diff --git a/auth.c b/auth.c index 915494e4..aa402492 100644 --- a/auth.c +++ b/auth.c @@ -121,7 +121,7 @@ static int parse_auth_choice(struct openconnect_info *vpninfo, struct oc_auth_fo opt->form.label = (char *)xmlGetProp(xml_node, (unsigned char *)"label"); if (!opt->form.name) { - vpn_progress(vpninfo, PRG_ERR, "Form choice has no name\n"); + vpn_progress(vpninfo, PRG_ERR, _("Form choice has no name\n")); free(opt); return -EINVAL; } @@ -184,13 +184,15 @@ static int parse_form(struct openconnect_info *vpninfo, struct oc_auth_form *for continue; } if (strcmp((char *)xml_node->name, "input")) { - vpn_progress(vpninfo, PRG_TRACE, "name %s not input\n", xml_node->name); + vpn_progress(vpninfo, PRG_TRACE, + _("name %s not input\n"), xml_node->name); continue; } input_type = (char *)xmlGetProp(xml_node, (unsigned char *)"type"); if (!input_type) { - vpn_progress(vpninfo, PRG_INFO, "No input type in form\n"); + vpn_progress(vpninfo, PRG_INFO, + _("No input type in form\n")); continue; } @@ -201,7 +203,8 @@ static int parse_form(struct openconnect_info *vpninfo, struct oc_auth_form *for input_name = (char *)xmlGetProp(xml_node, (unsigned char *)"name"); if (!input_name) { - vpn_progress(vpninfo, PRG_INFO, "No input name in form\n"); + vpn_progress(vpninfo, PRG_INFO, + _("No input name in form\n")); free(input_type); continue; } @@ -224,8 +227,8 @@ static int parse_form(struct openconnect_info *vpninfo, struct oc_auth_form *for opt->type = OC_FORM_OPT_PASSWORD; else { vpn_progress(vpninfo, PRG_INFO, - "Unknown input type %s in form\n", - input_type); + _("Unknown input type %s in form\n"), + input_type); free(input_type); free(input_name); free(input_label); @@ -244,7 +247,7 @@ static int parse_form(struct openconnect_info *vpninfo, struct oc_auth_form *for *p = opt; } - vpn_progress(vpninfo, PRG_TRACE, "Fixed options give %s\n", body); + vpn_progress(vpninfo, PRG_TRACE, _("Fixed options give %s\n"), body); return 0; } @@ -331,15 +334,18 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, xml_doc = xmlReadMemory(response, strlen(response), "noname.xml", NULL, 0); if (!xml_doc) { - vpn_progress(vpninfo, PRG_ERR, "Failed to parse server response\n"); - vpn_progress(vpninfo, PRG_TRACE, "Response was:%s\n", response); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to parse server response\n")); + vpn_progress(vpninfo, PRG_TRACE, + _("Response was:%s\n"), response); free(form); return -EINVAL; } xml_node = xmlDocGetRootElement(xml_doc); if (xml_node->type != XML_ELEMENT_NODE || strcmp((char *)xml_node->name, "auth")) { - vpn_progress(vpninfo, PRG_ERR, "XML response has no \"auth\" root node\n"); + vpn_progress(vpninfo, PRG_ERR, + _("XML response has no \"auth\" root node\n")); ret = -EINVAL; goto out; } @@ -351,7 +357,8 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, } if (vpninfo->nopasswd) { - vpn_progress(vpninfo, PRG_ERR, "Asked for password but '--no-passwd' set\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Asked for password but '--no-passwd' set\n")); ret = -EPERM; goto out; } @@ -376,8 +383,8 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, if (!form->method || !form->action || strcasecmp(form->method, "POST") || !form->action[0]) { vpn_progress(vpninfo, PRG_ERR, - "Cannot handle form method='%s', action='%s'\n", - form->method, form->action); + _("Cannot handle form method='%s', action='%s'\n"), + form->method, form->action); ret = -EINVAL; goto out; } @@ -496,7 +503,7 @@ static int process_auth_form(struct openconnect_info *vpninfo, choice_resp[0] = 0; if (!ui) { - vpn_progress(vpninfo, PRG_ERR, "Failed to create UI\n"); + vpn_progress(vpninfo, PRG_ERR, _("Failed to create UI\n")); return -EINVAL; } if (form->banner) { @@ -539,8 +546,8 @@ static int process_auth_form(struct openconnect_info *vpninfo, } if (!opt->value) vpn_progress(vpninfo, PRG_ERR, - "Auth choice \"%s\" not available\n", - vpninfo->authgroup); + _("Auth choice \"%s\" not available\n"), + vpninfo->authgroup); } if (!opt->value && select_opt->nr_choices == 1) { choice = &select_opt->choices[0]; @@ -619,7 +626,7 @@ static int process_auth_form(struct openconnect_info *vpninfo, goto out_ui; case -1: /* error */ - vpn_progress(vpninfo, PRG_ERR, "Invalid inputs\n"); + vpn_progress(vpninfo, PRG_ERR, _("Invalid inputs\n")); ret = -EINVAL; out_ui: UI_free(ui); @@ -642,8 +649,8 @@ static int process_auth_form(struct openconnect_info *vpninfo, } if (!select_opt->form.value) { vpn_progress(vpninfo, PRG_ERR, - "Auth choice \"%s\" not valid\n", - choice_resp); + _("Auth choice \"%s\" not valid\n"), + choice_resp); return -EINVAL; } } diff --git a/cstp.c b/cstp.c index b06f2afd..990111fb 100644 --- a/cstp.c +++ b/cstp.c @@ -129,15 +129,16 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA"); if (openconnect_SSL_gets(vpninfo->https_ssl, buf, 65536) < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error fetching HTTPS response\n")); if (!retried) { retried = 1; openconnect_close_https(vpninfo); if (openconnect_open_https(vpninfo)) { vpn_progress(vpninfo, PRG_ERR, - "Failed to open HTTPS connection to %s\n", - vpninfo->hostname); + _("Failed to open HTTPS connection to %s\n"), + vpninfo->hostname); exit(1); } goto retry; @@ -155,20 +156,20 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) break; } } - vpn_progress(vpninfo, PRG_ERR, "VPN service unavailable; reason: %s\n", - reason); + vpn_progress(vpninfo, PRG_ERR, + _("VPN service unavailable; reason: %s\n"), + reason); return -EINVAL; } vpn_progress(vpninfo, PRG_ERR, - "Got inappropriate HTTP CONNECT response: %s\n", - buf); + _("Got inappropriate HTTP CONNECT response: %s\n"), + buf); if (!strncmp(buf, "HTTP/1.1 401 ", 13)) exit(2); return -EINVAL; } - vpn_progress(vpninfo, PRG_INFO, - "Got CONNECT response: %s\n", buf); + vpn_progress(vpninfo, PRG_INFO, _("Got CONNECT response: %s\n"), buf); /* We may have advertised it, but we only do it if the server agrees */ vpninfo->deflate = 0; @@ -190,7 +191,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) new_option = malloc(sizeof(*new_option)); if (!new_option) { - vpn_progress(vpninfo, PRG_ERR, "No memory for options\n"); + vpn_progress(vpninfo, PRG_ERR, _("No memory for options\n")); return -ENOMEM; } new_option->option = strdup(buf); @@ -198,7 +199,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) new_option->next = NULL; if (!new_option->option || !new_option->value) { - vpn_progress(vpninfo, PRG_ERR, "No memory for options\n"); + vpn_progress(vpninfo, PRG_ERR, _("No memory for options\n")); return -ENOMEM; } @@ -210,8 +211,10 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) if (!strcmp(buf + 7, "Session-ID")) { if (strlen(colon) != 64) { - vpn_progress(vpninfo, PRG_ERR, "X-DTLS-Session-ID not 64 characters\n"); - vpn_progress(vpninfo, PRG_ERR, "Is: %s\n", colon); + vpn_progress(vpninfo, PRG_ERR, + _("X-DTLS-Session-ID not 64 characters\n")); + vpn_progress(vpninfo, PRG_ERR, + _("Is: %s\n"), colon); vpninfo->dtls_attempt_period = 0; return -EINVAL; } @@ -240,8 +243,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) vpninfo->deflate = 1; else { vpn_progress(vpninfo, PRG_ERR, - "Unknown CSTP-Content-Encoding %s\n", - colon); + _("Unknown CSTP-Content-Encoding %s\n"), + colon); return -EINVAL; } } else if (!strcmp(buf + 7, "MTU")) { @@ -296,34 +299,39 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) } if (!vpninfo->vpn_addr && !vpninfo->vpn_addr6) { - vpn_progress(vpninfo, PRG_ERR, "No IP address received. Aborting\n"); + vpn_progress(vpninfo, PRG_ERR, + _("No IP address received. Aborting\n")); return -EINVAL; } if (old_addr) { if (strcmp(old_addr, vpninfo->vpn_addr)) { - vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different Legacy IP address (%s != %s)\n", - vpninfo->vpn_addr, old_addr); + vpn_progress(vpninfo, PRG_ERR, + _("Reconnect gave different Legacy IP address (%s != %s)\n"), + vpninfo->vpn_addr, old_addr); return -EINVAL; } } if (old_netmask) { if (strcmp(old_netmask, vpninfo->vpn_netmask)) { - vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different Legacy IP netmask (%s != %s)\n", - vpninfo->vpn_netmask, old_netmask); + vpn_progress(vpninfo, PRG_ERR, + _("Reconnect gave different Legacy IP netmask (%s != %s)\n"), + vpninfo->vpn_netmask, old_netmask); return -EINVAL; } } if (old_addr6) { if (strcmp(old_addr6, vpninfo->vpn_addr6)) { - vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different IPv6 address (%s != %s)\n", - vpninfo->vpn_addr6, old_addr6); + vpn_progress(vpninfo, PRG_ERR, + _("Reconnect gave different IPv6 address (%s != %s)\n"), + vpninfo->vpn_addr6, old_addr6); return -EINVAL; } } if (old_netmask6) { if (strcmp(old_netmask6, vpninfo->vpn_netmask6)) { - vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different IPv6 netmask (%s != %s)\n", - vpninfo->vpn_netmask6, old_netmask6); + vpn_progress(vpninfo, PRG_ERR, + _("Reconnect gave different IPv6 netmask (%s != %s)\n"), + vpninfo->vpn_netmask6, old_netmask6); return -EINVAL; } } @@ -342,8 +350,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) free(tmp->option); free(tmp); } - vpn_progress(vpninfo, PRG_INFO, "CSTP connected. DPD %d, Keepalive %d\n", - vpninfo->ssl_times.dpd, vpninfo->ssl_times.keepalive); + vpn_progress(vpninfo, PRG_INFO, _("CSTP connected. DPD %d, Keepalive %d\n"), + vpninfo->ssl_times.dpd, vpninfo->ssl_times.keepalive); BIO_set_nbio(SSL_get_rbio(vpninfo->https_ssl), 