def calculate(self): common.set_plugin_members(self) mounts = mac_mount.mac_mount(self._config).calculate() for mount in mounts: vnode = mount.mnt_vnodelist.tqh_first while vnode: path = vnode.full_path() yield vnode, path vnode = vnode.v_mntvnodes.tqe_next
def calculate(self): common.set_plugin_members(self) mounts = mac_mount.mac_mount(self._config).calculate() seen = {} paths = {} for mount in mounts: vnode = mount.mnt_vnodelist.tqh_first while vnode: if vnode.v() in seen: break seen[vnode.v()] = 1 if vnode.v_flag.v() & 0x000001 != 0: yield vnode, vnode.full_path() fname = "" parent_vnode = None else: fname = str(vnode.v_name.dereference() or '') parent_vnode = vnode.v_parent if parent_vnode != None and fname != "": parent_key = parent_vnode.v() # if not then calc full path and store in cache if not parent_key in paths: paths[parent_key] = parent_vnode.full_path() if paths[parent_key] == "/": sep = "" else: sep = "/" # figure out our full path and store it path = paths[parent_key] + sep + fname paths[vnode.v()] = path yield vnode, path vnode = vnode.v_mntvnodes.tqe_next
def list_files(config): plugin = mac_mount.mac_mount(config) mounts = plugin.calculate() joiner = os.path.join vnodes = {} parent_vnodes = {} ## build an initial table of all vnodes for mount in mounts: vnode = mount.mnt_vnodelist.tqh_first.dereference() while vnode: ## abort here to prevent going in a loop if vnode.obj_offset in vnodes: break ## its ok to call the slower full_path() ## here because its only done for root ## nodes which is only a couple per system if int(vnode.v_flag) & 1: name = vnode.full_path() entry = [name, None, vnode] vnodes[vnode.obj_offset] = entry else: name = vnode.v_name.dereference() parent = vnode.v_parent.dereference() if parent: par_offset = parent.obj_offset else: if config.SHOW_ORPHANS: par_offset = None else: vnode = vnode.v_mntvnodes.tqe_next.dereference() continue entry = [name, par_offset, vnode] vnodes[vnode.obj_offset] = entry vnode = vnode.v_mntvnodes.tqe_next.dereference() ## account for vnodes that aren't in the list but are ## referenced from other vnode's v_parent pointers for key, val in vnodes.items(): name, parent, vnode = val if not name or not parent: continue parent = obj.Object("vnode", offset = parent, vm = vnode.obj_vm) while parent: if parent.obj_offset in vnodes: break name = parent.v_name.dereference() next_parent = parent.v_parent.dereference() if next_parent: par_offset = next_parent.obj_offset else: par_offset = None entry = [name, par_offset, parent] vnodes[parent.obj_offset] = entry parent = next_parent ## build the full paths for all directories for key, val in vnodes.items(): name, parent, vnode = val ## we can't have unnamed files or directories if not name: continue if not vnode.is_dir(): continue if parent in parent_vnodes: full_path = joiner(parent_vnodes[parent], name) else: paths = [str(name)] while parent: entry = vnodes.get(parent) ## a vnode's parent wasn't found or ## we reached the root directory if not entry: break name, parent, _vnode = entry if not name: break paths.append(str(name)) ## build the path in reverse order full_path = "/".join(reversed(paths)) parent_vnodes[key] = full_path ## link everything up with their parents for val in vnodes.values(): name, parent, vnode = val if not name: continue entry = parent_vnodes.get(parent) if not entry: yield vnode, name else: full_path = joiner(entry, name) ## add a leading slash if one doesn't exist if full_path[0] != "/": full_path = "/" + full_path ## otherwise in some cases we may have double ## slashes so reduce that down to just one elif full_path[0:2] == "//": full_path = full_path[1:] yield vnode, full_path
