Release 3.9

Causing regressions.

LICENSE.md

@@ -8,6 +8,7 @@ are part of **Wine Staging** and are licensed under the terms of the
 
 ```
 Copyright (C) 2014-2017 the Wine Staging project authors.
+Copyright (C) 2018 Alistair Leslie-Hughes
 
 Wine Staging is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public

patches/Compiler_Warnings/0019-dsound-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,26 +0,0 @@
-From de9dbd542143b13741886c3e4b9f96ffcbfaa432 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Wed, 16 Mar 2016 05:46:33 +0100
-Subject: dsound: Avoid implicit cast of interface pointer.
-
-Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
----
- dlls/dsound/primary.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dlls/dsound/primary.c b/dlls/dsound/primary.c
-index 3f8a478..6f280f8 100644
---- a/dlls/dsound/primary.c
-+++ b/dlls/dsound/primary.c
-@@ -626,7 +626,7 @@ out:
- static inline IDirectSoundBufferImpl *impl_from_IDirectSoundBuffer(IDirectSoundBuffer *iface)
- {
-     /* IDirectSoundBuffer and IDirectSoundBuffer8 use the same iface. */
--    return CONTAINING_RECORD(iface, IDirectSoundBufferImpl, IDirectSoundBuffer8_iface);
-+    return CONTAINING_RECORD((IDirectSoundBuffer8 *)iface, IDirectSoundBufferImpl, IDirectSoundBuffer8_iface);
- }
- 
- /* This sets this format for the primary buffer only */
--- 
-2.7.1
-

patches/Compiler_Warnings/0020-amstream-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,4 +1,4 @@
-From 83d96cdd81553544c79527c2aed329e96938af64 Mon Sep 17 00:00:00 2001
+From bd48f0d6b1476a77520f0bf5f82ac08e9dbf9acd Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:54:01 +0100
 Subject: amstream: Avoid implicit cast of interface pointer.
@@ -8,10 +8,10 @@ Subject: amstream: Avoid implicit cast of interface pointer.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/dlls/amstream/mediastreamfilter.c b/dlls/amstream/mediastreamfilter.c
-index d0c6714..3f0397a 100644
+index 5abcb2f..a7ff6e8 100644
 --- a/dlls/amstream/mediastreamfilter.c
 +++ b/dlls/amstream/mediastreamfilter.c
-@@ -70,7 +70,7 @@ typedef struct {
+@@ -42,7 +42,7 @@ typedef struct {
  
  static inline IMediaStreamFilterImpl *impl_from_IMediaStreamFilter(IMediaStreamFilter *iface)
  {
@@ -19,7 +19,7 @@ index d0c6714..3f0397a 100644
 +    return CONTAINING_RECORD((IBaseFilter *)iface, IMediaStreamFilterImpl, filter.IBaseFilter_iface);
  }
  
- static HRESULT WINAPI BasePinImpl_CheckMediaType(BasePin *This, const AM_MEDIA_TYPE *pmt)
+ /*** IUnknown methods ***/
 -- 
-2.7.1
+2.7.4
 

patches/Compiler_Warnings/0024-d3d9-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,14 +1,14 @@
-From cd3c63b259a711abf4e6e06f975e47f82b5b3e1b Mon Sep 17 00:00:00 2001
+From 3dd0480317fe0ed3951daf1cf5757204d11a1ae5 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:55:12 +0100
-Subject: d3d9: Avoid implicit cast of interface pointer.
+Subject: [PATCH] d3d9: Avoid implicit cast of interface pointer.
 
 ---
  dlls/d3d9/texture.c | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/dlls/d3d9/texture.c b/dlls/d3d9/texture.c
-index 07bd83e..4e50093 100644
+index d3662f8..ebc3413 100644
 --- a/dlls/d3d9/texture.c
 +++ b/dlls/d3d9/texture.c
 @@ -25,17 +25,17 @@ WINE_DEFAULT_DEBUG_CHANNEL(d3d9);
@@ -31,7 +31,7 @@ index 07bd83e..4e50093 100644
 +    return CONTAINING_RECORD((IDirect3DBaseTexture9 *)iface, struct d3d9_texture, IDirect3DBaseTexture9_iface);
  }
  
- static HRESULT WINAPI d3d9_texture_2d_QueryInterface(IDirect3DTexture9 *iface, REFIID riid, void **out)
+ static void STDMETHODCALLTYPE srv_wined3d_object_destroyed(void *parent)
 -- 
-2.7.1
+1.9.1
 

patches/Pipelight/0003-wined3d-allow-changing-strict-drawing-through-an-exp.patch

@@ -1,42 +0,0 @@
-From b0a0388503a1576fb9b1b91ca764251b30f7dd3e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 20 Jul 2014 22:22:14 +0200
-Subject: wined3d: allow changing strict drawing through an exported function
-
----
- dlls/wined3d/wined3d.spec   | 2 ++
- dlls/wined3d/wined3d_main.c | 5 +++++
- 2 files changed, 7 insertions(+)
-
-diff --git a/dlls/wined3d/wined3d.spec b/dlls/wined3d/wined3d.spec
-index bbd2fb5..2fd0c0e 100644
---- a/dlls/wined3d/wined3d.spec
-+++ b/dlls/wined3d/wined3d.spec
-@@ -220,6 +220,8 @@
- @ cdecl wined3d_stateblock_decref(ptr)
- @ cdecl wined3d_stateblock_incref(ptr)
- 
-+@ cdecl wined3d_strictdrawing_set(long)
-+
- @ cdecl wined3d_swapchain_create(ptr ptr ptr ptr ptr)
- @ cdecl wined3d_swapchain_decref(ptr)
- @ cdecl wined3d_swapchain_get_back_buffer(ptr long)
-diff --git a/dlls/wined3d/wined3d_main.c b/dlls/wined3d/wined3d_main.c
-index 0543d97..6a62697 100644
---- a/dlls/wined3d/wined3d_main.c
-+++ b/dlls/wined3d/wined3d_main.c
-@@ -515,6 +515,11 @@ void wined3d_unregister_window(HWND window)
-     wined3d_wndproc_mutex_unlock();
- }
- 
-+void CDECL wined3d_strictdrawing_set(int value)
-+{
-+    wined3d_settings.strict_draw_ordering = value;
-+}
-+
- /* At process attach */
- BOOL WINAPI DllMain(HINSTANCE inst, DWORD reason, void *reserved)
- {
--- 
-2.7.1
-

patches/Pipelight/0004-winex11.drv-Indicate-direct-rendering-through-OpenGL.patch

@@ -11,7 +11,7 @@ diff --git a/dlls/winex11.drv/opengl.c b/dlls/winex11.drv/opengl.c
 index 71af3db..966d32d 100644
 --- a/dlls/winex11.drv/opengl.c
 +++ b/dlls/winex11.drv/opengl.c
-@@ -440,6 +440,7 @@ static int GLXErrorHandler(Display *dpy, XErrorEvent *event, void *arg)
+@@ -440,6 +440,7 @@ static int GLXErrorHandler(Display *dpy,
  static BOOL X11DRV_WineGL_InitOpenglInfo(void)
  {
      static const char legacy_extensions[] = " WGL_EXT_extensions_string WGL_EXT_swap_control";
@@ -19,30 +19,26 @@ index 71af3db..966d32d 100644
  
      int screen = DefaultScreen(gdi_display);
      Window win = 0, root = 0;
-@@ -491,10 +492,13 @@ static BOOL X11DRV_WineGL_InitOpenglInfo(void)
+@@ -493,16 +494,18 @@ static BOOL X11DRV_WineGL_InitOpenglInfo
      }
      gl_renderer = (const char *)opengl_funcs.gl.p_glGetString(GL_RENDERER);
-     WineGLInfo.glVersion = (const char *) opengl_funcs.gl.p_glGetString(GL_VERSION);
-+    WineGLInfo.glxDirect = pglXIsDirect(gdi_display, ctx);
+     gl_version  = (const char *)opengl_funcs.gl.p_glGetString(GL_VERSION);
++    glx_direct = pglXIsDirect(gdi_display, ctx);
      str = (const char *) opengl_funcs.gl.p_glGetString(GL_EXTENSIONS);
--    WineGLInfo.glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions));
-+    WineGLInfo.glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions)+sizeof(direct_extension));
-     strcpy(WineGLInfo.glExtensions, str);
-     strcat(WineGLInfo.glExtensions, legacy_extensions);
-+    if (WineGLInfo.glxDirect)
-+        strcat(WineGLInfo.glExtensions, direct_extension);
+-    glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions));
++    glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions)+sizeof(direct_extension));
