xref: /freebsd/tests/sys/audit/administrative.c (revision 3ff01b231dfa83d518854c63e7c9cd1debd1139e)
1 /*-
2  * Copyright (c) 2018 Aniket Pandey
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * SUCH DAMAGE.
24  *
25  * $FreeBSD$
26  */
27 
28 #include <sys/param.h>
29 #include <sys/mount.h>
30 #include <sys/reboot.h>
31 #include <sys/stat.h>
32 #include <sys/sysctl.h>
33 #include <sys/time.h>
34 #include <sys/timespec.h>
35 #include <sys/timex.h>
36 
37 #include <bsm/audit.h>
38 #include <bsm/audit_kevents.h>
39 #include <ufs/ufs/quota.h>
40 
41 #include <atf-c.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <stdlib.h>
45 #include <time.h>
46 #include <unistd.h>
47 
48 #include "utils.h"
49 
50 static pid_t pid;
51 static int filedesc;
52 /* Default argument for handling ENOSYS in auditon(2) functions */
53 static int auditon_def = 0;
54 static mode_t mode = 0777;
55 static struct pollfd fds[1];
56 static char adregex[80];
57 static const char *auclass = "ad";
58 static const char *path = "fileforaudit";
59 static const char *successreg = "fileforaudit.*return,success";
60 
61 
62 ATF_TC_WITH_CLEANUP(settimeofday_success);
63 ATF_TC_HEAD(settimeofday_success, tc)
64 {
65 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
66 					"settimeofday(2) call");
67 }
68 
69 ATF_TC_BODY(settimeofday_success, tc)
70 {
71 	pid = getpid();
72 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
73 
74 	struct timeval tp;
75 	struct timezone tzp;
76 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
77 
78 	FILE *pipefd = setup(fds, auclass);
79 	/* Setting the same time as obtained by gettimeofday(2) */
80 	ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
81 	check_audit(fds, adregex, pipefd);
82 }
83 
84 ATF_TC_CLEANUP(settimeofday_success, tc)
85 {
86 	cleanup();
87 }
88 
89 
90 ATF_TC_WITH_CLEANUP(settimeofday_failure);
91 ATF_TC_HEAD(settimeofday_failure, tc)
92 {
93 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
94 					"settimeofday(2) call");
95 }
96 
97 ATF_TC_BODY(settimeofday_failure, tc)
98 {
99 	pid = getpid();
100 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
101 
102 	struct timeval tp;
103 	struct timezone tzp;
104 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
105 
106 	FILE *pipefd = setup(fds, auclass);
107 	tp.tv_sec = -1;
108 	/* Failure reason: Invalid value for tp.tv_sec; */
109 	ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
110 	check_audit(fds, adregex, pipefd);
111 }
112 
113 ATF_TC_CLEANUP(settimeofday_failure, tc)
114 {
115 	cleanup();
116 }
117 
118 
119 ATF_TC_WITH_CLEANUP(clock_settime_success);
120 ATF_TC_HEAD(clock_settime_success, tc)
121 {
122 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
123 					"clock_settime(2) call");
124 }
125 
126 ATF_TC_BODY(clock_settime_success, tc)
127 {
128 	pid = getpid();
129 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
130 
131 	struct timespec tp;
132 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
133 
134 	FILE *pipefd = setup(fds, auclass);
135 	/* Setting the same time as obtained by clock_gettime(2) */
136 	ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
137 	check_audit(fds, adregex, pipefd);
138 }
139 
140 ATF_TC_CLEANUP(clock_settime_success, tc)
141 {
142 	cleanup();
143 }
144 
145 
146 ATF_TC_WITH_CLEANUP(clock_settime_failure);
147 ATF_TC_HEAD(clock_settime_failure, tc)
148 {
149 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
150 					"clock_settime(2) call");
151 }
152 
153 ATF_TC_BODY(clock_settime_failure, tc)
154 {
155 	pid = getpid();
156 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
157 
158 	struct timespec tp;
159 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
160 
161 	FILE *pipefd = setup(fds, auclass);
162 	/* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
163 	ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
164 	check_audit(fds, adregex, pipefd);
165 }
166 
167 ATF_TC_CLEANUP(clock_settime_failure, tc)
168 {
169 	cleanup();
170 }
171 
172 
173 ATF_TC_WITH_CLEANUP(adjtime_success);
174 ATF_TC_HEAD(adjtime_success, tc)
175 {
176 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
177 					"adjtime(2) call");
178 }
179 
180 ATF_TC_BODY(adjtime_success, tc)
181 {
182 	pid = getpid();
183 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
184 
185 	FILE *pipefd = setup(fds, auclass);
186 	/* We don't want to change the system time, hence NULL */
187 	ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
188 	check_audit(fds, adregex, pipefd);
189 }
190 
191 ATF_TC_CLEANUP(adjtime_success, tc)
192 {
193 	cleanup();
194 }
195 
196 
197 ATF_TC_WITH_CLEANUP(adjtime_failure);
198 ATF_TC_HEAD(adjtime_failure, tc)
199 {
200 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
201 					"adjtime(2) call");
202 }
203 
204 ATF_TC_BODY(adjtime_failure, tc)
205 {
206 	pid = getpid();
207 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
208 
209 	FILE *pipefd = setup(fds, auclass);
210 	ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
211 	check_audit(fds, adregex, pipefd);
212 }
213 
214 ATF_TC_CLEANUP(adjtime_failure, tc)
215 {
216 	cleanup();
217 }
218 
219 
220 ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
221 ATF_TC_HEAD(ntp_adjtime_success, tc)
222 {
223 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
