From 7c76d17a9cebdca7824a0d72fb5585681ef51064 Mon Sep 17 00:00:00 2001
From: Vojtech Trefny <vtrefny@redhat.com>
Date: Sun, 25 Jul 2021 18:08:22 +0200
Subject: [PATCH] ssh token: Make strings in the plugin translatable

---
 po/POTFILES.in              |  2 +
 tokens/ssh/cryptsetup-ssh.c | 73 ++++++++++++++++++++-----------------
 tokens/ssh/ssh-utils.c      | 21 ++++++-----
 3 files changed, 52 insertions(+), 44 deletions(-)

diff --git a/po/POTFILES.in b/po/POTFILES.in
index 7544dc5a..6add5fbf 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -49,3 +49,5 @@ src/utils_password.c
 src/utils_luks2.c
 src/utils_blockdev.c
 src/utils_args.c
+tokens/ssh/cryptsetup-ssh.c
+tokens/ssh/ssh-utils.c
diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c
index 1843a8fd..92b61a4c 100644
--- a/tokens/ssh/cryptsetup-ssh.c
+++ b/tokens/ssh/cryptsetup-ssh.c
@@ -105,7 +105,7 @@ static int token_add(
 
 	r = crypt_token_json_set(cd, CRYPT_ANY_TOKEN, string_token);
 	if (r < 0) {
-		l_err(cd, "Failed to write ssh token json.");
+		l_err(cd, _("Failed to write ssh token json."));
 		goto out;
 	}
 
@@ -123,30 +123,30 @@ out:
 
 const char *argp_program_version = "cryptsetup-ssh " PACKAGE_VERSION;
 
-static char doc[] = "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected " \
-		    "to an SSH server\v" \
-		    "This plugin currently allows only adding a token to an existing key slot.\n\n" \
-		    "Specified SSH server must contain a key file on the specified path with " \
-		    "a passphrase for an existing key slot on the device.\n" \
-		    "Provided credentials will be used by cryptsetup to get the password when " \
-		    "opening the device using the token.\n\n" \
-		    "Note: The information provided when adding the token (SSH server address, user and paths) " \
-		    "will be stored in the LUKS2 header in plaintext.";
+static char doc[] = N_("Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected " \
+		       "to an SSH server\v" \
+		       "This plugin currently allows only adding a token to an existing key slot.\n\n" \
+		       "Specified SSH server must contain a key file on the specified path with " \
+		       "a passphrase for an existing key slot on the device.\n" \
+		       "Provided credentials will be used by cryptsetup to get the password when " \
+		       "opening the device using the token.\n\n" \
+		       "Note: The information provided when adding the token (SSH server address, user and paths) " \
+		       "will be stored in the LUKS2 header in plaintext.");
 
-static char args_doc[] = "<action> <device>";
+static char args_doc[] = N_("<action> <device>");
 
 static struct argp_option options[] = {
-	{0,		0,		0,	  0, "Options for the 'add' action:" },
-	{"ssh-server",	OPT_SSH_SERVER, "STRING", 0, "IP address/URL of the remote server for this token" },
-	{"ssh-user",	OPT_SSH_USER, 	"STRING", 0, "Username used for the remote server" },
-	{"ssh-path",	OPT_SSH_PATH,	"STRING", 0, "Path to the key file on the remote server"},
-	{"ssh-keypath",	OPT_KEY_PATH, 	"STRING", 0, "Path to the SSH key for connecting to the remote server" },
-	{"key-slot",	OPT_KEY_SLOT,	"NUM",	  0, "Keyslot to assing the token to. If not specified, token will "\
-						     "be assigned to the first keyslot matching provided passphrase."},
-	{0,		0,		0,	  0, "Generic options:" },
-	{"verbose",	'v',		0,	  0, "Shows more detailed error messages"},
-	{"debug",	OPT_DEBUG,	0,	  0, "Show debug messages"},
-	{"debug-json",  OPT_DEBUG_JSON, 0,	  0, "Show debug messages including JSON metadata"},
+	{0,		0,		0,	  0, N_("Options for the 'add' action:")},
+	{"ssh-server",	OPT_SSH_SERVER, "STRING", 0, N_("IP address/URL of the remote server for this token")},
+	{"ssh-user",	OPT_SSH_USER, 	"STRING", 0, N_("Username used for the remote server")},
+	{"ssh-path",	OPT_SSH_PATH,	"STRING", 0, N_("Path to the key file on the remote server")},
+	{"ssh-keypath",	OPT_KEY_PATH, 	"STRING", 0, N_("Path to the SSH key for connecting to the remote server")},
+	{"key-slot",	OPT_KEY_SLOT,	"NUM",	  0, N_("Keyslot to assing the token to. If not specified, token will "\
+						        "be assigned to the first keyslot matching provided passphrase.")},
+	{0,		0,		0,	  0, N_("Generic options:")},
+	{"verbose",	'v',		0,	  0, N_("Shows more detailed error messages")},
+	{"debug",	OPT_DEBUG,	0,	  0, N_("Show debug messages")},
+	{"debug-json",  OPT_DEBUG_JSON, 0,	  0, N_("Show debug messages including JSON metadata")},
 	{ NULL,		0, 		0, 0, NULL }
 };
 
