xref: /freebsd/tests/sys/audit/administrative.c (revision 28f4385e45a2681c14bd04b83fe1796eaefe8265)
1 /*-
2  * Copyright (c) 2018 Aniket Pandey
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * SUCH DAMAGE.
24  *
25  * $FreeBSD$
26  */
27 
28 #include <sys/param.h>
29 #include <sys/mount.h>
30 #include <sys/reboot.h>
31 #include <sys/stat.h>
32 #include <sys/sysctl.h>
33 #include <sys/time.h>
34 #include <sys/timespec.h>
35 #include <sys/timex.h>
36 
37 #include <bsm/audit.h>
38 #include <bsm/audit_kevents.h>
39 #include <ufs/ufs/quota.h>
40 
41 #include <atf-c.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <stdlib.h>
45 #include <time.h>
46 #include <unistd.h>
47 
48 #include "utils.h"
49 
50 static pid_t pid;
51 static int filedesc;
52 /* Default argument for handling ENOSYS in auditon(2) functions */
53 static int auditon_def = 0;
54 static mode_t mode = 0777;
55 static struct pollfd fds[1];
56 static char adregex[80];
57 static const char *auclass = "ad";
58 static const char *path = "fileforaudit";
59 static const char *successreg = "fileforaudit.*return,success";
60 
61 
62 ATF_TC_WITH_CLEANUP(settimeofday_success);
63 ATF_TC_HEAD(settimeofday_success, tc)
64 {
65 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
66 					"settimeofday(2) call");
67 }
68 
69 ATF_TC_BODY(settimeofday_success, tc)
70 {
71 	pid = getpid();
72 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
73 
74 	struct timeval tp;
75 	struct timezone tzp;
76 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
77 
78 	FILE *pipefd = setup(fds, auclass);
79 	/* Setting the same time as obtained by gettimeofday(2) */
80 	ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
81 	check_audit(fds, adregex, pipefd);
82 }
83 
84 ATF_TC_CLEANUP(settimeofday_success, tc)
85 {
86 	cleanup();
87 }
88 
89 
90 ATF_TC_WITH_CLEANUP(settimeofday_failure);
91 ATF_TC_HEAD(settimeofday_failure, tc)
92 {
93 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
94 					"settimeofday(2) call");
95 }
96 
97 ATF_TC_BODY(settimeofday_failure, tc)
98 {
99 	pid = getpid();
100 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
101 
102 	struct timeval tp;
103 	struct timezone tzp;
104 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
105 
106 	FILE *pipefd = setup(fds, auclass);
107 	tp.tv_sec = -1;
108 	/* Failure reason: Invalid value for tp.tv_sec; */
109 	ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
110 	check_audit(fds, adregex, pipefd);
111 }
112 
113 ATF_TC_CLEANUP(settimeofday_failure, tc)
114 {
115 	cleanup();
116 }
117 
118 
119 ATF_TC_WITH_CLEANUP(clock_settime_success);
120 ATF_TC_HEAD(clock_settime_success, tc)
121 {
122 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
123 					"clock_settime(2) call");
124 }
125 
126 ATF_TC_BODY(clock_settime_success, tc)
127 {
128 	pid = getpid();
129 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
130 
131 	struct timespec tp;
132 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
133 
134 	FILE *pipefd = setup(fds, auclass);
135 	/* Setting the same time as obtained by clock_gettime(2) */
136 	ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
137 	check_audit(fds, adregex, pipefd);
138 }
139 
140 ATF_TC_CLEANUP(clock_settime_success, tc)
141 {
142 	cleanup();
143 }
144 
145 
146 ATF_TC_WITH_CLEANUP(clock_settime_failure);
147 ATF_TC_HEAD(clock_settime_failure, tc)
148 {
149 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
150 					"clock_settime(2) call");
151 }
152 
153 ATF_TC_BODY(clock_settime_failure, tc)
154 {
155 	pid = getpid();
156 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
157 
158 	struct timespec tp;
159 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
160 
161 	FILE *pipefd = setup(fds, auclass);
162 	/* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
163 	ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
164 	check_audit(fds, adregex, pipefd);
165 }
166 
167 ATF_TC_CLEANUP(clock_settime_failure, tc)
168 {
169 	cleanup();
170 }
171 
172 
173 ATF_TC_WITH_CLEANUP(adjtime_success);
174 ATF_TC_HEAD(adjtime_success, tc)
175 {
176 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
177 					"adjtime(2) call");
178 }
179 
180 ATF_TC_BODY(adjtime_success, tc)
181 {
182 	pid = getpid();
183 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
184 
185 	FILE *pipefd = setup(fds, auclass);
186 	/* We don't want to change the system time, hence NULL */
187 	ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
188 	check_audit(fds, adregex, pipefd);
189 }
190 
191 ATF_TC_CLEANUP(adjtime_success, tc)
192 {
193 	cleanup();
194 }
195 
196 
197 ATF_TC_WITH_CLEANUP(adjtime_failure);
198 ATF_TC_HEAD(adjtime_failure, tc)
199 {
200 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
201 					"adjtime(2) call");
202 }
203 
204 ATF_TC_BODY(adjtime_failure, tc)
205 {
206 	pid = getpid();
207 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
208 
209 	FILE *pipefd = setup(fds, auclass);
210 	ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
211 	check_audit(fds, adregex, pipefd);
212 }
213 
214 ATF_TC_CLEANUP(adjtime_failure, tc)
215 {
216 	cleanup();
217 }
218 
219 
220 ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
221 ATF_TC_HEAD(ntp_adjtime_success, tc)
