Libguestfs - Apr 2016 - Re: [PATCH v2 4/5] appliance: Added filesystem_walk command

v2:

 - Increased the amount of collected information from the FS content.

 - Moved filesystem_walk0 as internal command.

 - Code improvement based on comments.

 - Adhere to project's coding style.

 - Better command documentation.

 - More robust tests.

Patch ready for review, code available at:

https://github.com/noxdafox/libguestfs/tree/filesystem_walk

Matteo Cafasso (5):
  generator: Added tsk_dirent struct
  configure: Added libtsk compile-time check
  daemon: Added internal_filesystem_walk command
  appliance: Added filesystem_walk command
  appliance: Added filesystem_walk command tests

 daemon/Makefile.am                |   4 +-
 daemon/tsk.c                      | 225 ++++++++++++++++++++++++++++++++++++++
 generator/actions.ml              |  94 ++++++++++++++++
 generator/structs.ml              |  16 ++-
 m4/guestfs_daemon.m4              |   8 ++
 src/MAX_PROC_NR                   |   2 +-
 src/Makefile.am                   |   1 +
 src/tsk.c                         | 162 +++++++++++++++++++++++++++
 tests/tsk/Makefile.am             |   3 +-
 tests/tsk/test-filesystem-walk.sh |  62 +++++++++++
 10 files changed, 572 insertions(+), 5 deletions(-)
 create mode 100644 daemon/tsk.c
 create mode 100644 src/tsk.c
 create mode 100755 tests/tsk/test-filesystem-walk.sh

--
2.8.0.rc3

The tsk_dirent struct contains the information gathered via TSK
APIs.

The struct contains the following fields:
 * tsk_inode: inode of a file
 * tsk_type: type of file such as for readdir command
 * tsk_size: file size in bytes
 * tsk_name: path relative to its disk partition
 * tsk_allocated: whether the file has been deleted

Signed-off-by: Matteo Cafasso <noxdafox at gmail.com>
---
 generator/structs.ml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/generator/structs.ml b/generator/structs.ml
index 6017ba6..d986fd9 100644
--- a/generator/structs.ml
+++ b/generator/structs.ml
@@ -442,8 +442,20 @@ let structs = [
     "im_device", FString;
     "im_volume", FString;
     ];
-    s_camel_name = "InternalMountable";
-  };
+    s_camel_name = "InternalMountable" };
+
+  (* The Sleuth Kit directory entry information. *)
+  { defaults with
+    s_name = "tsk_dirent";
+    s_cols = [
+    "tsk_inode", FUInt64;
+    "tsk_type", FChar;
+    "tsk_size", FInt64;
+    "tsk_name", FString;
+    "tsk_allocated", FUInt32;
+    ];
+    s_camel_name = "TSKDirent" };
+
 ] (* end of structs *)

 let lookup_struct name --
2.8.0.rc3

Ensure libtsk is available at compile time.
If not, daemon routines depending on it
won't be available.

Signed-off-by: Matteo Cafasso <noxdafox at gmail.com>
---
 m4/guestfs_daemon.m4 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/m4/guestfs_daemon.m4 b/m4/guestfs_daemon.m4
index 88936b2..09cfecd 100644
--- a/m4/guestfs_daemon.m4
+++ b/m4/guestfs_daemon.m4
@@ -118,3 +118,11 @@ PKG_CHECK_MODULES([SD_JOURNAL], [libsystemd],[
         AC_MSG_WARN([systemd journal library not found, some features will be
disabled])
     ])
 ])
+
+dnl libtsk sleuthkit library (optional)
+AC_CHECK_LIB([tsk],[tsk_version_print],[
+    AC_CHECK_HEADER([tsk/libtsk.h],[
+        AC_SUBST([TSK_LIBS], [-ltsk])
+        AC_DEFINE([HAVE_LIBTSK], [1], [Define to 1 if The Sleuth Kit  library
(libtsk) is available.])
+    ], [])
+],[AC_MSG_WARN([The Sleuth Kit library (libtsk) not found])])
--
2.8.0.rc3

The internal_filesystem_walk command walks
through the FS structure of a disk partition
and returns all the files or directories
which could be found.

The command is able to retrieve information
regarding deleted or unaccessible files as well
where other commands such as stat or find
would fail.

The gathered list of tsk_dirent structs
is serialised into XDR format and written
to a file by the appliance.

Signed-off-by: Matteo Cafasso <noxdafox at gmail.com>
---
 daemon/Makefile.am   |   4 +-
 daemon/tsk.c         | 225 +++++++++++++++++++++++++++++++++++++++++++++++++++
 generator/actions.ml |  25 ++++++
 src/MAX_PROC_NR      |   2 +-
 4 files changed, 254 insertions(+), 2 deletions(-)
 create mode 100644 daemon/tsk.c

diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index beb7962..03bf71f 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -179,6 +179,7 @@ guestfsd_SOURCES = \
 	sync.c \
 	syslinux.c \
 	tar.c \
+	tsk.c \
 	truncate.c \
 	umask.c \
 	upload.c \
@@ -209,7 +210,8 @@ guestfsd_LDADD = \
 	$(LIB_CLOCK_GETTIME) \
 	$(LIBINTL) \
 	$(SERVENT_LIB) \
-	$(PCRE_LIBS)
+	$(PCRE_LIBS) \
+	$(TSK_LIBS)

