1
/*-
2
 * Copyright (c) 2018 Aniket Pandey
3
 *
4
 * Redistribution and use in source and binary forms, with or without
5
 * modification, are permitted provided that the following conditions
6
 * are met:
7
 * 1. Redistributions of source code must retain the above copyright
8
 *    notice, this list of conditions and the following disclaimer.
9
 * 2. Redistributions in binary form must reproduce the above copyright
10
 *    notice, this list of conditions and the following disclaimer in the
11
 *    documentation and/or other materials provided with the distribution.
12
 *
13
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23
 * SUCH DAMAGE.
24
 */
25

26
#include <sys/param.h>
27
#include <sys/mount.h>
28
#include <sys/reboot.h>
29
#include <sys/stat.h>
30
#include <sys/sysctl.h>
31
#include <sys/time.h>
32
#include <sys/timespec.h>
33
#include <sys/timex.h>
34

35
#include <bsm/audit.h>
36
#include <bsm/audit_kevents.h>
37
#include <ufs/ufs/quota.h>
38

39
#include <atf-c.h>
40
#include <errno.h>
41
#include <fcntl.h>
42
#include <stdlib.h>
43
#include <time.h>
44
#include <unistd.h>
45

46
#include "utils.h"
47

48
static pid_t pid;
49
static int filedesc;
50
/* Default argument for handling ENOSYS in auditon(2) functions */
51
static int auditon_def = 0;
52
static mode_t mode = 0777;
53
static struct pollfd fds[1];
54
static char adregex[80];
55
static const char *auclass = "ad";
56
static const char *path = "fileforaudit";
57
static const char *successreg = "fileforaudit.*return,success";
58

59

60
ATF_TC_WITH_CLEANUP(settimeofday_success);
61
ATF_TC_HEAD(settimeofday_success, tc)
62
{
63
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
64
					"settimeofday(2) call");
65
}
66

67
ATF_TC_BODY(settimeofday_success, tc)
68
{
69
	pid = getpid();
70
	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*success", pid);
71

72
	struct timeval tp;
73
	struct timezone tzp;
74
	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
75

76
	FILE *pipefd = setup(fds, auclass);
77
	/* Setting the same time as obtained by gettimeofday(2) */
78
	ATF_REQUIRE_EQ(0, settimeofday(&tp, &tzp));
79
	check_audit(fds, adregex, pipefd);
80
}
81

82
ATF_TC_CLEANUP(settimeofday_success, tc)
83
{
84
	cleanup();
85
}
86

87

88
ATF_TC_WITH_CLEANUP(settimeofday_failure);
89
ATF_TC_HEAD(settimeofday_failure, tc)
90
{
91
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
92
					"settimeofday(2) call");
93
}
94

95
ATF_TC_BODY(settimeofday_failure, tc)
96
{
97
	pid = getpid();
98
	snprintf(adregex, sizeof(adregex), "settimeofday.*%d.*failure", pid);
99

100
	struct timeval tp;
101
	struct timezone tzp;
102
	ATF_REQUIRE_EQ(0, gettimeofday(&tp, &tzp));
103

104
	FILE *pipefd = setup(fds, auclass);
105
	tp.tv_sec = -1;
106
	/* Failure reason: Invalid value for tp.tv_sec; */
107
	ATF_REQUIRE_EQ(-1, settimeofday(&tp, &tzp));
108
	check_audit(fds, adregex, pipefd);
109
}
110

111
ATF_TC_CLEANUP(settimeofday_failure, tc)
112
{
113
	cleanup();
114
}
115

116

117
ATF_TC_WITH_CLEANUP(clock_settime_success);
118
ATF_TC_HEAD(clock_settime_success, tc)
119
{
120
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
121
					"clock_settime(2) call");
122
}
123

124
ATF_TC_BODY(clock_settime_success, tc)
125
{
126
	pid = getpid();
127
	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid);
128

129
	struct timespec tp;
130
	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
131

132
	FILE *pipefd = setup(fds, auclass);
133
	/* Setting the same time as obtained by clock_gettime(2) */
134
	ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
135
	check_audit(fds, adregex, pipefd);
136
}
137

138
ATF_TC_CLEANUP(clock_settime_success, tc)
139
{
140
	cleanup();
141
}
142

143

144
ATF_TC_WITH_CLEANUP(clock_settime_failure);
145
ATF_TC_HEAD(clock_settime_failure, tc)
146
{
147
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
148
					"clock_settime(2) call");
149
}
150

151
ATF_TC_BODY(clock_settime_failure, tc)
152
{
153
	pid = getpid();
154
	snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid);
155

156
	struct timespec tp;
157
	ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
158

159
	FILE *pipefd = setup(fds, auclass);
160
	/* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
161
	ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
162
	check_audit(fds, adregex, pipefd);
163
}
164

165
ATF_TC_CLEANUP(clock_settime_failure, tc)
166
{
167
	cleanup();
168
}
169

170

171
ATF_TC_WITH_CLEANUP(adjtime_success);
172
ATF_TC_HEAD(adjtime_success, tc)
173
{
174
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
175
					"adjtime(2) call");
176
}
177

178
ATF_TC_BODY(adjtime_success, tc)
179
{
180
	pid = getpid();
181
	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid);
182

183
	FILE *pipefd = setup(fds, auclass);
184
	/* We don't want to change the system time, hence NULL */
185
	ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
186
	check_audit(fds, adregex, pipefd);
187
}
188

189
ATF_TC_CLEANUP(adjtime_success, tc)
190
{
191
	cleanup();
192
}
193

194

195
ATF_TC_WITH_CLEANUP(adjtime_failure);
196
ATF_TC_HEAD(adjtime_failure, tc)
197
{
198
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
199
					"adjtime(2) call");
200
}
201

202
ATF_TC_BODY(adjtime_failure, tc)
203
{
204
	pid = getpid();
205
	snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,failure", pid);
206

207
	FILE *pipefd = setup(fds, auclass);
208
	ATF_REQUIRE_EQ(-1, adjtime((struct timeval *)(-1), NULL));
209
	check_audit(fds, adregex, pipefd);
210
}
211

212
ATF_TC_CLEANUP(adjtime_failure, tc)
213
{
214
	cleanup();
215
}
216

217

218
ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
219
ATF_TC_HEAD(ntp_adjtime_success, tc)
220
{
221
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
222
					"ntp_adjtime(2) call");
223
}
224

