aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--tests/sys/audit/network.c227
1 files changed, 222 insertions, 5 deletions
diff --git a/tests/sys/audit/network.c b/tests/sys/audit/network.c
index a6ae29f576a0..0333628f3961 100644
--- a/tests/sys/audit/network.c
+++ b/tests/sys/audit/network.c
@@ -38,14 +38,14 @@
#define SERVER_PATH "server"
-static int sockfd;
+static int sockfd, sockfd2;
static socklen_t len;
static struct pollfd fds[1];
static char extregex[80];
static const char *auclass = "nt";
static const char *nosupregex = "return,failure : Address family "
"not supported by protocol family";
-static const char *invalregex = "return,failur.*Socket operation on non-socket";
+static const char *invalregex = "return,failure : Bad file descriptor";
/*
* Variadic function to close socket descriptors
@@ -207,7 +207,7 @@ ATF_TC_BODY(setsockopt_failure, tc)
snprintf(extregex, sizeof(extregex), "setsockopt.*%s", invalregex);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid socket descriptor */
- ATF_REQUIRE_EQ(-1, setsockopt(0, SOL_SOCKET,
+ ATF_REQUIRE_EQ(-1, setsockopt(-1, SOL_SOCKET,
SO_REUSEADDR, &tr, sizeof(int)));
check_audit(fds, extregex, pipefd);
}
@@ -327,7 +327,7 @@ ATF_TC_BODY(bindat_failure, tc)
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid socket descriptor */
- ATF_REQUIRE_EQ(-1, bindat(AT_FDCWD, 0,
+ ATF_REQUIRE_EQ(-1, bindat(AT_FDCWD, -1,
(struct sockaddr *)&server, len));
check_audit(fds, extregex, pipefd);
}
@@ -382,7 +382,7 @@ ATF_TC_BODY(listen_failure, tc)
snprintf(extregex, sizeof(extregex), "listen.*%s", invalregex);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid socket descriptor */
- ATF_REQUIRE_EQ(-1, listen(0, 1));
+ ATF_REQUIRE_EQ(-1, listen(-1, 1));
check_audit(fds, extregex, pipefd);
}
@@ -392,6 +392,216 @@ ATF_TC_CLEANUP(listen_failure, tc)
}
+ATF_TC_WITH_CLEANUP(connect_success);
+ATF_TC_HEAD(connect_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "connect(2) call");
+}
+
+ATF_TC_BODY(connect_success, tc)
+{
+ struct sockaddr_un server;
+ assign_address(&server);
+ len = sizeof(struct sockaddr_un);
+
+ /* Setup a non-blocking server socket */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX,
+ SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1);
+ /* Bind to the specified address and wait for connection */
+ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
+ ATF_REQUIRE_EQ(0, listen(sockfd, 1));
+
+ /* Set up "blocking" client socket */
+ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
+
+ /* Audit record must contain AF_UNIX address path & sockfd2 */
+ snprintf(extregex, sizeof(extregex),
+ "connect.*0x%x.*%s.*success", sockfd2, SERVER_PATH);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len));
+ check_audit(fds, extregex, pipefd);
+
+ /* Close all socket descriptors */
+ close_sockets(2, sockfd, sockfd2);
+}
+
+ATF_TC_CLEANUP(connect_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(connect_failure);
+ATF_TC_HEAD(connect_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "connect(2) call");
+}
+
+ATF_TC_BODY(connect_failure, tc)
+{
+ /* Preliminary socket setup */
+ struct sockaddr_un server;
+ assign_address(&server);
+ len = sizeof(struct sockaddr_un);
+
+ /* Audit record must contain AF_UNIX address path */
+ snprintf(extregex, sizeof(extregex),
+ "connect.*%s.*return,failure", SERVER_PATH);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid socket descriptor */
+ ATF_REQUIRE_EQ(-1, connect(-1, (struct sockaddr *)&server, len));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(connect_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(connectat_success);
+ATF_TC_HEAD(connectat_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "connectat(2) call");
+}
+
+ATF_TC_BODY(connectat_success, tc)
+{
+ struct sockaddr_un server;
+ assign_address(&server);
