2 * Copyright (c) 2018 Aniket Pandey
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 #include <sys/param.h>
29 #include <sys/mount.h>
30 #include <sys/reboot.h>
32 #include <sys/sysctl.h>
34 #include <sys/timespec.h>
35 #include <sys/timex.h>
37 #include <bsm/audit.h>
38 #include <bsm/audit_kevents.h>
39 #include <ufs/ufs/quota.h>
52 /* Default argument for handling ENOSYS in auditon(2) functions */
53 static int auditon_def = 0;
54 static mode_t mode = 0777;
55 static struct pollfd fds[1];
56 static char adregex[80];
57 static const char *auclass = "ad";
58 static const char *path = "fileforaudit";
59 static const char *successreg = "fileforaudit.*return,success";
62 ATF_TC_WITH_CLEANUP(settimeofday_success);
63 ATF_TC_HEAD(settimeofday_success, tc)
65 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
66 "settimeofday(2) call");
69 ATF_TC_BODY(settimeofday_success, tc)
72 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
76 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
78 FILE *pipefd = setup(fds, auclass);
79 /* Setting the same time as obtained by gettimeofday(2) */
80 ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
81 check_audit(fds, adregex, pipefd);
84 ATF_TC_CLEANUP(settimeofday_success, tc)
90 ATF_TC_WITH_CLEANUP(settimeofday_failure);
91 ATF_TC_HEAD(settimeofday_failure, tc)
93 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
94 "settimeofday(2) call");
97 ATF_TC_BODY(settimeofday_failure, tc)
100 snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
104 ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
106 FILE *pipefd = setup(fds, auclass);
108 /* Failure reason: Invalid value for tp.tv_sec; */
109 ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
110 check_audit(fds, adregex, pipefd);
113 ATF_TC_CLEANUP(settimeofday_failure, tc)
119 ATF_TC_WITH_CLEANUP(clock_settime_success);
120 ATF_TC_HEAD(clock_settime_success, tc)
122 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
123 "clock_settime(2) call");
126 ATF_TC_BODY(clock_settime_success, tc)
129 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
132 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
134 FILE *pipefd = setup(fds, auclass);
135 /* Setting the same time as obtained by clock_gettime(2) */
136 ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
137 check_audit(fds, adregex, pipefd);
140 ATF_TC_CLEANUP(clock_settime_success, tc)
146 ATF_TC_WITH_CLEANUP(clock_settime_failure);
147 ATF_TC_HEAD(clock_settime_failure, tc)
149 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
150 "clock_settime(2) call");
153 ATF_TC_BODY(clock_settime_failure, tc)
156 snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
159 ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
161 FILE *pipefd = setup(fds, auclass);
162 /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
163 ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
164 check_audit(fds, adregex, pipefd);
167 ATF_TC_CLEANUP(clock_settime_failure, tc)
173 ATF_TC_WITH_CLEANUP(adjtime_success);
174 ATF_TC_HEAD(adjtime_success, tc)
176 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
180 ATF_TC_BODY(adjtime_success, tc)
183 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
185 FILE *pipefd = setup(fds, auclass);
186 /* We don't want to change the system time, hence NULL */
187 ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
188 check_audit(fds, adregex, pipefd);
191 ATF_TC_CLEANUP(adjtime_success, tc)
197 ATF_TC_WITH_CLEANUP(adjtime_failure);
198 ATF_TC_HEAD(adjtime_failure, tc)
200 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
204 ATF_TC_BODY(adjtime_failure, tc)
207 snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
209 FILE *pipefd = setup(fds, auclass);
210 ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
211 check_audit(fds, adregex, pipefd);
214 ATF_TC_CLEANUP(adjtime_failure, tc)
220 ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
221 ATF_TC_HEAD(ntp_adjtime_success, tc)
223 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
224 "ntp_adjtime(2) call");
227 ATF_TC_BODY(ntp_adjtime_success, tc)
229 struct timex timebuff;
230 bzero(&timebuff, sizeof(timebuff));
