Release 3.3

kernelbase-PathCchCombineEx: Restore mistakenly deleted patch.
wined3d-Core_Context: Fix rebase.
wined3d-Viewports: Restore mistakenly disabled patch.

LICENSE.md

@@ -8,6 +8,7 @@ are part of **Wine Staging** and are licensed under the terms of the
 
 ```
 Copyright (C) 2014-2017 the Wine Staging project authors.
+Copyright (C) 2018 Alistair Leslie-Hughes
 
 Wine Staging is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public

patches/Compiler_Warnings/0001-ole32-Fix-compilation-with-recent-versions-of-gcc.patch

@@ -1,26 +0,0 @@
-From 43628d9b1905396ff6442e4f1e07c9dd48739b19 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Fri, 14 Apr 2017 15:57:18 +0200
-Subject: ole32: Fix compilation with recent versions of gcc.
-
----
- dlls/ole32/storage32.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/dlls/ole32/storage32.h b/dlls/ole32/storage32.h
-index 4fcfd9c362..2b23ab8eb8 100644
---- a/dlls/ole32/storage32.h
-+++ b/dlls/ole32/storage32.h
-@@ -526,6 +526,9 @@ StgStreamImpl* StgStreamImpl_Construct(
- /******************************************************************************
-  * Endian conversion macros
-  */
-+#undef htole32
-+#undef htole16
-+
- #ifdef WORDS_BIGENDIAN
- 
- #define htole32(x) RtlUlongByteSwap(x)
--- 
-2.12.2
-

patches/Compiler_Warnings/0020-amstream-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,4 +1,4 @@
-From 83d96cdd81553544c79527c2aed329e96938af64 Mon Sep 17 00:00:00 2001
+From bd48f0d6b1476a77520f0bf5f82ac08e9dbf9acd Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:54:01 +0100
 Subject: amstream: Avoid implicit cast of interface pointer.
@@ -8,10 +8,10 @@ Subject: amstream: Avoid implicit cast of interface pointer.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/dlls/amstream/mediastreamfilter.c b/dlls/amstream/mediastreamfilter.c
-index d0c6714..3f0397a 100644
+index 5abcb2f..a7ff6e8 100644
 --- a/dlls/amstream/mediastreamfilter.c
 +++ b/dlls/amstream/mediastreamfilter.c
-@@ -70,7 +70,7 @@ typedef struct {
+@@ -42,7 +42,7 @@ typedef struct {
  
  static inline IMediaStreamFilterImpl *impl_from_IMediaStreamFilter(IMediaStreamFilter *iface)
  {
@@ -19,7 +19,7 @@ index d0c6714..3f0397a 100644
 +    return CONTAINING_RECORD((IBaseFilter *)iface, IMediaStreamFilterImpl, filter.IBaseFilter_iface);
  }
  
- static HRESULT WINAPI BasePinImpl_CheckMediaType(BasePin *This, const AM_MEDIA_TYPE *pmt)
+ /*** IUnknown methods ***/
 -- 
-2.7.1
+2.7.4
 

patches/Compiler_Warnings/0024-d3d9-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,14 +1,14 @@
-From cd3c63b259a711abf4e6e06f975e47f82b5b3e1b Mon Sep 17 00:00:00 2001
+From 3dd0480317fe0ed3951daf1cf5757204d11a1ae5 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:55:12 +0100
-Subject: d3d9: Avoid implicit cast of interface pointer.
+Subject: [PATCH] d3d9: Avoid implicit cast of interface pointer.
 
 ---
  dlls/d3d9/texture.c | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/dlls/d3d9/texture.c b/dlls/d3d9/texture.c
-index 07bd83e..4e50093 100644
+index d3662f8..ebc3413 100644
 --- a/dlls/d3d9/texture.c
 +++ b/dlls/d3d9/texture.c
 @@ -25,17 +25,17 @@ WINE_DEFAULT_DEBUG_CHANNEL(d3d9);
@@ -31,7 +31,7 @@ index 07bd83e..4e50093 100644
 +    return CONTAINING_RECORD((IDirect3DBaseTexture9 *)iface, struct d3d9_texture, IDirect3DBaseTexture9_iface);
  }
  
- static HRESULT WINAPI d3d9_texture_2d_QueryInterface(IDirect3DTexture9 *iface, REFIID riid, void **out)
+ static void STDMETHODCALLTYPE srv_wined3d_object_destroyed(void *parent)
 -- 
-2.7.1
+1.9.1
 

patches/Pipelight/0004-winex11.drv-Indicate-direct-rendering-through-OpenGL.patch

@@ -11,7 +11,7 @@ diff --git a/dlls/winex11.drv/opengl.c b/dlls/winex11.drv/opengl.c
 index 71af3db..966d32d 100644
 --- a/dlls/winex11.drv/opengl.c
 +++ b/dlls/winex11.drv/opengl.c
-@@ -440,6 +440,7 @@ static int GLXErrorHandler(Display *dpy, XErrorEvent *event, void *arg)
+@@ -440,6 +440,7 @@ static int GLXErrorHandler(Display *dpy,
  static BOOL X11DRV_WineGL_InitOpenglInfo(void)
  {
      static const char legacy_extensions[] = " WGL_EXT_extensions_string WGL_EXT_swap_control";
@@ -19,30 +19,26 @@ index 71af3db..966d32d 100644
  
      int screen = DefaultScreen(gdi_display);
      Window win = 0, root = 0;
-@@ -491,10 +492,13 @@ static BOOL X11DRV_WineGL_InitOpenglInfo(void)
+@@ -493,16 +494,18 @@ static BOOL X11DRV_WineGL_InitOpenglInfo
      }
      gl_renderer = (const char *)opengl_funcs.gl.p_glGetString(GL_RENDERER);
-     WineGLInfo.glVersion = (const char *) opengl_funcs.gl.p_glGetString(GL_VERSION);
-+    WineGLInfo.glxDirect = pglXIsDirect(gdi_display, ctx);
+     gl_version  = (const char *)opengl_funcs.gl.p_glGetString(GL_VERSION);
++    glx_direct = pglXIsDirect(gdi_display, ctx);
      str = (const char *) opengl_funcs.gl.p_glGetString(GL_EXTENSIONS);
--    WineGLInfo.glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions));
-+    WineGLInfo.glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions)+sizeof(direct_extension));
-     strcpy(WineGLInfo.glExtensions, str);
-     strcat(WineGLInfo.glExtensions, legacy_extensions);
-+    if (WineGLInfo.glxDirect)
-+        strcat(WineGLInfo.glExtensions, direct_extension);
+-    glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions));
++    glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions)+sizeof(direct_extension));
+     strcpy(glExtensions, str);
+     strcat(glExtensions, legacy_extensions);
++    if (glx_direct)
++        strcat(glExtensions, direct_extension);
  
      /* Get the common GLX version supported by GLX client and server ( major/minor) */
-     pglXQueryVersion(gdi_display, &WineGLInfo.glxVersion[0], &WineGLInfo.glxVersion[1]);
-@@ -508,7 +512,7 @@ static BOOL X11DRV_WineGL_InitOpenglInfo(void)
-     WineGLInfo.glxClientExtensions = pglXGetClientString(gdi_display, GLX_EXTENSIONS);
+     pglXQueryVersion(gdi_display, &glxVersion[0], &glxVersion[1]);
  
-     WineGLInfo.glxExtensions = pglXQueryExtensionsString(gdi_display, screen);
--    WineGLInfo.glxDirect = pglXIsDirect(gdi_display, ctx);
-+
+     glxExtensions = pglXQueryExtensionsString(gdi_display, screen);
+-    glx_direct = pglXIsDirect(gdi_display, ctx);
  
-     TRACE("GL version             : %s.\n", WineGLInfo.glVersion);
+     TRACE("GL version             : %s.\n", gl_version);
      TRACE("GL renderer            : %s.\n", gl_renderer);
 -- 
 1.7.9.5
-

patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch

@@ -1,40 +1,41 @@
-From 41ee5d7699182ea01c61223ab9d0a10473e16ac2 Mon Sep 17 00:00:00 2001
+From ee1533db82fa2a955765b6a00f5300900350d2fe Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
-Subject: kernel32: Add winediag message to show warning, that this isn't
- vanilla wine.