+ len = sizeof(struct sockaddr_un);
+
+ /* Setup a non-blocking server socket */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX,
+ SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1);
+ /* Bind to the specified address and wait for connection */
+ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
+ ATF_REQUIRE_EQ(0, listen(sockfd, 1));
+
+ /* Set up "blocking" client socket */
+ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
+
+ /* Audit record must contain sockfd2 */
+ snprintf(extregex, sizeof(extregex),
+ "connectat.*0x%x.*return,success", sockfd2);
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE_EQ(0, connectat(AT_FDCWD, sockfd2,
+ (struct sockaddr *)&server, len));
+ check_audit(fds, extregex, pipefd);
+
+ /* Close all socket descriptors */
+ close_sockets(2, sockfd, sockfd2);
+}
+
+ATF_TC_CLEANUP(connectat_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(connectat_failure);
+ATF_TC_HEAD(connectat_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "connectat(2) call");
+}
+
+ATF_TC_BODY(connectat_failure, tc)
+{
+ /* Preliminary socket setup */
+ struct sockaddr_un server;
+ assign_address(&server);
+ len = sizeof(struct sockaddr_un);
+ snprintf(extregex, sizeof(extregex), "connectat.*%s", invalregex);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid socket descriptor */
+ ATF_REQUIRE_EQ(-1, connectat(AT_FDCWD, -1,
+ (struct sockaddr *)&server, len));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(connectat_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(accept_success);
+ATF_TC_HEAD(accept_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "accept(2) call");
+}
+
+ATF_TC_BODY(accept_success, tc)
+{
+ int clientfd;
+ struct sockaddr_un server;
+ assign_address(&server);
+ len = sizeof(struct sockaddr_un);
+
+ /* Setup a non-blocking server socket */
+ ATF_REQUIRE((sockfd = socket(PF_UNIX,
+ SOCK_STREAM | SOCK_NONBLOCK, 0)) != -1);
+ /* Bind to the specified address and wait for connection */
+ ATF_REQUIRE_EQ(0, bind(sockfd, (struct sockaddr *)&server, len));
+ ATF_REQUIRE_EQ(0, listen(sockfd, 1));
+
+ /* Set up "blocking" client socket */
+ ATF_REQUIRE((sockfd2 = socket(PF_UNIX, SOCK_STREAM, 0)) != -1);
+ ATF_REQUIRE_EQ(0, connect(sockfd2, (struct sockaddr *)&server, len));
+
+ FILE *pipefd = setup(fds, auclass);
+ ATF_REQUIRE((clientfd = accept(sockfd, NULL, &len)) != -1);
+
+ /* Audit record must contain clientfd & sockfd */
+ snprintf(extregex, sizeof(extregex),
+ "accept.*0x%x.*return,success,%d", sockfd, clientfd);
+ check_audit(fds, extregex, pipefd);
+
+ /* Close all socket descriptors */
+ close_sockets(3, sockfd, sockfd2, clientfd);
+}
+
+ATF_TC_CLEANUP(accept_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(accept_failure);
+ATF_TC_HEAD(accept_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "accept(2) call");
+}
+
+ATF_TC_BODY(accept_failure, tc)
+{
+ /* Preliminary socket setup */
+ struct sockaddr_un client;
+ len = sizeof(struct sockaddr_un);
+ snprintf(extregex, sizeof(extregex), "accept.*%s", invalregex);
+
+ FILE *pipefd = setup(fds, auclass);
+ /* Failure reason: Invalid socket descriptor */
+ ATF_REQUIRE_EQ(-1, accept(-1, (struct sockaddr *)&client, &len));
+ check_audit(fds, extregex, pipefd);
+}
+
+ATF_TC_CLEANUP(accept_failure, tc)
+{
+ cleanup();
+}
+
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, socket_success);
@@ -408,5 +618,12 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, listen_success);
ATF_TP_ADD_TC(tp, listen_failure);
+ ATF_TP_ADD_TC(tp, connect_success);
+ ATF_TP_ADD_TC(tp, connect_failure);
+ ATF_TP_ADD_TC(tp, connectat_success);
+ ATF_TP_ADD_TC(tp, connectat_failure);
+ ATF_TP_ADD_TC(tp, accept_success);
+ ATF_TP_ADD_TC(tp, accept_failure);
+
return (atf_no_error());
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-08 19:22:43 +0000