233 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
235 FILE *pipefd = setup(fds, auclass);
236 ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
237 check_audit(fds, adregex, pipefd);
240 ATF_TC_CLEANUP(ntp_adjtime_success, tc)
246 ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
247 ATF_TC_HEAD(ntp_adjtime_failure, tc)
249 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
250 "ntp_adjtime(2) call");
253 ATF_TC_BODY(ntp_adjtime_failure, tc)
256 snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
258 FILE *pipefd = setup(fds, auclass);
259 ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
260 check_audit(fds, adregex, pipefd);
263 ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
269 ATF_TC_WITH_CLEANUP(nfs_getfh_success);
270 ATF_TC_HEAD(nfs_getfh_success, tc)
272 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
276 ATF_TC_BODY(nfs_getfh_success, tc)
280 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
282 /* File needs to exist to call getfh(2) */
283 ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
284 FILE *pipefd = setup(fds, auclass);
285 ATF_REQUIRE_EQ(0, getfh(path, &fhp));
286 check_audit(fds, adregex, pipefd);
290 ATF_TC_CLEANUP(nfs_getfh_success, tc)
296 ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
297 ATF_TC_HEAD(nfs_getfh_failure, tc)
299 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
303 ATF_TC_BODY(nfs_getfh_failure, tc)
306 snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
308 FILE *pipefd = setup(fds, auclass);
309 /* Failure reason: file does not exist */
310 ATF_REQUIRE_EQ(-1, getfh(path, NULL));
311 check_audit(fds, adregex, pipefd);
314 ATF_TC_CLEANUP(nfs_getfh_failure, tc)
320 ATF_TC_WITH_CLEANUP(auditctl_success);
321 ATF_TC_HEAD(auditctl_success, tc)
323 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
327 ATF_TC_BODY(auditctl_success, tc)
329 /* File needs to exist in order to call auditctl(2) */
330 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
331 FILE *pipefd = setup(fds, auclass);
332 ATF_REQUIRE_EQ(0, auditctl(path));
333 check_audit(fds, successreg, pipefd);
337 ATF_TC_CLEANUP(auditctl_success, tc)
340 * auditctl(2) disables audit log at /var/audit and initiates auditing
341 * at the configured path. To reset this, we need to stop and start the
342 * auditd(8) again. Here, we check if auditd(8) was running already
343 * before the test started. If so, we stop and start it again.
345 * TODO: should we skip this test if auditd(8) is already running to
346 * avoid restarting it?
348 if (!atf_utils_file_exists("started_fake_auditd")) {
349 system("service auditd onestop > /dev/null 2>&1");
350 system("service auditd onestart > /dev/null 2>&1");
357 ATF_TC_WITH_CLEANUP(auditctl_failure);
358 ATF_TC_HEAD(auditctl_failure, tc)
360 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
364 ATF_TC_BODY(auditctl_failure, tc)
367 snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
369 FILE *pipefd = setup(fds, auclass);
370 /* Failure reason: file does not exist */
371 ATF_REQUIRE_EQ(-1, auditctl(NULL));
372 check_audit(fds, adregex, pipefd);
375 ATF_TC_CLEANUP(auditctl_failure, tc)
381 ATF_TC_WITH_CLEANUP(acct_success);
382 ATF_TC_HEAD(acct_success, tc)
384 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
386 atf_tc_set_md_var(tc, "require.files",
387 "/etc/rc.d/accounting /etc/rc.d/auditd");
390 ATF_TC_BODY(acct_success, tc)
392 int acctinfo, filedesc2;
393 size_t len = sizeof(acctinfo);
394 const char *acctname = "kern.acct_configured";
395 ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
397 /* File needs to exist to start system accounting */
398 ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
401 * acctinfo = 0: System accounting was disabled
402 * acctinfo = 1: System accounting was enabled
405 ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
410 snprintf(adregex, sizeof(adregex),
411 "acct.*%s.*%d.*return,success", path, pid);
414 * We temporarily switch the accounting record to a file at
415 * our own configured path in order to confirm acct(2)'s successful
416 * auditing. Then we set everything back to its original state.
418 FILE *pipefd = setup(fds, auclass);
419 ATF_REQUIRE_EQ(0, acct(path));
420 check_audit(fds, adregex, pipefd);
424 ATF_TC_CLEANUP(acct_success, tc)
426 /* Reset accounting configured path */
427 ATF_REQUIRE_EQ(0, system("service accounting onestop"));
428 if (atf_utils_file_exists("acct_ok")) {
429 ATF_REQUIRE_EQ(0, system("service accounting onestart"));
435 ATF_TC_WITH_CLEANUP(acct_failure);
436 ATF_TC_HEAD(acct_failure, tc)
438 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
442 ATF_TC_BODY(acct_failure, tc)
445 snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
447 FILE *pipefd = setup(fds, auclass);
448 /* Failure reason: File does not exist */
449 ATF_REQUIRE_EQ(-1, acct(path));
450 check_audit(fds, adregex, pipefd);
453 ATF_TC_CLEANUP(acct_failure, tc)
459 ATF_TC_WITH_CLEANUP(getauid_success);
460 ATF_TC_HEAD(getauid_success, tc)
462 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
466 ATF_TC_BODY(getauid_success, tc)
470 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
472 FILE *pipefd = setup(fds, auclass);
473 ATF_REQUIRE_EQ(0, getauid(&auid));
474 check_audit(fds, adregex, pipefd);
477 ATF_TC_CLEANUP(getauid_success, tc)
483 ATF_TC_WITH_CLEANUP(getauid_failure);
484 ATF_TC_HEAD(getauid_failure, tc)
486 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
490 ATF_TC_BODY(getauid_failure, tc)
493 snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
495 FILE *pipefd = setup(fds, auclass);
496 /* Failure reason: Bad address */
497 ATF_REQUIRE_EQ(-1, getauid(NULL));
498 check_audit(fds, adregex, pipefd);
501 ATF_TC_CLEANUP(getauid_failure, tc)
507 ATF_TC_WITH_CLEANUP(setauid_success);
508 ATF_TC_HEAD(setauid_success, tc)
510 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
514 ATF_TC_BODY(setauid_success, tc)
518 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
519 ATF_REQUIRE_EQ(0, getauid(&auid));
521 FILE *pipefd = setup(fds, auclass);
522 ATF_REQUIRE_EQ(0, setauid(&auid));
523 check_audit(fds, adregex, pipefd);
526 ATF_TC_CLEANUP(setauid_success, tc)
532 ATF_TC_WITH_CLEANUP(setauid_failure);
533 ATF_TC_HEAD(setauid_failure, tc)
535 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
539 ATF_TC_BODY(setauid_failure, tc)
542 snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
544 FILE *pipefd = setup(fds, auclass);
545 /* Failure reason: Bad address */
546 ATF_REQUIRE_EQ(-1, setauid(NULL));
547 check_audit(fds, adregex, pipefd);
550 ATF_TC_CLEANUP(setauid_failure, tc)
556 ATF_TC_WITH_CLEANUP(getaudit_success);
557 ATF_TC_HEAD(getaudit_success, tc)
559 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
563 ATF_TC_BODY(getaudit_success, tc)
566 auditinfo_t auditinfo;
567 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
569 FILE *pipefd = setup(fds, auclass);
570 ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
571 check_audit(fds, adregex, pipefd);
574 ATF_TC_CLEANUP(getaudit_success, tc)
580 ATF_TC_WITH_CLEANUP(getaudit_failure);
581 ATF_TC_HEAD(getaudit_failure, tc)
583 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
587 ATF_TC_BODY(getaudit_failure, tc)
590 snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
592 FILE *pipefd = setup(fds, auclass);
593 /* Failure reason: Bad address */
594 ATF_REQUIRE_EQ(-1, getaudit(NULL));
595 check_audit(fds, adregex, pipefd);
598 ATF_TC_CLEANUP(getaudit_failure, tc)
604 ATF_TC_WITH_CLEANUP(setaudit_success);
605 ATF_TC_HEAD(setaudit_success, tc)
607 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
611 ATF_TC_BODY(setaudit_success, tc)
614 auditinfo_t auditinfo;
615 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
616 ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
618 FILE *pipefd = setup(fds, auclass);
619 ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
620 check_audit(fds, adregex, pipefd);
623 ATF_TC_CLEANUP(setaudit_success, tc)
629 ATF_TC_WITH_CLEANUP(setaudit_failure);
630 ATF_TC_HEAD(setaudit_failure, tc)
632 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
636 ATF_TC_BODY(setaudit_failure, tc)
639 snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
641 FILE *pipefd = setup(fds, auclass);
642 /* Failure reason: Bad address */
643 ATF_REQUIRE_EQ(-1, setaudit(NULL));
644 check_audit(fds, adregex, pipefd);
647 ATF_TC_CLEANUP(setaudit_failure, tc)
653 ATF_TC_WITH_CLEANUP(getaudit_addr_success);
654 ATF_TC_HEAD(getaudit_addr_success, tc)
656 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
657 "getaudit_addr(2) call");
660 ATF_TC_BODY(getaudit_addr_success, tc)
663 auditinfo_addr_t auditinfo;
664 snprintf(adregex, sizeof(adregex),
665 "getaudit_addr.*%d.*return,success", pid);
667 FILE *pipefd = setup(fds, auclass);
668 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
669 check_audit(fds, adregex, pipefd);
672 ATF_TC_CLEANUP(getaudit_addr_success, tc)
678 ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
679 ATF_TC_HEAD(getaudit_addr_failure, tc)
681 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
682 "getaudit_addr(2) call");
685 ATF_TC_BODY(getaudit_addr_failure, tc)
688 snprintf(adregex, sizeof(adregex),
689 "getaudit_addr.*%d.*return,failure", pid);
691 FILE *pipefd = setup(fds, auclass);
692 /* Failure reason: Bad address */
693 ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
694 check_audit(fds, adregex, pipefd);
697 ATF_TC_CLEANUP(getaudit_addr_failure, tc)
703 ATF_TC_WITH_CLEANUP(setaudit_addr_success);
704 ATF_TC_HEAD(setaudit_addr_success, tc)
706 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
707 "setaudit_addr(2) call");
710 ATF_TC_BODY(setaudit_addr_success, tc)
713 auditinfo_addr_t auditinfo;
714 snprintf(adregex, sizeof(adregex),
715 "setaudit_addr.*%d.*return,success", pid);
717 ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
718 FILE *pipefd = setup(fds, auclass);
719 ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
720 check_audit(fds, adregex, pipefd);
723 ATF_TC_CLEANUP(setaudit_addr_success, tc)
729 ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
730 ATF_TC_HEAD(setaudit_addr_failure, tc)
732 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
733 "setaudit_addr(2) call");
736 ATF_TC_BODY(setaudit_addr_failure, tc)
739 snprintf(adregex, sizeof(adregex),
740 "setaudit_addr.*%d.*return,failure", pid);
742 FILE *pipefd = setup(fds, auclass);
743 /* Failure reason: Bad address */
744 ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
745 check_audit(fds, adregex, pipefd);
748 ATF_TC_CLEANUP(setaudit_addr_failure, tc)
754 * Note: The test-case uses A_GETFSIZE as the command argument but since it is
755 * not an independent audit event, it will be used to check the default mode
756 * auditing of auditon(2) system call.
758 * Please See: sys/security/audit/audit_bsm_klib.c
759 * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
761 ATF_TC_WITH_CLEANUP(auditon_default_success);
762 ATF_TC_HEAD(auditon_default_success, tc)
764 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
768 ATF_TC_BODY(auditon_default_success, tc)
770 au_fstat_t fsize_arg;
771 bzero(&fsize_arg, sizeof(au_fstat_t));
774 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
776 FILE *pipefd = setup(fds, auclass);
777 ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
778 check_audit(fds, adregex, pipefd);
781 ATF_TC_CLEANUP(auditon_default_success, tc)
787 ATF_TC_WITH_CLEANUP(auditon_default_failure);
788 ATF_TC_HEAD(auditon_default_failure, tc)
790 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
794 ATF_TC_BODY(auditon_default_failure, tc)
797 snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
799 FILE *pipefd = setup(fds, auclass);
800 /* Failure reason: Invalid argument */
801 ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
802 check_audit(fds, adregex, pipefd);
805 ATF_TC_CLEANUP(auditon_default_failure, tc)
811 ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
812 ATF_TC_HEAD(auditon_getpolicy_success, tc)
814 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
815 "auditon(2) call for cmd: A_GETPOLICY");
818 ATF_TC_BODY(auditon_getpolicy_success, tc)
822 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
824 FILE *pipefd = setup(fds, auclass);
825 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
826 check_audit(fds, adregex, pipefd);
829 ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
835 ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
836 ATF_TC_HEAD(auditon_getpolicy_failure, tc)
838 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
839 "auditon(2) call for cmd: A_GETPOLICY");
842 ATF_TC_BODY(auditon_getpolicy_failure, tc)
845 snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
847 FILE *pipefd = setup(fds, auclass);
848 /* Failure reason: Invalid argument */
849 ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
850 check_audit(fds, adregex, pipefd);
853 ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
859 ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
860 ATF_TC_HEAD(auditon_setpolicy_success, tc)
862 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
863 "auditon(2) call for cmd: A_SETPOLICY");
866 ATF_TC_BODY(auditon_setpolicy_success, tc)
870 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
872 /* Retrieve the current auditing policy, to be used with A_SETPOLICY */
873 ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
874 FILE *pipefd = setup(fds, auclass);
875 ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
876 check_audit(fds, adregex, pipefd);
879 ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
885 ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
886 ATF_TC_HEAD(auditon_setpolicy_failure, tc)
888 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
889 "auditon(2) call for cmd: A_SETPOLICY");
892 ATF_TC_BODY(auditon_setpolicy_failure, tc)
895 snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
897 FILE *pipefd = setup(fds, auclass);
898 /* Failure reason: Invalid argument */
899 ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
900 check_audit(fds, adregex, pipefd);
903 ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
909 ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
910 ATF_TC_HEAD(auditon_getkmask_success, tc)
912 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
913 "auditon(2) call for cmd: A_GETKMASK");
916 ATF_TC_BODY(auditon_getkmask_success, tc)
920 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
922 bzero(&evmask, sizeof(evmask));
923 FILE *pipefd = setup(fds, auclass);
924 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
925 check_audit(fds, adregex, pipefd);
928 ATF_TC_CLEANUP(auditon_getkmask_success, tc)
934 ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
935 ATF_TC_HEAD(auditon_getkmask_failure, tc)
937 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
938 "auditon(2) call for cmd: A_GETKMASK");
941 ATF_TC_BODY(auditon_getkmask_failure, tc)
944 snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
946 FILE *pipefd = setup(fds, auclass);
947 /* Failure reason: Invalid au_mask_t structure */
948 ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
949 check_audit(fds, adregex, pipefd);
952 ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
958 ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
959 ATF_TC_HEAD(auditon_setkmask_success, tc)
961 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
962 "auditon(2) call for cmd: A_SETKMASK");
965 ATF_TC_BODY(auditon_setkmask_success, tc)
969 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
971 /* Retrieve the current audit mask to be used with A_SETKMASK */
972 bzero(&evmask, sizeof(evmask));
973 ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
975 FILE *pipefd = setup(fds, auclass);
976 ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
977 check_audit(fds, adregex, pipefd);
980 ATF_TC_CLEANUP(auditon_setkmask_success, tc)
986 ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
987 ATF_TC_HEAD(auditon_setkmask_failure, tc)
989 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
990 "auditon(2) call for cmd: A_SETKMASK");
993 ATF_TC_BODY(auditon_setkmask_failure, tc)
996 snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
998 FILE *pipefd = setup(fds, auclass);
999 /* Failure reason: Invalid au_mask_t structure */
1000 ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
1001 check_audit(fds, adregex, pipefd);
1004 ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
1010 ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
1011 ATF_TC_HEAD(auditon_getqctrl_success, tc)
1013 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1014 "auditon(2) call for cmd: A_GETQCTRL");
1017 ATF_TC_BODY(auditon_getqctrl_success, tc)
1021 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1023 bzero(&evqctrl, sizeof(evqctrl));
1024 FILE *pipefd = setup(fds, auclass);
1025 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1026 check_audit(fds, adregex, pipefd);
1029 ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1035 ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
1036 ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1038 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1039 "auditon(2) call for cmd: A_GETQCTRL");
1042 ATF_TC_BODY(auditon_getqctrl_failure, tc)
1045 snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1047 FILE *pipefd = setup(fds, auclass);
1048 /* Failure reason: Invalid au_qctrl_t structure */
1049 ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1050 check_audit(fds, adregex, pipefd);
1053 ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1059 ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
1060 ATF_TC_HEAD(auditon_setqctrl_success, tc)
1062 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1063 "auditon(2) call for cmd: A_SETKMASK");
1066 ATF_TC_BODY(auditon_setqctrl_success, tc)
1070 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1072 /* Retrieve the current audit mask to be used with A_SETQCTRL */
1073 bzero(&evqctrl, sizeof(evqctrl));
1074 ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1076 FILE *pipefd = setup(fds, auclass);
1077 ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1078 check_audit(fds, adregex, pipefd);
1081 ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1087 ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
1088 ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1090 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1091 "auditon(2) call for cmd: A_SETKMASK");
1094 ATF_TC_BODY(auditon_setqctrl_failure, tc)
1097 snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1099 FILE *pipefd = setup(fds, auclass);
1100 /* Failure reason: Invalid au_qctrl_t structure */
1101 ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1102 check_audit(fds, adregex, pipefd);
1105 ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1111 ATF_TC_WITH_CLEANUP(auditon_getclass_success);
1112 ATF_TC_HEAD(auditon_getclass_success, tc)
1114 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1115 "auditon(2) call for cmd: A_GETCLASS");
1118 ATF_TC_BODY(auditon_getclass_success, tc)
1121 au_evclass_map_t evclass;
1122 snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1124 /* Initialize evclass to get the event-class mapping for auditon(2) */
1125 evclass.ec_number = AUE_AUDITON;
1126 evclass.ec_class = 0;
1127 FILE *pipefd = setup(fds, auclass);
1128 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1129 check_audit(fds, adregex, pipefd);
1132 ATF_TC_CLEANUP(auditon_getclass_success, tc)
1138 ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
1139 ATF_TC_HEAD(auditon_getclass_failure, tc)
1141 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1142 "auditon(2) call for cmd: A_GETCLASS");
1145 ATF_TC_BODY(auditon_getclass_failure, tc)
1148 snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1150 FILE *pipefd = setup(fds, auclass);
1151 /* Failure reason: Invalid au_evclass_map_t structure */
1152 ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1153 check_audit(fds, adregex, pipefd);
1156 ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1162 ATF_TC_WITH_CLEANUP(auditon_setclass_success);
1163 ATF_TC_HEAD(auditon_setclass_success, tc)
1165 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1166 "auditon(2) call for cmd: A_SETCLASS");
1169 ATF_TC_BODY(auditon_setclass_success, tc)
1172 au_evclass_map_t evclass;
1173 snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1175 /* Initialize evclass and get the event-class mapping for auditon(2) */
1176 evclass.ec_number = AUE_AUDITON;
1177 evclass.ec_class = 0;
1178 ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1180 FILE *pipefd = setup(fds, auclass);
1181 ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1182 check_audit(fds, adregex, pipefd);
1185 ATF_TC_CLEANUP(auditon_setclass_success, tc)
1191 ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
1192 ATF_TC_HEAD(auditon_setclass_failure, tc)
1194 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1195 "auditon(2) call for cmd: A_SETCLASS");
1198 ATF_TC_BODY(auditon_setclass_failure, tc)
1201 snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1203 FILE *pipefd = setup(fds, auclass);
1204 /* Failure reason: Invalid au_evclass_map_t structure */
1205 ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1206 check_audit(fds, adregex, pipefd);
1209 ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1215 ATF_TC_WITH_CLEANUP(auditon_getcond_success);
1216 ATF_TC_HEAD(auditon_getcond_success, tc)
1218 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1219 "auditon(2) call for cmd: A_GETCOND");
1222 ATF_TC_BODY(auditon_getcond_success, tc)
1226 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1228 FILE *pipefd = setup(fds, auclass);
1229 ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1230 check_audit(fds, adregex, pipefd);
1233 ATF_TC_CLEANUP(auditon_getcond_success, tc)
1239 ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
1240 ATF_TC_HEAD(auditon_getcond_failure, tc)
1242 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1243 "auditon(2) call for cmd: A_GETCOND");
1246 ATF_TC_BODY(auditon_getcond_failure, tc)
1249 snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1251 FILE *pipefd = setup(fds, auclass);
1252 /* Failure reason: Invalid argument */
1253 ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1254 check_audit(fds, adregex, pipefd);
1257 ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1263 ATF_TC_WITH_CLEANUP(auditon_setcond_success);
1264 ATF_TC_HEAD(auditon_setcond_success, tc)
1266 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1267 "auditon(2) call for cmd: A_SETCOND");
1270 ATF_TC_BODY(auditon_setcond_success, tc)
1272 int auditcond = AUC_AUDITING;
1274 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1276 FILE *pipefd = setup(fds, auclass);
1277 /* At this point auditd is running, so the audit state is AUC_AUDITING */
1278 ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1279 check_audit(fds, adregex, pipefd);
1282 ATF_TC_CLEANUP(auditon_setcond_success, tc)
1288 ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
1289 ATF_TC_HEAD(auditon_setcond_failure, tc)
1291 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1292 "auditon(2) call for cmd: A_SETCOND");
1295 ATF_TC_BODY(auditon_setcond_failure, tc)
1298 snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1300 FILE *pipefd = setup(fds, auclass);
1301 /* Failure reason: Invalid argument */
1302 ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1303 check_audit(fds, adregex, pipefd);
1306 ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1312 * Following test-cases for auditon(2) are all in failure mode only as although
1313 * auditable, they have not been implemented and return ENOSYS whenever called.
1315 * Commands: A_GETCWD A_GETCAR A_GETSTAT A_SETSTAT A_SETUMASK A_SETSMASK
1318 ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
1319 ATF_TC_HEAD(auditon_getcwd_failure, tc)
1321 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1322 "auditon(2) call for cmd: A_GETCWD");
1325 ATF_TC_BODY(auditon_getcwd_failure, tc)
1328 snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1330 FILE *pipefd = setup(fds, auclass);
1331 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1332 sizeof(auditon_def)) == -1);
1333 check_audit(fds, adregex, pipefd);
1336 ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1342 ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
1343 ATF_TC_HEAD(auditon_getcar_failure, tc)
1345 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1346 "auditon(2) call for cmd: A_GETCAR");
1349 ATF_TC_BODY(auditon_getcar_failure, tc)
1352 snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1354 FILE *pipefd = setup(fds, auclass);
1355 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1356 sizeof(auditon_def)) == -1);
1357 check_audit(fds, adregex, pipefd);
1360 ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1366 ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
1367 ATF_TC_HEAD(auditon_getstat_failure, tc)
1369 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1370 "auditon(2) call for cmd: A_GETSTAT");
1373 ATF_TC_BODY(auditon_getstat_failure, tc)
1376 snprintf(adregex, sizeof(adregex),
1377 "get audit statistics.*%d.*return,failure", pid);
1379 FILE *pipefd = setup(fds, auclass);
1380 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1381 sizeof(auditon_def)) == -1);
1382 check_audit(fds, adregex, pipefd);
1385 ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1391 ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
1392 ATF_TC_HEAD(auditon_setstat_failure, tc)
1394 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1395 "auditon(2) call for cmd: A_SETSTAT");
1398 ATF_TC_BODY(auditon_setstat_failure, tc)
1401 snprintf(adregex, sizeof(adregex),
1402 "set audit statistics.*%d.*return,failure", pid);
1404 FILE *pipefd = setup(fds, auclass);
1405 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1406 sizeof(auditon_def)) == -1);
1407 check_audit(fds, adregex, pipefd);
1410 ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1416 ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
1417 ATF_TC_HEAD(auditon_setumask_failure, tc)
1419 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1420 "auditon(2) call for cmd: A_SETUMASK");
1423 ATF_TC_BODY(auditon_setumask_failure, tc)
1426 snprintf(adregex, sizeof(adregex),
1427 "set mask per uid.*%d.*return,failure", pid);
1429 FILE *pipefd = setup(fds, auclass);
1430 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1431 sizeof(auditon_def)) == -1);
1432 check_audit(fds, adregex, pipefd);
1435 ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1441 ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
1442 ATF_TC_HEAD(auditon_setsmask_failure, tc)
1444 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1445 "auditon(2) call for cmd: A_SETSMASK");
1448 ATF_TC_BODY(auditon_setsmask_failure, tc)
1451 snprintf(adregex, sizeof(adregex),
1452 "set mask per session.*%d.*return,failure", pid);
1454 FILE *pipefd = setup(fds, auclass);
1455 ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1456 sizeof(auditon_def)) == -1);
1457 check_audit(fds, adregex, pipefd);
1460 ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1467 * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1468 * to reboot the system while running the tests
1472 ATF_TC_WITH_CLEANUP(reboot_failure);
1473 ATF_TC_HEAD(reboot_failure, tc)
1475 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1479 ATF_TC_BODY(reboot_failure, tc)
1482 snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1484 FILE *pipefd = setup(fds, auclass);
1485 ATF_REQUIRE_EQ(-1, reboot(-1));
1486 check_audit(fds, adregex, pipefd);
1489 ATF_TC_CLEANUP(reboot_failure, tc)
1496 * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1497 * to tamper with filesystem quotas
1501 ATF_TC_WITH_CLEANUP(quotactl_failure);
1502 ATF_TC_HEAD(quotactl_failure, tc)
1504 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1505 "quotactl(2) call");
1508 ATF_TC_BODY(quotactl_failure, tc)
1511 snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1513 FILE *pipefd = setup(fds, auclass);
1514 ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1515 check_audit(fds, adregex, pipefd);
1518 ATF_TC_CLEANUP(quotactl_failure, tc)
1524 ATF_TC_WITH_CLEANUP(mount_failure);
1525 ATF_TC_HEAD(mount_failure, tc)
1527 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1531 ATF_TC_BODY(mount_failure, tc)
1534 snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1536 FILE *pipefd = setup(fds, auclass);
1537 ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1538 check_audit(fds, adregex, pipefd);
1541 ATF_TC_CLEANUP(mount_failure, tc)
1547 ATF_TC_WITH_CLEANUP(nmount_failure);
1548 ATF_TC_HEAD(nmount_failure, tc)
1550 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1554 ATF_TC_BODY(nmount_failure, tc)
1557 snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1559 FILE *pipefd = setup(fds, auclass);
1560 ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1561 check_audit(fds, adregex, pipefd);
1564 ATF_TC_CLEANUP(nmount_failure, tc)
1570 ATF_TC_WITH_CLEANUP(swapon_failure);
1571 ATF_TC_HEAD(swapon_failure, tc)
1573 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1577 ATF_TC_BODY(swapon_failure, tc)
1580 snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1582 FILE *pipefd = setup(fds, auclass);
1583 /* Failure reason: Block device required */
1584 ATF_REQUIRE_EQ(-1, swapon(path));
1585 check_audit(fds, adregex, pipefd);
1588 ATF_TC_CLEANUP(swapon_failure, tc)
1594 ATF_TC_WITH_CLEANUP(swapoff_failure);
1595 ATF_TC_HEAD(swapoff_failure, tc)
1597 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1601 ATF_TC_BODY(swapoff_failure, tc)
1604 snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1606 FILE *pipefd = setup(fds, auclass);
1607 /* Failure reason: Block device required */
1608 ATF_REQUIRE_EQ(-1, swapoff(path, 0));
1609 check_audit(fds, adregex, pipefd);
1612 ATF_TC_CLEANUP(swapoff_failure, tc)
1620 ATF_TP_ADD_TC(tp, settimeofday_success);
1621 ATF_TP_ADD_TC(tp, settimeofday_failure);
1622 ATF_TP_ADD_TC(tp, clock_settime_success);
1623 ATF_TP_ADD_TC(tp, clock_settime_failure);
1624 ATF_TP_ADD_TC(tp, adjtime_success);
1625 ATF_TP_ADD_TC(tp, adjtime_failure);
1626 ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1627 ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1629 ATF_TP_ADD_TC(tp, nfs_getfh_success);
1630 ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1631 ATF_TP_ADD_TC(tp, acct_success);
1632 ATF_TP_ADD_TC(tp, acct_failure);
1633 ATF_TP_ADD_TC(tp, auditctl_success);
1634 ATF_TP_ADD_TC(tp, auditctl_failure);
1636 ATF_TP_ADD_TC(tp, getauid_success);
1637 ATF_TP_ADD_TC(tp, getauid_failure);
1638 ATF_TP_ADD_TC(tp, setauid_success);
1639 ATF_TP_ADD_TC(tp, setauid_failure);
1641 ATF_TP_ADD_TC(tp, getaudit_success);
1642 ATF_TP_ADD_TC(tp, getaudit_failure);
1643 ATF_TP_ADD_TC(tp, setaudit_success);
1644 ATF_TP_ADD_TC(tp, setaudit_failure);
1646 ATF_TP_ADD_TC(tp, getaudit_addr_success);
1647 ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1648 ATF_TP_ADD_TC(tp, setaudit_addr_success);
1649 ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1651 ATF_TP_ADD_TC(tp, auditon_default_success);
1652 ATF_TP_ADD_TC(tp, auditon_default_failure);
1654 ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1655 ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1656 ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1657 ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1659 ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1660 ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1661 ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1662 ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1664 ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1665 ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1666 ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1667 ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1669 ATF_TP_ADD_TC(tp, auditon_getclass_success);
1670 ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1671 ATF_TP_ADD_TC(tp, auditon_setclass_success);
1672 ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1674 ATF_TP_ADD_TC(tp, auditon_getcond_success);
1675 ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1676 ATF_TP_ADD_TC(tp, auditon_setcond_success);
1677 ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1679 ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1680 ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1681 ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1682 ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1683 ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1684 ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1686 ATF_TP_ADD_TC(tp, reboot_failure);
1687 ATF_TP_ADD_TC(tp, quotactl_failure);
1688 ATF_TP_ADD_TC(tp, mount_failure);
1689 ATF_TP_ADD_TC(tp, nmount_failure);
1690 ATF_TP_ADD_TC(tp, swapon_failure);
1691 ATF_TP_ADD_TC(tp, swapoff_failure);
1693 return (atf_no_error());