Sleuth Kit Java Bindings (JNI)  4.10.2
Java bindings for using The Sleuth Kit
HostManager.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2020-2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import com.google.common.base.Strings;
22 import java.sql.PreparedStatement;
23 import java.sql.ResultSet;
24 import java.sql.Savepoint;
25 import java.sql.SQLException;
26 import java.sql.Statement;
27 import java.util.ArrayList;
28 import java.util.Collections;
29 import java.util.List;
30 import java.util.Optional;
31 import java.util.UUID;
37 
41 public final class HostManager {
42 
43  private final SleuthkitCase db;
44 
51  HostManager(SleuthkitCase skCase) {
52  this.db = skCase;
53  }
54 
65  public Host newHost(String name) throws TskCoreException {
66  CaseDbTransaction transaction = db.beginTransaction();
67  try {
68  Host host = newHost(name, transaction);
69  transaction.commit();
70  transaction = null;
71  return host;
72  } finally {
73  if (transaction != null) {
74  transaction.rollback();
75  }
76  }
77  }
78 
103  Host newHost(String name, CaseDbTransaction trans) throws TskCoreException {
104  // must have a name
105  if (Strings.isNullOrEmpty(name)) {
106  throw new TskCoreException("Illegal argument passed to createHost: Host name is required.");
107  }
108 
109  CaseDbConnection connection = trans.getConnection();
110  Savepoint savepoint = null;
111 
112  try {
113  savepoint = connection.getConnection().setSavepoint();
114  String hostInsertSQL = "INSERT INTO tsk_hosts(name) VALUES (?)"; // NON-NLS
115  PreparedStatement preparedStatement = connection.getPreparedStatement(hostInsertSQL, Statement.RETURN_GENERATED_KEYS);
116 
117  preparedStatement.clearParameters();
118  preparedStatement.setString(1, name);
119 
120  connection.executeUpdate(preparedStatement);
121 
122  // Read back the row id
123  Host host = null;
124  try (ResultSet resultSet = preparedStatement.getGeneratedKeys();) {
125  if (resultSet.next()) {
126  host = new Host(resultSet.getLong(1), name); //last_insert_rowid()
127  } else {
128  throw new SQLException("Error executing " + hostInsertSQL);
129  }
130  }
131 
132  if (host != null) {
133  trans.registerAddedHost(host);
134  }
135  return host;
136  } catch (SQLException ex) {
137  if (savepoint != null) {
138  try {
139  connection.getConnection().rollback(savepoint);
140  } catch (SQLException ex2) {
141  throw new TskCoreException(String.format("Error adding host with name = %s and unable to rollback", name), ex);
142  }
143  }
144 
145  // It may be the case that the host already exists, so try to get it.
146  Optional<Host> optHost = getHostByName(name, connection);
147  if (optHost.isPresent()) {
148  return optHost.get();
149  }
150  throw new TskCoreException(String.format("Error adding host with name = %s", name), ex);
151  }
152  }
153 
164  public Host updateHostName(Host host, String newName) throws TskCoreException {
165  if (host == null) {
166  throw new TskCoreException("Illegal argument passed to updateHost: No host argument provided.");
167  } else if (newName == null) {
168  throw new TskCoreException(String.format("Illegal argument passed to updateHost: Host with id %d has no name", host.getHostId()));
169  }
170 
171  long hostId = host.getHostId();
172  Host updatedHost = null;
174  try (CaseDbConnection connection = db.getConnection()) {
175  // Don't update the name for non-active hosts
176  String hostInsertSQL = "UPDATE tsk_hosts "
177  + "SET name = "
178  + " CASE WHEN db_status = " + Host.HostDbStatus.ACTIVE.getId() + " THEN ? ELSE name END "
179  + "WHERE id = ?";
180 
181  PreparedStatement preparedStatement = connection.getPreparedStatement(hostInsertSQL, Statement.RETURN_GENERATED_KEYS);
182 
183  preparedStatement.clearParameters();
184  preparedStatement.setString(1, newName);
185  preparedStatement.setLong(2, hostId);
186 
187  connection.executeUpdate(preparedStatement);
188 
189  updatedHost = getHostById(hostId, connection).orElseThrow(()
190  -> new TskCoreException((String.format("Error while fetching newly updated host with id: %d, "))));
191 
192  } catch (SQLException ex) {
193  throw new TskCoreException(String.format("Error updating host with name = %s", newName), ex);
194  } finally {
196  }
197 
198  if (updatedHost != null) {
199  fireChangeEvent(updatedHost);
200  }
201  return updatedHost;
202  }
203 
213  public Long deleteHost(String name) throws TskCoreException {
214  if (name == null) {
215  throw new TskCoreException("Illegal argument passed to deleteHost: Name provided must be non-null");
216  }
217 
218  // query to check if there are any dependencies on this host. If so, don't delete.
