From 5968d166aac117ec986929b2f8fb9ce7fae2e599 Mon Sep 17 00:00:00 2001
From: Apple <opensource@apple.com>
Date: Wed, 7 Mar 2012 22:00:52 +0000
Subject: [PATCH] securityd-55126.2.tar.gz

---
 etc/authorization.merge             | 359 +++++++++++++++++++++++++++-
 etc/authorization.plist             | 344 +++++++++++++++++++++++++-
 securityd.xcodeproj/project.pbxproj |   8 +-
 src/AuthorizationEngine.cpp         |  11 +
 src/AuthorizationRule.cpp           |  84 ++++---
 src/authhost.cpp                    |  21 +-
 src/authhost.h                      |   2 +
 src/authority.cpp                   |   2 +-
 src/credential.cpp                  |  58 ++---
 src/credential.h                    |  26 +-
 src/server.h                        |   1 +
 src/session.cpp                     |   6 +
 src/session.h                       |   2 +
 13 files changed, 830 insertions(+), 94 deletions(-)
diff --git a/etc/authorization.merge b/etc/authorization.merge
index 93e32b4..b7b0367 100644
--- a/etc/authorization.merge
+++ b/etc/authorization.merge
@@ -569,6 +569,82 @@
 			<key>timeout</key>
 			<integer>60</integer>
 		</dict>
+		<key>com.apple.Safari.show-passwords</key>
+		<dict>
+			<key>class</key>
+			<string>user</string>
+			<key>comment</key>
+			<string>This right is used by Safari to show passwords </string>
+			<key>default-prompt</key>
+			<dict>
+				<key>ar</key>
+				<string>ÙØ­Ø§ÙÙ __APPNAME__ Ø¥Ø¸ÙØ§Ø± ÙÙÙØ§Øª Ø§ÙØ³Ø±.</string>
+				<key>ca</key>
+				<string>__APPNAME__ estÃ  intentant mostrar les contrasenyes.</string>
+				<key>cs</key>
+				<string>__APPNAME__ se pokouÅ¡Ã­ zobrazit hesla.</string>
+				<key>da</key>
+				<string>__APPNAME__ prÃ¸ver at vise adgangskoder.</string>
+				<key>de</key>
+				<string>__APPNAME__ versucht, KennwÃ¶rter einzublenden.</string>
+				<key>el</key>
+				<string>Î ÎµÏÎ±ÏÎ¼Î¿Î³Î® Â«__APPNAME__Â» ÏÏÎ¿ÏÏÎ±Î¸ÎµÎ¯ Î½Î± ÎµÎ¼ÏÎ±Î½Î¯ÏÎµÎ¹ ÏÏÎ½Î¸Î·Î¼Î±ÏÎ¹ÎºÎ¬.</string>
+				<key>en</key>
+				<string>__APPNAME__ is trying to show passwords.</string>
+				<key>es</key>
+				<string>__APPNAME__ estÃ¡ intentando mostrar las contraseÃ±as.</string>
+				<key>fi</key>
+				<string>__APPNAME__ yrittÃ¤Ã¤ nÃ¤yttÃ¤Ã¤ salasanat.</string>
+				<key>fr</key>
+				<string>__APPNAME__Â essaye dâafficher les mots de passe.</string>
+				<key>he</key>
+				<string>__APPNAME__ ×× ×¡× ×××¦×× ×¡××¡××××ª.</string>
+				<key>hr</key>
+				<string>__APPNAME__ pokuÅ¡ava prikazati lozinke.</string>
+				<key>hu</key>
+				<string>A(z) __APPNAME__ megprÃ³bÃ¡lja megjelenÃ­teni a jelszavakat.</string>
+				<key>it</key>
+				<string>__APPNAME__ tenta di mostrare le password.</string>
+				<key>ja</key>
+				<string>__APPNAME__ ã¯ããã¹ã¯ã¼ããè¡¨ç¤ºãããã¨ãã¦ãã¾ãã</string>
+				<key>ko</key>
+				<string>__APPNAME__ì´(ê°) ìí¸ë¥¼ ë³´ë ¤ê³  í©ëë¤.</string>
+				<key>nb</key>
+				<string>__APPNAME__ prÃ¸ver Ã¥ vise passord.</string>
+				<key>nl</key>
+				<string>__APPNAME__ probeert wachtwoorden te tonen.</string>
+				<key>pl</key>
+				<string>__APPNAME__ prÃ³buje pokazaÄ hasÅa.</string>
+				<key>pt</key>
+				<string>__APPNAME__ estÃ¡ tentando mostrar senhas.</string>
+				<key>pt-PT</key>
+				<string>O __APPNAME__ estÃ¡ a tentar mostrar palavrasâpasse.</string>
+				<key>ro</key>
+				<string>__APPNAME__ Ã®ncearcÄ sÄ afiÈeze parole.</string>
+				<key>ru</key>
+				<string>ÐÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð° Â«__APPNAME__Â» Ð¿ÑÑÐ°ÐµÑÑÑ Ð¿Ð¾ÐºÐ°Ð·Ð°ÑÑ Ð¿Ð°ÑÐ¾Ð»Ð¸.</string>
+				<key>sk</key>
+				<string>AplikÃ¡cia __APPNAME__ sa pokÃºÅ¡a zobraziÅ¥ heslÃ¡.</string>
+				<key>sv</key>
+				<string>__APPNAME__ fÃ¶rsÃ¶ker visa lÃ¶senord.</string>
+				<key>th</key>
+				<string>__APPNAME__ à¸à¸³à¸¥à¸±à¸à¸à¸¢à¸²à¸¢à¸²à¸¡à¹à¸ªà¸à¸à¸£à¸«à¸±à¸ªà¸à¹à¸²à¸</string>
+				<key>tr</key>
+				<string>__APPNAME__ parolalarÄ± gÃ¶stermeye Ã§alÄ±ÅÄ±yor.</string>
+				<key>uk</key>
+				<string>__APPNAME__ Ð½Ð°Ð¼Ð°Ð³Ð°ÑÑÑÑÑ Ð¿Ð¾ÐºÐ°Ð·Ð°ÑÐ¸ Ð¿Ð°ÑÐ¾Ð»Ñ.</string>
+				<key>zh-Hans</key>
+				<string>â__APPNAME__âÂ æ­£å¨å°è¯æ¾ç¤ºå¯ç ã</string>
+				<key>zh-Hant</key>
+				<string>â__APPNAME__â æ­£å¨åè©¦é¡¯ç¤ºå¯ç¢¼ã</string>
+			</dict>
+			<key>session-owner</key>
+			<true/>
+			<key>shared</key>
+			<false/>
+			<key>timeout</key>
+			<integer>10</integer>
+		</dict>
 		<key>com.apple.ServiceManagement.blesshelper</key>
 		<dict>
 			<key>class</key>
@@ -1982,6 +2058,139 @@
 			<key>shared</key>
 			<false/>
 		</dict>
+		<key>com.apple.library-repair</key>
+		<dict>
+			<key>class</key>
+			<string>user</string>
+			<key>default-button</key>
+			<dict>
+				<key>ar</key>
+				<string>ØªØµÙÙØ­</string>
+				<key>ca</key>
+				<string>Reparar</string>
+				<key>cs</key>
+				<string>Opravit</string>
+				<key>da</key>
+				<string>Reparer</string>
+				<key>de</key>
+				<string>Reparieren</string>
+				<key>el</key>
+				<string>ÎÏÎ¹ÏÎºÎµÏÎ®</string>
+				<key>en</key>
+				<string>Repair</string>
+				<key>es</key>
+				<string>Reparar</string>
+				<key>fi</key>
+				<string>Korjaa</string>
+				<key>fr</key>
+				<string>RÃ©parer</string>
+				<key>he</key>
+				<string>×ª×§×</string>
+				<key>hr</key>
+				<string>Popravi</string>
+				<key>hu</key>
+				<string>JavÃ­tÃ¡s</string>
+				<key>it</key>
+				<string>Ripara</string>
+				<key>ja</key>
+				<string>ä¿®å¾©</string>
+				<key>ko</key>
+				<string>ë³µêµ¬</string>
+				<key>nb</key>
+				<string>Reparer</string>
+				<key>nl</key>
+				<string>Herstel</string>
+				<key>pl</key>
+				<string>Napraw</string>
+				<key>pt</key>
+				<string>Reparar</string>
+				<key>pt-PT</key>
+				<string>Reparar</string>
+				<key>ro</key>
+				<string>ReparÄ</string>
+				<key>ru</key>
+				<string>ÐÑÐ¿ÑÐ°Ð²Ð¸ÑÑ</string>
+				<key>sk</key>
+				<string>OpraviÅ¥</string>
+				<key>sv</key>
+				<string>Reparera</string>
+				<key>th</key>
+				<string>à¸à¹à¸­à¸¡à¹à¸à¸¡</string>
+				<key>tr</key>
+				<string>Onar</string>
+				<key>uk</key>
+				<string>ÐÐ¾Ð»Ð°Ð³Ð¾Ð´Ð¸ÑÐ¸</string>
+				<key>zh-Hans</key>
+				<string>ä¿®å¤</string>
+				<key>zh-Hant</key>
+				<string>ä¿®å¾©</string>
+			</dict>
+			<key>default-prompt</key>
+			<dict>
+				<key>ar</key>
+				<string>ÙØ­Ø§ÙÙ __APPNAME__ ØªØµÙÙØ­ ÙÙØªØ¨Ø© Ø§ÙØµÙØ± Ø§ÙØ®Ø§ØµØ© Ø¨Ù.</string>
+				<key>ca</key>
+				<string>__APPNAME__ estÃ  provant de reparar la vostra fototeca.</string>
+				<key>cs</key>
+				<string>__APPNAME__ se pokouÅ¡Ã­ opravit vaÅ¡i knihovnu fotografiÃ­.</string>
+				<key>da</key>
+				<string>__APPNAME__ prÃ¸ver at reparere dit fotobibliotek.</string>
+				<key>de</key>
+				<string>__APPNAME__ versucht, Ihre Fotomediathek zu reparieren.</string>
+				<key>el</key>