224 					"ntp_adjtime(2) call");
225 }
226 
227 ATF_TC_BODY(ntp_adjtime_success, tc)
228 {
229 	struct timex timebuff;
230 	bzero(&timebuff, sizeof(timebuff));
231 
232 	pid = getpid();
233 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
234 
235 	FILE *pipefd = setup(fds, auclass);
236 	ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
237 	check_audit(fds, adregex, pipefd);
238 }
239 
240 ATF_TC_CLEANUP(ntp_adjtime_success, tc)
241 {
242 	cleanup();
243 }
244 
245 
246 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
247 ATF_TC_HEAD(ntp_adjtime_failure, tc)
248 {
249 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
250 					"ntp_adjtime(2) call");
251 }
252 
253 ATF_TC_BODY(ntp_adjtime_failure, tc)
254 {
255 	pid = getpid();
256 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
257 
258 	FILE *pipefd = setup(fds, auclass);
259 	ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
260 	check_audit(fds, adregex, pipefd);
261 }
262 
263 ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
264 {
265 	cleanup();
266 }
267 
268 
269 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
270 ATF_TC_HEAD(nfs_getfh_success, tc)
271 {
272 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
273 					"getfh(2) call");
274 }
275 
276 ATF_TC_BODY(nfs_getfh_success, tc)
277 {
278 	fhandle_t fhp;
279 	pid = getpid();
280 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
281 
282 	/* File needs to exist to call getfh(2) */
283 	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
284 	FILE *pipefd = setup(fds, auclass);
285 	ATF_REQUIRE_EQ(0, getfh(path, &fhp));
286 	check_audit(fds, adregex, pipefd);
287 	close(filedesc);
288 }
289 
290 ATF_TC_CLEANUP(nfs_getfh_success, tc)
291 {
292 	cleanup();
293 }
294 
295 
296 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
297 ATF_TC_HEAD(nfs_getfh_failure, tc)
298 {
299 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
300 					"getfh(2) call");
301 }
302 
303 ATF_TC_BODY(nfs_getfh_failure, tc)
304 {
305 	pid = getpid();
306 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
307 
308 	FILE *pipefd = setup(fds, auclass);
309 	/* Failure reason: file does not exist */
310 	ATF_REQUIRE_EQ(-1, getfh(path, NULL));
311 	check_audit(fds, adregex, pipefd);
312 }
313 
314 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
315 {
316 	cleanup();
317 }
318 
319 
320 ATF_TC_WITH_CLEANUP(auditctl_success);
321 ATF_TC_HEAD(auditctl_success, tc)
322 {
323 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
324 					"auditctl(2) call");
325 }
326 
327 ATF_TC_BODY(auditctl_success, tc)
328 {
329 	/* File needs to exist in order to call auditctl(2) */
330 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
331 	FILE *pipefd = setup(fds, auclass);
332 	ATF_REQUIRE_EQ(0, auditctl(path));
333 	check_audit(fds, successreg, pipefd);
334 	close(filedesc);
335 }
336 
337 ATF_TC_CLEANUP(auditctl_success, tc)
338 {
339 	/*
340 	 * auditctl(2) disables audit log at /var/audit and initiates auditing
341 	 * at the configured path. To reset this, we need to stop and start the
342 	 * auditd(8) again. Here, we check if auditd(8) was running already
343 	 * before the test started. If so, we stop and start it again.
344 	 *
345 	 * TODO: should we skip this test if auditd(8) is already running to
346 	 * avoid restarting it?
347 	 */
348 	if (!atf_utils_file_exists("started_fake_auditd")) {
349 		system("service auditd onestop > /dev/null 2>&1");
350 		system("service auditd onestart > /dev/null 2>&1");
351 	} else {
352 		cleanup();
353 	}
354 }
355 
356 
357 ATF_TC_WITH_CLEANUP(auditctl_failure);
358 ATF_TC_HEAD(auditctl_failure, tc)
359 {
360 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
361 					"auditctl(2) call");
362 }
363 
364 ATF_TC_BODY(auditctl_failure, tc)
365 {
366 	pid = getpid();
367 	snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
368 
369 	FILE *pipefd = setup(fds, auclass);
370 	/* Failure reason: file does not exist */
371 	ATF_REQUIRE_EQ(-1, auditctl(NULL));
372 	check_audit(fds, adregex, pipefd);
373 }
374 
375 ATF_TC_CLEANUP(auditctl_failure, tc)
376 {
377 	cleanup();
378 }
379 
380 
381 ATF_TC_WITH_CLEANUP(acct_success);
382 ATF_TC_HEAD(acct_success, tc)
383 {
384 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
385 					"acct(2) call");
386 	atf_tc_set_md_var(tc, "require.files",
387 	    "/etc/rc.d/accounting /etc/rc.d/auditd");
388 }
389 
390 ATF_TC_BODY(acct_success, tc)
391 {
392 	int acctinfo, filedesc2;
393 	size_t len = sizeof(acctinfo);
394 	const char *acctname = "kern.acct_configured";
395 	ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
396 
397 	/* File needs to exist to start system accounting */
398 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
399 
400 	/*
401 	 * acctinfo = 0: System accounting was disabled
402 	 * acctinfo = 1: System accounting was enabled
403 	 */
404 	if (acctinfo) {
405 		ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
406 		close(filedesc2);
407 	}
408 
409 	pid = getpid();
410 	snprintf(adregex, sizeof(adregex),
411 		"acct.*%s.*%d.*return,success", path, pid);
412 
413 	/*
414 	 * We temporarily switch the accounting record to a file at
415 	 * our own configured path in order to confirm acct(2)'s successful
416 	 * auditing. Then we set everything back to its original state.
