AnyConnect Secure Mobility Client 5.1.9.113

include/api.h

Go to the documentation of this file.
00001 /**************************************************************************
00002 *   Copyright (c) 2008, 2022-2023 Cisco Systems, Inc.
00003 *   All Rights Reserved. Cisco Highly Confidential.
00004 ***************************************************************************
00005 *
00006 *   File: api.h
00007 *   Date: 01/2008
00008 *
00009 ***************************************************************************
00010 *   VPN GUI API module interface types
00011 ***************************************************************************/
00012 #ifndef _APISTDHEADER_
00013 #define _APISTDHEADER_
00014 
00015 /**
00016  * @file
00017  * This file contains some basic compiler definitions as well as common enums.
00018  */
00019 
00020 //Not compatible with MIDL
00021 #if !defined(__midl)
00022 #ifdef _WIN32
00023     #pragma warning(disable:4251 4786)
00024 
00025     #ifndef UNICODE
00026         #define UNICODE
00027     #endif // UNICODE
00028 
00029     #ifndef _UNICODE
00030         #define _UNICODE
00031     #endif // _UNICODE
00032 
00033     #ifndef tstring
00034 /** std::wstring */
00035         #define tstring std::wstring    /**< my wstring description */
00036     #endif // tstring
00037 
00038 #else // non-windows
00039 
00040     #ifndef tstring
00041         #define tstring std::string
00042     #endif // tstring
00043 
00044 #endif // _WIN32
00045 
00046 #ifdef _UNICODE
00047     #define tostream std::wostream
00048 #else
00049     #define tostream std::ostream
00050 #endif /* UNICODE */
00051 
00052 
00053 //used when including implementation files directly in an EXE.
00054 #ifdef _NOEXPORTDLL
00055     #define VPN_VPNAPI
00056 #else
00057     #ifdef _WIN32
00058         #ifdef VPN_APIEXPORTS //api
00059             #define VPN_VPNAPI __declspec(dllexport)
00060         #else
00061             #define VPN_VPNAPI __declspec(dllimport)
00062         #endif
00063     #else    
00064         #ifdef VPN_APIEXPORTS
00065             #define VPN_VPNAPI  __attribute__((visibility("default")))
00066         #else
00067             #define VPN_VPNAPI
00068         #endif
00069     #endif //_WIN32
00070 #endif //NOEXPORTDLL
00071 
00072 #ifndef OUT
00073 #define OUT
00074 #endif
00075 
00076 #ifndef IN
00077 #define IN
00078 #endif
00079 
00080 #ifdef __cplusplus //only include if C++ is being used, 
00081                    //C code also includes api.h for COM proxy of enumerators.
00082 #include <string>
00083 #include <map>
00084 #include <list>
00085 
00086 typedef std::map<tstring, tstring> ApiStringMap;
00087 typedef std::map<tstring, std::list<tstring> > ApiStringListMap;
00088 
00089 #endif //__cplusplus
00090 #endif //#if !defined(__midl)
00091 
00092 
00093 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
00094 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
00095 \******************** This is also compiled with IDL compiler **********************/
00096 
00097 #include "GlobalEnums.h"
00098 /**
00099  * MessageType
00100  * presents a level of severity associated with messages that are
00101  * sent to the API.  The severity can be useful for deciding how a message is
00102  * to be shown.  A UI might decide based on type to show a message as
00103  * a modal dialog versus a message written to the status area for an existing UI.
00104  */
00105 #if defined(__midl)
00106 [v1_enum] /*serialize as 32 bits*/
00107 #endif
00108 enum MessageType
00109 {
00110     MsgType_Error,      /**< Issue usually requiring user to acknowledge */
00111     MsgType_Alert,      /**< Warning message that must be shown to user. */
00112     MsgType_Warn,       /**< Less severe, not required to be shown to user */
00113     MsgType_Info,       /**< General message providing status, progress, etc. */
00114     MsgType_Status,     /**< Can be used to indicate unexpected tunnel status change. */
00115     MsgType_UrlError,   /**< Error message that provides additional information by opening browser. */
00116     MsgType_Announcement,/**< Informational message that must be shown to the user.
00117                              Announcements are currently only supported on desktop platforms. */
00118     MsgType_Ephemeral_Alert,/**< Warning message that must be shown to the user, but is closed by
00119                              the occurrence of an error, announcement, or alert message.
00120                              Ephemeral Alerts are currently only supported on desktop platforms */
00121 };
00122 
00123 
00124 /**
00125  * Identifies the type of token that was used successfully when SDI
00126  * Authentication is in use.
00127  */
00128 #if defined(__midl)
00129 [v1_enum] /*serialize as 32 bits*/
00130 #endif
00131 enum SDITokenType 
00132 { 
00133     SDITT_NONE, 
00134     SDITT_HARDWARE, 
00135     SDITT_SOFTWARE 
00136 };
00137 
00138 /**
00139  * Provides the current state of the VPN tunnel.
00140  */
00141 #if defined(__midl)
00142 [v1_enum] /*serialize as 32 bits*/
00143 #endif
00144 enum VPNState
00145 {
00146     CONNECTED     = STATE_CONNECTED,        /**< VPN is active */
00147     DISCONNECTED  = STATE_DISCONNECTED,     /**< VPN is inactive */
00148     CONNECTING    = STATE_CONNECTING,       /**< VPN is being established */
00149     DISCONNECTING = STATE_DISCONNECTING,    /**< VPN is being terminated */
00150     RECONNECTING  = STATE_RECONNECTING,     /**< VPN is being re-connected.  This state 
00151                                                  can occur due to network or other
00152                                                  temporary problems.  The state
00153                                                  indicates that the VPN is temporarily
00154                                                  unavailable and indicates the
00155                                                  connection is being re-established. */
00156     PAUSING       = STATE_PAUSING,          /**< VPN is being paused. */
00157     PAUSED        = STATE_PAUSED,           /**< VPN is paused. */
00158     SSOPOLLING    = STATE_SSOPOLLING,       /**< API is doing auth-poll, VPN is disconnected. */
00159     UNKNOWN       = ~0
00160 };
00161 
00162 /**
00163  * Provides the current sub-state of the VPN tunnel.
00164  */
00165 #if defined(__midl)
00166 [v1_enum] /*serialize as 32 bits*/
00167 #endif
00168 enum VPNSubState
00169 {
00170     VPNSS_NORMAL                            = VCSS_NORMAL,
00171     VPNSS_INDEFINITE_DELAY                  = VCSS_INDEFINITE_DELAY,
00172     VPNSS_SESSION_EXPIRING                  = VCSS_SESSION_EXPIRING,
00173     VPNSS_MT_DISCONNECTED_DISABLED          = VCSS_MT_DISCONNECTED_DISABLED,
00174     VPNSS_MT_DISCONNECTED_TRUSTED_NW        = VCSS_MT_DISCONNECTED_TRUSTED_NW,
00175     VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE,
00176     VPNSS_MT_DISCONNECTED_LAUNCH_FAILED     = VCSS_MT_DISCONNECTED_LAUNCH_FAILED,
00177     VPNSS_MT_DISCONNECTED_CONNECT_FAILED    = VCSS_MT_DISCONNECTED_CONNECT_FAILED,
00178     VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG    = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG,
00179     VPNSS_MT_DISCONNECTED_SW_UP_PENDING     = VCSS_MT_DISCONNECTED_SW_UP_PENDING,
00180     VPNSS_MTU_ADJUSTMENT_PENDING            = VCSS_MTU_ADJUSTMENT_PENDING
00181 };
00182 
00183 /**
00184  * WMHint
00185  * provides a hint for the GUI to either minimize or un-minimize.
