From f4ea27b84a5d6b06576e13798835fcb7fcb44d5e Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Fri, 10 Nov 2023 14:31:59 +1300 Subject: [PATCH] librpc/idl:condtional_ace: shift CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR to last bit This region is "available for application-specific data" in the CLAIM_SECURITY_ATTRIBUTE_ space, according to [MS-DTYP] 2.4.10.1, so it nicer to use that, even though we are not actually setting the flag on the V1 claims. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- librpc/idl/conditional_ace.idl | 2 +- librpc/idl/security.idl | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/librpc/idl/conditional_ace.idl b/librpc/idl/conditional_ace.idl index 783336cbc65..55ec3671444 100644 --- a/librpc/idl/conditional_ace.idl +++ b/librpc/idl/conditional_ace.idl @@ -415,7 +415,7 @@ interface conditional_ace * operator that argument has been resolved into an ordinary * token. So we set the flag so the operator can know. */ - const uint32 CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR = 0x8000; + const uint32 CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR = 1 << 31; /* * The maximum size of the conditional ACE conditions in the diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 20237290957..400da6b3355 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -618,12 +618,12 @@ interface security CLAIM_SECURITY_ATTRIBUTE_MANDATORY = 0x20, /* * Conditional ACEs use some of the above flags in - * combination with an internal one at the other end - * of a 16 bit field (defined in conditional_ace.idl). + * combination with an internal one defined in + * conditional_ace.idl. * This next definition is warning us in case a clash * develops (which seems very unlikely). */ - CLAIM_SECURITY_ATTRIBUTE_RESERVED_FOR_SAMBA = 0x8000 + CLAIM_SECURITY_ATTRIBUTE_RESERVED_FOR_SAMBA = 1UL << 31 } claim_flags; /* -- 2.47.3