1); BIO_set_nbio(SSL_get_wbio(vpninfo->https_ssl), 1); @@ -378,14 +386,15 @@ int make_cstp_connection(struct openconnect_info *vpninfo) if (inflateInit2(&vpninfo->inflate_strm, -12) || deflateInit2(&vpninfo->deflate_strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -12, 9, Z_DEFAULT_STRATEGY)) { - vpn_progress(vpninfo, PRG_ERR, "Compression setup failed\n"); + vpn_progress(vpninfo, PRG_ERR, _("Compression setup failed\n")); vpninfo->deflate = 0; } if (!vpninfo->deflate_pkt) { vpninfo->deflate_pkt = malloc(sizeof(struct pkt) + 2048); if (!vpninfo->deflate_pkt) { - vpn_progress(vpninfo, PRG_ERR, "Allocation of deflate buffer failed\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Allocation of deflate buffer failed\n")); vpninfo->deflate = 0; } memset(vpninfo->deflate_pkt, 0, sizeof(struct pkt)); @@ -417,8 +426,8 @@ int cstp_reconnect(struct openconnect_info *vpninfo) if (timeout <= 0) return ret; vpn_progress(vpninfo, PRG_INFO, - "sleep %ds, remaining timeout %ds\n", - interval, timeout); + _("sleep %ds, remaining timeout %ds\n"), + interval, timeout); sleep(interval); if (killed) return 1; @@ -448,7 +457,7 @@ static int inflate_and_queue_packet(struct openconnect_info *vpninfo, void *buf, vpninfo->inflate_strm.total_out = 0; if (inflate(&vpninfo->inflate_strm, Z_SYNC_FLUSH)) { - vpn_progress(vpninfo, PRG_ERR, "inflate failed\n"); + vpn_progress(vpninfo, PRG_ERR, _("inflate failed\n")); free(new); return -EINVAL; } @@ -463,8 +472,8 @@ static int inflate_and_queue_packet(struct openconnect_info *vpninfo, void *buf, } vpn_progress(vpninfo, PRG_TRACE, - "Received compressed data packet of %ld bytes\n", - vpninfo->inflate_strm.total_out); + _("Received compressed data packet of %ld bytes\n"), + vpninfo->inflate_strm.total_out); queue_packet(&vpninfo->incoming_queue, new); return 0; @@ -492,36 +501,36 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) payload_len = (buf[4] << 8) + buf[5]; if (len != 8 + payload_len) { vpn_progress(vpninfo, PRG_ERR, - "Unexpected packet length. SSL_read returned %d but packet is\n", - len); + _("Unexpected packet length. SSL_read returned %d but packet is\n"), + len); vpn_progress(vpninfo, PRG_ERR, - "%02x %02x %02x %02x %02x %02x %02x %02x\n", - buf[0], buf[1], buf[2], buf[3], - buf[4], buf[5], buf[6], buf[7]); + "%02x %02x %02x %02x %02x %02x %02x %02x\n", + buf[0], buf[1], buf[2], buf[3], + buf[4], buf[5], buf[6], buf[7]); continue; } vpninfo->ssl_times.last_rx = time(NULL); switch(buf[6]) { case AC_PKT_DPD_OUT: vpn_progress(vpninfo, PRG_TRACE, - "Got CSTP DPD request\n"); + _("Got CSTP DPD request\n")); vpninfo->owe_ssl_dpd_response = 1; continue; case AC_PKT_DPD_RESP: vpn_progress(vpninfo, PRG_TRACE, - "Got CSTP DPD response\n"); + _("Got CSTP DPD response\n")); continue; case AC_PKT_KEEPALIVE: vpn_progress(vpninfo, PRG_TRACE, - "Got CSTP Keepalive\n"); + _("Got CSTP Keepalive\n")); continue; case AC_PKT_DATA: vpn_progress(vpninfo, PRG_TRACE, - "Received uncompressed data packet of %d bytes\n", - payload_len); + _("Received uncompressed data packet of %d bytes\n"), + payload_len); queue_new_packet(&vpninfo->incoming_queue, buf + 8, payload_len); work_done = 1; @@ -535,13 +544,15 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) } buf[payload_len + 8] = 0; vpn_progress(vpninfo, PRG_ERR, - "Received server disconnect: %02x '%s'\n", buf[8], buf + 9); + _("Received server disconnect: %02x '%s'\n"), + buf[8], buf + 9); vpninfo->quit_reason = "Server request"; return 1; } case AC_PKT_COMPRESSED: if (!vpninfo->deflate) { - vpn_progress(vpninfo, PRG_ERR, "Compressed packet received in !deflate mode\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Compressed packet received in !deflate mode\n")); goto unknown_pkt; } inflate_and_queue_packet(vpninfo, buf + 8, payload_len); @@ -549,16 +560,16 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) continue; case AC_PKT_TERM_SERVER: - vpn_progress(vpninfo, PRG_ERR, "received server terminate packet\n"); + vpn_progress(vpninfo, PRG_ERR, _("received server terminate packet\n")); vpninfo->quit_reason = "Server request"; return 1; } unknown_pkt: vpn_progress(vpninfo, PRG_ERR, - "Unknown packet %02x %02x %02x %02x %02x %02x %02x %02x\n", - buf[0], buf[1], buf[2], buf[3], - buf[4], buf[5], buf[6], buf[7]); + _("Unknown packet %02x %02x %02x %02x %02x %02x %02x %02x\n"), + buf[0], buf[1], buf[2], buf[3], + buf[4], buf[5], buf[6], buf[7]); vpninfo->quit_reason = "Unknown packet received"; return 1; } @@ -566,8 +577,8 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) ret = SSL_get_error(vpninfo->https_ssl, len); if (ret == SSL_ERROR_SYSCALL || ret == SSL_ERROR_ZERO_RETURN) { vpn_progress(vpninfo, PRG_ERR, - "SSL read error %d (server probably closed connection); reconnecting.\n", - ret); + _("SSL read error %d (server probably closed connection); reconnecting.\n"), + ret); goto do_reconnect; } @@ -595,14 +606,15 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) goto peer_dead; return work_done; default: - vpn_progress(vpninfo, PRG_ERR, "SSL_write failed: %d\n", ret); + vpn_progress(vpninfo, PRG_ERR, _("SSL_write failed: %d\n"), ret); report_ssl_errors(vpninfo); goto do_reconnect; } } if (ret != vpninfo->current_ssl_pkt->len + 8) { - vpn_progress(vpninfo, PRG_ERR, "SSL wrote too few bytes! Asked for %d, sent %d\n", - vpninfo->current_ssl_pkt->len + 8, ret); + vpn_progress(vpninfo, PRG_ERR, + _("SSL wrote too few bytes! Asked for %d, sent %d\n"), + vpninfo->current_ssl_pkt->len + 8, ret); vpninfo->quit_reason = "Internal error"; return 1; } @@ -626,16 +638,17 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) case KA_REKEY: /* Not that this will ever happen; we don't even process the setting when we're asked for it. */ - vpn_progress(vpninfo, PRG_INFO, "CSTP rekey due\n"); + vpn_progress(vpninfo, PRG_INFO, _("CSTP rekey due\n")); goto do_reconnect; break; case KA_DPD_DEAD: peer_dead: - vpn_progress(vpninfo, PRG_ERR, "CSTP Dead Peer Detection detected dead peer!\n"); + vpn_progress(vpninfo, PRG_ERR, + _("CSTP Dead Peer Detection detected dead peer!\n")); do_reconnect: if (cstp_reconnect(vpninfo)) { - vpn_progress(vpninfo, PRG_ERR, "Reconnect failed\n"); + vpn_progress(vpninfo, PRG_ERR, _("Reconnect failed\n")); vpninfo->quit_reason = "CSTP reconnect failed"; return 1; } @@ -644,7 +657,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) return 1; case KA_DPD: - vpn_progress(vpninfo, PRG_TRACE, "Send CSTP DPD\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Send CSTP DPD\n")); vpninfo->current_ssl_pkt = &dpd_pkt; goto handle_outgoing; @@ -655,7 +668,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) if (vpninfo->dtls_fd == -1 && vpninfo->outgoing_queue) break; - vpn_progress(vpninfo, PRG_TRACE, "Send CSTP Keepalive\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Send CSTP Keepalive\n")); vpninfo->current_ssl_pkt = &keepalive_pkt; goto handle_outgoing; @@ -682,7 +695,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) ret = deflate(&vpninfo->deflate_strm, Z_SYNC_FLUSH); if (ret) { - vpn_progress(vpninfo, PRG_ERR, "deflate failed %d\n", ret); + vpn_progress(vpninfo, PRG_ERR, _("deflate failed %d\n"), ret); goto uncompr; } @@ -702,8 +715,8 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) vpninfo->deflate_pkt->len = vpninfo->deflate_strm.total_out + 4; vpn_progress(vpninfo, PRG_TRACE, - "Sending compressed data packet of %d bytes\n", - this->len); + _("Sending compressed data packet of %d bytes\n"), + this->len); vpninfo->current_ssl_pkt = vpninfo->deflate_pkt; } else { @@ -713,8 +726,8 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) this->hdr[5] = this->len & 0xff; vpn_progress(vpninfo, PRG_TRACE, - "Sending uncompressed data packet of %d bytes\n", - this->len); + _("Sending uncompressed data packet of %d bytes\n"), + this->len); vpninfo->current_ssl_pkt = this; } @@ -751,7 +764,7 @@ int cstp_bye(struct openconnect_info *vpninfo, const char *reason) free(bye_pkt); vpn_progress(vpninfo, PRG_INFO, - "Send BYE packet: %s\n", reason); + _("Send BYE packet: %s\n"), reason); return 0; } diff --git a/dtls.c b/dtls.c index 554d94cc..561e1f67 100644 --- a/dtls.c +++ b/dtls.c @@ -119,33 +119,33 @@ int connect_dtls_socket(struct openconnect_info *vpninfo) int dtls_fd; if (!vpninfo->dtls_addr) { - vpn_progress(vpninfo, PRG_ERR, "No DTLS address\n"); + vpn_progress(vpninfo, PRG_ERR, _("No DTLS address\n")); vpninfo->dtls_attempt_period = 0; return -EINVAL; } if (!vpninfo->dtls_cipher) { /* We probably didn't offer it any ciphers it liked */ - vpn_progress(vpninfo, PRG_ERR, "Server offered no DTLS cipher option\n"); + vpn_progress(vpninfo, PRG_ERR, _("Server offered no DTLS cipher option\n")); vpninfo->dtls_attempt_period = 0; return -EINVAL; } if (vpninfo->proxy) { /* XXX: Theoretically, SOCKS5 proxies can do UDP too */ - vpn_progress(vpninfo, PRG_ERR, "No DTLS when connected via proxy\n"); + vpn_progress(vpninfo, PRG_ERR, _("No DTLS when connected via proxy\n")); vpninfo->dtls_attempt_period = 0; return -EINVAL; } dtls_fd = socket(vpninfo->peer_addr->sa_family, SOCK_DGRAM, IPPROTO_UDP); if (dtls_fd < 0) { - perror("Open UDP socket for DTLS:"); + perror(_("Open UDP socket for DTLS:")); return -EINVAL; } if (connect(dtls_fd, vpninfo->dtls_addr, vpninfo->peer_addrlen)) { - perror("UDP (DTLS) connect:\n"); + perror(_("UDP (DTLS) connect:\n")); close(dtls_fd); return -EINVAL; } @@ -156,7 +156,8 @@ int connect_dtls_socket(struct openconnect_info *vpninfo) dtls_method = DTLSv1_client_method(); vpninfo->dtls_ctx = SSL_CTX_new(dtls_method); if (!vpninfo->dtls_ctx) { - vpn_progress(vpninfo, PRG_ERR, "Initialise DTLSv1 CTX failed\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Initialise DTLSv1 CTX failed\n")); vpninfo->dtls_attempt_period = 0; return -EINVAL; } @@ -166,7 +167,8 @@ int connect_dtls_socket(struct openconnect_info *vpninfo) SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1); if (!SSL_CTX_set_cipher_list(vpninfo->dtls_ctx, vpninfo->dtls_cipher)) { - vpn_progress(vpninfo, PRG_ERR, "Set DTLS cipher list failed\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Set DTLS cipher list failed\n")); SSL_CTX_free(vpninfo->dtls_ctx); vpninfo->dtls_ctx = NULL; vpninfo->dtls_attempt_period = 0; @@ -178,7 +180,8 @@ int connect_dtls_socket(struct openconnect_info *vpninfo) /* We're going to "resume" a session which never existed. Fake it... */ vpninfo->dtls_session = SSL_SESSION_new(); if (!vpninfo->dtls_session) { - vpn_progress(vpninfo, PRG_ERR, "Initialise DTLSv1 session failed\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Initialise DTLSv1 session failed\n")); vpninfo->dtls_attempt_period = 0; return -EINVAL; } @@ -199,7 +202,7 @@ int connect_dtls_socket(struct openconnect_info *vpninfo) ciphers = SSL_get_ciphers(dtls_ssl); if (sk_SSL_CIPHER_num(ciphers) != 1) { - vpn_progress(vpninfo, PRG_ERR, "Not precisely one DTLS cipher\n"); + vpn_progress(vpninfo, PRG_ERR, _("Not precisely one DTLS cipher\n")); SSL_CTX_free(vpninfo->dtls_ctx); SSL_free(dtls_ssl); SSL_SESSION_free(vpninfo->dtls_session); @@ -217,11 +220,11 @@ int connect_dtls_socket(struct openconnect_info *vpninfo) /* Add the generated session to the SSL */ if (!SSL_set_session(dtls_ssl, vpninfo->dtls_session)) { vpn_progress(vpninfo, PRG_ERR, - "SSL_set_session() failed with old protocol version 0x%x\n" - "Are you using a version of OpenSSL older than 0.9.8m?\n" - "See http://rt.openssl.org/Ticket/Display.html?id=1751\n" - "Use the --no-dtls command line option to avoid this message\n", - vpninfo->dtls_session->ssl_version); + _("SSL_set_session() failed with old protocol version 0x%x\n" + "Are you using a version of OpenSSL older than 0.9.8m?\n" + "See http://rt.openssl.org/Ticket/Display.html?id=1751\n" + "Use the --no-dtls command line option to avoid this message\n"), + vpninfo->dtls_session->ssl_version); vpninfo->dtls_attempt_period = 0; return -EINVAL; } @@ -256,7 +259,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo) int ret = SSL_do_handshake(vpninfo->new_dtls_ssl); if (ret == 1) { - vpn_progress(vpninfo, PRG_INFO, "Established DTLS connection\n"); + vpn_progress(vpninfo, PRG_INFO, _("Established DTLS connection\n")); if (vpninfo->dtls_ssl) { /* We are replacing an old connection */ @@ -294,7 +297,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo) version, warn about it. */ if (SSLeay() < 0x1000005fL) { vpn_progress(vpninfo, PRG_ERR, - "Your OpenSSL is older than the one you built against, so DTLS may fail!"); + _("Your OpenSSL is older than the one you built against, so DTLS may fail!")); } #elif defined (HAVE_DTLS1_STOP_TIMER) dtls1_stop_timer(vpninfo->dtls_ssl); @@ -318,10 +321,10 @@ int dtls_try_handshake(struct openconnect_info *vpninfo) if (ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ) { if (time(NULL) < vpninfo->new_dtls_started + 5) return 0; - vpn_progress(vpninfo, PRG_TRACE, "DTLS handshake timed out\n"); + vpn_progress(vpninfo, PRG_TRACE, _("DTLS handshake timed out\n")); } - vpn_progress(vpninfo, PRG_ERR, "DTLS handshake failed: %d\n", ret); + vpn_progress(vpninfo, PRG_ERR, _("DTLS handshake failed: %d\n"), ret); report_ssl_errors(vpninfo); /* Kill the new (failed) connection... */ @@ -372,8 +375,8 @@ int setup_dtls(struct openconnect_info *vpninfo) while (dtls_opt) { vpn_progress(vpninfo, PRG_TRACE, - "DTLS option %s : %s\n", - dtls_opt->option, dtls_opt->value); + _("DTLS option %s : %s\n"), + dtls_opt->option, dtls_opt->value); if (!strcmp(dtls_opt->option + 7, "Port")) { dtls_port = atol(dtls_opt->value); @@ -410,8 +413,9 @@ int setup_dtls(struct openconnect_info *vpninfo) struct sockaddr_in6 *sin = (void *)vpninfo->dtls_addr; sin->sin6_port = htons(dtls_port); } else { - vpn_progress(vpninfo, PRG_ERR, "Unknown protocol family %d. Cannot do DTLS\n", - vpninfo->peer_addr->sa_family); + vpn_progress(vpninfo, PRG_ERR, + _("Unknown protocol family %d. Cannot do DTLS\n"), + vpninfo->peer_addr->sa_family); vpninfo->dtls_attempt_period = 0; return -EINVAL; } @@ -420,8 +424,8 @@ int setup_dtls(struct openconnect_info *vpninfo) return -EINVAL; vpn_progress(vpninfo, PRG_TRACE, - "DTLS connected. DPD %d, Keepalive %d\n", - vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive); + _("DTLS connected. DPD %d, Keepalive %d\n"), + vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive); return 0; } @@ -436,8 +440,8 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) while ( (len = SSL_read(vpninfo->dtls_ssl, buf, sizeof(buf))) > 0 ) { vpn_progress(vpninfo, PRG_TRACE, - "Received DTLS packet 0x%02x of %d bytes\n", - buf[0], len); + _("Received DTLS packet 0x%02x of %d bytes\n"), + buf[0], len); vpninfo->dtls_times.last_rx = time(NULL); @@ -448,25 +452,27 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) break; case AC_PKT_DPD_OUT: - vpn_progress(vpninfo, PRG_TRACE, "Got DTLS DPD request\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS DPD request\n")); /* FIXME: What if the packet doesn't get through? */ magic_pkt = AC_PKT_DPD_RESP; if (SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1) != 1) - vpn_progress(vpninfo, PRG_ERR, "Failed to send DPD response. Expect disconnect\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to send DPD response. Expect disconnect\n")); continue; case AC_PKT_DPD_RESP: - vpn_progress(vpninfo, PRG_TRACE, "Got DTLS DPD response\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS DPD response\n")); break; case AC_PKT_KEEPALIVE: - vpn_progress(vpninfo, PRG_TRACE, "Got DTLS Keepalive\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS Keepalive\n")); break; default: vpn_progress(vpninfo, PRG_ERR, - "Unknown DTLS packet type %02x, len %d\n", buf[0], len); + _("Unknown DTLS packet type %02x, len %d\n"), + buf[0], len); if (1) { /* Some versions of OpenSSL have bugs with receiving out-of-order * packets. Not only do they wrongly decide to drop packets if @@ -484,18 +490,18 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) switch (keepalive_action(&vpninfo->dtls_times, timeout)) { case KA_REKEY: - vpn_progress(vpninfo, PRG_INFO, "DTLS rekey due\n"); + vpn_progress(vpninfo, PRG_INFO, _("DTLS rekey due\n")); /* There ought to be a method of rekeying DTLS without tearing down the CSTP session and restarting, but we don't (yet) know it */ if (cstp_reconnect(vpninfo)) { - vpn_progress(vpninfo, PRG_ERR, "Reconnect failed\n"); + vpn_progress(vpninfo, PRG_ERR, _("Reconnect failed\n")); vpninfo->quit_reason = "CSTP reconnect failed"; return 1; } if (dtls_restart(vpninfo)) { - vpn_progress(vpninfo, PRG_ERR, "DTLS rekey failed\n"); + vpn_progress(vpninfo, PRG_ERR, _("DTLS rekey failed\n")); return 1; } work_done = 1; @@ -503,13 +509,13 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) case KA_DPD_DEAD: - vpn_progress(vpninfo, PRG_ERR, "DTLS Dead Peer Detection detected dead peer!\n"); + vpn_progress(vpninfo, PRG_ERR, _("DTLS Dead Peer Detection detected dead peer!\n")); /* Fall back to SSL, and start a new DTLS connection */ dtls_restart(vpninfo); return 1; case KA_DPD: - vpn_progress(vpninfo, PRG_TRACE, "Send DTLS DPD\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Send DTLS DPD\n")); magic_pkt = AC_PKT_DPD_OUT; SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1); @@ -524,7 +530,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) if (vpninfo->outgoing_queue) break; - vpn_progress(vpninfo, PRG_TRACE, "Send DTLS Keepalive\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Send DTLS Keepalive\n")); magic_pkt = AC_PKT_KEEPALIVE; SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1); @@ -555,7 +561,8 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) requeue the packet to be sent over SSL */ if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) { vpn_progress(vpninfo, PRG_ERR, - "DTLS got write error %d. Falling back to SSL\n", ret); + _("DTLS got write error %d. Falling back to SSL\n"), + ret); report_ssl_errors(vpninfo); dtls_restart(vpninfo); vpninfo->outgoing_queue = this; @@ -565,8 +572,8 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) } time(&vpninfo->dtls_times.last_tx); vpn_progress(vpninfo, PRG_TRACE, - "Sent DTLS packet of %d bytes; SSL_write() returned %d\n", - this->len, ret); + _("Sent DTLS packet of %d bytes; SSL_write() returned %d\n"), + this->len, ret); free(this); } @@ -576,7 +583,8 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) #warning Your version of OpenSSL does not seem to support Cisco DTLS compatibility int setup_dtls(struct openconnect_info *vpninfo) { - vpn_progress(vpninfo, PRG_ERR, "Built against OpenSSL with no Cisco DTLS support\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Built against OpenSSL with no Cisco DTLS support\n")); return -EINVAL; } #endif diff --git a/http.c b/http.c index 7ed908b2..afd92a32 100644 --- a/http.c +++ b/http.c @@ -59,7 +59,8 @@ static int http_add_cookie(struct openconnect_info *vpninfo, if (*value) { new = malloc(sizeof(*new)); if (!new) { - vpn_progress(vpninfo, PRG_ERR, "No memory for allocating cookies\n"); + vpn_progress(vpninfo, PRG_ERR, + _("No memory for allocating cookies\n")); return -ENOMEM; } new->next = NULL; @@ -113,7 +114,8 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, cont: if (openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)) < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error fetching HTTPS response\n")); return -EINVAL; } @@ -121,24 +123,27 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, closeconn = 1; if ((!closeconn && strncmp(buf, "HTTP/1.1 ", 9)) || !