@@ -257,12 +257,13 @@ static int get_keyslot_for_passphrase(struct arguments *arguments, const char *p
 	r = ssh_pki_import_privkey_file(arguments->ssh_keypath, pin, NULL, NULL, &pkey);
 	if (r != SSH_OK) {
 		if (r == SSH_EOF) {
-			crypt_log(cd, CRYPT_LOG_ERROR, "Failed to open and import private key:\n");
+			crypt_log(cd, CRYPT_LOG_ERROR, _("Failed to open and import private key:\n"));
 			crypt_free(cd);
 			return -EINVAL;
 		} else {
-			_log(CRYPT_LOG_ERROR, "Failed to import private key (password protected?).\n", NULL);
-			r = asprintf(&prompt, "%s@%s's password: ", arguments->ssh_user, arguments->ssh_server);
+			_log(CRYPT_LOG_ERROR, _("Failed to import private key (password protected?).\n"), NULL);
+			/* TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " */
+			r = asprintf(&prompt, _("%s@%s's password: "), arguments->ssh_user, arguments->ssh_server);
 			if (r < 0) {
 				crypt_safe_free(ssh_pass);
 				crypt_free(cd);
@@ -345,9 +346,13 @@ int main(int argc, char *argv[])
 	struct arguments arguments = { 0 };
 	arguments.keyslot = CRYPT_ANY_SLOT;
 
+	setlocale(LC_ALL, "");
+	bindtextdomain(PACKAGE, LOCALEDIR);
+	textdomain(PACKAGE);
+
 	ret = argp_parse (&argp, argc, argv, 0, 0, &arguments);
 	if (ret != 0) {
-		printf("Failed to parse arguments.\n");
+		printf(_("Failed to parse arguments.\n"));
 		return EXIT_FAILURE;
 	}
 
@@ -358,40 +363,40 @@ int main(int argc, char *argv[])
 		crypt_set_debug_level(CRYPT_DEBUG_JSON);
 
 	if (arguments.action == NULL) {
-		printf("An action must be specified\n");
+		printf(_("An action must be specified\n"));
 		return EXIT_FAILURE;
 	}
 
 	if (strcmp("add", arguments.action) == 0) {
 		if (!arguments.device) {
-			printf("Device must be specified for '%s' action.\n", arguments.action);
+			printf(_("Device must be specified for '%s' action.\n"), arguments.action);
 			return EXIT_FAILURE;
 		}
 
 		if (!arguments.ssh_server) {
-			printf("SSH server must be specified for '%s' action.\n", arguments.action);
+			printf(_("SSH server must be specified for '%s' action.\n"), arguments.action);
 			return EXIT_FAILURE;
 		}
 
 		if (!arguments.ssh_user) {
-			printf("SSH user must be specified for '%s' action.\n", arguments.action);
+			printf(_("SSH user must be specified for '%s' action.\n"), arguments.action);
 			return EXIT_FAILURE;
 		}
 
 		if (!arguments.ssh_path) {
-			printf("SSH path must be specified for '%s' action.\n", arguments.action);
+			printf(_("SSH path must be specified for '%s' action.\n"), arguments.action);
 			return EXIT_FAILURE;
 		}
 
