PolicyKit: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Fri Aug 24 12:36:07 PDT 2007


 doc/man/PolicyKit.8.in                   |   35 --
 doc/man/PolicyKit.conf.5.in              |  236 -------------------
 doc/man/PolicyKit.conf.xml               |  380 +++++++++++++++++++++++++++++++
 doc/man/PolicyKit.xml                    |   74 ++++++
 doc/man/polkit-check-caller.1.in         |   65 -----
 doc/man/polkit-check-session.1.in        |   65 -----
 doc/man/polkit-config-file-validate.xml  |  105 ++++++++
 doc/man/polkit-grant.xml                 |  125 ++++++++++
 doc/man/polkit-list-actions.1.in         |   44 ---
 doc/man/polkit-list-actions.xml          |  101 ++++++++
 doc/man/polkit-policy-file-validate.1.in |   53 ----
 doc/man/polkit-policy-file-validate.xml  |  104 ++++++++
 tools/polkit-check-caller.c              |  164 -------------
 tools/polkit-check-session.c             |  173 --------------
 14 files changed, 889 insertions(+), 835 deletions(-)

New commits:
diff-tree 7b3f73291a742e8ef41cd4b63dcbb79d599c88ad (from 3b73f007910c5436828b4cecdd1e47eee40eaf0c)
Author: David Zeuthen <davidz at redhat.com>
Date:   Fri Aug 24 15:31:35 2007 -0400

    convert manual page sources to Docbook, add polkit-config-file-validate tool
    
    Also drop the polkit-check-caller and polkit-check-session tools;
    they're not really useful in their current incarnation.

diff --git a/doc/man/PolicyKit.8.in b/doc/man/PolicyKit.8.in
deleted file mode 100644
index a426580..0000000
--- a/doc/man/PolicyKit.8.in
+++ /dev/null
@@ -1,35 +0,0 @@
-.\" 
-.\" PolicyKit manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLICYKIT 8
-.SH NAME
-PolicyKit \- centralized policy management
-.SH DESCRIPTION
-.PP
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see 
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit.conf\fR\|(5),
-\&\fIpolkit-list-actions\fR\|(1),
-\&\fIpolkit-check-caller\fR\|(1),
-\&\fIpolkit-check-session\fR\|(1),
-\&\fIpolkit-policy-file-validate\fR\|(1),
-\&\fIpolkit-grant\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/PolicyKit.conf.5.in b/doc/man/PolicyKit.conf.5.in
deleted file mode 100644
index 79435ef..0000000
--- a/doc/man/PolicyKit.conf.5.in
+++ /dev/null
@@ -1,236 +0,0 @@
-.\" -*- Nroff -*-
-.\" PolicyKit.conf manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLICYKIT.CONF 5
-.SH NAME
- at sysconfdir@/PolicyKit/PolicyKit.conf \- PolicyKit configuration file
-.SH DESCRIPTION
-.PP
-
-The 
-.I @sysconfdir@/PolicyKit/PolicyKit.conf 
-configuration file provides a way for system administrators to
-override policy that mechanisms use
-.I libpolkit
-to determine whether a caller is privileged to use the mechanism in the way specified by the given
-.I action
-identifier.
-
-Changes to this configuration file are immediately propagated to
-running processes using the \&\fIlibpolkit\fR\|(3) library. If the
-configuration file is invalid, processes using this library will log
-this fact to the system logger and the library will only only return
-.B no
-as the answer to processes using it.
-
-.B TODO: 
-we need to have a tool to verify the PolicyKit.conf file is well
-formed.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH CONFIGURATION FILE
-.PP
-
-The configuration file is an XML document. It must
-have the following doctype declaration:
-
- <!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
- "http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
-
-The following elements may be present in the configuration file
-
-.I config
-
-Root element. A single attribute
-.I version
-must be present and must be set to
-.I "0.1"
-at this point. There can only be one
-.I config
-element in the configuration file.
-
-.I match
-
-This element is for matching information related to the decision
-making process and includes values describing both the caller and the
-action. This element can be embedded in both
-.I config
-and other
-.I match
-elements (hence allowing for nested matching).
-
-There can only be a single attribute in each
-.I match
-element and POSIX Extended Regular Expression syntax are supported in
-the value part. The following attributes are supported:
-
-.I
-.TP
-.B user
-This matches on the user's login name.
-.TP
-.B action
-For matching on the action, for example
-.B action="org.freedesktop.hal.storage.*"
-will match on all actions whose name begins with the string with "org.freedesktop.hal.storage.".
-
-.PP
-
-.I return
-
-This element is for used to specify what result
-.I libpolkit
-should return. It can only be embedded in 
-.I config
-and 
-.I match
-elements and can embed no elements itself. The
-.I return
-element is typically used deeply inside a number of
-.I match
-elements. A single attribute 
-.I result
-is supported and it can assume the following values
-
-.TP
-.B no
-Access denied.
-.TP
-.B auth_admin
-Access denied, but authentication of the caller as root will grant
-access to only that caller.
-.TP
-.B auth_admin_keep_session
-Access denied, but authentication of the caller as root will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_admin_keep_always
-Access denied, but authentication of the caller as root will grant
-access to the user of the caller in the future.
