1 /*-
2 * Copyright (c) 2018 Aniket Pandey
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * SUCH DAMAGE.
24 */
25
26 #include <sys/param.h>
27 #include <sys/mount.h>
28 #include <sys/reboot.h>
29 #include <sys/stat.h>
30 #include <sys/sysctl.h>
31 #include <sys/time.h>
32 #include <sys/timespec.h>
33 #include <sys/timex.h>
34
35 #include <bsm/audit.h>
36 #include <bsm/audit_kevents.h>
37 #include <ufs/ufs/quota.h>
38
39 #include <atf-c.h>
40 #include <errno.h>
41 #include <fcntl.h>
42 #include <stdlib.h>
43 #include <time.h>
44 #include <unistd.h>
45
46 #include "utils.h"
47
48 static pid_t pid;
49 static int filedesc;
50 /* Default argument for handling ENOSYS in auditon(2) functions */
51 static int auditon_def = 0;
52 static mode_t mode = 0777;
53 static struct pollfd fds[1];
54 static char adregex[80];
55 static const char *auclass = "ad";
56 static const char *path = "fileforaudit";
57 static const char *successreg = "fileforaudit.*return,success";
58
59
60 ATF_TC_WITH_CLEANUP(settimeofday_success);
ATF_TC_HEAD(settimeofday_success,tc)61 ATF_TC_HEAD(settimeofday_success, tc)
62 {
63 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
64 "settimeofday(2) call");
65 }
66
ATF_TC_BODY(settimeofday_success,tc)67 ATF_TC_BODY(settimeofday_success, tc)
68 {
69 pid = getpid();
70 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
71
72 struct timeval tp;
73 struct timezone tzp;
74 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
75
76 FILE *pipefd = setup(fds, auclass);
77 /* Setting the same time as obtained by gettimeofday(2) */
78 ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
79 check_audit(fds, adregex, pipefd);
80 }
81
ATF_TC_CLEANUP(settimeofday_success,tc)82 ATF_TC_CLEANUP(settimeofday_success, tc)
83 {
84 cleanup();
85 }
86
87
88 ATF_TC_WITH_CLEANUP(settimeofday_failure);
ATF_TC_HEAD(settimeofday_failure,tc)89 ATF_TC_HEAD(settimeofday_failure, tc)
90 {
91 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
92 "settimeofday(2) call");
93 }
94
ATF_TC_BODY(settimeofday_failure,tc)95 ATF_TC_BODY(settimeofday_failure, tc)
96 {
97 pid = getpid();
98 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
99
100 struct timeval tp;
101 struct timezone tzp;
102 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
103
104 FILE *pipefd = setup(fds, auclass);
105 tp.tv_sec = -1;
106 /* Failure reason: Invalid value for tp.tv_sec; */
107 ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
108 check_audit(fds, adregex, pipefd);
109 }
110
ATF_TC_CLEANUP(settimeofday_failure,tc)111 ATF_TC_CLEANUP(settimeofday_failure, tc)
112 {
113 cleanup();
114 }
115
116
117 ATF_TC_WITH_CLEANUP(clock_settime_success);
ATF_TC_HEAD(clock_settime_success,tc)118 ATF_TC_HEAD(clock_settime_success, tc)
119 {
120 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
121 "clock_settime(2) call");
122 }
123
ATF_TC_BODY(clock_settime_success,tc)124 ATF_TC_BODY(clock_settime_success, tc)
125 {
126 pid = getpid();
127 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
128
129 struct timespec tp;
130 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
131
132 FILE *pipefd = setup(fds, auclass);
133 /* Setting the same time as obtained by clock_gettime(2) */
134 ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
135 check_audit(fds, adregex, pipefd);
136 }
137
ATF_TC_CLEANUP(clock_settime_success,tc)138 ATF_TC_CLEANUP(clock_settime_success, tc)
139 {
140 cleanup();
141 }
142
143
144 ATF_TC_WITH_CLEANUP(clock_settime_failure);
ATF_TC_HEAD(clock_settime_failure,tc)145 ATF_TC_HEAD(clock_settime_failure, tc)
146 {
147 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
148 "clock_settime(2) call");
149 }
150
ATF_TC_BODY(clock_settime_failure,tc)151 ATF_TC_BODY(clock_settime_failure, tc)
152 {
153 pid = getpid();
154 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
155
156 struct timespec tp;
157 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
158
159 FILE *pipefd = setup(fds, auclass);
160 /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
161 ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
162 check_audit(fds, adregex, pipefd);
163 }
164
ATF_TC_CLEANUP(clock_settime_failure,tc)165 ATF_TC_CLEANUP(clock_settime_failure, tc)
166 {
167 cleanup();
168 }
169
170
171 ATF_TC_WITH_CLEANUP(adjtime_success);
ATF_TC_HEAD(adjtime_success,tc)172 ATF_TC_HEAD(adjtime_success, tc)
173 {
174 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
175 "adjtime(2) call");
176 }
177
ATF_TC_BODY(adjtime_success,tc)178 ATF_TC_BODY(adjtime_success, tc)
179 {
180 pid = getpid();
181 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
182
183 FILE *pipefd = setup(fds, auclass);
184 /* We don't want to change the system time, hence NULL */
185 ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
186 check_audit(fds, adregex, pipefd);
187 }
188
ATF_TC_CLEANUP(adjtime_success,tc)189 ATF_TC_CLEANUP(adjtime_success, tc)
190 {
191 cleanup();
192 }
193
194
195 ATF_TC_WITH_CLEANUP(adjtime_failure);
ATF_TC_HEAD(adjtime_failure,tc)196 ATF_TC_HEAD(adjtime_failure, tc)
197 {
198 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
199 "adjtime(2) call");
200 }
201
ATF_TC_BODY(adjtime_failure,tc)202 ATF_TC_BODY(adjtime_failure, tc)
203 {
204 pid = getpid();
205 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
206
207 FILE *pipefd = setup(fds, auclass);
208 ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
209 check_audit(fds, adregex, pipefd);
210 }
211
ATF_TC_CLEANUP(adjtime_failure,tc)212 ATF_TC_CLEANUP(adjtime_failure, tc)
213 {
214 cleanup();
215 }
216
217
218 ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
ATF_TC_HEAD(ntp_adjtime_success,tc)219 ATF_TC_HEAD(ntp_adjtime_success, tc)
220 {
221 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
222 "ntp_adjtime(2) call");
