Matteo Cafasso
2016-Jul-07 17:48 UTC
[Libguestfs] [PATCH] filesystem_walk: more information into tsk_dirent
Access, modification, last status change and creation time in
Unix format as for statns.
Number of links pointing to a given entry.
If the entry is a symbolic link, report the its target path.
A new flag (DIRENT_COMPRESSED 0x04) indicating whether the file is
compressed using native filesystem compression support.
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
daemon/tsk.c | 44 ++++++++++++++++++++++++++++++++-------
generator/actions.ml | 39 ++++++++++++++++++++++++++++++++--
generator/structs.ml | 20 +++++++++---------
tests/tsk/test-filesystem-walk.sh | 44 +++++++++++++++++++--------------------
4 files changed, 106 insertions(+), 41 deletions(-)
diff --git a/daemon/tsk.c b/daemon/tsk.c
index 446213e..2d0ea83 100644
--- a/daemon/tsk.c
+++ b/daemon/tsk.c
@@ -38,13 +38,15 @@
enum tsk_dirent_flags {
DIRENT_UNALLOC = 0x00,
DIRENT_ALLOC = 0x01,
- DIRENT_REALLOC = 0x02
+ DIRENT_REALLOC = 0x02,
+ DIRENT_COMPRESSED = 0x04
};
static int open_filesystem (const char *, TSK_IMG_INFO **, TSK_FS_INFO **);
static TSK_WALK_RET_ENUM fswalk_callback (TSK_FS_FILE *, const char *, void *);
static char file_type (TSK_FS_FILE *);
static int file_flags (TSK_FS_FILE *fsfile);
+static void file_metadata (TSK_FS_META *, guestfs_int_tsk_dirent *);
static int send_dirent_info (guestfs_int_tsk_dirent *);
static void reply_with_tsk_error (const char *);
@@ -122,15 +124,15 @@ fswalk_callback (TSK_FS_FILE *fsfile, const char *path,
void *data)
return TSK_WALK_ERROR;
}
+ /* Set dirent fields */
+ memset (&dirent, 0, sizeof dirent);
+
dirent.tsk_inode = fsfile->name->meta_addr;
dirent.tsk_type = file_type (fsfile);
- dirent.tsk_size = (fsfile->meta != NULL) ? fsfile->meta->size : -1;
dirent.tsk_name = fname;
dirent.tsk_flags = file_flags (fsfile);
- dirent.tsk_spare1 = dirent.tsk_spare2 = dirent.tsk_spare3 -
dirent.tsk_spare4 = dirent.tsk_spare5 = dirent.tsk_spare6 - dirent.tsk_spare7
= dirent.tsk_spare8 = dirent.tsk_spare9 - dirent.tsk_spare10 =
dirent.tsk_spare11 = 0;
+
+ file_metadata (fsfile->meta, &dirent);
ret = send_dirent_info (&dirent);
ret = (ret == 0) ? TSK_WALK_CONT : TSK_WALK_ERROR;
@@ -175,7 +177,7 @@ file_type (TSK_FS_FILE *fsfile)
return 'u';
}
-/* Inspect fsfile to retrieve the file allocation state. */
+/* Inspect fsfile to retrieve file flags. */
static int
file_flags (TSK_FS_FILE *fsfile)
{
@@ -188,9 +190,37 @@ file_flags (TSK_FS_FILE *fsfile)
else
flags |= DIRENT_ALLOC;
+ if (fsfile->meta && fsfile->meta->flags &
TSK_FS_META_FLAG_COMP)
+ flags |= DIRENT_COMPRESSED;
+
return flags;
}
+/* Inspect fsfile to retrieve file metadata. */
+static void
+file_metadata (TSK_FS_META *fsmeta, guestfs_int_tsk_dirent *dirent)
+{
+ if (fsmeta != NULL) {
+ dirent->tsk_size = fsmeta->size;
+ dirent->tsk_nlink = fsmeta->nlink;
+ dirent->tsk_atime_sec = fsmeta->atime;
+ dirent->tsk_atime_nsec = fsmeta->atime_nano;
+ dirent->tsk_mtime_sec = fsmeta->mtime;
+ dirent->tsk_mtime_nsec = fsmeta->mtime_nano;
+ dirent->tsk_ctime_sec = fsmeta->ctime;
+ dirent->tsk_ctime_nsec = fsmeta->ctime_nano;
+ dirent->tsk_crtime_sec = fsmeta->crtime;
+ dirent->tsk_crtime_nsec = fsmeta->crtime_nano;
+ /* tsk_link never changes */
+ dirent->tsk_link = (fsmeta->link != NULL) ? fsmeta->link : (char
*) "";
+ }
+ else {
+ dirent->tsk_size = -1;
+ /* tsk_link never changes */
+ dirent->tsk_link = (char *) "";
+ }
+}
+
/* Serialise dirent into XDR stream and send it to the appliance.
* Return 0 on success, -1 on error.
*/
diff --git a/generator/actions.ml b/generator/actions.ml
index e0931b8..78d0a73 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -3612,11 +3612,46 @@ from the metadata structure.
The bit is set to C<1> when the file name is in an unallocated state
and the metadata structure is in an allocated one.
This generally implies the metadata has been reallocated to a new file.
-Therefore, information such as file type and file size
-might not correspond with the ones of the original deleted entry.
+Therefore, information such as file type, file size, timestamps,
+number of links and symlink target might not correspond
+with the ones of the original deleted entry.
