networkupstools
diff --git a/‎NEWS.adoc‎
Lines changed: 21 additions & 3 deletions b/‎NEWS.adoc‎
Lines changed: 21 additions & 3 deletions
diff --git a/‎UPGRADING.adoc‎
Lines changed: 24 additions & 3 deletions b/‎UPGRADING.adoc‎
Lines changed: 24 additions & 3 deletions
diff --git a/‎clients/Makefile.am‎
Lines changed: 2 additions & 1 deletion b/‎clients/Makefile.am‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎clients/upsc.c‎
Lines changed: 16 additions & 1 deletion b/‎clients/upsc.c‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎clients/upsclient.c‎
Lines changed: 133 additions & 7 deletions b/‎clients/upsclient.c‎
Lines changed: 133 additions & 7 deletions
diff --git a/‎clients/upsclient.h‎
Lines changed: 20 additions & 1 deletion b/‎clients/upsclient.h‎
Lines changed: 20 additions & 1 deletion
@@ -403,9 +403,27 @@ This requirement compromises usability of `make distcheck` on platforms without
    * Updated `upsmon` client with setting to toggle whether an `ALARM`
      status can prompt the UPS to become critical in certain situations.
 
- - New `libupsclient` API methods added, `upscli_str_add_unique_token()` and
-   `upscli_str_contains_token()`, to help C NUT clients process `ups.status` and
-   similarly structured strings same way as NUT core code base. [#2852, #2859]
+ - New `libupsclient` API methods added:
+   * `upscli_str_add_unique_token()` and `upscli_str_contains_token()`,
+     to help C NUT clients process `ups.status` and similarly structured
+     strings same way as NUT core code base. [#2852, #2859]
+   * `upscli_connect()` was previously always blocking; now this is sort of
+     optional, with new `upscli_set_default_timeout()` able to change the
+     implicit timeout from default zero (meaning blocking) to a positive
+     value (or back to 0). Several NUT clients (`upsc`, `upscmd`, `upsrw`,
+     `upslog`, `upsmon`, `upsimage`, `upsset` and `upsstats`) were updated
+     to default with a 10-second timeout in case of name resolution lags or
+     unresponsive hosts (notably a problem with `upsmon` contacting many
+     remote systems at once). The `NUT_DEFAULT_CONNECT_TIMEOUT` environment
+     variable can be used to modify this timeout for all clients. [#2847]
+   * Symbols exported from `libupsclient` now include `nut_debug_level*` so
+     that NUT clients can be usefully debugged (e.g. using `NUT_DEBUG_LEVEL`
+     environment variable). [#2847]
+
+ - Several NUT clients including `upscmd`, `upsrw`, `upsimage`, `upsset`,
+   `upsstats`, and `upslog` (during reconnection), did not `UPSCLI_CONN_TRYSSL`
+   so went plaintext even when secure connections were possible. Fixed to at
+   least try being secure, same way as `upsc` does for a long time. [#2847]
 
  - upsmon:
    * it was realized that the `POWERDOWNFLAG` must be explicitly set in the
 
@@ -77,9 +77,30 @@ Changes from 2.8.2 to 2.8.3
   on having those for translations to be found -- this should be reflected
   in OS packaging recipes as well. [#2845]
 
-- New `libupsclient` API methods added, `upscli_str_add_unique_token()` and
-  `upscli_str_contains_token()`, to help C NUT clients process `ups.status` and
-  similarly structured strings same way as NUT core code base. [#2852, #2859]
+- New `libupsclient` API methods added:
+  * `upscli_str_add_unique_token()` and `upscli_str_contains_token()`,
+    to help C NUT clients process `ups.status` and similarly structured
+    strings same way as NUT core code base. [#2852, #2859]
+  * `upscli_set_default_timeout()` to modify the internal timeout used by
+    `upscli_connect()` (default 0 still means blocking connections, positive
+    values should time-limit the connection attempts). [#2847]
+  * `upscli_get_default_timeout()` to retrieve internal timeout
+
+- Standard NUT clients including `upsc`, `upscmd`, `upsrw`, `upslog`, `upsmon`,
+  `upsimage`, `upsset` and `upsstats`) were updated to default with a 10-second
+  connection establishment timeout in case of name resolution lags or
+  unresponsive hosts (notably a problem with `upsmon` contacting many remote
+  systems at once). This may potentially impact NUT deployments which somehow
+  relied on the blocking behavior of these clients; you can use the
+  `NUT_DEFAULT_CONNECT_TIMEOUT` environment variable to fix this. [#2847]
+
+- Several NUT clients including `upscmd`, `upsrw`, `upsimage`, `upsset`,
+  `upsstats`, and `upslog` (during reconnection), did not `UPSCLI_CONN_TRYSSL`
+  so went plaintext even when secure connections were possible. Fixed to at
+  least try being secure, same way as `upsc` does for a long time. This may
+  cause console or log messages when SSL can not be initialized, you can use
+  the `NUT_QUIET_INIT_SSL` environment variable to suppress them where the
+  cryptography is known to be not set up, so the warnings bring no value. [#2847]
 
