#
#   sudo.py
#   
#   Get number of sudo sessions for each user
#

import re

from logparse..formatting import *
from logparse.util import readlog
from logparse.config import prefs

import logging
logger = logging.getLogger(__name__)

def parse_log():
    logger.debug("Starting sudo section")
    section = Section("sudo")
    logger.debug("Searching for matches in {0}".format(prefs.get("logs", "auth")))
    umatches = re.findall('.*sudo:session\): session opened.*', readlog(prefs.get("logs", "auth")))
    num = sum(1 for line in umatches)    # total number of sessions
    users = []
    data = []
    for match in umatches:
        user = re.search('.*session opened for user root by (\S*)\(uid=.*\)', match).group(1)
        exists = [i for i, item in enumerate(users) if re.search(user, item[0])]
        if (exists == []):
            users.append([user, 1])
        else:
            users[exists[0]][1] += 1
    commands = []
    cmatches = re.findall('sudo:.*COMMAND\=(.*)', readlog(prefs.get("logs", "auth")))
    for cmd in cmatches:
        commands.append(cmd)
    logger.debug("Finished parsing sudo sessions")

    auth_data = Data(subtitle=plural("sudo session", num) + " for")

    if (len(users) == 1):
        logger.debug("found " + str(num) + " sudo session(s) for user " + str(users[0]))
        auth_data.subtitle += ' ' + users[0][0]
    else:
        for user in users:
            auth_data.items.append(user[0] + ' (' + str(user[1]) + ')')
        logger.debug("found " + str(num) + " sudo sessions for users " + str(data))
    section.append_data(auth_data)

    if (len(commands) > 0):
        command_data = Data(subtitle="top sudo commands")
        commands = backticks(commands)
        command_data.items = commands
        command_data.orderbyfreq()
        command_data.truncl(prefs.getint("logparse", "maxcmd"))
        section.append_data(command_data)

    logger.info("Finished sudo section")

    return section