diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.cpp b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
index 51c20ab84a70c72a5fee69b06176e6d9e74cce05..47c7303e06007839e2b652995030fcb395292da5 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.cpp
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
@@ -274,7 +274,7 @@ JNIEXPORT jint JNICALL
TSK_TCHAR pathT[1024];
toTCHAR(env, pathT, 1024, pathJ);
- TSK_HDB_OPEN_ENUM flags = TSK_HDB_OPEN_IDXONLY;
+ TSK_HDB_OPEN_ENUM flags = TSK_HDB_OPEN_TRY;
TSK_HDB_INFO * tempdb = tsk_hdb_open(pathT, flags);
if(tempdb == NULL)
@@ -302,7 +302,7 @@ JNIEXPORT jint JNICALL
TSK_TCHAR pathT[1024];
toTCHAR(env, pathT, 1024, pathJ);
- TSK_HDB_OPEN_ENUM flags = TSK_HDB_OPEN_IDXONLY;
+ TSK_HDB_OPEN_ENUM flags = TSK_HDB_OPEN_TRY;
TSK_HDB_INFO * temp = tsk_hdb_open(pathT, flags);
if(temp == NULL)
@@ -415,14 +415,39 @@ JNIEXPORT jboolean JNICALL
return retval;
}
+/*
+ * Test for index only (no original Db file) legacy (IDX format).
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param dbHandle Which DB.
+ * @return true if index only AND is legacy
+ */
+JNIEXPORT jboolean JNICALL
+ Java_org_sleuthkit_datamodel_SleuthkitJNI_isIdxOnlyHashDbNat(JNIEnv * env,
+ jclass obj, jint dbHandle)
+{
+ bool retval = false;
+
+ if((size_t) dbHandle > m_knownbads.size()) {
+ setThrowTskCoreError(env, "Invalid database handle");
+ } else {
+ TSK_HDB_INFO * db = m_knownbads.at(dbHandle-1);
+
+ if(db != NULL) {
+ retval = (tsk_hdb_is_idxonly(db) == 1) ? true : false;
+ }
+ }
+ return retval;
+}
+
/*
* Get the name of the database pointed to by path
* @param env pointer to java environment this was called from
* @param obj the java object this was called from
- * @param pathJ the path to the database
+ * @param pathJ the path to the database (expects the actual database path, not an index path)
*/
JNIEXPORT jstring JNICALL
- Java_org_sleuthkit_datamodel_SleuthkitJNI_getDbName(JNIEnv * env,
+ Java_org_sleuthkit_datamodel_SleuthkitJNI_getDbNameByPath(JNIEnv * env,
jclass obj, jstring pathJ) {
TSK_HDB_OPEN_ENUM flags;
@@ -449,6 +474,30 @@ JNIEXPORT jstring JNICALL
return jname;
}
+/*
+ * Get the name of the database pointed to by path
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param dbHandle Which DB.
+ */
+JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_getDbName
+ (JNIEnv * env, jclass obj, jint dbHandle)
+{
+ if((size_t) dbHandle > m_knownbads.size()) {
+ setThrowTskCoreError(env, "Invalid database handle");
+ return env->NewStringUTF("-1");
+ } else {
+ TSK_HDB_INFO * temp = m_knownbads.at(dbHandle-1);
+ if (temp == NULL) {
+ setThrowTskCoreError(env, "Error: database object is null");
+ return env->NewStringUTF("-1");
+ }
+
+
+ jstring jname = env->NewStringUTF(temp->db_name);
+ return jname;
+ }
+}
JNIEXPORT void JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_closeDbLookupsNat(JNIEnv * env,
@@ -1493,7 +1542,7 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_createLookupIndexNat (JNIEnv * env,
} else {
TSK_HDB_INFO * temp = m_knownbads.at(dbHandle-1);
if (temp == NULL) {
- setThrowTskCoreError(env, "Error opening database to create index");
+ setThrowTskCoreError(env, "Error: database object is null");
return;
}
@@ -1516,7 +1565,6 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_createLookupIndexNat (JNIEnv * env,
setThrowTskCoreError(env, "Error creating index");
}
- tsk_hdb_close(temp);
return;
}
}
@@ -1559,7 +1607,6 @@ JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_lookupIndex
uint8_t retval = tsk_hdb_hasindex(temp, TSK_HDB_HTYPE_MD5_ID);
- tsk_hdb_close(temp);
return (jboolean) retval == 1;
}
}
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.h b/bindings/java/jni/dataModel_SleuthkitJNI.h
index 2cfae3cd7c3385c3de5d1c51d88c5f40e7acb114..e8a7dc7009677df8dc1770da825997988d830f37 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.h
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.h
@@ -93,14 +93,28 @@ JNIEXPORT jboolean JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_isUpdateableDbKnownBadNat(JNIEnv * env,
