Changeset View
Standalone View
tests/sys/audit/administrative.c
Show All 21 Lines | |||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
* SUCH DAMAGE. | * SUCH DAMAGE. | ||||
* | * | ||||
* $FreeBSD$ | * $FreeBSD$ | ||||
*/ | */ | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/mount.h> | #include <sys/mount.h> | ||||
#include <sys/reboot.h> | |||||
#include <sys/stat.h> | |||||
#include <sys/sysctl.h> | |||||
#include <sys/time.h> | #include <sys/time.h> | ||||
#include <sys/timespec.h> | |||||
#include <sys/timex.h> | |||||
#include <bsm/audit.h> | |||||
#include <ufs/ufs/quota.h> | |||||
#include <atf-c.h> | #include <atf-c.h> | ||||
#include <fcntl.h> | #include <fcntl.h> | ||||
#include <stdlib.h> | |||||
#include <time.h> | |||||
#include <unistd.h> | #include <unistd.h> | ||||
#include "utils.h" | #include "utils.h" | ||||
static pid_t pid; | static pid_t pid; | ||||
static int filedesc; | static int filedesc; | ||||
static mode_t mode = 0777; | static mode_t mode = 0777; | ||||
static struct pollfd fds[1]; | static struct pollfd fds[1]; | ||||
static char adregex[80]; | static char adregex[80]; | ||||
static const char *auclass = "ad"; | static const char *auclass = "ad"; | ||||
static const char *path = "fileforaudit"; | static const char *path = "fileforaudit"; | ||||
static const char *successreg = "fileforaudit.*return,success"; | |||||
ATF_TC_WITH_CLEANUP(settimeofday_success); | ATF_TC_WITH_CLEANUP(settimeofday_success); | ||||
ATF_TC_HEAD(settimeofday_success, tc) | ATF_TC_HEAD(settimeofday_success, tc) | ||||
{ | { | ||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | ||||
"settimeofday(2) call"); | "settimeofday(2) call"); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 43 Lines • ▼ Show 20 Lines | |||||
} | } | ||||
ATF_TC_CLEANUP(settimeofday_failure, tc) | ATF_TC_CLEANUP(settimeofday_failure, tc) | ||||
{ | { | ||||
cleanup(); | cleanup(); | ||||
} | } | ||||
ATF_TC_WITH_CLEANUP(clock_settime_success); | |||||
ATF_TC_HEAD(clock_settime_success, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | |||||
"clock_settime(2) call"); | |||||
} | |||||
ATF_TC_BODY(clock_settime_success, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*success", pid); | |||||
struct timespec tp; | |||||
ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_REALTIME, &tp)); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Setting the same time as obtained by clock_gettime(2) */ | |||||
ATF_REQUIRE_EQ(0, clock_settime(CLOCK_REALTIME, &tp)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(clock_settime_success, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(clock_settime_failure); | |||||
ATF_TC_HEAD(clock_settime_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"clock_settime(2) call"); | |||||
} | |||||
ATF_TC_BODY(clock_settime_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "clock_settime.*%d.*failure", pid); | |||||
struct timespec tp; | |||||
ATF_REQUIRE_EQ(0, clock_gettime(CLOCK_MONOTONIC, &tp)); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: cannot use CLOCK_MONOTONIC to set the system time */ | |||||
ATF_REQUIRE_EQ(-1, clock_settime(CLOCK_MONOTONIC, &tp)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(clock_settime_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(adjtime_success); | ATF_TC_WITH_CLEANUP(adjtime_success); | ||||
ATF_TC_HEAD(adjtime_success, tc) | ATF_TC_HEAD(adjtime_success, tc) | ||||
{ | { | ||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | ||||
"adjtime(2) call"); | "adjtime(2) call"); | ||||
} | } | ||||
ATF_TC_BODY(adjtime_success, tc) | ATF_TC_BODY(adjtime_success, tc) | ||||
{ | { | ||||
pid = getpid(); | pid = getpid(); | ||||
snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid); | snprintf(adregex, sizeof(adregex), "adjtime.*%d.*return,success", pid); | ||||
FILE *pipefd = setup(fds, auclass); | FILE *pipefd = setup(fds, auclass); | ||||
/* We don't want to change the system time, hence NULL */ | /* We don't want to change the system time, hence NULL */ | ||||
ATF_REQUIRE_EQ(0, adjtime(NULL,NULL)); | ATF_REQUIRE_EQ(0, adjtime(NULL, NULL)); | ||||
check_audit(fds, adregex, pipefd); | check_audit(fds, adregex, pipefd); | ||||
} | } | ||||
ATF_TC_CLEANUP(adjtime_success, tc) | ATF_TC_CLEANUP(adjtime_success, tc) | ||||
{ | { | ||||
cleanup(); | cleanup(); | ||||
} | } | ||||
Show All 16 Lines | |||||
} | } | ||||
