From owner-svn-soc-all@freebsd.org Sun May 20 09:10:26 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE607EADDDB for ; Sun, 20 May 2018 09:10:26 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4221577B39 for ; Sun, 20 May 2018 09:10:26 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 63E3B15499 for ; Sun, 20 May 2018 09:10:25 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4K9APpK067360 for ; Sun, 20 May 2018 09:10:25 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4K9AOfM066447 for svn-soc-all@FreeBSD.org; Sun, 20 May 2018 09:10:24 GMT (envelope-from aniketp@FreeBSD.org) Date: Sun, 20 May 2018 09:10:24 GMT Message-Id: <201805200910.w4K9AOfM066447@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337241 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 09:10:26 -0000 Author: aniketp Date: Sun May 20 09:10:23 2018 New Revision: 337241 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337241 Log: Add tests for chmod(2) family Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Sat May 19 19:24:05 2018 (r337240) +++ soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Sun May 20 09:10:23 2018 (r337241) @@ -26,6 +26,7 @@ * $FreeBSD$ */ +#include #include #include @@ -36,8 +37,191 @@ static struct pollfd fds[1]; static mode_t mode = 0777; +static struct stat statbuff; static const char *path = "fileforaudit"; static const char *errpath = "dirdoesnotexist/fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(chmod_success); +ATF_TC_HEAD(chmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chmod(2) call"); +} + +ATF_TC_BODY(chmod_success, tc) +{ + /* File needs to exist to call chmod(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, chmod(path, mode)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(chmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chmod_failure); +ATF_TC_HEAD(chmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chmod(2) call"); +} + +ATF_TC_BODY(chmod_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chmod(errpath, mode)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmod_success); +ATF_TC_HEAD(fchmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchmod(2) call"); +} + +ATF_TC_BODY(fchmod_success, tc) +{ + int filedesc; + char regex[30]; + + /* File needs to exist to call fchmod(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + ATF_REQUIRE_EQ(0, fstat(filedesc, &statbuff)); + /* Prepare the regex to be checked in the audit record */ + snprintf(regex, 30, "fchmod.*%lu.*return,success", statbuff.st_ino); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, fchmod(filedesc, mode)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmod_failure); +ATF_TC_HEAD(fchmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchmod(2) call"); +} + +ATF_TC_BODY(fchmod_failure, tc) +{ + const char *regex = "fchmod.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fchmod(-1, mode)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchmod_success); +ATF_TC_HEAD(lchmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lchmod(2) call"); +} + +ATF_TC_BODY(lchmod_success, tc) +{ + /* Symbolic link needs to exist to call lchmod(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, lchmod(path, mode)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lchmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchmod_failure); +ATF_TC_HEAD(lchmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lchmod(2) call"); +} + +ATF_TC_BODY(lchmod_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, lchmod(errpath, mode)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lchmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmodat_success); +ATF_TC_HEAD(fchmodat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchmodat(2) call"); +} + +ATF_TC_BODY(fchmodat_success, tc) +{ + /* File needs to exist to call fchmodat(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, fchmodat(AT_FDCWD, path, mode, 0)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(fchmodat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmodat_failure); +ATF_TC_HEAD(fchmodat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchmodat(2) call"); +} + +ATF_TC_BODY(fchmodat_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, fchmodat(AT_FDCWD, errpath, mode, 0)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fchmodat_failure, tc) +{ + cleanup(); +} ATF_TC_WITH_CLEANUP(open_read_creat_success); @@ -810,6 +994,15 @@ ATF_TP_ADD_TCS(tp) { + ATF_TP_ADD_TC(tp, chmod_success); + ATF_TP_ADD_TC(tp, chmod_failure); + ATF_TP_ADD_TC(tp, fchmod_success); + ATF_TP_ADD_TC(tp, fchmod_failure); + ATF_TP_ADD_TC(tp, lchmod_success); + ATF_TP_ADD_TC(tp, lchmod_failure); + ATF_TP_ADD_TC(tp, fchmodat_success); + ATF_TP_ADD_TC(tp, fchmodat_failure); + ATF_TP_ADD_TC(tp, open_read_creat_success); ATF_TP_ADD_TC(tp, open_read_creat_failure); ATF_TP_ADD_TC(tp, openat_read_creat_success); From owner-svn-soc-all@freebsd.org Sun May 20 09:35:09 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1CF04EAED93 for ; Sun, 20 May 2018 09:35:09 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ADFED78903 for ; Sun, 20 May 2018 09:35:08 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id D4064158BC for ; Sun, 20 May 2018 09:35:07 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4K9Z7hv012944 for ; Sun, 20 May 2018 09:35:07 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4K9Z684012928 for svn-soc-all@FreeBSD.org; Sun, 20 May 2018 09:35:06 GMT (envelope-from aniketp@FreeBSD.org) Date: Sun, 20 May 2018 09:35:06 GMT Message-Id: <201805200935.w4K9Z684012928@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337242 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 09:35:09 -0000 Author: aniketp Date: Sun May 20 09:35:05 2018 New Revision: 337242 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337242 Log: Add tests for chown(2) family file-modify Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Sun May 20 09:10:23 2018 (r337241) +++ soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Sun May 20 09:35:05 2018 (r337242) @@ -37,6 +37,8 @@ static struct pollfd fds[1]; static mode_t mode = 0777; +static uid_t uid = -1; +static gid_t gid = -1; static struct stat statbuff; static const char *path = "fileforaudit"; static const char *errpath = "dirdoesnotexist/fileforaudit"; @@ -224,6 +226,186 @@ } +ATF_TC_WITH_CLEANUP(chown_success); +ATF_TC_HEAD(chown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chown(2) call"); +} + +ATF_TC_BODY(chown_success, tc) +{ + /* File needs to exist to call chown(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, chown(path, uid, gid)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(chown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chown_failure); +ATF_TC_HEAD(chown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chown(2) call"); +} + +ATF_TC_BODY(chown_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chown(errpath, uid, gid)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchown_success); +ATF_TC_HEAD(fchown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchown(2) call"); +} + +ATF_TC_BODY(fchown_success, tc) +{ + int filedesc; + char regex[30]; + + /* File needs to exist to call fchown(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + ATF_REQUIRE_EQ(0, fstat(filedesc, &statbuff)); + /* Prepare the regex to be checked in the audit record */ + snprintf(regex, 30, "fchown.*%lu.*return,success", statbuff.st_ino); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, fchown(filedesc, uid, gid)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchown_failure); +ATF_TC_HEAD(fchown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchown(2) call"); +} + +ATF_TC_BODY(fchown_failure, tc) +{ + const char *regex = "fchown.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fchown(-1, uid, gid)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchown_success); +ATF_TC_HEAD(lchown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lchown(2) call"); +} + +ATF_TC_BODY(lchown_success, tc) +{ + /* Symbolic link needs to exist to call lchown(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, lchown(path, uid, gid)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lchown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchown_failure); +ATF_TC_HEAD(lchown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lchown(2) call"); +} + +ATF_TC_BODY(lchown_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, lchown(errpath, uid, gid)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lchown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchownat_success); +ATF_TC_HEAD(fchownat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchownat(2) call"); +} + +ATF_TC_BODY(fchownat_success, tc) +{ + /* File needs to exist to call fchownat(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, fchownat(AT_FDCWD, path, uid, gid, 0)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(fchownat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchownat_failure); +ATF_TC_HEAD(fchownat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchownat(2) call"); +} + +ATF_TC_BODY(fchownat_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, fchownat(AT_FDCWD, errpath, uid, gid, 0)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fchownat_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(open_read_creat_success); ATF_TC_HEAD(open_read_creat_success, tc) { @@ -1003,6 +1185,15 @@ ATF_TP_ADD_TC(tp, fchmodat_success); ATF_TP_ADD_TC(tp, fchmodat_failure); + ATF_TP_ADD_TC(tp, chown_success); + ATF_TP_ADD_TC(tp, chown_failure); + ATF_TP_ADD_TC(tp, fchown_success); + ATF_TP_ADD_TC(tp, fchown_failure); + ATF_TP_ADD_TC(tp, lchown_success); + ATF_TP_ADD_TC(tp, lchown_failure); + ATF_TP_ADD_TC(tp, fchownat_success); + ATF_TP_ADD_TC(tp, fchownat_failure); + ATF_TP_ADD_TC(tp, open_read_creat_success); ATF_TP_ADD_TC(tp, open_read_creat_failure); ATF_TP_ADD_TC(tp, openat_read_creat_success); From owner-svn-soc-all@freebsd.org Sun May 20 20:44:54 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C4DCEEED39 for ; Sun, 20 May 2018 20:44:54 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CE6D96F6E5 for ; Sun, 20 May 2018 20:44:53 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 02CE61B615 for ; Sun, 20 May 2018 20:44:53 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4KKiqJs021507 for ; Sun, 20 May 2018 20:44:52 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4KKipLl021449 for svn-soc-all@FreeBSD.org; Sun, 20 May 2018 20:44:51 GMT (envelope-from aniketp@FreeBSD.org) Date: Sun, 20 May 2018 20:44:51 GMT Message-Id: <201805202044.w4KKipLl021449@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337243 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 20:44:54 -0000 Author: aniketp Date: Sun May 20 20:44:49 2018 New Revision: 337243 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337243 Log: Tests for utimes(2), chflags(2) & chown(2) family Submitted by: Aniket Pandey aniketp@freebsd.org Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Sun May 20 09:35:05 2018 (r337242) +++ soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Sun May 20 20:44:49 2018 (r337243) @@ -27,6 +27,7 @@ */ #include +#include #include #include @@ -46,6 +47,96 @@ static const char *failurereg = "fileforaudit.*return,failure"; +ATF_TC_WITH_CLEANUP(flock_success); +ATF_TC_HEAD(flock_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "flock(2) call"); +} + +ATF_TC_BODY(flock_success, tc) +{ + int filedesc; + const char *regex = "flock.*return,success"; + /* File needs to exist to call flock(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, flock(filedesc, LOCK_SH)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(flock_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(flock_failure); +ATF_TC_HEAD(flock_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "flock(2) call"); +} + +ATF_TC_BODY(flock_failure, tc) +{ + const char *regex = "flock.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(-1, flock(-1, LOCK_SH)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(flock_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fcntl_success); +ATF_TC_HEAD(fcntl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fcntl(2) call"); +} + +ATF_TC_BODY(fcntl_success, tc) +{ + int filedesc; + const char *regex = "fcntl.*return,success,13"; + /* File needs to exist to call fcntl(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(13, fcntl(filedesc, F_DUPFD, 13)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fcntl_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fcntl_failure); +ATF_TC_HEAD(fcntl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fcntl(2) call"); +} + +ATF_TC_BODY(fcntl_failure, tc) +{ + const char *regex = "fcntl.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(-1, fcntl(-1, F_DUPFD, 1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fcntl_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(chmod_success); ATF_TC_HEAD(chmod_success, tc) { @@ -352,7 +443,7 @@ ATF_TC_BODY(lchown_failure, tc) { FILE *pipefd = setup(fds, "fm"); - /* Failure reason: file does not exist */ + /* Failure reason: Symbolic link does not exist */ ATF_REQUIRE_EQ(-1, lchown(errpath, uid, gid)); check_audit(fds, failurereg, pipefd); } @@ -406,6 +497,368 @@ } +ATF_TC_WITH_CLEANUP(chflags_success); +ATF_TC_HEAD(chflags_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chflags(2) call"); +} + +ATF_TC_BODY(chflags_success, tc) +{ + /* File needs to exist to call chflags(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, chflags(path, SF_IMMUTABLE)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(chflags_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chflags_failure); +ATF_TC_HEAD(chflags_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chflags(2) call"); +} + +ATF_TC_BODY(chflags_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chflags(errpath, SF_IMMUTABLE)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chflags_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchflags_success); +ATF_TC_HEAD(fchflags_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchflags(2) call"); +} + +ATF_TC_BODY(fchflags_success, tc) +{ + int filedesc; + char regex[30]; + + /* File needs to exist to call fchflags(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + ATF_REQUIRE_EQ(0, fstat(filedesc, &statbuff)); + /* Prepare the regex to be checked in the audit record */ + snprintf(regex, 30, "fchflags.*%lu.*return,success", statbuff.st_ino); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, fchflags(filedesc, SF_IMMUTABLE)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchflags_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchflags_failure); +ATF_TC_HEAD(fchflags_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchflags(2) call"); +} + +ATF_TC_BODY(fchflags_failure, tc) +{ + const char *regex = "fchflags.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fchflags(-1, SF_IMMUTABLE)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchflags_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchflags_success); +ATF_TC_HEAD(lchflags_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lchflags(2) call"); +} + +ATF_TC_BODY(lchflags_success, tc) +{ + /* Symbolic link needs to exist to call lchflags(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, lchflags(path, SF_IMMUTABLE)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lchflags_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchflags_failure); +ATF_TC_HEAD(lchflags_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lchflags(2) call"); +} + +ATF_TC_BODY(lchflags_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lchflags(errpath, SF_IMMUTABLE)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lchflags_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chflagsat_success); +ATF_TC_HEAD(chflagsat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chflagsat(2) call"); +} + +ATF_TC_BODY(chflagsat_success, tc) +{ + atf_tc_expect_fail("chflagsat(2) does not get audited"); + /* File needs to exist to call chflagsat(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, chflagsat(AT_FDCWD, path, SF_IMMUTABLE, 0)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(chflagsat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chflagsat_failure); +ATF_TC_HEAD(chflagsat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chflagsat(2) call"); +} + +ATF_TC_BODY(chflagsat_failure, tc) +{ + atf_tc_expect_fail("chflagsat(2) does not get audited"); + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chflagsat(AT_FDCWD, errpath, SF_IMMUTABLE, 0)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chflagsat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(utimes_success); +ATF_TC_HEAD(utimes_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "utimes(2) call"); +} + +ATF_TC_BODY(utimes_success, tc) +{ + /* File needs to exist to call utimes(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, utimes(path, NULL)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(utimes_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(utimes_failure); +ATF_TC_HEAD(utimes_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "utimes(2) call"); +} + +ATF_TC_BODY(utimes_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, utimes(errpath, NULL)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(utimes_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimes_success); +ATF_TC_HEAD(futimes_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "futimes(2) call"); +} + +ATF_TC_BODY(futimes_success, tc) +{ + int filedesc; + char regex[30]; + + /* File needs to exist to call futimes(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + ATF_REQUIRE_EQ(0, fstat(filedesc, &statbuff)); + /* Prepare the regex to be checked in the audit record */ + snprintf(regex, 30, "futimes.