CBFS Filter 2020 Delphi Edition

Questions / Feedback?

AfterGetFileSecurity Event

Fires after a file or directory's security attributes are retrieved.


type TAfterGetFileSecurityEvent = procedure (
  Sender: TObject;
  const FileName: String;
  SecurityInformation: Integer;
  SecurityDescriptor: Pointer;
  Length: Integer;
  var LengthNeeded: Integer;
  var Status: Integer;
  var FileContext: Pointer;
  var HandleContext: Pointer;
  var ResultCode: Integer
) of Object;

property OnAfterGetFileSecurity: TAfterGetFileSecurityEvent read FOnAfterGetFileSecurity write FOnAfterGetFileSecurity;


This event fires after security attributes are retrieved for the file or directory specified by FileName.

Note that this event will not fire every time a file or directory is accessed. To check file security upon each access to a file or directory, implement the file create and open events and perform the necessary checks there instead.

Applications only need to handle this event if they've added a standard filter rule that includes the FS_CE_AFTER_GET_SECURITY flag.

The SecurityInformation parameter indicates which pieces of security information were requested. Please refer to Microsoft's SECURITY_INFORMATION data type documentation for more information about possible values.

The SecurityDescriptor parameter points to a memory buffer that, if the request was successful, contains the requested security information. The Length parameter reflects the length of this data, in bytes. Please refer to the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The data itself is formatted as a SECURITY_DESCRIPTOR structure in self-relative format; please refer to the Microsoft's documentation for more information.

Applications that wish to modify the security information may do so by replacing the data in the SecurityDescriptor buffer. If the current Length is too small to accommodate the new security information, set LengthNeeded to the number of bytes necessary to hold the data, and return the ERROR_INSUFFICIENT_BUFFER error code via ResultCode.

The Status parameter contains an NT status code that indicates the outcome of the operation; 0 indicates success. To convert this value to a Win32 error code, call the NtStatusToWin32Error method. Please note that this event won't fire for failed requests unless the ProcessFailedRequests property is enabled. Applications may change this parameter's value if they want a different NT status code to be returned.

The FileContext and HandleContext parameters are placeholders for application-defined data associated with the file and specific handle, respectively. Please refer to the Contexts topic for more information.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource isn't available, security checks failed, etc.), set it to a non-zero value to report an appropriate error. Please refer to the Error Reporting and Handling topic for more information.

This event is fired synchronously; please refer to the Event Types topic for more information.

Copyright (c) 2022 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 Delphi Edition - Version 20.0 [Build 8047]