[2/3] loopd: add macaroon authentication to the loop RPC server #281
Conversation
Seems to be the case as per 3ad4cd9. |
|
Yes, the dependent PRs are both candidates for |
carlaKC
left a comment
carlaKC
left a comment
There was a problem hiding this comment.
Awesome to have thins functionality added to loop 🎉
No major questions, since a lot of this is copied from lnd, just some nits from my first pass. Will do some testing for this as well.
Perhaps also update the README since we're going to enable by default?
guggero
changed the title
joostjager
left a comment
joostjager
left a comment
There was a problem hiding this comment.
Tested and works. Was just wondering how I can verify that it is now actually using TLS?
|
I addressed all comments and also added a short section about TLS and macaroons to the README. @joostjager you can verify if TLS is enabled by using |
guggero
force-pushed
the
macaroons
branch
2 times, most recently
from
9b99779 to
9d78ec2
Compare
loopd/daemon.go
Outdated
| // Next, start the gRPC server listening for HTTP/2 connections. | ||
| log.Infof("Starting gRPC listener") | ||
| d.grpcListener, err = d.listenerCfg.grpcListener() | ||
| d.grpcListener, err = d.listenerCfg.grpcListener(nil) |
There was a problem hiding this comment.
If it crashes with nil, this isn't a working commit and possibly a sign that it should be squashed with another one. But non-blocking.
With grub, a comment like this isn't relevant anymore, because even for compile-time deps we need to wait for a release? |
guggero
changed the title
guggero
changed the title
guggero
force-pushed
the
macaroons
branch
3 times, most recently
from
404420c to
e365c4a
Compare
We have to wait for a release (of lnd and loop that is) in LiT. But we can merge this PR as soon as the dependent PRs are merged to master. That's the main difference between an RPC and compile time dep IMO. |
|
But won't your compile-time required code disappear when loop is embedded in grub and the dependency is overriden with the last release 0.11.0? This PR would block other features from being included in LiT that are merged after this PR but before the 0.11.1 release? |
We update to the newest version of lnd so we can use the updated macaroon service. NOTE: This is a compile time dependency update only, no RPC level update is required.
To secure access to loop's RPC server, we add a macaroon authentication service and its gRPC interceptors to the daemon's server connection.
When loopd runs in the same process as lnd (in LiT), it hooks itself into lnd's RPC server as an external subserver. But because the user should still be able to use the default loop macaroon, the loop daemon must be able to validate its own macaroons as lnd's macaroon service doesn't know the root key for it.
|
Awesome! @guggero do you have a LN donation page? Would like to send you a tip for doing this. :) |
|
Thanks for the feedback, I'm happy to hear this is useful! No need for a tip though, I am getting paid to work on these projects ;-) |
4 participants
Fixes #194.
Depends on lightningnetwork/lnd#4464 (and indirectly on lightningnetwork/lnd#4463).
With this PR we first secure the loop daemon's RPC connection by encrypting the transmitted data with TLS.
Next we add macaroon authentication to the RPC to be able to restrict access to authorized users only.
With these two features enabled by default, the loop RPC port can be opened to the internet because unauthorized access is no longer possible.
By default only one macaroon is created for loop and stored in a file called
~/.loop/<network>/loop.macaroon.To give users the ability to fully customize their access with custom macaroons, the two functionalities--> Split this part off into its own PR: #285BakeMacaroonandListPermissionsare copied fromlndand added to both the RPC and command line.