*%lu.*return,success", statbuff.st_ino); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, futimes(filedesc, NULL)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(futimes_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimes_failure); +ATF_TC_HEAD(futimes_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "futimes(2) call"); +} + +ATF_TC_BODY(futimes_failure, tc) +{ + const char *regex = "futimes.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, futimes(-1, NULL)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(futimes_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lutimes_success); +ATF_TC_HEAD(lutimes_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lutimes(2) call"); +} + +ATF_TC_BODY(lutimes_success, tc) +{ + /* Symbolic link needs to exist to call lutimes(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, lutimes(path, NULL)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lutimes_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lutimes_failure); +ATF_TC_HEAD(lutimes_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lutimes(2) call"); +} + +ATF_TC_BODY(lutimes_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lutimes(errpath, NULL)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lutimes_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimesat_success); +ATF_TC_HEAD(futimesat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "futimesat(2) call"); +} + +ATF_TC_BODY(futimesat_success, tc) +{ + /* File needs to exist to call futimesat(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, futimesat(AT_FDCWD, path, NULL)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(futimesat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimesat_failure); +ATF_TC_HEAD(futimesat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "futimesat(2) call"); +} + +ATF_TC_BODY(futimesat_failure, tc) +{ + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, futimesat(AT_FDCWD, errpath, NULL)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(futimesat_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(open_read_creat_success); ATF_TC_HEAD(open_read_creat_success, tc) { @@ -1176,6 +1629,12 @@ ATF_TP_ADD_TCS(tp) { + ATF_TP_ADD_TC(tp, flock_success); + ATF_TP_ADD_TC(tp, flock_failure); + + ATF_TP_ADD_TC(tp, fcntl_success); + ATF_TP_ADD_TC(tp, fcntl_failure); + ATF_TP_ADD_TC(tp, chmod_success); ATF_TP_ADD_TC(tp, chmod_failure); ATF_TP_ADD_TC(tp, fchmod_success); @@ -1194,6 +1653,24 @@ ATF_TP_ADD_TC(tp, fchownat_success); ATF_TP_ADD_TC(tp, fchownat_failure); + ATF_TP_ADD_TC(tp, chflags_success); + ATF_TP_ADD_TC(tp, chflags_failure); + ATF_TP_ADD_TC(tp, fchflags_success); + ATF_TP_ADD_TC(tp, fchflags_failure); + ATF_TP_ADD_TC(tp, lchflags_success); + ATF_TP_ADD_TC(tp, lchflags_failure); + ATF_TP_ADD_TC(tp, chflagsat_success); + ATF_TP_ADD_TC(tp, chflagsat_failure); + + ATF_TP_ADD_TC(tp, utimes_success); + ATF_TP_ADD_TC(tp, utimes_failure); + ATF_TP_ADD_TC(tp, futimes_success); + ATF_TP_ADD_TC(tp, futimes_failure); + ATF_TP_ADD_TC(tp, lutimes_success); + ATF_TP_ADD_TC(tp, lutimes_failure); + ATF_TP_ADD_TC(tp, futimesat_success); + ATF_TP_ADD_TC(tp, futimesat_failure); + ATF_TP_ADD_TC(tp, open_read_creat_success); ATF_TP_ADD_TC(tp, open_read_creat_failure); ATF_TP_ADD_TC(tp, openat_read_creat_success); From owner-svn-soc-all@freebsd.org Mon May 21 19:37:16 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85FD0EFCD65 for ; Mon, 21 May 2018 19:37:16 +0000 (UTC) (envelope-from sduo@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F77C6D5CD for ; Mon, 21 May 2018 19:37:16 +0000 (UTC) (envelope-from sduo@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 5A48827B95 for ; Mon, 21 May 2018 19:37:15 +0000 (UTC) (envelope-from sduo@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4LJbFgl072379 for ; Mon, 21 May 2018 19:37:15 GMT (envelope-from sduo@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4LJbBrV072267 for svn-soc-all@FreeBSD.org; Mon, 21 May 2018 19:37:11 GMT (envelope-from sduo@FreeBSD.org) Date: Mon, 21 May 2018 19:37:11 GMT Message-Id: <201805211937.w4LJbBrV072267@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to sduo@FreeBSD.org using -f From: sduo@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337244 - in soc2018/sduo/head/sys: amd64/conf conf dev/vale_vlan modules/vale_vlan MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2018 19:37:16 -0000 Author: sduo Date: Mon May 21 19:37:09 2018 New Revision: 337244 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337244 Log: An hardcoded VLAN configuration can be created, and destroyed, through write and read calls on a special device. Changed sys/conf/files and created a new kernel configuration files to add the vale_vlan module to the kernel. Added: soc2018/sduo/head/sys/amd64/conf/VV_CONF soc2018/sduo/head/sys/dev/vale_vlan/ soc2018/sduo/head/sys/dev/vale_vlan/vale_vlan.c soc2018/sduo/head/sys/dev/vale_vlan/vale_vlan_freebsd.c soc2018/sduo/head/sys/dev/vale_vlan/vale_vlan_kern.h soc2018/sduo/head/sys/dev/vale_vlan/vv_freebsd_interface.c soc2018/sduo/head/sys/dev/vale_vlan/vv_os_interface.h soc2018/sduo/head/sys/modules/vale_vlan/ soc2018/sduo/head/sys/modules/vale_vlan/Makefile Modified: soc2018/sduo/head/sys/conf/files Added: soc2018/sduo/head/sys/amd64/conf/VV_CONF ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2018/sduo/head/sys/amd64/conf/VV_CONF Mon May 21 19:37:09 2018 (r337244) @@ -0,0 +1,375 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/amd64 +# +# For more information on this file, please read the config(5) manual page, +# and/or the handbook section on Kernel Configuration Files: +# +# https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (https://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: soc2018/sduo/head/sys/amd64/conf/GENERIC 336667 2018-04-26 16:59:06Z sbruno $ + +cpu HAMMER +ident GENERIC + +makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols +makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options VIMAGE # Subsystem virtualization, e.g. VNET +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options IPSEC # IP (v4/v6) security +options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options TCP_OFFLOAD # TCP offload +options TCP_BLACKBOX # Enhanced TCP event logging +options TCP_HHOOK # hhook(9) framework for TCP +options TCP_RFC7413 # TCP Fast Open +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_ACL # Support for access control lists +options UFS_DIRHASH # Improve performance on big directories +options UFS_GJOURNAL # Enable gjournal-based UFS journaling +options QUOTA # Enable disk quotas for UFS +options MD_ROOT # MD is a potential root device +options NFSCL # Network Filesystem Client +options NFSD # Network Filesystem Server +options NFSLOCKD # Network Lock Manager +options NFS_ROOT # NFS usable as /, requires NFSCL +options MSDOSFS # MSDOS Filesystem +options CD9660 # ISO 9660 Filesystem +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_PART_GPT # GUID Partition Tables. +options GEOM_RAID # Soft RAID functionality. +options GEOM_LABEL # Provides labelization +options COMPAT_FREEBSD32 # Compatible with i386 binaries +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options COMPAT_FREEBSD5 # Compatible with FreeBSD5 +options COMPAT_FREEBSD6 # Compatible with FreeBSD6 +options COMPAT_FREEBSD7 # Compatible with FreeBSD7 +options COMPAT_FREEBSD9 # Compatible with FreeBSD9 +options COMPAT_FREEBSD10 # Compatible with FreeBSD10 +options COMPAT_FREEBSD11 # Compatible with FreeBSD11 +options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI +options KTRACE # ktrace(1) support +options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) +options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities +options MAC # TrustedBSD MAC Framework +options KDTRACE_FRAME # Ensure frames are compiled in +options KDTRACE_HOOKS # Kernel DTrace hooks +options DDB_CTF # Kernel ELF linker loads CTF data +options INCLUDE_CONFIG_FILE # Include this file in kernel +options RACCT # Resource accounting framework +options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default +options RCTL # Resource limits + +# Debugging support. Always need this: +options KDB # Enable kernel debugger support. +options KDB_TRACE # Print a stack trace for a panic. +# For full debugger support use (turn off in stable branch): +options BUF_TRACKING # Track buffer history +options DDB # Support DDB. +options FULL_BUF_TRACKING # Track more buffer history +options GDB # Support remote GDB. +options DEADLKRES # Enable the deadlock resolver +options INVARIANTS # Enable calls of extra sanity checking +options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS +options WITNESS # Enable checks to detect deadlocks and cycles +options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed +options MALLOC_DEBUG_MAXZONES=8 # Separate malloc(9) zones + +# Make an SMP-capable kernel by default +options SMP # Symmetric MultiProcessor Kernel +options EARLY_AP_STARTUP + +# CPU frequency control +device cpufreq + +# Bus support. +device acpi +options ACPI_DMAR +device pci +options PCI_HP # PCI-Express native HotPlug +options PCI_IOV # PCI SR-IOV support + +# Floppy drives +device fdc + +# ATA controllers +device ahci # AHCI-compatible SATA controllers +device ata # Legacy ATA/SATA controllers +device mvs # Marvell 88SX50XX/88SX60XX/88SX70XX/SoC SATA +device siis # SiliconImage SiI3124/SiI3132/SiI3531 SATA + +# SCSI Controllers +device ahc # AHA2940 and onboard AIC7xxx devices +device ahd # AHA39320/29320 and onboard AIC79xx devices +device esp # AMD Am53C974 (Tekram DC-390(T)) +device hptiop # Highpoint RocketRaid 3xxx series +device isp # Qlogic family +#device ispfw # Firmware for QLogic HBAs- normally a module +device mpt # LSI-Logic MPT-Fusion +device mps # LSI-Logic MPT-Fusion 2 +device mpr # LSI-Logic MPT-Fusion 3 +#device ncr # NCR/Symbios Logic +device sym # NCR/Symbios Logic (newer chipsets + those of `ncr') +device trm # Tekram DC395U/UW/F DC315U adapters + +device adv # Advansys SCSI adapters +device adw # Advansys wide SCSI adapters +device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60. +device bt # Buslogic/Mylex MultiMaster SCSI adapters +device isci # Intel C600 SAS controller +device ocs_fc # Emulex FC adapters + +# ATA/SCSI peripherals +device scbus # SCSI bus (required for ATA/SCSI) +device ch # SCSI media changers +device da # Direct Access (disks) +device sa # Sequential Access (tape etc) +device cd # CD +device pass # Passthrough device (direct ATA/SCSI access) +device ses # Enclosure Services (SES and SAF-TE) +#device ctl # CAM Target Layer + +# RAID controllers interfaced to the SCSI subsystem +device amr # AMI MegaRAID +device arcmsr # Areca SATA II RAID +device ciss # Compaq Smart RAID 5* +device dpt # DPT Smartcache III, IV - See NOTES for options +device hptmv # Highpoint RocketRAID 182x +device hptnr # Highpoint DC7280, R750 +device hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx +device hpt27xx # Highpoint RocketRAID 27xx +device iir # Intel Integrated RAID +device ips # IBM (Adaptec) ServeRAID +device mly # Mylex AcceleRAID/eXtremeRAID +device twa # 3ware 9000 series PATA/SATA RAID +device smartpqi # Microsemi smartpqi driver +device tws # LSI 3ware 9750 SATA+SAS 6Gb/s RAID controller + +# RAID controllers +device aac # Adaptec FSA RAID +device aacp # SCSI passthrough for aac (requires CAM) +device aacraid # Adaptec by PMC RAID +device ida # Compaq Smart RAID +device mfi # LSI MegaRAID SAS +device mlx # Mylex DAC960 family +device mrsas # LSI/Avago MegaRAID SAS/SATA, 6Gb/s and 12Gb/s +device pmspcv # PMC-Sierra SAS/SATA Controller driver +#XXX pointer/int warnings +#device pst # Promise Supertrak SX6000 +device twe # 3ware ATA RAID + +# NVM Express (NVMe) support +device nvme # base NVMe driver +device nvd # expose NVMe namespaces as disks, depends on nvme + +# atkbdc0 controls both the keyboard and the PS/2 mouse +device atkbdc # AT keyboard controller +device atkbd # AT keyboard +device psm # PS/2 mouse + +device kbdmux # keyboard multiplexer + +device vga # VGA video card driver +options VESA # Add support for VESA BIOS Extensions (VBE) + +device splash # Splash screen and screen saver support + +# syscons is the default console driver, resembling an SCO console +device sc +options SC_PIXEL_MODE # add support for the raster text mode + +# vt is the new video console driver +device vt +device vt_vga +device vt_efifb + +device agp # support several AGP chipsets + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device uart # Generic UART driver + +# Parallel port +device ppc +device ppbus # Parallel port bus (required) +device lpt # Printer +device ppi # Parallel port interface device +#device vpo # Requires scbus and da + +device puc # Multi I/O cards and multi-channel UARTs + +# PCI Ethernet NICs. +device bxe # Broadcom NetXtreme II BCM5771X/BCM578XX 10GbE +device de # DEC/Intel DC21x4x (``Tulip'') +device em # Intel PRO/1000 Gigabit Ethernet Family +device ix # Intel PRO/10GbE PCIE PF Ethernet +device ixv # Intel PRO/10GbE PCIE VF Ethernet +device ixl # Intel XL710 40Gbe PCIE Ethernet +options IXL_IW # Enable iWARP Client Interface in ixl(4) +device ixlv # Intel XL710 40Gbe VF PCIE Ethernet +device le # AMD Am7900 LANCE and Am79C9xx PCnet +device ti # Alteon Networks Tigon I/II gigabit Ethernet +device txp # 3Com 3cR990 (``Typhoon'') +device vx # 3Com 3c590, 3c595 (``Vortex'') + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device ae # Attansic/Atheros L2 FastEthernet +device age # Attansic/Atheros L1 Gigabit Ethernet +device alc # Atheros AR8131/AR8132 Ethernet +device ale # Atheros AR8121/AR8113/AR8114 Ethernet +device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet +device bfe # Broadcom BCM440x 10/100 Ethernet +device bge # Broadcom BCM570xx Gigabit Ethernet +device cas # Sun Cassini/Cassini+ and NS DP83065 Saturn +device dc # DEC/Intel 21143 and various workalikes +device et # Agere ET1310 10/100/Gigabit Ethernet +device fxp # Intel EtherExpress PRO/100B (82557, 82558) +device gem # Sun GEM/Sun ERI/Apple GMAC +device hme # Sun HME (Happy Meal Ethernet) +device jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet +device lge # Level 1 LXT1001 gigabit Ethernet +device msk # Marvell/SysKonnect Yukon II Gigabit Ethernet +device nfe # nVidia nForce MCP on-board Ethernet +device nge # NatSemi DP83820 gigabit Ethernet +device pcn # AMD Am79C97x PCI 10/100 (precedence over 'le') +device re # RealTek 8139C+/8169/8169S/8110S +device rl # RealTek 8129/8139 +device sf # Adaptec AIC-6915 (``Starfire'') +device sge # Silicon Integrated Systems SiS190/191 +device sis # Silicon Integrated Systems SiS 900/SiS 7016 +device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet +device ste # Sundance ST201 (D-Link DFE-550TX) +device stge # Sundance/Tamarack TC9021 gigabit Ethernet +device tl # Texas Instruments ThunderLAN +device tx # SMC EtherPower II (83c170 ``EPIC'') +device vge # VIA VT612x gigabit Ethernet +device vr # VIA Rhine, Rhine II +device wb # Winbond W89C840F +device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') + +# Wireless NIC cards +device wlan # 802.11 support +options IEEE80211_DEBUG # enable debug msgs +options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's +options IEEE80211_SUPPORT_MESH # enable 802.11s draft support +device wlan_wep # 802.11 WEP support +device wlan_ccmp # 802.11 CCMP support +device wlan_tkip # 802.11 TKIP support +device wlan_amrr # AMRR transmit rate control algorithm +device an # Aironet 4500/4800 802.11 wireless NICs. +device ath # Atheros NICs +device ath_pci # Atheros pci/cardbus glue +device ath_hal # pci/cardbus chip support +options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors +options AH_AR5416_INTERRUPT_MITIGATION # AR5416 interrupt mitigation +options ATH_ENABLE_11N # Enable 802.11n support for AR5416 and later +device ath_rate_sample # SampleRate tx rate control for ath +#device bwi # Broadcom BCM430x/BCM431x wireless NICs. +#device bwn # Broadcom BCM43xx wireless NICs. +device ipw # Intel 2100 wireless NICs. +device iwi # Intel 2200BG/2225BG/2915ABG wireless NICs. +device iwn # Intel 4965/1000/5000/6000 wireless NICs. +device malo # Marvell Libertas wireless NICs. +device mwl # Marvell 88W8363 802.11n wireless NICs. +device ral # Ralink Technology RT2500 wireless NICs. +device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. +device wpi # Intel 3945ABG wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device padlock_rng # VIA Padlock RNG +device rdrand_rng # Intel Bull Mountain RNG +device ether # Ethernet support +device vlan # 802.1Q VLAN support +device tun # Packet tunnel. +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +options USB_DEBUG # enable debug msgs +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device xhci # XHCI PCI->USB interface (USB 3.0) +device usb # USB Bus (required) +device ukbd # Keyboard +device umass # Disks/Mass storage - Requires scbus and da + +# Sound support +device sound # Generic sound driver (required) +device snd_cmi # CMedia CMI8338/CMI8738 +device snd_csa # Crystal Semiconductor CS461x/428x +device snd_emu10kx # Creative SoundBlaster Live! and Audigy +device snd_es137x # Ensoniq AudioPCI ES137x +device snd_hda # Intel High Definition Audio +device snd_ich # Intel, NVidia and other ICH AC'97 Audio +device snd_via8233 # VIA VT8233x Audio + +# MMC/SD +device mmc # MMC/SD bus +device mmcsd # MMC/SD memory card +device sdhci # Generic PCI SD Host Controller + +# VirtIO support +device virtio # Generic VirtIO bus (required) +device virtio_pci # VirtIO PCI device +device vtnet # VirtIO Ethernet device +device virtio_blk # VirtIO Block device +device virtio_scsi # VirtIO SCSI device +device virtio_balloon # VirtIO Memory Balloon device + +# HyperV drivers and enhancement support +device hyperv # HyperV drivers + +# Xen HVM Guest Optimizations +# NOTE: XENHVM depends on xenpci. They must be added or removed together. +options XENHVM # Xen HVM kernel infrastructure +device xenpci # Xen HVM Hypervisor services driver + +# VMware support +device vmx # VMware VMXNET3 Ethernet + +# Netmap provides direct access to TX/RX rings on supported NICs +device netmap # netmap(4) support +device vale_vlan + +# The crypto framework is required by IPSEC +device crypto # Required by IPSEC Modified: soc2018/sduo/head/sys/conf/files ============================================================================== --- soc2018/sduo/head/sys/conf/files Sun May 20 20:44:49 2018 (r337243) +++ soc2018/sduo/head/sys/conf/files Mon May 21 19:37:09 2018 (r337244) @@ -2538,6 +2538,9 @@ dev/netmap/netmap_pt.c optional netmap dev/netmap/netmap_vale.c optional netmap dev/netmap/netmap_legacy.c optional netmap +dev/vale_vlan/vale_vlan.c optional vale_vlan +dev/vale_vlan/vv_freebsd_interface.c optional vale_vlan +dev/vale_vlan/vale_vlan_freebsd.c optional vale_vlan # compile-with "${NORMAL_C} -Wconversion -Wextra" dev/nfsmb/nfsmb.c optional nfsmb pci dev/nge/if_nge.c optional nge Added: soc2018/sduo/head/sys/dev/vale_vlan/vale_vlan.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2018/sduo/head/sys/dev/vale_vlan/vale_vlan.c Mon May 21 19:37:09 2018 (r337244) @@ -0,0 +1,528 @@ +#include + + + +#define TAG_LENGTH 4 +#define TAG_START 12 +#define TAG_END (TAG_START + TAG_LENGTH) +#define TAG_PID 12 +#define TAG_CI 14 +#define TAG_PID_OFFSET 0 /* from start of tag */ +#define TAG_CI_OFFSET 2 /* from start of tag */ + + + +static int +tag_frame(struct nm_bdg_fwd *ft, struct netmap_vp_adapter *vpna, + uint16_t vlan_id) +{ + struct nm_bdg_fwd *ft_end = ft + ft->ft_frags - 1; + struct nm_bdg_fwd *ft_cur = NULL; + uint8_t *buf = NULL; + uint32_t buf_size; + uint16_t be_tpid; + uint16_t be_tci; /* at the moment PCP and DEI are always set to 0 */ + int n_bytes = 0; + + buf_size = NETMAP_BUF_SIZE((struct netmap_adapter *)vpna); + if (ft_end->ft_len + TAG_LENGTH > buf_size) { + D("Not enough space for the tag in the last fragment"); + return EINVAL; + } + if (ft->ft_offset + TAG_END > ft->ft_len) { + D("Header split between two nm_bdg_fwd," + "at the moment not supported"); + return EINVAL; + } + + ft_end->ft_len += TAG_LENGTH; + for (ft_cur = ft_end; ft_cur != ft-1; --ft_cur) { + uint8_t *start_addr = NULL; + uint8_t *dest_addr = NULL; + uint16_t buf_len = ft_cur->ft_len; + buf = ft_cur->ft_buf; + + if (ft_cur->ft_flags & NS_INDIRECT) { + return EINVAL; + } + if (ft_cur != ft_end) { + /* copy 4 bytes from the end of the current buffer + * to the beginning of the next buffer + */ + uint8_t *next_buf = (ft_cur+1)->ft_buf; + start_addr = buf + buf_len - TAG_LENGTH; + dest_addr = next_buf; + *(uint32_t *)dest_addr = *(uint32_t *)start_addr; + } + + start_addr = buf + ft_cur->ft_offset; + dest_addr = start_addr + TAG_LENGTH; + /* we alredy added TAG_LENGTH to ft_end->ft_len, therefore the + * last fragment case is covered without any additional check + */ + n_bytes = buf_len - TAG_LENGTH - ft_cur->ft_offset; + memmove(dest_addr, start_addr, n_bytes); + } + + /* now we need to write the tag */ + be_tpid = htobe16(0x8100); + be_tci = htobe16(vlan_id); + buf = ft->ft_buf; + *(uint16_t *)(buf + ft->ft_offset + TAG_PID) = be_tpid; + *(uint16_t *)(buf + ft->ft_offset + TAG_CI) = be_tci; + + return 0; +} + + + +static int +untag_frame(struct nm_bdg_fwd *ft, struct netmap_vp_adapter *vpna, + uint16_t *vlan_id) +{ + struct nm_bdg_fwd *ft_end = ft + ft->ft_frags - 1; + struct nm_bdg_fwd *ft_cur = NULL; + uint8_t *buf = NULL; + uint16_t be_tpid; + uint16_t be_tci; + int n_bytes = 0; + + if (ft->ft_offset + TAG_END > ft->ft_len) { + /* header split between two nm_bdg_fwd, + * at the moment not supported + */ + return EINVAL; + } + if (ft_end->ft_len < TAG_LENGTH) { + /* the last fragment empties and we need to update fragmentation + * flags etc. at the moment we don't handle this case + */ + return EINVAL; + } + + /* first we retrieve the informations we need */ + buf = ft->ft_buf; + be_tpid = *(uint16_t *)(buf + ft->ft_offset + TAG_PID); + if (be16toh(be_tpid) != 0x8100) { + D("Not an IEEE802.Q frame"); + return EINVAL; + } + be_tci = *(uint16_t *)(buf + ft->ft_offset + TAG_CI); + *vlan_id = be16toh(be_tci) & 0x0FFF; + + /* then we remove the tag */ + for (ft_cur = ft; ft_cur != ft_end+1; ++ft_cur) { + uint8_t *start_addr = NULL; + uint8_t *dest_addr = NULL; + uint16_t buf_len = ft_cur->ft_len; + buf = ft_cur->ft_buf; + + if (ft_cur->ft_flags & NS_INDIRECT) { + /* we do not support indirect userspace buffers */ + return EINVAL; + } + if (ft_cur != ft) { + /* copy 4 bytes from the start of the current buffer + * to the end of the previous buffer + */ + struct nm_bdg_fwd *prev_ft = ft_cur - 1; + uint8_t *prev_buf = prev_ft->ft_buf; + uint16_t prev_buf_len = prev_ft->ft_len; + + start_addr = buf; + dest_addr = prev_buf + prev_buf_len - TAG_LENGTH; + *(uint32_t *)dest_addr = *(uint32_t *)start_addr; + } + + dest_addr = buf + ft->ft_offset; + start_addr = dest_addr + TAG_LENGTH; + n_bytes = buf_len - TAG_LENGTH - ft->ft_offset; + memmove(dest_addr, start_addr, n_bytes); + } + + ft_end->ft_len -= TAG_LENGTH; + return 0; +} + + + +#define MAX_VLAN_ID 4096 + +struct vlan_lookup_data { + uint32_t trunk_port; + uint16_t port_to_vlan[NM_BDG_MAXPORTS]; + uint32_t vlan_to_port[MAX_VLAN_ID]; +}; + + + +static uint32_t +vlan_lookup(struct nm_bdg_fwd *ft, uint8_t *dst_ring, + struct netmap_vp_adapter *vpna, void *lookup_data) +{ + struct vlan_lookup_data *l_data = lookup_data; + uint32_t bdg_port = vpna->bdg_port; + uint32_t dest_port = NM_BDG_NOPORT; + uint16_t vlan_id = 0x000; + const char *bdg_name; + int ret = 0; + + bdg_name = netmap_bdg_name(vpna); + + if (ft->ft_flags & NS_INDIRECT) { + /* we do not handle userspace indirect buffers */ + return NM_BDG_NOPORT; + } + + if (bdg_port == l_data->trunk_port) { + ret = untag_frame(ft, vpna, &vlan_id); + if (ret) { + return NM_BDG_NOPORT; + } + + dest_port = l_data->vlan_to_port[vlan_id]; + } else { + vlan_id = l_data->port_to_vlan[bdg_port]; + ret = tag_frame(ft, vpna, vlan_id); + if (ret) { + return NM_BDG_NOPORT; + } + + dest_port = l_data->trunk_port; + } + + return dest_port; +} + + + +static struct netmap_bdg_ops vlan_ops = {vlan_lookup, NULL, NULL}; + + + +/* must be called with GLOBAL_LOCK */ +static void +initialize_lookup_data(struct vlan_lookup_data *l_data) +{ + int i; + + l_data->trunk_port = NM_BDG_NOPORT; + for (i = 0; i < NM_BDG_MAXPORTS; ++i) { + l_data->port_to_vlan[i] = 0x000; + } + for (i = 0; i < MAX_VLAN_ID; ++i) { + l_data->vlan_to_port[i] = NM_BDG_NOPORT; + } +} + + + +static int +create_vale_port(const char* name) +{ + struct nmreq_vale_newif newif; + struct nmreq_header hdr; + int ret = 0; + + D("Trying to create port '%s'", name); + + bzero(&hdr, sizeof(hdr)); + hdr.nr_version = NETMAP_API; + hdr.nr_reqtype = NETMAP_REQ_VALE_NEWIF; + strncpy(hdr.nr_name, name, sizeof(hdr.nr_name)); + + bzero(&newif, sizeof(newif)); + hdr.nr_body = (uint64_t)&newif; + + ret = nm_vi_create(&hdr); + if (ret == 0) { + vv_try_module_get(); + } else { + D("Error %d during port '%s' nm_vi_create()", ret, name); + } + + return ret; +} + + + +static int +destroy_vale_port(const char* name) +{ + int ret; + + D("Trying to destroy port '%s'", name); + ret = nm_vi_destroy(name); + if (ret == 0) { + vv_module_put(); + } else { + D("Error %d during port '%s' nm_vi_destroy()", ret, name); + } + return ret; +} + + + +static int +attach_port(const char *bdg_name, const char *port_name, void *auth_token, + uint32_t *port_index) +{ + struct nmreq_vale_attach nmr_att; + struct nmreq_header hdr; + int ret = 0; + + D("Trying to attach port '%s%s'", bdg_name, port_name); + bzero(&nmr_att, sizeof(nmr_att)); + nmr_att.reg.nr_mode = NR_REG_ALL_NIC; + + bzero(&hdr, sizeof(hdr)); + hdr.nr_version = NETMAP_API; + hdr.nr_reqtype = NETMAP_REQ_VALE_ATTACH; + hdr.nr_body = (uint64_t)&nmr_att; + snprintf(hdr.nr_name, sizeof(hdr.nr_name), "%s%s", bdg_name, port_name); + + ret = nm_bdg_ctl_attach(&hdr, auth_token); + if (ret == 0) { + vv_try_module_get(); + + } + if (port_index != NULL) { + *port_index = nmr_att.port_index; + } + return ret; +} + + + +static int +detach_port(const char *bdg_name, const char *port_name, void *auth_token, + uint32_t *port_index) +{ + struct nmreq_vale_detach nmr_det; + struct nmreq_header hdr; + int ret = 0; + + D("Trying to detach port %s%s", bdg_name, port_name); + bzero(&nmr_det, sizeof(nmr_det)); + + bzero(&hdr, sizeof(hdr)); + hdr.nr_version = NETMAP_API; + hdr.nr_reqtype = NETMAP_REQ_VALE_DETACH; + hdr.nr_body = (uint64_t)&nmr_det; + snprintf(hdr.nr_name, sizeof(hdr.nr_name), "%s%s", bdg_name, port_name); + + ret = nm_bdg_ctl_detach(&hdr, auth_token); + if (ret == 0) { + vv_module_put(); + } + if (port_index != NULL) { + *port_index = nmr_det.port_index; + } + return ret; +} + + +#define VALE_V1A "valev1A:" +#define VALE_V1B "valev1B:" +#define VALE_V2A "valev2A:" +#define VALE_V2B "valev2B:" +#define VALE_V500B "valev500B:" +#define VALE_MODA "valemodA:" +#define VALE_MODB "valemodB:" + +void *token_v1_A; +void *token_v1_B; +void *token_v2_A; +void *token_v2_B; +void *token_v500_B; +void *token_A; +void *token_B; + +struct vlan_lookup_data data_A; +struct vlan_lookup_data data_B; + + + +static void +create_ports(void) +{ + + create_vale_port("v1"); + create_vale_port("v2"); + create_vale_port("v3"); + create_vale_port("v4"); + create_vale_port("v5"); + create_vale_port("v6"); + create_vale_port("vtp"); + create_vale_port("ap1A"); + create_vale_port("ap1B"); + create_vale_port("ap2A"); + create_vale_port("ap2B"); + create_vale_port("ap500B"); +} + + + +static void +create_bridges(void) +{ + int ret; + + token_A = netmap_bdg_create(VALE_MODA, &ret); + token_B = netmap_bdg_create(VALE_MODB, &ret); + token_v1_A = netmap_bdg_create(VALE_V1A, &ret); + token_v1_B = netmap_bdg_create(VALE_V1B, &ret); + token_v2_A = netmap_bdg_create(VALE_V2A, &ret); + token_v2_B = netmap_bdg_create(VALE_V2B, &ret); + token_v500_B = netmap_bdg_create(VALE_V500B, &ret); +} + + + +static void +connect_ports(void) +{ + + attach_port(VALE_V1A, "v1", token_v1_A, NULL); + attach_port(VALE_V1A, "v2", token_v1_A, NULL); + attach_port(VALE_V1A, "ap1A", token_v1_A, NULL); + + attach_port(VALE_V2A, "v3", token_v2_A, NULL); + attach_port(VALE_V2A, "v3", token_v2_A, NULL); + attach_port(VALE_V2A, "ap2A", token_v2_A, NULL); + + attach_port(VALE_V1B, "v4", token_v1_B, NULL); + attach_port(VALE_V1B, "ap1B", token_v1_B, NULL); + + attach_port(VALE_V2B, "v5", token_v2_B, NULL); + attach_port(VALE_V2B, "ap2B", token_v2_B, NULL); + + attach_port(VALE_V500B, "v6", token_v500_B, NULL); + attach_port(VALE_V500B, "ap500B", token_v500_B, NULL); + + attach_port(VALE_MODA, "ap1A", token_A, NULL); + attach_port(VALE_MODA, "ap2A", token_A, NULL); + attach_port(VALE_MODA, "vtp", token_A, NULL); + + attach_port(VALE_MODB, "ap1B", token_B, NULL); + attach_port(VALE_MODB, "ap2B", token_B, NULL); + attach_port(VALE_MODB, "ap500B", token_B, NULL); + attach_port(VALE_MODB, "vtp", token_B, NULL); +} + + + +static void +delete_ports(void) +{ + + destroy_vale_port("v1"); + destroy_vale_port("v2"); + destroy_vale_port("v3"); + destroy_vale_port("v4"); + destroy_vale_port("v5"); + destroy_vale_port("v6"); + destroy_vale_port("vtp"); + destroy_vale_port("ap1A"); + destroy_vale_port("ap1B"); + destroy_vale_port("ap2A"); + destroy_vale_port("ap2B"); + destroy_vale_port("ap500B"); +} + + + +static void +delete_bridges(void) +{ + + netmap_bdg_destroy(VALE_MODA, &token_A); + netmap_bdg_destroy(VALE_MODB, &token_B); + netmap_bdg_destroy(VALE_V1A, &token_v1_A); + netmap_bdg_destroy(VALE_V1B, &token_v1_B); + netmap_bdg_destroy(VALE_V2A, &token_v2_A); + netmap_bdg_destroy(VALE_V2B, &token_v2_B); + netmap_bdg_destroy(VALE_V500B, &token_v500_B); +} + + + +static void +detach_ports(void) +{ + + + detach_port(VALE_MODB, "vtp", token_B, NULL); + detach_port(VALE_MODB, "ap500B", token_B, NULL); + detach_port(VALE_MODB, "ap2B", token_B, NULL); + detach_port(VALE_MODB, "ap1B", token_B, NULL); + + + detach_port(VALE_MODA, "vtp", token_A, NULL); + detach_port(VALE_MODA, "ap2A", token_A, NULL); + detach_port(VALE_MODA, "ap1A", token_A, NULL); + + + detach_port(VALE_V500B, "ap500B", token_v500_B, NULL); + detach_port(VALE_V500B, "v6", token_v500_B, NULL); + + detach_port(VALE_V2B, "ap2B", token_v2_B, NULL); + detach_port(VALE_V2B, "v5", token_v2_B, NULL); + + detach_port(VALE_V1B, "ap1B", token_v1_B, NULL); + detach_port(VALE_V1B, "v4", token_v1_B, NULL); + + detach_port(VALE_V2A, "ap2A", token_v2_A, NULL); + detach_port(VALE_V2A, "v3", token_v2_A, NULL); + detach_port(VALE_V2A, "v3", token_v2_A, NULL); + + detach_port(VALE_V1A, "ap1A", token_v1_A, NULL); + detach_port(VALE_V1A, "v2", token_v1_A, NULL); + detach_port(VALE_V1A, "v1", token_v1_A, NULL); +} + + + +static void +modify_bridges(void) +{ + + initialize_lookup_data(&data_A); + initialize_lookup_data(&data_B); + data_A.vlan_to_port[1] = 0; + data_A.vlan_to_port[2] = 1; + data_A.port_to_vlan[0] = 1; + data_A.port_to_vlan[1] = 2; + data_A.trunk_port = 2; + + data_B.vlan_to_port[1] = 0; + data_B.vlan_to_port[2] = 1; + data_B.vlan_to_port[500] = 2; + data_B.trunk_port = 3; + + netmap_bdg_regops(VALE_MODA, &vlan_ops, &data_A, token_A); + netmap_bdg_regops(VALE_MODB, &vlan_ops, &data_B, token_B); +} + + + +void +vv_create_conf(void) +{ + + create_ports(); + create_bridges(); + connect_ports(); + modify_bridges(); +} + + + +void +vv_delete_conf(void) +{ + + detach_ports(); + delete_bridges(); + delete_ports(); +} \ No newline at end of file Added: soc2018/sduo/head/sys/dev/vale_vlan/vale_vlan_freebsd.