tokenadm(8) is already pledged, do the same for tokeninit(8).

- bring comment in both programms in line
- tokeninit(8) needs "tty" for readpassphrase(3)
- call token_init() after pledge(2)
- fix whitespace
OK millert@

1 files changed, 10 insertions, 2 deletions

diff --git a/usr.sbin/tokeninit/tokeninit.c b/usr.sbin/tokeninit/tokeninit.c
index e9b34482802..a40ab28bb59 100644
--- a/usr.sbin/tokeninit/tokeninit.c
+++ b/usr.sbin/tokeninit/tokeninit.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tokeninit.c,v 1.11 2016/02/12 00:10:59 mmcc Exp $	*/
+/*	$OpenBSD: tokeninit.c,v 1.12 2016/03/22 00:06:55 bluhm Exp $	*/
 
 /*-
  * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -75,11 +75,19 @@ main(int argc, char **argv)
 
 	openlog(NULL, LOG_ODELAY, LOG_AUTH);
 
+	/*
+	 * Make sure we never dump core as we might have a
+	 * valid user shared-secret in memory.
+	 */
+
 	cds.rlim_cur = 0;
 	cds.rlim_max = 0;
 	if (setrlimit(RLIMIT_CORE, &cds) < 0)
 		syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
 
+	if (pledge("stdio rpath wpath cpath fattr flock getpw tty", NULL) == -1)
+		err(1, "pledge");
+
 	if (token_init(argv[0]) < 0) {
 		syslog(LOG_ERR, "unknown token type");
 		errx(1, "unknown token type");
@@ -90,7 +98,7 @@ main(int argc, char **argv)
 	else
 		optstr = "fm:sv";
 
-    	while ((c = getopt(argc, argv, optstr)) != -1)
+	while ((c = getopt(argc, argv, optstr)) != -1)
 		switch (c) {
 		case 'f':	/* force initialize existing user account */
 			cmd |= TOKEN_FORCEINIT;