Update dependencies

vendor/tailscale.com/posture/doc.go

@@ -0,0 +1,6 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package posture contains functions to query the local system
+// state for managed posture checks.
+package posture

vendor/tailscale.com/posture/hwaddr.go

@@ -0,0 +1,26 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package posture
+
+import (
+	"net/netip"
+	"slices"
+
+	"tailscale.com/net/netmon"
+)
+
+// GetHardwareAddrs returns the hardware addresses of all non-loopback
+// network interfaces.
+func GetHardwareAddrs() (hwaddrs []string, err error) {
+	err = netmon.ForeachInterface(func(i netmon.Interface, _ []netip.Prefix) {
+		if i.IsLoopback() {
+			return
+		}
+		if a := i.HardwareAddr.String(); a != "" {
+			hwaddrs = append(hwaddrs, a)
+		}
+	})
+	slices.Sort(hwaddrs)
+	return slices.Compact(hwaddrs), err
+}

vendor/tailscale.com/posture/serialnumber_ios.go

@@ -0,0 +1,25 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package posture
+
+import (
+	"fmt"
+
+	"tailscale.com/types/logger"
+	"tailscale.com/util/syspolicy"
+)
+
+// GetSerialNumbers returns the serial number of the iOS/tvOS device as reported by an
+// MDM solution. It requires configuration via the DeviceSerialNumber system policy.
+// This is the only way to gather serial numbers on iOS and tvOS.
+func GetSerialNumbers(_ logger.Logf) ([]string, error) {
+	s, err := syspolicy.GetString(syspolicy.DeviceSerialNumber, "")
+	if err != nil {
+		return nil, fmt.Errorf("failed to get serial number from MDM: %v", err)
+	}
+	if s != "" {
+		return []string{s}, nil
+	}
+	return nil, nil
+}

vendor/tailscale.com/posture/serialnumber_macos.go

@@ -0,0 +1,74 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build cgo && darwin && !ios
+
+package posture
+
+// #cgo LDFLAGS: -framework CoreFoundation -framework IOKit
+// #include <CoreFoundation/CoreFoundation.h>
+// #include <IOKit/IOKitLib.h>
+//
+// #if __MAC_OS_X_VERSION_MIN_REQUIRED < 120000
+// #define kIOMainPortDefault kIOMasterPortDefault
+// #endif
+//
+// const char *
+// getSerialNumber()
+// {
+//     CFMutableDictionaryRef matching = IOServiceMatching("IOPlatformExpertDevice");
+//     if (!matching) {
+//         return "err: failed to create dictionary to match IOServices";
+//     }
+//
+//     io_service_t service = IOServiceGetMatchingService(kIOMainPortDefault, matching);
+//     if (!service) {
+//         return "err: failed to look up registered IOService objects that match a matching dictionary";
+//     }
+//
+//     CFStringRef serialNumberRef = IORegistryEntryCreateCFProperty(
+//         service,
+//         CFSTR("IOPlatformSerialNumber"),
+//         kCFAllocatorDefault,
+//         0
+//     );
+//     if (!serialNumberRef) {
+//         return "err: failed to look up serial number in IORegistry";
+//     }
+//
+//     CFIndex length = CFStringGetLength(serialNumberRef);
+//     CFIndex max_size = CFStringGetMaximumSizeForEncoding(length, kCFStringEncodingUTF8) + 1;
+//     char *serialNumberBuf = (char *)malloc(max_size);
+//
+//     bool result = CFStringGetCString(serialNumberRef, serialNumberBuf, max_size, kCFStringEncodingUTF8);
+//
+//     CFRelease(serialNumberRef);
+//     IOObjectRelease(service);
+//
+//     if (!result) {
+//         free(serialNumberBuf);
+//
+//         return "err: failed to convert serial number reference to string";
+//     }
+//
+//     return serialNumberBuf;
+// }
+import "C"
+import (
+	"fmt"
+	"strings"
+
+	"tailscale.com/types/logger"
+)
+
+// GetSerialNumber returns the platform serial sumber as reported by IOKit.
+func GetSerialNumbers(_ logger.Logf) ([]string, error) {
+	csn := C.getSerialNumber()
+	serialNumber := C.GoString(csn)
+
+	if err, ok := strings.CutPrefix(serialNumber, "err: "); ok {
+		return nil, fmt.Errorf("failed to get serial number from IOKit: %s", err)
+	}
+
+	return []string{serialNumber}, nil
+}