00186  */
00187 #if defined(__midl)
00188 [v1_enum] /*serialize as 32 bits*/
00189 #endif
00190 enum WMHint
00191 {
00192     MINIMIZE,       /**< hint to minimize GUI */
00193     OPEN,           /**< hint to un-minimize GUI */
00194     QUIT,           /**< hint that GUI should close.  @see WMHintReason */
00195     REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
00196     REFRESHPREFS,   /**< hint to refresh the preferences */
00197     SHOWCONNECTING,  /**< hint to display "connecting" status */
00198     CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */
00199 };
00200 
00201 
00202 /**
00203  * WMHintReason
00204  * provides a reason indicator for the #WMHint
00205  */
00206 #if defined(__midl)
00207 [v1_enum] /*serialize as 32 bits*/
00208 #endif
00209 enum WMHintReason
00210 {
00211     SECONDGUISTART, /**< Indicates a second GUI has been launched.  This
00212                          indicator is used to suggest that the GUI
00213                          already running be OPENed and that the first one
00214                          should exit. */
00215     PROXYREQUEST,   /**< Proxy credential request can be for web-launch or
00216                          standalone-initiated connections. */
00217     SERVICEFAILURE, /**< This tag is used when the VPN service
00218                          is no longer available. */
00219     DISCONNECT,     /**< Any disconnect notices should be seen by the user. */
00220     SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
00221                          has been stopped. */
00222     CONNECT,        /**< Tag indicating an action to be taken due to connect,
00223                          for example a request to minimize the UI. */
00224     REASONUNKNOWN   /**< */
00225 };
00226 
00227 /**
00228  * provides an indication of the type of credential data being requested.
00229  */
00230 #if defined(__midl)
00231 [v1_enum] /*serialize as 32 bits*/
00232 #endif
00233 enum ConnectPromptType
00234 {
00235     CERTIFICATE,    /**< Indicates a certificate-only type of connection and
00236                          would not normally be sent to client unless a
00237                          post-authentication banner is to be displayed. */
00238     CREDENTIALS,    /**< Indicates that the user is to be prompted for authentication
00239                          credentials */
00240     PROXY,          /**< Indicates that the user is to be prompted for
00241                          proxy-authentication credentials */
00242     MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related
00243                               to PKCS12 import*/
00244     STATUS,         /**< Indicates that status messages are to be displayed to
00245                          the user*/
00246     SINGLESIGNON,   /**< Indicates an embedded browser based single sign-on authentication method is requested. */
00247     SINGLELOGOUT,   /**< Indicates an embedded browser based single sign-on authentication logout is requested. */
00248     LEGACY_SINGLESIGNON,   /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */
00249 };
00250 
00251 
00252 /**
00253  * Indicates the prompt or credential type.
00254  */
00255 #if defined(__midl)
00256 [v1_enum] /*serialize as 32 bits*/
00257 #endif
00258 enum PromptType { Prompt_Input,     /**< label and value. */
00259                   Prompt_Password,  /**< label and value, indicates user
00260                                          response should be masked. */
00261                   Prompt_Banner,    /**< value (the banner) with no label set. */
00262                   Prompt_Combo,     /**< list with choices options. */
00263                   Prompt_Header,    /**< label intended as header and with
00264                                          value. */
00265                   Prompt_Hidden,    /**< hidden value, should be ignored and
00266                                          left unchanged in response. */
00267                   Prompt_CheckBox,  /**< label and value (contrained to true or false) */
00268                   Prompt_SSO        /**< single sign-on authentication token prompt */
00269 };
00270 
00271 #if defined(__midl)
00272 [v1_enum] /*serialize as 32 bits*/
00273 #endif
00274 
00275 /* 
00276  * ***************** !!! ATTENTION !!! ***********************************
00277  * *
00278  * * When updating this preference enum, you must ensure that the enum in
00279  * * vpn/Api/jni/java/Preference.java is also updated.
