AnyConnect Secure Mobility Client 4.3.00748

include/api.h

Go to the documentation of this file.
00001 #ifndef _APISTDHEADER_
00002 #define _APISTDHEADER_
00003 
00004 /**
00005  * @file
00006  * This file contains some basic compiler definitions as well as common enums.
00007  */
00008 
00009 //Not compatible with MIDL
00010 #if !defined(__midl)
00011 #ifdef _WIN32
00012     #pragma warning(disable:4251 4786)
00013 
00014     #ifndef UNICODE
00015         #define UNICODE
00016     #endif // UNICODE
00017 
00018     #ifndef _UNICODE
00019         #define _UNICODE
00020     #endif // _UNICODE
00021 
00022     #ifndef tstring
00023 /** std::wstring */
00024         #define tstring std::wstring    /**< my wstring description */
00025     #endif // tstring
00026 
00027 #else // non-windows
00028 
00029     #ifndef tstring
00030         #define tstring std::string
00031     #endif // tstring
00032 
00033 #endif // _WIN32
00034 
00035 #ifdef _UNICODE
00036     #define tostream std::wostream
00037 #else
00038     #define tostream std::ostream
00039 #endif /* UNICODE */
00040 
00041 
00042 //used when including implementation files directly in an EXE.
00043 #ifdef _NOEXPORTDLL
00044     #define VPN_VPNAPI
00045 #else
00046     #ifdef VPN_APIEXPORTS //api
00047         #define VPN_VPNAPI __declspec(dllexport)
00048     #else
00049         #define VPN_VPNAPI __declspec(dllimport)
00050     #endif
00051 #endif
00052 
00053 #ifndef OUT
00054 #define OUT
00055 #endif
00056 
00057 #ifdef __cplusplus //only include if C++ is being used, 
00058                    //C code also includes api.h for COM proxy of enumerators.
00059 #include <string>
00060 #include <map>
00061 
00062 typedef std::map<tstring, tstring> ApiStringMap;
00063 
00064 #endif //__cplusplus
00065 #endif //#if !defined(__midl)
00066 
00067 
00068 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
00069 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
00070 \******************** This is also compiled with IDL compiler **********************/
00071 
00072 #include "GlobalEnums.h"
00073 /**
00074  * MessageType
00075  * presents a level of severity associated with messages that are
00076  * sent to the API.  The severity can be useful for deciding how a message is
00077  * to be shown.  A UI might decide based on type to show a message as
00078  * a modal dialog versus a message written to the status area for an existing UI.
00079  */
00080 #if defined(__midl)
00081 [v1_enum] /*serialize as 32 bits*/
00082 #endif
00083 enum MessageType
00084 {
00085     MsgType_Error,      /**< Issue usually requiring user to acknowledge */
00086     MsgType_Warn,       /**< Less severe, not required to be shown to user */
00087     MsgType_Info,       /**< General message providing status, progress, etc. */
00088     MsgType_Status      /**< Can be used to indicate unexpected tunnel status change. */
00089 };
00090 
00091 
00092 /**
00093  * Identifies the type of token that was used successfully when SDI
00094  * Authentication is in use.
00095  */
00096 #if defined(__midl)
00097 [v1_enum] /*serialize as 32 bits*/
00098 #endif
00099 enum SDITokenType 
00100 { 
00101     SDITT_NONE, 
00102     SDITT_HARDWARE, 
00103     SDITT_SOFTWARE 
00104 };
00105 
00106 /**
00107  * Provides the current state of the VPN tunnel.