222 {
223 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
224 					"ntp_adjtime(2) call");
225 }
226 
227 ATF_TC_BODY(ntp_adjtime_success, tc)
228 {
229 	struct timex timebuff;
230 	bzero(&timebuff, sizeof(timebuff));
231 
232 	pid = getpid();
233 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
234 
235 	FILE *pipefd = setup(fds, auclass);
236 	ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
237 	check_audit(fds, adregex, pipefd);
238 }
239 
240 ATF_TC_CLEANUP(ntp_adjtime_success, tc)
241 {
242 	cleanup();
243 }
244 
245 
246 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
247 ATF_TC_HEAD(ntp_adjtime_failure, tc)
248 {
249 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
250 					"ntp_adjtime(2) call");
251 }
252 
253 ATF_TC_BODY(ntp_adjtime_failure, tc)
254 {
255 	pid = getpid();
256 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
257 
258 	FILE *pipefd = setup(fds, auclass);
259 	ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
260 	check_audit(fds, adregex, pipefd);
261 }
262 
263 ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
264 {
265 	cleanup();
266 }
267 
268 
269 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
270 ATF_TC_HEAD(nfs_getfh_success, tc)
271 {
272 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
273 					"getfh(2) call");
274 }
275 
276 ATF_TC_BODY(nfs_getfh_success, tc)
277 {
278 	fhandle_t fhp;
279 	pid = getpid();
280 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
281 
282 	/* File needs to exist to call getfh(2) */
283 	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
284 	FILE *pipefd = setup(fds, auclass);
285 	ATF_REQUIRE_EQ(0, getfh(path, &fhp));
286 	check_audit(fds, adregex, pipefd);
287 	close(filedesc);
288 }
289 
290 ATF_TC_CLEANUP(nfs_getfh_success, tc)
291 {
292 	cleanup();
293 }
294 
295 
296 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
297 ATF_TC_HEAD(nfs_getfh_failure, tc)
298 {
299 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
300 					"getfh(2) call");
301 }
302 
303 ATF_TC_BODY(nfs_getfh_failure, tc)
304 {
305 	pid = getpid();
306 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
307 
308 	FILE *pipefd = setup(fds, auclass);
309 	/* Failure reason: file does not exist */
310 	ATF_REQUIRE_EQ(-1, getfh(path, NULL));
311 	check_audit(fds, adregex, pipefd);
312 }
313 
314 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
315 {
316 	cleanup();
317 }
318 
319 
320 ATF_TC_WITH_CLEANUP(auditctl_success);
321 ATF_TC_HEAD(auditctl_success, tc)
322 {
323 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
324 					"auditctl(2) call");
325 }
326 
327 ATF_TC_BODY(auditctl_success, tc)
328 {
329 	/* File needs to exist in order to call auditctl(2) */
330 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
331 	FILE *pipefd = setup(fds, auclass);
332 	ATF_REQUIRE_EQ(0, auditctl(path));
333 	check_audit(fds, successreg, pipefd);
334 	close(filedesc);
335 }
336 
337 ATF_TC_CLEANUP(auditctl_success, tc)
338 {
339 	/*
340 	 * auditctl(2) disables audit log at /var/audit and initiates auditing
341 	 * at the configured path. To reset this, we need to stop and start the
342 	 * auditd(8) again. Here, we check if auditd(8) was running already
343 	 * before the test started. If so, we stop and start it again.
344 	 */
345 	system("service auditd onestop > /dev/null 2>&1");
346 	if (!atf_utils_file_exists("started_auditd"))
347 		system("service auditd onestart > /dev/null 2>&1");
348 }
349 
350 
351 ATF_TC_WITH_CLEANUP(auditctl_failure);
352 ATF_TC_HEAD(auditctl_failure, tc)
353 {
354 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
355 					"auditctl(2) call");
356 }
357 
358 ATF_TC_BODY(auditctl_failure, tc)
359 {
360 	pid = getpid();
361 	snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
362 
363 	FILE *pipefd = setup(fds, auclass);
364 	/* Failure reason: file does not exist */
365 	ATF_REQUIRE_EQ(-1, auditctl(NULL));
366 	check_audit(fds, adregex, pipefd);
367 }
368 
369 ATF_TC_CLEANUP(auditctl_failure, tc)
370 {
371 	cleanup();
372 }
373 
374 
375 ATF_TC_WITH_CLEANUP(acct_success);
376 ATF_TC_HEAD(acct_success, tc)
377 {
378 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
379 					"acct(2) call");
380 	atf_tc_set_md_var(tc, "require.files",
381 	    "/etc/rc.d/accounting /etc/rc.d/auditd");
382 }
383 
384 ATF_TC_BODY(acct_success, tc)
385 {
386 	int acctinfo, filedesc2;
387 	size_t len = sizeof(acctinfo);
388 	const char *acctname = "kern.acct_configured";
389 	ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
390 
391 	/* File needs to exist to start system accounting */
392 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
393 
394 	/*
395 	 * acctinfo = 0: System accounting was disabled
396 	 * acctinfo = 1: System accounting was enabled
397 	 */
398 	if (acctinfo) {
399 		ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
400 		close(filedesc2);
401 	}
402 
403 	pid = getpid();
404 	snprintf(adregex, sizeof(adregex),
405 		"acct.*%s.*%d.*return,success", path, pid);
406 
407 	/*
408 	 * We temporarily switch the accounting record to a file at
409 	 * our own configured path in order to confirm acct(2)'s successful
410 	 * auditing. Then we set everything back to its original state.
