Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Oct 2018 17:07:10 +0000 (UTC)
From:      Alan Somers <asomers@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r339089 - stable/11/tests/sys/audit
Message-ID:  <201810021707.w92H7Avj061947@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: asomers
Date: Tue Oct  2 17:07:10 2018
New Revision: 339089
URL: https://svnweb.freebsd.org/changeset/base/339089

Log:
  MFC r335261, r335275, r335284-r335285, r335294, r335318, r335320, r335703
  
  r335261:
  audit(4): add tests for pathconf(2) and friends
  
  pathconf, lpathconf, and fpathconf are included
  
  Submitted by:	aniketp
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15842
  
  r335275:
  audit(4): add tests for chflags and friends
  
  chflags, fchflags, and lchflags (but not chflagsat) are included.
  
  Submitted by:	aniketp
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15854
  
  r335284:
  audit(4): add tests for extattr_get_file(2) and friends
  
  This commit includes extattr_{get_file, get_fd, get_link, list_file,
  list_fd, list_link}.  It does not include any syscalls that modify, set, or
  delete extended attributes, as those are in a different audit class.
  
  Submitted by:	aniketpt
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15859
  
  r335285:
  audit(4): Add tests for a few syscalls in the ad class
  
  The ad audit class is for administrative commands.  This commit adds test
  for settimeofday, adjtime, and getfh.
  
  Submitted by:	aniketp
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15861
  
  r335294:
  audit(4): add tests for connect, connectat, and accept
  
  Submitted by:	aniketp
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15853
  
  r335318:
  audit(4): add tests for extattr_set_file and friends
  
  Includes extattr_{set_file, _set_fd, _set_link, _delete_file, _delete_fd,
  _delete_link}
  
  Submitted by:	aniketp
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15867
  
  r335320:
  audit(4): Add tests for {get/set}auid, {get/set}audit, {get/set}audit_addr
  
  Submitted by:	aniketp
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15871
  
  r335703:
  audit(4): fix Coverity issues
  
  Fix several incorrect buffer size arguments and a file descriptor leak.
  
  Submitted by:	aniketp
  Reported by:	Coverity
  CID:		1393489 1393501 1393509 1393510 1393514 1393515 1393516
  CID:		1393517 1393518 1393519
  X-MFC-With:	335284
  X-MFC-With:	335318
  X-MFC-With:	335320
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D16000

Added:
  stable/11/tests/sys/audit/administrative.c
     - copied, changed from r335285, head/tests/sys/audit/administrative.c
Modified:
  stable/11/tests/sys/audit/Makefile
  stable/11/tests/sys/audit/file-attribute-access.c
  stable/11/tests/sys/audit/file-attribute-modify.c
  stable/11/tests/sys/audit/network.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/tests/sys/audit/Makefile
==============================================================================
--- stable/11/tests/sys/audit/Makefile	Tue Oct  2 17:01:42 2018	(r339088)
+++ stable/11/tests/sys/audit/Makefile	Tue Oct  2 17:07:10 2018	(r339089)
@@ -11,6 +11,7 @@ ATF_TESTS_C+=	file-write
 ATF_TESTS_C+=	file-read
 ATF_TESTS_C+=	open
 ATF_TESTS_C+=	network
+ATF_TESTS_C+=	administrative
 
 SRCS.file-attribute-access+=	file-attribute-access.c
 SRCS.file-attribute-access+=	utils.c
@@ -30,6 +31,8 @@ SRCS.open+=		open.c
 SRCS.open+=		utils.c
 SRCS.network+=		network.c
 SRCS.network+=		utils.c
+SRCS.administrative+=		administrative.c
+SRCS.administrative+=		utils.c
 
 TEST_METADATA+= timeout="30"
 TEST_METADATA+= required_user="root"

Copied and modified: stable/11/tests/sys/audit/administrative.c (from r335285, head/tests/sys/audit/administrative.c)
==============================================================================
--- head/tests/sys/audit/administrative.c	Sun Jun 17 16:24:46 2018	(r335285, copy source)
+++ stable/11/tests/sys/audit/administrative.c	Tue Oct  2 17:07:10 2018	(r339089)
@@ -39,7 +39,7 @@ static pid_t pid;
 static int filedesc;
 static mode_t mode = 0777;
 static struct pollfd fds[1];
-static char adregex[60];
+static char adregex[80];
 static const char *auclass = "ad";
 static const char *path = "fileforaudit";
 
@@ -163,7 +163,7 @@ ATF_TC_BODY(nfs_getfh_success, tc)
 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
 
 	/* File needs to exist to call getfh(2) */
-	ATF_REQUIRE(filedesc = open(path, O_CREAT, mode) != -1);
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
 	FILE *pipefd = setup(fds, auclass);
 	ATF_REQUIRE_EQ(0, getfh(path, &fhp));
 	check_audit(fds, adregex, pipefd);
@@ -200,6 +200,301 @@ ATF_TC_CLEANUP(nfs_getfh_failure, tc)
 }
 
 
+ATF_TC_WITH_CLEANUP(getauid_success);
+ATF_TC_HEAD(getauid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"getauid(2) call");
+}
+
+ATF_TC_BODY(getauid_success, tc)
+{
+	au_id_t auid;
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, getauid(&auid));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getauid_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getauid_failure);
+ATF_TC_HEAD(getauid_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"getauid(2) call");
+}
+
+ATF_TC_BODY(getauid_failure, tc)
+{
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, getauid(NULL));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getauid_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setauid_success);
+ATF_TC_HEAD(setauid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setauid(2) call");
+}
+
+ATF_TC_BODY(setauid_success, tc)
+{
+	au_id_t auid;
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
+	ATF_REQUIRE_EQ(0, getauid(&auid));
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setauid(&auid));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setauid_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setauid_failure);
+ATF_TC_HEAD(setauid_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setauid(2) call");
+}
+
+ATF_TC_BODY(setauid_failure, tc)
+{
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, setauid(NULL));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setauid_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_success);
+ATF_TC_HEAD(getaudit_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"getaudit(2) call");
+}
+
+ATF_TC_BODY(getaudit_success, tc)
+{
+	pid = getpid();
+	auditinfo_t auditinfo;
+	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_failure);
+ATF_TC_HEAD(getaudit_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"getaudit(2) call");
+}
+
+ATF_TC_BODY(getaudit_failure, tc)
+{
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, getaudit(NULL));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_success);
+ATF_TC_HEAD(setaudit_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setaudit(2) call");
+}
+
+ATF_TC_BODY(setaudit_success, tc)
+{
+	pid = getpid();
+	auditinfo_t auditinfo;
+	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
+	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_failure);
+ATF_TC_HEAD(setaudit_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setaudit(2) call");
+}
+
+ATF_TC_BODY(setaudit_failure, tc)
+{
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, setaudit(NULL));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_addr_success);
+ATF_TC_HEAD(getaudit_addr_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"getaudit_addr(2) call");
+}
+
+ATF_TC_BODY(getaudit_addr_success, tc)
+{
+	pid = getpid();
+	auditinfo_addr_t auditinfo;
+	snprintf(adregex, sizeof(adregex),
+		"getaudit_addr.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_addr_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
+ATF_TC_HEAD(getaudit_addr_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"getaudit_addr(2) call");
+}
+
+ATF_TC_BODY(getaudit_addr_failure, tc)
+{
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex),
+		"getaudit_addr.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_addr_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_addr_success);
+ATF_TC_HEAD(setaudit_addr_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setaudit_addr(2) call");
+}
+
+ATF_TC_BODY(setaudit_addr_success, tc)
+{
+	pid = getpid();
+	auditinfo_addr_t auditinfo;
+	snprintf(adregex, sizeof(adregex),
+		"setaudit_addr.*%d.*return,success", pid);
+
+	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_addr_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
+ATF_TC_HEAD(setaudit_addr_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setaudit_addr(2) call");
+}
+
+ATF_TC_BODY(setaudit_addr_failure, tc)
+{
+	pid = getpid();
+	snprintf(adregex, sizeof(adregex),
+		"setaudit_addr.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
+	check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_addr_failure, tc)
+{
+	cleanup();
+}
+
+
 ATF_TP_ADD_TCS(tp)
 {
 	ATF_TP_ADD_TC(tp, settimeofday_success);
@@ -209,6 +504,21 @@ ATF_TP_ADD_TCS(tp)
 
