PolicyKit: Branch 'master' - 3 commits

David Zeuthen david at kemper.freedesktop.org
Tue Jun 19 17:00:32 PDT 2007


 doc/api/polkit/polkit-docs.xml          |    1 
 modules/Makefile.am                     |    3 
 modules/default/polkit-module-default.c |   38 +---
 modules/grant/Makefile.am               |    2 
 modules/grant/polkit-module-grant.c     |   76 ++++----
 polkit-dbus/polkit-dbus.c               |  131 +++++++++++++
 polkit-dbus/polkit-dbus.h               |    2 
 polkit-grant/Makefile.am                |    7 
 polkit-grant/polkit-grant-database.c    |  303 ++++++++++++++++++++++++++++++++
 polkit-grant/polkit-grant-database.h    |   41 ++++
 polkit-grant/polkit-grant-helper.c      |   99 +++++++---
 polkit-grant/polkit-grant.c             |   45 ++--
 polkit-grant/polkit-grant.h             |    4 
 polkit/Makefile.am                      |    2 
 polkit/polkit-caller.c                  |    2 
 polkit/polkit-context.c                 |  111 +----------
 polkit/polkit-context.h                 |   37 ---
 polkit/polkit-module.c                  |  117 ++----------
 polkit/polkit-module.h                  |   94 ++-------
 polkit/polkit-policy-default.c          |  141 ++++----------
 polkit/polkit-policy-default.h          |   24 +-
 polkit/polkit-policy-file-entry.c       |  110 +----------
 polkit/polkit-policy-file-entry.h       |    3 
 polkit/polkit-policy-file.c             |  140 ++------------
 polkit/polkit-resource.c                |  232 ------------------------
 polkit/polkit-resource.h                |   52 -----
 polkit/polkit.h                         |    1 
 tools/polkit-check-caller.c             |   27 --
 tools/polkit-check-session.c            |   26 --
 tools/polkit-grant.c                    |   23 --
 tools/polkit-list-actions.c             |   31 +--
 31 files changed, 824 insertions(+), 1101 deletions(-)

New commits:
diff-tree 2ec20531b4976576f650acee5ed8f5fa3a3a9541 (from 874fa499deb2a7457d3f369d09f9e3d2288301b0)
Author: David Zeuthen <davidz at redhat.com>
Date:   Tue Jun 19 19:59:54 2007 -0400

    move all grant writing/checking into a separate private library

diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am
index 2cea430..52ff52a 100644
--- a/modules/grant/Makefile.am
+++ b/modules/grant/Makefile.am
@@ -17,13 +17,9 @@ polkitmodule_LTLIBRARIES = 			\
 	$(NULL)
 
 
-polkit_module_grant_la_SOURCES = \
-	$(top_srcdir)/polkit-grant/polkit-grant-database.h	$(top_srcdir)/polkit-grant/polkit-grant-database.c  \
-	polkit-module-grant.c
-
-
+polkit_module_grant_la_SOURCES = polkit-module-grant.c
 polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
+polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@ $(top_builddir)/polkit-grant/libpolkit-grant-private.la
 
 clean-local :
 	rm -f *~
diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c
index d1c3691..c0ea67b 100644
--- a/modules/grant/polkit-module-grant.c
+++ b/modules/grant/polkit-module-grant.c
@@ -65,13 +65,15 @@ _module_can_caller_do_action (PolKitModu
                               PolKitAction          *action,
                               PolKitCaller          *caller)
 {
+        return _polkit_grantdb_check_can_caller_do_action (pk_context, action, caller);
+
+#if 0
         char *grant_file;
         PolKitSession *session;
         PolKitResult result;
 
         result = POLKIT_RESULT_UNKNOWN_ACTION;
 
-#if 0
         /* file format:
          *
          * file: /var/[lib,run]/PolicyKit/grant/<action-name>.grant
@@ -184,9 +186,6 @@ _module_can_caller_do_action (PolKitModu
         }
         g_free (grant_file);
 #endif
-
-out:
-        return result;
 }
 
 polkit_bool_t
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
index d8a39d7..4e1bc1c 100644
--- a/polkit-grant/Makefile.am
+++ b/polkit-grant/Makefile.am
@@ -12,6 +12,11 @@ INCLUDES = \
 	-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT	\
 	@GLIB_CFLAGS@ @DBUS_CFLAGS@
 
+noinst_LTLIBRARIES=libpolkit-grant-private.la
+
+libpolkit_grant_private_la_SOURCES =				\
+	polkit-grant-database.h	polkit-grant-database.c
+
 lib_LTLIBRARIES=libpolkit-grant.la
 
 libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant
@@ -20,7 +25,6 @@ libpolkit_grantinclude_HEADERS =        
 	polkit-grant.h
 
 libpolkit_grant_la_SOURCES =      				\
-	polkit-grant-database.h	polkit-grant-database.c		\
 	polkit-grant.h		polkit-grant.c
 
 libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
@@ -30,7 +34,7 @@ libpolkit_grant_la_LDFLAGS = -version-in
 libexec_PROGRAMS = polkit-grant-helper
 
 polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @AUTH_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @AUTH_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant-private.la
 
 polkit_grant_alwaysdir = $(localstatedir)/lib/PolicyKit
 dist_polkit_grant_always_DATA =
diff --git a/polkit-grant/polkit-grant-database.c b/polkit-grant/polkit-grant-database.c
new file mode 100644
index 0000000..c6f96de
--- /dev/null
+++ b/polkit-grant/polkit-grant-database.c
@@ -0,0 +1,303 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant-database.c : simple interface for storing and checking grants
+ * 
+ * (This is an internal and private interface to PolicyKit. Do not use.)
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307	 USA
+ *
+ **************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <glib.h>
+
+#include <polkit-grant/polkit-grant-database.h>
+
+/* TODO FIXME: this is Linux specific */
+static unsigned long long 
+get_start_time_for_pid (pid_t pid)
+{
+        char *filename;
+        char *contents;
+        gsize length;
+        unsigned long long start_time;
+        GError *error = NULL;
+        char **tokens;
+        char *p;
+        char *endp;
+
+        start_time = 0;
+        contents = NULL;
+
+        filename = g_strdup_printf ("/proc/%d/stat", pid);
+        if (filename == NULL) {
+                fprintf (stderr, "Out of memory\n");
+                goto out;
+        }
+
+        if (!g_file_get_contents (filename, &contents, &length, &error)) {
+                fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
+                g_error_free (error);
+                goto out;
+        }
+
+        /* start time is the 19th token after the '(process name)' entry */
+
+        p = strchr (contents, ')');
+        if (p == NULL) {
+                goto out;
+        }
+        p += 2; /* skip ') ' */
+        if (p - contents >= (int) length) {
+                goto out;
+        }
+
+        tokens = g_strsplit (p, " ", 0);
+        if (g_strv_length (tokens) < 20) {
+                goto out;
+        }
+
+        start_time = strtoll (tokens[19], &endp, 10);
+        if (endp == tokens[19]) {
+                goto out;
+        }
+
+        g_strfreev (tokens);
+
+out:
+        g_free (filename);
+        g_free (contents);
+        return start_time;
+}
+
+#if 0
+static polkit_bool_t
+ensure_dir (const char *file)
+{
+        char *dirname;
+        polkit_bool_t ret;
+
+        ret = FALSE;
+
+        dirname = g_path_get_dirname (file);
+        if (dirname == NULL)
+                goto out;
+
+        if (g_file_test (dirname, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)) {
+                /* TODO: check permissions? */
+                ret = TRUE;
+                goto out;
+        }
+
+        if (mkdir (dirname, 0570) != 0) {
+                fprintf (stderr, "Cannot create directory '%s': %s\n", dirname, strerror (errno));
+                goto out;
+        }
+
+        ret = TRUE;
+
+out:
+        return ret;
+}
+#endif
+
+static polkit_bool_t 
+_polkit_grantdb_write (const char *grant_file)
+{
+        int fd;
+        polkit_bool_t ret;
+
+        ret = FALSE;
+
+#if 0
+        if (!ensure_dir (grant_file))
+                goto out;
+#endif
+
+        fd = open (grant_file, O_CREAT | O_RDWR, 0460);
+        if (fd < 0) {
+                fprintf (stderr, "Cannot create file '%s': %s\n", grant_file, strerror (errno));
+                goto out;
+        }
+        /* Yessir, the file is empty */
+        close (fd);
+
+        ret = TRUE;
+
+out:
+        return ret;
+}
+
+polkit_bool_t 
+_polkit_grantdb_write_pid (const char *action_id, pid_t pid)
+{
+        char *grant_file;
+        polkit_bool_t ret = FALSE;
+        unsigned long long pid_start_time;
+
+        pid_start_time = get_start_time_for_pid (pid);
+        if (pid_start_time == 0)
+                goto out;
+
+        grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-pid-%d@%Lu-%s.grant", 
+                                      getuid(), pid, pid_start_time, action_id);
+        if (grant_file == NULL) {
+                fprintf (stderr, "Out of memory\n");
+                goto out;
+        }
+
+        ret = _polkit_grantdb_write (grant_file);
+out:
+        return ret;
+}
+
+polkit_bool_t 
+_polkit_grantdb_write_keep_session (const char *action_id, const char *session_id)
+{
+        char *grant_file;
+        polkit_bool_t ret = FALSE;
+
+        grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-session-%s-%s.grant", 
+                                      getuid(), g_basename (session_id), action_id);
+        if (grant_file == NULL) {
+                fprintf (stderr, "Out of memory\n");
+                goto out;
+        }
+
+        ret = _polkit_grantdb_write (grant_file);
+out:
+        return ret;
+}
+
+polkit_bool_t
+_polkit_grantdb_write_keep_always (const char *action_id, uid_t uid)
+{
+        char *grant_file;
+        polkit_bool_t ret = FALSE;
+
+        grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid%d/%s.grant", 
+                                      getuid(), action_id);
+        if (grant_file == NULL) {
+                fprintf (stderr, "Out of memory\n");
+                goto out;
+        }
+
+        ret = _polkit_grantdb_write (grant_file);
+out:
+        return ret;
+}
+
+PolKitResult 
+_polkit_grantdb_check_can_caller_do_action (PolKitContext         *pk_context,
+                                            PolKitAction          *action,
+                                            PolKitCaller          *caller)
+{
+        char *grant_file;
+        PolKitResult result;
+        char *action_id;
+        uid_t invoking_user_id;
+        pid_t invoking_process_id;
+        PolKitSession *session;
+        char *session_objpath;
+        unsigned long long pid_start_time;
+
+        grant_file = NULL;
+        result = POLKIT_RESULT_UNKNOWN_ACTION;
+
+        if (caller == NULL)
+                goto out;
+
+        if (!polkit_action_get_action_id (action, &action_id))
+                goto out;
+
+        if (!polkit_caller_get_uid (caller, &invoking_user_id))
+                goto out;
+
+        if (!polkit_caller_get_pid (caller, &invoking_process_id))
+                goto out;
+
+        session_objpath = NULL;
+        if (polkit_caller_get_ck_session (caller, &session)) {
+                if (!polkit_session_get_ck_objref (session, &session_objpath))
+                        session_objpath = NULL;
+        }
+
+        pid_start_time = get_start_time_for_pid (invoking_process_id);
+        if (pid_start_time == 0)
+                goto out;
+
+        /* first check what _write_pid may have left */
+        grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-pid-%d@%Lu-%s.grant", 
+                                      invoking_user_id, invoking_process_id, pid_start_time, action_id);
+        if (grant_file == NULL) {
+                fprintf (stderr, "Out of memory\n");
+                g_free (grant_file);
+                goto out;
+        }
+        if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+                result = POLKIT_RESULT_YES;
+                g_free (grant_file);
+                goto out;
+        }
+        g_free (grant_file);
+
+        /* second, check what _keep_session may have left */
+        if (session_objpath != NULL) {
+                grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-session-%s-%s.grant", 
+                                              invoking_user_id, g_basename (session_objpath), action_id);
+                if (grant_file == NULL) {
+                        fprintf (stderr, "Out of memory\n");
+                        g_free (grant_file);
+                        goto out;
+                }
+                if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+                        result = POLKIT_RESULT_YES;
+                        g_free (grant_file);
+                        goto out;
+                }
+                g_free (grant_file);
+        }
+
+        /* finally, check what _keep_always may have left */
+        if (session_objpath != NULL) {
+                grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid%d/%s.grant", 
+                                              invoking_user_id, action_id);
+                if (grant_file == NULL) {
+                        fprintf (stderr, "Out of memory\n");
+                        g_free (grant_file);
+                        goto out;
+                }
+                if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+                        result = POLKIT_RESULT_YES;
+                        g_free (grant_file);
+                        goto out;
+                }
+                g_free (grant_file);
+        }
+
+out:
+        return result;
+}
diff --git a/polkit-grant/polkit-grant-database.h b/polkit-grant/polkit-grant-database.h
new file mode 100644
index 0000000..dd53e8e
--- /dev/null
+++ b/polkit-grant/polkit-grant-database.h
@@ -0,0 +1,41 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant-database.h : simple interface for storing and checking grants
+ * 
+ * (This is an internal and private interface to PolicyKit. Do not use.)
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307	 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_GRANT_DATABASE_H
+#define POLKIT_GRANT_DATABASE_H
+
+#include <polkit/polkit.h>
+
+PolKitResult _polkit_grantdb_check_can_caller_do_action (PolKitContext         *pk_context,
+                                                         PolKitAction          *action,
+                                                         PolKitCaller          *caller);
+
+polkit_bool_t _polkit_grantdb_write_keep_always (const char *action_id, uid_t uid);
+
+polkit_bool_t _polkit_grantdb_write_keep_session (const char *action_id, const char *session_id);
+
+polkit_bool_t _polkit_grantdb_write_pid (const char *action_id, pid_t pid);
+
+#endif /* POLKIT_GRANT_DATABASE_H */
diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c
index 7cbe07f..8d12f40 100644
--- a/polkit-grant/polkit-grant-helper.c
+++ b/polkit-grant/polkit-grant-helper.c
@@ -363,6 +363,7 @@ main (int argc, char *argv[])
         gid_t egid;
         struct group *group;
         struct passwd *pw;
+        polkit_bool_t dbres;
 
         ret = 3;
 