+Subject: [PATCH] kernel32: Add winediag message to show warning, that this
+ isn't vanilla wine.
 
 ---
- dlls/kernel32/process.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
+ dlls/kernel32/process.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 6d0fc74cdf4..ed1d967ffdf 100644
+index 0a3fd70..206224f 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
 @@ -65,6 +65,7 @@
+ 
  WINE_DEFAULT_DEBUG_CHANNEL(process);
- WINE_DECLARE_DEBUG_CHANNEL(file);
  WINE_DECLARE_DEBUG_CHANNEL(relay);
 +WINE_DECLARE_DEBUG_CHANNEL(winediag);
  
  #ifdef __APPLE__
  extern char **__wine_get_main_environment(void);
-@@ -1104,6 +1105,14 @@ static DWORD WINAPI start_process( PEB *peb )
-         DPRINTF( "%04x:Starting process %s (entryproc=%p)\n", GetCurrentThreadId(),
-                  debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
+@@ -1090,6 +1091,15 @@ void WINAPI start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
  
-+    if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
-+    {
-+        FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
-+        FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
-+    }
-+    else
-+        WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
+     __TRY
+     {
++        if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
++        {
++            FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
++            FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
++        }
++        else
++            WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
-     if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
-         being_debugged = FALSE;
++
+         if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
+             being_debugged = FALSE;
  
 -- 
-2.11.0
+1.9.1
 

patches/advapi-LsaLookupPrivilegeName/0001-advapi32-Fix-error-code-when-calling-LsaOpenPolicy-f.patch

@@ -1,4 +1,4 @@
-From ce0ab0ccd6e4953a9673d15e00cf602668469c2c Mon Sep 17 00:00:00 2001
+From 971cfbe9ab8a7cb62c5b3e62fe4fe0bfc4518889 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 5 Mar 2017 23:04:36 +0100
 Subject: advapi32: Fix error code when calling LsaOpenPolicy for non existing
@@ -10,10 +10,10 @@ Subject: advapi32: Fix error code when calling LsaOpenPolicy for non existing
  2 files changed, 11 insertions(+), 1 deletion(-)
 
 diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index b8dedbd6d58..e5e3b1649c0 100644
+index bfd879bbc73..2e021a1ec2d 100644
 --- a/dlls/advapi32/lsa.c
 +++ b/dlls/advapi32/lsa.c
-@@ -692,7 +692,7 @@ NTSTATUS WINAPI LsaOpenPolicy(
+@@ -659,7 +659,7 @@ NTSTATUS WINAPI LsaOpenPolicy(
            ObjectAttributes, DesiredAccess, PolicyHandle);
  
      ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
@@ -23,10 +23,10 @@ index b8dedbd6d58..e5e3b1649c0 100644
  
      if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
 diff --git a/dlls/advapi32/tests/lsa.c b/dlls/advapi32/tests/lsa.c
-index 4daf75f58d1..7ddda731be2 100644
+index 861fea0525e..bb291e65a71 100644
 --- a/dlls/advapi32/tests/lsa.c
 +++ b/dlls/advapi32/tests/lsa.c
-@@ -70,6 +70,8 @@ static BOOL init(void)
+@@ -39,6 +39,8 @@ DEFINE_GUID(GUID_NULL,0,0,0,0,0,0,0,0,0,0,0);
  
  static void test_lsa(void)
  {
@@ -35,7 +35,7 @@ index 4daf75f58d1..7ddda731be2 100644
      NTSTATUS status;
      LSA_HANDLE handle;
      LSA_OBJECT_ATTRIBUTES object_attributes;
-@@ -77,6 +79,14 @@ static void test_lsa(void)
+@@ -46,6 +48,14 @@ static void test_lsa(void)
      ZeroMemory(&object_attributes, sizeof(object_attributes));
      object_attributes.Length = sizeof(object_attributes);
  
@@ -43,13 +43,13 @@ index 4daf75f58d1..7ddda731be2 100644
 +    machine.Length = sizeof(machineW) - 2;
 +    machine.MaximumLength = sizeof(machineW);
 +
-+    status = pLsaOpenPolicy( &machine, &object_attributes, POLICY_LOOKUP_NAMES, &handle);
++    status = LsaOpenPolicy( &machine, &object_attributes, POLICY_LOOKUP_NAMES, &handle);
 +    ok(status == RPC_NT_SERVER_UNAVAILABLE,
 +       "LsaOpenPolicy(POLICY_LOOKUP_NAMES) for invalid machine returned 0x%08x\n", status);
 +
-     status = pLsaOpenPolicy( NULL, &object_attributes, POLICY_ALL_ACCESS, &handle);
+     status = LsaOpenPolicy( NULL, &object_attributes, POLICY_ALL_ACCESS, &handle);
      ok(status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED,
         "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status);
 -- 
-2.11.0
+2.14.2
 

patches/advapi-LsaLookupPrivilegeName/0003-advapi32-Implement-LsaLookupPrivilegeName.patch

@@ -1,141 +0,0 @@
-From ca415799729a5330fc9def2df8fb9c4ffef80448 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 5 Mar 2017 23:50:06 +0100
-Subject: advapi32: Implement LsaLookupPrivilegeName.
-
----
- dlls/advapi32/advapi32_misc.h |  2 ++
- dlls/advapi32/lsa.c           | 30 ++++++++++++++++++++++++++++--
- dlls/advapi32/security.c      | 27 ++++++++++++++++++---------
- include/ntsecapi.h            |  1 +
- 4 files changed, 49 insertions(+), 11 deletions(-)
-
-diff --git a/dlls/advapi32/advapi32_misc.h b/dlls/advapi32/advapi32_misc.h
-index d116ecb836e..ecb07f635a6 100644
---- a/dlls/advapi32/advapi32_misc.h
-+++ b/dlls/advapi32/advapi32_misc.h
-@@ -68,4 +68,6 @@ static inline WCHAR *strdupAW( const char *src )
-     return dst;
- }
- 
-+const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1];
-+
- #endif /* __WINE_ADVAPI32MISC_H */
-diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index 61c91f497eb..e6f88d2fa73 100644
---- a/dlls/advapi32/lsa.c
-+++ b/dlls/advapi32/lsa.c
-@@ -983,6 +983,32 @@ NTSTATUS WINAPI LsaLookupPrivilegeName(
-     LUID *luid,
-     UNICODE_STRING **name)
- {
--    FIXME("(%p,%p,%p) stub\n", handle, luid, name);
--    return STATUS_NO_SUCH_PRIVILEGE;
-+    UNICODE_STRING *priv_unicode;
-+    size_t priv_size;
-+    WCHAR *strW;
-+
-+    TRACE("(%p, %p, %p)\n", handle, luid, name);
-+
-+    if (!handle)
-+        return STATUS_INVALID_HANDLE;
-+
-+    if (!name)
-+        return STATUS_INVALID_PARAMETER;
-+
-+    if (luid->HighPart ||
-+        (luid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
-+         luid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE ||
-+         !WellKnownPrivNames[luid->LowPart]))
-+        return STATUS_NO_SUCH_PRIVILEGE;
-+
-+    priv_size = (strlenW(WellKnownPrivNames[luid->LowPart]) + 1) * sizeof(WCHAR);
-+    priv_unicode = heap_alloc(sizeof(*priv_unicode) + priv_size);
-+    if (!priv_unicode) return STATUS_NO_MEMORY;
-+
-+    strW = (WCHAR *)(priv_unicode + 1);
-+    strcpyW(strW, WellKnownPrivNames[luid->LowPart]);
-+    RtlInitUnicodeString(priv_unicode, strW);
-+
-+    *name = priv_unicode;
-+    return STATUS_SUCCESS;
- }
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index e36792cff4b..3bc8f48b19c 100644
---- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -1840,7 +1840,7 @@ static const WCHAR SE_IMPERSONATE_NAME_W[] =
- static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
-  { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
- 
--static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
-+const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
- {
-     NULL,
-     NULL,
-@@ -2043,33 +2043,42 @@ BOOL WINAPI
- LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
-  LPDWORD cchName)
- {
-+    UNICODE_STRING system_name, *priv;
-+    LSA_HANDLE lsa;
-+    NTSTATUS status;
-     size_t privNameLen;
- 
-     TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
- 
--    if (!ADVAPI_IsLocalComputer(lpSystemName))
-+    RtlInitUnicodeString(&system_name, lpSystemName);
-+    status = LsaOpenPolicy(&system_name, NULL, POLICY_LOOKUP_NAMES, &lsa);
-+    if (status)
-     {
--        SetLastError(RPC_S_SERVER_UNAVAILABLE);
-+        SetLastError(LsaNtStatusToWinError(status));
-         return FALSE;
-     }
--    if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
--     lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
-+
-+    status = LsaLookupPrivilegeName(&lsa, lpLuid, &priv);
-+    LsaClose(lsa);
-+    if (status)
-     {
--        SetLastError(ERROR_NO_SUCH_PRIVILEGE);
-+        SetLastError(LsaNtStatusToWinError(status));
-         return FALSE;
-     }
--    privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
--    /* Windows crashes if cchName is NULL, so will I */
-+
-+    privNameLen = priv->Length / sizeof(WCHAR);
-     if (*cchName <= privNameLen)
-     {
-         *cchName = privNameLen + 1;
-+        LsaFreeMemory(priv);
-         SetLastError(ERROR_INSUFFICIENT_BUFFER);
-         return FALSE;
-     }
-     else
-     {
--        strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
-+        strcpyW(lpName, priv->Buffer);
-         *cchName = privNameLen;
-+        LsaFreeMemory(priv);
-         return TRUE;
-     }
- }
-diff --git a/include/ntsecapi.h b/include/ntsecapi.h
-index 2bb3d312e43..0bf0eca43ed 100644
---- a/include/ntsecapi.h
-+++ b/include/ntsecapi.h
-@@ -370,6 +370,7 @@ NTSTATUS WINAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,PLSA_REFEREN
-                                PLSA_TRANSLATED_SID*);
- NTSTATUS WINAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,PLSA_REFERENCED_DOMAIN_LIST*,
-                                 PLSA_TRANSLATED_SID2*);
-+NTSTATUS WINAPI LsaLookupPrivilegeName(LSA_HANDLE,PLUID,PUNICODE_STRING*);
- NTSTATUS WINAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID *,PLSA_REFERENCED_DOMAIN_LIST *,PLSA_TRANSLATED_NAME *);
- ULONG WINAPI LsaNtStatusToWinError(NTSTATUS);
- NTSTATUS WINAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,ACCESS_MASK,PLSA_HANDLE);
--- 
-2.14.1
-

patches/advapi-LsaLookupPrivilegeName/0004-advapi32-Add-stub-for-LsaLookupPrivilegeDisplayName.patch

@@ -1,62 +0,0 @@
-From 63d642a1af3ccc579123cb8fd13959ab5e9136dd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Mon, 6 Mar 2017 00:01:53 +0100
-Subject: advapi32: Add stub for LsaLookupPrivilegeDisplayName.
-
----
- dlls/advapi32/advapi32.spec |  2 +-
- dlls/advapi32/lsa.c         | 21 +++++++++++++++++++++
- 2 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
-index 124f527282..0b03cec3f5 100644
---- a/dlls/advapi32/advapi32.spec
-+++ b/dlls/advapi32/advapi32.spec
-@@ -468,7 +468,7 @@
- # @ stub LsaICLookupSidsWithCreds
- @ stdcall LsaLookupNames(long long ptr ptr ptr)
- @ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
--@ stub LsaLookupPrivilegeDisplayName
-+@ stdcall LsaLookupPrivilegeDisplayName(long ptr ptr ptr)
- @ stdcall LsaLookupPrivilegeName(long ptr ptr)
- # @ stub LsaLookupPrivilegeValue
- @ stdcall LsaLookupSids(ptr long ptr ptr ptr)
-diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index ceb3b05c05..c2e02fb462 100644
---- a/dlls/advapi32/lsa.c
-+++ b/dlls/advapi32/lsa.c
-@@ -44,6 +44,12 @@ WINE_DEFAULT_DEBUG_CHANNEL(advapi);
-         return FailureCode; \
- }
- 
-+static LPCSTR debugstr_us( const UNICODE_STRING *us )
-+{
-+    if (!us) return "(null)";
-+    return debugstr_wn(us->Buffer, us->Length / sizeof(WCHAR));
-+}
-+
- static void dumpLsaAttributes(const LSA_OBJECT_ATTRIBUTES *oa)
- {
-     if (oa)
-@@ -1011,3 +1017,18 @@ NTSTATUS WINAPI LsaLookupPrivilegeName(
-     *name = priv_unicode;
-     return STATUS_SUCCESS;
- }
-+
-+/******************************************************************************
-+ * LsaLookupPrivilegeDisplayName [ADVAPI32.@]
-+ *
-+ */
-+NTSTATUS WINAPI LsaLookupPrivilegeDisplayName(
-+    LSA_HANDLE handle,
-+    PLSA_UNICODE_STRING name,
-+    PLSA_UNICODE_STRING *dispname,
-+    SHORT *language)
-+{
-+    FIXME("(%p, %s, %p, %p)\n", handle, debugstr_us(name), dispname, language);
-+
-+    return STATUS_NO_SUCH_PRIVILEGE;
-+}
--- 
-2.11.0
-

patches/advapi-LsaLookupPrivilegeName/definition

@@ -1 +0,0 @@
-Fixes: [43316] Add LsaLookupPrivilege[Display]Name stubs

patches/advapi32-BuildSecurityDescriptor/0001-advapi32-Implement-BuildSecurityDescriptorW.patch

@@ -1,25 +1,25 @@
-From 994fe46f1b68d851d285a29cce904bd9f22540ea Mon Sep 17 00:00:00 2001
+From 95fd708dbdd9f8d61fdd8f1571c44e98c54b8988 Mon Sep 17 00:00:00 2001
 From: Andrew Wesie <awesie@gmail.com>
 Date: Tue, 2 May 2017 00:59:49 -0500
-Subject: advapi32: Implement BuildSecurityDescriptorW.
+Subject: [PATCH] advapi32: Implement BuildSecurityDescriptorW.
 
 ---
  dlls/advapi32/security.c | 218 +++++++++++++++++++++++++++++++++++------------
  1 file changed, 164 insertions(+), 54 deletions(-)
 
 diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index 24ec3099713..82bb6689d43 100644
+index 6f4fb44..3737827 100644
 --- a/dlls/advapi32/security.c
 +++ b/dlls/advapi32/security.c
-@@ -58,6 +58,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
-     SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
-     LPDWORD cBytes);
- static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
+@@ -48,6 +48,7 @@
+ WINE_DEFAULT_DEBUG_CHANNEL(advapi);
+ 
+ static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
 +static DWORD trustee_to_sid(DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee);
  
  typedef struct _ACEFLAG
  {
-@@ -1264,16 +1265,122 @@ DWORD WINAPI BuildSecurityDescriptorW(
+@@ -1255,16 +1256,122 @@ DWORD WINAPI BuildSecurityDescriptorW(
      IN ULONG cCountOfAccessEntries,
      IN PEXPLICIT_ACCESSW pListOfAccessEntries,
      IN ULONG cCountOfAuditEntries,
@@ -147,7 +147,7 @@ index 24ec3099713..82bb6689d43 100644
  } 
  
  /******************************************************************************
-@@ -3766,6 +3873,56 @@ static void free_trustee_name(TRUSTEE_FORM form, WCHAR *trustee_nameW)
+@@ -3754,6 +3861,56 @@ static void free_trustee_name(TRUSTEE_FORM form, WCHAR *trustee_nameW)
      }
  }
  
@@ -204,7 +204,7 @@ index 24ec3099713..82bb6689d43 100644
  /******************************************************************************
   * SetEntriesInAclA [ADVAPI32.@]
   */
-@@ -3861,56 +4018,9 @@ DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
+@@ -3849,56 +4006,9 @@ DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
                pEntries[i].Trustee.TrusteeForm, pEntries[i].Trustee.TrusteeType,
                pEntries[i].Trustee.ptstrName);
  
@@ -264,5 +264,5 @@ index 24ec3099713..82bb6689d43 100644
          /* Note: we overestimate the ACL size here as a tradeoff between
           * instructions (simplicity) and memory */
 -- 
-2.12.2
+1.9.1
 

patches/advapi32-BuildSecurityDescriptor/definition

@@ -1,2 +1 @@
-Fixes: Initial implementation of advapi32.BuildSecurityDescriptorW
-Depends: advapi32-GetExplicitEntriesFromAclW
+Fixes: [37594] Initial implementation of advapi32.BuildSecurityDescriptorW

patches/advapi32-CreateRestrictedToken/definition

@@ -1 +1 @@
-Fixes: Implement advapi32.CreateRestrictedToken
+Fixes: [25834] Implement advapi32.CreateRestrictedToken

patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch

@@ -1,279 +0,0 @@
-From 510d9f43f441bc3a9723aabfd2c1cdc8737d6dcc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 28 Aug 2016 21:56:41 +0200
-Subject: advapi32: Implement GetExplicitEntriesFromAclW.
