**************************************************************************************************/
/* FPSpotlightRPC subcommand codes */
+#define SPOTLIGHT_CMD_VOLPATH 1
#define SPOTLIGHT_CMD_FLAGS 2
#define SPOTLIGHT_CMD_RPC 3
-#define SPOTLIGHT_CMD_VOLPATH 4
/* Spotlight epoch is UNIX epoch minus SPOTLIGHT_TIME_DELTA */
#define SPOTLIGHT_TIME_DELTA INT64_C(280878921600U)
#define SQ_TYPE_CNIDS 0x8700
#define SQ_TYPE_UUID 0x0e00
#define SQ_TYPE_DATE 0x8600
+#define SQ_TYPE_TOC 0x8800
-#define SQ_CPX_TYPE_ARRAY 0x0a00
-#define SQ_CPX_TYPE_STRING 0x0c00
-#define SQ_CPX_TYPE_UTF16_STRING 0x1c00
-#define SQ_CPX_TYPE_DICT 0x0d00
-#define SQ_CPX_TYPE_CNIDS 0x1a00
-#define SQ_CPX_TYPE_FILEMETA 0x1b00
+#define SQ_CPX_TYPE_ARRAY 0x0a00
+#define SQ_CPX_TYPE_STRING 0x0c00
+#define SQ_CPX_TYPE_UTF16_STRING 0x1c00
+#define SQ_CPX_TYPE_DICT 0x0d00
+#define SQ_CPX_TYPE_CNIDS 0x1a00
+#define SQ_CPX_TYPE_FILEMETA 0x1b00
#define SUBQ_SAFETY_LIM 20
#define SL_ENC_BIG_ENDIAN 2
#define SL_ENC_UTF_16 4
-static uint64_t spotlight_ntoh64(const char *buf, int encoding)
-{
- if (encoding == SL_ENC_LITTLE_ENDIAN)
- return LVAL(buf, 0);
- else
- return ntoh64(LVAL(buf, 0));
-}
+/* Forward declarations */
+static int dissect_spotlight(DALLOC_CTX *query, const char *buf);
+static int sl_pack_loop(DALLOC_CTX *query, char *buf, int offset, char *toc_buf, int *toc_idx);
-#if 0
-static gdouble
-spotlight_ntohieee_double(tvbuff_t *tvb, gint offset, guint encoding)
+/* Helper functions and stuff */
+static const char *neststrings[] = {
+ "",
+ "\t",
+ "\t\t",
+ "\t\t\t",
+ "\t\t\t\t",
+ "\t\t\t\t\t",
+ "\t\t\t\t\t\t",
+};
+
+static int dd_dump(DALLOC_CTX *dd, int nestinglevel)
{
- if (encoding == ENC_LITTLE_ENDIAN)
- return tvb_get_letohieee_double(tvb, offset);
- else
- return tvb_get_ntohieee_double(tvb, offset);
+ const char *type;
+
+ LOG(log_debug, logtype_sl, "%s%s(#%d): {",
+ neststrings[nestinglevel], talloc_get_name(dd), talloc_array_length(dd->dd_talloc_array));
+
+ for (int n = 0; n < talloc_array_length(dd->dd_talloc_array); n++) {
+
+ type = talloc_get_name(dd->dd_talloc_array[n]);
+
+ if (STRCMP(type, ==, "DALLOC_CTX")
+ || STRCMP(type, ==, "sl_array_t")
+ || STRCMP(type, ==, "sl_dict_t")) {
+ dd_dump(dd->dd_talloc_array[n], nestinglevel + 1);
+ } else if (STRCMP(type, ==, "uint64_t")) {
+ uint64_t i;
+ memcpy(&i, dd->dd_talloc_array[n], sizeof(uint64_t));
+ LOG(log_debug, logtype_sl, "%suint64_t: 0x%04x", neststrings[nestinglevel + 1], i);
+ } else if (STRCMP(type, ==, "int64_t")) {
+ int64_t i;
+ memcpy(&i, dd->dd_talloc_array[n], sizeof(int64_t));
+ LOG(log_debug, logtype_sl, "%sint64_t: %" PRId64, neststrings[nestinglevel + 1], i);
+ } else if (STRCMP(type, ==, "uint32_t")) {
+ uint32_t i;
+ memcpy(&i, dd->dd_talloc_array[n], sizeof(uint32_t));
+ LOG(log_debug, logtype_sl, "%s%s: %" PRIu32, neststrings[nestinglevel + 1], type, i);
+ } else if (STRCMP(type, ==, "char *")) {
+ char *s;
+ memcpy(&s, dd->dd_talloc_array[n], sizeof(char *));
+ LOG(log_debug, logtype_sl, "%sstring: %s", neststrings[nestinglevel + 1], s);
+ } else if (STRCMP(type, ==, "sl_bool_t")) {
+ sl_bool_t bl;
+ memcpy(&bl, dd->dd_talloc_array[n], sizeof(sl_bool_t));
+ LOG(log_debug, logtype_sl, "%sbool: %s", neststrings[nestinglevel + 1], bl ? "true" : "false");
+ } else if (STRCMP(type, ==, "sl_cnids_t")) {
+ sl_cnids_t cnids;
+ memcpy(&cnids, dd->dd_talloc_array[n], sizeof(sl_cnids_t));
+ LOG(log_debug, logtype_sl, "%sCNIDs: unkn1: %" PRIu16 ", unkn2: %" PRIu32,
+ neststrings[nestinglevel + 1], cnids.ca_unkn1, cnids.ca_context);
+ if (cnids.ca_cnids)
+ dd_dump(cnids.ca_cnids, nestinglevel + 1);
+ }
+ }
+ LOG(log_debug, logtype_sl, "%s}", neststrings[nestinglevel]);
}
/*
* Returns the UTF-16 string encoding, by checking the 2-byte byte order mark.
* If there is no byte order mark, -1 is returned.
*/
-static guint
-spotlight_get_utf16_string_encoding(tvbuff_t *tvb, gint offset, gint query_length, guint encoding) {
- guint utf16_encoding;
-
- /* check for byte order mark */
- utf16_encoding = ENC_BIG_ENDIAN;
- if (query_length >= 2) {
- guint16 byte_order_mark;
- if (encoding == ENC_LITTLE_ENDIAN)
- byte_order_mark = tvb_get_letohs(tvb, offset);
- else
- byte_order_mark = tvb_get_ntohs(tvb, offset);
-
- if (byte_order_mark == 0xFFFE) {
- utf16_encoding = ENC_BIG_ENDIAN | ENC_UTF_16;
- }
- else if (byte_order_mark == 0xFEFF) {
- utf16_encoding = ENC_LITTLE_ENDIAN | ENC_UTF_16;
- }
- }
-
- return utf16_encoding;
+static uint spotlight_get_utf16_string_encoding(const char *buf, int offset, int query_length, uint encoding) {
+ uint utf16_encoding;
+
+ /* check for byte order mark */
+ utf16_encoding = SL_ENC_BIG_ENDIAN;
+ if (query_length >= 2) {
+ uint16_t byte_order_mark;
+ if (encoding == SL_ENC_LITTLE_ENDIAN)
+ byte_order_mark = SVAL(buf, offset);
+ else
+ byte_order_mark = RSVAL(buf, offset);
+
+ if (byte_order_mark == 0xFFFE) {
+ utf16_encoding = SL_ENC_BIG_ENDIAN | SL_ENC_UTF_16;
+ }
+ else if (byte_order_mark == 0xFEFF) {
+ utf16_encoding = SL_ENC_LITTLE_ENDIAN | SL_ENC_UTF_16;
+ }
+ }
+
+ return utf16_encoding;
}
-static gint
-spotlight_int64(tvbuff_t *tvb, proto_tree *tree, gint offset, guint encoding)
+/**************************************************************************************************
+ * marshalling functions
+ **************************************************************************************************/
+
+#define SL_OFFSET_DELTA 16
+
+static uint64_t sl_pack_tag(uint16_t type, uint16_t size_or_count, uint32_t val)
{
- gint count, i;
- guint64 query_data64;
+ uint64_t tag = ((uint64_t)val << 32) | ((uint64_t)type << 16) | size_or_count;
+ return tag;
+}
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- count = query_data64 >> 32;
- offset += 8;
+static int sl_pack_float(double d, char *buf, int offset)
+{
+ union {
+ double d;
+ uint64_t w;
+ } ieee_fp_union;
- i = 0;
- while (i++ < count) {
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- proto_tree_add_text(tree, tvb, offset, 8, "int64: 0x%016" G_GINT64_MODIFIER "x", query_data64);
- offset += 8;
- }
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_FLOAT, 2, 1));
+ SLVAL(buf, offset + 8, ieee_fp_union.w);
- return count;
+ return offset + 2 * sizeof(uint64_t);
}
-static gint
-spotlight_date(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset, guint encoding)
+static int sl_pack_uint64(uint64_t u, char *buf, int offset)
{
- gint count, i;
- guint64 query_data64;
- nstime_t t;
-
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- count = query_data64 >> 32;
- offset += 8;
-
- if (count > SUBQ_SAFETY_LIM) {
- expert_add_info_format(pinfo, tree, PI_MALFORMED, PI_ERROR,
- "Subquery count (%d) > safety limit (%d)", count, SUBQ_SAFETY_LIM);
- return -1;
- }
-
- i = 0;
- while (i++ < count) {
- query_data64 = spotlight_ntoh64(tvb, offset, encoding) >> 24;
- t.secs = query_data64 - SPOTLIGHT_TIME_DELTA;
- t.nsecs = 0;
- proto_tree_add_time(tree, hf_afp_spotlight_date, tvb, offset, 8, &t);
- offset += 8;
- }
-
- return count;
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_INT64, 2, 1));
+ SLVAL(buf, offset + 8, u);
+
+ return offset + 2 * sizeof(uint64_t);
}
-static gint
-spotlight_uuid(tvbuff_t *tvb, proto_tree *tree, gint offset, guint encoding)
+static int sl_pack_bool(sl_bool_t bl, char *buf, int offset)
{
- gint count, i;
- guint64 query_data64;
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_BOOL, 1, bl ? 1 : 0));
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- count = query_data64 >> 32;
- offset += 8;
+ return offset + sizeof(uint64_t);
+}
- i = 0;
- while (i++ < count) {
- proto_tree_add_item(tree, hf_afp_spotlight_uuid, tvb, offset, 16, ENC_BIG_ENDIAN);
- offset += 16;
- }
+static int sl_pack_nil(char *buf, int offset)
+{
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_NULL, 1, 1));
- return count;
+ return offset + sizeof(uint64_t);
}
-static gint
-spotlight_float(tvbuff_t *tvb, proto_tree *tree, gint offset, guint encoding)
+static int sl_pack_date(sl_time_t t, char *buf, int offset)
{
- gint count, i;
- guint64 query_data64;
- gdouble fval;
-
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- count = query_data64 >> 32;
- offset += 8;
-
- i = 0;
- while (i++ < count) {
- fval = spotlight_ntohieee_double(tvb, offset, encoding);
- proto_tree_add_text(tree, tvb, offset, 8, "float: %f", fval);
- offset += 8;
- }
-
- return count;
+ uint64_t data = 0;
+
+ data = (t.tv_sec + SPOTLIGHT_TIME_DELTA) << 24;
+
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_DATE, 2, 1));
+ SLVAL(buf, offset + 8, data);
+
+ return offset + 2 * sizeof(uint64_t);
}
-static gint
-spotlight_CNID_array(tvbuff_t *tvb, proto_tree *tree, gint offset, guint encoding)
+static int sl_pack_uuid(sl_uuid_t *uuid, char *buf, int offset)
{
- gint count;
- guint64 query_data64;
- guint16 unknown1;
- guint32 unknown2;
-
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- count = query_data64 & 0xffff;
- unknown1 = (query_data64 & 0xffff0000) >> 16;
- unknown2 = query_data64 >> 32;
-
- proto_tree_add_text(tree, tvb, offset + 2, 2, "unknown1: 0x%04" G_GINT16_MODIFIER "x",
- unknown1);
- proto_tree_add_text(tree, tvb, offset + 4, 4, "unknown2: 0x%08" G_GINT32_MODIFIER "x",
- unknown2);
- offset += 8;
-
-
- while (count --) {
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- proto_tree_add_text(tree, tvb, offset, 8, "CNID: %" G_GINT64_MODIFIER "u",
- query_data64);
- offset += 8;
- }
-
- return 0;
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_UUID, 3, 1));
+ memcpy(buf + offset + 8, uuid, 16);
+
+ return offset + sizeof(uint64_t) + 16;
}
-static const char *spotlight_get_qtype_string(guint64 query_type)
+static int sl_pack_CNID(sl_cnids_t *cnids, char *buf, int offset, char *toc_buf, int *toc_idx)
{
- switch (query_type) {
- case SQ_TYPE_NULL:
- return "null";
- case SQ_TYPE_COMPLEX:
- return "complex";
- case SQ_TYPE_INT64:
- return "int64";
- case SQ_TYPE_BOOL:
- return "bool";
- case SQ_TYPE_FLOAT:
- return "float";
- case SQ_TYPE_DATA:
- return "data";
- case SQ_TYPE_CNIDS:
- return "CNIDs";
- default:
- return "unknown";
- }
+ int len = 0, off = 0;
+ int cnid_count = talloc_array_length(cnids->ca_cnids);
+
+ SLVAL(toc_buf, *toc_idx * 8, sl_pack_tag(SQ_CPX_TYPE_CNIDS, (offset + SL_OFFSET_DELTA) / 8, cnid_count));
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_COMPLEX, 1, *toc_idx + 1));
+ *toc_idx += 1;
+ offset += 8;
+
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_CNIDS, 2 + cnid_count, 8 /* unknown meaning, but always 8 */));
+ offset += 8;
+
+ if (cnid_count > 0) {
+ SLVAL(buf, offset, sl_pack_tag(0x0add, cnid_count, cnids->ca_context));
+ offset += 8;
+
+ for (int i = 0; i < cnid_count; i++) {
+ SLVAL(buf, offset, cnids->ca_cnids->dd_talloc_array[i]);
+ offset += 8;
+ }
+ }
+
+ return offset;
}
-static const char *spotlight_get_cpx_qtype_string(guint64 cpx_query_type)
+static int sl_pack_array(sl_array_t *array, char *buf, int offset, char *toc_buf, int *toc_idx)
{
- switch (cpx_query_type) {
- case SQ_CPX_TYPE_ARRAY:
- return "array";
- case SQ_CPX_TYPE_STRING:
- return "string";
- case SQ_CPX_TYPE_UTF16_STRING:
- return "utf-16 string";
- case SQ_CPX_TYPE_DICT:
- return "dictionary";
- case SQ_CPX_TYPE_CNIDS:
- return "CNIDs";
- case SQ_CPX_TYPE_FILEMETA:
- return "FileMeta";
- default:
- return "unknown";
- }
+ int count = talloc_array_length(array->dd_talloc_array);
+ int octets = (offset + SL_OFFSET_DELTA) / 8;
+
+ LOG(log_maxdebug, logtype_sl, "sl_pack_array: count: %d, offset:%d, octets: %d", count, offset, octets);
+
+ SLVAL(toc_buf, *toc_idx * 8, sl_pack_tag(SQ_CPX_TYPE_ARRAY, octets, count));
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_COMPLEX, 1, *toc_idx + 1));
+ *toc_idx += 1;
+ offset += 8;
+
+ offset = sl_pack_loop(array, buf, offset, toc_buf, toc_idx);
+
+ return offset;
}
-static gint
-spotlight_dissect_query_loop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset,
- guint64 cpx_query_type, gint count, gint toc_offset, guint encoding)
+static int sl_pack_dict(sl_array_t *dict, char *buf, int offset, char *toc_buf, int *toc_idx)
{
- gint i, j;
- gint subquery_count;
- gint toc_index;
- guint64 query_data64;
- gint query_length;
- guint64 query_type;
- guint64 complex_query_type;
- guint unicode_encoding;
- guint8 mark_exists;
-
- proto_item *item_query;
- proto_tree *sub_tree;
-
- /*
- * This loops through a possibly nested query data structure.
