1172106Srwatson/*- 2172106Srwatson * Copyright (c) 2007 Robert M. M. Watson 3172106Srwatson * All rights reserved. 4172106Srwatson * 5172106Srwatson * This software was developed by Robert N. M. Watson for the TrustedBSD 6172106Srwatson * Project. 7172106Srwatson * 8172106Srwatson * Redistribution and use in source and binary forms, with or without 9172106Srwatson * modification, are permitted provided that the following conditions 10172106Srwatson * are met: 11172106Srwatson * 1. Redistributions of source code must retain the above copyright 12172106Srwatson * notice, this list of conditions and the following disclaimer. 13172106Srwatson * 2. Redistributions in binary form must reproduce the above copyright 14172106Srwatson * notice, this list of conditions and the following disclaimer in the 15172106Srwatson * documentation and/or other materials provided with the distribution. 16172106Srwatson * 17172106Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18172106Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19172106Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20172106Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 21172106Srwatson * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22172106Srwatson * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23172106Srwatson * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24172106Srwatson * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25172106Srwatson * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26172106Srwatson * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27172106Srwatson * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28172106Srwatson * 29172106Srwatson * $FreeBSD$ 30172106Srwatson */ 31172106Srwatson 32172106Srwatson/* 33172106Srwatson * Confirm that privilege is required to issue an audit control command via 34172106Srwatson * auditon(). We do a simple policy retrieve. 35172106Srwatson * 36172106Srwatson * XXXRW: It would be a good idea to also test auditctl(), which also tests 37172106Srwatson * PRIV_AUDIT_CONTROL. 38172106Srwatson */ 39172106Srwatson 40172106Srwatson#include <sys/types.h> 41172106Srwatson 42172106Srwatson#include <bsm/audit.h> 43172106Srwatson 44172106Srwatson#include <err.h> 45172106Srwatson#include <errno.h> 46172106Srwatson#include <stdio.h> 47172106Srwatson 48172106Srwatson#include "main.h" 49172106Srwatson 50172106Srwatsonint 51172106Srwatsonpriv_audit_control_setup(int asroot, int injail, struct test *test) 52172106Srwatson{ 53172106Srwatson 54172106Srwatson /* 55172106Srwatson * XXXRW: It would be nice if we checked for audit being configured 56172106Srwatson * here. 57172106Srwatson */ 58172106Srwatson return (0); 59172106Srwatson} 60172106Srwatson 61172106Srwatsonvoid 62172106Srwatsonpriv_audit_control(int asroot, int injail, struct test *test) 63172106Srwatson{ 64172106Srwatson long policy; 65172106Srwatson int error; 66172106Srwatson 67172106Srwatson error = auditon(A_GETPOLICY, &policy, sizeof(policy)); 68172106Srwatson if (asroot && injail) 69172106Srwatson expect("priv_audit_control(asroot, injail)", error, -1, 70172106Srwatson ENOSYS); 71172106Srwatson if (asroot && !injail) 72172106Srwatson expect("priv_audit_control(asroot, !injail)", error, 0, 0); 73172106Srwatson if (!asroot && injail) 74172106Srwatson expect("priv_audit_control(!asroot, injail)", error, -1, 75172106Srwatson ENOSYS); 76172106Srwatson if (!asroot && !injail) 77172106Srwatson expect("priv_audit_control(!asroot, !injail)", error, -1, 78172106Srwatson EPERM); 79172106Srwatson} 80172106Srwatson 81172106Srwatsonvoid 82172106Srwatsonpriv_audit_control_cleanup(int asroot, int injail, struct test *test) 83172106Srwatson{ 84172106Srwatson 85172106Srwatson} 86