2 * Copyright (c) 2018 Aniket Pandey
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 #include <sys/param.h>
29 #include <sys/mount.h>
30 #include <sys/reboot.h>
32 #include <sys/sysctl.h>
34 #include <sys/timespec.h>
35 #include <sys/timex.h>
37 #include <bsm/audit.h>
38 #include <bsm/audit_kevents.h>
39 #include <ufs/ufs/quota.h>
52 /* Default argument for handling ENOSYS in auditon(2) functions */
53 static int auditon_def = 0;
54 static mode_t mode = 0777;
55 static struct pollfd fds[1];
56 static char adregex[80];
57 static const char *auclass = "ad";
58 static const char *path = "fileforaudit";
59 static const char *successreg = "fileforaudit.*return,success";
62 ATF_TC_WITH_CLEANUP(settimeofday_success);
63 ATF_TC_HEAD(settimeofday_success, tc)
65 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
66 "settimeofday(2) call");
69 ATF_TC_BODY(settimeofday_success, tc)
72 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
76 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
78 FILE *pipefd = setup(fds, auclass);
79 /* Setting the same time as obtained by gettimeofday(2) */
80 ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
81 check_audit(fds, adregex, pipefd);
84 ATF_TC_CLEANUP(settimeofday_success, tc)
90 ATF_TC_WITH_CLEANUP(settimeofday_failure);
91 ATF_TC_HEAD(settimeofday_failure, tc)
93 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
94 "settimeofday(2) call");
97 ATF_TC_BODY(settimeofday_failure, tc)
100 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
104 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
106 FILE *pipefd = setup(fds, auclass);
108 /* Failure reason: Invalid value for tp.tv_sec; */
109 ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
110 check_audit(fds, adregex, pipefd);
113 ATF_TC_CLEANUP(settimeofday_failure, tc)
119 ATF_TC_WITH_CLEANUP(clock_settime_success);
120 ATF_TC_HEAD(clock_settime_success, tc)
122 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
123 "clock_settime(2) call");
126 ATF_TC_BODY(clock_settime_success, tc)
129 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
132 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
134 FILE *pipefd = setup(fds, auclass);
135 /* Setting the same time as obtained by clock_gettime(2) */
136 ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
137 check_audit(fds, adregex, pipefd);
140 ATF_TC_CLEANUP(clock_settime_success, tc)
146 ATF_TC_WITH_CLEANUP(clock_settime_failure);
147 ATF_TC_HEAD(clock_settime_failure, tc)
149 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
150 "clock_settime(2) call");
153 ATF_TC_BODY(clock_settime_failure, tc)
156 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
159 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
161 FILE *pipefd = setup(fds, auclass);
162 /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
163 ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
164 check_audit(fds, adregex, pipefd);
167 ATF_TC_CLEANUP(clock_settime_failure, tc)
173 ATF_TC_WITH_CLEANUP(adjtime_success);
174 ATF_TC_HEAD(adjtime_success, tc)
176 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
180 ATF_TC_BODY(adjtime_success, tc)
183 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
185 FILE *pipefd = setup(fds, auclass);
186 /* We don't want to change the system time, hence NULL */
187 ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
188 check_audit(fds, adregex, pipefd);
191 ATF_TC_CLEANUP(adjtime_success, tc)
197 ATF_TC_WITH_CLEANUP(adjtime_failure);
198 ATF_TC_HEAD(adjtime_failure, tc)
200 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
204 ATF_TC_BODY(adjtime_failure, tc)
207 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
209 FILE *pipefd = setup(fds, auclass);
210 ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
211 check_audit(fds, adregex, pipefd);
214 ATF_TC_CLEANUP(adjtime_failure, tc)
220 ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
221 ATF_TC_HEAD(ntp_adjtime_success, tc)
223 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
224 "ntp_adjtime(2) call");
