Refactor rootdse gw (#856)

* add: rootDSE gateway

* refactor: move nl

* refactor: move rootDSE

* add: sid

* fix: remove sid

* fix: add rootdse provider

* refactor: protocol for Domain

* Update app/ldap_protocol/rootdse/gateway.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* add: DCInfoReader

* chore: remove nesessary docstring rules

* add: unc

* fix: ruff

* add: docstrings ignore

* add: get_dcinfo

* fix: ioc

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: Mastermind-U

app/api/shadow/router.py

@@ -11,6 +11,9 @@
 from dishka.integrations.fastapi import DishkaRoute
 from fastapi import APIRouter, Body
 
+from ldap_protocol.rootdse.dto import DomainControllerInfo
+from ldap_protocol.rootdse.reader import DCInfoReader
+
 from .adapter import ShadowAdapter
 
 shadow_router = APIRouter(route_class=DishkaRoute)
@@ -46,3 +49,10 @@ async def change_password(
     :return None: None
     """
     return await adapter.change_password(principal, new_password)
+
+
+@shadow_router.get("/metadata/dcinfo")
+async def get_dcinfo(
+    dcreader: FromDishka[DCInfoReader],
+) -> DomainControllerInfo:
+    return await dcreader.get()

app/constants.py

@@ -326,3 +326,6 @@
         "children": [],
     },
 ]
+
+DEFAULT_DC_POSTFIX = "DC1"
+UNC_PREFIX = "\\\\"

app/ioc.py

@@ -128,6 +128,9 @@
 from ldap_protocol.roles.ace_dao import AccessControlEntryDAO
 from ldap_protocol.roles.role_dao import RoleDAO
 from ldap_protocol.roles.role_use_case import RoleUseCase
+from ldap_protocol.rootdse.gateway import SADomainGateway
+from ldap_protocol.rootdse.gw_protocol import DomainReadProtocol
+from ldap_protocol.rootdse.reader import DCInfoReader, RootDSEReader
 from ldap_protocol.session_storage import RedisSessionStorage, SessionStorage
 from ldap_protocol.session_storage.repository import SessionRepository
 from password_utils import PasswordUtils
@@ -451,6 +454,13 @@ async def get_dhcp_mngr(
     entity_type_use_case = provide(EntityTypeUseCase, scope=Scope.REQUEST)
     dns_use_case = provide(DNSUseCase, scope=Scope.REQUEST)
     dns_state_gateway = provide(DNSStateGateway, scope=Scope.REQUEST)
+    rootdse_gw = provide(
+        SADomainGateway,
+        provides=DomainReadProtocol,
+        scope=Scope.REQUEST,
+    )
+    rootdse_reader = provide(RootDSEReader, scope=Scope.REQUEST)
+    dcinfo_reader = provide(DCInfoReader, scope=Scope.REQUEST)
 
 
 class LDAPContextProvider(Provider):

app/ldap_protocol/ldap_requests/contexts.py

@@ -16,6 +16,7 @@
 from ldap_protocol.policies.password import PasswordPolicyUseCases
 from ldap_protocol.roles.access_manager import AccessManager
 from ldap_protocol.roles.role_use_case import RoleUseCase
+from ldap_protocol.rootdse.reader import RootDSEReader
 from ldap_protocol.session_storage import SessionStorage
 from password_utils import PasswordUtils
 
@@ -70,6 +71,7 @@ class LDAPSearchRequestContext:
     ldap_session: LDAPSession
     settings: Settings
     access_manager: AccessManager
+    rootdse_rd: RootDSEReader
 
 
 @dataclass

app/ldap_protocol/ldap_requests/search.py

@@ -18,7 +18,6 @@
 from sqlalchemy.sql.elements import ColumnElement, UnaryExpression
 from sqlalchemy.sql.expression import Select
 
-from config import Settings
 from entities import (
     Attribute,
     AttributeType,
@@ -42,13 +41,12 @@
     SearchResultEntry,
     SearchResultReference,
 )
-from ldap_protocol.netlogon import NetLogonAttributeHandler
 from ldap_protocol.objects import DerefAliases, ProtocolRequests, Scope
 from ldap_protocol.roles.access_manager import AccessManager
+from ldap_protocol.rootdse.netlogon import NetLogonAttributeHandler
 from ldap_protocol.utils.cte import get_all_parent_group_directories
 from ldap_protocol.utils.helpers import (
     dt_to_ft,
-    get_generalized_now,
     get_windows_timestamp,
     string_to_sid,
 )
@@ -217,70 +215,6 @@ async def _get_subschema(self, session: AsyncSession) -> SearchResultEntry:
             ],
         )
 
