def __init__(self, *args, **kwargs):
super(LocalDiskCache, self).__init__(*args, **kwargs)
if not self.cache_directory:
self.cache_directory = cache.GetCacheDir(self._session)
if not self.cache_directory:
raise plugin.InvalidArgs("cache directory not specified.")
self.cache_directory = os.path.join(self.cache_directory,
"rekall_agent")
def __init__(self, session=None, **kwargs):
super(CachingManager, self).__init__(session=session, **kwargs)
cache_dir = cache.GetCacheDir(session)
# We use an IO manager to manage the cache directory directly.
self.cache_io_manager = io_manager.DirectoryIOManager(urn=cache_dir,
session=session)
self.url_manager = self.DELEGATE(session=session, **kwargs)
self.CheckUpstreamRepository()
def __init__(self, filename=None, **kwargs):
super(AFF4AddressSpace, self).__init__(**kwargs)
self.as_assert(self.base == None,
"Must stack on another address space")
path = filename or self.session.GetParameter("filename")
self.as_assert(path != None, "Filename must be specified")
self.image = None
self.resolver = data_store.MemoryDataStore()
# If we have a cache directory, configure AFF4 to use it.
try:
cache_dir = cache.GetCacheDir(self.session)
if cache_dir:
self.resolver.Set(lexicon.AFF4_CONFIG_CACHE_DIR,
lexicon.AFF4_FILE_NAME,
rdfvalue.XSDString(
os.path.join(cache_dir, "aff4_cache")))
except IOError:
pass
# A map between the filename and the offset it is mapped into the
# address space.
self.mapped_files = {}
try:
volume_path, stream_path = self._LocateAFF4Volume(path)
except IOError as e:
self.session.logging.debug("Unable to open AFF4 image %s", e)
raise addrspace.ASAssertionError("Unable to open AFF4 volume")
# filename is a volume, and there is no stream specified, just autoload
# the stream if possible.
if not stream_path:
try:
self._AutoLoadAFF4Volume(volume_path)
return
except IOError as e:
raise addrspace.ASAssertionError(
"Unable to open AFF4 volume: %s" % e)
# If the user asked for a specific stream just load that one. Note that
# you can still load the pagefile manually using the --pagefile
# parameter.
try:
image_urn = volume_path.Append(stream_path)
self._LoadMemoryImage(image_urn)
except IOError as e:
raise addrspace.ASAssertionError(
"Unable to open AFF4 stream %s: %s" % (
stream_path, e))
def repository_managers(self):
"""The IO managers that are used to fetch profiles from the profile
repository.
"""
if self._repository_managers:
return self._repository_managers
# The profile path is specified in search order.
repository_path = (self.GetParameter("repository_path")
or self.GetParameter("profile_path") or [])
for path in repository_path:
# TODO(scudette): remove this hack for 1.6 release. Github has
# changed their static URL access. If the user is using an old URL
# we warn and correct it.
if path in constants.OLD_DEPRECATED_URLS:
self.logging.warn(
"Rekall's profile repository is pointing to deprecated URL "
"(%s). Please update your ~/.rekallrc file.", path)
path = constants.PROFILE_REPOSITORIES[0]
try:
self._repository_managers.append(
(path, io_manager.Factory(path, session=self)))
except ValueError:
pass
if not self._repository_managers:
try:
self.logging.warn(
"No usable repositories were found. "
"Rekall Will attempt to use the local cache. "
"This is likely to fail if profiles are missing locally!")
self._repository_managers = [
(None,
io_manager.DirectoryIOManager(urn=cache.GetCacheDir(self),
session=self))
]
except IOError:
self._repository_managers = []
return self._repository_managers