 	ATF_TP_ADD_TC(tp, nfs_getfh_success);
 	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
+
+	ATF_TP_ADD_TC(tp, getauid_success);
+	ATF_TP_ADD_TC(tp, getauid_failure);
+	ATF_TP_ADD_TC(tp, setauid_success);
+	ATF_TP_ADD_TC(tp, setauid_failure);
+
+	ATF_TP_ADD_TC(tp, getaudit_success);
+	ATF_TP_ADD_TC(tp, getaudit_failure);
+	ATF_TP_ADD_TC(tp, setaudit_success);
+	ATF_TP_ADD_TC(tp, setaudit_failure);
+
+	ATF_TP_ADD_TC(tp, getaudit_addr_success);
+	ATF_TP_ADD_TC(tp, getaudit_addr_failure);
+	ATF_TP_ADD_TC(tp, setaudit_addr_success);
+	ATF_TP_ADD_TC(tp, setaudit_addr_failure);
 
 	return (atf_no_error());
 }

Modified: stable/11/tests/sys/audit/file-attribute-access.c
==============================================================================
--- stable/11/tests/sys/audit/file-attribute-access.c	Tue Oct  2 17:01:42 2018	(r339088)
+++ stable/11/tests/sys/audit/file-attribute-access.c	Tue Oct  2 17:07:10 2018	(r339089)
@@ -26,6 +26,7 @@
  */
 
 #include <sys/param.h>
+#include <sys/extattr.h>
 #include <sys/ucred.h>
 #include <sys/mount.h>
 #include <sys/stat.h>
@@ -43,9 +44,11 @@ static pid_t pid;
 static fhandle_t fht;
 static int filedesc, fhdesc;
 static char extregex[80];
+static char buff[] = "ezio";
 static struct stat statbuff;
 static struct statfs statfsbuff;
 static const char *auclass = "fa";
+static const char *name = "authorname";
 static const char *path = "fileforaudit";
 static const char *errpath = "dirdoesnotexist/fileforaudit";
 static const char *successreg = "fileforaudit.*return,success";
@@ -661,6 +664,478 @@ ATF_TC_CLEANUP(faccessat_failure, tc)
 }
 
