search

ExchangeUnion / xud

Exchange Union Daemon 🔁 ⚡️
https://exchangeunion.com
GNU Affero General Public License v3.0
115 stars 49 forks source link

feat: change master password #2007

Closed sangaman closed 3 years ago

sangaman commented 3 years ago

This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets.

Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd.

Closes #1981.

Note that this also introduces a framework for tracking a database's version and migrating from one version to the next when the database schema needs to be modified. The migrations consist of an array of methods that each are responsible for upgrading from a particular version, and they are run in sequence when we detect that the current database version is lower than the latest version.

The xucli command is changepass.

kilrau commented 3 years ago

add sentence after password changing lnd restart is required to Apply change to lnd.

Not needed since lnd is in unlocked state in this moment and continues to be fully functioning. Next time the environment/lnd restarts, the new password is active, I don't see any reason to trigger a restart / ask the user to restart lnd (and this is probably also the reason why the lightning labs team decided not to do that on lnd).

it would be good to support conception of password changing -> Enter old password -> Enter new password -> Re-enter new password. I dont like the idea that anyone can change password without any additional data if node is unlocked (even if anyone can withdraw all crypto if node is unlocked :) ).

Yep, agree (and lnd requires current password first too, it's convention):

lncli changepassword
Input current wallet password: 
Input new wallet password: 
Confirm new wallet password:

suggestion: make wrapper on xud-docker side for changepass call that will restart lnds automatically;

As i said above, don't think that's needed.

got err when tried to unlock the node after password changing + my lnd were not unlocked on xud unlock (I unlocked it manually using old password)

Just to be clear what happened @sangaman : Roman used changepass of a running xud-docker env, which seemingly succeeded, then downed the env, borught it up again and unlocked with the new password. xud unlocked with new password, lnd didn't. Manually unlocking lnd with the OLD password worked. So somehow that password change for lnd covertly failed - that is the major bug to be fixed.

sangaman commented 3 years ago

add sentence after password changing lnd restart is required to Apply change to lnd.

Not needed since lnd is in unlocked state in this moment and continues to be fully functioning. Next time the environment/lnd restarts, the new password is active, I don't see any reason to trigger a restart / ask the user to restart lnd (and this is probably also the reason why the lightning labs team decided not to do that on lnd).

This was more or less what I thought, since we're not expecting the user to be unlocking lnd manually I didn't think a message was necessary. I did think about possibly adding a message like "lnd passwords will be changed next time xud is unlocked" maybe, thoughts?

it would be good to support conception of password changing -> Enter old password -> Enter new password -> Re-enter new password. I dont like the idea that anyone can change password without any additional data if node is unlocked (even if anyone can withdraw all crypto if node is unlocked :) ).

I skipped this step because the original password is already needed to unlock xud before changing the password is allowed, but I can add it in since both you and kilrau thought this.

I'm looking into why the lnd passwords weren't changed now.

kilrau commented 3 years ago

I did think about possibly adding a message like "lnd passwords will be changed next time xud is unlocked" maybe, thoughts?

:+1:

I skipped this step because the original password is already needed to unlock xud before changing the password is allowed, but I can add it in since both you and kilrau thought this.

Yes, for the sake of being in line with lnd and others

sangaman commented 3 years ago

Feedback applied and the bug with changing lnd password was fixed, apparently taking the encrypted bytes and converting them to utf8, then back to bytes before decrypting doesn't work. But using base64 does work. I'm storing the old password in the database as encrypted text, so now it's base64 text instead of utf8. Tested in my docker setup and lnd passwords change successfully.

