AnyConnect Secure Mobility Client 4.4.00243

include/api.h

Go to the documentation of this file.
00001 #ifndef _APISTDHEADER_
00002 #define _APISTDHEADER_
00003 
00004 /**
00005  * @file
00006  * This file contains some basic compiler definitions as well as common enums.
00007  */
00008 
00009 //Not compatible with MIDL
00010 #if !defined(__midl)
00011 #ifdef _WIN32
00012     #pragma warning(disable:4251 4786)
00013 
00014     #ifndef UNICODE
00015         #define UNICODE
00016     #endif // UNICODE
00017 
00018     #ifndef _UNICODE
00019         #define _UNICODE
00020     #endif // _UNICODE
00021 
00022     #ifndef tstring
00023 /** std::wstring */
00024         #define tstring std::wstring    /**< my wstring description */
00025     #endif // tstring
00026 
00027 #else // non-windows
00028 
00029     #ifndef tstring
00030         #define tstring std::string
00031     #endif // tstring
00032 
00033 #endif // _WIN32
00034 
00035 #ifdef _UNICODE
00036     #define tostream std::wostream
00037 #else
00038     #define tostream std::ostream
00039 #endif /* UNICODE */
00040 
00041 
00042 //used when including implementation files directly in an EXE.
00043 #ifdef _NOEXPORTDLL
00044     #define VPN_VPNAPI
00045 #else
00046     #ifdef _WIN32
00047         #ifdef VPN_APIEXPORTS //api
00048             #define VPN_VPNAPI __declspec(dllexport)
00049         #else
00050             #define VPN_VPNAPI __declspec(dllimport)
00051         #endif
00052     #else    
00053         #ifdef VPN_APIEXPORTS
00054             #define VPN_VPNAPI  __attribute__((visibility("default")))
00055         #else
00056             #define VPN_VPNAPI
00057         #endif
00058     #endif //_WIN32
00059 #endif //NOEXPORTDLL
00060 
00061 #ifndef OUT
00062 #define OUT
00063 #endif
00064 
00065 #ifdef __cplusplus //only include if C++ is being used, 
00066                    //C code also includes api.h for COM proxy of enumerators.
00067 #include <string>
00068 #include <map>
00069 #include <list>
00070 
00071 typedef std::map<tstring, tstring> ApiStringMap;
00072 typedef std::map<tstring, std::list<tstring> > ApiStringListMap;
00073 
00074 #endif //__cplusplus
00075 #endif //#if !defined(__midl)
00076 
00077 
00078 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
00079 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
00080 \******************** This is also compiled with IDL compiler **********************/
00081 
00082 #include "GlobalEnums.h"
00083 /**
00084  * MessageType
00085  * presents a level of severity associated with messages that are
00086  * sent to the API.  The severity can be useful for deciding how a message is
00087  * to be shown.  A UI might decide based on type to show a message as
00088  * a modal dialog versus a message written to the status area for an existing UI.
00089  */
00090 #if defined(__midl)
00091 [v1_enum] /*serialize as 32 bits*/
00092 #endif
00093 enum MessageType
00094 {
00095     MsgType_Error,      /**< Issue usually requiring user to acknowledge */
00096     MsgType_Warn,       /**< Less severe, not required to be shown to user */
00097     MsgType_Info,       /**< General message providing status, progress, etc. */
00098     MsgType_Status      /**< Can be used to indicate unexpected tunnel status change. */
00099 };
00100 
00101 
00102 /**
00103  * Identifies the type of token that was used successfully when SDI
00104  * Authentication is in use.
00105  */
00106 #if defined(__midl)
00107 [v1_enum] /*serialize as 32 bits*/
00108 #endif
00109 enum SDITokenType 
00110 { 
00111     SDITT_NONE, 
00112     SDITT_HARDWARE, 
00113     SDITT_SOFTWARE 
00114 };
00115 
00116 /**
00117  * Provides the current state of the VPN tunnel.
