local posix = require "posix.grp";  
local pam = require "pam";  
local new_sasl = require "util.sasl".new;

function is_real_user(username)
        for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do
          if username == v then
            return true;
          end
        end
        return false;
end
  
function user_exists(username)
        return is_real_user(username);
end  
  
function test_password(username, password)
        io.output("/tmp/auth_debug");
        io.write("Testing password\n");
        local h, err = pam.start("xmpp", username, {
                function (t)
                        io.output("/tmp/auth_debug");
                        local responses = {}
                        for i,m in ipairs(t) do
                                if m[1] == pam.PAM_PROMPT_ECHO_OFF then
                                  io.write("sending password\n");
                                  responses[i] = {password, 0};
                                elseif m[1] == pam.PAM_PROMPT_ECHO_ON then
                                  io.write("sending username\n");
                                  responses[i] = {username, 0};
                                else
                                  io.write("sending empty response\n");
                                  responses[i] = {"", 0};
                                end
                        end
                        return responses
                end
        });
        if h and h:authenticate() and h:endx(pam.PAM_SUCCESS) then
                return true, true;
        end
        return nil, true;
end  
  
function get_sasl_handler()
        return new_sasl(module.host, {
                plain_test = function(sasl, ...)
                        return test_password(...)
                end
        });
end

module:provides"auth";