svn commit: r339092 - stable/11/tests/sys/audit
Alan Somers
asomers at FreeBSD.org
Tue Oct 2 17:38:59 UTC 2018
Author: asomers
Date: Tue Oct 2 17:38:58 2018
New Revision: 339092
URL: https://svnweb.freebsd.org/changeset/base/339092
Log:
MFC r335792, r336564, r336579
r335792:
audit(4): add tests for several more administrative syscalls
Includes ntp_adjtime, auditctl, acct, auditon, and clock_settime. Includes
quotactl, mount, nmount, swapon, and swapoff in failure mode only. Success
tests for those syscalls will follow. Also includes reboot(2) in failure
mode only. That one can't be tested in success mode.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15898
r336564:
Separate the audit(4) tests for auditon(2)'s individual commands
auditon(2) is an ioctl-like syscall with several different variants, each of
which has a distinct audit event. Write separate audit(4) tests for each
variant.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16255
r336579:
audit(4): add more test cases for auditon(2)
auditon(2) is an ioctl-like syscall with several different variants, each of
which has a distinct audit event. This commit tests the remaining variants
that weren't tested in r336564.
Submitted by: aniketp
X-MFC-With: 336564
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16381
Modified:
stable/11/tests/sys/audit/administrative.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/tests/sys/audit/administrative.c
==============================================================================
--- stable/11/tests/sys/audit/administrative.c Tue Oct 2 17:29:56 2018 (r339091)
+++ stable/11/tests/sys/audit/administrative.c Tue Oct 2 17:38:58 2018 (r339092)
@@ -27,21 +27,36 @@
#include <sys/param.h>
#include <sys/mount.h>
+#include <sys/reboot.h>
+#include <sys/stat.h>
+#include <sys/sysctl.h>
#include <sys/time.h>
+#include <sys/timespec.h>
+#include <sys/timex.h>
+#include <bsm/audit.h>
+#include <bsm/audit_kevents.h>
+#include <ufs/ufs/quota.h>
+
#include <atf-c.h>
+#include <errno.h>
#include <fcntl.h>
+#include <stdlib.h>
+#include <time.h>
#include <unistd.h>
#include "utils.h"
static pid_t pid;
static int filedesc;
+/* Default argument for handling ENOSYS in auditon(2) functions */
+static int auditon_def = 0;
static mode_t mode = 0777;
static struct pollfd fds[1];
static char adregex[80];
static const char *auclass = "ad";
static const char *path = "fileforaudit";
+static const char *successreg = "fileforaudit.*return,success";
ATF_TC_WITH_CLEANUP(settimeofday_success);
@@ -101,6 +116,60 @@ ATF_TC_CLEANUP(settimeofday_failure, tc)
}
+ATF_TC_WITH_CLEANUP(clock_settime_success);
+ATF_TC_HEAD(clock_settime_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "clock_settime(2) call");
+}
+
+ATF_TC_BODY(clock_settime_success, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
+
+ struct timespec tp;
+ ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Setting the same time as obtained by clock_gettime(2) */
+ ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(clock_settime_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(clock_settime_failure);
+ATF_TC_HEAD(clock_settime_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "clock_settime(2) call");
+}
+
+ATF_TC_BODY(clock_settime_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
+
+ struct timespec tp;
+ ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
+ ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(clock_settime_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TC_WITH_CLEANUP(adjtime_success);
ATF_TC_HEAD(adjtime_success, tc)
{
@@ -115,7 +184,7 @@ ATF_TC_BODY(adjtime_success, tc)
FILE *pipefd = setup(fds, auclass);
/* We don't want to change the system time, hence NULL */
- ATF_REQUIRE_EQ(0, adjtime(NULL,NULL));
+ ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
check_audit(fds, adregex, pipefd);
}
@@ -148,7 +217,55 @@ ATF_TC_CLEANUP(adjtime_failure, tc)
}
+ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
+ATF_TC_HEAD(ntp_adjtime_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "ntp_adjtime(2) call");
+}
+ATF_TC_BODY(ntp_adjtime_success, tc)
+{
+ struct timex timebuff;
+ bzero(&timebuff, sizeof(timebuff));
+
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(ntp_adjtime_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
+ATF_TC_HEAD(ntp_adjtime_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "ntp_adjtime(2) call");
+}
+
+ATF_TC_BODY(ntp_adjtime_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TC_WITH_CLEANUP(nfs_getfh_success);
ATF_TC_HEAD(nfs_getfh_success, tc)
{
@@ -200,6 +317,137 @@ ATF_TC_CLEANUP(nfs_getfh_failure, tc)
}
+ATF_TC_WITH_CLEANUP(auditctl_success);
+ATF_TC_HEAD(auditctl_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditctl(2) call");
+}
+
+ATF_TC_BODY(auditctl_success, tc)
+{
+ /* File needs to exist in order to call auditctl(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditctl(path));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(auditctl_success, tc)
+{
+ /*
+ * auditctl(2) disables audit log at /var/audit and initiates auditing
+ * at the configured path. To reset this, we need to stop and start the
+ * auditd(8) again. Here, we check if auditd(8) was running already
+ * before the test started. If so, we stop and start it again.