411 	 */
412 	FILE *pipefd = setup(fds, auclass);
413 	ATF_REQUIRE_EQ(0, acct(path));
414 	check_audit(fds, adregex, pipefd);
415 	close(filedesc);
416 }
417 
418 ATF_TC_CLEANUP(acct_success, tc)
419 {
420 	/* Reset accounting configured path */
421 	ATF_REQUIRE_EQ(0, system("service accounting onestop"));
422 	if (atf_utils_file_exists("acct_ok")) {
423 		ATF_REQUIRE_EQ(0, system("service accounting onestart"));
424 	}
425 	cleanup();
426 }
427 
428 
429 ATF_TC_WITH_CLEANUP(acct_failure);
430 ATF_TC_HEAD(acct_failure, tc)
431 {
432 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
433 					"acct(2) call");
434 }
435 
436 ATF_TC_BODY(acct_failure, tc)
437 {
438 	pid = getpid();
439 	snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
440 
441 	FILE *pipefd = setup(fds, auclass);
442 	/* Failure reason: File does not exist */
443 	ATF_REQUIRE_EQ(-1, acct(path));
444 	check_audit(fds, adregex, pipefd);
445 }
446 
447 ATF_TC_CLEANUP(acct_failure, tc)
448 {
449 	cleanup();
450 }
451 
452 
453 ATF_TC_WITH_CLEANUP(getauid_success);
454 ATF_TC_HEAD(getauid_success, tc)
455 {
456 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
457 					"getauid(2) call");
458 }
459 
460 ATF_TC_BODY(getauid_success, tc)
461 {
462 	au_id_t auid;
463 	pid = getpid();
464 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
465 
466 	FILE *pipefd = setup(fds, auclass);
467 	ATF_REQUIRE_EQ(0, getauid(&auid));
468 	check_audit(fds, adregex, pipefd);
469 }
470 
471 ATF_TC_CLEANUP(getauid_success, tc)
472 {
473 	cleanup();
474 }
475 
476 
477 ATF_TC_WITH_CLEANUP(getauid_failure);
478 ATF_TC_HEAD(getauid_failure, tc)
479 {
480 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
481 					"getauid(2) call");
482 }
483 
484 ATF_TC_BODY(getauid_failure, tc)
485 {
486 	pid = getpid();
487 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
488 
489 	FILE *pipefd = setup(fds, auclass);
490 	/* Failure reason: Bad address */
491 	ATF_REQUIRE_EQ(-1, getauid(NULL));
492 	check_audit(fds, adregex, pipefd);
493 }
494 
495 ATF_TC_CLEANUP(getauid_failure, tc)
496 {
497 	cleanup();
498 }
499 
500 
501 ATF_TC_WITH_CLEANUP(setauid_success);
502 ATF_TC_HEAD(setauid_success, tc)
503 {
504 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
505 					"setauid(2) call");
506 }
507 
508 ATF_TC_BODY(setauid_success, tc)
509 {
510 	au_id_t auid;
511 	pid = getpid();
512 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
513 	ATF_REQUIRE_EQ(0, getauid(&auid));
514 
515 	FILE *pipefd = setup(fds, auclass);
516 	ATF_REQUIRE_EQ(0, setauid(&auid));
517 	check_audit(fds, adregex, pipefd);
518 }
519 
520 ATF_TC_CLEANUP(setauid_success, tc)
521 {
522 	cleanup();
523 }
524 
525 
526 ATF_TC_WITH_CLEANUP(setauid_failure);
527 ATF_TC_HEAD(setauid_failure, tc)
528 {
529 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
530 					"setauid(2) call");
531 }
532 
533 ATF_TC_BODY(setauid_failure, tc)
534 {
535 	pid = getpid();
536 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
537 
538 	FILE *pipefd = setup(fds, auclass);
539 	/* Failure reason: Bad address */
540 	ATF_REQUIRE_EQ(-1, setauid(NULL));
541 	check_audit(fds, adregex, pipefd);
542 }
543 
544 ATF_TC_CLEANUP(setauid_failure, tc)
545 {
546 	cleanup();
547 }
548 
549 
550 ATF_TC_WITH_CLEANUP(getaudit_success);
551 ATF_TC_HEAD(getaudit_success, tc)
552 {
553 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
554 					"getaudit(2) call");
555 }
556 
557 ATF_TC_BODY(getaudit_success, tc)
558 {
559 	pid = getpid();
560 	auditinfo_t auditinfo;
561 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
562 
563 	FILE *pipefd = setup(fds, auclass);
564 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
565 	check_audit(fds, adregex, pipefd);
566 }
567 
568 ATF_TC_CLEANUP(getaudit_success, tc)
569 {
570 	cleanup();
571 }
572 
573 
574 ATF_TC_WITH_CLEANUP(getaudit_failure);
575 ATF_TC_HEAD(getaudit_failure, tc)
576 {
577 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
578 					"getaudit(2) call");
579 }
580 
581 ATF_TC_BODY(getaudit_failure, tc)
582 {
583 	pid = getpid();
584 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
585 
586 	FILE *pipefd = setup(fds, auclass);
587 	/* Failure reason: Bad address */
588 	ATF_REQUIRE_EQ(-1, getaudit(NULL));
589 	check_audit(fds, adregex, pipefd);
590 }
591 
592 ATF_TC_CLEANUP(getaudit_failure, tc)
593 {
594 	cleanup();
595 }
596 
597 
598 ATF_TC_WITH_CLEANUP(setaudit_success);
599 ATF_TC_HEAD(setaudit_success, tc)
600 {
601 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
602 					"setaudit(2) call");
603 }
604 
605 ATF_TC_BODY(setaudit_success, tc)
606 {
607 	pid = getpid();
608 	auditinfo_t auditinfo;
609 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
610 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
611 
612 	FILE *pipefd = setup(fds, auclass);
613 	ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
614 	check_audit(fds, adregex, pipefd);
615 }
616 
617 ATF_TC_CLEANUP(setaudit_success, tc)
618 {
619 	cleanup();
620 }
621 
622 
623 ATF_TC_WITH_CLEANUP(setaudit_failure);
624 ATF_TC_HEAD(setaudit_failure, tc)
625 {
626 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
627 					"setaudit(2) call");
628 }
629 
630 ATF_TC_BODY(setaudit_failure, tc)
631 {
632 	pid = getpid();
633 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
634 
635 	FILE *pipefd = setup(fds, auclass);
636 	/* Failure reason: Bad address */
637 	ATF_REQUIRE_EQ(-1, setaudit(NULL));
638 	check_audit(fds, adregex, pipefd);
639 }
640 
641 ATF_TC_CLEANUP(setaudit_failure, tc)
642 {
643 	cleanup();
644 }
645 
646 
647 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
648 ATF_TC_HEAD(getaudit_addr_success, tc)
649 {
650 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
651 					"getaudit_addr(2) call");
652 }
653 
654 ATF_TC_BODY(getaudit_addr_success, tc)
655 {
656 	pid = getpid();
657 	auditinfo_addr_t auditinfo;
658 	snprintf(adregex, sizeof(adregex),
659 		"getaudit_addr.*%d.*return,success", pid);
660 
661 	FILE *pipefd = setup(fds, auclass);