-.TP
-.B auth_self
-Access denied, but authentication of the caller as himself will grant
-access to only that caller.
-.TP
-.B auth_self_keep_session
-Access denied, but authentication of the caller as himself will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_self_keep_always
-Access denied, but authentication of the caller as himself will grant
-access to the user of the caller in the future.
-.TP
-.B yes
-Access granted.
-
-.PP
-
-.I define_admin_auth
-
-This element is used to specify the meaning of "authenticate as
-administrator". It is normally used at the top-level but can also be
-used deep inside a number of 
-.I match
-elements for conditional behavior. 
-
-There can only be a single attribute in each
-.I define_admin_auth
-element. POSIX Extended Regular Expression syntax are 
-.B not 
-supported in the value part, however multiple values to match on can
-be separated with the bar (|) character. The following attributes
-are supported:
-
-.TP
-.B user
-Administrator authentication means authenticate as the given user.
-If no
-.I define_admin_auth
-element is given, the default is to use
-.B user="root"
-e.g. administrator authentication mean authenticate as the super user.
-
-.TP
-.B group
-Administrator authentication means that any user in the groups matching
-the given value can be used to authenticate. Typically, on a system 
-with the root account disabled one wants to use something like
-.B group="wheel"
-to e.g. enable all UNIX users in the UNIX group
-.B wheel
-to be able to authentication whenever administrator authentication
-is required.
-
-.SH EXAMPLES
-
-For brevity the standard XML and doctype headers are omitted in the
-following configuration file examples. The actions used may also be
-fictional, use \&\fIpolkit-list-actions\fR\|(1) to learn about the
-actions installed on the system.
-
-.I ALLOW EVERYTHING
-
-  <config version="0.1">
-.br
-    <match user="davidz|bateman">
-.br
-      <return result="yes"/>
-.br
-    </match>
-.br
-  </config>
-.br
-
-The two UNIX users "davidz" and "bateman" to do any action.
-
-.I MOUNTING FIXED DRIVES
-
-Suppose the action
-.I org.freedesktop.hal.storage.mount-fixed
-is used by \&\fIhald\fR\|(8) to determine whether mounting internal
-hard drives are allowed. Then this configuration file
-
-  <config version="0.1">
-.br
-    <match action="org.freedesktop.hal.storage.mount-fixed">
-      <match user="davidz">
-.br
-        <return result="yes"/>
-.br
-      </match>
-      <match user="freddy">
-.br
-        <return result="no"/>
-.br
-      </match>
-.br
-    </match>
-.br
-  </config>
-.br
-
-specifies that UNIX user "davidz" is always allowed to do the action,
-while UNIX user "freddy" is never allowed to do the action.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see 
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-list-actions\fR\|(1)
-
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/PolicyKit.conf.xml b/doc/man/PolicyKit.conf.xml
new file mode 100644
index 0000000..b93d479
--- /dev/null
+++ b/doc/man/PolicyKit.conf.xml
@@ -0,0 +1,380 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+  <section>
+    <title>PolicyKit.conf</title>
+    <refentry>
+      <refentryinfo>
+        <title>PolicyKit.conf</title>
+        <date>August 2007</date>
+        <productname>PolicyKit</productname>
+      </refentryinfo>
+
+      <refmeta>
+        <refentrytitle>PolicyKit.conf</refentrytitle>
+        <manvolnum>5</manvolnum>
+        <refmiscinfo class="version"></refmiscinfo>
+      </refmeta>
+
+      <refnamediv>
+        <refname>PolicyKit.conf</refname>
+        <refpurpose>PolicyKit configuration file</refpurpose>
+      </refnamediv>
+
+      <refsect1><title>DESCRIPTION</title> 
+        <para>
+          The <filename>/etc/PolicyKit/PolicyKit.conf</filename>
+          configuration file provides a way for system administrators
+          to override policy for mechanisms that use the PolicyKit
+          library to determine whether a caller is allowed to use the
+          mechanism.
+        </para>
+
+        <para>
+          Changes to this configuration file are immediately
+          propagated to running processes using the PolicyKit
+          library. If the configuration file is invalid, processes
+          using this library will log this fact to the system logger
+          and the library will only only
+          return <emphasis>no</emphasis> as the answer to processes
+          using it.
+        </para>
+
+        <para>
+          The <citerefentry><refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+          tool can be used to verify that the configuration file is
+          valid.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>FILE FORMAT</title> 
+        <para>
+          The configuration file is an XML document. It must have the
+          following doctype declaration:
+        </para>
+
+        <programlisting>
+          <![CDATA[
+<!DOCTYPE pkconfig PUBLIC 
+ "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
+ "http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
+]]>
+        </programlisting>
+
+        <para>
+          The following elements may be present in the configuration file:
+        </para>
+
+        <refsect2>
+          <title>config</title>
+          <para>
+            This is the root element. A single
+            attribute <emphasis>version</emphasis> must be present and
+            must be set to "0.1" at this point. There can only be one
+            <emphasis>config</emphasis> element in the configuration file.
