1 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
2
3 #include <bsm/audit.h>
4 #include <bsm/audit_session.h>
5 #include <err.h>
6 #include <sysexits.h>
7 #include <unistd.h>
8 #include <signal.h>
9 #include <errno.h>
10 #include <string.h>
11
12 #include <darwintest.h>
13 #include <darwintest_utils.h>
14 #include <darwintest_multiprocess.h>
15
16 #ifndef INVALID_AUDIT_TOKEN_VALUE
17 #define INVALID_AUDIT_TOKEN_VALUE {{ \
18 UINT_MAX, UINT_MAX, UINT_MAX, UINT_MAX, \
19 UINT_MAX, UINT_MAX, UINT_MAX, UINT_MAX }}
20 #endif
21
22 #ifndef PID_MAX
23 #define PID_MAX 99999
24 #endif
25
26 #define VALID_AU_SESSION_FLAGS ( \
27 AU_SESSION_FLAG_IS_INITIAL | \
28 AU_SESSION_FLAG_HAS_GRAPHIC_ACCESS | \
29 AU_SESSION_FLAG_HAS_TTY | \
30 AU_SESSION_FLAG_IS_REMOTE | \
31 AU_SESSION_FLAG_HAS_CONSOLE_ACCESS | \
32 AU_SESSION_FLAG_HAS_AUTHENTICATED)
33
34 T_GLOBAL_META(
35 T_META_RUN_CONCURRENTLY(true),
36 T_META_NAMESPACE("xnu.audit.session"));
37
38 static void
get_asid_auid(au_asid_t * asidp,au_id_t * auidp)39 get_asid_auid(au_asid_t *asidp, au_id_t *auidp)
40 {
41 audit_token_t token = INVALID_AUDIT_TOKEN_VALUE;
42 mach_msg_type_number_t count = TASK_AUDIT_TOKEN_COUNT;
43 T_ASSERT_MACH_SUCCESS(task_info(mach_task_self(), TASK_AUDIT_TOKEN, (task_info_t)&token, &count), "obtain audit token for self");
44 T_LOG("Task audit token for pid %d has asid %d auid %d", (int)getpid(), (int)token.val[6], (int)token.val[0]);
45 if (asidp) {
46 *asidp = (au_asid_t)token.val[6];
47 }
48 if (auidp) {
49 *auidp = (au_id_t)token.val[0];
50 }
51 }
52
53 static void
tlog_aia(struct auditinfo_addr * aiap,const char * label)54 tlog_aia(struct auditinfo_addr *aiap, const char *label)
55 {
56 T_LOG("%s:", label);
57
58 // Match formatting used by `id -A`
59 T_LOG("auid=%d", aiap->ai_auid);
60 T_LOG("mask.success=0x%08x", aiap->ai_mask.am_success);
61 T_LOG("mask.failure=0x%08x", aiap->ai_mask.am_failure);
62 T_LOG("asid=%d", aiap->ai_asid);
63 T_LOG("termid_addr.port=0x%08jx", (uintmax_t)aiap->ai_termid.at_port);
64 T_LOG("termid_addr.addr[0]=0x%08x", aiap->ai_termid.at_addr[0]);
65 T_LOG("termid_addr.addr[1]=0x%08x", aiap->ai_termid.at_addr[1]);
66 T_LOG("termid_addr.addr[2]=0x%08x", aiap->ai_termid.at_addr[2]);
67 T_LOG("termid_addr.addr[3]=0x%08x", aiap->ai_termid.at_addr[3]);
68 T_LOG("flags=0x%llx", aiap->ai_flags);
69 }
70
71 T_DECL(getaudit_addr, "getaudit_addr smoke test")
72 {
73 au_asid_t asid;
74 au_id_t auid;
75 get_asid_auid(&asid, &auid);
76
77 struct auditinfo_addr aia;
78 int rv_from_getaudit_addr = getaudit_addr(&aia, sizeof(aia));
79 if (rv_from_getaudit_addr == -1 && errno == ENOSYS) {
80 T_SKIP("Kernel support for getaudit_addr(2) not available");
81 }
82 T_ASSERT_POSIX_SUCCESS(rv_from_getaudit_addr, "getaudit_addr(2) succeeds");
83 tlog_aia(&aia, "aia");
84 T_EXPECT_EQ(aia.ai_auid, auid, NULL);
85 T_EXPECT_NE(aia.ai_auid, AU_DEFAUDITID, NULL);
86 // any ai_mask
87 // any ai_termid
88 T_EXPECT_EQ(aia.ai_asid, asid, NULL);
89 T_EXPECT_BITS_NOTSET(aia.ai_flags, ~(au_asflgs_t)VALID_AU_SESSION_FLAGS, NULL);
90 T_EXPECT_BITS_SET(aia.ai_flags, (au_asflgs_t)AU_SESSION_FLAG_HAS_AUTHENTICATED, NULL);
91 }
92
93 T_DECL(getauid, "getauid smoke test")
94 {
95 au_id_t auid;
96 get_asid_auid(NULL, &auid);
97
98 au_id_t auid2 = 666;
99 int rv_from_getauid = getauid(&auid2);
100 if (rv_from_getauid == -1 && errno == ENOSYS) {
101 T_SKIP("Kernel support for getauid(2) not available");
102 }
103 T_ASSERT_POSIX_SUCCESS(rv_from_getauid, "getauid(2) succeeds");
104 T_EXPECT_EQ(auid2, auid, NULL);
105 T_EXPECT_NE(auid2, AU_DEFAUDITID, NULL);
106 }
107
108 T_DECL(auditon_getsflags, "auditon(A_GETSFLAGS) smoke test")
109 {
110 au_asflgs_t flags = -1UL;
111 int rv_from_auditon = auditon(A_GETSFLAGS, &flags, sizeof(flags));
112 if (rv_from_auditon == -1 && errno == ENOSYS) {
113 T_SKIP("Kernel support for auditon(2) not available");
114 }
115 T_ASSERT_POSIX_SUCCESS(rv_from_auditon, "auditon(2) A_GETSFLAGS succeeds");
116 T_EXPECT_BITS_NOTSET(flags, ~(au_asflgs_t)VALID_AU_SESSION_FLAGS, NULL);
117 T_EXPECT_BITS_SET(flags, (au_asflgs_t)AU_SESSION_FLAG_HAS_AUTHENTICATED, NULL);
118 }
119
120 T_DECL(auditon_getpinfo_addr, "auditon(A_GETPINFO_ADDR) smoke test")
121 {
122 au_asid_t asid;
123 au_id_t auid;
124 get_asid_auid(&asid, &auid);
125
126 auditpinfo_addr_t apia = {};
127 apia.ap_pid = getpid();
128 int rv_from_auditon = auditon(A_GETPINFO_ADDR, &apia, sizeof(apia));
129 if (rv_from_auditon == -1 && errno == ENOSYS) {
130 T_SKIP("Kernel support for auditon(2) not available");
131 }
132 T_ASSERT_POSIX_SUCCESS(rv_from_auditon, "auditon(2) A_GETPINFO_ADDR succeeds");
133 T_EXPECT_EQ(apia.ap_pid, getpid(), NULL);
134 T_EXPECT_EQ(apia.ap_asid, asid, NULL);
135 T_EXPECT_EQ(apia.ap_auid, auid, NULL);
136 T_EXPECT_NE(apia.ap_auid, AU_DEFAUDITID, NULL);
137 // any ap_mask
138 // any ap_termid
139 T_EXPECT_BITS_NOTSET(apia.ap_flags, ~(au_asflgs_t)VALID_AU_SESSION_FLAGS, NULL);
140 T_EXPECT_BITS_SET(apia.ap_flags, (au_asflgs_t)AU_SESSION_FLAG_HAS_AUTHENTICATED, NULL);
141 }
142
143 T_DECL(auditon_getsinfo_addr, "auditon(A_GETSINFO_ADDR) smoke test")
144 {
145 au_asid_t asid;
146 au_id_t auid;
147 get_asid_auid(&asid, &auid);
148
149 auditinfo_addr_t aia = {};
150 aia.ai_asid = asid;
151 int rv_from_auditon = auditon(A_GETSINFO_ADDR, &aia, sizeof(aia));
152 if (rv_from_auditon == -1 && errno == ENOSYS) {
153 T_SKIP("Kernel support for auditon(2) not available");
154 }
155 T_ASSERT_POSIX_SUCCESS(rv_from_auditon, "auditon(2) A_GETSINFO_ADDR succeeds");
156 T_EXPECT_EQ(aia.ai_asid, asid, NULL);
157 T_EXPECT_EQ(aia.ai_auid, auid, NULL);
158 T_EXPECT_NE(aia.ai_auid, AU_DEFAUDITID, NULL);
159 // any ap_mask
160 // any ap_termid
161 T_EXPECT_BITS_NOTSET(aia.ai_flags, ~(au_asflgs_t)VALID_AU_SESSION_FLAGS, NULL);
162 T_EXPECT_BITS_SET(aia.ai_flags, (au_asflgs_t)AU_SESSION_FLAG_HAS_AUTHENTICATED, NULL);
163 }
164
165 T_DECL(auditon_getsinfo_addr_rootasid, "auditon(A_GETSINFO_ADDR) for root session")
166 {
167 // asid PID_MAX + 1 is the first session created after boot, which
168 // is the root session.