+     strcpy(glExtensions, str);
+     strcat(glExtensions, legacy_extensions);
++    if (glx_direct)
++        strcat(glExtensions, direct_extension);
  
      /* Get the common GLX version supported by GLX client and server ( major/minor) */
-     pglXQueryVersion(gdi_display, &WineGLInfo.glxVersion[0], &WineGLInfo.glxVersion[1]);
-@@ -508,7 +512,7 @@ static BOOL X11DRV_WineGL_InitOpenglInfo(void)
-     WineGLInfo.glxClientExtensions = pglXGetClientString(gdi_display, GLX_EXTENSIONS);
+     pglXQueryVersion(gdi_display, &glxVersion[0], &glxVersion[1]);
  
-     WineGLInfo.glxExtensions = pglXQueryExtensionsString(gdi_display, screen);
--    WineGLInfo.glxDirect = pglXIsDirect(gdi_display, ctx);
-+
+     glxExtensions = pglXQueryExtensionsString(gdi_display, screen);
+-    glx_direct = pglXIsDirect(gdi_display, ctx);
  
-     TRACE("GL version             : %s.\n", WineGLInfo.glVersion);
+     TRACE("GL version             : %s.\n", gl_version);
      TRACE("GL renderer            : %s.\n", gl_renderer);
 -- 
 1.7.9.5
-

patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch

@@ -1,40 +1,41 @@
-From 41ee5d7699182ea01c61223ab9d0a10473e16ac2 Mon Sep 17 00:00:00 2001
+From ee1533db82fa2a955765b6a00f5300900350d2fe Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
-Subject: kernel32: Add winediag message to show warning, that this isn't
- vanilla wine.
+Subject: [PATCH] kernel32: Add winediag message to show warning, that this
+ isn't vanilla wine.
 
 ---
- dlls/kernel32/process.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
+ dlls/kernel32/process.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 6d0fc74cdf4..ed1d967ffdf 100644
+index 0a3fd70..206224f 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
 @@ -65,6 +65,7 @@
+ 
  WINE_DEFAULT_DEBUG_CHANNEL(process);
- WINE_DECLARE_DEBUG_CHANNEL(file);
  WINE_DECLARE_DEBUG_CHANNEL(relay);
 +WINE_DECLARE_DEBUG_CHANNEL(winediag);
  
  #ifdef __APPLE__
  extern char **__wine_get_main_environment(void);
-@@ -1104,6 +1105,14 @@ static DWORD WINAPI start_process( PEB *peb )
-         DPRINTF( "%04x:Starting process %s (entryproc=%p)\n", GetCurrentThreadId(),
-                  debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
+@@ -1090,6 +1091,15 @@ void WINAPI start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
  
-+    if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
-+    {
-+        FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
-+        FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
-+    }
-+    else
-+        WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
+     __TRY
+     {
++        if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
++        {
++            FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
++            FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
++        }
++        else
++            WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
-     if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
-         being_debugged = FALSE;
++
+         if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
+             being_debugged = FALSE;
  
 -- 
-2.11.0
+1.9.1
 

patches/advapi32-BuildSecurityDescriptor/0001-advapi32-Implement-BuildSecurityDescriptorW.patch

@@ -1,268 +0,0 @@
-From 994fe46f1b68d851d285a29cce904bd9f22540ea Mon Sep 17 00:00:00 2001
-From: Andrew Wesie <awesie@gmail.com>
-Date: Tue, 2 May 2017 00:59:49 -0500
-Subject: advapi32: Implement BuildSecurityDescriptorW.
-
----
- dlls/advapi32/security.c | 218 +++++++++++++++++++++++++++++++++++------------
- 1 file changed, 164 insertions(+), 54 deletions(-)
-
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index 24ec3099713..82bb6689d43 100644
---- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -58,6 +58,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
-     SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
-     LPDWORD cBytes);
- static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
-+static DWORD trustee_to_sid(DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee);
- 
- typedef struct _ACEFLAG
- {
-@@ -1264,16 +1265,122 @@ DWORD WINAPI BuildSecurityDescriptorW(
-     IN ULONG cCountOfAccessEntries,
-     IN PEXPLICIT_ACCESSW pListOfAccessEntries,
-     IN ULONG cCountOfAuditEntries,
--    IN PEXPLICIT_ACCESSW pListofAuditEntries,
-+    IN PEXPLICIT_ACCESSW pListOfAuditEntries,
-     IN PSECURITY_DESCRIPTOR pOldSD,
-     IN OUT PULONG lpdwBufferLength,
-     OUT PSECURITY_DESCRIPTOR* pNewSD)
- { 
--    FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
--          cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
--          pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
-+    SECURITY_DESCRIPTOR desc;
-+    NTSTATUS status;
-+    DWORD ret = ERROR_SUCCESS;
-+
-+    TRACE("(%p,%p,%d,%p,%d,%p,%p,%p,%p)\n", pOwner, pGroup,
-+          cCountOfAccessEntries, pListOfAccessEntries, cCountOfAuditEntries,
-+          pListOfAuditEntries, pOldSD, lpdwBufferLength, pNewSD);
-  
--    return ERROR_CALL_NOT_IMPLEMENTED;
-+    if (pOldSD)
-+    {
-+        SECURITY_DESCRIPTOR_CONTROL control;
-+        DWORD desc_size, dacl_size = 0, sacl_size = 0, owner_size = 0, group_size = 0;
-+        PACL dacl = NULL, sacl = NULL;
-+        PSID owner = NULL, group = NULL;
-+        DWORD revision;
-+
-+        if ((status = RtlGetControlSecurityDescriptor( pOldSD, &control, &revision )) != STATUS_SUCCESS)
-+            return RtlNtStatusToDosError( status );
-+        if (!(control & SE_SELF_RELATIVE))
-+            return ERROR_INVALID_SECURITY_DESCR;
-+
-+        desc_size = sizeof(desc);
-+        status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
-+                                              owner, &owner_size, group, &group_size );
-+        if (status == STATUS_BUFFER_TOO_SMALL)
-+        {
-+            if (dacl_size)
-+                dacl = LocalAlloc( LMEM_FIXED, dacl_size );
-+            if (sacl_size)
-+                sacl = LocalAlloc( LMEM_FIXED, sacl_size );
-+            if (owner_size)
-+                owner = LocalAlloc( LMEM_FIXED, owner_size );
-+            if (group_size)
-+                group = LocalAlloc( LMEM_FIXED, group_size );
-+
-+            desc_size = sizeof(desc);
-+            status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
-+                                                  owner, &owner_size, group, &group_size );
-+        }
-+        if (status != STATUS_SUCCESS)
-+        {
-+            LocalFree( dacl );
-+            LocalFree( sacl );
-+            LocalFree( owner );
-+            LocalFree( group );
-+            return RtlNtStatusToDosError( status );
-+        }
-+    }
-+    else
-+    {
-+        if ((status = RtlCreateSecurityDescriptor( &desc, SECURITY_DESCRIPTOR_REVISION )) != STATUS_SUCCESS)
