terminal+session_rpc: admin macaroon for sessions

Bake and use supermac in `authData` for sessions of type Admin Macaroon.

Author: ellemouton

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/improbable-eng/grpc-web v0.12.0
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/lightninglabs/faraday v0.2.7-alpha
-	github.com/lightninglabs/lightning-node-connect v0.1.5-alpha
+	github.com/lightninglabs/lightning-node-connect v0.1.7-alpha
 	github.com/lightninglabs/lndclient v0.14.0-7
 	github.com/lightninglabs/loop v0.15.1-beta
 	github.com/lightninglabs/pool v0.5.4-alpha.0.20220114202858-525fe156d240
@@ -25,6 +25,7 @@ require (
 	github.com/urfave/cli v1.22.4
 	go.etcd.io/bbolt v1.3.6
 	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
+	golang.org/x/net v0.0.0-20210913180222-943fd674d43e
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
 	google.golang.org/grpc v1.39.0

go.sum

@@ -105,6 +105,7 @@ github.com/btcsuite/btcutil/psbt v1.0.3-0.20210527170813-e2ba6805a890 h1:0xUNvvw
 github.com/btcsuite/btcutil/psbt v1.0.3-0.20210527170813-e2ba6805a890/go.mod h1:LVveMu4VaNSkIRTZu2+ut0HDBRuYjqGocxDMNS1KuGQ=
 github.com/btcsuite/btcwallet v0.11.1-0.20200814001439-1d31f4ea6fc5/go.mod h1:YkEbJaCyN6yncq5gEp2xG0OKDwus2QxGCEXTNF27w5I=
 github.com/btcsuite/btcwallet v0.11.1-0.20200904022754-2c5947a45222/go.mod h1:owv9oZqM0HnUW+ByF7VqOgfs2eb0ooiePW/+Tl/i/Nk=
+github.com/btcsuite/btcwallet v0.11.1-0.20201207233335-415f37ff11a1/go.mod h1:P1U4LKSB/bhFQdOM7ab1XqNoBGFyFAe7eKObEBD9mIo=
 github.com/btcsuite/btcwallet v0.12.1-0.20210519225359-6ab9b615576f/go.mod h1:f1HuBGov5+OTp40Gh1vA+tvF6d7bbuLFTceJMRB7fXw=
 github.com/btcsuite/btcwallet v0.13.0/go.mod h1:iLN1lG1MW0eREm+SikmPO8AZPz5NglBTEK/ErqkjGpo=
 github.com/btcsuite/btcwallet v0.13.1-0.20211201210108-79de92f527dc h1:lAbAEAp4eWvsSwJfcpdHXpKz78X2sVF9aDK4nJveXmY=
@@ -323,7 +324,6 @@ github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -603,24 +603,27 @@ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.3 h1:v9QZf2Sn6AmjXtQeFpdoq/eaNtYP6IN+7lcrygsIAtg=
 github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lightninglabs/aperture v0.1.6-beta h1:bhpK4O9xa0YUBFQfkfg/h/3sMAY+AOMxi9YUjg6/l/E=
 github.com/lightninglabs/aperture v0.1.6-beta/go.mod h1:9xl4mx778ZAzrB87nLHMqk+XQcSz8Dx/DypjWzGN1xo=
+github.com/lightninglabs/aperture v0.1.11-beta h1:GRnQxvDn3ZPIqC8DV1T81LCxJO33anoAAbOFxyGbUyU=
+github.com/lightninglabs/aperture v0.1.11-beta/go.mod h1:pl4sIilhVW6RH7FIYCugPHEPl0pmj3UE1I83Oqpj9VY=
 github.com/lightninglabs/faraday v0.2.7-alpha h1:lpSUk3RFfgr4/OCx1OdJ2AMHCAiTObK+5o54ml8ceHs=
 github.com/lightninglabs/faraday v0.2.7-alpha/go.mod h1:77P9EctYhneIXLvm9a6ylV9LCht/rj7j8mLwXpBgxB8=
 github.com/lightninglabs/gozmq v0.0.0-20191113021534-d20a764486bf h1:HZKvJUHlcXI/f/O0Avg7t8sqkPo78HFzjmeYFl6DPnc=
 github.com/lightninglabs/gozmq v0.0.0-20191113021534-d20a764486bf/go.mod h1:vxmQPeIQxPf6Jf9rM8R+B4rKBqLA2AjttNxkFBL2Plk=
-github.com/lightninglabs/lightning-node-connect v0.1.5-alpha h1:6Jguz6wXSaV2KVs+mvEDATQdNMvKiTmuQeRGMzvarTw=
-github.com/lightninglabs/lightning-node-connect v0.1.5-alpha/go.mod h1:xsDBDnSzHalal3K4gbnVSrbWVbV25sHrm96p3+lASt0=
+github.com/lightninglabs/lightning-node-connect v0.1.7-alpha h1:M2g8Il/DWhRvwZIEBER1QVDeIj9OTM0+DE7fXrLqc10=
+github.com/lightninglabs/lightning-node-connect v0.1.7-alpha/go.mod h1:jxSnezQYIvhNXqjyyiMEmdpOURrdVaujPZV6zGCVi8o=
 github.com/lightninglabs/lightning-node-connect/hashmailrpc v1.0.2 h1:Er1miPZD2XZwcfE4xoS5AILqP1mj7kqnhbBSxW9BDxY=
