Date: Tue, 2 Oct 2018 17:27:10 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r339090 - stable/11/tests/sys/audit Message-ID: <201810021727.w92HRAMf072113@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers Date: Tue Oct 2 17:27:10 2018 New Revision: 339090 URL: https://svnweb.freebsd.org/changeset/base/339090 Log: MFC r335319, r335354, r335374 r335319: audit(4): add tests for send, recv, sendto, and recvfrom Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15869 r335354: audit(4): add tests for ioctl(2) Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15872 r335374: audit(4): add tests for utimes(2) and friends, mprotect, and undelete Includes utimes(2), futimes(2), lutimes(2), futimesat(2), mprotect(2), and undelete(2). undelete, for now, is tested only in failure mode. Submitted by: aniketp Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15893 Added: stable/11/tests/sys/audit/ioctl.c - copied unchanged from r335354, head/tests/sys/audit/ioctl.c Modified: stable/11/tests/sys/audit/Makefile stable/11/tests/sys/audit/file-attribute-modify.c stable/11/tests/sys/audit/network.c Directory Properties: stable/11/ (props changed) Modified: stable/11/tests/sys/audit/Makefile ============================================================================== --- stable/11/tests/sys/audit/Makefile Tue Oct 2 17:07:10 2018 (r339089) +++ stable/11/tests/sys/audit/Makefile Tue Oct 2 17:27:10 2018 (r339090) @@ -10,6 +10,7 @@ ATF_TESTS_C+= file-close ATF_TESTS_C+= file-write ATF_TESTS_C+= file-read ATF_TESTS_C+= open +ATF_TESTS_C+= ioctl ATF_TESTS_C+= network ATF_TESTS_C+= administrative @@ -29,6 +30,8 @@ SRCS.file-read+= file-read.c SRCS.file-read+= utils.c SRCS.open+= open.c SRCS.open+= utils.c +SRCS.ioctl+= ioctl.c +SRCS.ioctl+= utils.c SRCS.network+= network.c SRCS.network+= utils.c SRCS.administrative+= administrative.c Modified: stable/11/tests/sys/audit/file-attribute-modify.c ============================================================================== --- stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:07:10 2018 (r339089) +++ stable/11/tests/sys/audit/file-attribute-modify.c Tue Oct 2 17:27:10 2018 (r339090) @@ -28,10 +28,13 @@ #include <sys/types.h> #include <sys/extattr.h> #include <sys/file.h> +#include <sys/mman.h> #include <sys/stat.h> +#include <sys/time.h> #include <atf-c.h> #include <fcntl.h> +#include <stdint.h> #include <unistd.h> #include "utils.h" @@ -689,6 +692,257 @@ ATF_TC_CLEANUP(lchflags_failure, tc) } +ATF_TC_WITH_CLEANUP(utimes_success); +ATF_TC_HEAD(utimes_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "utimes(2) call"); +} + +ATF_TC_BODY(utimes_success, tc) +{ + /* File needs to exist to call utimes(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, utimes(path, NULL)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(utimes_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(utimes_failure); +ATF_TC_HEAD(utimes_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "utimes(2) call"); +} + +ATF_TC_BODY(utimes_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, utimes(errpath, NULL)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(utimes_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimes_success); +ATF_TC_HEAD(futimes_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "futimes(2) call"); +} + +ATF_TC_BODY(futimes_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "futimes.*%d.*ret.*success", pid); + + /* File needs to exist to call futimes(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, futimes(filedesc, NULL)); + check_audit(fds, extregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(futimes_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimes_failure); +ATF_TC_HEAD(futimes_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "futimes(2) call"); +} + +ATF_TC_BODY(futimes_failure, tc) +{ + const char *regex = "futimes.