 		if (!arguments.ssh_keypath) {
-			printf("SSH key path must be specified for '%s' action.\n", arguments.action);
+			printf(_("SSH key path must be specified for '%s' action.\n"), arguments.action);
 			return EXIT_FAILURE;
 		}
 
 		if (arguments.keyslot == CRYPT_ANY_SLOT) {
 			ret = get_keyslot_for_passphrase(&arguments, NULL);
 			if (ret != 0) {
-				printf("Failed open %s using provided credentials.\n", arguments.device);
+				printf(_("Failed open %s using provided credentials.\n"), arguments.device);
 				return EXIT_FAILURE;
 			}
 		}
@@ -407,7 +412,7 @@ int main(int argc, char *argv[])
 		else
 			return EXIT_SUCCESS;
 	} else {
-		printf("Only 'add' action is currently supported by this plugin.\n");
+		printf(_("Only 'add' action is currently supported by this plugin.\n"));
 		return EXIT_FAILURE;
 	}
 }
diff --git a/tokens/ssh/ssh-utils.c b/tokens/ssh/ssh-utils.c
index 2601dbd0..2c663683 100644
--- a/tokens/ssh/ssh-utils.c
+++ b/tokens/ssh/ssh-utils.c
@@ -27,6 +27,7 @@
 #include <fcntl.h>
 #include <libcryptsetup.h>
 #include "ssh-utils.h"
+#include "../lib/nls.h"
 
 #define KEYFILE_LENGTH_MAX 8192
 
@@ -42,27 +43,27 @@ int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh,
 
 	sftp = sftp_new(ssh);
 	if (!sftp) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Cannot create sftp session: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot create sftp session: "));
 		r = SSH_FX_FAILURE;
 		goto out;
 	}
 
 	r = sftp_init(sftp);
 	if (r != SSH_OK) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Cannot init sftp session: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot init sftp session: "));
 		goto out;
 	}
 
 	file = sftp_open(sftp, path, O_RDONLY, 0);
 	if (!file) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Cannot create sftp session: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot create sftp session: "));
 		r = SSH_FX_FAILURE;
 		goto out;
 	}
 
 	sftp_attr = sftp_fstat(file);
 	if (!sftp_attr) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Cannot stat sftp file: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot stat sftp file: "));
 		r = SSH_FX_FAILURE;
 		goto out;
 	}
@@ -70,14 +71,14 @@ int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh,
 	pass_len = sftp_attr->size > KEYFILE_LENGTH_MAX ? KEYFILE_LENGTH_MAX : sftp_attr->size;
 	pass = malloc(pass_len);
 	if (!pass) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Not enough memory.\n");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Not enough memory.\n"));
 		r = SSH_FX_FAILURE;
 		goto out;
 	}
 
 	r = sftp_read(file, pass, pass_len);
 	if (r < 0 || (size_t)r != pass_len) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Cannot read remote key: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot read remote key: "));
 		r = SSH_FX_FAILURE;
 		goto out;
 	}
@@ -118,13 +119,13 @@ ssh_session sshplugin_session_init(struct crypt_device *cd, const char *host, co
 
 	r = ssh_connect(ssh);
 	if (r != SSH_OK) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Connection failed: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Connection failed: "));
 		goto out;
 	}
 
 	r = ssh_session_is_known_server(ssh);
 	if (r != SSH_SERVER_KNOWN_OK) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Server not known: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Server not known: "));
 		r = SSH_AUTH_ERROR;
 		goto out;
 	}
@@ -152,7 +153,7 @@ int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ss
 	crypt_log(cd, CRYPT_LOG_DEBUG, "Trying public key authentication method.\n");
 
 	if (!(ssh_userauth_list(ssh, NULL) & SSH_AUTH_METHOD_PUBLICKEY)) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Public key auth method not allowed on host.\n");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Public key auth method not allowed on host.\n"));
 		return SSH_AUTH_ERROR;
 	}
 
@@ -163,7 +164,7 @@ int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ss
 	}
 
 	if (r != SSH_AUTH_SUCCESS) {
-		crypt_log(cd, CRYPT_LOG_ERROR, "Public key authentication error: ");
+		crypt_log(cd, CRYPT_LOG_ERROR, _("Public key authentication error: "));
 		crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
 		crypt_log(cd, CRYPT_LOG_ERROR, "\n");
 	}