Commit Graph

1436 Commits

Author SHA1 Message Date
Konstantin Akimov
ae051bb6e0
Merge #17260: Split some CWallet functions into new LegacyScriptPubKeyMan (#4938)
* Move wallet enums to walletutil.h

* MOVEONLY: Move key handling code out of wallet to keyman file

Start moving wallet and ismine code to scriptpubkeyman.h, scriptpubkeyman.cpp

The easiest way to review this commit is to run:

   git log -p -n1 --color-moved=dimmed_zebra

And check that everything is a move (other than includes and copyrights comments).

This commit is move-only and doesn't change code or affect behavior.

* Refactor: Split up CWallet and LegacyScriptPubKeyMan and classes

This moves CWallet members and methods dealing with keys to a new
LegacyScriptPubKeyMan class, and updates calling code to reference the new
class instead of CWallet.

Most of the changes are simple text replacements and variable substitutions
easily verified with:

    git log -p -n1 -U0 --word-diff-regex=.

The only nontrivial chunk of code added is the new LegacyScriptPubKeyMan class
declaration, but this code isn't new and is just selectively copied and moved
from the previous CWallet class declaration. This can be verified with:

    git log -p -n1 --color-moved=dimmed_zebra src/wallet/scriptpubkeyman.h src/wallet/wallet.h

or

    git diff HEAD~1:src/wallet/wallet.h HEAD:src/wallet/scriptpubkeyman.h

This commit does not change behavior.

* Renamed classes in scriptpubkeyman

* Fixes for conflicts, compilation and linkage errors due to previous commits

* Reordered methods in scriptpubkeyman to make further backports easier

* Reordered methods in scriptpubkeyman to make further backports easier (part II)

* Remove HDChain copy from SigningProvider class

* fixes/suggestions

Co-authored-by: Andrew Chow <achow101-github@achow101.com>
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-08-08 11:05:21 -05:00
Kittywhiskers Van Gogh
bb7d6aed99
refactor(llmq): substitute memberless class llmq::CLLMQUtils with namespace llmq::utils (#4931)
* refactor(llmq): substitute memberless class llmq::CLLMQUtils with namespace llmq::utils

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

* chore: mark functions internal to `llmq::utils` as `static`

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-08-02 12:14:25 -05:00
UdjinM6
5a5278d398
fix/test: Count MN connections properly, add more tests for getnetworkinfo (#4928)
* fix: Count MN connections properly

* tests: check extended connections info returned via getnetworkinfo
2022-07-26 00:38:07 +03:00
UdjinM6
666859b47f
feat(llmq): Ensure connections between IS quorums (#4917)
* fix(llmq): Ensure connections between quorums

Every masternode will now "watch" a single node from _every other_ quorum in addition to intra-quorum connections. This should make propagation of recsigs produced by one quorum to other quorums much more reliable.

* fix: Do this only for masternodes which participate in IS quorums

* refactor: rename `CQuorumManager::EnsureQuorumConnections` to better match the actual behaviour

(and avoid confusion with `CLLMQUtils::EnsureQuorumConnections`)

* refactor: move IS quorums watch logic into `CQuorumManager::CheckQuorumConnections`

avoid calling slow `ScanQuorums` (no caching atm) inside the loop

* tests: check that inter-quorum connections are added

* use `ranges::any_of`
2022-07-18 22:26:51 +03:00
UdjinM6
0d67aa1915
fix: Pass KeyOriginInfo instead of CKeyMetadata to DeriveChildExtKey (#4918)
Resolves "hdchain -> wallet/walletdb -> ... -> hdchain" circular dependencies
2022-07-18 16:56:33 +03:00
Kittywhiskers Van Gogh
0d5a7929ac partial bitcoin#18047: Add basic fuzzing harness for CNetAddr/CService/CSubNet related functions (netaddress.h) 2022-07-15 21:09:53 +05:30
UdjinM6
32051a35c0
fix(llmq): mark mns "bad" based on the failed connect attempts count (#4910)
* fix(llmq): mark mns "bad" based on the failed connect attempts count

Avoid using "last success time" as a proxy

* fix(tests): tweak feature_llmq_simplepose.py
2022-07-14 21:38:02 +03:00
Konstantin Akimov
0a951622f1
Bitcoin backport #16227 refactoring CWallet (#4903)
* Add HaveKey and HaveCScript to SigningProvider

* Remove CKeyStore and squash into CBasicKeyStore

* Move HaveKey static function from keystore to rpcwallet where it is used

* scripted-diff: rename CBasicKeyStore to FillableSigningProvider

-BEGIN VERIFY SCRIPT-
git grep -l "CBasicKeyStore" | xargs sed -i -e 's/CBasicKeyStore/FillableSigningProvider/g'
-END VERIFY SCRIPT-

* Move KeyOriginInfo to its own header file

* Move various SigningProviders to signingprovider.{cpp,h}

Moves all of the various SigningProviders out of sign.{cpp,h} and
keystore.{cpp,h}. As such, keystore.{cpp,h} is also removed.

