Switch NRPT logic to use Registry instead of Powershell [VPNWIN-3001]

Author: eaproton

src/Client/Logic/Feedback/ProtonVPN.Client.Logic.Feedback/Diagnostics/Logs/InstalledAppsLog.cs

@@ -57,22 +57,27 @@ private string GenerateContent()
     private List<string> GetAppNames()
     {
         List<string> appNames = new();
-        RegistryKey? registryFolder;
 
-        registryFolder = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(UNINSTALL_REGISTRY_PATH);
-        appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
-
-        registryFolder = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry32).OpenSubKey(UNINSTALL_REGISTRY_PATH);
-        appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
-
-        registryFolder = Registry.LocalMachine.OpenSubKey(WOW_UNINSTALL_REGISTRY_PATH);
-        appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
-
-        registryFolder = Registry.CurrentUser.OpenSubKey(UNINSTALL_REGISTRY_PATH);
-        appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
-
-        registryFolder = Registry.CurrentUser.OpenSubKey(WINDOWS_APPS_REGISTRY_PATH);
-        appNames.AddRange(GetInstalledNames(registryFolder, ParseWindowsAppNameIfExists));
+        using (RegistryKey? registryFolder = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(UNINSTALL_REGISTRY_PATH))
+        {
+            appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
+        }
+        using (RegistryKey? registryFolder = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry32).OpenSubKey(UNINSTALL_REGISTRY_PATH))
+        {
+            appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
+        }
+        using (RegistryKey? registryFolder = Registry.LocalMachine.OpenSubKey(WOW_UNINSTALL_REGISTRY_PATH))
+        {
+            appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
+        }
+        using (RegistryKey? registryFolder = Registry.CurrentUser.OpenSubKey(UNINSTALL_REGISTRY_PATH))
+        {
+            appNames.AddRange(GetInstalledNames(registryFolder, ParseProgramNameIfExists));
+        }
+        using (RegistryKey? registryFolder = Registry.CurrentUser.OpenSubKey(WINDOWS_APPS_REGISTRY_PATH))
+        {
+            appNames.AddRange(GetInstalledNames(registryFolder, ParseWindowsAppNameIfExists));
+        }
 
         return appNames;
     }
@@ -88,13 +93,15 @@ private IList<string> GetInstalledNames(RegistryKey? registryFolder, Func<Regist
 
         foreach (string registryFolderChild in registryFolder.GetSubKeyNames())
         {
-            RegistryKey? subKey = registryFolder.OpenSubKey(registryFolderChild);
-            if (subKey != null)
+            using (RegistryKey? subKey = registryFolder.OpenSubKey(registryFolderChild))
             {
-                string name = installedNameParser(subKey);
-                if (name != null)
+                if (subKey != null)
                 {
-                    names.Add(name);
+                    string name = installedNameParser(subKey);
+                    if (name != null)
+                    {
+                        names.Add(name);
+                    }
                 }
             }
         }

src/Client/Settings/ProtonVPN.Client.Settings.Contracts/Helpers/DefaultAppsHelper.cs

@@ -87,16 +87,19 @@ private static IEnumerable<SplitTunnelingApp> GetClientApps(RegistryKey? parentK
     {
         return FailSafeRegistryAccess(() =>
         {
-            RegistryKey? subKey = parentKey?.OpenSubKey(subKeyName);
-            return GetClientApps(subKey);
+            using (RegistryKey? subKey = parentKey?.OpenSubKey(subKeyName))
+            {
+                return GetClientApps(subKey);
+            }
         }, Enumerable.Empty<SplitTunnelingApp>());
     }
 
-    private static IEnumerable<SplitTunnelingApp> GetClientApps(RegistryKey? parentKey)
+    private static List<SplitTunnelingApp> GetClientApps(RegistryKey? parentKey)
     {
+        List<SplitTunnelingApp> list = [];
         if (parentKey == null)
         {
-            yield break;
+            return list;
         }
 
         string[] subKeys = parentKey.GetSubKeyNames();
@@ -105,9 +108,11 @@ private static IEnumerable<SplitTunnelingApp> GetClientApps(RegistryKey? parentK
             SplitTunnelingApp? app = GetClientApp(parentKey, subKey);
             if (app != null)
             {
-                yield return app.Value;
+                list.Add(app.Value);
             }
         }
+
+        return list;
     }
 
     private static SplitTunnelingApp? GetClientApp(RegistryKey parentKey, string subKeyName)

src/OperatingSystems/NameResolutionPolicyTable/ProtonVPN.OperatingSystems.NRPT/NrptInvoker.cs