662 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
663 	check_audit(fds, adregex, pipefd);
664 }
665 
666 ATF_TC_CLEANUP(getaudit_addr_success, tc)
667 {
668 	cleanup();
669 }
670 
671 
672 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
673 ATF_TC_HEAD(getaudit_addr_failure, tc)
674 {
675 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
676 					"getaudit_addr(2) call");
677 }
678 
679 ATF_TC_BODY(getaudit_addr_failure, tc)
680 {
681 	pid = getpid();
682 	snprintf(adregex, sizeof(adregex),
683 		"getaudit_addr.*%d.*return,failure", pid);
684 
685 	FILE *pipefd = setup(fds, auclass);
686 	/* Failure reason: Bad address */
687 	ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
688 	check_audit(fds, adregex, pipefd);
689 }
690 
691 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
692 {
693 	cleanup();
694 }
695 
696 
697 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
698 ATF_TC_HEAD(setaudit_addr_success, tc)
699 {
700 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
701 					"setaudit_addr(2) call");
702 }
703 
704 ATF_TC_BODY(setaudit_addr_success, tc)
705 {
706 	pid = getpid();
707 	auditinfo_addr_t auditinfo;
708 	snprintf(adregex, sizeof(adregex),
709 		"setaudit_addr.*%d.*return,success", pid);
710 
711 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
712 	FILE *pipefd = setup(fds, auclass);
713 	ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
714 	check_audit(fds, adregex, pipefd);
715 }
716 
717 ATF_TC_CLEANUP(setaudit_addr_success, tc)
718 {
719 	cleanup();
720 }
721 
722 
723 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
724 ATF_TC_HEAD(setaudit_addr_failure, tc)
725 {
726 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
727 					"setaudit_addr(2) call");
728 }
729 
730 ATF_TC_BODY(setaudit_addr_failure, tc)
731 {
732 	pid = getpid();
733 	snprintf(adregex, sizeof(adregex),
734 		"setaudit_addr.*%d.*return,failure", pid);
735 
736 	FILE *pipefd = setup(fds, auclass);
737 	/* Failure reason: Bad address */
738 	ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
739 	check_audit(fds, adregex, pipefd);
740 }
741 
742 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
743 {
744 	cleanup();
745 }
746 
747 /*
748  * Note: The test-case uses A_GETFSIZE as the command argument but since it is
749  * not an independent audit event, it will be used to check the default mode
750  * auditing of auditon(2) system call.
751  *
752  * Please See: sys/security/audit/audit_bsm_klib.c
753  * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
754  */
755 ATF_TC_WITH_CLEANUP(auditon_default_success);
756 ATF_TC_HEAD(auditon_default_success, tc)
757 {
758 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
759 					"auditon(2) call");
760 }
761 
762 ATF_TC_BODY(auditon_default_success, tc)
763 {
764 	au_fstat_t fsize_arg;
765 	bzero(&fsize_arg, sizeof(au_fstat_t));
766 
767 	pid = getpid();
768 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
769 
770 	FILE *pipefd = setup(fds, auclass);
771 	ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
772 	check_audit(fds, adregex, pipefd);
773 }
774 
775 ATF_TC_CLEANUP(auditon_default_success, tc)
776 {
777 	cleanup();
778 }
779 
780 
781 ATF_TC_WITH_CLEANUP(auditon_default_failure);
782 ATF_TC_HEAD(auditon_default_failure, tc)
783 {
784 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
785 					"auditon(2) call");
786 }
787 
788 ATF_TC_BODY(auditon_default_failure, tc)
789 {
790 	pid = getpid();
791 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
792 
793 	FILE *pipefd = setup(fds, auclass);
794 	/* Failure reason: Invalid argument */
795 	ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
796 	check_audit(fds, adregex, pipefd);
797 }
798 
799 ATF_TC_CLEANUP(auditon_default_failure, tc)
800 {
801 	cleanup();
802 }
803 
804 
805 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
806 ATF_TC_HEAD(auditon_getpolicy_success, tc)
807 {
808 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
809 					"auditon(2) call for cmd: A_GETPOLICY");
810 }
811 
812 ATF_TC_BODY(auditon_getpolicy_success, tc)
813 {
814 	int aupolicy;
815 	pid = getpid();
816 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
817 
818 	FILE *pipefd = setup(fds, auclass);
819 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
820 	check_audit(fds, adregex, pipefd);
821 }
822 
823 ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
824 {
825 	cleanup();
826 }
827 
828 
829 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
830 ATF_TC_HEAD(auditon_getpolicy_failure, tc)
831 {
832 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
833 					"auditon(2) call for cmd: A_GETPOLICY");
834 }
835 
836 ATF_TC_BODY(auditon_getpolicy_failure, tc)
837 {
838 	pid = getpid();
839 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
840 
841 	FILE *pipefd = setup(fds, auclass);
842 	/* Failure reason: Invalid argument */
843 	ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
844 	check_audit(fds, adregex, pipefd);
845 }
846 
847 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
848 {
849 	cleanup();
850 }
851 
852 
853 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
854 ATF_TC_HEAD(auditon_setpolicy_success, tc)
855 {
856 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
857 					"auditon(2) call for cmd: A_SETPOLICY");
858 }
859 
860 ATF_TC_BODY(auditon_setpolicy_success, tc)
861 {
862 	int aupolicy;
863 	pid = getpid();
864 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
865 
866 	/* Retrieve the current auditing policy, to be used with A_SETPOLICY */
867 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
868 	FILE *pipefd = setup(fds, auclass);
869 	ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
870 	check_audit(fds, adregex, pipefd);
871 }
872 
873 ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
874 {
875 	cleanup();
876 }
877 
878 
879 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
880 ATF_TC_HEAD(auditon_setpolicy_failure, tc)
881 {
882 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
