def Parse(self, query, result, knowledge_base):
"""Parse the WMI packages output."""
_ = query, knowledge_base
result = result.ToDict()
winvolume = rdf_client.WindowsVolume(
drive_letter=result.get("DeviceID"),
drive_type=result.get("DriveType"))
try:
size = int(result.get("Size"))
except (ValueError, TypeError):
size = None
try:
free_space = int(result.get("FreeSpace"))
except (ValueError, TypeError):
free_space = None
# Since we don't get the sector sizes from WMI, we just set them at 1 byte
volume = rdf_client.Volume(
windowsvolume=winvolume,
name=result.get("VolumeName"),
file_system_type=result.get("FileSystem"),
serial_number=result.get("VolumeSerialNumber"),
sectors_per_allocation_unit=1,
bytes_per_sector=1,
total_allocation_units=size,
actual_available_allocation_units=free_space)
yield volume
def Run(self, args):
if platform.system() == "Windows":
raise RuntimeError("os.statvfs not available on Windows")
for path in args.path_list:
try:
fd = vfs.VFSOpen(rdf_paths.PathSpec(path=path,
pathtype=args.pathtype),
progress_callback=self.Progress)
st = fd.StatFS()
mount_point = fd.GetMountPoint()
except (IOError, OSError) as e:
self.SetStatus(rdf_flows.GrrStatus.ReturnedStatus.IOERROR, e)
continue
unix = rdf_client.UnixVolume(mount_point=mount_point)
# On linux pre 2.6 kernels don't have frsize, so we fall back to bsize.
# The actual_available_allocation_units attribute is set to blocks
# available to the unprivileged user, root may have some additional
# reserved space.
self.SendReply(
rdf_client.Volume(
bytes_per_sector=(st.f_frsize or st.f_bsize),
sectors_per_allocation_unit=1,
total_allocation_units=st.f_blocks,
actual_available_allocation_units=st.f_bavail,
unixvolume=unix))
def Start(self):
if "/opt" in self.args.path_list[0]:
mnt = rdf_client.UnixVolume(mount_point="/opt")
self.SendReply(
rdf_client.Volume(unixvolume=mnt,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=10,
total_allocation_units=100))
else:
mnt = rdf_client.UnixVolume(mount_point="/var")
self.SendReply(
rdf_client.Volume(unixvolume=mnt,
bytes_per_sector=1,
sectors_per_allocation_unit=1,
actual_available_allocation_units=784165,
total_allocation_units=78416500))
class UnixVolumeClientMock(ListDirectoryClientMock):
"""A mock of client filesystem volumes."""
unix_local = rdf_client.UnixVolume(mount_point="/usr")
unix_home = rdf_client.UnixVolume(mount_point="/")
path_results = [
rdf_client.Volume(unixvolume=unix_local,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=50,
total_allocation_units=100),
rdf_client.Volume(unixvolume=unix_home,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=10,
total_allocation_units=100)
]
def StatFS(self, _):
return self.path_results
class WindowsVolumeClientMock(ListDirectoryClientMock):
"""A mock of client filesystem volumes."""
windows_d = rdf_client.WindowsVolume(drive_letter="D:")
windows_c = rdf_client.WindowsVolume(drive_letter="C:")
path_results = [
rdf_client.Volume(windowsvolume=windows_d,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=50,
total_allocation_units=100),
rdf_client.Volume(windowsvolume=windows_c,
bytes_per_sector=4096,
sectors_per_allocation_unit=1,
actual_available_allocation_units=10,
total_allocation_units=100)
]
def WmiQuery(self, query):
if query.query == u"SELECT * FROM Win32_LogicalDisk":
return client_fixture.WMI_SAMPLE
else:
return None
def CreateClientWithVolumes(self, available=50):
volume = rdf_client.Volume(
total_allocation_units=100, actual_available_allocation_units=available)
client_id = self.SetupClient(0)
if data_store.RelationalDBReadEnabled():
snapshot = data_store.REL_DB.ReadClientSnapshot(client_id.Basename())
snapshot.volumes = [volume]
data_store.REL_DB.WriteClientSnapshot(snapshot)
else:
with aff4.FACTORY.Open(
client_id, mode="rw", token=self.token) as client_obj:
client_obj.Set(client_obj.Schema.VOLUMES([volume]))
self.RequestAndGrantClientApproval(client_id)
client_obj = aff4.FACTORY.Open(client_id, token=self.token)
return client_id