for header files.
 AC_HEADER_STDC
 AC_HEADER_TIME
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
+AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h)
+AC_CHECK_HEADERS(netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h)
+AC_CHECK_HEADERS(tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h)
+AC_CHECK_HEADERS(sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
+AC_CHECK_HEADERS(paths.h)
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST

include/common.h

@@ -26,41 +26,37 @@
 #define PROGRAM_VERSION "2.16RC2"
 #define MODIFICATION_DATE "11-09-2015"
 
-#define OK		0
-#define ERROR		-1
+#define OK							0
+#define ERROR						-1
 
-#define TRUE		1
-#define FALSE		0
+#define TRUE						1
+#define FALSE						0
 
-#define STATE_UNKNOWN  	3	/* service state return codes */
-#define	STATE_CRITICAL 	2
-#define STATE_WARNING 	1
-#define STATE_OK       	0
+#define STATE_UNKNOWN				3		/* service state return codes */
+#define	STATE_CRITICAL				2
+#define STATE_WARNING				1
+#define STATE_OK					0
 
 
-#define DEFAULT_SOCKET_TIMEOUT	10	/* timeout after 10 seconds */
-#define DEFAULT_CONNECTION_TIMEOUT 300	/* timeout if daemon is waiting for connection more than this time */
+#define DEFAULT_SOCKET_TIMEOUT		10		/* timeout after 10 seconds */
+#define DEFAULT_CONNECTION_TIMEOUT	300		/* timeout if daemon is waiting for connection more than this time */
 
-#define MAX_INPUT_BUFFER	2048	/* max size of most buffers we use */
-#define MAX_FILENAME_LENGTH     256
-
-#define MAX_HOST_ADDRESS_LENGTH	256	/* max size of a host address */
-
-#define NRPE_HELLO_COMMAND      "_NRPE_CHECK"
-
-#define MAX_COMMAND_ARGUMENTS   16
+#define MAX_INPUT_BUFFER			2048	/* max size of most buffers we use */
+#define MAX_FILENAME_LENGTH			256
+#define MAX_HOST_ADDRESS_LENGTH		256		/* max size of a host address */
+#define MAX_COMMAND_ARGUMENTS		16
 
+#define NRPE_HELLO_COMMAND			"_NRPE_CHECK"
 
 /**************** PACKET STRUCTURE DEFINITION **********/
 
-#define QUERY_PACKET		1		/* id code for a packet containing a query */
-#define	RESPONSE_PACKET		2		/* id code for a packet containing a response */
+#define QUERY_PACKET				1		/* id code for a packet containing a query */
+#define	RESPONSE_PACKET				2		/* id code for a packet containing a response */
+#define NRPE_PACKET_VERSION_3		3		/* packet version identifier */
+#define NRPE_PACKET_VERSION_2		2
+#define NRPE_PACKET_VERSION_1		1		/* older packet version identifiers (no longer supported) */
 
-#define NRPE_PACKET_VERSION_3   3               /* packet version identifier */
-#define NRPE_PACKET_VERSION_2   2               
-#define NRPE_PACKET_VERSION_1	1		/* older packet version identifiers (no longer supported) */
-
-#define MAX_PACKETBUFFER_LENGTH	1024		/* max amount of data we'll send in one query/response */
+#define MAX_PACKETBUFFER_LENGTH		1024	/* amount of data to send in one query/response vor version 2 */
 
 typedef struct _v2_packet {
 	int16_t		packet_version;
@@ -82,20 +78,15 @@ typedef struct _v3_packet {
 /**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
 #if defined(__sun) || defined(__hpux)
 
-#  ifndef LOG_AUTHPRIV
-#    define LOG_AUTHPRIV LOG_AUTH
-#  endif
-
-#  ifndef LOG_FTP
-#    define LOG_FTP LOG_DAEMON
-#  endif
-
-#elif _AIX
-
-#  include <sys/select.h>
-
-#  ifndef LOG_FTP
-#    define LOG_FTP LOG_DAEMON
-#  endif
-
+# ifndef LOG_AUTHPRIV
+#  define LOG_AUTHPRIV LOG_AUTH
+# endif
+# ifndef LOG_FTP
+#  define LOG_FTP LOG_DAEMON
+# endif
+#elif defined(_AIX)
+# include <sys/select.h>
+# ifndef LOG_FTP
+#  define LOG_FTP LOG_DAEMON
+# endif
 #endif

include/nrpe.h

@@ -22,45 +22,48 @@
  *
  ************************************************************************/
 
- /*
-  * 08-10-2011 IPv4 subnetworks support added.
-  * Main change in nrpe.c is that is_an_allowed_host() moved to acl.c
-  *
-  */
-
 /**************** COMMAND STRUCTURE DEFINITION **********/
 
-typedef struct command_struct{
-	char *command_name;
-	char *command_line;
-	struct command_struct *next;
-        }command;
+typedef struct command_struct {
+	char					*command_name;
+	char					*command_line;
+	struct command_struct	*next;
+} command;
 
-int process_arguments(int,char **);
-void wait_for_connections(void);
-void handle_connection(int);
+int init(void);
+void init_ssl(void);
+void log_ssl_startup(void);
+void usage(int);
+void run_inetd(void);
+void run_src(void);
+void run_daemon(void);
+void set_stdio_sigs(void);
+void cleanup(void);
 int read_config_file(char *);
 int read_config_dir(char *);
 int get_log_facility(char *);
 int add_command(char *,char *);
 command *find_command(char *);
-void sighandler(int);
-int drop_privileges(char *,char *);
-int check_privileges(void);
-
-int write_pid_file(void);
-int remove_pid_file(void);
-
+void create_listener(struct addrinfo *ai);
+void wait_for_connections(void);
+void setup_wait_conn(void);
+int wait_conn_fork(int sock);
+void conn_check_peer(int sock);
+void handle_connection(int);
+void init_handle_conn(void);
+int handle_conn_ssl(int sock);
 int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt);
 void free_memory(void);
-int validate_request(v2_packet *, v3_packet *);
-int contains_nasty_metachars(char *);
-int process_macros(char *,char *,int);
 int my_system(char*, int, int*, char**);	/* executes a command via popen(), but also protects against timeouts */
 void my_system_sighandler(int);				/* handles timeouts when executing commands via my_system() */
 void my_connection_sighandler(int);			/* handles timeouts of connection */
-
+int drop_privileges(char *,char *);
+int write_pid_file(void);
+int remove_pid_file(void);
+int check_privileges(void);
 void sighandler(int);
 void child_sighandler(int);
-
-
+int validate_request(v2_packet *, v3_packet *);
+int contains_nasty_metachars(char *);
+int process_macros(char *,char *,int);
+int process_arguments(int,char **);

include/utils.h

@@ -34,27 +34,18 @@
 
 #include "../include/config.h"
 
-
 void generate_crc32_table(void);
-unsigned long calculate_crc32(char *, int);
-
-void randomize_buffer(char *,int);
-
-int my_tcp_connect(char *,int,int *);
-int my_connect(const char *, struct sockaddr_storage *, u_short, int, 
-		const char *);
-
-void add_listen_addr(struct addrinfo **, int, char *, int);
-
-void strip(char *);
-
-int sendall(int,char *,int *);
-int recvall(int,char *,int *,int);
-
-char *my_strsep(char **,const char *);
-
+unsigned long calculate_crc32(char*, int);
+void randomize_buffer(char*,int);
+int my_tcp_connect(char*, int, int*);
+int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*);
+void add_listen_addr(struct addrinfo**, int, char*, int);
+int clean_environ(const char *keep_env_vars, const char *nrpe_user);
+char* strip(char*);
+int sendall(int, char*, int*);
+int recvall(int, char*, int*, int);
+char *my_strsep(char**, const char*);
 int b64_decode(unsigned char *encoded);
-
 void display_license(void);
 
 #endif

sample-config/nrpe.cfg.in

@@ -262,6 +262,17 @@ connection_timeout=300
 
 
 
+# KEEP ENVIRONMENT VARIABLES
+# As of NRPE v3.0, the environment is being sanitized. HOME, IFS, LOGNAME,
+# USER, PATH and SHELL will be set. Everything else will be removed. This
+# directive is a comma-separated list that allows you to indicate which
+# environment variables should be kept, possibly including any of the
+# 6 mentioned above. USE WITH CAUTION
+
+#keep_env_vars=TERM,POSIXLY_CORRECT,TZ
+
+
+
 # COMMAND DEFINITIONS
 # Command definitions that this daemon will run.  Definitions
 # are in the following format:

src/check_nrpe.c

@@ -21,7 +21,7 @@
 #include "common.h"
 #include "utils.h"
 
