svn commit: r339090 - stable/11/tests/sys/audit
Alan Somers
asomers at FreeBSD.org
Tue Oct 2 17:27:12 UTC 2018
Author: asomers
Date: Tue Oct 2 17:27:10 2018
New Revision: 339090
URL: https://svnweb.freebsd.org/changeset/base/339090
Log:
MFC r335319, r335354, r335374
r335319:
audit(4): add tests for send, recv, sendto, and recvfrom
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15869
r335354:
audit(4): add tests for ioctl(2)
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15872
r335374:
audit(4): add tests for utimes(2) and friends, mprotect, and undelete
Includes utimes(2), futimes(2), lutimes(2), futimesat(2), mprotect(2), and
undelete(2). undelete, for now, is tested only in failure mode.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15893
Added:
stable/11/tests/sys/audit/ioctl.c
- copied unchanged from r335354, head/tests/sys/audit/ioctl.c
Modified:
stable/11/tests/sys/audit/Makefile
stable/11/tests/sys/audit/file-attribute-modify.c
stable/11/tests/sys/audit/network.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/tests/sys/audit/Makefile
==============================================================================
--- stable/11/tests/sys/audit/Makefile Tue Oct 2 17:07:10 2018 (r339089)
+++ stable/11/tests/sys/audit/Makefile Tue Oct 2 17:27:10 2018 (r339090)
@@ -10,6 +10,7 @@ ATF_TESTS_C+= file-close
ATF_TESTS_C+= file-write
ATF_TESTS_C+= file-read
ATF_TESTS_C+= open
+ATF_TESTS_C+= ioctl
ATF_TESTS_C+= network
ATF_TESTS_C+= administrative
@@ -29,6 +30,8 @@ SRCS.file-read+= file-read.c
SRCS.file-read+= utils.c
SRCS.open+= open.c
SRCS.open+= utils.c
+SRCS.ioctl+= ioctl.c
+SRCS.ioctl+= utils.c
SRCS.network+= network.c
SRCS.network+= utils.c
SRCS.administrative+= administrative.c
Modified: stable/11/tests/sys/audit/file-attribute-modify.c
==============================================================================
--- stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:07:10 2018 (r339089)
+++ stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:27:10 2018 (r339090)
@@ -28,10 +28,13 @@
#include <sys/types.h>
#include <sys/extattr.h>
#include <sys/file.h>
+#include <sys/mman.h>
#include <sys/stat.h>
+#include <sys/time.h>
#include <atf-c.h>
#include <fcntl.h>
+#include <stdint.h>
#include <unistd.h>
#include "utils.h"
@@ -689,6 +692,257 @@ ATF_TC_CLEANUP(lchflags_failure, tc)
}
+ATF_TC_WITH_CLEANUP(utimes_success);
+ATF_TC_HEAD(utimes_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "utimes(2) call");
+}
+
+ATF_TC_BODY(utimes_success, tc)
+{
+ /* File needs to exist to call utimes(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, utimes(path, NULL));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(utimes_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(utimes_failure);
+ATF_TC_HEAD(utimes_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "utimes(2) call");
+}
+
+ATF_TC_BODY(utimes_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, utimes(errpath, NULL));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(utimes_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(futimes_success);
+ATF_TC_HEAD(futimes_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "futimes(2) call");
+}
+
+ATF_TC_BODY(futimes_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "futimes.*%d.*ret.*success", pid);
+
+ /* File needs to exist to call futimes(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, futimes(filedesc, NULL));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(futimes_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(futimes_failure);
+ATF_TC_HEAD(futimes_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "futimes(2) call");
+}
+
+ATF_TC_BODY(futimes_failure, tc)
+{
+ const char *regex = "futimes.*return,failure : Bad file descriptor";
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid file descriptor */
