We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as

it may be present but not implemented. Add sudo_gettime_real() and sudo_gettime_mono() functions to get the real and monotonic times respectively. Now sudo_gettime_mono() checks the value of sysconf(_SC_MONOTONIC_CLOCK) before calling clock_gettime(CLOCK_MONOTONIC) and falls back on sudo_gettime_real() as needed. The Mach version of sudo_gettime_mono() uses mach_absolute_time(). This should fix problems with timestamp files on systems where the CLOCK_MONOTONIC is defined but not actually implemented.
2025-09-03 15:55:40 +00:00 · 2015-02-24 11:19:21 -07:00
parent 01a4d6ccbf
commit 5d2e9426b2
12 changed files with 178 additions and 155 deletions
--- a/2
+++ b/2
@@ -81,7 +81,6 @@ install-sh
 lib/util/Makefile.in
 lib/util/aix.c
 lib/util/alloc.c
-lib/util/clock_gettime.c
 lib/util/closefrom.c
 lib/util/event.c
 lib/util/event_poll.c
@@ -258,6 +257,7 @@ plugins/sudoers/find_path.c
 plugins/sudoers/getdate.c
 plugins/sudoers/getdate.y
 plugins/sudoers/getspwuid.c
+plugins/sudoers/gettime.c
 plugins/sudoers/goodpath.c
 plugins/sudoers/gram.c
 plugins/sudoers/gram.h
--- a/15
+++ b/15
@@ -19297,21 +19297,6 @@ if test "x$ac_cv_lib_rt_clock_gettime" = xyes; then :

 	SUDOERS_LIBS="${SUDOERS_LIBS} -lrt"

-else
-
-	case " $LIBOBJS " in
-  *" clock_gettime.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS clock_gettime.$ac_objext"
- ;;
-esac
-
-
-    for _sym in sudo_clock_gettime; do
-	COMPAT_EXP="${COMPAT_EXP}${_sym}
-"
-    done
-
-
 fi


