ホーム › Security.Authorization › AuthzOpenObjectAudit

AuthzOpenObjectAudit

関数

アクセスチェックに伴うオブジェクト監査を実行する。

DLLAUTHZ.dll呼出規約winapiSetLastErrorあり対応OSWindows XP 以降

シグネチャ

// AUTHZ.dll
#include <windows.h>

BOOL AuthzOpenObjectAudit(
    DWORD Flags,
    AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
    AUTHZ_ACCESS_REQUEST* pRequest,
    AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
    PSECURITY_DESCRIPTOR pSecurityDescriptor,
    PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray,   // optional
    DWORD OptionalSecurityDescriptorCount,
    AUTHZ_ACCESS_REPLY* pReply
);

パラメーター

名前	型	方向	説明
Flags	DWORD	in	監査動作を制御するフラグ。0で既定動作。
hAuthzClientContext	AUTHZ_CLIENT_CONTEXT_HANDLE	in	アクセス主体を表すクライアントコンテキストのハンドル。
pRequest	AUTHZ_ACCESS_REQUEST*	in	アクセス要求を保持するAUTHZ_ACCESS_REQUEST構造体へのポインタ。
hAuditEvent	AUTHZ_AUDIT_EVENT_HANDLE	in	監査生成に用いる監査イベントのハンドル。
pSecurityDescriptor	PSECURITY_DESCRIPTOR	in	監査対象のセキュリティ記述子へのポインタ。
OptionalSecurityDescriptorArray	PSECURITY_DESCRIPTOR*	inoptional	結合する追加のセキュリティ記述子の配列へのポインタ。NULL可。
OptionalSecurityDescriptorCount	DWORD	in	OptionalSecurityDescriptorArrayの要素数。
pReply	AUTHZ_ACCESS_REPLY*	in	アクセス判定結果を受け取るAUTHZ_ACCESS_REPLY構造体へのポインタ。

戻り値の型: BOOL

各言語での呼び出し定義

// AUTHZ.dll
#include <windows.h>

BOOL AuthzOpenObjectAudit(
    DWORD Flags,
    AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
    AUTHZ_ACCESS_REQUEST* pRequest,
    AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
    PSECURITY_DESCRIPTOR pSecurityDescriptor,
    PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray,   // optional
    DWORD OptionalSecurityDescriptorCount,
    AUTHZ_ACCESS_REPLY* pReply
);

[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("AUTHZ.dll", SetLastError = true, ExactSpelling = true)]
static extern bool AuthzOpenObjectAudit(
    uint Flags,   // DWORD
    IntPtr hAuthzClientContext,   // AUTHZ_CLIENT_CONTEXT_HANDLE
    IntPtr pRequest,   // AUTHZ_ACCESS_REQUEST*
    IntPtr hAuditEvent,   // AUTHZ_AUDIT_EVENT_HANDLE
    IntPtr pSecurityDescriptor,   // PSECURITY_DESCRIPTOR
    IntPtr OptionalSecurityDescriptorArray,   // PSECURITY_DESCRIPTOR* optional
    uint OptionalSecurityDescriptorCount,   // DWORD
    IntPtr pReply   // AUTHZ_ACCESS_REPLY*
);

<DllImport("AUTHZ.dll", SetLastError:=True, ExactSpelling:=True)>
Public Shared Function AuthzOpenObjectAudit(
    Flags As UInteger,   ' DWORD
    hAuthzClientContext As IntPtr,   ' AUTHZ_CLIENT_CONTEXT_HANDLE
    pRequest As IntPtr,   ' AUTHZ_ACCESS_REQUEST*
    hAuditEvent As IntPtr,   ' AUTHZ_AUDIT_EVENT_HANDLE
    pSecurityDescriptor As IntPtr,   ' PSECURITY_DESCRIPTOR
    OptionalSecurityDescriptorArray As IntPtr,   ' PSECURITY_DESCRIPTOR* optional
    OptionalSecurityDescriptorCount As UInteger,   ' DWORD
    pReply As IntPtr   ' AUTHZ_ACCESS_REPLY*
) As Boolean
End Function

