From 0428731c670e267dd86dc42c16f32b5b690af8a4 Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Wed, 14 Jun 2023 20:15:15 +0200 Subject: [PATCH 1/6] litrpc+autopilotserverrpc: run make protos Regenerate the protos after the recent bump of the protobuf dependency. --- autopilotserverrpc/autopilotserver.pb.go | 2 +- litrpc/firewall.pb.go | 2 +- litrpc/lit-accounts.pb.go | 2 +- litrpc/lit-autopilot.pb.go | 2 +- litrpc/lit-sessions.pb.go | 2 +- litrpc/proxy.pb.go | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/autopilotserverrpc/autopilotserver.pb.go b/autopilotserverrpc/autopilotserver.pb.go index 30138ab8b..ae08d9d0b 100644 --- a/autopilotserverrpc/autopilotserver.pb.go +++ b/autopilotserverrpc/autopilotserver.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.6.1 // source: autopilotserver.proto diff --git a/litrpc/firewall.pb.go b/litrpc/firewall.pb.go index 9c04c5f6d..5a1e312ea 100644 --- a/litrpc/firewall.pb.go +++ b/litrpc/firewall.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.6.1 // source: firewall.proto diff --git a/litrpc/lit-accounts.pb.go b/litrpc/lit-accounts.pb.go index 564b03dab..a3aedfd9e 100644 --- a/litrpc/lit-accounts.pb.go +++ b/litrpc/lit-accounts.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.6.1 // source: lit-accounts.proto diff --git a/litrpc/lit-autopilot.pb.go b/litrpc/lit-autopilot.pb.go index 4a335b144..6b630e9dc 100644 --- a/litrpc/lit-autopilot.pb.go +++ b/litrpc/lit-autopilot.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.6.1 // source: lit-autopilot.proto diff --git a/litrpc/lit-sessions.pb.go b/litrpc/lit-sessions.pb.go index b7edfd6f9..bd8e26680 100644 --- a/litrpc/lit-sessions.pb.go +++ b/litrpc/lit-sessions.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.6.1 // source: lit-sessions.proto diff --git a/litrpc/proxy.pb.go b/litrpc/proxy.pb.go index 5f5151bbf..9c8b71dd6 100644 --- a/litrpc/proxy.pb.go +++ b/litrpc/proxy.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.6.1 // source: proxy.proto From c5dc10ccaba573d75cbddf9704a8fe925cce8610 Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Fri, 2 Jun 2023 10:18:18 +0200 Subject: [PATCH 2/6] cmd/litcli: add super macaroon helper commands In this commit, a `supermacrootkey` helper command is added which lets a user generate a random root key ID for a super macaroon along with an `issupermacaroon` command that allows a users to easily confirm if a macaroon is considered a super macaroon or not. Neither of these commands require a connection to LiTd. --- cmd/litcli/helpers.go | 125 ++++++++++++++++++++++++++++++++++++++++++ cmd/litcli/main.go | 1 + 2 files changed, 126 insertions(+) create mode 100644 cmd/litcli/helpers.go diff --git a/cmd/litcli/helpers.go b/cmd/litcli/helpers.go new file mode 100644 index 000000000..579245081 --- /dev/null +++ b/cmd/litcli/helpers.go @@ -0,0 +1,125 @@ +package main + +import ( + "bytes" + "crypto/rand" + "encoding/hex" + "encoding/json" + "os" + + "github.com/lightninglabs/lightning-terminal/session" + "github.com/urfave/cli" +) + +// helperCommands are commands that do not require a connection to LiTd to +// return a response. +var helperCommands = cli.Command{ + Name: "helper", + Usage: "helper commands", + Category: "Helper", + Subcommands: []cli.Command{ + generateSuperMacRootIDCmd, + isSuperMacaroonCmd, + }, +} + +// generateSuperMacRootIDCmd is a command that can be used to generate a root +// key ID for a super macaroon. A suffix may be specified. +var generateSuperMacRootIDCmd = cli.Command{ + Name: "supermacrootkey", + Usage: "Generate a valid super macaroon root key ID from scratch " + + "or from a given root key ID suffix", + Description: ` + This command can be used to generate a valid super macaroon root key ID + from scratch or from a given root key ID suffix. + `, + Action: superMacRootKey, + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "root_key_suffix", + Usage: "A 4-byte suffix to use in the construction " + + "of the root key ID. If not provided, then a " + + "random one will be generated. This must be " + + "specified as a hex string using a maximum of " + + "8 characters.", + }, + }, +} + +// superMacRootKey generates a super macaroon root key ID. +func superMacRootKey(ctx *cli.Context) error { + var suffix [4]byte + + if ctx.IsSet("root_key_suffix") { + suffixBytes, err := hex.DecodeString( + ctx.String("root_key_suffix"), + ) + if err != nil { + return err + } + + copy(suffix[:], suffixBytes) + } else { + _, err := rand.Read(suffix[:]) + if err != nil { + return err + } + } + + id := session.NewSuperMacaroonRootKeyID(suffix) + + printJSON(struct { + RootKeyID uint64 `json:"root_key_id"` + }{ + RootKeyID: id, + }) + + return nil +} + +// isSuperMacaronoCmd is a command that a user can run in order to check if +// a macaroon is a super macaroon. +var isSuperMacaroonCmd = cli.Command{ + Name: "issupermacaroon", + Usage: "Prints 'true' if the given macaroon is a super macaroon", + Description: ` + This command can be used to verify if a macaroon is considered a + super macaroon. + `, + Action: isSuperMacaroon, + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "mac", + Usage: "The hex-encoded macaroon", + Required: true, + }, + }, +} + +// isSuperMacaroon checks if the users given macaroon is considered a super +// macaroon. +func isSuperMacaroon(ctx *cli.Context) error { + isSuperMac := session.IsSuperMacaroon(ctx.String("mac")) + + printJSON(struct { + IsSuperMacaroon bool `json:"is_super_macaroon"` + }{ + IsSuperMacaroon: isSuperMac, + }) + + return nil +} + +// printJSON marshals the given interface as a json byte slice, formats it to +// use easy to read indentation and writes it as a string to standard out. +func printJSON(resp interface{}) { + b, err := json.Marshal(resp) + if err != nil { + fatal(err) + } + + var out bytes.Buffer + json.Indent(&out, b, "", "\t") + out.WriteString("\n") + out.WriteTo(os.Stdout) +} diff --git a/cmd/litcli/main.go b/cmd/litcli/main.go index 1bb599123..8c40775da 100644 --- a/cmd/litcli/main.go +++ b/cmd/litcli/main.go @@ -76,6 +76,7 @@ func main() { app.Commands = append(app.Commands, privacyMapCommands) app.Commands = append(app.Commands, autopilotCommands) app.Commands = append(app.Commands, litCommands...) + app.Commands = append(app.Commands, helperCommands) err := app.Run(os.Args) if err != nil { From 7f388959887a5b7e28e4182baf86423fcd8f0f42 Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Tue, 6 Jun 2023 17:02:05 +0200 Subject: [PATCH 3/6] litrpc: add BakeSuperMacaroon endpoint