xref: /freebsd/tests/sys/audit/administrative.c (revision da5432eda807c4b7232d030d5157d5b417ea4f52)
1 /*-
2  * Copyright (c) 2018 Aniket Pandey
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/param.h>
27 #include <sys/mount.h>
28 #include <sys/reboot.h>
29 #include <sys/stat.h>
30 #include <sys/sysctl.h>
31 #include <sys/time.h>
32 #include <sys/timespec.h>
33 #include <sys/timex.h>
34 
35 #include <bsm/audit.h>
36 #include <bsm/audit_kevents.h>
37 #include <ufs/ufs/quota.h>
38 
39 #include <atf-c.h>
40 #include <errno.h>
41 #include <fcntl.h>
42 #include <stdlib.h>
43 #include <time.h>
44 #include <unistd.h>
45 
46 #include "utils.h"
47 
48 static pid_t pid;
49 static int filedesc;
50 /* Default argument for handling ENOSYS in auditon(2) functions */
51 static int auditon_def = 0;
52 static mode_t mode = 0777;
53 static struct pollfd fds[1];
54 static char adregex[80];
55 static const char *auclass = "ad";
56 static const char *path = "fileforaudit";
57 static const char *successreg = "fileforaudit.*return,success";
58 
59 
60 ATF_TC_WITH_CLEANUP(settimeofday_success);
61 ATF_TC_HEAD(settimeofday_success, tc)
62 {
63 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
64 					"settimeofday(2) call");
65 }
66 
67 ATF_TC_BODY(settimeofday_success, tc)
68 {
69 	pid = getpid();
70 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
71 
72 	struct timeval tp;
73 	struct timezone tzp;
74 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
75 
76 	FILE *pipefd = setup(fds, auclass);
77 	/* Setting the same time as obtained by gettimeofday(2) */
78 	ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
79 	check_audit(fds, adregex, pipefd);
80 }
81 
82 ATF_TC_CLEANUP(settimeofday_success, tc)
83 {
84 	cleanup();
85 }
86 
87 
88 ATF_TC_WITH_CLEANUP(settimeofday_failure);
89 ATF_TC_HEAD(settimeofday_failure, tc)
90 {
91 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
92 					"settimeofday(2) call");
93 }
94 
95 ATF_TC_BODY(settimeofday_failure, tc)
96 {
97 	pid = getpid();
98 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
99 
100 	struct timeval tp;
101 	struct timezone tzp;
102 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
103 
104 	FILE *pipefd = setup(fds, auclass);
105 	tp.tv_sec = -1;
106 	/* Failure reason: Invalid value for tp.tv_sec; */
107 	ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
108 	check_audit(fds, adregex, pipefd);
109 }
110 
111 ATF_TC_CLEANUP(settimeofday_failure, tc)
112 {
113 	cleanup();
114 }
115 
116 
117 ATF_TC_WITH_CLEANUP(clock_settime_success);
118 ATF_TC_HEAD(clock_settime_success, tc)
119 {
120 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
121 					"clock_settime(2) call");
122 }
123 
124 ATF_TC_BODY(clock_settime_success, tc)
125 {
126 	pid = getpid();
127 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
128 
129 	struct timespec tp;
130 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
131 
132 	FILE *pipefd = setup(fds, auclass);
133 	/* Setting the same time as obtained by clock_gettime(2) */
134 	ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
135 	check_audit(fds, adregex, pipefd);
136 }
137 
138 ATF_TC_CLEANUP(clock_settime_success, tc)
139 {
140 	cleanup();
141 }
142 
143 
144 ATF_TC_WITH_CLEANUP(clock_settime_failure);
145 ATF_TC_HEAD(clock_settime_failure, tc)
146 {
147 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
148 					"clock_settime(2) call");
149 }
150 
151 ATF_TC_BODY(clock_settime_failure, tc)
152 {
153 	pid = getpid();
154 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
155 
156 	struct timespec tp;
157 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
158 
159 	FILE *pipefd = setup(fds, auclass);
160 	/* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
161 	ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
162 	check_audit(fds, adregex, pipefd);
163 }
164 
165 ATF_TC_CLEANUP(clock_settime_failure, tc)
166 {
167 	cleanup();
168 }
169 
170 
171 ATF_TC_WITH_CLEANUP(adjtime_success);
172 ATF_TC_HEAD(adjtime_success, tc)
173 {
174 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
175 					"adjtime(2) call");
176 }
177 
178 ATF_TC_BODY(adjtime_success, tc)
179 {
180 	pid = getpid();
181 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
182 
183 	FILE *pipefd = setup(fds, auclass);
184 	/* We don't want to change the system time, hence NULL */
185 	ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
186 	check_audit(fds, adregex, pipefd);
187 }
188 
189 ATF_TC_CLEANUP(adjtime_success, tc)
190 {
191 	cleanup();
192 }
193 
194 
195 ATF_TC_WITH_CLEANUP(adjtime_failure);
196 ATF_TC_HEAD(adjtime_failure, tc)
197 {
198 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
199 					"adjtime(2) call");
200 }
201 
202 ATF_TC_BODY(adjtime_failure, tc)
203 {
204 	pid = getpid();
205 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
206 
207 	FILE *pipefd = setup(fds, auclass);
208 	ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
209 	check_audit(fds, adregex, pipefd);
210 }
211 
212 ATF_TC_CLEANUP(adjtime_failure, tc)
213 {
214 	cleanup();
215 }
216 
217 
218 ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
219 ATF_TC_HEAD(ntp_adjtime_success, tc)
220 {
221 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
222 					"ntp_adjtime(2) call");
223 }
224 
225 ATF_TC_BODY(ntp_adjtime_success, tc)
226 {
227 	struct timex timebuff;
228 	bzero(&timebuff, sizeof(timebuff));
229 
230 	pid = getpid();
231 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
232 
233 	FILE *pipefd = setup(fds, auclass);
234 	ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
235 	check_audit(fds, adregex, pipefd);
236 }
237 
238 ATF_TC_CLEANUP(ntp_adjtime_success, tc)
239 {
240 	cleanup();
241 }
242 
243 
244 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
245 ATF_TC_HEAD(ntp_adjtime_failure, tc)
246 {
247 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
248 					"ntp_adjtime(2) call");
249 }
250 
251 ATF_TC_BODY(ntp_adjtime_failure, tc)
252 {
253 	pid = getpid();
254 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
255 
256 	FILE *pipefd = setup(fds, auclass);
257 	ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
258 	check_audit(fds, adregex, pipefd);
259 }
260 
261 ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
262 {
263 	cleanup();
264 }
265 
266 
267 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
268 ATF_TC_HEAD(nfs_getfh_success, tc)
269 {
270 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
271 					"getfh(2) call");
272 }
273 
274 ATF_TC_BODY(nfs_getfh_success, tc)
275 {
276 	fhandle_t fhp;
277 	pid = getpid();
278 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
279 
280 	/* File needs to exist to call getfh(2) */
281 	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
282 	FILE *pipefd = setup(fds, auclass);
283 	ATF_REQUIRE_EQ(0, getfh(path, &fhp));
284 	check_audit(fds, adregex, pipefd);
285 	close(filedesc);
286 }
287 
288 ATF_TC_CLEANUP(nfs_getfh_success, tc)
289 {
290 	cleanup();
291 }
292 
293 
294 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
295 ATF_TC_HEAD(nfs_getfh_failure, tc)
296 {
297 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
298 					"getfh(2) call");
299 }
300 
301 ATF_TC_BODY(nfs_getfh_failure, tc)
302 {
303 	pid = getpid();
304 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
305 
306 	FILE *pipefd = setup(fds, auclass);
307 	/* Failure reason: file does not exist */
308 	ATF_REQUIRE_EQ(-1, getfh(path, NULL));
309 	check_audit(fds, adregex, pipefd);
310 }
311 
312 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
313 {
314 	cleanup();
315 }
316 
317 
318 ATF_TC_WITH_CLEANUP(auditctl_success);
319 ATF_TC_HEAD(auditctl_success, tc)
320 {
321 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
322 					"auditctl(2) call");
323 }
324 
325 ATF_TC_BODY(auditctl_success, tc)
326 {
327 	/* File needs to exist in order to call auditctl(2) */
328 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
329 	FILE *pipefd = setup(fds, auclass);
330 	ATF_REQUIRE_EQ(0, auditctl(path));
331 	check_audit(fds, successreg, pipefd);
332 	close(filedesc);
333 }
334 
335 ATF_TC_CLEANUP(auditctl_success, tc)
336 {
337 	/*
338 	 * auditctl(2) disables audit log at /var/audit and initiates auditing
339 	 * at the configured path. To reset this, we need to stop and start the
340 	 * auditd(8) again. Here, we check if auditd(8) was running already
341 	 * before the test started. If so, we stop and start it again.
342 	 *
343 	 * TODO: should we skip this test if auditd(8) is already running to
344 	 * avoid restarting it?
345 	 */
346 	if (!atf_utils_file_exists("started_fake_auditd")) {
347 		system("service auditd onestop > /dev/null 2>&1");
348 		system("service auditd onestart > /dev/null 2>&1");
349 	} else {
350 		cleanup();
351 	}
352 }
353 
354 
355 ATF_TC_WITH_CLEANUP(auditctl_failure);
356 ATF_TC_HEAD(auditctl_failure, tc)
357 {
358 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
359 					"auditctl(2) call");
360 }
361 
362 ATF_TC_BODY(auditctl_failure, tc)
363 {
364 	pid = getpid();
365 	snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
366 
367 	FILE *pipefd = setup(fds, auclass);
368 	/* Failure reason: file does not exist */
369 	ATF_REQUIRE_EQ(-1, auditctl(NULL));
370 	check_audit(fds, adregex, pipefd);
371 }
372 
373 ATF_TC_CLEANUP(auditctl_failure, tc)
374 {
375 	cleanup();
376 }
377 
378 
379 ATF_TC_WITH_CLEANUP(acct_success);
380 ATF_TC_HEAD(acct_success, tc)
381 {
382 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
383 					"acct(2) call");
384 	atf_tc_set_md_var(tc, "require.files",
385 	    "/etc/rc.d/accounting /etc/rc.d/auditd");
386 }
387 
388 ATF_TC_BODY(acct_success, tc)
389 {
390 	int acctinfo, filedesc2;
391 	size_t len = sizeof(acctinfo);
392 	const char *acctname = "kern.acct_configured";
393 	ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
394 
395 	/* File needs to exist to start system accounting */
396 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
397 
398 	/*
399 	 * acctinfo = 0: System accounting was disabled
400 	 * acctinfo = 1: System accounting was enabled
401 	 */
402 	if (acctinfo) {
403 		ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
404 		close(filedesc2);
405 	}
406 
407 	pid = getpid();
408 	snprintf(adregex, sizeof(adregex),
409 		"acct.*%s.*%d.*return,success", path, pid);
410 
411 	/*
412 	 * We temporarily switch the accounting record to a file at
413 	 * our own configured path in order to confirm acct(2)'s successful
414 	 * auditing. Then we set everything back to its original state.
415 	 */
416 	FILE *pipefd = setup(fds, auclass);
417 	ATF_REQUIRE_EQ(0, acct(path));
418 	check_audit(fds, adregex, pipefd);
419 	close(filedesc);
420 }
421 
422 ATF_TC_CLEANUP(acct_success, tc)
423 {
424 	/* Reset accounting configured path */
425 	ATF_REQUIRE_EQ(0, system("service accounting onestop"));
426 	if (atf_utils_file_exists("acct_ok")) {
427 		ATF_REQUIRE_EQ(0, system("service accounting onestart"));
428 	}
429 	cleanup();
430 }
431 
432 
433 ATF_TC_WITH_CLEANUP(acct_failure);
434 ATF_TC_HEAD(acct_failure, tc)
435 {
436 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
437 					"acct(2) call");
438 }
439 
440 ATF_TC_BODY(acct_failure, tc)
441 {
442 	pid = getpid();
443 	snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
444 
445 	FILE *pipefd = setup(fds, auclass);
446 	/* Failure reason: File does not exist */
447 	ATF_REQUIRE_EQ(-1, acct(path));
448 	check_audit(fds, adregex, pipefd);
449 }
450 
451 ATF_TC_CLEANUP(acct_failure, tc)
452 {
453 	cleanup();
454 }
455 
456 
457 ATF_TC_WITH_CLEANUP(getauid_success);
458 ATF_TC_HEAD(getauid_success, tc)
459 {
460 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
461 					"getauid(2) call");
462 }
463 
464 ATF_TC_BODY(getauid_success, tc)
465 {
466 	au_id_t auid;
467 	pid = getpid();
468 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
469 
470 	FILE *pipefd = setup(fds, auclass);
471 	ATF_REQUIRE_EQ(0, getauid(&auid));
472 	check_audit(fds, adregex, pipefd);
473 }
474 
475 ATF_TC_CLEANUP(getauid_success, tc)
476 {
477 	cleanup();
478 }
479 
480 
481 ATF_TC_WITH_CLEANUP(getauid_failure);
482 ATF_TC_HEAD(getauid_failure, tc)
483 {
484 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
485 					"getauid(2) call");
486 }
487 
488 ATF_TC_BODY(getauid_failure, tc)
489 {
490 	pid = getpid();
491 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
492 
493 	FILE *pipefd = setup(fds, auclass);
494 	/* Failure reason: Bad address */
495 	ATF_REQUIRE_EQ(-1, getauid(NULL));
496 	check_audit(fds, adregex, pipefd);
497 }
498 
499 ATF_TC_CLEANUP(getauid_failure, tc)
500 {
501 	cleanup();
502 }
503 
504 
505 ATF_TC_WITH_CLEANUP(setauid_success);
506 ATF_TC_HEAD(setauid_success, tc)
507 {
508 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
509 					"setauid(2) call");
510 }
511 
512 ATF_TC_BODY(setauid_success, tc)
513 {
514 	au_id_t auid;
515 	pid = getpid();
516 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
517 	ATF_REQUIRE_EQ(0, getauid(&auid));
518 
519 	FILE *pipefd = setup(fds, auclass);
520 	ATF_REQUIRE_EQ(0, setauid(&auid));
521 	check_audit(fds, adregex, pipefd);
522 }
523 
524 ATF_TC_CLEANUP(setauid_success, tc)
525 {
526 	cleanup();
527 }
528 
529 
530 ATF_TC_WITH_CLEANUP(setauid_failure);
531 ATF_TC_HEAD(setauid_failure, tc)
532 {
533 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
534 					"setauid(2) call");
535 }
536 
537 ATF_TC_BODY(setauid_failure, tc)
538 {
539 	pid = getpid();
540 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
541 
542 	FILE *pipefd = setup(fds, auclass);
543 	/* Failure reason: Bad address */
544 	ATF_REQUIRE_EQ(-1, setauid(NULL));
545 	check_audit(fds, adregex, pipefd);
546 }
547 
548 ATF_TC_CLEANUP(setauid_failure, tc)
549 {
550 	cleanup();
551 }
552 
553 
554 ATF_TC_WITH_CLEANUP(getaudit_success);
555 ATF_TC_HEAD(getaudit_success, tc)
556 {
557 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
558 					"getaudit(2) call");
559 }
560 
561 ATF_TC_BODY(getaudit_success, tc)
562 {
563 	pid = getpid();
564 	auditinfo_t auditinfo;
565 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
566 
567 	FILE *pipefd = setup(fds, auclass);
568 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
569 	check_audit(fds, adregex, pipefd);
570 }
571 
572 ATF_TC_CLEANUP(getaudit_success, tc)
573 {
574 	cleanup();
575 }
576 
577 
578 ATF_TC_WITH_CLEANUP(getaudit_failure);
579 ATF_TC_HEAD(getaudit_failure, tc)
580 {
581 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
582 					"getaudit(2) call");
583 }
584 
585 ATF_TC_BODY(getaudit_failure, tc)
586 {
587 	pid = getpid();
588 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
589 
590 	FILE *pipefd = setup(fds, auclass);
591 	/* Failure reason: Bad address */
592 	ATF_REQUIRE_EQ(-1, getaudit(NULL));
593 	check_audit(fds, adregex, pipefd);
594 }
595 
596 ATF_TC_CLEANUP(getaudit_failure, tc)
597 {
598 	cleanup();
599 }
600 
601 
602 ATF_TC_WITH_CLEANUP(setaudit_success);
603 ATF_TC_HEAD(setaudit_success, tc)
604 {
605 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
606 					"setaudit(2) call");
607 }
608 
609 ATF_TC_BODY(setaudit_success, tc)
610 {
611 	pid = getpid();
612 	auditinfo_t auditinfo;
613 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
614 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
615 
616 	FILE *pipefd = setup(fds, auclass);
617 	ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
618 	check_audit(fds, adregex, pipefd);
619 }
620 
621 ATF_TC_CLEANUP(setaudit_success, tc)
622 {
623 	cleanup();
624 }
625 
626 
627 ATF_TC_WITH_CLEANUP(setaudit_failure);
628 ATF_TC_HEAD(setaudit_failure, tc)
629 {
630 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
631 					"setaudit(2) call");
632 }
633 
634 ATF_TC_BODY(setaudit_failure, tc)
635 {
636 	pid = getpid();
637 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
638 
639 	FILE *pipefd = setup(fds, auclass);
640 	/* Failure reason: Bad address */
641 	ATF_REQUIRE_EQ(-1, setaudit(NULL));
642 	check_audit(fds, adregex, pipefd);
643 }
644 
645 ATF_TC_CLEANUP(setaudit_failure, tc)
646 {
647 	cleanup();
648 }
649 
650 
651 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
652 ATF_TC_HEAD(getaudit_addr_success, tc)
653 {
654 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
655 					"getaudit_addr(2) call");
656 }
657 
658 ATF_TC_BODY(getaudit_addr_success, tc)
659 {
660 	pid = getpid();
661 	auditinfo_addr_t auditinfo;
662 	snprintf(adregex, sizeof(adregex),
663 		"getaudit_addr.*%d.*return,success", pid);
664 
665 	FILE *pipefd = setup(fds, auclass);
