PolicyKit: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Wed Mar 28 10:04:48 PDT 2007


 COPYING                                 |    4 
 Makefile.am                             |   11 
 NEWS                                    |    2 
 configure.in                            |  263 ------
 dev/null                                |binary
 doc/Makefile.am                         |    2 
 doc/TODO                                |   40 -
 doc/api/Makefile.am                     |   47 -
 doc/api/libpolkit/Makefile.am           |   67 +
 doc/api/libpolkit/libpolkit-docs.xml    |  109 ++
 doc/api/libpolkit/version.xml.in        |    1 
 doc/api/polkit-docs.xml                 |   15 
 doc/api/tmpl/libpolkit.sgml             |  114 --
 doc/man/Makefile.am                     |   13 
 doc/spec/Makefile.am                    |   30 
 doc/spec/config.xsl                     |    6 
 doc/spec/docbook.css                    |   18 
 doc/spec/polkit-arch.dia                |    0 
 doc/spec/polkit-arch.png                |    0 
 doc/spec/polkit-spec-introduction.xml   |   15 
 doc/spec/polkit-spec.html               |  384 ----------
 doc/spec/polkit-spec.xml.in             |  628 ----------------
 doc/spec/polkit-spec.xml.in.in          |   24 
 libpolkit.pc.in                         |    2 
 libpolkit/Makefile.am                   |   31 
 libpolkit/libpolkit-grant.c             |  407 ----------
 libpolkit/libpolkit-grant.h             |  125 ---
 libpolkit/libpolkit.c                   |  376 ---------
 libpolkit/libpolkit.h                   |   46 -
 pam-polkit-console/.gitignore           |    7 
 pam-polkit-console/Makefile.am          |   18 
 pam-polkit-console/pam-polkit-console.c |  262 ------
 policy-kit.in                           |    8 
 polkit-interface-manager.xml            |   48 -
 polkit-interface-session.xml            |   50 -
 polkitd/.gitignore                      |   13 
 polkitd/Makefile.am                     |   94 --
 polkitd/PolicyKit.conf.in               |   20 
 polkitd/PolicyKit.in                    |   80 --
 polkitd/debug-polkitd.sh                |    9 
 polkitd/main.c                          |  303 -------
 polkitd/policy.c                        | 1217 --------------------------------
 polkitd/policy.h                        |  103 --
 polkitd/polkit-manager.c                | 1089 ----------------------------
 polkitd/polkit-manager.h                |  132 ---
 polkitd/polkit-marshal.list             |    1 
 polkitd/polkit-session.c                | 1013 --------------------------
 polkitd/polkit-session.h                |  122 ---
 polkitd/polkitd-test.c                  |  275 -------
 polkitd/run-polkitd.sh                  |    7 
 polkitd/valgrind-polkitd.sh             |    4 
 privileges/.gitignore                   |    3 
 privileges/Makefile.am                  |    7 
 privileges/desktop-console.privilege    |   14 
 tools/Makefile.am                       |   21 
 tools/polkit-grant-privilege.c          |  331 --------
 tools/polkit-is-privileged.c            |  203 -----
 tools/polkit-list-privileges.c          |  209 -----
 tools/polkit-revoke-privilege.c         |  198 -----
 59 files changed, 318 insertions(+), 8323 deletions(-)

New commits:
diff-tree 5e55b4a226590b18bebc65b864ba323e69769939 (from e97e945ee59320cb15ec81958b2fa1c08653a8f6)
Author: David Zeuthen <davidz at redhat.com>
Date:   Wed Mar 28 13:01:37 2007 -0400

    reset project and remove all existing code
    
    Some of the code, e.g. the daemon, will be brought back in other forms.

diff --git a/COPYING b/COPYING
index 5ca1af9..2edfa2c 100644
--- a/COPYING
+++ b/COPYING
@@ -1,5 +1,5 @@
-The PolicyKit daemon and associated command-line tools polkit-* is
-licensed to you under the GNU General Public License version 2.
+The PolicyKit command-line tools are licensed to you under the GNU
+General Public License version 2.
 
 libpolkit is licensed to you under your choice of the Academic Free
 License version 2.1, or the GNU General Public License version 2.
diff --git a/Makefile.am b/Makefile.am
index dc38d3f..422aece 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,12 +1,9 @@
 ## Process this file with automake to produce Makefile.in
 
-SUBDIRS = libpolkit pam-polkit-console polkitd doc tools privileges
-
-pamdir = $(sysconfdir)/pam.d
-pam_DATA = policy-kit
+SUBDIRS = libpolkit doc tools
 
 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = polkit.pc
+pkgconfig_DATA = libpolkit.pc
 
 # Creating ChangeLog from git log (taken from cairo/Makefile.am):
 
@@ -28,9 +25,9 @@ $(srcdir)/ChangeLog:
 
 .PHONY: ChangeLog $(srcdir)/ChangeLog
 
-DISTCLEANFILES = polkit.pc
+DISTCLEANFILES = libpolkit.pc
 
-EXTRA_DIST = HACKING polkit-interface-manager.xml polkit-interface-session.xml polkit.pc.in policy-kit.in mkinstalldirs ChangeLog
+EXTRA_DIST = HACKING libpolkit.pc.in mkinstalldirs ChangeLog
 
 clean-local :
 	rm -f *~
diff --git a/NEWS b/NEWS
index 43a464a..7e1b37f 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,6 @@ PolicyKit 0.1 ""
 
 WRITE ME
 
-Requirements for PolicyKit 0.1 "" (and CVS HEAD)
+Requirements for PolicyKit 0.1 "" (and git master)
 
  - glib             >= 2.6.0
diff --git a/configure.in b/configure.in
index 9443c86..4cde2d3 100644
--- a/configure.in
+++ b/configure.in
@@ -1,8 +1,8 @@
 dnl Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.57)
-AC_INIT(PolicyKit, 0.2, david at fubar.dk)
-AM_INIT_AUTOMAKE(PolicyKit, 0.2)
+AC_INIT(PolicyKit, 0.3, david at fubar.dk)
+AM_INIT_AUTOMAKE(PolicyKit, 0.3)
 AM_CONFIG_HEADER(config.h)
 AM_MAINTAINER_MODE
 
@@ -10,7 +10,7 @@ AM_MAINTAINER_MODE
 #
 # See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details
 #
-LT_CURRENT=0
+LT_CURRENT=1
 LT_REVISION=0
 LT_AGE=0
 AC_SUBST(LT_CURRENT)
@@ -26,29 +26,12 @@ AC_PROG_MAKE_SET
 AC_PROG_LN_S
 AC_SYS_LARGEFILE
 
-AC_ARG_WITH(polkit_user,[  --with-polkit-user=<user>  user for PolicyKit])
-if test -z "$with_polkit_user" ; then
-    POLKIT_USER=polkit
-else
-    POLKIT_USER=$with_polkit_user
-fi
-AC_SUBST(POLKIT_USER)
-AC_DEFINE_UNQUOTED(POLKIT_USER, "$POLKIT_USER", [User for PolicyKit])
-
-AC_ARG_WITH(polkit_group,[  --with-polkit-group=<grp>  group for PolicyKit])
-if test -z "$with_polkit_group" ; then
-    POLKIT_GROUP=polkit
-else
-    POLKIT_GROUP=$with_polkit_group
-fi
-AC_SUBST(POLKIT_GROUP)
-AC_DEFINE_UNQUOTED(POLKIT_GROUP,"$POLKIT_GROUP", [Group for PolicyKit])
-
-
 # Taken from dbus
 AC_ARG_ENABLE(ansi,             [  --enable-ansi           enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
 AC_ARG_ENABLE(verbose-mode,     [  --enable-verbose-mode   support verbose debug mode],enable_verbose_mode=$enableval,enable_verbose_mode=$USE_MAINTAINER_MODE)
-AC_ARG_ENABLE(docbook-docs,     [  --enable-docbook-docs   build documentation (requires xmlto)],enable_docbook_docs=$enableval,enable_docbook_docs=auto)
+AC_ARG_ENABLE(docbook-docs,     [  --enable-docbook-docs   build documentation (requires xmlto)],enable_docbook_docs=$enableval,enable_docbook_docs=no)
+AC_ARG_ENABLE(man-pages,        [  --enable-man-pages      build manual pages],enable_man_pages=$enableval,enable_man_pages=yes)
+AM_CONDITIONAL(MAN_PAGES_ENABLED, test x$enable_man_pages = xyes)
 
 GTK_DOC_CHECK([1.3])
 
@@ -138,30 +121,23 @@ PKG_CHECK_MODULES(GLIB, [glib-2.0 >= 2.6
 AC_SUBST(GLIB_CFLAGS)
 AC_SUBST(GLIB_LIBS)
 
-PKG_CHECK_MODULES(DBUS, [dbus-1 >= 0.60])
-AC_SUBST(DBUS_CFLAGS)
-AC_SUBST(DBUS_LIBS)
-
-PKG_CHECK_MODULES(DBUS_GLIB, [dbus-glib-1 >= 0.60])
-AC_SUBST(DBUS_GLIB_CFLAGS)
-AC_SUBST(DBUS_GLIB_LIBS)
-
 AC_CHECK_FUNCS(getgrouplist)
 
 # DocBook Documentation
 
-AC_PATH_PROG(XMLTO, xmlto, no)
-
 AC_MSG_CHECKING([whether to build DocBook documentation])
 
-if test x$DOCBOOK = xno ; then
-    have_docbook=no
+AC_PATH_PROG(XMLTO, xmlto, no)
+AC_PATH_PROG(XMLLINT, xmllint, no)
+
+if test x$XMLLINT = xno ; then
+    have_xmllint=no
 else
-    have_docbook=yes
+    have_xmllint=yes
 fi
 
 if test x$enable_docbook_docs = xauto ; then
-    if test x$have_docbook = xno ; then
+    if test x$have_xmlto = xno || test x$have_xmllint = xno ; then
         enable_docbook_docs=no
     else
         enable_docbook_docs=yes
@@ -169,8 +145,8 @@ if test x$enable_docbook_docs = xauto ; 
 fi
 
 if test x$enable_docbook_docs = xyes; then
-    if test x$have_docbook = xno; then
-	AC_MSG_ERROR([Building DocBook docs explicitly required, but DocBook not found])
+    if test x$have_xmlto = xno; then
+	AC_MSG_ERROR([Building DocBook docs explicitly required, but xmlto not found])
     fi
 fi
 
@@ -195,186 +171,22 @@ fi
 
 AC_SUBST(DOCDIR)
 
-# PAM stuff borrowed from gnome-screensaver
-
-# Determine PAM prefix
-
-withval=""
-AC_ARG_WITH(pam-prefix,
-[  --with-pam-prefix=<prefix> specify where pam files go],[
-if test x$withval != x; then
-   AC_MSG_RESULT("PAM files will be installed in prefix ${withval}.")
-fi])
-if test x$withval != x; then
-	PAM_PREFIX_UNEXPANDED="$withval"
-else
-	PAM_PREFIX_UNEXPANDED="$sysconfdir"
-fi
-PAM_PREFIX=`eval echo $PAM_PREFIX_UNEXPANDED`
-AC_SUBST(PAM_PREFIX)
-
-
-dnl ---------------------------------------------------------------------------
-dnl - Check for PAM
-dnl ---------------------------------------------------------------------------
-
-have_pam=no
-AC_CHECK_LIB(pam, pam_start, have_pam=yes)
-if test x$have_pam = xno; then
-    AC_ERROR([Could not find pam/pam-devel, please install the needed packages.])
-else
-    AUTH_LIBS="${AUTH_LIBS} -lpam"
-    AC_DEFINE(HAVE_PAM, 1, [Define if PAM support is included])
-
-    # On Linux, sigtimedwait() is in libc; on Solaris, it's in librt.
-    have_timedwait=no
-    AC_CHECK_LIB(c, sigtimedwait, [have_timedwait=yes])
-    if test "$have_timedwait" = no ; then
-      AC_CHECK_LIB(rt, sigtimedwait, [AUTH_LIBS="${AUTH_LIBS} -lrt"])
-    fi
-
-    AC_MSG_CHECKING(how to call pam_strerror)
-    AC_CACHE_VAL(ac_cv_pam_strerror_args,
-     [AC_TRY_COMPILE([#include <stdio.h>
-                      #include <stdlib.h>
-                      #include <security/pam_appl.h>],
-                     [pam_handle_t *pamh = 0;
-                      char *s = pam_strerror(pamh, PAM_SUCCESS);],
-                     [ac_pam_strerror_args=2],
-                     [AC_TRY_COMPILE([#include <stdio.h>
-                                      #include <stdlib.h>
-                                      #include <security/pam_appl.h>],
-                                     [char *s =
-                                       pam_strerror(PAM_SUCCESS);],
-                                     [ac_pam_strerror_args=1],
-                                     [ac_pam_strerror_args=0])])
-      ac_cv_pam_strerror_args=$ac_pam_strerror_args])
-    ac_pam_strerror_args=$ac_cv_pam_strerror_args
-    if test "$ac_pam_strerror_args" = 1 ; then
-      AC_MSG_RESULT(one argument)
-    elif test "$ac_pam_strerror_args" = 2 ; then
-      AC_DEFINE(PAM_STRERROR_TWO_ARGS, 1, [Define if pam_strerror takes two arguments])
-      AC_MSG_RESULT(two arguments)
-    else
-      AC_MSG_RESULT(unknown)
-    fi
- 
-fi
-
-AM_CONDITIONAL(HAVE_PAM, test x$have_pam = xyes)
-AC_SUBST(HAVE_PAM)
-AC_SUBST(AUTH_LIBS)
-
-AC_CHECK_HEADER(security/pam_modutil.h, [AC_DEFINE(HAVE_PAM_MODUTIL_H, [], "Have pam_modutil.h")])
-AC_CHECK_HEADER(security/pam_ext.h, [AC_DEFINE(HAVE_PAM_EXT_H, [], "Have pam_ext.h")])
-AC_CHECK_LIB(pam, pam_vsyslog, [AC_DEFINE(HAVE_PAM_VSYSLOG, [], "Have pam_vsyslog")])
-
-
-AC_ARG_WITH(pam-module-dir, [  --with-pam-module-dir=[dirname]  directory to install PAM security module])
-if ! test -z "$with_pam_module_dir"; then
-    PAM_MODULE_DIR=$with_pam_module_dir
-else
-    PAM_MODULE_DIR="/lib/security"
-fi
-
-AC_SUBST(PAM_MODULE_DIR)
-
-
-AC_ARG_WITH(os-type,     [  --with-os-type=<os>        distribution or OS (redhat)])
-
-#### Check our operating system (distro-tweaks required)
-if test "z$with_os_type" = "z"; then
-	AC_CHECK_FILE(/etc/redhat-release,distro_type="redhat")
-	AC_CHECK_FILE(/etc/SuSE-release,distro_type="suse")
-	if test "z$distro_type" = "z"; then
-		echo "Linux distribution autodetection failed, specify the distribution to target using --with-os-type="
-	else
-		operating_system=`echo ${distro_type} | tr '[[:upper:]]' '[[:lower:]]' `
-	fi
-fi
-
-#### Sort out OS (distro-tweaks required)
-if test x$with_os_type = x; then
-    if test x$operating_system = xredhat ; then
-        with_os_type=redhat
-    elif test x$operating_system = xsuse ; then
-        with_os_type=suse
-    else
-        with_os_type=unknown
-    fi
-fi
-
-# (distro-tweaks required)
-AM_CONDITIONAL(OS_TYPE_UNKNOWN, test x$with_os_type = xunknown, [Running on unknown OS])
-AM_CONDITIONAL(OS_TYPE_RED_HAT, test x$with_os_type = xredhat, [Running on Red Hat OS'es])
-AM_CONDITIONAL(OS_TYPE_SUSE, test x$with_os_type = xsuse, [Running on SUSE OS'es])
-
-AC_ARG_WITH(pid-file,    [  --with-pid-file=<file>     pid file for polkitd])
-
-#### Set up the pid file (distro-tweaks required)
-if ! test -z "$with_pid_file"; then
-   POLKITD_PID_FILE=$with_pid_file
-elif test x$with_os_type = xredhat ; then
-   POLKITD_PID_FILE=${LOCALSTATEDIR}/run/polkitd.pid
-elif test x$with_os_type = xsuse ; then
-   POLKITD_PID_FILE=${LOCALSTATEDIR}/run/polkitd.pid
-else
-   POLKITD_PID_FILE=${LOCALSTATEDIR}/run/polkitd/pid
-fi
-
-AC_SUBST(POLKITD_PID_FILE)
-AC_DEFINE_UNQUOTED(POLKITD_PID_FILE, "$POLKITD_PID_FILE", [pid file])
-
-AC_ARG_WITH(pam-include, [  --with-pam-include=<file>  pam file to include])
-
-#### Set up pam file to include (distro-tweaks required)
-if ! test -z "$with_pam_include"; then
-   PAM_FILE_INCLUDE_AUTH=$with_pam_include
-   PAM_FILE_INCLUDE_ACCOUNT=$with_pam_include
-   PAM_FILE_INCLUDE_PASSWORD=$with_pam_include
-   PAM_FILE_INCLUDE_SESSION=$with_pam_include
-elif test x$with_os_type = xredhat ; then
-   PAM_FILE_INCLUDE_AUTH=system-auth
-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
-   PAM_FILE_INCLUDE_PASSWORD=system-auth
-   PAM_FILE_INCLUDE_SESSION=system-auth
-elif test x$with_os_type = xsuse ; then
-   PAM_FILE_INCLUDE_AUTH=common-auth
-   PAM_FILE_INCLUDE_ACCOUNT=common-account
-   PAM_FILE_INCLUDE_PASSWORD=common-password
-   PAM_FILE_INCLUDE_SESSION=common-session
-else
-   PAM_FILE_INCLUDE_AUTH=system-auth
-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
-   PAM_FILE_INCLUDE_PASSWORD=system-auth
-   PAM_FILE_INCLUDE_SESSION=system-auth
+if test "x$GCC" = "xyes"; then
+  LDFLAGS="-Wl,--as-needed $LDFLAGS"
 fi
 
-AC_SUBST(PAM_FILE_INCLUDE_AUTH)
-AC_SUBST(PAM_FILE_INCLUDE_ACCOUNT)
-AC_SUBST(PAM_FILE_INCLUDE_PASSWORD)
-AC_SUBST(PAM_FILE_INCLUDE_SESSION)
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_AUTH, "$PAM_FILE_INCLUDE_AUTH", [pam file auth])
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_ACCOUNT, "$PAM_FILE_INCLUDE_ACCOUNT", [pam file account])
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_PASSWORD, "$PAM_FILE_INCLUDE_PASSWORD", [pam file password])
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_SESSION, "$PAM_FILE_INCLUDE_SESSION", [pam file session])
-
-
 AC_OUTPUT([
-policy-kit
-polkit.pc
+libpolkit.pc
 Makefile
-pam-polkit-console/Makefile
-polkitd/Makefile
-polkitd/PolicyKit
-polkitd/PolicyKit.conf
 libpolkit/Makefile
 tools/Makefile
 doc/Makefile
 doc/api/Makefile
+doc/api/libpolkit/Makefile
+doc/api/libpolkit/version.xml
 doc/spec/Makefile
-doc/spec/polkit-spec.xml
-privileges/Makefile
+doc/spec/polkit-spec.xml.in
+doc/man/Makefile
 ])
 
 dnl ==========================================================================
@@ -391,41 +203,16 @@ echo "
         sysconfdir:                 ${SYSCONFDIR}
         localstatedir:              ${LOCALSTATEDIR}
         docdir:                     ${DOCDIR}
-        PAM prefix:                 ${PAM_PREFIX}
-	PAM module dir:             ${PAM_MODULE_DIR}
 
         compiler:                   ${CC}
         cflags:                     ${CFLAGS}
         cppflags:                   ${CPPFLAGS}
-        DocBook:                    ${DOCBOOK}
-        user for PolicyKit:         ${POLKIT_USER}
-        group for PolicyKit:        ${POLKIT_GROUP}
-        pidfile for polkitd:        ${POLKITD_PID_FILE}
-
-        Distribution/OS:            ${with_os_type}
-
-        PAM support:                ${have_pam}
-        PAM file auth:              ${PAM_FILE_INCLUDE_AUTH}
-        PAM file account:           ${PAM_FILE_INCLUDE_ACCOUNT}
-        PAM file password:          ${PAM_FILE_INCLUDE_PASSWORD}
-        PAM file session:           ${PAM_FILE_INCLUDE_SESSION}
+        xmlto:                      ${XMLTO}
+        xmllint:                    ${XMLLINT}
 
         Maintainer mode:            ${USE_MAINTAINER_MODE}
         Building verbose mode:      ${enable_verbose_mode}
         Building api docs:          ${enable_gtk_doc}
         Building docs:              ${enable_docbook_docs}
+        Building man pages:         ${enable_man_pages}
 "
-
-# (distro-tweaks required)
-if test x$with_os_type = xredhat; then
-   echo "NOTE: Red Hat style init scripts and pam file will be installed"
-elif test x$with_os_type = xsuse; then
-   echo "NOTE: SUSE style init scripts and pam file will be installed"
-else
-   echo "NOTE: You have to install init scripts yourself and tweak your own pam file"
-fi
-echo
-
-echo "NOTE: Remember to create user ${POLKIT_USER} and group ${POLKIT_GROUP} before make install"
-echo
-
diff --git a/doc/Makefile.am b/doc/Makefile.am
index ba72554..6d27607 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1,7 +1,7 @@
 
 EXTRA_DIST = TODO
 
-SUBDIRS = api spec
+SUBDIRS = api spec man
 
 clean-local:
 	rm -f *~
diff --git a/doc/TODO b/doc/TODO
index 9458bd7..eaa58c4 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,40 +1,2 @@
 
-DONE
-
- - Write up a nice spec about how all this works since it can be a bit
-   confusing
-
- - Refine the .privilege file format so e.g. user 'foo' is always
-   allowed to grant privilege 'bar' to other users. Also other stuff.
-
- - write polkit-revoke-privilege
-
- - make polkit-list-privileges and polkit-is-privileged display if a
-   privilege is granted permanently or temporary. Also display if it's
-   confined to a certain D-BUS connection.
-
- - Factor out auth code in polkit-is-privileged into a GObject and put
-   it in a libpolkit-gobject library (since the interaction is pretty
-   hairy (see interaction diagram in polkitd/polkit-session.c) I will
-   not put this in libpolkit as I want to use the glib bindings and
-   these require the glib main loop => not suitable for Qt etc.)
-
-PENDING
-
- - Make polkitd emit signals on an interface such that privileged apps
-   can be notified when privileges are granted and revoked. Also
-   export other useful query operations.
-
- - make D-BUS interface in general and polkit-grant-privilege in
-   particular capable of granting privs permanently
-
- - write some man pages
-
- - write libpolkit-gnome that GNOME apps can consume
-
- - implement D-BUS interfaces suitable for a GUI privilege editor
-
- - write more tests; audit code
-
- - Maybe use straight vsyslog from pam-polkit-console.c if pam_vsyslog
-   is missing (as recommened by Frederic Peters <fpeters at entrouvert.com>)
+TODO: write me
diff --git a/doc/api/Makefile.am b/doc/api/Makefile.am
index 5b6818b..3c12eb0 100644
--- a/doc/api/Makefile.am
+++ b/doc/api/Makefile.am
@@ -1,46 +1,9 @@
-
 ## Process this file with automake to create Makefile.in.
 
-AUTOMAKE_OPTIONS = 1.7
-
-# The name of the module.
-DOC_MODULE=polkit
-
-# The top-level SGML file.
-DOC_MAIN_SGML_FILE=polkit-docs.xml
-
-# Extra options to supply to gtkdoc-scan
-#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
-
-# The directory containing the source code. Relative to $(srcdir)
-DOC_SOURCE_DIR=../../libpolkit
-
-# Used for dependencies
-HFILE_GLOB=$(top_srcdir)/libpolkit/*.h
-CFILE_GLOB=$(top_srcdir)/libpolkit/*.c
-
-# Headers to ignore
-IGNORE_HFILES=
-
-# CFLAGS and LDFLAGS for compiling scan program. Only needed
-# if $(DOC_MODULE).types is non-empty.
-INCLUDES =
-GTKDOC_LIBS =
-
-# Extra options to supply to gtkdoc-mkdb
-MKDB_OPTIONS=--sgml-mode --output-format=xml
-
-# Extra options to supply to gtkdoc-mktmpl
-MKTMPL_OPTIONS=
-
-# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
-content_files =
-
-# Images to copy into HTML directory
-HTML_IMAGES =
-
-# Extra options to supply to gtkdoc-fixref
-FIXXREF_OPTIONS=
+SUBDIRS = libpolkit
 
-include $(top_srcdir)/gtk-doc.make
+MAINTAINERCLEANFILES =		\
+	*~			\
+	Makefile.in		\
+	$(NULL)
 
diff --git a/doc/api/libpolkit/Makefile.am b/doc/api/libpolkit/Makefile.am
new file mode 100644
index 0000000..6c3d6f9
--- /dev/null
+++ b/doc/api/libpolkit/Makefile.am
@@ -0,0 +1,67 @@
+## Process this file with automake to create Makefile.in.
+
+NULL =
+
+AUTOMAKE_OPTIONS = 1.7
+
+# The name of the module.
+DOC_MODULE=libpolkit
+
+# The top-level SGML file.
+DOC_MAIN_SGML_FILE=libpolkit-docs.xml
+
+# Extra options to supply to gtkdoc-scan
+#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
+
+# The directory containing the source code. Relative to $(srcdir)
+DOC_SOURCE_DIR=../../../libpolkit
+
+# Used for dependencies
+HFILE_GLOB=$(top_srcdir)/libpolkit/*.h
+CFILE_GLOB=$(top_srcdir)/libpolkit/*.c
+
+# Headers to ignore
+IGNORE_HFILES= \
+	$(NULL)
+
+# CFLAGS and LDFLAGS for compiling scan program. Only needed
+# if $(DOC_MODULE).types is non-empty.
+INCLUDES = \
+	$(GLIB_CFLAGS)		\
+	-I$(top_srcdir) 	\
+	-I$(top_builddir)	\
+	$(NULL)
+
+GTKDOC_LIBS = \
+	$(GLIB_LIBS)				\
+	$(top_builddir)/libpolkit/libpolkit.la	\
+	$(NULL)
+
+# Extra options to supply to gtkdoc-mkdb
+MKDB_OPTIONS=--sgml-mode --output-format=xml
+
+# Extra options to supply to gtkdoc-mktmpl
+MKTMPL_OPTIONS=
+
+# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
+content_files = \
+	version.xml			\
+	$(NULL)
+
+# Images to copy into HTML directory
+HTML_IMAGES =
+
+# Extra options to supply to gtkdoc-fixref
+FIXXREF_OPTIONS=
+
+MAINTAINERCLEANFILES =		\
+	*~			\
+	Makefile.in		\
+	libpolkit.types	\
+	libpolkit-*.txt	\
+	$(NULL)
+
+include $(top_srcdir)/gtk-doc.make
+
+# Version information for marking the documentation
+EXTRA_DIST += version.xml.in
diff --git a/doc/api/libpolkit/libpolkit-docs.xml b/doc/api/libpolkit/libpolkit-docs.xml
new file mode 100644
index 0000000..10f3fcf
--- /dev/null
+++ b/doc/api/libpolkit/libpolkit-docs.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
+<!ENTITY version SYSTEM "version.xml">
+]>
+<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
+  <bookinfo>
+    <title>PolicyKit Library Reference Manual</title>
+    <releaseinfo>Version &version;</releaseinfo>
+    <authorgroup>
+      <author>
+	<firstname>David</firstname>
+	<surname>Zeuthen</surname>
+	<affiliation>
+	  <address>
+	    <email>david at fubar.dk</email>
+	  </address>
+	</affiliation>
+      </author>
+    </authorgroup>
+
+    <copyright>
+      <year>2007</year>
+      <holder>The PolicyKit Authors</holder>
+    </copyright>
+
+    <legalnotice>
+      <para>
+	Permission is granted to copy, distribute and/or modify this
+	document under the terms of the <citetitle>GNU Free
+	Documentation License</citetitle>, Version 1.1 or any later
+	version published by the Free Software Foundation with no
+	Invariant Sections, no Front-Cover Texts, and no Back-Cover
+	Texts. You may obtain a copy of the <citetitle>GNU Free
+	Documentation License</citetitle> from the Free Software
+	Foundation by visiting <ulink type="http"
+	url="http://www.fsf.org">their Web site</ulink> or by writing
+	to:
+
+	<address>
+	  The Free Software Foundation, Inc.,
+	  <street>59 Temple Place</street> - Suite 330,
+	  <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
+	  <country>USA</country>
+	</address>
+      </para>
+
+      <para>
+	Many of the names used by companies to distinguish their
+	products and services are claimed as trademarks. Where those
+	names appear in any GNOME documentation, and those trademarks
+	are made aware to the members of the GNOME Documentation
+	Project, the names have been printed in caps or initial caps.
+      </para>
+    </legalnotice>
+  </bookinfo>
+
+  <reference>
+    <title>API Reference</title>
+
+    <partintro>
+      <para>
+	This part presents the class and function reference for the
+	PolicyKit library.
+      </para>
+    </partintro>
+    <xi:include href="xml/libpolkit.xml"/>
+  </reference>
+
+  <index>
+    <title>Index</title>
+  </index>
+
+  <!-- License -->
+
+  <appendix id="license">
+    <title>License</title>
+
+    <para>
+      This library is free software; you can redistribute it and/or
+      modify it under the terms of the <citetitle>GNU General
+      Public License</citetitle> as published by the Free Software
+      Foundation; either version 2 of the License, or (at your option)
+      any later version.
+    </para>
+
+    <para>
+      This library is distributed in the hope that it will be useful,
+      but WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+      <citetitle>GNU Library General Public License</citetitle> for
+      more details.
+    </para>
+
+    <para>
+      You may obtain a copy of the <citetitle>GNU General
+      Public License</citetitle> from the Free Software Foundation by
+      visiting <ulink type="http" url="http://www.fsf.org">their Web
+      site</ulink> or by writing to:
+
+      <address>
+	Free Software Foundation, Inc.
+	<street>59 Temple Place</street> - Suite 330
+	<city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
+	<country>USA</country>
+      </address>
+    </para>
+  </appendix>
+</book>
diff --git a/doc/api/libpolkit/libpolkit.types b/doc/api/libpolkit/libpolkit.types
new file mode 100644
index 0000000..e69de29
diff --git a/doc/api/libpolkit/version.xml.in b/doc/api/libpolkit/version.xml.in
new file mode 100644
index 0000000..d78bda9
--- /dev/null
+++ b/doc/api/libpolkit/version.xml.in
@@ -0,0 +1 @@
+ at VERSION@
diff --git a/doc/api/polkit-docs.xml b/doc/api/polkit-docs.xml
deleted file mode 100644
index 6d2245b..0000000
--- a/doc/api/polkit-docs.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" 
-               "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
-  <bookinfo>
-    <title>PolicyKit Reference Manual</title>
-  </bookinfo>
-
-  <chapter>
-    <title>Client libraries</title>
-    <xi:include href="xml/libpolkit.xml"/>
-    <xi:include href="xml/libpolkit-grant.xml"/>
-  </chapter>
-
-</book>
diff --git a/doc/api/tmpl/libpolkit.sgml b/doc/api/tmpl/libpolkit.sgml
deleted file mode 100644
index a19e86c..0000000
--- a/doc/api/tmpl/libpolkit.sgml
+++ /dev/null
@@ -1,114 +0,0 @@
-<!-- ##### SECTION Title ##### -->
-libpolkit
-
-<!-- ##### SECTION Short_Description ##### -->
-
-
-<!-- ##### SECTION Long_Description ##### -->
-<para>
-
-</para>
-
-<!-- ##### SECTION See_Also ##### -->
-<para>
-
-</para>
-
-<!-- ##### SECTION Stability_Level ##### -->
-
-
-<!-- ##### ENUM LibPolKitResult ##### -->
-<para>
-
-</para>
-
- at LIBPOLKIT_RESULT_OK: 
- at LIBPOLKIT_RESULT_ERROR: 
- at LIBPOLKIT_RESULT_INVALID_CONTEXT: 
- at LIBPOLKIT_RESULT_NOT_PRIVILEGED: 
- at LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE: 
- at LIBPOLKIT_RESULT_NO_SUCH_USER: 
-
-<!-- ##### STRUCT LibPolKitContext_s ##### -->
-<para>
-
-</para>
-
-
-<!-- ##### TYPEDEF LibPolKitContext ##### -->
-<para>
-
-</para>
-
-
-<!-- ##### FUNCTION libpolkit_new_context ##### -->
-<para>
-
-</para>
-
- at connection: 
- at Returns: 
-
-
-<!-- ##### FUNCTION libpolkit_free_context ##### -->
-<para>
-
-</para>
-
- at ctx: 
- at Returns: 
-
-
-<!-- ##### FUNCTION libpolkit_get_privilege_list ##### -->
-<para>
-
-</para>
-
- at ctx: 
- at result: 
- at Returns: 
-
-
-<!-- ##### FUNCTION libpolkit_is_uid_allowed_for_privilege ##### -->
-<para>
-
-</para>
-
- at ctx: 
- at system_bus_unique_name: 
- at user: 
- at privilege: 
- at resource: 
- at out_is_allowed: 
- at out_is_temporary: 
- at out_is_privileged_but_restricted_to_system_bus_unique_name: 
- at Returns: 
-
-
-<!-- ##### FUNCTION libpolkit_revoke_temporary_privilege ##### -->
-<para>
-
-</para>
-
- at ctx: 
- at user: 
- at privilege: 
- at resource: 
- at result: 
- at Returns: 
-
-
-<!-- ##### FUNCTION libpolkit_get_allowed_resources_for_privilege_for_uid ##### -->
-<para>
-
-</para>
-
- at ctx: 
- at user: 
- at privilege: 
- at resources: 
- at ions: 
- at num_non_temporary: 
- at Returns: 
-
-
diff --git a/doc/api/tmpl/polkit-unused.sgml b/doc/api/tmpl/polkit-unused.sgml
deleted file mode 100644
index e69de29..0000000
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
new file mode 100644
index 0000000..56847f8
--- /dev/null
+++ b/doc/man/Makefile.am
@@ -0,0 +1,13 @@
+
+if MAN_PAGES_ENABLED
+
+MAN_IN_FILES = 
+
+man_MANS = 
+
+endif # MAN_PAGES_ENABLED
+
+EXTRA_DIST=$(man_MANS) $(MAN_IN_FILES)
+
+clean-local:
+	rm -f *~
diff --git a/doc/spec/Makefile.am b/doc/spec/Makefile.am
index e64c56d..8abc430 100644
--- a/doc/spec/Makefile.am
+++ b/doc/spec/Makefile.am
@@ -1,24 +1,28 @@
 
+FIGURE_FILES =
 
-FIGURE_FILES =                        	\
-	polkit-arch.png
+SPEC_XML_EXTRA_FILES =			\
+	polkit-spec-introduction.xml
 
 if DOCBOOK_DOCS_ENABLED
 
 htmldocdir = $(DOCDIR)/spec
-htmldoc_DATA = polkit-spec.html $(FIGURE_FILES)
+htmldoc_DATA = polkit-spec.html $(FIGURE_FILES) docbook.css
 
-polkit-spec.html : polkit-spec.xml $(FIGURE_FILES)
-	$(XMLTO) html-nochunks polkit-spec.xml
+polkit-spec.html : polkit-spec.xml.in $(FIGURE_FILES) $(SPEC_XML_EXTRA_FILES)
+	${XMLLINT} --xinclude polkit-spec.xml.in > polkit-spec.xml
+	$(XMLTO) html-nochunks -m config.xsl polkit-spec.xml
+
+endif # DOCBOOK_DOCS_ENABLED
 
 clean-local:
 	rm -f *~
-	rm -f polkit-spec.html polkit-spec.xml
-
-
-endif # DOCBOOK_DOCS_ENABLED
+	rm -f *.html
+	rm -f polkit-spec.xml
 
-EXTRA_DIST = polkit-spec.html    \
-	     polkit-spec.xml.in  \
-	     polkit-arch.dia	 \
-	     $(FIGURE_FILES)
+EXTRA_DIST =				\
+	polkit-spec.xml.in		\
+	config.xsl			\
+	docbook.css			\
+	$(SPEC_XML_EXTRA_FILES)		\
+	$(FIGURE_FILES)
diff --git a/doc/spec/config.xsl b/doc/spec/config.xsl
new file mode 100644
index 0000000..7aa9def
--- /dev/null
+++ b/doc/spec/config.xsl
@@ -0,0 +1,6 @@
+<?xml version='1.0'?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:fo="http://www.w3.org/1999/XSL/Format"
+                version="1.0">
+  <xsl:param name="html.stylesheet" select="'docbook.css'"/>
+</xsl:stylesheet>
diff --git a/doc/spec/docbook.css b/doc/spec/docbook.css
new file mode 100644
index 0000000..9a0e72a
--- /dev/null
+++ b/doc/spec/docbook.css
@@ -0,0 +1,18 @@
+body {
+	font-family: luxi sans,sans-serif;
+}
+
+table {
+	border: solid 1pt; 
+	border-collapse: collapse;
+}
+
+th {
+	background: #eeeeee; 
+	padding: 5px;
+}
+
+td {
+	border: solid 1pt;
+	padding: 5px;
+}
diff --git a/doc/spec/polkit-arch.dia b/doc/spec/polkit-arch.dia
deleted file mode 100644
index d7e4417..0000000
Binary files a/doc/spec/polkit-arch.dia and /dev/null differ
diff --git a/doc/spec/polkit-arch.png b/doc/spec/polkit-arch.png
deleted file mode 100644
index 786221b..0000000
Binary files a/doc/spec/polkit-arch.png and /dev/null differ
diff --git a/doc/spec/polkit-spec-introduction.xml b/doc/spec/polkit-spec-introduction.xml
new file mode 100644
index 0000000..32a575e
--- /dev/null
+++ b/doc/spec/polkit-spec-introduction.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<chapter id="introduction">
+  <title>Introduction</title>
+  
+  <sect1>
+    <title>About</title>
+    
+    <para>
+      TODO; write me!
+    </para>
+    
+  </sect1>
+</chapter>
diff --git a/doc/spec/polkit-spec.html b/doc/spec/polkit-spec.html
deleted file mode 100644
index 17282a6..0000000
--- a/doc/spec/polkit-spec.html
+++ /dev/null
@@ -1,384 +0,0 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br>
-	    <code class="email">&lt;<a href="mailto:david at fubar.dk">david at fubar.dk</a>&gt;</code><br>
-	  </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689259"></a>About</h2></div></div></div><p>
-	PolicyKit is a system for enabling unprivileged desktop
-	applications to invoke privileged methods on system-wide
-	components in a controlled manner.
-      </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689283"></a>Privileges</h2></div></div></div><p>
-	One major concept of the PolicyKit system is the notion of
-	privileges; a <span class="emphasis"><em>PolicyKit privilege</em></span>
-	(referred to simply as
-	<span class="emphasis"><em>privilege</em></span> in the following) is something
-	that a given user may or may not possess. The thinking behind
-	PolicyKit is that privileged system level components offer
-	functionality to unprivileged desktop applications as D-BUS
-	method calls through the system message bus. In order to have
-	a flexible security policy defining the set of users that are
-	allowed to invoke a method, the system level component defines
-	a set of
-	<span class="emphasis"><em>privileges</em></span>. 
-      </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2719970"></a>Architecture</h2></div></div></div><p>
-	The PolicyKit system is basically client/server and is
-	implemented as the
-	system-wide <code class="literal">org.freedesktop.PolicyKit</code> D-BUS
-	service. This D-BUS service serves two purposes
-      </p><div class="itemizedlist"><ul type="disc"><li><p>
-	    System-level components may used D-BUS methods on this
-	    service to determine if a given caller of their methods
-	    are privileged.
-          </p></li><li><p>
-	    Desktop level applications may initiate a dialogue with
-	    this service to (temporarily) obtain a privilege through
-	    authorization.
-          </p></li></ul></div><p>
-	In addition, the PolicyKit system includes client side
-	libraries and command-line utilities wrapping the D-BUS API of
-	the <code class="literal">org.freedesktop.PolicyKit</code> service.
-      </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684484"></a>Example</h2></div></div></div><p>
-	As an example, HAL exports the method <code class="literal">Mount</code>
-	on the
-	<code class="literal">org.freedesktop.Hal.Device.Volume</code> interface
-	for each hal device object of
-	capability <span class="emphasis"><em>volume</em></span>. HAL defines a number
-	of privileges for mounting
-	including <span class="emphasis"><em>hal-storage-fixed-mount</em></span>
-	and <span class="emphasis"><em>hal-storage-removable-mount</em></span>. Depending
-	on the whether the volume stems from a fixed hard disk or a
-	hotpluggable/removable drive, HAL requires the calling user to
-	possess either
-	the <span class="emphasis"><em>hal-storage-fixed-mount</em></span>
-	or <span class="emphasis"><em>hal-storage-removable-mount</em></span> privilege
-	in order to carry out the <code class="literal">Mount</code> method. 
-      </p><p>
-	Upon a user invoking the <code class="literal">Mount</code> method, HAL
-	simply asks the <code class="literal">org.freedesktop.PolicyKit</code>
-	D-BUS service if the calling user possess this privilege and if
-	this is not the case the <code class="literal">Mount</code> method
-	throws
-	the <code class="literal">org.freedesktop.Hal.Device.PermissionDeniedByPolicy</code>
-	exception. Notably, this exception will tell the caller what
-	privilege the calling user needs to possess,
-	e.g. either <span class="emphasis"><em>hal-storage-fixed-mount</em></span>
-	or <span class="emphasis"><em>hal-storage-removable-mount</em></span>.
-      </p><p>
-	Should the <code class="literal">Mount</code> method fail with the
-	exception <code class="literal">PermissionDeniedByPolicy</code> the
-	caller now knows what privilege is required. The caller can
-	now initiate a dialogue with the <code class="literal">PolicyKit</code>
-	service to obtain this privilege. This conversation is
-	basically equivalent to a PAM authentication; in fact the 
-	<code class="literal">PolicyKit</code> service uses PAM under the hood
-	and wraps it in D-BUS calls. For details (like what user to
-	authenticate as) see XXX. When the caller obtains the
-	privilege (after successful authentication) he can now
-	invoke <code class="literal">Mount</code> and after this succeeds he may
-	tell the <code class="literal">PolicyKit</code> service to release the
-	privilege for the user as it is no longer needed. Should the
-	process crash while holding a privilege,
-	the <code class="literal">PolicyKit</code> service will be notifed and
-	the privilege will automatically be revoked.
-      </p><p>
-	Hence, <code class="literal">PolicyKit</code> has the notion of
-	both <span class="emphasis"><em>permament</em></span>
-	and <span class="emphasis"><em>temporary</em></span> privileges. The latter may
-	even be restricted such that only callers from the D-BUS
-	connection (remember, D-BUS connections has unique names)
-	obtaining the privilege may use the obtained
-	privilege. Consequently, if a temporary privilege is
-	restricted to a certain D-BUS connection, it is revoked when
-	the owner of this connection disconnects from the system
-	message bus.
-      </p><p>
-	In addition, privileges may be restricted to
-	certain <span class="emphasis"><em>resources</em></span>; this is discussed in
-	more detail in XXX.
-      </p><p>
-	<img src="polkit-arch.png">
-      </p><p>
-	The whole example is outlined in the diagram above.
-      </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></div><p>
-      PolicyKit allows granting privileges only on
-      certain <span class="emphasis"><em>resources</em></span>. For example, for HAL, it
-      is possible to grant the
-      privilege <span class="emphasis"><em>hal-storage-fixed-mount</em></span> to the
-      user with uid 500 but only for the HAL device object
-      representing e.g. the <code class="literal">/dev/hda3</code> partition.
-    </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684709"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying
-	what service they belong to. The following resource
-	identifiers are defined
-      </p><div class="itemizedlist"><ul type="disc"><li><p>
-	    <code class="literal">hal://</code>
-	    HAL Unique Device Identifiers also known as HAL UID's. Example: <code class="literal">hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</code>
-          </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688519"></a>Privilege Descriptors</h2></div></div></div><p> 
-	Applications, such as HAL, installs <span class="emphasis"><em>privilege
-	descriptors</em></span> into
-	the <code class="literal">/etc/PolicyKit/privilege.d</code> directory
-	(or more correct, into
-	the <code class="literal">$sysconfdir/PolicyKit/privilege.d</code>
-	directory depending on where PolicyKit is built).
-      </p><p>
-	A policy descriptor contains the following information:
-      </p><div class="itemizedlist"><ul type="disc"><li><p>
-	    Criteria for determining if a given user possess the privilege on a given resource.
-          </p></li><li><p>
-	    What privileges are required to possess a given privilege.
-          </p></li><li><p>
-	    What privileges are sufficient to possess to automatically possess a given privilege.
-          </p></li><li><p>
-	    Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently.
-          </p></li><li><p>
-	    Whether a user with the privilege may permanently grant it to other users.
-          </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688596"></a>File Format</h2></div></div></div><p>
-	A developer of a system-wide application wanting to define a
-	privilege must create a privilege descriptor. This is a a
-	simple <code class="literal">.ini</code>-like config file. Here is what
-	the skeleton looks like:
-      </p><pre class="programlisting">
-	[Policy]
-	RequiredPrivileges=
-	SufficientPrivileges=
-	Allow=
-	Deny=
-	CanObtain=
-	CanGrant=
-	ObtainRequireRoot=
-      </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688622"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p>
-	  This is a list of privileges the user must possess in order
-	  to possess the given privilege. If the user doesn't possess
-	  all of these privileges he is not considered to possess the
-	  given privilege. The list may be empty. A privilege in this
-	  list is considered being possessed if the user is privileged
-	  for one or more resources. E.g., if <code class="literal">foo</code>
-	  is a required privilege then just having this privilege on
-	  one resource is sufficient.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688650"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p>
-	  This is a list of privileges that, if a user possess any of
-	  these, he is consider to possess the given privilege. The
-	  list may be empty.  A privilege in this list is considered
-	  being possessed if the user is privileged for one or more
-	  resources. As with <code class="literal">RequiredPrivileges</code>,
-	  if <code class="literal">foo</code> is a sufficient privilege then
-	  just having this privilege on one resource is sufficient.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688683"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p>
-	  Both <code class="literal">Allow</code> and <code class="literal">Deny</code>
-	  contains lists describing what users are allowed
-	  respectively denied the privilege. The elements of in each
-	  list are of the form
-	  <code class="literal">type:value[:resource]</code>.  where the last
-	  part, resource, may be omitted. The following types are
-	  supported:
-	</p><div class="itemizedlist"><ul type="disc"><li><p><code class="literal">uid</code>: Unix user identifer; either
-	    a positive integer or Unix username. Special values
-	    include <code class="literal">__all__</code> (for denoting all
-	    users) and <code class="literal">__none__</code> (for denoting no
-	    users).</p></li><li><p><code class="literal">gid</code>: Unix group identifier,
-	    either a positive integer or Unix groupname. Special
-	    values include <code class="literal">__all__</code> (for denoting
-	    all groups) and <code class="literal">__none__</code> (for denoting
-	    no groups).</p></li></ul></div><p>
-	  To determine if a given user is allowed for a given
-	  privilege (for a given resource), first
-	  the <code class="literal">SufficientPrivileges</code> list is
-	  consulted as described above. If the user possesses one or
-	  more of the listed privileges we're done; the user is
-	  automatically allowed for the given privilege. If this is
-	  not the case, the <code class="literal">RequiredPrivileges</code> list
-	  is consulted as described above. If the user possess all of
-	  the listed privileges, the <code class="literal">Allow</code> list is
-	  now consulted. For each element it is tested whether the
-	  user matches. If there are no elements for which the user is
-	  matches, the user is said not to possess the given privilege
-	  (for the given resource).
-	</p><p>
-	  If there is a match in the <code class="literal">Allow</code> list,
-	  the <code class="literal">Deny</code> list is now consulted. If the
-	  user matches any of the elements we know he doesn't possess
-	  the given privilege. If no elements match we can conclude
-	  that the user indeed possesses the given privilege (for the
-	  given resource).
-	</p><p>
-	  This logic is best described by a few examples
-	</p><div class="itemizedlist"><ul type="disc"><li><p>
-	      <code class="literal">
-		Allow="uid:davidz uid:501:hal:///deviceFoo gid:admins
-		uid:502"
-	      </code>
-	    </p><p>
-	      <code class="literal">
-		Deny="gid:dooders uid:502:hal:///deviceBar"
-	      </code>
-	    </p><p>
-		User <code class="literal">davidz</code> possess this
-		privilege. All members of
-		the <code class="literal">dooders</code> group is denied this
-		privilege. User 501 is allowed this privilege but only
-		on the <code class="literal">hal:///deviceFoo</code>
-		resource. All users in the <code class="literal">admin</code>
-		group posseses the privilege. User 502 is allowed this
-		privilege but not on
-		the <code class="literal">hal:///deviceBar</code>
-		resource.
-	    </p></li><li><p>
-	      <code class="literal">
-		Allow="uid:__all__"
-	      </code>
-	    </p><p>
-	      <code class="literal">
-		Deny="gid:normalstaff"
-	      </code>
-	    </p><p>
-	        All users expect those in
-	        the <code class="literal">normalstaff</code> group posseses this
-	        privilege.
-	    </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="can-obtain"></a><code class="literal">CanObtain</code>: Obtaining Privileges</h3></div></div></div><p>
-	  This property denotes whether an user can obtain the
-	  privilege by authentication. This is useful when either
-	  either the privilege in question or one of the privileges
-	  listed in <code class="literal">RequiredPrivileges</code> is not
-	  possessed.
-	</p><p>
-	  The property can assume the values
-	  <code class="literal">True</code> (the user can obtain the privilege
-	  permanently), <code class="literal">Temporary</code> (the user can
-	  only obtain the privilege temporarily) and
-	  <code class="literal">False</code> (the user can never obtain the
-	  privilege through authentication). 
-	</p><p>
-	  Whether the user needs to autenticate as himself or the
-	  super user is specified in
-	  the <code class="literal">ObtainRequireRoot</code> property. Note that
-	  if the user is lacking one or more of the privileges listed
-	  in <code class="literal">RequiredPrivileges</code> and one of these
-	  has <code class="literal">ObtainRequireRoot=True</code> the user will
-	  have to authenticate as the super user nonwithstanding that
-	  the privilege he attempts to obtain
-	  has <code class="literal">ObtainRequireRoot=False</code>. Moreover, if
-	  any of the lacking privileges
-	  in <code class="literal">RequiredPrivileges</code>
-	  has <code class="literal">CanObtain</code> set
-	  to <code class="literal">False</code>, the user will always have to
-	  authenticate as the super user.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2684304"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p>
-	  This property (it can assume the
-	  values <code class="literal">True</code> and <code class="literal">False</code>)
-	  describes whether an user with the given privilege can
-	  permanently grant it to himself and/or other users,.
-	</p><p>
-	  Typically, the construct is used in the following kind of UI
-	  dialogs:
-	</p><pre class="programlisting">
-    +----------------------------------------------------+
-    | You are not privileged to access the volume        |
-    | 'Dave's USB key'. You need to authenticate as the  |
-    | system administrator                               |
-    |                                                    |
-    |   Super user password: [_______________]           |
-    |                                                    |
-    |   Would you also like to automatically allow       |
-    |                                                    |
-    |  (*) This user to mount 'Dave's USB key'           |
-    |  ( ) Any user to mount 'Dave's USB key'            |
-    |  ( ) This user to mount a removable storage device |
-    |  ( ) Any user to mount a removable storage device  |
-    |                                                    |
-    | [Cancel]                                   [Mount] |
-    +----------------------------------------------------+
-       (TODO: replace with screenshot from gnome-mount)
-	</pre><p>
-	  The property <code class="literal">CanObtain</code> needs to assume
-	  the value <code class="literal">True</code> if this property assumes
-	  the value <code class="literal">True</code>. Otherwise this property
-	  effectively assumes the value <code class="literal">False</code>.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2728947"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p>
-	  If the property <code class="literal">CanObtain</code> assumes the
-	  value <code class="literal">True</code>
-	  or <code class="literal">Temporary</code> it means the user can
-	  authenticate to gain a
-	  privilege. The <code class="literal">ObtainRequireRoot</code> property
-	  specifies whether authentication requires the super user
-	  password (<code class="literal">True</code>) or the users own password
-	  (<code class="literal">False</code>).
-	</p><p>
-	  See <a href="#can-obtain" title="CanObtain: Obtaining Privileges">the section called &#8220;<code class="literal">CanObtain</code>: Obtaining Privileges&#8221;</a> for discussion on how
-	  the <code class="literal">RequiredPrivileges</code> property affects
-	  the effective value of this property.
-	</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="privs-by-polkit"></a>Privileges defined by PolicyKit</h2></div></div></div><p>
-	This section describe privileges defined by PolicyKit and how
-	they can be used by other pieces of software. Some privileges
-	have special meaning and affects how PolicyKit works.
-      </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="priv-desktop-console"></a><code class="literal">desktop-console</code> : Users at a local console</h3></div></div></div><pre class="programlisting">
-desktop-console.privilege:
-
-# This privilege signfies that users holding it are logged into a
-# physical console attached to the system. Thus, it is useful for
-# other privileges for manipulating local devices to simply require
-# this privilege. 
-
-[Privilege]
-RequiredPrivileges=
-SufficientPrivileges=
-Allow=
-Deny=
-CanObtain=Temporary
-CanGrant=False
-ObtainRequireRoot=True
-	</pre><p>
-	  This privilege signifies that the user holding it is logged
-	  in at a local console. In this context, "local console"
-	  means that the display / keyboard / pointing device is local
-	  to the system which implies the user got physical access to
-	  the box.
-	</p><p>
-	  The PAM module <code class="literal">pam-polkit-console</code> shipped
-	  with PolicyKit is used to maintain files
-	  in <code class="literal">/var/run/polkit-console</code> for users
-	  logging in and out, and signal the PolicyKit daemon to
-	  reread these files and dynamically grant / revoke
-	  the <code class="literal">desktop-console</code> privilege. Typically,
-	  graphical login managers such as the GNOME Display Manager
-	  (gdm) will want include this in it's stack of PAM modules.
-	</p><p>
-	  Remote users (e.g. those not at a local console) can obtain
-	  the <code class="literal">desktop-console</code> only by
-	  authenticating as the super user.
-	</p><p>
-	  The <code class="literal">desktop-console</code> privilege can be used
-	  in conjunction with
-	  the <code class="literal">RequiredPrivileges</code> property in a
-	  privilege descriptor to ensure only users at a local console
-	  is entitled to a privilege for putting a system to sleep
-	  without having to autenticate. This is achieved by e.g. this
-	  privilege descriptor:
-	</p><pre class="programlisting">
-hal-system-suspend.privilege:
-
-# This privilege specifies who is allowed to suspend the system.
-
-[Privilege]
-RequiredPrivileges=desktop-console
-SufficientPrivileges=
-Allow=uid:__all__
-Deny=
-CanObtain=True
-CanGrant=True
-ObtainRequireRoot=False
-	</pre><p>
-	  For a remote user with the
-	  privilege <code class="literal">hal-system-suspend</code> it means
-	  that authentication as the super user is required
-	  as <code class="literal">desktop-console</code>
-	  has <code class="literal">ObtainRequireRoot=True</code> and this
-	  trumps the <code class="literal">ObtainRequireRoot=False</code>
-	  property that is in
-	  the <code class="literal">hal-system-suspend</code> privilege (see
-	  <a href="#can-obtain" title="CanObtain: Obtaining Privileges">the section called &#8220;<code class="literal">CanObtain</code>: Obtaining Privileges&#8221;</a>). Of course, if the user is
-	  logged in at a local console no authentication is required.
-	</p><p>
-	  Typically, the <code class="literal">desktop-console</code> privilege
-	  is granted on a specific resource, namely what console the
-	  user is logged into. At the time of writing, this resource
-	  can only be consider an opaque identifier (such
-	  as <code class="literal">console://:0</code> which refers to X11
-	  display ":0") and one cannot assign meaning to it. In the
-	  future, it may be possible to assign meaning to it.
-	</p></div></div></div></div></body></html>
diff --git a/doc/spec/polkit-spec.xml.in b/doc/spec/polkit-spec.xml.in
deleted file mode 100644
index ddc4277..0000000
--- a/doc/spec/polkit-spec.xml.in
+++ /dev/null
@@ -1,628 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!-- CVSID: $Id$ -->
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-
-<!-- THIS FILE IS AUTOGENERATED FROM polkit-spec.xml.in -->
-
-<book id="index">
-  <bookinfo>
-    <title>PolicyKit 0.2 Specification</title>
-    <releaseinfo>Version 0.2</releaseinfo>
-    <date>May 12th, 2006</date> <!-- Update this manually -->
-    <authorgroup>
-      <author>
-	<firstname>David</firstname>
-	<surname>Zeuthen</surname>
-	<affiliation>
-	  <address>
-	    <email>david at fubar.dk</email>
-	  </address>
-	</affiliation>
-      </author>
-    </authorgroup>
-  </bookinfo>
-  
-  <chapter id="introduction">
-    <title>Introduction</title>
-
-    <sect1>
-      <title>About</title>
-
-      <para>
-	PolicyKit is a system for enabling unprivileged desktop
-	applications to invoke privileged methods on system-wide
-	components in a controlled manner.
-      </para>
-
-    </sect1>
-  </chapter>
-
-  <chapter id="operation">
-    <title>Theory of operation</title>
-
-    <sect1>
-      <title>Privileges</title>
-
-      <para>
-	One major concept of the PolicyKit system is the notion of
-	privileges; a <emphasis>PolicyKit privilege</emphasis>
-	(referred to simply as
-	<emphasis>privilege</emphasis> in the following) is something
-	that a given user may or may not possess. The thinking behind
-	PolicyKit is that privileged system level components offer
-	functionality to unprivileged desktop applications as D-BUS
-	method calls through the system message bus. In order to have
-	a flexible security policy defining the set of users that are
-	allowed to invoke a method, the system level component defines
-	a set of
-	<emphasis>privileges</emphasis>. 
-      </para>
-
-    </sect1>
-
-    <sect1>
-      <title>Architecture</title>
-
-      <para>
-	The PolicyKit system is basically client/server and is
-	implemented as the
-	system-wide <literal>org.freedesktop.PolicyKit</literal> D-BUS
-	service. This D-BUS service serves two purposes
-      </para>
-
-
-      <itemizedlist>
-        <listitem>
-	  <para>
-	    System-level components may used D-BUS methods on this
-	    service to determine if a given caller of their methods
-	    are privileged.
-          </para>
-	</listitem>
-
-        <listitem>
-	  <para>
-	    Desktop level applications may initiate a dialogue with
-	    this service to (temporarily) obtain a privilege through
-	    authorization.
-          </para>
-	</listitem>
-      </itemizedlist>
-
-      <para>
-	In addition, the PolicyKit system includes client side
-	libraries and command-line utilities wrapping the D-BUS API of
-	the <literal>org.freedesktop.PolicyKit</literal> service.
-      </para>
-
-    </sect1>
-
-    <sect1>
-      <title>Example</title>
-
-      <para>
-	As an example, HAL exports the method <literal>Mount</literal>
-	on the
-	<literal>org.freedesktop.Hal.Device.Volume</literal> interface
-	for each hal device object of
-	capability <emphasis>volume</emphasis>. HAL defines a number
-	of privileges for mounting
-	including <emphasis>hal-storage-fixed-mount</emphasis>
-	and <emphasis>hal-storage-removable-mount</emphasis>. Depending
-	on the whether the volume stems from a fixed hard disk or a
-	hotpluggable/removable drive, HAL requires the calling user to
-	possess either
-	the <emphasis>hal-storage-fixed-mount</emphasis>
-	or <emphasis>hal-storage-removable-mount</emphasis> privilege
-	in order to carry out the <literal>Mount</literal> method. 
-      </para>
-
-      <para>
-	Upon a user invoking the <literal>Mount</literal> method, HAL
-	simply asks the <literal>org.freedesktop.PolicyKit</literal>
-	D-BUS service if the calling user possess this privilege and if
-	this is not the case the <literal>Mount</literal> method
-	throws
-	the <literal>org.freedesktop.Hal.Device.PermissionDeniedByPolicy</literal>
-	exception. Notably, this exception will tell the caller what
-	privilege the calling user needs to possess,
-	e.g. either <emphasis>hal-storage-fixed-mount</emphasis>
-	or <emphasis>hal-storage-removable-mount</emphasis>.
-      </para>
-
-      <para>
-	Should the <literal>Mount</literal> method fail with the
-	exception <literal>PermissionDeniedByPolicy</literal> the
-	caller now knows what privilege is required. The caller can
-	now initiate a dialogue with the <literal>PolicyKit</literal>
-	service to obtain this privilege. This conversation is
-	basically equivalent to a PAM authentication; in fact the 
-	<literal>PolicyKit</literal> service uses PAM under the hood
-	and wraps it in D-BUS calls. For details (like what user to
-	authenticate as) see XXX. When the caller obtains the
-	privilege (after successful authentication) he can now
-	invoke <literal>Mount</literal> and after this succeeds he may
-	tell the <literal>PolicyKit</literal> service to release the
-	privilege for the user as it is no longer needed. Should the
-	process crash while holding a privilege,
-	the <literal>PolicyKit</literal> service will be notifed and
-	the privilege will automatically be revoked.
-      </para>
-
-      <para>
-	Hence, <literal>PolicyKit</literal> has the notion of
-	both <emphasis>permament</emphasis>
-	and <emphasis>temporary</emphasis> privileges. The latter may
-	even be restricted such that only callers from the D-BUS
-	connection (remember, D-BUS connections has unique names)
-	obtaining the privilege may use the obtained
-	privilege. Consequently, if a temporary privilege is
-	restricted to a certain D-BUS connection, it is revoked when
-	the owner of this connection disconnects from the system
-	message bus.
-      </para>
-
-      <para>
-	In addition, privileges may be restricted to
-	certain <emphasis>resources</emphasis>; this is discussed in
-	more detail in XXX.
-      </para>
-
-      <para>
-	<inlinegraphic fileref="polkit-arch.png" format="PNG"/>
-      </para>
-
-      <para>
-	The whole example is outlined in the diagram above.
-      </para>
-
-    </sect1>
-  </chapter>
-
-
-  <chapter id="resources">
-    <title>Resources</title>
-
-    <para>
-      PolicyKit allows granting privileges only on
-      certain <emphasis>resources</emphasis>. For example, for HAL, it
-      is possible to grant the
-      privilege <emphasis>hal-storage-fixed-mount</emphasis> to the
-      user with uid 500 but only for the HAL device object
-      representing e.g. the <literal>/dev/hda3</literal> partition.
-    </para>
-
-    <sect1>
-      <title>Resource Identifiers</title>
-      <para> Resource identifers are prefixed with a name identifying
-	what service they belong to. The following resource
-	identifiers are defined
-      </para>
-
-      <itemizedlist>
-        <listitem>
-	  <para>
-	    <literal>hal://</literal>
-	    HAL Unique Device Identifiers also known as HAL UID's. Example: <literal>hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</literal>
-          </para>
-	</listitem>
-      </itemizedlist>
-
-    </sect1>
-
-  </chapter>
-
-
-
-  <chapter id="privileges">
-    <title>Privileges</title>
-
-    <sect1>
-      <title>Privilege Descriptors</title>
-      <para> 
-	Applications, such as HAL, installs <emphasis>privilege
-	descriptors</emphasis> into
-	the <literal>/etc/PolicyKit/privilege.d</literal> directory
-	(or more correct, into
-	the <literal>$sysconfdir/PolicyKit/privilege.d</literal>
-	directory depending on where PolicyKit is built).
-      </para>
-
-      <para>
-	A policy descriptor contains the following information:
-      </para>
-
-      <itemizedlist>
-        <listitem>
-	  <para>
-	    Criteria for determining if a given user possess the privilege on a given resource.
-          </para>
-	</listitem>
-
-        <listitem>
-	  <para>
-	    What privileges are required to possess a given privilege.
-          </para>
-	</listitem>
-
-        <listitem>
-	  <para>
-	    What privileges are sufficient to possess to automatically possess a given privilege.
-          </para>
-	</listitem>
-
-        <listitem>
-	  <para>
-	    Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently.
-          </para>
-	</listitem>
-
-        <listitem>
-	  <para>
-	    Whether a user with the privilege may permanently grant it to other users.
-          </para>
-	</listitem>
-      </itemizedlist>
-
-    </sect1>
-
-    <sect1>
-      <title>File Format</title>
-      <para>
-	A developer of a system-wide application wanting to define a
-	privilege must create a privilege descriptor. This is a a
-	simple <literal>.ini</literal>-like config file. Here is what
-	the skeleton looks like:
-      </para>
-
-      <programlisting>
-	[Policy]
-	RequiredPrivileges=
-	SufficientPrivileges=
-	Allow=
-	Deny=
-	CanObtain=
-	CanGrant=
-	ObtainRequireRoot=
-      </programlisting>
-
-      <sect2>
-	<title><literal>RequiredPrivileges</literal>: Required Privileges</title>
-	<para>
-	  This is a list of privileges the user must possess in order
-	  to possess the given privilege. If the user doesn't possess
-	  all of these privileges he is not considered to possess the
-	  given privilege. The list may be empty. A privilege in this
-	  list is considered being possessed if the user is privileged
-	  for one or more resources. E.g., if <literal>foo</literal>
-	  is a required privilege then just having this privilege on
-	  one resource is sufficient.
-	</para>
-      </sect2>
-
-      <sect2>
-	<title><literal>SufficientPrivileges</literal>: Sufficient Privileges</title>
-	<para>
-	  This is a list of privileges that, if a user possess any of
-	  these, he is consider to possess the given privilege. The
-	  list may be empty.  A privilege in this list is considered
-	  being possessed if the user is privileged for one or more
-	  resources. As with <literal>RequiredPrivileges</literal>,
-	  if <literal>foo</literal> is a sufficient privilege then
-	  just having this privilege on one resource is sufficient.
-	</para>
-      </sect2>
-
-      <sect2>
-	<title><literal>Allow, Deny</literal>: Criteria for Possesing a Privilege</title>
-	<para>
-	  Both <literal>Allow</literal> and <literal>Deny</literal>
-	  contains lists describing what users are allowed
-	  respectively denied the privilege. The elements of in each
-	  list are of the form
-	  <literal>type:value[:resource]</literal>.  where the last
-	  part, resource, may be omitted. The following types are
-	  supported:
-	</para>
-	<itemizedlist>
-          <listitem>
-	    <para><literal>uid</literal>: Unix user identifer; either
-	    a positive integer or Unix username. Special values
-	    include <literal>__all__</literal> (for denoting all
-	    users) and <literal>__none__</literal> (for denoting no
-	    users).</para>
-	  </listitem>
-
-          <listitem>
-	    <para><literal>gid</literal>: Unix group identifier,
-	    either a positive integer or Unix groupname. Special
-	    values include <literal>__all__</literal> (for denoting
-	    all groups) and <literal>__none__</literal> (for denoting
-	    no groups).</para>
-	  </listitem>
-	</itemizedlist>
-	<para>
-	  To determine if a given user is allowed for a given
-	  privilege (for a given resource), first
-	  the <literal>SufficientPrivileges</literal> list is
-	  consulted as described above. If the user possesses one or
-	  more of the listed privileges we're done; the user is
-	  automatically allowed for the given privilege. If this is
-	  not the case, the <literal>RequiredPrivileges</literal> list
-	  is consulted as described above. If the user possess all of
-	  the listed privileges, the <literal>Allow</literal> list is
-	  now consulted. For each element it is tested whether the
-	  user matches. If there are no elements for which the user is
-	  matches, the user is said not to possess the given privilege
-	  (for the given resource).
-	</para>
-	<para>
-	  If there is a match in the <literal>Allow</literal> list,
-	  the <literal>Deny</literal> list is now consulted. If the
-	  user matches any of the elements we know he doesn't possess
-	  the given privilege. If no elements match we can conclude
-	  that the user indeed possesses the given privilege (for the
-	  given resource).
-	</para>
-	<para>
-	  This logic is best described by a few examples
-	</para>
-	<itemizedlist>
-
-          <listitem>
-	    <para>
-	      <literal>
-		Allow="uid:davidz uid:501:hal:///deviceFoo gid:admins
-		uid:502"
-	      </literal>
-	    </para>
-	    <para>
-	      <literal>
-		Deny="gid:dooders uid:502:hal:///deviceBar"
-	      </literal>
-	    </para>
-	    <para>
-		User <literal>davidz</literal> possess this
-		privilege. All members of
-		the <literal>dooders</literal> group is denied this
-		privilege. User 501 is allowed this privilege but only
-		on the <literal>hal:///deviceFoo</literal>
-		resource. All users in the <literal>admin</literal>
-		group posseses the privilege. User 502 is allowed this
-		privilege but not on
-		the <literal>hal:///deviceBar</literal>
-		resource.
-	    </para>
-	  </listitem>
-
-          <listitem>
-	    <para>
-	      <literal>
-		Allow="uid:__all__"
-	      </literal>
-	    </para>
-	    <para>
-	      <literal>
-		Deny="gid:normalstaff"
-	      </literal>
-	    </para>
-	    <para>
-	        All users expect those in
-	        the <literal>normalstaff</literal> group posseses this
-	        privilege.
-	    </para>
-	  </listitem>
-
-	</itemizedlist>
-
-      </sect2>
-
-      
-      <sect2 id="can-obtain">
-	<title><literal>CanObtain</literal>: Obtaining Privileges</title>
-	<para>
-	  This property denotes whether an user can obtain the
-	  privilege by authentication. This is useful when either
-	  either the privilege in question or one of the privileges
-	  listed in <literal>RequiredPrivileges</literal> is not
-	  possessed.
-	</para>
-
-	<para>
-	  The property can assume the values
-	  <literal>True</literal> (the user can obtain the privilege
-	  permanently), <literal>Temporary</literal> (the user can
-	  only obtain the privilege temporarily) and
-	  <literal>False</literal> (the user can never obtain the
-	  privilege through authentication). 
-	</para>
-	  
-	<para>
-	  Whether the user needs to autenticate as himself or the
-	  super user is specified in
-	  the <literal>ObtainRequireRoot</literal> property. Note that
-	  if the user is lacking one or more of the privileges listed
-	  in <literal>RequiredPrivileges</literal> and one of these
-	  has <literal>ObtainRequireRoot=True</literal> the user will
-	  have to authenticate as the super user nonwithstanding that
-	  the privilege he attempts to obtain
-	  has <literal>ObtainRequireRoot=False</literal>. Moreover, if
-	  any of the lacking privileges
-	  in <literal>RequiredPrivileges</literal>
-	  has <literal>CanObtain</literal> set
-	  to <literal>False</literal>, the user will always have to
-	  authenticate as the super user.
-	</para>
-
-      </sect2>
-      
-      <sect2>
-	<title><literal>CanGrant</literal>: Granting Privileges</title>
-	<para>
-	  This property (it can assume the
-	  values <literal>True</literal> and <literal>False</literal>)
-	  describes whether an user with the given privilege can
-	  permanently grant it to himself and/or other users,.
-	</para>
-	<para>
-	  Typically, the construct is used in the following kind of UI
-	  dialogs:
-	</para>
-
-	<programlisting>
-    +----------------------------------------------------+
-    | You are not privileged to access the volume        |
-    | 'Dave's USB key'. You need to authenticate as the  |
-    | system administrator                               |
-    |                                                    |
-    |   Super user password: [_______________]           |
-    |                                                    |
-    |   Would you also like to automatically allow       |
-    |                                                    |
-    |  (*) This user to mount 'Dave's USB key'           |
-    |  ( ) Any user to mount 'Dave's USB key'            |
-    |  ( ) This user to mount a removable storage device |
-    |  ( ) Any user to mount a removable storage device  |
-    |                                                    |
-    | [Cancel]                                   [Mount] |
-    +----------------------------------------------------+
-       (TODO: replace with screenshot from gnome-mount)
-	</programlisting>
-
-	<para>
-	  The property <literal>CanObtain</literal> needs to assume
-	  the value <literal>True</literal> if this property assumes
-	  the value <literal>True</literal>. Otherwise this property
-	  effectively assumes the value <literal>False</literal>.
-	</para>
-      </sect2>
-
-      <sect2>
-	<title><literal>ObtainRequireRoot</literal>: Authentication Requirements</title>
-	<para>
-	  If the property <literal>CanObtain</literal> assumes the
-	  value <literal>True</literal>
-	  or <literal>Temporary</literal> it means the user can
-	  authenticate to gain a
-	  privilege. The <literal>ObtainRequireRoot</literal> property
-	  specifies whether authentication requires the super user
-	  password (<literal>True</literal>) or the users own password
-	  (<literal>False</literal>).
-	</para>
-	<para>
-	  See <xref linkend="can-obtain"/> for discussion on how
-	  the <literal>RequiredPrivileges</literal> property affects
-	  the effective value of this property.
-	</para>
-      </sect2>
-      
-    </sect1>
-
-    <sect1 id="privs-by-polkit">
-      <title>Privileges defined by PolicyKit</title>
-      <para>
-	This section describe privileges defined by PolicyKit and how
-	they can be used by other pieces of software. Some privileges
-	have special meaning and affects how PolicyKit works.
-      </para>
-
-      <sect2 id="priv-desktop-console">
-	<title><literal>desktop-console</literal> : Users at a local console</title>
-
-	<programlisting>
-desktop-console.privilege:
-
-# This privilege signfies that users holding it are logged into a
-# physical console attached to the system. Thus, it is useful for
-# other privileges for manipulating local devices to simply require
-# this privilege. 
-
-[Privilege]
-RequiredPrivileges=
-SufficientPrivileges=
-Allow=
-Deny=
-CanObtain=Temporary
-CanGrant=False
-ObtainRequireRoot=True
-	</programlisting>
-
-	<para>
-	  This privilege signifies that the user holding it is logged
-	  in at a local console. In this context, "local console"
-	  means that the display / keyboard / pointing device is local
-	  to the system which implies the user got physical access to
-	  the box.
-	</para>
-
-	<para>
-	  The PAM module <literal>pam-polkit-console</literal> shipped
-	  with PolicyKit is used to maintain files
-	  in <literal>/var/run/polkit-console</literal> for users
-	  logging in and out, and signal the PolicyKit daemon to
-	  reread these files and dynamically grant / revoke
-	  the <literal>desktop-console</literal> privilege. Typically,
-	  graphical login managers such as the GNOME Display Manager
-	  (gdm) will want include this in it's stack of PAM modules.
-	</para>
-
-	<para>
-	  Remote users (e.g. those not at a local console) can obtain
-	  the <literal>desktop-console</literal> only by
-	  authenticating as the super user.
-	</para>
-
-	<para>
-	  The <literal>desktop-console</literal> privilege can be used
-	  in conjunction with
-	  the <literal>RequiredPrivileges</literal> property in a
-	  privilege descriptor to ensure only users at a local console
-	  is entitled to a privilege for putting a system to sleep
-	  without having to autenticate. This is achieved by e.g. this
-	  privilege descriptor:
-	</para>
-
-	<programlisting>
-hal-system-suspend.privilege:
-
-# This privilege specifies who is allowed to suspend the system.
-
-[Privilege]
-RequiredPrivileges=desktop-console
-SufficientPrivileges=
-Allow=uid:__all__
-Deny=
-CanObtain=True
-CanGrant=True
-ObtainRequireRoot=False
-	</programlisting>
-
-	<para>
-	  For a remote user with the
-	  privilege <literal>hal-system-suspend</literal> it means
-	  that authentication as the super user is required
-	  as <literal>desktop-console</literal>
-	  has <literal>ObtainRequireRoot=True</literal> and this
-	  trumps the <literal>ObtainRequireRoot=False</literal>
-	  property that is in
-	  the <literal>hal-system-suspend</literal> privilege (see
-	  <xref linkend="can-obtain"/>). Of course, if the user is
-	  logged in at a local console no authentication is required.
-	</para>
-
-	<para>
-	  Typically, the <literal>desktop-console</literal> privilege
-	  is granted on a specific resource, namely what console the
-	  user is logged into. At the time of writing, this resource
-	  can only be consider an opaque identifier (such
-	  as <literal>console://:0</literal> which refers to X11
-	  display ":0") and one cannot assign meaning to it. In the
-	  future, it may be possible to assign meaning to it.
-	</para>
-      </sect2>
-
-    </sect1>
-
-  </chapter>
-  
-</book>
diff --git a/doc/spec/polkit-spec.xml.in.in b/doc/spec/polkit-spec.xml.in.in
new file mode 100644
index 0000000..ff6ec40
--- /dev/null
+++ b/doc/spec/polkit-spec.xml.in.in
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<book id="index">
+  <bookinfo>
+    <title>PolicyKit @VERSION@ Specification</title>
+    <releaseinfo>Version @VERSION@</releaseinfo>
+    <date>March 28th, 2007</date> <!-- Update this manually -->
+    <authorgroup>
+      <author>
+        <firstname>David</firstname>
+        <surname>Zeuthen</surname>
+        <affiliation>
+          <address>
+           <email>david at fubar.dk</email>
+          </address>
+        </affiliation>
+      </author>
+    </authorgroup>
+  </bookinfo>
+
+  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-spec-introduction.xml" />
+  
+</book>
diff --git a/libpolkit.pc.in b/libpolkit.pc.in
new file mode 100644
index 0000000..1d8d60a
--- /dev/null
+++ b/libpolkit.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libpolkit
+Description: library for querying system-wide policy
+Version: @VERSION@
+Requires: glib-2.0
+Libs: -L${libdir} -lpolkit
+Cflags: -I${includedir}/libpolkit
diff --git a/libpolkit/Makefile.am b/libpolkit/Makefile.am
index a533e86..68338b8 100644
--- a/libpolkit/Makefile.am
+++ b/libpolkit/Makefile.am
@@ -8,11 +8,9 @@ INCLUDES = \
 	-DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
 	-DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
 	-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT	\
-	-DDBUS_API_SUBJECT_TO_CHANGE \
-	@GLIB_CFLAGS@ \
-	@DBUS_GLIB_CFLAGS@
+	@GLIB_CFLAGS@
 