223 }
224
ATF_TC_BODY(ntp_adjtime_success,tc)225 ATF_TC_BODY(ntp_adjtime_success, tc)
226 {
227 struct timex timebuff;
228 bzero(&timebuff, sizeof(timebuff));
229
230 pid = getpid();
231 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
232
233 FILE *pipefd = setup(fds, auclass);
234 ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
235 check_audit(fds, adregex, pipefd);
236 }
237
ATF_TC_CLEANUP(ntp_adjtime_success,tc)238 ATF_TC_CLEANUP(ntp_adjtime_success, tc)
239 {
240 cleanup();
241 }
242
243
244 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
ATF_TC_HEAD(ntp_adjtime_failure,tc)245 ATF_TC_HEAD(ntp_adjtime_failure, tc)
246 {
247 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
248 "ntp_adjtime(2) call");
249 }
250
ATF_TC_BODY(ntp_adjtime_failure,tc)251 ATF_TC_BODY(ntp_adjtime_failure, tc)
252 {
253 pid = getpid();
254 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
255
256 FILE *pipefd = setup(fds, auclass);
257 ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
258 check_audit(fds, adregex, pipefd);
259 }
260
ATF_TC_CLEANUP(ntp_adjtime_failure,tc)261 ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
262 {
263 cleanup();
264 }
265
266
267 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
ATF_TC_HEAD(nfs_getfh_success,tc)268 ATF_TC_HEAD(nfs_getfh_success, tc)
269 {
270 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
271 "getfh(2) call");
272 }
273
ATF_TC_BODY(nfs_getfh_success,tc)274 ATF_TC_BODY(nfs_getfh_success, tc)
275 {
276 fhandle_t fhp;
277 pid = getpid();
278 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
279
280 /* File needs to exist to call getfh(2) */
281 ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
282 FILE *pipefd = setup(fds, auclass);
283 ATF_REQUIRE_EQ(0, getfh(path, &fhp));
284 check_audit(fds, adregex, pipefd);
285 close(filedesc);
286 }
287
ATF_TC_CLEANUP(nfs_getfh_success,tc)288 ATF_TC_CLEANUP(nfs_getfh_success, tc)
289 {
290 cleanup();
291 }
292
293
294 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
ATF_TC_HEAD(nfs_getfh_failure,tc)295 ATF_TC_HEAD(nfs_getfh_failure, tc)
296 {
297 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
298 "getfh(2) call");
299 }
300
ATF_TC_BODY(nfs_getfh_failure,tc)301 ATF_TC_BODY(nfs_getfh_failure, tc)
302 {
303 pid = getpid();
304 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
305
306 FILE *pipefd = setup(fds, auclass);
307 /* Failure reason: file does not exist */
308 ATF_REQUIRE_EQ(-1, getfh(path, NULL));
309 check_audit(fds, adregex, pipefd);
310 }
311
ATF_TC_CLEANUP(nfs_getfh_failure,tc)312 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
313 {
314 cleanup();
315 }
316
317
318 ATF_TC_WITH_CLEANUP(auditctl_success);
ATF_TC_HEAD(auditctl_success,tc)319 ATF_TC_HEAD(auditctl_success, tc)
320 {
321 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
322 "auditctl(2) call");
323 }
324
ATF_TC_BODY(auditctl_success,tc)325 ATF_TC_BODY(auditctl_success, tc)
326 {
327 /* File needs to exist in order to call auditctl(2) */
328 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
329 FILE *pipefd = setup(fds, auclass);
330 ATF_REQUIRE_EQ(0, auditctl(path));
331 check_audit(fds, successreg, pipefd);
332 close(filedesc);
333 }
334
ATF_TC_CLEANUP(auditctl_success,tc)335 ATF_TC_CLEANUP(auditctl_success, tc)
336 {
337 /*
338 * auditctl(2) disables audit log at /var/audit and initiates auditing
339 * at the configured path. To reset this, we need to stop and start the
340 * auditd(8) again. Here, we check if auditd(8) was running already
341 * before the test started. If so, we stop and start it again.
342 *
343 * TODO: should we skip this test if auditd(8) is already running to
344 * avoid restarting it?
345 */
346 if (!atf_utils_file_exists("started_fake_auditd")) {
347 system("service auditd onestop > /dev/null 2>&1");
348 system("service auditd onestart > /dev/null 2>&1");
349 } else {
350 cleanup();
351 }
352 }
353
354
355 ATF_TC_WITH_CLEANUP(auditctl_failure);
ATF_TC_HEAD(auditctl_failure,tc)356 ATF_TC_HEAD(auditctl_failure, tc)
357 {
358 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
359 "auditctl(2) call");
360 }
361
ATF_TC_BODY(auditctl_failure,tc)362 ATF_TC_BODY(auditctl_failure, tc)
363 {
364 pid = getpid();
365 snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
366
367 FILE *pipefd = setup(fds, auclass);
368 /* Failure reason: file does not exist */
369 ATF_REQUIRE_EQ(-1, auditctl(NULL));
370 check_audit(fds, adregex, pipefd);
371 }
372
ATF_TC_CLEANUP(auditctl_failure,tc)373 ATF_TC_CLEANUP(auditctl_failure, tc)
374 {
375 cleanup();
376 }
377
378
379 ATF_TC_WITH_CLEANUP(acct_success);
ATF_TC_HEAD(acct_success,tc)380 ATF_TC_HEAD(acct_success, tc)
381 {
382 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
383 "acct(2) call");
384 atf_tc_set_md_var(tc, "require.files",
385 "/etc/rc.d/accounting /etc/rc.d/auditd");
386 }
387
ATF_TC_BODY(acct_success,tc)388 ATF_TC_BODY(acct_success, tc)
389 {
390 int acctinfo, filedesc2;
391 size_t len = sizeof(acctinfo);
392 const char *acctname = "kern.acct_configured";
393 ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
394
395 /* File needs to exist to start system accounting */
396 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
397
398 /*
399 * acctinfo = 0: System accounting was disabled
400 * acctinfo = 1: System accounting was enabled
401 */
402 if (acctinfo) {
403 ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
404 close(filedesc2);
405 }
406
407 pid = getpid();
408 snprintf(adregex, sizeof(adregex),
409 "acct.*%s.*%d.*return,success", path, pid);
410
411 /*
412 * We temporarily switch the accounting record to a file at
413 * our own configured path in order to confirm acct(2)'s successful
414 * auditing. Then we set everything back to its original state.
