xref: /freebsd/tests/sys/audit/administrative.c (revision 964219664dcec4198441910904fb9064569d174d) 
1 /*-
2  * Copyright (c) 2018 Aniket Pandey
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * SUCH DAMAGE.
24  *
25  * $FreeBSD$
26  */
27 
28 #include <sys/param.h>
29 #include <sys/mount.h>
30 #include <sys/time.h>
31 
32 #include <atf-c.h>
33 #include <fcntl.h>
34 #include <unistd.h>
35 
36 #include "utils.h"
37 
38 static pid_t pid;
39 static int filedesc;
40 static mode_t mode = 0777;
41 static struct pollfd fds[1];
42 static char adregex[80];
43 static const char *auclass = "ad";
44 static const char *path = "fileforaudit";
45 
46 
47 ATF_TC_WITH_CLEANUP(settimeofday_success);
48 ATF_TC_HEAD(settimeofday_success, tc)
49 {
50 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
51 					"settimeofday(2) call");
52 }
53 
54 ATF_TC_BODY(settimeofday_success, tc)
55 {
56 	pid = getpid();
57 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
58 
59 	struct timeval tp;
60 	struct timezone tzp;
61 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
62 
63 	FILE *pipefd = setup(fds, auclass);
64 	/* Setting the same time as obtained by gettimeofday(2) */
65 	ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
66 	check_audit(fds, adregex, pipefd);
67 }
68 
69 ATF_TC_CLEANUP(settimeofday_success, tc)
70 {
71 	cleanup();
72 }
73 
74 
75 ATF_TC_WITH_CLEANUP(settimeofday_failure);
76 ATF_TC_HEAD(settimeofday_failure, tc)
77 {
78 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
79 					"settimeofday(2) call");
80 }
81 
82 ATF_TC_BODY(settimeofday_failure, tc)
83 {
84 	pid = getpid();
85 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
86 
87 	struct timeval tp;
88 	struct timezone tzp;
89 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
90 
91 	FILE *pipefd = setup(fds, auclass);
92 	tp.tv_sec = -1;
93 	/* Failure reason: Invalid value for tp.tv_sec; */
94 	ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
95 	check_audit(fds, adregex, pipefd);
96 }
97 
98 ATF_TC_CLEANUP(settimeofday_failure, tc)
99 {
100 	cleanup();
101 }
102 
103 
104 ATF_TC_WITH_CLEANUP(adjtime_success);
105 ATF_TC_HEAD(adjtime_success, tc)
106 {
107 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
108 					"adjtime(2) call");
109 }
110 
111 ATF_TC_BODY(adjtime_success, tc)
112 {
113 	pid = getpid();
114 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
115 
116 	FILE *pipefd = setup(fds, auclass);
117 	/* We don't want to change the system time, hence NULL */
118 	ATF_REQUIRE_EQ(0, adjtime(NULL,NULL));
119 	check_audit(fds, adregex, pipefd);
120 }
121 
122 ATF_TC_CLEANUP(adjtime_success, tc)
123 {
124 	cleanup();
125 }
126 
127 
128 ATF_TC_WITH_CLEANUP(adjtime_failure);
129 ATF_TC_HEAD(adjtime_failure, tc)
130 {
131 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
132 					"adjtime(2) call");
133 }
134 
135 ATF_TC_BODY(adjtime_failure, tc)
136 {
137 	pid = getpid();
138 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
139 
140 	FILE *pipefd = setup(fds, auclass);
141 	ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
142 	check_audit(fds, adregex, pipefd);
143 }
144 
145 ATF_TC_CLEANUP(adjtime_failure, tc)
146 {
147 	cleanup();
148 }
149 
150 
151 
152 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
153 ATF_TC_HEAD(nfs_getfh_success, tc)
154 {
155 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
156 					"getfh(2) call");
157 }
158 
159 ATF_TC_BODY(nfs_getfh_success, tc)
160 {
161 	fhandle_t fhp;
162 	pid = getpid();
163 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
164 
165 	/* File needs to exist to call getfh(2) */
166 	ATF_REQUIRE(filedesc = open(path, O_CREAT, mode) != -1);
167 	FILE *pipefd = setup(fds, auclass);
168 	ATF_REQUIRE_EQ(0, getfh(path, &fhp));
169 	check_audit(fds, adregex, pipefd);
170 	close(filedesc);
171 }
172 
173 ATF_TC_CLEANUP(nfs_getfh_success, tc)
174 {
175 	cleanup();
176 }
177 
178 
179 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
180 ATF_TC_HEAD(nfs_getfh_failure, tc)
181 {
182 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
183 					"getfh(2) call");
184 }
185 
186 ATF_TC_BODY(nfs_getfh_failure, tc)
187 {
188 	pid = getpid();
189 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
190 
191 	FILE *pipefd = setup(fds, auclass);
192 	/* Failure reason: file does not exist */
193 	ATF_REQUIRE_EQ(-1, getfh(path, NULL));
194 	check_audit(fds, adregex, pipefd);
195 }
196 
197 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
198 {
199 	cleanup();
200 }
201 
202 
203 ATF_TC_WITH_CLEANUP(getauid_success);
204 ATF_TC_HEAD(getauid_success, tc)
205 {
206 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
207 					"getauid(2) call");
208 }
209 
210 ATF_TC_BODY(getauid_success, tc)
211 {
212 	au_id_t auid;
213 	pid = getpid();
214 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
215 
216 	FILE *pipefd = setup(fds, auclass);
217 	ATF_REQUIRE_EQ(0, getauid(&auid));
218 	check_audit(fds, adregex, pipefd);
219 }
220 
221 ATF_TC_CLEANUP(getauid_success, tc)
222 {
223 	cleanup();
224 }
225 
226 
227 ATF_TC_WITH_CLEANUP(getauid_failure);
228 ATF_TC_HEAD(getauid_failure, tc)
229 {
230 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
231 					"getauid(2) call");
232 }
233 
234 ATF_TC_BODY(getauid_failure, tc)
235 {
236 	pid = getpid();
237 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
238 
239 	FILE *pipefd = setup(fds, auclass);
240 	/* Failure reason: Bad address */
241 	ATF_REQUIRE_EQ(-1, getauid(NULL));
242 	check_audit(fds, adregex, pipefd);
243 }
244 
245 ATF_TC_CLEANUP(getauid_failure, tc)
246 {
247 	cleanup();
248 }
249 
250 
251 ATF_TC_WITH_CLEANUP(setauid_success);
252 ATF_TC_HEAD(setauid_success, tc)
253 {
254 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
255 					"setauid(2) call");
256 }
257 
258 ATF_TC_BODY(setauid_success, tc)
259 {
260 	au_id_t auid;
261 	pid = getpid();
262 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
263 	ATF_REQUIRE_EQ(0, getauid(&auid));
264 
265 	FILE *pipefd = setup(fds, auclass);
266 	ATF_REQUIRE_EQ(0, setauid(&auid));
267 	check_audit(fds, adregex, pipefd);
268 }
269 
270 ATF_TC_CLEANUP(setauid_success, tc)
271 {
272 	cleanup();
273 }
274 
275 
276 ATF_TC_WITH_CLEANUP(setauid_failure);
277 ATF_TC_HEAD(setauid_failure, tc)
278 {
279 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
280 					"setauid(2) call");
281 }
282 
283 ATF_TC_BODY(setauid_failure, tc)
284 {
285 	pid = getpid();
286 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
287 
288 	FILE *pipefd = setup(fds, auclass);
289 	/* Failure reason: Bad address */
290 	ATF_REQUIRE_EQ(-1, setauid(NULL));
291 	check_audit(fds, adregex, pipefd);
292 }
293 
294 ATF_TC_CLEANUP(setauid_failure, tc)
295 {
296 	cleanup();
297 }
298 
299 
300 ATF_TC_WITH_CLEANUP(getaudit_success);
301 ATF_TC_HEAD(getaudit_success, tc)
302 {
303 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
304 					"getaudit(2) call");
305 }
306 
307 ATF_TC_BODY(getaudit_success, tc)
308 {
309 	pid = getpid();
310 	auditinfo_t auditinfo;
311 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
312 
313 	FILE *pipefd = setup(fds, auclass);
314 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
315 	check_audit(fds, adregex, pipefd);
316 }
317 
318 ATF_TC_CLEANUP(getaudit_success, tc)
319 {
320 	cleanup();
321 }
322 
323 
324 ATF_TC_WITH_CLEANUP(getaudit_failure);
325 ATF_TC_HEAD(getaudit_failure, tc)
326 {
327 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
328 					"getaudit(2) call");
329 }
330 
331 ATF_TC_BODY(getaudit_failure, tc)
332 {
333 	pid = getpid();
334 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
335 
336 	FILE *pipefd = setup(fds, auclass);
337 	/* Failure reason: Bad address */
338 	ATF_REQUIRE_EQ(-1, getaudit(NULL));
339 	check_audit(fds, adregex, pipefd);
340 }
341 
342 ATF_TC_CLEANUP(getaudit_failure, tc)
343 {
344 	cleanup();
345 }
346 
347 
348 ATF_TC_WITH_CLEANUP(setaudit_success);
349 ATF_TC_HEAD(setaudit_success, tc)
350 {
351 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
352 					"setaudit(2) call");
353 }
354 
355 ATF_TC_BODY(setaudit_success, tc)
356 {
357 	pid = getpid();
358 	auditinfo_t auditinfo;
359 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
360 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
361 
362 	FILE *pipefd = setup(fds, auclass);
363 	ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
364 	check_audit(fds, adregex, pipefd);