+				<string>Î ÎµÏÎ±ÏÎ¼Î¿Î³Î® __APPNAME__ ÏÏÎ¿ÏÏÎ±Î¸ÎµÎ¯ Î½Î± ÎµÏÎ¹ÏÎºÎµÏÎ¬ÏÎµÎ¹ ÏÎ· Î²Î¹Î²Î»Î¹Î¿Î¸Î®ÎºÎ· ÏÏÏÎ¿Î³ÏÎ±ÏÎ¹ÏÎ½ ÏÎ±Ï.</string>
+				<key>en</key>
+				<string>__APPNAME__ is trying to repair your photo library.</string>
+				<key>es</key>
+				<string>__APPNAME__ estÃ¡ intentando reparar su fototeca.</string>
+				<key>fi</key>
+				<string>__APPNAME__ yrittÃ¤Ã¤ korjata kuvakirjastoasi.</string>
+				<key>fr</key>
+				<string>__APPNAME__ essaie de rÃ©parer votre bibliothÃ¨que de photos.</string>
+				<key>he</key>
+				<string>__APPNAME__ ×× ×¡× ××ª×§× ××ª ×¡×¤×¨×××ª ××ª××× ××ª ×©××.</string>
+				<key>hr</key>
+				<string>__APPNAME__ pokuÅ¡ava popraviti vaÅ¡u medijateku fotografija.</string>
+				<key>hu</key>
+				<string>A(z) __APPNAME__ megprÃ³bÃ¡lja kijavÃ­tani a fotÃ³kÃ¶nyvtÃ¡rat.</string>
+				<key>it</key>
+				<string>__APPNAME__ tenta di riparare la libreria foto.</string>
+				<key>ja</key>
+				<string>__APPNAME__ ã¯ããã©ãã©ã¤ãã©ãªãä¿®å¾©ãããã¨ãã¦ãã¾ãã</string>
+				<key>ko</key>
+				<string>__APPNAME__ì´(ê°) ì¬ì©ìì ì¬ì§ ë³´ê´í¨ì ë³µêµ¬íë ¤ê³  í©ëë¤.</string>
+				<key>nb</key>
+				<string>_APPNAME_ forsÃ¸ker Ã¥ reparere bildebiblioteket.</string>
+				<key>nl</key>
+				<string>__APPNAME__ probeert uw fotobibliotheek te herstellen.</string>
+				<key>pl</key>
+				<string>__APPNAME__ prÃ³buje naprawiÄ TwojÄ bibliotekÄ zdjÄÄ.</string>
+				<key>pt</key>
+				<string>__APPNAME__ estÃ¡ tentando reparar a sua fototeca.</string>
+				<key>pt-PT</key>
+				<string>__APPNAME__ estÃ¡ a tentar reparar a sua fototeca.</string>
+				<key>ro</key>
+				<string>__APPNAME__ Ã®ncearcÄ sÄ repare biblioteca dvs. foto.</string>
+				<key>ru</key>
+				<string>ÐÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð° Â«__APPNAME__Â» Ð¿ÑÑÐ°ÐµÑÑÑ Ð¸ÑÐ¿ÑÐ°Ð²Ð¸ÑÑ ÐÐ°ÑÑ Ð¼ÐµÐ´Ð¸Ð°ÑÐµÐºÑ.</string>
+				<key>sk</key>
+				<string>AplikÃ¡cia __APPNAME__ sa pokÃºÅ¡a opraviÅ¥ vaÅ¡u kniÅ¾nicu fotografiÃ­.</string>
+				<key>sv</key>
+				<string>__APPNAME__ fÃ¶rsÃ¶ker reparera ditt bildbibliotek.</string>
+				<key>th</key>
+				<string>__APPNAME__ à¸à¸³à¸¥à¸±à¸à¸à¸¢à¸²à¸¢à¸²à¸¡à¸à¹à¸­à¸¡à¹à¸à¸¡à¸à¸¥à¸±à¸à¸£à¸¹à¸à¸ à¸²à¸à¸à¸­à¸à¸à¸¸à¸</string>
+				<key>tr</key>
+				<string>__APPNAME__ fotoÄraf arÅivinizi onarmaya Ã§alÄ±ÅÄ±yor.</string>
+				<key>uk</key>
+				<string>__APPNAME__Â Ð½Ð°Ð¼Ð°Ð³Ð°ÑÑÑÑÑ Ð¿Ð¾Ð»Ð°Ð³Ð¾Ð´Ð¸ÑÐ¸ Ð²Ð°ÑÑ ÑÐ¾ÑÐ¾ÑÐµÐºÑ.</string>
+				<key>zh-Hans</key>
+				<string>__APPNAME__ æ­£å¨å°è¯ä¿®å¤æ¨çç§çå¾åºã</string>
+				<key>zh-Hant</key>
+				<string>__APPNAME__ æ­£å¨åè©¦ä¿®å¾©æ¨çç§çååº«ã</string>
+			</dict>
+			<key>group</key>
+			<string>admin</string>
+		</dict>
 		<key>com.apple.pcastagentconfigd.</key>
 		<dict>
 			<key>allow-root</key>
@@ -2121,6 +2330,139 @@
 			<key>shared</key>
 			<false/>
 		</dict>
+		<key>com.apple.security.assessment.update</key>
+		<dict>
+			<key>class</key>
+			<string>rule</string>
+			<key>default-button</key>
+			<dict>
+				<key>ar</key>
+				<string>ØªØ¹Ø¯ÙÙ Ø§ÙØ¥Ø¹Ø¯Ø§Ø¯Ø§Øª</string>
+				<key>ca</key>
+				<string>Modificar la configuraciÃ³</string>
+				<key>cs</key>
+				<string>ZmÄnit nastavenÃ­</string>
+				<key>da</key>
+				<string>Juster indstillinger</string>
+				<key>de</key>
+				<string>Einstellungen Ã¤ndern</string>
+				<key>el</key>
+				<string>Î¤ÏÎ¿ÏÎ¿ÏÎ¿Î¯Î·ÏÎ· ÏÏÎ¸Î¼Î¯ÏÎµÏÎ½</string>
+				<key>en</key>
+				<string>Modify Settings</string>
+				<key>es</key>
+				<string>Modificar ajustes</string>
+				<key>fi</key>
+				<string>Muokkaa asetuksia</string>
+				<key>fr</key>
+				<string>Modifer les rÃ©glages</string>
+				<key>he</key>
+				<string>×¢×¨××/× ××××¨××ª</string>
+				<key>hr</key>
+				<string>PreinaÄi postavke</string>
+				<key>hu</key>
+				<string>BeÃ¡llÃ­tÃ¡sok mÃ³dosÃ­tÃ¡sa</string>
+				<key>it</key>
+				<string>Modifica impostazioni</string>
+				<key>ja</key>
+				<string>è¨­å®ãå¤æ´</string>
+				<key>ko</key>
+				<string>ì¤ì  ìì </string>
+				<key>nb</key>
+				<string>Endre innstillinger</string>
+				<key>nl</key>
+				<string>Wijzig instellingen</string>
+				<key>pl</key>
+				<string>ZmieÅ ustawienia</string>
+				<key>pt</key>
+				<string>Modificar Ajustes</string>
+				<key>pt-PT</key>
+				<string>Modificar definiÃ§Ãµes</string>
+				<key>ro</key>
+				<string>SchimbÄ configurÄrile</string>
+				<key>ru</key>
+				<string>ÐÐ¾Ð´Ð¸ÑÐ¸ÑÐ¸ÑÐ¾Ð²Ð°ÑÑ Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÐ¸</string>
+				<key>sk</key>
+				<string>UpraviÅ¥ nastavenia</string>
+				<key>sv</key>
+				<string>Ãndra instÃ¤llningar</string>
+				<key>th</key>
+				<string>à¹à¸à¹à¹à¸à¸à¹à¸²à¸à¸´à¸à¸à¸±à¹à¸</string>
+				<key>tr</key>
+				<string>AyarlarÄ± DeÄiÅtir</string>
+				<key>uk</key>
+				<string>ÐÐ¼ÑÐ½Ð¸ÑÐ¸ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑÐ¸</string>
+				<key>zh-Hans</key>
+				<string>ä¿®æ¹è®¾ç½®</string>
+				<key>zh-Hant</key>
+				<string>ä¿®æ¹è¨­å®</string>
+			</dict>
+			<key>default-prompt</key>
+			<dict>
+				<key>ar</key>
+				<string>ÙØ­Ø§ÙÙ __APPNAME__ Ø§ÙØ³ÙØ§Ø­ ÙØ¹ÙØµØ± Ø¨Ø£Ù ÙÙÙÙ ÙÙØ¯ Ø§ÙØªØ´ØºÙÙ Ø¯Ø§Ø¦ÙÙØ§.</string>
+				<key>ca</key>
+				<string>__APPNAME__ estÃ  provant dâautoritzar un Ã­tem perquÃ¨ sâexecuti sempre.</string>
+				<key>cs</key>
+				<string>__APPNAME__ se pokouÅ¡Ã­ nÄjakÃ© poloÅ¾ce povolit, aby byla vÅ¾dy spuÅ¡tÄna.</string>
+				<key>da</key>
+				<string>__APPNAME__ prÃ¸ver at give et emne lov til at vÃ¦re aktivt hele tiden.</string>
+				<key>de</key>
+				<string>__APPNAME__ versucht, einem Objekt die AusfÃ¼hrung immer zu erlauben.</string>
+				<key>el</key>
+				<string>Î ÎµÏÎ±ÏÎ¼Î¿Î³Î® Â«__APPNAME__Â» ÏÏÎ¿ÏÏÎ±Î¸ÎµÎ¯ Î½Î± ÎµÏÎ¹ÏÏÎ­ÏÎµÎ¹ ÏÎµ Î­Î½Î± ÏÏÎ¿Î¹ÏÎµÎ¯Î¿ Î½Î± ÎµÎºÏÎµÎ»ÎµÎ¯ÏÎ±Î¹ ÏÎ¬Î½ÏÎ±.</string>
+				<key>en</key>
+				<string>__APPNAME__ is trying to allow an item to always run.</string>
+				<key>es</key>
+				<string>__APPNAME__ estÃ¡ intentando permitir que un Ã­tem se ejecute siempre.</string>
+				<key>fi</key>
+				<string>__APPNAME__ yrittÃ¤Ã¤ sallia, ettÃ¤ kohde on aina kÃ¤ytÃ¶ssÃ¤.</string>
+				<key>fr</key>
+				<string>__APPNAME__ essaye dâautoriser un Ã©lÃ©ment Ã  sâexÃ©cuter en continu.</string>
+				<key>he</key>
+				<string>__APPNAME__ ×× ×¡× ×××¤×©×¨ ××¤×¨×× ××¤×¢×× ××××¤× ×§×××¢.</string>
+				<key>hr</key>
+				<string>__APPNAME__ pokuÅ¡ava dozvoliti stavci da uvijek bude pokrenuta.</string>
+				<key>hu</key>
+				<string>A(z) __APPNAME__ megprÃ³bÃ¡l beÃ¡llÃ­tani egy elemet, hogy az mindig fusson.</string>
+				<key>it</key>
+				<string>__APPNAME__ tenta di consentire che un elemento venga sempre eseguito.</string>
+				<key>ja</key>
+				<string>__APPNAME__ ã¯ãé ç®ãå¸¸æåä½ãããã¨ãè¨±å¯ãããã¨ãã¦ãã¾ãã</string>
+				<key>ko</key>
+				<string>__APPNAME__ì´(ê°) í­ëª©ì´ í­ì ì¤íëë ê²ì íì©íë ¤ê³  í©ëë¤.</string>
+				<key>nb</key>
+				<string>__APPNAME__ prÃ¸ver Ã¥ tillate at et program alltid kjÃ¸rer.</string>
+				<key>nl</key>
+				<string>__APPNAME__ probeert een onderdeel toe te staan dat het altijd wordt uitgevoerd.</string>
+				<key>pl</key>
+				<string>__APPNAME__ prÃ³buje zezwoliÄ, aby rzecz byÅa zawsze uruchamiana.</string>
+				<key>pt</key>
+				<string>O __APPNAME__ estÃ¡ tentando autorizar um item a ser executado permanentemente.</string>
+				<key>pt-PT</key>
+				<string>O __APPNAME__ estÃ¡ a tentar dar autorizaÃ§Ã£o a um elemento para permanecer constantemente aberto.</string>
+				<key>ro</key>
+				<string>__APPNAME__ Ã®ncearcÄ sÄ-i permitÄ unui articol sÄ ruleze Ã®ntotdeauna.</string>
+				<key>ru</key>
+				<string>ÐÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð° Â«__APPNAME__Â» Ð¿ÑÑÐ°ÐµÑÑÑ ÑÐ°Ð·ÑÐµÑÐ¸ÑÑ Ð¾Ð±ÑÐµÐºÑÑ Ð¿Ð¾ÑÑÐ¾ÑÐ½Ð½Ð¾ Ð²ÑÐ¿Ð¾Ð»Ð½ÑÑÑ ÑÐ°Ð±Ð¾ÑÑ.</string>
+				<key>sk</key>
+				<string>AplikÃ¡cia __APPNAME__ sa pokÃºÅ¡a povoliÅ¥ spÃºÅ¡Å¥anie poloÅ¾ky. </string>
+				<key>sv</key>
+				<string>__APPNAME__ fÃ¶rsÃ¶ker tillÃ¥ta ett objekt att alltid kÃ¶ras.</string>
+				<key>th</key>
+				<string>__APPNAME__à¸à¸³à¸¥à¸±à¸à¸à¸¢à¸²à¸¢à¸²à¸¡à¸­à¸à¸¸à¸à¸²à¸à¸£à¸²à¸¢à¸à¸²à¸£à¹à¸«à¹à¸à¸³à¸à¸²à¸à¹à¸ªà¸¡à¸­</string>
+				<key>tr</key>
+				<string>__APPNAME__, bir Ã¶Äenin her zaman Ã§alÄ±ÅmasÄ±na izin vermeye Ã§alÄ±ÅÄ±yor.</string>
+				<key>uk</key>
+				<string>__APPNAME__ Ð½Ð°Ð¼Ð°Ð³Ð°ÑÑÑÑÑ Ð´Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÐ¸ ÐµÐ»ÐµÐ¼ÐµÐ½ÑÑ Ð·Ð°Ð²Ð¶Ð´Ð¸ Ð·Ð°Ð¿ÑÑÐºÐ°ÑÐ¸ÑÑ.</string>
+				<key>zh-Hans</key>
+				<string>â__APPNAME__âæ­£å¨å°è¯åè®¸ä¸ä¸ªé¡¹ç®å§ç»è¿è¡ã</string>
+				<key>zh-Hant</key>
+				<string>â__APPNAME__âæ­£å¨åè©¦åè¨±æåé ç®æçºå·è¡ã</string>
+			</dict>
+			<key>rule</key>
+			<string>root-or-entitled-admin-or-authenticate-admin</string>
+		</dict>
 		<key>com.apple.server.admin.streaming</key>
 		<dict>
 			<key>allow-root</key>
@@ -4267,7 +4609,7 @@
 				<key>fr</key>
 				<string>__APPNAME__ essaye dâinstaller un nouveau logiciel.</string>
 				<key>he</key>
-				<string>×´ __APPNAME__×´ ×××§×© ×××ª×§×× ×ª××× ××ª ×××©××ª.</string>
+				<string>×´__APPNAME__×´ ×××§×© ×××ª×§×× ×ª××× ××ª ×××©××ª.</string>
 				<key>hr</key>
 				<string>__APPNAME__ pokuÅ¡ava instalirati novi softver.</string>
 				<key>hu</key>
@@ -7635,5 +7977,20 @@
 			<true/>
 		</dict>
 	</dict>
+	<key>rules</key>
+	<dict>
+		<key>root-or-entitled-admin-or-authenticate-admin</key>
+		<dict>
+			<key>class</key>
+			<string>rule</string>
+			<key>k-of-n</key>
+			<integer>1</integer>
+			<key>rule</key>
+			<array>
+				<string>is-root</string>
+				<string>entitled-admin-or-authenticate-admin</string>
+			</array>
+		</dict>
+	</dict>
 </dict>
 </plist>
diff --git a/etc/authorization.plist b/etc/authorization.plist
index 2343d22..545dd1b 100644
--- a/etc/authorization.plist
+++ b/etc/authorization.plist
@@ -616,6 +616,82 @@ See remaining rules for examples.
 			<key>timeout</key>
 			<integer>60</integer>
 		</dict>
+		<key>com.apple.Safari.show-passwords</key>
+		<dict>
+			<key>class</key>
+			<string>user</string>
+			<key>comment</key>
+			<string>This right is used by Safari to show passwords </string>
+			<key>default-prompt</key>
+			<dict>
+				<key>ar</key>
+				<string>ÙØ­Ø§ÙÙ __APPNAME__ Ø¥Ø¸ÙØ§Ø± ÙÙÙØ§Øª Ø§ÙØ³Ø±.</string>
+				<key>ca</key>
+				<string>__APPNAME__ estÃ  intentant mostrar les contrasenyes.</string>
+				<key>cs</key>
+				<string>__APPNAME__ se pokouÅ¡Ã­ zobrazit hesla.</string>
+				<key>da</key>
+				<string>__APPNAME__ prÃ¸ver at vise adgangskoder.</string>
+				<key>de</key>
+				<string>__APPNAME__ versucht, KennwÃ¶rter einzublenden.</string>
+				<key>el</key>
+				<string>Î ÎµÏÎ±ÏÎ¼Î¿Î³Î® Â«__APPNAME__Â» ÏÏÎ¿ÏÏÎ±Î¸ÎµÎ¯ Î½Î± ÎµÎ¼ÏÎ±Î½Î¯ÏÎµÎ¹ ÏÏÎ½Î¸Î·Î¼Î±ÏÎ¹ÎºÎ¬.</string>
+				<key>en</key>
+				<string>__APPNAME__ is trying to show passwords.</string>
+				<key>es</key>
+				<string>__APPNAME__ estÃ¡ intentando mostrar las contraseÃ±as.</string>
+				<key>fi</key>
+				<string>__APPNAME__ yrittÃ¤Ã¤ nÃ¤yttÃ¤Ã¤ salasanat.</string>
+				<key>fr</key>
+				<string>__APPNAME__Â essaye dâafficher les mots de passe.</string>
+				<key>he</key>
+				<string>__APPNAME__ ×× ×¡× ×××¦×× ×¡××¡××××ª.</string>
+				<key>hr</key>
+				<string>__APPNAME__ pokuÅ¡ava prikazati lozinke.</string>
+				<key>hu</key>
+				<string>A(z) __APPNAME__ megprÃ³bÃ¡lja megjelenÃ­teni a jelszavakat.</string>
+				<key>it</key>
+				<string>__APPNAME__ tenta di mostrare le password.</string>
+				<key>ja</key>
+				<string>__APPNAME__ ã¯ããã¹ã¯ã¼ããè¡¨ç¤ºãããã¨ãã¦ãã¾ãã</string>
+				<key>ko</key>
+				<string>__APPNAME__ì´(ê°) ìí¸ë¥¼ ë³´ë ¤ê³  í©ëë¤.</string>
+				<key>nb</key>
+				<string>__APPNAME__ prÃ¸ver Ã¥ vise passord.</string>
+				<key>nl</key>
+				<string>__APPNAME__ probeert wachtwoorden te tonen.</string>
+				<key>pl</key>
+				<string>__APPNAME__ prÃ³buje pokazaÄ hasÅa.</string>
+				<key>pt</key>
+				<string>__APPNAME__ estÃ¡ tentando mostrar senhas.</string>
+				<key>pt-PT</key>
+				<string>O __APPNAME__ estÃ¡ a tentar mostrar palavrasâpasse.</string>
+				<key>ro</key>
+				<string>__APPNAME__ Ã®ncearcÄ sÄ afiÈeze parole.</string>
+				<key>ru</key>
+				<string>ÐÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð° Â«__APPNAME__Â» Ð¿ÑÑÐ°ÐµÑÑÑ Ð¿Ð¾ÐºÐ°Ð·Ð°ÑÑ Ð¿Ð°ÑÐ¾Ð»Ð¸.</string>
+				<key>sk</key>
+				<string>AplikÃ¡cia __APPNAME__ sa pokÃºÅ¡a zobraziÅ¥ heslÃ¡.</string>
+				<key>sv</key>
+				<string>__APPNAME__ fÃ¶rsÃ¶ker visa lÃ¶senord.</string>
+				<key>th</key>
+				<string>__APPNAME__ à¸à¸³à¸¥à¸±à¸à¸à¸¢à¸²à¸¢à¸²à¸¡à¹à¸ªà¸à¸à¸£à¸«à¸±à¸ªà¸à¹à¸²à¸</string>
+				<key>tr</key>
+				<string>__APPNAME__ parolalarÄ± gÃ¶stermeye Ã§alÄ±ÅÄ±yor.</string>
+				<key>uk</key>
+				<string>__APPNAME__ Ð½Ð°Ð¼Ð°Ð³Ð°ÑÑÑÑÑ Ð¿Ð¾ÐºÐ°Ð·Ð°ÑÐ¸ Ð¿Ð°ÑÐ¾Ð»Ñ.</string>
+				<key>zh-Hans</key>
+				<string>â__APPNAME__âÂ æ­£å¨å°è¯æ¾ç¤ºå¯ç ã</string>
+				<key>zh-Hant</key>
+				<string>â__APPNAME__â æ­£å¨åè©¦é¡¯ç¤ºå¯ç¢¼ã</string>
+			</dict>
+			<key>session-owner</key>
+			<true/>
+			<key>shared</key>
+			<false/>
+			<key>timeout</key>
+			<integer>10</integer>
+		</dict>
 		<key>com.apple.ServiceManagement.blesshelper</key>
 		<dict>
 			<key>class</key>
@@ -2121,6 +2197,139 @@ See remaining rules for examples.
 			<key>shared</key>
 			<false/>
 		</dict>
+		<key>com.apple.library-repair</key>
+		<dict>
+			<key>class</key>
+			<string>user</string>
+			<key>default-button</key>
+			<dict>
+				<key>ar</key>
+				<string>ØªØµÙÙØ­</string>
+				<key>ca</key>
+				<string>Reparar</string>
+				<key>cs</key>
+				<string>Opravit</string>