-lib_LTLIBRARIES=libpolkit.la libpolkit-grant.la
+lib_LTLIBRARIES=libpolkit.la
 
 libpolkitincludedir=$(includedir)/libpolkit
 
@@ -22,33 +20,10 @@ libpolkitinclude_HEADERS =              
 libpolkit_la_SOURCES =                                \
 	libpolkit.c           libpolkit.h
 
-libpolkit_la_LIBADD = @DBUS_GLIB_LIBS@ @GLIB_LIBS@
+libpolkit_la_LIBADD = @GLIB_LIBS@
 
 libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
 
-
-libpolkit_grantincludedir=$(includedir)/libpolkit
-
-libpolkit_grantinclude_HEADERS =                            \
-	libpolkit-grant.h
-
-libpolkit_grant_la_SOURCES =                                \
-	libpolkit-grant.c               libpolkit-grant.h               \
-					polkit-interface-manager-glue.h \
-					polkit-interface-session-glue.h
-
-libpolkit_grant_la_LIBADD = @DBUS_GLIB_LIBS@ @GLIB_LIBS@
-
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-polkit-interface-manager-glue.h: ../polkit-interface-manager.xml Makefile.am
-	dbus-binding-tool --prefix=polkit_manager --mode=glib-client --output=polkit-interface-manager-glue.h ../polkit-interface-manager.xml
-
-polkit-interface-session-glue.h: ../polkit-interface-session.xml Makefile.am
-	dbus-binding-tool --prefix=polkit_session --mode=glib-client --output=polkit-interface-session-glue.h ../polkit-interface-session.xml
-
-BUILT_SOURCES = polkit-interface-manager-glue.h polkit-interface-session-glue.h
-
 clean-local :
 	rm -f *~ $(BUILT_SOURCES)
 
diff --git a/libpolkit/libpolkit-grant.c b/libpolkit/libpolkit-grant.c
deleted file mode 100644
index 4e9e7d1..0000000
--- a/libpolkit/libpolkit-grant.c
+++ /dev/null
@@ -1,407 +0,0 @@
-/***************************************************************************
- *
- * libpolkit-grant.c : Wraps temporary grant methods on the PolicyKit daemon
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-#include "libpolkit-grant.h"
-
-#include "polkit-interface-manager-glue.h"
-#include "polkit-interface-session-glue.h"
-
-struct LibPolKitGrantContext_s
-{
-	DBusGConnection *dbus_g_connection;
-	char *user;
-	char *privilege;
-	char *resource;
-	gboolean restrict_to_dbus_connection;
-
-	LibPolKitGrantQuestions  questions_handler;
-	LibPolKitGrantComplete   grant_complete_handler;
-
-	char *auth_user;
-	char *auth_service_name;
-
-	DBusGProxy *manager;
-	DBusGProxy *session;
-
-	LibPolKitContext *polkit_ctx;
-
-	gpointer    user_data;
-};
-
-									       
-static void
-have_questions_handler (DBusGProxy *session, gpointer user_data)
-{
-	char **questions;
-	GError *error = NULL;
-	LibPolKitGrantContext *ctx = (LibPolKitGrantContext *) user_data;
-	gboolean should_continue;
-
-	should_continue = FALSE;
-
-	if (!org_freedesktop_PolicyKit_Session_get_questions (ctx->session,
-							      &questions,
-							      &error)) {
-		g_warning ("GetQuestions: %s", error->message);
-
-		/* we're done */
-		ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
-		g_error_free (error);
-
-	} else {
-		ctx->questions_handler (ctx, (const char **) questions, ctx->user_data);
-		g_strfreev (questions);
-	}
-}
-
-void
-libpolkit_grant_provide_answers (LibPolKitGrantContext *ctx, const char **answers)
-{
-	GError *error = NULL;
-
-	if (!org_freedesktop_PolicyKit_Session_provide_answers (ctx->session,
-								(const char **) answers,
-								&error)) {
-		g_warning ("ProvideAnswers: %s", error->message);
-
-		/* we're done */
-		ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
-		g_error_free (error);
-	}
-}
-
-
-static void
-auth_done_handler (DBusGProxy *session, gpointer user_data)
-{
-	gboolean auth_result;
-	//gboolean was_revoked;
-	GError *error = NULL;
-	LibPolKitGrantContext *ctx = (LibPolKitGrantContext *) user_data;
-
-	/*g_debug ("in %s", __FUNCTION__);*/
-
-	if (!org_freedesktop_PolicyKit_Session_is_authenticated (session,
-								 &auth_result,
-								 &error)) {
-		g_warning ("IsAuthenticated: %s", error->message);
-
-		/* we're done */
-		ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
-		g_error_free (error);
-		goto out;
-	}
-
-	/*g_message ("Authentication done. %s", auth_result);*/
-
-	if (!auth_result) {
-		char *auth_denied_reason;
-
-		if (!org_freedesktop_PolicyKit_Session_get_auth_denied_reason (session,
-									       &auth_denied_reason,
-									       &error)) {
-			g_warning ("GetAuthDeniedReason: %s", error->message);
-			g_error_free (error);
-			goto out;
-		}
-		
-		/*g_print ("\n"
-		  "Authentication failed (reason: '%s').\n", auth_denied_reason);*/
-
-		/* we're done */
-		ctx->grant_complete_handler (ctx, FALSE, auth_denied_reason, ctx->user_data);
-
-		g_free (auth_denied_reason);
-
-	} else {
-		/*g_print ("\n"
-		  "Authentication succeeded.\n");*/
-
-		/* don't restrict privilege to callers unique system bus connection name */
-		if (!org_freedesktop_PolicyKit_Session_grant_privilege_temporarily (session,
-										    ctx->restrict_to_dbus_connection,
-										    &error)) {
-			g_warning ("GrantPrivilegeTemporarily: %s", error->message);
-
-			/* we're done */
-			ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
-			g_error_free (error);
-
-
-		} else {
-			/* we're done */
-			ctx->grant_complete_handler (ctx, TRUE, NULL, ctx->user_data);
-
-		}
-
-	}
-
-
-	//sleep (20);
-
-	//libpolkit_revoke_temporary_privilege (ctx, grant_user, grant_privilege, grant_resource, &was_revoked);
-	//g_debug ("was revoked = %d", was_revoked);
-	//sleep (10000);
-
-out:
-	;
-}
-
-
-/**
- * libpolkit_grant_new_context:
- * @user: User to request privilege for
- * @privilege: Privilege to ask for
- * @resource: Resource to ask for. May be NULL.
- * @restrict_to_dbus_connection: Whether the privilege should be restricted to a particular D-BUS connection on the 
- * system message bus.
- * @user_data: User data to be passed to callbacks
- *
- * Create a new context for obtaining a privilege.
- *
- * Returns: The context. It is an opaque data structure. Free with libpolkit_grant_free_context.
- */
-
-LibPolKitGrantContext* 
-libpolkit_grant_new_context (DBusGConnection        *dbus_g_connection,
-			     const char             *user,
-			     const char             *privilege,
-			     const char             *resource,
-			     gboolean                restrict_to_dbus_connection,
-			     gpointer                user_data)
-{
-	LibPolKitGrantContext* ctx;
-
-	ctx = g_new (LibPolKitGrantContext, 1);
-	ctx->dbus_g_connection = dbus_g_connection;
-	ctx->user = g_strdup (user);
-	ctx->privilege = g_strdup (privilege);
-	ctx->resource = g_strdup (resource);
-	ctx->restrict_to_dbus_connection = restrict_to_dbus_connection;
-	ctx->questions_handler = NULL;
-	ctx->grant_complete_handler = NULL;
-	ctx->user_data         = user_data;
-
-	ctx->auth_user = NULL;
-	ctx->auth_service_name = NULL;
-
-	ctx->polkit_ctx = libpolkit_new_context (dbus_g_connection_get_connection (dbus_g_connection));
-
-	return ctx;
-}
-
-LibPolKitContext*
-libpolkit_grant_get_libpolkit_context (LibPolKitGrantContext  *ctx)
-{
-	return ctx->polkit_ctx;
-}
-
-void
-libpolkit_grant_set_questions_handler (LibPolKitGrantContext   *ctx,
-				       LibPolKitGrantQuestions  questions_handler)
-{
-	ctx->questions_handler = questions_handler;
-}
-
-void
-libpolkit_grant_set_grant_complete_handler (LibPolKitGrantContext   *ctx,
-					    LibPolKitGrantComplete   grant_complete_handler)
-{
-	ctx->grant_complete_handler = grant_complete_handler;
-}
-
-gboolean
-libpolkit_grant_initiate_temporary_grant (LibPolKitGrantContext  *ctx)
-{
-	GError *error = NULL;
-	char *session_objpath;
-	gboolean rc;
-
-	rc = FALSE;
-	if (ctx->questions_handler == NULL ||
-	    ctx->grant_complete_handler == NULL)
-		goto out;
-
-	ctx->manager = dbus_g_proxy_new_for_name (ctx->dbus_g_connection,
-						  "org.freedesktop.PolicyKit",
-						  "/org/freedesktop/PolicyKit/Manager",
-						  "org.freedesktop.PolicyKit.Manager");
-	if (ctx->manager == NULL)
-		goto out;
-
-	if (!org_freedesktop_PolicyKit_Manager_initiate_temporary_privilege_grant (ctx->manager,
-										   ctx->user,
-										   ctx->privilege,
-										   ctx->resource,
-										   &session_objpath,
-										   &error)) {
-		g_warning ("GrantPrivilege: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	/*g_debug ("session_objpath = %s", session_objpath);*/
-
-	ctx->session = dbus_g_proxy_new_for_name (ctx->dbus_g_connection,
-						  "org.freedesktop.PolicyKit",
-						  session_objpath,
-						  "org.freedesktop.PolicyKit.Session");
-	if (ctx->session == NULL)
-		goto out;
-
-	dbus_g_proxy_add_signal (ctx->session, "HaveQuestions", G_TYPE_INVALID);
-	dbus_g_proxy_connect_signal (ctx->session, "HaveQuestions", G_CALLBACK (have_questions_handler),
-				     (void *) ctx, NULL);
-
-	dbus_g_proxy_add_signal (ctx->session, "AuthenticationDone", G_TYPE_INVALID);
-	dbus_g_proxy_connect_signal (ctx->session, "AuthenticationDone", G_CALLBACK (auth_done_handler),
-				     (void *) ctx, NULL);
-
-	if (!org_freedesktop_PolicyKit_Session_get_auth_details (ctx->session,
-								 &ctx->auth_user,
-								 &ctx->auth_service_name,
-								 &error)) {
-		g_warning ("GetAuthDetails: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	if (!org_freedesktop_PolicyKit_Session_initiate_auth (ctx->session,
-							      &error)) {
-		g_warning ("InitiateAuth: %s", error->message);
-		g_error_free (error);
-		/* TODO: LIBPOLKIT_GRANT_RESULT_NO_SUCH_PRIVILEGE, LIBPOLKIT_GRANT_RESULT_CANNOT_AUTH_FOR_PRIVILEGE */
-		goto out;
-	}
-
-
-	g_free (session_objpath);
-
-	rc = TRUE;
-out:
-
-	return rc;
-}
-
-
-const char*
-libpolkit_grant_get_user_for_auth (LibPolKitGrantContext  *ctx)
-{
-	return ctx->auth_user;
-}
-
-const char*
-libpolkit_grant_get_pam_service_for_auth (LibPolKitGrantContext  *ctx)
-{
-	return ctx->auth_service_name;
-}
-
-gboolean
-libpolkit_grant_close (LibPolKitGrantContext  *ctx,
-		       gboolean                revoke_privilege)
-{
-	GError *error = NULL;
-
-	/* got the privilege; now close the session.. */
-	if (!org_freedesktop_PolicyKit_Session_close (ctx->session,
-						      &error)) {
-		g_warning ("Close: %s", error->message);
-		g_error_free (error);
-	}
-
-	if (revoke_privilege) {
-		gboolean was_revoked;
-
-		libpolkit_revoke_temporary_privilege (ctx->polkit_ctx, 
-						      ctx->user, 
-						      ctx->privilege, 
-						      ctx->resource, 
-						      &was_revoked);
-
-		if (!was_revoked) {
-			g_warning ("Couldn't revoke privilege");
-		}
-
-	}
-
-	return TRUE;
-}
-
-void
-libpolkit_grant_free_context (LibPolKitGrantContext *ctx)
-{
-	g_free (ctx->user);
-	g_free (ctx->privilege);
-	g_free (ctx->resource);
-	g_free (ctx->auth_user);
-	g_free (ctx->auth_service_name);
-	libpolkit_free_context (ctx->polkit_ctx);
-	g_free (ctx);
-}
-
-const char*
-libpolkit_grant_get_user (LibPolKitGrantContext *ctx)
-{
-	return ctx->user;
-}
-
-const char* 
-libpolkit_grant_get_privilege (LibPolKitGrantContext *ctx)
-{
-	return ctx->privilege;
-}
-
-/**
- * libpolkit_grant_get_resource:
- * @ctx: Context
- *
- * Get the resource as passed in from libpolkit_grant_new_context. 
- *
- * Returns: The resource. May be NULL.
- */
-const char* 
-libpolkit_grant_get_resource (LibPolKitGrantContext *ctx)
-{
-	return ctx->resource;
-}
-
diff --git a/libpolkit/libpolkit-grant.h b/libpolkit/libpolkit-grant.h
deleted file mode 100644
index 156aac1..0000000
--- a/libpolkit/libpolkit-grant.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/***************************************************************************
- *
- * libpolkit-grant.h : Wraps temporary grant methods on the PolicyKit daemon
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_GRANT_H
-#define LIBPOLKIT_GRANT_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-#include <dbus/dbus.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-
-
-struct LibPolKitGrantContext_s;
-typedef struct LibPolKitGrantContext_s LibPolKitGrantContext;
-
-/**
- * LibPolKitGrantQuestions:
- * @ctx: Context
- * @questions: NULL terminated series of pairs. Each pair represent one question.
- * @user_data: User data
- *
- * Callback when information is needed from the user in order to
- * authenticate.
- *
- * The first component of the each pair in the questions array denote
- * the question type. It can assume the values "PamPromptEchoOff"
- * (meaning prompt for answer but don't echo it on the screen as the
- * user types it), "PamPromptEchoOn" (meaning prompt for answer and
- * echo the answer on the screen as the user types it), "PamErrorMsg"
- * (display the message as an error message to the user) and
- * "PamTextInfo" (textual information to the user). The second
- * component in the pair is the actual question or information
- * (e.g. "Password:") and it should be shown to the user next to the
- * text input box.
- *
- * The callee should call libpolkit_grant_provide_answers with a
- * string array once it the answers have been obtained from the user.
- *
- */
-typedef void         (*LibPolKitGrantQuestions)                   (LibPolKitGrantContext   *ctx, 
-								   const char             **questions,
-								   gpointer                 user_data);
-
-/**
- * LibPolKitGrantComplete:
- * @obtained_privilege: Whether the user sucessfully authenticated
- * and was granted the privilege.
- * @reason_not_obtained: If the user did not obtain the privilege
- * this is the reason. May be NULL.
- * @user_data: User data
- *
- * Callback when authorization was complete or there was an error.
- *
- */
-typedef void         (*LibPolKitGrantComplete)                    (LibPolKitGrantContext   *ctx, 
-					                           gboolean                 obtained_privilege,
-								   const char              *reason_not_obtained,
-					                           gpointer                 user_data);
-
-
-LibPolKitGrantContext* libpolkit_grant_new_context                (DBusGConnection         *dbus_g_connection,
-								   const char              *user,
-							           const char              *privilege,
-							           const char              *resource,
-							           gboolean                 restrict_to_dbus_connection,
-								   gpointer                 user_data);
-
-const char*            libpolkit_grant_get_user                   (LibPolKitGrantContext    *ctx);
-
-const char*            libpolkit_grant_get_privilege              (LibPolKitGrantContext    *ctx);
-
-const char*            libpolkit_grant_get_resource               (LibPolKitGrantContext    *ctx);
-
-LibPolKitContext*      libpolkit_grant_get_libpolkit_context      (LibPolKitGrantContext   *ctx);
-
-void                   libpolkit_grant_set_questions_handler      (LibPolKitGrantContext   *ctx,
-							           LibPolKitGrantQuestions  questions_handler);
-
-void                   libpolkit_grant_set_grant_complete_handler (LibPolKitGrantContext   *ctx,
-							           LibPolKitGrantComplete   grant_complete_handler);
-
-gboolean               libpolkit_grant_initiate_temporary_grant   (LibPolKitGrantContext    *ctx);
-
-const char*            libpolkit_grant_get_user_for_auth          (LibPolKitGrantContext    *ctx);
-
-const char*            libpolkit_grant_get_pam_service_for_auth   (LibPolKitGrantContext    *ctx);
-
-void                   libpolkit_grant_provide_answers            (LibPolKitGrantContext    *ctx,
-								   const char              **answers);
-
-gboolean               libpolkit_grant_close                      (LibPolKitGrantContext    *ctx,
-								   gboolean                  revoke_privilege);
-
-void                   libpolkit_grant_free_context               (LibPolKitGrantContext    *ctx);
-
-
-#endif /* LIBPOLKIT_GRANT_H */
-
-
diff --git a/libpolkit/libpolkit.c b/libpolkit/libpolkit.c
index a00283b..a2bb93f 100644
--- a/libpolkit/libpolkit.c
+++ b/libpolkit/libpolkit.c
@@ -1,8 +1,8 @@
 /***************************************************************************
  *
- * libpolkit.c : Wraps a subset of methods on the PolicyKit daemon
+ * libpolkit.c : library for querying system-wide policy
  *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
  *
  * Licensed under the Academic Free License version 2.1
  *
@@ -36,377 +36,5 @@
 #include <errno.h>
 
 #include <glib.h>
-#include <dbus/dbus-glib.h>
-
 #include "libpolkit.h"
 
-#define LIBPOLKIT_MAGIC 0x3117beef
-
-#ifdef __SUNPRO_C
-#define __FUNCTION__ __func__
-#endif
-
-#define LIBPOLKIT_CHECK_CONTEXT(_ctx_, _ret_)				\
-	do {									\
-		if (_ctx_ == NULL) {						\
-			g_warning ("%s: given LibPolKitContext is NULL",     \
-				   __FUNCTION__);			        \
-			return _ret_;					        \
-		}								\
-		if (_ctx_->magic != LIBPOLKIT_MAGIC) {			\
-			g_warning ("%s: given LibPolKitContext is invalid (read magic 0x%08x, should be 0x%08x)",  \
-				   __FUNCTION__, _ctx_->magic, LIBPOLKIT_MAGIC);	\
-			return _ret_;					        \
-		}								\
-	} while(0)
-
-
-struct LibPolKitContext_s
-{
-	guint32 magic;
-	DBusConnection *connection;
-};
-
-/** Get a new context.
- *
- *  @return                     Pointer to new context or NULL if an error occured
- */
-LibPolKitContext *
-libpolkit_new_context (DBusConnection *connection)
-{
-	LibPolKitContext *ctx;
-
-	ctx = g_new0 (LibPolKitContext, 1);
-	ctx->magic = LIBPOLKIT_MAGIC;
-	ctx->connection = connection;
-
-	return ctx;
-}
-
-/** Free a context
- *
- *  @param  ctx                 The context obtained from libpolkit_new_context
- *  @return                     Pointer to new context or NULL if an error occured
- */
-gboolean
-libpolkit_free_context (LibPolKitContext *ctx)
-{
-	LIBPOLKIT_CHECK_CONTEXT (ctx, FALSE);
-
-	ctx->magic = 0;
-	g_free (ctx);
-	return TRUE;		
-}
-
-LibPolKitResult 
-libpolkit_get_allowed_resources_for_privilege_for_uid (LibPolKitContext    *ctx,
-						       const char          *user, 
-						       const char          *privilege, 
-						       GList              **resources,
-						       GList              **restrictions,
-						       int                 *num_non_temporary)
-{
-	LibPolKitResult res;
-	DBusMessage *message = NULL;
-	DBusMessage *reply = NULL;
-	DBusError error;
-	char **resource_list;
-	int num_resources;
-	char **restriction_list;
-	int num_restrictions;
-	int i;
-
-	LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
-	res = LIBPOLKIT_RESULT_ERROR;
-	*resources = NULL;
-	*restrictions = NULL;
-
-	message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
-						"/org/freedesktop/PolicyKit/Manager",
-						"org.freedesktop.PolicyKit.Manager",
-						"GetAllowedResourcesForPrivilege");
-	if (message == NULL) {
-		g_warning ("Could not allocate D-BUS message");
-		goto out;
-	}
-
-	if (!dbus_message_append_args (message, 
-				       DBUS_TYPE_STRING, &user, 
-				       DBUS_TYPE_STRING, &privilege,
-				       DBUS_TYPE_INVALID)) {
-		g_warning ("Could not append args to D-BUS message");
-		goto out;
-	}
-
-	dbus_error_init (&error);
-	reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
-	if (dbus_error_is_set (&error)) {
-		if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
-			res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
-			res = LIBPOLKIT_RESULT_ERROR;
-		}
-		dbus_error_free (&error);
-		goto out;
-	}
-
-	if (!dbus_message_get_args (reply, &error,
-				    DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &resource_list, &num_resources,
-				    DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &restriction_list, &num_restrictions,
-				    DBUS_TYPE_INT32, num_non_temporary,
-				    DBUS_TYPE_INVALID)) {
-		g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
-		dbus_error_free (&error);
-		goto out;
-	}
-
-	for (i = 0; i < num_resources; i++) {
-		*resources = g_list_append (*resources, g_strdup (resource_list[i]));
-	}
-	dbus_free_string_array (resource_list);
-
-	for (i = 0; i < num_restrictions; i++) {
-		*restrictions = g_list_append (*restrictions, g_strdup (restriction_list[i]));
-	}
-	dbus_free_string_array (restriction_list);
-
-	res = LIBPOLKIT_RESULT_OK;
-
-out:
-	if (reply != NULL)
-		dbus_message_unref (reply);
-	if (message != NULL)
-		dbus_message_unref (message);
-	return res;
-}
-
-LibPolKitResult 
-libpolkit_is_uid_allowed_for_privilege (LibPolKitContext   *ctx,
-					const char         *system_bus_unique_name, 
-					const char         *user, 
-					const char         *privilege, 
-					const char         *resource,
-					gboolean           *out_is_allowed,
-					gboolean           *out_is_temporary,
-					char              **out_is_privileged_but_restricted_to_system_bus_unique_name)
-{
-	LibPolKitResult res;
-	DBusMessage *message = NULL;
-	DBusMessage *reply = NULL;
-	DBusError error;
-	const char *myresource = "";
-	const char *mysystem_bus_unique_name = "";
-	char *but_restricted_to = NULL;
-
-	LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
-	res = LIBPOLKIT_RESULT_ERROR;
-	*out_is_allowed = FALSE;
-	*out_is_temporary = FALSE;
-
-	message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
-						"/org/freedesktop/PolicyKit/Manager",
-						"org.freedesktop.PolicyKit.Manager",
-						"IsUserPrivileged");
-	if (message == NULL) {
-		g_warning ("Could not allocate D-BUS message");
-		goto out;
-	}
-
-	if (resource != NULL)
-		myresource = resource;
-
-	if (system_bus_unique_name != NULL)
-		mysystem_bus_unique_name = system_bus_unique_name;
-
-	if (!dbus_message_append_args (message, 
-				       DBUS_TYPE_STRING, &mysystem_bus_unique_name, 
-				       DBUS_TYPE_STRING, &user, 
-				       DBUS_TYPE_STRING, &privilege,
-				       DBUS_TYPE_STRING, &myresource,
-				       DBUS_TYPE_INVALID)) {
-		g_warning ("Could not append args to D-BUS message");
-		goto out;
-	}
-
-	dbus_error_init (&error);
-	reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
-	if (dbus_error_is_set (&error)) {
-		if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchUser") == 0) {
-			res = LIBPOLKIT_RESULT_NO_SUCH_USER;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchPrivilege") == 0) {
-			res = LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
-			res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
-			res = LIBPOLKIT_RESULT_ERROR;
-		}
-		dbus_error_free (&error);
-		goto out;
-	}
-
-
-	if (!dbus_message_get_args (reply, &error,
-				    DBUS_TYPE_BOOLEAN, out_is_allowed,
-				    DBUS_TYPE_BOOLEAN, out_is_temporary,
-				    DBUS_TYPE_STRING, &but_restricted_to,
-				    DBUS_TYPE_INVALID)) {
-		g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
-		dbus_error_free (&error);
-		goto out;
-	}
-
-	if (out_is_privileged_but_restricted_to_system_bus_unique_name != NULL) {
-		if (but_restricted_to != NULL && strlen (but_restricted_to) > 0) {
-			*out_is_privileged_but_restricted_to_system_bus_unique_name = strdup (but_restricted_to);
-		} else {
-			*out_is_privileged_but_restricted_to_system_bus_unique_name = NULL;
-		}
-		//dbus_free (but_restricted_to);
-	} 
-
-	res = LIBPOLKIT_RESULT_OK;
-
-out:
-	if (reply != NULL)
-		dbus_message_unref (reply);
-	if (message != NULL)
-		dbus_message_unref (message);
-	return res;
-}
-
-LibPolKitResult
-libpolkit_revoke_temporary_privilege (LibPolKitContext      *ctx,
-				      const char            *user, 
-				      const char            *privilege, 
-				      const char            *resource,
-				      gboolean              *result)
-{
-	LibPolKitResult res;
-	DBusMessage *message = NULL;
-	DBusMessage *reply = NULL;
-	DBusError error;
-	const char *myresource = "";
-
-	LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
-	res = LIBPOLKIT_RESULT_ERROR;
-	*result = FALSE;
-
-	message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
-						"/org/freedesktop/PolicyKit/Manager",
-						"org.freedesktop.PolicyKit.Manager",
-						"RevokeTemporaryPrivilege");
-	if (message == NULL) {
-		g_warning ("Could not allocate D-BUS message");
-		goto out;
-	}
-
-	if (resource != NULL)
-		myresource = resource;
-
-	if (!dbus_message_append_args (message, 
-				       DBUS_TYPE_STRING, &user, 
-				       DBUS_TYPE_STRING, &privilege,
-				       DBUS_TYPE_STRING, &myresource,
-				       DBUS_TYPE_INVALID)) {
-		g_warning ("Could not append args to D-BUS message");
-		goto out;
-	}
-
-	dbus_error_init (&error);
-	reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
-	if (dbus_error_is_set (&error)) {
-		if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchUser") == 0) {
-			res = LIBPOLKIT_RESULT_NO_SUCH_USER;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchPrivilege") == 0) {
-			res = LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
-			res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
-			res = LIBPOLKIT_RESULT_ERROR;
-		}
-		dbus_error_free (&error);
-		goto out;
-	}
-
-
-	if (!dbus_message_get_args (reply, &error,
-				    DBUS_TYPE_BOOLEAN, result,
-				    DBUS_TYPE_INVALID)) {
-		g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
-		dbus_error_free (&error);
-		goto out;
-	}
-
-	res = LIBPOLKIT_RESULT_OK;
-
-out:
-	if (reply != NULL)
-		dbus_message_unref (reply);
-	if (message != NULL)
-		dbus_message_unref (message);
-	return res;	
-}
-
-LibPolKitResult
-libpolkit_get_privilege_list (LibPolKitContext      *ctx,
-			      GList                **result)
-{
-	LibPolKitResult res;
-	DBusMessage *message = NULL;
-	DBusMessage *reply = NULL;
-	DBusError error;
-	char **privilege_list;
-	int num_privileges;
-	int i;
-
-	LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
-	res = LIBPOLKIT_RESULT_ERROR;
-	*result = NULL;
-
-	message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
-						"/org/freedesktop/PolicyKit/Manager",
-						"org.freedesktop.PolicyKit.Manager",
-						"ListPrivileges");
-	if (message == NULL) {
-		g_warning ("Could not allocate D-BUS message");
-		goto out;
-	}
-
-	dbus_error_init (&error);
-	reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
-	if (dbus_error_is_set (&error)) {
-		if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
-			res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
-		} else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
-			res = LIBPOLKIT_RESULT_ERROR;
-		}
-		dbus_error_free (&error);
-		goto out;
-	}
-
-	if (!dbus_message_get_args (reply, &error,
-				    DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &privilege_list, &num_privileges,
-				    DBUS_TYPE_INVALID)) {
-		g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
-		dbus_error_free (&error);
-		goto out;
-	}
-
-	for (i = 0; i < num_privileges; i++) {
-		*result = g_list_append (*result, g_strdup (privilege_list[i]));
-	}
-	dbus_free_string_array (privilege_list);
-
-	res = LIBPOLKIT_RESULT_OK;
-
-out:
-	if (reply != NULL)
-		dbus_message_unref (reply);
-	if (message != NULL)
-		dbus_message_unref (message);
-	return res;
-}
diff --git a/libpolkit/libpolkit.h b/libpolkit/libpolkit.h
index 28b4319..c322489 100644
--- a/libpolkit/libpolkit.h
+++ b/libpolkit/libpolkit.h
@@ -1,8 +1,8 @@
 /***************************************************************************
  *
- * libpolkit.h : Wraps a subset of methods on the PolicyKit daemon
+ * libpolkit.h : library for querying system-wide policy
  *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
  *
  * Licensed under the Academic Free License version 2.1
  *
@@ -29,48 +29,6 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <glib.h>
-#include <dbus/dbus.h>
-
-typedef enum {
-	LIBPOLKIT_RESULT_OK,
-	LIBPOLKIT_RESULT_ERROR,
-	LIBPOLKIT_RESULT_INVALID_CONTEXT,
-	LIBPOLKIT_RESULT_NOT_PRIVILEGED,
-	LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE,
-	LIBPOLKIT_RESULT_NO_SUCH_USER
-} LibPolKitResult;
-
-struct LibPolKitContext_s;
-typedef struct LibPolKitContext_s LibPolKitContext;
-
-LibPolKitContext  *libpolkit_new_context                              (DBusConnection        *connection);
-
-gboolean           libpolkit_free_context                             (LibPolKitContext      *ctx);
-
-LibPolKitResult    libpolkit_get_privilege_list                       (LibPolKitContext      *ctx,
-								       GList                **result);
-
-LibPolKitResult    libpolkit_is_uid_allowed_for_privilege             (LibPolKitContext      *ctx,
-								       const char            *system_bus_unique_name, 
-								       const char            *user, 
-								       const char            *privilege, 
-								       const char            *resource,
-								       gboolean              *out_is_allowed,
-								       gboolean              *out_is_temporary,
-								       char                 **out_is_privileged_but_restricted_to_system_bus_unique_name);
-
-LibPolKitResult    libpolkit_revoke_temporary_privilege               (LibPolKitContext      *ctx,
-								       const char            *user, 
-								       const char            *privilege, 
-								       const char            *resource,
-								       gboolean              *result);
-
-LibPolKitResult    libpolkit_get_allowed_resources_for_privilege_for_uid (LibPolKitContext      *ctx,
-									  const char            *user, 
-									  const char            *privilege, 
-									  GList                **resources,
-									  GList                **restrictions,
-									  int                   *num_non_temporary);
 
 #endif /* LIBPOLKIT_H */
 
diff --git a/pam-polkit-console/.gitignore b/pam-polkit-console/.gitignore
deleted file mode 100644
index 10140b2..0000000
--- a/pam-polkit-console/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-.deps
-.libs
-Makefile
-Makefile.in
-*.la
-*.lo
-*.o
diff --git a/pam-polkit-console/Makefile.am b/pam-polkit-console/Makefile.am
deleted file mode 100644
index c72ac29..0000000
--- a/pam-polkit-console/Makefile.am
+++ /dev/null
@@ -1,18 +0,0 @@
-
-LOCKDIR     = $(localstatedir)/run/polkit-console
-LOCKDIRMODE = 0700
-
-securelibdir = $(PAM_MODULE_DIR)
-securelib_LTLIBRARIES = pam_polkit_console.la
-
-pam_polkit_console_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_polkit_console_la_LIBADD = -lpam
-pam_polkit_console_la_CFLAGS = -DLOCKDIR=\"$(LOCKDIR)\"
-
-pam_polkit_console_la_SOURCES = pam-polkit-console.c
-
-clean-local :
-	rm -f *~
-
-install-data-local:
-	mkdir -m $(LOCKDIRMODE) -p $(DESTDIR)$(LOCKDIR)
diff --git a/pam-polkit-console/pam-polkit-console.c b/pam-polkit-console/pam-polkit-console.c
deleted file mode 100644
index d5748af..0000000
--- a/pam-polkit-console/pam-polkit-console.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * pam-polkit-console.c : Maintain files in /var/run/polkit-console to
- *                        maintain a list of what users are logged in at
- *                        what console
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#include <config.h>
-
-#include <errno.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <signal.h>
-#include <stdarg.h>
-
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-#ifdef HAVE_PAM_MODUTIL_H
-#include <security/pam_modutil.h>
-#endif
-#ifdef HAVE_PAM_EXT_H
-#include <security/pam_ext.h>
-#endif
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-
-static int debug = 0;
-
-static void
-_pam_log (pam_handle_t *pamh, 
-	  int err, 
-	  int debug_noforce,
-	  const char *format, ...)
-{
-	va_list args;
-
-	if (debug_noforce && !debug) 
-		return;
-
-	va_start (args, format);
-#ifdef HAVE_PAM_VSYSLOG
-	pam_vsyslog (pamh, err, format, args);
-#endif
-	closelog ();
-}
-
-static void
-_parse_module_args (pam_handle_t *pamh, 
-		    int argc, 
-		    const char **argv)
-{
-	int i;
-
-	for (i = 0; i < argc; i++) {
-		const char *arg;
-
-		arg = argv[i];
-		if (strcmp (arg,"debug") == 0) {
-			debug = 1;
-		} else {
-			_pam_log(pamh, LOG_ERR, FALSE,
-				 "_parse_module_args: unknown option; %s", arg);
-		}
-	}
-}
-
-static int
-_is_local_xconsole (const char *tty)
-{
-	int a, b;
-
-	if (sscanf (tty, ":%d.%d", &a, &b) == 2)
-		return TRUE;
-	else if (sscanf (tty, ":%d", &a) == 1)
-		return TRUE;
-	else
-		return FALSE;
-}
-
-static void
-_poke_polkitd (pam_handle_t *pamh)
-{
-	char buf[80];
-
-	/* This is a PAM module so we're loaded into the address space
-	 * of some other process (e.g. gdm) - though it's tempting to
-	 * use D-BUS to poke the PolicyKit daemon it may, just resort to
-	 * using oldskool SIGUSR1 instead.
-	 */
-
-	FILE *f;
-	f = fopen (POLKITD_PID_FILE, "r");
-	if (f != NULL) {
-		if (fgets (buf, sizeof (buf), f) != NULL && buf[0] != '\0' && buf[0] != '\n') {
-			pid_t pid;
-			char *p;
-			
-			pid = strtol (buf, &p, 10);
-			if ((*p == '\0') || (*p == '\n'))
-			{
-				_pam_log (pamh, LOG_DEBUG, TRUE, 
-					  "Sending SIGUSR1 to polkitd with pid %d to reload configuration", pid);
-				kill (pid, SIGUSR1);
-			}
-		}
-		fclose (f);
-	}
-}
-
-PAM_EXTERN int
-pam_sm_authenticate (pam_handle_t *pamh, 
-		     int flags, 
-		     int argc, 
-		     const char **argv)
-{
-	return PAM_AUTH_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_setcred (pam_handle_t *pamh, 
-		int flags, 
-		int argc, 
-		const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_open_session (pam_handle_t *pamh, 
-		     int flags, 
-		     int argc, 
-		     const char **argv)
-{
-	const char *username = NULL;
-	const char *user_prompt = NULL;
-	const char *tty = NULL;
-	char buf[256];
-
-	_pam_log (pamh, LOG_ERR, TRUE, "pam_polkit_console open_session");
-	_parse_module_args (pamh, argc, argv);
-	if(pam_get_item (pamh, PAM_USER_PROMPT, (const void **)(char*) &user_prompt) != PAM_SUCCESS) {
-		user_prompt = "user name: ";
-	}
-	username = NULL;
-	pam_get_user (pamh, &username, user_prompt);
-	if (username == NULL || strlen (username) == 0) {
-		return PAM_SESSION_ERR;
-	}
-
-	pam_get_item(pamh, PAM_TTY, (const void**)(char*) &tty);
-	if (tty == NULL || strlen (tty) == 0) {
-		_pam_log(pamh, LOG_ERR, TRUE, "TTY not defined");
-		return PAM_SESSION_ERR;
-	}
-
-	_pam_log (pamh, LOG_DEBUG, TRUE, "open_session for user '%s' @ TTY '%s'", username, tty);
-
-	if (_is_local_xconsole (tty)) {
-		if ((unsigned int) snprintf (buf, sizeof (buf), LOCKDIR "/%s_%s", tty, username) < sizeof (buf)) {
-			int fd;
-
-			fd = open (buf, O_RDWR|O_CREAT|O_EXCL, 0600);
-			if (fd > 0) {
-				_pam_log (pamh, LOG_DEBUG, TRUE, "open_session success; %s %s %s", 
-					  username, tty, buf);
-				close (fd);
-				_poke_polkitd (pamh);
-			}
-		}
-	}
-
-	return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_close_session (pam_handle_t *pamh, 
-		      int flags, 
-		      int argc, 
-		      const char **argv)
-{
-	const char *username = NULL;
-	const char *user_prompt = NULL;
-	const char *tty = NULL;
-	char buf[256];
-
-	_pam_log (pamh, LOG_ERR, TRUE, "pam_polkit_console close_session");
-	_parse_module_args (pamh, argc, argv);
-	if (pam_get_item (pamh, PAM_USER_PROMPT, (const void **)(char*) &user_prompt) != PAM_SUCCESS) {
-		user_prompt = "user name: ";
-	}
-	username = NULL;
-	pam_get_user (pamh, &username, user_prompt);
-	if (username == NULL || strlen (username) == 0) {
-		return PAM_SESSION_ERR;
-	}
-
-	pam_get_item (pamh, PAM_TTY, (const void**)(char*) &tty);
-	if (tty == NULL || strlen (tty) == 0) {
-		_pam_log(pamh, LOG_ERR, TRUE, "TTY not defined");
-		return PAM_SESSION_ERR;
-	}
-
-	_pam_log (pamh, LOG_DEBUG, TRUE, "close_session for user '%s' @ TTY '%s'", username, tty);
-
-	if (_is_local_xconsole (tty)) {
-		if ((unsigned int) snprintf (buf, sizeof (buf), LOCKDIR "/%s_%s", tty, username) < sizeof (buf)) {
-			unlink (buf);
-			_poke_polkitd (pamh);
-		}
-	}
-	
-	return PAM_SUCCESS;
-}
-
-#ifdef PAM_STATIC
-
-/* static module data */
-
-struct pam_module _pam_polkit_console_modstruct = {
-    "pam_polkit_console",
-    pam_sm_authenticate,
-    pam_sm_setcred,
-    NULL,
-    pam_sm_open_session,
-    pam_sm_close_session,
-    NULL,
-};
-
-#endif
-
-/* end of module definition */
diff --git a/policy-kit.in b/policy-kit.in
deleted file mode 100644
index 8bf833b..0000000
--- a/policy-kit.in
+++ /dev/null
@@ -1,8 +0,0 @@
-#%PAM-1.0
-
-auth       include      @PAM_FILE_INCLUDE_AUTH@
-account    include      @PAM_FILE_INCLUDE_ACCOUNT@
-password   include      @PAM_FILE_INCLUDE_PASSWORD@
-session    include      @PAM_FILE_INCLUDE_SESSION@
-
-
diff --git a/polkit-interface-manager.xml b/polkit-interface-manager.xml
deleted file mode 100644
index c7c461e..0000000
--- a/polkit-interface-manager.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<node name="/org/freedesktop/PolicyKit/Manager">
-  <interface name="org.freedesktop.PolicyKit.Manager">
-
-    <method name="InitiateTemporaryPrivilegeGrant">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="user"            type="s" direction="in"/>
-      <arg name="privilege"       type="s" direction="in"/>
-      <arg name="resource"        type="s" direction="in"/>
-      <arg name="session_objpath" type="o" direction="out"/>
-    </method>
-
-    <method name="RevokeTemporaryPrivilege">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="user"            type="s" direction="in"/>
-      <arg name="privilege"       type="s" direction="in"/>
-      <arg name="resource"        type="s" direction="in"/>
-      <arg name="was_revoked"     type="b" direction="out"/>
-    </method>
-
-    <method name="IsUserPrivileged">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="system_bus_unique_name"                                 type="s" direction="in"/>
-      <arg name="user"                                                   type="s" direction="in"/>
-      <arg name="privilege"                                              type="s" direction="in"/>
-      <arg name="resource"                                               type="s" direction="in"/>
-      <arg name="is_privileged"                                          type="b" direction="out"/>
-      <arg name="is_temporary"                                           type="b" direction="out"/>
-      <arg name="is_privileged_but_restricted_to_system_bus_unique_name" type="s" direction="out"/>
-    </method>
-
-    <method name="GetAllowedResourcesForPrivilege">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="user"              type="s"  direction="in"/>
-      <arg name="privilege"         type="s"  direction="in"/>
-      <arg name="resource_list"     type="as" direction="out"/>
-      <arg name="restriction_list"  type="as" direction="out"/>
-      <arg name="num_non_temp"      type="i"  direction="out"/>
-    </method>
-
-    <method name="ListPrivileges">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="privilege_list" type="as" direction="out"/>
-    </method>
-
-  </interface>
-</node>
diff --git a/polkit-interface-session.xml b/polkit-interface-session.xml
deleted file mode 100644
index 0549bda..0000000
--- a/polkit-interface-session.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<node>
-  <interface name="org.freedesktop.PolicyKit.Session">
-
-    <method name="InitiateAuth">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-    </method>
-
-    <method name="GetQuestions">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="question_list" type="as" direction="out"/>
-    </method>
-
-    <method name="GetAuthDetails">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="user"             type="s" direction="out"/>
-      <arg name="pam_service_name" type="s" direction="out"/>
-    </method>
-
-    <method name="ProvideAnswers">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="answer_list" type="as" direction="in"/>
-    </method>
-
-    <method name="IsAuthenticated">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="is_authenticated" type="b" direction="out"/>
-    </method>
-
-    <method name="GetAuthDeniedReason">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="reason" type="s" direction="out"/>
-    </method>
-
-    <method name="Close">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-    </method>
-
-    <method name="GrantPrivilegeTemporarily">
-      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-      <arg name="restrict_to_callers_system_bus_unique_name" type="b" direction="in"/>
-    </method>
-
-    <signal name="HaveQuestions"/>
-
-    <signal name="AuthenticationDone"/>
-
-  </interface>
-</node>
diff --git a/polkit.pc.in b/polkit.pc.in
deleted file mode 100644
index 55885f5..0000000
--- a/polkit.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libpolkit
-Description: library for querying and setting system-wide policy
-Version: @VERSION@
-Requires: glib-2.0
-Libs: -L${libdir} -lpolkit
-Cflags: -I${includedir}/libpolkit
diff --git a/polkitd/.gitignore b/polkitd/.gitignore
deleted file mode 100644
index 2198470..0000000
--- a/polkitd/.gitignore
+++ /dev/null
@@ -1,13 +0,0 @@
-.deps
-.libs
-Makefile
-Makefile.in
-polkitd
-PolicyKit
-PolicyKit.conf
-polkit-marshal.c
-polkit-marshal.h
-polkit-interface-manager-glue.c
-polkit-interface-manager-glue.h
-polkit-interface-session-glue.h
-*.o
diff --git a/polkitd/Makefile.am b/polkitd/Makefile.am
deleted file mode 100644
index a5423ab..0000000
--- a/polkitd/Makefile.am
+++ /dev/null
@@ -1,94 +0,0 @@
-
-INCLUDES = \
-	-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-	-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-	-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
-	-DPACKAGE_BIN_DIR=\""$(bindir)"\" \
-	-DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
-	-DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
-	-I$(top_srcdir) \
-	@GLIB_CFLAGS@ \
-	@DBUS_GLIB_CFLAGS@
-
-# polkitd
-#
-
-sbin_PROGRAMS = polkitd
-
-polkitd_SOURCES =                  					\
-	polkit-marshal.c                polkit-marshal.h                \
-	polkit-session.c 		polkit-session.h		\
-	polkit-manager.c 		polkit-manager.h		\
-					polkit-interface-manager-glue.h \
-					polkit-interface-session-glue.h \
-	policy.c                        policy.h                        \
-	main.c
-
-polkitd_CFLAGS = -fno-strict-aliasing
-polkitd_LDADD = @GLIB_LIBS@ @DBUS_GLIB_LIBS@ @AUTH_LIBS@
-
-#### Init scripts fun
-SCRIPT_IN_FILES=PolicyKit.in
-
-## Red Hat start
-if OS_TYPE_RED_HAT
-
-initddir=$(sysconfdir)/rc.d/init.d
-
-initd_SCRIPTS= 	\
-	PolicyKit
-
-endif
-## Red Hat end
-
-# D-BUS configuration file
-#
-
-dbusdir = $(sysconfdir)/dbus-1/system.d
-dist_dbus_DATA = PolicyKit.conf
-
-# D-BUS glue
-#
-
-polkit-interface-manager-glue.h: ../polkit-interface-manager.xml Makefile.am
-	dbus-binding-tool --prefix=polkit_manager --mode=glib-server --output=polkit-interface-manager-glue.h ../polkit-interface-manager.xml
-
-polkit-interface-session-glue.h: ../polkit-interface-session.xml Makefile.am
-	dbus-binding-tool --prefix=polkit_session --mode=glib-server --output=polkit-interface-session-glue.h ../polkit-interface-session.xml
-
-BUILT_SOURCES = polkit-interface-manager-glue.h polkit-interface-session-glue.h
-
-# Marshallers
-#
-
-polkit-marshal.c: Makefile polkit-marshal.list
-	glib-genmarshal --prefix=polkit_marshal $(srcdir)/polkit-marshal.list --header --body > $@.tmp && mv $@.tmp $@
-
-polkit-marshal.h: Makefile polkit-marshal.list
-	glib-genmarshal --prefix=polkit_marshal $(srcdir)/polkit-marshal.list --header > $@.tmp && mv $@.tmp $@
-
-BUILT_SOURCES += polkit-marshal.c polkit-marshal.h
-
-
-# Test harness 
-#
-
-check_PROGRAMS = polkitd-test
-
-polkitd_test_SOURCES =                             \
-	policy.c		policy.h	   \
-	polkitd-test.c
-
-polkitd_test_LDADD = @GLIB_LIBS@
-
-TESTS = polkitd-test
-
-
-
-EXTRA_DIST = polkit-marshal.list
-
-# Clean
-#
-
-clean-local:
-	rm -f *~ $(BUILT_SOURCES) PolicyKit.conf
diff --git a/polkitd/PolicyKit.conf.in b/polkitd/PolicyKit.conf.in
deleted file mode 100644
index 61b3486..0000000
--- a/polkitd/PolicyKit.conf.in
+++ /dev/null
@@ -1,20 +0,0 @@
-<!DOCTYPE busconfig PUBLIC
- "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-
-  <!-- Only uid 0 or user @POLKIT_USER@ can own the org.freedesktop.PolicyKit service -->
-  <policy user="0">
-    <allow own="org.freedesktop.PolicyKit"/>
-  </policy>
-
-  <!-- Allow anyone to invoke methods on the org.freedesktop.PolicyKit interfaces -->
-  <policy context="default">
-    <allow send_interface="org.freedesktop.PolicyKit"/>
-
-    <allow receive_interface="org.freedesktop.PolicyKit"
-           receive_sender="org.freedesktop.PolicyKit"/>
-  </policy>
-
-</busconfig>
-
diff --git a/polkitd/PolicyKit.in b/polkitd/PolicyKit.in
deleted file mode 100755
index 023fd7f..0000000
--- a/polkitd/PolicyKit.in
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/bin/sh
-#
-# PolicyKit:   PolicyKit daemon
-#
-# chkconfig: 345 98 02
-# description:  The PolicyKit maintains a list of privileges and \
-#               provides interfaces for changing it. \
-#               See http://www.freedesktop.org/Software/hal
-#
-# processname: polkitd
-# pidfile: @POLKITD_PID_FILE@
-#
-
-# Sanity checks.
-[ -x @SBINDIR@/polkitd ] || exit 0
-
-# Source function library.
-. @SYSCONFDIR@/rc.d/init.d/functions
-
-# so we can rearrange this easily
-processname=polkitd
-servicename=PolicyKit
-
-RETVAL=0
-
-cleanup_state_dir()
-{
-    # Clean out all files in 
-    rm -f @LOCALSTATEDIR@/run/polkit-console/*
-    mkdir -p @LOCALSTATEDIR@/run/polkit-console
-}
-
-start() {
-    echo -n $"Starting PolicyKit daemon: "
-    daemon --check $servicename $processname
-    RETVAL=$?
-    echo
-    [ $RETVAL -eq 0 ] && touch @LOCALSTATEDIR@/lock/subsys/$servicename
-}
-
-stop() {
-    echo -n $"Stopping PolicyKit daemon: "
-
-    killproc $processname -TERM
-    RETVAL=$?
-    echo
-    if [ $RETVAL -eq 0 ]; then
-        rm -f @LOCALSTATEDIR@/lock/subsys/$servicename
-        rm -f @POLKITD_PID_FILE@
-    fi
-}
-
-# See how we were called.
-case "$1" in
-    start)
-	cleanup_state_dir
-        start
-        ;;
-    stop)
-        stop
-        ;;
-    status)
-        status $processname
-        RETVAL=$?
-        ;;
-    restart)
-        stop
-        start
-        ;;
-    condrestart)
-        if [ -f @LOCALSTATEDIR@/lock/subsys/$servicename ]; then
-            stop
-            start
-        fi
-        ;;
-    *)
-        echo $"Usage: $0 {start|stop|status|restart|condrestart}"
-        ;;
-esac
-exit $RETVAL
diff --git a/polkitd/debug-polkitd.sh b/polkitd/debug-polkitd.sh
deleted file mode 100755
index f331ec8..0000000
--- a/polkitd/debug-polkitd.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-echo ========================================
-echo Just type \'run\' to start debugging polkitd
-echo ========================================
-gdb run --args ./polkitd --no-daemon --verbose
-
-
-
diff --git a/polkitd/main.c b/polkitd/main.c
deleted file mode 100644
index 8286670..0000000
--- a/polkitd/main.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * main.c : Main for polkitd
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <signal.h>
-
-#include <dbus/dbus-glib.h>
-
-#include "polkit-session.h"
-#include "polkit-manager.h"
-
-#include "polkit-interface-session-glue.h"
-#include "polkit-interface-manager-glue.h"
-
-/** Print out program usage.
- *
- */
-static void
-usage (int argc, char *argv[])
-{
-	fprintf (stderr, "\n" "usage : polkitd [--no-daemon] [--verbose]\n");
-	fprintf (stderr,
-		 "\n"
-		 "        -n, --no-daemon      Do not daemonize\n"
-		 "        -v, --verbose        Print out debug\n"
-		 "        -h, --help           Show this information and exit\n"
-		 "        -V, --version        Output version information and exit"
-		 "\n"
-		 "The PolicyKit daemon maintains a list of privileges and\n"
-		 "provides interfaces for changing it.\n"
-		 "\n"
-		 "For more information visit http://freedesktop.org/Software/hal\n"
-		 "\n");
-}
-
-static void 
-delete_pid (void)
-{
-	unlink (POLKITD_PID_FILE);
-}
-
-static int sigusr1_unix_signal_pipe_fds[2];
-static GIOChannel *sigusr1_iochn = NULL;
-static PolicyKitManager *manager = NULL;
-
-static void 
-handle_sigusr1 (int value)
-{
-	ssize_t written;
-	static char marker[1] = {'S'};
-
-	written = write (sigusr1_unix_signal_pipe_fds[1], marker, 1);
-}
-
-static gboolean
-sigusr1_iochn_data (GIOChannel *source, 
-		    GIOCondition condition, 
-		    gpointer user_data)
-{
-	GError *err = NULL;
-	gchar data[1];
-	gsize bytes_read;
-
-	/* Empty the pipe */
-	if (G_IO_STATUS_NORMAL != 
-	    g_io_channel_read_chars (source, data, 1, &bytes_read, &err)) {
-		g_warning ("Error emptying sigusr1 pipe: %s", err->message);
-		g_error_free (err);
-		goto out;
-	}
-
-	g_debug ("Caught SIGUSR1");
-	if (manager != NULL) {
-		polkit_manager_update_desktop_console_privileges (manager);
-	}
-
-out:
-	return TRUE;
-}
-
-
-int
-main (int argc, char *argv[])
-{
-	DBusGConnection *bus;
-	DBusGProxy *bus_proxy;
-	GError *error = NULL;
-	GMainLoop *mainloop;
-	guint request_name_result;
-	int ret;
-	gboolean no_daemon = FALSE;
-	gboolean is_verbose = FALSE;
-	int pf;
-	ssize_t written;
-	char pid[9];
-	guint sigusr1_iochn_listener_source_id;
-	static const struct option long_options[] = {
-		{"help", no_argument, NULL, 'h'},
-		{"no-daemon", no_argument, NULL, 'n'},
-		{"verbose", no_argument, NULL, 'v'},
-		{"version", no_argument, NULL, 'V'},
-		{NULL, 0, NULL, 0}
-	};
-
-
-	ret = 1;
-
-	g_type_init ();
-
-	while (TRUE) {
-		int c;
-		
-		c = getopt_long (argc, argv, "nhVv", long_options, NULL);
-
-		if (c == -1)
-			break;
-		
-		switch (c) {
-		case 'n':
-			no_daemon = TRUE;
-			break;
-
-		case 'v':
-			is_verbose = TRUE;
-			break;
-
-		case 'h':
-			usage (argc, argv);
-			ret = 0;
-			goto out;
-
-		case 'V':
-			printf (PACKAGE_NAME " version " PACKAGE_VERSION "\n");
-			ret = 0;
-			goto out;
-			
-		default:
-			usage (argc, argv);
-			goto out;
-		}
-	}
-
-
-	if (!no_daemon) {
-		int child_pid;
-		int dev_null_fd;
-
-		if (chdir ("/") < 0) {
-			g_warning ("Could not chdir to /: %s", strerror (errno));
-			goto out;
-		}
-
-		child_pid = fork ();
-		switch (child_pid) {
-		case -1:
-			g_warning ("Cannot fork(): %s", strerror (errno));
-			goto out;
-
-		case 0:
-			/* child */
-			dev_null_fd = open ("/dev/null", O_RDWR);
-			/* ignore if we can't open /dev/null */
-			if (dev_null_fd >= 0) {
-				/* attach /dev/null to stdout, stdin, stderr */
-				dup2 (dev_null_fd, 0);
-				dup2 (dev_null_fd, 1);
-				dup2 (dev_null_fd, 2);
-				close (dev_null_fd);
-			}
-
-			umask (022);
-			break;
-
-		default:
-			/* parent exits */
-			exit (0);
-			break;
-		}
-
-		/* create session */
-		setsid ();
-	} else {
-		g_debug (("not becoming a daemon"));
-	}
-
-	/* remove old pid file */
-	unlink (POLKITD_PID_FILE);
-
-	/* make a new pid file */
-	if ((pf = open (POLKITD_PID_FILE, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0644)) > 0) {
-		snprintf (pid, sizeof(pid), "%lu\n", (long unsigned) getpid ());
-		written = write (pf, pid, strlen(pid));
-		close (pf);
-		g_atexit (delete_pid);
-	}
-
-	g_type_init ();
-
-	dbus_g_object_type_install_info (POLKIT_TYPE_MANAGER, &dbus_glib_polkit_manager_object_info);
-	dbus_g_object_type_install_info (POLKIT_TYPE_SESSION, &dbus_glib_polkit_session_object_info);
-	dbus_g_error_domain_register (POLKIT_MANAGER_ERROR, NULL, POLKIT_MANAGER_TYPE_ERROR);
-	dbus_g_error_domain_register (POLKIT_SESSION_ERROR, NULL, POLKIT_SESSION_TYPE_ERROR);
-
-	mainloop = g_main_loop_new (NULL, FALSE);
-
-	/* Listen for SIGUSR1 - UNIX signal handlers are evil though,
-	 * so set up a pipe to transmit the signal.
-	 */
-
-	/* create pipe */
-	if (pipe (sigusr1_unix_signal_pipe_fds) != 0) {
-		g_warning ("Could not setup pipe, errno=%d", errno);
-		goto out;
-	}
-	
-	/* setup glib handler - 0 is for reading, 1 is for writing */
-	sigusr1_iochn = g_io_channel_unix_new (sigusr1_unix_signal_pipe_fds[0]);
-	if (sigusr1_iochn == NULL) {
-		g_warning ("Could not create GIOChannel");
-		goto out;
-	}
-	
-	/* get callback when there is data to read */
-	sigusr1_iochn_listener_source_id = g_io_add_watch (
-		sigusr1_iochn, G_IO_IN, sigusr1_iochn_data, NULL);
-
-	/* setup UNIX signal handler for SIGUSR1 */
-	signal (SIGUSR1, handle_sigusr1);
-
-	bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
-	if (bus == NULL) {
-		g_warning ("Couldn't connect to system bus: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	bus_proxy = dbus_g_proxy_new_for_name (bus, "org.freedesktop.DBus",
-					       "/org/freedesktop/DBus",
-					       "org.freedesktop.DBus");
-	if (!dbus_g_proxy_call (bus_proxy, "RequestName", &error,
-				G_TYPE_STRING, "org.freedesktop.PolicyKit",
-				G_TYPE_UINT, 0,
-				G_TYPE_INVALID,
-				G_TYPE_UINT, &request_name_result,
-				G_TYPE_INVALID)) {
-		g_warning ("Failed to acquire org.freedesktop.PolicyKit: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	if (request_name_result != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) {
-		g_warning ("There is already a primary owner of the name org.freedesktop.PolicyKit");
-		goto out;
-	}
-	
-
-	manager = polkit_manager_new (bus, bus_proxy);
-	if (manager == NULL) {
-		g_warning ("Could not construct manager object; bailing out");
-		goto out;
-	}
-
-	g_debug ("service running");
-
-	polkit_manager_update_desktop_console_privileges (manager);
-
-	g_main_loop_run (mainloop);
-
-	ret = 0;
-out:
-	return ret;
-}
diff --git a/polkitd/policy.c b/polkitd/policy.c
deleted file mode 100644
index 32c8f78..0000000
--- a/polkitd/policy.c
+++ /dev/null
@@ -1,1217 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * policy.c : Wraps policy
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-
-#include "policy.h"
-
-#ifdef __SUNPRO_C
-#define __FUNCTION__ __func__
-#endif
-
-static char *policy_directory = PACKAGE_SYSCONF_DIR "/PolicyKit/privilege.d";
-
-void
-policy_util_set_policy_directory (const char *directory)
-{
-	policy_directory = g_strdup (directory);
-}
-
-
-typedef enum {
-	POLICY_ELEMENT_TYPE_UID,
-	POLICY_ELEMENT_TYPE_GID
-} PolicyElementType;
-
-
-struct PolicyElement_s
-{
-	PolicyElementType type;
-	union {
-		uid_t uid;
-		gid_t gid;
-	} id;
-	gboolean include_all;
-	gboolean exclude_all;
-	char *resource;
-};
-
-typedef struct PolicyElement_s PolicyElement;
-
-static PolicyElement *
-policy_element_new (void)
-{
-	PolicyElement *elem;
-
-	elem = g_new0 (PolicyElement, 1);
-	return elem;
-}
-
-static void
-policy_element_free (PolicyElement *elem)
-{
-	g_free (elem->resource);
-	g_free (elem);
-}
-
-static void 
-policy_element_free_list (GList *policy_element_list)
-{
-	GList *l;
-
-	for (l = policy_element_list; l != NULL; l = g_list_next (l)) {
-		PolicyElement *elem = (PolicyElement *) l->data;
-		policy_element_free (elem);
-	}
-
-	g_list_free (policy_element_list);
-}
-
-#if 0
-static void
-policy_element_dump (PolicyElement *elem, FILE* fp)
-{
-	char *t;
-
-	if (elem->type == POLICY_ELEMENT_TYPE_UID)
-		t = "uid";
-	else if (elem->type == POLICY_ELEMENT_TYPE_GID)
-		t = "gid";
-	else
-		t = "(Unknown)";
-
-	fprintf (fp, "type:     %s\n", t);
-	if (elem->type == POLICY_ELEMENT_TYPE_UID) {
-		if (elem->include_all) {
-			fprintf (fp, "uid:      all\n");
-		} else if (elem->exclude_all) {
-			fprintf (fp, "uid:      none\n");
-		} else {
-			fprintf (fp, "uid:      %d\n", (int) elem->id.uid);
-		}
-	} else if (elem->type == POLICY_ELEMENT_TYPE_GID) {
-		if (elem->include_all) {
-			fprintf (fp, "gid:      all\n");
-		} else if (elem->exclude_all) {
-			fprintf (fp, "gid:      none\n");
-		} else {
-			fprintf (fp, "gid:      %d\n", (int) elem->id.gid);
-		}
-	}
-	fprintf (fp, "resource: %s\n", elem->resource != NULL ? elem->resource : "(None)");
-}
-#endif
-
-
-static PolicyResult
-txt_backend_read_policy (const char             *policy,
-			 const char             *key,
-			 GList                 **result)
-{
-	int i;
-	GKeyFile *keyfile;
-	GError *error;
-	PolicyResult rc;
-	char *path;
-	char *value = NULL;
-	char **tokens = NULL;
-	char *ttype = NULL;
-	char *tvalue = NULL;
-	char *tresource = NULL;
-	PolicyElement *elem = NULL;
-	GList *res;
-	GList *l;
-	char *token;
-
-	error = NULL;
-	rc = POLICY_RESULT_ERROR;
-	res = NULL;
-	*result = NULL;
-
-	keyfile = g_key_file_new ();
-	path = g_strdup_printf ("%s/%s.privilege", policy_directory, policy);
-	/*g_message ("Loading %s", path);*/
-	if (!g_key_file_load_from_file (keyfile, path, G_KEY_FILE_NONE, &error)) {
-		g_warning ("Couldn't open key-file '%s': %s", path, error->message);
-		g_error_free (error);
-		rc = POLICY_RESULT_NO_SUCH_POLICY;
-		goto out;
-	}
-
-	value = g_key_file_get_string (keyfile, "Privilege", key, &error);
-	if (value == NULL) {
-		g_warning ("Cannot get key '%s' in group 'Policy' in file '%s': %s", key, path, error->message);
-		g_error_free (error);
-		rc = POLICY_RESULT_ERROR;
-		goto out;
-	}
-
-	/*g_message ("value = '%s'", value);*/
-	tokens = g_strsplit (value, " ", 0);
-	for (i = 0; tokens[i] != NULL; i++) {
-		char **components;
-		int num_components;
-
-		token = tokens[i];
-		/*g_message ("  token = '%s'", token);*/
-
-		ttype = NULL;
-		tvalue = NULL;
-		tresource = NULL;
-
-		elem = policy_element_new ();
-
-		components = g_strsplit (token, ":", 3);
-		num_components = g_strv_length (components);
-		if (num_components == 2) {
-			ttype = g_strdup (components[0]);
-			tvalue = g_strdup (components[1]);
-			tresource = NULL;
-		} else if (num_components == 3) {
-			ttype = g_strdup (components[0]);
-			tvalue = g_strdup (components[1]);
-			tresource = g_strdup (components[2]);
-		} else {
-			g_strfreev (components);
-			goto malformed_token;
-		}
-		g_strfreev (components);
-
-		/*g_message ("  type='%s' value='%s' resource='%s'", ttype, tvalue, tresource != NULL ? tresource : "None");*/
-
-		if (strcmp (ttype, "uid") == 0) {
-			elem->type = POLICY_ELEMENT_TYPE_UID;
-			if (strcmp (tvalue, "__all__") == 0) {
-				elem->include_all = TRUE;
-			} else if (strcmp (tvalue, "__none__") == 0) {
-				elem->exclude_all = TRUE;
-			} else {
-				uid_t uid;
-				char *endp;
-				uid = (uid_t) g_ascii_strtoull (tvalue, &endp, 0);
-				if (endp[0] != '\0') {
-					uid = policy_util_name_to_uid (tvalue, NULL);
-					if (uid == (uid_t) -1) {
-						g_warning ("User '%s' does not exist", tvalue);
-						goto malformed_token;
-					}
-				}
-				elem->id.uid = uid;
-			}
-		} else if (strcmp (ttype, "gid") == 0) {
-			elem->type = POLICY_ELEMENT_TYPE_GID;
-			if (strcmp (tvalue, "__all__") == 0) {
-				elem->include_all = TRUE;
-			} else if (strcmp (tvalue, "__none__") == 0) {
-				elem->exclude_all = TRUE;
-			} else {
-				gid_t gid;
-				char *endp;
-				gid = (gid_t) g_ascii_strtoull (tvalue, &endp, 0);
-				if (endp[0] != '\0') {
-					gid = policy_util_name_to_gid (tvalue);
-					if (gid == (gid_t) -1) {
-						g_warning ("Group '%s' does not exist", tvalue);
-						goto malformed_token;
-					}
-				}
-				elem->id.gid = gid;
-			}
-		} else {
-			g_warning ("Token '%s' in key '%s' in group 'Policy' in file '%s' malformed",
-				   token, key, path);
-			goto malformed_token;
-		}
-
-		if (tresource != NULL) {
-			elem->resource = g_strdup (tresource);
-		}
-
-		g_free (ttype);
-		g_free (tvalue);
-		g_free (tresource);
-
-		res = g_list_append (res, elem);
-		/*policy_element_dump (elem, stderr);*/
-
-	}
-
-	*result = res;
-	rc = POLICY_RESULT_OK;
-	goto out;
-
-malformed_token:
-	g_warning ("Token '%s' in key '%s' in group 'Policy' in file '%s' malformed", token, key, path);
-
-	for (l = res; l != NULL; l = g_list_next (l)) {
-		policy_element_free ((PolicyElement *) l->data);
-	}
-	g_list_free (res);
-	policy_element_free (elem);
-	g_free (ttype);
-	g_free (tvalue);
-	g_free (tresource);
-
-out:
-	g_strfreev (tokens);
-	g_free (value);
-
-	g_key_file_free (keyfile);
-	g_free (path);
-
-	return rc;
-}
-
-
-static PolicyResult
-txt_backend_read_list (const char             *policy,
-		       const char             *key,
-		       GList                 **result)
-{
-	int i;
-	GKeyFile *keyfile;
-	GError *error;
-	PolicyResult rc;
-	char *path;
-	char *value = NULL;
-	char **tokens = NULL;
-	GList *res;
-	char *token;
-
-	error = NULL;
-	rc = POLICY_RESULT_ERROR;
-	res = NULL;
-	*result = NULL;
-
-	keyfile = g_key_file_new ();
-	path = g_strdup_printf ("%s/%s.privilege", policy_directory, policy);
-	/*g_message ("Loading %s", path);*/
-	if (!g_key_file_load_from_file (keyfile, path, G_KEY_FILE_NONE, &error)) {
-		g_warning ("Couldn't open key-file '%s': %s", path, error->message);
-		g_error_free (error);
-		rc = POLICY_RESULT_NO_SUCH_POLICY;
-		goto out;
-	}
-
-	value = g_key_file_get_string (keyfile, "Privilege", key, &error);
-	if (value == NULL) {
-		g_warning ("Cannot get key '%s' in group 'Policy' in file '%s': %s", key, path, error->message);
-		g_error_free (error);
-		rc = POLICY_RESULT_ERROR;
-		goto out;
-	}
-
-	/*g_message ("value = '%s'", value);*/
-	tokens = g_strsplit (value, " ", 0);
-	for (i = 0; tokens[i] != NULL; i++) {
-		token = tokens[i];
-		/*g_message ("  token = '%s'", token);*/
-
-		res = g_list_append (res, g_strdup (token));
-	}
-
-	*result = res;
-	rc = POLICY_RESULT_OK;
-
-out:
-	g_strfreev (tokens);
-	g_free (value);
-
-	g_key_file_free (keyfile);
-	g_free (path);
-
-	return rc;
-}
-
-static PolicyResult
-txt_backend_read_word (const char             *policy,
-		       const char             *key,
-		       char                  **result)
-{
-	GKeyFile *keyfile;
-	GError *error;
-	PolicyResult rc;
-	char *path;
-	char *value = NULL;
-
-	error = NULL;
-	rc = POLICY_RESULT_ERROR;
-	*result = NULL;
-
-	keyfile = g_key_file_new ();
-	path = g_strdup_printf ("%s/%s.privilege", policy_directory, policy);
-	/*g_message ("Loading %s", path);*/
-	if (!g_key_file_load_from_file (keyfile, path, G_KEY_FILE_NONE, &error)) {
-		g_warning ("Couldn't open key-file '%s': %s", path, error->message);
-		g_error_free (error);
-		rc = POLICY_RESULT_NO_SUCH_POLICY;
-		goto out;
-	}
-
-	value = g_key_file_get_string (keyfile, "Privilege", key, &error);
-	if (value == NULL) {
-		g_warning ("Cannot get key '%s' in group 'Policy' in file '%s': %s", key, path, error->message);
-		g_error_free (error);
-		rc = POLICY_RESULT_ERROR;
-		goto out;
-	}
-
-	/*g_message ("value = '%s'", value);*/
-
-	*result = g_strdup (value);
-
-	rc = POLICY_RESULT_OK;
-
-out:
-	g_free (value);
-
-	g_key_file_free (keyfile);
-	g_free (path);
-
-	return rc;
-}
-
-static PolicyResult
-policy_get_whitelist (const char           *policy,
-		      GList               **result)
-{
-	return txt_backend_read_policy (policy, "Allow", result);
-}
-
-static PolicyResult
-policy_get_blacklist (const char           *policy,
