local posix = require "posix.grp";  
local pam = require "pam";  
local new_sasl = require "util.sasl".new;

function is_real_user(username)
        for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do
          if username == v then
            return true;
          end
        end
        return false;
end
  
function user_exists(username)
        return is_real_user(username);
end  
  
function test_password(username, password)
        local h, err = pam.start("xmpp", username, {
                function (t)
                        local responses = {}
                        for i,m in ipairs(t) do
                                if m[1] == pam.PROMPT_ECHO_OFF then
                                  responses[i] = {password, 0};
                                elseif m[1] == pam.PROMPT_ECHO_ON then
                                  responses[i] = {username, 0};
                                else
                                  responses[i] = {"", 0};
                                end
                        end
                        return responses
                end
        });
        if h and h:authenticate() and h:endx(pam.SUCCESS) then
                return true, true;
        end
        return nil, true;
end  
  
function get_sasl_handler()
        return new_sasl(module.host, {
                plain_test = function(sasl, ...)
                        return test_password(...)
                end
        });
end

module:provides"auth";