-
----
- dlls/advapi32/security.c       |  81 ++++++++++++++++++++++-
- dlls/advapi32/tests/security.c | 142 +++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 221 insertions(+), 2 deletions(-)
-
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index e36792cff4..b305947347 100644
---- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -4205,8 +4205,85 @@ DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntr
- DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
-         PEXPLICIT_ACCESSW* pListOfExplicitEntries)
- {
--    FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
--    return ERROR_CALL_NOT_IMPLEMENTED;
-+    ACL_SIZE_INFORMATION sizeinfo;
-+    EXPLICIT_ACCESSW* entries;
-+    MAX_SID *sid_entries;
-+    ACE_HEADER *ace;
-+    NTSTATUS status;
-+    int i;
-+
-+    FIXME("%p %p %p: semi-stub\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
-+
-+    if (!pcCountOfExplicitEntries || !pListOfExplicitEntries)
-+        return ERROR_INVALID_PARAMETER;
-+
-+    status = RtlQueryInformationAcl(pacl, &sizeinfo, sizeof(sizeinfo), AclSizeInformation);
-+    if (status) return RtlNtStatusToDosError(status);
-+
-+    if (!sizeinfo.AceCount)
-+    {
-+        *pcCountOfExplicitEntries = 0;
-+        *pListOfExplicitEntries = NULL;
-+        return ERROR_SUCCESS;
-+    }
-+
-+    entries = LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, (sizeof(EXPLICIT_ACCESSW) + sizeof(MAX_SID)) * sizeinfo.AceCount);
-+    if (!entries) return ERROR_OUTOFMEMORY;
-+    sid_entries = (MAX_SID*)((char*)entries + sizeof(EXPLICIT_ACCESSW) * sizeinfo.AceCount);
-+
-+    for (i = 0; i < sizeinfo.AceCount; i++)
-+    {
-+        status = RtlGetAce(pacl, i, (void**)&ace);
-+        if (status) goto error;
-+
-+        switch (ace->AceType)
-+        {
-+            case ACCESS_ALLOWED_ACE_TYPE:
-+            {
-+                ACCESS_ALLOWED_ACE *allow = (ACCESS_ALLOWED_ACE *)ace;
-+                entries[i].grfAccessMode = GRANT_ACCESS;
-+                entries[i].grfInheritance = ace->AceFlags;
-+                entries[i].grfAccessPermissions = allow->Mask;
-+
-+                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&allow->SidStart);
-+                entries[i].Trustee.pMultipleTrustee = NULL;
-+                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
-+                break;
-+            }
-+
-+            case ACCESS_DENIED_ACE_TYPE:
-+            {
-+                ACCESS_DENIED_ACE *deny = (ACCESS_DENIED_ACE *)ace;
-+                entries[i].grfAccessMode = DENY_ACCESS;
-+                entries[i].grfInheritance = ace->AceFlags;
-+                entries[i].grfAccessPermissions = deny->Mask;
-+
-+                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&deny->SidStart);
-+                entries[i].Trustee.pMultipleTrustee = NULL;
-+                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
-+                break;
-+            }
-+
-+            default:
-+                FIXME("Unhandled ace type %d\n", ace->AceType);
-+                entries[i].grfAccessMode = NOT_USED_ACCESS;
-+                continue;
-+        }
-+    }
-+
-+    *pcCountOfExplicitEntries = sizeinfo.AceCount;
-+    *pListOfExplicitEntries = entries;
-+    return ERROR_SUCCESS;
-+
-+error:
-+    LocalFree(entries);
-+    return RtlNtStatusToDosError(status);
- }
- 
- /******************************************************************************
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 3c68205922..ca5edffae5 100644
---- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -134,6 +134,7 @@ static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
- static void     (WINAPI *pRtlInitAnsiString)(PANSI_STRING,PCSZ);
- static NTSTATUS (WINAPI *pRtlFreeUnicodeString)(PUNICODE_STRING);
- static PSID_IDENTIFIER_AUTHORITY (WINAPI *pGetSidIdentifierAuthority)(PSID);
-+static DWORD    (WINAPI *pGetExplicitEntriesFromAclW)(PACL,PULONG,PEXPLICIT_ACCESSW*);
- 
- static HMODULE hmod;
- static int     myARGC;
-@@ -230,6 +231,7 @@ static void init(void)
-     pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
-     pGetSidIdentifierAuthority = (void *)GetProcAddress(hmod, "GetSidIdentifierAuthority");
-     pDuplicateTokenEx = (void *)GetProcAddress(hmod, "DuplicateTokenEx");
-+    pGetExplicitEntriesFromAclW = (void *)GetProcAddress(hmod, "GetExplicitEntriesFromAclW");
- 
-     myARGC = winetest_get_mainargs( &myARGV );
- }
-@@ -7076,6 +7078,145 @@ static void test_child_token_sd(void)
-     HeapFree(GetProcessHeap(), 0, sd);
- }
- 
-+static void test_GetExplicitEntriesFromAclW(void)
-+{
-+    static const WCHAR wszCurrentUser[] = { 'C','U','R','R','E','N','T','_','U','S','E','R','\0'};
-+    SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY };
-+    SID_IDENTIFIER_AUTHORITY SIDAuthNT = { SECURITY_NT_AUTHORITY };
-+    PSID everyone_sid = NULL, users_sid = NULL;
-+    EXPLICIT_ACCESSW access;
-+    EXPLICIT_ACCESSW *access2;
-+    PACL new_acl, old_acl = NULL;
-+    ULONG count;
-+    DWORD res;
-+
-+    if (!pGetExplicitEntriesFromAclW)
-+    {
-+        win_skip("GetExplicitEntriesFromAclW is not available\n");
-+        return;
-+    }
-+
-+    if (!pSetEntriesInAclW)
-+    {
-+        win_skip("SetEntriesInAclW is not available\n");
-+        return;
-+    }
-+
-+    old_acl = HeapAlloc(GetProcessHeap(), 0, 256);
-+    res = InitializeAcl(old_acl, 256, ACL_REVISION);
-+    if(!res && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
-+    {
-+        win_skip("ACLs not implemented - skipping tests\n");
-+        HeapFree(GetProcessHeap(), 0, old_acl);
-+        return;
-+    }
-+    ok(res, "InitializeAcl failed with error %d\n", GetLastError());
-+
-+    res = AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
-+    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
-+
-+    res = AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID,
-+                                   DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &users_sid);
-+    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
-+
-+    res = AddAccessAllowedAce(old_acl, ACL_REVISION, KEY_READ, users_sid);
-+    ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError());
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(old_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 1, "Expected count == 1, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_READ, "Expected KEY_READ, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, users_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+
-+    access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+    access.Trustee.pMultipleTrustee = NULL;
-+
-+    access.grfAccessPermissions = KEY_WRITE;
-+    access.grfAccessMode = GRANT_ACCESS;
-+    access.grfInheritance = NO_INHERITANCE;
-+    access.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+    access.Trustee.ptstrName = everyone_sid;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-+    access.Trustee.ptstrName = (LPWSTR)wszCurrentUser;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.grfAccessMode = REVOKE_ACCESS;
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+    access.Trustee.ptstrName = users_sid;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = (void *)0xdeadbeef;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 0, "Expected count == 0, got %d\n", count);
-+    ok(access2 == NULL, "access2 was not NULL\n");
-+    LocalFree(new_acl);
-+
-+    FreeSid(users_sid);
-+    FreeSid(everyone_sid);
-+    HeapFree(GetProcessHeap(), 0, old_acl);
-+}
-+
- START_TEST(security)
- {
-     init();
-@@ -7129,6 +7270,7 @@ START_TEST(security)
-     test_pseudo_tokens();
-     test_maximum_allowed();
-     test_token_label();
-+    test_GetExplicitEntriesFromAclW();
- 
-     /* Must be the last test, modifies process token */
-     test_token_security_descriptor();
--- 
-2.13.1
-

patches/advapi32-GetExplicitEntriesFromAclW/definition

@@ -1 +0,0 @@
-Fixes: Implement semi-stub for advapi32.GetExplicitEntriesFromAclW

patches/advapi32-Token_Integrity_Level/0004-server-Implement-token-integrity-level.patch

@@ -1,7 +1,7 @@
-From 3092c9de3ac89e77a139db97a33b8b15f9a12eac Mon Sep 17 00:00:00 2001
+From 971789f2af6149998e54382522569b3790309cf2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 02:28:35 +0200
-Subject: server: Implement token integrity level.
