Index: tests/sys/auditpipe/auditpipe_test.c =================================================================== --- tests/sys/auditpipe/auditpipe_test.c +++ tests/sys/auditpipe/auditpipe_test.c @@ -32,6 +32,7 @@ #include #include +#include #include #include @@ -84,7 +85,7 @@ int test_qlimit, curr_qlimit, recv_qlimit; ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); - /* Retreive the current QLIMIT value and store it in a file */ + /* Retrieve the current QLIMIT value and store it in a file */ ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_GET_QLIMIT, &curr_qlimit)); ATF_REQUIRE((fileptr = fopen("qlimit_store", "a")) != NULL); ATF_REQUIRE_EQ(sizeof(curr_qlimit), @@ -155,6 +156,44 @@ } +ATF_TC(auditpipe_qlimit_more_than_qlimit_min); +ATF_TC_HEAD(auditpipe_qlimit_more_than_qlimit_min, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies that limit for audit records " + "in auditpipe cannot be less than QLIMIT_MIN "); +} + +ATF_TC_BODY(auditpipe_qlimit_more_than_qlimit_min, tc) +{ + int qlim_min; + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_GET_QLIMIT_MIN, &qlim_min)); + + qlim_min -= 1; + ATF_REQUIRE_EQ(-1, ioctl(filedesc, AUDITPIPE_SET_QLIMIT, &qlim_min)); + close(filedesc); +} + + +ATF_TC(auditpipe_qlimit_less_than_qlimit_max); +ATF_TC_HEAD(auditpipe_qlimit_less_than_qlimit_max, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies that limit for audit records " + "in auditpipe cannot be more than QLIMIT_MAX "); +} + +ATF_TC_BODY(auditpipe_qlimit_less_than_qlimit_max, tc) +{ + int qlim_max; + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_GET_QLIMIT_MAX, &qlim_max)); + + qlim_max += 1; + ATF_REQUIRE_EQ(-1, ioctl(filedesc, AUDITPIPE_SET_QLIMIT, &qlim_max)); + close(filedesc); +} + + ATF_TC(auditpipe_get_maxauditdata); ATF_TC_HEAD(auditpipe_get_maxauditdata, tc) { @@ -172,6 +211,185 @@ } +ATF_TC(auditpipe_flush); +ATF_TC_HEAD(auditpipe_flush, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies whether the auditpipe ioctl, " + "AUDITPIPE_FLUSH works properly"); +} + +ATF_TC_BODY(auditpipe_flush, tc) +{ + int qlen, aucond; + int aupause = AUC_NOAUDIT; + int auresume = AUC_AUDITING; + + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_FLUSH)); + + /* + * Stop auditing to make sure no events are emitted in auditpipe + * in between calling AUDITPIPE_FLUSH and AUDITPIPE_GET_QLEN + */ + ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &aucond, sizeof(int))); + if (aucond == AUC_AUDITING) + ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &aupause, sizeof(int))); + + /* AUDITPIPE_FLUSH clears any outstanding record in auditpipe */ + ATF_CHECK_EQ(0, ioctl(filedesc, AUDITPIPE_GET_QLEN, &qlen)); + ATF_CHECK_EQ(0, qlen); + + /* Restore the earlier state of auditing, if it was enabled */ + if (aucond == AUC_AUDITING) + ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auresume, sizeof(int))); + close(filedesc); +} + + +ATF_TC(auditpipe_get_preselect_mode); +ATF_TC_HEAD(auditpipe_get_preselect_mode, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies whether the auditpipe ioctl, " + "AUDITPIPE_GET_PRESELECT_MODE works properly"); +} + +ATF_TC_BODY(auditpipe_get_preselect_mode, tc) +{ + int mode = -1; + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_GET_PRESELECT_MODE, &mode)); + ATF_REQUIRE(mode != -1); + close(filedesc); +} + + +ATF_TC(auditpipe_set_preselect_mode); +ATF_TC_HEAD(auditpipe_set_preselect_mode, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies whether the auditpipe ioctl, " + "AUDITPIPE_SET_PRESELECT_MODE works properly"); +} + +ATF_TC_BODY(auditpipe_set_preselect_mode, tc) +{ + int recv_mode; + int mode = AUDITPIPE_PRESELECT_MODE_LOCAL; + + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_SET_PRESELECT_MODE, &mode)); + ATF_REQUIRE_EQ(0, ioctl(filedesc, + AUDITPIPE_GET_PRESELECT_MODE, &recv_mode)); + ATF_REQUIRE_EQ(mode, recv_mode); + close(filedesc); +} + + +ATF_TC(auditpipe_get_preselect_flags); +ATF_TC_HEAD(auditpipe_get_preselect_flags, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies whether the auditpipe ioctl, " + "AUDITPIPE_GET_PRESELECT_FLAGS works properly"); +} + +ATF_TC_BODY(auditpipe_get_preselect_flags, tc) +{ + au_mask_t fmask = { + .am_success = UINT_MAX, + .am_failure = UINT_MAX + }; + + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE_EQ(0, ioctl(filedesc, + AUDITPIPE_GET_PRESELECT_FLAGS, &fmask)); + + /* Check if both success and failure bits are set by this ioctl */ + ATF_REQUIRE(fmask.am_success != UINT_MAX); + ATF_REQUIRE(fmask.am_failure != UINT_MAX); + close(filedesc); +} + + +ATF_TC(auditpipe_set_preselect_flags); +ATF_TC_HEAD(auditpipe_set_preselect_flags, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies whether the auditpipe ioctl, " + "AUDITPIPE_SET_PRESELECT_FLAGS works properly"); +} + +ATF_TC_BODY(auditpipe_set_preselect_flags, tc) +{ + int mode = AUDITPIPE_PRESELECT_MODE_LOCAL; + au_mask_t fmask, gmask; + bzero(&fmask, sizeof(fmask)); + + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + /* Set local mode auditing to not alter the system wide audit mask */ + ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_SET_PRESELECT_MODE, &mode)); + ATF_REQUIRE_EQ(0, ioctl(filedesc, + AUDITPIPE_SET_PRESELECT_FLAGS, &fmask)); + ATF_REQUIRE_EQ(0, ioctl(filedesc, + AUDITPIPE_GET_PRESELECT_FLAGS, &gmask)); + + /* Check if both success and failure bits are set by this ioctl */ + ATF_REQUIRE_EQ(fmask.am_success, gmask.am_success); + ATF_REQUIRE_EQ(fmask.am_failure, gmask.am_failure); + close(filedesc); +} + + +ATF_TC(auditpipe_get_preselect_naflags); +ATF_TC_HEAD(auditpipe_get_preselect_naflags, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies whether the auditpipe ioctl, " + "AUDITPIPE_GET_PRESELECT_NAFLAGS works properly"); +} + +ATF_TC_BODY(auditpipe_get_preselect_naflags, tc) +{ + au_mask_t fmask = { + .am_success = UINT_MAX, + .am_failure = UINT_MAX + }; + + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + ATF_REQUIRE_EQ(0, ioctl(filedesc, + AUDITPIPE_GET_PRESELECT_NAFLAGS, &fmask)); + + /* Check if both success and failure bits are set by this ioctl */ + ATF_REQUIRE(fmask.am_success != UINT_MAX); + ATF_REQUIRE(fmask.am_failure != UINT_MAX); + close(filedesc); +} + + +ATF_TC(auditpipe_set_preselect_naflags); +ATF_TC_HEAD(auditpipe_set_preselect_naflags, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verifies whether the auditpipe ioctl, " + "AUDITPIPE_SET_PRESELECT_NAFLAGS works properly"); +} + +ATF_TC_BODY(auditpipe_set_preselect_naflags, tc) +{ + int mode = AUDITPIPE_PRESELECT_MODE_LOCAL; + au_mask_t fmask, gmask; + bzero(&fmask, sizeof(fmask)); + + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + /* Set local mode auditing to not alter the system wide audit mask */ + ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_SET_PRESELECT_MODE, &mode)); + ATF_REQUIRE_EQ(0, ioctl(filedesc, + AUDITPIPE_SET_PRESELECT_NAFLAGS, &fmask)); + ATF_REQUIRE_EQ(0, ioctl(filedesc, + AUDITPIPE_GET_PRESELECT_NAFLAGS, &gmask)); + + /* Check if both success and failure bits are set correctly */ + ATF_REQUIRE_EQ(fmask.am_success, gmask.am_success); + ATF_REQUIRE_EQ(fmask.am_failure, gmask.am_failure); + close(filedesc); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, auditpipe_get_qlen); @@ -179,7 +397,16 @@ ATF_TP_ADD_TC(tp, auditpipe_set_qlimit); ATF_TP_ADD_TC(tp, auditpipe_get_qlimit_min); ATF_TP_ADD_TC(tp, auditpipe_get_qlimit_max); + ATF_TP_ADD_TC(tp, auditpipe_qlimit_more_than_qlimit_min); + ATF_TP_ADD_TC(tp, auditpipe_qlimit_less_than_qlimit_max); ATF_TP_ADD_TC(tp, auditpipe_get_maxauditdata); + ATF_TP_ADD_TC(tp, auditpipe_flush); + ATF_TP_ADD_TC(tp, auditpipe_get_preselect_mode); + ATF_TP_ADD_TC(tp, auditpipe_set_preselect_mode); + ATF_TP_ADD_TC(tp, auditpipe_get_preselect_flags); + ATF_TP_ADD_TC(tp, auditpipe_set_preselect_flags); + ATF_TP_ADD_TC(tp, auditpipe_get_preselect_naflags); + ATF_TP_ADD_TC(tp, auditpipe_set_preselect_naflags); return (atf_no_error()); }