Release v5.12.1

.github/FUNDING.yml

@@ -1,13 +0,0 @@
-# These are supported funding model platforms
-
-#github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
-#patreon: # Replace with a single Patreon username
-#open_collective: # Replace with a single Open Collective username
-#ko_fi: # Replace with a single Ko-fi username
-#tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
-#community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-#liberapay: # Replace with a single Liberapay username
-#issuehunt: # Replace with a single IssueHunt username
-#otechie: # Replace with a single Otechie username
-
-patreon: winestaging

.github/workflows/macOS.yml

@@ -1,129 +0,0 @@
-name: MacOS
-
-on:
-  push:
-  pull_request:
-  workflow_dispatch:
-
-jobs:
-  wine-staging:
-    runs-on:  macos-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Install dependencies
-        run: |
-          brew update
-          brew install --cask xquartz
-          brew install  bison \
-                        faudio \
-                        gphoto2 \
-                        gst-plugins-base \
-                        jxrlib \
-                        little-cms2 \
-                        mingw-w64 \
-                        molten-vk \
-                        mpg123
-
-      - name: Add bison & krb5 to $PATH
-        run: |
-          set -eu
-          echo "$(brew --prefix bison)/bin" >> $GITHUB_PATH
-          echo "$(brew --prefix krb5)/bin" >> $GITHUB_PATH
-
-      - name: Get upstream-commit
-        run: |
-          mkdir $GITHUB_WORKSPACE/wine
-          cd wine
-          git init
-          git fetch git://source.winehq.org/git/wine.git $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit) --depth=1
-          git checkout $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit)
-
-      - name: Run patchinstall.sh --all
-        run: |
-          $GITHUB_WORKSPACE/patches/patchinstall.sh DESTDIR=$GITHUB_WORKSPACE/wine --all
-
-      - name: Configure wine64
-        env:
-          LDFLAGS: "-Wl,-rpath,/opt/X11/lib"
-          # Avoid weird linker errors with Xcode 10 and later
-          MACOSX_DEPLOYMENT_TARGET: "10.14"
-        run: |
-          cd $GITHUB_WORKSPACE/wine
-          ./configure   --enable-win64 \
-                        --without-alsa \
-                        --without-capi \
-                        --without-dbus \
-                        --without-inotify \
-                        --without-oss \
-                        --without-pulse \
-                        --without-udev \
-                        --without-v4l2 \
-                        --x-include=/opt/X11/include \
-                        --x-lib=/opt/X11/lib
-
-      - name: Build wine64
-        run: |
-          cd $GITHUB_WORKSPACE/wine
-          make -j$(sysctl -n hw.ncpu 2>/dev/null)
-
-  wine-devel:
-    runs-on:  macos-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Install dependencies
-        run: |
-          brew update
-          brew install --cask xquartz
-          brew install  bison \
-                        faudio \
-                        gphoto2 \
-                        gst-plugins-base \
-                        jxrlib \
-                        little-cms2 \
-                        mingw-w64 \
-                        molten-vk \
-                        mpg123
-
-      - name: Add bison & krb5 to $PATH
-        run: |
-          set -eu
-          echo "$(brew --prefix bison)/bin" >> $GITHUB_PATH
-          echo "$(brew --prefix krb5)/bin" >> $GITHUB_PATH
-
-      - name: Get upstream-commit
-        run: |
-          mkdir $GITHUB_WORKSPACE/wine
-          cd wine
-          git init
-          git fetch git://source.winehq.org/git/wine.git $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit) --depth=1
-          git checkout $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit)
-
-      - name: Configure wine64
-        env:
-          LDFLAGS: "-Wl,-rpath,/opt/X11/lib"
-          # Avoid weird linker errors with Xcode 10 and later
-          MACOSX_DEPLOYMENT_TARGET: "10.14"
-        run: |
-          cd $GITHUB_WORKSPACE/wine
-
-          cd $GITHUB_WORKSPACE/wine
-          ./configure   --enable-win64 \
-                        --without-alsa \
-                        --without-capi \
-                        --without-dbus \
-                        --without-inotify \
-                        --without-oss \
-                        --without-pulse \
-                        --without-udev \
-                        --without-v4l2 \
-                        --x-include=/opt/X11/include \
-                        --x-lib=/opt/X11/lib
-
-      - name: Build wine64
-        run: |
-          cd $GITHUB_WORKSPACE/wine
-          make -j$(sysctl -n hw.ncpu 2>/dev/null)

README.md

@@ -79,32 +79,4 @@ Contributing
 
 For information on contributing to Wine-Staging, please see
 <https://wiki.winehq.org/Wine-Staging_Contributing>. Note that GitHub pull
-requests are strongly dispreferred, especially for patches.
-
-Donations
----------
-
-wine-staging is a large set of experimental patches which provide various
-improvements to WINE, but are not quite suitable for upstreaming. This set of
-patches has been continuously managed for many years by a small group of
-volunteers. The way this works is that we often review patches attached to
-various bug reports found at https://bugs.winehq.org/ which may fix bugs, but
-may not be quite suitable to be upstreamed due to needing some cleanup or more
-proper implementation. In the event that this happens, we add the patches to
-wine-staging instead, and keep them updated and maintained as well as attempt to
-clean them up to be upstreamed. We also both write and verify patches which fix
-various bugs that may not have patches, and in turn allow them run better using
-WINE. This includes testing on various hardware, games, and applications.
-
-Any expenses for applications, games, or hardware which we do not own comes out
-of pocket. In order to alleviate these expenses, we are now accepting donations.
-This in turn allows us to continue to perform testing, provide fixes, and get
-them upstreamed, ultimately aiming to provide a better experience for all WINE
-users. All of our work is provided publicly for free and can be found at
-<https://github.com/wine-staging/wine-staging>. We do not expect to be paid for
-any of the work provided, nor will donators receive any special benefits or
-compensation.
-
-Donations are recieved through Patreon. Anyone interested may donate here:
-
-https://www.patreon.com/winestaging
+requests are strongly dispreferred, especially for patches.

patches/Compiler_Warnings/0026-dwrite-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,4 +1,4 @@
-From b51fdc7e211f676d169c937209bf689e57252c5d Mon Sep 17 00:00:00 2001
+From 7529755fcc41fda650aac6b27f34438354435d34 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:58:40 +0100
 Subject: [PATCH] dwrite: Avoid implicit cast of interface pointer.
@@ -9,10 +9,10 @@ Subject: [PATCH] dwrite: Avoid implicit cast of interface pointer.
  2 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/dlls/dwrite/font.c b/dlls/dwrite/font.c
-index aa51c744297..7cad015480f 100644
+index 9280b5d32..2f0974a4c 100644
 --- a/dlls/dwrite/font.c
 +++ b/dlls/dwrite/font.c
-@@ -2130,7 +2130,7 @@ static struct dwrite_font *unsafe_impl_from_IDWriteFont(IDWriteFont *iface)
+@@ -1887,7 +1887,7 @@ static struct dwrite_font *unsafe_impl_from_IDWriteFont(IDWriteFont *iface)
      if (!iface)
          return NULL;
      assert(iface->lpVtbl == (IDWriteFontVtbl*)&dwritefontvtbl);
@@ -21,7 +21,7 @@ index aa51c744297..7cad015480f 100644
  }
  
  struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace *iface)
-@@ -2138,7 +2138,7 @@ struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace *iface)
+@@ -1895,7 +1895,7 @@ struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace *iface)
      if (!iface)
          return NULL;
      assert(iface->lpVtbl == (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
@@ -31,10 +31,10 @@ index aa51c744297..7cad015480f 100644
  
  static struct dwrite_fontfacereference *unsafe_impl_from_IDWriteFontFaceReference(IDWriteFontFaceReference *iface)
 diff --git a/dlls/dwrite/layout.c b/dlls/dwrite/layout.c
-index 1f6201a6a93..35791d5c22e 100644
+index b9321157a..76ea23ba6 100644
 --- a/dlls/dwrite/layout.c
 +++ b/dlls/dwrite/layout.c
-@@ -5886,7 +5886,7 @@ static const IDWriteTextFormat3Vtbl dwritetextformatvtbl =
+@@ -5895,7 +5895,7 @@ static const IDWriteTextFormat3Vtbl dwritetextformatvtbl =
  static struct dwrite_textformat *unsafe_impl_from_IDWriteTextFormat(IDWriteTextFormat *iface)
  {
      return (iface->lpVtbl == (IDWriteTextFormatVtbl*)&dwritetextformatvtbl) ?
@@ -42,7 +42,7 @@ index 1f6201a6a93..35791d5c22e 100644
 +        CONTAINING_RECORD((IDWriteTextFormat3 *)iface, struct dwrite_textformat, IDWriteTextFormat3_iface) : NULL;
  }
  
- HRESULT create_textformat(const WCHAR *family_name, IDWriteFontCollection *collection, DWRITE_FONT_WEIGHT weight,
+ HRESULT create_textformat(const WCHAR *family_name, IDWriteFontCollection *collection, DWRITE_FONT_WEIGHT weight, DWRITE_FONT_STYLE style,
 -- 
-2.29.2
+2.24.0
 

patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch

@@ -1,61 +1,49 @@
-From e51b05c3a9d03e4dd84a107a30841d95f8a519c3 Mon Sep 17 00:00:00 2001
+From aa9cb874b1fb89601d6a5a735b442b8a7aa7b3aa Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
-Subject: [PATCH] ntdll: Print a warning message specifying the wine-staging
- branch name and version.
+Subject: [PATCH] kernel32: Add winediag message to show warning, that this
+ isn't vanilla wine.
 
 ---
- dlls/ntdll/loader.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
+ dlls/kernel32/process.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
 
-diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index ee453700e51..c2d4b3c2f86 100644
---- a/dlls/ntdll/loader.c
-+++ b/dlls/ntdll/loader.c
-@@ -44,6 +44,7 @@ WINE_DECLARE_DEBUG_CHANNEL(relay);
- WINE_DECLARE_DEBUG_CHANNEL(snoop);
- WINE_DECLARE_DEBUG_CHANNEL(loaddll);
- WINE_DECLARE_DEBUG_CHANNEL(imports);
+diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
+index 8f506fcf1320..45bfe7fe7b5d 100644
+--- a/dlls/kernel32/process.c
++++ b/dlls/kernel32/process.c
+@@ -60,6 +60,7 @@
+ 
+ WINE_DEFAULT_DEBUG_CHANNEL(process);
+ WINE_DECLARE_DEBUG_CHANNEL(relay);
 +WINE_DECLARE_DEBUG_CHANNEL(winediag);
  
- #ifdef _WIN64
- #define DEFAULT_SECURITY_COOKIE_64  (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
-@@ -3307,6 +3308,7 @@ void WINAPI LdrShutdownProcess(void)
-     process_detach();
+ typedef struct
+ {
+@@ -125,6 +126,7 @@ static inline DWORD call_process_entry( PEB *peb, LPTHREAD_START_ROUTINE entry )
  }
+ #endif
  
 +extern const char * CDECL wine_get_version(void);
+ /***********************************************************************
+  *           __wine_start_process
+  *
+@@ -150,6 +152,15 @@ void CDECL __wine_start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
  
