translate selected format!/print strings in sudo

Author: squell

src/pam/askpass.rs

@@ -7,6 +7,7 @@ use std::{io, process};
 use libc::O_CLOEXEC;
 
 use crate::cutils::cerr;
+use crate::log::user_error;
 use crate::system::interface::ProcessId;
 use crate::system::{fork, mark_fds_as_cloexec, ForkResult};
 
@@ -50,9 +51,10 @@ fn handle_child(program: &Path, prompt: &str, stdout: OwnedFd) -> ! {
 
     // Exec askpass program
     let error = Command::new(program).arg(prompt).stdout(stdout).exec();
-    eprintln_ignore_io_error!(
-        "Failed to run askpass program {}: {error}",
-        program.display()
+    user_error!(
+        "Failed to run askpass program {path}: {error}",
+        path = program.display(),
+        error = error
     );
     process::exit(1);
 }

src/sudo/cli/mod.rs

@@ -4,6 +4,7 @@ use std::os::unix::ffi::OsStrExt;
 use std::{borrow::Cow, mem};
 
 use crate::common::{SudoPath, SudoString};
+use crate::gettext::xlat;
 use crate::log::user_warn;
 
 pub mod help;
@@ -557,14 +558,17 @@ impl SudoArg {
                     // only accept arguments when one is expected
                     // `--preserve-env` is special as it only takes an argument using this `key=value` syntax
                     if !Self::TAKES_ARGUMENT.contains(&key) && key != "preserve-env" {
-                        Err(format!("'{key}' does not take any arguments"))?;
+                        Err(xlat!(
+                            "'{option}' does not take any arguments",
+                            option = key
+                        ))?;
                     }
                     processed.push(SudoArg::Argument("--".to_string() + key, value.to_string()));
                 } else if Self::TAKES_ARGUMENT.contains(&unprefixed) {
                     if let Some(next) = arg_iter.next() {
                         processed.push(SudoArg::Argument(arg, next));
                     } else {
-                        Err(format!("'{arg}' expects an argument"))?;
+                        Err(xlat!("'{option}' expects an argument", option = arg))?;
                     }
                 } else {
                     processed.push(SudoArg::Flag(arg));
@@ -592,7 +596,7 @@ impl SudoArg {
                             // short version of --help has no arguments
                             processed.push(SudoArg::Flag(flag));
                         } else {
-                            Err(format!("'-{curr}' expects an argument"))?;
+                            Err(xlat!("'-{option}' expects an argument", option = curr))?;
                         }
                         break;
                     } else {
@@ -813,7 +817,11 @@ fn ensure_is_absent(context: &str, thing: &dyn IsAbsent, name: &str) -> Result<(
     if thing.is_absent() {
         Ok(())
     } else {
-        Err(format!("{context} cannot be used together with {name}"))
+        Err(xlat!(
+            "{context} cannot be used together with {option}",
+            context = context,
+            option = name
+        ))
     }
 }
 

src/sudo/edit.rs

@@ -10,6 +10,7 @@ use std::{io, process};
 
 use crate::common::SudoPath;
 use crate::exec::ExitReason;
+use crate::gettext::xlat;
 use crate::log::{user_error, user_info};
 use crate::system::file::{create_temporary_dir, FileLock};
 use crate::system::wait::{Wait, WaitError, WaitOptions};
@@ -42,25 +43,43 @@ pub(super) fn edit_files(
         let metadata = file.metadata().map_err(|e| {
             io::Error::new(
                 e.kind(),
-                format!("Failed to read metadata for {}: {e}", path.display()),
+                xlat!(
+                    "failed to read metadata for {path}: {error}",
+                    path = path.display(),
+                    error = e
+                ),
             )
         })?;
         if !metadata.is_file() {
             return Err(io::Error::new(
                 io::ErrorKind::Other,
-                format!("File {} is not a regular file", path.display()),
+                xlat!("file {path} is not a regular file", path = path.display()),
             ));
         }
 
         // Take file lock
         let lock = FileLock::exclusive(&file, true).map_err(|e| {
-            io::Error::new(e.kind(), format!("Failed to lock {}: {e}", path.display()))
+            io::Error::new(
+                e.kind(),
+                xlat!(
+                    "failed to lock {path}: {error}",
+                    path = path.display(),
+                    error = e
+                ),
+            )
         })?;
 
         // Read file
         let mut old_data = Vec::new();
         file.read_to_end(&mut old_data).map_err(|e| {
-            io::Error::new(e.kind(), format!("Failed to read {}: {e}", path.display()))
+            io::Error::new(
+                e.kind(),
+                xlat!(
+                    "failed to read {path}: {error}",
+                    path = path.display(),
+                    error = e
+                ),
+            )
         })?;
 