 github.com/lightninglabs/lightning-node-connect/hashmailrpc v1.0.2/go.mod h1:antQGRDRJiuyQF6l+k6NECCSImgCpwaZapATth2Chv4=
 github.com/lightninglabs/lndclient v0.11.0-4/go.mod h1:8/cTKNwgL87NX123gmlv3Xh6p1a7pvzu+40Un3PhHiI=
+github.com/lightninglabs/lndclient v0.12.0-9/go.mod h1:L0R2VOaLxMylGbxgnfiZGc0hMDIIgj91cfgwGuFz9kU=
 github.com/lightninglabs/lndclient v0.14.0-5/go.mod h1:2kH9vNoc29ghIkfMjxwSeK8yCxsYfR80XAJ9PU/QWWk=
 github.com/lightninglabs/lndclient v0.14.0-7 h1:muqPju9ixBtQNcO0SkvbZ2b2oORUMRqQ4e+aC077Qa8=
 github.com/lightninglabs/lndclient v0.14.0-7/go.mod h1:2kH9vNoc29ghIkfMjxwSeK8yCxsYfR80XAJ9PU/QWWk=
 github.com/lightninglabs/loop v0.15.1-beta h1:X4qth5qAdpgKarmcltO85HxMze3Wrk8FzI46Cwt9H4A=
 github.com/lightninglabs/loop v0.15.1-beta/go.mod h1:9TawqLzvjDP4pswZ8QkvTcBqH+wGKBffP+r6mFGBVi4=
 github.com/lightninglabs/neutrino v0.11.0/go.mod h1:CuhF0iuzg9Sp2HO6ZgXgayviFTn1QHdSTJlMncK80wg=
 github.com/lightninglabs/neutrino v0.11.1-0.20200316235139-bffc52e8f200/go.mod h1:MlZmoKa7CJP3eR1s5yB7Rm5aSyadpKkxqAwLQmog7N0=
+github.com/lightninglabs/neutrino v0.11.1-0.20201210023533-e1978372d15e/go.mod h1:KDWfQDKp+CFBxO1t2NRmWuagTY2sYIjpHB1k5vrojTI=
 github.com/lightninglabs/neutrino v0.12.1/go.mod h1:GlKninWpRBbL7b8G0oQ36/8downfnFwKsr0hbRA6E/E=
 github.com/lightninglabs/neutrino v0.13.0 h1:j3PKWEJCwqwMn/qLASz2j0IuCF6AumS9DaM0i0pM/nY=
 github.com/lightninglabs/neutrino v0.13.0/go.mod h1:GlKninWpRBbL7b8G0oQ36/8downfnFwKsr0hbRA6E/E=
@@ -636,13 +639,13 @@ github.com/lightningnetwork/lightning-onion v1.0.2-0.20210520211913-522b799e65b1
 github.com/lightningnetwork/lightning-onion v1.0.2-0.20210520211913-522b799e65b1/go.mod h1:rigfi6Af/KqsF7Za0hOgcyq2PNH4AN70AaMRxcJkff4=
 github.com/lightningnetwork/lnd v0.11.0-beta/go.mod h1:CzArvT7NFDLhVyW06+NJWSuWFmE6Ea+AjjA3txUBqTM=
 github.com/lightningnetwork/lnd v0.11.1-beta/go.mod h1:PGIgxy8aH70Li33YVYkHSaCM8m8LjEevk5h1Dpldrr4=
+github.com/lightningnetwork/lnd v0.12.0-beta/go.mod h1:2GyP1IG1kXV5Af/LOCxnXfux1OP3fAGr8zptS5PB2YI=
 github.com/lightningnetwork/lnd v0.13.0-beta.rc5.0.20210728112744-ebabda671786/go.mod h1:3cmukt9wR4PX1va9Q78gmqSPYd6yhV1wcFemM5F+kT8=
 github.com/lightningnetwork/lnd v0.14.0-beta/go.mod h1:qqOImM4QBKeIXsmUUsJznAbAaEF9iAPHAwfBZf9ld4Y=
 github.com/lightningnetwork/lnd v0.14.1-beta/go.mod h1:o7zDwjZXm/bPP48qjwsqnZvvITyQl+fUv6UVoV4o+J8=
 github.com/lightningnetwork/lnd v0.14.2-beta h1:v5Xgf0HjgA+umoinNrihMSoAuy52tYQnxCzX0wFaRwQ=
 github.com/lightningnetwork/lnd v0.14.2-beta/go.mod h1:BKTR+jbfcyFwsOPb3m8HaM09YmZF/SsbWd5UTCgDZlo=
 github.com/lightningnetwork/lnd/cert v1.0.2/go.mod h1:fmtemlSMf5t4hsQmcprSoOykypAPp+9c+0d0iqTScMo=
-github.com/lightningnetwork/lnd/cert v1.0.2/go.mod h1:fmtemlSMf5t4hsQmcprSoOykypAPp+9c+0d0iqTScMo=
 github.com/lightningnetwork/lnd/cert v1.0.3/go.mod h1:3MWXVLLPI0Mg0XETm9fT4N9Vyy/8qQLmaM5589bEggM=
 github.com/lightningnetwork/lnd/cert v1.1.0 h1:Vgmse23SOB/ODIj+I5Utq1yuKLPbWQ34gUoNKfDs4pk=
 github.com/lightningnetwork/lnd/cert v1.1.0/go.mod h1:3MWXVLLPI0Mg0XETm9fT4N9Vyy/8qQLmaM5589bEggM=
@@ -960,19 +963,16 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
 go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
 go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
@@ -989,7 +989,6 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
@@ -1051,7 +1050,6 @@ golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -1315,7 +1313,6 @@ google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=