+				<key>da</key>
+				<string>Reparer</string>
+				<key>de</key>
+				<string>Reparieren</string>
+				<key>el</key>
+				<string>ÎÏÎ¹ÏÎºÎµÏÎ®</string>
+				<key>en</key>
+				<string>Repair</string>
+				<key>es</key>
+				<string>Reparar</string>
+				<key>fi</key>
+				<string>Korjaa</string>
+				<key>fr</key>
+				<string>RÃ©parer</string>
+				<key>he</key>
+				<string>×ª×§×</string>
+				<key>hr</key>
+				<string>Popravi</string>
+				<key>hu</key>
+				<string>JavÃ­tÃ¡s</string>
+				<key>it</key>
+				<string>Ripara</string>
+				<key>ja</key>
+				<string>ä¿®å¾©</string>
+				<key>ko</key>
+				<string>ë³µêµ¬</string>
+				<key>nb</key>
+				<string>Reparer</string>
+				<key>nl</key>
+				<string>Herstel</string>
+				<key>pl</key>
+				<string>Napraw</string>
+				<key>pt</key>
+				<string>Reparar</string>
+				<key>pt-PT</key>
+				<string>Reparar</string>
+				<key>ro</key>
+				<string>ReparÄ</string>
+				<key>ru</key>
+				<string>ÐÑÐ¿ÑÐ°Ð²Ð¸ÑÑ</string>
+				<key>sk</key>
+				<string>OpraviÅ¥</string>
+				<key>sv</key>
+				<string>Reparera</string>
+				<key>th</key>
+				<string>à¸à¹à¸­à¸¡à¹à¸à¸¡</string>
+				<key>tr</key>
+				<string>Onar</string>
+				<key>uk</key>
+				<string>ÐÐ¾Ð»Ð°Ð³Ð¾Ð´Ð¸ÑÐ¸</string>
+				<key>zh-Hans</key>
+				<string>ä¿®å¤</string>
+				<key>zh-Hant</key>
+				<string>ä¿®å¾©</string>
+			</dict>
+			<key>default-prompt</key>
+			<dict>
+				<key>ar</key>
+				<string>ÙØ­Ø§ÙÙ __APPNAME__ ØªØµÙÙØ­ ÙÙØªØ¨Ø© Ø§ÙØµÙØ± Ø§ÙØ®Ø§ØµØ© Ø¨Ù.</string>
+				<key>ca</key>
+				<string>__APPNAME__ estÃ  provant de reparar la vostra fototeca.</string>
+				<key>cs</key>
+				<string>__APPNAME__ se pokouÅ¡Ã­ opravit vaÅ¡i knihovnu fotografiÃ­.</string>
+				<key>da</key>
+				<string>__APPNAME__ prÃ¸ver at reparere dit fotobibliotek.</string>
+				<key>de</key>
+				<string>__APPNAME__ versucht, Ihre Fotomediathek zu reparieren.</string>
+				<key>el</key>
+				<string>Î ÎµÏÎ±ÏÎ¼Î¿Î³Î® __APPNAME__ ÏÏÎ¿ÏÏÎ±Î¸ÎµÎ¯ Î½Î± ÎµÏÎ¹ÏÎºÎµÏÎ¬ÏÎµÎ¹ ÏÎ· Î²Î¹Î²Î»Î¹Î¿Î¸Î®ÎºÎ· ÏÏÏÎ¿Î³ÏÎ±ÏÎ¹ÏÎ½ ÏÎ±Ï.</string>
+				<key>en</key>
+				<string>__APPNAME__ is trying to repair your photo library.</string>
+				<key>es</key>
+				<string>__APPNAME__ estÃ¡ intentando reparar su fototeca.</string>
+				<key>fi</key>
+				<string>__APPNAME__ yrittÃ¤Ã¤ korjata kuvakirjastoasi.</string>
+				<key>fr</key>
+				<string>__APPNAME__ essaie de rÃ©parer votre bibliothÃ¨que de photos.</string>
+				<key>he</key>
+				<string>__APPNAME__ ×× ×¡× ××ª×§× ××ª ×¡×¤×¨×××ª ××ª××× ××ª ×©××.</string>
+				<key>hr</key>
+				<string>__APPNAME__ pokuÅ¡ava popraviti vaÅ¡u medijateku fotografija.</string>
+				<key>hu</key>
+				<string>A(z) __APPNAME__ megprÃ³bÃ¡lja kijavÃ­tani a fotÃ³kÃ¶nyvtÃ¡rat.</string>
+				<key>it</key>
+				<string>__APPNAME__ tenta di riparare la libreria foto.</string>
+				<key>ja</key>
+				<string>__APPNAME__ ã¯ããã©ãã©ã¤ãã©ãªãä¿®å¾©ãããã¨ãã¦ãã¾ãã</string>
+				<key>ko</key>
+				<string>__APPNAME__ì´(ê°) ì¬ì©ìì ì¬ì§ ë³´ê´í¨ì ë³µêµ¬íë ¤ê³  í©ëë¤.</string>
+				<key>nb</key>
+				<string>_APPNAME_ forsÃ¸ker Ã¥ reparere bildebiblioteket.</string>
+				<key>nl</key>
+				<string>__APPNAME__ probeert uw fotobibliotheek te herstellen.</string>
+				<key>pl</key>
+				<string>__APPNAME__ prÃ³buje naprawiÄ TwojÄ bibliotekÄ zdjÄÄ.</string>
+				<key>pt</key>
+				<string>__APPNAME__ estÃ¡ tentando reparar a sua fototeca.</string>
+				<key>pt-PT</key>
+				<string>__APPNAME__ estÃ¡ a tentar reparar a sua fototeca.</string>
+				<key>ro</key>
+				<string>__APPNAME__ Ã®ncearcÄ sÄ repare biblioteca dvs. foto.</string>
+				<key>ru</key>
+				<string>ÐÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð° Â«__APPNAME__Â» Ð¿ÑÑÐ°ÐµÑÑÑ Ð¸ÑÐ¿ÑÐ°Ð²Ð¸ÑÑ ÐÐ°ÑÑ Ð¼ÐµÐ´Ð¸Ð°ÑÐµÐºÑ.</string>
+				<key>sk</key>
+				<string>AplikÃ¡cia __APPNAME__ sa pokÃºÅ¡a opraviÅ¥ vaÅ¡u kniÅ¾nicu fotografiÃ­.</string>
+				<key>sv</key>
+				<string>__APPNAME__ fÃ¶rsÃ¶ker reparera ditt bildbibliotek.</string>
+				<key>th</key>
+				<string>__APPNAME__ à¸à¸³à¸¥à¸±à¸à¸à¸¢à¸²à¸¢à¸²à¸¡à¸à¹à¸­à¸¡à¹à¸à¸¡à¸à¸¥à¸±à¸à¸£à¸¹à¸à¸ à¸²à¸à¸à¸­à¸à¸à¸¸à¸</string>
+				<key>tr</key>
+				<string>__APPNAME__ fotoÄraf arÅivinizi onarmaya Ã§alÄ±ÅÄ±yor.</string>
+				<key>uk</key>
+				<string>__APPNAME__Â Ð½Ð°Ð¼Ð°Ð³Ð°ÑÑÑÑÑ Ð¿Ð¾Ð»Ð°Ð³Ð¾Ð´Ð¸ÑÐ¸ Ð²Ð°ÑÑ ÑÐ¾ÑÐ¾ÑÐµÐºÑ.</string>
+				<key>zh-Hans</key>
+				<string>__APPNAME__ æ­£å¨å°è¯ä¿®å¤æ¨çç§çå¾åºã</string>
+				<key>zh-Hant</key>
+				<string>__APPNAME__ æ­£å¨åè©¦ä¿®å¾©æ¨çç§çååº«ã</string>
+			</dict>
+			<key>group</key>
+			<string>admin</string>
+		</dict>
 		<key>com.apple.pcastagentconfigd.</key>
 		<dict>
 			<key>allow-root</key>
@@ -2260,6 +2469,139 @@ See remaining rules for examples.
 			<key>shared</key>
 			<false/>
 		</dict>
+		<key>com.apple.security.assessment.update</key>
+		<dict>
+			<key>class</key>
+			<string>rule</string>
+			<key>default-button</key>
+			<dict>
+				<key>ar</key>
+				<string>ØªØ¹Ø¯ÙÙ Ø§ÙØ¥Ø¹Ø¯Ø§Ø¯Ø§Øª</string>
+				<key>ca</key>
+				<string>Modificar la configuraciÃ³</string>
+				<key>cs</key>
+				<string>ZmÄnit nastavenÃ­</string>
+				<key>da</key>
+				<string>Juster indstillinger</string>
+				<key>de</key>
+				<string>Einstellungen Ã¤ndern</string>
+				<key>el</key>
+				<string>Î¤ÏÎ¿ÏÎ¿ÏÎ¿Î¯Î·ÏÎ· ÏÏÎ¸Î¼Î¯ÏÎµÏÎ½</string>
+				<key>en</key>
+				<string>Modify Settings</string>
+				<key>es</key>
+				<string>Modificar ajustes</string>
+				<key>fi</key>
+				<string>Muokkaa asetuksia</string>
+				<key>fr</key>
+				<string>Modifer les rÃ©glages</string>
+				<key>he</key>
+				<string>×¢×¨××/× ××××¨××ª</string>
+				<key>hr</key>
+				<string>PreinaÄi postavke</string>
+				<key>hu</key>
+				<string>BeÃ¡llÃ­tÃ¡sok mÃ³dosÃ­tÃ¡sa</string>
+				<key>it</key>
+				<string>Modifica impostazioni</string>
+				<key>ja</key>
+				<string>è¨­å®ãå¤æ´</string>
+				<key>ko</key>
+				<string>ì¤ì  ìì </string>
+				<key>nb</key>
+				<string>Endre innstillinger</string>
+				<key>nl</key>
+				<string>Wijzig instellingen</string>
+				<key>pl</key>
+				<string>ZmieÅ ustawienia</string>
+				<key>pt</key>
+				<string>Modificar Ajustes</string>
+				<key>pt-PT</key>
+				<string>Modificar definiÃ§Ãµes</string>
+				<key>ro</key>
+				<string>SchimbÄ configurÄrile</string>
+				<key>ru</key>
+				<string>ÐÐ¾Ð´Ð¸ÑÐ¸ÑÐ¸ÑÐ¾Ð²Ð°ÑÑ Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÐ¸</string>
+				<key>sk</key>
+				<string>UpraviÅ¥ nastavenia</string>
+				<key>sv</key>
+				<string>Ãndra instÃ¤llningar</string>
+				<key>th</key>
+				<string>à¹à¸à¹à¹à¸à¸à¹à¸²à¸à¸´à¸à¸à¸±à¹à¸</string>
+				<key>tr</key>
+				<string>AyarlarÄ± DeÄiÅtir</string>
+				<key>uk</key>