@@ -17,8 +17,6 @@
  * along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-using System.Management.Automation;
-using System.Text;
 using ProtonVPN.IssueReporting.Contracts;
 using ProtonVPN.Logging.Contracts;
 using ProtonVPN.Logging.Contracts.Events.OperatingSystemLogs;
@@ -46,24 +44,19 @@ public bool CreateRule(string nameServers)
             return false;
         }
 
-        return StaticNrptInvoker.CreateRule(nameServers, OnNrptException, OnError, OnSuccess);
+        return StaticNrptInvoker.CreateRule(nameServers, OnException, OnCreateError, OnSuccess);
     }
 
-    private void OnNrptException(string errorMessage, Exception ex)
+    private void OnException(string errorMessage, Exception ex)
     {
         _logger.Error<OperatingSystemNrptLog>(errorMessage, ex);
         _issueReporter.CaptureError(new Exception(errorMessage, ex));
     }
 
-    private void OnError(string message, List<ErrorRecord> errors)
+    private void OnCreateError(string errorMessage)
     {
-        StringBuilder errorMessageBuilder = new();
-        foreach (ErrorRecord error in errors)
-        {
-            _logger.Error<OperatingSystemNrptLog>($"{message}: {error}");
-            errorMessageBuilder.AppendLine(error.ToString());
-        }
-        _issueReporter.CaptureError(message, errorMessageBuilder.ToString());
+        _logger.Error<OperatingSystemNrptLog>(errorMessage);
+        _issueReporter.CaptureError("Error when creating NRPT rule", errorMessage);
     }
 
     private void OnSuccess(string message)
@@ -74,6 +67,6 @@ private void OnSuccess(string message)
     /// <returns>If the NRPT rule was removed successfully</returns>
     public bool DeleteRule()
     {
-        return StaticNrptInvoker.DeleteRule(OnNrptException, OnError, OnSuccess);
+        return StaticNrptInvoker.DeleteRule(OnException, OnSuccess);
     }
 }

src/OperatingSystems/NameResolutionPolicyTable/ProtonVPN.OperatingSystems.NRPT/ProtonVPN.OperatingSystems.NRPT.csproj

@@ -12,7 +12,6 @@
         <Compile Include="..\..\..\GlobalAssemblyInfo.cs" Link="Properties\GlobalAssemblyInfo.cs" />
     </ItemGroup>
     <ItemGroup>
-        <PackageReference Include="Microsoft.PowerShell.SDK" />
         <PackageReference Include="System.Formats.Asn1" />
         <PackageReference Include="System.Text.Json" />
     </ItemGroup>

src/OperatingSystems/NameResolutionPolicyTable/ProtonVPN.OperatingSystems.NRPT/StaticNrptInvoker.cs

@@ -17,28 +17,50 @@
  * along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-using System.Management.Automation;
-using System.Management.Automation.Runspaces;
-using Microsoft.PowerShell;
+using Microsoft.Win32;
 
 namespace ProtonVPN.OperatingSystems.NRPT;
 
 public static class StaticNrptInvoker
 {
-    private const string NRPT_COMMENT = "Force all DNS requests via Proton VPN";
-    private const string NRPT_ADD_SCRIPT = "Add-DnsClientNrptRule -Namespace \".\" -NameServers {0} -Comment \"" + NRPT_COMMENT + "\"";
-    private const string NRPT_REMOVE_SCRIPT = "Get-DnsClientNrptRule | Where-Object { $_.Comment -eq \"" + NRPT_COMMENT + "\" } | Remove-DnsClientNrptRule -Force";
-    
+    private const string NRPT_COMMENT_KEY_NAME = "Comment";
+    private const string NRPT_DISPLAY_NAME_KEY_NAME = "DisplayName";
+
+    private const string NRPT_COMMENT_VALUE = "Force all DNS requests via Proton VPN";
+    private const string NRPT_DISPLAY_NAME_VALUE = "Proton VPN";
+
+    private const string NRPT_RULES_PATH = @"SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig";
+
+    private static readonly string[] _allDomains = ["."];
     private static readonly object _lock = new();
 