 - `lib/*.pc.in`: propagate `-R/PATH` (or equivalent -- as detected by the
   `configure` script for the currently used compiler and linker toolkits)
 
@@ -113,7 +113,8 @@ endif WITH_SSL
 
 # libupsclient version information
 libupsclient_la_LDFLAGS = -version-info 6:2:0
-libupsclient_la_LDFLAGS += -export-symbols-regex '^(upscli_)'
+libupsclient_la_LDFLAGS += -export-symbols-regex '^(upscli_|nut_debug_level)'
+#|s_upsdebug|fatalx|fatal_with_errno|xcalloc|xbasename|print_banner_once)'
 if HAVE_WINDOWS
   # Many versions of MingW seem to fail to build non-static DLL without this
   libupsclient_la_LDFLAGS += -no-undefined
 
@@ -31,6 +31,8 @@
 #include "nut_stdint.h"
 #include "upsclient.h"
 
+#define UPSCLI_DEFAULT_TIMEOUT "10" /* network timeout in secs */
+
 static char		*upsname = NULL, *hostname = NULL;
 static UPSCONN_t	*ups = NULL;
 
@@ -59,6 +61,8 @@ static void usage(const char *prog)
 
 	printf("\nCommon arguments:\n");
 	printf("  -V         - display the version of this software\n");
+	printf("  -W <secs>  - network timeout (default: %s)\n",
+	       UPSCLI_DEFAULT_TIMEOUT);
 	printf("  -h         - display this help text\n");
 
 	nut_report_config_flags();
@@ -223,6 +227,7 @@ int main(int argc, char **argv)
 	uint16_t	port;
 	int	varlist = 0, clientlist = 0, verbose = 0;
 	const char	*prog = xbasename(argv[0]);
+	const char	*net_timeout = NULL;
 	char	*s = NULL;
 
 	/* NOTE: Caller must `export NUT_DEBUG_LEVEL` to see debugs for upsc
@@ -236,7 +241,7 @@ int main(int argc, char **argv)
 	}
 	upsdebugx(1, "Starting NUT client: %s", prog);
 
-	while ((i = getopt(argc, argv, "+hlLcV")) != -1) {
+	while ((i = getopt(argc, argv, "+hlLcVW:")) != -1) {
 
 		switch (i)
 		{
@@ -247,6 +252,7 @@ int main(int argc, char **argv)
 		fallthrough_case_l:
 			varlist = 1;
 			break;
+
 		case 'c':
 			clientlist = 1;
 			break;
@@ -258,13 +264,22 @@ int main(int argc, char **argv)
 			nut_report_config_flags();
 			exit(EXIT_SUCCESS);
 
+		case 'W':
+			net_timeout = optarg;
+			break;
+
 		case 'h':
 		default:
 			usage(prog);
 			exit(EXIT_SUCCESS);
 		}
 	}
 
+	if (upscli_init_default_timeout(net_timeout, NULL, UPSCLI_DEFAULT_TIMEOUT) < 0) {
+		fatalx(EXIT_FAILURE, "Error: invalid network timeout: %s",
+		       net_timeout);
+	}
+
 	argc -= optind;
 	argv += optind;
 
 
@@ -57,6 +57,7 @@
 
 #include "common.h"
 #include "nut_stdint.h"
+#include "nut_float.h"
 #include "timehead.h"
 #include "upsclient.h"
 
@@ -154,9 +155,12 @@ typedef struct HOST_CERT_s {
 }	HOST_CERT_t;
 static HOST_CERT_t* upscli_find_host_cert(const char* hostname);
 
-
+/* Flag for SSL init */
 static int upscli_initialized = 0;
 