-		      GList               **result)
-{
-	return txt_backend_read_policy (policy, "Deny", result);
-}
-
-static PolicyResult
-policy_get_sufficient_privileges (const char           *policy,
-				  GList               **result)
-{
-	return txt_backend_read_list (policy, "SufficientPrivileges", result);
-}
-
-static PolicyResult
-policy_get_required_privileges (const char           *policy,
-				GList               **result)
-{
-	return txt_backend_read_list (policy, "RequiredPrivileges", result);
-}
-
-/** Return all elements in the white-list for a policy
- *
- *  @param  result              On success set to a list of dynamically allocated strings. 
- *                              Must be freed by the caller.
- *  @return                     Whether the operation succeeded
- */
-PolicyResult
-policy_get_policies (GList              **result)
-{
-	GDir *dir;
-	GError *error;
-	const char *f;
-
-	error = NULL;
-	*result = NULL;
-
-	if ((dir = g_dir_open (policy_directory, 0, &error)) == NULL) {
-		g_critical ("Unable to open %s: %s", policy_directory, error->message);
-		g_error_free (error);
-		goto error;
-	}
-	while ((f = g_dir_read_name (dir)) != NULL) {
-		if (g_str_has_suffix (f, ".privilege")) {
-			char *s;
-			int pos;
-			
-			s = g_strdup (f);
-			pos = strlen (s) - 10; /* .privilege - 10 chars */
-			if (pos > 0)
-				s[pos] = '\0';
-
-			*result = g_list_append (*result, s);
-		}
-	}
-	
-	g_dir_close (dir);
-
-	return POLICY_RESULT_OK;
-
-error:
-	return POLICY_RESULT_ERROR;
-}
-
-PolicyResult 
-policy_get_auth_details_for_policy (uid_t           uid,
-				    const char     *policy,
-				    const char     *resource,
-				    gboolean       *out_auth_can_obtain,
-				    gboolean       *out_auth_can_obtain_is_temporary,
-				    gboolean       *out_auth_can_grant,
-				    gboolean       *out_auth_obtain_requires_root,
-				    gpointer        have_temp_privilege_userdata,
-				    HaveTempPrivCB  have_temp_privilege)
-{
-	PolicyResult res;
-	GList *required_privs;
-	GList *l;
-	char *can_obtain_word;
-	char *can_grant_word;
-	char *obtain_requires_root_word;
-
-	required_privs = NULL;
-	can_obtain_word = NULL;
-	can_grant_word = NULL;
-
-	*out_auth_can_obtain = FALSE;
-	*out_auth_can_obtain_is_temporary = FALSE;
-	*out_auth_can_grant = FALSE;
-	*out_auth_obtain_requires_root = TRUE;
-
-	res = POLICY_RESULT_ERROR;
-
-	res = txt_backend_read_word (policy, "CanObtain", &can_obtain_word);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	res = txt_backend_read_word (policy, "CanGrant", &can_grant_word);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	res = txt_backend_read_word (policy, "ObtainRequireRoot", &obtain_requires_root_word);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	if (strcmp (can_obtain_word, "True") == 0) {
-		*out_auth_can_obtain = TRUE;
-		*out_auth_can_obtain_is_temporary = FALSE;
-	} else if (strcmp (can_obtain_word, "False") == 0) {
-		*out_auth_can_obtain = FALSE;
-		*out_auth_can_obtain_is_temporary = FALSE;
-	} else if (strcmp (can_obtain_word, "Temporary") == 0) {
-		*out_auth_can_obtain = TRUE;
-		*out_auth_can_obtain_is_temporary = TRUE;
-	} else {
-		g_critical ("CanObtain has bogus value '%s' in privilege '%s'",
-			    can_obtain_word, policy);
-		goto out;
-	}
-
-	if (strcmp (can_grant_word, "True") == 0) {
-		*out_auth_can_grant = TRUE;
-	} else if (strcmp (can_grant_word, "False") == 0) {
-		*out_auth_can_grant = FALSE;
-	} else {
-		g_critical ("CanGrant has bogus value '%s' in privilege '%s'",
-			    can_grant_word, policy);
-		goto out;
-	}
-
-	if (strcmp (obtain_requires_root_word, "True") == 0) {
-		*out_auth_obtain_requires_root = TRUE;
-	} else if (strcmp (obtain_requires_root_word, "False") == 0) {
-		*out_auth_obtain_requires_root = FALSE;
-	} else {
-		g_critical ("ObtainRequireRoot has bogus value '%s' in privilege '%s'",
-			    obtain_requires_root_word, policy);
-		goto out;
-	}
-
-	/* no need to check RequiredPrivileges if said privilege says we can't obtain it */
-	if ((*out_auth_can_obtain) == FALSE)
-		goto determined;
-
-	/* if privilege already requires super user, no need to check RequiredPrivileges */
-	if ((*out_auth_obtain_requires_root) == TRUE)
-		goto determined;
-
-	/* So now the user can obtain the privilege and doesn't
-	 * require root. However, per the spec, if he is lacking any
-	 * of the privileges listed and one or more of these have
-	 *
-	 *  - has ObtainRequiresRoot set to TRUE; or
-	 *
-	 *  - has CanObtain set to FALSE
-	 *
-	 * then effectively ObtainsRequireRoot becomes TRUE.
-	 */
-
-	res = policy_get_required_privileges (policy, &required_privs);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	g_message ("  * obtain_requires_root = %d", *out_auth_obtain_requires_root);
-
-	for (l = required_privs; l != NULL; l = g_list_next (l)) {
-		gboolean has_required_privilege = FALSE;
-		gboolean has_required_privilege_is_temp = FALSE;
-		char *has_required_privilege_is_restricted = NULL;
-		const char *required_privilege = (const char *) l->data;
-		PolicyResult res2;
-
-		g_message ("  checking for required privilege  '%s'", required_privilege);
-
-		has_required_privilege = FALSE;
-		res2 = policy_is_uid_allowed_for_policy (uid,
-							 required_privilege, 
-							 NULL, 
-							 &has_required_privilege,
-							 &has_required_privilege_is_temp,
-							 &has_required_privilege_is_restricted,
-							 have_temp_privilege_userdata,
-							 have_temp_privilege);
-		if (res2 != POLICY_RESULT_OK)
-			goto out;
-
-		g_message ("   has_required_privilege = %d", has_required_privilege);
-
-		if (!has_required_privilege || 
-		    (has_required_privilege && has_required_privilege_is_restricted != NULL)) {
-
-			g_free (can_obtain_word);
-			g_free (can_grant_word);
-			can_obtain_word = NULL;
-			can_grant_word = NULL;
-
-			res = txt_backend_read_word (required_privilege, "CanObtain", 
-						     &can_obtain_word);
-			if (res != POLICY_RESULT_OK)
-				goto out;
-
-			res = txt_backend_read_word (required_privilege, "ObtainRequireRoot", 
-						     &obtain_requires_root_word);
-			if (res != POLICY_RESULT_OK)
-				goto out;
-
-			if (strcmp (can_obtain_word, "False") == 0) {
-				*out_auth_obtain_requires_root = TRUE;
-				goto determined;
-			}
-
-			if (strcmp (obtain_requires_root_word, "True") == 0) {
-				*out_auth_obtain_requires_root = TRUE;
-				goto determined;
-			}
-		}
-	}
-		
-determined:
-	g_message ("  ** obtain_requires_root = %d", *out_auth_obtain_requires_root);
-	res = POLICY_RESULT_OK;
-
-out:
-	if (required_privs != NULL) {
-		g_list_foreach (required_privs, (GFunc) g_free, NULL);
-		g_list_free (required_privs);
-	}
-
-	g_free (can_obtain_word);
-	g_free (can_grant_word);
-
-	return res;
-}
-
-
-
-static void
-afp_process_elem(PolicyElement *elem, gboolean *flag, uid_t uid, guint num_gids, gid_t *gid_list)
-{
-	/*policy_element_dump (elem, stderr);*/
-
-	switch (elem->type) {
-	case POLICY_ELEMENT_TYPE_UID:
-		if (elem->include_all) {
-			*flag = TRUE;
-		} else if (elem->exclude_all) {
-			*flag = FALSE;
-		}else {
-			if (elem->id.uid == uid)
-				*flag = TRUE;
-		}
-		break;
-		
-	case POLICY_ELEMENT_TYPE_GID:
-		if (elem->include_all) {
-			*flag = TRUE;
-		} else if (elem->exclude_all) {
-			*flag = FALSE;
-		}else {
-			guint i;
-			for (i = 0; i < num_gids; i++) {
-				if (elem->id.gid == gid_list[i])
-					*flag = TRUE;
-			}
-		}
-		break;
-	}
-}
-
-PolicyResult
-policy_get_allowed_resources_for_policy_for_uid_gid  (uid_t                  uid, 
-						      guint                  num_gids,
-						      gid_t                 *gid_list,
-						      const char            *policy, 
-						      GList                **result)
-{
-	GList *l;
-	GList *whitelist;
-	GList *blacklist;
-	gboolean is_in_whitelist;
-	gboolean is_in_blacklist;
-	PolicyResult res;
-
-	whitelist = NULL;
-	blacklist = NULL;
-	*result = NULL;
-	res = POLICY_RESULT_ERROR;
-
-	res = policy_get_whitelist (policy, &whitelist);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	res = policy_get_blacklist (policy, &blacklist);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	is_in_whitelist = FALSE;
-	is_in_blacklist = FALSE;
-
-	/*  Algorithm: check each resource in whitelist; 
-	 *               if allowed, check against blacklist.. 
-	 *                 if not in blacklist, push to results  
-	 */
-
-	for (l = whitelist; l != NULL; l = g_list_next (l)) {
-		PolicyElement *elem;
-		gboolean in_whitelist;
-		elem = (PolicyElement *) l->data;
-
-		if (elem->resource != NULL) {
-			/* check if we're allowed for this resource */
-			afp_process_elem (elem, &in_whitelist, uid, num_gids, gid_list);
-			if (in_whitelist) {
-				GList *j;
-				gboolean in_blacklist;
-
-				/* in whitelist.. yes.. now check if this resource is in the black list*/
-
-				in_blacklist = FALSE;
-
-				for (j = blacklist; j != NULL; j = g_list_next (j)) {
-					PolicyElement *elem2;
-					elem2 = (PolicyElement *) j->data;
-
-					if (elem2->resource != NULL && 
-					    strcmp (elem->resource, elem2->resource) == 0) {
-						afp_process_elem (elem2, &in_blacklist, uid, num_gids, gid_list);
-						if (in_blacklist)
-							break;
-					}
-				}
-
-				if (in_whitelist && !in_blacklist)
-					*result = g_list_append (*result, g_strdup (elem->resource));
-			}
-		}
-	}
-
-
-	res = POLICY_RESULT_OK;
-
-out:
-	if (whitelist != NULL)
-		policy_element_free_list (whitelist);
-	if (blacklist != NULL)
-		policy_element_free_list (blacklist);
-
-	return res;	
-}
-
-static PolicyResult 
-_policy_is_uid_gid_allowed_for_policy (uid_t           uid, 
-				       guint           num_gids,
-				       gid_t          *gid_list,
-				       const char     *policy, 
-				       const char     *resource,
-				       gboolean       *out_is_privileged,
-				       gboolean       *out_is_temporary,
-				       char          **out_is_privileged_but_restricted,
-				       gpointer        have_temp_privilege_userdata,
-				       HaveTempPrivCB  have_temp_privilege,
-				       int             recursion_counter)
-{
-	gboolean is_in_whitelist;
-	gboolean is_in_blacklist;
-	GList *l;
-	GList *whitelist;
-	GList *blacklist;
-	GList *sufficient_privs;
-	GList *required_privs;
-	PolicyResult res;
-	PolicyResult res2;
-
-	whitelist = NULL;
-	blacklist = NULL;
-	sufficient_privs = NULL;
-	required_privs = NULL;
-	res = POLICY_RESULT_ERROR;
-
-	*out_is_privileged = FALSE;
-	*out_is_temporary = FALSE;
-	*out_is_privileged_but_restricted = NULL;
-
-	if (recursion_counter > 8) {
-		g_critical ("Maximal (8) recursion depth detected checking privilege '%s'", policy);
-		goto out;
-	}
-
-	res = policy_get_sufficient_privileges (policy, &sufficient_privs);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	/* first check SufficientPrivileges.. if we have one of those, then return TRUE */
-	for (l = sufficient_privs; l != NULL; l = g_list_next (l)) {
-		gboolean has_sufficient_privilege = FALSE;
-		gboolean has_sufficient_privilege_is_temp = FALSE;
-		char *has_sufficient_privilege_is_restricted = NULL;
-		const char *sufficient_privilege = (const char *) l->data;
-
-		g_message ("  checking for sufficient privilege  '%s'", sufficient_privilege);
-
-		has_sufficient_privilege = FALSE;
-		res2 = _policy_is_uid_gid_allowed_for_policy (uid, num_gids, gid_list, 
-							      sufficient_privilege, NULL, 
-							      &has_sufficient_privilege,
-							      &has_sufficient_privilege_is_temp,
-							      &has_sufficient_privilege_is_restricted,
-							      have_temp_privilege_userdata,
-							      have_temp_privilege, recursion_counter + 1);
-		if (res2 != POLICY_RESULT_OK)
-			goto out;
-
-		if (has_sufficient_privilege && has_sufficient_privilege_is_restricted == NULL) {
-			g_message ("Returned TRUE because we have the sufficient privilege '%s' for privilege '%s'",
-				   sufficient_privilege, policy);
-			res = POLICY_RESULT_OK;
-			*out_is_privileged = TRUE;			
-			*out_is_temporary = has_sufficient_privilege_is_temp;
-			*out_is_privileged_but_restricted = NULL;
-			goto out;
-		}
-	}
-
-	/* then check temporary privileges as it's OK to have a
-	 * privilege temporarily without having the all the
-	 * RequiredPrivileges.
-	 */
-
-	if ((*out_is_privileged == FALSE) && have_temp_privilege != NULL) {
-		gboolean ignore_resource;
-
-		if (recursion_counter == 0)
-			ignore_resource = FALSE;
-		else
-			ignore_resource = TRUE;
-
-		/* TODO: ask for restriction */
-		if (have_temp_privilege (uid, policy, resource, ignore_resource, have_temp_privilege_userdata)) {
-
-			res = POLICY_RESULT_OK;
-			*out_is_privileged = TRUE;
-			*out_is_temporary = TRUE;
-			*out_is_privileged_but_restricted = NULL;
-			goto out;
-		}
-	}
-
-
-	/* now check RequiredPrivileges.. if we have don't have all of those, then return FALSE */
-
-	res = policy_get_required_privileges (policy, &required_privs);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	for (l = required_privs; l != NULL; l = g_list_next (l)) {
-		gboolean has_required_privilege = FALSE;
-		gboolean has_required_privilege_is_temp = FALSE;
-		char *has_required_privilege_is_restricted = NULL;
-		const char *required_privilege = (const char *) l->data;
-
-		g_message ("  checking for required privilege  '%s'", required_privilege);
-
-		has_required_privilege = FALSE;
-		res2 = _policy_is_uid_gid_allowed_for_policy (uid, num_gids, gid_list, 
-							      required_privilege, NULL, 
-							      &has_required_privilege,
-							      &has_required_privilege_is_temp,
-							      &has_required_privilege_is_restricted,
-							      have_temp_privilege_userdata,
-							      have_temp_privilege, recursion_counter + 1);
-		if (res2 != POLICY_RESULT_OK)
-			goto out;
-
-		if (!has_required_privilege || 
-		    (has_required_privilege && has_required_privilege_is_restricted != NULL)) {
-			g_message ("Returned FALSE because we don't have the required privilege '%s' for privilege '%s'",
-				   required_privilege, policy);
-			res = POLICY_RESULT_OK;
-			*out_is_privileged = FALSE;			
-			*out_is_temporary = TRUE;
-			*out_is_privileged_but_restricted = NULL;
-			goto out;
-		}
-	}
-
-	/* Check against whitelist and blacklist */
-
-	res = policy_get_whitelist (policy, &whitelist);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	res = policy_get_blacklist (policy, &blacklist);
-	if (res != POLICY_RESULT_OK)
-		goto out;
-
-	is_in_whitelist = FALSE;
-	is_in_blacklist = FALSE;
-
-	/*  Algorithm: To succeed.. we must be in the whitelist.. and not in the blacklist */
-
-	for (l = whitelist; l != NULL; l = g_list_next (l)) {
-		PolicyElement *elem;
-		elem = (PolicyElement *) l->data;
-		if ((elem->resource == NULL) ||
-		    ((resource != NULL) && (strcmp (elem->resource, resource) == 0))) {
-			afp_process_elem (elem, &is_in_whitelist, uid, num_gids, gid_list);
-		}
-	}
-
-	for (l = blacklist; l != NULL; l = g_list_next (l)) {
-		PolicyElement *elem;
-		elem = (PolicyElement *) l->data;
-		if ((elem->resource == NULL) ||
-		    ((resource != NULL) && (strcmp (elem->resource, resource) == 0))) {
-			afp_process_elem (elem, &is_in_blacklist, uid, num_gids, gid_list);
-		}
-	}
-
-	*out_is_privileged =  is_in_whitelist && (!is_in_blacklist);
-	*out_is_temporary = FALSE;
-	*out_is_privileged_but_restricted = NULL;
-
-	res = POLICY_RESULT_OK;
-
-out:
-	if (required_privs != NULL) {
-		g_list_foreach (required_privs, (GFunc) g_free, NULL);
-		g_list_free (required_privs);
-	}
-	if (sufficient_privs != NULL) {
-		g_list_foreach (sufficient_privs, (GFunc) g_free, NULL);
-		g_list_free (sufficient_privs);
-	}
-	if (whitelist != NULL)
-		policy_element_free_list (whitelist);
-	if (blacklist != NULL)
-		policy_element_free_list (blacklist);
-
-	return res;	
-}
-
-
-PolicyResult 
-policy_is_uid_gid_allowed_for_policy (uid_t           uid, 
-				      guint           num_gids,
-				      gid_t          *gid_list,
-				      const char     *policy, 
-				      const char     *resource,
-				      gboolean       *out_is_privileged,
-				      gboolean       *out_is_temporary,
-				      char          **out_is_privileged_but_restricted,
-				      gpointer        have_temp_privilege_userdata,
-				      HaveTempPrivCB  have_temp_privilege)
-{
-	return _policy_is_uid_gid_allowed_for_policy (uid, num_gids, gid_list, policy, 
-						      resource, 
-						      out_is_privileged, 
-						      out_is_temporary, 
-						      out_is_privileged_but_restricted, 
-						      have_temp_privilege_userdata,
-						      have_temp_privilege, 0);
-}
-
-char *
-policy_util_uid_to_name (uid_t  uid, 
-			 gid_t *default_gid)
-{
-	int rc;
-	char *res;
-	char *buf = NULL;
-	unsigned int bufsize;
-	struct passwd pwd;
-	struct passwd *pwdp;
-
-	res = NULL;
-
-	bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
-	buf = g_new0 (char, bufsize);
-
-	rc = getpwuid_r (uid, &pwd, buf, bufsize, &pwdp);
-	if (rc != 0 || pwdp == NULL) {
-		/*g_warning ("getpwuid_r() returned %d", rc);*/
-		goto out;
-	}
-
-	res = g_strdup (pwdp->pw_name);
-	if (default_gid != NULL)
-		*default_gid = pwdp->pw_gid;
-
-out:
-	g_free (buf);
-	return res;
-}
-
-char *
-policy_util_gid_to_name (gid_t gid)
-{
-	int rc;
-	char *res;
-	char *buf = NULL;
-	unsigned int bufsize;
-	struct group gbuf;
-	struct group *gbufp;
-
-	res = NULL;
-
-	bufsize = sysconf (_SC_GETGR_R_SIZE_MAX);
-	buf = g_new0 (char, bufsize);
-		
-	rc = getgrgid_r (gid, &gbuf, buf, bufsize, &gbufp);
-	if (rc != 0 || gbufp == NULL) {
-		/*g_warning ("getgrgid_r() returned %d", rc);*/
-		goto out;
-	}
-
-	res = g_strdup (gbufp->gr_name);
-
-out:
-	g_free (buf);
-	return res;
-}
-
-
-
-uid_t
-policy_util_name_to_uid (const char *username, gid_t *default_gid)
-{
-	int rc;
-	uid_t res;
-	char *buf = NULL;
-	unsigned int bufsize;
-	struct passwd pwd;
-	struct passwd *pwdp;
-
-	res = (uid_t) -1;
-
-	bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
-	buf = g_new0 (char, bufsize);
-		
-	rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp);
-	if (rc != 0 || pwdp == NULL) {
-		/*g_warning ("getpwnam_r() returned %d", rc);*/
-		goto out;
-	}
-
-	res = pwdp->pw_uid;
-	if (default_gid != NULL)
-		*default_gid = pwdp->pw_gid;
-
-out:
-	g_free (buf);
-	return res;
-}
-
-gid_t 
-policy_util_name_to_gid (const char *groupname)
-{
-	int rc;
-	gid_t res;
-	char *buf = NULL;
-	unsigned int bufsize;
-	struct group gbuf;
-	struct group *gbufp;
-
-	res = (gid_t) -1;
-
-	bufsize = sysconf (_SC_GETGR_R_SIZE_MAX);
-	buf = g_new0 (char, bufsize);
-		
-	rc = getgrnam_r (groupname, &gbuf, buf, bufsize, &gbufp);
-	if (rc != 0 || gbufp == NULL) {
-		/*g_warning ("getgrnam_r() returned %d", rc);*/
-		goto out;
-	}
-
-	res = gbufp->gr_gid;
-
-out:
-	g_free (buf);
-	return res;
-}
-
-PolicyResult 
-policy_get_allowed_resources_for_policy_for_uid (uid_t                  uid, 
-						 const char            *policy, 
-						 GList                **result)
-{
-	int num_groups = 0;
-	gid_t *groups = NULL;
-	char *username;
-	gid_t default_gid;
-	PolicyResult  r;
-
-	r = POLICY_RESULT_ERROR;
-
-	if ((username = policy_util_uid_to_name (uid, &default_gid)) == NULL)
-		goto out;
-
-	if (getgrouplist(username, default_gid, NULL, &num_groups) < 0) {
-		groups = (gid_t *) g_new0 (gid_t, num_groups);
-		if (getgrouplist(username, default_gid, groups, &num_groups) < 0) {
-			g_warning ("getgrouplist() failed");
-			goto out;
-		}
-	}
-
-	r = policy_get_allowed_resources_for_policy_for_uid_gid (uid,
-								 num_groups,
-								 groups,
-								 policy,
-								 result);
-
-out:
-	g_free (username);
-	g_free (groups);
-	return r;
-}
-
-PolicyResult 
-policy_is_uid_allowed_for_policy (uid_t           uid, 
-				  const char     *policy, 
-				  const char     *resource,
-				  gboolean       *out_is_privileged,
-				  gboolean       *out_is_temporary,
-				  char          **out_is_privileged_but_restricted,
-				  gpointer        have_temp_privilege_userdata,
-				  HaveTempPrivCB  have_temp_privilege)
-{
-	int num_groups = 0;
-	gid_t *groups = NULL;
-	char *username;
-	gid_t default_gid;
-	PolicyResult  r;
-
-	r = POLICY_RESULT_ERROR;
-
-	if ((username = policy_util_uid_to_name (uid, &default_gid)) == NULL)
-		goto out;
-
-	if (getgrouplist(username, default_gid, NULL, &num_groups) < 0) {
-		groups = (gid_t *) g_new0 (gid_t, num_groups);
-		if (getgrouplist(username, default_gid, groups, &num_groups) < 0) {
-			g_warning ("getgrouplist() failed");
-			goto out;
-		}
-	}
-
-	r = policy_is_uid_gid_allowed_for_policy (uid,
-						  num_groups,
-						  groups,
-						  policy,
-						  resource,
-						  out_is_privileged, 
-						  out_is_temporary, 
-						  out_is_privileged_but_restricted, 
-						  have_temp_privilege_userdata,
-						  have_temp_privilege);
-
-out:
-	g_free (username);
-	g_free (groups);
-	return r;
-}
-
-
-#ifndef HAVE_GETGROUPLIST
-/* Get group list for the named user.
- * Return up to ngroups in the groups array.
- * Return actual number of groups in ngroups.
- * Return -1 if more groups found than requested.
- */
-int
-getgrouplist (const char *name, int baseid, int *groups, int *ngroups)
-{
-	struct group *g;
-	int n = 0;
-	int i;
-	int ret;
-
-	if (*ngroups <= 0) {
-		return (-1);
-	}
-
-	*groups++ = baseid;
-	n++;
-
-	setgrent ();
-	while ((g = getgrent ()) != NULL) {
-		for (i = 0; g->gr_mem[i]; i++) {
-			if (strcmp (name, g->gr_mem[0]) == 0) {
-				*groups++ = g->gr_gid;
-				if (++n > *ngroups) {
-					break;
-				}
-			}
-		}
-	}
-	endgrent ();
-
-	ret = (n > *ngroups) ? -1 : n;
-	*ngroups = n;
-	return (ret);
-}
-#endif
diff --git a/polkitd/policy.h b/polkitd/policy.h
deleted file mode 100644
index 94a2fd3..0000000
--- a/polkitd/policy.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * policy.h : Wraps policy
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifndef POLICY_H
-#define POLICY_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-
-typedef enum {
-	POLICY_RESULT_OK,
-	POLICY_RESULT_ERROR,
-	POLICY_RESULT_NO_SUCH_POLICY
-} PolicyResult;
-
-typedef gboolean (*HaveTempPrivCB) (uid_t        user,
-				    const char  *privilege,
-				    const char  *resource,
-				    gboolean     ignore_resource,
-				    gpointer     userdata);
-
-
-PolicyResult policy_get_policies                                  (GList         **result);
-
-PolicyResult policy_is_uid_allowed_for_policy                     (uid_t           uid, 
-								   const char     *policy, 
-								   const char     *resource,
-								   gboolean       *out_is_privileged,
-								   gboolean       *out_is_temporary,
-								   char          **out_is_privileged_but_restricted,
-								   gpointer        have_temp_privilege_userdata,
-								   HaveTempPrivCB  have_temp_privilege);
-								   
-
-PolicyResult policy_get_auth_details_for_policy                   (uid_t           uid,
-								   const char     *policy,
-								   const char     *resource,
-								   gboolean       *out_auth_can_obtain,
-								   gboolean       *out_auth_can_obtain_is_temporary,
-								   gboolean       *out_auth_can_grant,
-								   gboolean       *out_auth_obtain_requires_root,
-								   gpointer        have_temp_privilege_userdata,
-								   HaveTempPrivCB  have_temp_privilege);
-
-
-PolicyResult policy_get_allowed_resources_for_policy_for_uid      (uid_t           uid, 
-								   const char     *policy, 
-								   GList         **result);
-
-PolicyResult policy_get_allowed_resources_for_policy_for_uid_gid  (uid_t           uid, 
-								   guint           num_gids,
-								   gid_t          *gid_list,
-								   const char     *policy, 
-								   GList         **result);
-
-PolicyResult policy_is_uid_gid_allowed_for_policy                 (uid_t           uid, 
-								   guint           num_gids,
-								   gid_t          *gid_list,
-								   const char     *policy, 
-								   const char     *resource,
-								   gboolean       *out_is_privileged,
-								   gboolean       *out_is_temporary,
-								   char          **out_is_privileged_but_restricted,
-								   gpointer        have_temp_privilege_userdata,
-								   HaveTempPrivCB  have_temp_privilege);
-
-char        *policy_util_uid_to_name                              (uid_t           uid, 
-								   gid_t          *default_gid);
-
-char        *policy_util_gid_to_name                              (gid_t           gid);
-
-uid_t        policy_util_name_to_uid                              (const char     *username, 
-								   gid_t          *default_gid);
-
-gid_t        policy_util_name_to_gid                              (const char     *groupname);
-
-void         policy_util_set_policy_directory                     (const char     *directory);
-
-#endif /* POLICY_H */
-
-
diff --git a/polkitd/polkit-manager.c b/polkitd/polkit-manager.c
deleted file mode 100644
index a7268f7..0000000
--- a/polkitd/polkit-manager.c
+++ /dev/null
@@ -1,1089 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-manager.c : Manager object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#include <string.h>
-#define DBUS_API_SUBJECT_TO_CHANGE
-#include <dbus/dbus.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include "polkit-marshal.h"
-#include "polkit-manager.h"
-#include "polkit-session.h"
-
-#include "policy.h"
-
-typedef struct
-{
-	uid_t user;
-	char *privilege;
-	char *resource;
-	char *system_bus_unique_name; /* whether the tmp priv is restricted to e.g. :1.43 */
-} TemporaryPrivilege;
-
-struct PolicyKitManagerPrivate
-{
-	DBusGConnection *connection;
-	DBusGProxy *bus_proxy;
-
-	GList *temporary_privileges;
-
-	GHashTable *connection_name_to_caller_info;
-
-	GHashTable *connection_name_to_session_object;
-};
-
-G_DEFINE_TYPE(PolicyKitManager, polkit_manager, G_TYPE_OBJECT)
-
-static GObjectClass *parent_class = NULL;
-
-
-
-static void
-_granting_temp_priv (PolicyKitManager *manager, 
-		     TemporaryPrivilege *p)
-{
-	g_debug ("Granting temporary privilege '%s' to uid %d on resource '%s'",
-		 p->privilege, p->user, p->resource != NULL ? p->resource : "(none)");
-	/* TODO: send out D-BUS signal */
-}
-
-static void
-_revoking_temp_priv (PolicyKitManager *manager, 
-		     TemporaryPrivilege *p)
-{
-	g_debug ("Revoking temporary privilege '%s' to uid %d on resource '%s'",
-		 p->privilege, p->user, p->resource != NULL ? p->resource : "(none)");
-	/* TODO: send out D-BUS signal */
-}
-
-
-typedef struct {
-	uid_t  uid;
-	pid_t  pid;
-} CallerInfo;
-
-static void 
-caller_info_delete (gpointer data)
-{
-	CallerInfo *caller_info = (CallerInfo *) data;
-	g_free (caller_info);
-}
-
-static void
-polkit_manager_init (PolicyKitManager *manager)
-{
-	manager->priv = g_new0 (PolicyKitManagerPrivate, 1);
-	manager->priv->connection = NULL;
-	manager->priv->temporary_privileges = NULL;
-
-	manager->priv->connection_name_to_caller_info = g_hash_table_new_full (g_str_hash,
-									       g_str_equal,
-									       g_free,
-									       caller_info_delete);
-
-	manager->priv->connection_name_to_session_object = g_hash_table_new_full (g_str_hash,
-										  g_str_equal,
-										  g_free,
-										  NULL);
-}
-
-static void
-polkit_manager_finalize (PolicyKitManager *manager)
-{
-	dbus_g_connection_unref (manager->priv->connection);
-
-	g_hash_table_destroy (manager->priv->connection_name_to_caller_info);
-
-	g_free (manager->priv);
-
-	G_OBJECT_CLASS (parent_class)->finalize (G_OBJECT (manager));
-}
-
-static void
-polkit_manager_class_init (PolicyKitManagerClass *klass)
-{
-	GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-
-	gobject_class->finalize = (GObjectFinalizeFunc) polkit_manager_finalize;
-	parent_class = g_type_class_peek_parent (klass);
-}
-
-GQuark
-polkit_manager_error_quark (void)
-{
-	static GQuark ret = 0;
-	if (ret == 0)
-		ret = g_quark_from_static_string ("PolkitManagerObjectErrorQuark");
-	return ret;
-}
-
-#define ENUM_ENTRY(NAME, DESC) { NAME, "" #NAME "", DESC }
-
-GType
-polkit_manager_error_get_type (void)
-{
-	static GType etype = 0;
-	
-	if (etype == 0) {
-		static const GEnumValue values[] = {
-			ENUM_ENTRY (POLKIT_MANAGER_ERROR_NO_SUCH_USER, "NoSuchUser"),
-			ENUM_ENTRY (POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE, "NoSuchPrivilege"),
-			ENUM_ENTRY (POLKIT_MANAGER_ERROR_NOT_PRIVILEGED, "NotPrivileged"),
-			ENUM_ENTRY (POLKIT_MANAGER_ERROR_CANNOT_OBTAIN_PRIVILEGE, "CannotObtainPrivilege"),
-			ENUM_ENTRY (POLKIT_MANAGER_ERROR_ERROR, "Error"),
-			{ 0, 0, 0 }
-		};
-		
-		g_assert (POLKIT_MANAGER_NUM_ERRORS == G_N_ELEMENTS (values) - 1);
-		
-		etype = g_enum_register_static ("PolkitManagerError", values);
-	}
-	
-	return etype;
-}
-
-
-static void
-bus_name_owner_changed (DBusGProxy  *bus_proxy, 
-			const char  *service_name, 
-			const char  *old_service_name, 
-			const char  *new_service_name, 
-			gpointer     user_data)
-{
-	PolicyKitManager *manager = POLKIT_MANAGER (user_data);
-
-	/* track disconnects of clients */
-
-	if (strlen (new_service_name) == 0) {
-		CallerInfo *caller_info;
-		PolicyKitSession *session;
-		GList *i;
-		TemporaryPrivilege *p;
-
-		/* evict CallerInfo from cache */
-		caller_info = (CallerInfo *) g_hash_table_lookup (manager->priv->connection_name_to_caller_info, 
-								  old_service_name);
-		if (caller_info != NULL) {
-			g_hash_table_remove (manager->priv->connection_name_to_caller_info, old_service_name);
-		}
-
-		/* session object */
-		session = POLKIT_SESSION (g_hash_table_lookup (manager->priv->connection_name_to_session_object,
-							       old_service_name));
-		if (session != NULL) {
-			/* possibly revoke temporary privileges granted */
-			polkit_session_initiator_disconnected (session);
-
-			/* end the session */
-			g_object_unref (session);
-
-			g_hash_table_remove (manager->priv->connection_name_to_session_object, old_service_name);
-		}
-
-		/* revoke any temporary privileges that is restricted to this name */
-		for (i = manager->priv->temporary_privileges; i != NULL; ) {
-			p = (TemporaryPrivilege *) i->data;
-
-			i = g_list_next (i);
-
-			if (p->system_bus_unique_name != NULL && 
-			    strcmp (p->system_bus_unique_name, old_service_name) == 0) {
-
-				/* da, revoke this privilege */
-				_revoking_temp_priv (manager, p);
-
-				g_free (p->privilege);
-				g_free (p->resource);
-				g_free (p->system_bus_unique_name);
-				g_free (p);
-
-				manager->priv->temporary_privileges = g_list_remove (
-					manager->priv->temporary_privileges, p);
-			}
-		}
-
-	}
-
-	/*g_message ("NameOwnerChanged: service_name='%s', old_service_name='%s' new_service_name='%s'", 
-	  service_name, old_service_name, new_service_name);*/
-	
-}
-
-
-static gboolean
-session_remover (gpointer key,
-		 gpointer value,
-		 gpointer user_data)
-{
-	if (value == user_data) {
-		return TRUE;
-	}
-	return FALSE;
-}
-
-static void
-session_finalized (gpointer  data,
-		   GObject  *where_the_object_was)
-{
-	PolicyKitManager *manager = POLKIT_MANAGER (data);
-	
-	g_hash_table_foreach_remove (manager->priv->connection_name_to_session_object, 
-				     session_remover,
-				     where_the_object_was);
-}
-
-PolicyKitManager *
-polkit_manager_new (DBusGConnection *connection, DBusGProxy *bus_proxy)
-{
-	PolicyKitManager *manager;
-
-	manager = g_object_new (POLKIT_TYPE_MANAGER, NULL);
-	manager->priv->connection = dbus_g_connection_ref (connection);
-	dbus_g_connection_register_g_object (manager->priv->connection, 
-					     "/org/freedesktop/PolicyKit/Manager", 
-					     G_OBJECT (manager));
-
-	manager->priv->bus_proxy = bus_proxy;
-
-	dbus_g_object_register_marshaller (polkit_marshal_VOID__STRING_STRING_STRING, 
-					   G_TYPE_NONE, 
-					   G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_INVALID);
-	dbus_g_proxy_add_signal (bus_proxy, "NameOwnerChanged", G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_INVALID);
-	dbus_g_proxy_connect_signal (bus_proxy, "NameOwnerChanged", G_CALLBACK (bus_name_owner_changed),
-				     manager, NULL);
-
-	return manager;
-}
-
-
-static uid_t
-uid_from_username (const char *user)
-{
-	uid_t uid;
-
-	if (g_ascii_isdigit (user[0])) {
-		char *endp;
-		uid = (uid_t) g_ascii_strtoull (user, &endp, 0);
-		if (endp[0] != '\0') {
-			uid = (uid_t) -1;
-		}
-	} else {
-		uid = policy_util_name_to_uid (user, NULL);
-	}
-
-	return uid;
-}
-
-/* remote methods */
-
-static int
-safe_strcmp (const char *s1, const char *s2)
-{
-	if (s1 == NULL || s2 == NULL)
-		return 0;
-	else
-		return strcmp (s1, s2);
-}
-
-gboolean
-polkit_manager_get_caller_info (PolicyKitManager      *manager,
-				const char            *sender,
-				uid_t                 *calling_uid, 
-				pid_t                 *calling_pid)
-{
-	gboolean res;
-	CallerInfo *caller_info;
-	GError *error = NULL;
-#if 0
-	GArray *calling_selinux_context;
-#endif
-	res = FALSE;
-
-	if (sender == NULL)
-		goto out;
-
-	caller_info = g_hash_table_lookup (manager->priv->connection_name_to_caller_info,
-					   sender);
-	if (caller_info != NULL) {
-
-		res = TRUE;
-		*calling_uid = caller_info->uid;
-		*calling_pid = caller_info->pid;
