1 /*- 2 * Copyright (c) 2018 Aniket Pandey 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/mount.h> 30 #include <sys/reboot.h> 31 #include <sys/stat.h> 32 #include <sys/sysctl.h> 33 #include <sys/time.h> 34 #include <sys/timespec.h> 35 #include <sys/timex.h> 36 37 #include <bsm/audit.h> 38 #include <bsm/audit_kevents.h> 39 #include <ufs/ufs/quota.h> 40 41 #include <atf-c.h> 42 #include <errno.h> 43 #include <fcntl.h> 44 #include <stdlib.h> 45 #include <time.h> 46 #include <unistd.h> 47 48 #include "utils.h" 49 50 static pid_t pid; 51 static int filedesc; 52 /* Default argument for handling ENOSYS in auditon(2) functions */ 53 static int auditon_def = 0; 54 static mode_t mode = 0777; 55 static struct pollfd fds[1]; 56 static char adregex[80]; 57 static const char *auclass = "ad"; 58 static const char *path = "fileforaudit"; 59 static const char *successreg = "fileforaudit.*return,success"; 60 61 62 ATF_TC_WITH_CLEANUP(settimeofday_success); 63 ATF_TC_HEAD(settimeofday_success, tc) 64 { 65 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 66 "settimeofday(2) call"); 67 } 68 69 ATF_TC_BODY(settimeofday_success, tc) 70 { 71 pid = getpid(); 72 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid); 73 74 struct timeval tp; 75 struct timezone tzp; 76 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp)); 77 78 FILE *pipefd = setup(fds, auclass); 79 /* Setting the same time as obtained by gettimeofday(2) */ 80 ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp)); 81 check_audit(fds, adregex, pipefd); 82 } 83 84 ATF_TC_CLEANUP(settimeofday_success, tc) 85 { 86 cleanup(); 87 } 88 89 90 ATF_TC_WITH_CLEANUP(settimeofday_failure); 91 ATF_TC_HEAD(settimeofday_failure, tc) 92 { 93 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 94 "settimeofday(2) call"); 95 } 96 97 ATF_TC_BODY(settimeofday_failure, tc) 98 { 99 pid = getpid(); 100 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid); 101 102 struct timeval tp; 103 struct timezone tzp; 104 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp)); 105 106 FILE *pipefd = setup(fds, auclass); 107 tp.tv_sec = -1; 108 /* Failure reason: Invalid value for tp.tv_sec; */ 109 ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp)); 110 check_audit(fds, adregex, pipefd); 111 } 112 113 ATF_TC_CLEANUP(settimeofday_failure, tc) 114 { 115 cleanup(); 116 } 117 118 119 ATF_TC_WITH_CLEANUP(clock_settime_success); 120 ATF_TC_HEAD(clock_settime_success, tc) 121 { 122 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 123 "clock_settime(2) call"); 124 } 125 126 ATF_TC_BODY(clock_settime_success, tc) 127 { 128 pid = getpid(); 129 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid); 130 131 struct timespec tp; 132 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp)); 133 134 FILE *pipefd = setup(fds, auclass); 135 /* Setting the same time as obtained by clock_gettime(2) */ 136 ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp)); 137 check_audit(fds, adregex, pipefd); 138 } 139 140 ATF_TC_CLEANUP(clock_settime_success, tc) 141 { 142 cleanup(); 143 } 144 145 146 ATF_TC_WITH_CLEANUP(clock_settime_failure); 147 ATF_TC_HEAD(clock_settime_failure, tc) 148 { 149 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 150 "clock_settime(2) call"); 151 } 152 153 ATF_TC_BODY(clock_settime_failure, tc) 154 { 155 pid = getpid(); 156 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid); 157 158 struct timespec tp; 159 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp)); 160 161 FILE *pipefd = setup(fds, auclass); 162 /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */ 163 ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp)); 164 check_audit(fds, adregex, pipefd); 165 } 166 167 ATF_TC_CLEANUP(clock_settime_failure, tc) 168 { 169 cleanup(); 170 } 171 172 173 ATF_TC_WITH_CLEANUP(adjtime_success); 174 ATF_TC_HEAD(adjtime_success, tc) 175 { 176 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 177 "adjtime(2) call"); 178 } 179 180 ATF_TC_BODY(adjtime_success, tc) 181 { 182 pid = getpid(); 183 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid); 184 185 FILE *pipefd = setup(fds, auclass); 186 /* We don't want to change the system time, hence NULL */ 187 ATF_REQUIRE_EQ(0, adjtime(NULL, NULL)); 188 check_audit(fds, adregex, pipefd); 189 } 190 191 ATF_TC_CLEANUP(adjtime_success, tc) 192 { 193 cleanup(); 194 } 195 196 197 ATF_TC_WITH_CLEANUP(adjtime_failure); 198 ATF_TC_HEAD(adjtime_failure, tc) 199 { 200 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 201 "adjtime(2) call"); 202 } 203 204 ATF_TC_BODY(adjtime_failure, tc) 205 { 206 pid = getpid(); 207 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid); 208 209 FILE *pipefd = setup(fds, auclass); 210 ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL)); 211 check_audit(fds, adregex, pipefd); 212 } 213 214 ATF_TC_CLEANUP(adjtime_failure, tc) 215 { 216 cleanup(); 217 } 218 219 220 ATF_TC_WITH_CLEANUP(ntp_adjtime_success); 221 ATF_TC_HEAD(ntp_adjtime_success, tc) 222 { 223 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 224 "ntp_adjtime(2) call"); 225 } 226 227 ATF_TC_BODY(ntp_adjtime_success, tc) 228 { 229 struct timex timebuff; 230 bzero(&timebuff, sizeof(timebuff)); 231 232 pid = getpid(); 233 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid); 234 235 FILE *pipefd = setup(fds, auclass); 236 ATF_REQUIRE(ntp_adjtime(&timebuff) != -1); 237 check_audit(fds, adregex, pipefd); 238 } 239 240 ATF_TC_CLEANUP(ntp_adjtime_success, tc) 241 { 242 cleanup(); 243 } 244 245 246 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure); 247 ATF_TC_HEAD(ntp_adjtime_failure, tc) 248 { 249 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 250 "ntp_adjtime(2) call"); 251 } 252 253 ATF_TC_BODY(ntp_adjtime_failure, tc) 254 { 255 pid = getpid(); 256 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid); 257 258 FILE *pipefd = setup(fds, auclass); 259 ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL)); 260 check_audit(fds, adregex, pipefd); 261 } 262 263 ATF_TC_CLEANUP(ntp_adjtime_failure, tc) 264 { 265 cleanup(); 266 } 267 268 269 ATF_TC_WITH_CLEANUP(nfs_getfh_success); 270 ATF_TC_HEAD(nfs_getfh_success, tc) 271 { 272 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 273 "getfh(2) call"); 274 } 275 276 ATF_TC_BODY(nfs_getfh_success, tc) 277 { 278 fhandle_t fhp; 279 pid = getpid(); 280 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid); 281 282 /* File needs to exist to call getfh(2) */ 283 ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); 284 FILE *pipefd = setup(fds, auclass); 285 ATF_REQUIRE_EQ(0, getfh(path, &fhp)); 286 check_audit(fds, adregex, pipefd); 287 close(filedesc); 288 } 289 290 ATF_TC_CLEANUP(nfs_getfh_success, tc) 291 { 292 cleanup(); 293 } 294 295 296 ATF_TC_WITH_CLEANUP(nfs_getfh_failure); 297 ATF_TC_HEAD(nfs_getfh_failure, tc) 298 { 299 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 300 "getfh(2) call"); 301 } 302 303 ATF_TC_BODY(nfs_getfh_failure, tc) 304 { 305 pid = getpid(); 306 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid); 307 308 FILE *pipefd = setup(fds, auclass); 309 /* Failure reason: file does not exist */ 310 ATF_REQUIRE_EQ(-1, getfh(path, NULL)); 311 check_audit(fds, adregex, pipefd); 312 } 313 314 ATF_TC_CLEANUP(nfs_getfh_failure, tc) 315 { 316 cleanup(); 317 } 318 319 320 ATF_TC_WITH_CLEANUP(auditctl_success); 321 ATF_TC_HEAD(auditctl_success, tc) 322 { 323 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 324 "auditctl(2) call"); 325 } 326 327 ATF_TC_BODY(auditctl_success, tc) 328 { 329 /* File needs to exist in order to call auditctl(2) */ 330 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1); 331 FILE *pipefd = setup(fds, auclass); 332 ATF_REQUIRE_EQ(0, auditctl(path)); 333 check_audit(fds, successreg, pipefd); 334 close(filedesc); 335 } 336 337 ATF_TC_CLEANUP(auditctl_success, tc) 338 { 339 /* 340 * auditctl(2) disables audit log at /var/audit and initiates auditing 341 * at the configured path. To reset this, we need to stop and start the 342 * auditd(8) again. Here, we check if auditd(8) was running already 343 * before the test started. If so, we stop and start it again. 344 * 345 * TODO: should we skip this test if auditd(8) is already running to 346 * avoid restarting it? 347 */ 348 if (!atf_utils_file_exists("started_fake_auditd")) { 349 system("service auditd onestop > /dev/null 2>&1"); 350 system("service auditd onestart > /dev/null 2>&1"); 351 } else { 352 cleanup(); 353 } 354 } 355 356 357 ATF_TC_WITH_CLEANUP(auditctl_failure); 358 ATF_TC_HEAD(auditctl_failure, tc) 359 { 360 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 361 "auditctl(2) call"); 362 } 363 364 ATF_TC_BODY(auditctl_failure, tc) 365 { 366 pid = getpid(); 367 snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid); 368 369 FILE *pipefd = setup(fds, auclass); 370 /* Failure reason: file does not exist */ 371 ATF_REQUIRE_EQ(-1, auditctl(NULL)); 372 check_audit(fds, adregex, pipefd); 373 } 374 375 ATF_TC_CLEANUP(auditctl_failure, tc) 376 { 377 cleanup(); 378 } 379 380 381 ATF_TC_WITH_CLEANUP(acct_success); 382 ATF_TC_HEAD(acct_success, tc) 383 { 384 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 385 "acct(2) call"); 386 atf_tc_set_md_var(tc, "require.files", 387 "/etc/rc.d/accounting /etc/rc.d/auditd"); 388 } 389 390 ATF_TC_BODY(acct_success, tc) 391 { 392 int acctinfo, filedesc2; 393 size_t len = sizeof(acctinfo); 394 const char *acctname = "kern.acct_configured"; 395 ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0)); 396 397 /* File needs to exist to start system accounting */ 398 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); 399 400 /* 401 * acctinfo = 0: System accounting was disabled 402 * acctinfo = 1: System accounting was enabled 403 */ 404 if (acctinfo) { 405 ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1); 406 close(filedesc2); 407 } 408 409 pid = getpid(); 410 snprintf(adregex, sizeof(adregex), 411 "acct.*%s.*%d.*return,success", path, pid); 412 413 /* 414 * We temporarily switch the accounting record to a file at 415 * our own configured path in order to confirm acct(2)'s successful 416 * auditing. Then we set everything back to its original state. 417 */ 418 FILE *pipefd = setup(fds, auclass); 419 ATF_REQUIRE_EQ(0, acct(path)); 420 check_audit(fds, adregex, pipefd); 421 close(filedesc); 422 } 423 424 ATF_TC_CLEANUP(acct_success, tc) 425 { 426 /* Reset accounting configured path */ 427 ATF_REQUIRE_EQ(0, system("service accounting onestop")); 428 if (atf_utils_file_exists("acct_ok")) { 429 ATF_REQUIRE_EQ(0, system("service accounting onestart")); 430 } 431 cleanup(); 432 } 433 434 435 ATF_TC_WITH_CLEANUP(acct_failure); 436 ATF_TC_HEAD(acct_failure, tc) 437 { 438 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 439 "acct(2) call"); 440 } 441 442 ATF_TC_BODY(acct_failure, tc) 443 { 444 pid = getpid(); 445 snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid); 446 447 FILE *pipefd = setup(fds, auclass); 448 /* Failure reason: File does not exist */ 449 ATF_REQUIRE_EQ(-1, acct(path)); 450 check_audit(fds, adregex, pipefd); 451 } 452 453 ATF_TC_CLEANUP(acct_failure, tc) 454 { 455 