- /******************************************************************
-  *		RtlExitUserProcess (NTDLL.@)
-@@ -3673,6 +3675,9 @@ static void init_wow64(void)
-  */
- void WINAPI LdrInitializeThunk( CONTEXT *context, ULONG_PTR unknown2, ULONG_PTR unknown3, ULONG_PTR unknown4 )
- {
-+    OBJECT_ATTRIBUTES staging_event_attr;
-+    UNICODE_STRING staging_event_string;
-+    HANDLE staging_event;
-     static int attach_done;
-     int i;
-     NTSTATUS status;
-@@ -3753,6 +3758,17 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, ULONG_PTR unknown2, ULONG_PTR
-     }
-     else wm = get_modref( NtCurrentTeb()->Peb->ImageBaseAddress );
- 
-+    RtlInitUnicodeString( &staging_event_string, L"\\__wine_staging_warn_event" );
-+    InitializeObjectAttributes( &staging_event_attr, &staging_event_string, OBJ_OPENIF, NULL, NULL );
-+    if (NtCreateEvent( &staging_event, EVENT_ALL_ACCESS, &staging_event_attr, NotificationEvent, FALSE ) == STATUS_SUCCESS)
-+    {
-+        FIXME_(winediag)("wine-staging %s is a testing version containing experimental patches.\n", wine_get_version());
-+        FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
-+    }
-+    else
-+        WARN_(winediag)("wine-staging %s is a testing version containing experimental patches.\n", wine_get_version());
+     __TRY
+     {
++        if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
++        {
++            FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
++            FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
++        }
++        else
++            WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
 +
-     RtlAcquirePebLock();
-     InsertHeadList( &tls_links, &NtCurrentTeb()->TlsLinks );
-     RtlReleasePebLock();
+         if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
+             being_debugged = FALSE;
+ 
 -- 
-2.30.2
+2.26.2
 

patches/Staging/0002-winelib-Append-Staging-at-the-end-of-the-version-s.patch

@@ -1,25 +1,39 @@
-From cfcc687562d4fa68b507cbf2c29722ef523d26aa Mon Sep 17 00:00:00 2001
+From c097870c69720ece3874ad4ff987408a8c24ffb2 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:53:46 +0200
 Subject: [PATCH] winelib: Append '(Staging)' at the end of the version string.
 
 ---
- Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ dlls/ntdll/Makefile.in | 2 +-
+ libs/wine/Makefile.in  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
 
-diff --git a/Makefile.in b/Makefile.in
-index b52495f741f..d5a8cad20da 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -116,7 +116,7 @@ install-manpages:: manpages
- # Rules for generated source files
+diff --git a/dlls/ntdll/Makefile.in b/dlls/ntdll/Makefile.in
+index ebf607e9d43..de93445d4e3 100644
+--- a/dlls/ntdll/Makefile.in
++++ b/dlls/ntdll/Makefile.in
+@@ -69,7 +69,7 @@ server_EXTRADEFS = \
+ 	-DBIN_TO_DATADIR=\"`$(MAKEDEP) -R ${bindir} ${datadir}/wine`\"
  
- dlls/ntdll/unix/version.c: dummy
--	@version=`(GIT_DIR=$(srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || ($(RM) $@ && exit 1)
-+	@version=`(GIT_DIR=$(srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1 (Staging)";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
+ unix/version.c: dummy
+-	version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
++	version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1 (Staging)";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
  
- programs/winetest/build.rc: dummy
- 	@build="STRINGTABLE { 1 \"`GIT_DIR=$(srcdir)/.git git rev-parse HEAD 2>/dev/null`\" }" && (echo $$build | cmp -s - $@) || echo $$build >$@ || (rm -f $@ && exit 1)
+ dummy:
+ .PHONY: dummy
+diff --git a/libs/wine/Makefile.in b/libs/wine/Makefile.in
+index fe2a2b45e58..1e55a6b1f46 100644
+--- a/libs/wine/Makefile.in
++++ b/libs/wine/Makefile.in
+@@ -100,7 +100,7 @@ libwine_LDFLAGS = $(LIBWINE_LDFLAGS)
+ libwine_DEPS = $(LIBWINE_DEPENDS)
+ 
+ version.c: dummy
+-	version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
++	version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1  (Staging)";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
+ 
+ dummy:
+ .PHONY: dummy
 -- 
-2.20.1
+2.26.2
 

patches/Staging/0003-loader-Add-commandline-option-patches-to-show-the-pa.patch

@@ -0,0 +1,117 @@
+From 599c50c9e339fe04e96fdb665b3d7ccb1a7708b7 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Thu, 29 May 2014 23:43:45 +0200
+Subject: [PATCH] loader: Add commandline option --patches to show the patch
+ list.
+
+---
+ include/wine/library.h |  1 +
+ libs/wine/config.c     |  6 ++++++
+ libs/wine/wine.map     |  1 +
+ loader/main.c          | 42 +++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 49 insertions(+), 1 deletion(-)
+
+diff --git a/include/wine/library.h b/include/wine/library.h
+index 090b8349559..b8a4a2df576 100644
+--- a/include/wine/library.h
++++ b/include/wine/library.h
+@@ -42,6 +42,7 @@ extern "C" {
+ /* configuration */
+ 
+ extern const char *wine_get_version(void);
++extern const void *wine_get_patches(void);
+ extern const char *wine_get_build_id(void);
+ extern void wine_init_argv0_path( const char *argv0 );
+ extern void wine_exec_wine_binary( const char *name, char **argv, const char *env_var );
+diff --git a/libs/wine/config.c b/libs/wine/config.c
+index f5b4c0de9af..e52739d55ad 100644
+--- a/libs/wine/config.c
++++ b/libs/wine/config.c
+@@ -515,6 +515,12 @@ const char *wine_get_version(void)
+     return PACKAGE_VERSION;
+ }
+ 
++/* return the applied non-standard patches */
++const void *wine_get_patches(void)
++{
++    return NULL;
++}
++
+ /* return the build id string */
+ const char *wine_get_build_id(void)
+ {
+diff --git a/libs/wine/wine.map b/libs/wine/wine.map
+index 1143b129734..55f874d3e74 100644
+--- a/libs/wine/wine.map
++++ b/libs/wine/wine.map
+@@ -13,6 +13,7 @@ WINE_1.0
+     wine_exec_wine_binary;
+     wine_get_build_id;
+     wine_get_version;
++    wine_get_patches;
+     wine_init;
+     wine_init_argv0_path;
+     wine_mmap_add_reserved_area;
+diff --git a/loader/main.c b/loader/main.c
+index 0e6b6f66b50..24bcfff8c4c 100644
+--- a/loader/main.c
++++ b/loader/main.c
+@@ -55,7 +55,8 @@ static void check_command_line( int argc, char *argv[] )
+     static const char usage[] =
+         "Usage: wine PROGRAM [ARGUMENTS...]   Run the specified program\n"
+         "       wine --help                   Display this help and exit\n"
+-        "       wine --version                Output version information and exit";
++        "       wine --version                Output version information and exit\n"
++        "       wine --patches                Output patch information and exit";
+ 
+     if (argc <= 1)
+     {
+@@ -72,6 +73,45 @@ static void check_command_line( int argc, char *argv[] )
+         printf( "%s\n", wine_get_build_id() );
+         exit(0);
+     }
++    if (!strcmp( argv[1], "--patches" ))
++    {
++        const struct
++        {
++            const char *author;
++            const char *subject;
++            int revision;
++        }
++        *next, *cur = wine_get_patches();
++
++        if (!cur)
++        {
++            fprintf( stderr, "Patchlist not available.\n" );
++            exit(1);
++        }
++
++        while (cur->author)
++        {
++            next = cur + 1;
++            while (next->author)
++            {
++                if (strcmp( cur->author, next->author )) break;
++                next++;
++            }
++
++            printf( "%s (%d):\n", cur->author, (int)(next - cur) );
++            while (cur < next)
++            {
++                printf( "      %s", cur->subject );
++                if (cur->revision != 1)
++                    printf( " [rev %d]", cur->revision );
++                printf( "\n" );
++                cur++;
++            }
++            printf( "\n" );
++        }
++
++        exit(0);
++    }
+ }
+ 
+ 
+-- 
+2.26.2
+