-		/*g_message ("uid = %d (cached)", *calling_uid);
-		  g_message ("pid = %d (cached)", *calling_pid);*/
-		goto out;
-	}
-
-	if (!dbus_g_proxy_call (manager->priv->bus_proxy, "GetConnectionUnixUser", &error,
-				G_TYPE_STRING, sender,
-				G_TYPE_INVALID,
-				G_TYPE_UINT, calling_uid,
-				G_TYPE_INVALID)) {
-		g_warning ("GetConnectionUnixUser() failed: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	if (!dbus_g_proxy_call (manager->priv->bus_proxy, "GetConnectionUnixProcessID", &error,
-				G_TYPE_STRING, sender,
-				G_TYPE_INVALID,
-				G_TYPE_UINT, calling_pid,
-				G_TYPE_INVALID)) {
-		g_warning ("GetConnectionUnixProcessID() failed: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-#if 0
-	if (!dbus_g_proxy_call (manager->priv->bus_proxy, "GetConnectionSELinuxSecurityContext", &error,
-				G_TYPE_STRING, sender,
-				G_TYPE_INVALID,
-				dbus_g_type_get_collection ("GArray", G_TYPE_UCHAR), &calling_selinux_context,
-				G_TYPE_INVALID)) {
-		g_warning ("GetConnectionSELinuxSecurityContext() failed: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	char *selinux_context_string;
-	g_array_append_val (calling_selinux_context, "\0");
-	selinux_context_string = (char *) g_array_free (calling_selinux_context, FALSE);
-	g_message ("selinux context = '%s' for sender '%s'", selinux_context_string, sender);
-	g_free (selinux_context_string);
-#endif
-
-	caller_info = g_new0 (CallerInfo, 1);
-	caller_info->uid = *calling_uid;
-	caller_info->pid = *calling_pid;
-
-	g_hash_table_insert (manager->priv->connection_name_to_caller_info,
-			     g_strdup (sender), 
-			     caller_info);
-
-	res = TRUE;
-
-	/*g_message ("uid = %d", *calling_uid);
-	  g_message ("pid = %d", *calling_pid);*/
-
-out:
-	return res;
-}
-
-
-typedef struct 
-{
-	PolicyKitManager      *manager;
-	char                  *system_bus_unique_name;
-	char                  *privileged_but_restricted_to;
-	gboolean               is_temporary;
-} TempPrivCheckUserData;
-
-static gboolean
-_check_for_temp_privilege (uid_t       user,
-			   const char *privilege,
-			   const char *resource,
-			   gboolean    ignore_resource,
-			   gpointer    userdata)
-{
-	GList *i;
-	TempPrivCheckUserData *tpcud = (TempPrivCheckUserData *) userdata;
-	gboolean is_privileged;
-	
-	is_privileged = FALSE;
-
-	g_message ("in _check_for_temp_privilege for user=%d priv=%s resource=%s sbun=%s",
-		   user, privilege, resource, tpcud->system_bus_unique_name);
-
-	for (i = tpcud->manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
-		TemporaryPrivilege *p;
-		gboolean res_match;
-
-		p = (TemporaryPrivilege *) i->data;
-
-		if (ignore_resource) {
-			res_match = TRUE;
-		} else {
-			if (resource == NULL || strlen (resource) == 0)
-				res_match = (p->resource == NULL);
-			else
-				res_match = (safe_strcmp (p->resource, resource) == 0);
-		}
-		
-		if ((strcmp (p->privilege, privilege) == 0) &&
-		    res_match &&
-		    (p->user == user)) {
-
-			if (p->system_bus_unique_name == NULL) {
-				is_privileged = TRUE;
-				tpcud->is_temporary = TRUE;
-				break;
-			} else if (strcmp (p->system_bus_unique_name, tpcud->system_bus_unique_name) == 0) {
-				is_privileged = TRUE;
-				tpcud->is_temporary = TRUE;
-				break;
-			} else {
-				tpcud->privileged_but_restricted_to = p->system_bus_unique_name;
-			}
-			
-		}
-	}
-
-	return is_privileged;
-}
-
-gboolean
-polkit_manager_initiate_temporary_privilege_grant (PolicyKitManager       *manager, 
-						   char                   *user,
-						   char                   *privilege,
-						   char                   *resource,
-						   DBusGMethodInvocation  *context)
-{
-	uid_t calling_uid;
-	pid_t calling_pid;
-	uid_t uid;
-	PolicyKitSession *session;
-	char *sender;
-
-	/* TODO: need to handle limit number of session to prevent DOS.
-	 *       Or is dbus-daemon sufficient for that; I think so..
-	 */
-
-	if (!polkit_manager_get_caller_info (manager, 
-					     dbus_g_method_get_sender (context), 
-					     &calling_uid, 
-					     &calling_pid)) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-	sender = dbus_g_method_get_sender (context);
-
-	uid = uid_from_username (user);
-
-	if (uid == (uid_t) -1) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NO_SUCH_USER,
-							 "There is no user '%s'.",
-							 user));
-		return FALSE;
-	}
-
-	
-	gboolean auth_can_obtain;
-	gboolean auth_can_obtain_is_temporary;
-	gboolean auth_can_grant;
-	gboolean auth_obtain_requires_root;
-	PolicyResult res;
-	TempPrivCheckUserData tpcud;
-
-	tpcud.manager = manager;
-	tpcud.system_bus_unique_name = NULL;
-	tpcud.privileged_but_restricted_to = "";
-	tpcud.is_temporary = FALSE;
-
-	res = policy_get_auth_details_for_policy (uid,
-						  privilege,
-						  resource,
-						  &auth_can_obtain,
-						  &auth_can_obtain_is_temporary,
-						  &auth_can_grant,
-						  &auth_obtain_requires_root,
-						  &tpcud,
-						  _check_for_temp_privilege);
-
-	if (!auth_can_obtain) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "The privilege %s cannot be obtained.", privilege));
-		return FALSE;
-	}
-
-	session = polkit_session_new (manager->priv->connection, 
-				      manager,
-				      calling_uid,
-				      sender,
-				      uid,
-				      privilege,
-				      strlen (resource) > 0 ? resource : NULL,
-				      auth_obtain_requires_root);
-
-	g_object_weak_ref (G_OBJECT (session),
-			   session_finalized,
-			   manager);
-
-	g_hash_table_insert (manager->priv->connection_name_to_session_object,
-			     sender,
-			     session);
-
-	//g_timeout_add (5 * 1000, destroy_session_after_timeout, session);
-
-	dbus_g_method_return (context,
-			      g_strdup (((char *) g_object_get_data (G_OBJECT (session), "dbus_glib_object_path"))));
-	return TRUE;
-}
-
-gboolean
-polkit_manager_is_user_privileged (PolicyKitManager      *manager, 
-				   char                  *system_bus_unique_name,
-				   char                  *user,
-				   char                  *privilege,
-				   char                  *resource,
-				   DBusGMethodInvocation *context)
-{
-	uid_t calling_uid;
-	pid_t calling_pid;
-	uid_t uid;
-	PolicyResult res;
-	gboolean is_privileged;
-	gboolean is_temporary;
-	char *is_privileged_but_restricted_to = NULL;
-	TempPrivCheckUserData tpcud;
-
-	if (!polkit_manager_get_caller_info (manager, 
-					     dbus_g_method_get_sender (context), 
-					     &calling_uid, 
-					     &calling_pid)) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-	is_privileged = FALSE;
-
-	uid = uid_from_username (user);
-
-	if (uid == (uid_t) -1) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NO_SUCH_USER,
-							 "There is no user '%s'.",
-							 user));
-		return FALSE;
-	}
-
-	/* TODO: check if given uid is privileged to ask for this */
-	if (FALSE) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
-							 "You are not authorized to know this."));
-		return FALSE;
-	}
-
-	tpcud.manager = manager;
-	tpcud.system_bus_unique_name = system_bus_unique_name;
-	tpcud.privileged_but_restricted_to = "";
-	tpcud.is_temporary = FALSE;
-	res = policy_is_uid_allowed_for_policy (uid,
-						privilege,
-						strlen (resource) > 0 ? resource : NULL,
-						&is_privileged,
-						&is_temporary,
-						&is_privileged_but_restricted_to,
-						&tpcud,
-						_check_for_temp_privilege);
-	switch (res) {
-	case POLICY_RESULT_OK:
-		break;
-
-	case POLICY_RESULT_NO_SUCH_POLICY:
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE,
-							 "There is no such privilege '%s'.",
-							 privilege));
-		return FALSE;
-
-	default: /* explicit fallthrough */
-	case POLICY_RESULT_ERROR:
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-
-	/* if we ended up being privileged, then don't fill in the _but_restricted_to */
-	if (is_privileged) {
-		g_free (is_privileged_but_restricted_to);
-		is_privileged_but_restricted_to = g_strdup ("");
-	}
-
-	dbus_g_method_return (context, is_privileged, is_temporary, is_privileged_but_restricted_to);
-
-	g_free (is_privileged_but_restricted_to);
-
-	return TRUE;
-}
-
-
-gboolean
-polkit_manager_get_allowed_resources_for_privilege (PolicyKitManager      *manager, 
-						    char                  *user,
-						    char                  *privilege,
-						    DBusGMethodInvocation *context)
-{
-	uid_t calling_uid;
-	pid_t calling_pid;
-	int n;
-	GList *i;
-	GList *resources;
-	GList *restrictions;
-	uid_t uid;
-	PolicyResult res;
-	TemporaryPrivilege *p;
-	char **resource_list;
-	char **restriction_list;
-	int num_non_temporary;
-
-	if (!polkit_manager_get_caller_info (manager, 
-					     dbus_g_method_get_sender (context), 
-					     &calling_uid, 
-					     &calling_pid)) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-	uid = uid_from_username (user);
-
-	if (uid == (uid_t) -1) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NO_SUCH_USER,
-							 "There is no user '%s'.",
-							 user));
-		return FALSE;
-	}
-
-	/* TODO: check if given uid is privileged to ask for this */
-	if (FALSE) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
-							 "You are not authorized to know this."));
-		return FALSE;
-	}
-
-
-	res = policy_get_allowed_resources_for_policy_for_uid (uid,
-							       privilege,
-							       &resources);
-	switch (res) {
-	case POLICY_RESULT_OK:
-		break;
-
-	case POLICY_RESULT_NO_SUCH_POLICY:
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE,
-							 "There is no such privilege '%s'.",
-							 privilege));
-		return FALSE;
-
-	default: /* explicit fallthrough */
-	case POLICY_RESULT_ERROR:
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-	num_non_temporary = g_list_length (resources);
-
-	restrictions = NULL;
-
-	/* check temporary list */
-	for (i = manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
-		p = (TemporaryPrivilege *) i->data;
-
-		if ((strcmp (p->privilege, privilege) == 0) &&
-		    (p->resource != NULL) &&
-		    (p->user == uid)) {
-
-			resources = g_list_append (resources, g_strdup (p->resource));
-			restrictions = g_list_append (restrictions, p->system_bus_unique_name != NULL ?
-						      p->system_bus_unique_name : "");
-		}
-	}
-
-	resource_list = g_new0 (char *, g_list_length (resources) + 1);
-	for (i = resources, n = 0; i != NULL; i = g_list_next (i)) {
-		char *resource = (char *) i->data;
-		resource_list[n]  = g_strdup (resource);
-		n++;
-	}
-	resource_list[n] = NULL;
-
-	g_list_foreach (resources, (GFunc) g_free, NULL);
-	g_list_free (resources);
-
-	restriction_list = g_new0 (char *, g_list_length (resources) + 1);
-	for (n = 0; n < num_non_temporary; n++) {
-		restriction_list[n]  = "";
-	}
-	for (i = restrictions; i != NULL; i = g_list_next (i)) {
-		char *restriction = (char *) i->data;
-		restriction_list[n]  = g_strdup (restriction);
-		n++;
-	}
-	restriction_list[n] = NULL;
-
-	dbus_g_method_return (context, resource_list, restriction_list, num_non_temporary);
-
-	return TRUE;
-}
-
-gboolean
-polkit_manager_list_privileges (PolicyKitManager      *manager, 
-				DBusGMethodInvocation *context)
-{
-	uid_t calling_uid;
-	pid_t calling_pid;
-	int n;
-	GList *i;
-	GList *privileges;
-	PolicyResult res;
-	char **privilege_list;
-
-
-	if (!polkit_manager_get_caller_info (manager, 
-					     dbus_g_method_get_sender (context), 
-					     &calling_uid, 
-					     &calling_pid)) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-	/* TODO: check if given uid is privileged to ask for this */
-	if (FALSE) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
-							 "You are not authorized to know this."));
-		return FALSE;
-	}
-
-	res = policy_get_policies (&privileges);
-	switch (res) {
-	case POLICY_RESULT_OK:
-		break;
-	
-	default: /* explicit fallthrough */
-	case POLICY_RESULT_ERROR:
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-	privilege_list = g_new0 (char *, g_list_length (privileges) + 1);
-	for (i = privileges, n = 0; i != NULL; i = g_list_next (i)) {
-		char *privilege = (char *) i->data;
-		privilege_list[n++] = g_strdup (privilege);
-	}
-	privilege_list[n] = NULL;
-
-	g_list_foreach (privileges, (GFunc) g_free, NULL);
-	g_list_free (privileges);
-
-	dbus_g_method_return (context, privilege_list);
-
-	return TRUE;
-}
-
-gboolean
-polkit_manager_revoke_temporary_privilege (PolicyKitManager      *manager, 
-					   char                  *user,
-					   char                  *privilege,
-					   char                  *resource,
-					   DBusGMethodInvocation *context)
-{
-	uid_t uid;
-	uid_t calling_uid;
-	pid_t calling_pid;
-	gboolean result;
-
-	if (!polkit_manager_get_caller_info (manager, 
-					     dbus_g_method_get_sender (context), 
-					     &calling_uid, 
-					     &calling_pid)) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_ERROR,
-							 "An error occured."));
-		return FALSE;
-	}
-
-	uid = uid_from_username (user);
-
-	if (uid == (uid_t) -1) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NO_SUCH_USER,
-							 "There is no user '%s'.",
-							 user));
-		return FALSE;
-	}
-
-	/* check if given uid is privileged to revoke privilege; only allow own user to do this */
-	/* TODO: also allow callers with privilege 'polkit-manage-privileges-TODO-RENAME' */
-	if (uid != calling_uid) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
-							 "You are not authorized to revoke the privilege."));
-		return FALSE;
-	}
-
-	if (resource != NULL && strlen (resource) == 0)
-		resource = NULL;
-
-	if (!polkit_manager_remove_temporary_privilege (manager,
-							uid,
-							privilege,
-							resource,
-							NULL,
-							TRUE)) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_MANAGER_ERROR,
-							 POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE,
-							 "There is no such privilege '%s'.",
-							 privilege));
-		return FALSE;
-	} 
-
-	result = TRUE;
-
-	dbus_g_method_return (context, result);
-	return TRUE;
-}
-
-/* local methods */
-
-gboolean
-polkit_manager_add_temporary_privilege (PolicyKitManager   *manager, 
-					uid_t               user,
-					const char         *privilege,
-					const char         *resource,
-					const char         *system_bus_unique_name)
-{
-	GList *i;
-	TemporaryPrivilege *p;
-
-	for (i = manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
-		p = (TemporaryPrivilege *) i->data;
-
-		if ((strcmp (p->privilege, privilege) == 0) &&
-		    ((resource != NULL) && (safe_strcmp (p->resource, resource)) == 0) &&
-		    (p->user == user) &&
-		    (p->system_bus_unique_name == system_bus_unique_name))
-			return FALSE;
-	}
-
-	p = g_new0 (TemporaryPrivilege, 1);
-	p->user = user;
-	p->privilege = g_strdup (privilege);
-	p->resource = g_strdup (resource);
-	p->system_bus_unique_name = g_strdup (system_bus_unique_name);
-
-	_granting_temp_priv (manager, p);
-	manager->priv->temporary_privileges = g_list_append (manager->priv->temporary_privileges, p);
-
-	return TRUE;
-}
-
-gboolean
-polkit_manager_remove_temporary_privilege (PolicyKitManager   *manager, 
-					   uid_t               user,
-					   const char         *privilege,
-					   const char         *resource,
-					   const char         *system_bus_unique_name,
-					   gboolean            remove_even_if_system_bus_unique_name_does_not_match)
-{
-	GList *i;
-	TemporaryPrivilege *p;
-
-	for (i = manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
-		p = (TemporaryPrivilege *) i->data;
-
-		if ((strcmp (p->privilege, privilege) == 0) &&
-
-		    ((resource == NULL) ? (p->resource == NULL) 
-		                        : ((p->resource != NULL) ? (strcmp (p->resource, resource) == 0) : FALSE)) &&
-
-		    (p->user == user) &&
-
-		    (remove_even_if_system_bus_unique_name_does_not_match ||
-		     ((system_bus_unique_name == NULL) ? (p->system_bus_unique_name == NULL) 
-		      : ((p->system_bus_unique_name != NULL) ? 
-			 (strcmp (p->system_bus_unique_name, system_bus_unique_name) == 0) : 
-			 FALSE)))
-			) {
-
-			_revoking_temp_priv (manager, p);
-
-			g_free (p->privilege);
-			g_free (p->resource);
-			g_free (p->system_bus_unique_name);
-			g_free (p);
-			
-			manager->priv->temporary_privileges = g_list_remove (
-				manager->priv->temporary_privileges, p);
-
-			return TRUE;
-		}
-	}
-
-	return FALSE;
-}
-
-void
-polkit_manager_update_desktop_console_privileges (PolicyKitManager *manager)
-{
-	GDir *dir;
-	GError *err = NULL;
-	const char *f;
-	GSList *list;
-	GSList *j;
-	GList *i;
-	TemporaryPrivilege *p;
-
-	g_debug ("Entering polkit_manager_update_desktop_console_privileges");
-
-	/* Build a list of what /var/run/polkit-console contains;
-	 * e.g. {":0", "davidz", ":1", "bateman", ..}
-	 *
-	 * This is essentially a list of pairs <consoleId, userId>
-	 * denoting what users are logged in at the consoles attached
-	 * to the system.
-	 */
-	list = NULL;
-	if ((dir = g_dir_open (PACKAGE_LOCALSTATEDIR "/run/polkit-console", 0, &err)) == NULL) {
-		g_warning ("Unable to open " PACKAGE_LOCALSTATEDIR "/run/polkit-console : %s", err->message);
-		g_error_free (err);
-		goto out;
-	}
-	while ((f = g_dir_read_name (dir)) != NULL) {
-		char **tokens;
-
-		tokens = g_strsplit (f, "_", 2);
-		if (tokens != NULL && g_strv_length (tokens) == 2) {
-			char *console;
-			char *user;
-
-			console = g_strdup_printf ("console://%s", tokens[0]);
-			user = g_strdup (tokens[1]);
-			list = g_slist_append (list, console);
-			list = g_slist_append (list, user);
-		}
-		g_strfreev (tokens);
-	}
-	g_dir_close (dir);
-
-	/* now revoke the temporary desktop-console privilege for
-	 * users no longer at the console; go through all tempoary
-	 * desktop-console privileges and check that each one is still
-	 * in the list above...
-	 */
-	for (i = manager->priv->temporary_privileges; i != NULL; ) {
-		p = (TemporaryPrivilege *) i->data;
-		gboolean found;
-
-		i = g_list_next (i);
-
-		found = FALSE;
-			
-		if ((strcmp (p->privilege, "desktop-console") == 0) && p->resource != NULL) {
-			
-			for (j = list; j != NULL; j = g_slist_next (j)) {
-				char *console;
-				char *user;
-				uid_t uid;
-
-				console = (char *) j->data;
-				j = g_slist_next (j);
-				user = (char *) j->data;
-				uid = policy_util_name_to_uid (user, NULL);
-				if (uid != (uid_t) -1 && strcmp (p->resource, console) == 0 && 
-				    p->user == uid && 
-				    p->system_bus_unique_name == NULL) {
-					found = TRUE;
-					break;
-				}
-			}
-		}
-
-		if (!found) {
-			/* revoke this privilege */
-			_revoking_temp_priv (manager, p);
-
-			g_free (p->privilege);
-			g_free (p->resource);
-			g_free (p->system_bus_unique_name);
-			g_free (p);
-
-			manager->priv->temporary_privileges = g_list_remove (
-				manager->priv->temporary_privileges, p);
-		} 
-	}
-
-	/* finally grant temporary desktop-console privilege for users
-	 * now at the console 
-	 */
-	for (j = list; j != NULL; j = g_slist_next (j)) {
-		char *console;
-		char *user;
-		uid_t uid;
-		
-		console = (char *) j->data;
-		j = g_slist_next (j);
-		user = (char *) j->data;
-		uid = policy_util_name_to_uid (user, NULL);
-		if (uid != (uid_t) -1) {
-			polkit_manager_add_temporary_privilege (manager, uid, "desktop-console", console, NULL);
-		}
-	}
-
-	g_slist_foreach (list, (GFunc) g_free, NULL);
-	g_slist_free (list);
-
-out:
-	;
-}
diff --git a/polkitd/polkit-manager.h b/polkitd/polkit-manager.h
deleted file mode 100644
index 9d7b802..0000000
--- a/polkitd/polkit-manager.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-manager.h : Manager object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifndef _POLKIT_MANAGER_H
-#define _POLKIT_MANAGER_H
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-#include <glib-object.h>
-#include <dbus/dbus-glib.h>
-
-GQuark polkit_manager_error_quark (void);
-
-#define POLKIT_MANAGER_ERROR (polkit_manager_error_quark ())
-
-typedef enum
-{
-        POLKIT_MANAGER_ERROR_NO_SUCH_USER = 0,
-	POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE = 1,
-	POLKIT_MANAGER_ERROR_NOT_PRIVILEGED = 2,
-	POLKIT_MANAGER_ERROR_ERROR = 3,
-	POLKIT_MANAGER_ERROR_CANNOT_OBTAIN_PRIVILEGE = 4,
-        POLKIT_MANAGER_NUM_ERRORS
-} PolkitManagerError;
-
-GType polkit_manager_error_get_type (void);
-#define POLKIT_MANAGER_TYPE_ERROR (polkit_manager_error_get_type ())
-
-typedef struct PolicyKitManager PolicyKitManager;
-typedef struct PolicyKitManagerClass PolicyKitManagerClass;
-
-GType polkit_manager_get_type (void);
-
-typedef struct PolicyKitManagerPrivate PolicyKitManagerPrivate;
-
-struct PolicyKitManager
-{
-	GObject parent;
-
-	PolicyKitManagerPrivate *priv;
-};
-
-struct PolicyKitManagerClass
-{
-	GObjectClass parent;
-};
-
-#define POLKIT_TYPE_MANAGER              (polkit_manager_get_type ())
-#define POLKIT_MANAGER(object)           (G_TYPE_CHECK_INSTANCE_CAST ((object), POLKIT_TYPE_MANAGER, PolicyKitManager))
-#define POLKIT_MANAGER_CLASS(klass)      (G_TYPE_CHECK_CLASS_CAST ((klass), POLKIT_TYPE_MANAGER, PolicyKitManagerClass))
-#define POLKIT_IS_MANAGER(object)        (G_TYPE_CHECK_INSTANCE_TYPE ((object), POLKIT_TYPE_MANAGER))
-#define POLKIT_IS_MANAGER_CLASS(klass)   (G_TYPE_CHECK_CLASS_TYPE ((klass), POLKIT_TYPE_MANAGER))
-#define POLKIT_MANAGER_GET_CLASS(obj)    (G_TYPE_INSTANCE_GET_CLASS ((obj), POLKIT_TYPE_MANAGER, PolicyKitManagerClass))
-
-PolicyKitManager *polkit_manager_new                                 (DBusGConnection       *connection,
-								      DBusGProxy            *bus_proxy);
-
-/* remote methods */
-
-gboolean          polkit_manager_initiate_temporary_privilege_grant  (PolicyKitManager      *manager, 
-						                      char                  *user,
-						                      char                  *privilege,
-						                      char                  *resource,
-								      DBusGMethodInvocation *context);
-
-gboolean          polkit_manager_revoke_temporary_privilege          (PolicyKitManager      *manager, 
-						                      char                  *user,
-						                      char                  *privilege,
-						                      char                  *resource,
-								      DBusGMethodInvocation *context);
-
-gboolean          polkit_manager_is_user_privileged                  (PolicyKitManager      *manager, 
-								      char                  *system_bus_unique_name,
-						                      char                  *user,
-						                      char                  *privilege,
-						                      char                  *resource,
-								      DBusGMethodInvocation *context);
-
-gboolean          polkit_manager_get_allowed_resources_for_privilege (PolicyKitManager      *manager, 
-								      char                  *user,
-								      char                  *privilege,
-								      DBusGMethodInvocation *context);
-
-gboolean          polkit_manager_list_privileges                     (PolicyKitManager      *manager, 
-								      DBusGMethodInvocation *context);
-
-/* local methods */
-
-gboolean          polkit_manager_get_caller_info                     (PolicyKitManager      *manager,
-								      const char            *sender,
-								      uid_t                 *calling_uid, 
-								      pid_t                 *calling_pid);
-
-
-gboolean          polkit_manager_add_temporary_privilege             (PolicyKitManager      *manager, 
-								      uid_t                  user,
-								      const char            *privilege,
-								      const char            *resource,
-								      const char            *system_bus_unique_name);
-
-gboolean          polkit_manager_remove_temporary_privilege          (PolicyKitManager      *manager, 
-								      uid_t                  user,
-								      const char            *privilege,
-								      const char            *resource,
-								      const char            *system_bus_unique_name,
-								      gboolean               remove_even_if_system_bus_unique_name_does_not_match);
-
-void              polkit_manager_update_desktop_console_privileges   (PolicyKitManager      *manager);
-
-
-#endif /* _POLKIT_MANAGER_H */
diff --git a/polkitd/polkit-marshal.list b/polkitd/polkit-marshal.list
deleted file mode 100644
index 41e4027..0000000
--- a/polkitd/polkit-marshal.list
+++ /dev/null
@@ -1 +0,0 @@
-VOID:STRING,STRING,STRING
diff --git a/polkitd/polkit-session.c b/polkitd/polkit-session.c
deleted file mode 100644
index cbc2fb5..0000000
--- a/polkitd/polkit-session.c
+++ /dev/null
@@ -1,1013 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-session.c : Session object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <signal.h>
-#include <errno.h>
-
-#define DBUS_API_SUBJECT_TO_CHANGE
-#include <dbus/dbus.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-#include <security/pam_appl.h>
-
-#include "policy.h"
-#include "polkit-session.h"
-
-enum
-{
-	AUTH_STATE_NOT_STARTED,
-	AUTH_STATE_IN_PROGRESS,
-	AUTH_STATE_HAVE_QUESTIONS,
-	AUTH_STATE_NEED_ANSWERS,
-	AUTH_STATE_DONE
-};
-
-struct PolicyKitSessionPrivate
-{
-	int session_number;
-	DBusGConnection *connection;
-	DBusGProxy *proxy;
-	PolicyKitManager *manager;
-
-	char *auth_as_user;
-	char *auth_with_pam_service;
-
-	uid_t calling_uid;
-	char *calling_dbus_name;
-
-	uid_t grant_to_uid;
-	char *grant_privilege;
-	char *grant_resource;
-	char *grant_system_bus_name_unique_name_restriction;
-
-	gboolean have_granted_temp_privileges;
-
-	int auth_state;
-	gboolean is_authenticated;
-	char *auth_denied_reason;
-	GSList *auth_questions;
-
-	GPid child_pid;
-	GIOChannel *pam_channel;
-	GIOChannel *pam_channel_write;
-};
-
-enum
-{
-	HAVE_QUESTIONS,
-	AUTHENTICATION_DONE,
-	LAST_SIGNAL
-};
-
-static guint signals[LAST_SIGNAL] = { 0 };
-
-G_DEFINE_TYPE(PolicyKitSession, polkit_session, G_TYPE_OBJECT)
-
-static GObjectClass *parent_class = NULL;
-
-static void
-polkit_session_init (PolicyKitSession *session)
-{
-	session->priv = g_new0 (PolicyKitSessionPrivate, 1);
-	session->priv->session_number = 42;
-	session->priv->is_authenticated = FALSE;
-	session->priv->auth_state = AUTH_STATE_NOT_STARTED;
-}
-
-static void
-polkit_session_finalize (PolicyKitSession *session)
-{
-	g_io_channel_unref (session->priv->pam_channel);
-	g_io_channel_unref (session->priv->pam_channel_write);
-	dbus_g_connection_unref (session->priv->connection);
-
-	g_free (session->priv->auth_as_user);
-	g_free (session->priv->auth_with_pam_service);
-
-	g_free (session->priv->calling_dbus_name);
-
-	g_free (session->priv->grant_privilege);
-	g_free (session->priv->grant_resource);
-
-	g_free (session->priv->auth_denied_reason);
-	if (session->priv->auth_questions != NULL) {
-		g_slist_foreach (session->priv->auth_questions, (GFunc) g_free, NULL);
-		g_slist_free (session->priv->auth_questions);
-	}
-	g_free (session->priv);
-
-	G_OBJECT_CLASS (parent_class)->finalize (G_OBJECT (session));
-}
-
-static void
-polkit_session_class_init (PolicyKitSessionClass *klass)
-{
-	GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-
-	signals[HAVE_QUESTIONS] =
-		g_signal_new ("have_questions",
-			      G_OBJECT_CLASS_TYPE (klass),
-			      G_SIGNAL_RUN_LAST | G_SIGNAL_DETAILED,
-			      0,
-			      NULL, NULL,
-			      g_cclosure_marshal_VOID__VOID,
-			      G_TYPE_NONE, 0);
-
-	signals[AUTHENTICATION_DONE] =
-		g_signal_new ("authentication_done",
-			      G_OBJECT_CLASS_TYPE (klass),
-			      G_SIGNAL_RUN_LAST | G_SIGNAL_DETAILED,
-			      0,
-			      NULL, NULL,
-			      g_cclosure_marshal_VOID__VOID,
-			      G_TYPE_NONE, 0);
-
-
-	gobject_class->finalize = (GObjectFinalizeFunc) polkit_session_finalize;
-	parent_class = g_type_class_peek_parent (klass);
-}
-
-
-GQuark
-polkit_session_error_quark (void)
-{
-	static GQuark ret = 0;
-	if (ret == 0)
-		ret = g_quark_from_static_string ("PolkitSessionObjectErrorQuark");
-	return ret;
-}
-
-#define ENUM_ENTRY(NAME, DESC) { NAME, "" #NAME "", DESC }
-
-GType
-polkit_session_error_get_type (void)
-{
-	static GType etype = 0;
-	
-	if (etype == 0) {
-		static const GEnumValue values[] = {
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS, "AuthenticationInProgress"),
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED, "AuthenticationAlreadyInitiated"),
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_NO_QUESTIONS, "AuthenticationNoQuestions"),
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_WAS_NOT_DENIED, "AuthenticationWasNotDenied"),
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_NO_RESOURCES, "NoResources"),
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_NOT_DONE, "AuthenticationNotDone"),
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_FAILED, "AuthenticationFailed"),
-			ENUM_ENTRY (POLKIT_SESSION_ERROR_NOT_INITIATOR, "NotInitiator"),
-			{ 0, 0, 0 }
-		};
-		
-		g_assert (POLKIT_SESSION_NUM_ERRORS == G_N_ELEMENTS (values) - 1);
-		
-		etype = g_enum_register_static ("PolkitSessionError", values);
-	}
-	
-	return etype;
-}
-
-
-static gboolean
-polkit_session_check_caller (PolicyKitSession      *session,
-			     DBusGMethodInvocation *context)
-{
-	char *sender;
-	gboolean same_caller;
-
-	same_caller = FALSE;
-
-	sender = dbus_g_method_get_sender (context);
-	if (sender != NULL) {
-		if (strcmp (session->priv->calling_dbus_name, sender) == 0) {
-			same_caller = TRUE;
-		}
-	}
-			      
-	if (!same_caller) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_NOT_INITIATOR,
-							 "Only the session initiator can invoke methods on this interface. This incident will be reported."));
-		/* TODO: log this attack to syslog */
-	}
-
-	return same_caller;
-}
-
-gboolean 
-polkit_session_is_authenticated (PolicyKitSession      *session, 
-				 DBusGMethodInvocation *context)
-{
-	/*g_debug ("is_authenticated");*/
-
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	if (session->priv->auth_state != AUTH_STATE_DONE) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS,
-							 "This method cannot be invoked before the AuthenticationDone signal is emitted."));
-		return FALSE;
-	}
-
-	dbus_g_method_return (context, session->priv->is_authenticated);
-	return TRUE;
-}
-
-gboolean
-polkit_session_get_auth_denied_reason (PolicyKitSession      *session, 
-				       DBusGMethodInvocation *context)
-{
-	/*g_debug ("get_auth_denied_reason");*/
-
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	if (session->priv->auth_state != AUTH_STATE_DONE) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS,
-							 "This method cannot be invoked before the AuthenticationDone signal is emitted."));
-		return FALSE;
-	}
-
-	if (session->priv->is_authenticated) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_AUTHENTICATION_WAS_NOT_DENIED,
-							 "The authentication was not denied."));
-		return FALSE;
-	}
-
-	dbus_g_method_return (context, session->priv->auth_denied_reason);
-	return TRUE;
-}
-
-
-/*
- * Interaction diagram
- * -------------------
- *
- *   some app                                                    polkitd
- *   ========                                                    =======
- *
- *      -> manager.InitiatePrivilegeGrant(user, privilege, resource) ->
- *                     <- Returns session object <-
- *
- *                   -> session.GetAuthDetails() ->
- *      <- Returns {<username we auth as>, <service_name used> ...} <-   # can we include what pam module? prolly not
- *
- *                     -> session.InitiateAuth() ->
- *                         <- Returns TRUE <-
- *               
- *                                                                       # app now waits for the AuthenticationDone()
- *                                                                       # or HaveQuestions() signals
- *                                .....
- *               
- *                      <- signal: HaveQuestions() <-
- *
- *                       -> session.GetQuestions() ->
- *                 <- Returns {question_1, question_2, ...} <-
- *
- *           -> session.ProvideAnswers({answer_1, answer_2, ...}) ->
- *                         <- Returns TRUE <-
- *
- *                                .....
- *
- *                 <- signal: AuthenticationDone() <-
- *               
- *                                .....
- *
- *                    -> session.IsAuthenticated() ->
- *                      <- Returns TRUE or FALSE <-
- *                                                                       
- *                                .....
- *
- *                    -> session.GetAuthFailureReason() ->               # Only if IsAuthenticated() returns FALSE
- *                     <- Returns <reason as string> <-
- *
- *                                .....
- *
- * Assume now IsAuthenticated() returned TRUE. There are a few different
- * scenarios.
- *
- *
- * SCENARIO 1: App needs the privilege only temporarily; e.g. not persistent 
- *             across reboots. The app may even restrict users of the privilege
- *             to his own process id. The app may ask for the privilege to
- *             not be revoked when it ends the session - if the app should
- *             disconnect from the bus before session.Close() the privilege
- *             is revoked though.
- *