-#define DEFAULT_NRPE_COMMAND	"_NRPE_CHECK"  /* check version of NRPE daemon */
+#define DEFAULT_NRPE_COMMAND "_NRPE_CHECK"	/* check version of NRPE daemon */
 
 u_short server_port = DEFAULT_SERVER_PORT;
 char *server_name = NULL;
@@ -42,111 +42,102 @@ int show_version = FALSE;
 int packet_ver = NRPE_PACKET_VERSION_3;
 
 #ifdef HAVE_SSL
-#ifdef __sun
+# ifdef __sun
 SSL_METHOD *meth;
-#else
+# else
 const SSL_METHOD *meth;
-#endif
+# endif
 SSL_CTX *ctx;
 SSL *ssl;
 int use_ssl = TRUE;
 int ssl_opts = SSL_OP_ALL;
 #else
-int use_ssl=FALSE;
+int use_ssl = FALSE;
 #endif
 
 /* SSL/TLS parameters */
-typedef enum _SSL_VER { SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1,
-    	TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
-				} SslVer;
-typedef enum _CLNT_CERTS {
-		Ask_For_Cert = 1, Require_Cert = 2
-				} ClntCerts;
-typedef enum _SSL_LOGGING { SSL_NoLogging = 0, SSL_LogStartup = 1,
-		SSL_LogIpAddr = 2, SSL_LogVersion = 4, SSL_LogCipher = 8,
-		SSL_LogIfClientCert = 16, SSL_LogCertDetails = 32
-				} SslLogging;
+typedef enum _SSL_VER {
+	SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1,
+	TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+} SslVer;
+
+typedef enum _CLNT_CERTS { Ask_For_Cert = 1, Require_Cert = 2 } ClntCerts;
+
+typedef enum _SSL_LOGGING {
+	SSL_NoLogging = 0, SSL_LogStartup = 1, SSL_LogIpAddr = 2,
+	SSL_LogVersion = 4, SSL_LogCipher = 8, SSL_LogIfClientCert = 16,
+	SSL_LogCertDetails = 32
+} SslLogging;
+
 struct _SSL_PARMS {
-	char		*cert_file;
-	char		*cacert_file;
-	char		*privatekey_file;
-	char		cipher_list[MAX_FILENAME_LENGTH];
-	SslVer		ssl_min_ver;
-	int			allowDH;
-	ClntCerts	client_certs;
-	SslLogging	log_opts;
-} sslprm = { NULL, NULL, NULL, "ALL:!MD5:@STRENGTH", TLSv1_plus, TRUE, 0, SSL_NoLogging };
-
-
-int process_arguments(int,char **);
+	char *cert_file;
+	char *cacert_file;
+	char *privatekey_file;
+	char cipher_list[MAX_FILENAME_LENGTH];
+	SslVer ssl_min_ver;
+	int allowDH;
+	ClntCerts client_certs;
+	SslLogging log_opts;
+} sslprm = {
+NULL, NULL, NULL, "ALL:!MD5:@STRENGTH", TLSv1_plus, TRUE, 0, SSL_NoLogging};
+
+int process_arguments(int, char **);
 void usage(int result);
 void setup_ssl();
 void set_sig_hadlers();
 int connect_to_remote();
 int send_request();
 int read_response();
-int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt);
+int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt);
 #ifdef HAVE_SSL
-static int verify_callback(int ok, X509_STORE_CTX *ctx);
+static int verify_callback(int ok, X509_STORE_CTX * ctx);
 #endif
 void alarm_handler(int);
-int graceful_close(int,int);
-
-
-
+int graceful_close(int, int);
 
 int main(int argc, char **argv)
 {
 	int16_t result;
 
-	result = process_arguments(argc,argv);
+	result = process_arguments(argc, argv);
 
 	if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE)
-		usage(result);	/* usage() will call exit() */
+		usage(result);			/* usage() will call exit() */
 
-	/* generate the CRC 32 table */
-	generate_crc32_table();
-
-	/* Do all the SSL/TLS set up */
-	setup_ssl();
-
-	/* initialize alarm signal handling */
-	set_sig_hadlers();
-
-	/* Make the connection */
-	result = connect_to_remote();
+	generate_crc32_table();		/* generate the CRC 32 table */
+	setup_ssl();				/* Do all the SSL/TLS set up */
+	set_sig_hadlers();			/* initialize alarm signal handling */
+	result = connect_to_remote();	/* Make the connection */
 	if (result != STATE_OK) {
 		alarm(0);
 		return result;
 	}
 
-	/* we're connected and ready to go */
-	result = send_request();
+	result = send_request();	/* Send the request */
 	if (result != STATE_OK)
 		return result;
 
-	/* Get the response */
-	result = read_response();
+	result = read_response();	/* Get the response */
 
 	if (result == -1) {
 		/* Failure reading from remote, so try version 2 packet */
-
 		syslog(LOG_NOTICE, "Remote %s does not support Version 3 Packets", rem_host);
 		packet_ver = NRPE_PACKET_VERSION_2;
 
+		/* Rerun the setup */
 		setup_ssl();
 		set_sig_hadlers();
-		result = connect_to_remote();
+		result = connect_to_remote();	/* Connect */
 		if (result != STATE_OK) {
 			alarm(0);
 			return result;
 		}
 
-		result = send_request();
+		result = send_request();	/* Send the request */
 		if (result != STATE_OK)
 			return result;
 
-		result = read_response();
+		result = read_response();	/* Get the response */
 	}
 
 	if (result != -1)
@@ -155,8 +146,6 @@ int main(int argc, char **argv)
 	return result;
 }
 
-
-
 /* process command line arguments */
 int process_arguments(int argc, char **argv)
 {
@@ -168,28 +157,28 @@ int process_arguments(int argc, char **argv)
 #ifdef HAVE_GETOPT_LONG
 	int option_index = 0;
 	static struct option long_options[] = {
-		{ "host",			required_argument,	0, 'H'},
-		{ "bind",			required_argument,	0, 'b'},
-		{ "command",		required_argument,	0, 'c'},
-		{ "args",			required_argument,	0, 'a'},
-		{ "no-ssl",			no_argument,		0, 'n'},
-		{ "unknown-timeout",no_argument,		0, 'u'},
-		{ "v2-packets-only",no_argument,		0, '2'},
-		{ "ipv4",			no_argument,		0, '4'},
-		{ "ipv6",			no_argument,		0, '6'},
-		{ "no-adh",			no_argument,		0, 'd'},
-		{ "use-adh",		optional_argument,	0, 'd'},
-		{ "ssl-version",	required_argument,	0, 'S'},
-		{ "cipher-list",	required_argument,	0, 'L'},
-		{ "client-cert",	required_argument,	0, 'C'},
-		{ "key-file",		required_argument,	0, 'K'},
-		{ "ca-cert-file",	required_argument,	0, 'A'},
-		{ "ssl-logging",	required_argument,	0, 's'},
-		{ "timeout",		required_argument,	0, 't'},
-		{ "port",			required_argument,	0, 'p'},
-		{ "help",			no_argument,		0, 'h'},
-		{ "license",		no_argument,		0, 'l'},
-		{ 0, 0, 0, 0}
+		{"host", required_argument, 0, 'H'},
+		{"bind", required_argument, 0, 'b'},
+		{"command", required_argument, 0, 'c'},
+		{"args", required_argument, 0, 'a'},
+		{"no-ssl", no_argument, 0, 'n'},
+		{"unknown-timeout", no_argument, 0, 'u'},
+		{"v2-packets-only", no_argument, 0, '2'},
+		{"ipv4", no_argument, 0, '4'},
+		{"ipv6", no_argument, 0, '6'},
+		{"no-adh", no_argument, 0, 'd'},
+		{"use-adh", optional_argument, 0, 'd'},
+		{"ssl-version", required_argument, 0, 'S'},
+		{"cipher-list", required_argument, 0, 'L'},
+		{"client-cert", required_argument, 0, 'C'},
+		{"key-file", required_argument, 0, 'K'},
+		{"ca-cert-file", required_argument, 0, 'A'},
+		{"ssl-logging", required_argument, 0, 's'},
+		{"timeout", required_argument, 0, 't'},
+		{"port", required_argument, 0, 'p'},
+		{"help", no_argument, 0, 'h'},
+		{"license", no_argument, 0, 'l'},
+		{0, 0, 0, 0}
 	};
 #endif
 
