From owner-svn-src-head@freebsd.org Tue Jun 26 20:26:58 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0782F10187E4; Tue, 26 Jun 2018 20:26:58 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B103782DBB; Tue, 26 Jun 2018 20:26:57 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9310D192A3; Tue, 26 Jun 2018 20:26:57 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5QKQvje044000; Tue, 26 Jun 2018 20:26:57 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5QKQvjD043999; Tue, 26 Jun 2018 20:26:57 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201806262026.w5QKQvjD043999@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Tue, 26 Jun 2018 20:26:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r335679 - head/tests/sys/audit X-SVN-Group: head X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: head/tests/sys/audit X-SVN-Commit-Revision: 335679 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2018 20:26:58 -0000 Author: asomers Date: Tue Jun 26 20:26:57 2018 New Revision: 335679 URL: https://svnweb.freebsd.org/changeset/base/335679 Log: audit(4): add tests for the process-control audit class Tested syscalls include rfork(2), chdir(2), fchdir(2), chroot(2), getresuid(2), getresgid(2), setpriority(2), setgroups(2), setpgrp(2), setrlimit(2), setlogin(2), mlock(2), munlock(2), minherit(2), rtprio(2), profil(2), ktrace(2), ptrace(2), fork(2), umask(2), setuid(2), setgid(2), seteuid(2), and setegid(2). The last six are only tested in the success case, either because they're infalliable or a failure is difficult to cause on-demand. Submitted by: aniketp MFC after: 2 weeks Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15966 Added: head/tests/sys/audit/process-control.c (contents, props changed) Modified: head/tests/sys/audit/Makefile Modified: head/tests/sys/audit/Makefile ============================================================================== --- head/tests/sys/audit/Makefile Tue Jun 26 19:57:47 2018 (r335678) +++ head/tests/sys/audit/Makefile Tue Jun 26 20:26:57 2018 (r335679) @@ -14,6 +14,7 @@ ATF_TESTS_C+= ioctl ATF_TESTS_C+= network ATF_TESTS_C+= inter-process ATF_TESTS_C+= administrative +ATF_TESTS_C+= process-control SRCS.file-attribute-access+= file-attribute-access.c SRCS.file-attribute-access+= utils.c @@ -39,6 +40,8 @@ SRCS.inter-process+= inter-process.c SRCS.inter-process+= utils.c SRCS.administrative+= administrative.c SRCS.administrative+= utils.c +SRCS.process-control+= process-control.c +SRCS.process-control+= utils.c TEST_METADATA+= timeout="30" TEST_METADATA+= required_user="root" Added: head/tests/sys/audit/process-control.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/audit/process-control.c Tue Jun 26 20:26:57 2018 (r335679) @@ -0,0 +1,1265 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "utils.h" + +static pid_t pid; +static int filedesc, status; +static struct pollfd fds[1]; +static char pcregex[80]; +static const char *auclass = "pc"; + + +ATF_TC_WITH_CLEANUP(fork_success); +ATF_TC_HEAD(fork_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fork(2) call"); +} + +ATF_TC_BODY(fork_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + /* Check if fork(2) succeded. If so, exit from the child process */ + ATF_REQUIRE((pid = fork()) != -1); + if (pid) + check_audit(fds, pcregex, pipefd); + else + _exit(0); + +} + +ATF_TC_CLEANUP(fork_success, tc) +{ + cleanup(); +} + +/* + * No fork(2) in failure mode since possibilities for failure are only when + * user is not privileged or when the number of processes exceed KERN_MAXPROC. + */ + + +ATF_TC_WITH_CLEANUP(rfork_success); +ATF_TC_HEAD(rfork_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "rfork(2) call"); +} + +ATF_TC_BODY(rfork_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((pid = rfork(RFPROC)) != -1); + if (pid) + check_audit(fds, pcregex, pipefd); + else + _exit(0); + +} + +ATF_TC_CLEANUP(rfork_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(rfork_failure); +ATF_TC_HEAD(rfork_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "rfork(2) call"); +} + +ATF_TC_BODY(rfork_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid argument */ + ATF_REQUIRE_EQ(-1, rfork(-1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(rfork_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chdir_success); +ATF_TC_HEAD(chdir_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chdir(2) call"); +} + +ATF_TC_BODY(chdir_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, chdir("/")); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(chdir_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chdir_failure); +ATF_TC_HEAD(chdir_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chdir(2) call"); +} + +ATF_TC_BODY(chdir_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad address */ + ATF_REQUIRE_EQ(-1, chdir(NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(chdir_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchdir_success); +ATF_TC_HEAD(fchdir_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "fchdir(2) call"); +} + +ATF_TC_BODY(fchdir_success, tc) +{ + /* Build an absolute path to the test-case directory */ + char dirpath[50]; + ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL); + ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1); + + /* Audit record generated by fchdir(2) does not contain filedesc */ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, fchdir(filedesc)); + check_audit(fds, pcregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(fchdir_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(fchdir_failure); +ATF_TC_HEAD(fchdir_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "fchdir(2) call"); +} + +ATF_TC_BODY(fchdir_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Bad directory address */ + ATF_REQUIRE_EQ(-1, fchdir(-1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(fchdir_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chroot_success); +ATF_TC_HEAD(chroot_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "chroot(2) call"); +} + +ATF_TC_BODY(chroot_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + /* We don't want to change the root directory, hence '/' */ + ATF_REQUIRE_EQ(0, chroot("/")); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(chroot_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(chroot_failure); +ATF_TC_HEAD(chroot_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "chroot(2) call"); +} + +ATF_TC_BODY(chroot_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, chroot(NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(chroot_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(umask_success); +ATF_TC_HEAD(umask_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "umask(2) call"); +} + +ATF_TC_BODY(umask_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + umask(0); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(umask_success, tc) +{ + cleanup(); +} + +/* + * umask(2) system call never fails. Hence, no test case for failure mode + */ + + +ATF_TC_WITH_CLEANUP(setuid_success); +ATF_TC_HEAD(setuid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setuid(2) call"); +} + +ATF_TC_BODY(setuid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + /* Since we're privileged, we'll let ourselves be privileged! */ + ATF_REQUIRE_EQ(0, setuid(0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setuid_success, tc) +{ + cleanup(); +} + +/* + * setuid(2) fails only when the current user is not root. So no test case for + * failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(seteuid_success); +ATF_TC_HEAD(seteuid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "seteuid(2) call"); +} + +ATF_TC_BODY(seteuid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + /* This time, we'll let ourselves be 'effectively' privileged! */ + ATF_REQUIRE_EQ(0, seteuid(0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(seteuid_success, tc) +{ + cleanup(); +} + +/* + * seteuid(2) fails only when the current user is not root. So no test case for + * failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(setgid_success); +ATF_TC_HEAD(setgid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setgid(2) call"); +} + +ATF_TC_BODY(setgid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setgid(0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setgid_success, tc) +{ + cleanup(); +} + +/* + * setgid(2) fails only when the current user is not root. So no test case for + * failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(setegid_success); +ATF_TC_HEAD(setegid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setegid(2) call"); +} + +ATF_TC_BODY(setegid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setegid(0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setegid_success, tc) +{ + cleanup(); +} + +/* + * setegid(2) fails only when the current user is not root. So no test case for + * failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(setregid_success); +ATF_TC_HEAD(setregid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setregid(2) call"); +} + +ATF_TC_BODY(setregid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + /* setregid(-1, -1) does not change any real or effective GIDs */ + ATF_REQUIRE_EQ(0, setregid(-1, -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setregid_success, tc) +{ + cleanup(); +} + +/* + * setregid(2) fails only when the current user is not root. So no test case for + * failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(setreuid_success); +ATF_TC_HEAD(setreuid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setreuid(2) call"); +} + +ATF_TC_BODY(setreuid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + /* setreuid(-1, -1) does not change any real or effective UIDs */ + ATF_REQUIRE_EQ(0, setreuid(-1, -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setreuid_success, tc) +{ + cleanup(); +} + +/* + * setregid(2) fails only when the current user is not root. So no test case for + * failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(setresuid_success); +ATF_TC_HEAD(setresuid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setresuid(2) call"); +} + +ATF_TC_BODY(setresuid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + /* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */ + ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setresuid_success, tc) +{ + cleanup(); +} + +/* + * setresuid(2) fails only when the current user is not root. So no test case + * for failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(setresgid_success); +ATF_TC_HEAD(setresgid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setresgid(2) call"); +} + +ATF_TC_BODY(setresgid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid); + + FILE *pipefd = setup(fds, auclass); + /* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */ + ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setresgid_success, tc) +{ + cleanup(); +} + +/* + * setresgid(2) fails only when the current user is not root. So no test case + * for failure mode since the required_user="root" + */ + + +ATF_TC_WITH_CLEANUP(getresuid_success); +ATF_TC_HEAD(getresuid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getresuid(2) call"); +} + +ATF_TC_BODY(getresuid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(getresuid_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getresuid_failure); +ATF_TC_HEAD(getresuid_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getresuid(2) call"); +} + +ATF_TC_BODY(getresuid_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid address "-1" */ + ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(getresuid_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getresgid_success); +ATF_TC_HEAD(getresgid_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "getresgid(2) call"); +} + +ATF_TC_BODY(getresgid_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(getresgid_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(getresgid_failure); +ATF_TC_HEAD(getresgid_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "getresgid(2) call"); +} + +ATF_TC_BODY(getresgid_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid address "-1" */ + ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(getresgid_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setpriority_success); +ATF_TC_HEAD(setpriority_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setpriority(2) call"); +} + +ATF_TC_BODY(setpriority_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setpriority_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setpriority_failure); +ATF_TC_HEAD(setpriority_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setpriority(2) call"); +} + +ATF_TC_BODY(setpriority_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setpriority_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setgroups_success); +ATF_TC_HEAD(setgroups_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setgroups(2) call"); +} + +ATF_TC_BODY(setgroups_success, tc) +{ + gid_t gids[5]; + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid); + /* Retrieve the current group access list to be used with setgroups */ + ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setgroups_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setgroups_failure); +ATF_TC_HEAD(setgroups_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setgroups(2) call"); +} + +ATF_TC_BODY(setgroups_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, setgroups(-1, NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setgroups_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setpgrp_success); +ATF_TC_HEAD(setpgrp_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setpgrp(2) call"); +} + +ATF_TC_BODY(setpgrp_success, tc) +{ + /* Main procedure is carried out from within the child process */ + ATF_REQUIRE((pid = fork()) != -1); + if (pid) { + ATF_REQUIRE(wait(&status) != -1); + } else { + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setpgrp(0, 0)); + check_audit(fds, pcregex, pipefd); + } +} + +ATF_TC_CLEANUP(setpgrp_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setpgrp_failure); +ATF_TC_HEAD(setpgrp_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setpgrp(2) call"); +} + +ATF_TC_BODY(setpgrp_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, setpgrp(-1, -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setpgrp_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setrlimit_success); +ATF_TC_HEAD(setrlimit_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setrlimit(2) call"); +} + +ATF_TC_BODY(setrlimit_success, tc) +{ + struct rlimit rlp; + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid); + /* Retrieve the system resource consumption limit to be used later on */ + ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp)); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setrlimit_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setrlimit_failure); +ATF_TC_HEAD(setrlimit_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "setrlimit(2) call"); +} + +ATF_TC_BODY(setrlimit_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(setrlimit_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(mlock_success); +ATF_TC_HEAD(mlock_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "mlock(2) call"); +} + +ATF_TC_BODY(mlock_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, mlock(NULL, 0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(mlock_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(mlock_failure); +ATF_TC_HEAD(mlock_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "mlock(2) call"); +} + +ATF_TC_BODY(mlock_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(mlock_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(munlock_success); +ATF_TC_HEAD(munlock_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "munlock(2) call"); +} + +ATF_TC_BODY(munlock_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, munlock(NULL, 0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(munlock_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(munlock_failure); +ATF_TC_HEAD(munlock_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "munlock(2) call"); +} + +ATF_TC_BODY(munlock_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(munlock_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(minherit_success); +ATF_TC_HEAD(minherit_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "minherit(2) call"); +} + +ATF_TC_BODY(minherit_success, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(minherit_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(minherit_failure); +ATF_TC_HEAD(minherit_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "minherit(2) call"); +} + +ATF_TC_BODY(minherit_failure, tc) +{ + pid = getpid(); + snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0)); + check_audit(fds, pcregex, pipefd); +} + +ATF_TC_CLEANUP(minherit_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(setlogin_success); +ATF_TC_HEAD(setlogin_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "setlogin(2) call"); +} + +ATF_TC_BODY(setlogin_success, tc) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***