Includes and the Makefile are updated to reflect this. Includes were largely
changed using:
git grep -l "keystore.h" | xargs sed -i -e 's;keystore.h;script/signingprovider.h;g'

* Remove CCryptoKeyStore and move all of it's functionality into CWallet

Instead of having a separate CCryptoKeyStore that handles the encryption
stuff, just roll it all into CWallet.

* Fixed cases of mess CWallet functions with CCryptoKeyStore and conflicts

* Move WatchOnly stuff from SigningProvider to CWallet

* Fixes for lint cirtular dependencies to calm linter

Co-authored-by: Andrew Chow <achow101-github@achow101.com>
2022-07-12 22:46:31 -05:00
PastaPastaPasta
eefdae1a53
Merge pull request #4829 from kittywhiskers/fuzz2
backport: bitcoin#18417, #18521, #18529, #18176, #18423, #17926, #18353, #18407, #18455, #18565, #18867 (fuzzing harness backports: part 2)
2022-07-12 12:32:28 -04:00
UdjinM6
a483122f5f
fix(net): Extend blocks-relay-only to also ignore some Dash-specific messages/invs (#4888)
* fix(net): Extend blocks-relay-only to also ignore some Dash-specific messages/invs

* Clarify few things
2022-07-07 18:11:38 +03:00
Kittywhiskers Van Gogh
d807cc7a8a merge bitcoin#17926: Add key_io fuzzing harness. Fuzz additional functions in existing fuzzing harnesses 2022-07-06 21:48:10 +05:30
Kittywhiskers Van Gogh
af2984b2ae merge bitcoin#18923: Never schedule MaybeCompactWalletDB when -flushwallet is off
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-07-03 00:14:47 +05:30
Kittywhiskers Van Gogh
e235d834da merge bitcoin#20671: Replace boost::optional with std::optional 2022-07-03 00:14:47 +05:30
UdjinM6
44d095b59c
Merge pull request #4880 from PastaPastaPasta/backports-19754
backport: 19754 and necessary pre-reqs
2022-07-02 21:01:26 +03:00
UdjinM6
def2e98d61
Merge pull request #4898 from PastaPastaPasta/backport-18530
Merge #18530: Add test for -blocksonly and -whitelistforcerelay param interaction
2022-06-30 22:06:15 +03:00
PastaPastaPasta
d89de3a2fa
Merge pull request #4866 from Munkybooty/backports-0.20-pr4
Backports 0.20 pr4
2022-06-30 10:08:59 -05:00
MarcoFalke
4d6f0cd2f2
Merge #18530: Add test for -blocksonly and -whitelistforcerelay param interaction
0ea5d70b4756f376342417e0019490233cb4a918 Updated comment for the condition where a transaction relay is denied (glowang)
be01449cc8eb7bb97531a967f5d1dcc7b8865d1e Add test for param interaction b/w -blocksonly and -whitelistforcerelay (glowang)

Pull request description:

  Related to: #18428

  When -blocksonly is turned on, a node would still relay transactions from whitelisted peers. This funcitonality has not been tested.

ACKs for top commit:
  MarcoFalke:
    ACK 0ea5d70b4756f376342417e0019490233cb4a918

Tree-SHA512: 4e99c88281cb518cc67f5f3be7171a7b413933047b5d24a04bb3ff2210a82e914d69079f64cd5bac9206ec435e21a622c8e69cedbc2ccb39d2328ac5c01668e5
2022-06-29 10:14:58 -05:00
Odysseas Gabrielides
088d7f2ec5
fix: Faster feature_llmq_rotation.py + introduction of llmq_devnet_dip0024 (#4878)
* Added LLMQ_DEVNET_V2