' Flags : DWORD
' hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE
' pRequest : AUTHZ_ACCESS_REQUEST*
' hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE
' pSecurityDescriptor : PSECURITY_DESCRIPTOR
' OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional
' OptionalSecurityDescriptorCount : DWORD
' pReply : AUTHZ_ACCESS_REPLY*
Declare PtrSafe Function AuthzOpenObjectAudit Lib "authz" ( _
    ByVal Flags As Long, _
    ByVal hAuthzClientContext As LongPtr, _
    ByVal pRequest As LongPtr, _
    ByVal hAuditEvent As LongPtr, _
    ByVal pSecurityDescriptor As LongPtr, _
    ByVal OptionalSecurityDescriptorArray As LongPtr, _
    ByVal OptionalSecurityDescriptorCount As Long, _
    ByVal pReply As LongPtr) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。

import ctypes
from ctypes import wintypes

AuthzOpenObjectAudit = ctypes.windll.authz.AuthzOpenObjectAudit
AuthzOpenObjectAudit.restype = wintypes.BOOL
AuthzOpenObjectAudit.argtypes = [
    wintypes.DWORD,  # Flags : DWORD
    wintypes.HANDLE,  # hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE
    ctypes.c_void_p,  # pRequest : AUTHZ_ACCESS_REQUEST*
    wintypes.HANDLE,  # hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE
    wintypes.HANDLE,  # pSecurityDescriptor : PSECURITY_DESCRIPTOR
    ctypes.c_void_p,  # OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional
    wintypes.DWORD,  # OptionalSecurityDescriptorCount : DWORD
    ctypes.c_void_p,  # pReply : AUTHZ_ACCESS_REPLY*
]
# GetLastError: use ctypes.GetLastError() (or ctypes.WinDLL(use_last_error=True))

require 'fiddle'
require 'fiddle/import'

lib = Fiddle.dlopen('AUTHZ.dll')
AuthzOpenObjectAudit = Fiddle::Function.new(
  lib['AuthzOpenObjectAudit'],
  [
    -Fiddle::TYPE_INT,  # Flags : DWORD
    Fiddle::TYPE_VOIDP,  # hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE
    Fiddle::TYPE_VOIDP,  # pRequest : AUTHZ_ACCESS_REQUEST*
    Fiddle::TYPE_VOIDP,  # hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE
    Fiddle::TYPE_VOIDP,  # pSecurityDescriptor : PSECURITY_DESCRIPTOR
    Fiddle::TYPE_VOIDP,  # OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional
    -Fiddle::TYPE_INT,  # OptionalSecurityDescriptorCount : DWORD
    Fiddle::TYPE_VOIDP,  # pReply : AUTHZ_ACCESS_REPLY*
  ],
  Fiddle::TYPE_INT)

#[link(name = "authz")]
extern "system" {
    fn AuthzOpenObjectAudit(
        Flags: u32,  // DWORD
        hAuthzClientContext: *mut core::ffi::c_void,  // AUTHZ_CLIENT_CONTEXT_HANDLE
        pRequest: *mut AUTHZ_ACCESS_REQUEST,  // AUTHZ_ACCESS_REQUEST*
        hAuditEvent: *mut core::ffi::c_void,  // AUTHZ_AUDIT_EVENT_HANDLE
        pSecurityDescriptor: *mut core::ffi::c_void,  // PSECURITY_DESCRIPTOR
        OptionalSecurityDescriptorArray: *mut *mut core::ffi::c_void,  // PSECURITY_DESCRIPTOR* optional
        OptionalSecurityDescriptorCount: u32,  // DWORD
        pReply: *mut AUTHZ_ACCESS_REPLY  // AUTHZ_ACCESS_REPLY*
    ) -> i32;
}
// crates: windows-sys provides ready-made bindings for this API.