session_rpcserver.go

@@ -22,6 +22,9 @@ type sessionRpcServer struct {
 	db            *session.DB
 	sessionServer *session.Server
 
+	superMacBaker func(ctx context.Context, rootKeyID uint64,
+		recipe *session.MacaroonRecipe) (string, error)
+
 	quit     chan struct{}
 	wg       sync.WaitGroup
 	stopOnce sync.Once
@@ -39,22 +42,19 @@ func (s *sessionRpcServer) stop() {
 func (s *sessionRpcServer) AddSession(_ context.Context,
 	req *litrpc.AddSessionRequest) (*litrpc.AddSessionResponse, error) {
 
-	var (
-		typ    session.Type
-		expiry time.Time
-	)
-	switch req.SessionType {
-	case litrpc.SessionType_TYPE_UI_PASSWORD:
-		typ = session.TypeUIPassword
+	expiry := time.Unix(int64(req.ExpiryTimestampSeconds), 0)
+	if time.Now().After(expiry) {
+		return nil, fmt.Errorf("expiry must be in the future")
+	}
 
-	default:
-		return nil, fmt.Errorf("invalid session type, only UI " +
-			"password supported in LiT")
+	typ, err := unmarshalRPCType(req.SessionType)
+	if err != nil {
+		return nil, err
 	}
 
-	expiry = time.Unix(int64(req.ExpiryTimestampSeconds), 0)
-	if time.Now().After(expiry) {
-		return nil, fmt.Errorf("expiry must be in the future")
+	if typ != session.TypeUIPassword && typ != session.TypeMacaroonAdmin {
+		return nil, fmt.Errorf("invalid session type, only UI " +
+			"password and macaroon admin types supported in LiT")
 	}
 
 	sess, err := session.NewSession(
@@ -94,15 +94,12 @@ func (s *sessionRpcServer) resumeSession(sess *session.Session) error {
 	if sess.State != session.StateInUse &&
 		sess.State != session.StateCreated {
 
