Skip to content

Commit b3b00c7

Browse files
committed
terminal+subserver: validate subserver macaroons
When running in the same process, lnd will not know what to do with a macaroon that is meant for a subserver. With this commit we instruct the interceptor in the RPC proxy to delegate the validation of any macaroon unknown to lnd back to the terminal instance which then passes it on to the subserver it was meant for.
1 parent 8037929 commit b3b00c7

File tree

1 file changed

+33
-1
lines changed

1 file changed

+33
-1
lines changed

terminal.go

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@ import (
2828
"github.com/lightningnetwork/lnd/signal"
2929
"github.com/rakyll/statik/fs"
3030
"google.golang.org/grpc"
31+
"gopkg.in/macaroon-bakery.v2/bakery"
32+
3133
// Import generated go package that contains all static files for the
3234
// UI in a compressed format.
3335
_ "github.com/lightninglabs/lightning-terminal/statik"
@@ -136,7 +138,7 @@ func (g *LightningTerminal) Run() error {
136138
g.cfg.frdrpcCfg = &frdrpc.Config{}
137139
g.faradayServer = frdrpc.NewRPCServer(g.cfg.frdrpcCfg)
138140
g.loopServer = loopd.New(g.cfg.Loop, nil)
139-
g.rpcProxy = newRpcProxy(g.cfg, nil, getAllPermissions())
141+
g.rpcProxy = newRpcProxy(g.cfg, g, getAllPermissions())
140142

141143
// Hook interceptor for os signals.
142144
err = signal.Intercept()
@@ -358,6 +360,36 @@ func (g *LightningTerminal) RegisterRestSubserver(ctx context.Context,
358360
)
359361
}
360362

363+
// ValidateMacaroon extracts the macaroon from the context's gRPC metadata,
364+
// checks its signature, makes sure all specified permissions for the called
365+
// method are contained within and finally ensures all caveat conditions are
366+
// met. A non-nil error is returned if any of the checks fail.
367+
func (g *LightningTerminal) ValidateMacaroon(ctx context.Context,
368+
requiredPermissions []bakery.Op, fullMethod string) error {
369+
370+
// Validate all macaroons for services that are running in the local
371+
// process. Calls that we proxy to a remote host don't need to be
372+
// checked as they'll have their own interceptor.
373+
switch {
374+
case isLoopURI(fullMethod):
375+
return g.loopServer.ValidateMacaroon(
376+
ctx, requiredPermissions, fullMethod,
377+
)
378+
379+
case isFaradayURI(fullMethod):
380+
return g.faradayServer.ValidateMacaroon(
381+
ctx, requiredPermissions, fullMethod,
382+
)
383+
}
384+
385+
// Because lnd will spin up its own gRPC server with macaroon
386+
// interceptors if it is running in this process, it will check its
387+
// macaroons there. If lnd is running remotely, that process will check
388+
// the macaroons. So we don't need to worry about anything other than
389+
// the subservers that are running in the local process.
390+
return nil
391+
}
392+
361393
// shutdown stops all subservers that were started and attached to lnd.
362394
func (g *LightningTerminal) shutdown() error {
363395
var returnErr error

0 commit comments

Comments
 (0)