Commit Graph

20 Commits

Author SHA1 Message Date
Olaoluwa Osuntokun
9287b755d8
macaroons: reject unknown macaroon versions
We've only ever made macaroons with the v2 versions, so we should
explicitly reject those that aren't actually v2. We add a basic test
along the way, and also add a similar check for the version encoded in
the macaroon ID.
2023-10-31 13:23:50 -07:00
Eng Zer Jun
1133643927
macaroons: replace defer cleanup with t.Cleanup
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-10-13 17:47:03 +08:00
Eng Zer Jun
f3dec8fbb0
macarooons: use T.TempDir to create temporary test directory
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-08-24 09:03:05 +08:00
Olaoluwa Osuntokun
e073b1d343
macaroons: futher abstract NewService from root key store impl
In this commit, we modify the `macaroons.NewService` consturctor to
accept the main interface rather than the raw DB. This allows us to use
other backends other than bolt or the kvdb interface to store the
macaroon root keys.

We also create a new ExtendedRootKeyStore interface that implements some
of the more advanced features we use such as macaroon encryption and
password rotation.
2022-07-06 18:59:50 -07:00
Tommy Volk
9a10c80bcb multi: move many t.Fatalf calls to require.NoError 2022-06-17 04:26:55 +00:00
Oliver Gugger
045765111a
multi: use safe copy for macaroons
Fixes #4383 by adding a new SafeCopyMacaroon function that correctly
clones all caveats and prevents modifications on the copy from affecting
the original.
2021-09-20 13:05:46 +02:00
Oliver Gugger
f7b17df452
multi: make macaroon DB remote compatible
The macaroon root keys should also be stored to the remote database if a
replicated backend such as etcd is used.
This commit refactors the macaroons service and wallet unlocker to
accept a kvdb backend directly instead of creating the bolt instance
automatically.
2021-08-04 14:55:52 +02:00
Andras Banki-Horvath
14c851c8fc
kvdb: move channeldb/kvdb to top level 2021-05-07 14:18:56 +02:00
Yong
582b164c46
kvdb: add timeout options for bbolt (#4787)
* mod: bump btcwallet version to accept db timeout

* btcwallet: add DBTimeOut in config

* kvdb: add database timeout option for bbolt

This commit adds a DBTimeout option in bbolt config. The relevant
functions walletdb.Open/Create are updated to use this config. In
addition, the bolt compacter also applies the new timeout option.

* channeldb: add DBTimeout in db options

This commit adds the DBTimeout option for channeldb. A new unit
test file is created to test the default options. In addition,
the params used in kvdb.Create inside channeldb_test is updated
with a DefaultDBTimeout value.

* contractcourt+routing: use DBTimeout in kvdb

This commit touches multiple test files in contractcourt and routing.
The call of function kvdb.Create and kvdb.Open are now updated with
the new param DBTimeout, using the default value kvdb.DefaultDBTimeout.

* lncfg: add DBTimeout option in db config

The DBTimeout option is added to db config. A new unit test is
added to check the default DB config is created as expected.

* migration: add DBTimeout param in kvdb.Create/kvdb.Open

* keychain: update tests to use DBTimeout param

* htlcswitch+chainreg: add DBTimeout option

* macaroons: support DBTimeout config in creation

This commit adds the DBTimeout during the creation of macaroons.db.
The usage of kvdb.Create and kvdb.Open in its tests are updated with
a timeout value using kvdb.DefaultDBTimeout.

* walletunlocker: add dbTimeout option in UnlockerService

This commit adds a new param, dbTimeout, during the creation of
UnlockerService. This param is then passed to wallet.NewLoader
inside various service calls, specifying a timeout value to be
used when opening the bbolt. In addition, the macaroonService
is also called with this dbTimeout param.

* watchtower/wtdb: add dbTimeout param during creation

This commit adds the dbTimeout param for the creation of both
watchtower.db and wtclient.db.

* multi: add db timeout param for walletdb.Create

This commit adds the db timeout param for the function call
walletdb.Create. It touches only the test files found in chainntnfs,
lnwallet, and routing.

* lnd: pass DBTimeout config to relevant services

This commit enables lnd to pass the DBTimeout config to the following
services/config/functions,
  - chainControlConfig
  - walletunlocker
  - wallet.NewLoader
  - macaroons
  - watchtower
In addition, the usage of wallet.Create is updated too.

* sample-config: add dbtimeout option
2020-12-07 15:31:49 -08:00
Oliver Gugger
294cb4a966
macaroons: remember stateless init
To make sure no macaroons are created anywhere if the stateless
initialization was requested, we keep the requested initialization mode
in the memory of the macaroon service.
2020-11-07 11:24:33 +01:00
Oliver Gugger
d4c4cf01f0
lnd+macaroons: specify location when creating macaroon service
To allow the macaroon service to be used in other projects, we want the
location to be passed in as a parameter instead of being hard coded.
2020-09-10 10:24:08 +02:00
Oliver Gugger
6d201ef4fc
macaroons: add special permission entity for URI specific permissions
To make the permission system even more fine-grained, we want to allow
users to specify exact gRPC URIs in the macaroon permissions instead of
just broad entity/action groups.
For this we add the special entity "uri" which allows an URI specific
permission to be defined as "uri:/lnrpc.Lightning/GetInfo" for example
instead of the more coarse "info:read" which gives access to multiple
URIs.
2020-09-04 09:22:35 +02:00
yyforyongyu
f362f7670b
macaroons: specify root key ID in bakery 2020-08-11 19:17:48 +08:00
Olaoluwa Osuntokun
852b2380a9
macaroons: convert to use new kvdb abstraction 2020-03-18 19:35:04 -07:00
Lars Lehtonen
3587325438
macaroons: drop unused variables in tests
macaroons: defer service.Close() after error check in tests

macaroons: linter requires that nil contexts are changed to context.TODO()
2019-10-11 09:39:11 -07:00
Lars Lehtonen
3b29ecb921 routing: Fix dropped errors in tests.
lnd: Fix dropped errors in tests.

contractcourt: Fix dropped errors in tests.

htlcswitch: Fix dropped errors in tests.

invoices: Fix dropped error in tests.

lnwallet: Fix dropped errors in tests.

macaroons: Fix dropped error in tests.
2019-09-13 06:28:05 +00:00
Olaoluwa Osuntokun
1fd3aac925
multi: switch from bolt packge to bbolt package for all imports 2018-11-29 20:33:49 -08:00
Conner Fromknecht
1ded697e8d
multi: sort import paths with gofmt 2018-08-02 18:20:49 -07:00
Oliver Gugger
f22b0ccdbc macaroons: fix incorrect comparison in isRegistered, wrap long lines 2018-05-18 10:14:06 +02:00
Oliver Gugger
8e4e2bd889 macaroons: add tests for service and constraints 2018-05-18 10:08:05 +02:00