Changing the password now requires the old password as well and a message of passwords for lnd wallets will be changed the next time xud is restarted and unlocked is printed in the cli after a successful password change,

raladev commented 3 years ago

success


- [ ] now, after password changing and restart my lnds have such status (use steps from previous comment, also u can use pwd2 branch of xud-docker to try - `bash xud.sh -b pwd2`)

2 UNKNOWN: verification failed: signature mismatch after caveat verification

![Screenshot from 2020-11-27 15-35-06](https://user-images.githubusercontent.com/29906866/100450349-8bad9980-30c6-11eb-9003-d99b1d49bc0b.png)

xud logs:

27/11/2020 12:33:16.285 [LND-BTC] info: new status: Unlocked 27/11/2020 12:33:16.285 [LND-BTC] info: password changed & wallet unlocked 27/11/2020 12:33:16.318 [LND-LTC] info: new status: Unlocked 27/11/2020 12:33:16.318 [LND-LTC] info: password changed & wallet unlocked 27/11/2020 12:33:18.018 [CONNEXT] info: trying to verify connection to connext 27/11/2020 12:33:18.392 [CONNEXT] error: connext server error 500: Internal Server Error 27/11/2020 12:33:18.394 [CONNEXT] error: could not verify connection to connext, retrying in 5000 ms: 8.5 - connext server error 500: Internal Server Error 27/11/2020 12:33:18.840 [P2P] debug: Connected pre-handshake to 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268@ntnfdfyugluvt5eh2yhuftpuobfmkzhtnye7akhu32ahnophi3ddzsad.onion:28885 27/11/2020 12:33:19.021 [P2P] debug: Peer 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268@ntnfdfyugluvt5eh2yhuftpuobfmkzhtnye7akhu32ahnophi3ddzsad.onion:28885 session in-encryption enabled 27/11/2020 12:33:19.069 [P2P] debug: Peer 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268 (MessageNaive) session out-encryption enabled 27/11/2020 12:33:19.070 [P2P] verbose: opened connection to 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268 (MessageNaive) at ntnfdfyugluvt5eh2yhuftpuobfmkzhtnye7akhu32ahnophi3ddzsad.onion:28885 27/11/2020 12:33:19.383 [P2P] verbose: received 3 nodes (0 new) from 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268 (MessageNaive) 27/11/2020 12:33:20.088 [P2P] debug: received order bb5155b0-30ac-11eb-ac6b-c10519dd9b23 for deactivated trading pair 27/11/2020 12:33:20.089 [P2P] debug: received order bb51a3d0-30ac-11eb-ac6b-c10519dd9b23 for deactivated trading pair 27/11/2020 12:33:20.660 [LND-LTC] info: trying to verify connection to lnd at lndltc:10009 27/11/2020 12:33:20.660 [LND-BTC] info: trying to verify connection to lnd at lndbtc:10009 27/11/2020 12:33:20.666 [LND-BTC] error: could not verify connection at lndbtc:10009, error: {"code":2,"metadata":{"_internal_repr":{},"flags":0},"details":"verification failed: signature mismatch after caveat verification"}, retrying in 5000 ms 27/11/2020 12:33:20.669 [LND-LTC] error: could not verify connection at lndltc:10009, error: {"code":2,"metadata":{"_internal_repr":{},"flags":0},"details":"verification failed: signature mismatch after caveat verification"}, retrying in 5000 ms Nov 27 12:33:22.000 [notice] Closed 1 streams for service [scrubbed].onion for reason resolve failed. Fetch status: No more HSDir available to query. 27/11/2020 12:33:22.525 [P2P] warn: could not open connection to outbound peer (025b2b4bfc5fef0bb164a60d29355828bffd4bf33378d88fbf5613f9397e3c5fea@u3bpgzigngvf4h37jk6ie2rv6ixvpsyppq57fwvs2zg6cagwzvuobxad.onion:28885): could not connect to peer at u3bpgzigngvf4h37jk6ie2rv6ixvpsyppq57fwvs2zg6cagwzvuobxad.onion:28885: Socks5 proxy rejected connection - HostUnreachable 27/11/2020 12:33:22.526 [P2P] debug: creating new outbound socket connection to u3bpgzigngvf4h37jk6ie2rv6ixvpsyppq57fwvs2zg6cagwzvuobxad.onion:28885 27/11/2020 12:33:23.289 [LND-BTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15) at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28) at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42) at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8) at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24) 27/11/2020 12:33:23.290 [LND-LTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15) at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28) at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42) at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8) at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24) 27/11/2020 12:33:23.294 [CONNEXT] error: connext server error 500: Internal Server Error 27/11/2020 12:33:23.357 [LND-BTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15) at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28) at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42) at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8) at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24) 27/11/2020 12:33:23.357 [LND-LTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15) at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28) at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42) at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8) at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24) 27/11/2020 12:33:23.360 [CONNEXT] error: connext server error 500: Internal Server Error

