On Mon, 2 Jan 2023, Jim Klimov wrote:
> Surely if the password is say "!@#"!@*&" then all 10 characters are part of the password. It is not for NUT to guess.So I've run some experiments... and it seems to work as I OTOH-described earlier. In the new NIT tests, there are methods for `upsmon` configuration to be created but it is not tested yet. Passwords for upsmon roles are used from API clients however (Python, C++) and they succeed whether it is enclosed in double-quotes or not in the `upsd.users` file. In a live setup, identical password strings with or without doublequotes worked for `upsmon.conf` and `upsd.conf`, also if only one is quoted. Escaped doublequotes inside a password also worked, e.g. pass\"word or "pass\"word"; however spaces (escaped or hidden in doublequotes) did not work since the NUT protocol did not allow for that extra token on assumed request line => ERR INVALID-ARGUMENT. Then it gets a bit complicated for "invalid" spellings: * upsd.users may define a pass"word (one unescaped quote in the middle) but upsmon.conf must have it properly quoted and escaped as "pass\"word" (otherwise it is a very long token I guess, and the MONITOR role is defaulted as a secondary since the requested primary role is not parsed as such). * upsd.users may define a "pass"word" (three unescaped quotes) but effectively the token is cut at the second quote, rest being ignored for this line - so upsmon.conf must use it as "pass". Similar effects are in place for `upsd.users` entries without an upsmon role - quotes around work, unescaped quotes in the middle like pass"word do not, escaped quotes in the middle do work, spaces cause ERR PASSWORD-REQUIRED. So passwords with spaces may be a problem, but otherwise everything seems correct and predictable ;)
I shall add a note to the Configuration Examples to say: Avoid placing spaces U+0020 and quotation marks " U+0022 in passwords. Roger
_______________________________________________ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser