From a61f8d3c6b15cf690bf88aeb4f291d9746757b41 Mon Sep 17 00:00:00 2001
From: Donat Enikeev <donat@enikeev.net>
Date: Sun, 16 Oct 2016 20:45:56 +0300
Subject: [PATCH 4/4] Merging systems certificates with HKLM\root for apps' RW
 access

Signed-off-by: Donat Enikeev <donat@enikeev.net>
---
 dlls/crypt32/store.c | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/dlls/crypt32/store.c b/dlls/crypt32/store.c
index 356712b..39f3da8 100644
--- a/dlls/crypt32/store.c
+++ b/dlls/crypt32/store.c
@@ -412,7 +412,7 @@ static WINECRYPT_CERTSTORE *CRYPT_SysRegOpenStoreW(HCRYPTPROV hCryptProv,
     static const WCHAR fmt[] = { '%','s','\\','%','s',0 };
     LPCWSTR storeName = pvPara;
     LPWSTR storePath;
-    WINECRYPT_CERTSTORE *store = NULL;
+    WINECRYPT_CERTSTORE *store = NULL, *env_root_store, *root_collection;
     HKEY root;
     LPCWSTR base;
 
@@ -424,15 +424,6 @@ static WINECRYPT_CERTSTORE *CRYPT_SysRegOpenStoreW(HCRYPTPROV hCryptProv,
         SetLastError(E_INVALIDARG);
         return NULL;
     }
-    /* FIXME:  In Windows, the root store (even the current user location) is
-     * protected:  adding to it or removing from it present a user interface,
-     * and the keys are owned by the system process, not the current user.
-     * Wine's registry doesn't implement access controls, so a similar
-     * mechanism isn't possible yet.
-     */
-    if ((dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) ==
-     CERT_SYSTEM_STORE_LOCAL_MACHINE && !lstrcmpiW(storeName, rootW))
-        return CRYPT_RootOpenStore(hCryptProv, dwFlags);
 
     switch (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK)
     {
@@ -509,6 +500,24 @@ static WINECRYPT_CERTSTORE *CRYPT_SysRegOpenStoreW(HCRYPTPROV hCryptProv,
         if (!rc)
         {
             store = CRYPT_RegOpenStore(hCryptProv, dwFlags, key);
+            /** initiating collection for further merging HKLM\Root with system certs**/
+            if ((dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) ==
+                CERT_SYSTEM_STORE_LOCAL_MACHINE && !lstrcmpiW(storeName, rootW))
+            {
+                root_collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, NULL, 0, NULL);
+                env_root_store = CRYPT_RootOpenStore(NULL, dwFlags);
+                if (!root_collection || !env_root_store)
+                    FIXME("Failed to initiate collection or system certs store %x\n", GetLastError());
+                else
+                {
+                    if (!CertAddStoreToCollection(root_collection, store, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1))
+                        FIXME("Failed to add registry store to the root collection %x \n", GetLastError());
+                    else if (!CertAddStoreToCollection(root_collection, env_root_store, 0, 0))
+                        FIXME("Failed to add system certs store to the root collection %x \n", GetLastError());
+                    else
+                        store = root_collection;
+                }
+            }
             RegCloseKey(key);
         }
         else
-- 
2.7.4