 guestfsd_CPPFLAGS = \
 	-I$(top_srcdir)/gnulib/lib \
diff --git a/daemon/tsk.c b/daemon/tsk.c
new file mode 100644
index 0000000..ac44106
--- /dev/null
+++ b/daemon/tsk.c
@@ -0,0 +1,225 @@
+/* libguestfs - the guestfsd daemon
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+#include <string.h>
+#include <unistd.h>
+#include <rpc/xdr.h>
+#include <rpc/types.h>
+
+#include "guestfs_protocol.h"
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+
+#ifdef HAVE_LIBTSK
+
+#include <tsk/libtsk.h>
+
+/* File types map similar to dirent. */
+#define TSK_FILE_TYPE_NUM 10
+char TSK_FILE_TYPE[TSK_FILE_TYPE_NUM] = {
+  'u', 'f', 'c', 'd', 'b', 'r',
'l', 's', 'h', 'w'
+};
+
+static int open_filesystem (const char *device,
+                            TSK_IMG_INFO **img, TSK_FS_INFO **fs);
+static TSK_WALK_RET_ENUM fswalk_callback (TSK_FS_FILE *fsfile,
+                                          const char *path, void *data);
+static char file_type (TSK_FS_FILE *fsfile);
+static int send_dirent_info (guestfs_int_tsk_dirent *dirent);
+static void reply_with_tsk_error (const char *funcname);
+
+int
+do_internal_filesystem_walk (const mountable_t *mountable)
+{
+  int ret = -1;
+  TSK_FS_INFO *fs = NULL;
+  TSK_IMG_INFO *img = NULL;  /* Used internally by tsk_fs_dir_walk */
+  int flags = TSK_FS_DIR_WALK_FLAG_ALLOC | TSK_FS_DIR_WALK_FLAG_UNALLOC |
+    TSK_FS_DIR_WALK_FLAG_RECURSE | TSK_FS_DIR_WALK_FLAG_NOORPHAN;
+
+  ret = open_filesystem (mountable->device, &img, &fs);
+  if (ret < 0)
+    return ret;
+
+  reply (NULL, NULL);  /* Reply message. */
+
+  ret = tsk_fs_dir_walk (fs, fs->root_inum, flags, fswalk_callback, NULL);
+  if (ret == 0)
+    ret = send_file_end (0);  /* File transfer end. */
+  else
+    send_file_end (1);  /* Cancel file transfer. */
+
+  fs->close (fs);
+  img->close (img);
+
+  return ret;
+}
+
+/* Inspect the device and initialises the img and fs structures.
+ * Return 0 on success, -1 on error.
+ */
+static int
+open_filesystem (const char *device, TSK_IMG_INFO **img, TSK_FS_INFO **fs)
+{
+  const char *images[] = { device };
+
+  *img = tsk_img_open (1, images, TSK_IMG_TYPE_DETECT , 0);
+  if (*img == NULL) {
+    reply_with_tsk_error ("tsk_image_open");
+    return -1;
+  }
+
+  *fs = tsk_fs_open_img (*img, 0, TSK_FS_TYPE_DETECT);
+  if (*fs == NULL) {
+    reply_with_tsk_error ("tsk_fs_open_img");
+    (*img)->close (*img);
+    return -1;
+  }
+
+  return 0;
+}
+
+/* Filesystem walk callback, it gets called on every FS node.
+ * Parse the node, encode it into an XDR structure and send it to the
appliance.
+ * Return TSK_WALK_CONT on success, TSK_WALK_ERROR on error.
+ */
+static TSK_WALK_RET_ENUM
+fswalk_callback (TSK_FS_FILE *fsfile, const char *path, void *data)
+{
+  int ret = 0;
+  CLEANUP_FREE char *fname = NULL;
+  struct guestfs_int_tsk_dirent dirent;
+
+  /* Ignore ./ and ../ */
+  ret = TSK_FS_ISDOT (fsfile->name->name);
+  if (ret != 0)
+    return TSK_WALK_CONT;
+
+  /* Build the full relative path of the entry */
+  ret = asprintf_nowarn (&fname, "%Q%Q", path,
fsfile->name->name);
+  if (ret < 0) {
+    fprintf (stderr, "asprintf: %m");
+    return TSK_WALK_ERROR;
+  }
+
+  dirent.tsk_inode = fsfile->name->meta_addr;
+  dirent.tsk_type = file_type (fsfile);
+  dirent.tsk_size = (fsfile->meta != NULL) ? fsfile->meta->size : 0;
+  dirent.tsk_name = fname;
+  dirent.tsk_allocated = !(fsfile->name->flags &
TSK_FS_NAME_FLAG_UNALLOC);
+
+  ret = send_dirent_info (&dirent);
+  ret = (ret == 0) ? TSK_WALK_CONT : TSK_WALK_ERROR;
+
+  return ret;
+}
+
+/* Inspect fsfile to identify its type. */
+static char
+file_type(TSK_FS_FILE *fsfile)
+{
+  if (fsfile->name->type < TSK_FILE_TYPE_NUM)
+    return TSK_FILE_TYPE[fsfile->name->type];
+  else if (fsfile->meta != NULL && fsfile->meta->type <
TSK_FILE_TYPE_NUM)
+    return TSK_FILE_TYPE[fsfile->meta->type];
+  else
+    return 'u';
+}
+
+/* Serialise dirent into XDR stream and send it to the appliance.
+ * Return 0 on success, -1 on error.
+ */
+static int
+send_dirent_info (guestfs_int_tsk_dirent *dirent)
+{
+  XDR xdr;
+  size_t len = 0;
+  CLEANUP_FREE char *buf;
+
+  buf = malloc (GUESTFS_MAX_CHUNK_SIZE);
+  if (buf == NULL) {
+    fprintf (stderr, "malloc: %m");
+    return -1;
+  }
+
+  /* Serialise tsk_dirent struct. */
+  xdrmem_create (&xdr, buf, GUESTFS_MAX_CHUNK_SIZE, XDR_ENCODE);
+
+  if (!xdr_uint64_t (&xdr, &dirent->tsk_inode))
+    return -1;
+  if (!xdr_char (&xdr, &dirent->tsk_type))
+    return -1;
+  if (!xdr_int64_t (&xdr, &dirent->tsk_size))
+    return -1;
+
+  /* Serialise filename. */
+  len = strlen (dirent->tsk_name) + 1;
+  if (!xdr_u_long (&xdr, &len))
+    return -1;
+  if (!xdr_string (&xdr, &dirent->tsk_name, len))
+    return -1;
+
+  if (!xdr_uint32_t (&xdr, &dirent->tsk_allocated))
+    return -1;
+
+  /* Resize buffer to actual length. */
+  len = xdr_getpos (&xdr);
+  xdr_destroy (&xdr);
+  buf = realloc (buf, len);
+  if (buf == NULL) {
+    fprintf (stderr, "realloc: %m");
+    return -1;
+  }
+
+  /* Send serialised tsk_dirent out. */
+  return send_file_write (buf, len);
+}
+
+/* Parse TSK error and send it to the appliance. */
+static void
+reply_with_tsk_error (const char *funcname)
+{
+  int ret = 0;
+  const char *buf = NULL;
+
+  ret = tsk_error_get_errno ();
+  if (ret != 0) {
+    buf = tsk_error_get ();
+    reply_with_error ("TSK function %s error: %s", funcname, buf);
+  }
+  else
+    reply_with_error ("TSK function %s: unknown error", funcname);
+}
+
+int
+optgroup_libtsk_available (void)
+{
+  return 1;
+}
+
+#else   /* !HAVE_LIBTSK */
+
+OPTGROUP_LIBTSK_NOT_AVAILABLE
+
+#endif  /* !HAVE_LIBTSK */
diff --git a/generator/actions.ml b/generator/actions.ml
index e5cb939..449ffa0 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -12958,6 +12958,31 @@ and save it as F<filename> on the local machine.