$sig = @"
[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("AUTHZ.dll", SetLastError = true)]
public static extern bool AuthzOpenObjectAudit(uint Flags, IntPtr hAuthzClientContext, IntPtr pRequest, IntPtr hAuditEvent, IntPtr pSecurityDescriptor, IntPtr OptionalSecurityDescriptorArray, uint OptionalSecurityDescriptorCount, IntPtr pReply);
"@
$api = Add-Type -MemberDefinition $sig -Name 'AUTHZ_AuthzOpenObjectAudit' -Namespace Win32 -PassThru
# $api::AuthzOpenObjectAudit(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply)

#uselib "AUTHZ.dll"
#func global AuthzOpenObjectAudit "AuthzOpenObjectAudit" sptr, sptr, sptr, sptr, sptr, sptr, sptr, sptr
; AuthzOpenObjectAudit Flags, hAuthzClientContext, varptr(pRequest), hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, varptr(pReply)   ; 戻り値は stat
; Flags : DWORD -> "sptr"
; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "sptr"
; pRequest : AUTHZ_ACCESS_REQUEST* -> "sptr"
; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE -> "sptr"
; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "sptr"
; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "sptr"
; OptionalSecurityDescriptorCount : DWORD -> "sptr"
; pReply : AUTHZ_ACCESS_REPLY* -> "sptr"
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。

出力引数:

#uselib "AUTHZ.dll"
#cfunc global AuthzOpenObjectAudit "AuthzOpenObjectAudit" int, sptr, var, sptr, sptr, sptr, int, var
; res = AuthzOpenObjectAudit(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply)
; Flags : DWORD -> "int"
; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "sptr"
; pRequest : AUTHZ_ACCESS_REQUEST* -> "var"
; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE -> "sptr"
; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "sptr"
; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "sptr"
; OptionalSecurityDescriptorCount : DWORD -> "int"
; pReply : AUTHZ_ACCESS_REPLY* -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。#uselib "AUTHZ.dll"
#cfunc global AuthzOpenObjectAudit "AuthzOpenObjectAudit" int, sptr, sptr, sptr, sptr, sptr, int, sptr
; res = AuthzOpenObjectAudit(Flags, hAuthzClientContext, varptr(pRequest), hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, varptr(pReply))
; Flags : DWORD -> "int"
; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "sptr"
; pRequest : AUTHZ_ACCESS_REQUEST* -> "sptr"
; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE -> "sptr"
; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "sptr"
; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "sptr"
; OptionalSecurityDescriptorCount : DWORD -> "int"
; pReply : AUTHZ_ACCESS_REPLY* -> "sptr"
; ※出力/バッファ引数はポインタ方式(token=sptr / 呼び出しは varptr(変数))。

出力引数:

; BOOL AuthzOpenObjectAudit(DWORD Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_ACCESS_REQUEST* pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray, DWORD OptionalSecurityDescriptorCount, AUTHZ_ACCESS_REPLY* pReply)
#uselib "AUTHZ.dll"
#cfunc global AuthzOpenObjectAudit "AuthzOpenObjectAudit" int, intptr, var, intptr, intptr, intptr, int, var
; res = AuthzOpenObjectAudit(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply)
; Flags : DWORD -> "int"
; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "intptr"
; pRequest : AUTHZ_ACCESS_REQUEST* -> "var"
; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE -> "intptr"
; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "intptr"
; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "intptr"
; OptionalSecurityDescriptorCount : DWORD -> "int"
; pReply : AUTHZ_ACCESS_REPLY* -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。; BOOL AuthzOpenObjectAudit(DWORD Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_ACCESS_REQUEST* pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray, DWORD OptionalSecurityDescriptorCount, AUTHZ_ACCESS_REPLY* pReply)
#uselib "AUTHZ.dll"
#cfunc global AuthzOpenObjectAudit "AuthzOpenObjectAudit" int, intptr, intptr, intptr, intptr, intptr, int, intptr
; res = AuthzOpenObjectAudit(Flags, hAuthzClientContext, varptr(pRequest), hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, varptr(pReply))
; Flags : DWORD -> "int"
; hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "intptr"
; pRequest : AUTHZ_ACCESS_REQUEST* -> "intptr"
; hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE -> "intptr"
; pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "intptr"
; OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "intptr"
; OptionalSecurityDescriptorCount : DWORD -> "int"
; pReply : AUTHZ_ACCESS_REPLY* -> "intptr"
; ※出力/バッファ引数はポインタ方式(token=intptr / 呼び出しは varptr(変数))。

import (
	"golang.org/x/sys/windows"
	"unsafe"
)

var (
	authz = windows.NewLazySystemDLL("AUTHZ.dll")
	procAuthzOpenObjectAudit = authz.NewProc("AuthzOpenObjectAudit")
)

