{-# LINE 1 "System\\Win32\\Security.hsc" #-}
{-# OPTIONS_GHC -w #-}
-- The above warning supression flag is a temporary kludge.
-- While working on this module you are encouraged to remove it and fix
-- any warnings in the module. See
--     https://ghc.haskell.org/trac/ghc/wiki/Commentary/CodingStyle#Warnings
-- for details

{-# LANGUAGE Trustworthy #-}
-----------------------------------------------------------------------------
-- |
-- Module      :  System.Win32.Security
-- Copyright   :  (c) Simon Marlow 2007
-- License     :  BSD-style (see the file LICENSE)
--
-- Maintainer  :  Simon Marlow
-- Stability   :  provisional
-- Portability :  portable
--
-- FFI-bindings to interact with Win32 Security
--
-----------------------------------------------------------------------------

module System.Win32.Security (
        -- * Types
        SID, PSID,
        ACL, PACL,
        SECURITY_DESCRIPTOR,

        SECURITY_DESCRIPTOR_CONTROL,
        se_OWNER_DEFAULTED,
        se_GROUP_DEFAULTED,
        se_DACL_PRESENT,
        se_DACL_DEFAULTED,
        se_SACL_PRESENT,
        se_SACL_DEFAULTED,
        se_DACL_AUTO_INHERIT_REQ,
        se_SACL_AUTO_INHERIT_REQ,
        se_DACL_AUTO_INHERITED,
        se_SACL_AUTO_INHERITED,
        se_DACL_PROTECTED,
        se_SACL_PROTECTED,
        se_SELF_RELATIVE,

        SECURITY_INFORMATION,
        oWNER_SECURITY_INFORMATION,
        gROUP_SECURITY_INFORMATION,
        dACL_SECURITY_INFORMATION,
        sACL_SECURITY_INFORMATION,

        -- * Functions
        getFileSecurity,
  ) where

import Foreign
-- import Foreign.C
import System.Win32.Types

#include "windows_cconv.h"



-- --------------------------------------------------------------------------
-- Security Descriptors

newtype SECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
type PSECURITY_DESCRIPTOR = Ptr SECURITY_DESCRIPTOR
newtype SecurityDescriptor = SecurityDescriptor (ForeignPtr SECURITY_DESCRIPTOR)

type SECURITY_DESCRIPTOR_CONTROL = WORD
se_OWNER_DEFAULTED        :: SECURITY_DESCRIPTOR_CONTROL
se_OWNER_DEFAULTED        =  1
se_GROUP_DEFAULTED        :: SECURITY_DESCRIPTOR_CONTROL
se_GROUP_DEFAULTED        =  2
se_DACL_PRESENT           :: SECURITY_DESCRIPTOR_CONTROL
se_DACL_PRESENT           =  4
se_DACL_DEFAULTED         :: SECURITY_DESCRIPTOR_CONTROL
se_DACL_DEFAULTED         =  8
se_SACL_PRESENT           :: SECURITY_DESCRIPTOR_CONTROL
se_SACL_PRESENT           =  16
se_SACL_DEFAULTED         :: SECURITY_DESCRIPTOR_CONTROL
se_SACL_DEFAULTED         =  32
se_DACL_AUTO_INHERIT_REQ  :: SECURITY_DESCRIPTOR_CONTROL
se_DACL_AUTO_INHERIT_REQ  =  256
se_SACL_AUTO_INHERIT_REQ  :: SECURITY_DESCRIPTOR_CONTROL
se_SACL_AUTO_INHERIT_REQ  =  512
se_DACL_AUTO_INHERITED    :: SECURITY_DESCRIPTOR_CONTROL
se_DACL_AUTO_INHERITED    =  1024
se_SACL_AUTO_INHERITED    :: SECURITY_DESCRIPTOR_CONTROL
se_SACL_AUTO_INHERITED    =  2048
se_DACL_PROTECTED         :: SECURITY_DESCRIPTOR_CONTROL
se_DACL_PROTECTED         =  4096
se_SACL_PROTECTED         :: SECURITY_DESCRIPTOR_CONTROL
se_SACL_PROTECTED         =  8192
se_SELF_RELATIVE          :: SECURITY_DESCRIPTOR_CONTROL
se_SELF_RELATIVE          =  32768

{-# LINE 85 "System\\Win32\\Security.hsc" #-}

newtype ACL = ACL ACL   -- abstract
type PACL = Ptr ACL

newtype SID = SID SID
type PSID = Ptr SID

foreign import WINDOWS_CCONV unsafe "windows.h GetSecurityDescriptorControl"
  c_getSecurityDescriptorControl
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> Ptr SECURITY_DESCRIPTOR_CONTROL -- pControl
    -> LPDWORD -- lpdwRevision
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h GetSecurityDescriptorDacl"
  c_getSecurityDescriptorDacl
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> LPBOOL -- lpbDaclPresent
    -> Ptr PACL -- pDacl
    -> LPBOOL -- lpbDaclDefaulted
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h GetSecurityDescriptorGroup"
  c_getSecurityDescriptorGroup
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> Ptr PSID -- pGroup
    -> LPBOOL -- lpbGroupDefaulted
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h GetSecurityDescriptorLength"
  c_getSecurityDescriptorLength
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> IO DWORD