lndbtc logs (found nothing in it):

2020-11-27 12:33:16.338 [INF] LTND: Primary chain is set to: bitcoin 2020-11-27 12:33:17.012 [INF] LNWL: Opened wallet 2020-11-27 12:33:17.668 [INF] LNWL: The wallet has been unlocked without a time limit 2020-11-27 12:33:17.668 [INF] LTND: LightningWallet opened 2020-11-27 12:33:17.668 [DBG] LNWL: Birthday block has already been verified: height=215521, hash=0a8cb167f7ff20651ca82fba3348e1619cc92393bc9bce3fe9af39e8203ed339 2020-11-27 12:33:17.668 [DBG] LNWL: Waiting for chain backend to sync to tip 2020-11-27 12:33:17.671 [INF] SRVR: Proxying all network traffic via Tor (stream_isolation=true)! NOTE: Ensure the backend node is proxying over Tor as well 2020-11-27 12:33:17.672 [INF] HSWC: Restoring in-memory circuit state from disk 2020-11-27 12:33:17.672 [INF] HSWC: Payment circuits loaded: num_pending=0, num_open=0 2020-11-27 12:33:17.672 [INF] HSWC: Trimming open circuits for chan_id=219599:1:0, start_htlc_id=0 2020-11-27 12:33:17.675 [DBG] CRTR: Instantiating mission control with config: PenaltyHalfLife=1h0m0s, AprioriHopProbability=0.6, AprioriWeight=0.5 2020-11-27 12:33:17.675 [DBG] CRTR: Mission control state reconstruction started 2020-11-27 12:33:17.675 [DBG] CRTR: Mission control state reconstruction finished: n=0, time=4.853µs 2020-11-27 12:33:17.675 [DBG] SRVR: Instantiating payment session source with config: PaymentAttemptPenalty=100, MinRouteProbability=0.01 2020-11-27 12:33:17.687 [DBG] CHBU: Crafting backup for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) 2020-11-27 12:33:17.687 [INF] LTND: Channel backup proxy channel notifier starting 2020-11-27 12:33:17.687 [INF] ATPL: Instantiating autopilot with active=false, max_channels=5, allocation=0.600000, min_chan_size=20000, max_chan_size=16777215, private=false, min_confs=1, conf_target=3 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: SignRPC 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: WalletKitRPC 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: AutopilotRPC 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: ChainRPC 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: InvoicesRPC 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: RouterRPC 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: WatchtowerRPC 2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: WatchtowerClientRPC 2020-11-27 12:33:17.687 [DBG] SGNR: Signer RPC server successfully register with root gRPC server 2020-11-27 12:33:17.687 [DBG] ARPC: Autopilot RPC server successfully register with root gRPC server 2020-11-27 12:33:17.687 [DBG] RPCS: WatchtowerClient RPC server successfully registered with root gRPC server 2020-11-27 12:33:17.687 [DBG] RRPC: Router RPC server successfully register with root gRPC server 2020-11-27 12:33:17.687 [DBG] NTFR: ChainNotifier RPC server successfully register with root gRPC server 2020-11-27 12:33:17.687 [DBG] IRPC: Invoices RPC server successfully registered with root gRPC server 2020-11-27 12:33:17.687 [DBG] VRPC: Versioner RPC server successfully registered with root gRPC server 2020-11-27 12:33:17.687 [DBG] WLKT: WalletKit RPC server successfully registered with root gRPC server 2020-11-27 12:33:17.687 [DBG] RPCS: Starting sub RPC server: SignRPC 2020-11-27 12:33:17.687 [DBG] RPCS: Starting sub RPC server: AutopilotRPC 2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: WatchtowerRPC 2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: WatchtowerClientRPC 2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: RouterRPC 2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: ChainRPC 2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: InvoicesRPC 2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: VersionRPC 2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: WalletKitRPC 2020-11-27 12:33:17.688 [INF] RPCS: RPC server listening on 0.0.0.0:10009 2020-11-27 12:33:17.688 [DBG] SGNR: Signer REST server successfully registered with root REST server 2020-11-27 12:33:17.688 [DBG] ARPC: Autopilot REST server successfully registered with root REST server 2020-11-27 12:33:17.688 [DBG] RRPC: Router REST server successfully registered with root REST server 2020-11-27 12:33:17.688 [DBG] NTFR: ChainNotifier REST server successfully registered with root REST server 2020-11-27 12:33:17.688 [DBG] IRPC: Invoices REST server successfully registered with root REST server 2020-11-27 12:33:17.688 [DBG] VRPC: Versioner REST server successfully registered with root REST server 2020-11-27 12:33:17.688 [DBG] WLKT: WalletKit REST server successfully registered with root REST server 2020-11-27 12:33:17.688 [INF] LTND: Waiting for chain backend to finish sync, start_height=220956 