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2018/sduo/head/sys/dev/vale_vlan/vale_vlan_freebsd.c Mon May 21 19:37:09 2018 (r337244) @@ -0,0 +1,130 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#include + + + +#define DEV_NAME "vale_vlan" + + + +static d_open_t vale_vlan_open; +static d_close_t vale_vlan_close; +static d_read_t vale_vlan_read; +static d_write_t vale_vlan_write; + + + +static struct cdevsw vale_vlan_cdevsw = { + .d_version = D_VERSION, + .d_open = vale_vlan_open, + .d_close = vale_vlan_close, + .d_read = vale_vlan_read, + .d_write = vale_vlan_write, + .d_name = DEV_NAME, +}; +static struct cdev *vale_vlan_cdev; +static struct sx GLOBAL_LOCK; + + + +static int +vale_vlan_open(struct cdev *dev __unused, int oflags __unused, + int devtype __unused, struct thread *td __unused) +{ + + return 0; +} + + + +static int +vale_vlan_write(struct cdev *dev __unused, struct uio *uio, int ioflag __unused) +{ + + sx_xlock(&GLOBAL_LOCK); + CURVNET_SET(TD_TO_VNET(uio->uio_td)); + vv_create_conf(); + CURVNET_RESTORE(); + sx_xunlock(&GLOBAL_LOCK); + return 0; +} + + + +static int +vale_vlan_read(struct cdev *dev __unused, struct uio *uio, int ioflag __unused) +{ + + sx_xlock(&GLOBAL_LOCK); + CURVNET_SET(TD_TO_VNET(uio->uio_td)); + vv_delete_conf(); + CURVNET_RESTORE(); + sx_xunlock(&GLOBAL_LOCK); + return 0; +} + + + *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-soc-all@freebsd.org Tue May 22 13:27:15 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91912EF5A38 for ; Tue, 22 May 2018 13:27:15 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2D8F57425C for ; Tue, 22 May 2018 13:27:15 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 52D0E11266 for ; Tue, 22 May 2018 13:27:14 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4MDRE6h066369 for ; Tue, 22 May 2018 13:27:14 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4MDRD6f066314 for svn-soc-all@FreeBSD.org; Tue, 22 May 2018 13:27:13 GMT (envelope-from aniketp@FreeBSD.org) Date: Tue, 22 May 2018 13:27:13 GMT Message-Id: <201805221327.w4MDRD6f066314@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337245 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2018 13:27:15 -0000 Author: aniketp Date: Tue May 22 13:27:11 2018 New Revision: 337245 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337245 Log: Complete all 83 tests for file-attribute-modify audit_class Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Mon May 21 19:37:09 2018 (r337244) +++ soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Tue May 22 13:27:11 2018 (r337245) @@ -27,11 +27,16 @@ */ #include +#include #include +#include #include +#include #include #include +#include +#include #include #include "utils.h" @@ -40,7 +45,9 @@ static mode_t mode = 0777; static uid_t uid = -1; static gid_t gid = -1; +static char extregex[80]; static struct stat statbuff; +static const char *name = "authorname"; static const char *path = "fileforaudit"; static const char *errpath = "dirdoesnotexist/fileforaudit"; static const char *successreg = "fileforaudit.*return,success"; @@ -137,6 +144,57 @@ } +ATF_TC_WITH_CLEANUP(fsync_success); +ATF_TC_HEAD(fsync_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fsync(2) call"); +} + +ATF_TC_BODY(fsync_success, tc) +{ + int filedesc; + char regex[30]; + + /* File needs to exist to call fsync(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + ATF_REQUIRE_EQ(0, fstat(filedesc, &statbuff)); + /* Prepare the regex to be checked in the audit record */ + snprintf(regex, 30, "fsync.*%lu.*return,success", statbuff.st_ino); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, fsync(filedesc)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fsync_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fsync_failure); +ATF_TC_HEAD(fsync_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fsync(2) call"); +} + +ATF_TC_BODY(fsync_failure, tc) +{ + const char *regex = "fsync.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fsync(-1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fsync_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(chmod_success); ATF_TC_HEAD(chmod_success, tc) { @@ -859,6 +917,230 @@ } +ATF_TC_WITH_CLEANUP(mprotect_success); +ATF_TC_HEAD(mprotect_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "mprotect(2) call"); +} + +ATF_TC_BODY(mprotect_success, tc) +{ + const char *regex = "mprotect.*return,success"; + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(0, mprotect(NULL, 0, 0)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(mprotect_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(mprotect_failure); +ATF_TC_HEAD(mprotect_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "mprotect(2) call"); +} + +ATF_TC_BODY(mprotect_failure, tc) +{ + const char *regex = "mprotect.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(-1, mprotect((void *)SIZE_MAX, -1, PROT_NONE)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(mprotect_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(undelete_failure); +ATF_TC_HEAD(undelete_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "undelete(2) call"); +} + +ATF_TC_BODY(undelete_failure, tc) +{ + const char *regex = "undelete.*return,failure"; + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(-1, undelete(errpath)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(undelete_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_set_file_success); +ATF_TC_HEAD(extattr_set_file_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_set_file(2) call"); +} + +ATF_TC_BODY(extattr_set_file_success, tc) +{ + const char *buff = "ezio"; + /* File needs to exist to call extattr_set_file(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_set_file.*%s.*%s.*return,success,%lu", \ + path, name, sizeof(buff)); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path, \ + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_set_file_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_set_file_failure); +ATF_TC_HEAD(extattr_set_file_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_set_file(2) call"); +} + +ATF_TC_BODY(extattr_set_file_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_set_file.*%s.*%s.*failure", path, name); + + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, extattr_set_file(path, \ + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_set_file_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_set_fd_success); +ATF_TC_HEAD(extattr_set_fd_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_set_fd(2) call"); +} + +ATF_TC_BODY(extattr_set_fd_success, tc) +{ + int filedesc; + const char *buff = "ezio"; + /* File needs to exist to call extattr_set_fd(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_set_fd.*%s.*return,success", name); + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_fd(filedesc, \ + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_set_fd_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_set_fd_failure); +ATF_TC_HEAD(extattr_set_fd_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_set_fd(2) call"); +} + +ATF_TC_BODY(extattr_set_fd_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_set_fd.*%s.*return,failure : " + "Bad file descriptor", name); + + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, extattr_set_fd(-1, \ + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_set_fd_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_set_link_success); +ATF_TC_HEAD(extattr_set_link_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_set_link(2) call"); +} + +ATF_TC_BODY(extattr_set_link_success, tc) +{ + const char *buff = "ezio"; + /* Symbolic link needs to exist to call extattr_set_link(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_set_link.*%s.*%s.*return,success,%lu", \ + path, name, sizeof(buff)); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_link(path, \ + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_set_link_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_set_link_failure); +ATF_TC_HEAD(extattr_set_link_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_set_link(2) call"); +} + +ATF_TC_BODY(extattr_set_link_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_set_link.*%s.*%s.*failure", path, name); + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, extattr_set_link(path, \ + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_set_link_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(open_read_creat_success); ATF_TC_HEAD(open_read_creat_success, tc) { @@ -1635,6 +1917,9 @@ ATF_TP_ADD_TC(tp, fcntl_success); ATF_TP_ADD_TC(tp, fcntl_failure); + ATF_TP_ADD_TC(tp, fsync_success); + ATF_TP_ADD_TC(tp, fsync_failure); + ATF_TP_ADD_TC(tp, chmod_success); ATF_TP_ADD_TC(tp, chmod_failure); ATF_TP_ADD_TC(tp, fchmod_success); @@ -1671,6 +1956,17 @@ ATF_TP_ADD_TC(tp, futimesat_success); ATF_TP_ADD_TC(tp, futimesat_failure); + ATF_TP_ADD_TC(tp, mprotect_success); + ATF_TP_ADD_TC(tp, mprotect_failure); + ATF_TP_ADD_TC(tp, undelete_failure); + + ATF_TP_ADD_TC(tp, extattr_set_file_success); + ATF_TP_ADD_TC(tp, extattr_set_file_failure); + ATF_TP_ADD_TC(tp, extattr_set_fd_success); + ATF_TP_ADD_TC(tp, extattr_set_fd_failure); + ATF_TP_ADD_TC(tp, extattr_set_link_success); + ATF_TP_ADD_TC(tp, extattr_set_link_failure); + ATF_TP_ADD_TC(tp, open_read_creat_success); ATF_TP_ADD_TC(tp, open_read_creat_failure); ATF_TP_ADD_TC(tp, openat_read_creat_success); From owner-svn-soc-all@freebsd.org Wed May 23 11:36:11 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C0296EFAA91 for ; Wed, 23 May 2018 11:36:11 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3A49086663 for ; Wed, 23 May 2018 11:36:11 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 9427E1CCE5 for ; Wed, 23 May 2018 11:36:10 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4NBaA6W062016 for ; Wed, 23 May 2018 11:36:10 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4NBa8lQ061938 for svn-soc-all@FreeBSD.org; Wed, 23 May 2018 11:36:08 GMT (envelope-from aniketp@FreeBSD.org) Date: Wed, 23 May 2018 11:36:08 GMT Message-Id: <201805231136.w4NBa8lQ061938@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337246 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2018 11:36:12 -0000 Author: aniketp Date: Wed May 23 11:36:06 2018 New Revision: 337246 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337246 Log: Add 5 test-cases for 'cl' audit events Added: soc2018/aniketp/head/tests/sys/audit/file-close.c Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Tue May 22 13:27:11 2018 (r337245) +++ soc2018/aniketp/head/tests/sys/audit/file-attribute-modify.c Wed May 23 11:36:06 2018 (r337246) @@ -1141,6 +1141,174 @@ } +ATF_TC_WITH_CLEANUP(extattr_delete_file_success); +ATF_TC_HEAD(extattr_delete_file_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_delete_file(2) call"); +} + +ATF_TC_BODY(extattr_delete_file_success, tc) +{ + int readbuff; + const char *buff = "ezio"; + /* File needs to exist to call extattr_delete_file(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path, \ + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE((readbuff = extattr_delete_file(path, \ + EXTATTR_NAMESPACE_USER, name)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_delete_file.*%s.*return,success,%d", \ + path, readbuff); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_delete_file_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_delete_file_failure); +ATF_TC_HEAD(extattr_delete_file_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_delete_file(2) call"); +} + +ATF_TC_BODY(extattr_delete_file_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_delete_file.*%s.*return,failure", path); + + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, extattr_delete_file(path, \ + EXTATTR_NAMESPACE_USER, name)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_delete_file_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_delete_fd_success); +ATF_TC_HEAD(extattr_delete_fd_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_delete_fd(2) call"); +} + +ATF_TC_BODY(extattr_delete_fd_success, tc) +{ + int filedesc, readbuff; + const char *buff = "ezio"; + + /* File needs to exist to call extattr_delete_fd(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path, \ + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + + FILE *pipefd = setup(fds, "fm"); + ATF_REQUIRE((readbuff = extattr_delete_fd(filedesc, \ + EXTATTR_NAMESPACE_USER, name)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_delete_fd.*return,success,%d", readbuff); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_delete_fd_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_delete_fd_failure); +ATF_TC_HEAD(extattr_delete_fd_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_delete_fd(2) call"); +} + +ATF_TC_BODY(extattr_delete_fd_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_delete_fd.*return,failure : " + "Bad file descriptor"); + + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, extattr_delete_fd(-1, EXTATTR_NAMESPACE_USER, name)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_delete_fd_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_delete_link_success); +ATF_TC_HEAD(extattr_delete_link_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_delete_link(2) call"); +} + +ATF_TC_BODY(extattr_delete_link_success, tc) +{ + int readbuff; + const char *buff = "ezio"; + + /* Symbolic link needs to exist to call extattr_delete_link(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_link(path, \ + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + FILE *pipefd = setup(fds, "fm"); + + ATF_REQUIRE((readbuff = extattr_delete_link(path, \ + EXTATTR_NAMESPACE_USER, name)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_delete_link.*%s.*return,success,%d", \ + path, readbuff); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_delete_link_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_delete_link_failure); +ATF_TC_HEAD(extattr_delete_link_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_delete_link(2) call"); +} + +ATF_TC_BODY(extattr_delete_link_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, 80, "extattr_delete_link.*%s.*failure", path); + FILE *pipefd = setup(fds, "fm"); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, extattr_delete_link(path, \ + EXTATTR_NAMESPACE_USER, name)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_delete_link_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(open_read_creat_success); ATF_TC_HEAD(open_read_creat_success, tc) { @@ -1967,6 +2135,13 @@ ATF_TP_ADD_TC(tp, extattr_set_link_success); ATF_TP_ADD_TC(tp, extattr_set_link_failure); + ATF_TP_ADD_TC(tp, extattr_delete_file_success); + ATF_TP_ADD_TC(tp, extattr_delete_file_failure); + ATF_TP_ADD_TC(tp, extattr_delete_fd_success); + ATF_TP_ADD_TC(tp, extattr_delete_fd_failure); + ATF_TP_ADD_TC(tp, extattr_delete_link_success); + ATF_TP_ADD_TC(tp, extattr_delete_link_failure); + ATF_TP_ADD_TC(tp, open_read_creat_success); ATF_TP_ADD_TC(tp, open_read_creat_failure); ATF_TP_ADD_TC(tp, openat_read_creat_success); Added: soc2018/aniketp/head/tests/sys/audit/file-close.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2018/aniketp/head/tests/sys/audit/file-close.c Wed May 23 11:36:06 2018 (r337246) @@ -0,0 +1,173 @@ +/*- + * Copyright 2018 Aniket Pandey + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include +#include +#include +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; +static mode_t mode = 0777; +static char extregex[80]; +static struct stat statbuff; +static const char *path = "fileforaudit"; +static const char *errpath = "dirdoesnotexist/fileforaudit"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(munmap_success); +ATF_TC_HEAD(munmap_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "munmap(2) call"); +} + +ATF_TC_BODY(munmap_success, tc) +{ + int pagesize = sysconf(_SC_PAGESIZE); + const char *regex = "munmap.*return,success"; + char *addr = mmap(NULL, 4 * pagesize, PROT_READ , MAP_ANONYMOUS, -1, 0); + FILE *pipefd = setup(fds, "cl"); + ATF_REQUIRE_EQ(0, munmap(addr, pagesize)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(munmap_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(munmap_failure); +ATF_TC_HEAD(munmap_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "munmap(2) call"); +} + +ATF_TC_BODY(munmap_failure, tc) +{ + const char *regex = "munmap.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, "cl"); + ATF_REQUIRE_EQ(-1, munmap((void *)SIZE_MAX, -1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(munmap_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(close_success); +ATF_TC_HEAD(close_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "close(2) call"); +} + +ATF_TC_BODY(close_success, tc) +{ + int filedesc; + /* File needs to exist to call close(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); + /* Call stat(2) to store the Inode number of 'path' */ + ATF_REQUIRE_EQ(0, stat(path, &statbuff)); + FILE *pipefd = setup(fds, "cl"); + ATF_REQUIRE_EQ(0, close(filedesc)); + + snprintf(extregex, 80, "close.*%lu.*return,success", statbuff.st_ino); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(close_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(close_failure); +ATF_TC_HEAD(close_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "close(2) call"); +} + +ATF_TC_BODY(close_failure, tc) +{ + const char *regex = "close.