rpms / sssd

Clone
Source Code
GIT

Files

  1.   bc3790f5a0da28c52d1d22a6da574b7b133ac14d
  2.   0021-NSS-Adjust-netgroup-setnetgrent-cache-lifetime-if-mi.patch
Blob Blame History Raw 
From d0801ecbac1300978fc864ae394e6ff43dda2781 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 5 Mar 2018 21:00:30 +0100
Subject: [PATCH] NSS: Adjust netgroup setnetgrent cache lifetime if midpoint
 refresh is used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is a minor regression compared to the state of the code before we
converted the responders to cache_req. The NSS responder keeps a has
table of netgroup objects in memory for either the lifetime of the
netgroup, or, in case midpoint refresh is used, up to the midpoint
refresh time. The case with the midpoint refresh was removed in the
cache_req enabled code, which means that even if the netgroup was
updated in the cache with the background refresh task, the object was
never read from cache, but always still returned from the in-memory
enumeration hash.

Resolves:
https://pagure.io/SSSD/sssd/issue/3550

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f22528922c065f37ca928f95fd86ed2ea79e0d51)
---
 src/responder/nss/nss_enum.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/responder/nss/nss_enum.c b/src/responder/nss/nss_enum.c
index da844fbce..031db9f2e 100644
--- a/src/responder/nss/nss_enum.c
+++ b/src/responder/nss/nss_enum.c
@@ -280,7 +280,18 @@ nss_setnetgrent_set_timeout(struct tevent_context *ev,
     struct timeval tv;
     uint32_t timeout;
 
-    timeout = enum_ctx->result[0]->domain->netgroup_timeout;
+    if (nss_ctx->cache_refresh_percent) {
+        timeout = enum_ctx->result[0]->domain->netgroup_timeout *
+            (nss_ctx->cache_refresh_percent / 100.0);
+    } else {
+        timeout = enum_ctx->result[0]->domain->netgroup_timeout;
+    }
+
+    /* In order to not trash the cache between setnetgrent()/getnetgrent()
+     * calls with too low timeout values, we only allow 10 seconds as
+     * the minimal timeout
+     */
+    if (timeout < 10) timeout = 10;
 
     tv = tevent_timeval_current_ofs(timeout, 0);
     te = tevent_add_timer(ev, enum_ctx, tv, nss_setnetgrent_timeout, enum_ctx);
-- 
2.14.3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.