@@ -199,7 +188,7 @@ int process_arguments(int argc, char **argv)
 
 	snprintf(optchars, MAX_INPUT_BUFFER, "H:b:c:a:t:p:S:L:C:K:A:d::s:46hlnuV");
 
-	while(1) {
+	while (1) {
 #ifdef HAVE_GETOPT_LONG
 		c = getopt_long(argc, argv, optchars, long_options, &option_index);
 #else
@@ -209,7 +198,7 @@ int process_arguments(int argc, char **argv)
 			break;
 
 		/* process all arguments */
-		switch(c) {
+		switch (c) {
 
 		case '?':
 		case 'h':
@@ -230,13 +219,13 @@ int process_arguments(int argc, char **argv)
 
 		case 't':
 			socket_timeout = atoi(optarg);
-			if(socket_timeout <= 0)
+			if (socket_timeout <= 0)
 				return ERROR;
 			break;
 
 		case 'p':
 			server_port = atoi(optarg);
-			if(server_port <= 0)
+			if (server_port <= 0)
 				return ERROR;
 			break;
 
@@ -320,7 +309,7 @@ int process_arguments(int argc, char **argv)
 
 		case 'L':
 			strncpy(sslprm.cipher_list, optarg, sizeof(sslprm.cipher_list) - 1);
-			sslprm.cipher_list[sizeof(sslprm.cipher_list)-1]='\0';
+			sslprm.cipher_list[sizeof(sslprm.cipher_list) - 1] = '\0';
 			break;
 
 		case 's':
@@ -334,8 +323,9 @@ int process_arguments(int argc, char **argv)
 	}
 
 	/* determine (base) command query */
-	snprintf(query, sizeof(query), "%s", (command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
-	query[sizeof(query)-1] = '\x0';
+	snprintf(query, sizeof(query), "%s",
+			 (command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
+	query[sizeof(query) - 1] = '\x0';
 
 	/* get the command args */
 	if (argindex > 0) {
@@ -353,13 +343,13 @@ int process_arguments(int argc, char **argv)
 	}
 
 	/* make sure required args were supplied */
-	if (server_name == NULL && show_help == FALSE && show_version == FALSE  && show_license == FALSE)
+	if (server_name == NULL && show_help == FALSE && show_version == FALSE
+		&& show_license == FALSE)
 		return ERROR;
 
 	return OK;
 }
 
-
 void usage(int result)
 {
 	if (result != OK)
@@ -367,8 +357,8 @@ void usage(int result)
 	printf("\n");
 	printf("NRPE Plugin for Nagios\n");
 	printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
-	printf("Version: %s\n",PROGRAM_VERSION);
-	printf("Last Modified: %s\n",MODIFICATION_DATE);
+	printf("Version: %s\n", PROGRAM_VERSION);
+	printf("Last Modified: %s\n", MODIFICATION_DATE);
 	printf("License: GPL v2 with exemptions (-l for more info)\n");
 #ifdef HAVE_SSL
 	printf("SSL/TLS Available: OpenSSL 0.9.6 or higher required\n");
@@ -377,9 +367,9 @@ void usage(int result)
 
 	if (result != OK || show_help == TRUE) {
 		printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <num>]\n"
-			"       [-S <ssl version>  [-L <cipherlist>] [-C <clientcert>]\n"
-			"       [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
-			"       [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
+			   "       [-S <ssl version>  [-L <cipherlist>] [-C <clientcert>]\n"
+			   "       [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
+			   "       [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
 		printf("\n");
 		printf("Options:\n");
 		printf(" <host>       = The address of the host running the NRPE daemon\n");
@@ -387,7 +377,8 @@ void usage(int result)
 		printf(" -4           = bind to ipv4 only\n");
 		printf(" -6           = bind to ipv6 only\n");
 		printf(" -n           = Do no use SSL\n");
-		printf(" -u           = Make socket timeouts return UNKNOWN state instead of CRITICAL\n");
+		printf
+			(" -u           = Make socket timeouts return UNKNOWN state instead of CRITICAL\n");
 		printf(" -V           = Show version\n");
 		printf(" -l           = Show license\n");
 		printf(" -d           = Don't use Anonymous Diffie Hellman\n");
@@ -397,71 +388,104 @@ void usage(int result)
 		printf("                1 = Allow Anonymous Diffie Hellman\n");
 		printf("                2 = Force Anonymous Diffie Hellman\n");
 		printf(" <bindaddr>   = bind to local address\n");
-		printf(" <ssl ver>    = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
+		printf
+			(" <ssl ver>    = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
 		printf("                SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
 		printf("                TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
 		printf("                TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
 		printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
-		printf("                to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
+		printf
+			("                to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
 		printf(" <clientcert> = The client certificate to use for PKI\n");
 		printf(" <key>        = The private key to use with the client certificate\n");
 		printf(" <ca-cert>    = The CA certificate to use for PKI\n");
 		printf(" <logopts>    = SSL Logging Options\n");
-		printf(" [port]       = The port on which the daemon is running (default=%d)\n",DEFAULT_SERVER_PORT);
-		printf(" [timeout]    = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
+		printf(" [port]       = The port on which the daemon is running (default=%d)\n",
+			   DEFAULT_SERVER_PORT);
+		printf(" [timeout]    = Number of seconds before connection times out (default=%d)\n",
+			   DEFAULT_SOCKET_TIMEOUT);
 		printf(" [command]    = The name of the command that the remote daemon should run\n");
 		printf(" [arglist]    = Optional arguments that should be passed to the command,\n");
 		printf("                separated by a space.  If provided, this must be the last\n");
 		printf("                option supplied on the command line.\n");
 		printf("\n");
 		printf("Note:\n");
-		printf("This plugin requires that you have the NRPE daemon running on the remote host.\n");
-		printf("You must also have configured the daemon to associate a specific plugin command\n");
+		printf
+			("This plugin requires that you have the NRPE daemon running on the remote host.\n");
+		printf
+			("You must also have configured the daemon to associate a specific plugin command\n");
 		printf("with the [command] option you are specifying here.  Upon receipt of the\n");
-		printf("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
-		printf("send the plugin output and return code back to *this* plugin.  This allows you\n");
-		printf("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
+		printf
+			("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
+		printf
+			("send the plugin output and return code back to *this* plugin.  This allows you\n");
+		printf
+			("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
 		printf("the plugin is being run locally.\n");
 		printf("\n");
 	}
 
-	if(show_license==TRUE)
+	if (show_license == TRUE)
 		display_license();
 
 	exit(STATE_UNKNOWN);
 }
 
-
 void setup_ssl()
 {
 #ifdef HAVE_SSL
 	int vrfy;
 
