diff --git a/bindings/java/highlghts.txt b/bindings/java/highlghts.txt
new file mode 100755
index 0000000000000000000000000000000000000000..8a542899e147c6f4623129198370359d44d894bc
--- /dev/null
+++ b/bindings/java/highlghts.txt
@@ -0,0 +1,8 @@
+Highlights:
+
+- Interpretation of the file path supplied when opening a hash database now occurs
+in in tsk_hdb_open(). Path strings are not swapped - the database path is written once and then not changed.
+- TODO: Explain inheritance and options.
+- It is no longer possible to create duplicate rows in the comment and file_names tables in SQLite hash databases.
+- The "last id" business has been removed from the SQLite hash database implementation.
+- Fixed size arrays for paths are not used in the JNI code.
\ No newline at end of file
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.cpp b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
index 9b99edec39df3b5537389b4335276ce78c7cf08e..e4c6dd957994757b8639ce5f3f040e49655413ce 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.cpp
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
@@ -256,11 +256,11 @@ JNIEXPORT void JNICALL
}
/**
- * Opens a hash database to use for hash lookups.
- * @param env Pointer to Java environment from which this method was called
- * @param obj The Java object from which this method was called
- * @param pathJ The path to the hash database
- * @return A handle for the hash database
+ * Opens an existing hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param pathJ The path to the hash database.
+ * @return A handle for the hash database.
*/
JNIEXPORT jint JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbOpenNat(JNIEnv * env,
@@ -269,9 +269,9 @@ JNIEXPORT jint JNICALL
TSK_TCHAR pathT[1024];
toTCHAR(env, pathT, 1024, pathJ);
TSK_HDB_INFO *db = tsk_hdb_open(pathT, TSK_HDB_OPEN_NONE);
- if(!db)
+ if (!db)
{
- setThrowTskCoreError(env);
+ setThrowTskCoreError(env, tsk_error_get_errstr());
return -1;
}
@@ -283,8 +283,8 @@ JNIEXPORT jint JNICALL
/**
* Creates a new hash database.
- * @param env Pointer to Java environment from which this method was called
- * @param obj The Java object from which this method was called
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
* @param pathJ The path to the hash database.
* @return A handle for the hash database.
*/
@@ -295,13 +295,13 @@ JNIEXPORT jint JNICALL
TSK_TCHAR pathT[1024];
toTCHAR(env, pathT, 1024, pathJ);
if (tsk_hdb_create(pathT)) {
- setThrowTskCoreError(env);
+ setThrowTskCoreError(env, tsk_error_get_errstr());
return -1;
}
TSK_HDB_INFO *db = tsk_hdb_open(pathT, TSK_HDB_OPEN_NONE);
if (!db) {
- setThrowTskCoreError(env);
+ setThrowTskCoreError(env, tsk_error_get_errstr());
return -1;
}
@@ -314,16 +314,16 @@ JNIEXPORT jint JNICALL
/**
* Adds data to a hash database.
* @param env Pointer to Java environment from which this method was called.
- * @param obj The Java object from which this method was called
- * @param filenameJ Name of the file that was hashed (can be null)
- * @param hashMd5J Text of MD5 hash (can be null)
- * @param hashSha1J Text of SHA1 hash (can be null)
- * @param hashSha256J Text of SHA256 hash (can be null)
- * @param dbHandle A handle for the hash database
- * @return 1 on error and 0 on success
+ * @param obj The Java object from which this method was called.
+ * @param filenameJ Name of the file that was hashed (can be null).
+ * @param hashMd5J MD5 hash of file contents (can be null).
+ * @param hashSha1J SHA-1 hash of file contents (can be null).
+ * @param hashSha256J Text of SHA256 hash (can be null).
+ * @param dbHandle A handle for the hash database.
+ * @return 1 on error and 0 on success.
*/
JNIEXPORT jint JNICALL
- Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbAddRecordNat(JNIEnv * env,
+ Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbAddEntryNat(JNIEnv * env,
jclass obj, jstring filenameJ, jstring hashMd5J, jstring hashSha1J, jstring hashSha256J,
jstring commentJ, jint dbHandle)
{
@@ -351,7 +351,7 @@ JNIEXPORT jint JNICALL
const char * comment = commentJ ? (const char *) env->GetStringUTFChars(commentJ, &isCopy) : NULL;
if (tsk_hdb_add_entry(db, name, md5, sha1, sha256, comment)) {
- setThrowTskCoreError(env, "Failed to add records to hash database");
+ setThrowTskCoreError(env, tsk_error_get_errstr());
}
if (filenameJ) {
@@ -380,9 +380,9 @@ JNIEXPORT jint JNICALL
/**
* Queries whether or not a hash database accepts updates.
* @param env Pointer to Java environment from which this method was called.
- * @param obj The Java object from which this method was called
- * @param dbHandle A handle for the hash database
- * @return True if hash database can be updated
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return True if hash database can be updated.
*/
JNIEXPORT jboolean JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbIsUpdateableNat(JNIEnv * env,
@@ -399,15 +399,16 @@ JNIEXPORT jboolean JNICALL
return (jboolean)false;
}
- return (jboolean)(db->accepts_updates() == static_cast<uint8_t>(1));
+ return (jboolean)(tsk_hdb_accepts_updates(db) == static_cast<uint8_t>(1));
}
/**
- * Queries whether or not a hash database can be indexed.
+ * Queries whether or not a hash database can be re-indexed. Only text-format
+ * databases with external indexes can be re-indexed.
* @param env Pointer to Java environment from which this method was called.
- * @param obj The Java object from which this method was called
- * @param dbHandle A handle for the hash database
- * @return True if hash database can be updated
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return True if hash database can be indexed.
*/
JNIEXPORT jboolean JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbIsReindexableNat(JNIEnv * env,
@@ -424,23 +425,21 @@ JNIEXPORT jboolean JNICALL
return (jboolean)false;
}
- return (jboolean)(db->uses_external_indexes() == static_cast<uint8_t>(1));
+ return (jboolean)((tsk_hdb_uses_external_indexes(db) == static_cast<uint8_t>(1)) &&
+ (!tsk_hdb_is_idx_only(db) == static_cast<uint8_t>(1)));
}
-// RJCTODO: Need to restore declaration in header file. Need to update Autopsy for receiving NULL.
-// RJCTODO: Finish comment
/**
+ * Gets the path of a hash database.
* @param env Pointer to Java environment from which this method was called.
- * @param obj The Java object from which this method was called
- * @param dbHandle A handle for the hash database
- * @return Path to the hash database,
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return Path to the hash database or "None" if no path is available.
*/
JNIEXPORT jstring JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbPathNat(JNIEnv * env,
jclass obj, jint dbHandle)
{
- char cpath[1024]; // RJCTODO: Are these big enough? malloc some space instead?
-
if((size_t)dbHandle > hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
return NULL;
@@ -452,29 +451,32 @@ JNIEXPORT jstring JNICALL
return NULL;
}
- jstring jpath = NULL;
- const TSK_TCHAR *db_path = tsk_hdb_get_db_path(db);
- if (NULL != db_path) {
- snprintf(cpath, 1024, "%" PRIttocTSK, db_path);
- jpath = env->NewStringUTF(cpath);
+ jstring jPath = NULL;
+ const TSK_TCHAR *dbPath = tsk_hdb_get_db_path(db);
+ if (NULL != dbPath) {
+ const size_t pathLength = TSTRLEN(dbPath);
+ char *cPath = (char*)tsk_malloc((pathLength + 1) * sizeof(char));
+ snprintf(cPath, pathLength + 1, "%" PRIttocTSK, dbPath);
+ jPath = env->NewStringUTF(cPath);
+ free(cPath);
}
- return jpath;
+ else {
+ jPath = env->NewStringUTF("None");
+ }
+ return jPath;
}
-// RJCTODO: Fix comment.
/*
- * Get path of external index.
- * @param env pointer to java environment this was called from
- * @param obj the java object this was called from
- * @param dbHandle Which DB.
- * @return path
+ * Gets the path of the external MD5 hash index for a text-format database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return Path to the requested index or "None" if no path is available.
*/
JNIEXPORT jstring JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbIndexPathNat(JNIEnv * env,
jclass obj, jint dbHandle)
{
- char cpath[1024];
-
if((size_t)dbHandle > hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
return NULL;
@@ -487,22 +489,30 @@ JNIEXPORT jstring JNICALL
}
// Currently only supporting md5 indexes through Java binding.
- jstring jpath = NULL;
- const TSK_TCHAR *db_path = tsk_hdb_get_idx_path(db, TSK_HDB_HTYPE_MD5_ID);
- if (NULL != db_path) {
- snprintf(cpath, 1024, "%" PRIttocTSK, db_path);
- jpath = env->NewStringUTF(cpath);
+ jstring jPath = NULL;
+ const TSK_TCHAR *indexPath = tsk_hdb_get_idx_path(db, TSK_HDB_HTYPE_MD5_ID);
+ if (NULL != indexPath) {
+ const size_t pathLength = TSTRLEN(indexPath);
+ char *cPath = (char*)tsk_malloc((pathLength + 1) * sizeof(char));
+ snprintf(cPath, pathLength + 1, "%" PRIttocTSK, indexPath);
+ jPath = env->NewStringUTF(cPath);
+ free(cPath);
+ }
+ else {
+ jPath = env->NewStringUTF("None");
}
- return jpath;
+ return jPath;
}
-// RJCTODO: Fix comment.
/**
- * Test for index only (no original Db file) legacy (IDX format).
- * @param env pointer to java environment this was called from
- * @param obj the java object this was called from
- * @param dbHandle Which DB.
- * @return true if index only AND is legacy
+ * Queries whether the hash database is actually an external index for a
+ * text-format database that is being used for simple yes/no look ups in
+ * place of the roginal hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return True if the hash database is an external index serving as a
+ * database.
*/
JNIEXPORT jboolean JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbIsIdxOnlyNat(JNIEnv * env,
@@ -519,21 +529,19 @@ JNIEXPORT jboolean JNICALL
return (jboolean)false;
}
- return (jboolean)(db->db_type == TSK_HDB_DBTYPE_IDXONLY_ID);
+ return (jboolean)(tsk_hdb_is_idx_only(db) == static_cast<uint8_t>(1));
}
-// RJCTODO: Fix comment.
/**
- * Get the name of the database pointed to by path
- * @param env pointer to java environment this was called from
- * @param obj the java object this was called from
- * @param dbHandle Which DB.
+ * Gets the display name of a hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return The display name.
*/
-JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbGetName
+JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbGetDisplayName
(JNIEnv * env, jclass obj, jint dbHandle)
{
- char c_name[1024];
-
if((size_t)dbHandle > hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
return NULL;
@@ -546,21 +554,18 @@ JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbGetNam
}
jstring j_name = NULL;
- const char *db_name = tsk_hdb_get_name(db);
+ const char *db_name = tsk_hdb_get_display_name(db);
if (NULL != db_name) {
- snprintf(c_name, 1024, "%" PRIttocTSK, db_name);
- j_name = env->NewStringUTF(c_name);
+ j_name = env->NewStringUTF(db_name);
}
return j_name;
}
-// RJCTODO: Fix comment.
/**
- * Close all hash dbs and destroy associated memory structures.
- * And it resets the handle counting.
- * @param env pointer to java environment this was called from
- * @param obj the java object this was called from
- * @param dbHandle Which DB.
+ * Closes all open hash databases.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
*/
JNIEXPORT void JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbCloseAll(JNIEnv * env,
@@ -575,13 +580,11 @@ JNIEXPORT void JNICALL
hashDbs.clear();
}
-// RJCTODO: Fix comment.
/**
- * Close a hash db and destroy associated memory structures.
- * Existing handles are not affected.
- * @param env pointer to java environment this was called from
- * @param obj the java object this was called from
- * @param dbHandle Which DB.
+ * Closes a hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
*/
JNIEXPORT void JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbClose(JNIEnv * env,
@@ -605,11 +608,12 @@ JNIEXPORT void JNICALL
hashDbs.at(dbHandle-1) = NULL;
}
-// RJCTODO: Fix comment.
/**
- * Class: org_sleuthkit_datamodel_SleuthkitJNI
- * Method: hashDbLookup
- * Signature: (Ljava/lang/String;)I
+ * Looks up a hash in a hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return True if the hash is found in the hash database, false otherwise.
*/
JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbLookup
(JNIEnv * env, jclass obj, jstring hash, jint dbHandle)
@@ -626,26 +630,28 @@ JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbLooku
}
jboolean isCopy;
- const char *md5 = (const char *) env->GetStringUTFChars(hash, &isCopy);
+ const char *cHashStr = (const char *) env->GetStringUTFChars(hash, &isCopy);
jboolean file_known = false;
- int8_t retval = tsk_hdb_lookup_str(db, md5, TSK_HDB_FLAG_QUICK, NULL, NULL);
+ int8_t retval = tsk_hdb_lookup_str(db, cHashStr, TSK_HDB_FLAG_QUICK, NULL, NULL);
if (retval == -1) {
- setThrowTskCoreError(env);
+ setThrowTskCoreError(env, tsk_error_get_errstr());
}
else if (retval) {
file_known = true;
}
- env->ReleaseStringUTFChars(hash, (const char *) md5);
+ env->ReleaseStringUTFChars(hash, (const char *) cHashStr);
return file_known;
}
-/*
- * Class: org_sleuthkit_datamodel_SleuthkitJNI
- * Method: hashDbLookupVerbose
- * Signature: (Ljava/lang/String;)I
+/**
+ * Looks up a hash in a hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return A HashInfo object if the hash is found, NULL otherwise.
*/
JNIEXPORT jobject JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbLookupVerbose
(JNIEnv * env, jclass obj, jstring hash, jint dbHandle) {
@@ -659,40 +665,23 @@ JNIEXPORT jobject JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbLookup
setThrowTskCoreError(env, "Invalid database handle");
return NULL;
}
-
-
- if (tsk_hdb_has_verbose_lookup(db) == 0) {
- setThrowTskCoreError(env, "Invalid database operation, verbose lookup not supported");
- return NULL;
- }
-
- // RJCTODO: need to check to see how Sam's new code is handling this for the sake of integration
- // (or is there code in this code base in AbstractAbstractFileNode?)
-
jboolean isCopy;
const char *inputHash = (const char *) env->GetStringUTFChars(hash, &isCopy);
TskHashInfo result;
- int8_t return_code = tsk_hdb_lookup_verbose_str(db, inputHash, (void*)&result);
- if (-1 == return_code) {
- setThrowTskCoreError(env, "Error doing lookup"); // RJCTODO: Can get error message from TSK here?