         // Create socket
@@ -142,7 +161,11 @@ pub(super) fn edit_files(
         .map_err(|e| {
             io::Error::new(
                 e.kind(),
-                format!("Failed to write {}: {e}", file.path.display()),
+                xlat!(
+                    "failed to write {path}: {error}",
+                    path = file.path.display(),
+                    error = e
+                ),
             )
         })?;
 
@@ -186,16 +209,18 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
     }
 
     let tempdir = TempDirDropGuard(
-        create_temporary_dir().map_err(|e| format!("failed to create temporary directory: {e}"))?,
+        create_temporary_dir()
+            .map_err(|e| xlat!("failed to create temporary directory: {error}", error = e))?,
     );
 
     for (i, file) in files.iter_mut().enumerate() {
         // Create temp file
         let dir = tempdir.0.join(format!("{i}"));
         std::fs::create_dir(&dir).map_err(|e| {
-            format!(
-                "failed to create temporary directory {}: {e}",
-                dir.display(),
+            xlat!(
+                "failed to create temporary directory {path}: {error}",
+                path = dir.display(),
+                error = e
             )
         })?;
         let tempfile_path = dir.join(file.path.file_name().expect("file must have filename"));
@@ -206,17 +231,19 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
             .mode(0o600)
             .open(&tempfile_path)
             .map_err(|e| {
-                format!(
-                    "failed to create temporary file {}: {e}",
-                    tempfile_path.display(),
+                xlat!(
+                    "failed to create temporary file {path}: {error}",
+                    path = tempfile_path.display(),
+                    error = e
                 )
             })?;
 
         // Write to temp file
         tempfile.write_all(&file.old_data).map_err(|e| {
-            format!(
-                "failed to write to temporary file {}: {e}",
-                tempfile_path.display(),
+            xlat!(
+                "failed to write to temporary file {path}: {error}",
+                path = tempfile_path.display(),
+                error = e
             )
         })?;
         drop(tempfile);
@@ -231,7 +258,13 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
                 .map(|file| file.tempfile_path.as_ref().expect("filled in above")),
         )
         .status()
-        .map_err(|e| format!("failed to run editor {}: {e}", editor.display()))?;
+        .map_err(|e| {
+            xlat!(
+                "failed to run editor {path}: {error}",
+                path = editor.display(),
+                error = e
+            )
+        })?;
 
     if !status.success() {
         drop(tempdir);
@@ -247,26 +280,28 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
 
         // Read from temp file
         let new_data = std::fs::read(tempfile_path).map_err(|e| {
-            format!(
-                "failed to read from temporary file {}: {e}",
-                tempfile_path.display(),
+            xlat!(
+                "failed to read from temporary file {path}: {error}",
+                path = tempfile_path.display(),
+                error = e
             )
         })?;
 
         // FIXME preserve temporary file if the original couldn't be written to
         std::fs::remove_file(tempfile_path).map_err(|e| {
-            format!(
-                "failed to remove temporary file {}: {e}",
-                tempfile_path.display(),
+            xlat!(
+                "failed to remove temporary file {path}: {error}",
+                path = tempfile_path.display(),
+                error = e
             )
         })?;
 
         // If the file has been changed to be empty, ask the user what to do.
         if new_data.is_empty() && new_data != file.old_data {
             match crate::visudo::ask_response(
-                format!(
-                    "sudoedit: truncate {} to zero? (y/n) [n] ",
-                    file.path.display()
+                xlat!(
+                    "sudoedit: truncate {path} to zero? (y/n) [n] ",
+                    path = file.path.display()
                 )
                 .as_bytes(),
                 b"yn",
@@ -277,7 +312,7 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
 
                     // Parent ignores write when new data matches old data
                     write_stream(&mut file.new_data_tx, &file.old_data)
-                        .map_err(|e| format!("failed to write data to parent: {e}"))?;
+                        .map_err(|e| xlat!("failed to write data to parent: {error}", error = e))?;
 
                     continue;
                 }
@@ -286,7 +321,7 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
 
