1 /*- 2 * Copyright (c) 2018 Aniket Pandey 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/mount.h> 30 #include <sys/reboot.h> 31 #include <sys/stat.h> 32 #include <sys/sysctl.h> 33 #include <sys/time.h> 34 #include <sys/timespec.h> 35 #include <sys/timex.h> 36 37 #include <bsm/audit.h> 38 #include <bsm/audit_kevents.h> 39 #include <ufs/ufs/quota.h> 40 41 #include <atf-c.h> 42 #include <errno.h> 43 #include <fcntl.h> 44 #include <stdlib.h> 45 #include <time.h> 46 #include <unistd.h> 47 48 #include "utils.h" 49 50 static pid_t pid; 51 static int filedesc; 52 /* Default argument for handling ENOSYS in auditon(2) functions */ 53 static int auditon_def = 0; 54 static mode_t mode = 0777; 55 static struct pollfd fds[1]; 56 static char adregex[80]; 57 static const char *auclass = "ad"; 58 static const char *path = "fileforaudit"; 59 static const char *successreg = "fileforaudit.*return,success"; 60 61 62 ATF_TC_WITH_CLEANUP(settimeofday_success); 63 ATF_TC_HEAD(settimeofday_success, tc) 64 { 65 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 66 "settimeofday(2) call"); 67 } 68 69 ATF_TC_BODY(settimeofday_success, tc) 70 { 71 pid = getpid(); 72 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid); 73 74 struct timeval tp; 75 struct timezone tzp; 76 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp)); 77 78 FILE *pipefd = setup(fds, auclass); 79 /* Setting the same time as obtained by gettimeofday(2) */ 80 ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp)); 81 check_audit(fds, adregex, pipefd); 82 } 83 84 ATF_TC_CLEANUP(settimeofday_success, tc) 85 { 86 cleanup(); 87 } 88 89 90 ATF_TC_WITH_CLEANUP(settimeofday_failure); 91 ATF_TC_HEAD(settimeofday_failure, tc) 92 { 93 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 94 "settimeofday(2) call"); 95 } 96 97 ATF_TC_BODY(settimeofday_failure, tc) 98 { 99 pid = getpid(); 100 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid); 101 102 struct timeval tp; 103 struct timezone tzp; 104 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp)); 105 106 FILE *pipefd = setup(fds, auclass); 107 tp.tv_sec = -1; 108 /* Failure reason: Invalid value for tp.tv_sec; */ 109 ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp)); 110 check_audit(fds, adregex, pipefd); 111 } 112 113 ATF_TC_CLEANUP(settimeofday_failure, tc) 114 { 115 cleanup(); 116 } 117 118 119 ATF_TC_WITH_CLEANUP(clock_settime_success); 120 ATF_TC_HEAD(clock_settime_success, tc) 121 { 122 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 123 "clock_settime(2) call"); 124 } 125 126 ATF_TC_BODY(clock_settime_success, tc) 127 { 128 pid = getpid(); 129 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid); 130 131 struct timespec tp; 132 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp)); 133 134 FILE *pipefd = setup(fds, auclass); 135 /* Setting the same time as obtained by clock_gettime(2) */ 136 ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp)); 137 check_audit(fds, adregex, pipefd); 138 } 139 140 ATF_TC_CLEANUP(clock_settime_success, tc) 141 { 142 cleanup(); 143 } 144 145 146 ATF_TC_WITH_CLEANUP(clock_settime_failure); 147 ATF_TC_HEAD(clock_settime_failure, tc) 148 { 149 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 150 "clock_settime(2) call"); 151 } 152 153 ATF_TC_BODY(clock_settime_failure, tc) 154 { 155 pid = getpid(); 156 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid); 157 158 struct timespec tp; 159 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp)); 160 161 FILE *pipefd = setup(fds, auclass); 162 /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */ 163 ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp)); 164 check_audit(fds, adregex, pipefd); 165 } 166 167 ATF_TC_CLEANUP(clock_settime_failure, tc) 168 { 169 cleanup(); 170 } 171 172 173 ATF_TC_WITH_CLEANUP(adjtime_success); 174 ATF_TC_HEAD(adjtime_success, tc) 175 { 176 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 177 "adjtime(2) call"); 178 } 179 180 ATF_TC_BODY(adjtime_success, tc) 181 { 182 pid = getpid(); 183 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid); 184 185 FILE *pipefd = setup(fds, auclass); 186 /* We don't want to change the system time, hence NULL */ 187 ATF_REQUIRE_EQ(0, adjtime(NULL, NULL)); 188 check_audit(fds, adregex, pipefd); 189 } 190 191 ATF_TC_CLEANUP(adjtime_success, tc) 192 { 193 cleanup(); 194 } 195 196 197 ATF_TC_WITH_CLEANUP(adjtime_failure); 198 ATF_TC_HEAD(adjtime_failure, tc) 199 { 200 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 201 "adjtime(2) call"); 202 } 203 204 ATF_TC_BODY(adjtime_failure, tc) 205 { 206 pid = getpid(); 207 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid); 208 209 FILE *pipefd = setup(fds, auclass); 210 ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL)); 211 check_audit(fds, adregex, pipefd); 212 } 213 214 ATF_TC_CLEANUP(adjtime_failure, tc) 215 { 216 cleanup(); 217 } 218 219 220 ATF_TC_WITH_CLEANUP(ntp_adjtime_success); 221 ATF_TC_HEAD(ntp_adjtime_success, tc) 222 { 223 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 224 "ntp_adjtime(2) call"); 225 } 226 227 ATF_TC_BODY(ntp_adjtime_success, tc) 228 { 229 struct timex timebuff; 230 bzero(&timebuff, sizeof(timebuff)); 231 232 pid = getpid(); 233 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid); 234 235 FILE *pipefd = setup(fds, auclass); 236 ATF_REQUIRE(ntp_adjtime(&timebuff) != -1); 237 check_audit(fds, adregex, pipefd); 238 } 239 240 ATF_TC_CLEANUP(ntp_adjtime_success, tc) 241 { 242 cleanup(); 243 } 244 245 246 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure); 247 ATF_TC_HEAD(ntp_adjtime_failure, tc) 248 { 249 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 250 "ntp_adjtime(2) call"); 251 } 252 253 ATF_TC_BODY(ntp_adjtime_failure, tc) 254 { 255 pid = getpid(); 256 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid); 257 258 FILE *pipefd = setup(fds, auclass); 259 ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL)); 260 check_audit(fds, adregex, pipefd); 261 } 262 263 ATF_TC_CLEANUP(ntp_adjtime_failure, tc) 264 { 265 cleanup(); 266 } 267 268 269 ATF_TC_WITH_CLEANUP(nfs_getfh_success); 270 ATF_TC_HEAD(nfs_getfh_success, tc) 271 { 272 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 273 "getfh(2) call"); 274 } 275 276 ATF_TC_BODY(nfs_getfh_success, tc) 277 { 278 fhandle_t fhp; 279 pid = getpid(); 280 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid); 281 282 /* File needs to exist to call getfh(2) */ 283 ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); 284 FILE *pipefd = setup(fds, auclass); 285 ATF_REQUIRE_EQ(0, getfh(path, &fhp)); 286 check_audit(fds, adregex, pipefd); 287 close(filedesc); 288 } 289 290 ATF_TC_CLEANUP(nfs_getfh_success, tc) 291 { 292 cleanup(); 293 } 294 295 296 ATF_TC_WITH_CLEANUP(nfs_getfh_failure); 297 ATF_TC_HEAD(nfs_getfh_failure, tc) 298 { 299 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 300 "getfh(2) call"); 301 } 302 303 ATF_TC_BODY(nfs_getfh_failure, tc) 304 { 305 pid = getpid(); 306 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid); 307 308 FILE *pipefd = setup(fds, auclass); 309 /* Failure reason: file does not exist */ 310 ATF_REQUIRE_EQ(-1, getfh(path, NULL)); 311 check_audit(fds, adregex, pipefd); 312 } 313 314 ATF_TC_CLEANUP(nfs_getfh_failure, tc) 315 { 316 cleanup(); 317 } 318 319 320 ATF_TC_WITH_CLEANUP(auditctl_success); 321 ATF_TC_HEAD(auditctl_success, tc) 322 { 323 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 324 "auditctl(2) call"); 325 } 326 327 ATF_TC_BODY(auditctl_success, tc) 328 { 329 /* File needs to exist in order to call auditctl(2) */ 330 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1); 331 FILE *pipefd = setup(fds, auclass); 332 ATF_REQUIRE_EQ(0, auditctl(path)); 333 check_audit(fds, successreg, pipefd); 334 close(filedesc); 335 } 336 337 ATF_TC_CLEANUP(auditctl_success, tc) 338 { 339 /* 340 * auditctl(2) disables audit log at /var/audit and initiates auditing 341 * at the configured path. To reset this, we need to stop and start the 342 * auditd(8) again. Here, we check if auditd(8) was running already 343 * before the test started. If so, we stop and start it again. 344 */ 345 system("service auditd onestop > /dev/null 2>&1"); 346 if (!atf_utils_file_exists("started_auditd")) 347 system("service auditd onestart > /dev/null 2>&1"); 348 } 349 350 351 ATF_TC_WITH_CLEANUP(auditctl_failure); 352 ATF_TC_HEAD(auditctl_failure, tc) 353 { 354 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 355 "auditctl(2) call"); 356 } 357 358 ATF_TC_BODY(auditctl_failure, tc) 359 { 360 pid = getpid(); 361 snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid); 362 363 FILE *pipefd = setup(fds, auclass); 364 /* Failure reason: file does not exist */ 365 ATF_REQUIRE_EQ(-1, auditctl(NULL)); 366 check_audit(fds, adregex, pipefd); 367 } 368 369 ATF_TC_CLEANUP(auditctl_failure, tc) 370 { 371 cleanup(); 372 } 373 374 375 ATF_TC_WITH_CLEANUP(acct_success); 376 ATF_TC_HEAD(acct_success, tc) 377 { 378 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 379 "acct(2) call"); 380 } 381 382 ATF_TC_BODY(acct_success, tc) 383 { 384 int acctinfo, filedesc2; 385 size_t len = sizeof(acctinfo); 386 const char *acctname = "kern.acct_configured"; 387 ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0)); 388 389 /* File needs to exist to start system accounting */ 390 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); 391 392 /* 393 * acctinfo = 0: System accounting was disabled 394 * acctinfo = 1: System accounting was enabled 395 */ 396 if (acctinfo) { 397 ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1); 398 close(filedesc2); 399 } 400 401 pid = getpid(); 402 snprintf(adregex, sizeof(adregex), 403 "acct.*%s.*%d.*return,success", path, pid); 404 405 /* 406 * We temporarily switch the accounting record to a file at 407 * our own configured path in order to confirm acct(2)'s successful 408 * auditing. Then we set everything back to its original state. 409 */ 410 FILE *pipefd = setup(fds, auclass); 411 ATF_REQUIRE_EQ(0, acct(path)); 412 check_audit(fds, adregex, pipefd); 413 close(filedesc); 414 } 415 416 ATF_TC_CLEANUP(acct_success, tc) 417 { 418 /* Reset accounting configured path */ 419 ATF_REQUIRE_EQ(0, system("service accounting onestop")); 420 if (atf_utils_file_exists("acct_ok")) { 421 ATF_REQUIRE_EQ(0, system("service accounting onestart")); 422 } 423 cleanup(); 424 } 425 426 427 ATF_TC_WITH_CLEANUP(acct_failure); 428 ATF_TC_HEAD(acct_failure, tc) 429 { 430 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 431 "acct(2) call"); 432 } 433 434 ATF_TC_BODY(acct_failure, tc) 435 { 436 pid = getpid(); 437 snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid); 438 439 FILE *pipefd = setup(fds, auclass); 440 /* Failure reason: File does not exist */ 441 ATF_REQUIRE_EQ(-1, acct(path)); 442 check_audit(fds, adregex, pipefd); 443 } 444 445 ATF_TC_CLEANUP(acct_failure, tc) 446 { 447 cleanup(); 448 } 449 450 451 ATF_TC_WITH_CLEANUP(getauid_success); 452 ATF_TC_HEAD(getauid_success, tc) 453 { 454 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 455 "getauid(2) call"); 456 } 457 458 ATF_TC_BODY(getauid_success, tc) 459 { 460 au_id_t auid; 461 pid = getpid(); 462 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid); 463 464 FILE *pipefd = setup(fds, auclass); 465 ATF_REQUIRE_EQ(0, getauid(&auid)); 466 check_audit(fds, adregex, pipefd); 467 } 468 469 ATF_TC_CLEANUP(getauid_success, tc) 470 { 471 cleanup(); 472 } 473 474 475 ATF_TC_WITH_CLEANUP(getauid_failure); 476 ATF_TC_HEAD(getauid_failure, tc) 477 { 478 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 479 "getauid(2) call"); 480 } 481 482 ATF_TC_BODY(getauid_failure, tc) 483 { 484 pid = getpid(); 485 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid); 486 487 FILE *pipefd = setup(fds, auclass); 488 /* Failure reason: Bad address */ 489 ATF_REQUIRE_EQ(-1, getauid(NULL)); 490 check_audit(fds, adregex, pipefd); 491 } 492 493 ATF_TC_CLEANUP(getauid_failure, tc) 494 { 495 cleanup(); 496 } 497 498 499 ATF_TC_WITH_CLEANUP(setauid_success); 500 ATF_TC_HEAD(setauid_success, tc) 501 { 502 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 503 "setauid(2) call"); 504 } 505 506 ATF_TC_BODY(setauid_success, tc) 507 { 508 au_id_t auid; 509 pid = getpid(); 510 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid); 511 ATF_REQUIRE_EQ(0, getauid(&auid)); 512 513 FILE *pipefd = setup(fds, auclass); 514 ATF_REQUIRE_EQ(0, setauid(&auid)); 515 check_audit(fds, adregex, pipefd); 516 } 517 518 ATF_TC_CLEANUP(setauid_success, tc) 519 { 520 cleanup(); 521 } 522 523 524 ATF_TC_WITH_CLEANUP(setauid_failure); 525 ATF_TC_HEAD(setauid_failure, tc) 526 { 527 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 528 "setauid(2) call"); 529 } 530 531 ATF_TC_BODY(setauid_failure, tc) 532 { 533 pid = getpid(); 534 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid); 535 536 FILE *pipefd = setup(fds, auclass); 537 /* Failure reason: Bad address */ 538 ATF_REQUIRE_EQ(-1, setauid(NULL)); 539 check_audit(fds, adregex, pipefd); 540 } 541 542 ATF_TC_CLEANUP(setauid_failure, tc) 543 { 544 cleanup(); 545 } 546 547 548 ATF_TC_WITH_CLEANUP(getaudit_success); 549 ATF_TC_HEAD(getaudit_success, tc) 550 { 551 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 552 "getaudit(2) call"); 553 } 554 555 ATF_TC_BODY(getaudit_success, tc) 556 { 557 pid = getpid(); 558 auditinfo_t auditinfo; 559 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid); 560 561 FILE *pipefd = setup(fds, auclass); 562 ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); 563 check_audit(fds, adregex, pipefd); 564 } 565 566 ATF_TC_CLEANUP(getaudit_success, tc) 567 { 568 cleanup(); 569 } 570 571 572 ATF_TC_WITH_CLEANUP(getaudit_failure); 573 ATF_TC_HEAD(getaudit_failure, tc) 574 { 575 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 576 "getaudit(2) call"); 577 } 578 579 ATF_TC_BODY(getaudit_failure, tc) 580 { 581 pid = getpid(); 582 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid); 583 584 FILE *pipefd = setup(fds, auclass); 585 /* Failure reason: Bad address */ 586 ATF_REQUIRE_EQ(-1, getaudit(NULL)); 587 check_audit(fds, adregex, pipefd); 588 } 589 590 ATF_TC_CLEANUP(getaudit_failure, tc) 591 { 592 cleanup(); 593 } 594 595 596 ATF_TC_WITH_CLEANUP(setaudit_success); 597 ATF_TC_HEAD(setaudit_success, tc) 598 { 599 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 600 "setaudit(2) call"); 601 } 602 603 ATF_TC_BODY(setaudit_success, tc) 604 { 605 pid = getpid(); 606 auditinfo_t auditinfo; 607 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid); 608 ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); 609 610 FILE *pipefd = setup(fds, auclass); 611 ATF_REQUIRE_EQ(0, setaudit(&auditinfo)); 612 check_audit(fds, adregex, pipefd); 613 } 614 615 ATF_TC_CLEANUP(setaudit_success, tc) 616 { 617 cleanup(); 618 } 619 620 621 ATF_TC_WITH_CLEANUP(setaudit_failure); 622 ATF_TC_HEAD(setaudit_failure, tc) 623 { 624 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 625 "setaudit(2) call"); 626 } 627 628 ATF_TC_BODY(setaudit_failure, tc) 629 { 630 pid = getpid(); 631 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid); 632 633 FILE *pipefd = setup(fds, auclass); 634 /* Failure reason: Bad address */ 635 ATF_REQUIRE_EQ(-1, setaudit(NULL)); 636 check_audit(fds, adregex, pipefd); 637 } 638 639 ATF_TC_CLEANUP(setaudit_failure, tc) 640 { 641 cleanup(); 642 } 643 644 645 ATF_TC_WITH_CLEANUP(getaudit_addr_success); 646 ATF_TC_HEAD(getaudit_addr_success, tc) 647 { 648 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 649 "getaudit_addr(2) call"); 650 } 651 652 ATF_TC_BODY(getaudit_addr_success, tc) 653 { 654 pid = getpid(); 655 auditinfo_addr_t auditinfo; 656 snprintf(adregex, sizeof(adregex), 657 "getaudit_addr.*%d.*return,success", pid); 658 659 FILE *pipefd = setup(fds, auclass); 660 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); 661 check_audit(fds, adregex, pipefd); 662 } 663 664 ATF_TC_CLEANUP(getaudit_addr_success, tc) 665 { 666 cleanup(); 667 } 668 669 670 ATF_TC_WITH_CLEANUP(getaudit_addr_failure); 671 ATF_TC_HEAD(getaudit_addr_failure, tc) 672 { 673 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 674 "getaudit_addr(2) call"); 675 } 676 677 ATF_TC_BODY(getaudit_addr_failure, tc) 678 { 679 pid = getpid(); 680 snprintf(adregex, sizeof(adregex), 681 "getaudit_addr.*%d.