multi: macaroon root key encryption

walletunlocker/service.go

@@ -5,10 +5,10 @@ import (
 
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/lnwallet/btcwallet"
+	"github.com/lightningnetwork/lnd/macaroons"
 	"github.com/roasbeef/btcd/chaincfg"
 	"github.com/roasbeef/btcwallet/wallet"
 	"golang.org/x/net/context"
-	"gopkg.in/macaroon-bakery.v2/bakery"
 )
 
 // UnlockerService implements the WalletUnlocker service used to provide lnd
@@ -26,10 +26,11 @@ type UnlockerService struct {
 
 	chainDir  string
 	netParams *chaincfg.Params
+	authSvc   *macaroons.Service
 }
 
 // New creates and returns a new UnlockerService.
-func New(authSvc *bakery.Bakery, chainDir string,
+func New(authSvc *macaroons.Service, chainDir string,
 	params *chaincfg.Params) *UnlockerService {
 	return &UnlockerService{
 		CreatePasswords: make(chan []byte, 1),
@@ -67,6 +68,15 @@ func (u *UnlockerService) CreateWallet(ctx context.Context,
 		return nil, fmt.Errorf("wallet already exists")
 	}
 
+	// Attempt to create a password for the macaroon service.
+	if u.authSvc != nil {
+		err = u.authSvc.CreateUnlock(&password)
+		if err != nil {
+			return nil, fmt.Errorf("unable to create/unlock "+
+				"macaroon store: %v", err)
+		}
+	}
+
 	// We send the password over the CreatePasswords channel, such that it
 	// can be used by lnd to open or create the wallet.
 	u.CreatePasswords <- password
@@ -109,6 +119,15 @@ func (u *UnlockerService) UnlockWallet(ctx context.Context,
 		return nil, err
 	}
 
+	// Attempt to create a password for the macaroon service.
+	if u.authSvc != nil {
+		err = u.authSvc.CreateUnlock(&in.Password)
+		if err != nil {
+			return nil, fmt.Errorf("unable to create/unlock "+
+				"macaroon store: %v", err)
+		}
+	}
+
 	// At this point we was able to open the existing wallet with the
 	// provided password. We send the password over the UnlockPasswords
 	// channel, such that it can be used by lnd to open the wallet.