to the Proxy service --- litrpc/proxy.pb.go | 233 ++++++++++++++++++++++++++++++-------- litrpc/proxy.pb.gw.go | 81 +++++++++++++ litrpc/proxy.pb.json.go | 25 ++++ litrpc/proxy.proto | 20 ++++ litrpc/proxy.swagger.json | 52 +++++++++ litrpc/proxy.yaml | 3 + litrpc/proxy_grpc.pb.go | 42 +++++++ 7 files changed, 409 insertions(+), 47 deletions(-) diff --git a/litrpc/proxy.pb.go b/litrpc/proxy.pb.go index 9c8b71dd6..26a9cf0a5 100644 --- a/litrpc/proxy.pb.go +++ b/litrpc/proxy.pb.go @@ -20,6 +20,103 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type BakeSuperMacaroonRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The root key ID suffix is the 4-byte suffix of the root key ID that will + // be used to create the macaroon. + RootKeyIdSuffix uint32 `protobuf:"varint,1,opt,name=root_key_id_suffix,json=rootKeyIdSuffix,proto3" json:"root_key_id_suffix,omitempty"` +} + +func (x *BakeSuperMacaroonRequest) Reset() { + *x = BakeSuperMacaroonRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_proxy_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *BakeSuperMacaroonRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*BakeSuperMacaroonRequest) ProtoMessage() {} + +func (x *BakeSuperMacaroonRequest) ProtoReflect() protoreflect.Message { + mi := &file_proxy_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use BakeSuperMacaroonRequest.ProtoReflect.Descriptor instead. +func (*BakeSuperMacaroonRequest) Descriptor() ([]byte, []int) { + return file_proxy_proto_rawDescGZIP(), []int{0} +} + +func (x *BakeSuperMacaroonRequest) GetRootKeyIdSuffix() uint32 { + if x != nil { + return x.RootKeyIdSuffix + } + return 0 +} + +type BakeSuperMacaroonResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The hex encoded macaroon. + Macaroon string `protobuf:"bytes,1,opt,name=macaroon,proto3" json:"macaroon,omitempty"` +} + +func (x *BakeSuperMacaroonResponse) Reset() { + *x = BakeSuperMacaroonResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_proxy_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *BakeSuperMacaroonResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*BakeSuperMacaroonResponse) ProtoMessage() {} + +func (x *BakeSuperMacaroonResponse) ProtoReflect() protoreflect.Message { + mi := &file_proxy_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use BakeSuperMacaroonResponse.ProtoReflect.Descriptor instead. +func (*BakeSuperMacaroonResponse) Descriptor() ([]byte, []int) { + return file_proxy_proto_rawDescGZIP(), []int{1} +} + +func (x *BakeSuperMacaroonResponse) GetMacaroon() string { + if x != nil { + return x.Macaroon + } + return "" +} + type StopDaemonRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -29,7 +126,7 @@ type StopDaemonRequest struct { func (x *StopDaemonRequest) Reset() { *x = StopDaemonRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proxy_proto_msgTypes[0] + mi := &file_proxy_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -42,7 +139,7 @@ func (x *StopDaemonRequest) String() string { func (*StopDaemonRequest) ProtoMessage() {} func (x *StopDaemonRequest) ProtoReflect() protoreflect.Message { - mi := &file_proxy_proto_msgTypes[0] + mi := &file_proxy_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -55,7 +152,7 @@ func (x *StopDaemonRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use StopDaemonRequest.ProtoReflect.Descriptor instead. func (*StopDaemonRequest) Descriptor() ([]byte, []int) { - return file_proxy_proto_rawDescGZIP(), []int{0} + return file_proxy_proto_rawDescGZIP(), []int{2} } type StopDaemonResponse struct { @@ -67,7 +164,7 @@ type StopDaemonResponse struct { func (x *StopDaemonResponse) Reset() { *x = StopDaemonResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proxy_proto_msgTypes[1] + mi := &file_proxy_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -80,7 +177,7 @@ func (x *StopDaemonResponse) String() string { func (*StopDaemonResponse) ProtoMessage() {} func (x *StopDaemonResponse) ProtoReflect() protoreflect.Message { - mi := &file_proxy_proto_msgTypes[1] + mi := &file_proxy_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -93,7 +190,7 @@ func (x *StopDaemonResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use StopDaemonResponse.ProtoReflect.Descriptor instead. func (*StopDaemonResponse) Descriptor() ([]byte, []int) { - return file_proxy_proto_rawDescGZIP(), []int{1} + return file_proxy_proto_rawDescGZIP(), []int{3} } type GetInfoRequest struct { @@ -105,7 +202,7 @@ type GetInfoRequest struct { func (x *GetInfoRequest) Reset() { *x = GetInfoRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proxy_proto_msgTypes[2] + mi := &file_proxy_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -118,7 +215,7 @@ func (x *GetInfoRequest) String() string { func (*GetInfoRequest) ProtoMessage() {} func (x *GetInfoRequest) ProtoReflect() protoreflect.Message { - mi := &file_proxy_proto_msgTypes[2] + mi := &file_proxy_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -131,7 +228,7 @@ func (x *GetInfoRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetInfoRequest.ProtoReflect.Descriptor instead. func (*GetInfoRequest) Descriptor() ([]byte, []int) { - return file_proxy_proto_rawDescGZIP(), []int{2} + return file_proxy_proto_rawDescGZIP(), []int{4} } type GetInfoResponse struct { @@ -146,7 +243,7 @@ type GetInfoResponse struct { func (x *GetInfoResponse) Reset() { *x = GetInfoResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proxy_proto_msgTypes[3] + mi := &file_proxy_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -159,7 +256,7 @@ func (x *GetInfoResponse) String() string { func (*GetInfoResponse) ProtoMessage() {} func (x *GetInfoResponse) ProtoReflect() protoreflect.Message { - mi := &file_proxy_proto_msgTypes[3] + mi := &file_proxy_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -172,7 +269,7 @@ func (x *GetInfoResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetInfoResponse.ProtoReflect.Descriptor instead. func (*GetInfoResponse) Descriptor() ([]byte, []int) { - return file_proxy_proto_rawDescGZIP(), []int{3} + return file_proxy_proto_rawDescGZIP(), []int{5} } func (x *GetInfoResponse) GetVersion() string { @@ -186,26 +283,40 @@ var File_proxy_proto protoreflect.FileDescriptor var file_proxy_proto_rawDesc = []byte{ 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x6c, - 0x69, 0x74, 0x72, 0x70, 0x63, 0x22, 0x13, 0x0a, 0x11, 0x53, 0x74, 0x6f, 0x70, 0x44, 0x61, 0x65, - 0x6d, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x53, 0x74, - 0x6f, 