Rearrange the Lumina source tree quite a bit:

Now the utilites are arranged by category (core, core-utils, desktop-utils), so all the -utils may be excluded by a package system (or turned into separate packages) as needed.

2 files changed, 73 insertions, 0 deletions

diff --git a/src-qt5/core/lumina-checkpass/lumina-checkpass.pro b/src-qt5/core/lumina-checkpass/lumina-checkpass.pro
new file mode 100644
index 00000000..981dcafa
--- /dev/null
+++ b/src-qt5/core/lumina-checkpass/lumina-checkpass.pro
@@ -0,0 +1,18 @@
+include("$${PWD}/../../OS-detect.pri")
+
+TEMPLATE = app
+#Don't need any Qt - just a simple C program
+QT = 
+CONFIG += console
+
+TARGET = lumina-checkpass
+target.path = $$DESTDIR$${PREFIX}/sbin
+
+LIBS     += -lpam
+
+SOURCES += main.c
+
+perms.path = $$DESTDIR$${PREFIX}/sbin
+perms.extra = "chmod 4555 $$DESTDIR$${PREFIX}/sbin/lumina-checkpass"
+
+INSTALLS += target perms
diff --git a/src-qt5/core/lumina-checkpass/main.c b/src-qt5/core/lumina-checkpass/main.c
new file mode 100644
index 00000000..2a8bba93
--- /dev/null
+++ b/src-qt5/core/lumina-checkpass/main.c
@@ -0,0 +1,55 @@
+//===========================================
+//  Lumina-DE source code
+//  Copyright (c) 2015, Ken Moore
+//  Available under the 3-clause BSD license
+//  See the LICENSE file for full details
+//===========================================
+// This function provides the basic current-user password validation
+// The binary may need to have an effective root UID (setuid as root: "chmod 4555")
+//   so that PAM can actually check the validity of the password.
+//===========================================
+//  SECURITY NOTE:
+//    It is highly recomended that you have your PAM rules setup to disallow password checks for a time
+//    after a number of failed attempts to prevent a user-level script from hammering this utility
+//===========================================
+//Standard C libary
+#include <unistd.h>	// Standard C
+#include <stdio.h> 	// Usage output
+#include <pwd.h>  		// User DB information
+
+//PAM/security libraries
+#include <sys/types.h>
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+int main(int argc, char** argv){
+  //Check the inputs
+  if(argc!=2){
+    //Invalid inputs - show the help text
+    puts("lumina-checkpass: Simple user-level check for password validity (for screen unlockers and such).");
+    puts("Usage: lumina-checkpass <password>");
+    puts("Returns: 0 for a valid password, 1 for invalid");
+    return 1;
+  }
+  //Validate current user (make sure current UID matches the logged-in user, 
+  char* cUser = getlogin();
+  struct passwd *pwd = 0;
+  pwd = getpwnam(cUser);
+  if(pwd==0){ return 1; } //Login user could not be found in the database? (should never happen)
+  if( getuid() != pwd->pw_uid ){ return 1; } //Current UID does not match currently logged-in user UID
+  //Create the non-interactive PAM structures	
+  pam_handle_t *pamh;
+  struct pam_conv pamc = { openpam_nullconv, NULL };
+    //Place the user-supplied password into the structure 
+    int ret = pam_start( "system", cUser, &pamc, &pamh);
+    if(ret != PAM_SUCCESS){ return 1; } //could not init PAM
+    //char* cPassword = argv[1];
+    ret = pam_set_item(pamh, PAM_AUTHTOK, argv[1]);
+    //Authenticate with PAM
+    ret = pam_authenticate(pamh,0); //this can be true without verifying password if pam_self.so is used in the auth procedures (common)
+    if( ret == PAM_SUCCESS ){ ret = pam_acct_mgmt(pamh,0); } //Check for valid, unexpired account and verify access restrictions
+    //Stop the PAM instance
+    pam_end(pamh,ret);
+  //return verification result
+  return ((ret==PAM_SUCCESS) ? 0 : 1);
+}
\ No newline at end of file