Ticket #4266 defect closed fixed

Opened 3 years ago

Last modified 3 years ago

Conch ssh client auth order doesn't honour preferredOrder

Reported by: alanfranzoni Owned by:
Priority: normal Milestone:
Component: conch Keywords:
Cc: jesstess, alanfranzoni Branch: branches/userauth-order-4266
Author: jesstess Launchpad Bug:

Description

Problem lies in twisted.conch.ssh.userauth.py, class SSHUserAuthClient

when trying to auth, ordering doesn't work as expected; if preferredorder is ["a", "b"] and server return as auth methods ["x" , "a"], the client will try to use, in order, ["x", "a"]. This happens because orderByPreference in ssh_USERAUTH_FAILURE() returns -1 when a method is NOT within preferredOrder, and util.dsu will then put this method to the beginning of the resulting canContinue list.

The test wasn't really suited to check for that error because the auth method "afirstmethod" did not exist on the client, and this just made the client skip that method because it couldn't fine auth_afirstmethod, and go on with the password.

The attached patch contains a modifed test which triggers the issue and a proposed fix.

Attachments

twisted_ssh_userauth.patch Download (1.4 KB) - added by alanfranzoni 3 years ago.
ssh client userauth correct preferredOrder patch
userauth-2.patch Download (2.2 KB) - added by alanfranzoni 3 years ago.

Change History

Changed 3 years ago by alanfranzoni

ssh client userauth correct preferredOrder patch

1

Changed 3 years ago by exarkun

  • owner z3p deleted
  • keywords review added

2

Changed 3 years ago by jesstess

  • owner set to jesstess

3

Changed 3 years ago by jesstess

  • branch set to branches/userauth-order-4266
  • branch_author set to jesstess

(In [28160]) Branching to 'userauth-order-4266'

4

Changed 3 years ago by jesstess

(In [28161]) Apply twisted_ssh_userauth.patch by alanfranzoni.

refs #4266

5

Changed 3 years ago by jesstess

  • owner changed from jesstess to alanfranzoni
  • cc jesstess added
  • keywords review removed

Thanks for the patch, alanfranzoni. The patch looks good and the branch passes on my test machine. A few comments:

  • orderByPreference would benefit from a doc string, including epytext markup for it's parameter, and ssh_USERAUTH_FAILURE could also use markup for it's parameters and return value. Docstrings and markup are described in the coding standard.
  • Since userauth.py and test_userauth.py are getting modified, can you bump the copyrights on them?
  • Can you add a NEWS file for the defect, as described in ReviewProcess?

Branch userauth-order-4266 now exists for this change. Please make subsequent diffs against this branch. Thanks again!

6

Changed 3 years ago by alanfranzoni

  • keywords review added
  • owner changed from alanfranzoni to jesstess

Here it is, I hope I have understood the way the conch client works :-)

Changed 3 years ago by alanfranzoni

7

Changed 3 years ago by jesstess

  • keywords review removed

8

Changed 3 years ago by jesstess

(In [28170]) Apply userauth-2.patch and add a bit up epytext markup.

refs #4266

9

Changed 3 years ago by jesstess

  • cc alanfranzoni added

10

Changed 3 years ago by jesstess

  • status changed from new to closed
  • resolution set to fixed

(In [28171]) Merge userauth-order-4266

Author: alanfranzoni Reviewer: jesstess Fixes: #4266

twisted.conch.ssh.SSHUserAuthClient now honors preferredOrder when authenticating.

11

Changed 2 years ago by <automation>

  • owner jesstess deleted
Note: See TracTickets for help on using tickets.