0x70, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x10, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x22, 0x2b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x32, - 0x88, 0x01, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x3a, 0x0a, 0x07, 0x47, 0x65, 0x74, - 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x47, 0x65, - 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x6c, - 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x43, 0x0a, 0x0a, 0x53, 0x74, 0x6f, 0x70, 0x44, 0x61, 0x65, - 0x6d, 0x6f, 0x6e, 0x12, 0x19, 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x53, 0x74, 0x6f, - 0x70, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, - 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x53, 0x74, 0x6f, 0x70, 0x44, 0x61, 0x65, 0x6d, - 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x34, 0x5a, 0x32, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x6e, 0x69, - 0x6e, 0x67, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x6e, 0x69, 0x6e, 0x67, - 0x2d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x2f, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x69, 0x74, 0x72, 0x70, 0x63, 0x22, 0x47, 0x0a, 0x18, 0x42, 0x61, 0x6b, 0x65, 0x53, 0x75, 0x70, + 0x65, 0x72, 0x4d, 0x61, 0x63, 0x61, 0x72, 0x6f, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x2b, 0x0a, 0x12, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, + 0x5f, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x72, + 0x6f, 0x6f, 0x74, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x22, 0x37, + 0x0a, 0x19, 0x42, 0x61, 0x6b, 0x65, 0x53, 0x75, 0x70, 0x65, 0x72, 0x4d, 0x61, 0x63, 0x61, 0x72, + 0x6f, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x6d, + 0x61, 0x63, 0x61, 0x72, 0x6f, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6d, + 0x61, 0x63, 0x61, 0x72, 0x6f, 0x6f, 0x6e, 0x22, 0x13, 0x0a, 0x11, 0x53, 0x74, 0x6f, 0x70, 0x44, + 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x14, 0x0a, 0x12, + 0x53, 0x74, 0x6f, 0x70, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x10, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x22, 0x2b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x32, 0xe2, 0x01, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x3a, 0x0a, 0x07, 0x47, + 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, + 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, + 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x43, 0x0a, 0x0a, 0x53, 0x74, 0x6f, 0x70, 0x44, + 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x12, 0x19, 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x53, + 0x74, 0x6f, 0x70, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x1a, 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x53, 0x74, 0x6f, 0x70, 0x44, 0x61, + 0x65, 0x6d, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x58, 0x0a, 0x11, + 0x42, 0x61, 0x6b, 0x65, 0x53, 0x75, 0x70, 0x65, 0x72, 0x4d, 0x61, 0x63, 0x61, 0x72, 0x6f, 0x6f, + 0x6e, 0x12, 0x20, 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x42, 0x61, 0x6b, 0x65, 0x53, + 0x75, 0x70, 0x65, 0x72, 0x4d, 0x61, 0x63, 0x61, 0x72, 0x6f, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x42, 0x61, 0x6b, + 0x65, 0x53, 0x75, 0x70, 0x65, 0x72, 0x4d, 0x61, 0x63, 0x61, 0x72, 0x6f, 0x6f, 0x6e, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x34, 0x5a, 0x32, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x6e, 0x69, 0x6e, 0x67, 0x6c, 0x61, + 0x62, 0x73, 0x2f, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x6e, 0x69, 0x6e, 0x67, 0x2d, 0x74, 0x65, 0x72, + 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x2f, 0x6c, 0x69, 0x74, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -220,20 +331,24 @@ func file_proxy_proto_rawDescGZIP() []byte { return file_proxy_proto_rawDescData } -var file_proxy_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_proxy_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_proxy_proto_goTypes = []interface{}{ - (*StopDaemonRequest)(nil), // 0: litrpc.StopDaemonRequest - (*StopDaemonResponse)(nil), // 1: litrpc.StopDaemonResponse - (*GetInfoRequest)(nil), // 2: litrpc.GetInfoRequest - (*GetInfoResponse)(nil), // 3: litrpc.GetInfoResponse + (*BakeSuperMacaroonRequest)(nil), // 0: litrpc.BakeSuperMacaroonRequest + (*BakeSuperMacaroonResponse)(nil), // 1: litrpc.BakeSuperMacaroonResponse + (*StopDaemonRequest)(nil), // 2: litrpc.StopDaemonRequest + (*StopDaemonResponse)(nil), // 3: litrpc.StopDaemonResponse + (*GetInfoRequest)(nil), // 4: litrpc.GetInfoRequest + (*GetInfoResponse)(nil), // 5: litrpc.GetInfoResponse } var file_proxy_proto_depIdxs = []int32{ - 2, // 0: litrpc.Proxy.GetInfo:input_type -> litrpc.GetInfoRequest - 0, // 1: litrpc.Proxy.StopDaemon:input_type -> litrpc.StopDaemonRequest - 3, // 2: litrpc.Proxy.GetInfo:output_type -> litrpc.GetInfoResponse - 1, // 3: litrpc.Proxy.StopDaemon:output_type -> litrpc.StopDaemonResponse - 2, // [2:4] is the sub-list for method output_type - 0, // [0:2] is the sub-list for method input_type + 4, // 0: litrpc.Proxy.GetInfo:input_type -> litrpc.GetInfoRequest + 2, // 1: litrpc.Proxy.StopDaemon:input_type -> litrpc.StopDaemonRequest + 0, // 2: litrpc.Proxy.BakeSuperMacaroon:input_type -> litrpc.BakeSuperMacaroonRequest + 5, // 3: litrpc.Proxy.GetInfo:output_type -> litrpc.GetInfoResponse + 3, // 4: litrpc.Proxy.StopDaemon:output_type -> litrpc.StopDaemonResponse + 1, // 5: litrpc.Proxy.BakeSuperMacaroon:output_type -> litrpc.BakeSuperMacaroonResponse + 3, // [3:6] is the sub-list for method output_type + 0, // [0:3] is the sub-list for method input_type 0, // [0:0] is the sub-list for extension type_name 0, // [0:0] is the sub-list for extension extendee 0, // [0:0] is the sub-list for field type_name @@ -246,7 +361,7 @@ func file_proxy_proto_init() { } if !protoimpl.UnsafeEnabled { file_proxy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StopDaemonRequest); i { + switch v := v.(*BakeSuperMacaroonRequest); i { case 0: return &v.state case 1: @@ -258,7 +373,7 @@ func file_proxy_proto_init() { } } file_proxy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StopDaemonResponse); i { + switch v := v.(*BakeSuperMacaroonResponse); i { case 0: return &v.state case 1: @@ -270,7 +385,7 @@ func file_proxy_proto_init() { } } file_proxy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetInfoRequest); i { + switch v := v.