From b0c29cf58f29a4e15fe9f5e9b2b3cfe11fbf0450 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 25 Aug 2017 11:44:27 -0400
Subject: [PATCH] Starting on JNI stuff

---
 bindings/java/jni/dataModel_SleuthkitJNI.cpp  | 27 +++++++++++++++++--
 bindings/java/jni/dataModel_SleuthkitJNI.h    | 19 +++++++++++++
 .../org/sleuthkit/datamodel/SleuthkitJNI.java |  2 ++
 tsk/auto/auto_db.cpp                          | 24 +++++++----------
 tsk/auto/tsk_case_db.h                        | 17 +++++++++---
 5 files changed, 69 insertions(+), 20 deletions(-)

diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.cpp b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
index 29ec6ab3c..60772ce33 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.cpp
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
@@ -968,8 +968,31 @@ JNIEXPORT jlong JNICALL
  * @return A pointer to the process (TskAutoDb object) or NULL on error.
  */
 JNIEXPORT jlong JNICALL
-    Java_org_sleuthkit_datamodel_SleuthkitJNI_initializeAddImgNat(JNIEnv * env, jclass obj, 
+Java_org_sleuthkit_datamodel_SleuthkitJNI_initializeAddImgNat(JNIEnv * env, jclass obj,
     jlong caseHandle, jstring timeZone, jboolean addFileSystems, jboolean addUnallocSpace, jboolean skipFatFsOrphans) {
+
+    return Java_org_sleuthkit_datamodel_SleuthkitJNI_initializeAddImgUnallocChunkNat(env, obj, caseHandle, timeZone, addFileSystems, addUnallocSpace, 500 * 1024 * 1024, -1, skipFatFsOrphans);
+}
+
+/*
+* Initialize a process for adding an image to a case database.
+*
+* @param env Pointer to java environment.
+* @param obj Pointer the Java class object.
+* @partam caseHandle Pointer to a TskCaseDb object.
+* @param timeZone The time zone for the image.
+* @param addFileSystems Pass true to attempt to add file systems within the image to the case database.
+* @param addUnallocSpace Pass true to create virtual files for unallocated space. Ignored if addFileSystems is false.
+* @param unallocMinChunk Minimum size for unallocated chunks. -1 to only chunk on natural breaks, 0 to not chunk at all. Ignored if addUnallocSpace is false.
+* @param unallocMaxChunk Maximum size for unallocated chunks even if no natural break occurs. -1 for no maximum. Ignored if addUnallocSpace is false.
+* @param skipFatFsOrphans Pass true to skip processing of orphan files for FAT file systems. Ignored if addFileSystems is false.
+*
+* @return A pointer to the process (TskAutoDb object) or NULL on error.
+*/
+JNIEXPORT jlong JNICALL
+Java_org_sleuthkit_datamodel_SleuthkitJNI_initializeAddImgUnallocChunkNat(JNIEnv * env, jclass obj,
+    jlong caseHandle, jstring timeZone, jboolean addFileSystems, jboolean addUnallocSpace, 
+    jlong unallocMinChunk, jlong unallocMaxChunk, jboolean skipFatFsOrphans) {
     jboolean isCopy;
 
     TskCaseDb *tskCase = castCaseDb(env, caseHandle);
@@ -1015,7 +1038,7 @@ JNIEXPORT jlong JNICALL
     tskAuto->setAddFileSystems(addFileSystems?true:false);
     if (addFileSystems) {
         if (addUnallocSpace) {
-            tskAuto->setAddUnallocSpace(true, 500*1024*1024);
+            tskAuto->setAddUnallocSpace(true, unallocMinChunk, unallocMaxChunk);
         }
         else {
             tskAuto->setAddUnallocSpace(false);
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.h b/bindings/java/jni/dataModel_SleuthkitJNI.h
index 37200d992..223cdee16 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.h
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.h
@@ -223,6 +223,14 @@ JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_initAddImgNat
 JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_initializeAddImgNat
   (JNIEnv *, jclass, jlong, jstring, jboolean, jboolean, jboolean);
 
+/*
+ * Class:     org_sleuthkit_datamodel_SleuthkitJNI
+ * Method:    initializeAddImgUnallocChunkNat
+ * Signature: (JLjava/lang/String;ZZJJZ)J
+ */
+JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_initializeAddImgUnallocChunkNat
+  (JNIEnv *, jclass, jlong, jstring, jboolean, jboolean, jlong, jlong, jboolean);
+
 /*
  * Class:     org_sleuthkit_datamodel_SleuthkitJNI
  * Method:    runOpenAndAddImgNat
@@ -468,3 +476,14 @@ extern "C" {
 }
 #endif
 #endif
+/* Header for class org_sleuthkit_datamodel_SleuthkitJNI_HandleCache */
+
+#ifndef _Included_org_sleuthkit_datamodel_SleuthkitJNI_HandleCache
+#define _Included_org_sleuthkit_datamodel_SleuthkitJNI_HandleCache
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index ba600c923..22241fe7d 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -1195,6 +1195,8 @@ public static boolean isImageSupported(String imagePath) {
 	private static native long initAddImgNat(long db, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;
 