-+            return RtlNtStatusToDosError( status );
-+    }
-+
-+    if (pOwner)
-+    {
-+        LocalFree( desc.Owner );
-+        desc.Owner = LocalAlloc( LMEM_FIXED, sizeof(MAX_SID) );
-+        if ((ret = trustee_to_sid( sizeof(MAX_SID), desc.Owner, pOwner )))
-+            goto done;
-+    }
-+
-+    if (pGroup)
-+    {
-+        LocalFree( desc.Group );
-+        desc.Group = LocalAlloc( LMEM_FIXED, sizeof(MAX_SID) );
-+        if ((ret = trustee_to_sid( sizeof(MAX_SID), desc.Group, pGroup )))
-+            goto done;
-+    }
-+
-+    if (pListOfAccessEntries)
-+    {
-+        PACL new_dacl;
-+
-+        if ((ret = SetEntriesInAclW( cCountOfAccessEntries, pListOfAccessEntries, desc.Dacl, &new_dacl )))
-+            goto done;
-+
-+        LocalFree( desc.Dacl );
-+        desc.Dacl = new_dacl;
-+        desc.Control |= SE_DACL_PRESENT;
-+    }
-+
-+    if (pListOfAuditEntries)
-+    {
-+        PACL new_sacl;
-+
-+        if ((ret = SetEntriesInAclW( cCountOfAuditEntries, pListOfAuditEntries, desc.Sacl, &new_sacl )))
-+            goto done;
-+
-+        LocalFree( desc.Sacl );
-+        desc.Sacl = new_sacl;
-+        desc.Control |= SE_SACL_PRESENT;
-+    }
-+
-+    *lpdwBufferLength = RtlLengthSecurityDescriptor( &desc );
-+    *pNewSD = LocalAlloc( LMEM_FIXED, *lpdwBufferLength );
-+
-+    if ((status = RtlMakeSelfRelativeSD( &desc, *pNewSD, lpdwBufferLength )) != STATUS_SUCCESS)
-+    {
-+        ret = RtlNtStatusToDosError( status );
-+        LocalFree( *pNewSD );
-+        *pNewSD = NULL;
-+    }
-+
-+done:
-+    /* free absolute descriptor */
-+    LocalFree( desc.Owner );
-+    LocalFree( desc.Group );
-+    LocalFree( desc.Sacl );
-+    LocalFree( desc.Dacl );
-+    return ret;
- } 
- 
- /******************************************************************************
-@@ -3766,6 +3873,56 @@ static void free_trustee_name(TRUSTEE_FORM form, WCHAR *trustee_nameW)
-     }
- }
- 
-+static DWORD trustee_to_sid( DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee )
-+{
-+    if (pTrustee->MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE)
-+    {
-+        WARN("bad multiple trustee operation %d\n", pTrustee->MultipleTrusteeOperation);
-+        return ERROR_INVALID_PARAMETER;
-+    }
-+
-+    switch (pTrustee->TrusteeForm)
-+    {
-+    case TRUSTEE_IS_SID:
-+        if (!CopySid(nDestinationSidLength, pDestinationSid, pTrustee->ptstrName))
-+        {
-+            WARN("bad sid %p\n", pTrustee->ptstrName);
-+            return ERROR_INVALID_PARAMETER;
-+        }
-+        break;
-+    case TRUSTEE_IS_NAME:
-+    {
-+        DWORD sid_size = nDestinationSidLength;
-+        DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
-+        SID_NAME_USE use;
-+        if (!strcmpW( pTrustee->ptstrName, CURRENT_USER ))
-+        {
-+            if (!lookup_user_account_name( pDestinationSid, &sid_size, NULL, &domain_size, &use ))
-+            {
-+                return GetLastError();
-+            }
-+        }
-+        else if (!LookupAccountNameW(NULL, pTrustee->ptstrName, pDestinationSid, &sid_size, NULL, &domain_size, &use))
-+        {
-+            WARN("bad user name %s\n", debugstr_w(pTrustee->ptstrName));
-+            return ERROR_INVALID_PARAMETER;
-+        }
-+        break;
-+    }
-+    case TRUSTEE_IS_OBJECTS_AND_SID:
-+        FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
-+        break;
-+    case TRUSTEE_IS_OBJECTS_AND_NAME:
-+        FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
-+        break;
-+    default:
-+        WARN("bad trustee form %d\n", pTrustee->TrusteeForm);
-+        return ERROR_INVALID_PARAMETER;
-+    }
-+
-+    return ERROR_SUCCESS;
-+}
-+
- /******************************************************************************
-  * SetEntriesInAclA [ADVAPI32.@]
-  */
-@@ -3861,56 +4018,9 @@ DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
-               pEntries[i].Trustee.TrusteeForm, pEntries[i].Trustee.TrusteeType,
-               pEntries[i].Trustee.ptstrName);
- 
--        if (pEntries[i].Trustee.MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE)
--        {
--            WARN("bad multiple trustee operation %d for trustee %d\n", pEntries[i].Trustee.MultipleTrusteeOperation, i);
--            ret = ERROR_INVALID_PARAMETER;
--            goto exit;
--        }
--
--        switch (pEntries[i].Trustee.TrusteeForm)
--        {
--        case TRUSTEE_IS_SID:
--            if (!CopySid(FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]),
--                         ppsid[i], pEntries[i].Trustee.ptstrName))
--            {
--                WARN("bad sid %p for trustee %d\n", pEntries[i].Trustee.ptstrName, i);
--                ret = ERROR_INVALID_PARAMETER;
--                goto exit;
--            }
--            break;
--        case TRUSTEE_IS_NAME:
--        {
--            DWORD sid_size = FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
--            DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
--            SID_NAME_USE use;
--            if (!strcmpW( pEntries[i].Trustee.ptstrName, CURRENT_USER ))
--            {
--                if (!lookup_user_account_name( ppsid[i], &sid_size, NULL, &domain_size, &use ))
--                {
--                    ret = GetLastError();
--                    goto exit;
--                }
--            }
--            else if (!LookupAccountNameW(NULL, pEntries[i].Trustee.ptstrName, ppsid[i], &sid_size, NULL, &domain_size, &use))
--            {
--                WARN("bad user name %s for trustee %d\n", debugstr_w(pEntries[i].Trustee.ptstrName), i);
--                ret = ERROR_INVALID_PARAMETER;
--                goto exit;
--            }
--            break;
--        }
--        case TRUSTEE_IS_OBJECTS_AND_SID:
--            FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
--            break;
--        case TRUSTEE_IS_OBJECTS_AND_NAME:
--            FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
--            break;
--        default:
--            WARN("bad trustee form %d for trustee %d\n", pEntries[i].Trustee.TrusteeForm, i);
--            ret = ERROR_INVALID_PARAMETER;
-+        ret = trustee_to_sid( FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]), ppsid[i], &pEntries[i].Trustee);
-+        if (ret)
-             goto exit;
--        }
- 
-         /* Note: we overestimate the ACL size here as a tradeoff between
-          * instructions (simplicity) and memory */
--- 
-2.12.2
-

patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch

@@ -1,69 +0,0 @@
-From 09d62cfc4fa999eacc89af2ad414810e22c910a9 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Fri, 5 May 2017 00:18:50 +0200
-Subject: advapi32/tests: Add basic tests for BuildSecurityDescriptor.