883 					"auditon(2) call for cmd: A_SETPOLICY");
884 }
885 
886 ATF_TC_BODY(auditon_setpolicy_failure, tc)
887 {
888 	pid = getpid();
889 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
890 
891 	FILE *pipefd = setup(fds, auclass);
892 	/* Failure reason: Invalid argument */
893 	ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
894 	check_audit(fds, adregex, pipefd);
895 }
896 
897 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
898 {
899 	cleanup();
900 }
901 
902 
903 ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
904 ATF_TC_HEAD(auditon_getkmask_success, tc)
905 {
906 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
907 					"auditon(2) call for cmd: A_GETKMASK");
908 }
909 
910 ATF_TC_BODY(auditon_getkmask_success, tc)
911 {
912 	pid = getpid();
913 	au_mask_t evmask;
914 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
915 
916 	bzero(&evmask, sizeof(evmask));
917 	FILE *pipefd = setup(fds, auclass);
918 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
919 	check_audit(fds, adregex, pipefd);
920 }
921 
922 ATF_TC_CLEANUP(auditon_getkmask_success, tc)
923 {
924 	cleanup();
925 }
926 
927 
928 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
929 ATF_TC_HEAD(auditon_getkmask_failure, tc)
930 {
931 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
932 					"auditon(2) call for cmd: A_GETKMASK");
933 }
934 
935 ATF_TC_BODY(auditon_getkmask_failure, tc)
936 {
937 	pid = getpid();
938 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
939 
940 	FILE *pipefd = setup(fds, auclass);
941 	/* Failure reason: Invalid au_mask_t structure */
942 	ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
943 	check_audit(fds, adregex, pipefd);
944 }
945 
946 ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
947 {
948 	cleanup();
949 }
950 
951 
952 ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
953 ATF_TC_HEAD(auditon_setkmask_success, tc)
954 {
955 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
956 					"auditon(2) call for cmd: A_SETKMASK");
957 }
958 
959 ATF_TC_BODY(auditon_setkmask_success, tc)
960 {
961 	pid = getpid();
962 	au_mask_t evmask;
963 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
964 
965 	/* Retrieve the current audit mask to be used with A_SETKMASK */
966 	bzero(&evmask, sizeof(evmask));
967 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
968 
969 	FILE *pipefd = setup(fds, auclass);
970 	ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
971 	check_audit(fds, adregex, pipefd);
972 }
973 
974 ATF_TC_CLEANUP(auditon_setkmask_success, tc)
975 {
976 	cleanup();
977 }
978 
979 
980 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
981 ATF_TC_HEAD(auditon_setkmask_failure, tc)
982 {
983 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
984 					"auditon(2) call for cmd: A_SETKMASK");
985 }
986 
987 ATF_TC_BODY(auditon_setkmask_failure, tc)
988 {
989 	pid = getpid();
990 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
991 
992 	FILE *pipefd = setup(fds, auclass);
993 	/* Failure reason: Invalid au_mask_t structure */
994 	ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
995 	check_audit(fds, adregex, pipefd);
996 }
997 
998 ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
999 {
1000 	cleanup();
1001 }
1002 
1003 
1004 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
1005 ATF_TC_HEAD(auditon_getqctrl_success, tc)
1006 {
1007 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1008 					"auditon(2) call for cmd: A_GETQCTRL");
1009 }
1010 
1011 ATF_TC_BODY(auditon_getqctrl_success, tc)
1012 {
1013 	pid = getpid();
1014 	au_qctrl_t evqctrl;
1015 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1016 
1017 	bzero(&evqctrl, sizeof(evqctrl));
1018 	FILE *pipefd = setup(fds, auclass);
1019 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1020 	check_audit(fds, adregex, pipefd);
1021 }
1022 
1023 ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1024 {
1025 	cleanup();
1026 }
1027 
1028 
1029 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
1030 ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1031 {
1032 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1033 					"auditon(2) call for cmd: A_GETQCTRL");
1034 }
1035 
1036 ATF_TC_BODY(auditon_getqctrl_failure, tc)
1037 {
1038 	pid = getpid();
1039 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1040 
1041 	FILE *pipefd = setup(fds, auclass);
1042 	/* Failure reason: Invalid au_qctrl_t structure */
1043 	ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1044 	check_audit(fds, adregex, pipefd);
1045 }
1046 
1047 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1048 {
1049 	cleanup();
1050 }
1051 
1052 
1053 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
1054 ATF_TC_HEAD(auditon_setqctrl_success, tc)
1055 {
1056 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1057 					"auditon(2) call for cmd: A_SETKMASK");
1058 }
1059 
1060 ATF_TC_BODY(auditon_setqctrl_success, tc)
1061 {
1062 	pid = getpid();
1063 	au_qctrl_t evqctrl;
1064 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1065 
1066 	/* Retrieve the current audit mask to be used with A_SETQCTRL */
1067 	bzero(&evqctrl, sizeof(evqctrl));
1068 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1069 
1070 	FILE *pipefd = setup(fds, auclass);
1071 	ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1072 	check_audit(fds, adregex, pipefd);
1073 }
1074 
1075 ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1076 {
1077 	cleanup();
1078 }
1079 
1080 
1081 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
1082 ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1083 {
1084 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1085 					"auditon(2) call for cmd: A_SETKMASK");
1086 }
1087 
1088 ATF_TC_BODY(auditon_setqctrl_failure, tc)
1089 {
1090 	pid = getpid();
1091 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1092 
1093 	FILE *pipefd = setup(fds, auclass);
1094 	/* Failure reason: Invalid au_qctrl_t structure */
1095 	ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1096 	check_audit(fds, adregex, pipefd);
