diff options
| -rw-r--r-- | src/home/user-record-util.c | 10 | ||||
| -rw-r--r-- | src/shared/user-record.c | 5 |
2 files changed, 11 insertions, 4 deletions
diff --git a/src/home/user-record-util.c b/src/home/user-record-util.c index 5d0ac86533..57f641b437 100644 --- a/src/home/user-record-util.c +++ b/src/home/user-record-util.c @@ -1238,10 +1238,12 @@ int user_record_ratelimit(UserRecord *h) { usec = now(CLOCK_REALTIME); - if (h->ratelimit_begin_usec != UINT64_MAX && h->ratelimit_begin_usec > usec) - /* Hmm, time is running backwards? Say no! */ - return 0; - else if (h->ratelimit_begin_usec == UINT64_MAX || + if (h->ratelimit_begin_usec != UINT64_MAX && h->ratelimit_begin_usec > usec) { + /* Hmm, start-time is after the current time? If so, the RTC most likely doesn't work. */ + new_ratelimit_begin_usec = usec; + new_ratelimit_count = 1; + log_debug("Rate limit timestamp is in the future, assuming incorrect system clock, resetting limit."); + } else if (h->ratelimit_begin_usec == UINT64_MAX || usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h)) <= usec) { /* Fresh start */ new_ratelimit_begin_usec = usec; diff --git a/src/shared/user-record.c b/src/shared/user-record.c index 05e515b03a..8ed034b265 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -1865,6 +1865,11 @@ uint64_t user_record_ratelimit_next_try(UserRecord *h) { h->ratelimit_count == UINT64_MAX) return UINT64_MAX; + if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then + * the local clock is probably incorrect. Let's + * not refuse login then. */ + return UINT64_MAX; + if (h->ratelimit_count < user_record_ratelimit_burst(h)) return 0; |