(*result = atoi(buf+9))) { - vpn_progress(vpninfo, PRG_ERR, "Failed to parse HTTP response '%s'\n", buf); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to parse HTTP response '%s'\n"), buf); return -EINVAL; } vpn_progress(vpninfo, (*result==200)?PRG_TRACE:PRG_INFO, - "Got HTTP response: %s\n", buf); + _("Got HTTP response: %s\n"), buf); /* Eat headers... */ while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) { char *colon; if (i < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error processing HTTP response\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error processing HTTP response\n")); return -EINVAL; } colon = strchr(buf, ':'); if (!colon) { - vpn_progress(vpninfo, PRG_ERR, "Ignoring unknown HTTP response line '%s'\n", buf); + vpn_progress(vpninfo, PRG_ERR, + _("Ignoring unknown HTTP response line '%s'\n"), buf); continue; } *(colon++) = 0; @@ -157,7 +162,8 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, *semicolon = 0; if (!equals) { - vpn_progress(vpninfo, PRG_ERR, "Invalid cookie offered: %s\n", buf); + vpn_progress(vpninfo, PRG_ERR, + _("Invalid cookie offered: %s\n"), buf); return -EINVAL; } *(equals++) = 0; @@ -166,10 +172,10 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, /* Don't print the webvpn cookie unless it's empty; we don't want people posting it in public with debugging output */ if (!strcmp(colon, "webvpn") && *equals) - print_equals = ""; + print_equals = _(""); vpn_progress(vpninfo, PRG_TRACE, "%s: %s=%s%s%s\n", - buf, colon, print_equals, semicolon?";":"", - semicolon?(semicolon+1):""); + buf, colon, print_equals, semicolon?";":"", + semicolon?(semicolon+1):""); ret = http_add_cookie(vpninfo, colon, equals); if (ret) @@ -199,8 +205,9 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (!strcasecmp(buf, "Content-Length")) { bodylen = atoi(colon); if (bodylen < 0) { - vpn_progress(vpninfo, PRG_ERR, "Response body has negative size (%d)\n", - bodylen); + vpn_progress(vpninfo, PRG_ERR, + _("Response body has negative size (%d)\n"), + bodylen); return -EINVAL; } } @@ -208,7 +215,9 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (!strcasecmp(colon, "chunked")) bodylen = BODY_CHUNKED; else { - vpn_progress(vpninfo, PRG_ERR, "Unknown Transfer-Encoding: %s\n", colon); + vpn_progress(vpninfo, PRG_ERR, + _("Unknown Transfer-Encoding: %s\n"), + colon); return -EINVAL; } } @@ -221,10 +230,10 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, goto cont; /* Now the body, if there is one */ - vpn_progress(vpninfo, PRG_TRACE, "HTTP body %s (%d)\n", - bodylen==BODY_HTTP10?"http 1.0" : - bodylen==BODY_CHUNKED?"chunked" : "length: ", - bodylen); + vpn_progress(vpninfo, PRG_TRACE, _("HTTP body %s (%d)\n"), + bodylen==BODY_HTTP10?"http 1.0" : + bodylen==BODY_CHUNKED?"chunked" : "length: ", + bodylen); /* If we were given Content-Length, it's nice and easy... */ if (bodylen > 0) { @@ -234,7 +243,8 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, while (done < bodylen) { i = SSL_read(vpninfo->https_ssl, body + done, bodylen - done); if (i < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error reading HTTP response body\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error reading HTTP response body\n")); free(body); return -EINVAL; } @@ -246,7 +256,8 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, int chunklen, lastchunk = 0; if (i < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error fetching chunk header\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error fetching chunk header\n")); exit(1); } chunklen = strtol(buf, NULL, 16); @@ -260,7 +271,8 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, while (chunklen) { i = SSL_read(vpninfo->https_ssl, body + done, chunklen); if (i < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error reading HTTP response body\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error reading HTTP response body\n")); free(body); return -EINVAL; } @@ -270,10 +282,12 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, skip: if ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) { if (i < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error fetching HTTP response body\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error fetching HTTP response body\n")); } else { - vpn_progress(vpninfo, PRG_ERR, "Error in chunked decoding. Expected '', got: '%s'", - buf); + vpn_progress(vpninfo, PRG_ERR, + _("Error in chunked decoding. Expected '', got: '%s'"), + buf); } free(body); return -EINVAL; @@ -284,7 +298,8 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, } } else if (bodylen == BODY_HTTP10) { if (!closeconn) { - vpn_progress(vpninfo, PRG_ERR, "Cannot receive HTTP 1.0 body without closing connection\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Cannot receive HTTP 1.0 body without closing connection\n")); return -EINVAL; } @@ -364,7 +379,8 @@ static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu, sprintf(&local_sha1_ascii[i*2], "%02x", local_sha1_bin[i]); if (strcasecmp(server_sha1, local_sha1_ascii)) { - vpn_progress(vpninfo, PRG_ERR, "Downloaded config file did not match intended SHA1\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Downloaded config file did not match intended SHA1\n")); free(config_buf); return -EINVAL; } @@ -381,29 +397,31 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle if (!vpninfo->uid_csd_given && !vpninfo->csd_wrapper) { vpn_progress(vpninfo, PRG_ERR, - "Error: Server asked us to download and run a 'Cisco Secure Desktop' trojan.\n" - "This facility is disabled by default for security reasons, so you may wish to enable it."); + _("Error: Server asked us to download and run a 'Cisco Secure Desktop' trojan.\n" + "This facility is disabled by default for security reasons, so you may wish to enable it.")); return -EPERM; } #ifndef __linux__ vpn_progress(vpninfo, PRG_INFO, - "Trying to run Linux CSD trojan script."); + _("Trying to run Linux CSD trojan script.")); #endif sprintf(fname, "/tmp/csdXXXXXX"); fd = mkstemp(fname); if (fd < 0) { int err = -errno; - vpn_progress(vpninfo, PRG_ERR, "Failed to open temporary CSD script file: %s\n", - strerror(errno)); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to open temporary CSD script file: %s\n"), + strerror(errno)); return err; } ret = proxy_write(fd, (void *)buf, buflen); if (ret) { - vpn_progress(vpninfo, PRG_ERR, "Failed to write temporary CSD script file: %s\n", - strerror(ret)); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to write temporary CSD script file: %s\n"), + strerror(ret)); return ret; } fchmod(fd, 0755); @@ -421,26 +439,26 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle struct passwd *pw; if (setuid(vpninfo->uid_csd)) { - fprintf(stderr, "Failed to set uid %d\n", + fprintf(stderr, _("Failed to set uid %d\n"), vpninfo->uid_csd); exit(1); } if (!(pw = getpwuid(vpninfo->uid_csd))) { - fprintf(stderr, "Invalid user uid=%d\n", + fprintf(stderr, _("Invalid user uid=%d\n"), vpninfo->uid_csd); exit(1); } setenv("HOME", pw->pw_dir, 1); if (chdir(pw->pw_dir)) { - fprintf(stderr, "Failed to change to CSD home directory '%s': %s\n", + fprintf(stderr, _("Failed to change to CSD home directory '%s': %s\n"), pw->pw_dir, strerror(errno)); exit(1); } } if (vpninfo->uid_csd == 0 && !vpninfo->csd_wrapper) { - fprintf(stderr, "Warning: you are running insecure " - "CSD code with root privileges\n" - "\t Use command line option \"--csd-user\"\n"); + fprintf(stderr, _("Warning: you are running insecure " + "CSD code with root privileges\n" + "\t Use command line option \"--csd-user\"\n")); } if (vpninfo->uid_csd_given == 2) { /* The NM tool really needs not to get spurious output @@ -484,7 +502,8 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle csd_argv[i++] = NULL; execv(csd_argv[0], csd_argv); - vpn_progress(vpninfo, PRG_ERR, "Failed to exec CSD script %s\n", csd_argv[0]); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to exec CSD script %s\n"), csd_argv[0]); exit(1); } @@ -605,8 +624,9 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) form_buf = NULL; } if (!vpninfo->https_ssl && openconnect_open_https(vpninfo)) { - vpn_progress(vpninfo, PRG_ERR, "Failed to open HTTPS connection to %s\n", - vpninfo->hostname); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to open HTTPS connection to %s\n"), + vpninfo->hostname); return -EINVAL; } @@ -643,12 +663,12 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) if (vpninfo->port == 443) vpn_progress(vpninfo, PRG_INFO, "%s https://%s/%s\n", - method, vpninfo->hostname, - vpninfo->urlpath ?: ""); + method, vpninfo->hostname, + vpninfo->urlpath ?: ""); else vpn_progress(vpninfo, PRG_INFO, "%s https://%s:%d/%s\n", - method, vpninfo->hostname, vpninfo->port, - vpninfo->urlpath ?: ""); + method, vpninfo->hostname, vpninfo->port, + vpninfo->urlpath ?: ""); SSL_write(vpninfo->https_ssl, buf, strlen(buf)); @@ -671,8 +691,9 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) ret = internal_parse_url(vpninfo->redirect_url, NULL, &host, &port, &vpninfo->urlpath, 0); if (ret) { - vpn_progress(vpninfo, PRG_ERR, "Failed to parse redirected URL '%s': %s\n", - vpninfo->redirect_url, strerror(-ret)); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to parse redirected URL '%s': %s\n"), + vpninfo->redirect_url, strerror(-ret)); free(vpninfo->redirect_url); free(form_buf); return ret; @@ -731,8 +752,8 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) oldurl, vpninfo->redirect_url) == -1) { int err = -errno; vpn_progress(vpninfo, PRG_ERR, - "Allocating new path for relative redirect failed: %s\n", - strerror(-err)); + _("Allocating new path for relative redirect failed: %s\n"), + strerror(-err)); return err; } free(oldurl); @@ -744,8 +765,8 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) } if (!form_buf || result != 200) { vpn_progress(vpninfo, PRG_ERR, - "Unexpected %d result from server\n", - result); + _("Unexpected %d result from server\n"), + result); free(form_buf); return -EINVAL; } @@ -763,12 +784,14 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) if (strncmp(form_buf, "urlpath); + vpn_progress(vpninfo, PRG_INFO, + _("Refreshing %s after 1 second...\n"), + vpninfo->urlpath); sleep(1); goto retry; } - vpn_progress(vpninfo, PRG_ERR, "Unknown response from server\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Unknown response from server\n")); free(form_buf); return -EINVAL; } @@ -893,15 +916,15 @@ static int proxy_read(int fd, unsigned char *buf, size_t len) } static const char *socks_errors[] = { - "request granted", - "general failure", - "connection not allowed by ruleset", - "network unreachable", - "host unreachable", - "connection refused by destination host", - "TTL expired", - "command not supported / protocol error", - "address type not supported" + N_("request granted"), + N_("general failure"), + N_("connection not allowed by ruleset"), + N_("network unreachable"), + N_("host unreachable"), + N_("connection refused by destination host"), + N_("TTL expired"), + N_("command not supported / protocol error"), + N_("address type not supported") }; static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock) @@ -915,38 +938,39 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock) if ((i = proxy_write(ssl_sock, buf, 3))) { vpn_progress(vpninfo, PRG_ERR, - "Error writing auth request to SOCKS proxy: %s\n", - strerror(-i)); + _("Error writing auth request to SOCKS proxy: %s\n"), + strerror(-i)); return i; } if ((i = proxy_read(ssl_sock, buf, 2))) { vpn_progress(vpninfo, PRG_ERR, - "Error reading auth response from SOCKS proxy: %s\n", - strerror(-i)); + _("Error reading auth response from SOCKS proxy: %s\n"), + strerror(-i)); return i; } if (buf[0] != 5) { vpn_progress(vpninfo, PRG_ERR, - "Unexpected auth response from SOCKS proxy: %02x %02x\n", - buf[0], buf[1]); + _("Unexpected auth response from SOCKS proxy: %02x %02x\n"), + buf[0], buf[1]); return -EIO; } if (buf[1]) { socks_err: if (buf[1] < sizeof(socks_errors) / sizeof(socks_errors[0])) vpn_progress(vpninfo, PRG_ERR, - "SOCKS proxy error %02x: %s\n", - buf[1], socks_errors[buf[1]]); + _("SOCKS proxy error %02x: %s\n"), + buf[1], _(socks_errors[buf[1]])); else vpn_progress(vpninfo, PRG_ERR, - "SOCKS proxy error %02x\n", - buf[1]); + _("SOCKS proxy error %02x\n"), + buf[1]); return -EIO; } - vpn_progress(vpninfo, PRG_INFO, "Requesting SOCKS proxy connection to %s:%d\n", - vpninfo->hostname, vpninfo->port); + vpn_progress(vpninfo, PRG_INFO, + _("Requesting SOCKS proxy connection to %s:%d\n"), + vpninfo->hostname, vpninfo->port); buf[0] = 5; /* SOCKS version */ buf[1] = 1; /* CONNECT */ @@ -960,22 +984,22 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock) if ((i = proxy_write(ssl_sock, buf, i))) { vpn_progress(vpninfo, PRG_ERR, - "Error writing connect request to SOCKS proxy: %s\n", - strerror(-i)); + _("Error writing connect request to SOCKS proxy: %s\n"), + strerror(-i)); return i; } /* Read 5 bytes -- up to and including the first byte of the returned address (which might be the length byte of a domain name) */ if ((i = proxy_read(ssl_sock, buf, 5))) { vpn_progress(vpninfo, PRG_ERR, - "Error reading connect response from SOCKS proxy: %s\n", - strerror(-i)); + _("Error reading connect response from SOCKS proxy: %s\n"), + strerror(-i)); return i; } if (buf[0] != 5) { vpn_progress(vpninfo, PRG_ERR, - "Unexpected connect response from SOCKS proxy: %02x %02x...\n", - buf[0], buf[1]); + _("Unexpected connect response from SOCKS proxy: %02x %02x...\n"), + buf[0], buf[1]); return -EIO; } if (buf[1]) @@ -994,15 +1018,15 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock) break; default: vpn_progress(vpninfo, PRG_ERR, - "Unexpected address type %02x in SOCKS connect response\n", - buf[3]); + _("Unexpected address type %02x in SOCKS connect response\n"), + buf[3]); return -EIO; } if ((i = proxy_read(ssl_sock, buf, i))) { vpn_progress(vpninfo, PRG_ERR, - "Error reading connect response from SOCKS proxy: %s\n", - strerror(-i)); + _("Error reading connect response from SOCKS proxy: %s\n"), + strerror(-i)); return i; } return 0; @@ -1021,42 +1045,46 @@ static int process_http_proxy(struct openconnect_info *vpninfo, int ssl_sock) sprintf(buf + strlen(buf), "Accept-Encoding: identity\r\n"); sprintf(buf + strlen(buf), "\r\n"); - vpn_progress(vpninfo, PRG_INFO, "Requesting HTTP proxy connection to %s:%d\n", - vpninfo->hostname, vpninfo->port); + vpn_progress(vpninfo, PRG_INFO, + _("Requesting HTTP proxy connection to %s:%d\n"), + vpninfo->hostname, vpninfo->port); if (proxy_write(ssl_sock, (unsigned char *)buf, strlen(buf))) { result = -errno; - vpn_progress(vpninfo, PRG_ERR, "Sending proxy request failed: %s\n", - strerror(errno)); + vpn_progress(vpninfo, PRG_ERR, + _("Sending proxy request failed: %s\n"), + strerror(errno)); return result; } if (proxy_gets(ssl_sock, buf, sizeof(buf)) < 0) { - vpn_progress(vpninfo, PRG_ERR, "Error fetching proxy response\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error fetching proxy response\n")); return -EIO; } if (strncmp(buf, "HTTP/1.", 7) || (buf[7] != '0' && buf[7] != '1') || buf[8] != ' ' || !(result = atoi(buf+9))) { - vpn_progress(vpninfo, PRG_ERR, "Failed to parse proxy response '%s'\n", - buf); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to parse proxy response '%s'\n"), buf); return -EINVAL; } if (result != 200) { - vpn_progress(vpninfo, PRG_ERR, "Proxy CONNECT request failed: %s\n", - buf); + vpn_progress(vpninfo, PRG_ERR, + _("Proxy CONNECT request failed: %s\n"), buf); return -EIO; } while ((buflen = proxy_gets(ssl_sock, buf, sizeof(buf)))) { if (buflen < 0) { - vpn_progress(vpninfo, PRG_ERR, "Failed to read proxy response\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to read proxy response\n")); return -EIO; } vpn_progress(vpninfo, PRG_ERR, - "Unexpected continuation line after CONNECT response: '%s'\n", - buf); + _("Unexpected continuation line after CONNECT response: '%s'\n"), + buf); } return 0; @@ -1071,8 +1099,8 @@ int process_proxy(struct openconnect_info *vpninfo, int ssl_sock) !strcmp(vpninfo->proxy_type, "socks5")) return process_socks_proxy(vpninfo, ssl_sock); - vpn_progress(vpninfo, PRG_ERR, "Unknown proxy type '%s'\n", - vpninfo->proxy_type); + vpn_progress(vpninfo, PRG_ERR, _("Unknown proxy type '%s'\n"), + vpninfo->proxy_type); return -EIO; } @@ -1099,7 +1127,7 @@ int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy) strcmp(vpninfo->proxy_type, "socks") && strcmp(vpninfo->proxy_type, "socks5")) { vpn_progress(vpninfo, PRG_ERR, - "Only http or socks(5) proxies supported\n"); + _("Only http or socks(5) proxies supported\n")); free(vpninfo->proxy_type); vpninfo->proxy_type = NULL; free(vpninfo->proxy); diff --git a/main.c b/main.c index ca54f947..866ef029 100644 --- a/main.c +++ b/main.c @@ -570,17 +570,17 @@ int main(int argc, char **argv) fprintf(stderr, "Set up DTLS failed; using SSL instead\n"); vpn_progress(vpninfo, PRG_INFO, - "Connected %s as %s%s%s, using %s\n", vpninfo->ifname, - vpninfo->vpn_addr?:"", - (vpninfo->vpn_addr6 && vpninfo->vpn_addr)?" + ":"", - vpninfo->vpn_addr6?:"", - (vpninfo->dtls_fd == -1) ? - (vpninfo->deflate ? "SSL + deflate" : "SSL") - : "DTLS"); + _("Connected %s as %s%s%s, using %s\n"), vpninfo->ifname, + vpninfo->vpn_addr?:"", + (vpninfo->vpn_addr6 && vpninfo->vpn_addr)?" + ":"", + vpninfo->vpn_addr6?:"", + (vpninfo->dtls_fd == -1) ? + (vpninfo->deflate ? "SSL + deflate" : "SSL") + : "DTLS"); if (!vpninfo->vpnc_script) vpn_progress(vpninfo, PRG_INFO, - "No --script argument provided; DNS and routing are not configured\n"); + _("No --script argument provided; DNS and routing are not configured\n")); if (background) { int pid; @@ -591,7 +591,7 @@ int main(int argc, char **argv) if (pidfile != NULL) { fp = fopen(pidfile, "w"); if (!fp) { - fprintf(stderr, "Failed to open '%s' for write: %s\n", + fprintf(stderr, _("Failed to open '%s' for write: %s\n"), pidfile, strerror(errno)); exit(1); } @@ -602,7 +602,7 @@ int main(int argc, char **argv) fclose(fp); } vpn_progress(vpninfo, PRG_INFO, - "Continuing in background; pid %d\n", + _("Continuing in background; pid %d\n"), pid); exit(0); } @@ -624,7 +624,7 @@ static int write_new_config(void *_vpninfo, char *buf, int buflen) config_fd = open(vpninfo->xmlconfig, O_WRONLY|O_TRUNC|O_CREAT, 0644); if (config_fd < 0) { err = errno; - fprintf(stderr, "Failed to open %s for write: %s\n", + fprintf(stderr, _("Failed to open %s for write: %s\n"), vpninfo->xmlconfig, strerror(err)); return -err; } @@ -632,7 +632,7 @@ static int write_new_config(void *_vpninfo, char *buf, int buflen) /* FIXME: We should actually write to a new tempfile, then rename */ if(write(config_fd, buf, buflen) != buflen) { err = errno; - fprintf(stderr, "Failed to write config to %s: %s\n", + fprintf(stderr, _("Failed to write config to %s: %s\n"), vpninfo->xmlconfig, strerror(err)); return -err; @@ -721,15 +721,16 @@ static int validate_peer_cert(void *_vpninfo, X509 *peer_cert, char buf[6]; int ret; - fprintf(stderr, "\nCertificate from VPN server \"%s\" failed verification.\n" - "Reason: %s\n", vpninfo->hostname, reason); + fprintf(stderr, + _("\nCertificate from VPN server \"%s\" failed verification.\n" + "Reason: %s\n"), vpninfo->hostname, reason); if (non_inter) return -EINVAL; fflush(stderr); ui = UI_new(); - UI_add_input_string(ui, "Enter 'yes' to accept, 'no' to abort; anything else to view: ", + UI_add_input_string(ui, _("Enter 'yes' to accept, 'no' to abort; anything else to view: "), UI_INPUT_FLAG_ECHO, buf, 2, 5); ret = UI_process(ui); UI_free(ui); @@ -738,7 +739,7 @@ static int validate_peer_cert(void *_vpninfo, X509 *peer_cert, if (ret == -1) buf[0] = 0; - if (!strcasecmp(buf, "yes")) { + if (!strcasecmp(buf, _("yes"))) { struct accepted_cert *newcert = malloc(sizeof(*newcert) + strlen(vpninfo->hostname) + 1); if (newcert) { @@ -749,11 +750,11 @@ static int validate_peer_cert(void *_vpninfo, X509 *peer_cert, } return 0; } - if (!strcasecmp(buf, "no")) + if (!strcasecmp(buf, _("no"))) return -EINVAL; X509_print_fp(stderr, peer_cert); - fprintf(stderr, "SHA1 fingerprint: %s\n", fingerprint); + fprintf(stderr, _("SHA1 fingerprint: %s\n"), fingerprint); } } diff --git a/mainloop.c b/mainloop.c index 7acf76c0..4c46ac7a 100644 --- a/mainloop.c +++ b/mainloop.c @@ -86,7 +86,7 @@ int vpn_mainloop(struct openconnect_info *vpninfo) if (vpninfo->dtls_attempt_period && !vpninfo->dtls_ssl && !vpninfo->new_dtls_ssl && vpninfo->new_dtls_started + vpninfo->dtls_attempt_period < time(NULL)) { - vpn_progress(vpninfo, PRG_TRACE, "Attempt new DTLS connection\n"); + vpn_progress(vpninfo, PRG_TRACE, _("Attempt new DTLS connection\n")); connect_dtls_socket(vpninfo); } if (vpninfo->dtls_ssl) @@ -119,7 +119,7 @@ int vpn_mainloop(struct openconnect_info *vpninfo) continue; vpn_progress(vpninfo, PRG_TRACE, - "No work to do; sleeping for %d ms...\n", timeout); + _("No work to do; sleeping for %d ms...\n"), timeout); memcpy(&rfds, &vpninfo->select_rfds, sizeof(rfds)); memcpy(&wfds, &vpninfo->select_wfds, sizeof(wfds)); memcpy(&efds, &vpninfo->select_efds, sizeof(efds)); diff --git a/openconnect-internal.h b/openconnect-internal.h index b03153f7..4e4992c4 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -45,6 +45,7 @@ #else #define _(s) s #endif +#define N_(s) s /****************************************************************************/ diff --git a/ssl.c b/ssl.c index 84c5778e..67700317 100644 --- a/ssl.c +++ b/ssl.c @@ -130,8 +130,8 @@ static int pem_pw_cb(char *buf, int len, int w, void *v) if (len <= strlen(vpninfo->cert_password)) { vpn_progress(vpninfo, PRG_ERR, - "PEM password too long (%zd >= %d)\n", - strlen(vpninfo->cert_password), len); + _("PEM password too long (%zd >= %d)\n"), + strlen(vpninfo->cert_password), len); return -1; } strcpy(buf, vpninfo->cert_password); @@ -165,12 +165,14 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12 if (ERR_GET_LIB(err) == ERR_LIB_PKCS12 && ERR_GET_FUNC(err) == PKCS12_F_PKCS12_PARSE && ERR_GET_REASON(err) == PKCS12_R_MAC_VERIFY_FAILURE) { - vpn_progress(vpninfo, PRG_ERR, "Parse PKCS#12 failed (wrong passphrase?)\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Parse PKCS#12 failed (wrong passphrase?)\n")); vpninfo->cert_password = NULL; goto retrypass; } - vpn_progress(vpninfo, PRG_ERR, "Parse PKCS#12 failed (see above errors)\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Parse PKCS#12 failed (see above errors)\n")); PKCS12_free(p12); return -EINVAL; } @@ -179,7 +181,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12 SSL_CTX_use_certificate(vpninfo->https_ctx, cert); } else { vpn_progress(vpninfo, PRG_ERR, - "PKCS#12 contained no certificate!"); + _("PKCS#12 contained no certificate!")); ret = -EINVAL; } @@ -188,7 +190,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12 EVP_PKEY_free(pkey); } else { vpn_progress(vpninfo, PRG_ERR, - "PKCS#12 contained no private key!"); + _("PKCS#12 contained no private key!")); ret = -EINVAL; } @@ -207,7 +209,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12 X509_NAME_oneline(X509_get_subject_name(cert2), buf, sizeof(buf)); vpn_progress(vpninfo, PRG_DEBUG, - "Extra cert from PKCS#12: '%s'\n", buf); + _("Extra cert from PKCS#12: '%s'\n"), buf); CRYPTO_add(&cert2->references, 1, CRYPTO_LOCK_X509); SSL_CTX_add_extra_chain_cert(vpninfo->https_ctx, cert2); cert = cert2; @@ -230,13 +232,13 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo) e = ENGINE_by_id("tpm"); if (!e) { - vpn_progress(vpninfo, PRG_ERR, "Can't load TPM engine.\n"); + vpn_progress(vpninfo, PRG_ERR, _("Can't load TPM engine.\n")); report_ssl_errors(vpninfo); return -EINVAL; } if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) || !ENGINE_set_default_RAND(e)) { - vpn_progress(vpninfo, PRG_ERR, "Failed to init TPM engine\n"); + vpn_progress(vpninfo, PRG_ERR, _("Failed to init TPM engine\n")); report_ssl_errors(vpninfo); ENGINE_free(e); return -EINVAL; @@ -245,21 +247,22 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo) if (vpninfo->cert_password) { if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password), vpninfo->cert_password, NULL, 0)) { - vpn_progress(vpninfo, PRG_ERR, "Failed to set TPM SRK password\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to set TPM SRK password\n")); report_ssl_errors(vpninfo); } } key = ENGINE_load_private_key(e, vpninfo->sslkey, NULL, NULL); if (!key) { vpn_progress(vpninfo, PRG_ERR, - "Failed to load TPM private key\n"); + _("Failed to load TPM private key\n")); report_ssl_errors(vpninfo); ENGINE_free(e); ENGINE_finish(e); return -EINVAL; } if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) { - vpn_progress(vpninfo, PRG_ERR, "Add key from TPM failed\n"); + vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n")); report_ssl_errors(vpninfo); ENGINE_free(e); ENGINE_finish(e); @@ -270,8 +273,8 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo) #else static int load_tpm_certificate(struct openconnect_info *vpninfo) { - vpn_progress (vpninfo, PRG_ERR, - "This version of OpenConnect was built without TPM support\n"); + vpn_progress(vpninfo, PRG_ERR, + _("This version of OpenConnect was built without TPM support\n")); return -EINVAL; } #endif @@ -287,7 +290,7 @@ static int reload_pem_cert(struct openconnect_info *vpninfo) err: BIO_free(b); vpn_progress(vpninfo, PRG_ERR, - "Failed to reload X509 cert for expiry check\n"); + _("Failed to reload X509 cert for expiry check\n")); report_ssl_errors(vpninfo); return -EIO; } @@ -301,7 +304,7 @@ static int reload_pem_cert(struct openconnect_info *vpninfo) static int load_certificate(struct openconnect_info *vpninfo) { vpn_progress(vpninfo, PRG_TRACE, - "Using certificate file %s\n", vpninfo->cert); + _("Using certificate file %s\n"), vpninfo->cert); if (vpninfo->cert_type == CERT_TYPE_PKCS12 || vpninfo->cert_type == CERT_TYPE_UNKNOWN) { @@ -311,8 +314,8 @@ static int load_certificate(struct openconnect_info *vpninfo) f = fopen(vpninfo->cert, "r"); if (!f) { vpn_progress(vpninfo, PRG_ERR, - "Failed to open certificate file %s: %s\n", - vpninfo->cert, strerror(errno)); + _("Failed to open certificate file %s: %s\n"), + vpninfo->cert, strerror(errno)); return -ENOENT; } p12 = d2i_PKCS12_fp(f, NULL); @@ -322,7 +325,7 @@ static int load_certificate(struct openconnect_info *vpninfo) /* Not PKCS#12 */ if (vpninfo->cert_type == CERT_TYPE_PKCS12) { - vpn_progress(vpninfo, PRG_ERR, "Read PKCS#12 failed\n"); + vpn_progress(vpninfo, PRG_ERR, _("Read PKCS#12 failed\n")); report_ssl_errors(vpninfo); return -EINVAL; } @@ -334,7 +337,7 @@ static int load_certificate(struct openconnect_info *vpninfo) if (!SSL_CTX_use_certificate_chain_file(vpninfo->https_ctx, vpninfo->cert)) { vpn_progress(vpninfo, PRG_ERR, - "Loading certificate failed\n"); + _("Loading certificate failed\n")); report_ssl_errors(vpninfo); return -EINVAL; } @@ -348,8 +351,8 @@ static int load_certificate(struct openconnect_info *vpninfo) if (!f) { vpn_progress(vpninfo, PRG_ERR, - "Failed to open private key file %s: %s\n", - vpninfo->cert, strerror(errno)); + _("Failed to open private key file %s: %s\n"), + vpninfo->cert, strerror(errno)); return -ENOENT; } @@ -368,8 +371,8 @@ static int load_certificate(struct openconnect_info *vpninfo) fclose(f); if (vpninfo->cert_type == CERT_TYPE_UNKNOWN) { vpn_progress(vpninfo, PRG_ERR, - "Failed to identify private key type in '%s'\n", - vpninfo->sslkey); + _("Failed to identify private key type in '%s'\n"), + vpninfo->sslkey); return -EINVAL; } } @@ -398,11 +401,13 @@ static int load_certificate(struct openconnect_info *vpninfo) if (ERR_GET_LIB(err) == ERR_LIB_EVP && ERR_GET_FUNC(err) == EVP_F_EVP_DECRYPTFINAL_EX && ERR_GET_REASON(err) == EVP_R_BAD_DECRYPT) { - vpn_progress(vpninfo, PRG_ERR, "Loading private key failed (wrong passphrase?)