RubyGems - manageiq-smartstate - Versions diffs - 0.1.0 - Mend

manageiq-smartstate 0.1.0

Files changed (305) hide show

checksums.yaml +7 -0
data/.gitignore +15 -0
data/.rspec +4 -0
data/.rspec_ci +4 -0
data/.travis.yml +15 -0
data/Gemfile +9 -0
data/LICENSE.txt +202 -0
data/README.md +45 -0
data/Rakefile +23 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/lib/MiqContainerGroup/MiqContainerGroup.rb +31 -0
data/lib/MiqVm/MiqLocalVm.rb +50 -0
data/lib/MiqVm/MiqRhevmVm.rb +179 -0
data/lib/MiqVm/MiqVm.rb +355 -0
data/lib/MiqVm/miq_azure_vm.rb +96 -0
data/lib/MiqVm/miq_scvmm_vm.rb +38 -0
data/lib/MiqVm/test/camcorder_fleece_test.rb +60 -0
data/lib/MiqVm/test/localVm.rb +45 -0
data/lib/MiqVm/test/partitionAlignmentCheck.rb +76 -0
data/lib/MiqVm/test/remoteVm.rb +65 -0
data/lib/MiqVm/test/rhevmNfsTest.rb +62 -0
data/lib/MiqVm/test/rhevmNfsTest2.rb +66 -0
data/lib/MiqVm/test/rhevmTest.rb +70 -0
data/lib/OpenStackExtract/MiqOpenStackVm/MiqOpenStackCommon.rb +107 -0
data/lib/OpenStackExtract/MiqOpenStackVm/MiqOpenStackImage.rb +67 -0
data/lib/OpenStackExtract/MiqOpenStackVm/MiqOpenStackInstance.rb +182 -0
data/lib/Scvmm/miq_hyperv_disk.rb +273 -0
data/lib/Scvmm/miq_scvmm_parse_powershell.rb +75 -0
data/lib/Scvmm/miq_scvmm_vm_ssa_info.rb +135 -0
data/lib/Scvmm/test/miq_hyperv_disk_test.rb +33 -0
data/lib/Scvmm/test/miq_scvmm_vm_ssa_info_test.rb +41 -0
data/lib/VmLocalDiskAccess/test/localCfg.rb +97 -0
data/lib/VolumeManager/LVM/logical_volume.rb +75 -0
data/lib/VolumeManager/LVM/lv_segment.rb +43 -0
data/lib/VolumeManager/LVM/lvm2disk.rb +158 -0
data/lib/VolumeManager/LVM/parser.rb +138 -0
data/lib/VolumeManager/LVM/physical_volume.rb +19 -0
data/lib/VolumeManager/LVM/scanner.rb +156 -0
data/lib/VolumeManager/LVM/thin/btree.rb +83 -0
data/lib/VolumeManager/LVM/thin/constants.rb +86 -0
data/lib/VolumeManager/LVM/thin/data_map.rb +44 -0
data/lib/VolumeManager/LVM/thin/mapping_tree.rb +19 -0
data/lib/VolumeManager/LVM/thin/space_maps.rb +58 -0
data/lib/VolumeManager/LVM/thin/superblock.rb +136 -0
data/lib/VolumeManager/LVM/thin.rb +6 -0
data/lib/VolumeManager/LVM/volume_group.rb +97 -0
data/lib/VolumeManager/LVM.rb +8 -0
data/lib/VolumeManager/MiqLdm.rb +546 -0
data/lib/VolumeManager/MiqLvm.rb +17 -0
data/lib/VolumeManager/MiqNativeVolumeManager.rb +150 -0
data/lib/VolumeManager/MiqVolumeManager.rb +277 -0
data/lib/VolumeManager/VolMgrPlatformSupport.rb +18 -0
data/lib/VolumeManager/VolMgrPlatformSupportLinux.rb +77 -0
data/lib/VolumeManager/VolMgrPlatformSupportWin.rb +17 -0
data/lib/VolumeManager/test/blockDevTest.rb +40 -0
data/lib/VolumeManager/test/ldm.rb +97 -0
data/lib/blackbox/VmBlackBox.rb +103 -0
data/lib/blackbox/xmlStorage.rb +180 -0
data/lib/db/MiqBdb/MiqBdb.rb +309 -0
data/lib/db/MiqBdb/MiqBdbBtree.rb +219 -0
data/lib/db/MiqBdb/MiqBdbHash.rb +199 -0
data/lib/db/MiqBdb/MiqBdbPage.rb +159 -0
data/lib/db/MiqBdb/MiqBdbUtil.rb +18 -0
data/lib/db/MiqSqlite/MiqSqlite3.rb +330 -0
data/lib/db/MiqSqlite/MiqSqlite3Cell.rb +167 -0
data/lib/db/MiqSqlite/MiqSqlite3Page.rb +151 -0
data/lib/db/MiqSqlite/MiqSqlite3Table.rb +124 -0
data/lib/db/MiqSqlite/MiqSqlite3Util.rb +32 -0
data/lib/disk/DiskProbe.rb +68 -0
data/lib/disk/MiqDisk.rb +317 -0
data/lib/disk/camcorder_test.rb +90 -0
data/lib/disk/dos_mbr.img +0 -0
data/lib/disk/modules/AzureBlobDisk.rb +101 -0
data/lib/disk/modules/LocalDevMod.rb +47 -0
data/lib/disk/modules/LocalDevProbe.rb +6 -0
data/lib/disk/modules/MSCommon.rb +352 -0
data/lib/disk/modules/MSVSDiffDisk.rb +91 -0
data/lib/disk/modules/MSVSDiskProbe.rb +61 -0
data/lib/disk/modules/MSVSDynamicDisk.rb +42 -0
data/lib/disk/modules/MSVSFixedDisk.rb +45 -0
data/lib/disk/modules/MiqLargeFile.rb +63 -0
data/lib/disk/modules/MiqLargeFileWin32.rb +107 -0
data/lib/disk/modules/QcowDisk.rb +692 -0
data/lib/disk/modules/QcowDiskProbe.rb +34 -0
data/lib/disk/modules/RawBlockIO.rb +116 -0
data/lib/disk/modules/RawDisk.rb +45 -0
data/lib/disk/modules/RawDiskProbe.rb +7 -0
