Skip to content

Added brave vpn connection manager interface and initial Windows impls #8920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Jun 10, 2021
Merged

Added brave vpn connection manager interface and initial Windows impls #8920

merged 14 commits into from
Jun 10, 2021

Conversation

simonhong
Copy link
Member

@simonhong simonhong commented May 25, 2021
edited
Loading

Added vpn connection manager interface
Added Initial impls for Windows OS.

fix brave/brave-browser#15805

Security review: https://github.com/brave/security/issues/468

Submitter Checklist:

  • I confirm that no security/privacy review is needed, or that I have requested one
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

  1. Build command line tool vpntool in bc directory - ninja -C ../out/Components vpntool
  2. Run ../out/Components/vpntool.exe with various options
  3. Print connections ../out/Components/vpntool.exe --connections
  4. Print entries ../out/Components/vpntool.exe --entries
  5. Print devices ../out/Components/vpntool.exe --devices
  6. Create new entry ../out/Components/vpntool.exe --create --host_name=xxx --vpn_name=xxx --user_name=xxx --password=xxx
  7. Delete entry ../out/Components/vpntool.exe --remove --vpn_name=xxx
  8. Connect entry ../out/Components/vpntool.exe --connect --vpn_name=xxx
  9. Disconnect entry ../out/Components/vpntool.exe --disconnect --vpn_name=xxx

@simonhong simonhong force-pushed the brave_vpn_stub branch 2 times, most recently from 1cf2771 to b89220b Compare May 25, 2021 07:11
@simonhong simonhong requested a review from bsclifton May 25, 2021 07:44
@simonhong simonhong changed the title Added brave vpn connection manager interface and stub impl Added brave vpn connection manager interface and initial Windows impls May 26, 2021
@simonhong simonhong added the CI/skip Do not run CI builds (except noplatform) label May 26, 2021
@simonhong simonhong force-pushed the brave_vpn_stub branch 2 times, most recently from 91d7217 to caaed8a Compare May 27, 2021 06:46
@simonhong simonhong removed the CI/skip Do not run CI builds (except noplatform) label May 27, 2021
@simonhong simonhong force-pushed the brave_vpn_stub branch 2 times, most recently from 8302e74 to 1d41aa8 Compare May 27, 2021 12:55
@simonhong
Copy link
Member Author

@bsclifton Ready to review! PTAL :)

@bsclifton bsclifton requested a review from deeppandya May 27, 2021 16:56
@simonhong
Copy link
Member Author

@deeppandya My PR will make some merge conflict to your PR (#7904).
Both PR added new brave_vpn target :)
I think all conflict will on happen on gn files.
The difference is usingbrowser sub directory and ENABLE_BRAVE_VPN.
As brave vpn feature will only be used on browser side, I think we don't need to use browser sub directory.
and build flag name convension is ENABLE_FOO.

bsclifton
bsclifton reviewed May 28, 2021
View reviewed changes
bsclifton
bsclifton reviewed May 28, 2021
View reviewed changes
Copy link
Member

@bsclifton bsclifton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments left; great job here! 😄

@simonhong
Copy link
Member Author

@bsclifton Addressed. Thanks for review!

@bsclifton
Copy link
Member

Approved, pending security review and also review by @deeppandya 😄

fmarier
fmarier requested changes Jun 5, 2021
View reviewed changes
Copy link
Member

@fmarier fmarier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a few suggestions around buffer sizes. Memory management is easy to get wrong in C so I tend to be extra-careful around these, but let me know if there's a reason why these were done with bare constants.

components/brave_vpn/utils_win.cc Outdated
// https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-formatmessage
void PrintSystemError(DWORD error) {
DWORD c_buf_size = 512;
TCHAR lpsz_error_string[512];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To make sure there is never a mismatch between the buffer size and what we pass to FormatMessage(), I would do something like:

constexpr DWORD c_buf_size = 512; 
TCHAR lpsz_error_string[c_buf_size];

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.

components/brave_vpn/utils_win.cc Outdated
credentials.dwMask = RASCM_UserName | RASCM_Password;

wcscpy_s(credentials.szUserName, 256, username);
wcscpy_s(credentials.szPassword, 256, password);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of 256, it might be better to use UNLEN+1 and PWLEN+1.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.