+				<string>ÐÐ¼ÑÐ½Ð¸ÑÐ¸ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑÐ¸</string>
+				<key>zh-Hans</key>
+				<string>ä¿®æ¹è®¾ç½®</string>
+				<key>zh-Hant</key>
+				<string>ä¿®æ¹è¨­å®</string>
+			</dict>
+			<key>default-prompt</key>
+			<dict>
+				<key>ar</key>
+				<string>ÙØ­Ø§ÙÙ __APPNAME__ Ø§ÙØ³ÙØ§Ø­ ÙØ¹ÙØµØ± Ø¨Ø£Ù ÙÙÙÙ ÙÙØ¯ Ø§ÙØªØ´ØºÙÙ Ø¯Ø§Ø¦ÙÙØ§.</string>
+				<key>ca</key>
+				<string>__APPNAME__ estÃ  provant dâautoritzar un Ã­tem perquÃ¨ sâexecuti sempre.</string>
+				<key>cs</key>
+				<string>__APPNAME__ se pokouÅ¡Ã­ nÄjakÃ© poloÅ¾ce povolit, aby byla vÅ¾dy spuÅ¡tÄna.</string>
+				<key>da</key>
+				<string>__APPNAME__ prÃ¸ver at give et emne lov til at vÃ¦re aktivt hele tiden.</string>
+				<key>de</key>
+				<string>__APPNAME__ versucht, einem Objekt die AusfÃ¼hrung immer zu erlauben.</string>
+				<key>el</key>
+				<string>Î ÎµÏÎ±ÏÎ¼Î¿Î³Î® Â«__APPNAME__Â» ÏÏÎ¿ÏÏÎ±Î¸ÎµÎ¯ Î½Î± ÎµÏÎ¹ÏÏÎ­ÏÎµÎ¹ ÏÎµ Î­Î½Î± ÏÏÎ¿Î¹ÏÎµÎ¯Î¿ Î½Î± ÎµÎºÏÎµÎ»ÎµÎ¯ÏÎ±Î¹ ÏÎ¬Î½ÏÎ±.</string>
+				<key>en</key>
+				<string>__APPNAME__ is trying to allow an item to always run.</string>
+				<key>es</key>
+				<string>__APPNAME__ estÃ¡ intentando permitir que un Ã­tem se ejecute siempre.</string>
+				<key>fi</key>
+				<string>__APPNAME__ yrittÃ¤Ã¤ sallia, ettÃ¤ kohde on aina kÃ¤ytÃ¶ssÃ¤.</string>
+				<key>fr</key>
+				<string>__APPNAME__ essaye dâautoriser un Ã©lÃ©ment Ã  sâexÃ©cuter en continu.</string>
+				<key>he</key>
+				<string>__APPNAME__ ×× ×¡× ×××¤×©×¨ ××¤×¨×× ××¤×¢×× ××××¤× ×§×××¢.</string>
+				<key>hr</key>
+				<string>__APPNAME__ pokuÅ¡ava dozvoliti stavci da uvijek bude pokrenuta.</string>
+				<key>hu</key>
+				<string>A(z) __APPNAME__ megprÃ³bÃ¡l beÃ¡llÃ­tani egy elemet, hogy az mindig fusson.</string>
+				<key>it</key>
+				<string>__APPNAME__ tenta di consentire che un elemento venga sempre eseguito.</string>
+				<key>ja</key>
+				<string>__APPNAME__ ã¯ãé ç®ãå¸¸æåä½ãããã¨ãè¨±å¯ãããã¨ãã¦ãã¾ãã</string>
+				<key>ko</key>
+				<string>__APPNAME__ì´(ê°) í­ëª©ì´ í­ì ì¤íëë ê²ì íì©íë ¤ê³  í©ëë¤.</string>
+				<key>nb</key>
+				<string>__APPNAME__ prÃ¸ver Ã¥ tillate at et program alltid kjÃ¸rer.</string>
+				<key>nl</key>
+				<string>__APPNAME__ probeert een onderdeel toe te staan dat het altijd wordt uitgevoerd.</string>
+				<key>pl</key>
+				<string>__APPNAME__ prÃ³buje zezwoliÄ, aby rzecz byÅa zawsze uruchamiana.</string>
+				<key>pt-PT</key>
+				<string>O __APPNAME__ estÃ¡ a tentar dar autorizaÃ§Ã£o a um elemento para permanecer constantemente aberto.</string>
+				<key>pt</key>
+				<string>O __APPNAME__ estÃ¡ tentando autorizar um item a ser executado permanentemente.</string>
+				<key>ro</key>
+				<string>__APPNAME__ Ã®ncearcÄ sÄ-i permitÄ unui articol sÄ ruleze Ã®ntotdeauna.</string>
+				<key>ru</key>
+				<string>ÐÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð° Â«__APPNAME__Â» Ð¿ÑÑÐ°ÐµÑÑÑ ÑÐ°Ð·ÑÐµÑÐ¸ÑÑ Ð¾Ð±ÑÐµÐºÑÑ Ð¿Ð¾ÑÑÐ¾ÑÐ½Ð½Ð¾ Ð²ÑÐ¿Ð¾Ð»Ð½ÑÑÑ ÑÐ°Ð±Ð¾ÑÑ.</string>
+				<key>sk</key>
+				<string>AplikÃ¡cia __APPNAME__ sa pokÃºÅ¡a povoliÅ¥ spÃºÅ¡Å¥anie poloÅ¾ky. </string>
+				<key>sv</key>
+				<string>__APPNAME__ fÃ¶rsÃ¶ker tillÃ¥ta ett objekt att alltid kÃ¶ras.</string>
+				<key>th</key>
+				<string>__APPNAME__à¸à¸³à¸¥à¸±à¸à¸à¸¢à¸²à¸¢à¸²à¸¡à¸­à¸à¸¸à¸à¸²à¸à¸£à¸²à¸¢à¸à¸²à¸£à¹à¸«à¹à¸à¸³à¸à¸²à¸à¹à¸ªà¸¡à¸­</string>
+				<key>tr</key>
+				<string>__APPNAME__, bir Ã¶Äenin her zaman Ã§alÄ±ÅmasÄ±na izin vermeye Ã§alÄ±ÅÄ±yor.</string>
+				<key>uk</key>
+				<string>__APPNAME__ Ð½Ð°Ð¼Ð°Ð³Ð°ÑÑÑÑÑ Ð´Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÐ¸ ÐµÐ»ÐµÐ¼ÐµÐ½ÑÑ Ð·Ð°Ð²Ð¶Ð´Ð¸ Ð·Ð°Ð¿ÑÑÐºÐ°ÑÐ¸ÑÑ.</string>
+				<key>zh-Hans</key>
+				<string>â__APPNAME__âæ­£å¨å°è¯åè®¸ä¸ä¸ªé¡¹ç®å§ç»è¿è¡ã</string>
+				<key>zh-Hant</key>
+				<string>â__APPNAME__âæ­£å¨åè©¦åè¨±æåé ç®æçºå·è¡ã</string>
+			</dict>
+			<key>rule</key>
+			<string>root-or-entitled-admin-or-authenticate-admin</string>
+		</dict>
 		<key>com.apple.server.admin.streaming</key>
 		<dict>
 			<key>allow-root</key>
@@ -4472,7 +4814,7 @@ See remaining rules for examples.
 				<key>fr</key>
 				<string>__APPNAME__ essaye dâinstaller un nouveau logiciel.</string>
 				<key>he</key>
-				<string>×´ __APPNAME__×´ ×××§×© ×××ª×§×× ×ª××× ××ª ×××©××ª.</string>
+				<string>×´__APPNAME__×´ ×××§×© ×××ª×§×× ×ª××× ××ª ×××©××ª.</string>
 				<key>hr</key>
 				<string>__APPNAME__ pokuÅ¡ava instalirati novi softver.</string>
 				<key>hu</key>
diff --git a/securityd.xcodeproj/project.pbxproj b/securityd.xcodeproj/project.pbxproj
index 0f25621..0615462 100644
--- a/securityd.xcodeproj/project.pbxproj
+++ b/securityd.xcodeproj/project.pbxproj
@@ -991,7 +991,7 @@
 				BUILD_VARIANTS = debug;
 				COPY_PHASE_STRIP = NO;
 				CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
-				CURRENT_PROJECT_VERSION = 55111;
+				CURRENT_PROJECT_VERSION = 55126.2;
 				FRAMEWORK_SEARCH_PATHS = (
 					/usr/local/SecurityPieces/Frameworks,
 					/usr/local/SecurityPieces/Components/securityd,
@@ -1044,7 +1044,7 @@
 				);
 				COPY_PHASE_STRIP = "(null)";
 				CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
-				CURRENT_PROJECT_VERSION = 55111;
+				CURRENT_PROJECT_VERSION = 55126.2;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				FRAMEWORK_SEARCH_PATHS = (
 					/usr/local/SecurityPieces/Frameworks,
@@ -1095,7 +1095,7 @@
 				BUILD_VARIANTS = normal;
 				COPY_PHASE_STRIP = NO;
 				CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
-				CURRENT_PROJECT_VERSION = 55111;
+				CURRENT_PROJECT_VERSION = 55126.2;
 				FRAMEWORK_SEARCH_PATHS = (
 					/usr/local/SecurityPieces/Frameworks,
 					/usr/local/SecurityPieces/Components/securityd,
@@ -1148,7 +1148,7 @@
 				);
 				COPY_PHASE_STRIP = "(null)";
 				CSSM_HEADERS = "";
-				CURRENT_PROJECT_VERSION = 55111;
+				CURRENT_PROJECT_VERSION = 55126.2;
 				FRAMEWORK_SEARCH_PATHS = (
 					/usr/local/SecurityPieces/Frameworks,
 					/usr/local/SecurityPieces/Components/securityd,
diff --git a/src/AuthorizationEngine.cpp b/src/AuthorizationEngine.cpp
index c65ce84..01560b0 100644
--- a/src/AuthorizationEngine.cpp
+++ b/src/AuthorizationEngine.cpp
@@ -222,6 +222,17 @@ Engine::authorize(const AuthItemSet &inRights, const AuthItemSet &environment,
             break;
 		}
 	}
+    
+    // purge all uid credentials from the outCredentials for least privileged mode
+    if (auth.operatesAsLeastPrivileged()) {
+        CredentialSet::const_iterator current, it = outCredentials->begin();
+        while(it != outCredentials->end()) {
+            current = it++;
+            if (!(*current)->isRight()) {
+                outCredentials->erase(current);
+            } 
+        }
+    }
 
