From 719ee4415e9144a698300a9583b56b5b8018d916 Mon Sep 17 00:00:00 2001
From: Ox Cart <ox.to.a.cart@gmail.com>
Date: Tue, 14 Nov 2023 16:15:57 -0600
Subject: [PATCH] ssh/tailssh: use control server time instead of local time

This takes advantage of existing functionality in ipn/ipnlocal to adjust
the local clock based on periodic time signals from the control server.
This way, when checking things like SSHRule expirations, calculations are
protected incorrectly set local clocks.

Fixes tailscale/corp#15796

Signed-off-by: Percy Wegmann <percy@tailscale.com>
---
 ipn/ipnlocal/expiry.go | 7 +++++++
 ssh/tailssh/tailssh.go | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/ipn/ipnlocal/expiry.go b/ipn/ipnlocal/expiry.go
index 13e57d327..04c10226d 100644
--- a/ipn/ipnlocal/expiry.go
+++ b/ipn/ipnlocal/expiry.go
@@ -217,3 +217,10 @@ func (em *expiryManager) nextPeerExpiry(nm *netmap.NetworkMap, localNow time.Tim
 
 	return nextExpiry
 }
+
+// ControlNow estimates the current time on the control server, calculated as
+// localNow + the delta between local and control server clocks as recorded
+// when the LocalBackend last received a time message from the control server.
+func (b *LocalBackend) ControlNow(localNow time.Time) time.Time {
+	return localNow.Add(b.em.clockDelta.Load())
+}
diff --git a/ssh/tailssh/tailssh.go b/ssh/tailssh/tailssh.go
index b932e99ff..a72ce4fa8 100644
--- a/ssh/tailssh/tailssh.go
+++ b/ssh/tailssh/tailssh.go
@@ -109,6 +109,9 @@ func init() {
 			lb:             lb,
 			logf:           logf,
 			tailscaledPath: tsd,
+			timeNow: func() time.Time {
+				return lb.ControlNow(time.Now())
+			},
 		}
 
 		return srv, nil