data/lib/disk/modules/RhevmDescriptor.rb +167 -0
data/lib/disk/modules/RhevmDiskProbe.rb +52 -0
data/lib/disk/modules/VMWareCowdDisk.rb +207 -0
data/lib/disk/modules/VMWareDescriptor.rb +214 -0
data/lib/disk/modules/VMWareDiskProbe.rb +74 -0
data/lib/disk/modules/VMWareSparseDisk.rb +189 -0
data/lib/disk/modules/VhdxDisk.rb +625 -0
data/lib/disk/modules/VhdxDiskProbe.rb +46 -0
data/lib/disk/modules/VixDiskMod.rb +54 -0
data/lib/disk/modules/VixDiskProbe.rb +6 -0
data/lib/disk/modules/miq_disk_cache.rb +135 -0
data/lib/disk/modules/miq_dummy_disk.rb +41 -0
data/lib/disk/modules/vhdx_bat_entry.rb +10 -0
data/lib/disk/test.rb +66 -0
data/lib/fs/MetakitFS/MetakitFS.rb +530 -0
data/lib/fs/MetakitFS/test/Makefile +14 -0
data/lib/fs/MetakitFS/test/MkCollectFiles.rb +165 -0
data/lib/fs/MetakitFS/test/MkSelectFiles.rb +30 -0
data/lib/fs/MetakitFS/test/collect_files.yaml +70 -0
data/lib/fs/MetakitFS/test/init.rb +3 -0
data/lib/fs/MetakitFS/test/mk2vmdk.rb +64 -0
data/lib/fs/MetakitFS/test/mk4test.c +92 -0
data/lib/fs/MetakitFS/test/mkFsTest.rb +113 -0
data/lib/fs/MetakitFS/test/proto.rb +97 -0
data/lib/fs/MiqFS/FsProbe.rb +39 -0
data/lib/fs/MiqFS/MiqFS.rb +515 -0
data/lib/fs/MiqFS/modules/AUFSProbe.rb +26 -0
data/lib/fs/MiqFS/modules/Ext3.rb +305 -0
data/lib/fs/MiqFS/modules/Ext3Probe.rb +25 -0
data/lib/fs/MiqFS/modules/Ext4.rb +304 -0
data/lib/fs/MiqFS/modules/Ext4Probe.rb +25 -0
data/lib/fs/MiqFS/modules/Fat32.rb +318 -0
data/lib/fs/MiqFS/modules/Fat32Probe.rb +30 -0
data/lib/fs/MiqFS/modules/HFSProbe.rb +18 -0
data/lib/fs/MiqFS/modules/Iso9660.rb +293 -0
data/lib/fs/MiqFS/modules/Iso9660Probe.rb +18 -0
data/lib/fs/MiqFS/modules/LocalFS.rb +105 -0
data/lib/fs/MiqFS/modules/NTFS.rb +287 -0
data/lib/fs/MiqFS/modules/NTFSProbe.rb +21 -0
data/lib/fs/MiqFS/modules/NativeFS.rb +155 -0
data/lib/fs/MiqFS/modules/ReFSProbe.rb +17 -0
data/lib/fs/MiqFS/modules/RealFS.rb +79 -0
data/lib/fs/MiqFS/modules/RealFSProbe.rb +6 -0
data/lib/fs/MiqFS/modules/Reiser4Probe.rb +18 -0
data/lib/fs/MiqFS/modules/ReiserFS.rb +315 -0
data/lib/fs/MiqFS/modules/ReiserFSProbe.rb +42 -0
data/lib/fs/MiqFS/modules/UnionFSProbe.rb +18 -0
data/lib/fs/MiqFS/modules/WebDAV.rb +127 -0
data/lib/fs/MiqFS/modules/WebDAVFile.rb +68 -0
data/lib/fs/MiqFS/modules/XFS.rb +300 -0
data/lib/fs/MiqFS/modules/XFSProbe.rb +26 -0
data/lib/fs/MiqFS/modules/ZFSProbe.rb +18 -0
data/lib/fs/MiqFS/test.rb +59 -0
data/lib/fs/MiqFsUtil.rb +383 -0
data/lib/fs/MiqMountManager.rb +209 -0
data/lib/fs/MiqNativeMountManager.rb +101 -0
data/lib/fs/MountManagerProbe.rb +29 -0
data/lib/fs/ReiserFS/block.rb +209 -0
data/lib/fs/ReiserFS/directory.rb +136 -0
data/lib/fs/ReiserFS/directory_entry.rb +140 -0
data/lib/fs/ReiserFS/file_data.rb +111 -0
data/lib/fs/ReiserFS/superblock.rb +140 -0
data/lib/fs/ReiserFS/utils.rb +95 -0
data/lib/fs/VimDatastoreFS/VimDatastoreFS.rb +192 -0
data/lib/fs/ext3/alloc_bitmap.rb +38 -0
data/lib/fs/ext3/block_pointers_path.rb +130 -0
data/lib/fs/ext3/directory.rb +51 -0
data/lib/fs/ext3/directory_entry.rb +67 -0
data/lib/fs/ext3/ex_attrib_header.rb +14 -0
data/lib/fs/ext3/ex_attrib_name.rb +23 -0
data/lib/fs/ext3/file_data.rb +130 -0
data/lib/fs/ext3/group_descriptor_entry.rb +65 -0
data/lib/fs/ext3/group_descriptor_table.rb +54 -0
data/lib/fs/ext3/hash_tree_entry.rb +18 -0
data/lib/fs/ext3/hash_tree_header.rb +15 -0
data/lib/fs/ext3/inode.rb +228 -0
data/lib/fs/ext3/posix_acl_entry.rb +29 -0
data/lib/fs/ext3/posix_acl_header.rb +11 -0
data/lib/fs/ext3/superblock.rb +406 -0
data/lib/fs/ext3/test/tc_Ext3BlockPointersPath.rb +74 -0
data/lib/fs/ext4/alloc_bitmap.rb +38 -0
data/lib/fs/ext4/directory.rb +87 -0
data/lib/fs/ext4/directory_entry.rb +77 -0
data/lib/fs/ext4/ex_attrib_header.rb +14 -0
data/lib/fs/ext4/ex_attrib_name.rb +23 -0
data/lib/fs/ext4/extent.rb +35 -0
data/lib/fs/ext4/extent_header.rb +40 -0
data/lib/fs/ext4/extent_index.rb +33 -0
data/lib/fs/ext4/group_descriptor_entry.rb +69 -0