00280  * *
00281  * ***************** !!! ATTENTION !!! ***********************************
00282  */
00283 enum PreferenceId 
00284 {
00285     ServiceDisable,             /**< This preference disable the VPN service.  
00286                                  If more than one profile exists and any one
00287                                  profile has VPN enabled, then it will be
00288                                  enabled.  False is the default. */
00289     CertificateStoreOverride,/**< This preference will trigger an alternate 
00290                                  authentication sequence in the API. The 
00291                                  preference is only settable by an 
00292                                  administrator. */
00293     CertificateStore,       /**< This preference indicates which Windows certificate 
00294                                  store AnyConnect should look in for client certificates.
00295                                  The options are All, Machine and User with a default of All.
00296                                  The preference is only settable by an administrator. */
00297     CertificateStoreMac,    /**< This preference indicates which macOS keychain
00298                                  AnyConnect should look in for client certificates. 
00299                                  The options are All, System and Login with a default of All. 
00300                                  The preference is only settable by an administrator. */
00301     CertificateStoreLinux,  /**< This preference indicates which Linux certificate
00302                                  store AnyConnect should look in for client certificates. 
00303                                  The options are All, Machine and User with a default of All. 
00304                                  The preference is only settable by an administrator. */
00305     ShowPreConnectMessage,  /**< The ShowPreConnectMessage preference gives the
00306                                  administrator the ability to display an AnyConnect 
00307                                  startup banner message. The message will appear 
00308                                  only once per AnyConnect program start. The  
00309                                  preference is only settable by an 
00310                                  administrator. */
00311     AutoConnectOnStart,     /**< This preference allows the user to select 
00312                                  whether to establish a connection automatically
00313                                  on startup or not. */
00314     MinimizeOnConnect,      /**< This preference allows the user to select if
00315                                  the GUI should minimize when the connection is
00316                                  established */
00317     LocalLanAccess,         /**< This preference will provide a mechanism where 
00318                                  the user can disable access to their Local LAN. */
00319     DisableCaptivePortalDetection, /**<This preference will provide a mechanism where
00320                                    the user can disable captive portal detection.*/
00321     AutoReconnect,          /**< First control of the reconnect behavior. If the 
00322                                  client becomes disconnected for any reason, a 
00323                                  reconnect attempt is made.   */
00324     AutoReconnectBehavior,  /**< Second control of the reconnect behavior. When
00325                                  coming out of suspend/hibernate/standby mode. 
00326                                  Options are disconnect on suspend and reconnect 
00327                                  after suspend. */
00328     SuspendOnConnectedStandby,  /**< This setting allows to control whether the VPN tunnel
00329                                      is suspended when the system enters the Connected Standby 
00330                                      mode. It applies only to Windows 8 and above. */
00331     UseStartBeforeLogon,    /**< This preference allows an administrator to 
00332                                  control the use of the Start Before Logon 
00333                                  feature. The preference can be set to true (on) 
00334                                  or false (off). */
00335     AutoUpdate,             /**< Once the Downloader has loaded the profile, it 
00336                                  can check the AutoUpdate preference to see if 
00337                                  updates are either disabled or enabled */
00338     RSASecurIDIntegration,  /**< This preference will enable the administrator 
00339                                  and possibly end user to select the preferred 
00340                                  method of managing their SDI PIN and PASSCODE 
00341                                  interactions. Options are Automatic (default), 
00342                                  SoftwareTokens and HardwareTokens. */
00343     WindowsLogonEnforcement,/**< This preference allows an administrator to
00344                                  control if more than one user may be logged into
00345                                  the client PC during the VPN connection (Windows
00346                                  only). */
00347     WindowsVPNEstablishment,/**< This preference allows an administrator to
00348                                  control whether or not remote users may initiate
00349                                  a VPN connection (Windows only). */
00350     LinuxLogonEnforcement,  /**< This preference allows an administrator to
00351                                  control if more than one user may be logged into
00352                                  the client PC during the VPN connection (Linux 
00353                                  only). */
00354     LinuxVPNEstablishment,  /**< This preference allows an administrator to
00355                                  control whether or not remote users may initiate
00356                                  a VPN connection (Linux only). */
00357     ProxySettings,          /**< This preference allows an administrator to
00358                                  control how user's proxy setups are handled.*/
00359     AllowLocalProxyConnections, /**< This preference allows the administrator to control
00360                                  whether to allow establishing a connection through