169 au_asid_t root_asid = PID_MAX + 1; // ASSIGNED_ASID_MIN
170
171 auditinfo_addr_t aia = {};
172 aia.ai_asid = root_asid;
173 int rv_from_auditon = auditon(A_GETSINFO_ADDR, &aia, sizeof(aia));
174 if (rv_from_auditon == -1 && errno == ENOSYS) {
175 T_SKIP("Kernel support for auditon(2) not available");
176 }
177 T_ASSERT_POSIX_SUCCESS(rv_from_auditon, "auditon(2) A_GETSINFO_ADDR succeeds");
178 T_EXPECT_EQ(aia.ai_asid, root_asid, NULL);
179 T_EXPECT_EQ(aia.ai_auid, AU_DEFAUDITID, NULL);
180 // any ap_mask
181 // any ap_termid
182 T_EXPECT_BITS_NOTSET(aia.ai_flags, ~(au_asflgs_t)VALID_AU_SESSION_FLAGS, NULL);
183 T_EXPECT_EQ(aia.ai_flags, (au_asflgs_t)AU_SESSION_FLAG_IS_INITIAL, NULL);
184 }
185
186 T_DECL(auditon_getsinfo_addr_asid1, "auditon(A_GETSINFO_ADDR) for asid 1")
187 {
188 // asid 1 is in the pid range, and we don't expect launchd
189 // to create a pid-based audit session for itself.
190 auditinfo_addr_t aia = {};
191 aia.ai_asid = 1;
192 int rv_from_auditon = auditon(A_GETSINFO_ADDR, &aia, sizeof(aia));
193 if (rv_from_auditon == -1 && errno == ENOSYS) {
194 T_SKIP("Kernel support for auditon(2) not available");
195 }
196 T_ASSERT_POSIX_FAILURE(rv_from_auditon, EINVAL, "auditon(2) A_GETSINFO_ADDR fails");
197 }
198
199 enum termid_mode {
200 // Set terminal ID at session creation time.
201 TERMIDM_NOUPDATE,
202 // Create session w/o terminal ID, update later using setaudit_addr(2).
203 TERMIDM_UPDATE_SETAUDIT_ADDR,
204 };
205
206 enum auid_mode {
207 // Set auid at session creation time.
208 AUIDM_NOUPDATE,
209 // Create session w/o auid, update later using setaudit_addr(2),
210 // setting the auid and updating the flags.
211 AUIDM_UPDATE_SETAUDIT_ADDR,
212 // Create session w/o auid, update later using setauid(2) to set the
213 // auid and auditon(2) A_SETSFLAGS to update the flags.
214 AUIDM_UPDATE_SETAUID,
215 };
216
217 // Covers many different ways to call setaudit_addr to create a
218 // new session and typical patterns of updating the session.
219 // Additionally, tests that forbidden updates to sessions are in
220 // fact denied.
221 static void
new_session_flow(au_asid_t asid,enum termid_mode termid_mode,uint32_t termid_type,enum auid_mode auid_mode)222 new_session_flow(au_asid_t asid, enum termid_mode termid_mode, uint32_t termid_type, enum auid_mode auid_mode)
223 {
224 if (geteuid() != 0) {
225 T_SKIP("This test should be run as super user.");
226 }
227
228 static const au_id_t test_auid_a = 555;
229 static const au_id_t test_auid_b = 556;
230 static const dev_t test_port = 0xDEAD;
231 static const u_int32_t test_addr_a = 0x00112233;
232 static const u_int32_t test_addr_b = 0x44556677;
233 static const u_int32_t test_addr_c = 0x8899AABB;
234 static const u_int32_t test_addr_d = 0xCCDDEEFF;
235 static const unsigned int test_tmp_mask_success = 0x00003001;
236 static const unsigned int test_tmp_mask_failure = 0x00003002;
237 static const unsigned int test_fin_mask_success = 0x00003003;
238 static const unsigned int test_fin_mask_failure = 0x00003004;
239
240 // step 1: create new session
241
242 struct auditinfo_addr aia1a = {}; // copy of what we pass into setaudit_addr
243 struct auditinfo_addr aia1b = {}; // passed into setaudit_addr, potentially modified
244 struct auditinfo_addr aia1c = {}; // obtained from getaudit_addr afterwards
245
246 aia1a.ai_asid = asid;
247 if (auid_mode == AUIDM_NOUPDATE) {
248 aia1a.ai_auid = test_auid_a;
249 aia1a.ai_mask.am_success = test_fin_mask_success;
250 aia1a.ai_mask.am_failure = test_fin_mask_failure;
251 } else {
252 // AU_DEFAUDITID allows updating the auid later
253 aia1a.ai_auid = AU_DEFAUDITID;
254 aia1a.ai_mask.am_success = test_tmp_mask_success;
255 aia1a.ai_mask.am_failure = test_tmp_mask_failure;
256 }
257 if (termid_mode == TERMIDM_NOUPDATE) {
258 aia1a.ai_termid.at_port = test_port;
259 aia1a.ai_termid.at_type = termid_type;
260 aia1a.ai_termid.at_addr[0] = test_addr_a;
261 if (termid_type == AU_IPv6) {
262 aia1a.ai_termid.at_addr[1] = test_addr_b;
263 aia1a.ai_termid.at_addr[2] = test_addr_c;
264 aia1a.ai_termid.at_addr[3] = test_addr_d;
265 }
266 } else {
267 // at_type AU_IPv4 all other fields zero allows updating ai_termid later
268 aia1a.ai_termid.at_type = AU_IPv4;
269 }
270 // For unknown reasons, AU_SESSION_FLAG_HAS_TTY cannot be set after session creation,
271 // but the terminal ID can, which seems inconsistent.
272 aia1a.ai_flags = AU_SESSION_FLAG_HAS_TTY | AU_SESSION_FLAG_IS_REMOTE;
273 if (auid_mode == AUIDM_NOUPDATE) {
274 aia1a.ai_flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
275 }
276 tlog_aia(&aia1a, "aia1a");
277
278 bcopy(&aia1a, &aia1b, sizeof(aia1b));
279 int rv_from_setaudit_addr = setaudit_addr(&aia1b, sizeof(aia1b));
280 if (rv_from_setaudit_addr == -1 && errno == ENOSYS) {
281 T_SKIP("Kernel support for setaudit_addr(2) not available");
282 }
283 tlog_aia(&aia1b, "aia1b");
284 T_ASSERT_POSIX_SUCCESS(rv_from_setaudit_addr, "setaudit_addr(2) succeeds at creating a new session");
285 if (asid == AU_ASSIGN_ASID || asid == AU_DEFAUDITSID) {
286 // Kernel choses free asid above pid range
287 T_EXPECT_NE(aia1b.ai_asid, AU_ASSIGN_ASID, NULL);
288 T_EXPECT_NE(aia1b.ai_asid, AU_DEFAUDITSID, NULL);
289 T_EXPECT_GT(aia1b.ai_asid, PID_MAX, NULL);
290 } else {
291 // Kernel uses our asid suggestion
292 T_EXPECT_EQ(aia1b.ai_asid, aia1a.ai_asid, NULL);
293 }
294 // Don't check other fields of aia1b, the contract is only well-defined for the asid.
