From owner-svn-src-stable@freebsd.org Tue Oct 2 16:23:35 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A40310A3F8C; Tue, 2 Oct 2018 16:23:35 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A49BB71EF4; Tue, 2 Oct 2018 16:23:34 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9DCF2241B; Tue, 2 Oct 2018 16:23:34 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w92GNYof041383; Tue, 2 Oct 2018 16:23:34 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w92GNXUW041378; Tue, 2 Oct 2018 16:23:33 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201810021623.w92GNXUW041378@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Tue, 2 Oct 2018 16:23:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r339087 - stable/11/tests/sys/audit X-SVN-Group: stable-11 X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: stable/11/tests/sys/audit X-SVN-Commit-Revision: 339087 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 16:23:35 -0000 Author: asomers Date: Tue Oct 2 16:23:33 2018 New Revision: 339087 URL: https://svnweb.freebsd.org/changeset/base/339087 Log: MFC many audit(4) tests. MFC r334471, r334487, r334496, r334592, r334668, r334933, r335067, r335105, r335136, r335140, r335145, r335207-r335208, r335215, and r335255-r335256. r334471: audit(4): Add tests for the fr class of syscalls readlink and readlinkat are the only syscalls in this class. open and openat are as well, but they'll be handled in a different file. Also, tidy up the copyright headers of recently added files in this area. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15636 r334487: audit(4): Add tests for the fw class of syscalls. truncate and ftruncate are the only syscalls in this class, apart from certain variations of open and openat, which will be handled in a different file. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15640 r334496: audit(4): add tests for the fd audit class The only syscalls in this class are rmdir, unlink, unlinkat, rename, and renameat. Also, set is_exclusive for all audit(4) tests, because they can start and stop auditd. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15647 r334592: audit(4): add tests for the cl audit class The only syscalls in this class are close, closefrom, munmap, and revoke. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15650 r334668: audit(4): add tests for open(2) and openat(2) These syscalls are atypical, because each one corresponds to several different audit events, and they each pass several different audit class filters. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15657 r334933: audit(4): add tests for stat(2) and friends This revision adds auditability tests for stat, lstat, fstat, and fstatat, all from the fa audit class. More tests from that audit class will follow. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15709 r335067: audit(4): Fix file descriptor leaks in ATF tests Submitted by: aniketp Reported by: Coverity CID: 1393343 1393346 1392695 1392781 1391709 1392078 1392413 CID: 1392014 1392521 1393344 1393345 1393347 1393348 1393349 CID: 1393354 1393355 1393356 1393357 1393358 1393360 1393362 CID: 1393368 1393369 1393370 1393371 1393372 1393373 1393376 CID: 1393380 1393384 1393387 1393388 1393389 Sponsored by: Google, Inc (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15782 r335105: audit(4): add tests for statfs(2), fstatfs(2), and getfsstat(2) Submitted by: aniketp Sponsored by: Google, Inc (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15750 r335136: audit(4): add tests for flock, fcntl, and fsync Submitted by: aniketp Sponsored by: Google, Inc (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15795 r335140: audit(4): fix typo from r335136 Typo in Makefile accidentally disabled some older tests X-MFC-With: 335136 r335145: audit(4): add tests for fhopen, fhstat, and fhstatfs Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15798 r335207: audit(4): add tests for access(2), chmod(2), and friends access(2), eaccess(2), faccessat(2), chmod(2), fchmod(2), lchmod(2), and fchmodat(2). Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15805 Differential Revision: https://reviews.freebsd.org/D15808 r335208: audit(4): improve formatting in tests/sys/audit/open.c [skip ci] Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15797 r335215: audit(4): Add a few tests for network-related syscalls Add tests for socket(2), socketpair(2), and setsockopt(2) Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15803 r335255: audit(4): add tests for bind(2), bindat(2), and listen(2) Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15843 r335256: audit(4): add tests for chown(2) and friends Includes chown, fchown, lchown, and fchownat Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15825 Added: stable/11/tests/sys/audit/file-attribute-access.c - copied, changed from r334933, head/tests/sys/audit/file-attribute-access.c stable/11/tests/sys/audit/file-attribute-modify.c - copied, changed from r335136, head/tests/sys/audit/file-attribute-modify.c stable/11/tests/sys/audit/file-close.c - copied, changed from r334592, head/tests/sys/audit/file-close.c stable/11/tests/sys/audit/file-delete.c - copied, changed from r334496, head/tests/sys/audit/file-delete.c stable/11/tests/sys/audit/file-read.c - copied unchanged from r334471, head/tests/sys/audit/file-read.c stable/11/tests/sys/audit/file-write.c - copied, changed from r334487, head/tests/sys/audit/file-write.c stable/11/tests/sys/audit/network.c - copied, changed from r335215, head/tests/sys/audit/network.c stable/11/tests/sys/audit/open.c - copied, changed from r334668, head/tests/sys/audit/open.c Modified: stable/11/tests/sys/audit/Makefile stable/11/tests/sys/audit/file-create.c stable/11/tests/sys/audit/utils.c stable/11/tests/sys/audit/utils.h Directory Properties: stable/11/ (props changed) Modified: stable/11/tests/sys/audit/Makefile ============================================================================== --- stable/11/tests/sys/audit/Makefile Tue Oct 2 16:01:33 2018 (r339086) +++ stable/11/tests/sys/audit/Makefile Tue Oct 2 16:23:33 2018 (r339087) @@ -2,16 +2,41 @@ TESTSDIR= ${TESTSBASE}/sys/audit -ATF_TESTS_C= file-create +ATF_TESTS_C= file-attribute-access +ATF_TESTS_C+= file-attribute-modify +ATF_TESTS_C+= file-create +ATF_TESTS_C+= file-delete +ATF_TESTS_C+= file-close +ATF_TESTS_C+= file-write +ATF_TESTS_C+= file-read +ATF_TESTS_C+= open +ATF_TESTS_C+= network +SRCS.file-attribute-access+= file-attribute-access.c +SRCS.file-attribute-access+= utils.c +SRCS.file-attribute-modify+= file-attribute-modify.c +SRCS.file-attribute-modify+= utils.c SRCS.file-create+= file-create.c SRCS.file-create+= utils.c +SRCS.file-delete+= file-delete.c +SRCS.file-delete+= utils.c +SRCS.file-close+= file-close.c +SRCS.file-close+= utils.c +SRCS.file-write+= file-write.c +SRCS.file-write+= utils.c +SRCS.file-read+= file-read.c +SRCS.file-read+= utils.c +SRCS.open+= open.c +SRCS.open+= utils.c +SRCS.network+= network.c +SRCS.network+= utils.c TEST_METADATA+= timeout="30" TEST_METADATA+= required_user="root" +TEST_METADATA+= is_exclusive="true" WARNS?= 6 -LDFLAGS+= -lbsm +LDFLAGS+= -lbsm -lutil .include Copied and modified: stable/11/tests/sys/audit/file-attribute-access.c (from r334933, head/tests/sys/audit/file-attribute-access.c) ============================================================================== --- head/tests/sys/audit/file-attribute-access.c Sun Jun 10 21:36:29 2018 (r334933, copy source) +++ stable/11/tests/sys/audit/file-attribute-access.c Tue Oct 2 16:23:33 2018 (r339087) @@ -25,6 +25,9 @@ * $FreeBSD$ */ +#include +#include +#include #include #include @@ -36,8 +39,12 @@ static struct pollfd fds[1]; static mode_t mode = 0777; +static pid_t pid; +static fhandle_t fht; +static int filedesc, fhdesc; static char extregex[80]; static struct stat statbuff; +static struct statfs statfsbuff; static const char *auclass = "fa"; static const char *path = "fileforaudit"; static const char *errpath = "dirdoesnotexist/fileforaudit"; @@ -55,10 +62,11 @@ ATF_TC_HEAD(stat_success, tc) ATF_TC_BODY(stat_success, tc) { /* File needs to exist to call stat(2) */ - ATF_REQUIRE(open(path, O_CREAT, mode) != -1); + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); FILE *pipefd = setup(fds, auclass); ATF_REQUIRE_EQ(0, stat(path, &statbuff)); check_audit(fds, successreg, pipefd); + close(filedesc); } ATF_TC_CLEANUP(stat_success, tc) @@ -140,7 +148,6 @@ ATF_TC_HEAD(fstat_success, tc) ATF_TC_BODY(fstat_success, tc) { - int filedesc; /* File needs to exist to call fstat(2) */ ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); FILE *pipefd = setup(fds, auclass); @@ -149,6 +156,7 @@ ATF_TC_BODY(fstat_success, tc) snprintf(extregex, sizeof(extregex), "fstat.*%jd.