-
----
- dlls/advapi32/tests/security.c | 39 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 39 insertions(+)
-
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index ca5edffae5..db5a0f934c 100644
---- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -7217,6 +7217,44 @@ static void test_GetExplicitEntriesFromAclW(void)
-     HeapFree(GetProcessHeap(), 0, old_acl);
- }
- 
-+static void test_BuildSecurityDescriptorW(void)
-+{
-+    SECURITY_DESCRIPTOR old_sd, *new_sd, *rel_sd;
-+    ULONG new_sd_size;
-+    DWORD buf_size;
-+    char buf[1024];
-+    BOOL success;
-+    DWORD ret;
-+
-+    InitializeSecurityDescriptor(&old_sd, SECURITY_DESCRIPTOR_REVISION);
-+
-+    buf_size = sizeof(buf);
-+    rel_sd = (SECURITY_DESCRIPTOR *)buf;
-+    success = MakeSelfRelativeSD(&old_sd, rel_sd, &buf_size);
-+    ok(success, "MakeSelfRelativeSD failed with %u\n", GetLastError());
-+
-+    new_sd = NULL;
-+    new_sd_size = 0;
-+    ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, NULL, &new_sd_size, (void **)&new_sd);
-+    ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
-+    ok(new_sd != NULL, "expected new_sd != NULL\n");
-+    ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
-+    LocalFree(new_sd);
-+
-+    new_sd = (void *)0xdeadbeef;
-+    ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, &old_sd, &new_sd_size, (void **)&new_sd);
-+    ok(ret == ERROR_INVALID_SECURITY_DESCR, "expected ERROR_INVALID_SECURITY_DESCR, got %u\n", ret);
-+    ok(new_sd == (void *)0xdeadbeef, "expected new_sd == 0xdeadbeef, got %p\n", new_sd);
-+
-+    new_sd = NULL;
-+    new_sd_size = 0;
-+    ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, rel_sd, &new_sd_size, (void **)&new_sd);
-+    ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
-+    ok(new_sd != NULL, "expected new_sd != NULL\n");
-+    ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
-+    LocalFree(new_sd);
-+}
-+
- START_TEST(security)
- {
-     init();
-@@ -7271,6 +7309,7 @@ START_TEST(security)
-     test_maximum_allowed();
-     test_token_label();
-     test_GetExplicitEntriesFromAclW();
-+    test_BuildSecurityDescriptorW();
- 
-     /* Must be the last test, modifies process token */
-     test_token_security_descriptor();
--- 
-2.13.1
-

patches/advapi32-BuildSecurityDescriptor/definition

@@ -1,2 +0,0 @@
-Fixes: Initial implementation of advapi32.BuildSecurityDescriptorW
-Depends: advapi32-GetExplicitEntriesFromAclW

patches/advapi32-CreateRestrictedToken/0001-ntdll-Implement-NtFilterToken.patch

@@ -1,4 +1,4 @@
-From 3f314cc8251f62f592013abe7b1c3b977de0699a Mon Sep 17 00:00:00 2001
+From 1eb8acd819f9eee8fdf154d0ef43881008265916 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 4 Aug 2017 02:33:14 +0200
 Subject: ntdll: Implement NtFilterToken.
@@ -15,10 +15,10 @@ Subject: ntdll: Implement NtFilterToken.
  8 files changed, 162 insertions(+), 5 deletions(-)
 
 diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index 93554e929be..5822dec9b15 100644
+index c3f5df3..59a08de 100644
 --- a/dlls/ntdll/nt.c
 +++ b/dlls/ntdll/nt.c
-@@ -136,6 +136,65 @@ NTSTATUS WINAPI NtDuplicateToken(
+@@ -119,6 +119,65 @@ NTSTATUS WINAPI NtDuplicateToken(
  }
  
  /******************************************************************************
@@ -85,10 +85,10 @@ index 93554e929be..5822dec9b15 100644
   *  ZwOpenProcessToken		[NTDLL.@]
   */
 diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index 4f7ee496437..275fda57970 100644
+index c260b0d..3c5e69c 100644
 --- a/dlls/ntdll/ntdll.spec
 +++ b/dlls/ntdll/ntdll.spec
-@@ -179,7 +179,7 @@
+@@ -176,7 +176,7 @@
  # @ stub NtEnumerateSystemEnvironmentValuesEx
  @ stdcall NtEnumerateValueKey(long long long ptr long ptr)
  @ stub NtExtendSection
@@ -98,10 +98,10 @@ index 4f7ee496437..275fda57970 100644
  @ stdcall NtFlushBuffersFile(long ptr)
  @ stdcall NtFlushInstructionCache(long ptr long)
 diff --git a/include/winnt.h b/include/winnt.h
-index f91f81eb559..891c9b6d4bb 100644
+index 16d96d8..4e238f9 100644
 --- a/include/winnt.h
 +++ b/include/winnt.h
-@@ -3844,6 +3844,11 @@ typedef enum _TOKEN_INFORMATION_CLASS {
+@@ -3904,6 +3904,11 @@ typedef enum _TOKEN_INFORMATION_CLASS {
  					TOKEN_ADJUST_SESSIONID | \
  					TOKEN_ADJUST_DEFAULT )
  
@@ -114,10 +114,10 @@ index f91f81eb559..891c9b6d4bb 100644
  #define _SECURITY_DEFINED
  
 diff --git a/include/winternl.h b/include/winternl.h
-index 140669b0105..899e8324d67 100644
+index c84e6d7..288f93e 100644
 --- a/include/winternl.h
 +++ b/include/winternl.h
-@@ -2348,6 +2348,7 @@ NTSYSAPI NTSTATUS  WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES
+@@ -2303,6 +2303,7 @@ NTSYSAPI NTSTATUS  WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES
  NTSYSAPI NTSTATUS  WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
  NTSYSAPI NTSTATUS  WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
  NTSYSAPI NTSTATUS  WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER);
@@ -126,10 +126,10 @@ index 140669b0105..899e8324d67 100644
  NTSYSAPI NTSTATUS  WINAPI NtFlushBuffersFile(HANDLE,IO_STATUS_BLOCK*);
  NTSYSAPI NTSTATUS  WINAPI NtFlushInstructionCache(HANDLE,LPCVOID,SIZE_T);
 diff --git a/server/process.c b/server/process.c
-index cbe726afe81..f0f60edcd3f 100644
+index f8739d0..71d9d6d 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -571,7 +571,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+@@ -566,7 +566,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -139,10 +139,10 @@ index cbe726afe81..f0f60edcd3f 100644
      }
      if (!process->handles || !process->token) goto error;
 diff --git a/server/protocol.def b/server/protocol.def
-index fc6e343af52..b3dce66eb9c 100644
+index 35824ae..6ee6d28 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3391,6 +3391,16 @@ enum caret_state
+@@ -3356,6 +3356,16 @@ enum caret_state
      obj_handle_t  new_handle; /* duplicated handle */
  @END
  
@@ -160,10 +160,10 @@ index fc6e343af52..b3dce66eb9c 100644
      obj_handle_t    handle; /* handle to the token */
      unsigned int    desired_access; /* desired access to the object */
 diff --git a/server/security.h b/server/security.h
