1/*- 2 * Copyright (c) 2018 Aniket Pandey 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * SUCH DAMAGE. 24 */ 25 26#include <sys/param.h> 27#include <sys/mount.h> 28#include <sys/reboot.h> 29#include <sys/stat.h> 30#include <sys/sysctl.h> 31#include <sys/time.h> 32#include <sys/timespec.h> 33#include <sys/timex.h> 34 35#include <bsm/audit.h> 36#include <bsm/audit_kevents.h> 37#include <ufs/ufs/quota.h> 38 39#include <atf-c.h> 40#include <errno.h> 41#include <fcntl.h> 42#include <stdlib.h> 43#include <time.h> 44#include <unistd.h> 45 46#include "utils.h" 47 48static pid_t pid; 49static int filedesc; 50/* Default argument for handling ENOSYS in auditon(2) functions */ 51static int auditon_def = 0; 52static mode_t mode = 0777; 53static struct pollfd fds[1]; 54static char adregex[80]; 55static const char *auclass = "ad"; 56static const char *path = "fileforaudit"; 57static const char *successreg = "fileforaudit.*return,success"; 58 59 60ATF_TC_WITH_CLEANUP(settimeofday_success); 61ATF_TC_HEAD(settimeofday_success, tc) 62{ 63 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 64 "settimeofday(2) call"); 65} 66 67ATF_TC_BODY(settimeofday_success, tc) 68{ 69 pid = getpid(); 70 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid); 71 72 struct timeval tp; 73 struct timezone tzp; 74 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp)); 75 76 FILE *pipefd = setup(fds, auclass); 77 /* Setting the same time as obtained by gettimeofday(2) */ 78 ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp)); 79 check_audit(fds, adregex, pipefd); 80} 81 82ATF_TC_CLEANUP(settimeofday_success, tc) 83{ 84 cleanup(); 85} 86 87 88ATF_TC_WITH_CLEANUP(settimeofday_failure); 89ATF_TC_HEAD(settimeofday_failure, tc) 90{ 91 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 92 "settimeofday(2) call"); 93} 94 95ATF_TC_BODY(settimeofday_failure, tc) 96{ 97 pid = getpid(); 98 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid); 99 100 struct timeval tp; 101 struct timezone tzp; 102 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp)); 103 104 FILE *pipefd = setup(fds, auclass); 105 tp.tv_sec = -1; 106 /* Failure reason: Invalid value for tp.tv_sec; */ 107 ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp)); 108 check_audit(fds, adregex, pipefd); 109} 110 111ATF_TC_CLEANUP(settimeofday_failure, tc) 112{ 113 cleanup(); 114} 115 116 117ATF_TC_WITH_CLEANUP(clock_settime_success); 118ATF_TC_HEAD(clock_settime_success, tc) 119{ 120 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 121 "clock_settime(2) call"); 122} 123 124ATF_TC_BODY(clock_settime_success, tc) 125{ 126 pid = getpid(); 127 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid); 128 129 struct timespec tp; 130 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp)); 131 132 FILE *pipefd = setup(fds, auclass); 133 /* Setting the same time as obtained by clock_gettime(2) */ 134 ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp)); 135 check_audit(fds, adregex, pipefd); 136} 137 138ATF_TC_CLEANUP(clock_settime_success, tc) 139{ 140 cleanup(); 141} 142 143 144ATF_TC_WITH_CLEANUP(clock_settime_failure); 145ATF_TC_HEAD(clock_settime_failure, tc) 146{ 147 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 148 "clock_settime(2) call"); 149} 150 151ATF_TC_BODY(clock_settime_failure, tc) 152{ 153 pid = getpid(); 154 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid); 155 156 struct timespec tp; 157 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp)); 158 159 FILE *pipefd = setup(fds, auclass); 160 /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */ 161 ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp)); 162 check_audit(fds, adregex, pipefd); 163} 164 165ATF_TC_CLEANUP(clock_settime_failure, tc) 166{ 167 cleanup(); 168} 169 170 171ATF_TC_WITH_CLEANUP(adjtime_success); 172ATF_TC_HEAD(adjtime_success, tc) 173{ 174 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 175 "adjtime(2) call"); 176} 177 178ATF_TC_BODY(adjtime_success, tc) 179{ 180 pid = getpid(); 181 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid); 182 183 FILE *pipefd = setup(fds, auclass); 184 /* We don't want to change the system time, hence NULL */ 185 ATF_REQUIRE_EQ(0, adjtime(NULL, NULL)); 186 check_audit(fds, adregex, pipefd); 187} 188 189ATF_TC_CLEANUP(adjtime_success, tc) 190{ 191 cleanup(); 192} 193 194 195ATF_TC_WITH_CLEANUP(adjtime_failure); 196ATF_TC_HEAD(adjtime_failure, tc) 197{ 198 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 199 "adjtime(2) call"); 200} 201 202ATF_TC_BODY(adjtime_failure, tc) 203{ 204 pid = getpid(); 205 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid); 206 207 FILE *pipefd = setup(fds, auclass); 208 ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL)); 209 check_audit(fds, adregex, pipefd); 210} 211 212ATF_TC_CLEANUP(adjtime_failure, tc) 213{ 214 cleanup(); 215} 216 217 218ATF_TC_WITH_CLEANUP(ntp_adjtime_success); 219ATF_TC_HEAD(ntp_adjtime_success, tc) 220{ 221 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 222 "ntp_adjtime(2) call"); 223} 224 225ATF_TC_BODY(ntp_adjtime_success, tc) 226{ 227 struct timex timebuff; 228 bzero(&timebuff, sizeof(timebuff)); 229 230 pid = getpid(); 231 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid); 232 233 FILE *pipefd = setup(fds, auclass); 234 ATF_REQUIRE(ntp_adjtime(&timebuff) != -1); 235 check_audit(fds, adregex, pipefd); 236} 237 238ATF_TC_CLEANUP(ntp_adjtime_success, tc) 239{ 240 cleanup(); 241} 242 243 