227 ATF_TC_BODY(ntp_adjtime_success, tc)
229 struct timex timebuff;
230 bzero(&timebuff, sizeof(timebuff));
233 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
235 FILE *pipefd = setup(fds, auclass);
236 ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
237 check_audit(fds, adregex, pipefd);
240 ATF_TC_CLEANUP(ntp_adjtime_success, tc)
246 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
247 ATF_TC_HEAD(ntp_adjtime_failure, tc)
249 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
250 "ntp_adjtime(2) call");
253 ATF_TC_BODY(ntp_adjtime_failure, tc)
256 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
258 FILE *pipefd = setup(fds, auclass);
259 ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
260 check_audit(fds, adregex, pipefd);
263 ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
269 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
270 ATF_TC_HEAD(nfs_getfh_success, tc)
272 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
276 ATF_TC_BODY(nfs_getfh_success, tc)
280 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
282 /* File needs to exist to call getfh(2) */
283 ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
284 FILE *pipefd = setup(fds, auclass);
285 ATF_REQUIRE_EQ(0, getfh(path, &fhp));
286 check_audit(fds, adregex, pipefd);
290 ATF_TC_CLEANUP(nfs_getfh_success, tc)
296 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
297 ATF_TC_HEAD(nfs_getfh_failure, tc)
299 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
303 ATF_TC_BODY(nfs_getfh_failure, tc)
306 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
308 FILE *pipefd = setup(fds, auclass);
309 /* Failure reason: file does not exist */
310 ATF_REQUIRE_EQ(-1, getfh(path, NULL));
311 check_audit(fds, adregex, pipefd);
314 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
320 ATF_TC_WITH_CLEANUP(auditctl_success);
321 ATF_TC_HEAD(auditctl_success, tc)
323 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
327 ATF_TC_BODY(auditctl_success, tc)
329 /* File needs to exist in order to call auditctl(2) */
330 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
331 FILE *pipefd = setup(fds, auclass);
332 ATF_REQUIRE_EQ(0, auditctl(path));
333 check_audit(fds, successreg, pipefd);
337 ATF_TC_CLEANUP(auditctl_success, tc)
340 * auditctl(2) disables audit log at /var/audit and initiates auditing
341 * at the configured path. To reset this, we need to stop and start the
342 * auditd(8) again. Here, we check if auditd(8) was running already
343 * before the test started. If so, we stop and start it again.
345 system("service auditd onestop > /dev/null 2>&1");
346 if (!atf_utils_file_exists("started_auditd"))
347 system("service auditd onestart > /dev/null 2>&1");
351 ATF_TC_WITH_CLEANUP(auditctl_failure);
352 ATF_TC_HEAD(auditctl_failure, tc)
354 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
358 ATF_TC_BODY(auditctl_failure, tc)
361 snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
363 FILE *pipefd = setup(fds, auclass);
364 /* Failure reason: file does not exist */
365 ATF_REQUIRE_EQ(-1, auditctl(NULL));
366 check_audit(fds, adregex, pipefd);
369 ATF_TC_CLEANUP(auditctl_failure, tc)
375 ATF_TC_WITH_CLEANUP(acct_success);
376 ATF_TC_HEAD(acct_success, tc)
378 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
382 ATF_TC_BODY(acct_success, tc)
384 int acctinfo, filedesc2;
385 size_t len = sizeof(acctinfo);
386 const char *acctname = "kern.acct_configured";
387 ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
389 /* File needs to exist to start system accounting */
390 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
393 * acctinfo = 0: System accounting was disabled
394 * acctinfo = 1: System accounting was enabled
397 ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
402 snprintf(adregex, sizeof(adregex),
403 "acct.*%s.*%d.*return,success", path, pid);
406 * We temporarily switch the accounting record to a file at
407 * our own configured path in order to confirm acct(2)'s successful
408 * auditing. Then we set everything back to its original state.
