#!/bin/bash
# =============================================================================
# remote_users.fact
# Ansible local fact — /etc/ansible/facts.d/remote_users.fact
# Retourne un JSON avec le comptage des sessions distantes par protocole
# et l'analyse de fiabilité who vs total
# =============================================================================

set -euo pipefail

# --- Comptage SSH ---
ssh_by_ss=0
if command -v ss &>/dev/null; then
    ssh_by_ss=$(ss -tnp state established 2>/dev/null | grep -c "sshd" || echo 0)
fi
ssh_by_proc=$(pgrep -c -f "sshd:.*@" 2>/dev/null || echo 0)
ssh_count=$(( ssh_by_ss > ssh_by_proc ? ssh_by_ss : ssh_by_proc ))

# --- Comptage Citrix ---
citrix_count=0
ctxquery="/opt/Citrix/VDA/bin/ctxquery"
if [[ -x "$ctxquery" ]]; then
    citrix_count=$("$ctxquery" -f all 2>/dev/null | grep -ci "active" || echo 0)
else
    citrix_count=$(pgrep -c -f "ctxhdx|ctxgfx|wfica" 2>/dev/null || echo 0)
    if [[ $citrix_count -eq 0 ]] && command -v ss &>/dev/null; then
        citrix_count=$(ss -tnp state established 2>/dev/null \
            | grep -cE ":(1494|2598)\b" || echo 0)
    fi
fi

# --- Comptage Horizon ---
blast=$(pgrep -c -f "vmware-blast" 2>/dev/null || echo 0)
pcoip=$(pgrep -c -f "pcoip-server" 2>/dev/null || echo 0)
horizon_count=$(( blast + pcoip ))
if [[ $horizon_count -eq 0 ]] && command -v ss &>/dev/null; then
    horizon_count=$(ss -tnp state established 2>/dev/null \
        | grep -cE ":(8443|22443)\b" || echo 0)
fi

# --- Comptage who (distant) ---
who_count=$(who 2>/dev/null | grep -v '(:0' | grep -c '(.*[a-zA-Z0-9])' || echo 0)

# --- Liste utilisateurs distants (who) ---
who_users=$(who 2>/dev/null | grep -v '(:0' | grep '(.*[a-zA-Z0-9])' \
    | awk '{print $1}' | sort -u | paste -sd ',' || echo "")

# --- Total protocoles ---
total=$(( ssh_count + citrix_count + horizon_count ))

# --- Analyse fiabilité ---
if [[ $total -eq 0 && $who_count -eq 0 ]]; then
    ratio="null"
    verdict="NEUTRE"
    detail="Aucune session detectee"
elif [[ $total -eq 0 ]]; then
    ratio="null"
    verdict="WHO_SEUL"
    detail="who detecte ${who_count} session(s) non classifiee(s) par protocole"
elif [[ $who_count -eq 0 ]]; then
    ratio="0"
    verdict="PROTO_SEUL"
    detail="Sessions detectees par protocole mais invisibles dans who"
else
    ratio=$(awk "BEGIN { printf \"%.2f\", ($who_count / $total) }")
    diff=$(( who_count - total ))
    abs_diff=${diff#-}

    if [[ $abs_diff -eq 0 ]]; then
        verdict="FIABLE"
        detail="who == total protocoles, compteurs alignes"
    elif [[ $abs_diff -le 1 ]]; then
        verdict="OK"
        detail="Ecart de ${abs_diff} session(s), tolerable"
    elif [[ $who_count -gt $total ]]; then
        verdict="WHO_SUP_TOTAL"
        detail="who voit +${abs_diff} session(s) non classifiee(s)"
    else
        verdict="WHO_INF_TOTAL"
        detail="who manque ${abs_diff} session(s) sans TTY"
    fi
fi

# --- Détection des composants installés ---
has_citrix_vda=false
[[ -x "$ctxquery" ]] && has_citrix_vda=true

has_horizon_agent=false
[[ -f /usr/lib/vmware/viewagent/bin/vmware-viewagent ]] && has_horizon_agent=true

# --- Sortie JSON ---
cat <<EOF
{
  "timestamp": "$(date -u '+%Y-%m-%dT%H:%M:%SZ')",
  "sessions": {
    "ssh": ${ssh_count},
    "citrix": ${citrix_count},
    "horizon": ${horizon_count},
    "total_by_protocol": ${total},
    "who_remote": ${who_count}
  },
  "users_remote": "${who_users}",
  "reliability": {
    "ratio_who_over_total": ${ratio:-null},
    "verdict": "${verdict}",
    "detail": "${detail}"
  },
  "detection": {
    "citrix_vda_installed": ${has_citrix_vda},
    "horizon_agent_installed": ${has_horizon_agent},
    "ssh_method": "sshd_process_and_ss",
    "citrix_method": "$( [[ -x "$ctxquery" ]] && echo "ctxquery" || echo "fallback_process_ports" )",
    "horizon_method": "$( [[ $blast -gt 0 || $pcoip -gt 0 ]] && echo "blast_pcoip_process" || echo "fallback_ports" )"
  }
}
EOF