244ATF_TC_WITH_CLEANUP(ntp_adjtime_failure); 245ATF_TC_HEAD(ntp_adjtime_failure, tc) 246{ 247 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 248 "ntp_adjtime(2) call"); 249} 250 251ATF_TC_BODY(ntp_adjtime_failure, tc) 252{ 253 pid = getpid(); 254 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid); 255 256 FILE *pipefd = setup(fds, auclass); 257 ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL)); 258 check_audit(fds, adregex, pipefd); 259} 260 261ATF_TC_CLEANUP(ntp_adjtime_failure, tc) 262{ 263 cleanup(); 264} 265 266 267ATF_TC_WITH_CLEANUP(nfs_getfh_success); 268ATF_TC_HEAD(nfs_getfh_success, tc) 269{ 270 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 271 "getfh(2) call"); 272} 273 274ATF_TC_BODY(nfs_getfh_success, tc) 275{ 276 fhandle_t fhp; 277 pid = getpid(); 278 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid); 279 280 /* File needs to exist to call getfh(2) */ 281 ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); 282 FILE *pipefd = setup(fds, auclass); 283 ATF_REQUIRE_EQ(0, getfh(path, &fhp)); 284 check_audit(fds, adregex, pipefd); 285 close(filedesc); 286} 287 288ATF_TC_CLEANUP(nfs_getfh_success, tc) 289{ 290 cleanup(); 291} 292 293 294ATF_TC_WITH_CLEANUP(nfs_getfh_failure); 295ATF_TC_HEAD(nfs_getfh_failure, tc) 296{ 297 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 298 "getfh(2) call"); 299} 300 301ATF_TC_BODY(nfs_getfh_failure, tc) 302{ 303 pid = getpid(); 304 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid); 305 306 FILE *pipefd = setup(fds, auclass); 307 /* Failure reason: file does not exist */ 308 ATF_REQUIRE_EQ(-1, getfh(path, NULL)); 309 check_audit(fds, adregex, pipefd); 310} 311 312ATF_TC_CLEANUP(nfs_getfh_failure, tc) 313{ 314 cleanup(); 315} 316 317 318ATF_TC_WITH_CLEANUP(auditctl_success); 319ATF_TC_HEAD(auditctl_success, tc) 320{ 321 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 322 "auditctl(2) call"); 323} 324 325ATF_TC_BODY(auditctl_success, tc) 326{ 327 /* File needs to exist in order to call auditctl(2) */ 328 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1); 329 FILE *pipefd = setup(fds, auclass); 330 ATF_REQUIRE_EQ(0, auditctl(path)); 331 check_audit(fds, successreg, pipefd); 332 close(filedesc); 333} 334 335ATF_TC_CLEANUP(auditctl_success, tc) 336{ 337 /* 338 * auditctl(2) disables audit log at /var/audit and initiates auditing 339 * at the configured path. To reset this, we need to stop and start the 340 * auditd(8) again. Here, we check if auditd(8) was running already 341 * before the test started. If so, we stop and start it again. 342 * 343 * TODO: should we skip this test if auditd(8) is already running to 344 * avoid restarting it? 345 */ 346 if (!atf_utils_file_exists("started_fake_auditd")) { 347 system("service auditd onestop > /dev/null 2>&1"); 348 system("service auditd onestart > /dev/null 2>&1"); 349 } else { 350 cleanup(); 351 } 352} 353 354 355ATF_TC_WITH_CLEANUP(auditctl_failure); 356ATF_TC_HEAD(auditctl_failure, tc) 357{ 358 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 359 "auditctl(2) call"); 360} 361 362ATF_TC_BODY(auditctl_failure, tc) 363{ 364 pid = getpid(); 365 snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid); 366 367 FILE *pipefd = setup(fds, auclass); 368 /* Failure reason: file does not exist */ 369 ATF_REQUIRE_EQ(-1, auditctl(NULL)); 370 check_audit(fds, adregex, pipefd); 371} 372 373ATF_TC_CLEANUP(auditctl_failure, tc) 374{ 375 cleanup(); 376} 377 378 379ATF_TC_WITH_CLEANUP(acct_success); 380ATF_TC_HEAD(acct_success, tc) 381{ 382 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 383 "acct(2) call"); 384 atf_tc_set_md_var(tc, "require.files", 385 "/etc/rc.d/accounting /etc/rc.d/auditd"); 386} 387 388ATF_TC_BODY(acct_success, tc) 389{ 390 int acctinfo, filedesc2; 391 size_t len = sizeof(acctinfo); 392 const char *acctname = "kern.acct_configured"; 393 ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0)); 394 395 /* File needs to exist to start system accounting */ 396 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); 397 398 /* 399 * acctinfo = 0: System accounting was disabled 400 * acctinfo = 1: System accounting was enabled 401 */ 402 if (acctinfo) { 403 ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1); 404 close(filedesc2); 405 } 406 407 pid = getpid(); 408 snprintf(adregex, sizeof(adregex), 409 "acct.*%s.*%d.*return,success", path, pid); 410 411 /* 412 * We temporarily switch the accounting record to a file at 413 * our own configured path in order to confirm acct(2)'s successful 414 * auditing. Then we set everything back to its original state. 415 */ 416 FILE *pipefd = setup(fds, auclass); 417 ATF_REQUIRE_EQ(0, acct(path)); 418 check_audit(fds, adregex, pipefd); 419 close(filedesc); 420} 421 422ATF_TC_CLEANUP(acct_success, tc) 423{ 424 /* Reset accounting configured path */ 425 ATF_REQUIRE_EQ(0, system("service accounting onestop")); 426 if (atf_utils_file_exists("acct_ok")) { 427 ATF_REQUIRE_EQ(0, system("service accounting onestart")); 428 } 429 cleanup(); 430} 431 432 433ATF_TC_WITH_CLEANUP(acct_failure); 434ATF_TC_HEAD(acct_failure, tc) 435{ 436 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 437 "acct(2) call"); 438} 439 440ATF_TC_BODY(acct_failure, tc) 441{ 442 pid = getpid(); 443 snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid); 444 445 FILE *pipefd = setup(fds, auclass); 446 /* Failure reason: File does not exist */ 447 ATF_REQUIRE_EQ(-1, acct(path)); 448 check_audit(fds, adregex, pipefd); 