--- util-linux-2.13-pre2/hwclock/hwclock.c.audit	2005-07-31 22:15:18.000000000 +0200

+++ util-linux-2.13-pre2/hwclock/hwclock.c	2005-08-30 11:11:11.000000000 +0200

@@ -81,9 +81,11 @@

 #include <stdarg.h>

 #include <getopt.h>

 #include <sysexits.h>

+#include <libaudit.h>

 #include "clock.h"

 #include "nls.h"

+#include "audit.h"

 #define MYNAME "hwclock"

@@ -1234,7 +1236,7 @@

     va_end(ap);

   }

-  exit(fmt ? EX_USAGE : 0);

+  audit_exit(fmt ? EX_USAGE : 0);

 }

 static const struct option longopts[] = {

@@ -1298,6 +1300,15 @@

 	/* Remember what time we were invoked */

 	gettimeofday(&startup_time, NULL);

+	audit_fd = audit_open();

+	if (audit_fd < 0 && !(errno == EINVAL || errno == EPROTONOSUPPORT ||

+				errno == EAFNOSUPPORT)) {

+		/* You get these error codes only when the kernel doesn't have

+	   	 * audit compiled in. */

+		fprintf(stderr, "Error - unable to connect to audit system\n");

+		return EX_NOPERM;

+	}

+

 	setlocale(LC_ALL, "");

 #ifdef LC_NUMERIC

 	/* We need LC_CTYPE and LC_TIME and LC_MESSAGES, but must avoid

@@ -1393,6 +1404,13 @@

 	argc -= optind;

 	argv += optind;

+	if (testing != TRUE) {

+		if (adjust == TRUE || hctosys == TRUE || systohc == TRUE ||

+			set == TRUE || setepoch == TRUE) {

+			auditable_event(1);

+		}

+	}

+

 	if (argc > 0) {

 		usage(_("%s takes no non-option arguments.  "

 			"You supplied %d.\n"),

@@ -1403,27 +1421,27 @@

 		fprintf(stderr, _("You have specified multiple functions.\n"

 				  "You can only perform one function "

 				  "at a time.\n"));

-		exit(EX_USAGE);

+		audit_exit(EX_USAGE);

 	}

 	if (utc && local_opt) {

 		fprintf(stderr, _("%s: The --utc and --localtime options "

 				  "are mutually exclusive.  You specified "

 				  "both.\n"), MYNAME);

-		exit(EX_USAGE);

+		audit_exit(EX_USAGE);

 	}

 	if (adjust && noadjfile) {

 		fprintf(stderr, _("%s: The --adjust and --noadjfile options "

 				  "are mutually exclusive.  You specified "

 				  "both.\n"), MYNAME);

-		exit(EX_USAGE);

+		audit_exit(EX_USAGE);

 	}

 	if (noadjfile && !(utc || local_opt)) {

 		fprintf(stderr, _("%s: With --noadjfile, you must specify "

 				  "either --utc or --localtime\n"), MYNAME);

-		exit(EX_USAGE);

+		audit_exit(EX_USAGE);

 	}

 #ifdef __alpha__

@@ -1437,7 +1455,7 @@

 		if (rc != 0) {

 			fprintf(stderr, _("No usable set-to time.  "

 					  "Cannot set clock.\n"));

-			exit(EX_USAGE);

+			audit_exit(EX_USAGE);

 		}

 	}

@@ -1469,11 +1487,11 @@

 	}

 	if (!permitted)

-		exit(EX_NOPERM);

+		audit_exit(EX_NOPERM);

 	if (getepoch || setepoch) {

 		manipulate_epoch(getepoch, setepoch, epoch_option, testing);

-		return 0;

+		audit_exit(0);

 	}

 	if (debug)

@@ -1487,12 +1505,14 @@

 			fprintf(stderr,

 				_("Use the --debug option to see the details "

 				  "of our search for an access method.\n"));

-		exit(1);

+		audit_exit(1);

 	}

-	return manipulate_clock(show, adjust, noadjfile, set, set_time,

+	rc = manipulate_clock(show, adjust, noadjfile, set, set_time,

 				hctosys, systohc, startup_time, utc,

 				local_opt, testing);

+	audit_exit(rc);

+	return rc;	/* Not reached */

 }

 /* A single routine for greater uniformity */

--- /dev/null	2005-08-29 11:11:19.415613608 +0200

+++ util-linux-2.13-pre2/hwclock/audit.c	2005-08-30 11:10:38.000000000 +0200

@@ -0,0 +1,73 @@

+/* audit.c -- This file contains the audit system extensions

+ *

+ * Copyright 2005 Red Hat Inc., Durham, North Carolina.

