From 63d542381b27fbe910ece88af8542548c3a06c42 Mon Sep 17 00:00:00 2001 From: asomers Date: Tue, 2 Oct 2018 16:23:33 +0000 Subject: [PATCH] MFC many audit(4) tests. MFC r334471, r334487, r334496, r334592, r334668, r334933, r335067, r335105, r335136, r335140, r335145, r335207-r335208, r335215, and r335255-r335256. r334471: audit(4): Add tests for the fr class of syscalls readlink and readlinkat are the only syscalls in this class. open and openat are as well, but they'll be handled in a different file. Also, tidy up the copyright headers of recently added files in this area. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15636 r334487: audit(4): Add tests for the fw class of syscalls. truncate and ftruncate are the only syscalls in this class, apart from certain variations of open and openat, which will be handled in a different file. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15640 r334496: audit(4): add tests for the fd audit class The only syscalls in this class are rmdir, unlink, unlinkat, rename, and renameat. Also, set is_exclusive for all audit(4) tests, because they can start and stop auditd. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15647 r334592: audit(4): add tests for the cl audit class The only syscalls in this class are close, closefrom, munmap, and revoke. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15650 r334668: audit(4): add tests for open(2) and openat(2) These syscalls are atypical, because each one corresponds to several different audit events, and they each pass several different audit class filters. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15657 r334933: audit(4): add tests for stat(2) and friends This revision adds auditability tests for stat, lstat, fstat, and fstatat, all from the fa audit class. More tests from that audit class will follow. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15709 r335067: audit(4): Fix file descriptor leaks in ATF tests Submitted by: aniketp Reported by: Coverity CID: 1393343 1393346 1392695 1392781 1391709 1392078 1392413 CID: 1392014 1392521 1393344 1393345 1393347 1393348 1393349 CID: 1393354 1393355 1393356 1393357 1393358 1393360 1393362 CID: 1393368 1393369 1393370 1393371 1393372 1393373 1393376 CID: 1393380 1393384 1393387 1393388 1393389 Sponsored by: Google, Inc (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15782 r335105: audit(4): add tests for statfs(2), fstatfs(2), and getfsstat(2) Submitted by: aniketp Sponsored by: Google, Inc (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15750 r335136: audit(4): add tests for flock, fcntl, and fsync Submitted by: aniketp Sponsored by: Google, Inc (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15795 r335140: audit(4): fix typo from r335136 Typo in Makefile accidentally disabled some older tests X-MFC-With: 335136 r335145: audit(4): add tests for fhopen, fhstat, and fhstatfs Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15798 r335207: audit(4): add tests for access(2), chmod(2), and friends access(2), eaccess(2), faccessat(2), chmod(2), fchmod(2), lchmod(2), and fchmodat(2). Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15805 Differential Revision: https://reviews.freebsd.org/D15808 r335208: audit(4): improve formatting in tests/sys/audit/open.c [skip ci] Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15797 r335215: audit(4): Add a few tests for network-related syscalls Add tests for socket(2), socketpair(2), and setsockopt(2) Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15803 r335255: audit(4): add tests for bind(2), bindat(2), and listen(2) Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15843 r335256: audit(4): add tests for chown(2) and friends Includes chown, fchown, lchown, and fchownat Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15825 --- tests/sys/audit/Makefile | 29 +- tests/sys/audit/file-attribute-access.c | 698 ++++++++++++++++++++++++ tests/sys/audit/file-attribute-modify.c | 581 ++++++++++++++++++++ tests/sys/audit/file-close.c | 233 ++++++++ tests/sys/audit/file-create.c | 14 +- tests/sys/audit/file-delete.c | 274 ++++++++++ tests/sys/audit/file-read.c | 136 +++++ tests/sys/audit/file-write.c | 141 +++++ tests/sys/audit/network.c | 412 ++++++++++++++ tests/sys/audit/open.c | 196 +++++++ tests/sys/audit/utils.c | 23 +- tests/sys/audit/utils.h | 1 - 12 files changed, 2718 insertions(+), 20 deletions(-) create mode 100644 tests/sys/audit/file-attribute-access.c create mode 100644 tests/sys/audit/file-attribute-modify.c create mode 100644 tests/sys/audit/file-close.c create mode 100644 tests/sys/audit/file-delete.c create mode 100644 tests/sys/audit/file-read.c create mode 100644 tests/sys/audit/file-write.c create mode 100644 tests/sys/audit/network.c create mode 100644 tests/sys/audit/open.c diff --git a/tests/sys/audit/Makefile b/tests/sys/audit/Makefile index 93dbb5aa9fd..0488844bcdb 100644 --- a/tests/sys/audit/Makefile +++ b/tests/sys/audit/Makefile @@ -2,16 +2,41 @@ TESTSDIR= ${TESTSBASE}/sys/audit -ATF_TESTS_C= file-create +ATF_TESTS_C= file-attribute-access +ATF_TESTS_C+= file-attribute-modify +ATF_TESTS_C+= file-create +ATF_TESTS_C+= file-delete +ATF_TESTS_C+= file-close +ATF_TESTS_C+= file-write +ATF_TESTS_C+= file-read +ATF_TESTS_C+= open +ATF_TESTS_C+= network +SRCS.file-attribute-access+= file-attribute-access.c +SRCS.file-attribute-access+= utils.c +SRCS.file-attribute-modify+= file-attribute-modify.c +SRCS.file-attribute-modify+= utils.c SRCS.file-create+= file-create.c SRCS.file-create+= utils.c +SRCS.file-delete+= file-delete.c +SRCS.file-delete+= utils.c +SRCS.file-close+= file-close.c +SRCS.file-close+= utils.c +SRCS.file-write+= file-write.c +SRCS.file-write+= utils.c +SRCS.file-read+= file-read.c +SRCS.file-read+= utils.c +SRCS.open+= open.c +SRCS.open+= utils.c +SRCS.network+= network.c +SRCS.network+= utils.c TEST_METADATA+= timeout="30" TEST_METADATA+= required_user="root" +TEST_METADATA+= is_exclusive="true" WARNS?= 6 -LDFLAGS+= -lbsm +LDFLAGS+= -lbsm -lutil .include diff --git a/tests/sys/audit/file-attribute-access.c b/tests/sys/audit/file-attribute-access.c new file mode 100644 index 00000000000..f648b0bc4fe --- /dev/null +++ b/tests/sys/audit/file-attribute-access.c @@ -0,0 +1,698 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; +static mode_t mode = 0777; +static pid_t pid; +static fhandle_t fht; +static int filedesc, fhdesc; +static char extregex[80]; +static struct stat statbuff; +static struct statfs statfsbuff; +static const char *auclass = "fa"; +static const char *path = "fileforaudit"; +static const char *errpath = "dirdoesnotexist/fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(stat_success); +ATF_TC_HEAD(stat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "stat(2) call"); +} + +ATF_TC_BODY(stat_success, tc) +{ + /* File needs to exist to call stat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, stat(path, &statbuff)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(stat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(stat_failure); +ATF_TC_HEAD(stat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "stat(2) call"); +} + +ATF_TC_BODY(stat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, stat(errpath, &statbuff)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(stat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lstat_success); +ATF_TC_HEAD(lstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lstat(2) call"); +} + +ATF_TC_BODY(lstat_success, tc) +{ + /* Symbolic link needs to exist to call lstat(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, lstat(path, &statbuff)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lstat_failure); +ATF_TC_HEAD(lstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lstat(2) call"); +} + +ATF_TC_BODY(lstat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lstat(errpath, &statbuff)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstat_success); +ATF_TC_HEAD(fstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstat(2) call"); +} + +ATF_TC_BODY(fstat_success, tc) +{ + /* File needs to exist to call fstat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fstat(filedesc, &statbuff)); + + snprintf(extregex, sizeof(extregex), + "fstat.