patches/advapi32-CreateRestrictedToken/0001-ntdll-Implement-NtFilterToken.patch

@@ -0,0 +1,315 @@
+From 1eb8acd819f9eee8fdf154d0ef43881008265916 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Fri, 4 Aug 2017 02:33:14 +0200
+Subject: ntdll: Implement NtFilterToken.
+
+---
+ dlls/ntdll/nt.c       | 59 ++++++++++++++++++++++++++++++++++++
+ dlls/ntdll/ntdll.spec |  2 +-
+ include/winnt.h       |  5 +++
+ include/winternl.h    |  1 +
+ server/process.c      |  2 +-
+ server/protocol.def   | 10 ++++++
+ server/security.h     |  4 ++-
+ server/token.c        | 84 +++++++++++++++++++++++++++++++++++++++++++++++++--
+ 8 files changed, 162 insertions(+), 5 deletions(-)
+
+diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
+index c3f5df3..59a08de 100644
+--- a/dlls/ntdll/nt.c
++++ b/dlls/ntdll/nt.c
+@@ -119,6 +119,65 @@ NTSTATUS WINAPI NtDuplicateToken(
+ }
+ 
+ /******************************************************************************
++ *  NtFilterToken        [NTDLL.@]
++ *  ZwFilterToken        [NTDLL.@]
++ */
++NTSTATUS WINAPI NtFilterToken( HANDLE token, ULONG flags, TOKEN_GROUPS *disable_sids,
++                               TOKEN_PRIVILEGES *privileges, TOKEN_GROUPS *restrict_sids,
++                               HANDLE *new_token )
++{
++    data_size_t privileges_len = 0;
++    data_size_t sids_len = 0;
++    SID *sids = NULL;
++    NTSTATUS status;
++
++    TRACE( "(%p, 0x%08x, %p, %p, %p, %p)\n", token, flags, disable_sids, privileges,
++           restrict_sids, new_token );
++
++    if (flags)
++        FIXME( "flags %x unsupported\n", flags );
++
++    if (restrict_sids)
++        FIXME( "support for restricting sids not yet implemented\n" );
++
++    if (privileges)
++        privileges_len = privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
++
++    if (disable_sids)
++    {
++        DWORD len, i;
++        BYTE *tmp;
++
++        for (i = 0; i < disable_sids->GroupCount; i++)
++            sids_len += RtlLengthSid( disable_sids->Groups[i].Sid );
++
++        sids = RtlAllocateHeap( GetProcessHeap(), 0, sids_len );
++        if (!sids) return STATUS_NO_MEMORY;
++
++        for (i = 0, tmp = (BYTE *)sids; i < disable_sids->GroupCount; i++, tmp += len)
++        {
++            len = RtlLengthSid( disable_sids->Groups[i].Sid );
++            memcpy( tmp, disable_sids->Groups[i].Sid, len );
++        }
++    }
++
++    SERVER_START_REQ( filter_token )
++    {
++        req->handle          = wine_server_obj_handle( token );
++        req->flags           = flags;
++        req->privileges_size = privileges_len;
++        wine_server_add_data( req, privileges->Privileges, privileges_len );
++        wine_server_add_data( req, sids, sids_len );
++        status = wine_server_call( req );
++        if (!status) *new_token = wine_server_ptr_handle( reply->new_handle );
++    }
++    SERVER_END_REQ;
++
++    RtlFreeHeap( GetProcessHeap(), 0, sids );
++    return status;
++}
++
++/******************************************************************************
+  *  NtOpenProcessToken		[NTDLL.@]
+  *  ZwOpenProcessToken		[NTDLL.@]
+  */
+diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
+index c260b0d..3c5e69c 100644
+--- a/dlls/ntdll/ntdll.spec
++++ b/dlls/ntdll/ntdll.spec
+@@ -176,7 +176,7 @@
+ # @ stub NtEnumerateSystemEnvironmentValuesEx
+ @ stdcall NtEnumerateValueKey(long long long ptr long ptr)
+ @ stub NtExtendSection
+-# @ stub NtFilterToken
++@ stdcall NtFilterToken(long long ptr ptr ptr ptr)
+ @ stdcall NtFindAtom(ptr long ptr)
+ @ stdcall NtFlushBuffersFile(long ptr)
+ @ stdcall NtFlushInstructionCache(long ptr long)
+diff --git a/include/winnt.h b/include/winnt.h
+index 16d96d8..4e238f9 100644
+--- a/include/winnt.h
++++ b/include/winnt.h
+@@ -3904,6 +3904,11 @@ typedef enum _TOKEN_INFORMATION_CLASS {
+ 					TOKEN_ADJUST_SESSIONID | \
+ 					TOKEN_ADJUST_DEFAULT )
+ 
++#define DISABLE_MAX_PRIVILEGE 0x1
++#define SANDBOX_INERT         0x2
++#define LUA_TOKEN             0x4
++#define WRITE_RESTRICTED      0x8
++
+ #ifndef _SECURITY_DEFINED
+ #define _SECURITY_DEFINED
+ 
+diff --git a/include/winternl.h b/include/winternl.h
+index c84e6d7..288f93e 100644
+--- a/include/winternl.h
++++ b/include/winternl.h
+@@ -2303,6 +2303,7 @@ NTSYSAPI NTSTATUS  WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES
+ NTSYSAPI NTSTATUS  WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
+ NTSYSAPI NTSTATUS  WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
+ NTSYSAPI NTSTATUS  WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER);
++NTSYSAPI NTSTATUS  WINAPI NtFilterToken(HANDLE,ULONG,TOKEN_GROUPS*,TOKEN_PRIVILEGES*,TOKEN_GROUPS*,HANDLE*);
+ NTSYSAPI NTSTATUS  WINAPI NtFindAtom(const WCHAR*,ULONG,RTL_ATOM*);
+ NTSYSAPI NTSTATUS  WINAPI NtFlushBuffersFile(HANDLE,IO_STATUS_BLOCK*);
+ NTSYSAPI NTSTATUS  WINAPI NtFlushInstructionCache(HANDLE,LPCVOID,SIZE_T);
+diff --git a/server/process.c b/server/process.c
+index f8739d0..71d9d6d 100644
+--- a/server/process.c
++++ b/server/process.c
+@@ -566,7 +566,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+                                        : alloc_handle_table( process, 0 );
+         /* Note: for security reasons, starting a new process does not attempt
+          * to use the current impersonation token for the new process */
+-        process->token = token_duplicate( parent->token, TRUE, 0, NULL );
++        process->token = token_duplicate( parent->token, TRUE, 0, NULL, NULL, 0, NULL, 0 );
+         process->affinity = parent->affinity;
+     }
+     if (!process->handles || !process->token) goto error;
+diff --git a/server/protocol.def b/server/protocol.def
+index 35824ae..6ee6d28 100644
+--- a/server/protocol.def
++++ b/server/protocol.def
+@@ -3356,6 +3356,16 @@ enum caret_state
+     obj_handle_t  new_handle; /* duplicated handle */
+ @END
+ 
++@REQ(filter_token)
++    obj_handle_t  handle;          /* handle to the token to duplicate */
++    unsigned int  flags;           /* flags */
++    data_size_t   privileges_size; /* size of privileges */
++    VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); /* privileges to remove from new token */
++    VARARG(disable_sids,SID);      /* array of groups to remove from new token */
++@REPLY
++    obj_handle_t  new_handle;      /* filtered handle */
++@END
++
+ @REQ(access_check)
+     obj_handle_t    handle; /* handle to the token */
+     unsigned int    desired_access; /* desired access to the object */
+diff --git a/server/security.h b/server/security.h
+index 873bbc6..bc4a8f6 100644
+--- a/server/security.h
++++ b/server/security.h
+@@ -55,7 +55,9 @@ extern const PSID security_high_label_sid;
+ extern struct token *token_create_admin(void);
+ extern int token_assign_label( struct token *token, PSID label );
+ extern struct token *token_duplicate( struct token *src_token, unsigned primary,
+-                                      int impersonation_level, const struct security_descriptor *sd );
++                                      int impersonation_level, const struct security_descriptor *sd,
++                                      const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
++                                      const SID *filter_groups, unsigned int group_count );
+ extern int token_check_privileges( struct token *token, int all_required,
+                                    const LUID_AND_ATTRIBUTES *reqprivs,
+                                    unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
+diff --git a/server/token.c b/server/token.c
+index 0810a61..2f6a467 100644
+--- a/server/token.c
++++ b/server/token.c
+@@ -276,6 +276,19 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
+     return TRUE;
+ }
+ 
++static unsigned int get_sid_count( const SID *sid, data_size_t size )
++{
++    unsigned int count;
++
++    for (count = 0; size >= sizeof(SID) && security_sid_len( sid ) <= size; count++)
++    {
++        size -= security_sid_len( sid );
++        sid = (const SID *)((char *)sid + security_sid_len( sid ));
++    }
++
++    return count;
++}
++
+ /* checks whether all members of a security descriptor fit inside the size
+  * of memory specified */
+ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
+@@ -619,8 +632,36 @@ static struct token *create_token( unsigned primary, const SID *user,
+     return token;
+ }
+ 
++static int filter_group( struct group *group, const SID *filter, unsigned int count )
++{
++    unsigned int i;
++
++    for (i = 0; i < count; i++)
++    {
++        if (security_equal_sid( &group->sid, filter )) return 1;
++        filter = (const SID *)((char *)filter + security_sid_len( filter ));
++    }
++
++    return 0;
++}
++
++static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBUTES *filter, unsigned int count )
++{
++    unsigned int i;
++
++    for (i = 0; i < count; i++)
++    {
++        if (!memcmp( &privilege->luid, &filter[i].Luid, sizeof(LUID) ))
++            return 1;
++    }
++
++    return 0;
++}
++
+ struct token *token_duplicate( struct token *src_token, unsigned primary,
+-                               int impersonation_level, const struct security_descriptor *sd )
++                               int impersonation_level, const struct security_descriptor *sd,
++                               const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
++                               const SID *filter_groups, unsigned int group_count)
+ {
+     const luid_t *modified_id =
+         primary || (impersonation_level == src_token->impersonation_level) ?
+@@ -656,6 +697,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+             return NULL;
+         }
+         memcpy( newgroup, group, size );
++        if (filter_group( group, filter_groups, group_count ))
++        {
++            newgroup->enabled = 0;
++            newgroup->def = 0;
++            newgroup->deny_only = 1;
++        }
+         list_add_tail( &token->groups, &newgroup->entry );
+         if (src_token->primary_group == &group->sid)
+         {
+@@ -667,11 +714,14 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+ 
+     /* copy privileges */
+     LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
++    {
++        if (filter_privilege( privilege, filter_privileges, priv_count )) continue;
+         if (!privilege_add( token, &privilege->luid, privilege->enabled ))
+         {
+             release_object( token );
+             return NULL;
+         }
++    }
+ 
+     if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
+                             DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
+@@ -1304,7 +1354,7 @@ DECL_HANDLER(duplicate_token)
+                                                      TOKEN_DUPLICATE,
+                                                      &token_ops )))
+     {
+-        struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd );
++        struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd, NULL, 0, NULL, 0 );
+         if (token)
+         {
+             reply->new_handle = alloc_handle_no_access_check( current->process, token, req->access, objattr->attributes );
+@@ -1314,6 +1364,36 @@ DECL_HANDLER(duplicate_token)
+     }
+ }
+ 
++/* creates a restricted version of a token */
++DECL_HANDLER(filter_token)
++{
++    struct token *src_token;
++
++    if ((src_token = (struct token *)get_handle_obj( current->process, req->handle,
++                                                     TOKEN_DUPLICATE,
++                                                     &token_ops )))
++    {
++        const LUID_AND_ATTRIBUTES *filter_privileges = get_req_data();
++        unsigned int priv_count, group_count;
++        const SID *filter_groups;
++        struct token *token;
++
++        priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(LUID_AND_ATTRIBUTES);
++        filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(LUID_AND_ATTRIBUTES));
++        group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
++
++        token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
++                                 filter_privileges, priv_count, filter_groups, group_count );
++        if (token)
++        {
++            unsigned int access = get_handle_access( current->process, req->handle );
++            reply->new_handle = alloc_handle_no_access_check( current->process, token, access, 0 );
++            release_object( token );
++        }
++        release_object( src_token );
++    }
++}
++
+ /* checks the specified privileges are held by the token */
+ DECL_HANDLER(check_token_privileges)
+ {
+-- 
+2.7.4
+

patches/advapi32-CreateRestrictedToken/0002-advapi32-Implement-CreateRestrictedToken.patch

