homed: ignore ratelimiting counters when timestamp is from future

This likely indicates that the system clock is simply wrong, hence allow access in this case. Fixes: #15917 (cherry picked from commit 61a29a020c5c6611a22a84c1456e8da7aa656194)
author: Lennart Poettering <lennart@poettering.net> 2020-09-02 16:36:27 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-12-08 14:25:44 +0100
commit: 7bcac93b9288ae1a357352abe7439ee701386e40 (patch)
tree: 33139d7ec3460e7a030c231f9ecd6ddba168a880 /src/shared
parent: a4800149c354bdffeaf61368372beb4a7f2ae5d8 (diff)
download: systemd-7bcac93b9288ae1a357352abe7439ee701386e40.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/shared/user-record.c b/src/shared/user-record.c
index 05e515b03a..8ed034b265 100644
--- a/src/shared/user-record.c
+++ b/src/shared/user-record.c
@@ -1865,6 +1865,11 @@ uint64_t user_record_ratelimit_next_try(UserRecord *h) {
             h->ratelimit_count == UINT64_MAX)
                 return UINT64_MAX;
 
+        if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then
+                                                            * the local clock is probably incorrect. Let's
+                                                            * not refuse login then. */
+                return UINT64_MAX;
+
         if (h->ratelimit_count < user_record_ratelimit_burst(h))
                 return 0;
author	Lennart Poettering <lennart@poettering.net>	2020-09-02 16:36:27 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-12-08 14:25:44 +0100
commit	7bcac93b9288ae1a357352abe7439ee701386e40 (patch)
tree	33139d7ec3460e7a030c231f9ecd6ddba168a880 /src/shared
parent	a4800149c354bdffeaf61368372beb4a7f2ae5d8 (diff)
download	systemd-7bcac93b9288ae1a357352abe7439ee701386e40.tar.gz