foreign import WINDOWS_CCONV unsafe "windows.h GetSecurityDescriptorOwner"
  c_getSecurityDescriptorOwner
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> Ptr PSID -- pOwner
    -> LPBOOL -- lpbOwnerDefaulted
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h GetSecurityDescriptorSacl"
  c_getSecurityDescriptorSacl
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> LPBOOL -- lpbSaclPresent
    -> Ptr PACL -- pSacl
    -> LPBOOL -- lpbSaclDefaulted
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h InitializeSecurityDescriptor"
  c_initializeSecurityDescriptor
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> DWORD -- dwRevision
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h IsValidSecurityDescriptor"
  c_isValidSecurityDescriptor
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h SetSecurityDescriptorDacl"
  c_setSecurityDescriptorDacl
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> BOOL -- bDaclPresent
    -> PACL -- pDacl
    -> BOOL -- bDaclDefaulted
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h SetSecurityDescriptorGroup"
  c_setSecurityDescriptorGroup
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> PSID -- pGroup
    -> BOOL -- bGroupDefaulted
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h SetSecurityDescriptorOwner"
  c_setSecurityDescriptorOwner
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> PSID -- pOwner
    -> BOOL -- bOwnerDefaulted
    -> IO BOOL

foreign import WINDOWS_CCONV unsafe "windows.h SetSecurityDescriptorSacl"
  c_setSecurityDescriptorSacl
    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> BOOL -- bSaclPresent
    -> PACL -- pSacl
    -> BOOL -- bSaclDefaulted
    -> IO BOOL

-- ---------------------------------------------------------------------------

-- PGENERIC_MAPPING
-- PPRIVILEGE_SET

type SECURITY_INFORMATION = DWORD

oWNER_SECURITY_INFORMATION  :: SECURITY_INFORMATION
oWNER_SECURITY_INFORMATION  =  1
gROUP_SECURITY_INFORMATION  :: SECURITY_INFORMATION
gROUP_SECURITY_INFORMATION  =  2
dACL_SECURITY_INFORMATION  :: SECURITY_INFORMATION
dACL_SECURITY_INFORMATION  =  4
sACL_SECURITY_INFORMATION  :: SECURITY_INFORMATION
sACL_SECURITY_INFORMATION  =  8

{-# LINE 188 "System\\Win32\\Security.hsc" #-}
-- , pROTECTED_DACL_SECURITY_INFORMATION = PROTECTED_DACL_SECURITY_INFORMATION
-- , pROTECTED_SACL_SECURITY_INFORMATION = PROTECTED_SACL_SECURITY_INFORMATION
-- , uNPROTECTED_DACL_SECURITY_INFORMATION = UNPROTECTED_DACL_SECURITY_INFORMATION
-- , uNPROTECTED_SACL_SECURITY_INFORMATION = UNPROTECTED_SACL_SECURITY_INFORMATION

getFileSecurity
    :: String
    -> SECURITY_INFORMATION
    -> IO SecurityDescriptor
getFileSecurity filename si =
  withTString filename $ \lpFileName ->
  with 0 $ \lpnLengthNeeded -> do
  c_GetFileSecurity lpFileName si nullPtr 0 lpnLengthNeeded
  needed <- peek lpnLengthNeeded
  fpSd <- mallocForeignPtrBytes (fromIntegral needed)
  withForeignPtr fpSd $ \pSd -> do
  failIfFalse_ "getFileSecurity" $
    c_GetFileSecurity lpFileName si pSd needed lpnLengthNeeded
  return (SecurityDescriptor fpSd)

foreign import WINDOWS_CCONV unsafe "windows.h GetFileSecurityW"
  c_GetFileSecurity
    :: LPCWSTR -- lpFileName
    -> SECURITY_INFORMATION -- RequestedInformation
    -> PSECURITY_DESCRIPTOR -- pSecurityDescriptor
    -> DWORD -- nLength
    -> LPDWORD -- lpnLengthNeeded
    -> IO BOOL

--foreign import WINDOWS_CCONV unsafe "windows.h AccessCheck"
--  c_AccessCheck
--    :: PSECURITY_DESCRIPTOR -- pSecurityDescriptor
--    -> HANDLE -- ClientToken
--    -> DWORD -- DesiredAccess
--    -> PGENERIC_MAPPING -- GenericMapping
--    -> PPRIVILEGE_SET -- PrivilegeSet
--    -> LPDWORD -- PrivilegeSetLength
--    -> LPDWORD -- GrantedAccess
--    -> LPBOOL -- AccessStatus
--    -> IO BOOL

-- foreign import WINDOWS_CCONV unsafe "windows.h OpenThreadToken"
--    OpenThreadToken
--      :: HANDLE -- ThreadHandle
--      -> DWORD -- DesiredAccess
--      -> BOOL -- OpenAsSelf
--      -> PHANDLE -- TokenHandle
--      -> IO BOOL