PyPI - dissect.database - Versions diffs - 1.2.dev8__py3-none-any.whl → 1.2.dev9__py3-none-any.whl - Mend

dissect.database 1.2.dev8py3-none-any.whl → 1.2.dev9py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

dissect/database/ese/ntds/database.py CHANGED Viewed

@@ -11,7 +11,7 @@ from dissect.database.ese.ntds.pek import PEK
 from dissect.database.ese.ntds.query import Query
 from dissect.database.ese.ntds.schema import Schema
 from dissect.database.ese.ntds.sd import SecurityDescriptor
-from dissect.database.ese.ntds.util import DN, DatabaseFlags, SearchFlags, encode_value
+from dissect.database.ese.ntds.util import DN, DatabaseFlag, SearchFlag, encode_value
 if TYPE_CHECKING:
     from collections.abc import Iterator
@@ -44,14 +44,14 @@ class Database:
         self.data._make_dn.cache_clear()
     @cached_property
-    def flags(self) -> DatabaseFlags | None:
+    def flags(self) -> DatabaseFlag | None:
         """Return the database flags."""
         if self.hiddeninfo is None:
             return None
-        result = DatabaseFlags(0)
+        result = DatabaseFlag(0)
         flags = self.hiddeninfo.get("flags_col")
-        for idx, member in enumerate(DatabaseFlags.__members__.values()):
+        for idx, member in enumerate(DatabaseFlag.__members__.values()):
             if flags[idx] == ord(b"1"):
                 result = member if result is None else result | member
@@ -256,9 +256,9 @@ class DataTable:
         if schema.search_flags is None:
             raise ValueError(f"Attribute is not indexed: {attribute!r}")
-        if SearchFlags.Indexed in schema.search_flags:
+        if SearchFlag.Indexed in schema.search_flags:
             name = f"INDEX_{schema.id:08x}"
-        elif SearchFlags.TupleIndexed in schema.search_flags:
+        elif SearchFlag.TupleIndexed in schema.search_flags:
             name = f"INDEX_T_{schema.id:08x}"
         else:
             # TODO add ContainerIndexed

dissect/database/ese/ntds/ntds.py CHANGED Viewed

@@ -20,6 +20,7 @@ if TYPE_CHECKING:
         TrustedDomain,
         User,
     )
+    from dissect.database.ese.ntds.objects.organizationalunit import OrganizationalUnit
     from dissect.database.ese.ntds.pek import PEK
@@ -83,11 +84,11 @@ class NTDS:
     def groups(self) -> Iterator[Group]:
         """Get all group objects from the database."""
-        yield from self.search(objectCategory="group")
+        yield from self.search(objectClass="group")
     def servers(self) -> Iterator[Server]:
         """Get all server objects from the database."""
-        yield from self.search(objectCategory="server")
+        yield from self.search(objectClass="server")
     def users(self) -> Iterator[User]:
         """Get all user objects from the database."""
@@ -95,7 +96,11 @@ class NTDS:
     def computers(self) -> Iterator[Computer]:
         """Get all computer objects from the database."""
-        yield from self.search(objectCategory="computer")
+        yield from self.search(objectClass="computer")
+    def domains(self) -> Iterator[DomainDNS]:
+        """Get all domain objects from the database."""
+        yield from self.search(objectClass="domainDNS")
     def trusts(self) -> Iterator[TrustedDomain]:
         """Get all trust objects from the database."""
@@ -105,6 +110,10 @@ class NTDS:
         """Get all group policy objects (GPO) objects from the database."""
         yield from self.search(objectClass="groupPolicyContainer")
+    def organizational_units(self) -> Iterator[OrganizationalUnit]:
+        """Get all organizational unit (OU) objects from the database."""
+        yield from self.search(objectClass="organizationalUnit")
     def secrets(self) -> Iterator[Secret]:
         """Get all secret objects from the database."""
         yield from self.search(objectClass="secret")

dissect/database/ese/ntds/objects/attributeschema.py CHANGED Viewed

@@ -1,6 +1,12 @@
 from __future__ import annotations
+from typing import TYPE_CHECKING, ClassVar
 from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import SearchFlag, SystemFlagAttribute
+if TYPE_CHECKING:
+    from dissect.database.ese.ntds.objects.object import DecoderMap
 class AttributeSchema(Top):
@@ -11,3 +17,12 @@ class AttributeSchema(Top):
     """
     __object_class__ = "attributeSchema"
+    __decoders__: ClassVar[DecoderMap] = {
+        "searchFlags": lambda db, value: SearchFlag(value),
+        "systemFlags": lambda db, value: SystemFlagAttribute(value),
+    }
+    @property
+    def search_flags(self) -> SearchFlag | None:
+        """Return the searchFlags of this attribute schema."""
+        return self.get("searchFlags")

dissect/database/ese/ntds/objects/certificationauthority.py CHANGED Viewed

@@ -11,3 +11,8 @@ class CertificationAuthority(Top):
     """
     __object_class__ = "certificationAuthority"
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this Certification Authority."""
+        return self.get("dNSHostName")

dissect/database/ese/ntds/objects/computer.py CHANGED Viewed

@@ -23,6 +23,21 @@ class Computer(User):
     def __repr_body__(self) -> str:
         return f"name={self.name!r}"
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this computer."""
+        return self.get("dNSHostName")
+    @property
+    def operating_system(self) -> str | None:
+        """Return the operatingSystem of this computer."""
+        return self.get("operatingSystem")
+    @property
+    def operating_system_version(self) -> str | None:
+        """Return the operatingSystemVersion of this computer."""
+        return self.get("operatingSystemVersion")
     def fve_recovery_information(self) -> Iterator[MSFVERecoveryInformation]:
         """Return the BitLocker recovery information objects associated with this computer."""
         for child in self.children():

dissect/database/ese/ntds/objects/configuration.py CHANGED Viewed

@@ -11,3 +11,8 @@ class Configuration(Top):
     """
     __object_class__ = "configuration"
+    @property
+    def gp_link(self) -> str | None:
+        """Return the group policy link of the configuration."""
+        return self.get("gPLink")

dissect/database/ese/ntds/objects/crossref.py CHANGED Viewed

@@ -1,6 +1,12 @@
 from __future__ import annotations
+from typing import TYPE_CHECKING, ClassVar
 from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import SystemFlagCrossRef
+if TYPE_CHECKING:
+    from dissect.database.ese.ntds.objects.object import DecoderMap
 class CrossRef(Top):
@@ -11,3 +17,11 @@ class CrossRef(Top):
     """
     __object_class__ = "crossRef"
+    __decoders__: ClassVar[DecoderMap] = {
+        "systemFlags": lambda db, value: SystemFlagCrossRef(value),
+    }
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this cross-reference."""
+        return self.get("msDS-Behavior-Version")

dissect/database/ese/ntds/objects/crossrefcontainer.py CHANGED Viewed

@@ -11,3 +11,8 @@ class CrossRefContainer(Top):
     """
     __object_class__ = "crossRefContainer"
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this cross-reference container."""
+        return self.get("msDS-Behavior-Version")

dissect/database/ese/ntds/objects/domaindns.py CHANGED Viewed

@@ -19,3 +19,8 @@ class DomainDNS(Domain):
         if (pek := self.get("pekList")) is not None:
             return PEK(pek)
         return None
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this domain DNS object."""
+        return self.get("msDS-Behavior-Version")

dissect/database/ese/ntds/objects/group.py CHANGED Viewed

@@ -24,6 +24,16 @@ class Group(Top):
         """Return the group's sAMAccountName."""
         return self.get("sAMAccountName")
+    @property
+    def mail(self) -> str | None:
+        """Return the mail address of this group."""
+        return self.get("mail")
+    @property
+    def admin_count(self) -> int | None:
+        """Return the group's adminCount."""
+        return self.get("adminCount")
     def managed_by(self) -> Iterator[Object]:
         """Return the objects that manage this group."""
         self._assert_local()

dissect/database/ese/ntds/objects/grouppolicycontainer.py CHANGED Viewed

@@ -11,3 +11,8 @@ class GroupPolicyContainer(Container):
     """
     __object_class__ = "groupPolicyContainer"
+    @property
+    def file_path(self) -> str | None:
+        """Return the gPCFileSysPath of this group policy container."""
+        return self.get("gPCFileSysPath")

dissect/database/ese/ntds/objects/ntdsdsa.py CHANGED Viewed

@@ -19,6 +19,11 @@ class NTDSDSA(ApplicationSettings):
     __object_class__ = "nTDSDSA"
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this NTDS DSA object."""
+        return self.get("msDS-Behavior-Version")
     def domain(self) -> DomainDNS | None:
         """Return the domain object associated with this NTDS DSA object, if any."""
         self._assert_local()

dissect/database/ese/ntds/objects/object.py CHANGED Viewed

@@ -1,19 +1,23 @@
 from __future__ import annotations
+import struct
 from functools import cached_property
-from typing import TYPE_CHECKING, Any, ClassVar
+from typing import TYPE_CHECKING, Any, ClassVar, TypeAlias
+from uuid import UUID
-from dissect.database.ese.ntds.util import InstanceType, decode_value
+from dissect.database.ese.ntds.util import InstanceType, SystemFlag, decode_value
 if TYPE_CHECKING:
-    from collections.abc import Iterator
+    from collections.abc import Callable, Iterator
     from datetime import datetime
     from dissect.database.ese.ntds.database import Database
     from dissect.database.ese.ntds.sd import SecurityDescriptor
-    from dissect.database.ese.ntds.util import DN, SystemFlags
+    from dissect.database.ese.ntds.util import DN
     from dissect.database.ese.record import Record
+    DecoderMap: TypeAlias = dict[str, Callable[[Database, Any], Any]]
 class Object:
     """Base class for all objects in the NTDS database.
@@ -29,7 +33,19 @@ class Object:
         - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adsc/041c6068-c710-4c74-968f-3040e4208701
     """
+    # Subclasses must override this to specify their object class
     __object_class__: str
+    """The objectClass value for this object."""
+    # Decoders for specific attributes to this object
+    __decoders__: ClassVar[DecoderMap] = {
+        "Ancestors": lambda db, value: [v[0] for v in struct.iter_unpack("<I", value)],
+        "instanceType": lambda db, value: InstanceType(value),
+        "systemFlags": lambda db, value: SystemFlag(value),
+        "objectGUID": lambda db, value: UUID(bytes_le=value),
+    }
+    # All known object classes
     __known_classes__: ClassVar[dict[str, type[Object]]] = {}
     def __init__(self, db: Database, record: Record):
@@ -39,6 +55,12 @@ class Object:
     def __init_subclass__(cls):
         cls.__known_classes__[cls.__object_class__] = cls
+        # Merge parent decoders with any new ones defined on the new class
+        decoders = {}
+        for parent in reversed(cls.__mro__[1:]):
+            decoders |= getattr(parent, "__decoders__", {})
+        cls.__decoders__ = decoders | cls.__decoders__
     def __repr__(self) -> str:
         suffix = self.__repr_suffix__()
         return f"<{self.__class__.__name__} {self.__repr_body__()}{' ' + suffix if suffix else ''}>"
@@ -89,7 +111,13 @@ class Object:
             name: The attribute name to retrieve.
             raw: Whether to return the raw value without decoding.
         """
-        return _get_attribute(self.db, self.record, name, raw=raw)
+        value = _get_attribute(self.db, self.record, name, raw=raw)
+        # Allow custom decoders to override the default decoding logic for specific attributes
+        # This is convenient for things like enums or timestamps that we want to represent as more meaningful types
+        if value is not None and name in self.__decoders__:
+            value = self.__decoders__[name](self.db, value)
+        return value
     def as_dict(self) -> dict[str, Any]:
         """Return the object's attributes as a dictionary."""
@@ -97,7 +125,7 @@ class Object:
         for key in self.record.as_dict():
             if (schema := self.db.data.schema.lookup_attribute(column=key)) is not None:
                 key = schema.name
-                result[key] = _get_attribute(self.db, self.record, key)
+                result[key] = self.get(key)
         return result
     def parent(self) -> Object | None:
@@ -221,7 +249,7 @@ class Object:
         return self.get("instanceType")
     @property
-    def system_flags(self) -> SystemFlags | None:
+    def system_flags(self) -> SystemFlag | None:
         """Return the object's system flags."""
         return self.get("systemFlags")
@@ -240,9 +268,7 @@ class Object:
     @cached_property
     def sd(self) -> SecurityDescriptor | None:
         """Return the Security Descriptor for this object."""
-        if (sd_id := self.get("nTSecurityDescriptor")) is not None:
-            return self.db.sd.sd(sd_id)
-        return None
+        return self.get("nTSecurityDescriptor")
     @cached_property
     def well_known_objects(self) -> list[Object]:

dissect/database/ese/ntds/objects/organizationalperson.py CHANGED Viewed

@@ -13,6 +13,21 @@ class OrganizationalPerson(Person):
     __object_class__ = "organizationalPerson"
     @property
-    def city(self) -> str:
+    def city(self) -> str | None:
         """Return the city (l) of this organizational person."""
         return self.get("l")  # "l" (localityName) represents the city/locality.
+    @property
+    def mail(self) -> str | None:
+        """Return the mail address of this organizational person."""
+        return self.get("mail")
+    @property
+    def title(self) -> str | None:
+        """Return the title of this organizational person."""
+        return self.get("title")
+    @property
+    def allowed_to_act_on_behalf_of_other_identity(self) -> str | None:
+        """Return the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of this organizational person."""
+        return self.get("msDS-AllowedToActOnBehalfOfOtherIdentity")

