summaryrefslogtreecommitdiff
path: root/server/responder/nss
diff options
context:
space:
mode:
Diffstat (limited to 'server/responder/nss')
-rw-r--r--server/responder/nss/nsssrv.c11
-rw-r--r--server/responder/nss/nsssrv.h2
-rw-r--r--server/responder/nss/nsssrv_cmd.c20
3 files changed, 24 insertions, 9 deletions
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 272cd38b..dad1c7c1 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -103,13 +103,14 @@ static int nss_get_config(struct nss_ctx *nctx,
ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT, 0,
- &nctx->cache_refresh_timeout);
+ CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE, 0,
+ &nctx->cache_refresh_percent);
if (ret != EOK) goto done;
- if (nctx->cache_refresh_timeout < 0) {
- DEBUG(0,("Configuration error: EntryCacheNoWaitRefreshTimeout is"
+ if (nctx->cache_refresh_percent < 0 ||
+ nctx->cache_refresh_percent > 99) {
+ DEBUG(0,("Configuration error: entry_cache_nowait_percentage is"
"invalid. Disabling feature.\n"));
- nctx->cache_refresh_timeout = 0;
+ nctx->cache_refresh_percent = 0;
}
ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY,
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index 0c2ea487..464481d7 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -47,7 +47,7 @@ struct nss_ctx {
int neg_timeout;
struct nss_nc_ctx *ncache;
- int cache_refresh_timeout;
+ int cache_refresh_percent;
int enum_cache_timeout;
time_t last_user_enum;
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index 3d4226fb..8f4f5db8 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -278,10 +278,10 @@ static errno_t check_cache(struct nss_dom_ctx *dctx,
{
errno_t ret;
int timeout;
- int refresh_timeout;
time_t now;
uint64_t lastUpdate;
uint64_t cacheExpire;
+ uint64_t midpoint_refresh;
struct nss_cmd_ctx *cmdctx = dctx->cmdctx;
struct cli_ctx *cctx = cmdctx->cctx;
bool call_provider = false;
@@ -298,13 +298,26 @@ static errno_t check_cache(struct nss_dom_ctx *dctx,
} else if ((req_type == SSS_DP_GROUP) ||
((req_type == SSS_DP_USER) && (res->count == 1))) {
- refresh_timeout = nctx->cache_refresh_timeout;
now = time(NULL);
lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0],
SYSDB_LAST_UPDATE, 0);
cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
SYSDB_CACHE_EXPIRE, 0);
+
+ midpoint_refresh = 0;
+ if(nctx->cache_refresh_percent) {
+ midpoint_refresh = lastUpdate +
+ (cacheExpire - lastUpdate)*nctx->cache_refresh_percent/100;
+ if (midpoint_refresh - lastUpdate < 10) {
+ /* If the percentage results in an expiration
+ * less than ten seconds after the lastUpdate time,
+ * that's too often we will simply set it to 10s
+ */
+ midpoint_refresh = lastUpdate+10;
+ }
+ }
+
if (cacheExpire < now) {
/* This is a cache miss. We need to get the updated user
* information before returning it.
@@ -312,11 +325,12 @@ static errno_t check_cache(struct nss_dom_ctx *dctx,
call_provider = true;
cb = callback;
}
- else if (refresh_timeout && (lastUpdate + refresh_timeout < now)) {
+ else if (midpoint_refresh && midpoint_refresh < now) {
/* We're past the the cache refresh timeout
* We'll return the value from the cache, but we'll also
* queue the cache entry for update out-of-band.
*/
+ DEBUG(6, ("Performing midpoint cache update on [%s]\n", opt_name));
call_provider = true;
cb = NULL;
}