* Faster feature_llmq_rotation func test

* Updated llmq_devnet_dip0024

* Adjusted parameters

* Better comments

* Re-adjusted rotated llmq params
2022-06-28 19:14:09 -05:00
UdjinM6
ac7ed67d30
Merge pull request #4889 from PastaPastaPasta/develop-trivial-2022-06-18
Develop trivial 2022 06 18
2022-06-27 22:57:55 +03:00
PastaPastaPasta
c3f5f81a44
Merge pull request #4891 from kittywhiskers/antispam_bps
backport: bitcoin#15141, #19219 (rewrite DoS interface, use discouragement filter)
2022-06-22 17:11:56 -07:00
Vijay
6df949628f
Merge #15427: Add support for descriptors to utxoupdatepsbt (#4656)
26fe9b990995f9cb5eee21d40b4daaad19f7181f Add support for descriptors to utxoupdatepsbt (Pieter Wuille)
3135c1a2d2e2fb31bc362c848bd2456d576e408b Abstract out UpdatePSBTOutput from FillPSBT (Pieter Wuille)
fb90ec3c33e824f5abb6a68452c683d6ce8b3e4a Abstract out EvalDescriptorStringOrObject from scantxoutset (Pieter Wuille)
eaf4f887348a08c620732125ad4430e1a133d434 Abstract out IsSegWitOutput from utxoupdatepsbt (Pieter Wuille)

Pull request description:

  This adds a descriptors argument to the `utxoupdatepsbt` RPC. This means:
  * Input and output scripts and keys will be filled in when known.
  * P2SH-witness inputs will be filled in from the UTXO set when a descriptor is provided that shows they're spending segwit outputs.

  This also moves some (newly) shared code to separate functions: `UpdatePSBTOutput` (an analogue to `SignPSBTInput`), `IsSegWitOutput`, and `EvalDescriptorStringOrObject` (implementing the string or object notation parsing used in `scantxoutset`).

ACKs for top commit:
  jnewbery:
    utACK 26fe9b990995f9cb5eee21d40b4daaad19f7181f
  laanwj:
    utACK 26fe9b990995f9cb5eee21d40b4daaad19f7181f (will hold merging until response to promag's comments)
  promag:
    ACK 26fe9b9, checked refactors and tests look comprehensive. Still missing a release note but can be added later.

Tree-SHA512: 1d833b7351b59d6c5ded6da399ff371a8a2a6ad04c0a8f90e6e46105dc737fa6f2740b1e5340280d59e01f42896c40b720c042f44417e38dfbee6477b894b245

Co-authored-by: Wladimir J. van der Laan <laanwj@gmail.com>
2022-06-22 16:42:19 -07:00
Kittywhiskers Van Gogh
f14bf83a9d merge bitcoin#15141: Rewrite DoS interface between validation and net_processing
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-06-21 19:11:26 +05:30
PastaPastaPasta
7f3c8c399e merge #15937: Add loadwallet and createwallet load_on_startup options
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-06-21 19:08:56 +05:30
PastaPastaPasta
e1d8dfba06 merge #15935: Add <datadir>/settings.json persistent settings storage
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-06-21 19:08:55 +05:30
PastaPastaPasta
b9efbdeab7 merge #16115: On bitcoind startup, write config args to debug.log
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-06-21 19:08:55 +05:30
Konstantin Akimov
ef3f738f6f
Merge bitcoin#15759: p2p: Add 2 outbound block-relay-only connections (#4862)
* Remove unused variable

* [refactor] Move tx relay state to separate structure

* [refactor] Change tx_relay structure to be unique_ptr

* Check that tx_relay is initialized before access

* Add comment explaining intended use of m_tx_relay

* Add 2 outbound block-relay-only connections

Transaction relay is primarily optimized for balancing redundancy/robustness
with bandwidth minimization -- as a result transaction relay leaks information
that adversaries can use to infer the network topology.

Network topology is better kept private for (at least) two reasons:

(a) Knowledge of the network graph can make it easier to find the source IP of
a given transaction.

(b) Knowledge of the network graph could be used to split a target node or
nodes from the honest network (eg by knowing which peers to attack in order to
achieve a network split).

We can eliminate the risks of (b) by separating block relay from transaction
relay; inferring network connectivity from the relay of blocks/block headers is
much more expensive for an adversary.

After this commit, bitcoind will make 2 additional outbound connections that
are only used for block relay. (In the future, we might consider rotating our
transaction-relay peers to help limit the effects of (a).)

* Don't relay addr messages to block-relay-only peers

We don't want relay of addr messages to leak information about
these network links.

* doc: improve comments relating to block-relay-only peers

* Disconnect peers violating blocks-only mode

If we set fRelay=false in our VERSION message, and a peer sends an INV or TX
message anyway, disconnect. Since we use fRelay=false to minimize bandwidth,
we should not tolerate remaining connected to a peer violating the protocol.