219  String queryString = "SELECT COUNT(*) AS count FROM\n"
220  + "(SELECT obj_id AS id, host_id FROM data_source_info\n"
221  + "UNION\n"
222  + "SELECT id, scope_host_id AS host_id FROM tsk_os_account_realms\n"
223  + "UNION\n"
224  + "SELECT id, host_id FROM tsk_os_account_attributes\n"
225  + "UNION\n"
226  + "SELECT id, host_id FROM tsk_host_address_map) children\n"
227  + "INNER JOIN tsk_hosts h ON children.host_id = h.id WHERE LOWER(h.name)=LOWER(?)";
228 
229  String deleteString = "DELETE FROM tsk_hosts WHERE LOWER(name) = LOWER(?)";
230 
231  CaseDbTransaction trans = this.db.beginTransaction();
232  try {
233  // check if host has any child data sources. if so, don't delete and throw exception.
234  PreparedStatement query = trans.getConnection().getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);
235  query.clearParameters();
236  query.setString(1, name);
237  try (ResultSet queryResults = query.executeQuery()) {
238  if (queryResults.next() && queryResults.getLong("count") > 0) {
239  throw new TskCoreException(String.format("Host with name '%s' has child data and cannot be deleted.", name));
240  }
241  }
242 
243  // otherwise, delete the host
244  PreparedStatement update = trans.getConnection().getPreparedStatement(deleteString, Statement.RETURN_GENERATED_KEYS);
245  update.clearParameters();
246  update.setString(1, name);
247  int numUpdated = update.executeUpdate();
248 
249  // get ids for deleted.
250  Long hostId = null;
251 
252  if (numUpdated > 0) {
253  try (ResultSet updateResult = update.getGeneratedKeys()) {
254  if (updateResult.next()) {
255  hostId = updateResult.getLong(1);
256  }
257  }
258  }
259 
260  trans.commit();
261  trans = null;
262 
263  fireDeletedEvent(new Host(hostId, name));
264  return hostId;
265  } catch (SQLException ex) {
266  throw new TskCoreException(String.format("Error deleting host with name %s", name), ex);
267  } finally {
268  if (trans != null) {
269  trans.rollback();
270  }
271  }
272  }
273 
283  public List<DataSource> getDataSourcesForHost(Host host) throws TskCoreException {
284  String queryString = "SELECT * FROM data_source_info WHERE host_id = " + host.getHostId();
285 
286  List<DataSource> dataSources = new ArrayList<>();
288  try (CaseDbConnection connection = this.db.getConnection();
289  Statement s = connection.createStatement();
290  ResultSet rs = connection.executeQuery(s, queryString)) {
291 
292  while (rs.next()) {
293  dataSources.add(db.getDataSource(rs.getLong("obj_id")));
294  }
295 
296  return dataSources;
297  } catch (SQLException | TskDataException ex) {
298  throw new TskCoreException(String.format("Error getting data sources for host " + host.getName()), ex);
299  } finally {
301  }
302  }
303 
313  public Optional<Host> getHostByName(String name) throws TskCoreException {
314  try (CaseDbConnection connection = db.getConnection()) {
315  return getHostByName(name, connection);
316  }
317  }
318 
329  private Optional<Host> getHostByName(String name, CaseDbConnection connection) throws TskCoreException {
330 
331  String queryString = "SELECT * FROM tsk_hosts"
332  + " WHERE LOWER(name) = LOWER(?)"
333  + " AND db_status = " + Host.HostDbStatus.ACTIVE.getId();
334 
336  try {
337  PreparedStatement s = connection.getPreparedStatement(queryString, Statement.RETURN_GENERATED_KEYS);
338  s.clearParameters();
339  s.setString(1, name);
340 
341  try (ResultSet rs = s.executeQuery()) {
342  if (!rs.next()) {
343  return Optional.empty(); // no match found
344  } else {
345  return Optional.of(new Host(rs.getLong("id"), rs.getString("name"), Host.HostDbStatus.fromID(rs.getInt("db_status"))));
346  }
347  }
348  } catch (SQLException ex) {
349  throw new TskCoreException(String.format("Error getting host with name = %s", name), ex);
350  } finally {
352  }
353  }
354 
364  public Optional<Host> getHostById(long id) throws TskCoreException {
365  try (CaseDbConnection connection = db.getConnection()) {
366  return getHostById(id, connection);
367  }
368  }
369 
380  private Optional<Host> getHostById(long id, CaseDbConnection connection) throws TskCoreException {
381 
382  String queryString = "SELECT * FROM tsk_hosts WHERE id = " + id;
383 
385  try (Statement s = connection.createStatement();
386  ResultSet rs = connection.executeQuery(s, queryString)) {
387 
388  if (rs.next()) {
389  return Optional.of(new Host(rs.getLong("id"), rs.getString("name"), Host.HostDbStatus.fromID(rs.getInt("db_status"))));
390  } else {
391  return Optional.empty();
392  }
393  } catch (SQLException ex) {
394  throw new TskCoreException(String.format("Error getting host with id: " + id), ex);
395  } finally {
397  }
398  }
399 
407  public List<Host> getAllHosts() throws TskCoreException {
408  String queryString = "SELECT * FROM tsk_hosts WHERE db_status = " + HostDbStatus.ACTIVE.getId();
409 
410  List<Host> hosts = new ArrayList<>();
412  try (CaseDbConnection connection = this.db.getConnection();
413  Statement s = connection.createStatement();
414  ResultSet rs = connection.executeQuery(s, queryString)) {
415 
416  while (rs.next()) {
417  hosts.add(new Host(rs.getLong("id"), rs.getString("name"), Host.HostDbStatus.fromID(rs.getInt("db_status"))));
418  }
419 
420  return hosts;
421  } catch (SQLException ex) {
422  throw new TskCoreException(String.format("Error getting hosts"), ex);
423  } finally {
425  }
426  }
427 
438 
439  String queryString = "SELECT tsk_hosts.id AS hostId, tsk_hosts.name AS name, tsk_hosts.db_status AS db_status FROM \n"
440  + "tsk_hosts INNER JOIN data_source_info \n"
441  + "ON tsk_hosts.id = data_source_info.host_id \n"
442  + "WHERE data_source_info.obj_id = " + dataSource.getId();
443 
445  try (CaseDbConnection connection = this.db.getConnection();
446  Statement s = connection.createStatement();
447  ResultSet rs = connection.executeQuery(s, queryString)) {
448 
449  if (!rs.next()) {
450  throw new TskCoreException(String.format("Host not found for data source with ID = %d", dataSource.getId()));
451  } else {
452  return new Host(rs.getLong("hostId"), rs.getString("name"), Host.HostDbStatus.fromID(rs.getInt("db_status")));
453  }
454  } catch (SQLException ex) {
455  throw new TskCoreException(String.format("Error getting host for data source with ID = %d", dataSource.getId()), ex);
456  } finally {
458  }
459  }
460 
474  public void mergeHosts(Host sourceHost, Host destHost) throws TskCoreException {
475  String query = "";
476  CaseDbTransaction trans = null;
477  try {
478  trans = db.beginTransaction();
479 
480  // Merge or move any realms associated with the source host
481  List<OsAccountRealm> realms = db.getOsAccountRealmManager().getRealmsByHost(sourceHost, trans.getConnection());
482  for (OsAccountRealm realm : realms) {
483  db.getOsAccountRealmManager().moveOrMergeRealm(realm, destHost, trans);
484  }
485 
486  try (Statement s = trans.getConnection().createStatement()) {
487  // Update references to the source host
488 
489  // tsk_host_address_map has a unique constraint on host_id, addr_obj_id, time,
490  // so delete any rows that would be duplicates.
491  query = "DELETE FROM tsk_host_address_map "
492  + "WHERE id IN ( "
493  + "SELECT "
494  + " sourceMapRow.id "
495  + "FROM "
496  + " tsk_host_address_map destMapRow "
497  + "INNER JOIN tsk_host_address_map sourceMapRow ON destMapRow.addr_obj_id = sourceMapRow.addr_obj_id AND destMapRow.time = sourceMapRow.time "
498  + "WHERE destMapRow.host_id = " + destHost.getHostId()
499  + " AND sourceMapRow.host_id = " + sourceHost.getHostId() + " )";
500  s.executeUpdate(query);
501  query = makeOsAccountUpdateQuery("tsk_host_address_map", "host_id", sourceHost, destHost);
502  s.executeUpdate(query);
503 
504  query = makeOsAccountUpdateQuery("tsk_os_account_attributes", "host_id", sourceHost, destHost);
505  s.executeUpdate(query);
506 
507  query = makeOsAccountUpdateQuery("data_source_info", "host_id", sourceHost, destHost);
508  s.executeUpdate(query);
509 
510  // Mark the source host as merged and change the name to a random string.
511  String mergedName = makeMergedHostName();
512  query = "UPDATE tsk_hosts SET merged_into = " + destHost.getHostId()
513  + ", db_status = " + Host.HostDbStatus.MERGED.getId()
514  + ", name = '" + mergedName + "' "
515  + " WHERE id = " + sourceHost.getHostId();
516  s.executeUpdate(query);
517  }
518 
519  trans.commit();
520  trans = null;
521 
522  // Fire events for updated and deleted hosts
523  fireChangeEvent(sourceHost);
524  fireDeletedEvent(destHost);
525  } catch (SQLException ex) {
526  throw new TskCoreException("Error executing query: " + query, ex);
527  } finally {
528  if (trans != null) {
529  trans.rollback();
530  }
531  }
532  }
533 
544  private String makeOsAccountUpdateQuery(String tableName, String columnName, Host sourceHost, Host destHost) {
545  return "UPDATE " + tableName + " SET " + columnName + " = " + destHost.getHostId() + " WHERE " + columnName + " = " + sourceHost.getHostId();
546  }
547 
553  private String makeMergedHostName() {
554  return "MERGED " + UUID.randomUUID().toString();
555  }
556 
563  private void fireChangeEvent(Host newValue) {
564  db.fireTSKEvent(new HostsUpdatedTskEvent(Collections.singletonList(newValue)));
565  }
566 
573  private void fireDeletedEvent(Host deleted) {
574  db.fireTSKEvent(new HostsDeletedTskEvent(Collections.singletonList(deleted.getHostId())));
575  }
576 }
Host getHostByDataSource(DataSource dataSource)
List< DataSource > getDataSourcesForHost(Host host)
Optional< Host > getHostByName(String name)
OsAccountRealmManager getOsAccountRealmManager()
Optional< Host > getHostById(long id)
void mergeHosts(Host sourceHost, Host destHost)
DataSource getDataSource(long objectId)
Host updateHostName(Host host, String newName)

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.