data/lib/fs/ext4/group_descriptor_table.rb +54 -0
data/lib/fs/ext4/hash_tree_entry.rb +58 -0
data/lib/fs/ext4/hash_tree_header.rb +35 -0
data/lib/fs/ext4/inode.rb +465 -0
data/lib/fs/ext4/posix_acl_entry.rb +29 -0
data/lib/fs/ext4/posix_acl_header.rb +11 -0
data/lib/fs/ext4/superblock.rb +412 -0
data/lib/fs/fat32/boot_sect.rb +379 -0
data/lib/fs/fat32/directory.rb +222 -0
data/lib/fs/fat32/directory_entry.rb +540 -0
data/lib/fs/fat32/file_data.rb +128 -0
data/lib/fs/iso9660/boot_sector.rb +170 -0
data/lib/fs/iso9660/directory.rb +90 -0
data/lib/fs/iso9660/directory_entry.rb +147 -0
data/lib/fs/iso9660/file_data.rb +78 -0
data/lib/fs/iso9660/rock_ridge.rb +329 -0
data/lib/fs/iso9660/util.rb +57 -0
data/lib/fs/modules/LinuxMount.rb +300 -0
data/lib/fs/modules/LinuxMountProbe.rb +29 -0
data/lib/fs/modules/WinMount.rb +97 -0
data/lib/fs/modules/WinMountProbe.rb +24 -0
data/lib/fs/ntfs/attrib_attribute_list.rb +131 -0
data/lib/fs/ntfs/attrib_bitmap.rb +26 -0
data/lib/fs/ntfs/attrib_data.rb +74 -0
data/lib/fs/ntfs/attrib_file_name.rb +110 -0
data/lib/fs/ntfs/attrib_header.rb +194 -0
data/lib/fs/ntfs/attrib_index_allocation.rb +19 -0
data/lib/fs/ntfs/attrib_index_root.rb +247 -0
data/lib/fs/ntfs/attrib_object_id.rb +40 -0
data/lib/fs/ntfs/attrib_standard_information.rb +107 -0
data/lib/fs/ntfs/attrib_type.rb +49 -0
data/lib/fs/ntfs/attrib_volume_information.rb +53 -0
data/lib/fs/ntfs/attrib_volume_name.rb +31 -0
data/lib/fs/ntfs/boot_sect.rb +253 -0
data/lib/fs/ntfs/data_run.rb +358 -0
data/lib/fs/ntfs/directory_index_node.rb +114 -0
data/lib/fs/ntfs/index_node_header.rb +69 -0
data/lib/fs/ntfs/index_record_header.rb +85 -0
data/lib/fs/ntfs/mft_entry.rb +288 -0
data/lib/fs/ntfs/utils.rb +43 -0
data/lib/fs/test/camcorder_fs_test.rb +108 -0
data/lib/fs/test/collect_files_direct.yaml +22 -0
data/lib/fs/test/collect_files_in.yaml +24 -0
data/lib/fs/test/collect_files_in_nc.yaml +22 -0
data/lib/fs/test/collect_files_out.yaml +6 -0
data/lib/fs/test/collect_files_rm.yaml +6 -0
data/lib/fs/test/copyTest.rb +126 -0
data/lib/fs/test/fsTest.rb +87 -0
data/lib/fs/test/updateTest.rb +184 -0
data/lib/fs/xfs/allocation_group.rb +160 -0
data/lib/fs/xfs/bmap_btree_block.rb +125 -0
data/lib/fs/xfs/bmap_btree_record.rb +80 -0
data/lib/fs/xfs/bmap_btree_root_node.rb +72 -0
data/lib/fs/xfs/directory.rb +133 -0
data/lib/fs/xfs/directory2_data_header.rb +27 -0
data/lib/fs/xfs/directory3_data_header.rb +34 -0
data/lib/fs/xfs/directory_block_tail.rb +22 -0
data/lib/fs/xfs/directory_data_header.rb +46 -0
data/lib/fs/xfs/directory_entry.rb +106 -0
data/lib/fs/xfs/inode.rb +532 -0
data/lib/fs/xfs/inode_map.rb +100 -0
data/lib/fs/xfs/short_form_directory_entry.rb +91 -0
data/lib/fs/xfs/short_form_header.rb +44 -0
data/lib/fs/xfs/superblock.rb +556 -0
data/lib/lib/tasks/azure.rake +52 -0
data/lib/manageiq/smartstate/version.rb +5 -0
data/lib/manageiq/smartstate.rb +7 -0
data/lib/manageiq-smartstate.rb +1 -0
data/lib/metadata/MIQExtract/MIQExtract.rb +297 -0
data/lib/metadata/MIQExtract/test/extractTest.rb +41 -0
data/lib/metadata/MIQExtract/test/full_extract_test.rb +68 -0
data/lib/metadata/ScanProfile/HostScanItem.rb +4 -0
data/lib/metadata/ScanProfile/HostScanProfile.rb +4 -0
data/lib/metadata/ScanProfile/HostScanProfiles.rb +41 -0
data/lib/metadata/ScanProfile/ScanItemBase.rb +63 -0
data/lib/metadata/ScanProfile/ScanProfileBase.rb +51 -0
data/lib/metadata/ScanProfile/ScanProfilesBase.rb +60 -0
data/lib/metadata/ScanProfile/VmScanItem.rb +4 -0
data/lib/metadata/ScanProfile/VmScanProfile.rb +4 -0
data/lib/metadata/ScanProfile/VmScanProfiles.rb +38 -0
data/lib/metadata/ScanProfile/modules/HostScanItemFile.rb +51 -0
data/lib/metadata/ScanProfile/modules/HostScanItemNteventlog.rb +84 -0
data/lib/metadata/ScanProfile/modules/VmScanItemFile.rb +39 -0
data/lib/metadata/ScanProfile/modules/VmScanItemNteventlog.rb +34 -0
data/lib/metadata/ScanProfile/modules/VmScanItemRegistry.rb +64 -0