ATF_TC_CLEANUP(adjtime_failure, tc) | ATF_TC_CLEANUP(adjtime_failure, tc) | ||||
{ | { | ||||
cleanup(); | cleanup(); | ||||
} | } | ||||
ATF_TC_WITH_CLEANUP(ntp_adjtime_success); | |||||
ATF_TC_HEAD(ntp_adjtime_success, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | |||||
"ntp_adjtime(2) call"); | |||||
} | |||||
ATF_TC_BODY(ntp_adjtime_success, tc) | |||||
{ | |||||
struct timex timebuff; | |||||
bzero(&timebuff, sizeof(timebuff)); | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*success", pid); | |||||
asomers: timebuff is used uninitialized. | |||||
Done Inline ActionsIs it not supposed to be filled by ntp_adjtime(2). That is what man-page suggested. aniketp: Is it not supposed to be filled by `ntp_adjtime(2)`. That is what man-page suggested. | |||||
Done Inline ActionsNo, you're misreading it. That argument is provided from userland to the kernel. asomers: No, you're misreading it. That argument is provided from userland to the kernel. | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE(ntp_adjtime(&timebuff) != -1); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(ntp_adjtime_success, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(ntp_adjtime_failure); | |||||
ATF_TC_HEAD(ntp_adjtime_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"ntp_adjtime(2) call"); | |||||
} | |||||
ATF_TC_BODY(ntp_adjtime_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "ntp_adjtime.*%d.*failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(-1, ntp_adjtime(NULL)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(ntp_adjtime_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(nfs_getfh_success); | ATF_TC_WITH_CLEANUP(nfs_getfh_success); | ||||
ATF_TC_HEAD(nfs_getfh_success, tc) | ATF_TC_HEAD(nfs_getfh_success, tc) | ||||
{ | { | ||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | ||||
"getfh(2) call"); | "getfh(2) call"); | ||||
} | } | ||||
ATF_TC_BODY(nfs_getfh_success, tc) | ATF_TC_BODY(nfs_getfh_success, tc) | ||||
Show All 35 Lines | |||||
} | } | ||||
ATF_TC_CLEANUP(nfs_getfh_failure, tc) | ATF_TC_CLEANUP(nfs_getfh_failure, tc) | ||||
{ | { | ||||
cleanup(); | cleanup(); | ||||
} | } | ||||
ATF_TC_WITH_CLEANUP(auditctl_success); | |||||
ATF_TC_HEAD(auditctl_success, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | |||||
"auditctl(2) call"); | |||||
} | |||||
ATF_TC_BODY(auditctl_success, tc) | |||||
{ | |||||
/* File needs to exist in order to call auditctl(2) */ | |||||
ATF_REQUIRE((filedesc = open(path, O_CREAT | O_WRONLY, mode)) != -1); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(0, auditctl(path)); | |||||
Done Inline ActionsWhat happens to the system's audit trail after this command? Does it keep recording the stuff in /var/audit? asomers: What happens to the system's audit trail after this command? Does it keep recording the stuff… | |||||
Done Inline ActionsAfter I call auditctl(2) myself, auditing starts in my configured path rather than /var/audit. Actually: So basically, to make everything work normally, we'll have to stop and start auditd8) again. (I verified this behaviour using an independent program). aniketp: After I call `auditctl(2)` myself, auditing starts in my configured path rather than /var/audit. | |||||
Done Inline ActionsTough call. Do we skip the test if auditd is already running? Or do we run it anyway, but make sure to restart auditd in the cleanup? I'm leaning toward the latter, even though it will cause a short disruption to the system-wide audit trail. My reasoning is that none of the ATF tests should be run in a production environment, so a brief audit-trail disruption should be ok. asomers: Tough call. Do we skip the test if auditd is already running? Or do we run it anyway, but… | |||||
check_audit(fds, successreg, pipefd); | |||||
close(filedesc); | |||||
} | |||||
ATF_TC_CLEANUP(auditctl_success, tc) | |||||
{ | |||||
/* | |||||
* auditctl(2) disables audit log at /var/audit and initiates auditing | |||||
* at the configured path. To reset this, we need to stop and start the | |||||
* auditd(8) again. Here, we check if auditd(8) was running already | |||||
* before the test started. If so, we stop and start it again. | |||||
*/ | |||||
system("service auditd onestop > /dev/null 2>&1"); | |||||
if (!atf_utils_file_exists("started_auditd")) | |||||
system("service auditd onestart > /dev/null 2>&1"); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(auditctl_failure); | |||||
