Release 2.0-rc3.

FIXME: Adjust CSMT patches to be compatible with the new buffer management.

README.md

@@ -66,7 +66,8 @@ Configuration:
 
 Backends:
   --backend=patch      Use regular 'patch' utility to apply patches (default)
-  --backend=epatch     Use 'epatch' to apply patches (Gentoo only)
+  --backend=eapply     Use 'eapply' to apply patches (Gentoo only)
+  --backend=epatch     Use 'epatch' to apply patches (Gentoo only, deprecated)
   --backend=git-am     Use 'git am' to apply patches
   --backend=git-apply  Use 'git apply' to apply patches
   --backend=stg        Import the patches using stacked git

patches/Compiler_Warnings/0009-dwrite-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,25 +0,0 @@
-From 869fbc7190eb77e027be4bcd98d938198189c3dd Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Tue, 22 Mar 2016 21:58:40 +0100
-Subject: dwrite: Avoid implicit cast of interface pointer.
-
----
- dlls/dwrite/layout.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dlls/dwrite/layout.c b/dlls/dwrite/layout.c
-index 38b5e32..24f4abc 100644
---- a/dlls/dwrite/layout.c
-+++ b/dlls/dwrite/layout.c
-@@ -5115,7 +5115,7 @@ static const IDWriteTextFormat2Vtbl dwritetextformatvtbl = {
- static struct dwrite_textformat *unsafe_impl_from_IDWriteTextFormat(IDWriteTextFormat *iface)
- {
-     return (iface->lpVtbl == (IDWriteTextFormatVtbl*)&dwritetextformatvtbl) ?
--        CONTAINING_RECORD(iface, struct dwrite_textformat, IDWriteTextFormat2_iface) : NULL;
-+        CONTAINING_RECORD((IDWriteTextFormat2 *)iface, struct dwrite_textformat, IDWriteTextFormat2_iface) : NULL;
- }
- 
- HRESULT create_textformat(const WCHAR *family_name, IDWriteFontCollection *collection, DWRITE_FONT_WEIGHT weight, DWRITE_FONT_STYLE style,
--- 
-2.7.1
-

patches/Compiler_Warnings/0026-dwrite-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,48 @@
+From 744549e1ecc76c3764079d337c09445d01a3527e Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Tue, 22 Mar 2016 21:58:40 +0100
+Subject: dwrite: Avoid implicit cast of interface pointer.
+
+---
+ dlls/dwrite/font.c   | 4 ++--
+ dlls/dwrite/layout.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/dwrite/font.c b/dlls/dwrite/font.c
+index d9ddce0..0a90c20 100644
+--- a/dlls/dwrite/font.c
++++ b/dlls/dwrite/font.c
+@@ -1684,7 +1684,7 @@ static struct dwrite_font *unsafe_impl_from_IDWriteFont(IDWriteFont *iface)
+     if (!iface)
+         return NULL;
+     assert(iface->lpVtbl == (IDWriteFontVtbl*)&dwritefontvtbl);
+-    return CONTAINING_RECORD(iface, struct dwrite_font, IDWriteFont3_iface);
++    return CONTAINING_RECORD((IDWriteFont3 *)iface, struct dwrite_font, IDWriteFont3_iface);
+ }
+ 
+ static struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace *iface)
+@@ -1692,7 +1692,7 @@ static struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace
+     if (!iface)
+         return NULL;
+     assert(iface->lpVtbl == (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
+-    return CONTAINING_RECORD(iface, struct dwrite_fontface, IDWriteFontFace4_iface);
++    return CONTAINING_RECORD((IDWriteFontFace4 *)iface, struct dwrite_fontface, IDWriteFontFace4_iface);
+ }
+ 
+ void get_logfont_from_font(IDWriteFont *iface, LOGFONTW *lf)
+diff --git a/dlls/dwrite/layout.c b/dlls/dwrite/layout.c
+index 706ed4e..c76a909 100644
+--- a/dlls/dwrite/layout.c
++++ b/dlls/dwrite/layout.c
+@@ -5196,7 +5196,7 @@ static const IDWriteTextFormat2Vtbl dwritetextformatvtbl = {
+ static struct dwrite_textformat *unsafe_impl_from_IDWriteTextFormat(IDWriteTextFormat *iface)
+ {
+     return (iface->lpVtbl == (IDWriteTextFormatVtbl*)&dwritetextformatvtbl) ?
+-        CONTAINING_RECORD(iface, struct dwrite_textformat, IDWriteTextFormat2_iface) : NULL;
++        CONTAINING_RECORD((IDWriteTextFormat2 *)iface, struct dwrite_textformat, IDWriteTextFormat2_iface) : NULL;
+ }
+ 
+ HRESULT create_textformat(const WCHAR *family_name, IDWriteFontCollection *collection, DWRITE_FONT_WEIGHT weight, DWRITE_FONT_STYLE style,
+-- 
+2.9.0
+

