![]() |
AnyConnect Secure Mobility Client 5.1.9.113
|
00001 /************************************************************************** 00002 * Copyright (c) 2008, 2022-2023 Cisco Systems, Inc. 00003 * All Rights Reserved. Cisco Highly Confidential. 00004 *************************************************************************** 00005 * 00006 * File: api.h 00007 * Date: 01/2008 00008 * 00009 *************************************************************************** 00010 * VPN GUI API module interface types 00011 ***************************************************************************/ 00012 #ifndef _APISTDHEADER_ 00013 #define _APISTDHEADER_ 00014 00015 /** 00016 * @file 00017 * This file contains some basic compiler definitions as well as common enums. 00018 */ 00019 00020 //Not compatible with MIDL 00021 #if !defined(__midl) 00022 #ifdef _WIN32 00023 #pragma warning(disable:4251 4786) 00024 00025 #ifndef UNICODE 00026 #define UNICODE 00027 #endif // UNICODE 00028 00029 #ifndef _UNICODE 00030 #define _UNICODE 00031 #endif // _UNICODE 00032 00033 #ifndef tstring 00034 /** std::wstring */ 00035 #define tstring std::wstring /**< my wstring description */ 00036 #endif // tstring 00037 00038 #else // non-windows 00039 00040 #ifndef tstring 00041 #define tstring std::string 00042 #endif // tstring 00043 00044 #endif // _WIN32 00045 00046 #ifdef _UNICODE 00047 #define tostream std::wostream 00048 #else 00049 #define tostream std::ostream 00050 #endif /* UNICODE */ 00051 00052 00053 //used when including implementation files directly in an EXE. 00054 #ifdef _NOEXPORTDLL 00055 #define VPN_VPNAPI 00056 #else 00057 #ifdef _WIN32 00058 #ifdef VPN_APIEXPORTS //api 00059 #define VPN_VPNAPI __declspec(dllexport) 00060 #else 00061 #define VPN_VPNAPI __declspec(dllimport) 00062 #endif 00063 #else 00064 #ifdef VPN_APIEXPORTS 00065 #define VPN_VPNAPI __attribute__((visibility("default"))) 00066 #else 00067 #define VPN_VPNAPI 00068 #endif 00069 #endif //_WIN32 00070 #endif //NOEXPORTDLL 00071 00072 #ifndef OUT 00073 #define OUT 00074 #endif 00075 00076 #ifndef IN 00077 #define IN 00078 #endif 00079 00080 #ifdef __cplusplus //only include if C++ is being used, 00081 //C code also includes api.h for COM proxy of enumerators. 00082 #include <string> 00083 #include <map> 00084 #include <list> 00085 00086 typedef std::map<tstring, tstring> ApiStringMap; 00087 typedef std::map<tstring, std::list<tstring> > ApiStringListMap; 00088 00089 #endif //__cplusplus 00090 #endif //#if !defined(__midl) 00091 00092 00093 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\ 00094 ********* make sure to add the [v1_enum] inside a __midl define to new enums ******** 00095 \******************** This is also compiled with IDL compiler **********************/ 00096 00097 #include "GlobalEnums.h" 00098 /** 00099 * MessageType 00100 * presents a level of severity associated with messages that are 00101 * sent to the API. The severity can be useful for deciding how a message is 00102 * to be shown. A UI might decide based on type to show a message as 00103 * a modal dialog versus a message written to the status area for an existing UI. 00104 */ 00105 #if defined(__midl) 00106 [v1_enum] /*serialize as 32 bits*/ 00107 #endif 00108 enum MessageType 00109 { 00110 MsgType_Error, /**< Issue usually requiring user to acknowledge */ 00111 MsgType_Alert, /**< Warning message that must be shown to user. */ 00112 MsgType_Warn, /**< Less severe, not required to be shown to user */ 00113 MsgType_Info, /**< General message providing status, progress, etc. */ 00114 MsgType_Status, /**< Can be used to indicate unexpected tunnel status change. */ 00115 MsgType_UrlError, /**< Error message that provides additional information by opening browser. */ 00116 MsgType_Announcement,/**< Informational message that must be shown to the user. 00117 Announcements are currently only supported on desktop platforms. */ 00118 MsgType_Ephemeral_Alert,/**< Warning message that must be shown to the user, but is closed by 00119 the occurrence of an error, announcement, or alert message. 