+ ATF_REQUIRE_EQ(-1, futimes(-1, NULL));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(futimes_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lutimes_success);
+ATF_TC_HEAD(lutimes_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "lutimes(2) call");
+}
+
+ATF_TC_BODY(lutimes_success, tc)
+{
+ /* Symbolic link needs to exist to call lutimes(2) */
+ ATF_REQUIRE_EQ(0, symlink("symlink", path));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, lutimes(path, NULL));
+ check_audit(fds, successreg, pipefd);
+}
+
+ATF_TC_CLEANUP(lutimes_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lutimes_failure);
+ATF_TC_HEAD(lutimes_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "lutimes(2) call");
+}
+
+ATF_TC_BODY(lutimes_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: symbolic link does not exist */
+ ATF_REQUIRE_EQ(-1, lutimes(errpath, NULL));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(lutimes_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(futimesat_success);
+ATF_TC_HEAD(futimesat_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "futimesat(2) call");
+}
+
+ATF_TC_BODY(futimesat_success, tc)
+{
+ /* File needs to exist to call futimesat(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, futimesat(AT_FDCWD, path, NULL));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(futimesat_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(futimesat_failure);
+ATF_TC_HEAD(futimesat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "futimesat(2) call");
+}
+
+ATF_TC_BODY(futimesat_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, futimesat(AT_FDCWD, errpath, NULL));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(futimesat_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(mprotect_success);
+ATF_TC_HEAD(mprotect_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "mprotect(2) call");
+}
+
+ATF_TC_BODY(mprotect_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "mprotect.*%d.*ret.*success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, mprotect(NULL, 0, PROT_NONE));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(mprotect_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(mprotect_failure);
+ATF_TC_HEAD(mprotect_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "mprotect(2) call");
+}
+
+ATF_TC_BODY(mprotect_failure, tc)
+{
+ const char *regex = "mprotect.*return,failure : Invalid argument";
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(-1, mprotect((void *)SIZE_MAX, -1, PROT_NONE));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(mprotect_failure, tc)
+{
+ cleanup();
+}
+
+/*
+ * undelete(2) only works on whiteout files in union file system. Hence, no
+ * test case for successful invocation.
+ */
+
+ATF_TC_WITH_CLEANUP(undelete_failure);
+ATF_TC_HEAD(undelete_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "undelete(2) call");
+}
+
+ATF_TC_BODY(undelete_failure, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "undelete.*%d.*ret.*failure", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: File does not exist */
+ ATF_REQUIRE_EQ(-1, undelete(errpath));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(undelete_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TC_WITH_CLEANUP(extattr_set_file_success);
ATF_TC_HEAD(extattr_set_file_success, tc)
{
@@ -1049,6 +1303,19 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, fchflags_failure);
ATF_TP_ADD_TC(tp, lchflags_success);
ATF_TP_ADD_TC(tp, lchflags_failure);
+
+ ATF_TP_ADD_TC(tp, utimes_success);
+ ATF_TP_ADD_TC(tp, utimes_failure);
+ ATF_TP_ADD_TC(tp, futimes_success);
+ ATF_TP_ADD_TC(tp, futimes_failure);
+ ATF_TP_ADD_TC(tp, lutimes_success);
+ ATF_TP_ADD_TC(tp, lutimes_failure);
+ ATF_TP_ADD_TC(tp, futimesat_success);
+ ATF_TP_ADD_TC(tp, futimesat_failure);
+
+ ATF_TP_ADD_TC(tp, mprotect_success);
+ ATF_TP_ADD_TC(tp, mprotect_failure);
+ ATF_TP_ADD_TC(tp, undelete_failure);
ATF_TP_ADD_TC(tp, extattr_set_file_success);
ATF_TP_ADD_TC(tp, extattr_set_file_failure);
