diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-09-02 16:35:22 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-09-21 18:02:31 +0200 |
| commit | 51a95db6dcb720608eccaac01328b66ef7cc0d30 (patch) | |
| tree | 9606d56b7f2bbf25bf3bf1235a102eaa4ac21870 /src/shared/user-record.c | |
| parent | 55e11ace688aa5d0605baaaf4d88574c1b8b2911 (diff) | |
| download | systemd-51a95db6dcb720608eccaac01328b66ef7cc0d30.tar.gz | |
homed: don't block logins into accounts with future change time
This might happen if the system clock is wrong, and we should allow
access in this case (though certainly log about it).
Diffstat (limited to 'src/shared/user-record.c')
| -rw-r--r-- | src/shared/user-record.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/shared/user-record.c b/src/shared/user-record.c index e04df4d78b..a80c4932d1 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -2025,19 +2025,20 @@ int user_record_test_blocked(UserRecord *h) { assert(h); - n = now(CLOCK_REALTIME); - if (h->last_change_usec != UINT64_MAX && - h->last_change_usec > n) /* Don't allow log ins when the record is from the future */ - return -ESTALE; - if (h->locked > 0) return -ENOLCK; + n = now(CLOCK_REALTIME); + if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec) return -EL2HLT; if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec) return -EL3HLT; + if (h->last_change_usec != UINT64_MAX && + h->last_change_usec > n) /* Complain during log-ins when the record is from the future */ + return -ESTALE; + return 0; } |