-index 606dbb2ab2c..6c337143c3d 100644
+index 873bbc6..bc4a8f6 100644
 --- a/server/security.h
 +++ b/server/security.h
-@@ -56,7 +56,9 @@ extern const PSID security_high_label_sid;
+@@ -55,7 +55,9 @@ extern const PSID security_high_label_sid;
  extern struct token *token_create_admin(void);
  extern int token_assign_label( struct token *token, PSID label );
  extern struct token *token_duplicate( struct token *src_token, unsigned primary,
@@ -175,10 +175,10 @@ index 606dbb2ab2c..6c337143c3d 100644
                                     const LUID_AND_ATTRIBUTES *reqprivs,
                                     unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
 diff --git a/server/token.c b/server/token.c
-index 74db66e1e24..acd7a4dedb5 100644
+index 0810a61..2f6a467 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -299,6 +299,19 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
+@@ -276,6 +276,19 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
      return TRUE;
  }
  
@@ -198,7 +198,7 @@ index 74db66e1e24..acd7a4dedb5 100644
  /* checks whether all members of a security descriptor fit inside the size
   * of memory specified */
  int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
-@@ -639,8 +652,36 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -619,8 +632,36 @@ static struct token *create_token( unsigned primary, const SID *user,
      return token;
  }
  
@@ -236,7 +236,7 @@ index 74db66e1e24..acd7a4dedb5 100644
  {
      const luid_t *modified_id =
          primary || (impersonation_level == src_token->impersonation_level) ?
-@@ -676,6 +717,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -656,6 +697,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
              return NULL;
          }
          memcpy( newgroup, group, size );
@@ -248,8 +248,8 @@ index 74db66e1e24..acd7a4dedb5 100644
 +        }
          list_add_tail( &token->groups, &newgroup->entry );
          if (src_token->primary_group == &group->sid)
-             token->primary_group = &newgroup->sid;
-@@ -684,11 +731,14 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+         {
+@@ -667,11 +714,14 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
  
      /* copy privileges */
      LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
@@ -264,7 +264,7 @@ index 74db66e1e24..acd7a4dedb5 100644
  
      if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
                              DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
-@@ -1322,7 +1372,7 @@ DECL_HANDLER(duplicate_token)
+@@ -1304,7 +1354,7 @@ DECL_HANDLER(duplicate_token)
                                                       TOKEN_DUPLICATE,
                                                       &token_ops )))
      {
@@ -273,7 +273,7 @@ index 74db66e1e24..acd7a4dedb5 100644
          if (token)
          {
              reply->new_handle = alloc_handle_no_access_check( current->process, token, req->access, objattr->attributes );
-@@ -1332,6 +1382,36 @@ DECL_HANDLER(duplicate_token)
+@@ -1314,6 +1364,36 @@ DECL_HANDLER(duplicate_token)
      }
  }
  
@@ -311,5 +311,5 @@ index 74db66e1e24..acd7a4dedb5 100644
  DECL_HANDLER(check_token_privileges)
  {
 -- 
-2.13.1
+2.7.4
 

patches/advapi32-CreateRestrictedToken/definition

@@ -1 +1 @@
-Fixes: Implement advapi32.CreateRestrictedToken
+Fixes: [25834] Implement advapi32.CreateRestrictedToken

patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch

@@ -1,279 +0,0 @@
-From 510d9f43f441bc3a9723aabfd2c1cdc8737d6dcc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 28 Aug 2016 21:56:41 +0200
-Subject: advapi32: Implement GetExplicitEntriesFromAclW.
-
----
- dlls/advapi32/security.c       |  81 ++++++++++++++++++++++-
- dlls/advapi32/tests/security.c | 142 +++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 221 insertions(+), 2 deletions(-)
-
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index e36792cff4..b305947347 100644
---- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -4205,8 +4205,85 @@ DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntr
- DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
-         PEXPLICIT_ACCESSW* pListOfExplicitEntries)
- {
--    FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
--    return ERROR_CALL_NOT_IMPLEMENTED;
-+    ACL_SIZE_INFORMATION sizeinfo;
-+    EXPLICIT_ACCESSW* entries;
-+    MAX_SID *sid_entries;
-+    ACE_HEADER *ace;
-+    NTSTATUS status;
-+    int i;
-+
-+    FIXME("%p %p %p: semi-stub\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
-+
-+    if (!pcCountOfExplicitEntries || !pListOfExplicitEntries)
-+        return ERROR_INVALID_PARAMETER;
-+
-+    status = RtlQueryInformationAcl(pacl, &sizeinfo, sizeof(sizeinfo), AclSizeInformation);
-+    if (status) return RtlNtStatusToDosError(status);
-+
-+    if (!sizeinfo.AceCount)
-+    {
-+        *pcCountOfExplicitEntries = 0;
-+        *pListOfExplicitEntries = NULL;
-+        return ERROR_SUCCESS;
-+    }
-+
-+    entries = LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, (sizeof(EXPLICIT_ACCESSW) + sizeof(MAX_SID)) * sizeinfo.AceCount);
-+    if (!entries) return ERROR_OUTOFMEMORY;
-+    sid_entries = (MAX_SID*)((char*)entries + sizeof(EXPLICIT_ACCESSW) * sizeinfo.AceCount);
-+
-+    for (i = 0; i < sizeinfo.AceCount; i++)
-+    {
-+        status = RtlGetAce(pacl, i, (void**)&ace);
-+        if (status) goto error;
-+
-+        switch (ace->AceType)
-+        {
-+            case ACCESS_ALLOWED_ACE_TYPE:
-+            {
-+                ACCESS_ALLOWED_ACE *allow = (ACCESS_ALLOWED_ACE *)ace;
-+                entries[i].grfAccessMode = GRANT_ACCESS;
-+                entries[i].grfInheritance = ace->AceFlags;
-+                entries[i].grfAccessPermissions = allow->Mask;
-+
-+                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&allow->SidStart);
-+                entries[i].Trustee.pMultipleTrustee = NULL;
-+                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
-+                break;
-+            }
-+
-+            case ACCESS_DENIED_ACE_TYPE:
-+            {