*return,failure", pid); 682 683 FILE *pipefd = setup(fds, auclass); 684 /* Failure reason: Bad address */ 685 ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0)); 686 check_audit(fds, adregex, pipefd); 687 } 688 689 ATF_TC_CLEANUP(getaudit_addr_failure, tc) 690 { 691 cleanup(); 692 } 693 694 695 ATF_TC_WITH_CLEANUP(setaudit_addr_success); 696 ATF_TC_HEAD(setaudit_addr_success, tc) 697 { 698 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 699 "setaudit_addr(2) call"); 700 } 701 702 ATF_TC_BODY(setaudit_addr_success, tc) 703 { 704 pid = getpid(); 705 auditinfo_addr_t auditinfo; 706 snprintf(adregex, sizeof(adregex), 707 "setaudit_addr.*%d.*return,success", pid); 708 709 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); 710 FILE *pipefd = setup(fds, auclass); 711 ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo))); 712 check_audit(fds, adregex, pipefd); 713 } 714 715 ATF_TC_CLEANUP(setaudit_addr_success, tc) 716 { 717 cleanup(); 718 } 719 720 721 ATF_TC_WITH_CLEANUP(setaudit_addr_failure); 722 ATF_TC_HEAD(setaudit_addr_failure, tc) 723 { 724 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 725 "setaudit_addr(2) call"); 726 } 727 728 ATF_TC_BODY(setaudit_addr_failure, tc) 729 { 730 pid = getpid(); 731 snprintf(adregex, sizeof(adregex), 732 "setaudit_addr.*%d.*return,failure", pid); 733 734 FILE *pipefd = setup(fds, auclass); 735 /* Failure reason: Bad address */ 736 ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0)); 737 check_audit(fds, adregex, pipefd); 738 } 739 740 ATF_TC_CLEANUP(setaudit_addr_failure, tc) 741 { 742 cleanup(); 743 } 744 745 /* 746 * Note: The test-case uses A_GETFSIZE as the command argument but since it is 747 * not an independent audit event, it will be used to check the default mode 748 * auditing of auditon(2) system call. 749 * 750 * Please See: sys/security/audit/audit_bsm_klib.c 751 * function(): au_event_t auditon_command_event() :: case A_GETFSIZE: 752 */ 753 ATF_TC_WITH_CLEANUP(auditon_default_success); 754 ATF_TC_HEAD(auditon_default_success, tc) 755 { 756 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 757 "auditon(2) call"); 758 } 759 760 ATF_TC_BODY(auditon_default_success, tc) 761 { 762 au_fstat_t fsize_arg; 763 bzero(&fsize_arg, sizeof(au_fstat_t)); 764 765 pid = getpid(); 766 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid); 767 768 FILE *pipefd = setup(fds, auclass); 769 ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg))); 770 check_audit(fds, adregex, pipefd); 771 } 772 773 ATF_TC_CLEANUP(auditon_default_success, tc) 774 { 775 cleanup(); 776 } 777 778 779 ATF_TC_WITH_CLEANUP(auditon_default_failure); 780 ATF_TC_HEAD(auditon_default_failure, tc) 781 { 782 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 783 "auditon(2) call"); 784 } 785 786 ATF_TC_BODY(auditon_default_failure, tc) 787 { 788 pid = getpid(); 789 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid); 790 791 FILE *pipefd = setup(fds, auclass); 792 /* Failure reason: Invalid argument */ 793 ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0)); 794 check_audit(fds, adregex, pipefd); 795 } 796 797 ATF_TC_CLEANUP(auditon_default_failure, tc) 798 { 799 cleanup(); 800 } 801 802 803 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success); 804 ATF_TC_HEAD(auditon_getpolicy_success, tc) 805 { 806 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 807 "auditon(2) call for cmd: A_GETPOLICY"); 808 } 809 810 ATF_TC_BODY(auditon_getpolicy_success, tc) 811 { 812 int aupolicy; 813 pid = getpid(); 814 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid); 815 816 FILE *pipefd = setup(fds, auclass); 817 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); 818 check_audit(fds, adregex, pipefd); 819 } 820 821 ATF_TC_CLEANUP(auditon_getpolicy_success, tc) 822 { 823 cleanup(); 824 } 825 826 827 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure); 828 ATF_TC_HEAD(auditon_getpolicy_failure, tc) 829 { 830 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 831 "auditon(2) call for cmd: A_GETPOLICY"); 832 } 833 834 ATF_TC_BODY(auditon_getpolicy_failure, tc) 835 { 836 pid = getpid(); 837 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid); 838 839 FILE *pipefd = setup(fds, auclass); 840 /* Failure reason: Invalid argument */ 841 ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0)); 842 check_audit(fds, adregex, pipefd); 843 } 844 845 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc) 846 { 847 cleanup(); 848 } 849 850 851 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success); 852 ATF_TC_HEAD(auditon_setpolicy_success, tc) 853 { 854 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 855 "auditon(2) call for cmd: A_SETPOLICY"); 856 } 857 858 ATF_TC_BODY(auditon_setpolicy_success, tc) 859 { 860 int aupolicy; 861 pid = getpid(); 862 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid); 863 864 /* Retrieve the current auditing policy, to be used with A_SETPOLICY */ 865 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy))); 866 FILE *pipefd = setup(fds, auclass); 867 ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy))); 868 check_audit(fds, adregex, pipefd); 869 } 870 871 ATF_TC_CLEANUP(auditon_setpolicy_success, tc) 872 { 873 cleanup(); 874 } 875 876 877 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure); 878 ATF_TC_HEAD(auditon_setpolicy_failure, tc) 879 { 880 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 881 "auditon(2) call for cmd: A_SETPOLICY"); 882 } 883 884 ATF_TC_BODY(auditon_setpolicy_failure, tc) 885 { 886 pid = getpid(); 887 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid); 888 889 FILE *pipefd = setup(fds, auclass); 890 /* Failure reason: Invalid argument */ 891 ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0)); 892 check_audit(fds, adregex, pipefd); 893 } 894 895 