NSS: Expire in-memory netgroup cache before the nowait timeout

The fact that we were keeping it in memory for the full duration
of the cache timeout meant that we would never reap the benefits
of the midpoint cache refresh.

https://fedorahosted.org/sssd/ticket/1340

1 files changed, 9 insertions, 1 deletions

diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index 0c3ca592e..151ded239 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -387,6 +387,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
     struct getent_ctx *netgr;
     struct sysdb_ctx *sysdb;
     char *name = NULL;
+    uint32_t lifetime;
 
     /* Check each domain for this netgroup name */
     while (dom) {
@@ -502,7 +503,14 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
                   name, dom->name));
         netgr->ready = true;
         netgr->found = true;
-        set_netgr_lifetime(dom->netgroup_timeout, step_ctx, netgr);
+        if (step_ctx->nctx->cache_refresh_percent) {
+            lifetime = dom->netgroup_timeout *
+                (step_ctx->nctx->cache_refresh_percent / 100);
+        } else {
+            lifetime = dom->netgroup_timeout;
+        }
+        if (lifetime < 10) lifetime = 10;
+        set_netgr_lifetime(lifetime, step_ctx, netgr);
         return EOK;
     }