Merge pull request #2817 from gdicristofaro/8440-new_table_load

8440 new table load

Merge pull request #2817 from gdicristofaro/8440-new_table_load
f5c3c761 · eugene7646 · GitHub · 2700bd3f · 51564a01 · f5c3c761
Unverified Commit f5c3c761 authored 2 years ago by eugene7646 Committed by GitHub 2 years ago
--- a/bindings/java/src/org/sleuthkit/datamodel/OsAccountManager.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/OsAccountManager.java
@@ -958,7 +958,8 @@ private void mergeOsAccounts(OsAccount sourceAccount, OsAccount destAccount, Cas
 			s.executeUpdate(query);

 			
-			// TBD: We need to emit another event which tells CT that two accounts are being merged so it can updates other dedicated tables 
+			// register the merged accounts with the transaction to fire off an event
+			trans.registerMergedOsAccount(sourceAccount.getId(), destAccount.getId());
 			
 			// Update the source account. Make a dummy signature to prevent problems with the unique constraint.
 			String mergedSignature = makeMergedOsAccountSignature();

--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -11034,7 +11034,8 @@ void setAcquisitionToolDetails(DataSource datasource, String name, String versio
 	 *
 	 * @throws TskCoreException
 	 */
-	void setAcquisitionDetails(long dataSourceId, String details, CaseDbTransaction trans) throws TskCoreException {
+	@Beta
+	public void setAcquisitionDetails(long dataSourceId, String details, CaseDbTransaction trans) throws TskCoreException {
 		try {
 			CaseDbConnection connection = trans.getConnection();
 			PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_ACQUISITION_DETAILS);
@@ -13756,6 +13757,7 @@ public static final class CaseDbTransaction {
 		private List<Host> hostsAdded = new ArrayList<>();
 		private List<OsAccount> accountsChanged = new ArrayList<>();
 		private List<OsAccount> accountsAdded = new ArrayList<>();
+		private List<TskEvent.MergedAccountsPair> accountsMerged = new ArrayList<>();
  
 		private List<Long> deletedOsAccountObjectIds = new ArrayList<>();
 		private List<Long> deletedResultObjectIds = new ArrayList<>();
@@ -13843,6 +13845,16 @@ void registerAddedOsAccount(OsAccount account) {
 			}
 		}
  
+		/**
+		 * Saves an account that has been merged as part of this transaction.
+		 *
+		 * @param sourceOsAccountObjId
+		 * @param destinationOsAccountObjId
+		 */
+		void registerMergedOsAccount(long sourceOsAccountObjId, long destinationOsAccountObjId) {
+			accountsMerged.add(new TskEvent.MergedAccountsPair(sourceOsAccountObjId, destinationOsAccountObjId));
+		}
+
 		/**
 		 * Saves an analysis result that has been deleted as a part of this
 		 * transaction.
@@ -13919,6 +13931,9 @@ public void commit() throws TskCoreException {
 				if (!accountsChanged.isEmpty()) {
 					sleuthkitCase.fireTSKEvent(new TskEvent.OsAccountsUpdatedTskEvent(accountsChanged));
 				}
+				if (!accountsMerged.isEmpty()) {
+					sleuthkitCase.fireTSKEvent(new TskEvent.OsAccountsMergedTskEvent(accountsMerged));
+				}
 				if (!deletedOsAccountObjectIds.isEmpty()) {
 					sleuthkitCase.fireTSKEvent(new TskEvent.OsAccountsDeletedTskEvent(deletedOsAccountObjectIds));
 				}

--- a/bindings/java/src/org/sleuthkit/datamodel/TskEvent.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TskEvent.java
@@ -307,6 +307,63 @@ public List<Long> getOsAccountObjectIds() {

 	}

+	/**
+	 * An event published when one or more OS accounts are merged.
+	 */
+	public final static class OsAccountsMergedTskEvent extends TskObjectsEvent<MergedAccountsPair> {
+
+		/**
+		 * Constructs an event published when one or more OS accounts are
+		 * merged.
+		 *
+		 * @param mergedAccounts List of the merged OS accounts.
+		 */
+		OsAccountsMergedTskEvent(List<MergedAccountsPair> mergedAccounts) {
+			super(mergedAccounts);
+		}
+
+
+		/**
+		 * Gets the pairs of merged accounts
+		 * 
+		 * @return 
+		 */
+		public List<MergedAccountsPair> getMergedAccountPairs() {
+			return getDataModelObjects();
+		}
+
+	}
+
+	/**
+	 * Container to encapsulate the merged account ids, contains both the source and destination account ids.
+	 */
+	public final static class MergedAccountsPair {
+
+		private final Long sourceOsAccountId;
+		private final Long destinationOsAccountId;
+
+		public MergedAccountsPair(Long sourceOsAccountId, Long destinationOsAccountId) {
+			this.sourceOsAccountId = sourceOsAccountId;
+			this.destinationOsAccountId = destinationOsAccountId;
+		}
+
+		/**
+		 * Gets the source os account id. This is the account that was marked as "MERGED"
+		 * @return The TSK object ID of the source os account
+		 */
+		public Long getSourceOsAccountId() {
+			return sourceOsAccountId;
+		}
+
+		/**
+		 * Gets the destination os account id. This is the account that the source was merged into.
+		 * @return The TSK object ID of the destination os account
+		 */
+		public Long getDestinationOsAccountId() {
+			return destinationOsAccountId;
+		}
+	}
+	
 	/**
 	 * An event published when one or more OS account instances are added.
 	 */

--- a/bindings/java/test/org/sleuthkit/datamodel/OsAccountTest.java
+++ b/bindings/java/test/org/sleuthkit/datamodel/OsAccountTest.java
@@ -396,6 +396,87 @@ public void mergeRealmsTests() throws TskCoreException, OsAccountManager.NotUser
 		}
 	}
 	
+	@Test 
+	public void updateRealmAndMergeTests() throws TskCoreException, OsAccountManager.NotUserSIDException {
+		
+		/**
+		 * Test the scenario where an update of an account triggers an update of 
+		 * a realm and subsequent merge of realms and accounts.
+		 */
+		
+		Host host = caseDB.getHostManager().newHost("updateRealmAndMergeTestHost");
+		
+		
+		
+			// Step 1: create a local account with SID and user name
+			String ownerUid1 = "S-1-5-21-1182664808-117526782-2525957323-13395";
+			String realmName1 = null;
+			String loginName1 = "sandip";
+			
+			OsAccount osAccount1 = caseDB.getOsAccountManager().newWindowsOsAccount(ownerUid1, loginName1, realmName1, host, OsAccountRealm.RealmScope.LOCAL);
+			OsAccountRealm realm1 = caseDB.getOsAccountRealmManager().getRealmByRealmId(osAccount1.getRealmId());
+			
+			assertEquals(realm1.getRealmAddr().isPresent(), true);	// verify the realm has a SID
+			assertEquals(realm1.getRealmNames().isEmpty(), true);	// verify the realm has no name
+			
+			
+			// Step2: create a local account with domain name and username
+			String ownerUid2 = null;
+			String realmName2 = "CORP";
+			String loginName2 = "sandip";
+			
+			Optional<OsAccount> oOsAccount2 = caseDB.getOsAccountManager().getWindowsOsAccount(ownerUid2, loginName2, realmName2, host);
+			
+			// this account should not exists
+			assertEquals(oOsAccount2.isPresent(), false);
+			
+			// create a new account -  a new realm as there is nothing to tie it to realm1 
+			OsAccount osAccount2 = caseDB.getOsAccountManager().newWindowsOsAccount(ownerUid2, loginName2, realmName2, host, OsAccountRealm.RealmScope.LOCAL);
+			OsAccountRealm realm2 = caseDB.getOsAccountRealmManager().getRealmByRealmId(osAccount2.getRealmId());
+			
+			assertTrue(osAccount1.getId() != osAccount2.getId());
+			assertTrue(realm1.getRealmId() != realm2.getRealmId());
+			
+			
+			
+			// Step 3: now create/update the account with sid/domain/username
+			// this should return the existing account1, which needs to be updated.
+			String ownerUid3 = "S-1-5-21-1182664808-117526782-2525957323-13395";
+			String realmAddr3 = "S-1-5-21-1182664808-117526782-2525957323";
+			String loginName3 = "sandip";
+			String realmName3 = "CORP";
+			
+			Optional<OsAccount> oOsAccount3 = caseDB.getOsAccountManager().getWindowsOsAccount(ownerUid3, loginName3, realmName3, host);
+
+			assertTrue(oOsAccount3.isPresent());
+			
+            
+			// update the account so that its domain gets updated.
+			OsAccountManager.OsAccountUpdateResult updateResult = caseDB.getOsAccountManager().updateCoreWindowsOsAccountAttributes(oOsAccount3.get(), ownerUid3, loginName3, realmName3, host);
+			Optional<OsAccount> updatedAccount3 = updateResult.getUpdatedAccount();
+			assertTrue(updatedAccount3.isPresent());
+
+			// this should cause the realm1 to be updated - and then realm2 to be merged into realm1 
+			OsAccountRealm realm3 = caseDB.getOsAccountRealmManager().getRealmByRealmId(updatedAccount3.get().getRealmId());
+
+			assertTrue(realm3.getRealmId() == realm1.getRealmId());
+
+			assertTrue(realm3.getRealmAddr().isPresent());		// verify the realm gets an addr
+			assertTrue(realm3.getRealmAddr().get().equalsIgnoreCase(realmAddr3));
+			
+			assertTrue(realm3.getRealmNames().get(0).equalsIgnoreCase(realmName3));	// verify realm name.
+
+
+			// And now verify that the realm2 has been merged into realm1. 
+			OsAccountRealm realm22 = caseDB.getOsAccountRealmManager().getRealmByRealmId(osAccount2.getRealmId());
+			assertTrue(realm22.getDbStatus() == OsAccountRealm.RealmDbStatus.MERGED);
+
+			//and account2 has been merged into account1
+			OsAccount osAccount22 = caseDB.getOsAccountManager().getOsAccountByObjectId(osAccount2.getId());
+			assertTrue(osAccount22.getOsAccountDbStatus() == OsAccount.OsAccountDbStatus.MERGED);
+				
+	}
+	
 	@Test 
 	public void hostAddressTests() throws TskCoreException {