295
296 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&aia1c, sizeof(aia1c)), "getaudit_addr(2) succeeds at obtaining new session aia");
297 tlog_aia(&aia1c, "aia1c");
298 T_EXPECT_EQ(aia1c.ai_asid, aia1b.ai_asid, NULL);
299 T_EXPECT_EQ(aia1c.ai_auid, aia1a.ai_auid, NULL);
300 T_EXPECT_EQ(aia1c.ai_mask.am_success, aia1a.ai_mask.am_success, NULL);
301 T_EXPECT_EQ(aia1c.ai_mask.am_failure, aia1a.ai_mask.am_failure, NULL);
302 T_EXPECT_EQ(aia1c.ai_termid.at_port, aia1a.ai_termid.at_port, NULL);
303 T_EXPECT_EQ(aia1c.ai_termid.at_type, aia1a.ai_termid.at_type, NULL);
304 T_EXPECT_EQ(aia1c.ai_termid.at_addr[0], aia1a.ai_termid.at_addr[0], NULL);
305 T_EXPECT_EQ(aia1c.ai_termid.at_addr[1], aia1a.ai_termid.at_addr[1], NULL);
306 T_EXPECT_EQ(aia1c.ai_termid.at_addr[2], aia1a.ai_termid.at_addr[2], NULL);
307 T_EXPECT_EQ(aia1c.ai_termid.at_addr[3], aia1a.ai_termid.at_addr[3], NULL);
308 T_EXPECT_EQ(aia1c.ai_flags, aia1a.ai_flags, NULL);
309
310 au_asflgs_t flags1c = -1UL;
311 T_ASSERT_POSIX_SUCCESS(auditon(A_GETSFLAGS, &flags1c, sizeof(flags1c)), "auditon(2) A_GETSFLAGS succeeds");
312 T_EXPECT_EQ(flags1c, aia1c.ai_flags, NULL);
313
314 // step 2: depending on termid_mode, simulate accepting a network connection
315
316 struct auditinfo_addr aia2a = {}; // copy of what we pass into setaudit_addr
317 struct auditinfo_addr aia2b = {}; // passed into setaudit_addr, potentially modified
318 struct auditinfo_addr aia2c = {}; // obtained from getaudit_addr afterwards
319
320 if (termid_mode != TERMIDM_NOUPDATE) {
321 assert(termid_mode == TERMIDM_UPDATE_SETAUDIT_ADDR);
322
323 bcopy(&aia1c, &aia2a, sizeof(aia2a));
324 aia2a.ai_termid.at_port = test_port;
325 aia2a.ai_termid.at_type = termid_type;
326 aia2a.ai_termid.at_addr[0] = test_addr_a;
327 if (termid_type == AU_IPv6) {
328 aia2a.ai_termid.at_addr[1] = test_addr_b;
329 aia2a.ai_termid.at_addr[2] = test_addr_c;
330 aia2a.ai_termid.at_addr[3] = test_addr_d;
331 }
332 tlog_aia(&aia2a, "aia2a");
333
334 bcopy(&aia2a, &aia2b, sizeof(aia2b));
335 T_ASSERT_POSIX_SUCCESS(setaudit_addr(&aia2b, sizeof(aia2b)), "setaudit_addr(2) succeeds at updating the session with a terminal ID");
336 tlog_aia(&aia2b, "aia2b");
337 T_EXPECT_EQ(aia2b.ai_asid, aia2a.ai_asid, NULL);
338 // Don't check other fields of aia2b, the contract is only well-defined for the asid.
339
340 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&aia2c, sizeof(aia2c)), "getaudit_addr(2) succeeds at obtaining updated session aia");
341 tlog_aia(&aia2c, "aia2c");
342 T_EXPECT_EQ(aia2c.ai_asid, aia2a.ai_asid, NULL);
343 T_EXPECT_EQ(aia2c.ai_auid, aia2a.ai_auid, NULL);
344 T_EXPECT_EQ(aia2c.ai_mask.am_success, aia2a.ai_mask.am_success, NULL);
345 T_EXPECT_EQ(aia2c.ai_mask.am_failure, aia2a.ai_mask.am_failure, NULL);
346 T_EXPECT_EQ(aia2c.ai_termid.at_port, aia2a.ai_termid.at_port, NULL);
347 T_EXPECT_EQ(aia2c.ai_termid.at_type, aia2a.ai_termid.at_type, NULL);
348 T_EXPECT_EQ(aia2c.ai_termid.at_addr[0], aia2a.ai_termid.at_addr[0], NULL);
349 T_EXPECT_EQ(aia2c.ai_termid.at_addr[1], aia2a.ai_termid.at_addr[1], NULL);
350 T_EXPECT_EQ(aia2c.ai_termid.at_addr[2], aia2a.ai_termid.at_addr[2], NULL);
351 T_EXPECT_EQ(aia2c.ai_termid.at_addr[3], aia2a.ai_termid.at_addr[3], NULL);
352 T_EXPECT_EQ(aia2c.ai_flags, aia2a.ai_flags, NULL);
353 } else {
354 assert(termid_mode == TERMIDM_NOUPDATE);
355
356 bcopy(&aia1c, &aia2c, sizeof(aia2c));
357 }
358
359 // step 3: depending on auid_mode, simulate authenticating the session
360
361 struct auditinfo_addr aia3a = {}; // copy of what we pass into setaudit_addr
362 struct auditinfo_addr aia3b = {}; // passed into setaudit_addr, potentially modified
363 struct auditinfo_addr aia3c = {}; // obtained from getaudit_addr afterwards
364
365 if (auid_mode != AUIDM_NOUPDATE) {
366 if (auid_mode == AUIDM_UPDATE_SETAUDIT_ADDR) {
367 bcopy(&aia2c, &aia3a, sizeof(aia3a));
368 aia3a.ai_auid = test_auid_a;
369 aia3a.ai_flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
370 // Set new masks now that we know the user and would have looked
371 // up the users masks using au_user_mask(3).
372 aia3a.ai_mask.am_success = test_fin_mask_success;
373 aia3a.ai_mask.am_failure = test_fin_mask_failure;
374 tlog_aia(&aia3a, "aia3a");
375
376 bcopy(&aia3a, &aia3b, sizeof(aia3b));
377 T_ASSERT_POSIX_SUCCESS(setaudit_addr(&aia3b, sizeof(aia3b)), "setaudit_addr(2) succeeds at updating the session as authenticated");
378 tlog_aia(&aia3b, "aia3b");
379 T_EXPECT_EQ(aia3b.ai_asid, aia3a.ai_asid, NULL);
380 // Don't check other fields of aia3b, the contract is only well-defined for the asid.
381 } else {
382 assert(auid_mode == AUIDM_UPDATE_SETAUID);
383
384 auditpinfo_t api = {};
385 api.ap_pid = getpid();
386 api.ap_mask.am_success = test_fin_mask_success;
387 api.ap_mask.am_failure = test_fin_mask_failure;
388 T_ASSERT_POSIX_SUCCESS(auditon(A_SETPMASK, &api, sizeof(api)), "auditon(2) A_SETPMASK succeeds");
389
390 struct auditinfo_addr new_aia = {};
391 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&new_aia, sizeof(new_aia)), "getaudit_addr(2) after auditon(2) A_SETPMASK succeeds");
392 tlog_aia(&new_aia, "new_aia");
393 T_EXPECT_EQ(new_aia.ai_asid, aia2c.ai_asid, NULL);
394 T_EXPECT_EQ(new_aia.ai_auid, aia2c.ai_auid, NULL);
395 T_EXPECT_EQ(new_aia.ai_mask.am_success, test_fin_mask_success, NULL);
396 T_EXPECT_EQ(new_aia.ai_mask.am_failure, test_fin_mask_failure, NULL);
397 T_EXPECT_EQ(new_aia.ai_termid.at_port, aia2c.ai_termid.at_port, NULL);
398 T_EXPECT_EQ(new_aia.ai_termid.at_type, aia2c.ai_termid.at_type, NULL);
399 T_EXPECT_EQ(new_aia.ai_termid.at_addr[0], aia2c.ai_termid.at_addr[0], NULL);
400 T_EXPECT_EQ(new_aia.ai_termid.at_addr[1], aia2c.ai_termid.at_addr[1], NULL);
401 T_EXPECT_EQ(new_aia.ai_termid.at_addr[2], aia2c.ai_termid.at_addr[2], NULL);
402 T_EXPECT_EQ(new_aia.ai_termid.at_addr[3], aia2c.ai_termid.at_addr[3], NULL);
403 T_EXPECT_EQ(new_aia.ai_flags, aia2c.ai_flags, NULL);
404
405 au_id_t new_auid = test_auid_a;
406 T_ASSERT_POSIX_SUCCESS(setauid(&new_auid), "setauid(2) succeeds at updating the auid of the session");
407 T_EXPECT_EQ(new_auid, test_auid_a, NULL);
408
409 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&new_aia, sizeof(new_aia)), "getaudit_addr(2) after setauid(2) succeeds");
410 tlog_aia(&new_aia, "new_aia");
411 T_EXPECT_EQ(new_aia.ai_asid, aia2c.ai_asid, NULL);
412 T_EXPECT_EQ(new_aia.ai_auid, new_auid, NULL);
413 T_EXPECT_EQ(new_aia.ai_mask.am_success, test_fin_mask_success, NULL);
414 T_EXPECT_EQ(new_aia.ai_mask.am_failure, test_fin_mask_failure, NULL);
415 T_EXPECT_EQ(new_aia.ai_termid.at_port, aia2c.ai_termid.at_port, NULL);
416 T_EXPECT_EQ(new_aia.ai_termid.at_type, aia2c.ai_termid.at_type, NULL);
417 T_EXPECT_EQ(new_aia.ai_termid.at_addr[0], aia2c.ai_termid.at_addr[0], NULL);
418 T_EXPECT_EQ(new_aia.ai_termid.at_addr[1], aia2c.ai_termid.at_addr[1], NULL);
419 T_EXPECT_EQ(new_aia.ai_termid.at_addr[2], aia2c.ai_termid.at_addr[2], NULL);
420 T_EXPECT_EQ(new_aia.ai_termid.at_addr[3], aia2c.ai_termid.at_addr[3], NULL);
421 T_EXPECT_EQ(new_aia.ai_flags, aia2c.ai_flags, NULL);