-+                ACCESS_DENIED_ACE *deny = (ACCESS_DENIED_ACE *)ace;
-+                entries[i].grfAccessMode = DENY_ACCESS;
-+                entries[i].grfInheritance = ace->AceFlags;
-+                entries[i].grfAccessPermissions = deny->Mask;
-+
-+                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&deny->SidStart);
-+                entries[i].Trustee.pMultipleTrustee = NULL;
-+                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
-+                break;
-+            }
-+
-+            default:
-+                FIXME("Unhandled ace type %d\n", ace->AceType);
-+                entries[i].grfAccessMode = NOT_USED_ACCESS;
-+                continue;
-+        }
-+    }
-+
-+    *pcCountOfExplicitEntries = sizeinfo.AceCount;
-+    *pListOfExplicitEntries = entries;
-+    return ERROR_SUCCESS;
-+
-+error:
-+    LocalFree(entries);
-+    return RtlNtStatusToDosError(status);
- }
- 
- /******************************************************************************
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 3c68205922..ca5edffae5 100644
---- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -134,6 +134,7 @@ static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
- static void     (WINAPI *pRtlInitAnsiString)(PANSI_STRING,PCSZ);
- static NTSTATUS (WINAPI *pRtlFreeUnicodeString)(PUNICODE_STRING);
- static PSID_IDENTIFIER_AUTHORITY (WINAPI *pGetSidIdentifierAuthority)(PSID);
-+static DWORD    (WINAPI *pGetExplicitEntriesFromAclW)(PACL,PULONG,PEXPLICIT_ACCESSW*);
- 
- static HMODULE hmod;
- static int     myARGC;
-@@ -230,6 +231,7 @@ static void init(void)
-     pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
-     pGetSidIdentifierAuthority = (void *)GetProcAddress(hmod, "GetSidIdentifierAuthority");
-     pDuplicateTokenEx = (void *)GetProcAddress(hmod, "DuplicateTokenEx");
-+    pGetExplicitEntriesFromAclW = (void *)GetProcAddress(hmod, "GetExplicitEntriesFromAclW");
- 
-     myARGC = winetest_get_mainargs( &myARGV );
- }
-@@ -7076,6 +7078,145 @@ static void test_child_token_sd(void)
-     HeapFree(GetProcessHeap(), 0, sd);
- }
- 
-+static void test_GetExplicitEntriesFromAclW(void)
-+{
-+    static const WCHAR wszCurrentUser[] = { 'C','U','R','R','E','N','T','_','U','S','E','R','\0'};
-+    SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY };
-+    SID_IDENTIFIER_AUTHORITY SIDAuthNT = { SECURITY_NT_AUTHORITY };
-+    PSID everyone_sid = NULL, users_sid = NULL;
-+    EXPLICIT_ACCESSW access;
-+    EXPLICIT_ACCESSW *access2;
-+    PACL new_acl, old_acl = NULL;
-+    ULONG count;
-+    DWORD res;
-+
-+    if (!pGetExplicitEntriesFromAclW)
-+    {
-+        win_skip("GetExplicitEntriesFromAclW is not available\n");
-+        return;
-+    }
-+
-+    if (!pSetEntriesInAclW)
-+    {
-+        win_skip("SetEntriesInAclW is not available\n");
-+        return;
-+    }
-+
-+    old_acl = HeapAlloc(GetProcessHeap(), 0, 256);
-+    res = InitializeAcl(old_acl, 256, ACL_REVISION);
-+    if(!res && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
-+    {
-+        win_skip("ACLs not implemented - skipping tests\n");
-+        HeapFree(GetProcessHeap(), 0, old_acl);
-+        return;
-+    }
-+    ok(res, "InitializeAcl failed with error %d\n", GetLastError());
-+
-+    res = AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
-+    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
-+
-+    res = AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID,
-+                                   DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &users_sid);
-+    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
-+
-+    res = AddAccessAllowedAce(old_acl, ACL_REVISION, KEY_READ, users_sid);
-+    ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError());
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(old_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 1, "Expected count == 1, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_READ, "Expected KEY_READ, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, users_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+
-+    access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+    access.Trustee.pMultipleTrustee = NULL;
-+
-+    access.grfAccessPermissions = KEY_WRITE;
-+    access.grfAccessMode = GRANT_ACCESS;
-+    access.grfInheritance = NO_INHERITANCE;
-+    access.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+    access.Trustee.ptstrName = everyone_sid;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-+    access.Trustee.ptstrName = (LPWSTR)wszCurrentUser;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.grfAccessMode = REVOKE_ACCESS;
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+    access.Trustee.ptstrName = users_sid;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = (void *)0xdeadbeef;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 0, "Expected count == 0, got %d\n", count);
-+    ok(access2 == NULL, "access2 was not NULL\n");
-+    LocalFree(new_acl);
-+
-+    FreeSid(users_sid);
-+    FreeSid(everyone_sid);
-+    HeapFree(GetProcessHeap(), 0, old_acl);
-+}
-+
- START_TEST(security)
- {
-     init();
-@@ -7129,6 +7270,7 @@ START_TEST(security)
-     test_pseudo_tokens();
-     test_maximum_allowed();
-     test_token_label();
-+    test_GetExplicitEntriesFromAclW();
- 
-     /* Must be the last test, modifies process token */
-     test_token_security_descriptor();
--- 
-2.13.1
-

patches/advapi32-GetExplicitEntriesFromAclW/definition

@@ -1 +0,0 @@
-Fixes: Implement semi-stub for advapi32.GetExplicitEntriesFromAclW

patches/advapi32-Token_Integrity_Level/0004-server-Implement-token-integrity-level.patch

@@ -1,7 +1,7 @@
-From 3092c9de3ac89e77a139db97a33b8b15f9a12eac Mon Sep 17 00:00:00 2001
+From 971789f2af6149998e54382522569b3790309cf2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 02:28:35 +0200
-Subject: server: Implement token integrity level.
+Subject: [PATCH] server: Implement token integrity level.
 
 ---
  dlls/ntdll/nt.c     | 23 ++++++++++++++---------
@@ -10,10 +10,10 @@ Subject: server: Implement token integrity level.