vendor/tailscale.com/posture/serialnumber_notmacos.go

@@ -0,0 +1,102 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Build on Windows, Linux and *BSD
+
+//go:build windows || (linux && !android) || freebsd || openbsd || dragonfly || netbsd
+
+package posture
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/digitalocean/go-smbios/smbios"
+	"tailscale.com/types/logger"
+)
+
+// getByteFromSmbiosStructure retrieves a 8-bit unsigned integer at the given specOffset.
+func getByteFromSmbiosStructure(s *smbios.Structure, specOffset int) uint8 {
+	// the `Formatted` byte slice is missing the first 4 bytes of the structure that are stripped out as header info.
+	// so we need to subtract 4 from the offset mentioned in the SMBIOS documentation to get the right value.
+	index := specOffset - 4
+	if index >= len(s.Formatted) || index < 0 {
+		return 0
+	}
+
+	return s.Formatted[index]
+}
+
+// getStringFromSmbiosStructure retrieves a string at the given specOffset.
+// Returns an empty string if no string was present.
+func getStringFromSmbiosStructure(s *smbios.Structure, specOffset int) string {
+	index := getByteFromSmbiosStructure(s, specOffset)
+
+	if index == 0 || int(index) > len(s.Strings) {
+		return ""
+	}
+
+	str := s.Strings[index-1]
+	trimmed := strings.TrimSpace(str)
+
+	return trimmed
+}
+
+// Product Table (Type 1) structure
+// https://web.archive.org/web/20220126173219/https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.1.1.pdf
+// Page 34 and onwards.
+const (
+	// Serial is present at the same offset in all IDs
+	serialNumberOffset = 0x07
+
+	productID   = 1
+	baseboardID = 2
+	chassisID   = 3
+)
+
+var (
+	idToTableName = map[int]string{
+		1: "product",
+		2: "baseboard",
+		3: "chassis",
+	}
+	validTables []string
+	numOfTables int
+)
+
+func init() {
+	for _, table := range idToTableName {
+		validTables = append(validTables, table)
+	}
+	numOfTables = len(validTables)
+}
+
+func GetSerialNumbers(logf logger.Logf) ([]string, error) {
+	// Find SMBIOS data in operating system-specific location.
+	rc, _, err := smbios.Stream()
+	if err != nil {
+		return nil, fmt.Errorf("failed to open dmi/smbios stream: %w", err)
+	}
+	defer rc.Close()
+
+	// Decode SMBIOS structures from the stream.
+	d := smbios.NewDecoder(rc)
+	ss, err := d.Decode()
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode dmi/smbios structures: %w", err)
+	}
+
+	serials := make([]string, 0, numOfTables)
+
+	for _, s := range ss {
+		switch s.Header.Type {
+		case productID, baseboardID, chassisID:
+			serial := getStringFromSmbiosStructure(s, serialNumberOffset)
+
+			if serial != "" {
+				serials = append(serials, serial)
+			}
+		}
+	}
+	return serials, nil
+}

vendor/tailscale.com/posture/serialnumber_stub.go

@@ -0,0 +1,23 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// android: not implemented
+// js: not implemented
+// plan9: not implemented
+// solaris: currently unsupported by go-smbios:
+// https://github.com/digitalocean/go-smbios/pull/21
+
+//go:build android || solaris || plan9 || js || wasm || tamago || aix || (darwin && !cgo && !ios)
+
+package posture
+
+import (
+	"errors"
+
+	"tailscale.com/types/logger"
+)
+
+// GetSerialNumber returns client machine serial number(s).
+func GetSerialNumbers(_ logger.Logf) ([]string, error) {
+	return nil, errors.New("not implemented")
+}