@@ -461,7 +462,35 @@ main (int argc, char *argv[])
                 goto out;
         }
 
-        fprintf (stderr, "OK; TODO: write to database\n");
+        fprintf (stderr, "OK; TODO: write to database: action_id=%s session_id=%s pid=%d\n", 
+                 action_name, session_objpath, caller_pid);
+
+        switch (result) {
+        case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
+        case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+                dbres = _polkit_grantdb_write_pid (action_name, caller_pid);
+                break;
+
+        case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
+        case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+                dbres = _polkit_grantdb_write_keep_session (action_name, session_objpath);
+                break;
+
+        case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+        case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
+                dbres = _polkit_grantdb_write_keep_always (action_name, invoking_user_id);
+                break;
+
+        default:
+                /* should never happen */
+                goto out;
+        }
+
+        if (!dbres) {
+                fprintf (stderr, "polkit-grant-helper: failed to write to grantdb\n");
+                goto out;
+        }
+
 #if 0
         /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
          *
diff-tree 874fa499deb2a7457d3f369d09f9e3d2288301b0 (from 169c130d4e517371c64d2c2832d323592d38ea7b)
Author: David Zeuthen <davidz at redhat.com>
Date:   Tue Jun 19 16:41:49 2007 -0400

    remove the distinction for local vs. remote users
    
    Again, we punt this to the applications/mechanisms - they know better.

diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
index fcd2511..39385eb 100644
--- a/polkit-grant/polkit-grant.c
+++ b/polkit-grant/polkit-grant.c
@@ -413,8 +413,8 @@ polkit_grant_initiate_auth (PolKitGrant 
 
         /* TODO: verify incoming args */
 
-        helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
-        // TODO FIXME: helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+        /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */
+        helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
         if (dbus_name == NULL)
                 helper_argv[1] = "";
         else
diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c
index d9949cb..510d6ad 100644
--- a/polkit/polkit-policy-default.c
+++ b/polkit/polkit-policy-default.c
@@ -57,31 +57,23 @@
 struct PolKitPolicyDefault
 {
         int refcount;
-        PolKitResult default_remote_inactive;
-        PolKitResult default_remote_active;
-        PolKitResult default_local_inactive;
-        PolKitResult default_local_active;
+        PolKitResult default_inactive;
+        PolKitResult default_active;
 };
 
-extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_remote_inactive,
-                                                        PolKitResult defaults_allow_remote_active,
-                                                        PolKitResult defaults_allow_local_inactive,
-                                                        PolKitResult defaults_allow_local_active);
+extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+                                                        PolKitResult defaults_allow_active);
 
 PolKitPolicyDefault *
-_polkit_policy_default_new (PolKitResult defaults_allow_remote_inactive,
-                            PolKitResult defaults_allow_remote_active,
-                            PolKitResult defaults_allow_local_inactive,
-                            PolKitResult defaults_allow_local_active)
+_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+                            PolKitResult defaults_allow_active)
 {
         PolKitPolicyDefault *pd;
 
         pd = g_new0 (PolKitPolicyDefault, 1);
         pd->refcount = 1;
-        pd->default_remote_inactive = defaults_allow_remote_inactive;
-        pd->default_remote_active = defaults_allow_remote_active;
-        pd->default_local_inactive = defaults_allow_local_inactive;
-        pd->default_local_active = defaults_allow_local_active;
+        pd->default_inactive = defaults_allow_inactive;
+        pd->default_active = defaults_allow_active;
         return pd;
 }
 
@@ -130,15 +122,11 @@ polkit_policy_default_debug (PolKitPolic
 {
         g_return_if_fail (policy_default != NULL);
         _pk_debug ("PolKitPolicyDefault: refcount=%d\n"
-                   "  default_remote_inactive=%s\n"
-                   "    default_remote_active=%s\n"
-                   "   default_local_inactive=%s\n"
-                   "     default_local_active=%s", 
+                   "   default_inactive=%s\n"
+                   "     default_active=%s", 
                    policy_default->refcount,
-                   polkit_result_to_string_representation (policy_default->default_remote_inactive),
-                   polkit_result_to_string_representation (policy_default->default_remote_active),
-                   polkit_result_to_string_representation (policy_default->default_local_inactive),
-                   polkit_result_to_string_representation (policy_default->default_local_active));
+                   polkit_result_to_string_representation (policy_default->default_inactive),
+                   polkit_result_to_string_representation (policy_default->default_active));
 }
 
 
@@ -175,18 +163,13 @@ polkit_policy_default_can_session_do_act
         if (!polkit_session_get_ck_is_active (session, &is_active))
                 goto out;
 
-        if (is_local) {
-                if (is_active) {
-                        ret = policy_default->default_local_active;
-                } else {
-                        ret = policy_default->default_local_inactive;
-                }
+        if (!is_local)
+                goto out;
+
+        if (is_active) {
+                ret = policy_default->default_active;
         } else {
-                if (is_active) {
-                        ret = policy_default->default_remote_active;
-                } else {
-                        ret = policy_default->default_remote_inactive;
-                }
+                ret = policy_default->default_inactive;
         }
 out:
         return ret;
@@ -230,55 +213,21 @@ polkit_policy_default_can_caller_do_acti
         if (!polkit_session_get_ck_is_active (session, &is_active))
                 goto out;
 
-        if (is_local) {
-                if (is_active) {
-                        ret = policy_default->default_local_active;
-                } else {
-                        ret = policy_default->default_local_inactive;
-                }
+        if (!is_local)
+                goto out;
+
+        if (is_active) {
+                ret = policy_default->default_active;
         } else {
-                if (is_active) {
-                        ret = policy_default->default_remote_active;
-                } else {
-                        ret = policy_default->default_remote_inactive;
-                }
+                ret = policy_default->default_inactive;
         }
+
 out:
         return ret;
 }
 
 /**
- * polkit_policy_default_get_allow_remote_inactive:
- * @policy_default: the object
- * 
- * Get default policy.
- * 
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default)
-{
-        g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
-        return policy_default->default_remote_inactive;
-}
-
-/**
- * polkit_policy_default_get_allow_remote_active:
- * @policy_default: the object
- * 
- * Get default policy.
- * 
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default)
-{
-        g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
-        return policy_default->default_remote_active;
-}
-
-/**
- * polkit_policy_default_get_allow_local_inactive:
+ * polkit_policy_default_get_allow_inactive:
  * @policy_default: the object
  * 
  * Get default policy.
@@ -286,14 +235,14 @@ polkit_policy_default_get_allow_remote_a
  * Returns: default policy
  **/
 PolKitResult
-polkit_policy_default_get_allow_local_inactive (PolKitPolicyDefault *policy_default)
+polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default)
 {
         g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
-        return policy_default->default_local_inactive;
+        return policy_default->default_inactive;
 }
 
 /**
- * polkit_policy_default_get_allow_local_active:
+ * polkit_policy_default_get_allow_active:
  * @policy_default: the object
  * 
  * Get default policy.
@@ -301,9 +250,9 @@ polkit_policy_default_get_allow_local_in
  * Returns: default policy
  **/
 PolKitResult
-polkit_policy_default_get_allow_local_active (PolKitPolicyDefault *policy_default)
+polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default)
 {
         g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
-        return policy_default->default_local_active;
+        return policy_default->default_active;
 }
 
diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h
index 68b6946..2a6b48a 100644
--- a/polkit/polkit-policy-default.h
+++ b/polkit/polkit-policy-default.h
@@ -51,10 +51,8 @@ PolKitResult polkit_policy_default_can_c
                                                          PolKitAction        *action,
                                                          PolKitCaller        *caller);
 
-PolKitResult polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_local_inactive (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_local_active (PolKitPolicyDefault *policy_default);
+PolKitResult polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default);
+PolKitResult polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default);
 
 /* TODO: export knobs for "default policy" */
 
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
index c0c7941..988b9c2 100644
--- a/polkit/polkit-policy-file-entry.c
+++ b/polkit/polkit-policy-file-entry.c
@@ -63,39 +63,27 @@ struct PolKitPolicyFileEntry
         PolKitPolicyDefault *defaults;
 
         char *group_description;
-        char *group_description_short;
         char *policy_description;
-        char *policy_missing;
-        char *policy_apply_all_mnemonic;
 };
 
 extern void _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
                                                         const char *group_description,
-                                                        const char *group_description_short,
-                                                        const char *policy_description,
-                                                        const char *policy_missing,
-                                                        const char *policy_apply_all_mnemonic);
+                                                        const char *policy_description);
 
 
-extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_remote_inactive,
-                                                        PolKitResult defaults_allow_remote_active,
-                                                        PolKitResult defaults_allow_local_inactive,
-                                                        PolKitResult defaults_allow_local_active);
+extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+                                                        PolKitResult defaults_allow_active);
 
 extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new   (const char *action_group_id,
                                                                const char *action_id, 
-                                                               PolKitResult defaults_allow_remote_inactive,
-                                                               PolKitResult defaults_allow_remote_active,
-                                                               PolKitResult defaults_allow_local_inactive,
-                                                               PolKitResult defaults_allow_local_active);
+                                                               PolKitResult defaults_allow_inactive,
+                                                               PolKitResult defaults_allow_active);
 
 extern PolKitPolicyFileEntry *
 _polkit_policy_file_entry_new   (const char *action_group_id,
                                  const char *action_id, 
-                                 PolKitResult defaults_allow_remote_inactive,
-                                 PolKitResult defaults_allow_remote_active,
-                                 PolKitResult defaults_allow_local_inactive,
-                                 PolKitResult defaults_allow_local_active)
+                                 PolKitResult defaults_allow_inactive,
+                                 PolKitResult defaults_allow_active)
 {
         PolKitPolicyFileEntry *pfe;
 
@@ -104,10 +92,8 @@ _polkit_policy_file_entry_new   (const c
         pfe->action = g_strdup (action_id);
         pfe->group = g_strdup (action_group_id);
 
-        pfe->defaults = _polkit_policy_default_new (defaults_allow_remote_inactive,
-                                                    defaults_allow_remote_active,
-                                                    defaults_allow_local_inactive,
-                                                    defaults_allow_local_active);
+        pfe->defaults = _polkit_policy_default_new (defaults_allow_inactive,
+                                                    defaults_allow_active);
         if (pfe->defaults == NULL)
                 goto error;
 
@@ -121,17 +107,11 @@ error:
 void 
 _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *policy_file_entry,
                                             const char *group_description,
-                                            const char *group_description_short,
-                                            const char *policy_description,
-                                            const char *policy_missing,
-                                            const char *policy_apply_all_mnemonic)
+                                            const char *policy_description)
 {
         g_return_if_fail (policy_file_entry != NULL);
         policy_file_entry->group_description = g_strdup (group_description);
-        policy_file_entry->group_description_short = g_strdup (group_description_short);
         policy_file_entry->policy_description = g_strdup (policy_description);
-        policy_file_entry->policy_missing = g_strdup (policy_missing);
-        policy_file_entry->policy_apply_all_mnemonic = g_strdup (policy_apply_all_mnemonic);
 }
 
 /**
@@ -154,25 +134,6 @@ polkit_policy_file_get_group_description
 }
 
 /**
- * polkit_policy_file_get_group_description_short:
- * @policy_file_entry: the object
- * 
- * Get the short description of the group that this policy entry describes.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- * 
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_get_group_description_short (PolKitPolicyFileEntry *policy_file_entry)
-{
-        g_return_val_if_fail (policy_file_entry != NULL, NULL);
-        return policy_file_entry->group_description_short;
-}
-
-/**
  * polkit_policy_file_get_action_description:
  * @policy_file_entry: the object
  * 
@@ -192,54 +153,6 @@ polkit_policy_file_get_action_descriptio
 }
 
 /**
- * polkit_policy_file_get_action_missing:
- * @policy_file_entry: the object
- * 
- * Get a phrase, for the policy entry in question, that can be shown
- * in the user interface explaining that the caller doesn't possess
- * the privilege to perform the given action.
- *
- * The returned string may contain a single %s entry - the caller
- * should use a printf-style function to replace this with a human
- * readable description of the resource in question.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- * 
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_get_action_missing (PolKitPolicyFileEntry *policy_file_entry)
-{
-        g_return_val_if_fail (policy_file_entry != NULL, NULL);
-        return policy_file_entry->policy_missing;
-}
-
-/**
- * polkit_policy_file_get_action_apply_to_all_mnemonic:
- * @policy_file_entry: the object
- * 
- * Get a phrase, for the policy entry in question, that can be shown
- * in the user interface for a checkbox whether the grant of a
- * privilege should apply to all resources. The string may contain a
- * single underscore to indicate a mnemonic shortcut.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- * 
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_get_action_apply_to_all_mnemonic (PolKitPolicyFileEntry *policy_file_entry)
-{
-        g_return_val_if_fail (policy_file_entry != NULL, NULL);
-        return policy_file_entry->policy_apply_all_mnemonic;
-}
-
-
-/**
  * polkit_policy_file_entry_ref:
  * @policy_file_entry: the policy file object
  * 
@@ -275,10 +188,7 @@ polkit_policy_file_entry_unref (PolKitPo
                 polkit_policy_default_unref (policy_file_entry->defaults);
 
         g_free (policy_file_entry->group_description);
-        g_free (policy_file_entry->group_description_short);
         g_free (policy_file_entry->policy_description);
-        g_free (policy_file_entry->policy_missing);
-        g_free (policy_file_entry->policy_apply_all_mnemonic);
 
         g_free (policy_file_entry);
 }
diff --git a/polkit/polkit-policy-file.c b/polkit/polkit-policy-file.c
index 043fe90..7e67a15 100644
--- a/polkit/polkit-policy-file.c
+++ b/polkit/polkit-policy-file.c
@@ -66,26 +66,19 @@ struct PolKitPolicyFile
 
 extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new   (const char *action_group_id,
                                                                const char *action_id, 
-                                                               PolKitResult defaults_allow_remote_inactive,
-                                                               PolKitResult defaults_allow_remote_active,
-                                                               PolKitResult defaults_allow_local_inactive,
-                                                               PolKitResult defaults_allow_local_active);
+                                                               PolKitResult defaults_allow_inactive,
+                                                               PolKitResult defaults_allow_active);
 
 enum {
         STATE_NONE,
         STATE_IN_POLICY_CONFIG,
         STATE_IN_GROUP,
         STATE_IN_GROUP_DESCRIPTION,
-        STATE_IN_GROUP_DESCRIPTION_SHORT,
         STATE_IN_POLICY,
         STATE_IN_POLICY_DESCRIPTION,
-        STATE_IN_POLICY_MISSING,
-        STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC,
         STATE_IN_DEFAULTS,
-        STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE,
-        STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE,
-        STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE,
-        STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE
+        STATE_IN_DEFAULTS_ALLOW_INACTIVE,
+        STATE_IN_DEFAULTS_ALLOW_ACTIVE
 };
 
 typedef struct {
@@ -94,20 +87,15 @@ typedef struct {
         char *group_id;
         char *action_id;
 