  3 files changed, 48 insertions(+), 12 deletions(-)
 
 diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index dda6cabe1cf..6f2b24e6ba4 100644
+index 9e60196..59c6e49 100644
 --- a/dlls/ntdll/nt.c
 +++ b/dlls/ntdll/nt.c
-@@ -372,7 +372,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
+@@ -340,7 +340,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
          0,    /* TokenAccessInformation */
          0,    /* TokenVirtualizationAllowed */
          0,    /* TokenVirtualizationEnabled */
@@ -21,8 +21,8 @@ index dda6cabe1cf..6f2b24e6ba4 100644
 +        0,    /* TokenIntegrityLevel */
          0,    /* TokenUIAccess */
          0,    /* TokenMandatoryPolicy */
-         sizeof(TOKEN_GROUPS) + sizeof(logon_sid), /* TokenLogonSid */
-@@ -625,18 +625,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
+         0,    /* TokenLogonSid */
+@@ -593,18 +593,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
          }
          break;
      case TokenIntegrityLevel:
@@ -55,10 +55,10 @@ index dda6cabe1cf..6f2b24e6ba4 100644
      case TokenAppContainerSid:
          {
 diff --git a/server/protocol.def b/server/protocol.def
-index 33f1d5f0ab8..ac2e2242511 100644
+index c961eaf..0bb04cd 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3424,6 +3424,13 @@ enum caret_state
+@@ -3388,6 +3388,13 @@ enum caret_state
      VARARG(sid,SID);              /* the sid specified by which_sid from the token */
  @END
  
@@ -73,10 +73,10 @@ index 33f1d5f0ab8..ac2e2242511 100644
      obj_handle_t    handle;       /* handle to the token */
  @REPLY
 diff --git a/server/token.c b/server/token.c
-index 292e1df80fd..8d2de6ab58e 100644
+index 355a523..1ed994a 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -127,6 +127,7 @@ struct token
+@@ -112,6 +112,7 @@ struct token
      TOKEN_SOURCE   source;          /* source of the token */
      int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
      TOKEN_ELEVATION_TYPE elevation; /* elevation level */
@@ -84,7 +84,7 @@ index 292e1df80fd..8d2de6ab58e 100644
  };
  
  struct privilege
-@@ -567,7 +568,8 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -544,7 +545,8 @@ static struct token *create_token( unsigned primary, const SID *user,
                                     const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                     const ACL *default_dacl, TOKEN_SOURCE source,
                                     const luid_t *modified_id,
@@ -94,7 +94,7 @@ index 292e1df80fd..8d2de6ab58e 100644
  {
      struct token *token = alloc_object( &token_ops );
      if (token)
-@@ -648,6 +650,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -625,6 +627,7 @@ static struct token *create_token( unsigned primary, const SID *user,
          }
  
          token->source = source;
@@ -102,7 +102,7 @@ index 292e1df80fd..8d2de6ab58e 100644
      }
      return token;
  }
-@@ -703,7 +706,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -680,7 +683,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
                            NULL, 0, src_token->default_dacl,
                            src_token->source, modified_id,
                            impersonation_level,
@@ -112,7 +112,7 @@ index 292e1df80fd..8d2de6ab58e 100644
      if (!token) return token;
  
      /* copy groups */
-@@ -907,7 +911,7 @@ struct token *token_create_admin( void )
+@@ -884,7 +888,7 @@ struct token *token_create_admin( void )
          static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
          token = create_token( TRUE, user_sid, admin_groups, sizeof(admin_groups)/sizeof(admin_groups[0]),
                                admin_privs, sizeof(admin_privs)/sizeof(admin_privs[0]), default_dacl,
@@ -121,7 +121,7 @@ index 292e1df80fd..8d2de6ab58e 100644
          /* we really need a primary group */
          assert( token->primary_group );
      }
-@@ -1550,6 +1554,26 @@ DECL_HANDLER(get_token_sid)
+@@ -1530,6 +1534,26 @@ DECL_HANDLER(get_token_sid)
      }
  }
  
@@ -149,5 +149,5 @@ index 292e1df80fd..8d2de6ab58e 100644
  DECL_HANDLER(get_token_groups)
  {
 -- 
-2.13.1
+1.9.1
 

patches/advapi32-Token_Integrity_Level/0005-server-Use-all-group-attributes-in-create_token.patch

@@ -1,4 +1,4 @@
-From 77c9e6c6f408a2b59a79f3773a379a43b6994f2c Mon Sep 17 00:00:00 2001
+From 48f4c131f9e8ffc091dde12437ad0772ed1c5ca6 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Sun, 6 Aug 2017 15:16:33 +0200
 Subject: server: Use all group attributes in create_token.
@@ -8,10 +8,10 @@ Subject: server: Use all group attributes in create_token.
  1 file changed, 7 insertions(+), 7 deletions(-)
 
 diff --git a/server/token.c b/server/token.c
-index 8d2de6ab58e..e61fe97bfa0 100644
+index 0019b3a..2a56664 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -613,13 +613,13 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -592,13 +592,13 @@ static struct token *create_token( unsigned primary, const SID *user,
                  return NULL;
              }
              memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid ));
@@ -29,9 +29,9 @@ index 8d2de6ab58e..e61fe97bfa0 100644
 +            group->logon     = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
 +            group->resource  = (groups[i].Attributes & SE_GROUP_RESOURCE) != 0;
              list_add_tail( &token->groups, &group->entry );
-             /* Use first owner capable group as an owner */
+             /* Use first owner capable group as owner and primary group */
              if (!token->primary_group && group->owner)
-@@ -1628,8 +1628,8 @@ DECL_HANDLER(get_token_groups)
+@@ -1603,8 +1603,8 @@ DECL_HANDLER(get_token_groups)
                      if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
                      if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
                      if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
@@ -42,5 +42,5 @@ index 8d2de6ab58e..e61fe97bfa0 100644
                      memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));
  
 -- 
-2.13.1
+2.7.4
 

patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch

@@ -1,7 +1,8 @@
-From 6444094c9ef4f30a253bcee9e873ed511bda222c Mon Sep 17 00:00:00 2001
+From d67d7293a17592b580d284fa68881a613e61f591 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 01:45:29 +0200
-Subject: ntdll: Add function to create new tokens for elevation purposes.
+Subject: [PATCH] ntdll: Add function to create new tokens for elevation
+ purposes.
 
 ---
  dlls/ntdll/ntdll.spec   |  3 ++
@@ -13,10 +14,10 @@ Subject: ntdll: Add function to create new tokens for elevation purposes.