 	if (sslprm.log_opts & SSL_LogStartup) {
-		char	*val;
-
-		syslog(LOG_INFO, "SSL Certificate File: %s", sslprm.cert_file ? sslprm.cert_file : "None");
-		syslog(LOG_INFO, "SSL Private Key File: %s", sslprm.privatekey_file ? sslprm.privatekey_file : "None");
-		syslog(LOG_INFO, "SSL CA Certificate File: %s", sslprm.cacert_file ? sslprm.cacert_file : "None");
+		char *val;
+
+		syslog(LOG_INFO, "SSL Certificate File: %s",
+			   sslprm.cert_file ? sslprm.cert_file : "None");
+		syslog(LOG_INFO, "SSL Private Key File: %s",
+			   sslprm.privatekey_file ? sslprm.privatekey_file : "None");
+		syslog(LOG_INFO, "SSL CA Certificate File: %s",
+			   sslprm.cacert_file ? sslprm.cacert_file : "None");
 		if (sslprm.allowDH < 2)
 			syslog(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
 		else
 			syslog(LOG_INFO, "SSL Cipher List: ADH");
 		syslog(LOG_INFO, "SSL Allow ADH: %s",
-				sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
+			   sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
 		syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
 		switch (sslprm.ssl_min_ver) {
-			case SSLv2:			val = "SSLv2";					break;
-			case SSLv2_plus:	val = "SSLv2 And Above";		break;
-			case SSLv3:			val = "SSLv3";					break;
-			case SSLv3_plus:	val = "SSLv3_plus And Above";	break;
-			case TLSv1:			val = "TLSv1";					break;
-			case TLSv1_plus:	val = "TLSv1_plus And Above";	break;
-			case TLSv1_1:		val = "TLSv1_1";				break;
-			case TLSv1_1_plus:	val = "TLSv1_1_plus And Above";	break;
-			case TLSv1_2:		val = "TLSv1_2";				break;
-			case TLSv1_2_plus:	val = "TLSv1_2_plus And Above";	break;
-			defualt:			val = "INVALID VALUE!";			break;
+		case SSLv2:
+			val = "SSLv2";
+			break;
+		case SSLv2_plus:
+			val = "SSLv2 And Above";
+			break;
+		case SSLv3:
+			val = "SSLv3";
+			break;
+		case SSLv3_plus:
+			val = "SSLv3_plus And Above";
+			break;
+		case TLSv1:
+			val = "TLSv1";
+			break;
+		case TLSv1_plus:
+			val = "TLSv1_plus And Above";
+			break;
+		case TLSv1_1:
+			val = "TLSv1_1";
+			break;
+		case TLSv1_1_plus:
+			val = "TLSv1_1_plus And Above";
+			break;
+		case TLSv1_2:
+			val = "TLSv1_2";
+			break;
+		case TLSv1_2_plus:
+			val = "TLSv1_2_plus And Above";
+			break;
+		default:
+			val = "INVALID VALUE!";
+			break;
 		}
 		syslog(LOG_INFO, "SSL Version: %s", val);
 	}
@@ -472,14 +496,14 @@ void setup_ssl()
 		SSL_library_init();
 		meth = SSLv23_client_method();
 
-#ifndef OPENSSL_NO_SSL2
+# ifndef OPENSSL_NO_SSL2
 		if (sslprm.ssl_min_ver == SSLv2)
 			meth = SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
+# endif
+# ifndef OPENSSL_NO_SSL3
 		if (sslprm.ssl_min_ver == SSLv3)
 			meth = SSLv3_client_method();
-#endif
+# endif
 		if (sslprm.ssl_min_ver == TLSv1)
 			meth = TLSv1_client_method();
 		if (sslprm.ssl_min_ver == TLSv1_1)
@@ -490,7 +514,7 @@ void setup_ssl()
 		if ((ctx = SSL_CTX_new(meth)) == NULL) {
 			printf("CHECK_NRPE: Error - could not create SSL context.\n");
 			exit(STATE_CRITICAL);
-        }
+		}
 
 		if (sslprm.ssl_min_ver >= SSLv3) {
 			ssl_opts |= SSL_OP_NO_SSLv2;
@@ -507,13 +531,14 @@ void setup_ssl()
 			}
 			if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
 				SSL_CTX_free(ctx);
-				printf("Error: could not use private key file '%s'.\n", sslprm.privatekey_file);
+				printf("Error: could not use private key file '%s'.\n",
+					   sslprm.privatekey_file);
 				exit(STATE_CRITICAL);
 			}
 		}
 
 		if (sslprm.cacert_file != NULL) {
-			vrfy = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+			vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
 			SSL_CTX_set_verify(ctx, vrfy, verify_callback);
 			if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
 				SSL_CTX_free(ctx);
@@ -540,7 +565,6 @@ void setup_ssl()
 #endif
 }
 
-
 void set_sig_hadlers()
 {
 #ifdef HAVE_SIGACTION
@@ -551,42 +575,42 @@ void set_sig_hadlers()
 	sig_action.sa_sigaction = NULL;
 	sig_action.sa_handler = alarm_handler;
 	sigfillset(&sig_action.sa_mask);
-	sig_action.sa_flags = SA_NODEFER|SA_RESTART;
+	sig_action.sa_flags = SA_NODEFER | SA_RESTART;
 	sigaction(SIGALRM, &sig_action, NULL);
 #else
 	signal(SIGALRM, alarm_handler);
-#endif /* HAVE_SIGACTION */
+#endif	 /* HAVE_SIGACTION */
 
 	/* set socket timeout */
 	alarm(socket_timeout);
 }
 
-
 int connect_to_remote()
 {
-	int	result, rc;
 	struct sockaddr addr;
 	struct in_addr *inaddr;
 	socklen_t addrlen;
+	int result, rc;
 
 	/* try to connect to the host at the given port number */
-	if ((sd = my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0 )
-		exit (STATE_CRITICAL);
+	if ((sd =
+		 my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0)
+		exit(STATE_CRITICAL);
 
 	result = STATE_OK;
-	addrlen=sizeof(addr);
-	rc = getpeername(sd, (struct sockaddr*)&addr, &addrlen);
+	addrlen = sizeof(addr);
+	rc = getpeername(sd, (struct sockaddr *)&addr, &addrlen);
 	if (addr.sa_family == AF_INET) {
-		struct sockaddr_in *addrin = (struct sockaddr_in*)&addr;
+		struct sockaddr_in *addrin = (struct sockaddr_in *)&addr;
 		inaddr = &addrin->sin_addr;
 	} else {
-		struct sockaddr_in6 *addrin = (struct sockaddr_in6*)&addr;
-		inaddr = (struct in_addr*)&addrin->sin6_addr;
+		struct sockaddr_in6 *addrin = (struct sockaddr_in6 *)&addr;
+		inaddr = (struct in_addr *)&addrin->sin6_addr;
 	}
-	if (inet_ntop(addr.sa_family, inaddr, rem_host,  sizeof(rem_host)) == NULL)
+	if (inet_ntop(addr.sa_family, inaddr, rem_host, sizeof(rem_host)) == NULL)
 		strncpy(rem_host, "Unknown", sizeof(rem_host));
 	rem_host[MAX_HOST_ADDRESS_LENGTH - 1] = '\0';
-	if (sslprm.log_opts & SSL_LogIpAddr != 0)
+	if ((sslprm.log_opts & SSL_LogIpAddr) != 0)
 		syslog(LOG_DEBUG, "Connected to %s", rem_host);
 
 #ifdef HAVE_SSL
@@ -601,42 +625,41 @@ int connect_to_remote()
 
 	SSL_set_fd(ssl, sd);
 	if ((rc = SSL_connect(ssl)) != 1) {
-		if (sslprm.log_opts & (SSL_LogCertDetails|SSL_LogIfClientCert)) {
-			int	x, nerrs = 0;
+		if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
+			int x, nerrs = 0;
 			rc = 0;
 			while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
 				syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
-						rem_host, ERR_reason_error_string(x));
+					   rem_host, ERR_reason_error_string(x));
 				++nerrs;
 			}
 			if (nerrs == 0)
 				syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: %d",
-						rem_host, SSL_get_error(ssl,rc));
+					   rem_host, SSL_get_error(ssl, rc));
 
 		} else
 			syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: %d",
-					rem_host, SSL_get_error(ssl,rc));
+				   rem_host, SSL_get_error(ssl, rc));
 
 		printf("CHECK_NRPE: Error - Could not complete SSL handshake with %s: %d\n",
-					rem_host, SSL_get_error(ssl,rc));
+			   rem_host, SSL_get_error(ssl, rc));
 
-#ifdef DEBUG
+# ifdef DEBUG
 		printf("SSL_connect=%d\n", rc);
 		/*
-		rc = SSL_get_error(ssl, rc);
-		printf("SSL_get_error=%d\n", rc);
-		printf("ERR_get_error=%lu\n", ERR_get_error());
-		printf("%s\n",ERR_error_string(rc, NULL));
-		*/
+		   rc = SSL_get_error(ssl, rc);
+		   printf("SSL_get_error=%d\n", rc);
+		   printf("ERR_get_error=%lu\n", ERR_get_error());
+		   printf("%s\n",ERR_error_string(rc, NULL));
+		 */
 		ERR_print_errors_fp(stdout);
-#endif
+# endif
 		result = STATE_CRITICAL;
 
