forked from Velocidex/velociraptor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclient.go
119 lines (100 loc) · 3.6 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package paths
import (
"errors"
"fmt"
"www.velocidex.com/golang/velociraptor/file_store/api"
"www.velocidex.com/golang/velociraptor/file_store/path_specs"
"www.velocidex.com/golang/velociraptor/utils"
)
type ClientPathManager struct {
root api.DSPathSpec
client_id string
}
// Where we store client records in datastore.
func (self ClientPathManager) Path() api.DSPathSpec {
return self.root.SetTag("ClientInfo")
}
func NewClientPathManager(client_id string) *ClientPathManager {
return &ClientPathManager{
root: CLIENTS_ROOT.AddChild(client_id),
client_id: client_id,
}
}
// We store the last time we saw the client in this location.
func (self ClientPathManager) Ping() api.DSPathSpec {
return self.root.AddChild("ping").
SetType(api.PATH_TYPE_DATASTORE_JSON).
SetTag("ClientPing")
}
// Keep a record of all the client's labels.
func (self ClientPathManager) Labels() api.DSPathSpec {
return self.root.AddChild("labels").
SetType(api.PATH_TYPE_DATASTORE_JSON).
SetTag("ClientLabels")
}
// Each client can have arbitrary key/value metadata.
func (self ClientPathManager) Metadata() api.DSPathSpec {
return self.root.AddChild("metadata").
SetType(api.PATH_TYPE_DATASTORE_JSON)
}
// Store each client's public key so we can communicate with it.
func (self ClientPathManager) Key() api.DSPathSpec {
return self.root.AddChild("key").
SetTag("ClientKey")
}
// Queue tasks for the client in a directory within the client's main directory.
func (self ClientPathManager) TasksDirectory() api.DSPathSpec {
return self.root.AddChild("tasks").
SetTag("ClientTaskQueue")
}
// Store each task within the tasks directory.
func (self ClientPathManager) Task(task_id uint64) api.DSPathSpec {
return self.root.AddChild("tasks", fmt.Sprintf("%d", task_id)).
SetTag("ClientTask")
}
func (self ClientPathManager) Flow(flow_id string) *FlowPathManager {
return NewFlowPathManager(self.client_id, flow_id)
}
// Where we store client VFS information - depends on client paths.
func (self ClientPathManager) VFSPath(vfs_components []string) api.DSPathSpec {
return CLIENTS_ROOT.AddUnsafeChild(self.client_id, "vfs").
AddChild(vfs_components...).
SetTag("VFS")
}
// A PathSpec for reading the client's file store
func (self ClientPathManager) FSItem(components []string) api.FSPathSpec {
return CLIENTS_ROOT.AddUnsafeChild(self.client_id).
AddChild(components...).AsFilestorePath()
}
// The client info protobuf stores information about each downloaded
// file in the datastore.
func (self ClientPathManager) VFSDownloadInfoPath(
vfs_components []string) api.DSPathSpec {
return CLIENTS_ROOT.AddUnsafeChild(self.client_id, "vfs_files").
AddChild(vfs_components...).
SetTag("VFSFile")
}
func (self ClientPathManager) VFSDownloadInfoFromClientPath(
accessor, client_path string) api.DSPathSpec {
return CLIENTS_ROOT.AddUnsafeChild(self.client_id, "vfs_files").
AddChild(accessor).
AddChild(ExtractClientPathComponents(client_path)...).
SetTag("VFSFile")
}
// The uploads tab contains the full VFS path. This function parses
// that and returns an FSPathSpec to access uploads.
// We check to make sure the VFS path belongs to this client.
func (self ClientPathManager) GetUploadsFileFromVFSPath(vfs_path string) (
api.FSPathSpec, error) {
components := utils.SplitComponents(vfs_path)
if len(components) < 5 {
return nil, errors.New("Vfs path is too short")
}
if components[0] != "clients" ||
components[1] != self.client_id ||
components[2] != "collections" {
return nil, errors.New("Invalid vfs_path")
}
return path_specs.NewUnsafeFilestorePath(components...).
SetType(api.PATH_TYPE_FILESTORE_ANY), nil
}