/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/splashy.c

  • Committer: Teddy Hogeborn
  • Date: 2016-03-04 22:07:35 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 335.
  • Revision ID: teddy@recompile.se-20160304220735-4xeeqt5p4nhw5cuh
Restrict the Mandos server daemon in the systemd service file.

* mandos.service ([Service]/ProtectSystem): Set to "full".
 ([Service]/PrivateTmp, [Service]/PrivateDevices,
  [Service]/ProtectHome): Set to "yes".
 ([Service]/CapabilityBoundingSet): Set to "CAP_SETUID
                                    CAP_DAC_OVERRIDE CAP_NET_RAW".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
/*
3
3
 * Splashy - Read a password from splashy and output it
4
4
 * 
5
 
 * Copyright © 2008-2011 Teddy Hogeborn
6
 
 * Copyright © 2008-2011 Björn Påhlsson
 
5
 * Copyright © 2008-2016 Teddy Hogeborn
 
6
 * Copyright © 2008-2016 Björn Påhlsson
7
7
 * 
8
8
 * This program is free software: you can redistribute it and/or
9
9
 * modify it under the terms of the GNU General Public License as
19
19
 * along with this program.  If not, see
20
20
 * <http://www.gnu.org/licenses/>.
21
21
 * 
22
 
 * Contact the authors at <mandos@fukt.bsnet.se>.
 
22
 * Contact the authors at <mandos@recompile.se>.
23
23
 */
24
24
 
25
25
#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY(), asprintf() */
29
29
                                   SIG_IGN, kill(), SIGKILL */
30
30
#include <stddef.h>             /* NULL */
31
31
#include <stdlib.h>             /* getenv() */
32
 
#include <stdio.h>              /* asprintf(), vasprintf(), vprintf(), fprintf() */
 
32
#include <stdio.h>              /* asprintf(), vasprintf(), vprintf(),
 
33
                                   fprintf() */
33
34
#include <stdlib.h>             /* EXIT_FAILURE, free(),
34
35
                                   EXIT_SUCCESS */
35
36
#include <sys/types.h>          /* pid_t, DIR, struct dirent,
60
61
int signal_received;
61
62
 
62
63
/* Function to use when printing errors */
63
 
void error_plus(int status, int errnum, const char *formatstring, ...){
 
64
__attribute__((format (gnu_printf, 3, 4)))
 
65
void error_plus(int status, int errnum, const char *formatstring,
 
66
                ...){
64
67
  va_list ap;
65
68
  char *text;
66
69
  int ret;
67
70
  
68
71
  va_start(ap, formatstring);
69
72
  ret = vasprintf(&text, formatstring, ap);
70
 
  if (ret == -1){
71
 
    fprintf(stderr, "Mandos plugin %s: ", program_invocation_short_name);
 
73
  if(ret == -1){
 
74
    fprintf(stderr, "Mandos plugin %s: ",
 
75
            program_invocation_short_name);
72
76
    vfprintf(stderr, formatstring, ap);
73
77
    fprintf(stderr, ": ");
74
78
    fprintf(stderr, "%s\n", strerror(errnum));