Skip to main content

endpoint_sec/event/
event_od_create_user.rs

1//! [`EventOdCreateUser`]
2
3use std::ffi::OsStr;
4
5use endpoint_sec_sys::es_event_od_create_user_t;
6
7use crate::{AuditToken, Process};
8
9/// Notification that a user account was created.
10#[doc(alias = "es_event_od_create_user_t")]
11pub struct EventOdCreateUser<'a> {
12    /// The raw reference.
13    pub(crate) raw: &'a es_event_od_create_user_t,
14    /// The version of the message.
15    pub(crate) version: u32,
16}
17
18impl<'a> EventOdCreateUser<'a> {
19    /// Process that instigated operation (XPC caller).
20    #[inline(always)]
21    pub fn instigator(&self) -> Option<Process<'a>> {
22        // Safety: 'a tied to self, object obtained through ES
23        let process = unsafe { self.raw.instigator()? };
24        Some(Process::new(process, self.version))
25    }
26
27    /// Audit token of the process that instigated this event.
28    pub fn instigator_token(&self) -> AuditToken {
29        #[cfg(feature = "macos_15_0_0")]
30        if self.version >= 8 {
31            return AuditToken(self.raw.instigator_token);
32        }
33
34        // On old versions, the process was always non-null, and we can get
35        // its token easily.
36        self.instigator().unwrap().audit_token()
37    }
38
39    /// Result code for the operation.
40    #[inline(always)]
41    pub fn error_code(&self) -> i32 {
42        self.raw.error_code
43    }
44
45    /// The name of the user account that was created.
46    #[inline(always)]
47    pub fn user_name(&self) -> &'a OsStr {
48        // Safety: 'a tied to self, object obtained through ES
49        unsafe { self.raw.user_name.as_os_str() }
50    }
51
52    /// OD node being mutated.
53    ///
54    /// Typically one of "/Local/Default", "/LDAPv3/<server>" or "/Active Directory/<domain>".
55    #[inline(always)]
56    pub fn node_name(&self) -> &'a OsStr {
57        // Safety: 'a tied to self, object obtained through ES
58        unsafe { self.raw.node_name.as_os_str() }
59    }
60
61    /// Optional. If node_name is "/Local/Default", this is, the path of the database against which
62    /// OD is authenticating.
63    #[inline(always)]
64    pub fn db_path(&self) -> Option<&'a OsStr> {
65        if self.node_name() == OsStr::new("/Local/Default") {
66            // Safety: 'a tied to self, object obtained through ES
67            Some(unsafe { self.raw.db_path.as_os_str() })
68        } else {
69            None
70        }
71    }
72}
73
74// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
75unsafe impl Send for EventOdCreateUser<'_> {}
76// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
77unsafe impl Sync for EventOdCreateUser<'_> {}
78
79impl_debug_eq_hash_with_functions!(EventOdCreateUser<'a> with version; instigator, instigator_token, error_code, user_name, node_name, db_path);