415 */
416 FILE *pipefd = setup(fds, auclass);
417 ATF_REQUIRE_EQ(0, acct(path));
418 check_audit(fds, adregex, pipefd);
419 close(filedesc);
420 }
421
ATF_TC_CLEANUP(acct_success,tc)422 ATF_TC_CLEANUP(acct_success, tc)
423 {
424 /* Reset accounting configured path */
425 ATF_REQUIRE_EQ(0, system("service accounting onestop"));
426 if (atf_utils_file_exists("acct_ok")) {
427 ATF_REQUIRE_EQ(0, system("service accounting onestart"));
428 }
429 cleanup();
430 }
431
432
433 ATF_TC_WITH_CLEANUP(acct_failure);
ATF_TC_HEAD(acct_failure,tc)434 ATF_TC_HEAD(acct_failure, tc)
435 {
436 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
437 "acct(2) call");
438 }
439
ATF_TC_BODY(acct_failure,tc)440 ATF_TC_BODY(acct_failure, tc)
441 {
442 pid = getpid();
443 snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
444
445 FILE *pipefd = setup(fds, auclass);
446 /* Failure reason: File does not exist */
447 ATF_REQUIRE_EQ(-1, acct(path));
448 check_audit(fds, adregex, pipefd);
449 }
450
ATF_TC_CLEANUP(acct_failure,tc)451 ATF_TC_CLEANUP(acct_failure, tc)
452 {
453 cleanup();
454 }
455
456
457 ATF_TC_WITH_CLEANUP(getauid_success);
ATF_TC_HEAD(getauid_success,tc)458 ATF_TC_HEAD(getauid_success, tc)
459 {
460 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
461 "getauid(2) call");
462 }
463
ATF_TC_BODY(getauid_success,tc)464 ATF_TC_BODY(getauid_success, tc)
465 {
466 au_id_t auid;
467 pid = getpid();
468 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
469
470 FILE *pipefd = setup(fds, auclass);
471 ATF_REQUIRE_EQ(0, getauid(&auid));
472 check_audit(fds, adregex, pipefd);
473 }
474
ATF_TC_CLEANUP(getauid_success,tc)475 ATF_TC_CLEANUP(getauid_success, tc)
476 {
477 cleanup();
478 }
479
480
481 ATF_TC_WITH_CLEANUP(getauid_failure);
ATF_TC_HEAD(getauid_failure,tc)482 ATF_TC_HEAD(getauid_failure, tc)
483 {
484 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
485 "getauid(2) call");
486 }
487
ATF_TC_BODY(getauid_failure,tc)488 ATF_TC_BODY(getauid_failure, tc)
489 {
490 pid = getpid();
491 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
492
493 FILE *pipefd = setup(fds, auclass);
494 /* Failure reason: Bad address */
495 ATF_REQUIRE_EQ(-1, getauid(NULL));
496 check_audit(fds, adregex, pipefd);
497 }
498
ATF_TC_CLEANUP(getauid_failure,tc)499 ATF_TC_CLEANUP(getauid_failure, tc)
500 {
501 cleanup();
502 }
503
504
505 ATF_TC_WITH_CLEANUP(setauid_success);
ATF_TC_HEAD(setauid_success,tc)506 ATF_TC_HEAD(setauid_success, tc)
507 {
508 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
509 "setauid(2) call");
510 }
511
ATF_TC_BODY(setauid_success,tc)512 ATF_TC_BODY(setauid_success, tc)
513 {
514 au_id_t auid;
515 pid = getpid();
516 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
517 ATF_REQUIRE_EQ(0, getauid(&auid));
518
519 FILE *pipefd = setup(fds, auclass);
520 ATF_REQUIRE_EQ(0, setauid(&auid));
521 check_audit(fds, adregex, pipefd);
522 }
523
ATF_TC_CLEANUP(setauid_success,tc)524 ATF_TC_CLEANUP(setauid_success, tc)
525 {
526 cleanup();
527 }
528
529
530 ATF_TC_WITH_CLEANUP(setauid_failure);
ATF_TC_HEAD(setauid_failure,tc)531 ATF_TC_HEAD(setauid_failure, tc)
532 {
533 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
534 "setauid(2) call");
535 }
536
ATF_TC_BODY(setauid_failure,tc)537 ATF_TC_BODY(setauid_failure, tc)
538 {
539 pid = getpid();
540 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
541
542 FILE *pipefd = setup(fds, auclass);
543 /* Failure reason: Bad address */
544 ATF_REQUIRE_EQ(-1, setauid(NULL));
545 check_audit(fds, adregex, pipefd);
546 }
547
ATF_TC_CLEANUP(setauid_failure,tc)548 ATF_TC_CLEANUP(setauid_failure, tc)
549 {
550 cleanup();
551 }
552
553
554 ATF_TC_WITH_CLEANUP(getaudit_success);
ATF_TC_HEAD(getaudit_success,tc)555 ATF_TC_HEAD(getaudit_success, tc)
556 {
557 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
558 "getaudit(2) call");
559 }
560
ATF_TC_BODY(getaudit_success,tc)561 ATF_TC_BODY(getaudit_success, tc)
562 {
563 pid = getpid();
564 auditinfo_t auditinfo;
565 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
566
567 FILE *pipefd = setup(fds, auclass);
568 ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
569 check_audit(fds, adregex, pipefd);
570 }
571
ATF_TC_CLEANUP(getaudit_success,tc)572 ATF_TC_CLEANUP(getaudit_success, tc)
573 {
574 cleanup();
575 }
576
577
578 ATF_TC_WITH_CLEANUP(getaudit_failure);
ATF_TC_HEAD(getaudit_failure,tc)579 ATF_TC_HEAD(getaudit_failure, tc)
580 {
581 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
582 "getaudit(2) call");
583 }
584
ATF_TC_BODY(getaudit_failure,tc)585 ATF_TC_BODY(getaudit_failure, tc)
586 {
587 pid = getpid();
588 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
589
590 FILE *pipefd = setup(fds, auclass);
591 /* Failure reason: Bad address */
592 ATF_REQUIRE_EQ(-1, getaudit(NULL));
593 check_audit(fds, adregex, pipefd);
594 }
595
ATF_TC_CLEANUP(getaudit_failure,tc)596 ATF_TC_CLEANUP(getaudit_failure, tc)
597 {
598 cleanup();
599 }
600
601
602 ATF_TC_WITH_CLEANUP(setaudit_success);
ATF_TC_HEAD(setaudit_success,tc)603 ATF_TC_HEAD(setaudit_success, tc)
604 {
605 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
606 "setaudit(2) call");
607 }
608
ATF_TC_BODY(setaudit_success,tc)609 ATF_TC_BODY(setaudit_success, tc)
610 {
611 pid = getpid();
612 auditinfo_t auditinfo;
613 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
614 ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
615
616 FILE *pipefd = setup(fds, auclass);
617 ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
618 check_audit(fds, adregex, pipefd);
619 }
620
ATF_TC_CLEANUP(setaudit_success,tc)621 ATF_TC_CLEANUP(setaudit_success, tc)
622 {
623 cleanup();
624 }
625
626
627 ATF_TC_WITH_CLEANUP(setaudit_failure);
ATF_TC_HEAD(setaudit_failure,tc)628 ATF_TC_HEAD(setaudit_failure, tc)
629 {
630 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
631 "setaudit(2) call");
632 }
633
ATF_TC_BODY(setaudit_failure,tc)634 ATF_TC_BODY(setaudit_failure, tc)
635 {
636 pid = getpid();
637 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
638
639 FILE *pipefd = setup(fds, auclass);
640 /* Failure reason: Bad address */
641 ATF_REQUIRE_EQ(-1, setaudit(NULL));
642 check_audit(fds, adregex, pipefd);
643 }
644
ATF_TC_CLEANUP(setaudit_failure,tc)645 ATF_TC_CLEANUP(setaudit_failure, tc)
646 {
647 cleanup();
648 }
649
650
651 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
ATF_TC_HEAD(getaudit_addr_success,tc)652 ATF_TC_HEAD(getaudit_addr_success, tc)
653 {
654 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
655 "getaudit_addr(2) call");
656 }
657
ATF_TC_BODY(getaudit_addr_success,tc)658 ATF_TC_BODY(getaudit_addr_success, tc)
659 {
660 pid = getpid();
661 auditinfo_addr_t auditinfo;
662 snprintf(adregex, sizeof(adregex),
663 "getaudit_addr.*%d.*return,success", pid);
664
665 FILE *pipefd = setup(fds, auclass);
666 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
667 check_audit(fds, adregex, pipefd);