666 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
667 	check_audit(fds, adregex, pipefd);
668 }
669 
670 ATF_TC_CLEANUP(getaudit_addr_success, tc)
671 {
672 	cleanup();
673 }
674 
675 
676 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
677 ATF_TC_HEAD(getaudit_addr_failure, tc)
678 {
679 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
680 					"getaudit_addr(2) call");
681 }
682 
683 ATF_TC_BODY(getaudit_addr_failure, tc)
684 {
685 	pid = getpid();
686 	snprintf(adregex, sizeof(adregex),
687 		"getaudit_addr.*%d.*return,failure", pid);
688 
689 	FILE *pipefd = setup(fds, auclass);
690 	/* Failure reason: Bad address */
691 	ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
692 	check_audit(fds, adregex, pipefd);
693 }
694 
695 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
696 {
697 	cleanup();
698 }
699 
700 
701 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
702 ATF_TC_HEAD(setaudit_addr_success, tc)
703 {
704 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
705 					"setaudit_addr(2) call");
706 }
707 
708 ATF_TC_BODY(setaudit_addr_success, tc)
709 {
710 	pid = getpid();
711 	auditinfo_addr_t auditinfo;
712 	snprintf(adregex, sizeof(adregex),
713 		"setaudit_addr.*%d.*return,success", pid);
714 
715 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
716 	FILE *pipefd = setup(fds, auclass);
717 	ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
718 	check_audit(fds, adregex, pipefd);
719 }
720 
721 ATF_TC_CLEANUP(setaudit_addr_success, tc)
722 {
723 	cleanup();
724 }
725 
726 
727 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
728 ATF_TC_HEAD(setaudit_addr_failure, tc)
729 {
730 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
731 					"setaudit_addr(2) call");
732 }
733 
734 ATF_TC_BODY(setaudit_addr_failure, tc)
735 {
736 	pid = getpid();
737 	snprintf(adregex, sizeof(adregex),
738 		"setaudit_addr.*%d.*return,failure", pid);
739 
740 	FILE *pipefd = setup(fds, auclass);
741 	/* Failure reason: Bad address */
742 	ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
743 	check_audit(fds, adregex, pipefd);
744 }
745 
746 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
747 {
748 	cleanup();
749 }
750 
751 /*
752  * Note: The test-case uses A_GETFSIZE as the command argument but since it is
753  * not an independent audit event, it will be used to check the default mode
754  * auditing of auditon(2) system call.
755  *
756  * Please See: sys/security/audit/audit_bsm_klib.c
757  * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
758  */
759 ATF_TC_WITH_CLEANUP(auditon_default_success);
760 ATF_TC_HEAD(auditon_default_success, tc)
761 {
762 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
763 					"auditon(2) call");
764 }
765 
766 ATF_TC_BODY(auditon_default_success, tc)
767 {
768 	au_fstat_t fsize_arg;
769 	bzero(&fsize_arg, sizeof(au_fstat_t));
770 
771 	pid = getpid();
772 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
773 
774 	FILE *pipefd = setup(fds, auclass);
775 	ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
776 	check_audit(fds, adregex, pipefd);
777 }
778 
779 ATF_TC_CLEANUP(auditon_default_success, tc)
780 {
781 	cleanup();
782 }
783 
784 
785 ATF_TC_WITH_CLEANUP(auditon_default_failure);
786 ATF_TC_HEAD(auditon_default_failure, tc)
787 {
788 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
789 					"auditon(2) call");
790 }
791 
792 ATF_TC_BODY(auditon_default_failure, tc)
793 {
794 	pid = getpid();
795 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
796 
797 	FILE *pipefd = setup(fds, auclass);
798 	/* Failure reason: Invalid argument */
799 	ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
800 	check_audit(fds, adregex, pipefd);
801 }
802 
803 ATF_TC_CLEANUP(auditon_default_failure, tc)
804 {
805 	cleanup();
806 }
807 
808 
809 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
810 ATF_TC_HEAD(auditon_getpolicy_success, tc)
811 {
812 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
813 					"auditon(2) call for cmd: A_GETPOLICY");
814 }
815 
816 ATF_TC_BODY(auditon_getpolicy_success, tc)
817 {
818 	int aupolicy;
819 	pid = getpid();
820 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
821 
822 	FILE *pipefd = setup(fds, auclass);
823 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
824 	check_audit(fds, adregex, pipefd);
825 }
826 
827 ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
828 {
829 	cleanup();
830 }
831 
832 
833 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
834 ATF_TC_HEAD(auditon_getpolicy_failure, tc)
835 {
836 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
837 					"auditon(2) call for cmd: A_GETPOLICY");
838 }
839 
840 ATF_TC_BODY(auditon_getpolicy_failure, tc)
841 {
842 	pid = getpid();
843 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
844 
845 	FILE *pipefd = setup(fds, auclass);
846 	/* Failure reason: Invalid argument */
847 	ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
848 	check_audit(fds, adregex, pipefd);
849 }
850 
851 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
852 {
853 	cleanup();
854 }
855 
856 
857 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
858 ATF_TC_HEAD(auditon_setpolicy_success, tc)
859 {
860 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
861 					"auditon(2) call for cmd: A_SETPOLICY");
862 }
863 
864 ATF_TC_BODY(auditon_setpolicy_success, tc)
865 {
866 	int aupolicy;
867 	pid = getpid();
868 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
869 
870 	/* Retrieve the current auditing policy, to be used with A_SETPOLICY */
871 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
872 	FILE *pipefd = setup(fds, auclass);
873 	ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
874 	check_audit(fds, adregex, pipefd);
875 }
876 
877 ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
878 {
879 	cleanup();
880 }
881 
882 
883 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
884 ATF_TC_HEAD(auditon_setpolicy_failure, tc)
885 {
886 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
887 					"auditon(2) call for cmd: A_SETPOLICY");
888 }
889 
890 ATF_TC_BODY(auditon_setpolicy_failure, tc)
891 {
892 	pid = getpid();
893 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
894 
895 	FILE *pipefd = setup(fds, auclass);
896 	/* Failure reason: Invalid argument */
897 	ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
898 	check_audit(fds, adregex, pipefd);
899 }
900 
901 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
902 {
903 	cleanup();
904 }
905 
906 
907 ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
908 ATF_TC_HEAD(auditon_getkmask_success, tc)
909 {
910 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
911 					"auditon(2) call for cmd: A_GETKMASK");
912 }
913 
914 ATF_TC_BODY(auditon_getkmask_success, tc)
915 {
916 	pid = getpid();
917 	au_mask_t evmask;
918 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
919 
920 	bzero(&evmask, sizeof(evmask));
921 	FILE *pipefd = setup(fds, auclass);
922 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
923 	check_audit(fds, adregex, pipefd);
924 }
925 
926 ATF_TC_CLEANUP(auditon_getkmask_success, tc)
927 {
928 	cleanup();
929 }
930 
931 
932 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
933 ATF_TC_HEAD(auditon_getkmask_failure, tc)
934 {
935 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
936 					"auditon(2) call for cmd: A_GETKMASK");
937 }
938 
939 ATF_TC_BODY(auditon_getkmask_failure, tc)
940 {
941 	pid = getpid();
942 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
943 
944 	FILE *pipefd = setup(fds, auclass);
945 	/* Failure reason: Invalid au_mask_t structure */
946 	ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
947 	check_audit(fds, adregex, pipefd);
948 }
949 
950 ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
951 {
952 	cleanup();
953 }
954 
955 
956 ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
957 ATF_TC_HEAD(auditon_setkmask_success, tc)
958 {
959 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
960 					"auditon(2) call for cmd: A_SETKMASK");
961 }
962 
963 ATF_TC_BODY(auditon_setkmask_success, tc)
964 {
965 	pid = getpid();
966 	au_mask_t evmask;
967 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
968 
969 	/* Retrieve the current audit mask to be used with A_SETKMASK */
970 	bzero(&evmask, sizeof(evmask));
971 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
972 
973 	FILE *pipefd = setup(fds, auclass);
974 	ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
975 	check_audit(fds, adregex, pipefd);
976 }
977 
978 ATF_TC_CLEANUP(auditon_setkmask_success, tc)
979 {
980 	cleanup();
981 }
982 
983 
984 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
985 ATF_TC_HEAD(auditon_setkmask_failure, tc)
986 {
987 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
988 					"auditon(2) call for cmd: A_SETKMASK");
989 }
990 
991 ATF_TC_BODY(auditon_setkmask_failure, tc)
992 {
993 	pid = getpid();
994 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
995 
996 	FILE *pipefd = setup(fds, auclass);
997 	/* Failure reason: Invalid au_mask_t structure */
998 	ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
999 	check_audit(fds, adregex, pipefd);
1000 }
1001 
1002 ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
1003 {
1004 	cleanup();
1005 }
1006 
1007 
1008 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
1009 ATF_TC_HEAD(auditon_getqctrl_success, tc)
1010 {
1011 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1012 					"auditon(2) call for cmd: A_GETQCTRL");
1013 }
1014 
1015 ATF_TC_BODY(auditon_getqctrl_success, tc)
1016 {
1017 	pid = getpid();
1018 	au_qctrl_t evqctrl;
1019 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1020 
1021 	bzero(&evqctrl, sizeof(evqctrl));
1022 	FILE *pipefd = setup(fds, auclass);
1023 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1024 	check_audit(fds, adregex, pipefd);
1025 }
1026 
1027 ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1028 {
1029 	cleanup();
1030 }
1031 
1032 
1033 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
1034 ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1035 {
1036 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1037 					"auditon(2) call for cmd: A_GETQCTRL");
1038 }
1039 
1040 ATF_TC_BODY(auditon_getqctrl_failure, tc)
1041 {
1042 	pid = getpid();
1043 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1044 
1045 	FILE *pipefd = setup(fds, auclass);
1046 	/* Failure reason: Invalid au_qctrl_t structure */
1047 	ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1048 	check_audit(fds, adregex, pipefd);
1049 }
1050 
1051 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1052 {
1053 	cleanup();
1054 }
1055 
1056 
1057 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
1058 ATF_TC_HEAD(auditon_setqctrl_success, tc)
1059 {
1060 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1061 					"auditon(2) call for cmd: A_SETKMASK");
1062 }
1063 
1064 ATF_TC_BODY(auditon_setqctrl_success, tc)
1065 {
1066 	pid = getpid();
1067 	au_qctrl_t evqctrl;
1068 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1069 
1070 	/* Retrieve the current audit mask to be used with A_SETQCTRL */
1071 	bzero(&evqctrl, sizeof(evqctrl));
1072 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1073 
1074 	FILE *pipefd = setup(fds, auclass);
1075 	ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1076 	check_audit(fds, adregex, pipefd);
1077 }
1078 
1079 ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1080 {
1081 	cleanup();
1082 }
1083 
1084 
1085 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
1086 ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1087 {
1088 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1089 					"auditon(2) call for cmd: A_SETKMASK");
1090 }
1091 
1092 ATF_TC_BODY(auditon_setqctrl_failure, tc)
1093 {
1094 	pid = getpid();
1095 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1096 
1097 	FILE *pipefd = setup(fds, auclass);
1098 	/* Failure reason: Invalid au_qctrl_t structure */
1099 	ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1100 	check_audit(fds, adregex, pipefd);
