signrpc+rpcserver: add signer macaroon permissions

2019-12-11 09:54:49 +01:00 · 2019-12-11 09:54:49 +01:00 · 95226771ed
commit 95226771ed
parent 9a73b9be78
2 changed files with 16 additions and 0 deletions
--- a/lnrpc/signrpc/signer_server.go
+++ b/lnrpc/signrpc/signer_server.go
@ -38,6 +38,10 @@ var (
 			Entity: "signer",
 			Action: "generate",
 		},
+		{
+			Entity: "signer",
+			Action: "read",
+		},
 	}

 	// macPermissions maps RPC calls to the permissions they require.
@ -50,6 +54,14 @@ var (
 			Entity: "signer",
 			Action: "generate",
 		}},
+		"/signrpc.Signer/SignMessage": {{
+			Entity: "signer",
+			Action: "generate",
+		}},
+		"/signrpc.Signer/VerifyMessage": {{
+			Entity: "signer",
+			Action: "read",
+		}},
 	}

 	// DefaultSignerMacFilename is the default name of the signer macaroon
--- a/rpcserver.go
+++ b/rpcserver.go
@ -115,6 +115,10 @@ var (
 			Entity: "invoices",
 			Action: "read",
 		},
+		{
+			Entity: "signer",
+			Action: "read",
+		},
 	}

 	// writePermissions is a slice of all entities that allow write