-        PolKitResult defaults_allow_remote_inactive;
-        PolKitResult defaults_allow_remote_active;
-        PolKitResult defaults_allow_local_inactive;
-        PolKitResult defaults_allow_local_active;
+        PolKitResult defaults_allow_inactive;
+        PolKitResult defaults_allow_active;
 
         PolKitPolicyFile *pf;
 
         polkit_bool_t load_descriptions;
 
         char *group_description;
-        char *group_description_short;
         char *policy_description;
-        char *policy_missing;
-        char *policy_apply_all_mnemonic;
 } ParserData;
 
 static void
@@ -137,9 +125,7 @@ _start (void *data, const char *el, cons
                         state = STATE_IN_GROUP;
 
                         g_free (pd->group_description);
-                        g_free (pd->group_description_short);
                         pd->group_description = NULL;
-                        pd->group_description_short = NULL;
                 }
                 break;
         case STATE_IN_GROUP:
@@ -151,57 +137,33 @@ _start (void *data, const char *el, cons
                         state = STATE_IN_POLICY;
 
                         pd->policy_description = NULL;
-                        pd->policy_missing = NULL;
-                        pd->policy_apply_all_mnemonic = NULL;
 
                         /* initialize defaults */
-                        pd->defaults_allow_remote_inactive = POLKIT_RESULT_NO;
-                        pd->defaults_allow_remote_active = POLKIT_RESULT_NO;
-                        pd->defaults_allow_local_inactive = POLKIT_RESULT_NO;
-                        pd->defaults_allow_local_active = POLKIT_RESULT_NO;
+                        pd->defaults_allow_inactive = POLKIT_RESULT_NO;
+                        pd->defaults_allow_active = POLKIT_RESULT_NO;
                 }
                 else if (strcmp (el, "description") == 0)
                         state = STATE_IN_GROUP_DESCRIPTION;
-                else if (strcmp (el, "description_short") == 0)
-                        state = STATE_IN_GROUP_DESCRIPTION_SHORT;
                 break;
         case STATE_IN_GROUP_DESCRIPTION:
                 break;
-        case STATE_IN_GROUP_DESCRIPTION_SHORT:
-                break;
         case STATE_IN_POLICY:
                 if (strcmp (el, "defaults") == 0)
                         state = STATE_IN_DEFAULTS;
                 else if (strcmp (el, "description") == 0)
                         state = STATE_IN_POLICY_DESCRIPTION;
-                else if (strcmp (el, "missing") == 0)
-                        state = STATE_IN_POLICY_MISSING;
-                else if (strcmp (el, "apply_to_all_mnemonic") == 0)
-                        state = STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC;
                 break;
         case STATE_IN_POLICY_DESCRIPTION:
                 break;
-        case STATE_IN_POLICY_MISSING:
-                break;
-        case STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC:
-                break;
         case STATE_IN_DEFAULTS:
-                if (strcmp (el, "allow_remote_inactive") == 0)
-                        state = STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE;
-                else if (strcmp (el, "allow_remote_active") == 0)
-                        state = STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE;
-                else if (strcmp (el, "allow_local_inactive") == 0)
-                        state = STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE;
-                else if (strcmp (el, "allow_local_active") == 0)
-                        state = STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE;
-                break;
-        case STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE:
+                if (strcmp (el, "allow_inactive") == 0)
+                        state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
+                else if (strcmp (el, "allow_active") == 0)
+                        state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
                 break;
-        case STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE:
+        case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
                 break;
-        case STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE:
-                break;
-        case STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE:
+        case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
                 break;
         default:
                 break;
@@ -231,42 +193,17 @@ _cdata (void *data, const char *s, int l
                         pd->group_description = g_strdup (str);
                 break;
                 
-        case STATE_IN_GROUP_DESCRIPTION_SHORT:
-                if (pd->load_descriptions)
-                        pd->group_description_short = g_strdup (str);
-                break;
-
         case STATE_IN_POLICY_DESCRIPTION:
                 if (pd->load_descriptions)
                         pd->policy_description = g_strdup (str);
                 break;
 
-        case STATE_IN_POLICY_MISSING:
-                if (pd->load_descriptions)
-                        pd->policy_missing = g_strdup (str);
-                break;
-
-        case STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC:
-                if (pd->load_descriptions)
-                        pd->policy_apply_all_mnemonic = g_strdup (str);
-                break;
-
-                
-
-        case STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE:
-                if (!polkit_result_from_string_representation (str, &pd->defaults_allow_remote_inactive))
-                        goto error;
-                break;
-        case STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE:
-                if (!polkit_result_from_string_representation (str, &pd->defaults_allow_remote_active))
-                        goto error;
-                break;
-        case STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE:
-                if (!polkit_result_from_string_representation (str, &pd->defaults_allow_local_inactive))
+        case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
+                if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
                         goto error;
                 break;
-        case STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE:
-                if (!polkit_result_from_string_representation (str, &pd->defaults_allow_local_active))
+        case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
+                if (!polkit_result_from_string_representation (str, &pd->defaults_allow_active))
                         goto error;
                 break;
         default:
@@ -282,10 +219,7 @@ error:
 
 extern void _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
                                                         const char *group_description,
-                                                        const char *group_description_short,
-                                                        const char *policy_description,
-                                                        const char *policy_missing,
-                                                        const char *policy_apply_all_mnemonic);
+                                                        const char *policy_description);
 
 static void
 _end (void *data, const char *el)
@@ -307,28 +241,20 @@ _end (void *data, const char *el)
         case STATE_IN_GROUP_DESCRIPTION:
                 state = STATE_IN_GROUP;
                 break;
-        case STATE_IN_GROUP_DESCRIPTION_SHORT:
-                state = STATE_IN_GROUP;
-                break;
         case STATE_IN_POLICY:
         {
                 PolKitPolicyFileEntry *pfe;
 
                 pfe = _polkit_policy_file_entry_new (pd->group_id, pd->action_id, 
-                                                     pd->defaults_allow_remote_inactive,
-                                                     pd->defaults_allow_remote_active,
-                                                     pd->defaults_allow_local_inactive,
-                                                     pd->defaults_allow_local_active);
+                                                     pd->defaults_allow_inactive,
+                                                     pd->defaults_allow_active);
                 if (pfe == NULL)
                         goto error;
 
                 if (pd->load_descriptions)
                         _polkit_policy_file_entry_set_descriptions (pfe,
                                                                     pd->group_description,
-                                                                    pd->group_description_short,
-                                                                    pd->policy_description,
-                                                                    pd->policy_missing,
-                                                                    pd->policy_apply_all_mnemonic);
+                                                                    pd->policy_description);
 
                 pd->pf->entries = g_slist_prepend (pd->pf->entries, pfe);
 
@@ -338,25 +264,13 @@ _end (void *data, const char *el)
         case STATE_IN_POLICY_DESCRIPTION:
                 state = STATE_IN_POLICY;
                 break;
-        case STATE_IN_POLICY_MISSING:
-                state = STATE_IN_POLICY;
-                break;
-        case STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC:
-                state = STATE_IN_POLICY;
-                break;
         case STATE_IN_DEFAULTS:
                 state = STATE_IN_POLICY;
                 break;
-        case STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE:
-                state = STATE_IN_DEFAULTS;
-                break;
-        case STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE:
-                state = STATE_IN_DEFAULTS;
-                break;
-        case STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE:
+        case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
                 state = STATE_IN_DEFAULTS;
                 break;
-        case STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE:
+        case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
                 state = STATE_IN_DEFAULTS;
                 break;
         default:
@@ -430,10 +344,7 @@ polkit_policy_file_new (const char *path
         pd.group_id = NULL;
         pd.action_id = NULL;
         pd.group_description = NULL;
-        pd.group_description_short = NULL;
         pd.policy_description = NULL;
-        pd.policy_missing = NULL;
-        pd.policy_apply_all_mnemonic = NULL;
         pd.pf = pf;
         pd.load_descriptions = load_descriptions;
 
@@ -442,10 +353,7 @@ polkit_policy_file_new (const char *path
         g_free (pd.group_id);
         g_free (pd.action_id);
         g_free (pd.group_description);
-        g_free (pd.group_description_short);
         g_free (pd.policy_description);
-        g_free (pd.policy_missing);
-        g_free (pd.policy_apply_all_mnemonic);
 
 	if (xml_res == 0) {
                 polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
diff --git a/tools/polkit-list-actions.c b/tools/polkit-list-actions.c
index 756c1d8..aab23a0 100644
--- a/tools/polkit-list-actions.c
+++ b/tools/polkit-list-actions.c
@@ -61,39 +61,28 @@ _print_entry (PolKitPolicyCache *policy_
         const char *action_id;
         const char *group_id;
         PolKitPolicyDefault *def;
-        PolKitResult default_remote_inactive;
-        PolKitResult default_remote_active;
-        PolKitResult default_local_inactive;
-        PolKitResult default_local_active;
+        PolKitResult default_inactive;
+        PolKitResult default_active;
 
         action_id = polkit_policy_file_entry_get_id (pfe);
         group_id = polkit_policy_file_entry_get_group_id (pfe);
         def = polkit_policy_file_entry_get_default (pfe);
-        default_remote_inactive = polkit_policy_default_get_allow_remote_inactive (def);
-        default_remote_active = polkit_policy_default_get_allow_remote_active (def);
-        default_local_inactive = polkit_policy_default_get_allow_local_inactive (def);
-        default_local_active = polkit_policy_default_get_allow_local_active (def);
+        default_inactive = polkit_policy_default_get_allow_inactive (def);
+        default_active = polkit_policy_default_get_allow_active (def);
 
         printf ("Policy\n"
                 "------\n"
-                "group                   = %s ('%s') ('%s')\n"
-                "action                  = %s ('%s') ('%s') ('%s')\n"
-                "default_remote_inactive = %s\n"
-                "default_remote_active   = %s\n"
-                "default_local_inactive  = %s\n"
-                "default_local_active    = %s\n"
+                "group             = %s ('%s')\n"
+                "action            = %s ('%s')\n"
+                "default_inactive  = %s\n"
+                "default_active    = %s\n"
                 "\n", 
                 group_id, 
                 polkit_policy_file_get_group_description (pfe),
-                polkit_policy_file_get_group_description_short (pfe),
                 action_id,
                 polkit_policy_file_get_action_description (pfe),
-                polkit_policy_file_get_action_missing (pfe),
-                polkit_policy_file_get_action_apply_to_all_mnemonic (pfe),
-                polkit_result_to_string_representation (default_remote_inactive),
-                polkit_result_to_string_representation (default_remote_active),
-                polkit_result_to_string_representation (default_local_inactive),
-                polkit_result_to_string_representation (default_local_active));
+                polkit_result_to_string_representation (default_inactive),
+                polkit_result_to_string_representation (default_active));
 }
 
 int
diff-tree 169c130d4e517371c64d2c2832d323592d38ea7b (from b9cf5bca49a2a1fc68002c2a315d94a3adaed51e)
Author: David Zeuthen <davidz at redhat.com>
Date:   Tue Jun 19 15:41:55 2007 -0400

    rip out the notion of Resources
    
    It makes things a _lot more_ complicated having to deal with resources
    and there's a much nicer way to deal with it: Punt it to the apps:
    
    It's much more natural for the application to have a notion about
    about what resources are "trusted" (and e.g. requires lesser
    privileges) and what resources aren't.
    
    Consider dial-up networking; here the privileged application that
    performs the dial-up operation consults a list (maintained by the
    system administrator) of allowed numbers to dial. If the unprivileged
    networking UI applet that requests a number to be dialed is on the
    list it uses the PolicyKit action 'nm-dialup-trusted-location', if it
    isn't then it uses the PolicyKit action 'nm-dialup-untrusted-location'.

diff --git a/doc/api/polkit/polkit-docs.xml b/doc/api/polkit/polkit-docs.xml
index 6ed6222..8358039 100644
--- a/doc/api/polkit/polkit-docs.xml
+++ b/doc/api/polkit/polkit-docs.xml
@@ -73,7 +73,6 @@
     <xi:include href="xml/polkit-policy-file-entry.xml"/>
     <xi:include href="xml/polkit-policy-default.xml"/>
     <xi:include href="xml/polkit-policy-cache.xml"/>
-    <xi:include href="xml/polkit-resource.xml"/>
     <xi:include href="xml/polkit-seat.xml"/>
     <xi:include href="xml/polkit-session.xml"/>
     <xi:include href="xml/polkit-caller.xml"/>
diff --git a/modules/Makefile.am b/modules/Makefile.am
index 010ed66..700fa84 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -1,5 +1,6 @@
 
-SUBDIRS = default allow-all deny-all run-program grant
+#SUBDIRS = default allow-all deny-all run-program grant
+SUBDIRS = default grant
 
 polkitconfdir = $(sysconfdir)/PolicyKit
 dist_polkitconf_DATA = PolicyKit.conf
diff --git a/modules/default/polkit-module-default.c b/modules/default/polkit-module-default.c
index 7b73388..8ef02f8 100644
--- a/modules/default/polkit-module-default.c
+++ b/modules/default/polkit-module-default.c
@@ -47,11 +47,10 @@ _module_shutdown (PolKitModuleInterface 
 }
 
 static PolKitResult
-_module_can_session_access_resource (PolKitModuleInterface *module_interface,
-                                     PolKitContext         *pk_context,
-                                     PolKitAction          *action,
-                                     PolKitResource        *resource,
-                                     PolKitSession         *session)
+_module_can_session_do_action (PolKitModuleInterface *module_interface,
+                               PolKitContext         *pk_context,
+                               PolKitAction          *action,
+                               PolKitSession         *session)
 {
         PolKitResult result;
         PolKitPolicyCache *cache;
@@ -60,19 +59,16 @@ _module_can_session_access_resource (Pol
         result = POLKIT_RESULT_NO;
         cache = polkit_context_get_policy_cache (pk_context);
         pfe = polkit_policy_cache_get_entry (cache, action);
-        return polkit_policy_default_can_session_access_resource (
-                polkit_policy_file_entry_get_default (pfe), 
-                action, 
-                resource, 
-                session);
+        return polkit_policy_default_can_session_do_action (polkit_policy_file_entry_get_default (pfe), 
+                                                            action, 
+                                                            session);
 }
 
 static PolKitResult
-_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
-                                    PolKitContext         *pk_context,
-                                    PolKitAction          *action,
-                                    PolKitResource        *resource,
-                                    PolKitCaller          *caller)
+_module_can_caller_do_action (PolKitModuleInterface *module_interface,
+                              PolKitContext         *pk_context,
+                              PolKitAction          *action,
+                              PolKitCaller          *caller)
 {
         PolKitResult result;
         PolKitPolicyCache *cache;
@@ -81,11 +77,9 @@ _module_can_caller_access_resource (PolK
         result = POLKIT_RESULT_NO;
         cache = polkit_context_get_policy_cache (pk_context);
         pfe = polkit_policy_cache_get_entry (cache, action);
-        return polkit_policy_default_can_caller_access_resource (
-                polkit_policy_file_entry_get_default (pfe), 
-                action, 
-                resource, 
-                caller);
+        return polkit_policy_default_can_caller_do_action (polkit_policy_file_entry_get_default (pfe), 
+                                                           action, 
+                                                           caller);
 }
 
 polkit_bool_t
@@ -99,8 +93,8 @@ polkit_module_set_functions (PolKitModul
 
         polkit_module_set_func_initialize (module_interface, _module_init);
         polkit_module_set_func_shutdown (module_interface, _module_shutdown);
-        polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
-        polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+        polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
+        polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
 
         ret = TRUE;
 out:
diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am
index 6306ac5..2cea430 100644
--- a/modules/grant/Makefile.am
+++ b/modules/grant/Makefile.am
@@ -17,7 +17,11 @@ polkitmodule_LTLIBRARIES = 			\
 	$(NULL)
 
 
-polkit_module_grant_la_SOURCES = polkit-module-grant.c
+polkit_module_grant_la_SOURCES = \
+	$(top_srcdir)/polkit-grant/polkit-grant-database.h	$(top_srcdir)/polkit-grant/polkit-grant-database.c  \
+	polkit-module-grant.c
+
+
 polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
 polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
 
diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c
index d49c5a6..d1c3691 100644
--- a/modules/grant/polkit-module-grant.c
+++ b/modules/grant/polkit-module-grant.c
@@ -51,21 +51,19 @@ _module_shutdown (PolKitModuleInterface 
 
 
 static PolKitResult
-_module_can_session_access_resource (PolKitModuleInterface *module_interface,
-                                     PolKitContext         *pk_context,
-                                     PolKitAction          *action,
-                                     PolKitResource        *resource,
-                                     PolKitSession         *session)
+_module_can_session_do_action (PolKitModuleInterface *module_interface,
+                               PolKitContext         *pk_context,
+                               PolKitAction          *action,
+                               PolKitSession         *session)
 {
         return POLKIT_RESULT_UNKNOWN_ACTION;
 }
 
 static PolKitResult
-_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
-                                    PolKitContext         *pk_context,
-                                    PolKitAction          *action,
-                                    PolKitResource        *resource,
-                                    PolKitCaller          *caller)
+_module_can_caller_do_action (PolKitModuleInterface *module_interface,
+                              PolKitContext         *pk_context,
+                              PolKitAction          *action,
+                              PolKitCaller          *caller)
 {
         char *grant_file;
         PolKitSession *session;
@@ -73,6 +71,7 @@ _module_can_caller_access_resource (PolK
 
         result = POLKIT_RESULT_UNKNOWN_ACTION;
 
+#if 0
         /* file format:
          *
          * file: /var/[lib,run]/PolicyKit/grant/<action-name>.grant
@@ -106,22 +105,30 @@ _module_can_caller_access_resource (PolK
         if (!polkit_caller_get_uid (caller, &invoking_user_id))
                 goto out;
 
-        if (resource == NULL)
-                goto out;
-        if (!polkit_resource_get_resource_type (resource, &resource_type))
-                goto out;
-        if (!polkit_resource_get_resource_id (resource, &resource_id))
-                goto out;
+        if (resource == NULL) {
+                resource_type = "";
+                resource_id = "";
+        } else {
+                if (!polkit_resource_get_resource_type (resource, &resource_type))
+                        goto out;
+                if (!polkit_resource_get_resource_id (resource, &resource_id))
+                        goto out;
+        }
 
         session_name = NULL;
         if (!polkit_caller_get_ck_session (caller, &session))
                 goto out;
         if (!polkit_caller_get_dbus_name (caller, &dbus_name))
                 goto out;
-        if (!polkit_session_get_ck_objref (session, &session_objpath))
-                goto out;
+        if (session == NULL) {
+                session_objpath = NULL;
+                session_name = NULL;
+        } else {
+                if (!polkit_session_get_ck_objref (session, &session_objpath))
+                        goto out;
+                session_name = g_basename (session_objpath);
+        }
 
-        session_name = g_basename (session_objpath);
         resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_id);
         resource_hash = g_str_hash (resource_str_to_hash);
         g_free (resource_str_to_hash);
@@ -142,8 +149,14 @@ _module_can_caller_access_resource (PolK
          *                    dbus_<dbusname>_<uid>_<action>_<resource-hash>.grant
          */
 
+        if (dbus_name == NULL)
+                dbus_name = "";
+
         grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant", 
                                       dbus_name, invoking_user_id, action_name, resource_hash);
+
+        fprintf (stdout, "testing for file '%s'\n", grant_file);
+
         if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
                 result = POLKIT_RESULT_YES;
                 g_free (grant_file);
@@ -151,14 +164,16 @@ _module_can_caller_access_resource (PolK
         }
         g_free (grant_file);
 
-        grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant", 
-                                      session_name, invoking_user_id, action_name, resource_hash);
-        if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
-                result = POLKIT_RESULT_YES;
+        if (session_name != NULL) {
+                grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant", 
+                                              session_name, invoking_user_id, action_name, resource_hash);
+                if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+                        result = POLKIT_RESULT_YES;
+                        g_free (grant_file);
+                        goto out;
+                }
                 g_free (grant_file);
-                goto out;
         }
-        g_free (grant_file);
 
         grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant", 
                                       invoking_user_id, action_name, resource_hash);
@@ -168,7 +183,7 @@ _module_can_caller_access_resource (PolK
                 goto out;
         }
         g_free (grant_file);
-
+#endif
 
 out:
         return result;
@@ -185,8 +200,8 @@ polkit_module_set_functions (PolKitModul
 
         polkit_module_set_func_initialize (module_interface, _module_init);
         polkit_module_set_func_shutdown (module_interface, _module_shutdown);
-        polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
-        polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+        polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
+        polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
 
         ret = TRUE;
 out:
diff --git a/polkit-dbus/polkit-dbus.c b/polkit-dbus/polkit-dbus.c
index 8609aac..d0c00f4 100644
--- a/polkit-dbus/polkit-dbus.c
+++ b/polkit-dbus/polkit-dbus.c
@@ -538,3 +538,134 @@ out:
         g_free (ck_session_objpath);
         return caller;
 }
+
+PolKitCaller *
+polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
+{
+        PolKitCaller *caller;
+        uid_t uid;
+        char *selinux_context;
+        char *ck_session_objpath;
+        PolKitSession *session;
+        DBusMessage *message;
+        DBusMessage *reply;
+        DBusMessageIter iter;
+        char *str;
+
+        g_return_val_if_fail (con != NULL, NULL);
+        g_return_val_if_fail (error != NULL, NULL);
+        g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+        selinux_context = NULL;
+        ck_session_objpath = NULL;
+
+        caller = NULL;
+        session = NULL;
+
+        /* TODO: Verify that PID exists */
+
+        /* TODO: FIXME */
+        uid = 500;
+
+        /* TODO: FIXME */
+        selinux_context = g_strdup ("user_u:system_r:hald_t");
+
+	message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit", 
+						"/org/freedesktop/ConsoleKit/Manager",
+						"org.freedesktop.ConsoleKit.Manager",
+						"GetSessionForUnixProcess");
+	dbus_message_iter_init_append (message, &iter);
+	dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+	reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+	if (reply == NULL || dbus_error_is_set (error)) {
+		g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+		dbus_message_unref (message);
+		if (reply != NULL)
+			dbus_message_unref (reply);
+		/* OK, this is not a catastrophe; just means the caller is not a 
+                 * member of any session or that ConsoleKit is not available.. 
+                 */
+		goto not_in_session;
+	}
+	dbus_message_iter_init (reply, &iter);
+	dbus_message_iter_get_basic (&iter, &str);
+	ck_session_objpath = g_strdup (str);
+	dbus_message_unref (message);
+	dbus_message_unref (reply);
+
+        session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+        if (session == NULL) {
+                g_warning ("Got a session objpath but couldn't construct session object!");
+                goto out;
+        }
+        if (!polkit_session_validate (session)) {
+                polkit_session_unref (session);
+                session = NULL;
+                goto out;
+        }
+
+not_in_session:
+
+        caller = polkit_caller_new ();
+        if (caller == NULL) {
+                if (session != NULL) {
+                        polkit_session_unref (session);
+                        session = NULL;
+                }
+                goto out;
+        }
+
+        if (!polkit_caller_set_uid (caller, uid)) {
+                if (session != NULL) {
+                        polkit_session_unref (session);
+                        session = NULL;
+                }
+                polkit_caller_unref (caller);
+                caller = NULL;
+                goto out;
+        }
+        if (!polkit_caller_set_pid (caller, pid)) {
+                if (session != NULL) {
+                        polkit_session_unref (session);
+                        session = NULL;
+                }
+                polkit_caller_unref (caller);
+                caller = NULL;
+                goto out;
+        }
+        if (selinux_context != NULL) {
+                if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+                        if (session != NULL) {
+                                polkit_session_unref (session);
+                                session = NULL;
+                        }
+                        polkit_caller_unref (caller);
+                        caller = NULL;
+                        goto out;
+                }
+        }
+        if (session != NULL) {
+                if (!polkit_caller_set_ck_session (caller, session)) {
+                        if (session != NULL) {
+                                polkit_session_unref (session);
+                                session = NULL;
+                        }
+                        polkit_caller_unref (caller);
+                        caller = NULL;
+                        goto out;
+                }
+                polkit_session_unref (session); /* caller object now own this object */
+                session = NULL;
+        }
+
+        if (!polkit_caller_validate (caller)) {
+                polkit_caller_unref (caller);
+                caller = NULL;
+                goto out;
+        }
+
+out:
+        g_free (selinux_context);
+        g_free (ck_session_objpath);
+        return caller;
+}
diff --git a/polkit-dbus/polkit-dbus.h b/polkit-dbus/polkit-dbus.h
index 39c00cb..b39e091 100644
--- a/polkit-dbus/polkit-dbus.h
+++ b/polkit-dbus/polkit-dbus.h
@@ -35,6 +35,8 @@ PolKitSession *polkit_session_new_from_c
 
 PolKitCaller  *polkit_caller_new_from_dbus_name  (DBusConnection *con, const char *dbus_name, DBusError *error);
 
+PolKitCaller  *polkit_caller_new_from_pid  (DBusConnection *con, pid_t pid, DBusError *error);
+
 
 #endif /* POLKIT_DBUS_H */
 
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
index 17f07e5..d8a39d7 100644
--- a/polkit-grant/Makefile.am
+++ b/polkit-grant/Makefile.am
@@ -20,6 +20,7 @@ libpolkit_grantinclude_HEADERS =        
 	polkit-grant.h
 
 libpolkit_grant_la_SOURCES =      				\
+	polkit-grant-database.h	polkit-grant-database.c		\
 	polkit-grant.h		polkit-grant.c
 
 libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c
index 8b90107..7cbe07f 100644
--- a/polkit-grant/polkit-grant-helper.c
+++ b/polkit-grant/polkit-grant-helper.c
@@ -41,6 +41,8 @@
 
 #include <polkit-dbus/polkit-dbus.h>
 
+#include "polkit-grant-database.h"
+
 static int
 conversation_function (int n,
                        const struct pam_message **msg,
@@ -146,12 +148,16 @@ do_auth (const char *user_to_auth)
 		goto error;
 	}
 
+#if 0
+        /* Hmm, this fails; TODO: investigate */
+
 	/* permitted access? */
 	rc = pam_acct_mgmt (pam_h, 0);
 	if (rc != PAM_SUCCESS) {
 		fprintf (stderr, "pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
 		goto error;
 	}
+#endif
 
         /* did we auth the right user? */
 	rc = pam_get_item (pam_h, PAM_USER, &authed_user);
@@ -174,9 +180,8 @@ error:
 
 static polkit_bool_t
 verify_with_polkit (const char *dbus_name,
+                    pid_t caller_pid,
                     const char *action_name,
-                    const char *resource_type,
-                    const char *resource_name,
                     PolKitResult *result,
                     char **out_session_objpath)
 {
@@ -187,7 +192,6 @@ verify_with_polkit (const char *dbus_nam
         DBusError error;
         PolKitContext *pol_ctx;
         PolKitAction *action;
-        PolKitResource *resource;
 
         dbus_error_init (&error);
         bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
@@ -200,18 +204,18 @@ verify_with_polkit (const char *dbus_nam
         action = polkit_action_new ();
         polkit_action_set_action_id (action, action_name);
 
-        if (resource_type != NULL && resource_name != NULL) {
-                resource = polkit_resource_new ();
-                polkit_resource_set_resource_type (resource, resource_type);
-                polkit_resource_set_resource_id (resource, resource_name);
+        if (dbus_name != NULL && strlen (dbus_name) > 0) {
+                caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
+                if (caller == NULL) {
+                        fprintf (stderr, "cannot get caller from dbus name\n");
+                        goto out;
+                }
         } else {
-                resource = NULL;
-        }
-
-        caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
-        if (caller == NULL) {
-                fprintf (stderr, "cannot get caller from dbus name\n");
-                goto out;
+                caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
+                if (caller == NULL) {
+                        fprintf (stderr, "cannot get caller from pid\n");
+                        goto out;
+                }
         }
 
         if (!polkit_caller_get_ck_session (caller, &session)) {
@@ -234,7 +238,7 @@ verify_with_polkit (const char *dbus_nam
                 goto out;
         }
 
-        *result = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+        *result = polkit_context_can_caller_do_action (pol_ctx, action, caller);
 
         if (*result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
             *result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION &&
@@ -242,7 +246,8 @@ verify_with_polkit (const char *dbus_nam
             *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
             *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
             *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
-                fprintf (stderr, "given auth type is bogus\n");
+                fprintf (stderr, "given auth type (%d -> %s) is bogus\n", 
+                         *result, polkit_result_to_string_representation (*result));
                 goto out;
         }
 
@@ -329,12 +334,11 @@ error:
         return FALSE;
 }
 
-/* synopsis: /usr/libexec/polkit-grant-helper <auth-type> <dbus-name> <action-name> <resource-type> <resource-name>
+/* synopsis: polkit-grant-helper <auth-type> <dbus-name> <pid> <action-name>
  *
- * <dbus-name>     : unique name of caller on the system message bus to grant privilege to
+ * <dbus-name>     : unique name of caller on the system message bus to grant privilege to (may be blank)
+ * <pid>           : process id of caller to grant privilege to
  * <action-name>   : the PolicyKit action
- * <resource-type> : resource-type
- * <resource-name> : resource-name
  *
  * PAM interaction happens via stdin/stdout.
  *
@@ -349,11 +353,10 @@ main (int argc, char *argv[])
 {
         int ret;
         uid_t invoking_user_id;
+        pid_t caller_pid;
         const char *invoking_user_name;
         const char *dbus_name;
         const char *action_name;
-        const char *resource_type;
-        const char *resource_name;
         PolKitResult result;
         const char *user_to_auth;
         char *session_objpath;
@@ -363,7 +366,7 @@ main (int argc, char *argv[])
 
         ret = 3;
 
-        if (argc != 5) {
+        if (argc != 4) {
                 fprintf (stderr, "wrong use\n");
                 goto out;
         }
@@ -408,14 +411,12 @@ main (int argc, char *argv[])
         setenv ("PATH", "/bin:/usr/bin", 1);
 
         dbus_name = argv[1];
-        action_name = argv[2];
-        resource_type = argv[3];
-        resource_name = argv[4];
+        caller_pid = atoi(argv[2]); /* TODO: use safer function? */
+        action_name = argv[3];
 
         fprintf (stderr, "dbus_name = %s\n", dbus_name);
+        fprintf (stderr, "caller_pid = %d\n", caller_pid);
         fprintf (stderr, "action_name = %s\n", action_name);
-        fprintf (stderr, "resource_type = %s\n", resource_type);
-        fprintf (stderr, "resource_name = %s\n", resource_name);
 
         ret = 2;
 
@@ -423,7 +424,7 @@ main (int argc, char *argv[])
          * 
          * verify that the given thing to auth for really supports grant by auth in the requested way
          */
-        if (!verify_with_polkit (dbus_name, action_name, resource_type, resource_name, &result, &session_objpath))
+        if (!verify_with_polkit (dbus_name, caller_pid, action_name, &result, &session_objpath))
                 goto out;
 
         /* tell user about the grant details; e.g. whether it's auth_self_keep_always or auth_self etc. */
@@ -439,6 +440,8 @@ main (int argc, char *argv[])
                 user_to_auth = invoking_user_name;
         }
 
+        ret = 1;
+
         /* OK, start auth! */
         if (!do_auth (user_to_auth))
                 goto out;
@@ -452,9 +455,14 @@ main (int argc, char *argv[])
                  polkit_result_to_string_representation (result));
         fflush (stdout);
         
-        if (!get_and_validate_override_details (&result))
+        if (!get_and_validate_override_details (&result)) {
+                /* if this fails it means bogus input from user */
+                ret = 2;
                 goto out;
+        }
 
+        fprintf (stderr, "OK; TODO: write to database\n");
+#if 0
         /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
          *
          * this concerns these two files
@@ -507,8 +515,10 @@ main (int argc, char *argv[])
         fprintf (stderr, "file is '%s'\n", grant_file);
         FILE *f = fopen (grant_file, "w");
         fclose (f);
+#endif
 
         ret = 0;
 out:
+        fprintf (stderr, "exiting with code %d\n", ret);
         return ret;
 }
diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
index d73a0aa..fcd2511 100644
--- a/polkit-grant/polkit-grant.c
+++ b/polkit-grant/polkit-grant.c
@@ -370,14 +370,12 @@ polkit_grant_cancel_auth (PolKitGrant *p
  * polkit_grant_initiate_auth:
  * @polkit_grant: the object
  * @action: Action requested by caller
- * @resource: Resource in question
  * @caller: Caller in question
  * 
  * Initiate authentication to obtain the privilege for the given
- * @caller to perform the specified @action on the given
- * @resource. The caller of this method must have setup callback
- * functions using the method polkit_grant_set_functions() prior to
- * calling this method.
+ * @caller to perform the specified @action. The caller of this method
+ * must have setup callback functions using the method
+ * polkit_grant_set_functions() prior to calling this method.
  *
  * Implementation-wise, this class uses a secure (e.g. as in that it
  * checks all information and fundamenally don't trust the caller;
@@ -390,43 +388,40 @@ polkit_grant_cancel_auth (PolKitGrant *p
  * Returns: #TRUE only if authentication have been initiated.
  **/
 polkit_bool_t 
-polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
-                               PolKitAction *action,
-                               PolKitResource *resource,
-                               PolKitCaller *caller)
+polkit_grant_initiate_auth (PolKitGrant  *polkit_grant,
+                            PolKitAction *action,
+                            PolKitCaller *caller)
 {
+        pid_t pid;
         char *dbus_name;
         char *action_id;
-        char *resource_type;
-        char *resource_id;
         GError *g_error;
-        const char *helper_argv[6];
+        char *helper_argv[5];
 
         g_return_val_if_fail (polkit_grant != NULL, FALSE);
         /* check that callback functions have been properly set up */
         g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
 
-        if (!polkit_caller_get_dbus_name (caller, &dbus_name))
-                goto error;
-
-        if (!polkit_action_get_action_id (action, &action_id))
+        if (!polkit_caller_get_pid (caller, &pid))
                 goto error;
 
-        if (!polkit_resource_get_resource_type (resource, &resource_type))
+        if (!polkit_caller_get_dbus_name (caller, &dbus_name))
                 goto error;
 
-        if (!polkit_resource_get_resource_id (resource, &resource_id))
+        if (!polkit_action_get_action_id (action, &action_id))
                 goto error;
 
         /* TODO: verify incoming args */
 
-        //helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
-        helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
-        helper_argv[1] = dbus_name;
-        helper_argv[2] = action_id;
-        helper_argv[3] = resource_type;
-        helper_argv[4] = resource_id;
-        helper_argv[5] = NULL;
+        helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
+        // TODO FIXME: helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+        if (dbus_name == NULL)
+                helper_argv[1] = "";
+        else
+                helper_argv[1] = dbus_name;
+        helper_argv[2] = g_strdup_printf ("%d", pid);
+        helper_argv[3] = action_id;
+        helper_argv[4] = NULL;
 
         polkit_grant->child_stdin = -1;
         polkit_grant->child_stdout = -1;
@@ -446,8 +441,10 @@ polkit_grant_initiate_auth (PolKitGrant 
                                        &g_error)) {
                 fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
                 g_error_free (g_error);
+                g_free (helper_argv[2]);
                 goto error;
         }
+        g_free (helper_argv[2]);
 
         polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
         if (polkit_grant->child_watch_id == 0)
diff --git a/polkit-grant/polkit-grant.h b/polkit-grant/polkit-grant.h
index cc04d42..63c6e79 100644
--- a/polkit-grant/polkit-grant.h
+++ b/polkit-grant/polkit-grant.h
@@ -330,9 +330,9 @@ void          polkit_grant_set_functions
                                           PolKitGrantOverrideGrantType func_override_grant_type,
                                           PolKitGrantDone func_done,
                                           void *user_data);
-polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+
+polkit_bool_t polkit_grant_initiate_auth (PolKitGrant  *polkit_grant,
                                           PolKitAction *action,
-                                          PolKitResource *resource,
                                           PolKitCaller *caller);
 
 void          polkit_grant_cancel_auth   (PolKitGrant *polkit_grant);
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
index 5313952..c3968b4 100644
--- a/polkit/Makefile.am
+++ b/polkit/Makefile.am
@@ -24,7 +24,6 @@ libpolkitinclude_HEADERS =              
 	polkit-result.h					\
 	polkit-context.h				\
 	polkit-action.h					\
-	polkit-resource.h				\
 	polkit-seat.h					\
 	polkit-session.h				\
 	polkit-caller.h					\
@@ -41,7 +40,6 @@ libpolkit_la_SOURCES =                  
 	polkit-result.h			polkit-result.c			\
 	polkit-context.h		polkit-context.c		\
 	polkit-action.h			polkit-action.c			\
-	polkit-resource.h		polkit-resource.c		\
 	polkit-seat.h			polkit-seat.c			\
 	polkit-session.h		polkit-session.c		\
 	polkit-caller.h			polkit-caller.c			\
diff --git a/polkit/polkit-caller.c b/polkit/polkit-caller.c
index e096d0b..b690445 100644
--- a/polkit/polkit-caller.c
+++ b/polkit/polkit-caller.c
@@ -339,7 +339,5 @@ polkit_caller_validate (PolKitCaller *ca
 {
         g_return_val_if_fail (caller != NULL, FALSE);
         g_return_val_if_fail (caller->pid > 0, FALSE);
-        g_return_val_if_fail (caller->dbus_name != NULL, FALSE);
-        /* NOTE TODO FIXME: remove need to have a dbus name set */
         return TRUE;
 }
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
index 0e17aa2..a63d9c9 100644
--- a/polkit/polkit-context.c
+++ b/polkit/polkit-context.c
@@ -464,78 +464,22 @@ polkit_context_get_policy_cache (PolKitC
         return pk_context->priv_cache;
 }
 
-
-/**
- * polkit_context_get_seat_resource_association:
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Retrieve information about what resources are associated to what
- * seats. Note that a resource may be associated to more than one
- * seat. This information stems from user configuration and consumers
- * of this information that know better (e.g. HAL) may choose to
- * override it. 
- *
- * Typically, this information is used to e.g. bootstrap the system
- * insofar that it can be used to start login greeters on the given
- * video hardware (e.g. resources) on the given user-configured seats.
- *
- * If a resource is not associated with any seat, it is assumed to be
- * available to any local seat.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW or
- * #POLKIT_RESULT_YES (if the callback was invoked)
- */
-PolKitResult
-polkit_context_get_seat_resource_association (PolKitContext       *pk_context,
-                                                 PolKitSeatVisitorCB  visitor,
-                                                 void                *user_data)
-{
-        return POLKIT_RESULT_YES;
-}
-
 /**
- * polkit_context_is_resource_associated_with_seat:
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Determine if a given resource is associated with a given seat. The
- * same comments noted in polkit_get_seat_resource_association() about the
- * source purely being user configuration applies here as well.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- */
-PolKitResult
-polkit_context_is_resource_associated_with_seat (PolKitContext   *pk_context,
-                                                    PolKitResource  *resource,
-                                                    PolKitSeat      *seat)
-{
-        return POLKIT_RESULT_NO;
-}
-
-/**
- * polkit_context_can_session_access_resource:
+ * polkit_context_can_session_do_action:
  * @pk_context: the PolicyKit context
  * @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
  * @session: the session in question
  *
- * Determine if a given session can access a given resource in a given way.
+ * Determine if a given session can do a given action.
  *
  * Returns: A #PolKitResult - can only be one of
  * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
  * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
  */
 PolKitResult
-polkit_context_can_session_access_resource (PolKitContext   *pk_context,
-                                               PolKitAction    *action,
-                                               PolKitResource  *resource,
-                                               PolKitSession   *session)
+polkit_context_can_session_do_action (PolKitContext   *pk_context,
+                                      PolKitAction    *action,
+                                      PolKitSession   *session)
 {
         PolKitPolicyCache *cache;
         PolKitPolicyFileEntry *pfe;
@@ -546,17 +490,12 @@ polkit_context_can_session_access_resour
         current_result = POLKIT_RESULT_NO;
         g_return_val_if_fail (pk_context != NULL, current_result);
 
-        /* resource may actually by NULL */
         if (action == NULL || session == NULL)
                 goto out;
 
-
         /* now validate the incoming objects */
         if (!polkit_action_validate (action))
                 goto out;
-        if (resource == NULL)
-                if (!polkit_resource_validate (resource))
-                        goto out;
         if (!polkit_session_validate (session))
                 goto out;
 
@@ -564,10 +503,8 @@ polkit_context_can_session_access_resour
         if (cache == NULL)
                 goto out;
 
-        _pk_debug ("entering polkit_can_session_access_resource()");
+        _pk_debug ("entering polkit_can_session_do_action()");
         polkit_action_debug (action);
-        if (resource != NULL)
-                polkit_resource_debug (resource);
         polkit_session_debug (session);
 
         pfe = polkit_policy_cache_get_entry (cache, action);
@@ -590,9 +527,9 @@ polkit_context_can_session_access_resour
         /* visit modules */
         for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
                 PolKitModuleInterface *module_interface = i->data;
-                PolKitModuleCanSessionAccessResource func;
+                PolKitModuleCanSessionDoAction func;
 
-                func = polkit_module_get_func_can_session_access_resource (module_interface);
+                func = polkit_module_get_func_can_session_do_action (module_interface);
                 if (func != NULL) {
                         PolKitModuleControl module_control;
                         PolKitResult module_result;
@@ -605,7 +542,6 @@ polkit_context_can_session_access_resour
                                     module_interface,
                                     pk_context,
                                     action,
-                                    resource,
                                     session)) {
                                 /* module is confined by built-in options */
                                 module_result = POLKIT_RESULT_UNKNOWN_ACTION;
@@ -615,7 +551,6 @@ polkit_context_can_session_access_resour
                                 module_result = func (module_interface,
                                                       pk_context,
                                                       action, 
-                                                      resource, 
                                                       session);
                         }
 
@@ -657,22 +592,20 @@ out:
 }
 
 /**
- * polkit_context_can_caller_access_resource:
+ * polkit_context_can_caller_do_action:
  * @pk_context: the PolicyKit context
  * @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
- * @caller: the resource in question
+ * @caller: the caller in question
  *
- * Determine if a given caller can access a given resource in a given way.
+ * Determine if a given caller can do a given action.
  *
  * Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
+ * do a specific action
  */
 PolKitResult
-polkit_context_can_caller_access_resource (PolKitContext   *pk_context,
-                                              PolKitAction    *action,
-                                              PolKitResource  *resource,
-                                              PolKitCaller    *caller)
+polkit_context_can_caller_do_action (PolKitContext   *pk_context,
+                                     PolKitAction    *action,
+                                     PolKitCaller    *caller)
 {
         PolKitPolicyCache *cache;
         PolKitPolicyFileEntry *pfe;
@@ -683,7 +616,6 @@ polkit_context_can_caller_access_resourc
         current_result = POLKIT_RESULT_NO;
         g_return_val_if_fail (pk_context != NULL, current_result);
 
-        /* resource may actually by NULL */
         if (action == NULL || caller == NULL)
                 goto out;
 
@@ -694,16 +626,11 @@ polkit_context_can_caller_access_resourc
         /* now validate the incoming objects */
         if (!polkit_action_validate (action))
                 goto out;
-        if (resource == NULL)
-                if (!polkit_resource_validate (resource))
-                        goto out;
         if (!polkit_caller_validate (caller))
                 goto out;
 
-        _pk_debug ("entering polkit_can_caller_access_resource()");
+        _pk_debug ("entering polkit_can_caller_do_action()");
         polkit_action_debug (action);
-        if (resource != NULL)
-                polkit_resource_debug (resource);
         polkit_caller_debug (caller);
 
         pfe = polkit_policy_cache_get_entry (cache, action);
@@ -726,9 +653,9 @@ polkit_context_can_caller_access_resourc
         /* visit modules */
         for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
                 PolKitModuleInterface *module_interface = i->data;
-                PolKitModuleCanCallerAccessResource func;
+                PolKitModuleCanCallerDoAction func;
 
-                func = polkit_module_get_func_can_caller_access_resource (module_interface);
+                func = polkit_module_get_func_can_caller_do_action (module_interface);
                 if (func != NULL) {
                         PolKitModuleControl module_control;
                         PolKitResult module_result;
@@ -741,7 +668,6 @@ polkit_context_can_caller_access_resourc
                                     module_interface,
                                     pk_context,
                                     action,
-                                    resource,
                                     caller)) {
                                 /* module is confined by built-in options */
                                 module_result = POLKIT_RESULT_UNKNOWN_ACTION;
@@ -751,7 +677,6 @@ polkit_context_can_caller_access_resourc
                                 module_result = func (module_interface,
                                                       pk_context,
                                                       action, 
-                                                      resource, 
                                                       caller);
                         }
 
diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h
index 13d53bf..0261338 100644
--- a/polkit/polkit-context.h
+++ b/polkit/polkit-context.h
@@ -35,7 +35,6 @@
 #include <polkit/polkit-result.h>
 #include <polkit/polkit-context.h>
 #include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
 #include <polkit/polkit-seat.h>
 #include <polkit/polkit-session.h>
 #include <polkit/polkit-caller.h>
@@ -148,39 +147,15 @@ void           polkit_context_unref     
 
 PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
 
-/**
- * PolKitSeatVisitorCB:
- * @seat: the seat
- * @resources_associated_with_seat: A NULL terminated array of resources associated with the seat
- * @user_data: user data
- *
- * Visitor function for polkit_get_seat_resource_association(). The caller should _not_ unref the passed objects.
- */
-typedef void (*PolKitSeatVisitorCB) (PolKitSeat      *seat,
-                                     PolKitResource **resources_associated_with_seat,
-                                     void            *user_data);
-
-PolKitResult
-polkit_context_get_seat_resource_association (PolKitContext       *pk_context,
-                                              PolKitSeatVisitorCB  visitor,
-                                              void                *user_data);
-
-PolKitResult
-polkit_context_is_resource_associated_with_seat (PolKitContext   *pk_context,
-                                                 PolKitResource  *resource,
-                                                 PolKitSeat      *seat);
-
 PolKitResult
-polkit_context_can_session_access_resource (PolKitContext   *pk_context,
-                                            PolKitAction    *action,
-                                            PolKitResource  *resource,
-                                            PolKitSession   *session);
+polkit_context_can_session_do_action (PolKitContext   *pk_context,
+                                      PolKitAction    *action,
+                                      PolKitSession   *session);
 
 PolKitResult
-polkit_context_can_caller_access_resource (PolKitContext   *pk_context,
-                                           PolKitAction    *action,
-                                           PolKitResource  *resource,
-                                           PolKitCaller    *caller);
+polkit_context_can_caller_do_action (PolKitContext   *pk_context,
+                                     PolKitAction    *action,
+                                     PolKitCaller    *caller);
 
 #endif /* POLKIT_CONTEXT_H */
 
diff --git a/polkit/polkit-module.c b/polkit/polkit-module.c
index aab1fc4..833cc22 100644
--- a/polkit/polkit-module.c
+++ b/polkit/polkit-module.c
@@ -59,10 +59,8 @@ struct PolKitModuleInterface
 
         PolKitModuleInitialize                     func_initialize;
         PolKitModuleShutdown                       func_shutdown;
-        PolKitModuleGetSeatResourceAssociation     func_get_seat_resource_association;
-        PolKitModuleIsResourceAssociatedWithSeat   func_is_resource_associated_with_seat;
-        PolKitModuleCanSessionAccessResource       func_can_session_access_resource;
-        PolKitModuleCanCallerAccessResource        func_can_caller_access_resource;
+        PolKitModuleCanSessionDoAction       func_can_session_do_action;
+        PolKitModuleCanCallerDoAction        func_can_caller_do_action;
 
         polkit_bool_t builtin_have_action_regex;
         regex_t  builtin_action_regex_compiled;
@@ -348,67 +346,38 @@ polkit_module_set_func_initialize (PolKi
  **/
 void 
 polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface, 
-                                    PolKitModuleShutdown   func)
+                                 PolKitModuleShutdown   func)
 {
         g_return_if_fail (module_interface != NULL);
         module_interface->func_shutdown = func;
 }
 
 /**
- * polkit_module_set_func_get_seat_resource_association:
+ * polkit_module_set_func_can_session_do_action:
  * @module_interface: the module interface 
  * @func: the function pointer
  * 
  * Set the function pointer.
  **/
-void 
-polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface                   *module_interface,
-                                                         PolKitModuleGetSeatResourceAssociation  func)
-{
-        g_return_if_fail (module_interface != NULL);
-        module_interface->func_get_seat_resource_association = func;
-}
-
-/**
- * polkit_module_set_func_is_resource_associated_with_seat:
- * @module_interface: the module interface 
- * @func: the function pointer
- * 
- * Set the function pointer.
- **/
-void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface               *module_interface,
-                                                                 PolKitModuleIsResourceAssociatedWithSeat func)
+void polkit_module_set_func_can_session_do_action (PolKitModuleInterface          *module_interface,
+                                                   PolKitModuleCanSessionDoAction  func)
 {
         g_return_if_fail (module_interface != NULL);
-        module_interface->func_is_resource_associated_with_seat = func;
+        module_interface->func_can_session_do_action = func;
 }
 
 /**
- * polkit_module_set_func_can_session_access_resource:
+ * polkit_module_set_func_can_caller_do_action:
  * @module_interface: the module interface 
  * @func: the function pointer
  * 
  * Set the function pointer.
  **/
-void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface                *module_interface,
-                                                            PolKitModuleCanSessionAccessResource  func)
+void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface         *module_interface,
+                                                  PolKitModuleCanCallerDoAction  func)
 {
         g_return_if_fail (module_interface != NULL);
-        module_interface->func_can_session_access_resource = func;
-}
-
-/**
- * polkit_module_set_func_can_caller_access_resource:
- * @module_interface: the module interface 
- * @func: the function pointer
- * 
- * Set the function pointer.
- **/
-void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface               *module_interface,
-                                                           PolKitModuleCanCallerAccessResource  func)
-{
-        g_return_if_fail (module_interface != NULL);
-        module_interface->func_can_caller_access_resource = func;
+        module_interface->func_can_caller_do_action = func;
 }
 
 /**
@@ -442,63 +411,33 @@ polkit_module_get_func_shutdown (PolKitM
 }
 
 /**
- * polkit_module_get_func_get_seat_resource_association:
- * @module_interface: the module interface 
- * 
- * Get the function pointer.
- * 
- * Returns: Function pointer or #NULL if it's unavailable or an error occured 
- **/
-PolKitModuleGetSeatResourceAssociation
-polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface)
-{
-        g_return_val_if_fail (module_interface != NULL, NULL);
-        return module_interface->func_get_seat_resource_association;
-}
-
-/**
- * polkit_module_get_func_is_resource_associated_with_seat:
- * @module_interface: the module interface 
- * 
- * Get the function pointer.
- * 
- * Returns: Function pointer or #NULL if it's unavailable or an error occured 
- **/
-PolKitModuleIsResourceAssociatedWithSeat
-polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface)
-{
-        g_return_val_if_fail (module_interface != NULL, NULL);
-        return module_interface->func_is_resource_associated_with_seat;
-}
-
-/**
- * polkit_module_get_func_can_session_access_resource:
+ * polkit_module_get_func_can_session_do_action:
  * @module_interface: the module interface 
  * 
  * Get the function pointer.
  * 
  * Returns: Function pointer or #NULL if it's unavailable or an error occured 
  **/
-PolKitModuleCanSessionAccessResource
-polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface)
+PolKitModuleCanSessionDoAction
+polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface)
 {
         g_return_val_if_fail (module_interface != NULL, NULL);
-        return module_interface->func_can_session_access_resource;
+        return module_interface->func_can_session_do_action;
 }
 
 /**
- * polkit_module_get_func_can_caller_access_resource:
+ * polkit_module_get_func_can_caller_do_action:
  * @module_interface: the module interface 
  * 
  * Get the function pointer.
  * 
  * Returns: Function pointer or #NULL if it's unavailable or an error occured
  **/
-PolKitModuleCanCallerAccessResource
-polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface)
+PolKitModuleCanCallerDoAction
+polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface)
 {
         g_return_val_if_fail (module_interface != NULL, NULL);
-        return module_interface->func_can_caller_access_resource;
+        return module_interface->func_can_caller_do_action;
 }
 