00120 Ephemeral Alerts are currently only supported on desktop platforms */ 00121 }; 00122 00123 00124 /** 00125 * Identifies the type of token that was used successfully when SDI 00126 * Authentication is in use. 00127 */ 00128 #if defined(__midl) 00129 [v1_enum] /*serialize as 32 bits*/ 00130 #endif 00131 enum SDITokenType 00132 { 00133 SDITT_NONE, 00134 SDITT_HARDWARE, 00135 SDITT_SOFTWARE 00136 }; 00137 00138 /** 00139 * Provides the current state of the VPN tunnel. 00140 */ 00141 #if defined(__midl) 00142 [v1_enum] /*serialize as 32 bits*/ 00143 #endif 00144 enum VPNState 00145 { 00146 CONNECTED = STATE_CONNECTED, /**< VPN is active */ 00147 DISCONNECTED = STATE_DISCONNECTED, /**< VPN is inactive */ 00148 CONNECTING = STATE_CONNECTING, /**< VPN is being established */ 00149 DISCONNECTING = STATE_DISCONNECTING, /**< VPN is being terminated */ 00150 RECONNECTING = STATE_RECONNECTING, /**< VPN is being re-connected. This state 00151 can occur due to network or other 00152 temporary problems. The state 00153 indicates that the VPN is temporarily 00154 unavailable and indicates the 00155 connection is being re-established. */ 00156 PAUSING = STATE_PAUSING, /**< VPN is being paused. */ 00157 PAUSED = STATE_PAUSED, /**< VPN is paused. */ 00158 SSOPOLLING = STATE_SSOPOLLING, /**< API is doing auth-poll, VPN is disconnected. */ 00159 UNKNOWN = ~0 00160 }; 00161 00162 /** 00163 * Provides the current sub-state of the VPN tunnel. 00164 */ 00165 #if defined(__midl) 00166 [v1_enum] /*serialize as 32 bits*/ 00167 #endif 00168 enum VPNSubState 00169 { 00170 VPNSS_NORMAL = VCSS_NORMAL, 00171 VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY, 00172 VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING, 00173 VPNSS_MT_DISCONNECTED_DISABLED = VCSS_MT_DISCONNECTED_DISABLED, 00174 VPNSS_MT_DISCONNECTED_TRUSTED_NW = VCSS_MT_DISCONNECTED_TRUSTED_NW, 00175 VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE, 00176 VPNSS_MT_DISCONNECTED_LAUNCH_FAILED = VCSS_MT_DISCONNECTED_LAUNCH_FAILED, 00177 VPNSS_MT_DISCONNECTED_CONNECT_FAILED = VCSS_MT_DISCONNECTED_CONNECT_FAILED, 00178 VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG, 00179 VPNSS_MT_DISCONNECTED_SW_UP_PENDING = VCSS_MT_DISCONNECTED_SW_UP_PENDING, 00180 VPNSS_MTU_ADJUSTMENT_PENDING = VCSS_MTU_ADJUSTMENT_PENDING 00181 }; 00182 00183 /** 00184 * WMHint 00185 * provides a hint for the GUI to either minimize or un-minimize. 00186 */ 00187 #if defined(__midl) 00188 [v1_enum] /*serialize as 32 bits*/ 00189 #endif 00190 enum WMHint 00191 { 00192 MINIMIZE, /**< hint to minimize GUI */ 00193 OPEN, /**< hint to un-minimize GUI */ 00194 QUIT, /**< hint that GUI should close. @see WMHintReason */ 00195 REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */ 00196 REFRESHPREFS, /**< hint to refresh the preferences */ 00197 SHOWCONNECTING, /**< hint to display "connecting" status */ 00198 CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */ 00199 }; 00200 00201 00202 /** 00203 * WMHintReason 00204 * provides a reason indicator for the #WMHint 00205 */ 00206 #if defined(__midl) 00207 [v1_enum] /*serialize as 32 bits*/ 00208 #endif 00209 enum WMHintReason 00210 { 00211 SECONDGUISTART, /**< Indicates a second GUI has been launched. This 00212 indicator is used to suggest that the GUI 00213 already running be OPENed and that the first one 00214 should exit. */ 00215 PROXYREQUEST, /**< Proxy credential request can be for web-launch or 00216 standalone-initiated connections. */ 00217 SERVICEFAILURE, /**< This tag is used when the VPN service 00218 is no longer available. */ 00219 DISCONNECT, /**< Any disconnect notices should be seen by the user. */ 00220 SERVICESTOPPED, /**< This tag will be used in cases where the VPN service 00221 has been stopped. */ 00222 CONNECT, /**< Tag indicating an action to be taken due to connect, 00223 for example a request to minimize the UI. */ 00224 REASONUNKNOWN /**< */ 00225 }; 00226 00227 /** 00228 * provides an indication of the type of credential data being requested. 00229 */ 00230 #if defined(__midl) 00231 [v1_enum] /*serialize as 32 bits*/ 00232 #endif 00233 enum ConnectPromptType 00234 { 00235 CERTIFICATE, /**< Indicates a certificate-only type of connection and 00236 would not normally be sent to client unless a 00237 post-authentication banner is to be displayed. */ 00238 CREDENTIALS, /**< Indicates that the user is to be prompted for authentication 00239 credentials */ 00240 PROXY, /**< Indicates that the user is to be prompted for 00241 proxy-authentication credentials */ 00242 MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related 00243 to PKCS12 import*/ 00244 STATUS, /**< Indicates that status messages are to be displayed to 00245 the user*/ 00246 SINGLESIGNON, /**< Indicates an embedded browser based single sign-on authentication method is requested. */ 00247 SINGLELOGOUT, /**< Indicates an embedded browser based single sign-on authentication logout is requested. */ 00248 LEGACY_SINGLESIGNON, /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */ 00249 }; 00250 00251 00252 /** 00253 * Indicates the prompt or credential type. 00254 */ 00255 #if defined(__midl) 00256 [v1_enum] /*serialize as 32 bits*/ 00257 #endif 00258 enum PromptType { Prompt_Input, /**< label and value. */ 00259 Prompt_Password, /**< label and value, indicates user 00260 response should be masked. */ 00261 Prompt_Banner, /**< value (the banner) with no label set. */ 00262 Prompt_Combo, /**< list with choices options. */ 00263 Prompt_Header, /**< label intended as header and with 00264 value. */ 00265 Prompt_Hidden, /**< hidden value, should be ignored and 00266 left unchanged in response. */ 00267 Prompt_CheckBox, /**< label and value (contrained to true or false) */ 00268 Prompt_SSO /**< single sign-on authentication token prompt */ 00269 }; 00270 00271 #if defined(__midl) 00272 [v1_enum] /*serialize as 32 bits*/ 00273 #endif 00274 00275 /* 00276 * ***************** !!! ATTENTION !!! *********************************** 00277 * * 00278 * * When updating this preference enum, you must ensure that the enum in 00279 * * vpn/Api/jni/java/Preference.java is also updated. 00280 * * 00281 * ***************** !!! ATTENTION !!! *********************************** 00282 */ 00283 enum PreferenceId 00284 { 00285 ServiceDisable, /**< This preference disable the VPN service. 00286 If more than one profile exists and any one 00287 profile has VPN enabled, then it will be 00288 enabled. False is the default. */ 00289 CertificateStoreOverride,/**< This preference will trigger an alternate 00290 authentication sequence in the API. The 00291 preference is only settable by an 00292 administrator. */ 00293 CertificateStore, /**< This preference indicates which Windows certificate 00294 store AnyConnect should look in for client certificates. 00295 The options are All, Machine and User with a default of All. 00296 The preference is only settable by an administrator. */ 00297 CertificateStoreMac, /**< This preference indicates which macOS keychain 00298 AnyConnect should look in for client certificates. 00299 The options are All, System and Login with a default of All. 00300 The preference is only settable by an administrator. */ 00301 CertificateStoreLinux, /**< This preference indicates which Linux certificate 00302 store AnyConnect should look in for client certificates. 00303 The options are All, Machine and User with a default of All. 00304 The preference is only settable by an administrator. */ 00305 ShowPreConnectMessage, /**< The ShowPreConnectMessage preference gives the 00306 administrator the ability to display an AnyConnect 00307 startup banner message. The message will appear 00308 only once per AnyConnect program start. The 00309 preference is only settable by an 00310 administrator. */ 00311 AutoConnectOnStart, /**< This preference allows the user to select 00312 whether to establish a connection automatically 00313 on startup or not. */ 00314 MinimizeOnConnect, /**< This preference allows the user to select if 00315 the GUI should minimize when the connection is 00316 established */ 00317 LocalLanAccess, /**< This preference will provide a mechanism where 00318 the user can disable access to their Local LAN. */ 00319 DisableCaptivePortalDetection, /**<This preference will provide a mechanism where 00320 the user can disable captive portal detection.