ATF_TC_HEAD(auditctl_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"auditctl(2) call"); | |||||
} | |||||
ATF_TC_BODY(auditctl_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "auditctl.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: file does not exist */ | |||||
ATF_REQUIRE_EQ(-1, auditctl(NULL)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(auditctl_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(auditon_success); | |||||
ATF_TC_HEAD(auditon_success, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | |||||
"auditon(2) call"); | |||||
} | |||||
ATF_TC_BODY(auditon_success, tc) | |||||
{ | |||||
pid = getpid(); | |||||
au_evclass_map_t evclass; | |||||
snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(&evclass))); | |||||
asomersUnsubmitted Done Inline Actionsevclass is used uninitialized here. asomers: evclass is used uninitialized here. | |||||
Done Inline ActionsYou should initialize ec_class too, even though current kernel code doesn't use it. Otherwise, tools like Coverity will detect this as a use of uninitialized data. Anything will work. Either bzero, or an explicit value. asomers: You should initialize `ec_class` too, even though current kernel code doesn't use it. | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(auditon_success, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
Done Inline ActionsIt's not useful to document that the file is conditional; the condition one line above makes that clear. If you're going to document it, it should be to highlight its role in the cleanup function. asomers: It's not useful to document that the file is conditional; the condition one line above makes… | |||||
ATF_TC_WITH_CLEANUP(auditon_failure); | |||||
ATF_TC_HEAD(auditon_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"auditon(2) call"); | |||||
} | |||||
ATF_TC_BODY(auditon_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
Done Inline ActionsWhy go to so much effort not to enable accounting? It would be simpler to make acctpath a constant. It will be deleted anyway at the end of the test. asomers: Why go to so much effort not to enable accounting? It would be simpler to make acctpath a… | |||||
snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: Invalid au_evclass_map_t structure */ | |||||
ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(auditon_failure, tc) | |||||
{ | |||||
Done Inline ActionsPro tip: if you initialize filedesc2 to -1, then you can unconditionally close it and ignore the return value. However, in this case it would be better to move the close statement up to line 336, immediately after opening it. asomers: Pro tip: if you initialize filedesc2 to -1, then you can unconditionally close it and ignore… | |||||
cleanup(); | |||||
Done Inline ActionsYou can't do cleanup in the test body, because it won't run if the test fails. You need to move this to the cleanup function. asomers: You can't do cleanup in the test body, because it won't run if the test fails. You need to… | |||||
} | |||||
ATF_TC_WITH_CLEANUP(acct_success); | |||||
ATF_TC_HEAD(acct_success, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | |||||
"acct(2) call"); | |||||
} | |||||
ATF_TC_BODY(acct_success, tc) | |||||
{ | |||||
int acctinfo, filedesc2; | |||||
size_t len = sizeof(acctinfo); | |||||
const char *acctname = "kern.acct_configured"; | |||||
ATF_REQUIRE_EQ(0, sysctlbyname(acctname, &acctinfo, &len, NULL, 0)); | |||||
/* File needs to exist to start system accounting */ | |||||
ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); | |||||
/* | |||||
* acctinfo = 0: System accounting was disabled | |||||
* acctinfo = 1: System accounting was enabled | |||||
*/ | |||||
if (acctinfo) { | |||||
ATF_REQUIRE((filedesc2 = open("acct_ok", O_CREAT, mode)) != -1); | |||||
close(filedesc2); | |||||
} | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), | |||||
"acct.*%s.*%d.*return,success", path, pid); | |||||
/* | |||||
* We temporarily switch the accounting record to a file at | |||||
* our own configured path in order to confirm acct(2)'s successful | |||||
* auditing. Then we set everything back to its original state. | |||||
*/ | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(0, acct(path)); | |||||
check_audit(fds, adregex, pipefd); | |||||
close(filedesc); | |||||
} | |||||