 
@@ -680,7 +619,6 @@ _check_users_for_caller (PolKitModuleInt
  * @module_interface: the given module
  * @pk_context: the PolicyKit context
  * @action: the type of access to check for
- * @resource: the resource in question
  * @session: the session in question
  * 
  * Check whether some of the built-in module options (e.g. action="hal-storage-*", 
@@ -690,10 +628,9 @@ _check_users_for_caller (PolKitModuleInt
  **/
 polkit_bool_t
 polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
-                                                                  PolKitContext   *pk_context,
-                                                                  PolKitAction *action,
-                                                                  PolKitResource  *resource,
-                                                                  PolKitSession   *session)
+                                                               PolKitContext   *pk_context,
+                                                               PolKitAction *action,
+                                                               PolKitSession   *session)
 {
         polkit_bool_t ret;
         ret = TRUE;
@@ -716,8 +653,7 @@ out:
  * @module_interface: the given module
  * @pk_context: the PolicyKit context
  * @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
  * 
  * Check whether some of the built-in module options (e.g. action="hal-storage-*", 
  * user=davidz) confines the given module, e.g. whether it should be skipped.
@@ -726,10 +662,9 @@ out:
  **/
 polkit_bool_t
 polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
-                                                                 PolKitContext   *pk_context,
-                                                                 PolKitAction *action,
-                                                                 PolKitResource  *resource,
-                                                                 PolKitCaller    *caller)
+                                                                 PolKitContext      *pk_context,
+                                                                 PolKitAction       *action,
+                                                                 PolKitCaller       *caller)
 {
         polkit_bool_t ret;
         ret = TRUE;
diff --git a/polkit/polkit-module.h b/polkit/polkit-module.h
index 3e6fed7..02dd9ca 100644
--- a/polkit/polkit-module.h
+++ b/polkit/polkit-module.h
@@ -59,72 +59,36 @@ typedef polkit_bool_t     (*PolKitModule
 typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface);
 
 /**
- * PolKitModuleGetSeatResourceAssociation:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Type of PolicyKit module function to implement polkit_get_seat_resource_association().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleGetSeatResourceAssociation) (PolKitModuleInterface *module_interface,
-                                                                PolKitContext         *pk_context,
-                                                                PolKitSeatVisitorCB    visitor,
-                                                                void                  *user_data);
-
-/**
- * PolKitModuleIsResourceAssociatedWithSeat:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Type of PolicyKit module function to implement polkit_is_resource_associated_with_seat().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleIsResourceAssociatedWithSeat) (PolKitModuleInterface *module_interface,
-                                                                  PolKitContext         *pk_context,
-                                                                  PolKitResource        *resource,
-                                                                  PolKitSeat            *seat);
-
-/**
- * PolKitModuleCanSessionAccessResource:
+ * PolKitModuleCanSessionAccessDoAction:
  * @module_interface: the module interface
  * @pk_context: the PolicyKit context
  * @action: the type of access to check for
- * @resource: the resource in question
  * @session: the session in question
  *
- * Type of PolicyKit module function to implement polkit_can_session_access_resource().
+ * Type of PolicyKit module function to implement polkit_can_session_access_do_action().
  *
  * Returns: the #PolKitResult
  **/
-typedef PolKitResult (*PolKitModuleCanSessionAccessResource) (PolKitModuleInterface *module_interface,
-                                                              PolKitContext         *pk_context,
-                                                              PolKitAction       *action,
-                                                              PolKitResource        *resource,
-                                                              PolKitSession         *session);
+typedef PolKitResult (*PolKitModuleCanSessionDoAction) (PolKitModuleInterface *module_interface,
+                                                        PolKitContext         *pk_context,
+                                                        PolKitAction          *action,
+                                                        PolKitSession         *session);
 
 /**
- * PolKitModuleCanCallerAccessResource:
+ * PolKitModuleCanCallerAccessDoAction:
  * @module_interface: the module interface
  * @pk_context: the PolicyKit context
  * @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
  *
- * Type of PolicyKit module function to implement polkit_can_caller_access_resource().
+ * Type of PolicyKit module function to implement polkit_can_caller_do_action().
  *
  * Returns: the #PolKitResult
  **/
-typedef PolKitResult (*PolKitModuleCanCallerAccessResource) (PolKitModuleInterface *module_interface,
-                                                             PolKitContext         *pk_context,
-                                                             PolKitAction       *action,
-                                                             PolKitResource        *resource,
-                                                             PolKitCaller          *caller);
+typedef PolKitResult (*PolKitModuleCanCallerDoAction) (PolKitModuleInterface *module_interface,
+                                                       PolKitContext         *pk_context,
+                                                       PolKitAction          *action,
+                                                       PolKitCaller          *caller);
 
 PolKitModuleInterface *polkit_module_interface_new   (void);
 PolKitModuleInterface *polkit_module_interface_ref   (PolKitModuleInterface *module_interface);
@@ -134,25 +98,19 @@ const char            *polkit_module_get
 void                   polkit_module_set_user_data   (PolKitModuleInterface *module_interface, void *user_data);
 void                  *polkit_module_get_user_data   (PolKitModuleInterface *module_interface);
 
-void polkit_module_set_func_initialize                       (PolKitModuleInterface               *module_interface, 
-                                                                 PolKitModuleInitialize               func);
-void polkit_module_set_func_shutdown                         (PolKitModuleInterface               *module_interface, 
-                                                                 PolKitModuleShutdown                 func);
-void polkit_module_set_func_get_seat_resource_association    (PolKitModuleInterface               *module_interface,
-                                                                 PolKitModuleGetSeatResourceAssociation func);
-void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface               *module_interface,
-                                                                 PolKitModuleIsResourceAssociatedWithSeat func);
-void polkit_module_set_func_can_session_access_resource      (PolKitModuleInterface               *module_interface,
-                                                                 PolKitModuleCanSessionAccessResource func);
-void polkit_module_set_func_can_caller_access_resource       (PolKitModuleInterface               *module_interface,
-                                                                 PolKitModuleCanCallerAccessResource  func);
+void polkit_module_set_func_initialize                 (PolKitModuleInterface               *module_interface, 
+                                                        PolKitModuleInitialize               func);
+void polkit_module_set_func_shutdown                   (PolKitModuleInterface               *module_interface, 
+                                                        PolKitModuleShutdown                 func);
+void polkit_module_set_func_can_session_do_action      (PolKitModuleInterface               *module_interface,
+                                                        PolKitModuleCanSessionDoAction       func);
+void polkit_module_set_func_can_caller_do_action       (PolKitModuleInterface               *module_interface,
+                                                        PolKitModuleCanCallerDoAction        func);
 
 PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface);
 PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface);
-PolKitModuleGetSeatResourceAssociation polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface);
-PolKitModuleIsResourceAssociatedWithSeat polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface);
-PolKitModuleCanSessionAccessResource polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface);
-PolKitModuleCanCallerAccessResource polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface);
+PolKitModuleCanSessionDoAction polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface);
+PolKitModuleCanCallerDoAction polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface);
 
 /**
  * PolKitModuleControl:
@@ -193,15 +151,13 @@ PolKitModuleControl polkit_module_interf
 polkit_bool_t
 polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
                                                                   PolKitContext   *pk_context,
-                                                                  PolKitAction *action,
-                                                                  PolKitResource  *resource,
+                                                                  PolKitAction    *action,
                                                                   PolKitSession   *session);
 
 polkit_bool_t
 polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
                                                                  PolKitContext   *pk_context,
-                                                                 PolKitAction *action,
-                                                                 PolKitResource  *resource,
+                                                                 PolKitAction    *action,
                                                                  PolKitCaller    *caller);
 
 #endif /* POLKIT_MODULE_H */
diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c
index 074fb93..d9949cb 100644
--- a/polkit/polkit-policy-default.c
+++ b/polkit/polkit-policy-default.c
@@ -143,24 +143,22 @@ polkit_policy_default_debug (PolKitPolic
 
 
 /**
- * polkit_policy_default_can_session_access_resource:
+ * polkit_policy_default_can_session_do_action:
  * @policy_default: the object
  * @action: the type of access to check for
- * @resource: the resource in question
  * @session: the session in question
  * 
  * Using the default policy for an action, determine if a given
- * session can access a given resource in a given way.
+ * session can do a given action.
  * 
  * Returns: A #PolKitResult - can only be one of
  * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
  * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
  **/
 PolKitResult
-polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
-                                                      PolKitAction        *action,
-                                                      PolKitResource         *resource,
-                                                      PolKitSession          *session)
+polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+                                             PolKitAction        *action,
+                                             PolKitSession       *session)
 {
         polkit_bool_t is_local;
         polkit_bool_t is_active;
@@ -195,23 +193,21 @@ out:
 }
 
 /**
- * polkit_policy_default_can_caller_access_resource:
+ * polkit_policy_default_can_caller_do_action:
  * @policy_default: the object
  * @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
  * 
  * Using the default policy for an action, determine if a given
- * caller can access a given resource in a given way.
+ * caller can do a given action.
  * 
  * Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
+ * do the given action.
  **/
 PolKitResult
-polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
-                                                     PolKitAction        *action,
-                                                     PolKitResource         *resource,
-                                                     PolKitCaller           *caller)
+polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+                                            PolKitAction        *action,
+                                            PolKitCaller        *caller)
 {
         polkit_bool_t is_local;
         polkit_bool_t is_active;
diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h
index 9dad92c..68b6946 100644
--- a/polkit/polkit-policy-default.h
+++ b/polkit/polkit-policy-default.h
@@ -32,7 +32,6 @@
 
 #include <polkit/polkit-result.h>
 #include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
 #include <polkit/polkit-session.h>
 #include <polkit/polkit-caller.h>
 #include <polkit/polkit-error.h>
@@ -44,14 +43,13 @@ PolKitPolicyDefault    *polkit_policy_de
 void                    polkit_policy_default_unref (PolKitPolicyDefault *policy_default);
 void                    polkit_policy_default_debug (PolKitPolicyDefault *policy_default);
 
-PolKitResult polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
-                                                                PolKitAction        *action,
-                                                                PolKitResource         *resource,
-                                                                PolKitSession          *session);
-PolKitResult polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
-                                                               PolKitAction        *action,
-                                                               PolKitResource         *resource,
-                                                               PolKitCaller           *caller);
+PolKitResult polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+                                                          PolKitAction        *action,
+                                                          PolKitSession       *session);
+
+PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+                                                         PolKitAction        *action,
+                                                         PolKitCaller        *caller);
 
 PolKitResult polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default);
 PolKitResult polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default);
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
index f72c87c..c0c7941 100644
--- a/polkit/polkit-policy-file-entry.c
+++ b/polkit/polkit-policy-file-entry.c
@@ -197,7 +197,7 @@ polkit_policy_file_get_action_descriptio
  * 
  * Get a phrase, for the policy entry in question, that can be shown
  * in the user interface explaining that the caller doesn't possess
- * the privilege to perform the given action on the given resource.
+ * the privilege to perform the given action.
  *
  * The returned string may contain a single %s entry - the caller
  * should use a printf-style function to replace this with a human
diff --git a/polkit/polkit-policy-file-entry.h b/polkit/polkit-policy-file-entry.h
index 5e0b310..70be923 100644
--- a/polkit/polkit-policy-file-entry.h
+++ b/polkit/polkit-policy-file-entry.h
@@ -45,10 +45,7 @@ const char            *polkit_policy_fil
 PolKitPolicyDefault   *polkit_policy_file_entry_get_default  (PolKitPolicyFileEntry *policy_file_entry);
 
 const char            *polkit_policy_file_get_group_description (PolKitPolicyFileEntry *policy_file_entry);
-const char            *polkit_policy_file_get_group_description_short (PolKitPolicyFileEntry *policy_file_entry);
 const char            *polkit_policy_file_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
-const char            *polkit_policy_file_get_action_missing (PolKitPolicyFileEntry *policy_file_entry);
-const char            *polkit_policy_file_get_action_apply_to_all_mnemonic (PolKitPolicyFileEntry *policy_file_entry);
 
