def Start(self):
if "/opt" in self.args.path_list[0]:
mnt = rdfvalue.UnixVolume(mount_point="/opt")
self.SendReply(rdfvalue.Volume(unix=mnt, bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=10,
total_allocation_units=100))
else:
mnt = rdfvalue.UnixVolume(mount_point="/var")
self.SendReply(rdfvalue.Volume(unix=mnt, bytes_per_sector=1,
sectors_per_allocation_unit=1,
actual_available_allocation_units=784165,
total_allocation_units=78416500))
def Run(self, args):
if platform.system() == "Windows":
raise RuntimeError("os.statvfs not available on Windows")
for path in args.path_list:
try:
fd = vfs.VFSOpen(rdfvalue.PathSpec(path=path,
pathtype=args.pathtype),
progress_callback=self.Progress)
st = fd.StatFS()
mount_point = fd.GetMountPoint()
except (IOError, OSError), e:
self.SetStatus(rdfvalue.GrrStatus.ReturnedStatus.IOERROR, e)
continue
unix = rdfvalue.UnixVolume(mount_point=mount_point)
# On linux pre 2.6 kernels don't have frsize, so we fall back to bsize.
# The actual_available_allocation_units attribute is set to blocks
# available to the unprivileged user, root may have some additional
# reserved space.
result = rdfvalue.Volume(
bytes_per_sector=(st.f_frsize or st.f_bsize),
sectors_per_allocation_unit=1,
total_allocation_units=st.f_blocks,
actual_available_allocation_units=st.f_bavail,
unix=unix)
self.SendReply(result)
def Parse(self, query, result, knowledge_base):
"""Parse the wmi packages output."""
_ = query, knowledge_base
result = result.ToDict()
winvolume = rdfvalue.WindowsVolume(drive_letter=result.get("DeviceID"),
drive_type=result.get("DriveType"))
try:
size = int(result.get("Size"))
except ValueError:
size = None
try:
free_space = int(result.get("FreeSpace"))
except ValueError:
free_space = None
# Since we don't get the sector sizes from WMI, we just set them at 1 byte
volume = rdfvalue.Volume(
windows=winvolume,
name=result.get("VolumeName"),
file_system_type=result.get("FileSystem"),
serial_number=result.get("VolumeSerialNumber"),
sectors_per_allocation_unit=1,
bytes_per_sector=1,
total_allocation_units=size,
actual_available_allocation_units=free_space)
yield volume
class UnixVolumeClientMock(ActionMock):
"""A mock of client filesystem volumes."""
unix_local = rdfvalue.UnixVolume(mount_point="/usr")
unix_home = rdfvalue.UnixVolume(mount_point="/")
path_results = [
rdfvalue.Volume(unix=unix_local,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=50,
total_allocation_units=100),
rdfvalue.Volume(unix=unix_home,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=10,
total_allocation_units=100)
]
def StatFS(self, _):
return self.path_results
class WindowsVolumeClientMock(ActionMock):
"""A mock of client filesystem volumes."""
windows_d = rdfvalue.WindowsVolume(drive_letter="D:")
windows_c = rdfvalue.WindowsVolume(drive_letter="C:")
path_results = [
rdfvalue.Volume(windows=windows_d,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=50,
total_allocation_units=100),
rdfvalue.Volume(windows=windows_c,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=10,
total_allocation_units=100)
]
def WmiQuery(self, query):
if query.query == u"SELECT * FROM Win32_LogicalDisk":
return client_fixture.WMI_SAMPLE
else:
return None
def CreateClientWithVolumes(self, available=50):
with self.ACLChecksDisabled():
client_id = self.SetupClients(1)[0]
with aff4.FACTORY.Open(client_id, mode="rw",
token=self.token) as client_obj:
volume = rdfvalue.Volume(
total_allocation_units=100,
actual_available_allocation_units=available)
client_obj.Set(client_obj.Schema.VOLUMES([volume]))
self.GrantClientApproval(client_id)
client_obj = aff4.FACTORY.Open(client_id, token=self.token)
return client_id