--- a/configure.ac
+++ b/configure.ac
@@ -2537,9 +2537,6 @@ AC_CHECK_FUNCS([clock_gettime], [], [
    AC_CHECK_LIB(rt, clock_gettime, [
 	AC_DEFINE(HAVE_CLOCK_GETTIME)
 	SUDOERS_LIBS="${SUDOERS_LIBS} -lrt"
-    ], [
-	AC_LIBOBJ(clock_gettime)
-	SUDO_APPEND_COMPAT_EXP(sudo_clock_gettime)
    ])
 ])
 AC_CHECK_FUNCS([getopt_long], [], [
--- a/include/sudo_compat.h
+++ b/include/sudo_compat.h
@@ -459,17 +459,6 @@ __dso_public int sudo_sig2str(int signo, char *signame);
 # undef sig2str
 # define sig2str(_a, _b) sudo_sig2str((_a), (_b))
 #endif /* HAVE_SIG2STR */
-#ifndef HAVE_CLOCK_GETTIME
-# if !defined(CLOCK_REALTIME)
-#  define CLOCK_REALTIME 0
-# endif
-# if defined(__MACH__) && !defined(CLOCK_MONOTONIC)
-#  define CLOCK_MONOTONIC 1
-# endif
-__dso_public int sudo_clock_gettime(clockid_t clock_id, struct timespec *tp);
-# undef clock_gettime
-# define clock_gettime(_a, _b) sudo_clock_gettime((_a), (_b))
-#endif /* HAVE_CLOCK_GETTIME */
 #if !defined(HAVE_INET_NTOP) && defined(_SUDO_NET_IFS_C)
 __dso_public char *sudo_inet_ntop(int af, const void *src, char *dst, socklen_t size);
 # undef inet_ntop
--- a/lib/util/Makefile.in
+++ b/lib/util/Makefile.in
@@ -318,9 +318,6 @@ atofoo_test.lo: $(srcdir)/regress/atofoo/atofoo_test.c \
                $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
                $(top_builddir)/config.h
 	$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/atofoo/atofoo_test.c
-clock_gettime.lo: $(srcdir)/clock_gettime.c $(incdir)/compat/timespec.h \
-                  $(incdir)/sudo_compat.h $(top_builddir)/config.h
-	$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/clock_gettime.c
 closefrom.lo: $(srcdir)/closefrom.c $(incdir)/sudo_compat.h \
              $(top_builddir)/config.h
 	$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/closefrom.c
--- a/lib/util/clock_gettime.c
+++ b/lib/util/clock_gettime.c
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <config.h>
-
-#if !defined(HAVE_CLOCK_GETTIME)
-
-#include <sys/types.h>
-#include <sys/time.h>
-
-#include <errno.h>
-#include <stdio.h>
-#ifdef TIME_WITH_SYS_TIME
-# include <time.h>
-#endif
-#ifndef HAVE_STRUCT_TIMESPEC
-# include "compat/timespec.h"
-#endif
-
-#include "sudo_compat.h"
-
-#ifdef __MACH__
-# include <mach/mach.h>
-# include <mach/mach_time.h>
-# include <mach/clock.h>
-#endif
-
-/*
- * Trivial clock_gettime() that supports CLOCK_REALTIME
- * (and CLOCK_MONOTONIC on Mach).
- */
-int
-sudo_clock_gettime(clockid_t clock_id, struct timespec *ts)
-{
-
-    switch (clock_id) {
-#ifdef __MACH__
-    case CLOCK_MONOTONIC:
-	{
-	    uint64_t abstime, nsec;
-	    static mach_timebase_info_data_t timebase_info;
-
-	    if (timebase_info.denom == 0)
-		(void) mach_timebase_info(&timebase_info);
-	    abstime = mach_absolute_time();
-	    nsec = abstime * timebase_info.numer / timebase_info.denom;
-	    ts->tv_sec = nsec / 1000000000;
-	    ts->tv_nsec = nsec % 1000000000;
-	    return 0;
-	}
-#endif
-    case CLOCK_REALTIME:
-	{
-	    struct timeval tv;
-
-	    gettimeofday(&tv, NULL);
-	    ts->tv_sec = tv.tv_sec;
-	    ts->tv_nsec = tv.tv_usec * 1000;
-	    return 0;
-	}
-    default:
-	errno = EINVAL;
-	return -1;
-    }
-}
-
-#endif /* !HAVE_CLOCK_GETTIME */
--- a/mkdep.pl
+++ b/mkdep.pl
@@ -70,7 +70,7 @@ sub mkdep {
    $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo solaris_audit.lo sssd.lo:;
    # XXX - fill in AUTH_OBJS from contents of the auth dir instead
    $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
-    $makefile =~ s:\@LTLIBOBJS\@:clock_gettime.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo strtonum.lo utimes.lo:;
+    $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo strtonum.lo utimes.lo:;

    # Parse OBJS lines
    my %objs;
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -143,7 +143,7 @@ LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \
 		       toke_util.lo

 SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \
-	       goodpath.lo group_plugin.lo interfaces.lo iolog.lo \
+	       gettime.lo goodpath.lo group_plugin.lo interfaces.lo iolog.lo \
 	       iolog_path.lo locale.lo logging.lo logwrap.lo parse.lo \
 	       policy.lo prompt.lo set_perms.lo sudo_nss.lo sudoers.lo \
 	       timestamp.lo @SUDOERS_OBJS@
@@ -653,6 +653,10 @@ getspwuid.lo: $(srcdir)/getspwuid.c $(devdir)/def_data.h \
              $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
              $(top_builddir)/config.h $(top_builddir)/pathnames.h
 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getspwuid.c
+gettime.lo: $(srcdir)/gettime.c $(incdir)/compat/stdbool.h \
+            $(incdir)/compat/timespec.h $(incdir)/sudo_compat.h \
+            $(incdir)/sudo_util.h $(top_builddir)/config.h
+	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/gettime.c
 goodpath.lo: $(srcdir)/goodpath.c $(devdir)/def_data.h \
             $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
--- a/plugins/sudoers/gettime.c
+++ b/plugins/sudoers/gettime.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2014-2015 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifndef HAVE_STRUCT_TIMESPEC
+# include "compat/timespec.h"
+#endif
+#include <errno.h>
+
+#if defined(__MACH__) && !defined(HAVE_CLOCK_GETTIME)
+# include <mach/mach.h>
+# include <mach/mach_time.h>
+# include <mach/clock.h>
+#endif
+
+#include "sudoers.h"
+
+/* On Linux, CLOCK_MONOTONIC does not run while suspended. */
+#if defined(CLOCK_BOOTTIME)
+# define SUDO_CLOCK_MONOTONIC	CLOCK_BOOTTIME
+#elif defined(CLOCK_MONOTONIC)
+# define SUDO_CLOCK_MONOTONIC	CLOCK_MONOTONIC
+#endif
+
+#if defined(HAVE_CLOCK_GETTIME)
+int
+sudo_gettime_real(struct timespec *ts)
+{
+    debug_decl(sudo_gettime_real, SUDOERS_DEBUG_UTIL)
+
+    if (clock_gettime(CLOCK_REALTIME, ts) == -1) {
+	struct timeval tv;
+
+	sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
+	    "clock_gettime(CLOCK_REALTIME) failed, trying gettimeofday()");
+	if (gettimeofday(&tv, NULL) == -1)
+	    debug_return_int(-1);
+	TIMEVAL_TO_TIMESPEC(&tv, ts);
+    }
+    debug_return_int(0);
+}
+#else
+int
+sudo_gettime_real(struct timespec *ts)
+{
+    struct timeval tv;
+    debug_decl(sudo_gettime_real, SUDOERS_DEBUG_UTIL)
+
+    if (gettimeofday(&tv, NULL) == -1)
+	debug_return_int(-1);
+    TIMEVAL_TO_TIMESPEC(&tv, ts);
+    debug_return_int(0);
+}
+#endif
+
+#if defined(HAVE_CLOCK_GETTIME) && defined(SUDO_CLOCK_MONOTONIC)
+int
+sudo_gettime_mono(struct timespec *ts)
+{
+    static int has_monoclock = -1;
+    debug_decl(sudo_gettime_mono, SUDOERS_DEBUG_UTIL)
+
+    /* Check whether the kernel/libc actually supports CLOCK_MONOTONIC. */
+# ifdef _SC_MONOTONIC_CLOCK
+    if (has_monoclock == -1)
+	has_monoclock = sysconf(_SC_MONOTONIC_CLOCK) != -1;
+# endif
+    if (!has_monoclock)
+	debug_return_int(sudo_gettime_real(ts));
+    if (clock_gettime(SUDO_CLOCK_MONOTONIC, ts) == -1) {
+	sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
+	    "clock_gettime(%d) failed, using wall clock", SUDO_CLOCK_MONOTONIC);
+	has_monoclock = 0;
+	debug_return_int(sudo_gettime_real(ts));
+    }
+    debug_return_int(0);
+}
+#elif defined(__MACH__)
+int
+sudo_gettime_mono(struct timespec *ts)
+{
+    uint64_t abstime, nsec;
+    static mach_timebase_info_data_t timebase_info;
+    debug_decl(sudo_gettime_mono, SUDOERS_DEBUG_UTIL)
+
+    if (timebase_info.denom == 0)
+	(void) mach_timebase_info(&timebase_info);
+    abstime = mach_absolute_time();
+    nsec = abstime * timebase_info.numer / timebase_info.denom;
+    ts->tv_sec = nsec / 1000000000;
+    ts->tv_nsec = nsec % 1000000000;
+    debug_return_int(0);
+}
+#else
+int
+sudo_gettime_mono(struct timespec *ts)
+{
+    /* No monotonic clock available, use wall clock. */
+    return sudo_gettime_real(ts);
+}
+#endif
--- a/plugins/sudoers/po/sudoers.pot
+++ b/plugins/sudoers/po/sudoers.pot
@@ -5,9 +5,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: sudo 1.8.12\n"
+"Project-Id-Version: sudo 1.8.13b2\n"
 "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2015-02-20 06:33-0700\n"
+"POT-Creation-Date: 2015-02-24 11:20-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -132,34 +132,34 @@ msgstr ""
 msgid "%s: Cannot verify TGT! Possible attack!: %s"
 msgstr ""

-#: plugins/sudoers/auth/pam.c:98
+#: plugins/sudoers/auth/pam.c:97
 msgid "unable to initialize PAM"
 msgstr ""

-#: plugins/sudoers/auth/pam.c:149
+#: plugins/sudoers/auth/pam.c:153
 msgid "account validation failure, is your account locked?"
 msgstr ""

