ssh/tailssh: use control server time instead of local time

This takes advantage of existing functionality in ipn/ipnlocal to adjust the local clock based on periodic time signals from the control server. This way, when checking things like SSHRule expirations, calculations are protected incorrectly set local clocks. Fixes tailscale/corp#15796 Signed-off-by: Percy Wegmann <percy@tailscale.com>
2025-01-05 23:07:44 +00:00 · 2023-11-14 16:15:57 -06:00 · 2023-11-14 16:15:57 -06:00 · 719ee4415e
commit 719ee4415e
parent bd534b971a
2 changed files with 10 additions and 0 deletions
--- a/ipn/ipnlocal/expiry.go
+++ b/ipn/ipnlocal/expiry.go
@ -217,3 +217,10 @@ func (em *expiryManager) nextPeerExpiry(nm *netmap.NetworkMap, localNow time.Tim

 	return nextExpiry
 }
+
+// ControlNow estimates the current time on the control server, calculated as
+// localNow + the delta between local and control server clocks as recorded
+// when the LocalBackend last received a time message from the control server.
+func (b *LocalBackend) ControlNow(localNow time.Time) time.Time {
+	return localNow.Add(b.em.clockDelta.Load())
+}
--- a/ssh/tailssh/tailssh.go
+++ b/ssh/tailssh/tailssh.go
@ -109,6 +109,9 @@ func init() {
 			lb:             lb,
 			logf:           logf,
 			tailscaledPath: tsd,
+			timeNow: func() time.Time {
+				return lb.ControlNow(time.Now())
+			},
 		}

 		return srv, nil