00361                                  a local proxy. */
00362     PPPExclusion,           /**< This preference allows an administrator to control
00363                                  the policy used to exclude routes to
00364                                  PPP servers when connecting over L2TP or PPTP.
00365                                  Options are Automatic (default), Disable,
00366                                  and Override. */
00367     PPPExclusionServerIP,   /**< When PPPExclusion is set to Manual,
00368                                  the value of this preference allows an
00369                                  end user to specify the address of a
00370                                  PPP server that should be excluded
00371                                  from tunnel traffic. */
00372     AutomaticVPNPolicy,     /**< This preference allows an administrator to 
00373                                  define a policy to automatically manage when a 
00374                                  VPN connection should be started or stopped. */
00375     TrustedNetworkPolicy,   /**< This preference allows an administrator to 
00376                                  define a policy for users in trusted networks.
00377                                  The options are: Disconnect or DoNothing. */
00378     UntrustedNetworkPolicy, /**< This preference allows an administrator to 
00379                                  define a policy for users in untrusted networks.
00380                                  The options are: Connect or DoNothing. */
00381         BypassConnectUponSessionTimeout, /**< This preference allows an administrator 
00382                                  the ability to instruct the client to bypass the 
00383                                  automatic connection retry after a VPN session timeout. */
00384     TrustedDNSDomains,      /**< This preference defines a list of comma 
00385                                  separated DNS suffixes that a network interface
00386                                  in a trusted network might have. */
00387     TrustedDNSServers,      /**< This preference defines a list of comma 
00388                                  separated DNS servers that a network interface
00389                                  in a trusted network might have. */
00390     TrustedHttpsServerList,  /**< This preference defines a list of comma separated
00391                                   https servers reachable only via a trusted network.*/
00392     DisableUntrustedInterfaces, /**< This preference disables interface without trusted
00393                                      server connectivity while in trusted network
00394                                      when there are multiple network interfaces. */
00395     AlwaysOn,               /**< This preference governs VPN reestablishment after
00396                                  interruptions */
00397     ConnectFailurePolicy,   /**< This preference gives the network administrator 
00398                                  the ability to dictate the network access allowed
00399                                  by the client endpoint device following a VPN
00400                                  connection establishment failure. It is a component
00401                                  of Always On */
00402     AllowCaptivePortalRemediation, /**< This preference gives the network administrator
00403                                     the ability to dictate the network access 
00404                                     allowed by the client endpoint device following
00405                                     a VPN connection establishment failure it is a
00406                                     component of Always On */
00407     CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
00408                                      the ability to impose a time limit for captive portal 
00409                                      remediation when the ConnectFailurePolicy value is Closed
00410                                      It is a component of Always On */
00411     ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 
00412                                        the ability to allow split routes and firewall rules 
00413                                        to be applied following a VPN connection establishment
00414                                        failure when the ConnectFailurePolicy value is Closed
00415                                        It is a component of Always On */
00416     AllowVPNDisconnect,     /**< During Always On, this specifies that the user is allowed to
00417                                  disconnect the VPN session. */
00418     SuppressConnectionRetries, /**< During Always On, this preference gives the network administrator
00419                                     the ability to suppress the VPN connection retry attempts */
00420     AllowedHosts,           /**< During Always On, user has access to the specified hosts
00421                                  when VPN is disconnected. */
00422     EnableScripting,        /**< This preference allows an administrator to 
00423                                  enable scripting (on connect or on
00424                                  disconnect). */
00425     TerminateScriptOnNextEvent,   /**< This preference dictates whether or not
00426                                        AnyConnect will terminate a running script