ATF_TC_CLEANUP(acct_success, tc) | |||||
{ | |||||
/* Reset accounting configured path */ | |||||
ATF_REQUIRE_EQ(0, system("service accounting onestop")); | |||||
if (atf_utils_file_exists("acct_ok")) { | |||||
ATF_REQUIRE_EQ(0, system("service accounting onestart")); | |||||
} | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(acct_failure); | |||||
ATF_TC_HEAD(acct_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"acct(2) call"); | |||||
} | |||||
ATF_TC_BODY(acct_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "acct.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: File does not exist */ | |||||
ATF_REQUIRE_EQ(-1, acct(path)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(acct_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(getauid_success); | ATF_TC_WITH_CLEANUP(getauid_success); | ||||
ATF_TC_HEAD(getauid_success, tc) | ATF_TC_HEAD(getauid_success, tc) | ||||
{ | { | ||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | ||||
"getauid(2) call"); | "getauid(2) call"); | ||||
} | } | ||||
ATF_TC_BODY(getauid_success, tc) | ATF_TC_BODY(getauid_success, tc) | ||||
▲ Show 20 Lines • Show All 279 Lines • ▼ Show 20 Lines | |||||
} | } | ||||
ATF_TC_CLEANUP(setaudit_addr_failure, tc) | ATF_TC_CLEANUP(setaudit_addr_failure, tc) | ||||
{ | { | ||||
cleanup(); | cleanup(); | ||||
} | } | ||||
/* | |||||
* Audit of reboot(2) cannot be tested in normal conditions as we don't want | |||||
* to reboot the system while running the tests | |||||
*/ | |||||
ATF_TC_WITH_CLEANUP(reboot_failure); | |||||
ATF_TC_HEAD(reboot_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"reboot(2) call"); | |||||
} | |||||
ATF_TC_BODY(reboot_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "reboot.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(-1, reboot(-1)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(reboot_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
/* | |||||
* Audit of quotactl(2) cannot be tested in normal conditions as we don't want | |||||
* to tamper with filesystem quotas | |||||
Done Inline ActionsIf we're going to temporarily disrupt the audit trail, then we may as well disrupt process accounting, too. You can check whether accounting is enabled with the kern.acct_configured sysctl. Then, during cleanup, either do "service accounting onestop" (if it wasn't enabled) or "service accounting restart" (if it was). asomers: If we're going to temporarily disrupt the audit trail, then we may as well disrupt process… | |||||
*/ | |||||
ATF_TC_WITH_CLEANUP(quotactl_failure); | |||||
ATF_TC_HEAD(quotactl_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"quotactl(2) call"); | |||||
} | |||||
ATF_TC_BODY(quotactl_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "quotactl.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(-1, quotactl(NULL, 0, 0, NULL)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(quotactl_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(mount_failure); | |||||
ATF_TC_HEAD(mount_failure, tc) | |||||
Done Inline ActionsCan't you test quotactl successfully using the non-destructive Q_GETQUOTASIZE, Q_GETQUOTA, or Q_SYNC commands? asomers: Can't you test quotactl successfully using the non-destructive `Q_GETQUOTASIZE`, `Q_GETQUOTA`… | |||||
Done Inline Actionsint size; if (quotactl("/", Q_GETQUOTASIZE, 0, &size) < 0) perror("quotactl"); outputs: From the man-page, it looks like the error is because the filesystem quota is not already enabled on my system MAN The cmd argument or the command type is invalid. In Q_GETQUOTASIZE, Q_GETQUOTA, Q_SETQUOTA, and Q_SETUSE, quotas are not currently enabled for this file system. aniketp: ```
int size;
if (quotactl("/", Q_GETQUOTASIZE, 0, &size) < 0)
perror("quotactl");
```… | |||||
Done Inline ActionsDoes that even happen for Q_SYNC? asomers: Does that even happen for `Q_SYNC`? | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"mount(2) call"); | |||||
} | |||||
ATF_TC_BODY(mount_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "mount.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(-1, mount(NULL, NULL, 0, NULL)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(mount_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(nmount_failure); | |||||
ATF_TC_HEAD(nmount_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"nmount(2) call"); | |||||
} | |||||
ATF_TC_BODY(nmount_failure, tc) | |||||
