Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support super macaroon in remote lnd mode #319

Merged
merged 10 commits into from
Feb 17, 2022
Merged

Support super macaroon in remote lnd mode #319

merged 10 commits into from
Feb 17, 2022

Conversation

guggero
Copy link
Member

@guggero guggero commented Feb 4, 2022
edited
Loading

Part of lightninglabs/lightning-node-connect#17.

Depends on #294 and #292, only the last 9 commits are new.

Can be tested locally by baking a super macaroon with:

lncli bakemacaroon --save_to /tmp/readonly.supermacaroon --root_key_id 18441921392371826688 --allow_external_permissions offchain:read swap:read insights:read suggestions:read auth:read rates:read order:read peers:read message:read recommendation:read info:read report:read auction:read onchain:read account:read invoices:read terms:read macaroon:read audit:read

And then interact with one of the daemons:

pool --rpcserver localhost:8443 --tlscertpath ~/.lit/tls.cert --macaroonpath /tmp/readonly.supermacaroon getinfo

@guggero guggero requested a review from ellemouton February 4, 2022 15:53
@guggero guggero force-pushed the macaroon-remote-mode branch 2 times, most recently from 067b184 to 4769c74 Compare February 7, 2022 15:13
@guggero guggero marked this pull request as ready for review February 7, 2022 15:14
ellemouton
ellemouton reviewed Feb 8, 2022
View reviewed changes
Copy link
Member

@ellemouton ellemouton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did a first pass, will do a better pass tomorrow but leaving some questions in the mean time

rpc_proxy.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
itest/litd_mode_integrated_test.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
@guggero guggero force-pushed the macaroon-remote-mode branch from 4769c74 to 4929f60 Compare February 8, 2022 15:09
@guggero guggero requested a review from ellemouton February 8, 2022 15:14
ellemouton
ellemouton reviewed Feb 10, 2022
View reviewed changes
Copy link
Member

@ellemouton ellemouton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tACK! looking gooooood! left some comments. Most are just questions to better my understanding of everything

terminal.go Show resolved Hide resolved
itest/litd_mode_integrated_test.go Outdated Show resolved Hide resolved
itest/litd_mode_remote_test.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
itest/litd_mode_integrated_test.go Show resolved Hide resolved
README.md Show resolved Hide resolved
@guggero guggero force-pushed the macaroon-remote-mode branch from 4929f60 to ee26fd2 Compare February 14, 2022 15:23
@guggero
Copy link
Member Author

guggero commented Feb 14, 2022

Thanks a lot for the review, @ellemouton! I rebased and fixed the things you mentioned.

@guggero guggero force-pushed the macaroon-remote-mode branch from ee26fd2 to 705af86 Compare February 15, 2022 16:27
@guggero guggero requested a review from ellemouton February 15, 2022 17:21
ellemouton
ellemouton approved these changes Feb 17, 2022
View reviewed changes
Copy link
Member

@ellemouton ellemouton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🔥

terminal.go Show resolved Hide resolved
rpc_proxy.go Show resolved Hide resolved
@guggero guggero force-pushed the macaroon-remote-mode branch from 705af86 to 7a31a57 Compare February 17, 2022 14:00
guggero added 10 commits February 17, 2022 15:00
@guggero
multi: export funcs for baking super macaroons
517b598
@guggero
rpc_proxy+litcli: replace dummy string with empty macaroon
43ed7ed 
To avoid the macaroon parsing to fail in session.IsSuperMacaroon(), we
want the dummy macaroon to be formally valid (meaning, it can be parsed)
but not actually valid (meaning, it will fail the signature verification
since we don't have the root key for it anywhere).
@guggero
terminal: extract validateSuperMacaroon
36c524d
@guggero
terminal: allow super macaroons in remote mode
fcb4e2a
@guggero
itest: add super macaroon test
6d03a8c
@guggero
multi: add super mac validator to proxy
5d4ae27
@guggero
rpc_proxy: store permission map, simplify interceptors
4e3cb10
@guggero
rpc_proxy: convert super macaroon into daemon mac
a8309a9 
If a daemon is running in remote mode, we need to convert a super
macaroon into the daemon specific macaroon before sending it to the
remote daemon, since the super macaroon is issued by lnd and can only
be validated by lnd's macaroon root key.
@guggero
itest: add REST integration test
88486df
@guggero
README: add config compat matrix
c3ff7e4
@guggero guggero force-pushed the macaroon-remote-mode branch from 7a31a57 to c3ff7e4 Compare February 17, 2022 14:00
@guggero guggero merged commit b99c5c0 into master Feb 17, 2022
@guggero guggero deleted the macaroon-remote-mode branch February 17, 2022 15:28
@guggero guggero mentioned this pull request Mar 15, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ellemouton ellemouton ellemouton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@guggero @ellemouton