1101 }
1102 
1103 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1104 {
1105 	cleanup();
1106 }
1107 
1108 
1109 ATF_TC_WITH_CLEANUP(auditon_getclass_success);
1110 ATF_TC_HEAD(auditon_getclass_success, tc)
1111 {
1112 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1113 					"auditon(2) call for cmd: A_GETCLASS");
1114 }
1115 
1116 ATF_TC_BODY(auditon_getclass_success, tc)
1117 {
1118 	pid = getpid();
1119 	au_evclass_map_t evclass;
1120 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1121 
1122 	/* Initialize evclass to get the event-class mapping for auditon(2) */
1123 	evclass.ec_number = AUE_AUDITON;
1124 	evclass.ec_class = 0;
1125 	FILE *pipefd = setup(fds, auclass);
1126 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1127 	check_audit(fds, adregex, pipefd);
1128 }
1129 
1130 ATF_TC_CLEANUP(auditon_getclass_success, tc)
1131 {
1132 	cleanup();
1133 }
1134 
1135 
1136 ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
1137 ATF_TC_HEAD(auditon_getclass_failure, tc)
1138 {
1139 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1140 					"auditon(2) call for cmd: A_GETCLASS");
1141 }
1142 
1143 ATF_TC_BODY(auditon_getclass_failure, tc)
1144 {
1145 	pid = getpid();
1146 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1147 
1148 	FILE *pipefd = setup(fds, auclass);
1149 	/* Failure reason: Invalid au_evclass_map_t structure */
1150 	ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1151 	check_audit(fds, adregex, pipefd);
1152 }
1153 
1154 ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1155 {
1156 	cleanup();
1157 }
1158 
1159 
1160 ATF_TC_WITH_CLEANUP(auditon_setclass_success);
1161 ATF_TC_HEAD(auditon_setclass_success, tc)
1162 {
1163 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1164 					"auditon(2) call for cmd: A_SETCLASS");
1165 }
1166 
1167 ATF_TC_BODY(auditon_setclass_success, tc)
1168 {
1169 	pid = getpid();
1170 	au_evclass_map_t evclass;
1171 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1172 
1173 	/* Initialize evclass and get the event-class mapping for auditon(2) */
1174 	evclass.ec_number = AUE_AUDITON;
1175 	evclass.ec_class = 0;
1176 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1177 
1178 	FILE *pipefd = setup(fds, auclass);
1179 	ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1180 	check_audit(fds, adregex, pipefd);
1181 }
1182 
1183 ATF_TC_CLEANUP(auditon_setclass_success, tc)
1184 {
1185 	cleanup();
1186 }
1187 
1188 
1189 ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
1190 ATF_TC_HEAD(auditon_setclass_failure, tc)
1191 {
1192 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1193 					"auditon(2) call for cmd: A_SETCLASS");
1194 }
1195 
1196 ATF_TC_BODY(auditon_setclass_failure, tc)
1197 {
1198 	pid = getpid();
1199 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1200 
1201 	FILE *pipefd = setup(fds, auclass);
1202 	/* Failure reason: Invalid au_evclass_map_t structure */
1203 	ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1204 	check_audit(fds, adregex, pipefd);
1205 }
1206 
1207 ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1208 {
1209 	cleanup();
1210 }
1211 
1212 
1213 ATF_TC_WITH_CLEANUP(auditon_getcond_success);
1214 ATF_TC_HEAD(auditon_getcond_success, tc)
1215 {
1216 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1217 					"auditon(2) call for cmd: A_GETCOND");
1218 }
1219 
1220 ATF_TC_BODY(auditon_getcond_success, tc)
1221 {
1222 	int auditcond;
1223 	pid = getpid();
1224 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1225 
1226 	FILE *pipefd = setup(fds, auclass);
1227 	ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1228 	check_audit(fds, adregex, pipefd);
1229 }
1230 
1231 ATF_TC_CLEANUP(auditon_getcond_success, tc)
1232 {
1233 	cleanup();
1234 }
1235 
1236 
1237 ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
1238 ATF_TC_HEAD(auditon_getcond_failure, tc)
1239 {
1240 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1241 					"auditon(2) call for cmd: A_GETCOND");
1242 }
1243 
1244 ATF_TC_BODY(auditon_getcond_failure, tc)
1245 {
1246 	pid = getpid();
1247 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1248 
1249 	FILE *pipefd = setup(fds, auclass);
1250 	/* Failure reason: Invalid argument */
1251 	ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1252 	check_audit(fds, adregex, pipefd);
1253 }
1254 
1255 ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1256 {
1257 	cleanup();
1258 }
1259 
1260 
1261 ATF_TC_WITH_CLEANUP(auditon_setcond_success);
1262 ATF_TC_HEAD(auditon_setcond_success, tc)
1263 {
1264 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1265 					"auditon(2) call for cmd: A_SETCOND");
1266 }
1267 
1268 ATF_TC_BODY(auditon_setcond_success, tc)
1269 {
1270 	int auditcond = AUC_AUDITING;
1271 	pid = getpid();
1272 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1273 
1274 	FILE *pipefd = setup(fds, auclass);
1275 	/* At this point auditd is running, so the audit state is AUC_AUDITING */
1276 	ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1277 	check_audit(fds, adregex, pipefd);
1278 }
1279 
1280 ATF_TC_CLEANUP(auditon_setcond_success, tc)
1281 {
1282 	cleanup();
1283 }
1284 
1285 
1286 ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
1287 ATF_TC_HEAD(auditon_setcond_failure, tc)
1288 {
1289 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1290 					"auditon(2) call for cmd: A_SETCOND");
1291 }
1292 
1293 ATF_TC_BODY(auditon_setcond_failure, tc)
1294 {
1295 	pid = getpid();
1296 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1297 
1298 	FILE *pipefd = setup(fds, auclass);
1299 	/* Failure reason: Invalid argument */
1300 	ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1301 	check_audit(fds, adregex, pipefd);
1302 }
1303 
1304 ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1305 {
1306 	cleanup();
1307 }
1308 
1309 /*
1310  * Following test-cases for auditon(2) are all in failure mode only as although
1311  * auditable, they have not been implemented and return ENOSYS whenever called.