Not Done Inline ActionsActually, you can mount a filesystem. nullfs would work, for example. But be sure to unmount it during the cleanup! asomers: Actually, you can mount a filesystem. nullfs would work, for example. But be sure to unmount… | |||||
Not Done Inline ActionsAre you still working on mounting a filesystem? asomers: Are you still working on mounting a filesystem? | |||||
Not Done Inline ActionsI've been trying out numerous variations of commands to see if they execute successfully for mount(2) and nmount(2). Whenever I get the "type" right, i.e either "nullfs" or "tmpfs", Any other set of command outputs Operation not supported. aniketp: I've been trying out numerous variations of commands to see if they execute successfully for… | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "nmount.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(-1, nmount(NULL, 0, 0)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(nmount_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(swapon_failure); | |||||
ATF_TC_HEAD(swapon_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"swapon(2) call"); | |||||
} | |||||
ATF_TC_BODY(swapon_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "swapon.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: Block device required */ | |||||
ATF_REQUIRE_EQ(-1, swapon(path)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(swapon_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(swapoff_failure); | |||||
ATF_TC_HEAD(swapoff_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"swapoff(2) call"); | |||||
} | |||||
ATF_TC_BODY(swapoff_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(adregex, sizeof(adregex), "swapoff.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: Block device required */ | |||||
ATF_REQUIRE_EQ(-1, swapoff(path)); | |||||
check_audit(fds, adregex, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(swapoff_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TP_ADD_TCS(tp) | ATF_TP_ADD_TCS(tp) | ||||
{ | { | ||||
ATF_TP_ADD_TC(tp, settimeofday_success); | ATF_TP_ADD_TC(tp, settimeofday_success); | ||||
ATF_TP_ADD_TC(tp, settimeofday_failure); | ATF_TP_ADD_TC(tp, settimeofday_failure); | ||||
ATF_TP_ADD_TC(tp, clock_settime_success); | |||||
ATF_TP_ADD_TC(tp, clock_settime_failure); | |||||
ATF_TP_ADD_TC(tp, adjtime_success); | ATF_TP_ADD_TC(tp, adjtime_success); | ||||
ATF_TP_ADD_TC(tp, adjtime_failure); | ATF_TP_ADD_TC(tp, adjtime_failure); | ||||
ATF_TP_ADD_TC(tp, ntp_adjtime_success); | |||||
ATF_TP_ADD_TC(tp, ntp_adjtime_failure); | |||||
ATF_TP_ADD_TC(tp, nfs_getfh_success); | ATF_TP_ADD_TC(tp, nfs_getfh_success); | ||||
ATF_TP_ADD_TC(tp, nfs_getfh_failure); | ATF_TP_ADD_TC(tp, nfs_getfh_failure); | ||||
ATF_TP_ADD_TC(tp, acct_success); | |||||
ATF_TP_ADD_TC(tp, acct_failure); | |||||
ATF_TP_ADD_TC(tp, auditctl_success); | |||||
ATF_TP_ADD_TC(tp, auditctl_failure); | |||||
ATF_TP_ADD_TC(tp, auditon_success); | |||||
ATF_TP_ADD_TC(tp, auditon_failure); | |||||
ATF_TP_ADD_TC(tp, getauid_success); | ATF_TP_ADD_TC(tp, getauid_success); | ||||
ATF_TP_ADD_TC(tp, getauid_failure); | ATF_TP_ADD_TC(tp, getauid_failure); | ||||
ATF_TP_ADD_TC(tp, setauid_success); | ATF_TP_ADD_TC(tp, setauid_success); | ||||
ATF_TP_ADD_TC(tp, setauid_failure); | ATF_TP_ADD_TC(tp, setauid_failure); | ||||
ATF_TP_ADD_TC(tp, getaudit_success); | ATF_TP_ADD_TC(tp, getaudit_success); | ||||
ATF_TP_ADD_TC(tp, getaudit_failure); | ATF_TP_ADD_TC(tp, getaudit_failure); | ||||
ATF_TP_ADD_TC(tp, setaudit_success); | ATF_TP_ADD_TC(tp, setaudit_success); | ||||
ATF_TP_ADD_TC(tp, setaudit_failure); | ATF_TP_ADD_TC(tp, setaudit_failure); | ||||
ATF_TP_ADD_TC(tp, getaudit_addr_success); | ATF_TP_ADD_TC(tp, getaudit_addr_success); | ||||
ATF_TP_ADD_TC(tp, getaudit_addr_failure); | ATF_TP_ADD_TC(tp, getaudit_addr_failure); | ||||
ATF_TP_ADD_TC(tp, setaudit_addr_success); | ATF_TP_ADD_TC(tp, setaudit_addr_success); | ||||
ATF_TP_ADD_TC(tp, setaudit_addr_failure); | ATF_TP_ADD_TC(tp, setaudit_addr_failure); | ||||
ATF_TP_ADD_TC(tp, reboot_failure); | |||||
ATF_TP_ADD_TC(tp, quotactl_failure); | |||||
ATF_TP_ADD_TC(tp, mount_failure); | |||||
ATF_TP_ADD_TC(tp, nmount_failure); | |||||
ATF_TP_ADD_TC(tp, swapon_failure); | |||||
ATF_TP_ADD_TC(tp, swapoff_failure); | |||||
return (atf_no_error()); | return (atf_no_error()); | ||||
} | } |
timebuff is used uninitialized.