- env->ReleaseStringUTFChars(hash, (const char *) inputHash);
+ int8_t returnCode = tsk_hdb_lookup_verbose_str(db, inputHash, (void*)&result);
+ env->ReleaseStringUTFChars(hash, (const char *) inputHash);
+ if (returnCode == -1) {
+ setThrowTskCoreError(env, tsk_error_get_errstr());
return NULL;
}
- else if (0 == return_code) {
- env->ReleaseStringUTFChars(hash, (const char *) inputHash);
+ else if (0 == returnCode) {
return NULL;
}
- // Build the Java version of the TskHashInfo object
- jclass clazz;
- clazz = env->FindClass("org/sleuthkit/datamodel/HashInfo");
- jmethodID ctor = env->GetMethodID(clazz, "<init>", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V");
- jmethodID addName = env->GetMethodID(clazz, "addName", "(Ljava/lang/String;)V");
- jmethodID addComment = env->GetMethodID(clazz, "addComment", "(Ljava/lang/String;)V");
-
- //convert hashes
+ // Convert the hashes from the hash database so they can be written into
+ // the Java version of a HashInfo object.
const char *md5 = result.hashMd5.c_str();
jstring md5j = env->NewStringUTF(md5);
@@ -702,24 +691,22 @@ JNIEXPORT jobject JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbLookup
const char *sha256 = result.hashSha2_256.c_str();
jstring sha256j = env->NewStringUTF(sha256);
- // make the object
- jobject object = object = env->NewObject(clazz, ctor, md5j, sha1j, sha256j);
-
- // finish populating the object
+ // Create and return a Java HashInfo object.
+ jclass clazz;
+ clazz = env->FindClass("org/sleuthkit/datamodel/HashInfo");
+ jmethodID ctor = env->GetMethodID(clazz, "<init>", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V");
+ jmethodID addName = env->GetMethodID(clazz, "addName", "(Ljava/lang/String;)V");
+ jmethodID addComment = env->GetMethodID(clazz, "addComment", "(Ljava/lang/String;)V");
+ jobject hashInfo = env->NewObject(clazz, ctor, md5j, sha1j, sha256j);
for (std::vector<std::string>::iterator it = result.fileNames.begin(); it != result.fileNames.end(); ++it) {
jstring namej = env->NewStringUTF((*it).c_str());
- env->CallVoidMethod(object, addName, namej);
+ env->CallVoidMethod(hashInfo, addName, namej);
}
-
for (std::vector<std::string>::iterator it = result.comments.begin(); it != result.comments.end(); ++it) {
jstring commentj = env->NewStringUTF((*it).c_str());
- env->CallVoidMethod(object, addComment, commentj);
+ env->CallVoidMethod(hashInfo, addComment, commentj);
}
-
- // Cleanup
- env->ReleaseStringUTFChars(hash, (const char *) inputHash);
-
- return object;
+ return hashInfo;
}
/*
@@ -1633,15 +1620,14 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_startVerboseLoggingNat
}
/*
- * Create an index for the given database
- * @param env pointer to java environment this was called from
- * @param obj the java object this was called from
- * @param overwrite flag indicating if the old db (if it exists) can be deleted
- * @param dbHandle handle for the database
+ * Creates an MD5 index for a hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
*/
JNIEXPORT void JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbCreateIndexNat (JNIEnv * env,
- jclass obj, jint dbHandle, jboolean overwrite)
+ jclass obj, jint dbHandle)
{
if((size_t)dbHandle > hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
@@ -1654,11 +1640,6 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbCreateIndexNat (JNIEnv * env,
return;
}
- if (!db->uses_external_indexes) {
- setThrowTskCoreError(env, "Database does not have an external index");
- return;
- }
-
TSK_TCHAR idx_type[1024];
if(db->db_type == TSK_HDB_DBTYPE_MD5SUM_ID) {
TSNPRINTF(idx_type, 1024, _TSK_T("%") PRIcTSK, TSK_HDB_DBTYPE_MD5SUM_STR);
@@ -1676,15 +1657,16 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbCreateIndexNat (JNIEnv * env,
}
if (tsk_hdb_make_index(db, idx_type) != 0) {
- setThrowTskCoreError(env);
+ setThrowTskCoreError(env, tsk_error_get_errstr());
}
}
/*
- * Check if a lookup index exists for the given hash database.
- * @param env pointer to java environment this was called from
- * @param obj the java object this was called from
- * @param dbHandle handle for the database
+ * Queries whether or not an index for MD5 look ups exists for a hash database.
+ * @param env Pointer to Java environment from which this method was called.
+ * @param obj The Java object from which this method was called.
+ * @param dbHandle A handle for the hash database.
+ * @return True if the index exists.
*/
JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbIndexExistsNat
(JNIEnv * env, jclass obj, jint dbHandle) {
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.h b/bindings/java/jni/dataModel_SleuthkitJNI.h
index 32544c35a148baef6fe8a2486472212047319d21..c2eed0af193ad45a11a8cfc5936688c75c86b2e4 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.h
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.h
@@ -1,4 +1,3 @@
-/* DO NOT EDIT THIS FILE - it is machine generated */
#include <jni.h>
/* Header for class org_sleuthkit_datamodel_SleuthkitJNI */
@@ -72,7 +71,7 @@ JNIEXPORT jint JNICALL
* Signature:
*/
JNIEXPORT jint JNICALL
- Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbAddRecordNat(JNIEnv * env,
+ Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbAddEntryNat(JNIEnv * env,
jclass obj, jstring filenameJ, jstring hashMd5J, jstring hashSha1J, jstring hashSha256J,
jstring commentJ, jint dbHandle);
@@ -126,7 +125,7 @@ JNIEXPORT jstring JNICALL
* Method: hashDbGetName
* Signature:
*/
-JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbGetName
+JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbGetDisplayName
(JNIEnv *, jclass, jint dbHandle);
/*
@@ -319,7 +318,7 @@ JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeFileNat
* Signature:
*/
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_hashDbCreateIndexNat
- (JNIEnv *, jclass, jint, jboolean);
+ (JNIEnv *, jclass, jint);
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index edf73f7cb20c46116c2c25442de1e23077be0d6e..fb4225c6e3c5f60364f73e6d83c7e8ab2b0f0417 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -25,7 +25,6 @@
import java.util.Map;
import java.util.TimeZone;
import org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM;
-import org.sleuthkit.datamodel.HashInfo;
/**
* Interfaces with the Sleuthkit TSK c/c++ libraries Supports case management,
@@ -55,7 +54,7 @@ public class SleuthkitJNI {
private static native int hashDbNewNat(String hashDbPath) throws TskCoreException;
- private static native int hashDbAddRecordNat(String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle) throws TskCoreException;
+ private static native int hashDbAddEntryNat(String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle) throws TskCoreException;
private static native boolean hashDbIsUpdateableNat(int dbHandle);
@@ -65,14 +64,14 @@ public class SleuthkitJNI {
private static native String hashDbIndexPathNat(int dbHandle);
- private static native String hashDbGetName(int dbHandle) throws TskCoreException;
+ private static native String hashDbGetDisplayName(int dbHandle) throws TskCoreException;
private static native void hashDbCloseAll() throws TskCoreException;
private static native void hashDbClose(int dbHandle) throws TskCoreException;
//hash-lookup database functions
- private static native void hashDbCreateIndexNat(int dbHandle, boolean overwrite) throws TskCoreException;
+ private static native void hashDbCreateIndexNat(int dbHandle) throws TskCoreException;
private static native boolean hashDbIndexExistsNat(int dbHandle) throws TskCoreException;
@@ -567,11 +566,10 @@ public static void closeFile(long fileHandle) {
* Create an index for the given database path.
*
* @param dbPath The path to the database
- * @param overwrite flag indicating if the old db (if it exists) can be deleted
* @throws TskCoreException if a critical error occurs within TSK core
*/
- public static void createLookupIndexForHashDatabase(int dbHandle, boolean overwrite) throws TskCoreException {
- hashDbCreateIndexNat(dbHandle, overwrite);
+ public static void createLookupIndexForHashDatabase(int dbHandle) throws TskCoreException {
+ hashDbCreateIndexNat(dbHandle);
}
@@ -656,18 +654,16 @@ public static void closeHashDatabase(int dbHandle) throws TskCoreException {
hashDbClose(dbHandle);
}
-
/**
* Get the name of the database
*
* @param dbHandle previously opened hash db handle
* @throws TskCoreException if a critical error occurs within TSK core
*/
- public static String getHashDatabaseName(int dbHandle) throws TskCoreException {
- return hashDbGetName(dbHandle);
+ public static String getHashDatabaseDisplayName(int dbHandle) throws TskCoreException {
+ return hashDbGetDisplayName(dbHandle);
}
-
public static boolean lookupInHashDatabase(String hash, int dbHandle) throws TskCoreException {
return hashDbLookup(hash, dbHandle);
}
@@ -686,7 +682,7 @@ public static HashInfo lookupInHashDatabaseVerbose(String hash, int dbHandle) th
* @throws TskCoreException
*/
public static void addToHashDatabase(String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException {
- hashDbAddRecordNat(filename, md5, sha1, sha256, comment, dbHandle);
+ hashDbAddEntryNat(filename, md5, sha1, sha256, comment, dbHandle);
}
@@ -694,11 +690,10 @@ public static boolean isUpdateableHashDatabase(int dbHandle) throws TskCoreExcep
return hashDbIsUpdateableNat(dbHandle);
}
- public static boolean hashDatabaseHasLegacyLookupIndexOnly(int dbHandle) throws TskCoreException {
+ public static boolean hashDatabaseIsIndexOnly(int dbHandle) throws TskCoreException {
return hashDbIsIdxOnlyNat(dbHandle);
}
-
/**
* Convert this timezone from long to short form
* Convert timezoneLongForm passed in from long to short form
diff --git a/bindings/java/test/org/sleuthkit/datamodel/HashDbTest.java b/bindings/java/test/org/sleuthkit/datamodel/HashDbTest.java
index 7c6fa5db9ea8a6e54a16a84cd39e5c35fef55368..6abbacd77729f38f383f8459551519e828f940e1 100644
--- a/bindings/java/test/org/sleuthkit/datamodel/HashDbTest.java
+++ b/bindings/java/test/org/sleuthkit/datamodel/HashDbTest.java
@@ -151,7 +151,7 @@ public void testHashDb() {
boolean isUpdateable = SleuthkitJNI.isUpdateableHashDatabase(handle);
assertTrue(isUpdateable);
- boolean hlio = SleuthkitJNI.hashDatabaseHasLegacyLookupIndexOnly(handle);
+ boolean hlio = SleuthkitJNI.hashDatabaseHasIndexOnly(handle);
assertFalse(hlio);
// Close it out
diff --git a/samples/callback-cpp-style.cpp b/samples/callback-cpp-style.cpp
index c212726812a74accac873fd103c36da7e27cfedc..e7280c6a4fb7c0f9545454697568d54c86448ae4 100644
--- a/samples/callback-cpp-style.cpp
+++ b/samples/callback-cpp-style.cpp
@@ -118,6 +118,7 @@ procFile(TskFsFile * fs_file, const char *path)
}
#endif
#if DO_HASHLOOKUP
+ // This code is not currently viable; TskHdbInfo implementation is incomplete.
{
int retval;
retval = tsk_hdb_lookup_raw(hdb_info, (uint8_t *) hash, 16,
@@ -291,6 +292,7 @@ main(int argc, char **argv1)
}
#if DO_HASHLOOKUP
+ // This code is not currently viable; TskHdbInfo implementation is incomplete.
/* Setup hash infrastructure */
if ((hdb_info =
tsk_hdb_open(_TSK_T("/XXX/NSRLFile.txt"),
diff --git a/samples/callback-style.cpp b/samples/callback-style.cpp
index 8ec1552a4eae5f19c266678f71ebd4b02b952692..4e819fd7c12a8de462e7fa826df5934a06be4e94 100644
--- a/samples/callback-style.cpp
+++ b/samples/callback-style.cpp
@@ -296,7 +296,7 @@ main(int argc, char **argv1)
exit(1);
}
- if (tsk_hdb_idxsetup(hdb_info, TSK_HDB_HTYPE_MD5_ID) == 0) {
+ if (tsk_hdb_open_idx(hdb_info, TSK_HDB_HTYPE_MD5_ID) == 0) {
fprintf(stderr,
"Hash database does not have an index (create one using hfind -i nsrl-md5 HASHFILE\n");
exit(1);
diff --git a/tools/hashtools/hfind.cpp b/tools/hashtools/hfind.cpp
index 3e198239ba2f9bcd9c8fc14edb779550daeb86de..2cc0522206614d1e8eef60ec49041548cb7f847a 100644
--- a/tools/hashtools/hfind.cpp
+++ b/tools/hashtools/hfind.cpp
@@ -22,7 +22,6 @@ static TSK_TCHAR *progname;
static void
usage()
{
- // RJCTODO: I think the db types list ios really an index type list...
TFPRINTF(stderr,
_TSK_T
("usage: %s [-eqVa] [-c] [-f lookup_file] [-i db_type] db_file [hashes]\n"),
@@ -42,7 +41,7 @@ usage()
"\tdb_file: The path of the hash database, must have .kdb extension for -c option\n");
tsk_fprintf(stderr,
"\t[hashes]: hashes to lookup (STDIN is used otherwise)\n");
- tsk_fprintf(stderr, "\n\tSupported types: %s\n",
+ tsk_fprintf(stderr, "\n\tSupported index types: %s\n",
TSK_HDB_DBTYPE_SUPPORT_STR);
exit(1);
}
@@ -174,7 +173,7 @@ main(int argc, char ** argv1)
// Now that the database is open and its type is known, if running in add hashes mode (-a option)
// see if it takes updates.
- if (addHash && !hdb_info->accepts_updates()) {
+ if (addHash && !tsk_hdb_accepts_updates(hdb_info)) {
tsk_fprintf(stderr, "-a option specified, but the specified database does not allow hashes to be added\n");
usage();
}
@@ -196,6 +195,14 @@ main(int argc, char ** argv1)
usage();
}
+ if (!tsk_hdb_uses_external_indexes(hdb_info)) {
+ tsk_fprintf(stderr, "Database does not use external indexes, can't be used with '-i'\n");
+ }
+
+ if (tsk_hdb_is_idx_only(hdb_info)) {
+ tsk_fprintf(stderr, "Database is index only, can be used for look ups, but can't be used with '-i'\n");
+ }
+
if (tsk_hdb_make_index(hdb_info, idx_type)) {
tsk_error_print(stderr);
tsk_hdb_close(hdb_info);
diff --git a/tsk/base/tsk_base.h b/tsk/base/tsk_base.h
index 4220e6d3c5b8a0a23c446357d5644829a94202a4..cb0f985787e0e04bd64e4a52f569d85ddf62881f 100644
--- a/tsk/base/tsk_base.h
+++ b/tsk/base/tsk_base.h
@@ -366,7 +366,8 @@ extern "C" {
#define TSK_ERR_HDB_PROC (TSK_ERR_HDB | 9)
#define TSK_ERR_HDB_OPEN (TSK_ERR_HDB | 10)
#define TSK_ERR_HDB_CORRUPT (TSK_ERR_HDB | 11)
-#define TSK_ERR_HDB_MAX 12
+#define TSK_ERR_HDB_UNSUPFUNC (TSK_ERR_HDB | 11)
+#define TSK_ERR_HDB_MAX 13
#define TSK_ERR_AUTO_DB (TSK_ERR_AUTO | 0)
#define TSK_ERR_AUTO_CORRUPT (TSK_ERR_AUTO | 1)
diff --git a/tsk/hashdb/hdb_base.c b/tsk/hashdb/hdb_base.c
index 6e4475efd82a288c4f137abf12d13e29f0d5014f..7a0357cc7fe08c2da72c38def4c068a8e0d15936 100755
--- a/tsk/hashdb/hdb_base.c
+++ b/tsk/hashdb/hdb_base.c
@@ -17,8 +17,8 @@
/**
* \ingroup hashdblib
- * Sets hash database file name from file path.