417 	 */
418 	FILE *pipefd = setup(fds, auclass);
419 	ATF_REQUIRE_EQ(0, acct(path));
420 	check_audit(fds, adregex, pipefd);
421 	close(filedesc);
422 }
423 
424 ATF_TC_CLEANUP(acct_success, tc)
425 {
426 	/* Reset accounting configured path */
427 	ATF_REQUIRE_EQ(0, system("service accounting onestop"));
428 	if (atf_utils_file_exists("acct_ok")) {
429 		ATF_REQUIRE_EQ(0, system("service accounting onestart"));
430 	}
431 	cleanup();
432 }
433 
434 
435 ATF_TC_WITH_CLEANUP(acct_failure);
436 ATF_TC_HEAD(acct_failure, tc)
437 {
438 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
439 					"acct(2) call");
440 }
441 
442 ATF_TC_BODY(acct_failure, tc)
443 {
444 	pid = getpid();
445 	snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
446 
447 	FILE *pipefd = setup(fds, auclass);
448 	/* Failure reason: File does not exist */
449 	ATF_REQUIRE_EQ(-1, acct(path));
450 	check_audit(fds, adregex, pipefd);
451 }
452 
453 ATF_TC_CLEANUP(acct_failure, tc)
454 {
455 	cleanup();
456 }
457 
458 
459 ATF_TC_WITH_CLEANUP(getauid_success);
460 ATF_TC_HEAD(getauid_success, tc)
461 {
462 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
463 					"getauid(2) call");
464 }
465 
466 ATF_TC_BODY(getauid_success, tc)
467 {
468 	au_id_t auid;
469 	pid = getpid();
470 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
471 
472 	FILE *pipefd = setup(fds, auclass);
473 	ATF_REQUIRE_EQ(0, getauid(&auid));
474 	check_audit(fds, adregex, pipefd);
475 }
476 
477 ATF_TC_CLEANUP(getauid_success, tc)
478 {
479 	cleanup();
480 }
481 
482 
483 ATF_TC_WITH_CLEANUP(getauid_failure);
484 ATF_TC_HEAD(getauid_failure, tc)
485 {
486 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
487 					"getauid(2) call");
488 }
489 
490 ATF_TC_BODY(getauid_failure, tc)
491 {
492 	pid = getpid();
493 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
494 
495 	FILE *pipefd = setup(fds, auclass);
496 	/* Failure reason: Bad address */
497 	ATF_REQUIRE_EQ(-1, getauid(NULL));
498 	check_audit(fds, adregex, pipefd);
499 }
500 
501 ATF_TC_CLEANUP(getauid_failure, tc)
502 {
503 	cleanup();
504 }
505 
506 
507 ATF_TC_WITH_CLEANUP(setauid_success);
508 ATF_TC_HEAD(setauid_success, tc)
509 {
510 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
511 					"setauid(2) call");
512 }
513 
514 ATF_TC_BODY(setauid_success, tc)
515 {
516 	au_id_t auid;
517 	pid = getpid();
518 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
519 	ATF_REQUIRE_EQ(0, getauid(&auid));
520 
521 	FILE *pipefd = setup(fds, auclass);
522 	ATF_REQUIRE_EQ(0, setauid(&auid));
523 	check_audit(fds, adregex, pipefd);
524 }
525 
526 ATF_TC_CLEANUP(setauid_success, tc)
527 {
528 	cleanup();
529 }
530 
531 
532 ATF_TC_WITH_CLEANUP(setauid_failure);
533 ATF_TC_HEAD(setauid_failure, tc)
534 {
535 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
536 					"setauid(2) call");
537 }
538 
539 ATF_TC_BODY(setauid_failure, tc)
540 {
541 	pid = getpid();
542 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
543 
544 	FILE *pipefd = setup(fds, auclass);
545 	/* Failure reason: Bad address */
546 	ATF_REQUIRE_EQ(-1, setauid(NULL));
547 	check_audit(fds, adregex, pipefd);
548 }
549 
550 ATF_TC_CLEANUP(setauid_failure, tc)
551 {
552 	cleanup();
553 }
554 
555 
556 ATF_TC_WITH_CLEANUP(getaudit_success);
557 ATF_TC_HEAD(getaudit_success, tc)
558 {
559 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
560 					"getaudit(2) call");
561 }
562 
563 ATF_TC_BODY(getaudit_success, tc)
564 {
565 	pid = getpid();
566 	auditinfo_t auditinfo;
567 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
568 
569 	FILE *pipefd = setup(fds, auclass);
570 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
571 	check_audit(fds, adregex, pipefd);
572 }
573 
574 ATF_TC_CLEANUP(getaudit_success, tc)
575 {
576 	cleanup();
577 }
578 
579 
580 ATF_TC_WITH_CLEANUP(getaudit_failure);
581 ATF_TC_HEAD(getaudit_failure, tc)
582 {
583 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
584 					"getaudit(2) call");
585 }
586 
587 ATF_TC_BODY(getaudit_failure, tc)
588 {
589 	pid = getpid();
590 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
591 
592 	FILE *pipefd = setup(fds, auclass);
593 	/* Failure reason: Bad address */
594 	ATF_REQUIRE_EQ(-1, getaudit(NULL));
595 	check_audit(fds, adregex, pipefd);
596 }
597 
598 ATF_TC_CLEANUP(getaudit_failure, tc)
599 {
600 	cleanup();
601 }
602 
603 
604 ATF_TC_WITH_CLEANUP(setaudit_success);
605 ATF_TC_HEAD(setaudit_success, tc)
606 {
607 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
608 					"setaudit(2) call");
609 }
610 
611 ATF_TC_BODY(setaudit_success, tc)
612 {
613 	pid = getpid();
614 	auditinfo_t auditinfo;
615 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
616 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
617 
618 	FILE *pipefd = setup(fds, auclass);
619 	ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
620 	check_audit(fds, adregex, pipefd);
621 }
622 
623 ATF_TC_CLEANUP(setaudit_success, tc)
624 {
625 	cleanup();
626 }
627 
628 
629 ATF_TC_WITH_CLEANUP(setaudit_failure);
630 ATF_TC_HEAD(setaudit_failure, tc)
631 {
632 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
633 					"setaudit(2) call");
634 }
635 
636 ATF_TC_BODY(setaudit_failure, tc)
637 {
638 	pid = getpid();
639 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
640 
641 	FILE *pipefd = setup(fds, auclass);
642 	/* Failure reason: Bad address */
643 	ATF_REQUIRE_EQ(-1, setaudit(NULL));
644 	check_audit(fds, adregex, pipefd);
645 }
646 
647 ATF_TC_CLEANUP(setaudit_failure, tc)
648 {
649 	cleanup();
650 }
651 
652 
653 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
654 ATF_TC_HEAD(getaudit_addr_success, tc)
655 {
656 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
657 					"getaudit_addr(2) call");
658 }
659 
660 ATF_TC_BODY(getaudit_addr_success, tc)
661 {
662 	pid = getpid();
663 	auditinfo_addr_t auditinfo;
664 	snprintf(adregex, sizeof(adregex),
665 		"getaudit_addr.*%d.*return,success", pid);
666 
667 	FILE *pipefd = setup(fds, auclass);