449} 450 451ATF_TC_CLEANUP(acct_failure, tc) 452{ 453 cleanup(); 454} 455 456 457ATF_TC_WITH_CLEANUP(getauid_success); 458ATF_TC_HEAD(getauid_success, tc) 459{ 460 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 461 "getauid(2) call"); 462} 463 464ATF_TC_BODY(getauid_success, tc) 465{ 466 au_id_t auid; 467 pid = getpid(); 468 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid); 469 470 FILE *pipefd = setup(fds, auclass); 471 ATF_REQUIRE_EQ(0, getauid(&auid)); 472 check_audit(fds, adregex, pipefd); 473} 474 475ATF_TC_CLEANUP(getauid_success, tc) 476{ 477 cleanup(); 478} 479 480 481ATF_TC_WITH_CLEANUP(getauid_failure); 482ATF_TC_HEAD(getauid_failure, tc) 483{ 484 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 485 "getauid(2) call"); 486} 487 488ATF_TC_BODY(getauid_failure, tc) 489{ 490 pid = getpid(); 491 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid); 492 493 FILE *pipefd = setup(fds, auclass); 494 /* Failure reason: Bad address */ 495 ATF_REQUIRE_EQ(-1, getauid(NULL)); 496 check_audit(fds, adregex, pipefd); 497} 498 499ATF_TC_CLEANUP(getauid_failure, tc) 500{ 501 cleanup(); 502} 503 504 505ATF_TC_WITH_CLEANUP(setauid_success); 506ATF_TC_HEAD(setauid_success, tc) 507{ 508 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 509 "setauid(2) call"); 510} 511 512ATF_TC_BODY(setauid_success, tc) 513{ 514 au_id_t auid; 515 pid = getpid(); 516 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid); 517 ATF_REQUIRE_EQ(0, getauid(&auid)); 518 519 FILE *pipefd = setup(fds, auclass); 520 ATF_REQUIRE_EQ(0, setauid(&auid)); 521 check_audit(fds, adregex, pipefd); 522} 523 524ATF_TC_CLEANUP(setauid_success, tc) 525{ 526 cleanup(); 527} 528 529 530ATF_TC_WITH_CLEANUP(setauid_failure); 531ATF_TC_HEAD(setauid_failure, tc) 532{ 533 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 534 "setauid(2) call"); 535} 536 537ATF_TC_BODY(setauid_failure, tc) 538{ 539 pid = getpid(); 540 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid); 541 542 FILE *pipefd = setup(fds, auclass); 543 /* Failure reason: Bad address */ 544 ATF_REQUIRE_EQ(-1, setauid(NULL)); 545 check_audit(fds, adregex, pipefd); 546} 547 548ATF_TC_CLEANUP(setauid_failure, tc) 549{ 550 cleanup(); 551} 552 553 554ATF_TC_WITH_CLEANUP(getaudit_success); 555ATF_TC_HEAD(getaudit_success, tc) 556{ 557 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 558 "getaudit(2) call"); 559} 560 561ATF_TC_BODY(getaudit_success, tc) 562{ 563 pid = getpid(); 564 auditinfo_t auditinfo; 565 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid); 566 567 FILE *pipefd = setup(fds, auclass); 568 ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); 569 check_audit(fds, adregex, pipefd); 570} 571 572ATF_TC_CLEANUP(getaudit_success, tc) 573{ 574 cleanup(); 575} 576 577 578ATF_TC_WITH_CLEANUP(getaudit_failure); 579ATF_TC_HEAD(getaudit_failure, tc) 580{ 581 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 582 "getaudit(2) call"); 583} 584 585ATF_TC_BODY(getaudit_failure, tc) 586{ 587 pid = getpid(); 588 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid); 589 590 FILE *pipefd = setup(fds, auclass); 591 /* Failure reason: Bad address */ 592 ATF_REQUIRE_EQ(-1, getaudit(NULL)); 593 check_audit(fds, adregex, pipefd); 594} 595 596ATF_TC_CLEANUP(getaudit_failure, tc) 597{ 598 cleanup(); 599} 600 601 602ATF_TC_WITH_CLEANUP(setaudit_success); 603ATF_TC_HEAD(setaudit_success, tc) 604{ 605 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 606 "setaudit(2) call"); 607} 608 609ATF_TC_BODY(setaudit_success, tc) 610{ 611 pid = getpid(); 612 auditinfo_t auditinfo; 613 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid); 614 ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); 615 616 FILE *pipefd = setup(fds, auclass); 617 ATF_REQUIRE_EQ(0, setaudit(&auditinfo)); 618 check_audit(fds, adregex, pipefd); 619} 620 621ATF_TC_CLEANUP(setaudit_success, tc) 622{ 623 cleanup(); 624} 625 626 627ATF_TC_WITH_CLEANUP(setaudit_failure); 628ATF_TC_HEAD(setaudit_failure, tc) 629{ 630 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 631 "setaudit(2) call"); 632} 633 634ATF_TC_BODY(setaudit_failure, tc) 635{ 636 pid = getpid(); 637 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid); 638 639 FILE *pipefd = setup(fds, auclass); 640 /* Failure reason: Bad address */ 641 ATF_REQUIRE_EQ(-1, setaudit(NULL)); 642 check_audit(fds, adregex, pipefd); 643} 644 645ATF_TC_CLEANUP(setaudit_failure, tc) 646{ 647 cleanup(); 648} 649 650 651ATF_TC_WITH_CLEANUP(getaudit_addr_success); 652ATF_TC_HEAD(getaudit_addr_success, tc) 653{ 654 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 655 "getaudit_addr(2) call"); 656} 657 658ATF_TC_BODY(getaudit_addr_success, tc) 659{ 660 pid = getpid(); 661 auditinfo_addr_t auditinfo; 662 snprintf(adregex, sizeof(adregex), 663 "getaudit_addr.*%d.*return,success", pid); 664 665 FILE *pipefd = setup(fds, auclass); 666 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); 667 check_audit(fds, adregex, pipefd); 668} 669 670ATF_TC_CLEANUP(getaudit_addr_success, tc) 671{ 672 cleanup(); 673} 674 675 676ATF_TC_WITH_CLEANUP(getaudit_addr_failure); 677ATF_TC_HEAD(getaudit_addr_failure, tc) 678{ 679 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 680 "getaudit_addr(2) call"); 681} 682 683ATF_TC_BODY(getaudit_addr_failure, tc) 684{ 685 pid = getpid(); 686 snprintf(adregex, sizeof(adregex), 687 "getaudit_addr.*%d.