local posix = require "posix.grp";  
local pam = require "pam";  
local new_sasl = require "util.sasl".new;

function is_real_user(username)
        for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do
          if username == v then
            return true;
          end
        end
        return false;
end
  
function user_exists(username)
        return is_real_user(username);
end  
  
function test_password(username, password)  
        local h, err = pam.start("xmpp", username, {
                function (t)
                        if #t == 1 and t[1][1] == pam.PAM_PROMPT_ECHO_OFF then
                                return { { password, 0} };
                        end
                end
        });
        if h and h:authenticate() and h:endx(pam.PAM_SUCCESS) then
                return true, true;
        end
        return nil, true;
end  
  
function get_sasl_handler()
        return new_sasl(module.host, {
                plain_test = function(sasl, ...)
                        return test_password(...)
                end
        });
end

module:provides"auth";