From 82b1dafad17904bc224b0632486006fe88301b57 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Dec 2013 13:56:18 -0800
Subject: [PATCH] CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing
 ACL when setting owner or group owner.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source3/utils/smbcacls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: samba-4.1.3+dfsg/source3/utils/smbcacls.c
===================================================================
--- samba-4.1.3+dfsg.orig/source3/utils/smbcacls.c	2014-03-17 08:32:22.853868012 -0400
+++ samba-4.1.3+dfsg/source3/utils/smbcacls.c	2014-03-17 08:32:22.845868011 -0400
@@ -991,7 +991,7 @@
 		return EXIT_FAILED;
 	}
 
-	sd = make_sec_desc(talloc_tos(),old->revision, old->type,
+	sd = make_sec_desc(talloc_tos(),old->revision, SEC_DESC_SELF_RELATIVE,
 				(change_mode == REQUEST_CHOWN) ? &sid : NULL,
 				(change_mode == REQUEST_CHGRP) ? &sid : NULL,
 			   NULL, NULL, &sd_size);