*return,failure", pid); 688 689 FILE *pipefd = setup(fds, auclass); 690 /* Failure reason: Bad address */ 691 ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0)); 692 check_audit(fds, adregex, pipefd); 693} 694 695ATF_TC_CLEANUP(getaudit_addr_failure, tc) 696{ 697 cleanup(); 698} 699 700 701ATF_TC_WITH_CLEANUP(setaudit_addr_success); 702ATF_TC_HEAD(setaudit_addr_success, tc) 703{ 704 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 705 "setaudit_addr(2) call"); 706} 707 708ATF_TC_BODY(setaudit_addr_success, tc) 709{ 710 pid = getpid(); 711 auditinfo_addr_t auditinfo; 712 snprintf(adregex, sizeof(adregex), 713 "setaudit_addr.*%d.*return,success", pid); 714 715 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); 716 FILE *pipefd = setup(fds, auclass); 717 ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo))); 718 check_audit(fds, adregex, pipefd); 719} 720 721ATF_TC_CLEANUP(setaudit_addr_success, tc) 722{ 723 cleanup(); 724} 725 726 727ATF_TC_WITH_CLEANUP(setaudit_addr_failure); 728ATF_TC_HEAD(setaudit_addr_failure, tc) 729{ 730 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 731 "setaudit_addr(2) call"); 732} 733 734ATF_TC_BODY(setaudit_addr_failure, tc) 735{ 736 pid = getpid(); 737 snprintf(adregex, sizeof(adregex), 738 "setaudit_addr.*%d.*return,failure", pid); 739 740 FILE *pipefd = setup(fds, auclass); 741 /* Failure reason: Bad address */ 742 ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0)); 743 check_audit(fds, adregex, pipefd); 744} 745 746ATF_TC_CLEANUP(setaudit_addr_failure, tc) 747{ 748 cleanup(); 749} 750 751/* 752 * Note: The test-case uses A_GETFSIZE as the command argument but since it is 753 * not an independent audit event, it will be used to check the default mode 754 * auditing of auditon(2) system call. 755 * 756 * Please See: sys/security/audit/audit_bsm_klib.c 757 * function(): au_event_t auditon_command_event() :: case A_GETFSIZE: 758 */ 759ATF_TC_WITH_CLEANUP(auditon_default_success); 760ATF_TC_HEAD(auditon_default_success, tc) 761{ 762 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 763 "auditon(2) call"); 764} 765 766ATF_TC_BODY(auditon_default_success, tc) 767{ 768 au_fstat_t fsize_arg; 769 bzero(&fsize_arg, sizeof(au_fstat_t)); 770 771 pid = getpid(); 772 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid); 773 774 FILE *pipefd = setup(fds, auclass); 775 ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg))); 776 check_audit(fds, adregex, pipefd); 777} 778 779ATF_TC_CLEANUP(auditon_default_success, tc) 780{ 781 cleanup(); 782} 783 784 785ATF_TC_WITH_CLEANUP(auditon_default_failure); 786ATF_TC_HEAD(auditon_default_failure, tc) 787{ 788 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 789 "auditon(2) call"); 790} 791 792ATF_TC_BODY(auditon_default_failure, tc) 793{ 794 pid = getpid(); 795 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid); 796 797 FILE *pipefd = setup(fds, auclass); 798 /* Failure reason: Invalid argument */ 799 ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0)); 800 check_audit(fds, adregex, pipefd); 801} 802 803ATF_TC_CLEANUP(auditon_default_failure, tc) 804{ 805 cleanup(); 806} 807 808 809ATF_TC_WITH_CLEANUP(auditon_getpolicy_success); 810ATF_TC_HEAD(auditon_getpolicy_success, tc) 811{ 812 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 813 "auditon(2) call for cmd: A_GETPOLICY"); 814} 815 816ATF_TC_BODY(auditon_getpolicy_success, tc) 817{ 818 int aupolicy; 819 pid = getpid(); 820 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid); 821 822 FILE *pipefd = setup(fds, auclass); 823 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); 824 check_audit(fds, adregex, pipefd); 825} 826 827ATF_TC_CLEANUP(auditon_getpolicy_success, tc) 828{ 829 cleanup(); 830} 831 832 833ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure); 834ATF_TC_HEAD(auditon_getpolicy_failure, tc) 835{ 836 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 837 "auditon(2) call for cmd: A_GETPOLICY"); 838} 839 840ATF_TC_BODY(auditon_getpolicy_failure, tc) 841{ 842 pid = getpid(); 843 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid); 844 845 FILE *pipefd = setup(fds, auclass); 846 /* Failure reason: Invalid argument */ 847 ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0)); 848 check_audit(fds, adregex, pipefd); 849} 850 851ATF_TC_CLEANUP(auditon_getpolicy_failure, tc) 852{ 853 cleanup(); 854} 855 856 857ATF_TC_WITH_CLEANUP(auditon_setpolicy_success); 858ATF_TC_HEAD(auditon_setpolicy_success, tc) 859{ 860 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 861 "auditon(2) call for cmd: A_SETPOLICY"); 862} 863 864ATF_TC_BODY(auditon_setpolicy_success, tc) 865{ 866 int aupolicy; 867 pid = getpid(); 868 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid); 869 870 /* Retrieve the current auditing policy, to be used with A_SETPOLICY */ 871 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); 872 FILE *pipefd = setup(fds, auclass); 873 ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy))); 874 check_audit(fds, adregex, pipefd); 875} 876 877ATF_TC_CLEANUP(auditon_setpolicy_success, tc) 878{ 879 cleanup(); 880} 881 882 883ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure); 884ATF_TC_HEAD(auditon_setpolicy_failure, tc) 885{ 886 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 887 "auditon(2) call for cmd: A_SETPOLICY"); 888} 889 890ATF_TC_BODY(auditon_setpolicy_failure, tc) 891{ 892 pid = getpid(); 893 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid); 894 895 FILE *pipefd = setup(fds, auclass); 896 /* Failure