From owner-svn-src-head@freebsd.org Sun Jun 10 21:36:30 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 380F0100A9D0; Sun, 10 Jun 2018 21:36:30 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DF5C579AEB; Sun, 10 Jun 2018 21:36:29 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BC60112687; Sun, 10 Jun 2018 21:36:29 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5ALaT1E073836; Sun, 10 Jun 2018 21:36:29 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5ALaTrG073834; Sun, 10 Jun 2018 21:36:29 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201806102136.w5ALaTrG073834@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Sun, 10 Jun 2018 21:36:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r334933 - head/tests/sys/audit X-SVN-Group: head X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: head/tests/sys/audit X-SVN-Commit-Revision: 334933 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jun 2018 21:36:30 -0000 Author: asomers Date: Sun Jun 10 21:36:29 2018 New Revision: 334933 URL: https://svnweb.freebsd.org/changeset/base/334933 Log: audit(4): add tests for stat(2) and friends This revision adds auditability tests for stat, lstat, fstat, and fstatat, all from the fa audit class. More tests from that audit class will follow. Submitted by: aniketp MFC after: 2 weeks Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15709 Added: head/tests/sys/audit/file-attribute-access.c (contents, props changed) Modified: head/tests/sys/audit/Makefile Modified: head/tests/sys/audit/Makefile ============================================================================== --- head/tests/sys/audit/Makefile Sun Jun 10 19:42:44 2018 (r334932) +++ head/tests/sys/audit/Makefile Sun Jun 10 21:36:29 2018 (r334933) @@ -2,13 +2,16 @@ TESTSDIR= ${TESTSBASE}/sys/audit -ATF_TESTS_C= file-create +ATF_TESTS_C= file-attribute-access +ATF_TESTS_C+= file-create ATF_TESTS_C+= file-delete ATF_TESTS_C+= file-close ATF_TESTS_C+= file-write ATF_TESTS_C+= file-read ATF_TESTS_C+= open +SRCS.file-attribute-access+= file-attribute-access.c +SRCS.file-attribute-access+= utils.c SRCS.file-create+= file-create.c SRCS.file-create+= utils.c SRCS.file-delete+= file-delete.c Added: head/tests/sys/audit/file-attribute-access.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/audit/file-attribute-access.c Sun Jun 10 21:36:29 2018 (r334933) @@ -0,0 +1,239 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; +static mode_t mode = 0777; +static char extregex[80]; +static struct stat statbuff; +static const char *auclass = "fa"; +static const char *path = "fileforaudit"; +static const char *errpath = "dirdoesnotexist/fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(stat_success); +ATF_TC_HEAD(stat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "stat(2) call"); +} + +ATF_TC_BODY(stat_success, tc) +{ + /* File needs to exist to call stat(2) */ + ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, stat(path, &statbuff)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(stat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(stat_failure); +ATF_TC_HEAD(stat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "stat(2) call"); +} + +ATF_TC_BODY(stat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, stat(errpath, &statbuff)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(stat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lstat_success); +ATF_TC_HEAD(lstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lstat(2) call"); +} + +ATF_TC_BODY(lstat_success, tc) +{ + /* Symbolic link needs to exist to call lstat(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, lstat(path, &statbuff)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lstat_failure); +ATF_TC_HEAD(lstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lstat(2) call"); +} + +ATF_TC_BODY(lstat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lstat(errpath, &statbuff)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstat_success); +ATF_TC_HEAD(fstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstat(2) call"); +} + +ATF_TC_BODY(fstat_success, tc) +{ + int filedesc; + /* File needs to exist to call fstat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fstat(filedesc, &statbuff)); + + snprintf(extregex, sizeof(extregex), + "fstat.*%jd.*return,success", (intmax_t)statbuff.st_ino); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(fstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstat_failure); +ATF_TC_HEAD(fstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fstat(2) call"); +} + +ATF_TC_BODY(fstat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + const char *regex = "fstat.*return,failure : Bad file descriptor"; + /* Failure reason: bad file descriptor */ + ATF_REQUIRE_EQ(-1, fstat(-1, &statbuff)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatat_success); +ATF_TC_HEAD(fstatat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstatat(2) call"); +} + +ATF_TC_BODY(fstatat_success, tc) +{ + /* File or Symbolic link needs to exist to call lstat(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fstatat(AT_FDCWD, path, &statbuff, + AT_SYMLINK_NOFOLLOW)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(fstatat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatat_failure); +ATF_TC_HEAD(fstatat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fstatat(2) call"); +} + +ATF_TC_BODY(fstatat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, fstatat(AT_FDCWD, path, &statbuff, + AT_SYMLINK_NOFOLLOW)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fstatat_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, stat_success); + ATF_TP_ADD_TC(tp, stat_failure); + ATF_TP_ADD_TC(tp, lstat_success); + ATF_TP_ADD_TC(tp, lstat_failure); + ATF_TP_ADD_TC(tp, fstat_success); + ATF_TP_ADD_TC(tp, fstat_failure); + ATF_TP_ADD_TC(tp, fstatat_success); + ATF_TP_ADD_TC(tp, fstatat_failure); + + return (atf_no_error()); +}