macaroons: remember stateless init

To make sure no macaroons are created anywhere if the stateless initialization was requested, we keep the requested initialization mode in the memory of the macaroon service.
2020-10-06 17:23:31 +02:00 · 2020-10-06 17:23:31 +02:00 · 294cb4a966
commit 294cb4a966
parent ae71d60715
3 changed files with 13 additions and 6 deletions
--- a/lnd.go
+++ b/lnd.go
@ -408,7 +408,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
 	if !cfg.NoMacaroons {
 		// Create the macaroon authentication/authorization service.
 		macaroonService, err = macaroons.NewService(
-			cfg.networkDir, "lnd", macaroons.IPLockChecker,
+			cfg.networkDir, "lnd", false, macaroons.IPLockChecker,
 		)
 		if err != nil {
 			err := fmt.Errorf("unable to set up macaroon "+
--- a/macaroons/service.go
+++ b/macaroons/service.go
@ -62,6 +62,10 @@ type Service struct {
 	// If no external validator for an URI is specified, the service will
 	// use the internal validator.
 	externalValidators map[string]MacaroonValidator
+
+	// StatelessInit denotes if the service was initialized in the stateless
+	// mode where no macaroon files should be created on disk.
+	StatelessInit bool
 }

 // NewService returns a service backed by the macaroon Bolt DB stored in the
@ -71,7 +75,9 @@ type Service struct {
 // listing the same checker more than once is not harmful. Default checkers,
 // such as those for `allow`, `time-before`, `declared`, and `error` caveats
 // are registered automatically and don't need to be added.
-func NewService(dir, location string, checks ...Checker) (*Service, error) {
+func NewService(dir, location string, statelessInit bool,
+	checks ...Checker) (*Service, error) {
+
 	// Ensure that the path to the directory exists.
 	if _, err := os.Stat(dir); os.IsNotExist(err) {
 		if err := os.MkdirAll(dir, 0700); err != nil {
@ -118,6 +124,7 @@ func NewService(dir, location string, checks ...Checker) (*Service, error) {
 		Bakery:             *svc,
 		rks:                rootKeyStore,
 		externalValidators: make(map[string]MacaroonValidator),
+		StatelessInit:      statelessInit,
 	}, nil
 }

--- a/macaroons/service_test.go
+++ b/macaroons/service_test.go
@ -67,7 +67,7 @@ func TestNewService(t *testing.T) {
 	// Second, create the new service instance, unlock it and pass in a
 	// checker that we expect it to add to the bakery.
 	service, err := macaroons.NewService(
-		tempDir, "lnd", macaroons.IPLockChecker,
+		tempDir, "lnd", false, macaroons.IPLockChecker,
 	)
 	if err != nil {
 		t.Fatalf("Error creating new service: %v", err)
@ -118,7 +118,7 @@ func TestValidateMacaroon(t *testing.T) {
 	tempDir := setupTestRootKeyStorage(t)
 	defer os.RemoveAll(tempDir)
 	service, err := macaroons.NewService(
-		tempDir, "lnd", macaroons.IPLockChecker,
+		tempDir, "lnd", false, macaroons.IPLockChecker,
 	)
 	if err != nil {
 		t.Fatalf("Error creating new service: %v", err)
@ -178,7 +178,7 @@ func TestListMacaroonIDs(t *testing.T) {
 	// Second, create the new service instance, unlock it and pass in a
 	// checker that we expect it to add to the bakery.
 	service, err := macaroons.NewService(
-		tempDir, "lnd", macaroons.IPLockChecker,
+		tempDir, "lnd", false, macaroons.IPLockChecker,
 	)
 	require.NoError(t, err, "Error creating new service")
 	defer service.Close()
@ -210,7 +210,7 @@ func TestDeleteMacaroonID(t *testing.T) {
 	// Second, create the new service instance, unlock it and pass in a
 	// checker that we expect it to add to the bakery.
 	service, err := macaroons.NewService(
-		tempDir, "lnd", macaroons.IPLockChecker,
+		tempDir, "lnd", false, macaroons.IPLockChecker,
 	)
 	require.NoError(t, err, "Error creating new service")
 	defer service.Close()