* net_processing. Removed comment + fixed formatting

* Refactoring net_processing, removed duplicated code

* Refactor some bool in a many-arguments function to enum

It's made to avoid possible typos with arguments, because some of them have default values and it's very high probability to make a mistake here.

* Added UI debug option for Outbound

* Fixed data race related to `setInventoryTxToSend`, introduced in `[refactor] Move tx relay state to separate structure`

Co-authored-by: Suhas Daftuar <sdaftuar@gmail.com>
2022-06-18 23:02:28 -07:00
fanquake
1ce15a1ac6
Merge #20430: sanitizers: Add suppression for unsigned-integer-overflow in libstdc++
0f020cdf0a8c3c88499c96522470e2e5e79f27fa sanitizers: Add suppression for unsigned-integer-overflow in libstdc++ basic_string.tcc (Jonas Schnelli)

Pull request description:

  Reported here: https://bitcoinbuilds.org/logs/e35cd579-0f0f-47e4-b49a-4ceba8ff9830.log
  Issue: https://github.com/gcc-mirror/gcc/blob/master/libstdc%2B%2B-v3/include/bits/basic_string.tcc#L1271

ACKs for top commit:
  MarcoFalke:
    cr ACK 0f020cdf0a8c3c88499c96522470e2e5e79f27fa
  practicalswift:
    cr ACK 0f020cdf0a8c3c88499c96522470e2e5e79f27fa

Tree-SHA512: e304259a1eed878263bd715b4d16c57f8974264c23ccd6799f85e8141b2eb0b5c6468a6452ffbc7334f57c1957b6e43bb248760b3c0718d93f092d57764d0a8f
2022-06-18 22:14:04 -07:00
fanquake
262671182d
Merge #17362: test: speed up wallet_avoidreuse, add logging
0e7c90eb37a687158c261ddd1ff9f1028a1e7012 test: speed up wallet_avoidreuse.py (Jon Atack)
6d50b2606ea9249627556051637080c3587b1b04 test: add logging to wallet_avoidreuse.py (Jon Atack)

Pull request description:

  Inspired by PRs #17340 and #15881.

  - add logging
  - pass -whitelist in `set_test_params` to speed up transaction relay

  `wallet_avoidreuse.py` is not intended to test P2P transaction relay/timing, so it should be fine to do this here. This reduces test run time variability and speeds up the test by 2-3 times on average.

  Test run times in seconds:

  - before: 20, 24, 22, 17, 27, 40, 30

  - after: 10, 10, 8, 9, 10, 7, 8

ACKs for top commit:
  MarcoFalke:
    ACK 0e7c90eb37a687158c261ddd1ff9f1028a1e7012 🐊
  fanquake:
    ACK 0e7c90eb37a687158c261ddd1ff9f1028a1e7012

Tree-SHA512: 6d954a0aaf402c9594201626b59d29263479059e68fa5155bb44ed973cd0c3347729dd78b78b4d5a2275e45da365dc1afb4cc7e3293dea33fcc2e3e83a39faf5
2022-06-18 22:14:01 -07:00
PastaPastaPasta
aa97e52f26
Merge pull request #4887 from knst/bc-bp-4
Bitcoin backports #13756 #15770 #17730 #17750 #17752 #17826 #17857 #15886
2022-06-18 20:23:31 -07:00
Kittywhiskers Van Gogh
282b02e6b2
rpc: split spork manipulation logic to distinct "sporkupdate" call (#4885)
* rpc: split spork manipulation logic to distinct "sporkupdate" call

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

* docs: add release notes for dash#4885

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-06-18 19:52:45 +03:00
MeshCollider
6099b4bf39 Merge #13756: wallet: "avoid_reuse" wallet flag for improved privacy
5ebc6b0eb267e0552c66fffc5e5afe7df8becf80 bitcoind: update -avoidpartialspends description to account for auto-enable for avoid_reuse wallets (Karl-Johan Alm)
ada258f8c8f92d44d893cf9f22d15acdeca40b1a doc: release notes for avoid_reuse (Karl-Johan Alm)
27669551da52099e4a6a401acd7aa32b32832423 wallet: enable avoid_partial_spends by default if avoid_reuse is set (Karl-Johan Alm)
8f2e208f7c0468f9ba92bc789a698281b1c81284 test: add test for avoidreuse feature (Karl-Johan Alm)
0bdfbd34cf4015de87741ff549db35e5064f4e16 wallet/rpc: add 'avoid_reuse' option to RPC commands (Karl-Johan Alm)
f904723e0d5883309cb0dd14b826bc45c5e776fb wallet/rpc: add setwalletflag RPC and MUTABLE_WALLET_FLAGS (Karl-Johan Alm)
8247a0da3a46d7c38943ee0304343ab7465305bd wallet: enable avoid_reuse feature (Karl-Johan Alm)
eec15662fad917b169f5e3b8baaf4301dcf00a7b wallet: avoid reuse flags (Karl-Johan Alm)
58928098c299efdc7c5ddf2dc20716ca5272f21b wallet: make IsWalletFlagSet() const (Karl-Johan Alm)
129a5bafd9a3efa2fa16d780885048a06566d262 wallet: rename g_known_wallet_flags constant to KNOWN_WALLET_FLAGS (Karl-Johan Alm)

