svn commit: r339087 - stable/11/tests/sys/audit
Alan Somers
asomers at FreeBSD.org
Tue Oct 2 16:23:35 UTC 2018
Author: asomers
Date: Tue Oct 2 16:23:33 2018
New Revision: 339087
URL: https://svnweb.freebsd.org/changeset/base/339087
Log:
MFC many audit(4) tests.
MFC r334471, r334487, r334496, r334592, r334668, r334933, r335067, r335105,
r335136, r335140, r335145, r335207-r335208, r335215, and r335255-r335256.
r334471:
audit(4): Add tests for the fr class of syscalls
readlink and readlinkat are the only syscalls in this class. open and
openat are as well, but they'll be handled in a different file. Also, tidy
up the copyright headers of recently added files in this area.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15636
r334487:
audit(4): Add tests for the fw class of syscalls.
truncate and ftruncate are the only syscalls in this class, apart from
certain variations of open and openat, which will be handled in a different
file.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15640
r334496:
audit(4): add tests for the fd audit class
The only syscalls in this class are rmdir, unlink, unlinkat, rename, and
renameat. Also, set is_exclusive for all audit(4) tests, because they can
start and stop auditd.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15647
r334592:
audit(4): add tests for the cl audit class
The only syscalls in this class are close, closefrom, munmap, and revoke.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15650
r334668:
audit(4): add tests for open(2) and openat(2)
These syscalls are atypical, because each one corresponds to several
different audit events, and they each pass several different audit class
filters.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15657
r334933:
audit(4): add tests for stat(2) and friends
This revision adds auditability tests for stat, lstat, fstat, and fstatat,
all from the fa audit class. More tests from that audit class will follow.
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15709
r335067:
audit(4): Fix file descriptor leaks in ATF tests
Submitted by: aniketp
Reported by: Coverity
CID: 1393343 1393346 1392695 1392781 1391709 1392078 1392413
CID: 1392014 1392521 1393344 1393345 1393347 1393348 1393349
CID: 1393354 1393355 1393356 1393357 1393358 1393360 1393362
CID: 1393368 1393369 1393370 1393371 1393372 1393373 1393376
CID: 1393380 1393384 1393387 1393388 1393389
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15782
r335105:
audit(4): add tests for statfs(2), fstatfs(2), and getfsstat(2)
Submitted by: aniketp
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15750
r335136:
audit(4): add tests for flock, fcntl, and fsync
Submitted by: aniketp
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15795
r335140:
audit(4): fix typo from r335136
Typo in Makefile accidentally disabled some older tests
X-MFC-With: 335136
r335145:
audit(4): add tests for fhopen, fhstat, and fhstatfs
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15798
r335207:
audit(4): add tests for access(2), chmod(2), and friends
access(2), eaccess(2), faccessat(2), chmod(2), fchmod(2), lchmod(2), and
fchmodat(2).
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15805
Differential Revision: https://reviews.freebsd.org/D15808
r335208:
audit(4): improve formatting in tests/sys/audit/open.c
[skip ci]
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15797
r335215:
audit(4): Add a few tests for network-related syscalls
Add tests for socket(2), socketpair(2), and setsockopt(2)
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15803
r335255:
audit(4): add tests for bind(2), bindat(2), and listen(2)
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15843
r335256:
audit(4): add tests for chown(2) and friends
Includes chown, fchown, lchown, and fchownat
Submitted by: aniketp
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15825
Added:
stable/11/tests/sys/audit/file-attribute-access.c
- copied, changed from r334933, head/tests/sys/audit/file-attribute-access.c
stable/11/tests/sys/audit/file-attribute-modify.c
- copied, changed from r335136, head/tests/sys/audit/file-attribute-modify.c
stable/11/tests/sys/audit/file-close.c
- copied, changed from r334592, head/tests/sys/audit/file-close.c
stable/11/tests/sys/audit/file-delete.c
- copied, changed from r334496, head/tests/sys/audit/file-delete.c
stable/11/tests/sys/audit/file-read.c
- copied unchanged from r334471, head/tests/sys/audit/file-read.c