00118  */
00119 #if defined(__midl)
00120 [v1_enum] /*serialize as 32 bits*/
00121 #endif
00122 enum VPNState
00123 {
00124     CONNECTED     = STATE_CONNECTED,        /**< VPN is active */
00125     DISCONNECTED  = STATE_DISCONNECTED,     /**< VPN is inactive */
00126     CONNECTING    = STATE_CONNECTING,       /**< VPN is being established */
00127     DISCONNECTING = STATE_DISCONNECTING,    /**< VPN is being terminated */
00128     RECONNECTING  = STATE_RECONNECTING,     /**< VPN is being re-connected.  This state 
00129                                                  can occur due to network or other
00130                                                  temporary problems.  The state
00131                                                  indicates that the VPN is temporarily
00132                                                  unavailable and indicates the
00133                                                  connection is being re-established. */
00134     PAUSING       = STATE_PAUSING,          /**< VPN is being paused. */
00135     PAUSED        = STATE_PAUSED,           /**< VPN is paused. */
00136     SSOPOLLING    = STATE_SSOPOLLING,       /**< API is doing auth-poll, VPN is disconnected. */
00137     UNKNOWN       = ~0
00138 };
00139 
00140 /**
00141  * Provides the current sub-state of the VPN tunnel.
00142  */
00143 #if defined(__midl)
00144 [v1_enum] /*serialize as 32 bits*/
00145 #endif
00146 enum VPNSubState
00147 {
00148     VPNSS_NORMAL           = VCSS_NORMAL,
00149     VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY,
00150     VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING
00151 };
00152 
00153 /**
00154  * WMHint
00155  * provides a hint for the GUI to either minimize or un-minimize.
00156  */
00157 #if defined(__midl)
00158 [v1_enum] /*serialize as 32 bits*/
00159 #endif
00160 enum WMHint
00161 {
00162     MINIMIZE,       /**< hint to minimize GUI */
00163     OPEN,           /**< hint to un-minimize GUI */
00164     QUIT,           /**< hint that GUI should close.  @see WMHintReason */
00165     REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
00166     REFRESHPREFS,   /**< hint to refresh the preferences */
00167     SHOWCONNECTING  /**< hint to display "connecting" status */
00168 };
00169 
00170 
00171 /**
00172  * WMHintReason
00173  * provides a reason indicator for the #WMHint
00174  */
00175 #if defined(__midl)
00176 [v1_enum] /*serialize as 32 bits*/
00177 #endif
00178 enum WMHintReason
00179 {
00180     SECONDGUISTART, /**< Indicates a second GUI has been launched.  This
00181                          indicator is used to suggest that the GUI
00182                          already running be OPENed and that the first one
00183                          should exit. */
00184     PROXYREQUEST,   /**< Proxy credential request can be for web-launch or
00185                          standalone-initiated connections. */
00186     SERVICEFAILURE, /**< This tag is used when the VPN service
00187                          is no longer available. */
00188     DISCONNECT,     /**< Any disconnect notices should be seen by the user. */
00189     SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
00190                          has been stopped. */
00191     CONNECT,        /**< Tag indicating an action to be taken due to connect,
00192                          for example a request to minimize the UI. */
00193     REASONUNKNOWN   /**< */
00194 };
00195 
00196 /**
00197  * provides an indication of the type of credential data being requested.
00198  */
00199 #if defined(__midl)
00200 [v1_enum] /*serialize as 32 bits*/
00201 #endif
00202 enum ConnectPromptType
00203 {
00204     CERTIFICATE,    /**< Indicates a certificate-only type of connection and
00205                          would not normally be sent to client unless a
00206                          post-authentication banner is to be displayed. */
00207     CREDENTIALS,    /**< Indicates that the user is to be prompted for authentication
00208                          credentials */
00209     PROXY,          /**< Indicates that the user is to be prompted for
00210                          proxy-authentication credentials */
00211     STATUS,         /**< Indicates that status messages are to be displayed to
00212                          the user*/
00213     SINGLESIGNON,   /**< Indicates a browser based single sign-on authentication method is requested. */
00214 };
00215 
00216 
00217 /**
00218  * Indicates the prompt or credential type.
