blob: b84349abe2f7b99a02faf7dd21ee5694dad294d6 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "base/strings/string16.h"
#include "base/values.h"
#include "base/win/windows_types.h"
#include "url/gurl.h"
namespace credential_provider {
// Mdm registry value key name.
// The url used to register the machine to MDM. If specified and non-empty
// additional user access restrictions will be applied to users associated
// to GCPW that have invalid token handles.
extern const wchar_t kRegMdmUrl[];
// Base server url for the password recovery escrow service.
extern const wchar_t kRegMdmEscrowServiceServerUrl[];
// Determines if multiple users can be added to a system managed by MDM.
extern const wchar_t kRegMdmSupportsMultiUser[];
// Allow sign in using normal consumer accounts.
extern const wchar_t kRegMdmAllowConsumerAccounts[];
// Class used in tests to force either a successful on unsuccessful enrollment
// to google MDM.
class GoogleMdmEnrollmentStatusForTesting {
explicit GoogleMdmEnrollmentStatusForTesting(bool success);
// Class used in tests to force enrolled status to google MDM.
class GoogleMdmEnrolledStatusForTesting {
explicit GoogleMdmEnrolledStatusForTesting(bool success);
// Class used in tests to force password escrow service availability when not
// in a Google Chrome build.
class GoogleMdmEscrowServiceEnablerForTesting {
explicit GoogleMdmEscrowServiceEnablerForTesting(bool enable);
// If MdmEnrollmentEnabled returns true, this function verifies that the machine
// is enrolled to MDM AND that the server to which it is enrolled is the same
// as the one specified in |kGlobalMdmUrlRegKey|, otherwise returns false.
bool NeedsToEnrollWithMdm();
// Checks whether the |kRegMdmUrl| is set on this machine and points
// to a valid URL. Returns false otherwise.
bool MdmEnrollmentEnabled();
// Checks whether the |kRegMdmEscrowServiceServerUrl| is not empty on this
// machine.
bool MdmPasswordRecoveryEnabled();
// Gets the escrow service URL as defined in the registry or a default value if
// nothing is set.
GURL MdmEscrowServiceUrl();
// Enrolls the machine to with the Google MDM server if not already.
HRESULT EnrollToGoogleMdmIfNeeded(const base::Value& properties);
} // namespace credential_provider