// Flags (DWORD), hAuthzClientContext (AUTHZ_CLIENT_CONTEXT_HANDLE), pRequest (AUTHZ_ACCESS_REQUEST*), hAuditEvent (AUTHZ_AUDIT_EVENT_HANDLE), pSecurityDescriptor (PSECURITY_DESCRIPTOR), OptionalSecurityDescriptorArray (PSECURITY_DESCRIPTOR* optional), OptionalSecurityDescriptorCount (DWORD), pReply (AUTHZ_ACCESS_REPLY*)
r1, _, err := procAuthzOpenObjectAudit.Call(
	uintptr(Flags),
	uintptr(hAuthzClientContext),
	uintptr(pRequest),
	uintptr(hAuditEvent),
	uintptr(pSecurityDescriptor),
	uintptr(OptionalSecurityDescriptorArray),
	uintptr(OptionalSecurityDescriptorCount),
	uintptr(pReply),
)
_ = err  // syscall.Errno (valid when the call sets last-error)
_ = r1   // BOOL

function AuthzOpenObjectAudit(
  Flags: DWORD;   // DWORD
  hAuthzClientContext: THandle;   // AUTHZ_CLIENT_CONTEXT_HANDLE
  pRequest: Pointer;   // AUTHZ_ACCESS_REQUEST*
  hAuditEvent: THandle;   // AUTHZ_AUDIT_EVENT_HANDLE
  pSecurityDescriptor: THandle;   // PSECURITY_DESCRIPTOR
  OptionalSecurityDescriptorArray: Pointer;   // PSECURITY_DESCRIPTOR* optional
  OptionalSecurityDescriptorCount: DWORD;   // DWORD
  pReply: Pointer   // AUTHZ_ACCESS_REPLY*
): BOOL; stdcall;
  external 'AUTHZ.dll' name 'AuthzOpenObjectAudit';

result := DllCall("AUTHZ\AuthzOpenObjectAudit"
    , "UInt", Flags   ; DWORD
    , "Ptr", hAuthzClientContext   ; AUTHZ_CLIENT_CONTEXT_HANDLE
    , "Ptr", pRequest   ; AUTHZ_ACCESS_REQUEST*
    , "Ptr", hAuditEvent   ; AUTHZ_AUDIT_EVENT_HANDLE
    , "Ptr", pSecurityDescriptor   ; PSECURITY_DESCRIPTOR
    , "Ptr", OptionalSecurityDescriptorArray   ; PSECURITY_DESCRIPTOR* optional
    , "UInt", OptionalSecurityDescriptorCount   ; DWORD
    , "Ptr", pReply   ; AUTHZ_ACCESS_REPLY*
    , "Int")   ; return: BOOL

●AuthzOpenObjectAudit(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply) = DLL("AUTHZ.dll", "bool AuthzOpenObjectAudit(dword, void*, void*, void*, void*, void*, dword, void*)")
# 呼び出し: AuthzOpenObjectAudit(Flags, hAuthzClientContext, pRequest, hAuditEvent, pSecurityDescriptor, OptionalSecurityDescriptorArray, OptionalSecurityDescriptorCount, pReply)
# Flags : DWORD -> "dword"
# hAuthzClientContext : AUTHZ_CLIENT_CONTEXT_HANDLE -> "void*"
# pRequest : AUTHZ_ACCESS_REQUEST* -> "void*"
# hAuditEvent : AUTHZ_AUDIT_EVENT_HANDLE -> "void*"
# pSecurityDescriptor : PSECURITY_DESCRIPTOR -> "void*"
# OptionalSecurityDescriptorArray : PSECURITY_DESCRIPTOR* optional -> "void*"
# OptionalSecurityDescriptorCount : DWORD -> "dword"
# pReply : AUTHZ_ACCESS_REPLY* -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。