cleanup(); 456 } 457 458 459 ATF_TC_WITH_CLEANUP(getauid_success); 460 ATF_TC_HEAD(getauid_success, tc) 461 { 462 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 463 "getauid(2) call"); 464 } 465 466 ATF_TC_BODY(getauid_success, tc) 467 { 468 au_id_t auid; 469 pid = getpid(); 470 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid); 471 472 FILE *pipefd = setup(fds, auclass); 473 ATF_REQUIRE_EQ(0, getauid(&auid)); 474 check_audit(fds, adregex, pipefd); 475 } 476 477 ATF_TC_CLEANUP(getauid_success, tc) 478 { 479 cleanup(); 480 } 481 482 483 ATF_TC_WITH_CLEANUP(getauid_failure); 484 ATF_TC_HEAD(getauid_failure, tc) 485 { 486 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 487 "getauid(2) call"); 488 } 489 490 ATF_TC_BODY(getauid_failure, tc) 491 { 492 pid = getpid(); 493 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid); 494 495 FILE *pipefd = setup(fds, auclass); 496 /* Failure reason: Bad address */ 497 ATF_REQUIRE_EQ(-1, getauid(NULL)); 498 check_audit(fds, adregex, pipefd); 499 } 500 501 ATF_TC_CLEANUP(getauid_failure, tc) 502 { 503 cleanup(); 504 } 505 506 507 ATF_TC_WITH_CLEANUP(setauid_success); 508 ATF_TC_HEAD(setauid_success, tc) 509 { 510 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 511 "setauid(2) call"); 512 } 513 514 ATF_TC_BODY(setauid_success, tc) 515 { 516 au_id_t auid; 517 pid = getpid(); 518 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid); 519 ATF_REQUIRE_EQ(0, getauid(&auid)); 520 521 FILE *pipefd = setup(fds, auclass); 522 ATF_REQUIRE_EQ(0, setauid(&auid)); 523 check_audit(fds, adregex, pipefd); 524 } 525 526 ATF_TC_CLEANUP(setauid_success, tc) 527 { 528 cleanup(); 529 } 530 531 532 ATF_TC_WITH_CLEANUP(setauid_failure); 533 ATF_TC_HEAD(setauid_failure, tc) 534 { 535 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 536 "setauid(2) call"); 537 } 538 539 ATF_TC_BODY(setauid_failure, tc) 540 { 541 pid = getpid(); 542 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid); 543 544 FILE *pipefd = setup(fds, auclass); 545 /* Failure reason: Bad address */ 546 ATF_REQUIRE_EQ(-1, setauid(NULL)); 547 check_audit(fds, adregex, pipefd); 548 } 549 550 ATF_TC_CLEANUP(setauid_failure, tc) 551 { 552 cleanup(); 553 } 554 555 556 ATF_TC_WITH_CLEANUP(getaudit_success); 557 ATF_TC_HEAD(getaudit_success, tc) 558 { 559 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 560 "getaudit(2) call"); 561 } 562 563 ATF_TC_BODY(getaudit_success, tc) 564 { 565 pid = getpid(); 566 auditinfo_t auditinfo; 567 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid); 568 569 FILE *pipefd = setup(fds, auclass); 570 ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); 571 check_audit(fds, adregex, pipefd); 572 } 573 574 ATF_TC_CLEANUP(getaudit_success, tc) 575 { 576 cleanup(); 577 } 578 579 580 ATF_TC_WITH_CLEANUP(getaudit_failure); 581 ATF_TC_HEAD(getaudit_failure, tc) 582 { 583 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 584 "getaudit(2) call"); 585 } 586 587 ATF_TC_BODY(getaudit_failure, tc) 588 { 589 pid = getpid(); 590 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid); 591 592 FILE *pipefd = setup(fds, auclass); 593 /* Failure reason: Bad address */ 594 ATF_REQUIRE_EQ(-1, getaudit(NULL)); 595 check_audit(fds, adregex, pipefd); 596 } 597 598 ATF_TC_CLEANUP(getaudit_failure, tc) 599 { 600 cleanup(); 601 } 602 603 604 ATF_TC_WITH_CLEANUP(setaudit_success); 605 ATF_TC_HEAD(setaudit_success, tc) 606 { 607 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 608 "setaudit(2) call"); 609 } 610 611 ATF_TC_BODY(setaudit_success, tc) 612 { 613 pid = getpid(); 614 auditinfo_t auditinfo; 615 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid); 616 ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); 617 618 FILE *pipefd = setup(fds, auclass); 619 ATF_REQUIRE_EQ(0, setaudit(&auditinfo)); 620 check_audit(fds, adregex, pipefd); 621 } 622 623 ATF_TC_CLEANUP(setaudit_success, tc) 624 { 625 cleanup(); 626 } 627 628 629 ATF_TC_WITH_CLEANUP(setaudit_failure); 630 ATF_TC_HEAD(setaudit_failure, tc) 631 { 632 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 633 "setaudit(2) call"); 634 } 635 636 ATF_TC_BODY(setaudit_failure, tc) 637 { 638 pid = getpid(); 639 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid); 640 641 FILE *pipefd = setup(fds, auclass); 642 /* Failure reason: Bad address */ 643 ATF_REQUIRE_EQ(-1, setaudit(NULL)); 644 check_audit(fds, adregex, pipefd); 645 } 646 647 ATF_TC_CLEANUP(setaudit_failure, tc) 648 { 649 cleanup(); 650 } 651 652 653 ATF_TC_WITH_CLEANUP(getaudit_addr_success); 654 ATF_TC_HEAD(getaudit_addr_success, tc) 655 { 656 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 657 "getaudit_addr(2) call"); 658 } 659 660 ATF_TC_BODY(getaudit_addr_success, tc) 661 { 662 pid = getpid(); 663 auditinfo_addr_t auditinfo; 664 snprintf(adregex, sizeof(adregex), 665 "getaudit_addr.*%d.*return,success", pid); 666 667 FILE *pipefd = setup(fds, auclass); 668 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); 669 check_audit(fds, adregex, pipefd); 670 } 671 672 ATF_TC_CLEANUP(getaudit_addr_success, tc) 673 { 674 cleanup(); 675 } 676 677 678 ATF_TC_WITH_CLEANUP(getaudit_addr_failure); 679 ATF_TC_HEAD(getaudit_addr_failure, tc) 680 { 681 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 682 "getaudit_addr(2) call"); 683 } 684 685 ATF_TC_BODY(getaudit_addr_failure, tc) 686 { 687 pid = getpid(); 688 snprintf(adregex, sizeof(adregex), 689 "getaudit_addr.*%d.