patches/advapi32-AddMandatoryAce/0001-advapi32-Implement-AddMandatoryAce.patch

@@ -0,0 +1,185 @@
+From 9904ee15d00d0809c12759446c09adc1981e3cf9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 29 Aug 2016 19:45:47 +0200
+Subject: advapi32: Implement AddMandatoryAce.
+
+---
+ dlls/advapi32/security.c       |  6 ++++--
+ dlls/advapi32/tests/security.c | 45 ++++++++++++++++++++++++++++++++++++++++++
+ dlls/ntdll/ntdll.spec          |  1 +
+ dlls/ntdll/sec.c               | 25 +++++++++++++++++++++++
+ include/winbase.h              |  1 +
+ include/winternl.h             |  1 +
+ 6 files changed, 77 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 28331df..45c0f7e 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -1711,10 +1711,12 @@ BOOL WINAPI AddAce(
+     return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
+ }
+ 
++/******************************************************************************
++ *  AddMandatoryAce [ADVAPI32.@]
++ */
+ BOOL WINAPI AddMandatoryAce(ACL *acl, DWORD ace_revision, DWORD ace_flags, DWORD mandatory_policy, PSID label_sid)
+ {
+-    FIXME("%p %x %x %x %p - stub\n", acl, ace_revision, ace_flags, mandatory_policy, label_sid);
+-    return FALSE;
++    return set_ntstatus(RtlAddMandatoryAce(acl, ace_revision, ace_flags, mandatory_policy, SYSTEM_MANDATORY_LABEL_ACE_TYPE, label_sid));
+ }
+ 
+ /******************************************************************************
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 18f4e04..cdbe4f8 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -65,6 +65,7 @@
+ static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
+ static BOOL (WINAPI *pAddAccessDeniedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
+ static BOOL (WINAPI *pAddAuditAccessAceEx)(PACL, DWORD, DWORD, DWORD, PSID, BOOL, BOOL);
++static BOOL (WINAPI *pAddMandatoryAce)(PACL,DWORD,DWORD,DWORD,PSID);
+ static VOID (WINAPI *pBuildTrusteeWithSidA)( PTRUSTEEA pTrustee, PSID pSid );
+ static VOID (WINAPI *pBuildTrusteeWithNameA)( PTRUSTEEA pTrustee, LPSTR pName );
+ static VOID (WINAPI *pBuildTrusteeWithObjectsAndNameA)( PTRUSTEEA pTrustee,
+@@ -199,6 +200,7 @@ static void init(void)
+     pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
+     pAddAccessDeniedAceEx = (void *)GetProcAddress(hmod, "AddAccessDeniedAceEx");
+     pAddAuditAccessAceEx = (void *)GetProcAddress(hmod, "AddAuditAccessAceEx");
++    pAddMandatoryAce = (void *)GetProcAddress(hmod, "AddMandatoryAce");
+     pCheckTokenMembership = (void *)GetProcAddress(hmod, "CheckTokenMembership");
+     pConvertStringSecurityDescriptorToSecurityDescriptorA =
+         (void *)GetProcAddress(hmod, "ConvertStringSecurityDescriptorToSecurityDescriptorA" );
+@@ -6064,6 +6066,48 @@ static void test_default_dacl_owner_sid(void)
