From 37ba5167082dc49f64ac7052796b2c86d22bad36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20B=C3=BClow=20Knudsen?=
 <12843299+JonasBK@users.noreply.github.com>
Date: Tue, 15 Oct 2024 20:38:23 +0200
Subject: [PATCH] fix TGTDelegationEnabled (#168)

* fix TGTDelegationEnabled

CrossOrganizationNoTGTDelegation being false does not enable TGT delegation. That is what my testing shows. It seems like this flag became meaningless after TGT delegation was disabled by default in 2019.
---
 src/CommonLib/Processors/DomainTrustProcessor.cs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/CommonLib/Processors/DomainTrustProcessor.cs b/src/CommonLib/Processors/DomainTrustProcessor.cs
index 1df373ec..16681f9d 100644
--- a/src/CommonLib/Processors/DomainTrustProcessor.cs
+++ b/src/CommonLib/Processors/DomainTrustProcessor.cs
@@ -86,8 +86,9 @@ public async IAsyncEnumerable<DomainTrust> EnumerateDomainTrusts(string domain)
 
                 trust.TGTDelegationEnabled = 
                     !attributes.HasFlag(TrustAttributes.QuarantinedDomain) &&
-                    (attributes.HasFlag(TrustAttributes.CrossOrganizationEnableTGTDelegation)
-                    || !attributes.HasFlag(TrustAttributes.CrossOrganizationNoTGTDelegation));
+                    (attributes.HasFlag(TrustAttributes.WithinForest) ||
+                    attributes.HasFlag(TrustAttributes.CrossOrganizationEnableTGTDelegation));
+
                 trust.TrustType = TrustAttributesToType(attributes);
 
                 yield return trust;
@@ -111,4 +112,4 @@ public static TrustType TrustAttributesToType(TrustAttributes attributes)
             return trustType;
         }
     }
-}
\ No newline at end of file
+}