dissect/database/ese/ntds/objects/organizationalunit.py CHANGED Viewed

@@ -1,13 +1,15 @@
 from __future__ import annotations
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, ClassVar
 from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import GroupPolicyOption
 if TYPE_CHECKING:
     from collections.abc import Iterator
     from dissect.database.ese.ntds.objects import Object
+    from dissect.database.ese.ntds.objects.object import DecoderMap
 class OrganizationalUnit(Top):
@@ -18,6 +20,29 @@ class OrganizationalUnit(Top):
     """
     __object_class__ = "organizationalUnit"
+    __decoders__: ClassVar[DecoderMap] = {
+        "gPOptions": lambda db, value: GroupPolicyOption(value),
+    }
+    @property
+    def gp_link(self) -> str | None:
+        """Return the group policy link of the organizational unit."""
+        return self.get("gPLink")
+    @property
+    def gp_options(self) -> int | None:
+        """Return the group policy options of the organizational unit."""
+        return self.get("gPOptions")
+    @property
+    def telephone_number(self) -> str | None:
+        """Return the telephone number of this organizational unit."""
+        return self.get("telephoneNumber")
+    @property
+    def user_password(self) -> str | None:
+        """Return the userPassword of this organizational unit."""
+        return self.get("userPassword")
     def managed_by(self) -> Iterator[Object]:
         """Return the objects that manage this organizational unit."""

dissect/database/ese/ntds/objects/person.py CHANGED Viewed

@@ -11,3 +11,13 @@ class Person(Top):
     """
     __object_class__ = "person"
+    @property
+    def telephone_number(self) -> str | None:
+        """Return the telephone number of this person."""
+        return self.get("telephoneNumber")
+    @property
+    def user_password(self) -> str | None:
+        """Return the userPassword attribute of this person."""
+        return self.get("userPassword")

dissect/database/ese/ntds/objects/pkienrollmentservice.py CHANGED Viewed

@@ -11,3 +11,8 @@ class PKIEnrollmentService(Top):
     """
     __object_class__ = "pKIEnrollmentService"
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this PKI Enrollment Service."""
+        return self.get("dNSHostName")

dissect/database/ese/ntds/objects/server.py CHANGED Viewed

@@ -19,6 +19,11 @@ class Server(Top):
     __object_class__ = "server"
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this server."""
+        return self.get("dNSHostName")
     def computer(self) -> Computer | None:
         """Return the computer object associated with this server, if any."""
         self._assert_local()

dissect/database/ese/ntds/objects/site.py CHANGED Viewed

@@ -1,13 +1,15 @@
 from __future__ import annotations
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, ClassVar
 from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import GroupPolicyOption
 if TYPE_CHECKING:
     from collections.abc import Iterator
     from dissect.database.ese.ntds.objects import Object
+    from dissect.database.ese.ntds.objects.object import DecoderMap
 class Site(Top):
@@ -18,6 +20,19 @@ class Site(Top):
     """
     __object_class__ = "site"
+    __decoders__: ClassVar[DecoderMap] = {
+        "gPOptions": lambda db, value: GroupPolicyOption(value),
+    }
+    @property
+    def gp_link(self) -> str:
+        """Return the group policy link of the site."""
+        return self.get("gPLink")
+    @property
+    def gp_options(self) -> int:
+        """Return the group policy options of the site."""
+        return self.get("gPOptions", 0)
     def managed_by(self) -> Iterator[Object]:
         """Return the objects that manage this site."""

dissect/database/ese/ntds/objects/top.py CHANGED Viewed

@@ -19,3 +19,8 @@ class Top(Object):
     def display_name(self) -> str | None:
         """Return the displayName for this object."""
         return self.get("displayName")
+    @property
+    def description(self) -> str | None:
+        """Return the description for this object."""
+        return self.get("description")

dissect/database/ese/ntds/objects/trusteddomain.py CHANGED Viewed

@@ -1,6 +1,12 @@
 from __future__ import annotations
+from typing import TYPE_CHECKING, ClassVar
 from dissect.database.ese.ntds.objects.leaf import Leaf
+from dissect.database.ese.ntds.util import TrustAttribute, TrustDirection, TrustType
+if TYPE_CHECKING:
+    from dissect.database.ese.ntds.objects.object import DecoderMap
 class TrustedDomain(Leaf):
@@ -11,3 +17,33 @@ class TrustedDomain(Leaf):
     """
     __object_class__ = "trustedDomain"
+    __decoders__: ClassVar[DecoderMap] = {
+        "trustType": lambda db, value: TrustType(value),
+        "trustDirection": lambda db, value: TrustDirection(value),
+        "trustAttributes": lambda db, value: TrustAttribute(value),
+    }
+    @property
+    def trust_type(self) -> TrustType | None:
+        """Return the trustType of this trusted domain."""
+        return self.get("trustType")
+    @property
+    def trust_direction(self) -> TrustDirection | None:
+        """Return the trustDirection of this trusted domain."""
+        return self.get("trustDirection")
+    @property
+    def trust_attributes(self) -> TrustAttribute | None:
+        """Return the trustAttributes of this trusted domain."""
+        return self.get("trustAttributes")
+    @property
+    def trust_partner(self) -> str | None:
+        """Return the trustPartner of this trusted domain."""
+        return self.get("trustPartner")
+    @property
+    def security_identifier(self) -> str | None:
+        """Return the securityIdentifier of this trusted domain."""
+        return self.get("securityIdentifier")

dissect/database/ese/ntds/objects/user.py CHANGED Viewed

@@ -1,16 +1,18 @@
 from __future__ import annotations
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, ClassVar
+from dissect.util.ts import wintimestamp
 from dissect.database.ese.ntds.objects.organizationalperson import OrganizationalPerson
-from dissect.database.ese.ntds.util import UserAccountControl
+from dissect.database.ese.ntds.util import SAMAccountType, UserAccountControl
 if TYPE_CHECKING:
     from collections.abc import Iterator
+    from datetime import datetime
     from dissect.database.ese.ntds.objects.group import Group
-    from dissect.database.ese.ntds.objects.object import Object
-    from dissect.database.ese.ntds.util import SAMAccountType
+    from dissect.database.ese.ntds.objects.object import DecoderMap, Object
 class User(OrganizationalPerson):
@@ -21,6 +23,16 @@ class User(OrganizationalPerson):
     """
     __object_class__ = "user"
+    __decoders__: ClassVar[DecoderMap] = {
+        "sAMAccountType": lambda db, value: SAMAccountType(value),
+        "userAccountControl": lambda db, value: UserAccountControl(value),
+        "badPasswordTime": lambda db, value: None if value == 0 else wintimestamp(value),
+        "lastLogonTimestamp": lambda db, value: None if value == 0 else wintimestamp(value),
+        "lastLogon": lambda db, value: None if value == 0 else wintimestamp(value),
+        "lastLogoff": lambda db, value: None if value == 0 else wintimestamp(value),
+        "pwdLastSet": lambda db, value: None if value == 0 else wintimestamp(value),
+        "accountExpires": lambda db, value: None if value in (0, ((1 << 63) - 1)) else wintimestamp(value),
+    }
     def __repr_body__(self) -> str:
         return f"name={self.name!r} sam_account_name={self.sam_account_name!r} is_machine_account={self.is_machine_account()}"  # noqa: E501
@@ -45,6 +57,61 @@ class User(OrganizationalPerson):
         """Return the user's userAccountControl flags."""
         return self.get("userAccountControl")
+    @property
+    def user_principal_name(self) -> str | None:
+        """Return the user's userPrincipalName."""
+        return self.get("userPrincipalName")
+    @property
+    def service_principal_name(self) -> list[str]:
+        """Return the user's servicePrincipalName."""
+        return self.get("servicePrincipalName") or []
+    @property
+    def home_directory(self) -> str | None:
+        """Return the user's home directory."""
+        return self.get("homeDirectory")
+    @property
+    def home_drive(self) -> str | None:
+        """Return the user's home drive."""
+        return self.get("homeDrive")
+    @property
+    def script_path(self) -> str | None:
+        """Return the user's script path."""
+        return self.get("scriptPath")
+    @property
+    def password_last_set(self) -> datetime | None:
+        """Return the last time the user's password was set."""
+        return self.get("pwdLastSet")
+    @property
+    def logon_last_failed(self) -> datetime | None:
+        """Return the last time the user had a failed logon attempt."""
+        return self.get("badPasswordTime")
+    @property
+    def logon_last_local(self) -> datetime | None:
+        """Return the last time the user had a successful local logon."""
+        return self.get("lastLogon")
+    @property
+    def logon_last_replicated(self) -> datetime | None:
+        """Return the last time the user had a successful logon replicated across domain controllers."""
+        return self.get("lastLogonTimestamp")
+    @property
+    def account_expires(self) -> datetime | None:
+        """Return the time the user's account expires."""
+        return self.get("accountExpires")
+    @property
+    def admin_count(self) -> int | None:
+        """Return the user's adminCount."""
+        return self.get("adminCount")
     def is_machine_account(self) -> bool:
         """Return whether this user is a machine account."""
         return UserAccountControl.WORKSTATION_TRUST_ACCOUNT in self.user_account_control

dissect/database/ese/ntds/schema.py CHANGED Viewed

@@ -7,7 +7,7 @@ from dissect.database.ese.ntds.c_ds import c_ds
 if TYPE_CHECKING:
     from dissect.database.ese.ntds.database import Database
-    from dissect.database.ese.ntds.util import SearchFlags
+    from dissect.database.ese.ntds.util import SearchFlag
 # These are fixed columns in the NTDS database
 # They do not exist in the schema, but are required for basic operation
@@ -121,7 +121,7 @@ class AttributeEntry(NamedTuple):
     om_object_class: bytes | None
     is_single_valued: bool
     link_id: int | None
-    search_flags: SearchFlags | None
+    search_flags: SearchFlag | None
 class Schema:
@@ -255,7 +255,7 @@ class Schema:
         om_object_class: bytes | None,
         is_single_valued: bool,
         link_id: int | None,
-        search_flags: SearchFlags | None,
+        search_flags: SearchFlag | None,
     ) -> None:
         entry = AttributeEntry(
             dnt=dnt,