stable/11/tests/sys/audit/file-write.c
- copied, changed from r334487, head/tests/sys/audit/file-write.c
stable/11/tests/sys/audit/network.c
- copied, changed from r335215, head/tests/sys/audit/network.c
stable/11/tests/sys/audit/open.c
- copied, changed from r334668, head/tests/sys/audit/open.c
Modified:
stable/11/tests/sys/audit/Makefile
stable/11/tests/sys/audit/file-create.c
stable/11/tests/sys/audit/utils.c
stable/11/tests/sys/audit/utils.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/tests/sys/audit/Makefile
==============================================================================
--- stable/11/tests/sys/audit/Makefile Tue Oct 2 16:01:33 2018 (r339086)
+++ stable/11/tests/sys/audit/Makefile Tue Oct 2 16:23:33 2018 (r339087)
@@ -2,16 +2,41 @@
TESTSDIR= ${TESTSBASE}/sys/audit
-ATF_TESTS_C= file-create
+ATF_TESTS_C= file-attribute-access
+ATF_TESTS_C+= file-attribute-modify
+ATF_TESTS_C+= file-create
+ATF_TESTS_C+= file-delete
+ATF_TESTS_C+= file-close
+ATF_TESTS_C+= file-write
+ATF_TESTS_C+= file-read
+ATF_TESTS_C+= open
+ATF_TESTS_C+= network
+SRCS.file-attribute-access+= file-attribute-access.c
+SRCS.file-attribute-access+= utils.c
+SRCS.file-attribute-modify+= file-attribute-modify.c
+SRCS.file-attribute-modify+= utils.c
SRCS.file-create+= file-create.c
SRCS.file-create+= utils.c
+SRCS.file-delete+= file-delete.c
+SRCS.file-delete+= utils.c
+SRCS.file-close+= file-close.c
+SRCS.file-close+= utils.c
+SRCS.file-write+= file-write.c
+SRCS.file-write+= utils.c
+SRCS.file-read+= file-read.c
+SRCS.file-read+= utils.c
+SRCS.open+= open.c
+SRCS.open+= utils.c
+SRCS.network+= network.c
+SRCS.network+= utils.c
TEST_METADATA+= timeout="30"
TEST_METADATA+= required_user="root"
+TEST_METADATA+= is_exclusive="true"
WARNS?= 6
-LDFLAGS+= -lbsm
+LDFLAGS+= -lbsm -lutil
.include <bsd.test.mk>
Copied and modified: stable/11/tests/sys/audit/file-attribute-access.c (from r334933, head/tests/sys/audit/file-attribute-access.c)
==============================================================================
--- head/tests/sys/audit/file-attribute-access.c Sun Jun 10 21:36:29 2018 (r334933, copy source)
+++ stable/11/tests/sys/audit/file-attribute-access.c Tue Oct 2 16:23:33 2018 (r339087)
@@ -25,6 +25,9 @@
* $FreeBSD$
*/
+#include <sys/param.h>
+#include <sys/ucred.h>
+#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/syscall.h>
@@ -36,8 +39,12 @@
static struct pollfd fds[1];
static mode_t mode = 0777;
+static pid_t pid;
+static fhandle_t fht;
+static int filedesc, fhdesc;
static char extregex[80];
static struct stat statbuff;
+static struct statfs statfsbuff;
static const char *auclass = "fa";
static const char *path = "fileforaudit";
static const char *errpath = "dirdoesnotexist/fileforaudit";
@@ -55,10 +62,11 @@ ATF_TC_HEAD(stat_success, tc)
ATF_TC_BODY(stat_success, tc)
{
/* File needs to exist to call stat(2) */
- ATF_REQUIRE(open(path, O_CREAT, mode) != -1);
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, stat(path, &statbuff));
check_audit(fds, successreg, pipefd);
+ close(filedesc);
}
ATF_TC_CLEANUP(stat_success, tc)
@@ -140,7 +148,6 @@ ATF_TC_HEAD(fstat_success, tc)
ATF_TC_BODY(fstat_success, tc)
{
- int filedesc;
/* File needs to exist to call fstat(2) */
ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
FILE *pipefd = setup(fds, auclass);
@@ -149,6 +156,7 @@ ATF_TC_BODY(fstat_success, tc)
snprintf(extregex, sizeof(extregex),
"fstat.*%jd.*return,success", (intmax_t)statbuff.st_ino);
check_audit(fds, extregex, pipefd);
+ close(filedesc);
}
ATF_TC_CLEANUP(fstat_success, tc)
@@ -224,6 +232,435 @@ ATF_TC_CLEANUP(fstatat_failure, tc)
}
+ATF_TC_WITH_CLEANUP(statfs_success);
+ATF_TC_HEAD(statfs_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "statfs(2) call");
+}
+
+ATF_TC_BODY(statfs_success, tc)
+{
+ /* File needs to exist to call statfs(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, statfs(path, &statfsbuff));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(statfs_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(statfs_failure);
+ATF_TC_HEAD(statfs_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "statfs(2) call");
+}
+
+ATF_TC_BODY(statfs_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, statfs(errpath, &statfsbuff));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(statfs_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fstatfs_success);
+ATF_TC_HEAD(fstatfs_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fstatfs(2) call");
+}
+
+ATF_TC_BODY(fstatfs_success, tc)
+{
+ /* File needs to exist to call fstat(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
+ /* Call stat(2) to store the Inode number of 'path' */
+ ATF_REQUIRE_EQ(0, stat(path, &statbuff));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fstatfs(filedesc, &statfsbuff));
+
+ snprintf(extregex, sizeof(extregex), "fstatfs.*%jd.*return,success",
+ (intmax_t)statbuff.st_ino);
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fstatfs_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fstatfs_failure);
+ATF_TC_HEAD(fstatfs_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fstatfs(2) call");
+}
+
+ATF_TC_BODY(fstatfs_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ const char *regex = "fstatfs.*return,failure : Bad file descriptor";
+ /* Failure reason: bad file descriptor */
+ ATF_REQUIRE_EQ(-1, fstatfs(-1, &statfsbuff));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fstatfs_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getfsstat_success);
+ATF_TC_HEAD(getfsstat_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "getfsstat(2) call");
+}
+
+ATF_TC_BODY(getfsstat_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "getfsstat.*%d.*success", pid);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE(getfsstat(NULL, 0, MNT_NOWAIT) != -1);
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getfsstat_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getfsstat_failure);
+ATF_TC_HEAD(getfsstat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "getfsstat(2) call");
+}
+
+ATF_TC_BODY(getfsstat_failure, tc)
+{
+ const char *regex = "getfsstat.*return,failure : Invalid argument";
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid value for mode */
+ ATF_REQUIRE_EQ(-1, getfsstat(NULL, 0, -1));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(getfsstat_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fhopen_success);
+ATF_TC_HEAD(fhopen_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fhopen(2) call");
+}
+
+ATF_TC_BODY(fhopen_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "fhopen.*%d.*return,success", pid);
+
+ /* File needs to exist to get a file-handle */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ /* Get the file handle to be passed to fhopen(2) */
+ ATF_REQUIRE_EQ(0, getfh(path, &fht));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE((fhdesc = fhopen(&fht, O_RDWR)) != -1);
+ check_audit(fds, extregex, pipefd);
+
+ close(fhdesc);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fhopen_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fhopen_failure);
+ATF_TC_HEAD(fhopen_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fhopen(2) call");
+}
+
+ATF_TC_BODY(fhopen_failure, tc)
+{
+ const char *regex = "fhopen.*return,failure : Invalid argument";
+ FILE *pipefd = setup(fds, auclass);
+ /*
+ * Failure reason: NULL does not represent any file handle
+ * and O_CREAT is not allowed as the flag for fhopen(2)
+ */
+ ATF_REQUIRE_EQ(-1, fhopen(NULL, O_CREAT));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fhopen_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fhstat_success);
+ATF_TC_HEAD(fhstat_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fstat(2) call");
+}
+
+ATF_TC_BODY(fhstat_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "fhstat.*%d.*return,success", pid);
+
+ /* File needs to exist to get a file-handle */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ /* Get the file handle to be passed to fhstat(2) */
+ ATF_REQUIRE_EQ(0, getfh(path, &fht));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fhstat(&fht, &statbuff));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fhstat_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fhstat_failure);
+ATF_TC_HEAD(fhstat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fhstat(2) call");
+}
+
+ATF_TC_BODY(fhstat_failure, tc)
+{
+ const char *regex = "fhstat.*return,failure : Bad address";
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: NULL does not represent any file handle */
+ ATF_REQUIRE_EQ(-1, fhstat(NULL, NULL));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fhstat_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fhstatfs_success);
+ATF_TC_HEAD(fhstatfs_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fstatfs(2) call");
+}
+