Pull request description:

  Add a new wallet flag called `avoid_reuse` which, when enabled, will keep track of when a specific destination has been spent from, and will actively "blacklist" any new UTXOs which send to an already-spent-from destination.

  This improves privacy, as a payer could otherwise begin tracking a payee's wallet by regularly peppering a known UTXO with dust outputs, which would then be scooped up and used in payments by the payee, allowing the payer to map out (1) the inputs owned by the payee and (2) the destinations to which the payee is making payments.

  This replaces #10386 and together with the (now merged) #12257 it addresses #10065 in full. The concerns raised in https://github.com/bitcoin/bitcoin/pull/10386#issuecomment-302361381 are also addressed due to #12257.

  ~~Note: this builds on top of #15780.~~ (merged)

ACKs for commit 5ebc6b:
  jnewbery:
    ACK 5ebc6b0eb
  laanwj:
    Concept and code-review ACK 5ebc6b0eb267e0552c66fffc5e5afe7df8becf80
  meshcollider:
    Code review ACK 5ebc6b0eb2
  achow101:
    ACK 5ebc6b0eb267e0552c66fffc5e5afe7df8becf80 modulo above nits

Tree-SHA512: fdef45826af544cbbb45634ac367852cc467ec87081d86d08b53ca849e588617e9a0a255b7e7bb28692d15332de58d6c3d274ac003355220e4213d7d9070742e
2022-06-17 04:06:49 +07:00
fanquake
1ff571fc2c Merge #17515: Remove straggling OpenSSL references from doc and build
ea3c7e585c382998212fd7f41114462a8168a734 test: Remove libssl-dev packages from CI scripts (Wladimir J. van der Laan)
7ea55264b9d60325bc7a5c15d78e9063de145970 test: remove lsan suppression for libcrypto (Wladimir J. van der Laan)
2d7066527a456f8e1f4f603fe104b0bd9d864559 build: remove libcrypto as internal dependency in libbitcoinconsensus.pc (Wladimir J. van der Laan)
278751ea11f2cfe68b0c98f504f65586720cb5a4 doc: Remove ssl as a required dependency from build-unix (Wladimir J. van der Laan)

Pull request description:

  Some doc and build cleanups following #17265.

  I intentionally left the libssl-dev install in `gitian-win-signer.yml`, as it's necessary for the ossl signer.

ACKs for top commit:
  MarcoFalke:
    ACK ea3c7e585c382998212fd7f41114462a8168a734 🗯
  jamesob:
    ACK ea3c7e585c
  practicalswift:
    ACK ea3c7e585c382998212fd7f41114462a8168a734 - nice!
  fanquake:
    ACK ea3c7e585c382998212fd7f41114462a8168a734 - thanks.

Tree-SHA512: 67ea35bdd6d6e512d69e6734713534c88cae033a2ed695677ea15c3e3d5ff570374e342775c88e60877fa43a19047853e7b2a433e2c9a4349a5c423726a7457e
2022-06-16 01:34:30 -04:00
PastaPastaPasta
e090d9a9e7
trivial(llmq): trivial fixes in llmq/utils.cpp (#4884)
* trivial(llmq): fix indentation

* trivial(llmq): remove unused / commented out includes

* trivial(llmq): adjust formatting

* trivial(llmq): use const

* trivial(llmq): use ranges

* trivial: fix linter
2022-06-16 00:00:43 +03:00
MarcoFalke
6e709d48c4 Merge #15770: rpc: Validate maxfeerate with AmountFromValue
aa410c2b17 rpc: Validate maxfeerate with AmountFromValue (João Barbosa)

Pull request description:

  With this change `maxfeerate` can also be set as a string, accordingly to the help test:
  ```
    maxfeerate    (numeric or string,
  ```
  Beside, there are no tests for the removed errors.