668 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
669 	check_audit(fds, adregex, pipefd);
670 }
671 
672 ATF_TC_CLEANUP(getaudit_addr_success, tc)
673 {
674 	cleanup();
675 }
676 
677 
678 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
679 ATF_TC_HEAD(getaudit_addr_failure, tc)
680 {
681 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
682 					"getaudit_addr(2) call");
683 }
684 
685 ATF_TC_BODY(getaudit_addr_failure, tc)
686 {
687 	pid = getpid();
688 	snprintf(adregex, sizeof(adregex),
689 		"getaudit_addr.*%d.*return,failure", pid);
690 
691 	FILE *pipefd = setup(fds, auclass);
692 	/* Failure reason: Bad address */
693 	ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
694 	check_audit(fds, adregex, pipefd);
695 }
696 
697 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
698 {
699 	cleanup();
700 }
701 
702 
703 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
704 ATF_TC_HEAD(setaudit_addr_success, tc)
705 {
706 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
707 					"setaudit_addr(2) call");
708 }
709 
710 ATF_TC_BODY(setaudit_addr_success, tc)
711 {
712 	pid = getpid();
713 	auditinfo_addr_t auditinfo;
714 	snprintf(adregex, sizeof(adregex),
715 		"setaudit_addr.*%d.*return,success", pid);
716 
717 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
718 	FILE *pipefd = setup(fds, auclass);
719 	ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
720 	check_audit(fds, adregex, pipefd);
721 }
722 
723 ATF_TC_CLEANUP(setaudit_addr_success, tc)
724 {
725 	cleanup();
726 }
727 
728 
729 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
730 ATF_TC_HEAD(setaudit_addr_failure, tc)
731 {
732 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
733 					"setaudit_addr(2) call");
734 }
735 
736 ATF_TC_BODY(setaudit_addr_failure, tc)
737 {
738 	pid = getpid();
739 	snprintf(adregex, sizeof(adregex),
740 		"setaudit_addr.*%d.*return,failure", pid);
741 
742 	FILE *pipefd = setup(fds, auclass);
743 	/* Failure reason: Bad address */
744 	ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
745 	check_audit(fds, adregex, pipefd);
746 }
747 
748 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
749 {
750 	cleanup();
751 }
752 
753 /*
754  * Note: The test-case uses A_GETFSIZE as the command argument but since it is
755  * not an independent audit event, it will be used to check the default mode
756  * auditing of auditon(2) system call.
757  *
758  * Please See: sys/security/audit/audit_bsm_klib.c
759  * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
760  */
761 ATF_TC_WITH_CLEANUP(auditon_default_success);
762 ATF_TC_HEAD(auditon_default_success, tc)
763 {
764 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
765 					"auditon(2) call");
766 }
767 
768 ATF_TC_BODY(auditon_default_success, tc)
769 {
770 	au_fstat_t fsize_arg;
771 	bzero(&fsize_arg, sizeof(au_fstat_t));
772 
773 	pid = getpid();
774 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
775 
776 	FILE *pipefd = setup(fds, auclass);
777 	ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
778 	check_audit(fds, adregex, pipefd);
779 }
780 
781 ATF_TC_CLEANUP(auditon_default_success, tc)
782 {
783 	cleanup();
784 }
785 
786 
787 ATF_TC_WITH_CLEANUP(auditon_default_failure);
788 ATF_TC_HEAD(auditon_default_failure, tc)
789 {
790 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
791 					"auditon(2) call");
792 }
793 
794 ATF_TC_BODY(auditon_default_failure, tc)
795 {
796 	pid = getpid();
797 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
798 
799 	FILE *pipefd = setup(fds, auclass);
800 	/* Failure reason: Invalid argument */
801 	ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
802 	check_audit(fds, adregex, pipefd);
803 }
804 
805 ATF_TC_CLEANUP(auditon_default_failure, tc)
806 {
807 	cleanup();
808 }
809 
810 
811 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
812 ATF_TC_HEAD(auditon_getpolicy_success, tc)
813 {
814 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
815 					"auditon(2) call for cmd: A_GETPOLICY");
816 }
817 
818 ATF_TC_BODY(auditon_getpolicy_success, tc)
819 {
820 	int aupolicy;
821 	pid = getpid();
822 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
823 
824 	FILE *pipefd = setup(fds, auclass);
825 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
826 	check_audit(fds, adregex, pipefd);
827 }
828 
829 ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
830 {
831 	cleanup();
832 }
833 
834 
835 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
836 ATF_TC_HEAD(auditon_getpolicy_failure, tc)
837 {
838 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
839 					"auditon(2) call for cmd: A_GETPOLICY");
840 }
841 
842 ATF_TC_BODY(auditon_getpolicy_failure, tc)
843 {
844 	pid = getpid();
845 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
846 
847 	FILE *pipefd = setup(fds, auclass);
848 	/* Failure reason: Invalid argument */
849 	ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
850 	check_audit(fds, adregex, pipefd);
851 }
852 
853 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
854 {
855 	cleanup();
856 }
857 
858 
859 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
860 ATF_TC_HEAD(auditon_setpolicy_success, tc)
861 {
862 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
863 					"auditon(2) call for cmd: A_SETPOLICY");
864 }
865 
866 ATF_TC_BODY(auditon_setpolicy_success, tc)
867 {
868 	int aupolicy;
869 	pid = getpid();
870 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
871 
872 	/* Retrieve the current auditing policy, to be used with A_SETPOLICY */
873 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
874 	FILE *pipefd = setup(fds, auclass);
875 	ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
876 	check_audit(fds, adregex, pipefd);
877 }
878 
879 ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
880 {
881 	cleanup();
882 }
883 
884 
885 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
886 ATF_TC_HEAD(auditon_setpolicy_failure, tc)
887 {
888 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