225
ATF_TC_BODY(ntp_adjtime_success, tc)
226
{
227
	struct timex timebuff;
228
	bzero(&timebuff, sizeof(timebuff));
229

230
	pid = getpid();
231
	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid);
232

233
	FILE *pipefd = setup(fds, auclass);
234
	ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
235
	check_audit(fds, adregex, pipefd);
236
}
237

238
ATF_TC_CLEANUP(ntp_adjtime_success, tc)
239
{
240
	cleanup();
241
}
242

243

244
ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
245
ATF_TC_HEAD(ntp_adjtime_failure, tc)
246
{
247
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
248
					"ntp_adjtime(2) call");
249
}
250

251
ATF_TC_BODY(ntp_adjtime_failure, tc)
252
{
253
	pid = getpid();
254
	snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid);
255

256
	FILE *pipefd = setup(fds, auclass);
257
	ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
258
	check_audit(fds, adregex, pipefd);
259
}
260

261
ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
262
{
263
	cleanup();
264
}
265

266

267
ATF_TC_WITH_CLEANUP(nfs_getfh_success);
268
ATF_TC_HEAD(nfs_getfh_success, tc)
269
{
270
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
271
					"getfh(2) call");
272
}
273

274
ATF_TC_BODY(nfs_getfh_success, tc)
275
{
276
	fhandle_t fhp;
277
	pid = getpid();
278
	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
279

280
	/* File needs to exist to call getfh(2) */
281
	ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
282
	FILE *pipefd = setup(fds, auclass);
283
	ATF_REQUIRE_EQ(0, getfh(path, &fhp));
284
	check_audit(fds, adregex, pipefd);
285
	close(filedesc);
286
}
287

288
ATF_TC_CLEANUP(nfs_getfh_success, tc)
289
{
290
	cleanup();
291
}
292

293

294
ATF_TC_WITH_CLEANUP(nfs_getfh_failure);
295
ATF_TC_HEAD(nfs_getfh_failure, tc)
296
{
297
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
298
					"getfh(2) call");
299
}
300

301
ATF_TC_BODY(nfs_getfh_failure, tc)
302
{
303
	pid = getpid();
304
	snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*failure", pid);
305

306
	FILE *pipefd = setup(fds, auclass);
307
	/* Failure reason: file does not exist */
308
	ATF_REQUIRE_EQ(-1, getfh(path, NULL));
309
	check_audit(fds, adregex, pipefd);
310
}
311

312
ATF_TC_CLEANUP(nfs_getfh_failure, tc)
313
{
314
	cleanup();
315
}
316

317

318
ATF_TC_WITH_CLEANUP(auditctl_success);
319
ATF_TC_HEAD(auditctl_success, tc)
320
{
321
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
322
					"auditctl(2) call");
323
}
324

325
ATF_TC_BODY(auditctl_success, tc)
326
{
327
	/* File needs to exist in order to call auditctl(2) */
328
	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1);
329
	FILE *pipefd = setup(fds, auclass);
330
	ATF_REQUIRE_EQ(0, auditctl(path));
331
	check_audit(fds, successreg, pipefd);
332
	close(filedesc);
333
}
334

335
ATF_TC_CLEANUP(auditctl_success, tc)
336
{
337
	/*
338
	 * auditctl(2) disables audit log at /var/audit and initiates auditing
339
	 * at the configured path. To reset this, we need to stop and start the
340
	 * auditd(8) again. Here, we check if auditd(8) was running already
341
	 * before the test started. If so, we stop and start it again.
342
	 *
343
	 * TODO: should we skip this test if auditd(8) is already running to
344
	 * avoid restarting it?
345
	 */
346
	if (!atf_utils_file_exists("started_fake_auditd")) {
347
		system("service auditd onestop > /dev/null 2>&1");
348
		system("service auditd onestart > /dev/null 2>&1");
349
	} else {
350
		cleanup();
351
	}
352
}
353

354

355
ATF_TC_WITH_CLEANUP(auditctl_failure);
356
ATF_TC_HEAD(auditctl_failure, tc)
357
{
358
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
359
					"auditctl(2) call");
360
}
361

362
ATF_TC_BODY(auditctl_failure, tc)
363
{
364
	pid = getpid();
365
	snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid);
366

367
	FILE *pipefd = setup(fds, auclass);
368
	/* Failure reason: file does not exist */
369
	ATF_REQUIRE_EQ(-1, auditctl(NULL));
370
	check_audit(fds, adregex, pipefd);
371
}
372

373
ATF_TC_CLEANUP(auditctl_failure, tc)
374
{
375
	cleanup();
376
}
377

378

379
ATF_TC_WITH_CLEANUP(acct_success);
380
ATF_TC_HEAD(acct_success, tc)
381
{
382
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
383
					"acct(2) call");
384
	atf_tc_set_md_var(tc, "require.files",
385
	    "/etc/rc.d/accounting /etc/rc.d/auditd");
386
}
387

388
ATF_TC_BODY(acct_success, tc)
389
{
390
	int acctinfo, filedesc2;
391
	size_t len = sizeof(acctinfo);
392
	const char *acctname = "kern.acct_configured";
393
	ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
394

395
	/* File needs to exist to start system accounting */
396
	ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
397

398
	/*
399
	 * acctinfo = 0: System accounting was disabled
400
	 * acctinfo = 1: System accounting was enabled
401
	 */
402
	if (acctinfo) {
403
		ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
404
		close(filedesc2);
405
	}
406

407
	pid = getpid();
408
	snprintf(adregex, sizeof(adregex),
409
		"acct.*%s.*%d.*return,success", path, pid);
410

411
	/*
412
	 * We temporarily switch the accounting record to a file at
413
	 * our own configured path in order to confirm acct(2)'s successful
414
	 * auditing. Then we set everything back to its original state.
415
	 */
416
	FILE *pipefd = setup(fds, auclass);
417
	ATF_REQUIRE_EQ(0, acct(path));
418
	check_audit(fds, adregex, pipefd);
419
	close(filedesc);
420
}
421

422
ATF_TC_CLEANUP(acct_success, tc)
423
{
424
	/* Reset accounting configured path */
425
	ATF_REQUIRE_EQ(0, system("service accounting onestop"));
426
	if (atf_utils_file_exists("acct_ok")) {
427
		ATF_REQUIRE_EQ(0, system("service accounting onestart"));
428
	}
429
	cleanup();
430
}
431

432

433
ATF_TC_WITH_CLEANUP(acct_failure);
434
ATF_TC_HEAD(acct_failure, tc)
435
{
436
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
437
					"acct(2) call");
438
}
439

