Skip to content

Commit

Permalink
Numerous LVM support improvements by arisjr@
Browse files Browse the repository at this point in the history
  • Loading branch information
@joachimmetz
joachimmetz committed Jul 1, 2023
2 parents 4ce75ba + 417bc5d commit db01b55
Show file tree
Hide file tree
Showing 23 changed files with 722 additions and 92 deletions.
293 changes: 276 additions & 17 deletions bindings/java/jni/auto_db_java.cpp
View file

Large diffs are not rendered by default.

5 changes: 3 additions & 2 deletions bindings/java/jni/auto_db_java.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ class TskAutoDbJava :public TskAuto {

TSK_RETVAL_ENUM addUnallocatedPoolBlocksToDb(size_t & numPool);
static TSK_WALK_RET_ENUM fsWalkUnallocBlocksCb(const TSK_FS_BLOCK *a_block, void *a_ptr);
TSK_RETVAL_ENUM addFsInfoUnalloc(const TSK_DB_FS_INFO & dbFsInfo);
TSK_RETVAL_ENUM addFsInfoUnalloc(const TSK_IMG_INFO* curImgInfo, const TSK_DB_FS_INFO & dbFsInfo);
TSK_RETVAL_ENUM addUnallocFsSpaceToDb(size_t & numFs);
TSK_RETVAL_ENUM addUnallocVsSpaceToDb(size_t & numVsP);
TSK_RETVAL_ENUM addUnallocImageSpaceToDb();
Expand Down Expand Up @@ -235,7 +235,8 @@ class TskAutoDbJava :public TskAuto {
int64_t dataSourceObjId);
TSK_RETVAL_ENUM addUnallocFsBlockFilesParent(const int64_t fsObjId, int64_t& objId, int64_t dataSourceObjId);
TSK_RETVAL_ENUM addUnallocatedPoolVolume(int vol_index, int64_t parObjId, int64_t& objId);

TSK_RETVAL_ENUM getVsPartById(int64_t objId, TSK_VS_PART_INFO & vsPartInfo);
TSK_RETVAL_ENUM getVsByFsId(int64_t objId, TSK_DB_VS_INFO & vsDbInfo);
};

#endif
2 changes: 2 additions & 0 deletions bindings/java/src/org/sleuthkit/datamodel/TskData.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -581,6 +581,7 @@ public enum TSK_VS_TYPE_ENUM {
TSK_VS_TYPE_MAC(0x0008, "Mac"), ///< Mac partition table NON-NLS
TSK_VS_TYPE_GPT(0x0010, "GPT"), ///< GPT partition table NON-NLS
TSK_VS_TYPE_APFS(0x0020, "APFS"), ///< APFS pool NON-NLS
TSK_VS_TYPE_LVM(0x0030, "LVM"), ///< LVM pool NON-NLS
TSK_VS_TYPE_DBFILLER(0x00F0, bundle.getString("TskData.tskVSTypeEnum.fake")), ///< fake partition table type for loaddb (for images that do not have a volume system)
TSK_VS_TYPE_UNSUPP(0xFFFF, bundle.getString("TskData.tskVSTypeEnum.unsupported")); ///< Unsupported

Expand Down Expand Up @@ -742,6 +743,7 @@ public String getName() {
public enum TSK_POOL_TYPE_ENUM {
TSK_POOL_TYPE_DETECT(0, "Auto detect"), ///< Use autodetection methods
TSK_POOL_TYPE_APFS(1, "APFS Pool"), ///< APFS Pooled Volumes
TSK_POOL_TYPE_LVM(2, "LVM Pool"), ///< LVM Pooled Volumes
TSK_POOL_TYPE_UNSUPP(0xffff, "Unsupported") ///< Unsupported pool container type
;