889 					"auditon(2) call for cmd: A_SETPOLICY");
890 }
891 
892 ATF_TC_BODY(auditon_setpolicy_failure, tc)
893 {
894 	pid = getpid();
895 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
896 
897 	FILE *pipefd = setup(fds, auclass);
898 	/* Failure reason: Invalid argument */
899 	ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
900 	check_audit(fds, adregex, pipefd);
901 }
902 
903 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
904 {
905 	cleanup();
906 }
907 
908 
909 ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
910 ATF_TC_HEAD(auditon_getkmask_success, tc)
911 {
912 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
913 					"auditon(2) call for cmd: A_GETKMASK");
914 }
915 
916 ATF_TC_BODY(auditon_getkmask_success, tc)
917 {
918 	pid = getpid();
919 	au_mask_t evmask;
920 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
921 
922 	bzero(&evmask, sizeof(evmask));
923 	FILE *pipefd = setup(fds, auclass);
924 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
925 	check_audit(fds, adregex, pipefd);
926 }
927 
928 ATF_TC_CLEANUP(auditon_getkmask_success, tc)
929 {
930 	cleanup();
931 }
932 
933 
934 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
935 ATF_TC_HEAD(auditon_getkmask_failure, tc)
936 {
937 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
938 					"auditon(2) call for cmd: A_GETKMASK");
939 }
940 
941 ATF_TC_BODY(auditon_getkmask_failure, tc)
942 {
943 	pid = getpid();
944 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
945 
946 	FILE *pipefd = setup(fds, auclass);
947 	/* Failure reason: Invalid au_mask_t structure */
948 	ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
949 	check_audit(fds, adregex, pipefd);
950 }
951 
952 ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
953 {
954 	cleanup();
955 }
956 
957 
958 ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
959 ATF_TC_HEAD(auditon_setkmask_success, tc)
960 {
961 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
962 					"auditon(2) call for cmd: A_SETKMASK");
963 }
964 
965 ATF_TC_BODY(auditon_setkmask_success, tc)
966 {
967 	pid = getpid();
968 	au_mask_t evmask;
969 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
970 
971 	/* Retrieve the current audit mask to be used with A_SETKMASK */
972 	bzero(&evmask, sizeof(evmask));
973 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
974 
975 	FILE *pipefd = setup(fds, auclass);
976 	ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
977 	check_audit(fds, adregex, pipefd);
978 }
979 
980 ATF_TC_CLEANUP(auditon_setkmask_success, tc)
981 {
982 	cleanup();
983 }
984 
985 
986 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
987 ATF_TC_HEAD(auditon_setkmask_failure, tc)
988 {
989 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
990 					"auditon(2) call for cmd: A_SETKMASK");
991 }
992 
993 ATF_TC_BODY(auditon_setkmask_failure, tc)
994 {
995 	pid = getpid();
996 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
997 
998 	FILE *pipefd = setup(fds, auclass);
999 	/* Failure reason: Invalid au_mask_t structure */
1000 	ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
1001 	check_audit(fds, adregex, pipefd);
1002 }
1003 
1004 ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
1005 {
1006 	cleanup();
1007 }
1008 
1009 
1010 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
1011 ATF_TC_HEAD(auditon_getqctrl_success, tc)
1012 {
1013 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1014 					"auditon(2) call for cmd: A_GETQCTRL");
1015 }
1016 
1017 ATF_TC_BODY(auditon_getqctrl_success, tc)
1018 {
1019 	pid = getpid();
1020 	au_qctrl_t evqctrl;
1021 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1022 
1023 	bzero(&evqctrl, sizeof(evqctrl));
1024 	FILE *pipefd = setup(fds, auclass);
1025 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1026 	check_audit(fds, adregex, pipefd);
1027 }
1028 
1029 ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1030 {
1031 	cleanup();
1032 }
1033 
1034 
1035 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
1036 ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1037 {
1038 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1039 					"auditon(2) call for cmd: A_GETQCTRL");
1040 }
1041 
1042 ATF_TC_BODY(auditon_getqctrl_failure, tc)
1043 {
1044 	pid = getpid();
1045 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1046 
1047 	FILE *pipefd = setup(fds, auclass);
1048 	/* Failure reason: Invalid au_qctrl_t structure */
1049 	ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1050 	check_audit(fds, adregex, pipefd);
1051 }
1052 
1053 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1054 {
1055 	cleanup();
1056 }
1057 
1058 
1059 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
1060 ATF_TC_HEAD(auditon_setqctrl_success, tc)
1061 {
1062 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1063 					"auditon(2) call for cmd: A_SETKMASK");
1064 }
1065 
1066 ATF_TC_BODY(auditon_setqctrl_success, tc)
1067 {
1068 	pid = getpid();
1069 	au_qctrl_t evqctrl;
1070 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1071 
1072 	/* Retrieve the current audit mask to be used with A_SETQCTRL */
1073 	bzero(&evqctrl, sizeof(evqctrl));
1074 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1075 
1076 	FILE *pipefd = setup(fds, auclass);
1077 	ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1078 	check_audit(fds, adregex, pipefd);
1079 }
1080 
1081 ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1082 {
1083 	cleanup();
1084 }
1085 
1086 
1087 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
1088 ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1089 {
1090 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1091 					"auditon(2) call for cmd: A_SETKMASK");
1092 }
1093 
1094 ATF_TC_BODY(auditon_setqctrl_failure, tc)
1095 {
1096 	pid = getpid();
1097 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1098 
1099 	FILE *pipefd = setup(fds, auclass);
1100 	/* Failure reason: Invalid au_qctrl_t structure */
1101 	ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1102 	check_audit(fds, adregex, pipefd);
