diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.cpp b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
index 52eaaf4d07d09b7bf2caae0cd4f04039a28a73c5..121ca940c7c53d388025bba476a19094e8f91ec2 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.cpp
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
@@ -1430,31 +1430,24 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_openVolNat(JNIEnv * env,
* @param obj the java object this was called from
* @param a_img_info the pointer to the parent img object
* @param offset the offset in bytes to the pool
-* @param pool_type the type of pool
*/
JNIEXPORT jlong JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_openPoolNat(JNIEnv * env,
- jclass obj, jlong a_img_info, jlong offset, jlong pool_type)
+ jclass obj, jlong a_img_info, jlong offset)
{
- printf("@@@ openPoolNat\n");
TSK_IMG_INFO *img_info = castImgInfo(env, a_img_info);
if (img_info == 0) {
//exception already set
return 0;
}
- printf(" Casted img_info\n");
- // TODO - use pool type
- //const TSK_POOL_INFO *pool = tsk_pool_open_img_sing(img_info, offset * img_info->sector_size, TSK_POOL_TYPE_DETECT);
const TSK_POOL_INFO *pool = tsk_pool_open_img_sing(img_info, offset, TSK_POOL_TYPE_DETECT);
if (pool == NULL) {
- printf(" Failed to load pool\n");
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_POOL_UNSUPTYPE)
tsk_pool_type_print(stderr);
setThrowTskCoreError(env, tsk_error_get());
}
- printf(" Loaded pool! Has address 0x%x\n", pool);
return (jlong) pool;
}
@@ -1470,21 +1463,11 @@ TODO UPDATe
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_getImgInfoNat
(JNIEnv * env, jclass obj, jlong a_pool_info, jlong pool_block) {
-
- printf("@@@ openGetImgInfoNat - trying to cast pool with address 0x%x\n", a_pool_info);
TSK_POOL_INFO *pool_info = castPoolInfo(env, a_pool_info);
if (pool_info == 0) {
- printf("@@@ openGetImgInfoNat - Invalid cast to pool???\n");
- fflush(stdout);
//exception already set
return 0;
}
-
- printf("Java_org_sleuthkit_datamodel_SleuthkitJNI_openGetImgInfoNat - pool_block = %lld\n", pool_block);
- fflush(stdout);
-
- printf(" Making new img_info\n");
- fflush(stdout);
TSK_IMG_INFO *img_info = pool_info->get_img_info(pool_info, pool_block);
return (jlong)img_info;
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.h b/bindings/java/jni/dataModel_SleuthkitJNI.h
index 14eb6753386b5368814e1ba86cbd4f14a4d7eab2..500aa6bedc29dac8a8083c435903ac158a0357eb 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.h
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.h
@@ -290,10 +290,10 @@ JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openVolNat
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
* Method: openPoolNat
- * Signature: (JJJ)J
+ * Signature: (JJ)J
*/
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openPoolNat
- (JNIEnv *, jclass, jlong, jlong, jlong);
+ (JNIEnv *, jclass, jlong, jlong);
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Pool.java b/bindings/java/src/org/sleuthkit/datamodel/Pool.java
index 754daa56c5402042aa10fb47496b4d3d9e905d89..4c3e12ff3f411388285e5829bdb90856fc0b35bc 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Pool.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Pool.java
@@ -43,7 +43,6 @@ protected Pool(SleuthkitCase db, long obj_id, String name, long type, long imgOf
super(db, obj_id, name);
this.type = type;
this.imgOffset = imgOffset;
- System.out.println("### made a pool! Image offset " + imgOffset + "\n");
}
@Override
@@ -96,7 +95,7 @@ long getPoolHandle() throws TskCoreException {
Content dataSource = getDataSource();
if ((dataSource != null) && (dataSource instanceof Image)) {
Image image = (Image) dataSource;
- poolHandle = SleuthkitJNI.openPool(image.getImageHandle(), imgOffset, getType().getPoolType(), getSleuthkitCase());
+ poolHandle = SleuthkitJNI.openPool(image.getImageHandle(), imgOffset, getSleuthkitCase());
} else {
throw new TskCoreException("Data Source of pool is not an image");
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index 254f4f3e6ec2af4528f7e5a1c2267484766f49fc..94b37a1387828c2504194c89b25bf605a57e1e45 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -835,7 +835,7 @@ public static long openVsPart(long vsHandle, long volId) throws TskCoreException
* @throws TskCoreException exception thrown if critical error occurs within
* TSK
*/
- public static long openPool(long imgHandle, long offset, long poolType, SleuthkitCase skCase) throws TskCoreException {
+ public static long openPool(long imgHandle, long offset, SleuthkitCase skCase) throws TskCoreException {
getTSKReadLock();
try {
if(! imgHandleIsValid(imgHandle)) {
@@ -851,12 +851,10 @@ public static long openPool(long imgHandle, long offset, long poolType, Sleuthki
}
if (HandleCache.getCaseHandles(caseDbPointer).poolHandleCache.containsKey(offset)) {
- System.out.println("\n#### Using the pool cache!");
return HandleCache.getCaseHandles(caseDbPointer).poolHandleCache.get(offset);
} else {
//returned long is ptr to pool Handle object in tsk
- System.out.println("\n#### Trying to open pool at offset " + offset);
- long poolHandle = openPoolNat(imgHandle, offset, poolType);
+ long poolHandle = openPoolNat(imgHandle, offset);
HandleCache.getCaseHandles(caseDbPointer).poolHandleCache.put(offset, poolHandle);
return poolHandle;
}
@@ -1779,7 +1777,7 @@ public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM at
private static native long openVolNat(long vsHandle, long volId) throws TskCoreException;
- private static native long openPoolNat(long imgHandle, long offset, long poolType) throws TskCoreException;
+ private static native long openPoolNat(long imgHandle, long offset) throws TskCoreException;
private static native long getImgInfoNat(long poolHandle, long poolOffset) throws TskCoreException;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TskData.java b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
index 0330c6c0fd31a92a4b4f6262a1d9f9bf50a3f286..ae7263a4549194fd7d6fe9301b39d6d1036cf16e 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TskData.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
@@ -578,6 +578,7 @@ public enum TSK_VS_TYPE_ENUM {
TSK_VS_TYPE_SUN(0x0004, "SUN VTOC"), ///< Sun VTOC NON-NLS
TSK_VS_TYPE_MAC(0x0008, "Mac"), ///< Mac partition table NON-NLS
TSK_VS_TYPE_GPT(0x0010, "GPT"), ///< GPT partition table NON-NLS
+ TSK_VS_TYPE_APFS(0x0020, "APFS"), ///< APFS pool NON-NLS
TSK_VS_TYPE_DBFILLER(0x00F0, bundle.getString("TskData.tskVSTypeEnum.fake")), ///< fake partition table type for loaddb (for images that do not have a volume system)
TSK_VS_TYPE_UNSUPP(0xFFFF, bundle.getString("TskData.tskVSTypeEnum.unsupported")); ///< Unsupported
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Volume.java b/bindings/java/src/org/sleuthkit/datamodel/Volume.java
index 4c77d965a05a0aa6624df16fef309b4509b79652..df007479eeed02f4908de68264d05bbfce4e1a73 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Volume.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Volume.java
@@ -68,6 +68,12 @@ public int read(byte[] buf, long offset, long len) throws TskCoreException {
throw new TskCoreException(bundle.getString("Volume.read.exception.msg1.text"));
}
VolumeSystem parentVs = (VolumeSystem) myParent;
+
+ // Reading from APFS volumes/volume systems is not yet supported
+ if (parentVs.getType().equals(TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS)) {
+ throw new TskCoreException("Reading APFS pool volumes not yet supported");
+ }
+
// read from the volume
if (volumeHandle == 0) {
volumeHandle = SleuthkitJNI.openVsPart(parentVs.getVolumeSystemHandle(), addr);
diff --git a/tsk/auto/auto.cpp b/tsk/auto/auto.cpp
index 49e568a42e28d703434546b081fef231b81a8adf..39775dd6cf74c852cd17a31362453caea8a9ccaf 100755
--- a/tsk/auto/auto.cpp
+++ b/tsk/auto/auto.cpp
@@ -431,10 +431,10 @@ TskAuto::findFilesInPool(TSK_OFF_T start, TSK_POOL_TYPE_ENUM ptype)
// see if the super class wants to continue with this.
TSK_FILTER_ENUM retval1 = filterPool(pool);
- //if (retval1 == TSK_FILTER_SKIP)
- // return TSK_WALK_CONT;
- //else if ((retval1 == TSK_FILTER_STOP) || (tsk->getStopProcessing()))
- // return TSK_WALK_STOP;
+ if (retval1 == TSK_FILTER_SKIP)
+ return TSK_OK;
+ else if ((retval1 == TSK_FILTER_STOP))
+ return TSK_STOP;
/* Only APFS pools are currently supported */
if (pool->ctype == TSK_POOL_TYPE_APFS) {
@@ -449,32 +449,29 @@ TskAuto::findFilesInPool(TSK_OFF_T start, TSK_POOL_TYPE_ENUM ptype)
}
if (filterRetval != TSK_FILTER_SKIP) {
- printf("findFilesInPool - should be making new pool_img...\n");
- fflush(stdout);
TSK_IMG_INFO *pool_img = pool->get_img_info(pool, vol_info->block);
if (pool_img != NULL) {
- printf("Calling apfs_open with image of type 0x%x\n", pool_img->itype);
TSK_FS_INFO *fs_info = apfs_open(pool_img, 0, TSK_FS_TYPE_APFS, "");
if (fs_info) {
- printf("Image in fs_info from apfs_open has type 0x%x\n", fs_info->img_info->itype);
- fflush(stdout);
TSK_RETVAL_ENUM retval = findFilesInFsInt(fs_info, fs_info->root_inum);
tsk_fs_close(fs_info);
if (retval == TSK_STOP) {
+ pool_img->close(pool_img);
pool->close(pool);
return TSK_STOP;
}
}
else {
pool_img->close(pool_img);
+ pool->close(pool);
tsk_error_set_errstr2(
"findFilesInPool: Error opening APFS file system");
registerError();
return TSK_ERR;
}
- // Don't close pool_img here because it will also close the pool
+ tsk_img_close(pool_img);
}
else {
pool->close(pool);
diff --git a/tsk/auto/auto_db.cpp b/tsk/auto/auto_db.cpp
index 81b38b1741928e8fc652e9b34313aaac785d8277..bea8330352643e82532c07834e056b334f3115fb 100755
--- a/tsk/auto/auto_db.cpp
+++ b/tsk/auto/auto_db.cpp
@@ -307,9 +307,7 @@ TSK_FILTER_ENUM TskAutoDb::filterVs(const TSK_VS_INFO * vs_info)
TSK_FILTER_ENUM
TskAutoDb::filterPool(const TSK_POOL_INFO * pool_info)
{
- printf("filterPool\n");
-
- m_poolFound = true; // TODO - this needs to get reset at some point
+ m_poolFound = true;
if (m_volFound && m_vsFound) {
// there's a volume system and volume
@@ -334,8 +332,6 @@ TskAutoDb::filterPool(const TSK_POOL_INFO * pool_info)
TSK_FILTER_ENUM
TskAutoDb::filterPoolVol(const TSK_POOL_VOLUME_INFO * pool_vol)
{
- printf("filterPoolVol 0x%llx\n", pool_vol->index);
- //m_curPoolVol = pool_vol->index;
if (m_db->addPoolVolumeInfo(pool_vol, m_curPoolVs, m_curPoolVol)) {
registerError();
@@ -350,6 +346,7 @@ TskAutoDb::filterVol(const TSK_VS_PART_INFO * vs_part)
{
m_volFound = true;
m_foundStructure = true;
+ m_poolFound = false;
if (m_db->addVolumeInfo(vs_part, m_curVsId, m_curVolId)) {
registerError();
@@ -565,9 +562,6 @@ TskAutoDb::startAddImage(TSK_IMG_INFO * img_info, const char* deviceId)
return 1;
}
- printf("TskAutoDb::startAddImage\n");
- fflush(stdout);
-
if (tsk_verbose)
tsk_fprintf(stderr, "TskAutoDb::startAddImage: Starting add image process\n");
diff --git a/tsk/auto/db_sqlite.cpp b/tsk/auto/db_sqlite.cpp
index 921d27055fc99abc16da594dc402e7fa644d9ece..1ad9ad0e678039c8d2c1b63b006a93df74bf9703 100755
--- a/tsk/auto/db_sqlite.cpp
+++ b/tsk/auto/db_sqlite.cpp
@@ -764,7 +764,7 @@ TskDbSqlite::addPoolInfo(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64
return 1;
snprintf(stmt, 1024,
- "INSERT INTO tsk_pool_info (obj_id, img_offset, pool_type) VALUES (%" PRId64 ",%" PRIuDADDR ",%d)", poolObjId, pool_info->img_offset, pool_info->ctype); // TODO - offset
+ "INSERT INTO tsk_pool_info (obj_id, img_offset, pool_type) VALUES (%" PRId64 ",%" PRIuDADDR ",%d)", poolObjId, pool_info->img_offset, pool_info->ctype);
int retVal = attempt_exec(stmt,
@@ -777,7 +777,7 @@ TskDbSqlite::addPoolInfo(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64
return 1;
snprintf(stmt, 1024,
- "INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (%" PRId64 ", %d,%" PRIuDADDR ",%d)", objId, 0, pool_info->img_offset, pool_info->block_size); // TODO - offset
+ "INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (%" PRId64 ", %d,%" PRIuDADDR ",%d)", objId, TSK_VS_TYPE_APFS, pool_info->img_offset, pool_info->block_size); // TODO - offset
return attempt_exec(stmt,
"Error adding data to tsk_vs_info table: %s\n");
@@ -847,8 +847,6 @@ TskDbSqlite::addFsInfo(const TSK_FS_INFO* fs_info, int64_t parObjId,
if (addObject(TSK_DB_OBJECT_TYPE_FS, parObjId, objId))
return 1;
- printf("addFsInfo\n");
- fflush(stdout);
TSK_OFF_T pool_block = 0L;
if (fs_info->img_info->itype == TSK_IMG_TYPE_POOL) {
IMG_POOL_INFO *pool_img = (IMG_POOL_INFO*)fs_info->img_info;
diff --git a/tsk/fs/fs_open.c b/tsk/fs/fs_open.c
index 92362877d6771d849233696ff3583caa4bab4cbd..e1d0cb4a62f194659a3d32c0fb5a2f50887677d6 100755
--- a/tsk/fs/fs_open.c
+++ b/tsk/fs/fs_open.c
@@ -224,8 +224,6 @@ tsk_fs_open_img_decrypt(TSK_IMG_INFO * a_img_info, TSK_OFF_T a_offset,
return yaffs2_open(a_img_info, a_offset, a_ftype, 0);
}
else if (TSK_FS_TYPE_ISAPFS(a_ftype)) {
- printf("Opening apfs\n");
- fflush(stdout);
return apfs_open(a_img_info, a_offset, a_ftype, a_pass);
}
tsk_error_reset();
diff --git a/tsk/pool/apfs_pool_compat.cpp b/tsk/pool/apfs_pool_compat.cpp
index 9102776b7994b29968b1da28e5bb60d7ae8920d4..77443f557c59cc26f785123dc3acd51ce3e14d47 100755
--- a/tsk/pool/apfs_pool_compat.cpp
+++ b/tsk/pool/apfs_pool_compat.cpp
@@ -296,8 +296,6 @@ apfs_img_imgstat(TSK_IMG_INFO * img_info, FILE *file)
static ssize_t
apfs_img_read(TSK_IMG_INFO * img_info, TSK_OFF_T offset, char *buf, size_t len)
{
- printf("apfs_img_read: reading offset 0x%llx\n", offset);
- fflush(stdout);
IMG_POOL_INFO *pool_img_info = (IMG_POOL_INFO *)img_info;
const auto pool = static_cast<APFSPoolCompat*>(pool_img_info->pool_info->impl);
TSK_IMG_INFO *origInfo = pool->getTSKImgInfo(0);
diff --git a/tsk/vs/mm_open.c b/tsk/vs/mm_open.c
index 1599370561c4a8c3f3451ee852784c5163c16447..f8bdce2e9759ad7c7a9b174003436608c6b46029 100644
--- a/tsk/vs/mm_open.c
+++ b/tsk/vs/mm_open.c
@@ -194,6 +194,7 @@ tsk_vs_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset,
return tsk_vs_sun_open(img_info, offset);
case TSK_VS_TYPE_GPT:
return tsk_vs_gpt_open(img_info, offset);
+ case TSK_VS_TYPE_APFS: // Not supported yet
case TSK_VS_TYPE_UNSUPP:
default:
tsk_error_reset();
diff --git a/tsk/vs/tsk_vs.h b/tsk/vs/tsk_vs.h
index 25b890b938afeb32ad8b5fffce08a20dd28cced9..5432df34bfeabc99cc1a5e5dba4b0858b9ad09da 100644
--- a/tsk/vs/tsk_vs.h
+++ b/tsk/vs/tsk_vs.h
@@ -53,6 +53,7 @@ extern "C" {
TSK_VS_TYPE_SUN = 0x0004, ///< Sun VTOC
TSK_VS_TYPE_MAC = 0x0008, ///< Mac partition table
TSK_VS_TYPE_GPT = 0x0010, ///< GPT partition table
+ TSK_VS_TYPE_APFS = 0x0020, ///< APFS
TSK_VS_TYPE_DBFILLER = 0x00F0, ///< fake partition table type for loaddb (for images that do not have a volume system)
TSK_VS_TYPE_UNSUPP = 0xffff, ///< Unsupported
} TSK_VS_TYPE_ENUM;