[SSSD] [sssd PR#528][synchronized] NSS: Adjust netgroup setnetgrent cache lifetime if midpoint refresh is used

Tue, 13 Mar 2018 03:28:37 -0700 

   URL: https://github.com/SSSD/sssd/pull/528
Author: jhrozek
 Title: #528: NSS: Adjust netgroup setnetgrent cache lifetime if midpoint 
refresh is used
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/528/head:pr528
git checkout pr528

From d7d83b2934876f14e0a4c77f66eb419fd4f909f7 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 5 Mar 2018 21:00:30 +0100
Subject: [PATCH] NSS: Adjust netgroup setnetgrent cache lifetime if midpoint
 refresh is used

This is a minor regression compared to the state of the code before we
converted the responders to cache_req. The NSS responder keeps a has
table of netgroup objects in memory for either the lifetime of the
netgroup, or, in case midpoint refresh is used, up to the midpoint
refresh time. The case with the midpoint refresh was removed in the
cache_req enabled code, which means that even if the netgroup was
updated in the cache with the background refresh task, the object was
never read from cache, but always still returned from the in-memory
enumeration hash.

Resolves:
https://pagure.io/SSSD/sssd/issue/3550
---
 src/responder/nss/nss_enum.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/responder/nss/nss_enum.c b/src/responder/nss/nss_enum.c
index da844fbce..031db9f2e 100644
--- a/src/responder/nss/nss_enum.c
+++ b/src/responder/nss/nss_enum.c
@@ -280,7 +280,18 @@ nss_setnetgrent_set_timeout(struct tevent_context *ev,
     struct timeval tv;
     uint32_t timeout;
 
-    timeout = enum_ctx->result[0]->domain->netgroup_timeout;
+    if (nss_ctx->cache_refresh_percent) {
+        timeout = enum_ctx->result[0]->domain->netgroup_timeout *
+            (nss_ctx->cache_refresh_percent / 100.0);
+    } else {
+        timeout = enum_ctx->result[0]->domain->netgroup_timeout;
+    }
+
+    /* In order to not trash the cache between setnetgrent()/getnetgrent()
+     * calls with too low timeout values, we only allow 10 seconds as
+     * the minimal timeout
+     */
+    if (timeout < 10) timeout = 10;
 
     tv = tevent_timeval_current_ofs(timeout, 0);
     te = tevent_add_timer(ev, enum_ctx, tv, nss_setnetgrent_timeout, enum_ctx);

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to