[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH] filesystem_walk: more information into tsk_dirent



Access, modification, last status change and creation time in
Unix format as for statns.

Number of links pointing to a given entry.

If the entry is a symbolic link, report the its target path.

A new flag (DIRENT_COMPRESSED 0x04) indicating whether the file is
compressed using native filesystem compression support.

Signed-off-by: Matteo Cafasso <noxdafox gmail com>
---
 daemon/tsk.c                      | 44 ++++++++++++++++++++++++++++++++-------
 generator/actions.ml              | 39 ++++++++++++++++++++++++++++++++--
 generator/structs.ml              | 20 +++++++++---------
 tests/tsk/test-filesystem-walk.sh | 44 +++++++++++++++++++--------------------
 4 files changed, 106 insertions(+), 41 deletions(-)

diff --git a/daemon/tsk.c b/daemon/tsk.c
index 446213e..2d0ea83 100644
--- a/daemon/tsk.c
+++ b/daemon/tsk.c
@@ -38,13 +38,15 @@
 enum tsk_dirent_flags {
   DIRENT_UNALLOC = 0x00,
   DIRENT_ALLOC = 0x01,
-  DIRENT_REALLOC = 0x02
+  DIRENT_REALLOC = 0x02,
+  DIRENT_COMPRESSED = 0x04
 };

 static int open_filesystem (const char *, TSK_IMG_INFO **, TSK_FS_INFO **);
 static TSK_WALK_RET_ENUM fswalk_callback (TSK_FS_FILE *, const char *, void *);
 static char file_type (TSK_FS_FILE *);
 static int file_flags (TSK_FS_FILE *fsfile);
+static void file_metadata (TSK_FS_META *, guestfs_int_tsk_dirent *);
 static int send_dirent_info (guestfs_int_tsk_dirent *);
 static void reply_with_tsk_error (const char *);

@@ -122,15 +124,15 @@ fswalk_callback (TSK_FS_FILE *fsfile, const char *path, void *data)
     return TSK_WALK_ERROR;
   }

+  /* Set dirent fields */
+  memset (&dirent, 0, sizeof dirent);
+
   dirent.tsk_inode = fsfile->name->meta_addr;
   dirent.tsk_type = file_type (fsfile);
-  dirent.tsk_size = (fsfile->meta != NULL) ? fsfile->meta->size : -1;
   dirent.tsk_name = fname;
   dirent.tsk_flags = file_flags (fsfile);
-  dirent.tsk_spare1 = dirent.tsk_spare2 = dirent.tsk_spare3 =
-    dirent.tsk_spare4 = dirent.tsk_spare5 = dirent.tsk_spare6 =
-    dirent.tsk_spare7 = dirent.tsk_spare8 = dirent.tsk_spare9 =
-    dirent.tsk_spare10 = dirent.tsk_spare11 = 0;
+
+  file_metadata (fsfile->meta, &dirent);

   ret = send_dirent_info (&dirent);
   ret = (ret == 0) ? TSK_WALK_CONT : TSK_WALK_ERROR;
@@ -175,7 +177,7 @@ file_type (TSK_FS_FILE *fsfile)
   return 'u';
 }

-/* Inspect fsfile to retrieve the file allocation state. */
+/* Inspect fsfile to retrieve file flags. */
 static int
 file_flags (TSK_FS_FILE *fsfile)
 {
@@ -188,9 +190,37 @@ file_flags (TSK_FS_FILE *fsfile)
   else
     flags |= DIRENT_ALLOC;

+  if (fsfile->meta && fsfile->meta->flags & TSK_FS_META_FLAG_COMP)
+    flags |= DIRENT_COMPRESSED;
+
   return flags;
 }

+/* Inspect fsfile to retrieve file metadata. */
+static void
+file_metadata (TSK_FS_META *fsmeta, guestfs_int_tsk_dirent *dirent)
+{
+  if (fsmeta != NULL) {
+    dirent->tsk_size = fsmeta->size;
+    dirent->tsk_nlink = fsmeta->nlink;
+    dirent->tsk_atime_sec = fsmeta->atime;
+    dirent->tsk_atime_nsec = fsmeta->atime_nano;
+    dirent->tsk_mtime_sec = fsmeta->mtime;
+    dirent->tsk_mtime_nsec = fsmeta->mtime_nano;
+    dirent->tsk_ctime_sec = fsmeta->ctime;
+    dirent->tsk_ctime_nsec = fsmeta->ctime_nano;
+    dirent->tsk_crtime_sec = fsmeta->crtime;
+    dirent->tsk_crtime_nsec = fsmeta->crtime_nano;
+    /* tsk_link never changes */
+    dirent->tsk_link = (fsmeta->link != NULL) ? fsmeta->link : (char *) "";
+  }
+  else {
+    dirent->tsk_size = -1;
+    /* tsk_link never changes */
+    dirent->tsk_link = (char *) "";
+  }
+}
+
 /* Serialise dirent into XDR stream and send it to the appliance.
  * Return 0 on success, -1 on error.
  */
diff --git a/generator/actions.ml b/generator/actions.ml
index e0931b8..78d0a73 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -3612,11 +3612,46 @@ from the metadata structure.
 The bit is set to C<1> when the file name is in an unallocated state
 and the metadata structure is in an allocated one.
 This generally implies the metadata has been reallocated to a new file.
-Therefore, information such as file type and file size
-might not correspond with the ones of the original deleted entry.
+Therefore, information such as file type, file size, timestamps,
+number of links and symlink target might not correspond
+with the ones of the original deleted entry.
+
+=item 0x0004
+
+The bit is set to C<1> when the file is compressed using filesystem
+native compression support (NTFS). The API is not able to detect
+application level compression.