@@ -0,0 +1,132 @@
+From 3c1f5962482e7acf531f57f49d923d9c4e5278b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Fri, 4 Aug 2017 02:51:57 +0200
+Subject: [PATCH] advapi32: Implement CreateRestrictedToken.
+
+---
+ dlls/kernelbase/security.c | 103 ++++++++++++++++++++++++++++++-------
+ 1 file changed, 84 insertions(+), 19 deletions(-)
+
+diff --git a/dlls/kernelbase/security.c b/dlls/kernelbase/security.c
+index 2e75e81ed77..97f6ee6a2fd 100644
+--- a/dlls/kernelbase/security.c
++++ b/dlls/kernelbase/security.c
+@@ -592,31 +592,96 @@ exit:
+     return ret;
+ }
+ 
++static BOOL allocate_groups(TOKEN_GROUPS **groups_ret, SID_AND_ATTRIBUTES *sids, DWORD count)
++{
++    TOKEN_GROUPS *groups;
++    DWORD i;
++
++    if (!count)
++    {
++        *groups_ret = NULL;
++        return TRUE;
++    }
++
++    groups = (TOKEN_GROUPS *)heap_alloc(FIELD_OFFSET(TOKEN_GROUPS, Groups) +
++                                        count * sizeof(SID_AND_ATTRIBUTES));
++    if (!groups)
++    {
++        SetLastError(ERROR_OUTOFMEMORY);
++        return FALSE;
++    }
++
++    groups->GroupCount = count;
++    for (i = 0; i < count; i++)
++        groups->Groups[i] = sids[i];
++
++    *groups_ret = groups;
++    return TRUE;
++}
++
++static BOOL allocate_privileges(TOKEN_PRIVILEGES **privileges_ret, LUID_AND_ATTRIBUTES *privs, DWORD count)
++{
++    TOKEN_PRIVILEGES *privileges;
++    DWORD i;
++
++    if (!count)
++    {
++        *privileges_ret = NULL;
++        return TRUE;
++    }
++
++    privileges = (TOKEN_PRIVILEGES *)heap_alloc(FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) +
++                                                count * sizeof(LUID_AND_ATTRIBUTES));
++    if (!privileges)
++    {
++        SetLastError(ERROR_OUTOFMEMORY);
++        return FALSE;
++    }
++
++    privileges->PrivilegeCount = count;
++    for (i = 0; i < count; i++)
++        privileges->Privileges[i] = privs[i];
++
++    *privileges_ret = privileges;
++    return TRUE;
++}
++
+ /*************************************************************************
+  * CreateRestrictedToken    (kernelbase.@)
+  */
+-BOOL WINAPI CreateRestrictedToken( HANDLE token, DWORD flags,
+-                                   DWORD disable_count, PSID_AND_ATTRIBUTES disable_sids,
+-                                   DWORD delete_count, PLUID_AND_ATTRIBUTES delete_privs,
+-                                   DWORD restrict_count, PSID_AND_ATTRIBUTES restrict_sids, PHANDLE ret )
++BOOL WINAPI CreateRestrictedToken( HANDLE baseToken, DWORD flags,
++                                   DWORD nDisableSids, PSID_AND_ATTRIBUTES disableSids,
++                                   DWORD nDeletePrivs, PLUID_AND_ATTRIBUTES deletePrivs,
++                                   DWORD nRestrictSids, PSID_AND_ATTRIBUTES restrictSids, PHANDLE newToken )
+ {
+-    TOKEN_TYPE type;
+-    SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
+-    DWORD size;
++    TOKEN_PRIVILEGES *delete_privs = NULL;
++    TOKEN_GROUPS *disable_groups = NULL;
++    TOKEN_GROUPS *restrict_sids = NULL;
++    BOOL ret = FALSE;
+ 
+-    FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
+-          token, flags, disable_count, disable_sids, delete_count, delete_privs,
+-          restrict_count, restrict_sids, ret );
++    TRACE("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p)\n",
++          baseToken, flags, nDisableSids, disableSids,
++          nDeletePrivs, deletePrivs,
++          nRestrictSids, restrictSids,
++          newToken);
++
++    if (!allocate_groups(&disable_groups, disableSids, nDisableSids))
++        goto done;
++
++    if (!allocate_privileges(&delete_privs, deletePrivs, nDeletePrivs))
++        goto done;
++
++    if (!allocate_groups(&restrict_sids, restrictSids, nRestrictSids))
++        goto done;
++
++    ret = set_ntstatus(NtFilterToken(baseToken, flags, disable_groups, delete_privs, restrict_sids, newToken));
++
++done:
++    heap_free(disable_groups);
++    heap_free(delete_privs);
++    heap_free(restrict_sids);
++    return ret;
+ 
+-    size = sizeof(type);
+-    if (!GetTokenInformation( token, TokenType, &type, size, &size )) return FALSE;
+-    if (type == TokenImpersonation)
+-    {
+-        size = sizeof(level);
+-        if (!GetTokenInformation( token, TokenImpersonationLevel, &level, size, &size ))
+-            return FALSE;
+-    }
+-    return DuplicateTokenEx( token, MAXIMUM_ALLOWED, NULL, level, type, ret );
+ }
+ 
+ /******************************************************************************
+-- 
+2.20.1
+

patches/advapi32-CreateRestrictedToken/definition

@@ -0,0 +1 @@
+Fixes: [25834] Implement advapi32.CreateRestrictedToken

patches/advapi32-LsaLookupPrivilegeName/0002-advapi32-Use-TRACE-for-LsaOpenPolicy-LsaClose.patch

@@ -0,0 +1,34 @@
+From 1941137bff72a2297812bbd05fb6f6a1578426b0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Sun, 5 Mar 2017 23:05:54 +0100
+Subject: advapi32: Use TRACE for LsaOpenPolicy/LsaClose.
+
+---
+ dlls/advapi32/lsa.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
+index e5e3b1649c0..0f2167d19ab 100644
+--- a/dlls/advapi32/lsa.c
++++ b/dlls/advapi32/lsa.c
+@@ -136,7 +136,7 @@ NTSTATUS WINAPI LsaAddAccountRights(
+  */
+ NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
+ {
+-    FIXME("(%p) stub\n", ObjectHandle);
++    TRACE("(%p) semi-stub\n", ObjectHandle);
+     return STATUS_SUCCESS;
+ }
+ 
+@@ -687,7 +687,7 @@ NTSTATUS WINAPI LsaOpenPolicy(
+     IN ACCESS_MASK DesiredAccess,
+     IN OUT PLSA_HANDLE PolicyHandle)
+ {
+-    FIXME("(%s,%p,0x%08x,%p) stub\n",
++    TRACE("(%s,%p,0x%08x,%p) semi-stub\n",
+           SystemName?debugstr_w(SystemName->Buffer):"(null)",
+           ObjectAttributes, DesiredAccess, PolicyHandle);
+ 
+-- 
+2.11.0
+

patches/advapi32-Token_Integrity_Level/0002-server-Implement-token-elevation-information.patch

@@ -0,0 +1,136 @@
+From c8dc0ec6406e8449b59c219ede2e9bd88d8a56fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Sat, 5 Aug 2017 00:26:03 +0200
+Subject: [PATCH] server: Implement token elevation information.
+
+---
+ dlls/ntdll/nt.c     | 16 ++++++++++++----
+ server/protocol.def |  8 ++++++++
+ server/token.c      | 22 +++++++++++++++++++---
+ 3 files changed, 39 insertions(+), 7 deletions(-)
+
+diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
+index cd271fde9c..b1dd999cf5 100644
+--- a/dlls/ntdll/nt.c
++++ b/dlls/ntdll/nt.c
+@@ -625,18 +625,26 @@ NTSTATUS WINAPI NtQueryInformationToken(
+         SERVER_END_REQ;
+         break;
+     case TokenElevationType:
++        SERVER_START_REQ( get_token_elevation_type )
+         {
+             TOKEN_ELEVATION_TYPE *elevation_type = tokeninfo;
+-            FIXME("QueryInformationToken( ..., TokenElevationType, ...) semi-stub\n");
+-            *elevation_type = TokenElevationTypeFull;
++            req->handle = wine_server_obj_handle( token );
++            status = wine_server_call( req );
++            if (status == STATUS_SUCCESS)
++                *elevation_type = reply->elevation;
+         }
++        SERVER_END_REQ;
+         break;
+     case TokenElevation:
++        SERVER_START_REQ( get_token_elevation_type )
+         {
+             TOKEN_ELEVATION *elevation = tokeninfo;
+-            FIXME("QueryInformationToken( ..., TokenElevation, ...) semi-stub\n");
+-            elevation->TokenIsElevated = TRUE;
++            req->handle = wine_server_obj_handle( token );
++            status = wine_server_call( req );
++            if (status == STATUS_SUCCESS)
++                elevation->TokenIsElevated = (reply->elevation == TokenElevationTypeFull);
+         }
++        SERVER_END_REQ;
+         break;
+     case TokenSessionId:
+         {
+diff --git a/server/protocol.def b/server/protocol.def
+index 90af9df7f4..93afaabca1 100644
+--- a/server/protocol.def
++++ b/server/protocol.def
+@@ -3643,6 +3643,14 @@ struct handle_info
+ @END
+ 
+ 
++/* Get elevation level of token */
++@REQ(get_token_elevation_type)
++    obj_handle_t   handle;        /* handle to the object */
++@REPLY
++    unsigned int   elevation;     /* elevation level */
++@END
++
++
+ /* Create I/O completion port */
+ @REQ(create_completion)
+     unsigned int access;          /* desired access to a port */
+diff --git a/server/token.c b/server/token.c
+index 6d193603b4..64f20e1b57 100644
+--- a/server/token.c
++++ b/server/token.c
+@@ -112,6 +112,7 @@ struct token
+     ACL           *default_dacl;    /* the default DACL to assign to objects created by this user */
+     TOKEN_SOURCE   source;          /* source of the token */
+     int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
++    TOKEN_ELEVATION_TYPE elevation; /* elevation level */
+ };
+ 
+ struct privilege
+@@ -545,7 +546,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+                                    const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
+                                    const ACL *default_dacl, TOKEN_SOURCE source,
+                                    const luid_t *modified_id,
+-                                   int impersonation_level )
++                                   int impersonation_level, TOKEN_ELEVATION_TYPE elevation )
+ {
+     struct token *token = alloc_object( &token_ops );
+     if (token)
+@@ -567,6 +568,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+             token->impersonation_level = impersonation_level;
+         token->default_dacl = NULL;
+         token->primary_group = NULL;
++        token->elevation = elevation;
+ 
+         /* copy user */
+         token->user = memdup( user, security_sid_len( user ));
+@@ -682,7 +684,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+     token = create_token( primary, src_token->user, NULL, 0,
+                           NULL, 0, src_token->default_dacl,
+                           src_token->source, modified_id,
+-                          impersonation_level );
++                          impersonation_level,
++                          src_token->elevation );
+     if (!token) return token;
+ 
+     /* copy groups */
+@@ -888,7 +891,7 @@ struct token *token_create_admin( void )
+         static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
+         token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
+                               admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
+-                              admin_source, NULL, -1 );
++                              admin_source, NULL, -1, TokenElevationTypeFull );
+         /* we really need a primary group */
+         assert( token->primary_group );
+     }
+@@ -1627,6 +1630,19 @@ DECL_HANDLER(get_token_statistics)
+     }
+ }
+ 
++DECL_HANDLER(get_token_elevation_type)
++{
++    struct token *token;
++
++    if ((token = (struct token *)get_handle_obj( current->process, req->handle,
++                                                 TOKEN_QUERY,
++                                                 &token_ops )))
++    {
++        reply->elevation = token->elevation;
++        release_object( token );
++    }
++}
++
+ DECL_HANDLER(get_token_default_dacl)
+ {
+     struct token *token;
+-- 
+2.19.1
+

patches/advapi32-Token_Integrity_Level/0003-server-Correctly-treat-zero-access-mask-in-duplicate.patch