-#: plugins/sudoers/auth/pam.c:153
+#: plugins/sudoers/auth/pam.c:157
 msgid "Account or password is expired, reset your password and try again"
 msgstr ""

-#: plugins/sudoers/auth/pam.c:161
+#: plugins/sudoers/auth/pam.c:165
 #, c-format
 msgid "unable to change expired password: %s"
 msgstr ""

-#: plugins/sudoers/auth/pam.c:166
+#: plugins/sudoers/auth/pam.c:170
 msgid "Password expired, contact your system administrator"
 msgstr ""

-#: plugins/sudoers/auth/pam.c:170
+#: plugins/sudoers/auth/pam.c:174
 msgid ""
 "Account expired or PAM config lacks an \"account\" section for sudo, contact "
 "your system administrator"
 msgstr ""

-#: plugins/sudoers/auth/pam.c:187
+#: plugins/sudoers/auth/pam.c:186
 #, c-format
 msgid "PAM authentication error: %s"
 msgstr ""
@@ -205,31 +205,31 @@ msgstr ""
 msgid "unable to initialize SIA session"
 msgstr ""

-#: plugins/sudoers/auth/sudo_auth.c:115
+#: plugins/sudoers/auth/sudo_auth.c:135
 msgid "invalid authentication methods"
 msgstr ""

-#: plugins/sudoers/auth/sudo_auth.c:117
+#: plugins/sudoers/auth/sudo_auth.c:137
 msgid ""
 "Invalid authentication methods compiled into sudo!  You may not mix "
 "standalone and non-standalone authentication."
 msgstr ""

-#: plugins/sudoers/auth/sudo_auth.c:203 plugins/sudoers/auth/sudo_auth.c:252
+#: plugins/sudoers/auth/sudo_auth.c:233 plugins/sudoers/auth/sudo_auth.c:282
 msgid "no authentication methods"
 msgstr ""

-#: plugins/sudoers/auth/sudo_auth.c:205
+#: plugins/sudoers/auth/sudo_auth.c:235
 msgid ""
 "There are no authentication methods compiled into sudo!  If you want to turn "
 "off authentication, use the --disable-authentication configure option."
 msgstr ""

-#: plugins/sudoers/auth/sudo_auth.c:254
+#: plugins/sudoers/auth/sudo_auth.c:284
 msgid "Unable to initialize authentication methods."
 msgstr ""

-#: plugins/sudoers/auth/sudo_auth.c:412
+#: plugins/sudoers/auth/sudo_auth.c:442
 msgid "Authentication methods:"
 msgstr ""

@@ -754,21 +754,21 @@ msgid "Local IP address and netmask pairs:\n"
 msgstr ""

 #: plugins/sudoers/iolog.c:101 plugins/sudoers/iolog.c:119
-#: plugins/sudoers/timestamp.c:233
+#: plugins/sudoers/timestamp.c:224
 #, c-format
 msgid "%s exists but is not a directory (0%o)"
 msgstr ""

 #: plugins/sudoers/iolog.c:112 plugins/sudoers/iolog.c:133
-#: plugins/sudoers/iolog.c:140 plugins/sudoers/timestamp.c:227
-#: plugins/sudoers/timestamp.c:248
+#: plugins/sudoers/iolog.c:140 plugins/sudoers/timestamp.c:218
+#: plugins/sudoers/timestamp.c:239
 #, c-format
 msgid "unable to mkdir %s"
 msgstr ""

 #: plugins/sudoers/iolog.c:209 plugins/sudoers/sudoers.c:765
 #: plugins/sudoers/sudoreplay.c:330 plugins/sudoers/sudoreplay.c:793
-#: plugins/sudoers/sudoreplay.c:990 plugins/sudoers/timestamp.c:357
+#: plugins/sudoers/sudoreplay.c:990 plugins/sudoers/timestamp.c:351
 #: plugins/sudoers/visudo.c:832 plugins/sudoers/visudo_json.c:1035
 #: plugins/sudoers/visudo_json.c:1048
 #, c-format
@@ -782,7 +782,7 @@ msgid "unable to read %s"
 msgstr ""

 #: plugins/sudoers/iolog.c:282 plugins/sudoers/sudoreplay.c:575
-#: plugins/sudoers/timestamp.c:186 plugins/sudoers/timestamp.c:189
+#: plugins/sudoers/timestamp.c:177 plugins/sudoers/timestamp.c:180
 #, c-format
 msgid "unable to write to %s"
 msgstr ""
@@ -1272,7 +1272,7 @@ msgstr ""
 msgid "%s is not a regular file"
 msgstr ""