-		log.Debugf("Not resuming session %x with state %d",
-			sess.LocalPublicKey.SerializeCompressed(), sess.State)
-		return nil
-	}
-	if sess.Type != session.TypeUIPassword {
-		log.Debugf("Not resuming session %x with type %d",
-			sess.LocalPublicKey.SerializeCompressed(), sess.Type)
+		log.Debugf("Not resuming session %x with state %d", pubKeyBytes,
+			sess.State)
 		return nil
 	}
+
+	// Don't resume an expired session.
 	if sess.Expiry.Before(time.Now()) {
 		log.Debugf("Not resuming session %x with expiry %s",
 			pubKeyBytes, sess.Expiry)
@@ -114,7 +111,32 @@ func (s *sessionRpcServer) resumeSession(sess *session.Session) error {
 		return nil
 	}
 
-	authData := []byte("Authorization: Basic " + s.basicAuth)
+	var authData []byte
+	switch sess.Type {
+	case session.TypeUIPassword:
+		authData = []byte("Authorization: Basic " + s.basicAuth)
+
+	case session.TypeMacaroonAdmin:
+		ctx := context.Background()
+		mac, err := s.superMacBaker(
+			ctx, sess.MacaroonRootKey, &session.MacaroonRecipe{
+				Permissions: getAllPermissions(),
+			},
+		)
+		if err != nil {
+			log.Debugf("Not resuming session %x. Could not bake"+
+				"the necessary macaroon: %w", pubKeyBytes, err)
+			return nil
+		}
+
+		authData = []byte(fmt.Sprintf("%s: %s", HeaderMacaroon, mac))
+
+	default:
+		log.Debugf("Not resuming session %x with type %d", pubKeyBytes,
+			sess.Type)
+		return nil
+	}
+
 	sessionClosedSub, err := s.sessionServer.StartSession(sess, authData)
 	if err != nil {
 		return err
@@ -148,7 +170,7 @@ func (s *sessionRpcServer) resumeSession(sess *session.Session) error {
 		}
 	}()
 
-	return err
+	return nil
 }
 
 // ListSessions returns all sessions known to the session store.
@@ -272,3 +294,23 @@ func marshalRPCType(typ session.Type) (litrpc.SessionType, error) {
 		return 0, fmt.Errorf("unknown type <%d>", typ)
 	}
 }
+
+// unmarshalRPCType converts an RPC session type to its session counterpart.
+func unmarshalRPCType(typ litrpc.SessionType) (session.Type, error) {
+	switch typ {
+	case litrpc.SessionType_TYPE_MACAROON_READONLY:
+		return session.TypeMacaroonReadonly, nil
+
+	case litrpc.SessionType_TYPE_MACAROON_ADMIN:
+		return session.TypeMacaroonAdmin, nil
+
+	case litrpc.SessionType_TYPE_MACAROON_CUSTOM:
+		return session.TypeMacaroonCustom, nil
+
+	case litrpc.SessionType_TYPE_UI_PASSWORD:
+		return session.TypeUIPassword, nil
+
+	default:
+		return 0, fmt.Errorf("unknown type <%d>", typ)
+	}
+}

terminal.go

@@ -230,17 +230,14 @@ func (g *LightningTerminal) Run() error {
 		db:            g.sessionDB,
 		sessionServer: g.sessionServer,
 		quit:          make(chan struct{}),
-	}
+		superMacBaker: func(ctx context.Context, rootKeyID uint64,
+			recipe *session.MacaroonRecipe) (string, error) {
 
-	// Now start up all previously created sessions.
-	sessions, err := g.sessionDB.ListSessions()
-	if err != nil {
-		return fmt.Errorf("error listing sessions: %v", err)
-	}
-	for _, sess := range sessions {
-		if err := g.sessionRpcServer.resumeSession(sess); err != nil {
-			return fmt.Errorf("error resuming sesion: %v", err)
-		}
+			return bakeSuperMacaroon(
+				ctx, g.basicClient, rootKeyID,
+				recipe.Permissions, recipe.Caveats,
+			)
+		},
 	}
 
 	// Overwrite the loop and pool daemon's user agent name so it sends
@@ -380,6 +377,20 @@ func (g *LightningTerminal) Run() error {
 		return err
 	}
 
+	// Now start up all previously created sessions. Since the sessions
+	// require a lnd connection in order to bake macaroons, we can only
+	// start up the sessions once the connection to lnd has been
+	// established.
+	sessions, err := g.sessionDB.ListSessions()
+	if err != nil {
+		return fmt.Errorf("error listing sessions: %v", err)
+	}
+	for _, sess := range sessions {
+		if err := g.sessionRpcServer.resumeSession(sess); err != nil {
+			return fmt.Errorf("error resuming sesion: %v", err)
+		}
+	}
+
 	// Now block until we receive an error or the main shutdown signal.
 	select {
 	case err := <-g.loopServer.ErrChan: