xref: /freebsd/tests/sys/audit/administrative.c (revision f1951fd745b894fe6586c298874af98544a5e272)
1 /*-
2  * Copyright (c) 2018 Aniket Pandey
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * SUCH DAMAGE.
24  *
25  * $FreeBSD$
26  */
27 
28 #include <sys/param.h>
29 #include <sys/mount.h>
30 #include <sys/reboot.h>
31 #include <sys/stat.h>
32 #include <sys/sysctl.h>
33 #include <sys/time.h>
34 #include <sys/timespec.h>
35 #include <sys/timex.h>
36 
37 #include <bsm/audit.h>
38 #include <bsm/audit_kevents.h>
39 #include <ufs/ufs/quota.h>
40 
41 #include <atf-c.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <stdlib.h>
45 #include <time.h>
46 #include <unistd.h>
47 
48 #include "utils.h"
49 
50 static pid_t pid;
51 static int filedesc;
52 /* Default argument for handling ENOSYS in auditon(2) functions */
53 static int auditon_def = 0;
54 static mode_t mode = 0777;
55 static struct pollfd fds[1];
56 static char adregex[80];
57 static const char *auclass = "ad";
58 static const char *path = "fileforaudit";
59 static const char *successreg = "fileforaudit.*return,success";
60 
61 
62 ATF_TC_WITH_CLEANUP(settimeofday_success);
63 ATF_TC_HEAD(settimeofday_success, tc)
64 {
65 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
66 					"settimeofday(2) call");
67 }
68 
69 ATF_TC_BODY(settimeofday_success, tc)
70 {
71 	pid = getpid();
72 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
73 
74 	struct timeval tp;
75 	struct timezone tzp;
76 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
77 
78 	FILE *pipefd = setup(fds, auclass);
79 	/* Setting the same time as obtained by gettimeofday(2) */
80 	ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
81 	check_audit(fds, adregex, pipefd);
82 }
83 
84 ATF_TC_CLEANUP(settimeofday_success, tc)
85 {
86 	cleanup();
87 }
88 
89 
90 ATF_TC_WITH_CLEANUP(settimeofday_failure);
91 ATF_TC_HEAD(settimeofday_failure, tc)
92 {
93 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
94 					"settimeofday(2) call");
95 }
96 
97 ATF_TC_BODY(settimeofday_failure, tc)
98 {
99 	pid = getpid();
100 	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
101 
102 	struct timeval tp;
103 	struct timezone tzp;
104 	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
105 
106 	FILE *pipefd = setup(fds, auclass);
107 	tp.tv_sec = -1;
108 	/* Failure reason: Invalid value for tp.tv_sec; */
109 	ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
110 	check_audit(fds, adregex, pipefd);
111 }
112 
113 ATF_TC_CLEANUP(settimeofday_failure, tc)
114 {
115 	cleanup();
116 }
117 
118 
119 ATF_TC_WITH_CLEANUP(clock_settime_success);
120 ATF_TC_HEAD(clock_settime_success, tc)
121 {
122 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
123 					"clock_settime(2) call");
124 }
125 
126 ATF_TC_BODY(clock_settime_success, tc)
127 {
128 	pid = getpid();
129 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
130 
131 	struct timespec tp;
132 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
133 
134 	FILE *pipefd = setup(fds, auclass);
135 	/* Setting the same time as obtained by clock_gettime(2) */
136 	ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
137 	check_audit(fds, adregex, pipefd);
138 }
139 
140 ATF_TC_CLEANUP(clock_settime_success, tc)
141 {
142 	cleanup();
143 }
144 
145 
146 ATF_TC_WITH_CLEANUP(clock_settime_failure);
147 ATF_TC_HEAD(clock_settime_failure, tc)
148 {
149 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
150 					"clock_settime(2) call");
151 }
152 
153 ATF_TC_BODY(clock_settime_failure, tc)
154 {
155 	pid = getpid();
156 	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
157 
158 	struct timespec tp;
159 	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
160 
161 	FILE *pipefd = setup(fds, auclass);
162 	/* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
163 	ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
164 	check_audit(fds, adregex, pipefd);
165 }
166 
167 ATF_TC_CLEANUP(clock_settime_failure, tc)
168 {
169 	cleanup();
170 }
171 
172 
173 ATF_TC_WITH_CLEANUP(adjtime_success);
174 ATF_TC_HEAD(adjtime_success, tc)
175 {
176 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
177 					"adjtime(2) call");
178 }
179 
180 ATF_TC_BODY(adjtime_success, tc)
181 {
182 	pid = getpid();
183 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
184 
185 	FILE *pipefd = setup(fds, auclass);
186 	/* We don't want to change the system time, hence NULL */
187 	ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
188 	check_audit(fds, adregex, pipefd);
189 }
190 
191 ATF_TC_CLEANUP(adjtime_success, tc)
192 {
193 	cleanup();
194 }
195 
196 
197 ATF_TC_WITH_CLEANUP(adjtime_failure);
198 ATF_TC_HEAD(adjtime_failure, tc)
199 {
200 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
201 					"adjtime(2) call");
202 }
203 
204 ATF_TC_BODY(adjtime_failure, tc)
205 {
206 	pid = getpid();
207 	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
208 
209 	FILE *pipefd = setup(fds, auclass);
210 	ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
211 	check_audit(fds, adregex, pipefd);
212 }
213 
214 ATF_TC_CLEANUP(adjtime_failure, tc)
215 {
216 	cleanup();
217 }
218 
219 
220 ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
221 ATF_TC_HEAD(ntp_adjtime_success, tc)
222 {
223 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
224 					"ntp_adjtime(2) call");
225 }
226 
227 ATF_TC_BODY(ntp_adjtime_success, tc)
228 {
229 	struct timex timebuff;
230 	bzero(&timebuff, sizeof(timebuff));
231 
232 	pid = getpid();
233 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
234 
235 	FILE *pipefd = setup(fds, auclass);
236 	ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
237 	check_audit(fds, adregex, pipefd);
238 }
239 
240 ATF_TC_CLEANUP(ntp_adjtime_success, tc)
241 {
242 	cleanup();
243 }
244 
245 
246 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
247 ATF_TC_HEAD(ntp_adjtime_failure, tc)
248 {
249 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
250 					"ntp_adjtime(2) call");
251 }
252 
253 ATF_TC_BODY(ntp_adjtime_failure, tc)
254 {
255 	pid = getpid();
256 	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
257 
258 	FILE *pipefd = setup(fds, auclass);
259 	ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
260 	check_audit(fds, adregex, pipefd);
261 }
262 
263 ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
264 {
265 	cleanup();
266 }
267 
268 
269 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
270 ATF_TC_HEAD(nfs_getfh_success, tc)
271 {
272 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
273 					"getfh(2) call");
274 }
275 
276 ATF_TC_BODY(nfs_getfh_success, tc)
277 {
278 	fhandle_t fhp;
279 	pid = getpid();
280 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
281 
282 	/* File needs to exist to call getfh(2) */
283 	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
284 	FILE *pipefd = setup(fds, auclass);
285 	ATF_REQUIRE_EQ(0, getfh(path, &fhp));
286 	check_audit(fds, adregex, pipefd);
287 	close(filedesc);
288 }
289 
290 ATF_TC_CLEANUP(nfs_getfh_success, tc)
291 {
292 	cleanup();
293 }
294 
295 
296 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
297 ATF_TC_HEAD(nfs_getfh_failure, tc)
298 {
299 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
300 					"getfh(2) call");
301 }
302 
303 ATF_TC_BODY(nfs_getfh_failure, tc)
304 {
305 	pid = getpid();
306 	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
307 
308 	FILE *pipefd = setup(fds, auclass);
309 	/* Failure reason: file does not exist */
310 	ATF_REQUIRE_EQ(-1, getfh(path, NULL));
311 	check_audit(fds, adregex, pipefd);
312 }
313 
314 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
315 {
316 	cleanup();
317 }
318 
319 
320 ATF_TC_WITH_CLEANUP(auditctl_success);
321 ATF_TC_HEAD(auditctl_success, tc)
322 {
323 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
324 					"auditctl(2) call");
325 }
326 
327 ATF_TC_BODY(auditctl_success, tc)
328 {
329 	/* File needs to exist in order to call auditctl(2) */
330 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
331 	FILE *pipefd = setup(fds, auclass);
332 	ATF_REQUIRE_EQ(0, auditctl(path));
333 	check_audit(fds, successreg, pipefd);
334 	close(filedesc);
335 }
336 
337 ATF_TC_CLEANUP(auditctl_success, tc)
338 {
339 	/*
340 	 * auditctl(2) disables audit log at /var/audit and initiates auditing
341 	 * at the configured path. To reset this, we need to stop and start the
342 	 * auditd(8) again. Here, we check if auditd(8) was running already
343 	 * before the test started. If so, we stop and start it again.
344 	 */
345 	system("service auditd onestop > /dev/null 2>&1");
346 	if (!atf_utils_file_exists("started_auditd"))
347 		system("service auditd onestart > /dev/null 2>&1");
348 }
349 
350 
351 ATF_TC_WITH_CLEANUP(auditctl_failure);
352 ATF_TC_HEAD(auditctl_failure, tc)
353 {
354 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
355 					"auditctl(2) call");
356 }
357 
358 ATF_TC_BODY(auditctl_failure, tc)
359 {
360 	pid = getpid();
361 	snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
362 
363 	FILE *pipefd = setup(fds, auclass);
364 	/* Failure reason: file does not exist */
365 	ATF_REQUIRE_EQ(-1, auditctl(NULL));
366 	check_audit(fds, adregex, pipefd);
367 }
368 
369 ATF_TC_CLEANUP(auditctl_failure, tc)
370 {
371 	cleanup();
372 }
373 
374 
375 ATF_TC_WITH_CLEANUP(acct_success);
376 ATF_TC_HEAD(acct_success, tc)
377 {
378 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
379 					"acct(2) call");
380 }
381 
382 ATF_TC_BODY(acct_success, tc)
383 {
384 	int acctinfo, filedesc2;
385 	size_t len = sizeof(acctinfo);
386 	const char *acctname = "kern.acct_configured";
387 	ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
388 
389 	/* File needs to exist to start system accounting */
390 	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
391 
392 	/*
393 	 * acctinfo = 0: System accounting was disabled
394 	 * acctinfo = 1: System accounting was enabled
395 	 */
396 	if (acctinfo) {
397 		ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
398 		close(filedesc2);
399 	}
400 
401 	pid = getpid();
402 	snprintf(adregex, sizeof(adregex),
403 		"acct.*%s.*%d.*return,success", path, pid);
404 
405 	/*
406 	 * We temporarily switch the accounting record to a file at
407 	 * our own configured path in order to confirm acct(2)'s successful
408 	 * auditing. Then we set everything back to its original state.
409 	 */
410 	FILE *pipefd = setup(fds, auclass);
411 	ATF_REQUIRE_EQ(0, acct(path));
412 	check_audit(fds, adregex, pipefd);
413 	close(filedesc);
414 }
415 
416 ATF_TC_CLEANUP(acct_success, tc)
417 {
418 	/* Reset accounting configured path */
419 	ATF_REQUIRE_EQ(0, system("service accounting onestop"));
420 	if (atf_utils_file_exists("acct_ok")) {
421 		ATF_REQUIRE_EQ(0, system("service accounting onestart"));
422 	}
423 	cleanup();
424 }
425 
426 
427 ATF_TC_WITH_CLEANUP(acct_failure);
428 ATF_TC_HEAD(acct_failure, tc)
429 {
430 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
431 					"acct(2) call");
432 }
433 
434 ATF_TC_BODY(acct_failure, tc)
435 {
436 	pid = getpid();
437 	snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
438 
439 	FILE *pipefd = setup(fds, auclass);
440 	/* Failure reason: File does not exist */
441 	ATF_REQUIRE_EQ(-1, acct(path));
442 	check_audit(fds, adregex, pipefd);
443 }
444 
445 ATF_TC_CLEANUP(acct_failure, tc)
446 {
447 	cleanup();
448 }
449 
450 
451 ATF_TC_WITH_CLEANUP(getauid_success);
452 ATF_TC_HEAD(getauid_success, tc)
453 {
454 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
455 					"getauid(2) call");
456 }
457 
458 ATF_TC_BODY(getauid_success, tc)
459 {
460 	au_id_t auid;
461 	pid = getpid();
462 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
463 
464 	FILE *pipefd = setup(fds, auclass);
465 	ATF_REQUIRE_EQ(0, getauid(&auid));
466 	check_audit(fds, adregex, pipefd);
467 }
468 
469 ATF_TC_CLEANUP(getauid_success, tc)
470 {
471 	cleanup();
472 }
473 
474 
475 ATF_TC_WITH_CLEANUP(getauid_failure);
476 ATF_TC_HEAD(getauid_failure, tc)
477 {
478 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
479 					"getauid(2) call");
480 }
481 
482 ATF_TC_BODY(getauid_failure, tc)
483 {
484 	pid = getpid();
485 	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
486 
487 	FILE *pipefd = setup(fds, auclass);
488 	/* Failure reason: Bad address */
489 	ATF_REQUIRE_EQ(-1, getauid(NULL));
490 	check_audit(fds, adregex, pipefd);
491 }
492 
493 ATF_TC_CLEANUP(getauid_failure, tc)
494 {
495 	cleanup();
496 }
497 
498 
499 ATF_TC_WITH_CLEANUP(setauid_success);
500 ATF_TC_HEAD(setauid_success, tc)
501 {
502 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
503 					"setauid(2) call");
504 }
505 
506 ATF_TC_BODY(setauid_success, tc)
507 {
508 	au_id_t auid;
509 	pid = getpid();
510 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
511 	ATF_REQUIRE_EQ(0, getauid(&auid));
512 
513 	FILE *pipefd = setup(fds, auclass);
514 	ATF_REQUIRE_EQ(0, setauid(&auid));
515 	check_audit(fds, adregex, pipefd);
516 }
517 
518 ATF_TC_CLEANUP(setauid_success, tc)
519 {
520 	cleanup();
521 }
522 
523 
524 ATF_TC_WITH_CLEANUP(setauid_failure);
525 ATF_TC_HEAD(setauid_failure, tc)
526 {
527 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
528 					"setauid(2) call");
529 }
530 
531 ATF_TC_BODY(setauid_failure, tc)
532 {
533 	pid = getpid();
534 	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
535 
536 	FILE *pipefd = setup(fds, auclass);
537 	/* Failure reason: Bad address */
538 	ATF_REQUIRE_EQ(-1, setauid(NULL));
539 	check_audit(fds, adregex, pipefd);
540 }
541 
542 ATF_TC_CLEANUP(setauid_failure, tc)
543 {
544 	cleanup();
545 }
546 
547 
548 ATF_TC_WITH_CLEANUP(getaudit_success);
549 ATF_TC_HEAD(getaudit_success, tc)
550 {
551 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
552 					"getaudit(2) call");
553 }
554 
555 ATF_TC_BODY(getaudit_success, tc)
556 {
557 	pid = getpid();
558 	auditinfo_t auditinfo;
559 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
560 
561 	FILE *pipefd = setup(fds, auclass);
562 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
563 	check_audit(fds, adregex, pipefd);
564 }
565 
566 ATF_TC_CLEANUP(getaudit_success, tc)
567 {
568 	cleanup();
569 }
570 
571 
572 ATF_TC_WITH_CLEANUP(getaudit_failure);
573 ATF_TC_HEAD(getaudit_failure, tc)
574 {
575 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
576 					"getaudit(2) call");
577 }
578 
579 ATF_TC_BODY(getaudit_failure, tc)
580 {
581 	pid = getpid();
582 	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
583 
584 	FILE *pipefd = setup(fds, auclass);
585 	/* Failure reason: Bad address */
586 	ATF_REQUIRE_EQ(-1, getaudit(NULL));
587 	check_audit(fds, adregex, pipefd);
588 }
589 
590 ATF_TC_CLEANUP(getaudit_failure, tc)
591 {
592 	cleanup();
593 }
594 
595 
596 ATF_TC_WITH_CLEANUP(setaudit_success);
597 ATF_TC_HEAD(setaudit_success, tc)
598 {
599 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
600 					"setaudit(2) call");
601 }
602 
603 ATF_TC_BODY(setaudit_success, tc)
604 {
605 	pid = getpid();
606 	auditinfo_t auditinfo;
607 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
608 	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
609 
610 	FILE *pipefd = setup(fds, auclass);
611 	ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
612 	check_audit(fds, adregex, pipefd);
613 }
614 
615 ATF_TC_CLEANUP(setaudit_success, tc)
616 {
617 	cleanup();
618 }
619 
620 
621 ATF_TC_WITH_CLEANUP(setaudit_failure);
622 ATF_TC_HEAD(setaudit_failure, tc)
623 {
624 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
625 					"setaudit(2) call");
626 }
627 
628 ATF_TC_BODY(setaudit_failure, tc)
629 {
630 	pid = getpid();
631 	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
632 
633 	FILE *pipefd = setup(fds, auclass);
634 	/* Failure reason: Bad address */
635 	ATF_REQUIRE_EQ(-1, setaudit(NULL));
636 	check_audit(fds, adregex, pipefd);
637 }
638 
639 ATF_TC_CLEANUP(setaudit_failure, tc)
640 {
641 	cleanup();
642 }
643 
644 
645 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
646 ATF_TC_HEAD(getaudit_addr_success, tc)
647 {
648 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
649 					"getaudit_addr(2) call");
650 }
651 
652 ATF_TC_BODY(getaudit_addr_success, tc)
653 {
654 	pid = getpid();
655 	auditinfo_addr_t auditinfo;
656 	snprintf(adregex, sizeof(adregex),
657 		"getaudit_addr.*%d.*return,success", pid);
658 
659 	FILE *pipefd = setup(fds, auclass);
660 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
661 	check_audit(fds, adregex, pipefd);
662 }
663 
664 ATF_TC_CLEANUP(getaudit_addr_success, tc)
665 {
666 	cleanup();
667 }
668 
669 
670 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
671 ATF_TC_HEAD(getaudit_addr_failure, tc)
672 {
673 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
674 					"getaudit_addr(2) call");
675 }
676 
677 ATF_TC_BODY(getaudit_addr_failure, tc)
678 {
679 	pid = getpid();
680 	snprintf(adregex, sizeof(adregex),
681 		"getaudit_addr.*%d.*return,failure", pid);
682 
683 	FILE *pipefd = setup(fds, auclass);
684 	/* Failure reason: Bad address */
685 	ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
686 	check_audit(fds, adregex, pipefd);
687 }
688 
689 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
690 {
691 	cleanup();
692 }
693 
694 
695 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
696 ATF_TC_HEAD(setaudit_addr_success, tc)
697 {
698 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
699 					"setaudit_addr(2) call");
700 }
701 
702 ATF_TC_BODY(setaudit_addr_success, tc)
703 {
704 	pid = getpid();
705 	auditinfo_addr_t auditinfo;
706 	snprintf(adregex, sizeof(adregex),
707 		"setaudit_addr.*%d.*return,success", pid);
708 
709 	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
710 	FILE *pipefd = setup(fds, auclass);
711 	ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
712 	check_audit(fds, adregex, pipefd);
713 }
714 
715 ATF_TC_CLEANUP(setaudit_addr_success, tc)
716 {
717 	cleanup();
718 }
719 
720 
721 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
722 ATF_TC_HEAD(setaudit_addr_failure, tc)
723 {
724 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
725 					"setaudit_addr(2) call");
726 }
727 
728 ATF_TC_BODY(setaudit_addr_failure, tc)
729 {
730 	pid = getpid();
731 	snprintf(adregex, sizeof(adregex),
732 		"setaudit_addr.*%d.*return,failure", pid);
733 
734 	FILE *pipefd = setup(fds, auclass);
735 	/* Failure reason: Bad address */
736 	ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
737 	check_audit(fds, adregex, pipefd);
738 }
739 
740 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
741 {
742 	cleanup();
743 }
744 
745 /*
746  * Note: The test-case uses A_GETFSIZE as the command argument but since it is
747  * not an independent audit event, it will be used to check the default mode
748  * auditing of auditon(2) system call.
749  *
750  * Please See: sys/security/audit/audit_bsm_klib.c
751  * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
752  */
753 ATF_TC_WITH_CLEANUP(auditon_default_success);
754 ATF_TC_HEAD(auditon_default_success, tc)
755 {
756 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
757 					"auditon(2) call");
758 }
759 
760 ATF_TC_BODY(auditon_default_success, tc)
761 {
762 	au_fstat_t fsize_arg;
763 	bzero(&fsize_arg, sizeof(au_fstat_t));
764 
765 	pid = getpid();
766 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
767 
768 	FILE *pipefd = setup(fds, auclass);
769 	ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
770 	check_audit(fds, adregex, pipefd);
771 }
772 
773 ATF_TC_CLEANUP(auditon_default_success, tc)
774 {
775 	cleanup();
776 }
777 
778 
779 ATF_TC_WITH_CLEANUP(auditon_default_failure);
780 ATF_TC_HEAD(auditon_default_failure, tc)
781 {
782 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
783 					"auditon(2) call");
784 }
785 
786 ATF_TC_BODY(auditon_default_failure, tc)
787 {
788 	pid = getpid();
789 	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
790 
791 	FILE *pipefd = setup(fds, auclass);
792 	/* Failure reason: Invalid argument */
793 	ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
794 	check_audit(fds, adregex, pipefd);
795 }
796 
797 ATF_TC_CLEANUP(auditon_default_failure, tc)
798 {
799 	cleanup();
800 }
801 
802 
803 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
804 ATF_TC_HEAD(auditon_getpolicy_success, tc)
805 {
806 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
807 					"auditon(2) call for cmd: A_GETPOLICY");
808 }
809 
810 ATF_TC_BODY(auditon_getpolicy_success, tc)
811 {
812 	int aupolicy;
813 	pid = getpid();
814 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
815 
816 	FILE *pipefd = setup(fds, auclass);
817 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
818 	check_audit(fds, adregex, pipefd);
819 }
820 
821 ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
822 {
823 	cleanup();
824 }
825 
826 
827 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
828 ATF_TC_HEAD(auditon_getpolicy_failure, tc)
829 {
830 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
831 					"auditon(2) call for cmd: A_GETPOLICY");
832 }
833 
834 ATF_TC_BODY(auditon_getpolicy_failure, tc)
835 {
836 	pid = getpid();
837 	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
838 
839 	FILE *pipefd = setup(fds, auclass);
840 	/* Failure reason: Invalid argument */
841 	ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
842 	check_audit(fds, adregex, pipefd);
843 }
844 
845 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
846 {
847 	cleanup();
848 }
849 
850 
851 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
852 ATF_TC_HEAD(auditon_setpolicy_success, tc)
853 {
854 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
855 					"auditon(2) call for cmd: A_SETPOLICY");
856 }
857 
858 ATF_TC_BODY(auditon_setpolicy_success, tc)
859 {
860 	int aupolicy;
861 	pid = getpid();
862 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
863 
864 	/* Retrieve the current auditing policy, to be used with A_SETPOLICY */
865 	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
866 	FILE *pipefd = setup(fds, auclass);
867 	ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
868 	check_audit(fds, adregex, pipefd);
869 }
870 
871 ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
872 {
873 	cleanup();
874 }
875 
876 
877 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
878 ATF_TC_HEAD(auditon_setpolicy_failure, tc)
879 {
880 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
881 					"auditon(2) call for cmd: A_SETPOLICY");
882 }
883 
884 ATF_TC_BODY(auditon_setpolicy_failure, tc)
885 {
886 	pid = getpid();
887 	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
888 
889 	FILE *pipefd = setup(fds, auclass);
890 	/* Failure reason: Invalid argument */
891 	ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
892 	check_audit(fds, adregex, pipefd);
893 }
894 
895 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
896 {
897 	cleanup();
898 }
899 
900 
901 ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
902 ATF_TC_HEAD(auditon_getkmask_success, tc)
903 {
904 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
905 					"auditon(2) call for cmd: A_GETKMASK");
906 }
907 
908 ATF_TC_BODY(auditon_getkmask_success, tc)
909 {
910 	pid = getpid();
911 	au_mask_t evmask;
912 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
913 
914 	bzero(&evmask, sizeof(evmask));
915 	FILE *pipefd = setup(fds, auclass);
916 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
917 	check_audit(fds, adregex, pipefd);
918 }
919 
920 ATF_TC_CLEANUP(auditon_getkmask_success, tc)
921 {
922 	cleanup();
923 }
924 
925 
926 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
927 ATF_TC_HEAD(auditon_getkmask_failure, tc)
928 {
929 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
930 					"auditon(2) call for cmd: A_GETKMASK");
931 }
932 
933 ATF_TC_BODY(auditon_getkmask_failure, tc)
934 {
935 	pid = getpid();
936 	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
937 
938 	FILE *pipefd = setup(fds, auclass);
939 	/* Failure reason: Invalid au_mask_t structure */
940 	ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
941 	check_audit(fds, adregex, pipefd);
942 }
943 
944 ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
945 {
946 	cleanup();
947 }
948 
949 
950 ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
951 ATF_TC_HEAD(auditon_setkmask_success, tc)
952 {
953 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
954 					"auditon(2) call for cmd: A_SETKMASK");
955 }
956 
957 ATF_TC_BODY(auditon_setkmask_success, tc)
958 {
959 	pid = getpid();
960 	au_mask_t evmask;
961 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
962 
963 	/* Retrieve the current audit mask to be used with A_SETKMASK */
964 	bzero(&evmask, sizeof(evmask));
965 	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
966 
967 	FILE *pipefd = setup(fds, auclass);
968 	ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
969 	check_audit(fds, adregex, pipefd);
970 }
971 
972 ATF_TC_CLEANUP(auditon_setkmask_success, tc)
973 {
974 	cleanup();
975 }
976 
977 
978 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
979 ATF_TC_HEAD(auditon_setkmask_failure, tc)
980 {
981 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
982 					"auditon(2) call for cmd: A_SETKMASK");
983 }
984 
985 ATF_TC_BODY(auditon_setkmask_failure, tc)
986 {
987 	pid = getpid();
988 	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
989 
990 	FILE *pipefd = setup(fds, auclass);
991 	/* Failure reason: Invalid au_mask_t structure */
992 	ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
993 	check_audit(fds, adregex, pipefd);
994 }
995 
996 ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
997 {
998 	cleanup();
999 }
1000 
1001 
1002 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
1003 ATF_TC_HEAD(auditon_getqctrl_success, tc)
1004 {
1005 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1006 					"auditon(2) call for cmd: A_GETQCTRL");
1007 }
1008 
1009 ATF_TC_BODY(auditon_getqctrl_success, tc)
1010 {
1011 	pid = getpid();
1012 	au_qctrl_t evqctrl;
1013 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1014 
1015 	bzero(&evqctrl, sizeof(evqctrl));
1016 	FILE *pipefd = setup(fds, auclass);
1017 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1018 	check_audit(fds, adregex, pipefd);
1019 }
1020 
1021 ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1022 {
1023 	cleanup();
1024 }
1025 
1026 
1027 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
1028 ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1029 {
1030 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1031 					"auditon(2) call for cmd: A_GETQCTRL");
1032 }
1033 
1034 ATF_TC_BODY(auditon_getqctrl_failure, tc)
1035 {
1036 	pid = getpid();
1037 	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1038 
1039 	FILE *pipefd = setup(fds, auclass);
1040 	/* Failure reason: Invalid au_qctrl_t structure */
1041 	ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1042 	check_audit(fds, adregex, pipefd);
1043 }
1044 
1045 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1046 {
1047 	cleanup();
1048 }
1049 
1050 
1051 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
1052 ATF_TC_HEAD(auditon_setqctrl_success, tc)
1053 {
1054 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1055 					"auditon(2) call for cmd: A_SETKMASK");
1056 }
1057 
1058 ATF_TC_BODY(auditon_setqctrl_success, tc)
1059 {
1060 	pid = getpid();
1061 	au_qctrl_t evqctrl;
1062 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1063 
1064 	/* Retrieve the current audit mask to be used with A_SETQCTRL */
1065 	bzero(&evqctrl, sizeof(evqctrl));
1066 	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1067 
1068 	FILE *pipefd = setup(fds, auclass);
1069 	ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1070 	check_audit(fds, adregex, pipefd);
1071 }
1072 
1073 ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1074 {
1075 	cleanup();
1076 }
1077 
1078 
1079 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
1080 ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1081 {
1082 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1083 					"auditon(2) call for cmd: A_SETKMASK");
1084 }
1085 
1086 ATF_TC_BODY(auditon_setqctrl_failure, tc)
1087 {
1088 	pid = getpid();
1089 	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1090 
1091 	FILE *pipefd = setup(fds, auclass);
1092 	/* Failure reason: Invalid au_qctrl_t structure */
1093 	ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1094 	check_audit(fds, adregex, pipefd);
1095 }
1096 
1097 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1098 {
1099 	cleanup();
1100 }
1101 
1102 
1103 ATF_TC_WITH_CLEANUP(auditon_getclass_success);
1104 ATF_TC_HEAD(auditon_getclass_success, tc)
1105 {
1106 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1107 					"auditon(2) call for cmd: A_GETCLASS");
1108 }
1109 
1110 ATF_TC_BODY(auditon_getclass_success, tc)
1111 {
1112 	pid = getpid();
1113 	au_evclass_map_t evclass;
1114 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1115 
1116 	/* Initialize evclass to get the event-class mapping for auditon(2) */
1117 	evclass.ec_number = AUE_AUDITON;
1118 	evclass.ec_class = 0;
1119 	FILE *pipefd = setup(fds, auclass);
1120 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1121 	check_audit(fds, adregex, pipefd);
1122 }
1123 
1124 ATF_TC_CLEANUP(auditon_getclass_success, tc)
1125 {
1126 	cleanup();
1127 }
1128 
1129 
1130 ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
1131 ATF_TC_HEAD(auditon_getclass_failure, tc)
1132 {
1133 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1134 					"auditon(2) call for cmd: A_GETCLASS");
1135 }
1136 
1137 ATF_TC_BODY(auditon_getclass_failure, tc)
1138 {
1139 	pid = getpid();
1140 	snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1141 
1142 	FILE *pipefd = setup(fds, auclass);
1143 	/* Failure reason: Invalid au_evclass_map_t structure */
1144 	ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1145 	check_audit(fds, adregex, pipefd);
1146 }
1147 
1148 ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1149 {
1150 	cleanup();
1151 }
1152 
1153 
1154 ATF_TC_WITH_CLEANUP(auditon_setclass_success);
1155 ATF_TC_HEAD(auditon_setclass_success, tc)
1156 {
1157 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1158 					"auditon(2) call for cmd: A_SETCLASS");
1159 }
1160 
1161 ATF_TC_BODY(auditon_setclass_success, tc)
1162 {
1163 	pid = getpid();
1164 	au_evclass_map_t evclass;
1165 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1166 
1167 	/* Initialize evclass and get the event-class mapping for auditon(2) */
1168 	evclass.ec_number = AUE_AUDITON;
1169 	evclass.ec_class = 0;
1170 	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1171 
1172 	FILE *pipefd = setup(fds, auclass);
1173 	ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1174 	check_audit(fds, adregex, pipefd);
1175 }
1176 
1177 ATF_TC_CLEANUP(auditon_setclass_success, tc)
1178 {
1179 	cleanup();
1180 }
1181 
1182 
1183 ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
1184 ATF_TC_HEAD(auditon_setclass_failure, tc)
1185 {
1186 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1187 					"auditon(2) call for cmd: A_SETCLASS");
1188 }
1189 
1190 ATF_TC_BODY(auditon_setclass_failure, tc)
1191 {
1192 	pid = getpid();
1193 	snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1194 
1195 	FILE *pipefd = setup(fds, auclass);
1196 	/* Failure reason: Invalid au_evclass_map_t structure */
1197 	ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1198 	check_audit(fds, adregex, pipefd);
1199 }
1200 
1201 ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1202 {
1203 	cleanup();
1204 }
1205 
1206 
1207 ATF_TC_WITH_CLEANUP(auditon_getcond_success);
1208 ATF_TC_HEAD(auditon_getcond_success, tc)
1209 {
1210 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1211 					"auditon(2) call for cmd: A_GETCOND");
1212 }
1213 
1214 ATF_TC_BODY(auditon_getcond_success, tc)
1215 {
1216 	int auditcond;
1217 	pid = getpid();
1218 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1219 
1220 	FILE *pipefd = setup(fds, auclass);
1221 	ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1222 	check_audit(fds, adregex, pipefd);
1223 }
1224 
1225 ATF_TC_CLEANUP(auditon_getcond_success, tc)
1226 {
1227 	cleanup();
1228 }
1229 
1230 
1231 ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
1232 ATF_TC_HEAD(auditon_getcond_failure, tc)
1233 {
1234 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1235 					"auditon(2) call for cmd: A_GETCOND");
1236 }
1237 
1238 ATF_TC_BODY(auditon_getcond_failure, tc)
1239 {
1240 	pid = getpid();
1241 	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1242 
1243 	FILE *pipefd = setup(fds, auclass);
1244 	/* Failure reason: Invalid argument */
1245 	ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1246 	check_audit(fds, adregex, pipefd);
1247 }
1248 
1249 ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1250 {
1251 	cleanup();
1252 }
1253 
1254 
1255 ATF_TC_WITH_CLEANUP(auditon_setcond_success);
1256 ATF_TC_HEAD(auditon_setcond_success, tc)
1257 {
1258 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1259 					"auditon(2) call for cmd: A_SETCOND");
1260 }
1261 
1262 ATF_TC_BODY(auditon_setcond_success, tc)
1263 {
1264 	int auditcond = AUC_AUDITING;
1265 	pid = getpid();
1266 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1267 
1268 	FILE *pipefd = setup(fds, auclass);
1269 	/* At this point auditd is running, so the audit state is AUC_AUDITING */
1270 	ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1271 	check_audit(fds, adregex, pipefd);
1272 }
1273 
1274 ATF_TC_CLEANUP(auditon_setcond_success, tc)
1275 {
1276 	cleanup();
1277 }
1278 
1279 
1280 ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
1281 ATF_TC_HEAD(auditon_setcond_failure, tc)
1282 {
1283 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1284 					"auditon(2) call for cmd: A_SETCOND");
1285 }
1286 
1287 ATF_TC_BODY(auditon_setcond_failure, tc)
1288 {
1289 	pid = getpid();
1290 	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1291 
1292 	FILE *pipefd = setup(fds, auclass);
1293 	/* Failure reason: Invalid argument */
1294 	ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1295 	check_audit(fds, adregex, pipefd);
1296 }
1297 
1298 ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1299 {
1300 	cleanup();
1301 }
1302 
1303 /*
1304  * Following test-cases for auditon(2) are all in failure mode only as although
1305  * auditable, they have not been implemented and return ENOSYS whenever called.
1306  *
1307  * Commands: A_GETCWD  A_GETCAR  A_GETSTAT  A_SETSTAT  A_SETUMASK  A_SETSMASK
1308  */
1309 
1310 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
1311 ATF_TC_HEAD(auditon_getcwd_failure, tc)
1312 {
1313 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1314 					"auditon(2) call for cmd: A_GETCWD");
1315 }
1316 
1317 ATF_TC_BODY(auditon_getcwd_failure, tc)
1318 {
1319 	pid = getpid();
1320 	snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1321 
1322 	FILE *pipefd = setup(fds, auclass);
1323 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1324 		sizeof(auditon_def)) == -1);
1325 	check_audit(fds, adregex, pipefd);
1326 }
1327 
1328 ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1329 {
1330 	cleanup();
1331 }
1332 
1333 
1334 ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
1335 ATF_TC_HEAD(auditon_getcar_failure, tc)
1336 {
1337 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1338 					"auditon(2) call for cmd: A_GETCAR");
1339 }
1340 
1341 ATF_TC_BODY(auditon_getcar_failure, tc)
1342 {
1343 	pid = getpid();
1344 	snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1345 
1346 	FILE *pipefd = setup(fds, auclass);
1347 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1348 		sizeof(auditon_def)) == -1);
1349 	check_audit(fds, adregex, pipefd);
1350 }
1351 
1352 ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1353 {
1354 	cleanup();
1355 }
1356 
1357 
1358 ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
1359 ATF_TC_HEAD(auditon_getstat_failure, tc)
1360 {
1361 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1362 					"auditon(2) call for cmd: A_GETSTAT");
1363 }
1364 
1365 ATF_TC_BODY(auditon_getstat_failure, tc)
1366 {
1367 	pid = getpid();
1368 	snprintf(adregex, sizeof(adregex),
1369 		"get audit statistics.*%d.*return,failure", pid);
1370 
1371 	FILE *pipefd = setup(fds, auclass);
1372 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1373 		sizeof(auditon_def)) == -1);
1374 	check_audit(fds, adregex, pipefd);
1375 }
1376 
1377 ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1378 {
1379 	cleanup();
1380 }
1381 
1382 
1383 ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
1384 ATF_TC_HEAD(auditon_setstat_failure, tc)
1385 {
1386 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1387 					"auditon(2) call for cmd: A_SETSTAT");
1388 }
1389 
1390 ATF_TC_BODY(auditon_setstat_failure, tc)
1391 {
1392 	pid = getpid();
1393 	snprintf(adregex, sizeof(adregex),
1394 		"set audit statistics.*%d.*return,failure", pid);
1395 
1396 	FILE *pipefd = setup(fds, auclass);
1397 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1398 		sizeof(auditon_def)) == -1);
1399 	check_audit(fds, adregex, pipefd);
1400 }
1401 
1402 ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1403 {
1404 	cleanup();
1405 }
1406 
1407 
1408 ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
1409 ATF_TC_HEAD(auditon_setumask_failure, tc)
1410 {
1411 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1412 					"auditon(2) call for cmd: A_SETUMASK");
1413 }
1414 
1415 ATF_TC_BODY(auditon_setumask_failure, tc)
1416 {
1417 	pid = getpid();
1418 	snprintf(adregex, sizeof(adregex),
1419 		"set mask per uid.*%d.*return,failure", pid);
1420 
1421 	FILE *pipefd = setup(fds, auclass);
1422 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1423 		sizeof(auditon_def)) == -1);
1424 	check_audit(fds, adregex, pipefd);
1425 }
1426 
1427 ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1428 {
1429 	cleanup();
1430 }
1431 
1432 
1433 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
1434 ATF_TC_HEAD(auditon_setsmask_failure, tc)
1435 {
1436 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1437 					"auditon(2) call for cmd: A_SETSMASK");
1438 }
1439 
1440 ATF_TC_BODY(auditon_setsmask_failure, tc)
1441 {
1442 	pid = getpid();
1443 	snprintf(adregex, sizeof(adregex),
1444 		"set mask per session.*%d.*return,failure", pid);
1445 
1446 	FILE *pipefd = setup(fds, auclass);
1447 	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1448 		sizeof(auditon_def)) == -1);
1449 	check_audit(fds, adregex, pipefd);
1450 }
1451 
1452 ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1453 {
1454 	cleanup();
1455 }
1456 
1457 
1458 /*
1459  * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1460  * to reboot the system while running the tests
1461  */
1462 
1463 
1464 ATF_TC_WITH_CLEANUP(reboot_failure);
1465 ATF_TC_HEAD(reboot_failure, tc)
1466 {
1467 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1468 					"reboot(2) call");
1469 }
1470 
1471 ATF_TC_BODY(reboot_failure, tc)
1472 {
1473 	pid = getpid();
1474 	snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1475 
1476 	FILE *pipefd = setup(fds, auclass);
1477 	ATF_REQUIRE_EQ(-1, reboot(-1));
1478 	check_audit(fds, adregex, pipefd);
1479 }
1480 
1481 ATF_TC_CLEANUP(reboot_failure, tc)
1482 {
1483 	cleanup();
1484 }
1485 
1486 
1487 /*
1488  * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1489  * to tamper with filesystem quotas
1490  */
1491 
1492 
1493 ATF_TC_WITH_CLEANUP(quotactl_failure);
1494 ATF_TC_HEAD(quotactl_failure, tc)
1495 {
1496 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1497 					"quotactl(2) call");
1498 }
1499 
1500 ATF_TC_BODY(quotactl_failure, tc)
1501 {
1502 	pid = getpid();
1503 	snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1504 
1505 	FILE *pipefd = setup(fds, auclass);
1506 	ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1507 	check_audit(fds, adregex, pipefd);
1508 }
1509 
1510 ATF_TC_CLEANUP(quotactl_failure, tc)
1511 {
1512 	cleanup();
1513 }
1514 
1515 
1516 ATF_TC_WITH_CLEANUP(mount_failure);
1517 ATF_TC_HEAD(mount_failure, tc)
1518 {
1519 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1520 					"mount(2) call");
1521 }
1522 
1523 ATF_TC_BODY(mount_failure, tc)
1524 {
1525 	pid = getpid();
1526 	snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1527 
1528 	FILE *pipefd = setup(fds, auclass);
1529 	ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1530 	check_audit(fds, adregex, pipefd);
1531 }
1532 
1533 ATF_TC_CLEANUP(mount_failure, tc)
1534 {
1535 	cleanup();
1536 }
1537 
1538 
1539 ATF_TC_WITH_CLEANUP(nmount_failure);
1540 ATF_TC_HEAD(nmount_failure, tc)
1541 {
1542 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1543 					"nmount(2) call");
1544 }
1545 
1546 ATF_TC_BODY(nmount_failure, tc)
1547 {
1548 	pid = getpid();
1549 	snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1550 
1551 	FILE *pipefd = setup(fds, auclass);
1552 	ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1553 	check_audit(fds, adregex, pipefd);
1554 }
1555 
1556 ATF_TC_CLEANUP(nmount_failure, tc)
1557 {
1558 	cleanup();
1559 }
1560 
1561 
1562 ATF_TC_WITH_CLEANUP(swapon_failure);
1563 ATF_TC_HEAD(swapon_failure, tc)
1564 {
1565 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1566 					"swapon(2) call");
1567 }
1568 
1569 ATF_TC_BODY(swapon_failure, tc)
1570 {
1571 	pid = getpid();
1572 	snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1573 
1574 	FILE *pipefd = setup(fds, auclass);
1575 	/* Failure reason: Block device required */
1576 	ATF_REQUIRE_EQ(-1, swapon(path));
1577 	check_audit(fds, adregex, pipefd);
1578 }
1579 
1580 ATF_TC_CLEANUP(swapon_failure, tc)
1581 {
1582 	cleanup();
1583 }
1584 
1585 
1586 ATF_TC_WITH_CLEANUP(swapoff_failure);
1587 ATF_TC_HEAD(swapoff_failure, tc)
1588 {
1589 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1590 					"swapoff(2) call");
1591 }
1592 
1593 ATF_TC_BODY(swapoff_failure, tc)
1594 {
1595 	pid = getpid();
1596 	snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1597 
1598 	FILE *pipefd = setup(fds, auclass);
1599 	/* Failure reason: Block device required */
1600 	ATF_REQUIRE_EQ(-1, swapoff(path));
1601 	check_audit(fds, adregex, pipefd);
1602 }
1603 
1604 ATF_TC_CLEANUP(swapoff_failure, tc)
1605 {
1606 	cleanup();
1607 }
1608 
1609 
1610 ATF_TP_ADD_TCS(tp)
1611 {
1612 	ATF_TP_ADD_TC(tp, settimeofday_success);
1613 	ATF_TP_ADD_TC(tp, settimeofday_failure);
1614 	ATF_TP_ADD_TC(tp, clock_settime_success);
1615 	ATF_TP_ADD_TC(tp, clock_settime_failure);
1616 	ATF_TP_ADD_TC(tp, adjtime_success);
1617 	ATF_TP_ADD_TC(tp, adjtime_failure);
1618 	ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1619 	ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1620 
1621 	ATF_TP_ADD_TC(tp, nfs_getfh_success);
1622 	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1623 	ATF_TP_ADD_TC(tp, acct_success);
1624 	ATF_TP_ADD_TC(tp, acct_failure);
1625 	ATF_TP_ADD_TC(tp, auditctl_success);
1626 	ATF_TP_ADD_TC(tp, auditctl_failure);
1627 
1628 	ATF_TP_ADD_TC(tp, getauid_success);
1629 	ATF_TP_ADD_TC(tp, getauid_failure);
1630 	ATF_TP_ADD_TC(tp, setauid_success);
1631 	ATF_TP_ADD_TC(tp, setauid_failure);
1632 
1633 	ATF_TP_ADD_TC(tp, getaudit_success);
1634 	ATF_TP_ADD_TC(tp, getaudit_failure);
1635 	ATF_TP_ADD_TC(tp, setaudit_success);
1636 	ATF_TP_ADD_TC(tp, setaudit_failure);
1637 
1638 	ATF_TP_ADD_TC(tp, getaudit_addr_success);
1639 	ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1640 	ATF_TP_ADD_TC(tp, setaudit_addr_success);
1641 	ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1642 
1643 	ATF_TP_ADD_TC(tp, auditon_default_success);
1644 	ATF_TP_ADD_TC(tp, auditon_default_failure);
1645 
1646 	ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1647 	ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1648 	ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1649 	ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1650 
1651 	ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1652 	ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1653 	ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1654 	ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1655 
1656 	ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1657 	ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1658 	ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1659 	ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1660 
1661 	ATF_TP_ADD_TC(tp, auditon_getclass_success);
1662 	ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1663 	ATF_TP_ADD_TC(tp, auditon_setclass_success);
1664 	ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1665 
1666 	ATF_TP_ADD_TC(tp, auditon_getcond_success);
1667 	ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1668 	ATF_TP_ADD_TC(tp, auditon_setcond_success);
1669 	ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1670 
1671 	ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1672 	ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1673 	ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1674 	ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1675 	ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1676 	ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1677 
1678 	ATF_TP_ADD_TC(tp, reboot_failure);
1679 	ATF_TP_ADD_TC(tp, quotactl_failure);
1680 	ATF_TP_ADD_TC(tp, mount_failure);
1681 	ATF_TP_ADD_TC(tp, nmount_failure);
1682 	ATF_TP_ADD_TC(tp, swapon_failure);
1683 	ATF_TP_ADD_TC(tp, swapoff_failure);
1684 
1685 	return (atf_no_error());
1686 }
1687