ホーム › Security.Authorization › AuthzAccessCheck
AuthzAccessCheck
関数クライアントコンテキストに対しセキュリティ記述子へのアクセス可否を判定する。
シグネチャ
// AUTHZ.dll
#include <windows.h>
BOOL AuthzAccessCheck(
AUTHZ_ACCESS_CHECK_FLAGS Flags,
AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
AUTHZ_ACCESS_REQUEST* pRequest,
AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, // optional
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray, // optional
DWORD OptionalSecurityDescriptorCount,
AUTHZ_ACCESS_REPLY* pReply,
AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* phAccessCheckResults // optional
);パラメーター
| 名前 | 型 | 方向 |
|---|---|---|
| Flags | AUTHZ_ACCESS_CHECK_FLAGS | in |
| hAuthzClientContext | AUTHZ_CLIENT_CONTEXT_HANDLE | in |
| pRequest | AUTHZ_ACCESS_REQUEST* | in |
| hAuditEvent | AUTHZ_AUDIT_EVENT_HANDLE | inoptional |
| pSecurityDescriptor | PSECURITY_DESCRIPTOR | in |
| OptionalSecurityDescriptorArray | PSECURITY_DESCRIPTOR* | inoptional |
| OptionalSecurityDescriptorCount | DWORD | in |
| pReply | AUTHZ_ACCESS_REPLY* | inout |
| phAccessCheckResults | AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* | outoptional |
戻り値の型: BOOL
各言語での呼び出し定義
// AUTHZ.dll
#include <windows.h>
BOOL AuthzAccessCheck(
AUTHZ_ACCESS_CHECK_FLAGS Flags,
AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
AUTHZ_ACCESS_REQUEST* pRequest,
AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, // optional
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray, // optional
DWORD OptionalSecurityDescriptorCount,
AUTHZ_ACCESS_REPLY* pReply,
AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* phAccessCheckResults // optional
);[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("AUTHZ.dll", SetLastError = true, ExactSpelling = true)]
static extern bool AuthzAccessCheck(
uint Flags, // AUTHZ_ACCESS_CHECK_FLAGS
IntPtr hAuthzClientContext, // AUTHZ_CLIENT_CONTEXT_HANDLE
IntPtr pRequest, // AUTHZ_ACCESS_REQUEST*
IntPtr hAuditEvent, // AUTHZ_AUDIT_EVENT_HANDLE optional
IntPtr pSecurityDescriptor, // PSECURITY_DESCRIPTOR
IntPtr OptionalSecurityDescriptorArray, // PSECURITY_DESCRIPTOR* optional
uint OptionalSecurityDescriptorCount, // DWORD
IntPtr pReply, // AUTHZ_ACCESS_REPLY* in/out
IntPtr phAccessCheckResults // AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
);<DllImport("AUTHZ.dll", SetLastError:=True, ExactSpelling:=True)>
Public Shared Function AuthzAccessCheck(
Flags As UInteger, ' AUTHZ_ACCESS_CHECK_FLAGS
hAuthzClientContext As IntPtr, ' AUTHZ_CLIENT_CONTEXT_HANDLE
pRequest As IntPtr, ' AUTHZ_ACCESS_REQUEST*
hAuditEvent As IntPtr, ' AUTHZ_AUDIT_EVENT_HANDLE optional
pSecurityDescriptor As IntPtr, ' PSECURITY_DESCRIPTOR
OptionalSecurityDescriptorArray As IntPtr, ' PSECURITY_DESCRIPTOR* optional
OptionalSecurityDescriptorCount As UInteger, ' DWORD
pReply As IntPtr, ' AUTHZ_ACCESS_REPLY* in/out
phAccessCheckResults As IntPtr ' AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
) As Boolean
End Function' Flags : AUTHZ_ACCESS_CHECK_FLAGS
' hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE
' pRequest : AUTHZ_ACCESS_REQUEST*
' hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional
' pSecurityDescriptor : PSECURITY_DESCRIPTOR
' OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional
' OptionalSecurityDescriptorCount : DWORD
' pReply : AUTHZ_ACCESS_REPLY* in/out
' phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
Declare PtrSafe Function AuthzAccessCheck Lib "authz" ( _
ByVal Flags As Long, _
ByVal hAuthzClientContext As LongPtr, _
ByVal pRequest As LongPtr, _
ByVal hAuditEvent As LongPtr, _
ByVal pSecurityDescriptor As LongPtr, _
ByVal OptionalSecurityDescriptorArray As LongPtr, _