440
ATF_TC_BODY(acct_failure, tc)
441
{
442
	pid = getpid();
443
	snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid);
444

445
	FILE *pipefd = setup(fds, auclass);
446
	/* Failure reason: File does not exist */
447
	ATF_REQUIRE_EQ(-1, acct(path));
448
	check_audit(fds, adregex, pipefd);
449
}
450

451
ATF_TC_CLEANUP(acct_failure, tc)
452
{
453
	cleanup();
454
}
455

456

457
ATF_TC_WITH_CLEANUP(getauid_success);
458
ATF_TC_HEAD(getauid_success, tc)
459
{
460
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
461
					"getauid(2) call");
462
}
463

464
ATF_TC_BODY(getauid_success, tc)
465
{
466
	au_id_t auid;
467
	pid = getpid();
468
	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
469

470
	FILE *pipefd = setup(fds, auclass);
471
	ATF_REQUIRE_EQ(0, getauid(&auid));
472
	check_audit(fds, adregex, pipefd);
473
}
474

475
ATF_TC_CLEANUP(getauid_success, tc)
476
{
477
	cleanup();
478
}
479

480

481
ATF_TC_WITH_CLEANUP(getauid_failure);
482
ATF_TC_HEAD(getauid_failure, tc)
483
{
484
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
485
					"getauid(2) call");
486
}
487

488
ATF_TC_BODY(getauid_failure, tc)
489
{
490
	pid = getpid();
491
	snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
492

493
	FILE *pipefd = setup(fds, auclass);
494
	/* Failure reason: Bad address */
495
	ATF_REQUIRE_EQ(-1, getauid(NULL));
496
	check_audit(fds, adregex, pipefd);
497
}
498

499
ATF_TC_CLEANUP(getauid_failure, tc)
500
{
501
	cleanup();
502
}
503

504

505
ATF_TC_WITH_CLEANUP(setauid_success);
506
ATF_TC_HEAD(setauid_success, tc)
507
{
508
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
509
					"setauid(2) call");
510
}
511

512
ATF_TC_BODY(setauid_success, tc)
513
{
514
	au_id_t auid;
515
	pid = getpid();
516
	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
517
	ATF_REQUIRE_EQ(0, getauid(&auid));
518

519
	FILE *pipefd = setup(fds, auclass);
520
	ATF_REQUIRE_EQ(0, setauid(&auid));
521
	check_audit(fds, adregex, pipefd);
522
}
523

524
ATF_TC_CLEANUP(setauid_success, tc)
525
{
526
	cleanup();
527
}
528

529

530
ATF_TC_WITH_CLEANUP(setauid_failure);
531
ATF_TC_HEAD(setauid_failure, tc)
532
{
533
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
534
					"setauid(2) call");
535
}
536

537
ATF_TC_BODY(setauid_failure, tc)
538
{
539
	pid = getpid();
540
	snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
541

542
	FILE *pipefd = setup(fds, auclass);
543
	/* Failure reason: Bad address */
544
	ATF_REQUIRE_EQ(-1, setauid(NULL));
545
	check_audit(fds, adregex, pipefd);
546
}
547

548
ATF_TC_CLEANUP(setauid_failure, tc)
549
{
550
	cleanup();
551
}
552

553

554
ATF_TC_WITH_CLEANUP(getaudit_success);
555
ATF_TC_HEAD(getaudit_success, tc)
556
{
557
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
558
					"getaudit(2) call");
559
}
560

561
ATF_TC_BODY(getaudit_success, tc)
562
{
563
	pid = getpid();
564
	auditinfo_t auditinfo;
565
	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
566

567
	FILE *pipefd = setup(fds, auclass);
568
	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
569
	check_audit(fds, adregex, pipefd);
570
}
571

572
ATF_TC_CLEANUP(getaudit_success, tc)
573
{
574
	cleanup();
575
}
576

577

578
ATF_TC_WITH_CLEANUP(getaudit_failure);
579
ATF_TC_HEAD(getaudit_failure, tc)
580
{
581
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
582
					"getaudit(2) call");
583
}
584

585
ATF_TC_BODY(getaudit_failure, tc)
586
{
587
	pid = getpid();
588
	snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
589

590
	FILE *pipefd = setup(fds, auclass);
591
	/* Failure reason: Bad address */
592
	ATF_REQUIRE_EQ(-1, getaudit(NULL));
593
	check_audit(fds, adregex, pipefd);
594
}
595

596
ATF_TC_CLEANUP(getaudit_failure, tc)
597
{
598
	cleanup();
599
}
600

601

602
ATF_TC_WITH_CLEANUP(setaudit_success);
603
ATF_TC_HEAD(setaudit_success, tc)
604
{
605
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
606
					"setaudit(2) call");
607
}
608

609
ATF_TC_BODY(setaudit_success, tc)
610
{
611
	pid = getpid();
612
	auditinfo_t auditinfo;
613
	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
614
	ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
615

616
	FILE *pipefd = setup(fds, auclass);
617
	ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
618
	check_audit(fds, adregex, pipefd);
619
}
620

621
ATF_TC_CLEANUP(setaudit_success, tc)
622
{
623
	cleanup();
624
}
625

626

627
ATF_TC_WITH_CLEANUP(setaudit_failure);
628
ATF_TC_HEAD(setaudit_failure, tc)
629
{
630
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
631
					"setaudit(2) call");
632
}
633

634
ATF_TC_BODY(setaudit_failure, tc)
635
{
636
	pid = getpid();
637
	snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
638

639
	FILE *pipefd = setup(fds, auclass);
640
	/* Failure reason: Bad address */
641
	ATF_REQUIRE_EQ(-1, setaudit(NULL));
642
	check_audit(fds, adregex, pipefd);
643
}
644

645
ATF_TC_CLEANUP(setaudit_failure, tc)
646
{
647
	cleanup();
648
}
649

650

651
ATF_TC_WITH_CLEANUP(getaudit_addr_success);
652
ATF_TC_HEAD(getaudit_addr_success, tc)
653
{
654
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
655
					"getaudit_addr(2) call");
656
}
657

658
ATF_TC_BODY(getaudit_addr_success, tc)
659
{
660
	pid = getpid();
661
	auditinfo_addr_t auditinfo;
662
	snprintf(adregex, sizeof(adregex),
663
		"getaudit_addr.*%d.*return,success", pid);
664

665
	FILE *pipefd = setup(fds, auclass);
666
	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
667
	check_audit(fds, adregex, pipefd);
668
}
669

