Skip to content

multi: bake super macaroon during stateless init mode #844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 10 commits into from
Closed

multi: bake super macaroon during stateless init mode #844

wants to merge 10 commits into from

Conversation

ellemouton
Copy link
Member

@ellemouton ellemouton commented Sep 13, 2024
edited
Loading

This PR adds the ability to use LiT to bake a super macaroon during stateless init mode. What's nice about this is that the macaroon will also only contain all the permissions for the subservers activated. So for example, if Loop is disabled, then the super macaroon will not contain permissions for loop.

TODO: add an itest.

Usage

Let's assume LiT and LND are in stateless init mode & that the admin.macaroon generated during wallet creation is stored in ~/mac_test/admin.macaroon

  1. This will fail due to litcli trying to find LiT's macaroon & not being able to.
litcli  bakesupermacaroon
  1. This will also fail cause LiT will try to validate the given admin macaroon against its own macaroon service.
litcli --macaroonpath=~/mac_test/admin.macaroon bakesupermacaroon
  1. This will work. LiT will take the given macaroon & create a new connection to LND with it and attempt to bake the super macaroon with that connection (which will only be valid if the given macaroon was generated by LND and has the bakemacaroon permissions)
litcli --macaroonpath=~/mac_test/admin.macaroon bakesupermacaroon --stateless_init

Technical Detail

In this commit, we force the permissions manager to see the
BakeSuperMacaroon call of LiT as whitelisted. This means that when the
initial call comes in, the LightningTerminal.ValidateMacaroon method
will return early and not validate the call (which would fail in
stateless init mode since LiT does not have a macaroon service in that
case). So the call ends up going through to the rpcProxy's
BakeSuperMacaroon method. Here we now have the following flow:

  • if the request does not have stateless_init set, then we keep the flow
    as it was:
    1. Use the lit mac validator to check that the call is allowed
    given the required permissions of BakeSuperMacaroon.
    2. if it is, then use the existing connection to LND that Lit
    has to do the macaroon baking call.
  • if stateless_init mode is set, then we do the following:
    1. we extract the macaroon from the call (this should be an LND
    macaroon)
    2. we create a new connection to LND using this provided
    macaroon.
    3. use this connection to LND to bake the macaroon.

@ellemouton
perms: hold the mutex for any public call
db94d55
@ellemouton
perms: add a ForceWhiteListURL
5430e6d 
Which will result in a specific URL returning `true` for
`IsWhiteListedURL` while still returning the original permissions in
`URIPermissions`. This will be used for situations where we want to
explicitly handle the verification of a call to a URL in a code path
that happens after path that hits `IsWhiteListed`.
@ellemouton
lit: create litMacValidator
b12d226 
a type which implements the macaroons.MacaroonValidator interface which
purely authenticates a call against LiT's macaroon service. Then, make
this available to the rpc proxy. It is not used yet.
@ellemouton
lit: make the basicClient available to the rpcProxy
744dd3a
@ellemouton
lit: change the signature of bakeSuperMac to take an LND client
313262d 
So that we have control over which LND client the rpcProxy should use
for various calls.
@ellemouton
config: extract LND dial address helper
7635079 
so that we can use it elsewhere.
@ellemouton ellemouton mentioned this pull request Sep 13, 2024
Closed
@ellemouton
litrpc: add new stateless_init field to BakeSuperMacaroon message
4bdde68
@ellemouton
lit: add a statelessInit bool in the config
5aabbde 
So that it is easy to check elsewhere if we are in this mode.
@ellemouton
rpcproxy: pass the bake-mac call directly to LND if in stateless mode
20504ed 
In this commit, we force the permissions manager to see the
BakeSuperMacaroon call of LiT as whitelisted. This means that when the
initial call comes in, the `LightningTerminal.ValidateMacaroon` method
will return early and not validate the call (which would fail in
stateless init mode since LiT does not have a macaroon service in that
case). So the call ends up going through to the rpcProxy's
BakeSuperMacaroon method. Here we now have the following flow:
- if the request does not have stateless_init set, then we keep the flow
  as it was:
        1) Use the lit mac validator to check that the call is allowed
           given the required permissions of `BakeSuperMacaroon`.
        2) if it is, then use the existing connection to LND that Lit
           has to do the macaroon baking call.
- if stateless_init mode is set, then we do the following:
        1) we extract the macaroon from the call (this should be an LND
           macaroon)
        2) we create a new connection to LND using this provided
           macaroon.
        3) use this connection to LND to bake the macaroon.
@ellemouton
litcli: expose new stateless init option to cli bakesupermacaroon com…
ad0336a 
…mand
@ellemouton ellemouton force-pushed the bakeSuperMacInStateless branch from e6678ae to ad0336a Compare September 13, 2024 13:41
@guggero guggero self-requested a review September 16, 2024 10:10
@ellemouton
Copy link
Member Author

will work on an itest for this 👍

@ViktorT-11 ViktorT-11 self-requested a review September 17, 2024 05:45
@lightninglabs-deploy
Copy link

@guggero: review reminder
@ViktorTigerstrom: review reminder

@ellemouton ellemouton mentioned this pull request Sep 30, 2024
Merged
@ellemouton
Copy link
Member Author

see #858 for an alternative approach 🙏

@ellemouton ellemouton closed this Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guggero guggero Awaiting requested review from guggero

@ViktorT-11 ViktorT-11 Awaiting requested review from ViktorT-11

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ellemouton @lightninglabs-deploy