From debf9d0e3ec9fa3750895c96e04d733daa3c7b9b Mon Sep 17 00:00:00 2001 From: Orbital Date: Wed, 17 Nov 2021 20:17:33 -0600 Subject: [PATCH] Pass in macaroon string to sidecar acceptor --- config_builder.go | 39 +++++++++++++++++++++------------------ lnd.go | 21 +++++++++++++-------- start_sidecar.go | 10 ++++++---- 3 files changed, 40 insertions(+), 30 deletions(-) diff --git a/config_builder.go b/config_builder.go index a2ae613eb5..2be57717e2 100644 --- a/config_builder.go +++ b/config_builder.go @@ -97,7 +97,7 @@ type WalletConfigBuilder interface { BuildWalletConfig(context.Context, *DatabaseInstances, *rpcperms.InterceptorChain, []*ListenerWithSignal) (*chainreg.PartialChainControl, - *btcwallet.Config, func(), error) + *btcwallet.Config, func(), []byte, error) } // ChainControlBuilder is an interface that must be satisfied by a custom wallet @@ -220,7 +220,7 @@ func (d *DefaultWalletImpl) Permissions() map[string][]bakery.Op { func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, dbs *DatabaseInstances, interceptorChain *rpcperms.InterceptorChain, grpcListeners []*ListenerWithSignal) (*chainreg.PartialChainControl, - *btcwallet.Config, func(), error) { + *btcwallet.Config, func(), []byte, error) { // Keep track of our various cleanup functions. We use a defer function // as well to not repeat ourselves with every return statement. @@ -262,7 +262,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, err := fmt.Errorf("unable to initialize neutrino "+ "backend: %v", err) d.logger.Error(err) - return nil, nil, nil, err + return nil, nil, nil, nil, err } cleanUpTasks = append(cleanUpTasks, neutrinoCleanUp) neutrinoCS = neutrinoBackend @@ -287,7 +287,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, d.pwService.SetMacaroonDB(dbs.MacaroonDB) walletExists, err := d.pwService.WalletExists() if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } if !walletExists { @@ -304,7 +304,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, if d.cfg.WalletUnlockPasswordFile != "" && !walletExists && !d.cfg.WalletUnlockAllowCreate { - return nil, nil, nil, fmt.Errorf("wallet unlock password file " + + return nil, nil, nil, nil, fmt.Errorf("wallet unlock password file " + "was specified but wallet does not exist; initialize " + "the wallet before using auto unlocking") } @@ -323,7 +323,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, "password provided in file") pwBytes, err := ioutil.ReadFile(d.cfg.WalletUnlockPasswordFile) if err != nil { - return nil, nil, nil, fmt.Errorf("error reading "+ + return nil, nil, nil, nil, fmt.Errorf("error reading "+ "password from file %s: %v", d.cfg.WalletUnlockPasswordFile, err) } @@ -339,7 +339,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, pwBytes, 0, ) if err != nil { - return nil, nil, nil, fmt.Errorf("error unlocking "+ + return nil, nil, nil, nil, fmt.Errorf("error unlocking "+ "wallet with password from file: %v", err) } @@ -360,7 +360,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, // over RPC. default: if err := d.interceptor.Notifier.NotifyReady(false); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } params, err := waitForWalletPassword( @@ -371,7 +371,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, err := fmt.Errorf("unable to set up wallet password "+ "listeners: %v", err) d.logger.Error(err) - return nil, nil, nil, err + return nil, nil, nil, nil, err } walletInitParams = *params @@ -391,7 +391,10 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, } } - var macaroonService *macaroons.Service + var ( + macaroonService *macaroons.Service + adminMacBytes []byte + ) if !d.cfg.NoMacaroons { // Create the macaroon authentication/authorization service. macaroonService, err = macaroons.NewService( @@ -403,7 +406,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, err := fmt.Errorf("unable to set up macaroon "+ "authentication: %v", err) d.logger.Error(err) - return nil, nil, nil, err + return nil, nil, nil, nil, err } cleanUpTasks = append(cleanUpTasks, func() { if err := macaroonService.Close(); err != nil { @@ -419,7 +422,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, if err != nil && err != macaroons.ErrAlreadyUnlocked { err := fmt.Errorf("unable to unlock macaroons: %v", err) d.logger.Error(err) - return nil, nil, nil, err + return nil, nil, nil, nil, err } // In case we actually needed to unlock the