00219  */
00220 #if defined(__midl)
00221 [v1_enum] /*serialize as 32 bits*/
00222 #endif
00223 enum PromptType { Prompt_Input,     /**< label and value. */
00224                   Prompt_Password,  /**< label and value, indicates user
00225                                          response should be masked. */
00226                   Prompt_Banner,    /**< value (the banner) with no label set. */
00227                   Prompt_Combo,     /**< list with choices options. */
00228                   Prompt_Header,    /**< label intended as header and with
00229                                          value. */
00230                   Prompt_Hidden,    /**< hidden value, should be ignored and
00231                                          left unchanged in response. */
00232                   Prompt_CheckBox   /**< label and value (contrained to true or false) */
00233 };
00234 
00235 #if defined(__midl)
00236 [v1_enum] /*serialize as 32 bits*/
00237 #endif
00238 
00239 /* 
00240  * ***************** !!! ATTENTION !!! ***********************************
00241  * *
00242  * * When updating this preference enum, you must ensure that the enum in
00243  * * vpn/Api/jni/java/Preference.java is also updated.
00244  * *
00245  * ***************** !!! ATTENTION !!! ***********************************
00246  */
00247 enum PreferenceId 
00248 {
00249     ServiceDisable,             /**< This preference disable the VPN service.  
00250                                  If more than one profile exists and any one
00251                                  profile has VPN enabled, then it will be
00252                                  enabled.  False is the default. */
00253     CertificateStoreOverride,/**< This preference will trigger an alternate 
00254                                  authentication sequence in the API. The 
00255                                  preference is only settable by an 
00256                                  administrator. */
00257     CertificateStore,       /**< This preference indicates which certificate 
00258                                  store AnyConnect should look in for    
00259                                  certificates. The options are All, Machine 
00260                                  and User with a default of All. The preference 
00261                                  is only settable by an administrator. */
00262     ShowPreConnectMessage,  /**< The ShowPreConnectMessage preference gives the
00263                                  administrator the ability to display an AnyConnect 
00264                                  startup banner message. The message will appear 
00265                                  only once per AnyConnect program start. The  
00266                                  preference is only settable by an 
00267                                  administrator. */
00268     AutoConnectOnStart,     /**< This preference allows the user to select 
00269                                  whether to establish a connection automatically
00270                                  on startup or not. */
00271     MinimizeOnConnect,      /**< This preference allows the user to select if
00272                                  the GUI should minimize when the connection is
00273                                  established */
00274     LocalLanAccess,         /**< This preference will provide a mechanism where 
00275                                  the user can disable access to their Local LAN. */
00276     DisableCaptivePortalDetection, /**<This preference will provide a mechanism where
00277                                    the user can disable captive portal detection.*/
00278     AutoReconnect,          /**< First control of the reconnect behavior. If the 
00279                                  client becomes disconnected for any reason, a 
00280                                  reconnect attempt is made.   */
00281     AutoReconnectBehavior,  /**< Second control of the reconnect behavior. When
00282                                  coming out of suspend/hibernate/standby mode. 