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc) 896 { 897 cleanup(); 898 } 899 900 901 ATF_TC_WITH_CLEANUP(auditon_getkmask_success); 902 ATF_TC_HEAD(auditon_getkmask_success, tc) 903 { 904 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 905 "auditon(2) call for cmd: A_GETKMASK"); 906 } 907 908 ATF_TC_BODY(auditon_getkmask_success, tc) 909 { 910 pid = getpid(); 911 au_mask_t evmask; 912 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid); 913 914 bzero(&evmask, sizeof(evmask)); 915 FILE *pipefd = setup(fds, auclass); 916 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); 917 check_audit(fds, adregex, pipefd); 918 } 919 920 ATF_TC_CLEANUP(auditon_getkmask_success, tc) 921 { 922 cleanup(); 923 } 924 925 926 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure); 927 ATF_TC_HEAD(auditon_getkmask_failure, tc) 928 { 929 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 930 "auditon(2) call for cmd: A_GETKMASK"); 931 } 932 933 ATF_TC_BODY(auditon_getkmask_failure, tc) 934 { 935 pid = getpid(); 936 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid); 937 938 FILE *pipefd = setup(fds, auclass); 939 /* Failure reason: Invalid au_mask_t structure */ 940 ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0)); 941 check_audit(fds, adregex, pipefd); 942 } 943 944 ATF_TC_CLEANUP(auditon_getkmask_failure, tc) 945 { 946 cleanup(); 947 } 948 949 950 ATF_TC_WITH_CLEANUP(auditon_setkmask_success); 951 ATF_TC_HEAD(auditon_setkmask_success, tc) 952 { 953 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 954 "auditon(2) call for cmd: A_SETKMASK"); 955 } 956 957 ATF_TC_BODY(auditon_setkmask_success, tc) 958 { 959 pid = getpid(); 960 au_mask_t evmask; 961 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid); 962 963 /* Retrieve the current audit mask to be used with A_SETKMASK */ 964 bzero(&evmask, sizeof(evmask)); 965 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask))); 966 967 FILE *pipefd = setup(fds, auclass); 968 ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask))); 969 check_audit(fds, adregex, pipefd); 970 } 971 972 ATF_TC_CLEANUP(auditon_setkmask_success, tc) 973 { 974 cleanup(); 975 } 976 977 978 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure); 979 ATF_TC_HEAD(auditon_setkmask_failure, tc) 980 { 981 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 982 "auditon(2) call for cmd: A_SETKMASK"); 983 } 984 985 ATF_TC_BODY(auditon_setkmask_failure, tc) 986 { 987 pid = getpid(); 988 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid); 989 990 FILE *pipefd = setup(fds, auclass); 991 /* Failure reason: Invalid au_mask_t structure */ 992 ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0)); 993 check_audit(fds, adregex, pipefd); 994 } 995 996 ATF_TC_CLEANUP(auditon_setkmask_failure, tc) 997 { 998 cleanup(); 999 } 1000 1001 1002 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success); 1003 ATF_TC_HEAD(auditon_getqctrl_success, tc) 1004 { 1005 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1006 "auditon(2) call for cmd: A_GETQCTRL"); 1007 } 1008 1009 ATF_TC_BODY(auditon_getqctrl_success, tc) 1010 { 1011 pid = getpid(); 1012 au_qctrl_t evqctrl; 1013 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid); 1014 1015 bzero(&evqctrl, sizeof(evqctrl)); 1016 FILE *pipefd = setup(fds, auclass); 1017 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); 1018 check_audit(fds, adregex, pipefd); 1019 } 1020 1021 ATF_TC_CLEANUP(auditon_getqctrl_success, tc) 1022 { 1023 cleanup(); 1024 } 1025 1026 1027 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure); 1028 ATF_TC_HEAD(auditon_getqctrl_failure, tc) 1029 { 1030 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1031 "auditon(2) call for cmd: A_GETQCTRL"); 1032 } 1033 1034 ATF_TC_BODY(auditon_getqctrl_failure, tc) 1035 { 1036 pid = getpid(); 1037 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid); 1038 1039 FILE *pipefd = setup(fds, auclass); 1040 /* Failure reason: Invalid au_qctrl_t structure */ 1041 ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0)); 1042 check_audit(fds, adregex, pipefd); 1043 } 1044 1045 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc) 1046 { 1047 cleanup(); 1048 } 1049 1050 1051 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success); 1052 ATF_TC_HEAD(auditon_setqctrl_success, tc) 1053 { 1054 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1055 "auditon(2) call for cmd: A_SETKMASK"); 1056 } 1057 1058 ATF_TC_BODY(auditon_setqctrl_success, tc) 1059 { 1060 pid = getpid(); 1061 au_qctrl_t evqctrl; 1062 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid); 1063 1064 /* Retrieve the current audit mask to be used with A_SETQCTRL */ 1065 bzero(&evqctrl, sizeof(evqctrl)); 1066 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl))); 1067 1068 FILE *pipefd = setup(fds, auclass); 1069 ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl))); 1070 check_audit(fds, adregex, pipefd); 1071 } 1072 1073 ATF_TC_CLEANUP(auditon_setqctrl_success, tc) 1074 { 1075 cleanup(); 1076 } 1077 1078 1079 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure); 1080 ATF_TC_HEAD(auditon_setqctrl_failure, tc) 1081 { 1082 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1083 "auditon(2) call for cmd: A_SETKMASK"); 1084 } 1085 1086 ATF_TC_BODY(auditon_setqctrl_failure, tc) 1087 { 1088 pid = getpid(); 1089 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid); 1090 1091 FILE *pipefd = setup(fds, auclass); 1092 /* Failure reason: Invalid au_qctrl_t structure */ 1093 ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0)); 1094 check_audit(fds, adregex, pipefd); 1095 } 1096 1097 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc) 1098 { 1099 cleanup(); 1100 } 1101 1102 1103 ATF_TC_WITH_CLEANUP(auditon_getclass_success); 1104 ATF_TC_HEAD(auditon_getclass_success, tc) 1105 { 1106 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1107 "auditon(2) call for cmd: A_GETCLASS"); 1108 } 1109 1110 ATF_TC_BODY(auditon_getclass_success, tc) 1111 { 1112 pid = getpid(); 1113 au_evclass_map_t evclass; 1114 snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid); 1115 1116 /* Initialize evclass to get the event-class mapping for auditon(2) */ 1117 evclass.ec_number = AUE_AUDITON; 1118 evclass.ec_class = 0; 1119 FILE *pipefd = setup(fds, auclass); 1120 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); 1121 check_audit(fds, adregex, pipefd); 1122 } 1123 1124 ATF_TC_CLEANUP(auditon_getclass_success, tc) 1125 { 1126 cleanup(); 1127 } 1128 1129 1130 ATF_TC_WITH_CLEANUP(auditon_getclass_failure); 1131 ATF_TC_HEAD(auditon_getclass_failure, tc) 1132 { 1133 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1134 "auditon(2) call for cmd: A_GETCLASS"); 1135 } 1136 1137 ATF_TC_BODY(auditon_getclass_failure, tc) 1138 { 1139 pid = getpid(); 1140 snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid); 1141 1142 FILE *pipefd = setup(fds, auclass); 1143 /* Failure reason: Invalid au_evclass_map_t structure */ 1144 ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0)); 1145 check_audit(fds, adregex, pipefd); 1146 } 1147 1148 ATF_TC_CLEANUP(auditon_getclass_failure, tc) 1149 { 1150 cleanup(); 1151 } 1152 1153 1154 ATF_TC_WITH_CLEANUP(auditon_setclass_success); 1155 ATF_TC_HEAD(auditon_setclass_success, tc) 1156 { 1157 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1158 "auditon(2) call for cmd: A_SETCLASS"); 1159 } 1160 1161 ATF_TC_BODY(auditon_setclass_success, tc) 1162 { 1163 pid = getpid(); 1164 au_evclass_map_t evclass; 1165 snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid); 1166 1167 /* Initialize evclass and get the event-class mapping for auditon(2) */ 1168 evclass.ec_number = AUE_AUDITON; 1169 evclass.ec_class = 0; 1170 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass))); 1171 1172 FILE *pipefd = setup(fds, auclass); 1173 ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass))); 1174 check_audit(fds, adregex, pipefd); 1175 } 1176 1177 ATF_TC_CLEANUP(auditon_setclass_success, tc) 1178 { 1179 cleanup(); 1180 } 1181 1182 1183 ATF_TC_WITH_CLEANUP(auditon_setclass_failure); 1184 ATF_TC_HEAD(auditon_setclass_failure, tc) 1185 { 1186 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1187 "auditon(2) call for cmd: A_SETCLASS"); 1188 } 1189 1190 ATF_TC_BODY(auditon_setclass_failure, tc) 1191 { 1192 pid = getpid(); 1193 snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid); 1194 1195 FILE *pipefd = setup(fds, auclass); 1196 /* Failure reason: Invalid au_evclass_map_t structure */ 1197 ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0)); 1198 check_audit(fds, adregex, pipefd); 1199 } 1200 1201 ATF_TC_CLEANUP(auditon_setclass_failure, tc) 1202 { 1203 cleanup(); 1204 } 1205 1206 1207 ATF_TC_WITH_CLEANUP(auditon_getcond_success); 1208 ATF_TC_HEAD(auditon_getcond_success, tc) 1209 { 1210 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1211 "auditon(2) call for cmd: A_GETCOND"); 1212 } 1213 1214 ATF_TC_BODY(auditon_getcond_success, tc) 1215 { 1216 int auditcond; 1217 pid = getpid(); 1218 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid); 1219 1220 FILE *pipefd = setup(fds, auclass); 1221 ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond))); 1222 check_audit(fds, adregex, pipefd); 1223 } 1224 1225 ATF_TC_CLEANUP(auditon_getcond_success, tc) 1226 { 1227 cleanup(); 1228 } 1229 1230 1231 ATF_TC_WITH_CLEANUP(auditon_getcond_failure); 1232 ATF_TC_HEAD(auditon_getcond_failure, tc) 1233 { 1234 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1235 "auditon(2) call for cmd: A_GETCOND"); 1236 } 1237 1238 ATF_TC_BODY(auditon_getcond_failure, tc) 1239 { 1240 pid = getpid(); 1241 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid); 1242 1243 FILE *pipefd = setup(fds, auclass); 1244 /* Failure reason: Invalid argument */ 1245 ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0)); 1246 check_audit(fds, adregex, pipefd); 1247 } 1248 1249 ATF_TC_CLEANUP(auditon_getcond_failure, tc) 1250 { 1251 cleanup(); 1252 } 1253 1254 1255 ATF_TC_WITH_CLEANUP(auditon_setcond_success); 1256 ATF_TC_HEAD(auditon_setcond_success, tc) 1257 { 1258 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1259 "auditon(2) call for cmd: A_SETCOND"); 1260 } 1261 1262 ATF_TC_BODY(auditon_setcond_success, tc) 1263 { 1264 int auditcond = AUC_AUDITING; 1265 pid = getpid(); 1266 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid); 1267 1268 FILE *pipefd = setup(fds, auclass); 1269 /* At this point auditd is running, so the audit state is AUC_AUDITING */ 1270 ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond))); 1271 check_audit(fds, adregex, pipefd); 1272 } 1273 1274 ATF_TC_CLEANUP(auditon_setcond_success, tc) 1275 { 1276 cleanup(); 1277 } 1278 1279 1280 ATF_TC_WITH_CLEANUP(auditon_setcond_failure); 1281 ATF_TC_HEAD(auditon_setcond_failure, tc) 1282 { 1283 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1284 "auditon(2) call for cmd: A_SETCOND"); 1285 } 1286 1287 ATF_TC_BODY(auditon_setcond_failure, tc) 1288 { 1289 pid = getpid(); 1290 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid); 1291 1292 FILE *pipefd = setup(fds, auclass); 1293 /* Failure reason: Invalid argument */ 1294 ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0)); 1295 check_audit(fds, adregex, pipefd); 1296 } 1297 1298 ATF_TC_CLEANUP(auditon_setcond_failure, tc) 1299 { 1300 cleanup(); 1301 } 1302 1303 /* 1304 * Following test-cases for auditon(2) are all in failure mode only as although 1305 * auditable, they have not been implemented and return ENOSYS whenever called. 