From: Donat Enikeev <donat@enikeev.net>
Subject: [PATCH 2/2] crypt32: return collection of registry store and systems certs store (read-only) on opening HKLM\Root store
Message-Id: <1476795594-5877-1-git-send-email-donat@enikeev.net>
Date: Tue, 18 Oct 2016 15:59:54 +0300

Fixes bug: https://bugs.winehq.org/show_bug.cgi?id=30187
Follows discussion with Jacek Caban @wine-devel

Signed-off-by: Donat Enikeev <donat@enikeev.net>
---
 dlls/crypt32/store.c | 42 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

diff --git a/dlls/crypt32/store.c b/dlls/crypt32/store.c
index d5d7443..be9e5c4 100644
--- a/dlls/crypt32/store.c
+++ b/dlls/crypt32/store.c
@@ -412,7 +412,7 @@ static WINECRYPT_CERTSTORE *CRYPT_SysRegOpenStoreW(HCRYPTPROV hCryptProv,
     static const WCHAR fmt[] = { '%','s','\\','%','s',0 };
     LPCWSTR storeName = pvPara;
     LPWSTR storePath;
-    WINECRYPT_CERTSTORE *store = NULL;
+    WINECRYPT_CERTSTORE *store = NULL, *env_root_store = NULL, *root_collection = NULL;
     HKEY root;
     LPCWSTR base;
 
@@ -430,9 +430,6 @@ static WINECRYPT_CERTSTORE *CRYPT_SysRegOpenStoreW(HCRYPTPROV hCryptProv,
      * Wine's registry doesn't implement access controls, so a similar
      * mechanism isn't possible yet.
      */
-    if ((dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) ==
-     CERT_SYSTEM_STORE_LOCAL_MACHINE && !lstrcmpiW(storeName, rootW))
-        return CRYPT_RootOpenStore(hCryptProv, dwFlags);
 
     switch (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK)
     {
@@ -509,6 +506,43 @@ static WINECRYPT_CERTSTORE *CRYPT_SysRegOpenStoreW(HCRYPTPROV hCryptProv,
         if (!rc)
         {
             store = CRYPT_RegOpenStore(hCryptProv, dwFlags, key);
+            /* If HKLM\Root requested, returning a collection with it
+             * and the root store containing systems certs
+             */
+            if ((dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) ==
+                CERT_SYSTEM_STORE_LOCAL_MACHINE && !lstrcmpiW(storeName, rootW))
+            {
+                root_collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL);
+                if (!root_collection)
+                    ERR("Failed to initiate collection %x\n", GetLastError());
+                else
+                {
+                    env_root_store = CRYPT_RootOpenStore(0, dwFlags);
+                    if (!env_root_store)
+                    {
+                        ERR("Failed to open root store %x\n", GetLastError());
+                        CertCloseStore(root_collection, 0);
+                    }
+                }
+
+                if (root_collection && env_root_store)
+                {
+                    if (!CertAddStoreToCollection(root_collection, store,
+                            CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1)
+                        || !CertAddStoreToCollection(root_collection, env_root_store, 0, 0))
+                    {
+                        ERR("Failed to add stores, keeping using registry store only %x\n", GetLastError());
+                        CertCloseStore(root_collection,0);
+                    }
+                    else
+                    {
+                        CertCloseStore(store, 0);
+                        store = root_collection;
+                    }
+                    /* decrementing refcount to make a collection the only owner */
+                    CertCloseStore(env_root_store,0);
+                }
+            }
             RegCloseKey(key);
         }
         else

-- 
2.7.4