data/lib/metadata/VMMount/VMMount.rb +81 -0
data/lib/metadata/VMMount/VMPlatformMount.rb +18 -0
data/lib/metadata/VMMount/VMPlatformMountLinux.rb +75 -0
data/lib/metadata/VMMount/VMPlatformMountWin.rb +13 -0
data/lib/metadata/VmConfig/GetNativeCfg.rb +45 -0
data/lib/metadata/VmConfig/VmConfig.rb +947 -0
data/lib/metadata/VmConfig/cfgConfig.rb +45 -0
data/lib/metadata/VmConfig/ovfConfig.rb +99 -0
data/lib/metadata/VmConfig/test/GetVMwareCfgTest.rb +40 -0
data/lib/metadata/VmConfig/vmcConfig.rb +116 -0
data/lib/metadata/VmConfig/vmtxConfig.rb +4 -0
data/lib/metadata/VmConfig/vmxConfig.rb +162 -0
data/lib/metadata/VmConfig/xmlConfig.rb +79 -0
data/lib/metadata/VmConfig/xmlMsHyperVConfig.rb +41 -0
data/lib/metadata/linux/InitProcHash.rb +632 -0
data/lib/metadata/linux/LinuxInitProcs.rb +142 -0
data/lib/metadata/linux/LinuxOSInfo.rb +237 -0
data/lib/metadata/linux/LinuxPackages.rb +209 -0
data/lib/metadata/linux/LinuxSystemd.rb +130 -0
data/lib/metadata/linux/LinuxUsers.rb +289 -0
data/lib/metadata/linux/LinuxUtils.rb +197 -0
data/lib/metadata/linux/MiqConaryPackages.rb +41 -0
data/lib/metadata/linux/MiqRpmPackages.rb +160 -0
data/lib/metadata/linux/test/Name +0 -0
data/lib/metadata/linux/test/Packages +0 -0
data/lib/metadata/linux/test/rpoTest.rb +5 -0
data/lib/metadata/linux/test/tc_LinuxUtils.rb +4157 -0
data/lib/metadata/util/event_log_filter.rb +61 -0
data/lib/metadata/util/md5deep.rb +280 -0
data/lib/metadata/util/win32/Win32Accounts.rb +764 -0
data/lib/metadata/util/win32/Win32EventLog.rb +743 -0
data/lib/metadata/util/win32/Win32Services.rb +86 -0
data/lib/metadata/util/win32/Win32Software.rb +326 -0
data/lib/metadata/util/win32/Win32System.rb +333 -0
data/lib/metadata/util/win32/boot_info_win.rb +59 -0
data/lib/metadata/util/win32/fleece_hives.rb +220 -0
data/lib/metadata/util/win32/ms-registry.rb +650 -0
data/lib/metadata/util/win32/peheader.rb +868 -0
data/lib/metadata/util/win32/remote-registry.rb +142 -0
data/lib/metadata/util/win32/system_path_win.rb +103 -0
data/lib/metadata/util/win32/versioninfo.rb +17 -0
data/manageiq-smartstate.gemspec +35 -0
metadata +486 -0

data/lib/fs/ntfs/directory_index_node.rb ADDED Viewed

@@ -0,0 +1,114 @@
+require 'binary_struct'
+require 'fs/ntfs/attrib_file_name'
+require 'fs/ntfs/utils'
+module NTFS
+  DIR_INDEX_NODE = BinaryStruct.new([
+    'Q',  'mft_ref',          # MFT file reference for file name (goofy ref).
+    'S',  'length',           # Length of entry.
+    'S',  'content_len',      # Length of $FILE_NAME attrib
+    'L',  'flags',            # See IN_ below (note: these will eventually become general flags)
+  ])
+  # Here follows a $FILE_NAME attribute if content_len > 0.
+  # Last 8 bytes starting on 8 byte boundary are the VCN of the child node in $INDEX_ALLOCATION (if IN_HAS_CHILD is set).
+  SIZEOF_DIR_INDEX_NODE = DIR_INDEX_NODE.size
+  class DirectoryIndexNode
+    IN_HAS_CHILD   = 0x00000001
+    IN_LAST_ENTRY  = 0x00000002
+    attr_reader :refMft, :length, :contentLen, :flags, :child, :afn, :mftEntry
+    def self.nodeFactory(buf)
+      nodes = []
+      loop do
+        node   = DirectoryIndexNode.new(buf)
+        buf    = buf[node.length..-1]
+        nodes << node
+        break if node.isLast?
+      end
+      nodes
+    end
+    def initialize(buf)
+      raise "MIQ(NTFS::DirectoryIndexNode.initialize) Nil buffer" if buf.nil?
+      buf = buf.read(buf.length) if buf.kind_of?(DataRun)
+      # Decode the directory index node structure.
+      @din = DIR_INDEX_NODE.decode(buf)
+      # Get accessor data.
+      @mftEntry   = nil
+      @refMft     = NTFS::Utils.MkRef(@din['mft_ref'])
+      @length     = @din['length']
+      @contentLen = @din['content_len']
+      @flags      = @din['flags']
+      # If there's a $FILE_NAME attrib get it.
+      @afn = FileName.new(buf[SIZEOF_DIR_INDEX_NODE, buf.size]) if @contentLen > 0
+      # If there's a child node VCN get it.