2020-11-27 12:33:17.688 [INF] RPCS: gRPC proxy started at 0.0.0.0:8080 2020-11-27 12:33:18.669 [DBG] LNWL: Chain backend synced to tip! 2020-11-27 12:33:18.714 [DBG] BTCN: Starting rescan from known block 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca) 2020-11-27 12:33:18.715 [INF] BTCN: Registering block subscription: id=2 2020-11-27 12:33:18.715 [DBG] BTCN: Delivering backlog of block notifications: id=2, start_height=220956, end_height=220956 2020-11-27 12:33:18.715 [DBG] BTCN: Rescan became current at 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca), subscribing to block notifications 2020-11-27 12:33:18.722 [INF] LNWL: Started rescan from block 1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f (height 220953) for 0 addresses 2020-11-27 12:33:18.722 [INF] BTCN: Canceling block subscription: id=2 2020-11-27 12:33:18.722 [DBG] BTCN: Starting rescan from known block 220953 (1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f) 2020-11-27 12:33:18.722 [INF] LNWL: Catching up block hashes to height 220954, this might take a while 2020-11-27 12:33:18.722 [INF] BTCN: Registering block subscription: id=3 2020-11-27 12:33:18.722 [DBG] BTCN: Delivering backlog of block notifications: id=3, start_height=220956, end_height=220956 2020-11-27 12:33:18.722 [DBG] BTCN: Rescan became current at 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca), subscribing to block notifications 2020-11-27 12:33:18.723 [INF] LNWL: Done catching up block hashes 2020-11-27 12:33:18.723 [INF] LNWL: Rescanned through block 1488167ea6eb3ba2c467a4140527f7687f9bcf31fc9c9ceb7776cc6f53301d6c (height 220954) 2020-11-27 12:33:18.725 [INF] LNWL: Catching up block hashes to height 220956, this might take a while 2020-11-27 12:33:18.726 [INF] LNWL: Done catching up block hashes 2020-11-27 12:33:18.726 [INF] LNWL: Finished rescan for 0 addresses (synced to block 4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca, height 220956) 2020-11-27 12:33:19.689 [INF] LTND: Chain backend is fully synced (end_height=220956)! 2020-11-27 12:33:19.689 [WRN] HLCK: check: chain backend configured with 0 attempts, skipping it 2020-11-27 12:33:19.689 [WRN] HLCK: check: disk space configured with 0 attempts, skipping it 2020-11-27 12:33:19.690 [INF] PRNF: PeerNotifier starting 2020-11-27 12:33:19.690 [DBG] BTCN: Starting rescan from known block 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca) 2020-11-27 12:33:19.690 [INF] BTCN: Registering block subscription: id=4 2020-11-27 12:33:19.690 [DBG] BTCN: Delivering backlog of block notifications: id=4, start_height=220956, end_height=220956 2020-11-27 12:33:19.690 [DBG] BTCN: Rescan became current at 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca), subscribing to block notifications 2020-11-27 12:33:19.693 [INF] HSWC: Starting HTLC Switch 2020-11-27 12:33:19.693 [INF] NTFN: New block epoch subscription 2020-11-27 12:33:19.693 [INF] NTFN: New block epoch subscription 2020-11-27 12:33:19.696 [INF] NTFN: New block epoch subscription 2020-11-27 12:33:19.696 [INF] NTFN: New block epoch subscription 2020-11-27 12:33:19.698 [INF] CNCT: Creating ChannelArbitrators for 1 active channels 2020-11-27 12:33:19.698 [DBG] CNCT: New ChainEventSubscription(id=0) for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) 2020-11-27 12:33:19.698 [INF] NTFN: New block epoch subscription 2020-11-27 12:33:19.698 [DBG] CNCT: Starting chain watcher for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) 2020-11-27 12:33:19.698 [DBG] NTFN: Using height hint 220953 retrieved from cache for outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81 instead of 219599 2020-11-27 12:33:19.698 [INF] NTFN: New spend subscription: spend_id=1, outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81, height_hint=220953 2020-11-27 12:33:19.699 [INF] NTFN: Dispatching historical spend rescan for outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81, start=220953, end=220956 2020-11-27 12:33:19.699 [DBG] BTCN: Enqueuing request for 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0 with birth height 220953 2020-11-27 12:33:19.699 [INF] CNCT: Close observer for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) active 2020-11-27 12:33:19.699 [DBG] CNCT: Starting ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0), htlc_set=(map[contractcourt.HtlcSetKey]contractcourt.htlcSet) (len=2) { (contractcourt.HtlcSetKey) LocalHtlcSet: (contractcourt.htlcSet) { incomingHTLCs: (map[uint64]channeldb.HTLC) { }, outgoingHTLCs: (map[uint64]channeldb.HTLC) { } }, (contractcourt.HtlcSetKey) RemoteHtlcSet: (contractcourt.htlcSet) { incomingHTLCs: (map[uint64]channeldb.HTLC) { }, outgoingHTLCs: (map[uint64]channeldb.HTLC) { } } }