def list_files(config): plugin = mac_mount.mac_mount(config) mounts = plugin.calculate() vnodes = {} parent_vnodes = {} loop_vnodes = set() seen = set() ## build an initial table of all vnodes for mount in mounts: loop_vnodes = mac_list_files.walk_vnodelist( mount.mnt_vnodelist, loop_vnodes) loop_vnodes = mac_list_files.walk_vnodelist( mount.mnt_workerqueue, loop_vnodes) loop_vnodes = mac_list_files.walk_vnodelist( mount.mnt_newvnodes, loop_vnodes) loop_vnodes.add(mount.mnt_vnodecovered) loop_vnodes.add(mount.mnt_realrootvp) loop_vnodes.add(mount.mnt_devvp) for vnode in loop_vnodes: while vnode: ## abort here to prevent going in a loop if vnode.obj_offset in vnodes: break ## its ok to call the slower full_path() ## here because its only done for root ## nodes which is only a couple per system if int(vnode.v_flag) & 1: name = vnode.full_path() entry = [name, None, vnode] vnodes[vnode.obj_offset] = entry else: name = vnode.v_name.dereference() parent = vnode.v_parent.dereference() if parent: par_offset = parent.obj_offset else: if config.SHOW_ORPHANS: par_offset = None else: vnode = vnode.v_mntvnodes.tqe_next.dereference() vnodes[vnode.obj_offset] = [None, None, vnode] continue entry = [name, par_offset, vnode] vnodes[vnode.obj_offset] = entry vnode = vnode.v_mntvnodes.tqe_next.dereference() ## account for vnodes that aren't in the list but are ## referenced from other vnode's v_parent pointers for key, val in list(vnodes.items()): name, parent, vnode = val if not name or not parent: continue parent = obj.Object("vnode", offset=parent, vm=vnode.obj_vm) while parent: if parent.obj_offset in vnodes: break name = parent.v_name.dereference() next_parent = parent.v_parent.dereference() if next_parent: par_offset = next_parent.obj_offset else: par_offset = None entry = [str(name), par_offset, parent] vnodes[parent.obj_offset] = entry parent = next_parent ## build the full paths for all directories for key, val in list(vnodes.items()): name, parent, vnode = val ## we can't have unnamed files or directories if not name: continue if not vnode.is_dir(): continue name = str(name) if parent in parent_vnodes: full_path = parent_vnodes[parent] + "/" + name else: paths = [name] seen_subs = set() while parent and parent not in seen_subs: seen_subs.add(parent) entry = vnodes.get(parent) ## a vnode's parent wasn't found or ## we reached the root directory if not entry: break name, parent, _vnode = entry if not name: break paths.append(str(name)) ## build the path in reverse order full_path = "/".join(reversed(paths)) parent_vnodes[key] = full_path ## link everything up with their parents for val in list(vnodes.values()): name, parent, vnode = val if not name: continue name = str(name) entry = parent_vnodes.get(parent) if not entry: yield vnode, name else: full_path = entry + "/" + name ## add a leading slash if one doesn't exist if full_path[0] != "/": full_path = "/" + full_path ## otherwise in some cases we may have double ## slashes so reduce that down to just one elif full_path[0:2] == "//": full_path = full_path[1:] yield vnode, full_path
def calculate(self): common.set_plugin_members(self) plugin = mac_mount.mac_mount(self._config) mounts = plugin.calculate() joiner = os.path.join vnodes = {} parent_vnodes = {} ## build an initial table of all vnodes for mount in mounts: vnode = mount.mnt_vnodelist.tqh_first.dereference() while vnode: ## abort here to prevent going in a loop if vnode.obj_offset in vnodes: break ## its ok to call the slower full_path() ## here because its only done for root ## nodes which is only a couple per system if int(vnode.v_flag) & 1: name = vnode.full_path() entry = [name, None, vnode] vnodes[vnode.obj_offset] = entry else: name = vnode.v_name.dereference() parent = vnode.v_parent.dereference() if parent: par_offset = parent.obj_offset else: par_offset = None entry = [name, par_offset, vnode] vnodes[vnode.obj_offset] = entry vnode = vnode.v_mntvnodes.tqe_next.dereference() ## build the full paths for all directories for key, val in vnodes.items(): name, parent, vnode = val ## we can't have unnamed files or directories if not name: continue if not vnode.is_dir(): continue if parent in parent_vnodes: full_path = joiner(parent_vnodes[parent], name) else: paths = [str(name)] while parent: entry = vnodes.get(parent) ## a vnode's parent wasn't found or ## we reached the root directory if not entry: break name, parent, _vnode = entry if not name: break paths.append(str(name)) ## build the path in reverse order full_path = "/".join(reversed(paths)) parent_vnodes[key] = full_path ## link everything up with their parents for val in vnodes.values(): name, parent, vnode = val if not name: continue entry = parent_vnodes.get(parent) if not entry: yield vnode, name else: full_path = joiner(entry, name) if full_path[0:2] == "//": full_path = full_path[1:] yield vnode, full_path