lnrpc: add arguments for stateless wallet initialization to wallet unlocker
This commit adds the --stateless_init flag to all three wallet unlocker
operations. Once you initialize a wallet stateless, you need to set
this flag for every further wallet unlocker operation. Otherwise you
risk non-encrypted macaroon information to leak to the underlying
system.
"description":"new_password should be the new passphrase that will be needed to unlock the\ndaemon. When using REST, this field must be encoded as base64."
},
"stateless_init":{
"type":"boolean",
"format":"boolean",
"title":"stateless_init is an optional argument instructing the daemon NOT to create\nany *.macaroon files in its filesystem. If this parameter is set, then the\nadmin macaroon returned in the response MUST be stored by the caller of the\nRPC as otherwise all access to the daemon will be lost!"
},
"new_macaroon_root_key":{
"type":"boolean",
"format":"boolean",
"description":"new_macaroon_root_key is an optional argument instructing the daemon to\nrotate the macaroon root key when set to true. This will invalidate all\npreviously generated macaroons."
}
}
},
"lnrpcChangePasswordResponse":{
"type":"object"
"type":"object",
"properties":{
"admin_macaroon":{
"type":"string",
"format":"byte",
"description":"The binary serialized admin macaroon that can be used to access the daemon\nafter rotating the macaroon root key. If both the stateless_init and\nnew_macaroon_root_key parameter were set to true, this is the ONLY copy of\nthe macaroon that was created from the new root key and MUST be stored\nsafely by the caller. Otherwise a copy of this macaroon is also persisted on\ndisk by the daemon, together with other macaroon files."
}
}
},
"lnrpcChannelBackup":{
"type":"object",
@ -276,11 +293,23 @@
"channel_backups":{
"$ref":"#/definitions/lnrpcChanBackupSnapshot",
"description":"channel_backups is an optional argument that allows clients to recover the\nsettled funds within a set of channels. This should be populated if the\nuser was unable to close out all channels and sweep funds before partial or\ntotal data loss occurred. If specified, then after on-chain recovery of\nfunds, lnd begin to carry out the data loss recovery protocol in order to\nrecover the funds in each channel from a remote force closed transaction."
},
"stateless_init":{
"type":"boolean",
"format":"boolean",
"title":"stateless_init is an optional argument instructing the daemon NOT to create\nany *.macaroon files in its filesystem. If this parameter is set, then the\nadmin macaroon returned in the response MUST be stored by the caller of the\nRPC as otherwise all access to the daemon will be lost!"
}
}
},
"lnrpcInitWalletResponse":{
"type":"object"
"type":"object",
"properties":{
"admin_macaroon":{
"type":"string",
"format":"byte",
"description":"The binary serialized admin macaroon that can be used to access the daemon\nafter creating the wallet. If the stateless_init parameter was set to true,\nthis is the ONLY copy of the macaroon and MUST be stored safely by the\ncaller. Otherwise a copy of this macaroon is also persisted on disk by the\ndaemon, together with other macaroon files."
}
}
},
"lnrpcMultiChanBackup":{
"type":"object",
@ -315,6 +344,11 @@
"channel_backups":{
"$ref":"#/definitions/lnrpcChanBackupSnapshot",
"description":"channel_backups is an optional argument that allows clients to recover the\nsettled funds within a set of channels. This should be populated if the\nuser was unable to close out all channels and sweep funds before partial or\ntotal data loss occurred. If specified, then after on-chain recovery of\nfunds, lnd begin to carry out the data loss recovery protocol in order to\nrecover the funds in each channel from a remote force closed transaction."
},
"stateless_init":{
"type":"boolean",
"format":"boolean",
"description":"stateless_init is an optional argument instructing the daemon NOT to create\nany *.macaroon files in its file system."