Merge pull request #34 from kizzx2/master

specify DACL_SECURITY_INFROMATION for modifying DACLs

Author: skelsec

Diff for: msldap/client.py

@@ -1180,7 +1180,15 @@ async def add_priv_addmember(self, user_dn:str, group_dn:str):
 			changes = {
 				'nTSecurityDescriptor' : [('replace', new_sd.to_bytes())]
 			}
-			_, err = await self.modify(group_dn, changes)
+			req_flags = SDFlagsRequestValue({
+				'Flags': SDFlagsRequest.DACL_SECURITY_INFORMATION
+			})
+			controls = [{
+				'controlType': b'1.2.840.113556.1.4.801',
+				'controlValue': req_flags.dump(),
+				'criticality': False
+			}]
+			_, err = await self.modify(group_dn, changes, controls)
 			if err is not None:
 				raise err
 
@@ -1229,7 +1237,15 @@ async def add_priv_dcsync(self, user_dn:str, forest_dn:str = None):
 			changes = {
 				'nTSecurityDescriptor' : [('replace', new_sd.to_bytes())]
 			}
-			_, err = await self.modify(forest_dn, changes)
+			req_flags = SDFlagsRequestValue({
+				'Flags': SDFlagsRequest.DACL_SECURITY_INFORMATION
+			})
+			controls = [{
+				'controlType': b'1.2.840.113556.1.4.801',
+				'controlValue': req_flags.dump(),
+				'criticality': False
+			}]
+			_, err = await self.modify(forest_dn, changes, controls)
 			if err is not None:
 				raise err