ByVal OptionalSecurityDescriptorCount As Long, _
ByVal pReply As LongPtr, _
ByVal phAccessCheckResults As LongPtr) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。import ctypes
from ctypes import wintypes
AuthzAccessCheck = ctypes.windll.authz.AuthzAccessCheck
AuthzAccessCheck.restype = wintypes.BOOL
AuthzAccessCheck.argtypes = [
wintypes.DWORD, # Flags : AUTHZ_ACCESS_CHECK_FLAGS
wintypes.HANDLE, # hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE
ctypes.c_void_p, # pRequest : AUTHZ_ACCESS_REQUEST*
wintypes.HANDLE, # hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional
wintypes.HANDLE, # pSecurityDescriptor : PSECURITY_DESCRIPTOR
ctypes.c_void_p, # OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional
wintypes.DWORD, # OptionalSecurityDescriptorCount : DWORD
ctypes.c_void_p, # pReply : AUTHZ_ACCESS_REPLY* in/out
ctypes.c_void_p, # phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
]
# GetLastError: use ctypes.GetLastError() (or ctypes.WinDLL(use_last_error=True))require 'fiddle'
require 'fiddle/import'
lib = Fiddle.dlopen('AUTHZ.dll')
AuthzAccessCheck = Fiddle::Function.new(
lib['AuthzAccessCheck'],
[
-Fiddle::TYPE_INT, # Flags : AUTHZ_ACCESS_CHECK_FLAGS
Fiddle::TYPE_VOIDP, # hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE
Fiddle::TYPE_VOIDP, # pRequest : AUTHZ_ACCESS_REQUEST*
Fiddle::TYPE_VOIDP, # hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional
Fiddle::TYPE_VOIDP, # pSecurityDescriptor : PSECURITY_DESCRIPTOR
Fiddle::TYPE_VOIDP, # OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional
-Fiddle::TYPE_INT, # OptionalSecurityDescriptorCount : DWORD
Fiddle::TYPE_VOIDP, # pReply : AUTHZ_ACCESS_REPLY* in/out
Fiddle::TYPE_VOIDP, # phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
],
Fiddle::TYPE_INT)#[link(name = "authz")]
extern "system" {
fn AuthzAccessCheck(
Flags: u32, // AUTHZ_ACCESS_CHECK_FLAGS
hAuthzClientContext: *mut core::ffi::c_void, // AUTHZ_CLIENT_CONTEXT_HANDLE
pRequest: *mut AUTHZ_ACCESS_REQUEST, // AUTHZ_ACCESS_REQUEST*
hAuditEvent: *mut core::ffi::c_void, // AUTHZ_AUDIT_EVENT_HANDLE optional
pSecurityDescriptor: *mut core::ffi::c_void, // PSECURITY_DESCRIPTOR
OptionalSecurityDescriptorArray: *mut *mut core::ffi::c_void, // PSECURITY_DESCRIPTOR* optional
OptionalSecurityDescriptorCount: u32, // DWORD
pReply: *mut AUTHZ_ACCESS_REPLY, // AUTHZ_ACCESS_REPLY* in/out
phAccessCheckResults: *mut *mut core::ffi::c_void // AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
) -> i32;
}
// crates: windows-sys provides ready-made bindings for this API.$sig = @"
[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("AUTHZ.dll", SetLastError = true)]
public static extern bool AuthzAccessCheck(uint Flags, IntPtr hAuthzClientContext, IntPtr pRequest, IntPtr hAuditEvent, IntPtr pSecurityDescriptor, IntPtr OptionalSecurityDescriptorArray, uint OptionalSecurityDescriptorCount, IntPtr pReply, IntPtr phAccessCheckResults);
"@
$api = Add-Type -MemberDefinition $sig -Name 'AUTHZ_AuthzAccessCheck' -Namespace Win32 -PassThru
# $api::AuthzAccessCheck(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply, phAccessCheckResults)#uselib "AUTHZ.dll"
#func global AuthzAccessCheck "AuthzAccessCheck" sptr, sptr, sptr, sptr, sptr, sptr, sptr, sptr, sptr
; AuthzAccessCheck Flags, hAuthzClientContext, varptr(pRequest), hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, varptr(pReply), phAccessCheckResults ; 戻り値は stat
; Flags : AUTHZ_ACCESS_CHECK_FLAGS -> "sptr"
; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "sptr"
; pRequest : AUTHZ_ACCESS_REQUEST* -> "sptr"
; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional -> "sptr"
; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "sptr"
; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "sptr"
; OptionalSecurityDescriptorCount : DWORD -> "sptr"
; pReply : AUTHZ_ACCESS_REPLY* in/out -> "sptr"
; phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out -> "sptr"
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。出力引数:
#uselib "AUTHZ.dll" #cfunc global AuthzAccessCheck "AuthzAccessCheck" int, sptr, var, sptr, sptr, sptr, int, var, sptr ; res = AuthzAccessCheck(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply, phAccessCheckResults) ; Flags : AUTHZ_ACCESS_CHECK_FLAGS -> "int" ; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "sptr" ; pRequest : AUTHZ_ACCESS_REQUEST* -> "var" ; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional -> "sptr" ; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "sptr" ; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "sptr" ; OptionalSecurityDescriptorCount : DWORD -> "int" ; pReply : AUTHZ_ACCESS_REPLY* in/out -> "var" ; phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out -> "sptr" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。#uselib "AUTHZ.dll" #cfunc global AuthzAccessCheck "AuthzAccessCheck" int, sptr, sptr, sptr, sptr, sptr, int, sptr, sptr ; res = AuthzAccessCheck(Flags, hAuthzClientContext, varptr(pRequest), hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, varptr(pReply), phAccessCheckResults) ; Flags : AUTHZ_ACCESS_CHECK_FLAGS -> "int" ; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "sptr" ; pRequest : AUTHZ_ACCESS_REQUEST* -> "sptr" ; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional -> "sptr" ; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "sptr" ; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "sptr" ; OptionalSecurityDescriptorCount : DWORD -> "int" ; pReply : AUTHZ_ACCESS_REPLY* in/out -> "sptr" ; phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out -> "sptr" ; ※出力/バッファ引数はポインタ方式(token=sptr / 呼び出しは varptr(変数))。
出力引数:
; BOOL AuthzAccessCheck(AUTHZ_ACCESS_CHECK_FLAGS Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_ACCESS_REQUEST* pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray, DWORD OptionalSecurityDescriptorCount, AUTHZ_ACCESS_REPLY* pReply, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* phAccessCheckResults) #uselib "AUTHZ.dll" #cfunc global AuthzAccessCheck "AuthzAccessCheck" int, intptr, var, intptr, intptr, intptr, int, var, intptr ; res = AuthzAccessCheck(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply, phAccessCheckResults) ; Flags : AUTHZ_ACCESS_CHECK_FLAGS -> "int" ; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "intptr" ; pRequest : AUTHZ_ACCESS_REQUEST* -> "var" ; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional -> "intptr" ; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "intptr" ; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "intptr" ; OptionalSecurityDescriptorCount : DWORD -> "int" ; pReply : AUTHZ_ACCESS_REPLY* in/out -> "var" ; phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out -> "intptr" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。; BOOL AuthzAccessCheck(AUTHZ_ACCESS_CHECK_FLAGS Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_ACCESS_REQUEST* pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray, DWORD OptionalSecurityDescriptorCount, AUTHZ_ACCESS_REPLY* pReply, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* phAccessCheckResults) #uselib "AUTHZ.dll" #cfunc global AuthzAccessCheck "AuthzAccessCheck" int, intptr, intptr, intptr, intptr, intptr, int, intptr, intptr ; res = AuthzAccessCheck(Flags, hAuthzClientContext, varptr(pRequest), hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, varptr(pReply), phAccessCheckResults) ; Flags : AUTHZ_ACCESS_CHECK_FLAGS -> "int" ; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "intptr" ; pRequest : AUTHZ_ACCESS_REQUEST* -> "intptr" ; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional -> "intptr" ; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "intptr" ; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "intptr" ; OptionalSecurityDescriptorCount : DWORD -> "int" ; pReply : AUTHZ_ACCESS_REPLY* in/out -> "intptr" ; phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out -> "intptr" ; ※出力/バッファ引数はポインタ方式(token=intptr / 呼び出しは varptr(変数))。
import (
"golang.org/x/sys/windows"
"unsafe"
)
var (
authz = windows.NewLazySystemDLL("AUTHZ.dll")
procAuthzAccessCheck = authz.NewProc("AuthzAccessCheck")
)
// Flags (AUTHZ_ACCESS_CHECK_FLAGS), hAuthzClientContext (AUTHZ_CLIENT_CONTEXT_HANDLE), pRequest (AUTHZ_ACCESS_REQUEST*), hAuditEvent (AUTHZ_AUDIT_EVENT_HANDLE optional), pSecurityDescriptor (PSECURITY_DESCRIPTOR), OptionalSecurityDescriptorArray (PSECURITY_DESCRIPTOR* optional), OptionalSecurityDescriptorCount (DWORD), pReply (AUTHZ_ACCESS_REPLY* in/out), phAccessCheckResults (AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out)
r1, _, err := procAuthzAccessCheck.Call(
uintptr(Flags),
uintptr(hAuthzClientContext),
uintptr(pRequest),
uintptr(hAuditEvent),
uintptr(pSecurityDescriptor),
uintptr(OptionalSecurityDescriptorArray),
uintptr(OptionalSecurityDescriptorCount),
uintptr(pReply),
uintptr(phAccessCheckResults),
)
_ = err // syscall.Errno (valid when the call sets last-error)
_ = r1 // BOOLfunction AuthzAccessCheck(
Flags: DWORD; // AUTHZ_ACCESS_CHECK_FLAGS
hAuthzClientContext: THandle; // AUTHZ_CLIENT_CONTEXT_HANDLE
pRequest: Pointer; // AUTHZ_ACCESS_REQUEST*
hAuditEvent: THandle; // AUTHZ_AUDIT_EVENT_HANDLE optional
pSecurityDescriptor: THandle; // PSECURITY_DESCRIPTOR
OptionalSecurityDescriptorArray: Pointer; // PSECURITY_DESCRIPTOR* optional
OptionalSecurityDescriptorCount: DWORD; // DWORD
pReply: Pointer; // AUTHZ_ACCESS_REPLY* in/out
phAccessCheckResults: Pointer // AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
): BOOL; stdcall;
external 'AUTHZ.dll' name 'AuthzAccessCheck';result := DllCall("AUTHZ\AuthzAccessCheck"
, "UInt", Flags ; AUTHZ_ACCESS_CHECK_FLAGS
, "Ptr", hAuthzClientContext ; AUTHZ_CLIENT_CONTEXT_HANDLE
, "Ptr", pRequest ; AUTHZ_ACCESS_REQUEST*
, "Ptr", hAuditEvent ; AUTHZ_AUDIT_EVENT_HANDLE optional
, "Ptr", pSecurityDescriptor ; PSECURITY_DESCRIPTOR
, "Ptr", OptionalSecurityDescriptorArray ; PSECURITY_DESCRIPTOR* optional
, "UInt", OptionalSecurityDescriptorCount ; DWORD
, "Ptr", pReply ; AUTHZ_ACCESS_REPLY* in/out
, "Ptr", phAccessCheckResults ; AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out
, "Int") ; return: BOOL●AuthzAccessCheck(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply, phAccessCheckResults) = DLL("AUTHZ.dll", "bool AuthzAccessCheck(dword, void*, void*, void*, void*, void*, dword, void*, void*)")
# 呼び出し: AuthzAccessCheck(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply, phAccessCheckResults)
# Flags : AUTHZ_ACCESS_CHECK_FLAGS -> "dword"
# hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "void*"
# pRequest : AUTHZ_ACCESS_REQUEST* -> "void*"
# hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE optional -> "void*"
# pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "void*"
# OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "void*"
# OptionalSecurityDescriptorCount : DWORD -> "dword"
# pReply : AUTHZ_ACCESS_REPLY* in/out -> "void*"
# phAccessCheckResults : AUTHZ_ACCESS_CHECK_RESULTS_HANDLE* optional, out -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。