blob: 2b61aecc74b609e69a94bbbe3009c8882f5bc9f8 [file] [log] [blame]
// Copyright 2017 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef AUTHPOLICY_PATH_SERVICE_H_
#define AUTHPOLICY_PATH_SERVICE_H_
#include <map>
#include <string>
#include <base/macros.h>
namespace authpolicy {
enum class Path {
// Invalid path, not set, triggers a DCHECK in PathService::Get().
INVALID,
// Base directories.
TEMP_DIR, // Files here are wiped on authpolicyd restart.
STATE_DIR, // Files here are persistent and globally accessible.
RUN_DIR, // Files here are wiped on reboot.
DAEMON_STORE_DIR, // Files here are persistent in the user's cryptohome and
// hence accessible only for the logged-in user.
// Samba directories.
SAMBA_DIR,
SAMBA_LOCK_DIR,
SAMBA_CACHE_DIR,
SAMBA_STATE_DIR,
SAMBA_PRIVATE_DIR,
GPO_LOCAL_DIR, // Location of downloaded GPOs.
// Configuration files.
CONFIG_DAT, // Authpolicy configuration.
USER_SMB_CONF, // Samba configuration for user account.
DEVICE_SMB_CONF, // Samba configuration for device/machine account.
USER_KRB5_CONF, // Kerberos configuration for user account.
DEVICE_KRB5_CONF, // Kerberos configuration for device/machine account.
// Credential cache paths.
USER_CREDENTIAL_CACHE,
DEVICE_CREDENTIAL_CACHE,
// Machine credentials. Authpolicy uses EITHER password OR keytab. Newly
// enrolled devices use passwords, older devices use keytabs.
MACHINE_PASS, // Current machine password.
PREV_MACHINE_PASS, // Previous machine password.
NEW_MACHINE_PASS, // New machine password.
MACHINE_KEYTAB, // Kerberos machine keytab file.
// Files that are wiped on reboot.
FLAGS_DEFAULT_LEVEL, // File with flags default level (as integer), see
// AuthPolicyFlags::DefaultLevel.
AUTH_DATA_CACHE, // Cached authentication data.
// Samba/Kerberos/parser executables.
KINIT,
KLIST,
KPASSWD,
NET,
SMBCLIENT,
PARSER,
// Seccomp filter policies.
KINIT_SECCOMP,
KLIST_SECCOMP,
KPASSWD_SECCOMP,
NET_ADS_SECCOMP,
PARSER_SECCOMP,
SMBCLIENT_SECCOMP,
// Misc.
DEBUG_FLAGS, // File with debug flags, see AuthPolicyFlags.
KRB5_TRACE, // kinit and kpasswd trace log.
};
// Simple path service.
class PathService {
public:
// Calls Initialize().
PathService();
virtual ~PathService();
// Retrieves the file or directory path for the given |path_key|.
const std::string& Get(Path path_key) const;
protected:
// Calls Initialize() if |initialize| is true.
explicit PathService(bool initialize);
// Should be called at some point during construction to initialize all paths.
// Derived classes can override paths by specifying a constuctor that calls
// PathService(false), inserts paths and then calls Initialize() to initialize
// paths not set yet.
void Initialize();
// Inserts |path| at key |path_key| into |path_map_| if the key is not
// already set.
void Insert(Path path_key, const std::string& path);
private:
std::map<Path, std::string> paths_;
DISALLOW_COPY_AND_ASSIGN(PathService);
};
} // namespace authpolicy
#endif // AUTHPOLICY_PATH_SERVICE_H_