Skip to content

Improve handling of OIDs #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Schamper merged 3 commits into from
Feb 19, 2026
Merged

Improve handling of OIDs #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f251a51
Improve handling of OIDs
Schamper Feb 17, 2026
b875b58
Change strategy on loading schema
Schamper Feb 18, 2026
b8e74eb
Merge branch 'main' into improve-oid
Schamper Feb 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dissect/database/ese/index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ def _encode_text(index: Index, column: Column, value: str, max_size: int) -> byt
else:
# Unicode strings == LCMapStringW
flags = index.record.get("LCMapFlags")
locale = index.record.get("LocaleName").decode("utf-16-le")
locale = local_name.decode("utf-16-le") if (local_name := index.record.get("LocaleName")) is not None else ""
segment = map_string(value, flags, locale)
key += segment[:max_size]

Expand Down
18 changes: 16 additions & 2 deletions dissect/database/ese/ntds/database.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
from collections.abc import Iterator

from dissect.database.ese.index import Index
from dissect.database.ese.ntds.objects import Top
from dissect.database.ese.ntds.objects import DMD, NTDSDSA, Top


class Database:
Expand All @@ -43,13 +43,27 @@ class DataTable:
def __init__(self, db: Database):
self.db = db
self.table = self.db.ese.table("datatable")
self.hiddentable = self.db.ese.table("hiddentable")
self.hiddeninfo = next(self.hiddentable.records(), None)

self.schema = Schema()

# Cache frequently used and "expensive" methods
self.get = lru_cache(4096)(self.get)
self._make_dn = lru_cache(4096)(self._make_dn)

def dsa(self) -> NTDSDSA:
"""Return the Directory System Agent (DSA) object."""
if not self.hiddeninfo:
raise ValueError("No hiddentable information available")
return self.get(self.hiddeninfo.get("dsa_col"))

def dmd(self) -> DMD:
"""Return the Directory Management Domain (DMD) object, a.k.a. the schema container."""
if not self.hiddeninfo:
raise ValueError("No hiddentable information available")
return self.get(self.dsa().get("dMDLocation", raw=True))

def root(self) -> Top:
"""Return the top-level object in the NTDS database."""
if (root := next(self.children_of(0), None)) is None:
Expand Down Expand Up @@ -129,7 +143,7 @@ def lookup(self, **kwargs) -> Object:
raise ValueError(f"Attribute {key!r} is not found in the schema")

index = self.table.find_index(schema.column)
record = index.search([encode_value(self.db, key, value)])
record = index.search([encode_value(self.db, schema, value)])
return Object.from_record(self.db, record)

def query(self, query: str, *, optimize: bool = True) -> Iterator[Object]:
Expand Down
15 changes: 10 additions & 5 deletions dissect/database/ese/ntds/objects/object.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,15 @@ def from_record(cls, db: Database, record: Record) -> Object:
db: The database instance associated with this object.
record: The :class:`Record` instance representing this object.
"""
if (object_classes := _get_attribute(db, record, "objectClass")) and (
known_cls := cls.__known_classes__.get(object_classes[0])
) is not None:
return known_cls(db, record)
try:
if (object_classes := _get_attribute(db, record, "objectClass")) and (
known_cls := cls.__known_classes__.get(object_classes[0])
) is not None:
return known_cls(db, record)
except ValueError:
# Resolving the objectClass values can fail if the schema is not loaded yet (or is malformed)
# Fallback to a generic Object in that case
pass

return cls(db, record)

Expand Down Expand Up @@ -268,4 +273,4 @@ def _get_attribute(db: Database, record: Record, name: str, *, raw: bool = False
if raw:
return value

return decode_value(db, name, value)
return decode_value(db, schema, value)
9 changes: 4 additions & 5 deletions dissect/database/ese/ntds/query.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ def _query_database(self, filter: SearchFilter) -> Iterator[Record]:
raise NotImplementedError("Wildcards in the middle or start of the value are not yet supported")
else:
# Exact match query
encoded_value = encode_value(self.db, filter.attribute, filter.value)
encoded_value = encode_value(self.db, schema, filter.value)
yield from index.cursor().find_all(**{schema.column: encoded_value})

def _process_and_operation(self, filter: SearchFilter, records: list[Record] | None) -> Iterator[Record]:
Expand Down Expand Up @@ -132,12 +132,11 @@ def _filter_records(self, filter: SearchFilter, records: list[Record]) -> Iterat
Yields:
Records that match the filter criteria.
"""
encoded_value = encode_value(self.db, filter.attribute, filter.value)
schema = self.db.data.schema.lookup_attribute(name=filter.attribute)

if schema is None:
if (schema := self.db.data.schema.lookup_attribute(name=filter.attribute)) is None:
return

encoded_value = encode_value(self.db, schema, filter.value)

has_wildcard = "*" in filter.value
wildcard_prefix = filter.value.replace("*", "").lower() if has_wildcard else None

Expand Down
Loading