\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Loading private key failed (wrong passphrase?)\n")); goto again; } - vpn_progress(vpninfo, PRG_ERR, "Loading private key failed (see above errors)\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Loading private key failed (see above errors)\n")); return -EINVAL; } return 0; @@ -447,7 +452,7 @@ static int check_server_cert(struct openconnect_info *vpninfo, X509 *cert) if (strcasecmp(vpninfo->servercert, fingerprint)) { vpn_progress(vpninfo, PRG_ERR, - "Server SSL certificate didn't match: %s\n", fingerprint); + _("Server SSL certificate didn't match: %s\n"), fingerprint); return -EINVAL; } return 0; @@ -560,15 +565,15 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert if (!match_hostname(vpninfo->hostname, str)) { vpn_progress(vpninfo, PRG_TRACE, - "Matched DNS altname '%s'\n", - str); + _("Matched DNS altname '%s'\n"), + str); GENERAL_NAMES_free(altnames); OPENSSL_free(str); return 0; } else { vpn_progress(vpninfo, PRG_TRACE, - "No match for altname '%s'\n", - str); + _("No match for altname '%s'\n"), + str); } OPENSSL_free(str); } else if (this->type == GEN_IPADD && addrlen) { @@ -581,8 +586,8 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert family = AF_INET6; } else { vpn_progress(vpninfo, PRG_ERR, - "Certificate has GEN_IPADD altname with bogus length %d\n", - this->d.ip->length); + _("Certificate has GEN_IPADD altname with bogus length %d\n"), + this->d.ip->length); continue; } @@ -592,16 +597,16 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert if (this->d.ip->length == addrlen && !memcmp(addrbuf, this->d.ip->data, addrlen)) { vpn_progress(vpninfo, PRG_TRACE, - "Matched IP%s address '%s'\n", - (family == AF_INET6)?"v6":"", - host); + _("Matched %s address '%s'\n"), + (family == AF_INET6)?"IPv6":"IPv4", + host); GENERAL_NAMES_free(altnames); return 0; } else { vpn_progress(vpninfo, PRG_TRACE, - "No match for IP%s address '%s'\n", - (family == AF_INET6)?"v6":"", - host); + _("No match for %s address '%s'\n"), + (family == AF_INET6)?"IPv6":"IPv4", + host); } } else if (this->type == GEN_URI) { char *str; @@ -640,13 +645,14 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert goto no_uri_match; if (url_path) { - vpn_progress(vpninfo, PRG_TRACE, "URI '%s' has non-empty path; ignoring\n", - str); + vpn_progress(vpninfo, PRG_TRACE, + _("URI '%s' has non-empty path; ignoring\n"), + str); goto no_uri_match_silent; } vpn_progress(vpninfo, PRG_TRACE, - "Matched URI '%s'\n", - str); + _("Matched URI '%s'\n"), + str); free(url_proto); free(url_host); free(url_path); @@ -656,8 +662,8 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert no_uri_match: vpn_progress(vpninfo, PRG_TRACE, - "No match for URI '%s'\n", - str); + _("No match for URI '%s'\n"), + str); no_uri_match_silent: free(url_proto); free(url_host); @@ -670,14 +676,16 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert /* According to RFC2818, we don't use the legacy subject name if there was an altname with DNS type. */ if (altdns) { - vpn_progress(vpninfo, PRG_ERR, "No altname in peer cert matched '%s'\n", - vpninfo->hostname); + vpn_progress(vpninfo, PRG_ERR, + _("No altname in peer cert matched '%s'\n"), + vpninfo->hostname); return -EINVAL; } subjname = X509_get_subject_name(peer_cert); if (!subjname) { - vpn_progress(vpninfo, PRG_ERR, "No subject name in peer cert!\n"); + vpn_progress(vpninfo, PRG_ERR, + _("No subject name in peer cert!\n")); return -EINVAL; } @@ -697,19 +705,20 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert if (!subjstr || strlen(subjstr) != i) { vpn_progress(vpninfo, PRG_ERR, - "Failed to parse subject name in peer cert\n"); + _("Failed to parse subject name in peer cert\n")); return -EINVAL; } ret = 0; if (match_hostname(vpninfo->hostname, subjstr)) { - vpn_progress(vpninfo, PRG_ERR, "Peer cert subject mismatch ('%s' != '%s')\n", - subjstr, vpninfo->hostname); + vpn_progress(vpninfo, PRG_ERR, + _("Peer cert subject mismatch ('%s' != '%s')\n"), + subjstr, vpninfo->hostname); ret = -EINVAL; } else { vpn_progress(vpninfo, PRG_TRACE, - "Matched peer certificate subject name '%s'\n", - subjstr); + _("Matched peer certificate subject name '%s'\n"), + subjstr); } OPENSSL_free(subjstr); @@ -734,12 +743,12 @@ static int verify_peer(struct openconnect_info *vpninfo, SSL *https_ssl) if (vfy != X509_V_OK) err_string = X509_verify_cert_error_string(vfy); else if (match_cert_hostname(vpninfo, peer_cert)) - err_string = "certificate does not match hostname"; + err_string = _("certificate does not match hostname"); if (err_string) { vpn_progress(vpninfo, PRG_ERR, - "Server certificate verify failed: %s\n", - err_string); + _("Server certificate verify failed: %s\n"), + err_string); if (vpninfo->validate_peer_cert) ret = vpninfo->validate_peer_cert(vpninfo->cbdata, @@ -786,7 +795,7 @@ static void workaround_openssl_certchain_bug(struct openconnect_info *vpninfo, X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); vpn_progress(vpninfo, PRG_DEBUG, - "Extra cert from cafile: '%s'\n", buf); + _("Extra cert from cafile: '%s'\n"), buf); SSL_CTX_add_extra_chain_cert(vpninfo->https_ctx, cert); } X509_STORE_CTX_cleanup(&ctx); @@ -805,7 +814,7 @@ static int ssl_app_verify_callback(X509_STORE_CTX *ctx, void *arg) static int check_certificate_expiry(struct openconnect_info *vpninfo) { ASN1_TIME *notAfter; - const char *reason = NULL; + char *reason = NULL; time_t t; int i; @@ -816,21 +825,22 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo) notAfter = X509_get_notAfter(vpninfo->cert_x509); i = X509_cmp_time(notAfter, &t); if (!i) { - vpn_progress(vpninfo, PRG_ERR, "Error in client cert notAfter field\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Error in client cert notAfter field\n")); return -EINVAL; } else if (i < 0) { - reason = "has expired"; + reason = _("Client certificate has expired at"); } else { t += 60 * 86400; i = X509_cmp_time(notAfter, &t); if (i < 0) { - reason = "expires soon"; + reason = _("Client certificate expires soon at"); } } if (reason) { BIO *bp = BIO_new(BIO_s_mem()); BUF_MEM *bm; - const char *expiry = ""; + char *expiry = _(""); char zero = 0; if (bp) { @@ -839,8 +849,7 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo) BIO_get_mem_ptr(bp, &bm); expiry = bm->data; } - vpn_progress(vpninfo, PRG_ERR, "Client certificate %s at: %s\n", - reason, expiry); + vpn_progress(vpninfo, PRG_ERR, "%s: %s\n", reason, expiry); if (bp) BIO_free(bp); } @@ -862,9 +871,15 @@ int openconnect_open_https(struct openconnect_info *vpninfo) ssl_sock = socket(vpninfo->peer_addr->sa_family, SOCK_STREAM, IPPROTO_IP); if (ssl_sock < 0) { reconn_err: - vpn_progress(vpninfo, PRG_ERR, "Failed to reconnect to %s %s\n", - vpninfo->proxy?"proxy":"host", - vpninfo->proxy?:vpninfo->hostname); + if (vpninfo->proxy) { + vpn_progress(vpninfo, PRG_ERR, + _("Failed to reconnect to proxy %s\n"), + vpninfo->proxy); + } else { + vpn_progress(vpninfo, PRG_ERR, + _("Failed to reconnect to host %s\n"), + vpninfo->hostname); + } return -EINVAL; } if (connect(ssl_sock, vpninfo->peer_addr, vpninfo->peer_addrlen)) @@ -924,8 +939,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo) free(url); free(proxies); if (vpninfo->proxy) - vpn_progress(vpninfo, PRG_TRACE, "Proxy from libproxy: %s://%s:%d/\n", - vpninfo->proxy_type, vpninfo->proxy, vpninfo->port); + vpn_progress(vpninfo, PRG_TRACE, + _("Proxy from libproxy: %s://%s:%d/\n"), + vpninfo->proxy_type, vpninfo->proxy, vpninfo->port); } #endif if (vpninfo->proxy) { @@ -954,8 +970,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo) free(hostname); if (err) { - vpn_progress(vpninfo, PRG_ERR, "getaddrinfo failed for host '%s': %s\n", - hostname, gai_strerror(err)); + vpn_progress(vpninfo, PRG_ERR, + _("getaddrinfo failed for host '%s': %s\n"), + hostname, gai_strerror(err)); return -EINVAL; } @@ -965,11 +982,11 @@ int openconnect_open_https(struct openconnect_info *vpninfo) if (!getnameinfo(rp->ai_addr, rp->ai_addrlen, host, sizeof(host), NULL, 0, NI_NUMERICHOST)) vpn_progress(vpninfo, PRG_INFO, - "Attempting to connect to %s%s%s:%s\n", - rp->ai_family == AF_INET6?"[":"", - host, - rp->ai_family == AF_INET6?"]":"", - port); + _("Attempting to connect to %s%s%s:%s\n"), + rp->ai_family == AF_INET6?"[":"", + host, + rp->ai_family == AF_INET6?"]":"", + port); ssl_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); @@ -980,7 +997,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo) use it again later */ vpninfo->peer_addr = malloc(rp->ai_addrlen); if (!vpninfo->peer_addr) { - vpn_progress(vpninfo, PRG_ERR, "Failed to allocate sockaddr storage\n"); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to allocate sockaddr storage\n")); close(ssl_sock); return -ENOMEM; } @@ -994,8 +1012,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo) freeaddrinfo(result); if (ssl_sock < 0) { - vpn_progress(vpninfo, PRG_ERR, "Failed to connect to host %s\n", - vpninfo->proxy?:vpninfo->hostname); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to connect to host %s\n"), + vpninfo->proxy?:vpninfo->hostname); return -EINVAL; } } @@ -1023,7 +1042,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) err = load_certificate(vpninfo); if (err) { vpn_progress(vpninfo, PRG_ERR, - "Loading certificate failed. Aborting.