dissect.database.ese.ntds.util¶
Module Contents¶
Classes¶
Support for integer-based Flags |
|
Support for integer-based Flags |
|
Support for integer-based Flags |
|
Enum where members are also (and must be) ints |
|
Support for integer-based Flags |
|
A distinguished name (DN) string wrapper. Presents the DN as a string but also retains the underlying object. |
Functions¶
Encode a string value according to the attribute's type. |
|
Decode a value according to the attribute's type. |
Attributes¶
- class dissect.database.ese.ntds.util.InstanceType¶
Bases:
enum.IntFlagSupport for integer-based Flags
- HeadOfNamingContext = 1¶
- ReplicaNotInstantiated = 2¶
- Writable = 4¶
- ParentNamingContextHeld = 8¶
- NamingContextUnderConstruction = 16¶
- NamingContextDeleting = 32¶
- class dissect.database.ese.ntds.util.SystemFlags¶
Bases:
enum.IntFlagSupport for integer-based Flags
- NotReplicated = 1¶
- ReplicatedToGlobalCatalog = 2¶
- Constructed = 4¶
- BaseSchema = 16¶
- DeletedImmediately = 33554432¶
- CannotBeMoved = 67108864¶
- CannotBeRenamed = 134217728¶
- ConfigurationCanBeMovedWithRestrictions = 268435456¶
- ConfigurationCanBeMoved = 536870912¶
- ConfigurationCanBeRenamedWithRestrictions = 1073741824¶
- CannotBeDeleted = 2147483648¶
- class dissect.database.ese.ntds.util.UserAccountControl¶
Bases:
enum.IntFlagSupport for integer-based Flags
- SCRIPT = 1¶
- ACCOUNTDISABLE = 2¶
- HOMEDIR_REQUIRED = 8¶
- LOCKOUT = 16¶
- PASSWD_NOTREQD = 32¶
- PASSWD_CANT_CHANGE = 64¶
- ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128¶
- TEMP_DUPLICATE_ACCOUNT = 256¶
- NORMAL_ACCOUNT = 512¶
- INTERDOMAIN_TRUST_ACCOUNT = 2048¶
- WORKSTATION_TRUST_ACCOUNT = 4096¶
- SERVER_TRUST_ACCOUNT = 8192¶
- DONT_EXPIRE_PASSWORD = 65536¶
- MNS_LOGON_ACCOUNT = 131072¶
- SMARTCARD_REQUIRED = 262144¶
- TRUSTED_FOR_DELEGATION = 524288¶
- NOT_DELEGATED = 1048576¶
- USE_DES_KEY_ONLY = 2097152¶
- DONT_REQUIRE_PREAUTH = 4194304¶
- PASSWORD_EXPIRED = 8388608¶
- TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 16777216¶
- class dissect.database.ese.ntds.util.SAMAccountType¶
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- SAM_DOMAIN_OBJECT = 0¶
- SAM_GROUP_OBJECT = 268435456¶
- SAM_NON_SECURITY_GROUP_OBJECT = 268435457¶
- SAM_ALIAS_OBJECT = 536870912¶
- SAM_NON_SECURITY_ALIAS_OBJECT = 536870913¶
- SAM_USER_OBJECT = 805306368¶
- SAM_MACHINE_ACCOUNT = 805306369¶
- SAM_TRUST_ACCOUNT = 805306370¶
- SAM_APP_BASIC_GROUP = 1073741824¶
- SAM_APP_QUERY_GROUP = 1073741825¶
- class dissect.database.ese.ntds.util.SearchFlags¶
Bases:
enum.IntFlagSupport for integer-based Flags
- Indexed = 1¶
- ContainerIndexed = 2¶
- Anr = 4¶
- PreserveTombstone = 8¶
- CopyWithObject = 16¶
- TupleIndexed = 32¶
- VlvIndexed = 64¶
- Confidential = 128¶
- dissect.database.ese.ntds.util.ATTRIBUTE_ENCODE_DECODE_MAP: dict[str, tuple[collections.abc.Callable[[dissect.database.ese.ntds.database.Database, Any], Any] | None, collections.abc.Callable[[dissect.database.ese.ntds.database.Database, Any], Any] | None]]¶
- dissect.database.ese.ntds.util.ATTRIBUTE_LIST_ENCODE_DECODE_MAP: dict[str, tuple[collections.abc.Callable[[dissect.database.ese.ntds.database.Database, list[Any]], list[Any]], collections.abc.Callable[[dissect.database.ese.ntds.database.Database, list[Any]], list[Any]]]]¶
- class dissect.database.ese.ntds.util.DN¶
Bases:
strA distinguished name (DN) string wrapper. Presents the DN as a string but also retains the underlying object.
- __slots__ = ('object', 'parent')¶
- dissect.database.ese.ntds.util.SYNTAX_ENCODE_DECODE_MAP: dict[int, tuple[collections.abc.Callable[[dissect.database.ese.ntds.database.Database, Any], Any] | None, collections.abc.Callable[[dissect.database.ese.ntds.database.Database, Any], Any] | None]]¶
- dissect.database.ese.ntds.util.encode_value(db: dissect.database.ese.ntds.database.Database, schema: dissect.database.ese.ntds.schema.AttributeEntry, value: str) int | bytes | str¶
Encode a string value according to the attribute’s type.
- Parameters:
db – The associated NTDS database instance.
schema – The LDAP attribute schema.
value – The string value to encode.
- Returns:
The encoded value in the appropriate type for the attribute.
- dissect.database.ese.ntds.util.decode_value(db: dissect.database.ese.ntds.database.Database, schema: dissect.database.ese.ntds.schema.AttributeEntry, value: Any) Any¶
Decode a value according to the attribute’s type.
- Parameters:
db – The associated NTDS database instance.
schema – The LDAP attribute schema.
value – The value to decode.
- Returns:
The decoded value in the appropriate Python type for the attribute.