def Start(self): if "/opt" in self.args.path_list[0]: mnt = rdfvalue.UnixVolume(mount_point="/opt") self.SendReply(rdfvalue.Volume(unix=mnt, bytes_per_sector=4096, sectors_per_allocation_unit=1, actual_available_allocation_units=10, total_allocation_units=100)) else: mnt = rdfvalue.UnixVolume(mount_point="/var") self.SendReply(rdfvalue.Volume(unix=mnt, bytes_per_sector=1, sectors_per_allocation_unit=1, actual_available_allocation_units=784165, total_allocation_units=78416500))
def Run(self, args): if platform.system() == "Windows": raise RuntimeError("os.statvfs not available on Windows") for path in args.path_list: try: fd = vfs.VFSOpen(rdfvalue.PathSpec(path=path, pathtype=args.pathtype), progress_callback=self.Progress) st = fd.StatFS() mount_point = fd.GetMountPoint() except (IOError, OSError), e: self.SetStatus(rdfvalue.GrrStatus.ReturnedStatus.IOERROR, e) continue unix = rdfvalue.UnixVolume(mount_point=mount_point) # On linux pre 2.6 kernels don't have frsize, so we fall back to bsize. # The actual_available_allocation_units attribute is set to blocks # available to the unprivileged user, root may have some additional # reserved space. result = rdfvalue.Volume( bytes_per_sector=(st.f_frsize or st.f_bsize), sectors_per_allocation_unit=1, total_allocation_units=st.f_blocks, actual_available_allocation_units=st.f_bavail, unix=unix) self.SendReply(result)
def Parse(self, query, result, knowledge_base): """Parse the wmi packages output.""" _ = query, knowledge_base result = result.ToDict() winvolume = rdfvalue.WindowsVolume(drive_letter=result.get("DeviceID"), drive_type=result.get("DriveType")) try: size = int(result.get("Size")) except ValueError: size = None try: free_space = int(result.get("FreeSpace")) except ValueError: free_space = None # Since we don't get the sector sizes from WMI, we just set them at 1 byte volume = rdfvalue.Volume( windows=winvolume, name=result.get("VolumeName"), file_system_type=result.get("FileSystem"), serial_number=result.get("VolumeSerialNumber"), sectors_per_allocation_unit=1, bytes_per_sector=1, total_allocation_units=size, actual_available_allocation_units=free_space) yield volume
class UnixVolumeClientMock(ActionMock): """A mock of client filesystem volumes.""" unix_local = rdfvalue.UnixVolume(mount_point="/usr") unix_home = rdfvalue.UnixVolume(mount_point="/") path_results = [ rdfvalue.Volume(unix=unix_local, bytes_per_sector=4096, sectors_per_allocation_unit=1, actual_available_allocation_units=50, total_allocation_units=100), rdfvalue.Volume(unix=unix_home, bytes_per_sector=4096, sectors_per_allocation_unit=1, actual_available_allocation_units=10, total_allocation_units=100) ] def StatFS(self, _): return self.path_results
class WindowsVolumeClientMock(ActionMock): """A mock of client filesystem volumes.""" windows_d = rdfvalue.WindowsVolume(drive_letter="D:") windows_c = rdfvalue.WindowsVolume(drive_letter="C:") path_results = [ rdfvalue.Volume(windows=windows_d, bytes_per_sector=4096, sectors_per_allocation_unit=1, actual_available_allocation_units=50, total_allocation_units=100), rdfvalue.Volume(windows=windows_c, bytes_per_sector=4096, sectors_per_allocation_unit=1, actual_available_allocation_units=10, total_allocation_units=100) ] def WmiQuery(self, query): if query.query == u"SELECT * FROM Win32_LogicalDisk": return client_fixture.WMI_SAMPLE else: return None
def CreateClientWithVolumes(self, available=50): with self.ACLChecksDisabled(): client_id = self.SetupClients(1)[0] with aff4.FACTORY.Open(client_id, mode="rw", token=self.token) as client_obj: volume = rdfvalue.Volume( total_allocation_units=100, actual_available_allocation_units=available) client_obj.Set(client_obj.Schema.VOLUMES([volume])) self.GrantClientApproval(client_id) client_obj = aff4.FACTORY.Open(client_id, token=self.token) return client_id