2020-11-27 12:33:19.699 [DBG] BTCN: Fetching block height=220953 hash=1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f 2020-11-27 12:33:19.699 [INF] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): starting state=StateDefault, trigger=chainTrigger, triggerHeight=220956 2020-11-27 12:33:19.700 [DBG] BTCN: Sending getdata (witness block 1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f) to 35.231.222.142:38555 (outbound) 2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): new block (height=220956) examining active HTLC's 2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): checking commit chain actions at height=220956, in_htlc_count=0, out_htlc_count=0 2020-11-27 12:33:19.700 [INF] DISC: Authenticated Gossiper is starting 2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): new block (height=220956) examining active HTLC's 2020-11-27 12:33:19.700 [INF] BRAR: Starting contract observer, watching for breaches. 2020-11-27 12:33:19.700 [DBG] DISC: Requesting online notification for peer=0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf 2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): checking commit chain actions at height=220956, in_htlc_count=0, out_htlc_count=0 2020-11-27 12:33:19.700 [INF] NTFN: New block epoch subscription 2020-11-27 12:33:19.700 [INF] CRTR: Examining channel graph for zombie channels 2020-11-27 12:33:19.701 [DBG] DISC: New block: height=220956, hash=4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca 2020-11-27 12:33:19.702 [DBG] CHDB: ChanUpdatesInHorizon hit percentage: 0.000000 (0/11) 2020-11-27 12:33:19.702 [INF] CRTR: Pruning 0 zombie channels 2020-11-27 12:33:19.705 [DBG] INVC: Adding 0 pending invoices to the expiry watcher 2020-11-27 12:33:19.709 [INF] CHFT: Adding 1 channels to event store 2020-11-27 12:33:19.709 [INF] CHBU: Starting chanbackup.SubSwapper 2020-11-27 12:33:19.710 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): starting local commitment: (lnwallet.commitment)(0xc0006fa240)({ height: (uint64) 0, isOurs: (bool) true, ourMessageIndex: (uint64) 0, theirMessageIndex: (uint64) 0, ourHtlcIndex: (uint64) 0, theirHtlcIndex: (uint64) 0, txn: (wire.MsgTx)(0xc000732f00)({ Version: (int32) 2, TxIn: ([]wire.TxIn) (len=1 cap=1) { (wire.TxIn)(0xc000739e00)({ PreviousOutPoint: (wire.OutPoint) 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, SignatureScript: ([]uint8) { }, Witness: (wire.TxWitness) , Sequence: (uint32) 2149753635 }) }, TxOut: ([]wire.TxOut) (len=2 cap=2) { (wire.TxOut)(0xc000732f40)({ Value: (int64) 249990950, PkScript: ([]uint8) (len=22 cap=22) { 00000000 00 14 f2 f3 55 5c 8e 84 54 23 18 d1 60 8c 1c 16 |....U..T#.....| 00000010 e4 2d ea 0d 45 96 |.-..E.| } }), (*wire.TxOut)(0xc000732f60)({ Value: (int64) 250000000, PkScript: ([]uint8) (len=34 cap=34) { 00000000 00 20 d7 e9 3d 9c f5 cc 9c 8b c9 1b 5d ab e3 85 |. ..=.......]...| 00000010 c9 24 cd 5c e2 f4 4c ab 4a 2b 60 cb 97 4b 4c a3 |.$.\..L.J+..KL.| 00000020 b0 c0 |..| } }) }, LockTime: (uint32) 540672159 }), sig: ([]uint8) (len=71 cap=71) { 00000000 30 45 02 21 00 c4 ac 0c e0 d7 01 a3 12 55 7a f2 |0E.!.........Uz.| 00000010 33 f6 20 4f 9e d8 93 42 2a 0a 9c c8 38 c7 9b 0a |3. O...B...8...| 00000020 15 41 43 4c 76 02 20 58 9d 87 91 84 52 10 b9 59 |.ACLv. X....R..Y| 00000030 11 e7 f0 2b 16 b8 57 d1 4a 9e 10 7d e4 d6 f5 fe |...+..W.J..}....| 00000040 1c 99 c3 27 de fe 1b |...'...| }, ourBalance: (lnwire.MilliSatoshi) 250000000000 mSAT, theirBalance: (lnwire.MilliSatoshi) 249990950000 mSAT, fee: (btcutil.Amount) 0.0000905 BTC, feePerKw: (chainfee.SatPerKWeight) 12500 sat/kw, dustLimit: (btcutil.Amount) 0.00000573 BTC, outgoingHTLCs: ([]lnwallet.PaymentDescriptor) , incomingHTLCs: ([]lnwallet.PaymentDescriptor) , outgoingHTLCIndex: (map[int32]lnwallet.PaymentDescriptor) , incomingHTLCIndex: (map[int32]*lnwallet.PaymentDescriptor) })