 
 #endif /* POLKIT_POLICY_FILE_ENTRY_H */
diff --git a/polkit/polkit-resource.c b/polkit/polkit-resource.c
deleted file mode 100644
index 70d7d53..0000000
--- a/polkit/polkit-resource.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-resource.c : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307	 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-resource.h"
-#include "polkit-utils.h"
-
-/**
- * SECTION:polkit-resource
- * @short_description: Resources.
- *
- * This class is used to represent a resource. TODO: describe what a resource really is.
- **/
-
-/**
- * PolKitResource:
- *
- * Objects of this class are used to record information about a
- * resource. TODO: describe what a resource really is.
- **/
-struct PolKitResource
-{
-        int refcount;
-        char *type;
-        char *id;
-};
-
-/**
- * polkit_resource_new:
- * 
- * Create a new #PolKitResource object.
- * 
- * Returns: the new object
- **/
-PolKitResource *
-polkit_resource_new (void)
-{
-        PolKitResource *resource;
-        resource = g_new0 (PolKitResource, 1);
-        resource->refcount = 1;
-        return resource;
-}
-
-/**
- * polkit_resource_ref:
- * @resource: the resource object
- * 
- * Increase reference count
- * 
- * Returns: the object
- **/
-PolKitResource *
-polkit_resource_ref (PolKitResource *resource)
-{
-        g_return_val_if_fail (resource != NULL, resource);
-        resource->refcount++;
-        return resource;
-}
-
-
-/**
- * polkit_resource_unref:
- * @resource: the resource object
- * 
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void 
-polkit_resource_unref (PolKitResource *resource)
-{
-        g_return_if_fail (resource != NULL);
-
-        resource->refcount--;
-        if (resource->refcount > 0) 
-                return;
-
-        g_free (resource->type);
-        g_free (resource->id);
-        g_free (resource);
-}
-
-
-/**
- * polkit_resource_set_resource_type:
- * @resource: the resource object
- * @resource_type: type of resource
- * 
- * Set the type of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_resource_set_resource_type (PolKitResource *resource, const char  *resource_type)
-{
-        g_return_val_if_fail (resource != NULL, FALSE);
-        g_return_val_if_fail (_pk_validate_identifier (resource_type), FALSE);
-        if (resource->type != NULL)
-                g_free (resource->type);
-        resource->type = g_strdup (resource_type);
-        return TRUE;
-}
-
-/**
- * polkit_resource_set_resource_id:
- * @resource: the resource object
- * @resource_id: identifier of resource
- * 
- * set the identifier of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_resource_set_resource_id (PolKitResource *resource, const char  *resource_id)
-{
-        g_return_val_if_fail (resource != NULL, FALSE);
-        g_return_val_if_fail (_pk_validate_identifier (resource_id), FALSE);
-        if (resource->id != NULL)
-                g_free (resource->id);
-        resource->id = g_strdup (resource_id);
-        return TRUE;
-}
-
-/**
- * polkit_resource_get_resource_type:
- * @resource: the resource object
- * @out_resource_type: Returns the resource type. The caller shall not free this string.
- * 
- * Get the type of the resource.
- * 
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type)
-{
-        g_return_val_if_fail (resource != NULL, FALSE);
-        g_return_val_if_fail (out_resource_type != NULL, FALSE);
-
-        if (resource->type == NULL)
-                return FALSE;
-
-        *out_resource_type = resource->type;
-        return TRUE;
-}
-
-/**
- * polkit_resource_get_resource_id:
- * @resource: the resource object
- * @out_resource_id: Returns the resource identifier. The caller shall not free this string.
- * 
- * Get the identifier of the resource
- * 
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id)
-{
-        g_return_val_if_fail (resource != NULL, FALSE);
-        g_return_val_if_fail (out_resource_id != NULL, FALSE);
-
-        if (resource->id == NULL)
-                return FALSE;
-
-        *out_resource_id = resource->id;
-        return TRUE;
-}
-
-/**
- * polkit_resource_debug:
- * @resource: the object
- * 
- * Print debug details
- **/
-void
-polkit_resource_debug (PolKitResource *resource)
-{
-        g_return_if_fail (resource != NULL);
-        _pk_debug ("PolKitResource: refcount=%d type=%s id=%s", resource->refcount, resource->type, resource->id);
-}
-
-/**
- * polkit_resource_validate:
- * @resource: the object
- * 
- * Validate the object
- * 
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_resource_validate (PolKitResource *resource)
-{
-        g_return_val_if_fail (resource != NULL, FALSE);
-        g_return_val_if_fail (resource->type != NULL, FALSE);
-        g_return_val_if_fail (resource->id != NULL, FALSE);
-        return TRUE;
-}
diff --git a/polkit/polkit-resource.h b/polkit/polkit-resource.h
deleted file mode 100644
index 636e730..0000000
--- a/polkit/polkit-resource.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-resource.h : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_RESOURCE_H
-#define POLKIT_RESOURCE_H
-
-#include <polkit/polkit-types.h>
-
-struct PolKitResource;
-typedef struct PolKitResource PolKitResource;
-
-PolKitResource *polkit_resource_new               (void);
-PolKitResource *polkit_resource_ref               (PolKitResource *resource);
-void            polkit_resource_unref             (PolKitResource *resource);
-polkit_bool_t   polkit_resource_set_resource_type (PolKitResource *resource, const char  *resource_type);
-polkit_bool_t   polkit_resource_set_resource_id   (PolKitResource *resource, const char  *resource_id);
-polkit_bool_t   polkit_resource_get_resource_type (PolKitResource *resource, char       **out_resource_type);
-polkit_bool_t   polkit_resource_get_resource_id   (PolKitResource *resource, char       **out_resource_id);
-
-void            polkit_resource_debug             (PolKitResource *resource);
-
-polkit_bool_t   polkit_resource_validate          (PolKitResource *resource);
-
-#endif /* POLKIT_RESOURCE_H */
-
-
diff --git a/polkit/polkit.h b/polkit/polkit.h
index 3ce6947..148ee25 100644
--- a/polkit/polkit.h
+++ b/polkit/polkit.h
@@ -32,7 +32,6 @@
 #include <polkit/polkit-result.h>
 #include <polkit/polkit-context.h>
 #include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
 #include <polkit/polkit-seat.h>
 #include <polkit/polkit-session.h>
 #include <polkit/polkit-caller.h>
diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c
index bfb3ffa..0c960b3 100644
--- a/tools/polkit-check-caller.c
+++ b/tools/polkit-check-caller.c
@@ -46,28 +46,22 @@ usage (int argc, char *argv[])
                  "\n"
                  "usage : polkit-check-caller\n"
                  "          --caller <dbus-name> --action <action>\n"
-                 "          --resource-type <type> --resource-id <id>\n"
                  "          [--version] [--help]\n");
 	fprintf (stderr,
                  "\n"
                  "        --caller         Unique name of caller on the system bus\n"
                  "        --action         Requested action\n"
-                 "        --resource-type  Type of resource\n"
-                 "        --resource-id    Identifier of resource\n"
                  "        --version        Show version and exit\n"
                  "        --help           Show this information and exit\n"
                  "\n"
-                 "Determine if a given caller can access a given resource in a given\n"
-                 "way. If access is allowed, this program exits with exit code 0. If\n"
-                 "no access is allowed or an error occurs, the program exits with\n"
-                 "a non-zero exit code.\n");
+                 "Determine if a given caller can do a given action. If access is \n"
+                 "allowed, this program exits with exit code 0. If no access is allowed\n"
+                 "or an error occurs, the program exits with a non-zero exit code.\n");
 }
 
 int
 main (int argc, char *argv[])
 {
-        char *resource_type = NULL;
-        char *resource_id = NULL;
         char *action_id = NULL;
         char *dbus_name = NULL;
         gboolean is_version = FALSE;
@@ -75,7 +69,6 @@ main (int argc, char *argv[])
 	DBusError error;
         PolKitContext *pol_ctx;
         PolKitCaller *caller;
-        PolKitResource *resource;
         PolKitAction *action;
         gboolean allowed;
         PolKitError *p_error;
@@ -90,8 +83,6 @@ main (int argc, char *argv[])
 		int option_index = 0;
 		const char *opt;
 		static struct option long_options[] = {
-			{"resource-type", 1, NULL, 0},
-			{"resource-id", 1, NULL, 0},
 			{"action", 1, NULL, 0},
 			{"caller", 1, NULL, 0},
 			{"version", 0, NULL, 0},
@@ -113,10 +104,6 @@ main (int argc, char *argv[])
 				return 0;
 			} else if (strcmp (opt, "version") == 0) {
 				is_version = TRUE;
-			} else if (strcmp (opt, "resource-type") == 0) {
-				resource_type = strdup (optarg);
-			} else if (strcmp (opt, "resource-id") == 0) {
-				resource_id = strdup (optarg);
 			} else if (strcmp (opt, "action") == 0) {
 				action_id = strdup (optarg);
 			} else if (strcmp (opt, "caller") == 0) {
@@ -136,7 +123,7 @@ main (int argc, char *argv[])
 		return 0;
 	}
 
-	if (resource_type == NULL || resource_id == NULL || action_id == NULL || dbus_name == NULL) {
+	if (action_id == NULL || dbus_name == NULL) {
 		usage (argc, argv);
 		return 1;
 	}
@@ -159,10 +146,6 @@ main (int argc, char *argv[])
         action = polkit_action_new ();
         polkit_action_set_action_id (action, action_id);
 
-        resource = polkit_resource_new ();
-        polkit_resource_set_resource_type (resource, resource_type);
-        polkit_resource_set_resource_id (resource, resource_id);
-
         caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
         if (caller == NULL) {
                 if (dbus_error_is_set (&error)) {
@@ -172,7 +155,7 @@ main (int argc, char *argv[])
                 }
         }
 
-        allowed = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+        allowed = polkit_context_can_caller_do_action (pol_ctx, action, caller);
 
         if (allowed)
                 return 0;
diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c
index b232737..fd9f467 100644
--- a/tools/polkit-check-session.c
+++ b/tools/polkit-check-session.c
@@ -46,28 +46,23 @@ usage (int argc, char *argv[])
                  "\n"
                  "usage : polkit-check-session\n"
                  "          [--session <session>] --action <action>\n"
-                 "          --resource-type <type> --resource-id <id>\n"
                  "          [--version] [--help]\n");
 	fprintf (stderr,
                  "\n"
                  "        --session        ConsoleKit object path of session\n"
                  "        --action         Requested action\n"
-                 "        --resource-type  Type of resource\n"
-                 "        --resource-id    Identifier of resource\n"
                  "        --version        Show version and exit\n"
                  "        --help           Show this information and exit\n"
                  "\n"
-                 "Determine if a given session can access a given resource in a given\n"
-                 "way. If no session is given, the current session is used. If access\n"
-                 "is allowed, this program exits with exit code 0. If no access is allowed\n"
+                 "Determine if a given callers in a given session can do a given action.\n"
+                 "If no session is given, the current session is used. If access is\n"
+                 "allowed, this program exits with exit code 0. If no access is allowed\n"
                  "or an error occurs, the program exits with a non-zero exit code.\n");
 }
 
 int
 main (int argc, char *argv[])
 {
-        char *resource_type = NULL;
-        char *resource_id = NULL;
         char *action_id = NULL;
         char *session_id = NULL;
         char *cookie = NULL;
@@ -76,7 +71,6 @@ main (int argc, char *argv[])
 	DBusError error;
         PolKitContext *pol_ctx;
         PolKitSession *session;
-        PolKitResource *resource;
         PolKitAction *action;
         gboolean allowed;
         PolKitError *p_error;
@@ -93,8 +87,6 @@ main (int argc, char *argv[])
 		int option_index = 0;
 		const char *opt;
 		static struct option long_options[] = {
-			{"resource-type", 1, NULL, 0},
-			{"resource-id", 1, NULL, 0},
 			{"action", 1, NULL, 0},
 			{"session", 1, NULL, 0},
 			{"version", 0, NULL, 0},
@@ -116,10 +108,6 @@ main (int argc, char *argv[])
 				return 0;
 			} else if (strcmp (opt, "version") == 0) {
 				is_version = TRUE;
-			} else if (strcmp (opt, "resource-type") == 0) {
-				resource_type = strdup (optarg);
-			} else if (strcmp (opt, "resource-id") == 0) {
-				resource_id = strdup (optarg);
 			} else if (strcmp (opt, "action") == 0) {
 				action_id = strdup (optarg);
 			} else if (strcmp (opt, "session") == 0) {
@@ -139,7 +127,7 @@ main (int argc, char *argv[])
 		return 0;
 	}
 
-	if (resource_type == NULL || resource_id == NULL || action_id == NULL) {
+	if (action_id == NULL) {
 		usage (argc, argv);
 		return 1;
 	}
@@ -176,11 +164,7 @@ main (int argc, char *argv[])
         action = polkit_action_new ();
         polkit_action_set_action_id (action, action_id);
 
-        resource = polkit_resource_new ();
-        polkit_resource_set_resource_type (resource, resource_type);
-        polkit_resource_set_resource_id (resource, resource_id);
-
-        allowed = polkit_context_can_session_access_resource (pol_ctx, action, resource, session);
+        allowed = polkit_context_can_session_do_action (pol_ctx, action, session);
 
         if (allowed)
                 return 0;
diff --git a/tools/polkit-grant.c b/tools/polkit-grant.c
index 0c5181d..0bf2665 100644
--- a/tools/polkit-grant.c
+++ b/tools/polkit-grant.c
@@ -49,13 +49,10 @@ usage (int argc, char *argv[])
                  "\n"
                  "usage : polkit-grant\n"
                  "          --action <action>\n"
-                 "          --resource-type <type> --resource-id <id>\n"
                  "          [--version] [--help]\n");
 	fprintf (stderr,
                  "\n"
                  "        --action         Requested action\n"
-                 "        --resource-type  Type of resource\n"
-                 "        --resource-id    Identifier of resource\n"
                  "        --version        Show version and exit\n"
                  "        --help           Show this information and exit\n"
                  "\n"
@@ -285,15 +282,12 @@ int
 main (int argc, char *argv[])
 {
         char *action_id = NULL;
-        char *resource_type = NULL;
-        char *resource_id = NULL;
         gboolean is_version = FALSE;
         DBusConnection *bus;
 	DBusError error;
         PolKitContext *pol_ctx;
         PolKitCaller *caller;
         PolKitAction *action;
-        PolKitResource *resource;
         PolKitError *p_error;
         PolKitGrant *polkit_grant;
         int ret;
@@ -312,8 +306,6 @@ main (int argc, char *argv[])
 		const char *opt;
 		static struct option long_options[] = {
 			{"action", 1, NULL, 0},
-                        {"resource-type", 1, NULL, 0},
-                        {"resource-id", 1, NULL, 0},
 			{"version", 0, NULL, 0},
 			{"help", 0, NULL, 0},
 			{NULL, 0, NULL, 0}
@@ -335,10 +327,6 @@ main (int argc, char *argv[])
 				is_version = TRUE;
 			} else if (strcmp (opt, "action") == 0) {
 				action_id = strdup (optarg);
-			} else if (strcmp (opt, "resource-type") == 0) {
-				resource_type = strdup (optarg);
-			} else if (strcmp (opt, "resource-id") == 0) {
-				resource_id = strdup (optarg);
 			}
 			break;
 
@@ -353,7 +341,7 @@ main (int argc, char *argv[])
 		return 0;
 	}
 
-	if (action_id == NULL || resource_type == NULL || resource_id == NULL) {
+	if (action_id == NULL) {
 		usage (argc, argv);
                 goto error;
 	}
@@ -378,10 +366,6 @@ main (int argc, char *argv[])
         action = polkit_action_new ();
         polkit_action_set_action_id (action, action_id);
 
-        resource = polkit_resource_new ();
-        polkit_resource_set_resource_type (resource, resource_type);
-        polkit_resource_set_resource_id (resource, resource_id);
-
         caller = polkit_caller_new_from_dbus_name (bus, dbus_bus_get_unique_name (bus), &error);
         if (caller == NULL) {
                 if (dbus_error_is_set (&error)) {
@@ -406,9 +390,8 @@ main (int argc, char *argv[])
                                        &ud);
         
         if (!polkit_grant_initiate_auth (polkit_grant,
-                                            action,
-                                            resource,
-                                           caller)) {
+                                         action,
+                                         caller)) {
                 printf ("Failed to initiate privilege grant.\n");
                 ret = 1;
                 goto error;


More information about the hal-commit mailing list