*return,success", (intmax_t)statbuff.st_ino); check_audit(fds, extregex, pipefd); + close(filedesc); } ATF_TC_CLEANUP(fstat_success, tc) @@ -224,6 +232,435 @@ ATF_TC_CLEANUP(fstatat_failure, tc) } +ATF_TC_WITH_CLEANUP(statfs_success); +ATF_TC_HEAD(statfs_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "statfs(2) call"); +} + +ATF_TC_BODY(statfs_success, tc) +{ + /* File needs to exist to call statfs(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, statfs(path, &statfsbuff)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(statfs_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(statfs_failure); +ATF_TC_HEAD(statfs_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "statfs(2) call"); +} + +ATF_TC_BODY(statfs_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, statfs(errpath, &statfsbuff)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(statfs_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatfs_success); +ATF_TC_HEAD(fstatfs_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstatfs(2) call"); +} + +ATF_TC_BODY(fstatfs_success, tc) +{ + /* File needs to exist to call fstat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); + /* Call stat(2) to store the Inode number of 'path' */ + ATF_REQUIRE_EQ(0, stat(path, &statbuff)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fstatfs(filedesc, &statfsbuff)); + + snprintf(extregex, sizeof(extregex), "fstatfs.*%jd.*return,success", + (intmax_t)statbuff.st_ino); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fstatfs_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fstatfs_failure); +ATF_TC_HEAD(fstatfs_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fstatfs(2) call"); +} + +ATF_TC_BODY(fstatfs_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + const char *regex = "fstatfs.*return,failure : Bad file descriptor"; + /* Failure reason: bad file descriptor */ + ATF_REQUIRE_EQ(-1, fstatfs(-1, &statfsbuff)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fstatfs_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getfsstat_success); +ATF_TC_HEAD(getfsstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getfsstat(2) call"); +} + +ATF_TC_BODY(getfsstat_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "getfsstat.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE(getfsstat(NULL, 0, MNT_NOWAIT) != -1); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(getfsstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getfsstat_failure); +ATF_TC_HEAD(getfsstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getfsstat(2) call"); +} + +ATF_TC_BODY(getfsstat_failure, tc) +{ + const char *regex = "getfsstat.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid value for mode */ + ATF_REQUIRE_EQ(-1, getfsstat(NULL, 0, -1)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(getfsstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhopen_success); +ATF_TC_HEAD(fhopen_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fhopen(2) call"); +} + +ATF_TC_BODY(fhopen_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fhopen.*%d.*return,success", pid); + + /* File needs to exist to get a file-handle */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Get the file handle to be passed to fhopen(2) */ + ATF_REQUIRE_EQ(0, getfh(path, &fht)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((fhdesc = fhopen(&fht, O_RDWR)) != -1); + check_audit(fds, extregex, pipefd); + + close(fhdesc); + close(filedesc); +} + +ATF_TC_CLEANUP(fhopen_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhopen_failure); +ATF_TC_HEAD(fhopen_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fhopen(2) call"); +} + +ATF_TC_BODY(fhopen_failure, tc) +{ + const char *regex = "fhopen.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, auclass); + /* + * Failure reason: NULL does not represent any file handle + * and O_CREAT is not allowed as the flag for fhopen(2) + */ + ATF_REQUIRE_EQ(-1, fhopen(NULL, O_CREAT)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fhopen_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstat_success); +ATF_TC_HEAD(fhstat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstat(2) call"); +} + +ATF_TC_BODY(fhstat_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fhstat.*%d.