Security Descriptor SDDL/byte conversion exceptions

[leechristensen]

On Windows 11, when converting the byte array security descriptor for the SEMgrSvc and lfsvc services (stored in HKLM\CurrentControlSet\Services<service>\Security`) to an SDDL, I'm getting the following error:

Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
  File "/home/dev/code/test/.venv/lib/python3.10/site-packages/winacl/dtyp/security_descriptor.py", line 148, in to_sddl
    t+= 'D:' + sddl_acl_control(self.Control) + self.Dacl.to_sddl(object_type)
  File "/home/dev/code/test/.venv/lib/python3.10/site-packages/winacl/dtyp/acl.py", line 69, in to_sddl
    t += ace.to_sddl(object_type)
AttributeError: 'ACCESS_ALLOWED_CALLBACK_ACE' object has no attribute 'to_sddl'

Similarly, when converting explorer.exe's security descriptor to an SDDL, I get the following error due to explorer.exe having a SACL:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/dev/code/test/.venv/lib/python3.10/site-packages/winacl/dtyp/security_descriptor.py", line 146, in to_sddl
    t+= 'S:' + sddl_acl_control(self.Control) + self.Sacl.to_sddl(object_type)
  File "/home/dev/code/test/.venv/lib/python3.10/site-packages/winacl/dtyp/acl.py", line 69, in to_sddl
    t += ace.to_sddl(object_type)
AttributeError: 'SYSTEM_MANDATORY_LABEL_ACE' object has no attribute 'to_sddl'

To get explorer.exe's bytes, I used PowerShell + NtObjectManager:

Install-Module NtObjectManager -Scope CurrentUser -Force; 
(Get-NtProcess -Name explorer.exe).SecurityDescriptor.ToByteArray() -join ','

Thanks for the great module!