@@ -0,0 +1,81 @@
+From 7e73f449d158f0d6a6b6b421d073dbaf1741e1c7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 7 Aug 2017 02:22:11 +0200
+Subject: server: Correctly treat zero access mask in duplicate_token
+ wineserver call.
+
+---
+ dlls/advapi32/tests/security.c | 14 +++++++-------
+ server/token.c                 |  3 ++-
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 4a03db27e69..f1a64e29dea 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -7438,7 +7438,7 @@ static void test_token_security_descriptor(void)
+             ret = DuplicateTokenEx(token4, 0, NULL, SecurityImpersonation, TokenImpersonation, &token5);
+             ok(ret, "DuplicateTokenEx failed with error %u\n", GetLastError());
+             ret = SetThreadToken(NULL, token5);
+-            todo_wine ok(ret, "SetThreadToken failed with error %u\n", GetLastError());
++            ok(ret, "SetThreadToken failed with error %u\n", GetLastError());
+             CloseHandle(token4);
+ 
+             /* Restrict current process token while impersonating a medium integrity token */
+@@ -7503,16 +7503,16 @@ static void test_token_security_descriptor(void)
+ 
+             size = 0;
+             ret = GetKernelObjectSecurity(token6, LABEL_SECURITY_INFORMATION, NULL, 0, &size);
+-            todo_wine ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
++            ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
+                "Unexpected GetKernelObjectSecurity return value %u, error %u\n", ret, GetLastError());
+ 
+             sd3 = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
+             ret = GetKernelObjectSecurity(token6, LABEL_SECURITY_INFORMATION, sd3, size, &size);
+-            todo_wine ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
++            ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
+ 
+             sacl = NULL;
+             ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
+-            todo_wine ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
++            ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
+             todo_wine ok(present, "No SACL in the security descriptor\n");
+             todo_wine ok(sacl != NULL, "NULL SACL in the security descriptor\n");
+ 
+@@ -7606,16 +7606,16 @@ static void test_token_security_descriptor(void)
+ 
+         size = 0;
+         ret = GetKernelObjectSecurity(token4, LABEL_SECURITY_INFORMATION, NULL, 0, &size);
+-        todo_wine ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
++        ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
+            "Unexpected GetKernelObjectSecurity return value %u, error %u\n", ret, GetLastError());
+ 
+         sd3 = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
+         ret = GetKernelObjectSecurity(token4, LABEL_SECURITY_INFORMATION, sd3, size, &size);
+-        todo_wine ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
++        ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
+ 
+         sacl = NULL;
+         ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
+-        todo_wine ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
++        ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
+         todo_wine ok(present, "No SACL in the security descriptor\n");
+         todo_wine ok(sacl != NULL, "NULL SACL in the security descriptor\n");
+ 
+diff --git a/server/token.c b/server/token.c
+index 6a1085bae12..292e1df80fd 100644
+--- a/server/token.c
++++ b/server/token.c
+@@ -1376,7 +1376,8 @@ DECL_HANDLER(duplicate_token)
+         struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd, NULL, 0, NULL, 0 );
+         if (token)
+         {
+-            reply->new_handle = alloc_handle_no_access_check( current->process, token, req->access, objattr->attributes );
++            unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
++            reply->new_handle = alloc_handle_no_access_check( current->process, token, access, objattr->attributes );
+             release_object( token );
+         }
+         release_object( src_token );
+-- 
+2.13.1
+

patches/advapi32-Token_Integrity_Level/0004-server-Implement-token-integrity-level.patch

@@ -1,19 +1,19 @@
-From 6dc1b7d9e533379133857629bb9c09e1045a9020 Mon Sep 17 00:00:00 2001
+From ae503e8e7eb8f4fcb9bf3e642458c2a1bba6ccaa Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 02:28:35 +0200
 Subject: [PATCH] server: Implement token integrity level.
 
 ---
- dlls/ntdll/unix/security.c | 23 ++++++++++++++---------
- server/protocol.def        |  7 +++++++
- server/token.c             | 30 +++++++++++++++++++++++++++---
+ dlls/ntdll/nt.c     | 23 ++++++++++++++---------
+ server/protocol.def |  7 +++++++
+ server/token.c      | 30 +++++++++++++++++++++++++++---
  3 files changed, 48 insertions(+), 12 deletions(-)
 
-diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
-index 03a81afa46e..f0057116dee 100644
---- a/dlls/ntdll/unix/security.c
-+++ b/dlls/ntdll/unix/security.c
-@@ -172,7 +172,7 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
+diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
+index ca26ab15..8aab0a48 100644
+--- a/dlls/ntdll/nt.c
++++ b/dlls/ntdll/nt.c
+@@ -400,7 +400,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
          0,    /* TokenAccessInformation */
          0,    /* TokenVirtualizationAllowed */
          sizeof(DWORD), /* TokenVirtualizationEnabled */
@@ -22,9 +22,9 @@ index 03a81afa46e..f0057116dee 100644
          0,    /* TokenUIAccess */
          0,    /* TokenMandatoryPolicy */
          0,    /* TokenLogonSid */
-@@ -428,18 +428,23 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
+@@ -659,18 +659,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
+         }
          break;
- 
      case TokenIntegrityLevel:
 +        SERVER_START_REQ( get_token_integrity )
          {
@@ -32,14 +32,14 @@ index 03a81afa46e..f0057116dee 100644
 -            static const SID high_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
 -                                                            {SECURITY_MANDATORY_HIGH_RID}};
 -
-             TOKEN_MANDATORY_LABEL *tml = info;
+             TOKEN_MANDATORY_LABEL *tml = tokeninfo;
 -            PSID psid = tml + 1;
 +            PSID sid = tml + 1;
-+            DWORD sid_len = length < sizeof(*tml) ? 0 : length - sizeof(*tml);
++            DWORD sid_len = tokeninfolength < sizeof(*tml) ? 0 : tokeninfolength - sizeof(*tml);
  
 -            tml->Label.Sid = psid;
 -            tml->Label.Attributes = SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED;
--            memcpy( psid, &high_level, sizeof(SID) );
+-            memcpy(psid, &high_level, sizeof(SID));
 +            req->handle = wine_server_obj_handle( token );
 +            wine_server_set_reply( req, sid, sid_len );
 +            status = wine_server_call( req );
@@ -52,13 +52,13 @@ index 03a81afa46e..f0057116dee 100644
          }
 +        SERVER_END_REQ;
          break;
- 
      case TokenAppContainerSid:
+         {
 diff --git a/server/protocol.def b/server/protocol.def
-index 84f0b577d72..4d37a0df348 100644
+index 11221d7d..1bfe3234 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3296,6 +3296,13 @@ enum caret_state
+@@ -3405,6 +3405,13 @@ enum caret_state
      VARARG(sid,SID);              /* the sid specified by which_sid from the token */
  @END
  
@@ -73,10 +73,10 @@ index 84f0b577d72..4d37a0df348 100644
      obj_handle_t    handle;       /* handle to the token */
  @REPLY
 diff --git a/server/token.c b/server/token.c
-index 7c510fbdad9..d267991f751 100644
+index ccde0c2d..2d81118a 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -111,6 +111,7 @@ struct token
+@@ -113,6 +113,7 @@ struct token
      TOKEN_SOURCE   source;          /* source of the token */
      int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
      TOKEN_ELEVATION_TYPE elevation; /* elevation level */
@@ -84,7 +84,7 @@ index 7c510fbdad9..d267991f751 100644
  };
  
  struct privilege
-@@ -553,7 +554,8 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -546,7 +547,8 @@ static struct token *create_token( unsigned primary, const SID *user,
                                     const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                     const ACL *default_dacl, TOKEN_SOURCE source,
                                     const luid_t *modified_id,
@@ -94,7 +94,7 @@ index 7c510fbdad9..d267991f751 100644
  {
      struct token *token = alloc_object( &token_ops );
      if (token)
-@@ -637,6 +639,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -630,6 +632,7 @@ static struct token *create_token( unsigned primary, const SID *user,
          }
  
          token->source = source;
@@ -102,7 +102,7 @@ index 7c510fbdad9..d267991f751 100644
      }
      return token;
  }
-@@ -692,7 +695,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -685,7 +688,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
                            NULL, 0, src_token->default_dacl,
                            src_token->source, modified_id,
                            impersonation_level,
@@ -112,7 +112,7 @@ index 7c510fbdad9..d267991f751 100644
      if (!token) return token;
  
      /* copy groups */
-@@ -898,7 +902,7 @@ struct token *token_create_admin( void )
+@@ -890,7 +894,7 @@ struct token *token_create_admin( void )
          static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
          token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
                                admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
@@ -121,7 +121,7 @@ index 7c510fbdad9..d267991f751 100644
          /* we really need a primary group */
          assert( token->primary_group );
      }
-@@ -1532,6 +1536,26 @@ DECL_HANDLER(get_token_sid)
+@@ -1524,6 +1528,26 @@ DECL_HANDLER(get_token_sid)
      }
  }
  
@@ -149,5 +149,5 @@ index 7c510fbdad9..d267991f751 100644
  DECL_HANDLER(get_token_groups)
  {
 -- 
-2.27.0
+2.19.1
 

patches/advapi32-Token_Integrity_Level/0005-server-Use-all-group-attributes-in-create_token.patch

@@ -0,0 +1,46 @@
+From 48f4c131f9e8ffc091dde12437ad0772ed1c5ca6 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Sun, 6 Aug 2017 15:16:33 +0200
+Subject: server: Use all group attributes in create_token.
+
+---
+ server/token.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/server/token.c b/server/token.c
+index 0019b3a..2a56664 100644
+--- a/server/token.c
++++ b/server/token.c
+@@ -592,13 +592,13 @@ static struct token *create_token( unsigned primary, const SID *user,
+                 return NULL;
+             }
+             memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid ));
+-            group->enabled = TRUE;
+-            group->def = TRUE;
+-            group->logon = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
+             group->mandatory = (groups[i].Attributes & SE_GROUP_MANDATORY) != 0;
+-            group->owner = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
+-            group->resource = FALSE;
+-            group->deny_only = FALSE;
++            group->def       = (groups[i].Attributes & SE_GROUP_ENABLED_BY_DEFAULT) != 0;
++            group->enabled   = (groups[i].Attributes & SE_GROUP_ENABLED) != 0;
++            group->owner     = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
++            group->deny_only = (groups[i].Attributes & SE_GROUP_USE_FOR_DENY_ONLY) != 0;
++            group->logon     = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
++            group->resource  = (groups[i].Attributes & SE_GROUP_RESOURCE) != 0;
+             list_add_tail( &token->groups, &group->entry );
+             /* Use first owner capable group as owner and primary group */
+             if (!token->primary_group && group->owner)
+@@ -1603,8 +1603,8 @@ DECL_HANDLER(get_token_groups)
+                     if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
+                     if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
+                     if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
+-                    if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
+                     if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID;
++                    if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
+ 
+                     memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));
+ 
+-- 
+2.7.4
+

patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch

@@ -0,0 +1,219 @@
+From 2588eb4eb5fe56aca7d229ea42b0eaa3786ff600 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Sat, 5 Aug 2017 01:45:29 +0200
+Subject: [PATCH] ntdll: Add function to create new tokens for elevation
+ purposes.
+
+---
+ dlls/ntdll/ntdll.spec   |  3 ++
+ dlls/ntdll/ntdll_misc.h |  3 ++
+ dlls/ntdll/process.c    | 18 +++++++++
+ server/protocol.def     |  8 ++++
+ server/security.h       |  1 +
+ server/token.c          | 84 +++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 117 insertions(+)
+
+diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
+index e5db07f0a4e..d52f6b76aa4 100644
+--- a/dlls/ntdll/ntdll.spec
++++ b/dlls/ntdll/ntdll.spec
+@@ -1594,6 +1594,9 @@
+ # Virtual memory
+ @ cdecl __wine_locked_recvmsg(long ptr long)
+ 
++# Token
++@ cdecl __wine_create_default_token(long)
++
+ # Version
+ @ cdecl wine_get_version()
+ @ cdecl wine_get_build_id()
+diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
+index 92fcde95a8a..80be882e76d 100644
+--- a/dlls/ntdll/ntdll_misc.h
++++ b/dlls/ntdll/ntdll_misc.h
+@@ -69,6 +69,9 @@ extern void init_locale( HMODULE module ) DECLSPEC_HIDDEN;
+ extern void init_user_process_params(void) DECLSPEC_HIDDEN;
+ extern NTSTATUS restart_process( RTL_USER_PROCESS_PARAMETERS *params, NTSTATUS status ) DECLSPEC_HIDDEN;
+ 
++/* token */
++extern HANDLE CDECL __wine_create_default_token(BOOL admin);
++
+ /* server support */
+ extern BOOL is_wow64 DECLSPEC_HIDDEN;
+ extern NTSTATUS alloc_object_attributes( const OBJECT_ATTRIBUTES *attr, struct object_attributes **ret,
+diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
+index 992721d133f..24cb8f53de2 100644
+--- a/dlls/ntdll/process.c
++++ b/dlls/ntdll/process.c
+@@ -82,6 +82,24 @@ HANDLE CDECL __wine_make_process_system(void)
+     return ret;
+ }
+ 
++/***********************************************************************
++ *           __wine_create_default_token   (NTDLL.@)
++ *
++ * Creates a default limited or admin token.
++ */
++HANDLE CDECL __wine_create_default_token( BOOL admin )
++{
++    HANDLE ret = NULL;
++    SERVER_START_REQ( create_token )
++    {
++        req->admin = admin;
++        if (!wine_server_call( req ))
++            ret = wine_server_ptr_handle( reply->token );
++    }
++    SERVER_END_REQ;
++    return ret;
++}
++
+ /******************************************************************************
+ *  NtQueryInformationProcess		[NTDLL.@]
+ *  ZwQueryInformationProcess		[NTDLL.@]
+diff --git a/server/protocol.def b/server/protocol.def
+index 96bc9250ab0..14b811684d8 100644
+--- a/server/protocol.def
++++ b/server/protocol.def
+@@ -3759,6 +3759,14 @@ struct handle_info
+ @END
+ 
+ 
++/* Create a new token */
++@REQ(create_token)
++    unsigned int  admin;        /* admin or limited token */
++@REPLY
++    obj_handle_t  token;        /* handle for new token */
++@END
++
++
+ /* Create I/O completion port */
+ @REQ(create_completion)
+     unsigned int access;          /* desired access to a port */
+diff --git a/server/security.h b/server/security.h
+index 6c337143c3d..21e90ccf23f 100644
+--- a/server/security.h
++++ b/server/security.h
+@@ -49,6 +49,7 @@ extern const PSID security_builtin_users_sid;
+ extern const PSID security_builtin_admins_sid;
+ extern const PSID security_domain_users_sid;
+ extern const PSID security_high_label_sid;
++extern const PSID security_medium_label_sid;
+ 
+ 
+ /* token functions */
+diff --git a/server/token.c b/server/token.c
+index c4f1cd943c2..970ed1838da 100644
+--- a/server/token.c
++++ b/server/token.c
+@@ -77,6 +77,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
+ static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
+ static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
+ static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } };
++static const SID medium_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_MEDIUM_RID } };
+ static const SID_N(5) local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
+ static const SID_N(2) builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
+ static const SID_N(2) builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
+@@ -93,6 +94,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
+ const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
+ const PSID security_domain_users_sid = (PSID)&domain_users_sid;
+ const PSID security_high_label_sid = (PSID)&high_label_sid;
++const PSID security_medium_label_sid = (PSID)&medium_label_sid;
+ 
+ static luid_t prev_luid_value = { 1000, 0 };
+ 
+@@ -915,6 +917,64 @@ struct token *token_create_admin( void )
+     return token;
+ }
+ 
++static struct token *token_create_limited( void )
++{
++    struct token *token = NULL;
++    static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
++    static const unsigned int alias_admins_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS };
++    static const unsigned int alias_users_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS };
++    /* on Windows, this value changes every time the user logs on */
++    static const unsigned int logon_subauth[] = { SECURITY_LOGON_IDS_RID, 0, 1 /* FIXME: should be randomly generated when tokens are inherited by new processes */ };
++    PSID alias_admins_sid;
++    PSID alias_users_sid;
++    PSID logon_sid;
++    const SID *user_sid = security_unix_uid_to_sid( getuid() );
++    ACL *default_dacl = create_default_dacl( user_sid );
++
++    alias_admins_sid = security_sid_alloc( &nt_authority, sizeof(alias_admins_subauth)/sizeof(alias_admins_subauth[0]),
++                                           alias_admins_subauth );
++    alias_users_sid = security_sid_alloc( &nt_authority, sizeof(alias_users_subauth)/sizeof(alias_users_subauth[0]),
++                                          alias_users_subauth );
++    logon_sid = security_sid_alloc( &nt_authority, sizeof(logon_subauth)/sizeof(logon_subauth[0]),
++                                    logon_subauth );
++
++    if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl)
++    {
++        const LUID_AND_ATTRIBUTES user_privs[] =
++        {
++            { SeChangeNotifyPrivilege        , SE_PRIVILEGE_ENABLED },
++            { SeShutdownPrivilege            , 0                    },
++            { SeUndockPrivilege              , 0                    },
++        };
++        /* note: we don't include non-builtin groups here for the user -
++         * telling us these is the job of a client-side program */
++        const SID_AND_ATTRIBUTES user_groups[] =
++        {
++            { security_world_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
++            { security_local_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
++            { security_interactive_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
++            { security_authenticated_user_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
++            { security_domain_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
++            { alias_admins_sid, SE_GROUP_USE_FOR_DENY_ONLY },
++            { alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
++            { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
++        };
++        static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
++        token = create_token( TRUE, user_sid, user_groups, sizeof(user_groups)/sizeof(user_groups[0]),
++                              user_privs, sizeof(user_privs)/sizeof(user_privs[0]), default_dacl,
++                              admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
++        /* we really need a primary group */
++        assert( token->primary_group );
++    }
++
++    free( logon_sid );
++    free( alias_admins_sid );
++    free( alias_users_sid );
++    free( default_dacl );
++
++    return token;
++}
++
+ static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
+ {
+     struct privilege *privilege;
+@@ -1720,3 +1780,27 @@ DECL_HANDLER(set_token_default_dacl)
+         release_object( token );
+     }
+ }
++
++DECL_HANDLER(create_token)
++{
++    struct token *token;
++    PSID label;
++
++    if (req->admin)
++    {
++        token = token_create_admin();
++        label = security_high_label_sid;
++    }
++    else
++    {
++        token = token_create_limited();
++        label = security_medium_label_sid;
++    }
++
++    if (token)
++    {
++        if (token_assign_label( token, label ))
++            reply->token = alloc_handle( current->process, token, TOKEN_ALL_ACCESS, 0 );
++        release_object( token );
++    }
++}
+-- 
+2.27.0
+

patches/advapi32-Token_Integrity_Level/0007-shell32-Implement-process-elevation-using-runas-verb.patch

@@ -0,0 +1,66 @@
+From cf24ca0854a5b0dca2055f0991fd9a932125c65e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Sat, 5 Aug 2017 02:03:20 +0200
+Subject: shell32: Implement process elevation using runas verb.
+
+---
+ dlls/shell32/shlexec.c | 22 ++++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c
+index 0cf112b6373..af50078dbca 100644
+--- a/dlls/shell32/shlexec.c
++++ b/dlls/shell32/shlexec.c
+@@ -50,6 +50,8 @@
+ 
+ WINE_DEFAULT_DEBUG_CHANNEL(exec);
+ 
++extern HANDLE CDECL __wine_create_default_token(BOOL admin);
++
+ static const WCHAR wszOpen[] = {'o','p','e','n',0};
+ static const WCHAR wszExe[] = {'.','e','x','e',0};
+ static const WCHAR wszILPtr[] = {':','%','p',0};
+@@ -312,6 +314,8 @@ static HRESULT SHELL_GetPathFromIDListForExecuteW(LPCITEMIDLIST pidl, LPWSTR psz
+ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
+ 			    const SHELLEXECUTEINFOW *psei, LPSHELLEXECUTEINFOW psei_out)
+ {
++    static WCHAR runasW[] = {'r','u','n','a','s',0};
++    HANDLE token = NULL;
+     STARTUPINFOW  startup;
+     PROCESS_INFORMATION info;
+     UINT_PTR retval = SE_ERR_NOASSOC;
+@@ -344,8 +348,20 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
+     dwCreationFlags = CREATE_UNICODE_ENVIRONMENT;
+     if (!(psei->fMask & SEE_MASK_NO_CONSOLE))
+         dwCreationFlags |= CREATE_NEW_CONSOLE;
+-    if (CreateProcessW(NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, dwCreationFlags, env,
+-                       lpDirectory, &startup, &info))
++
++    /* Spawning a process with runas verb means that the process should be
++     * executed with admin rights. This function ignores the manifest data,
++     * and allows programs to elevate rights on-demand. On Windows a complex
++     * RPC menchanism is used, using CreateProcessAsUser would fail because
++     * it can only be used to drop rights. */
++    if (psei->lpVerb && !strcmpiW(psei->lpVerb, runasW))
++    {
++        if (!(token = __wine_create_default_token(TRUE)))
++            ERR("Failed to create admin token\n");
++    }
++
++    if (CreateProcessAsUserW(token, NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE,
++                             dwCreationFlags, env, lpDirectory, &startup, &info))
+     {
+         /* Give 30 seconds to the app to come up, if desired. Probably only needed
+            when starting app immediately before making a DDE connection. */
+@@ -365,6 +381,8 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
+         retval = ERROR_BAD_FORMAT;
+     }
+ 
++    if (token) CloseHandle(token);
++
+     TRACE("returning %lu\n", retval);
+ 
+     psei_out->hInstApp = (HINSTANCE)retval;
+-- 
+2.13.1
+

patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch

@@ -1,4 +1,4 @@
-From 51cde3dff5de27d1aebc964a4802758534d56773 Mon Sep 17 00:00:00 2001
+From 1f2b1bafabfd457836f18741f178b3745e129c36 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 03:39:55 +0200
 Subject: [PATCH] ntdll: Implement process token elevation through manifests.
@@ -12,10 +12,10 @@ Subject: [PATCH] ntdll: Implement process token elevation through manifests.
  5 files changed, 67 insertions(+)
 
 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index 6290cbcb4e6..9a8f13901b2 100644
+index 0c8f05285c4..92ae87c6e6d 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
-@@ -3489,6 +3489,32 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, void **entry, ULONG_PTR unknow
+@@ -3898,6 +3898,32 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, void **entry, ULONG_PTR unknow
  }
  
  
@@ -48,7 +48,7 @@ index 6290cbcb4e6..9a8f13901b2 100644
  /***********************************************************************
   *           load_global_options
   */
-@@ -3900,6 +3926,7 @@ void __wine_process_init(void)
+@@ -4359,6 +4385,7 @@ void __wine_process_init(void)
                                        'k','e','r','n','e','l','3','2','.','d','l','l',0};
      void (WINAPI *kernel32_start_process)(LPTHREAD_START_ROUTINE,void*) = NULL;
      RTL_USER_PROCESS_PARAMETERS *params;
@@ -56,9 +56,9 @@ index 6290cbcb4e6..9a8f13901b2 100644
      WINE_MODREF *wm;
      NTSTATUS status;
      ANSI_STRING func_name;
-@@ -4021,6 +4048,16 @@ void __wine_process_init(void)
-     }
- #endif
+@@ -4453,6 +4480,16 @@ void __wine_process_init(void)
+ 
+     unix_funcs->virtual_set_large_address_space();
  