410 FILE *pipefd = setup(fds, auclass);
411 ATF_REQUIRE_EQ(0, acct(path));
412 check_audit(fds, adregex, pipefd);
416 ATF_TC_CLEANUP(acct_success, tc)
418 /* Reset accounting configured path */
419 ATF_REQUIRE_EQ(0, system("service accounting onestop"));
420 if (atf_utils_file_exists("acct_ok")) {
421 ATF_REQUIRE_EQ(0, system("service accounting onestart"));
427 ATF_TC_WITH_CLEANUP(acct_failure);
428 ATF_TC_HEAD(acct_failure, tc)
430 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
434 ATF_TC_BODY(acct_failure, tc)
437 snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
439 FILE *pipefd = setup(fds, auclass);
440 /* Failure reason: File does not exist */
441 ATF_REQUIRE_EQ(-1, acct(path));
442 check_audit(fds, adregex, pipefd);
445 ATF_TC_CLEANUP(acct_failure, tc)
451 ATF_TC_WITH_CLEANUP(getauid_success);
452 ATF_TC_HEAD(getauid_success, tc)
454 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
458 ATF_TC_BODY(getauid_success, tc)
462 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
464 FILE *pipefd = setup(fds, auclass);
465 ATF_REQUIRE_EQ(0, getauid(&auid));
466 check_audit(fds, adregex, pipefd);
469 ATF_TC_CLEANUP(getauid_success, tc)
475 ATF_TC_WITH_CLEANUP(getauid_failure);
476 ATF_TC_HEAD(getauid_failure, tc)
478 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
482 ATF_TC_BODY(getauid_failure, tc)
485 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
487 FILE *pipefd = setup(fds, auclass);
488 /* Failure reason: Bad address */
489 ATF_REQUIRE_EQ(-1, getauid(NULL));
490 check_audit(fds, adregex, pipefd);
493 ATF_TC_CLEANUP(getauid_failure, tc)
499 ATF_TC_WITH_CLEANUP(setauid_success);
500 ATF_TC_HEAD(setauid_success, tc)
502 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
506 ATF_TC_BODY(setauid_success, tc)
510 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
511 ATF_REQUIRE_EQ(0, getauid(&auid));
513 FILE *pipefd = setup(fds, auclass);
514 ATF_REQUIRE_EQ(0, setauid(&auid));
515 check_audit(fds, adregex, pipefd);
518 ATF_TC_CLEANUP(setauid_success, tc)
524 ATF_TC_WITH_CLEANUP(setauid_failure);
525 ATF_TC_HEAD(setauid_failure, tc)
527 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
531 ATF_TC_BODY(setauid_failure, tc)
534 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
536 FILE *pipefd = setup(fds, auclass);
537 /* Failure reason: Bad address */
538 ATF_REQUIRE_EQ(-1, setauid(NULL));
539 check_audit(fds, adregex, pipefd);
542 ATF_TC_CLEANUP(setauid_failure, tc)
548 ATF_TC_WITH_CLEANUP(getaudit_success);
549 ATF_TC_HEAD(getaudit_success, tc)
551 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
555 ATF_TC_BODY(getaudit_success, tc)
558 auditinfo_t auditinfo;
559 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
561 FILE *pipefd = setup(fds, auclass);
562 ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
563 check_audit(fds, adregex, pipefd);
566 ATF_TC_CLEANUP(getaudit_success, tc)
572 ATF_TC_WITH_CLEANUP(getaudit_failure);
573 ATF_TC_HEAD(getaudit_failure, tc)
575 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
579 ATF_TC_BODY(getaudit_failure, tc)
582 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
584 FILE *pipefd = setup(fds, auclass);
585 /* Failure reason: Bad address */
586 ATF_REQUIRE_EQ(-1, getaudit(NULL));
587 check_audit(fds, adregex, pipefd);
590 ATF_TC_CLEANUP(getaudit_failure, tc)
596 ATF_TC_WITH_CLEANUP(setaudit_success);
597 ATF_TC_HEAD(setaudit_success, tc)
599 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
603 ATF_TC_BODY(setaudit_success, tc)
606 auditinfo_t auditinfo;
607 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
608 ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
610 FILE *pipefd = setup(fds, auclass);
611 ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
612 check_audit(fds, adregex, pipefd);
615 ATF_TC_CLEANUP(setaudit_success, tc)
621 ATF_TC_WITH_CLEANUP(setaudit_failure);
622 ATF_TC_HEAD(setaudit_failure, tc)
624 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
628 ATF_TC_BODY(setaudit_failure, tc)
631 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
633 FILE *pipefd = setup(fds, auclass);
634 /* Failure reason: Bad address */
635 ATF_REQUIRE_EQ(-1, setaudit(NULL));
636 check_audit(fds, adregex, pipefd);
639 ATF_TC_CLEANUP(setaudit_failure, tc)
645 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
646 ATF_TC_HEAD(getaudit_addr_success, tc)
648 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
649 "getaudit_addr(2) call");
652 ATF_TC_BODY(getaudit_addr_success, tc)
655 auditinfo_addr_t auditinfo;
656 snprintf(adregex, sizeof(adregex),
657 "getaudit_addr.*%d.*return,success", pid);
659 FILE *pipefd = setup(fds, auclass);
660 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
661 check_audit(fds, adregex, pipefd);
664 ATF_TC_CLEANUP(getaudit_addr_success, tc)
670 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
671 ATF_TC_HEAD(getaudit_addr_failure, tc)
673 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
674 "getaudit_addr(2) call");
677 ATF_TC_BODY(getaudit_addr_failure, tc)
680 snprintf(adregex, sizeof(adregex),
681 "getaudit_addr.*%d.*return,failure", pid);
683 FILE *pipefd = setup(fds, auclass);
684 /* Failure reason: Bad address */
685 ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
686 check_audit(fds, adregex, pipefd);
689 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
695 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
696 ATF_TC_HEAD(setaudit_addr_success, tc)
698 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
699 "setaudit_addr(2) call");
702 ATF_TC_BODY(setaudit_addr_success, tc)
705 auditinfo_addr_t auditinfo;
706 snprintf(adregex, sizeof(adregex),
707 "setaudit_addr.*%d.*return,success", pid);
709 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
710 FILE *pipefd = setup(fds, auclass);
711 ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
712 check_audit(fds, adregex, pipefd);
715 ATF_TC_CLEANUP(setaudit_addr_success, tc)
721 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
722 ATF_TC_HEAD(setaudit_addr_failure, tc)
724 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
725 "setaudit_addr(2) call");
728 ATF_TC_BODY(setaudit_addr_failure, tc)
731 snprintf(adregex, sizeof(adregex),
732 "setaudit_addr.*%d.*return,failure", pid);
734 FILE *pipefd = setup(fds, auclass);
735 /* Failure reason: Bad address */
736 ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
737 check_audit(fds, adregex, pipefd);
740 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
746 * Note: The test-case uses A_GETFSIZE as the command argument but since it is
747 * not an independent audit event, it will be used to check the default mode
748 * auditing of auditon(2) system call.
750 * Please See: sys/security/audit/audit_bsm_klib.c
751 * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
753 ATF_TC_WITH_CLEANUP(auditon_default_success);
754 ATF_TC_HEAD(auditon_default_success, tc)
756 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
760 ATF_TC_BODY(auditon_default_success, tc)
762 au_fstat_t fsize_arg;
763 bzero(&fsize_arg, sizeof(au_fstat_t));
766 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
768 FILE *pipefd = setup(fds, auclass);
769 ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
770 check_audit(fds, adregex, pipefd);
773 ATF_TC_CLEANUP(auditon_default_success, tc)
779 ATF_TC_WITH_CLEANUP(auditon_default_failure);
780 ATF_TC_HEAD(auditon_default_failure, tc)
782 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
786 ATF_TC_BODY(auditon_default_failure, tc)
789 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
791 FILE *pipefd = setup(fds, auclass);
792 /* Failure reason: Invalid argument */
793 ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
794 check_audit(fds, adregex, pipefd);
797 ATF_TC_CLEANUP(auditon_default_failure, tc)
803 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
804 ATF_TC_HEAD(auditon_getpolicy_success, tc)
806 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
807 "auditon(2) call for cmd: A_GETPOLICY");
810 ATF_TC_BODY(auditon_getpolicy_success, tc)
814 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
816 FILE *pipefd = setup(fds, auclass);
817 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
818 check_audit(fds, adregex, pipefd);
821 ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
827 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
828 ATF_TC_HEAD(auditon_getpolicy_failure, tc)
830 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
831 "auditon(2) call for cmd: A_GETPOLICY");
834 ATF_TC_BODY(auditon_getpolicy_failure, tc)
837 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
839 FILE *pipefd = setup(fds, auclass);
840 /* Failure reason: Invalid argument */
841 ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
842 check_audit(fds, adregex, pipefd);
845 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
851 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
852 ATF_TC_HEAD(auditon_setpolicy_success, tc)
854 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
855 "auditon(2) call for cmd: A_SETPOLICY");
858 ATF_TC_BODY(auditon_setpolicy_success, tc)
862 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
864 /* Retrieve the current auditing policy, to be used with A_SETPOLICY */
865 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
866 FILE *pipefd = setup(fds, auclass);
867 ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
868 check_audit(fds, adregex, pipefd);
871 ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
877 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
878 ATF_TC_HEAD(auditon_setpolicy_failure, tc)
880 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
881 "auditon(2) call for cmd: A_SETPOLICY");
884 ATF_TC_BODY(auditon_setpolicy_failure, tc)
887 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
889 FILE *pipefd = setup(fds, auclass);
890 /* Failure reason: Invalid argument */
891 ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
892 check_audit(fds, adregex, pipefd);
895 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
901 ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
902 ATF_TC_HEAD(auditon_getkmask_success, tc)
904 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
905 "auditon(2) call for cmd: A_GETKMASK");
908 ATF_TC_BODY(auditon_getkmask_success, tc)
912 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
914 bzero(&evmask, sizeof(evmask));
915 FILE *pipefd = setup(fds, auclass);
916 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
917 check_audit(fds, adregex, pipefd);
920 ATF_TC_CLEANUP(auditon_getkmask_success, tc)
926 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
927 ATF_TC_HEAD(auditon_getkmask_failure, tc)
929 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
930 "auditon(2) call for cmd: A_GETKMASK");
933 ATF_TC_BODY(auditon_getkmask_failure, tc)
936 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
938 FILE *pipefd = setup(fds, auclass);
939 /* Failure reason: Invalid au_mask_t structure */
940 ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
941 check_audit(fds, adregex, pipefd);
944 ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
950 ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
951 ATF_TC_HEAD(auditon_setkmask_success, tc)
953 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
954 "auditon(2) call for cmd: A_SETKMASK");
957 ATF_TC_BODY(auditon_setkmask_success, tc)
961 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
963 /* Retrieve the current audit mask to be used with A_SETKMASK */
964 bzero(&evmask, sizeof(evmask));
965 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
967 FILE *pipefd = setup(fds, auclass);
968 ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
969 check_audit(fds, adregex, pipefd);
972 ATF_TC_CLEANUP(auditon_setkmask_success, tc)
978 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
979 ATF_TC_HEAD(auditon_setkmask_failure, tc)
981 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
982 "auditon(2) call for cmd: A_SETKMASK");
985 ATF_TC_BODY(auditon_setkmask_failure, tc)
988 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
990 FILE *pipefd = setup(fds, auclass);
991 /* Failure reason: Invalid au_mask_t structure */
992 ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
993 check_audit(fds, adregex, pipefd);
996 ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
1002 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
1003 ATF_TC_HEAD(auditon_getqctrl_success, tc)
1005 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1006 "auditon(2) call for cmd: A_GETQCTRL");
1009 ATF_TC_BODY(auditon_getqctrl_success, tc)
1013 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1015 bzero(&evqctrl, sizeof(evqctrl));
1016 FILE *pipefd = setup(fds, auclass);
1017 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1018 check_audit(fds, adregex, pipefd);
1021 ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1027 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
1028 ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1030 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1031 "auditon(2) call for cmd: A_GETQCTRL");
1034 ATF_TC_BODY(auditon_getqctrl_failure, tc)
1037 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1039 FILE *pipefd = setup(fds, auclass);
1040 /* Failure reason: Invalid au_qctrl_t structure */
1041 ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1042 check_audit(fds, adregex, pipefd);
1045 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1051 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
1052 ATF_TC_HEAD(auditon_setqctrl_success, tc)
1054 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1055 "auditon(2) call for cmd: A_SETKMASK");
1058 ATF_TC_BODY(auditon_setqctrl_success, tc)
1062 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1064 /* Retrieve the current audit mask to be used with A_SETQCTRL */
1065 bzero(&evqctrl, sizeof(evqctrl));
1066 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1068 FILE *pipefd = setup(fds, auclass);
1069 ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1070 check_audit(fds, adregex, pipefd);
1073 ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1079 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
1080 ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1082 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1083 "auditon(2) call for cmd: A_SETKMASK");
1086 ATF_TC_BODY(auditon_setqctrl_failure, tc)
1089 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1091 FILE *pipefd = setup(fds, auclass);
1092 /* Failure reason: Invalid au_qctrl_t structure */
1093 ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1094 check_audit(fds, adregex, pipefd);
1097 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1103 ATF_TC_WITH_CLEANUP(auditon_getclass_success);
1104 ATF_TC_HEAD(auditon_getclass_success, tc)
1106 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1107 "auditon(2) call for cmd: A_GETCLASS");
1110 ATF_TC_BODY(auditon_getclass_success, tc)
1113 au_evclass_map_t evclass;
1114 snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1116 /* Initialize evclass to get the event-class mapping for auditon(2) */
1117 evclass.ec_number = AUE_AUDITON;
1118 evclass.ec_class = 0;
1119 FILE *pipefd = setup(fds, auclass);
1120 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1121 check_audit(fds, adregex, pipefd);
1124 ATF_TC_CLEANUP(auditon_getclass_success, tc)
1130 ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
1131 ATF_TC_HEAD(auditon_getclass_failure, tc)
1133 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1134 "auditon(2) call for cmd: A_GETCLASS");
1137 ATF_TC_BODY(auditon_getclass_failure, tc)
1140 snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1142 FILE *pipefd = setup(fds, auclass);
1143 /* Failure reason: Invalid au_evclass_map_t structure */
1144 ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1145 check_audit(fds, adregex, pipefd);
1148 ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1154 ATF_TC_WITH_CLEANUP(auditon_setclass_success);
1155 ATF_TC_HEAD(auditon_setclass_success, tc)
1157 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1158 "auditon(2) call for cmd: A_SETCLASS");
1161 ATF_TC_BODY(auditon_setclass_success, tc)
1164 au_evclass_map_t evclass;
1165 snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1167 /* Initialize evclass and get the event-class mapping for auditon(2) */
1168 evclass.ec_number = AUE_AUDITON;
1169 evclass.ec_class = 0;
1170 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1172 FILE *pipefd = setup(fds, auclass);
1173 ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1174 check_audit(fds, adregex, pipefd);
1177 ATF_TC_CLEANUP(auditon_setclass_success, tc)
1183 ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
1184 ATF_TC_HEAD(auditon_setclass_failure, tc)
1186 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1187 "auditon(2) call for cmd: A_SETCLASS");
1190 ATF_TC_BODY(auditon_setclass_failure, tc)
1193 snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1195 FILE *pipefd = setup(fds, auclass);
1196 /* Failure reason: Invalid au_evclass_map_t structure */
1197 ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1198 check_audit(fds, adregex, pipefd);
1201 ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1207 ATF_TC_WITH_CLEANUP(auditon_getcond_success);
1208 ATF_TC_HEAD(auditon_getcond_success, tc)
1210 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1211 "auditon(2) call for cmd: A_GETCOND");
1214 ATF_TC_BODY(auditon_getcond_success, tc)
1218 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1220 FILE *pipefd = setup(fds, auclass);
1221 ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1222 check_audit(fds, adregex, pipefd);
1225 ATF_TC_CLEANUP(auditon_getcond_success, tc)
1231 ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
1232 ATF_TC_HEAD(auditon_getcond_failure, tc)
1234 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1235 "auditon(2) call for cmd: A_GETCOND");
1238 ATF_TC_BODY(auditon_getcond_failure, tc)
1241 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1243 FILE *pipefd = setup(fds, auclass);
1244 /* Failure reason: Invalid argument */
1245 ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1246 check_audit(fds, adregex, pipefd);
1249 ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1255 ATF_TC_WITH_CLEANUP(auditon_setcond_success);
1256 ATF_TC_HEAD(auditon_setcond_success, tc)
1258 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1259 "auditon(2) call for cmd: A_SETCOND");
1262 ATF_TC_BODY(auditon_setcond_success, tc)
1264 int auditcond = AUC_AUDITING;
1266 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1268 FILE *pipefd = setup(fds, auclass);
1269 /* At this point auditd is running, so the audit state is AUC_AUDITING */
1270 ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1271 check_audit(fds, adregex, pipefd);
1274 ATF_TC_CLEANUP(auditon_setcond_success, tc)
1280 ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
1281 ATF_TC_HEAD(auditon_setcond_failure, tc)
1283 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1284 "auditon(2) call for cmd: A_SETCOND");
1287 ATF_TC_BODY(auditon_setcond_failure, tc)
1290 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1292 FILE *pipefd = setup(fds, auclass);
1293 /* Failure reason: Invalid argument */
1294 ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1295 check_audit(fds, adregex, pipefd);
1298 ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1304 * Following test-cases for auditon(2) are all in failure mode only as although
1305 * auditable, they have not been implemented and return ENOSYS whenever called.
1307 * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK
1310 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
1311 ATF_TC_HEAD(auditon_getcwd_failure, tc)
1313 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1314 "auditon(2) call for cmd: A_GETCWD");
1317 ATF_TC_BODY(auditon_getcwd_failure, tc)
1320 snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1322 FILE *pipefd = setup(fds, auclass);
1323 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1324 sizeof(auditon_def)) == -1);
1325 check_audit(fds, adregex, pipefd);
1328 ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1334 ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
1335 ATF_TC_HEAD(auditon_getcar_failure, tc)
1337 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1338 "auditon(2) call for cmd: A_GETCAR");
1341 ATF_TC_BODY(auditon_getcar_failure, tc)
1344 snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1346 FILE *pipefd = setup(fds, auclass);
1347 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1348 sizeof(auditon_def)) == -1);
1349 check_audit(fds, adregex, pipefd);
1352 ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1358 ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
1359 ATF_TC_HEAD(auditon_getstat_failure, tc)
1361 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1362 "auditon(2) call for cmd: A_GETSTAT");
1365 ATF_TC_BODY(auditon_getstat_failure, tc)
1368 snprintf(adregex, sizeof(adregex),
1369 "get audit statistics.*%d.*return,failure", pid);
1371 FILE *pipefd = setup(fds, auclass);
1372 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1373 sizeof(auditon_def)) == -1);
1374 check_audit(fds, adregex, pipefd);
1377 ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1383 ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
1384 ATF_TC_HEAD(auditon_setstat_failure, tc)
1386 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1387 "auditon(2) call for cmd: A_SETSTAT");
1390 ATF_TC_BODY(auditon_setstat_failure, tc)
1393 snprintf(adregex, sizeof(adregex),
1394 "set audit statistics.*%d.*return,failure", pid);
1396 FILE *pipefd = setup(fds, auclass);
1397 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1398 sizeof(auditon_def)) == -1);
1399 check_audit(fds, adregex, pipefd);
1402 ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1408 ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
1409 ATF_TC_HEAD(auditon_setumask_failure, tc)
1411 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1412 "auditon(2) call for cmd: A_SETUMASK");
1415 ATF_TC_BODY(auditon_setumask_failure, tc)
1418 snprintf(adregex, sizeof(adregex),
1419 "set mask per uid.*%d.*return,failure", pid);
1421 FILE *pipefd = setup(fds, auclass);
1422 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1423 sizeof(auditon_def)) == -1);
1424 check_audit(fds, adregex, pipefd);
1427 ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1433 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
1434 ATF_TC_HEAD(auditon_setsmask_failure, tc)
1436 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1437 "auditon(2) call for cmd: A_SETSMASK");
1440 ATF_TC_BODY(auditon_setsmask_failure, tc)
1443 snprintf(adregex, sizeof(adregex),
1444 "set mask per session.*%d.*return,failure", pid);
1446 FILE *pipefd = setup(fds, auclass);
1447 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1448 sizeof(auditon_def)) == -1);
1449 check_audit(fds, adregex, pipefd);
1452 ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1459 * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1460 * to reboot the system while running the tests
1464 ATF_TC_WITH_CLEANUP(reboot_failure);
1465 ATF_TC_HEAD(reboot_failure, tc)
1467 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1471 ATF_TC_BODY(reboot_failure, tc)
1474 snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1476 FILE *pipefd = setup(fds, auclass);
1477 ATF_REQUIRE_EQ(-1, reboot(-1));
1478 check_audit(fds, adregex, pipefd);
1481 ATF_TC_CLEANUP(reboot_failure, tc)
1488 * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1489 * to tamper with filesystem quotas
1493 ATF_TC_WITH_CLEANUP(quotactl_failure);
1494 ATF_TC_HEAD(quotactl_failure, tc)
1496 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1497 "quotactl(2) call");
1500 ATF_TC_BODY(quotactl_failure, tc)
1503 snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1505 FILE *pipefd = setup(fds, auclass);
1506 ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1507 check_audit(fds, adregex, pipefd);
1510 ATF_TC_CLEANUP(quotactl_failure, tc)
1516 ATF_TC_WITH_CLEANUP(mount_failure);
1517 ATF_TC_HEAD(mount_failure, tc)
1519 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1523 ATF_TC_BODY(mount_failure, tc)
1526 snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1528 FILE *pipefd = setup(fds, auclass);
1529 ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1530 check_audit(fds, adregex, pipefd);
1533 ATF_TC_CLEANUP(mount_failure, tc)
1539 ATF_TC_WITH_CLEANUP(nmount_failure);
1540 ATF_TC_HEAD(nmount_failure, tc)
1542 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1546 ATF_TC_BODY(nmount_failure, tc)
1549 snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1551 FILE *pipefd = setup(fds, auclass);
1552 ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1553 check_audit(fds, adregex, pipefd);
1556 ATF_TC_CLEANUP(nmount_failure, tc)
1562 ATF_TC_WITH_CLEANUP(swapon_failure);
1563 ATF_TC_HEAD(swapon_failure, tc)
1565 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1569 ATF_TC_BODY(swapon_failure, tc)
1572 snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1574 FILE *pipefd = setup(fds, auclass);
1575 /* Failure reason: Block device required */
1576 ATF_REQUIRE_EQ(-1, swapon(path));
1577 check_audit(fds, adregex, pipefd);
1580 ATF_TC_CLEANUP(swapon_failure, tc)
1586 ATF_TC_WITH_CLEANUP(swapoff_failure);
1587 ATF_TC_HEAD(swapoff_failure, tc)
1589 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1593 ATF_TC_BODY(swapoff_failure, tc)
1596 snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1598 FILE *pipefd = setup(fds, auclass);
1599 /* Failure reason: Block device required */
1600 ATF_REQUIRE_EQ(-1, swapoff(path));
1601 check_audit(fds, adregex, pipefd);
1604 ATF_TC_CLEANUP(swapoff_failure, tc)
1612 ATF_TP_ADD_TC(tp, settimeofday_success);
1613 ATF_TP_ADD_TC(tp, settimeofday_failure);
1614 ATF_TP_ADD_TC(tp, clock_settime_success);
1615 ATF_TP_ADD_TC(tp, clock_settime_failure);
1616 ATF_TP_ADD_TC(tp, adjtime_success);
1617 ATF_TP_ADD_TC(tp, adjtime_failure);
1618 ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1619 ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1621 ATF_TP_ADD_TC(tp, nfs_getfh_success);
1622 ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1623 ATF_TP_ADD_TC(tp, acct_success);
1624 ATF_TP_ADD_TC(tp, acct_failure);
1625 ATF_TP_ADD_TC(tp, auditctl_success);
1626 ATF_TP_ADD_TC(tp, auditctl_failure);
1628 ATF_TP_ADD_TC(tp, getauid_success);
1629 ATF_TP_ADD_TC(tp, getauid_failure);
1630 ATF_TP_ADD_TC(tp, setauid_success);
1631 ATF_TP_ADD_TC(tp, setauid_failure);
1633 ATF_TP_ADD_TC(tp, getaudit_success);
1634 ATF_TP_ADD_TC(tp, getaudit_failure);
1635 ATF_TP_ADD_TC(tp, setaudit_success);
1636 ATF_TP_ADD_TC(tp, setaudit_failure);
1638 ATF_TP_ADD_TC(tp, getaudit_addr_success);
1639 ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1640 ATF_TP_ADD_TC(tp, setaudit_addr_success);
1641 ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1643 ATF_TP_ADD_TC(tp, auditon_default_success);
1644 ATF_TP_ADD_TC(tp, auditon_default_failure);
1646 ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1647 ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1648 ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1649 ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1651 ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1652 ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1653 ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1654 ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1656 ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1657 ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1658 ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1659 ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1661 ATF_TP_ADD_TC(tp, auditon_getclass_success);
1662 ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1663 ATF_TP_ADD_TC(tp, auditon_setclass_success);
1664 ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1666 ATF_TP_ADD_TC(tp, auditon_getcond_success);
1667 ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1668 ATF_TP_ADD_TC(tp, auditon_setcond_success);
1669 ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1671 ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1672 ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1673 ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1674 ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1675 ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1676 ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1678 ATF_TP_ADD_TC(tp, reboot_failure);
1679 ATF_TP_ADD_TC(tp, quotactl_failure);
1680 ATF_TP_ADD_TC(tp, mount_failure);
1681 ATF_TP_ADD_TC(tp, nmount_failure);
1682 ATF_TP_ADD_TC(tp, swapon_failure);
1683 ATF_TP_ADD_TC(tp, swapoff_failure);
1685 return (atf_no_error());