reason: Invalid argument */ 897 ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0)); 898 check_audit(fds, adregex, pipefd); 899} 900 901ATF_TC_CLEANUP(auditon_setpolicy_failure, tc) 902{ 903 cleanup(); 904} 905 906 907ATF_TC_WITH_CLEANUP(auditon_getkmask_success); 908ATF_TC_HEAD(auditon_getkmask_success, tc) 909{ 910 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 911 "auditon(2) call for cmd: A_GETKMASK"); 912} 913 914ATF_TC_BODY(auditon_getkmask_success, tc) 915{ 916 pid = getpid(); 917 au_mask_t evmask; 918 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid); 919 920 bzero(&evmask, sizeof(evmask)); 921 FILE *pipefd = setup(fds, auclass); 922 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); 923 check_audit(fds, adregex, pipefd); 924} 925 926ATF_TC_CLEANUP(auditon_getkmask_success, tc) 927{ 928 cleanup(); 929} 930 931 932ATF_TC_WITH_CLEANUP(auditon_getkmask_failure); 933ATF_TC_HEAD(auditon_getkmask_failure, tc) 934{ 935 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 936 "auditon(2) call for cmd: A_GETKMASK"); 937} 938 939ATF_TC_BODY(auditon_getkmask_failure, tc) 940{ 941 pid = getpid(); 942 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid); 943 944 FILE *pipefd = setup(fds, auclass); 945 /* Failure reason: Invalid au_mask_t structure */ 946 ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0)); 947 check_audit(fds, adregex, pipefd); 948} 949 950ATF_TC_CLEANUP(auditon_getkmask_failure, tc) 951{ 952 cleanup(); 953} 954 955 956ATF_TC_WITH_CLEANUP(auditon_setkmask_success); 957ATF_TC_HEAD(auditon_setkmask_success, tc) 958{ 959 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 960 "auditon(2) call for cmd: A_SETKMASK"); 961} 962 963ATF_TC_BODY(auditon_setkmask_success, tc) 964{ 965 pid = getpid(); 966 au_mask_t evmask; 967 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid); 968 969 /* Retrieve the current audit mask to be used with A_SETKMASK */ 970 bzero(&evmask, sizeof(evmask)); 971 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); 972 973 FILE *pipefd = setup(fds, auclass); 974 ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask))); 975 check_audit(fds, adregex, pipefd); 976} 977 978ATF_TC_CLEANUP(auditon_setkmask_success, tc) 979{ 980 cleanup(); 981} 982 983 984ATF_TC_WITH_CLEANUP(auditon_setkmask_failure); 985ATF_TC_HEAD(auditon_setkmask_failure, tc) 986{ 987 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 988 "auditon(2) call for cmd: A_SETKMASK"); 989} 990 991ATF_TC_BODY(auditon_setkmask_failure, tc) 992{ 993 pid = getpid(); 994 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid); 995 996 FILE *pipefd = setup(fds, auclass); 997 /* Failure reason: Invalid au_mask_t structure */ 998 ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0)); 999 check_audit(fds, adregex, pipefd); 1000} 1001 1002ATF_TC_CLEANUP(auditon_setkmask_failure, tc) 1003{ 1004 cleanup(); 1005} 1006 1007 1008ATF_TC_WITH_CLEANUP(auditon_getqctrl_success); 1009ATF_TC_HEAD(auditon_getqctrl_success, tc) 1010{ 1011 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1012 "auditon(2) call for cmd: A_GETQCTRL"); 1013} 1014 1015ATF_TC_BODY(auditon_getqctrl_success, tc) 1016{ 1017 pid = getpid(); 1018 au_qctrl_t evqctrl; 1019 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid); 1020 1021 bzero(&evqctrl, sizeof(evqctrl)); 1022 FILE *pipefd = setup(fds, auclass); 1023 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); 1024 check_audit(fds, adregex, pipefd); 1025} 1026 1027ATF_TC_CLEANUP(auditon_getqctrl_success, tc) 1028{ 1029 cleanup(); 1030} 1031 1032 1033ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure); 1034ATF_TC_HEAD(auditon_getqctrl_failure, tc) 1035{ 1036 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1037 "auditon(2) call for cmd: A_GETQCTRL"); 1038} 1039 1040ATF_TC_BODY(auditon_getqctrl_failure, tc) 1041{ 1042 pid = getpid(); 1043 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid); 1044 1045 FILE *pipefd = setup(fds, auclass); 1046 /* Failure reason: Invalid au_qctrl_t structure */ 1047 ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0)); 1048 check_audit(fds, adregex, pipefd); 1049} 1050 1051ATF_TC_CLEANUP(auditon_getqctrl_failure, tc) 1052{ 1053 cleanup(); 1054} 1055 1056 1057ATF_TC_WITH_CLEANUP(auditon_setqctrl_success); 1058ATF_TC_HEAD(auditon_setqctrl_success, tc) 1059{ 1060 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1061 "auditon(2) call for cmd: A_SETKMASK"); 1062} 1063 1064ATF_TC_BODY(auditon_setqctrl_success, tc) 1065{ 1066 pid = getpid(); 1067 au_qctrl_t evqctrl; 1068 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid); 1069 1070 /* Retrieve the current audit mask to be used with A_SETQCTRL */ 1071 bzero(&evqctrl, sizeof(evqctrl)); 1072 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); 1073 1074 FILE *pipefd = setup(fds, auclass); 1075 ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl))); 1076 check_audit(fds, adregex, pipefd); 1077} 1078 1079ATF_TC_CLEANUP(auditon_setqctrl_success, tc) 1080{ 1081 cleanup(); 1082} 1083 1084 1085ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure); 1086ATF_TC_HEAD(auditon_setqctrl_failure, tc) 1087{ 1088 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1089 "auditon(2) call for cmd: A_SETKMASK"); 1090} 1091 1092ATF_TC_BODY(auditon_setqctrl_failure, tc) 1093{ 1094 pid = getpid(); 1095 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid); 1096 1097 FILE *pipefd = setup(fds, auclass); 1098 /* Failure reason: Invalid