 This allows to download deleted or inaccessible files." };

+  { defaults with
+    name = "internal_filesystem_walk"; added = (1, 33, 17);
+    style = RErr, [Mountable "device"; FileOut "filename"],
[];
+    proc_nr = Some 465;
+    visibility = VInternal;
+    optional = Some "libtsk";
+    shortdesc = "walk through the filesystem content";
+    longdesc = "Walk through the internal structures of a disk partition
+(eg. F</dev/sda1>) in order to return a list of all the files
+and directories stored within.
+
+It is not necessary to mount the disk partition to run this command.
+
+All entries in the filesystem are returned, excluding C<.> and
+C<..>. This function can list deleted or unaccessible files.
+The entries are I<not> sorted.
+
+If the entry is not allocated (ex: it has been deleted),
+its inode, type or size might not be recovered correctly.
+In such case, the inode and the size will be 0 while the type
+will be unidentified 'u'.
+
+This call returns basic file type information about each
+file." };
+
 ]

 (* Non-API meta-commands available only in guestfish.
diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index 3bb8a49..073c57b 100644
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-464
+465
--
2.8.0.rc3

The filesystem_walk command is the appliance's
counterpart of the daemon's
internal_filesystem_walk command.

It writes the daemon's command output
on a temporary file and parses it, deserialising
the XDR formatted tsk_dirent structs.

It returns to the caller the list
of tsk_dirent structs generated by the
internal_filesystem_walk command.

Signed-off-by: Matteo Cafasso <noxdafox at gmail.com>
---
 generator/actions.ml |  69 ++++++++++++++++++++++
 src/Makefile.am      |   1 +
 src/tsk.c            | 162 +++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 232 insertions(+)
 create mode 100644 src/tsk.c

diff --git a/generator/actions.ml b/generator/actions.ml
index 449ffa0..9457c3f 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -3546,6 +3546,75 @@ The environment variable C<XDG_RUNTIME_DIR>
controls the default
 value: If C<XDG_RUNTIME_DIR> is set, then that is the default.
 Else F</tmp> is the default." };

+  { defaults with
+    name = "filesystem_walk"; added = (1, 33, 17);
+    style = RStructList ("dirents", "tsk_dirent"),
[Mountable "device";], [];
+    optional = Some "libtsk";
+    progress = true; cancellable = true;
+    shortdesc = "walk through the filesystem content";
+    longdesc = "\
+Walk through the internal structures of a disk partition
+(eg. F</dev/sda1>) in order to return a list of all the files
+and directories stored within.
+
+It is not necessary to mount the disk partition to run this command.
+
+All entries in the filesystem are returned, excluding C<.> and
+C<..>. This function can list deleted or unaccessible files.
+The entries are I<not> sorted.
+
+If the entry is not allocated (ex: it has been deleted),
+its inode, type or size might not be recovered correctly.
+In such case, the inode and the size will be 0 while the type
+will be unidentified 'u'.
+
+This call returns as well basic file type information about each
+file.  The C<tsk_type> field will contain one of the following
characters:
+
+=over 4
+
+=item 'b'
+
+Block special
+
+=item 'c'
+
+Char special
+
+=item 'd'
+
+Directory
+
+=item 'f'
+
+FIFO (named pipe)
+
+=item 'l'
+
+Symbolic link
+
+=item 'r'
+
+Regular file
+
+=item 's'
+
+Socket
+
+=item 'h'
+
+Shadow inode (Solaris)
+
+=item 'w'
+
+Whiteout inode (BSD)
+
+=item 'u'
+
+Unknown file type
+
+=back" };
+
 ]

 (* daemon_functions are any functions which cause some action
diff --git a/src/Makefile.am b/src/Makefile.am
index 3b4cd10..9f8af4c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -130,6 +130,7 @@ libguestfs_la_SOURCES = \
 	structs-copy.c \
 	structs-free.c \
 	tmpdirs.c \
+	tsk.c \
 	whole-file.c \
 	libguestfs.syms

diff --git a/src/tsk.c b/src/tsk.c
new file mode 100644
index 0000000..d77bc0a
--- /dev/null
+++ b/src/tsk.c
@@ -0,0 +1,162 @@
+/* libguestfs
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <rpc/xdr.h>
+#include <rpc/types.h>
+
+#include "full-read.h"
+
+#include "guestfs.h"
+#include "guestfs_protocol.h"
+#include "guestfs-internal.h"
+#include "guestfs-internal-all.h"
+#include "guestfs-internal-actions.h"
+
+static struct guestfs_tsk_dirent_list *parse_filesystem_walk
+(guestfs_h *g, char *buf, size_t bufsize);
+int deserialise_dirent_list (guestfs_h *g, char *buf, size_t bufsize,
+                             struct guestfs_tsk_dirent_list **dirents);
+static int deserialise_dirent (guestfs_h *g, XDR *xdrs,
+                               struct guestfs_tsk_dirent *dirent);
+
+struct guestfs_tsk_dirent_list *
+guestfs_impl_filesystem_walk (guestfs_h *g, const char *mountable)
+{
+  int ret = 0;
+  size_t size = 0;
+  CLEANUP_FREE char *buf = NULL;
+  CLEANUP_UNLINK_FREE char *tmpfile = NULL;
+
+  ret = guestfs_int_lazy_make_tmpdir (g);
+  if (ret < 0)
+    return NULL;
+
+  tmpfile = safe_asprintf (g, "%s/filesystem_walk%d", g->tmpdir,
++g->unique);
+
+  ret = guestfs_internal_filesystem_walk (g, mountable, tmpfile);
+  if (ret < 0)
+    return NULL;
+
+  ret = guestfs_int_read_whole_file (g, tmpfile, &buf, &size);
+  if (ret < 0)
+    return NULL;
+
+  return parse_filesystem_walk (g, buf, size);  /* caller frees */
+}
+
+/* Parse buf content and return dirents list.
+ * Return a list of tsk_dirent on success, NULL on error.
+ */
+static struct guestfs_tsk_dirent_list *
+parse_filesystem_walk (guestfs_h *g, char *buf, size_t bufsize)
+{
+  int ret = 0;
+  struct guestfs_tsk_dirent_list *dirents = NULL;
+
+  /* Initialise results array. */
+  dirents = safe_malloc (g, sizeof (struct guestfs_tsk_dirent_list));
+  dirents->len = 8;
+  dirents->val = safe_malloc (g, dirents->len *
+                              sizeof (struct guestfs_tsk_dirent));
+
+  /* Deserialise buffer into dirent list. */
+  ret = deserialise_dirent_list (g, buf, bufsize, &dirents);
+  if (ret < 0) {
+    guestfs_free_tsk_dirent_list (dirents);
+    return NULL;
+  }
+
+  /* Resize the array to correct number of entries. */
+  dirents->len = ret;
+  dirents->val = safe_realloc (g, dirents->val,
+                               dirents->len *
+                               sizeof (struct guestfs_tsk_dirent));
+
+  return dirents;
+}
+
+/* Deserialise buf content and populate the dirent list.
+ * Return the number of deserialised dirents, -1 on error.
+ */
+int
+deserialise_dirent_list (guestfs_h *g, char *buf, size_t bufsize,
+                         struct guestfs_tsk_dirent_list **dirents)
+{
+  XDR xdr;
+  int ret = 0;
+  uint32_t index = 0;
+
+  xdrmem_create (&xdr, buf, bufsize, XDR_DECODE);
+
+  for (index = 0; xdr_getpos (&xdr) < bufsize; index++) {
+    if (index == (*dirents)->len) {
+      (*dirents)->len = 2 * (*dirents)->len;
+      (*dirents)->val = safe_realloc (g, (*dirents)->val,
+                                      (*dirents)->len *
+                                      sizeof (struct guestfs_tsk_dirent));
+    }
+
+    ret = deserialise_dirent (g, &xdr, &(*dirents)->val[index]);
+    if (ret < 0)
+      break;
+  }
+
+  xdr_destroy (&xdr);
+
+  return index;
+}
+
+/* Parse a single XDR encoded tsk_dirent.
+ * Return 0 on success, -1 on error.
+ */
+static int
+deserialise_dirent (guestfs_h *g, XDR *xdrs, struct guestfs_tsk_dirent *dirent)
+{
+  size_t len = 0;
+  CLEANUP_FREE char *buf = NULL;
+
+  /* Deserialise tsk_dirent struct. */
+  if (!xdr_uint64_t (xdrs, &dirent->tsk_inode))
+    return -1;
+  if (!xdr_char (xdrs, &dirent->tsk_type))
+    return -1;
+  if (!xdr_int64_t (xdrs, &dirent->tsk_size))
+    return -1;
+
+  /* Deserialise filename. */
+  if (!xdr_u_long (xdrs, &len))
+    return -1;
+  buf = safe_malloc (g, len);
+  if (!xdr_string (xdrs, &buf, len))
+    return -1;
+  dirent->tsk_name = safe_strndup(g, buf, len);
+
+  if (!xdr_uint32_t (xdrs, &dirent->tsk_allocated))
+    return -1;
+
+  return 0;
+}
--
2.8.0.rc3

The tests check that the filesystem_walk command
is able to retrieve information regarding both
existing and deleted files.

A NTFS image is used as Ext3+ filesystems deletion
is more aggressive in terms of metadata removal.