 	if (outCredentials)
 		outCredentials->swap(credentials);
diff --git a/src/AuthorizationRule.cpp b/src/AuthorizationRule.cpp
index c560076..451618f 100644
--- a/src/AuthorizationRule.cpp
+++ b/src/AuthorizationRule.cpp
@@ -459,8 +459,8 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
 
 	Credential hintCredential;
 	if (errAuthorizationSuccess == evaluateSessionOwner(inRight, inRule, environmentToClient, now, auth, hintCredential, reason)) {
-		if (hintCredential->username().length())
-			environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER, AuthValueOverlay(hintCredential->username())));
+		if (hintCredential->name().length())
+			environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER, AuthValueOverlay(hintCredential->name())));
 		if (hintCredential->realname().length())
 			environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER_LONG, AuthValueOverlay(hintCredential->realname())));
 	}
@@ -548,12 +548,12 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
 
                     // @@@ we log the uid a process was running under when it created the authref, which is misleading in the case of loginwindow
                     if (newCredential->isValid()) {
-                        Syslog::info("UID %u authenticated as user %s (UID %u) for right '%s'", auth.creatorUid(), newCredential->username().c_str(), newCredential->uid(), rightName);
-                        rightAuthLogger.logSuccess(auth.creatorUid(), newCredential->uid(), newCredential->username().c_str());
+                        Syslog::info("UID %u authenticated as user %s (UID %u) for right '%s'", auth.creatorUid(), newCredential->name().c_str(), newCredential->uid(), rightName);
+                        rightAuthLogger.logSuccess(auth.creatorUid(), newCredential->uid(), newCredential->name().c_str());
                     } else {
                         // we can't be sure that the user actually exists so inhibit logging of uid
-                        Syslog::error("UID %u failed to authenticate as user '%s' for right '%s'", auth.creatorUid(), newCredential->username().c_str(), rightName);
-                        rightAuthLogger.logFailure(auth.creatorUid(), newCredential->username().c_str());
+                        Syslog::error("UID %u failed to authenticate as user '%s' for right '%s'", auth.creatorUid(), newCredential->name().c_str(), rightName);
+                        rightAuthLogger.logFailure(auth.creatorUid(), newCredential->name().c_str());
                     }
                     