+ */
+ system("service auditd onestop > /dev/null 2>&1");
+ if (!atf_utils_file_exists("started_auditd"))
+ system("service auditd onestart > /dev/null 2>&1");
+}
+
+
+ATF_TC_WITH_CLEANUP(auditctl_failure);
+ATF_TC_HEAD(auditctl_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditctl(2) call");
+}
+
+ATF_TC_BODY(auditctl_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, auditctl(NULL));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditctl_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(acct_success);
+ATF_TC_HEAD(acct_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "acct(2) call");
+}
+
+ATF_TC_BODY(acct_success, tc)
+{
+ int acctinfo, filedesc2;
+ size_t len = sizeof(acctinfo);
+ const char *acctname = "kern.acct_configured";
+ ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
+
+ /* File needs to exist to start system accounting */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
+
+ /*
+ * acctinfo = 0: System accounting was disabled
+ * acctinfo = 1: System accounting was enabled
+ */
+ if (acctinfo) {
+ ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
+ close(filedesc2);
+ }
+
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex),
+ "acct.*%s.*%d.*return,success", path, pid);
+
+ /*
+ * We temporarily switch the accounting record to a file at
+ * our own configured path in order to confirm acct(2)'s successful
+ * auditing. Then we set everything back to its original state.
+ */
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, acct(path));
+ check_audit(fds, adregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(acct_success, tc)
+{
+ /* Reset accounting configured path */
+ ATF_REQUIRE_EQ(0, system("service accounting onestop"));
+ if (atf_utils_file_exists("acct_ok")) {
+ ATF_REQUIRE_EQ(0, system("service accounting onestart"));
+ }
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(acct_failure);
+ATF_TC_HEAD(acct_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "acct(2) call");
+}
+
+ATF_TC_BODY(acct_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: File does not exist */
+ ATF_REQUIRE_EQ(-1, acct(path));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(acct_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TC_WITH_CLEANUP(getauid_success);
ATF_TC_HEAD(getauid_success, tc)
{
@@ -494,16 +742,888 @@ ATF_TC_CLEANUP(setaudit_addr_failure, tc)
cleanup();
}
+/*
+ * Note: The test-case uses A_GETFSIZE as the command argument but since it is
+ * not an independent audit event, it will be used to check the default mode
+ * auditing of auditon(2) system call.
+ *
+ * Please See: sys/security/audit/audit_bsm_klib.c
+ * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
+ */
+ATF_TC_WITH_CLEANUP(auditon_default_success);
+ATF_TC_HEAD(auditon_default_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call");
+}
+ATF_TC_BODY(auditon_default_success, tc)
+{
+ au_fstat_t fsize_arg;
+ bzero(&fsize_arg, sizeof(au_fstat_t));
+
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_default_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_default_failure);
+ATF_TC_HEAD(auditon_default_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call");
+}
+
+ATF_TC_BODY(auditon_default_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid argument */
+ ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_default_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
+ATF_TC_HEAD(auditon_getpolicy_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_GETPOLICY");
+}
+
+ATF_TC_BODY(auditon_getpolicy_success, tc)
+{
+ int aupolicy;
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
+ATF_TC_HEAD(auditon_getpolicy_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETPOLICY");
+}
+
+ATF_TC_BODY(auditon_getpolicy_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid argument */
+ ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
+ATF_TC_HEAD(auditon_setpolicy_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_SETPOLICY");
+}
+
+ATF_TC_BODY(auditon_setpolicy_success, tc)
+{
+ int aupolicy;
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
+
+ /* Retrieve the current auditing policy, to be used with A_SETPOLICY */
+ ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
+ATF_TC_HEAD(auditon_setpolicy_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETPOLICY");
+}
+
+ATF_TC_BODY(auditon_setpolicy_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid argument */
+ ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
+ATF_TC_HEAD(auditon_getkmask_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_GETKMASK");
+}
+
+ATF_TC_BODY(auditon_getkmask_success, tc)
+{
+ pid = getpid();
+ au_mask_t evmask;
+ snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
+
+ bzero(&evmask, sizeof(evmask));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getkmask_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
+ATF_TC_HEAD(auditon_getkmask_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETKMASK");
+}
+
+ATF_TC_BODY(auditon_getkmask_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid au_mask_t structure */
+ ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
+ATF_TC_HEAD(auditon_setkmask_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_SETKMASK");
+}
+
+ATF_TC_BODY(auditon_setkmask_success, tc)
+{
+ pid = getpid();
+ au_mask_t evmask;
+ snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
+
+ /* Retrieve the current audit mask to be used with A_SETKMASK */
+ bzero(&evmask, sizeof(evmask));
+ ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setkmask_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
+ATF_TC_HEAD(auditon_setkmask_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETKMASK");
+}
+
+ATF_TC_BODY(auditon_setkmask_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid au_mask_t structure */
+ ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
+ATF_TC_HEAD(auditon_getqctrl_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_GETQCTRL");
+}
+
+ATF_TC_BODY(auditon_getqctrl_success, tc)
+{
+ pid = getpid();
+ au_qctrl_t evqctrl;
+ snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
+
+ bzero(&evqctrl, sizeof(evqctrl));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
+ATF_TC_HEAD(auditon_getqctrl_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETQCTRL");