au_qctrl_t structure */ 1099 ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0)); 1100 check_audit(fds, adregex, pipefd); 1101} 1102 1103ATF_TC_CLEANUP(auditon_setqctrl_failure, tc) 1104{ 1105 cleanup(); 1106} 1107 1108 1109ATF_TC_WITH_CLEANUP(auditon_getclass_success); 1110ATF_TC_HEAD(auditon_getclass_success, tc) 1111{ 1112 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1113 "auditon(2) call for cmd: A_GETCLASS"); 1114} 1115 1116ATF_TC_BODY(auditon_getclass_success, tc) 1117{ 1118 pid = getpid(); 1119 au_evclass_map_t evclass; 1120 snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid); 1121 1122 /* Initialize evclass to get the event-class mapping for auditon(2) */ 1123 evclass.ec_number = AUE_AUDITON; 1124 evclass.ec_class = 0; 1125 FILE *pipefd = setup(fds, auclass); 1126 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); 1127 check_audit(fds, adregex, pipefd); 1128} 1129 1130ATF_TC_CLEANUP(auditon_getclass_success, tc) 1131{ 1132 cleanup(); 1133} 1134 1135 1136ATF_TC_WITH_CLEANUP(auditon_getclass_failure); 1137ATF_TC_HEAD(auditon_getclass_failure, tc) 1138{ 1139 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1140 "auditon(2) call for cmd: A_GETCLASS"); 1141} 1142 1143ATF_TC_BODY(auditon_getclass_failure, tc) 1144{ 1145 pid = getpid(); 1146 snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid); 1147 1148 FILE *pipefd = setup(fds, auclass); 1149 /* Failure reason: Invalid au_evclass_map_t structure */ 1150 ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0)); 1151 check_audit(fds, adregex, pipefd); 1152} 1153 1154ATF_TC_CLEANUP(auditon_getclass_failure, tc) 1155{ 1156 cleanup(); 1157} 1158 1159 1160ATF_TC_WITH_CLEANUP(auditon_setclass_success); 1161ATF_TC_HEAD(auditon_setclass_success, tc) 1162{ 1163 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1164 "auditon(2) call for cmd: A_SETCLASS"); 1165} 1166 1167ATF_TC_BODY(auditon_setclass_success, tc) 1168{ 1169 pid = getpid(); 1170 au_evclass_map_t evclass; 1171 snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid); 1172 1173 /* Initialize evclass and get the event-class mapping for auditon(2) */ 1174 evclass.ec_number = AUE_AUDITON; 1175 evclass.ec_class = 0; 1176 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); 1177 1178 FILE *pipefd = setup(fds, auclass); 1179 ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass))); 1180 check_audit(fds, adregex, pipefd); 1181} 1182 1183ATF_TC_CLEANUP(auditon_setclass_success, tc) 1184{ 1185 cleanup(); 1186} 1187 1188 1189ATF_TC_WITH_CLEANUP(auditon_setclass_failure); 1190ATF_TC_HEAD(auditon_setclass_failure, tc) 1191{ 1192 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1193 "auditon(2) call for cmd: A_SETCLASS"); 1194} 1195 1196ATF_TC_BODY(auditon_setclass_failure, tc) 1197{ 1198 pid = getpid(); 1199 snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid); 1200 1201 FILE *pipefd = setup(fds, auclass); 1202 /* Failure reason: Invalid au_evclass_map_t structure */ 1203 ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0)); 1204 check_audit(fds, adregex, pipefd); 1205} 1206 1207ATF_TC_CLEANUP(auditon_setclass_failure, tc) 1208{ 1209 cleanup(); 1210} 1211 1212 1213ATF_TC_WITH_CLEANUP(auditon_getcond_success); 1214ATF_TC_HEAD(auditon_getcond_success, tc) 1215{ 1216 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1217 "auditon(2) call for cmd: A_GETCOND"); 1218} 1219 1220ATF_TC_BODY(auditon_getcond_success, tc) 1221{ 1222 int auditcond; 1223 pid = getpid(); 1224 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid); 1225 1226 FILE *pipefd = setup(fds, auclass); 1227 ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond))); 1228 check_audit(fds, adregex, pipefd); 1229} 1230 1231ATF_TC_CLEANUP(auditon_getcond_success, tc) 1232{ 1233 cleanup(); 1234} 1235 1236 1237ATF_TC_WITH_CLEANUP(auditon_getcond_failure); 1238ATF_TC_HEAD(auditon_getcond_failure, tc) 1239{ 1240 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1241 "auditon(2) call for cmd: A_GETCOND"); 1242} 1243 1244ATF_TC_BODY(auditon_getcond_failure, tc) 1245{ 1246 pid = getpid(); 1247 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid); 1248 1249 FILE *pipefd = setup(fds, auclass); 1250 /* Failure reason: Invalid argument */ 1251 ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0)); 1252 check_audit(fds, adregex, pipefd); 1253} 1254 1255ATF_TC_CLEANUP(auditon_getcond_failure, tc) 1256{ 1257 cleanup(); 1258} 1259 1260 1261ATF_TC_WITH_CLEANUP(auditon_setcond_success); 1262ATF_TC_HEAD(auditon_setcond_success, tc) 1263{ 1264 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1265 "auditon(2) call for cmd: A_SETCOND"); 1266} 1267 1268ATF_TC_BODY(auditon_setcond_success, tc) 1269{ 1270 int auditcond = AUC_AUDITING; 1271 pid = getpid(); 1272 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid); 1273 1274 FILE *pipefd = setup(fds, auclass); 1275 /* At this point auditd is running, so the audit state is AUC_AUDITING */ 1276 ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond))); 1277 check_audit(fds, adregex, pipefd); 1278} 1279 1280ATF_TC_CLEANUP(auditon_setcond_success, tc) 1281{ 1282 cleanup(); 1283} 1284 1285 1286ATF_TC_WITH_CLEANUP(auditon_setcond_failure); 1287ATF_TC_HEAD(auditon_setcond_failure, tc) 1288{ 1289 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1290 "auditon(2) call for cmd: A_SETCOND"); 1291} 1292 1293ATF_TC_BODY(auditon_setcond_failure, tc) 1294{ 1295 pid = getpid(); 1296 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid); 1297 1298 FILE *pipefd = setup(fds, auclass); 1299 /* Failure reason: Invalid argument */ 1300 ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0)); 1301 check_audit(fds, adregex, pipefd); 1302} 1303 1304ATF_TC_CLEANUP(auditon_setcond_failure, tc) 1305{ 1306 cleanup(); 1307} 1308 1309/* 1310 * Following test-cases for auditon(2) are all in failure mode only as although 1311 * auditable, they have not been implemented and return ENOSYS whenever called. 