- * The outermost one is always without count and called from
- * dissect_spotlight() with count = INT_MAX thus the while (...)
- * loop terminates if (offset >= toc_offset).
- * If nested structures are found, these will have an encoded element
- * count which is used in a recursive call to
- * spotlight_dissect_query_loop as count parameter, thus in this case
- * the while (...) loop will terminate when count reaches 0.
- */
- while ((offset < (toc_offset - 8)) && (count > 0)) {
- query_data64 = spotlight_ntoh64(tvb, offset, encoding);
- query_length = (query_data64 & 0xffff) * 8;
- if (query_length == 0) {
- /* XXX - report this as an error */
- break;
- }
- query_type = (query_data64 & 0xffff0000) >> 16;
-
- switch (query_type) {
- case SQ_TYPE_COMPLEX:
- toc_index = (gint)((query_data64 >> 32) - 1);
- query_data64 = spotlight_ntoh64(tvb, toc_offset + toc_index * 8, encoding);
- complex_query_type = (query_data64 & 0xffff0000) >> 16;
-
- switch (complex_query_type) {
- case SQ_CPX_TYPE_ARRAY:
- case SQ_CPX_TYPE_DICT:
- subquery_count = (gint)(query_data64 >> 32);
- item_query = proto_tree_add_text(tree, tvb, offset, query_length,
- "%s, toc index: %u, children: %u",
- spotlight_get_cpx_qtype_string(complex_query_type),
- toc_index + 1,
- subquery_count);
- break;
- case SQ_CPX_TYPE_STRING:
- subquery_count = 1;
- query_data64 = spotlight_ntoh64(tvb, offset + 8, encoding);
- query_length = (query_data64 & 0xffff) * 8;
- item_query = proto_tree_add_text(tree, tvb, offset, query_length + 8,
- "%s, toc index: %u, string: '%s'",
- spotlight_get_cpx_qtype_string(complex_query_type),
- toc_index + 1,
- tvb_get_ephemeral_string(tvb, offset + 16, query_length - 8));
- break;
- case SQ_CPX_TYPE_UTF16_STRING:
- /*
- * This is an UTF-16 string.
- * Dissections show the typical byte order mark 0xFFFE or 0xFEFF, respectively.
- * However the existence of such a mark can not be assumed.
- * If the mark is missing, big endian encoding is assumed.
- */
-
- subquery_count = 1;
- query_data64 = spotlight_ntoh64(tvb, offset + 8, encoding);
- query_length = (query_data64 & 0xffff) * 8;
-
- unicode_encoding = spotlight_get_utf16_string_encoding(tvb, offset + 16, query_length - 8, encoding);
- mark_exists = (unicode_encoding & ENC_UTF_16);
- unicode_encoding &= ~ENC_UTF_16;
-
- item_query = proto_tree_add_text(tree, tvb, offset, query_length + 8,
- "%s, toc index: %u, utf-16 string: '%s'",
- spotlight_get_cpx_qtype_string(complex_query_type),
- toc_index + 1,
- tvb_get_ephemeral_unicode_string(tvb, offset + (mark_exists ? 18 : 16),
- query_length - (mark_exists? 10 : 8), unicode_encoding));
- break;
- default:
- subquery_count = 1;
- item_query = proto_tree_add_text(tree, tvb, offset, query_length,
- "type: %s (%s), toc index: %u, children: %u",
- spotlight_get_qtype_string(query_type),
- spotlight_get_cpx_qtype_string(complex_query_type),
- toc_index + 1,
- subquery_count);
- break;
- }
-
- sub_tree = proto_item_add_subtree(item_query, ett_afp_spotlight_query_line);
- offset += 8;
- offset = spotlight_dissect_query_loop(tvb, pinfo, sub_tree, offset, complex_query_type, subquery_count, toc_offset, encoding);
- count--;
- break;
- case SQ_TYPE_NULL:
- subquery_count = (gint)(query_data64 >> 32);
- if (subquery_count > count) {
- item_query = proto_tree_add_text(tree, tvb, offset, query_length, "null");
- expert_add_info_format(pinfo, item_query, PI_MALFORMED, PI_ERROR,
- "Subquery count (%d) > query count (%d)", subquery_count, count);
- count = 0;
- } else if (subquery_count > 20) {
- item_query = proto_tree_add_text(tree, tvb, offset, query_length, "null");
- expert_add_info_format(pinfo, item_query, PI_PROTOCOL, PI_WARN,
- "Abnormal number of subqueries (%d)", subquery_count);
- count -= subquery_count;
- } else {
- for (i = 0; i < subquery_count; i++, count--)
- proto_tree_add_text(tree, tvb, offset, query_length, "null");
- }
- offset += query_length;
- break;
- case SQ_TYPE_BOOL:
- proto_tree_add_text(tree, tvb, offset, query_length, "bool: %s",
- (query_data64 >> 32) ? "true" : "false");
- count--;
- offset += query_length;
- break;
- case SQ_TYPE_INT64:
- item_query = proto_tree_add_text(tree, tvb, offset, 8, "int64");
- sub_tree = proto_item_add_subtree(item_query, ett_afp_spotlight_query_line);
- j = spotlight_int64(tvb, sub_tree, offset, encoding);
- count -= j;
- offset += query_length;
- break;
- case SQ_TYPE_UUID:
- item_query = proto_tree_add_text(tree, tvb, offset, 8, "UUID");
- sub_tree = proto_item_add_subtree(item_query, ett_afp_spotlight_query_line);
- j = spotlight_uuid(tvb, sub_tree, offset, encoding);
- count -= j;
- offset += query_length;
- break;
- case SQ_TYPE_FLOAT:
- item_query = proto_tree_add_text(tree, tvb, offset, 8, "float");
- sub_tree = proto_item_add_subtree(item_query, ett_afp_spotlight_query_line);
- j = spotlight_float(tvb, sub_tree, offset, encoding);
- count -= j;
- offset += query_length;
- break;
- case SQ_TYPE_DATA:
- switch (cpx_query_type) {
- case SQ_CPX_TYPE_STRING:
- proto_tree_add_text(tree, tvb, offset, query_length, "string: '%s'",
- tvb_get_ephemeral_string(tvb, offset + 8, query_length - 8));
- break;
- case SQ_CPX_TYPE_UTF16_STRING: {
- /* description see above */
- unicode_encoding = spotlight_get_utf16_string_encoding(tvb, offset + 8, query_length, encoding);
