Hello list,
for a deployment I'm administering, I'm using winbind and sssd in parallel, both for different authentication sources (so it's not about their interoperability, but rather about using them in parallel). It seems that sssd has/had a bug which meant that winbind 4.8+ and sssd, if used together as NSS sources, would, for unavailable accounts in both authentication sources, lead to a DoS against winbind due to recursive calls of the NSS infrastructure. I'm deploying winbind (for a Windows Domain) and sssd (for an LDAP authentication source with client certificate authentication) on Debian 10.
Samba tracked this as bug #13815 (https://bugzilla.samba.org/show_bug.cgi?id=13815), which contains a link to a corresponding issue in the RedHat bugtracker (https://bugzilla.redhat.com/show_bug.cgi?id=1666819), which supposedly contains a patch for the behaviour; as the bug isn't open, I can neither see what the patch actually is, nor can I prepare the patch for the Debian packaging of sssd.
Can anybody shed some light on what the patch is (and/or link to the commit in Pagure), specifically also which published version the patch is contained in, so that I might either decide to deploy updated sssd packages for Debian, or even try to backport the patch to the Debian built-in version? I can't find a means to search commits in Pagure, that's why I'm asking here, but even just that would be helpful.
Thanks in advance!