- *             Example: gnome-mount needs privs to do work, restricts the
- *                      privs to it's own PID and asks for revocation when
- *                      it's done with it's work.
- *
- *             Example: g-d-m temporarily gives the privilege 'local-console-user'
- *                      when a new desktop session starts. It manually revokes
- *                      this when the session ends.
- *
- *      -> session.GrantPrivilegeTemporary(bool restrictToCallersPID) -> # add uid, pid of client to the 
- *                          <- Returns TRUE <-                           # temp_allow_list
- *
- *                                .....
- *
- *        (the app is now doing something useful with the privilege obtained)
- *
- *                                .....
- *
- *                 -> session.Close(bool doNotRevokePrivilege) ->                           
- *                         <- Returns TRUE <-                            # Remove uid, pid of client from the
- *                                                                       # temp_allow_list IFF revokePrivile is true
- */
-
-typedef struct {
-	int fd;
-	int fdread;
-} ConversationData;
-
-
-/* TODO: is this a secure way of clearing memory? */
-static void *
-safe_memset (void *buf, int c, size_t len)
-{ 
-	return memset (buf, c, len);
-}
-
-
-static int
-my_conversation (int n,
-		 const struct pam_message **msg,
-		 struct pam_response **resp,
-		 void *data)
-{
-	GString *str;
-	ConversationData *cd = (ConversationData *) data;
-	struct pam_response *aresp;
-	int i;
-	int j;
-	int num_real_questions = 0;
-	int strl;
-	char *cstr;
-	int num_bytes_read;
-	char *p;
-	char readbuf[1024];
-	char **answers = NULL;
-	int num_answers;
-
-	/*g_debug ("in my_conv");*/
-
-	if (n <= 0 || n > PAM_MAX_NUM_MSG) {
-		return PAM_CONV_ERR;
-	}
-
-	if ((aresp = calloc (n, sizeof (struct pam_response))) == NULL) {
-		return PAM_BUF_ERR;
-	}
-
-	str = g_string_new ("Q");
-
-	for (i = 0; i < n; ++i) {
-		g_string_append_c (str, '\0');
-		switch (msg[i]->msg_style) {
-		case PAM_PROMPT_ECHO_OFF:
-			g_string_append (str, "PamPromptEchoOff");
-			num_real_questions++;
-			break;
-		case PAM_PROMPT_ECHO_ON:
-			g_string_append (str, "PamPromptEchoOn");
-			num_real_questions++;
-			break;
-		case PAM_ERROR_MSG:
-			g_string_append (str, "PamErrorMsg");
-			break;
-		case PAM_TEXT_INFO:
-			g_string_append (str, "PamTextInfo");
-			break;
-
-		default:
-			/* TODO */
-			break;
-		}
-		g_string_append_c (str, '\0');
-		g_string_append_printf (str, "%s", msg[i]->msg);
-	}
-
-	strl = str->len;
-	cstr = g_string_free (str, FALSE);
-	/*g_debug ("strlen = %d", strl);*/
-	write (cd->fd, (void *) cstr, (size_t) strl);
-	g_free (cstr);
-
-	answers = g_new0 (char *, num_real_questions + 1);
-
-	/* now wait for parent to write answers */
-	num_bytes_read = read (cd->fdread, readbuf, sizeof (readbuf));
-	/*g_debug ("actually read = %d", num_bytes_read);*/
-	p = readbuf;
-	num_answers = 0;
-	do {
-		if (num_answers > num_real_questions) {
-			g_warning ("num_answers > num_real_questions");
-			goto error;
-		}
-
-		answers [num_answers++] = g_strdup (p);
-		/*g_debug ("answer -> '%s'", p);*/
-		
-		p = p + strlen(p) + 1;
-		
-	} while (p < readbuf + num_bytes_read);
-	answers[num_answers] = NULL;
-
-	if (num_answers != num_real_questions) {
-		g_warning ("num_answers != num_real_questions");
-		goto error;
-	}
-
-	/*g_debug ("giving answers back to PAM");*/
-
-	j = 0;
-	for (i = 0; i < n; ++i) {
-		aresp[i].resp_retcode = 0;
-		aresp[i].resp = NULL;
-
-		switch (msg[i]->msg_style) {
-		case PAM_PROMPT_ECHO_OFF: /* explicit fallthrough */
-		case PAM_PROMPT_ECHO_ON:
-			aresp[i].resp = strdup (answers[j++]);
-			break;
-
-		default:
-			/* explicitly left blank */
-			break;
-		}
-	}
-
-	/* zero out the secrets */
-	safe_memset (readbuf, 0, sizeof (readbuf));
-	if (answers != NULL) {
-		for (i = 0; answers[i] != NULL; i++) {
-			safe_memset (answers[i], 0, strlen (answers[i]));
-		}
-		g_strfreev (answers);
-	}
-
-	*resp = aresp;
-	return PAM_SUCCESS;
-
-error:
-	/* zero out the secrets */
-	safe_memset (readbuf, 0, sizeof (readbuf));
-	if (answers != NULL) {
-		for (i = 0; answers[i] != NULL; i++) {
-			safe_memset (answers[i], 0, strlen (answers[i]));
-		}
-		g_strfreev (answers);
-	}
-
-	/* prepare reply to PAM */
-        for (i = 0; i < n; ++i) {
-                if (aresp[i].resp != NULL) {
-                        safe_memset (aresp[i].resp, 0, strlen(aresp[i].resp));
-                        free (aresp[i].resp);
-                }
-        }
-        safe_memset (aresp, 0, n * sizeof (struct pam_response));
-	*resp = NULL;
-
-	return PAM_CONV_ERR;
-}
-
-static void
-write_back_to_parent (int fd, char code, const char *message)
-{
-	GString *str;
-	gsize strl;
-	char *cstr;
-	
-	str = g_string_new ("");
-	g_string_append_c (str, code);
-	g_string_append_c (str, '\0');
-
-	if (message != NULL) {
-		g_string_append (str, message);
-		g_string_append_c (str, '\0');
-	}
-
-	strl = str->len;
-	cstr = g_string_free (str, FALSE);
-	write (fd, cstr, strl);
-	g_free (cstr);
-}
-
-static void
-do_pam_auth (int fd, int fdread, const PolicyKitSessionPrivate *priv)
-{
-	int rc;
-	struct pam_conv pam_conversation;
-	pam_handle_t *pam_h;
-	ConversationData d;
-	char *authed_user;
-
-	/*g_debug ("in %s", __FUNCTION__);*/
-
-	pam_conversation.conv        = my_conversation;
-	pam_conversation.appdata_ptr = (void *) &d;
-	d.fd = fd;
-	d.fdread = fdread;
-
-	rc = pam_start (priv->auth_with_pam_service,
-			priv->auth_as_user, 
-			&pam_conversation,
-			&pam_h);
-	if (rc != PAM_SUCCESS) {
-		g_warning ("pam_start failed: %s", pam_strerror (pam_h, rc));
-		write_back_to_parent (fd, 'F', pam_strerror (pam_h, rc));
-		goto out;
-	}
-
-
-	/*g_debug ("invoking pam_authenticate");*/
-
-	/* is user really user? */
-	rc = pam_authenticate (pam_h, 0);
-	if (rc != PAM_SUCCESS) {
-		g_warning ("pam_authenticated failed: %s", pam_strerror (pam_h, rc));
-		write_back_to_parent (fd, 'N', pam_strerror (pam_h, rc));
-		goto out;
-	}
-
-	/*g_debug ("invoking pam_acct_mgmt");*/
-
-	/* permitted access? */
-	rc = pam_acct_mgmt (pam_h, 0);
-	if (rc != PAM_SUCCESS) {
-		g_warning ("pam_acct_mgmt failed: %s", pam_strerror (pam_h, rc));
-		write_back_to_parent (fd, 'N', pam_strerror (pam_h, rc));
-		goto out;
-	}
-
-	/*g_debug ("checking we authed the right user");*/
-
-	rc = pam_get_item (pam_h, PAM_USER, (const void **) &authed_user);
-	if (rc != PAM_SUCCESS) {
-		g_warning ("pam_get_item failed: %s", pam_strerror (pam_h, rc));
-		write_back_to_parent (fd, 'N', pam_strerror (pam_h, rc));
-		goto out;
-	}
-
-	/*g_debug ("Authed user '%s'", authed_user);*/
-
-	if (strcmp (authed_user, priv->auth_as_user) != 0) {
-		char *err;
-		err = g_strdup_printf ("Tried to auth user '%s' but we got auth for user '%s' instead",
-				       priv->auth_as_user, authed_user);
-		g_warning (err);
-		write_back_to_parent (fd, 'N', err);
-		g_free (err);
-		goto out;
-	}
-
-	/*g_debug ("user authenticated, exiting");*/
-	write_back_to_parent (fd, 'S', NULL);
-
-out:
-	exit (0);
-}
-
-static gboolean
-data_from_pam (GIOChannel *source,
-	       GIOCondition condition,
-	       gpointer data)
-{
-	PolicyKitSession *session = POLKIT_SESSION (data);
-
-	if (condition & G_IO_IN) {
-		char buf[1024];
-		gsize num_bytes_read;
-
-		/*g_debug ("in %s - data", __FUNCTION__);*/
-
-		g_io_channel_read (source,
-				   buf,
-				   sizeof (buf) - 1,
-				   &num_bytes_read);
-		/*g_debug ("read %d bytes, first one is '%c' = %d", num_bytes_read, buf[0], buf[0]);*/
-		buf[num_bytes_read] = '\0';
-
-		switch (buf[0]) {
-		case 'F':
-			g_warning ("PAM failed: '%s'", buf + 2);
-			session->priv->auth_denied_reason = g_strdup (buf + 2);
-			session->priv->auth_state = AUTH_STATE_DONE;
-			g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
-			break;
-
-		case 'N':
-			g_warning ("Not authenticated: '%s'", buf + 2);
-			session->priv->auth_denied_reason = g_strdup (buf + 2);
-			session->priv->auth_state = AUTH_STATE_DONE;
-			g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
-			break;
-
-		case 'S':
-			/*g_debug ("Success, user authenticated");*/
-			session->priv->is_authenticated = TRUE;
-			session->priv->auth_state = AUTH_STATE_DONE;
-			g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
-			break;
-
-		case 'Q':
-			g_slist_foreach (session->priv->auth_questions, (GFunc) g_free, NULL);
-			g_slist_free (session->priv->auth_questions);
-			session->priv->auth_questions = NULL;
-
-			char *p = buf + 2;
-			do {
-				session->priv->auth_questions = g_slist_append (session->priv->auth_questions,
-										g_strdup (p));
-				/*g_debug ("p -> '%s'", p);*/
-				p = p + strlen(p) + 1;
-
-			} while (p < buf + num_bytes_read);
-
-			/*g_debug ("Put %d questions on list", g_slist_length (session->priv->auth_questions));*/
-
-			if ((g_slist_length (session->priv->auth_questions) & 1) != 0) {
-				g_warning ("Uneven number of question items from PAM; aborting conversation");
-				kill (session->priv->child_pid, SIGTERM);
-				session->priv->auth_state = AUTH_STATE_DONE;
-				session->priv->auth_denied_reason = g_strdup ("Unexpected internal PAM error");
-				g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
-			} else {
-				session->priv->auth_state = AUTH_STATE_HAVE_QUESTIONS;
-				g_signal_emit (session, signals[HAVE_QUESTIONS], 0);
-			}
-			break;
-
-		default:
-			/* left intentionally blank */
-			break;
-		}
-
-	}
-
-
-	if (condition & G_IO_HUP) {
-		/*g_debug ("in %s - hangup", __FUNCTION__);*/
-		if (session->priv->child_pid != 0) {
-			int status;
-			/*g_debug ("  reaping child with pid %d", session->priv->child_pid);*/
-			session->priv->child_pid = 0;
-			waitpid (session->priv->child_pid, &status, 0);
-		}
-
-		/* release the ref we made when creating the child */
-		g_object_unref (session);
-
-		/* remove the source */
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-gboolean
-polkit_session_get_auth_details (PolicyKitSession      *session, 
-				 DBusGMethodInvocation *context)
-{
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	if (session->priv->auth_state != AUTH_STATE_NOT_STARTED) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED,
-							 "This method cannot be invoked after InitiateAuth() is invoked."));
-		return FALSE;
-	}
-	
-	dbus_g_method_return (context, 
-			      g_strdup (session->priv->auth_as_user),
-			      g_strdup (session->priv->auth_with_pam_service));
-	return TRUE;
-}
-
-gboolean 
-polkit_session_initiate_auth (PolicyKitSession      *session, 
-			      DBusGMethodInvocation *context)
-{
-	int fds[2];
-	int fdsb[2];
-	pid_t pid;
-
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	if (session->priv->auth_state != AUTH_STATE_NOT_STARTED) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED,
-							 "Authentication already initiated."));
-		return FALSE;
-	}
-
-	/*g_debug ("in %s", __FUNCTION__);*/
-
-	/* pipe for parent reading from child */
-	if (pipe(fds) != 0) {
-		g_warning ("pipe() failed: %s", strerror (errno));
-		goto fail;
-	}
-
-	/* pipe for parent writing to child */
-	if (pipe(fdsb) != 0) {
-		g_warning ("pipe() failed: %s", strerror (errno));
-		goto fail;
-	}
-	
-	switch (pid = fork()) {
-	case -1:
-		g_warning ("fork() failed: %s", strerror (errno));
-		goto fail;
-		
-	case 0:
-		/* child; close unused ends */
-		close (fds[0]);
-		close (fdsb[1]);
-
-		do_pam_auth (fds[1], fdsb[0], session->priv);
-		break;
-		
-	default:
-		session->priv->auth_state = AUTH_STATE_IN_PROGRESS;
-
-		/* parent; close unused ends */
-		close (fds[1]);
-		close (fdsb[0]);
-
-		session->priv->child_pid = (GPid) pid;
-		session->priv->pam_channel_write = g_io_channel_unix_new (fdsb[1]);
-		session->priv->pam_channel = g_io_channel_unix_new (fds[0]);
-
-		/* ref because we need the object in data_from_pam */
-		g_object_ref (session);
-
-		g_io_add_watch (session->priv->pam_channel, 
-				G_IO_IN | G_IO_ERR | G_IO_HUP,
-				data_from_pam,
-				session);
-
-		break;
-	}
-
-	dbus_g_method_return (context);
-	return TRUE;
-
-fail:
-	dbus_g_method_return_error (context, 
-				    g_error_new (POLKIT_SESSION_ERROR,
-						 POLKIT_SESSION_ERROR_NO_RESOURCES,
-						 "InitiateAuth() failed due to lack of resources. Try again later."));
-
-	return FALSE;
-}
-
-gboolean
-polkit_session_get_questions    (PolicyKitSession      *session, 
-				 DBusGMethodInvocation *context)
-{
-	int n;
-	GSList *i;
-	char **questions;
-
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	/*g_debug ("in %s", __FUNCTION__);*/
-
-	if (session->priv->auth_state != AUTH_STATE_HAVE_QUESTIONS) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_NO_QUESTIONS,
-							 "There are currently no questions available."));
-		return FALSE;
-	}
-
-	session->priv->auth_state = AUTH_STATE_NEED_ANSWERS;
-
-	questions = g_new0 (char *, g_slist_length (session->priv->auth_questions) + 1);
-	for (i = session->priv->auth_questions, n = 0; i != NULL; i = g_slist_next (i)) {
-		char *question = (char *) i->data;
-		questions[n++] = g_strdup (question);
-	}
-	questions[n] = NULL;
-
-	dbus_g_method_return (context, questions);
-	return TRUE;
-}
-
-gboolean
-polkit_session_provide_answers  (PolicyKitSession      *session, 
-				 char                 **answers, 
-				 DBusGMethodInvocation *context)
-{
-	int i;
-	GString *str;
-	char *cstr;
-	gsize strl;
-	gsize num_bytes_written;
-
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	/*g_debug ("in %s", __FUNCTION__);*/
-
-	if (session->priv->auth_state != AUTH_STATE_NEED_ANSWERS) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_NO_QUESTIONS,
-							 "There are currently no questions pending answers."));
-		return FALSE;
-	}
-
-	session->priv->auth_state = AUTH_STATE_IN_PROGRESS;
-
-	str = g_string_new ("");
-	for (i = 0; answers[i] != NULL; i++) {
-		/*g_debug ("answer %d: %s", i, answers[i]);*/
-		g_string_append (str, answers[i]);
-		g_string_append_c (str, '\0');
-	}
-	strl = str->len;
-	cstr = g_string_free (str, FALSE);
-	g_io_channel_write (session->priv->pam_channel_write, cstr, strl, &num_bytes_written);
-	g_free (cstr);
-
-	/*g_debug ("wanted to write %d bytes, wrote %d bytes", strl, num_bytes_written);*/
-
-	dbus_g_method_return (context);
-	return TRUE;
-}
-
-gboolean
-polkit_session_close (PolicyKitSession      *session, 
-		      DBusGMethodInvocation *context)
-{
-	g_debug ("In polkit_session_close for session %d", session->priv->session_number);
-
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	/* if we have a child... kill it  */
-	if (session->priv->child_pid != 0)
-		kill (session->priv->child_pid, SIGTERM);
-
-	g_object_unref (session);
-
-	dbus_g_method_return (context);
-	return TRUE;
-}
-
-gboolean 
-polkit_session_grant_privilege_temporarily (PolicyKitSession      *session, 
-					    gboolean               restrict_to_callers_system_bus_unique_name,
-					    DBusGMethodInvocation *context)
-{
-	if (!polkit_session_check_caller (session, context))
-		return FALSE;
-
-	if (session->priv->auth_state != AUTH_STATE_DONE) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_AUTHENTICATION_NOT_DONE,
-							 "Authentication is not done."));
-		return FALSE;
-	}
-
-	if (!session->priv->is_authenticated) {
-		dbus_g_method_return_error (context, 
-					    g_error_new (POLKIT_SESSION_ERROR,
-							 POLKIT_SESSION_ERROR_AUTHENTICATION_FAILED,
-							 "User failed authentication."));
-		return FALSE;
-	}
-
-	session->priv->grant_system_bus_name_unique_name_restriction = restrict_to_callers_system_bus_unique_name ? 
-		g_strdup (session->priv->calling_dbus_name) : NULL;
-	if (!polkit_manager_add_temporary_privilege (session->priv->manager,
-						     session->priv->grant_to_uid,
-						     session->priv->grant_privilege,
-						     session->priv->grant_resource,
-						     session->priv->grant_system_bus_name_unique_name_restriction)) {
-		g_warning ("Could not add tmp priv '%s' to uid %d for resource '%s' on connection '%s'",
-			   session->priv->grant_privilege,
-			   session->priv->grant_to_uid,
-			   session->priv->grant_resource,
-			   session->priv->grant_system_bus_name_unique_name_restriction);
-	}
-
-	session->priv->have_granted_temp_privileges = TRUE;
-
-	dbus_g_method_return (context);
-	return TRUE;
-}
-
-PolicyKitSession *
-polkit_session_new (DBusGConnection    *connection, 
-		    PolicyKitManager   *manager,
-		    uid_t               calling_uid,
-		    const char         *calling_dbus_name,
-		    uid_t               uid,
-		    const char         *privilege,
-		    const char         *resource,
-		    gboolean            auth_as_root)
-{
-	char *objpath;
-	PolicyKitSession *session;
-	static int session_number_base = 0;
-
-	session = POLKIT_SESSION (g_object_new (POLKIT_TYPE_SESSION, NULL));
-	session->priv->connection = dbus_g_connection_ref (connection);
-	session->priv->session_number = session_number_base++;
-	session->priv->manager = manager;
-	objpath = g_strdup_printf ("/org/freedesktop/PolicyKit/sessions/%d", session->priv->session_number);
-	dbus_g_connection_register_g_object (connection, objpath, G_OBJECT (session));
-	g_free (objpath);
-
-	session->priv->calling_uid = calling_uid;
-	session->priv->calling_dbus_name = g_strdup (calling_dbus_name);
-
-	session->priv->grant_to_uid = uid;
-	session->priv->grant_privilege = g_strdup (privilege);
-	session->priv->grant_resource = g_strdup (resource);
-
-	/* TODO: look up auth_as_user from privilege configuration files */
-	if (auth_as_root)
-		session->priv->auth_as_user = g_strdup ("root");
-	else
-		session->priv->auth_as_user = policy_util_uid_to_name (uid, NULL);
-	session->priv->auth_with_pam_service = g_strdup ("policy-kit");
-
-	g_debug ("In polkit_session_new ; established session %d", session->priv->session_number);
-
-	return session;
-}
-
-
-void
-polkit_session_initiator_disconnected (PolicyKitSession *session)
-{
-	g_debug ("Initiator for session %d disconnected", session->priv->session_number);
-
-	/* if we have a child... kill it  */
-	if (session->priv->child_pid != 0)
-		kill (session->priv->child_pid, SIGTERM);
-
-	if (session->priv->have_granted_temp_privileges) {
-		g_debug ("  Revoking temporary privilege %s on %s for uid %d on connection %s", 
-			 session->priv->grant_privilege,
-			 session->priv->grant_resource,
-			 session->priv->grant_to_uid,
-			 session->priv->grant_system_bus_name_unique_name_restriction);
-		if (!polkit_manager_remove_temporary_privilege (session->priv->manager,
-								session->priv->grant_to_uid,
-								session->priv->grant_privilege,
-								session->priv->grant_resource,
-								session->priv->grant_system_bus_name_unique_name_restriction,
-								FALSE)) {
-			g_warning ("Could not remove tmp priv '%s' to uid %d for resource '%s' on connection '%s'",
-				   session->priv->grant_privilege,
-				   session->priv->grant_to_uid,
-				   session->priv->grant_resource,
-				   session->priv->grant_system_bus_name_unique_name_restriction);
-		}
-	}
-}
diff --git a/polkitd/polkit-session.h b/polkitd/polkit-session.h
deleted file mode 100644
index 19fac2f..0000000
--- a/polkitd/polkit-session.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-session.h : Session object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifndef _POLKIT_SESSION_H
-#define _POLKIT_SESSION_H
-
-#include <unistd.h>
-#include <glib.h>
-#include <glib-object.h>
-#include <dbus/dbus-glib.h>
-
-#include "polkit-manager.h"
-
-GQuark polkit_session_error_quark (void);
-
-#define POLKIT_SESSION_ERROR (polkit_session_error_quark ())
-
-typedef enum
-{
-        POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS = 0,
-        POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED = 1,
-	POLKIT_SESSION_ERROR_NO_QUESTIONS = 2,
-	POLKIT_SESSION_ERROR_AUTHENTICATION_WAS_NOT_DENIED = 3,
-	POLKIT_SESSION_ERROR_NO_RESOURCES = 4,
-        POLKIT_SESSION_ERROR_AUTHENTICATION_NOT_DONE = 5,
-        POLKIT_SESSION_ERROR_AUTHENTICATION_FAILED = 6,
-        POLKIT_SESSION_ERROR_NOT_INITIATOR = 7,
-        POLKIT_SESSION_NUM_ERRORS
-} PolkitSessionError;
-
-GType polkit_session_error_get_type (void);
-#define POLKIT_SESSION_TYPE_ERROR (polkit_session_error_get_type ())
-
-typedef struct PolicyKitSession PolicyKitSession;
-typedef struct PolicyKitSessionClass PolicyKitSessionClass;
-
-GType polkit_session_get_type (void);
-
-typedef struct PolicyKitSessionPrivate PolicyKitSessionPrivate;
-
-struct PolicyKitSession
-{
-	GObject parent;
-
-	PolicyKitSessionPrivate *priv;
-};
-
-struct PolicyKitSessionClass
-{
-	GObjectClass parent;
-};
-
-#define POLKIT_TYPE_SESSION              (polkit_session_get_type ())
-#define POLKIT_SESSION(object)           (G_TYPE_CHECK_INSTANCE_CAST ((object), POLKIT_TYPE_SESSION, PolicyKitSession))
-#define POLKIT_SESSION_CLASS(klass)      (G_TYPE_CHECK_CLASS_CAST ((klass), POLKIT_TYPE_SESSION, PolicyKitSessionClass))
-#define POLKIT_IS_SESSION(object)        (G_TYPE_CHECK_INSTANCE_TYPE ((object), POLKIT_TYPE_SESSION))
-#define POLKIT_IS_SESSION_CLASS(klass)   (G_TYPE_CHECK_CLASS_TYPE ((klass), POLKIT_TYPE_SESSION))
-#define POLKIT_SESSION_GET_CLASS(obj)    (G_TYPE_INSTANCE_GET_CLASS ((obj), POLKIT_TYPE_SESSION, PolicyKitSessionClass))
-
-PolicyKitSession *polkit_session_new                         (DBusGConnection    *connection, 
-							      PolicyKitManager   *manager,
-							      uid_t               calling_uid,
-							      const char         *calling_dbus_name,
-							      uid_t               uid,
-							      const char         *privilege,
-							      const char         *resource,
-							      gboolean            auth_as_root);
-
-/* remote methods */
-
-gboolean          polkit_session_is_authenticated            (PolicyKitSession      *session,
-							      DBusGMethodInvocation *context);
-
-gboolean          polkit_session_initiate_auth               (PolicyKitSession      *session, 
-							      DBusGMethodInvocation *context);
-
-gboolean          polkit_session_get_questions               (PolicyKitSession      *session, 
-							      DBusGMethodInvocation *context);
-
-gboolean          polkit_session_provide_answers             (PolicyKitSession      *session, 
-							      char                 **answers, 
-							      DBusGMethodInvocation *context);
-
-gboolean          polkit_session_close                       (PolicyKitSession      *session, 
-							      DBusGMethodInvocation *context);
-
-gboolean          polkit_session_get_auth_details            (PolicyKitSession      *session, 
-							      DBusGMethodInvocation *context);
-
-gboolean          polkit_session_get_auth_denied_reason      (PolicyKitSession      *session, 
-							      DBusGMethodInvocation *context);
-
-gboolean          polkit_session_grant_privilege_temporarily (PolicyKitSession      *session, 
-							      gboolean               restrict_to_callers_system_bus_unique_name,
-							      DBusGMethodInvocation *context);
-
-/* local methods */
-
-void              polkit_session_initiator_disconnected      (PolicyKitSession      *session);
-
-
-#endif /* _POLKIT_SESSION_H */
diff --git a/polkitd/polkitd-test.c b/polkitd/polkitd-test.c
deleted file mode 100644
index 3d37955..0000000
--- a/polkitd/polkitd-test.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkitd-test.c : Test harness for PolicyKit daemon
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307	 USA
- *
- **************************************************************************/
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-
-#include "policy.h"
-
-static char *testdir;
-
-static void 
-my_exit (int exit_code)
-{
-	int rc;
-	GDir *dir;
-	GError *err;
-	const char *f;
-
-	g_print ("Removing tmpdir '%s'\n", testdir);
-	
-	err = NULL;
-	if ((dir = g_dir_open (testdir, 0, &err)) == NULL) {
-		g_warning ("Unable to open %s: %s", testdir, err->message);
-		g_error_free (err);
-		goto error;
-	}
-	while ((f = g_dir_read_name (dir)) != NULL) {
-		char *file;
-
-		file = g_strdup_printf ("%s/%s", testdir, f);
-		rc = g_unlink (file);
-		if (rc != 0) {
-			g_warning ("Unable to unlink %s: %d (%s)", file, errno, strerror (errno));
-			goto error;
-		}
-		g_free (file);
-	}
-
-	g_dir_close (dir);
-	
-	rc = g_rmdir (testdir);
-	if (rc != 0) {
-		g_warning ("Unable to rmdir %s: %d (%s)", testdir, errno, strerror (errno));
-		goto error;
-	}
-
-error:	
-	exit (exit_code);
-}
-
-static void 
-do_check (const char *policy,
-	  uid_t uid,
-	  int num_gids,
-	  gid_t *gids,
-	  const char *resource,
-	  gboolean expected)
-{
-	int i;
-	gboolean allowed;
-	gboolean is_temporary;
-	char *gidstring;
-	char **out_is_privileged_but_restricted; 
-	GString *str;
-
-	str = g_string_new ("");
-	for (i = 0; i < num_gids; i++) {
-		if (i != 0)
-			g_string_append (str, ", ");
-		g_string_append_printf (str, "%d", gids[i]);
-	}
-	gidstring = g_string_free (str, FALSE);
-
-	if (POLICY_RESULT_OK != policy_is_uid_gid_allowed_for_policy ( uid, 
-								       num_gids, 
-								       gids, 
-								       policy, 
-								       resource, 
-								       &allowed, 
-								       &is_temporary, 
-							  	       out_is_privileged_but_restricted,
-								       NULL, NULL)) {
-		g_warning ("fail: no policy %s", policy);
-		my_exit (1);
-	}
-	
-	if (allowed != expected) {
-		g_warning ("fail: for uid %d (gids %s) expected %s on privilege '%s' for resource '%s' but got %s", 
-			   uid, gidstring, 
-			   expected ? "TRUE" : "FALSE", 
-			   policy, 
-			   (char*) (resource != NULL ? resource : ""), 
-			   allowed ? "TRUE" : "FALSE");
-		my_exit (1);
-	}
-	
-	g_print ("pass: uid %d (gids %s) got %s on privilege '%s' for resource '%s'\n", 
-		 uid, gidstring, 
-		 expected ? "TRUE " : "FALSE", 
-		 policy, 
-		 (char*) (resource != NULL ? resource : ""));
-
-	g_free (gidstring);
-}
-
-static void
-write_test_policy (const char *policy, const char *allow_rule, const char *deny_rule)
-{
-	char *file;
-	FILE *f;
-
-	file = g_strdup_printf ("%s/%s.privilege", testdir, policy);
-	f = fopen (file, "w");
-	if (f == NULL) {
-		g_warning ("Cannot created test policy '%s'", file);
-		my_exit (1);
-	}
-	fprintf (f, 
-		 "[Privilege]\n"
-		 "SufficientPrivileges=\n"
-		 "RequiredPrivileges=\n"
-		 "Allow=%s\n"
-		 "Deny=%s\n", 
-		 allow_rule, deny_rule);
-	fclose (f);
-
-	g_print ("Created test policy '%s' at '%s'\n"
-		 "  Allow '%s'\n"
-		 "  Deny  '%s'\n",
-		 policy, file, allow_rule, deny_rule);
-
-	g_free (file);
-}
-
-static void
-do_read_tests (void)
-{
-	gid_t gid500[1] = {500};
-	int gid500_len = sizeof (gid500) / sizeof (gid_t);
-	gid_t gid501[1] = {501};
-	int gid501_len = sizeof (gid501) / sizeof (gid_t);
-	gid_t gid502[1] = {502};
-	int gid502_len = sizeof (gid502) / sizeof (gid_t);
-
-	gid_t gid500_1[2] = {500, 1};
-	int gid500_1_len = sizeof (gid500_1) / sizeof (gid_t);
-	gid_t gid501_1[2] = {501, 1};
-	int gid501_1_len = sizeof (gid501_1) / sizeof (gid_t);
-	gid_t gid502_1[2] = {502, 1};
-	int gid502_1_len = sizeof (gid502_1) / sizeof (gid_t);
-
-	/* feel free to add more tests here */
-
-	write_test_policy ("test0", "uid:__none__ uid:500", "");
-	do_check ("test0", 500, gid500_len, gid500, NULL, TRUE);
-	do_check ("test0", 501, gid501_len, gid501, NULL, FALSE);
-	do_check ("test0", 502, gid502_len, gid502, NULL, FALSE);
-
-	write_test_policy ("test1", "uid:__all__", "uid:500:res0");
-	do_check ("test1", 500, gid500_len, gid500, NULL, TRUE);
-	do_check ("test1", 501, gid501_len, gid501, NULL, TRUE);
-	do_check ("test1", 502, gid502_len, gid502, NULL, TRUE);
-	do_check ("test1", 500, gid500_len, gid500, "res0", FALSE);
-	do_check ("test1", 501, gid501_len, gid501, "res0", TRUE);
-	do_check ("test1", 502, gid502_len, gid502, "res0", TRUE);
-	do_check ("test1", 500, gid500_len, gid500, "res1", TRUE);
-	do_check ("test1", 501, gid501_len, gid501, "res1", TRUE);
-	do_check ("test1", 502, gid502_len, gid502, "res1", TRUE);
-	
-	write_test_policy ("test2", "gid:1", "uid:501");	
-	do_check ("test2", 500, gid500_len, gid500, NULL, FALSE);
-	do_check ("test2", 501, gid501_len, gid501, NULL, FALSE);
-	do_check ("test2", 502, gid502_len, gid502, NULL, FALSE);
-	do_check ("test2", 500, gid500_1_len, gid500_1, NULL, TRUE);
-	do_check ("test2", 501, gid501_1_len, gid501_1, NULL, FALSE);
-	do_check ("test2", 502, gid502_1_len, gid502_1, NULL, TRUE);
-	
-	write_test_policy ("test3", "gid:1 uid:502:res1", "uid:501 uid:500:res0");	
-	do_check ("test3", 500, gid500_1_len, gid500_1, "res0", FALSE);
-	do_check ("test3", 501, gid501_1_len, gid501_1, "res0", FALSE);
-	do_check ("test3", 502, gid502_1_len, gid502_1, "res0", TRUE);
-	do_check ("test3", 500, gid500_1_len, gid500_1, "res1", TRUE);
-	do_check ("test3", 501, gid501_1_len, gid501_1, "res1", FALSE);
-	do_check ("test3", 502, gid502_1_len, gid502_1, "res1", TRUE);
-	do_check ("test3", 500, gid500_len, gid500, "res1", FALSE);
-	do_check ("test3", 501, gid501_len, gid501, "res1", FALSE);
-	do_check ("test3", 502, gid502_len, gid502, "res1", TRUE);
-
-	write_test_policy ("test4", "gid:1:res1 uid:500:res2", "gid:502:res2");	
-	do_check ("test4", 500, gid500_1_len, gid500_1, "res0", FALSE);
-	do_check ("test4", 501, gid501_1_len, gid501_1, "res0", FALSE);
-	do_check ("test4", 502, gid502_1_len, gid502_1, "res0", FALSE);
-	do_check ("test4", 500, gid500_1_len, gid500_1, "res1", TRUE);
-	do_check ("test4", 501, gid501_1_len, gid501_1, "res1", TRUE);
-	do_check ("test4", 502, gid502_1_len, gid502_1, "res1", TRUE);
-	do_check ("test4", 500, gid500_len, gid500, "res2", TRUE);
-	do_check ("test4", 501, gid501_len, gid501, "res2", FALSE);
-	do_check ("test4", 502, gid502_len, gid502, "res2", FALSE);
-
-	write_test_policy ("test5", "gid:1", "uid:500:res-has-:colon-in-name");	
-	do_check ("test5", 500, gid500_1_len, gid500_1, "res-has-:colon-in-name", FALSE);
-	do_check ("test5", 501, gid501_1_len, gid501_1, "res-has-:colon-in-name", TRUE);
-	do_check ("test5", 502, gid502_1_len, gid502_1, "res-has-:colon-in-name", TRUE);
-	do_check ("test5", 500, gid500_len, gid500, "res-has-:colon-in-name", FALSE);
-	do_check ("test5", 501, gid501_len, gid501, "res-has-:colon-in-name", FALSE);
-	do_check ("test5", 502, gid502_len, gid502, "res-has-:colon-in-name", FALSE);
-
-}
-
-int 
-main (int argc, char *argv[])
-{
-	int i;
-	GList *l;
-	GList *policies;
-
-	testdir = g_strdup ("/tmp/policy-test-XXXXXX");
-	testdir = mkdtemp (testdir);
-	if (testdir == NULL) {
-		g_warning ("Cannot create tmpdir, errno %d (%s)", errno, strerror (errno));
-		g_free (testdir);
-		exit (1);
-	}
-
-	g_message ("policy-test started; using tmpdir=%s", testdir);
-
-	policy_util_set_policy_directory (testdir);
-
-	do_read_tests ();
-
-	if (policy_get_policies (&policies) != POLICY_RESULT_OK) {
-		g_message ("Cannot get policies");
-		goto fail;
-	}
-	g_print ("Loaded %d policies\n", g_list_length (policies));
-	for (l = policies, i = 0; l != NULL; l = g_list_next (l), i++) {
-		const char *policy;
-		policy = (const char *) l->data;
-		g_print (" policy %d: '%s'\n", i, policy);
-	}
-	g_list_foreach (policies, (GFunc) g_free, NULL);
-	g_list_free (policies);
-
-	g_print ("policy-test completed\n");
-
-	my_exit (0);
-
-fail:
-	my_exit (1);
-	return 1;
-}
diff --git a/polkitd/run-polkitd.sh b/polkitd/run-polkitd.sh
deleted file mode 100755
index c8ce52f..0000000
--- a/polkitd/run-polkitd.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-./polkitd --no-daemon --verbose
-
-
-
-
diff --git a/polkitd/valgrind-polkitd.sh b/polkitd/valgrind-polkitd.sh
deleted file mode 100755
index 208d38a..0000000
--- a/polkitd/valgrind-polkitd.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-valgrind --num-callers=20 --show-reachable=yes --leak-check=yes --tool=memcheck ./polkitd --no-daemon --verbose
-
diff --git a/privileges/.gitignore b/privileges/.gitignore
deleted file mode 100644
index 8f1b0d9..0000000
--- a/privileges/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-Makefile
-Makefile.in
-*.o
diff --git a/privileges/Makefile.am b/privileges/Makefile.am
deleted file mode 100644
index ba9463c..0000000
--- a/privileges/Makefile.am
+++ /dev/null
@@ -1,7 +0,0 @@
-
-privilegedir = $(sysconfdir)/PolicyKit/privilege.d
-
-dist_privilege_DATA = desktop-console.privilege
-
-clean-local :
-	rm -f *~
diff --git a/privileges/desktop-console.privilege b/privileges/desktop-console.privilege
deleted file mode 100644
index dbd4712..0000000
--- a/privileges/desktop-console.privilege
+++ /dev/null
@@ -1,14 +0,0 @@
-
-# This privilege signfies that users holding it are logged into a
-# physical console attached to the system. Thus, it is useful for
-# other privileges for manipulating local devices to simply require
-# this privilege. 
-
-[Privilege]
-RequiredPrivileges=
-SufficientPrivileges=
-Allow=
-Deny=
-CanObtain=False
-CanGrant=False
-ObtainRequireRoot=True
diff --git a/tools/Makefile.am b/tools/Makefile.am
index a16814b..3f2f794 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -12,26 +12,7 @@ INCLUDES = \
 	@GLIB_CFLAGS@ \
 	@DBUS_CFLAGS@
 