+     CloseHandle( handle );
+ }
+ 
++static void test_integrity(void)
++{
++    static SID low_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
++                                                    {SECURITY_MANDATORY_LOW_RID}};
++    SYSTEM_MANDATORY_LABEL_ACE *ace;
++    char buffer_acl[256];
++    ACL *pAcl = (ACL*)&buffer_acl;
++    BOOL ret, found;
++    DWORD index;
++
++    if (!pAddMandatoryAce)
++    {
++        win_skip("Mandatory integrity labels not supported, skipping test\n");
++        return;
++    }
++
++    ret = InitializeAcl(pAcl, 256, ACL_REVISION);
++    ok(ret, "InitializeAcl failed with %u\n", GetLastError());
++
++    ret = pAddMandatoryAce(pAcl, ACL_REVISION, 0, 0x1234, &low_level);
++    ok(!ret, "AddMandatoryAce succeeded\n");
++    ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER got %u\n", GetLastError());
++
++    ret = pAddMandatoryAce(pAcl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, &low_level);
++    ok(ret, "AddMandatoryAce failed with %u\n", GetLastError());
++
++    index = 0;
++    found = FALSE;
++    while (pGetAce( pAcl, index++, (void **)&ace ))
++    {
++        if (ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
++        {
++            found = TRUE;
++            ok(ace->Header.AceFlags == 0, "Expected 0 as flags, got %x\n", ace->Header.AceFlags);
++            ok(ace->Mask == SYSTEM_MANDATORY_LABEL_NO_WRITE_UP,
++               "Expected SYSTEM_MANDATORY_LABEL_NO_WRITE_UP as flag, got %x\n", ace->Mask);
++            ok(EqualSid(&ace->SidStart, &low_level), "Expected low integrity level\n");
++        }
++    }
++    ok(found, "Could not find mandatory label\n");
++}
++
+ static void test_AdjustTokenPrivileges(void)
+ {
+     TOKEN_PRIVILEGES tp, prev;
+@@ -6444,6 +6488,7 @@ START_TEST(security)
+     test_CreateRestrictedToken();
+     test_TokenIntegrityLevel();
+     test_default_dacl_owner_sid();
++    test_integrity();
+     test_AdjustTokenPrivileges();
+     test_AddAce();
+     test_system_security_access();
+diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
+index 28aa2df..f6f8eba 100644
+--- a/dlls/ntdll/ntdll.spec
++++ b/dlls/ntdll/ntdll.spec
+@@ -422,6 +422,7 @@
+ @ stdcall RtlAddAuditAccessAceEx(ptr long long long ptr long long)
+ @ stdcall RtlAddAuditAccessObjectAce(ptr long long long ptr ptr ptr long long)
+ # @ stub RtlAddCompoundAce
++@ stdcall RtlAddMandatoryAce(ptr long long long long ptr)
+ # @ stub RtlAddRange
+ @ cdecl -arch=arm,x86_64 RtlAddFunctionTable(ptr long long)
+ @ stdcall RtlAddRefActivationContext(ptr)
+diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
+index 3bc52ac..daa2cae 100644
+--- a/dlls/ntdll/sec.c
++++ b/dlls/ntdll/sec.c
+@@ -1379,6 +1379,31 @@ NTSTATUS WINAPI RtlAddAuditAccessObjectAce(