+/* 0 means no timeout in upscli_connect() */
+static struct timeval upscli_default_timeout = {0, 0};
+
 #ifdef WITH_OPENSSL
 static SSL_CTX	*ssl_ctx;
 #elif defined(WITH_NSS) /* WITH_OPENSLL */
@@ -345,6 +349,11 @@ int upscli_init(int certverify, const char *certpath,
 	NUT_UNUSED_VARIABLE(certpasswd);
 #endif /* WITH_OPENSSL | WITH_NSS */
 
+	if (upscli_initialized == 1) {
+		upslogx(LOG_WARNING, "upscli already initialized");
+		return -1;
+	}
+
 	quiet_init_ssl = getenv("NUT_QUIET_INIT_SSL");
 	if (quiet_init_ssl != NULL) {
 		if (*quiet_init_ssl == '\0'
@@ -357,11 +366,6 @@ int upscli_init(int certverify, const char *certpath,
 		}
 	}
 
-	if (upscli_initialized == 1) {
-		upslogx(LOG_WARNING, "upscli already initialized");
-		return -1;
-	}
-
 #ifdef WITH_OPENSSL
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
@@ -1130,6 +1134,8 @@ int upscli_tryconnect(UPSCONN_t *ups, const char *host, uint16_t port, int flags
 				else {
 					/* Timeout */
 					v = -1;
+					ups->upserror = UPSCLI_ERR_CONNFAILURE;
+					ups->syserrno = ETIMEDOUT;
 					break;
 				}
 			}
@@ -1150,6 +1156,14 @@ int upscli_tryconnect(UPSCONN_t *ups, const char *host, uint16_t port, int flags
 
 		if (v < 0) {
 			close(sock_fd);
+			/* if timeout, break out so client can continue */
+			/* match Linux behavior that updates timeout struct */
+			if (timeout != NULL &&
+			    ups->upserror == UPSCLI_ERR_CONNFAILURE &&
+			    ups->syserrno == ETIMEDOUT
+			) {
+				break;
+			}
 			continue;
 		}
 
@@ -1234,7 +1248,12 @@ int upscli_tryconnect(UPSCONN_t *ups, const char *host, uint16_t port, int flags
 
 int upscli_connect(UPSCONN_t *ups, const char *host, uint16_t port, int flags)
 {
-	return upscli_tryconnect(ups,host,port,flags,NULL);
+	struct timeval tv = upscli_default_timeout, *ptv = NULL;
+	if (tv.tv_sec != 0 || tv.tv_usec != 0) {
+		/* By default, ptv==NULL for a blocking upscli_tryconnect() */
+		ptv = &tv;
+	}
+	return upscli_tryconnect(ups, host, port, flags, ptv);
 }
 
 /* map upsd error strings back to upsclient internal numbers */
@@ -1846,6 +1865,113 @@ int upscli_ssl(UPSCONN_t *ups)
 	return 0;
 }
 
