Due to a misunderstanding about how the entities/actions are encoded
inside the macaroon, only the first action was printed per entity.
Even though we add them as separate pairs in the macaroon service (for
example "offchain:read" and "offchain:write"), they are grouped in the
serialized macaroon ("offchain:read,write").
To be spec compliant, we require the initiator to not pay the anchor
values into fees on coop close. We extract the balance calculation into
commitment.go, and add back the value of the anchors to the initiator's
balance.
Give the external subservers the possibility to also use their own
validator to check any macaroons attached to calls to their registered
gRPC URIs.
This allows them to have their own root key ID database and permission
entities.
When external subservers register themselves to be served through the
same gRPC interface as the main lnd RPC, their requests are also
intercepted by the main lnd macaroon interceptor.
If the external subservers want to use their own macaroons that are
independent of lnd's, they need a way to overwrite the default validator
of the macaroon interceptor. We add this mechanism with the concept of
external validators.
When starting up with lnd.conf that contains the sample line
"tor.active", lnd crashes and prints the error:
malformed key=value (tor.active)
Using "tor.active=true" instead works as expected.
A profile file can contain multiple profile entries. Each
entry has a name, a set of default options to use and an optional list
of macaroons in a jar. The profile file can be
serialized/deserialized to and from JSON.
To fix the compiler of some IDEs complaining about types and functions
it cannot find, we rename all files that contain tests back to lnd_xxx_test.go to make
sure they are compiled correctly.
As a convenience method for users to look up what RPC method URIs exist
and what permissions they require, we add a new ListPermissions call
that simply returns all registered URIs (including internal and external
subservers) and their required permissions.
To make the permission system even more fine-grained, we want to allow
users to specify exact gRPC URIs in the macaroon permissions instead of
just broad entity/action groups.
For this we add the special entity "uri" which allows an URI specific
permission to be defined as "uri:/lnrpc.Lightning/GetInfo" for example
instead of the more coarse "info:read" which gives access to multiple
URIs.
In this commit, we update the `sample-lnd.conf` example config file to
be up to date with all the new configuration parameters we've added over
the past few release.
This commit changes the logic when garbage collecting forwarding
packages such that they are removed once when the function is called,
and then again upon subsequent ticks. This allows us to bump the
peer timer to 1 hour to limit the number of db transactions happening
in lnd. The forwarding packages need to be removed initially as
otherwise a flappy node will never have them garbage collected.