  6 files changed, 117 insertions(+)
 
 diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index c814f405017..eb84cc97bf8 100644
+index dbead5e..586b504 100644
 --- a/dlls/ntdll/ntdll.spec
 +++ b/dlls/ntdll/ntdll.spec
-@@ -1483,6 +1483,9 @@
+@@ -1482,6 +1482,9 @@
  # Virtual memory
  @ cdecl __wine_locked_recvmsg(long ptr long)
  
@@ -27,10 +28,10 @@ index c814f405017..eb84cc97bf8 100644
  @ cdecl wine_get_version() NTDLL_wine_get_version
  @ cdecl wine_get_patches() NTDLL_wine_get_patches
 diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
-index 907bbdd2d95..a7810f716ad 100644
+index 8a64338..137a22d 100644
 --- a/dlls/ntdll/ntdll_misc.h
 +++ b/dlls/ntdll/ntdll_misc.h
-@@ -77,6 +77,9 @@ extern void virtual_init_threading(void) DECLSPEC_HIDDEN;
+@@ -80,6 +80,9 @@ extern void virtual_init_threading(void) DECLSPEC_HIDDEN;
  extern void fill_cpu_info(void) DECLSPEC_HIDDEN;
  extern void heap_set_debug_flags( HANDLE handle ) DECLSPEC_HIDDEN;
  
@@ -41,7 +42,7 @@ index 907bbdd2d95..a7810f716ad 100644
  extern timeout_t server_start_time DECLSPEC_HIDDEN;
  extern unsigned int server_cpus DECLSPEC_HIDDEN;
 diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
-index f615ce2fea7..77048003ace 100644
+index 40034b4..1ebbb79 100644
 --- a/dlls/ntdll/process.c
 +++ b/dlls/ntdll/process.c
 @@ -99,6 +99,24 @@ HANDLE CDECL __wine_make_process_system(void)
@@ -70,10 +71,10 @@ index f615ce2fea7..77048003ace 100644
  
  #define UNIMPLEMENTED_INFO_CLASS(c) \
 diff --git a/server/protocol.def b/server/protocol.def
-index c8ab4bf8c36..59fe9aec7a8 100644
+index 0bb04cd..f2deca6 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3628,6 +3628,14 @@ struct handle_info
+@@ -3641,6 +3641,14 @@ struct handle_info
  @END
  
  
@@ -89,7 +90,7 @@ index c8ab4bf8c36..59fe9aec7a8 100644
  @REQ(create_completion)
      unsigned int access;          /* desired access to a port */
 diff --git a/server/security.h b/server/security.h
-index 6c337143c3d..21e90ccf23f 100644
+index 6c33714..21e90cc 100644
 --- a/server/security.h
 +++ b/server/security.h
 @@ -49,6 +49,7 @@ extern const PSID security_builtin_users_sid;
@@ -101,18 +102,18 @@ index 6c337143c3d..21e90ccf23f 100644
  
  /* token functions */
 diff --git a/server/token.c b/server/token.c
-index 3301283ee25..7abd92386ea 100644
+index 7776cbe..64ab565 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -71,6 +71,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
+@@ -79,6 +79,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
  static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
  static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
  static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } };
 +static const SID medium_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_MEDIUM_RID } };
- static const struct /* same fields as struct SID */
- {
-     BYTE Revision;
-@@ -110,6 +111,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
+ static const SID_N(5) local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
+ static const SID_N(2) builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
+ static const SID_N(2) builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
+@@ -95,6 +96,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
  const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
  const PSID security_domain_users_sid = (PSID)&domain_users_sid;
  const PSID security_high_label_sid = (PSID)&high_label_sid;
@@ -120,7 +121,7 @@ index 3301283ee25..7abd92386ea 100644
  
  static luid_t prev_luid_value = { 1000, 0 };
  
-@@ -915,6 +917,64 @@ struct token *token_create_admin( void )
+@@ -901,6 +903,64 @@ struct token *token_create_admin( void )
      return token;
  }
  
@@ -185,7 +186,7 @@ index 3301283ee25..7abd92386ea 100644
  static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
  {
      struct privilege *privilege;
-@@ -1729,3 +1789,27 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1718,3 +1778,27 @@ DECL_HANDLER(set_token_default_dacl)
          release_object( token );
      }
  }
@@ -214,5 +215,5 @@ index 3301283ee25..7abd92386ea 100644
 +    }
 +}
 -- 
-2.14.1
+1.9.1
 

patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch

@@ -1,7 +1,7 @@
-From e15be9d22652dbf7ef027ce5f3ef3faa42139c7a Mon Sep 17 00:00:00 2001
+From 3ff546b9cbde1d0f5ea43c5cbb92ac8dc2028676 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 03:39:55 +0200
-Subject: ntdll: Implement process token elevation through manifests.
+Subject: [PATCH] ntdll: Implement process token elevation through manifests.
 
 ---
  dlls/ntdll/loader.c | 37 +++++++++++++++++++++++++++++++++++++
@@ -12,10 +12,10 @@ Subject: ntdll: Implement process token elevation through manifests.
  5 files changed, 67 insertions(+)
 
 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index cdf8d586c36..5162e2fc0ec 100644
+index 3fcbbf77a5..2399f1246e 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
-@@ -3095,6 +3095,32 @@ static void load_global_options(void)
+@@ -3054,6 +3054,32 @@ NTSTATUS attach_dlls( CONTEXT *context )
  }
  
  
@@ -46,18 +46,18 @@ index cdf8d586c36..5162e2fc0ec 100644
 +
 +
  /***********************************************************************
-  *           start_process
+  *           load_global_options
   */
-@@ -3111,6 +3137,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+@@ -3115,6 +3141,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
                                  ULONG_PTR unknown3, ULONG_PTR unknown4 )
  {
      static const WCHAR globalflagW[] = {'G','l','o','b','a','l','F','l','a','g',0};
 +    ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION runlevel;
-     LARGE_INTEGER timeout;
      NTSTATUS status;
      WINE_MODREF *wm;
-@@ -3154,6 +3181,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
-     if ((status = fixup_imports( wm, load_path )) != STATUS_SUCCESS) goto error;
+     PEB *peb = NtCurrentTeb()->Peb;
+@@ -3142,6 +3169,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+                                        REG_DWORD, &peb->NtGlobalFlag, sizeof(peb->NtGlobalFlag), NULL );
      heap_set_debug_flags( GetProcessHeap() );
  
 +    /* elevate process if necessary */
@@ -70,14 +70,14 @@ index cdf8d586c36..5162e2fc0ec 100644
 +        elevate_process();  /* FIXME: the process exists with a wrong token for a short time */
 +    }
 +
-     status = wine_call_on_stack( attach_process_dlls, wm, (char *)NtCurrentTeb()->Tib.StackBase - page_size );
-     if (status != STATUS_SUCCESS) goto error;
- 
+     /* the main exe needs to be the first in the load order list */
+     RemoveEntryList( &wm->ldr.InLoadOrderModuleList );
+     InsertHeadList( &peb->LdrData->InLoadOrderModuleList, &wm->ldr.InLoadOrderModuleList );
 diff --git a/server/process.c b/server/process.c
-index f8969433ede..10cf39d8962 100644
+index ee85249bd4..81cea2f1ba 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -1136,6 +1136,14 @@ struct process_snapshot *process_snap( int *count )
+@@ -1133,6 +1133,14 @@ struct process_snapshot *process_snap( int *count )
      return snapshot;
  }
  
@@ -93,10 +93,10 @@ index f8969433ede..10cf39d8962 100644
  DECL_HANDLER(new_process)
  {
 diff --git a/server/process.h b/server/process.h
-index 548796f9c22..262eb59627b 100644
+index f22c128f07..78e88ec350 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -137,6 +137,7 @@ extern void break_process( struct process *process );
+@@ -136,6 +136,7 @@ extern void break_process( struct process *process );
  extern void detach_debugged_processes( struct thread *debugger );
  extern struct process_snapshot *process_snap( int *count );
  extern void enum_processes( int (*cb)(struct process*, void*), void *user);
@@ -105,10 +105,10 @@ index 548796f9c22..262eb59627b 100644
  /* console functions */
  extern void inherit_console(struct thread *parent_thread, struct process *process, obj_handle_t hconin);
 diff --git a/server/protocol.def b/server/protocol.def
-index 7590541ac8a..55cc768d21a 100644
+index 0abd1683f0..5fb6e38ea5 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3610,6 +3610,13 @@ struct handle_info
+@@ -3654,6 +3654,13 @@ struct handle_info
  @END
  
  
@@ -123,10 +123,10 @@ index 7590541ac8a..55cc768d21a 100644
  @REQ(create_completion)
      unsigned int access;          /* desired access to a port */
 diff --git a/server/token.c b/server/token.c
-index 7abd92386ea..49e84362a83 100644
+index 64ab565a95..52fa10d52e 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -1813,3 +1813,17 @@ DECL_HANDLER(create_token)
+@@ -1802,3 +1802,17 @@ DECL_HANDLER(create_token)
          release_object( token );
      }
  }
@@ -145,5 +145,5 @@ index 7abd92386ea..49e84362a83 100644
 +    }
 +}
 -- 
-2.14.1
+2.16.1