+          </para>
+        </refsect2>
+
+        <refsect2>
+          <title>match</title>
+          <para>
+            This element is for matching information related to the
+            decision making process and includes values describing
+            both the caller and the action. This element can be
+            embedded in both <emphasis>config</emphasis> and
+            other <emphasis>match</emphasis> elements (hence allowing
+            for nested matching).
+          </para>
+          <para>
+            There can only be a single attribute in
+            each <emphasis>match</emphasis> element and POSIX Extended
+            Regular Expression syntax are supported in the value
+            part. The following attributes are supported:
+          </para>
+          
+          <variablelist>
+            <varlistentry>
+              <term><emphasis>user</emphasis></term>
+              <listitem>
+                <para>
+                  This matches on the users login name.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>action</emphasis></term>
+              <listitem>
+                <para>
+                  For matching on the given action being queried for,
+                  for example
+                  <emphasis>action="org.foo.*"</emphasis> will match
+                  on all actions whose action identifier begins with
+                  the string "org.foo.".
+                </para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+
+        </refsect2>
+
+        <refsect2>
+          <title>return</title>
+          <para>
+            This element is for used to specify what result the
+            PolicyKit library will return. It can only be embedded in
+            <emphasis>config</emphasis> and <emphasis>match</emphasis>
+            elements and can embed no elements
+            itself. The <emphasis>return</emphasis> element is
+            typically used deeply inside a number
+            of <emphasis>match</emphasis> elements. A single attribute,
+            <emphasis>result</emphasis> is supported and it can assume
+            the following values:
+          </para>
+
+          <variablelist>
+            <varlistentry>
+              <term><emphasis>no</emphasis></term>
+              <listitem>
+                <para>
+                  Access denied.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>auth_self</emphasis></term>
+              <listitem>
+                <para>
+                  Access denied, but authentication of the caller as
+                  himself will grant access to only that caller.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>auth_self_keep_session</emphasis></term>
+              <listitem>
+                <para>
+                  Access denied, but authentication of the caller as
+                  himself will grant access to any caller in the
+                  session of the caller belongs to.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>auth_self_keep_always</emphasis></term>
+              <listitem>
+                <para>
+                  Access denied, but authentication of the caller as
+                  himself will grant access any caller with the given
+                  uid in the future.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>auth_admin</emphasis></term>
+              <listitem>
+                <para>
+                  Access denied, but authentication of the caller as
+                  an administrative user will grant access to only
+                  that caller.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>auth_admin_keep_session</emphasis></term>
+              <listitem>
+                <para>
+                  Access denied, but authentication of the caller as
+                  an administrative user will grant access to any caller
+                  in the session of the caller belongs to.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>auth_admin_keep_always</emphasis></term>
+              <listitem>
+                <para>
+                  Access denied, but authentication of the caller as
+                  an administrative user will grant access any caller
+                  with the given uid in the future.
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>yes</emphasis></term>
+              <listitem>
+                <para>
+                  Access granted.
+                </para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+
+        </refsect2>
+
+        <refsect2>
+          <title>define_admin_auth</title>
+          <para>
+            This element is used to specify the meaning of
+            <emphasis>"authenticate as administrator"</emphasis>. It
+            is normally used at the top-level but can also be used
+            deep inside a number of
+            <emphasis>match</emphasis> elements for conditional
+            behavior.
+          </para>
+
+          <para>
+            There can only be a single attribute in
+            each <emphasis>define_admin_auth</emphasis> element. POSIX
+            Extended Regular Expression syntax
+            is <emphasis>not</emphasis> supported in the value part,
+            however multiple values to match on can be separated with
+            the bar (|) character. The following attributes are
+            supported:
+          </para>
+
+          <variablelist>
+            <varlistentry>
+              <term><emphasis>user</emphasis></term>
+              <listitem>
+                <para>
+                  Administrator authentication means authenticate as
+                  the given user(s). If
+                  no <emphasis>define_admin_auth</emphasis> element is
+                  given, the default is to
+                  use <emphasis>user="root"</emphasis>
+                  e.g. administrator authentication mean authenticate
+                  as the super user.                  
+                </para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis>group</emphasis></term>
+              <listitem>
+                <para>
+                  Administrator authentication means that any user in
+                  the groups matching the given value can be used to
+                  authenticate. Typically, on a system with the root
+                  account disabled one wants to use something like
+                  <emphasis>group="wheel"</emphasis> to e.g. enable
+                  all UNIX users in the UNIX group
+                  <emphasis>wheel</emphasis> to be able to
+                  authentication whenever administrator authentication
+                  is required.
+                </para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+
+        </refsect2>
+
+      </refsect1>
+
+      <refsect1>
+        <title>EXAMPLES</title> 
+        <para>
+          For brevity, the standard XML and DOCTYPE headers as well as
+          the top-level <emphasis>config</emphasis> are omitted in the
+          following configuration file examples. The actions used may
+          also be fictional,
+          use <citerefentry><refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+          to learn about the actions available on your system.
+        </para>
+
+        <refsect2>
+          <title>ALLOW EVERYTHING</title>
+          <para>
+            The users "davidz" and "bateman" are allowed to do any
+            action:
+          </para>
+          <programlisting>
+            <![CDATA[
+<match user="davidz|bateman">
+  <return result="yes"/>
+</match>
+]]>
+          </programlisting>
+        </refsect2>
+
+        <refsect2>
+          <title>MOUNTING FIXED DRIVES</title>
+          <para>
+            Suppose the
+            action <emphasis>org.freedesktop.hal.storage.mount-fixed</emphasis>
+            is used to determine whether mounting internal hard drives
+            are allowed. Then this configuration file
+
+          </para>
+          <programlisting>
+            <![CDATA[
+<match action="org.freedesktop.hal.storage.mount-fixed">
+  <match user="davidz">
+    <return result="yes"/>
+  </match>
+  <match user="freddy">
+    <return result="no"/>
+  </match>
+</match>
+]]>
+          </programlisting>
+          <para>
+            specifies that user "davidz" is always allowed to do the
+            action, while user "freddy" is never allowed to do the
+            action. Other users will be subject to the defaults
+            results specified in the <emphasis>.policy</emphasis> file
+            describing the action.
+          </para>
+
+        </refsect2>
+
+      </refsect1>
+
+      <refsect1>
+        <title>AUTHOR</title> 
+        <para>
+          Written by David Zeuthen <email>david at fubar.dk</email> with
+          a lot of help from many others.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>BUGS</title> 
+        <para>
+          Please send bug reports to either the distribution or the
+          hal mailing list,
+          see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+          to subscribe.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>SEE ALSO</title>
+        <para>
+          <citerefentry>
+            <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>polkit-grant</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>
+        </para>
+      </refsect1>
+    </refentry>
+  </section>
+</article>
diff --git a/doc/man/PolicyKit.xml b/doc/man/PolicyKit.xml
new file mode 100644
index 0000000..cf30649
--- /dev/null
+++ b/doc/man/PolicyKit.xml
@@ -0,0 +1,74 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+  <section>
+    <title>PolicyKit</title>
+    <refentry>
+      <refentryinfo>
+        <title>PolicyKit</title>
+        <date>August 2007</date>
+        <productname>PolicyKit</productname>
+      </refentryinfo>
+
+      <refmeta>
+        <refentrytitle>PolicyKit</refentrytitle>
+        <manvolnum>8</manvolnum>
+        <refmiscinfo class="version"></refmiscinfo>
+      </refmeta>
+
+      <refnamediv>
+        <refname>PolicyKit</refname>
+        <refpurpose>centralized policy management</refpurpose>
+      </refnamediv>
+
+      <refsect1><title>DESCRIPTION</title> 
+        <para>
+          For more information about the big picture refer to the
+          PolicyKit specification which can be normally be found
+          under <filename>/usr/share/doc</filename>.
+        </para>
+
+        <para>
+          <emphasis>TODO:</emphasis> This manual page should contain a
+          simple introduction to PolicyKit for a system administrator
+          audience. Remains to be written.
+        </para>
+      </refsect1>
+
+
+      <refsect1><title>AUTHOR</title> 
+        <para>
+          Written by David Zeuthen <email>david at fubar.dk</email> with
+          a lot of help from many others.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>BUGS</title> 
+        <para>
+          Please send bug reports to either the distribution or the
+          hal mailing list,
+          see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+          to subscribe.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>SEE ALSO</title>
+        <para>
+          <citerefentry>
+            <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>polkit-grant</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>
+        </para>
+      </refsect1>
+    </refentry>
+  </section>
+</article>
diff --git a/doc/man/polkit-check-caller.1.in b/doc/man/polkit-check-caller.1.in
deleted file mode 100644
index df67b33..0000000
--- a/doc/man/polkit-check-caller.1.in
+++ /dev/null
@@ -1,65 +0,0 @@
-.\" 
-.\" polkit-check-caller manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-CHECK-CALLER 1
-.SH NAME
-polkit-check-caller \- check access
-.SH SYNOPSIS
-.PP
-.B polkit-check-caller
-[options]
-
-.SH DESCRIPTION
-
-\fIpolkit-check-caller\fP can be used to determine if a given caller
-can a given action. For more information about the big picture refer
-to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--action"
-The action to check.
-.TP
-.I "--caller"
-The caller to check for. Must be the callers unique name on the D-Bus
-system message bus.
-.TP
-.I "--resource-type"
-Type of resource.
-.TP
-.I "--resource"
-Identifier of resource.
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH RETURN VALUE
-.PP
-If access is allowed, this
-program exits with exit code 0. If no access is allowed or an error
-occurs, the program exits with a non-zero exit code.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see 
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIdbus-daemon\fR\|(1),
-\&\fIpolkit-check-session\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-check-session.1.in b/doc/man/polkit-check-session.1.in
deleted file mode 100644
index 76542ea..0000000
--- a/doc/man/polkit-check-session.1.in
+++ /dev/null
@@ -1,65 +0,0 @@
-.\" 
-.\" polkit-check-session manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-CHECK-SESSION 1
-.SH NAME
-polkit-check-session \- check access
-.SH SYNOPSIS
-.PP
-.B polkit-check-session
-[options]
-
-.SH DESCRIPTION
-
-\fIpolkit-check-session\fP can be used to determine if a given session
-can do a given action. For more information about the big picture
-refer to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--action"
-The action to check.
-.TP
-.I "--session"
-The session to check for. Must be a ConsoleKit object path. If
-ommitted the current session is used.
-.TP
-.I "--resource-type"
-Type of resource.
-.TP
-.I "--resource"
-Identifier of resource.
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH RETURN VALUE
-.PP
-If access is allowed, this
-program exits with exit code 0. If no access is allowed or an error
-occurs, the program exits with a non-zero exit code.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see 
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIdbus-daemon\fR\|(1),
-\&\fIpolkit-check-caller\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-config-file-validate.xml b/doc/man/polkit-config-file-validate.xml
new file mode 100644
index 0000000..13dfc9d
--- /dev/null
+++ b/doc/man/polkit-config-file-validate.xml
@@ -0,0 +1,105 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+  <section>
+    <title>polkit-config-file-validate</title>
+    <refentry>
+      <refentryinfo>
+        <title>polkit-config-file-validate</title>
+        <date>August 2007</date>
+        <productname>PolicyKit</productname>
+      </refentryinfo>
+
+      <refmeta>
+        <refentrytitle>polkit-config-file-validate</refentrytitle>
+        <manvolnum>1</manvolnum>
+        <refmiscinfo class="version"></refmiscinfo>
+      </refmeta>
+
+      <refnamediv>
+        <refname>polkit-config-file-validate</refname>
+        <refpurpose>manage PolicyKit privilege grants</refpurpose>
+      </refnamediv>
+
+      <refsynopsisdiv>
+        <cmdsynopsis>
+          <command>polkit-config-file-validate <replaceable>[/path/to/config/file]</replaceable></command>
+          <arg><option>--version</option></arg>
+          <arg><option>--help</option></arg>
+        </cmdsynopsis>
+      </refsynopsisdiv>
+
+      <refsect1>
+        <title>DESCRIPTION</title> 
+        <para>
+          polkit-config-file-validate is used to verify that a given
+          PolicyKit configuration file is valid. If no path to a
+          config file is given, the default
+          <filename>/etc/PolicyKit/PolicyKit.conf</filename> file
+          will be verified.
+        </para>
+
+        <para>
+          The typical role of this tool is to verify a configuration
+          file before deploying it on one or more machines.
+        </para>
+
+        <para>
+          This program exit with exit code 0 if the configuration file
+          is valid. If not, the program exits with a non-zero exit
+          code.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>OPTIONS</title> 
+        <variablelist>
+          <varlistentry>
+            <term><option>--version</option></term>
+            <listitem>
+              <para>
+                Show version and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--help</option></term>
+            <listitem>
+              <para>
+                Show usage information and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </refsect1>
+
+      <refsect1>
+        <title>BUGS</title> 
+        <para>
+          Please send bug reports to either the distribution or the
+          hal mailing list,
+          see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+          to subscribe.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>SEE ALSO</title>
+        <para>
+          <citerefentry>
+            <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+          </citerefentry>,
+          <citerefentry>
+            <refentrytitle>polkit-policy-file-validate</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>
+        </para>
+      </refsect1>
+    </refentry>
+  </section>
+</article>
diff --git a/doc/man/polkit-grant.xml b/doc/man/polkit-grant.xml
new file mode 100644
index 0000000..c593a8d
--- /dev/null
+++ b/doc/man/polkit-grant.xml
@@ -0,0 +1,125 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+  <section>
+    <title>polkit-grant</title>
+    <refentry>
+      <refentryinfo>
+        <title>polkit-grant</title>
+        <date>August 2007</date>
+        <productname>PolicyKit</productname>
+      </refentryinfo>
+
+      <refmeta>
+        <refentrytitle>polkit-grant</refentrytitle>
+        <manvolnum>1</manvolnum>
+        <refmiscinfo class="version"></refmiscinfo>
+      </refmeta>
+
+      <refnamediv>
+        <refname>polkit-grant</refname>
+        <refpurpose>manage PolicyKit privilege grants</refpurpose>
+      </refnamediv>
+
+      <refsynopsisdiv>
+        <cmdsynopsis>
+          <command>polkit-grant</command>
+          <arg><option>--gain <replaceable>action</replaceable></option></arg>
+          <arg><option>--list</option></arg>
+          <arg><option>--delete <replaceable>user</replaceable></option></arg>
+          <arg><option>--version</option></arg>
+          <arg><option>--help</option></arg>
+        </cmdsynopsis>
+      </refsynopsisdiv>
+
+      <refsect1>
+        <title>DESCRIPTION</title> 
+        <para>
+          polkit-grant is used to inspect and manage the privileges
+          that users obtain through authentication to enable a
+          mechanism to perform a specific action on their behalf.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>OPTIONS</title> 
+        <variablelist>
+          <varlistentry>
+            <term><option>--gain <replaceable>action</replaceable></option></term>
+            <listitem>
+              <para>
+                Attempt to gain the privilege for the user to do an
+                action. This starts an interactive dialog where,
+                among, other things the user is authenticated.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--list</option></term>
+            <listitem>
+              <para>
+                Lists all the privileges previously granted.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--delete <replaceable>user</replaceable></option></term>
+            <listitem>
+              <para>
+                Delete all privileges granted to a given user. Needs
+                super user privileges.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--version</option></term>
+            <listitem>
+              <para>
+                Show version and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--help</option></term>
+            <listitem>
+              <para>
