=== modified file 'TODO'
--- TODO	2011-12-24 23:17:02 +0000
+++ TODO	2011-12-25 00:40:09 +0000
@@ -1,15 +1,10 @@
 -*- org -*-
 
-* Use _attribute_((nonnull)) wherever possible.
-* Use __attribute__((pure)) or __attribute__((const)) where possible.
-* Use __attribute__((signal)) on signal handlers.
-
 * [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]
 
 * mandos-applet
 
 * mandos-client
-** TODO [#A] OpenVPN network hook
 ** TODO [#A] Wireless network hook
 ** TODO [#B] Use capabilities instead of seteuid().
 ** TODO [#B] Use struct sockaddr_storage instead of a union

=== modified file 'plugin-runner.c'
--- plugin-runner.c	2011-11-24 21:12:35 +0000
+++ plugin-runner.c	2011-12-25 00:40:09 +0000
@@ -171,6 +171,7 @@
 }
 
 /* Helper function for add_argument and add_environment */
+__attribute__((nonnull))
 static bool add_to_char_array(const char *new, char ***array,
 			      int *len){
   /* Resize the pointed-to array to hold one more pointer */
@@ -199,6 +200,7 @@
 }
 
 /* Add to a plugin's argument vector */
+__attribute__((nonnull(2)))
 static bool add_argument(plugin *p, const char *arg){
   if(p == NULL){
     return false;
@@ -207,6 +209,7 @@
 }
 
 /* Add to a plugin's environment */
+__attribute__((nonnull(2)))
 static bool add_environment(plugin *p, const char *def, bool replace){
   if(p == NULL){
     return false;
@@ -286,6 +289,7 @@
 }
 
 /* Prints out a password to stdout */
+__attribute__((nonnull))
 static bool print_out_password(const char *buffer, size_t length){
   ssize_t ret;
   for(size_t written = 0; written < length; written += (size_t)ret){
@@ -299,6 +303,7 @@
 }
 
 /* Removes and free a plugin from the plugin list */
+__attribute__((nonnull))
 static void free_plugin(plugin *plugin_node){
   
   for(char **arg = plugin_node->argv; *arg != NULL; arg++){
@@ -416,6 +421,7 @@
     { .name = NULL }
   };
   
+  __attribute__((nonnull(3)))
   error_t parse_opt(int key, char *arg, struct argp_state *state){
     errno = 0;
     switch(key){

=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2011-12-24 23:07:17 +0000
+++ plugins.d/mandos-client.c	2011-12-25 00:40:09 +0000
@@ -170,8 +170,10 @@
 
 /* Function to use when printing errors */
 void perror_plus(const char *print_text){
+  int e = errno;
   fprintf(stderr, "Mandos plugin %s: ",
 	  program_invocation_short_name);
+  errno = e;
   perror(print_text);
 }
 

=== modified file 'plugins.d/password-prompt.c'
--- plugins.d/password-prompt.c	2011-12-24 23:17:02 +0000
+++ plugins.d/password-prompt.c	2011-12-25 00:40:09 +0000
@@ -72,6 +72,16 @@
 /* Needed for conflict resolution */
 const char plymouth_name[] = "plymouthd";
 
+__attribute__((format (gnu_printf, 2, 3), nonnull(1)))
+int fprintf_plus(FILE *stream, const char *format, ...){
+  va_list ap;
+  va_start (ap, format);
+  
+  TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
+			     program_invocation_short_name));
+  return TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
+}
+
 /* Function to use when printing errors */
 __attribute__((format (gnu_printf, 3, 4)))
 void error_plus(int status, int errnum, const char *formatstring,
@@ -86,8 +96,7 @@
     fprintf(stderr, "Mandos plugin %s: ",
 	    program_invocation_short_name);
     vfprintf(stderr, formatstring, ap);
-    fprintf(stderr, ": ");
-    fprintf(stderr, "%s\n", strerror(errnum));
+    fprintf(stderr, ": %s\n", strerror(errnum));
     error(status, errno, "vasprintf while printing error");
     return;
   }
@@ -110,6 +119,7 @@
      from the terminal.  Password-prompt will exit if it detects
      plymouth since plymouth performs the same functionality.
    */
+  __attribute__((nonnull))
   int is_plymouth(const struct dirent *proc_entry){
     int ret;
     int cl_fd;
@@ -129,7 +139,7 @@
     ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
 		   proc_entry->d_name);
     if(ret == -1){
-      error(0, errno, "asprintf");
+      error_plus(0, errno, "asprintf");
       return 0;
     }
     
@@ -138,7 +148,7 @@
     free(cmdline_filename);
     if(cl_fd == -1){
       if(errno != ENOENT){
-	error(0, errno, "open");
+	error_plus(0, errno, "open");
       }
       return 0;
     }
@@ -155,7 +165,7 @@
 	if(cmdline_len + blocksize + 1 > cmdline_allocated){
 	  tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);
 	  if(tmp == NULL){
-	    error(0, errno, "realloc");
+	    error_plus(0, errno, "realloc");
 	    free(cmdline);
 	    close(cl_fd);
 	    return 0;
@@ -168,7 +178,7 @@
 	sret = read(cl_fd, cmdline + cmdline_len,
 		    cmdline_allocated - cmdline_len);
 	if(sret == -1){
-	  error(0, errno, "read");
+	  error_plus(0, errno, "read");
 	  free(cmdline);
 	  close(cl_fd);
 	  return 0;
@@ -177,7 +187,7 @@
       } while(sret != 0);
       ret = close(cl_fd);
       if(ret == -1){
-	error(0, errno, "close");
+	error_plus(0, errno, "close");
 	free(cmdline);
 	return 0;
       }
@@ -213,7 +223,7 @@
   int ret;
   ret = scandir("/proc", &direntries, is_plymouth, alphasort);
   if (ret == -1){
-    error(1, errno, "scandir");
+    error_plus(1, errno, "scandir");
   }
   free(direntries);
   return ret > 0;
@@ -250,6 +260,7 @@
       { .name = NULL }
     };
     
