"""
Find number of ssh logins and authorised users (uses journald)
"""

import re
from systemd import journal

from logparse import config
from logparse.formatting import *
from logparse.load_parsers import Parser
from logparse.util import resole

class SshdJournald(Parser):

    def __init__(self):
        super().__init__()
        self.name = "sshd_journald"
        self.info = "Find number of ssh logins and authorised users "
                "(uses journald)"

    def parse_log(self):

        logger.debug("Starting sshd section")
        section = Section("ssh")

        j = journal.Reader()
        j.this_machine()
        j.log_level(journal.LOG_INFO)
        j.add_match(_COMM="sshd")
        j.seek_realtime(section.period.startdate)
        
        messages = [entry["MESSAGE"] for entry in j if "MESSAGE" in entry]

        login_data = Data("successful", [])
        invalid_data = Data("invalid", [])
        failed_data = Data("failed", [])

        for msg in messages:

            if "Accepted publickey" in msg:
                # [('user', 'ip')]
                entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', msg)
                user = entry.group(1)
                ip = entry.group(2)

                userhost = user + '@' + resolve(ip,
                        fqdn=config.prefs.get("sshd", "sshd-resolve-domains"))
                login_data.items.append(userhost)

            elif "Connection closed by authenticating user root" in msg:
                entry = re.search('^.*Connection closed by authenticating user"
                        " (\S+) (\S+)', msg)  # [('user', 'ip')]
                user = entry.group(1)
                ip = entry.group(2)

                userhost = user + '@' + resolve(ip, 
                        fqdn=config.prefs.get("sshd", "sshd-resolve-domains"))
                failed_data.items.append(userhost)

            elif "Invalid user" in msg:
                # [('user', 'ip')]
                entry = re.search('^.*Invalid user (\S+) from (\S+).*', msg)
                user = entry.group(1)
                ip = entry.group(2)

                userhost = user + '@' + resolve(ip, 
                        fqdn=config.prefs.get("sshd", "sshd-resolve-domains"))
                invalid_data.items.append(userhost)

        login_data.subtitle = plural("successful login", 
                len(login_data.items)) + " from"
        login_data.orderbyfreq()
        login_data.truncl(config.prefs.getint("logparse", "maxlist"))
        
        invalid_data.subtitle = plural("attempted login", len(invalid_data.items))
        invalid_data.orderbyfreq()
        invalid_data.subtitle +=  plural(" from invalid user", 
                len(invalid_data.items), False)
        invalid_data.truncl(config.prefs.getint("logparse", "maxlist"))

        failed_data.subtitle = plural("failed login", 
                len(failed_data.items)) + " from"
        failed_data.orderbyfreq()
        failed_data.truncl(config.prefs.getint("logparse", "maxlist"))

        section.append_data(login_data)
        section.append_data(invalid_data)
        section.append_data(failed_data)

        logger.info("Finished sshd section")
        return section