@simonhong simonhong added the CI/skip Do not run CI builds (except noplatform) label Jun 7, 2021
simonhong
simonhong commented Jun 7, 2021
View reviewed changes
Copy link
Member Author

@simonhong simonhong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed all comments for buf length.
and looking at https://github.com/brave/brave-core/pull/8920/files#r645919998

components/brave_vpn/utils_win.cc Outdated
// https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-formatmessage
void PrintSystemError(DWORD error) {
DWORD c_buf_size = 512;
TCHAR lpsz_error_string[512];
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.

components/brave_vpn/utils_win.cc Outdated
credentials.dwMask = RASCM_UserName | RASCM_Password;

wcscpy_s(credentials.szUserName, 256, username);
wcscpy_s(credentials.szPassword, 256, password);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.

components/brave_vpn/utils_win.cc Outdated
}
lp_ras_dial_params->dwSize = sizeof(RASDIALPARAMS);
wcscpy_s(lp_ras_dial_params->szEntryName, 256, entry_name);
wcscpy_s(lp_ras_dial_params->szDomain, 15, L"*");
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to DNLEN + 1

@simonhong
Copy link
Member Author

simonhong commented Jun 7, 2021
edited
Loading

Hmm, I got Policy match error again with this PR. need to check.
I can see the below result and I think it's what we expect now.
@bsclifton not sure but there is some changes from server-side and it's not matched?
Left comment about this in slack channel also.
image

fmarier
fmarier reviewed Jun 7, 2021
View reviewed changes
simonhong and others added 13 commits June 10, 2021 09:47
@simonhong
Added brave vpn connection manager interface and stub impl
e3f309a 
Implementation will depends on OS platform.
@simonhong
Added initial windows impls
24e7a72 
and vpntool command line tool is introduced.
@simonhong
Applied chromium coding convensions
b0dfbc7 
and used chromium api as many as possible.
@bsclifton @simonhong
Fix return value check for ExpandEnvironmentStrings
ec6009c
@simonhong
Use %ls for wide string
9ec3d99
@simonhong
vpntool's entries command will print policy value also
60ecc00
@simonhong
Filled Connect() method
3dfbd8c
@simonhong
Fill disconnect()
1bb8fca
@simonhong
Separated vpn apis from manager
ca855cd
@simonhong
Run win32 ras api asynchronously
f98f1fc 
ras api could block main thread.
Client will get the result by observation.
@simonhong
Deleted unused lib and headers including
f482403
@simonhong
Address review comments
a4d9e02
@simonhong
Used exact buffer length for buffer operations
5862e7f 
and uses constness as many as possible.
@simonhong simonhong removed the CI/skip Do not run CI builds (except noplatform) label Jun 10, 2021
@bsclifton
Copy link
Member

Thanks for the great review, @fmarier 😄👍

@simonhong simonhong merged commit a39f967 into master Jun 10, 2021
@simonhong simonhong deleted the brave_vpn_stub branch June 10, 2021 10:19
@simonhong simonhong added this to the 1.27.x - Nightly milestone Jun 10, 2021
@simonhong simonhong mentioned this pull request Aug 26, 2021
Merged
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridiver bridiver bridiver left review comments

@bsclifton bsclifton bsclifton approved these changes

@fmarier fmarier fmarier approved these changes

@deeppandya deeppandya Awaiting requested review from deeppandya

Assignees

@simonhong simonhong

Labels
None yet
Projects
None yet
Milestone
1.27.x - Release
Development

Successfully merging this pull request may close these issues.

Implement Brave VPN on Windows
4 participants
@simonhong @bsclifton @bridiver @fmarier