00108  */
00109 #if defined(__midl)
00110 [v1_enum] /*serialize as 32 bits*/
00111 #endif
00112 enum VPNState
00113 {
00114     CONNECTED     = STATE_CONNECTED,        /**< VPN is active */
00115     DISCONNECTED  = STATE_DISCONNECTED,     /**< VPN is inactive */
00116     CONNECTING    = STATE_CONNECTING,       /**< VPN is being established */
00117     DISCONNECTING = STATE_DISCONNECTING,    /**< VPN is being terminated */
00118     RECONNECTING  = STATE_RECONNECTING,     /**< VPN is being re-connected.  This state 
00119                                                  can occur due to network or other
00120                                                  temporary problems.  The state
00121                                                  indicates that the VPN is temporarily
00122                                                  unavailable and indicates the
00123                                                  connection is being re-established. */
00124     PAUSING       = STATE_PAUSING,          /**< VPN is being paused. */
00125     PAUSED        = STATE_PAUSED,           /**< VPN is paused. */
00126     SSOPOLLING    = STATE_SSOPOLLING,       /**< API is doing auth-poll, VPN is disconnected. */
00127     UNKNOWN       = ~0
00128 };
00129 
00130 /**
00131  * Provides the current sub-state of the VPN tunnel.
00132  */
00133 #if defined(__midl)
00134 [v1_enum] /*serialize as 32 bits*/
00135 #endif
00136 enum VPNSubState
00137 {
00138     VPNSS_NORMAL           = VCSS_NORMAL,
00139     VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY
00140 };
00141 
00142 /**
00143  * WMHint
00144  * provides a hint for the GUI to either minimize or un-minimize.
00145  */
00146 #if defined(__midl)
00147 [v1_enum] /*serialize as 32 bits*/
00148 #endif
00149 enum WMHint
00150 {
00151     MINIMIZE,       /**< hint to minimize GUI */
00152     OPEN,           /**< hint to un-minimize GUI */
00153     QUIT,           /**< hint that GUI should close.  @see WMHintReason */
00154     REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
00155     REFRESHPREFS,   /**< hint to refresh the preferences */
00156     SHOWCONNECTING  /**< hint to display "connecting" status */
00157 };
00158 
00159 
00160 /**
00161  * WMHintReason
00162  * provides a reason indicator for the #WMHint
00163  */
00164 #if defined(__midl)
00165 [v1_enum] /*serialize as 32 bits*/
00166 #endif
00167 enum WMHintReason
00168 {
00169     SECONDGUISTART, /**< Indicates a second GUI has been launched.  This
00170                          indicator is used to suggest that the GUI
00171                          already running be OPENed and that the first one
00172                          should exit. */
00173     PROXYREQUEST,   /**< Proxy credential request can be for web-launch or
00174                          standalone-initiated connections. */
00175     SERVICEFAILURE, /**< This tag is used when the VPN service
00176                          is no longer available. */
00177     DISCONNECT,     /**< Any disconnect notices should be seen by the user. */
00178     SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
00179                          has been stopped. */
00180     CONNECT,        /**< Tag indicating an action to be taken due to connect,
00181                          for example a request to minimize the UI. */
00182     REASONUNKNOWN   /**< */
00183 };
00184 
00185 /**
00186  * provides an indication of the type of credential data being requested.
00187  */
00188 #if defined(__midl)
00189 [v1_enum] /*serialize as 32 bits*/
00190 #endif
00191 enum ConnectPromptType
00192 {
00193     CERTIFICATE,    /**< Indicates a certificate-only type of connection and
00194                          would not normally be sent to client unless a
00195                          post-authentication banner is to be displayed. */
00196     CREDENTIALS,    /**< Indicates that the user is to be prompted for authentication
00197                          credentials */
00198     PROXY,          /**< Indicates that the user is to be prompted for
00199                          proxy-authentication credentials */
00200     STATUS,         /**< Indicates that status messages are to be displayed to
00201                          the user*/
00202     SINGLESIGNON,   /**< Indicates a browser based single sign-on authentication method is requested. */
00203 };
00204 
00205 
00206 /**
00207  * Indicates the prompt or credential type.
00208  */
00209 #if defined(__midl)
00210 [v1_enum] /*serialize as 32 bits*/
00211 #endif
00212 enum PromptType { Prompt_Input,     /**< label and value. */
00213                   Prompt_Password,  /**< label and value, indicates user
00214                                          response should be masked. */
00215                   Prompt_Banner,    /**< value (the banner) with no label set. */
00216                   Prompt_Combo,     /**< list with choices options. */
00217                   Prompt_Header,    /**< label intended as header and with
00218                                          value. */
00219                   Prompt_Hidden,    /**< hidden value, should be ignored and
00220                                          left unchanged in response. */
00221                   Prompt_CheckBox   /**< label and value (contrained to true or false) */
00222 };
00223 
00224 #if defined(__midl)
00225 [v1_enum] /*serialize as 32 bits*/
00226 #endif
00227 
00228 /* 
00229  * ***************** !!! ATTENTION !!! ***********************************
00230  * *
00231  * * When updating this preference enum, you must ensure that the enum in
00232  * * vpn/Api/jni/java/Preference.java is also updated.
00233  * *
00234  * ***************** !!! ATTENTION !!! ***********************************
00235  */
00236 enum PreferenceId 
00237 {
00238     ServiceDisable,             /**< This preference disable the VPN service.  
00239                                  If more than one profile exists and any one
00240                                  profile has VPN enabled, then it will be
00241                                  enabled.  False is the default. */
00242     CertificateStoreOverride,/**< This preference will trigger an alternate 
00243                                  authentication sequence in the API. The 
00244                                  preference is only settable by an 
00245                                  administrator. */
00246     CertificateStore,       /**< This preference indicates which certificate 
00247                                  store AnyConnect should look in for    
00248                                  certificates. The options are All, Machine 
00249                                  and User with a default of All. The preference 
00250                                  is only settable by an administrator. */
00251     ShowPreConnectMessage,  /**< The ShowPreConnectMessage preference gives the
00252                                  administrator the ability to display an AnyConnect 
00253                                  startup banner message. The message will appear 
00254                                  only once per AnyConnect program start. The  
00255                                  preference is only settable by an 
00256                                  administrator. */
00257     AutoConnectOnStart,     /**< This preference allows the user to select 
00258                                  whether to establish a connection automatically
00259                                  on startup or not. */
00260     MinimizeOnConnect,      /**< This preference allows the user to select if
00261                                  the GUI should minimize when the connection is
00262                                  established */
00263     LocalLanAccess,         /**< This preference will provide a mechanism where 
00264                                  the user can disable access to their Local LAN. */
00265     DisableCaptivePortalDetection, /**<This preference will provide a mechanism where
00266                                    the user can disable captive portal detection.*/
00267     AutoReconnect,          /**< First control of the reconnect behavior. If the 
00268                                  client becomes disconnected for any reason, a 
00269                                  reconnect attempt is made.   */
00270     AutoReconnectBehavior,  /**< Second control of the reconnect behavior. When
00271                                  coming out of suspend/hibernate/standby mode. 
00272                                  Options are disconnect on suspend and reconnect 
00273                                  after suspend. */
00274     UseStartBeforeLogon,    /**< This preference allows an administrator to 
00275                                  control the use of the Start Before Logon 
00276                                  feature. The preference can be set to true (on) 
00277                                  or false (off). */
00278     AutoUpdate,             /**< Once the Downloader has loaded the profile, it 
00279                                  can check the AutoUpdate preference to see if 
00280                                  updates are either disabled or enabled */
00281     RSASecurIDIntegration,  /**< This preference will enable the administrator 
00282                                  and possibly end user to select the preferred 
00283                                  method of managing their SDI PIN and PASSCODE 
00284                                  interactions. Options are Automatic (default), 
00285                                  SoftwareTokens and HardwareTokens. */
00286     WindowsLogonEnforcement,/**< This preference allows an administrator to
00287                                  control if more than one user may be logged into
00288                                  the client PC during the VPN connection (Windows
00289                                  only). */
00290     WindowsVPNEstablishment,/**< This preference allows an administrator to
00291                                  control whether or not remote users may initiate
00292                                  a VPN connection (Windows only). */
00293     ProxySettings,          /**< This preference allows an administrator to
00294                                  control how user's proxy setups are handled.*/
00295     AllowLocalProxyConnections, /**< This preference allows the administrator to control
00296                                  whether to allow establishing a connection through
00297                                  a local proxy. */
00298     PPPExclusion,           /**< This preference allows an administrator to control
00299                                  the policy used to exclude routes to
00300                                  PPP servers when connecting over L2TP or PPTP.
00301                                  Options are Automatic (default), Disable,
00302                                  and Override. */
00303     PPPExclusionServerIP,   /**< When PPPExclusion is set to Manual,
00304                                  the value of this preference allows an
00305                                  end user to specify the address of a
00306                                  PPP server that should be excluded
00307                                  from tunnel traffic. */
00308     AutomaticVPNPolicy,     /**< This preference allows an administrator to 
00309                                  define a policy to automatically manage when a 
00310                                  VPN connection should be started or stopped. */
00311     TrustedNetworkPolicy,   /**< This preference allows an administrator to 
00312                                  define a policy for users in trusted networks.
00313                                  The options are: Disconnect or DoNothing. */
00314     UntrustedNetworkPolicy, /**< This preference allows an administrator to 
00315                                  define a policy for users in untrusted networks.
00316                                  The options are: Connect or DoNothing. */
00317     TrustedDNSDomains,      /**< This preference defines a list of comma 
00318                                  separated DNS suffixes that a network interface
00319                                  in a trusted network might have. */
00320     TrustedDNSServers,      /**< This preference defines a list of comma 
00321                                  separated DNS servers that a network interface
00322                                  in a trusted network might have. */
00323     TrustedHttpsServerList,  /**< This preference defines a list of comma separated
00324                                   https servers reachable only via a trusted network.*/
00325     AlwaysOn,               /**< This preference governs VPN reestablishment after
00326                                  interruptions */
00327     ConnectFailurePolicy,   /**< This preference gives the network administrator 
00328                                  the ability to dictate the network access allowed
00329                                  by the client endpoint device following a VPN
00330                                  connection establishment failure. It is a component
00331                                  of AlwaysOn */
00332     AllowCaptivePortalRemediation, /**< This preference gives the network administrator
00333                                     the ability to dictate the network access 
00334                                     allowed by the client endpoint device following
00335                                     a VPN connection establishment failure it is a
00336                                     component of AlwaysOn */
00337     CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
00338                                      the ability to impose a time limit for captive portal 
00339                                      remediation when the ConnectFailurePolicy value is Closed
00340                                      It is a component of AlwaysOn */
00341     ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 
00342                                        the ability to allow split routes and firewall rules 
00343                                        to be applied following a VPN connection establishment
00344                                        failure when the ConnectFailurePolicy value is Closed
00345                                        It is a component of AlwaysOn */
00346     AllowVPNDisconnect,     /**< During Always On, this specifies that the user is allowed to
00347                                  disconnect the VPN session. */
00348     EnableScripting,        /**< This preference allows an administrator to 
00349                                  enable scripting (on connect or on
00350                                  disconnect). */
00351     TerminateScriptOnNextEvent,   /**< This preference dictates whether or not
00352                                        AnyConnect will terminate a running script
00353                                        process if a transition to another
00354                                        scriptable event occurs. */
00355     EnablePostSBLOnConnectScript, /**< This preference is used to control whether
00356                                        or not the OnConnect script will be launched
00357                                        from the desktop GUI when a tunnel has been
00358                                        established via SBL. */
00359     AutomaticCertSelection,   /**< This preference dictates whether or not to disable
00360                                    the default automatic certificate selection for user
00361                                    certificates. If disabled, a certificate selection dialog is
00362                                    displayed. This only applies if the GUI is enabled
00363                                    and not SBL. This only applies to Windows (not WinMobile). */
00364     RetainVpnOnLogoff,        /**< First control of the logoff behavior. This preference allows
00365                                    an administrator to control if the VPN is terminated or retained
00366                                    after user logs off.*/
00367     UserEnforcement,          /**< Second control of the logoff behavior. When the VPN connection has
00368                                    been retained after user logged off. Controls what user can log in 
00369                                    and keep the VPN connection. Options are same user only and any user. */