1097 }
1098 
1099 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1100 {
1101 	cleanup();
1102 }
1103 
1104 
1105 ATF_TC_WITH_CLEANUP(auditon_getclass_success);
1106 ATF_TC_HEAD(auditon_getclass_success, tc)
1107 {
1108 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1109 					"auditon(2) call for cmd: A_GETCLASS");
1110 }
1111 
1112 ATF_TC_BODY(auditon_getclass_success, tc)
1113 {
1114 	pid = getpid();
1115 	au_evclass_map_t evclass;
1116 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1117 
1118 	/* Initialize evclass to get the event-class mapping for auditon(2) */
1119 	evclass.ec_number = AUE_AUDITON;
1120 	evclass.ec_class = 0;
1121 	FILE *pipefd = setup(fds, auclass);
1122 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1123 	check_audit(fds, adregex, pipefd);
1124 }
1125 
1126 ATF_TC_CLEANUP(auditon_getclass_success, tc)
1127 {
1128 	cleanup();
1129 }
1130 
1131 
1132 ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
1133 ATF_TC_HEAD(auditon_getclass_failure, tc)
1134 {
1135 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1136 					"auditon(2) call for cmd: A_GETCLASS");
1137 }
1138 
1139 ATF_TC_BODY(auditon_getclass_failure, tc)
1140 {
1141 	pid = getpid();
1142 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1143 
1144 	FILE *pipefd = setup(fds, auclass);
1145 	/* Failure reason: Invalid au_evclass_map_t structure */
1146 	ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1147 	check_audit(fds, adregex, pipefd);
1148 }
1149 
1150 ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1151 {
1152 	cleanup();
1153 }
1154 
1155 
1156 ATF_TC_WITH_CLEANUP(auditon_setclass_success);
1157 ATF_TC_HEAD(auditon_setclass_success, tc)
1158 {
1159 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1160 					"auditon(2) call for cmd: A_SETCLASS");
1161 }
1162 
1163 ATF_TC_BODY(auditon_setclass_success, tc)
1164 {
1165 	pid = getpid();
1166 	au_evclass_map_t evclass;
1167 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1168 
1169 	/* Initialize evclass and get the event-class mapping for auditon(2) */
1170 	evclass.ec_number = AUE_AUDITON;
1171 	evclass.ec_class = 0;
1172 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1173 
1174 	FILE *pipefd = setup(fds, auclass);
1175 	ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1176 	check_audit(fds, adregex, pipefd);
1177 }
1178 
1179 ATF_TC_CLEANUP(auditon_setclass_success, tc)
1180 {
1181 	cleanup();
1182 }
1183 
1184 
1185 ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
1186 ATF_TC_HEAD(auditon_setclass_failure, tc)
1187 {
1188 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1189 					"auditon(2) call for cmd: A_SETCLASS");
1190 }
1191 
1192 ATF_TC_BODY(auditon_setclass_failure, tc)
1193 {
1194 	pid = getpid();
1195 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1196 
1197 	FILE *pipefd = setup(fds, auclass);
1198 	/* Failure reason: Invalid au_evclass_map_t structure */
1199 	ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1200 	check_audit(fds, adregex, pipefd);
1201 }
1202 
1203 ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1204 {
1205 	cleanup();
1206 }
1207 
1208 
1209 ATF_TC_WITH_CLEANUP(auditon_getcond_success);
1210 ATF_TC_HEAD(auditon_getcond_success, tc)
1211 {
1212 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1213 					"auditon(2) call for cmd: A_GETCOND");
1214 }
1215 
1216 ATF_TC_BODY(auditon_getcond_success, tc)
1217 {
1218 	int auditcond;
1219 	pid = getpid();
1220 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1221 
1222 	FILE *pipefd = setup(fds, auclass);
1223 	ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1224 	check_audit(fds, adregex, pipefd);
1225 }
1226 
1227 ATF_TC_CLEANUP(auditon_getcond_success, tc)
1228 {
1229 	cleanup();
1230 }
1231 
1232 
1233 ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
1234 ATF_TC_HEAD(auditon_getcond_failure, tc)
1235 {
1236 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1237 					"auditon(2) call for cmd: A_GETCOND");
1238 }
1239 
1240 ATF_TC_BODY(auditon_getcond_failure, tc)
1241 {
1242 	pid = getpid();
1243 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1244 
1245 	FILE *pipefd = setup(fds, auclass);
1246 	/* Failure reason: Invalid argument */
1247 	ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1248 	check_audit(fds, adregex, pipefd);
1249 }
1250 
1251 ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1252 {
1253 	cleanup();
1254 }
1255 
1256 
1257 ATF_TC_WITH_CLEANUP(auditon_setcond_success);
1258 ATF_TC_HEAD(auditon_setcond_success, tc)
1259 {
1260 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1261 					"auditon(2) call for cmd: A_SETCOND");
1262 }
1263 
1264 ATF_TC_BODY(auditon_setcond_success, tc)
1265 {
1266 	int auditcond = AUC_AUDITING;
1267 	pid = getpid();
1268 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1269 
1270 	FILE *pipefd = setup(fds, auclass);
1271 	/* At this point auditd is running, so the audit state is AUC_AUDITING */
1272 	ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1273 	check_audit(fds, adregex, pipefd);
1274 }
1275 
1276 ATF_TC_CLEANUP(auditon_setcond_success, tc)
1277 {
1278 	cleanup();
1279 }
1280 
1281 
1282 ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
1283 ATF_TC_HEAD(auditon_setcond_failure, tc)
1284 {
1285 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1286 					"auditon(2) call for cmd: A_SETCOND");
1287 }
1288 
1289 ATF_TC_BODY(auditon_setcond_failure, tc)
1290 {
1291 	pid = getpid();
1292 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1293 
1294 	FILE *pipefd = setup(fds, auclass);
1295 	/* Failure reason: Invalid argument */
1296 	ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1297 	check_audit(fds, adregex, pipefd);
1298 }
1299 
1300 ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1301 {
1302 	cleanup();
1303 }
1304 
1305 /*
1306  * Following test-cases for auditon(2) are all in failure mode only as although
1307  * auditable, they have not been implemented and return ENOSYS whenever called.