*return,failure", pid); 690 691 FILE *pipefd = setup(fds, auclass); 692 /* Failure reason: Bad address */ 693 ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0)); 694 check_audit(fds, adregex, pipefd); 695 } 696 697 ATF_TC_CLEANUP(getaudit_addr_failure, tc) 698 { 699 cleanup(); 700 } 701 702 703 ATF_TC_WITH_CLEANUP(setaudit_addr_success); 704 ATF_TC_HEAD(setaudit_addr_success, tc) 705 { 706 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 707 "setaudit_addr(2) call"); 708 } 709 710 ATF_TC_BODY(setaudit_addr_success, tc) 711 { 712 pid = getpid(); 713 auditinfo_addr_t auditinfo; 714 snprintf(adregex, sizeof(adregex), 715 "setaudit_addr.*%d.*return,success", pid); 716 717 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); 718 FILE *pipefd = setup(fds, auclass); 719 ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo))); 720 check_audit(fds, adregex, pipefd); 721 } 722 723 ATF_TC_CLEANUP(setaudit_addr_success, tc) 724 { 725 cleanup(); 726 } 727 728 729 ATF_TC_WITH_CLEANUP(setaudit_addr_failure); 730 ATF_TC_HEAD(setaudit_addr_failure, tc) 731 { 732 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 733 "setaudit_addr(2) call"); 734 } 735 736 ATF_TC_BODY(setaudit_addr_failure, tc) 737 { 738 pid = getpid(); 739 snprintf(adregex, sizeof(adregex), 740 "setaudit_addr.*%d.*return,failure", pid); 741 742 FILE *pipefd = setup(fds, auclass); 743 /* Failure reason: Bad address */ 744 ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0)); 745 check_audit(fds, adregex, pipefd); 746 } 747 748 ATF_TC_CLEANUP(setaudit_addr_failure, tc) 749 { 750 cleanup(); 751 } 752 753 /* 754 * Note: The test-case uses A_GETFSIZE as the command argument but since it is 755 * not an independent audit event, it will be used to check the default mode 756 * auditing of auditon(2) system call. 757 * 758 * Please See: sys/security/audit/audit_bsm_klib.c 759 * function(): au_event_t auditon_command_event() :: case A_GETFSIZE: 760 */ 761 ATF_TC_WITH_CLEANUP(auditon_default_success); 762 ATF_TC_HEAD(auditon_default_success, tc) 763 { 764 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 765 "auditon(2) call"); 766 } 767 768 ATF_TC_BODY(auditon_default_success, tc) 769 { 770 au_fstat_t fsize_arg; 771 bzero(&fsize_arg, sizeof(au_fstat_t)); 772 773 pid = getpid(); 774 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid); 775 776 FILE *pipefd = setup(fds, auclass); 777 ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg))); 778 check_audit(fds, adregex, pipefd); 779 } 780 781 ATF_TC_CLEANUP(auditon_default_success, tc) 782 { 783 cleanup(); 784 } 785 786 787 ATF_TC_WITH_CLEANUP(auditon_default_failure); 788 ATF_TC_HEAD(auditon_default_failure, tc) 789 { 790 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 791 "auditon(2) call"); 792 } 793 794 ATF_TC_BODY(auditon_default_failure, tc) 795 { 796 pid = getpid(); 797 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid); 798 799 FILE *pipefd = setup(fds, auclass); 800 /* Failure reason: Invalid argument */ 801 ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0)); 802 check_audit(fds, adregex, pipefd); 803 } 804 805 ATF_TC_CLEANUP(auditon_default_failure, tc) 806 { 807 cleanup(); 808 } 809 810 811 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success); 812 ATF_TC_HEAD(auditon_getpolicy_success, tc) 813 { 814 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 815 "auditon(2) call for cmd: A_GETPOLICY"); 816 } 817 818 ATF_TC_BODY(auditon_getpolicy_success, tc) 819 { 820 int aupolicy; 821 pid = getpid(); 822 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid); 823 824 FILE *pipefd = setup(fds, auclass); 825 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); 826 check_audit(fds, adregex, pipefd); 827 } 828 829 ATF_TC_CLEANUP(auditon_getpolicy_success, tc) 830 { 831 cleanup(); 832 } 833 834 835 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure); 836 ATF_TC_HEAD(auditon_getpolicy_failure, tc) 837 { 838 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 839 "auditon(2) call for cmd: A_GETPOLICY"); 840 } 841 842 ATF_TC_BODY(auditon_getpolicy_failure, tc) 843 { 844 pid = getpid(); 845 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid); 846 847 FILE *pipefd = setup(fds, auclass); 848 /* Failure reason: Invalid argument */ 849 ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0)); 850 check_audit(fds, adregex, pipefd); 851 } 852 853 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc) 854 { 855 cleanup(); 856 } 857 858 859 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success); 860 ATF_TC_HEAD(auditon_setpolicy_success, tc) 861 { 862 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 863 "auditon(2) call for cmd: A_SETPOLICY"); 864 } 865 866 ATF_TC_BODY(auditon_setpolicy_success, tc) 867 { 868 int aupolicy; 869 pid = getpid(); 870 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid); 871 872 /* Retrieve the current auditing policy, to be used with A_SETPOLICY */ 873 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); 874 FILE *pipefd = setup(fds, auclass); 875 ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy))); 876 check_audit(fds, adregex, pipefd); 877 } 878 879 ATF_TC_CLEANUP(auditon_setpolicy_success, tc) 880 { 881 cleanup(); 882 } 883 884 885 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure); 886 ATF_TC_HEAD(auditon_setpolicy_failure, tc) 887 { 888 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 889 "auditon(2) call for cmd: A_SETPOLICY"); 890 } 891 892 ATF_TC_BODY(auditon_setpolicy_failure, tc) 893 { 894 pid = getpid(); 895 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid); 896 897 FILE *pipefd = setup(fds, auclass); 898 /* Failure reason: Invalid argument */ 899 ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0)); 900 check_audit(fds, adregex, pipefd); 901 } 902 903 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc) 904 { 905 cleanup(); 906 } 907 908 909 ATF_TC_WITH_CLEANUP(auditon_getkmask_success); 910 ATF_TC_HEAD(auditon_getkmask_success, tc) 911 { 912 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 913 "auditon(2) call for cmd: A_GETKMASK"); 914 } 915 916 ATF_TC_BODY(auditon_getkmask_success, tc) 917 { 918 pid = getpid(); 919 au_mask_t evmask; 920 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid); 921 922 bzero(&evmask, sizeof(evmask)); 923 FILE *pipefd = setup(fds, auclass); 924 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); 925 check_audit(fds, adregex, pipefd); 926 } 927 928 ATF_TC_CLEANUP(auditon_getkmask_success, tc) 929 { 930 cleanup(); 931 } 932 933 934 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure); 935 ATF_TC_HEAD(auditon_getkmask_failure, tc) 936 { 937 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 938 "auditon(2) call for cmd: A_GETKMASK"); 939 } 940 941 ATF_TC_BODY(auditon_getkmask_failure, tc) 942 { 943 pid = getpid(); 944 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid); 945 946 FILE *pipefd = setup(fds, auclass); 947 /* Failure reason: Invalid au_mask_t structure */ 948 ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0)); 949 check_audit(fds, adregex, pipefd); 950 } 951 952 ATF_TC_CLEANUP(auditon_getkmask_failure, tc) 953 { 954 cleanup(); 955 } 956 957 958 ATF_TC_WITH_CLEANUP(auditon_setkmask_success); 959 ATF_TC_HEAD(auditon_setkmask_success, tc) 960 { 961 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 962 "auditon(2) call for cmd: A_SETKMASK"); 963 } 964 965 ATF_TC_BODY(auditon_setkmask_success, tc) 966 { 967 pid = getpid(); 968 au_mask_t evmask; 969 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid); 970 971 /* Retrieve the current audit mask to be used with A_SETKMASK */ 972 bzero(&evmask, sizeof(evmask)); 973 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); 974 975 FILE *pipefd = setup(fds, auclass); 976 ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask))); 977 check_audit(fds, adregex, pipefd); 978 } 979 980 ATF_TC_CLEANUP(auditon_setkmask_success, tc) 981 { 982 cleanup(); 983 } 984 985 986 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure); 987 ATF_TC_HEAD(auditon_setkmask_failure, tc) 988 { 989 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 990 "auditon(2) call for cmd: A_SETKMASK"); 991 } 992 993 ATF_TC_BODY(auditon_setkmask_failure, tc) 994 { 995 pid = getpid(); 996 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid); 997 998 FILE *pipefd = setup(fds, auclass); 999 /* Failure reason: Invalid au_mask_t structure */ 1000 ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0)); 1001 check_audit(fds, adregex, pipefd); 1002 } 1003 1004 ATF_TC_CLEANUP(auditon_setkmask_failure, tc) 1005 { 1006 cleanup(); 1007 } 1008 1009 1010 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success); 1011 ATF_TC_HEAD(auditon_getqctrl_success, tc) 1012 { 1013 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1014 "auditon(2) call for cmd: A_GETQCTRL"); 1015 } 1016 1017 ATF_TC_BODY(auditon_getqctrl_success, tc) 1018 { 1019 pid = getpid(); 1020 au_qctrl_t evqctrl; 1021 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid); 1022 1023 bzero(&evqctrl, sizeof(evqctrl)); 1024 FILE *pipefd = setup(fds, auclass); 1025 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); 1026 check_audit(fds, adregex, pipefd); 1027 } 1028 1029 ATF_TC_CLEANUP(auditon_getqctrl_success, tc) 1030 { 1031 cleanup(); 1032 } 1033 1034 1035 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure); 1036 ATF_TC_HEAD(auditon_getqctrl_failure, tc) 1037 { 1038 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1039 "auditon(2) call for cmd: A_GETQCTRL"); 1040 } 1041 1042 ATF_TC_BODY(auditon_getqctrl_failure, tc) 1043 { 1044 pid = getpid(); 1045 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid); 1046 1047 FILE *pipefd = setup(fds, auclass); 1048 /* Failure reason: Invalid au_qctrl_t structure */ 1049 ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0)); 1050 check_audit(fds, adregex, pipefd); 1051 } 1052 1053 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc) 1054 { 1055 cleanup(); 1056 } 1057 1058 1059 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success); 1060 ATF_TC_HEAD(auditon_setqctrl_success, tc) 1061 { 1062 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1063 "auditon(2) call for cmd: A_SETKMASK"); 1064 } 1065 1066 ATF_TC_BODY(auditon_setqctrl_success, tc) 1067 { 1068 pid = getpid(); 1069 au_qctrl_t evqctrl; 1070 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid); 1071 1072 /* Retrieve the current audit mask to be used with A_SETQCTRL */ 1073 bzero(&evqctrl, sizeof(evqctrl)); 1074 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); 1075 1076 FILE *pipefd = setup(fds, auclass); 1077 ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl))); 1078 check_audit(fds, adregex, pipefd); 1079 } 1080 1081 ATF_TC_CLEANUP(auditon_setqctrl_success, tc) 1082 { 1083 cleanup(); 1084 } 1085 1086 1087 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure); 1088 ATF_TC_HEAD(auditon_setqctrl_failure, tc) 1089 { 1090 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1091 "auditon(2) call for cmd: A_SETKMASK"); 1092 } 1093 1094 ATF_TC_BODY(auditon_setqctrl_failure, tc) 1095 { 1096 pid = getpid(); 1097 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid); 1098 1099 FILE *pipefd = setup(fds, auclass); 