1312 * 1313 * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK 1314 */ 1315 1316ATF_TC_WITH_CLEANUP(auditon_getcwd_failure); 1317ATF_TC_HEAD(auditon_getcwd_failure, tc) 1318{ 1319 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1320 "auditon(2) call for cmd: A_GETCWD"); 1321} 1322 1323ATF_TC_BODY(auditon_getcwd_failure, tc) 1324{ 1325 pid = getpid(); 1326 snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid); 1327 1328 FILE *pipefd = setup(fds, auclass); 1329 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def, 1330 sizeof(auditon_def)) == -1); 1331 check_audit(fds, adregex, pipefd); 1332} 1333 1334ATF_TC_CLEANUP(auditon_getcwd_failure, tc) 1335{ 1336 cleanup(); 1337} 1338 1339 1340ATF_TC_WITH_CLEANUP(auditon_getcar_failure); 1341ATF_TC_HEAD(auditon_getcar_failure, tc) 1342{ 1343 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1344 "auditon(2) call for cmd: A_GETCAR"); 1345} 1346 1347ATF_TC_BODY(auditon_getcar_failure, tc) 1348{ 1349 pid = getpid(); 1350 snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid); 1351 1352 FILE *pipefd = setup(fds, auclass); 1353 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def, 1354 sizeof(auditon_def)) == -1); 1355 check_audit(fds, adregex, pipefd); 1356} 1357 1358ATF_TC_CLEANUP(auditon_getcar_failure, tc) 1359{ 1360 cleanup(); 1361} 1362 1363 1364ATF_TC_WITH_CLEANUP(auditon_getstat_failure); 1365ATF_TC_HEAD(auditon_getstat_failure, tc) 1366{ 1367 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1368 "auditon(2) call for cmd: A_GETSTAT"); 1369} 1370 1371ATF_TC_BODY(auditon_getstat_failure, tc) 1372{ 1373 pid = getpid(); 1374 snprintf(adregex, sizeof(adregex), 1375 "get audit statistics.*%d.*return,failure", pid); 1376 1377 FILE *pipefd = setup(fds, auclass); 1378 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def, 1379 sizeof(auditon_def)) == -1); 1380 check_audit(fds, adregex, pipefd); 1381} 1382 1383ATF_TC_CLEANUP(auditon_getstat_failure, tc) 1384{ 1385 cleanup(); 1386} 1387 1388 1389ATF_TC_WITH_CLEANUP(auditon_setstat_failure); 1390ATF_TC_HEAD(auditon_setstat_failure, tc) 1391{ 1392 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1393 "auditon(2) call for cmd: A_SETSTAT"); 1394} 1395 1396ATF_TC_BODY(auditon_setstat_failure, tc) 1397{ 1398 pid = getpid(); 1399 snprintf(adregex, sizeof(adregex), 1400 "set audit statistics.*%d.*return,failure", pid); 1401 1402 FILE *pipefd = setup(fds, auclass); 1403 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def, 1404 sizeof(auditon_def)) == -1); 1405 check_audit(fds, adregex, pipefd); 1406} 1407 1408ATF_TC_CLEANUP(auditon_setstat_failure, tc) 1409{ 1410 cleanup(); 1411} 1412 1413 1414ATF_TC_WITH_CLEANUP(auditon_setumask_failure); 1415ATF_TC_HEAD(auditon_setumask_failure, tc) 1416{ 1417 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1418 "auditon(2) call for cmd: A_SETUMASK"); 1419} 1420 1421ATF_TC_BODY(auditon_setumask_failure, tc) 1422{ 1423 pid = getpid(); 1424 snprintf(adregex, sizeof(adregex), 1425 "set mask per uid.*%d.*return,failure", pid); 1426 1427 FILE *pipefd = setup(fds, auclass); 1428 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def, 1429 sizeof(auditon_def)) == -1); 1430 check_audit(fds, adregex, pipefd); 1431} 1432 1433ATF_TC_CLEANUP(auditon_setumask_failure, tc) 1434{ 1435 cleanup(); 1436} 1437 1438 1439ATF_TC_WITH_CLEANUP(auditon_setsmask_failure); 1440ATF_TC_HEAD(auditon_setsmask_failure, tc) 1441{ 1442 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1443 "auditon(2) call for cmd: A_SETSMASK"); 1444} 1445 1446ATF_TC_BODY(auditon_setsmask_failure, tc) 1447{ 1448 pid = getpid(); 1449 snprintf(adregex, sizeof(adregex), 1450 "set mask per session.*%d.*return,failure", pid); 1451 1452 FILE *pipefd = setup(fds, auclass); 1453 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def, 1454 sizeof(auditon_def)) == -1); 1455 check_audit(fds, adregex, pipefd); 1456} 1457 1458ATF_TC_CLEANUP(auditon_setsmask_failure, tc) 1459{ 1460 cleanup(); 1461} 1462 1463 1464/* 1465 * Audit of reboot(2) cannot be tested in normal conditions as we don't want 1466 * to reboot the system while running the tests 1467 */ 1468 1469 1470ATF_TC_WITH_CLEANUP(reboot_failure); 1471ATF_TC_HEAD(reboot_failure, tc) 1472{ 1473 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1474 "reboot(2) call"); 1475} 1476 1477ATF_TC_BODY(reboot_failure, tc) 1478{ 1479 pid = getpid(); 1480 snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid); 1481 1482 FILE *pipefd = setup(fds, auclass); 1483 ATF_REQUIRE_EQ(-1, reboot(-1)); 1484 check_audit(fds, adregex, pipefd); 1485} 1486 1487ATF_TC_CLEANUP(reboot_failure, tc) 1488{ 1489 cleanup(); 1490} 1491 1492 1493/* 1494 * Audit of quotactl(2) cannot be tested in normal conditions as we don't want 1495 * to tamper with filesystem quotas 1496 */ 1497 1498 1499ATF_TC_WITH_CLEANUP(quotactl_failure); 1500ATF_TC_HEAD(quotactl_failure, tc) 1501{ 1502 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1503 "quotactl(2) call"); 1504} 1505 