AnyConnect Secure Mobility Client
3.1.07021
|
00001 #ifndef _APISTDHEADER_ 00002 #define _APISTDHEADER_ 00003 00004 /** 00005 * @file 00006 * This file contains some basic compiler definitions as well as common enums. 00007 */ 00008 00009 //Not compatible with MIDL 00010 #if !defined(__midl) 00011 #ifdef _WIN32 00012 #pragma warning(disable:4251 4786) 00013 00014 #ifndef UNICODE 00015 #define UNICODE 00016 #endif // UNICODE 00017 00018 #ifndef _UNICODE 00019 #define _UNICODE 00020 #endif // _UNICODE 00021 00022 #ifndef tstring 00023 /** std::wstring */ 00024 #define tstring std::wstring /**< my wstring description */ 00025 #endif // tstring 00026 00027 #else // non-windows 00028 00029 #ifndef tstring 00030 #define tstring std::string 00031 #endif // tstring 00032 00033 #endif // _WIN32 00034 00035 #ifdef _UNICODE 00036 #define tostream std::wostream 00037 #else 00038 #define tostream std::ostream 00039 #endif /* UNICODE */ 00040 00041 00042 //used when including implementation files directly in an EXE. 00043 #ifdef _NOEXPORTDLL 00044 #define VPN_VPNAPI 00045 #else 00046 #ifdef VPN_APIEXPORTS //api 00047 #define VPN_VPNAPI __declspec(dllexport) 00048 #else 00049 #define VPN_VPNAPI __declspec(dllimport) 00050 #endif 00051 #endif 00052 00053 #ifndef OUT 00054 #define OUT 00055 #endif 00056 00057 #ifdef __cplusplus //only include if C++ is being used, 00058 //C code also includes api.h for COM proxy of enumerators. 00059 #include <string> 00060 #include <map> 00061 00062 00063 struct ApiStringCompare 00064 { 00065 bool operator()(tstring s1, tstring s2) const 00066 { 00067 return (s1.compare(s2) < 0) ? true : false; 00068 } 00069 }; 00070 typedef std::map<tstring, tstring, ApiStringCompare> ApiStringMap; 00071 00072 #endif //__cplusplus 00073 #endif //#if !defined(__midl) 00074 00075 00076 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\ 00077 ********* make sure to add the [v1_enum] inside a __midl define to new enums ******** 00078 \******************** This is also compiled with IDL compiler **********************/ 00079 00080 #include "GlobalEnums.h" 00081 /** 00082 * MessageType 00083 * presents a level of severity associated with messages that are 00084 * sent to the API. The severity can be useful for deciding how a message is 00085 * to be shown. A UI might decide based on type to show a message as 00086 * a modal dialog versus a message written to the status area for an existing UI. 00087 */ 00088 #if defined(__midl) 00089 [v1_enum] /*serialize as 32 bits*/ 00090 #endif 00091 enum MessageType 00092 { 00093 MsgType_Error, /**< Issue usually requiring user to acknowledge */ 00094 MsgType_Warn, /**< Less severe, not required to be shown to user */ 00095 MsgType_Info, /**< General message providing status, progress, etc. */ 00096 MsgType_Status /**< Can be used to indicate unexpected tunnel status change. */ 00097 }; 00098 00099 00100 /** 00101 * Identifies the type of token that was used successfully when SDI 00102 * Authentication is in use. 00103 */ 00104 #if defined(__midl) 00105 [v1_enum] /*serialize as 32 bits*/ 00106 #endif 00107 enum SDITokenType 00108 { 00109 SDITT_NONE, 00110 SDITT_HARDWARE, 00111 SDITT_SOFTWARE 00112 }; 00113 00114 /** 00115 * Provides the current state of the VPN tunnel. 00116 */ 00117 #if defined(__midl) 00118 [v1_enum] /*serialize as 32 bits*/ 00119 #endif 00120 enum VPNState 00121 { 00122 CONNECTED = STATE_CONNECTED, /**< VPN is active */ 00123 DISCONNECTED = STATE_DISCONNECTED, /**< VPN is inactive */ 00124 CONNECTING = STATE_CONNECTING, /**< VPN is being established */ 00125 DISCONNECTING = STATE_DISCONNECTING, /**< VPN is being terminated */ 00126 RECONNECTING = STATE_RECONNECTING, /**< VPN is being re-connected. This state 00127 can occur due to network or other 00128 temporary problems. The state 00129 indicates that the VPN is temporarily 00130 unavailable and indicates the 00131 connection is being re-established. */ 00132 PAUSING = STATE_PAUSING, /**< VPN is being paused. */ 00133 PAUSED = STATE_PAUSED, /**< VPN is paused. */ 00134 UNKNOWN = ~0 00135 }; 00136 00137 /** 00138 * Provides the current sub-state of the VPN tunnel. 00139 */ 00140 #if defined(__midl) 00141 [v1_enum] /*serialize as 32 bits*/ 00142 #endif 00143 enum VPNSubState 00144 { 00145 VPNSS_NORMAL = VCSS_NORMAL, 00146 VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY 00147 }; 00148 00149 /** 00150 * WMHint 00151 * provides a hint for the GUI to either minimize or un-minimize. 00152 */ 00153 #if defined(__midl) 00154 [v1_enum] /*serialize as 32 bits*/ 00155 #endif 00156 enum WMHint 00157 { 00158 MINIMIZE, /**< hint to minimize GUI */ 00159 OPEN, /**< hint to un-minimize GUI */ 00160 QUIT, /**< hint that GUI should close. @see WMHintReason */ 00161 REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */ 00162 REFRESHPREFS, /**< hint to refresh the preferences */ 00163 SHOWCONNECTING /**< hint to display "connecting" status */ 00164 }; 00165 00166 00167 /** 00168 * WMHintReason 00169 * provides a reason indicator for the #WMHint 00170 */ 00171 #if defined(__midl) 00172 [v1_enum] /*serialize as 32 bits*/ 00173 #endif 00174 enum WMHintReason 00175 { 00176 SECONDGUISTART, /**< Indicates a second GUI has been launched. This 00177 indicator is used to suggest that the GUI 00178 already running be OPENed and that the first one 00179 should exit. */ 00180 PROXYREQUEST, /**< Proxy credential request can be for web-launch or 00181 standalone-initiated connections. */ 00182 SERVICEFAILURE, /**< This tag is used when the VPN service 00183 is no longer available. */ 00184 DISCONNECT, /**< Any disconnect notices should be seen by the user. */ 00185 SERVICESTOPPED, /**< This tag will be used in cases where the VPN service 00186 has been stopped. */ 00187 CONNECT, /**< Tag indicating an action to be taken due to connect, 00188 for example a request to minimize the UI. */ 00189 REASONUNKNOWN /**< */ 00190 }; 00191 00192 /** 00193 * provides an indication of the type of credential data being requested. 00194 */ 00195 #if defined(__midl) 00196 [v1_enum] /*serialize as 32 bits*/ 00197 #endif 00198 enum ConnectPromptType 00199 { 00200 CERTIFICATE, /**< Indicates a certificate-only type of connection and 00201 would not normally be sent to client unless a 00202 post-authentication banner is to be displayed. */ 00203 CREDENTIALS, /**< Indicates that the user is to be prompted for authentication 00204 credentials */ 00205 PROXY, /**< Indicates that the user is to be prompted for 00206 proxy-authentication credentials */ 00207 STATUS /**< Indicates that status messages are to be displayed to 00208 the user*/ 00209 }; 00210 00211 00212 /** 00213 * Indicates the prompt or credential type. 00214 */ 00215 #if defined(__midl) 00216 [v1_enum] /*serialize as 32 bits*/ 00217 #endif 00218 enum PromptType { Prompt_Input, /**< label and value. */ 00219 Prompt_Password, /**< label and value, indicates user 00220 response should be masked. */ 00221 Prompt_Banner, /**< value (the banner) with no label set. */ 00222 Prompt_Combo, /**< list with choices options. */ 00223 Prompt_Header, /**< label intended as header and with 00224 value. */ 00225 Prompt_Hidden, /**< hidden value, should be ignored and 00226 left unchanged in response. */ 00227 Prompt_CheckBox /**< label and value (contrained to true or false) */ 00228 }; 00229 00230 #if defined(__midl) 00231 [v1_enum] /*serialize as 32 bits*/ 00232 #endif 00233 00234 /* 00235 * ***************** !!! ATTENTION !!! *********************************** 00236 * * 00237 * * When updating this preference enum, you must ensure that the enum in 00238 * * vpn/Api/jni/java/Preference.java is also updated. 00239 * * 00240 * ***************** !!! ATTENTION !!! *********************************** 00241 */ 00242 enum PreferenceId 00243 { 00244 ServiceDisable, /**< This preference disable the VPN service. 00245 If more than one profile exists and any one 00246 profile has VPN enabled, then it will be 00247 enabled. False is the default. */ 00248 CertificateStoreOverride,/**< This preference will trigger an alternate 00249 authentication sequence in the API. The 00250 preference is only settable by an 00251 administrator. */ 00252 CertificateStore, /**< This preference indicates which certificate 00253 store AnyConnect should look in for 00254 certificates. The options are All, Machine 00255 and User with a default of All. The preference 00256 is only settable by an administrator. */ 00257 ShowPreConnectMessage, /**< The ShowPreConnectMessage preference gives the 00258 administrator the ability to display an AnyConnect 00259 startup banner message. The message will appear 00260 only once per AnyConnect program start. The 00261 preference is only settable by an 00262 administrator. */ 00263 AutoConnectOnStart, /**< This preference allows the user to select 00264 whether to establish a connection automatically 00265 on startup or not. */ 00266 MinimizeOnConnect, /**< This preference allows the user to select if 00267 the GUI should minimize when the connection is 00268 established */ 00269 LocalLanAccess, /**< This preference will provide a mechanism where 00270 the user can disable access to their Local LAN. */ 00271 AutoReconnect, /**< First control of the reconnect behavior. If the 00272 client becomes disconnected for any reason, a 00273 reconnect attempt is made. */ 00274 AutoReconnectBehavior, /**< Second control of the reconnect behavior. When 00275 coming out of suspend/hibernate/standby mode. 00276 Options are disconnect on suspend and reconnect 00277 after suspend. */ 00278 UseStartBeforeLogon, /**< This preference allows an administrator to 00279 control the use of the Start Before Logon 00280 feature. The preference can be set to true (on) 00281 or false (off). */ 00282 AutoUpdate, /**< Once the Downloader has loaded the profile, it 00283 can check the AutoUpdate preference to see if 00284 updates are either disabled or enabled */ 00285 RSASecurIDIntegration, /**< This preference will enable the administrator 00286 and possibly end user to select the preferred 00287 method of managing their SDI PIN and PASSCODE 00288 interactions. Options are Automatic (default), 00289 SoftwareTokens and HardwareTokens. */ 00290 WindowsLogonEnforcement,/**< This preference allows an administrator to 00291 control if more than one user may be logged into 00292 the client PC during the VPN connection (Windows 00293 only). */ 00294 WindowsVPNEstablishment,/**< This preference allows an administrator to 00295 control whether or not remote users may initiate 00296 a VPN connection (Windows only). */ 00297 ProxySettings, /**< This preference allows an administrator to 00298 control how user's proxy setups are handled.*/ 00299 AllowLocalProxyConnections, /**< This preference allows the administrator to control 00300 whether to allow establishing a connection through 00301 a local proxy. */ 00302 PPPExclusion, /**< This preference allows an administrator to control 00303 the policy used to exclude routes to 00304 PPP servers when connecting over L2TP or PPTP. 00305 Options are Automatic (default), Disable, 00306 and Override. */ 00307 PPPExclusionServerIP, /**< When PPPExclusion is set to Manual, 00308 the value of this preference allows an 00309 end user to specify the address of a 00310 PPP server that should be excluded 00311 from tunnel traffic. */ 00312 AutomaticVPNPolicy, /**< This preference allows an administrator to 00313 define a policy to automatically manage when a 00314 VPN connection should be started or stopped. */ 00315 TrustedNetworkPolicy, /**< This preference allows an administrator to 00316 define a policy for users in trusted networks. 00317 The options are: Disconnect or DoNothing. */ 00318 UntrustedNetworkPolicy, /**< This preference allows an administrator to 00319 define a policy for users in untrusted networks. 00320 The options are: Connect or DoNothing. */ 00321 TrustedDNSDomains, /**< This preference defines a list of comma 00322 separated DNS suffixes that a network interface 00323 in a trusted network might have. */ 00324 TrustedDNSServers, /**< This preference defines a list of comma 00325 separated DNS servers that a network interface 00326 in a trusted network might have. */ 00327 AlwaysOn, /**< This preference governs VPN reestablishment after 00328 interruptions */ 00329 ConnectFailurePolicy, /**< This preference gives the network administrator 00330 the ability to dictate the network access allowed 00331 by the client endpoint device following a VPN 00332 connection establishment failure. It is a component 00333 of AlwaysOn */ 00334 AllowCaptivePortalRemediation, /**< This preference gives the network administrator 00335 the ability to dictate the network access 00336 allowed by the client endpoint device following 00337 a VPN connection establishment failure it is a 00338 component of AlwaysOn */ 00339 CaptivePortalRemediationTimeout, /**< This preference allows the network administrator 00340 the ability to impose a time limit for captive portal 00341 remediation when the ConnectFailurePolicy value is Closed 00342 It is a component of AlwaysOn */ 00343 ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 00344 the ability to allow split routes and firewall rules 00345 to be applied following a VPN connection establishment 00346 failure when the ConnectFailurePolicy value is Closed 00347 It is a component of AlwaysOn */ 00348 AllowVPNDisconnect, /**< During Always On, this specifies that the user is allowed to 00349 disconnect the VPN session. */ 00350 EnableScripting, /**< This preference allows an administrator to 00351 enable scripting (on connect or on 00352 disconnect). */ 00353 TerminateScriptOnNextEvent, /**< This preference dictates whether or not 00354 AnyConnect will terminate a running script 00355 process if a transition to another 00356 scriptable event occurs. */ 00357 EnablePostSBLOnConnectScript, /**< This preference is used to control whether 00358 or not the OnConnect script will be launched 00359 from the desktop GUI when a tunnel has been 00360 established via SBL. */ 00361 AutomaticCertSelection, /**< This preference dictates whether or not to disable 00362 the default automatic certificate selection for user 00363 certificates. If disabled, a certificate selection dialog is 00364 displayed. This only applies if the GUI is enabled 00365 and not SBL. This only applies to Windows (not WinMobile). */ 00366 RetainVpnOnLogoff, /**< First control of the logoff behavior. This preference allows 00367 an administrator to control if the VPN is terminated or retained 00368 after user logs off.*/ 00369 UserEnforcement, /**< Second control of the logoff behavior. When the VPN connection has 00370 been retained after user logged off. Controls what user can log in 00371 and keep the VPN connection. Options are same user only and any user. */ 00372 DeviceLockRequired, /**< This preference indicates whether or not 00373 a Windows Mobile device must be configured 00374 with a password or PIN prior to establishing 00375 a VPN connection. This configuration is 00376 only valid on Windows Mobile devices that 00377 use the Microsoft Default Local 00378 Authentication Provider (LAP). */ 00379 DeviceLockMaximumTimeoutMinutes, /**< When set to a non-negative number, 00380 this preference specifies the maximum 00381 number of minutes a device can be 00382 inactive before device lock takes 00383 into effect. (WM5/WM5AKU2+) */ 00384 DeviceLockMinimumPasswordLength, /**< When set to a non-negative number, 00385 this preference specifies that any 00386 PIN/password used for device lock 00387 must be equal to or longer than 00388 the specified value, in characters. 00389 This setting must be pushed down to 00390 the mobile device by syncing with 00391 an Exchange server before it can be 00392 enforced. (WM5AKU2+) */ 00393 DeviceLockPasswordComplexity, /**< This preference checks whether or 00394 not the password belongs to one of 00395 three subtypes: alpha, pin, strong */ 00396 EnableAutomaticServerSelection, /**< Automatic server selection will 00397 automatically select the optimal 00398 secure gateway for the endpoint */ 00399 AutoServerSelectionImprovement, /**< During a reconnection attempt after 00400 a system resume, this setting 00401 specifies the minimum estimated 00402 performance improvement required to 00403 justify transitioning a user to a new server 00404 This value represents percentage in 0..100 */ 00405 AutoServerSelectionSuspendTime, /**< During a reconnection attempt after 00406 a system resume, this specifies the 00407 minimum time a user must have been 00408 suspended in order to justify a new 00409 server selection calculation. Unit is hours */ 00410 AuthenticationTimeout, /**< Time, in seconds, that the client waits 00411 for authentication to be completed.*/ 00412 SafeWordSofTokenIntegration, /**< This preference will enable the administrator and possibly 00413 the end user to enable SafeWord SofToken integration. 00414 Options are Enabled (true) and Disabled (false - default). */ 00415 AllowIPsecOverSSL, /**< if 'true' then tunneling of IPSEC over SSL 00416 is made possible with help from the ASA. 00417 */ 00418 ClearSmartcardPin, /**< This preference controls whether the smartcard pin 00419 will be cleared on a successful connection*/ 00420 IPProtocolSupport, /**< This preference controls which protocol(s) will be 00421 allowed for the connection*/ 00422 AllowManualHostInput, /**< This preference specifies whether the user 00423 is allowed to type a new hostname in the VPN 00424 edit box. */ 00425 BlockUntrustedServers, /**< This preference specifies whether the user wants 00426 to allow for connections to secure gateways with 00427 certificate errors. */ 00428 PublicProxyServerAddress, /**< This preference specifies the public proxy server 00429 address to be used. This number is in the format 00430 ServerAddr:ServerPort (ex. 101.89.85.444:8080) 00431 or just the FQDN. */ 00432 UnknownPreference 00433 }; 00434 00435 00436 /** 00437 * Indicates the scope of the preferences contained in a PreferenceInfo object 00438 */ 00439 #if defined(__midl) 00440 [v1_enum] /*serialize as 32 bits*/ 00441 #endif 00442 enum PreferenceScope 00443 { 00444 User, /**< Indicates that the preferences were set by a user */ 00445 Global, /**< Indicates that the preferences are global */ 00446 UserAndGlobal /**< Indicates that we have both user and global preferences */ 00447 }; 00448 00449 /** 00450 * Indicates the client mode of operation. Unlike tunneling mode or other 00451 * mutually exclusive modes, client operating modes are independent settings, 00452 * several of which can be turned on simultaneously. 00453 */ 00454 #if defined(__midl) 00455 [v1_enum] /*serialize as 32 bits*/ 00456 #endif 00457 enum OperatingMode 00458 { 00459 FIPS = (1 << 0), /**< Indicates that the client is 00460 running in FIPS mode. */ 00461 StartBeforeLogon = (1 << 1), /**< Indicates that the client is 00462 running in Start Before Login 00463 mode. */ 00464 GUI = (1 << 2), /**< Indicates that the client is 00465 a GUI client (not the CLI). */ 00466 TrustedNetworkDetection = (1 << 3), /**< Indicates that a Trusted Network 00467 Detection policy is enabled for 00468 the client. */ 00469 AlwaysOnVpn = (1 << 4), /**< Indicates that the Always On 00470 policy is enabled for the client. */ 00471 NetworkIssue = (1 << 5), /**< For user notifications only. 00472 Indication by API to the UI that 00473 there is a network condition. */ 00474 Quarantined = (1 << 6), /**< Indicates that the VPN session is being 00475 Quarantined by the secure gateway. */ 00476 AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend 00477 is enabled. */ 00478 DisconnectAllowed = (1 << 8), /**< Indicates that the user is allowed 00479 to disconnect the VPN based on 00480 policy. */ 00481 VPNDisabled = (1 << 9), /**< Indicates that the VPN service is 00482 to be marked as disabled. */ 00483 SCEPMode = (1 << 10), /**< Indicates that the client is 00484 performing a SCEP cert enrollment. */ 00485 OnTrustedNetwork = (1 << 11), /**< Indicates that at last check, the 00486 client detected that it was on 00487 a trusted network. */ 00488 ManualHostInputAllowed = (1 << 12), /**< Indicates that the user is allowed 00489 to add a new host by typing its name 00490 in the VPN edit box. */ 00491 ErrorSuppressed = (1 << 13), /**< Indicates a connection error has 00492 been returned fronm the agent, but 00493 was suppressed to warning to 00494 prevent popup dialog in the UI. */ 00495 StrictMode = (1 << 14) /**< Indicates that the client is 00496 running in strict certificate trust mode. */ 00497 }; 00498 00499 #if defined(PLATFORM_ANDROID) 00500 #if defined(__midl) 00501 [v1_enum] /*serialize as 32 bits*/ 00502 #endif 00503 /** 00504 * Indicates the mode to use for Certificate Based Authentication. 00505 * CertAuth_Automatic is the same as the default AnyConnect configuration. 00506 */ 00507 enum CertAuthMode 00508 { 00509 CertAuth_Automatic, /**< Will try each available certificate in succession 00510 until authentication is obtained or we run out of 00511 available certificates */ 00512 CertAuth_Disabled, /**< Will disable Certificate Based Authentication */ 00513 CertAuth_Manual /**< Will only use preconfigured certificate to attempt 00514 Certificate Based Authentication */ 00515 }; 00516 #endif 00517 00518 #endif // _APISTDHEADER_