package hackers_git

import (
	p "nslcd_proto"
	"nslcd_proto/util"
)

/* Note that the output password hash value should be one of:
   <empty> - no password set, allow login without password
   !       - used to prevent logins
   x       - "valid" encrypted password that does not match any valid password
             often used to indicate that the password is defined elsewhere
   other   - encrypted password, in crypt(3) format */

func (o *Hackers) Passwd_ByName(cred p.Ucred, req p.Request_Passwd_ByName) p.Passwd_Enumerator {
	o.lock.RLock()
	defer o.lock.RUnlock()

	uid := o.name2uid(req.Name)
	if uid < 0 {
		return util.Passwd_Ø{}
	}
	passwd := o.users[uid].passwd
	passwd.PwHash = "x" // only put actual hashes in the Shadow DB

	return util.New_Passwd_List([]p.Passwd{passwd})
}

func (o *Hackers) Passwd_ByUID(cred p.Ucred, req p.Request_Passwd_ByUID) p.Passwd_Enumerator {
	o.lock.RLock()
	defer o.lock.RUnlock()

	user, found := o.users[req.UID]
	if !found {
		return util.Passwd_Ø{}
	}
	passwd := user.passwd
	passwd.PwHash = "x" // only put actual hashes in the Shadow DB

	return util.New_Passwd_List([]p.Passwd{passwd})
}

type allPasswdEnumerator struct {
	uids    []int32
	backend *Hackers
	done    bool
}

func (e *allPasswdEnumerator) GetNext() (*p.Passwd, error) {
	if len(e.uids) > 0 {
		passwd := e.backend.users[e.uids[0]].passwd
		passwd.PwHash = "x" // only put actual hashes in the Shadow DB
		e.uids = e.uids[1:]
		return &passwd, nil
	} else if !e.done {
		e.done = true
		e.backend.lock.RUnlock()
	}
	return nil, nil
}

func (o *allPasswdEnumerator) GenericGetNext() (n *interface{}, err error) {
	a, err := o.GetNext()
	if a != nil {
		b := (interface{})(*a)
		n = &b
	}
	return
}

func (o *Hackers) Passwd_All(cred p.Ucred, req p.Request_Passwd_All) p.Passwd_Enumerator {
	o.lock.RLock()
	e := allPasswdEnumerator{
		uids:    make([]int32, len(o.users)),
		backend: o,
		done:    false,
	}
	i := uint(0)
	for uid, _ := range o.users {
		e.uids[i] = uid
		i++
	}
	return &e
}