endpoint_sec/event/event_od_attribute_value_remove.rs
1//! [`EventOdAttributeValueRemove`]
2
3use std::ffi::OsStr;
4
5use endpoint_sec_sys::{es_event_od_attribute_value_remove_t, es_od_record_type_t};
6
7use crate::{AuditToken, Process};
8
9/// Notification that an attribute value was removed to a record.
10///
11/// Attributes conceptually have the type `Map String (Set String)`.
12/// Each OD record has a Map of attribute name to Set of attribute value.
13/// When an attribute value is removed, it is inserted into the set of values for that name.
14///
15/// Removing a value that was never added is a no-op.
16#[doc(alias = "es_event_od_attribute_value_remove_t")]
17pub struct EventOdAttributeValueRemove<'a> {
18 /// The raw reference.
19 pub(crate) raw: &'a es_event_od_attribute_value_remove_t,
20 /// The version of the message.
21 pub(crate) version: u32,
22}
23
24impl<'a> EventOdAttributeValueRemove<'a> {
25 /// Process that instigated operation (XPC caller).
26 #[inline(always)]
27 pub fn instigator(&self) -> Option<Process<'a>> {
28 // Safety: 'a tied to self, object obtained through ES
29 let process = unsafe { self.raw.instigator()? };
30 Some(Process::new(process, self.version))
31 }
32
33 /// Audit token of the process that instigated this event.
34 pub fn instigator_token(&self) -> AuditToken {
35 #[cfg(feature = "macos_15_0_0")]
36 if self.version >= 8 {
37 return AuditToken(self.raw.instigator_token);
38 }
39
40 // On old versions, the process was always non-null, and we can get
41 // its token easily.
42 self.instigator().unwrap().audit_token()
43 }
44
45 /// Result code for the operation.
46 #[inline(always)]
47 pub fn error_code(&self) -> i32 {
48 self.raw.error_code
49 }
50 /// The type of the record to which the attribute value was removed.
51 #[inline(always)]
52 pub fn record_type(&self) -> es_od_record_type_t {
53 self.raw.record_type
54 }
55
56 /// The name of the record to which the attribute value was removed.
57 #[inline(always)]
58 pub fn record_name(&self) -> &'a OsStr {
59 // Safety: 'a tied to self, object obtained through ES
60 unsafe { self.raw.record_name.as_os_str() }
61 }
62
63 /// The name of the attribute to which the value was removed.
64 #[inline(always)]
65 pub fn attribute_name(&self) -> &'a OsStr {
66 // Safety: 'a tied to self, object obtained through ES
67 unsafe { self.raw.attribute_name.as_os_str() }
68 }
69
70 /// The value that was removed.
71 #[inline(always)]
72 pub fn attribute_value(&self) -> &'a OsStr {
73 // Safety: 'a tied to self, object obtained through ES
74 unsafe { self.raw.attribute_value.as_os_str() }
75 }
76
77 /// OD node being mutated.
78 ///
79 /// Typically one of "/Local/Default", "/LDAPv3/<server>" or "/Active Directory/<domain>".
80 #[inline(always)]
81 pub fn node_name(&self) -> &'a OsStr {
82 // Safety: 'a tied to self, object obtained through ES
83 unsafe { self.raw.node_name.as_os_str() }
84 }
85
86 /// Optional. If node_name is "/Local/Default", this is, the path of the database against which
87 /// OD is authenticating.
88 #[inline(always)]
89 pub fn db_path(&self) -> Option<&'a OsStr> {
90 if self.node_name() == OsStr::new("/Local/Default") {
91 // Safety: 'a tied to self, object obtained through ES
92 Some(unsafe { self.raw.db_path.as_os_str() })
93 } else {
94 None
95 }
96 }
97}
98
99// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
100unsafe impl Send for EventOdAttributeValueRemove<'_> {}
101// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
102unsafe impl Sync for EventOdAttributeValueRemove<'_> {}
103
104impl_debug_eq_hash_with_functions!(EventOdAttributeValueRemove<'a> with version; instigator, instigator_token, error_code, record_type, record_name, attribute_name, attribute_value, node_name, db_path);