ssh/tailssh: use control server time instead of local time

This takes advantage of existing functionality in ipn/ipnlocal to adjust
the local clock based on periodic time signals from the control server.
This way, when checking things like SSHRule expirations, calculations are
protected incorrectly set local clocks.

Fixes tailscale/corp#15796

Signed-off-by: Percy Wegmann <percy@tailscale.com>
pull/10302/head
Ox Cart 1 year ago committed by Percy Wegmann
parent bd534b971a
commit 719ee4415e

@ -217,3 +217,10 @@ func (em *expiryManager) nextPeerExpiry(nm *netmap.NetworkMap, localNow time.Tim
return nextExpiry return nextExpiry
} }
// ControlNow estimates the current time on the control server, calculated as
// localNow + the delta between local and control server clocks as recorded
// when the LocalBackend last received a time message from the control server.
func (b *LocalBackend) ControlNow(localNow time.Time) time.Time {
return localNow.Add(b.em.clockDelta.Load())
}

@ -109,6 +109,9 @@ func init() {
lb: lb, lb: lb,
logf: logf, logf: logf,
tailscaledPath: tsd, tailscaledPath: tsd,
timeNow: func() time.Time {
return lb.ControlNow(time.Now())
},
} }
return srv, nil return srv, nil

Loading…
Cancel
Save