Commit Graph

46 Commits

Author SHA1 Message Date
olivier
9c3e2dda27 Fix and simplify code by using ATF_REQUIRE_FEATURE macro
PR:		236857
Reviewed by:	asomers, ngie
Approved by:	emaste
MFC after:	 1 month
Sponsored by:	Netflix
2019-04-01 14:21:32 +00:00
asomers
bfafcf0198 audit(4) tests: require /etc/rc.d/auditd
These tests should be skipped if /etc/rc.d/auditd is missing, which could be
the case if world was built with WITHOUT_AUDIT set.  Also, one test case
requires /etc/rc.d/accounting.

Submitted by:	ngie
MFC after:	2 weeks
Pull Request:	https://github.com/freebsd/freebsd/pull/240
2018-12-17 18:11:06 +00:00
asomers
c4906a4c8a audit(4): add tests for sysctl(3) and sysarch(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16116
2018-07-29 20:34:44 +00:00
asomers
fdd4863d45 Fix audit of chflagsat, lgetfh, and setfib
These syscalls were always supposed to have been auditted, but due to
oversights never were.

PR:		228374
Reported by:	aniketp
Reviewed by:	aniketp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D16388
2018-07-22 14:11:52 +00:00
asomers
ef456cc048 audit(4): add test cases for chflagsat(2), lgetfh(2), setfib(2)
These three syscalls aren't currently audited correctly, so the tests are
marked as expected failures.

PR:		228374
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16379
2018-07-21 16:34:38 +00:00
asomers
0c565d0fad audit(4): add more test cases for auditon(2)
auditon(2) is an ioctl-like syscall with several different variants, each of
which has a distinct audit event.  This commit tests the remaining variants
that weren't tested in r336564.

Submitted by:	aniketp
MFC after:	2 weeks
X-MFC-With:	336564
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16381
2018-07-21 16:26:00 +00:00
asomers
2b0104e050 Separate the audit(4) tests for auditon(2)'s individual commands
auditon(2) is an ioctl-like syscall with several different variants, each of
which has a distinct audit event.  Write separate audit(4) tests for each
variant.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16255
2018-07-20 18:59:48 +00:00
asomers
dcf603aede audit(4): add tests for _exit(2), cap_enter(2), and cap_getmode(2)
Also, fix a bug in common code that could cause other tests to fail: using
ppoll(2) in combination with buffered I/O for /dev/auditpipe.  Fix it by
disabling buffering.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16099
2018-07-17 15:12:55 +00:00
asomers
02ce2b098f audit(4): add tests for procctl(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16086
2018-07-01 16:05:50 +00:00
asomers
0a8d0ed4e5 audit(4): add tests for several more administrative syscalls
Includes ntp_adjtime, auditctl, acct, auditon, and clock_settime.  Includes
quotactl, mount, nmount, swapon, and swapoff in failure mode only.  Success
tests for those syscalls will follow.  Also includes reboot(2) in failure
mode only.  That one can't be tested in success mode.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15898
2018-06-29 04:52:27 +00:00
asomers
26764bc561 audit(4): add tests for setsid, wait4, wait6, and kill
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16035
2018-06-29 04:46:15 +00:00
asomers
d27905c3a3 audit(4): fix Coverity issues
Fix several incorrect buffer size arguments and a file descriptor leak.

Submitted by:	aniketp
Reported by:	Coverity
CID:		1393489 1393501 1393509 1393510 1393514 1393515 1393516
CID:		1393517 1393518 1393519
MFC after:	2 weeks
X-MFC-With:	335284
X-MFC-With:	335318
X-MFC-With:	335320
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16000
2018-06-27 15:28:09 +00:00
asomers
52507d32d2 audit(4): add tests for the process-control audit class
Tested syscalls include rfork(2), chdir(2), fchdir(2), chroot(2),
getresuid(2), getresgid(2), setpriority(2), setgroups(2), setpgrp(2),
setrlimit(2), setlogin(2), mlock(2), munlock(2), minherit(2), rtprio(2),
profil(2), ktrace(2), ptrace(2), fork(2), umask(2), setuid(2), setgid(2),
seteuid(2), and setegid(2).  The last six are only tested in the success
case, either because they're infalliable or a failure is difficult to cause
on-demand.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15966
2018-06-26 20:26:57 +00:00
asomers
f7889d6b2b audit(4): add tests for pipe, posix_openpt, shm_open, and shm_unlink
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15963
2018-06-26 19:26:07 +00:00
asomers
d6756a3ac8 audit(4): add tests for Sys V semaphore operations
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15897
2018-06-22 02:56:03 +00:00
asomers
eb28f2cf68 audit(4): add tests for sendmsg, recvmsg, shutdown, and sendfile
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15895
2018-06-19 17:41:46 +00:00
asomers
7a503b9e5a audit(4): add tests for utimes(2) and friends, mprotect, and undelete
Includes utimes(2), futimes(2), lutimes(2), futimesat(2), mprotect(2), and
undelete(2).  undelete, for now, is tested only in failure mode.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15893
2018-06-19 16:55:39 +00:00
asomers
543698f955 audit(4): add tests for ioctl(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15872
2018-06-19 01:32:33 +00:00
asomers
aff9d827f8 audit(4): Add tests for {get/set}auid, {get/set}audit, {get/set}audit_addr
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15871
2018-06-18 15:37:43 +00:00
asomers
2d3768367c audit(4): add tests for send, recv, sendto, and recvfrom
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15869
2018-06-18 15:27:31 +00:00
asomers
2ac4b4bc88 audit(4): add tests for extattr_set_file and friends
Includes extattr_{set_file, _set_fd, _set_link, _delete_file, _delete_fd,
_delete_link}

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15867
2018-06-18 15:07:10 +00:00
asomers
a55f161dfe Fix 32-bit build after 335307
This was correct in the final version on Phabricator, but somehow I screwed
up applying the patch locally.

Reported by:	linimon
Pointy-hat-to:	asomers
MFC after:	2 weeks
X-MFC-With:	335307
2018-06-18 04:12:58 +00:00
asomers
805312ea35 audit(4): add tests for Sys V shared memory syscalls
includes shmget, shmat, shmdt, and shmctl

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15860
2018-06-17 21:29:35 +00:00
asomers
764bfb4968 audit(4): add tests for connect, connectat, and accept
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15853
2018-06-17 17:43:55 +00:00
asomers
fceb879fc9 audit(4): Add tests for a few syscalls in the ad class
The ad audit class is for administrative commands.  This commit adds test
for settimeofday, adjtime, and getfh.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15861
2018-06-17 16:24:46 +00:00
asomers
b92ae4485f audit(4): add tests for extattr_get_file(2) and friends
This commit includes extattr_{get_file, get_fd, get_link, list_file,
list_fd, list_link}.  It does not include any syscalls that modify, set, or
delete extended attributes, as those are in a different audit class.

Submitted by:	aniketpt
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15859
2018-06-17 15:22:27 +00:00
asomers
9ce642a5e2 audit(4): add tests for chflags and friends
chflags, fchflags, and lchflags (but not chflagsat) are included.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15854
2018-06-17 03:10:25 +00:00
asomers
c011ed08c9 audit(4): add tests for pathconf(2) and friends
pathconf, lpathconf, and fpathconf are included

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15842
2018-06-16 18:29:24 +00:00
asomers
ae064bedd4 audit(4): add tests for POSIX message queues
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15848
2018-06-16 18:22:35 +00:00
asomers
874c879405 audit(4): add tests for chown(2) and friends
Includes chown, fchown, lchown, and fchownat

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15825
2018-06-16 15:38:59 +00:00
asomers
3f1afae2ac audit(4): add tests for bind(2), bindat(2), and listen(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15843
2018-06-16 15:25:08 +00:00
asomers
250b654c2a audit(4): Add a few tests for network-related syscalls
Add tests for socket(2), socketpair(2), and setsockopt(2)

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15803
2018-06-15 16:41:28 +00:00
asomers
f69a441196 audit(4): improve formatting in tests/sys/audit/open.c
[skip ci]

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15797
2018-06-15 15:36:10 +00:00
asomers
6bd14ddc28 audit(4): add tests for access(2), chmod(2), and friends
access(2), eaccess(2), faccessat(2), chmod(2), fchmod(2), lchmod(2), and
fchmodat(2).

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15805
Differential Revision:	https://reviews.freebsd.org/D15808
2018-06-15 15:32:02 +00:00
asomers
82a0bde6bd audit(4): add tests for fhopen, fhstat, and fhstatfs
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15798
2018-06-14 15:04:49 +00:00
asomers
ce4e493df6 audit(4): fix typo from r335136
Typo in Makefile accidentally disabled some older tests

MFC after:	2 weeks
X-MFC-With:	335136
2018-06-14 14:53:01 +00:00
asomers
8f6414df26 audit(4): add tests for flock, fcntl, and fsync
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15795
2018-06-14 13:42:58 +00:00
asomers
4ad236897f audit(4): add tests for statfs(2), fstatfs(2), and getfsstat(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15750
2018-06-14 02:30:43 +00:00
asomers
a18fc3520b audit(4): Fix file descriptor leaks in ATF tests
Submitted by:	aniketp
Reported by:	Coverity
CID:		1393343 1393346 1392695 1392781 1391709 1392078 1392413
CID:		1392014 1392521 1393344 1393345 1393347 1393348 1393349
CID:		1393354 1393355 1393356 1393357 1393358 1393360 1393362
CID:		1393368 1393369 1393370 1393371 1393372 1393373 1393376
CID:		1393380 1393384 1393387 1393388 1393389
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15782
2018-06-13 17:01:57 +00:00
asomers
68bb56ea94 audit(4): add tests for stat(2) and friends
This revision adds auditability tests for stat, lstat, fstat, and fstatat,
all from the fa audit class.  More tests from that audit class will follow.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15709
2018-06-10 21:36:29 +00:00
asomers
8e40219f08 audit(4): add tests for open(2) and openat(2)
These syscalls are atypical, because each one corresponds to several
different audit events, and they each pass several different audit class
filters.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15657
2018-06-05 20:13:24 +00:00
asomers
ea3776a952 audit(4): add tests for the cl audit class
The only syscalls in this class are close, closefrom, munmap, and revoke.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15650
2018-06-03 23:36:29 +00:00
asomers
f7cc577f1a audit(4): add tests for the fd audit class
The only syscalls in this class are rmdir, unlink, unlinkat, rename, and
renameat.  Also, set is_exclusive for all audit(4) tests, because they can
start and stop auditd.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15647
2018-06-01 21:24:10 +00:00
asomers
056a819389 audit(4): Add tests for the fw class of syscalls.
truncate and ftruncate are the only syscalls in this class, apart from
certain variations of open and openat, which will be handled in a different
file.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15640
2018-06-01 16:23:47 +00:00
asomers
cd2f1cc833 audit(4): Add tests for the fr class of syscalls
readlink and readlinkat are the only syscalls in this class.  open and
openat are as well, but they'll be handled in a different file.  Also, tidy
up the copyright headers of recently added files in this area.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15636
2018-06-01 01:37:07 +00:00
asomers
c6edf8b386 Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12.  The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00