From 617964e25f105a255ae7daf180685b048c91a9b9 Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Thu, 3 Sep 2020 14:35:43 +0200 Subject: [PATCH] loopd: allow loopd to be used as external subserver When loopd runs in the same process as lnd (in LiT), it hooks itself into lnd's RPC server as an external subserver. But because the user should still be able to use the default loop macaroon, the loop daemon must be able to validate its own macaroons as lnd's macaroon service doesn't know the root key for it. --- loopd/daemon.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/loopd/daemon.go b/loopd/daemon.go index 608c810..f806788 100644 --- a/loopd/daemon.go +++ b/loopd/daemon.go @@ -18,6 +18,7 @@ import ( "github.com/lightningnetwork/lnd/lntypes" "github.com/lightningnetwork/lnd/macaroons" "google.golang.org/grpc" + "gopkg.in/macaroon-bakery.v2/bakery" ) var ( @@ -170,6 +171,21 @@ func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error { return d.initialize() } +// ValidateMacaroon extracts the macaroon from the context's gRPC metadata, +// checks its signature, makes sure all specified permissions for the called +// method are contained within and finally ensures all caveat conditions are +// met. A non-nil error is returned if any of the checks fail. This method is +// needed to enable loopd running as an external subserver in the same process +// as lnd but still validate its own macaroons. +func (d *Daemon) ValidateMacaroon(ctx context.Context, + requiredPermissions []bakery.Op, fullMethod string) error { + + // Delegate the call to loop's own macaroon validator service. + return d.macaroonService.ValidateMacaroon( + ctx, requiredPermissions, fullMethod, + ) +} + // startWebServers starts the gRPC and REST servers in goroutines. func (d *Daemon) startWebServers() error { var err error