+      if NTFS::Utils.gotBit?(@flags, IN_HAS_CHILD)
+        # Child node VCN is located 8 bytes before 'length' bytes.
+        # NOTE: If the node has 0 contents, it's offset 16.
+        @child = buf[@contentLen == 0 ? 16 : @length - 8, 8].unpack('Q')[0]
+        if @child.class == Bignum
+          # buf.hex_dump(:obj => STDOUT, :meth => :puts, :newline => false)
+          raise "MIQ(NTFS::DirectoryIndexNode.initialize) Bad child node: #{@child}"
+        end
+      end
+    end
+    # String rep.
+    def to_s
+      "\#<#{self.class}:0x#{'%08x' % object_id} name='#{name}'>"
+    end
+    # Return file name (if resolved).
+    def name
+      @afn.nil? ? nil : @afn.name
+    end
+    # Return namespace.
+    def namespace
+      @afn.nil? ? nil : @afn.namespace
+    end
+    # Return true if has children.
+    def hasChild?
+      NTFS::Utils.gotBit?(@flags, IN_HAS_CHILD)
+    end
+    # Return true if this is the last entry.
+    def isLast?
+      NTFS::Utils.gotBit?(@flags, IN_LAST_ENTRY)
+    end
+    # If content is 0, then obviously not a directory.
+    def isDir?
+      return false if @contentLen == 0
+      @mftEntry.isDir?
+    end
+    # Resolves this node's file reference.
+    def resolve(bs)
+      if @contentLen > 0
+        @mftEntry = bs.mftEntry(@refMft[1])
+        raise "MIQ(NTFS::DirectoryIndexNode.resolve) Stale reference: #{inspect}" if @refMft[0] != @mftEntry.sequenceNum
+      end
+      @mftEntry
+    end
+    # Dumps object.
+    def dump
+      out = "\#<#{self.class}:0x#{'%08x' % object_id}>\n"
+      out << "  Mft Ref : seq #{@refMft[0]}, entry #{@refMft[1]}\n"
+      out << "  Length  : #{@length}\n"
+      out << "  Content : #{@contentLen}\n"
+      out << "  Flags   : 0x#{'%08x' % @flags}\n"
+      out << @afn.dump if @contentLen > 0
+      out << "  Child ref: #{@child}\n" if NTFS::Utils.gotBit?(@flags, IN_HAS_CHILD)
+      out << "---\n"
+    end
+  end
+end # module NTFS

data/lib/fs/ntfs/index_node_header.rb ADDED Viewed

@@ -0,0 +1,69 @@
+require 'binary_struct'
+module NTFS
+  #
+  # INDEX_HEADER
+  #
+  # This is the header for indexes, describing the INDEX_ENTRY records, which
+  # follow the INDEX_HEADER. Together the index header and the index entries
+  # make up a complete index.
+  #
+  # IMPORTANT NOTE: The offset, length and size structure members are counted
+  # relative to the start of the index header structure and not relative to the
+  # start of the index root or index allocation structures themselves.
+  #
+  INDEX_NODE_HEADER = BinaryStruct.new([
+    'L',  'entries_offset',     # Byte offset from the INDEX_HEADER to first INDEX_ENTRY, aligned to 8-byte boundary
+    'L',  'index_length',       # Data size in byte of the INDEX_ENTRY's, including the INDEX_HEADER, aligned to 8.
+    'L',  'allocated_size',     # Offset to end of allocated index entry list buffer (relative to start of node header).
+    #
+    # For the index root attribute, the above two numbers are always
+    # equal, as the attribute is resident and it is resized as needed.
+    #
+    # For the index allocation attribute, the attribute is not resident
+    # and the allocated_size is equal to the index_block_size specified
+    # by the corresponding INDEX_ROOT attribute minus the INDEX_BLOCK
+    # size not counting the INDEX_HEADER part (i.e. minus -24).
+    #
+    'L',  'flags',              # See NH_ below.
+  ])
+  SIZEOF_INDEX_NODE_HEADER = INDEX_NODE_HEADER.size
+  # Here follows a list of IndexNodeEntries.
+  class IndexNodeHeader
+    NH_HAS_CHILDREN = 0x0001
+    attr_reader :startEntries, :endEntries, :flags
+    def initialize(buf)
+      raise "MIQ(NTFS::IndexNodeHeader.initialize) Nil buffer" if buf.nil?
+      buf  = buf.read(buf.length) if buf.kind_of?(DataRun)
+      @inh = INDEX_NODE_HEADER.decode(buf)
+      # Get accessor data.
+      @flags        = @inh['flags']
+      @endEntries   = @inh['index_length']
+      @startEntries = @inh['entries_offset']
+    end
+    def to_s
+      "0x#{'%08x' % @flags}"
+    end
+    def hasChildren?
+      (@flags & NH_HAS_CHILDREN) == NH_HAS_CHILDREN
+    end
+    def dump
+      out = "\#<#{self.class}:0x#{'%08x' % object_id}>\n"
+      out << "  Entries Offset   : #{@startEntries}\n"
+      out << "  Index Length     : #{@endEntries}\n"
+      out << "  Allocated Size   : #{@inh['allocated_size']}\n"
+      out << "  Flags            : 0x#{'%08x' % @flags}\n"
+      out << "---\n"
+    end
+  end
+end # module NTFS

data/lib/fs/ntfs/index_record_header.rb ADDED Viewed

@@ -0,0 +1,85 @@
+require 'fs/ntfs/utils'
+require 'binary_struct'
+module NTFS
+  #
+  # INDEX_BLOCK - Attribute: Index allocation (0xa0).
+  #
+  # NOTE: Always non-resident (doesn't make sense to be resident anyway!).
+  #
+  # This is an array of index blocks. Each index block starts with an
+  # INDEX_BLOCK structure containing an index header, followed by a sequence of
+  # index entries (INDEX_ENTRY structures), as described by the INDEX_HEADER.
