From 9d2b1820f177eb96fa74206d0e10443b0cd064cf Mon Sep 17 00:00:00 2001 From: Andrea Gottardo Date: Mon, 19 Aug 2024 23:49:33 -0700 Subject: [PATCH] ipnlocal: support setting authkey at login using syspolicy (#13061) Updates tailscale/corp#22120 Adds the ability to start the backend by reading an authkey stored in the syspolicy database (MDM). This is useful for devices that are provisioned in an unattended fashion. Signed-off-by: Andrea Gottardo --- ipn/ipnlocal/local.go | 8 ++++++++ util/syspolicy/policy_keys.go | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index 3da12d7cc..6d3f40f20 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -1868,6 +1868,14 @@ func (b *LocalBackend) Start(opts ipn.Options) error { opts.AuthKey = v } + if b.state != ipn.Running && b.conf == nil && opts.AuthKey == "" { + sysak, _ := syspolicy.GetString(syspolicy.AuthKey, "") + if sysak != "" { + b.logf("Start: setting opts.AuthKey by syspolicy, len=%v", len(sysak)) + opts.AuthKey = strings.TrimSpace(sysak) + } + } + hostinfo := hostinfo.New() applyConfigToHostinfo(hostinfo, b.conf) hostinfo.BackendLogID = b.backendLogID.String() diff --git a/util/syspolicy/policy_keys.go b/util/syspolicy/policy_keys.go index a88025205..1aa137386 100644 --- a/util/syspolicy/policy_keys.go +++ b/util/syspolicy/policy_keys.go @@ -94,6 +94,10 @@ const ( // organization. A button in the client UI provides easy access to this URL. ManagedByURL Key = "ManagedByURL" + // AuthKey is an auth key that will be used to login whenever the backend starts. This can be used to + // automatically authenticate managed devices, without requiring user interaction. + AuthKey Key = "AuthKey" + // Keys with a string array value. // AllowedSuggestedExitNodes's string array value is a list of exit node IDs that restricts which exit nodes are considered when generating suggestions for exit nodes. AllowedSuggestedExitNodes Key = "AllowedSuggestedExitNodes"