 	private static native long initializeAddImgNat(long db, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;
+	
+	private static native long initializeAddImgUnallocChunkNat(long db, String timezone, boolean addFileSystems, boolean addUnallocSpace, long minChunkSize, long maxChunkSize, boolean skipFatFsOrphans) throws TskCoreException;	
 
 	private static native void runOpenAndAddImgNat(long process, String deviceId, String[] imgPath, int splits, String timezone) throws TskCoreException, TskDataException;
 
diff --git a/tsk/auto/auto_db.cpp b/tsk/auto/auto_db.cpp
index 3caffdf88..d63c9295c 100644
--- a/tsk/auto/auto_db.cpp
+++ b/tsk/auto/auto_db.cpp
@@ -58,7 +58,7 @@ TskAutoDb::TskAutoDb(TskDb * a_db, TSK_HDB_INFO * a_NSRLDb, TSK_HDB_INFO * a_kno
     m_noFatFsOrphans = false;
     m_addUnallocSpace = false;
     m_minChunkSize = -1;
-    m_maxChunkSize = 2684354560LL; //2.5GB
+    m_maxChunkSize = -1;
     tsk_init_lock(&m_curDirPathLock);
 }
 
@@ -108,22 +108,16 @@ void TskAutoDb::setAddUnallocSpace(bool addUnallocSpace)
     setAddUnallocSpace(addUnallocSpace, -1);
 }
 
-void TskAutoDb::setAddUnallocSpace(bool addUnallocSpace, int64_t chunkSize)
+void TskAutoDb::setAddUnallocSpace(bool addUnallocSpace, int64_t minChunkSize)
+{
+    setAddUnallocSpace(addUnallocSpace, minChunkSize, -1);
+}
+
+void TskAutoDb::setAddUnallocSpace(bool addUnallocSpace, int64_t minChunkSize, int64_t maxChunkSize)
 {
     m_addUnallocSpace = addUnallocSpace;
-    m_minChunkSize = chunkSize;
-    if (m_minChunkSize > 0) {
-        // Set the max to 500 MB over the minimum if the user specified it
-        m_maxChunkSize = m_minChunkSize + 500 * 1024 * 1024; 
-    }
-    else if (m_minChunkSize == 0) {
-        // If the user wants all unalloc space in one file, set max chunk size to zero
-        m_maxChunkSize = 0;
-    }
-    else {
-        // Set max chunk size to the default
-        m_maxChunkSize = 2684354560LL; //2.5GB
-    }
+    m_minChunkSize = minChunkSize;
+    m_maxChunkSize = maxChunkSize;
 }
 
 /**
diff --git a/tsk/auto/tsk_case_db.h b/tsk/auto/tsk_case_db.h
index fa4746f5f..c1882d079 100644
--- a/tsk/auto/tsk_case_db.h
+++ b/tsk/auto/tsk_case_db.h
@@ -88,11 +88,22 @@ class TskAutoDb:public TskAuto {
     /**
      * When enabled, records for unallocated file system space will be added to the database. Default value is false.
      * @param addUnallocSpace If true, create records for contiguous unallocated file system sectors.
-     * @param chunkSize the number of bytes to group unallocated data into. A value of 0 will create
+     * @param minChunkSize the number of bytes to group unallocated data into. A value of 0 will create
      * one large chunk and group only on volume boundaries. A value of -1 will group each consecutive
      * chunk.
      */
-    virtual void setAddUnallocSpace(bool addUnallocSpace, int64_t chunkSize);
+    virtual void setAddUnallocSpace(bool addUnallocSpace, int64_t minChunkSize);
+
+    /**
+    * When enabled, records for unallocated file system space will be added to the database. Default value is false.
+    * @param addUnallocSpace If true, create records for contiguous unallocated file system sectors.
+    * @param minChunkSize the number of bytes to group unallocated data into. A value of 0 will create
+    * one large chunk and group only on volume boundaries. A value of -1 will group each consecutive
+    * chunk.
+    * @param maxChunkSize the maximum number of bytes in one record of unallocated data. A value of -1 will not
+    * split the records based on size
+    */
+    virtual void setAddUnallocSpace(bool addUnallocSpace, int64_t minChunkSize, int64_t maxChunkSize);
 
     uint8_t addFilesInImgToDb();
 
@@ -134,7 +145,7 @@ class TskAutoDb:public TskAuto {
     bool m_noFatFsOrphans;
     bool m_addUnallocSpace;
     int64_t m_minChunkSize; ///< -1 for no minimum, 0 for no chunking at all, greater than 0 to wait for that number of chunks before writing to the database 
-    int64_t m_maxChunkSize; ///< Max number of unalloc bytes to process before writing to the database, even if there is no natural break. 0 for no chunking
+    int64_t m_maxChunkSize; ///< Max number of unalloc bytes to process before writing to the database, even if there is no natural break. -1 for no chunking
     bool m_foundStructure;  ///< Set to true when we find either a volume or file system
     bool m_attributeAdded; ///< Set to true when an attribute was added by processAttributes
 
-- 
GitLab