Signed-off-by: Matteo Cafasso <noxdafox at gmail.com>
---
 tests/tsk/Makefile.am             |  3 +-
 tests/tsk/test-filesystem-walk.sh | 62 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100755 tests/tsk/test-filesystem-walk.sh

diff --git a/tests/tsk/Makefile.am b/tests/tsk/Makefile.am
index 0cd7c03..f9b2fef 100644
--- a/tests/tsk/Makefile.am
+++ b/tests/tsk/Makefile.am
@@ -18,7 +18,8 @@
 include $(top_srcdir)/subdir-rules.mk

 TESTS = \
-	test-download-inode.sh
+	test-download-inode.sh \
+	test-filesystem-walk.sh

 TESTS_ENVIRONMENT = $(top_builddir)/run --test

diff --git a/tests/tsk/test-filesystem-walk.sh
b/tests/tsk/test-filesystem-walk.sh
new file mode 100755
index 0000000..8df1d0f
--- /dev/null
+++ b/tests/tsk/test-filesystem-walk.sh
@@ -0,0 +1,62 @@
+#!/bin/bash -
+# libguestfs
+# Copyright (C) 2016 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# Test the filesystem-walk command.
+
+if [ -n "$SKIP_TEST_FILESYSTEM_WALK_SH" ]; then
+    echo "$0: test skipped because environment variable is set."
+    exit 77
+fi
+
+# Skip if TSK is not supported by the appliance.
+if ! guestfish add /dev/null : run : available "libtsk"; then
+    echo "$0: skipped because TSK is not available in the appliance"
+    exit 77
+fi
+
+if [ ! -s ../../test-data/phony-guests/windows.img ]; then
+    echo "$0: skipped because windows.img is zero-sized"
+    exit 77
+fi
+
+# create and delete a file then list the filesystem content
+output=$(guestfish --ro -a ../../test-data/phony-guests/windows.img \
+                   run :                                            \
+                   mount /dev/sda2 / :                              \
+                   write /test.txt "foobar" :                       \
+                   rm /test.txt :                                   \
+                   umount / :                                       \
+                   filesystem-walk /dev/sda2)
+
+# test $MFT is in the list
+echo $output | grep -q "{ tsk_inode: 0 tsk_type: r tsk_size: .* tsk_name:
..MFT tsk_allocated: 1 }"
+if [ $? != 0 ]; then
+    echo "$0: \$MFT not found in files list."
+    echo "File list:"
+    echo $output
+    exit 1
+fi
+
+# test deleted file is in the list
+echo $output | grep -q "{ tsk_inode: .* tsk_type: [ru] tsk_size: [06]
tsk_name: test.txt tsk_allocated: 0 }"
+if [ $? != 0 ]; then
+    echo "$0: /test.txt not found in files list."
+    echo "File list:"
+    echo $output
+    exit 1
+fi
--
2.8.0.rc3

On Sunday 03 April 2016 16:30:48 Matteo Cafasso wrote:
> The internal_filesystem_walk command walks
> through the FS structure of a disk partition
> and returns all the files or directories
> which could be found.
> 
> The command is able to retrieve information
> regarding deleted or unaccessible files as well
> where other commands such as stat or find
> would fail.
> 
> The gathered list of tsk_dirent structs
> is serialised into XDR format and written
> to a file by the appliance.
Not that it is a big issue, but you can wrap commit messages at the
72 columns.
> Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
> ---
>  daemon/Makefile.am   |   4 +-
>  daemon/tsk.c         | 225
+++++++++++++++++++++++++++++++++++++++++++++++++++
>  generator/actions.ml |  25 ++++++
>  src/MAX_PROC_NR      |   2 +-
>  4 files changed, 254 insertions(+), 2 deletions(-)
>  create mode 100644 daemon/tsk.c
> 
> diff --git a/daemon/Makefile.am b/daemon/Makefile.am
> index beb7962..03bf71f 100644
> --- a/daemon/Makefile.am
> +++ b/daemon/Makefile.am
> @@ -179,6 +179,7 @@ guestfsd_SOURCES = \
>  	sync.c \
>  	syslinux.c \
>  	tar.c \
> +	tsk.c \
>  	truncate.c \
>  	umask.c \
>  	upload.c \
> @@ -209,7 +210,8 @@ guestfsd_LDADD = \
>  	$(LIB_CLOCK_GETTIME) \
>  	$(LIBINTL) \
>  	$(SERVENT_LIB) \
> -	$(PCRE_LIBS)
> +	$(PCRE_LIBS) \
> +	$(TSK_LIBS)
> 
>  guestfsd_CPPFLAGS = \
>  	-I$(top_srcdir)/gnulib/lib \
> diff --git a/daemon/tsk.c b/daemon/tsk.c
> new file mode 100644
> index 0000000..ac44106
> --- /dev/null
> +++ b/daemon/tsk.c
> @@ -0,0 +1,225 @@
> +/* libguestfs - the guestfsd daemon
> + * Copyright (C) 2016 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
> + */
> +
> +#include <config.h>
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <inttypes.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <rpc/xdr.h>
> +#include <rpc/types.h>
> +
> +#include "guestfs_protocol.h"
> +#include "daemon.h"
> +#include "actions.h"
> +#include "optgroups.h"
> +
> +#ifdef HAVE_LIBTSK
> +
> +#include <tsk/libtsk.h>
> +
> +/* File types map similar to dirent. */
> +#define TSK_FILE_TYPE_NUM 10
> +char TSK_FILE_TYPE[TSK_FILE_TYPE_NUM] = {
> +  'u', 'f', 'c', 'd', 'b',
'r', 'l', 's', 'h', 'w'
> +};
I see the libtsk already uses TSK_* and tsk_* prefixes for its own
stuff, so I'd avoid using the same prefixes for local variables.