(*StopDaemonRequest); i { case 0: return &v.state case 1: @@ -282,6 +397,30 @@ func file_proxy_proto_init() { } } file_proxy_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*StopDaemonResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proxy_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetInfoRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proxy_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetInfoResponse); i { case 0: return &v.state @@ -300,7 +439,7 @@ func file_proxy_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proxy_proto_rawDesc, NumEnums: 0, - NumMessages: 4, + NumMessages: 6, NumExtensions: 0, NumServices: 1, }, diff --git a/litrpc/proxy.pb.gw.go b/litrpc/proxy.pb.gw.go index 881e8d8dd..45e22b229 100644 --- a/litrpc/proxy.pb.gw.go +++ b/litrpc/proxy.pb.gw.go @@ -83,6 +83,40 @@ func local_request_Proxy_StopDaemon_0(ctx context.Context, marshaler runtime.Mar } +func request_Proxy_BakeSuperMacaroon_0(ctx context.Context, marshaler runtime.Marshaler, client ProxyClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq BakeSuperMacaroonRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.BakeSuperMacaroon(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_Proxy_BakeSuperMacaroon_0(ctx context.Context, marshaler runtime.Marshaler, server ProxyServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq BakeSuperMacaroonRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.BakeSuperMacaroon(ctx, &protoReq) + return msg, metadata, err + +} + // RegisterProxyHandlerServer registers the http handlers for service Proxy to "mux". // UnaryRPC :call ProxyServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -135,6 +169,29 @@ func RegisterProxyHandlerServer(ctx context.Context, mux *runtime.ServeMux, serv }) + mux.Handle("POST", pattern_Proxy_BakeSuperMacaroon_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/litrpc.Proxy/BakeSuperMacaroon", runtime.WithHTTPPathPattern("/v1/proxy/supermacaroon")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Proxy_BakeSuperMacaroon_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Proxy_BakeSuperMacaroon_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -216,6 +273,26 @@ func RegisterProxyHandlerClient(ctx context.Context, mux *runtime.ServeMux, clie }) + mux.Handle("POST", pattern_Proxy_BakeSuperMacaroon_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req, "/litrpc.Proxy/BakeSuperMacaroon", runtime.WithHTTPPathPattern("/v1/proxy/supermacaroon")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_Proxy_BakeSuperMacaroon_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Proxy_BakeSuperMacaroon_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -223,10 +300,14 @@ var ( pattern_Proxy_GetInfo_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "proxy", "info"}, "")) pattern_Proxy_StopDaemon_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "proxy", "stop"}, "")) + + pattern_Proxy_BakeSuperMacaroon_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "proxy", "supermacaroon"}, "")) ) var ( forward_Proxy_GetInfo_0 = runtime.ForwardResponseMessage forward_Proxy_StopDaemon_0 = runtime.ForwardResponseMessage + + forward_Proxy_BakeSuperMacaroon_0 = runtime.ForwardResponseMessage ) diff --git a/litrpc/proxy.pb.json.go b/litrpc/proxy.pb.json.go index 2d1d1281c..3c9c2b749 100644 --- a/litrpc/proxy.pb.json.go +++ b/litrpc/proxy.pb.json.go @@ -70,4 +70,29 @@ func RegisterProxyJSONCallbacks(registry map[string]func(ctx context.Context, } callback(string(respBytes), nil) } + + registry["litrpc.Proxy.BakeSuperMacaroon"] = func(ctx context.Context, + conn *grpc.ClientConn, reqJSON string, callback func(string, error)) { + + req := &BakeSuperMacaroonRequest{} + err := marshaler.Unmarshal([]byte(reqJSON), req) + if err != nil { + callback("", err) + return + } + + client := NewProxyClient(conn) + resp, err := client.BakeSuperMacaroon(ctx, req) + if err != nil { + callback("", err) + return + } + + respBytes, err := marshaler.Marshal(resp) + if err != nil { + callback("", err) + return + } + callback(string(respBytes), nil) + } } diff --git a/litrpc/proxy.proto b/litrpc/proxy.proto index a764b825d..503989a6f 100644 --- a/litrpc/proxy.proto +++ b/litrpc/proxy.proto @@ -15,6 +15,26 @@ service Proxy { triggering a graceful shutdown of the daemon. */ rpc StopDaemon (StopDaemonRequest) returns (StopDaemonResponse); + + /* litcli: `bakesupermacaroon` + BakeSuperMacaroon bakes a new macaroon that includes permissions for + all the active daemons that LiT is connected to. + */ + rpc BakeSuperMacaroon (BakeSuperMacaroonRequest) + returns (BakeSuperMacaroonResponse); +} + +message BakeSuperMacaroonRequest { + /* + The root key ID suffix is the 4-byte suffix of the root key ID that will + be used to create the macaroon. + */ + uint32 root_key_id_suffix = 1; +} + +message BakeSuperMacaroonResponse { + // The hex encoded macaroon. + string macaroon = 1; } message StopDaemonRequest { diff --git a/litrpc/proxy.swagger.json b/litrpc/proxy.swagger.json index e896663c3..4952d9332 100644 --- a/litrpc/proxy.swagger.json +++ b/litrpc/proxy.swagger.json @@ -71,9 +71,61 @@ "Proxy" ] } + }, + "/v1/proxy/supermacaroon": { + "post": { + "summary": "litcli: `bakesupermacaroon`\nBakeSuperMacaroon bakes a new macaroon that includes permissions for\nall the active daemons that LiT is connected to.", + "operationId": "Proxy_BakeSuperMacaroon", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/litrpcBakeSuperMacaroonResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/litrpcBakeSuperMacaroonRequest" + } + } + ], + "tags": [ + "Proxy" + ] + } } }, "definitions": { + "litrpcBakeSuperMacaroonRequest": { + "type": "object", + "properties": { + "root_key_id_suffix": { + "type": "integer", + "format": "int64", + "description": "The root key ID suffix is the 4-byte suffix of the root key ID that will\nbe used to create the macaroon." + } + } + }, + "litrpcBakeSuperMacaroonResponse": { + "type": "object", + "properties": { + "macaroon": { + "type": "string", + "description": "The hex encoded macaroon." + } + } + }, "litrpcGetInfoResponse": { "type": "object", "properties": { diff --git a/litrpc/proxy.yaml b/litrpc/proxy.yaml index 7df903700..8b5ac76d0 100644 --- a/litrpc/proxy.yaml +++ b/litrpc/proxy.yaml @@ -10,3 +10,6 @@ http: body: "*" - selector: litrpc.Proxy.GetInfo get: "/v1/proxy/info" + - selector: litrpc.Proxy.BakeSuperMacaroon + post: "/v1/proxy/supermacaroon" + body: "*" diff --git a/litrpc/proxy_grpc.pb.go b/litrpc/proxy_grpc.pb.go index 401a0525c..ae77be1b7 100644 --- a/litrpc/proxy_grpc.pb.go +++ b/litrpc/proxy_grpc.pb.go @@ -25,6 +25,10 @@ type ProxyClient interface { // StopDaemon will send a shutdown request to the interrupt handler, // triggering a graceful shutdown of the daemon. StopDaemon(ctx context.Context, in *StopDaemonRequest, opts ...grpc.CallOption) (*StopDaemonResponse, error) + // litcli: `bakesupermacaroon` + // BakeSuperMacaroon bakes a new macaroon that includes permissions for + // all the active daemons that LiT is connected to. + BakeSuperMacaroon(ctx context.Context, in *BakeSuperMacaroonRequest, opts ...grpc.CallOption) (*BakeSuperMacaroonResponse, error) } type proxyClient struct { @@ -53,6 +57,15 @@ func (c *proxyClient) StopDaemon(ctx context.Context, in *StopDaemonRequest, opt return out, nil } +func (c *proxyClient) BakeSuperMacaroon(ctx context.Context, in *BakeSuperMacaroonRequest, opts ...grpc.CallOption) (*BakeSuperMacaroonResponse, error) { + out := new(BakeSuperMacaroonResponse) + err := c.cc.Invoke(ctx, "/litrpc.Proxy/BakeSuperMacaroon", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // ProxyServer is the server API for Proxy service. // All implementations must embed UnimplementedProxyServer // for forward compatibility @@ -64,6 +77,10 @@ type ProxyServer interface { // StopDaemon will send a shutdown request to the interrupt handler, // triggering a graceful shutdown of the daemon. StopDaemon(context.Context, *StopDaemonRequest) (*StopDaemonResponse, error) + // litcli: `bakesupermacaroon` + // BakeSuperMacaroon bakes a new macaroon that includes permissions for + // all the active daemons that LiT is connected to. + BakeSuperMacaroon(context.Context, *BakeSuperMacaroonRequest) (*BakeSuperMacaroonResponse, error) mustEmbedUnimplementedProxyServer() } @@ -77,6 +94,9 @@ func (UnimplementedProxyServer) GetInfo(context.Context, *GetInfoRequest) (*GetI func (UnimplementedProxyServer) StopDaemon(context.Context, *StopDaemonRequest) (*StopDaemonResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method StopDaemon not implemented") } +func (UnimplementedProxyServer) BakeSuperMacaroon(context.Context, *BakeSuperMacaroonRequest) (*BakeSuperMacaroonResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method BakeSuperMacaroon not implemented") +} func (UnimplementedProxyServer) mustEmbedUnimplementedProxyServer() {} // UnsafeProxyServer may be embedded to opt out of forward compatibility for this service. @@ -126,6 +146,24 @@ func _Proxy_StopDaemon_Handler(srv interface{}, ctx context.Context, dec func(in return interceptor(ctx, in, info, handler) } +func _Proxy_BakeSuperMacaroon_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(BakeSuperMacaroonRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ProxyServer).BakeSuperMacaroon(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/litrpc.Proxy/BakeSuperMacaroon", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ProxyServer).BakeSuperMacaroon(ctx, req.(*BakeSuperMacaroonRequest)) + } + return interceptor(ctx, in, info, handler) +} + // Proxy_ServiceDesc is the grpc.ServiceDesc for Proxy service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -141,6 +179,10 @@ var Proxy_ServiceDesc = grpc.ServiceDesc{ MethodName: "StopDaemon", Handler: _Proxy_StopDaemon_Handler, }, + { + MethodName: "BakeSuperMacaroon", + Handler: _Proxy_BakeSuperMacaroon_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "proxy.proto", From 29b11261b9fc5888f468d244433bd7c680307693 Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Tue, 6 Jun 2023 17:02:23 +0200 Subject: [PATCH 4/6] multi: implement BakeSuperMacaroon method --- perms/permissions.go | 4 ++++ rpc_proxy.go | 32 +++++++++++++++++++++++++++++++- terminal.go | 19 ++++++++++++++++++- 3 files changed, 53 insertions(+), 2 deletions(-) diff --git a/perms/permissions.go b/perms/permissions.go index d953f5ffd..f945f26e9 100644 --- a/perms/permissions.go +++ b/perms/permissions.go @@ -68,6 +68,10 @@ var ( Entity: "proxy", Action: "read", }}, + "/litrpc.Proxy/BakeSuperMacaroon": {{ + Entity: "supermacaroon", + Action: "write", + }}, } // whiteListedLNDMethods is a map of all lnd RPC methods that don't diff --git a/rpc_proxy.go b/rpc_proxy.go index 54f35b32c..92da84747 100644 --- a/rpc_proxy.go +++ b/rpc_proxy.go @@ -157,6 +157,8 @@ type rpcProxy struct { permsMgr *perms.Manager subServerMgr *subservers.Manager + bakeSuperMac bakeSuperMac + macValidator macaroons.MacaroonValidator superMacValidator session.SuperMacaroonValidator @@ -168,9 +170,15 @@ type rpcProxy struct { grpcWebProxy *grpcweb.WrappedGrpcServer } +// bakeSuperMac can be used to bake a new super macaroon. +type bakeSuperMac func(ctx context.Context, rootKeyID uint32) (string, error) + // Start creates initial connection to lnd. -func (p *rpcProxy) Start(lndConn *grpc.ClientConn) error { +func (p *rpcProxy) Start(lndConn *grpc.ClientConn, + bakeSuperMac bakeSuperMac) error { + p.lndConn = lndConn + p.bakeSuperMac = bakeSuperMac atomic.CompareAndSwapInt32(&p.started, 0, 1) @@ -215,6 +223,28 @@ func (p *rpcProxy) GetInfo(_ context.Context, _ *litrpc.GetInfoRequest) ( }, nil } +// BakeSuperMacaroon bakes a new macaroon that includes permissions for +// all the active daemons that LiT is connected to. +// +// NOTE: this is part of the litrpc.ProxyServiceServer interface. +func (p *rpcProxy) BakeSuperMacaroon(ctx context.Context, + req *litrpc.BakeSuperMacaroonRequest) ( + *litrpc.BakeSuperMacaroonResponse, error) { + + if !p.hasStarted() { + return nil, ErrWaitingToStart + } + + superMac, err := p.bakeSuperMac(ctx, req.RootKeyIdSuffix) + if err != nil { + return nil, err + } + + return &litrpc.BakeSuperMacaroonResponse{ + Macaroon: superMac, + }, nil +} + // isHandling checks if the specified request is something to be handled by lnd // or any of the attached sub daemons. If true is returned, the call was handled // by the RPC proxy and the caller MUST NOT handle it again. If false is diff --git a/terminal.go b/terminal.go index fccd6b410..cea739f4c 100644 --- a/terminal.go +++ b/terminal.go @@ -4,6 +4,7 @@ import ( "context" "crypto/tls" "embed" + "encoding/binary" "encoding/hex" "errors" "fmt" @@ -496,9 +497,25 @@ func (g *LightningTerminal) start() error { err) } + // bakeSuperMac is a closure that can be used to bake a new super + // macaroon that contains all active permissions. + bakeSuperMac := func(ctx context.Context, rootKeyIDSuffix uint32) ( + string, error) { + + var suffixBytes [4]byte + binary.BigEndian.PutUint32(suffixBytes[:], rootKeyIDSuffix) + + rootKeyID := session.NewSuperMacaroonRootKeyID(suffixBytes) + + return BakeSuperMacaroon( + ctx, g.basicClient, rootKeyID, + g.permsMgr.ActivePermissions(false), nil, + ) + } + // Now start the RPC proxy that will handle all incoming gRPC, grpc-web // and