From owner-svn-src-stable@freebsd.org Tue Oct 2 17:07:12 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5FFD10A55D6; Tue, 2 Oct 2018 17:07:11 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 76B0873974; Tue, 2 Oct 2018 17:07:11 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7152E2AD4; Tue, 2 Oct 2018 17:07:11 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w92H7BpI061951; Tue, 2 Oct 2018 17:07:11 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w92H7Avj061947; Tue, 2 Oct 2018 17:07:10 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201810021707.w92H7Avj061947@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Tue, 2 Oct 2018 17:07:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r339089 - stable/11/tests/sys/audit X-SVN-Group: stable-11 X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: stable/11/tests/sys/audit X-SVN-Commit-Revision: 339089 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 17:07:12 -0000 Author: asomers Date: Tue Oct 2 17:07:10 2018 New Revision: 339089 URL: https://svnweb.freebsd.org/changeset/base/339089 Log: MFC r335261, r335275, r335284-r335285, r335294, r335318, r335320, r335703 r335261: audit(4): add tests for pathconf(2) and friends pathconf, lpathconf, and fpathconf are included Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15842 r335275: audit(4): add tests for chflags and friends chflags, fchflags, and lchflags (but not chflagsat) are included. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15854 r335284: audit(4): add tests for extattr_get_file(2) and friends This commit includes extattr_{get_file, get_fd, get_link, list_file, list_fd, list_link}. It does not include any syscalls that modify, set, or delete extended attributes, as those are in a different audit class. Submitted by: aniketpt Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15859 r335285: audit(4): Add tests for a few syscalls in the ad class The ad audit class is for administrative commands. This commit adds test for settimeofday, adjtime, and getfh. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15861 r335294: audit(4): add tests for connect, connectat, and accept Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15853 r335318: audit(4): add tests for extattr_set_file and friends Includes extattr_{set_file, _set_fd, _set_link, _delete_file, _delete_fd, _delete_link} Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15867 r335320: audit(4): Add tests for {get/set}auid, {get/set}audit, {get/set}audit_addr Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15871 r335703: audit(4): fix Coverity issues Fix several incorrect buffer size arguments and a file descriptor leak. Submitted by: aniketp Reported by: Coverity CID: 1393489 1393501 1393509 1393510 1393514 1393515 1393516 CID: 1393517 1393518 1393519 X-MFC-With: 335284 X-MFC-With: 335318 X-MFC-With: 335320 Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D16000 Added: stable/11/tests/sys/audit/administrative.c - copied, changed from r335285, head/tests/sys/audit/administrative.c Modified: stable/11/tests/sys/audit/Makefile stable/11/tests/sys/audit/file-attribute-access.c stable/11/tests/sys/audit/file-attribute-modify.c stable/11/tests/sys/audit/network.c Directory Properties: stable/11/ (props changed) Modified: stable/11/tests/sys/audit/Makefile ============================================================================== --- stable/11/tests/sys/audit/Makefile Tue Oct 2 17:01:42 2018 (r339088) +++ stable/11/tests/sys/audit/Makefile Tue Oct 2 17:07:10 2018 (r339089) @@ -11,6 +11,7 @@ ATF_TESTS_C+= file-write ATF_TESTS_C+= file-read ATF_TESTS_C+= open ATF_TESTS_C+= network +ATF_TESTS_C+= administrative SRCS.file-attribute-access+= file-attribute-access.c SRCS.file-attribute-access+= utils.c @@ -30,6 +31,8 @@ SRCS.open+= open.c SRCS.open+= utils.c SRCS.network+= network.c SRCS.network+= utils.c +SRCS.administrative+= administrative.c +SRCS.administrative+= utils.c TEST_METADATA+= timeout="30" TEST_METADATA+= required_user="root" Copied and modified: stable/11/tests/sys/audit/administrative.c (from r335285, head/tests/sys/audit/administrative.c) ============================================================================== --- head/tests/sys/audit/administrative.c Sun Jun 17 16:24:46 2018 (r335285, copy source) +++ stable/11/tests/sys/audit/administrative.c Tue Oct 2 17:07:10 2018 (r339089) @@ -39,7 +39,7 @@ static pid_t pid; static int filedesc; static mode_t mode = 0777; static struct pollfd fds[1]; -static char adregex[60]; +static char adregex[80]; static const char *auclass = "ad"; static const char *path = "fileforaudit"; @@ -163,7 +163,7 @@ ATF_TC_BODY(nfs_getfh_success, tc) snprintf(adregex, sizeof(adregex), "nfs_getfh.*%d.*ret.*success", pid); /* File needs to exist to call getfh(2) */ - ATF_REQUIRE(filedesc = open(path, O_CREAT, mode) != -1); + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); FILE *pipefd = setup(fds, auclass); ATF_REQUIRE_EQ(0, getfh(path, &fhp)); check_audit(fds, adregex, pipefd); @@ -200,6 +200,301 @@ ATF_TC_CLEANUP(nfs_getfh_failure, tc) } +ATF_TC_WITH_CLEANUP(getauid_success); +ATF_TC_HEAD(getauid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getauid(2) call"); +} + +ATF_TC_BODY(getauid_success, tc) +{ + au_id_t auid; + pid = getpid(); + snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, getauid(&auid)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(getauid_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getauid_failure); +ATF_TC_HEAD(getauid_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getauid(2) call"); +} + +ATF_TC_BODY(getauid_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "getauid.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad address */ + ATF_REQUIRE_EQ(-1, getauid(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(getauid_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setauid_success); +ATF_TC_HEAD(setauid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setauid(2) call"); +} + +ATF_TC_BODY(setauid_success, tc) +{ + au_id_t auid; + pid = getpid(); + snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,success", pid); + ATF_REQUIRE_EQ(0, getauid(&auid)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setauid(&auid)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(setauid_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setauid_failure); +ATF_TC_HEAD(setauid_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setauid(2) call"); +} + +ATF_TC_BODY(setauid_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "setauid.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad address */ + ATF_REQUIRE_EQ(-1, setauid(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(setauid_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getaudit_success); +ATF_TC_HEAD(getaudit_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getaudit(2) call"); +} + +ATF_TC_BODY(getaudit_success, tc) +{ + pid = getpid(); + auditinfo_t auditinfo; + snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(getaudit_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getaudit_failure); +ATF_TC_HEAD(getaudit_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getaudit(2) call"); +} + +ATF_TC_BODY(getaudit_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "getaudit.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad address */ + ATF_REQUIRE_EQ(-1, getaudit(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(getaudit_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setaudit_success); +ATF_TC_HEAD(setaudit_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setaudit(2) call"); +} + +ATF_TC_BODY(setaudit_success, tc) +{ + pid = getpid(); + auditinfo_t auditinfo; + snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,success", pid); + ATF_REQUIRE_EQ(0, getaudit(&auditinfo)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setaudit(&auditinfo)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(setaudit_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setaudit_failure); +ATF_TC_HEAD(setaudit_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setaudit(2) call"); +} + +ATF_TC_BODY(setaudit_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), "setaudit.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad address */ + ATF_REQUIRE_EQ(-1, setaudit(NULL)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(setaudit_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getaudit_addr_success); +ATF_TC_HEAD(getaudit_addr_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getaudit_addr(2) call"); +} + +ATF_TC_BODY(getaudit_addr_success, tc) +{ + pid = getpid(); + auditinfo_addr_t auditinfo; + snprintf(adregex, sizeof(adregex), + "getaudit_addr.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(getaudit_addr_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getaudit_addr_failure); +ATF_TC_HEAD(getaudit_addr_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getaudit_addr(2) call"); +} + +ATF_TC_BODY(getaudit_addr_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), + "getaudit_addr.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad address */ + ATF_REQUIRE_EQ(-1, getaudit_addr(NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(getaudit_addr_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setaudit_addr_success); +ATF_TC_HEAD(setaudit_addr_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setaudit_addr(2) call"); +} + +ATF_TC_BODY(setaudit_addr_success, tc) +{ + pid = getpid(); + auditinfo_addr_t auditinfo; + snprintf(adregex, sizeof(adregex), + "setaudit_addr.*%d.*return,success", pid); + + ATF_REQUIRE_EQ(0, getaudit_addr(&auditinfo, sizeof(auditinfo))); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setaudit_addr(&auditinfo, sizeof(auditinfo))); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(setaudit_addr_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setaudit_addr_failure); +ATF_TC_HEAD(setaudit_addr_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setaudit_addr(2) call"); +} + +ATF_TC_BODY(setaudit_addr_failure, tc) +{ + pid = getpid(); + snprintf(adregex, sizeof(adregex), + "setaudit_addr.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad address */ + ATF_REQUIRE_EQ(-1, setaudit_addr(NULL, 0)); + check_audit(fds, adregex, pipefd); +} + +ATF_TC_CLEANUP(setaudit_addr_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, settimeofday_success); @@ -209,6 +504,21 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, nfs_getfh_success); ATF_TP_ADD_TC(tp, nfs_getfh_failure); + + ATF_TP_ADD_TC(tp, getauid_success); + ATF_TP_ADD_TC(tp, getauid_failure); + ATF_TP_ADD_TC(tp, setauid_success); + ATF_TP_ADD_TC(tp, setauid_failure); + + ATF_TP_ADD_TC(tp, getaudit_success); + ATF_TP_ADD_TC(tp, getaudit_failure); + ATF_TP_ADD_TC(tp, setaudit_success); + ATF_TP_ADD_TC(tp, setaudit_failure); + + ATF_TP_ADD_TC(tp, getaudit_addr_success); + ATF_TP_ADD_TC(tp, getaudit_addr_failure); + ATF_TP_ADD_TC(tp, setaudit_addr_success); + ATF_TP_ADD_TC(tp, setaudit_addr_failure); return (atf_no_error()); } Modified: stable/11/tests/sys/audit/file-attribute-access.c ============================================================================== --- stable/11/tests/sys/audit/file-attribute-access.c Tue Oct 2 17:01:42 2018 (r339088) +++ stable/11/tests/sys/audit/file-attribute-access.c Tue Oct 2 17:07:10 2018 (r339089) @@ -26,6 +26,7 @@ */ #include +#include #include #include #include @@ -43,9 +44,11 @@ static pid_t pid; static fhandle_t fht; static int filedesc, fhdesc; static char extregex[80]; +static char buff[] = "ezio"; static struct stat statbuff; static struct statfs statfsbuff; static const char *auclass = "fa"; +static const char *name = "authorname"; static const char *path = "fileforaudit"; static const char *errpath = "dirdoesnotexist/fileforaudit"; static const char *successreg = "fileforaudit.*return,success"; @@ -661,6 +664,478 @@ ATF_TC_CLEANUP(faccessat_failure, tc) } +ATF_TC_WITH_CLEANUP(pathconf_success); +ATF_TC_HEAD(pathconf_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "pathconf(2) call"); +} + +ATF_TC_BODY(pathconf_success, tc) +{ + /* File needs to exist to call pathconf(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + /* Get the maximum number of bytes of filename */ + ATF_REQUIRE(pathconf(path, _PC_NAME_MAX) != -1); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(pathconf_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(pathconf_failure); +ATF_TC_HEAD(pathconf_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "pathconf(2) call"); +} + +ATF_TC_BODY(pathconf_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, pathconf(errpath, _PC_NAME_MAX)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(pathconf_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lpathconf_success); +ATF_TC_HEAD(lpathconf_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lpathconf(2) call"); +} + +ATF_TC_BODY(lpathconf_success, tc) +{ + /* Symbolic link needs to exist to call lpathconf(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + /* Get the maximum number of bytes of symlink's name */ + ATF_REQUIRE(lpathconf(path, _PC_SYMLINK_MAX) != -1); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lpathconf_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lpathconf_failure); +ATF_TC_HEAD(lpathconf_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lpathconf(2) call"); +} + +ATF_TC_BODY(lpathconf_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lpathconf(errpath, _PC_SYMLINK_MAX)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lpathconf_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fpathconf_success); +ATF_TC_HEAD(fpathconf_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fpathconf(2) call"); +} + +ATF_TC_BODY(fpathconf_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fpathconf.*%d.*success", pid); + + /* File needs to exist to call fpathconf(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + /* Get the maximum number of bytes of filename */ + ATF_REQUIRE(fpathconf(filedesc, _PC_NAME_MAX) != -1); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fpathconf_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fpathconf_failure); +ATF_TC_HEAD(fpathconf_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fpathconf(2) call"); +} + +ATF_TC_BODY(fpathconf_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + const char *regex = "fpathconf.*return,failure : Bad file descriptor"; + /* Failure reason: Bad file descriptor */ + ATF_REQUIRE_EQ(-1, fpathconf(-1, _PC_NAME_MAX)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(fpathconf_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_get_file_success); +ATF_TC_HEAD(extattr_get_file_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_get_file(2) call"); +} + +ATF_TC_BODY(extattr_get_file_success, tc) +{ + /* File needs to exist to call extattr_get_file(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Set an extended attribute to be retrieved later on */ + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path, + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_get_file.*%s.*%s.*return,success", path, name); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(sizeof(buff), extattr_get_file(path, + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(extattr_get_file_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_get_file_failure); +ATF_TC_HEAD(extattr_get_file_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_get_file(2) call"); +} + +ATF_TC_BODY(extattr_get_file_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_get_file.*%s.*%s.*failure", path, name); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, extattr_get_file(path, + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_get_file_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_get_fd_success); +ATF_TC_HEAD(extattr_get_fd_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_get_fd(2) call"); +} + +ATF_TC_BODY(extattr_get_fd_success, tc) +{ + /* File needs to exist to call extattr_get_fd(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + /* Set an extended attribute to be retrieved later on */ + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_file(path, + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_get_fd.*%s.*return,success", name); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(sizeof(buff), extattr_get_fd(filedesc, + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(extattr_get_fd_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_get_fd_failure); +ATF_TC_HEAD(extattr_get_fd_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_get_fd(2) call"); +} + +ATF_TC_BODY(extattr_get_fd_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_get_fd.*%s.*return,failure : Bad file descriptor", name); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, extattr_get_fd(-1, + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_get_fd_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_get_link_success); +ATF_TC_HEAD(extattr_get_link_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_get_link(2) call"); +} + +ATF_TC_BODY(extattr_get_link_success, tc) +{ + /* Symbolic link needs to exist to call extattr_get_link(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + /* Set an extended attribute to be retrieved later on */ + ATF_REQUIRE_EQ(sizeof(buff), extattr_set_link(path, + EXTATTR_NAMESPACE_USER, name, buff, sizeof(buff))); + + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_get_link.*%s.*%s.*return,success", path, name); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(sizeof(buff), extattr_get_link(path, + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_get_link_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_get_link_failure); +ATF_TC_HEAD(extattr_get_link_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_get_link(2) call"); +} + +ATF_TC_BODY(extattr_get_link_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_get_link.*%s.*%s.*failure", path, name); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, extattr_get_link(path, + EXTATTR_NAMESPACE_USER, name, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_get_link_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_list_file_success); +ATF_TC_HEAD(extattr_list_file_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_list_file(2) call"); +} + +ATF_TC_BODY(extattr_list_file_success, tc) +{ + int readbuff; + /* File needs to exist to call extattr_list_file(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((readbuff = extattr_list_file(path, + EXTATTR_NAMESPACE_USER, NULL, 0)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_list_file.*%s.*return,success,%d", path, readbuff); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_list_file_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_list_file_failure); +ATF_TC_HEAD(extattr_list_file_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_list_file(2) call"); +} + +ATF_TC_BODY(extattr_list_file_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_list_file.*%s.*return,failure", path); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, extattr_list_file(path, + EXTATTR_NAMESPACE_USER, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_list_file_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_list_fd_success); +ATF_TC_HEAD(extattr_list_fd_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_list_fd(2) call"); +} + +ATF_TC_BODY(extattr_list_fd_success, tc) +{ + int readbuff; + /* File needs to exist to call extattr_list_fd(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((readbuff = extattr_list_fd(filedesc, + EXTATTR_NAMESPACE_USER, NULL, 0)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_list_fd.*return,success,%d", readbuff); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(extattr_list_fd_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_list_fd_failure); +ATF_TC_HEAD(extattr_list_fd_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_list_fd(2) call"); +} + +ATF_TC_BODY(extattr_list_fd_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_list_fd.*return,failure : Bad file descriptor"); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, + extattr_list_fd(-1, EXTATTR_NAMESPACE_USER, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_list_fd_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_list_link_success); +ATF_TC_HEAD(extattr_list_link_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "extattr_list_link(2) call"); +} + +ATF_TC_BODY(extattr_list_link_success, tc) +{ + int readbuff; + /* Symbolic link needs to exist to call extattr_list_link(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + + ATF_REQUIRE((readbuff = extattr_list_link(path, + EXTATTR_NAMESPACE_USER, NULL, 0)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_list_link.*%s.*return,success,%d", path, readbuff); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_list_link_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(extattr_list_link_failure); +ATF_TC_HEAD(extattr_list_link_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "extattr_list_link(2) call"); +} + +ATF_TC_BODY(extattr_list_link_failure, tc) +{ + /* Prepare the regex to be checked in the audit record */ + snprintf(extregex, sizeof(extregex), + "extattr_list_link.*%s.*failure", path); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, extattr_list_link(path, + EXTATTR_NAMESPACE_USER, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(extattr_list_link_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, stat_success); @@ -693,6 +1168,27 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, eaccess_failure); ATF_TP_ADD_TC(tp, faccessat_success); ATF_TP_ADD_TC(tp, faccessat_failure); + + ATF_TP_ADD_TC(tp, pathconf_success); + ATF_TP_ADD_TC(tp, pathconf_failure); + ATF_TP_ADD_TC(tp, lpathconf_success); + ATF_TP_ADD_TC(tp, lpathconf_failure); + ATF_TP_ADD_TC(tp, fpathconf_success); + ATF_TP_ADD_TC(tp, fpathconf_failure); + + ATF_TP_ADD_TC(tp, extattr_get_file_success); + ATF_TP_ADD_TC(tp, extattr_get_file_failure); + ATF_TP_ADD_TC(tp, extattr_get_fd_success); + ATF_TP_ADD_TC(tp, extattr_get_fd_failure); + ATF_TP_ADD_TC(tp, extattr_get_link_success); + ATF_TP_ADD_TC(tp, extattr_get_link_failure); + + ATF_TP_ADD_TC(tp, extattr_list_file_success); + ATF_TP_ADD_TC(tp, extattr_list_file_failure); + ATF_TP_ADD_TC(tp, extattr_list_fd_success); + ATF_TP_ADD_TC(tp, extattr_list_fd_failure); + ATF_TP_ADD_TC(tp, extattr_list_link_success); + ATF_TP_ADD_TC(tp, extattr_list_link_failure); return (atf_no_error()); } Modified: stable/11/tests/sys/audit/file-attribute-modify.c ============================================================================== --- stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:01:42 2018 (r339088) +++ stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:07:10 2018 (r339089) @@ -25,6 +25,8 @@ * $FreeBSD$ */ +#include +#include #include #include @@ -37,11 +39,13 @@ static pid_t pid; static uid_t uid = -1; static gid_t gid = -1; -static int filedesc; +static int filedesc, retval; static struct pollfd fds[1]; static mode_t mode = 0777; static char extregex[80]; +static char buff[] = "ezio"; static const char *auclass = "fm"; +static const char *name = "authorname"; static const char *path = "fileforaudit"; static const char *errpath = "adirhasnoname/fileforaudit"; static const char *successreg = "fileforaudit.*return,success"; @@ -550,6 +554,468 @@ ATF_TC_CLEANUP(fchownat_failure, tc) } +ATF_TC_WITH_CLEANUP(chflags_success); +ATF_TC_HEAD(chflags_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chflags(2) call"); +} + +ATF_TC_BODY(chflags_success, tc) +{ + /* File needs to exist to call chflags(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, chflags(path, UF_OFFLINE)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(chflags_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chflags_failure); +ATF_TC_HEAD(chflags_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chflags(2) call"); +} + +ATF_TC_BODY(chflags_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, chflags(errpath, UF_OFFLINE)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(chflags_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchflags_success); +ATF_TC_HEAD(fchflags_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchflags(2) call"); +} + +ATF_TC_BODY(fchflags_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "fchflags.*%d.*ret.*success", pid); + /* File needs to exist to call fchflags(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchflags(filedesc, UF_OFFLINE)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchflags_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchflags_failure); +ATF_TC_HEAD(fchflags_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchflags(2) call"); +} + +ATF_TC_BODY(fchflags_failure, tc) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***