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
++/**************************************************************************
++ *  RtlAddMandatoryAce     [NTDLL.@]
++ */
++NTSTATUS WINAPI RtlAddMandatoryAce(
++    IN OUT PACL pAcl,
++    IN DWORD dwAceRevision,
++    IN DWORD dwAceFlags,
++    IN DWORD dwMandatoryFlags,
++    IN DWORD dwAceType,
++    IN PSID pSid)
++{
++    static DWORD valid_flags = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP |
++                               SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP;
++
++    TRACE("(%p,%d,0x%08x,0x%08x,%u,%p)\n",pAcl,dwAceRevision,dwAceFlags,dwMandatoryFlags, dwAceType, pSid);
++
++    if (dwAceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE)
++        return STATUS_INVALID_PARAMETER;
++
++    if (dwMandatoryFlags & ~valid_flags)
++        return STATUS_INVALID_PARAMETER;
++
++    return add_access_ace(pAcl, dwAceRevision, dwAceFlags, dwMandatoryFlags, pSid, dwAceType);
++}
++
+ /******************************************************************************
+  *  RtlValidAcl		[NTDLL.@]
+  */
+diff --git a/include/winbase.h b/include/winbase.h
+index eff5972..42c826d 100644
+--- a/include/winbase.h
++++ b/include/winbase.h
+@@ -1693,6 +1693,7 @@ WINBASEAPI ATOM        WINAPI AddAtomW(LPCWSTR);
+ #define                       AddAtom WINELIB_NAME_AW(AddAtom)
+ WINADVAPI  BOOL        WINAPI AddAuditAccessAce(PACL,DWORD,DWORD,PSID,BOOL,BOOL);
+ WINADVAPI  BOOL        WINAPI AddAuditAccessAceEx(PACL,DWORD,DWORD,DWORD,PSID,BOOL,BOOL);
++WINADVAPI  BOOL        WINAPI AddMandatoryAce(PACL,DWORD,DWORD,DWORD,PSID);
+ WINBASEAPI VOID        WINAPI AddRefActCtx(HANDLE);
+ WINBASEAPI PVOID       WINAPI AddVectoredExceptionHandler(ULONG,PVECTORED_EXCEPTION_HANDLER);
+ WINADVAPI  BOOL        WINAPI AdjustTokenGroups(HANDLE,BOOL,PTOKEN_GROUPS,DWORD,PTOKEN_GROUPS,PDWORD);
+diff --git a/include/winternl.h b/include/winternl.h
+index f35091c..c104e6f 100644
+--- a/include/winternl.h
++++ b/include/winternl.h
+@@ -2405,6 +2405,7 @@ NTSYSAPI NTSTATUS  WINAPI RtlAddAtomToAtomTable(RTL_ATOM_TABLE,const WCHAR*,RTL_
+ NTSYSAPI NTSTATUS  WINAPI RtlAddAuditAccessAce(PACL,DWORD,DWORD,PSID,BOOL,BOOL);
+ NTSYSAPI NTSTATUS  WINAPI RtlAddAuditAccessAceEx(PACL,DWORD,DWORD,DWORD,PSID,BOOL,BOOL);
+ NTSYSAPI NTSTATUS  WINAPI RtlAddAuditAccessObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID,BOOL,BOOL);
++NTSYSAPI NTSTATUS  WINAPI RtlAddMandatoryAce(PACL,DWORD,DWORD,DWORD,DWORD,PSID);
+ NTSYSAPI void      WINAPI RtlAddRefActivationContext(HANDLE);
+ NTSYSAPI PVOID     WINAPI RtlAddVectoredExceptionHandler(ULONG,PVECTORED_EXCEPTION_HANDLER);
+ NTSYSAPI NTSTATUS  WINAPI RtlAdjustPrivilege(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN);
+-- 
+2.9.0
+