00283                                  Options are disconnect on suspend and reconnect 
00284                                  after suspend. */
00285     UseStartBeforeLogon,    /**< This preference allows an administrator to 
00286                                  control the use of the Start Before Logon 
00287                                  feature. The preference can be set to true (on) 
00288                                  or false (off). */
00289     AutoUpdate,             /**< Once the Downloader has loaded the profile, it 
00290                                  can check the AutoUpdate preference to see if 
00291                                  updates are either disabled or enabled */
00292     RSASecurIDIntegration,  /**< This preference will enable the administrator 
00293                                  and possibly end user to select the preferred 
00294                                  method of managing their SDI PIN and PASSCODE 
00295                                  interactions. Options are Automatic (default), 
00296                                  SoftwareTokens and HardwareTokens. */
00297     WindowsLogonEnforcement,/**< This preference allows an administrator to
00298                                  control if more than one user may be logged into
00299                                  the client PC during the VPN connection (Windows
00300                                  only). */
00301     WindowsVPNEstablishment,/**< This preference allows an administrator to
00302                                  control whether or not remote users may initiate
00303                                  a VPN connection (Windows only). */
00304     ProxySettings,          /**< This preference allows an administrator to
00305                                  control how user's proxy setups are handled.*/
00306     AllowLocalProxyConnections, /**< This preference allows the administrator to control
00307                                  whether to allow establishing a connection through
00308                                  a local proxy. */
00309     PPPExclusion,           /**< This preference allows an administrator to control
00310                                  the policy used to exclude routes to
00311                                  PPP servers when connecting over L2TP or PPTP.
00312                                  Options are Automatic (default), Disable,
00313                                  and Override. */
00314     PPPExclusionServerIP,   /**< When PPPExclusion is set to Manual,
00315                                  the value of this preference allows an
00316                                  end user to specify the address of a
00317                                  PPP server that should be excluded
00318                                  from tunnel traffic. */
00319     AutomaticVPNPolicy,     /**< This preference allows an administrator to 
00320                                  define a policy to automatically manage when a 
00321                                  VPN connection should be started or stopped. */
00322     TrustedNetworkPolicy,   /**< This preference allows an administrator to 
00323                                  define a policy for users in trusted networks.
00324                                  The options are: Disconnect or DoNothing. */
00325     UntrustedNetworkPolicy, /**< This preference allows an administrator to 
00326                                  define a policy for users in untrusted networks.
00327                                  The options are: Connect or DoNothing. */
00328     TrustedDNSDomains,      /**< This preference defines a list of comma 
00329                                  separated DNS suffixes that a network interface
00330                                  in a trusted network might have. */
00331     TrustedDNSServers,      /**< This preference defines a list of comma 
00332                                  separated DNS servers that a network interface
00333                                  in a trusted network might have. */
00334     TrustedHttpsServerList,  /**< This preference defines a list of comma separated
00335                                   https servers reachable only via a trusted network.*/
00336     AlwaysOn,               /**< This preference governs VPN reestablishment after
00337                                  interruptions */
00338     ConnectFailurePolicy,   /**< This preference gives the network administrator 
00339                                  the ability to dictate the network access allowed
00340                                  by the client endpoint device following a VPN
00341                                  connection establishment failure. It is a component
00342                                  of AlwaysOn */
00343     AllowCaptivePortalRemediation, /**< This preference gives the network administrator
00344                                     the ability to dictate the network access 
00345                                     allowed by the client endpoint device following
00346                                     a VPN connection establishment failure it is a
00347                                     component of AlwaysOn */
00348     CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
00349                                      the ability to impose a time limit for captive portal 
00350                                      remediation when the ConnectFailurePolicy value is Closed
00351                                      It is a component of AlwaysOn */
00352     ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 
00353                                        the ability to allow split routes and firewall rules 
00354                                        to be applied following a VPN connection establishment
00355                                        failure when the ConnectFailurePolicy value is Closed
00356                                        It is a component of AlwaysOn */
00357     AllowVPNDisconnect,     /**< During Always On, this specifies that the user is allowed to
00358                                  disconnect the VPN session. */
00359     EnableScripting,        /**< This preference allows an administrator to 
00360                                  enable scripting (on connect or on
00361                                  disconnect). */
00362     TerminateScriptOnNextEvent,   /**< This preference dictates whether or not
00363                                        AnyConnect will terminate a running script
00364                                        process if a transition to another
00365                                        scriptable event occurs. */
00366     EnablePostSBLOnConnectScript, /**< This preference is used to control whether
00367                                        or not the OnConnect script will be launched
00368                                        from the desktop GUI when a tunnel has been
00369                                        established via SBL. */
00370     AutomaticCertSelection,   /**< This preference dictates whether or not to disable
00371                                    the default automatic certificate selection for user
00372                                    certificates. If disabled, a certificate selection dialog is
00373                                    displayed. This only applies if the GUI is enabled
00374                                    and not SBL. This only applies to Windows (not WinMobile). */
00375     RetainVpnOnLogoff,        /**< First control of the logoff behavior. This preference allows
00376                                    an administrator to control if the VPN is terminated or retained
00377                                    after user logs off.*/
00378     UserEnforcement,          /**< Second control of the logoff behavior. When the VPN connection has
00379                                    been retained after user logged off. Controls what user can log in 
00380                                    and keep the VPN connection. Options are same user only and any user. */
00381     DeviceLockRequired,           /**< This preference indicates whether or not 
00382                                        a Windows Mobile device must be configured
00383                                        with a password or PIN prior to establishing
00384                                        a VPN connection. This configuration is 
00385                                        only valid on Windows Mobile devices that
00386                                        use the Microsoft Default Local 
00387                                        Authentication Provider (LAP). */
00388     DeviceLockMaximumTimeoutMinutes,   /**< When set to a non-negative number, 
00389                                             this preference specifies the maximum
00390                                             number of minutes a device can be 
00391                                             inactive before device lock takes 
00392                                             into effect. (WM5/WM5AKU2+) */
00393     DeviceLockMinimumPasswordLength,   /**< When set to a non-negative number, 
00394                                             this preference specifies that any 
00395                                             PIN/password used for device lock 
00396                                             must be equal to or longer than
00397                                             the specified value, in characters.
00398                                             This setting must be pushed down to
00399                                             the mobile device by syncing with 
00400                                             an Exchange server before it can be 
00401                                             enforced. (WM5AKU2+) */
00402     DeviceLockPasswordComplexity,      /**< This preference checks whether or 
00403                                             not the password belongs to one of
00404                                             three subtypes: alpha, pin, strong */
00405     EnableAutomaticServerSelection,    /**< Automatic server selection will 
00406                                             automatically select the optimal 
00407                                             secure gateway for the endpoint */
00408     AutoServerSelectionImprovement,    /**< During a reconnection attempt after
00409                                             a system resume, this setting 
00410                                             specifies the minimum  estimated
00411                                             performance improvement required to
00412                                             justify transitioning a user to a new server 
00413                                             This value represents percentage in 0..100 */
00414     AutoServerSelectionSuspendTime,    /**< During a reconnection attempt after
00415                                             a system resume, this specifies the
00416                                             minimum time a user must have been 
00417                                             suspended in order to justify a new
00418                                             server selection calculation. Unit is hours */
00419     AuthenticationTimeout,             /**< Time, in seconds, that the client waits
00420                                             for authentication to be completed.*/
00421     SafeWordSofTokenIntegration,  /**< This preference will enable the administrator and possibly
00422                                        the end user to enable SafeWord SofToken integration.
00423                                        Options are Enabled (true) and Disabled (false - default). */
00424     AllowIPsecOverSSL,                      /**< if 'true' then tunneling of IPSEC over SSL
00425                                             is made possible with help from the ASA.