 	} else {
 
 		if (sslprm.log_opts & SSL_LogVersion)
-			syslog(LOG_NOTICE, "Remote %s - SSL Version: %s",
-					rem_host, SSL_get_version(ssl));
+			syslog(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
 
 		if (sslprm.log_opts & SSL_LogCipher) {
 			const SSL_CIPHER *c = SSL_get_current_cipher(ssl);
@@ -645,19 +668,17 @@ int connect_to_remote()
 		}
 
 		if ((sslprm.log_opts & SSL_LogIfClientCert) || (sslprm.log_opts & SSL_LogCertDetails)) {
-			char	peer_cn[256], buffer[2048];
-			X509	*peer = SSL_get_peer_certificate(ssl);
+			char peer_cn[256], buffer[2048];
+			X509 *peer = SSL_get_peer_certificate(ssl);
 
 			if (peer) {
 				if (sslprm.log_opts & SSL_LogIfClientCert)
 					syslog(LOG_NOTICE, "SSL %s has %s certificate",
-							rem_host, peer->valid ? "a valid" : "an invalid");
+						   rem_host, peer->valid ? "a valid" : "an invalid");
 				if (sslprm.log_opts & SSL_LogCertDetails) {
-					syslog(LOG_NOTICE, "SSL %s Cert Name: %s",
-							rem_host, peer->name);
+					syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
 					X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
-					syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s",
-							rem_host, buffer);
+					syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
 				}
 
 			} else
@@ -676,50 +697,49 @@ int connect_to_remote()
 	return result;
 }
 
-
 int send_request()
 {
 	v2_packet send_packet;
 	v3_packet *v3_send_packet = NULL;
-	int rc, bytes_to_send, pkt_size;
 	u_int32_t calculated_crc32;
+	int rc, bytes_to_send, pkt_size;
 	char *send_pkt;
 
 	if (packet_ver == NRPE_PACKET_VERSION_2) {
 		pkt_size = sizeof(v2_packet);
-		send_pkt = (char*)&send_packet;
+		send_pkt = (char *)&send_packet;
 
 		/* clear the response packet buffer */
 		memset(&send_packet, 0, sizeof(send_packet));
 		/* fill the packet with semi-random data */
-		randomize_buffer((char*)&send_packet, sizeof(send_packet));
+		randomize_buffer((char *)&send_packet, sizeof(send_packet));
 
 		/* initialize response packet data */
 		send_packet.packet_version = htons(packet_ver);
 		send_packet.packet_type = htons(QUERY_PACKET);
 		strncpy(&send_packet.buffer[0], query, MAX_PACKETBUFFER_LENGTH);
 		send_packet.buffer[MAX_PACKETBUFFER_LENGTH - 1] = '\x0';
-	
+
 		/* calculate the crc 32 value of the packet */
 		send_packet.crc32_value = 0;
-		calculated_crc32 = calculate_crc32((char*)&send_packet, sizeof(send_packet));
+		calculated_crc32 = calculate_crc32((char *)&send_packet, sizeof(send_packet));
 		send_packet.crc32_value = htonl(calculated_crc32);
 
 	} else {
 
 		pkt_size = (sizeof(v3_packet) - 1) + strlen(query) + 1;
 		v3_send_packet = calloc(1, pkt_size);
-		send_pkt = (char*)v3_send_packet;
+		send_pkt = (char *)v3_send_packet;
 		/* initialize response packet data */
 		v3_send_packet->packet_version = htons(packet_ver);
 		v3_send_packet->packet_type = htons(QUERY_PACKET);
 		v3_send_packet->alignment = 0;
 		v3_send_packet->buffer_length = htonl(strlen(query) + 1);
 		strcpy(&v3_send_packet->buffer[0], query);
-	
+
 		/* calculate the crc 32 value of the packet */
 		v3_send_packet->crc32_value = 0;
-		calculated_crc32 = calculate_crc32((char*)v3_send_packet, pkt_size);
+		calculated_crc32 = calculate_crc32((char *)v3_send_packet, pkt_size);
 		v3_send_packet->crc32_value = htonl(calculated_crc32);
 	}
 
@@ -727,12 +747,12 @@ int send_request()
 	bytes_to_send = pkt_size;
 
 	if (use_ssl == FALSE)
-		rc = sendall(sd, (char*)send_pkt, &bytes_to_send);
+		rc = sendall(sd, (char *)send_pkt, &bytes_to_send);
 #ifdef HAVE_SSL
 	else {
 		rc = SSL_write(ssl, send_pkt, bytes_to_send);
 		if (rc < 0)
-			rc=-1;
+			rc = -1;
 	}
 #endif
 
@@ -748,16 +768,18 @@ int send_request()
 	return STATE_OK;
 }
 
-
 int read_response()
 {
 	v2_packet receive_packet;
 	v3_packet *v3_receive_packet = NULL;
 	u_int32_t packet_crc32;
 	u_int32_t calculated_crc32;
-	int32_t	pkt_size;
-	int	rc, result;
-alarm(0);
+	int32_t pkt_size;
+	int rc, result;
+
+	alarm(0);
+	set_sig_hadlers();
+
 #ifdef HAVE_SSL
 	rc = read_packet(sd, ssl, &receive_packet, &v3_receive_packet);
 #else
@@ -774,7 +796,7 @@ alarm(0);
 		SSL_CTX_free(ctx);
 	}
 #endif
-	graceful_close(sd,1000);
+	graceful_close(sd, 1000);
 
 	/* recv() error */
 	if (rc < 0) {
@@ -783,11 +805,12 @@ alarm(0);
 			return -1;
 		}
 		return STATE_UNKNOWN;
-	}
 
-	/* server disconnected */
-	else if (rc == 0) {
-		printf("CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.\n");
+	} else if (rc == 0) {
+
+		/* server disconnected */
+		printf
+			("CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.\n");
 		if (packet_ver == NRPE_PACKET_VERSION_3)
 			free(v3_receive_packet);
 		return STATE_UNKNOWN;
@@ -799,11 +822,11 @@ alarm(0);
 		packet_crc32 = ntohl(v3_receive_packet->crc32_value);
 		v3_receive_packet->crc32_value = 0L;
 		v3_receive_packet->alignment = 0;
-		calculated_crc32 = calculate_crc32((char*)v3_receive_packet, pkt_size);
+		calculated_crc32 = calculate_crc32((char *)v3_receive_packet, pkt_size);
 	} else {
 		packet_crc32 = ntohl(receive_packet.crc32_value);
 		receive_packet.crc32_value = 0L;
-		calculated_crc32 = calculate_crc32((char*)&receive_packet, sizeof(receive_packet));
+		calculated_crc32 = calculate_crc32((char *)&receive_packet, sizeof(receive_packet));
 	}
 
 	if (packet_crc32 != calculated_crc32) {
@@ -824,7 +847,7 @@ alarm(0);
 			printf("%s\n", v3_receive_packet->buffer);
 	} else {
 		result = ntohs(receive_packet.result_code);
-		receive_packet.buffer[MAX_PACKETBUFFER_LENGTH-1] = '\x0';
+		receive_packet.buffer[MAX_PACKETBUFFER_LENGTH - 1] = '\x0';
 		if (!strcmp(receive_packet.buffer, ""))
 			printf("CHECK_NRPE: No output returned from daemon.\n");
 		else
@@ -837,23 +860,24 @@ alarm(0);
 	return result;
 }
 
-
-int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
+int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt)
 {
-	int32_t	common_size, tot_bytes, bytes_to_recv, buffer_size, bytes_read = 0;
+	int32_t common_size, tot_bytes, bytes_to_recv, buffer_size, bytes_read = 0;
 	int rc;
 	char *buff_ptr;
 
 	/* Read only the part that's common between versions 2 & 3 */
-	common_size = tot_bytes = bytes_to_recv = (char*)&v2_pkt->buffer - (char*)v2_pkt;
+	common_size = tot_bytes = bytes_to_recv = (char *)&v2_pkt->buffer - (char *)v2_pkt;
 
 	if (use_ssl == FALSE) {
-		rc = recvall(sock, (char*)v2_pkt, &tot_bytes, socket_timeout);
+		rc = recvall(sock, (char *)v2_pkt, &tot_bytes, socket_timeout);
 
 		if (rc <= 0 || rc != bytes_to_recv) {
 			if (rc < bytes_to_recv) {
 				if (packet_ver != NRPE_PACKET_VERSION_3)
-					printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_recv));
+					printf
+						("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n",
+						 rc, sizeof(bytes_to_recv));
 			}
 			return -1;
 		}
@@ -871,21 +895,20 @@ int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
 
 		if (packet_ver == NRPE_PACKET_VERSION_2) {
 			buffer_size = sizeof(v2_packet) - common_size;
-			buff_ptr = (char*)v2_pkt + common_size;
-		}
-		else {
-			int32_t	pkt_size = sizeof(v3_packet) - 1;
+			buff_ptr = (char *)v2_pkt + common_size;
+		} else {
+			int32_t pkt_size = sizeof(v3_packet) - 1;
 