422
423 // propagates masks from audit session to process credential
424 au_asflgs_t new_flags = -1UL;
425 T_ASSERT_POSIX_SUCCESS(auditon(A_GETSFLAGS, &new_flags, sizeof(new_flags)), "auditon(2) A_GETSFLAGS succeeds");
426 T_EXPECT_EQ(new_flags, flags1c, NULL);
427 new_flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
428 T_ASSERT_POSIX_SUCCESS(auditon(A_SETSFLAGS, &new_flags, sizeof(new_flags)), "auditon(2) A_SETSFLAGS succeeds");
429 T_EXPECT_EQ(new_flags, flags1c | AU_SESSION_FLAG_HAS_AUTHENTICATED, NULL);
430 new_flags = -1UL;
431 T_ASSERT_POSIX_SUCCESS(auditon(A_GETSFLAGS, &new_flags, sizeof(new_flags)), "auditon(2) A_GETSFLAGS succeeds");
432 T_EXPECT_EQ(new_flags, flags1c | AU_SESSION_FLAG_HAS_AUTHENTICATED, NULL);
433
434 bcopy(&aia2c, &aia3a, sizeof(aia3a));
435 aia3a.ai_auid = new_auid;
436 aia3a.ai_flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
437 aia3a.ai_mask.am_success = test_fin_mask_success;
438 aia3a.ai_mask.am_failure = test_fin_mask_failure;
439 tlog_aia(&aia3a, "aia3a");
440 }
441
442 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&aia3c, sizeof(aia3c)), "getaudit_addr(2) succeeds at obtaining updated session aia");
443 tlog_aia(&aia3c, "aia3c");
444 T_EXPECT_EQ(aia3c.ai_asid, aia3a.ai_asid, NULL);
445 T_EXPECT_EQ(aia3c.ai_auid, aia3a.ai_auid, NULL);
446 T_EXPECT_EQ(aia3c.ai_mask.am_success, aia3a.ai_mask.am_success, NULL);
447 T_EXPECT_EQ(aia3c.ai_mask.am_failure, aia3a.ai_mask.am_failure, NULL);
448 T_EXPECT_EQ(aia3c.ai_termid.at_port, aia3a.ai_termid.at_port, NULL);
449 T_EXPECT_EQ(aia3c.ai_termid.at_type, aia3a.ai_termid.at_type, NULL);
450 T_EXPECT_EQ(aia3c.ai_termid.at_addr[0], aia3a.ai_termid.at_addr[0], NULL);
451 T_EXPECT_EQ(aia3c.ai_termid.at_addr[1], aia3a.ai_termid.at_addr[1], NULL);
452 T_EXPECT_EQ(aia3c.ai_termid.at_addr[2], aia3a.ai_termid.at_addr[2], NULL);
453 T_EXPECT_EQ(aia3c.ai_termid.at_addr[3], aia3a.ai_termid.at_addr[3], NULL);
454 T_EXPECT_EQ(aia3c.ai_flags, aia3a.ai_flags, NULL);
455 } else {
456 assert(auid_mode == AUIDM_NOUPDATE);
457
458 bcopy(&aia2c, &aia3c, sizeof(aia3c));
459 tlog_aia(&aia3c, "aia3c");
460 }
461
462 // At this point, the session is fully set up.
463
464 // Changing the auid after it has been set is forbidden.
465
466 struct auditinfo_addr aia4a = {};
467 bcopy(&aia3c, &aia4a, sizeof(aia4a));
468 aia4a.ai_auid = test_auid_b;
469 struct auditinfo_addr aia4b = {};
470 bcopy(&aia4a, &aia4b, sizeof(aia4b));
471 T_ASSERT_POSIX_FAILURE(setaudit_addr(&aia4b, sizeof(aia4b)), EINVAL, "setaudit_addr(2) refuses changing auid once set");
472 T_EXPECT_EQ(aia4b.ai_asid, aia4a.ai_asid, NULL);
473 T_EXPECT_EQ(aia4b.ai_auid, aia4a.ai_auid, NULL);
474 T_EXPECT_EQ(aia4b.ai_mask.am_success, aia4a.ai_mask.am_success, NULL);
475 T_EXPECT_EQ(aia4b.ai_mask.am_failure, aia4a.ai_mask.am_failure, NULL);
476 T_EXPECT_EQ(aia4b.ai_termid.at_port, aia4a.ai_termid.at_port, NULL);
477 T_EXPECT_EQ(aia4b.ai_termid.at_type, aia4a.ai_termid.at_type, NULL);
478 T_EXPECT_EQ(aia4b.ai_termid.at_addr[0], aia4a.ai_termid.at_addr[0], NULL);
479 T_EXPECT_EQ(aia4b.ai_termid.at_addr[1], aia4a.ai_termid.at_addr[1], NULL);
480 T_EXPECT_EQ(aia4b.ai_termid.at_addr[2], aia4a.ai_termid.at_addr[2], NULL);
481 T_EXPECT_EQ(aia4b.ai_termid.at_addr[3], aia4a.ai_termid.at_addr[3], NULL);
482 T_EXPECT_EQ(aia4b.ai_flags, aia4a.ai_flags, NULL);
483
484 au_id_t new_auid = test_auid_b;
485 T_ASSERT_POSIX_FAILURE(setauid(&new_auid), EINVAL, "setauid(2) refuses changing auid once set");
486 T_EXPECT_EQ(new_auid, test_auid_b, NULL);
487
488 // Changing the terminal ID after it has been set is forbidden.
489
490 struct auditinfo_addr aia5a = {};
491 bcopy(&aia3c, &aia5a, sizeof(aia5a));
492 aia5a.ai_termid.at_port = ~aia5a.ai_termid.at_port;
493 struct auditinfo_addr aia5b = {};
494 bcopy(&aia5a, &aia5b, sizeof(aia5b));
495 T_ASSERT_POSIX_FAILURE(setaudit_addr(&aia5b, sizeof(aia5b)), EINVAL, "setaudit_addr(2) refuses changing termid port once set");
496 T_EXPECT_EQ(aia5b.ai_asid, aia5a.ai_asid, NULL);
497 T_EXPECT_EQ(aia5b.ai_auid, aia5a.ai_auid, NULL);
498 T_EXPECT_EQ(aia5b.ai_mask.am_success, aia5a.ai_mask.am_success, NULL);
499 T_EXPECT_EQ(aia5b.ai_mask.am_failure, aia5a.ai_mask.am_failure, NULL);
500 T_EXPECT_EQ(aia5b.ai_termid.at_port, aia5a.ai_termid.at_port, NULL);
501 T_EXPECT_EQ(aia5b.ai_termid.at_type, aia5a.ai_termid.at_type, NULL);
502 T_EXPECT_EQ(aia5b.ai_termid.at_addr[0], aia5a.ai_termid.at_addr[0], NULL);
503 T_EXPECT_EQ(aia5b.ai_termid.at_addr[1], aia5a.ai_termid.at_addr[1], NULL);
504 T_EXPECT_EQ(aia5b.ai_termid.at_addr[2], aia5a.ai_termid.at_addr[2], NULL);
505 T_EXPECT_EQ(aia5b.ai_termid.at_addr[3], aia5a.ai_termid.at_addr[3], NULL);
506 T_EXPECT_EQ(aia5b.ai_flags, aia5a.ai_flags, NULL);
507
508 struct auditinfo_addr aia6a = {};
509 bcopy(&aia3c, &aia6a, sizeof(aia6a));
510 aia6a.ai_termid.at_type = aia6a.ai_termid.at_type == AU_IPv4 ? AU_IPv6 : AU_IPv4;
511 struct auditinfo_addr aia6b = {};
512 bcopy(&aia6a, &aia6b, sizeof(aia6b));
513 T_ASSERT_POSIX_FAILURE(setaudit_addr(&aia6b, sizeof(aia6b)), EINVAL, "setaudit_addr(2) refuses changing termid type once set");
514 T_EXPECT_EQ(aia6b.ai_asid, aia6a.ai_asid, NULL);
515 T_EXPECT_EQ(aia6b.ai_auid, aia6a.ai_auid, NULL);
516 T_EXPECT_EQ(aia6b.ai_mask.am_success, aia6a.ai_mask.am_success, NULL);
517 T_EXPECT_EQ(aia6b.ai_mask.am_failure, aia6a.ai_mask.am_failure, NULL);
518 T_EXPECT_EQ(aia6b.ai_termid.at_port, aia6a.ai_termid.at_port, NULL);
519 T_EXPECT_EQ(aia6b.ai_termid.at_type, aia6a.ai_termid.at_type, NULL);
520 T_EXPECT_EQ(aia6b.ai_termid.at_addr[0], aia6a.ai_termid.at_addr[0], NULL);
521 T_EXPECT_EQ(aia6b.ai_termid.at_addr[1], aia6a.ai_termid.at_addr[1], NULL);
522 T_EXPECT_EQ(aia6b.ai_termid.at_addr[2], aia6a.ai_termid.at_addr[2], NULL);
523 T_EXPECT_EQ(aia6b.ai_termid.at_addr[3], aia6a.ai_termid.at_addr[3], NULL);
524 T_EXPECT_EQ(aia6b.ai_flags, aia6a.ai_flags, NULL);
525
526 struct auditinfo_addr aia7a = {};
527 bcopy(&aia3c, &aia7a, sizeof(aia7a));
528 aia7a.ai_termid.at_addr[0] = ~aia7a.ai_termid.at_addr[0];
529 struct auditinfo_addr aia7b = {};
530 bcopy(&aia7a, &aia7b, sizeof(aia7b));
531 T_ASSERT_POSIX_FAILURE(setaudit_addr(&aia7b, sizeof(aia7b)), EINVAL, "setaudit_addr(2) refuses changing termid addr once set");
532 T_EXPECT_EQ(aia7b.ai_asid, aia7a.ai_asid, NULL);
533 T_EXPECT_EQ(aia7b.ai_auid, aia7a.ai_auid, NULL);
534 T_EXPECT_EQ(aia7b.ai_mask.am_success, aia7a.ai_mask.am_success, NULL);
535 T_EXPECT_EQ(aia7b.ai_mask.am_failure, aia7a.ai_mask.am_failure, NULL);
536 T_EXPECT_EQ(aia7b.ai_termid.at_port, aia7a.ai_termid.at_port, NULL);
537 T_EXPECT_EQ(aia7b.ai_termid.at_type, aia7a.ai_termid.at_type, NULL);
538 T_EXPECT_EQ(aia7b.ai_termid.at_addr[0], aia7a.ai_termid.at_addr[0], NULL);
539 T_EXPECT_EQ(aia7b.ai_termid.at_addr[1], aia7a.ai_termid.at_addr[1], NULL);
540 T_EXPECT_EQ(aia7b.ai_termid.at_addr[2], aia7a.ai_termid.at_addr[2], NULL);
541 T_EXPECT_EQ(aia7b.ai_termid.at_addr[3], aia7a.ai_termid.at_addr[3], NULL);
542 T_EXPECT_EQ(aia7b.ai_flags, aia7a.ai_flags, NULL);
543
544 // Removing protected flags is forbidden.
545
546 struct auditinfo_addr aia8a = {};
547 bcopy(&aia3c, &aia8a, sizeof(aia8a));
548 aia8a.ai_flags &= ~(au_asflgs_t)AU_SESSION_FLAG_IS_REMOTE;
549 struct auditinfo_addr aia8b = {};
550 bcopy(&aia8a, &aia8b, sizeof(aia8b));
551 T_ASSERT_POSIX_FAILURE(setaudit_addr(&aia8b, sizeof(aia8b)), EINVAL, "setaudit_addr(2) refuses changing protected flags once set");
552 T_EXPECT_EQ(aia8b.ai_asid, aia8a.ai_asid, NULL);
553 T_EXPECT_EQ(aia8b.ai_auid, aia8a.ai_auid, NULL);
554 T_EXPECT_EQ(aia8b.ai_mask.am_success, aia8a.ai_mask.am_success, NULL);
555 T_EXPECT_EQ(aia8b.ai_mask.am_failure, aia8a.ai_mask.am_failure, NULL);
556 T_EXPECT_EQ(aia8b.ai_termid.at_port, aia8a.ai_termid.at_port, NULL);
557 T_EXPECT_EQ(aia8b.ai_termid.at_type, aia8a.ai_termid.at_type, NULL);
558 T_EXPECT_EQ(aia8b.ai_termid.at_addr[0], aia8a.ai_termid.at_addr[0], NULL);
559 T_EXPECT_EQ(aia8b.ai_termid.at_addr[1], aia8a.ai_termid.at_addr[1], NULL);
560 T_EXPECT_EQ(aia8b.ai_termid.at_addr[2], aia8a.ai_termid.at_addr[2], NULL);
561 T_EXPECT_EQ(aia8b.ai_termid.at_addr[3], aia8a.ai_termid.at_addr[3], NULL);
562 T_EXPECT_EQ(aia8b.ai_flags, aia8a.ai_flags, NULL);
563
564 au_asflgs_t new_flags = -1UL;
565 T_ASSERT_POSIX_SUCCESS(auditon(A_GETSFLAGS, &new_flags, sizeof(new_flags)), "auditon(2) A_GETSFLAGS succeeds");
566 T_EXPECT_BITS_SET(new_flags, AU_SESSION_FLAG_IS_REMOTE, NULL);
567 new_flags &= ~(au_asflgs_t)AU_SESSION_FLAG_IS_REMOTE;
568 T_ASSERT_POSIX_FAILURE(auditon(A_SETSFLAGS, &new_flags, sizeof(new_flags)), EINVAL, "auditon(2) A_SETSFLAGS refuses changing protected flags once set");
569 T_EXPECT_BITS_NOTSET(new_flags, AU_SESSION_FLAG_IS_REMOTE, NULL);
570
571 // auditon(2) A_GETPINFO retrieves the session by pid, IPv4 only.
572
573 auditpinfo_t api = {};
574 api.ap_pid = getpid();
575 if (termid_type == AU_IPv4) {
576 T_ASSERT_POSIX_SUCCESS(auditon(A_GETPINFO, &api, sizeof(api)), "auditon(2) A_GETPINFO succeeds for IPv4 terminal ID");
577 T_EXPECT_EQ(api.ap_pid, getpid(), NULL);
578 T_EXPECT_EQ(api.ap_asid, aia3c.ai_asid, NULL);
579 T_EXPECT_EQ(api.ap_auid, aia3c.ai_auid, NULL);
580 T_EXPECT_EQ(api.ap_mask.am_success, test_fin_mask_success, NULL);
581 T_EXPECT_EQ(api.ap_mask.am_failure, test_fin_mask_failure, NULL);
582 T_EXPECT_EQ(api.ap_termid.port, aia3c.ai_termid.at_port, NULL);
583 T_EXPECT_EQ(api.ap_termid.machine, aia3c.ai_termid.at_addr[0], NULL);
584 } else {
585 T_ASSERT_POSIX_FAILURE(auditon(A_GETPINFO, &api, sizeof(api)), EINVAL, "auditon(2) A_GETPINFO fails for IPv6 terminal ID");
586 }
587
588 // auditon(2) A_GETPINFO_ADDR retrieves the session by pid.
589
590 auditpinfo_addr_t apia = {};
591 apia.ap_pid = getpid();
592 T_ASSERT_POSIX_SUCCESS(auditon(A_GETPINFO_ADDR, &apia, sizeof(apia)), "auditon(2) A_GETPINFO_ADDR succeeds");
593 T_EXPECT_EQ(apia.ap_pid, getpid(), NULL);
594 T_EXPECT_EQ(apia.ap_asid, aia3c.ai_asid, NULL);
595 T_EXPECT_EQ(apia.ap_auid, aia3c.ai_auid, NULL);
596 T_EXPECT_EQ(apia.ap_mask.am_success, test_fin_mask_success, NULL);
597 T_EXPECT_EQ(apia.ap_mask.am_failure, test_fin_mask_failure, NULL);
598 T_EXPECT_EQ(apia.ap_termid.at_port, aia3c.ai_termid.at_port, NULL);
599 T_EXPECT_EQ(apia.ap_termid.at_type, aia3c.ai_termid.at_type, NULL);
600 T_EXPECT_EQ(apia.ap_termid.at_addr[0], aia3c.ai_termid.at_addr[0], NULL);
601 T_EXPECT_EQ(apia.ap_termid.at_addr[1], aia3c.ai_termid.at_addr[1], NULL);
602 T_EXPECT_EQ(apia.ap_termid.at_addr[2], aia3c.ai_termid.at_addr[2], NULL);
603 T_EXPECT_EQ(apia.ap_termid.at_addr[3], aia3c.ai_termid.at_addr[3], NULL);
604 T_EXPECT_EQ(apia.ap_flags, aia3c.ai_flags, NULL);
605
606 // auditon(2) A_GETSINFO_ADDR retrieves the session by asid.
