Skip to content

dot1x: add macOS and Windows 802.1X supplicant state table#113

Open
robbiet480 wants to merge 37 commits into
macadmins:mainfrom
robbiet480:add-eapol-status
Open

dot1x: add macOS and Windows 802.1X supplicant state table#113
robbiet480 wants to merge 37 commits into
macadmins:mainfrom
robbiet480:add-eapol-status

Conversation

@robbiet480

@robbiet480 robbiet480 commented Jun 5, 2026

Copy link
Copy Markdown

Summary

Adds the dot1x osquery table to expose per-interface 802.1X / EAPOL supplicant state on macOS and Windows, enabling fleet-wide queries like "which machines are/aren't authenticated to enterprise Wi-Fi" and diagnosis of EAP failures without remoting into individual devices.

Naming: originally proposed as eapol_status; renamed to dot1x now that both macOS and Windows backends are in place, since "802.1X" describes the table better than the macOS-specific EAPOL terminology. (Package/dir tables/dot1x, exported Dot1XStatus / Dot1XBackend.)

Motivation

osquery's built-in wifi_status shows SSID/security_type but cannot distinguish "authenticated" from "associated-but-EAP-held," and exposes no EAP method, auth state, or failure reason. This table fills that gap — real-world motivation: a multi-hour 802.1X triage that this table would have short-circuited.

Data Sources

macOS

EAPOLControlCopyStateAndStatus() from /System/Library/PrivateFrameworks/EAP8021X.framework — a public-stable API from Apple's open-source eap8021x. Proven to compile/run as a normal user (no root). All status dictionary keys map to documented kEAPOLControl* and kEAPClientProp* constants from EAPOLControlTypes.h and EAPClientProperties.h.

Windows

Native Wifi API (wlanapi.dll) via syscall.NewLazyDLL — pure Go, no cgo. Uses WlanOpenHandle, WlanEnumInterfaces, WlanQueryInterface, and WlanGetProfile to query wireless adapter state and parse WLAN profile XML for EAP configuration. Gracefully degrades when wlanapi.dll is unavailable (e.g. Windows Server without wireless).

Columns (23)

Column Type Description macOS Windows
interface TEXT Interface name (BSD name on macOS, adapter description on Windows)
state INTEGER EAPOLControlState (0=Idle,1=Starting,2=Running,3=Stopping)
state_name TEXT Human-readable state
supplicant_state INTEGER 802.1X supplicant state machine (0=Disconnected..4=Authenticated)
supplicant_state_name TEXT Human-readable supplicant state
eap_type INTEGER EAP method code (13=TLS, 25=PEAP, etc.)
eap_type_name TEXT EAP method name ("EAP-TLS", etc.)
inner_eap_type INTEGER Inner EAP method code for tunneled auth (e.g. PEAP→MSCHAPv2)
inner_eap_type_name TEXT Inner EAP method name
client_status INTEGER 0=ok, nonzero=error code
domain_specific_error INTEGER EAP client domain-specific error
authenticator_mac_address TEXT AP/RADIUS NAS MAC address (BSSID)
mode INTEGER Auth mode (0=None,1=User,2=LoginWindow,3=System)
mode_name TEXT Human-readable mode
tls_session_was_resumed INTEGER 1 if TLS session was resumed
tls_server_certificate_chain TEXT Pipe-separated subject DNs in RFC4514 LDAP notation
tls_server_certificate_sha1 TEXT Comma-separated colon-delimited SHA-1 fingerprints ✓ (trusted root CA)
tls_server_certificate_serials TEXT Comma-separated hex serial numbers
tls_trust_client_status INTEGER Trust evaluation error code (0=ok)
tls_negotiated_protocol_version TEXT TLS version ("1.2" or "1.3")
tls_negotiated_cipher INTEGER TLS cipher suite code
last_status_timestamp TEXT ISO 8601 timestamp of last status change
unique_identifier TEXT Configuration unique identifier / interface GUID