 +    /* elevate process if necessary */
 +    status = RtlQueryInformationActivationContext( 0, NULL, 0, RunlevelInformationInActivationContext,
@@ -74,11 +74,11 @@ index 6290cbcb4e6..9a8f13901b2 100644
      RemoveEntryList( &wm->ldr.InLoadOrderLinks );
      InsertHeadList( &peb->LdrData->InLoadOrderModuleList, &wm->ldr.InLoadOrderLinks );
 diff --git a/server/process.c b/server/process.c
-index fa8495511e0..df72efdecc8 100644
+index ac85cace95d..52604ec4d61 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -1086,6 +1086,14 @@ int set_process_debug_flag( struct process *process, int flag )
-     return write_process_memory( process, process->peb + 2, 1, &data );
+@@ -1115,6 +1115,14 @@ struct process_snapshot *process_snap( int *count )
+     return snapshot;
  }
  
 +/* replace the token of a process */
@@ -93,22 +93,22 @@ index fa8495511e0..df72efdecc8 100644
  DECL_HANDLER(new_process)
  {
 diff --git a/server/process.h b/server/process.h
-index 0fdf070b78e..43e8cc1ad7e 100644
+index 5b83e111a6f..dfe5c4e52d8 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -129,6 +129,7 @@ extern void kill_console_processes( struct thread *renderer, int exit_code );
- extern void kill_debugged_processes( struct thread *debugger, int exit_code );
+@@ -139,6 +139,7 @@ extern void kill_debugged_processes( struct thread *debugger, int exit_code );
  extern void detach_debugged_processes( struct thread *debugger );
+ extern struct process_snapshot *process_snap( int *count );
  extern void enum_processes( int (*cb)(struct process*, void*), void *user);
 +extern void replace_process_token( struct process *process, struct token *token );
  
  /* console functions */
- extern obj_handle_t inherit_console( struct thread *parent_thread, obj_handle_t handle,
+ extern void inherit_console( struct thread *parent_thread, struct process *parent,
 diff --git a/server/protocol.def b/server/protocol.def
-index a9308904afc..8c40fba8d0a 100644
+index 7315f8ac4ea..901c380b721 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3489,6 +3489,13 @@ struct handle_info
+@@ -3763,6 +3763,13 @@ struct handle_info
  @END
  
  
@@ -145,5 +145,5 @@ index 970ed1838da..1c1d49989b3 100644
 +    }
 +}
 -- 
-2.28.0
+2.26.2
 

patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch

@@ -0,0 +1,310 @@
+From 9c61f6acfa2c43e43f07fae1a5cd447573b9529b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Sun, 6 Aug 2017 02:08:05 +0200
+Subject: [PATCH] server: Implement support for creating processes using a
+ token.
+
+---
+ dlls/kernelbase/process.c | 24 +++++++++++++-----------
+ dlls/ntdll/unix/process.c |  1 +
+ server/process.c          | 39 +++++++++++++++++++++++++++++++++++----
+ server/process.h          |  2 +-
+ server/protocol.def       |  1 +
+ server/request.c          |  2 +-
+ server/security.h         |  2 ++
+ server/token.c            | 11 +++++++++++
+ 8 files changed, 65 insertions(+), 17 deletions(-)
+
+diff --git a/dlls/kernelbase/process.c b/dlls/kernelbase/process.c
+index a3b168543fc..b5c8b47239d 100644
+--- a/dlls/kernelbase/process.c
++++ b/dlls/kernelbase/process.c
+@@ -244,7 +244,7 @@ static RTL_USER_PROCESS_PARAMETERS *create_process_params( const WCHAR *filename
+ /***********************************************************************
+  *           create_nt_process
+  */
+-static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
++static NTSTATUS create_nt_process( HANDLE token, SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
+                                    BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
+                                    RTL_USER_PROCESS_INFORMATION *info, HANDLE parent )
+ {
+@@ -259,7 +259,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
+         status = RtlCreateUserProcess( &nameW, OBJ_CASE_INSENSITIVE, params,
+                                        psa ? psa->lpSecurityDescriptor : NULL,
+                                        tsa ? tsa->lpSecurityDescriptor : NULL,
+-                                       parent, inherit, 0, 0, info );
++                                       parent, inherit, 0, token, info );
+         RtlFreeUnicodeString( &nameW );
+     }
+     return status;
+@@ -269,7 +269,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
+ /***********************************************************************
+  *           create_vdm_process
+  */
+-static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
++static NTSTATUS create_vdm_process( HANDLE token, SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
+                                     BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
+                                     RTL_USER_PROCESS_INFORMATION *info )
+ {
+@@ -290,7 +290,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
+               winevdm, params->ImagePathName.Buffer, params->CommandLine.Buffer );
+     RtlInitUnicodeString( &params->ImagePathName, winevdm );
+     RtlInitUnicodeString( &params->CommandLine, newcmdline );
+-    status = create_nt_process( psa, tsa, inherit, flags, params, info, NULL );
++    status = create_nt_process( token, psa, tsa, inherit, flags, params, info, NULL );
+     HeapFree( GetProcessHeap(), 0, newcmdline );
+     return status;
+ }
+@@ -299,7 +299,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
+ /***********************************************************************
+  *           create_cmd_process
+  */
+-static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
++static NTSTATUS create_cmd_process( HANDLE token, SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
+                                     BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
+                                     RTL_USER_PROCESS_INFORMATION *info )
+ {
+@@ -318,7 +318,7 @@ static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
+     swprintf( newcmdline, len, L"%s /s/c \"%s\"", comspec, params->CommandLine.Buffer );
+     RtlInitUnicodeString( &params->ImagePathName, comspec );
+     RtlInitUnicodeString( &params->CommandLine, newcmdline );
+-    status = create_nt_process( psa, tsa, inherit, flags, params, info, NULL );
++    status = create_nt_process( token, psa, tsa, inherit, flags, params, info, NULL );
+     RtlFreeHeap( GetProcessHeap(), 0, newcmdline );
+     return status;
+ }
+@@ -450,7 +450,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+ 
+     TRACE( "app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
+ 
+-    if (token) FIXME( "Creating a process with a token is not yet implemented\n" );
++    /* FIXME: Starting a process which requires admin rights should fail
++     * with ERROR_ELEVATION_REQUIRED when no token is passed. */
++
+     if (new_token) FIXME( "No support for returning created process token\n" );
+ 
+     if (app_name)
+@@ -523,7 +525,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+         }
+     }
+ 
+-    status = create_nt_process( process_attr, thread_attr, inherit, flags, params, &rtl_info, parent );
++    status = create_nt_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info, parent );
+     switch (status)
+     {
+     case STATUS_SUCCESS:
+@@ -532,7 +534,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+     case STATUS_INVALID_IMAGE_NE_FORMAT:
+     case STATUS_INVALID_IMAGE_PROTECT:
+         TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(app_name) );
+-        status = create_vdm_process( process_attr, thread_attr, inherit, flags, params, &rtl_info );
++        status = create_vdm_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info );
+         break;
+     case STATUS_INVALID_IMAGE_NOT_MZ:
+         /* check for .com or .bat extension */
+@@ -540,12 +542,12 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+         if (!wcsicmp( p, L".com" ) || !wcsicmp( p, L".pif" ))
+         {
+             TRACE( "starting %s as DOS binary\n", debugstr_w(app_name) );
+-            status = create_vdm_process( process_attr, thread_attr, inherit, flags, params, &rtl_info );
++            status = create_vdm_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info );
+         }
+         else if (!wcsicmp( p, L".bat" ) || !wcsicmp( p, L".cmd" ))
+         {
+             TRACE( "starting %s as batch binary\n", debugstr_w(app_name) );
+-            status = create_cmd_process( process_attr, thread_attr, inherit, flags, params, &rtl_info );
++            status = create_cmd_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info );
+         }
+         break;
+     }
+diff --git a/dlls/ntdll/unix/process.c b/dlls/ntdll/unix/process.c
+index cca6c2747bf..379a0036b63 100644
+--- a/dlls/ntdll/unix/process.c
++++ b/dlls/ntdll/unix/process.c
+@@ -827,6 +827,7 @@ NTSTATUS WINAPI NtCreateUserProcess( HANDLE *process_handle_ptr, HANDLE *thread_
+         req->access         = process_access;
+         req->cpu            = pe_info.cpu;
+         req->info_size      = startup_info_size;
++        req->token          = wine_server_obj_handle( token );
+         wine_server_add_data( req, objattr, attr_len );
+         wine_server_add_data( req, startup_info, startup_info_size );
+         wine_server_add_data( req, params->Environment, env_size );
+diff --git a/server/process.c b/server/process.c
+index 52604ec4d61..047916ffd09 100644
+--- a/server/process.c
++++ b/server/process.c
+@@ -499,7 +499,7 @@ static void start_sigkill_timer( struct process *process )
+ /* create a new process */
+ /* if the function fails the fd is closed */
+ struct process *create_process( int fd, struct process *parent, int inherit_all,
+-                                const struct security_descriptor *sd )
++                                const struct security_descriptor *sd, struct token *token )
+ {
+     struct process *process;
+ 
+@@ -576,7 +576,7 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
+                                        : alloc_handle_table( process, 0 );
+         /* Note: for security reasons, starting a new process does not attempt
+          * to use the current impersonation token for the new process */
+-        process->token = token_duplicate( parent->token, TRUE, 0, NULL, NULL, 0, NULL, 0 );
++        process->token = token_duplicate( token ? token : parent->token, TRUE, 0, NULL, NULL, 0, NULL, 0 );
+         process->affinity = parent->affinity;
+     }
+     if (!process->handles || !process->token) goto error;
+@@ -1132,6 +1132,7 @@ DECL_HANDLER(new_process)
+     const struct security_descriptor *sd;
+     const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
+     struct process *process = NULL;
++    struct token *token = NULL;
+     struct process *parent;
+     struct thread *parent_thread = current;
+     int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
+@@ -1185,10 +1186,39 @@ DECL_HANDLER(new_process)
+         return;
+     }
+ 
++    if (req->token)
++    {
++        token = get_token_from_handle( req->token, TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY );
++        if (!token)
++        {
++            close( socket_fd );
++            return;
++        }
++        if (!token_is_primary( token ))
++        {
++            set_error( STATUS_BAD_TOKEN_TYPE );
++            release_object( token );
++            close( socket_fd );
++            return;
++        }
++    }
++
++    if (!req->info_size)  /* create an orphaned process */
++    {
++        if ((process = create_process( socket_fd, NULL, 0, sd, token )))
++        {
++            create_thread( -1, process, NULL );
++            release_object( process );
++        }
++        if (token) release_object( token );
++        return;
++    }
++
+     /* build the startup info for a new process */
+     if (!(info = alloc_object( &startup_info_ops )))
+     {
+         close( socket_fd );
++        if (token) release_object( token );
+         release_object( parent );
+         return;
+     }
+@@ -1236,7 +1266,7 @@ DECL_HANDLER(new_process)
+ #undef FIXUP_LEN
+     }
+ 
+-    if (!(process = create_process( socket_fd, parent, req->inherit_all, sd ))) goto done;
++    if (!(process = create_process( socket_fd, parent, req->inherit_all, sd, token ))) goto done;
+ 
+     process->startup_info = (struct startup_info *)grab_object( info );
+ 
+@@ -1297,6 +1327,7 @@ DECL_HANDLER(new_process)
+     reply->handle = alloc_handle_no_access_check( current->process, process, req->access, objattr->attributes );
+ 
+  done:
++    if (token) release_object( token );
+     if (process) release_object( process );
+     release_object( parent );
+     release_object( info );
+@@ -1330,7 +1361,7 @@ DECL_HANDLER(exec_process)
+         close( socket_fd );
+         return;
+     }
+-    if (!(process = create_process( socket_fd, NULL, 0, NULL ))) return;
++    if (!(process = create_process( socket_fd, NULL, 0, NULL, NULL ))) return;
+     create_thread( -1, process, NULL );
+     release_object( process );
+ }
+diff --git a/server/process.h b/server/process.h
+index dfe5c4e52d8..61b83abf693 100644
+--- a/server/process.h
++++ b/server/process.h
+@@ -118,7 +118,7 @@ extern unsigned int alloc_ptid( void *ptr );
+ extern void free_ptid( unsigned int id );
+ extern void *get_ptid_entry( unsigned int id );
+ extern struct process *create_process( int fd, struct process *parent, int inherit_all,
+-                                       const struct security_descriptor *sd );
++                                       const struct security_descriptor *sd, struct token *token );
+ extern data_size_t init_process( struct thread *thread );
+ extern struct thread *get_process_first_thread( struct process *process );
+ extern struct process *get_process_from_id( process_id_t id );
+diff --git a/server/protocol.def b/server/protocol.def
+index 901c380b721..8c86967609f 100644
+--- a/server/protocol.def
++++ b/server/protocol.def
+@@ -801,6 +801,7 @@ struct rawinput_device
+     unsigned int access;         /* access rights for process object */
+     client_cpu_t cpu;            /* CPU that the new process will use */
+     data_size_t  info_size;      /* size of startup info */
++    obj_handle_t token;          /* token for the new process */
+     VARARG(objattr,object_attributes);   /* object attributes */
+     VARARG(info,startup_info,info_size); /* startup information */
+     VARARG(env,unicode_str);     /* environment for new process */
+diff --git a/server/request.c b/server/request.c
+index 4c1f30a5fe7..321bb6cfa81 100644
+--- a/server/request.c
++++ b/server/request.c
+@@ -582,7 +582,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
+         int client = accept( get_unix_fd( master_socket->fd ), (struct sockaddr *) &dummy, &len );
+         if (client == -1) return;
+         fcntl( client, F_SETFL, O_NONBLOCK );
+-        if ((process = create_process( client, NULL, 0, NULL )))
++        if ((process = create_process( client, NULL, 0, NULL, NULL )))
+         {
+             create_thread( -1, process, NULL );
+             release_object( process );
+diff --git a/server/security.h b/server/security.h
+index 21e90ccf23f..32dfe5f8db9 100644
+--- a/server/security.h
++++ b/server/security.h
+@@ -67,6 +67,8 @@ extern const ACL *token_get_default_dacl( struct token *token );
+ extern const SID *token_get_user( struct token *token );
+ extern const SID *token_get_primary_group( struct token *token );
+ extern int token_sid_present( struct token *token, const SID *sid, int deny);
++extern struct token *get_token_from_handle( obj_handle_t handle, unsigned int access );
++extern int token_is_primary( struct token *token );
+ 
+ static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
+ {
+diff --git a/server/token.c b/server/token.c
+index 1c1d49989b3..2f466aa1b25 100644
+--- a/server/token.c
++++ b/server/token.c
+@@ -843,6 +843,12 @@ int token_assign_label( struct token *token, PSID label )
+     return ret;
+ }
+ 
++struct token *get_token_from_handle( obj_handle_t handle, unsigned int access )
++{
++    return (struct token *)get_handle_obj( current->process, handle,
++                                           access, &token_ops );
++}
++
+ struct token *token_create_admin( void )
+ {
+     struct token *token = NULL;
+@@ -1269,6 +1275,11 @@ const SID *token_get_primary_group( struct token *token )
+     return token->primary_group;
+ }
+ 
++int token_is_primary( struct token *token )
++{
++    return token->primary;
++}
++
+ int check_object_access(struct object *obj, unsigned int *access)
+ {
+     GENERIC_MAPPING mapping;
+-- 
+2.27.0
+

