Add SOCKS4 support to CI

2025-06-03 21:30:13 +00:00 · 2023-04-03 00:39:13 +02:00 · 2023-04-03 00:39:13 +02:00 · 6d9767db42
commit 6d9767db42
parent 15703a4823
4 changed files with 32 additions and 22 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -21,6 +21,22 @@ jobs:
        with:
          command: test
          args: --no-run
-      - env:
+      - name: Populate .env
+        env:
          DOTENV: ${{ secrets.DOTENV }}
-        run: echo "$DOTENV" > .env && sudo -E /home/runner/.cargo/bin/cargo test
+        run: echo "$DOTENV" > .env
+      - name: Set up runner SSH key
+        run: >-
+          set -o allexport &&
+          source .env &&
+          set +o allexport &&
+          mkdir ~/.ssh &&
+          echo "$TEST_SERVER_PRIVATE_SSH_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
+      - name: Run tests
+        run: >-
+          set -o allexport &&
+          source .env &&
+          set +o allexport &&
+          ssh -N -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -D 1080 "$TEST_SERVER_SSH_DST" &
+          while ! nc -z 127.0.0.1 1080; do sleep 1; done &&
+          sudo -E /home/runner/.cargo/bin/cargo test
--- a/src/main.rs
+++ b/src/main.rs
@ -89,7 +89,7 @@ fn main() -> ExitCode {
        Ok(())
    })() {
        log::error!("{e}");
-        std::process::exit(1);
+        return ExitCode::FAILURE;
    };

    ExitCode::SUCCESS
--- a/src/setup.rs
+++ b/src/setup.rs
@ -298,19 +298,10 @@ impl Setup {
    }

    pub fn drop_privileges(&self) -> Result<(), Error> {
-        let gid_str = match std::env::var("SUDO_GID") {
-            Ok(uid_str) => uid_str,
-            _ => String::from("65535"),
-        };
-        let gid = gid_str.parse::<u32>()?;
-        nix::unistd::setgid(nix::unistd::Gid::from_raw(gid))?;
-
-        let uid_str = match std::env::var("SUDO_UID") {
-            Ok(uid_str) => uid_str,
-            _ => String::from("65535"),
-        };
-        let uid = uid_str.parse::<u32>()?;
-        nix::unistd::setuid(nix::unistd::Uid::from_raw(uid))?;
+        // 65534 is usually the nobody user. Even in cases it is not, it is safer to use this ID
+        // than running with UID and GID 0.
+        nix::unistd::setgid(nix::unistd::Gid::from_raw(65534))?;
+        nix::unistd::setuid(nix::unistd::Uid::from_raw(65534))?;

        Ok(())
    }
--- a/tests/proxy.rs
+++ b/tests/proxy.rs
@ -3,6 +3,8 @@ mod tests {
    extern crate reqwest;

    use std::env;
+    use std::net::IpAddr;
+    use std::str::FromStr;

    use fork::Fork;
    use nix::sys::signal;
@ -64,12 +66,13 @@ mod tests {
                        continue;
                    }

-                    let mut setup = Setup::new(
-                        TUN_TEST_DEVICE,
-                        &test.proxy.addr.ip(),
-                        get_default_cidrs(),
-                        false,
-                    );
+                    let bypass_ip = match env::var("BYPASS_IP") {
+                        Err(_) => test.proxy.addr.ip(),
+                        Ok(ip_str) => IpAddr::from_str(ip_str.as_str()).unwrap(),
+                    };
+
+                    let mut setup =
+                        Setup::new(TUN_TEST_DEVICE, &bypass_ip, get_default_cidrs(), false);
                    setup.configure().unwrap();

                    match fork::fork() {