00427                                        process if a transition to another
00428                                        scriptable event occurs. */
00429     EnablePostSBLOnConnectScript, /**< This preference is used to control whether
00430                                        or not the OnConnect script will be launched
00431                                        from the desktop GUI when a tunnel has been
00432                                        established via SBL. */
00433     AutomaticCertSelection,   /**< This preference dictates whether or not to disable
00434                                    the default automatic certificate selection for user
00435                                    certificates. If disabled, a certificate selection dialog is
00436                                    displayed. This only applies if the GUI is enabled
00437                                    and not SBL. This only applies to Windows (not WinMobile). */
00438     RetainVpnOnLogoff,        /**< First control of the logoff behavior. This preference allows
00439                                    an administrator to control if the VPN is terminated or retained
00440                                    after user logs off.*/
00441     UserEnforcement,          /**< Second control of the logoff behavior. When the VPN connection has
00442                                    been retained after user logged off. Controls what user can log in 
00443                                    and keep the VPN connection. Options are same user only and any user. */
00444     DeviceLockRequired,           /**< This preference indicates whether or not 
00445                                        a Windows Mobile device must be configured
00446                                        with a password or PIN prior to establishing
00447                                        a VPN connection. This configuration is 
00448                                        only valid on Windows Mobile devices that
00449                                        use the Microsoft Default Local 
00450                                        Authentication Provider (LAP). */
00451     DeviceLockMaximumTimeoutMinutes,   /**< When set to a non-negative number, 
00452                                             this preference specifies the maximum
00453                                             number of minutes a device can be 
00454                                             inactive before device lock takes 
00455                                             into effect. (WM5/WM5AKU2+) */
00456     DeviceLockMinimumPasswordLength,   /**< When set to a non-negative number, 
00457                                             this preference specifies that any 
00458                                             PIN/password used for device lock 
00459                                             must be equal to or longer than
00460                                             the specified value, in characters.
00461                                             This setting must be pushed down to
00462                                             the mobile device by syncing with 
00463                                             an Exchange server before it can be 
00464                                             enforced. (WM5AKU2+) */
00465     DeviceLockPasswordComplexity,      /**< This preference checks whether or 
00466                                             not the password belongs to one of
00467                                             three subtypes: alpha, pin, strong */
00468     EnableAutomaticServerSelection,    /**< Automatic server selection will 
00469                                             automatically select the optimal 
00470                                             secure gateway for the endpoint */
00471     AutoServerSelectionImprovement,    /**< During a reconnection attempt after
00472                                             a system resume, this setting 
00473                                             specifies the minimum  estimated
00474                                             performance improvement required to
00475                                             justify transitioning a user to a new server 
00476                                             This value represents percentage in 0..100 */
00477     AutoServerSelectionSuspendTime,    /**< During a reconnection attempt after
00478                                             a system resume, this specifies the
00479                                             minimum time a user must have been 
00480                                             suspended in order to justify a new
00481                                             server selection calculation. Unit is hours */
00482     AuthenticationTimeout,             /**< Time, in seconds, that the client waits
00483                                             for authentication to be completed.*/
00484     SafeWordSofTokenIntegration,  /**< This preference will enable the administrator and possibly
00485                                        the end user to enable SafeWord SofToken integration.
00486                                        Options are Enabled (true) and Disabled (false - default). */
00487     AllowIPsecOverSSL,                      /**< if 'true' then tunneling of IPSEC over SSL
00488                                             is made possible with help from the ASA.
00489                                         */
00490     ClearSmartcardPin,                 /**< This preference controls whether the smartcard pin
00491                                             will be cleared on a successful connection*/
00492     IPProtocolSupport,                 /**< This preference controls which protocol(s) will be 
00493                                             allowed for the connection*/
00494     CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal 
00495                                                   remediation and specifies whether the user is allowed to
00496                                                   opt for an external browser for remediation, as opposed to 
00497                                                   the AnyConnect browser. */
00498     AllowManualHostInput,              /**< This preference specifies whether the user
00499                                             is allowed to type a new hostname in the VPN
00500                                             edit box. */
00501     BlockUntrustedServers,             /**< This preference specifies whether the user wants
00502                                             to allow for connections to secure gateways with
00503                                             certificate errors. */
00504     PublicProxyServerAddress,          /**< This preference specifies the public proxy server
00505                                             address to be used. This number is in the format
00506                                             ServerAddr:ServerPort (ex. 101.89.85.444:8080)
00507                                             or just the FQDN. */
00508     CertificatePinning,                /**< This preference specifies whether Certificate Pinning
00509                                             check should be performed during server certificate
00510                                             verification. */
00511     UnknownPreference
00512 }; 
00513 
00514 
00515 /** 
00516  * Indicates the scope of the preferences contained in a PreferenceInfo object 
00517  */
00518 #if defined(__midl)
00519 [v1_enum] /*serialize as 32 bits*/
00520 #endif
00521 enum PreferenceScope    
00522 {
00523     User,               /**< Indicates that the preferences were set by a user */
00524     Global,             /**< Indicates that the preferences are global */
00525     UserAndGlobal       /**< Indicates that we have both user and global preferences */
00526 };
00527 
00528 /** 
00529  * Indicates the client mode of operation. Unlike tunneling mode or other 
00530  * mutually exclusive modes, client operating modes are independent settings,
00531  * several of which can be turned on simultaneously.  
00532  */
00533 #if defined(__midl)
00534 [v1_enum] /*serialize as 32 bits*/
00535 #endif
00536 enum OperatingMode
00537 {
00538     FIPS                     = (1 << 0), /**< Indicates that the client is 
00539                                               running in FIPS mode. */
00540     StartBeforeLogon         = (1 << 1), /**< Indicates that the client is 
00541                                               running in Start Before Login 
00542                                               mode. */
00543     GUI                      = (1 << 2), /**< Indicates that the client is 
00544                                               a GUI client. */
00545     TrustedNetworkDetection  = (1 << 3), /**< Indicates that a Trusted Network
00546                                               Detection policy is enabled for
00547                                               the client. */
00548     AlwaysOnVpn              = (1 << 4), /**< Indicates that the Always On 
00549                                               policy is enabled for the client. */
00550     NetworkIssue             = (1 << 5), /**< For user notifications only.
00551                                               Indication by API to the UI that
00552                                               there is a network condition. */
00553     Quarantined              = (1 << 6), /**< Indicates that the VPN session is being 
00554                                               Quarantined by the secure gateway. */
00555     AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
00556                                               is enabled. */
00557     DisconnectAllowed        = (1 << 8), /**< Indicates that the user is allowed
00558                                               to disconnect the VPN based on 
00559                                               policy. */
00560     VPNDisabled              = (1 << 9), /**< Indicates that the VPN service is
00561                                               to be marked as disabled. */
00562     SCEPMode                 = (1 << 10), /**< Indicates that the client is
00563                                                performing a SCEP cert enrollment. */
00564     OnTrustedNetwork         = (1 << 11), /**< Indicates that at last check, the
00565                                                client detected that it was on
00566                                                a trusted network. */
00567     ManualHostInputAllowed   = (1 << 12), /**< Indicates that the user is allowed
00568                                                to add a new host by typing its name
00569                                                in the VPN edit box. */
00570     ErrorSuppressed          = (1 << 13), /**< Indicates a connection error has
00571                                                been returned fronm the agent, but
00572                                                was suppressed to warning to 
00573                                                prevent popup dialog in the UI. */
00574     StrictMode               = (1 << 14), /**< Indicates that the client is 
00575                                                running in strict certificate trust mode. */
00576     CLI                      = (1 << 15), /**< Indicates that the client is
00577                                                a CLI client. */
00578     Management               = (1 << 16)  /**< Indicates that the client is strictly
00579                                                used for initiating a management tunnel. */
00580 };
00581 
00582 /**
00583  * Indicates the last error seen by the API in this connection attempt.
