Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bake Macaroon root_key_id can't just be a positive number. #19

Open
CRex15 opened this issue Jun 1, 2023 · 3 comments
Open

Bake Macaroon root_key_id can't just be a positive number. #19

CRex15 opened this issue Jun 1, 2023 · 3 comments

Comments

@CRex15
Copy link
Contributor

CRex15 commented Jun 1, 2023

When trying to use a Macaroon generated by the BakeMacaroon API, failure can occur if using a root_key_id < 18441921392371827000 ([4]byte starting with {0xFF, 0xEE, 0xDD, 0xCC}).

When using a macaroon with permissions for Loop, Pool, Faraday, and Litd that was baked with a root_key_id matching the above condition, AND calling an rpc from these services, an error is returned: "proxy error with context {rpc service}: invalid macaroon: macaroon service not yet initialised". LND rpc services can still be used with this macaroon.

@guggero
Copy link
Member

guggero commented Jun 2, 2023

This is something specific to litd and I'm not sure we want to add litd specific comments in the lnd API docs.

Though I agree that we might need to document this better in https://github.com/lightninglabs/lightning-terminal.

The condition you mention: root_key_id < 18441921392371827000 ([4]byte starting with {0xFF, 0xEE, 0xDD, 0xCC}
This means a macaroon is NOT what we call a super macaroon (a super macaroon would be root_key_id >= 18441921392371827000. And in litd you can only have permissions for Loop, Pool, Faraday and Litd within a single macaroon if it is a super macaroon, otherwise it will treat it as a normal macaroon and go down a different code path which would explain the error message (which also hints at something not being fully started yet by the way).

So am I correct in assuming that you would like to have a documentation on how to bake a (super) macaroon that can be used for all RPCs bundled by litd?

@guggero
Copy link
Member

guggero commented Jun 2, 2023

Also see lightninglabs/lightning-terminal#568.

@CRex15
Copy link
Contributor Author

CRex15 commented Jun 2, 2023

Documentation on how to bake a super macaroon would be very helpful. Also, any description on the difference between macaroons would be great.
To be honest, I came across this issue without even knowing super macaroons existed. I was trying to get access to Loop and Faraday and just decided to bake a macaroon with permissions to all services. That's why I came across this error in the first place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants