dissect.target 3.20.dev51__py3-none-any.whl → 3.20.dev53__py3-none-any.whl

dissect/target/filesystems/jffs.py

@@ -76,13 +76,13 @@ class JFFSFilesystemEntry(FilesystemEntry):
             entry_path = fsutil.join(self.path, name, alt_separator=self.fs.alt_separator)
             yield JFFSFilesystemEntry(self.fs, entry_path, entry)
 
-    def is_dir(self, follow_symlinks: bool = False) -> bool:
+    def is_dir(self, follow_symlinks: bool = True) -> bool:
         try:
             return self._resolve(follow_symlinks).entry.is_dir()
         except FilesystemError:
             return False
 
-    def is_file(self, follow_symlinks: bool = False) -> bool:
+    def is_file(self, follow_symlinks: bool = True) -> bool:
         try:
             return self._resolve(follow_symlinks).entry.is_file()
         except FilesystemError:
@@ -97,7 +97,7 @@ class JFFSFilesystemEntry(FilesystemEntry):
 
         return self.entry.link
 
-    def stat(self, follow_symlinks: bool = False) -> fsutil.stat_result:
+    def stat(self, follow_symlinks: bool = True) -> fsutil.stat_result:
         return self._resolve(follow_symlinks).lstat()
 
     def lstat(self) -> fsutil.stat_result:

dissect/target/plugins/os/windows/generic.py

@@ -1,8 +1,10 @@
 from __future__ import annotations
 
+import struct
 from datetime import datetime
 from typing import Iterator
 
+from dissect.util.sid import read_sid
 from dissect.util.ts import from_unix
 
 from dissect.target.exceptions import RegistryError, UnsupportedPluginError
@@ -10,7 +12,10 @@ from dissect.target.helpers.descriptor_extensions import (
     RegistryRecordDescriptorExtension,
     UserRecordDescriptorExtension,
 )
-from dissect.target.helpers.record import create_extended_descriptor
+from dissect.target.helpers.record import (
+    TargetRecordDescriptor,
+    create_extended_descriptor,
+)
 from dissect.target.plugin import Plugin, export
 
 UserRegistryRecordDescriptor = create_extended_descriptor(
@@ -113,6 +118,15 @@ WinSockNamespaceProviderRecord = UserRegistryRecordDescriptor(
     ],
 )
 
+ComputerSidRecord = TargetRecordDescriptor(
+    "windows/sid/computer",
+    [
+        ("datetime", "ts"),
+        ("string", "sidtype"),
+        ("string", "sid"),
+    ],
+)
+
 
 class GenericPlugin(Plugin):
     """Generic Windows plugin.
@@ -573,3 +587,36 @@ class GenericPlugin(Plugin):
             return self.target.registry.key(key).value("ACP").value
         except RegistryError:
             pass
+
+    @export(record=ComputerSidRecord)
+    def sid(self) -> Iterator[ComputerSidRecord]:
+        """Return the machine- and optional domain SID of the system."""
+
+        try:
+            key = self.target.registry.key("HKLM\\SAM\\SAM\\Domains\\Account")
+
+            # The machine SID is stored in the last 12 bytes of the V value as little-endian
+            # The machine SID differs from a 'normal' binary SID as only holds 3 values and lacks a prefix / Revision
+            # NOTE: Consider moving this to dissect.util.sid if we encounter this more often
+            sid = struct.unpack_from("<III", key.value("V").value, -12)
+
+            yield ComputerSidRecord(
+                ts=key.timestamp,
+                sidtype="Machine",
+                sid=f"S-1-5-21-{sid[0]}-{sid[1]}-{sid[2]}",
+                _target=self.target,
+            )
+        except (RegistryError, struct.error):
+            pass
+
+        try:
+            key = self.target.registry.key("HKLM\\SECURITY\\Policy\\PolMachineAccountS")
+
+            yield ComputerSidRecord(
+                ts=key.timestamp,
+                sidtype="Domain",
+                sid=read_sid(key.value("(Default)").value),
+                _target=self.target,
+            )
+        except (RegistryError, struct.error):
+            pass

{dissect.target-3.20.dev51.dist-info → dissect.target-3.20.dev53.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev51
+Version: 3.20.dev53
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev51.dist-info → dissect.target-3.20.dev53.dist-info}/RECORD

@@ -33,7 +33,7 @@ dissect/target/filesystems/extfs.py,sha256=LVdB94lUI2DRHW0xUPx8lwuY-NKVeSwFGZiLO
 dissect/target/filesystems/fat.py,sha256=cCIiUAY0-5dL76Zhvji1QbwlMVX7YqKWp-NmUdqz8yA,4605
 dissect/target/filesystems/ffs.py,sha256=ry7aPb_AQeApTuhVQVioQPn4Q795_Ak5XloEtd-0bww,4950
 dissect/target/filesystems/itunes.py,sha256=w2lcWv6jlBPm84tsGZehxKBMXXyuW3KlmwVTF4ssQec,6395
-dissect/target/filesystems/jffs.py,sha256=v0fom9zofWNI2umEtKEikxh3kPsbz2rrLOHA3T6Pw1o,4210
+dissect/target/filesystems/jffs.py,sha256=fw25gM-Cx26VuTBmbaVNP1hKw73APkZ4RhI8MGY7-cQ,4207
 dissect/target/filesystems/ntfs.py,sha256=ADSv_VkX0fir6NYaOJD1ewWo9UG84Q7AEbDwULiEoN4,7632
 dissect/target/filesystems/overlay.py,sha256=d0BNZcVd3SzBcM1SZO5nX2FrEYcdtVH34BPJQ6Oh4x8,4753
 dissect/target/filesystems/smb.py,sha256=gzPSIB6J3psFZ7RSU30llcJCt04SFSDpQTImxUUQG7Y,6400
@@ -284,7 +284,7 @@ dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2
 dissect/target/plugins/os/windows/datetime.py,sha256=YKHUZU6lkKJocq15y0yCwvIIOb1Ej-kfvEBmHbrdIGw,9467
 dissect/target/plugins/os/windows/defender.py,sha256=JAJy8hr6jFGd290N1d5a-bVeD8rHc6E_pWEHxTpiMDk,32735
 dissect/target/plugins/os/windows/env.py,sha256=U5D74i_7tICxGDanqDU42Jqsx0asFFMIs6SpUwTnJc4,13884
-dissect/target/plugins/os/windows/generic.py,sha256=Z4eb9SrVMiO871bi5GS8V-rGF6QJ6afLarCJGa6VRcs,22703
+dissect/target/plugins/os/windows/generic.py,sha256=RJ1znzsIa4CFxmdMh91SjMY_pnjwxvldlTEKo58m_e8,24262
 dissect/target/plugins/os/windows/jumplist.py,sha256=3gZk6O1B3lKK2Jxe0B-HapOCEehk94CYNvCVDpQC9nQ,11773
 dissect/target/plugins/os/windows/lnk.py,sha256=KTqhw0JMW-KjAxe4xlRDNSRSx-th-_nPVgTGyBaKmW0,7891
 dissect/target/plugins/os/windows/locale.py,sha256=QiLWGgWrGBGHiXgep5iSOo6VNim4YC-xd4MdW0BUJPA,2486
@@ -378,10 +378,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev51.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev51.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev51.dist-info/METADATA,sha256=KbglItTMCNNZcuFn2IcpvW-aqdoPr6_SMcldbLRoSTM,12897
-dissect.target-3.20.dev51.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
-dissect.target-3.20.dev51.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev51.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev51.dist-info/RECORD,,
+dissect.target-3.20.dev53.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev53.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev53.dist-info/METADATA,sha256=83_YSjif8SPpGDGODY4T2GwqkZoXDoxilQkzr9RsT7M,12897
+dissect.target-3.20.dev53.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
+dissect.target-3.20.dev53.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev53.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev53.dist-info/RECORD,,