+
+=item 0x0004
+
+The bit is set to C<1> when the file is compressed using filesystem
+native compression support (NTFS). The API is not able to detect
+application level compression.
=back
+=item 'tsk_atime_sec'
+
+=item 'tsk_atime_nsec'
+
+=item 'tsk_mtime_sec'
+
+=item 'tsk_mtime_nsec'
+
+=item 'tsk_ctime_sec'
+
+=item 'tsk_ctime_nsec'
+
+=item 'tsk_crtime_sec'
+
+=item 'tsk_crtime_nsec'
+
+Respectively, access, modification, last status change and creation
+time in Unix format in seconds and nanoseconds.
+
+=item 'tsk_nlink'
+
+Number of file names pointing to this entry.
+
+=item 'tsk_link'
+
+If the entry is a symbolic link, this field will contain the path
+to the target file.
+
=back
The C<tsk_type> field will contain one of the following characters:
diff --git a/generator/structs.ml b/generator/structs.ml
index eb8931f..029bc3a 100644
--- a/generator/structs.ml
+++ b/generator/structs.ml
@@ -454,17 +454,17 @@ let structs = [
"tsk_size", FInt64;
"tsk_name", FString;
"tsk_flags", FUInt32;
+ "tsk_atime_sec", FInt64;
+ "tsk_atime_nsec", FInt64;
+ "tsk_mtime_sec", FInt64;
+ "tsk_mtime_nsec", FInt64;
+ "tsk_ctime_sec", FInt64;
+ "tsk_ctime_nsec", FInt64;
+ "tsk_crtime_sec", FInt64;
+ "tsk_crtime_nsec", FInt64;
+ "tsk_nlink", FInt64;
+ "tsk_link", FString;
"tsk_spare1", FInt64;
- "tsk_spare2", FInt64;
- "tsk_spare3", FInt64;
- "tsk_spare4", FInt64;
- "tsk_spare5", FInt64;
- "tsk_spare6", FInt64;
- "tsk_spare7", FInt64;
- "tsk_spare8", FInt64;
- "tsk_spare9", FInt64;
- "tsk_spare10", FInt64;
- "tsk_spare11", FInt64;
];
s_camel_name = "TSKDirent" };
diff --git a/tests/tsk/test-filesystem-walk.sh
b/tests/tsk/test-filesystem-walk.sh
index 6ee3f71..f0c2d3d 100755
--- a/tests/tsk/test-filesystem-walk.sh
+++ b/tests/tsk/test-filesystem-walk.sh
@@ -51,17 +51,17 @@ tsk_type: r
tsk_size: .*
tsk_name: \$MFT
tsk_flags: 1
-tsk_spare1: 0
-tsk_spare2: 0
-tsk_spare3: 0
-tsk_spare4: 0
-tsk_spare5: 0
-tsk_spare6: 0
-tsk_spare7: 0
-tsk_spare8: 0
-tsk_spare9: 0
-tsk_spare10: 0
-tsk_spare11: 0 }'
+tsk_atime_sec: .*
+tsk_atime_nsec: .*
+tsk_mtime_sec: .*
+tsk_mtime_nsec: .*
+tsk_ctime_sec: .*
+tsk_ctime_nsec: .*
+tsk_crtime_sec: .*
+tsk_crtime_nsec: .*
+tsk_nlink: 1
+tsk_link:
+tsk_spare1: 0 }'
if [ $? != 0 ]; then
echo "$0: \$MFT not found in files list."
echo "File list:"
@@ -75,17 +75,17 @@ tsk_type: [ru]
tsk_size: .*
tsk_name: test.txt
tsk_flags: 0
-tsk_spare1: 0
-tsk_spare2: 0
-tsk_spare3: 0
-tsk_spare4: 0
-tsk_spare5: 0
-tsk_spare6: 0
-tsk_spare7: 0
-tsk_spare8: 0
-tsk_spare9: 0
-tsk_spare10: 0
-tsk_spare11: 0 }'
+tsk_atime_sec: .*
+tsk_atime_nsec: .*
+tsk_mtime_sec: .*
+tsk_mtime_nsec: .*
+tsk_ctime_sec: .*
+tsk_ctime_nsec: .*
+tsk_crtime_sec: .*
+tsk_crtime_nsec: .*
+tsk_nlink: .*
+tsk_link:
+tsk_spare1: 0 }'
if [ $? != 0 ]; then
echo "$0: /test.txt not found in files list."
echo "File list:"
--
2.8.1
Pino Toscano
2016-Jul-08 11:40 UTC
Re: [Libguestfs] [PATCH] filesystem_walk: more information into tsk_dirent
On Thursday 07 July 2016 20:48:24 Matteo Cafasso wrote:> Access, modification, last status change and creation time in > Unix format as for statns. > > Number of links pointing to a given entry. > > If the entry is a symbolic link, report the its target path. > > A new flag (DIRENT_COMPRESSED 0x04) indicating whether the file is > compressed using native filesystem compression support. > > Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> > ---LGTM, pushed. Thanks, -- Pino Toscano
Seemingly Similar Threads
- [PATCH] filesystem_walk: more information into tsk_dirent
- [PATCH 1/2] filesystem_walk: more information into tsk_dirent
- Re: [PATCH 1/2] filesystem_walk: more information into tsk_dirent
- [PATCH 2/2] filesystem_walk: update tests
- Re: [PATCH] Reserve entries to tsk_dirent struct