-#: plugins/sudoers/sudoers.c:788 plugins/sudoers/timestamp.c:289 toke.l:955
+#: plugins/sudoers/sudoers.c:788 plugins/sudoers/timestamp.c:280 toke.l:955
 #, c-format
 msgid "%s is owned by uid %u, should be %u"
 msgstr ""
@@ -1489,31 +1489,35 @@ msgid ""
 "Command unmatched"
 msgstr ""

-#: plugins/sudoers/timestamp.c:197
+#: plugins/sudoers/timestamp.c:188
 #, c-format
 msgid "unable to truncate time stamp file to %lld bytes"
 msgstr ""

-#: plugins/sudoers/timestamp.c:297
+#: plugins/sudoers/timestamp.c:288
 #, c-format
 msgid "%s is group writable"
 msgstr ""

-#: plugins/sudoers/timestamp.c:318
+#: plugins/sudoers/timestamp.c:309
 #, c-format
 msgid "timestamp path too long: %s/%s"
 msgstr ""

-#: plugins/sudoers/timestamp.c:498
+#: plugins/sudoers/timestamp.c:340 plugins/sudoers/timestamp.c:425
+msgid "unable to read the clock"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:495
 msgid "ignoring time stamp from the future"
 msgstr ""

-#: plugins/sudoers/timestamp.c:510
+#: plugins/sudoers/timestamp.c:507
 #, c-format
 msgid "time stamp too far in the future: %20.20s"
 msgstr ""

-#: plugins/sudoers/timestamp.c:613 plugins/sudoers/timestamp.c:634
+#: plugins/sudoers/timestamp.c:610 plugins/sudoers/timestamp.c:631
 #, c-format
 msgid "lecture status path too long: %s/%s"
 msgstr ""
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -239,6 +239,10 @@ char *expand_prompt(const char *old_prompt, const char *auth_user);
 void remove_timestamp(bool);
 bool set_lectured(void);

+/* gettime.c */
+int sudo_gettime_real(struct timespec *ts);
+int sudo_gettime_mono(struct timespec *ts);
+
 /* sudo_auth.c */
 bool sudo_auth_needs_end_session(void);
 int verify_user(struct passwd *pw, char *prompt, int validated);
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -51,15 +51,6 @@
 #include "sudoers.h"
 #include "check.h"

-/* On Linux, CLOCK_MONOTONIC does not run while suspended. */
-#if defined(CLOCK_BOOTTIME)
-# define SUDO_CLOCK_MONOTONIC	CLOCK_BOOTTIME
-#elif defined(CLOCK_MONOTONIC)
-# define SUDO_CLOCK_MONOTONIC	CLOCK_MONOTONIC
-#else
-# define SUDO_CLOCK_MONOTONIC	CLOCK_REALTIME
-#endif
-
 static char timestamp_file[PATH_MAX];
 static off_t timestamp_hint = (off_t)-1;
 static struct timestamp_entry timestamp_key;
@@ -345,8 +336,8 @@ update_timestamp(struct passwd *pw)

    /* Fill in time stamp. */
    memcpy(&entry, &timestamp_key, sizeof(struct timestamp_entry));
-    if (clock_gettime(SUDO_CLOCK_MONOTONIC, &entry.ts) == -1) {
-	log_warning(0, "clock_gettime(%d)", SUDO_CLOCK_MONOTONIC);
+    if (sudo_gettime_mono(&entry.ts) == -1) {
+	log_warning(0, N_("unable to read the clock"));
 	goto done;
    }

@@ -430,8 +421,8 @@ timestamp_status(struct passwd *pw)
 	    timestamp_key.u.ppid = getppid();
 	}
    }
-    if (clock_gettime(SUDO_CLOCK_MONOTONIC, &timestamp_key.ts) == -1) {
-	log_warning(0, "clock_gettime(%d)", SUDO_CLOCK_MONOTONIC);
+    if (sudo_gettime_mono(&timestamp_key.ts) == -1) {
+	log_warning(0, N_("unable to read the clock"));
 	status = TS_ERROR;
    }