670
ATF_TC_CLEANUP(getaudit_addr_success, tc)
671
{
672
	cleanup();
673
}
674

675

676
ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
677
ATF_TC_HEAD(getaudit_addr_failure, tc)
678
{
679
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
680
					"getaudit_addr(2) call");
681
}
682

683
ATF_TC_BODY(getaudit_addr_failure, tc)
684
{
685
	pid = getpid();
686
	snprintf(adregex, sizeof(adregex),
687
		"getaudit_addr.*%d.*return,failure", pid);
688

689
	FILE *pipefd = setup(fds, auclass);
690
	/* Failure reason: Bad address */
691
	ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
692
	check_audit(fds, adregex, pipefd);
693
}
694

695
ATF_TC_CLEANUP(getaudit_addr_failure, tc)
696
{
697
	cleanup();
698
}
699

700

701
ATF_TC_WITH_CLEANUP(setaudit_addr_success);
702
ATF_TC_HEAD(setaudit_addr_success, tc)
703
{
704
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
705
					"setaudit_addr(2) call");
706
}
707

708
ATF_TC_BODY(setaudit_addr_success, tc)
709
{
710
	pid = getpid();
711
	auditinfo_addr_t auditinfo;
712
	snprintf(adregex, sizeof(adregex),
713
		"setaudit_addr.*%d.*return,success", pid);
714

715
	ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
716
	FILE *pipefd = setup(fds, auclass);
717
	ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
718
	check_audit(fds, adregex, pipefd);
719
}
720

721
ATF_TC_CLEANUP(setaudit_addr_success, tc)
722
{
723
	cleanup();
724
}
725

726

727
ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
728
ATF_TC_HEAD(setaudit_addr_failure, tc)
729
{
730
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
731
					"setaudit_addr(2) call");
732
}
733

734
ATF_TC_BODY(setaudit_addr_failure, tc)
735
{
736
	pid = getpid();
737
	snprintf(adregex, sizeof(adregex),
738
		"setaudit_addr.*%d.*return,failure", pid);
739

740
	FILE *pipefd = setup(fds, auclass);
741
	/* Failure reason: Bad address */
742
	ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
743
	check_audit(fds, adregex, pipefd);
744
}
745

746
ATF_TC_CLEANUP(setaudit_addr_failure, tc)
747
{
748
	cleanup();
749
}
750

751
/*
752
 * Note: The test-case uses A_GETFSIZE as the command argument but since it is
753
 * not an independent audit event, it will be used to check the default mode
754
 * auditing of auditon(2) system call.
755
 *
756
 * Please See: sys/security/audit/audit_bsm_klib.c
757
 * function(): au_event_t auditon_command_event() :: case A_GETFSIZE:
758
 */
759
ATF_TC_WITH_CLEANUP(auditon_default_success);
760
ATF_TC_HEAD(auditon_default_success, tc)
761
{
762
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
763
					"auditon(2) call");
764
}
765

766
ATF_TC_BODY(auditon_default_success, tc)
767
{
768
	au_fstat_t fsize_arg;
769
	bzero(&fsize_arg, sizeof(au_fstat_t));
770

771
	pid = getpid();
772
	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
773

774
	FILE *pipefd = setup(fds, auclass);
775
	ATF_REQUIRE_EQ(0, auditon(A_GETFSIZE, &fsize_arg, sizeof(fsize_arg)));
776
	check_audit(fds, adregex, pipefd);
777
}
778

779
ATF_TC_CLEANUP(auditon_default_success, tc)
780
{
781
	cleanup();
782
}
783

784

785
ATF_TC_WITH_CLEANUP(auditon_default_failure);
786
ATF_TC_HEAD(auditon_default_failure, tc)
787
{
788
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
789
					"auditon(2) call");
790
}
791

792
ATF_TC_BODY(auditon_default_failure, tc)
793
{
794
	pid = getpid();
795
	snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
796

797
	FILE *pipefd = setup(fds, auclass);
798
	/* Failure reason: Invalid argument */
799
	ATF_REQUIRE_EQ(-1, auditon(A_GETFSIZE, NULL, 0));
800
	check_audit(fds, adregex, pipefd);
801
}
802

803
ATF_TC_CLEANUP(auditon_default_failure, tc)
804
{
805
	cleanup();
806
}
807

808

809
ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
810
ATF_TC_HEAD(auditon_getpolicy_success, tc)
811
{
812
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
813
					"auditon(2) call for cmd: A_GETPOLICY");
814
}
815

816
ATF_TC_BODY(auditon_getpolicy_success, tc)
817
{
818
	int aupolicy;
819
	pid = getpid();
820
	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
821

822
	FILE *pipefd = setup(fds, auclass);
823
	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
824
	check_audit(fds, adregex, pipefd);
825
}
826

827
ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
828
{
829
	cleanup();
830
}
831

832

833
ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
834
ATF_TC_HEAD(auditon_getpolicy_failure, tc)
835
{
836
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
837
					"auditon(2) call for cmd: A_GETPOLICY");
838
}
839

840
ATF_TC_BODY(auditon_getpolicy_failure, tc)
841
{
842
	pid = getpid();
843
	snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
844

845
	FILE *pipefd = setup(fds, auclass);
846
	/* Failure reason: Invalid argument */
847
	ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
848
	check_audit(fds, adregex, pipefd);
849
}
850

851
ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
852
{
853
	cleanup();
854
}
855

856

857
ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
858
ATF_TC_HEAD(auditon_setpolicy_success, tc)
859
{
860
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
861
					"auditon(2) call for cmd: A_SETPOLICY");
862
}
863

864
ATF_TC_BODY(auditon_setpolicy_success, tc)
865
{
866
	int aupolicy;
867
	pid = getpid();
868
	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
869

870
	/* Retrieve the current auditing policy, to be used with A_SETPOLICY */
871
	ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
872
	FILE *pipefd = setup(fds, auclass);
873
	ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
874
	check_audit(fds, adregex, pipefd);
875
}
876

877
ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
878
{
879
	cleanup();
880
}
881

882

883
ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
884
ATF_TC_HEAD(auditon_setpolicy_failure, tc)
885
{
886
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
887
					"auditon(2) call for cmd: A_SETPOLICY");
888
}
889

890
ATF_TC_BODY(auditon_setpolicy_failure, tc)
891
{
892
	pid = getpid();
893
	snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
894

895
	FILE *pipefd = setup(fds, auclass);
896
	/* Failure reason: Invalid argument */
897
	ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
898
	check_audit(fds, adregex, pipefd);
899
}
900

901
ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
902
{
903
	cleanup();
904
}
905

906

907
ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
908
ATF_TC_HEAD(auditon_getkmask_success, tc)
909
{
910
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
911
					"auditon(2) call for cmd: A_GETKMASK");
912
}
913

914
ATF_TC_BODY(auditon_getkmask_success, tc)
915
{
916
	pid = getpid();
917
	au_mask_t evmask;
918
	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
919

920
	bzero(&evmask, sizeof(evmask));
921
	FILE *pipefd = setup(fds, auclass);
922
	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
923
	check_audit(fds, adregex, pipefd);
924
}
925

926
ATF_TC_CLEANUP(auditon_getkmask_success, tc)
927
{
928
	cleanup();
929
}
930

931

932
ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
933
ATF_TC_HEAD(auditon_getkmask_failure, tc)
934
{
935
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
936
					"auditon(2) call for cmd: A_GETKMASK");
937
}
938

939
ATF_TC_BODY(auditon_getkmask_failure, tc)
940
{
941
	pid = getpid();
942
	snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
943

944
	FILE *pipefd = setup(fds, auclass);
945
	/* Failure reason: Invalid au_mask_t structure */
946
	ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
947
	check_audit(fds, adregex, pipefd);
948
}
949

950
ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
951
{
952
	cleanup();
953
}
954

955

956
ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
957
ATF_TC_HEAD(auditon_setkmask_success, tc)
958
{
959
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
960
					"auditon(2) call for cmd: A_SETKMASK");
961
}
962

963
ATF_TC_BODY(auditon_setkmask_success, tc)
964
{
965
	pid = getpid();
966
	au_mask_t evmask;
967
	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
968

969
	/* Retrieve the current audit mask to be used with A_SETKMASK */
970
	bzero(&evmask, sizeof(evmask));
971
	ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
972

973
	FILE *pipefd = setup(fds, auclass);
974
	ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
975
	check_audit(fds, adregex, pipefd);
976
}
977

978
ATF_TC_CLEANUP(auditon_setkmask_success, tc)
979
{
980
	cleanup();
981
}
982

983

984
ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
985
ATF_TC_HEAD(auditon_setkmask_failure, tc)
986
{
987
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
988
					"auditon(2) call for cmd: A_SETKMASK");
989
}
990

991
ATF_TC_BODY(auditon_setkmask_failure, tc)
992
{
993
	pid = getpid();
994
	snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
995

996
	FILE *pipefd = setup(fds, auclass);
997
	/* Failure reason: Invalid au_mask_t structure */
998
	ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
999
	check_audit(fds, adregex, pipefd);
1000
}
1001

1002
ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
1003
{
1004
	cleanup();
1005
}
1006

1007

1008
ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
1009
ATF_TC_HEAD(auditon_getqctrl_success, tc)
1010
{
1011
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1012
					"auditon(2) call for cmd: A_GETQCTRL");
1013
}
1014

1015
ATF_TC_BODY(auditon_getqctrl_success, tc)
1016
{
1017
	pid = getpid();
1018
	au_qctrl_t evqctrl;
1019
	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
1020

1021
	bzero(&evqctrl, sizeof(evqctrl));
1022
	FILE *pipefd = setup(fds, auclass);
1023
	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1024
	check_audit(fds, adregex, pipefd);
1025
}
1026

1027
ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
1028
{
1029
	cleanup();
1030
}
1031

1032

1033
ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
1034
ATF_TC_HEAD(auditon_getqctrl_failure, tc)
1035
{
1036
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1037
					"auditon(2) call for cmd: A_GETQCTRL");
1038
}
1039

1040
ATF_TC_BODY(auditon_getqctrl_failure, tc)
1041
{
1042
	pid = getpid();
1043
	snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
1044

1045
	FILE *pipefd = setup(fds, auclass);
1046
	/* Failure reason: Invalid au_qctrl_t structure */
1047
	ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
1048
	check_audit(fds, adregex, pipefd);
1049
}
1050

1051
ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
1052
{
1053
	cleanup();
1054
}
1055

1056

1057
ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
1058
ATF_TC_HEAD(auditon_setqctrl_success, tc)
1059
{
1060
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1061
					"auditon(2) call for cmd: A_SETKMASK");
1062
}
1063

1064
ATF_TC_BODY(auditon_setqctrl_success, tc)
1065
{
1066
	pid = getpid();
1067
	au_qctrl_t evqctrl;
1068
	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
1069

1070
	/* Retrieve the current audit mask to be used with A_SETQCTRL */
1071
	bzero(&evqctrl, sizeof(evqctrl));
1072
	ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
1073

1074
	FILE *pipefd = setup(fds, auclass);
1075
	ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
1076
	check_audit(fds, adregex, pipefd);
1077
}
1078

1079
ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
1080
{
1081
	cleanup();
1082
}
1083

1084

1085
ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
1086
ATF_TC_HEAD(auditon_setqctrl_failure, tc)
1087
{
1088
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1089
					"auditon(2) call for cmd: A_SETKMASK");
1090
}
1091

1092
ATF_TC_BODY(auditon_setqctrl_failure, tc)
1093
{
1094
	pid = getpid();
1095
	snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
1096

1097
	FILE *pipefd = setup(fds, auclass);
1098
	/* Failure reason: Invalid au_qctrl_t structure */
1099
	ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
1100
	check_audit(fds, adregex, pipefd);
1101
}
1102

1103
ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
1104
{
1105
	cleanup();
1106
}
1107

1108

1109
ATF_TC_WITH_CLEANUP(auditon_getclass_success);
1110
ATF_TC_HEAD(auditon_getclass_success, tc)
1111
{
1112
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1113
					"auditon(2) call for cmd: A_GETCLASS");
1114
}
1115

1116
ATF_TC_BODY(auditon_getclass_success, tc)
1117
{
1118
	pid = getpid();
1119
	au_evclass_map_t evclass;
1120
	snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
1121

1122
	/* Initialize evclass to get the event-class mapping for auditon(2) */
1123
	evclass.ec_number = AUE_AUDITON;
1124
	evclass.ec_class = 0;
1125
	FILE *pipefd = setup(fds, auclass);
1126
	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1127
	check_audit(fds, adregex, pipefd);
1128
}
1129

1130
ATF_TC_CLEANUP(auditon_getclass_success, tc)
1131
{
1132
	cleanup();
1133
}
1134

1135

1136
ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
1137
ATF_TC_HEAD(auditon_getclass_failure, tc)
1138
{
1139
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1140
					"auditon(2) call for cmd: A_GETCLASS");
1141
}
1142

1143
ATF_TC_BODY(auditon_getclass_failure, tc)
1144
{
1145
	pid = getpid();
1146
	snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
1147

1148
	FILE *pipefd = setup(fds, auclass);
1149
	/* Failure reason: Invalid au_evclass_map_t structure */
1150
	ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
1151
	check_audit(fds, adregex, pipefd);
1152
}
1153

1154
ATF_TC_CLEANUP(auditon_getclass_failure, tc)
1155
{
1156
	cleanup();
1157
}
1158

1159

1160
ATF_TC_WITH_CLEANUP(auditon_setclass_success);
1161
ATF_TC_HEAD(auditon_setclass_success, tc)
1162
{
1163
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1164
					"auditon(2) call for cmd: A_SETCLASS");
1165
}
1166

1167
ATF_TC_BODY(auditon_setclass_success, tc)
1168
{
1169
	pid = getpid();
1170
	au_evclass_map_t evclass;
1171
	snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
1172

1173
	/* Initialize evclass and get the event-class mapping for auditon(2) */
1174
	evclass.ec_number = AUE_AUDITON;
1175
	evclass.ec_class = 0;
1176
	ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
1177

1178
	FILE *pipefd = setup(fds, auclass);
1179
	ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
1180
	check_audit(fds, adregex, pipefd);
1181
}
1182

1183
ATF_TC_CLEANUP(auditon_setclass_success, tc)
1184
{
1185
	cleanup();
1186
}
1187

1188

1189
ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
1190
ATF_TC_HEAD(auditon_setclass_failure, tc)
1191
{
1192
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1193
					"auditon(2) call for cmd: A_SETCLASS");
1194
}
1195

1196
ATF_TC_BODY(auditon_setclass_failure, tc)
1197
{
1198
	pid = getpid();
1199
	snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
1200

1201
	FILE *pipefd = setup(fds, auclass);
1202
	/* Failure reason: Invalid au_evclass_map_t structure */
1203
	ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
1204
	check_audit(fds, adregex, pipefd);
1205
}
1206

1207
ATF_TC_CLEANUP(auditon_setclass_failure, tc)
1208
{
1209
	cleanup();
1210
}
1211

1212

1213
ATF_TC_WITH_CLEANUP(auditon_getcond_success);
1214
ATF_TC_HEAD(auditon_getcond_success, tc)
1215
{
1216
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1217
					"auditon(2) call for cmd: A_GETCOND");
1218
}
1219

1220
ATF_TC_BODY(auditon_getcond_success, tc)
1221
{
1222
	int auditcond;
1223
	pid = getpid();
1224
	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
1225

1226
	FILE *pipefd = setup(fds, auclass);
1227
	ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
1228
	check_audit(fds, adregex, pipefd);
1229
}
1230

1231
ATF_TC_CLEANUP(auditon_getcond_success, tc)
1232
{
1233
	cleanup();
1234
}
1235

1236

1237
ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
1238
ATF_TC_HEAD(auditon_getcond_failure, tc)
1239
{
1240
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1241
					"auditon(2) call for cmd: A_GETCOND");
1242
}
1243

1244
ATF_TC_BODY(auditon_getcond_failure, tc)
1245
{
1246
	pid = getpid();
1247
	snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
1248

1249
	FILE *pipefd = setup(fds, auclass);
1250
	/* Failure reason: Invalid argument */
1251
	ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
1252
	check_audit(fds, adregex, pipefd);
1253
}
1254

1255
ATF_TC_CLEANUP(auditon_getcond_failure, tc)
1256
{
1257
	cleanup();
1258
}
1259

1260

1261
ATF_TC_WITH_CLEANUP(auditon_setcond_success);
1262
ATF_TC_HEAD(auditon_setcond_success, tc)
1263
{
1264
	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1265
					"auditon(2) call for cmd: A_SETCOND");
1266
}
1267

1268
ATF_TC_BODY(auditon_setcond_success, tc)
1269
{
1270
	int auditcond = AUC_AUDITING;
1271
	pid = getpid();
1272
	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
1273

1274
	FILE *pipefd = setup(fds, auclass);
1275
	/* At this point auditd is running, so the audit state is AUC_AUDITING */
1276
	ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
1277
	check_audit(fds, adregex, pipefd);
1278
}
1279

1280
ATF_TC_CLEANUP(auditon_setcond_success, tc)
1281
{
1282
	cleanup();
1283
}
1284

1285

1286
ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
1287
ATF_TC_HEAD(auditon_setcond_failure, tc)
1288
{
1289
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1290
					"auditon(2) call for cmd: A_SETCOND");
1291
}
1292

1293
ATF_TC_BODY(auditon_setcond_failure, tc)
1294
{
1295
	pid = getpid();
1296
	snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
1297

1298
	FILE *pipefd = setup(fds, auclass);
1299
	/* Failure reason: Invalid argument */
1300
	ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
1301
	check_audit(fds, adregex, pipefd);
1302
}
1303

1304
ATF_TC_CLEANUP(auditon_setcond_failure, tc)
1305
{
1306
	cleanup();
1307
}
1308

1309
/*
1310
 * Following test-cases for auditon(2) are all in failure mode only as although
1311
 * auditable, they have not been implemented and return ENOSYS whenever called.
1312
 *
1313
 * Commands: A_GETCWD  A_GETCAR  A_GETSTAT  A_SETSTAT  A_SETUMASK  A_SETSMASK
1314
 */
1315

1316
ATF_TC_WITH_CLEANUP(auditon_getcwd_failure);
1317
ATF_TC_HEAD(auditon_getcwd_failure, tc)
1318
{
1319
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1320
					"auditon(2) call for cmd: A_GETCWD");
1321
}
1322

1323
ATF_TC_BODY(auditon_getcwd_failure, tc)
1324
{
1325
	pid = getpid();
1326
	snprintf(adregex, sizeof(adregex), "get cwd.*%d.*failure", pid);
1327

1328
	FILE *pipefd = setup(fds, auclass);
1329
	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCWD, &auditon_def,
1330
		sizeof(auditon_def)) == -1);
1331
	check_audit(fds, adregex, pipefd);
1332
}
1333

1334
ATF_TC_CLEANUP(auditon_getcwd_failure, tc)
1335
{
1336
	cleanup();
1337
}
1338

1339

1340
ATF_TC_WITH_CLEANUP(auditon_getcar_failure);
1341
ATF_TC_HEAD(auditon_getcar_failure, tc)
1342
{
1343
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1344
					"auditon(2) call for cmd: A_GETCAR");
1345
}
1346

1347
ATF_TC_BODY(auditon_getcar_failure, tc)
1348
{
1349
	pid = getpid();
1350
	snprintf(adregex, sizeof(adregex), "get car.*%d.*failure", pid);
1351

1352
	FILE *pipefd = setup(fds, auclass);
1353
	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETCAR, &auditon_def,
1354
		sizeof(auditon_def)) == -1);
1355
	check_audit(fds, adregex, pipefd);
1356
}
1357

1358
ATF_TC_CLEANUP(auditon_getcar_failure, tc)
1359
{
1360
	cleanup();
1361
}
1362

1363

1364
ATF_TC_WITH_CLEANUP(auditon_getstat_failure);
1365
ATF_TC_HEAD(auditon_getstat_failure, tc)
1366
{
1367
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1368
					"auditon(2) call for cmd: A_GETSTAT");
1369
}
1370

1371
ATF_TC_BODY(auditon_getstat_failure, tc)
1372
{
1373
	pid = getpid();
1374
	snprintf(adregex, sizeof(adregex),
1375
		"get audit statistics.*%d.*return,failure", pid);
1376

1377
	FILE *pipefd = setup(fds, auclass);
1378
	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_GETSTAT, &auditon_def,
1379
		sizeof(auditon_def)) == -1);
1380
	check_audit(fds, adregex, pipefd);
1381
}
1382

1383
ATF_TC_CLEANUP(auditon_getstat_failure, tc)
1384
{
1385
	cleanup();
1386
}
1387

1388

1389
ATF_TC_WITH_CLEANUP(auditon_setstat_failure);
1390
ATF_TC_HEAD(auditon_setstat_failure, tc)
1391
{
1392
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1393
					"auditon(2) call for cmd: A_SETSTAT");
1394
}
1395

1396
ATF_TC_BODY(auditon_setstat_failure, tc)
1397
{
1398
	pid = getpid();
1399
	snprintf(adregex, sizeof(adregex),
1400
		"set audit statistics.*%d.*return,failure", pid);
1401

1402
	FILE *pipefd = setup(fds, auclass);
1403
	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSTAT, &auditon_def,
1404
		sizeof(auditon_def)) == -1);
1405
	check_audit(fds, adregex, pipefd);
1406
}
1407

1408
ATF_TC_CLEANUP(auditon_setstat_failure, tc)
1409
{
1410
	cleanup();
1411
}
1412

1413

1414
ATF_TC_WITH_CLEANUP(auditon_setumask_failure);
1415
ATF_TC_HEAD(auditon_setumask_failure, tc)
1416
{
1417
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1418
					"auditon(2) call for cmd: A_SETUMASK");
1419
}
1420

1421
ATF_TC_BODY(auditon_setumask_failure, tc)
1422
{
1423
	pid = getpid();
1424
	snprintf(adregex, sizeof(adregex),
1425
		"set mask per uid.*%d.*return,failure", pid);
1426

1427
	FILE *pipefd = setup(fds, auclass);
1428
	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETUMASK, &auditon_def,
1429
		sizeof(auditon_def)) == -1);
1430
	check_audit(fds, adregex, pipefd);
1431
}
1432

1433
ATF_TC_CLEANUP(auditon_setumask_failure, tc)
1434
{
1435
	cleanup();
1436
}
1437

1438

1439
ATF_TC_WITH_CLEANUP(auditon_setsmask_failure);
1440
ATF_TC_HEAD(auditon_setsmask_failure, tc)
1441
{
1442
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1443
					"auditon(2) call for cmd: A_SETSMASK");
1444
}
1445

1446
ATF_TC_BODY(auditon_setsmask_failure, tc)
1447
{
1448
	pid = getpid();
1449
	snprintf(adregex, sizeof(adregex),
1450
		"set mask per session.*%d.*return,failure", pid);
1451

1452
	FILE *pipefd = setup(fds, auclass);
1453
	ATF_REQUIRE_ERRNO(ENOSYS, auditon(A_SETSMASK, &auditon_def,
1454
		sizeof(auditon_def)) == -1);
1455
	check_audit(fds, adregex, pipefd);
1456
}
1457

1458
ATF_TC_CLEANUP(auditon_setsmask_failure, tc)
1459
{
1460
	cleanup();
1461
}
1462

1463

1464
/*
1465
 * Audit of reboot(2) cannot be tested in normal conditions as we don't want
1466
 * to reboot the system while running the tests
1467
 */
1468

1469

1470
ATF_TC_WITH_CLEANUP(reboot_failure);
1471
ATF_TC_HEAD(reboot_failure, tc)
1472
{
1473
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1474
					"reboot(2) call");
1475
}
1476

1477
ATF_TC_BODY(reboot_failure, tc)
1478
{
1479
	pid = getpid();
1480
	snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid);
1481

1482
	FILE *pipefd = setup(fds, auclass);
1483
	ATF_REQUIRE_EQ(-1, reboot(-1));
1484
	check_audit(fds, adregex, pipefd);
1485
}
1486

1487
ATF_TC_CLEANUP(reboot_failure, tc)
1488
{
1489
	cleanup();
1490
}
1491

1492

1493
/*
1494
 * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
1495
 * to tamper with filesystem quotas
1496
 */
1497

1498

1499
ATF_TC_WITH_CLEANUP(quotactl_failure);
1500
ATF_TC_HEAD(quotactl_failure, tc)
1501
{
1502
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1503
					"quotactl(2) call");
1504
}
1505

1506
ATF_TC_BODY(quotactl_failure, tc)
1507
{
1508
	pid = getpid();
1509
	snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid);
1510

1511
	FILE *pipefd = setup(fds, auclass);
1512
	ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
1513
	check_audit(fds, adregex, pipefd);
1514
}
1515

1516
ATF_TC_CLEANUP(quotactl_failure, tc)
1517
{
1518
	cleanup();
1519
}
1520

1521

1522
ATF_TC_WITH_CLEANUP(mount_failure);
1523
ATF_TC_HEAD(mount_failure, tc)
1524
{
1525
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1526
					"mount(2) call");
1527
}
1528

1529
ATF_TC_BODY(mount_failure, tc)
1530
{
1531
	pid = getpid();
1532
	snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid);
1533

1534
	FILE *pipefd = setup(fds, auclass);
1535
	ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
1536
	check_audit(fds, adregex, pipefd);
1537
}
1538

1539
ATF_TC_CLEANUP(mount_failure, tc)
1540
{
1541
	cleanup();
1542
}
1543

1544

1545
ATF_TC_WITH_CLEANUP(nmount_failure);
1546
ATF_TC_HEAD(nmount_failure, tc)
1547
{
1548
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1549
					"nmount(2) call");
1550
}
1551

1552
ATF_TC_BODY(nmount_failure, tc)
1553
{
1554
	pid = getpid();
1555
	snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid);
1556

1557
	FILE *pipefd = setup(fds, auclass);
1558
	ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
1559
	check_audit(fds, adregex, pipefd);
1560
}
1561

1562
ATF_TC_CLEANUP(nmount_failure, tc)
1563
{
1564
	cleanup();
1565
}
1566

1567

1568
ATF_TC_WITH_CLEANUP(swapon_failure);
1569
ATF_TC_HEAD(swapon_failure, tc)
1570
{
1571
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1572
					"swapon(2) call");
1573
}
1574

1575
ATF_TC_BODY(swapon_failure, tc)
1576
{
1577
	pid = getpid();
1578
	snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid);
1579

1580
	FILE *pipefd = setup(fds, auclass);
1581
	/* Failure reason: Block device required */
1582
	ATF_REQUIRE_EQ(-1, swapon(path));
1583
	check_audit(fds, adregex, pipefd);
1584
}
1585

1586
ATF_TC_CLEANUP(swapon_failure, tc)
1587
{
1588
	cleanup();
1589
}
1590

1591

1592
ATF_TC_WITH_CLEANUP(swapoff_failure);
1593
ATF_TC_HEAD(swapoff_failure, tc)
1594
{
1595
	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1596
					"swapoff(2) call");
1597
}
1598

1599
ATF_TC_BODY(swapoff_failure, tc)
1600
{
1601
	pid = getpid();
1602
	snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid);
1603

1604
	FILE *pipefd = setup(fds, auclass);
1605
	/* Failure reason: Block device required */
1606
	ATF_REQUIRE_EQ(-1, swapoff(path, 0));
1607
	check_audit(fds, adregex, pipefd);
1608
}
1609

1610
ATF_TC_CLEANUP(swapoff_failure, tc)
1611
{
1612
	cleanup();
1613
}
1614

1615

1616
ATF_TP_ADD_TCS(tp)
1617
{
1618
	ATF_TP_ADD_TC(tp, settimeofday_success);
1619
	ATF_TP_ADD_TC(tp, settimeofday_failure);
1620
	ATF_TP_ADD_TC(tp, clock_settime_success);
1621
	ATF_TP_ADD_TC(tp, clock_settime_failure);
1622
	ATF_TP_ADD_TC(tp, adjtime_success);
1623
	ATF_TP_ADD_TC(tp, adjtime_failure);
1624
	ATF_TP_ADD_TC(tp, ntp_adjtime_success);
1625
	ATF_TP_ADD_TC(tp, ntp_adjtime_failure);
1626

1627
	ATF_TP_ADD_TC(tp, nfs_getfh_success);
1628
	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
1629
	ATF_TP_ADD_TC(tp, acct_success);
1630
	ATF_TP_ADD_TC(tp, acct_failure);
1631
	ATF_TP_ADD_TC(tp, auditctl_success);
1632
	ATF_TP_ADD_TC(tp, auditctl_failure);
1633

1634
	ATF_TP_ADD_TC(tp, getauid_success);
1635
	ATF_TP_ADD_TC(tp, getauid_failure);
1636
	ATF_TP_ADD_TC(tp, setauid_success);
1637
	ATF_TP_ADD_TC(tp, setauid_failure);
1638

1639
	ATF_TP_ADD_TC(tp, getaudit_success);
1640
	ATF_TP_ADD_TC(tp, getaudit_failure);
1641
	ATF_TP_ADD_TC(tp, setaudit_success);
1642
	ATF_TP_ADD_TC(tp, setaudit_failure);
1643

1644
	ATF_TP_ADD_TC(tp, getaudit_addr_success);
1645
	ATF_TP_ADD_TC(tp, getaudit_addr_failure);
1646
	ATF_TP_ADD_TC(tp, setaudit_addr_success);
1647
	ATF_TP_ADD_TC(tp, setaudit_addr_failure);
1648

1649
	ATF_TP_ADD_TC(tp, auditon_default_success);
1650
	ATF_TP_ADD_TC(tp, auditon_default_failure);
1651

1652
	ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
1653
	ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
1654
	ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
1655
	ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
1656

1657
	ATF_TP_ADD_TC(tp, auditon_getkmask_success);
1658
	ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
1659
	ATF_TP_ADD_TC(tp, auditon_setkmask_success);
1660
	ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
1661

1662
	ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
1663
	ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
1664
	ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
1665
	ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
1666

1667
	ATF_TP_ADD_TC(tp, auditon_getclass_success);
1668
	ATF_TP_ADD_TC(tp, auditon_getclass_failure);
1669
	ATF_TP_ADD_TC(tp, auditon_setclass_success);
1670
	ATF_TP_ADD_TC(tp, auditon_setclass_failure);
1671

1672
	ATF_TP_ADD_TC(tp, auditon_getcond_success);
1673
	ATF_TP_ADD_TC(tp, auditon_getcond_failure);
1674
	ATF_TP_ADD_TC(tp, auditon_setcond_success);
1675
	ATF_TP_ADD_TC(tp, auditon_setcond_failure);
1676

1677
	ATF_TP_ADD_TC(tp, auditon_getcwd_failure);
1678
	ATF_TP_ADD_TC(tp, auditon_getcar_failure);
1679
	ATF_TP_ADD_TC(tp, auditon_getstat_failure);
1680
	ATF_TP_ADD_TC(tp, auditon_setstat_failure);
1681
	ATF_TP_ADD_TC(tp, auditon_setumask_failure);
1682
	ATF_TP_ADD_TC(tp, auditon_setsmask_failure);
1683

1684
	ATF_TP_ADD_TC(tp, reboot_failure);
1685
	ATF_TP_ADD_TC(tp, quotactl_failure);
1686
	ATF_TP_ADD_TC(tp, mount_failure);
1687
	ATF_TP_ADD_TC(tp, nmount_failure);
1688
	ATF_TP_ADD_TC(tp, swapon_failure);
1689
	ATF_TP_ADD_TC(tp, swapoff_failure);
1690

1691
	return (atf_no_error());
1692
}
1693

1694