+int upscli_set_default_timeout(const char *secs) {
+	double fsecs;
+
+	if (secs) {
+		if (str_to_double(secs, &fsecs, 10) < 1) {
+			return -1;
+		}
+		if (d_equal(fsecs, 0.0)) {
+			upscli_default_timeout.tv_sec = 0;
+			upscli_default_timeout.tv_usec = 0;
+			return 0;
+		}
+		if (fsecs < 0.0) {
+			return -1;
+		}
+		upscli_default_timeout.tv_sec = (time_t)fsecs;
+		fsecs *= 1000000;
+		upscli_default_timeout.tv_usec =
+			(suseconds_t)((int)fsecs % 1000000);
+	}
+	else {
+		upscli_default_timeout.tv_sec = 0;
+		upscli_default_timeout.tv_usec = 0;
+	}
+	return 0;
+}
+
+void upscli_get_default_timeout(struct timeval *ptv) {
+	if (ptv) {
+		*ptv = upscli_default_timeout;
+	}
+}
+
+int upscli_init_default_timeout(const char *cli_secs, const char *config_secs, const char *default_secs) {
+	const char	*envvar_secs, *cause = "built-in";
+	int	failed = 0, applied = 0;
+
+	/* First the very default: blocking connections as we always had */
+	upscli_default_timeout.tv_sec = 0;
+	upscli_default_timeout.tv_usec = 0;
+
+	/* Then try a program's built-in default, if any */
+	if (default_secs) {
+		if (upscli_set_default_timeout(default_secs) < 0) {
+			upsdebugx(1, "%s: default_secs='%s' value was not recognized, ignored",
+				__func__, default_secs);
+			failed++;
+		} else {
+			cause = "default_secs";
+			applied++;
+		}
+	}
+
+	/* Then override with envvar setting, if any (and if its value is valid) */
+	envvar_secs = getenv("NUT_DEFAULT_CONNECT_TIMEOUT");
+	if (envvar_secs) {
+		if (upscli_set_default_timeout(envvar_secs) < 0) {
+			upsdebugx(1, "%s: NUT_DEFAULT_CONNECT_TIMEOUT='%s' value was not recognized, ignored",
+				__func__, envvar_secs);
+			failed++;
+		} else {
+			cause = "envvar_secs";
+			applied++;
+		}
+	}
+
+	/* Then override with config-file setting, if any (and if its value is valid) */
+	if (config_secs) {
+		if (upscli_set_default_timeout(config_secs) < 0) {
+			upsdebugx(1, "%s: config_secs='%s' value was not recognized, ignored",
+				__func__, config_secs);
+			failed++;
+		} else {
+			cause = "config_secs";
+			applied++;
+		}
+	}
+
+	/* Then override with command-line setting, if any (and if its value is valid) */
+	if (cli_secs) {
+		if (upscli_set_default_timeout(cli_secs) < 0) {
+			upsdebugx(1, "%s: cli_secs='%s' value was not recognized, ignored",
+				__func__, cli_secs);
+			failed++;
+		} else {
+			cause = "cli_secs";
+			applied++;
+		}
+	}
+
+	upsdebugx(1, "%s: upscli_default_timeout=%" PRIiMAX
+		 ".%06" PRIiMAX " sec assigned from: %s",
+		__func__, (intmax_t)upscli_default_timeout.tv_sec,
+		(intmax_t)upscli_default_timeout.tv_usec, cause);
+
+	/* Some non-built-in value was OK */
+	if (applied)
+		return 0;
+
+	/* None of provided non-built-in values was OK */
+	if (failed)
+		return -1;
+
+	/* At least we have the built-in default and nothing failed */
+	return 0;
+}
+
 /* Pick up the methods below from libcommon and expose in the NUT client API */
 int	upscli_str_contains_token(const char *string, const char *token)
 {
 
@@ -1,6 +1,8 @@
 /* upsclient.h - definitions for upsclient functions
 
-   Copyright (C) 2002  Russell Kroll <rkroll@exploits.org>
+   Copyright (C)
+        2002	Russell Kroll <rkroll@exploits.org>
+        2020 - 2025	Jim Klimov <jimklimov+nu@gmail.com>
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -97,10 +99,12 @@ typedef struct {
 
 const char *upscli_strerror(UPSCONN_t *ups);
 
+/* NOTE: effectively only runs once; re-runs quickly skip out */
 int upscli_init(int certverify, const char *certpath, const char *certname, const char *certpasswd);
 int upscli_cleanup(void);
 
 int upscli_tryconnect(UPSCONN_t *ups, const char *host, uint16_t port, int flags, struct timeval *tv);
+/* blocking unless default timeout is specified, see also: upscli_init_default_timeout() */
 int upscli_connect(UPSCONN_t *ups, const char *host, uint16_t port, int flags);
 
 void upscli_add_host_cert(const char* hostname, const char* certname, int certverify, int forcessl);
@@ -136,6 +140,21 @@ int upscli_upserror(UPSCONN_t *ups);
 /* returns 1 if SSL mode is active for this connection */
 int upscli_ssl(UPSCONN_t *ups);
 
+/* Assign default upscli_connect() from string; return 0 if OK, or
+ * return -1 if parsing failed and current value was kept  */
+int upscli_set_default_timeout(const char *secs);
+/* If ptv!=NULL, populate it with a copy of last assigned internal timeout */
+void upscli_get_default_timeout(struct timeval *ptv);
+/* Initialize default upscli_connect() timeout from a number of sources:
+ * built-in (0 = blocking), envvar NUT_DEFAULT_CONNECT_TIMEOUT,
+ * or specified strings (may be NULL) most-preferred first.
+ * Returns 0 if any provided value was valid and applied,
+ * or if none were provided so the built-in default was applied;
+ * returns -1 if all provided values were not valid (so the built-in
+ * default was applied) - not necessarily fatal, rather useful to report.
+ */
+int upscli_init_default_timeout(const char *cli_secs, const char *config_secs, const char *default_secs);
+
 /* upsclient error list */
 
 #define UPSCLI_ERR_NONE		-1	/* No known error (internally used in tools like upsmon, not set by upsclient.c) */