+  #
+  INDEX_RECORD_HEADER = BinaryStruct.new([
+    'a4', 'signature',          # Always 'INDX'
+    'S',  'usa_offset',         # Offset to the Update Sequence Array (usa) from the start of the ntfs record.
+    'S',  'usa_count',          # Number of u16 sized entries in the usa including the Update Sequence Number (usn),
+    # thus the number of fixups is the usa_count minus 1.
+    'Q',  'lsn',                # $LogFile sequence number of the last modification of this index block
+    'Q',  'index_block_vcn',    # VCN of this record in the full index stream.
+  ])
+  # Here follows the fixup array.
+  # Here follows an index node header.
+  SIZEOF_INDEX_RECORD_HEADER = INDEX_RECORD_HEADER.size
+  class IndexRecordHeader
+    EXPECTED_SIGNATURE = 'INDX'
+    attr_reader :valid, :signature, :vcn
+    attr_accessor :data
+    def self.size
+      SIZEOF_INDEX_RECORD_HEADER
+    end
+    def initialize(buf, bps)
+      log_prefix = "MIQ(NTFS::IndexRecordHeader.initialize)"
+      raise "#{log_prefix} Nil buffer"           if buf.nil?
+      raise "#{log_prefix} Nil bytes per sector" if bps.nil?
+      buf        = buf.read(buf.length)   if buf.kind_of?(DataRun)
+      @data      = buf
+      @bps       = bps
+      # Decode the index record header structure.
+      @irh       = INDEX_RECORD_HEADER.decode(buf)
+      @signature = @irh['signature']
+      @vcn       = @irh['index_block_vcn']
+      @valid     = true
+      begin
+        # Check for proper signature.
+        NTFS::Utils.validate_signature(@irh['signature'], EXPECTED_SIGNATURE)
+        # Process per-sector "fixups" that NTFS uses to detect corruption of multi-sector data structures
+        @data = NTFS::Utils.process_fixups(@data, @bps, @irh['usa_offset'], @irh['usa_count'])
+      rescue => err
+        @valid = false
+        $log.error("#{log_prefix} Invalid Index Record Header because: <#{err.message}>\n#{dump}")
+      end
+    end
+    def isValid?
+      @valid
+    end
+    def to_s
+      @irh['signature']
+    end
+    def dump(withData = nil)
+      out = "\#<#{self.class}:0x#{'%08x' % object_id}>\n"
+      out << "  Signature                : #{@irh['signature']}\n"
+      out << "  USA Offset               : #{@irh['usa_offset']}\n"
+      out << "  USA Count                : #{@irh['usa_count']}\n"
+      out << "  $LogFile sequence number : #{@irh['lsn']}\n"
+      out << "  Index Block VCN          : #{@irh['index_block_vcn']}\n"
+      if withData
+        out << "Raw Data:\n"
+        out << @data.hex_dump
+      end
+      out << "---\n"
+    end
+  end
+end # module NTFS

data/lib/fs/ntfs/mft_entry.rb ADDED Viewed

@@ -0,0 +1,288 @@
+# Utilities.
+require 'binary_struct'
+require 'fs/ntfs/utils'
+# Attribute types & names.
+require 'fs/ntfs/attrib_type'
+# Classes.
+# An attribute header preceeds each attribute.
+require 'fs/ntfs/attrib_header'
+# A data run is storage for non-resident attributes.
+require 'fs/ntfs/data_run'
+# These are the attribute types (so far these are the only types processed).
+require 'fs/ntfs/attrib_attribute_list'
+require 'fs/ntfs/attrib_bitmap'
+require 'fs/ntfs/attrib_standard_information'
+require 'fs/ntfs/attrib_file_name'
+require 'fs/ntfs/attrib_object_id'
+require 'fs/ntfs/attrib_volume_name'
+require 'fs/ntfs/attrib_volume_information'
+require 'fs/ntfs/attrib_data'
+require 'fs/ntfs/attrib_index_root'
+require 'fs/ntfs/attrib_index_allocation'
+module NTFS
+  #
+  # MFT_RECORD - An MFT record layout
+  #
+  # The mft record header present at the beginning of every record in the mft.
+  # This is followed by a sequence of variable length attribute records which
+  # is terminated by an attribute of type AT_END which is a truncated attribute
+  # in that it only consists of the attribute type code AT_END and none of the
+  # other members of the attribute structure are present.
+  #
+  # One MFT file record, also called MFT Entry.
+  FILE_RECORD = BinaryStruct.new([
+    'a4', 'signature',                # Always 'FILE'
+    'S',  'usa_offset',               # Offset to the Update Sequence Array (usa) from the start of the ntfs record.
+    'S',  'usa_count',                # Number of u16 sized entries in the usa including the Update Sequence Number (usn),
+    # thus the number of fixups is the usa_count minus 1.
+    'Q',  'lsn',                      # $LogFile sequence number for this record.
+    # Changed every time the record is modified
+    'S',  'seq_num',                  # Number of times this MFT record has been reused
+    'S',  'hard_link_count',          # Number of links to this file
+    'S',  'offset_to_attrib',         # Byte offset to the first attribute in this mft record from the start of the mft record.
+    # NOTE: Must be aligned to 8-byte boundary.
+    'S',  'flags',                    # File record flags
+    'L',  'bytes_in_use',             # Number of bytes used in this mft record.
+    # NOTE: Must be aligned to 8-byte boundary.
+    'L',  'bytes_allocated',          # Number of bytes allocated for this mft record. This should be equal
+    # to the mft record size
+    'Q',  'base_mft_record',          # This is zero for base mft records. When it is not zero it is a mft reference
+    # pointing to the base mft record to which this record belongs (this is then
+    # used to locate the attribute list attribute present in the base record which
+    # describes this extension record and hence might need modification when the
+    # extension record itself is modified, also locating the attribute list also
+    # means finding the other potential extents, belonging to the non-base mft record).
+    'S',  'next_attrib_id',           # The instance number that will be assigned to the next attribute added to this
+    # mft record.
+    # NOTE: Incremented each time after it is used.