Copied: stable/11/tests/sys/audit/ioctl.c (from r335354, head/tests/sys/audit/ioctl.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ stable/11/tests/sys/audit/ioctl.c Tue Oct 2 17:27:10 2018 (r339090, copy of r335354, head/tests/sys/audit/ioctl.c)
@@ -0,0 +1,103 @@
+/*-
+ * Copyright (c) 2018 Aniket Pandey
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/ioctl.h>
+
+#include <bsm/libbsm.h>
+#include <security/audit/audit_ioctl.h>
+
+#include <atf-c.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "utils.h"
+
+static int filedesc;
+static char ioregex[80];
+static const char *auclass = "io";
+static struct pollfd fds[1];
+static unsigned long request = AUDITPIPE_FLUSH;
+
+
+ATF_TC_WITH_CLEANUP(ioctl_success);
+ATF_TC_HEAD(ioctl_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "ioctl(2) call");
+}
+
+ATF_TC_BODY(ioctl_success, tc)
+{
+ /* auditpipe(4) supports quite a few ioctls */
+ ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1);
+ /* Prepare the regex to be checked in the audit record */
+ snprintf(ioregex, sizeof(ioregex),
+ "ioctl.*%#lx.*%#x.*return,success", request, filedesc);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE(ioctl(filedesc, request) != -1);
+ check_audit(fds, ioregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(ioctl_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(ioctl_failure);
+ATF_TC_HEAD(ioctl_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "ioctl(2) call");
+}
+
+ATF_TC_BODY(ioctl_failure, tc)
+{
+ snprintf(ioregex, sizeof(ioregex),
+ "ioctl.*%#lx.*return,failure : Bad file descriptor", request);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid file descriptor */
+ ATF_REQUIRE_EQ(-1, ioctl(-1, request));
+ check_audit(fds, ioregex, pipefd);
+}
+
+ATF_TC_CLEANUP(ioctl_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TP_ADD_TCS(tp)
+{
+ ATF_TP_ADD_TC(tp, ioctl_success);
+ ATF_TP_ADD_TC(tp, ioctl_failure);
+
+ return (atf_no_error());
+}
Modified: stable/11/tests/sys/audit/network.c
==============================================================================
--- stable/11/tests/sys/audit/network.c Tue Oct 2 17:07:10 2018 (r339089)
+++ stable/11/tests/sys/audit/network.c Tue Oct 2 17:27:10 2018 (r339090)
@@ -32,16 +32,20 @@
#include <atf-c.h>
#include <fcntl.h>
#include <stdarg.h>
-#include <unistd.h>
#include "utils.h"
+#define MAX_DATA 1024
#define SERVER_PATH "server"
-static int sockfd, sockfd2;
-static socklen_t len;
+static int sockfd, sockfd2, connectfd;
+static ssize_t data_bytes;
static struct pollfd fds[1];
+static struct sockaddr_un server;
static char extregex[80];
+static char data[MAX_DATA];
+static socklen_t len = sizeof(struct sockaddr_un);
+static char msgbuff[MAX_DATA] = "This message does not exist";
static const char *auclass = "nt";
static const char *nosupregex = "return,failure : Address family "
"not supported by protocol family";
@@ -66,11 +70,11 @@ close_sockets(int count, ...)
* Assign local filesystem address to a Unix domain socket
*/
static void
-assign_address(struct sockaddr_un *server)
+assign_address(struct sockaddr_un *serveraddr)
{
- memset(server, 0, sizeof(*server));
- server->sun_family = AF_UNIX;
- strcpy(server->sun_path, SERVER_PATH);
+ memset(serveraddr, 0, sizeof(*serveraddr));
+ serveraddr->sun_family = AF_UNIX;
+ strcpy(serveraddr->sun_path, SERVER_PATH);
}
@@ -203,12 +207,10 @@ ATF_TC_HEAD(setsockopt_failure, tc)
ATF_TC_BODY(setsockopt_failure, tc)
{
- int tr = 1;
snprintf(extregex, sizeof(extregex), "setsockopt.*%s", invalregex);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid socket descriptor */
- ATF_REQUIRE_EQ(-1, setsockopt(-1, SOL_SOCKET,
- SO_REUSEADDR, &tr, sizeof(int)));
+ ATF_REQUIRE_EQ(-1, setsockopt(-1, SOL_SOCKET, 0, NULL, 0));
check_audit(fds, extregex, pipefd);
}
@@ -227,10 +229,7 @@ ATF_TC_HEAD(bind_success, tc)
ATF_TC_BODY(bind_success, tc)
{
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
