Skip to content

Commit

Permalink
MOUNTED mode darwinpath calc added
Browse files Browse the repository at this point in the history
  • Loading branch information
@ydkhatri
ydkhatri committed Jun 26, 2020
1 parent 710825d commit 1fbfbfc
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 53 deletions.
12 changes: 10 additions & 2 deletions plugins/helpers/darwin_path_generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,12 @@ def GetDarwinPath(uuid, uid):
osx older than Mavericks(10.9)'''
charset ='+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
uuid = uuid.replace('-', '') # strip '-' if present
uid = int(uid)
if uid < 0:
# convert to unsigned num
uid = struct.unpack('<I', struct.pack('<i', uid))[0]
#Convert uid to hex 8 byte string
uid = '{:08x}'.format(int(uid)) # input uid may be int or string (decimal)
uid = '{:08x}'.format(uid) # input uid may be int or string (decimal)
hex_string = uuid + uid
binary_string = ''.join('{0:04b}'.format(int(c, 16)) for c in hex_string) # get binary string

Expand All @@ -48,8 +52,12 @@ def GetDarwinPath2(uuid, uid):
This is the algorithm for newer osx - Mavericks(10.9) thru Sierra(10.12)'''
charset ='0123456789_bcdfghjklmnpqrstvwxyz'
uuid = uuid.replace('-', '') # strip '-' if present
uid = int(uid)
if uid < 0:
# convert to unsigned num
uid = struct.unpack('<I', struct.pack('<i', uid))[0]
#Convert uid to hex 8 byte string
uid = '{:08x}'.format(int(uid)) # input uid may be int or string (decimal)
uid = '{:08x}'.format(uid) # input uid may be int or string (decimal)
hex_string = uuid + uid
binary_string = ''.join('{0:04b}'.format(int(c, 16)) for c in hex_string) # get binary string

Expand Down
59 changes: 8 additions & 51 deletions plugins/helpers/macinfo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1502,16 +1502,19 @@ def _GetDarwinFoldersInfo(self):
return

for user in self.users:
if user.UID != '' and user.UUID != '':
if user.UUID != '' and user.UID not in ('', '-2', '1', '201'): # Users nobody, daemon, guest don't have one
darwin_path = '/private/var/folders/' + GetDarwinPath2(user.UUID, user.UID)
if not self.IsValidFolderPath(darwin_path):
darwin_path = '/private/var/folders/' + GetDarwinPath(user.UUID, user.UID)
if not self.IsValidFolderPath(darwin_path):
log.error(f'Could not find DARWIN_PATH for user {user.user_name}, uid={user.UID}, uuid={user.UUID}')
if user.user_name.startswith('_') and user.UUID.upper().startswith('FFFFEEEE'):
pass
else:
log.error(f'Could not find DARWIN_PATH for user {user.user_name}, uid={user.UID}, uuid={user.UUID}')
continue
user_info.DARWIN_USER_DIR = darwin_path + '/0'
user_info.DARWIN_USER_CACHE_DIR = darwin_path + '/C'
user_info.DARWIN_USER_TEMP_DIR = darwin_path + '/T'
user.DARWIN_USER_DIR = darwin_path + '/0'
user.DARWIN_USER_CACHE_DIR = darwin_path + '/C'
user.DARWIN_USER_TEMP_DIR = darwin_path + '/T'

def _GetDomainUserInfo(self):
if not self.is_windows:
Expand All @@ -1520,52 +1523,6 @@ def _GetDomainUserInfo(self):
return
# Not implemented for windows as uid, gid not obtainable!

# def _GetUserInfo(self):
# if not self.is_windows:
# # Unix/Linux or Mac mounted disks should preserve UID/GID, so we can read it normally from the files.
# super()._GetUserInfo(self)
# return

# # on windows
# self._GetDarwinFoldersInfo() # This probably does not apply to OSX < Mavericks !

# #Get user info from plists under: \private\var\db\dslocal\nodes\Default\users\<USER>.plist
# #TODO - make a better plugin that gets all user & group info
# users_path = '/private/var/db/dslocal/nodes/Default/users'
# user_plists = self.ListItemsInFolder(users_path, EntryType.FILES)
# for plist_meta in user_plists:
# if plist_meta['size'] > 0:
# try:
# f = self.Open(users_path + '/' + plist_meta['name'])
# if f!= None:
# plist = biplist.readPlist(f)
# home_dir = self.GetArrayFirstElement(plist.get('home', ''))
# if home_dir != '':
# #log.info('{} : {}'.format(plist_meta['name'], home_dir))
# if home_dir.startswith('/var/'): home_dir = '/private' + home_dir # in mac /var is symbolic link to /private/var
# # find it in self.users which was populated by _GetDarwinFoldersInfo()
# target_user = None
# for user in self.users:
# if user.home_dir == home_dir:
# target_user = user
# break
# if target_user == None:
# target_user = UserInfo()
# self.users.append(target_user)
# target_user.UID = str(self.GetArrayFirstElement(plist.get('uid', '')))
# target_user.GID = str(self.GetArrayFirstElement(plist.get('gid', '')))
# target_user.UUID = self.GetArrayFirstElement(plist.get('generateduid', ''))
# target_user.home_dir = home_dir
# target_user.user_name = self.GetArrayFirstElement(plist.get('name', ''))
# target_user.real_name = self.GetArrayFirstElement(plist.get('realname', ''))
# # There is also accountpolicydata which contains : creation time, failed logon time, failed count, ..
# else:
# log.error('Did not find \'home\' in ' + plist_meta['name'])
# f.close()
# except Exception as ex:
# log.error ("Could not open plist " + plist_meta['name'] + " Exception: " + str(ex))
# #TODO: Domain user uid, gid?

class MountedMacInfoSeperateSysData(MountedMacInfo):
'''Same as MountedMacInfo, but takes into account two volumes (SYS, DATA) mounted separately'''

Expand Down

0 comments on commit 1fbfbfc

Please sign in to comment.