+Subject: [PATCH] server: Implement token integrity level.
 
 ---
  dlls/ntdll/nt.c     | 23 ++++++++++++++---------
@@ -10,10 +10,10 @@ Subject: server: Implement token integrity level.
  3 files changed, 48 insertions(+), 12 deletions(-)
 
 diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index dda6cabe1cf..6f2b24e6ba4 100644
+index 9e60196..59c6e49 100644
 --- a/dlls/ntdll/nt.c
 +++ b/dlls/ntdll/nt.c
-@@ -372,7 +372,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
+@@ -340,7 +340,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
          0,    /* TokenAccessInformation */
          0,    /* TokenVirtualizationAllowed */
          0,    /* TokenVirtualizationEnabled */
@@ -21,8 +21,8 @@ index dda6cabe1cf..6f2b24e6ba4 100644
 +        0,    /* TokenIntegrityLevel */
          0,    /* TokenUIAccess */
          0,    /* TokenMandatoryPolicy */
-         sizeof(TOKEN_GROUPS) + sizeof(logon_sid), /* TokenLogonSid */
-@@ -625,18 +625,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
+         0,    /* TokenLogonSid */
+@@ -593,18 +593,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
          }
          break;
      case TokenIntegrityLevel:
@@ -55,10 +55,10 @@ index dda6cabe1cf..6f2b24e6ba4 100644
      case TokenAppContainerSid:
          {
 diff --git a/server/protocol.def b/server/protocol.def
-index 33f1d5f0ab8..ac2e2242511 100644
+index c961eaf..0bb04cd 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3424,6 +3424,13 @@ enum caret_state
+@@ -3388,6 +3388,13 @@ enum caret_state
      VARARG(sid,SID);              /* the sid specified by which_sid from the token */
  @END
  
@@ -73,10 +73,10 @@ index 33f1d5f0ab8..ac2e2242511 100644
      obj_handle_t    handle;       /* handle to the token */
  @REPLY
 diff --git a/server/token.c b/server/token.c
-index 292e1df80fd..8d2de6ab58e 100644
+index 355a523..1ed994a 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -127,6 +127,7 @@ struct token
+@@ -112,6 +112,7 @@ struct token
      TOKEN_SOURCE   source;          /* source of the token */
      int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
      TOKEN_ELEVATION_TYPE elevation; /* elevation level */
@@ -84,7 +84,7 @@ index 292e1df80fd..8d2de6ab58e 100644
  };
  
  struct privilege
-@@ -567,7 +568,8 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -544,7 +545,8 @@ static struct token *create_token( unsigned primary, const SID *user,
                                     const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                     const ACL *default_dacl, TOKEN_SOURCE source,
                                     const luid_t *modified_id,
@@ -94,7 +94,7 @@ index 292e1df80fd..8d2de6ab58e 100644
  {
      struct token *token = alloc_object( &token_ops );
      if (token)
-@@ -648,6 +650,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -625,6 +627,7 @@ static struct token *create_token( unsigned primary, const SID *user,
          }
  
          token->source = source;
@@ -102,7 +102,7 @@ index 292e1df80fd..8d2de6ab58e 100644
      }
      return token;
  }
-@@ -703,7 +706,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -680,7 +683,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
                            NULL, 0, src_token->default_dacl,
                            src_token->source, modified_id,
                            impersonation_level,
@@ -112,7 +112,7 @@ index 292e1df80fd..8d2de6ab58e 100644
      if (!token) return token;
  
      /* copy groups */
-@@ -907,7 +911,7 @@ struct token *token_create_admin( void )
+@@ -884,7 +888,7 @@ struct token *token_create_admin( void )
          static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
          token = create_token( TRUE, user_sid, admin_groups, sizeof(admin_groups)/sizeof(admin_groups[0]),
                                admin_privs, sizeof(admin_privs)/sizeof(admin_privs[0]), default_dacl,
@@ -121,7 +121,7 @@ index 292e1df80fd..8d2de6ab58e 100644
          /* we really need a primary group */
          assert( token->primary_group );
      }
-@@ -1550,6 +1554,26 @@ DECL_HANDLER(get_token_sid)
+@@ -1530,6 +1534,26 @@ DECL_HANDLER(get_token_sid)
      }
  }
  
@@ -149,5 +149,5 @@ index 292e1df80fd..8d2de6ab58e 100644
  DECL_HANDLER(get_token_groups)
  {
 -- 
-2.13.1
+1.9.1
 

patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch

@@ -1,7 +1,8 @@
-From 0d98f9a1ea69511f6bb2901e71c72ac715bffd27 Mon Sep 17 00:00:00 2001
+From d67d7293a17592b580d284fa68881a613e61f591 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 01:45:29 +0200
-Subject: ntdll: Add function to create new tokens for elevation purposes.
+Subject: [PATCH] ntdll: Add function to create new tokens for elevation
+ purposes.
 
 ---
  dlls/ntdll/ntdll.spec   |  3 ++
@@ -13,12 +14,12 @@ Subject: ntdll: Add function to create new tokens for elevation purposes.
