From e02c127f8e2c5001cf90429a2ee3532d7a4e3c76 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 9 Feb 2013 19:54:08 +0100
Subject: Simplify arguments passed to su_monkeysphere_user() and gpg_sphere
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.

This patch improves argument passing like this:

  a) Each argument is passed individually (not all as a single string)
  b) Arguments containing no variables are not quoted
  c) Dynamic arguments are double-quoted ( "$@" )

Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@")
arguments are mostly¹ coollapsed into single strings, and this change is
therefore only cosmetic.

It does improve clarity, however.  Also, it eases switching to safer
quoted arguments in the future.

¹As sole excepion ma/update_users line 82 has $STRICT_MODES dual-quoted.
---
 src/monkeysphere-authentication |  2 +-
 src/share/ma/add_certifier      |  2 +-
 src/share/ma/setup              |  4 ++--
 src/share/ma/update_users       |  2 +-
 src/share/mh/add_revoker        | 10 +++++-----
 src/share/mh/publish_key        | 10 +++++-----
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 46f349a..edc7995 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -81,7 +81,7 @@ gpg_sphere() {
     GNUPGHOME="$GNUPGHOME_SPHERE"
     export GNUPGHOME
  
-    su_monkeysphere_user "gpg --fixed-list-mode --no-greeting --quiet --no-tty $@"
+    su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@"
 }
 
 # output to stdout the core fingerprint from the gpg core secret
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index de8b1d1..d456763 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
     # check the key is ok as monkeysphere user before loading
     log debug "checking keys in file..."
     fingerprint=$(su_monkeysphere_user \
-	". ${SYSSHAREDIR}/list_primary_fingerprints" < "$keyID")
+	. "${SYSSHAREDIR}/list_primary_fingerprints" < "$keyID")
 
     if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
 	failure "There was not exactly one gpg key in the file."
diff --git a/src/share/ma/setup b/src/share/ma/setup
index e65f875..6745da7 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -99,7 +99,7 @@ EOF
     # check the owner trust
     log debug "checking gpg_sphere owner trust set properly..."
     local ORIG_TRUST
-    if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then
+    if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
 	if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
 	    failure "Monkeysphere authentication trust sphere should explicitly trust the core.  It does not have proper ownertrust settings."
 	fi
@@ -112,7 +112,7 @@ EOF
     # our preferences are reasonable (i.e. 3 marginal OR 1 fully
     # trusted certifications are sufficient to grant full validity.
     log debug "checking trust model for authentication ..."
-    local TRUST_MODEL=$(gpg_sphere "--with-colons --list-keys" 2>/dev/null \
+    local TRUST_MODEL=$(gpg_sphere --with-colons --list-keys 2>/dev/null \
 	| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
     log debug "sphere trust model: $TRUST_MODEL"
     if [ "$TRUST_MODEL" != '1:3:1' ] ; then
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 1330c8d..991c302 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -79,7 +79,7 @@ for uname in $unames ; do
 
 	    # process authorized_user_ids file, as monkeysphere user
 	    su_monkeysphere_user \
-		". ${SYSSHAREDIR}/process_authorized_user_ids '$STRICT_MODES' -" \
+		. "${SYSSHAREDIR}/process_authorized_user_ids" "'$STRICT_MODES'" - \
 		< "$authorizedUserIDs" \
 		> "$tmpAuthorizedKeys"
 
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index da6f71e..4647372 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
     # check the key is ok as monkeysphere user before loading
     log debug "checking keys in file..."
     fingerprint=$(su_monkeysphere_user \
-	". ${SYSSHAREDIR}/list_primary_fingerprints" < "$revokerKeyID")
+	. "${SYSSHAREDIR}/list_primary_fingerprints" < "$revokerKeyID")
 
     if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
 	failure "There was not exactly one gpg key in the file."
@@ -71,12 +71,12 @@ else
 
     # download the key from the keyserver as the monkeysphere user
     log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..."
-    su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${revokerKeyID}!" \
+    su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \
 	|| failure "Could not receive a key with this ID from keyserver '$KEYSERVER'."
 
     # get the full fingerprint of new revoker key
     log debug "getting fingerprint of revoker key..."
-    fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint ${revokerKeyID}" \
+    fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \
 	| grep '^fpr:' | cut -d: -f10)
 
     # test that there is only a single fingerprint
@@ -90,7 +90,7 @@ EOF
     fi
 
     log info "revoker key found:"
-    su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!"
+    su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!"
 
     if [ "$PROMPT" = "true" ] ; then
 	printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2
@@ -104,7 +104,7 @@ EOF
 
     # export the new key to the host keyring
     log debug "loading revoker key into host keyring..."
-    su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --export 0x${fingerprint}!" \
+    su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \
 	| gpg_host --import
 fi
 
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index c8da847..9c41bc2 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -40,20 +40,20 @@ trap "rm -rf $GNUPGHOME" EXIT
 
 # import the key into the tmp dir
 su_monkeysphere_user \
-    "gpg --quiet --import" <"$HOST_KEY_FILE"
+    gpg --quiet --import <"$HOST_KEY_FILE"
 
-KEYSERVER_OPTIONS=""
+ANCHORFILE=""
 for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
-    if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile"  ] ; then
+    if [ -z "$ANCHORFILE" ] && [ -r "$anchorfile"  ] ; then
 	log debug "using trust anchor file: $anchorfile"
-        KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'"
+	ANCHORFILE="$anchorfile"
     fi
 done
 
 # publish key
 log debug "publishing key with the following gpg command line and options:"
 su_monkeysphere_user \
-    "gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'"
+    gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!"
 
 # remove the tmp file
 trap - EXIT
-- 
cgit v1.2.3