-
/* Preliminary socket setup */
ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
/* Check the presence of AF_UNIX address path in audit record */
@@ -258,10 +257,7 @@ ATF_TC_HEAD(bind_failure, tc)
ATF_TC_BODY(bind_failure, tc)
{
- /* Preliminary socket setup */
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
/* Check the presence of AF_UNIX path in audit record */
snprintf(extregex, sizeof(extregex),
"bind.*%s.*return,failure", SERVER_PATH);
@@ -287,10 +283,7 @@ ATF_TC_HEAD(bindat_success, tc)
ATF_TC_BODY(bindat_success, tc)
{
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
-
/* Preliminary socket setup */
ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
/* Check the presence of socket descriptor in audit record */
@@ -319,10 +312,7 @@ ATF_TC_HEAD(bindat_failure, tc)
ATF_TC_BODY(bindat_failure, tc)
{
- /* Preliminary socket setup */
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
snprintf(extregex, sizeof(extregex), "bindat.*%s", invalregex);
FILE *pipefd = setup(fds, auclass);
@@ -347,10 +337,7 @@ ATF_TC_HEAD(listen_success, tc)
ATF_TC_BODY(listen_success, tc)
{
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
-
/* Preliminary socket setup */
ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
@@ -401,14 +388,9 @@ ATF_TC_HEAD(connect_success, tc)
ATF_TC_BODY(connect_success, tc)
{
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
-
- /* Setup a non-blocking server socket */
- ATF_REQUIRE((sockfd = socket(PF_UNIX,
- SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1);
- /* Bind to the specified address and wait for connection */
+ /* Setup a server socket and bind to the specified address */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
ATF_REQUIRE_EQ(0, listen(sockfd, 1));
@@ -442,11 +424,7 @@ ATF_TC_HEAD(connect_failure, tc)
ATF_TC_BODY(connect_failure, tc)
{
- /* Preliminary socket setup */
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
-
/* Audit record must contain AF_UNIX address path */
snprintf(extregex, sizeof(extregex),
"connect.*%s.*return,failure", SERVER_PATH);
@@ -472,14 +450,9 @@ ATF_TC_HEAD(connectat_success, tc)
ATF_TC_BODY(connectat_success, tc)
{
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
-
- /* Setup a non-blocking server socket */
- ATF_REQUIRE((sockfd = socket(PF_UNIX,
- SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1);
- /* Bind to the specified address and wait for connection */
+ /* Setup a server socket and bind to the specified address */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
ATF_REQUIRE_EQ(0, listen(sockfd, 1));
@@ -514,10 +487,7 @@ ATF_TC_HEAD(connectat_failure, tc)
ATF_TC_BODY(connectat_failure, tc)
{
- /* Preliminary socket setup */
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
snprintf(extregex, sizeof(extregex), "connectat.*%s", invalregex);
FILE *pipefd = setup(fds, auclass);
@@ -542,15 +512,9 @@ ATF_TC_HEAD(accept_success, tc)
ATF_TC_BODY(accept_success, tc)
{
- int clientfd;
- struct sockaddr_un server;
assign_address(&server);
- len = sizeof(struct sockaddr_un);
-
- /* Setup a non-blocking server socket */
- ATF_REQUIRE((sockfd = socket(PF_UNIX,
- SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1);
- /* Bind to the specified address and wait for connection */
+ /* Setup a server socket and bind to the specified address */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
ATF_REQUIRE_EQ(0, listen(sockfd, 1));
@@ -559,15 +523,15 @@ ATF_TC_BODY(accept_success, tc)
ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len));
FILE *pipefd = setup(fds, auclass);
- ATF_REQUIRE((clientfd = accept(sockfd, NULL, &len)) != -1);
+ ATF_REQUIRE((connectfd = accept(sockfd, NULL, &len)) != -1);
- /* Audit record must contain clientfd & sockfd */
+ /* Audit record must contain connectfd & sockfd */
snprintf(extregex, sizeof(extregex),
- "accept.*0x%x.*return,success,%d", sockfd, clientfd);