dissect/database/ese/ntds/util.py CHANGED Viewed

@@ -3,7 +3,6 @@ from __future__ import annotations
 import struct
 from enum import Flag, IntEnum, IntFlag, auto
 from typing import TYPE_CHECKING, Any
-from uuid import UUID
 from dissect.util.sid import read_sid, write_sid
 from dissect.util.ts import wintimestamp
@@ -18,7 +17,7 @@ if TYPE_CHECKING:
     from dissect.database.ese.ntds.schema import AttributeEntry
-class DatabaseFlags(Flag):
+class DatabaseFlag(Flag):
     """Database flags that are stored in the hiddentable.
     The flags are weirdly stored as ``1``, ``0`` or ``\x00`` in a byte array.
@@ -45,19 +44,71 @@ class InstanceType(IntFlag):
     NamingContextDeleting = 0x00000020
-# https://learn.microsoft.com/en-us/windows/win32/adschema/a-useraccountcontrol
-class SystemFlags(IntFlag):
-    NotReplicated = 0x00000001
-    ReplicatedToGlobalCatalog = 0x00000002
-    Constructed = 0x00000004
-    BaseSchema = 0x00000010
-    DeletedImmediately = 0x02000000
-    CannotBeMoved = 0x04000000
-    CannotBeRenamed = 0x08000000
-    ConfigurationCanBeMovedWithRestrictions = 0x10000000
-    ConfigurationCanBeMoved = 0x20000000
-    ConfigurationCanBeRenamedWithRestrictions = 0x40000000
-    CannotBeDeleted = 0x80000000
+# https://learn.microsoft.com/en-us/windows/win32/adschema/a-systemflags
+# https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/1e38247d-8234-4273-9de3-bbf313548631
+class SystemFlag(IntFlag):
+    # The first 3 flags have an overlap whether it's set on an attributeSchema or crossRef object
+    # We don't specify them here, see SystemFlagAttribute and SystemFlagCrossRef
+    # The following flags are also specific to certain objects, but have no overlap
+    ATTR_IS_OPERATIONAL = 0x00000008
+    SCHEMA_BASE_OBJECT = 0x00000010
+    ATTR_IS_RDN = 0x00000020
+    DISALLOW_MOVE_ON_DELETE = 0x02000000
+    DOMAIN_DISALLOW_MOVE = 0x04000000
+    DOMAIN_DISALLOW_RENAME = 0x08000000
+    CONFIG_ALLOW_LIMITED_MOVE = 0x10000000
+    CONFIG_ALLOW_MOVE = 0x20000000
+    CONFIG_ALLOW_RENAME = 0x40000000
+    DISALLOW_DELETE = 0x80000000
+# System flags that overlap with other flags and are specific to attributeSchema objects
+class SystemFlagAttribute(IntFlag):
+    ATTR_NOT_REPLICATED = 0x00000001
+    ATTR_REQ_PARTIAL_SET_MEMBER = 0x00000002
+    ATTR_IS_CONSTRUCTED = 0x00000004
+    # TODO: When we drop Python 3.10 support, we can subclass SystemFlag
+    # For now, just duplicate the flags here
+    ATTR_IS_OPERATIONAL = 0x00000008
+    SCHEMA_BASE_OBJECT = 0x00000010
+    ATTR_IS_RDN = 0x00000020
+    DISALLOW_MOVE_ON_DELETE = 0x02000000
+    DOMAIN_DISALLOW_MOVE = 0x04000000
+    DOMAIN_DISALLOW_RENAME = 0x08000000
+    CONFIG_ALLOW_LIMITED_MOVE = 0x10000000
+    CONFIG_ALLOW_MOVE = 0x20000000
+    CONFIG_ALLOW_RENAME = 0x40000000
+    DISALLOW_DELETE = 0x80000000
+# For better readability when printing attributeSchema objects, we reset the name
+SystemFlagAttribute.__name__ = "SystemFlag"
+# System flags that overlap with other flags and are specific to crossRef objects
+class SystemFlagCrossRef(IntFlag):
+    CR_NTDS_NC = 0x00000001
+    CR_NTDS_DOMAIN = 0x00000002
+    CR_NTDS_NOT_GC_REPLICATED = 0x00000004
+    # TODO: When we drop Python 3.10 support, we can subclass SystemFlag
+    # For now, just duplicate the flags here
+    ATTR_IS_OPERATIONAL = 0x00000008
+    SCHEMA_BASE_OBJECT = 0x00000010
+    ATTR_IS_RDN = 0x00000020
+    DISALLOW_MOVE_ON_DELETE = 0x02000000
+    DOMAIN_DISALLOW_MOVE = 0x04000000
+    DOMAIN_DISALLOW_RENAME = 0x08000000
+    CONFIG_ALLOW_LIMITED_MOVE = 0x10000000
+    CONFIG_ALLOW_MOVE = 0x20000000
+    CONFIG_ALLOW_RENAME = 0x40000000
+    DISALLOW_DELETE = 0x80000000
+# For better readability when printing crossRef objects, we reset the name
+SystemFlagCrossRef.__name__ = "SystemFlag"
 # https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/dd302fd1-0aa7-406b-ad91-2a6b35738557
@@ -98,7 +149,7 @@ class SAMAccountType(IntEnum):
     SAM_APP_QUERY_GROUP = 0x40000001
-class SearchFlags(IntFlag):
+class SearchFlag(IntFlag):
     Indexed = 0x00000001
     ContainerIndexed = 0x00000002
     Anr = 0x00000004
@@ -109,6 +160,41 @@ class SearchFlags(IntFlag):
     Confidential = 0x00000080
+class TrustType(IntEnum):
+    DOWNLEVEL = 0x00000001
+    UPLEVEL = 0x00000002
+    MIT = 0x00000003
+    DCE = 0x00000004
+    AAD = 0x00000005
+class TrustDirection(IntEnum):
+    DISABLED = 0
+    INBOUND = 1
+    OUTBOUND = 2
+    BIDIRECTIONAL = 3
+class TrustAttribute(IntFlag):
+    NON_TRANSITIVE = 0x00000001
+    UPLEVEL_ONLY = 0x00000002
+    FILTER_SIDS = 0x00000004
+    FOREST_TRANSITIVE = 0x00000008
+    CROSS_ORGANIZATION = 0x00000010
+    WITHIN_FOREST = 0x00000020
+    TREAT_AS_EXTERNAL = 0x00000040
+    TRUST_USES_RC4_ENCRYPTION = 0x00000080
+    TRUST_USES_AES_KEYS = 0x00000100
+    CROSS_ORGANIZATION_NO_TGT_DELEGATION = 0x00000200
+    PIM_TRUST = 0x00000400
+    TREE_PARENT = 0x00400000
+    TREE_ROOT = 0x00800000
+class GroupPolicyOption(IntFlag):
+    BLOCK_POLICY = 0x00000001
 def _pek_decrypt(db: Database, value: bytes) -> bytes:
     """Decrypt a PEK-encrypted blob using the database's PEK, if it's unlocked.
@@ -255,22 +341,6 @@ def _decode_pwd_history(db: Database, value: list[bytes]) -> list[bytes]:
 ATTRIBUTE_ENCODE_DECODE_MAP: dict[
     str, tuple[Callable[[Database, Any], Any] | None, Callable[[Database, Any], Any] | None]
 ] = {
-    "Ancestors": (None, lambda db, value: [v[0] for v in struct.iter_unpack("<I", value)]),
-    "instanceType": (lambda db, value: int(value), lambda db, value: InstanceType(int(value))),
-    "systemFlags": (lambda db, value: int(value), lambda db, value: SystemFlags(int(value))),
-    "searchFlags": (lambda db, value: int(value), lambda db, value: SearchFlags(int(value))),
-    "sAMAccountType": (lambda db, value: int(value), lambda db, value: SAMAccountType(int(value))),
-    "userAccountControl": (lambda db, value: int(value), lambda db, value: UserAccountControl(int(value))),
-    "objectGUID": (lambda db, value: value.bytes_le, lambda db, value: UUID(bytes_le=value)),
-    "badPasswordTime": (None, lambda db, value: wintimestamp(int(value))),
-    "lastLogonTimestamp": (None, lambda db, value: wintimestamp(int(value))),
-    "lastLogon": (None, lambda db, value: wintimestamp(int(value))),
-    "lastLogoff": (None, lambda db, value: wintimestamp(int(value))),
-    "pwdLastSet": (None, lambda db, value: wintimestamp(int(value))),
-    "accountExpires": (
-        None,
-        lambda db, value: float("inf") if int(value) == ((1 << 63) - 1) else wintimestamp(int(value)),
-    ),
     # Protected attributes
     "unicodePwd": (None, _pek_decrypt),
     "dBCSPwd": (None, _pek_decrypt),
@@ -432,7 +502,7 @@ SYNTAX_ENCODE_DECODE_MAP: dict[
     # TODO: Object(DN-String); A DN-String plus a Unicode string
     14: (None, None),
     # NTSecurityDescriptor; A security descriptor
-    15: (None, lambda db, value: int.from_bytes(value, byteorder="little")),
+    15: (None, lambda db, value: db.sd.sd(int.from_bytes(value, byteorder="little"))),
     # LargeInteger; A 64-bit number
     16: (None, lambda db, value: int(value)),
     # String(Sid); Security identifier (SID)

{dissect_database-1.2.dev8.dist-info → dissect_database-1.2.dev9.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dissect.database
-Version: 1.2.dev8
+Version: 1.2.dev9
 Summary: A Dissect module implementing parsers for various database formats, including Berkeley DB, Microsofts Extensible Storage Engine (ESE) and SQLite3
 Author-email: Dissect Team <dissect@fox-it.com>
 License-Expression: Apache-2.0

{dissect_database-1.2.dev8.dist-info → dissect_database-1.2.dev9.dist-info}/RECORD RENAMED Viewed

@@ -29,40 +29,40 @@ dissect/database/ese/ntds/c_pek.py,sha256=YU_rRpOEf8uB8OE6bGb25KIGm9e-yrn0tTItRC
 dissect/database/ese/ntds/c_pek.pyi,sha256=lHfhvHWABT1vLmknu66phOXsylgwzGIWVdbqDIZU5Qw,4683
 dissect/database/ese/ntds/c_sd.py,sha256=DYICZsWCBzj0OtvhO6vhzzVjK9YP6tzBCsgKgr0pc-k,4294
 dissect/database/ese/ntds/c_sd.pyi,sha256=7717Y0EBVu37Liu26rqsDWkLIdSCqWn9KK9svtniLqY,5279
-dissect/database/ese/ntds/database.py,sha256=6T9JGxB0BD9JF9LP4DjWfozm7mPb5eiXP56Q6bGqKnk,16783
-dissect/database/ese/ntds/ntds.py,sha256=ffE_yOvmwDUXwuQSjCDcGagKXx3nUajAkxDr1HpJbHQ,5060
+dissect/database/ese/ntds/database.py,sha256=fPMgTzHm1rsPZ3Hvt7SQqtjdXQNNLa51wGEK3i5_afw,16776
+dissect/database/ese/ntds/ntds.py,sha256=Uws58HSUKUUIs3qEc3zlrQfwNK-cKwyzkAt3320aHs8,5506
 dissect/database/ese/ntds/pek.py,sha256=BEmxO175T8QkGVvFQLN9MI9uDCcK4jztuZetbwbbYqU,4154
 dissect/database/ese/ntds/query.py,sha256=pDLLCVdrCRNq3ripvMDiyxXoFWsVJLwwsRMplRf7C9s,8063
-dissect/database/ese/ntds/schema.py,sha256=xxVL--RRBM8-IP12L86hrz-EEGLqXKAXpQZyOT_Vhn0,16644
+dissect/database/ese/ntds/schema.py,sha256=qAC9STfmJqUMp7633ZcOZOQgWI-UymwX3h4PUUjUV1U,16641
 dissect/database/ese/ntds/sd.py,sha256=Y-oYnJPcLMDB_4X8TLEGtt-n_nC4HLA0WqIS8qYAwAs,5995
-dissect/database/ese/ntds/util.py,sha256=nuY7NRSlr5V5Jz2NIOEhe3hbzPjFLVQnprXa3swSl_M,18856
+dissect/database/ese/ntds/util.py,sha256=3aIvxX3B2-LXQgmHA6rrFiN0obIZHdfD1-wKfecqaI8,20451
 dissect/database/ese/ntds/objects/__init__.py,sha256=LpZ9nHGxmuhVPQkD-qwh-OwFM1T4OzjcklAcEF2Zmrs,10868
 dissect/database/ese/ntds/objects/applicationsettings.py,sha256=j7UzmF8yxm3LR2lLnmGb7vFvUhYokCUOdhJXnk9xxzE,358
-dissect/database/ese/ntds/objects/attributeschema.py,sha256=0e_s5N5mnybxuufOEjGIVWlyuJkSgplz9LuIsaS2S38,342
+dissect/database/ese/ntds/objects/attributeschema.py,sha256=E8JioZAc_OgnK60nbrxHFxgFBvR1HKAz0tCdj4xt6DI,892
 dissect/database/ese/ntds/objects/builtindomain.py,sha256=KEo-YQl-r748Hnkod21qej2qsLGj7jM4vt6nbufMPWQ,334
-dissect/database/ese/ntds/objects/certificationauthority.py,sha256=oqmPYlz5SYUv7RfTNCKZ3F233v3K7lBtxDDz_g_R1GU,365
+dissect/database/ese/ntds/objects/certificationauthority.py,sha256=XWGzSImJ7Qo1TEMTUznAslp-810lWe8Xpk-Cjo99nIc,532
 dissect/database/ese/ntds/objects/classschema.py,sha256=Hrpfgl_mR6ciHL7qya63mvzsrouFIy4BJVHU5wJm_Hg,1544
 dissect/database/ese/ntds/objects/classstore.py,sha256=VqWGm4ZqonQQGnFE67AyGGUYuTLdBmPQzZ34X-fRG5M,321
-dissect/database/ese/ntds/objects/computer.py,sha256=QstBJ59mxsepGBLW_EJBwOe4gCGHDz5ZJoSknD6TQlY,1136
-dissect/database/ese/ntds/objects/configuration.py,sha256=AMjJBr4yCDITulk3LhVMhZBEOUYf6ApzibwxiLO79sU,332
+dissect/database/ese/ntds/objects/computer.py,sha256=F6twYcQNvfiY1Ba5BmYwhgMEwpqU53wKTPxBaQ0BnO0,1636
+dissect/database/ese/ntds/objects/configuration.py,sha256=jPef8omT1QinAQ51ST_YaBcGGEzOzn-pZ9-Bg5uYMUY,483
 dissect/database/ese/ntds/objects/container.py,sha256=fYtFfWHpcr_4wMN0_vfN9pRx2UXt26Fw31c4FOH9uEQ,316
 dissect/database/ese/ntds/objects/controlaccessright.py,sha256=Xh0hYp7rOQ2oZEA2hOALY_uGZNAxkiuhzhrgK1pLM2U,354
 dissect/database/ese/ntds/objects/crldistributionpoint.py,sha256=f9G1uDI3Pq9hQ6ldfvv6eEuAWpFrnwxgbKTELYlQlrY,358
-dissect/database/ese/ntds/objects/crossref.py,sha256=-i0jHqp-0qbntW3-3r-IazgnqVj6fSytY6AziNYNXzE,319
-dissect/database/ese/ntds/objects/crossrefcontainer.py,sha256=hUQMyrt4bsq6nNwIwKfyJPBtZctt3imYNKQdCPp9oWw,356
+dissect/database/ese/ntds/objects/crossref.py,sha256=G6WGZsXwny0nX77bJ5rMf5LiE2c9p7ENxjPofxfhCAg,811
+dissect/database/ese/ntds/objects/crossrefcontainer.py,sha256=YeEnVCVYpt6p1jQ8grctPz3r9DWZj55DwDWc-zJubmo,548
 dissect/database/ese/ntds/objects/dfsconfiguration.py,sha256=Ofgj8Nnfw4_kGTjGnqaSDB6opshqQMNAJFFk_AuTbbo,345
 dissect/database/ese/ntds/objects/displayspecifier.py,sha256=Kuc7usI-zLK0TadGAm_fnuu6DurHNYZD6-hQMlQ3F6g,345
 dissect/database/ese/ntds/objects/dmd.py,sha256=SnJLgFO5rMmsVjgYN0z0klE5tQkZxnmAaqsWefitV0U,324
 dissect/database/ese/ntds/objects/dnsnode.py,sha256=os48qV-nvqa80PiyDLXVSST31NI_KfFC32jlkm30FzY,309
 dissect/database/ese/ntds/objects/dnszone.py,sha256=rJ_3zdsxrR3FvzXU1qbbGqnh67FR64CRClO3dF7wBXU,659
 dissect/database/ese/ntds/objects/domain.py,sha256=aWQN-5P1MMh2aPXJoyPORxhyE_5dIt7aIfBB7Bxp8mM,304
-dissect/database/ese/ntds/objects/domaindns.py,sha256=dnGFmIQAOZib-lGwSvNHanWMuLcN0meox1mI4BcCW64,596