+                Show usage information and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </refsect1>
+
+      <refsect1>
+        <title>BUGS</title> 
+        <para>
+          Please send bug reports to either the distribution or the
+          hal mailing list,
+          see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+          to subscribe.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>SEE ALSO</title>
+        <para>
+          <citerefentry>
+            <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>
+        </para>
+      </refsect1>
+    </refentry>
+  </section>
+</article>
diff --git a/doc/man/polkit-list-actions.1.in b/doc/man/polkit-list-actions.1.in
deleted file mode 100644
index 3c22900..0000000
--- a/doc/man/polkit-list-actions.1.in
+++ /dev/null
@@ -1,44 +0,0 @@
-.\" 
-.\" polkit-list-actions manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-LIST-ACTIONS 1
-.SH NAME
-polkit-list-actions \- list actions registered with PolicyKit
-.SH SYNOPSIS
-.PP
-.B polkit-list-actions
-[options]
-
-.SH DESCRIPTION
-
-\fIpolkit-list-actions\fP simply list the actions that mechanisms have
-registered with PolicyKit. For more information about the big picture
-refer to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see 
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-list-actions.xml b/doc/man/polkit-list-actions.xml
new file mode 100644
index 0000000..583c93c
--- /dev/null
+++ b/doc/man/polkit-list-actions.xml
@@ -0,0 +1,101 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+  <section>
+    <title>polkit-list-actions</title>
+    <refentry>
+      <refentryinfo>
+        <title>polkit-list-actions</title>
+        <date>August 2007</date>
+        <productname>PolicyKit</productname>
+      </refentryinfo>
+
+      <refmeta>
+        <refentrytitle>polkit-list-actions</refentrytitle>
+        <manvolnum>1</manvolnum>
+        <refmiscinfo class="version"></refmiscinfo>
+      </refmeta>
+
+      <refnamediv>
+        <refname>polkit-list-actions</refname>
+        <refpurpose>manage PolicyKit privilege grants</refpurpose>
+      </refnamediv>
+
+      <refsynopsisdiv>
+        <cmdsynopsis>
+          <command>polkit-list-actions</command>
+          <arg><option>--action <replaceable>action</replaceable></option></arg>
+          <arg><option>--version</option></arg>
+          <arg><option>--help</option></arg>
+        </cmdsynopsis>
+      </refsynopsisdiv>
+
+      <refsect1>
+        <title>DESCRIPTION</title> 
+        <para>
+          polkit-list-actions is used to list the PolicyKit actions
+          that are registered on the system.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>OPTIONS</title> 
+        <variablelist>
+          <varlistentry>
+            <term><option>--action <replaceable>action</replaceable></option></term>
+            <listitem>
+              <para>
+                Show detailed information about a specific action.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--version</option></term>
+            <listitem>
+              <para>
+                Show version and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--help</option></term>
+            <listitem>
+              <para>
+                Show usage information and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </refsect1>
+
+      <refsect1>
+        <title>BUGS</title> 
+        <para>
+          Please send bug reports to either the distribution or the
+          hal mailing list,
+          see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+          to subscribe.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>SEE ALSO</title>
+        <para>
+          <citerefentry>
+            <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>polkit-grant</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>
+        </para>
+      </refsect1>
+    </refentry>
+  </section>
+</article>
diff --git a/doc/man/polkit-policy-file-validate.1.in b/doc/man/polkit-policy-file-validate.1.in
deleted file mode 100644
index d82de93..0000000
--- a/doc/man/polkit-policy-file-validate.1.in
+++ /dev/null
@@ -1,53 +0,0 @@
-.\" 
-.\" polkit-policy-file-validate manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-POLICY-FILE-VALIDATE 1
-.SH NAME
-polkit-policy-file-validate \- check access
-.SH SYNOPSIS
-.PP
-.B polkit-policy-file-validate
-<policy-files>
-
-.SH DESCRIPTION
-
-\fIpolkit-policy-file-validate\fP is used to validate PolicyKit
-policy definition files. These are normally stored in the
-.I "@datadir@/PolicyKit/policy"
-directory. For more information about the big picture
-refer to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH RETURN VALUE
-.PP
-If the given files are all valid, this program exits with exit code
-0. Otherwise the program exits with a non-zero exit code.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see 
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-check-caller\fR\|(1),
-\&\fIpolkit-check-session\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-policy-file-validate.xml b/doc/man/polkit-policy-file-validate.xml
new file mode 100644
index 0000000..1f38ca4
--- /dev/null
+++ b/doc/man/polkit-policy-file-validate.xml
@@ -0,0 +1,104 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+  <section>
+    <title>polkit-policy-file-validate</title>
+    <refentry>
+      <refentryinfo>
+        <title>polkit-policy-file-validate</title>
+        <date>August 2007</date>
+        <productname>PolicyKit</productname>
+      </refentryinfo>
+
+      <refmeta>
+        <refentrytitle>polkit-policy-file-validate</refentrytitle>
+        <manvolnum>1</manvolnum>
+        <refmiscinfo class="version"></refmiscinfo>
+      </refmeta>
+
+      <refnamediv>
+        <refname>polkit-policy-file-validate</refname>
+        <refpurpose>manage PolicyKit privilege grants</refpurpose>
+      </refnamediv>
+
+      <refsynopsisdiv>
+        <cmdsynopsis>
+          <command>polkit-policy-file-validate <replaceable>policy-files</replaceable></command>
+          <arg><option>--version</option></arg>
+          <arg><option>--help</option></arg>
+        </cmdsynopsis>
+      </refsynopsisdiv>
+
+      <refsect1>
+        <title>DESCRIPTION</title> 
+        <para>
+          polkit-policy-file-validate is used to verify that one or
+          more PolicyKit <emphasis>.policy</emphasis> files are valid.