2020-11-27 12:33:19.714 [WRN] CHBU: Replacing disk backup for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) w/ newer version 2020-11-27 12:33:19.716 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): starting remote commitment: (lnwallet.commitment)(0xc000ef2000)({ height: (uint64) 0, isOurs: (bool) false, ourMessageIndex: (uint64) 0, theirMessageIndex: (uint64) 0, ourHtlcIndex: (uint64) 0, theirHtlcIndex: (uint64) 0, txn: (wire.MsgTx)(0xc000732f80)({ Version: (int32) 2, TxIn: ([]wire.TxIn) (len=1 cap=1) { (wire.TxIn)(0xc000739e60)({ PreviousOutPoint: (wire.OutPoint) 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, SignatureScript: ([]uint8) { }, Witness: (wire.TxWitness) , Sequence: (uint32) 2149753635 }) }, TxOut: ([]wire.TxOut) (len=2 cap=2) { (wire.TxOut)(0xc000732fc0)({ Value: (int64) 249990950, PkScript: ([]uint8) (len=34 cap=34) { 00000000 00 20 b5 fc 24 81 8a 4d dd 97 e9 0f 22 0a 39 ef |. ..$..M....".9.| 00000010 40 61 41 27 d4 55 bc d3 f1 af 4d 17 d6 e9 58 0b |@aA'.U....M...X.| 00000020 ca 2f |./| } }), (wire.TxOut)(0xc000732fe0)({ Value: (int64) 250000000, PkScript: ([]uint8) (len=22 cap=22) { 00000000 00 14 16 b7 2b 22 f7 0a a2 d2 22 43 1f 62 e2 09 |....+"...."C.b..| 00000010 2c ac 40 24 16 fe |,.@$..| } }) }, LockTime: (uint32) 540672159 }), sig: ([]uint8) { }, ourBalance: (lnwire.MilliSatoshi) 250000000000 mSAT, theirBalance: (lnwire.MilliSatoshi) 249990950000 mSAT, fee: (btcutil.Amount) 0.0000905 BTC, feePerKw: (chainfee.SatPerKWeight) 12500 sat/kw, dustLimit: (btcutil.Amount) 0.00000573 BTC, outgoingHTLCs: ([]lnwallet.PaymentDescriptor) , incomingHTLCs: ([]lnwallet.PaymentDescriptor) , outgoingHTLCIndex: (map[int32]lnwallet.PaymentDescriptor) , incomingHTLCIndex: (map[int32]*lnwallet.PaymentDescriptor) })