*return,failure : Bad file descriptor"; + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, futimes(-1, NULL)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(futimes_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lutimes_success); +ATF_TC_HEAD(lutimes_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "lutimes(2) call"); +} + +ATF_TC_BODY(lutimes_success, tc) +{ + /* Symbolic link needs to exist to call lutimes(2) */ + ATF_REQUIRE_EQ(0, symlink("symlink", path)); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, lutimes(path, NULL)); + check_audit(fds, successreg, pipefd); +} + +ATF_TC_CLEANUP(lutimes_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(lutimes_failure); +ATF_TC_HEAD(lutimes_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "lutimes(2) call"); +} + +ATF_TC_BODY(lutimes_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: symbolic link does not exist */ + ATF_REQUIRE_EQ(-1, lutimes(errpath, NULL)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(lutimes_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimesat_success); +ATF_TC_HEAD(futimesat_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "futimesat(2) call"); +} + +ATF_TC_BODY(futimesat_success, tc) +{ + /* File needs to exist to call futimesat(2) */ + ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, futimesat(AT_FDCWD, path, NULL)); + check_audit(fds, successreg, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(futimesat_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(futimesat_failure); +ATF_TC_HEAD(futimesat_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "futimesat(2) call"); +} + +ATF_TC_BODY(futimesat_failure, tc) +{ + FILE *pipefd = setup(fds, auclass); + /* Failure reason: file does not exist */ + ATF_REQUIRE_EQ(-1, futimesat(AT_FDCWD, errpath, NULL)); + check_audit(fds, failurereg, pipefd); +} + +ATF_TC_CLEANUP(futimesat_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(mprotect_success); +ATF_TC_HEAD(mprotect_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "mprotect(2) call"); +} + +ATF_TC_BODY(mprotect_success, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "mprotect.*%d.*ret.*success", pid); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(0, mprotect(NULL, 0, PROT_NONE)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(mprotect_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(mprotect_failure); +ATF_TC_HEAD(mprotect_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "mprotect(2) call"); +} + +ATF_TC_BODY(mprotect_failure, tc) +{ + const char *regex = "mprotect.*return,failure : Invalid argument"; + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE_EQ(-1, mprotect((void *)SIZE_MAX, -1, PROT_NONE)); + check_audit(fds, regex, pipefd); +} + +ATF_TC_CLEANUP(mprotect_failure, tc) +{ + cleanup(); +} + +/* + * undelete(2) only works on whiteout files in union file system. Hence, no + * test case for successful invocation. + */ + +ATF_TC_WITH_CLEANUP(undelete_failure); +ATF_TC_HEAD(undelete_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "undelete(2) call"); +} + +ATF_TC_BODY(undelete_failure, tc) +{ + pid = getpid(); + snprintf(extregex, sizeof(extregex), "undelete.*%d.*ret.*failure", pid); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: File does not exist */ + ATF_REQUIRE_EQ(-1, undelete(errpath)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(undelete_failure, tc) +{ + cleanup(); +} + + ATF_TC_WITH_CLEANUP(extattr_set_file_success); ATF_TC_HEAD(extattr_set_file_success, tc) { @@ -1049,6 +1303,19 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, fchflags_failure); ATF_TP_ADD_TC(tp, lchflags_success); ATF_TP_ADD_TC(tp, lchflags_failure); + + ATF_TP_ADD_TC(tp, utimes_success); + ATF_TP_ADD_TC(tp, utimes_failure); + ATF_TP_ADD_TC(tp, futimes_success); + ATF_TP_ADD_TC(tp, futimes_failure); + ATF_TP_ADD_TC(tp, lutimes_success); + ATF_TP_ADD_TC(tp, lutimes_failure); + ATF_TP_ADD_TC(tp, futimesat_success); + ATF_TP_ADD_TC(tp, futimesat_failure); + + ATF_TP_ADD_TC(tp, mprotect_success); + ATF_TP_ADD_TC(tp, mprotect_failure); + ATF_TP_ADD_TC(tp, undelete_failure); ATF_TP_ADD_TC(tp, extattr_set_file_success); ATF_TP_ADD_TC(tp, extattr_set_file_failure); Copied: stable/11/tests/sys/audit/ioctl.c (from r335354, head/tests/sys/audit/ioctl.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/tests/sys/audit/ioctl.c Tue Oct 2 17:27:10 2018 (r339090, copy of r335354, head/tests/sys/audit/ioctl.c) @@ -0,0 +1,103 @@ +/*- + * Copyright (c) 2018 Aniket Pandey + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/ioctl.h> + +#include <bsm/libbsm.h> +#include <security/audit/audit_ioctl.h> + +#include <atf-c.h> +#include <fcntl.h> +#include <unistd.h> + +#include "utils.h" + +static int filedesc; +static char ioregex[80]; +static const char *auclass = "io"; +static struct pollfd fds[1]; +static unsigned long request = AUDITPIPE_FLUSH; + + +ATF_TC_WITH_CLEANUP(ioctl_success); +ATF_TC_HEAD(ioctl_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "ioctl(2) call"); +} + +ATF_TC_BODY(ioctl_success, tc) +{ + /* auditpipe(4) supports quite a few ioctls */ + ATF_REQUIRE((filedesc = open("/dev/auditpipe", O_RDONLY)) != -1); + /* Prepare the regex to be checked in the audit record */ + snprintf(ioregex, sizeof(ioregex), + "ioctl.*%#lx.*%#x.*return,success", request, filedesc); + + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE(ioctl(filedesc, request) != -1); + check_audit(fds, ioregex, pipefd); + close(filedesc); +} + +ATF_TC_CLEANUP(ioctl_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(ioctl_failure); +ATF_TC_HEAD(ioctl_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "ioctl(2) call"); +} + +ATF_TC_BODY(ioctl_failure, tc) +{ + snprintf(ioregex, sizeof(ioregex), + "ioctl.*%#lx.*return,failure : Bad file descriptor", request); + + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid file descriptor */ + ATF_REQUIRE_EQ(-1, ioctl(-1, request)); + check_audit(fds, ioregex, pipefd); +} + +ATF_TC_CLEANUP(ioctl_failure, tc) +{ + cleanup(); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, ioctl_success); + ATF_TP_ADD_TC(tp, ioctl_failure); + + return (atf_no_error()); +} Modified: stable/11/tests/sys/audit/network.c ============================================================================== --- stable/11/tests/sys/audit/network.c Tue Oct 2 17:07:10 2018 (r339089) +++ stable/11/tests/sys/audit/network.c Tue Oct 2 17:27:10 2018 (r339090) @@ -32,16 +32,20 @@ #include <atf-c.h> #include <fcntl.h> #include <stdarg.h> -#include <unistd.h> #include "utils.h" +#define MAX_DATA 1024 #define SERVER_PATH "server" -static int sockfd, sockfd2; -static socklen_t len; +static int sockfd, sockfd2, connectfd; +static ssize_t data_bytes; static struct pollfd fds[1]; +static struct sockaddr_un server; static char extregex[80]; +static char data[MAX_DATA]; +static socklen_t len = sizeof(struct sockaddr_un); +static char msgbuff[MAX_DATA] = "This message does not exist"; static const char *auclass = "nt"; static const char *nosupregex = "return,failure : Address family " "not supported by protocol family"; @@ -66,11 +70,11 @@ close_sockets(int count, ...) * Assign local filesystem address to a Unix domain socket */ static void -assign_address(struct sockaddr_un *server) +assign_address(struct sockaddr_un *serveraddr) { - memset(server, 0, sizeof(*server)); - server->sun_family = AF_UNIX; - strcpy(server->sun_path, SERVER_PATH); + memset(serveraddr, 0, sizeof(*serveraddr)); + serveraddr->sun_family = AF_UNIX; + strcpy(serveraddr->sun_path, SERVER_PATH); } @@ -203,12 +207,10 @@ ATF_TC_HEAD(setsockopt_failure, tc) ATF_TC_BODY(setsockopt_failure, tc) { - int tr = 1; snprintf(extregex, sizeof(extregex), "setsockopt.*%s", invalregex); FILE *pipefd = setup(fds, auclass); /* Failure reason: Invalid socket descriptor */ - ATF_REQUIRE_EQ(-1, setsockopt(-1, SOL_SOCKET, - SO_REUSEADDR, &tr, sizeof(int))); + ATF_REQUIRE_EQ(-1, setsockopt(-1, SOL_SOCKET, 0, NULL, 0)); check_audit(fds, extregex, pipefd); } @@ -227,10 +229,7 @@ ATF_TC_HEAD(bind_success, tc) ATF_TC_BODY(bind_success, tc) { - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); - /* Preliminary socket setup */ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of AF_UNIX address path in audit record */ @@ -258,10 +257,7 @@ ATF_TC_HEAD(bind_failure, tc) ATF_TC_BODY(bind_failure, tc) { - /* Preliminary socket setup */ - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); /* Check the presence of AF_UNIX path in audit record */ snprintf(extregex, sizeof(extregex), "bind.*%s.*return,failure", SERVER_PATH); @@ -287,10 +283,7 @@ ATF_TC_HEAD(bindat_success, tc) ATF_TC_BODY(bindat_success, tc) { - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); - /* Preliminary socket setup */ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); /* Check the presence of socket descriptor in audit record */ @@ -319,10 +312,7 @@ ATF_TC_HEAD(bindat_failure, tc) ATF_TC_BODY(bindat_failure, tc) { - /* Preliminary socket setup */ - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); snprintf(extregex, sizeof(extregex), "bindat.*%s", invalregex); FILE *pipefd = setup(fds, auclass); @@ -347,10 +337,7 @@ ATF_TC_HEAD(listen_success, tc) ATF_TC_BODY(listen_success, tc) { - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); - /* Preliminary socket setup */ ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); @@ -401,14 +388,9 @@ ATF_TC_HEAD(connect_success, tc) ATF_TC_BODY(connect_success, tc) { - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); - - /* Setup a non-blocking server socket */ - ATF_REQUIRE((sockfd = socket(PF_UNIX, - SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1); - /* Bind to the specified address and wait for connection */ + /* Setup a server socket and bind to the specified address */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); ATF_REQUIRE_EQ(0, listen(sockfd, 1)); @@ -442,11 +424,7 @@ ATF_TC_HEAD(connect_failure, tc) ATF_TC_BODY(connect_failure, tc) { - /* Preliminary socket setup */ - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); - /* Audit record must contain AF_UNIX address path */ snprintf(extregex, sizeof(extregex), "connect.*%s.*return,failure", SERVER_PATH); @@ -472,14 +450,9 @@ ATF_TC_HEAD(connectat_success, tc) ATF_TC_BODY(connectat_success, tc) { - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); - - /* Setup a non-blocking server socket */ - ATF_REQUIRE((sockfd = socket(PF_UNIX, - SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1); - /* Bind to the specified address and wait for connection */ + /* Setup a server socket and bind to the specified address */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); ATF_REQUIRE_EQ(0, listen(sockfd, 1)); @@ -514,10 +487,7 @@ ATF_TC_HEAD(connectat_failure, tc) ATF_TC_BODY(connectat_failure, tc) { - /* Preliminary socket setup */ - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); snprintf(extregex, sizeof(extregex), "connectat.*%s", invalregex); FILE *pipefd = setup(fds, auclass); @@ -542,15 +512,9 @@ ATF_TC_HEAD(accept_success, tc) ATF_TC_BODY(accept_success, tc) { - int clientfd; - struct sockaddr_un server; assign_address(&server); - len = sizeof(struct sockaddr_un); - - /* Setup a non-blocking server socket */ - ATF_REQUIRE((sockfd = socket(PF_UNIX, - SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1); - /* Bind to the specified address and wait for connection */ + /* Setup a server socket and bind to the specified address */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); ATF_REQUIRE_EQ(0, listen(sockfd, 1)); @@ -559,15 +523,15 @@ ATF_TC_BODY(accept_success, tc) ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); FILE *pipefd = setup(fds, auclass); - ATF_REQUIRE((clientfd = accept(sockfd, NULL, &len)) != -1); + ATF_REQUIRE((connectfd = accept(sockfd, NULL, &len)) != -1); - /* Audit record must contain clientfd & sockfd */ + /* Audit record must contain connectfd & sockfd */ snprintf(extregex, sizeof(extregex), - "accept.*0x%x.*return,success,%d", sockfd, clientfd); + "accept.*0x%x.*return,success,%d", sockfd, connectfd); check_audit(fds, extregex, pipefd); /* Close all socket descriptors */ - close_sockets(3, sockfd, sockfd2, clientfd); + close_sockets(3, sockfd, sockfd2, connectfd); } ATF_TC_CLEANUP(accept_success, tc) @@ -585,14 +549,10 @@ ATF_TC_HEAD(accept_failure, tc) ATF_TC_BODY(accept_failure, tc) { - /* Preliminary socket setup */ - struct sockaddr_un client; - len = sizeof(struct sockaddr_un); snprintf(extregex, sizeof(extregex), "accept.*%s", invalregex); - FILE *pipefd = setup(fds, auclass); /* Failure reason: Invalid socket descriptor */ - ATF_REQUIRE_EQ(-1, accept(-1, (struct sockaddr *)&client, &len)); + ATF_REQUIRE_EQ(-1, accept(-1, NULL, NULL)); check_audit(fds, extregex, pipefd); } @@ -602,6 +562,252 @@ ATF_TC_CLEANUP(accept_failure, tc) } +ATF_TC_WITH_CLEANUP(send_success); +ATF_TC_HEAD(send_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "send(2) call"); +} + +ATF_TC_BODY(send_success, tc) +{ + assign_address(&server); + /* Setup a server socket and bind to the specified address */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client and connect with non-blocking server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + ATF_REQUIRE((connectfd = accept(sockfd, NULL, &len)) != -1); + + /* Send a sample message to the connected socket */ + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((data_bytes = + send(sockfd2, msgbuff, strlen(msgbuff), 0)) != -1); + + /* Audit record must contain sockfd2 and data_bytes */ + snprintf(extregex, sizeof(extregex), + "send.*0x%x.*return,success,%zd", sockfd2, data_bytes); + check_audit(fds, extregex, pipefd); + + /* Close all socket descriptors */ + close_sockets(3, sockfd, sockfd2, connectfd); +} + +ATF_TC_CLEANUP(send_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(send_failure); +ATF_TC_HEAD(send_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "send(2) call"); +} + +ATF_TC_BODY(send_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "send.*%s", invalregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, send(-1, NULL, 0, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(send_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recv_success); +ATF_TC_HEAD(recv_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "recv(2) call"); +} + +ATF_TC_BODY(recv_success, tc) +{ + assign_address(&server); + /* Setup a server socket and bind to the specified address */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + ATF_REQUIRE_EQ(0, listen(sockfd, 1)); + + /* Set up "blocking" client and connect with non-blocking server */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1); + ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len)); + ATF_REQUIRE((connectfd = accept(sockfd, NULL, &len)) != -1); + /* Send a sample message to the connected socket */ + ATF_REQUIRE(send(sockfd2, msgbuff, strlen(msgbuff), 0) != -1); + + /* Receive data once connectfd is ready for reading */ + FILE *pipefd = setup(fds, auclass); + //ATF_REQUIRE(check_readfs(connectfd) != 0); + ATF_REQUIRE((data_bytes = recv(connectfd, data, MAX_DATA, 0)) != 0); + + /* Audit record must contain connectfd and data_bytes */ + snprintf(extregex, sizeof(extregex), + "recv.*0x%x.*return,success,%zd", connectfd, data_bytes); + check_audit(fds, extregex, pipefd); + + /* Close all socket descriptors */ + close_sockets(3, sockfd, sockfd2, connectfd); +} + +ATF_TC_CLEANUP(recv_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recv_failure); +ATF_TC_HEAD(recv_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "recv(2) call"); +} + +ATF_TC_BODY(recv_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "recv.*%s", invalregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, recv(-1, NULL, 0, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(recv_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(sendto_success); +ATF_TC_HEAD(sendto_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "sendto(2) call"); +} + +ATF_TC_BODY(sendto_success, tc) +{ + assign_address(&server); + /* Setup a server socket and bind to the specified address */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + + /* Set up client socket to be used for sending the data */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + + /* Send a sample message to server's address */ + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((data_bytes = sendto(sockfd2, msgbuff, + strlen(msgbuff), 0, (struct sockaddr *)&server, len)) != -1); + + /* Audit record must contain sockfd2 and data_bytes */ + snprintf(extregex, sizeof(extregex), + "sendto.*0x%x.*return,success,%zd", sockfd2, data_bytes); + check_audit(fds, extregex, pipefd); + + /* Close all socket descriptors */ + close_sockets(2, sockfd, sockfd2); +} + +ATF_TC_CLEANUP(sendto_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(sendto_failure); +ATF_TC_HEAD(sendto_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "sendto(2) call"); +} + +ATF_TC_BODY(sendto_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "sendto.*%s", invalregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, sendto(-1, NULL, 0, 0, NULL, 0)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(sendto_failure, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recvfrom_success); +ATF_TC_HEAD(recvfrom_success, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " + "recvfrom(2) call"); +} + +ATF_TC_BODY(recvfrom_success, tc) +{ + assign_address(&server); + /* Setup a server socket and bind to the specified address */ + ATF_REQUIRE((sockfd = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len)); + + /* Set up client socket to be used for sending the data */ + ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_DGRAM, 0)) != -1); + ATF_REQUIRE(sendto(sockfd2, msgbuff, strlen(msgbuff), 0, + (struct sockaddr *)&server, len) != -1); + + /* Receive data once sockfd is ready for reading */ + FILE *pipefd = setup(fds, auclass); + ATF_REQUIRE((data_bytes = recvfrom(sockfd, data, + MAX_DATA, 0, NULL, &len)) != 0); + + /* Audit record must contain sockfd and data_bytes */ + snprintf(extregex, sizeof(extregex), + "recvfrom.*0x%x.*return,success,%zd", sockfd, data_bytes); + check_audit(fds, extregex, pipefd); + + /* Close all socket descriptors */ + close_sockets(2, sockfd, sockfd2); +} + +ATF_TC_CLEANUP(recvfrom_success, tc) +{ + cleanup(); +} + + +ATF_TC_WITH_CLEANUP(recvfrom_failure); +ATF_TC_HEAD(recvfrom_failure, tc) +{ + atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " + "recvfrom(2) call"); +} + +ATF_TC_BODY(recvfrom_failure, tc) +{ + snprintf(extregex, sizeof(extregex), "recvfrom.*%s", invalregex); + FILE *pipefd = setup(fds, auclass); + /* Failure reason: Invalid socket descriptor */ + ATF_REQUIRE_EQ(-1, recvfrom(-1, NULL, 0, 0, NULL, NULL)); + check_audit(fds, extregex, pipefd); +} + +ATF_TC_CLEANUP(recvfrom_failure, tc) +{ + cleanup(); +} + + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, socket_success); @@ -624,6 +830,16 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, connectat_failure); ATF_TP_ADD_TC(tp, accept_success); ATF_TP_ADD_TC(tp, accept_failure); + + ATF_TP_ADD_TC(tp, send_success); + ATF_TP_ADD_TC(tp, send_failure); + ATF_TP_ADD_TC(tp, recv_success); + ATF_TP_ADD_TC(tp, recv_failure); + + ATF_TP_ADD_TC(tp, sendto_success); + ATF_TP_ADD_TC(tp, sendto_failure); + ATF_TP_ADD_TC(tp, recvfrom_success); + ATF_TP_ADD_TC(tp, recvfrom_failure); return (atf_no_error()); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810021727.w92HRAMf072113>