1103 }
1104 
1105 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1106 {
1107 	cleanup();
1108 }
1109 
1110 
1111 ATF_TC_WITH_CLEANUP(auditon_getclass_success);
1112 ATF_TC_HEAD(auditon_getclass_success, tc)
1113 {
1114 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1115 					"auditon(2) call for cmd: A_GETCLASS");
1116 }
1117 
1118 ATF_TC_BODY(auditon_getclass_success, tc)
1119 {
1120 	pid = getpid();
1121 	au_evclass_map_t evclass;
1122 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1123 
1124 	/* Initialize evclass to get the event-class mapping for auditon(2) */
1125 	evclass.ec_number = AUE_AUDITON;
1126 	evclass.ec_class = 0;
1127 	FILE *pipefd = setup(fds, auclass);
1128 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1129 	check_audit(fds, adregex, pipefd);
1130 }
1131 
1132 ATF_TC_CLEANUP(auditon_getclass_success, tc)
1133 {
1134 	cleanup();
1135 }
1136 
1137 
1138 ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
1139 ATF_TC_HEAD(auditon_getclass_failure, tc)
1140 {
1141 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1142 					"auditon(2) call for cmd: A_GETCLASS");
1143 }
1144 
1145 ATF_TC_BODY(auditon_getclass_failure, tc)
1146 {
1147 	pid = getpid();
1148 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1149 
1150 	FILE *pipefd = setup(fds, auclass);
1151 	/* Failure reason: Invalid au_evclass_map_t structure */
1152 	ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1153 	check_audit(fds, adregex, pipefd);
1154 }
1155 
1156 ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1157 {
1158 	cleanup();
1159 }
1160 
1161 
1162 ATF_TC_WITH_CLEANUP(auditon_setclass_success);
1163 ATF_TC_HEAD(auditon_setclass_success, tc)
1164 {
1165 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1166 					"auditon(2) call for cmd: A_SETCLASS");
1167 }
1168 
1169 ATF_TC_BODY(auditon_setclass_success, tc)
1170 {
1171 	pid = getpid();
1172 	au_evclass_map_t evclass;
1173 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1174 
1175 	/* Initialize evclass and get the event-class mapping for auditon(2) */
1176 	evclass.ec_number = AUE_AUDITON;
1177 	evclass.ec_class = 0;
1178 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1179 
1180 	FILE *pipefd = setup(fds, auclass);
1181 	ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1182 	check_audit(fds, adregex, pipefd);
1183 }
1184 
1185 ATF_TC_CLEANUP(auditon_setclass_success, tc)
1186 {
1187 	cleanup();
1188 }
1189 
1190 
1191 ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
1192 ATF_TC_HEAD(auditon_setclass_failure, tc)
1193 {
1194 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1195 					"auditon(2) call for cmd: A_SETCLASS");
1196 }
1197 
1198 ATF_TC_BODY(auditon_setclass_failure, tc)
1199 {
1200 	pid = getpid();
1201 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1202 
1203 	FILE *pipefd = setup(fds, auclass);
1204 	/* Failure reason: Invalid au_evclass_map_t structure */
1205 	ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1206 	check_audit(fds, adregex, pipefd);
1207 }
1208 
1209 ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1210 {
1211 	cleanup();
1212 }
1213 
1214 
1215 ATF_TC_WITH_CLEANUP(auditon_getcond_success);
1216 ATF_TC_HEAD(auditon_getcond_success, tc)
1217 {
1218 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1219 					"auditon(2) call for cmd: A_GETCOND");
1220 }
1221 
1222 ATF_TC_BODY(auditon_getcond_success, tc)
1223 {
1224 	int auditcond;
1225 	pid = getpid();
1226 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1227 
1228 	FILE *pipefd = setup(fds, auclass);
1229 	ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1230 	check_audit(fds, adregex, pipefd);
1231 }
1232 
1233 ATF_TC_CLEANUP(auditon_getcond_success, tc)
1234 {
1235 	cleanup();
1236 }
1237 
1238 
1239 ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
1240 ATF_TC_HEAD(auditon_getcond_failure, tc)
1241 {
1242 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1243 					"auditon(2) call for cmd: A_GETCOND");
1244 }
1245 
1246 ATF_TC_BODY(auditon_getcond_failure, tc)
1247 {
1248 	pid = getpid();
1249 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1250 
1251 	FILE *pipefd = setup(fds, auclass);
1252 	/* Failure reason: Invalid argument */
1253 	ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1254 	check_audit(fds, adregex, pipefd);
1255 }
1256 
1257 ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1258 {
1259 	cleanup();
1260 }
1261 
1262 
1263 ATF_TC_WITH_CLEANUP(auditon_setcond_success);
1264 ATF_TC_HEAD(auditon_setcond_success, tc)
1265 {
1266 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1267 					"auditon(2) call for cmd: A_SETCOND");
1268 }
1269 
1270 ATF_TC_BODY(auditon_setcond_success, tc)
1271 {
1272 	int auditcond = AUC_AUDITING;
1273 	pid = getpid();
1274 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1275 
1276 	FILE *pipefd = setup(fds, auclass);
1277 	/* At this point auditd is running, so the audit state is AUC_AUDITING */
1278 	ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1279 	check_audit(fds, adregex, pipefd);
1280 }
1281 
1282 ATF_TC_CLEANUP(auditon_setcond_success, tc)
1283 {
1284 	cleanup();
1285 }
1286 
1287 
1288 ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
1289 ATF_TC_HEAD(auditon_setcond_failure, tc)
1290 {
1291 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1292 					"auditon(2) call for cmd: A_SETCOND");
1293 }
1294 
1295 ATF_TC_BODY(auditon_setcond_failure, tc)
1296 {
1297 	pid = getpid();
1298 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1299 
1300 	FILE *pipefd = setup(fds, auclass);
1301 	/* Failure reason: Invalid argument */
1302 	ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1303 	check_audit(fds, adregex, pipefd);
1304 }
1305 
1306 ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1307 {
1308 	cleanup();
1309 }
1310 
1311 /*
1312  * Following test-cases for auditon(2) are all in failure mode only as although
1313  * auditable, they have not been implemented and return ENOSYS whenever called.