00426                                         */
00427     ClearSmartcardPin,                 /**< This preference controls whether the smartcard pin
00428                                             will be cleared on a successful connection*/
00429     IPProtocolSupport,                 /**< This preference controls which protocol(s) will be 
00430                                             allowed for the connection*/
00431     AllowManualHostInput,              /**< This preference specifies whether the user
00432                                             is allowed to type a new hostname in the VPN
00433                                             edit box. */
00434     BlockUntrustedServers,             /**< This preference specifies whether the user wants
00435                                             to allow for connections to secure gateways with
00436                                             certificate errors. */
00437     PublicProxyServerAddress,          /**< This preference specifies the public proxy server
00438                                             address to be used. This number is in the format
00439                                             ServerAddr:ServerPort (ex. 101.89.85.444:8080)
00440                                             or just the FQDN. */
00441     UnknownPreference
00442 }; 
00443 
00444 
00445 /** 
00446  * Indicates the scope of the preferences contained in a PreferenceInfo object 
00447  */
00448 #if defined(__midl)
00449 [v1_enum] /*serialize as 32 bits*/
00450 #endif
00451 enum PreferenceScope    
00452 {
00453     User,               /**< Indicates that the preferences were set by a user */
00454     Global,             /**< Indicates that the preferences are global */
00455     UserAndGlobal       /**< Indicates that we have both user and global preferences */
00456 };
00457 
00458 /** 
00459  * Indicates the client mode of operation. Unlike tunneling mode or other 
00460  * mutually exclusive modes, client operating modes are independent settings,
00461  * several of which can be turned on simultaneously.  
00462  */
00463 #if defined(__midl)
00464 [v1_enum] /*serialize as 32 bits*/
00465 #endif
00466 enum OperatingMode
00467 {
00468     FIPS                     = (1 << 0), /**< Indicates that the client is 
00469                                               running in FIPS mode. */
00470     StartBeforeLogon         = (1 << 1), /**< Indicates that the client is 
00471                                               running in Start Before Login 
00472                                               mode. */
00473     GUI                      = (1 << 2), /**< Indicates that the client is 
00474                                               a GUI client (not the CLI). */
00475     TrustedNetworkDetection  = (1 << 3), /**< Indicates that a Trusted Network
00476                                               Detection policy is enabled for
00477                                               the client. */
00478     AlwaysOnVpn              = (1 << 4), /**< Indicates that the Always On 
00479                                               policy is enabled for the client. */
00480     NetworkIssue             = (1 << 5), /**< For user notifications only.
00481                                               Indication by API to the UI that
00482                                               there is a network condition. */
00483     Quarantined              = (1 << 6), /**< Indicates that the VPN session is being 
00484                                               Quarantined by the secure gateway. */
00485     AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
00486                                               is enabled. */
00487     DisconnectAllowed        = (1 << 8), /**< Indicates that the user is allowed
00488                                               to disconnect the VPN based on 
00489                                               policy. */
00490     VPNDisabled              = (1 << 9), /**< Indicates that the VPN service is
00491                                               to be marked as disabled. */
00492     SCEPMode                 = (1 << 10), /**< Indicates that the client is
00493                                                performing a SCEP cert enrollment. */
00494     OnTrustedNetwork         = (1 << 11), /**< Indicates that at last check, the
00495                                                client detected that it was on
00496                                                a trusted network. */
00497     ManualHostInputAllowed   = (1 << 12), /**< Indicates that the user is allowed
00498                                                to add a new host by typing its name
00499                                                in the VPN edit box. */
00500     ErrorSuppressed          = (1 << 13), /**< Indicates a connection error has
00501                                                been returned fronm the agent, but
00502                                                was suppressed to warning to 
00503                                                prevent popup dialog in the UI. */
00504     StrictMode               = (1 << 14)  /**< Indicates that the client is 
00505                                                running in strict certificate trust mode. */
00506 };
00507 
00508 #if defined(PLATFORM_ANDROID)
00509 #if defined(__midl)
00510 [v1_enum] /*serialize as 32 bits*/
00511 #endif
00512 /** 
00513  * Indicates the mode to use for Certificate Based Authentication.
00514  * CertAuth_Automatic is the same as the default AnyConnect configuration.
00515  */
00516 enum CertAuthMode
00517 {
00518     CertAuth_Automatic, /**< Will try each available certificate in succession
00519                              until authentication is obtained or we run out of 
00520                              available certificates */
00521     CertAuth_Disabled,  /**< Will disable Certificate Based Authentication */
00522     CertAuth_Manual     /**< Will only use preconfigured certificate to attempt
00523                              Certificate Based Authentication */
00524 };
00525 #endif
00526 
00527 #endif // _APISTDHEADER_