*return,failure"; + FILE *pipefd = setup(fds, "cl"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, close(-1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(close_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(revoke_failure); +ATF_TC_HEAD(revoke_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "revoke(2) call"); +} + +ATF_TC_BODY(revoke_failure, tc) +{ + FILE *pipefd = setup(fds, "cl"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, revoke(errpath)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(revoke_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, munmap_success); + ATF_TP_ADD_TC(tp, munmap_failure); + ATF_TP_ADD_TC(tp, close_success); + ATF_TP_ADD_TC(tp, close_failure); + ATF_TP_ADD_TC(tp, revoke_failure); + + return (atf_no_error()); +} + From owner-svn-soc-all@freebsd.org Thu May 24 11:58:36 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C1A12EEAC82 for ; Thu, 24 May 2018 11:58:36 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 584F286766 for ; Thu, 24 May 2018 11:58:36 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 9A8D8976D for ; Thu, 24 May 2018 11:58:35 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4OBwZGh072802 for ; Thu, 24 May 2018 11:58:35 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4OBwXlO072776 for svn-soc-all@FreeBSD.org; Thu, 24 May 2018 11:58:33 GMT (envelope-from aniketp@FreeBSD.org) Date: Thu, 24 May 2018 11:58:33 GMT Message-Id: <201805241158.w4OBwXlO072776@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337247 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 11:58:37 -0000 Author: aniketp Date: Thu May 24 11:58:32 2018 New Revision: 337247 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337247 Log: Add 2 execve(2) test-cases for exec audit class Added: soc2018/aniketp/head/tests/sys/audit/exec.c Modified: soc2018/aniketp/head/tests/sys/audit/Makefile Modified: soc2018/aniketp/head/tests/sys/audit/Makefile ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/Makefile Wed May 23 11:36:06 2018 (r337246) +++ soc2018/aniketp/head/tests/sys/audit/Makefile Thu May 24 11:58:32 2018 (r337247) @@ -6,8 +6,10 @@ ATF_TESTS_C+= file-delete ATF_TESTS_C+= file-read ATF_TESTS_C+= file-write +ATF_TESTS_C+= file-close ATF_TESTS_C+= file-attribute-access ATF_TESTS_C+= file-attribute-modify +ATF_TESTS_C+= exec SRCS.file-create+= file-create.c SRCS.file-create+= utils.c @@ -17,10 +19,14 @@ SRCS.file-read+= utils.c SRCS.file-write+= file-write.c SRCS.file-write+= utils.c +SRCS.file-close+= file-close.c +SRCS.file-close+= utils.c SRCS.file-attribute-access+= file-attribute-access.c SRCS.file-attribute-access+= utils.c SRCS.file-attribute-modify+= file-attribute-modify.c SRCS.file-attribute-modify+= utils.c +SRCS.exec+= exec.c +SRCS.exec+= utils.c TEST_METADATA.file-create+= timeout="30" TEST_METADATA.file-create+= required_user="root" @@ -30,10 +36,14 @@ TEST_METADATA.file-read+= required_user="root" TEST_METADATA.file-write+= timeout="30" TEST_METADATA.file-write+= required_user="root" +TEST_METADATA.file-close+= timeout="30" +TEST_METADATA.file-close+= required_user="root" TEST_METADATA.file-attribute-access+= timeout="30" TEST_METADATA.file-attribute-access+= required_user="root" TEST_METADATA.file-attribute-modify+= timeout="30" TEST_METADATA.file-attribute-modify+= required_user="root" +TEST_METADATA.exec+= timeout="30" +TEST_METADATA.exec+= required_user="root" WARNS?= 6 Added: soc2018/aniketp/head/tests/sys/audit/exec.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2018/aniketp/head/tests/sys/audit/exec.c Thu May 24 11:58:32 2018 (r337247) @@ -0,0 +1,112 @@ +/*- + * Copyright 2018 Aniket Pandey + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include +#include +#include + +#include "utils.h" + +static pid_t pid; +static int status; +static struct pollfd fds[1]; +static char argument[] = "sample-argument"; + + +ATF_TC_WITH_CLEANUP(execve_success); +ATF_TC_HEAD(execve_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "execve(2) call"); +} + +ATF_TC_BODY(execve_success, tc) +{ + char bin[] = "/usr/bin/true"; + + const char *regex = "execve.*sample-argument"; + char *arg[] = {bin, argument, NULL}; + FILE *pipefd = setup(fds, "ex"); + + ATF_REQUIRE((pid = fork()) != -1); + if (pid) { + ATF_REQUIRE(wait(&status) != -1); + check_audit(fds, regex, pipefd); + } + else { + ATF_REQUIRE(execve(bin, arg, NULL) != -1); + } +} + +ATF_TC_CLEANUP(execve_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(execve_failure); +ATF_TC_HEAD(execve_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "execve(2) call"); +} + +ATF_TC_BODY(execve_failure, tc) +{ + char bin[] = "/does/not/exist"; + const char *regex = "execve.*sample-argument.*return,failure"; + char *arg[] = {bin, argument, NULL}; + FILE *pipefd = setup(fds, "ex"); + + ATF_REQUIRE((pid = fork()) != -1); + if (pid) { + ATF_REQUIRE(wait(&status) != -1); + check_audit(fds, regex, pipefd); + } + else { + ATF_REQUIRE_EQ(-1, execve(bin, arg, NULL)); + } +} + +ATF_TC_CLEANUP(execve_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, execve_success); + ATF_TP_ADD_TC(tp, execve_failure); + + return (atf_no_error()); +} + From owner-svn-soc-all@freebsd.org Thu May 24 12:07:09 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3ED6EEE053 for ; Thu, 24 May 2018 12:07:09 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47BD9875FA for ; Thu, 24 May 2018 12:07:09 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 8CFD398CF for ; Thu, 24 May 2018 12:07:08 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4OC78mq098353 for ; Thu, 24 May 2018 12:07:08 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4OC77hG097356 for svn-soc-all@FreeBSD.org; Thu, 24 May 2018 12:07:07 GMT (envelope-from aniketp@FreeBSD.org) Date: Thu, 24 May 2018 12:07:07 GMT Message-Id: <201805241207.w4OC77hG097356@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337248 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 12:07:09 -0000 Author: aniketp Date: Thu May 24 12:07:06 2018 New Revision: 337248 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337248 Log: Improvements in test-case semantics (exec) audit_class Modified: soc2018/aniketp/head/tests/sys/audit/exec.c Modified: soc2018/aniketp/head/tests/sys/audit/exec.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/exec.c Thu May 24 11:58:32 2018 (r337247) +++ soc2018/aniketp/head/tests/sys/audit/exec.c Thu May 24 12:07:06 2018 (r337248) @@ -38,7 +38,9 @@ static pid_t pid; static int status; static struct pollfd fds[1]; +static char bin[] = "/usr/bin/true"; static char argument[] = "sample-argument"; +static char *arg[] = {bin, argument, NULL}; ATF_TC_WITH_CLEANUP(execve_success); @@ -50,10 +52,7 @@ ATF_TC_BODY(execve_success, tc) { - char bin[] = "/usr/bin/true"; - - const char *regex = "execve.*sample-argument"; - char *arg[] = {bin, argument, NULL}; + const char *regex = "execve.*sample-argument.*Unknown error: 201"; FILE *pipefd = setup(fds, "ex"); ATF_REQUIRE((pid = fork()) != -1); @@ -61,9 +60,8 @@ ATF_REQUIRE(wait(&status) != -1); check_audit(fds, regex, pipefd); } - else { + else ATF_REQUIRE(execve(bin, arg, NULL) != -1); - } } ATF_TC_CLEANUP(execve_success, tc) @@ -81,9 +79,7 @@ ATF_TC_BODY(execve_failure, tc) { - char bin[] = "/does/not/exist"; - const char *regex = "execve.*sample-argument.*return,failure"; - char *arg[] = {bin, argument, NULL}; + const char *regex = "execve.*return,failure : Bad address"; FILE *pipefd = setup(fds, "ex"); ATF_REQUIRE((pid = fork()) != -1); @@ -91,9 +87,8 @@ ATF_REQUIRE(wait(&status) != -1); check_audit(fds, regex, pipefd); } - else { - ATF_REQUIRE_EQ(-1, execve(bin, arg, NULL)); - } + else + ATF_REQUIRE_EQ(-1, execve(bin, arg, (char *const *)(-1))); } ATF_TC_CLEANUP(execve_failure, tc) From owner-svn-soc-all@freebsd.org Thu May 24 13:51:57 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6521FEF1D8B for ; Thu, 24 May 2018 13:51:57 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F1E576CA5B for ; Thu, 24 May 2018 13:51:56 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 437F1A7F5 for ; Thu, 24 May 2018 13:51:56 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4ODpuAU082781 for ; Thu, 24 May 2018 13:51:56 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4ODps1N081365 for svn-soc-all@FreeBSD.org; Thu, 24 May 2018 13:51:54 GMT (envelope-from aniketp@FreeBSD.org) Date: Thu, 24 May 2018 13:51:54 GMT Message-Id: <201805241351.w4ODps1N081365@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337249 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 13:51:57 -0000 Author: aniketp Date: Thu May 24 13:51:53 2018 New Revision: 337249 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337249 Log: Initial set of tests for ioctl(2) in "io" audit class Added: soc2018/aniketp/head/tests/sys/audit/ioctl.c Modified: soc2018/aniketp/head/tests/sys/audit/Makefile Modified: soc2018/aniketp/head/tests/sys/audit/Makefile ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/Makefile Thu May 24 12:07:06 2018 (r337248) +++ soc2018/aniketp/head/tests/sys/audit/Makefile Thu May 24 13:51:53 2018 (r337249) @@ -10,6 +10,7 @@ ATF_TESTS_C+= file-attribute-access ATF_TESTS_C+= file-attribute-modify ATF_TESTS_C+= exec +ATF_TESTS_C+= ioctl SRCS.file-create+= file-create.c SRCS.file-create+= utils.c @@ -27,6 +28,8 @@ SRCS.file-attribute-modify+= utils.c SRCS.exec+= exec.c SRCS.exec+= utils.c +SRCS.ioctl+= ioctl.c +SRCS.ioctl+= utils.c TEST_METADATA.file-create+= timeout="30" TEST_METADATA.file-create+= required_user="root" @@ -44,6 +47,8 @@ TEST_METADATA.file-attribute-modify+= required_user="root" TEST_METADATA.exec+= timeout="30" TEST_METADATA.exec+= required_user="root" +TEST_METADATA.ioctl+= timeout="30" +TEST_METADATA.ioctl+= required_user="root" WARNS?= 6 Added: soc2018/aniketp/head/tests/sys/audit/ioctl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2018/aniketp/head/tests/sys/audit/ioctl.c Thu May 24 13:51:53 2018 (r337249) @@ -0,0 +1,97 @@ +/*- + * Copyright 2018 Aniket Pandey + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include + +#include +#include +#include +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; + + +ATF_TC_WITH_CLEANUP(ioctl_success); +ATF_TC_HEAD(ioctl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "ioctl(2) call"); +} + +ATF_TC_BODY(ioctl_success, tc) +{ + int filedesc; + char regex[30]; + + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(regex, 30, "ioctl.*0x%X.*return,success", filedesc); + + FILE *pipefd = setup(fds, "io"); + ATF_REQUIRE(ioctl(filedesc, AUDITPIPE_FLUSH) != -1); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(ioctl_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(ioctl_failure); +ATF_TC_HEAD(ioctl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "ioctl(2) call"); +} + +ATF_TC_BODY(ioctl_failure, tc) +{ + const char *regex = "ioctl.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, "io"); + ATF_REQUIRE_EQ(-1, ioctl(-1, AUDITPIPE_FLUSH)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(ioctl_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, ioctl_success); + ATF_TP_ADD_TC(tp, ioctl_failure); + + return (atf_no_error()); +} + From owner-svn-soc-all@freebsd.org Thu May 24 23:20:51 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF50EF6D268 for ; Thu, 24 May 2018 23:20:50 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 69DC3692E6 for ; Thu, 24 May 2018 23:20:50 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id BE197F949 for ; Thu, 24 May 2018 23:20:49 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4ONKnP0018629 for ; Thu, 24 May 2018 23:20:49 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4ONKlK4017869 for svn-soc-all@FreeBSD.org; Thu, 24 May 2018 23:20:47 GMT (envelope-from aniketp@FreeBSD.org) Date: Thu, 24 May 2018 23:20:47 GMT Message-Id: <201805242320.w4ONKlK4017869@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337250 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 23:20:51 -0000 Author: aniketp Date: Thu May 24 23:20:45 2018 New Revision: 337250 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337250 Log: Replace hex format specifier by %x to match audit_record Added: soc2018/aniketp/head/tests/sys/audit/network.c Modified: soc2018/aniketp/head/tests/sys/audit/Makefile soc2018/aniketp/head/tests/sys/audit/ioctl.c Modified: soc2018/aniketp/head/tests/sys/audit/Makefile ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/Makefile Thu May 24 13:51:53 2018 (r337249) +++ soc2018/aniketp/head/tests/sys/audit/Makefile Thu May 24 23:20:45 2018 (r337250) @@ -11,6 +11,7 @@ ATF_TESTS_C+= file-attribute-modify ATF_TESTS_C+= exec ATF_TESTS_C+= ioctl +ATF_TESTS_C+= network SRCS.file-create+= file-create.c SRCS.file-create+= utils.c @@ -30,6 +31,8 @@ SRCS.exec+= utils.c SRCS.ioctl+= ioctl.c SRCS.ioctl+= utils.c +SRCS.network+= network.c +SRCS.network+= utils.c TEST_METADATA.file-create+= timeout="30" TEST_METADATA.file-create+= required_user="root" @@ -49,6 +52,8 @@ TEST_METADATA.exec+= required_user="root" TEST_METADATA.ioctl+= timeout="30" TEST_METADATA.ioctl+= required_user="root" +TEST_METADATA.network+= timeout="30" +TEST_METADATA.network+= required_user="root" WARNS?= 6 Modified: soc2018/aniketp/head/tests/sys/audit/ioctl.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/ioctl.c Thu May 24 13:51:53 2018 (r337249) +++ soc2018/aniketp/head/tests/sys/audit/ioctl.c Thu May 24 23:20:45 2018 (r337250) @@ -51,9 +51,10 @@ int filedesc; char regex[30]; + /* auditpipe(4) supports quite a few ioctl(2)s */ ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); /* Prepare the regex to be checked in the audit record */ - snprintf(regex, 30, "ioctl.*0x%X.*return,success", filedesc); + snprintf(regex, 30, "ioctl.*0x%x.*return,success", filedesc); FILE *pipefd = setup(fds, "io"); ATF_REQUIRE(ioctl(filedesc, AUDITPIPE_FLUSH) != -1); Added: soc2018/aniketp/head/tests/sys/audit/network.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2018/aniketp/head/tests/sys/audit/network.c Thu May 24 23:20:45 2018 (r337250) @@ -0,0 +1,93 @@ +/*- + * Copyright 2018 Aniket Pandey + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include + +#include +#include + +#include "utils.h" +#define ERROR (-1) + +static int sockfd; +static struct pollfd fds[1]; +static char regex[40]; + +ATF_TC_WITH_CLEANUP(socket_success); +ATF_TC_HEAD(socket_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "socket(2) call"); +} + +ATF_TC_BODY(socket_success, tc) +{ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, 0)) != -1); + /* Check the presence of sockfd in audit record */ + snprintf(regex, 30, "socket.*return,success,%d", sockfd); + check_audit(fds, regex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(socket_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socket_failure); +ATF_TC_HEAD(socket_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "socket(2) call"); +} + +ATF_TC_BODY(socket_failure, tc) +{ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, socket(ERROR, SOCK_STREAM, 0)); + /* Check the presence of hex(-1) in audit record */ + snprintf(regex, 40, "socket.*0x%x.*return,failure", ERROR); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(socket_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, socket_success); + ATF_TP_ADD_TC(tp, socket_failure); + + return (atf_no_error()); +} + From owner-svn-soc-all@freebsd.org Thu May 24 23:53:21 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21F6CF6DCBE for ; Thu, 24 May 2018 23:53:21 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AADF16A1F9 for ; Thu, 24 May 2018 23:53:20 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 10D9FFEAC for ; Thu, 24 May 2018 23:53:20 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4ONrJOQ096353 for ; Thu, 24 May 2018 23:53:19 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4ONrJpq096304 for svn-soc-all@FreeBSD.org; Thu, 24 May 2018 23:53:19 GMT (envelope-from aniketp@FreeBSD.org) Date: Thu, 24 May 2018 23:53:19 GMT Message-Id: <201805242353.w4ONrJpq096304@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337251 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 23:53:21 -0000 Author: aniketp Date: Thu May 24 23:53:18 2018 New Revision: 337251 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337251 Log: Add tests for setsockopt(2) audit event Modified: soc2018/aniketp/head/tests/sys/audit/network.c Modified: soc2018/aniketp/head/tests/sys/audit/network.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/network.c Thu May 24 23:20:45 2018 (r337250) +++ soc2018/aniketp/head/tests/sys/audit/network.c Thu May 24 23:53:18 2018 (r337251) @@ -35,6 +35,7 @@ #define ERROR (-1) static int sockfd; +static int tr = 1; static struct pollfd fds[1]; static char regex[40]; @@ -83,10 +84,61 @@ } +ATF_TC_WITH_CLEANUP(setsockopt_success); +ATF_TC_HEAD(setsockopt_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setsockopt(2) call"); +} + +ATF_TC_BODY(setsockopt_success, tc) +{ + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, 0)) != -1); + /* Check the presence of sockfd in audit record */ + snprintf(regex, 30, "setsockopt.