ACKs for commit aa410c:
  meshcollider:
    utACK aa410c2b17
  MarcoFalke:
    utACK aa410c2b17 Good catch

Tree-SHA512: f3bfea91dc7daa943729e270585dbf333055aeda805fbd01eaab20a7e0e6147382647c11525334382d198df0d3d45da6102b541efda5a1361f96271c98d5d89d
2022-06-14 16:48:23 +07:00
UdjinM6
bcc4b2d1ac
Merge pull request #4867 from knst/bc-bp-3
Bitcoin backports #12763 #17511 #17675 #17617 #17698 #17703 #17705 #17787 #17806 #17743
2022-06-14 12:02:25 +03:00
UdjinM6
7fb8ae7d27
Merge pull request #4874 from UdjinM6/addrv2_followups
backport: bitcoin 20564, 20661 (addrv2 follow-ups)
2022-06-08 13:01:44 +03:00
MarcoFalke
f7ac575861 Merge #17806: test: Change filemode of rpc_whitelist.py
90df92206cfce4e61eff9d584112643512f6b91c test: Change filemode of rpc_whitelist.py (Emil Engler)

Pull request description:

  All python tests have the file mode `755`.
  Probably due to a mistake `rpc_whitelist.py` is the only test with the permission `644`.
  This PR makes it coherent with the other tests and updates it to `755` as well.

ACKs for top commit:
  practicalswift:
    ACK 90df92206cfce4e61eff9d584112643512f6b91c -- all tests should be executable

Tree-SHA512: b9e69cb5184a3bbee4c7b14ac35985145a9fd3403d0e449d79f15c18e9660cafec495d639f5f730e0c69dde5f4a3d7590b4e42d385e794cd02add1f4e3b785e7
2022-06-08 12:36:52 +07:00
Konstantin Akimov
5aa0fe2bea Add a flag "no cli" for rpc_whitelist functional test 2022-06-08 12:36:52 +07:00
Wladimir J. van der Laan
b89fd6128b Merge #12763: Add RPC Whitelist Feature from #12248
2081442c421cc4376e5d7839f68fbe7630e89103 test: Add test for rpc_whitelist (Emil Engler)
7414d3820c833566b4f48c6c120a18bf53978c55 Add RPC Whitelist Feature from #12248 (Jeremy Rubin)

Pull request description:

  Summary
  ====

  This patch adds the RPC whitelisting feature requested in #12248. RPC Whitelists help enforce application policies for services being built on top of Bitcoin Core (e.g., your Lightning Node maybe shouldn't be adding new peers). The aim of this PR is not to make it advisable to connect your Bitcoin node to arbitrary services, but to reduce risk and prevent unintended access.

  Using RPC Whitelists
  ====
  The way it works is you specify (in your bitcoin.conf) configurations such as

  ```
  rpcauth=user1:4cc74397d6e9972e5ee7671fd241$11849357f26a5be7809c68a032bc2b16ab5dcf6348ef3ed1cf30dae47b8bcc71
  rpcauth=user2:181b4a25317bff60f3749adee7d6bca0$d9c331474f1322975fa170a2ffbcb176ba11644211746b27c1d317f265dd4ada
  rpcauth=user3:a6c8a511b53b1edcf69c36984985e$13cfba0e626db19061c9d61fa58e712d0319c11db97ad845fa84517f454f6675
  rpcwhitelist=user1:getnetworkinfo
  rpcwhitelist=user2:getnetworkinfo,getwalletinfo, getbestblockhash
  rpcwhitelistdefault=0
  ```

  Now user1 can only call getnetworkinfo, user2 can only call getnetworkinfo or getwalletinfo, while user3 can still call all RPCs.

  If any rpcwhitelist is set, act as if all users are subject to whitelists unless rpcwhitelistdefault is set to 0. If rpcwhitelistdefault is set to 1 and no rpcwhitelist is set, act as if all users are subject to whitelists.

  Review Request
  =====
  In addition to normal review, would love specific review from someone working on LN (e.g., @ roasbeef) and someone working on an infrastructure team at an exchange (e.g., @ jimpo) to check that this works well with their system.

  Notes
  =====

  The rpc list is spelling sensitive -- whitespace is stripped though. Spelling errors fail towards the RPC call being blocked, which is safer.

  It was unclear to me if HTTPReq_JSONRPC is the best function to patch this functionality into, or if it would be better to place it in exec or somewhere else.

  It was also unclear to me if it would be preferred to cache the whitelists on startup or parse them on every RPC as is done with multiUserAuthorized. I opted for the cached approach as I thought it was a bit cleaner.