1306 * 1307 * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK 1308 */ 1309 1310 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure); 1311 ATF_TC_HEAD(auditon_getcwd_failure, tc) 1312 { 1313 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1314 "auditon(2) call for cmd: A_GETCWD"); 1315 } 1316 1317 ATF_TC_BODY(auditon_getcwd_failure, tc) 1318 { 1319 pid = getpid(); 1320 snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid); 1321 1322 FILE *pipefd = setup(fds, auclass); 1323 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def, 1324 sizeof(auditon_def)) == -1); 1325 check_audit(fds, adregex, pipefd); 1326 } 1327 1328 ATF_TC_CLEANUP(auditon_getcwd_failure, tc) 1329 { 1330 cleanup(); 1331 } 1332 1333 1334 ATF_TC_WITH_CLEANUP(auditon_getcar_failure); 1335 ATF_TC_HEAD(auditon_getcar_failure, tc) 1336 { 1337 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1338 "auditon(2) call for cmd: A_GETCAR"); 1339 } 1340 1341 ATF_TC_BODY(auditon_getcar_failure, tc) 1342 { 1343 pid = getpid(); 1344 snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid); 1345 1346 FILE *pipefd = setup(fds, auclass); 1347 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def, 1348 sizeof(auditon_def)) == -1); 1349 check_audit(fds, adregex, pipefd); 1350 } 1351 1352 ATF_TC_CLEANUP(auditon_getcar_failure, tc) 1353 { 1354 cleanup(); 1355 } 1356 1357 1358 ATF_TC_WITH_CLEANUP(auditon_getstat_failure); 1359 ATF_TC_HEAD(auditon_getstat_failure, tc) 1360 { 1361 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1362 "auditon(2) call for cmd: A_GETSTAT"); 1363 } 1364 1365 ATF_TC_BODY(auditon_getstat_failure, tc) 1366 { 1367 pid = getpid(); 1368 snprintf(adregex, sizeof(adregex), 1369 "get audit statistics.*%d.*return,failure", pid); 1370 1371 FILE *pipefd = setup(fds, auclass); 1372 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def, 1373 sizeof(auditon_def)) == -1); 1374 check_audit(fds, adregex, pipefd); 1375 } 1376 1377 ATF_TC_CLEANUP(auditon_getstat_failure, tc) 1378 { 1379 cleanup(); 1380 } 1381 1382 1383 ATF_TC_WITH_CLEANUP(auditon_setstat_failure); 1384 ATF_TC_HEAD(auditon_setstat_failure, tc) 1385 { 1386 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1387 "auditon(2) call for cmd: A_SETSTAT"); 1388 } 1389 1390 ATF_TC_BODY(auditon_setstat_failure, tc) 1391 { 1392 pid = getpid(); 1393 snprintf(adregex, sizeof(adregex), 1394 "set audit statistics.*%d.*return,failure", pid); 1395 1396 FILE *pipefd = setup(fds, auclass); 1397 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def, 1398 sizeof(auditon_def)) == -1); 1399 check_audit(fds, adregex, pipefd); 1400 } 1401 1402 ATF_TC_CLEANUP(auditon_setstat_failure, tc) 1403 { 1404 cleanup(); 1405 } 1406 1407 1408 ATF_TC_WITH_CLEANUP(auditon_setumask_failure); 1409 ATF_TC_HEAD(auditon_setumask_failure, tc) 1410 { 1411 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1412 "auditon(2) call for cmd: A_SETUMASK"); 1413 } 1414 1415 ATF_TC_BODY(auditon_setumask_failure, tc) 1416 { 1417 pid = getpid(); 1418 snprintf(adregex, sizeof(adregex), 1419 "set mask per uid.*%d.*return,failure", pid); 1420 1421 FILE *pipefd = setup(fds, auclass); 1422 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def, 1423 sizeof(auditon_def)) == -1); 1424 check_audit(fds, adregex, pipefd); 1425 } 1426 1427 ATF_TC_CLEANUP(auditon_setumask_failure, tc) 1428 { 1429 cleanup(); 1430 } 1431 1432 1433 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure); 1434 ATF_TC_HEAD(auditon_setsmask_failure, tc) 1435 { 1436 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1437 "auditon(2) call for cmd: A_SETSMASK"); 1438 } 1439 1440 ATF_TC_BODY(auditon_setsmask_failure, tc) 1441 { 1442 pid = getpid(); 1443 snprintf(adregex, sizeof(adregex), 1444 "set mask per session.*%d.*return,failure", pid); 1445 1446 FILE *pipefd = setup(fds, auclass); 1447 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def, 1448 sizeof(auditon_def)) == -1); 1449 check_audit(fds, adregex, pipefd); 1450 } 1451 1452 ATF_TC_CLEANUP(auditon_setsmask_failure, tc) 1453 { 1454 cleanup(); 1455 } 1456 1457 1458 /* 1459 * Audit of reboot(2) cannot be tested in normal conditions as we don't want 1460 * to reboot the system while running the tests 1461 */ 1462 1463 1464 ATF_TC_WITH_CLEANUP(reboot_failure); 1465 ATF_TC_HEAD(reboot_failure, tc) 1466 { 1467 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1468 "reboot(2) call"); 1469 } 1470 1471 ATF_TC_BODY(reboot_failure, tc) 1472 { 1473 pid = getpid(); 1474 snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid); 1475 1476 FILE *pipefd = setup(fds, auclass); 1477 ATF_REQUIRE_EQ(-1, reboot(-1)); 1478 check_audit(fds, adregex, pipefd); 1479 } 1480 1481 ATF_TC_CLEANUP(reboot_failure, tc) 1482 { 1483 cleanup(); 1484 } 1485 1486 1487 /* 1488 * Audit of quotactl(2) cannot be tested in normal conditions as we don't want 1489 * to tamper with filesystem quotas 1490 */ 1491 1492 1493 ATF_TC_WITH_CLEANUP(quotactl_failure); 1494 ATF_TC_HEAD(quotactl_failure, tc) 1495 { 1496 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1497 "quotactl(2) call"); 