Design

macOS

  • cgo on darwin: Links EAP8021X.framework + CoreFoundation via Bazel clinkopts. cgo is platform-selected with //go:build darwin and a no-op stub for non-darwin. EAP8021X itself is loaded via dlopen/dlsym, so only CoreFoundation is link-time.
  • Apple CC toolchain: apple_support 1.24.5 in WORKSPACE; cgo=True and pure=off on darwin go_binary targets.
  • TLS cert chain parsing: Raw DER certs packed in C, unpacked and parsed in Go via crypto/x509 with full RDN to RFC4514 LDAP rendering, SHA-1 fingerprinting, and serial number extraction.

Windows

  • Pure Go, no cgo: syscall.NewLazyDLL("wlanapi.dll") with lazy proc loading — gracefully returns ErrBackendUnavailable if the DLL or any proc is missing.
  • Interface enumeration: WlanEnumInterfaces discovers real wireless adapter names (no hardcoded en0–en9).
  • Profile XML parsing: WlanGetProfile returns UTF-16 XML; string-based extraction of <EapMethod><Type>, <authMode>, the nested inner EAP type, and <TrustedRootCA>.
  • Struct layout: Windows API structs with explicit padding for alignment (e.g. 2-byte pad after 6-byte BSSID).

Shared

  • Dot1XBackend interface: GetStatus(ifname string) (Dot1XStatus, error) with platform-specific implementations behind build tags.
  • Interface queries: WHERE interface = '...' for exact-match; otherwise platform-specific enumeration with en0–en9 fallback.
  • Context cancellation: Checked before each backend call.
  • Testable without live 802.1X: fakeBackend mock and table-driven tests on every platform.

Testing

bazel test //tables/dot1x:dot1x_test

All tests pass with no regressions across bazel test //...:

  • Shared (19): column schema, interface/constraint handling, row mapping, enum name maps, TLS cert-chain parsing, RFC4514 DN escaping, context cancellation.
  • macOS (9, on top of shared): live cgo framework-loading smoke tests plus mock-backend integration tests covering the TLS-rich fields (System EAP-TLS, idle, PEAP-with-inner-EAP, unknown EAP type, multi-interface, not-found, ErrBackendUnavailable).
  • Windows (19, on top of shared): unit tests for the profile-XML extractors (extractEAPTypeFromXML, extractAuthModeFromXML, extractInnerEAPTypeFromXML, extractTrustedRootCAFromXML), mapWlanState, GUID/UTF-16 helpers, plus mock-backend and live smoke tests.

Copilot AI review requested due to automatic review settings June 5, 2026 21:20

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a new eapol_status osquery table for macOS, backed by EAP8021X.framework (cgo) on Darwin, plus Bazel/WORKSPACE updates to support building with cgo.

Changes:

  • Introduce tables/eapolstatus table implementation (darwin cgo backend + non-darwin noop backend) and register it in main.go.
  • Add unit tests covering row formatting, constraints handling, and helper functions.
  • Update Bazel build config and WORKSPACE to enable cgo on macOS targets and add Apple toolchain dependencies.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
tables/eapolstatus/eapolstatus.go Core table schema, query logic, helpers, and row formatting
tables/eapolstatus/eapol_darwin.go Darwin cgo backend calling EAP8021X via dlopen/dlsym
tables/eapolstatus/eapol_other.go Non-darwin backend stub
tables/eapolstatus/eapolstatus_test.go New unit tests for interface selection, row mapping, and helpers
tables/eapolstatus/BUILD.bazel Bazel targets for library + tests with conditional cgo/linker opts
main.go Registers eapol_status plugin on darwin
BUILD.bazel Enables cgo + pure=off for macOS binaries and adds table dep
WORKSPACE Adds apple_support/rules_cc toolchain setup for cgo builds
README.md Documents the new eapol_status table

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tables/dot1x/dot1x.go Outdated
Comment thread tables/dot1x/dot1x.go
Comment thread tables/eapolstatus/eapol_other.go Outdated
Comment thread tables/dot1x/dot1x_darwin.go
Comment thread tables/dot1x/dot1x_darwin.go
Comment thread tables/eapolstatus/eapolstatus_test.go Outdated
Comment thread tables/dot1x/dot1x_test.go
@robbiet480 robbiet480 force-pushed the add-eapol-status branch 4 times, most recently from 10dbb5f to be7340d Compare June 5, 2026 22:43
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 22:45

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 9 comments.

Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x_test.go
Comment thread tables/dot1x/dot1x_test.go
Comment thread tables/eapolstatus/eapolstatus_test.go Outdated
Comment thread tables/dot1x/dot1x_test.go
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 22:59

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Comment thread tables/dot1x/dot1x.go
Comment thread tables/eapolstatus/eapolstatus.go Outdated
Comment thread tables/eapolstatus/eapolstatus.go Outdated
Comment thread README.md Outdated
Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/BUILD.bazel
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 23:06

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Comment thread tables/dot1x/dot1x.go
Comment thread tables/eapolstatus/eapolstatus.go Outdated
Comment thread tables/dot1x/dot1x.go
Comment thread tables/eapolstatus/eapolstatus.go Outdated
Comment thread tables/eapolstatus/eapolstatus.go Outdated
Comment thread tables/dot1x/dot1x.go
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 23:16

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.

Comment thread tables/dot1x/dot1x_darwin.go
Comment thread tables/dot1x/dot1x_test.go
Comment thread tables/eapolstatus/eapol_other.go Outdated
Comment thread tables/eapolstatus/eapol_darwin.go Outdated
Comment thread tables/eapolstatus/eapolstatus.go Outdated
@robbiet480 robbiet480 force-pushed the add-eapol-status branch 2 times, most recently from 608732a to 492c1b5 Compare June 5, 2026 23:27
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 23:30

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Comment thread tables/eapolstatus/eapolstatus.go Outdated
Comment thread tables/eapolstatus/eapolstatus.go Outdated
Comment thread tables/dot1x/dot1x.go
@robbiet480 robbiet480 force-pushed the add-eapol-status branch 2 times, most recently from 43bd354 to 557e164 Compare June 5, 2026 23:37
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 23:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.

Comment thread tables/dot1x/dot1x_darwin.go
Comment thread tables/dot1x/BUILD.bazel
Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x_test.go
Comment thread tables/dot1x/dot1x.go
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 23:45

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x.go
Comment thread tables/dot1x/dot1x_darwin.go
Comment thread tables/dot1x/dot1x.go
@robbiet480 robbiet480 requested a review from Copilot June 5, 2026 23:52
…shared file

Address Copilot review on the Windows backend:

- GetStatus: bounds-check dataSize against sizeof(wlanConnectionAttributes)
  before dereferencing the WlanQueryInterface buffer, returning a
  per-interface error on a short buffer instead of risking an OOB read.
- getWlanProfileXML / enumerateWlanInterfaceInfos: split the ret != 0 and
  nil-pointer cases so a "succeeded but returned no data" result no longer
  surfaces a misleading "errno 0" message.
- Move the pure-Go WLAN profile XML parsing (eapMethod/EAPType/authMode/
  TrustedRootCA extractors, isHexString, formatSHA1Hex, xml token helpers)
  and their tests out of the //go:build windows files into build-tag-free
  dot1x_wlanprofile.go / _test.go, so the parsing logic compiles, runs, and
  is coverage-counted on every platform (it now executes on the Linux CI /
  darwin test runs, not just Windows). Registered both files in BUILD.bazel.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@robbiet480 robbiet480 requested a review from Copilot June 10, 2026 20:55

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 2 comments.

