dissect.target 3.20.dev8__py3-none-any.whl → 3.20.dev10__py3-none-any.whl

dissect/target/filesystems/overlay.py

@@ -89,15 +89,25 @@ class Overlay2Filesystem(LayerFilesystem):
 
         # append and mount every layer
         for dest, layer in layers:
-            if layer.is_file() and dest in ["/etc/hosts", "/etc/hostname", "/etc/resolv.conf"]:
+            # we could have collected a layer reference that actually does not exist on the host
+            if not layer.exists():
+                log.warning(
+                    "Can not mount layer %s for container %s as it does not exist on the host", layer, path.name
+                )
+                continue
+
+            # mount points can be files
+            if layer.is_file():
                 layer_fs = VirtualFilesystem()
-                layer_fs.map_file_fh("/etc/" + layer.name, layer.open("rb"))
-                dest = dest.split("/")[0]
+                layer_fs.map_file_fh(dest, layer.open("rb"))
 
+            # regular overlay2 layers are directories
+            # mount points can be directories too
             else:
                 layer_fs = DirectoryFilesystem(layer)
 
-            self.append_layer().mount(dest, layer_fs)
+            log.info("Adding layer %s to destination %s", layer, dest)
+            self.append_layer().mount("/" if layer.is_file() else dest, layer_fs)
 
     def __repr__(self) -> str:
         return f"<{self.__class__.__name__} {self.base_path}>"

dissect/target/helpers/record.py

@@ -180,7 +180,8 @@ MacInterfaceRecord = TargetRecordDescriptor(
     [
         *COMMON_INTERFACE_ELEMENTS,
         ("varint", "vlan"),
-        ("string", "proxy"),
+        ("net.ipnetwork[]", "network"),
         ("varint", "interface_service_order"),
+        ("boolean", "dhcp"),
     ],
 )

dissect/target/plugins/os/unix/bsd/osx/_os.py

@@ -40,24 +40,8 @@ class MacPlugin(BsdPlugin):
     @export(property=True)
     def ips(self) -> Optional[list[str]]:
         ips = set()
-
-        # Static configured IP-addresses
-        if (preferences := self.target.fs.path(self.SYSTEM)).exists():
-            network = plistlib.load(preferences.open()).get("NetworkServices")
-
-            for interface in network.values():
-                for addresses in [interface.get("IPv4"), interface.get("IPv6")]:
-                    ips.update(addresses.get("Addresses", []))
-
-        # IP-addresses configured by DHCP
-        if (dhcp := self.target.fs.path("/private/var/db/dhcpclient/leases")).exists():
-            for lease in dhcp.iterdir():
-                if lease.is_file():
-                    lease = plistlib.load(lease.open())
-
-                    if ip := lease.get("IPAddress"):
-                        ips.add(ip)
-
+        for ip in self.target.network.ips():
+            ips.add(str(ip))
         return list(ips)
 
     @export(property=True)

dissect/target/plugins/os/unix/bsd/osx/network.py

@@ -0,0 +1,90 @@
+from __future__ import annotations
+
+import plistlib
+from functools import cache, lru_cache
+from typing import Iterator
+
+from dissect.target.helpers.record import MacInterfaceRecord
+from dissect.target.plugins.general.network import NetworkPlugin
+from dissect.target.target import Target
+
+
+class MacNetworkPlugin(NetworkPlugin):
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self._plistnetwork = cache(self._plistnetwork)
+        self._plistlease = lru_cache(32)(self._plistlease)
+
+    def _plistlease(self, devname: str) -> dict:
+        for lease in self.target.fs.glob_ext(f"/private/var/db/dhcpclient/leases/{devname}*"):
+            return plistlib.load(lease.open())
+        return {}
+
+    def _plistnetwork(self) -> dict:
+        if (preferences := self.target.fs.path("/Library/Preferences/SystemConfiguration/preferences.plist")).exists():
+            return plistlib.load(preferences.open())
+
+    def _interfaces(self) -> Iterator[MacInterfaceRecord]:
+        plistnetwork = self._plistnetwork()
+        current_set = plistnetwork.get("CurrentSet")
+        sets = plistnetwork.get("Sets", {})
+        for name, _set in sets.items():
+            if f"/Sets/{name}" == current_set:
+                item = _set
+                for key in ["Network", "Global", "IPv4", "ServiceOrder"]:
+                    item = item.get(key, {})
+                service_order = item
+                break
+
+        network = plistnetwork.get("NetworkServices", {})
+        vlans = plistnetwork.get("VirtualNetworkInterfaces", {}).get("VLAN", {})
+
+        vlan_lookup = {key: vlan.get("Tag") for key, vlan in vlans.items()}
+
+        for _id, interface in network.items():
+            dns = set()
+            gateways = set()
+            ips = set()
+            device = interface.get("Interface", {})
+            name = device.get("DeviceName")
+            _type = device.get("Type")
+            vlan = vlan_lookup.get(name)
+            dhcp = False
+            subnetmask = []
+            network = []
+            interface_service_order = service_order.index(_id) if _id in service_order else None
+            try:
+                for addr in interface.get("DNS", {}).get("ServerAddresses", {}):
+                    dns.add(addr)
+                for addresses in [interface.get("IPv4", {}), interface.get("IPv6", {})]:
+                    subnetmask += filter(lambda mask: mask != "", addresses.get("SubnetMasks", []))
+                    if router := addresses.get("Router"):
+                        gateways.add(router)
+                    if addresses.get("ConfigMethod", "") == "DHCP":
+                        ips.add(self._plistlease(name).get("IPAddress"))
+                        dhcp = True
+                    else:
+                        for addr in addresses.get("Addresses", []):
+                            ips.add(addr)
+
+                if subnetmask:
+                    network = self.calculate_network(ips, subnetmask)
+
+                yield MacInterfaceRecord(
+                    name=name,
+                    type=_type,
+                    enabled=not interface.get("__INACTIVE__", False),
+                    dns=list(dns),
+                    ip=list(ips),
+                    gateway=list(gateways),
+                    source="NetworkServices",
+                    vlan=vlan,
+                    network=network,
+                    interface_service_order=interface_service_order,
+                    dhcp=dhcp,
+                    _target=self.target,
+                )
+
+            except Exception as e:
+                self.target.log.warning("Error reading configuration for network device %s: %s", name, e)
+                continue

{dissect.target-3.20.dev8.dist-info → dissect.target-3.20.dev10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev8
+Version: 3.20.dev10
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev8.dist-info → dissect.target-3.20.dev10.dist-info}/RECORD

@@ -35,7 +35,7 @@ dissect/target/filesystems/ffs.py,sha256=Wu8sS1jjmD0QXXcAaD2h_zzfvinjco8qvj0hEru
 dissect/target/filesystems/itunes.py,sha256=w2lcWv6jlBPm84tsGZehxKBMXXyuW3KlmwVTF4ssQec,6395
 dissect/target/filesystems/jffs.py,sha256=Ceqa5Em2pepnXMH_XZFmSNjQyWPo1uWTthBFSMWfKRo,3926
 dissect/target/filesystems/ntfs.py,sha256=fGgCKjdO5GrPC21DDr0SwIxmwR7KruNIqGUzysboirA,7068
-dissect/target/filesystems/overlay.py,sha256=-dqWuMWLcq3usKbJYh0MW-qyp4dfLlOAh2z6FjNPu9I,4314
+dissect/target/filesystems/overlay.py,sha256=d0BNZcVd3SzBcM1SZO5nX2FrEYcdtVH34BPJQ6Oh4x8,4753
 dissect/target/filesystems/smb.py,sha256=uxfcOWwEoDCw8Qpsa94T5Pn-SKd4WXs4OOrzVVI55d8,6406
 dissect/target/filesystems/squashfs.py,sha256=ehzlThXB7n96XUvQnsK5tWLsA9HIxYN-Zxl7aO9D7ts,3921
 dissect/target/filesystems/tar.py,sha256=EJyvRCU6H7eu0exC0tQggyAZKZ3JFFaihYyx9SIQNqk,5742
@@ -61,7 +61,7 @@ dissect/target/helpers/mui.py,sha256=i-7XoHbu4WO2fYapK9yGAMW04rFlgRispknc1KQIS5Q
 dissect/target/helpers/network_managers.py,sha256=ByBSe2K3c8hgQC6dokcf-hHdmPcD8PmrOj0xs1C3yhs,25743
 dissect/target/helpers/polypath.py,sha256=h8p7m_OCNiQljGwoZh5Aflr9H2ot6CZr6WKq1OSw58o,2175
 dissect/target/helpers/protobuf.py,sha256=b4DsnqrRLrefcDjx7rQno-_LBcwtJXxuKf5RdOegzfE,1537
-dissect/target/helpers/record.py,sha256=vbsZBUQ5sxsWGaGUJk2yHV5miXvK9HfZgVarM5Cmqto,5852
+dissect/target/helpers/record.py,sha256=7Se6ZV8cvwEaGSjRd9bKhVnUAn4W4KR2eqP6AbQhTH4,5892
 dissect/target/helpers/record_modifier.py,sha256=O_Jj7zOi891HIyAYjxxe6LFPYETHdMa5lNjo4NA_T_w,3969
 dissect/target/helpers/regutil.py,sha256=kX-sSZbW8Qkg29Dn_9zYbaQrwLumrr4Y8zJ1EhHXIAM,27337
 dissect/target/helpers/shell_application_ids.py,sha256=hYxrP-YtHK7ZM0ectJFHfoMB8QUXLbYNKmKXMWLZRlA,38132
@@ -210,7 +210,8 @@ dissect/target/plugins/os/unix/bsd/ios/_os.py,sha256=VlJXGxkQZ4RbGbSC-FlbR2YWOJp
 dissect/target/plugins/os/unix/bsd/openbsd/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/bsd/openbsd/_os.py,sha256=9npz-osM-wHmjOACUqof5N5HJeps7J8KuyenUS5MZDs,923
 dissect/target/plugins/os/unix/bsd/osx/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/bsd/osx/_os.py,sha256=KvP7YJ7apVwoIop7MR-8q5QbVGoB6MdR42l6ssEe6es,4081
+dissect/target/plugins/os/unix/bsd/osx/_os.py,sha256=PKh8VM_O0FmmYy7UMPth6uhusCJzekla20sUPK6esRg,3416
+dissect/target/plugins/os/unix/bsd/osx/network.py,sha256=j2yq2QTAmAuZBu3j0vHnHHxkUyeB4b-6WdUSWCE_QsE,3691
 dissect/target/plugins/os/unix/bsd/osx/user.py,sha256=qopB0s3n7e6Q7NjWzn8Z-dKtDtU7e6In4Vm7hIvvedo,2322
 dissect/target/plugins/os/unix/esxi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/esxi/_os.py,sha256=s6pAgUyfHh3QcY6sgvk5uVMmLvqK1tIHWR7MSbrFn8w,17789
@@ -363,10 +364,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev8.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev8.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev8.dist-info/METADATA,sha256=VtQsgGmXH9A74YcDFwgv69F90Mk9mrD0-VQTWRKvFQU,12896
-dissect.target-3.20.dev8.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-dissect.target-3.20.dev8.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev8.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev8.dist-info/RECORD,,
+dissect.target-3.20.dev10.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev10.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev10.dist-info/METADATA,sha256=5OxnXAwEsto5SeG-Tz-CR8M_5sqbSNn3Z41qo9bgFYY,12897
+dissect.target-3.20.dev10.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+dissect.target-3.20.dev10.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev10.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev10.dist-info/RECORD,,