diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-09-02 16:36:27 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-12-08 14:25:44 +0100 |
commit | 7bcac93b9288ae1a357352abe7439ee701386e40 (patch) | |
tree | 33139d7ec3460e7a030c231f9ecd6ddba168a880 /src/shared | |
parent | a4800149c354bdffeaf61368372beb4a7f2ae5d8 (diff) | |
download | systemd-7bcac93b9288ae1a357352abe7439ee701386e40.tar.gz |
homed: ignore ratelimiting counters when timestamp is from future
This likely indicates that the system clock is simply wrong, hence allow
access in this case.
Fixes: #15917
(cherry picked from commit 61a29a020c5c6611a22a84c1456e8da7aa656194)
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/user-record.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/shared/user-record.c b/src/shared/user-record.c index 05e515b03a..8ed034b265 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -1865,6 +1865,11 @@ uint64_t user_record_ratelimit_next_try(UserRecord *h) { h->ratelimit_count == UINT64_MAX) return UINT64_MAX; + if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then + * the local clock is probably incorrect. Let's + * not refuse login then. */ + return UINT64_MAX; + if (h->ratelimit_count < user_record_ratelimit_burst(h)) return 0; |