1506ATF_TC_BODY(quotactl_failure, tc) 1507{ 1508 pid = getpid(); 1509 snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid); 1510 1511 FILE *pipefd = setup(fds, auclass); 1512 ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL)); 1513 check_audit(fds, adregex, pipefd); 1514} 1515 1516ATF_TC_CLEANUP(quotactl_failure, tc) 1517{ 1518 cleanup(); 1519} 1520 1521 1522ATF_TC_WITH_CLEANUP(mount_failure); 1523ATF_TC_HEAD(mount_failure, tc) 1524{ 1525 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1526 "mount(2) call"); 1527} 1528 1529ATF_TC_BODY(mount_failure, tc) 1530{ 1531 pid = getpid(); 1532 snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid); 1533 1534 FILE *pipefd = setup(fds, auclass); 1535 ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL)); 1536 check_audit(fds, adregex, pipefd); 1537} 1538 1539ATF_TC_CLEANUP(mount_failure, tc) 1540{ 1541 cleanup(); 1542} 1543 1544 1545ATF_TC_WITH_CLEANUP(nmount_failure); 1546ATF_TC_HEAD(nmount_failure, tc) 1547{ 1548 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1549 "nmount(2) call"); 1550} 1551 1552ATF_TC_BODY(nmount_failure, tc) 1553{ 1554 pid = getpid(); 1555 snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid); 1556 1557 FILE *pipefd = setup(fds, auclass); 1558 ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0)); 1559 check_audit(fds, adregex, pipefd); 1560} 1561 1562ATF_TC_CLEANUP(nmount_failure, tc) 1563{ 1564 cleanup(); 1565} 1566 1567 1568ATF_TC_WITH_CLEANUP(swapon_failure); 1569ATF_TC_HEAD(swapon_failure, tc) 1570{ 1571 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1572 "swapon(2) call"); 1573} 1574 1575ATF_TC_BODY(swapon_failure, tc) 1576{ 1577 pid = getpid(); 1578 snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid); 1579 1580 FILE *pipefd = setup(fds, auclass); 1581 /* Failure reason: Block device required */ 1582 ATF_REQUIRE_EQ(-1, swapon(path)); 1583 check_audit(fds, adregex, pipefd); 1584} 1585 1586ATF_TC_CLEANUP(swapon_failure, tc) 1587{ 1588 cleanup(); 1589} 1590 1591 1592ATF_TC_WITH_CLEANUP(swapoff_failure); 1593ATF_TC_HEAD(swapoff_failure, tc) 1594{ 1595 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1596 "swapoff(2) call"); 1597} 1598 1599ATF_TC_BODY(swapoff_failure, tc) 1600{ 1601 pid = getpid(); 1602 snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid); 1603 1604 FILE *pipefd = setup(fds, auclass); 1605 /* Failure reason: Block device required */ 1606 ATF_REQUIRE_EQ(-1, swapoff(path, 0)); 1607 check_audit(fds, adregex, pipefd); 1608} 1609 1610ATF_TC_CLEANUP(swapoff_failure, tc) 1611{ 1612 cleanup(); 1613} 1614 1615 1616ATF_TP_ADD_TCS(tp) 1617{ 1618 ATF_TP_ADD_TC(tp, settimeofday_success); 1619 ATF_TP_ADD_TC(tp, settimeofday_failure); 1620 ATF_TP_ADD_TC(tp, clock_settime_success); 1621 ATF_TP_ADD_TC(tp, clock_settime_failure); 1622 ATF_TP_ADD_TC(tp, adjtime_success); 1623 ATF_TP_ADD_TC(tp, adjtime_failure); 1624 ATF_TP_ADD_TC(tp, ntp_adjtime_success); 1625 ATF_TP_ADD_TC(tp, ntp_adjtime_failure); 1626 1627 ATF_TP_ADD_TC(tp, nfs_getfh_success); 1628 ATF_TP_ADD_TC(tp, nfs_getfh_failure); 1629 ATF_TP_ADD_TC(tp, acct_success); 1630 ATF_TP_ADD_TC(tp, acct_failure); 1631 ATF_TP_ADD_TC(tp, auditctl_success); 1632 ATF_TP_ADD_TC(tp, auditctl_failure); 1633 1634 ATF_TP_ADD_TC(tp, getauid_success); 1635 ATF_TP_ADD_TC(tp, getauid_failure); 1636 ATF_TP_ADD_TC(tp, setauid_success); 1637 ATF_TP_ADD_TC(tp, setauid_failure); 1638 1639 ATF_TP_ADD_TC(tp, getaudit_success); 1640 ATF_TP_ADD_TC(tp, getaudit_failure); 1641 ATF_TP_ADD_TC(tp, setaudit_success); 1642 ATF_TP_ADD_TC(tp, setaudit_failure); 1643 1644 ATF_TP_ADD_TC(tp, getaudit_addr_success); 1645 ATF_TP_ADD_TC(tp, getaudit_addr_failure); 1646 ATF_TP_ADD_TC(tp, setaudit_addr_success); 1647 ATF_TP_ADD_TC(tp, setaudit_addr_failure); 1648 1649 ATF_TP_ADD_TC(tp, auditon_default_success); 1650 ATF_TP_ADD_TC(tp, auditon_default_failure); 1651 1652 ATF_TP_ADD_TC(tp, auditon_getpolicy_success); 1653 ATF_TP_ADD_TC(tp, auditon_getpolicy_failure); 1654 ATF_TP_ADD_TC(tp, auditon_setpolicy_success); 1655 ATF_TP_ADD_TC(tp, auditon_setpolicy_failure); 1656 1657 ATF_TP_ADD_TC(tp, auditon_getkmask_success); 1658 ATF_TP_ADD_TC(tp, auditon_getkmask_failure); 1659 ATF_TP_ADD_TC(tp, auditon_setkmask_success); 1660 ATF_TP_ADD_TC(tp, auditon_setkmask_failure); 1661 1662 ATF_TP_ADD_TC(tp, auditon_getqctrl_success); 1663 ATF_TP_ADD_TC(tp, auditon_getqctrl_failure); 1664 ATF_TP_ADD_TC(tp, auditon_setqctrl_success); 1665 ATF_TP_ADD_TC(tp, auditon_setqctrl_failure); 1666 1667 ATF_TP_ADD_TC(tp, auditon_getclass_success); 1668 ATF_TP_ADD_TC(tp, auditon_getclass_failure); 1669 ATF_TP_ADD_TC(tp, auditon_setclass_success); 1670 ATF_TP_ADD_TC(tp, auditon_setclass_failure); 1671 1672 ATF_TP_ADD_TC(tp, auditon_getcond_success); 1673 ATF_TP_ADD_TC(tp, auditon_getcond_failure); 1674 ATF_TP_ADD_TC(tp, auditon_setcond_success); 1675 ATF_TP_ADD_TC(tp, auditon_setcond_failure); 1676 1677 ATF_TP_ADD_TC(tp, auditon_getcwd_failure); 1678 ATF_TP_ADD_TC(tp, auditon_getcar_failure); 1679 ATF_TP_ADD_TC(tp, auditon_getstat_failure); 1680 ATF_TP_ADD_TC(tp, auditon_setstat_failure); 1681 ATF_TP_ADD_TC(tp, auditon_setumask_failure); 1682 ATF_TP_ADD_TC(tp, auditon_setsmask_failure); 1683 1684 ATF_TP_ADD_TC(tp, reboot_failure); 1685 ATF_TP_ADD_TC(tp, quotactl_failure); 1686 ATF_TP_ADD_TC(tp, mount_failure); 1687 ATF_TP_ADD_TC(tp, nmount_failure); 1688 ATF_TP_ADD_TC(tp, swapon_failure); 1689 ATF_TP_ADD_TC(tp, swapoff_failure); 1690 1691 return (atf_no_error()); 1692} 1693