00584  */
00585 #if defined(__midl)
00586 [v1_enum] /*serialize as 32 bits*/
00587 #endif
00588 enum VPNError
00589 {
00590     VPNSuccess = 0,                      /**< No error has occurred. */
00591     VPNError_Generic_FatalError = 1,     /**< An error of unknown type has
00592                                               occured */
00593 
00594     VPNError_Connection_Error = 100,     /**< An unknown connection error has
00595                                               occured, such as bad hostname, bad
00596                                               group, etc. */
00597     VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the 
00598                                               server address */
00599 
00600     VPNError_Network_Error = 200,        /**< An unknown network error has
00601                                               occured, such as DNS resolution
00602                                               error, unable to open socket,
00603                                               routing error, captive portal,
00604                                               etc. */
00605 
00606     VPNError_Authentication_Error = 300, /**< An unknown user authenication
00607                                               error has occured. */
00608 
00609     VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does 
00610                                                 not meet policy requirements (DAP). */
00611 
00612     VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client
00613                                                         certificate error has
00614                                                         occured. */
00615     VPNError_ClientCertificate_Missing,  /**< A client certificate is required
00616                                               but no client certificate has been
00617                                               found on the system. */
00618     VPNError_ClientCertificate_Expired,  /**< The client certificate has expired */
00619     VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not
00620                                                  yet valid. */
00621 
00622     VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has
00623                                                         occured when validating
00624                                                         the server certificate. */
00625     VPNError_ServerCertificate_Expired,    /**< The server certificate has
00626                                                 expired. */
00627     VPNError_ServerCertificate_NotYetValid /**< The server certificate is not
00628                                                 yet valid. */
00629 };
00630 
00631 enum CertAuthMode
00632 {
00633     CertAuth_Automatic, /**< Will try each available certificate in succession
00634                              until authentication is obtained or we run out of 
00635                              available certificates */
00636     CertAuth_Disabled,  /**< Will disable Certificate Based Authentication */
00637     CertAuth_Manual     /**< Will only use preconfigured certificate to attempt
00638                              Certificate Based Authentication */
00639 };
00640 
00641 enum CertificateType
00642 {
00643     CertificateType_Client,
00644     CertificateType_SystemTrusted,
00645     CertificateType_Server
00646 };
00647 
00648 enum CertConfirmReason
00649 {
00650     CertConfirmReason_Unspecified,
00651     CertConfirmReason_NameMismatch,
00652     CertConfirmReason_Expired,
00653     CertConfirmReason_NotValidYet,
00654     CertConfirmReason_UntrustedSource,
00655     CertConfirmReason_InvalidUse,
00656     CertConfirmReason_Revoked,
00657     CertConfirmReason_Malformed,
00658     CertConfirmReason_NotFipsCompliant,
00659     CertConfirmReason_InvalidateDate,
00660     CertConfirmReason_SignatureAlgorithm,
00661     CertConfirmReason_KeySize
00662 };
00663 
00664 enum UserResponseError
00665 {
00666     UserResponseError_None,
00667     UserResponseError_Unspecified,
00668     UserResponseError_BadServerCert,
00669     UserResponseError_SsoNavigation,
00670     UserResponseError_SsoGettingCookie,
00671     UserResponseError_SsoTimeout,
00672     UserResponseError_SsoMissingDependency,
00673     UserResponseError_SsoClientCertRequest,
00674     UserResponseError_SsoAborted,
00675 };
00676 
00677 #if defined(__midl)
00678 [v1_enum] /*serialize as 32 bits*/
00679 #endif
00680 enum ClientType
00681 {
00682     ClientType_GUI,
00683     ClientType_GUI_SBL,
00684     ClientType_CLI,
00685     ClientType_MGMT
00686 };
00687 
00688 #endif // _APISTDHEADER_