patches/advapi32-AddMandatoryAce/definition

@@ -0,0 +1 @@
+Fixes: Implement advapi32.AddMandatoryAce

patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch

@@ -0,0 +1,277 @@
+From cb383abcb7d36d739092a93c1f276895622b6806 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Sun, 28 Aug 2016 21:56:41 +0200
+Subject: advapi32: Implement GetExplicitEntriesFromAclW.
+
+---
+ dlls/advapi32/security.c       |  81 ++++++++++++++++++++++-
+ dlls/advapi32/tests/security.c | 142 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 221 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 92a1789..c60aa4e 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -4202,8 +4202,85 @@ DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntr
+ DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
+         PEXPLICIT_ACCESSW* pListOfExplicitEntries)
+ {
+-    FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
+-    return ERROR_CALL_NOT_IMPLEMENTED;
++    ACL_SIZE_INFORMATION sizeinfo;
++    EXPLICIT_ACCESSW* entries;
++    MAX_SID *sid_entries;
++    ACE_HEADER *ace;
++    NTSTATUS status;
++    int i;
++
++    FIXME("%p %p %p: semi-stub\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
++
++    if (!pcCountOfExplicitEntries || !pListOfExplicitEntries)
++        return ERROR_INVALID_PARAMETER;
++
++    status = RtlQueryInformationAcl(pacl, &sizeinfo, sizeof(sizeinfo), AclSizeInformation);
++    if (status) return RtlNtStatusToDosError(status);
++
++    if (!sizeinfo.AceCount)
++    {
++        *pcCountOfExplicitEntries = 0;
++        *pListOfExplicitEntries = NULL;
++        return ERROR_SUCCESS;
++    }
++
++    entries = LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, (sizeof(EXPLICIT_ACCESSW) + sizeof(MAX_SID)) * sizeinfo.AceCount);
++    if (!entries) return ERROR_OUTOFMEMORY;
++    sid_entries = (MAX_SID*)((char*)entries + sizeof(EXPLICIT_ACCESSW) * sizeinfo.AceCount);
++
++    for (i = 0; i < sizeinfo.AceCount; i++)
++    {
++        status = RtlGetAce(pacl, i, (void**)&ace);
++        if (status) goto error;
++
++        switch (ace->AceType)
++        {
++            case ACCESS_ALLOWED_ACE_TYPE:
++            {
++                ACCESS_ALLOWED_ACE *allow = (ACCESS_ALLOWED_ACE *)ace;
++                entries[i].grfAccessMode = GRANT_ACCESS;
++                entries[i].grfInheritance = ace->AceFlags;
++                entries[i].grfAccessPermissions = allow->Mask;
++
++                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&allow->SidStart);
++                entries[i].Trustee.pMultipleTrustee = NULL;
++                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
++                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
++                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
++                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
++                break;
++            }
++
++            case ACCESS_DENIED_ACE_TYPE:
++            {
++                ACCESS_DENIED_ACE *deny = (ACCESS_DENIED_ACE *)ace;
++                entries[i].grfAccessMode = DENY_ACCESS;
++                entries[i].grfInheritance = ace->AceFlags;
++                entries[i].grfAccessPermissions = deny->Mask;
++
++                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&deny->SidStart);
++                entries[i].Trustee.pMultipleTrustee = NULL;
++                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
++                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
++                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
++                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
++                break;
++            }
++
++            default:
++                FIXME("Unhandled ace type %d\n", ace->AceType);
++                entries[i].grfAccessMode = NOT_USED_ACCESS;
++                continue;
++        }
++    }
++
++    *pcCountOfExplicitEntries = sizeinfo.AceCount;
++    *pListOfExplicitEntries = entries;
++    return ERROR_SUCCESS;
++
++error:
++    LocalFree(entries);
++    return RtlNtStatusToDosError(status);
+ }
+ 
+ /******************************************************************************
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index cf104ab..2bcb108 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -133,6 +133,7 @@ static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
+ static void     (WINAPI *pRtlInitAnsiString)(PANSI_STRING,PCSZ);
+ static NTSTATUS (WINAPI *pRtlFreeUnicodeString)(PUNICODE_STRING);
+ static PSID_IDENTIFIER_AUTHORITY (WINAPI *pGetSidIdentifierAuthority)(PSID);
++static DWORD    (WINAPI *pGetExplicitEntriesFromAclW)(PACL,PULONG,PEXPLICIT_ACCESSW*);
+ 
+ static HMODULE hmod;
+ static int     myARGC;
+@@ -227,6 +228,7 @@ static void init(void)
+     pGetAce = (void *)GetProcAddress(hmod, "GetAce");
+     pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
+     pGetSidIdentifierAuthority = (void *)GetProcAddress(hmod, "GetSidIdentifierAuthority");
++    pGetExplicitEntriesFromAclW = (void *)GetProcAddress(hmod, "GetExplicitEntriesFromAclW");
+ 
+     myARGC = winetest_get_mainargs( &myARGV );
+ }
+@@ -6378,6 +6380,145 @@ static void test_pseudo_tokens(void)
+                  "Expected ERROR_NO_TOKEN, got %u\n", GetLastError());
+ }
+ 
++static void test_GetExplicitEntriesFromAclW(void)
++{
++    static const WCHAR wszCurrentUser[] = { 'C','U','R','R','E','N','T','_','U','S','E','R','\0'};
++    SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY };
++    SID_IDENTIFIER_AUTHORITY SIDAuthNT = { SECURITY_NT_AUTHORITY };
++    PSID everyone_sid = NULL, users_sid = NULL;
++    EXPLICIT_ACCESSW access;
++    EXPLICIT_ACCESSW *access2;
++    PACL new_acl, old_acl = NULL;
++    ULONG count;
++    DWORD res;
++
++    if (!pGetExplicitEntriesFromAclW)
++    {
++        win_skip("GetExplicitEntriesFromAclW is not available\n");
++        return;
++    }
++
++    if (!pSetEntriesInAclW)
++    {
++        win_skip("SetEntriesInAclW is not available\n");
++        return;
++    }
++
++    old_acl = HeapAlloc(GetProcessHeap(), 0, 256);
++    res = InitializeAcl(old_acl, 256, ACL_REVISION);
++    if(!res && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
++    {
++        win_skip("ACLs not implemented - skipping tests\n");
++        HeapFree(GetProcessHeap(), 0, old_acl);
++        return;
++    }
++    ok(res, "InitializeAcl failed with error %d\n", GetLastError());
++
++    res = AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
++    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
++
++    res = AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID,
++                                   DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &users_sid);
++    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
++
++    res = AddAccessAllowedAce(old_acl, ACL_REVISION, KEY_READ, users_sid);
++    ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError());
++
++    access2 = NULL;
++    res = pGetExplicitEntriesFromAclW(old_acl, &count, &access2);
++    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
++    ok(count == 1, "Expected count == 1, got %d\n", count);
++    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
++    ok(access2[0].grfAccessPermissions == KEY_READ, "Expected KEY_READ, got %d\n", access2[0].grfAccessPermissions);
++    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
++    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
++    ok(EqualSid(access2[0].Trustee.ptstrName, users_sid), "Expected equal SIDs\n");
++    LocalFree(access2);
++
++    access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
++    access.Trustee.pMultipleTrustee = NULL;
++
++    access.grfAccessPermissions = KEY_WRITE;
++    access.grfAccessMode = GRANT_ACCESS;
++    access.grfInheritance = NO_INHERITANCE;
++    access.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
++    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
++    access.Trustee.ptstrName = everyone_sid;
++    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
++    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
++    ok(new_acl != NULL, "returned acl was NULL\n");
++
++    access2 = NULL;
++    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
++    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
++    ok(count == 2, "Expected count == 2, got %d\n", count);
++    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
++    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
++    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
++       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
++    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
++    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
++    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
++    LocalFree(access2);
++    LocalFree(new_acl);
++
++    access.Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
++    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
++    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
++    ok(new_acl != NULL, "returned acl was NULL\n");
++
++    access2 = NULL;
++    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
++    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
++    ok(count == 2, "Expected count == 2, got %d\n", count);
++    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
++    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
++    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
++       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
++    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
++    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
++    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
++    LocalFree(access2);
++    LocalFree(new_acl);
++
++    access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
++    access.Trustee.ptstrName = (LPWSTR)wszCurrentUser;
++    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
++    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
++    ok(new_acl != NULL, "returned acl was NULL\n");
++
++    access2 = NULL;
++    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
++    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
++    ok(count == 2, "Expected count == 2, got %d\n", count);
++    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
++    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
++    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
++       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
++    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
++    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
++    LocalFree(access2);
++    LocalFree(new_acl);
++
++    access.grfAccessMode = REVOKE_ACCESS;
++    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
++    access.Trustee.ptstrName = users_sid;
++    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
++    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
++    ok(new_acl != NULL, "returned acl was NULL\n");
++
++    access2 = (void *)0xdeadbeef;
++    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
++    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
++    ok(count == 0, "Expected count == 0, got %d\n", count);
++    ok(access2 == NULL, "access2 was not NULL\n");
++    LocalFree(new_acl);
++
++    FreeSid(users_sid);
++    FreeSid(everyone_sid);
++    HeapFree(GetProcessHeap(), 0, old_acl);
++}
++
+ START_TEST(security)
+ {
+     init();
+@@ -6424,4 +6565,5 @@ START_TEST(security)
+     test_system_security_access();
+     test_GetSidIdentifierAuthority();
+     test_pseudo_tokens();
++    test_GetExplicitEntriesFromAclW();
+ }
+-- 
+2.9.0
+

patches/advapi32-GetExplicitEntriesFromAclW/definition

@@ -0,0 +1 @@
+Fixes: Implement semi-stub for advapi32.GetExplicitEntriesFromAclW