archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

tailcfg,ipn: add c2n endpoint for posture identity

Browse Source 
Updates #5902

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
pull/9665/head
Kristoffer Dalby 1 year ago committed by Kristoffer Dalby
parent 9593cd3871
commit b4e587c3bd
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File

32
ipn/ipnlocal/c2n.go
Unescape Escape View File

@ -24,6 +24,7 @@ import (
"tailscale.com/clientupdate" "tailscale.com/clientupdate"
"tailscale.com/envknob" "tailscale.com/envknob"
"tailscale.com/net/sockstats" "tailscale.com/net/sockstats"
"tailscale.com/posture"
"tailscale.com/tailcfg" "tailscale.com/tailcfg"
"tailscale.com/util/clientmetric" "tailscale.com/util/clientmetric"
"tailscale.com/util/goroutines" "tailscale.com/util/goroutines"
@ -67,6 +68,14 @@ func (b *LocalBackend) handleC2N(w http.ResponseWriter, r *http.Request) {
} else { } else {
http.Error(w, "no log flusher wired up", http.StatusInternalServerError) http.Error(w, "no log flusher wired up", http.StatusInternalServerError)
} }
case "/posture/identity":
switch r.Method {
case httpm.GET:
b.handleC2NPostureIdentityGet(w, r)
default:
http.Error(w, "bad method", http.StatusMethodNotAllowed)
return
}
case "/debug/goroutines": case "/debug/goroutines":
w.Header().Set("Content-Type", "text/plain") w.Header().Set("Content-Type", "text/plain")
w.Write(goroutines.ScrubbedGoroutineDump(true)) w.Write(goroutines.ScrubbedGoroutineDump(true))
@ -215,6 +224,29 @@ func (b *LocalBackend) handleC2NUpdatePost(w http.ResponseWriter, r *http.Reques
}() }()
} }
func (b *LocalBackend) handleC2NPostureIdentityGet(w http.ResponseWriter, r *http.Request) {
b.logf("c2n: GET /posture/identity received")
res := tailcfg.C2NPostureIdentityResponse{}
// TODO(kradalby): Use syspolicy + envknob to allow Win registry,
// macOS defaults and env to override this setting.
if b.Prefs().PostureChecking() {
sns, err := posture.GetSerialNumbers()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
res.SerialNumbers = sns
} else {
res.PostureDisabled = true
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(res)
}
func (b *LocalBackend) newC2NUpdateResponse() tailcfg.C2NUpdateResponse { func (b *LocalBackend) newC2NUpdateResponse() tailcfg.C2NUpdateResponse {
// If NewUpdater does not return an error, we can update the installation. // If NewUpdater does not return an error, we can update the installation.
// Exception: When version.IsMacSysExt returns true, we don't support that // Exception: When version.IsMacSysExt returns true, we don't support that

12
tailcfg/c2ntypes.go
Unescape Escape View File

@ -52,3 +52,15 @@ type C2NUpdateResponse struct {
// Started indicates whether the update has started. // Started indicates whether the update has started.
Started bool Started bool
} }
// C2NPostureIdentityResponse contains either a set of identifying serial number
// from the client or a boolean indicating that the machine has opted out of
// posture collection.
type C2NPostureIdentityResponse struct {
// SerialNumbers is a list of serial numbers of the client machine.
SerialNumbers []string `json:",omitempty"`
// PostureDisabled indicates if the machine has opted out of
// device posture collection.
PostureDisabled bool `json:",omitempty"`
}

Write Preview
Loading…
Cancel
Save