  6 files changed, 117 insertions(+)
 
 diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index 30dfa60b1a0..69bfe923234 100644
+index dbead5e..586b504 100644
 --- a/dlls/ntdll/ntdll.spec
 +++ b/dlls/ntdll/ntdll.spec
-@@ -1480,6 +1480,9 @@
- @ cdecl wine_server_send_fd(long)
- @ cdecl __wine_make_process_system()
+@@ -1482,6 +1482,9 @@
+ # Virtual memory
+ @ cdecl __wine_locked_recvmsg(long ptr long)
  
 +# Token
 +@ cdecl __wine_create_default_token(long)
@@ -27,10 +28,10 @@ index 30dfa60b1a0..69bfe923234 100644
  @ cdecl wine_get_version() NTDLL_wine_get_version
  @ cdecl wine_get_patches() NTDLL_wine_get_patches
 diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
-index c97b1e1f73f..030704e1727 100644
+index 8a64338..137a22d 100644
 --- a/dlls/ntdll/ntdll_misc.h
 +++ b/dlls/ntdll/ntdll_misc.h
-@@ -77,6 +77,9 @@ extern void virtual_init_threading(void) DECLSPEC_HIDDEN;
+@@ -80,6 +80,9 @@ extern void virtual_init_threading(void) DECLSPEC_HIDDEN;
  extern void fill_cpu_info(void) DECLSPEC_HIDDEN;
  extern void heap_set_debug_flags( HANDLE handle ) DECLSPEC_HIDDEN;
  
@@ -41,7 +42,7 @@ index c97b1e1f73f..030704e1727 100644
  extern timeout_t server_start_time DECLSPEC_HIDDEN;
  extern unsigned int server_cpus DECLSPEC_HIDDEN;
 diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
-index f615ce2fea7..77048003ace 100644
+index 40034b4..1ebbb79 100644
 --- a/dlls/ntdll/process.c
 +++ b/dlls/ntdll/process.c
 @@ -99,6 +99,24 @@ HANDLE CDECL __wine_make_process_system(void)
@@ -70,10 +71,10 @@ index f615ce2fea7..77048003ace 100644
  
  #define UNIMPLEMENTED_INFO_CLASS(c) \
 diff --git a/server/protocol.def b/server/protocol.def
-index b5b2650c8ed..9140feee717 100644
+index 0bb04cd..f2deca6 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3615,6 +3615,14 @@ struct handle_info
+@@ -3641,6 +3641,14 @@ struct handle_info
  @END
  
  
@@ -89,7 +90,7 @@ index b5b2650c8ed..9140feee717 100644
  @REQ(create_completion)
      unsigned int access;          /* desired access to a port */
 diff --git a/server/security.h b/server/security.h
-index 6c337143c3d..21e90ccf23f 100644
+index 6c33714..21e90cc 100644
 --- a/server/security.h
 +++ b/server/security.h
 @@ -49,6 +49,7 @@ extern const PSID security_builtin_users_sid;
@@ -101,18 +102,18 @@ index 6c337143c3d..21e90ccf23f 100644
  
  /* token functions */
 diff --git a/server/token.c b/server/token.c
-index 3301283ee25..7abd92386ea 100644
+index 7776cbe..64ab565 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -71,6 +71,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
+@@ -79,6 +79,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
  static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
  static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
  static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } };
 +static const SID medium_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_MEDIUM_RID } };
- static const struct /* same fields as struct SID */
- {
-     BYTE Revision;
-@@ -110,6 +111,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
+ static const SID_N(5) local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
+ static const SID_N(2) builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
+ static const SID_N(2) builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
+@@ -95,6 +96,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
  const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
  const PSID security_domain_users_sid = (PSID)&domain_users_sid;
  const PSID security_high_label_sid = (PSID)&high_label_sid;
@@ -120,7 +121,7 @@ index 3301283ee25..7abd92386ea 100644
  
  static luid_t prev_luid_value = { 1000, 0 };
  
-@@ -915,6 +917,64 @@ struct token *token_create_admin( void )
+@@ -901,6 +903,64 @@ struct token *token_create_admin( void )
      return token;
  }
  
@@ -185,7 +186,7 @@ index 3301283ee25..7abd92386ea 100644
  static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
  {
      struct privilege *privilege;
-@@ -1729,3 +1789,27 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1718,3 +1778,27 @@ DECL_HANDLER(set_token_default_dacl)
          release_object( token );
      }
  }
@@ -214,5 +215,5 @@ index 3301283ee25..7abd92386ea 100644
 +    }
 +}
 -- 
-2.14.1
+1.9.1
 

patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch

@@ -1,7 +1,7 @@
-From e15be9d22652dbf7ef027ce5f3ef3faa42139c7a Mon Sep 17 00:00:00 2001
+From 3ff546b9cbde1d0f5ea43c5cbb92ac8dc2028676 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 03:39:55 +0200
-Subject: ntdll: Implement process token elevation through manifests.
+Subject: [PATCH] ntdll: Implement process token elevation through manifests.
 
 ---
  dlls/ntdll/loader.c | 37 +++++++++++++++++++++++++++++++++++++
@@ -12,10 +12,10 @@ Subject: ntdll: Implement process token elevation through manifests.
  5 files changed, 67 insertions(+)
 
 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index cdf8d586c36..5162e2fc0ec 100644
+index 3fcbbf77a5..2399f1246e 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
-@@ -3095,6 +3095,32 @@ static void load_global_options(void)
+@@ -3054,6 +3054,32 @@ NTSTATUS attach_dlls( CONTEXT *context )
  }
  
  
@@ -46,18 +46,18 @@ index cdf8d586c36..5162e2fc0ec 100644
 +
 +
  /***********************************************************************
-  *           start_process
+  *           load_global_options
   */
-@@ -3111,6 +3137,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+@@ -3115,6 +3141,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
                                  ULONG_PTR unknown3, ULONG_PTR unknown4 )
  {
      static const WCHAR globalflagW[] = {'G','l','o','b','a','l','F','l','a','g',0};
 +    ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION runlevel;
-     LARGE_INTEGER timeout;
      NTSTATUS status;
      WINE_MODREF *wm;
-@@ -3154,6 +3181,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
-     if ((status = fixup_imports( wm, load_path )) != STATUS_SUCCESS) goto error;
+     PEB *peb = NtCurrentTeb()->Peb;
+@@ -3142,6 +3169,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+                                        REG_DWORD, &peb->NtGlobalFlag, sizeof(peb->NtGlobalFlag), NULL );
      heap_set_debug_flags( GetProcessHeap() );
  
 +    /* elevate process if necessary */
@@ -70,14 +70,14 @@ index cdf8d586c36..5162e2fc0ec 100644
 +        elevate_process();  /* FIXME: the process exists with a wrong token for a short time */
 +    }
 +
-     status = wine_call_on_stack( attach_process_dlls, wm, (char *)NtCurrentTeb()->Tib.StackBase - page_size );
-     if (status != STATUS_SUCCESS) goto error;
- 
+     /* the main exe needs to be the first in the load order list */
+     RemoveEntryList( &wm->ldr.InLoadOrderModuleList );
+     InsertHeadList( &peb->LdrData->InLoadOrderModuleList, &wm->ldr.InLoadOrderModuleList );
 diff --git a/server/process.c b/server/process.c
-index f8969433ede..10cf39d8962 100644
+index ee85249bd4..81cea2f1ba 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -1136,6 +1136,14 @@ struct process_snapshot *process_snap( int *count )
+@@ -1133,6 +1133,14 @@ struct process_snapshot *process_snap( int *count )
      return snapshot;
  }
  
@@ -93,10 +93,10 @@ index f8969433ede..10cf39d8962 100644
  DECL_HANDLER(new_process)
  {
 diff --git a/server/process.h b/server/process.h
-index 548796f9c22..262eb59627b 100644
+index f22c128f07..78e88ec350 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -137,6 +137,7 @@ extern void break_process( struct process *process );
+@@ -136,6 +136,7 @@ extern void break_process( struct process *process );
  extern void detach_debugged_processes( struct thread *debugger );
  extern struct process_snapshot *process_snap( int *count );
  extern void enum_processes( int (*cb)(struct process*, void*), void *user);
@@ -105,10 +105,10 @@ index 548796f9c22..262eb59627b 100644
  /* console functions */
  extern void inherit_console(struct thread *parent_thread, struct process *process, obj_handle_t hconin);
 diff --git a/server/protocol.def b/server/protocol.def
-index 7590541ac8a..55cc768d21a 100644
+index 0abd1683f0..5fb6e38ea5 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3610,6 +3610,13 @@ struct handle_info
+@@ -3654,6 +3654,13 @@ struct handle_info
  @END
  
  
@@ -123,10 +123,10 @@ index 7590541ac8a..55cc768d21a 100644
  @REQ(create_completion)
      unsigned int access;          /* desired access to a port */
 diff --git a/server/token.c b/server/token.c
-index 7abd92386ea..49e84362a83 100644
+index 64ab565a95..52fa10d52e 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -1813,3 +1813,17 @@ DECL_HANDLER(create_token)
+@@ -1802,3 +1802,17 @@ DECL_HANDLER(create_token)
          release_object( token );
      }
  }
@@ -145,5 +145,5 @@ index 7abd92386ea..49e84362a83 100644
 +    }
 +}
 -- 
-2.14.1
+2.16.1
 

patches/advapi32-Token_Integrity_Level/0009-kernel32-Implement-CreateProcessInternalW.patch

@@ -1,7 +1,7 @@
-From 1546d28f3e52363ad805a1c1df1a3163d65afbed Mon Sep 17 00:00:00 2001
+From 796879e9a1840f7b893933d37821751cf1d35048 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 04:02:16 +0200
-Subject: kernel32: Implement CreateProcessInternalW.