2020-11-27 12:33:19.717 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): Restoring 0 dangling remote updates 2020-11-27 12:33:19.718 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): Restoring 0 local updates that the peer should sign 2020-11-27 12:33:19.718 [DBG] FNDG: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) with chan_id=4989142fe6acff1db9f91de130376a488ce5e7e42152bf473f02f05d62bf379c not found in opening database, assuming already announced to the network 2020-11-27 12:33:19.717 [INF] CHBU: Updating backup file at /root/.lnd/data/chain/bitcoin/simnet/channel.backup 2020-11-27 12:33:19.720 [INF] CHBU: Swapping old multi backup file from /root/.lnd/data/chain/bitcoin/simnet/temp-dont-use.backup to /root/.lnd/data/chain/bitcoin/simnet/channel.backup 2020-11-27 12:33:19.721 [INF] BTCN: Server listening on [::]:29735 2020-11-27 12:33:19.721 [DBG] CHBU: SubSwapper's backupUpdater is active! 2020-11-27 12:33:19.724 [DBG] SRVR: Attempting persistent connection to channel peer 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@b3y7xoflerllrmzharns7xqvke6w752nhe6dofvspsoxzay7pfa3ehyd.onion:29735 2020-11-27 12:33:19.724 [DBG] SRVR: Attempting persistent connection to channel peer 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 2020-11-27 12:33:19.724 [INF] SRVR: Auto peer bootstrapping is disabled 2020-11-27 12:33:19.725 [DBG] BTCN: Attempting to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2) 2020-11-27 12:33:19.725 [DBG] BTCN: Attempting to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@b3y7xoflerllrmzharns7xqvke6w752nhe6dofvspsoxzay7pfa3ehyd.onion:29735 (reqid 1) 2020-11-27 12:33:19.727 [DBG] BTCN: Failed to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2): socks connect tcp 127.0.0.1:9050->127.0.0.1:45868: unknown error general SOCKS server failure 2020-11-27 12:33:19.727 [DBG] BTCN: Retrying connection to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2) in 5s 2020-11-27 12:33:20.143 [DBG] BTCN: Received block (hash 1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f, ver 536870912, 1 tx, 2020-11-27 12:29:33 +0000 UTC) from 35.231.222.142:38555 (outbound) 2020-11-27 12:33:20.143 [DBG] BTCN: Processing block height=220953 hash=1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f 2020-11-27 12:33:20.143 [DBG] BTCN: Adding outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0 height=220953 to watchlist 2020-11-27 12:33:20.143 [DBG] BTCN: Outpoint 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0 not found in block 220953 2020-11-27 12:33:20.144 [DBG] BTCN: Fetching filters for heights=[220954, 220956], stophash=4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca 2020-11-27 12:33:20.144 [DBG] BTCN: Sending getcfilters to 35.231.222.142:38555 (outbound) 2020-11-27 12:33:20.353 [DBG] BTCN: Received cfilter from 35.231.222.142:38555 (outbound) 2020-11-27 12:33:20.353 [DBG] BTCN: Received cfilter from 35.231.222.142:38555 (outbound) 2020-11-27 12:33:20.353 [DBG] BTCN: Received cfilter from 35.231.222.142:38555 (outbound) 2020-11-27 12:33:20.353 [DBG] BTCN: Finished batch, 1 unspent outpoints 2020-11-27 12:33:20.366 [DBG] NTFN: Updated spend hint to height=220956 for unconfirmed spend request outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81 2020-11-27 12:33:24.728 [DBG] BTCN: Attempting to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2)