1100 /* Failure reason: Invalid au_qctrl_t structure */ 1101 ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0)); 1102 check_audit(fds, adregex, pipefd); 1103 } 1104 1105 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc) 1106 { 1107 cleanup(); 1108 } 1109 1110 1111 ATF_TC_WITH_CLEANUP(auditon_getclass_success); 1112 ATF_TC_HEAD(auditon_getclass_success, tc) 1113 { 1114 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1115 "auditon(2) call for cmd: A_GETCLASS"); 1116 } 1117 1118 ATF_TC_BODY(auditon_getclass_success, tc) 1119 { 1120 pid = getpid(); 1121 au_evclass_map_t evclass; 1122 snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid); 1123 1124 /* Initialize evclass to get the event-class mapping for auditon(2) */ 1125 evclass.ec_number = AUE_AUDITON; 1126 evclass.ec_class = 0; 1127 FILE *pipefd = setup(fds, auclass); 1128 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); 1129 check_audit(fds, adregex, pipefd); 1130 } 1131 1132 ATF_TC_CLEANUP(auditon_getclass_success, tc) 1133 { 1134 cleanup(); 1135 } 1136 1137 1138 ATF_TC_WITH_CLEANUP(auditon_getclass_failure); 1139 ATF_TC_HEAD(auditon_getclass_failure, tc) 1140 { 1141 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1142 "auditon(2) call for cmd: A_GETCLASS"); 1143 } 1144 1145 ATF_TC_BODY(auditon_getclass_failure, tc) 1146 { 1147 pid = getpid(); 1148 snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid); 1149 1150 FILE *pipefd = setup(fds, auclass); 1151 /* Failure reason: Invalid au_evclass_map_t structure */ 1152 ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0)); 1153 check_audit(fds, adregex, pipefd); 1154 } 1155 1156 ATF_TC_CLEANUP(auditon_getclass_failure, tc) 1157 { 1158 cleanup(); 1159 } 1160 1161 1162 ATF_TC_WITH_CLEANUP(auditon_setclass_success); 1163 ATF_TC_HEAD(auditon_setclass_success, tc) 1164 { 1165 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1166 "auditon(2) call for cmd: A_SETCLASS"); 1167 } 1168 1169 ATF_TC_BODY(auditon_setclass_success, tc) 1170 { 1171 pid = getpid(); 1172 au_evclass_map_t evclass; 1173 snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid); 1174 1175 /* Initialize evclass and get the event-class mapping for auditon(2) */ 1176 evclass.ec_number = AUE_AUDITON; 1177 evclass.ec_class = 0; 1178 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); 1179 1180 FILE *pipefd = setup(fds, auclass); 1181 ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass))); 1182 check_audit(fds, adregex, pipefd); 1183 } 1184 1185 ATF_TC_CLEANUP(auditon_setclass_success, tc) 1186 { 1187 cleanup(); 1188 } 1189 1190 1191 ATF_TC_WITH_CLEANUP(auditon_setclass_failure); 1192 ATF_TC_HEAD(auditon_setclass_failure, tc) 1193 { 1194 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1195 "auditon(2) call for cmd: A_SETCLASS"); 1196 } 1197 1198 ATF_TC_BODY(auditon_setclass_failure, tc) 1199 { 1200 pid = getpid(); 1201 snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid); 1202 1203 FILE *pipefd = setup(fds, auclass); 1204 /* Failure reason: Invalid au_evclass_map_t structure */ 1205 ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0)); 1206 check_audit(fds, adregex, pipefd); 1207 } 1208 1209 ATF_TC_CLEANUP(auditon_setclass_failure, tc) 1210 { 1211 cleanup(); 1212 } 1213 1214 1215 ATF_TC_WITH_CLEANUP(auditon_getcond_success); 1216 ATF_TC_HEAD(auditon_getcond_success, tc) 1217 { 1218 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1219 "auditon(2) call for cmd: A_GETCOND"); 1220 } 1221 1222 ATF_TC_BODY(auditon_getcond_success, tc) 1223 { 1224 int auditcond; 1225 pid = getpid(); 1226 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid); 1227 1228 FILE *pipefd = setup(fds, auclass); 1229 ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond))); 1230 check_audit(fds, adregex, pipefd); 1231 } 1232 1233 ATF_TC_CLEANUP(auditon_getcond_success, tc) 1234 { 1235 cleanup(); 1236 } 1237 1238 1239 ATF_TC_WITH_CLEANUP(auditon_getcond_failure); 1240 ATF_TC_HEAD(auditon_getcond_failure, tc) 1241 { 1242 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1243 "auditon(2) call for cmd: A_GETCOND"); 1244 } 1245 1246 ATF_TC_BODY(auditon_getcond_failure, tc) 1247 { 1248 pid = getpid(); 1249 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid); 1250 1251 FILE *pipefd = setup(fds, auclass); 1252 /* Failure reason: Invalid argument */ 1253 ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0)); 1254 check_audit(fds, adregex, pipefd); 1255 } 1256 1257 ATF_TC_CLEANUP(auditon_getcond_failure, tc) 1258 { 1259 cleanup(); 1260 } 1261 1262 1263 ATF_TC_WITH_CLEANUP(auditon_setcond_success); 1264 ATF_TC_HEAD(auditon_setcond_success, tc) 1265 { 1266 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1267 "auditon(2) call for cmd: A_SETCOND"); 1268 } 1269 1270 ATF_TC_BODY(auditon_setcond_success, tc) 1271 { 1272 int auditcond = AUC_AUDITING; 1273 pid = getpid(); 1274 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid); 1275 1276 FILE *pipefd = setup(fds, auclass); 1277 /* At this point auditd is running, so the audit state is AUC_AUDITING */ 1278 ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond))); 1279 check_audit(fds, adregex, pipefd); 1280 } 1281 1282 ATF_TC_CLEANUP(auditon_setcond_success, tc) 1283 { 1284 cleanup(); 1285 } 1286 1287 1288 ATF_TC_WITH_CLEANUP(auditon_setcond_failure); 1289 ATF_TC_HEAD(auditon_setcond_failure, tc) 1290 { 1291 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1292 "auditon(2) call for cmd: A_SETCOND"); 1293 } 1294 1295 ATF_TC_BODY(auditon_setcond_failure, tc) 1296 { 1297 pid = getpid(); 1298 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid); 1299 1300 FILE *pipefd = setup(fds, auclass); 1301 /* Failure reason: Invalid argument */ 1302 ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0)); 1303 check_audit(fds, adregex, pipefd); 1304 } 1305 1306 ATF_TC_CLEANUP(auditon_setcond_failure, tc) 1307 { 1308 cleanup(); 1309 } 1310 1311 /* 1312 * Following test-cases for auditon(2) are all in failure mode only as although 1313 * auditable, they have not been implemented and return ENOSYS whenever called. 