  Future Work
  =====

  In a future PR, I would like to add an inheritance scheme. This seemed more controversial so I didn't want to include that here. Inheritance semantics are tricky, but it would also make these whitelists easier to read.

  It also might be good to add a `getrpcwhitelist` command to facilitate permission discovery.

  Tests
  =====
  Thanks to @ emilengler for adding tests for this feature. The tests cover all cases except for where `rpcwhitelistdefault=1` is used, given difficulties around testing with the current test framework.

ACKs for top commit:
  laanwj:
    ACK 2081442c421cc4376e5d7839f68fbe7630e89103

Tree-SHA512: 0dc1ac6a6f2f4b0be9c9054d495dd17752fe7b3589aeab2c6ac4e1f91cf4e7e355deedcb5d76d707cbb5a949c2f989c871b74d6bf129351f429569a701adbcbf
2022-06-08 12:36:51 +07:00
Konstantin Akimov
5031114de3 Enabled extra functional tests thanks to previous commit with new Decimal json output 2022-06-08 12:35:12 +07:00
fanquake
f08497c93e Merge #17705: test: re-enable CLI test support by using EncodeDecimal in json.dumps()
b6f9e3576a1ea18572e4803aeb3f39330f0cb759 test: re-enable CLI test support by using EncodeDecimal in json.dumps() (fanquake)

Pull request description:

  As mentioned in https://github.com/bitcoin/bitcoin/pull/17675#issuecomment-563188648.

ACKs for top commit:
  practicalswift:
    ACK b6f9e3576a1ea18572e4803aeb3f39330f0cb759 assuming Travis is happy too -- diff looks correct :)
  MarcoFalke:
    > ACK b6f9e35 assuming Travis is happy too -- diff looks correct :)

Tree-SHA512: 79fa535cc1756c8ee610a3d6a316a1c4f036797d6990a5620e44985393a2e52f78450f8e0021d0a148c08705fd1ba765508464a365f9030ae0d2cacbd7a93e19
2022-06-08 12:35:12 +07:00
MarcoFalke
6dbc9aba0d Merge #17675: tests: Enable tests which are incorrectly skipped when running test_runner.py --usecli
5ac804a9eb0cdbdcff8b50ecfb736f8793cab805 tests: Use a default of supports_cli=True (instead of supports_cli=False) (practicalswift)
993e38a4e2fa66093314b988dfbe459f46aa5864 tests: Mark functional tests not supporting bitcoin-cli (--usecli) as such (practicalswift)

Pull request description:

  Annotate functional tests supporting `bitcoin-cli` (`--usecli`) as such.

  Prior to this commit 74 tests were unnecessarily skipped when running `test_runner.py --usecli`.

  Before [bitcoin original commit stats]:

  ```
  $ test/functional/test_runner.py --usecli > /dev/null 2>&1
  $ echo $?
  0
  $ test/functional/test_runner.py --usecli 2>&1 | cut -f2 -d'|' | \
      grep -E ' (Passed|Skipped) *$' | sort | uniq -c
        9  ✓ Passed
      126  ○ Skipped
  ```

  After [dash numbers]:

  ```
  $ test/functional/test_runner.py --usecli > /dev/null 2>&1
  $ echo $?
  0
  $ test/functional/test_runner.py --usecli 2>&1 | cut -f2 -d'|' | \
      grep -E ' (Passed|Skipped) *$' | sort | uniq -c
       110  ✓ Passed
       51  ○ Skipped
  ```

  Context: `--usecli` was introduced in f6ade9ce1a

ACKs for top commit:
  laanwj:
    Code review ACK 5ac804a9eb0cdbdcff8b50ecfb736f8793cab805

Tree-SHA512: 249c0b691a74cf201c729df86c3db2b3faefa53b94703941e566943d252c6d14924e935a8da4f592951574235923fbb7cd22612a5e7e02ff6c762c55a2320ca3
2022-06-08 12:35:12 +07:00
UdjinM6
cfbc38c185
dashification: Introduce ADDRV2_PROTO_VERSION and bump PROTOCOL_VERSION to avoid conflicts with previous v18.x rcs 2022-06-08 02:53:55 +03:00
MarcoFalke
7b2026e49b
Merge #20564: Don't send 'sendaddrv2' to pre-70016 software, and send before 'verack'
1583498fb6781c01ca2f33c09319ed793964c574 Send and require SENDADDRV2 before VERACK (Pieter Wuille)
c5a89196602e43ebb1cdc9cd4f08d153419c13e1 Don't send 'sendaddrv2' to pre-70016 software (Pieter Wuille)

Pull request description:

  BIP155 defines addrv2 and sendaddrv2 for all protocol versions, but some implementations reject messages they don't know. As a courtesy, don't send it to nodes with a version before 70016, as no software is known to support BIP155 that doesn't announce at least that protocol version number.

