[Nut-upsuser] nut-monitor: Set password on [cyberpower at localhost] failed - got [ERR INVALID-ARGUMENT]

Roger Price roger at rogerprice.org
Mon Jan 2 15:51:15 GMT 2023

On Mon, 2 Jan 2023, Jim Klimov wrote:

> > Surely if the password is say "!@#"!@*&" then all 10 characters are part of the password.  It is not for NUT to guess.
> So I've run some experiments... and it seems to work as I OTOH-described earlier.
> In the new NIT tests, there are methods for `upsmon` configuration to be created but it is not tested yet. Passwords for upsmon roles are
> used from API clients however (Python, C++) and they succeed whether it is enclosed in double-quotes or not in the `upsd.users` file.
> In a live setup, identical password strings with or without doublequotes worked for `upsmon.conf` and `upsd.conf`, also if only one is
> quoted.
> Escaped doublequotes inside a password also worked, e.g. pass\"word or "pass\"word"; however spaces (escaped or hidden in doublequotes)
> did not work since the NUT protocol did not allow for that extra token on assumed request line => ERR INVALID-ARGUMENT.
> Then it gets a bit complicated for "invalid" spellings:
> * upsd.users may define a pass"word (one unescaped quote in the middle) but upsmon.conf must have it properly quoted and escaped as
> "pass\"word" (otherwise it is a very long token I guess, and the MONITOR role is defaulted as a secondary since the requested primary role
> is not parsed as such).
> * upsd.users may define a "pass"word" (three unescaped quotes) but effectively the token is cut at the second quote, rest being ignored
> for this line - so upsmon.conf must use it as "pass".
> Similar effects are in place for `upsd.users` entries without an upsmon role - quotes around work, unescaped quotes in the middle like
> pass"word do not, escaped quotes in the middle do work, spaces cause ERR PASSWORD-REQUIRED.
> So passwords with spaces may be a problem, but otherwise everything seems correct and predictable ;)

I shall add a note to the Configuration Examples to say:

   Avoid placing spaces U+0020 and quotation marks " U+0022 in passwords.


More information about the Nut-upsuser mailing list