                     if (!newCredential->isValid())
@@ -568,22 +568,22 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
                     if (status == errAuthorizationSuccess)
                     {
                         if (auth.operatesAsLeastPrivileged()) {
-                            Credential rightCredential(rightName, newCredential->uid(), mShared);
+                            Credential rightCredential(rightName, mShared);
                             credentials.erase(rightCredential); credentials.insert(rightCredential);
                             if (mShared)
-                                credentials.insert(Credential(rightName, newCredential->uid(), false));
-                        } else {
-                            // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
-                            credentials.erase(newCredential); credentials.insert(newCredential);
-                           // just got a new credential - if it's shared also add a non-shared one that to stick in the authorizationref local cache
-                           if (mShared)
-                               credentials.insert(Credential(newCredential->uid(), newCredential->username(), newCredential->realname(), newCredential->groupname(), false));
-                        }
+                                credentials.insert(Credential(rightName, false));
+                        } 
+
+                        // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
+                        credentials.erase(newCredential); credentials.insert(newCredential);
+                        // just got a new credential - if it's shared also add a non-shared one that to stick in the authorizationref local cache
+                        if (mShared)
+                            credentials.insert(Credential(newCredential->uid(), newCredential->name(), newCredential->realname(), false));
                         
                         // use valid credential to set context info
                         // XXX/cs keeping this for now, such that the uid is passed back
                         auth.setCredentialInfo(newCredential, savePassword);
-                        secdebug("SSevalMech", "added valid credential for user %s", newCredential->username().c_str());
+                        secdebug("SSevalMech", "added valid credential for user %s", newCredential->name().c_str());
 						// set the sessionHasAuthenticated
 						if (newCredential->uid() == auth.session().originatorUid()) {
 							secdebug("AuthEvalMech", "We authenticated as the session owner.\n");
@@ -656,7 +656,7 @@ RuleImpl::makeCredentials(const AuthorizationToken &auth) const
 		if (username.length() && uid)
 		{
 			// credential is valid because mechanism says so
-			newCredentials.insert(Credential(*uid, username, "", "", mShared));
+			newCredentials.insert(Credential(*uid, username, "", mShared));
 		}
 	} while(0);
 
@@ -682,7 +682,7 @@ RuleImpl::evaluateSessionOwner(const AuthItemRef &inRight, const Rule &inRule, c
 			// Check if username will authorize the request and set username to
 			// be used as a hint to the user if so
 			secdebug("AuthEvalMech", "preflight credential from current user, result follows:");
-			sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, "", mShared/*ignored*/);
+			sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, mShared/*ignored*/);
 		} //fi
 		endpwent();
 	}
@@ -698,13 +698,21 @@ OSStatus
 RuleImpl::evaluateCredentialForRight(const AuthorizationToken &auth, const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, CFAbsoluteTime now, const Credential &credential, bool ignoreShared, SecurityAgent::Reason &reason) const
 {
 	if (auth.operatesAsLeastPrivileged()) {
-		if (credential->isRight() && credential->isValid() && (inRight->name() == credential->rightname()))
-			return errAuthorizationSuccess;
-		else
+        if (credential->isRight() && credential->isValid() && (inRight->name() == credential->name())) 
         {
+            if (!ignoreShared && !mShared && credential->isShared())
+            {
+                // @@@  no proper SA::Reason
+                reason = SecurityAgent::unknownReason;
+                secdebug("autheval", "shared credential cannot be used, denying right %s", inRight->name());
+                return errAuthorizationDenied;
+            } else {
+                return errAuthorizationSuccess;
+            }
+        } else {
             // @@@  no proper SA::Reason
             reason = SecurityAgent::unknownReason;
-			return errAuthorizationDenied;
+            return errAuthorizationDenied;
         }
 	} else
 		return evaluateUserCredentialForRight(auth, inRight, inRule, environment, now, credential, false, reason);
@@ -723,7 +731,7 @@ RuleImpl::evaluateUserCredentialForRight(const AuthorizationToken &auth, const A
     // everywhere, from RuleImpl::evaluate() on down.  
 
 	// Get the username from the credential
-	const char *user = credential->username().c_str();
+	const char *user = credential->name().c_str();
 
 	// If the credential is not valid or its age is more than the allowed maximum age
 	// for a credential, deny.
@@ -810,7 +818,6 @@ RuleImpl::evaluateUserCredentialForRight(const AuthorizationToken &auth, const A
 				
 			if (is_member)
 			{
-                credential->setGroupname(mGroupName);
 				secdebug("autheval", "user %s is a member of group %s, granting right %s",
 					user, groupname, inRight->name());
 				return errAuthorizationSuccess;
@@ -873,10 +880,10 @@ RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, AuthItemS
 		{
 			OSStatus status = evaluateUserCredentialForRight(auth, inRight, inRule, environmentToClient, now, *it, false, reason);
 			if (errAuthorizationSuccess == status) {
-				Credential rightCredential(inRight->name(), (*it)->uid(), mShared);
+				Credential rightCredential(inRight->name(), mShared);
 				credentials.erase(rightCredential); credentials.insert(rightCredential);
 				if (mShared)
-					credentials.insert(Credential(inRight->name(), (*it)->uid(), false));
+					credentials.insert(Credential(inRight->name(), false));
 				return status;
 			}
 		}
@@ -973,6 +980,10 @@ RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule,
                     // (try to) attach the authorizing UID to the least-priv cred
 					if (auth.operatesAsLeastPrivileged())
                     {
+                        outCredentials.insert(Credential(rightName, mShared));
+                        if (mShared) 
+                            outCredentials.insert(Credential(rightName, false));
+                        
                         RightAuthenticationLogger logger(auth.creatorAuditToken(), AUE_ssauthint);
                         logger.setRight(rightName);
 
@@ -982,26 +993,23 @@ RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule,
                             uid_t authorizedUid;
                             memcpy(&authorizedUid, uidItem->value().data, sizeof(authorizedUid));
                             secdebug("AuthEvalMech", "generating least-privilege cred for '%s' authorized by UID %u", inRight->name(), authorizedUid);
-                            outCredentials.insert(Credential(rightName, authorizedUid, mShared));
                             logger.logLeastPrivilege(authorizedUid, true);
                         }
                         else    // cltUid is better than nothing
                         {
                             secdebug("AuthEvalMech", "generating least-privilege cred for '%s' with process- or auth-UID %u", inRight->name(), cltUid);
-                            outCredentials.insert(Credential(rightName, cltUid, mShared));
                             logger.logLeastPrivilege(cltUid, false);
                         }
                     }
-					else {
-						if (0 == strcmp(rightName, "system.login.console") && NULL == eval.context().find(AGENT_CONTEXT_AUTO_LOGIN)) {
-							secdebug("AuthEvalMech", "We logged in as the session owner.\n");
-							SessionAttributeBits flags = auth.session().attributes();
-							flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
-							auth.session().setAttributes(flags);							
-						}
-						CredentialSet newCredentials = makeCredentials(auth);
-						outCredentials.insert(newCredentials.begin(), newCredentials.end());
-					}
+
+                    if (0 == strcmp(rightName, "system.login.console") && NULL == eval.context().find(AGENT_CONTEXT_AUTO_LOGIN)) {
+                        secdebug("AuthEvalMech", "We logged in as the session owner.\n");
+                        SessionAttributeBits flags = auth.session().attributes();
+                        flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
+                        auth.session().setAttributes(flags);							
+                    }
+                    CredentialSet newCredentials = makeCredentials(auth);
+                    outCredentials.insert(newCredentials.begin(), newCredentials.end());
 				}
 			}
 
diff --git a/src/authhost.cpp b/src/authhost.cpp
index 3ca8f54..2f9580d 100644
--- a/src/authhost.cpp
+++ b/src/authhost.cpp
@@ -74,6 +74,11 @@ Session &AuthHostInstance::session() const
 	return referent<Session>();
 }
 
+bool AuthHostInstance::inDarkWake()
+{
+	return this->session().server().inDarkWake();
+}
+
 void
 AuthHostInstance::childAction()
 {
@@ -154,9 +159,12 @@ AuthHostInstance::lookup(SessionId jobId)
     /* PR-7483709 const */ uuid_t instanceId = UUID_INITIALIZER_FROM_SESSIONID(jobId);
     uuid_string_t s;
 
-    if ((mHostType == securityAgent) &&
-      !(session().attributes() & sessionHasGraphicAccess))
-        CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+    if ((mHostType == securityAgent)) {
+	if (!(session().attributes() & sessionHasGraphicAccess))
+	    CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+	if (inDarkWake())
+	    CssmError::throwMe(CSSM_ERRCODE_IN_DARK_WAKE);
+    }
     
     if (mHostType == securityAgent)
 	serviceName = SECURITYAGENT_BOOTSTRAP_NAME_BASE;
@@ -181,9 +189,12 @@ Port AuthHostInstance::activate()
 	StLock<Mutex> _(*this);
 	if (state() != alive)
 	{
-		if ((mHostType == securityAgent) && 
-		    !(session().attributes() & sessionHasGraphicAccess))
+		if ((mHostType == securityAgent)) {
+		    if (!(session().attributes() & sessionHasGraphicAccess))
 			CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+		    if (inDarkWake())
+			CssmError::throwMe(CSSM_ERRCODE_IN_DARK_WAKE);
+		}
 
 		fork();
 		switch (ServerChild::state()) {
diff --git a/src/authhost.h b/src/authhost.h
index 5e41533..b1fc2c2 100644
--- a/src/authhost.h
+++ b/src/authhost.h
@@ -50,6 +50,8 @@ protected:
 
 private:
 	AuthHostType mHostType;
+
+	bool inDarkWake();
 };
 