668 }
669
ATF_TC_CLEANUP(getaudit_addr_success,tc)670 ATF_TC_CLEANUP(getaudit_addr_success, tc)
671 {
672 cleanup();
673 }
674
675
676 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
ATF_TC_HEAD(getaudit_addr_failure,tc)677 ATF_TC_HEAD(getaudit_addr_failure, tc)
678 {
679 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
680 "getaudit_addr(2) call");
681 }
682
ATF_TC_BODY(getaudit_addr_failure,tc)683 ATF_TC_BODY(getaudit_addr_failure, tc)
684 {
685 pid = getpid();
686 snprintf(adregex, sizeof(adregex),
687 "getaudit_addr.*%d.*return,failure", pid);
688
689 FILE *pipefd = setup(fds, auclass);
690 /* Failure reason: Bad address */
691 ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
692 check_audit(fds, adregex, pipefd);
693 }
694
ATF_TC_CLEANUP(getaudit_addr_failure,tc)695 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
696 {
697 cleanup();
698 }
699
700
701 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
ATF_TC_HEAD(setaudit_addr_success,tc)702 ATF_TC_HEAD(setaudit_addr_success, tc)
703 {
704 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
705 "setaudit_addr(2) call");
706 }
707
ATF_TC_BODY(setaudit_addr_success,tc)708 ATF_TC_BODY(setaudit_addr_success, tc)
709 {
710 pid = getpid();
711 auditinfo_addr_t auditinfo;
712 snprintf(adregex, sizeof(adregex),
713 "setaudit_addr.*%d.*return,success", pid);
714
715 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
716 FILE *pipefd = setup(fds, auclass);
717 ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
718 check_audit(fds, adregex, pipefd);
719 }
720
ATF_TC_CLEANUP(setaudit_addr_success,tc)721 ATF_TC_CLEANUP(setaudit_addr_success, tc)
722 {
723 cleanup();
724 }
725
726
727 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
ATF_TC_HEAD(setaudit_addr_failure,tc)728 ATF_TC_HEAD(setaudit_addr_failure, tc)
729 {
730 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
731 "setaudit_addr(2) call");
732 }
733
ATF_TC_BODY(setaudit_addr_failure,tc)734 ATF_TC_BODY(setaudit_addr_failure, tc)
735 {
736 pid = getpid();
737 snprintf(adregex, sizeof(adregex),
738 "setaudit_addr.*%d.*return,failure", pid);
739
740 FILE *pipefd = setup(fds, auclass);
741 /* Failure reason: Bad address */
742 ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
743 check_audit(fds, adregex, pipefd);
744 }
745
ATF_TC_CLEANUP(setaudit_addr_failure,tc)746 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
747 {
748 cleanup();
749 }
750
751 /*
752 * Note: The test-case uses A_GETFSIZE as the command argument but since it is
753 * not an independent audit event, it will be used to check the default mode
754 * auditing of auditon(2) system call.
755 *
756 * Please See: sys/security/audit/audit_bsm_klib.c
757 * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
758 */
759 ATF_TC_WITH_CLEANUP(auditon_default_success);
ATF_TC_HEAD(auditon_default_success,tc)760 ATF_TC_HEAD(auditon_default_success, tc)
761 {
762 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
763 "auditon(2) call");
764 }
765
ATF_TC_BODY(auditon_default_success,tc)766 ATF_TC_BODY(auditon_default_success, tc)
767 {
768 au_fstat_t fsize_arg;
769 bzero(&fsize_arg, sizeof(au_fstat_t));
770
771 pid = getpid();
772 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
773
774 FILE *pipefd = setup(fds, auclass);
775 ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
776 check_audit(fds, adregex, pipefd);
777 }
778
ATF_TC_CLEANUP(auditon_default_success,tc)779 ATF_TC_CLEANUP(auditon_default_success, tc)
780 {
781 cleanup();
782 }
783
784
785 ATF_TC_WITH_CLEANUP(auditon_default_failure);
ATF_TC_HEAD(auditon_default_failure,tc)786 ATF_TC_HEAD(auditon_default_failure, tc)
787 {
788 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
789 "auditon(2) call");
790 }
791
ATF_TC_BODY(auditon_default_failure,tc)792 ATF_TC_BODY(auditon_default_failure, tc)
793 {
794 pid = getpid();
795 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
796
797 FILE *pipefd = setup(fds, auclass);
798 /* Failure reason: Invalid argument */
799 ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
800 check_audit(fds, adregex, pipefd);
801 }
802
ATF_TC_CLEANUP(auditon_default_failure,tc)803 ATF_TC_CLEANUP(auditon_default_failure, tc)
804 {
805 cleanup();
806 }
807
808
809 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
ATF_TC_HEAD(auditon_getpolicy_success,tc)810 ATF_TC_HEAD(auditon_getpolicy_success, tc)
811 {
812 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
813 "auditon(2) call for cmd: A_GETPOLICY");
814 }
815
ATF_TC_BODY(auditon_getpolicy_success,tc)816 ATF_TC_BODY(auditon_getpolicy_success, tc)
817 {
818 int aupolicy;
819 pid = getpid();
820 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
821
822 FILE *pipefd = setup(fds, auclass);
823 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
824 check_audit(fds, adregex, pipefd);
825 }
826
ATF_TC_CLEANUP(auditon_getpolicy_success,tc)827 ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
828 {
829 cleanup();
830 }
831
832
833 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
ATF_TC_HEAD(auditon_getpolicy_failure,tc)834 ATF_TC_HEAD(auditon_getpolicy_failure, tc)
835 {
836 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
837 "auditon(2) call for cmd: A_GETPOLICY");
838 }
839
ATF_TC_BODY(auditon_getpolicy_failure,tc)840 ATF_TC_BODY(auditon_getpolicy_failure, tc)
841 {
842 pid = getpid();
843 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
844
845 FILE *pipefd = setup(fds, auclass);
846 /* Failure reason: Invalid argument */
847 ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
848 check_audit(fds, adregex, pipefd);
849 }
850
ATF_TC_CLEANUP(auditon_getpolicy_failure,tc)851 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
852 {
853 cleanup();
854 }
855
856
857 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
ATF_TC_HEAD(auditon_setpolicy_success,tc)858 ATF_TC_HEAD(auditon_setpolicy_success, tc)
859 {
860 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
861 "auditon(2) call for cmd: A_SETPOLICY");
862 }
863
ATF_TC_BODY(auditon_setpolicy_success,tc)864 ATF_TC_BODY(auditon_setpolicy_success, tc)
865 {
866 int aupolicy;
867 pid = getpid();
868 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
869
870 /* Retrieve the current auditing policy, to be used with A_SETPOLICY */
871 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
872 FILE *pipefd = setup(fds, auclass);
873 ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
874 check_audit(fds, adregex, pipefd);
875 }
876
ATF_TC_CLEANUP(auditon_setpolicy_success,tc)877 ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
878 {
879 cleanup();
880 }
881
882
883 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
ATF_TC_HEAD(auditon_setpolicy_failure,tc)884 ATF_TC_HEAD(auditon_setpolicy_failure, tc)
885 {
886 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
887 "auditon(2) call for cmd: A_SETPOLICY");
888 }
889