Also, make the string as static const, since it does not need to be
modified at all (and thus can then be placed into .rodata).
> +
> +static int open_filesystem (const char *device,
> +                            TSK_IMG_INFO **img, TSK_FS_INFO **fs);
> +static TSK_WALK_RET_ENUM fswalk_callback (TSK_FS_FILE *fsfile,
> +                                          const char *path, void *data);
Single line for forward declarations.
> +static char file_type (TSK_FS_FILE *fsfile);
> +static int send_dirent_info (guestfs_int_tsk_dirent *dirent);
> +static void reply_with_tsk_error (const char *funcname);
> +
> +int
> +do_internal_filesystem_walk (const mountable_t *mountable)
> +{
> +  int ret = -1;
> +  TSK_FS_INFO *fs = NULL;
> +  TSK_IMG_INFO *img = NULL;  /* Used internally by tsk_fs_dir_walk */
> +  int flags = TSK_FS_DIR_WALK_FLAG_ALLOC | TSK_FS_DIR_WALK_FLAG_UNALLOC |
> +    TSK_FS_DIR_WALK_FLAG_RECURSE | TSK_FS_DIR_WALK_FLAG_NOORPHAN;
> +
> +  ret = open_filesystem (mountable->device, &img, &fs);
> +  if (ret < 0)
> +    return ret;
> +
> +  reply (NULL, NULL);  /* Reply message. */
> +
> +  ret = tsk_fs_dir_walk (fs, fs->root_inum, flags, fswalk_callback,
NULL);
> +  if (ret == 0)
> +    ret = send_file_end (0);  /* File transfer end. */
> +  else
> +    send_file_end (1);  /* Cancel file transfer. */
> +
> +  fs->close (fs);
> +  img->close (img);
> +
> +  return ret;
> +}
> +
> +/* Inspect the device and initialises the img and fs structures.
> + * Return 0 on success, -1 on error.
> + */
> +static int
> +open_filesystem (const char *device, TSK_IMG_INFO **img, TSK_FS_INFO **fs)
> +{
> +  const char *images[] = { device };
> +
> +  *img = tsk_img_open (1, images, TSK_IMG_TYPE_DETECT , 0);
> +  if (*img == NULL) {
> +    reply_with_tsk_error ("tsk_image_open");
> +    return -1;
> +  }
> +
> +  *fs = tsk_fs_open_img (*img, 0, TSK_FS_TYPE_DETECT);
> +  if (*fs == NULL) {
> +    reply_with_tsk_error ("tsk_fs_open_img");
> +    (*img)->close (*img);
> +    return -1;
> +  }
> +
> +  return 0;
> +}
> +
> +/* Filesystem walk callback, it gets called on every FS node.
> + * Parse the node, encode it into an XDR structure and send it to the
appliance.
> + * Return TSK_WALK_CONT on success, TSK_WALK_ERROR on error.
> + */
> +static TSK_WALK_RET_ENUM
> +fswalk_callback (TSK_FS_FILE *fsfile, const char *path, void *data)
> +{
> +  int ret = 0;
> +  CLEANUP_FREE char *fname = NULL;
> +  struct guestfs_int_tsk_dirent dirent;
> +
> +  /* Ignore ./ and ../ */
> +  ret = TSK_FS_ISDOT (fsfile->name->name);
> +  if (ret != 0)
> +    return TSK_WALK_CONT;
> +
> +  /* Build the full relative path of the entry */
> +  ret = asprintf_nowarn (&fname, "%Q%Q", path,
fsfile->name->name);
Why the quoting?  We don't quote results in similar APIs (e.g. readdir).
> +  if (ret < 0) {
> +    fprintf (stderr, "asprintf: %m");
> +    return TSK_WALK_ERROR;
> +  }
> +
> +  dirent.tsk_inode = fsfile->name->meta_addr;
> +  dirent.tsk_type = file_type (fsfile);
> +  dirent.tsk_size = (fsfile->meta != NULL) ? fsfile->meta->size :
0;
If 'meta' is null, then I guess the size should be -1 to indicate it
was not available; otherwise, there is no difference between an empty
file, and a file whose metadata could not be read.
> +  dirent.tsk_name = fname;
> +  dirent.tsk_allocated = !(fsfile->name->flags &
TSK_FS_NAME_FLAG_UNALLOC);
> +
> +  ret = send_dirent_info (&dirent);
> +  ret = (ret == 0) ? TSK_WALK_CONT : TSK_WALK_ERROR;
> +
> +  return ret;
> +}
> +
> +/* Inspect fsfile to identify its type. */
> +static char
> +file_type(TSK_FS_FILE *fsfile)
> +{
> +  if (fsfile->name->type < TSK_FILE_TYPE_NUM)
> +    return TSK_FILE_TYPE[fsfile->name->type];
> +  else if (fsfile->meta != NULL && fsfile->meta->type
< TSK_FILE_TYPE_NUM)
> +    return TSK_FILE_TYPE[fsfile->meta->type];
> +  else
> +    return 'u';
> +}
I think it would be better to have a switch case on the file type: the
current solution will silently break if a future (incompatible) version
of libtsk changes the order/values of the elements in
TSK_FS_NAME_TYPE_ENUM.  Also, new values are simply not detected at
all, whereas with a switch case at least they would give us compiler
warnings.

