Fix SECURITY_DESCRIPTOR Control bitfield ordering

[arpitjain099]

Summary

RubySMB::Field::SecurityDescriptor parsed the MS-DTYP Control field with the wrong bit ordering, so the decoded flags did not match the bytes on the wire. For the self-relative descriptor reported in #289 (Control word 0x9404, little-endian bytes 04 94), dacl_present and self_relative both decoded as 0 even though the DACL is present and the descriptor is self-relative. That is why Client#get_key_security_descriptor returned a structure with dacl_present: 0 and an empty dacl despite a valid offset_dacl.

Fixes #289.

Root cause

The Control field is an unsigned 16-bit value transmitted little-endian (MS-DTYP 2.4.6 SECURITY_DESCRIPTOR). MS-DTYP numbers the Control bits most-significant-first:

SR RM PS PD SI DI SC DC | SS DT SD SP DD DP GD OD

As a value of the 16-bit word that is SR=0x8000, RM=0x4000, PS=0x2000, PD=0x1000, SI=0x0800, DI=0x0400, SC=0x0200, DC=0x0100, SS=0x0080, DT=0x0040, SD=0x0020, SP=0x0010, DD=0x0008, DP=0x0004, GD=0x0002, OD=0x0001.

The low byte (the first byte read) carries SS..OD and the high byte (the second byte read) carries SR..DC. The previous bit1 declarations did not follow that layout, so each flag landed on the wrong bit. Decoding 0x9404 with the old code produced sacl_protected, owner_defaulted, dacl_defaulted and sacl_defaulted instead of the correct self_relative, dacl_protected, dacl_auto_inherited and dacl_present.

Fix

Declare the bit1 fields most-significant-first within each byte, low byte first and then high byte, so every flag maps to its MS-DTYP bit value. Decoding 0x9404 now yields exactly self_relative (0x8000), dacl_protected (0x1000), dacl_auto_inherited (0x0400) and dacl_present (0x0004).

The existing per-flag examples in the spec asserted the previous incorrect masks (for example self_relative was checked against 0x0001 and dacl_present against 0x2000); they are corrected to the MS-DTYP values. A regression test parses the self-relative descriptor from the issue and checks the decoded flags and the DACL offset.

Note: this changes the on-the-wire bit mapping of a BinData definition, which CONTRIBUTING.md documents as a change that warrants a minor version bump.

Verification Steps

• bundle install

rake spec

• bundle exec rspec spec/lib/ruby_smb/field/security_descriptor.rb
• VERIFY no failures

Manual scenario

require 'ruby_smb'

# Self-relative descriptor from issue #289 (Control 0x9404)
bytes = "\x01\x00\x04\x94\x8C\x00\x00\x00\x9C\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00".b
control = RubySMB::Field::SecurityDescriptor.read(bytes).control

control.dacl_present  # => 1  (was 0 before this change)
control.self_relative # => 1  (was 0 before this change)