1308  *
1309  * Commands: A_GETCWD  A_GETCAR  A_GETSTAT  A_SETSTAT  A_SETUMASK  A_SETSMASK
1310  */
1311 
1312 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
1313 ATF_TC_HEAD(auditon_getcwd_failure, tc)
1314 {
1315 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1316 					"auditon(2) call for cmd: A_GETCWD");
1317 }
1318 
1319 ATF_TC_BODY(auditon_getcwd_failure, tc)
1320 {
1321 	pid = getpid();
1322 	snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1323 
1324 	FILE *pipefd = setup(fds, auclass);
1325 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1326 		sizeof(auditon_def)) == -1);
1327 	check_audit(fds, adregex, pipefd);
1328 }
1329 
1330 ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1331 {
1332 	cleanup();
1333 }
1334 
1335 
1336 ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
1337 ATF_TC_HEAD(auditon_getcar_failure, tc)
1338 {
1339 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1340 					"auditon(2) call for cmd: A_GETCAR");
1341 }
1342 
1343 ATF_TC_BODY(auditon_getcar_failure, tc)
1344 {
1345 	pid = getpid();
1346 	snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1347 
1348 	FILE *pipefd = setup(fds, auclass);
1349 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1350 		sizeof(auditon_def)) == -1);
1351 	check_audit(fds, adregex, pipefd);
1352 }
1353 
1354 ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1355 {
1356 	cleanup();
1357 }
1358 
1359 
1360 ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
1361 ATF_TC_HEAD(auditon_getstat_failure, tc)
1362 {
1363 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1364 					"auditon(2) call for cmd: A_GETSTAT");
1365 }
1366 
1367 ATF_TC_BODY(auditon_getstat_failure, tc)
1368 {
1369 	pid = getpid();
1370 	snprintf(adregex, sizeof(adregex),
1371 		"get audit statistics.*%d.*return,failure", pid);
1372 
1373 	FILE *pipefd = setup(fds, auclass);
1374 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1375 		sizeof(auditon_def)) == -1);
1376 	check_audit(fds, adregex, pipefd);
1377 }
1378 
1379 ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1380 {
1381 	cleanup();
1382 }
1383 
1384 
1385 ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
1386 ATF_TC_HEAD(auditon_setstat_failure, tc)
1387 {
1388 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1389 					"auditon(2) call for cmd: A_SETSTAT");
1390 }
1391 
1392 ATF_TC_BODY(auditon_setstat_failure, tc)
1393 {
1394 	pid = getpid();
1395 	snprintf(adregex, sizeof(adregex),
1396 		"set audit statistics.*%d.*return,failure", pid);
1397 
1398 	FILE *pipefd = setup(fds, auclass);
1399 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1400 		sizeof(auditon_def)) == -1);
1401 	check_audit(fds, adregex, pipefd);
1402 }
1403 
1404 ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1405 {
1406 	cleanup();
1407 }
1408 
1409 
1410 ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
1411 ATF_TC_HEAD(auditon_setumask_failure, tc)
1412 {
1413 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1414 					"auditon(2) call for cmd: A_SETUMASK");
1415 }
1416 
1417 ATF_TC_BODY(auditon_setumask_failure, tc)
1418 {
1419 	pid = getpid();
1420 	snprintf(adregex, sizeof(adregex),
1421 		"set mask per uid.*%d.*return,failure", pid);
1422 
1423 	FILE *pipefd = setup(fds, auclass);
1424 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1425 		sizeof(auditon_def)) == -1);
1426 	check_audit(fds, adregex, pipefd);
1427 }
1428 
1429 ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1430 {
1431 	cleanup();
1432 }
1433 
1434 
1435 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
1436 ATF_TC_HEAD(auditon_setsmask_failure, tc)
1437 {
1438 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1439 					"auditon(2) call for cmd: A_SETSMASK");
1440 }
1441 
1442 ATF_TC_BODY(auditon_setsmask_failure, tc)
1443 {
1444 	pid = getpid();
1445 	snprintf(adregex, sizeof(adregex),
1446 		"set mask per session.*%d.*return,failure", pid);
1447 
1448 	FILE *pipefd = setup(fds, auclass);
1449 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1450 		sizeof(auditon_def)) == -1);
1451 	check_audit(fds, adregex, pipefd);
1452 }
1453 
1454 ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1455 {
1456 	cleanup();
1457 }
1458 
1459 
1460 /*
1461  * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1462  * to reboot the system while running the tests
1463  */
1464 
1465 
1466 ATF_TC_WITH_CLEANUP(reboot_failure);
1467 ATF_TC_HEAD(reboot_failure, tc)
1468 {
1469 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1470 					"reboot(2) call");
1471 }
1472 
1473 ATF_TC_BODY(reboot_failure, tc)
1474 {
1475 	pid = getpid();
1476 	snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1477 
1478 	FILE *pipefd = setup(fds, auclass);
1479 	ATF_REQUIRE_EQ(-1, reboot(-1));
1480 	check_audit(fds, adregex, pipefd);
1481 }
1482 
1483 ATF_TC_CLEANUP(reboot_failure, tc)
1484 {
1485 	cleanup();
1486 }
1487 
1488 
1489 /*
1490  * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1491  * to tamper with filesystem quotas
1492  */
1493 
1494 
1495 ATF_TC_WITH_CLEANUP(quotactl_failure);
1496 ATF_TC_HEAD(quotactl_failure, tc)
1497 {
1498 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1499 					"quotactl(2) call");
1500 }
1501 
1502 ATF_TC_BODY(quotactl_failure, tc)
1503 {
1504 	pid = getpid();
1505 	snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1506 
1507 	FILE *pipefd = setup(fds, auclass);
1508 	ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1509 	check_audit(fds, adregex, pipefd);
1510 }
1511 
1512 ATF_TC_CLEANUP(quotactl_failure, tc)
