--- util-linux-2.13-pre2/hwclock/hwclock.c.audit	2005-07-31 22:15:18.000000000 +0200
+++ util-linux-2.13-pre2/hwclock/hwclock.c	2005-08-30 11:11:11.000000000 +0200
@@ -81,9 +81,11 @@
 #include <stdarg.h>
 #include <getopt.h>
 #include <sysexits.h>
+#include <libaudit.h>
 
 #include "clock.h"
 #include "nls.h"
+#include "audit.h"
 
 #define MYNAME "hwclock"
 
@@ -1234,7 +1236,7 @@
     va_end(ap);
   }
  
-  exit(fmt ? EX_USAGE : 0);
+  audit_exit(fmt ? EX_USAGE : 0);
 }
 
 static const struct option longopts[] = {
@@ -1298,6 +1300,15 @@
 	/* Remember what time we were invoked */
 	gettimeofday(&startup_time, NULL);
 
+	audit_fd = audit_open();
+	if (audit_fd < 0 && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
+				errno == EAFNOSUPPORT)) {
+		/* You get these error codes only when the kernel doesn't have
+	   	 * audit compiled in. */
+		fprintf(stderr, "Error - unable to connect to audit system\n");
+		return EX_NOPERM;
+	}
+
 	setlocale(LC_ALL, "");
 #ifdef LC_NUMERIC
 	/* We need LC_CTYPE and LC_TIME and LC_MESSAGES, but must avoid
@@ -1393,6 +1404,13 @@
 	argc -= optind;
 	argv += optind;
 
+	if (testing != TRUE) {
+		if (adjust == TRUE || hctosys == TRUE || systohc == TRUE ||
+			set == TRUE || setepoch == TRUE) {
+			auditable_event(1);
+		}
+	}
+
 	if (argc > 0) {
 		usage(_("%s takes no non-option arguments.  "
 			"You supplied %d.\n"),
@@ -1403,27 +1421,27 @@
 		fprintf(stderr, _("You have specified multiple functions.\n"
 				  "You can only perform one function "
 				  "at a time.\n"));
-		exit(EX_USAGE);
+		audit_exit(EX_USAGE);
 	}
 
 	if (utc && local_opt) {
 		fprintf(stderr, _("%s: The --utc and --localtime options "
 				  "are mutually exclusive.  You specified "
 				  "both.\n"), MYNAME);
-		exit(EX_USAGE);
+		audit_exit(EX_USAGE);
 	}
 
 	if (adjust && noadjfile) {
 		fprintf(stderr, _("%s: The --adjust and --noadjfile options "
 				  "are mutually exclusive.  You specified "
 				  "both.\n"), MYNAME);
-		exit(EX_USAGE);
+		audit_exit(EX_USAGE);
 	}
 
 	if (noadjfile && !(utc || local_opt)) {
 		fprintf(stderr, _("%s: With --noadjfile, you must specify "
 				  "either --utc or --localtime\n"), MYNAME);
-		exit(EX_USAGE);
+		audit_exit(EX_USAGE);
 	}
 
 #ifdef __alpha__
@@ -1437,7 +1455,7 @@
 		if (rc != 0) {
 			fprintf(stderr, _("No usable set-to time.  "
 					  "Cannot set clock.\n"));
-			exit(EX_USAGE);
+			audit_exit(EX_USAGE);
 		}
 	}
 
@@ -1469,11 +1487,11 @@
 	}
 
 	if (!permitted)
-		exit(EX_NOPERM);
+		audit_exit(EX_NOPERM);
 
 	if (getepoch || setepoch) {
 		manipulate_epoch(getepoch, setepoch, epoch_option, testing);
-		return 0;
+		audit_exit(0);
 	}
 
 	if (debug)
@@ -1487,12 +1505,14 @@
 			fprintf(stderr,
 				_("Use the --debug option to see the details "
 				  "of our search for an access method.\n"));
-		exit(1);
+		audit_exit(1);
 	}
 
-	return manipulate_clock(show, adjust, noadjfile, set, set_time,
+	rc = manipulate_clock(show, adjust, noadjfile, set, set_time,
 				hctosys, systohc, startup_time, utc,
 				local_opt, testing);
+	audit_exit(rc);
+	return rc;	/* Not reached */
 }
 
 /* A single routine for greater uniformity */
--- /dev/null	2005-08-29 11:11:19.415613608 +0200
+++ util-linux-2.13-pre2/hwclock/audit.c	2005-08-30 11:10:38.000000000 +0200
@@ -0,0 +1,73 @@
+/* audit.c -- This file contains the audit system extensions
+ *
+ * Copyright 2005 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * Authors:
+ *     Steve Grubb <sgrubb@redhat.com>
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <libaudit.h>
+#include "audit.h"
+
+int audit_fd = -1;
+
+/*
+ * This function will log a message to the audit system using a predefined
+ * message format. Parameter usage is as follows:
+ *
+ * op  -  operation. "adding user", "changing finger info", "deleting group"
+ * result - 0 = "success"  or  1 = "failed"
+ */
+static void audit_logger(const char *op, int result) 
+{
+	char msg_buf[256]; /* Common buffer for messaging */
+	const char *success;
+	extern char *progname;
+
+	if (audit_fd < 0)
+		return;		/* kernel without audit support */
+
+	if (!result)
+		success = "success";
+	else
+		success = "failed";
+
+	/* Add some audit info & log it.  */
+	snprintf(msg_buf, sizeof(msg_buf),
+		"%s: op=%s id=%u res=%s", progname, op, getuid(), success);
+	audit_send_user_message(audit_fd, AUDIT_USYS_CONFIG, msg_buf);
+	close(audit_fd);
+}
+
+static int audit_this = 0;
+void auditable_event(int i)
+{
+	audit_this = i;
+}
+
+void audit_exit(int status)
+{
+	if (audit_this)
+		audit_logger("changing system time", status);
+	exit(status);
+}
+
--- util-linux-2.13-pre2/hwclock/kd.c.audit	2005-07-31 18:01:20.000000000 +0200
+++ util-linux-2.13-pre2/hwclock/kd.c	2005-08-30 11:06:38.000000000 +0200
@@ -19,6 +19,7 @@
 
 #include "clock.h"
 #include "nls.h"
+#include "audit.h"
 
 static int con_fd = -1;		/* opened by probe_for_kd_clock() */
 				/* never closed */
@@ -103,7 +104,7 @@
 
   if (ioctl(con_fd, KDGHWCLK, &t) == -1) {
     outsyserr(_("ioctl() failed to read time from %s"), con_fd_filename);
-    exit(EX_IOERR);
+    audit_exit(EX_IOERR);
   }
 
   tm->tm_sec  = t.sec;
@@ -139,7 +140,7 @@
 
   if (ioctl(con_fd, KDSHWCLK, &t ) == -1) {
     outsyserr(_("ioctl KDSHWCLK failed"));
-    exit(1);
+    audit_exit(1);
   }
   return 0;
 }
--- util-linux-2.13-pre2/hwclock/Makefile.am.audit	2005-01-30 00:18:46.000000000 +0100
+++ util-linux-2.13-pre2/hwclock/Makefile.am	2005-08-30 11:06:38.000000000 +0200
@@ -4,4 +4,5 @@
 
 sbin_PROGRAMS = hwclock
 
-hwclock_SOURCES = hwclock.c cmos.c rtc.c kd.c
\ Chybí znak konce řádku na konci souboru
+hwclock_SOURCES = hwclock.c cmos.c rtc.c kd.c audit.c
+hwclock_LDADD = -laudit
\ Chybí znak konce řádku na konci souboru
--- /dev/null	2005-08-29 11:11:19.415613608 +0200
+++ util-linux-2.13-pre2/hwclock/audit.h	2005-08-30 11:06:38.000000000 +0200
@@ -0,0 +1,34 @@
+/* audit.h -- This file contains the function prototypes for audit calls
+ * Copyright 2005 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * Author:
+ *   Steve Grubb <sgrubb@redhat.com>
+ *
+ */
+
+#ifndef HW_AUDIT_H
+#define HW_AUDIT_H
+
+/* This is the file descriptor used by the audit system */
+extern int audit_fd;
+
+/* This is the logging functions */
+void auditable_event(int i);
+void audit_exit(int status);
+
+#endif
--- util-linux-2.13-pre2/hwclock/clock.h.audit	2000-12-07 17:39:53.000000000 +0100
+++ util-linux-2.13-pre2/hwclock/clock.h	2005-08-30 11:06:38.000000000 +0200
@@ -24,7 +24,12 @@
 extern char *progname;
 extern int debug;
 extern int epoch_option;
-extern void outsyserr(char *msg, ...);
+extern void outsyserr(char *msg, ...)
+#ifdef __GNUC__
+        __attribute__ ((format (printf, 1, 2)));
+#else
+        ;
+#endif
 
 /* cmos.c */
 extern void set_cmos_epoch(int ARCconsole, int SRM);
--- util-linux-2.13-pre2/hwclock/rtc.c.audit	2005-07-31 22:15:45.000000000 +0200
+++ util-linux-2.13-pre2/hwclock/rtc.c	2005-08-30 11:06:38.000000000 +0200
@@ -8,6 +8,7 @@
 
 #include "clock.h"
 #include "nls.h"
+#include "audit.h"
 
 /*
  * Get defines for rtc stuff.
@@ -114,7 +115,7 @@
 
 	if (rtc_fd < 0) {
 		outsyserr(_("open() of %s failed"), rtc_dev_name);
-		exit(EX_OSFILE);
+		audit_exit(EX_OSFILE);
 	}
 	return rtc_fd;
 }
@@ -149,7 +150,7 @@
 		perror(ioctlname);
 		fprintf(stderr, _("ioctl() to %s to read the time failed.\n"),
 			rtc_dev_name);
-		exit(EX_IOERR);
+		audit_exit(EX_IOERR);
 	}
 
 	tm->tm_isdst = -1;          /* don't know whether it's dst */
@@ -329,7 +330,7 @@
 		perror(ioctlname);
 		fprintf(stderr, _("ioctl() to %s to set the time failed.\n"),
 			rtc_dev_name);
-		exit(EX_IOERR);
+		audit_exit(EX_IOERR);
 	}
 
 	if (debug)