-    async def get_root_dse(
-        self,
-        session: AsyncSession,
-        settings: Settings,
-    ) -> defaultdict[str, list[str]]:
-        """Get RootDSE.
-
-        :return defaultdict[str, list[str]]: queried attrs
-        """
-        data = defaultdict(list)
-        domain_query = select(Directory).filter_by(object_class="domain")
-        domain = (await session.scalars(domain_query)).one()
-
-        schema = "CN=Schema"
-        if self.requested_attrs == ["subschemasubentry"]:
-            data["subschemaSubentry"].append(schema)
-            return data
-
-        data["dnsHostName"].append(domain.name)
-        data["serverName"].append(domain.name)
-        data["serviceName"].append(domain.name)
-        data["dsServiceName"].append(domain.name)
-        data["LDAPServiceName"].append(domain.name)
-        data["dnsForestName"].append(domain.name)
-        data["dnsDomainName"].append(domain.name)
-        data["domainGuid"].append(str(domain.object_guid))
-        data["vendorName"].append(settings.VENDOR_NAME)
-        data["vendorVersion"].append(settings.VENDOR_VERSION)
-        data["namingContexts"].append(domain.path_dn)
-        data["namingContexts"].append(schema)
-        data["rootDomainNamingContext"].append(domain.path_dn)
-        data["supportedLDAPVersion"].append("3")
-        data["defaultNamingContext"].append(domain.path_dn)
-        data["currentTime"].append(get_generalized_now(settings.TIMEZONE))
-        data["subschemaSubentry"].append(schema)
-        data["schemaNamingContext"].append(schema)
-        data["supportedSASLMechanisms"] = [
-            "ANONYMOUS",
-            "PLAIN",
-            "GSSAPI",
-            "GSS-SPNEGO",
-        ]
-        data["highestCommittedUSN"].append("126991")
-        data["supportedExtension"] = [
-            "1.3.6.1.4.1.4203.1.11.3",  # whoami
-            "1.3.6.1.4.1.4203.1.11.1",  # password modify
-        ]
-        data["supportedControl"] = [
-            "2.16.840.1.113730.3.4.4",  # password expire policy
-        ]
-        data["domainFunctionality"].append("0")
-        data["supportedLDAPPolicies"] = [
-            "MaxConnIdleTime",
-            "MaxPageSize",
-            "MaxValRange",
-        ]
-        data["supportedCapabilities"] = [
-            "1.2.840.113556.1.4.800",  # ACTIVE_DIRECTORY_OID
-            "1.2.840.113556.1.4.1670",  # ACTIVE_DIRECTORY_V51_OID
-            "1.2.840.113556.1.4.1791",  # ACTIVE_DIRECTORY_LDAP_INTEG_OID
-        ]
-
-        return data
-
     def _cast_filter(self) -> UnaryExpression | ColumnElement:
         """Convert asn1 row filter_ to sqlalchemy obj.
 
@@ -308,7 +242,7 @@ def check_netlogon_filter(self) -> bool:
         return "netlogon" in self.requested_attrs
 
     async def _get_netlogon(self, ctx: LDAPSearchRequestContext) -> bytes:
-        rootdse = await self.get_root_dse(ctx.session, ctx.settings)
+        rootdse = await ctx.rootdse_rd.get(self.requested_attrs)
         nl = NetLogonAttributeHandler.from_filter(rootdse, self.filter)
         return nl.get_attr()
 
@@ -343,7 +277,7 @@ async def get_result(
                     ],
                 )
             elif is_root_dse:
-                attrs = await self.get_root_dse(ctx.session, ctx.settings)
+                attrs = await ctx.rootdse_rd.get(self.requested_attrs)
                 yield SearchResultEntry(
                     object_name="",
                     partial_attributes=[

app/ldap_protocol/policies/audit/events/sender.py

@@ -26,7 +26,7 @@
 class AuditEventSenderManager:
     """Audit event manager."""
 
-    def __init__(  # noqa: D107
+    def __init__(
         self,
         normalized_audit_manager: NormalizedAuditManager,
         session: AsyncSession,

app/ldap_protocol/rootdse/__init__.py

@@ -0,0 +1,20 @@
+"""Domain controller info Dataclasses.
+
+Copyright (c) 2025 MultiFactor
+License: https://github.com/MultiDirectoryLab/MultiDirectory/blob/main/LICENSE
+"""
+
+from dataclasses import dataclass
+
+
+@dataclass(frozen=True)
+class DomainControllerInfo:
+    """DC info dataclass."""
+
+    net_bios_domain: str
+    net_bios_hostname: str
+    unc: str
+    dns: str
+    dns_forest: str
+    object_sid: str
+    object_guid: str

app/ldap_protocol/rootdse/dto.py

@@ -0,0 +1,22 @@
+"""LDAP SQLAlchemy gw for handle requests.
+
+Copyright (c) 2025 MultiFactor
+License: https://github.com/MultiDirectoryLab/MultiDirectory/blob/main/LICENSE
+"""
+
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from entities import Directory
+
+
+class SADomainGateway:
+    """RootDSE gw."""
+
+    def __init__(self, session: AsyncSession) -> None:
+        """Set up gw."""
+        self._session = session
+
+    async def get_domain(self) -> Directory:
+        domain_query = select(Directory).filter_by(object_class="domain")
+        return (await self._session.scalars(domain_query)).one()

app/ldap_protocol/rootdse/gateway.py

@@ -0,0 +1,15 @@
+"""Domain/Directory gw for handle requests.
+
+Copyright (c) 2025 MultiFactor
+License: https://github.com/MultiDirectoryLab/MultiDirectory/blob/main/LICENSE
+"""
+
+from typing import Protocol
+
+from entities import Directory
+
+
+class DomainReadProtocol(Protocol):
+    """RootDSE gw."""
+
+    async def get_domain(self) -> Directory: ...