1513 {
1514 	cleanup();
1515 }
1516 
1517 
1518 ATF_TC_WITH_CLEANUP(mount_failure);
1519 ATF_TC_HEAD(mount_failure, tc)
1520 {
1521 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1522 					"mount(2) call");
1523 }
1524 
1525 ATF_TC_BODY(mount_failure, tc)
1526 {
1527 	pid = getpid();
1528 	snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1529 
1530 	FILE *pipefd = setup(fds, auclass);
1531 	ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1532 	check_audit(fds, adregex, pipefd);
1533 }
1534 
1535 ATF_TC_CLEANUP(mount_failure, tc)
1536 {
1537 	cleanup();
1538 }
1539 
1540 
1541 ATF_TC_WITH_CLEANUP(nmount_failure);
1542 ATF_TC_HEAD(nmount_failure, tc)
1543 {
1544 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1545 					"nmount(2) call");
1546 }
1547 
1548 ATF_TC_BODY(nmount_failure, tc)
1549 {
1550 	pid = getpid();
1551 	snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1552 
1553 	FILE *pipefd = setup(fds, auclass);
1554 	ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1555 	check_audit(fds, adregex, pipefd);
1556 }
1557 
1558 ATF_TC_CLEANUP(nmount_failure, tc)
1559 {
1560 	cleanup();
1561 }
1562 
1563 
1564 ATF_TC_WITH_CLEANUP(swapon_failure);
1565 ATF_TC_HEAD(swapon_failure, tc)
1566 {
1567 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1568 					"swapon(2) call");
1569 }
1570 
1571 ATF_TC_BODY(swapon_failure, tc)
1572 {
1573 	pid = getpid();
1574 	snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1575 
1576 	FILE *pipefd = setup(fds, auclass);
1577 	/* Failure reason: Block device required */
1578 	ATF_REQUIRE_EQ(-1, swapon(path));
1579 	check_audit(fds, adregex, pipefd);
1580 }
1581 
1582 ATF_TC_CLEANUP(swapon_failure, tc)
1583 {
1584 	cleanup();
1585 }
1586 
1587 
1588 ATF_TC_WITH_CLEANUP(swapoff_failure);
1589 ATF_TC_HEAD(swapoff_failure, tc)
1590 {
1591 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1592 					"swapoff(2) call");
1593 }
1594 
1595 ATF_TC_BODY(swapoff_failure, tc)
1596 {
1597 	pid = getpid();
1598 	snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1599 
1600 	FILE *pipefd = setup(fds, auclass);
1601 	/* Failure reason: Block device required */
1602 	ATF_REQUIRE_EQ(-1, swapoff(path));
1603 	check_audit(fds, adregex, pipefd);
1604 }
1605 
1606 ATF_TC_CLEANUP(swapoff_failure, tc)
1607 {
1608 	cleanup();
1609 }
1610 
1611 
1612 ATF_TP_ADD_TCS(tp)
1613 {
1614 	ATF_TP_ADD_TC(tp, settimeofday_success);
1615 	ATF_TP_ADD_TC(tp, settimeofday_failure);
1616 	ATF_TP_ADD_TC(tp, clock_settime_success);
1617 	ATF_TP_ADD_TC(tp, clock_settime_failure);
1618 	ATF_TP_ADD_TC(tp, adjtime_success);
1619 	ATF_TP_ADD_TC(tp, adjtime_failure);
1620 	ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1621 	ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1622 
1623 	ATF_TP_ADD_TC(tp, nfs_getfh_success);
1624 	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1625 	ATF_TP_ADD_TC(tp, acct_success);
1626 	ATF_TP_ADD_TC(tp, acct_failure);
1627 	ATF_TP_ADD_TC(tp, auditctl_success);
1628 	ATF_TP_ADD_TC(tp, auditctl_failure);
1629 
1630 	ATF_TP_ADD_TC(tp, getauid_success);
1631 	ATF_TP_ADD_TC(tp, getauid_failure);
1632 	ATF_TP_ADD_TC(tp, setauid_success);
1633 	ATF_TP_ADD_TC(tp, setauid_failure);
1634 
1635 	ATF_TP_ADD_TC(tp, getaudit_success);
1636 	ATF_TP_ADD_TC(tp, getaudit_failure);
1637 	ATF_TP_ADD_TC(tp, setaudit_success);
1638 	ATF_TP_ADD_TC(tp, setaudit_failure);
1639 
1640 	ATF_TP_ADD_TC(tp, getaudit_addr_success);
1641 	ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1642 	ATF_TP_ADD_TC(tp, setaudit_addr_success);
1643 	ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1644 
1645 	ATF_TP_ADD_TC(tp, auditon_default_success);
1646 	ATF_TP_ADD_TC(tp, auditon_default_failure);
1647 
1648 	ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1649 	ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1650 	ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1651 	ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1652 
1653 	ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1654 	ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1655 	ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1656 	ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1657 
1658 	ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1659 	ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1660 	ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1661 	ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1662 
1663 	ATF_TP_ADD_TC(tp, auditon_getclass_success);
1664 	ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1665 	ATF_TP_ADD_TC(tp, auditon_setclass_success);
1666 	ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1667 
1668 	ATF_TP_ADD_TC(tp, auditon_getcond_success);
1669 	ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1670 	ATF_TP_ADD_TC(tp, auditon_setcond_success);
1671 	ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1672 
1673 	ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1674 	ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1675 	ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1676 	ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1677 	ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1678 	ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1679 
1680 	ATF_TP_ADD_TC(tp, reboot_failure);
1681 	ATF_TP_ADD_TC(tp, quotactl_failure);
1682 	ATF_TP_ADD_TC(tp, mount_failure);
1683 	ATF_TP_ADD_TC(tp, nmount_failure);
1684 	ATF_TP_ADD_TC(tp, swapon_failure);
1685 	ATF_TP_ADD_TC(tp, swapoff_failure);
1686 
1687 	return (atf_no_error());
1688 }
1689