From 41d8d99d8ac9e53405868bf5e34f48a01550c1f4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Dec 2013 13:56:18 -0800
Subject: [PATCH] CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing
 ACL when setting owner or group owner.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Mar 11 22:55:54 CET 2014 on sn-devel-104
---
 source3/utils/smbcacls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 11b7388303c..e3b7099f4fd 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -990,7 +990,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
 		return EXIT_FAILED;
 	}
 
-	sd = make_sec_desc(talloc_tos(),old->revision, old->type,
+	sd = make_sec_desc(talloc_tos(),old->revision, SEC_DESC_SELF_RELATIVE,
 				(change_mode == REQUEST_CHOWN) ? &sid : NULL,
 				(change_mode == REQUEST_CHGRP) ? &sid : NULL,
 			   NULL, NULL, &sd_size);
-- 
2.11.4.GIT