 			/* Read the alignment filler */
 			bytes_to_recv = sizeof(int16_t);
-			rc = recvall(sock, (char*)&buffer_size, &bytes_to_recv, socket_timeout);
+			rc = recvall(sock, (char *)&buffer_size, &bytes_to_recv, socket_timeout);
 			if (rc <= 0 || bytes_to_recv != sizeof(int16_t))
 				return -1;
 			tot_bytes += rc;
 
 			/* Read the buffer size */
 			bytes_to_recv = sizeof(buffer_size);
-			rc = recvall(sock, (char*)&buffer_size, &bytes_to_recv, socket_timeout);
+			rc = recvall(sock, (char *)&buffer_size, &bytes_to_recv, socket_timeout);
 			if (rc <= 0 || bytes_to_recv != sizeof(buffer_size))
 				return -1;
 			tot_bytes += rc;
@@ -911,25 +934,28 @@ int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
 				*v3_pkt = NULL;
 			}
 			if (rc < buffer_size)
-				printf("CHECK_NRPE: Receive underflow - only %d bytes received (%ld expected).\n", rc, sizeof(buffer_size));
+				printf
+					("CHECK_NRPE: Receive underflow - only %d bytes received (%ld expected).\n",
+					 rc, sizeof(buffer_size));
 			return -1;
 		} else
 			tot_bytes += rc;
 	}
-
 #ifdef HAVE_SSL
 	else {
-		SSL *ssl = (SSL*)ssl_ptr;
-		int32_t	pkt_size;
+		SSL *ssl = (SSL *) ssl_ptr;
+		int32_t pkt_size;
 
 		while (((rc = SSL_read(ssl, v2_pkt, bytes_to_recv)) <= 0)
-		&& (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ))
-		{}
+			   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+		}
 
 		if (rc <= 0 || rc != bytes_to_recv) {
 			if (rc < bytes_to_recv) {
 				if (packet_ver != NRPE_PACKET_VERSION_3)
-					printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_recv));
+					printf
+						("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n",
+						 rc, sizeof(bytes_to_recv));
 			}
 			return -1;
 		}
@@ -947,16 +973,15 @@ int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
 
 		if (packet_ver == NRPE_PACKET_VERSION_2) {
 			buffer_size = sizeof(v2_packet) - common_size;
-			buff_ptr = (char*)v2_pkt + common_size;
-		}
-		else {
+			buff_ptr = (char *)v2_pkt + common_size;
+		} else {
 			pkt_size = sizeof(v3_packet) - 1;
 
 			/* Read the alignment filler */
 			bytes_to_recv = sizeof(int16_t);
 			while (((rc = SSL_read(ssl, &buffer_size, bytes_to_recv)) <= 0)
-			&& (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ))
-			{}
+				   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+			}
 
 			if (rc <= 0 || bytes_to_recv != sizeof(int16_t))
 				return -1;
@@ -965,8 +990,8 @@ int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
 			/* Read the buffer size */
 			bytes_to_recv = sizeof(buffer_size);
 			while (((rc = SSL_read(ssl, &buffer_size, bytes_to_recv)) <= 0)
-			&& (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ))
-			{}
+				   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+			}
 
 			if (rc <= 0 || bytes_to_recv != sizeof(buffer_size))
 				return -1;
@@ -987,8 +1012,8 @@ int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
 		bytes_to_recv = buffer_size;
 		for (;;) {
 			while (((rc = SSL_read(ssl, &buff_ptr[bytes_read], bytes_to_recv)) <= 0)
-			&& (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ))
-			{}
+				   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
+			}
 
 			if (rc <= 0)
 				break;
@@ -1004,10 +1029,10 @@ int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
 			if (bytes_read != buffer_size) {
 				if (packet_ver == NRPE_PACKET_VERSION_3)
 					printf("CHECK_NRPE: Receive buffer size - %ld bytes received "
-						"(%ld expected).\n", bytes_read, sizeof(buffer_size));
+						   "(%ld expected).\n", bytes_read, sizeof(buffer_size));
 				else
 					printf("CHECK_NRPE: Receive underflow - only %ld bytes received "
-						"(%ld expected).\n", bytes_read, sizeof(buffer_size));
+						   "(%ld expected).\n", bytes_read, sizeof(buffer_size));
 			}
 			return -1;
 		} else
@@ -1018,13 +1043,12 @@ int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt)
 	return tot_bytes;
 }
 
-
-int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
 {
-	char		name[256], issuer[256];
-	X509		*err_cert;
-	int			err;
-	SSL			*ssl;
+	char name[256], issuer[256];
+	X509 *err_cert;
+	int err;
+	SSL *ssl;
 
 	if (preverify_ok || (sslprm.log_opts & SSL_LogCertDetails == 0))
 		return preverify_ok;
@@ -1038,15 +1062,15 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
 	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
 
-	if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert && (sslprm.log_opts & SSL_LogCertDetails)) {
+	if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
+		&& (sslprm.log_opts & SSL_LogCertDetails)) {
 		syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
-				name, issuer, err, X509_verify_cert_error_string(err));
+			   name, issuer, err, X509_verify_cert_error_string(err));
 	}
 
 	return preverify_ok;
 }
 
-
 void alarm_handler(int sig)
 {
 	const char msg[] = "CHECK_NRPE: Socket timeout";
@@ -1054,7 +1078,6 @@ void alarm_handler(int sig)
 	exit(timeout_return_code);
 }
 
-
 /* submitted by Mark Plaksin 08/31/2006 */
 int graceful_close(int sd, int timeout)
 {
@@ -1076,7 +1099,7 @@ int graceful_close(int sd, int timeout)
 			break;
 
 		/* no more data (FIN or RST) */
-		if (0 >= recv(sd, buf, sizeof (buf), 0))
+		if (0 >= recv(sd, buf, sizeof(buf), 0))
 			break;
 	}
 

src/utils.c

@@ -33,57 +33,59 @@
 #include "../include/utils.h"
 
 #ifndef NI_MAXSERV
-#define NI_MAXSERV 32
+# define NI_MAXSERV 32
 #endif
 
 #ifndef NI_MAXHOST
-#define NI_MAXHOST 1025
+# define NI_MAXHOST 1025
 #endif
 
+extern char **environ;
+
 static unsigned long crc32_table[256];
 
+static int my_create_socket(struct addrinfo *ai, const char *bind_address);
 
 
 /* build the crc table - must be called before calculating the crc value */
-void generate_crc32_table(void){
+void generate_crc32_table(void)
+{
 	unsigned long crc, poly;
 	int i, j;
 
-	poly=0xEDB88320L;
-	for(i=0;i<256;i++){
-		crc=i;
-		for(j=8;j>0;j--){
-			if(crc & 1)
-				crc=(crc>>1)^poly;
+	poly = 0xEDB88320L;
+	for (i = 0; i < 256; i++) {
+		crc = i;
+		for (j = 8; j > 0; j--) {
+			if (crc & 1)
+				crc = (crc >> 1) ^ poly;
 			else
-				crc>>=1;
-		        }
-		crc32_table[i]=crc;
-                }
+				crc >>= 1;
+		}
+		crc32_table[i] = crc;
+	}
 
 	return;
-        }
-
+}
 
 /* calculates the CRC 32 value for a buffer */
-unsigned long calculate_crc32(char *buffer, int buffer_size){
-	register unsigned long crc;
+unsigned long calculate_crc32(char *buffer, int buffer_size)
+{
+	register unsigned long crc = 0xFFFFFFFF;
 	int this_char;
 	int current_index;
 