+ATF_TC_BODY(fhstatfs_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "fhstatfs.*%d.*success", pid);
+
+ /* File needs to exist to get a file-handle */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ /* Get the file handle to be passed to fhstatfs(2) */
+ ATF_REQUIRE_EQ(0, getfh(path, &fht));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fhstatfs(&fht, &statfsbuff));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fhstatfs_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fhstatfs_failure);
+ATF_TC_HEAD(fhstatfs_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fhstatfs(2) call");
+}
+
+ATF_TC_BODY(fhstatfs_failure, tc)
+{
+ const char *regex = "fhstatfs.*return,failure : Bad address";
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: NULL does not represent any file handle */
+ ATF_REQUIRE_EQ(-1, fhstatfs(NULL, NULL));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fhstatfs_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(access_success);
+ATF_TC_HEAD(access_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "access(2) call");
+}
+
+ATF_TC_BODY(access_success, tc)
+{
+ /* File needs to exist to call access(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, access(path, F_OK));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(access_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(access_failure);
+ATF_TC_HEAD(access_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "access(2) call");
+}
+
+ATF_TC_BODY(access_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, access(errpath, F_OK));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(access_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(eaccess_success);
+ATF_TC_HEAD(eaccess_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "eaccess(2) call");
+}
+
+ATF_TC_BODY(eaccess_success, tc)
+{
+ /* File needs to exist to call eaccess(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, eaccess(path, F_OK));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(eaccess_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(eaccess_failure);
+ATF_TC_HEAD(eaccess_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "eaccess(2) call");
+}
+
+ATF_TC_BODY(eaccess_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, eaccess(errpath, F_OK));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(eaccess_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(faccessat_success);
+ATF_TC_HEAD(faccessat_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "faccessat(2) call");
+}
+
+ATF_TC_BODY(faccessat_success, tc)
+{
+ /* File needs to exist to call faccessat(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, faccessat(AT_FDCWD, path, F_OK, AT_EACCESS));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(faccessat_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(faccessat_failure);
+ATF_TC_HEAD(faccessat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "faccessat(2) call");
+}
+
+ATF_TC_BODY(faccessat_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, faccessat(AT_FDCWD, errpath, F_OK, AT_EACCESS));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(faccessat_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, stat_success);
@@ -234,6 +671,28 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, fstat_failure);
ATF_TP_ADD_TC(tp, fstatat_success);
ATF_TP_ADD_TC(tp, fstatat_failure);
+
+ ATF_TP_ADD_TC(tp, statfs_success);
+ ATF_TP_ADD_TC(tp, statfs_failure);
+ ATF_TP_ADD_TC(tp, fstatfs_success);
+ ATF_TP_ADD_TC(tp, fstatfs_failure);
+
+ ATF_TP_ADD_TC(tp, getfsstat_success);
+ ATF_TP_ADD_TC(tp, getfsstat_failure);
+
+ ATF_TP_ADD_TC(tp, fhopen_success);
+ ATF_TP_ADD_TC(tp, fhopen_failure);
+ ATF_TP_ADD_TC(tp, fhstat_success);
+ ATF_TP_ADD_TC(tp, fhstat_failure);
+ ATF_TP_ADD_TC(tp, fhstatfs_success);
+ ATF_TP_ADD_TC(tp, fhstatfs_failure);
+
+ ATF_TP_ADD_TC(tp, access_success);
+ ATF_TP_ADD_TC(tp, access_failure);
+ ATF_TP_ADD_TC(tp, eaccess_success);
+ ATF_TP_ADD_TC(tp, eaccess_failure);
+ ATF_TP_ADD_TC(tp, faccessat_success);
+ ATF_TP_ADD_TC(tp, faccessat_failure);
return (atf_no_error());
}
Copied and modified: stable/11/tests/sys/audit/file-attribute-modify.c (from r335136, head/tests/sys/audit/file-attribute-modify.c)
==============================================================================
--- head/tests/sys/audit/file-attribute-modify.c Thu Jun 14 13:42:58 2018 (r335136, copy source)
+++ stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 16:23:33 2018 (r339087)
