AnyConnect Secure Mobility Client  3.1.07021
include/api.h
Go to the documentation of this file.
00001 #ifndef _APISTDHEADER_
00002 #define _APISTDHEADER_
00003 
00004 /**
00005  * @file
00006  * This file contains some basic compiler definitions as well as common enums.
00007  */
00008 
00009 //Not compatible with MIDL
00010 #if !defined(__midl)
00011 #ifdef _WIN32
00012     #pragma warning(disable:4251 4786)
00013 
00014     #ifndef UNICODE
00015         #define UNICODE
00016     #endif // UNICODE
00017 
00018     #ifndef _UNICODE
00019         #define _UNICODE
00020     #endif // _UNICODE
00021 
00022     #ifndef tstring
00023 /** std::wstring */
00024         #define tstring std::wstring    /**< my wstring description */
00025     #endif // tstring
00026 
00027 #else // non-windows
00028 
00029     #ifndef tstring
00030         #define tstring std::string
00031     #endif // tstring
00032 
00033 #endif // _WIN32
00034 
00035 #ifdef _UNICODE
00036     #define tostream std::wostream
00037 #else
00038     #define tostream std::ostream
00039 #endif /* UNICODE */
00040 
00041 
00042 //used when including implementation files directly in an EXE.
00043 #ifdef _NOEXPORTDLL
00044     #define VPN_VPNAPI
00045 #else
00046     #ifdef VPN_APIEXPORTS //api
00047         #define VPN_VPNAPI __declspec(dllexport)
00048     #else
00049         #define VPN_VPNAPI __declspec(dllimport)
00050     #endif
00051 #endif
00052 
00053 #ifndef OUT
00054 #define OUT
00055 #endif
00056 
00057 #ifdef __cplusplus //only include if C++ is being used, 
00058                    //C code also includes api.h for COM proxy of enumerators.
00059 #include <string>
00060 #include <map>
00061 
00062 
00063 struct ApiStringCompare
00064 {
00065     bool operator()(tstring s1, tstring s2) const
00066     {
00067         return (s1.compare(s2) < 0) ? true : false;
00068     }
00069 };
00070 typedef std::map<tstring, tstring, ApiStringCompare> ApiStringMap;
00071 
00072 #endif //__cplusplus
00073 #endif //#if !defined(__midl)
00074 
00075 
00076 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
00077 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
00078 \******************** This is also compiled with IDL compiler **********************/
00079 
00080 #include "GlobalEnums.h"
00081 /**
00082  * MessageType
00083  * presents a level of severity associated with messages that are
00084  * sent to the API.  The severity can be useful for deciding how a message is
00085  * to be shown.  A UI might decide based on type to show a message as
00086  * a modal dialog versus a message written to the status area for an existing UI.
00087  */
00088 #if defined(__midl)
00089 [v1_enum] /*serialize as 32 bits*/
00090 #endif
00091 enum MessageType
00092 {
00093     MsgType_Error,      /**< Issue usually requiring user to acknowledge */
00094     MsgType_Warn,       /**< Less severe, not required to be shown to user */
00095     MsgType_Info,       /**< General message providing status, progress, etc. */
00096     MsgType_Status      /**< Can be used to indicate unexpected tunnel status change. */
00097 };
00098 
00099 
00100 /**
00101  * Identifies the type of token that was used successfully when SDI
00102  * Authentication is in use.
00103  */
00104 #if defined(__midl)
00105 [v1_enum] /*serialize as 32 bits*/
00106 #endif
00107 enum SDITokenType 
00108 { 
00109     SDITT_NONE, 
00110     SDITT_HARDWARE, 
00111     SDITT_SOFTWARE 
00112 };
00113 
00114 /**
00115  * Provides the current state of the VPN tunnel.
00116  */
00117 #if defined(__midl)
00118 [v1_enum] /*serialize as 32 bits*/
00119 #endif
00120 enum VPNState
00121 {
00122     CONNECTED     = STATE_CONNECTED,        /**< VPN is active */
00123     DISCONNECTED  = STATE_DISCONNECTED,     /**< VPN is inactive */
00124     CONNECTING    = STATE_CONNECTING,       /**< VPN is being established */
00125     DISCONNECTING = STATE_DISCONNECTING,    /**< VPN is being terminated */
00126     RECONNECTING  = STATE_RECONNECTING,     /**< VPN is being re-connected.  This state 
00127                                                  can occur due to network or other
00128                                                  temporary problems.  The state
00129                                                  indicates that the VPN is temporarily
00130                                                  unavailable and indicates the
00131                                                  connection is being re-established. */
00132     PAUSING       = STATE_PAUSING,          /**< VPN is being paused. */
00133     PAUSED        = STATE_PAUSED,           /**< VPN is paused. */
00134     UNKNOWN       = ~0
00135 };
00136 
00137 /**
00138  * Provides the current sub-state of the VPN tunnel.
00139  */
00140 #if defined(__midl)
00141 [v1_enum] /*serialize as 32 bits*/
00142 #endif
00143 enum VPNSubState
00144 {
00145     VPNSS_NORMAL           = VCSS_NORMAL,
00146     VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY
00147 };
00148 
00149 /**
00150  * WMHint
00151  * provides a hint for the GUI to either minimize or un-minimize.
00152  */
00153 #if defined(__midl)
00154 [v1_enum] /*serialize as 32 bits*/
00155 #endif
00156 enum WMHint
00157 {
00158     MINIMIZE,       /**< hint to minimize GUI */
00159     OPEN,           /**< hint to un-minimize GUI */
00160     QUIT,           /**< hint that GUI should close.  @see WMHintReason */
00161     REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
00162     REFRESHPREFS,   /**< hint to refresh the preferences */
00163     SHOWCONNECTING  /**< hint to display "connecting" status */
00164 };
00165 
00166 
00167 /**
00168  * WMHintReason
00169  * provides a reason indicator for the #WMHint
00170  */
00171 #if defined(__midl)
00172 [v1_enum] /*serialize as 32 bits*/
00173 #endif
00174 enum WMHintReason
00175 {
00176     SECONDGUISTART, /**< Indicates a second GUI has been launched.  This
00177                          indicator is used to suggest that the GUI
00178                          already running be OPENed and that the first one
00179                          should exit. */
00180     PROXYREQUEST,   /**< Proxy credential request can be for web-launch or
00181                          standalone-initiated connections. */
00182     SERVICEFAILURE, /**< This tag is used when the VPN service
00183                          is no longer available. */
00184     DISCONNECT,     /**< Any disconnect notices should be seen by the user. */
00185     SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
00186                          has been stopped. */
00187     CONNECT,        /**< Tag indicating an action to be taken due to connect,
00188                          for example a request to minimize the UI. */
00189     REASONUNKNOWN   /**< */
00190 };
00191 
00192 /**
00193  * provides an indication of the type of credential data being requested.
00194  */
00195 #if defined(__midl)
00196 [v1_enum] /*serialize as 32 bits*/
00197 #endif
00198 enum ConnectPromptType
00199 {
00200     CERTIFICATE,    /**< Indicates a certificate-only type of connection and
00201                          would not normally be sent to client unless a
00202                          post-authentication banner is to be displayed. */
00203     CREDENTIALS,    /**< Indicates that the user is to be prompted for authentication
00204                          credentials */
00205     PROXY,          /**< Indicates that the user is to be prompted for
00206                          proxy-authentication credentials */
00207     STATUS          /**< Indicates that status messages are to be displayed to
00208                          the user*/
00209 };
00210 
00211 
00212 /**
00213  * Indicates the prompt or credential type.
00214  */
00215 #if defined(__midl)
00216 [v1_enum] /*serialize as 32 bits*/
00217 #endif
00218 enum PromptType { Prompt_Input,     /**< label and value. */
00219                   Prompt_Password,  /**< label and value, indicates user
00220                                          response should be masked. */
00221                   Prompt_Banner,    /**< value (the banner) with no label set. */
00222                   Prompt_Combo,     /**< list with choices options. */
00223                   Prompt_Header,    /**< label intended as header and with
00224                                          value. */
00225                   Prompt_Hidden,    /**< hidden value, should be ignored and
00226                                          left unchanged in response. */
00227                   Prompt_CheckBox   /**< label and value (contrained to true or false) */
00228 };
00229 
00230 #if defined(__midl)
00231 [v1_enum] /*serialize as 32 bits*/
00232 #endif
00233 
00234 /* 
00235  * ***************** !!! ATTENTION !!! ***********************************
00236  * *
00237  * * When updating this preference enum, you must ensure that the enum in
00238  * * vpn/Api/jni/java/Preference.java is also updated.
00239  * *
00240  * ***************** !!! ATTENTION !!! ***********************************
00241  */
00242 enum PreferenceId 
00243 {
00244     ServiceDisable,             /**< This preference disable the VPN service.  
00245                                  If more than one profile exists and any one
00246                                  profile has VPN enabled, then it will be
00247                                  enabled.  False is the default. */
00248     CertificateStoreOverride,/**< This preference will trigger an alternate 
00249                                  authentication sequence in the API. The 
00250                                  preference is only settable by an 
00251                                  administrator. */
00252     CertificateStore,       /**< This preference indicates which certificate 
00253                                  store AnyConnect should look in for    
00254                                  certificates. The options are All, Machine 
00255                                  and User with a default of All. The preference 
00256                                  is only settable by an administrator. */
00257     ShowPreConnectMessage,  /**< The ShowPreConnectMessage preference gives the
00258                                  administrator the ability to display an AnyConnect 
00259                                  startup banner message. The message will appear 
00260                                  only once per AnyConnect program start. The  
00261                                  preference is only settable by an 
00262                                  administrator. */
00263     AutoConnectOnStart,     /**< This preference allows the user to select 
00264                                  whether to establish a connection automatically
00265                                  on startup or not. */
00266     MinimizeOnConnect,      /**< This preference allows the user to select if
00267                                  the GUI should minimize when the connection is
00268                                  established */
00269     LocalLanAccess,         /**< This preference will provide a mechanism where 
00270                                  the user can disable access to their Local LAN. */
00271     AutoReconnect,          /**< First control of the reconnect behavior. If the 
00272                                  client becomes disconnected for any reason, a 
00273                                  reconnect attempt is made.   */
00274     AutoReconnectBehavior,  /**< Second control of the reconnect behavior. When
00275                                  coming out of suspend/hibernate/standby mode. 
00276                                  Options are disconnect on suspend and reconnect 
00277                                  after suspend. */
00278     UseStartBeforeLogon,    /**< This preference allows an administrator to 
00279                                  control the use of the Start Before Logon 
00280                                  feature. The preference can be set to true (on) 
00281                                  or false (off). */
00282     AutoUpdate,             /**< Once the Downloader has loaded the profile, it 
00283                                  can check the AutoUpdate preference to see if 
00284                                  updates are either disabled or enabled */
00285     RSASecurIDIntegration,  /**< This preference will enable the administrator 
00286                                  and possibly end user to select the preferred 
00287                                  method of managing their SDI PIN and PASSCODE 
00288                                  interactions. Options are Automatic (default), 
00289                                  SoftwareTokens and HardwareTokens. */
00290     WindowsLogonEnforcement,/**< This preference allows an administrator to
00291                                  control if more than one user may be logged into
00292                                  the client PC during the VPN connection (Windows
00293                                  only). */
00294     WindowsVPNEstablishment,/**< This preference allows an administrator to
00295                                  control whether or not remote users may initiate
00296                                  a VPN connection (Windows only). */
00297     ProxySettings,          /**< This preference allows an administrator to
00298                                  control how user's proxy setups are handled.*/
00299     AllowLocalProxyConnections, /**< This preference allows the administrator to control
00300                                  whether to allow establishing a connection through
00301                                  a local proxy. */
00302     PPPExclusion,           /**< This preference allows an administrator to control
00303                                  the policy used to exclude routes to
00304                                  PPP servers when connecting over L2TP or PPTP.
00305                                  Options are Automatic (default), Disable,
00306                                  and Override. */
00307     PPPExclusionServerIP,   /**< When PPPExclusion is set to Manual,
00308                                  the value of this preference allows an
00309                                  end user to specify the address of a
00310                                  PPP server that should be excluded
00311                                  from tunnel traffic. */
00312     AutomaticVPNPolicy,     /**< This preference allows an administrator to 
00313                                  define a policy to automatically manage when a 
00314                                  VPN connection should be started or stopped. */
00315     TrustedNetworkPolicy,   /**< This preference allows an administrator to 
00316                                  define a policy for users in trusted networks.
00317                                  The options are: Disconnect or DoNothing. */
00318     UntrustedNetworkPolicy, /**< This preference allows an administrator to 
00319                                  define a policy for users in untrusted networks.
00320                                  The options are: Connect or DoNothing. */
00321     TrustedDNSDomains,      /**< This preference defines a list of comma 
00322                                  separated DNS suffixes that a network interface
00323                                  in a trusted network might have. */
00324     TrustedDNSServers,      /**< This preference defines a list of comma 
00325                                  separated DNS servers that a network interface
00326                                  in a trusted network might have. */
00327     AlwaysOn,               /**< This preference governs VPN reestablishment after
00328                                  interruptions */
00329     ConnectFailurePolicy,   /**< This preference gives the network administrator 
00330                                  the ability to dictate the network access allowed
00331                                  by the client endpoint device following a VPN
00332                                  connection establishment failure. It is a component
00333                                  of AlwaysOn */
00334     AllowCaptivePortalRemediation, /**< This preference gives the network administrator
00335                                     the ability to dictate the network access 
00336                                     allowed by the client endpoint device following
00337                                     a VPN connection establishment failure it is a
00338                                     component of AlwaysOn */
00339     CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
00340                                      the ability to impose a time limit for captive portal 
00341                                      remediation when the ConnectFailurePolicy value is Closed
00342                                      It is a component of AlwaysOn */
00343     ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 
00344                                        the ability to allow split routes and firewall rules 
00345                                        to be applied following a VPN connection establishment
00346                                        failure when the ConnectFailurePolicy value is Closed
00347                                        It is a component of AlwaysOn */
00348     AllowVPNDisconnect,     /**< During Always On, this specifies that the user is allowed to
00349                                  disconnect the VPN session. */
00350     EnableScripting,        /**< This preference allows an administrator to 
00351                                  enable scripting (on connect or on
00352                                  disconnect). */
00353     TerminateScriptOnNextEvent,   /**< This preference dictates whether or not
00354                                        AnyConnect will terminate a running script
00355                                        process if a transition to another
00356                                        scriptable event occurs. */
00357     EnablePostSBLOnConnectScript, /**< This preference is used to control whether
00358                                        or not the OnConnect script will be launched
00359                                        from the desktop GUI when a tunnel has been
00360                                        established via SBL. */
00361     AutomaticCertSelection,   /**< This preference dictates whether or not to disable
00362                                    the default automatic certificate selection for user
00363                                    certificates. If disabled, a certificate selection dialog is
00364                                    displayed. This only applies if the GUI is enabled
00365                                    and not SBL. This only applies to Windows (not WinMobile). */
00366     RetainVpnOnLogoff,        /**< First control of the logoff behavior. This preference allows
00367                                    an administrator to control if the VPN is terminated or retained
00368                                    after user logs off.*/
00369     UserEnforcement,          /**< Second control of the logoff behavior. When the VPN connection has
00370                                    been retained after user logged off. Controls what user can log in 
00371                                    and keep the VPN connection. Options are same user only and any user. */
00372     DeviceLockRequired,           /**< This preference indicates whether or not 
00373                                        a Windows Mobile device must be configured
00374                                        with a password or PIN prior to establishing
00375                                        a VPN connection. This configuration is 
00376                                        only valid on Windows Mobile devices that
00377                                        use the Microsoft Default Local 
00378                                        Authentication Provider (LAP). */
00379     DeviceLockMaximumTimeoutMinutes,   /**< When set to a non-negative number, 
00380                                             this preference specifies the maximum
00381                                             number of minutes a device can be 
00382                                             inactive before device lock takes 
00383                                             into effect. (WM5/WM5AKU2+) */
00384     DeviceLockMinimumPasswordLength,   /**< When set to a non-negative number, 
00385                                             this preference specifies that any 
00386                                             PIN/password used for device lock 
00387                                             must be equal to or longer than
00388                                             the specified value, in characters.
00389                                             This setting must be pushed down to
00390                                             the mobile device by syncing with 
00391                                             an Exchange server before it can be 
00392                                             enforced. (WM5AKU2+) */
00393     DeviceLockPasswordComplexity,      /**< This preference checks whether or 
00394                                             not the password belongs to one of
00395                                             three subtypes: alpha, pin, strong */
00396     EnableAutomaticServerSelection,    /**< Automatic server selection will 
00397                                             automatically select the optimal 
00398                                             secure gateway for the endpoint */
00399     AutoServerSelectionImprovement,    /**< During a reconnection attempt after
00400                                             a system resume, this setting 
00401                                             specifies the minimum  estimated
00402                                             performance improvement required to
00403                                             justify transitioning a user to a new server 
00404                                             This value represents percentage in 0..100 */
00405     AutoServerSelectionSuspendTime,    /**< During a reconnection attempt after
00406                                             a system resume, this specifies the
00407                                             minimum time a user must have been 
00408                                             suspended in order to justify a new
00409                                             server selection calculation. Unit is hours */
00410     AuthenticationTimeout,             /**< Time, in seconds, that the client waits
00411                                             for authentication to be completed.*/
00412     SafeWordSofTokenIntegration,  /**< This preference will enable the administrator and possibly
00413                                        the end user to enable SafeWord SofToken integration.
00414                                        Options are Enabled (true) and Disabled (false - default). */
00415     AllowIPsecOverSSL,                      /**< if 'true' then tunneling of IPSEC over SSL
00416                                             is made possible with help from the ASA.
00417                                         */
00418     ClearSmartcardPin,                 /**< This preference controls whether the smartcard pin
00419                                             will be cleared on a successful connection*/
00420     IPProtocolSupport,                 /**< This preference controls which protocol(s) will be 
00421                                             allowed for the connection*/
00422     AllowManualHostInput,              /**< This preference specifies whether the user
00423                                             is allowed to type a new hostname in the VPN
00424                                             edit box. */
00425     BlockUntrustedServers,             /**< This preference specifies whether the user wants
00426                                             to allow for connections to secure gateways with
00427                                             certificate errors. */
00428     PublicProxyServerAddress,          /**< This preference specifies the public proxy server
00429                                             address to be used. This number is in the format
00430                                             ServerAddr:ServerPort (ex. 101.89.85.444:8080)
00431                                             or just the FQDN. */
00432     UnknownPreference
00433 }; 
00434 
00435 
00436 /** 
00437  * Indicates the scope of the preferences contained in a PreferenceInfo object 
00438  */
00439 #if defined(__midl)
00440 [v1_enum] /*serialize as 32 bits*/
00441 #endif
00442 enum PreferenceScope    
00443 {
00444     User,               /**< Indicates that the preferences were set by a user */
00445     Global,             /**< Indicates that the preferences are global */
00446     UserAndGlobal       /**< Indicates that we have both user and global preferences */
00447 };
00448 
00449 /** 
00450  * Indicates the client mode of operation. Unlike tunneling mode or other 
00451  * mutually exclusive modes, client operating modes are independent settings,
00452  * several of which can be turned on simultaneously.  
00453  */
00454 #if defined(__midl)
00455 [v1_enum] /*serialize as 32 bits*/
00456 #endif
00457 enum OperatingMode
00458 {
00459     FIPS                     = (1 << 0), /**< Indicates that the client is 
00460                                               running in FIPS mode. */
00461     StartBeforeLogon         = (1 << 1), /**< Indicates that the client is 
00462                                               running in Start Before Login 
00463                                               mode. */
00464     GUI                      = (1 << 2), /**< Indicates that the client is 
00465                                               a GUI client (not the CLI). */
00466     TrustedNetworkDetection  = (1 << 3), /**< Indicates that a Trusted Network
00467                                               Detection policy is enabled for
00468                                               the client. */
00469     AlwaysOnVpn              = (1 << 4), /**< Indicates that the Always On 
00470                                               policy is enabled for the client. */
00471     NetworkIssue             = (1 << 5), /**< For user notifications only.
00472                                               Indication by API to the UI that
00473                                               there is a network condition. */
00474     Quarantined              = (1 << 6), /**< Indicates that the VPN session is being 
00475                                               Quarantined by the secure gateway. */
00476     AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
00477                                               is enabled. */
00478     DisconnectAllowed        = (1 << 8), /**< Indicates that the user is allowed
00479                                               to disconnect the VPN based on 
00480                                               policy. */
00481     VPNDisabled              = (1 << 9), /**< Indicates that the VPN service is
00482                                               to be marked as disabled. */
00483     SCEPMode                 = (1 << 10), /**< Indicates that the client is
00484                                                performing a SCEP cert enrollment. */
00485     OnTrustedNetwork         = (1 << 11), /**< Indicates that at last check, the
00486                                                client detected that it was on
00487                                                a trusted network. */
00488     ManualHostInputAllowed   = (1 << 12), /**< Indicates that the user is allowed
00489                                                to add a new host by typing its name
00490                                                in the VPN edit box. */
00491     ErrorSuppressed          = (1 << 13), /**< Indicates a connection error has
00492                                                been returned fronm the agent, but
00493                                                was suppressed to warning to 
00494                                                prevent popup dialog in the UI. */
00495     StrictMode               = (1 << 14)  /**< Indicates that the client is 
00496                                                running in strict certificate trust mode. */
00497 };
00498 
00499 #if defined(PLATFORM_ANDROID)
00500 #if defined(__midl)
00501 [v1_enum] /*serialize as 32 bits*/
00502 #endif
00503 /** 
00504  * Indicates the mode to use for Certificate Based Authentication.
00505  * CertAuth_Automatic is the same as the default AnyConnect configuration.
00506  */
00507 enum CertAuthMode
00508 {
00509     CertAuth_Automatic, /**< Will try each available certificate in succession
00510                              until authentication is obtained or we run out of 
00511                              available certificates */
00512     CertAuth_Disabled,  /**< Will disable Certificate Based Authentication */
00513     CertAuth_Manual     /**< Will only use preconfigured certificate to attempt
00514                              Certificate Based Authentication */
00515 };
00516 #endif
00517 
00518 #endif // _APISTDHEADER_