+ "accept.*0x%x.*return,success,%d", sockfd, connectfd);
check_audit(fds, extregex, pipefd);
/* Close all socket descriptors */
- close_sockets(3, sockfd, sockfd2, clientfd);
+ close_sockets(3, sockfd, sockfd2, connectfd);
}
ATF_TC_CLEANUP(accept_success, tc)
@@ -585,14 +549,10 @@ ATF_TC_HEAD(accept_failure, tc)
ATF_TC_BODY(accept_failure, tc)
{
- /* Preliminary socket setup */
- struct sockaddr_un client;
- len = sizeof(struct sockaddr_un);
snprintf(extregex, sizeof(extregex), "accept.*%s", invalregex);
-
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid socket descriptor */
- ATF_REQUIRE_EQ(-1, accept(-1, (struct sockaddr *)&client, &len));
+ ATF_REQUIRE_EQ(-1, accept(-1, NULL, NULL));
check_audit(fds, extregex, pipefd);
}
@@ -602,6 +562,252 @@ ATF_TC_CLEANUP(accept_failure, tc)
}
+ATF_TC_WITH_CLEANUP(send_success);
+ATF_TC_HEAD(send_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "send(2) call");
+}
+
+ATF_TC_BODY(send_success, tc)
+{
+ assign_address(&server);
+ /* Setup a server socket and bind to the specified address */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
+ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
+ ATF_REQUIRE_EQ(0, listen(sockfd, 1));
+
+ /* Set up "blocking" client and connect with non-blocking server */
+ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
+ ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len));
+ ATF_REQUIRE((connectfd = accept(sockfd, NULL, &len)) != -1);
+
+ /* Send a sample message to the connected socket */
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE((data_bytes =
+ send(sockfd2, msgbuff, strlen(msgbuff), 0)) != -1);
+
+ /* Audit record must contain sockfd2 and data_bytes */
+ snprintf(extregex, sizeof(extregex),
+ "send.*0x%x.*return,success,%zd", sockfd2, data_bytes);
+ check_audit(fds, extregex, pipefd);
+
+ /* Close all socket descriptors */
+ close_sockets(3, sockfd, sockfd2, connectfd);
+}
+
+ATF_TC_CLEANUP(send_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(send_failure);
+ATF_TC_HEAD(send_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "send(2) call");
+}
+
+ATF_TC_BODY(send_failure, tc)
+{
+ snprintf(extregex, sizeof(extregex), "send.*%s", invalregex);
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid socket descriptor */
+ ATF_REQUIRE_EQ(-1, send(-1, NULL, 0, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(send_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(recv_success);
+ATF_TC_HEAD(recv_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "recv(2) call");
+}
+
+ATF_TC_BODY(recv_success, tc)
+{
+ assign_address(&server);
+ /* Setup a server socket and bind to the specified address */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
+ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
+ ATF_REQUIRE_EQ(0, listen(sockfd, 1));
+
+ /* Set up "blocking" client and connect with non-blocking server */
+ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
+ ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len));
+ ATF_REQUIRE((connectfd = accept(sockfd, NULL, &len)) != -1);
+ /* Send a sample message to the connected socket */
+ ATF_REQUIRE(send(sockfd2, msgbuff, strlen(msgbuff), 0) != -1);
+
+ /* Receive data once connectfd is ready for reading */
+ FILE *pipefd = setup(fds, auclass);
+ //ATF_REQUIRE(check_readfs(connectfd) != 0);
+ ATF_REQUIRE((data_bytes = recv(connectfd, data, MAX_DATA, 0)) != 0);
+
+ /* Audit record must contain connectfd and data_bytes */
+ snprintf(extregex, sizeof(extregex),
+ "recv.*0x%x.*return,success,%zd", connectfd, data_bytes);
+ check_audit(fds, extregex, pipefd);
+
+ /* Close all socket descriptors */
+ close_sockets(3, sockfd, sockfd2, connectfd);
+}
+
+ATF_TC_CLEANUP(recv_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(recv_failure);
+ATF_TC_HEAD(recv_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "recv(2) call");
+}
+
+ATF_TC_BODY(recv_failure, tc)
+{