607
608 auditinfo_addr_t aia9 = {};
609 aia9.ai_asid = aia3c.ai_asid;
610 T_ASSERT_POSIX_SUCCESS(auditon(A_GETSINFO_ADDR, &aia9, sizeof(aia9)), "auditon(2) A_GETSINFO_ADDR succeeds");
611 tlog_aia(&aia9, "aia9");
612 T_EXPECT_EQ(aia9.ai_asid, aia3c.ai_asid, NULL);
613 T_EXPECT_EQ(aia9.ai_auid, aia3c.ai_auid, NULL);
614 // Masks on the session without process context are undefined, don't check them
615 T_EXPECT_EQ(aia9.ai_termid.at_port, aia3c.ai_termid.at_port, NULL);
616 T_EXPECT_EQ(aia9.ai_termid.at_type, aia3c.ai_termid.at_type, NULL);
617 T_EXPECT_EQ(aia9.ai_termid.at_addr[0], aia3c.ai_termid.at_addr[0], NULL);
618 T_EXPECT_EQ(aia9.ai_termid.at_addr[1], aia3c.ai_termid.at_addr[1], NULL);
619 T_EXPECT_EQ(aia9.ai_termid.at_addr[2], aia3c.ai_termid.at_addr[2], NULL);
620 T_EXPECT_EQ(aia9.ai_termid.at_addr[3], aia3c.ai_termid.at_addr[3], NULL);
621 T_EXPECT_EQ(aia9.ai_flags, aia3c.ai_flags, NULL);
622 }
623
624 // Test all combinations of:
625 // asid = { AU_ASSIGN_ASID | AU_DEFAUDITSID | getpid() }
626 // termid_mode = { TERMIDM_NOUPDATE | TERMIDM_UPDATE_SETAUDIT_ADDR }
627 // termid_type = { AU_IPv4 | AU_IPv6 }
628 // auid_mode = { AUIDM_NOUPDATE | AUIDM_UPDATE_SETAUDIT_ADDR | AUIDM_UPDATE_SETAUID }
629
630 T_DECL(new_session_1141, "new session asid=AU_ASSIGN_ASID termid=noupdate IPv4 auid=noupdate")
631 {
632 new_session_flow(AU_ASSIGN_ASID, TERMIDM_NOUPDATE, AU_IPv4, AUIDM_NOUPDATE);
633 }
634
635 T_DECL(new_session_1142, "new session asid=AU_ASSIGN_ASID termid=noupdate IPv4 auid=setaudit_addr")
636 {
637 new_session_flow(AU_ASSIGN_ASID, TERMIDM_NOUPDATE, AU_IPv4, AUIDM_UPDATE_SETAUDIT_ADDR);
638 }
639
640 T_DECL(new_session_1143, "new session asid=AU_ASSIGN_ASID termid=noupdate IPv4 auid=setauid")
641 {
642 new_session_flow(AU_ASSIGN_ASID, TERMIDM_NOUPDATE, AU_IPv4, AUIDM_UPDATE_SETAUID);
643 }
644
645 T_DECL(new_session_1161, "new session asid=AU_ASSIGN_ASID termid=noupdate IPv6 auid=noupdate")
646 {
647 new_session_flow(AU_ASSIGN_ASID, TERMIDM_NOUPDATE, AU_IPv6, AUIDM_NOUPDATE);
648 }
649
650 T_DECL(new_session_1162, "new session asid=AU_ASSIGN_ASID termid=noupdate IPv6 auid=setaudit_addr")
651 {
652 new_session_flow(AU_ASSIGN_ASID, TERMIDM_NOUPDATE, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
653 }
654
655 T_DECL(new_session_1163, "new session asid=AU_ASSIGN_ASID termid=noupdate IPv6 auid=setauid")
656 {
657 new_session_flow(AU_ASSIGN_ASID, TERMIDM_NOUPDATE, AU_IPv6, AUIDM_UPDATE_SETAUID);
658 }
659
660 T_DECL(new_session_1241, "new session asid=AU_ASSIGN_ASID termid=setaudit_addr IPv4 auid=noupdate")
661 {
662 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_NOUPDATE);
663 }
664
665 T_DECL(new_session_1242, "new session asid=AU_ASSIGN_ASID termid=setaudit_addr IPv4 auid=setaudit_addr")
666 {
667 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_UPDATE_SETAUDIT_ADDR);
668 }
669
670 T_DECL(new_session_1243, "new session asid=AU_ASSIGN_ASID termid=setaudit_addr IPv4 auid=setauid")
671 {
672 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_UPDATE_SETAUID);
673 }
674
675 T_DECL(new_session_1261, "new session asid=AU_ASSIGN_ASID termid=setaudit_addr IPv6 auid=noupdate")
676 {
677 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_NOUPDATE);
678 }
679
680 T_DECL(new_session_1262, "new session asid=AU_ASSIGN_ASID termid=setaudit_addr IPv6 auid=setaudit_addr")
681 {
682 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
683 }
684
685 T_DECL(new_session_1263, "new session asid=AU_ASSIGN_ASID termid=setaudit_addr IPv6 auid=setauid")
686 {
687 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUID);
688 }
689
690 T_DECL(new_session_2141, "new session asid=AU_DEFAUDITSID termid=noupdate IPv4 auid=noupdate")
691 {
692 new_session_flow(AU_DEFAUDITSID, TERMIDM_NOUPDATE, AU_IPv4, AUIDM_NOUPDATE);
693 }
694
695 T_DECL(new_session_2142, "new session asid=AU_DEFAUDITSID termid=noupdate IPv4 auid=setaudit_addr")
696 {
697 new_session_flow(AU_DEFAUDITSID, TERMIDM_NOUPDATE, AU_IPv4, AUIDM_UPDATE_SETAUDIT_ADDR);
698 }
699
700 T_DECL(new_session_2143, "new session asid=AU_DEFAUDITSID termid=noupdate IPv4 auid=setauid")
701 {
702 new_session_flow(AU_DEFAUDITSID, TERMIDM_NOUPDATE, AU_IPv4, AUIDM_UPDATE_SETAUID);
703 }
704
705 T_DECL(new_session_2161, "new session asid=AU_DEFAUDITSID termid=noupdate IPv6 auid=noupdate")
706 {
707 new_session_flow(AU_DEFAUDITSID, TERMIDM_NOUPDATE, AU_IPv6, AUIDM_NOUPDATE);
708 }
709
710 T_DECL(new_session_2162, "new session asid=AU_DEFAUDITSID termid=noupdate IPv6 auid=setaudit_addr")
711 {
712 new_session_flow(AU_DEFAUDITSID, TERMIDM_NOUPDATE, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
713 }
714
715 T_DECL(new_session_2163, "new session asid=AU_DEFAUDITSID termid=noupdate IPv6 auid=setauid")
716 {
717 new_session_flow(AU_DEFAUDITSID, TERMIDM_NOUPDATE, AU_IPv6, AUIDM_UPDATE_SETAUID);
718 }
719
720 T_DECL(new_session_2241, "new session asid=AU_DEFAUDITSID termid=setaudit_addr IPv4 auid=noupdate")
721 {
722 new_session_flow(AU_DEFAUDITSID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_NOUPDATE);
723 }
724
725 T_DECL(new_session_2242, "new session asid=AU_DEFAUDITSID termid=setaudit_addr IPv4 auid=setaudit_addr")
726 {
727 new_session_flow(AU_DEFAUDITSID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_UPDATE_SETAUDIT_ADDR);
728 }
729
730 T_DECL(new_session_2243, "new session asid=AU_DEFAUDITSID termid=setaudit_addr IPv4 auid=setauid")
731 {
732 new_session_flow(AU_DEFAUDITSID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_UPDATE_SETAUID);
733 }
734
735 T_DECL(new_session_2261, "new session asid=AU_DEFAUDITSID termid=setaudit_addr IPv6 auid=noupdate")
736 {
737 new_session_flow(AU_DEFAUDITSID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_NOUPDATE);
738 }
739
740 T_DECL(new_session_2262, "new session asid=AU_DEFAUDITSID termid=setaudit_addr IPv6 auid=setaudit_addr")
741 {
742 new_session_flow(AU_DEFAUDITSID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
743 }
744
745 T_DECL(new_session_2263, "new session asid=AU_DEFAUDITSID termid=setaudit_addr IPv6 auid=setauid")
746 {
747 new_session_flow(AU_DEFAUDITSID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUID);
748 }
749
750 T_DECL(new_session_3141, "new session asid=getpid() termid=noupdate IPv4 auid=noupdate")
751 {
752 new_session_flow(getpid(), TERMIDM_NOUPDATE, AU_IPv4, AUIDM_NOUPDATE);
753 }
754
755 T_DECL(new_session_3142, "new session asid=getpid() termid=noupdate IPv4 auid=setaudit_addr")
756 {
757 new_session_flow(getpid(), TERMIDM_NOUPDATE, AU_IPv4, AUIDM_UPDATE_SETAUDIT_ADDR);
758 }
759
760 T_DECL(new_session_3143, "new session asid=getpid() termid=noupdate IPv4 auid=setauid")
761 {
762 new_session_flow(getpid(), TERMIDM_NOUPDATE, AU_IPv4, AUIDM_UPDATE_SETAUID);
763 }
764
765 T_DECL(new_session_3161, "new session asid=getpid() termid=noupdate IPv6 auid=noupdate")
766 {
