From owner-svn-src-stable@freebsd.org Tue Oct 2 17:38:59 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F7EA10A630C; Tue, 2 Oct 2018 17:38:59 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0FCC574B3D; Tue, 2 Oct 2018 17:38:59 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 08F432FD2; Tue, 2 Oct 2018 17:38:59 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w92Hcxiw077468; Tue, 2 Oct 2018 17:38:59 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w92HcxLO077467; Tue, 2 Oct 2018 17:38:59 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201810021738.w92HcxLO077467@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Tue, 2 Oct 2018 17:38:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r339092 - stable/11/tests/sys/audit X-SVN-Group: stable-11 X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: stable/11/tests/sys/audit X-SVN-Commit-Revision: 339092 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 17:38:59 -0000 Author: asomers Date: Tue Oct 2 17:38:58 2018 New Revision: 339092 URL: https://svnweb.freebsd.org/changeset/base/339092 Log: MFC r335792, r336564, r336579 r335792: audit(4): add tests for several more administrative syscalls Includes ntp_adjtime, auditctl, acct, auditon, and clock_settime. Includes quotactl, mount, nmount, swapon, and swapoff in failure mode only. Success tests for those syscalls will follow. Also includes reboot(2) in failure mode only. That one can't be tested in success mode. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15898 r336564: Separate the audit(4) tests for auditon(2)'s individual commands auditon(2) is an ioctl-like syscall with several different variants, each of which has a distinct audit event. Write separate audit(4) tests for each variant. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D16255 r336579: audit(4): add more test cases for auditon(2) auditon(2) is an ioctl-like syscall with several different variants, each of which has a distinct audit event. This commit tests the remaining variants that weren't tested in r336564. Submitted by: aniketp X-MFC-With: 336564 Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D16381 Modified: stable/11/tests/sys/audit/administrative.c Directory Properties: stable/11/ (props changed) Modified: stable/11/tests/sys/audit/administrative.c ============================================================================== --- stable/11/tests/sys/audit/administrative.c Tue Oct 2 17:29:56 2018 (r339091) +++ stable/11/tests/sys/audit/administrative.c Tue Oct 2 17:38:58 2018 (r339092) @@ -27,21 +27,36 @@ #include #include +#include +#include +#include #include +#include +#include +#include +#include +#include + #include +#include #include +#include +#include #include #include "utils.h" static pid_t pid; static int filedesc; +/* Default argument for handling ENOSYS in auditon(2) functions */ +static int auditon_def = 0; static mode_t mode = 0777; static struct pollfd fds[1]; static char adregex[80]; static const char *auclass = "ad"; static const char *path = "fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; ATF_TC_WITH_CLEANUP(settimeofday_success); @@ -101,6 +116,60 @@ ATF_TC_CLEANUP(settimeofday_failure, tc) } +ATF_TC_WITH_CLEANUP(clock_settime_success); +ATF_TC_HEAD(clock_settime_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "clock_settime(2) call"); +} + +ATF_TC_BODY(clock_settime_success, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid); + + struct timespec tp; + ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp)); + + FILE *pipefd = setup(fds, auclass); + /* Setting the same time as obtained by clock_gettime(2) */ + ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(clock_settime_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(clock_settime_failure); +ATF_TC_HEAD(clock_settime_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "clock_settime(2) call"); +} + +ATF_TC_BODY(clock_settime_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid); + + struct timespec tp; + ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp)); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */ + ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(clock_settime_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(adjtime_success); ATF_TC_HEAD(adjtime_success, tc) { @@ -115,7 +184,7 @@ ATF_TC_BODY(adjtime_success, tc) FILE *pipefd = setup(fds, auclass); /* We don't want to change the system time, hence NULL */ - ATF_REQUIRE_EQ(0, adjtime(NULL,NULL)); + ATF_REQUIRE_EQ(0, adjtime(NULL, NULL)); check_audit(fds, adregex, pipefd); } @@ -148,7 +217,55 @@ ATF_TC_CLEANUP(adjtime_failure, tc) } +ATF_TC_WITH_CLEANUP(ntp_adjtime_success); +ATF_TC_HEAD(ntp_adjtime_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "ntp_adjtime(2) call"); +} +ATF_TC_BODY(ntp_adjtime_success, tc) +{ + struct timex timebuff; + bzero(&timebuff, sizeof(timebuff)); + + pid = getpid(); + snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE(ntp_adjtime(&timebuff) != -1); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(ntp_adjtime_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(ntp_adjtime_failure); +ATF_TC_HEAD(ntp_adjtime_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "ntp_adjtime(2) call"); +} + +ATF_TC_BODY(ntp_adjtime_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(ntp_adjtime_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(nfs_getfh_success); ATF_TC_HEAD(nfs_getfh_success, tc) { @@ -200,6 +317,137 @@ ATF_TC_CLEANUP(nfs_getfh_failure, tc) } +ATF_TC_WITH_CLEANUP(auditctl_success); +ATF_TC_HEAD(auditctl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditctl(2) call"); +} + +ATF_TC_BODY(auditctl_success, tc) +{ + /* File needs to exist in order to call auditctl(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditctl(path)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(auditctl_success, tc) +{ + /* + * auditctl(2) disables audit log at /var/audit and initiates auditing + * at the configured path. To reset this, we need to stop and start the + * auditd(8) again. Here, we check if auditd(8) was running already + * before the test started. If so, we stop and start it again. + */ + system("service auditd onestop > /dev/null 2>&1"); + if (!atf_utils_file_exists("started_auditd")) + system("service auditd onestart > /dev/null 2>&1"); +} + + +ATF_TC_WITH_CLEANUP(auditctl_failure); +ATF_TC_HEAD(auditctl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditctl(2) call"); +} + +ATF_TC_BODY(auditctl_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, auditctl(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditctl_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(acct_success); +ATF_TC_HEAD(acct_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "acct(2) call"); +} + +ATF_TC_BODY(acct_success, tc) +{ + int acctinfo, filedesc2; + size_t len = sizeof(acctinfo); + const char *acctname = "kern.acct_configured"; + ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0)); + + /* File needs to exist to start system accounting */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); + + /* + * acctinfo = 0: System accounting was disabled + * acctinfo = 1: System accounting was enabled + */ + if (acctinfo) { + ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1); + close(filedesc2); + } + + pid = getpid(); + snprintf(adregex, sizeof(adregex), + "acct.