 #endif /* _H_AUTHHOST */
diff --git a/src/authority.cpp b/src/authority.cpp
index 5577188..e9685b2 100644
--- a/src/authority.cpp
+++ b/src/authority.cpp
@@ -273,7 +273,7 @@ AuthorizationToken::setCredentialInfo(const Credential &inCred, bool savePasswor
     AuthItemRef uidHint("uid", AuthValueOverlay(sizeof(uid), &uid));
     dstInfoSet.insert(uidHint);
  
-    AuthItemRef userHint("username", AuthValueOverlay(inCred->username()), 0);
+    AuthItemRef userHint("username", AuthValueOverlay(inCred->name()), 0);
     dstInfoSet.insert(userHint);
  
 	setInfoSet(dstInfoSet, savePassword);
diff --git a/src/credential.cpp b/src/credential.cpp
index 5eaa6a1..dcb38c2 100644
--- a/src/credential.cpp
+++ b/src/credential.cpp
@@ -32,16 +32,16 @@ extern "C" int checkpw_internal( const struct passwd *pw, const char* password )
 namespace Authorization {
 
 // default credential: invalid for everything, needed as a default session credential
-CredentialImpl::CredentialImpl() : mShared(false), mRight(false), mRightName(""), mGroupName(""), mUid(0), mUserName(""), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
+CredentialImpl::CredentialImpl() : mShared(false), mRight(false), mUid(0), mName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
 {
 }
 
 // only for testing whether this credential is usable
-CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared) : mShared(shared), mRight(false), mRightName(""), mGroupName(groupname), mUid(uid), mUserName(username), mRealName(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
+CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared) : mShared(shared), mRight(false), mUid(uid), mName(username), mRealName(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
 {
 }
 
-CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mRight(false), mRightName(""), mGroupName(""), mUserName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
+CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mRight(false), mName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
 {
     Server::active().longTermActivity();
     const char *user = username.c_str();
@@ -54,7 +54,7 @@ CredentialImpl::CredentialImpl(const string &username, const string &password, b
         }
 
         mUid = pw->pw_uid;
-        mUserName = pw->pw_name;
+        mName = pw->pw_name;
         mRealName = pw->pw_gecos;
 
         const char *passwd = password.c_str();
@@ -76,7 +76,7 @@ CredentialImpl::CredentialImpl(const string &username, const string &password, b
 // least-privilege
     // @@@  arguably we don't care about the UID any more and should not
     // require it in this ctor
-CredentialImpl::CredentialImpl(const string &right, const uid_t uid, bool shared) : mShared(shared), mRight(true), mRightName(right), mGroupName(""), mUid(uid), mUserName(""), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
+CredentialImpl::CredentialImpl(const string &right, bool shared) : mShared(shared), mRight(true), mUid(-2), mName(right), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
 {
 }
 
@@ -87,32 +87,36 @@ CredentialImpl::~CredentialImpl()
 bool
 CredentialImpl::operator < (const CredentialImpl &other) const
 {
-    // Desired ordering characteristics: 
+    // all shared creds are placed into mSessionCreds
+    // all non shared creds are placed into AuthorizationToken
     //
-    // - unshared before shared
-    // - least privilege before non-least privilege
-    // - for least privilege credentials with the same sharing characteristics, 
-    //   order on the basis of right strings
-    // - orthographic order of group names
-    // 
-    // UID used to be the primary distinguishing element, but it can't be
-    // trusted--it's gathered as a side effect, potentially by an external
-    // process.  
-    //
-    // Nothing is sacred about this ordering; we just had to pick something.  
+    // There are 2 types of credentials UID and Right
+    // UID = Authenticated Identity
+    // Right = Rights which were previously authenticated by a uid credential
     
+    // Right Credentials are only used during kAuthorizationFlagLeastPrivileged 
+    // operations and should not have a valid uid set    
+
+    // this allows shared and none shared co-exist in the same container
+    // used when processing multiple rights shared vs non-shared during evaluation 
     if (!mShared && other.mShared)
         return true;
     if (!other.mShared && mShared)
         return false;
+    
+    // this allows uids and rights co-exist in the same container
+    // used when holding onto Rights inside of the AuthorizationToken
     if (mRight && !other.mRight)
         return true;
     if (!mRight && other.mRight)
         return false;
-    if (mRight && other.mRight)
-        return mRightName < other.mRightName;
-    else
-        return mGroupName < other.mGroupName;
+    
+    // this is the actual comparision
+    if (mRight) {
+        return mName < other.mName;
+    } else {
+        return mUid < other.mUid;
+    }
 }
 
 // Returns true if this CredentialImpl should be shared.
@@ -129,9 +133,9 @@ CredentialImpl::merge(const CredentialImpl &other)
     // try to ensure that the credentials are the same type
     assert(mRight == other.mRight);
     if (mRight)
-        assert(mRightName == other.mRightName);
-    else
-        assert(mGroupName == other.mGroupName);
+        assert(mName == other.mName);
+    else 
+        assert(mUid == other.mUid);
 
     if (other.mValid && (!mValid || mCreationTime < other.mCreationTime))
     {
@@ -173,8 +177,8 @@ RefPointer<CredentialImpl>(impl)
 {
 }
 
-Credential::Credential(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared) :
-RefPointer<CredentialImpl>(new CredentialImpl(uid, username, realname, groupname, shared))
+Credential::Credential(const uid_t uid, const string &username, const string &realname, bool shared) :
+RefPointer<CredentialImpl>(new CredentialImpl(uid, username, realname, shared))
 {
 }
 
@@ -182,7 +186,7 @@ Credential::Credential(const string &username, const string &password, bool shar
 {
 }
 
-Credential::Credential(const string &right, const uid_t uid, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(right, uid, shared))
+Credential::Credential(const string &right, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(right, shared))
 {
 }
 
diff --git a/src/credential.h b/src/credential.h
index 7b5dba6..d96b511 100644
--- a/src/credential.h
+++ b/src/credential.h
@@ -39,9 +39,9 @@ class CredentialImpl : public RefCount
 {
 public:
 		CredentialImpl();
-        CredentialImpl(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared);
+        CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared);
         CredentialImpl(const string &username, const string &password, bool shared);
-		CredentialImpl(const string &right, const uid_t uid, bool shared);
+		CredentialImpl(const string &right, bool shared);
         ~CredentialImpl();
 
         bool operator < (const CredentialImpl &other) const;
@@ -63,28 +63,20 @@ public:
 
         // We could make Rule a friend but instead we just expose this for now
         inline const uid_t uid() const { return mUid; }
-        inline const string& username() const { return mUserName; }
+        inline const string& name() const { return mName; }
         inline const string& realname() const { return mRealName; }
-		inline const bool isRight() const { return mRight; }
-    inline const string &rightname() const { return mRightName; }
-    inline const string &groupname() const { return mGroupName; }
-    
-    // sometimes the Credential exists before we've validated it, so we need
-    // a setter for group name
-    inline void setGroupname(const string &group)  { mGroupName = group; }
+        inline const bool isRight() const { return mRight; }
     
 private:
         bool mShared;       // credential is shared
-    bool mRight;            // is least-privilege credential
-    string mRightName;      // least-privilege name
-    string mGroupName;      // if it's not least-priv, it boils down to 
-                            // user-in-group
+        bool mRight;            // is least-privilege credential
+
 
         // Fields below are not used by less-than operator
 
         // The user that provided his password.
         uid_t mUid;
-        string mUserName;
+        string mName;
         string mRealName;
 
         CFAbsoluteTime mCreationTime;
@@ -97,9 +89,9 @@ class Credential : public RefPointer<CredentialImpl>
 public:
         Credential();
         Credential(CredentialImpl *impl);
-        Credential(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared);
+        Credential(const uid_t uid, const string &username, const string &realname, bool shared);
         Credential(const string &username, const string &password, bool shared);
-		Credential(const string &right, const uid_t uid, bool shared);		
+		Credential(const string &right, bool shared);		
         ~Credential();
 
         bool operator < (const Credential &other) const;
diff --git a/src/server.h b/src/server.h
index 2c534b0..c526bd3 100644
--- a/src/server.h
+++ b/src/server.h
@@ -192,6 +192,7 @@ public:
 	void beginShutdown();							// start delayed shutdown if configured
 	bool shuttingDown() const { return mShuttingDown; }
 	void shutdownSnitch();							// report lingering clients
+	bool inDarkWake() { return sleepWatcher.inDarkWake(); }
     
 private:
 	// mach bootstrap registration name
diff --git a/src/session.cpp b/src/session.cpp
index d7cecbf..42d51c4 100644
--- a/src/session.cpp
+++ b/src/session.cpp
@@ -89,6 +89,12 @@ Session::~Session()
 }
 
 
+Server &Session::server() const
+{
+	return parent<Server>();
+}
+
+
 //
 // Locate a session object by session identifier
 //
diff --git a/src/session.h b/src/session.h
index fd7111c..cccaf24 100644
--- a/src/session.h
+++ b/src/session.h
@@ -61,6 +61,8 @@ public:
     Session(const CommonCriteria::AuditInfo &audit, Server &server);
 	virtual ~Session();
     
+	Server &server() const;
+
 	SessionId sessionId() const { return mAudit.sessionId(); }
 	CommonCriteria::AuditInfo &auditInfo() { return mAudit; }
     
-- 
2.45.2

