cryptsetup: fix flags check

FLAGS_SET() checks if *all* the bits are set. In this case we want to check
if *any* are. FLAGS_SET() was added in cde2f8605e0c3842f9a87785dd758f955f2d04ba,
but not a bug then yet, because with just one bit, both options are equivalent.
But when more bits were added later, this stopped being correct.

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 5ae2aaa06036356090b03d614383e4edce23c408..ca6bdecb8632913adc01fc488a05d986672c207b 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -772,7 +772,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
                 if (r < 0)
                         return r;
 
-                if (FLAGS_SET(required, FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV) && arg_headless)
+                if ((required & (FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV)) && arg_headless)
                         return log_error_errno(SYNTHETIC_ERRNO(ENOPKG),
                                                "Local verification is required to unlock this volume, but the 'headless' parameter was set.");