ATF_TC_BODY(auditon_setpolicy_failure,tc)890 ATF_TC_BODY(auditon_setpolicy_failure, tc)
891 {
892 pid = getpid();
893 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
894
895 FILE *pipefd = setup(fds, auclass);
896 /* Failure reason: Invalid argument */
897 ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
898 check_audit(fds, adregex, pipefd);
899 }
900
ATF_TC_CLEANUP(auditon_setpolicy_failure,tc)901 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
902 {
903 cleanup();
904 }
905
906
907 ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
ATF_TC_HEAD(auditon_getkmask_success,tc)908 ATF_TC_HEAD(auditon_getkmask_success, tc)
909 {
910 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
911 "auditon(2) call for cmd: A_GETKMASK");
912 }
913
ATF_TC_BODY(auditon_getkmask_success,tc)914 ATF_TC_BODY(auditon_getkmask_success, tc)
915 {
916 pid = getpid();
917 au_mask_t evmask;
918 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
919
920 bzero(&evmask, sizeof(evmask));
921 FILE *pipefd = setup(fds, auclass);
922 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
923 check_audit(fds, adregex, pipefd);
924 }
925
ATF_TC_CLEANUP(auditon_getkmask_success,tc)926 ATF_TC_CLEANUP(auditon_getkmask_success, tc)
927 {
928 cleanup();
929 }
930
931
932 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
ATF_TC_HEAD(auditon_getkmask_failure,tc)933 ATF_TC_HEAD(auditon_getkmask_failure, tc)
934 {
935 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
936 "auditon(2) call for cmd: A_GETKMASK");
937 }
938
ATF_TC_BODY(auditon_getkmask_failure,tc)939 ATF_TC_BODY(auditon_getkmask_failure, tc)
940 {
941 pid = getpid();
942 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
943
944 FILE *pipefd = setup(fds, auclass);
945 /* Failure reason: Invalid au_mask_t structure */
946 ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
947 check_audit(fds, adregex, pipefd);
948 }
949
ATF_TC_CLEANUP(auditon_getkmask_failure,tc)950 ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
951 {
952 cleanup();
953 }
954
955
956 ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
ATF_TC_HEAD(auditon_setkmask_success,tc)957 ATF_TC_HEAD(auditon_setkmask_success, tc)
958 {
959 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
960 "auditon(2) call for cmd: A_SETKMASK");
961 }
962
ATF_TC_BODY(auditon_setkmask_success,tc)963 ATF_TC_BODY(auditon_setkmask_success, tc)
964 {
965 pid = getpid();
966 au_mask_t evmask;
967 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
968
969 /* Retrieve the current audit mask to be used with A_SETKMASK */
970 bzero(&evmask, sizeof(evmask));
971 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
972
973 FILE *pipefd = setup(fds, auclass);
974 ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
975 check_audit(fds, adregex, pipefd);
976 }
977
ATF_TC_CLEANUP(auditon_setkmask_success,tc)978 ATF_TC_CLEANUP(auditon_setkmask_success, tc)
979 {
980 cleanup();
981 }
982
983
984 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
ATF_TC_HEAD(auditon_setkmask_failure,tc)985 ATF_TC_HEAD(auditon_setkmask_failure, tc)
986 {
987 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
988 "auditon(2) call for cmd: A_SETKMASK");
989 }
990
ATF_TC_BODY(auditon_setkmask_failure,tc)991 ATF_TC_BODY(auditon_setkmask_failure, tc)
992 {
993 pid = getpid();
994 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
995
996 FILE *pipefd = setup(fds, auclass);
997 /* Failure reason: Invalid au_mask_t structure */
998 ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
999 check_audit(fds, adregex, pipefd);
1000 }
1001
ATF_TC_CLEANUP(auditon_setkmask_failure,tc)1002 ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
1003 {
1004 cleanup();
1005 }
1006
1007
1008 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
ATF_TC_HEAD(auditon_getqctrl_success,tc)1009 ATF_TC_HEAD(auditon_getqctrl_success, tc)
1010 {
1011 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1012 "auditon(2) call for cmd: A_GETQCTRL");
1013 }
1014
ATF_TC_BODY(auditon_getqctrl_success,tc)1015 ATF_TC_BODY(auditon_getqctrl_success, tc)
1016 {
1017 pid = getpid();
1018 au_qctrl_t evqctrl;
1019 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1020
1021 bzero(&evqctrl, sizeof(evqctrl));
1022 FILE *pipefd = setup(fds, auclass);
1023 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1024 check_audit(fds, adregex, pipefd);
1025 }
1026
ATF_TC_CLEANUP(auditon_getqctrl_success,tc)1027 ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1028 {
1029 cleanup();
1030 }
1031
1032
1033 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
ATF_TC_HEAD(auditon_getqctrl_failure,tc)1034 ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1035 {
1036 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1037 "auditon(2) call for cmd: A_GETQCTRL");
1038 }
1039
ATF_TC_BODY(auditon_getqctrl_failure,tc)1040 ATF_TC_BODY(auditon_getqctrl_failure, tc)
1041 {
1042 pid = getpid();
1043 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1044
1045 FILE *pipefd = setup(fds, auclass);
1046 /* Failure reason: Invalid au_qctrl_t structure */
1047 ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1048 check_audit(fds, adregex, pipefd);
1049 }
1050
ATF_TC_CLEANUP(auditon_getqctrl_failure,tc)1051 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1052 {
1053 cleanup();
1054 }
1055
1056
1057 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
ATF_TC_HEAD(auditon_setqctrl_success,tc)1058 ATF_TC_HEAD(auditon_setqctrl_success, tc)
1059 {
1060 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1061 "auditon(2) call for cmd: A_SETKMASK");
1062 }
1063
ATF_TC_BODY(auditon_setqctrl_success,tc)1064 ATF_TC_BODY(auditon_setqctrl_success, tc)
1065 {
1066 pid = getpid();
1067 au_qctrl_t evqctrl;
1068 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1069
1070 /* Retrieve the current audit mask to be used with A_SETQCTRL */
1071 bzero(&evqctrl, sizeof(evqctrl));
1072 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1073
1074 FILE *pipefd = setup(fds, auclass);
1075 ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1076 check_audit(fds, adregex, pipefd);
1077 }
1078
ATF_TC_CLEANUP(auditon_setqctrl_success,tc)1079 ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1080 {
1081 cleanup();
1082 }
1083
1084
1085 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
ATF_TC_HEAD(auditon_setqctrl_failure,tc)1086 ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1087 {
1088 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1089 "auditon(2) call for cmd: A_SETKMASK");
1090 }
1091
ATF_TC_BODY(auditon_setqctrl_failure,tc)1092 ATF_TC_BODY(auditon_setqctrl_failure, tc)
1093 {
1094 pid = getpid();
1095 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1096
1097 FILE *pipefd = setup(fds, auclass);
1098 /* Failure reason: Invalid au_qctrl_t structure */
1099 ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1100 check_audit(fds, adregex, pipefd);