- mark_exists = (unicode_encoding & ENC_UTF_16);
- unicode_encoding &= ~ENC_UTF_16;
-
- proto_tree_add_text(tree, tvb, offset, query_length, "utf-16 string: '%s'",
- tvb_get_ephemeral_unicode_string(tvb, offset + (mark_exists ? 10 : 8),
- query_length - (mark_exists? 10 : 8), unicode_encoding));
- break;
- }
- case SQ_CPX_TYPE_FILEMETA:
- if (query_length <= 8) {
- /* item_query = */ proto_tree_add_text(tree, tvb, offset, query_length, "filemeta (empty)");
- } else {
- item_query = proto_tree_add_text(tree, tvb, offset, query_length, "filemeta");
- sub_tree = proto_item_add_subtree(item_query, ett_afp_spotlight_query_line);
- (void)dissect_spotlight(tvb, pinfo, sub_tree, offset + 8);
- }
- break;
- }
- count--;
- offset += query_length;
- break;
- case SQ_TYPE_CNIDS:
- if (query_length <= 8) {
- /* item_query = */ proto_tree_add_text(tree, tvb, offset, query_length, "CNID Array (empty)");
- } else {
- item_query = proto_tree_add_text(tree, tvb, offset, query_length, "CNID Array");
- sub_tree = proto_item_add_subtree(item_query, ett_afp_spotlight_query_line);
- spotlight_CNID_array(tvb, sub_tree, offset + 8, encoding);
- }
- count--;
- offset += query_length;
- break;
- case SQ_TYPE_DATE:
- if ((j = spotlight_date(tvb, pinfo, tree, offset, encoding)) == -1)
- return offset;
- count -= j;
- offset += query_length;
- break;
- default:
- proto_tree_add_text(tree, tvb, offset, query_length, "type: %s",
- spotlight_get_qtype_string(query_type));
- count--;
- offset += query_length;
- break;
- }
- }
-
- return offset;
+ SLVAL(toc_buf, *toc_idx * 8, sl_pack_tag(SQ_CPX_TYPE_DICT, (offset + SL_OFFSET_DELTA) / 8, talloc_array_length(dict->dd_talloc_array)));
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_COMPLEX, 1, *toc_idx + 1));
+ *toc_idx += 1;
+ offset += 8;
+
+ offset = sl_pack_loop(dict, buf, offset, toc_buf, toc_idx);
+
+ return offset;
}
-static gint
-dissect_spotlight(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset)
+static int sl_pack_string(char **string, char *buf, int offset, char *toc_buf, int *toc_idx)
{
- guint encoding;
- gint i;
- guint64 toc_offset;
- guint64 querylen;
- gint toc_entries;
- guint64 toc_entry;
-
- proto_item *item_queries_data;
- proto_tree *sub_tree_queries;
- proto_item *item_toc;
- proto_tree *sub_tree_toc;
-
- if (strncmp(tvb_get_ephemeral_string(tvb, offset, 8), "md031234", 8) == 0)
- encoding = ENC_BIG_ENDIAN;
- else
- encoding = ENC_LITTLE_ENDIAN;
- proto_tree_add_text(tree,
- tvb,
- offset,
- 8,
- "Endianess: %s",
- encoding == ENC_BIG_ENDIAN ?
- "Big Endian" : "Litte Endian");
- offset += 8;
-
- toc_offset = (spotlight_ntoh64(tvb, offset, encoding) >> 32) * 8;
- if (toc_offset < 8) {
- proto_tree_add_text(tree,
- tvb,
- offset,
- 8,
- "ToC Offset: %" G_GINT64_MODIFIER "u < 8 (bogus)",
- toc_offset);
- return -1;
- }
- toc_offset -= 8;
- if (offset + toc_offset + 8 > G_MAXINT) {
- proto_tree_add_text(tree,
- tvb,
- offset,
- 8,
- "ToC Offset: %" G_GINT64_MODIFIER "u > %u (bogus)",
- toc_offset,
- G_MAXINT - 8 - offset);
- return -1;
- }
- querylen = (spotlight_ntoh64(tvb, offset, encoding) & 0xffffffff) * 8;
- if (querylen < 8) {
- proto_tree_add_text(tree,
- tvb,
- offset,
- 8,
- "ToC Offset: %" G_GINT64_MODIFIER "u Bytes, Query length: %" G_GINT64_MODIFIER "u < 8 (bogus)",
- toc_offset,
- querylen);
- return -1;
- }
- querylen -= 8;
- if (querylen > G_MAXINT) {
- proto_tree_add_text(tree,
- tvb,
- offset,
- 8,
- "ToC Offset: %" G_GINT64_MODIFIER "u Bytes, Query length: %" G_GINT64_MODIFIER "u > %u (bogus)",
- toc_offset,
- querylen,
- G_MAXINT);
- return -1;
- }
- proto_tree_add_text(tree,
- tvb,
- offset,
- 8,
- "ToC Offset: %" G_GINT64_MODIFIER "u Bytes, Query length: %" G_GINT64_MODIFIER "u Bytes",
- toc_offset,
- querylen);
- offset += 8;
-
- toc_entries = (gint)(spotlight_ntoh64(tvb, offset + (gint)toc_offset, encoding) & 0xffff);
-
- item_queries_data = proto_tree_add_text(tree,
- tvb,
- offset,
- (gint)toc_offset,
- "Spotlight RPC data");
- sub_tree_queries = proto_item_add_subtree(item_queries_data, ett_afp_spotlight_queries);
-
- /* Queries */
- offset = spotlight_dissect_query_loop(tvb, pinfo, sub_tree_queries, offset, SQ_CPX_TYPE_ARRAY, INT_MAX, offset + (gint)toc_offset + 8, encoding);
-
- /* ToC */
- if (toc_entries < 1) {
- proto_tree_add_text(tree,
- tvb,
- offset,
- (gint)querylen - (gint)toc_offset,
- "Complex types ToC (%u < 1 - bogus)",
- toc_entries);
- return -1;
- }
- toc_entries -= 1;
- item_toc = proto_tree_add_text(tree,
- tvb,
- offset,
- (gint)querylen - (gint)toc_offset,
- "Complex types ToC (%u entries)",
- toc_entries);
- sub_tree_toc = proto_item_add_subtree(item_toc, ett_afp_spotlight_toc);
- proto_tree_add_text(sub_tree_toc, tvb, offset, 2, "Number of entries (%u)", toc_entries);
- proto_tree_add_text(sub_tree_toc, tvb, offset + 2, 2, "unknown");
- proto_tree_add_text(sub_tree_toc, tvb, offset + 4, 4, "unknown");
-
- offset += 8;
- for (i = 0; i < toc_entries; i++, offset += 8) {
- toc_entry = spotlight_ntoh64(tvb, offset, encoding);
- if ((((toc_entry & 0xffff0000) >> 16) == SQ_CPX_TYPE_ARRAY)
- || (((toc_entry & 0xffff0000) >> 16) == SQ_CPX_TYPE_DICT)) {
- proto_tree_add_text(sub_tree_toc,
- tvb,
- offset,
- 8,
- "%u: count: %" G_GINT64_MODIFIER "u, type: %s, offset: %" G_GINT64_MODIFIER "u",
- i+1,
