svn commit: r339089 - stable/11/tests/sys/audit
Alan Somers
asomers at FreeBSD.org
Tue Oct 2 17:07:12 UTC 2018
Author: asomers
Date: Tue Oct 2 17:07:10 2018
New Revision: 339089
URL: https://svnweb.freebsd.org/changeset/base/339089
Log:
MFC r335261, r335275, r335284-r335285, r335294, r335318, r335320, r335703
r335261:
audit(4): add tests for pathconf(2) and friends
pathconf, lpathconf, and fpathconf are included
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15842
r335275:
audit(4): add tests for chflags and friends
chflags, fchflags, and lchflags (but not chflagsat) are included.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15854
r335284:
audit(4): add tests for extattr_get_file(2) and friends
This commit includes extattr_{get_file, get_fd, get_link, list_file,
list_fd, list_link}. It does not include any syscalls that modify, set, or
delete extended attributes, as those are in a different audit class.
Submitted by: aniketpt
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15859
r335285:
audit(4): Add tests for a few syscalls in the ad class
The ad audit class is for administrative commands. This commit adds test
for settimeofday, adjtime, and getfh.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15861
r335294:
audit(4): add tests for connect, connectat, and accept
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15853
r335318:
audit(4): add tests for extattr_set_file and friends
Includes extattr_{set_file, _set_fd, _set_link, _delete_file, _delete_fd,
_delete_link}
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15867
r335320:
audit(4): Add tests for {get/set}auid, {get/set}audit, {get/set}audit_addr
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15871
r335703:
audit(4): fix Coverity issues
Fix several incorrect buffer size arguments and a file descriptor leak.
Submitted by: aniketp
Reported by: Coverity
CID: 1393489 1393501 1393509 1393510 1393514 1393515 1393516
CID: 1393517 1393518 1393519
X-MFC-With: 335284
X-MFC-With: 335318
X-MFC-With: 335320
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16000
Added:
stable/11/tests/sys/audit/administrative.c
- copied, changed from r335285, head/tests/sys/audit/administrative.c
Modified:
stable/11/tests/sys/audit/Makefile
stable/11/tests/sys/audit/file-attribute-access.c
stable/11/tests/sys/audit/file-attribute-modify.c
stable/11/tests/sys/audit/network.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/tests/sys/audit/Makefile
==============================================================================
--- stable/11/tests/sys/audit/Makefile Tue Oct 2 17:01:42 2018 (r339088)
+++ stable/11/tests/sys/audit/Makefile Tue Oct 2 17:07:10 2018 (r339089)
@@ -11,6 +11,7 @@ ATF_TESTS_C+= file-write
ATF_TESTS_C+= file-read
ATF_TESTS_C+= open
ATF_TESTS_C+= network
+ATF_TESTS_C+= administrative
SRCS.file-attribute-access+= file-attribute-access.c
SRCS.file-attribute-access+= utils.c
@@ -30,6 +31,8 @@ SRCS.open+= open.c
SRCS.open+= utils.c
SRCS.network+= network.c
SRCS.network+= utils.c
+SRCS.administrative+= administrative.c
+SRCS.administrative+= utils.c
TEST_METADATA+= timeout="30"
TEST_METADATA+= required_user="root"
Copied and modified: stable/11/tests/sys/audit/administrative.c (from r335285, head/tests/sys/audit/administrative.c)
==============================================================================
--- head/tests/sys/audit/administrative.c Sun Jun 17 16:24:46 2018 (r335285, copy source)
+++ stable/11/tests/sys/audit/administrative.c Tue Oct 2 17:07:10 2018 (r339089)
@@ -39,7 +39,7 @@ static pid_t pid;
static int filedesc;
static mode_t mode = 0777;
static struct pollfd fds[1];
-static char adregex[60];
+static char adregex[80];
static const char *auclass = "ad";
static const char *path = "fileforaudit";
@@ -163,7 +163,7 @@ ATF_TC_BODY(nfs_getfh_success, tc)
snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid);
/* File needs to exist to call getfh(2) */
- ATF_REQUIRE(filedesc = open(path, O_CREAT, mode) != -1);
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, getfh(path, &fhp));
check_audit(fds, adregex, pipefd);
@@ -200,6 +200,301 @@ ATF_TC_CLEANUP(nfs_getfh_failure, tc)
}
+ATF_TC_WITH_CLEANUP(getauid_success);
+ATF_TC_HEAD(getauid_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "getauid(2) call");
+}
+
+ATF_TC_BODY(getauid_success, tc)
+{
+ au_id_t auid;
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, getauid(&auid));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getauid_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getauid_failure);
+ATF_TC_HEAD(getauid_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "getauid(2) call");
+}
+
+ATF_TC_BODY(getauid_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Bad address */
+ ATF_REQUIRE_EQ(-1, getauid(NULL));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getauid_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setauid_success);