1101 }
1102
ATF_TC_CLEANUP(auditon_setqctrl_failure,tc)1103 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1104 {
1105 cleanup();
1106 }
1107
1108
1109 ATF_TC_WITH_CLEANUP(auditon_getclass_success);
ATF_TC_HEAD(auditon_getclass_success,tc)1110 ATF_TC_HEAD(auditon_getclass_success, tc)
1111 {
1112 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1113 "auditon(2) call for cmd: A_GETCLASS");
1114 }
1115
ATF_TC_BODY(auditon_getclass_success,tc)1116 ATF_TC_BODY(auditon_getclass_success, tc)
1117 {
1118 pid = getpid();
1119 au_evclass_map_t evclass;
1120 snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1121
1122 /* Initialize evclass to get the event-class mapping for auditon(2) */
1123 evclass.ec_number = AUE_AUDITON;
1124 evclass.ec_class = 0;
1125 FILE *pipefd = setup(fds, auclass);
1126 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1127 check_audit(fds, adregex, pipefd);
1128 }
1129
ATF_TC_CLEANUP(auditon_getclass_success,tc)1130 ATF_TC_CLEANUP(auditon_getclass_success, tc)
1131 {
1132 cleanup();
1133 }
1134
1135
1136 ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
ATF_TC_HEAD(auditon_getclass_failure,tc)1137 ATF_TC_HEAD(auditon_getclass_failure, tc)
1138 {
1139 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1140 "auditon(2) call for cmd: A_GETCLASS");
1141 }
1142
ATF_TC_BODY(auditon_getclass_failure,tc)1143 ATF_TC_BODY(auditon_getclass_failure, tc)
1144 {
1145 pid = getpid();
1146 snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1147
1148 FILE *pipefd = setup(fds, auclass);
1149 /* Failure reason: Invalid au_evclass_map_t structure */
1150 ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1151 check_audit(fds, adregex, pipefd);
1152 }
1153
ATF_TC_CLEANUP(auditon_getclass_failure,tc)1154 ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1155 {
1156 cleanup();
1157 }
1158
1159
1160 ATF_TC_WITH_CLEANUP(auditon_setclass_success);
ATF_TC_HEAD(auditon_setclass_success,tc)1161 ATF_TC_HEAD(auditon_setclass_success, tc)
1162 {
1163 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1164 "auditon(2) call for cmd: A_SETCLASS");
1165 }
1166
ATF_TC_BODY(auditon_setclass_success,tc)1167 ATF_TC_BODY(auditon_setclass_success, tc)
1168 {
1169 pid = getpid();
1170 au_evclass_map_t evclass;
1171 snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1172
1173 /* Initialize evclass and get the event-class mapping for auditon(2) */
1174 evclass.ec_number = AUE_AUDITON;
1175 evclass.ec_class = 0;
1176 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1177
1178 FILE *pipefd = setup(fds, auclass);
1179 ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1180 check_audit(fds, adregex, pipefd);
1181 }
1182
ATF_TC_CLEANUP(auditon_setclass_success,tc)1183 ATF_TC_CLEANUP(auditon_setclass_success, tc)
1184 {
1185 cleanup();
1186 }
1187
1188
1189 ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
ATF_TC_HEAD(auditon_setclass_failure,tc)1190 ATF_TC_HEAD(auditon_setclass_failure, tc)
1191 {
1192 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1193 "auditon(2) call for cmd: A_SETCLASS");
1194 }
1195
ATF_TC_BODY(auditon_setclass_failure,tc)1196 ATF_TC_BODY(auditon_setclass_failure, tc)
1197 {
1198 pid = getpid();
1199 snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1200
1201 FILE *pipefd = setup(fds, auclass);
1202 /* Failure reason: Invalid au_evclass_map_t structure */
1203 ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1204 check_audit(fds, adregex, pipefd);
1205 }
1206
ATF_TC_CLEANUP(auditon_setclass_failure,tc)1207 ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1208 {
1209 cleanup();
1210 }
1211
1212
1213 ATF_TC_WITH_CLEANUP(auditon_getcond_success);
ATF_TC_HEAD(auditon_getcond_success,tc)1214 ATF_TC_HEAD(auditon_getcond_success, tc)
1215 {
1216 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1217 "auditon(2) call for cmd: A_GETCOND");
1218 }
1219
ATF_TC_BODY(auditon_getcond_success,tc)1220 ATF_TC_BODY(auditon_getcond_success, tc)
1221 {
1222 int auditcond;
1223 pid = getpid();
1224 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1225
1226 FILE *pipefd = setup(fds, auclass);
1227 ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1228 check_audit(fds, adregex, pipefd);
1229 }
1230
ATF_TC_CLEANUP(auditon_getcond_success,tc)1231 ATF_TC_CLEANUP(auditon_getcond_success, tc)
1232 {
1233 cleanup();
1234 }
1235
1236
1237 ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
ATF_TC_HEAD(auditon_getcond_failure,tc)1238 ATF_TC_HEAD(auditon_getcond_failure, tc)
1239 {
1240 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1241 "auditon(2) call for cmd: A_GETCOND");
1242 }
1243
ATF_TC_BODY(auditon_getcond_failure,tc)1244 ATF_TC_BODY(auditon_getcond_failure, tc)
1245 {
1246 pid = getpid();
1247 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1248
1249 FILE *pipefd = setup(fds, auclass);
1250 /* Failure reason: Invalid argument */
1251 ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1252 check_audit(fds, adregex, pipefd);
1253 }
1254
ATF_TC_CLEANUP(auditon_getcond_failure,tc)1255 ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1256 {
1257 cleanup();
1258 }
1259
1260
1261 ATF_TC_WITH_CLEANUP(auditon_setcond_success);
ATF_TC_HEAD(auditon_setcond_success,tc)1262 ATF_TC_HEAD(auditon_setcond_success, tc)
1263 {
1264 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1265 "auditon(2) call for cmd: A_SETCOND");
1266 }
1267
ATF_TC_BODY(auditon_setcond_success,tc)1268 ATF_TC_BODY(auditon_setcond_success, tc)
1269 {
1270 int auditcond = AUC_AUDITING;
1271 pid = getpid();
1272 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1273
1274 FILE *pipefd = setup(fds, auclass);
1275 /* At this point auditd is running, so the audit state is AUC_AUDITING */
1276 ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1277 check_audit(fds, adregex, pipefd);
1278 }
1279
ATF_TC_CLEANUP(auditon_setcond_success,tc)1280 ATF_TC_CLEANUP(auditon_setcond_success, tc)
1281 {
1282 cleanup();
1283 }
1284
1285
1286 ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
ATF_TC_HEAD(auditon_setcond_failure,tc)1287 ATF_TC_HEAD(auditon_setcond_failure, tc)
1288 {
1289 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1290 "auditon(2) call for cmd: A_SETCOND");
1291 }
1292
ATF_TC_BODY(auditon_setcond_failure,tc)1293 ATF_TC_BODY(auditon_setcond_failure, tc)
1294 {
1295 pid = getpid();
1296 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1297
1298 FILE *pipefd = setup(fds, auclass);
1299 /* Failure reason: Invalid argument */
1300 ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1301 check_audit(fds, adregex, pipefd);
1302 }
1303
ATF_TC_CLEANUP(auditon_setcond_failure,tc)1304 ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1305 {
1306 cleanup();
1307 }
1308
1309 /*
1310 * Following test-cases for auditon(2) are all in failure mode only as although
1311 * auditable, they have not been implemented and return ENOSYS whenever called.