- * @param hdb_info Struct representation of a hash database.
+ * Sets hash database name to be a file name obtained from the file path.
+ * @param hdb_info Struct representation of an open hash database.
*/
void
hdb_base_db_name_from_path(TSK_HDB_INFO *hdb_info)
@@ -58,7 +58,8 @@ hdb_base_db_name_from_path(TSK_HDB_INFO *hdb_info)
else
end = begin + TSTRLEN(begin);
- // @@@ TODO: Use TskUTF16_to_UTF8 to properly convert for Windows
+ // @@@ This only works for file names with Latin characters. It may need
+ // to be fixed some day. Leave it be for now.
for(i = 0; i < (end-begin); i++)
{
hdb_info->db_name[i] = (char) begin[i];
@@ -74,7 +75,8 @@ hdb_base_db_name_from_path(TSK_HDB_INFO *hdb_info)
* @param hdb_info Struct representation of a hash database.
* @return 0 on sucess, 1 on failure.
*/
-uint8_t hdb_info_base_open(TSK_HDB_INFO *hdb_info, const TSK_TCHAR *db_path)
+uint8_t
+hdb_info_base_open(TSK_HDB_INFO *hdb_info, const TSK_TCHAR *db_path)
{
size_t path_len = TSTRLEN(db_path);
hdb_info->db_fname = (TSK_TCHAR*)tsk_malloc((path_len + 1) * sizeof(TSK_TCHAR));
@@ -88,7 +90,7 @@ uint8_t hdb_info_base_open(TSK_HDB_INFO *hdb_info, const TSK_TCHAR *db_path)
tsk_init_lock(&hdb_info->lock);
hdb_info->get_db_path = hdb_base_get_db_path;
- hdb_info->get_db_name = hdb_base_get_db_name;
+ hdb_info->get_display_name = hdb_base_get_display_name;
hdb_info->uses_external_indexes = hdb_base_uses_external_indexes;
hdb_info->get_index_path = hdb_base_get_index_path;
hdb_info->has_index = hdb_base_has_index;
@@ -104,12 +106,17 @@ uint8_t hdb_info_base_open(TSK_HDB_INFO *hdb_info, const TSK_TCHAR *db_path)
return 0;
}
-const TSK_TCHAR *hdb_base_get_db_path(TSK_HDB_INFO *hdb_info)
+const TSK_TCHAR *
+hdb_base_get_db_path(TSK_HDB_INFO *hdb_info)
{
+ // The "base class" assumption is that the hash database is implemented
+ // as a user-accessible file (e.g., it is a SQLite database or a text-
+ // format database).
return hdb_info->db_fname;
}
-const char *hdb_base_get_db_name(TSK_HDB_INFO *hdb_info)
+const char *
+hdb_base_get_display_name(TSK_HDB_INFO *hdb_info)
{
return hdb_info->db_name;
}
@@ -117,46 +124,60 @@ const char *hdb_base_get_db_name(TSK_HDB_INFO *hdb_info)
uint8_t
hdb_base_uses_external_indexes()
{
+ // The "base class" assumption is that the hash database does not use
+ // user-accessible external index files (e.g., it is a relational
+ // database).
return 0;
}
const TSK_TCHAR*
hdb_base_get_index_path(TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype)
{
- tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG); // RJCTODO: Could use dedicated NOT_IMPL or NO_SUPPORT enum member for this sort of thing in the "base" functions
- tsk_error_set_errstr("hdb_base_get_index_path: get index path not supported for hdb_info->db_type=%u", hdb_info->db_type);
- return NULL;
+ // The "base class" assumption is that the hash database does not use
+ // user-accessible external index files (e.g., it is a relational
+ // database). It follows that the hash database path and index path are
+ // the same, assuming that the hash database is implemented
+ // as a user-accessible file (e.g., it is a SQLite database).
+ return hdb_info->db_fname;
}
uint8_t
hdb_base_has_index(TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype)
{
- return 0;
+ // The "base class" assumption is that the hash database does not use
+ // external index files (e.g., it is a relational database). It follows
+ // that the hash database has an index upon creation. This function
+ // also says that the default is that look ups for all hash algorithm
+ // types are supported.
+ return 1;
}
-uint8_t hdb_base_make_index(TSK_HDB_INFO *hdb_info, TSK_TCHAR *htype)
+uint8_t
+hdb_base_make_index(TSK_HDB_INFO *hdb_info, TSK_TCHAR *htype)
{
- tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG);
- tsk_error_set_errstr("hdb_base_make_index: operationnot supported for hdb_info->db_type=%u", hdb_info->db_type);
+ // The "base class" assumption is that the hash database does not use
+ // user-accessible external index files (e.g., it is a relational
+ // database). It follows that the hash database has an index upon creation.
+ // Make this a no-op.
return 1;
}
uint8_t
hdb_base_open_index(TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype)
{
- tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG);
- tsk_error_set_errstr("hdb_base_open_index: operation not supported for hdb_info->db_type=%u", hdb_info->db_type);
+ // The "base class" assumption is that the hash database does not use
+ // user-accessible external index files (e.g., it is a relational
+ // database). It follows that the hash database has an index upon creation
+ // and it is already "open". Make this a no-op.
return 1;
}
int8_t
hdb_base_lookup_str(TSK_HDB_INFO *hdb_info, const char *hash, TSK_HDB_FLAG_ENUM flag, TSK_HDB_LOOKUP_FN callback, void *data)
{
+ // This needs an "override" by "derived classes."
tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG);
+ tsk_error_set_errno(TSK_ERR_HDB_UNSUPFUNC);
tsk_error_set_errstr("hdb_base_lookup_str: operation not supported for hdb_info->db_type=%u", hdb_info->db_type);
return -1;
}
@@ -164,8 +185,9 @@ hdb_base_lookup_str(TSK_HDB_INFO *hdb_info, const char *hash, TSK_HDB_FLAG_ENUM
int8_t
hdb_base_lookup_bin(TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t hash_len, TSK_HDB_FLAG_ENUM flag, TSK_HDB_LOOKUP_FN callback, void *data)
{
+ // This needs an "override" by "derived classes."
tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG);
+ tsk_error_set_errno(TSK_ERR_HDB_UNSUPFUNC);
tsk_error_set_errstr("hdb_base_lookup_bin: operation not supported for hdb_info->db_type=%u", hdb_info->db_type);
return -1;
}
@@ -173,8 +195,9 @@ hdb_base_lookup_bin(TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t hash_len, TSK
int8_t
hdb_base_lookup_verbose_str(TSK_HDB_INFO *hdb_info, const char *hash, void *result)
{
+ // This needs an "override" by "derived classes."
tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG);
+ tsk_error_set_errno(TSK_ERR_HDB_UNSUPFUNC);
tsk_error_set_errstr("hdb_base_lookup_verbose_str: operation not supported for hdb_info->db_type=%u", hdb_info->db_type);
return -1;
}
@@ -182,16 +205,20 @@ hdb_base_lookup_verbose_str(TSK_HDB_INFO *hdb_info, const char *hash, void *resu
uint8_t
hdb_base_accepts_updates()
{
- return 0;
+ // The "base class" assumption is that the database accepts updates (e.g.,
+ // it is a relational database and there is an "derived class override" of
+ // hdb_base_add_entry() that does INSERTs).
+ return 1;
}
uint8_t
hdb_base_add_entry(TSK_HDB_INFO *hdb_info, const char *file_name, const char *md5, const char *sha1, const char *sha2_256, const char *comment)
{
+ // This needs an "override" by "derived classes."
tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG);
+ tsk_error_set_errno(TSK_ERR_HDB_UNSUPFUNC);
tsk_error_set_errstr("hdb_base_add_entry: operation not supported for hdb_info->db_type=%u", hdb_info->db_type);
- return 1;
+ return -1;
}
/**
diff --git a/tsk/hashdb/idxonly.c b/tsk/hashdb/idxonly.c
index dad8b3b000d9ab07ffdcbde70b26507dc9d77bac..ec57e3b08bee47111495456521e700953b0b608b 100644
--- a/tsk/hashdb/idxonly.c
+++ b/tsk/hashdb/idxonly.c
@@ -74,11 +74,20 @@ TSK_HDB_INFO *idxonly_open(const TSK_TCHAR *db_path)
hdb_info->base.db_type = TSK_HDB_DBTYPE_IDXONLY_ID;
idxonly_name(hdb_info);
+ hdb_info->base.get_db_path = idxonly_get_db_path;
hdb_info->get_entry = idxonly_getentry;
return (TSK_HDB_INFO*)hdb_info;
}
+const TSK_TCHAR *
+idxonly_get_db_path(TSK_HDB_INFO *hdb_info)
+{
+ // The database path member of the TSK_HDB_INFO is filled in, but that is
+ // just for the sake of the common index file name construction algorithm.
+ return NULL;
+}
+
uint8_t
idxonly_getentry(TSK_HDB_INFO * hdb_info, const char *hash,
TSK_OFF_T offset, TSK_HDB_FLAG_ENUM flags,
diff --git a/tsk/hashdb/sqlite_hdb.cpp b/tsk/hashdb/sqlite_hdb.cpp
index 172c8a3de9fd7f5917b3bd5ee4645a74347261ee..f5b3855752d6ee130d8202119a5dd81cb654458e 100644
--- a/tsk/hashdb/sqlite_hdb.cpp
+++ b/tsk/hashdb/sqlite_hdb.cpp
@@ -289,7 +289,6 @@ TSK_HDB_INFO *sqlite_hdb_open(TSK_TCHAR *db_path)
hdb_info->base.lookup_str = sqlite_hdb_lookup_str;
hdb_info->base.lookup_raw = sqlite_hdb_lookup_bin;
hdb_info->base.lookup_verbose_str = sqlite_hdb_lookup_verbose_str;
- hdb_info->base.accepts_updates = sqlite_hdb_accepts_updates;
hdb_info->base.add_entry = sqlite_hdb_add_entry;
hdb_info->base.close_db = sqlite_hdb_close;
@@ -400,12 +399,6 @@ sqlite_hdb_insert_value_and_id(sqlite3_stmt *stmt, const char *value, int64_t id
return ret_val;
}
-uint8_t
-sqlite_hdb_accepts_updates()
-{
- return 1;
-}
-
/**
* \ingroup hashdblib
* \internal
diff --git a/tsk/hashdb/text_fmt_hdb_base.c b/tsk/hashdb/text_fmt_hdb_base.c
index 967048c8dcb79ff577a4f94affb345dd451b75e5..bc345364e6bad1e4fc044bf55262699acc9f47b9 100755
--- a/tsk/hashdb/text_fmt_hdb_base.c
+++ b/tsk/hashdb/text_fmt_hdb_base.c
@@ -35,7 +35,8 @@ TSK_TEXT_HDB_INFO *text_hdb_open(FILE *hDb, const TSK_TCHAR *db_path)
text_hdb_info->base.open_index = text_hdb_open_idx;
text_hdb_info->base.lookup_str = text_hdb_lookup_str;
text_hdb_info->base.lookup_raw = text_hdb_lookup_bin;
- text_hdb_info->base.close_db = text_db_close;
+ text_hdb_info->base.accepts_updates = text_hdb_accepts_updates;
+ text_hdb_info->base.close_db = text_hdb_close;
// The database type and function pointers will need to be set
// by the "derived class" caller these things vary by database type.
@@ -1109,8 +1110,14 @@ text_hdb_lookup_bin(TSK_HDB_INFO * hdb_info, uint8_t * hash, uint8_t len,
return tsk_hdb_lookup_str(hdb_info, hashbuf, flags, action, ptr);
}
+uint8_t
+text_hdb_accepts_updates()
+{
+ return 0;
+}
+
void
-text_db_close(TSK_HDB_INFO *hdb_info_base)
+text_hdb_close(TSK_HDB_INFO *hdb_info_base)
{
TSK_TEXT_HDB_INFO *hdb_info = (TSK_TEXT_HDB_INFO*)hdb_info_base;
diff --git a/tsk/hashdb/tsk_hashdb.c b/tsk/hashdb/tsk_hashdb.c
index ea1d8e43067e2fa9a74bfba4c9cc8e53fb06b3a6..f40d227f1e08a7f9a46bc7195df56679adec9c3d 100644
--- a/tsk/hashdb/tsk_hashdb.c
+++ b/tsk/hashdb/tsk_hashdb.c
@@ -240,7 +240,8 @@ tsk_hdb_open(TSK_TCHAR *file_path, TSK_HDB_OPEN_ENUM flags)
return hdb_info;
}
-const TSK_TCHAR *tsk_hdb_get_db_path(TSK_HDB_INFO * hdb_info) // RJCTODO: Add db to name
+const TSK_TCHAR *
+tsk_hdb_get_db_path(TSK_HDB_INFO * hdb_info)
{
if (!hdb_info) {
tsk_error_reset();
@@ -252,19 +253,34 @@ const TSK_TCHAR *tsk_hdb_get_db_path(TSK_HDB_INFO * hdb_info) // RJCTODO: Add db
return hdb_info->get_db_path(hdb_info);
}
-const char *tsk_hdb_get_name(TSK_HDB_INFO * hdb_info) // RJCTODO: Add db to name
+const char *
+tsk_hdb_get_display_name(TSK_HDB_INFO * hdb_info)
{
if (!hdb_info) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_HDB_ARG);
- tsk_error_set_errstr("tsk_hdb_get_db_name: NULL hdb_info");
+ tsk_error_set_errstr("tsk_hdb_get_display_name: NULL hdb_info");
return 0;
}
- return hdb_info->get_db_name(hdb_info);
+ return hdb_info->get_display_name(hdb_info);
}
-const TSK_TCHAR *tsk_hdb_get_idx_path(TSK_HDB_INFO * hdb_info, TSK_HDB_HTYPE_ENUM htype)
+uint8_t
+tsk_hdb_uses_external_indexes(TSK_HDB_INFO *hdb_info)
+{
+ if (!hdb_info) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_HDB_ARG);
+ tsk_error_set_errstr("tsk_hdb_get_display_name: NULL hdb_info");
+ return 0;
+ }
+
+ return hdb_info->uses_external_indexes();
+}
+
+const TSK_TCHAR *
+tsk_hdb_get_idx_path(TSK_HDB_INFO * hdb_info, TSK_HDB_HTYPE_ENUM htype)
{
if (!hdb_info) {
tsk_error_reset();
@@ -276,6 +292,18 @@ const TSK_TCHAR *tsk_hdb_get_idx_path(TSK_HDB_INFO * hdb_info, TSK_HDB_HTYPE_ENU
return hdb_info->get_index_path(hdb_info, htype);
}
+uint8_t tsk_hdb_open_idx(TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype)
+{
+ if (!hdb_info) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_HDB_ARG);
+ tsk_error_set_errstr("tsk_hdb_open_idx: NULL hdb_info");
+ return 0;
+ }
+
+ return hdb_info->open_index(hdb_info, htype);
+}
+
/**
* \ingroup hashdblib
* Determine if the open hash database has an index.
@@ -337,8 +365,6 @@ tsk_hdb_make_index(TSK_HDB_INFO *hdb_info, TSK_TCHAR *type)
return 1;
}
- // RJCTODO: Can the translation of type from string to enum happen right here?
-
return hdb_info->make_index(hdb_info, type);
}
@@ -368,7 +394,7 @@ tsk_hdb_lookup_str(TSK_HDB_INFO *hdb_info, const char *hash,
return -1;
}
- // Validate the length of the hash string and use the lenght to determine
+ // Validate the length of the hash string and use the length to determine
// the hash type.
if (strlen(hash) == TSK_HDB_HTYPE_MD5_LEN) {
htype = TSK_HDB_HTYPE_MD5_ID;
@@ -383,12 +409,8 @@ tsk_hdb_lookup_str(TSK_HDB_INFO *hdb_info, const char *hash,
return -1;
}
- // If the hash database uses external indexes, try to open the index for
- // the hash type identified above.
- if (hdb_info->uses_external_indexes()) {
- if (hdb_info->open_index(hdb_info, htype)) {
- return -1;
- }
+ if (hdb_info->open_index(hdb_info, htype)) {
+ return -1;
}
return hdb_info->lookup_str(hdb_info, hash, flags, action, ptr);
@@ -443,19 +465,6 @@ tsk_hdb_lookup_raw(TSK_HDB_INFO * hdb_info, uint8_t * hash, uint8_t len,
return hdb_info->lookup_raw(hdb_info, hash, len, flags, action, ptr);
}
-
-uint8_t
-tsk_hdb_has_verbose_lookup(TSK_HDB_INFO *hdb_info)
-{
- if (!hdb_info) {
- tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_ARG);
- tsk_error_set_errstr("tsk_hdb_has_verbose_lookup: NULL hdb_info");
- return 0;
- }
-
- return hdb_info->has_verbose_lookup(hdb_info);
-}
int8_t
tsk_hdb_lookup_verbose_str(TSK_HDB_INFO *hdb_info, const char *hash, void *result)
@@ -481,15 +490,19 @@ tsk_hdb_lookup_verbose_str(TSK_HDB_INFO *hdb_info, const char *hash, void *resul
return -1;
}
- if (hdb_info->has_verbose_lookup(hdb_info)) {
- return hdb_info->lookup_verbose_str(hdb_info, hash, result);
- }
- else {
+ return hdb_info->lookup_verbose_str(hdb_info, hash, result);
+}
+
+uint8_t tsk_hdb_accepts_updates(TSK_HDB_INFO *hdb_info)
+{
+ if (!hdb_info) {
tsk_error_reset();
- tsk_error_set_errno(TSK_ERR_HDB_PROC);
- tsk_error_set_errstr("tsk_hdb_lookup_verbose_str: operation not supported for this database type (=%u)", hdb_info->db_type);
+ tsk_error_set_errno(TSK_ERR_HDB_ARG);
+ tsk_error_set_errstr("tsk_hdb_accepts_updates: NULL hdb_info");
return -1;
}
+
+ return hdb_info->accepts_updates();
}
/**
diff --git a/tsk/hashdb/tsk_hashdb.h b/tsk/hashdb/tsk_hashdb.h
index aba1038067cb1ccaef38b818ea1bea49cbbedd5d..d92cc80e8d5b6ca6350a82bda937e2f0f5841e95 100644
--- a/tsk/hashdb/tsk_hashdb.h
+++ b/tsk/hashdb/tsk_hashdb.h
@@ -87,7 +87,7 @@ extern "C" {
typedef enum TSK_HDB_DBTYPE_ENUM TSK_HDB_DBTYPE_ENUM;
/**
- * String versions of DB types // RJCTODO: These are doing a sort of awkward double-duty?
+ * String versions of DB types
*/
#define TSK_HDB_DBTYPE_NSRL_STR "nsrl" ///< NSRL database
#define TSK_HDB_DBTYPE_NSRL_MD5_STR "nsrl-md5" ///< NSRL database with MD5 index
@@ -96,7 +96,7 @@ extern "C" {
#define TSK_HDB_DBTYPE_HK_STR "hk" ///< Hash Keeper
#define TSK_HDB_DBTYPE_ENCASE_STR "encase" ///< EnCase
- /// List of supported hash database types // RJCTODO: These appear to be index types for hfind, in which case SQLite needs to be removed...
+ /// List of supported hash database types with external indexes; essentially index types.
#define TSK_HDB_DBTYPE_SUPPORT_STR "nsrl-md5, nsrl-sha1, md5sum, encase, hk"
#define TSK_HDB_NAME_MAXLEN 512 //< Max length for database name
@@ -118,7 +118,7 @@ extern "C" {
TSK_HDB_DBTYPE_ENUM db_type; ///< Type of database
tsk_lock_t lock; ///< Lock for lazy loading and idx_lbuf
const TSK_TCHAR*(*get_db_path)(TSK_HDB_INFO*);
- const char*(*get_db_name)(TSK_HDB_INFO*);
+ const char*(*get_display_name)(TSK_HDB_INFO*);
uint8_t(*uses_external_indexes)();
const TSK_TCHAR*(*get_index_path)(TSK_HDB_INFO*, TSK_HDB_HTYPE_ENUM);
uint8_t(*has_index)(TSK_HDB_INFO*, TSK_HDB_HTYPE_ENUM);
@@ -126,7 +126,6 @@ extern "C" {
uint8_t(*open_index)(TSK_HDB_INFO*, TSK_HDB_HTYPE_ENUM);
int8_t(*lookup_str)(TSK_HDB_INFO*, const char*, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void*);
int8_t(*lookup_raw)(TSK_HDB_INFO*, uint8_t *, uint8_t, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void*);
- uint8_t(*has_verbose_lookup)(TSK_HDB_INFO*);
int8_t(*lookup_verbose_str)(TSK_HDB_INFO *, const char *, void *);
uint8_t(*accepts_updates)();
uint8_t(*add_entry)(TSK_HDB_INFO*, const char*, const char*, const char*, const char*, const char *);
@@ -173,17 +172,19 @@ extern "C" {
extern uint8_t tsk_hdb_create(TSK_TCHAR *);
extern TSK_HDB_INFO *tsk_hdb_open(TSK_TCHAR *, TSK_HDB_OPEN_ENUM);
extern const TSK_TCHAR *tsk_hdb_get_db_path(TSK_HDB_INFO * hdb_info);
- extern const char *tsk_hdb_get_name(TSK_HDB_INFO * hdb_info);
- extern uint8_t tsk_hdb_has_idx(TSK_HDB_INFO * hdb_info, TSK_HDB_HTYPE_ENUM);
+ extern const char *tsk_hdb_get_display_name(TSK_HDB_INFO * hdb_info);
extern uint8_t tsk_hdb_is_idx_only(TSK_HDB_INFO *);
+ extern uint8_t tsk_hdb_uses_external_indexes(TSK_HDB_INFO *);
+ extern uint8_t tsk_hdb_has_idx(TSK_HDB_INFO * hdb_info, TSK_HDB_HTYPE_ENUM);
extern uint8_t tsk_hdb_make_index(TSK_HDB_INFO *, TSK_TCHAR *);
extern const TSK_TCHAR *tsk_hdb_get_idx_path(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
+ extern uint8_t tsk_hdb_open_idx(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
extern int8_t tsk_hdb_lookup_str(TSK_HDB_INFO *, const char *,
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
extern int8_t tsk_hdb_lookup_raw(TSK_HDB_INFO *, uint8_t *, uint8_t,
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
- extern uint8_t tsk_hdb_has_verbose_lookup(TSK_HDB_INFO *);
extern int8_t tsk_hdb_lookup_verbose_str(TSK_HDB_INFO *, const char *, void *);
+ extern uint8_t tsk_hdb_accepts_updates(TSK_HDB_INFO *);
extern int8_t tsk_hdb_add_entry(TSK_HDB_INFO *, const char*, const char*,
const char*, const char*, const char*);
extern void tsk_hdb_close(TSK_HDB_INFO *);
diff --git a/tsk/hashdb/tsk_hashdb_i.h b/tsk/hashdb/tsk_hashdb_i.h
index d507dc17756fcd32055c4d468af841d0f610cdae..ef5333f2b7c29d9e8bb82d0ebb45236bf85e8ec3 100644
--- a/tsk/hashdb/tsk_hashdb_i.h
+++ b/tsk/hashdb/tsk_hashdb_i.h
@@ -55,41 +55,42 @@ extern "C" {
#define TSK_HDB_IDX_HEAD_NAME_STR "00000000000000000000000000000000000000001"
// "Base" hash database functions.
- extern void hdb_base_db_name_from_path(TSK_HDB_INFO *hdb_info);
+ extern void hdb_base_db_name_from_path(TSK_HDB_INFO *);
extern uint8_t hdb_info_base_open(TSK_HDB_INFO *, const TSK_TCHAR *);
extern const TSK_TCHAR *hdb_base_get_db_path(TSK_HDB_INFO *);
- extern const char *hdb_base_get_db_name(TSK_HDB_INFO *);
+ extern const char *hdb_base_get_display_name(TSK_HDB_INFO *);
extern uint8_t hdb_base_uses_external_indexes();
extern const TSK_TCHAR *hdb_base_get_index_path(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
- extern uint8_t hdb_base_has_index(TSK_HDB_INFO*, TSK_HDB_HTYPE_ENUM);
+ extern uint8_t hdb_base_has_index(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
extern uint8_t hdb_base_make_index(TSK_HDB_INFO *, TSK_TCHAR *);
extern uint8_t hdb_base_open_index(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
- extern int8_t hdb_base_lookup_str(TSK_HDB_INFO*, const char*, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void*);
- extern int8_t hdb_base_lookup_bin(TSK_HDB_INFO*, uint8_t *, uint8_t, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void*);
+ extern int8_t hdb_base_lookup_str(TSK_HDB_INFO *, const char *, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
+ extern int8_t hdb_base_lookup_bin(TSK_HDB_INFO *, uint8_t *, uint8_t, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
extern int8_t hdb_base_lookup_verbose_str(TSK_HDB_INFO *, const char *, void *);
extern uint8_t hdb_base_accepts_updates();
- extern uint8_t hdb_base_add_entry(TSK_HDB_INFO*, const char*, const char*, const char*, const char*, const char *);
+ extern uint8_t hdb_base_add_entry(TSK_HDB_INFO *, const char *, const char *, const char *, const char *, const char *);
extern void hdb_info_base_close(TSK_HDB_INFO *);
// Hash database functions common to all text format hash databases
// (NSRL, md5sum, EnCase, HashKeeper, index only). These databases have
// external indexes.
- extern TSK_TEXT_HDB_INFO *text_hdb_open(FILE *hDb, const TSK_TCHAR *db_path);
+ extern TSK_TEXT_HDB_INFO *text_hdb_open(FILE *, const TSK_TCHAR *);
extern uint8_t text_hdb_uses_external_indexes();
extern const TSK_TCHAR *text_hdb_get_index_path(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
extern uint8_t text_hdb_has_index(TSK_HDB_INFO*, TSK_HDB_HTYPE_ENUM);
- extern uint8_t text_hdb_open_idx(TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype);
+ extern uint8_t text_hdb_open_idx(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
extern uint8_t text_hdb_idx_initialize(TSK_TEXT_HDB_INFO *, TSK_TCHAR *);
extern uint8_t text_hdb_idx_add_entry_str(TSK_TEXT_HDB_INFO *, char *, TSK_OFF_T);
- extern uint8_t text_hdb_idx_add_entry_bin(TSK_TEXT_HDB_INFO *hdb_info,
- unsigned char *hvalue, int hlen, TSK_OFF_T offset);
+ extern uint8_t text_hdb_idx_add_entry_bin(TSK_TEXT_HDB_INFO *,
+ unsigned char *, int, TSK_OFF_T);
extern uint8_t text_hdb_idx_finalize(TSK_TEXT_HDB_INFO *);
extern int8_t text_hdb_lookup_str(TSK_HDB_INFO *, const char *,
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
extern int8_t text_hdb_lookup_bin(TSK_HDB_INFO *, uint8_t *,
uint8_t, TSK_HDB_FLAG_ENUM,
TSK_HDB_LOOKUP_FN, void *);
- extern void text_db_close(TSK_HDB_INFO *) ;
+ extern uint8_t text_hdb_accepts_updates();
+ extern void text_hdb_close(TSK_HDB_INFO *) ;
// Hash database functions for NSRL hash databases.
extern uint8_t nsrl_test(FILE *);
@@ -126,6 +127,7 @@ extern "C" {
// Hash database functions for external index files standing in for the
// original hash databases.
extern TSK_HDB_INFO *idxonly_open(const TSK_TCHAR *);
+ extern const TSK_TCHAR *idxonly_get_db_path(TSK_HDB_INFO *);
extern uint8_t idxonly_makeindex(TSK_HDB_INFO *, TSK_TCHAR *);
extern uint8_t idxonly_getentry(TSK_HDB_INFO *, const char *,
TSK_OFF_T, TSK_HDB_FLAG_ENUM,
@@ -139,7 +141,6 @@ extern "C" {
extern int8_t sqlite_hdb_lookup_bin(TSK_HDB_INFO *, uint8_t *, uint8_t, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
extern int8_t sqlite_hdb_lookup_verbose_str(TSK_HDB_INFO *, const char *, void *);
extern int8_t sqlite_hdb_lookup_verbose_bin(TSK_HDB_INFO *, uint8_t *, uint8_t, void *);
- extern uint8_t sqlite_hdb_accepts_updates();
extern uint8_t sqlite_hdb_add_entry(TSK_HDB_INFO *, const char *,
const char *, const char *, const char *, const char *);
extern void sqlite_hdb_close(TSK_HDB_INFO *);
diff --git a/win32/libtsk/libtsk.vcxproj.filters b/win32/libtsk/libtsk.vcxproj.filters
index 7649323ce675592a24f5ff9806db08bbb77936b2..e1612758bdd5e59be681d34703a1018783b899f2 100755
--- a/win32/libtsk/libtsk.vcxproj.filters
+++ b/win32/libtsk/libtsk.vcxproj.filters
@@ -256,9 +256,6 @@
<ClCompile Include="..\..\tsk\hashdb\hashkeeper.c">
<Filter>hash</Filter>
</ClCompile>
- <ClCompile Include="..\..\tsk\hashdb\encase.c">
- <Filter>hash</Filter>
- </ClCompile>
<ClCompile Include="..\..\tsk\hashdb\idxonly.c">
<Filter>hash</Filter>
</ClCompile>
@@ -280,6 +277,9 @@
<ClCompile Include="..\..\tsk\hashdb\tsk_hashdb.c">
<Filter>hash</Filter>
</ClCompile>
+ <ClCompile Include="..\..\tsk\hashdb\encase.c">
+ <Filter>hash</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\tsk\vs\tsk_bsd.h">