1312  *
1313  * Commands: A_GETCWD  A_GETCAR  A_GETSTAT  A_SETSTAT  A_SETUMASK  A_SETSMASK
1314  */
1315 
1316 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
1317 ATF_TC_HEAD(auditon_getcwd_failure, tc)
1318 {
1319 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1320 					"auditon(2) call for cmd: A_GETCWD");
1321 }
1322 
1323 ATF_TC_BODY(auditon_getcwd_failure, tc)
1324 {
1325 	pid = getpid();
1326 	snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1327 
1328 	FILE *pipefd = setup(fds, auclass);
1329 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1330 		sizeof(auditon_def)) == -1);
1331 	check_audit(fds, adregex, pipefd);
1332 }
1333 
1334 ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1335 {
1336 	cleanup();
1337 }
1338 
1339 
1340 ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
1341 ATF_TC_HEAD(auditon_getcar_failure, tc)
1342 {
1343 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1344 					"auditon(2) call for cmd: A_GETCAR");
1345 }
1346 
1347 ATF_TC_BODY(auditon_getcar_failure, tc)
1348 {
1349 	pid = getpid();
1350 	snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1351 
1352 	FILE *pipefd = setup(fds, auclass);
1353 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1354 		sizeof(auditon_def)) == -1);
1355 	check_audit(fds, adregex, pipefd);
1356 }
1357 
1358 ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1359 {
1360 	cleanup();
1361 }
1362 
1363 
1364 ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
1365 ATF_TC_HEAD(auditon_getstat_failure, tc)
1366 {
1367 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1368 					"auditon(2) call for cmd: A_GETSTAT");
1369 }
1370 
1371 ATF_TC_BODY(auditon_getstat_failure, tc)
1372 {
1373 	pid = getpid();
1374 	snprintf(adregex, sizeof(adregex),
1375 		"get audit statistics.*%d.*return,failure", pid);
1376 
1377 	FILE *pipefd = setup(fds, auclass);
1378 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1379 		sizeof(auditon_def)) == -1);
1380 	check_audit(fds, adregex, pipefd);
1381 }
1382 
1383 ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1384 {
1385 	cleanup();
1386 }
1387 
1388 
1389 ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
1390 ATF_TC_HEAD(auditon_setstat_failure, tc)
1391 {
1392 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1393 					"auditon(2) call for cmd: A_SETSTAT");
1394 }
1395 
1396 ATF_TC_BODY(auditon_setstat_failure, tc)
1397 {
1398 	pid = getpid();
1399 	snprintf(adregex, sizeof(adregex),
1400 		"set audit statistics.*%d.*return,failure", pid);
1401 
1402 	FILE *pipefd = setup(fds, auclass);
1403 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1404 		sizeof(auditon_def)) == -1);
1405 	check_audit(fds, adregex, pipefd);
1406 }
1407 
1408 ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1409 {
1410 	cleanup();
1411 }
1412 
1413 
1414 ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
1415 ATF_TC_HEAD(auditon_setumask_failure, tc)
1416 {
1417 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1418 					"auditon(2) call for cmd: A_SETUMASK");
1419 }
1420 
1421 ATF_TC_BODY(auditon_setumask_failure, tc)
1422 {
1423 	pid = getpid();
1424 	snprintf(adregex, sizeof(adregex),
1425 		"set mask per uid.*%d.*return,failure", pid);
1426 
1427 	FILE *pipefd = setup(fds, auclass);
1428 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1429 		sizeof(auditon_def)) == -1);
1430 	check_audit(fds, adregex, pipefd);
1431 }
1432 
1433 ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1434 {
1435 	cleanup();
1436 }
1437 
1438 
1439 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
1440 ATF_TC_HEAD(auditon_setsmask_failure, tc)
1441 {
1442 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1443 					"auditon(2) call for cmd: A_SETSMASK");
1444 }
1445 
1446 ATF_TC_BODY(auditon_setsmask_failure, tc)
1447 {
1448 	pid = getpid();
1449 	snprintf(adregex, sizeof(adregex),
1450 		"set mask per session.*%d.*return,failure", pid);
1451 
1452 	FILE *pipefd = setup(fds, auclass);
1453 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1454 		sizeof(auditon_def)) == -1);
1455 	check_audit(fds, adregex, pipefd);
1456 }
1457 
1458 ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1459 {
1460 	cleanup();
1461 }
1462 
1463 
1464 /*
1465  * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1466  * to reboot the system while running the tests
1467  */
1468 
1469 
1470 ATF_TC_WITH_CLEANUP(reboot_failure);
1471 ATF_TC_HEAD(reboot_failure, tc)
1472 {
1473 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1474 					"reboot(2) call");
1475 }
1476 
1477 ATF_TC_BODY(reboot_failure, tc)
1478 {
1479 	pid = getpid();
1480 	snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1481 
1482 	FILE *pipefd = setup(fds, auclass);
1483 	ATF_REQUIRE_EQ(-1, reboot(-1));
1484 	check_audit(fds, adregex, pipefd);
1485 }
1486 
1487 ATF_TC_CLEANUP(reboot_failure, tc)
1488 {
1489 	cleanup();
1490 }
1491 
1492 
1493 /*
1494  * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1495  * to tamper with filesystem quotas
1496  */
1497 
1498 
1499 ATF_TC_WITH_CLEANUP(quotactl_failure);
1500 ATF_TC_HEAD(quotactl_failure, tc)
1501 {
1502 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1503 					"quotactl(2) call");
1504 }
1505 
1506 ATF_TC_BODY(quotactl_failure, tc)
1507 {
1508 	pid = getpid();
1509 	snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1510 
1511 	FILE *pipefd = setup(fds, auclass);
1512 	ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1513 	check_audit(fds, adregex, pipefd);
1514 }
1515 
1516 ATF_TC_CLEANUP(quotactl_failure, tc)