 
+ATF_TC_WITH_CLEANUP(pathconf_success);
+ATF_TC_HEAD(pathconf_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"pathconf(2) call");
+}
+
+ATF_TC_BODY(pathconf_success, tc)
+{
+	/* File needs to exist to call pathconf(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+	FILE *pipefd = setup(fds, auclass);
+	/* Get the maximum number of bytes of filename */
+	ATF_REQUIRE(pathconf(path, _PC_NAME_MAX) != -1);
+	check_audit(fds, successreg, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(pathconf_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(pathconf_failure);
+ATF_TC_HEAD(pathconf_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"pathconf(2) call");
+}
+
+ATF_TC_BODY(pathconf_failure, tc)
+{
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: file does not exist */
+	ATF_REQUIRE_EQ(-1, pathconf(errpath, _PC_NAME_MAX));
+	check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(pathconf_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lpathconf_success);
+ATF_TC_HEAD(lpathconf_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"lpathconf(2) call");
+}
+
+ATF_TC_BODY(lpathconf_success, tc)
+{
+	/* Symbolic link needs to exist to call lpathconf(2) */
+	ATF_REQUIRE_EQ(0, symlink("symlink", path));
+	FILE *pipefd = setup(fds, auclass);
+	/* Get the maximum number of bytes of symlink's name */
+	ATF_REQUIRE(lpathconf(path, _PC_SYMLINK_MAX) != -1);
+	check_audit(fds, successreg, pipefd);
+}
+
+ATF_TC_CLEANUP(lpathconf_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lpathconf_failure);
+ATF_TC_HEAD(lpathconf_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"lpathconf(2) call");
+}
+
+ATF_TC_BODY(lpathconf_failure, tc)
+{
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: symbolic link does not exist */
+	ATF_REQUIRE_EQ(-1, lpathconf(errpath, _PC_SYMLINK_MAX));
+	check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(lpathconf_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fpathconf_success);
+ATF_TC_HEAD(fpathconf_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"fpathconf(2) call");
+}
+
+ATF_TC_BODY(fpathconf_success, tc)
+{
+	pid = getpid();
+	snprintf(extregex, sizeof(extregex), "fpathconf.*%d.*success", pid);
+
+	/* File needs to exist to call fpathconf(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+	FILE *pipefd = setup(fds, auclass);
+	/* Get the maximum number of bytes of filename */
+	ATF_REQUIRE(fpathconf(filedesc, _PC_NAME_MAX) != -1);
+	check_audit(fds, extregex, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(fpathconf_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fpathconf_failure);
+ATF_TC_HEAD(fpathconf_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"fpathconf(2) call");
+}
+
+ATF_TC_BODY(fpathconf_failure, tc)
+{
+	FILE *pipefd = setup(fds, auclass);
+	const char *regex = "fpathconf.*return,failure : Bad file descriptor";
+	/* Failure reason: Bad file descriptor */
+	ATF_REQUIRE_EQ(-1, fpathconf(-1, _PC_NAME_MAX));
+	check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fpathconf_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_file_success);
+ATF_TC_HEAD(extattr_get_file_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"extattr_get_file(2) call");
+}
+
+ATF_TC_BODY(extattr_get_file_success, tc)
+{
+	/* File needs to exist to call extattr_get_file(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+	/* Set an extended attribute to be retrieved later on */
+	ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path,
+		EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff)));
+
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_get_file.*%s.*%s.*return,success", path, name);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(sizeof(buff), extattr_get_file(path,
+		EXTATTR_NAMESPACE_USER, name, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(extattr_get_file_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_file_failure);
+ATF_TC_HEAD(extattr_get_file_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"extattr_get_file(2) call");
+}
+
+ATF_TC_BODY(extattr_get_file_failure, tc)
+{
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_get_file.*%s.*%s.*failure", path, name);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: file does not exist */
+	ATF_REQUIRE_EQ(-1, extattr_get_file(path,
+		EXTATTR_NAMESPACE_USER, name, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_file_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_fd_success);
+ATF_TC_HEAD(extattr_get_fd_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"extattr_get_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_get_fd_success, tc)
+{
+	/* File needs to exist to call extattr_get_fd(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+	/* Set an extended attribute to be retrieved later on */
+	ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path,
+		EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff)));
+
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_get_fd.*%s.*return,success", name);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(sizeof(buff), extattr_get_fd(filedesc,
+		EXTATTR_NAMESPACE_USER, name, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(extattr_get_fd_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_fd_failure);
+ATF_TC_HEAD(extattr_get_fd_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"extattr_get_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_get_fd_failure, tc)
+{
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+	"extattr_get_fd.*%s.*return,failure : Bad file descriptor", name);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid file descriptor */
+	ATF_REQUIRE_EQ(-1, extattr_get_fd(-1,
+		EXTATTR_NAMESPACE_USER, name, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_fd_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_link_success);
+ATF_TC_HEAD(extattr_get_link_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"extattr_get_link(2) call");