-	crc=0xFFFFFFFF;
-
-	for(current_index=0;current_index<buffer_size;current_index++){
-		this_char=(int)buffer[current_index];
-		crc=((crc>>8) & 0x00FFFFFF) ^ crc32_table[(crc ^ this_char) & 0xFF];
+	for (current_index = 0; current_index < buffer_size; current_index++) {
+		this_char = (int)buffer[current_index];
+		crc = ((crc >> 8) & 0x00FFFFFF) ^ crc32_table[(crc ^ this_char) & 0xFF];
 	}
 
 	return (crc ^ 0xFFFFFFFF);
-        }
-
+}
 
 /* fill a buffer with semi-random data */
-void randomize_buffer(char *buffer,int buffer_size){
+void randomize_buffer(char *buffer, int buffer_size)
+{
 	FILE *fp;
 	int x;
 	int seed;
@@ -96,98 +98,96 @@ void randomize_buffer(char *buffer,int buffer_size){
 	   want the buffer to contain the same set of characters as
 	   plugins, so its harder to distinguish where the real output
 	   ends and the rest of the buffer (padded randomly) starts.
-	***************************************************************/
+	 ***************************************************************/
 
 	/* try to get seed value from /dev/urandom, as its a better source of entropy */
-	fp=fopen("/dev/urandom","r");
-	if(fp!=NULL){
-		seed=fgetc(fp);
+	fp = fopen("/dev/urandom", "r");
+	if (fp != NULL) {
+		seed = fgetc(fp);
 		fclose(fp);
-	        }
-
+	}
 	/* else fallback to using the current time as the seed */
 	else
-		seed=(int)time(NULL);
+		seed = (int)time(NULL);
 
 	srand(seed);
-	for(x=0;x<buffer_size;x++)
-		buffer[x]=(int)'0'+(int)(72.0*rand()/(RAND_MAX+1.0));
+	for (x = 0; x < buffer_size; x++)
+		buffer[x] = (int)'0' + (int)(72.0 * rand() / (RAND_MAX + 1.0));
 
 	return;
-        }
-
+}
 
 /* opens a connection to a remote host */
-int my_connect(const char *host, struct sockaddr_storage * hostaddr, u_short port,
-		int address_family, const char *bind_address){
+int my_connect(const char *host, struct sockaddr_storage *hostaddr, u_short port,
+			   int address_family, const char *bind_address)
+{
+	struct addrinfo hints, *ai, *aitop;
+	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
 	int gaierr;
 	int sock = -1;
-	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
-	struct addrinfo hints, *ai, *aitop;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = address_family;
 	hints.ai_socktype = SOCK_STREAM;
 	snprintf(strport, sizeof strport, "%u", port);
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
-		fprintf(stderr,"Could not resolve hostname %.100s: %s\n", host, 
-				gai_strerror(gaierr));
+		fprintf(stderr, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
 		exit(1);
-		}
+	}
 
 	/*
-	* Loop through addresses for this host, and try each one in
-	* sequence until the connection succeeds.
-	*/
+	 * Loop through addresses for this host, and try each one in
+	 * sequence until the connection succeeds.
+	 */
 	for (ai = aitop; ai; ai = ai->ai_next) {
-		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue;
-		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), 
-				strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+			continue;
+		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
+						strport, sizeof(strport), NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
 			fprintf(stderr, "my_connect: getnameinfo failed\n");
 			continue;
 		}
 
 		/* Create a socket for connecting. */
 		sock = my_create_socket(ai, bind_address);
-		if (sock < 0) {
-			/* Any error is already output */
-			continue;
-			}
+		if (sock < 0)
+			continue;			/* Any error is already output */
 
 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
 			/* Successful connection. */
 			memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
 			break;
-			}
-		else {
-			fprintf(stderr,"connect to address %s port %s: %s\n", ntop, strport, 
+		} else {
+			fprintf(stderr, "connect to address %s port %s: %s\n", ntop, strport,
 					strerror(errno));
 			close(sock);
 			sock = -1;
-			}
 		}
+	}
 
 	freeaddrinfo(aitop);
 
 	/* Return failure if we didn't get a successful connection. */
 	if (sock == -1) {
-		fprintf(stderr, "connect to host %s port %s: %s\n", host, strport, 
-				strerror(errno));
+		fprintf(stderr, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
 		return -1;
-		}
-	return sock;
 	}
+	return sock;
+}
 
 /* Creates a socket for the connection. */
-int my_create_socket(struct addrinfo *ai, const char *bind_address) {
+int my_create_socket(struct addrinfo *ai, const char *bind_address)
+{
 	int sock, gaierr;
 	struct addrinfo hints, *res;
 
 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-	if (sock < 0) fprintf(stderr,"socket: %.100s\n", strerror(errno));
+	if (sock < 0)
+		fprintf(stderr, "socket: %.100s\n", strerror(errno));
 
 	/* Bind the socket to an alternative local IP address */
-   	if (bind_address == NULL) return sock;
+	if (bind_address == NULL)
+		return sock;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = ai->ai_family;
@@ -195,24 +195,23 @@ int my_create_socket(struct addrinfo *ai, const char *bind_address) {
 	hints.ai_protocol = ai->ai_protocol;
 	hints.ai_flags = AI_PASSIVE;
 	gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
-	if(gaierr) {
-		fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, 
-				gai_strerror(gaierr));
+	if (gaierr) {
+		fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
 		close(sock);
 		return -1;
-        }
-	if(bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+	}
+	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
 		fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno));
 		close(sock);
 		freeaddrinfo(res);
 		return -1;
-		}
+	}
 	freeaddrinfo(res);
 	return sock;
 }
 
-void add_listen_addr(struct addrinfo **listen_addrs, int address_family, 
-		char *addr, int port) {
+void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *addr, int port)
+{
 	struct addrinfo hints, *ai, *aitop;
 	char strport[NI_MAXSERV];
 	int gaierr;
@@ -222,109 +221,191 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family,
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
 	snprintf(strport, sizeof strport, "%d", port);
-	if((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
-		syslog(LOG_ERR,"bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
-				gai_strerror(gaierr));
+	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
+		syslog(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
+			   gai_strerror(gaierr));
 		exit(1);
-		}
-	for(ai = aitop; ai->ai_next; ai = ai->ai_next);
+	}
+	for (ai = aitop; ai->ai_next; ai = ai->ai_next) ;
 	ai->ai_next = *listen_addrs;
 	*listen_addrs = aitop;
+}
+
+int clean_environ(const char *keep_env_vars, const char *nrpe_user)
+{
+#ifdef HAVE_PATHS_H
+	static char *path = _PATH_STDPATH;
+#else
+	*path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
+#endif
+	struct passwd *pw;
+	size_t len, var_sz = 0;
+	char **kept = NULL, *value, *var, *keep = NULL;
+	int i, j, keepcnt = 0;
+
+	if (keep_env_vars && *keep_env_vars)
+		asprintf(&keep, "%s,NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION", keep_env_vars);
+	else
+		asprintf(&keep, "NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION");
+	if (keep == NULL) {
+		syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+		return ERROR;
+	}
+
+	++keepcnt;
+	i = strlen(keep);
+	while (i--) {
+		if (keep[i] == ',')
+			++keepcnt;
+	}
+
+	if ((kept = calloc(keepcnt + 1, sizeof(char *))) == NULL) {
+		syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+		return ERROR;
 	}
- 
-void strip(char *buffer){
+	for (i = 0, var = my_strsep(&keep, ","); var != NULL; var = my_strsep(&keep, ","))
+		kept[i++] = strip(var);
+
+	var = NULL;
+	i = 0;
+	while (environ[i]) {
+		value = environ[i];
+		if ((len = strcspn(value, "=")) == 0) {
+			free(keep);
+			free(kept);
+			free(var);
+			syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+			return ERROR;
+		}
+		if (len >= var_sz) {
+			var_sz = len + 1;
+			var = realloc(var, var_sz);
+		}
+		strncpy(var, environ[i], var_sz);
+		var[len] = 0;
+
+		for (j = 0; kept[j]; ++j) {
+			if (!strncmp(var, kept[j], strlen(kept[j])))
+				break;
+		}
+		if (kept[j]) {
+			++i;
+			continue;
+		}
+
+		unsetenv(var);
+	}
+
+	free(var);
+	free(keep);
+	free(kept);
+
+	pw = (struct passwd *)getpwnam(nrpe_user);
+	if (pw == NULL)
+		return OK;
+
+	setenv("PATH", path, 1);
+	setenv("IFS", " \t\n", 1);
+	setenv("HOME", pw->pw_dir, 0);
+	setenv("SHELL", pw->pw_shell, 0);
+	setenv("LOGNAME", nrpe_user, 0);
+	setenv("USER", nrpe_user, 0);
+
+	return OK;
+}
+
+char *strip(char *buffer)
+{
 	int x;
 	int index;
+	char *buf = buffer;
 
