Browse Source

loopd: allow loopd to be used as external subserver

When loopd runs in the same process as lnd (in LiT), it hooks itself
into lnd's RPC server as an external subserver. But because the user
should still be able to use the default loop macaroon, the loop daemon
must be able to validate its own macaroons as lnd's macaroon service
doesn't know the root key for it.
Oliver Gugger 9 months ago
No known key found for this signature in database GPG Key ID: 8E4256593F177720
1 changed files with 16 additions and 0 deletions
  1. +16

+ 16
- 0
loopd/daemon.go View File

@ -18,6 +18,7 @@ import (
var (
@ -170,6 +171,21 @@ func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error {
return d.initialize()
// ValidateMacaroon extracts the macaroon from the context's gRPC metadata,
// checks its signature, makes sure all specified permissions for the called
// method are contained within and finally ensures all caveat conditions are
// met. A non-nil error is returned if any of the checks fail. This method is
// needed to enable loopd running as an external subserver in the same process
// as lnd but still validate its own macaroons.
func (d *Daemon) ValidateMacaroon(ctx context.Context,
requiredPermissions []bakery.Op, fullMethod string) error {
// Delegate the call to loop's own macaroon validator service.
return d.macaroonService.ValidateMacaroon(
ctx, requiredPermissions, fullMethod,
// startWebServers starts the gRPC and REST servers in goroutines.
func (d *Daemon) startWebServers() error {
var err error