+        </para>
+
+        <para>
+          Normally this tool is used in the software release process
+          (typically during <emphasis>"make check"</emphasis>) and
+          during software installation (e.g. in
+          the <emphasis>%post</emphasis> section of a RPM spec file).
+        </para>
+
+        <para>
+          This program exit with exit code 0 if all the files
+          validate. If not, the program exits with a non-zero exit
+          code.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>OPTIONS</title> 
+        <variablelist>
+          <varlistentry>
+            <term><option>--version</option></term>
+            <listitem>
+              <para>
+                Show version and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term><option>--help</option></term>
+            <listitem>
+              <para>
+                Show usage information and exit.
+              </para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </refsect1>
+
+      <refsect1>
+        <title>BUGS</title> 
+        <para>
+          Please send bug reports to either the distribution or the
+          hal mailing list,
+          see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+          to subscribe.
+        </para>
+      </refsect1>
+
+      <refsect1>
+        <title>SEE ALSO</title>
+        <para>
+          <citerefentry>
+            <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+          </citerefentry>, 
+          <citerefentry>
+            <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+          </citerefentry>,
+          <citerefentry>
+            <refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum>
+          </citerefentry>
+        </para>
+      </refsect1>
+    </refentry>
+  </section>
+</article>
diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c
deleted file mode 100644
index 0c960b3..0000000
--- a/tools/polkit-check-caller.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-check-caller.c : check if a caller is privileged
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307	 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-#include <glib.h>
-
-static void
-usage (int argc, char *argv[])
-{
-	fprintf (stderr,
-                 "\n"
-                 "usage : polkit-check-caller\n"
-                 "          --caller <dbus-name> --action <action>\n"
-                 "          [--version] [--help]\n");
-	fprintf (stderr,
-                 "\n"
-                 "        --caller         Unique name of caller on the system bus\n"
-                 "        --action         Requested action\n"
-                 "        --version        Show version and exit\n"
-                 "        --help           Show this information and exit\n"
-                 "\n"
-                 "Determine if a given caller can do a given action. If access is \n"
-                 "allowed, this program exits with exit code 0. If no access is allowed\n"
-                 "or an error occurs, the program exits with a non-zero exit code.\n");
-}
-
-int
-main (int argc, char *argv[])
-{
-        char *action_id = NULL;
-        char *dbus_name = NULL;
-        gboolean is_version = FALSE;
-        DBusConnection *bus;
-	DBusError error;
-        PolKitContext *pol_ctx;
-        PolKitCaller *caller;
-        PolKitAction *action;
-        gboolean allowed;
-        PolKitError *p_error;
-        
-	if (argc <= 1) {
-		usage (argc, argv);
-		return 1;
-	}
-
-	while (1) {
-		int c;
-		int option_index = 0;
-		const char *opt;
-		static struct option long_options[] = {
-			{"action", 1, NULL, 0},
-			{"caller", 1, NULL, 0},
-			{"version", 0, NULL, 0},
-			{"help", 0, NULL, 0},
-			{NULL, 0, NULL, 0}
-		};
-
-		c = getopt_long (argc, argv, "",
-				 long_options, &option_index);
-		if (c == -1)
-			break;
-
-		switch (c) {
-		case 0:
-			opt = long_options[option_index].name;
-
-			if (strcmp (opt, "help") == 0) {
-				usage (argc, argv);
-				return 0;
-			} else if (strcmp (opt, "version") == 0) {
-				is_version = TRUE;
-			} else if (strcmp (opt, "action") == 0) {
-				action_id = strdup (optarg);
-			} else if (strcmp (opt, "caller") == 0) {
-				dbus_name = strdup (optarg);
-			}
-			break;
-
-		default:
-			usage (argc, argv);
-			return 1;
-			break;
-		}
-	}
-
-	if (is_version) {
-		printf ("polkit-check-caller " PACKAGE_VERSION "\n");
-		return 0;
-	}
-
-	if (action_id == NULL || dbus_name == NULL) {
-		usage (argc, argv);
-		return 1;
-	}
-
-        dbus_error_init (&error);
-        bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
-        if (bus == NULL) {
-		fprintf (stderr, "error: dbus_bus_get(): %s: %s\n", error.name, error.message);
-		return 1;
-	}
-
-        p_error = NULL;
-        pol_ctx = polkit_context_new ();
-        if (!polkit_context_init (pol_ctx, &p_error)) {
-		fprintf (stderr, "error: polkit_context_init: %s\n", polkit_error_get_error_message (p_error));
-                polkit_error_free (p_error);