*0x%x.*return,success", sockfd); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ + sizeof(int))); + check_audit(fds, regex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(setsockopt_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setsockopt_failure); +ATF_TC_HEAD(setsockopt_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setsockopt(2) call"); +} + +ATF_TC_BODY(setsockopt_failure, tc) +{ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, setsockopt(ERROR, SOL_SOCKET, SO_REUSEADDR, &tr, \ + sizeof(int))); + /* Check the presence of hex(-1) in audit record */ + snprintf(regex, 40, "setsockopt.*0x%x.*return,failure", ERROR); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(setsockopt_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, socket_success); ATF_TP_ADD_TC(tp, socket_failure); + ATF_TP_ADD_TC(tp, setsockopt_success); + ATF_TP_ADD_TC(tp, setsockopt_failure); return (atf_no_error()); } From owner-svn-soc-all@freebsd.org Fri May 25 19:54:04 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5213EEF2C1B for ; Fri, 25 May 2018 19:54:04 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE3D97181B for ; Fri, 25 May 2018 19:54:03 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 332951A574 for ; Fri, 25 May 2018 19:54:03 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4PJs3c4074688 for ; Fri, 25 May 2018 19:54:03 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4PJs1qh074669 for svn-soc-all@FreeBSD.org; Fri, 25 May 2018 19:54:01 GMT (envelope-from aniketp@FreeBSD.org) Date: Fri, 25 May 2018 19:54:01 GMT Message-Id: <201805251954.w4PJs1qh074669@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337252 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 May 2018 19:54:04 -0000 Author: aniketp Date: Fri May 25 19:53:58 2018 New Revision: 337252 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337252 Log: Add tests for all preliminary socket syscalls Modified: soc2018/aniketp/head/tests/sys/audit/network.c soc2018/aniketp/head/tests/sys/audit/utils.c Modified: soc2018/aniketp/head/tests/sys/audit/network.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/network.c Thu May 24 23:53:18 2018 (r337251) +++ soc2018/aniketp/head/tests/sys/audit/network.c Fri May 25 19:53:58 2018 (r337252) @@ -26,19 +26,39 @@ * $FreeBSD$ */ +#include #include +#include +#include + #include +#include #include #include "utils.h" #define ERROR (-1) -static int sockfd; +static int sockfd, sockfd2; static int tr = 1; +static socklen_t len; static struct pollfd fds[1]; static char regex[40]; +/* + * Assign local address to a server's socket + */ +static void +assign_address(struct sockaddr_in *server) +{ + /* Assigning addresses */ + server->sin_family = AF_INET; /* IPv4 */ + server->sin_port = htons(9000); /* Port in network bytes */ + server->sin_addr.s_addr = inet_addr("127.0.0.1"); + bzero(&(server)->sin_zero, 8); /* Zero padding */ +} + + ATF_TC_WITH_CLEANUP(socket_success); ATF_TC_HEAD(socket_success, tc) { @@ -49,7 +69,7 @@ ATF_TC_BODY(socket_success, tc) { FILE *pipefd = setup(fds, "nt"); - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); /* Check the presence of sockfd in audit record */ snprintf(regex, 30, "socket.*return,success,%d", sockfd); check_audit(fds, regex, pipefd); @@ -72,7 +92,7 @@ ATF_TC_BODY(socket_failure, tc) { FILE *pipefd = setup(fds, "nt"); - ATF_REQUIRE_EQ(-1, socket(ERROR, SOCK_STREAM, 0)); + ATF_REQUIRE_EQ(-1, socket(ERROR, SOCK_STREAM, IPPROTO_TCP)); /* Check the presence of hex(-1) in audit record */ snprintf(regex, 40, "socket.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); @@ -84,6 +104,54 @@ } +ATF_TC_WITH_CLEANUP(socketpair_success); +ATF_TC_HEAD(socketpair_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "socketpair(2) call"); +} + +ATF_TC_BODY(socketpair_success, tc) +{ + int sv[2]; + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, socketpair(PF_UNIX, SOCK_STREAM, 0, sv)); + /* Check the presence of hex(-1) in audit record */ + snprintf(regex, 40, "socketpair.*0x0.*return,success"); + check_audit(fds, regex, pipefd); + close(sv[0]); + close(sv[1]); +} + +ATF_TC_CLEANUP(socketpair_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socketpair_failure); +ATF_TC_HEAD(socketpair_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "socketpair(2) call"); +} + +ATF_TC_BODY(socketpair_failure, tc) +{ + int sv; + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, socketpair(ERROR, SOCK_STREAM, IPPROTO_TCP, &sv)); + /* Check the presence of hex(-1) in audit record */ + snprintf(regex, 40, "socketpair.*0x%x.*return,failure", ERROR); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(socketpair_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(setsockopt_success); ATF_TC_HEAD(setsockopt_success, tc) { @@ -93,7 +161,7 @@ ATF_TC_BODY(setsockopt_success, tc) { - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); /* Check the presence of sockfd in audit record */ snprintf(regex, 30, "setsockopt.*0x%x.*return,success", sockfd); @@ -133,13 +201,233 @@ } +ATF_TC_WITH_CLEANUP(bind_success); +ATF_TC_HEAD(bind_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "bind(2) call"); +} + +ATF_TC_BODY(bind_success, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_in server; + len = sizeof(struct sockaddr_in); + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ + sizeof(int))); + assign_address(&server); + + /* Check the presence of localhost address and port in audit record */ + snprintf(regex, 30, "bind.*9000,127.0.0.1.*return,success"); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + check_audit(fds, regex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(bind_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(bind_failure); +ATF_TC_HEAD(bind_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "bind(2) call"); +} + +ATF_TC_BODY(bind_failure, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_in server; + len = sizeof(struct sockaddr_in); + assign_address(&server); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, bind(-1, (struct sockaddr *)&server, len)); + /* Check the presence of hex(-1) in audit record */ + snprintf(regex, 40, "bind.*0x%x.*9000,127.0.0.1.*return,failure", ERROR); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(bind_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(bindat_success); +ATF_TC_HEAD(bindat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "bindat(2) call"); +} + +ATF_TC_BODY(bindat_success, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_in server; + len = sizeof(struct sockaddr_in); + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ + sizeof(int))); + assign_address(&server); + + /* Check the presence of localhost address and port in audit record */ + snprintf(regex, 30, "bindat.*0x%x.*return,success", sockfd); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, bindat(AT_FDCWD, sockfd, \ + (struct sockaddr *)&server, len)); + check_audit(fds, regex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(bindat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(bindat_failure); +ATF_TC_HEAD(bindat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "bindat(2) call"); +} + +ATF_TC_BODY(bindat_failure, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_in server; + len = sizeof(struct sockaddr_in); + assign_address(&server); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, bindat(AT_FDCWD, -1, (struct sockaddr *)&server, len)); + /* Check the presence of hex(-1) in audit record */ + snprintf(regex, 40, "bindat.*0x%x.*return,failure", ERROR); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(bindat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(listen_success); +ATF_TC_HEAD(listen_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "listen(2) call"); +} + +ATF_TC_BODY(listen_success, tc) +{ + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + /* Check the presence of sockfd in audit record */ + snprintf(regex, 30, "listen.*0x%x.*return,success", sockfd); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + check_audit(fds, regex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(listen_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(listen_failure); +ATF_TC_HEAD(listen_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "listen(2) call"); +} + +ATF_TC_BODY(listen_failure, tc) +{ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, listen(ERROR, 1)); + /* Check the presence of hex(-1) in audit record */ + snprintf(regex, 40, "listen.*0x%x.*return,failure", ERROR); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(listen_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(connect_success); +ATF_TC_HEAD(connect_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "connect(2) call"); +} + +ATF_TC_BODY(connect_success, tc) +{ + struct sockaddr_in server; + len = sizeof(struct sockaddr_in); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ + sizeof(int))); + assign_address(&server); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client socket */ + ATF_REQUIRE((sockfd2 = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + + /* Audit record must contain, address, port & sockfd2 */ + snprintf(regex, 30, "connect.*0x%x.*9000,127.0.0.1.*success", sockfd2); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close(sockfd); + close(sockfd2); +} + +ATF_TC_CLEANUP(connect_success, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, socket_success); ATF_TP_ADD_TC(tp, socket_failure); + ATF_TP_ADD_TC(tp, socketpair_success); + ATF_TP_ADD_TC(tp, socketpair_failure); ATF_TP_ADD_TC(tp, setsockopt_success); ATF_TP_ADD_TC(tp, setsockopt_failure); + ATF_TP_ADD_TC(tp, bind_success); + ATF_TP_ADD_TC(tp, bind_failure); + ATF_TP_ADD_TC(tp, bindat_success); + ATF_TP_ADD_TC(tp, bindat_failure); + ATF_TP_ADD_TC(tp, listen_success); + ATF_TP_ADD_TC(tp, listen_failure); + + ATF_TP_ADD_TC(tp, connect_success); + return (atf_no_error()); } Modified: soc2018/aniketp/head/tests/sys/audit/utils.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/utils.c Thu May 24 23:53:18 2018 (r337251) +++ soc2018/aniketp/head/tests/sys/audit/utils.c Fri May 25 19:53:58 2018 (r337252) @@ -157,7 +157,7 @@ /* poll(2) timed out */ case 0: atf_tc_fail("%s not found in auditpipe within the " - "time limit", auditregex); + "time limit", auditregex); break; /* poll(2) standard error */ From owner-svn-soc-all@freebsd.org Sat May 26 01:31:54 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AEA9EF9FE0 for ; Sat, 26 May 2018 01:31:54 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1250E7CE50 for ; Sat, 26 May 2018 01:31:54 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 6E4DD1D498 for ; Sat, 26 May 2018 01:31:53 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4Q1VrGx026654 for ; Sat, 26 May 2018 01:31:53 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4Q1Vqq0026634 for svn-soc-all@FreeBSD.org; Sat, 26 May 2018 01:31:52 GMT (envelope-from aniketp@FreeBSD.org) Date: Sat, 26 May 2018 01:31:52 GMT Message-Id: <201805260131.w4Q1Vqq0026634@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337253 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 May 2018 01:31:54 -0000 Author: aniketp Date: Sat May 26 01:31:51 2018 New Revision: 337253 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337253 Log: Add tests for connect(2), accept(2) and shutdown(2) Modified: soc2018/aniketp/head/tests/sys/audit/network.c Modified: soc2018/aniketp/head/tests/sys/audit/network.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/network.c Fri May 25 19:53:58 2018 (r337252) +++ soc2018/aniketp/head/tests/sys/audit/network.c Sat May 26 01:31:51 2018 (r337253) @@ -28,6 +28,7 @@ #include #include +#include #include #include @@ -38,6 +39,7 @@ #include "utils.h" #define ERROR (-1) +#define SERVER_PATH "server" static int sockfd, sockfd2; static int tr = 1; @@ -49,13 +51,11 @@ * Assign local address to a server's socket */ static void -assign_address(struct sockaddr_in *server) +assign_address(struct sockaddr_un *server) { - /* Assigning addresses */ - server->sin_family = AF_INET; /* IPv4 */ - server->sin_port = htons(9000); /* Port in network bytes */ - server->sin_addr.s_addr = inet_addr("127.0.0.1"); - bzero(&(server)->sin_zero, 8); /* Zero padding */ + memset(server, 0, sizeof(*server)); + server->sun_family = AF_UNIX; + strcpy(server->sun_path, SERVER_PATH); } @@ -69,7 +69,7 @@ ATF_TC_BODY(socket_success, tc) { FILE *pipefd = setup(fds, "nt"); - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of sockfd in audit record */ snprintf(regex, 30, "socket.*return,success,%d", sockfd); check_audit(fds, regex, pipefd); @@ -92,7 +92,7 @@ ATF_TC_BODY(socket_failure, tc) { FILE *pipefd = setup(fds, "nt"); - ATF_REQUIRE_EQ(-1, socket(ERROR, SOCK_STREAM, IPPROTO_TCP)); + ATF_REQUIRE_EQ(-1, socket(ERROR, SOCK_STREAM, 0)); /* Check the presence of hex(-1) in audit record */ snprintf(regex, 40, "socket.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); @@ -116,9 +116,11 @@ int sv[2]; FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, socketpair(PF_UNIX, SOCK_STREAM, 0, sv)); - /* Check the presence of hex(-1) in audit record */ + /* Check the presence of 0x0 in audit record */ snprintf(regex, 40, "socketpair.*0x0.*return,success"); check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ close(sv[0]); close(sv[1]); } @@ -140,7 +142,7 @@ { int sv; FILE *pipefd = setup(fds, "nt"); - ATF_REQUIRE_EQ(-1, socketpair(ERROR, SOCK_STREAM, IPPROTO_TCP, &sv)); + ATF_REQUIRE_EQ(-1, socketpair(ERROR, SOCK_STREAM, 0, &sv)); /* Check the presence of hex(-1) in audit record */ snprintf(regex, 40, "socketpair.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); @@ -161,7 +163,7 @@ ATF_TC_BODY(setsockopt_success, tc) { - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of sockfd in audit record */ snprintf(regex, 30, "setsockopt.*0x%x.*return,success", sockfd); @@ -210,16 +212,14 @@ ATF_TC_BODY(bind_success, tc) { - /* Preliminary socket setup */ - struct sockaddr_in server; - len = sizeof(struct sockaddr_in); - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); - ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ - sizeof(int))); + struct sockaddr_un server; assign_address(&server); + len = sizeof(struct sockaddr_un); - /* Check the presence of localhost address and port in audit record */ - snprintf(regex, 30, "bind.*9000,127.0.0.1.*return,success"); + /* Preliminary socket setup */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of AF_UNIX address path in audit record */ + snprintf(regex, 30, "bind.*unix.*%s.*return,success", SERVER_PATH); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); @@ -243,14 +243,14 @@ ATF_TC_BODY(bind_failure, tc) { /* Preliminary socket setup */ - struct sockaddr_in server; - len = sizeof(struct sockaddr_in); + struct sockaddr_un server; assign_address(&server); + len = sizeof(struct sockaddr_un); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, bind(-1, (struct sockaddr *)&server, len)); - /* Check the presence of hex(-1) in audit record */ - snprintf(regex, 40, "bind.*0x%x.*9000,127.0.0.1.*return,failure", ERROR); + /* Check the presence of hex(-1) and AF_UNIX path in audit record */ + snprintf(regex, 40, "bind.*0x%x.*%s.*return,failure", ERROR, SERVER_PATH); check_audit(fds, regex, pipefd); } @@ -269,15 +269,13 @@ ATF_TC_BODY(bindat_success, tc) { - /* Preliminary socket setup */ - struct sockaddr_in server; - len = sizeof(struct sockaddr_in); - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); - ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ - sizeof(int))); + struct sockaddr_un server; assign_address(&server); + len = sizeof(struct sockaddr_un); - /* Check the presence of localhost address and port in audit record */ + /* Preliminary socket setup */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of socket descriptor in audit record */ snprintf(regex, 30, "bindat.*0x%x.*return,success", sockfd); FILE *pipefd = setup(fds, "nt"); @@ -303,9 +301,9 @@ ATF_TC_BODY(bindat_failure, tc) { /* Preliminary socket setup */ - struct sockaddr_in server; - len = sizeof(struct sockaddr_in); + struct sockaddr_un server; assign_address(&server); + len = sizeof(struct sockaddr_un); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, bindat(AT_FDCWD, -1, (struct sockaddr *)&server, len)); @@ -329,8 +327,14 @@ ATF_TC_BODY(listen_success, tc) { - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); - /* Check the presence of sockfd in audit record */ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Preliminary socket setup */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + /* Check the presence of socket descriptor in the audit record */ snprintf(regex, 30, "listen.