365 }
366 
367 ATF_TC_CLEANUP(setaudit_success, tc)
368 {
369 	cleanup();
370 }
371 
372 
373 ATF_TC_WITH_CLEANUP(setaudit_failure);
374 ATF_TC_HEAD(setaudit_failure, tc)
375 {
376 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
377 					"setaudit(2) call");
378 }
379 
380 ATF_TC_BODY(setaudit_failure, tc)
381 {
382 	pid = getpid();
383 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
384 
385 	FILE *pipefd = setup(fds, auclass);
386 	/* Failure reason: Bad address */
387 	ATF_REQUIRE_EQ(-1, setaudit(NULL));
388 	check_audit(fds, adregex, pipefd);
389 }
390 
391 ATF_TC_CLEANUP(setaudit_failure, tc)
392 {
393 	cleanup();
394 }
395 
396 
397 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
398 ATF_TC_HEAD(getaudit_addr_success, tc)
399 {
400 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
401 					"getaudit_addr(2) call");
402 }
403 
404 ATF_TC_BODY(getaudit_addr_success, tc)
405 {
406 	pid = getpid();
407 	auditinfo_addr_t auditinfo;
408 	snprintf(adregex, sizeof(adregex),
409 		"getaudit_addr.*%d.*return,success", pid);
410 
411 	FILE *pipefd = setup(fds, auclass);
412 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
413 	check_audit(fds, adregex, pipefd);
414 }
415 
416 ATF_TC_CLEANUP(getaudit_addr_success, tc)
417 {
418 	cleanup();
419 }
420 
421 
422 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
423 ATF_TC_HEAD(getaudit_addr_failure, tc)
424 {
425 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
426 					"getaudit_addr(2) call");
427 }
428 
429 ATF_TC_BODY(getaudit_addr_failure, tc)
430 {
431 	pid = getpid();
432 	snprintf(adregex, sizeof(adregex),
433 		"getaudit_addr.*%d.*return,failure", pid);
434 
435 	FILE *pipefd = setup(fds, auclass);
436 	/* Failure reason: Bad address */
437 	ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
438 	check_audit(fds, adregex, pipefd);
439 }
440 
441 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
442 {
443 	cleanup();
444 }
445 
446 
447 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
448 ATF_TC_HEAD(setaudit_addr_success, tc)
449 {
450 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
451 					"setaudit_addr(2) call");
452 }
453 
454 ATF_TC_BODY(setaudit_addr_success, tc)
455 {
456 	pid = getpid();
457 	auditinfo_addr_t auditinfo;
458 	snprintf(adregex, sizeof(adregex),
459 		"setaudit_addr.*%d.*return,success", pid);
460 
461 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
462 	FILE *pipefd = setup(fds, auclass);
463 	ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
464 	check_audit(fds, adregex, pipefd);
465 }
466 
467 ATF_TC_CLEANUP(setaudit_addr_success, tc)
468 {
469 	cleanup();
470 }
471 
472 
473 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
474 ATF_TC_HEAD(setaudit_addr_failure, tc)
475 {
476 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
477 					"setaudit_addr(2) call");
478 }
479 
480 ATF_TC_BODY(setaudit_addr_failure, tc)
481 {
482 	pid = getpid();
483 	snprintf(adregex, sizeof(adregex),
484 		"setaudit_addr.*%d.*return,failure", pid);
485 
486 	FILE *pipefd = setup(fds, auclass);
487 	/* Failure reason: Bad address */
488 	ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
489 	check_audit(fds, adregex, pipefd);
490 }
491 
492 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
493 {
494 	cleanup();
495 }
496 
497 
498 ATF_TP_ADD_TCS(tp)
499 {
500 	ATF_TP_ADD_TC(tp, settimeofday_success);
501 	ATF_TP_ADD_TC(tp, settimeofday_failure);
502 	ATF_TP_ADD_TC(tp, adjtime_success);
503 	ATF_TP_ADD_TC(tp, adjtime_failure);
504 
505 	ATF_TP_ADD_TC(tp, nfs_getfh_success);
506 	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
507 
508 	ATF_TP_ADD_TC(tp, getauid_success);
509 	ATF_TP_ADD_TC(tp, getauid_failure);
510 	ATF_TP_ADD_TC(tp, setauid_success);
511 	ATF_TP_ADD_TC(tp, setauid_failure);
512 
513 	ATF_TP_ADD_TC(tp, getaudit_success);
514 	ATF_TP_ADD_TC(tp, getaudit_failure);
515 	ATF_TP_ADD_TC(tp, setaudit_success);
516 	ATF_TP_ADD_TC(tp, setaudit_failure);
517 
518 	ATF_TP_ADD_TC(tp, getaudit_addr_success);
519 	ATF_TP_ADD_TC(tp, getaudit_addr_failure);
520 	ATF_TP_ADD_TC(tp, setaudit_addr_success);
521 	ATF_TP_ADD_TC(tp, setaudit_addr_failure);
522 
523 	return (atf_no_error());
524 }
525