|
|
|
@ -24,6 +24,7 @@ import (
|
|
|
|
"tailscale.com/clientupdate"
|
|
|
|
"tailscale.com/clientupdate"
|
|
|
|
"tailscale.com/envknob"
|
|
|
|
"tailscale.com/envknob"
|
|
|
|
"tailscale.com/net/sockstats"
|
|
|
|
"tailscale.com/net/sockstats"
|
|
|
|
|
|
|
|
"tailscale.com/posture"
|
|
|
|
"tailscale.com/tailcfg"
|
|
|
|
"tailscale.com/tailcfg"
|
|
|
|
"tailscale.com/util/clientmetric"
|
|
|
|
"tailscale.com/util/clientmetric"
|
|
|
|
"tailscale.com/util/goroutines"
|
|
|
|
"tailscale.com/util/goroutines"
|
|
|
|
@ -67,6 +68,14 @@ func (b *LocalBackend) handleC2N(w http.ResponseWriter, r *http.Request) {
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
http.Error(w, "no log flusher wired up", http.StatusInternalServerError)
|
|
|
|
http.Error(w, "no log flusher wired up", http.StatusInternalServerError)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
case "/posture/identity":
|
|
|
|
|
|
|
|
switch r.Method {
|
|
|
|
|
|
|
|
case httpm.GET:
|
|
|
|
|
|
|
|
b.handleC2NPostureIdentityGet(w, r)
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
|
|
|
http.Error(w, "bad method", http.StatusMethodNotAllowed)
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
}
|
|
|
|
case "/debug/goroutines":
|
|
|
|
case "/debug/goroutines":
|
|
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
|
|
w.Write(goroutines.ScrubbedGoroutineDump(true))
|
|
|
|
w.Write(goroutines.ScrubbedGoroutineDump(true))
|
|
|
|
@ -215,6 +224,29 @@ func (b *LocalBackend) handleC2NUpdatePost(w http.ResponseWriter, r *http.Reques
|
|
|
|
}()
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func (b *LocalBackend) handleC2NPostureIdentityGet(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
b.logf("c2n: GET /posture/identity received")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
res := tailcfg.C2NPostureIdentityResponse{}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// TODO(kradalby): Use syspolicy + envknob to allow Win registry,
|
|
|
|
|
|
|
|
// macOS defaults and env to override this setting.
|
|
|
|
|
|
|
|
if b.Prefs().PostureChecking() {
|
|
|
|
|
|
|
|
sns, err := posture.GetSerialNumbers()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
res.SerialNumbers = sns
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
res.PostureDisabled = true
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
json.NewEncoder(w).Encode(res)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (b *LocalBackend) newC2NUpdateResponse() tailcfg.C2NUpdateResponse {
|
|
|
|
func (b *LocalBackend) newC2NUpdateResponse() tailcfg.C2NUpdateResponse {
|
|
|
|
// If NewUpdater does not return an error, we can update the installation.
|
|
|
|
// If NewUpdater does not return an error, we can update the installation.
|
|
|
|
// Exception: When version.IsMacSysExt returns true, we don't support that
|
|
|
|
// Exception: When version.IsMacSysExt returns true, we don't support that
|
|
|
|
|
Kristoffer Dalby
1 year ago
committed by