Commit Graph

40 Commits

Author SHA1 Message Date
Oliver Gugger
c3227057f4
macaroons: allow external validators to be registered
When external subservers register themselves to be served through the
same gRPC interface as the main lnd RPC, their requests are also
intercepted by the main lnd macaroon interceptor.
If the external subservers want to use their own macaroons that are
independent of lnd's, they need a way to overwrite the default validator
of the macaroon interceptor. We add this mechanism with the concept of
external validators.
2020-09-10 10:24:09 +02:00
Oliver Gugger
d4c4cf01f0
lnd+macaroons: specify location when creating macaroon service
To allow the macaroon service to be used in other projects, we want the
location to be passed in as a parameter instead of being hard coded.
2020-09-10 10:24:08 +02:00
Oliver Gugger
6d201ef4fc
macaroons: add special permission entity for URI specific permissions
To make the permission system even more fine-grained, we want to allow
users to specify exact gRPC URIs in the macaroon permissions instead of
just broad entity/action groups.
For this we add the special entity "uri" which allows an URI specific
permission to be defined as "uri:/lnrpc.Lightning/GetInfo" for example
instead of the more coarse "info:read" which gives access to multiple
URIs.
2020-09-04 09:22:35 +02:00
yyforyongyu
f362f7670b
macaroons: specify root key ID in bakery 2020-08-11 19:17:48 +08:00
Conner Fromknecht
d0d2ca403d
multi: rename ReadTx to RTx 2020-05-26 18:20:37 -07:00
Oliver Gugger
847d27f8a6
macaroons: use fast scrypt options in itest and unit tests 2020-03-24 09:52:39 +01:00
Olaoluwa Osuntokun
852b2380a9
macaroons: convert to use new kvdb abstraction 2020-03-18 19:35:04 -07:00
nsa
1018df991f
macaroons: add encKeyMtx to prevent race condition 2019-11-09 21:12:11 -05:00
Oliver Gugger
ae04bdb98a
doc: describe macaroon bakery 2019-11-04 15:07:24 +01:00
Wilmer Paulino
254de64d4c
Merge pull request #3533 from alrs/macaroons-test-fixes
macaroons: Test Improvements
2019-10-22 17:22:42 +02:00
Lars Lehtonen
3587325438
macaroons: drop unused variables in tests
macaroons: defer service.Close() after error check in tests

macaroons: linter requires that nil contexts are changed to context.TODO()
2019-10-11 09:39:11 -07:00
Lars Lehtonen
a22adc4a8e
macaroons: stdlib context 2019-09-28 16:10:57 -07:00
Lars Lehtonen
3b29ecb921 routing: Fix dropped errors in tests.
lnd: Fix dropped errors in tests.

contractcourt: Fix dropped errors in tests.

htlcswitch: Fix dropped errors in tests.

invoices: Fix dropped error in tests.

lnwallet: Fix dropped errors in tests.

macaroons: Fix dropped error in tests.
2019-09-13 06:28:05 +00:00
Johan T. Halseth
21baa7bf18
multi: fix linter errors 2019-08-07 10:53:10 +02:00
Joost Jager
9e012ecc93
multi: move Input interface and related code
This commit is a step to split the lnwallet package. It puts the Input
interface and implementations in a separate package along with all their
dependencies from lnwallet.
2019-01-31 13:25:33 +01:00
Olaoluwa Osuntokun
1fd3aac925
multi: switch from bolt packge to bbolt package for all imports 2018-11-29 20:33:49 -08:00
Olaoluwa Osuntokun
06d5f2db37
macaroons: update line folding to project style 2018-11-28 20:57:07 -08:00
Conner Fromknecht
8e017465c0
macaroons/README: update noencryptwallet -> noseedbackup 2018-09-04 20:52:44 -07:00
Wilmer Paulino
856500dc43 macaroons: ensure path for macaroon DB exists
Co-Authored-By: Karl Ranna <karl@karlranna.com>
2018-08-23 18:05:00 -07:00
Conner Fromknecht
8beeeb1944
macaroons/constraints_test: remove extraneous semicolon 2018-08-02 18:20:50 -07:00
Conner Fromknecht
1ded697e8d
multi: sort import paths with gofmt 2018-08-02 18:20:49 -07:00
Olaoluwa Osuntokun
6f60f139f4 multi: switch over import paths from roasbeef/* to btcsuite/* 2018-07-13 17:05:39 -07:00
Wilmer Paulino
fc6505a0ff
macaroons: export db filename 2018-05-31 17:23:59 -07:00
Oliver Gugger
f22b0ccdbc macaroons: fix incorrect comparison in isRegistered, wrap long lines 2018-05-18 10:14:06 +02:00
Oliver Gugger
3eff9804ee macaroons: add technical documentation, fix comments 2018-05-18 10:13:25 +02:00
Oliver Gugger
8e4e2bd889 macaroons: add tests for service and constraints 2018-05-18 10:08:05 +02:00
whythat
04f4dbe639 macaroons: add utilities for constraint tests 2018-05-18 10:08:05 +02:00
whythat
a2f900ec2d macaroons: add constraints unit tests 2018-05-18 10:08:05 +02:00
Matt Drollette
92eebff64e macaroons: don't zero mem if never unlocked 2018-03-18 16:09:54 -07:00
Olaoluwa Osuntokun
800eea931f
build+multi: switch from bolt to bbolt
In this commit, we switch from boltbd/bolt to coreos/bbolt as the
former is no longer being actively maintained.
2018-03-10 19:01:13 -08:00
Alex
de6efbd1a1 multi: macaroon root key encryption 2018-02-05 21:44:06 -08:00
Alex
21c29c33d7 multi: upgrade macaroons to v2, replace per-method auth with interceptors
This commit reworks the macaroon authentication framework to use the
v2 macaroon format and bakery API. It also replaces the code in each
RPC method which calls the macaroon verifier with interceptors which
call the macaroon verifier instead. In addition, the operation
permissions are reworked to fit the new format of "allow" commands
(specifically, entity/operation permissions instead of method
permissions).
2018-01-31 17:14:49 -08:00
whythat
1379488e72 macaroons: rename PermissionsConstraint to AllowConstraint 2017-09-19 16:46:20 -07:00
whythat
7df503575c macaroons: add error reporting for macaroon constraints 2017-09-19 16:46:20 -07:00
whythat
679e86174f macaroons: add IP lock macaroon constraint 2017-09-19 16:46:20 -07:00
whythat
a6b9155150 macaroons: use constraint layer for macaroon tweaking 2017-09-19 16:46:20 -07:00
whythat
5c3493bd30 macaroons: add constraint/checker options layer 2017-09-19 16:46:20 -07:00
Olaoluwa Osuntokun
6e3abdfd14
macaroons: ensure all bytes read from db are copied before returning
This commit is a precautionary commit put in place in order to ensure
that the logic of macaroon retrieval doesn’t run into a bug triggered
by returning a reference into bolt’s active memory map. This can arise
if one returns a pointer directly read from the database. We seek to
avoid this by instead ensuring all byte slices are fully copied before
returning.
2017-08-23 11:34:43 -07:00
Olaoluwa Osuntokun
bb59a6e6e9
macaroons: expand doc strings and comments within package 2017-08-22 00:52:48 -07:00
Alex
662731e719 macaroons: add macaroons package and update glide 2017-08-17 19:20:41 -07:00