RAOsAccountCache.java

Go to the documentation of this file.

/*
 * Autopsy Forensic Browser
 *
 * Copyright 2021 Basis Technology Corp.
 * Contact: carrier <at> sleuthkit <dot> org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.sleuthkit.autopsy.recentactivity;

import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Host;
import org.sleuthkit.datamodel.OsAccount;
import org.sleuthkit.datamodel.OsAccount.OsAccountAttribute;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;

final class RAOsAccountCache {

    private final Map<String, OsAccount> accountCache = new HashMap<>();

    void initialize(SleuthkitCase tskCase, Host host) throws TskCoreException {
        buildAccountMap(tskCase, host);
    }

    Optional<OsAccount> getOsAccount(AbstractFile file) throws TskCoreException {
        Optional<Long> optional = file.getOsAccountObjectId();

        if (!optional.isPresent()) {
            return getAccountForPath(file.getParentPath());
        }

        OsAccount osAccount = Case.getCurrentCase().getSleuthkitCase().getOsAccountManager().getOsAccountByObjectId(optional.get());
        if (osAccount.getName().equals("S-1-5-32-544")) {
            return getAccountForPath(file.getParentPath());
        }

        return Optional.ofNullable(osAccount);
    }

    private Optional<OsAccount> getAccountForPath(String path) {
        Path filePath = Paths.get(path.toLowerCase());
        // Check if the path might be a user path.
        if (filePath.startsWith(Paths.get("/users")) || filePath.startsWith("/document and settings")) {
            for (String key : accountCache.keySet()) {
                if (filePath.startsWith(Paths.get(key))) {
                    return Optional.of(accountCache.get(key));
                }
            }
        }
        return Optional.empty();
    }

    private void buildAccountMap(SleuthkitCase tskCase, Host host) throws TskCoreException {
        BlackboardAttribute.Type homeDir = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HOME_DIR);
        List<OsAccount> accounts = tskCase.getOsAccountManager().getOsAccounts(host);

        for (OsAccount account : accounts) {
            List<OsAccountAttribute> attributeList = account.getExtendedOsAccountAttributes();

            for (OsAccountAttribute attribute : attributeList) {
                if (attribute.getHostId().isPresent()
                        && attribute.getHostId().get().equals(host.getHostId())
                        && attribute.getAttributeType().equals(homeDir)) {
                    accountCache.put(attribute.getValueString(), account);
                }
            }
        }
    }
}