Skip to content

Commit 15a69e0

Browse files
ellemoutonellemouton
committed
perms+subservers: register subserver whitelisted urls with perms manager
1 parent 1332106 commit 15a69e0

File tree

3 files changed

+28
-9
lines changed

3 files changed

+28
-9
lines changed

itest/litd_mode_integrated_test.go

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1278,13 +1278,21 @@ func bakeSuperMacaroon(cfg *LitNodeConfig, readOnly bool) (string, error) {
12781278
return "", err
12791279
}
12801280

1281-
permsMgr.RegisterSubServer(subservers.LOOP, loop.RequiredPermissions)
1282-
permsMgr.RegisterSubServer(subservers.POOL, pool.RequiredPermissions)
1283-
permsMgr.RegisterSubServer(subservers.TAP, tap.RequiredPermissions)
12841281
permsMgr.RegisterSubServer(
1285-
subservers.FARADAY, faraday.RequiredPermissions,
1282+
subservers.LOOP, loop.RequiredPermissions, nil,
1283+
)
1284+
permsMgr.RegisterSubServer(
1285+
subservers.POOL, pool.RequiredPermissions, nil,
1286+
)
1287+
permsMgr.RegisterSubServer(
1288+
subservers.TAP, tap.RequiredPermissions, nil,
1289+
)
1290+
permsMgr.RegisterSubServer(
1291+
subservers.FARADAY, faraday.RequiredPermissions, nil,
1292+
)
1293+
permsMgr.RegisterSubServer(
1294+
subservers.TAP, tap.RequiredPermissions, nil,
12861295
)
1287-
permsMgr.RegisterSubServer(subservers.TAP, tap.RequiredPermissions)
12881296

12891297
superMacPermissions := permsMgr.ActivePermissions(readOnly)
12901298
nullID := [4]byte{}
@@ -1300,13 +1308,13 @@ func bakeSuperMacaroon(cfg *LitNodeConfig, readOnly bool) (string, error) {
13001308
// it's valid.
13011309
superMacBytes, _ := hex.DecodeString(superMacHex)
13021310

1303-
tempFile, err := ioutil.TempFile("", "lit-super-macaroon")
1311+
tempFile, err := os.CreateTemp("", "lit-super-macaroon")
13041312
if err != nil {
13051313
_ = os.Remove(tempFile.Name())
13061314
return "", err
13071315
}
13081316

1309-
err = ioutil.WriteFile(tempFile.Name(), superMacBytes, 0644)
1317+
err = os.WriteFile(tempFile.Name(), superMacBytes, 0644)
13101318
if err != nil {
13111319
_ = os.Remove(tempFile.Name())
13121320
return "", err

perms/manager.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ func (pm *Manager) IsWhiteListedURL(url string) bool {
116116
// RegisterSubServer adds the permissions of a given sub-server to the set
117117
// managed by the Manager.
118118
func (pm *Manager) RegisterSubServer(name string,
119-
permissions map[string][]bakery.Op) {
119+
permissions map[string][]bakery.Op, whiteListURLs map[string]struct{}) {
120120

121121
pm.permsMu.Lock()
122122
defer pm.permsMu.Unlock()
@@ -126,6 +126,15 @@ func (pm *Manager) RegisterSubServer(name string,
126126
for uri, ops := range permissions {
127127
pm.perms[uri] = ops
128128
}
129+
130+
for url := range whiteListURLs {
131+
pm.perms[url] = nil
132+
133+
if pm.fixedPerms[name] == nil {
134+
pm.fixedPerms[name] = make(map[string][]bakery.Op)
135+
}
136+
pm.fixedPerms[name][url] = []bakery.Op{}
137+
}
129138
}
130139

131140
// OnLNDBuildTags should be called once a list of LND build tags has been

subservers/manager.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,9 @@ func (s *Manager) AddServer(ss SubServer) {
5454
quit: make(chan struct{}),
5555
})
5656

57-
s.permsMgr.RegisterSubServer(ss.Name(), ss.Permissions())
57+
s.permsMgr.RegisterSubServer(
58+
ss.Name(), ss.Permissions(), ss.WhiteListedURLs(),
59+
)
5860
}
5961

6062
// StartIntegratedServers starts all the manager's sub-servers that should be

0 commit comments

Comments
 (0)