*%s.*%d.*return,success", path, pid); + + /* + * We temporarily switch the accounting record to a file at + * our own configured path in order to confirm acct(2)'s successful + * auditing. Then we set everything back to its original state. + */ + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, acct(path)); + check_audit(fds, adregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(acct_success, tc) +{ + /* Reset accounting configured path */ + ATF_REQUIRE_EQ(0, system("service accounting onestop")); + if (atf_utils_file_exists("acct_ok")) { + ATF_REQUIRE_EQ(0, system("service accounting onestart")); + } + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(acct_failure); +ATF_TC_HEAD(acct_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "acct(2) call"); +} + +ATF_TC_BODY(acct_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: File does not exist */ + ATF_REQUIRE_EQ(-1, acct(path)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(acct_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(getauid_success); ATF_TC_HEAD(getauid_success, tc) { @@ -494,16 +742,888 @@ ATF_TC_CLEANUP(setaudit_addr_failure, tc) cleanup(); } +/* + * Note: The test-case uses A_GETFSIZE as the command argument but since it is + * not an independent audit event, it will be used to check the default mode + * auditing of auditon(2) system call. + * + * Please See: sys/security/audit/audit_bsm_klib.c + * function(): au_event_t auditon_command_event() :: case A_GETFSIZE: + */ +ATF_TC_WITH_CLEANUP(auditon_default_success); +ATF_TC_HEAD(auditon_default_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call"); +} +ATF_TC_BODY(auditon_default_success, tc) +{ + au_fstat_t fsize_arg; + bzero(&fsize_arg, sizeof(au_fstat_t)); + + pid = getpid(); + snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_default_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_default_failure); +ATF_TC_HEAD(auditon_default_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call"); +} + +ATF_TC_BODY(auditon_default_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid argument */ + ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_default_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getpolicy_success); +ATF_TC_HEAD(auditon_getpolicy_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_GETPOLICY"); +} + +ATF_TC_BODY(auditon_getpolicy_success, tc) +{ + int aupolicy; + pid = getpid(); + snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getpolicy_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure); +ATF_TC_HEAD(auditon_getpolicy_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETPOLICY"); +} + +ATF_TC_BODY(auditon_getpolicy_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid argument */ + ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getpolicy_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setpolicy_success); +ATF_TC_HEAD(auditon_setpolicy_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_SETPOLICY"); +} + +ATF_TC_BODY(auditon_setpolicy_success, tc) +{ + int aupolicy; + pid = getpid(); + snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid); + + /* Retrieve the current auditing policy, to be used with A_SETPOLICY */ + ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setpolicy_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure); +ATF_TC_HEAD(auditon_setpolicy_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETPOLICY"); +} + +ATF_TC_BODY(auditon_setpolicy_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid argument */ + ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setpolicy_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getkmask_success); +ATF_TC_HEAD(auditon_getkmask_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_GETKMASK"); +} + +ATF_TC_BODY(auditon_getkmask_success, tc) +{ + pid = getpid(); + au_mask_t evmask; + snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid); + + bzero(&evmask, sizeof(evmask)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getkmask_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getkmask_failure); +ATF_TC_HEAD(auditon_getkmask_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETKMASK"); +} + +ATF_TC_BODY(auditon_getkmask_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid au_mask_t structure */ + ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getkmask_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setkmask_success); +ATF_TC_HEAD(auditon_setkmask_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_SETKMASK"); +} + +ATF_TC_BODY(auditon_setkmask_success, tc) +{ + pid = getpid(); + au_mask_t evmask; + snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid); + + /* Retrieve the current audit mask to be used with A_SETKMASK */ + bzero(&evmask, sizeof(evmask)); + ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setkmask_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setkmask_failure); +ATF_TC_HEAD(auditon_setkmask_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETKMASK"); +} + +ATF_TC_BODY(auditon_setkmask_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid au_mask_t structure */ + ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setkmask_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getqctrl_success); +ATF_TC_HEAD(auditon_getqctrl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_GETQCTRL"); +} + +ATF_TC_BODY(auditon_getqctrl_success, tc) +{ + pid = getpid(); + au_qctrl_t evqctrl; + snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid); + + bzero(&evqctrl, sizeof(evqctrl)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getqctrl_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure); +ATF_TC_HEAD(auditon_getqctrl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETQCTRL"); +} + +ATF_TC_BODY(auditon_getqctrl_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid au_qctrl_t structure */ + ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getqctrl_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setqctrl_success); +ATF_TC_HEAD(auditon_setqctrl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_SETKMASK"); +} + +ATF_TC_BODY(auditon_setqctrl_success, tc) +{ + pid = getpid(); + au_qctrl_t evqctrl; + snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid); + + /* Retrieve the current audit mask to be used with A_SETQCTRL */ + bzero(&evqctrl, sizeof(evqctrl)); + ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setqctrl_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure); +ATF_TC_HEAD(auditon_setqctrl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETKMASK"); +} + +ATF_TC_BODY(auditon_setqctrl_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid au_qctrl_t structure */ + ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setqctrl_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getclass_success); +ATF_TC_HEAD(auditon_getclass_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_GETCLASS"); +} + +ATF_TC_BODY(auditon_getclass_success, tc) +{ + pid = getpid(); + au_evclass_map_t evclass; + snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid); + + /* Initialize evclass to get the event-class mapping for auditon(2) */ + evclass.ec_number = AUE_AUDITON; + evclass.ec_class = 0; + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getclass_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getclass_failure); +ATF_TC_HEAD(auditon_getclass_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETCLASS"); +} + +ATF_TC_BODY(auditon_getclass_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid au_evclass_map_t structure */ + ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getclass_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setclass_success); +ATF_TC_HEAD(auditon_setclass_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_SETCLASS"); +} + +ATF_TC_BODY(auditon_setclass_success, tc) +{ + pid = getpid(); + au_evclass_map_t evclass; + snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid); + + /* Initialize evclass and get the event-class mapping for auditon(2) */ + evclass.ec_number = AUE_AUDITON; + evclass.ec_class = 0; + ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setclass_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setclass_failure); +ATF_TC_HEAD(auditon_setclass_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETCLASS"); +} + +ATF_TC_BODY(auditon_setclass_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid au_evclass_map_t structure */ + ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setclass_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getcond_success); +ATF_TC_HEAD(auditon_getcond_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_GETCOND"); +} + +ATF_TC_BODY(auditon_getcond_success, tc) +{ + int auditcond; + pid = getpid(); + snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getcond_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getcond_failure); +ATF_TC_HEAD(auditon_getcond_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETCOND"); +} + +ATF_TC_BODY(auditon_getcond_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid argument */ + ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getcond_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setcond_success); +ATF_TC_HEAD(auditon_setcond_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditon(2) call for cmd: A_SETCOND"); +} + +ATF_TC_BODY(auditon_setcond_success, tc) +{ + int auditcond = AUC_AUDITING; + pid = getpid(); + snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + /* At this point auditd is running, so the audit state is AUC_AUDITING */ + ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setcond_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setcond_failure); +ATF_TC_HEAD(auditon_setcond_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETCOND"); +} + +ATF_TC_BODY(auditon_setcond_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid argument */ + ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setcond_failure, tc) +{ + cleanup(); +} + +/* + * Following test-cases for auditon(2) are all in failure mode only as although + * auditable, they have not been implemented and return ENOSYS whenever called. + * + * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK + */ + +ATF_TC_WITH_CLEANUP(auditon_getcwd_failure); +ATF_TC_HEAD(auditon_getcwd_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETCWD"); +} + +ATF_TC_BODY(auditon_getcwd_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def, + sizeof(auditon_def)) == -1); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getcwd_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getcar_failure); +ATF_TC_HEAD(auditon_getcar_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETCAR"); +} + +ATF_TC_BODY(auditon_getcar_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def, + sizeof(auditon_def)) == -1); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getcar_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_getstat_failure); +ATF_TC_HEAD(auditon_getstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_GETSTAT"); +} + +ATF_TC_BODY(auditon_getstat_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), + "get audit statistics.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def, + sizeof(auditon_def)) == -1); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_getstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setstat_failure); +ATF_TC_HEAD(auditon_setstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETSTAT"); +} + +ATF_TC_BODY(auditon_setstat_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), + "set audit statistics.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def, + sizeof(auditon_def)) == -1); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setumask_failure); +ATF_TC_HEAD(auditon_setumask_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETUMASK"); +} + +ATF_TC_BODY(auditon_setumask_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), + "set mask per uid.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def, + sizeof(auditon_def)) == -1); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditon_setumask_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditon_setsmask_failure); +ATF_TC_HEAD(auditon_setsmask_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditon(2) call for cmd: A_SETSMASK"); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***