@@ -26,6 +26,7 @@
*/
#include <sys/file.h>
+#include <sys/stat.h>
#include <atf-c.h>
#include <fcntl.h>
@@ -34,12 +35,17 @@
#include "utils.h"
static pid_t pid;
+static uid_t uid = -1;
+static gid_t gid = -1;
static int filedesc;
static struct pollfd fds[1];
static mode_t mode = 0777;
static char extregex[80];
static const char *auclass = "fm";
static const char *path = "fileforaudit";
+static const char *errpath = "adirhasnoname/fileforaudit";
+static const char *successreg = "fileforaudit.*return,success";
+static const char *failurereg = "fileforaudit.*return,failure";
ATF_TC_WITH_CLEANUP(flock_success);
@@ -186,6 +192,364 @@ ATF_TC_CLEANUP(fsync_failure, tc)
}
+ATF_TC_WITH_CLEANUP(chmod_success);
+ATF_TC_HEAD(chmod_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "chmod(2) call");
+}
+
+ATF_TC_BODY(chmod_success, tc)
+{
+ /* File needs to exist to call chmod(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, chmod(path, mode));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(chmod_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chmod_failure);
+ATF_TC_HEAD(chmod_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "chmod(2) call");
+}
+
+ATF_TC_BODY(chmod_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, chmod(errpath, mode));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(chmod_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchmod_success);
+ATF_TC_HEAD(fchmod_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fchmod(2) call");
+}
+
+ATF_TC_BODY(fchmod_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "fchmod.*%d.*return,success", pid);
+
+ /* File needs to exist to call fchmod(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fchmod(filedesc, mode));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchmod_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchmod_failure);
+ATF_TC_HEAD(fchmod_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fchmod(2) call");
+}
+
+ATF_TC_BODY(fchmod_failure, tc)
+{
+ const char *regex = "fchmod.*return,failure : Bad file descriptor";
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid file descriptor */
+ ATF_REQUIRE_EQ(-1, fchmod(-1, mode));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fchmod_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lchmod_success);
+ATF_TC_HEAD(lchmod_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "lchmod(2) call");
+}
+
+ATF_TC_BODY(lchmod_success, tc)
+{
+ /* Symbolic link needs to exist to call lchmod(2) */
+ ATF_REQUIRE_EQ(0, symlink("symlink", path));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, lchmod(path, mode));
+ check_audit(fds, successreg, pipefd);
+}
+
+ATF_TC_CLEANUP(lchmod_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lchmod_failure);
+ATF_TC_HEAD(lchmod_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "lchmod(2) call");
+}
+
+ATF_TC_BODY(lchmod_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, lchmod(errpath, mode));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(lchmod_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchmodat_success);
+ATF_TC_HEAD(fchmodat_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fchmodat(2) call");
+}
+
+ATF_TC_BODY(fchmodat_success, tc)
+{
+ /* File needs to exist to call fchmodat(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fchmodat(AT_FDCWD, path, mode, 0));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchmodat_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchmodat_failure);
+ATF_TC_HEAD(fchmodat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fchmodat(2) call");
+}
+
+ATF_TC_BODY(fchmodat_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, fchmodat(AT_FDCWD, errpath, mode, 0));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(fchmodat_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chown_success);
+ATF_TC_HEAD(chown_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "chown(2) call");
+}
+
+ATF_TC_BODY(chown_success, tc)
+{
+ /* File needs to exist to call chown(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, chown(path, uid, gid));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(chown_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chown_failure);
+ATF_TC_HEAD(chown_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "chown(2) call");
+}
+