*0x%x.*return,success", sockfd); FILE *pipefd = setup(fds, "nt"); @@ -376,24 +380,23 @@ ATF_TC_BODY(connect_success, tc) { - struct sockaddr_in server; - len = sizeof(struct sockaddr_in); + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); /* Server Socket: Assign address and listen for connection */ - ATF_REQUIRE((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Non-blocking server socket */ ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); - ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ - sizeof(int))); - assign_address(&server); + /* Bind to the specified address and wait for connection */ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); ATF_REQUIRE_EQ(0, listen(sockfd, 1)); /* Set up "blocking" client socket */ - ATF_REQUIRE((sockfd2 = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1); + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); - /* Audit record must contain, address, port & sockfd2 */ - snprintf(regex, 30, "connect.*0x%x.*9000,127.0.0.1.*success", sockfd2); + /* Audit record must contain AF_UNIX address path & sockfd2 */ + snprintf(regex, 40, "connect.*0x%x.*%s.*success", sockfd2, SERVER_PATH); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); @@ -410,6 +413,249 @@ } +ATF_TC_WITH_CLEANUP(connect_failure); +ATF_TC_HEAD(connect_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "connect(2) call"); +} + +ATF_TC_BODY(connect_failure, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Audit record must contain AF_UNIX address path & Hex(-1) */ + snprintf(regex, 40, "connect.*0x%x.*%s.*failure", ERROR, SERVER_PATH); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, connect(ERROR, (struct sockaddr *)&server, len)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(connect_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(connectat_success); +ATF_TC_HEAD(connectat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "connectat(2) call"); +} + +ATF_TC_BODY(connectat_success, tc) +{ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + /* Bind to the specified address and wait for connection */ + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client socket */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + + /* Audit record must contain sockfd2 */ + snprintf(regex, 30, "connectat.*0x%x.*return,success", sockfd2); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, connectat(AT_FDCWD, sockfd2, \ + (struct sockaddr *)&server, len)); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close(sockfd); + close(sockfd2); +} + +ATF_TC_CLEANUP(connectat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(connectat_failure); +ATF_TC_HEAD(connectat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "connectat(2) call"); +} + +ATF_TC_BODY(connectat_failure, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Audit record must contain Hex(-1) */ + snprintf(regex, 30, "connectat.*0x%x.*return,failure", ERROR); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, connectat(AT_FDCWD, ERROR, \ + (struct sockaddr *)&server, len)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(connectat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(accept_success); +ATF_TC_HEAD(accept_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "accept(2) call"); +} + +ATF_TC_BODY(accept_success, tc) +{ + int clientfd; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + /* Bind to the specified address and wait for connection */ + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client socket */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE((clientfd = accept(sockfd, \ + (struct sockaddr *)&client, &len)) != -1); + + /* Audit record must contain clientfd & sockfd2 */ + snprintf(regex, 40, \ + "accept.*0x%x.*return,success,%d", sockfd, clientfd); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close(sockfd); + close(sockfd2); + close(clientfd); +} + +ATF_TC_CLEANUP(accept_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(accept_failure); +ATF_TC_HEAD(accept_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "accept(2) call"); +} + +ATF_TC_BODY(accept_failure, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_un client; + len = sizeof(struct sockaddr_un); + + /* Audit record must contain Hex(-1) */ + snprintf(regex, 30, "accept.*0x%x.*return,failure", ERROR); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, accept(ERROR, (struct sockaddr *)&client, &len)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(accept_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(shutdown_success); +ATF_TC_HEAD(shutdown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "shutdown(2) call"); +} + +ATF_TC_BODY(shutdown_success, tc) +{ + int clientfd; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + /* Bind to the specified address and wait for connection */ + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client and connect with non-blocking server*/ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + ATF_REQUIRE((clientfd = accept(sockfd, \ + (struct sockaddr *)&client, &len)) != -1); + + /* Audit record must contain clientfd & sockfd2 */ + snprintf(regex, 40, "shutdown.*0x%x.*return,success", clientfd); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, shutdown(clientfd, SHUT_RDWR)); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close(sockfd); + close(sockfd2); + close(clientfd); +} + +ATF_TC_CLEANUP(shutdown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(shutdown_failure); +ATF_TC_HEAD(shutdown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "shutdown(2) call"); +} + +ATF_TC_BODY(shutdown_failure, tc) +{ + /* Audit record must contain Hex(-1) */ + snprintf(regex, 30, "shutdown.*0x%x.*return,failure", ERROR); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, shutdown(ERROR, SHUT_RDWR)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(shutdown_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, socket_success); @@ -427,6 +673,14 @@ ATF_TP_ADD_TC(tp, listen_failure); ATF_TP_ADD_TC(tp, connect_success); + ATF_TP_ADD_TC(tp, connect_failure); + ATF_TP_ADD_TC(tp, connectat_success); + ATF_TP_ADD_TC(tp, connectat_failure); + ATF_TP_ADD_TC(tp, accept_success); + ATF_TP_ADD_TC(tp, accept_failure); + + ATF_TP_ADD_TC(tp, shutdown_success); + ATF_TP_ADD_TC(tp, shutdown_failure); return (atf_no_error()); } From owner-svn-soc-all@freebsd.org Sat May 26 23:14:13 2018 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0EACEFC00F for ; Sat, 26 May 2018 23:14:12 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 117AC8539A for ; Sat, 26 May 2018 23:14:12 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 4FB208911 for ; Sat, 26 May 2018 23:14:11 +0000 (UTC) (envelope-from aniketp@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id w4QNEBf5067550 for ; Sat, 26 May 2018 23:14:11 GMT (envelope-from aniketp@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id w4QNE9qn067546 for svn-soc-all@FreeBSD.org; Sat, 26 May 2018 23:14:09 GMT (envelope-from aniketp@FreeBSD.org) Date: Sat, 26 May 2018 23:14:09 GMT Message-Id: <201805262314.w4QNE9qn067546@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to aniketp@FreeBSD.org using -f From: aniketp@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r337254 - soc2018/aniketp/head/tests/sys/audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 May 2018 23:14:13 -0000 Author: aniketp Date: Sat May 26 23:14:07 2018 New Revision: 337254 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=337254 Log: Complete all test cases for 'network' audit class Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-access.c soc2018/aniketp/head/tests/sys/audit/network.c Modified: soc2018/aniketp/head/tests/sys/audit/file-attribute-access.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/file-attribute-access.c Sat May 26 01:31:51 2018 (r337253) +++ soc2018/aniketp/head/tests/sys/audit/file-attribute-access.c Sat May 26 23:14:07 2018 (r337254) @@ -43,7 +43,6 @@ #include "utils.h" static struct pollfd fds[1]; - static fhandle_t fht; static mode_t mode = 0777; static char extregex[80]; @@ -373,6 +372,108 @@ } +ATF_TC_WITH_CLEANUP(getfh_success); +ATF_TC_HEAD(getfh_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getfh(2) call"); +} + +ATF_TC_BODY(getfh_success, tc) +{ + atf_tc_expect_fail("getfh(2) is audited as nfs_getfh(2) in 'ad'" + "audit class in success mode"); + + /* File needs to exist to get a file-handle */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + const char *regex = "getfh.*return,success"; + FILE *pipefd = setup(fds, "fa"); + ATF_REQUIRE_EQ(0, getfh(path, &fht)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(getfh_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getfh_failure); +ATF_TC_HEAD(getfh_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getfh(2) call"); +} + +ATF_TC_BODY(getfh_failure, tc) +{ + atf_tc_expect_fail("getfh(2) is audited as nfs_getfh(2) in 'ad'" + "audit class in failure mode"); + + const char *regex = "getfh.*return,failure"; + FILE *pipefd = setup(fds, "fa"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(0, lgetfh(errpath, &fht)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(getfh_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lgetfh_success); +ATF_TC_HEAD(lgetfh_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lgetfh(2) call"); +} + +ATF_TC_BODY(lgetfh_success, tc) +{ + /* BSM conversion requested for unknown event 43061 */ + atf_tc_expect_fail("lgetfh(2) does not get audited in success mode"); + + /* Symbolic link needs to exist to get a file-handle */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + const char *regex = "lgetfh.*return,success"; + FILE *pipefd = setup(fds, "fa"); + ATF_REQUIRE_EQ(0, lgetfh(path, &fht)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(lgetfh_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lgetfh_failure); +ATF_TC_HEAD(lgetfh_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lgetfh(2) call"); +} + +ATF_TC_BODY(lgetfh_failure, tc) +{ + /* BSM conversion requested for unknown event 43061 */ + atf_tc_expect_fail("lgetfh(2) does not get audited in failure mode"); + + const char *regex = "lgetfh.*return,failure"; + FILE *pipefd = setup(fds, "fa"); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(0, lgetfh(errpath, &fht)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(lgetfh_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(fhopen_success); ATF_TC_HEAD(fhopen_success, tc) { @@ -1901,6 +2002,11 @@ ATF_TP_ADD_TC(tp, getfsstat_success); ATF_TP_ADD_TC(tp, getfsstat_failure); + ATF_TP_ADD_TC(tp, getfh_success); + ATF_TP_ADD_TC(tp, getfh_failure); + ATF_TP_ADD_TC(tp, lgetfh_success); + ATF_TP_ADD_TC(tp, lgetfh_failure); + ATF_TP_ADD_TC(tp, fhopen_success); ATF_TP_ADD_TC(tp, fhopen_failure); ATF_TP_ADD_TC(tp, fhstat_success); Modified: soc2018/aniketp/head/tests/sys/audit/network.c ============================================================================== --- soc2018/aniketp/head/tests/sys/audit/network.c Sat May 26 01:31:51 2018 (r337253) +++ soc2018/aniketp/head/tests/sys/audit/network.c Sat May 26 23:14:07 2018 (r337254) @@ -27,7 +27,11 @@ */ #include +#include #include +#include +#include +#include #include #include @@ -35,17 +39,24 @@ #include #include +#include #include #include "utils.h" + #define ERROR (-1) #define SERVER_PATH "server" +#define MAX_DATA 1024 +static struct pollfd fds[1]; static int sockfd, sockfd2; static int tr = 1; static socklen_t len; -static struct pollfd fds[1]; -static char regex[40]; +static mode_t mode = 0777; +static char regex[60]; +static char data[MAX_DATA]; +static char msgbuff[] = "Sample Message"; +static const char *path = "fileforaudit"; /* * Assign local address to a server's socket @@ -58,6 +69,65 @@ strcpy(server->sun_path, SERVER_PATH); } +/* + * Check the read status of client socket descriptor + */ +static int +check_readfs(int clientfd) +{ + struct timeval timeout; + timeout.tv_sec = 5; + timeout.tv_usec = 0; + + /* Initialize fd_set using the provided MACROS for select() */ + fd_set readfs; + FD_ZERO(&readfs); + FD_SET(clientfd, &readfs); + + /* Check if clientfd is ready for receiving data and return */ + ATF_REQUIRE(select(clientfd+1, &readfs, NULL, NULL, &timeout) > 0); + return (FD_ISSET(clientfd, &readfs)); +} + +/* + * Initialize iovec structure to be used as a field of struct msghdr + */ +static void +init_iov(struct iovec *io, char msgbuf[], int DATALEN) +{ + io->iov_base = msgbuf; + io->iov_len = DATALEN; +} + +/* + * Initialize msghdr structure for communication via datagram sockets + */ +static void +init_msghdr(struct msghdr *hdrbuf, struct iovec *io, struct sockaddr_un *address) +{ + ssize_t length; + length = sizeof(struct sockaddr_un); + hdrbuf->msg_name = address; + hdrbuf->msg_namelen = length; + hdrbuf->msg_iov = io; + hdrbuf->msg_iovlen = 1; +} + +/* + * Variadic function to close socket descriptors + */ +static void +close_sockets(int count, ...) +{ + int sockd; + va_list socklist; + va_start(socklist, count); + for (sockd = 0; sockd < count; sockd++) { + close(va_arg(socklist, int)); + } + va_end(socklist); +} + ATF_TC_WITH_CLEANUP(socket_success); ATF_TC_HEAD(socket_success, tc) @@ -71,7 +141,7 @@ FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of sockfd in audit record */ - snprintf(regex, 30, "socket.*return,success,%d", sockfd); + snprintf(regex, 60, "socket.*return,success,%d", sockfd); check_audit(fds, regex, pipefd); close(sockfd); } @@ -94,7 +164,7 @@ FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, socket(ERROR, SOCK_STREAM, 0)); /* Check the presence of hex(-1) in audit record */ - snprintf(regex, 40, "socket.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "socket.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); } @@ -117,12 +187,10 @@ FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, socketpair(PF_UNIX, SOCK_STREAM, 0, sv)); /* Check the presence of 0x0 in audit record */ - snprintf(regex, 40, "socketpair.*0x0.*return,success"); + snprintf(regex, 60, "socketpair.*0x0.*return,success"); check_audit(fds, regex, pipefd); - /* Close all socket descriptors */ - close(sv[0]); - close(sv[1]); + close_sockets(2, sv[0], sv[1]); } ATF_TC_CLEANUP(socketpair_success, tc) @@ -144,7 +212,7 @@ FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, socketpair(ERROR, SOCK_STREAM, 0, &sv)); /* Check the presence of hex(-1) in audit record */ - snprintf(regex, 40, "socketpair.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "socketpair.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); } @@ -165,7 +233,7 @@ { ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of sockfd in audit record */ - snprintf(regex, 30, "setsockopt.*0x%x.*return,success", sockfd); + snprintf(regex, 60, "setsockopt.*0x%x.*return,success", sockfd); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &tr, \ @@ -193,7 +261,7 @@ ATF_REQUIRE_EQ(-1, setsockopt(ERROR, SOL_SOCKET, SO_REUSEADDR, &tr, \ sizeof(int))); /* Check the presence of hex(-1) in audit record */ - snprintf(regex, 40, "setsockopt.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "setsockopt.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); } @@ -219,7 +287,7 @@ /* Preliminary socket setup */ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of AF_UNIX address path in audit record */ - snprintf(regex, 30, "bind.*unix.*%s.*return,success", SERVER_PATH); + snprintf(regex, 60, "bind.*unix.*%s.*return,success", SERVER_PATH); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); @@ -250,7 +318,7 @@ FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, bind(-1, (struct sockaddr *)&server, len)); /* Check the presence of hex(-1) and AF_UNIX path in audit record */ - snprintf(regex, 40, "bind.*0x%x.*%s.*return,failure", ERROR, SERVER_PATH); + snprintf(regex, 60, "bind.*0x%x.*%s.*return,failure", ERROR, SERVER_PATH); check_audit(fds, regex, pipefd); } @@ -276,7 +344,7 @@ /* Preliminary socket setup */ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of socket descriptor in audit record */ - snprintf(regex, 30, "bindat.*0x%x.*return,success", sockfd); + snprintf(regex, 60, "bindat.*0x%x.*return,success", sockfd); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, bindat(AT_FDCWD, sockfd, \ @@ -308,7 +376,7 @@ FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, bindat(AT_FDCWD, -1, (struct sockaddr *)&server, len)); /* Check the presence of hex(-1) in audit record */ - snprintf(regex, 40, "bindat.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "bindat.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); } @@ -335,7 +403,7 @@ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); /* Check the presence of socket descriptor in the audit record */ - snprintf(regex, 30, "listen.