[PATCHv3] Test ping w/o privileges

[Erik Auerswald]

Hi,

I have added macOS to the operating systems that do not need to skip
the ping-localhost.sh test without root privileges, and plan to push
the attached patch in a few days.

Br,
Erik

>From d4ddc72ffd55cc88b8897dfaddbb6f38b5ca8e43 Mon Sep 17 00:00:00 2001
From: Erik Auerswald <auers...@unix-ag.uni-kl.de>
Date: Sun, 7 Jul 2024 19:32:01 +0200
Subject: [PATCH] tests: allow unprivileged ping to localhost

Some operating systems, e.g., GNU/Linux (with appropriate
configuration) and macOS, support unprivileged ICMP echo
operation.  Since commit 05a2f938e3f56ce0136966136410c5f9e20c37a7
from 2016-02-12, this is supported for the IPv4 ping program.
But the test for basic ping functionality still requires to be
run with an effective user id of root and is skipped otherwise.
Change this to test IPv4 ping operation without root privileges
if supported.

The IPv6 version of ping, 'ping6', does not (yet) allow use
without root privileges, thus skip the IPv6 part of the test
unless having root privileges.

* tests/ping-localhost.sh: Do not skip the test for IPv4 if
run without root privileges unless they are required.
---
 tests/ping-localhost.sh | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/tests/ping-localhost.sh b/tests/ping-localhost.sh
index 65802810..fadf323e 100755
--- a/tests/ping-localhost.sh
+++ b/tests/ping-localhost.sh
@@ -21,7 +21,7 @@
 #
 #  * Shell: SVR3 Bourne shell, or newer.
 #
-#  * id(1).
+#  * cut(1), id(1), uname(1).
 
 . ./tools.sh
 
@@ -56,11 +56,40 @@ if test "$TEST_IPV4" = "no" && test "$TEST_IPV6" = "no"; then
     exit 77
 fi
 
-if test `func_id_uid` != 0; then
-    echo "ping needs to run as root"
+have_privs='no'
+test "`func_id_uid`" = 0 && have_privs='yes'
+
+# some systems allow ping without root privileges
+need_privs='yes'
+
+# the kernel Linux requires specific configuration for unprivileged ping
+PING_GROUP_RANGE=/proc/sys/net/ipv4/ping_group_range
+if test "`uname -s`" = 'Linux' && test -f "$PING_GROUP_RANGE"
+then
+    low=`cut -f1 "$PING_GROUP_RANGE"`
+    high=`cut -f2 "$PING_GROUP_RANGE"`
+    for grp_id in `id -G`; do
+        test "$low" -le "$grp_id" && test "$high" -ge "$grp_id" &&
+            need_privs='no' && break
+    done
+fi
+
+# macOS generally allows unprivileged ping
+test "`uname -s`" = 'Darwin' && need_privs='no'
+
+if test "$need_privs" = 'yes' && test "$have_privs" = 'no'; then
+    echo >&2 "ping needs to run as root"
     exit 77
 fi
 
+# the ping6 program still requires privileges
+test "$need_privs" = 'no' && test "$have_privs" = 'no' &&
+    test "$TEST_IPV6" != 'no' && TEST_IPV6='no' &&
+    echo >&2 'ping6 needs to run as root, disabling IPv6 test' &&
+    test "$TEST_IPV4" = 'no' &&
+    echo >&2 'Testing of IPv4 and IPv6 is disabled.  Skipping test.' &&
+    exit 77
+
 errno=0
 errno2=0
 
-- 
2.25.1