+    __attribute__((nonnull(3)))
     error_t parse_opt (int key, char *arg, struct argp_state *state){
       errno = 0;
       switch (key){
@@ -291,7 +302,7 @@
     case ENOMEM:
     default:
       errno = ret;
-      error(0, errno, "argp_parse");
+      error_plus(0, errno, "argp_parse");
       return EX_OSERR;
     case EINVAL:
       return EX_USAGE;
@@ -315,7 +326,7 @@
   
   if(tcgetattr(STDIN_FILENO, &t_old) != 0){
     int e = errno;
-    error(0, errno, "tcgetattr");
+    error_plus(0, errno, "tcgetattr");
     switch(e){
     case EBADF:
     case ENOTTY:
@@ -328,17 +339,17 @@
   sigemptyset(&new_action.sa_mask);
   ret = sigaddset(&new_action.sa_mask, SIGINT);
   if(ret == -1){
-    error(0, errno, "sigaddset");
+    error_plus(0, errno, "sigaddset");
     return EX_OSERR;
   }
   ret = sigaddset(&new_action.sa_mask, SIGHUP);
   if(ret == -1){
-    error(0, errno, "sigaddset");
+    error_plus(0, errno, "sigaddset");
     return EX_OSERR;
   }
   ret = sigaddset(&new_action.sa_mask, SIGTERM);
   if(ret == -1){
-    error(0, errno, "sigaddset");
+    error_plus(0, errno, "sigaddset");
     return EX_OSERR;
   }
   /* Need to check if the handler is SIG_IGN before handling:
@@ -347,37 +358,37 @@
   */
   ret = sigaction(SIGINT, NULL, &old_action);
   if(ret == -1){
-    error(0, errno, "sigaction");
+    error_plus(0, errno, "sigaction");
     return EX_OSERR;
   }
   if(old_action.sa_handler != SIG_IGN){
     ret = sigaction(SIGINT, &new_action, NULL);
     if(ret == -1){
-      error(0, errno, "sigaction");
+      error_plus(0, errno, "sigaction");
       return EX_OSERR;
     }
   }
   ret = sigaction(SIGHUP, NULL, &old_action);
   if(ret == -1){
-    error(0, errno, "sigaction");
+    error_plus(0, errno, "sigaction");
     return EX_OSERR;
   }
   if(old_action.sa_handler != SIG_IGN){
     ret = sigaction(SIGHUP, &new_action, NULL);
     if(ret == -1){
-      error(0, errno, "sigaction");
+      error_plus(0, errno, "sigaction");
       return EX_OSERR;
     }
   }
   ret = sigaction(SIGTERM, NULL, &old_action);
   if(ret == -1){
-    error(0, errno, "sigaction");
+    error_plus(0, errno, "sigaction");
     return EX_OSERR;
   }
   if(old_action.sa_handler != SIG_IGN){
     ret = sigaction(SIGTERM, &new_action, NULL);
     if(ret == -1){
-      error(0, errno, "sigaction");
+      error_plus(0, errno, "sigaction");
       return EX_OSERR;
     }
   }
@@ -391,7 +402,7 @@
   t_new.c_lflag &= ~(tcflag_t)ECHO;
   if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){
     int e = errno;
-    error(0, errno, "tcsetattr-echo");
+    error_plus(0, errno, "tcsetattr-echo");
     switch(e){
     case EBADF:
     case ENOTTY:
@@ -461,7 +472,7 @@
 	sret = write(STDOUT_FILENO, buffer + written, n - written);
 	if(sret < 0){
 	  int e = errno;
-	  error(0, errno, "write");
+	  error_plus(0, errno, "write");
 	  switch(e){
 	  case EBADF:
 	  case EFAULT:
@@ -483,7 +494,7 @@
       sret = close(STDOUT_FILENO);
       if(sret == -1){
 	int e = errno;
-	error(0, errno, "close");
+	error_plus(0, errno, "close");
 	switch(e){
 	case EBADF:
 	  status = EX_OSFILE;
@@ -499,7 +510,7 @@
     if(sret < 0){
       int e = errno;
       if(errno != EINTR and not feof(stdin)){
-	error(0, errno, "getline");
+	error_plus(0, errno, "getline");
 	switch(e){
 	case EBADF:
 	  status = EX_UNAVAILABLE;
@@ -528,7 +539,7 @@
     fprintf(stderr, "Restoring terminal attributes\n");
   }
   if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){
-    error(0, errno, "tcsetattr+echo");
+    error_plus(0, errno, "tcsetattr+echo");
   }
   
   if(quit_now){
@@ -536,7 +547,7 @@
     old_action.sa_handler = SIG_DFL;
     ret = sigaction(signal_received, &old_action, NULL);
     if(ret == -1){
-      error(0, errno, "sigaction");
+      error_plus(0, errno, "sigaction");
     }
     raise(signal_received);
   }

=== modified file 'plugins.d/plymouth.c'
--- plugins.d/plymouth.c	2011-12-24 23:17:02 +0000
+++ plugins.d/plymouth.c	2011-12-25 00:40:09 +0000
@@ -154,6 +154,7 @@
   return true;
 }
 
+__attribute__((nonnull (2, 3)))
 bool exec_and_wait(pid_t *pid_return, const char *path,
 		   const char **argv, bool interruptable,
 		   bool daemonize){
@@ -213,6 +214,7 @@
   return false;
 }
 
+__attribute__((nonnull))
 int is_plymouth(const struct dirent *proc_entry){
   int ret;
   {