*0x%x.*return,success", sockfd); + snprintf(regex, 60, "listen.*0x%x.*return,success", sockfd); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, listen(sockfd, 1)); @@ -361,7 +429,7 @@ FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, listen(ERROR, 1)); /* Check the presence of hex(-1) in audit record */ - snprintf(regex, 40, "listen.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "listen.*0x%x.*return,failure", ERROR); check_audit(fds, regex, pipefd); } @@ -396,15 +464,14 @@ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Audit record must contain AF_UNIX address path & sockfd2 */ - snprintf(regex, 40, "connect.*0x%x.*%s.*success", sockfd2, SERVER_PATH); + snprintf(regex, 60, "connect.*0x%x.*%s.*success", sockfd2, SERVER_PATH); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); check_audit(fds, regex, pipefd); /* Close all socket descriptors */ - close(sockfd); - close(sockfd2); + close_sockets(2, sockfd, sockfd2); } ATF_TC_CLEANUP(connect_success, tc) @@ -428,7 +495,7 @@ len = sizeof(struct sockaddr_un); /* Audit record must contain AF_UNIX address path & Hex(-1) */ - snprintf(regex, 40, "connect.*0x%x.*%s.*failure", ERROR, SERVER_PATH); + snprintf(regex, 60, "connect.*0x%x.*%s.*failure", ERROR, SERVER_PATH); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, connect(ERROR, (struct sockaddr *)&server, len)); @@ -466,7 +533,7 @@ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Audit record must contain sockfd2 */ - snprintf(regex, 30, "connectat.*0x%x.*return,success", sockfd2); + snprintf(regex, 60, "connectat.*0x%x.*return,success", sockfd2); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, connectat(AT_FDCWD, sockfd2, \ @@ -474,8 +541,7 @@ check_audit(fds, regex, pipefd); /* Close all socket descriptors */ - close(sockfd); - close(sockfd2); + close_sockets(2, sockfd, sockfd2); } ATF_TC_CLEANUP(connectat_success, tc) @@ -499,7 +565,7 @@ len = sizeof(struct sockaddr_un); /* Audit record must contain Hex(-1) */ - snprintf(regex, 30, "connectat.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "connectat.*0x%x.*return,failure", ERROR); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, connectat(AT_FDCWD, ERROR, \ @@ -543,15 +609,13 @@ ATF_REQUIRE((clientfd = accept(sockfd, \ (struct sockaddr *)&client, &len)) != -1); - /* Audit record must contain clientfd & sockfd2 */ - snprintf(regex, 40, \ + /* Audit record must contain clientfd & sockfd */ + snprintf(regex, 60, \ "accept.*0x%x.*return,success,%d", sockfd, clientfd); check_audit(fds, regex, pipefd); /* Close all socket descriptors */ - close(sockfd); - close(sockfd2); - close(clientfd); + close_sockets(3, sockfd, sockfd2, clientfd); } ATF_TC_CLEANUP(accept_success, tc) @@ -574,7 +638,7 @@ len = sizeof(struct sockaddr_un); /* Audit record must contain Hex(-1) */ - snprintf(regex, 30, "accept.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "accept.*0x%x.*return,failure", ERROR); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, accept(ERROR, (struct sockaddr *)&client, &len)); @@ -587,6 +651,465 @@ } +ATF_TC_WITH_CLEANUP(send_success); +ATF_TC_HEAD(send_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "send(2) call"); +} + +ATF_TC_BODY(send_success, tc) +{ + /* Preliminary socket setup */ + int clientfd; + ssize_t bytes_sent; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + /* Bind to the specified address and wait for connection */ + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client and connect with non-blocking server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + ATF_REQUIRE((clientfd = accept(sockfd, \ + (struct sockaddr *)&client, &len)) != -1); + + /* Send a sample message to the connected socket */ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE((bytes_sent = \ + send(sockfd2, msgbuff, strlen(msgbuff), 0)) != -1); + + /* Audit record must contain sockfd2 and bytes_sent */ + snprintf(regex, 60, \ + "send.*0x%x.*return,success,%zd", sockfd2, bytes_sent); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close_sockets(3, sockfd, sockfd2, clientfd); +} + +ATF_TC_CLEANUP(send_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(send_failure); +ATF_TC_HEAD(send_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "send(2) call"); +} + +ATF_TC_BODY(send_failure, tc) +{ + /* Audit record must contain Hex(-1) */ + snprintf(regex, 60, "send.*0x%x.*return,failure", ERROR); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, send(ERROR, msgbuff, strlen(msgbuff), 0)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(send_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recv_success); +ATF_TC_HEAD(recv_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "recv(2) call"); +} + +ATF_TC_BODY(recv_success, tc) +{ + /* Preliminary socket setup */ + int clientfd; + ssize_t bytes_recv; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + /* Bind to the specified address and wait for connection */ + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client and connect with non-blocking server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + ATF_REQUIRE((clientfd = accept(sockfd, \ + (struct sockaddr *)&client, &len)) != -1); + /* Send a sample message to the connected socket */ + ATF_REQUIRE(send(sockfd2, msgbuff, strlen(msgbuff), 0) != -1); + + /* Receive data once clientfd is ready for reading */ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE(check_readfs(clientfd) != 0); + ATF_REQUIRE((bytes_recv = recv(clientfd, data, MAX_DATA, 0)) != 0); + + /* Audit record must contain clientfd and bytes_recv */ + snprintf(regex, 60, \ + "recv.*0x%x.*return,success,%zd", clientfd, bytes_recv); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close_sockets(3, sockfd, sockfd2, clientfd); +} + +ATF_TC_CLEANUP(recv_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recv_failure); +ATF_TC_HEAD(recv_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "recv(2) call"); +} + +ATF_TC_BODY(recv_failure, tc) +{ + /* Audit record must contain Hex(-1) */ + snprintf(regex, 60, "recv.*0x%x.*return,failure", ERROR); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, recv(ERROR, data, MAX_DATA, 0)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(recv_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(sendto_success); +ATF_TC_HEAD(sendto_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "sendto(2) call"); +} + +ATF_TC_BODY(sendto_success, tc) +{ + /* Preliminary socket setup */ + int clientfd; + ssize_t bytes_sent; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + /* Bind to the specified address and wait for connection */ + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client and connect with non-blocking server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + ATF_REQUIRE((clientfd = accept(sockfd, \ + (struct sockaddr *)&client, &len)) != -1); + + /* Send a sample message to client's address */ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE((bytes_sent = sendto(sockfd2, msgbuff, \ + strlen(msgbuff), 0, (struct sockaddr *)&client, len)) != -1); + + /* Audit record must contain sockfd2 and bytes_sent */ + snprintf(regex, 60, \ + "sendto.*0x%x.*return,success,%zd", sockfd2, bytes_sent); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close_sockets(3, sockfd, sockfd2, clientfd); +} + +ATF_TC_CLEANUP(sendto_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(sendto_failure); +ATF_TC_HEAD(sendto_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "sendto(2) call"); +} + +ATF_TC_BODY(sendto_failure, tc) +{ + /* Preliminary client address setup */ + struct sockaddr_un client; + len = sizeof(struct sockaddr_un); + + /* Audit record must contain Hex(-1) */ + snprintf(regex, 60, "sendto.*0x%x.*return,failure", ERROR); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, sendto(ERROR, msgbuff, \ + strlen(msgbuff), 0, (struct sockaddr *)&client, len)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(sendto_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recvfrom_success); +ATF_TC_HEAD(recvfrom_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "recvfrom(2) call"); +} + +ATF_TC_BODY(recvfrom_success, tc) +{ + /* Preliminary socket setup */ + int clientfd; + ssize_t bytes_recv; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Server Socket: Assign address and listen for connection */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + /* Bind to the specified address and wait for connection */ + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client and connect with non-blocking server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + ATF_REQUIRE((clientfd = accept(sockfd, \ + (struct sockaddr *)&client, &len)) != -1); + /* Send a sample message to the connected socket */ + ATF_REQUIRE(send(sockfd2, msgbuff, strlen(msgbuff), 0) != -1); + + /* Receive data once clientfd is ready for reading */ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE(check_readfs(clientfd) != 0); + ATF_REQUIRE((bytes_recv = recvfrom(clientfd, data, \ + MAX_DATA, 0, (struct sockaddr *)&client, &len)) != 0); + + /* Audit record must contain clientfd and bytes_sent */ + snprintf(regex, 60, \ + "recvfrom.*0x%x.*return,success,%zd", clientfd, bytes_recv); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close_sockets(3, sockfd, sockfd2, clientfd); +} + +ATF_TC_CLEANUP(recvfrom_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recvfrom_failure); +ATF_TC_HEAD(recvfrom_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "recvfrom(2) call"); +} + +ATF_TC_BODY(recvfrom_failure, tc) +{ + /* Preliminary client address setup */ + struct sockaddr_un client; + len = sizeof(struct sockaddr_un); + + /* Audit record must contain Hex(-1) */ + snprintf(regex, 60, "recvfrom.*0x%x.*return,failure", ERROR); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, recvfrom(ERROR, data, \ + MAX_DATA, 0, (struct sockaddr *)&client, &len)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(recvfrom_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(sendmsg_success); +ATF_TC_HEAD(sendmsg_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "recvmsg(2) call"); +} + +ATF_TC_BODY(sendmsg_success, tc) +{ + /* Preliminary socket setup */ + ssize_t bytes_sent; + struct msghdr sendbuf = {}, recvbuf = {}; + struct iovec io1, io2; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Create a datagram server socket & bind to UNIX address family */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + + /* Message buffer to be sent to the server */ + init_iov(&io1, msgbuff, sizeof(msgbuff)); + init_msghdr(&sendbuf, &io1, &server); + + /* Prepare buffer to store the received data in */ + init_iov(&io2, data, MAX_DATA); + init_msghdr(&recvbuf, &io2, &client); + + /* Set up "blocking" UDP client to communicate with the server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + + /* Send a sample message to the specified client address */ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE((bytes_sent = sendmsg(sockfd2, &sendbuf, 0)) != -1); + + /* Audit record must contain sockfd2 and bytes_sent */ + snprintf(regex, 60, \ + "sendmsg.*0x%x.*return,success,%zd", sockfd2, bytes_sent); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close_sockets(2, sockfd, sockfd2); +} + +ATF_TC_CLEANUP(sendmsg_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(sendmsg_failure); +ATF_TC_HEAD(sendmsg_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "sendmsg(2) call"); +} + +ATF_TC_BODY(sendmsg_failure, tc) +{ + struct msghdr msgbuf; + /* Audit record must contain Hex(-1) */ + snprintf(regex, 60, "sendmsg.*return,failure : Message too long"); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, sendmsg(ERROR, &msgbuf, 0)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(sendmsg_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recvmsg_success); +ATF_TC_HEAD(recvmsg_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "recvmsg(2) call"); +} + +ATF_TC_BODY(recvmsg_success, tc) +{ + /* Preliminary socket setup */ + ssize_t bytes_recv; + struct msghdr sendbuf = {}, recvbuf = {}; + struct iovec io1, io2; + struct sockaddr_un server, client; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Create a datagram server socket & bind to UNIX address family */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + /* Non-blocking server socket */ + ATF_REQUIRE(fcntl(sockfd, F_SETFL, O_NONBLOCK) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + + /* Message buffer to be sent to the server */ + init_iov(&io1, msgbuff, sizeof(msgbuff)); + init_msghdr(&sendbuf, &io1, &server); + + /* Prepare buffer to store the received data in */ + init_iov(&io2, data, MAX_DATA); + init_msghdr(&recvbuf, &io2, &client); + + /* Set up "blocking" UDP client to communicate with the server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + /* Send a sample message to the connected socket */ + ATF_REQUIRE(sendmsg(sockfd2, &sendbuf, 0) != -1); + + /* Receive data once clientfd is ready for reading */ + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE(check_readfs(sockfd) != 0); + ATF_REQUIRE((bytes_recv = recvmsg(sockfd, &recvbuf, 0)) != -1); + + /* Audit record must contain sockfd and bytes_recv */ + snprintf(regex, 60, \ + "recvmsg.*0x%x.*return,success,%zd", sockfd, bytes_recv); + check_audit(fds, regex, pipefd); + + /* Close all socket descriptors */ + close_sockets(2, sockfd, sockfd2); +} + +ATF_TC_CLEANUP(recvmsg_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recvmsg_failure); +ATF_TC_HEAD(recvmsg_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "recvmsg(2) call"); +} + +ATF_TC_BODY(recvmsg_failure, tc) +{ + struct msghdr msgbuf; + /* Audit record must contain Hex(-1) */ + snprintf(regex, 60, "recvmsg.*return,failure : Message too long"); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, recvmsg(ERROR, &msgbuf, 0)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(recvmsg_failure, tc) +{ + cleanup(); +} + + + ATF_TC_WITH_CLEANUP(shutdown_success); ATF_TC_HEAD(shutdown_success, tc) { @@ -609,23 +1132,21 @@ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); ATF_REQUIRE_EQ(0, listen(sockfd, 1)); - /* Set up "blocking" client and connect with non-blocking server*/ + /* Set up "blocking" client and connect with non-blocking server */ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); ATF_REQUIRE((clientfd = accept(sockfd, \ (struct sockaddr *)&client, &len)) != -1); - /* Audit record must contain clientfd & sockfd2 */ - snprintf(regex, 40, "shutdown.*0x%x.*return,success", clientfd); + /* Audit record must contain clientfd */ + snprintf(regex, 60, "shutdown.*0x%x.*return,success", clientfd); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(0, shutdown(clientfd, SHUT_RDWR)); check_audit(fds, regex, pipefd); /* Close all socket descriptors */ - close(sockfd); - close(sockfd2); - close(clientfd); + close_sockets(3, sockfd, sockfd2, clientfd); } ATF_TC_CLEANUP(shutdown_success, tc) @@ -644,7 +1165,7 @@ ATF_TC_BODY(shutdown_failure, tc) { /* Audit record must contain Hex(-1) */ - snprintf(regex, 30, "shutdown.*0x%x.*return,failure", ERROR); + snprintf(regex, 60, "shutdown.*0x%x.*return,failure", ERROR); FILE *pipefd = setup(fds, "nt"); ATF_REQUIRE_EQ(-1, shutdown(ERROR, SHUT_RDWR)); check_audit(fds, regex, pipefd); @@ -656,6 +1177,104 @@ } +ATF_TC_WITH_CLEANUP(sendfile_success); +ATF_TC_HEAD(sendfile_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "sendfile(2) call"); +} + +ATF_TC_BODY(sendfile_success, tc) +{ + int filedesc; + filedesc = open(path, O_CREAT | O_RDONLY, mode); + /* Create a simple UNIX socket to send out random data */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of sockfd,non-file in the audit record */ + snprintf(regex, 60, "sendfile.*0x%x,non-file.*return,success", filedesc); + + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(0, sendfile(filedesc, sockfd, 0, 0, NULL, NULL, 0)); + check_audit(fds, regex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(sendfile_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(sendfile_failure); +ATF_TC_HEAD(sendfile_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "sendfile(2) call"); +} + +ATF_TC_BODY(sendfile_failure, tc) +{ + /* Audit record must contain Hex(-1) */ + snprintf(regex, 60, "sendfile.*0x%x.*return,failure", ERROR); + FILE *pipefd = setup(fds, "nt"); + ATF_REQUIRE_EQ(-1, sendfile(ERROR, ERROR, 0, 0, NULL, NULL, 0)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(sendfile_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setfib_success); +ATF_TC_HEAD(setfib_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setfib(2) call"); +} + +ATF_TC_BODY(setfib_success, tc) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***