-                return 1;
-        }
-
-        action = polkit_action_new ();
-        polkit_action_set_action_id (action, action_id);
-
-        caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
-        if (caller == NULL) {
-                if (dbus_error_is_set (&error)) {
-                        fprintf (stderr, "error: polkit_caller_new_from_dbus_name(): %s: %s\n", 
-                                 error.name, error.message);
-                        return 1;
-                }
-        }
-
-        allowed = polkit_context_can_caller_do_action (pol_ctx, action, caller);
-
-        if (allowed)
-                return 0;
-        else
-                return 1;
-}
diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c
deleted file mode 100644
index fd9f467..0000000
--- a/tools/polkit-check-session.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-check-session.c : check if a session is privileged
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307	 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-#include <glib.h>
-
-static void
-usage (int argc, char *argv[])
-{
-	fprintf (stderr,
-                 "\n"
-                 "usage : polkit-check-session\n"
-                 "          [--session <session>] --action <action>\n"
-                 "          [--version] [--help]\n");
-	fprintf (stderr,
-                 "\n"
-                 "        --session        ConsoleKit object path of session\n"
-                 "        --action         Requested action\n"
-                 "        --version        Show version and exit\n"
-                 "        --help           Show this information and exit\n"
-                 "\n"
-                 "Determine if a given callers in a given session can do a given action.\n"
-                 "If no session is given, the current session is used. If access is\n"
-                 "allowed, this program exits with exit code 0. If no access is allowed\n"
-                 "or an error occurs, the program exits with a non-zero exit code.\n");
-}
-
-int
-main (int argc, char *argv[])
-{
-        char *action_id = NULL;
-        char *session_id = NULL;
-        char *cookie = NULL;
-        gboolean is_version = FALSE;
-        DBusConnection *bus;
-	DBusError error;
-        PolKitContext *pol_ctx;
-        PolKitSession *session;
-        PolKitAction *action;
-        gboolean allowed;
-        PolKitError *p_error;
-
-	if (argc <= 1) {
-		usage (argc, argv);
-		return 1;
-	}
-
-        cookie = getenv ("XDG_SESSION_COOKIE");
-
-	while (1) {
-		int c;
-		int option_index = 0;
-		const char *opt;
-		static struct option long_options[] = {
-			{"action", 1, NULL, 0},
-			{"session", 1, NULL, 0},
-			{"version", 0, NULL, 0},
-			{"help", 0, NULL, 0},
-			{NULL, 0, NULL, 0}
-		};
-
-		c = getopt_long (argc, argv, "",
-				 long_options, &option_index);
-		if (c == -1)
-			break;
-
-		switch (c) {
-		case 0:
-			opt = long_options[option_index].name;
-
-			if (strcmp (opt, "help") == 0) {
-				usage (argc, argv);
-				return 0;
-			} else if (strcmp (opt, "version") == 0) {
-				is_version = TRUE;
-			} else if (strcmp (opt, "action") == 0) {
-				action_id = strdup (optarg);
-			} else if (strcmp (opt, "session") == 0) {
-				session_id = strdup (optarg);
-			}
-			break;
-
-		default:
-			usage (argc, argv);
-			return 1;
-			break;
-		}
-	}
-
-	if (is_version) {
-		printf ("polkit-check-session " PACKAGE_VERSION "\n");
-		return 0;
-	}
-
-	if (action_id == NULL) {
-		usage (argc, argv);
-		return 1;
-	}
-
-        dbus_error_init (&error);
-        bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
-        if (bus == NULL) {
-		fprintf (stderr, "error: dbus_bus_get(): %s: %s\n", error.name, error.message);
-		return 1;
-	}
-
-        p_error = NULL;
-        pol_ctx = polkit_context_new ();
-        if (!polkit_context_init (pol_ctx, &p_error)) {
-		fprintf (stderr, "error: polkit_context_init: %s\n", polkit_error_get_error_message (p_error));
-                polkit_error_free (p_error);
-                return 1;
-        }
-
-        if (session_id != NULL) {
-                session = polkit_session_new_from_objpath (bus, session_id, -1, &error);
-        } else {
-                if (cookie == NULL) {
-                        fprintf (stderr, "Not part of a session. Try --session instead.\n");
-                        return 1;
-                }
-                session = polkit_session_new_from_cookie (bus, cookie, &error);
-        }
-        if (session == NULL) {
-		fprintf (stderr, "error: polkit_session_new_from_objpath: %s: %s\n", error.name, error.message);
-		return 1;
-        }
-
-        action = polkit_action_new ();
-        polkit_action_set_action_id (action, action_id);
-
-        allowed = polkit_context_can_session_do_action (pol_ctx, action, session);
-
-        if (allowed)
-                return 0;
-        else
-                return 1;
-}


More information about the hal-commit mailing list