jclass obj, jint dbHandle);
+
+JNIEXPORT jboolean JNICALL
+ Java_org_sleuthkit_datamodel_SleuthkitJNI_isIdxOnlyHashDbNat(JNIEnv * env,
+ jclass obj, jint dbHandle);
+
+
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
* Method: getDbName
* Signature: (Ljava/lang/String;)Ljava/lang/String;
*/
-JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_getDbName
+JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_getDbNameByPath
(JNIEnv *, jclass, jstring);
+/*
+ * Class: org_sleuthkit_datamodel_SleuthkitJNI
+ * Method: getHashDbName
+ * Signature:
+ */
+JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_getDbName
+ (JNIEnv *, jclass, jint dbHandle);
+
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
* Method: closeDbLookupsNat
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index bd72353594018f0d274cf1642ed8d91833738a0b..ef91dc53db0776af21eb059ad6a48aded4f93e23 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -60,7 +60,9 @@ public class SleuthkitJNI {
private static native boolean isUpdateableDbKnownBadNat(int dbHandle);
- private static native String getDbName(String hashDbPath) throws TskCoreException;
+ private static native String getDbNameByPath(String hashDbPath) throws TskCoreException;
+
+ private static native String getDbName(int dbHandle) throws TskCoreException;
private static native void closeDbLookupsNat() throws TskCoreException;
@@ -121,7 +123,7 @@ public class SleuthkitJNI {
private static native boolean lookupIndexExistsNat(int dbHandle) throws TskCoreException;
-
+ private static native boolean isIdxOnlyHashDbNat(int dbHandle) throws TskCoreException;
//util functions
private static native long findDeviceSizeNat(String devicePath) throws TskCoreException;
@@ -644,7 +646,7 @@ public static boolean lookupIndexExists(String dbPath) throws TskCoreException {
* @return true if index exists
* @throws TskCoreException if a critical error occurs within TSK core
*/
- public static boolean lookupIndexForHashDatabaseExists(int dbHandle) throws TskCoreException {
+ public static boolean hashDatabaseHasLookupIndex(int dbHandle) throws TskCoreException {
return lookupIndexExistsNat(dbHandle);
}
@@ -714,10 +716,24 @@ public static void closeHashDatabases() throws TskCoreException {
* @throws TskCoreException if a critical error occurs within TSK core
*/
// BC: Used by HasDBAddDatabaseDialog an HashDBXML
+ //use getHashDatabaseName instead
+ @Deprecated
public static String getDatabaseName(String path) throws TskCoreException {
- return getDbName(path);
+ return getDbNameByPath(path);
}
+
+ /**
+ * Get the name of the database
+ *
+ * @param dbHandle previously opened hash db handle
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static String getHashDatabaseName(int dbHandle) throws TskCoreException {
+ return getDbName(dbHandle);
+ }
+
+
/**
* Look up the given hash in the NSRL database
*
@@ -729,10 +745,10 @@ public static String getDatabaseName(String path) throws TskCoreException {
// use lookupNSRLDatabase instead
@Deprecated
public static TskData.FileKnown nsrlHashLookup(String hash) throws TskCoreException {
- return lookupNSRLDatabase(hash);
+ return lookupInNSRLDatabase(hash);
}
- public static TskData.FileKnown lookupNSRLDatabase(String hash) throws TskCoreException {
+ public static TskData.FileKnown lookupInNSRLDatabase(String hash) throws TskCoreException {
return TskData.FileKnown.valueOf((byte) nsrlDbLookup(hash));
}
@@ -745,13 +761,13 @@ public static TskData.FileKnown lookupNSRLDatabase(String hash) throws TskCoreEx
* @throws TskCoreException if a critical error occurs within TSK core
*/
// BC: Called by SleuthkitCase -> Deprecated
- // use lookupHashDatabse instead
+ // use lookupInHashDatabase instead
@Deprecated
public static TskData.FileKnown knownBadHashLookup(String hash, int dbHandle) throws TskCoreException {
- return lookupHashDatabase(hash, dbHandle);
+ return lookupInHashDatabase(hash, dbHandle);
}
- public static TskData.FileKnown lookupHashDatabase(String hash, int dbHandle) throws TskCoreException {
+ public static TskData.FileKnown lookupInHashDatabase(String hash, int dbHandle) throws TskCoreException {
return TskData.FileKnown.valueOf((byte) knownBadDbLookup(hash, dbHandle));
}
@@ -773,6 +789,10 @@ public static boolean isUpdateableHashDatabase(int dbHandle) throws TskCoreExcep
return isUpdateableDbKnownBadNat(dbHandle);
}
+ public boolean hashDatabaseHasLegacyLookupIndexOnly(int dbHandle) throws TskCoreException {
+ return isIdxOnlyHashDbNat(dbHandle);
+ }
+
/**
* Get the size of the index of the given database
*
diff --git a/tsk/hashdb/binsrch_index.c b/tsk/hashdb/binsrch_index.c
index 59b0874b987c68ac1b3b5fc7dfb102747a1d3420..24f618037f20c0bc07458114120207f79d23071e 100644
--- a/tsk/hashdb/binsrch_index.c
+++ b/tsk/hashdb/binsrch_index.c
@@ -686,7 +686,7 @@ binsrch_lookup_raw(TSK_HDB_INFO * hdb_info, uint8_t * hash, uint8_t len,
}
int8_t
-binsrch_get_updateable(TSK_HDB_INFO * hdb_info)
+binsrch_get_properties(TSK_HDB_INFO * hdb_info)
{
// Always false
hdb_info->idx_info->updateable = 0;
diff --git a/tsk/hashdb/hdb_index.cpp b/tsk/hashdb/hdb_index.cpp
index 9372fad9155df49bdb667bce294c6189921e51b7..6827c1223a5549504f6ef388f219c064249bd318 100644
--- a/tsk/hashdb/hdb_index.cpp
+++ b/tsk/hashdb/hdb_index.cpp
@@ -161,18 +161,37 @@ tsk_idx_open(TSK_HDB_INFO * hdb_info, uint8_t htype, uint8_t create)
// Try opening an old format index file
- // Change the filename to the old format
- switch (htype) {
- case TSK_HDB_HTYPE_MD5_ID:
- TSNPRINTF(idx_info->idx_fname, flen,
- _TSK_T("%s-%") PRIcTSK _TSK_T(".idx"),
- hdb_info->db_fname, TSK_HDB_HTYPE_MD5_STR);
- break;
- case TSK_HDB_HTYPE_SHA1_ID:
- TSNPRINTF(idx_info->idx_fname, flen,
- _TSK_T("%s-%") PRIcTSK _TSK_T(".idx"),
- hdb_info->db_fname, TSK_HDB_HTYPE_SHA1_STR);
- break;
+ // Clear index filename
+ free(idx_info->idx_fname);
+ idx_info->idx_fname = (TSK_TCHAR *) tsk_malloc(flen * sizeof(TSK_TCHAR));
+ if (idx_info->idx_fname == NULL) {
+ free(idx_info);
+ // @@@ ERROR INFO NEEDED
+ return NULL;
+ }
+
+ // Check if it already has an .idx extension
+ TSK_TCHAR * c;
+ c = TSTRRCHR(hdb_info->db_fname, _TSK_T('.'));
+ if ((c != NULL) && (TSTRLEN(c) >= 4)
+ && (TSTRCMP(c, _TSK_T(".idx")) == 0)) {
+
+ // Use given db filename as the index filename
+ TSTRNCPY(idx_info->idx_fname, hdb_info->db_fname, TSTRLEN(hdb_info->db_fname));
+ } else {
+ // Change the filename to the old format
+ switch (htype) {
+ case TSK_HDB_HTYPE_MD5_ID:
+ TSNPRINTF(idx_info->idx_fname, flen,
+ _TSK_T("%s-%") PRIcTSK _TSK_T(".idx"),
+ hdb_info->db_fname, TSK_HDB_HTYPE_MD5_STR);
+ break;
+ case TSK_HDB_HTYPE_SHA1_ID:
+ TSNPRINTF(idx_info->idx_fname, flen,
+ _TSK_T("%s-%") PRIcTSK _TSK_T(".idx"),
+ hdb_info->db_fname, TSK_HDB_HTYPE_SHA1_STR);
+ break;
+ }
}
idx = tsk_idx_open_file(idx_info->idx_fname);
@@ -205,7 +224,7 @@ tsk_idx_open(TSK_HDB_INFO * hdb_info, uint8_t htype, uint8_t create)
idx_info->finalize = binsrch_finalize;
idx_info->lookup_str = binsrch_lookup_str;
idx_info->lookup_raw = binsrch_lookup_raw;
- idx_info->get_updateable = binsrch_get_updateable;
+ idx_info->get_properties = binsrch_get_properties;
}
else {
tsk_error_reset();
@@ -249,7 +268,7 @@ tsk_idx_open(TSK_HDB_INFO * hdb_info, uint8_t htype, uint8_t create)
idx_info->finalize = sqlite_v1_finalize;
idx_info->lookup_str = sqlite_v1_lookup_str;
idx_info->lookup_raw = sqlite_v1_lookup_raw;
- idx_info->get_updateable = sqlite_v1_get_updateable;
+ idx_info->get_properties = sqlite_v1_get_properties;
}
tsk_idx_close_file(idx);
@@ -259,7 +278,7 @@ tsk_idx_open(TSK_HDB_INFO * hdb_info, uint8_t htype, uint8_t create)
if (create == 1) {
idx_info->updateable = 1;
} else {
- idx_info->get_updateable(hdb_info);
+ idx_info->get_properties(hdb_info);
}
return idx_info;
@@ -471,7 +490,24 @@ tsk_hdb_hasindex(TSK_HDB_INFO * hdb_info, uint8_t htype)
}
}
-
+/**
+ * \ingroup hashdblib
+ * Test for index only (legacy)
+ * Assumes that the db was opened using the TSK_HDB_OPEN_TRY option.
+ *
+ * @param hdb_info Hash database to consider
+ *
+ * @return 1 if there is only a legacy index AND no db, 0 otherwise
+ */
+uint8_t
+tsk_hdb_is_idxonly(TSK_HDB_INFO * hdb_info)
+{
+ if (hdb_info->db_type == TSK_HDB_DBTYPE_IDXONLY_ID) {
+ return (hdb_info->idx_info->index_type == TSK_HDB_ITYPE_BINSRCH) ? 1 : 0;
+ } else {
+ return 0;
+ }
+}
/**
* \ingroup hashdblib
diff --git a/tsk/hashdb/hdb_open.cpp b/tsk/hashdb/hdb_open.cpp
index 5c90dd19c45d38b349c729e01254e693ea8450b0..7c86ae748cab6acd9e5989abc96e0cc6bf92fb1c 100644
--- a/tsk/hashdb/hdb_open.cpp
+++ b/tsk/hashdb/hdb_open.cpp
@@ -35,6 +35,19 @@ tsk_hdb_open(TSK_TCHAR * db_file, TSK_HDB_OPEN_ENUM flags)
FILE *hDb;
uint8_t dbtype = 0;
+ if (flags == TSK_HDB_OPEN_TRY) {
+ TSK_HDB_OPEN_ENUM tryflag = TSK_HDB_OPEN_NONE;
+
+ if ((hdb_info = tsk_hdb_open(db_file, tryflag)) != NULL) {
+ // success (and there is a src db file existent)
+ return hdb_info;
+ } else {
+ // if null then maybe it's IDX only
+ flags = TSK_HDB_OPEN_IDXONLY;
+ // continue this function in IDXONLY mode
+ }
+ }
+
if ((flags & TSK_HDB_OPEN_IDXONLY) == 0) {
/* Open the database file */
#ifdef TSK_WIN32
@@ -141,8 +154,8 @@ tsk_hdb_open(TSK_TCHAR * db_file, TSK_HDB_OPEN_ENUM flags)
free(hdb_info);
return NULL;
}
- TSTRNCPY(hdb_info->db_fname, db_file, flen);
+ TSTRNCPY(hdb_info->db_fname, db_file, flen);
hdb_info->hash_type = static_cast<TSK_HDB_HTYPE_ENUM>(0);
hdb_info->hash_len = 0;
@@ -185,6 +198,7 @@ tsk_hdb_open(TSK_TCHAR * db_file, TSK_HDB_OPEN_ENUM flags)
break;
default:
+ free(hdb_info);
return NULL;
}
diff --git a/tsk/hashdb/sqlite_index.cpp b/tsk/hashdb/sqlite_index.cpp
index b48139b106a037c72dd649526473e3a3377845fb..7652a38cc37ae25d303f70983379bf066f0799f5 100644
--- a/tsk/hashdb/sqlite_index.cpp
+++ b/tsk/hashdb/sqlite_index.cpp
@@ -26,7 +26,7 @@ static bool need_SQL_index = false;
/**
* Prototypes
*/
-int8_t sqlite_v1_get_updateable(TSK_HDB_INFO * hdb_info);
+int8_t sqlite_v1_get_properties(TSK_HDB_INFO * hdb_info);
static int attempt(int resultCode, int expectedResultCode,
@@ -501,7 +501,7 @@ sqlite_v1_lookup_raw(TSK_HDB_INFO * hdb_info, uint8_t * hash, uint8_t len,
* @return -1 on error, 0 on success.
*/
int8_t
-sqlite_v1_get_updateable(TSK_HDB_INFO * hdb_info)
+sqlite_v1_get_properties(TSK_HDB_INFO * hdb_info)
{
int8_t ret = 0;
sqlite3_stmt* stmt = NULL;
@@ -516,7 +516,7 @@ sqlite_v1_get_updateable(TSK_HDB_INFO * hdb_info)
const char* value = (const char *)sqlite3_column_text(stmt, 0);
if (value == NULL) {
- tsk_error_set_errstr2("sqlite_v1_get_updateable: null value");
+ tsk_error_set_errstr2("sqlite_v1_get_properties: null value");
ret = -1;
} else {
// Set the updateable flag
@@ -525,7 +525,7 @@ sqlite_v1_get_updateable(TSK_HDB_INFO * hdb_info)
}
}
} else {
- tsk_error_set_errstr2("sqlite_v1_get_updateable");
+ tsk_error_set_errstr2("sqlite_v1_get_properties");
ret = -1;
}
@@ -535,6 +535,9 @@ sqlite_v1_get_updateable(TSK_HDB_INFO * hdb_info)
finalize_stmt(stmt);
}
+
+ ///@todo load db name property as well?
+
tsk_release_lock(&hdb_info->lock);
return ret;
diff --git a/tsk/hashdb/tsk_hashdb.h b/tsk/hashdb/tsk_hashdb.h
index 0d33a672d27488668df1cd8e7065dfd7c59a8575..e3059edd117909d9ed6492a7d3974900d2e00756 100644
--- a/tsk/hashdb/tsk_hashdb.h
+++ b/tsk/hashdb/tsk_hashdb.h
@@ -166,7 +166,7 @@ extern "C" {
TSK_HDB_LOOKUP_FN, void *);
int8_t(*lookup_raw) (TSK_HDB_INFO *, uint8_t *, uint8_t,
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
- int8_t(*get_updateable) (TSK_HDB_INFO *);
+ int8_t(*get_properties) (TSK_HDB_INFO *);
void(*close) (TSK_IDX_INFO *);
};
@@ -201,7 +201,8 @@ extern "C" {
*/
enum TSK_HDB_OPEN_ENUM {
TSK_HDB_OPEN_NONE = 0, ///< No special flags
- TSK_HDB_OPEN_IDXONLY = (0x1 << 0) ///< Open only the index -- do not look for the original DB
+ TSK_HDB_OPEN_IDXONLY = (0x1 << 0), ///< Open only the index -- do not look for the original DB
+ TSK_HDB_OPEN_TRY = (0x1 << 1) ///< Try to open original db. If that fails, try TSK_HDB_OPEN_IDXONLY.
};
typedef enum TSK_HDB_OPEN_ENUM TSK_HDB_OPEN_ENUM;
@@ -213,6 +214,8 @@ extern "C" {
extern uint8_t tsk_hdb_hasindex(TSK_HDB_INFO *, uint8_t htype);
+ extern uint8_t tsk_hdb_is_idxonly(TSK_HDB_INFO *);
+
extern uint8_t tsk_hdb_makeindex(TSK_HDB_INFO *, TSK_TCHAR *);
extern TSK_HDB_INFO * tsk_hdb_new(TSK_TCHAR * db_file);
diff --git a/tsk/hashdb/tsk_hashdb_i.h b/tsk/hashdb/tsk_hashdb_i.h
index e2c7bb20f923630d2fc365a35d9c90c913f9d423..e3f63fd518cad4f1b8901ac2dc9e5915c60318d5 100644
--- a/tsk/hashdb/tsk_hashdb_i.h
+++ b/tsk/hashdb/tsk_hashdb_i.h
@@ -131,7 +131,7 @@ extern "C" {
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
extern int8_t binsrch_lookup_raw(TSK_HDB_INFO *, uint8_t *, uint8_t,
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
- extern int8_t binsrch_get_updateable(TSK_HDB_INFO * hdb_info);
+ extern int8_t binsrch_get_properties(TSK_HDB_INFO * hdb_info);
extern uint8_t sqlite_v1_open(TSK_HDB_INFO *, TSK_IDX_INFO *, uint8_t);
extern void sqlite_v1_close(TSK_IDX_INFO *);
@@ -145,7 +145,7 @@ extern "C" {
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
extern int8_t sqlite_v1_lookup_raw(TSK_HDB_INFO *, uint8_t *, uint8_t,
TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
- extern int8_t sqlite_v1_get_updateable(TSK_HDB_INFO * hdb_info);
+ extern int8_t sqlite_v1_get_properties(TSK_HDB_INFO * hdb_info);
extern uint8_t sqlite3_test(FILE *);
#ifdef __cplusplus
}