REST requests. - if err := g.rpcProxy.Start(g.lndConn); err != nil { + if err := g.rpcProxy.Start(g.lndConn, bakeSuperMac); err != nil { return fmt.Errorf("error starting lnd gRPC proxy server: %v", err) } From ec77c5483dd6f66fb1b8d7513500961fe5bcbd35 Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Wed, 14 Jun 2023 21:01:31 +0200 Subject: [PATCH 5/6] cmd/litcli: add bakesupermacaroon command --- cmd/litcli/proxy.go | 88 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/cmd/litcli/proxy.go b/cmd/litcli/proxy.go index 43aa5249f..4fc165be6 100644 --- a/cmd/litcli/proxy.go +++ b/cmd/litcli/proxy.go @@ -2,9 +2,14 @@ package main import ( "context" + "crypto/rand" + "encoding/binary" + "encoding/hex" "fmt" + "os" "github.com/lightninglabs/lightning-terminal/litrpc" + "github.com/lightningnetwork/lnd/lncfg" "github.com/urfave/cli" ) @@ -22,6 +27,29 @@ var litCommands = []cli.Command{ Category: "LiT", Action: getInfo, }, + { + Name: "bakesupermacaroon", + Usage: "Bake a new super macaroon with all of LiT's active " + + "permissions.", + Category: "LiT", + Action: bakeSuperMacaroon, + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "root_key_suffix", + Usage: "A 4-byte suffix to use in the " + + "construction of the root key ID. " + + "If not provided, then a random one " + + "will be generated. This must be " + + "specified as a hex string using a " + + "maximum of 8 characters.", + }, + cli.StringFlag{ + Name: "save_to", + Usage: "save returned admin macaroon to " + + "this file", + }, + }, + }, } func getInfo(ctx *cli.Context) error { @@ -61,3 +89,63 @@ func shutdownLit(ctx *cli.Context) error { return nil } + +func bakeSuperMacaroon(ctx *cli.Context) error { + var suffixBytes [4]byte + if ctx.IsSet("root_key_suffix") { + suffixHex, err := hex.DecodeString( + ctx.String("root_key_suffix"), + ) + if err != nil { + return err + } + + copy(suffixBytes[:], suffixHex) + } else { + _, err := rand.Read(suffixBytes[:]) + if err != nil { + return err + } + } + suffix := binary.BigEndian.Uint32(suffixBytes[:]) + + clientConn, cleanup, err := connectClient(ctx) + if err != nil { + return err + } + defer cleanup() + client := litrpc.NewProxyClient(clientConn) + + ctxb := context.Background() + resp, err := client.BakeSuperMacaroon( + ctxb, &litrpc.BakeSuperMacaroonRequest{ + RootKeyIdSuffix: suffix, + }, + ) + if err != nil { + return err + } + + // If the user specified the optional --save_to parameter, we'll save + // the macaroon to that file. + if ctx.IsSet("save_to") { + macSavePath := lncfg.CleanAndExpandPath(ctx.String("save_to")) + superMacBytes, err := hex.DecodeString(resp.Macaroon) + if err != nil { + return err + } + + err = os.WriteFile(macSavePath, superMacBytes, 0644) + if err != nil { + _ = os.Remove(macSavePath) + return err + } + fmt.Printf("Super macaroon saved to %s\n", macSavePath) + + return nil + } + + printRespJSON(resp) + + return nil +} From 2f6defe2fd1447a8ff8b1e94ce192583973c2feb Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Wed, 14 Jun 2023 21:22:29 +0200 Subject: [PATCH 6/6] app+proto: run make protos --- app/src/types/generated/proxy_pb.d.ts | 40 +++ app/src/types/generated/proxy_pb.js | 286 ++++++++++++++++++ app/src/types/generated/proxy_pb_service.d.ts | 19 ++ app/src/types/generated/proxy_pb_service.js | 40 +++ proto/proxy.proto | 20 ++ 5 files changed, 405 insertions(+) diff --git a/app/src/types/generated/proxy_pb.d.ts b/app/src/types/generated/proxy_pb.d.ts index be730dc96..4399a2954 100644 --- a/app/src/types/generated/proxy_pb.d.ts +++ b/app/src/types/generated/proxy_pb.d.ts @@ -3,6 +3,46 @@ import * as jspb from "google-protobuf"; +export class BakeSuperMacaroonRequest extends jspb.Message { + getRootKeyIdSuffix(): number; + setRootKeyIdSuffix(value: number): void; + + serializeBinary(): Uint8Array; + toObject(includeInstance?: boolean): BakeSuperMacaroonRequest.AsObject; + static toObject(includeInstance: boolean, msg: BakeSuperMacaroonRequest): BakeSuperMacaroonRequest.AsObject; + static extensions: {[key: number]: jspb.ExtensionFieldInfo}; + static extensionsBinary: {[key: number]: jspb.ExtensionFieldBinaryInfo}; + static serializeBinaryToWriter(message: BakeSuperMacaroonRequest, writer: jspb.BinaryWriter): void; + static deserializeBinary(bytes: Uint8Array): BakeSuperMacaroonRequest; + static deserializeBinaryFromReader(message: BakeSuperMacaroonRequest, reader: jspb.BinaryReader): BakeSuperMacaroonRequest; +} + +export namespace BakeSuperMacaroonRequest { + export type AsObject = { + rootKeyIdSuffix: number, + } +} + +export class BakeSuperMacaroonResponse extends jspb.Message { + getMacaroon(): string; + setMacaroon(value: string): void; + + serializeBinary(): Uint8Array; + toObject(includeInstance?: boolean): BakeSuperMacaroonResponse.AsObject; + static toObject(includeInstance: boolean, msg: BakeSuperMacaroonResponse): BakeSuperMacaroonResponse.AsObject; + static extensions: {[key: number]: jspb.ExtensionFieldInfo}; + static extensionsBinary: {[key: number]: jspb.ExtensionFieldBinaryInfo}; + static serializeBinaryToWriter(message: BakeSuperMacaroonResponse, writer: jspb.BinaryWriter): void; + static deserializeBinary(bytes: Uint8Array): BakeSuperMacaroonResponse; + static deserializeBinaryFromReader(message: BakeSuperMacaroonResponse, reader: jspb.BinaryReader): BakeSuperMacaroonResponse; +} + +export namespace BakeSuperMacaroonResponse { + export type AsObject = { + macaroon: string, + } +} + export class StopDaemonRequest extends jspb.Message { serializeBinary(): Uint8Array; toObject(includeInstance?: boolean): StopDaemonRequest.AsObject; diff --git a/app/src/types/generated/proxy_pb.js b/app/src/types/generated/proxy_pb.js index 1aa1c6d25..3aa964de7 100644 --- a/app/src/types/generated/proxy_pb.js +++ b/app/src/types/generated/proxy_pb.js @@ -14,11 +14,297 @@ var jspb = require('google-protobuf'); var goog = jspb; var global = Function('return this')(); +goog.exportSymbol('proto.litrpc.BakeSuperMacaroonRequest', null, global); +goog.exportSymbol('proto.litrpc.BakeSuperMacaroonResponse', null, global); goog.exportSymbol('proto.litrpc.GetInfoRequest', null, global); goog.exportSymbol('proto.litrpc.GetInfoResponse', null, global); goog.exportSymbol('proto.litrpc.StopDaemonRequest', null, global); goog.exportSymbol('proto.litrpc.StopDaemonResponse', null, global); +/** + * Generated by JsPbCodeGenerator. + * @param {Array=} opt_data Optional initial data array, typically from a + * server response, or constructed directly in Javascript. The array is used + * in