From owner-svn-src-head@freebsd.org Fri Jun 15 16:41:29 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EBED10130FC; Fri, 15 Jun 2018 16:41:29 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 44BCA77587; Fri, 15 Jun 2018 16:41:29 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 25C4C1A026; Fri, 15 Jun 2018 16:41:29 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5FGfTWk017459; Fri, 15 Jun 2018 16:41:29 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5FGfS0h017457; Fri, 15 Jun 2018 16:41:28 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201806151641.w5FGfS0h017457@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Fri, 15 Jun 2018 16:41:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r335215 - head/tests/sys/audit X-SVN-Group: head X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: head/tests/sys/audit X-SVN-Commit-Revision: 335215 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2018 16:41:29 -0000 Author: asomers Date: Fri Jun 15 16:41:28 2018 New Revision: 335215 URL: https://svnweb.freebsd.org/changeset/base/335215 Log: audit(4): Add a few tests for network-related syscalls Add tests for socket(2), socketpair(2), and setsockopt(2) Submitted by: aniketp MFC after: 2 weeks Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15803 Added: head/tests/sys/audit/network.c (contents, props changed) Modified: head/tests/sys/audit/Makefile Modified: head/tests/sys/audit/Makefile ============================================================================== --- head/tests/sys/audit/Makefile Fri Jun 15 16:32:18 2018 (r335214) +++ head/tests/sys/audit/Makefile Fri Jun 15 16:41:28 2018 (r335215) @@ -10,6 +10,7 @@ ATF_TESTS_C+= file-close ATF_TESTS_C+= file-write ATF_TESTS_C+= file-read ATF_TESTS_C+= open +ATF_TESTS_C+= network SRCS.file-attribute-access+= file-attribute-access.c SRCS.file-attribute-access+= utils.c @@ -27,6 +28,8 @@ SRCS.file-read+= file-read.c SRCS.file-read+= utils.c SRCS.open+= open.c SRCS.open+= utils.c +SRCS.network+= network.c +SRCS.network+= utils.c TEST_METADATA+= timeout="30" TEST_METADATA+= required_user="root" Added: head/tests/sys/audit/network.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/audit/network.c Fri Jun 15 16:41:28 2018 (r335215) @@ -0,0 +1,214 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include +#include +#include + +#include "utils.h" + +static int sockfd; +static struct pollfd fds[1]; +static char extregex[80]; +static const char *auclass = "nt"; +static const char *failregex = "return,failure : Address family " + "not supported by protocol family"; + +/* + * Variadic function to close socket descriptors + */ +static void +close_sockets(int count, ...) +{ + int sockd; + va_list socklist; + va_start(socklist, count); + for (sockd = 0; sockd < count; sockd++) { + close(va_arg(socklist, int)); + } + va_end(socklist); +} + + +ATF_TC_WITH_CLEANUP(socket_success); +ATF_TC_HEAD(socket_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "socket(2) call"); +} + +ATF_TC_BODY(socket_success, tc) +{ + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of sockfd in audit record */ + snprintf(extregex, sizeof(extregex), "socket.*ret.*success,%d", sockfd); + check_audit(fds, extregex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(socket_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socket_failure); +ATF_TC_HEAD(socket_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "socket(2) call"); +} + +ATF_TC_BODY(socket_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "socket.*%s", failregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Unsupported value of 'domain' argument: 0 */ + ATF_REQUIRE_EQ(-1, socket(0, SOCK_STREAM, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(socket_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socketpair_success); +ATF_TC_HEAD(socketpair_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "socketpair(2) call"); +} + +ATF_TC_BODY(socketpair_success, tc) +{ + int sv[2]; + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, socketpair(PF_UNIX, SOCK_STREAM, 0, sv)); + + /* Check for 0x0 (argument 3: default protocol) in the audit record */ + snprintf(extregex, sizeof(extregex), "socketpair.*0x0.*return,success"); + check_audit(fds, extregex, pipefd); + close_sockets(2, sv[0], sv[1]); +} + +ATF_TC_CLEANUP(socketpair_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socketpair_failure); +ATF_TC_HEAD(socketpair_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "socketpair(2) call"); +} + +ATF_TC_BODY(socketpair_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "socketpair.*%s", failregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Unsupported value of 'domain' argument: 0 */ + ATF_REQUIRE_EQ(-1, socketpair(0, SOCK_STREAM, 0, NULL)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(socketpair_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setsockopt_success); +ATF_TC_HEAD(setsockopt_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setsockopt(2) call"); +} + +ATF_TC_BODY(setsockopt_success, tc) +{ + int tr = 1; + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of sockfd in audit record */ + snprintf(extregex, sizeof(extregex), + "setsockopt.*0x%x.*return,success", sockfd); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, + SO_REUSEADDR, &tr, sizeof(int))); + check_audit(fds, extregex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(setsockopt_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setsockopt_failure); +ATF_TC_HEAD(setsockopt_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setsockopt(2) call"); +} + +ATF_TC_BODY(setsockopt_failure, tc) +{ + int tr = 1; + const char *regex = "setsockopt.*fail.*Socket operation on non-socket"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: No socket descriptor with the value of 0 exists */ + ATF_REQUIRE_EQ(-1, setsockopt(0, SOL_SOCKET, + SO_REUSEADDR, &tr, sizeof(int))); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(setsockopt_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, socket_success); + ATF_TP_ADD_TC(tp, socket_failure); + ATF_TP_ADD_TC(tp, socketpair_success); + ATF_TP_ADD_TC(tp, socketpair_failure); + ATF_TP_ADD_TC(tp, setsockopt_success); + ATF_TP_ADD_TC(tp, setsockopt_failure); + + return (atf_no_error()); +}