1517 {
1518 	cleanup();
1519 }
1520 
1521 
1522 ATF_TC_WITH_CLEANUP(mount_failure);
1523 ATF_TC_HEAD(mount_failure, tc)
1524 {
1525 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1526 					"mount(2) call");
1527 }
1528 
1529 ATF_TC_BODY(mount_failure, tc)
1530 {
1531 	pid = getpid();
1532 	snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1533 
1534 	FILE *pipefd = setup(fds, auclass);
1535 	ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1536 	check_audit(fds, adregex, pipefd);
1537 }
1538 
1539 ATF_TC_CLEANUP(mount_failure, tc)
1540 {
1541 	cleanup();
1542 }
1543 
1544 
1545 ATF_TC_WITH_CLEANUP(nmount_failure);
1546 ATF_TC_HEAD(nmount_failure, tc)
1547 {
1548 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1549 					"nmount(2) call");
1550 }
1551 
1552 ATF_TC_BODY(nmount_failure, tc)
1553 {
1554 	pid = getpid();
1555 	snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1556 
1557 	FILE *pipefd = setup(fds, auclass);
1558 	ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1559 	check_audit(fds, adregex, pipefd);
1560 }
1561 
1562 ATF_TC_CLEANUP(nmount_failure, tc)
1563 {
1564 	cleanup();
1565 }
1566 
1567 
1568 ATF_TC_WITH_CLEANUP(swapon_failure);
1569 ATF_TC_HEAD(swapon_failure, tc)
1570 {
1571 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1572 					"swapon(2) call");
1573 }
1574 
1575 ATF_TC_BODY(swapon_failure, tc)
1576 {
1577 	pid = getpid();
1578 	snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1579 
1580 	FILE *pipefd = setup(fds, auclass);
1581 	/* Failure reason: Block device required */
1582 	ATF_REQUIRE_EQ(-1, swapon(path));
1583 	check_audit(fds, adregex, pipefd);
1584 }
1585 
1586 ATF_TC_CLEANUP(swapon_failure, tc)
1587 {
1588 	cleanup();
1589 }
1590 
1591 
1592 ATF_TC_WITH_CLEANUP(swapoff_failure);
1593 ATF_TC_HEAD(swapoff_failure, tc)
1594 {
1595 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1596 					"swapoff(2) call");
1597 }
1598 
1599 ATF_TC_BODY(swapoff_failure, tc)
1600 {
1601 	pid = getpid();
1602 	snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1603 
1604 	FILE *pipefd = setup(fds, auclass);
1605 	/* Failure reason: Block device required */
1606 	ATF_REQUIRE_EQ(-1, swapoff(path, 0));
1607 	check_audit(fds, adregex, pipefd);
1608 }
1609 
1610 ATF_TC_CLEANUP(swapoff_failure, tc)
1611 {
1612 	cleanup();
1613 }
1614 
1615 
1616 ATF_TP_ADD_TCS(tp)
1617 {
1618 	ATF_TP_ADD_TC(tp, settimeofday_success);
1619 	ATF_TP_ADD_TC(tp, settimeofday_failure);
1620 	ATF_TP_ADD_TC(tp, clock_settime_success);
1621 	ATF_TP_ADD_TC(tp, clock_settime_failure);
1622 	ATF_TP_ADD_TC(tp, adjtime_success);
1623 	ATF_TP_ADD_TC(tp, adjtime_failure);
1624 	ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1625 	ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1626 
1627 	ATF_TP_ADD_TC(tp, nfs_getfh_success);
1628 	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1629 	ATF_TP_ADD_TC(tp, acct_success);
1630 	ATF_TP_ADD_TC(tp, acct_failure);
1631 	ATF_TP_ADD_TC(tp, auditctl_success);
1632 	ATF_TP_ADD_TC(tp, auditctl_failure);
1633 
1634 	ATF_TP_ADD_TC(tp, getauid_success);
1635 	ATF_TP_ADD_TC(tp, getauid_failure);
1636 	ATF_TP_ADD_TC(tp, setauid_success);
1637 	ATF_TP_ADD_TC(tp, setauid_failure);
1638 
1639 	ATF_TP_ADD_TC(tp, getaudit_success);
1640 	ATF_TP_ADD_TC(tp, getaudit_failure);
1641 	ATF_TP_ADD_TC(tp, setaudit_success);
1642 	ATF_TP_ADD_TC(tp, setaudit_failure);
1643 
1644 	ATF_TP_ADD_TC(tp, getaudit_addr_success);
1645 	ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1646 	ATF_TP_ADD_TC(tp, setaudit_addr_success);
1647 	ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1648 
1649 	ATF_TP_ADD_TC(tp, auditon_default_success);
1650 	ATF_TP_ADD_TC(tp, auditon_default_failure);
1651 
1652 	ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1653 	ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1654 	ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1655 	ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1656 
1657 	ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1658 	ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1659 	ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1660 	ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1661 
1662 	ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1663 	ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1664 	ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1665 	ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1666 
1667 	ATF_TP_ADD_TC(tp, auditon_getclass_success);
1668 	ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1669 	ATF_TP_ADD_TC(tp, auditon_setclass_success);
1670 	ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1671 
1672 	ATF_TP_ADD_TC(tp, auditon_getcond_success);
1673 	ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1674 	ATF_TP_ADD_TC(tp, auditon_setcond_success);
1675 	ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1676 
1677 	ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1678 	ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1679 	ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1680 	ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1681 	ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1682 	ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1683 
1684 	ATF_TP_ADD_TC(tp, reboot_failure);
1685 	ATF_TP_ADD_TC(tp, quotactl_failure);
1686 	ATF_TP_ADD_TC(tp, mount_failure);
1687 	ATF_TP_ADD_TC(tp, nmount_failure);
1688 	ATF_TP_ADD_TC(tp, swapon_failure);
1689 	ATF_TP_ADD_TC(tp, swapoff_failure);
1690 
1691 	return (atf_no_error());
1692 }
1693