     /// <returns>If the NRPT rule was added successfully</returns>
-    public static bool CreateRule(string nameServers, Action<string, Exception> onException = null,
-        Action<string, List<ErrorRecord>> onError = null, Action<string> onSuccess = null)
+    public static bool CreateRule(string nameServers, Action<string, Exception> onException, Action<string> onError, Action<string> onSuccess)
     {
         try
         {
-            string script = string.Format(NRPT_ADD_SCRIPT, nameServers);
-            return ExecuteNrptPowershellCommand("Add", ps => ps.AddScript(script), onError, onSuccess);
+            lock (_lock)
+            {
+                string ruleGuid = Guid.NewGuid().ToString().ToUpper();
+                string rulePath = $"{NRPT_RULES_PATH}\\{{{ruleGuid}}}";
+                using (RegistryKey ruleKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).CreateSubKey(rulePath, writable: true))
+                {
+                    if (ruleKey == null)
+                    {
+                        onError($"Failed to open or create NRPT registry path {NRPT_RULES_PATH}.");
+                        return false;
+                    }
+
+                    ruleKey.SetValue(NRPT_COMMENT_KEY_NAME, NRPT_COMMENT_VALUE, RegistryValueKind.String);
+                    ruleKey.SetValue("ConfigOptions", 8, RegistryValueKind.DWord);
+                    ruleKey.SetValue(NRPT_DISPLAY_NAME_KEY_NAME, NRPT_DISPLAY_NAME_VALUE, RegistryValueKind.String);
+                    ruleKey.SetValue("GenericDNSServers", nameServers, RegistryValueKind.String);
+                    ruleKey.SetValue("IPSECCARestriction", string.Empty, RegistryValueKind.String);
+                    ruleKey.SetValue("Name", _allDomains, RegistryValueKind.MultiString);
+                    ruleKey.SetValue("Version", 2, RegistryValueKind.DWord);
+                    return true;
+                }
+            }
         }
         catch (Exception ex)
         {
@@ -50,54 +72,74 @@ public static bool CreateRule(string nameServers, Action<string, Exception> onEx
         }
     }
 
-    /// <returns>If the NRPT script was executed successfully</returns>
-    private static bool ExecuteNrptPowershellCommand(string actionVerb, Func<PowerShell, PowerShell> value,
-        Action<string, List<ErrorRecord>> onError = null, Action<string> onSuccess = null)
+    /// <returns>If the NRPT rule was removed successfully</returns>
+    public static bool DeleteRule(Action<string, Exception> onException, Action<string> onSuccess)
     {
-        lock(_lock)
+        try
         {
-            InitialSessionState iss = InitialSessionState.CreateDefault();
-            iss.ExecutionPolicy = ExecutionPolicy.Bypass;
-
-            using (Runspace runspace = RunspaceFactory.CreateRunspace(iss))
+            lock (_lock)
             {
-                runspace.Open();
-                using (PowerShell ps = PowerShell.Create(runspace))
-                {
-                    ps.AddCommand("Import-Module").AddArgument("DnsClient").Invoke();
-                    ps.Commands.Clear();
-
-                    value(ps).Invoke();
+                bool result = false;
 
