dissect.target 3.20.dev43__py3-none-any.whl → 3.20.dev44__py3-none-any.whl

dissect/target/loader.py

@@ -205,4 +205,5 @@ register("velociraptor", "VelociraptorLoader")
 register("smb", "SmbLoader")
 register("cb", "CbLoader")
 register("cyber", "CyberLoader")
+register("proxmox", "ProxmoxLoader")
 register("multiraw", "MultiRawLoader")  # Should be last

dissect/target/loaders/proxmox.py

@@ -0,0 +1,68 @@
+from __future__ import annotations
+
+import re
+from pathlib import Path
+
+from dissect.target import container
+from dissect.target.loader import Loader
+from dissect.target.target import Target
+
+RE_VOLUME_ID = re.compile(r"(?:file=)?([^:]+):([^,]+)")
+
+
+class ProxmoxLoader(Loader):
+    """Loader for Proxmox VM configuration files.
+
+    Proxmox uses volume identifiers in the format of ``storage_id:volume_id``. The ``storage_id`` maps to a
+    storage configuration in ``/etc/pve/storage.cfg``. The ``volume_id`` is the name of the volume within
+    that configuration.
+
+    This loader currently does not support parsing the storage configuration, so it will attempt to open the
+    volume directly from the same directory as the configuration file, or from ``/dev/pve/`` (default LVM config).
+    If the volume is not found, it will log a warning.
+    """
+
+    def __init__(self, path: Path, **kwargs):
+        path = path.resolve()
+        super().__init__(path)
+        self.base_dir = path.parent
+
+    @staticmethod
+    def detect(path: Path) -> bool:
+        if path.suffix.lower() != ".conf":
+            return False
+
+        with path.open("rb") as fh:
+            lines = fh.read(512).split(b"\n")
+            needles = [b"cpu:", b"memory:", b"name:"]
+            return all(any(needle in line for line in lines) for needle in needles)
+
+    def map(self, target: Target) -> None:
+        with self.path.open("rt") as fh:
+            for line in fh:
+                if not (line := line.strip()):
+                    continue
+
+                key, value = line.split(":", 1)
+                value = value.strip()
+
+                if key.startswith(("scsi", "sata", "ide", "virtio")) and key[-1].isdigit():
+                    # https://pve.proxmox.com/wiki/Storage
+                    if match := RE_VOLUME_ID.match(value):
+                        storage_id, volume_id = match.groups()
+
+                        # TODO: parse the storage information from /etc/pve/storage.cfg
+                        # For now, let's try a few assumptions
+                        disk_path = None
+                        if (path := self.base_dir.joinpath(volume_id)).exists():
+                            disk_path = path
+                        elif (path := self.base_dir.joinpath("/dev/pve/").joinpath(volume_id)).exists():
+                            disk_path = path
+
+                        if disk_path:
+                            try:
+                                target.disks.add(container.open(disk_path))
+                            except Exception:
+                                target.log.exception("Failed to open disk: %s", disk_path)
+                        else:
+                            target.log.warning("Unable to find disk: %s:%s", storage_id, volume_id)

dissect/target/plugin.py

@@ -57,17 +57,18 @@ log = logging.getLogger(__name__)
 
 
 class OperatingSystem(StrEnum):
-    LINUX = "linux"
-    WINDOWS = "windows"
-    ESXI = "esxi"
+    ANDROID = "android"
     BSD = "bsd"
+    CITRIX = "citrix-netscaler"
+    ESXI = "esxi"
+    FORTIOS = "fortios"
+    IOS = "ios"
+    LINUX = "linux"
     OSX = "osx"
+    PROXMOX = "proxmox"
     UNIX = "unix"
-    ANDROID = "android"
     VYOS = "vyos"
-    IOS = "ios"
-    FORTIOS = "fortios"
-    CITRIX = "citrix-netscaler"
+    WINDOWS = "windows"
 
 
 def export(*args, **kwargs) -> Callable:

dissect/target/plugins/child/proxmox.py

@@ -0,0 +1,23 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import ChildTargetRecord
+from dissect.target.plugin import ChildTargetPlugin
+
+
+class ProxmoxChildTargetPlugin(ChildTargetPlugin):
+    """Child target plugin that yields from the VM listing."""
+
+    __type__ = "proxmox"
+
+    def check_compatible(self) -> None:
+        if self.target.os != "proxmox":
+            raise UnsupportedPluginError("Not a Proxmox operating system")
+
+    def list_children(self) -> Iterator[ChildTargetRecord]:
+        for vm in self.target.vmlist():
+            yield ChildTargetRecord(
+                type=self.__type__,
+                path=vm.path,
+                _target=self.target,
+            )

dissect/target/plugins/os/unix/_os.py

@@ -23,6 +23,7 @@ class UnixPlugin(OSPlugin):
     def __init__(self, target: Target):
         super().__init__(target)
         self._add_mounts()
+        self._add_devices()
         self._hostname_dict = self._parse_hostname_string()
         self._hosts_dict = self._parse_hosts_string()
         self._os_release = self._parse_os_release()
@@ -247,6 +248,17 @@ class UnixPlugin(OSPlugin):
                     self.target.log.debug("Mounting %s (%s) at %s", fs, fs.volume, mount_point)
                     self.target.fs.mount(mount_point, fs)
 
+    def _add_devices(self) -> None:
+        """Add some virtual block devices to the target.
+
+        Currently only adds LVM devices.
+        """
+        vfs = self.target.fs.append_layer()
+
+        for volume in self.target.volumes:
+            if volume.vs and volume.vs.__type__ == "lvm":
+                vfs.map_file_fh(f"/dev/{volume.raw.vg.name}/{volume.raw.name}", volume)
+
     def _parse_os_release(self, glob: str | None = None) -> dict[str, str]:
         """Parse files containing Unix version information.
 

dissect/target/plugins/os/unix/linux/debian/proxmox/_os.py

@@ -0,0 +1,141 @@
+from __future__ import annotations
+
+import stat
+from io import BytesIO
+from typing import BinaryIO
+
+from dissect.sql import sqlite3
+from dissect.util.stream import BufferedStream
+
+from dissect.target.filesystem import (
+    Filesystem,
+    VirtualDirectory,
+    VirtualFile,
+    VirtualFilesystem,
+)
+from dissect.target.helpers import fsutil
+from dissect.target.plugins.os.unix._os import OperatingSystem, export
+from dissect.target.plugins.os.unix.linux.debian._os import DebianPlugin
+from dissect.target.target import Target
+
+
+class ProxmoxPlugin(DebianPlugin):
+    @classmethod
+    def detect(cls, target: Target) -> Filesystem | None:
+        for fs in target.filesystems:
+            if fs.exists("/etc/pve") or fs.exists("/var/lib/pve"):
+                return fs
+
+        return None
+
+    @classmethod
+    def create(cls, target: Target, sysvol: Filesystem) -> ProxmoxPlugin:
+        obj = super().create(target, sysvol)
+
+        if (config_db := target.fs.path("/var/lib/pve-cluster/config.db")).exists():
+            with config_db.open("rb") as fh:
+                vfs = _create_pmxcfs(fh, obj.hostname)
+
+            target.fs.mount("/etc/pve", vfs)
+
+        return obj
+
+    @export(property=True)
+    def version(self) -> str:
+        """Returns Proxmox VE version with underlying OS release."""
+
+        for pkg in self.target.dpkg.status():
+            if pkg.name == "proxmox-ve":
+                distro_name = self._os_release.get("PRETTY_NAME", "")
+                return f"{pkg.name} {pkg.version} ({distro_name})"
+
+    @export(property=True)
+    def os(self) -> str:
+        return OperatingSystem.PROXMOX.value
+
+
+DT_DIR = 4
+DT_REG = 8
+
+
+def _create_pmxcfs(fh: BinaryIO, hostname: str | None = None) -> VirtualFilesystem:
+    # https://pve.proxmox.com/wiki/Proxmox_Cluster_File_System_(pmxcfs)
+    db = sqlite3.SQLite3(fh)
+
+    entries = {row.inode: row for row in db.table("tree")}
+
+    vfs = VirtualFilesystem()
+    for entry in entries.values():
+        if entry.type == DT_DIR:
+            cls = ProxmoxConfigDirectoryEntry
+        elif entry.type == DT_REG:
+            cls = ProxmoxConfigFileEntry
+        else:
+            raise ValueError(f"Unknown pmxcfs file type: {entry.type}")
+
+        parts = []
+        current = entry
+        while current.parent != 0:
+            parts.append(current.name)
+            current = entries[current.parent]
+        parts.append(current.name)
+
+        path = "/".join(parts[::-1])
+        vfs.map_file_entry(path, cls(vfs, path, entry))
+
+    if hostname:
+        node_root = vfs.path(f"nodes/{hostname}")
+        vfs.symlink(str(node_root), "local")
+        vfs.symlink(str(node_root / "lxc"), "lxc")
+        vfs.symlink(str(node_root / "openvz"), "openvz")
+        vfs.symlink(str(node_root / "qemu-server"), "qemu-server")
+
+    # TODO: .version, .members, .vmlist, maybe .clusterlog and .rrd?
+
+    return vfs
+
+
+class ProxmoxConfigFileEntry(VirtualFile):
+    def open(self) -> BinaryIO:
+        return BufferedStream(BytesIO(self.entry.data or b""))
+
+    def lstat(self) -> fsutil.stat_result:
+        # ['mode', 'addr', 'dev', 'nlink', 'uid', 'gid', 'size', 'atime', 'mtime', 'ctime']
+        return fsutil.stat_result(
+            [
+                stat.S_IFREG | 0o640,
+                self.entry.inode,
+                id(self.fs),
+                1,
+                0,
+                0,
+                len(self.entry.data) if self.entry.data else 0,
+                0,
+                self.entry.mtime,
+                0,
+            ]
+        )
+
+
+class ProxmoxConfigDirectoryEntry(VirtualDirectory):
+    def __init__(self, fs: VirtualFilesystem, path: str, entry: sqlite3.Row):
+        super().__init__(fs, path)
+        self.entry = entry
+
+    def lstat(self) -> fsutil.stat_result:
+        """Return the stat information of the given path, without resolving links."""
+        # ['mode', 'addr', 'dev', 'nlink', 'uid', 'gid', 'size', 'atime', 'mtime', 'ctime']
+        return fsutil.stat_result(
+            [
+                stat.S_IFDIR | 0o755,
+                self.entry.inode,
+                id(self.fs),
+                1,
+                0,
+                0,
+                0,
+                0,
+                self.entry.mtime,
+                0,
+            ]
+        )

dissect/target/plugins/os/unix/linux/debian/proxmox/vm.py

@@ -0,0 +1,29 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import TargetRecordDescriptor
+from dissect.target.plugin import Plugin, export
+
+VirtualMachineRecord = TargetRecordDescriptor(
+    "proxmox/vm",
+    [
+        ("string", "path"),
+    ],
+)
+
+
+class VirtualMachinePlugin(Plugin):
+    """Plugin to list Proxmox virtual machines."""
+
+    def check_compatible(self) -> None:
+        if self.target.os != "proxmox":
+            raise UnsupportedPluginError("Not a Proxmox operating system")
+
+    @export(record=VirtualMachineRecord)
+    def vmlist(self) -> Iterator[VirtualMachineRecord]:
+        """List Proxmox virtual machines on this node."""
+        for config in self.target.fs.path("/etc/pve/qemu-server").iterdir():
+            yield VirtualMachineRecord(
+                path=config,
+                _target=self.target,
+            )

{dissect.target-3.20.dev43.dist-info → dissect.target-3.20.dev44.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev43
+Version: 3.20.dev44
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev43.dist-info → dissect.target-3.20.dev44.dist-info}/RECORD

@@ -2,8 +2,8 @@ dissect/target/__init__.py,sha256=Oc7ounTgq2hE4nR6YcNabetc7SQA40ldSa35VEdZcQU,63
 dissect/target/container.py,sha256=0YcwcGmfJjhPXUB6DEcjWEoSuAtTDxMDpoTviMrLsxM,9353
 dissect/target/exceptions.py,sha256=ULi7NXlqju_d8KENEL3aimmfKTFfbNssfeWhAnOB654,2972
 dissect/target/filesystem.py,sha256=__p2p72B6mKgIiAOj85EC3ESdZ8gjgkm2pt1KKym3h0,60743
-dissect/target/loader.py,sha256=11B3W9IpfdTU9GJiKONGffuGeICog7J9ypXZ6mffsBE,7337
-dissect/target/plugin.py,sha256=bXWfFOX9B4p1u7T7crASf0jjPrSp8X0wu_jHze2-t_g,50658
+dissect/target/loader.py,sha256=ZlCI7ZyPpysuSKndOiRz_rrGb30_jLMdFD6qObY0Vzg,7374
+dissect/target/plugin.py,sha256=iUc7OmQJ0wwYJeR7L4VBNJ0AjgYWV69FN0NHgWYaLYI,50682
 dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
 dissect/target/target.py,sha256=-UoFO_fqS6XPf77RDHSV4gNRi95wwwpgWq7zIhNVUGk,32719
 dissect/target/volume.py,sha256=aQZAJiny8jjwkc9UtwIRwy7nINXjCxwpO-_UDfh6-BA,15801
@@ -93,6 +93,7 @@ dissect/target/loaders/overlay.py,sha256=tj99HKvNG5_JbGfb1WCv4KNSbXXSnEcPQY5XT-J
 dissect/target/loaders/ovf.py,sha256=ELMq6J2y6cPKbp7pjWAqMMnFYefWxXNqzIiAQdvGGXQ,1061
 dissect/target/loaders/phobos.py,sha256=XtxF7FZXfZrXJruFUZUQzxlREyfc86dTxph7BNoNMvw,2277
 dissect/target/loaders/profile.py,sha256=5ylgmzEEGyBFW3izvb-BZ7dGByXN9OFyRnnggR98P9w,1667
+dissect/target/loaders/proxmox.py,sha256=HP7yCrXze1DmMud7730OPMIwUAEaeoXK0YO6i2XSunM,2778
 dissect/target/loaders/pvm.py,sha256=b-PvHNTbRVdOnf7-OR5dbikbDTCFlW85b-9Z8PEL2Cs,406
 dissect/target/loaders/pvs.py,sha256=dMqdYSBQtH9QLM3tdu0mokLBcn73edg_HUtYtqrdi6E,955
 dissect/target/loaders/raw.py,sha256=tleNWoO0BkC32ExBIPVOpzrQHXXHChZXoZr02oYuC8A,674
@@ -163,6 +164,7 @@ dissect/target/plugins/child/docker.py,sha256=frBZ8UUzbtkT9VrK1fwUzXDAdkHESdPCb-
 dissect/target/plugins/child/esxi.py,sha256=EHpBRv5dizvJVIhtVR7frkUnI9GR7lrbSWPGoOpKhRw,753
 dissect/target/plugins/child/hyperv.py,sha256=R2qVeu4p_9V53jO-65znN0LwX9v3FVA-9jbbtOQcEz8,2236
 dissect/target/plugins/child/parallels.py,sha256=jeBT_NvTQbQBaUjqGWTy2I5Q5OWlrogoyWHRXjOhLis,2255
+dissect/target/plugins/child/proxmox.py,sha256=qjeact60fpUXsOciAIJ776fpcnkO6hTZjeUyx92I2HQ,755
 dissect/target/plugins/child/qemu.py,sha256=vNzQwzFO964jYaI67MlX8vpWyHxpegjIU5F29zHKOGI,791
 dissect/target/plugins/child/virtuozzo.py,sha256=raXaDTyGPY5JuNgyUOn_qzHaPa0sokG3nGZ5_7eDPyA,1303
 dissect/target/plugins/child/vmware_workstation.py,sha256=eLvgi_aFUaMN1tC5X4RN85nKQdsuRQygrFYtNMAERTc,2030
@@ -194,7 +196,7 @@ dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6
 dissect/target/plugins/general/users.py,sha256=yy9gvRXfN9BT71v4Xqo5hpwfgN9he9Otu8TBPZ_Tegs,3009
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/_os.py,sha256=I-waC7Hn9rMJRI2JUDreLnU_LS54Zj3hix7BfJLV-xg,14651
+dissect/target/plugins/os/unix/_os.py,sha256=prvcuIkJ1jmbb_g1CtgHmmJUcGjFaZn3yU6VPNMJ27k,15061
 dissect/target/plugins/os/unix/applications.py,sha256=AUgZRP35FzswGyFyChj2o4dfGO34Amc6nqHgiMEaqdI,3129
 dissect/target/plugins/os/unix/cronjobs.py,sha256=tgWQ3BUZpfyvRzodMwGtwFUdPjZ17k7ZRbZ9Q8wmXPk,3393
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
@@ -242,6 +244,9 @@ dissect/target/plugins/os/unix/linux/debian/_os.py,sha256=GI19ZqcyfZ1mUYg2NCx93H
 dissect/target/plugins/os/unix/linux/debian/apt.py,sha256=uKfW77pbgxYSe9g6hpih19-xfgvCB954Ygx21j-ydzk,4388
 dissect/target/plugins/os/unix/linux/debian/dpkg.py,sha256=6A3mb77NREdDWDTFrmcfCF_XxHMmD4_5eHqHEl_7Vqg,5816
 dissect/target/plugins/os/unix/linux/debian/snap.py,sha256=YVz1N54eQsj2_22LUJIj6Gg-huwT4xDEcOAZn9Tvgw4,3023
+dissect/target/plugins/os/unix/linux/debian/proxmox/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/target/plugins/os/unix/linux/debian/proxmox/_os.py,sha256=OrQsPcz3fERVnSJKRMXwWQCoVN6CFuC-pJIVHtU-g9M,4257
+dissect/target/plugins/os/unix/linux/debian/proxmox/vm.py,sha256=Z5IDA5Oot4P2hh65n5cgUMUi_TMIgSexIO2ngOgxPo0,911
 dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/debian/vyos/_os.py,sha256=TPjcfv1n68RCe3Er4aCVQwQDCZwJT-NLvje3kPjDfhk,1744
 dissect/target/plugins/os/unix/linux/fortios/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -373,10 +378,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev43.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev43.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev43.dist-info/METADATA,sha256=FO2hxtOkklCzr7ZrCmD1SeMtL5Dqy8jufOSQFRUQVRY,12897
-dissect.target-3.20.dev43.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
-dissect.target-3.20.dev43.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev43.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev43.dist-info/RECORD,,
+dissect.target-3.20.dev44.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev44.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev44.dist-info/METADATA,sha256=Sgsho9JR5_66txpbY0u-KInNUTMmgflhCY23idL5Iuo,12897
+dissect.target-3.20.dev44.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
+dissect.target-3.20.dev44.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev44.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev44.dist-info/RECORD,,