1314  *
1315  * Commands: A_GETCWD  A_GETCAR  A_GETSTAT  A_SETSTAT  A_SETUMASK  A_SETSMASK
1316  */
1317 
1318 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
1319 ATF_TC_HEAD(auditon_getcwd_failure, tc)
1320 {
1321 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1322 					"auditon(2) call for cmd: A_GETCWD");
1323 }
1324 
1325 ATF_TC_BODY(auditon_getcwd_failure, tc)
1326 {
1327 	pid = getpid();
1328 	snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1329 
1330 	FILE *pipefd = setup(fds, auclass);
1331 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1332 		sizeof(auditon_def)) == -1);
1333 	check_audit(fds, adregex, pipefd);
1334 }
1335 
1336 ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1337 {
1338 	cleanup();
1339 }
1340 
1341 
1342 ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
1343 ATF_TC_HEAD(auditon_getcar_failure, tc)
1344 {
1345 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1346 					"auditon(2) call for cmd: A_GETCAR");
1347 }
1348 
1349 ATF_TC_BODY(auditon_getcar_failure, tc)
1350 {
1351 	pid = getpid();
1352 	snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1353 
1354 	FILE *pipefd = setup(fds, auclass);
1355 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1356 		sizeof(auditon_def)) == -1);
1357 	check_audit(fds, adregex, pipefd);
1358 }
1359 
1360 ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1361 {
1362 	cleanup();
1363 }
1364 
1365 
1366 ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
1367 ATF_TC_HEAD(auditon_getstat_failure, tc)
1368 {
1369 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1370 					"auditon(2) call for cmd: A_GETSTAT");
1371 }
1372 
1373 ATF_TC_BODY(auditon_getstat_failure, tc)
1374 {
1375 	pid = getpid();
1376 	snprintf(adregex, sizeof(adregex),
1377 		"get audit statistics.*%d.*return,failure", pid);
1378 
1379 	FILE *pipefd = setup(fds, auclass);
1380 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1381 		sizeof(auditon_def)) == -1);
1382 	check_audit(fds, adregex, pipefd);
1383 }
1384 
1385 ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1386 {
1387 	cleanup();
1388 }
1389 
1390 
1391 ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
1392 ATF_TC_HEAD(auditon_setstat_failure, tc)
1393 {
1394 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1395 					"auditon(2) call for cmd: A_SETSTAT");
1396 }
1397 
1398 ATF_TC_BODY(auditon_setstat_failure, tc)
1399 {
1400 	pid = getpid();
1401 	snprintf(adregex, sizeof(adregex),
1402 		"set audit statistics.*%d.*return,failure", pid);
1403 
1404 	FILE *pipefd = setup(fds, auclass);
1405 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1406 		sizeof(auditon_def)) == -1);
1407 	check_audit(fds, adregex, pipefd);
1408 }
1409 
1410 ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1411 {
1412 	cleanup();
1413 }
1414 
1415 
1416 ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
1417 ATF_TC_HEAD(auditon_setumask_failure, tc)
1418 {
1419 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1420 					"auditon(2) call for cmd: A_SETUMASK");
1421 }
1422 
1423 ATF_TC_BODY(auditon_setumask_failure, tc)
1424 {
1425 	pid = getpid();
1426 	snprintf(adregex, sizeof(adregex),
1427 		"set mask per uid.*%d.*return,failure", pid);
1428 
1429 	FILE *pipefd = setup(fds, auclass);
1430 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1431 		sizeof(auditon_def)) == -1);
1432 	check_audit(fds, adregex, pipefd);
1433 }
1434 
1435 ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1436 {
1437 	cleanup();
1438 }
1439 
1440 
1441 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
1442 ATF_TC_HEAD(auditon_setsmask_failure, tc)
1443 {
1444 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1445 					"auditon(2) call for cmd: A_SETSMASK");
1446 }
1447 
1448 ATF_TC_BODY(auditon_setsmask_failure, tc)
1449 {
1450 	pid = getpid();
1451 	snprintf(adregex, sizeof(adregex),
1452 		"set mask per session.*%d.*return,failure", pid);
1453 
1454 	FILE *pipefd = setup(fds, auclass);
1455 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1456 		sizeof(auditon_def)) == -1);
1457 	check_audit(fds, adregex, pipefd);
1458 }
1459 
1460 ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1461 {
1462 	cleanup();
1463 }
1464 
1465 
1466 /*
1467  * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1468  * to reboot the system while running the tests
1469  */
1470 
1471 
1472 ATF_TC_WITH_CLEANUP(reboot_failure);
1473 ATF_TC_HEAD(reboot_failure, tc)
1474 {
1475 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1476 					"reboot(2) call");
1477 }
1478 
1479 ATF_TC_BODY(reboot_failure, tc)
1480 {
1481 	pid = getpid();
1482 	snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1483 
1484 	FILE *pipefd = setup(fds, auclass);
1485 	ATF_REQUIRE_EQ(-1, reboot(-1));
1486 	check_audit(fds, adregex, pipefd);
1487 }
1488 
1489 ATF_TC_CLEANUP(reboot_failure, tc)
1490 {
1491 	cleanup();
1492 }
1493 
1494 
1495 /*
1496  * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1497  * to tamper with filesystem quotas
1498  */
1499 
1500 
1501 ATF_TC_WITH_CLEANUP(quotactl_failure);
1502 ATF_TC_HEAD(quotactl_failure, tc)
1503 {
1504 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1505 					"quotactl(2) call");
1506 }
1507 
1508 ATF_TC_BODY(quotactl_failure, tc)
1509 {
1510 	pid = getpid();
1511 	snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1512 
1513 	FILE *pipefd = setup(fds, auclass);
1514 	ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1515 	check_audit(fds, adregex, pipefd);
1516 }
1517 
1518 ATF_TC_CLEANUP(quotactl_failure, tc)