-                    if (ps.HadErrors)
+                using (RegistryKey pathKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(NRPT_RULES_PATH, writable: true))
+                {
+                    if (pathKey == null)
                     {
-                        List<ErrorRecord> errors = ps.Streams.Error.ToList();
-                        if (onError is not null)
-                        {
-                            onError($"Error when performing NRPT rule '{actionVerb}' action.", errors);
-                        }
-                        return false;
+                        return false; // NRPT path doesn't exist, nothing to do here
                     }
-                    else
+
+                    string[] nrptRulesKeyNames = pathKey.GetSubKeyNames();
+
+                    foreach (string nrptRuleKeyName in nrptRulesKeyNames)
                     {
-                        if (onSuccess is not null)
-                        {
-                            onSuccess($"Success when performing NRPT rule '{actionVerb}' action.");
-                        }
-                        return true;
+                        result = CheckAndDeleteRule(nrptRuleKeyName, pathKey, onException, onSuccess: onSuccess) || result;
                     }
                 }
+
+                return result;
+            }
+        }
+        catch (Exception ex)
+        {
+            if (onException is not null)
+            {
+                onException("Exception thrown when removing the NRPT rule", ex);
             }
+            return false;
         }
     }
 
-    /// <returns>If the NRPT rule was removed successfully</returns>
-    public static bool DeleteRule(Action<string, Exception> onException = null,
-        Action<string, List<ErrorRecord>> onError = null, Action<string> onSuccess = null)
+    /// <returns>Was the NRPT rule removed successfully (Failure doesn't mean anything wrong, might not be our rule)</returns>
+    private static bool CheckAndDeleteRule(string nrptRuleKeyName, RegistryKey pathKey,
+        Action<string, Exception> onException, Action<string> onSuccess)
     {
         try
         {
-            return ExecuteNrptPowershellCommand("Remove", ps => ps.AddScript(NRPT_REMOVE_SCRIPT), onError, onSuccess);
+            using (RegistryKey nrptRuleKey = pathKey.OpenSubKey(nrptRuleKeyName))
+            {
+                if (nrptRuleKey == null)
+                {
+                    return false; // NRPT rule key name doesn't exist
+                }
+
+                object displayNameObj = nrptRuleKey.GetValue(NRPT_DISPLAY_NAME_KEY_NAME);
+                string displayName = displayNameObj?.ToString();
+                if (displayName is not null && displayName.Equals(NRPT_DISPLAY_NAME_VALUE, StringComparison.InvariantCultureIgnoreCase))
+                {
+                    DeleteKey(pathKey, nrptRuleKeyName, onSuccess);
+                    return true;
+                }
+
+                object commentObj = nrptRuleKey.GetValue(NRPT_COMMENT_KEY_NAME);
+                string comment = commentObj?.ToString();
+                if (comment is not null && comment.Equals(NRPT_COMMENT_VALUE, StringComparison.InvariantCultureIgnoreCase))
+                {
+                    DeleteKey(pathKey, nrptRuleKeyName, onSuccess);
+                    return true;
+                }
+            }
+
+            return false; // This NRPT rule exists but is not ours, leave it as is
         }
         catch (Exception ex)
         {
@@ -108,4 +150,10 @@ public static bool DeleteRule(Action<string, Exception> onException = null,
             return false;
         }
     }
+
+    private static void DeleteKey(RegistryKey pathKey, string nrptRuleKeyName, Action<string> onSuccess)
+    {
+        pathKey.DeleteSubKey(nrptRuleKeyName);
+        onSuccess($"Successfully deleted the NRPT rule '{nrptRuleKeyName}'.");
+    }
 }

src/ProtonVPN.Common.Legacy/OS/Registry/SystemProxy.cs

@@ -17,26 +17,30 @@
  * along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
  */
 
+using Microsoft.Win32;
+
 namespace ProtonVPN.Common.Legacy.OS.Registry;
 
 public class SystemProxy : ISystemProxy
 {
-    private const string RegKey = "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings";
+    private const string REG_KEY = "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings";
 
     public bool Enabled()
     {
-        var key = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(RegKey, false);
-        if (key == null)
+        using (RegistryKey key = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(REG_KEY, false))
         {
-            return false;
-        }
+            if (key == null)
+            {
+                return false;
+            }
 
-        var value = key.GetValue("ProxyEnable") as int?;
-        if (value == null)
-        {
-            return false;
-        }
+            int? value = key.GetValue("ProxyEnable") as int?;
+            if (value == null)
+            {
+                return false;
+            }
 
-        return value == 1;
+            return value == 1;
+        }
     }
 }