From 6d9767db422d422522f0986e6cb4c7667bc60d93 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 3 Apr 2023 00:39:13 +0200 Subject: [PATCH] Add SOCKS4 support to CI --- .github/workflows/tests.yml | 20 ++++++++++++++++++-- src/main.rs | 2 +- src/setup.rs | 17 ++++------------- tests/proxy.rs | 15 +++++++++------ 4 files changed, 32 insertions(+), 22 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a3a6945..3b8c34f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -21,6 +21,22 @@ jobs: with: command: test args: --no-run - - env: + - name: Populate .env + env: DOTENV: ${{ secrets.DOTENV }} - run: echo "$DOTENV" > .env && sudo -E /home/runner/.cargo/bin/cargo test + run: echo "$DOTENV" > .env + - name: Set up runner SSH key + run: >- + set -o allexport && + source .env && + set +o allexport && + mkdir ~/.ssh && + echo "$TEST_SERVER_PRIVATE_SSH_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa + - name: Run tests + run: >- + set -o allexport && + source .env && + set +o allexport && + ssh -N -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -D 1080 "$TEST_SERVER_SSH_DST" & + while ! nc -z 127.0.0.1 1080; do sleep 1; done && + sudo -E /home/runner/.cargo/bin/cargo test diff --git a/src/main.rs b/src/main.rs index 8b9dcd3..ac67753 100644 --- a/src/main.rs +++ b/src/main.rs @@ -89,7 +89,7 @@ fn main() -> ExitCode { Ok(()) })() { log::error!("{e}"); - std::process::exit(1); + return ExitCode::FAILURE; }; ExitCode::SUCCESS diff --git a/src/setup.rs b/src/setup.rs index c977e0c..0f36b7b 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -298,19 +298,10 @@ impl Setup { } pub fn drop_privileges(&self) -> Result<(), Error> { - let gid_str = match std::env::var("SUDO_GID") { - Ok(uid_str) => uid_str, - _ => String::from("65535"), - }; - let gid = gid_str.parse::()?; - nix::unistd::setgid(nix::unistd::Gid::from_raw(gid))?; - - let uid_str = match std::env::var("SUDO_UID") { - Ok(uid_str) => uid_str, - _ => String::from("65535"), - }; - let uid = uid_str.parse::()?; - nix::unistd::setuid(nix::unistd::Uid::from_raw(uid))?; + // 65534 is usually the nobody user. Even in cases it is not, it is safer to use this ID + // than running with UID and GID 0. + nix::unistd::setgid(nix::unistd::Gid::from_raw(65534))?; + nix::unistd::setuid(nix::unistd::Uid::from_raw(65534))?; Ok(()) } diff --git a/tests/proxy.rs b/tests/proxy.rs index 00128db..82589d7 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -3,6 +3,8 @@ mod tests { extern crate reqwest; use std::env; + use std::net::IpAddr; + use std::str::FromStr; use fork::Fork; use nix::sys::signal; @@ -64,12 +66,13 @@ mod tests { continue; } - let mut setup = Setup::new( - TUN_TEST_DEVICE, - &test.proxy.addr.ip(), - get_default_cidrs(), - false, - ); + let bypass_ip = match env::var("BYPASS_IP") { + Err(_) => test.proxy.addr.ip(), + Ok(ip_str) => IpAddr::from_str(ip_str.as_str()).unwrap(), + }; + + let mut setup = + Setup::new(TUN_TEST_DEVICE, &bypass_ip, get_default_cidrs(), false); setup.configure().unwrap(); match fork::fork() {