Index: tests/sys/audit/administrative.c =================================================================== --- tests/sys/audit/administrative.c +++ tests/sys/audit/administrative.c @@ -27,11 +27,16 @@ #include #include +#include +#include #include +#include +#include #include #include #include +#include #include "utils.h" @@ -42,6 +47,7 @@ static char adregex[80]; static const char *auclass = "ad"; static const char *path = "fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; ATF_TC_WITH_CLEANUP(settimeofday_success); @@ -115,7 +121,7 @@ FILE *pipefd = setup(fds, auclass); /* We don't want to change the system time, hence NULL */ - ATF_REQUIRE_EQ(0, adjtime(NULL,NULL)); + ATF_REQUIRE_EQ(0, adjtime(NULL, NULL)); check_audit(fds, adregex, pipefd); } @@ -148,6 +154,52 @@ } +ATF_TC_WITH_CLEANUP(ntp_adjtime_success); +ATF_TC_HEAD(ntp_adjtime_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "ntp_adjtime(2) call"); +} + +ATF_TC_BODY(ntp_adjtime_success, tc) +{ + pid = getpid(); + struct timex timebuff; + snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE(ntp_adjtime(&timebuff) != -1); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(ntp_adjtime_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(ntp_adjtime_failure); +ATF_TC_HEAD(ntp_adjtime_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "ntp_adjtime(2) call"); +} + +ATF_TC_BODY(ntp_adjtime_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(ntp_adjtime_failure, tc) +{ + cleanup(); +} + ATF_TC_WITH_CLEANUP(nfs_getfh_success); ATF_TC_HEAD(nfs_getfh_success, tc) @@ -200,6 +252,53 @@ } +ATF_TC_WITH_CLEANUP(auditctl_success); +ATF_TC_HEAD(auditctl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "auditctl(2) call"); +} + +ATF_TC_BODY(auditctl_success, tc) +{ + /* File needs to exist in order to call auditctl(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, auditctl(path)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(auditctl_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(auditctl_failure); +ATF_TC_HEAD(auditctl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "auditctl(2) call"); +} + +ATF_TC_BODY(auditctl_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, auditctl(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(auditctl_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(getauid_success); ATF_TC_HEAD(getauid_success, tc) { @@ -495,15 +594,158 @@ } +/* + * Audit of reboot(2) cannot be tested in normal conditions as we don't want + * to reboot the system while running the tests + */ + + +ATF_TC_WITH_CLEANUP(reboot_failure); +ATF_TC_HEAD(reboot_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "reboot(2) call"); +} + +ATF_TC_BODY(reboot_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, reboot(-1)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(reboot_failure, tc) +{ + cleanup(); +} + + +/* + * Audit of acct(2) cannot be tested in normal conditions as we don't want + * to enable/disable the collection of system accounting records + */ + + +ATF_TC_WITH_CLEANUP(acct_failure); +ATF_TC_HEAD(acct_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "acct(2) call"); +} + +ATF_TC_BODY(acct_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, acct(path)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(acct_failure, tc) +{ + cleanup(); +} + + +/* + * Audit of quotactl(2) cannot be tested in normal conditions as we don't want + * to tamper with filesystem quotas + */ + + +ATF_TC_WITH_CLEANUP(quotactl_failure); +ATF_TC_HEAD(quotactl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "quotactl(2) call"); +} + +ATF_TC_BODY(quotactl_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(quotactl_failure, tc) +{ + cleanup(); +} + + +/* + * Audit of mount(2) and nmount(2) cannot be tested in normal + * conditions as we are not allowed to mount a filesystem. + */ + + +ATF_TC_WITH_CLEANUP(mount_failure); +ATF_TC_HEAD(mount_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "mount(2) call"); +} + +ATF_TC_BODY(mount_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(mount_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(nmount_failure); +ATF_TC_HEAD(nmount_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "nmount(2) call"); +} + +ATF_TC_BODY(nmount_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(nmount_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, settimeofday_success); ATF_TP_ADD_TC(tp, settimeofday_failure); ATF_TP_ADD_TC(tp, adjtime_success); ATF_TP_ADD_TC(tp, adjtime_failure); + ATF_TP_ADD_TC(tp, ntp_adjtime_success); + ATF_TP_ADD_TC(tp, ntp_adjtime_failure); ATF_TP_ADD_TC(tp, nfs_getfh_success); ATF_TP_ADD_TC(tp, nfs_getfh_failure); + ATF_TP_ADD_TC(tp, auditctl_success); + ATF_TP_ADD_TC(tp, auditctl_failure); ATF_TP_ADD_TC(tp, getauid_success); ATF_TP_ADD_TC(tp, getauid_failure); @@ -520,5 +762,11 @@ ATF_TP_ADD_TC(tp, setaudit_addr_success); ATF_TP_ADD_TC(tp, setaudit_addr_failure); + ATF_TP_ADD_TC(tp, reboot_failure); + ATF_TP_ADD_TC(tp, acct_failure); + ATF_TP_ADD_TC(tp, quotactl_failure); + ATF_TP_ADD_TC(tp, mount_failure); + ATF_TP_ADD_TC(tp, nmount_failure); + return (atf_no_error()); }