Comment thread tables/dot1x/dot1x_darwin.go
Comment thread tables/dot1x/dot1x_windows.go
…dows)

- dot1x(darwin): dot1x_query now returns -2 when copy_state_fn reports
  success (ret==0) but yields a NULL status dictionary, and GetStatus maps
  that to a per-interface "returned no status" error. Previously this
  emitted a misleading "successful" row of sentinel values; now generateRows
  skips the interface. Documented the return codes.
- dot1x(windows): wrap the underlying enumeration error with %w (now
  "%w: %w") so it stays introspectable in the chain while
  errors.Is(ErrBackendUnavailable) still holds.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@robbiet480 robbiet480 requested a review from Copilot June 10, 2026 21:05

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 3 comments.

Comment thread tables/dot1x/dot1x_darwin_test.go Outdated
Comment thread tables/dot1x/dot1x_windows_test.go Outdated
Comment thread BUILD.bazel
…nual

- Tests: replace t.Context() with context.Background() in the darwin and
  windows test files, matching the shared tests and avoiding a dependency on
  the newer (*testing.T).Context() helper.
- Root BUILD.bazel: tag the darwin cgo go_binary targets "manual" so they're
  excluded from //... / :all wildcard expansion. `bazel build //...` /
  `bazel test //...` on a Linux/Windows host no longer fail trying to analyze
  them (they need a darwin C++ toolchain); explicit builds via the Makefile /
  bazel_to_builddir.sh still work. target_compatible_with can't gate these:
  the goos="darwin" transition makes the target platform macOS, so a macos
  constraint would always be satisfied and never skip on a Linux host.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@robbiet480 robbiet480 requested a review from Copilot June 10, 2026 21:13

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 2 comments.

Comment thread tables/dot1x/dot1x.go Outdated
Comment thread tables/dot1x/dot1x_darwin_test.go Outdated
- Dot1XBackend doc comment now describes all three production backends
  (macOS cgo / EAP8021X, Windows wlanapi, other noop) instead of only darwin.
- Move the duplicated constraintFor test helper out of the darwin and windows
  test files into dot1x_helpers_test.go. It carries a `darwin || windows`
  build tag (not untagged) because it's only used by those two backends'
  tests; an untagged helper would be flagged unused on Linux.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 3 comments.

Comment thread tables/dot1x/dot1x_windows.go
Comment thread tables/dot1x/dot1x_windows.go Outdated
Comment thread tables/dot1x/dot1x_windows.go
…gle enum

Address Copilot review:

- Load wlanapi.dll via windows.NewLazySystemDLL (system directory) instead of
  syscall.NewLazyDLL (default search order), preventing DLL search-order
  hijacking when the process runs from a writable location.
- Add a distinct tls_trusted_root_ca_sha1 column. Windows now stores the
  configured trusted-root-CA thumbprints there instead of overloading
  tls_server_certificate_sha1 (which macOS fills with the actual presented
  server-cert chain) — the two had different meanings across platforms.
- Avoid the double WlanEnumInterfaces on unconstrained queries: windowsBackend
  caches both the info map and ordered names in its per-generation snapshot and
  exposes interfaceNames() via a new optional interfaceLister; interfacesToQuery
  sources the default list from the backend's snapshot when available, falling
  back to the package defaultInterfaces() otherwise.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 2 comments.

Comment thread tables/dot1x/dot1x_windows.go
Comment thread Makefile Outdated
…gate

- Capture the WLAN init failure reason in wlanInitErr (DLL load / missing proc
  / WlanOpenHandle) and surface it from unavailableBackend.GetStatus, instead
  of the misleading fixed "wlanapi.dll not available" message. errors.Is(
  ErrBackendUnavailable) still holds and the underlying cause is wrapped.
- Makefile: compute UNAME_S := $(shell uname -s 2>/dev/null) once with a safe
  empty default and gate the darwin binary builds on it, rather than calling
  $(shell uname) inline (which fails where uname is unavailable).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 1 comment.