1312 *
1313 * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK
1314 */
1315
1316 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
ATF_TC_HEAD(auditon_getcwd_failure,tc)1317 ATF_TC_HEAD(auditon_getcwd_failure, tc)
1318 {
1319 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1320 "auditon(2) call for cmd: A_GETCWD");
1321 }
1322
ATF_TC_BODY(auditon_getcwd_failure,tc)1323 ATF_TC_BODY(auditon_getcwd_failure, tc)
1324 {
1325 pid = getpid();
1326 snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1327
1328 FILE *pipefd = setup(fds, auclass);
1329 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1330 sizeof(auditon_def)) == -1);
1331 check_audit(fds, adregex, pipefd);
1332 }
1333
ATF_TC_CLEANUP(auditon_getcwd_failure,tc)1334 ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1335 {
1336 cleanup();
1337 }
1338
1339
1340 ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
ATF_TC_HEAD(auditon_getcar_failure,tc)1341 ATF_TC_HEAD(auditon_getcar_failure, tc)
1342 {
1343 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1344 "auditon(2) call for cmd: A_GETCAR");
1345 }
1346
ATF_TC_BODY(auditon_getcar_failure,tc)1347 ATF_TC_BODY(auditon_getcar_failure, tc)
1348 {
1349 pid = getpid();
1350 snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1351
1352 FILE *pipefd = setup(fds, auclass);
1353 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1354 sizeof(auditon_def)) == -1);
1355 check_audit(fds, adregex, pipefd);
1356 }
1357
ATF_TC_CLEANUP(auditon_getcar_failure,tc)1358 ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1359 {
1360 cleanup();
1361 }
1362
1363
1364 ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
ATF_TC_HEAD(auditon_getstat_failure,tc)1365 ATF_TC_HEAD(auditon_getstat_failure, tc)
1366 {
1367 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1368 "auditon(2) call for cmd: A_GETSTAT");
1369 }
1370
ATF_TC_BODY(auditon_getstat_failure,tc)1371 ATF_TC_BODY(auditon_getstat_failure, tc)
1372 {
1373 pid = getpid();
1374 snprintf(adregex, sizeof(adregex),
1375 "get audit statistics.*%d.*return,failure", pid);
1376
1377 FILE *pipefd = setup(fds, auclass);
1378 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1379 sizeof(auditon_def)) == -1);
1380 check_audit(fds, adregex, pipefd);
1381 }
1382
ATF_TC_CLEANUP(auditon_getstat_failure,tc)1383 ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1384 {
1385 cleanup();
1386 }
1387
1388
1389 ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
ATF_TC_HEAD(auditon_setstat_failure,tc)1390 ATF_TC_HEAD(auditon_setstat_failure, tc)
1391 {
1392 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1393 "auditon(2) call for cmd: A_SETSTAT");
1394 }
1395
ATF_TC_BODY(auditon_setstat_failure,tc)1396 ATF_TC_BODY(auditon_setstat_failure, tc)
1397 {
1398 pid = getpid();
1399 snprintf(adregex, sizeof(adregex),
1400 "set audit statistics.*%d.*return,failure", pid);
1401
1402 FILE *pipefd = setup(fds, auclass);
1403 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1404 sizeof(auditon_def)) == -1);
1405 check_audit(fds, adregex, pipefd);
1406 }
1407
ATF_TC_CLEANUP(auditon_setstat_failure,tc)1408 ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1409 {
1410 cleanup();
1411 }
1412
1413
1414 ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
ATF_TC_HEAD(auditon_setumask_failure,tc)1415 ATF_TC_HEAD(auditon_setumask_failure, tc)
1416 {
1417 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1418 "auditon(2) call for cmd: A_SETUMASK");
1419 }
1420
ATF_TC_BODY(auditon_setumask_failure,tc)1421 ATF_TC_BODY(auditon_setumask_failure, tc)
1422 {
1423 pid = getpid();
1424 snprintf(adregex, sizeof(adregex),
1425 "set mask per uid.*%d.*return,failure", pid);
1426
1427 FILE *pipefd = setup(fds, auclass);
1428 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1429 sizeof(auditon_def)) == -1);
1430 check_audit(fds, adregex, pipefd);
1431 }
1432
ATF_TC_CLEANUP(auditon_setumask_failure,tc)1433 ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1434 {
1435 cleanup();
1436 }
1437
1438
1439 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
ATF_TC_HEAD(auditon_setsmask_failure,tc)1440 ATF_TC_HEAD(auditon_setsmask_failure, tc)
1441 {
1442 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1443 "auditon(2) call for cmd: A_SETSMASK");
1444 }
1445
ATF_TC_BODY(auditon_setsmask_failure,tc)1446 ATF_TC_BODY(auditon_setsmask_failure, tc)
1447 {
1448 pid = getpid();
1449 snprintf(adregex, sizeof(adregex),
1450 "set mask per session.*%d.*return,failure", pid);
1451
1452 FILE *pipefd = setup(fds, auclass);
1453 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1454 sizeof(auditon_def)) == -1);
1455 check_audit(fds, adregex, pipefd);
1456 }
1457
ATF_TC_CLEANUP(auditon_setsmask_failure,tc)1458 ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1459 {
1460 cleanup();
1461 }
1462
1463
1464 /*
1465 * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1466 * to reboot the system while running the tests
1467 */
1468
1469
1470 ATF_TC_WITH_CLEANUP(reboot_failure);
ATF_TC_HEAD(reboot_failure,tc)1471 ATF_TC_HEAD(reboot_failure, tc)
1472 {
1473 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1474 "reboot(2) call");
1475 }
1476
ATF_TC_BODY(reboot_failure,tc)1477 ATF_TC_BODY(reboot_failure, tc)
1478 {
1479 pid = getpid();
1480 snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1481
1482 FILE *pipefd = setup(fds, auclass);
1483 ATF_REQUIRE_EQ(-1, reboot(-1));
1484 check_audit(fds, adregex, pipefd);
1485 }
1486
ATF_TC_CLEANUP(reboot_failure,tc)1487 ATF_TC_CLEANUP(reboot_failure, tc)
1488 {
1489 cleanup();
1490 }
1491
1492
1493 /*
1494 * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1495 * to tamper with filesystem quotas
1496 */
1497
1498
1499 ATF_TC_WITH_CLEANUP(quotactl_failure);
ATF_TC_HEAD(quotactl_failure,tc)1500 ATF_TC_HEAD(quotactl_failure, tc)
1501 {
1502 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1503 "quotactl(2) call");
1504 }
1505
ATF_TC_BODY(quotactl_failure,tc)1506 ATF_TC_BODY(quotactl_failure, tc)
1507 {
1508 pid = getpid();
1509 snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1510