767 new_session_flow(getpid(), TERMIDM_NOUPDATE, AU_IPv6, AUIDM_NOUPDATE);
768 }
769
770 T_DECL(new_session_3162, "new session asid=getpid() termid=noupdate IPv6 auid=setaudit_addr")
771 {
772 new_session_flow(getpid(), TERMIDM_NOUPDATE, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
773 }
774
775 T_DECL(new_session_3163, "new session asid=getpid() termid=noupdate IPv6 auid=setauid")
776 {
777 new_session_flow(getpid(), TERMIDM_NOUPDATE, AU_IPv6, AUIDM_UPDATE_SETAUID);
778 }
779
780 T_DECL(new_session_3241, "new session asid=getpid() termid=setaudit_addr IPv4 auid=noupdate")
781 {
782 new_session_flow(getpid(), TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_NOUPDATE);
783 }
784
785 T_DECL(new_session_3242, "new session asid=getpid() termid=setaudit_addr IPv4 auid=setaudit_addr")
786 {
787 new_session_flow(getpid(), TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_UPDATE_SETAUDIT_ADDR);
788 }
789
790 T_DECL(new_session_3243, "new session asid=getpid() termid=setaudit_addr IPv4 auid=setauid")
791 {
792 new_session_flow(getpid(), TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv4, AUIDM_UPDATE_SETAUID);
793 }
794
795 T_DECL(new_session_3261, "new session asid=getpid() termid=setaudit_addr IPv6 auid=noupdate")
796 {
797 new_session_flow(getpid(), TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_NOUPDATE);
798 }
799
800 T_DECL(new_session_3262, "new session asid=getpid() termid=setaudit_addr IPv6 auid=setaudit_addr")
801 {
802 new_session_flow(getpid(), TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
803 }
804
805 T_DECL(new_session_3263, "new session asid=getpid() termid=setaudit_addr IPv6 auid=setauid")
806 {
807 new_session_flow(getpid(), TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUID);
808 }
809
810 #define NEW_SESSION_CHECK_CHILD_FILENAME "new_session_check_child_aia"
811
812 T_HELPER_DECL(check_child_session, "Check child aia against file")
813 {
814 char path[MAXPATHLEN];
815 snprintf(path, MAXPATHLEN, "%s/" NEW_SESSION_CHECK_CHILD_FILENAME, dt_tmpdir());
816 int fd = open(path, O_RDONLY);
817 T_ASSERT_POSIX_SUCCESS(fd, "open %s by pid %d for reading", path, getpid());
818 struct auditinfo_addr expected_aia;
819 ssize_t bytes_read = read(fd, &expected_aia, sizeof(expected_aia));
820 T_ASSERT_EQ(bytes_read, (ssize_t)sizeof(expected_aia), NULL);
821 close(fd);
822
823 struct auditinfo_addr aia;
824 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&aia, sizeof(aia)), "getaudit_addr(2) succeeds");
825 tlog_aia(&aia, "aia in child");
826 T_EXPECT_EQ(aia.ai_asid, expected_aia.ai_asid, NULL);
827 T_EXPECT_EQ(aia.ai_auid, expected_aia.ai_auid, NULL);
828 T_EXPECT_EQ(aia.ai_mask.am_success, expected_aia.ai_mask.am_success, NULL);
829 T_EXPECT_EQ(aia.ai_mask.am_failure, expected_aia.ai_mask.am_failure, NULL);
830 T_EXPECT_EQ(aia.ai_termid.at_port, expected_aia.ai_termid.at_port, NULL);
831 T_EXPECT_EQ(aia.ai_termid.at_type, expected_aia.ai_termid.at_type, NULL);
832 T_EXPECT_EQ(aia.ai_termid.at_addr[0], expected_aia.ai_termid.at_addr[0], NULL);
833 T_EXPECT_EQ(aia.ai_termid.at_addr[1], expected_aia.ai_termid.at_addr[1], NULL);
834 T_EXPECT_EQ(aia.ai_termid.at_addr[2], expected_aia.ai_termid.at_addr[2], NULL);
835 T_EXPECT_EQ(aia.ai_termid.at_addr[3], expected_aia.ai_termid.at_addr[3], NULL);
836 T_EXPECT_EQ(aia.ai_flags, expected_aia.ai_flags, NULL);
837
838 T_END;
839 }
840
841 T_DECL(new_session_check_child_aia, "new session is inherited by child processes")
842 {
843 int cond, rv_from_auditon = auditon(A_GETCOND, &cond, sizeof(cond));
844 if (rv_from_auditon == -1 && errno == ENOSYS) {
845 T_SKIP("Kernel support for auditon(2) not available");
846 }
847
848 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
849 T_LOG("Created new audit session using AU_ASSIGN_ASID");
850
851 struct auditinfo_addr aia;
852 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&aia, sizeof(aia)), "getaudit_addr(2) succeeds");
853 tlog_aia(&aia, "aia in parent");
854
855 char path[MAXPATHLEN];
856 snprintf(path, MAXPATHLEN, "%s/" NEW_SESSION_CHECK_CHILD_FILENAME, dt_tmpdir());
857 int fd = open(path, O_CREAT | O_TRUNC | O_RDWR, 0755);
858 T_ASSERT_POSIX_SUCCESS(fd, "open %s by pid %d for writing", path, getpid());
859 ssize_t bytes_written = write(fd, &aia, sizeof(aia));
860 T_ASSERT_EQ(bytes_written, (ssize_t)sizeof(aia), NULL);
861 close(fd);
862
863 dt_helper_t helper = dt_child_helper("check_child_session");
864 dt_run_helpers(&helper, 1, 30 /* timeout */);
865 }
866
867 #undef NEW_SESSION_CHECK_CHILD_FILENAME
868
869 #define NEW_SESSION_CLEANUP_FILENAME "new_session_cleanup_aia"
870
871 T_HELPER_DECL(child_create_session, "Create a session in a child process")
872 {
873 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
874 T_LOG("Created new audit session using AU_ASSIGN_ASID");
875
876 struct auditinfo_addr aia;
877 T_ASSERT_POSIX_SUCCESS(getaudit_addr(&aia, sizeof(aia)), "getaudit_addr(2) succeeds");
878
879 char tmppath[MAXPATHLEN];
880 snprintf(tmppath, MAXPATHLEN, "%s/" NEW_SESSION_CLEANUP_FILENAME "~", dt_tmpdir());
881 int fd = open(tmppath, O_CREAT | O_TRUNC | O_RDWR, 0755);
882 T_ASSERT_POSIX_SUCCESS(fd, "open %s by pid %d for writing", tmppath, getpid());
883 ssize_t bytes_written = write(fd, &aia, sizeof(aia));
884 T_ASSERT_EQ(bytes_written, (ssize_t)sizeof(aia), NULL);
885 pid_t pid = getpid();
886 bytes_written = write(fd, &pid, sizeof(pid));
887 T_ASSERT_EQ(bytes_written, (ssize_t)sizeof(pid), NULL);
888 close(fd);
889
890 // Atomically move it into place so that we can reliably for it over in the other helper.
891 char path[MAXPATHLEN];
892 snprintf(path, MAXPATHLEN, "%s/" NEW_SESSION_CLEANUP_FILENAME, dt_tmpdir());
893 T_ASSERT_POSIX_SUCCESS(rename(tmppath, path), "move %s to %s by pid %d", tmppath, path, getpid());
894
895 T_END;
896 }
897
898 T_HELPER_DECL(child_session_disappeared, "Check that session created in other helper disappeared")
899 {
900 static const size_t max_attempts = 10;
901 static const useconds_t delay_us = 250000;
902
903 char path[MAXPATHLEN];
904 snprintf(path, MAXPATHLEN, "%s/" NEW_SESSION_CLEANUP_FILENAME, dt_tmpdir());
905
906 // Wait for the file written by the other helper.
907 int fd = -1;
908 for (size_t attempt = 0; fd == -1 && attempt < max_attempts; attempt++) {
909 if (attempt > 0) {
910 usleep(delay_us * (useconds_t)attempt);
911 }
912 fd = open(path, O_RDONLY);
913 }
914 T_ASSERT_POSIX_SUCCESS(fd, "open %s by pid %d for reading", path, getpid());
915 struct auditinfo_addr other_child_aia;
916 ssize_t bytes_read = read(fd, &other_child_aia, sizeof(other_child_aia));
917 T_ASSERT_EQ(bytes_read, (ssize_t)sizeof(other_child_aia), NULL);
918 pid_t other_child_pid;
919 bytes_read = read(fd, &other_child_pid, sizeof(other_child_pid));
920 T_ASSERT_EQ(bytes_read, (ssize_t)sizeof(other_child_pid), NULL);
921 close(fd);
922
923 // Wait for the other helper to have exited.
