File 1101536-negcache-Soften-condition-for-expired-entries.patch of Package sssd.5306

From be4569c92c2de86a71232e3f4b94caa1b13281e4 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed, 20 May 2015 13:13:40 +0200
Subject: [PATCH] negcache: Soften condition for expired entries

Type of timestamp for entries in negative cache is time_t
which is number of *seconds* that have elapsed since 1 January 1970.

The condition for ttl was to strict so entry could be valid
 from  "ttl-1" to  ttl e.g.
 * ttl is 1 second
 * entry was stored to negative cache at 1432120871.999639
   stored_timestamp = 1432120871
 * entry was tested few miliseconds later 1432120872.001293
   current_time = 1432120872

Entry was marked as expired becuase result of condition was false
  stored_timestamp + ttl < current_time
          1432120871 + 1 < 1432120872

This is a reason why ./test-negcache sometime fails.
It's quite easily reproducible on slow machine or when valgrind was used.

sh$ while libtool --mode=execute valgrind ./test-negcache ; do echo OK: done

Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 75e4a7753c44e9f2a7a65fad77d95e394f81c125)
---
 src/responder/common/negcache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 88dd18fa53..70bb8ba667 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -116,7 +116,7 @@ static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl)
         goto done;
     }
 
-    if (timestamp + ttl > time(NULL)) {
+    if (timestamp + ttl >= time(NULL)) {
         /* still valid */
         ret = EEXIST;
         goto done;