1314 * 1315 * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK 1316 */ 1317 1318 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure); 1319 ATF_TC_HEAD(auditon_getcwd_failure, tc) 1320 { 1321 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1322 "auditon(2) call for cmd: A_GETCWD"); 1323 } 1324 1325 ATF_TC_BODY(auditon_getcwd_failure, tc) 1326 { 1327 pid = getpid(); 1328 snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid); 1329 1330 FILE *pipefd = setup(fds, auclass); 1331 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def, 1332 sizeof(auditon_def)) == -1); 1333 check_audit(fds, adregex, pipefd); 1334 } 1335 1336 ATF_TC_CLEANUP(auditon_getcwd_failure, tc) 1337 { 1338 cleanup(); 1339 } 1340 1341 1342 ATF_TC_WITH_CLEANUP(auditon_getcar_failure); 1343 ATF_TC_HEAD(auditon_getcar_failure, tc) 1344 { 1345 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1346 "auditon(2) call for cmd: A_GETCAR"); 1347 } 1348 1349 ATF_TC_BODY(auditon_getcar_failure, tc) 1350 { 1351 pid = getpid(); 1352 snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid); 1353 1354 FILE *pipefd = setup(fds, auclass); 1355 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def, 1356 sizeof(auditon_def)) == -1); 1357 check_audit(fds, adregex, pipefd); 1358 } 1359 1360 ATF_TC_CLEANUP(auditon_getcar_failure, tc) 1361 { 1362 cleanup(); 1363 } 1364 1365 1366 ATF_TC_WITH_CLEANUP(auditon_getstat_failure); 1367 ATF_TC_HEAD(auditon_getstat_failure, tc) 1368 { 1369 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1370 "auditon(2) call for cmd: A_GETSTAT"); 1371 } 1372 1373 ATF_TC_BODY(auditon_getstat_failure, tc) 1374 { 1375 pid = getpid(); 1376 snprintf(adregex, sizeof(adregex), 1377 "get audit statistics.*%d.*return,failure", pid); 1378 1379 FILE *pipefd = setup(fds, auclass); 1380 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def, 1381 sizeof(auditon_def)) == -1); 1382 check_audit(fds, adregex, pipefd); 1383 } 1384 1385 ATF_TC_CLEANUP(auditon_getstat_failure, tc) 1386 { 1387 cleanup(); 1388 } 1389 1390 1391 ATF_TC_WITH_CLEANUP(auditon_setstat_failure); 1392 ATF_TC_HEAD(auditon_setstat_failure, tc) 1393 { 1394 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1395 "auditon(2) call for cmd: A_SETSTAT"); 1396 } 1397 1398 ATF_TC_BODY(auditon_setstat_failure, tc) 1399 { 1400 pid = getpid(); 1401 snprintf(adregex, sizeof(adregex), 1402 "set audit statistics.*%d.*return,failure", pid); 1403 1404 FILE *pipefd = setup(fds, auclass); 1405 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def, 1406 sizeof(auditon_def)) == -1); 1407 check_audit(fds, adregex, pipefd); 1408 } 1409 1410 ATF_TC_CLEANUP(auditon_setstat_failure, tc) 1411 { 1412 cleanup(); 1413 } 1414 1415 1416 ATF_TC_WITH_CLEANUP(auditon_setumask_failure); 1417 ATF_TC_HEAD(auditon_setumask_failure, tc) 1418 { 1419 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1420 "auditon(2) call for cmd: A_SETUMASK"); 1421 } 1422 1423 ATF_TC_BODY(auditon_setumask_failure, tc) 1424 { 1425 pid = getpid(); 1426 snprintf(adregex, sizeof(adregex), 1427 "set mask per uid.*%d.*return,failure", pid); 1428 1429 FILE *pipefd = setup(fds, auclass); 1430 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def, 1431 sizeof(auditon_def)) == -1); 1432 check_audit(fds, adregex, pipefd); 1433 } 1434 1435 ATF_TC_CLEANUP(auditon_setumask_failure, tc) 1436 { 1437 cleanup(); 1438 } 1439 1440 1441 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure); 1442 ATF_TC_HEAD(auditon_setsmask_failure, tc) 1443 { 1444 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1445 "auditon(2) call for cmd: A_SETSMASK"); 1446 } 1447 1448 ATF_TC_BODY(auditon_setsmask_failure, tc) 1449 { 1450 pid = getpid(); 1451 snprintf(adregex, sizeof(adregex), 1452 "set mask per session.*%d.*return,failure", pid); 1453 1454 FILE *pipefd = setup(fds, auclass); 1455 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def, 1456 sizeof(auditon_def)) == -1); 1457 check_audit(fds, adregex, pipefd); 1458 } 1459 1460 ATF_TC_CLEANUP(auditon_setsmask_failure, tc) 1461 { 1462 cleanup(); 1463 } 1464 1465 1466 /* 1467 * Audit of reboot(2) cannot be tested in normal conditions as we don't want 1468 * to reboot the system while running the tests 1469 */ 1470 1471 1472 ATF_TC_WITH_CLEANUP(reboot_failure); 1473 ATF_TC_HEAD(reboot_failure, tc) 1474 { 1475 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1476 "reboot(2) call"); 1477 } 1478 1479 ATF_TC_BODY(reboot_failure, tc) 1480 { 1481 pid = getpid(); 1482 snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid); 1483 1484 FILE *pipefd = setup(fds, auclass); 1485 ATF_REQUIRE_EQ(-1, reboot(-1)); 1486 check_audit(fds, adregex, pipefd); 1487 } 1488 1489 ATF_TC_CLEANUP(reboot_failure, tc) 1490 { 1491 cleanup(); 1492 } 1493 1494 1495 /* 1496 * Audit of quotactl(2) cannot be tested in normal conditions as we don't want 1497 * to tamper with filesystem quotas 1498 */ 1499 1500 1501 ATF_TC_WITH_CLEANUP(quotactl_failure); 1502 ATF_TC_HEAD(quotactl_failure, tc) 1503 { 1504 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1505 "quotactl(2) call"); 1506 } 1507 1508 ATF_TC_BODY(quotactl_failure, tc) 1509 { 1510 pid = getpid(); 1511 snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid); 1512 1513 FILE *pipefd = setup(fds, auclass); 1514 ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL)); 1515 check_audit(fds, adregex, pipefd); 1516 } 1517 1518 ATF_TC_CLEANUP(quotactl_failure, tc) 1519 { 1520 cleanup(); 1521 } 1522 1523 1524 ATF_TC_WITH_CLEANUP(mount_failure); 1525 ATF_TC_HEAD(mount_failure, tc) 1526 { 1527 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1528 "mount(2) call"); 1529 } 1530 1531 ATF_TC_BODY(mount_failure, tc) 1532 { 1533 pid = getpid(); 1534 snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid); 1535 1536 FILE *pipefd = setup(fds, auclass); 1537 ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL)); 1538 check_audit(fds, adregex, pipefd); 1539 } 1540 1541 ATF_TC_CLEANUP(mount_failure, tc) 1542 { 1543 cleanup(); 1544 } 1545 1546 1547 ATF_TC_WITH_CLEANUP(nmount_failure); 1548 ATF_TC_HEAD(nmount_failure, tc) 1549 { 1550 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1551 "nmount(2) call"); 1552 } 1553 1554 ATF_TC_BODY(nmount_failure, tc) 1555 { 1556 pid = getpid(); 1557 snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid); 1558 1559 FILE *pipefd = setup(fds, auclass); 1560 ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0)); 1561 check_audit(fds, adregex, pipefd); 1562 } 1563 1564 ATF_TC_CLEANUP(nmount_failure, tc) 1565 { 1566 cleanup(); 1567 } 1568 1569 1570 ATF_TC_WITH_CLEANUP(swapon_failure); 1571 ATF_TC_HEAD(swapon_failure, tc) 1572 { 1573 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1574 "swapon(2) call"); 1575 } 1576 1577 ATF_TC_BODY(swapon_failure, tc) 1578 { 1579 pid = getpid(); 1580 snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid); 1581 1582 FILE *pipefd = setup(fds, auclass); 1583 /* Failure reason: Block device required */ 1584 ATF_REQUIRE_EQ(-1, swapon(path)); 1585 check_audit(fds, adregex, pipefd); 1586 } 1587 1588 ATF_TC_CLEANUP(swapon_failure, tc) 1589 { 1590 cleanup(); 1591 } 1592 1593 1594 ATF_TC_WITH_CLEANUP(swapoff_failure); 1595 ATF_TC_HEAD(swapoff_failure, tc) 1596 { 1597 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1598 "swapoff(2) call"); 1599 } 1600 1601 ATF_TC_BODY(swapoff_failure, tc) 1602 { 1603 pid = getpid(); 1604 snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid); 1605 1606 FILE *pipefd = setup(fds, auclass); 1607 /* Failure reason: Block device required */ 1608 ATF_REQUIRE_EQ(-1, swapoff(path, 0)); 1609 check_audit(fds, adregex, pipefd); 1610 } 1611 1612 ATF_TC_CLEANUP(swapoff_failure, tc) 1613 { 1614 cleanup(); 1615 } 1616 1617 1618 ATF_TP_ADD_TCS(tp) 1619 { 1620 ATF_TP_ADD_TC(tp, settimeofday_success); 1621 ATF_TP_ADD_TC(tp, settimeofday_failure); 1622 ATF_TP_ADD_TC(tp, clock_settime_success); 1623 ATF_TP_ADD_TC(tp, clock_settime_failure); 1624 ATF_TP_ADD_TC(tp, adjtime_success); 1625 ATF_TP_ADD_TC(tp, adjtime_failure); 1626 ATF_TP_ADD_TC(tp, ntp_adjtime_success); 1627 ATF_TP_ADD_TC(tp, ntp_adjtime_failure); 1628 1629 ATF_TP_ADD_TC(tp, nfs_getfh_success); 1630 ATF_TP_ADD_TC(tp, nfs_getfh_failure); 1631 ATF_TP_ADD_TC(tp, acct_success); 1632 ATF_TP_ADD_TC(tp, acct_failure); 1633 ATF_TP_ADD_TC(tp, auditctl_success); 1634 ATF_TP_ADD_TC(tp, auditctl_failure); 1635 1636 ATF_TP_ADD_TC(tp, getauid_success); 1637 ATF_TP_ADD_TC(tp, getauid_failure); 1638 ATF_TP_ADD_TC(tp, setauid_success); 1639 ATF_TP_ADD_TC(tp, setauid_failure); 1640 1641 ATF_TP_ADD_TC(tp, getaudit_success); 1642 ATF_TP_ADD_TC(tp, getaudit_failure); 1643 ATF_TP_ADD_TC(tp, setaudit_success); 1644 ATF_TP_ADD_TC(tp, setaudit_failure); 1645 1646 ATF_TP_ADD_TC(tp, getaudit_addr_success); 1647 ATF_TP_ADD_TC(tp, getaudit_addr_failure); 1648 ATF_TP_ADD_TC(tp, setaudit_addr_success); 1649 ATF_TP_ADD_TC(tp, setaudit_addr_failure); 1650 1651 ATF_TP_ADD_TC(tp, auditon_default_success); 1652 ATF_TP_ADD_TC(tp, auditon_default_failure); 1653 1654 ATF_TP_ADD_TC(tp, auditon_getpolicy_success); 1655 ATF_TP_ADD_TC(tp, auditon_getpolicy_failure); 1656 ATF_TP_ADD_TC(tp, auditon_setpolicy_success); 1657 ATF_TP_ADD_TC(tp, auditon_setpolicy_failure); 1658 1659 ATF_TP_ADD_TC(tp, auditon_getkmask_success); 1660 ATF_TP_ADD_TC(tp, auditon_getkmask_failure); 1661 ATF_TP_ADD_TC(tp, auditon_setkmask_success); 1662 ATF_TP_ADD_TC(tp, auditon_setkmask_failure); 1663 1664 ATF_TP_ADD_TC(tp, auditon_getqctrl_success); 1665 ATF_TP_ADD_TC(tp, auditon_getqctrl_failure); 1666 ATF_TP_ADD_TC(tp, auditon_setqctrl_success); 1667 ATF_TP_ADD_TC(tp, auditon_setqctrl_failure); 1668 1669 ATF_TP_ADD_TC(tp, auditon_getclass_success); 1670 ATF_TP_ADD_TC(tp, auditon_getclass_failure); 1671 ATF_TP_ADD_TC(tp, auditon_setclass_success); 1672 ATF_TP_ADD_TC(tp, auditon_setclass_failure); 1673 1674 ATF_TP_ADD_TC(tp, auditon_getcond_success); 1675 ATF_TP_ADD_TC(tp, auditon_getcond_failure); 1676 ATF_TP_ADD_TC(tp, auditon_setcond_success); 1677 ATF_TP_ADD_TC(tp, auditon_setcond_failure); 1678 1679 ATF_TP_ADD_TC(tp, auditon_getcwd_failure); 1680 ATF_TP_ADD_TC(tp, auditon_getcar_failure); 1681 ATF_TP_ADD_TC(tp, auditon_getstat_failure); 1682 ATF_TP_ADD_TC(tp, auditon_setstat_failure); 1683 ATF_TP_ADD_TC(tp, auditon_setumask_failure); 1684 ATF_TP_ADD_TC(tp, auditon_setsmask_failure); 1685 1686 ATF_TP_ADD_TC(tp, reboot_failure); 1687 ATF_TP_ADD_TC(tp, quotactl_failure); 1688 ATF_TP_ADD_TC(tp, mount_failure); 1689 ATF_TP_ADD_TC(tp, nmount_failure); 1690 ATF_TP_ADD_TC(tp, swapon_failure); 1691 ATF_TP_ADD_TC(tp, swapoff_failure); 1692 1693 return (atf_no_error()); 1694 } 1695