+ * All Rights Reserved.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ *

+ * Authors:

+ *     Steve Grubb <sgrubb@redhat.com>

+ */

+

+#include <stdio.h>

+#include <string.h>

+#include <stdlib.h>

+#include <unistd.h>

+#include <libaudit.h>

+#include "audit.h"

+

+int audit_fd = -1;

+

+/*

+ * This function will log a message to the audit system using a predefined

+ * message format. Parameter usage is as follows:

+ *

+ * op  -  operation. "adding user", "changing finger info", "deleting group"

+ * result - 0 = "success"  or  1 = "failed"

+ */

+static void audit_logger(const char *op, int result) 

+{

+	char msg_buf[256]; /* Common buffer for messaging */

+	const char *success;

+	extern char *progname;

+

+	if (audit_fd < 0)

+		return;		/* kernel without audit support */

+

+	if (!result)

+		success = "success";

+	else

+		success = "failed";

+

+	/* Add some audit info & log it.  */

+	snprintf(msg_buf, sizeof(msg_buf),

+		"%s: op=%s id=%u res=%s", progname, op, getuid(), success);

+	audit_send_user_message(audit_fd, AUDIT_USYS_CONFIG, msg_buf);

+	close(audit_fd);

+}

+

+static int audit_this = 0;

+void auditable_event(int i)

+{

+	audit_this = i;

+}

+

+void audit_exit(int status)

+{

+	if (audit_this)

+		audit_logger("changing system time", status);

+	exit(status);

+}

+

--- util-linux-2.13-pre2/hwclock/kd.c.audit	2005-07-31 18:01:20.000000000 +0200

+++ util-linux-2.13-pre2/hwclock/kd.c	2005-08-30 11:06:38.000000000 +0200

@@ -19,6 +19,7 @@

 #include "clock.h"

 #include "nls.h"

+#include "audit.h"

 static int con_fd = -1;		/* opened by probe_for_kd_clock() */

 				/* never closed */

@@ -103,7 +104,7 @@

   if (ioctl(con_fd, KDGHWCLK, &t) == -1) {

     outsyserr(_("ioctl() failed to read time from %s"), con_fd_filename);

-    exit(EX_IOERR);

+    audit_exit(EX_IOERR);

   }

   tm->tm_sec  = t.sec;

@@ -139,7 +140,7 @@

   if (ioctl(con_fd, KDSHWCLK, &t ) == -1) {

     outsyserr(_("ioctl KDSHWCLK failed"));

-    exit(1);

+    audit_exit(1);

   }

   return 0;

 }

--- util-linux-2.13-pre2/hwclock/Makefile.am.audit	2005-01-30 00:18:46.000000000 +0100

+++ util-linux-2.13-pre2/hwclock/Makefile.am	2005-08-30 11:06:38.000000000 +0200

@@ -4,4 +4,5 @@

 sbin_PROGRAMS = hwclock

-hwclock_SOURCES = hwclock.c cmos.c rtc.c kd.c

\ Chybí znak konce řádku na konci souboru

+hwclock_SOURCES = hwclock.c cmos.c rtc.c kd.c audit.c

+hwclock_LDADD = -laudit

\ Chybí znak konce řádku na konci souboru

--- /dev/null	2005-08-29 11:11:19.415613608 +0200

+++ util-linux-2.13-pre2/hwclock/audit.h	2005-08-30 11:06:38.000000000 +0200

@@ -0,0 +1,34 @@

+/* audit.h -- This file contains the function prototypes for audit calls

+ * Copyright 2005 Red Hat Inc., Durham, North Carolina.

+ * All Rights Reserved.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ *

+ * Author:

+ *   Steve Grubb <sgrubb@redhat.com>

+ *

+ */

+

+#ifndef HW_AUDIT_H

+#define HW_AUDIT_H

+

+/* This is the file descriptor used by the audit system */

+extern int audit_fd;

+

+/* This is the logging functions */

+void auditable_event(int i);

+void audit_exit(int status);

+

+#endif

--- util-linux-2.13-pre2/hwclock/clock.h.audit	2000-12-07 17:39:53.000000000 +0100

+++ util-linux-2.13-pre2/hwclock/clock.h	2005-08-30 11:06:38.000000000 +0200

@@ -24,7 +24,12 @@

 extern char *progname;

 extern int debug;

 extern int epoch_option;

-extern void outsyserr(char *msg, ...);

+extern void outsyserr(char *msg, ...)

+#ifdef __GNUC__

+        __attribute__ ((format (printf, 1, 2)));

+#else

+        ;

+#endif

 /* cmos.c */

 extern void set_cmos_epoch(int ARCconsole, int SRM);

--- util-linux-2.13-pre2/hwclock/rtc.c.audit	2005-07-31 22:15:45.000000000 +0200

+++ util-linux-2.13-pre2/hwclock/rtc.c	2005-08-30 11:06:38.000000000 +0200

@@ -8,6 +8,7 @@

 #include "clock.h"

 #include "nls.h"

+#include "audit.h"

 /*

  * Get defines for rtc stuff.

@@ -114,7 +115,7 @@

 	if (rtc_fd < 0) {

 		outsyserr(_("open() of %s failed"), rtc_dev_name);

-		exit(EX_OSFILE);

+		audit_exit(EX_OSFILE);

 	}

 	return rtc_fd;

 }

@@ -149,7 +150,7 @@

 		perror(ioctlname);

 		fprintf(stderr, _("ioctl() to %s to read the time failed.\n"),

 			rtc_dev_name);

-		exit(EX_IOERR);

+		audit_exit(EX_IOERR);

 	}

 	tm->tm_isdst = -1;          /* don't know whether it's dst */

@@ -329,7 +330,7 @@

 		perror(ioctlname);

 		fprintf(stderr, _("ioctl() to %s to set the time failed.\n"),

 			rtc_dev_name);

-		exit(EX_IOERR);

+		audit_exit(EX_IOERR);

 	}

 	if (debug)