*return,success", pid); + + /* File needs to exist to get a file-handle */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Get the file handle to be passed to fhstat(2) */ + ATF_REQUIRE_EQ(0, getfh(path, &fht)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fhstat(&fht, &statbuff)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fhstat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstat_failure); +ATF_TC_HEAD(fhstat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fhstat(2) call"); +} + +ATF_TC_BODY(fhstat_failure, tc) +{ + const char *regex = "fhstat.*return,failure : Bad address"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: NULL does not represent any file handle */ + ATF_REQUIRE_EQ(-1, fhstat(NULL, NULL)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fhstat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstatfs_success); +ATF_TC_HEAD(fhstatfs_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fstatfs(2) call"); +} + +ATF_TC_BODY(fhstatfs_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fhstatfs.*%d.*success", pid); + + /* File needs to exist to get a file-handle */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Get the file handle to be passed to fhstatfs(2) */ + ATF_REQUIRE_EQ(0, getfh(path, &fht)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fhstatfs(&fht, &statfsbuff)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fhstatfs_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fhstatfs_failure); +ATF_TC_HEAD(fhstatfs_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fhstatfs(2) call"); +} + +ATF_TC_BODY(fhstatfs_failure, tc) +{ + const char *regex = "fhstatfs.*return,failure : Bad address"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: NULL does not represent any file handle */ + ATF_REQUIRE_EQ(-1, fhstatfs(NULL, NULL)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fhstatfs_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(access_success); +ATF_TC_HEAD(access_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "access(2) call"); +} + +ATF_TC_BODY(access_success, tc) +{ + /* File needs to exist to call access(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, access(path, F_OK)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(access_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(access_failure); +ATF_TC_HEAD(access_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "access(2) call"); +} + +ATF_TC_BODY(access_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, access(errpath, F_OK)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(access_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(eaccess_success); +ATF_TC_HEAD(eaccess_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "eaccess(2) call"); +} + +ATF_TC_BODY(eaccess_success, tc) +{ + /* File needs to exist to call eaccess(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, eaccess(path, F_OK)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(eaccess_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(eaccess_failure); +ATF_TC_HEAD(eaccess_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "eaccess(2) call"); +} + +ATF_TC_BODY(eaccess_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, eaccess(errpath, F_OK)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(eaccess_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(faccessat_success); +ATF_TC_HEAD(faccessat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "faccessat(2) call"); +} + +ATF_TC_BODY(faccessat_success, tc) +{ + /* File needs to exist to call faccessat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, faccessat(AT_FDCWD, path, F_OK, AT_EACCESS)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(faccessat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(faccessat_failure); +ATF_TC_HEAD(faccessat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "faccessat(2) call"); +} + +ATF_TC_BODY(faccessat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, faccessat(AT_FDCWD, errpath, F_OK, AT_EACCESS)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(faccessat_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, stat_success); @@ -234,6 +671,28 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, fstat_failure); ATF_TP_ADD_TC(tp, fstatat_success); ATF_TP_ADD_TC(tp, fstatat_failure); + + ATF_TP_ADD_TC(tp, statfs_success); + ATF_TP_ADD_TC(tp, statfs_failure); + ATF_TP_ADD_TC(tp, fstatfs_success); + ATF_TP_ADD_TC(tp, fstatfs_failure); + + ATF_TP_ADD_TC(tp, getfsstat_success); + ATF_TP_ADD_TC(tp, getfsstat_failure); + + ATF_TP_ADD_TC(tp, fhopen_success); + ATF_TP_ADD_TC(tp, fhopen_failure); + ATF_TP_ADD_TC(tp, fhstat_success); + ATF_TP_ADD_TC(tp, fhstat_failure); + ATF_TP_ADD_TC(tp, fhstatfs_success); + ATF_TP_ADD_TC(tp, fhstatfs_failure); + + ATF_TP_ADD_TC(tp, access_success); + ATF_TP_ADD_TC(tp, access_failure); + ATF_TP_ADD_TC(tp, eaccess_success); + ATF_TP_ADD_TC(tp, eaccess_failure); + ATF_TP_ADD_TC(tp, faccessat_success); + ATF_TP_ADD_TC(tp, faccessat_failure); return (atf_no_error()); } Copied and modified: stable/11/tests/sys/audit/file-attribute-modify.c (from r335136, head/tests/sys/audit/file-attribute-modify.c) ============================================================================== --- head/tests/sys/audit/file-attribute-modify.c Thu Jun 14 13:42:58 2018 (r335136, copy source) +++ stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 16:23:33 2018 (r339087) @@ -26,6 +26,7 @@ */ #include +#include #include #include @@ -34,12 +35,17 @@ #include "utils.h" static pid_t pid; +static uid_t uid = -1; +static gid_t gid = -1; static int filedesc; static struct pollfd fds[1]; static mode_t mode = 0777; static char extregex[80]; static const char *auclass = "fm"; static const char *path = "fileforaudit"; +static const char *errpath = "adirhasnoname/fileforaudit"; +static const char *successreg = "fileforaudit.*return,success"; +static const char *failurereg = "fileforaudit.*return,failure"; ATF_TC_WITH_CLEANUP(flock_success); @@ -186,6 +192,364 @@ ATF_TC_CLEANUP(fsync_failure, tc) } +ATF_TC_WITH_CLEANUP(chmod_success); +ATF_TC_HEAD(chmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chmod(2) call"); +} + +ATF_TC_BODY(chmod_success, tc) +{ + /* File needs to exist to call chmod(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, chmod(path, mode)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(chmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chmod_failure); +ATF_TC_HEAD(chmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chmod(2) call"); +} + +ATF_TC_BODY(chmod_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chmod(errpath, mode)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmod_success); +ATF_TC_HEAD(fchmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchmod(2) call"); +} + +ATF_TC_BODY(fchmod_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fchmod.*%d.*return,success", pid); + + /* File needs to exist to call fchmod(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchmod(filedesc, mode)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmod_failure); +ATF_TC_HEAD(fchmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchmod(2) call"); +} + +ATF_TC_BODY(fchmod_failure, tc) +{ + const char *regex = "fchmod.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fchmod(-1, mode)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchmod_success); +ATF_TC_HEAD(lchmod_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lchmod(2) call"); +} + +ATF_TC_BODY(lchmod_success, tc) +{ + /* Symbolic link needs to exist to call lchmod(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, lchmod(path, mode)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lchmod_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchmod_failure); +ATF_TC_HEAD(lchmod_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lchmod(2) call"); +} + +ATF_TC_BODY(lchmod_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, lchmod(errpath, mode)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lchmod_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmodat_success); +ATF_TC_HEAD(fchmodat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchmodat(2) call"); +} + +ATF_TC_BODY(fchmodat_success, tc) +{ + /* File needs to exist to call fchmodat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchmodat(AT_FDCWD, path, mode, 0)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchmodat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchmodat_failure); +ATF_TC_HEAD(fchmodat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchmodat(2) call"); +} + +ATF_TC_BODY(fchmodat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, fchmodat(AT_FDCWD, errpath, mode, 0)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fchmodat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chown_success); +ATF_TC_HEAD(chown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chown(2) call"); +} + +ATF_TC_BODY(chown_success, tc) +{ + /* File needs to exist to call chown(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, chown(path, uid, gid)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(chown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chown_failure); +ATF_TC_HEAD(chown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chown(2) call"); +} + +ATF_TC_BODY(chown_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chown(errpath, uid, gid)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchown_success); +ATF_TC_HEAD(fchown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchown(2) call"); +} + +ATF_TC_BODY(fchown_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fchown.*%d.*return,success", pid); + + /* File needs to exist to call fchown(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchown(filedesc, uid, gid)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchown_failure); +ATF_TC_HEAD(fchown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchown(2) call"); +} + +ATF_TC_BODY(fchown_failure, tc) +{ + const char *regex = "fchown.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, fchown(-1, uid, gid)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fchown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchown_success); +ATF_TC_HEAD(lchown_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lchown(2) call"); +} + +ATF_TC_BODY(lchown_success, tc) +{ + /* Symbolic link needs to exist to call lchown(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, lchown(path, uid, gid)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lchown_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lchown_failure); +ATF_TC_HEAD(lchown_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lchown(2) call"); +} + +ATF_TC_BODY(lchown_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lchown(errpath, uid, gid)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lchown_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchownat_success); +ATF_TC_HEAD(fchownat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchownat(2) call"); +} + +ATF_TC_BODY(fchownat_success, tc) +{ + /* File needs to exist to call fchownat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchownat(AT_FDCWD, path, uid, gid, 0)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchownat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchownat_failure); +ATF_TC_HEAD(fchownat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchownat(2) call"); +} + +ATF_TC_BODY(fchownat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, fchownat(AT_FDCWD, errpath, uid, gid, 0)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(fchownat_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, flock_success); @@ -194,6 +558,24 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, fcntl_failure); ATF_TP_ADD_TC(tp, fsync_success); ATF_TP_ADD_TC(tp, fsync_failure); + + ATF_TP_ADD_TC(tp, chmod_success); + ATF_TP_ADD_TC(tp, chmod_failure); + ATF_TP_ADD_TC(tp, fchmod_success); + ATF_TP_ADD_TC(tp, fchmod_failure); + ATF_TP_ADD_TC(tp, lchmod_success); + ATF_TP_ADD_TC(tp, lchmod_failure); + ATF_TP_ADD_TC(tp, fchmodat_success); + ATF_TP_ADD_TC(tp, fchmodat_failure); + + ATF_TP_ADD_TC(tp, chown_success); + ATF_TP_ADD_TC(tp, chown_failure); + ATF_TP_ADD_TC(tp, fchown_success); + ATF_TP_ADD_TC(tp, fchown_failure); + ATF_TP_ADD_TC(tp, lchown_success); + ATF_TP_ADD_TC(tp, lchown_failure); + ATF_TP_ADD_TC(tp, fchownat_success); + ATF_TP_ADD_TC(tp, fchownat_failure); return (atf_no_error()); } Copied and modified: stable/11/tests/sys/audit/file-close.c (from r334592, head/tests/sys/audit/file-close.c) ============================================================================== --- head/tests/sys/audit/file-close.c Sun Jun 3 23:36:29 2018 (r334592, copy source) +++ stable/11/tests/sys/audit/file-close.c Tue Oct 2 16:23:33 2018 (r339087) @@ -40,6 +40,7 @@ static pid_t pid; static struct pollfd fds[1]; static mode_t mode = 0777; +static int filedesc; static char extregex[80]; static struct stat statbuff; static const char *auclass = "cl"; @@ -103,7 +104,6 @@ ATF_TC_HEAD(close_success, tc) ATF_TC_BODY(close_success, tc) { - int filedesc; /* File needs to exist to call close(2) */ ATF_REQUIRE((filedesc = open(path, O_CREAT | O_RDWR, mode)) != -1); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***