  Also move the sending of sendaddrv2 earlier (before sending verack), as proposed in https://github.com/bitcoin/bips/pull/1043. This has the side effect that local address broadcast of torv3 will work (as it'll only trigger after we know whether or not the peer supports addrv2).

ACKs for top commit:
  MarcoFalke:
    ACK 1583498fb6781c01ca2f33c09319ed793964c574
  jnewbery:
    ACK 1583498fb6781c01ca2f33c09319ed793964c574
  jonatack:
    ACK 1583498fb6781c01ca2f33c09319ed793964c574
  vasild:
    ACK 1583498

Tree-SHA512: 3bd5833fa8c8567b6dedd99e4a9b6bb71c127aa66d5284b217503c86d597dc59aa7382c41f3a4bf561bb658b89db81d1a7703a700eef4ffc17cb916660e23a82
2022-06-08 02:41:28 +03:00
PastaPastaPasta
d64b7229cd
chore: bump copyrights (#4873)
* chore: bump copyright in configure.ac

* chore: bump copyright via copyright_header.py

ran command `python3 contrib/devtools/copyright_header.py update .`
2022-06-08 02:36:46 +03:00
UdjinM6
2c54777306
feat(tests): check that old masternode connections are dropped (#4863)
* chore: Drop legacy ticks in CMasternodeUtils, use scheduler directly

* feat(tests): check that old masternode connections are dropped
2022-06-08 01:43:03 +03:00
MarcoFalke
8efad5c8c7
Merge #20218: test: Suppress epoll_ctl data race
fa949b3c1325693ea7ecc5556b2de50d2a6c9ead test: Suppress epoll_ctl data race (MarcoFalke)

Pull request description:

  Happens intermittently: https://cirrus-ci.com/task/5462892373868544?command=ci#L5385

ACKs for top commit:
  hebasto:
    ACK fa949b3c1325693ea7ecc5556b2de50d2a6c9ead, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: d5aa559fc105053da594531722f2a03d898eadeb4413c3a728fc5116cc4d1a2c16c49649a24c75ea810e4ec6bb9728b0bcd2ea991886bb9d206170218eddf6d2
2022-06-07 16:11:24 -05:00
Wladimir J. van der Laan
1be11a0d7c
Merge #19696: rpc: Fix addnode remove command error
a51d0ad2de89b9757d158df95ddeba2bfcb23935 rpc: Improve addnode remove command error message (Fabian Jahr)

Pull request description:

  The `addnode` RPC with the `remove` command parameter is used to remove a node from the "added nodes". It did not have test coverage and in case of failure to remove the node it responded with the confusing message "Error: Node has not been added.".

  This PR adds test coverage and introduces a new error code as well as changes the error message to something that makes sense.

ACKs for top commit:
  laanwj:
    Code review ACK a51d0ad2de89b9757d158df95ddeba2bfcb23935
  theStack:
    Tested ACK https://github.com/bitcoin/bitcoin/commit/a51d0ad2de

Tree-SHA512: 033ef5de0d4d49d58ef4df3759b838c9d19ee9dfb0aff9f814a3a63d124ca231a442c930efa7d343fe1f65727c4b59fc23dd5e26fe6ea69f9e84fda48b5c5cc2
2022-06-07 16:11:22 -05:00
MarcoFalke
ebb25818f7
Merge #16236: fuzz: Log output even if fuzzer failed
fa410f67aa test: Suppress false positive leak in secure_allocator<RNGState> (MarcoFalke)
fa35c4239f test: Log output even if fuzzer failed (MarcoFalke)

Pull request description:

  Also suppress a false positive detected leak

ACKs for commit fa410f:
  practicalswift:
    utACK fa410f67aa1d0ccd306dc16e438c1a034b8cc049

Tree-SHA512: 224a72ae0dd9bbe7debda17cd626c01cfbd0e45d7df47a2b591ce8ea386951ad94f4c0677dd268079a4caac382c5acac03199146015a95c308a633e9e4f84c09
2022-06-07 16:11:17 -05:00
PastaPastaPasta
398c0bcb7f
Merge pull request #4844 from kittywhiskers/deglobalization3
backport: bitcoin#15934, #15864, #19188, #18338, #19413, #18571, #18575 (deglobalization part 3)
2022-06-06 20:29:40 -05:00