From b6c24da1f268ede719b59d12e7bf9fe6455ca854 Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Mon, 24 Aug 2020 14:43:03 +0100
Subject: [PATCH] lnd.creds: add groups and check for all macaroons

---
 home.admin/config.scripts/lnd.credentials.sh | 69 ++++++++++++++++----
 1 file changed, 55 insertions(+), 14 deletions(-)

diff --git a/home.admin/config.scripts/lnd.credentials.sh b/home.admin/config.scripts/lnd.credentials.sh
index effe40817..99f01362b 100755
--- a/home.admin/config.scripts/lnd.credentials.sh
+++ b/home.admin/config.scripts/lnd.credentials.sh
@@ -3,7 +3,7 @@
 # command info
 if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
   echo "tool to reset or sync credentials (e.g. macaroons)"
-  echo "lnd.credentials.sh [reset|sync] [?tls|macaroons]"
+  echo "lnd.credentials.sh [reset|sync|check] [?tls|macaroons|keepold]"
   exit 1
 fi
 
@@ -59,6 +59,23 @@ function copy_mac_set_perms() {
   sudo /bin/chmod --silent 640 /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${file_name}"
 }
 
+function check_macaroons() {
+macaroons="admin.macaroon invoice.macaroon readonly.macaroon invoices.macaroon chainnotifier.macaroon signer.macaroon  walletkit.macaroon router.macaroon"
+missing=0
+for macaroon in $macaroons
+do
+  local file_name=${macaroon}
+  local n=${1:-bitcoin} # the network (e.g. bitcoin or litecoin) defaults to bitcoin
+  local c=${2:-main}    # the chain (e.g. main, test, sim, reg) defaults to main (for mainnet)
+  if [ ! -f /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${macaroon}" ]; then
+    missing=$(($missing + 1))
+    echo "# ${macaroon} is missing ($missing)"
+  else
+    echo "# ${macaroon} is present"
+  fi
+done
+}
+
 ###########################
 # RESET Macaroons and TLS
 ###########################
@@ -78,18 +95,28 @@ if [ "$1" = "reset" ]; then
     resetMacaroons=0
   fi
   if [ "$2" == "macaroons" ]; then
-    echo "# just resetting Macaroons"
+    echo "# just resetting macaroons"
     resetTLS=0
     resetMacaroons=1
+    keepOldMacaroons=0
   fi
-  
+  if [ "$2" == "keepold" ]; then
+    echo "# add the missing default macaroons without deauthenticating the old ones"
+    resetTLS=0
+    resetMacaroons=1
+    keepOldMacaroons=1
+  fi
+
+
   if [ ${resetMacaroons} -eq 1 ]; then
     echo "## Resetting Macaroons"
     echo "# all your macaroons get deleted and recreated"
     cd || exit
     sudo find /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
     sudo find /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
-    sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
+    if [ ${keepOldMacaroons} -eq 0 ]; then
+      sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
+    fi
   fi
 
   if [ ${resetTLS} -eq 1 ]; then
@@ -126,20 +153,25 @@ elif [ "$1" = "sync" ]; then
   echo "# make sure LND app-data directories exist"
   sudo /bin/mkdir --mode 0755 --parents /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/
 
+  echo `# make sure all user groups exit for default macaroons`
+  sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
+  sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
+  sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
+  sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
+  sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
+  sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
+  sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
+  sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
+
   echo "# copy macaroons to central app-data directory and ensure unix ownerships and permissions"
   copy_mac_set_perms admin.macaroon lndadmin "${network}" "${chain}"
-  copy_mac_set_perms invoice.macaroon lndadmin "${network}" "${chain}"
-  copy_mac_set_perms invoices.macaroon lndadmin "${network}" "${chain}"
-  copy_mac_set_perms readonly.macaroon lndadmin "${network}" "${chain}"
-  copy_mac_set_perms chainnotifier.macaroon lndadmin "${network}" "${chain}"
-  copy_mac_set_perms signer.macaroon lndadmin "${network}" "${chain}"
-  copy_mac_set_perms walletkit.macaroon lndadmin "${network}" "${chain}"
-  copy_mac_set_perms router.macaroon lndadmin "${network}" "${chain}"
-
   copy_mac_set_perms invoice.macaroon lndinvoice "${network}" "${chain}"
-  copy_mac_set_perms invoices.macaroon lndinvoice "${network}" "${chain}"
-  
   copy_mac_set_perms readonly.macaroon lndreadonly "${network}" "${chain}"
+  copy_mac_set_perms invoices.macaroon lndinvoices "${network}" "${chain}"
+  copy_mac_set_perms chainnotifier.macaroon lndchainnotifier "${network}" "${chain}"
+  copy_mac_set_perms signer.macaroon lndsigner "${network}" "${chain}"
+  copy_mac_set_perms walletkit.macaroon lndwalletkit "${network}" "${chain}"
+  copy_mac_set_perms router.macaroon lndrouter "${network}" "${chain}"
 
   echo "# make sure admin has a symlink at ~/.lnd to /mnt/hdd/app-data/lnd/"
   if ! [[ -L "/home/admin/.lnd" ]]; then
@@ -177,6 +209,15 @@ elif [ "$1" = "sync" ]; then
     sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
   fi
   
+###########################
+# Check Macaroons and fix missing
+###########################
+elif [ "$1" = "check" ]; then
+  check_macaroons ${network} ${chain}
+  if [ $missing -gt 0 ]; then
+    /home/admin/config.scrips/lnd.creds.sh reset keepold
+  fi
+
 ###########################
 # UNKNOWN
 ###########################