*%jd.*return,success", (intmax_t)statbuff.st_ino); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstat_failure); +ATF_TC_HEAD(fstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fstat(2) call"); +} + +ATF_TC_BODY(fstat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + const char *regex = "fstat.*return,failure : Bad file descriptor"; + /* Failure reason: bad file descriptor */ + ATF_REQUIRE_EQ(-1, fstat(-1, &statbuff)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatat_success); +ATF_TC_HEAD(fstatat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstatat(2) call"); +} + +ATF_TC_BODY(fstatat_success, tc) +{ + /* File or Symbolic link needs to exist to call lstat(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fstatat(AT_FDCWD, path, &statbuff, + AT_SYMLINK_NOFOLLOW)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(fstatat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatat_failure); +ATF_TC_HEAD(fstatat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fstatat(2) call"); +} + +ATF_TC_BODY(fstatat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, fstatat(AT_FDCWD, path, &statbuff, + AT_SYMLINK_NOFOLLOW)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fstatat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(statfs_success); +ATF_TC_HEAD(statfs_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "statfs(2) call"); +} + +ATF_TC_BODY(statfs_success, tc) +{ + /* File needs to exist to call statfs(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, statfs(path, &statfsbuff)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(statfs_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(statfs_failure); +ATF_TC_HEAD(statfs_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "statfs(2) call"); +} + +ATF_TC_BODY(statfs_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, statfs(errpath, &statfsbuff)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(statfs_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatfs_success); +ATF_TC_HEAD(fstatfs_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstatfs(2) call"); +} + +ATF_TC_BODY(fstatfs_success, tc) +{ + /* File needs to exist to call fstat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); + /* Call stat(2) to store the Inode number of 'path' */ + ATF_REQUIRE_EQ(0, stat(path, &statbuff)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fstatfs(filedesc, &statfsbuff)); + + snprintf(extregex, sizeof(extregex), "fstatfs.*%jd.*return,success", + (intmax_t)statbuff.st_ino); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fstatfs_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatfs_failure); +ATF_TC_HEAD(fstatfs_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fstatfs(2) call"); +} + +ATF_TC_BODY(fstatfs_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + const char *regex = "fstatfs.*return,failure : Bad file descriptor"; + /* Failure reason: bad file descriptor */ + ATF_REQUIRE_EQ(-1, fstatfs(-1, &statfsbuff)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fstatfs_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getfsstat_success); +ATF_TC_HEAD(getfsstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getfsstat(2) call"); +} + +ATF_TC_BODY(getfsstat_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "getfsstat.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE(getfsstat(NULL, 0, MNT_NOWAIT) != -1); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(getfsstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getfsstat_failure); +ATF_TC_HEAD(getfsstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getfsstat(2) call"); +} + +ATF_TC_BODY(getfsstat_failure, tc) +{ + const char *regex = "getfsstat.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid value for mode */ + ATF_REQUIRE_EQ(-1, getfsstat(NULL, 0, -1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(getfsstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhopen_success); +ATF_TC_HEAD(fhopen_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fhopen(2) call"); +} + +ATF_TC_BODY(fhopen_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fhopen.*%d.*return,success", pid); + + /* File needs to exist to get a file-handle */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Get the file handle to be passed to fhopen(2) */ + ATF_REQUIRE_EQ(0, getfh(path, &fht)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((fhdesc = fhopen(&fht, O_RDWR)) != -1); + check_audit(fds, extregex, pipefd); + + close(fhdesc); + close(filedesc); +} + +ATF_TC_CLEANUP(fhopen_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhopen_failure); +ATF_TC_HEAD(fhopen_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fhopen(2) call"); +} + +ATF_TC_BODY(fhopen_failure, tc) +{ + const char *regex = "fhopen.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, auclass); + /* + * Failure reason: NULL does not represent any file handle + * and O_CREAT is not allowed as the flag for fhopen(2) + */ + ATF_REQUIRE_EQ(-1, fhopen(NULL, O_CREAT)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fhopen_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstat_success); +ATF_TC_HEAD(fhstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstat(2) call"); +} + +ATF_TC_BODY(fhstat_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fhstat.*%d.*return,success", pid); + + /* File needs to exist to get a file-handle */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Get the file handle to be passed to fhstat(2) */ + ATF_REQUIRE_EQ(0, getfh(path, &fht)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fhstat(&fht, &statbuff)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fhstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstat_failure); +ATF_TC_HEAD(fhstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fhstat(2) call"); +} + +ATF_TC_BODY(fhstat_failure, tc) +{ + const char *regex = "fhstat.*return,failure : Bad address"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: NULL does not represent any file handle */ + ATF_REQUIRE_EQ(-1, fhstat(NULL, NULL)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fhstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstatfs_success); +ATF_TC_HEAD(fhstatfs_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstatfs(2) call"); +} + +ATF_TC_BODY(fhstatfs_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fhstatfs.*%d.*success", pid); + + /* File needs to exist to get a file-handle */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Get the file handle to be passed to fhstatfs(2) */ + ATF_REQUIRE_EQ(0, getfh(path, &fht)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fhstatfs(&fht, &statfsbuff)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fhstatfs_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstatfs_failure); +ATF_TC_HEAD(fhstatfs_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fhstatfs(2) call"); +} + +ATF_TC_BODY(fhstatfs_failure, tc) +{ + const char *regex = "fhstatfs.*return,failure : Bad address"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: NULL does not represent any file handle */ + ATF_REQUIRE_EQ(-1, fhstatfs(NULL, NULL)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fhstatfs_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(access_success); +ATF_TC_HEAD(access_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "access(2) call"); +} + +ATF_TC_BODY(access_success, tc) +{ + /* File needs to exist to call access(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, access(path, F_OK)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(access_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(access_failure); +ATF_TC_HEAD(access_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "access(2) call"); +} + +ATF_TC_BODY(access_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, access(errpath, F_OK)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(access_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(eaccess_success); +ATF_TC_HEAD(eaccess_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "eaccess(2) call"); +} + +ATF_TC_BODY(eaccess_success, tc) +{ + /* File needs to exist to call eaccess(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, eaccess(path, F_OK)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(eaccess_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(eaccess_failure); +ATF_TC_HEAD(eaccess_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "eaccess(2) call"); +} + +ATF_TC_BODY(eaccess_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, eaccess(errpath, F_OK)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(eaccess_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(faccessat_success); +ATF_TC_HEAD(faccessat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "faccessat(2) call"); +} + +ATF_TC_BODY(faccessat_success, tc) +{ + /* File needs to exist to call faccessat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, faccessat(AT_FDCWD, path, F_OK, AT_EACCESS)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(faccessat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(faccessat_failure); +ATF_TC_HEAD(faccessat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "faccessat(2) call"); +} + +ATF_TC_BODY(faccessat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, faccessat(AT_FDCWD, errpath, F_OK, AT_EACCESS)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(faccessat_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, stat_success); + ATF_TP_ADD_TC(tp, stat_failure); + ATF_TP_ADD_TC(tp, lstat_success); + ATF_TP_ADD_TC(tp, lstat_failure); + ATF_TP_ADD_TC(tp, fstat_success); + ATF_TP_ADD_TC(tp, fstat_failure); + ATF_TP_ADD_TC(tp, fstatat_success); + ATF_TP_ADD_TC(tp, fstatat_failure); + + ATF_TP_ADD_TC(tp, statfs_success); + ATF_TP_ADD_TC(tp, statfs_failure); + ATF_TP_ADD_TC(tp, fstatfs_success); + ATF_TP_ADD_TC(tp, fstatfs_failure); + + ATF_TP_ADD_TC(tp, getfsstat_success); + ATF_TP_ADD_TC(tp, getfsstat_failure); + + ATF_TP_ADD_TC(tp, fhopen_success); + ATF_TP_ADD_TC(tp, fhopen_failure); + ATF_TP_ADD_TC(tp, fhstat_success); + ATF_TP_ADD_TC(tp, fhstat_failure); + ATF_TP_ADD_TC(tp, fhstatfs_success); + ATF_TP_ADD_TC(tp, fhstatfs_failure); + + ATF_TP_ADD_TC(tp, access_success); + ATF_TP_ADD_TC(tp, access_failure); + ATF_TP_ADD_TC(tp, eaccess_success); + ATF_TP_ADD_TC(tp, eaccess_failure); + ATF_TP_ADD_TC(tp, faccessat_success); + ATF_TP_ADD_TC(tp, faccessat_failure); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/file-attribute-modify.c b/tests/sys/audit/file-attribute-modify.c new file mode 100644 index 00000000000..66fd7f552b8 --- /dev/null +++ b/tests/sys/audit/file-attribute-modify.c @@ -0,0 +1,581 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include +#include +#include + +#include "utils.h" + +static pid_t pid; +static uid_t uid = -1; +static gid_t gid = -1; +static int filedesc; +static struct pollfd fds[1]; +static mode_t mode = 0777; +static char extregex[80]; +static const char *auclass = "fm"; +static const char *path = "fileforaudit"; +static const char *errpath = "adirhasnoname/fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(flock_success); +ATF_TC_HEAD(flock_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "flock(2) call"); +} + +ATF_TC_BODY(flock_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "flock.*%d.*return,success", pid); + + /* File needs to exist to call flock(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, flock(filedesc, LOCK_SH)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(flock_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(flock_failure); +ATF_TC_HEAD(flock_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "flock(2) call"); +} + +ATF_TC_BODY(flock_failure, tc) +{ + const char *regex = "flock.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, flock(-1, LOCK_SH)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(flock_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fcntl_success); +ATF_TC_HEAD(fcntl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fcntl(2) call"); +} + +ATF_TC_BODY(fcntl_success, tc) +{ + int flagstatus; + /* File needs to exist to call fcntl(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + + /* Retrieve the status flags of 'filedesc' and store it in flagstatus */ + ATF_REQUIRE((flagstatus = fcntl(filedesc, F_GETFL, 0)) != -1); + snprintf(extregex, sizeof(extregex), + "fcntl.*return,success,%d", flagstatus); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fcntl_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fcntl_failure); +ATF_TC_HEAD(fcntl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fcntl(2) call"); +} + +ATF_TC_BODY(fcntl_failure, tc) +{ + const char *regex = "fcntl.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, fcntl(-1, F_GETFL, 0)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fcntl_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fsync_success); +ATF_TC_HEAD(fsync_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fsync(2) call"); +} + +ATF_TC_BODY(fsync_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fsync.*%d.*return,success", pid); + + /* File needs to exist to call fsync(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fsync(filedesc)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fsync_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fsync_failure); +ATF_TC_HEAD(fsync_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fsync(2) call"); +} + +ATF_TC_BODY(fsync_failure, tc) +{ + const char *regex = "fsync.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fsync(-1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fsync_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chmod_success); +ATF_TC_HEAD(chmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chmod(2) call"); +} + +ATF_TC_BODY(chmod_success, tc) +{ + /* File needs to exist to call chmod(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, chmod(path, mode)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(chmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chmod_failure); +ATF_TC_HEAD(chmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chmod(2) call"); +} + +ATF_TC_BODY(chmod_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chmod(errpath, mode)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmod_success); +ATF_TC_HEAD(fchmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchmod(2) call"); +} + +ATF_TC_BODY(fchmod_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fchmod.*%d.*return,success", pid); + + /* File needs to exist to call fchmod(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchmod(filedesc, mode)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmod_failure); +ATF_TC_HEAD(fchmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchmod(2) call"); +} + +ATF_TC_BODY(fchmod_failure, tc) +{ + const char *regex = "fchmod.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fchmod(-1, mode)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchmod_success); +ATF_TC_HEAD(lchmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lchmod(2) call"); +} + +ATF_TC_BODY(lchmod_success, tc) +{ + /* Symbolic link needs to exist to call lchmod(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, lchmod(path, mode)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lchmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchmod_failure); +ATF_TC_HEAD(lchmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lchmod(2) call"); +} + +ATF_TC_BODY(lchmod_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, lchmod(errpath, mode)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lchmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmodat_success); +ATF_TC_HEAD(fchmodat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchmodat(2) call"); +} + +ATF_TC_BODY(fchmodat_success, tc) +{ + /* File needs to exist to call fchmodat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchmodat(AT_FDCWD, path, mode, 0)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchmodat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmodat_failure); +ATF_TC_HEAD(fchmodat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchmodat(2) call"); +} + +ATF_TC_BODY(fchmodat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, fchmodat(AT_FDCWD, errpath, mode, 0)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fchmodat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chown_success); +ATF_TC_HEAD(chown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chown(2) call"); +} + +ATF_TC_BODY(chown_success, tc) +{ + /* File needs to exist to call chown(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, chown(path, uid, gid)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(chown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chown_failure); +ATF_TC_HEAD(chown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chown(2) call"); +} + +ATF_TC_BODY(chown_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chown(errpath, uid, gid)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchown_success); +ATF_TC_HEAD(fchown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchown(2) call"); +} + +ATF_TC_BODY(fchown_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fchown.*%d.*return,success", pid); + + /* File needs to exist to call fchown(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchown(filedesc, uid, gid)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchown_failure); +ATF_TC_HEAD(fchown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchown(2) call"); +} + +ATF_TC_BODY(fchown_failure, tc) +{ + const char *regex = "fchown.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fchown(-1, uid, gid)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchown_success); +ATF_TC_HEAD(lchown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lchown(2) call"); +} + +ATF_TC_BODY(lchown_success, tc) +{ + /* Symbolic link needs to exist to call lchown(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, lchown(path, uid, gid)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lchown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchown_failure); +ATF_TC_HEAD(lchown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lchown(2) call"); +} + +ATF_TC_BODY(lchown_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lchown(errpath, uid, gid)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lchown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchownat_success); +ATF_TC_HEAD(fchownat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchownat(2) call"); +} + +ATF_TC_BODY(fchownat_success, tc) +{ + /* File needs to exist to call fchownat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchownat(AT_FDCWD, path, uid, gid, 0)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchownat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchownat_failure); +ATF_TC_HEAD(fchownat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchownat(2) call"); +} + +ATF_TC_BODY(fchownat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, fchownat(AT_FDCWD, errpath, uid, gid, 0)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fchownat_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, flock_success); + ATF_TP_ADD_TC(tp, flock_failure); + ATF_TP_ADD_TC(tp, fcntl_success); + ATF_TP_ADD_TC(tp, fcntl_failure); + ATF_TP_ADD_TC(tp, fsync_success); + ATF_TP_ADD_TC(tp, fsync_failure); + + ATF_TP_ADD_TC(tp, chmod_success); + ATF_TP_ADD_TC(tp, chmod_failure); + ATF_TP_ADD_TC(tp, fchmod_success); + ATF_TP_ADD_TC(tp, fchmod_failure); + ATF_TP_ADD_TC(tp, lchmod_success); + ATF_TP_ADD_TC(tp, lchmod_failure); + ATF_TP_ADD_TC(tp, fchmodat_success); + ATF_TP_ADD_TC(tp, fchmodat_failure); + + ATF_TP_ADD_TC(tp, chown_success); + ATF_TP_ADD_TC(tp, chown_failure); + ATF_TP_ADD_TC(tp, fchown_success); + ATF_TP_ADD_TC(tp, fchown_failure); + ATF_TP_ADD_TC(tp, lchown_success); + ATF_TP_ADD_TC(tp, lchown_failure); + ATF_TP_ADD_TC(tp, fchownat_success); + ATF_TP_ADD_TC(tp, fchownat_failure); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/file-close.c b/tests/sys/audit/file-close.c new file mode 100644 index 00000000000..51936b09606 --- /dev/null +++ b/tests/sys/audit/file-close.c @@ -0,0 +1,233 @@ +/*- + * Copyright 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static pid_t pid; +static struct pollfd fds[1]; +static mode_t mode = 0777; +static int filedesc; +static char extregex[80]; +static struct stat statbuff; +static const char *auclass = "cl"; +static const char *path = "fileforaudit"; +static const char *errpath = "dirdoesnotexist/fileforaudit"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(munmap_success); +ATF_TC_HEAD(munmap_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "munmap(2) call"); +} + +ATF_TC_BODY(munmap_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "munmap.*%d.*return,success", pid); + + /* Allocate sample memory, to be removed by munmap(2) */ + char *addr = mmap(NULL, sizeof(char), PROT_READ , MAP_ANONYMOUS, -1, 0); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, munmap(addr, sizeof(char))); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(munmap_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(munmap_failure); +ATF_TC_HEAD(munmap_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "munmap(2) call"); +} + +ATF_TC_BODY(munmap_failure, tc) +{ + const char *regex = "munmap.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, munmap((void *)SIZE_MAX, -1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(munmap_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(close_success); +ATF_TC_HEAD(close_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "close(2) call"); +} + +ATF_TC_BODY(close_success, tc) +{ + /* File needs to exist to call close(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); + /* Call stat(2) to store the Inode number of 'path' */ + ATF_REQUIRE_EQ(0, stat(path, &statbuff)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, close(filedesc)); + + /* intmax_t to support all architectures */ + snprintf(extregex, sizeof(extregex), "close.*%jd.*return,succes", + (intmax_t)statbuff.st_ino); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(close_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(close_failure); +ATF_TC_HEAD(close_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "close(2) call"); +} + +ATF_TC_BODY(close_failure, tc) +{ + const char *regex = "close.*return,failure"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, close(-1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(close_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(closefrom_success); +ATF_TC_HEAD(closefrom_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "closefrom(2) call"); +} + +ATF_TC_BODY(closefrom_success, tc) +{ + const char *regex = "closefrom.*return,success"; + FILE *pipefd = setup(fds, auclass); + /* closefrom(2) returns 'void' */ + closefrom(INT_MAX); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(closefrom_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(revoke_success); +ATF_TC_HEAD(revoke_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "revoke(2) call"); +} + +ATF_TC_BODY(revoke_success, tc) +{ + char *ptyname; + pid = getpid(); + snprintf(extregex, sizeof(extregex), "revoke.*%d.*return,success", pid); + + /* Obtain a pseudo terminal and get the path to slave device */ + ATF_REQUIRE((filedesc = posix_openpt(O_RDWR | O_NOCTTY)) != -1); + ATF_REQUIRE((ptyname = ptsname(filedesc)) != NULL); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, revoke(ptyname)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(revoke_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(revoke_failure); +ATF_TC_HEAD(revoke_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "revoke(2) call"); +} + +ATF_TC_BODY(revoke_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, revoke(errpath)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(revoke_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, munmap_success); + ATF_TP_ADD_TC(tp, munmap_failure); + + ATF_TP_ADD_TC(tp, close_success); + ATF_TP_ADD_TC(tp, close_failure); + ATF_TP_ADD_TC(tp, closefrom_success); + + ATF_TP_ADD_TC(tp, revoke_success); + ATF_TP_ADD_TC(tp, revoke_failure); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/file-create.c b/tests/sys/audit/file-create.c index 0fd9a6fdaa5..e6c215cfbb6 100644 --- a/tests/sys/audit/file-create.c +++ b/tests/sys/audit/file-create.c @@ -1,6 +1,5 @@ /*- * Copyright 2018 Aniket Pandey - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -38,6 +37,7 @@ static struct pollfd fds[1]; static mode_t mode = 0777; +static int filedesc; static dev_t dev = 0; static const char *auclass = "fc"; static const char *path = "fileforaudit"; @@ -306,10 +306,11 @@ ATF_TC_HEAD(rename_success, tc) ATF_TC_BODY(rename_success, tc) { - ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); FILE *pipefd = setup(fds, auclass); ATF_REQUIRE_EQ(0, rename(path, "renamed")); check_audit(fds, successreg, pipefd); + close(filedesc); } ATF_TC_CLEANUP(rename_success, tc) @@ -348,10 +349,11 @@ ATF_TC_HEAD(renameat_success, tc) ATF_TC_BODY(renameat_success, tc) { - ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); FILE *pipefd = setup(fds, auclass); ATF_REQUIRE_EQ(0, renameat(AT_FDCWD, path, AT_FDCWD, "renamed")); check_audit(fds, successreg, pipefd); + close(filedesc); } ATF_TC_CLEANUP(renameat_success, tc) @@ -390,10 +392,11 @@ ATF_TC_HEAD(link_success, tc) ATF_TC_BODY(link_success, tc) { - ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); FILE *pipefd = setup(fds, auclass); ATF_REQUIRE_EQ(0, link(path, "hardlink")); check_audit(fds, successreg, pipefd); + close(filedesc); } ATF_TC_CLEANUP(link_success, tc) @@ -432,10 +435,11 @@ ATF_TC_HEAD(linkat_success, tc) ATF_TC_BODY(linkat_success, tc) { - ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); FILE *pipefd = setup(fds, auclass); ATF_REQUIRE_EQ(0, linkat(AT_FDCWD, path, AT_FDCWD, "hardlink", 0)); check_audit(fds, successreg, pipefd); + close(filedesc); } ATF_TC_CLEANUP(linkat_success, tc) diff --git a/tests/sys/audit/file-delete.c b/tests/sys/audit/file-delete.c new file mode 100644 index 00000000000..3583265df77 --- /dev/null +++ b/tests/sys/audit/file-delete.c @@ -0,0 +1,274 @@ +/*- + * Copyright 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include + +#include +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; +static mode_t mode = 0777; +static int filedesc; +static const char *path = "fileforaudit"; +static const char *errpath = "dirdoesnotexist/fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(rmdir_success); +ATF_TC_HEAD(rmdir_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "rmdir(2) call"); +} + +ATF_TC_BODY(rmdir_success, tc) +{ + ATF_REQUIRE_EQ(0, mkdir(path, mode)); + FILE *pipefd = setup(fds, "fd"); + ATF_REQUIRE_EQ(0, rmdir(path)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(rmdir_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(rmdir_failure); +ATF_TC_HEAD(rmdir_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "rmdir(2) call"); +} + +ATF_TC_BODY(rmdir_failure, tc) +{ + FILE *pipefd = setup(fds, "fd"); + /* Failure reason: directory does not exist */ + ATF_REQUIRE_EQ(-1, rmdir(errpath)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(rmdir_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(rename_success); +ATF_TC_HEAD(rename_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "rename(2) call"); +} + +ATF_TC_BODY(rename_success, tc) +{ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, "fd"); + ATF_REQUIRE_EQ(0, rename(path, "renamed")); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(rename_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(rename_failure); +ATF_TC_HEAD(rename_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "rename(2) call"); +} + +ATF_TC_BODY(rename_failure, tc) +{ + FILE *pipefd = setup(fds, "fd"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, rename(path, "renamed")); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(rename_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(renameat_success); +ATF_TC_HEAD(renameat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "renameat(2) call"); +} + +ATF_TC_BODY(renameat_success, tc) +{ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, "fd"); + ATF_REQUIRE_EQ(0, renameat(AT_FDCWD, path, AT_FDCWD, "renamed")); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(renameat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(renameat_failure); +ATF_TC_HEAD(renameat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "renameat(2) call"); +} + +ATF_TC_BODY(renameat_failure, tc) +{ + FILE *pipefd = setup(fds, "fd"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, renameat(AT_FDCWD, path, AT_FDCWD, "renamed")); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(renameat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(unlink_success); +ATF_TC_HEAD(unlink_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "unlink(2) call"); +} + +ATF_TC_BODY(unlink_success, tc) +{ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, "fd"); + ATF_REQUIRE_EQ(0, unlink(path)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(unlink_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(unlink_failure); +ATF_TC_HEAD(unlink_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "unlink(2) call"); +} + +ATF_TC_BODY(unlink_failure, tc) +{ + FILE *pipefd = setup(fds, "fd"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, unlink(errpath)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(unlink_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(unlinkat_success); +ATF_TC_HEAD(unlinkat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "unlinkat(2) call"); +} + +ATF_TC_BODY(unlinkat_success, tc) +{ + ATF_REQUIRE_EQ(0, mkdir(path, mode)); + FILE *pipefd = setup(fds, "fd"); + ATF_REQUIRE_EQ(0, unlinkat(AT_FDCWD, path, AT_REMOVEDIR)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(unlinkat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(unlinkat_failure); +ATF_TC_HEAD(unlinkat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "unlinkat(2) call"); +} + +ATF_TC_BODY(unlinkat_failure, tc) +{ + FILE *pipefd = setup(fds, "fd"); + /* Failure reason: directory does not exist */ + ATF_REQUIRE_EQ(-1, unlinkat(AT_FDCWD, errpath, AT_REMOVEDIR)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(unlinkat_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, rmdir_success); + ATF_TP_ADD_TC(tp, rmdir_failure); + + ATF_TP_ADD_TC(tp, rename_success); + ATF_TP_ADD_TC(tp, rename_failure); + ATF_TP_ADD_TC(tp, renameat_success); + ATF_TP_ADD_TC(tp, renameat_failure); + + ATF_TP_ADD_TC(tp, unlink_success); + ATF_TP_ADD_TC(tp, unlink_failure); + ATF_TP_ADD_TC(tp, unlinkat_success); + ATF_TP_ADD_TC(tp, unlinkat_failure); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/file-read.c b/tests/sys/audit/file-read.c new file mode 100644 index 00000000000..4022c7ef36b --- /dev/null +++ b/tests/sys/audit/file-read.c @@ -0,0 +1,136 @@ +/*- + * Copyright 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; +static char buff[1024]; +static const char *path = "fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(readlink_success); +ATF_TC_HEAD(readlink_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "readlink(2) call"); +} + +ATF_TC_BODY(readlink_success, tc) +{ + memset(buff, 0, sizeof(buff)); + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, "fr"); + ATF_REQUIRE(readlink(path, buff, sizeof(buff)-1) != -1); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(readlink_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(readlink_failure); +ATF_TC_HEAD(readlink_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "readlink(2) call"); +} + +ATF_TC_BODY(readlink_failure, tc) +{ + memset(buff, 0, sizeof(buff)); + FILE *pipefd = setup(fds, "fr"); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, readlink(path, buff, sizeof(buff)-1)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(readlink_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(readlinkat_success); +ATF_TC_HEAD(readlinkat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "readlinkat(2) call"); +} + +ATF_TC_BODY(readlinkat_success, tc) +{ + memset(buff, 0, sizeof(buff)); + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, "fr"); + ATF_REQUIRE(readlinkat(AT_FDCWD, path, buff, sizeof(buff)-1) != -1); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(readlinkat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(readlinkat_failure); +ATF_TC_HEAD(readlinkat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "readlinkat(2) call"); +} + +ATF_TC_BODY(readlinkat_failure, tc) +{ + memset(buff, 0, sizeof(buff)); + FILE *pipefd = setup(fds, "fr"); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, readlinkat(AT_FDCWD, path, buff, sizeof(buff)-1)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(readlinkat_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, readlink_success); + ATF_TP_ADD_TC(tp, readlink_failure); + ATF_TP_ADD_TC(tp, readlinkat_success); + ATF_TP_ADD_TC(tp, readlinkat_failure); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/file-write.c b/tests/sys/audit/file-write.c new file mode 100644 index 00000000000..183292a6a09 --- /dev/null +++ b/tests/sys/audit/file-write.c @@ -0,0 +1,141 @@ +/*- + * Copyright 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; +static mode_t mode = 0777; +static int filedesc; +static off_t offlen = 0; +static const char *path = "fileforaudit"; +static const char *errpath = "dirdoesnotexist/fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; + + +ATF_TC_WITH_CLEANUP(truncate_success); +ATF_TC_HEAD(truncate_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "truncate(2) call"); +} + +ATF_TC_BODY(truncate_success, tc) +{ + /* File needs to exist to call truncate(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, "fw"); + ATF_REQUIRE_EQ(0, truncate(path, offlen)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(truncate_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(truncate_failure); +ATF_TC_HEAD(truncate_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "truncate(2) call"); +} + +ATF_TC_BODY(truncate_failure, tc) +{ + FILE *pipefd = setup(fds, "fw"); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, truncate(errpath, offlen)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(truncate_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(ftruncate_success); +ATF_TC_HEAD(ftruncate_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "ftruncate(2) call"); +} + +ATF_TC_BODY(ftruncate_success, tc) +{ + const char *regex = "ftruncate.*return,success"; + /* Valid file descriptor needs to exist to call ftruncate(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR)) != -1); + FILE *pipefd = setup(fds, "fw"); + ATF_REQUIRE_EQ(0, ftruncate(filedesc, offlen)); + check_audit(fds, regex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(ftruncate_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(ftruncate_failure); +ATF_TC_HEAD(ftruncate_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "ftruncate(2) call"); +} + +ATF_TC_BODY(ftruncate_failure, tc) +{ + const char *regex = "ftruncate.*return,failure"; + FILE *pipefd = setup(fds, "fw"); + /* Failure reason: bad file descriptor */ + ATF_REQUIRE_EQ(-1, ftruncate(-1, offlen)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(ftruncate_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, truncate_success); + ATF_TP_ADD_TC(tp, truncate_failure); + ATF_TP_ADD_TC(tp, ftruncate_success); + ATF_TP_ADD_TC(tp, ftruncate_failure); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/network.c b/tests/sys/audit/network.c new file mode 100644 index 00000000000..a6ae29f576a --- /dev/null +++ b/tests/sys/audit/network.c @@ -0,0 +1,412 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include + +#include +#include +#include +#include + +#include "utils.h" + +#define SERVER_PATH "server" + +static int sockfd; +static socklen_t len; +static struct pollfd fds[1]; +static char extregex[80]; +static const char *auclass = "nt"; +static const char *nosupregex = "return,failure : Address family " + "not supported by protocol family"; +static const char *invalregex = "return,failur.*Socket operation on non-socket"; + +/* + * Variadic function to close socket descriptors + */ +static void +close_sockets(int count, ...) +{ + int sockd; + va_list socklist; + va_start(socklist, count); + for (sockd = 0; sockd < count; sockd++) { + close(va_arg(socklist, int)); + } + va_end(socklist); +} + +/* + * Assign local filesystem address to a Unix domain socket + */ +static void +assign_address(struct sockaddr_un *server) +{ + memset(server, 0, sizeof(*server)); + server->sun_family = AF_UNIX; + strcpy(server->sun_path, SERVER_PATH); +} + + +ATF_TC_WITH_CLEANUP(socket_success); +ATF_TC_HEAD(socket_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "socket(2) call"); +} + +ATF_TC_BODY(socket_success, tc) +{ + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of sockfd in audit record */ + snprintf(extregex, sizeof(extregex), "socket.*ret.*success,%d", sockfd); + check_audit(fds, extregex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(socket_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socket_failure); +ATF_TC_HEAD(socket_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "socket(2) call"); +} + +ATF_TC_BODY(socket_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "socket.*%s", nosupregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Unsupported value of 'domain' argument: 0 */ + ATF_REQUIRE_EQ(-1, socket(0, SOCK_STREAM, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(socket_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socketpair_success); +ATF_TC_HEAD(socketpair_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "socketpair(2) call"); +} + +ATF_TC_BODY(socketpair_success, tc) +{ + int sv[2]; + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, socketpair(PF_UNIX, SOCK_STREAM, 0, sv)); + + /* Check for 0x0 (argument 3: default protocol) in the audit record */ + snprintf(extregex, sizeof(extregex), "socketpair.*0x0.*return,success"); + check_audit(fds, extregex, pipefd); + close_sockets(2, sv[0], sv[1]); +} + +ATF_TC_CLEANUP(socketpair_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(socketpair_failure); +ATF_TC_HEAD(socketpair_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "socketpair(2) call"); +} + +ATF_TC_BODY(socketpair_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "socketpair.*%s", nosupregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Unsupported value of 'domain' argument: 0 */ + ATF_REQUIRE_EQ(-1, socketpair(0, SOCK_STREAM, 0, NULL)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(socketpair_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setsockopt_success); +ATF_TC_HEAD(setsockopt_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setsockopt(2) call"); +} + +ATF_TC_BODY(setsockopt_success, tc) +{ + int tr = 1; + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of sockfd in audit record */ + snprintf(extregex, sizeof(extregex), + "setsockopt.*0x%x.*return,success", sockfd); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setsockopt(sockfd, SOL_SOCKET, + SO_REUSEADDR, &tr, sizeof(int))); + check_audit(fds, extregex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(setsockopt_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setsockopt_failure); +ATF_TC_HEAD(setsockopt_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setsockopt(2) call"); +} + +ATF_TC_BODY(setsockopt_failure, tc) +{ + int tr = 1; + snprintf(extregex, sizeof(extregex), "setsockopt.*%s", invalregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, setsockopt(0, SOL_SOCKET, + SO_REUSEADDR, &tr, sizeof(int))); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(setsockopt_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(bind_success); +ATF_TC_HEAD(bind_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "bind(2) call"); +} + +ATF_TC_BODY(bind_success, tc) +{ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Preliminary socket setup */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of AF_UNIX address path in audit record */ + snprintf(extregex, sizeof(extregex), + "bind.*unix.*%s.*return,success", SERVER_PATH); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + check_audit(fds, extregex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(bind_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(bind_failure); +ATF_TC_HEAD(bind_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "bind(2) call"); +} + +ATF_TC_BODY(bind_failure, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + /* Check the presence of AF_UNIX path in audit record */ + snprintf(extregex, sizeof(extregex), + "bind.*%s.*return,failure", SERVER_PATH); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, bind(0, (struct sockaddr *)&server, len)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(bind_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(bindat_success); +ATF_TC_HEAD(bindat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "bindat(2) call"); +} + +ATF_TC_BODY(bindat_success, tc) +{ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Preliminary socket setup */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + /* Check the presence of socket descriptor in audit record */ + snprintf(extregex, sizeof(extregex), + "bindat.*0x%x.*return,success", sockfd); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, bindat(AT_FDCWD, sockfd, + (struct sockaddr *)&server, len)); + check_audit(fds, extregex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(bindat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(bindat_failure); +ATF_TC_HEAD(bindat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "bindat(2) call"); +} + +ATF_TC_BODY(bindat_failure, tc) +{ + /* Preliminary socket setup */ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + snprintf(extregex, sizeof(extregex), "bindat.*%s", invalregex); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, bindat(AT_FDCWD, 0, + (struct sockaddr *)&server, len)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(bindat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(listen_success); +ATF_TC_HEAD(listen_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "listen(2) call"); +} + +ATF_TC_BODY(listen_success, tc) +{ + struct sockaddr_un server; + assign_address(&server); + len = sizeof(struct sockaddr_un); + + /* Preliminary socket setup */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + /* Check the presence of socket descriptor in the audit record */ + snprintf(extregex, sizeof(extregex), + "listen.*0x%x.*return,success", sockfd); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + check_audit(fds, extregex, pipefd); + close(sockfd); +} + +ATF_TC_CLEANUP(listen_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(listen_failure); +ATF_TC_HEAD(listen_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "listen(2) call"); +} + +ATF_TC_BODY(listen_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "listen.*%s", invalregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, listen(0, 1)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(listen_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, socket_success); + ATF_TP_ADD_TC(tp, socket_failure); + ATF_TP_ADD_TC(tp, socketpair_success); + ATF_TP_ADD_TC(tp, socketpair_failure); + ATF_TP_ADD_TC(tp, setsockopt_success); + ATF_TP_ADD_TC(tp, setsockopt_failure); + + ATF_TP_ADD_TC(tp, bind_success); + ATF_TP_ADD_TC(tp, bind_failure); + ATF_TP_ADD_TC(tp, bindat_success); + ATF_TP_ADD_TC(tp, bindat_failure); + ATF_TP_ADD_TC(tp, listen_success); + ATF_TP_ADD_TC(tp, listen_failure); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/open.c b/tests/sys/audit/open.c new file mode 100644 index 00000000000..c99d88dcde1 --- /dev/null +++ b/tests/sys/audit/open.c @@ -0,0 +1,196 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* + * Note: open(2) and openat(2) have 12 events each for various values of 'flag' + * Please see: contrib/openbsm/etc/audit_event#L261 + * + * 270:AUE_OPENAT_R:openat(2) - read:fr + * 271:AUE_OPENAT_RC:openat(2) - read,creat:fc,fr,fa,fm + * 272:AUE_OPENAT_RT:openat(2) - read,trunc:fd,fr,fa,fm + * 273:AUE_OPENAT_RTC:openat(2) - read,creat,trunc:fc,fd,fr,fa,fm + * 274:AUE_OPENAT_W:openat(2) - write:fw + * 275:AUE_OPENAT_WC:openat(2) - write,creat:fc,fw,fa,fm + * 276:AUE_OPENAT_WT:openat(2) - write,trunc:fd,fw,fa,fm + * 277:AUE_OPENAT_WTC:openat(2) - write,creat,trunc:fc,fd,fw,fa,fm + * 278:AUE_OPENAT_RW:openat(2) - read,write:fr,fw + * 279:AUE_OPENAT_RWC:openat(2) - read,write,create:fc,fw,fr,fa,fm + * 280:AUE_OPENAT_RWT:openat(2) - read,write,trunc:fd,fw,fr,fa,fm + * 281:AUE_OPENAT_RWTC:openat(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm + */ + +#include + +#include +#include + +#include "utils.h" + +static struct pollfd fds[1]; +static mode_t o_mode = 0777; +static int filedesc; +static char extregex[80]; +static const char *path = "fileforaudit"; +static const char *errpath = "adirhasnoname/fileforaudit"; + +/* + * Define test-cases for success and failure modes of both open(2) and openat(2) + */ +#define OPEN_AT_TC_DEFINE(mode, regex, flag, class) \ +ATF_TC_WITH_CLEANUP(open_ ## mode ## _success); \ +ATF_TC_HEAD(open_ ## mode ## _success, tc) \ +{ \ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " \ + "open(2) call with flags = %s", #flag); \ +} \ +ATF_TC_BODY(open_ ## mode ## _success, tc) \ +{ \ + snprintf(extregex, sizeof(extregex), \ + "open.*%s.*fileforaudit.*return,success", regex); \ + /* File needs to exist for successful open(2) invocation */ \ + ATF_REQUIRE((filedesc = open(path, O_CREAT, o_mode)) != -1); \ + FILE *pipefd = setup(fds, class); \ + ATF_REQUIRE(syscall(SYS_open, path, flag) != -1); \ + check_audit(fds, extregex, pipefd); \ + close(filedesc); \ +} \ +ATF_TC_CLEANUP(open_ ## mode ## _success, tc) \ +{ \ + cleanup(); \ +} \ +ATF_TC_WITH_CLEANUP(open_ ## mode ## _failure); \ +ATF_TC_HEAD(open_ ## mode ## _failure, tc) \ +{ \ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " \ + "open(2) call with flags = %s", #flag); \ +} \ +ATF_TC_BODY(open_ ## mode ## _failure, tc) \ +{ \ + snprintf(extregex, sizeof(extregex), \ + "open.*%s.*fileforaudit.*return,failure", regex); \ + FILE *pipefd = setup(fds, class); \ + ATF_REQUIRE_EQ(-1, syscall(SYS_open, errpath, flag)); \ + check_audit(fds, extregex, pipefd); \ +} \ +ATF_TC_CLEANUP(open_ ## mode ## _failure, tc) \ +{ \ + cleanup(); \ +} \ +ATF_TC_WITH_CLEANUP(openat_ ## mode ## _success); \ +ATF_TC_HEAD(openat_ ## mode ## _success, tc) \ +{ \ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " \ + "openat(2) call with flags = %s", #flag); \ +} \ +ATF_TC_BODY(openat_ ## mode ## _success, tc) \ +{ \ + int filedesc2; \ + snprintf(extregex, sizeof(extregex), \ + "openat.*%s.*fileforaudit.*return,success", regex); \ + /* File needs to exist for successful openat(2) invocation */ \ + ATF_REQUIRE((filedesc = open(path, O_CREAT, o_mode)) != -1); \ + FILE *pipefd = setup(fds, class); \ + ATF_REQUIRE((filedesc2 = openat(AT_FDCWD, path, flag)) != -1); \ + check_audit(fds, extregex, pipefd); \ + close(filedesc2); \ + close(filedesc); \ +} \ +ATF_TC_CLEANUP(openat_ ## mode ## _success, tc) \ +{ \ + cleanup(); \ +} \ +ATF_TC_WITH_CLEANUP(openat_ ## mode ## _failure); \ +ATF_TC_HEAD(openat_ ## mode ## _failure, tc) \ +{ \ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " \ + "openat(2) call with flags = %s", #flag); \ +} \ +ATF_TC_BODY(openat_ ## mode ## _failure, tc) \ +{ \ + snprintf(extregex, sizeof(extregex), \ + "openat.*%s.*fileforaudit.*return,failure", regex); \ + FILE *pipefd = setup(fds, class); \ + ATF_REQUIRE_EQ(-1, openat(AT_FDCWD, errpath, flag)); \ + check_audit(fds, extregex, pipefd); \ +} \ +ATF_TC_CLEANUP(openat_ ## mode ## _failure, tc) \ +{ \ + cleanup(); \ +} + +/* + * Add both success and failure modes of open(2) and openat(2) + */ +#define OPEN_AT_TC_ADD(tp, mode) \ +do { \ + ATF_TP_ADD_TC(tp, open_ ## mode ## _success); \ + ATF_TP_ADD_TC(tp, open_ ## mode ## _failure); \ + ATF_TP_ADD_TC(tp, openat_ ## mode ## _success); \ + ATF_TP_ADD_TC(tp, openat_ ## mode ## _failure); \ +} while (0) + + +/* + * Each of the 12 OPEN_AT_TC_DEFINE statement is a group of 4 test-cases + * corresponding to separate audit events for open(2) and openat(2) + */ +OPEN_AT_TC_DEFINE(read, "read", O_RDONLY, "fr") +OPEN_AT_TC_DEFINE(read_creat, "read,creat", O_RDONLY | O_CREAT, "fr") +OPEN_AT_TC_DEFINE(read_trunc, "read,trunc", O_RDONLY | O_TRUNC, "fr") +OPEN_AT_TC_DEFINE(read_creat_trunc, "read,creat,trunc", O_RDONLY | O_CREAT + | O_TRUNC, "fr") +OPEN_AT_TC_DEFINE(write, "write", O_WRONLY, "fw") +OPEN_AT_TC_DEFINE(write_creat, "write,creat", O_WRONLY | O_CREAT, "fw") +OPEN_AT_TC_DEFINE(write_trunc, "write,trunc", O_WRONLY | O_TRUNC, "fw") +OPEN_AT_TC_DEFINE(write_creat_trunc, "write,creat,trunc", O_WRONLY | O_CREAT + | O_TRUNC, "fw") +OPEN_AT_TC_DEFINE(read_write, "read,write", O_RDWR, "fr") +OPEN_AT_TC_DEFINE(read_write_creat, "read,write,creat", O_RDWR | O_CREAT, "fw") +OPEN_AT_TC_DEFINE(read_write_trunc, "read,write,trunc", O_RDWR | O_TRUNC, "fr") +OPEN_AT_TC_DEFINE(read_write_creat_trunc, "read,write,creat,trunc", O_RDWR | + O_CREAT | O_TRUNC, "fw") + + +ATF_TP_ADD_TCS(tp) +{ + OPEN_AT_TC_ADD(tp, read); + OPEN_AT_TC_ADD(tp, read_creat); + OPEN_AT_TC_ADD(tp, read_trunc); + OPEN_AT_TC_ADD(tp, read_creat_trunc); + + OPEN_AT_TC_ADD(tp, write); + OPEN_AT_TC_ADD(tp, write_creat); + OPEN_AT_TC_ADD(tp, write_trunc); + OPEN_AT_TC_ADD(tp, write_creat_trunc); + + OPEN_AT_TC_ADD(tp, read_write); + OPEN_AT_TC_ADD(tp, read_write_creat); + OPEN_AT_TC_ADD(tp, read_write_trunc); + OPEN_AT_TC_ADD(tp, read_write_creat_trunc); + + return (atf_no_error()); +} diff --git a/tests/sys/audit/utils.c b/tests/sys/audit/utils.c index e95944516f0..30e313677ed 100644 --- a/tests/sys/audit/utils.c +++ b/tests/sys/audit/utils.c @@ -1,6 +1,5 @@ /*- * Copyright 2018 Aniket Pandey - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -28,15 +27,16 @@ #include -#include +#include +#include + +#include #include #include -#include -#include #include +#include +#include #include -#include -#include #include "utils.h" @@ -80,7 +80,7 @@ get_records(const char *auditregex, FILE *pipestream) } free(buff); - fclose(memstream); + ATF_REQUIRE_EQ(0, fclose(memstream)); return (atf_utils_grep_string("%s", membuff, auditregex)); } @@ -195,9 +195,8 @@ void check_audit(struct pollfd fd[], const char *auditrgx, FILE *pipestream) { check_auditpipe(fd, auditrgx, pipestream); - /* Cleanup */ - fclose(pipestream); - close(fd[0].fd); + /* Teardown: /dev/auditpipe's instance opened for this test-suite */ + ATF_REQUIRE_EQ(0, fclose(pipestream)); } FILE @@ -208,9 +207,9 @@ FILE nomask = get_audit_mask("no"); FILE *pipestream; - fd[0].fd = open("/dev/auditpipe", O_RDONLY); + ATF_REQUIRE((fd[0].fd = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE((pipestream = fdopen(fd[0].fd, "r")) != NULL); fd[0].events = POLLIN; - pipestream = fdopen(fd[0].fd, "r"); /* Set local preselection audit_class as "no" for audit startup */ set_preselect_mode(fd[0].fd, &nomask); diff --git a/tests/sys/audit/utils.h b/tests/sys/audit/utils.h index 701d1d2d1ef..51001148c26 100644 --- a/tests/sys/audit/utils.h +++ b/tests/sys/audit/utils.h @@ -1,6 +1,5 @@ /*- * Copyright 2018 Aniket Pandey - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions -- 2.45.2