+ATF_TC_BODY(chown_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, chown(errpath, uid, gid));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(chown_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchown_success);
+ATF_TC_HEAD(fchown_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fchown(2) call");
+}
+
+ATF_TC_BODY(fchown_success, tc)
+{
+ pid = getpid();
+ snprintf(extregex, sizeof(extregex), "fchown.*%d.*return,success", pid);
+
+ /* File needs to exist to call fchown(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fchown(filedesc, uid, gid));
+ check_audit(fds, extregex, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchown_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchown_failure);
+ATF_TC_HEAD(fchown_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fchown(2) call");
+}
+
+ATF_TC_BODY(fchown_failure, tc)
+{
+ const char *regex = "fchown.*return,failure : Bad file descriptor";
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid file descriptor */
+ ATF_REQUIRE_EQ(-1, fchown(-1, uid, gid));
+ check_audit(fds, regex, pipefd);
+}
+
+ATF_TC_CLEANUP(fchown_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lchown_success);
+ATF_TC_HEAD(lchown_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "lchown(2) call");
+}
+
+ATF_TC_BODY(lchown_success, tc)
+{
+ /* Symbolic link needs to exist to call lchown(2) */
+ ATF_REQUIRE_EQ(0, symlink("symlink", path));
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, lchown(path, uid, gid));
+ check_audit(fds, successreg, pipefd);
+}
+
+ATF_TC_CLEANUP(lchown_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(lchown_failure);
+ATF_TC_HEAD(lchown_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "lchown(2) call");
+}
+
+ATF_TC_BODY(lchown_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Symbolic link does not exist */
+ ATF_REQUIRE_EQ(-1, lchown(errpath, uid, gid));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(lchown_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchownat_success);
+ATF_TC_HEAD(fchownat_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fchownat(2) call");
+}
+
+ATF_TC_BODY(fchownat_success, tc)
+{
+ /* File needs to exist to call fchownat(2) */
+ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, fchownat(AT_FDCWD, path, uid, gid, 0));
+ check_audit(fds, successreg, pipefd);
+ close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchownat_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchownat_failure);
+ATF_TC_HEAD(fchownat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fchownat(2) call");
+}
+
+ATF_TC_BODY(fchownat_failure, tc)
+{
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: file does not exist */
+ ATF_REQUIRE_EQ(-1, fchownat(AT_FDCWD, errpath, uid, gid, 0));
+ check_audit(fds, failurereg, pipefd);
+}
+
+ATF_TC_CLEANUP(fchownat_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, flock_success);
@@ -194,6 +558,24 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, fcntl_failure);
ATF_TP_ADD_TC(tp, fsync_success);
ATF_TP_ADD_TC(tp, fsync_failure);
+
+ ATF_TP_ADD_TC(tp, chmod_success);
+ ATF_TP_ADD_TC(tp, chmod_failure);
+ ATF_TP_ADD_TC(tp, fchmod_success);
+ ATF_TP_ADD_TC(tp, fchmod_failure);
+ ATF_TP_ADD_TC(tp, lchmod_success);
+ ATF_TP_ADD_TC(tp, lchmod_failure);
+ ATF_TP_ADD_TC(tp, fchmodat_success);
+ ATF_TP_ADD_TC(tp, fchmodat_failure);
+
+ ATF_TP_ADD_TC(tp, chown_success);
+ ATF_TP_ADD_TC(tp, chown_failure);
+ ATF_TP_ADD_TC(tp, fchown_success);
+ ATF_TP_ADD_TC(tp, fchown_failure);
+ ATF_TP_ADD_TC(tp, lchown_success);
+ ATF_TP_ADD_TC(tp, lchown_failure);
+ ATF_TP_ADD_TC(tp, fchownat_success);
+ ATF_TP_ADD_TC(tp, fchownat_failure);
return (atf_no_error());
}
Copied and modified: stable/11/tests/sys/audit/file-close.c (from r334592, head/tests/sys/audit/file-close.c)
==============================================================================
--- head/tests/sys/audit/file-close.c Sun Jun 3 23:36:29 2018 (r334592, copy source)
+++ stable/11/tests/sys/audit/file-close.c Tue Oct 2 16:23:33 2018 (r339087)
@@ -40,6 +40,7 @@
static pid_t pid;
static struct pollfd fds[1];
static mode_t mode = 0777;
+static int filedesc;
static char extregex[80];
static struct stat statbuff;
static const char *auclass = "cl";
@@ -103,7 +104,6 @@ ATF_TC_HEAD(close_success, tc)
ATF_TC_BODY(close_success, tc)
{
- int filedesc;
/* File needs to exist to call close(2) */
ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1);
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable
mailing list