From 95226771ed1b7a84d3918f59326d9be6b13c86a8 Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Wed, 11 Dec 2019 09:54:49 +0100 Subject: [PATCH] signrpc+rpcserver: add signer macaroon permissions --- lnrpc/signrpc/signer_server.go | 12 ++++++++++++ rpcserver.go | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/lnrpc/signrpc/signer_server.go b/lnrpc/signrpc/signer_server.go index 9ef07592..dba68fe8 100644 --- a/lnrpc/signrpc/signer_server.go +++ b/lnrpc/signrpc/signer_server.go @@ -38,6 +38,10 @@ var ( Entity: "signer", Action: "generate", }, + { + Entity: "signer", + Action: "read", + }, } // macPermissions maps RPC calls to the permissions they require. @@ -50,6 +54,14 @@ var ( Entity: "signer", Action: "generate", }}, + "/signrpc.Signer/SignMessage": {{ + Entity: "signer", + Action: "generate", + }}, + "/signrpc.Signer/VerifyMessage": {{ + Entity: "signer", + Action: "read", + }}, } // DefaultSignerMacFilename is the default name of the signer macaroon diff --git a/rpcserver.go b/rpcserver.go index bf2a12a8..5215befd 100644 --- a/rpcserver.go +++ b/rpcserver.go @@ -115,6 +115,10 @@ var ( Entity: "invoices", Action: "read", }, + { + Entity: "signer", + Action: "read", + }, } // writePermissions is a slice of all entities that allow write