Struct AuditToken 

#[repr(transparent)]
pub struct AuditToken(pub audit_token_t);

Available on macOS only.

A wrapper around an audit_token_t.

Tuple Fields

0: audit_token_t

Implementations

impl AuditToken

Endpoint Security wrappers and test helpers

pub fn from_pid(pid: pid_t) -> Result<Self, kern_return_t>

Available on crate feature audit_token_from_pid only.

Get the AuditToken for the given PID, if it exists.

Endpoint Security does not currently provide a way to get the audit tokens of processes already existing when first connecting a client. However, it is relatively easy to list the PIDs of the current processes. This function therefore enables to bridge this gap.

Errors from the underlying system calls are returned directly. Although it is almost certain that only the catch-all KERN_FAILURE (5) will ever be observed in practice, this should still be useful in order to emphasize that the unexpected case should be accounted for instead of just discarded, for example to then log.

Implementation details

Currently this method is implemented following the method described here, with calls to task_name_for_pid and task_info(_, TASK_AUDIT_TOKEN, _, _) but the first function is marked as obsolete in the header containing it in macOS’s SDK.

Other possibilities could be task_for_pid() or task_inspect_for_pid(). For now, the current implementation is the most backwards and forwards compatible considering task_for_pid() now concretely requires SIP to be disabled, which thus makes it pretty much unusable. If you find a bug/need us to use a more recent method, please signal it.

pub fn raw_token(&self) -> &audit_token_t

Raw underlying audit token.

pub fn auid(&self) -> uid_t

The audit user ID.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

pub fn euid(&self) -> uid_t

The effective user ID.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

pub fn egid(&self) -> gid_t

The effective group ID.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

pub fn ruid(&self) -> uid_t

The real user ID.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

pub fn rgid(&self) -> gid_t

The real group ID.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

pub fn pid(&self) -> pid_t

The process ID.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

pub fn asid(&self) -> au_asid_t

The audit session ID.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

pub fn pidversion(&self) -> i32

The process ID version.

NOTE: Used to identify Mach tasks and senders of Mach messages as subjects of the audit system.

Trait Implementations

impl Clone for AuditToken

fn clone(&self) -> AuditToken

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Copy for AuditToken

impl Debug for AuditToken

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Eq for AuditToken

impl Hash for AuditToken

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl LowerHex for AuditToken

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for AuditToken

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl UpperHex for AuditToken

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.