+dissect/database/ese/ntds/objects/domaindns.py,sha256=bHJQukHnhmBJwgGMTiwWHyF5PXQYhv6sdYrJP2QH2CY,780
 dissect/database/ese/ntds/objects/domainpolicy.py,sha256=SjvVx1Tx0_ckkf4_rIGlA5YMBHQ3POoMn5vQJl2yzwA,687
 dissect/database/ese/ntds/objects/dsuisettings.py,sha256=hklM6JRYVQ-28nL_yv8S53yOOLc-ph93eEwJr2rM5CA,330
 dissect/database/ese/ntds/objects/filelinktracking.py,sha256=UmsPb_pKSjCIy6K7pbcdNlZVLhF3FaehbbqYM8SpTRY,346
 dissect/database/ese/ntds/objects/foreignsecurityprincipal.py,sha256=w87K7yXSwGBrka6IFntVPtOhihyN5Dy5pM_ZNp8qYAM,378
-dissect/database/ese/ntds/objects/group.py,sha256=XWtzDy51nZGv234mfonJt4h7sBZqfG2NR4avlxueThw,1389
-dissect/database/ese/ntds/objects/grouppolicycontainer.py,sha256=F55DGq5XZ3rTRjkvX1tUfSGNMz6AKOIQPhHGh4BSDpw,380
+dissect/database/ese/ntds/objects/group.py,sha256=ONPHhZo27rFOxhRvVAFEQ9LFSyAGVkzQ63s-67Uq0hQ,1662
+dissect/database/ese/ntds/objects/grouppolicycontainer.py,sha256=dglJ-M85cGV2ltPL6eYD6FhYYQ-ZX2cg9Lo5-Fu9Lpg,548
 dissect/database/ese/ntds/objects/infrastructureupdate.py,sha256=g5qvuqaFJRMUTfREd9B2NkQoF_Oavg8XsMn3_WPYRtQ,362
 dissect/database/ese/ntds/objects/intersitetransport.py,sha256=1-4Hh1jFFM4EyRQigHBiPnCfWRON_irZp4LTKowVVpQ,355
 dissect/database/ese/ntds/objects/intersitetransportcontainer.py,sha256=UuVsYRk4PHtE8SGXNnmo0x5NYWhTUtWDI7bawVFZYpI,386
@@ -112,17 +112,17 @@ dissect/database/ese/ntds/objects/mspki_privatekeyrecoveryagent.py,sha256=BA7NKZ
 dissect/database/ese/ntds/objects/msspp_activationobjectscontainer.py,sha256=l_OpFUHcRZ7LYvXAdfrDXSClX9f78Ca5UJPgNszo3ZE,405
 dissect/database/ese/ntds/objects/mstpm_informationobjectscontainer.py,sha256=84wqeKMwcShtr6uzgHoG6rMpk_3r22xe6BTvpt24pSg,404
 dissect/database/ese/ntds/objects/ntdsconnection.py,sha256=mWgzUTQ0o6Gsc6CsyBoakyXV5UejzTlsVp8j3vm10bw,341
-dissect/database/ese/ntds/objects/ntdsdsa.py,sha256=pES4m9UCqxDI6sOQUjyp3Uc0alHN3pNGpr84L46L5ys,1226
+dissect/database/ese/ntds/objects/ntdsdsa.py,sha256=g9YtoARzN6IWk0ai0dcwWYQf1B4afjc6OV2ec1twTe8,1408
 dissect/database/ese/ntds/objects/ntdsservice.py,sha256=mTdpd2tzm8OOiGm6rJN35_dyeWtvzPYI_rVDBZz0gNc,326
 dissect/database/ese/ntds/objects/ntdssitesettings.py,sha256=VNlke-Vgxjh0fzd5o2X-4fwCBrkEI1coR4oto5OenPo,709
 dissect/database/ese/ntds/objects/ntfrssettings.py,sha256=PwIKT6t_zRxfdacWuvzMfq_mIhj_wyIhHzORNcF2eOU,745
-dissect/database/ese/ntds/objects/object.py,sha256=gYxjaivNCr0WfjrAAIqS1SmSR2zF2_ROR0g2Cip-3gg,10162
-dissect/database/ese/ntds/objects/organizationalperson.py,sha256=X4QHT9AeGU7mDtIPlZbkhs1v2ZCPEarehFyn5EFszdY,559
-dissect/database/ese/ntds/objects/organizationalunit.py,sha256=H_VHrUgN92cXgGoV3ngiV4HjSaDndSUkQSjcNmb7WFs,715
-dissect/database/ese/ntds/objects/person.py,sha256=s67VHtsyN5t8icU9adPTLGcrIMH14yrEY1VqUqSw3Do,304
+dissect/database/ese/ntds/objects/object.py,sha256=cEBfgi6vLplql2fZbDeRJHDcHVHk9pLIxhMX90SfGLY,11320
+dissect/database/ese/ntds/objects/organizationalperson.py,sha256=KUfpx76IObfdf8feLTVjJj3tAONS7np3st9xVPtPmCQ,1123
+dissect/database/ese/ntds/objects/organizationalunit.py,sha256=3PrtKri5Unmcg_poLWVFDmF2m0BdiibKgSwq4c6kG-w,1631
+dissect/database/ese/ntds/objects/person.py,sha256=pDnOHNFWD3phbipS0gCQLrFzXpqroI8O_5pUuAQk8Ko,628
 dissect/database/ese/ntds/objects/physicallocation.py,sha256=Wp-lGM8TVEaPa0syzHe07vHRL98nXwP_iCtlHv0650s,719
 dissect/database/ese/ntds/objects/pkicertificatetemplate.py,sha256=zLNujYL62arZy0w9UzVUgMr8htPSygeygG5ZDROS0F0,370
-dissect/database/ese/ntds/objects/pkienrollmentservice.py,sha256=Ii9XcEpHKqgrk10g5kb4gComemjc0KmCeXm237IlTFM,358
+dissect/database/ese/ntds/objects/pkienrollmentservice.py,sha256=jaS-OmAOu-fpg8wXuq_lcacACeY2gUA_54-PzIIZKCU,524
 dissect/database/ese/ntds/objects/querypolicy.py,sha256=W6O1qevlVEn6Y1yRi1Ki8FErrNCE5leYE4J_y_eNhrc,325
 dissect/database/ese/ntds/objects/ridmanager.py,sha256=magfnp-sk3Nb6BapzUbcphM-UVxOMBAVQgiaFGYCJpU,319
 dissect/database/ese/ntds/objects/ridset.py,sha256=xpmfNsqKwSIL4D9bNvaOokbz-95bcxhbeFxgRtf-muY,303
@@ -131,16 +131,16 @@ dissect/database/ese/ntds/objects/rrasadministrationdictionary.py,sha256=dzS3xag
 dissect/database/ese/ntds/objects/samserver.py,sha256=q32pI-Pjd1TOQle_LuR53rjZlDjCY2U2aAYCWjLEaDg,348
 dissect/database/ese/ntds/objects/secret.py,sha256=0278o0wpy3n5JmhYKFpNDy1MgNcHBbjX0aUYXxeCUlQ,3392
 dissect/database/ese/ntds/objects/securityobject.py,sha256=hR0a0wjyrLFtSMtRZOwPCYXpfuOCtNMhozK4bkzly-A,330
-dissect/database/ese/ntds/objects/server.py,sha256=9swxb2s6vNTAPsL_mjQBjZNGft-pUvA2-zds1gKfYJ8,889
+dissect/database/ese/ntds/objects/server.py,sha256=k1iqvIUHttxXz3aQLJPJkN2FH-pAz4SE3Z2tdzJS2-U,1039
 dissect/database/ese/ntds/objects/serverscontainer.py,sha256=NnJ0M23RO-hsKd2vWcvViOMRV8psGJkwiaRC-ghmrk0,345
-dissect/database/ese/ntds/objects/site.py,sha256=Yj5lLgivDumOaS8QaTdsS0XZfQEkYr7loN9aUwxj_Y4,640
+dissect/database/ese/ntds/objects/site.py,sha256=Ozc_TNvXKhIbHJShLpBuHMWkS82IpxSoYErziJ9B9dE,1175
 dissect/database/ese/ntds/objects/sitelink.py,sha256=cNHis9jsxFPtxfiCfxd4klP495XfjcwrF507wduyADk,313
 dissect/database/ese/ntds/objects/sitescontainer.py,sha256=C09THsbE-tBz2fFsYj5UkdbNuzIBqTo65F71a0oEY3w,337
 dissect/database/ese/ntds/objects/subnetcontainer.py,sha256=IEwSBFxoPXBIKuH-V7rK5yueAEDaMIuVXbtTEmGUlCg,341
 dissect/database/ese/ntds/objects/subschema.py,sha256=-vE76P_Yhj-Ny6ZAYnTTPMS0dtLNFZRUgyh9IXIm5Po,317
-dissect/database/ese/ntds/objects/top.py,sha256=1oPtivWGki1lfElWMs57zZ05g6dbWSa77A77ytf7hWs,527
-dissect/database/ese/ntds/objects/trusteddomain.py,sha256=J-besYk7tF3vxbJC3PogDk3iduBp_86A2SHA0LJQFb8,336
-dissect/database/ese/ntds/objects/user.py,sha256=wuCViCevxboNXdkojQuKzaqWYnEz7k7Y017LisdAFOQ,2615
+dissect/database/ese/ntds/objects/top.py,sha256=jXH9u3g3EhPAA4Tiw9g201BaZPJ1-4FeLOnKL5ma3Vg,676
+dissect/database/ese/ntds/objects/trusteddomain.py,sha256=PhioFfl5gkGFQIS0_D70rIH0x0g3Hp9ZhaNMxCh6afs,1645
+dissect/database/ese/ntds/objects/user.py,sha256=mMZ9CE6YL5sNm6KxAJWk50lxdB-P-pYeIKvEwsWSSL4,5213
 dissect/database/ese/ntds/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/database/ese/ntds/tools/ntds.py,sha256=6hgpoSr-QKgbz8ABkYsM-MZf6kkH_nlJbz_BCqbrGzE,861
 dissect/database/ese/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -159,10 +159,10 @@ dissect/database/sqlite3/encryption/__init__.py,sha256=kJdFWXD9Z_O_QipC-_A9dlVfR
 dissect/database/sqlite3/encryption/sqlcipher/__init__.py,sha256=kJdFWXD9Z_O_QipC-_A9dlVfR6AOPSOoT8WBhpFbSsE,238
 dissect/database/sqlite3/encryption/sqlcipher/exception.py,sha256=GKNtzcnAKlWkvjLluruA8LfzCwjRRWubibbH8WM9l2o,121
 dissect/database/sqlite3/encryption/sqlcipher/sqlcipher.py,sha256=y_oJRKZqoJBeOQaBbniesZKm1sVTFvXZ466rJYZj2xE,11217
-dissect_database-1.2.dev8.dist-info/licenses/COPYRIGHT,sha256=pFH-OBYz6Xj23UB0Odz5IhoTR8nsTbJQNlCRV_wMaiE,317
-dissect_database-1.2.dev8.dist-info/licenses/LICENSE,sha256=PhUqiw6jAh2KbBdVRPBq_hfAvfcTBin7nZ3CK7NQbTM,11341
-dissect_database-1.2.dev8.dist-info/METADATA,sha256=hGEpclu4s8U1QSHYtlzFE6-use8kBW1cwjqvDDjnDkY,5540
-dissect_database-1.2.dev8.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
-dissect_database-1.2.dev8.dist-info/entry_points.txt,sha256=ZVVKj3Nzjkgm1kBXGWyGNVUJzTbmVgivv9lgFcuLkpk,343
-dissect_database-1.2.dev8.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect_database-1.2.dev8.dist-info/RECORD,,
+dissect_database-1.2.dev9.dist-info/licenses/COPYRIGHT,sha256=pFH-OBYz6Xj23UB0Odz5IhoTR8nsTbJQNlCRV_wMaiE,317
+dissect_database-1.2.dev9.dist-info/licenses/LICENSE,sha256=PhUqiw6jAh2KbBdVRPBq_hfAvfcTBin7nZ3CK7NQbTM,11341
+dissect_database-1.2.dev9.dist-info/METADATA,sha256=lpFACmhxqvnFHoHk3_cI8ydgt--hK4JpVhbHVksYfVU,5540
+dissect_database-1.2.dev9.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+dissect_database-1.2.dev9.dist-info/entry_points.txt,sha256=ZVVKj3Nzjkgm1kBXGWyGNVUJzTbmVgivv9lgFcuLkpk,343
+dissect_database-1.2.dev9.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect_database-1.2.dev9.dist-info/RECORD,,

{dissect_database-1.2.dev8.dist-info → dissect_database-1.2.dev9.dist-info}/WHEEL RENAMED Viewed

File without changes

{dissect_database-1.2.dev8.dist-info → dissect_database-1.2.dev9.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{dissect_database-1.2.dev8.dist-info → dissect_database-1.2.dev9.dist-info}/licenses/COPYRIGHT RENAMED Viewed

File without changes

{dissect_database-1.2.dev8.dist-info → dissect_database-1.2.dev9.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{dissect_database-1.2.dev8.dist-info → dissect_database-1.2.dev9.dist-info}/top_level.txt RENAMED Viewed

File without changes

dissect.database 1.2.dev8__py3-none-any.whl → 1.2.dev9__py3-none-any.whl

dissect.database 1.2.dev8py3-none-any.whl → 1.2.dev9py3-none-any.whl