patches/advapi32-Token_Integrity_Level/0013-server-Correctly-assign-security-labels-for-tokens.patch

@@ -1,21 +1,20 @@
-From a8915b8ebd4c06b0216fc82d1ba8d958a677eccf Mon Sep 17 00:00:00 2001
+From 6d8fd34cabbcbc64062675be610fb8704fcdc3ec Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 03:33:26 +0200
 Subject: [PATCH] server: Correctly assign security labels for tokens.
 
 ---
- dlls/advapi32/tests/security.c | 21 +++++++++--------
- server/named_pipe.c            |  2 +-
- server/process.c               |  8 +------
+ dlls/advapi32/tests/security.c | 21 ++++++++++-----------
+ server/process.c               |  8 +-------
  server/security.h              |  2 +-
- server/token.c                 | 41 ++++++++++++++++++++--------------
- 5 files changed, 37 insertions(+), 37 deletions(-)
+ server/token.c                 | 41 ++++++++++++++++++++++++-----------------
+ 4 files changed, 36 insertions(+), 36 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 94f3ea4601a..ab572421a73 100644
+index bf4161c..0610ec7 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -7105,7 +7105,6 @@ static void test_token_security_descriptor(void)
+@@ -7186,7 +7186,6 @@ static void test_token_security_descriptor(void)
      defaulted = TRUE;
      ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted);
      ok(ret, "GetSecurityDescriptorDacl failed with error %u\n", GetLastError());
@@ -23,7 +22,7 @@ index 94f3ea4601a..ab572421a73 100644
      ok(present, "DACL not present\n");
  
      if (present)
-@@ -7226,7 +7225,7 @@ static void test_token_security_descriptor(void)
+@@ -7307,7 +7306,7 @@ static void test_token_security_descriptor(void)
                  ok(ret, "GetAce failed with error %u\n", GetLastError());
                  ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
                     "Unexpected ACE type %#x\n", ace->Header.AceType);
@@ -32,7 +31,7 @@ index 94f3ea4601a..ab572421a73 100644
                     "Expected medium integrity level\n");
              }
  
-@@ -7279,8 +7278,8 @@ static void test_token_security_descriptor(void)
+@@ -7360,8 +7359,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -43,7 +42,7 @@ index 94f3ea4601a..ab572421a73 100644
  
              if (sacl)
              {
-@@ -7329,8 +7328,8 @@ static void test_token_security_descriptor(void)
+@@ -7410,8 +7409,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -54,7 +53,7 @@ index 94f3ea4601a..ab572421a73 100644
  
              if (sacl)
              {
-@@ -7394,8 +7393,8 @@ static void test_token_security_descriptor(void)
+@@ -7475,8 +7474,8 @@ static void test_token_security_descriptor(void)
  
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -65,7 +64,7 @@ index 94f3ea4601a..ab572421a73 100644
  
          if (sacl)
          {
-@@ -7432,8 +7431,8 @@ static void test_token_security_descriptor(void)
+@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
          sacl = NULL;
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -76,7 +75,7 @@ index 94f3ea4601a..ab572421a73 100644
  
          if (sacl)
          {
-@@ -7652,7 +7651,7 @@ static void test_child_token_sd_medium(void)
+@@ -7732,7 +7731,7 @@ static void test_child_token_sd_medium(void)
      ok(ret, "GetAce failed with error %u\n", GetLastError());
      ok(ace_label->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
         "Unexpected ACE type %#x\n", ace_label->Header.AceType);
@@ -85,24 +84,11 @@ index 94f3ea4601a..ab572421a73 100644
         "Expected medium integrity level\n");
  
      memset(buffer_integrity, 0, sizeof(buffer_integrity));
-diff --git a/server/named_pipe.c b/server/named_pipe.c
-index 4cd4d7dc4a8..06bf8402aea 100644
---- a/server/named_pipe.c
-+++ b/server/named_pipe.c
-@@ -1142,7 +1142,7 @@ static int pipe_server_ioctl( struct fd *fd, ioctl_code_t code, struct async *as
-         if (current->process->token) /* FIXME: use the client token */
-         {
-             struct token *token;
--            if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL, NULL, 0, NULL, 0 )))
-+            if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL, NULL, 0, NULL, 0, NULL )))
-                 return 0;
-             if (current->token) release_object( current->token );
-             current->token = token;
 diff --git a/server/process.c b/server/process.c
-index 31d5b96a25d..2c485831e33 100644
+index b7c9da3..250f777 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -577,17 +577,11 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
+@@ -562,17 +562,11 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -122,7 +108,7 @@ index 31d5b96a25d..2c485831e33 100644
      return process;
  
 diff --git a/server/security.h b/server/security.h
-index 32dfe5f8db9..87377ccd673 100644
+index 32dfe5f..87377cc 100644
 --- a/server/security.h
 +++ b/server/security.h
 @@ -59,7 +59,7 @@ extern int token_assign_label( struct token *token, PSID label );
@@ -135,10 +121,10 @@ index 32dfe5f8db9..87377ccd673 100644
                                     const LUID_AND_ATTRIBUTES *reqprivs,
                                     unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
 diff --git a/server/token.c b/server/token.c
-index 2f466aa1b25..23bc1cc13f7 100644
+index 5db97b4..bd251c7 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -675,7 +675,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
+@@ -668,7 +668,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
  struct token *token_duplicate( struct token *src_token, unsigned primary,
                                 int impersonation_level, const struct security_descriptor *sd,
                                 const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
@@ -147,7 +133,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
  {
      const luid_t *modified_id =
          primary || (impersonation_level == src_token->impersonation_level) ?
-@@ -742,6 +742,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -735,6 +735,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
      if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
                              DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
  
@@ -160,7 +146,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
      return token;
  }
  
-@@ -913,6 +919,12 @@ struct token *token_create_admin( void )
+@@ -906,6 +912,12 @@ struct token *token_create_admin( void )
                                admin_source, NULL, -1, TokenElevationTypeFull, &high_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -173,7 +159,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
      }
  
      free( logon_sid );
-@@ -971,6 +983,12 @@ static struct token *token_create_limited( void )
+@@ -964,6 +976,12 @@ static struct token *token_create_limited( void )
                                admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -186,7 +172,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
      }
  
      free( logon_sid );
-@@ -1439,7 +1457,8 @@ DECL_HANDLER(duplicate_token)
+@@ -1432,7 +1450,8 @@ DECL_HANDLER(duplicate_token)
                                                       TOKEN_DUPLICATE,
                                                       &token_ops )))
      {
@@ -196,7 +182,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
          if (token)
          {
              unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
-@@ -1469,7 +1488,7 @@ DECL_HANDLER(filter_token)
+@@ -1462,7 +1481,7 @@ DECL_HANDLER(filter_token)
          group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
  
          token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
@@ -205,7 +191,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
          if (token)
          {
              unsigned int access = get_handle_access( current->process, req->handle );
-@@ -1795,23 +1814,11 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1788,23 +1807,11 @@ DECL_HANDLER(set_token_default_dacl)
  DECL_HANDLER(create_token)
  {
      struct token *token;
@@ -232,5 +218,5 @@ index 2f466aa1b25..23bc1cc13f7 100644
      }
  }
 -- 
-2.27.0
+2.7.4