From 109d63a4f2f81c06948b8c0db15ff3f35276d24e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Dec 2013 13:56:18 -0800
Subject: [PATCH] CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing
 ACL when setting owner or group owner.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source3/utils/smbcacls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 9eccede1f20..8888421825d 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -991,7 +991,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
 		return EXIT_FAILED;
 	}
 
-	sd = make_sec_desc(talloc_tos(),old->revision, old->type,
+	sd = make_sec_desc(talloc_tos(),old->revision, SEC_DESC_SELF_RELATIVE,
 				(change_mode == REQUEST_CHOWN) ? &sid : NULL,
 				(change_mode == REQUEST_CHGRP) ? &sid : NULL,
 			   NULL, NULL, &sd_size);
-- 
2.11.4.GIT