+}
+
+ATF_TC_BODY(extattr_get_link_success, tc)
+{
+	/* Symbolic link needs to exist to call extattr_get_link(2) */
+	ATF_REQUIRE_EQ(0, symlink("symlink", path));
+	/* Set an extended attribute to be retrieved later on */
+	ATF_REQUIRE_EQ(sizeof(buff), extattr_set_link(path,
+		EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff)));
+
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_get_link.*%s.*%s.*return,success", path, name);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(sizeof(buff), extattr_get_link(path,
+		EXTATTR_NAMESPACE_USER, name, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_link_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_link_failure);
+ATF_TC_HEAD(extattr_get_link_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"extattr_get_link(2) call");
+}
+
+ATF_TC_BODY(extattr_get_link_failure, tc)
+{
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_get_link.*%s.*%s.*failure", path, name);
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: symbolic link does not exist */
+	ATF_REQUIRE_EQ(-1, extattr_get_link(path,
+		EXTATTR_NAMESPACE_USER, name, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_link_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_file_success);
+ATF_TC_HEAD(extattr_list_file_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"extattr_list_file(2) call");
+}
+
+ATF_TC_BODY(extattr_list_file_success, tc)
+{
+	int readbuff;
+	/* File needs to exist to call extattr_list_file(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE((readbuff = extattr_list_file(path,
+		EXTATTR_NAMESPACE_USER, NULL, 0)) != -1);
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_list_file.*%s.*return,success,%d", path, readbuff);
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_file_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_file_failure);
+ATF_TC_HEAD(extattr_list_file_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"extattr_list_file(2) call");
+}
+
+ATF_TC_BODY(extattr_list_file_failure, tc)
+{
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_list_file.*%s.*return,failure", path);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: file does not exist */
+	ATF_REQUIRE_EQ(-1, extattr_list_file(path,
+		EXTATTR_NAMESPACE_USER, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_file_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_fd_success);
+ATF_TC_HEAD(extattr_list_fd_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"extattr_list_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_list_fd_success, tc)
+{
+	int readbuff;
+	/* File needs to exist to call extattr_list_fd(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE((readbuff = extattr_list_fd(filedesc,
+		EXTATTR_NAMESPACE_USER, NULL, 0)) != -1);
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_list_fd.*return,success,%d", readbuff);
+	check_audit(fds, extregex, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(extattr_list_fd_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_fd_failure);
+ATF_TC_HEAD(extattr_list_fd_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"extattr_list_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_list_fd_failure, tc)
+{
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_list_fd.*return,failure : Bad file descriptor");
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid file descriptor */
+	ATF_REQUIRE_EQ(-1,
+		extattr_list_fd(-1, EXTATTR_NAMESPACE_USER, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_fd_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_link_success);
+ATF_TC_HEAD(extattr_list_link_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"extattr_list_link(2) call");
+}
+
+ATF_TC_BODY(extattr_list_link_success, tc)
+{
+	int readbuff;
+	/* Symbolic link needs to exist to call extattr_list_link(2) */
+	ATF_REQUIRE_EQ(0, symlink("symlink", path));
+	FILE *pipefd = setup(fds, auclass);
+
+	ATF_REQUIRE((readbuff = extattr_list_link(path,
+		EXTATTR_NAMESPACE_USER, NULL, 0)) != -1);
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_list_link.*%s.*return,success,%d", path, readbuff);
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_link_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_link_failure);
+ATF_TC_HEAD(extattr_list_link_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"extattr_list_link(2) call");
+}
+
+ATF_TC_BODY(extattr_list_link_failure, tc)
+{
+	/* Prepare the regex to be checked in the audit record */
+	snprintf(extregex, sizeof(extregex),
+		"extattr_list_link.*%s.*failure", path);
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: symbolic link does not exist */
+	ATF_REQUIRE_EQ(-1, extattr_list_link(path,
+		EXTATTR_NAMESPACE_USER, NULL, 0));
+	check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_link_failure, tc)
+{
+	cleanup();
+}
+
+
 ATF_TP_ADD_TCS(tp)
 {
 	ATF_TP_ADD_TC(tp, stat_success);
@@ -693,6 +1168,27 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, eaccess_failure);
 	ATF_TP_ADD_TC(tp, faccessat_success);
 	ATF_TP_ADD_TC(tp, faccessat_failure);
+
+	ATF_TP_ADD_TC(tp, pathconf_success);
+	ATF_TP_ADD_TC(tp, pathconf_failure);
+	ATF_TP_ADD_TC(tp, lpathconf_success);
+	ATF_TP_ADD_TC(tp, lpathconf_failure);
+	ATF_TP_ADD_TC(tp, fpathconf_success);
+	ATF_TP_ADD_TC(tp, fpathconf_failure);
+
+	ATF_TP_ADD_TC(tp, extattr_get_file_success);
+	ATF_TP_ADD_TC(tp, extattr_get_file_failure);
+	ATF_TP_ADD_TC(tp, extattr_get_fd_success);
+	ATF_TP_ADD_TC(tp, extattr_get_fd_failure);
+	ATF_TP_ADD_TC(tp, extattr_get_link_success);
+	ATF_TP_ADD_TC(tp, extattr_get_link_failure);
+
+	ATF_TP_ADD_TC(tp, extattr_list_file_success);
+	ATF_TP_ADD_TC(tp, extattr_list_file_failure);
+	ATF_TP_ADD_TC(tp, extattr_list_fd_success);
+	ATF_TP_ADD_TC(tp, extattr_list_fd_failure);
+	ATF_TP_ADD_TC(tp, extattr_list_link_success);
+	ATF_TP_ADD_TC(tp, extattr_list_link_failure);
 