- toc_entry >> 32,
- spotlight_get_cpx_qtype_string((toc_entry & 0xffff0000) >> 16),
- (toc_entry & 0xffff) * 8);
- } else if ((((toc_entry & 0xffff0000) >> 16) == SQ_CPX_TYPE_STRING)
- || (((toc_entry & 0xffff0000) >> 16) == SQ_CPX_TYPE_UTF16_STRING)) {
- proto_tree_add_text(sub_tree_toc,
- tvb,
- offset,
- 8,
- "%u: pad byte count: %" G_GINT64_MODIFIER "x, type: %s, offset: %" G_GINT64_MODIFIER "u",
- i+1,
- 8 - (toc_entry >> 32),
- spotlight_get_cpx_qtype_string((toc_entry & 0xffff0000) >> 16),
- (toc_entry & 0xffff) * 8);
- }
- else {
- proto_tree_add_text(sub_tree_toc,
- tvb,
- offset,
- 8,
- "%u: unknown: 0x%08" G_GINT64_MODIFIER "x, type: %s, offset: %" G_GINT64_MODIFIER "u",
- i+1,
- toc_entry >> 32,
- spotlight_get_cpx_qtype_string((toc_entry & 0xffff0000) >> 16),
- (toc_entry & 0xffff) * 8);
- }
-
-
- }
-
- return offset;
+ int len, octets, used_in_last_octet;
+ char *s = *string;
+ len = strlen(s);
+ octets = (len / 8) + (len & 7 ? 1 : 0);
+ used_in_last_octet = 8 - (octets * 8 - len);
+
+ LOG(log_maxdebug, logtype_sl, "sl_pack_string(\"%s\"): len: %d, octets: %d, used_in_last_octet: %d",
+ s, len, octets, used_in_last_octet);
+
+ SLVAL(toc_buf, *toc_idx * 8, sl_pack_tag(SQ_CPX_TYPE_STRING, (offset + SL_OFFSET_DELTA) / 8, used_in_last_octet));
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_COMPLEX, 1, *toc_idx + 1));
+ *toc_idx += 1;
+ offset += 8;
+
+ SLVAL(buf, offset, sl_pack_tag(SQ_TYPE_DATA, octets + 1, used_in_last_octet));
+ offset += 8;
+
+ memset(buf + offset, 0, octets * 8);
+ strncpy(buf + offset, s, len);
+ offset += octets * 8;
+
+ return offset;
+}
+
+static int sl_pack_loop(DALLOC_CTX *query, char *buf, int offset, char *toc_buf, int *toc_idx)
+{
+ const char *type;
+
+ for (int n = 0; n < talloc_array_length(query->dd_talloc_array); n++) {
+
+ type = talloc_get_name(query->dd_talloc_array[n]);
+
+ if (STRCMP(type, ==, "sl_array_t")) {
+ offset = sl_pack_array(query->dd_talloc_array[n], buf, offset, toc_buf, toc_idx);
+ } else if (STRCMP(type, ==, "sl_dict_t")) {
+ offset = sl_pack_dict(query->dd_talloc_array[n], buf, offset, toc_buf, toc_idx);
+ } else if (STRCMP(type, ==, "uint64_t")) {
+ uint64_t i;
+ memcpy(&i, query->dd_talloc_array[n], sizeof(uint64_t));
+ offset = sl_pack_uint64(i, buf, offset);
+ } else if (STRCMP(type, ==, "char *")) {
+ offset = sl_pack_string(query->dd_talloc_array[n], buf, offset, toc_buf, toc_idx);
+ } else if (STRCMP(type, ==, "sl_bool_t")) {
+ sl_bool_t bl;
+ memcpy(&bl, query->dd_talloc_array[n], sizeof(sl_bool_t));
+ offset = sl_pack_bool(bl, buf, offset);
+ } else if (STRCMP(type, ==, "double")) {
+ double d;
+ memcpy(&d, query->dd_talloc_array[n], sizeof(double));
+ offset = sl_pack_float(d, buf, offset);
+ } else if (STRCMP(type, ==, "sl_nil_t")) {
+ offset = sl_pack_nil(buf, offset);
+ } else if (STRCMP(type, ==, "sl_time_t")) {
+ sl_time_t t;
+ memcpy(&t, query->dd_talloc_array[n], sizeof(sl_time_t));
+ offset = sl_pack_date(t, buf, offset);
+ } else if (STRCMP(type, ==, "sl_uuid_t")) {
+ offset = sl_pack_uuid(query->dd_talloc_array[n], buf, offset);
+ } else if (STRCMP(type, ==, "sl_cnids_t")) {
+ offset = sl_pack_CNID(query->dd_talloc_array[n], buf, offset, toc_buf, toc_idx);
+ }
+ }
+
+ return offset;
+}
+
+#define MAX_SLQ_DAT 65000
+#define MAX_SLQ_TOC 2048
+
+static int sl_pack(DALLOC_CTX *query, char *buf)
+{
+ EC_INIT;
+ char toc_buf[MAX_SLQ_TOC];
+ int toc_index = 0;
+ int len = 0;
+
+ memcpy(buf, "432130dm", 8);
+ EC_NEG1_LOG( len = sl_pack_loop(query, buf + 16, 0, toc_buf + 8, &toc_index) );
+ SIVAL(buf, 8, len / 8 + 1 + toc_index + 1);
+ SIVAL(buf, 12, len / 8 + 1);
+
+ SLVAL(toc_buf, 0, sl_pack_tag(SQ_TYPE_TOC, toc_index + 1, 0));
+ memcpy(buf + 16 + len, toc_buf, (toc_index + 1 ) * 8);
+
+ len += 16 + (toc_index + 1 ) * 8;
+
+EC_CLEANUP:
+ if (ret != 0)
+ len = -1;
+ return len;
+}
+
+/**************************************************************************************************
+ * unmarshalling functions
+ **************************************************************************************************/
+
+static uint64_t sl_unpack_uint64(const char *buf, int offset, uint encoding)
+{
+ if (encoding == SL_ENC_LITTLE_ENDIAN)
+ return LVAL(buf, offset);
+ else
+ return RLVAL(buf, offset);
+}
+
+static int sl_unpack_ints(DALLOC_CTX *query, const char *buf, int offset, uint encoding)
+{
+ int count, i;
+ uint64_t query_data64;
+
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ count = query_data64 >> 32;
+ offset += 8;
+
+ i = 0;
+ while (i++ < count) {
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ dalloc_add(query, &query_data64, uint64_t);
+ offset += 8;
+ }
+
+ return count;
+}
+
+static int sl_unpack_date(DALLOC_CTX *query, const char *buf, int offset, uint encoding)
+{
+ int count, i;
+ uint64_t query_data64;
+ sl_time_t t;
+
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ count = query_data64 >> 32;
+ offset += 8;
+
+ i = 0;
+ while (i++ < count) {
+ query_data64 = sl_unpack_uint64(buf, offset, encoding) >> 24;
+ t.tv_sec = query_data64 - SPOTLIGHT_TIME_DELTA;
+ t.tv_usec = 0;
+ dalloc_add(query, &t, sl_time_t);
+ offset += 8;
+ }
+
+ return count;
}
+
+static int sl_unpack_uuid(DALLOC_CTX *query, const char *buf, int offset, uint encoding)
+{
+ int count, i;
+ uint64_t query_data64;
