Skip to content

Conversation

@ellemouton
Copy link
Member

@ellemouton ellemouton commented Sep 13, 2024

This PR adds the ability to use LiT to bake a super macaroon during stateless init mode. What's nice about this is that the macaroon will also only contain all the permissions for the subservers activated. So for example, if Loop is disabled, then the super macaroon will not contain permissions for loop.

TODO: add an itest.

Usage

Let's assume LiT and LND are in stateless init mode & that the admin.macaroon generated during wallet creation is stored in ~/mac_test/admin.macaroon

  1. This will fail due to litcli trying to find LiT's macaroon & not being able to.
litcli  bakesupermacaroon
  1. This will also fail cause LiT will try to validate the given admin macaroon against its own macaroon service.
litcli --macaroonpath=~/mac_test/admin.macaroon bakesupermacaroon
  1. This will work. LiT will take the given macaroon & create a new connection to LND with it and attempt to bake the super macaroon with that connection (which will only be valid if the given macaroon was generated by LND and has the bakemacaroon permissions)
litcli --macaroonpath=~/mac_test/admin.macaroon bakesupermacaroon --stateless_init

Technical Detail

In this commit, we force the permissions manager to see the
BakeSuperMacaroon call of LiT as whitelisted. This means that when the
initial call comes in, the LightningTerminal.ValidateMacaroon method
will return early and not validate the call (which would fail in
stateless init mode since LiT does not have a macaroon service in that
case). So the call ends up going through to the rpcProxy's
BakeSuperMacaroon method. Here we now have the following flow:

  • if the request does not have stateless_init set, then we keep the flow
    as it was:
    1. Use the lit mac validator to check that the call is allowed
    given the required permissions of BakeSuperMacaroon.
    2. if it is, then use the existing connection to LND that Lit
    has to do the macaroon baking call.
  • if stateless_init mode is set, then we do the following:
    1. we extract the macaroon from the call (this should be an LND
    macaroon)
    2. we create a new connection to LND using this provided
    macaroon.
    3. use this connection to LND to bake the macaroon.

Which will result in a specific URL returning `true` for
`IsWhiteListedURL` while still returning the original permissions in
`URIPermissions`. This will be used for situations where we want to
explicitly handle the verification of a call to a URL in a code path
that happens after path that hits `IsWhiteListed`.
a type which implements the macaroons.MacaroonValidator interface which
purely authenticates a call against LiT's macaroon service. Then, make
this available to the rpc proxy. It is not used yet.
So that we have control over which LND client the rpcProxy should use
for various calls.
so that we can use it elsewhere.
So that it is easy to check elsewhere if we are in this mode.
In this commit, we force the permissions manager to see the
BakeSuperMacaroon call of LiT as whitelisted. This means that when the
initial call comes in, the `LightningTerminal.ValidateMacaroon` method
will return early and not validate the call (which would fail in
stateless init mode since LiT does not have a macaroon service in that
case). So the call ends up going through to the rpcProxy's
BakeSuperMacaroon method. Here we now have the following flow:
- if the request does not have stateless_init set, then we keep the flow
  as it was:
        1) Use the lit mac validator to check that the call is allowed
           given the required permissions of `BakeSuperMacaroon`.
        2) if it is, then use the existing connection to LND that Lit
           has to do the macaroon baking call.
- if stateless_init mode is set, then we do the following:
        1) we extract the macaroon from the call (this should be an LND
           macaroon)
        2) we create a new connection to LND using this provided
           macaroon.
        3) use this connection to LND to bake the macaroon.
@ellemouton ellemouton force-pushed the bakeSuperMacInStateless branch from e6678ae to ad0336a Compare September 13, 2024 13:41
@guggero guggero self-requested a review September 16, 2024 10:10
@ellemouton
Copy link
Member Author

will work on an itest for this 👍

@ViktorT-11 ViktorT-11 self-requested a review September 17, 2024 05:45
@lightninglabs-deploy
Copy link

@guggero: review reminder
@ViktorTigerstrom: review reminder

@ellemouton
Copy link
Member Author

see #858 for an alternative approach 🙏

@ellemouton ellemouton closed this Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants