AnyConnect Secure Mobility Client  4.8.02045
GlobalEnums.h
1 /*******************************************************************************
2 * COPYRIGHT 2007 - Cisco Systems
3 * All Rights Reserved
4 ********************************************************************************
5 **
6 ** GlobalEnums.h
7 **
8 ** Contains enumerations used in the API and TLV classes.
9 **
10 *********************************************************************************/
11 
12 #ifndef __GLOBALENUMS_H
13 #define __GLOBALENUMS_H
14 
15 /***** PUT ONLY ENUMS IN THIS FILE AS IT IS ALSO USED BY THE MIDL COMPILER *****\
16 \******************** This is also compiled with IDL compiler **********************/
17 
18 enum ConnectProtocolType
19 {
20  PROTOCOL_TYPE_UNKNOWN = 0,
21  PROTOCOL_TYPE_SSL,
22  PROTOCOL_TYPE_IPSEC,
23 };
24 
25 enum ProtocolVersion
26 {
27  PROTO_VERSION_UNKNOWN = 0,
28  PROTO_VERSION_TLS10 = 1,
29  PROTO_VERSION_SSL30 = 2,
30  PROTO_VERSION_DTLS10 = 3,
31  PROTO_VERSION_IPSEC = 4,
32  PROTO_VERSION_IPSEC_NAT_T = 5,
33  PROTO_VERSION_TLS11 = 6,
34  PROTO_VERSION_TLS12 = 7,
35  PROTO_VERSION_DTLS12 = 8,
36 };
37 
38 enum ProtocolCipher
39 {
40  PROTO_CIPHER_UNKNOWN = 0,
41  PROTO_CIPHER_RSA_RC4_128_MD5 = 1,
42  PROTO_CIPHER_RSA_RC4_128_SHA1 = 2,
43  PROTO_CIPHER_RSA_DES_56_SHA1 = 3,
44  PROTO_CIPHER_RSA_3DES_168_SHA1 = 4,
45  PROTO_CIPHER_RSA_AES_128_SHA1 = 5,
46  PROTO_CIPHER_RSA_AES_256_SHA1 = 6,
47  PROTO_CIPHER_ENC_NULL_MD5 = 7,
48  PROTO_CIPHER_ENC_NULL_SHA1 = 8,
49  PROTO_CIPHER_RC4_128 = 9,
50  PROTO_CIPHER_RC4_128_MD5 = 10,
51  PROTO_CIPHER_RC4_128_SHA1 = 11,
52  PROTO_CIPHER_DES_56 = 12,
53  PROTO_CIPHER_DES_56_MD5 = 13,
54  PROTO_CIPHER_DES_56_SHA1 = 14,
55  PROTO_CIPHER_DES_56_SHA256 = 15,
56  PROTO_CIPHER_DES_56_SHA384 = 16,
57  PROTO_CIPHER_DES_56_SHA512 = 17,
58  PROTO_CIPHER_3DES_168 = 18,
59  PROTO_CIPHER_3DES_168_MD5 = 19,
60  PROTO_CIPHER_3DES_168_SHA1 = 20,
61  PROTO_CIPHER_3DES_168_SHA256 = 21,
62  PROTO_CIPHER_3DES_168_SHA384 = 22,
63  PROTO_CIPHER_3DES_168_SHA512 = 23,
64  PROTO_CIPHER_AES_128 = 24,
65  PROTO_CIPHER_AES_128_MD5 = 25,
66  PROTO_CIPHER_AES_128_SHA1 = 26,
67  PROTO_CIPHER_AES_128_SHA256 = 27,
68  PROTO_CIPHER_AES_128_SHA384 = 28,
69  PROTO_CIPHER_AES_128_SHA512 = 29,
70  PROTO_CIPHER_AES_192 = 30,
71  PROTO_CIPHER_AES_192_MD5 = 31,
72  PROTO_CIPHER_AES_192_SHA1 = 32,
73  PROTO_CIPHER_AES_192_SHA256 = 33,
74  PROTO_CIPHER_AES_192_SHA384 = 34,
75  PROTO_CIPHER_AES_192_SHA512 = 35,
76  PROTO_CIPHER_AES_256 = 36,
77  PROTO_CIPHER_AES_256_MD5 = 37,
78  PROTO_CIPHER_AES_256_SHA1 = 38,
79  PROTO_CIPHER_AES_256_SHA256 = 39,
80  PROTO_CIPHER_AES_256_SHA384 = 40,
81  PROTO_CIPHER_AES_256_SHA512 = 41,
82  PROTO_CIPHER_AES_128_GCM = 42,
83  PROTO_CIPHER_AES_192_GCM = 43,
84  PROTO_CIPHER_AES_256_GCM = 44,
85  PROTO_CIPHER_RSA_AES_128_SHA256 = 45, // TLS 1.2
86  PROTO_CIPHER_RSA_AES_256_SHA256 = 46,
87  PROTO_CIPHER_DHE_RSA_AES_128_SHA256 = 47,
88  PROTO_CIPHER_DHE_RSA_AES_256_SHA256 = 48,
89  PROTO_CIPHER_ECDHE_ECDSA_AES256_GCM_SHA384 = 49, // TLS 1.2 phase 2
90  PROTO_CIPHER_ECDHE_RSA_AES256_GCM_SHA384 = 50,
91  PROTO_CIPHER_DHE_RSA_AES256_GCM_SHA384 = 51,
92  PROTO_CIPHER_AES256_GCM_SHA384 = 52,
93  PROTO_CIPHER_ECDHE_ECDSA_AES256_SHA384 = 53,
94  PROTO_CIPHER_ECDHE_RSA_AES256_SHA384 = 54,
95  PROTO_CIPHER_ECDHE_ECDSA_AES128_GCM_SHA256 = 55,
96  PROTO_CIPHER_ECDHE_RSA_AES128_GCM_SHA256 = 56,
97  PROTO_CIPHER_DHE_RSA_AES128_GCM_SHA256 = 57,
98  PROTO_CIPHER_AES128_GCM_SHA256 = 58,
99  PROTO_CIPHER_ECDHE_ECDSA_AES128_SHA256 = 59,
100  PROTO_CIPHER_ECDHE_RSA_AES128_SHA256 = 60,
101  PROTO_CIPHER_DHE_RSA_AES256_SHA = 61,
102  PROTO_CIPHER_DHE_RSA_AES128_SHA = 62
103 };
104 
105 typedef enum
106 {
107  COMPR_NONE = 0,
108  COMPR_DEFLATE = 1,
109  COMPR_LZS = 2
110 } COMPR_ALGORITHM;
111 
112 /*
113 ** Tunnel states
114 ** New states must be added to the end of the list.
115 ** Downloader tests states, so altering existing states requires verification
116 ** that there won't be backward compability issues with downloader.
117 */
118 //BUGBUG Suggested by Marc: Rename the STATE enum and its values.
119 //BUGBUG We should probably change the enum name from STATE to VPNCON_STATE and
120 //BUGBUG the prefixes on the values from STATE_ to VCS_ (for VPN connection state).
121 //BUGBUG The API and GUI code have to deal with a number of different states, and the
122 //BUGBUG generically named STATE is not very self documenting.
123 //BUGBUG It's a throw back from the very earliest code for SSL VPN.
124 typedef enum
125 {
126  STATE_CONNECTING,
127  STATE_CONNECTED,
128  STATE_RECONNECTING,
129  STATE_DISCONNECTING,
130  STATE_DISCONNECTED,
131  STATE_PAUSING,
132  STATE_PAUSED,
133  STATE_AUTHENTICATING,
134  STATE_SSOPOLLING, // Api is doing the auth-poll.
135  STATE_UNDEFINED,
136 } STATE;
137 
138 /*
139 ** Tunnel sub-states
140 ** New sub-states must be added to the end of the list.
141 ** Sub-states are meant to provide additional details, if necessary, about
142 ** any of the VPN connection states.
143 ** Substates prefixed with "VCSS_MT_" correspond to the management tunnel.
144 */
145 enum VPNCON_SUBSTATE
146 {
147  VCSS_NORMAL = 0,
148  VCSS_INDEFINITE_DELAY = (1 << 0),
149  VCSS_SESSION_EXPIRING = (1 << 1),
150  VCSS_MT_DISCONNECTED_DISABLED = (1 << 2),
151  VCSS_MT_DISCONNECTED_TRUSTED_NW = (1 << 3),
152  VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE = (1 << 4),
153  VCSS_MT_DISCONNECTED_LAUNCH_FAILED = (1 << 5),
154  VCSS_MT_DISCONNECTED_CONNECT_FAILED = (1 << 6),
155  VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG = (1 << 7),
156  VCSS_MT_DISCONNECTED_SW_UP_PENDING = (1 << 8)
157 };
158 
159 typedef enum
160 {
161  NCS_RESTRICTED = 0, //a client configuration has been applied to the endpoints
162  //operating system configuration
163  NCS_PARTIAL_RESTRICTED_CAPTIVE_PORTAL, //a client configuration has been applied to the
164  //endpoints operating system configuration to allow
165  //captive portal remediation
166  NCS_UNRESTRICTED //the endpoints operating system configuration is not currently altered by the client
167 } NETCTRL_STATE;
168 
169 
170 // Note that while these values are defined like a bitmap, the network environment state
171 // is not used as a bitmap. No two values are ever combined. They are used like linear
172 // values. The bitmap arrangement of values is to enable testing for many possible values
173 // all at once in a single compare without having to do a series of compares against
174 // different linear values.
175 //
176 typedef enum
177 {
178  NES_NO_NETWORK_INTERFACE = (1 << 0),
179  NES_NO_PUBLIC_INTERFACE = (1 << 1),
180  NES_NO_DNS_CONNECTIVITY = (1 << 2),
181  NES_CAPTIVE_PORTAL_DETECTED = (1 << 3),
182  NES_AUTH_PROXY_DETECTED = (1 << 4),
183  NES_NETWORK_ACCESSIBLE = (1 << 5),
184  NES_SECURE_GATEWAY_ACCESSIBLE = (1 << 6)
185 } NETENV_STATE;
186 
187 
188 // Trusted Network Detection types.
189 typedef enum
190 {
191  NT_TRUSTED,
192  NT_UNTRUSTED,
193  NT_UNDEFINED
194 } NETWORK_TYPE;
195 
196 // Firewall enums
197 typedef enum
198 { FW_PERMISSION_UNKNOWN,
199  FW_PERMISSION_PERMIT,
200  FW_PERMISSION_DENY
201 } FW_Permission;
202 
203 typedef enum
204 { FW_PROTOCOL_UNKNOWN,
205  FW_PROTOCOL_TCP,
206  FW_PROTOCOL_UDP,
207  FW_PROTOCOL_ICMP,
208  FW_PROTOCOL_ANY
209 } FW_Protocol;
210 
211 typedef enum
212 {
213  FW_INTERFACE_UNKNOWN,
214  FW_INTERFACE_PUBLIC,
215  FW_INTERFACE_PRIVATE
216 } FW_Interface;
217 
218 typedef enum
219 {
220  FW_RULE_DIRECTION_IN,
221  FW_RULE_DIRECTION_OUT,
222  FW_RULE_DIRECTION_BOTH
223 } FW_Rule_Direction;
224 
225 typedef enum
226 {
227  MUS_STATUS_UNKNOWN = 0,
228  MUS_STATUS_ENABLED,
229  MUS_STATUS_DISABLED,
230  MUS_STATUS_UNCONFIRMED
231 } MUS_STATUS;
232 
233 // These can be used to get/set an automatic preference value using the
234 // generic UserPreferences.getAutomaticPreferenceValue() and
235 // setAutomaticPreferenceValue() methods, rather than using the individual
236 // getters/setters.
237 typedef enum
238 {
239  HeadendSelectionCacheId = 0,
240  DefaultUserId,
241  DefaultSecondUserId,
242  DefaultHostId,
243  DefaultGroupId,
244  ProxyHostId,
245  ProxyPortId,
246  SDITokenTypeId,
247  NoSDITokenId,
248  ClientCertThumbprintId,
249  ServerCertThumbprintId,
250  UnknownAutomaticPreference
251 } AutoPreferenceId ;
252 
253 // Used to determine if CPublicProxies, CPrivateProxies or no proxies should be used.
254 typedef enum
255 {
256  TRANSPORT_PROXY_NONE,
257  TRANSPORT_PROXY_PUBLIC,
258  TRANSPORT_PROXY_CURRENT
259 } TRANSPORT_PROXY_TYPE;
260 
261 // user authentication methods
262 // these are shared between Agent and API
263 //
264 // Note that IKE PSK is supported for reconnects only. The API can never
265 // initiate an IPsec connection using IKE PSK authentication.
266 typedef enum
267 {
268  USER_AUTH_UNKNOWN = 0,
269  USER_AUTH_SSL_MACHINE_STORE_CERT,
270  USER_AUTH_IKE_PSK,
271  USER_AUTH_IKE_RSA,
272  USER_AUTH_IKE_ECDSA,
273  USER_AUTH_IKE_EAP_MD5,
274  USER_AUTH_IKE_EAP_MSCHAPv2,
275  USER_AUTH_IKE_EAP_GTC,
276  USER_AUTH_IKE_EAP_ANYCONNECT, // Default
277 } USER_AUTH_METHOD;
278 
279 typedef enum
280 {
281  CFR_NONE = 0,
282  CFR_HOST_UNREACHABLE,
283 } CONNECT_FAILURE_REASON;
284 
285 typedef enum
286 {
287  DYN_SPLIT_TUN_EXC,
288  DYN_SPLIT_TUN_INC
289 } DYN_SPLIT_TUN_TYPE;
290 
291 typedef enum
292 {
293  VPN_TUNNEL_SCOPE_USER,
294  VPN_TUNNEL_SCOPE_MACHINE,
295  VPN_TUNNEL_SCOPE_UNDEFINED
296 } VPN_TUNNEL_SCOPE;
297 
298 #define IS_USER_TUNNEL(x) (VPN_TUNNEL_SCOPE_USER == x)
299 #define IS_MGMT_TUNNEL(x) (VPN_TUNNEL_SCOPE_MACHINE == x)
300 
301 #endif // __GLOBALENUMS_H