+ATF_TC_HEAD(setauid_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "setauid(2) call");
+}
+
+ATF_TC_BODY(setauid_success, tc)
+{
+ au_id_t auid;
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid);
+ ATF_REQUIRE_EQ(0, getauid(&auid));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, setauid(&auid));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setauid_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setauid_failure);
+ATF_TC_HEAD(setauid_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "setauid(2) call");
+}
+
+ATF_TC_BODY(setauid_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Bad address */
+ ATF_REQUIRE_EQ(-1, setauid(NULL));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setauid_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_success);
+ATF_TC_HEAD(getaudit_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "getaudit(2) call");
+}
+
+ATF_TC_BODY(getaudit_success, tc)
+{
+ pid = getpid();
+ auditinfo_t auditinfo;
+ snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_failure);
+ATF_TC_HEAD(getaudit_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "getaudit(2) call");
+}
+
+ATF_TC_BODY(getaudit_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Bad address */
+ ATF_REQUIRE_EQ(-1, getaudit(NULL));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_success);
+ATF_TC_HEAD(setaudit_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "setaudit(2) call");
+}
+
+ATF_TC_BODY(setaudit_success, tc)
+{
+ pid = getpid();
+ auditinfo_t auditinfo;
+ snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid);
+ ATF_REQUIRE_EQ(0, getaudit(&auditinfo));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, setaudit(&auditinfo));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_failure);
+ATF_TC_HEAD(setaudit_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "setaudit(2) call");
+}
+
+ATF_TC_BODY(setaudit_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Bad address */
+ ATF_REQUIRE_EQ(-1, setaudit(NULL));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_addr_success);
+ATF_TC_HEAD(getaudit_addr_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "getaudit_addr(2) call");
+}
+
+ATF_TC_BODY(getaudit_addr_success, tc)
+{
+ pid = getpid();
+ auditinfo_addr_t auditinfo;
+ snprintf(adregex, sizeof(adregex),
+ "getaudit_addr.*%d.*return,success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_addr_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getaudit_addr_failure);
+ATF_TC_HEAD(getaudit_addr_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "getaudit_addr(2) call");
+}
+
+ATF_TC_BODY(getaudit_addr_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex),
+ "getaudit_addr.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Bad address */
+ ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getaudit_addr_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_addr_success);
+ATF_TC_HEAD(setaudit_addr_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "setaudit_addr(2) call");
+}
+
+ATF_TC_BODY(setaudit_addr_success, tc)
+{
+ pid = getpid();
+ auditinfo_addr_t auditinfo;
+ snprintf(adregex, sizeof(adregex),
+ "setaudit_addr.*%d.*return,success", pid);
+
+ ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo)));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo)));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_addr_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setaudit_addr_failure);
+ATF_TC_HEAD(setaudit_addr_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "setaudit_addr(2) call");
+}
+
+ATF_TC_BODY(setaudit_addr_failure, tc)
+{
+ pid = getpid();
+ snprintf(adregex, sizeof(adregex),
+ "setaudit_addr.*%d.*return,failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Bad address */
+ ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0));
+ check_audit(fds, adregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setaudit_addr_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, settimeofday_success);
@@ -209,6 +504,21 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, nfs_getfh_success);
ATF_TP_ADD_TC(tp, nfs_getfh_failure);
+
+ ATF_TP_ADD_TC(tp, getauid_success);
+ ATF_TP_ADD_TC(tp, getauid_failure);
+ ATF_TP_ADD_TC(tp, setauid_success);
+ ATF_TP_ADD_TC(tp, setauid_failure);
+
+ ATF_TP_ADD_TC(tp, getaudit_success);
+ ATF_TP_ADD_TC(tp, getaudit_failure);
+ ATF_TP_ADD_TC(tp, setaudit_success);
+ ATF_TP_ADD_TC(tp, setaudit_failure);
+
+ ATF_TP_ADD_TC(tp, getaudit_addr_success);
+ ATF_TP_ADD_TC(tp, getaudit_addr_failure);
+ ATF_TP_ADD_TC(tp, setaudit_addr_success);
+ ATF_TP_ADD_TC(tp, setaudit_addr_failure);
return (atf_no_error());
}
Modified: stable/11/tests/sys/audit/file-attribute-access.c
==============================================================================