raladev commented 3 years ago

Steps:

  1. bash xud.sh -b pwd2
  2. create wallet, wait for channels (if u have no, i used old env)
  3. changepass ->set new pass
  4. down (stop and remove all containers)
  5. bash xud.sh -b pwd2 - start env again -> create new containers

Actual result:

The following wallets could not be unlocked: BTC, LTC (but it was unlocked, i checked it directly. Just xud cant detect lnd, maybe because of macaroon update) Screenshot from 2020-11-27 22-19-48 Screenshot from 2020-11-27 22-19-11

Note: Only after additional xud restart, status of lnd becomes to normal Screenshot from 2020-11-27 22-20-07

sangaman commented 3 years ago

OK this should be good to go now, it passes my tests using the pwd2 docker branch and repeating the steps listed above. There were two more hurdles I had to overcome.

  1. lnd recreates the macaroons after the password is changed. Xud therefore needs to reload the macaroons from disk after changing the password.

  2. lnd does not immediately recreate the macaroons after responding to the CreatePassword call, so I had to create a file watch to wait for the admin.macaroon file to change before reloading them.

With the above concerns addressed, changing the master password plays nice with xud without needing any extra restarts.

erkarl commented 3 years ago

Should we display a different error message when xud and lnd are running in noencrypt mode?

➜  xud git:(change-pass) ✗ ./bin/xucli changepass
You are changing the master password for xud and underlying wallets.
Enter old password:
Enter new password:
Re-enter password:

Error: 3 INVALID_ARGUMENT: old password is incorrect
kilrau commented 3 years ago

Good catch - yes we should

erkarl commented 3 years ago

LGTM, just minor nit: https://github.com/ExchangeUnion/xud/pull/2007#issuecomment-735727206

sangaman commented 3 years ago

I added a better error message when xud is in noencrypt mode, and I left the message in the cli about when the lnd passwords will change per our discussion earlier today. Just needs an approval and we can merge.