00370     DeviceLockRequired,           /**< This preference indicates whether or not 
00371                                        a Windows Mobile device must be configured
00372                                        with a password or PIN prior to establishing
00373                                        a VPN connection. This configuration is 
00374                                        only valid on Windows Mobile devices that
00375                                        use the Microsoft Default Local 
00376                                        Authentication Provider (LAP). */
00377     DeviceLockMaximumTimeoutMinutes,   /**< When set to a non-negative number, 
00378                                             this preference specifies the maximum
00379                                             number of minutes a device can be 
00380                                             inactive before device lock takes 
00381                                             into effect. (WM5/WM5AKU2+) */
00382     DeviceLockMinimumPasswordLength,   /**< When set to a non-negative number, 
00383                                             this preference specifies that any 
00384                                             PIN/password used for device lock 
00385                                             must be equal to or longer than
00386                                             the specified value, in characters.
00387                                             This setting must be pushed down to
00388                                             the mobile device by syncing with 
00389                                             an Exchange server before it can be 
00390                                             enforced. (WM5AKU2+) */
00391     DeviceLockPasswordComplexity,      /**< This preference checks whether or 
00392                                             not the password belongs to one of
00393                                             three subtypes: alpha, pin, strong */
00394     EnableAutomaticServerSelection,    /**< Automatic server selection will 
00395                                             automatically select the optimal 
00396                                             secure gateway for the endpoint */
00397     AutoServerSelectionImprovement,    /**< During a reconnection attempt after
00398                                             a system resume, this setting 
00399                                             specifies the minimum  estimated
00400                                             performance improvement required to
00401                                             justify transitioning a user to a new server 
00402                                             This value represents percentage in 0..100 */
00403     AutoServerSelectionSuspendTime,    /**< During a reconnection attempt after
00404                                             a system resume, this specifies the
00405                                             minimum time a user must have been 
00406                                             suspended in order to justify a new
00407                                             server selection calculation. Unit is hours */
00408     AuthenticationTimeout,             /**< Time, in seconds, that the client waits
00409                                             for authentication to be completed.*/
00410     SafeWordSofTokenIntegration,  /**< This preference will enable the administrator and possibly
00411                                        the end user to enable SafeWord SofToken integration.
00412                                        Options are Enabled (true) and Disabled (false - default). */
00413     AllowIPsecOverSSL,                      /**< if 'true' then tunneling of IPSEC over SSL
00414                                             is made possible with help from the ASA.
00415                                         */
00416     ClearSmartcardPin,                 /**< This preference controls whether the smartcard pin
00417                                             will be cleared on a successful connection*/
00418     IPProtocolSupport,                 /**< This preference controls which protocol(s) will be 
00419                                             allowed for the connection*/
00420     AllowManualHostInput,              /**< This preference specifies whether the user
00421                                             is allowed to type a new hostname in the VPN
00422                                             edit box. */
00423     BlockUntrustedServers,             /**< This preference specifies whether the user wants
00424                                             to allow for connections to secure gateways with
00425                                             certificate errors. */
00426     PublicProxyServerAddress,          /**< This preference specifies the public proxy server
00427                                             address to be used. This number is in the format
00428                                             ServerAddr:ServerPort (ex. 101.89.85.444:8080)
00429                                             or just the FQDN. */
00430     UnknownPreference
00431 }; 
00432 
00433 
00434 /** 
00435  * Indicates the scope of the preferences contained in a PreferenceInfo object 
00436  */
00437 #if defined(__midl)
00438 [v1_enum] /*serialize as 32 bits*/
00439 #endif
00440 enum PreferenceScope    
00441 {
00442     User,               /**< Indicates that the preferences were set by a user */
00443     Global,             /**< Indicates that the preferences are global */
00444     UserAndGlobal       /**< Indicates that we have both user and global preferences */
00445 };
00446 
00447 /** 
00448  * Indicates the client mode of operation. Unlike tunneling mode or other 
00449  * mutually exclusive modes, client operating modes are independent settings,
00450  * several of which can be turned on simultaneously.  
00451  */
00452 #if defined(__midl)
00453 [v1_enum] /*serialize as 32 bits*/
00454 #endif
00455 enum OperatingMode
00456 {
00457     FIPS                     = (1 << 0), /**< Indicates that the client is 
00458                                               running in FIPS mode. */
00459     StartBeforeLogon         = (1 << 1), /**< Indicates that the client is 
00460                                               running in Start Before Login 
00461                                               mode. */
00462     GUI                      = (1 << 2), /**< Indicates that the client is 
00463                                               a GUI client (not the CLI). */
00464     TrustedNetworkDetection  = (1 << 3), /**< Indicates that a Trusted Network
00465                                               Detection policy is enabled for
00466                                               the client. */
00467     AlwaysOnVpn              = (1 << 4), /**< Indicates that the Always On 
00468                                               policy is enabled for the client. */
00469     NetworkIssue             = (1 << 5), /**< For user notifications only.
00470                                               Indication by API to the UI that
00471                                               there is a network condition. */
00472     Quarantined              = (1 << 6), /**< Indicates that the VPN session is being 
00473                                               Quarantined by the secure gateway. */
00474     AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
00475                                               is enabled. */
00476     DisconnectAllowed        = (1 << 8), /**< Indicates that the user is allowed
00477                                               to disconnect the VPN based on 
00478                                               policy. */
00479     VPNDisabled              = (1 << 9), /**< Indicates that the VPN service is
00480                                               to be marked as disabled. */
00481     SCEPMode                 = (1 << 10), /**< Indicates that the client is
00482                                                performing a SCEP cert enrollment. */
00483     OnTrustedNetwork         = (1 << 11), /**< Indicates that at last check, the
00484                                                client detected that it was on
00485                                                a trusted network. */
00486     ManualHostInputAllowed   = (1 << 12), /**< Indicates that the user is allowed
00487                                                to add a new host by typing its name
00488                                                in the VPN edit box. */
00489     ErrorSuppressed          = (1 << 13), /**< Indicates a connection error has
00490                                                been returned fronm the agent, but
00491                                                was suppressed to warning to 
00492                                                prevent popup dialog in the UI. */
00493     StrictMode               = (1 << 14)  /**< Indicates that the client is 
00494                                                running in strict certificate trust mode. */
00495 };
00496 
00497 #if defined(PLATFORM_ANDROID)
00498 #if defined(__midl)
00499 [v1_enum] /*serialize as 32 bits*/
00500 #endif
00501 /** 
00502  * Indicates the mode to use for Certificate Based Authentication.
00503  * CertAuth_Automatic is the same as the default AnyConnect configuration.
00504  */
00505 enum CertAuthMode
00506 {
00507     CertAuth_Automatic, /**< Will try each available certificate in succession
00508                              until authentication is obtained or we run out of 
00509                              available certificates */
00510     CertAuth_Disabled,  /**< Will disable Certificate Based Authentication */
00511     CertAuth_Manual     /**< Will only use preconfigured certificate to attempt
00512                              Certificate Based Authentication */
00513 };
00514 #endif
00515 
00516 #endif // _APISTDHEADER_