Also, IMHO code like:

  switch (type) {
  case TSK_FS_NAME_TYPE_UNDEF: return 'u';
  ...

would be much more readable.
> +/* Serialise dirent into XDR stream and send it to the appliance.
> + * Return 0 on success, -1 on error.
> + */
> +static int
> +send_dirent_info (guestfs_int_tsk_dirent *dirent)
> +{
> +  XDR xdr;
> +  size_t len = 0;
> +  CLEANUP_FREE char *buf;
> +
> +  buf = malloc (GUESTFS_MAX_CHUNK_SIZE);
> +  if (buf == NULL) {
> +    fprintf (stderr, "malloc: %m");
> +    return -1;
> +  }
> +
> +  /* Serialise tsk_dirent struct. */
> +  xdrmem_create (&xdr, buf, GUESTFS_MAX_CHUNK_SIZE, XDR_ENCODE);
> +
> +  if (!xdr_uint64_t (&xdr, &dirent->tsk_inode))
> +    return -1;
> +  if (!xdr_char (&xdr, &dirent->tsk_type))
> +    return -1;
> +  if (!xdr_int64_t (&xdr, &dirent->tsk_size))
> +    return -1;
> +
> +  /* Serialise filename. */
> +  len = strlen (dirent->tsk_name) + 1;
> +  if (!xdr_u_long (&xdr, &len))
> +    return -1;
> +  if (!xdr_string (&xdr, &dirent->tsk_name, len))
> +    return -1;
> +
> +  if (!xdr_uint32_t (&xdr, &dirent->tsk_allocated))
> +    return -1;
> +
> +  /* Resize buffer to actual length. */
> +  len = xdr_getpos (&xdr);
> +  xdr_destroy (&xdr);
> +  buf = realloc (buf, len);
> +  if (buf == NULL) {
> +    fprintf (stderr, "realloc: %m");
> +    return -1;
> +  }
I think this manual code is not needed, and you can use the XDR
serializing functions generated in daemon/guestfs_protocol.{c,h}.
> +
> +  /* Send serialised tsk_dirent out. */
> +  return send_file_write (buf, len);
> +}
> +
> +/* Parse TSK error and send it to the appliance. */
> +static void
> +reply_with_tsk_error (const char *funcname)
> +{
> +  int ret = 0;
> +  const char *buf = NULL;
> +
> +  ret = tsk_error_get_errno ();
> +  if (ret != 0) {
> +    buf = tsk_error_get ();
> +    reply_with_error ("TSK function %s error: %s", funcname,
buf);
> +  }
> +  else
> +    reply_with_error ("TSK function %s: unknown error",
funcname);
> +}
s/TSK function//
> +
> +int
> +optgroup_libtsk_available (void)
> +{
> +  return 1;
> +}
> +
> +#else   /* !HAVE_LIBTSK */
> +
> +OPTGROUP_LIBTSK_NOT_AVAILABLE
> +
> +#endif  /* !HAVE_LIBTSK */
> diff --git a/generator/actions.ml b/generator/actions.ml
> index e5cb939..449ffa0 100644
> --- a/generator/actions.ml
> +++ b/generator/actions.ml
> @@ -12958,6 +12958,31 @@ and save it as F<filename> on the local
machine.
> 
>  This allows to download deleted or inaccessible files." };
> 
> +  { defaults with
> +    name = "internal_filesystem_walk"; added = (1, 33, 17);
> +    style = RErr, [Mountable "device"; FileOut
"filename"], [];
> +    proc_nr = Some 465;
> +    visibility = VInternal;
> +    optional = Some "libtsk";
> +    shortdesc = "walk through the filesystem content";
> +    longdesc = "Walk through the internal structures of a disk
partition
> +(eg. F</dev/sda1>) in order to return a list of all the files
> +and directories stored within.
> +
> +It is not necessary to mount the disk partition to run this command.
> +
> +All entries in the filesystem are returned, excluding C<.> and
> +C<..>. This function can list deleted or unaccessible files.
> +The entries are I<not> sorted.
> +
> +If the entry is not allocated (ex: it has been deleted),
> +its inode, type or size might not be recovered correctly.
> +In such case, the inode and the size will be 0 while the type
> +will be unidentified 'u'.
> +
> +This call returns basic file type information about each
> +file." };
No need to copy&paste the same description used for the public
filesystem_walk -- a one-liner telling it is an internal function for
filesystem_walk is enough.
Internal functions will not be documented anyway, so it is not worth
adding "proper" documentation text for them.

Thanks,
-- 
Pino Toscano

Hi,

some of the comments for patch #3 apply also for this one, namely:
- wrapping of commit message
- indentation of forward declarations
- usage of XDR deserialization from guestfs_protocol.h
- 