place and becomes part of the constructed object. It is not cloned. + * If no data is provided, the constructed object will be empty, but still + * valid. + * @extends {jspb.Message} + * @constructor + */ +proto.litrpc.BakeSuperMacaroonRequest = function(opt_data) { + jspb.Message.initialize(this, opt_data, 0, -1, null, null); +}; +goog.inherits(proto.litrpc.BakeSuperMacaroonRequest, jspb.Message); +if (goog.DEBUG && !COMPILED) { + proto.litrpc.BakeSuperMacaroonRequest.displayName = 'proto.litrpc.BakeSuperMacaroonRequest'; +} + + +if (jspb.Message.GENERATE_TO_OBJECT) { +/** + * Creates an object representation of this proto suitable for use in Soy templates. + * Field names that are reserved in JavaScript and will be renamed to pb_name. + * To access a reserved field use, foo.pb_, eg, foo.pb_default. + * For the list of reserved names please see: + * com.google.apps.jspb.JsClassTemplate.JS_RESERVED_WORDS. + * @param {boolean=} opt_includeInstance Whether to include the JSPB instance + * for transitional soy proto support: http://goto/soy-param-migration + * @return {!Object} + */ +proto.litrpc.BakeSuperMacaroonRequest.prototype.toObject = function(opt_includeInstance) { + return proto.litrpc.BakeSuperMacaroonRequest.toObject(opt_includeInstance, this); +}; + + +/** + * Static version of the {@see toObject} method. + * @param {boolean|undefined} includeInstance Whether to include the JSPB + * instance for transitional soy proto support: + * http://goto/soy-param-migration + * @param {!proto.litrpc.BakeSuperMacaroonRequest} msg The msg instance to transform. + * @return {!Object} + * @suppress {unusedLocalVariables} f is only used for nested messages + */ +proto.litrpc.BakeSuperMacaroonRequest.toObject = function(includeInstance, msg) { + var f, obj = { + rootKeyIdSuffix: jspb.Message.getFieldWithDefault(msg, 1, 0) + }; + + if (includeInstance) { + obj.$jspbMessageInstance = msg; + } + return obj; +}; +} + + +/** + * Deserializes binary data (in protobuf wire format). + * @param {jspb.ByteSource} bytes The bytes to deserialize. + * @return {!proto.litrpc.BakeSuperMacaroonRequest} + */ +proto.litrpc.BakeSuperMacaroonRequest.deserializeBinary = function(bytes) { + var reader = new jspb.BinaryReader(bytes); + var msg = new proto.litrpc.BakeSuperMacaroonRequest; + return proto.litrpc.BakeSuperMacaroonRequest.deserializeBinaryFromReader(msg, reader); +}; + + +/** + * Deserializes binary data (in protobuf wire format) from the + * given reader into the given message object. + * @param {!proto.litrpc.BakeSuperMacaroonRequest} msg The message object to deserialize into. + * @param {!jspb.BinaryReader} reader The BinaryReader to use. + * @return {!proto.litrpc.BakeSuperMacaroonRequest} + */ +proto.litrpc.BakeSuperMacaroonRequest.deserializeBinaryFromReader = function(msg, reader) { + while (reader.nextField()) { + if (reader.isEndGroup()) { + break; + } + var field = reader.getFieldNumber(); + switch (field) { + case 1: + var value = /** @type {number} */ (reader.readUint32()); + msg.setRootKeyIdSuffix(value); + break; + default: + reader.skipField(); + break; + } + } + return msg; +}; + + +/** + * Serializes the message to binary data (in protobuf wire format). + * @return {!Uint8Array} + */ +proto.litrpc.BakeSuperMacaroonRequest.prototype.serializeBinary = function() { + var writer = new jspb.BinaryWriter(); + proto.litrpc.BakeSuperMacaroonRequest.serializeBinaryToWriter(this, writer); + return writer.getResultBuffer(); +}; + + +/** + * Serializes the given message to binary data (in protobuf wire + * format), writing to the given BinaryWriter. + * @param {!proto.litrpc.BakeSuperMacaroonRequest} message + * @param {!jspb.BinaryWriter} writer + * @suppress {unusedLocalVariables} f is only used for nested messages + */ +proto.litrpc.BakeSuperMacaroonRequest.serializeBinaryToWriter = function(message, writer) { + var f = undefined; + f = message.getRootKeyIdSuffix(); + if (f !== 0) { + writer.writeUint32( + 1, + f + ); + } +}; + + +/** + * optional uint32 root_key_id_suffix = 1; + * @return {number} + */ +proto.litrpc.BakeSuperMacaroonRequest.prototype.getRootKeyIdSuffix = function() { + return /** @type {number} */ (jspb.Message.getFieldWithDefault(this, 1, 0)); +}; + + +/** @param {number} value */ +proto.litrpc.BakeSuperMacaroonRequest.prototype.setRootKeyIdSuffix = function(value) { + jspb.Message.setProto3IntField(this, 1, value); +}; + + + +/** + * Generated by JsPbCodeGenerator. + * @param {Array=} opt_data Optional initial data array, typically from a + * server response, or constructed directly in Javascript. The array is used + * in place and becomes part of the constructed object. It is not cloned. + * If no data is provided, the constructed object will be empty, but still + * valid. + * @extends {jspb.Message} + * @constructor + */ +proto.litrpc.BakeSuperMacaroonResponse = function(opt_data) { + jspb.Message.initialize(this, opt_data, 0, -1, null, null); +}; +goog.inherits(proto.litrpc.BakeSuperMacaroonResponse, jspb.Message); +if (goog.DEBUG && !COMPILED) { + proto.litrpc.BakeSuperMacaroonResponse.displayName = 'proto.litrpc.BakeSuperMacaroonResponse'; +} + + +if (jspb.Message.GENERATE_TO_OBJECT) { +/** + * Creates an object representation of this proto suitable for use in Soy templates. + * Field names that are reserved in JavaScript and will be renamed to pb_name. + * To access a reserved field use, foo.pb_, eg, foo.pb_default. + * For the list of reserved names please see: + * com.google.apps.jspb.JsClassTemplate.JS_RESERVED_WORDS. + * @param {boolean=} opt_includeInstance Whether to include the JSPB instance + * for transitional soy proto support: http://goto/soy-param-migration + * @return {!Object} + */ +proto.litrpc.BakeSuperMacaroonResponse.prototype.toObject = function(opt_includeInstance) { + return proto.litrpc.BakeSuperMacaroonResponse.toObject(opt_includeInstance, this); +}; + + +/** + * Static version of the {@see toObject} method. + * @param {boolean|undefined} includeInstance Whether to include the JSPB + * instance for transitional soy proto support: + * http://goto/soy-param-migration + * @param {!proto.litrpc.BakeSuperMacaroonResponse} msg The msg instance to transform. + * @return {!Object} + * @suppress {unusedLocalVariables} f is only used for nested messages + */ +proto.litrpc.BakeSuperMacaroonResponse.toObject = function(includeInstance, msg) { + var f, obj = { + macaroon: jspb.Message.getFieldWithDefault(msg, 1, "") + }; + + if (includeInstance) { + obj.