-bin_PROGRAMS =                    \
-	polkit-is-privileged      \
-	polkit-list-privileges    \
-	polkit-grant-privilege	  \
-	polkit-revoke-privilege
-
-polkit_is_privileged_SOURCES = polkit-is-privileged.c
-polkit_is_privileged_LDADD = @DBUS_CFLAGS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
-
-polkit_list_privileges_SOURCES = polkit-list-privileges.c
-polkit_list_privileges_LDADD = @DBUS_CFLAGS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
-
-polkit_grant_privilege_SOURCES= \
-	polkit-grant-privilege.c
-
-polkit_grant_privilege_LDADD= @DBUS_GLIB_LIBS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la $(top_builddir)/libpolkit/libpolkit-grant.la
-
-polkit_revoke_privilege_SOURCES= \
-	polkit-revoke-privilege.c
-polkit_revoke_privilege_LDADD= @DBUS_GLIB_LIBS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
+bin_PROGRAMS =
 
 clean-local :
 	rm -f *~
diff --git a/tools/polkit-grant-privilege.c b/tools/polkit-grant-privilege.c
deleted file mode 100644
index 24b32d4..0000000
--- a/tools/polkit-grant-privilege.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-grant-privilege.c : Grant privileges
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-#include <libpolkit/libpolkit-grant.h>
-
-
-static gboolean is_verbose = FALSE;
-
-
-static void
-questions_cb (LibPolKitGrantContext  *ctx, 
-	      const char            **questions,
-	      gpointer                user_data)
-{
-	int i;
-	int num_a;
-	char **answers;
-	static gboolean showed_user = FALSE;
-
-
-	/* print banner for user if we are going to ask questions */
-	if (!showed_user) {
-		const char *auth_user;
-		const char *auth_pam_svc;
-
-		showed_user = TRUE;
-
-		auth_user = libpolkit_grant_get_user_for_auth (ctx);
-		auth_pam_svc = libpolkit_grant_get_pam_service_for_auth (ctx);
-
-		if (libpolkit_grant_get_resource (ctx) != NULL) {
-			g_print ("\n"
-				 "Authentication needed for user '%s' in order to grant the\n"
-				 "privilege '%s' to user '%s' for the \n"
-				 "resource '%s'.\n"
-				 "\n"
-				 "The privilege is configured to use PAM service '%s'.\n"
-				 "\n",
-				 auth_user,
-				 libpolkit_grant_get_privilege (ctx), 
-				 libpolkit_grant_get_user (ctx), 
-				 libpolkit_grant_get_resource (ctx),
-				 auth_pam_svc);
-		} else {
-			g_print ("\n"
-				 "Authentication needed for user '%s' in order to grant the\n"
-				 "privilege '%s' to user '%s'.\n"
-				 "\n"
-				 "The privilege is configured to use PAM service '%s'.\n"
-				 "\n",
-				 auth_user,
-				 libpolkit_grant_get_privilege (ctx), 
-				 libpolkit_grant_get_user (ctx),
-				 auth_pam_svc);
-		}
-	}
-
-
-	answers = g_new0 (char *, g_strv_length ((char **) questions) + 1);
-	num_a = 0;
-
-	for (i = 0; questions[i] != NULL && questions[i+1] != NULL; i++) {
-		char *answer;
-		const char *question = questions[i+1];
-		const char *qtype = questions[i];
-
-		/*g_debug ("Question 1: '%s' (pamtype %s)\n(warning; secret will be echoed to stdout)", question, qtype);*/
-
-		if (strcmp (qtype, "PamPromptEchoOff") == 0) {
-			answer = getpass (question);
-			answers[num_a++] = g_strdup (answer);
-
-			/*g_debug ("Provding answer: '%s'", answer);*/
-
-		} else if (strcmp (qtype, "PamPromptEchoOn") == 0) {
-			char buf[1024];
-
-			fputs (question, stderr);
-			answer = fgets ((char *) question, sizeof (buf), stdin);
-			answers[num_a++] = g_strdup (answer);
-
-			/*g_debug ("Provding answer: '%s'", answer);*/
-
-		} else if (strcmp (qtype, "PamErrorMsg") == 0) {
-			/*g_debug ("Not providing answer");*/
-			;
-		} else if (strcmp (qtype, "PamTextInfo") == 0) {
-			/*g_debug ("Not providing answer");*/
-			;
-		} 
-	}
-	answers[num_a] = NULL;
-
-	libpolkit_grant_provide_answers (ctx, (const char **) answers);
-
-	g_strfreev (answers);
-}
-
-static void
-grant_complete_cb (LibPolKitGrantContext  *ctx, 
-		   gboolean                obtained_privilege,
-		   const char             *reason_not_obtained,
-		   gpointer                user_data)
-{
-	if (!obtained_privilege) {
-		g_print ("Privilege not granted: %s\n", reason_not_obtained != NULL ? reason_not_obtained : "(null)");
-	} else {
-		/* keep the privilege */
-		libpolkit_grant_close (ctx, FALSE);
-	}
-
-	libpolkit_grant_free_context (ctx);
-
-	exit (0);
-}
-
-
-
-static void
-usage (int argc, char *argv[])
-{
-	fprintf (stderr, "polkit-grant-privilege version " PACKAGE_VERSION "\n");
-
-	fprintf (stderr, "\n" "usage : %s -p <privilege> [-u user] [-r <resource>]\n", argv[0]);
-	fprintf (stderr,
-		 "\n"
-		 "Options:\n"
-		 "    -u, --user           User to grant privilege to\n"
-		 "    -p, --privilege      Privilege to grant\n"
-		 "    -r, --resource       Resource\n"
-		 "    -h, --help           Show this information and exit\n"
-		 "    -v, --verbose        Verbose operation\n"
-		 "    -V, --version        Print version number\n"
-		 "\n"
-		 "Grant a privilege for accessing a resource. The resource may\n"
-		 "be omitted.\n");
-}
-
-int
-main (int argc, char **argv)
-{
-	int rc;
-	GError *error = NULL;
-	DBusGConnection *bus;
-	char *user = NULL;
-	char *resource = NULL;
-	char *privilege = NULL;
-	static const struct option long_options[] = {
-		{"user", required_argument, NULL, 'u'},
-		{"resource", required_argument, NULL, 'r'},
-		{"privilege", required_argument, NULL, 'p'},
-		{"help", no_argument, NULL, 'h'},
-		{"verbose", no_argument, NULL, 'v'},
-		{"version", no_argument, NULL, 'V'},
-		{NULL, 0, NULL, 0}
-	};
-	gboolean is_privileged = FALSE;
-	gboolean is_temporary = FALSE;
-	LibPolKitResult result;
-	LibPolKitGrantContext *gctx;
-	LibPolKitContext *ctx;
-	GMainLoop *mainloop;
-
-	g_type_init ();
-
-	mainloop = g_main_loop_new (NULL, FALSE);
-
-
-	rc = 1;
-
-	while (TRUE) {
-		int c;
-		
-		c = getopt_long (argc, argv, "u:r:p:hVv", long_options, NULL);
-
-		if (c == -1)
-			break;
-		
-		switch (c) {
-		case 'u':
-			user = g_strdup (optarg);
-			break;
-
-		case 'r':
-			resource = g_strdup (optarg);
-			break;
-
-		case 'p':
-			privilege = g_strdup (optarg);
-			break;
-			
-		case 'v':
-			is_verbose = TRUE;
-			break;
-
-		case 'h':
-			usage (argc, argv);
-			rc = 0;
-			goto out;
-
-		case 'V':
-			printf ("polkit-grant-privilege version " PACKAGE_VERSION "\n");
-			rc = 0;
-			goto out;
-			
-		default:
-			usage (argc, argv);
-			goto out;
-		}
-	}
-
-	if (privilege == NULL) {
-		usage (argc, argv);
-		return 1;
-	}
-
-	if (user == NULL) {
-		user = g_strdup (g_get_user_name ());
-	}
-
-	bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
-	if (bus == NULL) {
-		g_warning ("dbus_g_bus_get: %s", error->message);
-		g_error_free (error);
-		return 1;
-	}
-
-	gctx = libpolkit_grant_new_context (bus,
-					    user,
-					    privilege,
-					    resource,
-					    FALSE,
-					    NULL);
-	if (gctx == NULL) {
-		g_warning ("Cannot initialize new grant context");
-		goto out;
-	}
-
-	ctx = libpolkit_grant_get_libpolkit_context (gctx);
-	result = libpolkit_is_uid_allowed_for_privilege (ctx,
-							 NULL,
-							 user,
-							 privilege,
-							 resource,
-							 &is_privileged,
-							 &is_temporary,
-							 NULL);
-	switch (result) {
-	case LIBPOLKIT_RESULT_OK:
-		if (is_privileged) {
-			if (resource == NULL) {
-				g_print ("User '%s' already has privilege '%s'.\n", user, privilege);
-			} else {
-				g_print ("User '%s' already has privilege '%s' for accessing\n"
-					 "resource '%s'.\n", 
-					 user, privilege, resource);
-			}
-			rc = 0;
-			goto out;
-		}
-		break;
-
-	case LIBPOLKIT_RESULT_ERROR:
-		g_print ("Error granting resource.\n");
-		goto out;
-
-	case LIBPOLKIT_RESULT_INVALID_CONTEXT:
-		g_print ("Invalid context.\n");
-		goto out;
-
-	case LIBPOLKIT_RESULT_NOT_PRIVILEGED:
-		g_print ("Not privileged.\n");
-		goto out;
-
-	case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
-		g_print ("No such privilege '%s'.\n", privilege);
-		goto out;
-
-	case LIBPOLKIT_RESULT_NO_SUCH_USER:
-		g_print ("No such user '%s'.\n", user);
-		goto out;
-	}
-
-	libpolkit_grant_set_questions_handler (gctx, questions_cb);
-	libpolkit_grant_set_grant_complete_handler (gctx, grant_complete_cb);
-
-	if (!libpolkit_grant_initiate_temporary_grant (gctx)) {
-		g_warning ("Cannot initiate temporary grant; bailing out");
-		goto out;
-	}
-
-	g_main_loop_run (mainloop);
-
-out:
-	return rc;
-}
diff --git a/tools/polkit-is-privileged.c b/tools/polkit-is-privileged.c
deleted file mode 100644
index e6e0cf6..0000000
--- a/tools/polkit-is-privileged.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-is-privileged.c : Determine if a user has privileges
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <dbus/dbus.h>
-
-#include <libpolkit/libpolkit.h>
-
-static void
-usage (int argc, char *argv[])
-{
-	fprintf (stderr, "polkit-is-privileged version " PACKAGE_VERSION "\n");
-
-	fprintf (stderr, 
-		 "\n" 
-		 "usage : %s -u <uid> -p <privilege> [-r <resource>]\n" 
-		 "        [-s <system-bus-connection-name>]", argv[0]);
-	fprintf (stderr,
-		 "\n"
-		 "Options:\n"
-		 "    -u, --user                    Username or user id\n"
-		 "    -s, --system-bus-unique-name  Unique system bus connection name\n"
-		 "    -r, --resource                Resource\n"
-		 "    -p, --privilege               Privilege to test for\n"
-		 "    -h, --help                    Show this information and exit\n"
-		 "    -v, --verbose                 Verbose operation\n"
-		 "    -V, --version                 Print version number\n"
-		 "\n"
-		 "Queries system policy whether a given user is allowed for a given\n"
-		 "privilege for a given resource. The resource may be omitted.\n"
-		 "\n");
-}
-
-int 
-main (int argc, char *argv[])
-{
-	int rc;
-	char *user = NULL;
-	char *privilege = NULL;
-	char *resource = NULL;
-	char *system_bus_unique_name = NULL;
-	static const struct option long_options[] = {
-		{"user", required_argument, NULL, 'u'},
-		{"system-bus-unique-name", required_argument, NULL, 's'},
-		{"resource", required_argument, NULL, 'r'},
-		{"privilege", required_argument, NULL, 'p'},
-		{"help", no_argument, NULL, 'h'},
-		{"verbose", no_argument, NULL, 'v'},
-		{"version", no_argument, NULL, 'V'},
-		{NULL, 0, NULL, 0}
-	};
-	LibPolKitContext *ctx = NULL;
-	gboolean is_allowed;
-	gboolean is_temporary;
-	LibPolKitResult result;
-	gboolean is_verbose = FALSE;
-	DBusError error;
-	DBusConnection *connection;
-
-	rc = 1;
-	
-	while (TRUE) {
-		int c;
-		
-		c = getopt_long (argc, argv, "u:r:p:s:hVv", long_options, NULL);
-
-		if (c == -1)
-			break;
-		
-		switch (c) {
-		case 's':
-			system_bus_unique_name = g_strdup (optarg);
-			break;
-
-		case 'u':
-			user = g_strdup (optarg);
-			break;
-			
-		case 'r':
-			resource = g_strdup (optarg);
-			break;
-			
-		case 'p':
-			privilege = g_strdup (optarg);
-			break;
-			
-		case 'v':
-			is_verbose = TRUE;
-			break;
-
-		case 'h':
-			usage (argc, argv);
-			rc = 0;
-			goto out;
-
-		case 'V':
-			printf ("polkit-is-privileged version " PACKAGE_VERSION "\n");
-			rc = 0;
-			goto out;
-			
-		default:
-			usage (argc, argv);
-			goto out;
-		}
-	}
-
-	if (user == NULL || privilege == NULL) {
-		usage (argc, argv);
-		return 1;
-	}
-
-	if (is_verbose) {
-		printf ("user      = '%s'\n", user);
-		printf ("privilege = '%s'\n", privilege);
-		printf ("resource  = '%s'\n", resource);
-	}
-
-	dbus_error_init (&error);
-	connection = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
-	if (connection == NULL) {
-		g_warning ("Cannot connect to system message bus");
-		return 1;
-	}
-
-
-	ctx = libpolkit_new_context (connection);
-	if (ctx == NULL) {
-		g_warning ("Cannot get libpolkit context");
-		goto out;
-	}
-
-	result = libpolkit_is_uid_allowed_for_privilege (ctx, 
-							 system_bus_unique_name,
-							 user,
-							 privilege,
-							 resource,
-							 &is_allowed,
-							 &is_temporary,
-							 NULL);
-	switch (result) {
-	case LIBPOLKIT_RESULT_OK:
-		rc = is_allowed ? 0 : 1;
-		break;
-
-	case LIBPOLKIT_RESULT_ERROR:
-		g_warning ("Error determing whether user is privileged.");
-		break;
-
-	case LIBPOLKIT_RESULT_INVALID_CONTEXT:
-		g_print ("Invalid context.\n");
-		goto out;
-
-	case LIBPOLKIT_RESULT_NOT_PRIVILEGED:
-		g_print ("Not privileged.\n");
-
-	case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
-		g_print ("No such privilege '%s'.\n", privilege);
-		goto out;
-
-	case LIBPOLKIT_RESULT_NO_SUCH_USER:
-		g_print ("No such user '%s'.\n", user);
-		goto out;
-	}
-
-	if (is_verbose) {
-		printf ("result %d\n", result);
-		printf ("is_allowed %d\n", is_allowed);
-	}
-
-out:
-	if (ctx != NULL)
-		libpolkit_free_context (ctx);
-
-	return rc;
-}
-
diff --git a/tools/polkit-list-privileges.c b/tools/polkit-list-privileges.c
deleted file mode 100644
index bd7e941..0000000
--- a/tools/polkit-list-privileges.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-list-privileges.c : List privileges possesed by a user
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <dbus/dbus.h>
-
-#include <libpolkit/libpolkit.h>
-
-static void
-usage (int argc, char *argv[])
-{
-	fprintf (stderr, "polkit-list-privileges version " PACKAGE_VERSION "\n");
-
-	fprintf (stderr, "\n" "usage : %s [-u <user>]\n", argv[0]);
-	fprintf (stderr,
-		 "\n"
-		 "Options:\n"
-		 "    -u, --user           Username or user id\n"
-		 "    -h, --help           Show this information and exit\n"
-		 "    -v, --verbose        Verbose operation\n"
-		 "    -V, --version        Print version number\n"
-		 "\n"
-		 "Lists privileges for a given user.\n"
-		 "\n");
-}
-
-int 
-main (int argc, char *argv[])
-{
-	int rc;
-	char *user = NULL;
-	static const struct option long_options[] = {
-		{"user", required_argument, NULL, 'u'},
-		{"help", no_argument, NULL, 'h'},
-		{"verbose", no_argument, NULL, 'v'},
-		{"version", no_argument, NULL, 'V'},
-		{NULL, 0, NULL, 0}
-	};
-	LibPolKitContext *ctx = NULL;
-	gboolean is_verbose = FALSE;
-	DBusError error;
-	DBusConnection *connection;
-	int i;
-	GList *l;
-	GList *privilege_list;
-
-	rc = 1;
-	
-	while (TRUE) {
-		int c;
-		
-		c = getopt_long (argc, argv, "u:p:hVv", long_options, NULL);
-
-		if (c == -1)
-			break;
-		
-		switch (c) {
-		case 'u':
-			user = g_strdup (optarg);
-			break;
-			
-		case 'v':
-			is_verbose = TRUE;
-			break;
-
-		case 'h':
-			usage (argc, argv);
-			rc = 0;
-			goto out;
-
-		case 'V':
-			printf ("polkit-list-privileges version " PACKAGE_VERSION "\n");
-			rc = 0;
-			goto out;
-			
-		default:
-			usage (argc, argv);
-			goto out;
-		}
-	}
-
-	if (user == NULL) {
-		user = g_strdup (g_get_user_name ());
-	}
-
-	if (is_verbose) {
-		printf ("user     = '%s'\n", user);
-	}
-
-	dbus_error_init (&error);
-	connection = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
-	if (connection == NULL) {
-		g_warning ("Cannot connect to system message bus");
-		return 1;
-	}
-
-
-	ctx = libpolkit_new_context (connection);
-	if (ctx == NULL) {
-		g_warning ("Cannot get libpolkit context");
-		goto out;
-	}
-
-	if (libpolkit_get_privilege_list (ctx, &privilege_list) != LIBPOLKIT_RESULT_OK) {
-		g_warning ("Cannot get privilege_list");
-		goto out;
-	}
-	for (l = privilege_list, i = 0; l != NULL; l = g_list_next (l), i++) {
-		const char *privilege;
-		gboolean is_allowed;
-		gboolean is_temporary;
-		char *is_privileged_but_restricted_to;
-		GList *j;
-		GList *k;
-		GList *resources;
-		GList *restrictions;
-		int num_non_temporary;
-
-		privilege = (const char *) l->data;
-		if (is_verbose) {
-			g_print ("testing user %s for privilege '%s'\n", user, privilege);
-		}
-
-		if (libpolkit_is_uid_allowed_for_privilege (ctx, 
-							    NULL,
-							    user,
-							    privilege,
-							    NULL,
-							    &is_allowed,
-							    &is_temporary,
-							    &is_privileged_but_restricted_to) == LIBPOLKIT_RESULT_OK) {
-			if (is_allowed) {
-				g_print ("privilege %s%s\n", privilege, is_temporary ? " (temporary)" : "");
-			} else if (is_privileged_but_restricted_to != NULL) {
-				g_print ("privilege %s (temporary) (restricted to %s)\n", 
-					 privilege, is_privileged_but_restricted_to);
-			}
-
-			if (libpolkit_get_allowed_resources_for_privilege_for_uid (
-				    ctx, 
-				    user,
-				    privilege,
-				    &resources,
-				    &restrictions,
-				    &num_non_temporary) == LIBPOLKIT_RESULT_OK) {
-				int n;
-
-				for (j = resources, k = restrictions, n = 0; j != NULL; j = g_list_next (j), k = g_list_next (k), n++) {
-					const char *resource;
-					const char *restriction;
-					resource = (const char *) j->data;
-					restriction = (const char *) k->data;
-					g_print ("resource %s privilege %s%s", 
-						 resource, privilege,
-						 n >= num_non_temporary ? " (temporary)" : "");
-					if (strlen (restriction) > 0) 
-						g_print (" (restricted to %s)\n", restriction);
-					else
-						g_print ("\n");
-				}
-				g_list_foreach (resources, (GFunc) g_free, NULL);
-				g_list_free (resources);
-				g_list_foreach (restrictions, (GFunc) g_free, NULL);
-				g_list_free (restrictions);
-			}
-		}
-
-
-
-	}
-	g_list_foreach (privilege_list, (GFunc) g_free, NULL);
-	g_list_free (privilege_list);
-
-	rc = 0;
-
-out:
-	if (ctx != NULL)
-		libpolkit_free_context (ctx);
-
-	return rc;
-}
diff --git a/tools/polkit-revoke-privilege.c b/tools/polkit-revoke-privilege.c
deleted file mode 100644
index 2e75b8b..0000000
--- a/tools/polkit-revoke-privilege.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-grant-privilege.c : Grant privileges
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#  include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-
-static void
-usage (int argc, char *argv[])
-{
-	fprintf (stderr, "polkit-revoke-privilege version " PACKAGE_VERSION "\n");
-
-	fprintf (stderr, "\n" "usage : %s -p <privilege> [-u user] [-r <resource>]\n", argv[0]);
-	fprintf (stderr,
-		 "\n"
-		 "Options:\n"
-		 "    -u, --user           User to revoke privilege from\n"
-		 "    -p, --privilege      Privilege to revoke\n"
-		 "    -r, --resource       Resource\n"
-		 "    -h, --help           Show this information and exit\n"
-		 "    -v, --verbose        Verbose operation\n"
-		 "    -V, --version        Print version number\n"
-		 "\n"
-		 "Revokes a privilege for accessing a resource. The resource may\n"
-		 "be omitted.\n");
-}
-
-static gboolean is_verbose = FALSE;
-
-int
-main (int argc, char **argv)
-{
-	int rc;
-	GError *error = NULL;
-	DBusGConnection *bus;
-	LibPolKitContext *ctx;
-	char *user = NULL;
-	char *resource = NULL;
-	char *privilege = NULL;
-	static const struct option long_options[] = {
-		{"user", required_argument, NULL, 'u'},
-		{"resource", required_argument, NULL, 'r'},
-		{"privilege", required_argument, NULL, 'p'},
-		{"help", no_argument, NULL, 'h'},
-		{"verbose", no_argument, NULL, 'v'},
-		{"version", no_argument, NULL, 'V'},
-		{NULL, 0, NULL, 0}
-	};
-	gboolean was_revoked;
-
-	g_type_init ();
-
-	rc = 1;
-
-	while (TRUE) {
-		int c;
-		
-		c = getopt_long (argc, argv, "u:r:p:hVv", long_options, NULL);
-
-		if (c == -1)
-			break;
-		
-		switch (c) {
-		case 'u':
-			user = g_strdup (optarg);
-			break;
-
-		case 'r':
-			resource = g_strdup (optarg);
-			break;
-
-		case 'p':
-			privilege = g_strdup (optarg);
-			break;
-			
-		case 'v':
-			is_verbose = TRUE;
-			break;
-
-		case 'h':
-			usage (argc, argv);
-			rc = 0;
-			goto out;
-
-		case 'V':
-			printf ("polkit-grant-privilege version " PACKAGE_VERSION "\n");
-			rc = 0;
-			goto out;
-			
-		default:
-			usage (argc, argv);
-			goto out;
-		}
-	}
-
-	if (privilege == NULL) {
-		usage (argc, argv);
-		return 1;
-	}
-
-	if (user == NULL) {
-		user = g_strdup (g_get_user_name ());
-	}
-
-	bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
-	if (bus == NULL) {
-		g_warning ("dbus_g_bus_get: %s", error->message);
-		g_error_free (error);
-		return 1;
-	}
-
-	ctx = libpolkit_new_context (dbus_g_connection_get_connection (bus));
-
-	LibPolKitResult result;
-
-	result = libpolkit_revoke_temporary_privilege (ctx,
-						       user,
-						       privilege,
-						       resource,
-						       &was_revoked);
-	switch (result) {
-	case LIBPOLKIT_RESULT_OK:
-		if (was_revoked) {
-			if (resource == NULL) {
-				g_print ("Privilege '%s' succesfully revoked from user '%s'.\n", privilege, user);
-			} else {
-				g_print ("Privilege '%s' succesfully revoked from user '%s' on\n"
-					 "resource '%s'.\n", 
-					 privilege, user, resource);
-			}
-			rc = 0;
-			goto out;
-		}
-		break;
-
-	case LIBPOLKIT_RESULT_ERROR:
-		g_print ("Error: There was an error granting the privilege.\n");
-		goto out;
-
-	case LIBPOLKIT_RESULT_INVALID_CONTEXT:
-		g_print ("Error: Invalid context.\n");
-		goto out;
-
-	case LIBPOLKIT_RESULT_NOT_PRIVILEGED:
-		g_print ("Error: Not privileged to perform this operation.\n");
-		goto out;
-
-	case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
-		if (resource == NULL) {
-			g_print ("Error: User '%s' does not have privilege '%s'.\n", user, privilege);
-		} else {
-			g_print ("Error: User '%s' does not have privilege '%s' for accessing\n"
-				 "resource '%s'.\n", 
-				 user, privilege, resource);
-		}
-		goto out;
-
-	case LIBPOLKIT_RESULT_NO_SUCH_USER:
-		g_print ("Error: No such user '%s'.\n", user);
-		goto out;
-	}
-
-	
-out:
-	return rc;
-}


More information about the hal-commit mailing list