#
#   sshd.py
#   
#   Find number of ssh logins and authorised users
#

import re

from ..formatting import *
from ..util import readlog, resolve
from .. import config

import logging
logger = logging.getLogger(__name__)

def parse_log():
    logger.debug("Starting sshd section")
    section = Section("ssh")
    logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth']))
    matches = re.findall('.*sshd.*Accepted publickey for .* from .*', readlog(config.prefs['logs']['auth']))    # get all logins
    logger.debug("Finished searching for logins")
    
    users = []  # list of users with format [username, number of logins] for each item
    data = []
    num = sum(1 for x in matches)     # total number of logins
    for match in matches:
        entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', match)  # [('user', 'ip')]

        user = entry.group(1)
        ip = entry.group(2)

        userhost = user + '@' + resolve(ip, fqdn=config.prefs['sshd']['resolve-domains'])
        exists = [i for i, item in enumerate(users) if re.search(userhost, item[0])]
        if (exists == []):
            users.append([userhost, 1])
        else:
            users[exists[0]][1] += 1
    logger.debug("Parsed list of authorised users")

    auth_data = Data(subtitle=plural('login', num) + ' from')

    if (len(users) == 1):             # if only one user, do not display no of logins for this user
        logger.debug("found " + str(len(matches)) + " ssh logins for user " + users[0][0])
        auth_data.subtitle += ' ' + users[0][0]
    else:
        for user in users:
            auth_data.items.append(user[0] + ' (' + str(user[1]) + ')')
            auth_data.orderbyfreq()
            auth_data.truncl(config.prefs['maxlist'])
        logger.debug("found " + str(len(matches)) + " ssh logins for users " + str(data))
    section.append_data(auth_data)
    logger.info("Finished sshd section")
    return section