wallet, we now need @@ -428,11 +431,11 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, // backup mode, there's nobody listening on the channel and we'd // block here forever. if !d.cfg.NoSeedBackup { - adminMacBytes, err := bakeMacaroon( + adminMacBytes, err = bakeMacaroon( ctx, macaroonService, adminPermissions(), ) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } // The channel is buffered by one element so writing @@ -463,7 +466,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, err := fmt.Errorf("unable to create macaroons "+ "%v", err) d.logger.Error(err) - return nil, nil, nil, err + return nil, nil, nil, nil, err } } @@ -555,7 +558,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, err := fmt.Errorf("unable to create partial chain control: %v", err) d.logger.Error(err) - return nil, nil, nil, err + return nil, nil, nil, nil, err } walletConfig := &btcwallet.Config{ @@ -580,12 +583,12 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context, walletConfig.CoinSelectionStrategy = wallet.CoinSelectionRandom default: - return nil, nil, nil, fmt.Errorf("unknown coin selection "+ + return nil, nil, nil, nil, fmt.Errorf("unknown coin selection "+ "strategy %v", d.cfg.CoinSelectionStrategy) } earlyExit = false - return partialChainControl, walletConfig, cleanUp, nil + return partialChainControl, walletConfig, cleanUp, adminMacBytes, nil } // BuildChainControl is responsible for creating a fully populated chain diff --git a/lnd.go b/lnd.go index 86ab9ab970..92359ca998 100644 --- a/lnd.go +++ b/lnd.go @@ -73,7 +73,9 @@ const ( // // NOTE: This should only be called after the RPCListener has signaled it is // ready. -func AdminAuthOptions(cfg *Config, skipMacaroons, insecure bool) ([]grpc.DialOption, error) { +func AdminAuthOptions(cfg *Config, skipMacaroons, insecure bool, + macBytes []byte) ([]grpc.DialOption, error) { + var ( creds credentials.TransportCredentials err error @@ -98,11 +100,14 @@ func AdminAuthOptions(cfg *Config, skipMacaroons, insecure bool) ([]grpc.DialOpt // Get the admin macaroon if macaroons are active. if !skipMacaroons && !cfg.NoMacaroons { - // Load the adming macaroon file. - macBytes, err := ioutil.ReadFile(cfg.AdminMacPath) - if err != nil { - return nil, fmt.Errorf("unable to read macaroon "+ - "path (check the network setting!): %v", err) + // If we sent the macaroon bytes, don't read it from disk. + if macBytes == nil { + // Load the adming macaroon file. + macBytes, err = ioutil.ReadFile(cfg.AdminMacPath) + if err != nil { + return nil, fmt.Errorf("unable to read macaroon "+ + "path (check the network setting!): %v", err) + } } mac := &macaroon.Macaroon{} @@ -386,7 +391,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, implCfg *ImplementationCfg, defer cleanUp() - partialChainControl, walletConfig, cleanUp, err := implCfg.BuildWalletConfig( + partialChainControl, walletConfig, cleanUp, mac, err := implCfg.BuildWalletConfig( ctx, dbs, interceptorChain, grpcListeners, ) if err != nil { @@ -671,7 +676,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, implCfg *ImplementationCfg, bestHeight) if cfg.SidecarAcceptor { - acceptor, err := StartSidecarAcceptor(cfg) + acceptor, err := StartSidecarAcceptor(cfg, mac) if err != nil { ltndLog.Error(err) return err diff --git a/start_sidecar.go b/start_sidecar.go index 624b162208..a8a62a6c52 100644 --- a/start_sidecar.go +++ b/start_sidecar.go @@ -2,6 +2,7 @@ package lnd import ( "context" + "encoding/hex" "errors" "fmt" "time" @@ -18,13 +19,13 @@ import ( "google.golang.org/grpc" ) -func StartSidecarAcceptor(cfg *Config) (*acceptor.SidecarAcceptor, error) { - opts, err := AdminAuthOptions(cfg, false, true) +func StartSidecarAcceptor(cfg *Config, macBytes []byte) (*acceptor.SidecarAcceptor, error) { + opts, err := AdminAuthOptions(cfg, false, true, macBytes) if err != nil { return nil, err } - host := cfg.RPCListeners[0].String() + host := "127.0.0.1:10009" conn, err := grpc.Dial(host, opts...) if err != nil { return nil, fmt.Errorf("unable to connect to RPC server: %v", err) @@ -42,7 +43,8 @@ func StartSidecarAcceptor(cfg *Config) (*acceptor.SidecarAcceptor, error) { LndAddress: host, Network: network, TLSPath: cfg.TLSCertPath, - CustomMacaroonPath: cfg.AdminMacPath, + Insecure: true, + CustomMacaroonHex: hex.EncodeToString(macBytes), BlockUntilChainSynced: false, BlockUntilUnlocked: true, CallerCtx: ctxc,