Ticket #4266 defect closed fixed
Conch ssh client auth order doesn't honour preferredOrder
|Reported by:||alanfranzoni||Owned by:|
(diff, github, buildbot, log)
Problem lies in twisted.conch.ssh.userauth.py, class SSHUserAuthClient
when trying to auth, ordering doesn't work as expected; if preferredorder is ["a", "b"] and server return as auth methods ["x" , "a"], the client will try to use, in order, ["x", "a"]. This happens because orderByPreference in ssh_USERAUTH_FAILURE() returns -1 when a method is NOT within preferredOrder, and util.dsu will then put this method to the beginning of the resulting canContinue list.
The test wasn't really suited to check for that error because the auth method "afirstmethod" did not exist on the client, and this just made the client skip that method because it couldn't fine auth_afirstmethod, and go on with the password.
The attached patch contains a modifed test which triggers the issue and a proposed fix.