--- stable/11/tests/sys/audit/file-attribute-access.c Tue Oct 2 17:01:42 2018 (r339088)
+++ stable/11/tests/sys/audit/file-attribute-access.c Tue Oct 2 17:07:10 2018 (r339089)
@@ -26,6 +26,7 @@
*/
#include <sys/param.h>
+#include <sys/extattr.h>
#include <sys/ucred.h>
#include <sys/mount.h>
#include <sys/stat.h>
@@ -43,9 +44,11 @@ static pid_t pid;
static fhandle_t fht;
static int filedesc, fhdesc;
static char extregex[80];
+static char buff[] = "ezio";
static struct stat statbuff;
static struct statfs statfsbuff;
static const char *auclass = "fa";
+static const char *name = "authorname";
static const char *path = "fileforaudit";
static const char *errpath = "dirdoesnotexist/fileforaudit";
static const char *successreg = "fileforaudit.*return,success";
@@ -661,6 +664,478 @@ ATF_TC_CLEANUP(faccessat_failure, tc)
}
+ATF_TC_WITH_CLEANUP(pathconf_success);
+ATF_TC_HEAD(pathconf_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "pathconf(2) call");
+}
+
+ATF_TC_BODY(pathconf_success, tc)
+{
+ /* File needs to exist to call pathconf(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ /* Get the maximum number of bytes of filename */
+ ATF_REQUIRE(pathconf(path, _PC_NAME_MAX) != -1);
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(pathconf_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(pathconf_failure);
+ATF_TC_HEAD(pathconf_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "pathconf(2) call");
+}
+
+ATF_TC_BODY(pathconf_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, pathconf(errpath, _PC_NAME_MAX));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(pathconf_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lpathconf_success);
+ATF_TC_HEAD(lpathconf_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "lpathconf(2) call");
+}
+
+ATF_TC_BODY(lpathconf_success, tc)
+{
+ /* Symbolic link needs to exist to call lpathconf(2) */
+ ATF_REQUIRE_EQ(0, symlink("symlink", path));
+ FILE *pipefd = setup(fds, auclass);
+ /* Get the maximum number of bytes of symlink's name */
+ ATF_REQUIRE(lpathconf(path, _PC_SYMLINK_MAX) != -1);
+ check_audit(fds, successreg, pipefd);
+}
+
+ATF_TC_CLEANUP(lpathconf_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lpathconf_failure);
+ATF_TC_HEAD(lpathconf_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "lpathconf(2) call");
+}
+
+ATF_TC_BODY(lpathconf_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: symbolic link does not exist */
+ ATF_REQUIRE_EQ(-1, lpathconf(errpath, _PC_SYMLINK_MAX));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(lpathconf_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fpathconf_success);
+ATF_TC_HEAD(fpathconf_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fpathconf(2) call");
+}
+
+ATF_TC_BODY(fpathconf_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "fpathconf.*%d.*success", pid);
+
+ /* File needs to exist to call fpathconf(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ /* Get the maximum number of bytes of filename */
+ ATF_REQUIRE(fpathconf(filedesc, _PC_NAME_MAX) != -1);
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fpathconf_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fpathconf_failure);
+ATF_TC_HEAD(fpathconf_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fpathconf(2) call");
+}
+
+ATF_TC_BODY(fpathconf_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ const char *regex = "fpathconf.*return,failure : Bad file descriptor";
+ /* Failure reason: Bad file descriptor */
+ ATF_REQUIRE_EQ(-1, fpathconf(-1, _PC_NAME_MAX));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fpathconf_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_file_success);
+ATF_TC_HEAD(extattr_get_file_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "extattr_get_file(2) call");
+}
+
+ATF_TC_BODY(extattr_get_file_success, tc)
+{
+ /* File needs to exist to call extattr_get_file(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ /* Set an extended attribute to be retrieved later on */
+ ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path,
+ EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff)));
+
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_get_file.*%s.*%s.*return,success", path, name);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(sizeof(buff), extattr_get_file(path,
+ EXTATTR_NAMESPACE_USER, name, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(extattr_get_file_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_file_failure);
+ATF_TC_HEAD(extattr_get_file_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "extattr_get_file(2) call");
+}
+
+ATF_TC_BODY(extattr_get_file_failure, tc)
+{
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_get_file.*%s.*%s.*failure", path, name);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, extattr_get_file(path,