Comment thread tables/dot1x/dot1x_test.go Outdated
The "no constraint" / LIKE cases called the package defaultInterfaces(),
which on Windows performs real WLAN enumeration — tying the unit test to host
networking state. Add a stubLister backend (implements interfaceLister with a
fixed name slice) and assert interfacesToQuery prefers backend-provided
defaults, plus separate deterministic cases for empty (query nothing) and nil
(en0-en9 fallback) defaults.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 4 comments.

Comment thread tables/dot1x/dot1x.go Outdated
Comment thread tables/dot1x/dot1x_windows.go
Comment thread tables/dot1x/dot1x_windows.go Outdated
Comment thread tables/dot1x/dot1x_windows.go Outdated
…e pass

- interfacesToQuery: consult the backend's interfaceLister FIRST and only call
  the package defaultInterfaces() when the backend doesn't implement it.
  Previously defaultInterfaces() was always called before the lister check, so
  on Windows it still enumerated twice — defeating the round's earlier goal.
- WLAN profile XML: replace the four separate extractors (each of which built a
  new decoder and scanned the whole document) with a single-pass
  parseWLANProfile that collects EAP type, inner EAP type, authMode, and
  trusted-root-CA thumbprints in one token pass. GetStatus now parses once.
  Renamed the tests accordingly; same cases, verified identical results.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 3 comments.

Comment thread tables/dot1x/dot1x_wlanprofile.go
Comment thread tables/dot1x/dot1x_wlanprofile.go
Comment thread tools/bazel_to_builddir.sh Outdated
…le cleanup

- readEapMethodType now consumes through the matching </EapMethod> (capturing
  the first <Type>) instead of returning mid-element, so a nested <EapMethod>
  can't be miscounted as the second method and the single-pass scan stays
  aligned. Verified the parser tests are unchanged.
- formatSHA1Hex returns "" early for empty input and sizes Grow() to the actual
  input length instead of a fixed 59 bytes, avoiding allocations on the
  empty/short/invalid cases.
- bazel_to_builddir.sh: install a `trap 'rm -f "$err"' RETURN` so the temp
  stderr file is removed on every return path (including errors added later /
  abrupt exit under set -e), replacing the scattered manual rm -f calls.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 2 comments.

Comment thread tools/bazel_to_builddir.sh
Comment thread tools/bazel_to_builddir.sh Outdated
Replace the function-level RETURN trap (which is global in bash, persists after
the function returns, and doesn't fire on a set -e abort) with a subshell that
owns its own EXIT trap. The trap fires on every exit path — normal, set -e,
or signal — removes the temp file, and never touches the parent shell's global
traps. Verified end-to-end: the script copies all five binaries with no leftover
temp files and no global trap left installed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 3 comments.

Comment thread tools/bazel_to_builddir.sh Outdated
Comment thread tables/dot1x/dot1x_windows.go
Comment thread BUILD.bazel Outdated
… comment

- Compute host_os := uname -s (stderr suppressed, failure tolerated via
  `|| true`) once and gate the Darwin copy on it, so `set -euo pipefail`
  doesn't abort the Linux/Windows artifact copies in environments where uname
  is unavailable (matching the Makefile's UNAME_S approach).
- Update the root BUILD.bazel comment that still referenced the old
  `ifeq ($(shell uname),Darwin)` gating to reflect the current
  `ifeq ($(UNAME_S),Darwin)` / `[ "$host_os" = "Darwin" ]` checks.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 1 comment.

Comment thread tables/dot1x/dot1x_windows.go
@robbiet480

Copy link
Copy Markdown
Author

@grahamgilbert this one is ready for review and merge!

@robbiet480

Copy link
Copy Markdown
Author

Hey @headmin, as Graham is unavailable to merge this for another 2 months or so, he suggested that you may be able to review and merge it. Let me know if that's possible and if you need anything from me to get it done. I'm available on the MacAdmins Slack if more convenient to talk there. Thank you!

@natewalck

Copy link
Copy Markdown
Member

Has this been testing on an actual Windows device which is authenticated via 802.1x? I don't see any real world testing in the plan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants