D15898.id44531.diff
No OneTemporary
Actions

Size

12 KB

Referenced Files

None

Subscribers

None

D15898.id44531.diff
View Options

	Index: tests/sys/audit/administrative.c
	===================================================================
	--- tests/sys/audit/administrative.c
	+++ tests/sys/audit/administrative.c
	@@ -27,10 +27,20 @@

	#include <sys/param.h>
	#include <sys/mount.h>
	+#include <sys/reboot.h>
	+#include <sys/stat.h>
	+#include <sys/sysctl.h>
	#include <sys/time.h>
	+#include <sys/timespec.h>
	+#include <sys/timex.h>
	+
	+#include <bsm/audit.h>
	+#include <ufs/ufs/quota.h>

	#include <atf-c.h>
	#include <fcntl.h>
	+#include <stdlib.h>
	+#include <time.h>
	#include <unistd.h>

	#include "utils.h"
	@@ -42,6 +52,7 @@
	static char adregex[80];
	static const char *auclass = "ad";
	static const char *path = "fileforaudit";
	+static const char successreg = "fileforaudit.return,success";


	ATF_TC_WITH_CLEANUP(settimeofday_success);
	@@ -101,6 +112,60 @@
	}


	+ATF_TC_WITH_CLEANUP(clock_settime_success);
	+ATF_TC_HEAD(clock_settime_success, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
	+ "clock_settime(2) call");
	+}
	+
	+ATF_TC_BODY(clock_settime_success, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "clock_settime.%d.success", pid);
	+
	+ struct timespec tp;
	+ ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp));
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ /* Setting the same time as obtained by clock_gettime(2) */
	+ ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(clock_settime_success, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(clock_settime_failure);
	+ATF_TC_HEAD(clock_settime_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "clock_settime(2) call");
	+}
	+
	+ATF_TC_BODY(clock_settime_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "clock_settime.%d.failure", pid);
	+
	+ struct timespec tp;
	+ ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp));
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ /* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */
	+ ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(clock_settime_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	ATF_TC_WITH_CLEANUP(adjtime_success);
	ATF_TC_HEAD(adjtime_success, tc)
	{
	@@ -115,7 +180,7 @@

	FILE *pipefd = setup(fds, auclass);
	/* We don't want to change the system time, hence NULL */
	- ATF_REQUIRE_EQ(0, adjtime(NULL,NULL));
	+ ATF_REQUIRE_EQ(0, adjtime(NULL, NULL));
	check_audit(fds, adregex, pipefd);
	}

	@@ -148,6 +213,54 @@
	}


	+ATF_TC_WITH_CLEANUP(ntp_adjtime_success);
	+ATF_TC_HEAD(ntp_adjtime_success, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
	+ "ntp_adjtime(2) call");
	+}
	+
	+ATF_TC_BODY(ntp_adjtime_success, tc)
	+{
	+ struct timex timebuff;
	+ bzero(&timebuff, sizeof(timebuff));
	+
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "ntp_adjtime.%d.success", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE(ntp_adjtime(&timebuff) != -1);
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(ntp_adjtime_success, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(ntp_adjtime_failure);
	+ATF_TC_HEAD(ntp_adjtime_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "ntp_adjtime(2) call");
	+}
	+
	+ATF_TC_BODY(ntp_adjtime_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "ntp_adjtime.%d.failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(ntp_adjtime_failure, tc)
	+{
	+ cleanup();
	+}
	+

	ATF_TC_WITH_CLEANUP(nfs_getfh_success);
	ATF_TC_HEAD(nfs_getfh_success, tc)
	@@ -200,6 +313,185 @@
	}


	+ATF_TC_WITH_CLEANUP(auditctl_success);
	+ATF_TC_HEAD(auditctl_success, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
	+ "auditctl(2) call");
	+}
	+
	+ATF_TC_BODY(auditctl_success, tc)
	+{
	+ /* File needs to exist in order to call auditctl(2) */
	+ ATF_REQUIRE((filedesc = open(path, O_CREAT \| O_WRONLY, mode)) != -1);
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(0, auditctl(path));
	+ check_audit(fds, successreg, pipefd);
	+ close(filedesc);
	+}
	+
	+ATF_TC_CLEANUP(auditctl_success, tc)
	+{
	+ /*
	+ * auditctl(2) disables audit log at /var/audit and initiates auditing
	+ * at the configured path. To reset this, we need to stop and start the
	+ * auditd(8) again. Here, we check if auditd(8) was running already
	+ * before the test started. If so, we stop and start it again.
	+ */
	+ system("service auditd onestop > /dev/null 2>&1");
	+ if (!atf_utils_file_exists("started_auditd"))
	+ system("service auditd onestart > /dev/null 2>&1");
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(auditctl_failure);
	+ATF_TC_HEAD(auditctl_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "auditctl(2) call");
	+}
	+
	+ATF_TC_BODY(auditctl_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "auditctl.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ /* Failure reason: file does not exist */
	+ ATF_REQUIRE_EQ(-1, auditctl(NULL));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(auditctl_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(auditon_success);
	+ATF_TC_HEAD(auditon_success, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
	+ "auditon(2) call");
	+}
	+
	+ATF_TC_BODY(auditon_success, tc)
	+{
	+ pid = getpid();
	+ au_evclass_map_t evclass;
	+ snprintf(adregex, sizeof(adregex), "auditon.%d.return,success", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(&evclass)));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(auditon_success, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(auditon_failure);
	+ATF_TC_HEAD(auditon_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "auditon(2) call");
	+}
	+
	+ATF_TC_BODY(auditon_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "auditon.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ /* Failure reason: Invalid au_evclass_map_t structure */
	+ ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(auditon_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(acct_success);
	+ATF_TC_HEAD(acct_success, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
	+ "acct(2) call");
	+}
	+
	+ATF_TC_BODY(acct_success, tc)
	+{
	+ int acctinfo, filedesc2;
	+ size_t len = sizeof(acctinfo);
	+ const char *acctname = "kern.acct_configured";
	+ ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0));
	+
	+ /* File needs to exist to start system accounting */
	+ ATF_REQUIRE((filedesc = open(path, O_CREAT \| O_RDWR, mode)) != -1);
	+
	+ /*
	+ * acctinfo = 0: System accounting was disabled
	+ * acctinfo = 1: System accounting was enabled
	+ */
	+ if (acctinfo) {
	+ ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1);
	+ close(filedesc2);
	+ }
	+
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex),
	+ "acct.%s.%d.*return,success", path, pid);
	+
	+ /*
	+ * We temporarily switch the accounting record to a file at
	+ * our own configured path in order to confirm acct(2)'s successful
	+ * auditing. Then we set everything back to its original state.
	+ */
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(0, acct(path));
	+ check_audit(fds, adregex, pipefd);
	+ close(filedesc);
	+}
	+
	+ATF_TC_CLEANUP(acct_success, tc)
	+{
	+ /* Reset accounting configured path */
	+ ATF_REQUIRE_EQ(0, system("service accounting onestop"));
	+ if (atf_utils_file_exists("acct_ok")) {
	+ ATF_REQUIRE_EQ(0, system("service accounting onestart"));
	+ }
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(acct_failure);
	+ATF_TC_HEAD(acct_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "acct(2) call");
	+}
	+
	+ATF_TC_BODY(acct_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "acct.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ /* Failure reason: File does not exist */
	+ ATF_REQUIRE_EQ(-1, acct(path));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(acct_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	ATF_TC_WITH_CLEANUP(getauid_success);
	ATF_TC_HEAD(getauid_success, tc)
	{
	@@ -495,15 +787,178 @@
	}


	+/*
	+ * Audit of reboot(2) cannot be tested in normal conditions as we don't want
	+ * to reboot the system while running the tests
	+ */
	+
	+
	+ATF_TC_WITH_CLEANUP(reboot_failure);
	+ATF_TC_HEAD(reboot_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "reboot(2) call");
	+}
	+
	+ATF_TC_BODY(reboot_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "reboot.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(-1, reboot(-1));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(reboot_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+/*
	+ * Audit of quotactl(2) cannot be tested in normal conditions as we don't want
	+ * to tamper with filesystem quotas
	+ */
	+
	+
	+ATF_TC_WITH_CLEANUP(quotactl_failure);
	+ATF_TC_HEAD(quotactl_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "quotactl(2) call");
	+}
	+
	+ATF_TC_BODY(quotactl_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "quotactl.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(quotactl_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(mount_failure);
	+ATF_TC_HEAD(mount_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "mount(2) call");
	+}
	+
	+ATF_TC_BODY(mount_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "mount.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(mount_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(nmount_failure);
	+ATF_TC_HEAD(nmount_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "nmount(2) call");
	+}
	+
	+ATF_TC_BODY(nmount_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "nmount.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(nmount_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(swapon_failure);
	+ATF_TC_HEAD(swapon_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "swapon(2) call");
	+}
	+
	+ATF_TC_BODY(swapon_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "swapon.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ /* Failure reason: Block device required */
	+ ATF_REQUIRE_EQ(-1, swapon(path));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(swapon_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	+ATF_TC_WITH_CLEANUP(swapoff_failure);
	+ATF_TC_HEAD(swapoff_failure, tc)
	+{
	+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
	+ "swapoff(2) call");
	+}
	+
	+ATF_TC_BODY(swapoff_failure, tc)
	+{
	+ pid = getpid();
	+ snprintf(adregex, sizeof(adregex), "swapoff.%d.return,failure", pid);
	+
	+ FILE *pipefd = setup(fds, auclass);
	+ /* Failure reason: Block device required */
	+ ATF_REQUIRE_EQ(-1, swapoff(path));
	+ check_audit(fds, adregex, pipefd);
	+}
	+
	+ATF_TC_CLEANUP(swapoff_failure, tc)
	+{
	+ cleanup();
	+}
	+
	+
	ATF_TP_ADD_TCS(tp)
	{
	ATF_TP_ADD_TC(tp, settimeofday_success);
	ATF_TP_ADD_TC(tp, settimeofday_failure);
	+ ATF_TP_ADD_TC(tp, clock_settime_success);
	+ ATF_TP_ADD_TC(tp, clock_settime_failure);
	ATF_TP_ADD_TC(tp, adjtime_success);
	ATF_TP_ADD_TC(tp, adjtime_failure);
	+ ATF_TP_ADD_TC(tp, ntp_adjtime_success);
	+ ATF_TP_ADD_TC(tp, ntp_adjtime_failure);

	ATF_TP_ADD_TC(tp, nfs_getfh_success);
	ATF_TP_ADD_TC(tp, nfs_getfh_failure);
	+ ATF_TP_ADD_TC(tp, acct_success);
	+ ATF_TP_ADD_TC(tp, acct_failure);
	+
	+ ATF_TP_ADD_TC(tp, auditctl_success);
	+ ATF_TP_ADD_TC(tp, auditctl_failure);
	+ ATF_TP_ADD_TC(tp, auditon_success);
	+ ATF_TP_ADD_TC(tp, auditon_failure);

	ATF_TP_ADD_TC(tp, getauid_success);
	ATF_TP_ADD_TC(tp, getauid_failure);
	@@ -520,5 +975,12 @@
	ATF_TP_ADD_TC(tp, setaudit_addr_success);
	ATF_TP_ADD_TC(tp, setaudit_addr_failure);

	+ ATF_TP_ADD_TC(tp, reboot_failure);
	+ ATF_TP_ADD_TC(tp, quotactl_failure);
	+ ATF_TP_ADD_TC(tp, mount_failure);
	+ ATF_TP_ADD_TC(tp, nmount_failure);
	+ ATF_TP_ADD_TC(tp, swapon_failure);
	+ ATF_TP_ADD_TC(tp, swapoff_failure);
	+
	return (atf_no_error());
	}

File Metadata

Mime Type: text/plain
Expires: Tue, Feb 11, 7:46 PM (14 h, 44 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16600166
Default Alt Text: D15898.id44531.diff (12 KB)

D15898.id44531.diffNo OneTemporaryActions

D15898.id44531.diffView Options

File Metadata

Event Timeline

D15898.id44531.diff
No OneTemporary
Actions

D15898.id44531.diff
View Options