*/ 00321 AutoReconnect, /**< First control of the reconnect behavior. If the 00322 client becomes disconnected for any reason, a 00323 reconnect attempt is made. */ 00324 AutoReconnectBehavior, /**< Second control of the reconnect behavior. When 00325 coming out of suspend/hibernate/standby mode. 00326 Options are disconnect on suspend and reconnect 00327 after suspend. */ 00328 SuspendOnConnectedStandby, /**< This setting allows to control whether the VPN tunnel 00329 is suspended when the system enters the Connected Standby 00330 mode. It applies only to Windows 8 and above. */ 00331 UseStartBeforeLogon, /**< This preference allows an administrator to 00332 control the use of the Start Before Logon 00333 feature. The preference can be set to true (on) 00334 or false (off). */ 00335 AutoUpdate, /**< Once the Downloader has loaded the profile, it 00336 can check the AutoUpdate preference to see if 00337 updates are either disabled or enabled */ 00338 RSASecurIDIntegration, /**< This preference will enable the administrator 00339 and possibly end user to select the preferred 00340 method of managing their SDI PIN and PASSCODE 00341 interactions. Options are Automatic (default), 00342 SoftwareTokens and HardwareTokens. */ 00343 WindowsLogonEnforcement,/**< This preference allows an administrator to 00344 control if more than one user may be logged into 00345 the client PC during the VPN connection (Windows 00346 only). */ 00347 WindowsVPNEstablishment,/**< This preference allows an administrator to 00348 control whether or not remote users may initiate 00349 a VPN connection (Windows only). */ 00350 LinuxLogonEnforcement, /**< This preference allows an administrator to 00351 control if more than one user may be logged into 00352 the client PC during the VPN connection (Linux 00353 only). */ 00354 LinuxVPNEstablishment, /**< This preference allows an administrator to 00355 control whether or not remote users may initiate 00356 a VPN connection (Linux only). */ 00357 ProxySettings, /**< This preference allows an administrator to 00358 control how user's proxy setups are handled.*/ 00359 AllowLocalProxyConnections, /**< This preference allows the administrator to control 00360 whether to allow establishing a connection through 00361 a local proxy. */ 00362 PPPExclusion, /**< This preference allows an administrator to control 00363 the policy used to exclude routes to 00364 PPP servers when connecting over L2TP or PPTP. 00365 Options are Automatic (default), Disable, 00366 and Override. */ 00367 PPPExclusionServerIP, /**< When PPPExclusion is set to Manual, 00368 the value of this preference allows an 00369 end user to specify the address of a 00370 PPP server that should be excluded 00371 from tunnel traffic. */ 00372 AutomaticVPNPolicy, /**< This preference allows an administrator to 00373 define a policy to automatically manage when a 00374 VPN connection should be started or stopped. */ 00375 TrustedNetworkPolicy, /**< This preference allows an administrator to 00376 define a policy for users in trusted networks. 00377 The options are: Disconnect or DoNothing. */ 00378 UntrustedNetworkPolicy, /**< This preference allows an administrator to 00379 define a policy for users in untrusted networks. 00380 The options are: Connect or DoNothing. */ 00381 BypassConnectUponSessionTimeout, /**< This preference allows an administrator 00382 the ability to instruct the client to bypass the 00383 automatic connection retry after a VPN session timeout. */ 00384 TrustedDNSDomains, /**< This preference defines a list of comma 00385 separated DNS suffixes that a network interface 00386 in a trusted network might have. */ 00387 TrustedDNSServers, /**< This preference defines a list of comma 00388 separated DNS servers that a network interface 00389 in a trusted network might have. */ 00390 TrustedHttpsServerList, /**< This preference defines a list of comma separated 00391 https servers reachable only via a trusted network.*/ 00392 DisableUntrustedInterfaces, /**< This preference disables interface without trusted 00393 server connectivity while in trusted network 00394 when there are multiple network interfaces. */ 00395 AlwaysOn, /**< This preference governs VPN reestablishment after 00396 interruptions */ 00397 ConnectFailurePolicy, /**< This preference gives the network administrator 00398 the ability to dictate the network access allowed 00399 by the client endpoint device following a VPN 00400 connection establishment failure. It is a component 00401 of Always On */ 00402 AllowCaptivePortalRemediation, /**< This preference gives the network administrator 00403 the ability to dictate the network access 00404 allowed by the client endpoint device following 00405 a VPN connection establishment failure it is a 00406 component of Always On */ 00407 CaptivePortalRemediationTimeout, /**< This preference allows the network administrator 00408 the ability to impose a time limit for captive portal 00409 remediation when the ConnectFailurePolicy value is Closed 00410 It is a component of Always On */ 00411 ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 00412 the ability to allow split routes and firewall rules 00413 to be applied following a VPN connection establishment 00414 failure when the ConnectFailurePolicy value is Closed 00415 It is a component of Always On */ 00416 AllowVPNDisconnect, /**< During Always On, this specifies that the user is allowed to 00417 disconnect the VPN session. */ 00418 SuppressConnectionRetries, /**< During Always On, this preference gives the network administrator 00419 the ability to suppress the VPN connection retry attempts */ 00420 AllowedHosts, /**< During Always On, user has access to the specified hosts 00421 when VPN is disconnected. */ 00422 EnableScripting, /**< This preference allows an administrator to 00423 enable scripting (on connect or on 00424 disconnect). */ 00425 TerminateScriptOnNextEvent, /**< This preference dictates whether or not 00426 AnyConnect will terminate a running script 00427 process if a transition to another 00428 scriptable event occurs. */ 00429 EnablePostSBLOnConnectScript, /**< This preference is used to control whether 00430 or not the OnConnect script will be launched 00431 from the desktop GUI when a tunnel has been 00432 established via SBL. */ 00433 AutomaticCertSelection, /**< This preference dictates whether or not to disable 00434 the default automatic certificate selection for user 00435 certificates. If disabled, a certificate selection dialog is 00436 displayed. This only applies if the GUI is enabled 00437 and not SBL. This only applies to Windows (not WinMobile). */ 00438 RetainVpnOnLogoff, /**< First control of the logoff behavior. This preference allows 00439 an administrator to control if the VPN is terminated or retained 00440 after user logs off.*/ 00441 UserEnforcement, /**< Second control of the logoff behavior. When the VPN connection has 00442 been retained after user logged off. Controls what user can log in 00443 and keep the VPN connection. Options are same user only and any user. */ 00444 DeviceLockRequired, /**< This preference indicates whether or not 00445 a Windows Mobile device must be configured 00446 with a password or PIN prior to establishing 00447 a VPN connection. This configuration is 00448 only valid on Windows Mobile devices that 00449 use the Microsoft Default Local 00450 Authentication Provider (LAP). */ 00451 DeviceLockMaximumTimeoutMinutes, /**< When set to a non-negative number, 00452 this preference specifies the maximum 00453 number of minutes a device can be 00454 inactive before device lock takes 00455 into effect. (WM5/WM5AKU2+) */ 00456 DeviceLockMinimumPasswordLength, /**< When set to a non-negative number, 00457 this preference specifies that any 00458 PIN/password used for device lock 00459 must be equal to or longer than 00460 the specified value, in characters. 00461 This setting must be pushed down to 00462 the mobile device by syncing with 00463 an Exchange server before it can be 00464 enforced. (WM5AKU2+) */ 00465 DeviceLockPasswordComplexity, /**< This preference checks whether or 00466 not the password belongs to one of 00467 three subtypes: alpha, pin, strong */ 00468 EnableAutomaticServerSelection, /**< Automatic server selection will 00469 automatically select the optimal 00470 secure gateway for the endpoint */ 00471 AutoServerSelectionImprovement, /**< During a reconnection attempt after 00472 a system resume, this setting 00473 specifies the minimum estimated 00474 performance improvement required to 00475 justify transitioning a user to a new server 00476 This value represents percentage in 0..100 */ 00477 AutoServerSelectionSuspendTime, /**< During a reconnection attempt after 00478 a system resume, this specifies the 00479 minimum time a user must have been 00480 suspended in order to justify a new 00481 server selection calculation. Unit is hours */ 00482 AuthenticationTimeout, /**< Time, in seconds, that the client waits 00483 for authentication to be completed.*/ 00484 SafeWordSofTokenIntegration, /**< This preference will enable the administrator and possibly 00485 the end user to enable SafeWord SofToken integration. 00486 Options are Enabled (true) and Disabled (false - default). */ 00487 AllowIPsecOverSSL, /**< if 'true' then tunneling of IPSEC over SSL 00488 is made possible with help from the ASA. 00489 */ 00490 ClearSmartcardPin, /**< This preference controls whether the smartcard pin 00491 will be cleared on a successful connection*/ 00492 IPProtocolSupport, /**< This preference controls which protocol(s) will be 00493 allowed for the connection*/ 00494 CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal 00495 remediation and specifies whether the user is allowed to 00496 opt for an external browser for remediation, as opposed to 00497 the AnyConnect browser. */ 00498 AllowManualHostInput, /**< This preference specifies whether the user 00499 is allowed to type a new hostname in the VPN 00500 edit box. */ 00501 BlockUntrustedServers, /**< This preference specifies whether the user wants 00502 to allow for connections to secure gateways with 00503 certificate errors. */ 00504 PublicProxyServerAddress, /**< This preference specifies the public proxy server 00505 address to be used. This number is in the format 00506 ServerAddr:ServerPort (ex. 101.89.85.444:8080) 00507 or just the FQDN. */ 00508 CertificatePinning, /**< This preference specifies whether Certificate Pinning 00509 check should be performed during server certificate 00510 verification. */ 00511 UnknownPreference 00512 }; 00513 00514 00515 /** 00516 * Indicates the scope of the preferences contained in a PreferenceInfo object 00517 */ 00518 #if defined(__midl) 00519 [v1_enum] /*serialize as 32 bits*/ 00520 #endif 00521 enum PreferenceScope 00522 { 00523 User, /**< Indicates that the preferences were set by a user */ 00524 Global, /**< Indicates that the preferences are global */ 00525 UserAndGlobal /**< Indicates that we have both user and global preferences */ 00526 }; 00527 00528 /** 00529 * Indicates the client mode of operation. Unlike tunneling mode or other 00530 * mutually exclusive modes, client operating modes are independent settings, 00531 * several of which can be turned on simultaneously. 00532 */ 00533 #if defined(__midl) 00534 [v1_enum] /*serialize as 32 bits*/ 00535 #endif 00536 enum OperatingMode 00537 { 00538 FIPS = (1 << 0), /**< Indicates that the client is 00539 running in FIPS mode. */ 00540 StartBeforeLogon = (1 << 1), /**< Indicates that the client is 00541 running in Start Before Login 00542 mode. */ 00543 GUI = (1 << 2), /**< Indicates that the client is 00544 a GUI client. */ 00545 TrustedNetworkDetection = (1 << 3), /**< Indicates that a Trusted Network 00546 Detection policy is enabled for 00547 the client. */ 00548 AlwaysOnVpn = (1 << 4), /**< Indicates that the Always On 00549 policy is enabled for the client. */ 00550 NetworkIssue = (1 << 5), /**< For user notifications only. 00551 Indication by API to the UI that 00552 there is a network condition. */ 00553 Quarantined = (1 << 6), /**< Indicates that the VPN session is being 00554 Quarantined by the secure gateway. */ 00555 AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend 00556 is enabled. */ 00557 DisconnectAllowed = (1 << 8), /**< Indicates that the user is allowed 00558 to disconnect the VPN based on 00559 policy. */ 00560 VPNDisabled = (1 << 9), /**< Indicates that the VPN service is 00561 to be marked as disabled. */ 00562 SCEPMode = (1 << 10), /**< Indicates that the client is 00563 performing a SCEP cert enrollment. */ 00564 OnTrustedNetwork = (1 << 11), /**< Indicates that at last check, the 00565 client detected that it was on 