PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Wed Feb 23 13:00:53 PST 2011
configure.ac | 2
docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml | 2
src/polkit/polkittemporaryauthorization.c | 6 ++
src/polkitbackend/polkitbackendinteractiveauthority.c | 27 +++++++---
4 files changed, 30 insertions(+), 7 deletions(-)
New commits:
commit f646c32853e775d87aa7147f3ad32e70a627bfce
Author: David Zeuthen <davidz at redhat.com>
Date: Wed Feb 23 15:47:20 2011 -0500
Bug 29712 – Use monotonic for temporary authorizations
https://bugs.freedesktop.org/show_bug.cgi?id=29712
Signed-off-by: David Zeuthen <davidz at redhat.com>
diff --git a/configure.ac b/configure.ac
index 5ed9894..b36bda2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -120,7 +120,7 @@ if test "x$GCC" = "xyes"; then
changequote([,])dnl
fi
-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.25.12])
+PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
index 515ccf7..b67225e 100644
--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
@@ -513,6 +513,7 @@ The subject the temporary authorization is for.
<listitem>
<para>
When the temporary authorization was obtained, in seconds since the Epoch Jan 1, 1970 0:00 UTC.
+Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes.
</para>
</listitem>
</varlistentry>
@@ -521,6 +522,7 @@ When the temporary authorization was obtained, in seconds since the Epoch Jan 1,
<listitem>
<para>
When the temporary authorization is set to expire, in seconds since the Epoch Jan 1, 1970 0:00 UTC.
+Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes.
</para>
</listitem>
</varlistentry>
diff --git a/src/polkit/polkittemporaryauthorization.c b/src/polkit/polkittemporaryauthorization.c
index b15202d..b2c6003 100644
--- a/src/polkit/polkittemporaryauthorization.c
+++ b/src/polkit/polkittemporaryauthorization.c
@@ -154,6 +154,9 @@ polkit_temporary_authorization_get_subject (PolkitTemporaryAuthorization *author
*
* Gets the time when @authorization was obtained.
*
+ * (Note that the PolicyKit daemon is using monotonic time internally
+ * so the returned value may change if system time changes.)
+ *
* Returns: Seconds since the Epoch Jan 1. 1970, 0:00 UTC.
**/
guint64
@@ -169,6 +172,9 @@ polkit_temporary_authorization_get_time_obtained (PolkitTemporaryAuthorization *
*
* Gets the time when @authorization will expire.
*
+ * (Note that the PolicyKit daemon is using monotonic time internally
+ * so the returned value may change if system time changes.)
+ *
* Returns: Seconds since the Epoch Jan 1. 1970, 0:00 UTC.
**/
guint64
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 84f47f1..59b2fb7 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2518,8 +2518,11 @@ struct TemporaryAuthorization
PolkitSubject *scope;
gchar *id;
gchar *action_id;
- guint64 time_granted;
- guint64 time_expires;
+ /* both of these are obtained using g_get_monotonic_time(),
+ * so the resolution is usec
+ */
+ gint64 time_granted;
+ gint64 time_expires;
guint expiration_timeout_id;
guint check_vanished_timeout_id;
};
@@ -2768,8 +2771,10 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st
authorization->subject = g_object_ref (subject_to_use);
authorization->scope = g_object_ref (scope);
authorization->action_id = g_strdup (action_id);
- authorization->time_granted = time (NULL);
- authorization->time_expires = authorization->time_granted + expiration_seconds;
+ /* store monotonic time and convert to secs-since-epoch when returning TemporaryAuthorization structs */
+ authorization->time_granted = g_get_monotonic_time ();
+ authorization->time_expires = authorization->time_granted + expiration_seconds * G_USEC_PER_SEC;
+ /* g_timeout_add() is using monotonic time since 2.28 */
authorization->expiration_timeout_id = g_timeout_add (expiration_seconds * 1000,
on_expiration_timeout,
authorization);
@@ -2824,6 +2829,8 @@ polkit_backend_interactive_authority_enumerate_temporary_authorizations (PolkitB
PolkitSubject *session_for_caller;
GList *ret;
GList *l;
+ gint64 monotonic_now;
+ GTimeVal real_now;
interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
@@ -2861,19 +2868,27 @@ polkit_backend_interactive_authority_enumerate_temporary_authorizations (PolkitB
goto out;
}
+ monotonic_now = g_get_monotonic_time ();
+ g_get_current_time (&real_now);
+
for (l = priv->temporary_authorization_store->authorizations; l != NULL; l = l->next)
{
TemporaryAuthorization *ta = l->data;
PolkitTemporaryAuthorization *tmp_authz;
+ guint64 real_granted;
+ guint64 real_expires;
if (!polkit_subject_equal (ta->scope, subject))
continue;
+ real_granted = (ta->time_granted - monotonic_now) / G_USEC_PER_SEC + real_now.tv_sec;
+ real_expires = (ta->time_expires - monotonic_now) / G_USEC_PER_SEC + real_now.tv_sec;
+
tmp_authz = polkit_temporary_authorization_new (ta->id,
ta->action_id,
ta->subject,
- ta->time_granted,
- ta->time_expires);
+ real_granted,
+ real_expires);
ret = g_list_prepend (ret, tmp_authz);
}
More information about the hal-commit
mailing list