+}
+
+ATF_TC_BODY(auditon_getqctrl_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid au_qctrl_t structure */
+ ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
+ATF_TC_HEAD(auditon_setqctrl_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_SETKMASK");
+}
+
+ATF_TC_BODY(auditon_setqctrl_success, tc)
+{
+ pid = getpid();
+ au_qctrl_t evqctrl;
+ snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
+
+ /* Retrieve the current audit mask to be used with A_SETQCTRL */
+ bzero(&evqctrl, sizeof(evqctrl));
+ ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
+ATF_TC_HEAD(auditon_setqctrl_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETKMASK");
+}
+
+ATF_TC_BODY(auditon_setqctrl_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid au_qctrl_t structure */
+ ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getclass_success);
+ATF_TC_HEAD(auditon_getclass_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_GETCLASS");
+}
+
+ATF_TC_BODY(auditon_getclass_success, tc)
+{
+ pid = getpid();
+ au_evclass_map_t evclass;
+ snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
+
+ /* Initialize evclass to get the event-class mapping for auditon(2) */
+ evclass.ec_number = AUE_AUDITON;
+ evclass.ec_class = 0;
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getclass_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
+ATF_TC_HEAD(auditon_getclass_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETCLASS");
+}
+
+ATF_TC_BODY(auditon_getclass_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid au_evclass_map_t structure */
+ ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getclass_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setclass_success);
+ATF_TC_HEAD(auditon_setclass_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_SETCLASS");
+}
+
+ATF_TC_BODY(auditon_setclass_success, tc)
+{
+ pid = getpid();
+ au_evclass_map_t evclass;
+ snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
+
+ /* Initialize evclass and get the event-class mapping for auditon(2) */
+ evclass.ec_number = AUE_AUDITON;
+ evclass.ec_class = 0;
+ ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setclass_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
+ATF_TC_HEAD(auditon_setclass_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETCLASS");
+}
+
+ATF_TC_BODY(auditon_setclass_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid au_evclass_map_t structure */
+ ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setclass_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getcond_success);
+ATF_TC_HEAD(auditon_getcond_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_GETCOND");
+}
+
+ATF_TC_BODY(auditon_getcond_success, tc)
+{
+ int auditcond;
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getcond_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
+ATF_TC_HEAD(auditon_getcond_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETCOND");
+}
+
+ATF_TC_BODY(auditon_getcond_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid argument */
+ ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getcond_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setcond_success);
+ATF_TC_HEAD(auditon_setcond_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "auditon(2) call for cmd: A_SETCOND");
+}
+
+ATF_TC_BODY(auditon_setcond_success, tc)
+{
+ int auditcond = AUC_AUDITING;
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* At this point auditd is running, so the audit state is AUC_AUDITING */
+ ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setcond_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
+ATF_TC_HEAD(auditon_setcond_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETCOND");
+}
+
+ATF_TC_BODY(auditon_setcond_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid argument */
+ ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setcond_failure, tc)
+{
+ cleanup();
+}
+
+/*
+ * Following test-cases for auditon(2) are all in failure mode only as although
+ * auditable, they have not been implemented and return ENOSYS whenever called.
+ *
+ * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK
+ */
+
+ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
+ATF_TC_HEAD(auditon_getcwd_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETCWD");
+}
+
+ATF_TC_BODY(auditon_getcwd_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
+ sizeof(auditon_def)) == -1);
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
+ATF_TC_HEAD(auditon_getcar_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETCAR");
+}
+
+ATF_TC_BODY(auditon_getcar_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
+ sizeof(auditon_def)) == -1);
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getcar_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
+ATF_TC_HEAD(auditon_getstat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_GETSTAT");
+}
+
+ATF_TC_BODY(auditon_getstat_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex),
+ "get audit statistics.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
+ sizeof(auditon_def)) == -1);
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_getstat_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
+ATF_TC_HEAD(auditon_setstat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETSTAT");
+}
+
+ATF_TC_BODY(auditon_setstat_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex),
+ "set audit statistics.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
+ sizeof(auditon_def)) == -1);
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setstat_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
+ATF_TC_HEAD(auditon_setumask_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETUMASK");
+}
+
+ATF_TC_BODY(auditon_setumask_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex),
+ "set mask per uid.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
+ sizeof(auditon_def)) == -1);
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(auditon_setumask_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
+ATF_TC_HEAD(auditon_setsmask_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "auditon(2) call for cmd: A_SETSMASK");
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list