On Sunday 03 April 2016 16:30:49 Matteo Cafasso wrote:
> The filesystem_walk command is the appliance's
> counterpart of the daemon's
> internal_filesystem_walk command.
> 
> It writes the daemon's command output
> on a temporary file and parses it, deserialising
> the XDR formatted tsk_dirent structs.
> 
> It returns to the caller the list
> of tsk_dirent structs generated by the
> internal_filesystem_walk command.
> 
> Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
> ---
>  generator/actions.ml |  69 ++++++++++++++++++++++
>  src/Makefile.am      |   1 +
>  src/tsk.c            | 162
+++++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 232 insertions(+)
>  create mode 100644 src/tsk.c
> 
> diff --git a/generator/actions.ml b/generator/actions.ml
> index 449ffa0..9457c3f 100644
> --- a/generator/actions.ml
> +++ b/generator/actions.ml
> @@ -3546,6 +3546,75 @@ The environment variable C<XDG_RUNTIME_DIR>
controls the default
>  value: If C<XDG_RUNTIME_DIR> is set, then that is the default.
>  Else F</tmp> is the default." };
> 
> +  { defaults with
> +    name = "filesystem_walk"; added = (1, 33, 17);
> +    style = RStructList ("dirents", "tsk_dirent"),
[Mountable "device";], [];
> +    optional = Some "libtsk";
> +    progress = true; cancellable = true;
> +    shortdesc = "walk through the filesystem content";
> +    longdesc = "\
> +Walk through the internal structures of a disk partition
> +(eg. F</dev/sda1>) in order to return a list of all the files
> +and directories stored within.
> +
> +It is not necessary to mount the disk partition to run this command.
> +
> +All entries in the filesystem are returned, excluding C<.> and
> +C<..>. This function can list deleted or unaccessible files.
> +The entries are I<not> sorted.
> +
> +If the entry is not allocated (ex: it has been deleted),
> +its inode, type or size might not be recovered correctly.
> +In such case, the inode and the size will be 0 while the type
> +will be unidentified 'u'.
As said for patch #3, unknown sizes should be -1 and not 0.
> +This call returns as well basic file type information about each
> +file.  The C<tsk_type> field will contain one of the following
characters:
> +
> +=over 4
> +
> +=item 'b'
> +
> +Block special
> +
> +=item 'c'
> +
> +Char special
> +
> +=item 'd'
> +
> +Directory
> +
> +=item 'f'
> +
> +FIFO (named pipe)
> +
> +=item 'l'
> +
> +Symbolic link
> +
> +=item 'r'
> +
> +Regular file
> +
> +=item 's'
> +
> +Socket
> +
> +=item 'h'
> +
> +Shadow inode (Solaris)
> +
> +=item 'w'
> +
> +Whiteout inode (BSD)
> +
> +=item 'u'
> +
> +Unknown file type
> +
> +=back" };
> +
>  ]
> 
>  (* daemon_functions are any functions which cause some action
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 3b4cd10..9f8af4c 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -130,6 +130,7 @@ libguestfs_la_SOURCES = \
>  	structs-copy.c \
>  	structs-free.c \
>  	tmpdirs.c \
> +	tsk.c \
>  	whole-file.c \
>  	libguestfs.syms
> 
> diff --git a/src/tsk.c b/src/tsk.c
> new file mode 100644
> index 0000000..d77bc0a
> --- /dev/null
> +++ b/src/tsk.c
> @@ -0,0 +1,162 @@
> +/* libguestfs
> + * Copyright (C) 2016 Red Hat Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
> + */
> +
> +#include <config.h>
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <string.h>
> +#include <rpc/xdr.h>
> +#include <rpc/types.h>
> +
> +#include "full-read.h"
> +
> +#include "guestfs.h"
> +#include "guestfs_protocol.h"
> +#include "guestfs-internal.h"
> +#include "guestfs-internal-all.h"
> +#include "guestfs-internal-actions.h"
> +
> +static struct guestfs_tsk_dirent_list *parse_filesystem_walk
> +(guestfs_h *g, char *buf, size_t bufsize);
> +int deserialise_dirent_list (guestfs_h *g, char *buf, size_t bufsize,
> +                             struct guestfs_tsk_dirent_list **dirents);
> +static int deserialise_dirent (guestfs_h *g, XDR *xdrs,
> +                               struct guestfs_tsk_dirent *dirent);
> +
> +struct guestfs_tsk_dirent_list *
> +guestfs_impl_filesystem_walk (guestfs_h *g, const char *mountable)
> +{
> +  int ret = 0;
> +  size_t size = 0;
> +  CLEANUP_FREE char *buf = NULL;
> +  CLEANUP_UNLINK_FREE char *tmpfile = NULL;
> +
> +  ret = guestfs_int_lazy_make_tmpdir (g);
> +  if (ret < 0)
> +    return NULL;
> +
> +  tmpfile = safe_asprintf (g, "%s/filesystem_walk%d",
g->tmpdir, ++g->unique);
> +
> +  ret = guestfs_internal_filesystem_walk (g, mountable, tmpfile);
> +  if (ret < 0)
> +    return NULL;
> +
> +  ret = guestfs_int_read_whole_file (g, tmpfile, &buf, &size);
> +  if (ret < 0)
> +    return NULL;
> +
> +  return parse_filesystem_walk (g, buf, size);  /* caller frees */
> +}
> +
> +/* Parse buf content and return dirents list.
> + * Return a list of tsk_dirent on success, NULL on error.
> + */
> +static struct guestfs_tsk_dirent_list *
> +parse_filesystem_walk (guestfs_h *g, char *buf, size_t bufsize)
> +{
> +  int ret = 0;
> +  struct guestfs_tsk_dirent_list *dirents = NULL;
> +
> +  /* Initialise results array. */
> +  dirents = safe_malloc (g, sizeof (struct guestfs_tsk_dirent_list));
> +  dirents->len = 8;
> +  dirents->val = safe_malloc (g, dirents->len *
> +                              sizeof (struct guestfs_tsk_dirent));
sizeof (*dirents->val) (and below too) can make the code slightly
shorter (just an hint).
> +
> +  /* Deserialise buffer into dirent list. */
> +  ret = deserialise_dirent_list (g, buf, bufsize, &dirents);
> +  if (ret < 0) {
> +    guestfs_free_tsk_dirent_list (dirents);
> +    return NULL;
> +  }
> +
> +  /* Resize the array to correct number of entries. */
> +  dirents->len = ret;
> +  dirents->val = safe_realloc (g, dirents->val,
> +                               dirents->len *
> +                               sizeof (struct guestfs_tsk_dirent));
You don't need to shrink the array with values -- users knows already
they don't have to access it past 'len' values.
> +
> +  return dirents;
> +}
> +
> +/* Deserialise buf content and populate the dirent list.
> + * Return the number of deserialised dirents, -1 on error.
> + */
> +int
> +deserialise_dirent_list (guestfs_h *g, char *buf, size_t bufsize,
> +                         struct guestfs_tsk_dirent_list **dirents)
Since you don't change the location of 'dirents', you don't need
to
pass a pointer to it to change its values.

Thanks,
-- 
Pino Toscano