Expand Down
8 changes: 7 additions & 1 deletion tools/fstools/blkcalc.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,8 +262,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL){
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
12 changes: 9 additions & 3 deletions tools/fstools/blkcat.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
/*
** blkcat
** The Sleuth Kit
** The Sleuth Kit
**
** Given an image , block number, and size, display the contents
** of the block to stdout.
**
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2006-2011 Brian Carrier, Basis Technology. All Rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
Expand Down Expand Up @@ -323,8 +323,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
18 changes: 15 additions & 3 deletions tools/fstools/blkls.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2006-2011 Brian Carrier, Basis Technology. All Rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
**
** TASK
** Copyright (c) 2002 Brian Carrier, @stake Inc. All rights reserved
Expand Down Expand Up @@ -248,8 +248,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down Expand Up @@ -364,8 +370,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
12 changes: 9 additions & 3 deletions tools/fstools/blkstat.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
/*
** blkstat
** The Sleuth Kit
** The Sleuth Kit
**
** Get the details about a data unit
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2006-2011 Brian Carrier, Basis Technology. All Rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
**
** TASK
** Copyright (c) 2002 Brian Carrier, @stake Inc. All rights reserved
Expand Down Expand Up @@ -200,8 +200,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
14 changes: 10 additions & 4 deletions tools/fstools/fcat.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
** fcat
** The Sleuth Kit
** fcat
** The Sleuth Kit
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2012 Brian Carrier, Basis Technology. All Rights reserved
Expand Down Expand Up @@ -214,8 +214,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand All @@ -239,7 +245,7 @@ main(int argc, char **argv1)
free(path);
exit(1);
}
free(path);
free(path);

// @@@ Cannot currently get ADS with this approach
retval =
Expand Down
14 changes: 10 additions & 4 deletions tools/fstools/ffind.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
/*
** ffind (file find)
** The Sleuth Kit
** The Sleuth Kit
**
** Find the file that uses the specified inode (including deleted files)
**
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2006-2011 Brian Carrier, Basis Technology. All Rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
**
** TASK
** Copyright (c) 2002 Brian Carrier, @stake Inc. All rights reserved
Expand Down Expand Up @@ -231,8 +231,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
16 changes: 14 additions & 2 deletions tools/fstools/fls.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,8 +334,14 @@ main(int argc, char **argv1)
}
img_parent = img;

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down Expand Up @@ -390,8 +396,14 @@ main(int argc, char **argv1)
}
img_parent = img;

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
8 changes: 7 additions & 1 deletion tools/fstools/fsstat.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,8 +210,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
10 changes: 8 additions & 2 deletions tools/fstools/icat.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ main(int argc, char **argv1)
}

if (pvol_block == 0) {
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size,
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size,
fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
Expand All @@ -249,8 +249,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
10 changes: 8 additions & 2 deletions tools/fstools/ifind.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
** The Sleuth Kit
**
** Given an image and block number, identify which inode it is used by
**
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2006-2011 Brian Carrier, Basis Technology. All Rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
Expand Down Expand Up @@ -291,8 +291,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
18 changes: 12 additions & 6 deletions tools/fstools/ils.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
/*
** The Sleuth Kit
** The Sleuth Kit
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2006-2011 Brian Carrier, Basis Technology. All Rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
** Copyright (c) 2003-2005 Brian Carrier. All rights reserved
**
** TASK
** Copyright (c) 2002 Brian Carrier, @stake Inc. All rights reserved
**
** Copyright (c) 1997,1998,1999, International Business Machines
**
** Copyright (c) 1997,1998,1999, International Business Machines
** Corporation and others. All Rights Reserved.
*/

Expand Down Expand Up @@ -57,7 +57,7 @@ usage()
tsk_fprintf(stderr,
"\t-f fstype: File system type (use '-f list' for supported types)\n");
tsk_fprintf(stderr,
"\t-o imgoffset: The offset of the file system in the image (in sectors)\n");
"\t-o imgoffset: The offset of the file system in the image (in sectors)\n");
tsk_fprintf(stderr,
"\t-P pooltype: Pool container type (use '-p list' for supported types)\n");
tsk_fprintf(stderr,
Expand Down Expand Up @@ -367,8 +367,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down
10 changes: 8 additions & 2 deletions tools/fstools/istat.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ main(int argc, char **argv1)
}

if (pvol_block == 0) {
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size,
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size,
fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
Expand All @@ -268,8 +268,14 @@ main(int argc, char **argv1)
exit(1);
}

TSK_OFF_T offset = imgaddr * img->sector_size;
#if HAVE_LIBVSLVM
if (pool->ctype == TSK_POOL_TYPE_LVM){
offset = 0;
}
#endif /* HAVE_LIBVSLVM */
img = pool->get_img_info(pool, (TSK_DADDR_T)pvol_block);
if ((fs = tsk_fs_open_img_decrypt(img, imgaddr * img->sector_size, fstype, password)) == NULL) {
if ((fs = tsk_fs_open_img_decrypt(img, offset, fstype, password)) == NULL) {
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
Expand Down

0 comments on commit db01b55

Please sign in to comment.