PolicyKit: Branch 'master'

Colin Walters walters at kemper.freedesktop.org
Wed Jun 3 14:38:59 PDT 2015


 src/polkitbackend/polkitbackendinteractiveauthority.c |   29 ++++--------------
 1 file changed, 7 insertions(+), 22 deletions(-)

New commits:
commit 6a9d21e2e841ef676be3882cb44b277b453f91b2
Author: Colin Walters <walters at verbum.org>
Date:   Wed Jun 3 17:38:42 2015 -0400

    Revert "authority: Avoid cookie wrapping by using u64 counter"
    
    This was accidentally committed.
    
    This reverts commit 87b2290c03f28841594451c7276e0ca44970c1fe.

diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 587f954..c9e10d8 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -214,9 +214,6 @@ typedef struct
 
   GDBusConnection *system_bus_connection;
   guint name_owner_changed_signal_id;
-
-  guint64 start_time;
-  guint64 cookie;
 } PolkitBackendInteractiveAuthorityPrivate;
 
 /* ---------------------------------------------------------------------------------------------------- */
@@ -331,8 +328,6 @@ polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *au
                                             authority,
                                             NULL); /* GDestroyNotify */
     }
-
-  priv->start_time = g_get_monotonic_time ();
 }
 
 static void
@@ -1490,24 +1485,14 @@ authentication_session_free (AuthenticationSession *session)
   g_free (session);
 }
 
-/*
- * Generate a value that is used to identify authentication requests.
- * This doesn't need to be protected against active forgery - callers
- * will have to also match the agent identity.
- *
- * It'd probably make sense to just use a UUID, we're just not doing
- * that for lack of a convenient API.  This code is an evolution
- * of older code which used a single process-local 32 bit counter.
- */
 static gchar *
-get_new_cookie (PolkitBackendInteractiveAuthority *authority)
+authentication_agent_new_cookie (AuthenticationAgent *agent)
 {
-  PolkitBackendInteractiveAuthorityPrivate *priv =
-    POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
-  guint32 rv = g_random_int ();
-  priv->cookie++;
-  return g_strdup_printf ("cookie-%" G_GUINT64_FORMAT "-%" G_GUINT64_FORMAT "-%u",
-                          priv->start_time, priv->cookie, rv);
+  static gint counter = 0;
+
+  /* TODO: use a more random-looking cookie */
+
+  return g_strdup_printf ("cookie%d", counter++);
 }
 
 static PolkitSubject *
@@ -2219,7 +2204,7 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
                                     &localized_icon_name,
                                     &localized_details);
 
-  cookie = get_new_cookie (authority);
+  cookie = authentication_agent_new_cookie (agent);
 
   identities = NULL;
 


More information about the hal-commit mailing list