-	for(x=strlen(buffer);x>=1;x--){
-		index=x-1;
-		if(buffer[index]==' ' || buffer[index]=='\r' || buffer[index]=='\n' || buffer[index]=='\t')
-			buffer[index]='\x0';
+	for (x = strlen(buffer); x >= 1; x--) {
+		index = x - 1;
+		if (buffer[index] == ' ' || buffer[index] == '\r' || buffer[index] == '\n'
+			|| buffer[index] == '\t')
+			buffer[index] = '\x0';
 		else
 			break;
-	        }
+	}
 
-	return;
-        }
+	while (*buf == ' ' || *buf == '\r' || *buf == '\n' || *buf == '\t') {
+		++buf;
+		--x;
+	}
+	if (buf != buffer) {
+		memmove(buffer, buf, x);
+		buffer[x] = '\x0';
+	}
 
+	return buffer;
+}
 
 /* sends all data - thanks to Beej's Guide to Network Programming */
-int sendall(int s, char *buf, int *len){
-	int total=0;
-	int bytesleft=*len;
-	int n=0;
+int sendall(int s, char *buf, int *len)
+{
+	int total = 0;
+	int bytesleft = *len;
+	int n = 0;
 
 	/* send all the data */
-	while(total<*len){
-
-		/* send some data */
-		n=send(s,buf+total,bytesleft,0);
-
-		/* break on error */
-		if(n==-1)
+	while (total < *len) {
+		n = send(s, buf + total, bytesleft, 0);	/* send some data */
+		if (n == -1)			/* break on error */
 			break;
-
 		/* apply bytes we sent */
-		total+=n;
-		bytesleft-=n;
-	        }
-
-	/* return number of bytes actually send here */
-	*len=total;
-
-	/* return -1 on failure, 0 on success */
-	return n==-1?-1:0;
-        }
+		total += n;
+		bytesleft -= n;
+	}
 
+	*len = total;				/* return number of bytes actually sent here */
+	return n == -1 ? -1 : 0;	/* return -1 on failure, 0 on success */
+}
 
 /* receives all data - modelled after sendall() */
-int recvall(int s, char *buf, int *len, int timeout){
-	int total=0;
-	int bytesleft=*len;
-	int n=0;
+int recvall(int s, char *buf, int *len, int timeout)
+{
 	time_t start_time;
 	time_t current_time;
-	
-	/* clear the receive buffer */
-	bzero(buf,*len);
+	int total = 0;
+	int bytesleft = *len;
+	int n = 0;
 
+	bzero(buf, *len);			/* clear the receive buffer */
 	time(&start_time);
 
 	/* receive all data */
-	while(total<*len){
-
-		/* receive some data */
-		n=recv(s,buf+total,bytesleft,0);
+	while (total < *len) {
+		n = recv(s, buf + total, bytesleft, 0);	/* receive some data */
 
-		/* no data has arrived yet (non-blocking socket) */
-		if(n==-1 && errno==EAGAIN){
+		if (n == -1 && errno == EAGAIN) {
+			/* no data has arrived yet (non-blocking socket) */
 			time(&current_time);
-			if(current_time-start_time>timeout)
+			if (current_time - start_time > timeout)
 				break;
 			sleep(1);
 			continue;
-		        }
-
-		/* receive error or client disconnect */
-		else if(n<=0)
-			break;
+		} else if (n <= 0)
+			break;				/* receive error or client disconnect */
 
 		/* apply bytes we received */
-		total+=n;
-		bytesleft-=n;
-	        }
+		total += n;
+		bytesleft -= n;
+	}
 
 	/* return number of bytes actually received here */
-	*len=total;
+	*len = total;
 
 	/* return <=0 on failure, bytes received on success */
-	return (n<=0)?n:total;
-        }
+	return (n <= 0) ? n : total;
+}
 
 
 /* fixes compiler problems under Solaris, since strsep() isn't included */
+
 /* this code is taken from the glibc source */
-char *my_strsep (char **stringp, const char *delim){
+char *my_strsep(char **stringp, const char *delim)
+{
 	char *begin, *end;
 
 	begin = *stringp;
@@ -334,41 +415,40 @@ char *my_strsep (char **stringp, const char *delim){
 	/* A frequent case is when the delimiter string contains only one
 	   character.  Here we don't need to call the expensive `strpbrk'
 	   function and instead work using `strchr'.  */
-	if(delim[0]=='\0' || delim[1]=='\0'){
+	if (delim[0] == '\0' || delim[1] == '\0') {
 		char ch = delim[0];
 
-		if(ch=='\0')
-			end=NULL;
-		else{
-			if(*begin==ch)
-				end=begin;
+		if (ch == '\0')
+			end = NULL;
+		else {
+			if (*begin == ch)
+				end = begin;
 			else
-				end=strchr(begin+1,ch);
-			}
+				end = strchr(begin + 1, ch);
 		}
 
-	else
-		/* Find the end of the token.  */
-		end = strpbrk (begin, delim);
-
-	if(end){
+	} else
+		end = strpbrk(begin, delim);	/* Find the end of the token.  */
 
+	if (end) {
 		/* Terminate the token and set *STRINGP past NUL character.  */
-		*end++='\0';
-		*stringp=end;
-		}
-	else
+		*end++ = '\0';
+		*stringp = end;
+	} else
 		/* No more delimiters; this is the last token.  */
-		*stringp=NULL;
+		*stringp = NULL;
 
 	return begin;
-	}
+}
 
 int b64_decode(unsigned char *encoded)
 {
-	static const char *b64 = { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" };
-	int		i, j, l, padding = 0;
-	unsigned char	c[4], *outp = encoded;
+	static const char *b64 = {
+		"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+	};
+	int i, j, l, padding = 0;
+	unsigned char c[4], *outp = encoded;
+
 	union {
 		unsigned c3;
 		struct {
@@ -380,22 +460,22 @@ int b64_decode(unsigned char *encoded)
 	} enc;
 
 	enc.c3 = 0;
-	l = strlen((char*)encoded);
+	l = strlen((char *)encoded);
 	for (i = 0; i < l; i += 4) {
 		for (j = 0; j < 4; ++j) {
-			if (encoded[i+j] == '=') {
+			if (encoded[i + j] == '=') {
 				c[j] = 0;
 				++padding;
-			} else if (encoded[i+j] >= 'A' && encoded[i+j] <= 'Z')
-				c[j] = encoded[i+j] - 'A';
-			else if (encoded[i+j] >= 'a' && encoded[i+j] <= 'z')
-				c[j] = encoded[i+j] - 'a' + 26;
-			else if (encoded[i+j] >= '0' && encoded[i+j] <= '9')
-				c[j] = encoded[i+j] - '0' + 52;
-			else if (encoded[i+j] == '+')
-				c[j] = encoded[i+j] - '+' + 62;
+			} else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z')
+				c[j] = encoded[i + j] - 'A';
+			else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z')
+				c[j] = encoded[i + j] - 'a' + 26;
+			else if (encoded[i + j] >= '0' && encoded[i + j] <= '9')
+				c[j] = encoded[i + j] - '0' + 52;
+			else if (encoded[i + j] == '+')
+				c[j] = encoded[i + j] - '+' + 62;
 			else
-				c[j] = encoded[i+j] - '/' + 63;
+				c[j] = encoded[i + j] - '/' + 63;
 		}
 		enc.fields.f1 = c[3];
 		enc.fields.f2 = c[2];
@@ -410,10 +490,9 @@ int b64_decode(unsigned char *encoded)
 	return outp - encoded - padding;
 }
 
-
 /* show license */
-void display_license(void){
-
+void display_license(void)
+{
 	printf("This program is released under the GPL (see below) with the additional\n");
 	printf("exemption that compiling, linking, and/or using OpenSSL is allowed.\n\n");
 
@@ -430,7 +509,4 @@ void display_license(void){
 	printf("Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
 
 	return;
-        }
-
-
-
+}