         // Write to socket
         write_stream(&mut file.new_data_tx, &new_data)
-            .map_err(|e| format!("failed to write data to parent: {e}"))?;
+            .map_err(|e| xlat!("failed to write data to parent: {error}", error = e))?;
     }
 
     process::exit(0);

src/sudo/pipeline.rs

@@ -7,6 +7,7 @@ use super::diagnostic;
 use crate::common::resolve::{AuthUser, CurrentUser};
 use crate::common::{Context, Error};
 use crate::exec::ExitReason;
+use crate::gettext::xlat;
 use crate::log::{auth_info, auth_warn};
 use crate::pam::PamContext;
 use crate::sudo::env::environment;
@@ -28,19 +29,19 @@ fn read_sudoers() -> Result<Sudoers, Error> {
     let (sudoers, syntax_errors) = Sudoers::open(sudoers_path).map_err(|e| {
         // Provide a more helpful error message when the sudoers file is missing
         if e.kind() == std::io::ErrorKind::NotFound {
-            Error::Configuration(format!(
-                "sudoers file not found: {}\n\
+            Error::Configuration(xlat!(
+                "sudoers file not found: {path}\n\
                  \n\
                  The sudoers file is required for sudo-rs to function. Please ensure:\n\
                  - The file exists at the expected location\n\
                  - You have the necessary permissions to read it\n\
                  - If setting up sudo-rs for the first time, create a sudoers file with appropriate permissions\n\
                  \n\
                  For more information, see the sudo-rs documentation.",
-                sudoers_path.display()
+                path = sudoers_path.display()
             ))
         } else {
-            Error::Configuration(format!("invalid configuration: {e}"))
+            Error::Configuration(xlat!("invalid configuration: {error}", error = e))
         }
     })?;
 

src/sudo/pipeline/list.rs

@@ -2,6 +2,7 @@ use std::{borrow::Cow, ops::ControlFlow, path::Path};
 
 use crate::{
     common::{Context, Error},
+    gettext::xlat,
     sudo::cli::SudoListOptions,
     sudoers::{Authorization, ListRequest, Request, Sudoers},
     system::User,
@@ -40,9 +41,12 @@ pub(in crate::sudo) fn run_list(cmd_opts: SudoListOptions) -> Result<(), Error>
 
         if matching_entries.peek().is_some() {
             println_ignore_io_error!(
-                "User {} may run the following commands on {}:",
-                inspected_user.name,
-                context.hostname
+                "{}",
+                xlat!(
+                    "User {user} may run the following commands on {hostname}:",
+                    user = inspected_user.name,
+                    hostname = context.hostname
+                )
             );
 
             for entry in matching_entries {
@@ -55,9 +59,12 @@ pub(in crate::sudo) fn run_list(cmd_opts: SudoListOptions) -> Result<(), Error>
             }
         } else {
             println_ignore_io_error!(
-                "User {} is not allowed to run sudo on {}.",
-                inspected_user.name,
-                context.hostname
+                "{}",
+                xlat!(
+                    "User {user} is not allowed to run sudo on {hostname}.",
+                    user = inspected_user.name,
+                    hostname = context.hostname,
+                ),
             );
         }
     }

src/system/audit.rs

@@ -14,6 +14,7 @@ use super::{
     cerr, inject_group, interface::UnixUser, set_supplementary_groups, Group, GroupId, User, UserId,
 };
 use crate::common::resolve::CurrentUser;
+use crate::gettext::xlat;
 
 /// Temporary change privileges --- essentially a 'mini sudo'
 /// This is only used for sudoedit.
@@ -129,16 +130,19 @@ fn checks(path: &Path, meta: Metadata) -> io::Result<()> {
 
     let path_mode = meta.permissions().mode();
     if meta.uid() != 0 {
-        Err(error(format!("{} must be owned by root", path.display())))
+        Err(error(xlat!(
+            "{path} must be owned by root",
+            path = path.display()
+        )))
     } else if meta.gid() != 0 && (path_mode & mode(Category::Group, Op::Write) != 0) {
-        Err(error(format!(
-            "{} cannot be group-writable",
-            path.display()
+        Err(error(xlat!(
+            "{path} cannot be group-writable",
+            path = path.display()
         )))
     } else if path_mode & mode(Category::World, Op::Write) != 0 {
-        Err(error(format!(
-            "{} cannot be world-writable",
-            path.display()
+        Err(error(xlat!(
+            "{path} cannot be world-writable",
+            path = path.display()
         )))
     } else {
         Ok(())
@@ -177,9 +181,9 @@ fn secure_open_impl(
                 checks(parent_dir, parent_meta)?;
             }
         } else {
-            return Err(error(format!(
-                "{} has no valid parent directory",
-                path.display()
+            return Err(error(xlat!(
+                "{path} has no valid parent directory",
+                path = path.display()
             )));
         }
     }