+ EXTATTR_NAMESPACE_USER, name, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_file_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_fd_success);
+ATF_TC_HEAD(extattr_get_fd_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "extattr_get_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_get_fd_success, tc)
+{
+ /* File needs to exist to call extattr_get_fd(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ /* Set an extended attribute to be retrieved later on */
+ ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path,
+ EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff)));
+
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_get_fd.*%s.*return,success", name);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(sizeof(buff), extattr_get_fd(filedesc,
+ EXTATTR_NAMESPACE_USER, name, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(extattr_get_fd_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_fd_failure);
+ATF_TC_HEAD(extattr_get_fd_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "extattr_get_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_get_fd_failure, tc)
+{
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_get_fd.*%s.*return,failure : Bad file descriptor", name);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid file descriptor */
+ ATF_REQUIRE_EQ(-1, extattr_get_fd(-1,
+ EXTATTR_NAMESPACE_USER, name, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_fd_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_link_success);
+ATF_TC_HEAD(extattr_get_link_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "extattr_get_link(2) call");
+}
+
+ATF_TC_BODY(extattr_get_link_success, tc)
+{
+ /* Symbolic link needs to exist to call extattr_get_link(2) */
+ ATF_REQUIRE_EQ(0, symlink("symlink", path));
+ /* Set an extended attribute to be retrieved later on */
+ ATF_REQUIRE_EQ(sizeof(buff), extattr_set_link(path,
+ EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff)));
+
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_get_link.*%s.*%s.*return,success", path, name);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(sizeof(buff), extattr_get_link(path,
+ EXTATTR_NAMESPACE_USER, name, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_link_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_get_link_failure);
+ATF_TC_HEAD(extattr_get_link_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "extattr_get_link(2) call");
+}
+
+ATF_TC_BODY(extattr_get_link_failure, tc)
+{
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_get_link.*%s.*%s.*failure", path, name);
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: symbolic link does not exist */
+ ATF_REQUIRE_EQ(-1, extattr_get_link(path,
+ EXTATTR_NAMESPACE_USER, name, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_get_link_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_file_success);
+ATF_TC_HEAD(extattr_list_file_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "extattr_list_file(2) call");
+}
+
+ATF_TC_BODY(extattr_list_file_success, tc)
+{
+ int readbuff;
+ /* File needs to exist to call extattr_list_file(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE((readbuff = extattr_list_file(path,
+ EXTATTR_NAMESPACE_USER, NULL, 0)) != -1);
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_list_file.*%s.*return,success,%d", path, readbuff);
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_file_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_file_failure);
+ATF_TC_HEAD(extattr_list_file_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "extattr_list_file(2) call");
+}
+
+ATF_TC_BODY(extattr_list_file_failure, tc)
+{
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_list_file.*%s.*return,failure", path);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, extattr_list_file(path,
+ EXTATTR_NAMESPACE_USER, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_file_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_fd_success);
+ATF_TC_HEAD(extattr_list_fd_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "extattr_list_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_list_fd_success, tc)
+{
+ int readbuff;
+ /* File needs to exist to call extattr_list_fd(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE((readbuff = extattr_list_fd(filedesc,
+ EXTATTR_NAMESPACE_USER, NULL, 0)) != -1);
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_list_fd.*return,success,%d", readbuff);
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(extattr_list_fd_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_fd_failure);
+ATF_TC_HEAD(extattr_list_fd_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "extattr_list_fd(2) call");
+}
+
+ATF_TC_BODY(extattr_list_fd_failure, tc)
+{
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_list_fd.*return,failure : Bad file descriptor");
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid file descriptor */
+ ATF_REQUIRE_EQ(-1,