 =back

+=item 'tsk_atime_sec'
+
+=item 'tsk_atime_nsec'
+
+=item 'tsk_mtime_sec'
+
+=item 'tsk_mtime_nsec'
+
+=item 'tsk_ctime_sec'
+
+=item 'tsk_ctime_nsec'
+
+=item 'tsk_crtime_sec'
+
+=item 'tsk_crtime_nsec'
+
+Respectively, access, modification, last status change and creation
+time in Unix format in seconds and nanoseconds.
+
+=item 'tsk_nlink'
+
+Number of file names pointing to this entry.
+
+=item 'tsk_link'
+
+If the entry is a symbolic link, this field will contain the path
+to the target file.
+
 =back

 The C<tsk_type> field will contain one of the following characters:
diff --git a/generator/structs.ml b/generator/structs.ml
index eb8931f..029bc3a 100644
--- a/generator/structs.ml
+++ b/generator/structs.ml
@@ -454,17 +454,17 @@ let structs = [
     "tsk_size", FInt64;
     "tsk_name", FString;
     "tsk_flags", FUInt32;
+    "tsk_atime_sec", FInt64;
+    "tsk_atime_nsec", FInt64;
+    "tsk_mtime_sec", FInt64;
+    "tsk_mtime_nsec", FInt64;
+    "tsk_ctime_sec", FInt64;
+    "tsk_ctime_nsec", FInt64;
+    "tsk_crtime_sec", FInt64;
+    "tsk_crtime_nsec", FInt64;
+    "tsk_nlink", FInt64;
+    "tsk_link", FString;
     "tsk_spare1", FInt64;
-    "tsk_spare2", FInt64;
-    "tsk_spare3", FInt64;
-    "tsk_spare4", FInt64;
-    "tsk_spare5", FInt64;
-    "tsk_spare6", FInt64;
-    "tsk_spare7", FInt64;
-    "tsk_spare8", FInt64;
-    "tsk_spare9", FInt64;
-    "tsk_spare10", FInt64;
-    "tsk_spare11", FInt64;
     ];
     s_camel_name = "TSKDirent" };

diff --git a/tests/tsk/test-filesystem-walk.sh b/tests/tsk/test-filesystem-walk.sh
index 6ee3f71..f0c2d3d 100755
--- a/tests/tsk/test-filesystem-walk.sh
+++ b/tests/tsk/test-filesystem-walk.sh
@@ -51,17 +51,17 @@ tsk_type: r
 tsk_size: .*
 tsk_name: \$MFT
 tsk_flags: 1
-tsk_spare1: 0
-tsk_spare2: 0
-tsk_spare3: 0
-tsk_spare4: 0
-tsk_spare5: 0
-tsk_spare6: 0
-tsk_spare7: 0
-tsk_spare8: 0
-tsk_spare9: 0
-tsk_spare10: 0
-tsk_spare11: 0 }'
+tsk_atime_sec: .*
+tsk_atime_nsec: .*
+tsk_mtime_sec: .*
+tsk_mtime_nsec: .*
+tsk_ctime_sec: .*
+tsk_ctime_nsec: .*
+tsk_crtime_sec: .*
+tsk_crtime_nsec: .*
+tsk_nlink: 1
+tsk_link:
+tsk_spare1: 0 }'
 if [ $? != 0 ]; then
     echo "$0: \$MFT not found in files list."
     echo "File list:"
@@ -75,17 +75,17 @@ tsk_type: [ru]
 tsk_size: .*
 tsk_name: test.txt
 tsk_flags: 0
-tsk_spare1: 0
-tsk_spare2: 0
-tsk_spare3: 0
-tsk_spare4: 0
-tsk_spare5: 0
-tsk_spare6: 0
-tsk_spare7: 0
-tsk_spare8: 0
-tsk_spare9: 0
-tsk_spare10: 0
-tsk_spare11: 0 }'
+tsk_atime_sec: .*
+tsk_atime_nsec: .*
+tsk_mtime_sec: .*
+tsk_mtime_nsec: .*
+tsk_ctime_sec: .*
+tsk_ctime_nsec: .*
+tsk_crtime_sec: .*
+tsk_crtime_nsec: .*
+tsk_nlink: .*
+tsk_link:
+tsk_spare1: 0 }'
 if [ $? != 0 ]; then
     echo "$0: /test.txt not found in files list."
     echo "File list:"
--
2.8.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]