summaryrefslogtreecommitdiffhomepage
path: root/posture
AgeCommit message (Collapse)AuthorFilesLines
2025-09-01util/syspolicy/policyclient: add policyclient.Client interface, start plumbingBrad Fitzpatrick7-9/+15
This is step 2 of ~4, breaking up #14720 into reviewable chunks, with the aim to make syspolicy be a build-time configurable feature. Step 1 was #16984. In this second step, the util/syspolicy/policyclient package is added with the policyclient.Client interface. This is the interface that's always present (regardless of build tags), and is what code around the tree uses to ask syspolicy/MDM questions. There are two implementations of policyclient.Client for now: 1) NoPolicyClient, which only returns default values. 2) the unexported, temporary 'globalSyspolicy', which is implemented in terms of the global functions we wish to later eliminate. This then starts to plumb around the policyclient.Client to most callers. Future changes will plumb it more. When the last of the global func callers are gone, then we can unexport the global functions and make a proper policyclient.Client type and constructor in the syspolicy package, removing the globalSyspolicy impl out of tsd. The final change will sprinkle build tags in a few more places and lock it in with dependency tests to make sure the dependencies don't later creep back in. Updates #16998 Updates #12614 Change-Id: Ib2c93d15c15c1f2b981464099177cd492d50391c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-31util/syspolicy/*: move syspolicy keys to new const leaf "pkey" packageBrad Fitzpatrick1-1/+2
This is step 1 of ~3, breaking up #14720 into reviewable chunks, with the aim to make syspolicy be a build-time configurable feature. In this first (very noisy) step, all the syspolicy string key constants move to a new constant-only (code-free) package. This will make future steps more reviewable, without this movement noise. There are no code or behavior changes here. The future steps of this series can be seen in #14720: removing global funcs from syspolicy resolution and using an interface that's plumbed around instead. Then adding build tags. Updates #12614 Change-Id: If73bf2c28b9c9b1a408fe868b0b6a25b03eeabd1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-06-03posture: propagate serial number from MDM on AndroidAnton Tolchanov2-4/+5
Updates #16010 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-09-04control/controlclient,posture,util/syspolicy: use predefined syspolicy keys ↵Nick Khyl1-1/+1
instead of string literals With the upcoming syspolicy changes, it's imperative that all syspolicy keys are defined in the syspolicy package for proper registration. Otherwise, the corresponding policy settings will not be read. This updates a couple of places where we still use string literals rather than syspolicy consts. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2024-08-30posture: stop logging serial numbersAnton Tolchanov1-3/+0
Logging serial numbers every time they are read might have been useful early on, but seems unnecessary now. Updates #5902 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-16posture: deduplicate MAC addresses before returning themAnton Tolchanov1-1/+1
Some machines have multiple network interfaces with the same MAC address. Updates tailscale/corp#21371 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-07-10posture: add network hardware addresses to posture identityAnton Tolchanov1-0/+26
If an optional `hwaddrs` URL parameter is present, add network interface hardware addresses to the posture identity response. Just like with serial numbers, this requires client opt-in via MDM or `tailscale set --posture-checking=true` (https://tailscale.com/kb/1326/device-identity) Updates tailscale/corp#21371 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-07-10all: add test for package comments, fix, add comments as neededBrad Fitzpatrick1-0/+6
Updates #cleanup Change-Id: Ic4304e909d2131a95a38b26911f49e7b1729aaef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-06-14xcode/iOS: support serial number collection via MDM on iOS (#11429)Andrea Gottardo2-2/+26
Fixes tailscale/corp#18366. This PR provides serial number collection on iOS, by allowing system administrators to pass a `DeviceSerialNumber` MDM key which can be read by the `posture` package in Go. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
2024-04-13cmd/tailscaled, net/tstun: build for aix/ppc64Brad Fitzpatrick1-1/+1
At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-12-07ci: run 'go vet' in golangci-lint; fix errors in testsAndrew Dunham1-1/+1
Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ice78fc907bad24c1de749a1595e212ef2db4b8bb
2023-12-05all: fix nilness issuesMatt Layher1-7/+1
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2023-11-15adjust build tags for tamagoAndrea Barisani1-1/+1
Signed-off-by: Andrea Barisani <andrea@inversepath.com>
2023-11-13posture: ignore not found serial errorsKristoffer Dalby1-39/+7
Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-10-09posture: add get serial support for macOSKristoffer Dalby3-3/+114
Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-10-09posture: add get serial support for Windows/LinuxKristoffer Dalby4-2/+212
This commit adds support for getting serial numbers from SMBIOS on Windows/Linux (and BSD) using go-smbios. Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-10-09posture: add get serial stub for all platformsKristoffer Dalby1-0/+11
Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.