\n"); + _("Loading certificate failed. Aborting.\n")); return err; } check_certificate_expiry(vpninfo); @@ -1045,8 +1064,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo) if (vpninfo->cafile) { if (!SSL_CTX_load_verify_locations(vpninfo->https_ctx, vpninfo->cafile, NULL)) { - vpn_progress(vpninfo, PRG_ERR, "Failed to open CA file '%s'\n", - vpninfo->cafile); + vpn_progress(vpninfo, PRG_ERR, + _("Failed to open CA file '%s'\n"), + vpninfo->cafile); report_ssl_errors(vpninfo); close(ssl_sock); return -EINVAL; @@ -1060,11 +1080,11 @@ int openconnect_open_https(struct openconnect_info *vpninfo) https_bio = BIO_new_socket(ssl_sock, BIO_NOCLOSE); SSL_set_bio(https_ssl, https_bio, https_bio); - vpn_progress(vpninfo, PRG_INFO, - "SSL negotiation with %s\n", vpninfo->hostname); + vpn_progress(vpninfo, PRG_INFO, _("SSL negotiation with %s\n"), + vpninfo->hostname); if (SSL_connect(https_ssl) <= 0) { - vpn_progress(vpninfo, PRG_ERR, "SSL connection failure\n"); + vpn_progress(vpninfo, PRG_ERR, _("SSL connection failure\n")); report_ssl_errors(vpninfo); SSL_free(https_ssl); close(ssl_sock); @@ -1080,8 +1100,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo) vpninfo->ssl_fd = ssl_sock; vpninfo->https_ssl = https_ssl; - vpn_progress(vpninfo, PRG_INFO, - "Connected to HTTPS on %s\n", vpninfo->hostname); + vpn_progress(vpninfo, PRG_INFO, _("Connected to HTTPS on %s\n"), + vpninfo->hostname); return 0; } @@ -1112,7 +1132,8 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo) if (statvfs(vpninfo->sslkey, &buf)) { int err = errno; - vpn_progress(vpninfo, PRG_ERR, "statvfs: %s\n", strerror(errno)); + vpn_progress(vpninfo, PRG_ERR, _("statvfs: %s\n"), + strerror(errno)); return -err; } if (asprintf(&vpninfo->cert_password, "%lx", buf.f_fsid)) @@ -1128,7 +1149,8 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo) if (statfs(vpninfo->sslkey, &buf)) { int err = errno; - vpn_progress(vpninfo, PRG_ERR, "statfs: %s\n", strerror(errno)); + vpn_progress(vpninfo, PRG_ERR, _("statfs: %s\n"), + strerror(errno)); return -err; } fsid64 = ((unsigned long long)fsid[0] << 32) | fsid[1]; diff --git a/tun.c b/tun.c index e557a468..0c97a62f 100644 --- a/tun.c +++ b/tun.c @@ -80,7 +80,7 @@ static int local_config_tun(struct openconnect_info *vpninfo, int mtu_only) { if (!mtu_only) vpn_progress(vpninfo, PRG_ERR, - "No vpnc-script configured. Need Solaris IP-setting code\n"); + _("No vpnc-script configured. Need Solaris IP-setting code\n")); return 0; } #else @@ -91,7 +91,7 @@ static int local_config_tun(struct openconnect_info *vpninfo, int mtu_only) net_fd = socket(PF_INET, SOCK_DGRAM, 0); if (net_fd < 0) { - perror("open net"); + perror(_("open net")); return -EINVAL; } memset(&ifr, 0, sizeof(ifr)); @@ -101,22 +101,22 @@ static int local_config_tun(struct openconnect_info *vpninfo, int mtu_only) struct sockaddr_in addr; if (ioctl(net_fd, SIOCGIFFLAGS, &ifr) < 0) - perror("SIOCGIFFLAGS"); + perror(_("SIOCGIFFLAGS")); ifr.ifr_flags |= IFF_UP | IFF_POINTOPOINT; if (ioctl(net_fd, SIOCSIFFLAGS, &ifr) < 0) - perror("SIOCSIFFLAGS"); + perror(_("SIOCSIFFLAGS")); addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr(vpninfo->vpn_addr); memcpy(&ifr.ifr_addr, &addr, sizeof(addr)); if (ioctl(net_fd, SIOCSIFADDR, &ifr) < 0) - perror("SIOCSIFADDR"); + perror(_("SIOCSIFADDR")); } ifr.ifr_mtu = vpninfo->mtu; if (ioctl(net_fd, SIOCSIFMTU, &ifr) < 0) - perror("SIOCSIFMTU"); + perror(_("SIOCSIFMTU")); close(net_fd); @@ -154,8 +154,8 @@ static int process_split_xxclude(struct openconnect_info *vpninfo, if (!slash) { badinc: vpn_progress(vpninfo, PRG_ERR, - "Discard bad split %sclude: \"%s\"\n", - in_ex, route); + _("Discard bad split %sclude: \"%s\"\n"), + in_ex, route); return -EINVAL; } @@ -366,8 +366,8 @@ static int script_config_tun(struct openconnect_info *vpninfo) if (system(vpninfo->vpnc_script)) { int e = errno; vpn_progress(vpninfo, PRG_ERR, - "Failed to spawn script '%s': %s\n", - vpninfo->vpnc_script, strerror(e)); + _("Failed to spawn script '%s': %s\n"), + vpninfo->vpnc_script, strerror(e)); return -e; } return 0; @@ -391,24 +391,24 @@ int setup_tun(struct openconnect_info *vpninfo) int fds[2]; if (socketpair(AF_UNIX, SOCK_DGRAM, 0, fds)) { - perror("socketpair"); + perror(_("socketpair")); exit(1); } tun_fd = fds[0]; child = fork(); if (child < 0) { - perror("fork"); + perror(_("fork")); exit(1); } else if (!child) { close(tun_fd); setenv_int("VPNFD", fds[1]); execl("/bin/sh", "/bin/sh", "-c", vpninfo->vpnc_script, NULL); - perror("execl"); + perror(_("execl")); exit(1); } close(fds[1]); vpninfo->script_tun = child; - vpninfo->ifname = strdup("(script)"); + vpninfo->ifname = strdup(_("(script)")); } else { #ifdef IFF_TUN /* Linux */ struct ifreq ifr; @@ -429,8 +429,8 @@ int setup_tun(struct openconnect_info *vpninfo) tunerr = errno; vpn_progress(vpninfo, PRG_ERR, - "Failed to open tun device: %s\n", - strerror(tunerr)); + _("Failed to open tun device: %s\n"), + strerror(tunerr)); exit(1); } memset(&ifr, 0, sizeof(ifr)); @@ -440,8 +440,8 @@ int setup_tun(struct openconnect_info *vpninfo) sizeof(ifr.ifr_name) - 1); if (ioctl(tun_fd, TUNSETIFF, (void *) &ifr) < 0) { vpn_progress(vpninfo, PRG_ERR, - "TUNSETIFF failed: %s\n", - strerror(errno)); + _("TUNSETIFF failed: %s\n"), + strerror(errno)); exit(1); } if (!vpninfo->ifname) @@ -453,20 +453,20 @@ int setup_tun(struct openconnect_info *vpninfo) struct ifreq ifr; if (ip_fd < 0) { - perror("open /dev/ip"); + perror(_("open /dev/ip")); return -EIO; } tun_fd = open("/dev/tun", O_RDWR); if (tun_fd < 0) { - perror("open /dev/tun"); + perror(_("open /dev/tun")); close(ip_fd); return -EIO; } unit_nr = ioctl(tun_fd, TUNNEWPPA, -1); if (unit_nr < 0) { - perror("Failed to create new tun"); + perror(_("Failed to create new tun")); close(tun_fd); close(ip_fd); return -EIO; @@ -474,20 +474,20 @@ int setup_tun(struct openconnect_info *vpninfo) tun2_fd = open("/dev/tun", O_RDWR); if (tun2_fd < 0) { - perror("open /dev/tun again"); + perror(_("open /dev/tun again")); close(tun_fd); close(ip_fd); return -EIO; } if (ioctl(tun2_fd, I_PUSH, "ip") < 0) { - perror("Can't push IP"); + perror(_("Can't push IP")); close(tun2_fd); close(tun_fd); close(ip_fd); return -EIO; } if (ioctl(tun2_fd, IF_UNITSEL, &unit_nr) < 0) { - perror("Can't select unit"); + perror(_("Can't select unit")); close(tun2_fd); close(tun_fd); close(ip_fd); @@ -495,7 +495,7 @@ int setup_tun(struct openconnect_info *vpninfo) } mux_id = ioctl(ip_fd, I_PLINK, tun2_fd); if (mux_id < 0) { - perror("Can't link tun to IP"); + perror(_("Can't link tun to IP")); close(tun2_fd); close(tun_fd); close(ip_fd); @@ -511,14 +511,14 @@ int setup_tun(struct openconnect_info *vpninfo) ifr.ifr_ip_muxid = mux_id; if (ioctl(ip_fd, SIOCSIFMUXID, &ifr) < 0) { - perror("Set mux id"); + perror(_("Set mux id")); close(tun_fd); ioctl(ip_fd, I_PUNLINK, mux_id); close(ip_fd); return -EIO; } /* Solaris tunctl needs this in order to tear it down */ - vpn_progress(vpninfo, PRG_DEBUG, "mux id is %d\n", mux_id); + vpn_progress(vpninfo, PRG_DEBUG, _("mux id is %d\n"), mux_id); vpninfo->tun_muxid = mux_id; vpninfo->ip_fd = ip_fd; @@ -532,14 +532,14 @@ int setup_tun(struct openconnect_info *vpninfo) break; } if (tun_fd < 0) { - perror("open tun"); + perror(_("open tun")); exit(1); } vpninfo->ifname = strdup(tun_name + 5); #ifdef TUNSIFHEAD i = 1; if (ioctl(tun_fd, TUNSIFHEAD, &i) < 0) { - perror("TUNSIFHEAD"); + perror(_("TUNSIFHEAD")); exit(1); } #endif @@ -619,8 +619,8 @@ int tun_mainloop(struct openconnect_info *vpninfo, int *timeout) if (!complained) { complained = 1; vpn_progress(vpninfo, PRG_ERR, - "Unknown packet (len %d) received: %02x %02x %02x %02x...\n", - len, data[0], data[1], data[2], data[3]); + _("Unknown packet (len %d) received: %02x %02x %02x %02x...\n"), + len, data[0], data[1], data[2], data[3]); } free(this); continue; @@ -652,14 +652,14 @@ void shutdown_tun(struct openconnect_info *vpninfo) setenv("reason", "disconnect", 1); if (system(vpninfo->vpnc_script) == -1) { vpn_progress(vpninfo, PRG_ERR, - "Failed to spawn script '%s': %s\n", - vpninfo->vpnc_script, - strerror(errno)); + _("Failed to spawn script '%s': %s\n"), + vpninfo->vpnc_script, + strerror(errno)); } } #ifdef __sun__ if (ioctl(vpninfo->ip_fd, I_PUNLINK, vpninfo->tun_muxid) < 0) - perror("ioctl(I_PUNLINK)"); + perror(_("ioctl(I_PUNLINK)")); close(vpninfo->ip_fd); vpninfo->ip_fd = -1; diff --git a/xml.c b/xml.c index c2acad92..a6d55d7f 100644 --- a/xml.c +++ b/xml.c @@ -75,7 +75,8 @@ int config_lookup_host(struct openconnect_info *vpninfo, const char *host) for (i = 0; i < SHA_DIGEST_LENGTH; i++) sprintf(&vpninfo->xmlsha1[i*2], "%02x", sha1[i]); - vpn_progress(vpninfo, PRG_TRACE, "XML config file SHA1: %s\n", vpninfo->xmlsha1); + vpn_progress(vpninfo, PRG_TRACE, _("XML config file SHA1: %s\n"), + vpninfo->xmlsha1); xml_doc = xmlReadMemory(xmlfile, st.st_size, "noname.xml", NULL, 0); munmap(xmlfile, st.st_size);