+Subject: [PATCH] kernel32: Implement CreateProcessInternalW.
 
 ---
  dlls/kernel32/kernel32.spec     |  2 +-
@@ -11,7 +11,7 @@ Subject: kernel32: Implement CreateProcessInternalW.
  4 files changed, 17 insertions(+), 12 deletions(-)
 
 diff --git a/dlls/kernel32/kernel32.spec b/dlls/kernel32/kernel32.spec
-index c60c5d6e532..7b5397a126e 100644
+index 60809f4..59915f9 100644
 --- a/dlls/kernel32/kernel32.spec
 +++ b/dlls/kernel32/kernel32.spec
 @@ -315,7 +315,7 @@
@@ -24,10 +24,10 @@ index c60c5d6e532..7b5397a126e 100644
  @ stdcall CreateProcessW(wstr wstr ptr ptr long long ptr wstr ptr ptr)
  @ stdcall CreateRemoteThread(long ptr long ptr long long ptr)
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 46449c9bf34..6cae911fdfb 100644
+index e7f9fd9..d37003c 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -2441,12 +2441,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
+@@ -2432,12 +2432,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
      return ret;
  }
  
@@ -47,7 +47,7 @@ index 46449c9bf34..6cae911fdfb 100644
  {
      BOOL retv = FALSE;
      HANDLE hFile = 0;
-@@ -2459,6 +2460,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
+@@ -2450,6 +2451,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
  
      TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
  
@@ -57,7 +57,7 @@ index 46449c9bf34..6cae911fdfb 100644
      if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, sizeof(name)/sizeof(WCHAR),
                                          &hFile, &binary_info )))
          return FALSE;
-@@ -2610,8 +2614,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
+@@ -2601,8 +2605,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
        FIXME("StartupInfo.lpReserved is used, please report (%s)\n",
              debugstr_a(startup_info->lpReserved));
  
@@ -68,7 +68,7 @@ index 46449c9bf34..6cae911fdfb 100644
  done:
      HeapFree( GetProcessHeap(), 0, app_nameW );
      HeapFree( GetProcessHeap(), 0, cmd_lineW );
-@@ -2630,8 +2634,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
+@@ -2621,8 +2625,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
                                                LPVOID env, LPCWSTR cur_dir, LPSTARTUPINFOW startup_info,
                                                LPPROCESS_INFORMATION info )
  {
@@ -80,7 +80,7 @@ index 46449c9bf34..6cae911fdfb 100644
  
  
 diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec
-index bf254155aab..7b8c8c44161 100644
+index 1a6f1ff..8d2b722 100644
 --- a/dlls/kernelbase/kernelbase.spec
 +++ b/dlls/kernelbase/kernelbase.spec
 @@ -209,7 +209,7 @@
@@ -91,12 +91,12 @@ index bf254155aab..7b8c8c44161 100644
 +@ stdcall CreateProcessInternalW(long wstr wstr ptr ptr long long ptr wstr ptr ptr ptr) kernel32.CreateProcessInternalW
  @ stdcall CreateProcessW(wstr wstr ptr ptr long long ptr wstr ptr ptr) kernel32.CreateProcessW
  @ stdcall CreateRemoteThread(long ptr long ptr long long ptr) kernel32.CreateRemoteThread
- @ stdcall CreateRemoteThreadEx(long ptr long ptr long long ptr ptr) kernel32.CreateRemoteThreadEx
+ @ stdcall CreateRemoteThreadEx(long ptr long ptr ptr long ptr ptr) kernel32.CreateRemoteThreadEx
 diff --git a/include/winbase.h b/include/winbase.h
-index 24efbd865ab..7982fa4a070 100644
+index 8d65d78..35a2213 100644
 --- a/include/winbase.h
 +++ b/include/winbase.h
-@@ -1847,6 +1847,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
+@@ -1856,6 +1856,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
  WINADVAPI  BOOL        WINAPI CreateProcessAsUserA(HANDLE,LPCSTR,LPSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCSTR,LPSTARTUPINFOA,LPPROCESS_INFORMATION);
  WINADVAPI  BOOL        WINAPI CreateProcessAsUserW(HANDLE,LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCWSTR,LPSTARTUPINFOW,LPPROCESS_INFORMATION);
  #define                       CreateProcessAsUser WINELIB_NAME_AW(CreateProcessAsUser)
@@ -105,5 +105,5 @@ index 24efbd865ab..7982fa4a070 100644
  WINBASEAPI HANDLE      WINAPI CreateRemoteThread(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPDWORD);
  WINBASEAPI HANDLE      WINAPI CreateRemoteThreadEx(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPPROC_THREAD_ATTRIBUTE_LIST,LPDWORD);
 -- 
-2.13.1
+1.9.1
 

patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch

@@ -1,4 +1,4 @@
-From 9709db4e722195a70c5950b78b445c71eac495af Mon Sep 17 00:00:00 2001
+From 2993a76ec1711bb3ea1e889289f8d129f17ae2a3 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 6 Aug 2017 02:08:05 +0200
 Subject: server: Implement support for creating processes using a token.
@@ -14,10 +14,10 @@ Subject: server: Implement support for creating processes using a token.
  7 files changed, 59 insertions(+), 21 deletions(-)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index cacdcb3b621..3ae9d175a79 100644
+index c3dcd1349b3..69a026d5441 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -2064,7 +2064,7 @@ static NTSTATUS create_struct_sd(PSECURITY_DESCRIPTOR nt_sd, struct security_des
+@@ -2051,7 +2051,7 @@ static NTSTATUS create_struct_sd(PSECURITY_DESCRIPTOR nt_sd, struct security_des
   * Create a new process. If hFile is a valid handle we have an exe
   * file, otherwise it is a Winelib app.
   */
@@ -26,7 +26,7 @@ index cacdcb3b621..3ae9d175a79 100644
                              LPCWSTR cur_dir, LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                              BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
                              LPPROCESS_INFORMATION info, LPCSTR unixdir,
-@@ -2210,6 +2210,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
+@@ -2197,6 +2197,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
          req->info_size      = startup_info_size;
          req->env_size       = (env_end - env) * sizeof(WCHAR);
          req->process_sd_size = process_sd_size;
@@ -34,7 +34,7 @@ index cacdcb3b621..3ae9d175a79 100644
  
          wine_server_add_data( req, startup_info, startup_info_size );
          wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
-@@ -2310,7 +2311,7 @@ error:
+@@ -2297,7 +2298,7 @@ error:
   *
   * Create a new VDM process for a 16-bit or DOS application.
   */
@@ -43,7 +43,7 @@ index cacdcb3b621..3ae9d175a79 100644
                                  LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                                  BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
                                  LPPROCESS_INFORMATION info, LPCSTR unixdir,
-@@ -2334,7 +2335,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
+@@ -2321,7 +2322,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
          return FALSE;
      }
      sprintfW(new_cmd_line, argsW, winevdmW, buffer, cmd_line);
@@ -52,7 +52,7 @@ index cacdcb3b621..3ae9d175a79 100644
                            flags, startup, info, unixdir, binary_info, exec_only );
      HeapFree( GetProcessHeap(), 0, new_cmd_line );
      return ret;
-@@ -2346,7 +2347,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
+@@ -2333,7 +2334,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
   *
   * Create a new cmd shell process for a .BAT file.
