Merge pull request #34 from kizzx2/master

specify DACL_SECURITY_INFROMATION for modifying DACLs
skelsec · Sep 26, 2023 · 469ad75 · 469ad75
2 parents 00d8e3b + 67dfc9b
commit 469ad75
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/msldap/client.py b/msldap/client.py
@@ -1180,7 +1180,15 @@ async def add_priv_addmember(self, user_dn:str, group_dn:str):
 			changes = {
 				'nTSecurityDescriptor' : [('replace', new_sd.to_bytes())]
 			}
-			_, err = await self.modify(group_dn, changes)
+			req_flags = SDFlagsRequestValue({
+				'Flags': SDFlagsRequest.DACL_SECURITY_INFORMATION
+			})
+			controls = [{
+				'controlType': b'1.2.840.113556.1.4.801',
+				'controlValue': req_flags.dump(),
+				'criticality': False
+			}]
+			_, err = await self.modify(group_dn, changes, controls)
 			if err is not None:
 				raise err
 
@@ -1229,7 +1237,15 @@ async def add_priv_dcsync(self, user_dn:str, forest_dn:str = None):
 			changes = {
 				'nTSecurityDescriptor' : [('replace', new_sd.to_bytes())]
 			}
-			_, err = await self.modify(forest_dn, changes)
+			req_flags = SDFlagsRequestValue({
+				'Flags': SDFlagsRequest.DACL_SECURITY_INFORMATION
+			})
+			controls = [{
+				'controlType': b'1.2.840.113556.1.4.801',
+				'controlValue': req_flags.dump(),
+				'criticality': False
+			}]
+			_, err = await self.modify(forest_dn, changes, controls)
 			if err is not None:
 				raise err