+    # NOTE: Every time the mft record is reused this number is set to zero.
+    # NOTE: The first instance number is always 0
+    #
+    # The 2 fields below are specific to NTFS 3.1+ (Windows XP and above):
+    #
+    'S',  'unused1',                  # Reserved/alignment
+    'L',  'mft_rec_num',              # Number of this mft record.
+    # When (re)using the mft record, we place the update sequence array at this
+    # offset, i.e. before we start with the attributes. This also makes sense,
+    # otherwise we could run into problems with the update sequence array
+    # containing in itself the last two bytes of a sector which would mean that
+    # multi sector transfer protection wouldn't work. As you can't protect data
+    # by overwriting it since you then can't get it back...
+    # When reading we obviously use the data from the ntfs record header.
+    #
+    'S',  'fixup_seq_num',            # Magic word at end of sector
+  ])
+  # Here follows the fixup array (WORD).
+  SIZEOF_FILE_RECORD = FILE_RECORD.size
+  # MftEntry represents one single MFT entry.
+  class MftEntry
+    DEBUG_TRACE_MFT = false && $log
+    attr_reader :sequenceNum, :recNum, :boot_sector, :mft_entry, :attribs
+    MFT_RECORD_IN_USE        = 0x0001  # Not set if file has been deleted
+    MFT_RECORD_IS_DIRECTORY  = 0x0002  # Set if record describes a directory
+    MFT_RECORD_IS_4          = 0x0004  # MFT_RECORD_IS_4 exists on all $Extend sub-files.  It seems that it marks it is a metadata file with MFT record >24, however, it is unknown if it is limited to metadata files only.
+    MFT_RECORD_IS_VIEW_INDEX = 0x0008  # MFT_RECORD_IS_VIEW_INDEX exists on every metafile with a non directory index, that means an INDEX_ROOT and an INDEX_ALLOCATION with a name other than "$I30". It is unknown if it is limited to metadata files only.
+    EXPECTED_SIGNATURE       = 'FILE'
+    def initialize(bs, recordNumber)
+      log_prefix = "MIQ(NTFS::MftEntry.initialize)"
+      raise "#{log_prefix} Nil boot sector" if bs.nil?
+      @attribs         = []
+      @attribs_by_type = Hash.new { |h, k| h[k] = [] }
+      # Buffer boot sector & seek to requested record.
+      @boot_sector = bs
+      bs.stream.seek(bs.mftRecToBytePos(recordNumber))
+      # Get & decode the FILE_RECORD.
+      @buf       = bs.stream.read(bs.bytesPerFileRec)
+      @mft_entry = FILE_RECORD.decode(@buf)
+      # Adjust for older versions (don't have unused1 and mft_rec_num).
+      version = bs.version
+      if !version.nil? && version < 4.0
+        @mft_entry['fixup_seq_num'] = @mft_entry['unused1']
+        @mft_entry['mft_rec_num']   = recordNumber
+      end
+      # Set accessor data.
+      @sequenceNum = @mft_entry['seq_num']
+      @recNum      = @mft_entry['mft_rec_num']
+      @flags       = @mft_entry['flags']
+      begin
+        # Check for proper signature.
+        NTFS::Utils.validate_signature(@mft_entry['signature'], EXPECTED_SIGNATURE)
+        # Process per-sector "fixups" that NTFS uses to detect corruption of multi-sector data structures
+        @buf = NTFS::Utils.process_fixups(@buf, @boot_sector.bytesPerSector, @mft_entry['usa_offset'], @mft_entry['usa_count'])
+      rescue => err
+        emsg = "#{log_prefix} Invalid MFT Entry <#{recordNumber}> because: <#{err.message}>"
+        $log.error("#{emsg}\n#{dump}")
+        raise emsg
+      end
+      @buf = @buf[@mft_entry['offset_to_attrib']..-1]
+      loadAttributeHeaders
+    end
+    # For string rep, if valid return record number.
+    def to_s
+      @mft_entry['mft_rec_num'].to_s
+    end
+    def isDeleted?
+      !NTFS::Utils.gotBit?(@flags, MFT_RECORD_IN_USE)
+    end
+    def isDir?
+      NTFS::Utils.gotBit?(@flags, MFT_RECORD_IS_DIRECTORY)
+    end
+    def indexRoot
+      if @indexRoot.nil?
+        @indexRoot             = getFirstAttribute(AT_INDEX_ROOT)
+        @indexRoot.bitmap      = getFirstAttribute(AT_BITMAP)      unless @indexRoot.nil?
+        @indexRoot.allocations = getAttributes(AT_INDEX_ALLOCATION) unless @indexRoot.nil?
+      end
+      @indexRoot
+    end
+    def attributeData
+      if @attributeData.nil?
+        dataArray = getAttributes(AT_DATA)
+        unless dataArray.nil?
+          dataArray.compact!