1498 } 1499 1500 ATF_TC_BODY(quotactl_failure, tc) 1501 { 1502 pid = getpid(); 1503 snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid); 1504 1505 FILE *pipefd = setup(fds, auclass); 1506 ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL)); 1507 check_audit(fds, adregex, pipefd); 1508 } 1509 1510 ATF_TC_CLEANUP(quotactl_failure, tc) 1511 { 1512 cleanup(); 1513 } 1514 1515 1516 ATF_TC_WITH_CLEANUP(mount_failure); 1517 ATF_TC_HEAD(mount_failure, tc) 1518 { 1519 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1520 "mount(2) call"); 1521 } 1522 1523 ATF_TC_BODY(mount_failure, tc) 1524 { 1525 pid = getpid(); 1526 snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid); 1527 1528 FILE *pipefd = setup(fds, auclass); 1529 ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL)); 1530 check_audit(fds, adregex, pipefd); 1531 } 1532 1533 ATF_TC_CLEANUP(mount_failure, tc) 1534 { 1535 cleanup(); 1536 } 1537 1538 1539 ATF_TC_WITH_CLEANUP(nmount_failure); 1540 ATF_TC_HEAD(nmount_failure, tc) 1541 { 1542 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1543 "nmount(2) call"); 1544 } 1545 1546 ATF_TC_BODY(nmount_failure, tc) 1547 { 1548 pid = getpid(); 1549 snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid); 1550 1551 FILE *pipefd = setup(fds, auclass); 1552 ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0)); 1553 check_audit(fds, adregex, pipefd); 1554 } 1555 1556 ATF_TC_CLEANUP(nmount_failure, tc) 1557 { 1558 cleanup(); 1559 } 1560 1561 1562 ATF_TC_WITH_CLEANUP(swapon_failure); 1563 ATF_TC_HEAD(swapon_failure, tc) 1564 { 1565 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1566 "swapon(2) call"); 1567 } 1568 1569 ATF_TC_BODY(swapon_failure, tc) 1570 { 1571 pid = getpid(); 1572 snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid); 1573 1574 FILE *pipefd = setup(fds, auclass); 1575 /* Failure reason: Block device required */ 1576 ATF_REQUIRE_EQ(-1, swapon(path)); 1577 check_audit(fds, adregex, pipefd); 1578 } 1579 1580 ATF_TC_CLEANUP(swapon_failure, tc) 1581 { 1582 cleanup(); 1583 } 1584 1585 1586 ATF_TC_WITH_CLEANUP(swapoff_failure); 1587 ATF_TC_HEAD(swapoff_failure, tc) 1588 { 1589 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1590 "swapoff(2) call"); 1591 } 1592 1593 ATF_TC_BODY(swapoff_failure, tc) 1594 { 1595 pid = getpid(); 1596 snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid); 1597 1598 FILE *pipefd = setup(fds, auclass); 1599 /* Failure reason: Block device required */ 1600 ATF_REQUIRE_EQ(-1, swapoff(path)); 1601 check_audit(fds, adregex, pipefd); 1602 } 1603 1604 ATF_TC_CLEANUP(swapoff_failure, tc) 1605 { 1606 cleanup(); 1607 } 1608 1609 1610 ATF_TP_ADD_TCS(tp) 1611 { 1612 ATF_TP_ADD_TC(tp, settimeofday_success); 1613 ATF_TP_ADD_TC(tp, settimeofday_failure); 1614 ATF_TP_ADD_TC(tp, clock_settime_success); 1615 ATF_TP_ADD_TC(tp, clock_settime_failure); 1616 ATF_TP_ADD_TC(tp, adjtime_success); 1617 ATF_TP_ADD_TC(tp, adjtime_failure); 1618 ATF_TP_ADD_TC(tp, ntp_adjtime_success); 1619 ATF_TP_ADD_TC(tp, ntp_adjtime_failure); 1620 1621 ATF_TP_ADD_TC(tp, nfs_getfh_success); 1622 ATF_TP_ADD_TC(tp, nfs_getfh_failure); 1623 ATF_TP_ADD_TC(tp, acct_success); 1624 ATF_TP_ADD_TC(tp, acct_failure); 1625 ATF_TP_ADD_TC(tp, auditctl_success); 1626 ATF_TP_ADD_TC(tp, auditctl_failure); 1627 1628 ATF_TP_ADD_TC(tp, getauid_success); 1629 ATF_TP_ADD_TC(tp, getauid_failure); 1630 ATF_TP_ADD_TC(tp, setauid_success); 1631 ATF_TP_ADD_TC(tp, setauid_failure); 1632 1633 ATF_TP_ADD_TC(tp, getaudit_success); 1634 ATF_TP_ADD_TC(tp, getaudit_failure); 1635 ATF_TP_ADD_TC(tp, setaudit_success); 1636 ATF_TP_ADD_TC(tp, setaudit_failure); 1637 1638 ATF_TP_ADD_TC(tp, getaudit_addr_success); 1639 ATF_TP_ADD_TC(tp, getaudit_addr_failure); 1640 ATF_TP_ADD_TC(tp, setaudit_addr_success); 1641 ATF_TP_ADD_TC(tp, setaudit_addr_failure); 1642 1643 ATF_TP_ADD_TC(tp, auditon_default_success); 1644 ATF_TP_ADD_TC(tp, auditon_default_failure); 1645 1646 ATF_TP_ADD_TC(tp, auditon_getpolicy_success); 1647 ATF_TP_ADD_TC(tp, auditon_getpolicy_failure); 1648 ATF_TP_ADD_TC(tp, auditon_setpolicy_success); 1649 ATF_TP_ADD_TC(tp, auditon_setpolicy_failure); 1650 1651 ATF_TP_ADD_TC(tp, auditon_getkmask_success); 1652 ATF_TP_ADD_TC(tp, auditon_getkmask_failure); 1653 ATF_TP_ADD_TC(tp, auditon_setkmask_success); 1654 ATF_TP_ADD_TC(tp, auditon_setkmask_failure); 1655 1656 ATF_TP_ADD_TC(tp, auditon_getqctrl_success); 1657 ATF_TP_ADD_TC(tp, auditon_getqctrl_failure); 1658 ATF_TP_ADD_TC(tp, auditon_setqctrl_success); 1659 ATF_TP_ADD_TC(tp, auditon_setqctrl_failure); 1660 1661 ATF_TP_ADD_TC(tp, auditon_getclass_success); 1662 ATF_TP_ADD_TC(tp, auditon_getclass_failure); 1663 ATF_TP_ADD_TC(tp, auditon_setclass_success); 1664 ATF_TP_ADD_TC(tp, auditon_setclass_failure); 1665 1666 ATF_TP_ADD_TC(tp, auditon_getcond_success); 1667 ATF_TP_ADD_TC(tp, auditon_getcond_failure); 1668 ATF_TP_ADD_TC(tp, auditon_setcond_success); 1669 ATF_TP_ADD_TC(tp, auditon_setcond_failure); 1670 1671 ATF_TP_ADD_TC(tp, auditon_getcwd_failure); 1672 ATF_TP_ADD_TC(tp, auditon_getcar_failure); 1673 ATF_TP_ADD_TC(tp, auditon_getstat_failure); 1674 ATF_TP_ADD_TC(tp, auditon_setstat_failure); 1675 ATF_TP_ADD_TC(tp, auditon_setumask_failure); 1676 ATF_TP_ADD_TC(tp, auditon_setsmask_failure); 1677 1678 ATF_TP_ADD_TC(tp, reboot_failure); 1679 ATF_TP_ADD_TC(tp, quotactl_failure); 1680 ATF_TP_ADD_TC(tp, mount_failure); 1681 ATF_TP_ADD_TC(tp, nmount_failure); 1682 ATF_TP_ADD_TC(tp, swapon_failure); 1683 ATF_TP_ADD_TC(tp, swapoff_failure); 1684 1685 return (atf_no_error()); 1686 } 1687