Skip to main content

endpoint_sec/event/
event_od_group_add.rs

1//! [`EventOdGroupAdd`]
2
3use std::ffi::OsStr;
4
5use endpoint_sec_sys::{es_event_od_group_add_t, es_od_member_id_t, es_od_member_id_t_anon0, es_od_member_type_t};
6
7use crate::{AuditToken, Process};
8
9/// Notification that a member was added to a group.
10///
11/// This event does not indicate that a member was actually added. For example when adding a user
12/// to a group they are already a member of.
13#[doc(alias = "es_event_od_group_add_t")]
14pub struct EventOdGroupAdd<'a> {
15    /// The raw reference.
16    pub(crate) raw: &'a es_event_od_group_add_t,
17    /// The version of the message.
18    pub(crate) version: u32,
19}
20
21impl<'a> EventOdGroupAdd<'a> {
22    /// Process that instigated operation (XPC caller).
23    #[inline(always)]
24    pub fn instigator(&self) -> Option<Process<'a>> {
25        // Safety: 'a tied to self, object obtained through ES
26        let process = unsafe { self.raw.instigator()? };
27        Some(Process::new(process, self.version))
28    }
29
30    /// Audit token of the process that instigated this event.
31    pub fn instigator_token(&self) -> AuditToken {
32        #[cfg(feature = "macos_15_0_0")]
33        if self.version >= 8 {
34            return AuditToken(self.raw.instigator_token);
35        }
36
37        // On old versions, the process was always non-null, and we can get
38        // its token easily.
39        self.instigator().unwrap().audit_token()
40    }
41
42    /// Result code for the operation.
43    #[inline(always)]
44    pub fn error_code(&self) -> i32 {
45        self.raw.error_code
46    }
47
48    /// The group to which the member was added.
49    #[inline(always)]
50    pub fn group_name(&self) -> &'a OsStr {
51        // Safety: 'a tied to self, object obtained through ES
52        unsafe { self.raw.group_name.as_os_str() }
53    }
54
55    /// The identity of the member added.
56    #[inline(always)]
57    pub fn member(&self) -> OdMemberId<'a> {
58        OdMemberId {
59            // Safety: 'a tied to self, object obtained through ES
60            raw: unsafe { self.raw.member.as_ref() },
61        }
62    }
63
64    /// OD node being mutated.
65    ///
66    /// Typically one of "/Local/Default", "/LDAPv3/<server>" or "/Active Directory/<domain>".
67    #[inline(always)]
68    pub fn node_name(&self) -> &'a OsStr {
69        // Safety: 'a tied to self, object obtained through ES
70        unsafe { self.raw.node_name.as_os_str() }
71    }
72
73    /// Optional. If node_name is "/Local/Default", this is, the path of the database against which
74    /// OD is authenticating.
75    #[inline(always)]
76    pub fn db_path(&self) -> Option<&'a OsStr> {
77        if self.node_name() == OsStr::new("/Local/Default") {
78            // Safety: 'a tied to self, object obtained through ES
79            Some(unsafe { self.raw.db_path.as_os_str() })
80        } else {
81            None
82        }
83    }
84}
85
86// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
87unsafe impl Send for EventOdGroupAdd<'_> {}
88// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
89unsafe impl Sync for EventOdGroupAdd<'_> {}
90
91impl_debug_eq_hash_with_functions!(EventOdGroupAdd<'a> with version; instigator, instigator_token, error_code, group_name, member, node_name, db_path);
92
93/// The identity of a group member
94#[doc(alias = "es_od_member_id_t")]
95pub struct OdMemberId<'a> {
96    /// The raw reference.
97    pub(crate) raw: &'a es_od_member_id_t,
98}
99
100impl<'a> OdMemberId<'a> {
101    /// Indicates the type of the member, and how it is identified.
102    #[inline(always)]
103    pub fn member_type(&self) -> es_od_member_type_t {
104        self.raw.member_type
105    }
106
107    /// The member identity, as its raw value.
108    #[inline(always)]
109    pub fn raw_member_value(&self) -> &'a es_od_member_id_t_anon0 {
110        &self.raw.member_value
111    }
112
113    /// The member identity.
114    #[inline(always)]
115    pub fn member_value(&self) -> Option<OdMemberIdValue<'a>> {
116        // Safety in general: we check against the 'member_type' before accessing the union
117        let res = match self.member_type() {
118            es_od_member_type_t::ES_OD_MEMBER_TYPE_USER_UUID => {
119                // Safety: 'a tied to self, object obtained through ES
120                OdMemberIdValue::UserUuid(unsafe { self.raw.member_value.uuid })
121            },
122            es_od_member_type_t::ES_OD_MEMBER_TYPE_GROUP_UUID => {
123                // Safety: 'a tied to self, object obtained through ES
124                OdMemberIdValue::GroupUuid(unsafe { self.raw.member_value.uuid })
125            },
126            es_od_member_type_t::ES_OD_MEMBER_TYPE_USER_NAME => {
127                // Safety: 'a tied to self, object obtained through ES
128                OdMemberIdValue::UserName(unsafe { self.raw.member_value.name.as_os_str() })
129            },
130            _ => return None,
131        };
132
133        Some(res)
134    }
135}
136
137// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
138unsafe impl Send for OdMemberId<'_> {}
139
140impl_debug_eq_hash_with_functions!(OdMemberId<'a>; member_type, member_value);
141
142/// A member identity.
143#[derive(Debug, PartialEq, Eq, Hash)]
144#[non_exhaustive]
145pub enum OdMemberIdValue<'a> {
146    /// Group member is a user, designated by name
147    UserName(&'a OsStr),
148    /// Group member is a user, designated by UUID
149    UserUuid(libc::uuid_t),
150    /// Group member is another group, designated by UUID
151    GroupUuid(libc::uuid_t),
152}
153
154// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
155unsafe impl Send for OdMemberIdValue<'_> {}