1511 FILE *pipefd = setup(fds, auclass);
1512 ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1513 check_audit(fds, adregex, pipefd);
1514 }
1515
ATF_TC_CLEANUP(quotactl_failure,tc)1516 ATF_TC_CLEANUP(quotactl_failure, tc)
1517 {
1518 cleanup();
1519 }
1520
1521
1522 ATF_TC_WITH_CLEANUP(mount_failure);
ATF_TC_HEAD(mount_failure,tc)1523 ATF_TC_HEAD(mount_failure, tc)
1524 {
1525 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1526 "mount(2) call");
1527 }
1528
ATF_TC_BODY(mount_failure,tc)1529 ATF_TC_BODY(mount_failure, tc)
1530 {
1531 pid = getpid();
1532 snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1533
1534 FILE *pipefd = setup(fds, auclass);
1535 ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1536 check_audit(fds, adregex, pipefd);
1537 }
1538
ATF_TC_CLEANUP(mount_failure,tc)1539 ATF_TC_CLEANUP(mount_failure, tc)
1540 {
1541 cleanup();
1542 }
1543
1544
1545 ATF_TC_WITH_CLEANUP(nmount_failure);
ATF_TC_HEAD(nmount_failure,tc)1546 ATF_TC_HEAD(nmount_failure, tc)
1547 {
1548 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1549 "nmount(2) call");
1550 }
1551
ATF_TC_BODY(nmount_failure,tc)1552 ATF_TC_BODY(nmount_failure, tc)
1553 {
1554 pid = getpid();
1555 snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1556
1557 FILE *pipefd = setup(fds, auclass);
1558 ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1559 check_audit(fds, adregex, pipefd);
1560 }
1561
ATF_TC_CLEANUP(nmount_failure,tc)1562 ATF_TC_CLEANUP(nmount_failure, tc)
1563 {
1564 cleanup();
1565 }
1566
1567
1568 ATF_TC_WITH_CLEANUP(swapon_failure);
ATF_TC_HEAD(swapon_failure,tc)1569 ATF_TC_HEAD(swapon_failure, tc)
1570 {
1571 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1572 "swapon(2) call");
1573 }
1574
ATF_TC_BODY(swapon_failure,tc)1575 ATF_TC_BODY(swapon_failure, tc)
1576 {
1577 pid = getpid();
1578 snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1579
1580 FILE *pipefd = setup(fds, auclass);
1581 /* Failure reason: Block device required */
1582 ATF_REQUIRE_EQ(-1, swapon(path));
1583 check_audit(fds, adregex, pipefd);
1584 }
1585
ATF_TC_CLEANUP(swapon_failure,tc)1586 ATF_TC_CLEANUP(swapon_failure, tc)
1587 {
1588 cleanup();
1589 }
1590
1591
1592 ATF_TC_WITH_CLEANUP(swapoff_failure);
ATF_TC_HEAD(swapoff_failure,tc)1593 ATF_TC_HEAD(swapoff_failure, tc)
1594 {
1595 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1596 "swapoff(2) call");
1597 }
1598
ATF_TC_BODY(swapoff_failure,tc)1599 ATF_TC_BODY(swapoff_failure, tc)
1600 {
1601 pid = getpid();
1602 snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1603
1604 FILE *pipefd = setup(fds, auclass);
1605 /* Failure reason: Block device required */
1606 ATF_REQUIRE_EQ(-1, swapoff(path, 0));
1607 check_audit(fds, adregex, pipefd);
1608 }
1609
ATF_TC_CLEANUP(swapoff_failure,tc)1610 ATF_TC_CLEANUP(swapoff_failure, tc)
1611 {
1612 cleanup();
1613 }
1614
1615
ATF_TP_ADD_TCS(tp)1616 ATF_TP_ADD_TCS(tp)
1617 {
1618 ATF_TP_ADD_TC(tp, settimeofday_success);
1619 ATF_TP_ADD_TC(tp, settimeofday_failure);
1620 ATF_TP_ADD_TC(tp, clock_settime_success);
1621 ATF_TP_ADD_TC(tp, clock_settime_failure);
1622 ATF_TP_ADD_TC(tp, adjtime_success);
1623 ATF_TP_ADD_TC(tp, adjtime_failure);
1624 ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1625 ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1626
1627 ATF_TP_ADD_TC(tp, nfs_getfh_success);
1628 ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1629 ATF_TP_ADD_TC(tp, acct_success);
1630 ATF_TP_ADD_TC(tp, acct_failure);
1631 ATF_TP_ADD_TC(tp, auditctl_success);
1632 ATF_TP_ADD_TC(tp, auditctl_failure);
1633
1634 ATF_TP_ADD_TC(tp, getauid_success);
1635 ATF_TP_ADD_TC(tp, getauid_failure);
1636 ATF_TP_ADD_TC(tp, setauid_success);
1637 ATF_TP_ADD_TC(tp, setauid_failure);
1638
1639 ATF_TP_ADD_TC(tp, getaudit_success);
1640 ATF_TP_ADD_TC(tp, getaudit_failure);
1641 ATF_TP_ADD_TC(tp, setaudit_success);
1642 ATF_TP_ADD_TC(tp, setaudit_failure);
1643
1644 ATF_TP_ADD_TC(tp, getaudit_addr_success);
1645 ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1646 ATF_TP_ADD_TC(tp, setaudit_addr_success);
1647 ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1648
1649 ATF_TP_ADD_TC(tp, auditon_default_success);
1650 ATF_TP_ADD_TC(tp, auditon_default_failure);
1651
1652 ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1653 ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1654 ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1655 ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1656
1657 ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1658 ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1659 ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1660 ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1661
1662 ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1663 ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1664 ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1665 ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1666
1667 ATF_TP_ADD_TC(tp, auditon_getclass_success);
1668 ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1669 ATF_TP_ADD_TC(tp, auditon_setclass_success);
1670 ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1671
1672 ATF_TP_ADD_TC(tp, auditon_getcond_success);
1673 ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1674 ATF_TP_ADD_TC(tp, auditon_setcond_success);
1675 ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1676
1677 ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1678 ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1679 ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1680 ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1681 ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1682 ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1683
1684 ATF_TP_ADD_TC(tp, reboot_failure);
1685 ATF_TP_ADD_TC(tp, quotactl_failure);
1686 ATF_TP_ADD_TC(tp, mount_failure);
1687 ATF_TP_ADD_TC(tp, nmount_failure);
1688 ATF_TP_ADD_TC(tp, swapon_failure);
1689 ATF_TP_ADD_TC(tp, swapoff_failure);
1690
1691 return (atf_no_error());
1692 }
1693