fix TGTDelegationEnabled (#168)

* fix TGTDelegationEnabled CrossOrganizationNoTGTDelegation being false does not enable TGT delegation. That is what my testing shows. It seems like this flag became meaningless after TGT delegation was disabled by default in 2019.
BloodHoundAD · Oct 15, 2024 · 37ba516 · 37ba516
1 parent 48e136d
commit 37ba516
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/src/CommonLib/Processors/DomainTrustProcessor.cs b/src/CommonLib/Processors/DomainTrustProcessor.cs
@@ -86,8 +86,9 @@ public async IAsyncEnumerable<DomainTrust> EnumerateDomainTrusts(string domain)
 
                 trust.TGTDelegationEnabled = 
                     !attributes.HasFlag(TrustAttributes.QuarantinedDomain) &&
-                    (attributes.HasFlag(TrustAttributes.CrossOrganizationEnableTGTDelegation)
-                    || !attributes.HasFlag(TrustAttributes.CrossOrganizationNoTGTDelegation));
+                    (attributes.HasFlag(TrustAttributes.WithinForest) ||
+                    attributes.HasFlag(TrustAttributes.CrossOrganizationEnableTGTDelegation));
+
                 trust.TrustType = TrustAttributesToType(attributes);
 
                 yield return trust;
@@ -111,4 +112,4 @@ public static TrustType TrustAttributesToType(TrustAttributes attributes)
             return trustType;
         }
     }
-}
+}