00566 a trusted network. */ 00567 ManualHostInputAllowed = (1 << 12), /**< Indicates that the user is allowed 00568 to add a new host by typing its name 00569 in the VPN edit box. */ 00570 ErrorSuppressed = (1 << 13), /**< Indicates a connection error has 00571 been returned fronm the agent, but 00572 was suppressed to warning to 00573 prevent popup dialog in the UI. */ 00574 StrictMode = (1 << 14), /**< Indicates that the client is 00575 running in strict certificate trust mode. */ 00576 CLI = (1 << 15), /**< Indicates that the client is 00577 a CLI client. */ 00578 Management = (1 << 16) /**< Indicates that the client is strictly 00579 used for initiating a management tunnel. */ 00580 }; 00581 00582 /** 00583 * Indicates the last error seen by the API in this connection attempt. 00584 */ 00585 #if defined(__midl) 00586 [v1_enum] /*serialize as 32 bits*/ 00587 #endif 00588 enum VPNError 00589 { 00590 VPNSuccess = 0, /**< No error has occurred. */ 00591 VPNError_Generic_FatalError = 1, /**< An error of unknown type has 00592 occured */ 00593 00594 VPNError_Connection_Error = 100, /**< An unknown connection error has 00595 occured, such as bad hostname, bad 00596 group, etc. */ 00597 VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the 00598 server address */ 00599 00600 VPNError_Network_Error = 200, /**< An unknown network error has 00601 occured, such as DNS resolution 00602 error, unable to open socket, 00603 routing error, captive portal, 00604 etc. */ 00605 00606 VPNError_Authentication_Error = 300, /**< An unknown user authenication 00607 error has occured. */ 00608 00609 VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does 00610 not meet policy requirements (DAP). */ 00611 00612 VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client 00613 certificate error has 00614 occured. */ 00615 VPNError_ClientCertificate_Missing, /**< A client certificate is required 00616 but no client certificate has been 00617 found on the system. */ 00618 VPNError_ClientCertificate_Expired, /**< The client certificate has expired */ 00619 VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not 00620 yet valid. */ 00621 00622 VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has 00623 occured when validating 00624 the server certificate. */ 00625 VPNError_ServerCertificate_Expired, /**< The server certificate has 00626 expired. */ 00627 VPNError_ServerCertificate_NotYetValid /**< The server certificate is not 00628 yet valid. */ 00629 }; 00630 00631 enum CertAuthMode 00632 { 00633 CertAuth_Automatic, /**< Will try each available certificate in succession 00634 until authentication is obtained or we run out of 00635 available certificates */ 00636 CertAuth_Disabled, /**< Will disable Certificate Based Authentication */ 00637 CertAuth_Manual /**< Will only use preconfigured certificate to attempt 00638 Certificate Based Authentication */ 00639 }; 00640 00641 enum CertificateType 00642 { 00643 CertificateType_Client, 00644 CertificateType_SystemTrusted, 00645 CertificateType_Server 00646 }; 00647 00648 enum CertConfirmReason 00649 { 00650 CertConfirmReason_Unspecified, 00651 CertConfirmReason_NameMismatch, 00652 CertConfirmReason_Expired, 00653 CertConfirmReason_NotValidYet, 00654 CertConfirmReason_UntrustedSource, 00655 CertConfirmReason_InvalidUse, 00656 CertConfirmReason_Revoked, 00657 CertConfirmReason_Malformed, 00658 CertConfirmReason_NotFipsCompliant, 00659 CertConfirmReason_InvalidateDate, 00660 CertConfirmReason_SignatureAlgorithm, 00661 CertConfirmReason_KeySize 00662 }; 00663 00664 enum UserResponseError 00665 { 00666 UserResponseError_None, 00667 UserResponseError_Unspecified, 00668 UserResponseError_BadServerCert, 00669 UserResponseError_SsoNavigation, 00670 UserResponseError_SsoGettingCookie, 00671 UserResponseError_SsoTimeout, 00672 UserResponseError_SsoMissingDependency, 00673 UserResponseError_SsoClientCertRequest, 00674 UserResponseError_SsoAborted, 00675 }; 00676 00677 #if defined(__midl) 00678 [v1_enum] /*serialize as 32 bits*/ 00679 #endif 00680 enum ClientType 00681 { 00682 ClientType_GUI, 00683 ClientType_GUI_SBL, 00684 ClientType_CLI, 00685 ClientType_MGMT 00686 }; 00687 00688 #endif // _APISTDHEADER_