   */
@@ -61,7 +61,7 @@ index cacdcb3b621..3ae9d175a79 100644
                                  LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                                  BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
                                  LPPROCESS_INFORMATION info )
-@@ -2371,8 +2372,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
+@@ -2358,8 +2359,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
      strcpyW( newcmdline, comspec );
      strcatW( newcmdline, slashcW );
      strcatW( newcmdline, cmd_line );
@@ -72,7 +72,7 @@ index cacdcb3b621..3ae9d175a79 100644
      HeapFree( GetProcessHeap(), 0, newcmdline );
      return ret;
  }
-@@ -2482,7 +2483,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2469,7 +2470,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
  
      TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
  
@@ -83,10 +83,10 @@ index cacdcb3b621..3ae9d175a79 100644
      if (new_token) FIXME("No support for returning created process token\n");
  
      if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, sizeof(name)/sizeof(WCHAR),
-@@ -2540,20 +2543,20 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2527,20 +2530,20 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
                 debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
-                binary_info.res_start, binary_info.res_end, binary_info.arch,
-                (binary_info.flags & BINARY_FLAG_FAKEDLL) ? ", fakedll" : "" );
+                wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
+                binary_info.arch, (binary_info.flags & BINARY_FLAG_FAKEDLL) ? ", fakedll" : "" );
 -        retv = create_process( hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +        retv = create_process( token, hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
                                 inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
@@ -107,7 +107,7 @@ index cacdcb3b621..3ae9d175a79 100644
                                 inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
          break;
      case BINARY_UNKNOWN:
-@@ -2565,7 +2568,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2552,7 +2555,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
                  TRACE( "starting %s as DOS binary\n", debugstr_w(name) );
                  binary_info.type = BINARY_DOS;
                  binary_info.arch = IMAGE_FILE_MACHINE_I386;
@@ -116,7 +116,7 @@ index cacdcb3b621..3ae9d175a79 100644
                                             inherit, flags, startup_info, info, unixdir,
                                             &binary_info, FALSE );
                  break;
-@@ -2573,7 +2576,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2560,7 +2563,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
              if (!strcmpiW( p, batW ) || !strcmpiW( p, cmdW ) )
              {
                  TRACE( "starting %s as batch binary\n", debugstr_w(name) );
@@ -125,10 +125,10 @@ index cacdcb3b621..3ae9d175a79 100644
                                             inherit, flags, startup_info, info );
                  break;
              }
-@@ -2692,12 +2695,12 @@ static void exec_process( LPCWSTR name )
-         TRACE( "starting %s as Win%d binary (%p-%p, arch %04x)\n",
+@@ -2680,12 +2683,12 @@ static void exec_process( LPCWSTR name )
                 debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
-                binary_info.res_start, binary_info.res_end, binary_info.arch );
+                wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
+                binary_info.arch );
 -        create_process( hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
 +        create_process( NULL, hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
                          FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
@@ -140,7 +140,7 @@ index cacdcb3b621..3ae9d175a79 100644
                          FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
          break;
      case BINARY_UNKNOWN:
-@@ -2711,7 +2714,7 @@ static void exec_process( LPCWSTR name )
+@@ -2699,7 +2702,7 @@ static void exec_process( LPCWSTR name )
      case BINARY_WIN16:
      case BINARY_DOS:
          TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(name) );
@@ -150,10 +150,10 @@ index cacdcb3b621..3ae9d175a79 100644
          break;
      default:
 diff --git a/server/process.c b/server/process.c
-index 74675d343b4..ef2452fb8fb 100644
+index 81cea2f1baa..7d2206f2744 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -501,7 +501,7 @@ static void start_sigkill_timer( struct process *process )
+@@ -496,7 +496,7 @@ static void start_sigkill_timer( struct process *process )
  
  /* create a new process and its main thread */
  /* if the function fails the fd is closed */
@@ -162,7 +162,7 @@ index 74675d343b4..ef2452fb8fb 100644
  {
      struct process *process;
      struct thread *thread = NULL;
-@@ -571,7 +571,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+@@ -567,7 +567,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -171,7 +171,7 @@ index 74675d343b4..ef2452fb8fb 100644
          process->affinity = parent->affinity;
      }
      if (!process->handles || !process->token) goto error;
-@@ -1160,6 +1160,7 @@ DECL_HANDLER(new_process)
+@@ -1147,6 +1147,7 @@ DECL_HANDLER(new_process)
      struct startup_info *info;
      struct thread *thread;
      struct process *process;
@@ -179,7 +179,7 @@ index 74675d343b4..ef2452fb8fb 100644
      struct process *parent = current->process;
      int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
      const struct security_descriptor *process_sd = NULL, *thread_sd = NULL;
-@@ -1195,9 +1196,27 @@ DECL_HANDLER(new_process)
+@@ -1182,9 +1183,27 @@ DECL_HANDLER(new_process)
          return;
      }
  
@@ -208,7 +208,7 @@ index 74675d343b4..ef2452fb8fb 100644
          return;
      }
  
-@@ -1205,6 +1224,7 @@ DECL_HANDLER(new_process)
+@@ -1192,6 +1211,7 @@ DECL_HANDLER(new_process)
      if (!(info = alloc_object( &startup_info_ops )))
      {
          close( socket_fd );
@@ -216,7 +216,7 @@ index 74675d343b4..ef2452fb8fb 100644
          return;
      }
      info->exe_file = NULL;
-@@ -1287,7 +1307,7 @@ DECL_HANDLER(new_process)
+@@ -1274,7 +1294,7 @@ DECL_HANDLER(new_process)
          }
      }
  
@@ -225,7 +225,7 @@ index 74675d343b4..ef2452fb8fb 100644
      process = thread->process;
      process->startup_info = (struct startup_info *)grab_object( info );
  
-@@ -1369,6 +1389,7 @@ DECL_HANDLER(new_process)
+@@ -1356,6 +1376,7 @@ DECL_HANDLER(new_process)
      }
  
   done:
@@ -234,10 +234,10 @@ index 74675d343b4..ef2452fb8fb 100644
  }
  
 diff --git a/server/process.h b/server/process.h
-index 262eb59627b..fcb45d8d676 100644
+index 78e88ec350a..313c36ab241 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -115,7 +115,7 @@ struct process_snapshot
+@@ -114,7 +114,7 @@ struct process_snapshot
  extern unsigned int alloc_ptid( void *ptr );
  extern void free_ptid( unsigned int id );
  extern void *get_ptid_entry( unsigned int id );
@@ -247,10 +247,10 @@ index 262eb59627b..fcb45d8d676 100644
  extern struct thread *get_process_first_thread( struct process *process );
  extern struct process *get_process_from_id( process_id_t id );
 diff --git a/server/protocol.def b/server/protocol.def
-index e5b598259f7..7106cdb6f04 100644
+index 1ea129fec08..95513fef6c3 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -767,6 +767,7 @@ struct rawinput_device
+@@ -739,6 +739,7 @@ struct rawinput_device
      data_size_t  info_size;      /* size of startup info */
      data_size_t  env_size;       /* size of the environment */
      data_size_t  process_sd_size;/* size of the process security descriptor */
@@ -259,10 +259,10 @@ index e5b598259f7..7106cdb6f04 100644
      VARARG(env,unicode_str,env_size);                       /* environment for new process */
      VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */
 diff --git a/server/request.c b/server/request.c
-index 83e608917f8..23760cdeb98 100644
+index 6120bc550ff..a648c306496 100644
 --- a/server/request.c
 +++ b/server/request.c
-@@ -571,7 +571,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
+@@ -570,7 +570,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
          int client = accept( get_unix_fd( master_socket->fd ), (struct sockaddr *) &dummy, &len );
          if (client == -1) return;
          fcntl( client, F_SETFL, O_NONBLOCK );
@@ -285,10 +285,10 @@ index 21e90ccf23f..32dfe5f8db9 100644
  static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
  {
 diff --git a/server/token.c b/server/token.c
-index 385ea3bbfda..c507294b49d 100644
+index 49e84362a83..f6b6165d7a9 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -851,6 +851,12 @@ int token_assign_label( struct token *token, PSID label )
+@@ -843,6 +843,12 @@ int token_assign_label( struct token *token, PSID label )
      return ret;
  }
  
@@ -301,7 +301,7 @@ index 385ea3bbfda..c507294b49d 100644
  struct token *token_create_admin( void )
  {
      struct token *token = NULL;
-@@ -1278,6 +1284,11 @@ const SID *token_get_primary_group( struct token *token )
+@@ -1269,6 +1275,11 @@ const SID *token_get_primary_group( struct token *token )
      return token->primary_group;
  }
  
@@ -314,5 +314,5 @@ index 385ea3bbfda..c507294b49d 100644
  {
      GENERIC_MAPPING mapping;
 -- 
-2.13.1
+2.14.2