924 int rv = 0;
925 for (size_t attempt = 0; rv == 0 && attempt < max_attempts; attempt++) {
926 if (attempt > 0) {
927 usleep(delay_us * (useconds_t)attempt);
928 }
929 rv = kill(other_child_pid, 0);
930 }
931
932 // The session should now have disappeared.
933 auditinfo_addr_t aia = {};
934 aia.ai_asid = other_child_aia.ai_asid;
935 T_ASSERT_POSIX_FAILURE(auditon(A_GETSINFO_ADDR, &aia, sizeof(aia)), EINVAL, "auditon(2) A_GETSINFO_ADDR cannot find the session");
936
937 T_END;
938 }
939
940 T_DECL(new_session_cleanup, "new session disappears on process exit")
941 {
942 int cond, rv_from_auditon = auditon(A_GETCOND, &cond, sizeof(cond));
943 if (rv_from_auditon == -1 && errno == ENOSYS) {
944 T_SKIP("Kernel support for auditon(2) not available");
945 }
946
947 char path[MAXPATHLEN];
948 snprintf(path, MAXPATHLEN, "%s/" NEW_SESSION_CLEANUP_FILENAME, dt_tmpdir());
949 (void)unlink(path);
950
951 dt_helper_t helpers[2];
952 helpers[0] = dt_child_helper("child_create_session");
953 helpers[1] = dt_child_helper("child_session_disappeared");
954 dt_run_helpers(helpers, 2, 30 /* timeout */);
955 }
956
957 #undef NEW_SESSION_CLEANUP_FILENAME
958
959 T_DECL(audit_session_self, "audit_session_self(2) smoke test")
960 {
961 int cond, rv_from_auditon = auditon(A_GETCOND, &cond, sizeof(cond));
962 if (rv_from_auditon == -1 && errno == ENOSYS) {
963 T_SKIP("Kernel support for auditon(2) not available");
964 }
965
966 mach_port_t session_port = audit_session_self();
967 T_ASSERT_TRUE(MACH_PORT_VALID(session_port), "audit_session_self(2) returns valid send right");
968 mach_port_deallocate(mach_task_self(), session_port);
969 }
970
971 static mach_port_t new_session_port = MACH_PORT_NULL;
972 static mach_port_t original_session_port = MACH_PORT_NULL;
973
974 static void
audit_session_join_cleanup(void)975 audit_session_join_cleanup(void)
976 {
977 if (MACH_PORT_VALID(new_session_port)) {
978 mach_port_deallocate(mach_task_self(), new_session_port);
979 new_session_port = MACH_PORT_NULL;
980 }
981 if (MACH_PORT_VALID(original_session_port)) {
982 mach_port_deallocate(mach_task_self(), original_session_port);
983 original_session_port = MACH_PORT_NULL;
984 }
985 }
986
987 T_DECL(audit_session_join, "audit_session_join(2) and port/session lifecycle test")
988 {
989 int cond, rv_from_auditon = auditon(A_GETCOND, &cond, sizeof(cond));
990 if (rv_from_auditon == -1 && errno == ENOSYS) {
991 T_SKIP("Kernel support for auditon(2) not available");
992 }
993
994 au_asid_t original_asid;
995 au_id_t original_auid;
996 get_asid_auid(&original_asid, &original_auid);
997
998 // Create new session
999 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
1000 T_LOG("Created new audit session using AU_ASSIGN_ASID");
1001 au_asid_t new_asid;
1002 au_id_t new_auid;
1003 get_asid_auid(&new_asid, &new_auid);
1004 T_ASSERT_NE(new_asid, original_asid, NULL);
1005 T_ASSERT_NE(new_auid, original_auid, NULL);
1006
1007 T_ATEND(audit_session_join_cleanup);
1008
1009 // Obtain session port for new session
1010 new_session_port = audit_session_self();
1011 T_ASSERT_TRUE(MACH_PORT_VALID(new_session_port), NULL);
1012
1013 // Obtain session port for original session
1014 T_ASSERT_POSIX_SUCCESS(audit_session_port(original_asid, &original_session_port), "audit_session_port(2) succeeds");
1015 T_ASSERT_TRUE(MACH_PORT_VALID(original_session_port), NULL);
1016
1017 // Join original session
1018 T_ASSERT_POSIX_SUCCESS(audit_session_join(original_session_port), "audit_session_join(2) succeeds");
1019 au_asid_t asid;
1020 au_id_t auid;
1021 get_asid_auid(&asid, &auid);
1022 T_ASSERT_EQ(asid, original_asid, NULL);
1023 T_ASSERT_EQ(auid, original_auid, NULL);
1024
1025 // The last process (we) has now left new session. The new session
1026 // is still referenced by the session port to which we're holding a
1027 // send right, preventing its destruction.
1028
1029 // Make sure the session can still be looked up.
1030 auditinfo_addr_t aia = {};
1031 aia.ai_asid = new_asid;
1032 T_ASSERT_POSIX_SUCCESS(auditon(A_GETSINFO_ADDR, &aia, sizeof(aia)), "auditon(2) A_GETSINFO_ADDR can still find the new session");
1033 T_ASSERT_EQ(aia.ai_asid, new_asid, NULL);
1034 T_ASSERT_EQ(aia.ai_auid, new_auid, NULL);
1035
1036 // Join new session that should still be around despite being empty.
1037 T_ASSERT_POSIX_SUCCESS(audit_session_join(new_session_port), "audit_session_join(2) succeeds");
1038 get_asid_auid(&asid, &auid);
1039 T_ASSERT_EQ(asid, new_asid, NULL);
1040 T_ASSERT_EQ(auid, new_auid, NULL);
1041
1042 // Join original session
1043 T_ASSERT_POSIX_SUCCESS(audit_session_join(original_session_port), "audit_session_join(2) succeeds");
1044 get_asid_auid(&asid, &auid);
1045 T_ASSERT_EQ(asid, original_asid, NULL);
1046 T_ASSERT_EQ(auid, original_auid, NULL);
1047
1048 // Destroy new session by way of releasing the send right to it.
1049 mach_port_deallocate(mach_task_self(), new_session_port);
1050 new_session_port = MACH_PORT_NULL;
1051
1052 // The new session should now have disappeared.
1053 bzero(&aia, sizeof(aia));
1054 aia.ai_asid = new_asid;
1055 T_LOG("Looking for asid %d", aia.ai_asid);
1056 T_ASSERT_POSIX_FAILURE(auditon(A_GETSINFO_ADDR, &aia, sizeof(aia)), EINVAL, "auditon(2) A_GETSINFO_ADDR cannot find the new session");
1057 }
1058
1059 T_DECL(setaudit_addr_join, "join session the BSD way using setaudit_addr(2)")
1060 {
1061 int cond, rv_from_auditon = auditon(A_GETCOND, &cond, sizeof(cond));
1062 if (rv_from_auditon == -1 && errno == ENOSYS) {
1063 T_SKIP("Kernel support for auditon(2) not available");
1064 }
1065
1066 au_asid_t original_asid;
1067 au_id_t original_auid;
1068 get_asid_auid(&original_asid, &original_auid);
1069
1070 // Create new session
1071 new_session_flow(AU_ASSIGN_ASID, TERMIDM_UPDATE_SETAUDIT_ADDR, AU_IPv6, AUIDM_UPDATE_SETAUDIT_ADDR);
1072 T_LOG("Created new audit session using AU_ASSIGN_ASID");
1073 au_asid_t new_asid;
1074 au_id_t new_auid;
1075 get_asid_auid(&new_asid, &new_auid);
1076 T_ASSERT_NE(new_asid, original_asid, NULL);
1077 T_ASSERT_NE(new_auid, original_auid, NULL);
1078
1079 // Look up the original session aia
1080 auditinfo_addr_t aia = {};
1081 aia.ai_asid = original_asid;
1082 T_ASSERT_POSIX_SUCCESS(auditon(A_GETSINFO_ADDR, &aia, sizeof(aia)), "auditon(2) A_GETSINFO_ADDR can find the old session");
1083 T_ASSERT_EQ(aia.ai_asid, original_asid, NULL);
1084 T_ASSERT_EQ(aia.ai_auid, original_auid, NULL);
1085
1086 // Switch back to original session
1087 T_ASSERT_POSIX_SUCCESS(setaudit_addr(&aia, sizeof(aia)), "setaudit_addr(2) succeeds at joining the original session");
1088
1089 // The new session was destroyed after we left.
1090
1091 // Looking up the new session should fail now.
1092 bzero(&aia, sizeof(aia));
1093 aia.ai_asid = new_asid;
1094 T_LOG("Looking for asid %d", aia.ai_asid);
1095 T_ASSERT_POSIX_FAILURE(auditon(A_GETSINFO_ADDR, &aia, sizeof(aia)), EINVAL, "auditon(2) A_GETSINFO_ADDR cannot find the new session");
1096 }
1097