$jspbMessageInstance = msg; + } + return obj; +}; +} + + +/** + * Deserializes binary data (in protobuf wire format). + * @param {jspb.ByteSource} bytes The bytes to deserialize. + * @return {!proto.litrpc.BakeSuperMacaroonResponse} + */ +proto.litrpc.BakeSuperMacaroonResponse.deserializeBinary = function(bytes) { + var reader = new jspb.BinaryReader(bytes); + var msg = new proto.litrpc.BakeSuperMacaroonResponse; + return proto.litrpc.BakeSuperMacaroonResponse.deserializeBinaryFromReader(msg, reader); +}; + + +/** + * Deserializes binary data (in protobuf wire format) from the + * given reader into the given message object. + * @param {!proto.litrpc.BakeSuperMacaroonResponse} msg The message object to deserialize into. + * @param {!jspb.BinaryReader} reader The BinaryReader to use. + * @return {!proto.litrpc.BakeSuperMacaroonResponse} + */ +proto.litrpc.BakeSuperMacaroonResponse.deserializeBinaryFromReader = function(msg, reader) { + while (reader.nextField()) { + if (reader.isEndGroup()) { + break; + } + var field = reader.getFieldNumber(); + switch (field) { + case 1: + var value = /** @type {string} */ (reader.readString()); + msg.setMacaroon(value); + break; + default: + reader.skipField(); + break; + } + } + return msg; +}; + + +/** + * Serializes the message to binary data (in protobuf wire format). + * @return {!Uint8Array} + */ +proto.litrpc.BakeSuperMacaroonResponse.prototype.serializeBinary = function() { + var writer = new jspb.BinaryWriter(); + proto.litrpc.BakeSuperMacaroonResponse.serializeBinaryToWriter(this, writer); + return writer.getResultBuffer(); +}; + + +/** + * Serializes the given message to binary data (in protobuf wire + * format), writing to the given BinaryWriter. + * @param {!proto.litrpc.BakeSuperMacaroonResponse} message + * @param {!jspb.BinaryWriter} writer + * @suppress {unusedLocalVariables} f is only used for nested messages + */ +proto.litrpc.BakeSuperMacaroonResponse.serializeBinaryToWriter = function(message, writer) { + var f = undefined; + f = message.getMacaroon(); + if (f.length > 0) { + writer.writeString( + 1, + f + ); + } +}; + + +/** + * optional string macaroon = 1; + * @return {string} + */ +proto.litrpc.BakeSuperMacaroonResponse.prototype.getMacaroon = function() { + return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 1, "")); +}; + + +/** @param {string} value */ +proto.litrpc.BakeSuperMacaroonResponse.prototype.setMacaroon = function(value) { + jspb.Message.setProto3StringField(this, 1, value); +}; + + + /** * Generated by JsPbCodeGenerator. * @param {Array=} opt_data Optional initial data array, typically from a diff --git a/app/src/types/generated/proxy_pb_service.d.ts b/app/src/types/generated/proxy_pb_service.d.ts index e99a4bc85..f9787859c 100644 --- a/app/src/types/generated/proxy_pb_service.d.ts +++ b/app/src/types/generated/proxy_pb_service.d.ts @@ -22,10 +22,20 @@ type ProxyStopDaemon = { readonly responseType: typeof proxy_pb.StopDaemonResponse; }; +type ProxyBakeSuperMacaroon = { + readonly methodName: string; + readonly service: typeof Proxy; + readonly requestStream: false; + readonly responseStream: false; + readonly requestType: typeof proxy_pb.BakeSuperMacaroonRequest; + readonly responseType: typeof proxy_pb.BakeSuperMacaroonResponse; +}; + export class Proxy { static readonly serviceName: string; static readonly GetInfo: ProxyGetInfo; static readonly StopDaemon: ProxyStopDaemon; + static readonly BakeSuperMacaroon: ProxyBakeSuperMacaroon; } export type ServiceError = { message: string, code: number; metadata: grpc.Metadata } @@ -78,5 +88,14 @@ export class ProxyClient { requestMessage: proxy_pb.StopDaemonRequest, callback: (error: ServiceError|null, responseMessage: proxy_pb.StopDaemonResponse|null) => void ): UnaryResponse; + bakeSuperMacaroon( + requestMessage: proxy_pb.BakeSuperMacaroonRequest, + metadata: grpc.Metadata, + callback: (error: ServiceError|null, responseMessage: proxy_pb.BakeSuperMacaroonResponse|null) => void + ): UnaryResponse; + bakeSuperMacaroon( + requestMessage: proxy_pb.BakeSuperMacaroonRequest, + callback: (error: ServiceError|null, responseMessage: proxy_pb.BakeSuperMacaroonResponse|null) => void + ): UnaryResponse; } diff --git a/app/src/types/generated/proxy_pb_service.js b/app/src/types/generated/proxy_pb_service.js index f0dea8e5a..00d6168d8 100644 --- a/app/src/types/generated/proxy_pb_service.js +++ b/app/src/types/generated/proxy_pb_service.js @@ -28,6 +28,15 @@ Proxy.StopDaemon = { responseType: proxy_pb.StopDaemonResponse }; +Proxy.BakeSuperMacaroon = { + methodName: "BakeSuperMacaroon", + service: Proxy, + requestStream: false, + responseStream: false, + requestType: proxy_pb.BakeSuperMacaroonRequest, + responseType: proxy_pb.BakeSuperMacaroonResponse +}; + exports.Proxy = Proxy; function ProxyClient(serviceHost, options) { @@ -97,5 +106,36 @@ ProxyClient.prototype.stopDaemon = function stopDaemon(requestMessage, metadata, }; }; +ProxyClient.prototype.bakeSuperMacaroon = function bakeSuperMacaroon(requestMessage, metadata, callback) { + if (arguments.length === 2) { + callback = arguments[1]; + } + var client = grpc.unary(Proxy.BakeSuperMacaroon, { + request: requestMessage, + host: this.serviceHost, + metadata: metadata, + transport: this.options.transport, + debug: this.options.debug, + onEnd: function (response) { + if (callback) { + if (response.status !== grpc.Code.OK) { + var err = new Error(response.statusMessage); + err.code = response.status; + err.metadata = response.trailers; + callback(err, null); + } else { + callback(null, response.message); + } + } + } + }); + return { + cancel: function () { + callback = null; + client.close(); + } + }; +}; + exports.ProxyClient = ProxyClient; diff --git a/proto/proxy.proto b/proto/proxy.proto index a764b825d..503989a6f 100644 --- a/proto/proxy.proto +++ b/proto/proxy.proto @@ -15,6 +15,26 @@ service Proxy { triggering a graceful shutdown of the daemon. */ rpc StopDaemon (StopDaemonRequest) returns (StopDaemonResponse); + + /* litcli: `bakesupermacaroon` + BakeSuperMacaroon bakes a new macaroon that includes permissions for + all the active daemons that LiT is connected to. + */ + rpc BakeSuperMacaroon (BakeSuperMacaroonRequest) + returns (BakeSuperMacaroonResponse); +} + +message BakeSuperMacaroonRequest { + /* + The root key ID suffix is the 4-byte suffix of the root key ID that will + be used to create the macaroon. + */ + uint32 root_key_id_suffix = 1; +} + +message BakeSuperMacaroonResponse { + // The hex encoded macaroon. + string macaroon = 1; } message StopDaemonRequest {