1519 {
1520 	cleanup();
1521 }
1522 
1523 
1524 ATF_TC_WITH_CLEANUP(mount_failure);
1525 ATF_TC_HEAD(mount_failure, tc)
1526 {
1527 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1528 					"mount(2) call");
1529 }
1530 
1531 ATF_TC_BODY(mount_failure, tc)
1532 {
1533 	pid = getpid();
1534 	snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1535 
1536 	FILE *pipefd = setup(fds, auclass);
1537 	ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1538 	check_audit(fds, adregex, pipefd);
1539 }
1540 
1541 ATF_TC_CLEANUP(mount_failure, tc)
1542 {
1543 	cleanup();
1544 }
1545 
1546 
1547 ATF_TC_WITH_CLEANUP(nmount_failure);
1548 ATF_TC_HEAD(nmount_failure, tc)
1549 {
1550 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1551 					"nmount(2) call");
1552 }
1553 
1554 ATF_TC_BODY(nmount_failure, tc)
1555 {
1556 	pid = getpid();
1557 	snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1558 
1559 	FILE *pipefd = setup(fds, auclass);
1560 	ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1561 	check_audit(fds, adregex, pipefd);
1562 }
1563 
1564 ATF_TC_CLEANUP(nmount_failure, tc)
1565 {
1566 	cleanup();
1567 }
1568 
1569 
1570 ATF_TC_WITH_CLEANUP(swapon_failure);
1571 ATF_TC_HEAD(swapon_failure, tc)
1572 {
1573 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1574 					"swapon(2) call");
1575 }
1576 
1577 ATF_TC_BODY(swapon_failure, tc)
1578 {
1579 	pid = getpid();
1580 	snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1581 
1582 	FILE *pipefd = setup(fds, auclass);
1583 	/* Failure reason: Block device required */
1584 	ATF_REQUIRE_EQ(-1, swapon(path));
1585 	check_audit(fds, adregex, pipefd);
1586 }
1587 
1588 ATF_TC_CLEANUP(swapon_failure, tc)
1589 {
1590 	cleanup();
1591 }
1592 
1593 
1594 ATF_TC_WITH_CLEANUP(swapoff_failure);
1595 ATF_TC_HEAD(swapoff_failure, tc)
1596 {
1597 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1598 					"swapoff(2) call");
1599 }
1600 
1601 ATF_TC_BODY(swapoff_failure, tc)
1602 {
1603 	pid = getpid();
1604 	snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1605 
1606 	FILE *pipefd = setup(fds, auclass);
1607 	/* Failure reason: Block device required */
1608 	ATF_REQUIRE_EQ(-1, swapoff(path));
1609 	check_audit(fds, adregex, pipefd);
1610 }
1611 
1612 ATF_TC_CLEANUP(swapoff_failure, tc)
1613 {
1614 	cleanup();
1615 }
1616 
1617 
1618 ATF_TP_ADD_TCS(tp)
1619 {
1620 	ATF_TP_ADD_TC(tp, settimeofday_success);
1621 	ATF_TP_ADD_TC(tp, settimeofday_failure);
1622 	ATF_TP_ADD_TC(tp, clock_settime_success);
1623 	ATF_TP_ADD_TC(tp, clock_settime_failure);
1624 	ATF_TP_ADD_TC(tp, adjtime_success);
1625 	ATF_TP_ADD_TC(tp, adjtime_failure);
1626 	ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1627 	ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1628 
1629 	ATF_TP_ADD_TC(tp, nfs_getfh_success);
1630 	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1631 	ATF_TP_ADD_TC(tp, acct_success);
1632 	ATF_TP_ADD_TC(tp, acct_failure);
1633 	ATF_TP_ADD_TC(tp, auditctl_success);
1634 	ATF_TP_ADD_TC(tp, auditctl_failure);
1635 
1636 	ATF_TP_ADD_TC(tp, getauid_success);
1637 	ATF_TP_ADD_TC(tp, getauid_failure);
1638 	ATF_TP_ADD_TC(tp, setauid_success);
1639 	ATF_TP_ADD_TC(tp, setauid_failure);
1640 
1641 	ATF_TP_ADD_TC(tp, getaudit_success);
1642 	ATF_TP_ADD_TC(tp, getaudit_failure);
1643 	ATF_TP_ADD_TC(tp, setaudit_success);
1644 	ATF_TP_ADD_TC(tp, setaudit_failure);
1645 
1646 	ATF_TP_ADD_TC(tp, getaudit_addr_success);
1647 	ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1648 	ATF_TP_ADD_TC(tp, setaudit_addr_success);
1649 	ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1650 
1651 	ATF_TP_ADD_TC(tp, auditon_default_success);
1652 	ATF_TP_ADD_TC(tp, auditon_default_failure);
1653 
1654 	ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1655 	ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1656 	ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1657 	ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1658 
1659 	ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1660 	ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1661 	ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1662 	ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1663 
1664 	ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1665 	ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1666 	ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1667 	ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1668 
1669 	ATF_TP_ADD_TC(tp, auditon_getclass_success);
1670 	ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1671 	ATF_TP_ADD_TC(tp, auditon_setclass_success);
1672 	ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1673 
1674 	ATF_TP_ADD_TC(tp, auditon_getcond_success);
1675 	ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1676 	ATF_TP_ADD_TC(tp, auditon_setcond_success);
1677 	ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1678 
1679 	ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1680 	ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1681 	ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1682 	ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1683 	ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1684 	ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1685 
1686 	ATF_TP_ADD_TC(tp, reboot_failure);
1687 	ATF_TP_ADD_TC(tp, quotactl_failure);
1688 	ATF_TP_ADD_TC(tp, mount_failure);
1689 	ATF_TP_ADD_TC(tp, nmount_failure);
1690 	ATF_TP_ADD_TC(tp, swapon_failure);
1691 	ATF_TP_ADD_TC(tp, swapoff_failure);
1692 
1693 	return (atf_no_error());
1694 }
1695