 	return (atf_no_error());
 }

Modified: stable/11/tests/sys/audit/file-attribute-modify.c
==============================================================================
--- stable/11/tests/sys/audit/file-attribute-modify.c	Tue Oct  2 17:01:42 2018	(r339088)
+++ stable/11/tests/sys/audit/file-attribute-modify.c	Tue Oct  2 17:07:10 2018	(r339089)
@@ -25,6 +25,8 @@
  * $FreeBSD$
  */
 
+#include <sys/types.h>
+#include <sys/extattr.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 
@@ -37,11 +39,13 @@
 static pid_t pid;
 static uid_t uid = -1;
 static gid_t gid = -1;
-static int filedesc;
+static int filedesc, retval;
 static struct pollfd fds[1];
 static mode_t mode = 0777;
 static char extregex[80];
+static char buff[] = "ezio";
 static const char *auclass = "fm";
+static const char *name = "authorname";
 static const char *path = "fileforaudit";
 static const char *errpath = "adirhasnoname/fileforaudit";
 static const char *successreg = "fileforaudit.*return,success";
@@ -550,6 +554,468 @@ ATF_TC_CLEANUP(fchownat_failure, tc)
 }
 
 
+ATF_TC_WITH_CLEANUP(chflags_success);
+ATF_TC_HEAD(chflags_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"chflags(2) call");
+}
+
+ATF_TC_BODY(chflags_success, tc)
+{
+	/* File needs to exist to call chflags(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, chflags(path, UF_OFFLINE));
+	check_audit(fds, successreg, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(chflags_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chflags_failure);
+ATF_TC_HEAD(chflags_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"chflags(2) call");
+}
+
+ATF_TC_BODY(chflags_failure, tc)
+{
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: file does not exist */
+	ATF_REQUIRE_EQ(-1, chflags(errpath, UF_OFFLINE));
+	check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(chflags_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchflags_success);
+ATF_TC_HEAD(fchflags_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"fchflags(2) call");
+}
+
+ATF_TC_BODY(fchflags_success, tc)
+{
+	pid = getpid();
+	snprintf(extregex, sizeof(extregex), "fchflags.*%d.*ret.*success", pid);
+	/* File needs to exist to call fchflags(2) */
+	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, fchflags(filedesc, UF_OFFLINE));
+	check_audit(fds, extregex, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchflags_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchflags_failure);
+ATF_TC_HEAD(fchflags_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"fchflags(2) call");
+}
+
+ATF_TC_BODY(fchflags_failure, tc)

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810021707.w92H7Avj061947>