+          if dataArray.size > 0
+            @attributeData = dataArray.shift
+            dataArray.each { |datum| @attributeData.data.addRun(datum.run) }
+          end
+        end
+      end
+      @attributeData
+    end
+    def rootAttributeData
+      loadFirstAttribute(AT_DATA)
+    end
+    def attributeList
+      @attributeList ||= loadFirstAttribute(AT_ATTRIBUTE_LIST)
+    end
+    def loadAttributeHeaders
+      offset = 0
+      while h = AttribHeader.new(@buf[offset..-1])
+        break if h.type.nil? || h.type == AT_END
+        $log.debug "NtfsMftEntry.loadAttributeHeaders - MFT(#{@recNum}) adding  Attr: #{h.typeName}" if DEBUG_TRACE_MFT
+        attrib = {"type" => h.type, "offset" => offset, "header" => h}
+        @attribs << attrib
+        @attribs_by_type[h.type] << attrib
+        offset += h.length
+      end
+      @attribs_by_type.each { |k, v| $log.debug "NtfsMftEntry.loadAttributeHeaders - MFT(#{@recNum}) Attr: #{TypeName[k]} => Count: #{v.size}" }  if DEBUG_TRACE_MFT
+    end
+    def getFirstAttribute(attribType)
+      getAttributes(attribType).first
+    end
+    def getAttributes(attribType)
+      $log.debug "NtfsMftEntry.getAttributes        - MFT(#{@recNum}) getting Attr: #{TypeName[attribType]}" if DEBUG_TRACE_MFT
+      attributeList.nil? ? loadAttributes(attribType) : attributeList.loadAttributes(attribType)
+    end
+    def loadFirstAttribute(attribType)
+      loadAttributes(attribType).first
+    end
+    def loadAttributes(attribType)
+      result  = []
+      if @attribs_by_type.key?(attribType)
+        $log.debug "NtfsMftEntry.loadAttributes       - MFT(#{@recNum}) loading Attr: #{TypeName[attribType]}" if DEBUG_TRACE_MFT
+        @attribs_by_type[attribType].each do |attrib|
+          attrib["attr"] = createAttribute(attrib["offset"], attrib["header"]) unless attrib.key?('attr')
+          result << attrib["attr"]
+        end
+      end
+      result
+    end
+    def createAttribute(offset, header)
+      $log.debug "NtfsMftEntry.createAttribute >> type=#{TypeName[header.type]} header=#{header.inspect}" if DEBUG_TRACE_MFT
+      buf = header.get_value(@buf[offset..-1], @boot_sector)
+      return StandardInformation.new(buf)                             if header.type == AT_STANDARD_INFORMATION
+      return FileName.new(buf)                                        if header.type == AT_FILE_NAME
+      return ObjectId.new(buf)                                        if header.type == AT_OBJECT_ID
+      return VolumeName.new(buf)                                      if header.type == AT_VOLUME_NAME
+      return VolumeInformation.new(buf)                               if header.type == AT_VOLUME_INFORMATION
+      return AttributeList.new(buf, @boot_sector)                     if header.type == AT_ATTRIBUTE_LIST
+      return AttribData.create_from_header(header, buf)               if header.type == AT_DATA
+      return IndexRoot.create_from_header(header, buf, @boot_sector)  if header.type == AT_INDEX_ROOT
+      return IndexAllocation.create_from_header(header, buf)          if header.type == AT_INDEX_ALLOCATION
+      return Bitmap.create_from_header(header, buf)                   if header.type == AT_BITMAP
+      # Attribs are unrecognized if they don't appear in TypeName.
+      unless TypeName.key?(header.type)
+        msg = "MIQ(NTFS::MftEntry.createAttribute) Unrecognized attribute type: 0x#{'%08x' % header.type} -- header: #{header.inspect}"
+        $log.warn(msg) if $log
+        raise(msg)
+      end
+      nil
+    end
+    def dump
+      ref = NTFS::Utils.MkRef(@mft_entry['base_mft_record'])
+      out = "\#<#{self.class}:0x#{'%08x' % object_id}>\n"
+      out << "  Signature       : #{@mft_entry['signature']}\n"
+      out << "  USA Offset      : #{@mft_entry['usa_offset']}\n"
+      out << "  USA Count       : #{@mft_entry['usa_count']}\n"
+      out << "  Log file seq num: #{@mft_entry['lsn']}\n"
+      out << "  Sequence number : #{@mft_entry['seq_num']}\n"
+      out << "  Hard link count : #{@mft_entry['hard_link_count']}\n"
+      out << "  Offset to attrib: #{@mft_entry['offset_to_attrib']}\n"
+      out << "  Flags           : 0x#{'%04x' % @mft_entry['flags']}\n"
+      out << "  Real size of rec: #{@mft_entry['bytes_in_use']}\n"
+      out << "  Alloc siz of rec: #{@mft_entry['bytes_allocated']}\n"
+      out << "  Ref to base rec : seq #{ref[0]}, entry #{ref[1]}\n"
+      out << "  Next attrib id  : #{@mft_entry['next_attrib_id']}\n"
+      out << "  Unused1         : #{@mft_entry['unused1']}\n"
+      out << "  MFT rec num     : #{@mft_entry['mft_rec_num']}\n"
+      out << "  Fixup seq num   : 0x#{'%04x' % @mft_entry['fixup_seq_num']}\n"
+      @attribs.each do |hash|
+        begin
+          header = hash["header"]
+          out << header.dump
+          attrib = hash["attr"]
+          out << attrib.dump unless attrib.nil?
+        rescue NoMethodError
+        end
+      end
+      out
+    end
+  end
+end # module NTFS

data/lib/fs/ntfs/utils.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# encoding: US-ASCII
+module NTFS
+  module Utils
+    # Make a reference (upper two bytes are seq num, lower six are entry).
+    def self.MkRef(ref)
+      ref.divmod(2**48)
+    end
+    def self.gotBit?(flags, bit)
+      (flags & bit) == bit
+    end
+    # Process per-sector "fixups" that NTFS uses to detect corruption of
+    # multi-sector data structures, like MFT records.
+    def self.process_fixups(buf, fixup_offset, usa_offset, usa_count)
+      #
+      # The signature value we must look for is stored just before the fix-up array.
+      #
+      fu_sig = buf[usa_offset, 2].unpack('S')[0]
+      #
+      # For each end-of-sector, check that the last two bytes equal the fixup signature.
+      # If so, replace them with original data stored in the update sequence array.
+      #
+      1.upto(usa_count - 1) do |i|
+        sig = buf[i * fixup_offset - 2, 2].unpack('S')[0]
+        raise "NTFS Fixup Error: fixup signature:<#{fu_sig}> does not match signature[#{i}]=<#{sig}> - consider running chkdsk" if sig != fu_sig
+        buf[i * fixup_offset - 2, 2] = buf[i * 2 + usa_offset, 2]
+      end
+      buf
+    end
+    def self.validate_signature(signature, expected)
+      if signature != expected
+        raise "Uninitialized"   if signature == "\000\000\000\000"
+        raise "Bad Sector"      if signature == 'BAAD'
+        raise "Invalid Signature <#{signature}>"
+      end
+    end
+  end
+end