+ sl_uuid_t uuid;
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ count = query_data64 >> 32;
+ offset += 8;
+
+ i = 0;
+ while (i++ < count) {
+ memcpy(uuid.sl_uuid, buf + offset, 16);
+ dalloc_add(query, &uuid, sl_uuid_t);
+ offset += 16;
+ }
+
+ return count;
+}
+
+static int sl_unpack_floats(DALLOC_CTX *query, const char *buf, int offset, uint encoding)
+{
+ int count, i;
+ uint64_t query_data64;
+ double fval;
+ union {
+ double d;
+ uint32_t w[2];
+ } ieee_fp_union;
+
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ count = query_data64 >> 32;
+ offset += 8;
+
+ i = 0;
+ while (i++ < count) {
+ if (encoding == SL_ENC_LITTLE_ENDIAN) {
+#ifdef WORDS_BIGENDIAN
+ ieee_fp_union.w[0] = IVAL(buf, offset + 4);
+ ieee_fp_union.w[1] = IVAL(buf, offset);
+#else
+ ieee_fp_union.w[0] = IVAL(buf, offset);
+ ieee_fp_union.w[1] = IVAL(buf, offset + 4);
#endif
+ } else {
+#ifdef WORDS_BIGENDIAN
+ ieee_fp_union.w[0] = RIVAL(buf, offset);
+ ieee_fp_union.w[1] = RIVAL(buf, offset + 4);
+#else
+ ieee_fp_union.w[0] = RIVAL(buf, offset + 4);
+ ieee_fp_union.w[1] = RIVAL(buf, offset);
+#endif
+ }
+ dalloc_add(query, &ieee_fp_union.d, double);
+ offset += 8;
+ }
-static DALLOC_CTX *unpack_spotlight(TALLOC_CTX *mem_ctx, char *ibuf, size_t ibuflen)
+ return count;
+}
+
+static int sl_unpack_CNID(DALLOC_CTX *query, const char *buf, int offset, int length, uint encoding)
{
EC_INIT;
- int len;
- DALLOC_CTX *query;
+ int count;
+ uint64_t query_data64;
+ sl_cnids_t cnids;
- EC_NULL_LOG( query = talloc_zero(mem_ctx, DALLOC_CTX) );
+ EC_NULL( cnids.ca_cnids = talloc_zero(query, DALLOC_CTX) );
- ibuf++;
- ibuflen--;
+ if (length <= 16)
+ /* that's permitted, it's an empty array */
+ goto EC_CLEANUP;
+
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ count = query_data64 & 0xffff;
+
+ cnids.ca_unkn1 = (query_data64 & 0xffff0000) >> 16;
+ cnids.ca_context = query_data64 >> 32;
+
+ offset += 8;
+
+ while (count --) {
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ dalloc_add(cnids.ca_cnids, &query_data64, uint64_t);
+ offset += 8;
+ }
+
+ dalloc_add(query, &cnids, sl_cnids_t);
+
+EC_CLEANUP:
+ EC_EXIT;
+}
+
+static const char *spotlight_get_qtype_string(uint64_t query_type)
+{
+ switch (query_type) {
+ case SQ_TYPE_NULL:
+ return "null";
+ case SQ_TYPE_COMPLEX:
+ return "complex";
+ case SQ_TYPE_INT64:
+ return "int64";
+ case SQ_TYPE_BOOL:
+ return "bool";
+ case SQ_TYPE_FLOAT:
+ return "float";
+ case SQ_TYPE_DATA:
+ return "data";
+ case SQ_TYPE_CNIDS:
+ return "CNIDs";
+ default:
+ return "unknown";
+ }
+}
+static const char *spotlight_get_cpx_qtype_string(uint64_t cpx_query_type)
+{
+ switch (cpx_query_type) {
+ case SQ_CPX_TYPE_ARRAY:
+ return "array";
+ case SQ_CPX_TYPE_STRING:
+ return "string";
+ case SQ_CPX_TYPE_UTF16_STRING:
+ return "utf-16 string";
+ case SQ_CPX_TYPE_DICT:
+ return "dictionary";
+ case SQ_CPX_TYPE_CNIDS:
+ return "CNIDs";
+ case SQ_CPX_TYPE_FILEMETA:
+ return "FileMeta";
+ default:
+ return "unknown";
+ }
+}
+
+static int spotlight_dissect_loop(DALLOC_CTX *query,
+ const char *buf,
+ uint offset,
+ uint count,
+ const uint toc_offset,
+ const uint encoding)
+{
+ EC_INIT;
+ int i, toc_index, query_length;
+ uint subcount, cpx_query_type, cpx_query_count;
+ uint64_t query_data64, query_type;
+ uint unicode_encoding;
+ uint8_t mark_exists;
+ char *p;
+ int padding, slen;
+
+ while (count > 0 && (offset < toc_offset)) {
+ query_data64 = sl_unpack_uint64(buf, offset, encoding);
+ query_length = (query_data64 & 0xffff) * 8;
+ query_type = (query_data64 & 0xffff0000) >> 16;
+ if (query_length == 0)
+ EC_FAIL;
+
+ switch (query_type) {
+ case SQ_TYPE_COMPLEX:
+ toc_index = (query_data64 >> 32) - 1;
+ query_data64 = sl_unpack_uint64(buf, toc_offset + toc_index * 8, encoding);
+ cpx_query_type = (query_data64 & 0xffff0000) >> 16;
+ cpx_query_count = query_data64 >> 32;
+
+ switch (cpx_query_type) {
+ case SQ_CPX_TYPE_ARRAY: {
+ sl_array_t *sl_arrary = talloc_zero(query, sl_array_t);
+ EC_NEG1_LOG( offset = spotlight_dissect_loop(sl_arrary, buf, offset + 8, cpx_query_count, toc_offset, encoding) );
+ dalloc_add(query, sl_arrary, sl_array_t);
+ break;
+ }
+
+ case SQ_CPX_TYPE_DICT: {
+ sl_dict_t *sl_dict = talloc_zero(query, sl_dict_t);
+ EC_NEG1_LOG( offset = spotlight_dissect_loop(sl_dict, buf, offset + 8, cpx_query_count, toc_offset, encoding) );
+ dalloc_add(query, sl_dict, sl_dict_t);
+ break;
+ }
+ case SQ_CPX_TYPE_STRING:
+ query_data64 = sl_unpack_uint64(buf, offset + 8, encoding);
+ query_length += (query_data64 & 0xffff) * 8;
+ if ((padding = 8 - (query_data64 >> 32)) < 0)
+ EC_FAIL;
+ if ((slen = query_length - 16 - padding) < 1)
+ EC_FAIL;
+ p = talloc_strndup(query, buf + offset + 16, slen);
+ dalloc_add(query, &p, char *);
+ break;
+
+ case SQ_CPX_TYPE_UTF16_STRING:
+ query_data64 = sl_unpack_uint64(buf, offset + 8, encoding);
+ query_length += (query_data64 & 0xffff) * 8;
+ if ((padding = 8 - (query_data64 >> 32)) < 0)
+ EC_FAIL;
+ if ((slen = query_length - 16 - padding) < 1)
+ EC_FAIL;
+
+ unicode_encoding = spotlight_get_utf16_string_encoding(buf, offset + 16, slen, encoding);
+ mark_exists = (unicode_encoding & SL_ENC_UTF_16);
+ unicode_encoding &= ~SL_ENC_UTF_16;
+
+ EC_NEG1( convert_string_allocate(CH_UCS2, CH_UTF8, buf + offset + (mark_exists ? 18 : 16), slen, &p) );
+ dalloc_add(query, &p, char *);
+ break;
+
+ case SQ_CPX_TYPE_FILEMETA:
+ query_data64 = sl_unpack_uint64(buf, offset + 8, encoding);
+ query_length += (query_data64 & 0xffff) * 8;
+
+ if (query_length <= 8) {
+ EC_FAIL_LOG("SQ_CPX_TYPE_FILEMETA: query_length <= 8%s", "");
+ } else {
+ EC_NEG1_LOG( dissect_spotlight(query, buf + offset + 16) );
+ }
+ break;
+
+ case SQ_CPX_TYPE_CNIDS:
+ query_data64 = sl_unpack_uint64(buf, offset + 8, encoding);
+ query_length += (query_data64 & 0xffff) * 8;
+ EC_NEG1_LOG( sl_unpack_CNID(query, buf, offset + 16, query_length, encoding) );
+ break;
+ } /* switch (cpx_query_type) */
+
+ count--;
+ break;
+
+ case SQ_TYPE_NULL: {
+ subcount = query_data64 >> 32;
+ if (subcount > 64)
+ EC_FAIL;
+ sl_nil_t nil = 0;
+ for (i = 0; i < subcount; i++)
+ dalloc_add(query, &nil, sl_nil_t);
+ count -= subcount;
+ break;
+ }
+ case SQ_TYPE_BOOL: {
+ sl_bool_t b = query_data64 >> 32;
+ dalloc_add(query, &b, sl_bool_t);
+ count--;
+ break;
+ }
+ case SQ_TYPE_INT64:
+ EC_NEG1_LOG( subcount = sl_unpack_ints(query, buf, offset, encoding) );
+ count -= subcount;
+ break;
+ case SQ_TYPE_UUID:
+ EC_NEG1_LOG( subcount = sl_unpack_uuid(query, buf, offset, encoding) );
+ count -= subcount;
+ break;
+ case SQ_TYPE_FLOAT:
+ EC_NEG1_LOG( subcount = sl_unpack_floats(query, buf, offset, encoding) );
+ count -= subcount;
+ break;
+ case SQ_TYPE_DATE:
+ EC_NEG1_LOG( subcount = sl_unpack_date(query, buf, offset, encoding) );
+ count -= subcount;
+ break;
+ default:
+ EC_FAIL;
+ }
+
+ offset += query_length;
+ }
EC_CLEANUP:
if (ret != 0) {
- talloc_free(query);
- query = NULL;
+ offset = -1;
}
- return query;
+ return offset;
+}
+
+static int dissect_spotlight(DALLOC_CTX *query, const char *buf)
+{
+ EC_INIT;
+ int encoding, i, toc_entries;
+ uint64_t toc_offset, tquerylen, toc_entry;
+
+ if (strncmp(buf, "md031234", 8) == 0)
+ encoding = SL_ENC_BIG_ENDIAN;
+ else
+ encoding = SL_ENC_LITTLE_ENDIAN;
+
+ buf += 8;
+
+ toc_offset = ((sl_unpack_uint64(buf, 0, encoding) >> 32) - 1 ) * 8;
+ if (toc_offset < 0 || (toc_offset > 65000)) {
+ EC_FAIL;
+ }
+
+ buf += 8;
+
+ toc_entries = (int)(sl_unpack_uint64(buf, toc_offset, encoding) & 0xffff);
+
+ EC_NEG1( spotlight_dissect_loop(query, buf, 0, 1, toc_offset + 8, encoding) );
+
+EC_CLEANUP:
+ EC_EXIT;
+}
+
+/**************************************************************************************************
+ * Spotlight RPC functions
+ **************************************************************************************************/
+
+static int sl_rpc_fetchPropertiesForContext(AFPObj *obj, const DALLOC_CTX *query, DALLOC_CTX *reply, const struct vol *v)
+{
+ EC_INIT;
+
+ char *s;
+ sl_dict_t *dict;
+ sl_array_t *array;
+ sl_uuid_t uuid;
+
+ if (!v->v_uuid)
+ EC_FAIL_LOG("sl_rpc_fetchPropertiesForContext: missing UUID for volume: %s", v->v_localname);
+
+ dict = talloc_zero(reply, sl_dict_t);
+
+ /* key/val 1 */
+ s = talloc_strdup(dict, "kMDSStoreMetaScopes");
+ dalloc_add(dict, &s, char *);
+
+ array = talloc_zero(dict, sl_array_t);
+ s = talloc_strdup(array, "kMDQueryScopeComputer");
+ dalloc_add(array, &s, char *);
+ dalloc_add(dict, array, sl_array_t);
+
+ /* key/val 2 */
+ s = talloc_strdup(dict, "kMDSStorePathScopes");
+ dalloc_add(dict, &s, char *);
+
+ array = talloc_zero(dict, sl_array_t);
+ s = talloc_strdup(array, v->v_path);
+ dalloc_add(array, &s, char *);
+ dalloc_add(dict, array, sl_array_t);
+
+ /* key/val 3 */
+ s = talloc_strdup(dict, "kMDSStoreUUID");
+ dalloc_add(dict, &s, char *);
+
+ memcpy(uuid.sl_uuid, v->v_uuid, 16);
+ dalloc_add(dict, &uuid, sl_uuid_t);
+
+ /* key/val 4 */
+ s = talloc_strdup(dict, "kMDSStoreHasPersistentUUID");
+ dalloc_add(dict, &s, char *);
+ sl_bool_t b = true;
+ dalloc_add(dict, &b, sl_bool_t);
+
+ dalloc_add(reply, dict, sl_dict_t);
+
+EC_CLEANUP:
+ EC_EXIT;
}
/**************************************************************************************************
int cmd;
int endianess = SL_ENC_LITTLE_ENDIAN;
struct vol *vol;
+ DALLOC_CTX *query;
*rbuflen = 0;
ibuflen -= 2;
vid = SVAL(ibuf, 0);
- LOG(logtype_default, log_note, "afp_spotlight_rpc(vid: %" PRIu16 ")", vid);
+ LOG(log_debug, logtype_sl, "afp_spotlight_rpc(vid: %" PRIu16 ")", vid);
if ((vol = getvolbyvid(vid)) == NULL) {
- LOG(logtype_default, log_error, "afp_spotlight_rpc: bad volume id: %" PRIu16 ")", vid);
+ LOG(log_error, logtype_sl, "afp_spotlight_rpc: bad volume id: %" PRIu16 ")", vid);
ret = AFPERR_ACCESS;
goto EC_CLEANUP;
}
/* IVAL(ibuf, 2): unknown, always 0x00008004, some flags ? */
cmd = RIVAL(ibuf, 6);
- LOG(logtype_default, log_note, "afp_spotlight_rpc(cmd: %d)", cmd);
+ LOG(log_debug, logtype_sl, "afp_spotlight_rpc(cmd: %d)", cmd);
/* IVAL(ibuf, 10: unknown, always 0x00000000 */
- switch (cmd) {
+ switch (cmd) {
- case SPOTLIGHT_CMD_VOLPATH: {
+ case SPOTLIGHT_CMD_VOLPATH: {
RSIVAL(rbuf, 0, ntohs(vid));
RSIVAL(rbuf, 4, 0);
int len = strlen(vol->v_path) + 1;
strncpy(rbuf + 8, vol->v_path, len);
*rbuflen += 8 + len;
- break;
+ break;
}
- case SPOTLIGHT_CMD_FLAGS:
- break;
+ case SPOTLIGHT_CMD_FLAGS:
+ RSIVAL(rbuf, 0, 0x0100006b); /* Whatever this value means... flags? */
+ *rbuflen += 4;
+ break;
+
+ case SPOTLIGHT_CMD_RPC: {
+ DALLOC_CTX *query;
+ EC_NULL( query = talloc_zero(tmp_ctx, DALLOC_CTX) );
+ DALLOC_CTX *reply;
+ EC_NULL( reply = talloc_zero(tmp_ctx, DALLOC_CTX) );
+
+ EC_ZERO( dissect_spotlight(query, ibuf + 22) );
+ dd_dump(query, 0);
+
+ char **cmd;
+ EC_NULL_LOG( cmd = dalloc_get(query, "DALLOC_CTX", 0, "DALLOC_CTX", 0, "char *", 0) );
+
+
+ if (STRCMP(*cmd, ==, "fetchPropertiesForContext:")) {
+ EC_ZERO_LOG( sl_rpc_fetchPropertiesForContext(obj, query, reply, vol) );
+ } else if (STRCMP(*cmd, ==, "fetchQueryResultsForContext:")) {
+ uint64_t *p;
+ if ((p = dalloc_get(query, "DALLOC_CTX", 0, "DALLOC_CTX", 0, "uint64_t", 1)) != NULL) {
+ LOG(log_info, logtype_sl, "fetchQueryResultsForContext: 0x%" PRIx64, *p);
+ }
+ }
- case SPOTLIGHT_CMD_RPC:
- /* IVAL(buf, 14): our reply in SPOTLIGHT_CMD_FLAGS */
- /* IVAL(buf, 18): length */
- /* IVAL(buf, 22): endianess, ignored, we assume little endian */
- break;
- }
+ /* Spotlight RPC status code ? 0 in all traces, we use 0xffffffff for an error, never seen from Apple */
+ if (ret == 0)
+ memset(rbuf, 0, 4);
+ else
+ memset(rbuf, 0xff, 4);
+ *rbuflen += 4;
+
+ int len;
+ EC_NEG1_LOG( len = sl_pack(reply, rbuf + 4) );
+ *rbuflen += len;
+ break;
+ }
+ }
EC_CLEANUP:
talloc_free(tmp_ctx);
if (ret != AFP_OK) {
-
+ *rbuflen = 0;
+ return AFPERR_MISC;
}
EC_EXIT;
}
#ifdef SPOT_TEST_MAIN
-static const char *neststrings[] = {
- "",
- " ",
- " ",
- " ",
- " ",
- " ",
- " "
-};
-
-static int dd_dump(DALLOC_CTX *dd, int nestinglevel)
-{
- const char *type;
-
- printf("%sArray(#%d): {\n", neststrings[nestinglevel], talloc_array_length(dd->dd_talloc_array));
-
- for (int n = 0; n < talloc_array_length(dd->dd_talloc_array); n++) {
-
- type = talloc_get_name(dd->dd_talloc_array[n]);
-
- if (STRCMP(type, ==, "int64_t")) {
- int64_t i;
- memcpy(&i, dd->dd_talloc_array[n], sizeof(int64_t));
- printf("%s%d:\t%" PRId64 "\n", neststrings[nestinglevel + 1], n, i);
- } else if (STRCMP(type, ==, "uint32_t")) {
- uint32_t i;
- memcpy(&i, dd->dd_talloc_array[n], sizeof(uint32_t));
- printf("%s%d:\t%" PRIu32 "\n", neststrings[nestinglevel + 1], n, i);
- } else if (STRCMP(type, ==, "char *")) {
- char *s;
- memcpy(&s, dd->dd_talloc_array[n], sizeof(char *));
- printf("%s%d:\t%s\n", neststrings[nestinglevel + 1], n, s);
- } else if (STRCMP(type, ==, "_Bool")) {
- bool bl;
- memcpy(&bl, dd->dd_talloc_array[n], sizeof(bool));
- printf("%s%d:\t%s\n", neststrings[nestinglevel + 1], n, bl ? "true" : "false");
- } else if (STRCMP(type, ==, "dd_t")) {
- DALLOC_CTX *nested;
- memcpy(&nested, dd->dd_talloc_array[n], sizeof(DALLOC_CTX *));
- dd_dump(nested, nestinglevel + 1);
- } else if (STRCMP(type, ==, "cnid_array_t")) {
- cnid_array_t *cnids;
- memcpy(&cnids, dd->dd_talloc_array[n], sizeof(cnid_array_t *));
- printf("%s%d:\tunkn1: %" PRIu16 ", unkn2: %" PRIu32,
- neststrings[nestinglevel + 1], n, cnids->ca_unkn1, cnids->ca_unkn2);
- if (cnids->ca_cnids)
- dd_dump(cnids->ca_cnids, nestinglevel + 1);
- }
- }
- printf("%s}\n", neststrings[nestinglevel]);
-}
-
-#include <stdarg.h>
-
int main(int argc, char **argv)
{
+ EC_INIT;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
DALLOC_CTX *dd = talloc_zero(mem_ctx, DALLOC_CTX);
int64_t i;
set_processname("spot");
- setuplog("default:info", "/dev/tty");
+ setuplog("default:info,spotlight:debug", "/dev/tty");
- LOG(logtype_default, log_info, "Start");
+ LOG(log_info, logtype_sl, "Start");
+#if 0
i = 2;
dalloc_add(dd, &i, int64_t);
char *str = talloc_strdup(dd, "hello world");
dalloc_add(dd, &str, char *);
- bool b = true;
- dalloc_add(dd, &b, bool);
+ sl_bool_t b = true;
+ dalloc_add(dd, &b, sl_bool_t);
b = false;
- dalloc_add(dd, &b, bool);
+ dalloc_add(dd, &b, sl_bool_t);
/* add a nested array */
DALLOC_CTX *nested = talloc_zero(dd, DALLOC_CTX);
i = 3;
dalloc_add(nested, &i, int64_t);
- dalloc_add(dd, &nested, DALLOC_CTX);
+ dalloc_add(dd, nested, DALLOC_CTX);
- /* test a CNID array */
+ /* test an allocated CNID array */
uint32_t id = 16;
- cnid_array_t *cnids = talloc_zero(dd, cnid_array_t);
+ sl_cnids_t *cnids = talloc_zero(dd, sl_cnids_t);
cnids->ca_cnids = talloc_zero(cnids, DALLOC_CTX);
cnids->ca_unkn2 = 2;
dalloc_add(cnids->ca_cnids, &id, uint32_t);
- dalloc_add(dd, &cnids, cnid_array_t);
+ dalloc_add(dd, cnids, sl_cnids_t);
+
+#endif
+
+ /* Now the Spotlight types */
+ sl_array_t *sl_arrary = talloc_zero(dd, sl_array_t);
+ i = 1234;
+ dalloc_add(sl_arrary, &i, int64_t);
+
+ sl_dict_t *sl_dict = talloc_zero(dd, sl_dict_t);
+ i = 5678;
+ dalloc_add(sl_dict, &i, int64_t);
+ dalloc_add(sl_arrary, sl_dict, sl_dict_t);
+ dalloc_add(dd, sl_arrary, sl_array_t);
dd_dump(dd, 0);
- talloc_free(mem_ctx);
- return 0;
+
+#if 0
+ /* now parse a real spotlight packet */
+ char ibuf[8192];
+ char rbuf[8192];
+ int fd;
+ size_t len;
+ DALLOC_CTX *query;
+
+ EC_NULL( query = talloc_zero(mem_ctx, DALLOC_CTX) );
+
+ EC_NEG1_LOG( fd = open("spotlight-packet.bin", O_RDONLY) );
+ EC_NEG1_LOG( len = read(fd, ibuf, 8192) );
+ close(fd);
+ EC_NEG1_LOG( dissect_spotlight(query, ibuf + 24) );
+
+ /* Now dump the whole thing */
+ dd_dump(query, 0);
+
+ int qlen;
+ char buf[MAX_SLQ_DAT];
+ EC_NEG1_LOG( qlen = sl_pack(query, buf) );
+
+ EC_NEG1_LOG( fd = open("test.bin", O_RDWR) );
+ lseek(fd, 24, SEEK_SET);
+ write(fd, buf, qlen);
+ close(fd);
+#endif
+
+EC_CLEANUP:
+ if (mem_ctx) {
+ talloc_free(mem_ctx);
+ mem_ctx = NULL;
+ }
+ EC_EXIT;
}
#endif
projects / netatalk.git / blobdiff