+ snprintf(extregex, sizeof(extregex), "recv.*%s", invalregex);
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid socket descriptor */
+ ATF_REQUIRE_EQ(-1, recv(-1, NULL, 0, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(recv_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(sendto_success);
+ATF_TC_HEAD(sendto_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "sendto(2) call");
+}
+
+ATF_TC_BODY(sendto_success, tc)
+{
+ assign_address(&server);
+ /* Setup a server socket and bind to the specified address */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1);
+ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
+
+ /* Set up client socket to be used for sending the data */
+ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1);
+
+ /* Send a sample message to server's address */
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE((data_bytes = sendto(sockfd2, msgbuff,
+ strlen(msgbuff), 0, (struct sockaddr *)&server, len)) != -1);
+
+ /* Audit record must contain sockfd2 and data_bytes */
+ snprintf(extregex, sizeof(extregex),
+ "sendto.*0x%x.*return,success,%zd", sockfd2, data_bytes);
+ check_audit(fds, extregex, pipefd);
+
+ /* Close all socket descriptors */
+ close_sockets(2, sockfd, sockfd2);
+}
+
+ATF_TC_CLEANUP(sendto_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(sendto_failure);
+ATF_TC_HEAD(sendto_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "sendto(2) call");
+}
+
+ATF_TC_BODY(sendto_failure, tc)
+{
+ snprintf(extregex, sizeof(extregex), "sendto.*%s", invalregex);
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid socket descriptor */
+ ATF_REQUIRE_EQ(-1, sendto(-1, NULL, 0, 0, NULL, 0));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(sendto_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(recvfrom_success);
+ATF_TC_HEAD(recvfrom_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "recvfrom(2) call");
+}
+
+ATF_TC_BODY(recvfrom_success, tc)
+{
+ assign_address(&server);
+ /* Setup a server socket and bind to the specified address */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1);
+ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
+
+ /* Set up client socket to be used for sending the data */
+ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1);
+ ATF_REQUIRE(sendto(sockfd2, msgbuff, strlen(msgbuff), 0,
+ (struct sockaddr *)&server, len) != -1);
+
+ /* Receive data once sockfd is ready for reading */
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE((data_bytes = recvfrom(sockfd, data,
+ MAX_DATA, 0, NULL, &len)) != 0);
+
+ /* Audit record must contain sockfd and data_bytes */
+ snprintf(extregex, sizeof(extregex),
+ "recvfrom.*0x%x.*return,success,%zd", sockfd, data_bytes);
+ check_audit(fds, extregex, pipefd);
+
+ /* Close all socket descriptors */
+ close_sockets(2, sockfd, sockfd2);
+}
+
+ATF_TC_CLEANUP(recvfrom_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(recvfrom_failure);
+ATF_TC_HEAD(recvfrom_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "recvfrom(2) call");
+}
+
+ATF_TC_BODY(recvfrom_failure, tc)
+{
+ snprintf(extregex, sizeof(extregex), "recvfrom.*%s", invalregex);
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid socket descriptor */
+ ATF_REQUIRE_EQ(-1, recvfrom(-1, NULL, 0, 0, NULL, NULL));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(recvfrom_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, socket_success);
@@ -624,6 +830,16 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, connectat_failure);
ATF_TP_ADD_TC(tp, accept_success);
ATF_TP_ADD_TC(tp, accept_failure);
+
+ ATF_TP_ADD_TC(tp, send_success);
+ ATF_TP_ADD_TC(tp, send_failure);
+ ATF_TP_ADD_TC(tp, recv_success);
+ ATF_TP_ADD_TC(tp, recv_failure);
+
+ ATF_TP_ADD_TC(tp, sendto_success);
+ ATF_TP_ADD_TC(tp, sendto_failure);
+ ATF_TP_ADD_TC(tp, recvfrom_success);
+ ATF_TP_ADD_TC(tp, recvfrom_failure);
return (atf_no_error());
}
More information about the svn-src-all
mailing list