+ extattr_list_fd(-1, EXTATTR_NAMESPACE_USER, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_fd_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_link_success);
+ATF_TC_HEAD(extattr_list_link_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "extattr_list_link(2) call");
+}
+
+ATF_TC_BODY(extattr_list_link_success, tc)
+{
+ int readbuff;
+ /* Symbolic link needs to exist to call extattr_list_link(2) */
+ ATF_REQUIRE_EQ(0, symlink("symlink", path));
+ FILE *pipefd = setup(fds, auclass);
+
+ ATF_REQUIRE((readbuff = extattr_list_link(path,
+ EXTATTR_NAMESPACE_USER, NULL, 0)) != -1);
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_list_link.*%s.*return,success,%d", path, readbuff);
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_link_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(extattr_list_link_failure);
+ATF_TC_HEAD(extattr_list_link_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "extattr_list_link(2) call");
+}
+
+ATF_TC_BODY(extattr_list_link_failure, tc)
+{
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(extregex, sizeof(extregex),
+ "extattr_list_link.*%s.*failure", path);
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: symbolic link does not exist */
+ ATF_REQUIRE_EQ(-1, extattr_list_link(path,
+ EXTATTR_NAMESPACE_USER, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(extattr_list_link_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, stat_success);
@@ -693,6 +1168,27 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, eaccess_failure);
ATF_TP_ADD_TC(tp, faccessat_success);
ATF_TP_ADD_TC(tp, faccessat_failure);
+
+ ATF_TP_ADD_TC(tp, pathconf_success);
+ ATF_TP_ADD_TC(tp, pathconf_failure);
+ ATF_TP_ADD_TC(tp, lpathconf_success);
+ ATF_TP_ADD_TC(tp, lpathconf_failure);
+ ATF_TP_ADD_TC(tp, fpathconf_success);
+ ATF_TP_ADD_TC(tp, fpathconf_failure);
+
+ ATF_TP_ADD_TC(tp, extattr_get_file_success);
+ ATF_TP_ADD_TC(tp, extattr_get_file_failure);
+ ATF_TP_ADD_TC(tp, extattr_get_fd_success);
+ ATF_TP_ADD_TC(tp, extattr_get_fd_failure);
+ ATF_TP_ADD_TC(tp, extattr_get_link_success);
+ ATF_TP_ADD_TC(tp, extattr_get_link_failure);
+
+ ATF_TP_ADD_TC(tp, extattr_list_file_success);
+ ATF_TP_ADD_TC(tp, extattr_list_file_failure);
+ ATF_TP_ADD_TC(tp, extattr_list_fd_success);
+ ATF_TP_ADD_TC(tp, extattr_list_fd_failure);
+ ATF_TP_ADD_TC(tp, extattr_list_link_success);
+ ATF_TP_ADD_TC(tp, extattr_list_link_failure);
return (atf_no_error());
}
Modified: stable/11/tests/sys/audit/file-attribute-modify.c
==============================================================================
--- stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:01:42 2018 (r339088)
+++ stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:07:10 2018 (r339089)
@@ -25,6 +25,8 @@
* $FreeBSD$
*/
+#include <sys/types.h>
+#include <sys/extattr.h>
#include <sys/file.h>
#include <sys/stat.h>
@@ -37,11 +39,13 @@
static pid_t pid;
static uid_t uid = -1;
static gid_t gid = -1;
-static int filedesc;
+static int filedesc, retval;
static struct pollfd fds[1];
static mode_t mode = 0777;
static char extregex[80];
+static char buff[] = "ezio";
static const char *auclass = "fm";
+static const char *name = "authorname";
static const char *path = "fileforaudit";
static const char *errpath = "adirhasnoname/fileforaudit";
static const char *successreg = "fileforaudit.*return,success";
@@ -550,6 +554,468 @@ ATF_TC_CLEANUP(fchownat_failure, tc)
}
+ATF_TC_WITH_CLEANUP(chflags_success);
+ATF_TC_HEAD(chflags_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "chflags(2) call");
+}
+
+ATF_TC_BODY(chflags_success, tc)
+{
+ /* File needs to exist to call chflags(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, chflags(path, UF_OFFLINE));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(chflags_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chflags_failure);
+ATF_TC_HEAD(chflags_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "chflags(2) call");
+}
+
+ATF_TC_BODY(chflags_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, chflags(errpath, UF_OFFLINE));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(chflags_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchflags_success);
+ATF_TC_HEAD(fchflags_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fchflags(2) call");
+}
+
+ATF_TC_BODY(fchflags_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "fchflags.*%d.*ret.*success", pid);
+ /* File needs to exist to call fchflags(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fchflags(filedesc, UF_OFFLINE));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchflags_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchflags_failure);
+ATF_TC_HEAD(fchflags_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fchflags(2) call");
+}
+
+ATF_TC_BODY(fchflags_failure, tc)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list